On Mon, 10 Jun 2019, Madhan Raj wrote:
when i try to bring up my policy failing with below error any idea why this is
happening?
[root@ccm-87 ~]# ipsec auto --up 71772488137_x509
002 "71772488137_x509" #306: initiating Main Mode
104 "71772488137_x509" #306: STATE_MAIN_I1: initiate
003 "71772488137_x509" #306: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=12
The other end rejected your IKE proposal. Check their logs to see what
they did not like or compare IKE settings between the two endpoints and
fix those to match.
[root@ccm-87 ~]# certutil -L -d /usr/local/platform/.security/ipsec/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
DODParent-INTERMEDIATECA-CA-4 c,c,c
DODParent-ROOTCA-CA-2 c,c,c
ipsec-db u,u,u
ccm-88 c,c,c
Note your CA's are missing the trust bits. Normally running "ipsec checknss"
should
fix those. You should see "CT,," for the CA's.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
