<div dir="ltr">Please can you provide:<div>- log with default loglevel set to 2, showing start of both iPhones connection</div><div>- output of command "strongswan statusall" at the time both iphone are connected</div><div>- route table and iptables rules (tables filter, nat, mangle)</div><div><br></div><div>I believe this question would be next time better fit for users list and even might get answered quicker there.</div><div><br></div><div>Miroslav</div><br>On Thursday, April 23, 2015 at 4:40:15 PM UTC+2, Andrew Foss wrote:<blockquote class="gmail_quote" style="margin: 0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;">I am bringing up an ipsec server for our ios users and suspect my "left" 
<br>parameters aren't quite right, but so far my changes have made it not 
<br>work at all and I am not fully understanding the descriptions. I am 
<br>running 5.3.0, our ifupdown scripts open iptables rules to allow access 
<br>to dns and the servers.
<br>
<br>What is see is first device on a network connects and works fine. Second 
<br>device connects and neither works, second device gets disconnected, as 
<br>if the routing/nat handling is sending packets down the wrong tunnel.
<br>
<br>Here's my config, I suspect leftsubnet should be 0/0, these are just 
<br>devices connecting for themselves, not another vpn gateway connecting a 
<br>network. Any pointers?
<br>
<br>conn ios
<br>     keyexchange=ikev1
<br>     #esp=null-sha1!
<br>     authby=xauthrsasig
<br>     xauth=server
<br>     left=%defaultroute
<br>     leftsubnet=<a href="http://0.0.0.0/0" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return true;">0.0.0.0/0</a>
<br>     #leftsubnet=<a href="http://10.66.0.0/16" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.66.0.0%2F16\46sa\75D\46sntz\0751\46usg\75AFQjCNEMJumeZ0UqAnw7BMyrz8ElApXIhg';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.66.0.0%2F16\46sa\75D\46sntz\0751\46usg\75AFQjCNEMJumeZ0UqAnw7BMyrz8ElApXIhg';return true;">10.66.0.0/16</a>
<br>     #leftfirewall=yes
<br>     leftupdown=/opt/actmobile/<wbr>accelerator/actmobile_ipsec_<wbr>updown
<br>     leftcert=serverCert.pem
<br>     right=%any
<br>     rightsourceip=<a href="http://10.0.0.0/16" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.0.0.0%2F16\46sa\75D\46sntz\0751\46usg\75AFQjCNFYf0sJ06fFYbxnJsEZFQ2eBWv5ng';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.0.0.0%2F16\46sa\75D\46sntz\0751\46usg\75AFQjCNFYf0sJ06fFYbxnJsEZFQ2eBWv5ng';return true;">10.0.0.0/16</a>
<br>     #rightsourceip=<a href="http://10.100.255.0/28" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.100.255.0%2F28\46sa\75D\46sntz\0751\46usg\75AFQjCNHiOlcWLxoVFW9PFirg_-1XKvs26A';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.100.255.0%2F28\46sa\75D\46sntz\0751\46usg\75AFQjCNHiOlcWLxoVFW9PFirg_-1XKvs26A';return true;">10.100.255.0/<wbr>28</a>
<br>     #rightcert=clientCert.pem
<br>     #pfs=no
<br>     auto=start
<br>     rekey=yes
<br>     fragmentation=yes
<br>     lifetime=24h
<br>     dpddelay=0
<br>     dpdtimeout=24h
<br>actmobile@accel:~-u
<br>
<br>thanks,
<br>andrew
<br>______________________________<wbr>_________________
<br>Dev mailing list
<br><a href="mailto:Dev@lists.strongswan.org" target="_blank" rel="nofollow" onmousedown="this.href='mailto:Dev@lists.strongswan.org';return true;" onclick="this.href='mailto:Dev@lists.strongswan.org';return true;">Dev@lists.strongswan.org</a>
<br><a href="https://lists.strongswan.org/mailman/listinfo/dev" target="_blank" rel="nofollow" onmousedown="this.href='https://www.google.com/url?q\75https%3A%2F%2Flists.strongswan.org%2Fmailman%2Flistinfo%2Fdev\46sa\75D\46sntz\0751\46usg\75AFQjCNEpF7nDtcPxmX4p2hKudljFb7L7xg';return true;" onclick="this.href='https://www.google.com/url?q\75https%3A%2F%2Flists.strongswan.org%2Fmailman%2Flistinfo%2Fdev\46sa\75D\46sntz\0751\46usg\75AFQjCNEpF7nDtcPxmX4p2hKudljFb7L7xg';return true;">https://lists.strongswan.org/<wbr>mailman/listinfo/dev</a>
<br></blockquote></div>