Matthew Ernisse writes... > How are you setting the proposals on the MacOS end? Your first instance I > think you figured out that you had not specified PSK and so you had a mismatch > there. In the second case you didn't supply the iked(8) debugging information > so I'm not sure what is happening. I am also not sure why you have two > stanzas > in ipsec.conf(5) (much less why you are allowing md5/3des). You should > probably run iked(8) with debugging cranked up and see what it says, I've > found > it to always tell me why it is unhappy.
I didn't have a mismatch in my PSKs (the full config was further down in my first message), nor am I running iked. This is just simple l2tp and everything is handled by isakmpd. The two stanzas are to test a match on different proposals, but nothing on the server seems to match proposals chosen by the client. > I have tunnels between OpenBSD 7.0, iOS/iPadOS 15.3.1, and MacOS 10.15.7. I'm envious at this point! Thanks.