> Feb 15 06:15:48 saledortvm2 pluto[70624]: "server01.cnf.com" #2: processing > decrypted IKE_AUTH request: SK{IDi,CERT,AUTH,CP,SA,TSi,TSr}
notice how the client sent a CP payload in the request (CP_REQUEST to be exact). but > #2: missing v2CP reply, not attempting to setup child SA > #1: IKE SA established but initiator rejected Child SA response the responder never came back with a CP_RESPONSE, which is required to create the Child SA. Hence no child leaving only the IKE SA. What I'm not clear on is why the initiator asked for CP, and the responder declined its request. Andrew _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev