<html><body bgcolor="#FFFFFF"><div><blockquote type="cite" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); font-size: medium; "><span class="Apple-style-span" style="font-family: Times; -webkit-tap-highlight-color: rgba(26, 26, 26, 0.292969); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); font-size: medium; "><pre>On 03/27/2011 04:06 AM, Dan Deming wrote:
><i> Hello,
</i>><i>
</i>><i> I'm trying to get a strongswan VPN set up so I can connect my iPhone
</i>><i> to my Ubuntu Lucid Lynx desktop, but I can't seem to get it
</i>><i> working and would appreciate any help anyone can give me.
</i>><i>
</i>><i> I feel like I'm close, but networking is not one of my
</i>><i> strong suits, so the whole leftnexthop, rightprotoport
</i>><i> thing is pretty confusing to me.
</i>><i>
</i>><i> I've been generally following the directions on these 3
</i>><i> pages:
</i>><i>
</i>><i> <a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"></a><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"></a><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/">http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/</a></a>
</i>><i> <a href="https://lists.strongswan.org/pipermail/users/2009-March/003291.html"></a><a href="https://lists.strongswan.org/pipermail/users/2009-March/003291.html"></a><a href="https://lists.strongswan.org/pipermail/users/2009-March/003291.html"><a href="https://lists.strongswan.org/pipermail/users/2009-March/003291.html">https://lists.strongswan.org/pipermail/users/2009-March/003291.html</a></a>
</i>><i> <a href="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html"></a><a href="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html"></a><a href="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html"><a href="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html">http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html</a></a>
</i>><i>
</i>><i> Currently, I'm getting the following error:
</i>><i>
</i>><i> cannot respond to IPsec SA request because no connection is known for
</i>><i> 53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===<a href="tel:192.168.1.12/32" x-apple-data-detectors="true">192.168.1.12/32</a>
</i>><i> <<a href="http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32"></a><a href="http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32"></a><a href="http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32"><a href="http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32">http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32</a></a>>
</i>><i>
</i>><i> Here are the stats on what I'm running:
</i>><i>
</i>><i> Ubuntu Desktop:
</i>><i> * Internal IP address is 192.168.1.10
</i>><i> * Running custom compiled version of strongswan-4.3.2 with
</i>><i> --enable-nat-transport option enabled
</i>><i> * Running xl2tpd
</i>><i> * Both were set up by following
</i>><i> <a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"></a><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"></a><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/">http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/</a></a>
</i>><i> * Firewall was off while I was trying to get this working
</i>><i>
</i>><i> Linksys E3000 router:
</i>><i> * Internal IP address is 192.168.1.1
</i>><i> * Comcast IP address is 53.74.66.108 (not my actual IP, but you get
</i>><i> the idea)
</i>><i> * NAT Enabled
</i>><i> * VPN Passthrough Enabled
</i>><i> * Ports 4500 and 1701 forwarded to 192.168.1.10
</i>><i>
</i>><i> iPhone 3GS:
</i>><i> * I guess the IP for this device is 166.121.15.14? (Again, I changed
</i>><i> it in the log below)
</i>><i>
</i>><i> Here is my ipsec.conf:
</i>><i>
</i>><i> config setup
</i>><i> nat_traversal=yes
</i>><i> charonstart=yes
</i>><i> plutostart=yes
</i>><i>
</i>><i> conn L2TP
</i>><i> authby=psk
</i>><i> pfs=no
</i>><i> rekey=no
</i>><i> type=tunnel
</i>><i> esp=aes128-sha1
</i>><i> ike=aes128-sha-modp1024
</i>><i> left=<a href="tel:192.168.1.10" x-apple-data-detectors="true">192.168.1.10</a>
</i>><i> leftnexthop=%defaultroute
</i>><i> #leftprotoport=17/%any
</i>><i> leftprotoport=17/1701
</i>><i> right=%any
</i>><i> rightprotoport=17/%any
</i>><i> #rightsubnetwithin=<a href="tel:10.0.0.0/8" x-apple-data-detectors="true">10.0.0.0/8</a> <<a href="http://10.0.0.0/8"></a><a href="http://10.0.0.0/8"></a><a href="http://10.0.0.0/8"><a href="http://10.0.0.0/8">http://10.0.0.0/8</a></a>>
</i>><i> auto=add
</i>><i>
</i>><i> And here are the errors I see:
</i>><i>
</i>><i> Mar 26 15:41:11 ubuntu-desktop pluto[8372]: added connection
</i>><i> description "L2TP"
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: received Vendor ID
</i>><i> payload [RFC 3947]
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID
</i>><i> payload [4df37928e9fc4fd1b3262170d515c662]
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID
</i>><i> payload [8f8d83826d246b6fc7a8a6a428c11de8]
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID
</i>><i> payload [439b59f8ba676c4c7737ae22eab8f582]
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID
</i>><i> payload [4d1e0e136deafa34c4f3ea9f02ec7285]
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID
</i>><i> payload [80d0bb3def54565ee84645d4c85ce3ee]
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID
</i>><i> payload [9909b64eed937c6573de52ace952fa6b]
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID
</i>><i> payload [draft-ietf-ipsec-nat-t-ike-03]
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID
</i>><i> payload [draft-ietf-ipsec-nat-t-ike-02]
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID
</i>><i> payload [draft-ietf-ipsec-nat-t-ike-02_n]
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: received Vendor ID
</i>><i> payload [Dead Peer Detection]
</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: "L2TP"[1]
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>> #1: responding to
</i>><i> Main Mode from unknown peer 166.121.15.14:15873
</i>><i> <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>
</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[1]
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>> #1: NAT-Traversal:
</i>><i> Result using RFC 3947: both are NATed
</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[1]
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>> #1: ignoring
</i>><i> informational payload, type IPSEC_INITIAL_CONTACT
</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[1]
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>> #1: Peer ID is
</i>><i> ID_IPV4_ADDR: '<a href="tel:10.70.21.33" x-apple-data-detectors="true">10.70.21.33</a>'
</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[2]
</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>> #1: deleting
</i>><i> connection "L2TP" instance with peer 166.121.15.14 {isakmp=#0/ipsec=#0}
</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: | NAT-T: new mapping
</i>><i> 166.121.15.14:<a href="tel:15873/15893" x-apple-data-detectors="true">15873/15893</a> <<a href="http://166.121.15.14:15873/15893"></a><a href="http://166.121.15.14:15873/15893"></a><a href="http://166.121.15.14:15873/15893"><a href="http://166.121.15.14:15873/15893">http://166.121.15.14:15873/15893</a></a>>)
</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[2]
</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: sent MR3, ISAKMP
</i>><i> SA established
</i>><i> Mar 26 15:41:53 ubuntu-desktop pluto[8372]: "L2TP"[2]
</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: cannot respond to
</i>><i> IPsec SA request because no connection is known for
</i>><i> 53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===<a href="tel:10.70.21.33/32" x-apple-data-detectors="true">10.70.21.33/32</a>
</i>><i> <<a href="http://53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32"></a><a href="http://53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32"></a><a href="http://53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32"><a href="http://53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32">http://53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32</a></a>>
</i>><i> Mar 26 15:41:53 ubuntu-desktop pluto[8372]: "L2TP"[2]
</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: sending encrypted
</i>><i> notification INVALID_ID_INFORMATION to 166.121.15.14:15893
</i>><i> <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>>
</i>><i> Mar 26 15:41:56 ubuntu-desktop pluto[8372]: "L2TP"[2]
</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: Quick Mode I1
</i>><i> message is unacceptable because it uses a previously used Message ID
</i>><i> 0xab4fb5b4 (perhaps this is a duplicated packet)
</i>><i> Mar 26 15:41:56 ubuntu-desktop pluto[8372]: "L2TP"[2]
</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: sending encrypted
</i>><i> notification INVALID_MESSAGE_ID to 166.121.15.14:15893
</i>><i> <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>>
</i>><i> Mar 26 15:41:59 ubuntu-desktop pluto[8372]: "L2TP"[2]
</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: Quick Mode I1
</i>><i> message is unacceptable because it uses a previously used Message ID
</i>><i> 0xab4fb5b4 (perhaps this is a duplicated packet)
</i>><i> Mar 26 15:41:59 ubuntu-desktop pluto[8372]: "L2TP"[2]
</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: sending encrypted
</i>><i> notification INVALID_MESSAGE_ID to 166.121.15.14:15893
</i>><i> <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>>
</i>><i> Mar 26 15:42:03 ubuntu-desktop pluto[8372]: "L2TP"[2]
</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: Quick Mode I1
</i>><i> message is unacceptable because it uses a previously used Message ID
</i>><i> Mar 26 Mar 26 15:42:05 ubuntu-desktop pluto[8372]: ERROR: asynchronous
</i>><i> network error report on eth0 for message to 166.121.15.14 port 15893,
</i>><i> complainant 166.121.15.14 <<a href="http://166.121.15.14/"></a><a href="http://166.121.15.14/"></a><a href="http://166.121.15.14"><a href="http://166.121.15.14">http://166.121.15.14</a></a>>: Connection refused
</i>><i> [errno 111, origin ICMP type 3 code 3 (not authenticated)]
</i>><i>
</i>><i>
</i>><i> _______________________________________________
</i>><i> Users mailing list
</i>><i> <a href="https://lists.strongswan.org/mailman/listinfo/users">Users at </a><a href="http://lists.strongswan.org/"></a><a href="http://lists.strongswan.org"><a href="http://lists.strongswan.org">lists.strongswan.org</a></a>
</i>><i> <a href="https://lists.strongswan.org/mailman/listinfo/users"></a><a href="https://lists.strongswan.org/mailman/listinfo/users"></a><a href="https://lists.strongswan.org/mailman/listinfo/users"><a href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a></a>
</i>Hi Dan,
It looks like your connection cannot be matched right. I'm a newby so
may advices may be misleading, but you can try a two more configuration
for your ipsec.conf ( one at a time)
ipsec.conf of openswan/debian:
config setup
nat_traversal=yes
charonstart=yes
plutostart=yes
conn L2TP-PSK-NAT-OSX
authby=secret
forceencaps=yes
pfs=no
auto=add
keyingtries=3
dpdtimeout=60
dpdaction=clear
rekey=no
left=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
or
conn %default
nat_traversal=yes
charonstart=yes
plutostart=yes
forceencaps=yes
dpddelay=10
dpdtimeout=60
dpdaction=clear
auto=add
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=<a href="tel:192.168.1.10" x-apple-data-detectors="true">192.168.1.10</a>
leftprotoport=17/1701
leftnexthop=<a href="tel:53.74.66.108" x-apple-data-detectors="true">53.74.66.108</a> ( or whatever pub IP you have)
rightnexthop=%defaultroute
right=%any
rightprotoport=17/%any
if you get any errors for some of the options , just comment them.
make sure that xl2tpd is running and listening on port 1701, and ipsec(pluto or charon I'm not shure) are listenning on port 500,4500,
you can check with #netstat -lpna
and if still is not working paste #tcpdump proto UDP , and the same output log that you include in fur firs mail
You better disable port forward 1701 on your router, only VPN pass-trough and if does not work correctly then enable forward UDP 500, 4500 to
192.168.1.10,
Also #iptables -L will be useful but not necessary .
Recently I had problems with IPhone connecting to Ubuntu box, second time, because tunnel cannot be disconnected, but you are not there yet ;) I sow fix for that in strongswan 4.5.1.
Regards
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <a href="http://lists.strongswan.org/pipermail/users/attachments/20110328/18cac209/attachment-0001.html"></a><a href="http://lists.strongswan.org/pipermail/users/attachments/20110328/18cac209/attachment-0001.html"></a><a href="http://lists.strongswan.org/pipermail/users/attachments/20110328/18cac209/attachment-0001.html"><a href="http://lists.strongswan.org/pipermail/users/attachments/20110328/18cac209/attachment-0001.html">http://lists.strongswan.org/pipermail/users/attachments/20110328/18cac209/attachment-0001.html</a></a>
</pre></span></blockquote><div style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); font-size: medium; "><span class="Apple-style-span" style="font-family: Times; -webkit-tap-highlight-color: rgba(26, 26, 26, 0.292969); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); font-size: medium; "><pre>Hi, </pre><pre>I tried the very same with my Ipad and I hat the wall, the NAT firewall, to be more precise.</pre><pre>My settings worked well via WLAN even into a NATed VM but as soon as I tried to connect from the outside I ran into the same error.</pre><pre>The problem sems to be caused by the fact that the IPAD is NATed as well with a dynamic IP adrees. Two NATed dynamic IP addresses seems to be more than strongswan can handle.</pre><pre>There's been another posting on that this month asking whether this is a bug or a feature. It's a pity that it doesn't work because I would love to be able to access my home network with my Ipad in a safer way.</pre><pre>I hope I didn't discourage you, please keep trying if you have the time and energy. I'd be happy to know if there is a solution to that.</pre><pre>Somewhere I read that Openswan may do the trick. Did you try that one?</pre><pre>Cheers</pre><pre>Uli</pre></span></div><div></div></div><div></div></body></html>