If the auth errors are gone, then the certs and NSS are fine. Does: ipsec whack --trafficstatus confirm the tunnel is up?
Sent from my iPhone > On Aug 18, 2016, at 3:09 PM, Sowmini Varadhan <[email protected]> > wrote: > >> On (08/18/16 08:02), Sowmini Varadhan wrote: >> >> Thanks in advance for hints, > > fwiw, I later noticed that I was missing the entry > > : RSA "bds" > > in my /etc/ipsec.d/ipsec.secrets. After adding that on each side, > the auth failure error goes away from the tcpdump trace; however tunnels > are still not activated. > > I've tried doing > > right# pk12util -i my.pkcs12 -d /etc/ipsec.d > > to avoid the "sql:*" prefix, does not help. > Feels like I'm really close to getting this to work, but am missing > some config step. > > Hints? > --Sowmini > > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
