On Sat, 2 Feb 2019, D. Hugh Redelmeier wrote:
Subject: [Swan-dev] ikev2-x509-02-eku
This failed for me last night.
+002 "ikev2-westnet-eastnet-x509-cr" #2: IKE SA authentication request rejected
by peer: AUTHENTICATION_FAILED
Seems due to:
"ikev2-westnet-eastnet-x509-cr" #1: ERROR: Certificate key usage inadequate for
attempted operation.
I guess you are not using the latest nss 3.41 ?
Maybe run a yum update in your guests?
Easiest is to bring up east, west and nic
ssh root@nic and issue /testing/guestbin/nic-internet
Then ssh into west and east and run yum update
with nss 3.39 the test fails. with 3.41 it passes.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
