[strongSwan] OS X 10.11 and IKEv2

Laurens Vets laurens at daemon.be
Mon Apr 4 20:28:03 CEST 2016


On 2016-04-04 09:12, Laurens Vets wrote:
> On 2016-04-04 00:26, Christian Huldt wrote:
>> Den 2016-04-04 kl. 04:52, skrev Laurens Vets:
>>> Hello list,
>>> I have a strongSwan server configured and using IKEv2 on my iOS 
>>> device
>>> (9.3.1) works perfectly with IKEv2. When I use the same settings on 
>>> my
>>> Mac when I configure IKEv2, I see the following messages in
>>> /var/log/system.log when I try to connect:
>>> Apr  3 19:44:13 Cerberus nesessionmanager[40856]:
>>> NESMIKEv2VPNSession[VPN 
>>> (IKEv2):33BAFDF0-6B95-4AB2-982A-A7B7B3120C85]:
>>> Received a start command from SystemUIServer[481]
>>> Apr  3 19:44:13 Cerberus nesessionmanager[40856]:
>>> NESMIKEv2VPNSession[VPN 
>>> (IKEv2):33BAFDF0-6B95-4AB2-982A-A7B7B3120C85]:
>>> status changed to connecting
>>> Apr  3 19:44:13 Cerberus nesessionmanager[40856]: Failed to find the
>>> VPN app for plugin type com.apple.neplugin.IKEv2
>>> Apr  3 19:44:13 Cerberus neagent[41085]: IKEv2 Plugin:
>>> ikev2_resolve_server_name: failed to query DNS
>>> Apr  3 19:44:13 Cerberus neagent[41085]: IKEv2 Plugin: Connect:
>>> Attempt to query DNS failed
>>> Apr  3 19:44:13 Cerberus nesessionmanager[40856]:
>>> NESMIKEv2VPNSession[VPN 
>>> (IKEv2):33BAFDF0-6B95-4AB2-982A-A7B7B3120C85]:
>>> status changed to disconnecting
>>> Apr  3 19:44:13 Cerberus nesessionmanager[40856]:
>>> NESMIKEv2VPNSession[VPN 
>>> (IKEv2):33BAFDF0-6B95-4AB2-982A-A7B7B3120C85]:
>>> status changed to disconnected, last stop reason Failed to resolve 
>>> the
>>> server address
>>> I see no connection attempt on the server at all.
>>> Any idea what might be going? For the record, I have no other
>>> connection problems on this machine.
>> Specifically, can you ping strongswan server?
>> Do you use hostname or IP address in the connection settings?
>>> ikev2_resolve_server_name: failed to query DNS
>> means your mac can't even try to connect as it doesn't find the 
>> server...
> 
> I was using the hostname in the "Server Address" field. I've added
> the server name and ip address to /etc/hosts, this also doesn't work.
> 
> I changed the server field from the DNS name to the ip address and
> now the connection works.
> 
> Pinging the server by DNS name works without issues via Terminal.
> Running Wireshark shows no outbound DNS request for the server name.
> 
> I'm not sure why my mac wouldn't try to resolve the DNS name.
> 
> Has anyone else seen this behaviour on OS X?

Sorry for replying to my own mail, but I now believe this to be a bug 
in OS X... OS X doesn't seem to like my hostnames (ending in .io).


More information about the Users mailing list