[Swan] fedora client ikev2 client cert - getting CHILD SA failed

[Marc]

I did more or less a default install on a fedora client. I assume that if windows/android clients do not have an issue. It is probably not related to the server settings, but something on fedora?


dnf -y install libreswan NetworkManager-libreswan-gnome
ipsec initnss
setfacl -R -m u:aaaaaaaa:rwx /var/lib/ipsec/
etc

Feb 26 00:04:02 fedora pluto[20540]: "3bc95561-c3b4-48b2-91d0-1da5b068f342" #2: received INTERNAL_IP4_ADDRESS 192.168.x.x
Feb 26 00:04:02 fedora pluto[20540]: "3bc95561-c3b4-48b2-91d0-1da5b068f342" #2: CHILD SA failed: TS_UNACCEPTABLE
Feb 26 00:04:02 fedora pluto[20540]: "3bc95561-c3b4-48b2-91d0-1da5b068f342" #1: IKE SA established but initiator rejected Child SA response
Feb 26 00:04:02 fedora pluto[20540]: "3bc95561-c3b4-48b2-91d0-1da5b068f342" #2: deleting larval Child SA using IKE SA #1
Feb 26 00:04:02 fedora pluto[20540]: ERROR: "3bc95561-c3b4-48b2-91d0-1da5b068f342" #2: netlink response for Del SA esp.38822058 at a.a.a.a: No such process (errno 3)
Feb 26 00:04:02 fedora pluto[20540]: "3bc95561-c3b4-48b2-91d0-1da5b068f342" #1: received delete request for IKEv2_SEC_PROTO_ESP SA(0x38822058) but corresponding state not found
Feb 26 00:05:02 fedora pluto[20540]: shutting down
Feb 26 00:05:02 fedora pluto[20540]: Pluto is shutting down
Feb 26 00:05:02 fedora pluto[20540]: "3bc95561-c3b4-48b2-91d0-1da5b068f342" #1: deleting state (STATE_V2_ESTABLISHED_IKE_SA) aged 59.930718s and sending notification
Feb 26 00:05:02 fedora pluto[20540]: forgetting secrets
Feb 26 00:05:02 fedora pluto[20540]: shutting down interface lo [::1]:4500
Feb 26 00:05:02 fedora pluto[20540]: shutting down interface lo [::1]:500
Feb 26 00:05:02 fedora pluto[20540]: shutting down interface lo 127.0.0.1:4500
Feb 26 00:05:02 fedora pluto[20540]: shutting down interface lo 127.0.0.1:500
Feb 26 00:05:02 fedora pluto[20540]: shutting down interface wlo1 192.168.y.y:4500
Feb 26 00:05:02 fedora pluto[20540]: shutting down interface wlo1 192.168.y.y:500