Поднял на роутере L2TP/IPSec VPN сервер. Попробовал подсоединиться с мобильного Android телефона - все работает. Пробую с макбука (macOS Big Sur, 11.4) - соединиться не получается, хотя в логах роутера видно, что происходит попытка, которая заканчивается ошибкой:
Сен 6 13:21:32
ipsec
14[IKE] received NAT-T (RFC 3947) vendor ID
Сен 6 13:21:32
ipsec
14[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
Сен 6 13:21:32
ipsec
14[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
Сен 6 13:21:32
ipsec
14[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
Сен 6 13:21:32
ipsec
14[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
Сен 6 13:21:32
ipsec
14[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
Сен 6 13:21:32
ipsec
14[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
Сен 6 13:21:32
ipsec
14[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Сен 6 13:21:32
ipsec
14[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Сен 6 13:21:32
ipsec
14[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Сен 6 13:21:32
ipsec
14[IKE] received FRAGMENTATION vendor ID
Сен 6 13:21:32
ipsec
14[IKE] received DPD vendor ID
Сен 6 13:21:32
ipsec
14[IKE] XXX.XXX.X.XXX is initiating a Main Mode IKE_SA
Сен 6 13:21:32
ipsec
14[CFG] received proposals: IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC=256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC=256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536, IKE:AES_CBC=256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC=256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC=128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC=128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Сен 6 13:21:32
ipsec
14[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_768, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_384, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_768, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_384, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/ECP_256, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_768, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384, IKE:DES_CBC/HMAC_SHA1_96/PRF [...]
Сен 6 13:21:32
ipsec
14[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Сен 6 13:21:32
ipsec
14[IKE] sending XAuth vendor ID
Сен 6 13:21:32
ipsec
14[IKE] sending DPD vendor ID
Сен 6 13:21:32
ipsec
14[IKE] sending FRAGMENTATION vendor ID
Сен 6 13:21:32
ipsec
14[IKE] sending NAT-T (RFC 3947) vendor ID
Сен 6 13:21:32
ipsec
08[IKE] remote host is behind NAT
Сен 6 13:21:32
ipsec
08[IKE] linked key for crypto map '(unnamed)' is not found, still searching
Сен 6 13:21:32
ipsec
12[IKE] message parsing failed
Сен 6 13:21:32
ipsec
12[IKE] ID_PROT request with message ID 0 processing failed
Сен 6 13:21:36
ipsec
10[IKE] message parsing failed
Сен 6 13:21:36
ipsec
10[IKE] ID_PROT request with message ID 0 processing failed
Сен 6 13:21:39
ipsec
12[IKE] message parsing failed
Сен 6 13:21:39
ipsec
12[IKE] ID_PROT request with message ID 0 processing failed
Сен 6 13:21:42
ipsec
11[IKE] message parsing failed
Сен 6 13:21:42
ipsec
11[IKE] ID_PROT request with message ID 0 processing failed
Сен 6 13:21:55
ipsec
12[IKE] message parsing failed
Сен 6 13:21:55
ipsec
12[IKE] ID_PROT request with message ID 0 processing failed
Попробовал погуглить похожую проблему.
Нашел Configuring L2TP VPN to use with iOS 14 and macOS Big Sur
Где пишут о проблеме подсоединения к L2TP VPN после обновления macOS:
То же самое пишет сам Apple: Configuring L2TP VPN servers to work with iOS 14 and macOS Big Sur client devices
В качестве решения предлагается отредактиворовать /etc/ipsec.conf и поменять sha2-truncbug=yes на sha2-truncbug=no
Можно ли такое провернуть на роутере Keenetic? Кто-нибудь сталкивался с подобным?