On Thu, 31 Jan 2019, Mr. Jan Walter wrote:
Okay, so I sent off a user certificate and the CA cert to a colleague on the
other coast, and he's having issues connecting to the config that worked for me
with my
Macbook and my Win10 machine here.
Jan 31 03:26:05 ip-10-0-0-194 pluto[18497]: "ikev2-cp"[28] 12.11.11.11 #371:
STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_256
integ=HMAC_SHA1_96
prf=HMA
Jan 31 03:26:05 ip-10-0-0-194 pluto[18497]: packet from 12.11.11.11:500:
INFORMATIONAL message request has no corresponding IKE SA
That's really odd. We send an IKE_SA_INIT reply, and are expecting an
IKE_AUTH request. Instead we received an INFORMATIONAL which we drop
as invalid.
I'm confused how they could even send an informational.
Make sure the mac has "Authentication Settings" set to "none" or else it
will do EAP-TLS instead of Machine Certificate.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
