On Wed, Feb 23, 2022 at 09:57:30PM +0100, Tobias Heider wrote: >On Mon, Feb 21, 2022 at 09:12:27AM -0600, rea...@catastrophe.net wrote: >> On Mon, Feb 21, 2022 at 02:55:39PM +0100, Tobias Heider wrote: >> >On Sat, Feb 19, 2022 at 12:28:15AM -0600, rea...@catastrophe.net wrote: >> >> IKE is failing when I connect using a simple password defined in >> >> /etc/iked.conf. I'm connecting from a native Mac client...is >> >> mschap-v2 on MacOS broken or are my configs wrong? Thanks in advance. >> >> >> [..] >> >> /etc/iked.conf - fails with username/password >> >> ############################################## >> >> user "testuser" "testpassword" >> >> ikev2 "ROAD_WARRIOR" esp \ >> >> from 0.0.0.0/0 to 10.1.255.0/24 \ >> >> peer any local vpn.company.com \ >> >> srcid vpn.company.com \ >> >> dstid mac-laptop \ >> >> eap "mschap-v2" \ >> >> config address 10.1.255.0/24 \ >> >> config name-server 10.1.255.1 \ >> >> tag "$name-$id" >> >> >> >Hard to tell what's going wrong here. Looks like the mac ignores the >> >IKE_AUTH >> >response and restarts the handshake. I haven't seen any other reports about >> >problems with the mac implementation and i don't have one to test. >> >You could try enabling verbose logging with 'iked -dvvv' or >> >'ikectl log verbose' and see if that gives us any clues. >> >> Here is the output of iked -dvvv > >Looks all ok. Is there any way to get logs from the mac? >It still looks like the other side just drops the AUTH response >for no obvious reason. >
I honestly have no idea where the logs would even be stored or what the daemon runs as under MacOS 12.2.1 (Monterey).
