Please could you tell me if the following message is an error or a warning:
we require IKEv1 peer to have ID '190.0.2.236', but peer declares 'CN= vpn.example.com' Thanks in advance 2016-04-27 21:07 GMT-03:00 Paul Wouters <[email protected]>: > On Wed, 27 Apr 2016, Sergio Belkin wrote: > > I've successfuly imported everything as you explained, no I have the >> following issue: >> > > abr 27 11:10:08 initiator.example.local pluto[17451]: "windows" #2: our >> client subnet returned doesn't match my proposal - >> us:192.168.40.21/32 vs them:192.0.2.65/32 >> abr 27 11:10:08 initiator.example.local pluto[17451]: "windows" #2: >> Allowing questionable proposal anyway [ALLOW_MICROSOFT_BAD_PROPOSAL] >> abr 27 11:10:08 initiator.example.local pluto[17451]: "windows" #2: peer >> client subnet returned doesn't match my proposal - >> us:190.226.58.236/32 vs them:172.16.100.2/32 >> abr 27 11:10:08 initiator.example.local pluto[17451]: "windows" #2: >> Allowing questionable proposal anyway [ALLOW_MICROSOFT_BAD_PROPOSAL] >> abr 27 11:10:08 initiator.example.local pluto[17451]: "windows" #2: >> cannot route template policy of >> >> RSASIG+ENCRYPT+DONT_REKEY+UP+IKEV1_ALLOW+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW >> abr 27 11:10:08 initiator.example.local pluto[17451]: "windows" #2: >> discarding duplicate packet; already STATE_QUICK_I1 >> > > Yuck, looks like a Microsoft remote server. It is a little odd that we > detect the bogus microsoft proposal, yet cannot continue. I assume > you have auto=add (or auto=start if you dont have onetime passowrds) > and not auto=route? > > A full log with plutodebug=all might help me to see what's going on. Can > you mail me that offlist? > > Paul > -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
