[strongSwan] OS X 10.11 and IKEv2

Laurens Vets laurens at daemon.be
Mon Apr 4 18:12:39 CEST 2016


On 2016-04-04 00:26, Christian Huldt wrote:
> Den 2016-04-04 kl. 04:52, skrev Laurens Vets:
>> Hello list,
>> 
>> I have a strongSwan server configured and using IKEv2 on my iOS 
>> device
>> (9.3.1) works perfectly with IKEv2. When I use the same settings on 
>> my
>> Mac when I configure IKEv2, I see the following messages in
>> /var/log/system.log when I try to connect:
>> 
>> Apr  3 19:44:13 Cerberus nesessionmanager[40856]:
>> NESMIKEv2VPNSession[VPN 
>> (IKEv2):33BAFDF0-6B95-4AB2-982A-A7B7B3120C85]:
>> Received a start command from SystemUIServer[481]
>> Apr  3 19:44:13 Cerberus nesessionmanager[40856]:
>> NESMIKEv2VPNSession[VPN 
>> (IKEv2):33BAFDF0-6B95-4AB2-982A-A7B7B3120C85]:
>> status changed to connecting
>> Apr  3 19:44:13 Cerberus nesessionmanager[40856]: Failed to find the
>> VPN app for plugin type com.apple.neplugin.IKEv2
>> Apr  3 19:44:13 Cerberus neagent[41085]: IKEv2 Plugin:
>> ikev2_resolve_server_name: failed to query DNS
>> Apr  3 19:44:13 Cerberus neagent[41085]: IKEv2 Plugin: Connect:
>> Attempt to query DNS failed
>> Apr  3 19:44:13 Cerberus nesessionmanager[40856]:
>> NESMIKEv2VPNSession[VPN 
>> (IKEv2):33BAFDF0-6B95-4AB2-982A-A7B7B3120C85]:
>> status changed to disconnecting
>> Apr  3 19:44:13 Cerberus nesessionmanager[40856]:
>> NESMIKEv2VPNSession[VPN 
>> (IKEv2):33BAFDF0-6B95-4AB2-982A-A7B7B3120C85]:
>> status changed to disconnected, last stop reason Failed to resolve 
>> the
>> server address
>> 
>> I see no connection attempt on the server at all.
>> 
>> Any idea what might be going? For the record, I have no other
>> connection problems on this machine.
> Specifically, can you ping strongswan server?
> Do you use hostname or IP address in the connection settings?
>> ikev2_resolve_server_name: failed to query DNS
> means your mac can't even try to connect as it doesn't find the 
> server...

I was using the hostname in the "Server Address" field. I've added the 
server name and ip address to /etc/hosts, this also doesn't work.

I changed the server field from the DNS name to the ip address and now 
the connection works.

Pinging the server by DNS name works without issues via Terminal. 
Running Wireshark shows no outbound DNS request for the server name.

I'm not sure why my mac wouldn't try to resolve the DNS name.

Has anyone else seen this behaviour on OS X?


More information about the Users mailing list