Hello, It’s listening, I tried "ipsec whack —listen" many times but it’s still the same:
Jul 22 22:38:36.582586: "cert": added IKEv2 connection Jul 22 22:38:36.582671: listening for IKE messages Jul 22 22:38:36.582748: Kernel supports NIC esp-hw-offload Jul 22 22:38:36.582865: adding UDP interface docker0 172.17.0.1:500 Jul 22 22:38:36.583132: adding UDP interface docker0 172.17.0.1:4500 Jul 22 22:38:36.583173: adding UDP interface eth1 172.31.2.1:500 Jul 22 22:38:36.583197: adding UDP interface eth1 172.31.2.1:4500 Jul 22 22:38:36.583223: adding UDP interface eth0 172.31.1.1:500 Jul 22 22:38:36.583247: adding UDP interface eth0 172.31.1.1:4500 Jul 22 22:38:36.583270: adding UDP interface lo 127.0.0.1:500 Jul 22 22:38:36.583295: adding UDP interface lo 127.0.0.1:4500 Jul 22 22:38:36.583324: adding UDP interface lo [::1]:500 Jul 22 22:38:36.583352: adding UDP interface lo [::1]:4500 Jul 22 22:38:36.583378: adding UDP interface eth0 [2406:da14:5db:f400::e60]:500 Jul 22 22:38:36.583401: adding UDP interface eth0 [2406:da14:5db:f400::e60]:4500 Jul 22 22:38:36.583423: adding UDP interface eth0 [2406:da14:5db:f400:abcd::]:500 Jul 22 22:38:36.583460: adding UDP interface eth0 [2406:da14:5db:f400:abcd::]:4500 Jul 22 22:38:36.583484: adding UDP interface eth0 [2406:da14:5db:f400:e9d7:64ca:b008:4182]:500 Jul 22 22:38:36.583508: adding UDP interface eth0 [2406:da14:5db:f400:e9d7:64ca:b008:4182]:4500 Jul 22 22:38:36.583535: adding UDP interface eth1 [2406:da14:5db:f400:810a:b1ea:b7d5:47bd]:500 Jul 22 22:38:36.583561: adding UDP interface eth1 [2406:da14:5db:f400:810a:b1ea:b7d5:47bd]:4500 Jul 22 22:38:36.585769: loading secrets from "/etc/ipsec.secrets" Jul 22 22:38:36.585812: no secrets filename matched "/etc/ipsec.d/*.secrets" Jul 22 22:39:24.962183: listening for IKE messages Jul 22 22:39:24.962393: loading secrets from "/etc/ipsec.secrets" Jul 22 22:39:24.962423: no secrets filename matched "/etc/ipsec.d/*.secrets" Jul 22 22:40:14.605540: listening for IKE messages Jul 22 22:40:14.605798: loading secrets from "/etc/ipsec.secrets" Jul 22 22:40:14.605840: no secrets filename matched "/etc/ipsec.d/*.secrets" Jul 22 22:40:27.791023: listening for IKE messages Jul 22 22:40:27.791184: loading secrets from "/etc/ipsec.secrets" Jul 22 22:40:27.791215: no secrets filename matched "/etc/ipsec.d/*.secrets" Jul 22 22:42:11.073335: listening for IKE messages Jul 22 22:42:11.073494: loading secrets from "/etc/ipsec.secrets" Jul 22 22:42:11.073523: no secrets filename matched "/etc/ipsec.d/*.secrets" Jul 22 22:42:16.885759: packet from 114.246.198.250:500: ISAKMP_v2_IKE_SA_INIT message received on 172.31.2.1:500 but no suitable connection found with IKEv2 policy Jul 22 22:42:16.885784: packet from 114.246.198.250:500: responding to IKE_SA_INIT (34) message (Message ID 0) with unencrypted notification NO_PROPOSAL_CHOSEN Jul 22 22:42:17.855101: packet from 114.246.198.250:500: ISAKMP_v2_IKE_SA_INIT message received on 172.31.2.1:500 but no suitable connection found with IKEv2 policy Jul 22 22:42:17.855131: packet from 114.246.198.250:500: responding to IKE_SA_INIT (34) message (Message ID 0) with unencrypted notification NO_PROPOSAL_CHOSEN > On Jul 23, 2023, at 5:01 AM, Paul Wouters <[email protected]> wrote: > > On Sat, 22 Jul 2023, Heting Wang wrote: > >> I’m now migrating from StrongSwan to LibreSwan, it seems like it will never >> work with iOS > > Your error is not related to iOS. > >> conn cert >> ikev2=insist >> left=%defaultroute > >> tail -f /var/log/pluto.log >> Jul 22 19:49:36.532020: adding UDP interface eth0 >> [2406:da14:5db:f400::e60]:500 >> Jul 22 19:49:36.532049: adding UDP interface eth0 >> [2406:da14:5db:f400::e60]:4500 >> Jul 22 19:49:36.532072: adding UDP interface eth0 [2406:da14:5db:f400🔡:]:500 >> Jul 22 19:49:36.532096: adding UDP interface eth0 [2406:da14:5db:f400🔡:]:4500 >> Jul 22 19:49:36.532119: adding UDP interface eth0 >> [2406:da14:5db:f400:e9d7:64ca:b008:4182]:500 >> Jul 22 19:49:36.532142: adding UDP interface eth0 >> [2406:da14:5db:f400:e9d7:64ca:b008:4182]:4500 >> Jul 22 19:49:36.532165: adding UDP interface eth1 >> [2406:da14:5db:f400:810a:b1ea:b7d5:47bd]:500 >> Jul 22 19:49:36.532188: adding UDP interface eth1 >> [2406:da14:5db:f400:810a:b1ea:b7d5:47bd]:4500 > > It seems you are not listening on IPv4 IP addresses. Meaning libreswan > got started before the IP 172.31.2.1 was configured on the system? > >> Jul 22 19:50:03.652462: packet from 114.246.198.250:500: >> ISAKMP_v2_IKE_SA_INIT message received on 172.31.2.1:500 but no suitable >> connection found with >> IKEv2 policy >> Jul 22 19:50:03.652512: packet from 114.246.198.250:500: responding to >> IKE_SA_INIT (34) message (Message ID 0) with unencrypted notification >> NO_PROPOSAL_CHOSEN > > As a workaround, you can try after the boot to issue "ipsec whack --listen" > which should redo the IP > binding and pick up the now added 172.31.2.1 IP. > > Paul
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
