[Swan] Trouble connecting to libreswan from iOS 12 ikev2
Paul Wouters
paul at nohats.ca
Tue May 28 02:31:11 UTC 2019
On Tue, 28 May 2019, Ian Dobson wrote:
>> Do you have a logfile= set in "config setup" in /etc/ipsec.conf ? Then
>> all logs will go to the file instead of syslog. If not, perhaps set
>> logfile=/var/log/pluto.log to gather the logs.
>
> I've made that change but there is still nothing at all being logged when
> I attempt the ikev2 connection from an iphone. After changing the logfile
> parameter per above, I'm seeing in this file exactly what was previously
> going into /var/log/secure through syslog.
If you see logs for IKEv1, you can only also see logs for IKEv2. If that
is not the case then your client is not sending traffic to the same
server.
The only possible other remote option is that the initial IKEv2 packet
is getting fragmented (a misconfiguration with the crypto system policies
in fedora can cause that). You can use tcpdump to see a very large packet
coming in (that doesn't make it to the libreswan pluto daemon).
Paul
More information about the Swan
mailing list