On Fri, Feb 18, 2022 at 01:30:27PM -0600, fix...@gmail.com said: > Date: Fri, 18 Feb 2022 13:30:27 -0600 > From: fix...@gmail.com > To: misc@openbsd.org > Subject: Re: IPSec fails with NO_PROPOSAL_CHOSEN when connecting from > recent MacOS/iOS clients > > On Fri, Feb 18, 2022 at 11:43 AM I wrote: > > I recently started seeing some ipsec clients fail on newer versions of > > MacOS and iOS. After MacOS 12.1, connecting to my head end now fails > > with NO_PROPOSAL_CHOSEN using mod1024 in my ipsec.conf. I've also
How are you setting the proposals on the MacOS end? Your first instance I think you figured out that you had not specified PSK and so you had a mismatch there. In the second case you didn't supply the iked(8) debugging information so I'm not sure what is happening. I am also not sure why you have two stanzas in ipsec.conf(5) (much less why you are allowing md5/3des). You should probably run iked(8) with debugging cranked up and see what it says, I've found it to always tell me why it is unhappy. I have tunnels between OpenBSD 7.0, iOS/iPadOS 15.3.1, and MacOS 10.15.7. --Matt -- Matthew Ernisse m...@going-flying.com https://www.going-flying.com/