>
> Where can I find a working and tested config, that offers vpn connectivity
> with the os default clients of android, win10, win11, macos and ios? (maybe
> put this on some wiki/example page)
>
>
How should I even know what goes wrong from this log of mac client? It is quite
annoying that I have to spend some much time on just realising vpn access for
some clients. No wonder everyone is using this openvpn.
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1:
proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from
remote proposals
1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match]
2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256
3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1536
4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024
5:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: sent
IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 prf=HMAC_SHA2_256
group=MODP2048}
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1:
processing decrypted IKE_AUTH request:
SK{IDi,N(INITIAL_CONTACT),IDr,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)}
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1:
reloaded private key matching left certificate 'vpn.example.com'
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: added
EAP payload to packet
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: NSS:
I/O getpeername
Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: sent
EAP request
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
