On Sun, May 22, 2022 at 01:07:42PM +0100, Stuart Henderson wrote: > On 2022/05/21 17:04, Tobias Heider wrote: > > > > Oh, makes sense. I think it may still be related to the IDs, so checking if > > ikev2_pld_id matches what you expect for srcid might be a good start. > > Maybe the apple client is sending something different than > > "xxxxxxxxxxxxxxxxxxxx" > > in their dstid. > > I'll try to find what they've got it set to in the week, though if they > followed my setup docs it will match what I've set in iked.conf. > > iked.conf(5) just says "will be used by iked(8) as the identity of the > local peer" so it's a surprise that a mismatch would cause iked to > disallow the connection, seems like maybe a fallback would make sense if > there's no explicit match? > > If anyone else reading sees this after updating to 7.1 and has direct > access to an iPhone, any chance could you help us debug please? > > > If this doesn't help we could try adding a few printfs to see why the policy > > fails to match. >
Stuart I have an iPhone 13. I use it very little so am not a guru with it, nor am I familiar with what has happened in this thread. If you give me the required directions/instructions I will do what I can to help. I am running 7.1-current (GENERIC.MP) #540 on a laptop at present and it can be updated if needed whenever required, preferrably from a known real mirror site. Regards -- aer