On Fri, 20 Sep 2019, Hugh Sparks wrote:
Subject: Re: [Swan] After upgrade,
"No connection has been authorized with policy PSK+IKEV1_ALLOW" [SOLVED]
The Wizard Wooters got me close enough: I added these incantations:
ikev2=no
ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024\
esp=aes256-sha256,aes256-sha1,3des-sha1
Now Windows and iphone clients work perfectly.
Note Android clients will fail, because of their sha2_256 bug. I would
recommend:
esp=aes256-sha2_512,aes256-sha1,aes256-sha2_256,3des-sha1
That causes us to prefer sha2_512 and sha1 over sha2_256, and should
work will Windows. iphone and Android clients.
I spent 10 hours on this before I gave up and asked a question. What a great
group!
Glad we could help!
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
