[Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW"
Paul Wouters
paul at nohats.ca
Fri Sep 20 20:39:26 UTC 2019
Add ikev2=no
The default changed from v1 to v2
Paul
Sent from my iPhone
> On Sep 20, 2019, at 15:39, Hugh Sparks <hugh at csparks.com> wrote:
>
> New list member here.
>
> I have a server running Libreswan to allow iphone and Windows clients access to the office LAN. This has worked for many years.
> (I never needed to join this list.)
>
> Recently, I did three server upgrades in quick succession going from fedora 27 to fedora 30. Something along the way broke the
> VPN service.
>
> When either type of client tries to make a connection, I see this message in the server journal:
>
> pluto[16000]: packet from p.q.r.s:t: \
> initial Main Mode message received on a.b.c.d:500
> but no connection has been authorized with policy PSK+IKEV1_ALLOW
>
> Working:
>
> Fedora 27 with libreswan-3.27-1.fc27.x86_64
>
> Not working:
>
> Fedora 30 with libreswan-3.29-1.fc30.x86_64
>
> This command shows everything [OK]
>
> ipsec verify
>
> This command adds the connection with no errors reported:
>
> ipsec auto --add L2TP-PSK
>
> Some configuration files:
>
> /etc/ipsec.d/myvpn.conf:
>
> conn L2TP-PSK
> type=transport
> authby=secret
> pfs=no
> auto=add
> left=a.b.c.d
> right=%any
> leftprotoport=17/1701
> rightprotoport=17/%any
> dpddelay=15
> dpdtimeout=30
> dpdaction=clear
>
> ("a.b.c.d" is the public IP address of my server)
>
> /etc/ipsec.d/myvpn.secrets
>
> : PSK "some long key phrase"
>
> I can send more files if necessary, but it appears that the connection process never gets past "pluto"
>
> Clients tested are "Windows 10 version 1903" and "iOS 12.4.1"
>
> The client settings are for L2TP/IPSEC with PSK.
>
> I have downloaded and searched the mailing list archives.
> I found two threads, but none with any clear resolution.
>
> All suggestions appreciated.
>
>
> Thanks!
>
>
>
> --
>
> Mail: hugh at csparks.com <mailto:hugh at csparks.com> Office: 952-955-2800 Mobile: 612-247-2714
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list