[Swan] Trouble connecting to libreswan from iOS 12 ikev2
Ian Dobson
ird at oob.id.au
Mon May 27 05:05:36 UTC 2019
I am running libreswan as a VPN (network-to-multiple clients) on a Centos
7 platform. It has been working successfully to connect with iOS client
using IKEV1 + XAUTH.
I am now trying to set up iOS connections using ikev2 with no success.
(I'm using the same certificate auth credentials that are working
successfully with the IKEV1+XAUTH.)
Config setup:
conn ikev2-rsa
type=tunnel
ikev2=insist
narrowing=yes
pfs=no
rekey=no
encapsulation=yes
fragmentation=yes
dpddelay=30
dpdtimeout=90
dpdaction=clear
left=144.132.45.114
leftrsasigkey=%cert
leftcert=vpn
leftsendcert=always
leftid=%fromcert
leftsubnet=0.0.0.0/0
right=%any
rightid=%fromcert
rightrsasigkey=%cert
rightca=%same
rightaddresspool=172.21.1.200-172.21.1.254
tcpdump -i eth3 -nn host 144.132.45.114:
listening on eth3, link-type EN10MB (Ethernet), capture size 65535 bytes
14:30:55.417934 IP 1.143.57.22.30035 > 144.132.45.114.500: isakmp:
parent_sa ikev2_init[I]
14:30:58.495733 IP 1.143.57.22.30035 > 144.132.45.114.500: isakmp:
parent_sa ikev2_init[I]
14:31:01.505931 IP 1.143.57.22.30035 > 144.132.45.114.500: isakmp:
parent_sa ikev2_init[I]
14:31:04.495418 IP 1.143.57.22.30035 > 144.132.45.114.500: isakmp:
parent_sa ikev2_init[I]
It seems that libreswan isn't responding at all to the first init packet.
I don't think it's a firewall or routing related issue, as libreswan is
quite happily negotiating an ikev1 connection over the same interface.
There is nothing at all being output through syslog.
Any ideas where I should start looking for the problem?
More information about the Swan
mailing list