[Swan] Second OSX client troubleshooting

Paul Wouters paul at nohats.ca
Thu Jan 31 17:23:51 UTC 2019

On Thu, 31 Jan 2019, Mr. Jan Walter wrote:

> Okay, so I sent off a user certificate and the CA cert to a colleague on the other coast, and he's having issues connecting to the config that worked for me with my
> Macbook and my Win10 machine here.

> Jan 31 03:26:05 ip-10-0-0-194 pluto[18497]: "ikev2-cp"[28] #371: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA1_96
> prf=HMA
> Jan 31 03:26:05 ip-10-0-0-194 pluto[18497]: packet from INFORMATIONAL message request has no corresponding IKE SA

That's really odd. We send an IKE_SA_INIT reply, and are expecting an
IKE_AUTH request. Instead we received an INFORMATIONAL which we drop
as invalid.

I'm confused how they could even send an informational.

Make sure the mac has "Authentication Settings" set to "none" or else it
will do EAP-TLS instead of Machine Certificate.


More information about the Swan mailing list