Add ikev2=no The default changed from v1 to v2
Paul Sent from my iPhone > On Sep 20, 2019, at 15:39, Hugh Sparks <[email protected]> wrote: > > New list member here. > > I have a server running Libreswan to allow iphone and Windows clients access > to the office LAN. This has worked for many years. > (I never needed to join this list.) > > Recently, I did three server upgrades in quick succession going from fedora > 27 to fedora 30. Something along the way broke the > VPN service. > > When either type of client tries to make a connection, I see this message in > the server journal: > > pluto[16000]: packet from p.q.r.s:t: \ > initial Main Mode message received on a.b.c.d:500 > but no connection has been authorized with policy PSK+IKEV1_ALLOW > > Working: > > Fedora 27 with libreswan-3.27-1.fc27.x86_64 > > Not working: > > Fedora 30 with libreswan-3.29-1.fc30.x86_64 > > This command shows everything [OK] > > ipsec verify > > This command adds the connection with no errors reported: > > ipsec auto --add L2TP-PSK > > Some configuration files: > > /etc/ipsec.d/myvpn.conf: > > conn L2TP-PSK > type=transport > authby=secret > pfs=no > auto=add > left=a.b.c.d > right=%any > leftprotoport=17/1701 > rightprotoport=17/%any > dpddelay=15 > dpdtimeout=30 > dpdaction=clear > > ("a.b.c.d" is the public IP address of my server) > > /etc/ipsec.d/myvpn.secrets > > : PSK "some long key phrase" > > I can send more files if necessary, but it appears that the connection > process never gets past "pluto" > > Clients tested are "Windows 10 version 1903" and "iOS 12.4.1" > > The client settings are for L2TP/IPSEC with PSK. > > I have downloaded and searched the mailing list archives. > I found two threads, but none with any clear resolution. > > All suggestions appreciated. > > > Thanks! > > > > -- > > Mail: [email protected] <mailto:[email protected]> Office: 952-955-2800 Mobile: > 612-247-2714 > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
