Re: [Swan] After upgrade, "No connection has been authorized with policy PSK+IKEV1_ALLOW" [SOLVED]

Fri, 20 Sep 2019 14:34:49 -0700 

The Wizard Wooters got me close enough: I added these incantations:

    ikev2=no
    ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024\
    esp=aes256-sha256,aes256-sha1,3des-sha1

Now Windows and iphone clients work perfectly.

I spent 10 hours on this before I gave up and asked a question. What a great 
group!

Thanks,

-Hugh Sparks


On 9/20/2019 4:05 PM, Hugh Sparks wrote:

I tried adding "ikev2=no" and got this error:
    Failed to add connection "L2TP-PSK": ike string error: IKE encryption algorithm 'aes_gcm256' is not supported by IKEv1 

Perhaps closer...

Thanks again.


On 9/20/2019 3:39 PM, Paul Wouters wrote:

Add ikev2=no

The default changed from v1 to v2

Paul

Sent from my iPhone


On Sep 20, 2019, at 15:39, Hugh Sparks <[email protected]> wrote:

New list member here.
I have a server running Libreswan to allow iphone and Windows clients access to the office LAN. This has worked for many years. 
(I never needed to join this list.)
Recently, I did three server upgrades in quick succession going from fedora 27 to fedora 30. Something along the way broke the 
VPN service.
When either type of client tries to make a connection, I see this message in the server journal: 

    pluto[16000]: packet from p.q.r.s:t: \
        initial Main Mode message received on a.b.c.d:500
        but no connection has been authorized with policy PSK+IKEV1_ALLOW 

Working:

    Fedora 27 with libreswan-3.27-1.fc27.x86_64

Not working:

    Fedora 30 with libreswan-3.29-1.fc30.x86_64

This command shows everything [OK]

    ipsec verify

This command adds the connection with no errors reported:

    ipsec auto --add L2TP-PSK

Some configuration files:

/etc/ipsec.d/myvpn.conf:

    conn L2TP-PSK
            type=transport
            authby=secret
            pfs=no
            auto=add
            left=a.b.c.d
            right=%any
            leftprotoport=17/1701
            rightprotoport=17/%any
        dpddelay=15
        dpdtimeout=30
            dpdaction=clear

    ("a.b.c.d" is the public IP address of my server)

/etc/ipsec.d/myvpn.secrets

    : PSK "some long key phrase"
I can send more files if necessary, but it appears that the connection process never gets past "pluto" 

Clients tested are "Windows 10 version 1903" and "iOS 12.4.1"

The client settings are for L2TP/IPSEC with PSK.

I have downloaded and searched the mailing list archives.
I found two threads, but none with any clear resolution.

All suggestions appreciated.


Thanks!



--
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan





_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to