[Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW"

[Hugh Sparks]

New list member here.

I have a server running Libreswan to allow iphone and Windows clients access to the office LAN. This has worked for many years.
(I never needed to join this list.)

Recently, I did three server upgrades in quick succession going from fedora 27 to fedora 30. Something along the way broke the
VPN service.

When either type of client tries to make a connection, I see this message in the server journal:

	pluto[16000]: packet from p.q.r.s:t: \
		initial Main Mode message received on a.b.c.d:500
		but no connection has been authorized with policy PSK+IKEV1_ALLOW

Working:

	Fedora 27 with libreswan-3.27-1.fc27.x86_64

Not working:

	Fedora 30 with libreswan-3.29-1.fc30.x86_64

This command shows everything [OK]

	ipsec verify

This command adds the connection with no errors reported:

	ipsec auto --add L2TP-PSK

Some configuration files:

/etc/ipsec.d/myvpn.conf:

	conn L2TP-PSK
	        type=transport
	        authby=secret
	        pfs=no
	        auto=add
	        left=a.b.c.d
	        right=%any
	        leftprotoport=17/1701
	        rightprotoport=17/%any
		dpddelay=15
		dpdtimeout=30
	        dpdaction=clear

	("a.b.c.d" is the public IP address of my server)

/etc/ipsec.d/myvpn.secrets

	: PSK "some long key phrase"

I can send more files if necessary, but it appears that the connection process never gets past "pluto"

Clients tested are "Windows 10 version 1903" and "iOS 12.4.1"

The client settings are for L2TP/IPSEC with PSK.

I have downloaded and searched the mailing list archives.
I found two threads, but none with any clear resolution.

All suggestions appreciated.


Thanks!



-- 

Mail: hugh at csparks.com <mailto:hugh at csparks.com> Office: 952-955-2800 
Mobile: 612-247-2714