Hi Paul,
Thanks for the response.
I am trying to set up ikev2 with windows road warriors, but I am
having an error "No PARENT proposal selected".
Is there a clue as to what could be wrong when this message comes up?
Probably you are having a mismatched AUTH scheme? You should not use EAP
but "Machine Certificate".
I am definitely using machine certificate.
I have recreated the CA, firewall, and user cert. I have installed all
three certs on the firewall, and the CA has CTu,u,u and the fw and user
cert have u,u,u. I have ensured the cert on windows is installed in
local machine, and the CA is listed in the Trusted Root. I have ensured
the fw cert has a SAN and CN that matches its DNS name.
I am using the new format for the NSS DB sql:/etc/ipsec.d as specified
on the wiki, and I have compared my ipsec.conf to the ikev2 one on the
wiki as well.
Any other suggestions where I might look for the problem?
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
