Re: [Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW" [SOLVED]

2019-09-21 Thread Hugh Sparks
Sorry to propagate misinformation: this expression (suggested to support android) works fine:     esp=aes256-sha2_512,aes256-sha1,aes256-sha2_256,3des-sha1 On my first attempt to try this, I put in a typo that kept my connection from loading from:     /etc/ipsec.d/mything.conf But the

Re: [Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW" [SOLVED]

2019-09-20 Thread Hugh Sparks
For the sake of discussion and to rule out misunderstanding, here's my complete and working ipsec configuration file: conn L2TP-PSK pfs=no auto=add ikev2=no ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024

Re: [Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW"

2019-09-20 Thread Andrew Cagney
On Fri, 20 Sep 2019 at 17:05, Hugh Sparks wrote: > > I tried adding "ikev2=no" and got this error: > > Failed to add connection "L2TP-PSK": ike string error: IKE encryption > algorithm 'aes_gcm256' is not supported by IKEv1 IKEv1 doesn't support AES GCM for IKE (only ESP). One way to get

Re: [Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW" [SOLVED]

2019-09-20 Thread Paul Wouters
On Fri, 20 Sep 2019, Hugh Sparks wrote: Subject: Re: [Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW" [SOLVED] The Wizard Wooters got me close enough: I added these incantations:     ikev2=no     ike=aes256-sha1-modp1024,aes128-sha1-modp1024

Re: [Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW" [SOLVED]

2019-09-20 Thread Hugh Sparks
The Wizard Wooters got me close enough: I added these incantations:     ikev2=no     ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024\     esp=aes256-sha256,aes256-sha1,3des-sha1 Now Windows and iphone clients work perfectly. I spent 10 hours on this before I gave up and asked

Re: [Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW"

2019-09-20 Thread Hugh Sparks
I tried adding "ikev2=no" and got this error: Failed to add connection "L2TP-PSK": ike string error: IKE encryption algorithm 'aes_gcm256' is not supported by IKEv1 Perhaps closer... Thanks again. On 9/20/2019 3:39 PM, Paul Wouters wrote: Add ikev2=no The default changed from v1 to v2

Re: [Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW"

2019-09-20 Thread Paul Wouters
Add ikev2=no The default changed from v1 to v2 Paul Sent from my iPhone > On Sep 20, 2019, at 15:39, Hugh Sparks wrote: > > New list member here. > > I have a server running Libreswan to allow iphone and Windows clients access > to the office LAN. This has worked for many years. > (I

[Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW"

2019-09-20 Thread Hugh Sparks
New list member here. I have a server running Libreswan to allow iphone and Windows clients access to the office LAN. This has worked for many years. (I never needed to join this list.) Recently, I did three server upgrades in quick succession going from fedora 27 to fedora 30. Something