[Swan] iOS IKEv2 "ISAKMP_v2_IKE_SA_INIT message received on 172.31.2.1:500 but no suitable connection found with IKEv2 policy"

Heting Wang Sat, 22 Jul 2023 13:14:18 -0700


Hello,

I’m now migrating from StrongSwan to LibreSwan, it seems like it will never 
work with iOS


cat /etc/ipsec.conf
config setup
logfile=/var/log/pluto.log

conn cert
ikev2=insist
left=%defaultroute
[email protected]
leftsendcert=always
leftsubnet=0.0.0.0/0
leftrsasigkey=%cert
right=%any
rightaddresspool=10.10.0.1-10.10.0.254
rightca="C=US, O= IdenTrust, CN= TrustID CA A13"
rightrsasigkey=%cert
modecfgdns=172.31.0.2
rekey=no
narrowing=yes
fragmentation=yes
encapsulation=yes
auto=add

include /etc/crypto-policies/back-ends/libreswan.config

include /etc/ipsec.d/*.conf

certutil -L -d sql:/var/lib/ipsec/nss

Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI

imlibra.me u,u,u
identrust-commercial-root-ca-1 CT,C,C
trustid-ca-a13 CT,C,C

ipsec auto --add cert
002 "cert": added IKEv2 connection

tail -f /var/log/pluto.log
Jul 22 19:49:36.532020: adding UDP interface eth0 [2406:da14:5db:f400::e60]:500
Jul 22 19:49:36.532049: adding UDP interface eth0 [2406:da14:5db:f400::e60]:4500
Jul 22 19:49:36.532072: adding UDP interface eth0 [2406:da14:5db:f400🔡:]:500
Jul 22 19:49:36.532096: adding UDP interface eth0 [2406:da14:5db:f400🔡:]:4500
Jul 22 19:49:36.532119: adding UDP interface eth0 
[2406:da14:5db:f400:e9d7:64ca:b008:4182]:500
Jul 22 19:49:36.532142: adding UDP interface eth0 
[2406:da14:5db:f400:e9d7:64ca:b008:4182]:4500
Jul 22 19:49:36.532165: adding UDP interface eth1 
[2406:da14:5db:f400:810a:b1ea:b7d5:47bd]:500
Jul 22 19:49:36.532188: adding UDP interface eth1 
[2406:da14:5db:f400:810a:b1ea:b7d5:47bd]:4500
Jul 22 19:49:36.534599: loading secrets from "/etc/ipsec.secrets"
Jul 22 19:49:36.534653: no secrets filename matched "/etc/ipsec.d/*.secrets"
Jul 22 19:50:03.652462: packet from 114.246.198.250:500: ISAKMP_v2_IKE_SA_INIT 
message received on 172.31.2.1:500 but no suitable connection found with IKEv2 
policy
Jul 22 19:50:03.652512: packet from 114.246.198.250:500: responding to 
IKE_SA_INIT (34) message (Message ID 0) with unencrypted notification 
NO_PROPOSAL_CHOSEN

smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

[Swan] iOS IKEv2 "ISAKMP_v2_IKE_SA_INIT message received on 172.31.2.1:500 but no suitable connection found with IKEv2 policy"

Reply via email to