настроил на сервере ipsec strongSwan, конфигурация сейчас такая
config setup
conn %default
esp = aes-aes256-sha-modp1024,aes256-sha512-modp4096
ike = aes-aes256-sha-modp1024,aes256-sha512-modp4096
dpdaction = clear
dpddelay = 35s
dpdtimeout = 2000s
fragmentation = yes
rekey = no
left = %any
leftfirewall = yes
leftsubnet = 0.0.0.0/0
leftcert = vpn.crt
leftsendcert = always
right = %any
rightsourceip = 192.168.200.0/24
rightdns = 8.8.8.8,8.8.4.4
eap_identity = %identity
# IKEv2
conn IPSec-IKEv2
keyexchange = ikev2
auto = add
# BlackBerry, Windows, Android
conn IPSec-IKEv2-EAP
also = "IPSec-IKEv2"
rightauth = eap-mschapv2
# macOS, iOS
conn IKEv2-MSCHAPv2-Apple
also = "IPSec-IKEv2"
ike = aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024!
esp = aes256-sha256,3des-sha1,aes256-sha1!
rightauth = eap-mschapv2
leftid = "hostname vpn server"
# Android IPsec Hybrid RSA
conn IKEv1-Xauth
keyexchange=ikev1
rightauth=xauth
auto=add
hostname vpn server - мой сервер при подключении через windows и android все работает хорошо, но при подключении через MacOS или iphone не подключается, идет соединении и потом обрывается, в логе вот такое
Nov 8 19:41:37 vpn charon: 09[NET] received packet: from 82.**.**.**[500] to 176.**.**.**[500] (604 bytes)
Nov 8 19:41:37 vpn charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N((16430)) ]
Nov 8 19:41:37 vpn charon: 09[IKE] 82.**.**.** is initiating an IKE_SA
Nov 8 19:41:37 vpn charon: 09[IKE] remote host is behind NAT
Nov 8 19:41:37 vpn charon: 09[IKE] DH group MODP_2048 inacceptable, requesting MODP_1024
Nov 8 19:41:37 vpn charon: 09[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Nov 8 19:41:37 vpn charon: 09[NET] sending packet: from 176.**.**.**[500] to 82.**.**.**[500] (38 bytes)
Nov 8 19:41:37 vpn charon: 11[NET] received packet: from 82.**.**.**[500] to 176.**.**.**[500] (476 bytes)
Nov 8 19:41:37 vpn charon: 11[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N((16430)) ]
Nov 8 19:41:37 vpn charon: 11[IKE] 82.**.**.** is initiating an IKE_SA
Nov 8 19:41:37 vpn charon: 11[IKE] remote host is behind NAT
Nov 8 19:41:37 vpn charon: 11[IKE] sending cert request for "CN=vpn.example.com"
Nov 8 19:41:37 vpn charon: 11[IKE] sending cert request for "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=vpn"
Nov 8 19:41:37 vpn charon: 11[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"
Nov 8 19:41:37 vpn charon: 11[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Nov 8 19:41:37 vpn charon: 11[NET] sending packet: from 176.**.**.**[500] to 82.**.**.**[500] (377 bytes)
Nov 8 19:41:37 vpn charon: 14[NET] received packet: from 82.**.**.**[4500] to 176.**.**.**[4500] (508 bytes)
Nov 8 19:41:37 vpn charon: 14[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
Nov 8 19:41:37 vpn charon: 14[CFG] looking for peer configs matching 176.**.**.**[vpn.example.com]...82.**.**.**[vadim]
Nov 8 19:41:37 vpn charon: 14[CFG] selected peer config 'IKEv2-MSCHAPv2-Apple'
Nov 8 19:41:37 vpn charon: 14[IKE] initiating EAP_IDENTITY method (id 0x00)
Nov 8 19:41:37 vpn charon: 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Nov 8 19:41:37 vpn charon: 14[IKE] peer supports MOBIKE
Nov 8 19:41:37 vpn charon: 14[IKE] authentication of 'vpn.example.com' (myself) with RSA signature successful
Nov 8 19:41:37 vpn charon: 14[IKE] sending end entity cert "CN=vpn.example.com"
Nov 8 19:41:37 vpn charon: 14[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Nov 8 19:41:37 vpn charon: 14[NET] sending packet: from 176.**.**.**[4500] to 82.**.**.**[4500] (1276 bytes)