On Wed, 28 Feb 2024 at 17:35, Marc via Swan <[email protected]> wrote: > > > > > Where can I find a working and tested config, that offers vpn connectivity > > with the os default clients of android, win10, win11, macos and ios? (maybe > > put this on some wiki/example page) > > > > > > How should I even know what goes wrong from this log of mac client? It is > quite annoying that I have to spend some much time on just realising vpn > access for some clients. No wonder everyone is using this openvpn. > > Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: > proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen > from remote proposals > 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] > 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 > 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1536 > 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 > 5:IKE:ENCR=3DES;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024 > Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: sent > IKE_SA_INIT reply {cipher=AES_CBC_256 integ=HMAC_SHA2_256_128 > prf=HMAC_SHA2_256 group=MODP2048} > Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: > processing decrypted IKE_AUTH request: > SK{IDi,N(INITIAL_CONTACT),IDr,CP,N(ESP_TFC_PADDING_NOT_SUPPORTED),N(NON_FIRST_FRAGMENTS_ALSO),SA,TSi,TSr,N(MOBIKE_SUPPORTED)} > Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: > reloaded private key matching left certificate 'vpn.example.com' > Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: added > EAP payload to packet > Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: NSS: > I/O getpeername > Feb 28 23:20:50 test2 pluto[80]: "vpn-ikev2-eap-crt"[1] 192.168.x.x #1: sent > EAP request
(technically a response containing the EAP request) EAP isn't exactly a standard config. Is the mac device configured to handle that? _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
