[Swan] Second OSX client troubleshooting
Paul Wouters
paul at nohats.ca
Thu Jan 31 17:23:51 UTC 2019
On Thu, 31 Jan 2019, Mr. Jan Walter wrote:
> Okay, so I sent off a user certificate and the CA cert to a colleague on the other coast, and he's having issues connecting to the config that worked for me with my
> Macbook and my Win10 machine here.
> Jan 31 03:26:05 ip-10-0-0-194 pluto[18497]: "ikev2-cp"[28] 12.11.11.11 #371: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=AES_CBC_256 integ=HMAC_SHA1_96
> prf=HMA
> Jan 31 03:26:05 ip-10-0-0-194 pluto[18497]: packet from 12.11.11.11:500: INFORMATIONAL message request has no corresponding IKE SA
That's really odd. We send an IKE_SA_INIT reply, and are expecting an
IKE_AUTH request. Instead we received an INFORMATIONAL which we drop
as invalid.
I'm confused how they could even send an informational.
Make sure the mac has "Authentication Settings" set to "none" or else it
will do EAP-TLS instead of Machine Certificate.
Paul
More information about the Swan
mailing list