StackOverflow mods told me to move this post to here.
I have StrongSwan 5.6.2 running on an Amazon instance, IKEv2+EAP.
It works fine on my laptop, a macbook pro with the latest OS (BigSur 11.6).
It doesn’t work on my iPhone, also up to date. It fails to authenticate, but it does connect to the VPN.
When I examine journalctl, I can see the VPN server authenticating the itself with RSA and sending back the “end entity cert”. Then things diverge.
THey are the same up to this:
Oct 25 13:41:25 ip-xx ipsec[27857]: 08[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/MSCHAPV2 ]
Oct 25 13:41:25 ip-xx ipsec[27857]: 08[ENC] splitting IKE message with length of 2064 bytes into 2 fragments
Oct 25 13:41:25 ip-xx ipsec[27857]: 08[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
Oct 25 13:41:25 ip-xx ipsec[27857]: 08[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
Oct 25 13:41:25 ip-xx ipsec[27857]: 08[NET] sending packet: from xx[xx] to xx[xx] (1236 bytes)
Oct 25 13:41:25 ip-xx ipsec[27857]: 08[NET] sending packet: from xx[x] to xx[xx] (900 bytes)
The iphone log stops here, but the laptop log shows it receives a packet and then proceeds to parse IKE_AUTH response 2.
How do I get insight into why my phone isn’t responding with the next step?