[Swan] iOS IKEv2 "ISAKMP_v2_IKE_SA_INIT message received on 172.31.2.1:500 but no suitable connection found with IKEv2 policy"r
Heting Wang
meow at imlibra.me
Fri Jul 28 07:00:01 EEST 2023
Thanks. I resolved when I use left=172.31.2.1
conn psk
ikev2=yes
authby=secret
left=172.31.2.1
leftid=@ipsec.imlibra.me
leftsubnet=0.0.0.0/0
right=%any
rightaddresspool=10.10.0.1-10.10.0.254
modecfgdns=172.31.0.2
rekey=no
narrowing=yes
fragmentation=yes
encapsulation=yes
auto=add
But it seems like IPv6 address range is not available in leftsubnet or rightaddresspool with an IPv4 address specified…
> On Jul 24, 2023, at 12:25 AM, Paul Wouters <paul at nohats.ca> wrote:
>
> On Sat, 22 Jul 2023, Heting Wang wrote:
>
>> "ISAKMP_v2_IKE_SA_INIT message received on 172.31.2.1:500 but no suitable
>> connection found with IKEv2 policy"r
>> I collected more information using plutodebug=tmi
>
>> Jul 22 22:57:17.604493: | *received 604 bytes from XXXXXXXXXX:500 on eth1 172.31.
>> 2.1:500 using UDP
>
> It does not change my answer. For some reason your connection is loaded
> before you had the IP or route in please for left=%defaultroute to pick
> it up. You can set left=172.31.2.1 to work around that if it is a static
> IP.
>
> Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2244 bytes
Desc: not available
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20230728/80569e36/attachment.p7s>
More information about the Swan
mailing list