On 2022/05/21 17:04, Tobias Heider wrote: > > Oh, makes sense. I think it may still be related to the IDs, so checking if > ikev2_pld_id matches what you expect for srcid might be a good start. > Maybe the apple client is sending something different than > "xxxxxxxxxxxxxxxxxxxx" > in their dstid.
I'll try to find what they've got it set to in the week, though if they followed my setup docs it will match what I've set in iked.conf. iked.conf(5) just says "will be used by iked(8) as the identity of the local peer" so it's a surprise that a mismatch would cause iked to disallow the connection, seems like maybe a fallback would make sense if there's no explicit match? If anyone else reading sees this after updating to 7.1 and has direct access to an iPhone, any chance could you help us debug please? > If this doesn't help we could try adding a few printfs to see why the policy > fails to match.
