![]() ![]() IPSec Phase 1 started (Initiated by peer). Immediately before the connection died, I got log entries as follows: New Phase 1 state changed to: IKEv1 ident R start respond new phase 1 negotiation: 192.109.202.198.254 begin Identity Protection mode. The tunnel stayed alive between a few seconds and minutes, but eventually died.įor a more detailed analysis, I opened the console app on the Mac and set the filter to “racoon”, the name of the IPSec daemon on macOS. The VPN tunnel was successfully established and stable for a few minutes, then it suddenly failed. With this knowledge, we updated the server side to enforce MSCHAPv2 authentication, and I tried again from the Mac. The fix was to uncheck all authentication protocols except MSCHAPv2: This didn’t work initially: Sep 23 10:29:43 pop-os charon: 11 parsed IKE_SA_INIT response 0 Sep 23 10:29:43 pop-os charon: 11 received NO_PROPOSAL_CHOSEN notify error To narrow down the error, I configured the VPN in a virtual machine (Pop!_OS Linux, libreswan) on the same Mac. After a short debugging session and successful connection from my iPhone via 4G, we were quite certain that the server side setup was correct and my Mac or network infrastructure was to blame. The connection still didn’t work after verifying the pre-shared secret, username and password. The VPN is not something I use very often, and I wasn’t really surprised that it didn’t work when I needed it last week. To be able to access some specific resources in our company network from outside, we’ve been running a L2TP over IPSec VPN for a while. I’ll describe in this blog post a specific issue I had when trying to connect to our company VPN from my Macbook Pro running macOS Big Sur, and how I was able to work around the issue, hoping that the information will be useful for somebody or at least helps to fix their issue. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |