Hello,
I have MAC OS X Sierra as an IPSec client and when I configured IPSec server on IPFire I found that it was being disconnected every 480 sec due to a failed rekey attempt from Mac OS, which happened with the configuration proposed in the text of the wiki.
According to the apple developers, a change in the ESP grouptype was required ( http://www.openradar.appspot.com/29821241 ). When I tested the IPSec suggested configuration everything worked well. Therefore I changed the text of the wiki to reflect the issue. I also fixed a non matching parenthesis.
Here is the diff:
https://wiki.ipfire.org/configuration/services/ipsec/example_configuration-_...
Feel free to revert the change if you believe it is necessary or to suggest a different wording/place.
Thank you for your time -- Carlo Fusco
Sorry, wrong link:
https://wiki.ipfire.org/configuration/services/ipsec/example_configuration-_...
On Thu, Apr 4, 2019 at 6:21 PM Carlo Fusco fusco.carlo@gmail.com wrote:
Hello,
I have MAC OS X Sierra as an IPSec client and when I configured IPSec server on IPFire I found that it was being disconnected every 480 sec due to a failed rekey attempt from Mac OS, which happened with the configuration proposed in the text of the wiki.
According to the apple developers, a change in the ESP grouptype was required ( http://www.openradar.appspot.com/29821241 ). When I tested the IPSec suggested configuration everything worked well. Therefore I changed the text of the wiki to reflect the issue. I also fixed a non matching parenthesis.
Here is the diff:
https://wiki.ipfire.org/configuration/services/ipsec/example_configuration-_...
Feel free to revert the change if you believe it is necessary or to suggest a different wording/place.
Thank you for your time
Carlo Fusco
Carlo,
Just to confirm, have you put this text into the ipsec.user.conf file and restarted IPSec?
conn CONNECTION_NAME leftsendcert=always leftallowany=yes rightdns=10.100.2.1 rekey=no reauth=no
Specifically, the rekey and reauth portions.
I assume yes, but want to double-check.
Tom
On 04/04/2019 12:21 PM, Carlo Fusco wrote:
Hello,
I have MAC OS X Sierra as an IPSec client and when I configured IPSec server on IPFire I found that it was being disconnected every 480 sec due to a failed rekey attempt from Mac OS, which happened with the configuration proposed in the text of the wiki.
According to the apple developers, a change in the ESP grouptype was required ( http://www.openradar.appspot.com/29821241 ). When I tested the IPSec suggested configuration everything worked well. Therefore I changed the text of the wiki to reflect the issue. I also fixed a non matching parenthesis.
Here is the diff:
https://wiki.ipfire.org/configuration/services/ipsec/example_configuration-_...
Feel free to revert the change if you believe it is necessary or to suggest a different wording/place.
Thank you for your time
Carlo Fusco _______________________________________________ Documentation mailing list Documentation@lists.ipfire.org https://lists.ipfire.org/mailman/listinfo/documentation
documentation@lists.ipfire.org
-
Carlo Fusco -
Tom Rymes