On Fri, 9 Oct 2015, Erik Andersson wrote:
conn mytunnel
left=2001:470:dc8c:1000::28:60
right=2001:470:dc8c:1000::28:70
connaddrfamily=ipv6
authby=secret
auto=add
When I try to bring up the tunnel I get the following output:
On host 28:60:
[root@vpn-f1 ~]# ipsec auto --up
> Seems libreswan doesn't load the fw certificate, but it's a little bit
> odd because ipsec auto --listall shows all the certs like I expect. I
> will retrace my steps to see what I missed.
>
> Oct 9 10:02:02 fw-kz pluto[30128]: | Added new connection rw-ikev2 with
> policy
> RSASIG+ENCRYPT+TU
Hi Paul,
I am using the new format for the NSS DB sql:/etc/ipsec.d as specified
on the wiki, and I have compared my ipsec.conf to the ikev2 one on the
wiki as well.
Any other suggestions where I might look for the problem?
Run with plutodebug=all and see what's going on?
Seems libreswan doe
Hi,
Running libreswan 3.15 on Centos 7. I'm trying to setup a host-host
tunnel between two IPv6 endpoints on the same subnet. Using the
following configuration:
config setup
protostack=klips
interfaces="ipsec0=eth0"
conn mytunnel
left=2001:470:dc8c:1000::28:60
right=2001:470:
On Fri, 9 Oct 2015, Bob Miller wrote:
I am definitely using machine certificate.
I have recreated the CA, firewall, and user cert. I have installed all three
certs on the firewall, and the CA has CTu,u,u and the fw and user cert have
u,u,u. I have ensured the cert on windows is installed in
Hi Paul,
Thanks for the response.
I am trying to set up ikev2 with windows road warriors, but I am
having an error "No PARENT proposal selected".
Is there a clue as to what could be wrong when this message comes up?
Probably you are having a mismatched AUTH scheme? You should not use EAP
but