On Wed, Feb 23, 2022 at 10:10 PM <rea...@catastrophe.net> wrote:
>
> I honestly have no idea where the logs would even be stored or what
> the daemon runs as under MacOS 12.2.1 (Monterey).
I don't have a Monterey system handy, but at least under macOS
Catalina, VPN connections use setkey and racoon, similar to FreeBSD.
Parts of the FreeBSD handbook's chapter on IPsec VPN may be relevant.
The global conf is in /etc/racoon.conf, which has some logging options
(and the associated man pages are installed), and there's a
/var/log/racoon.log. setkey [ -P ] -D looks useful, but may not apply
if it's failing before establishing SA entries.
It also uses pppd, at least for L2TP over IPsec; a handy feature of
which is support for your own scripts at /etc/ppp/ip-{up,down}.
-Andrew
