> Feb 15 06:15:48 saledortvm2 pluto[70624]: "server01.cnf.com" #2: processing
> decrypted IKE_AUTH request: SK{IDi,CERT,AUTH,CP,SA,TSi,TSr}
notice how the client sent a CP payload in the request (CP_REQUEST to be exact).
but
> #2: missing v2CP reply, not attempting to setup child SA
> #1: IKE SA established but initiator rejected Child SA response
the responder never came back with a CP_RESPONSE, which is required to
create the Child SA. Hence no child leaving only the IKE SA.
What I'm not clear on is why the initiator asked for CP, and the
responder declined its request.
Andrew
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
