[Swan] default config that works with recent android/win10/win11/macos/ios

Thu Feb 29 00:34:51 EET 2024

> 
> Where can I find a working and tested config, that offers vpn connectivity
> with the os default clients of android, win10, win11, macos and ios? (maybe
> put this on some wiki/example page)
> 
> 

How should I even know what goes wrong from this log of mac client? It is quite annoying that I have to spend some much time on just realising vpn access for some clients. No wonder everyone is using this openvpn.

Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1536 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 5:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: sent IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256 group=MODP2048}
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: processing decrypted IKE_AUTH request: SK{IDi,N(INITIAL_CONTACT),IDr,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: reloaded private key matching left certificate 'vpn.example.com'
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: added EAP payload to packet
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: NSS: I/O getpeername
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: sent EAP request