[strongSwan] MacOS: IKEv1 fails after wakeup

Harald Dunkel harri at afaics.de
Thu Mar 17 06:52:27 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 03/16/16 18:02, Harald Dunkel wrote:
> PS: After enabling debug logging in racoon and a reboot the problem went away. I will keep debugging enabled, of course.
> 

PPS: After my IP provider changed the external IP address over
night it was broken again.

I am not sure that we are on the right track here. Since NAT on
the right side is under control of others (IP provider, short
timeouts on an unknown DSL gateway, port number conflicts between
the hosts in the remote lan) this cannot be a stable solution.

What about the modecfg exchange the Mac doesn't do on a
reconnect? I understand that modecfg is not standardized, but on
the other hand it was invented by Cisco (AFAIK), and Apple calls
its IKEv1 support "Cisco IPsec". ???

I wonder what Apple thinks about how the reconnect is supposed
to work.


Regards
Harri
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJW6kYVAAoJEAqeKp5m04HLjgQH/0jI2MSeeGGvRFE64HsY0S90
VA5+txbMYcicvImZORNSCmoAmAXgiwV8dt+8i7UfJzzj3puDHiKGqUCMq86sXvii
FgQgmFuJmVNCVNUlfcCBA7ljNKFoYZSgVCIGtEvpC8RbNlHiA1ySzgRs8aFt7xsF
zsgK0doVV9NnTNtGLWZEAnfUCex+PM2o4WjCC/CRpwQ9btdK1Y05fZGGfVI5hm3T
rHdv8eELU2fhimloXxpcHgxcYfhXdh+Bkk6LC+XLqd2y2d13ersRb0RWRBBNRNSa
hZf336CCxXGVQvlFLNG1/6hMtJDSA2v1gzGr/soze2kRZr37Vwq6z+kiElL6UPU=
=TDHo
-----END PGP SIGNATURE-----


More information about the Users mailing list