On Tue, 28 May 2019, Ian Dobson wrote:
Do you have a logfile= set in "config setup" in /etc/ipsec.conf ? Then
all logs will go to the file instead of syslog. If not, perhaps set
logfile=/var/log/pluto.log to gather the logs.
I've made that change but there is still nothing at all being logged when
I attempt the ikev2 connection from an iphone. After changing the logfile
parameter per above, I'm seeing in this file exactly what was previously
going into /var/log/secure through syslog.
If you see logs for IKEv1, you can only also see logs for IKEv2. If that
is not the case then your client is not sending traffic to the same
server.
The only possible other remote option is that the initial IKEv2 packet
is getting fragmented (a misconfiguration with the crypto system policies
in fedora can cause that). You can use tcpdump to see a very large packet
coming in (that doesn't make it to the libreswan pluto daemon).
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
