[Swan] fedora client ikev2 client cert - getting CHILD SA failed
Andrew Cagney
andrew.cagney at gmail.com
Thu Feb 29 00:52:15 EET 2024
On Sun, 25 Feb 2024 at 18:19, Marc via Swan <swan at lists.libreswan.org> wrote:
>
>
> I did more or less a default install on a fedora client. I assume that if windows/android clients do not have an issue. It is probably not related to the server settings, but something on fedora?
>
>
> dnf -y install libreswan NetworkManager-libreswan-gnome
> ipsec initnss
> setfacl -R -m u:aaaaaaaa:rwx /var/lib/ipsec/
> etc
>
> Feb 26 00:04:02 fedora pluto[20540]: "3bc95561-c3b4-48b2-91d0-1da5b068f342" #2: received INTERNAL_IP4_ADDRESS 192.168.x.x
> Feb 26 00:04:02 fedora pluto[20540]: "3bc95561-c3b4-48b2-91d0-1da5b068f342" #2: CHILD SA failed: TS_UNACCEPTABLE
The other end sent this end back a CP payload containing 192.168.x.x
and a matching set of Traffic Selectors. However, this end didn't
like them. I'd check subnet= line and compare it with the peer.
More information about the Swan
mailing list