[strongSwan] OS X IPSec/L2TP and strongSwan results in INVALID_HASH_INFORMATION
Mohit Mehta
mohit.mehta at vyatta.com
Fri Dec 3 18:28:51 CET 2010
I can confirm that this has been reported by windows users as well. Pasting link below that has the detailed conversation to help debug this :
http://www.vyatta.org/forum/viewtopic.php?p=48296#48296
----- Original Message -----
> Hi,
>
> Ok, next issue :). I'm trying to setup an OS X client IPSec/L2TP
> connection to strongSwan 4.5.0.
>
> The strongSwan server and the OS X client are both behind a NAT. I
> managed to find the configuration to get the tunnel establishment to
> pass phase 1 but it fails in phase 2. The OS X client (raccoon) fails
> to match its computed HASH(2) with strongSwan's hash passed with the
> STATE_QUICK_R0 message. I've attached the strongSwan debug traces and
> raccoon debug traces to this email. Any ideas why raccoon and
> strongSwan don't agree on the hash value?
>
> Someone reported a similar issue last month and indicated that things
> were working when the strongSwan server was NOT behind a NAT but
> failed when it was behind a NAT.
>
> Here's the config I'm using:
>
> conn rw
> esp=aes128-sha1 ike=aes128-sha-modp1024
> keyexchange=ikev1 keyingtries=3
> type=transport left=%defaultroute
> leftsubnet=aa.aa.aa.aa/32 leftprotoport=17/1701
> right=%any rightprotoport=17/%any
> rightsubnetwithin=0.0.0.0/0 authby=psk
> pfs=no compress=no
> auto=add
>
> Cheers,
> Benoit.
>
>
> _______________________________________________ Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list