[Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW"

Paul Wouters paul at nohats.ca
Fri Sep 20 20:39:26 UTC 2019 

Add ikev2=no 

The default changed from v1 to v2

Paul

Sent from my iPhone

> On Sep 20, 2019, at 15:39, Hugh Sparks <hugh at csparks.com> wrote:
> 
> New list member here.
> 
> I have a server running Libreswan to allow iphone and Windows clients access to the office LAN. This has worked for many years.
> (I never needed to join this list.)
> 
> Recently, I did three server upgrades in quick succession going from fedora 27 to fedora 30. Something along the way broke the
> VPN service.
> 
> When either type of client tries to make a connection, I see this message in the server journal:
> 
>    pluto[16000]: packet from p.q.r.s:t: \
>        initial Main Mode message received on a.b.c.d:500
>        but no connection has been authorized with policy PSK+IKEV1_ALLOW
> 
> Working:
> 
>    Fedora 27 with libreswan-3.27-1.fc27.x86_64
> 
> Not working:
> 
>    Fedora 30 with libreswan-3.29-1.fc30.x86_64
> 
> This command shows everything [OK]
> 
>    ipsec verify
> 
> This command adds the connection with no errors reported:
> 
>    ipsec auto --add L2TP-PSK
> 
> Some configuration files:
> 
> /etc/ipsec.d/myvpn.conf:
> 
>    conn L2TP-PSK
>            type=transport
>            authby=secret
>            pfs=no
>            auto=add
>            left=a.b.c.d
>            right=%any
>            leftprotoport=17/1701
>            rightprotoport=17/%any
>        dpddelay=15
>        dpdtimeout=30
>            dpdaction=clear
> 
>    ("a.b.c.d" is the public IP address of my server)
> 
> /etc/ipsec.d/myvpn.secrets
> 
>    : PSK "some long key phrase"
> 
> I can send more files if necessary, but it appears that the connection process never gets past "pluto"
> 
> Clients tested are "Windows 10 version 1903" and "iOS 12.4.1"
> 
> The client settings are for L2TP/IPSEC with PSK.
> 
> I have downloaded and searched the mailing list archives.
> I found two threads, but none with any clear resolution.
> 
> All suggestions appreciated.
> 
> 
> Thanks!
> 
> 
> 
> -- 
> 
> Mail: hugh at csparks.com <mailto:hugh at csparks.com> Office: 952-955-2800 Mobile: 612-247-2714
> 
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

More information about the Swan mailing list