<html><body bgcolor="#FFFFFF"><div><blockquote type="cite" style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); font-size: medium; "><span class="Apple-style-span" style="font-family: Times; -webkit-tap-highlight-color: rgba(26, 26, 26, 0.292969); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); font-size: medium; "><pre>On 03/27/2011 04:06 AM, Dan Deming wrote:

><i> Hello,

</i>><i>

</i>><i> I'm trying to get a strongswan VPN set up so I can connect my iPhone

</i>><i> to my Ubuntu Lucid Lynx desktop, but I can't seem to get it

</i>><i> working and would appreciate any help anyone can give me.

</i>><i>

</i>><i> I feel like I'm close, but networking is not one of my

</i>><i> strong suits, so the whole leftnexthop, rightprotoport

</i>><i> thing is pretty confusing to me.

</i>><i>

</i>><i> I've been generally following the directions on these 3

</i>><i> pages:

</i>><i>

</i>><i> <a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"></a><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"></a><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/">http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/</a></a>

</i>><i> <a href="https://lists.strongswan.org/pipermail/users/2009-March/003291.html"></a><a href="https://lists.strongswan.org/pipermail/users/2009-March/003291.html"></a><a href="https://lists.strongswan.org/pipermail/users/2009-March/003291.html"><a href="https://lists.strongswan.org/pipermail/users/2009-March/003291.html">https://lists.strongswan.org/pipermail/users/2009-March/003291.html</a></a>

</i>><i> <a href="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html"></a><a href="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html"></a><a href="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html"><a href="http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html">http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html</a></a>

</i>><i>

</i>><i> Currently, I'm getting the following error:

</i>><i>

</i>><i> cannot respond to IPsec SA request because no connection is known for 

</i>><i> 53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===<a href="tel:192.168.1.12/32" x-apple-data-detectors="true">192.168.1.12/32</a> 

</i>><i> <<a href="http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32"></a><a href="http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32"></a><a href="http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32"><a href="http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32">http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32</a></a>>

</i>><i>

</i>><i> Here are the stats on what I'm running:

</i>><i>

</i>><i> Ubuntu Desktop:

</i>><i>  * Internal IP address is 192.168.1.10

</i>><i>  * Running custom compiled version of strongswan-4.3.2 with 

</i>><i> --enable-nat-transport option enabled

</i>><i>  * Running xl2tpd

</i>><i>  * Both were set up by following 

</i>><i> <a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"></a><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"></a><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/"><a href="http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/">http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/</a></a>

</i>><i>  * Firewall was off while I was trying to get this working

</i>><i>

</i>><i> Linksys E3000 router:

</i>><i>  * Internal IP address is 192.168.1.1

</i>><i>  * Comcast IP address is 53.74.66.108 (not my actual IP, but you get 

</i>><i> the idea)

</i>><i>  * NAT Enabled

</i>><i>  * VPN Passthrough Enabled

</i>><i>  * Ports 4500 and 1701 forwarded to 192.168.1.10

</i>><i>

</i>><i> iPhone 3GS:

</i>><i>  * I guess the IP for this device is 166.121.15.14? (Again, I changed 

</i>><i> it in the log below)

</i>><i>

</i>><i> Here is my ipsec.conf:

</i>><i>

</i>><i> config setup

</i>><i>     nat_traversal=yes

</i>><i>     charonstart=yes

</i>><i>     plutostart=yes

</i>><i>

</i>><i> conn L2TP

</i>><i>         authby=psk

</i>><i>         pfs=no

</i>><i>         rekey=no

</i>><i>         type=tunnel

</i>><i>         esp=aes128-sha1

</i>><i>         ike=aes128-sha-modp1024

</i>><i>         left=<a href="tel:192.168.1.10" x-apple-data-detectors="true">192.168.1.10</a>

</i>><i>         leftnexthop=%defaultroute

</i>><i>         #leftprotoport=17/%any

</i>><i>         leftprotoport=17/1701

</i>><i>         right=%any

</i>><i>         rightprotoport=17/%any

</i>><i>         #rightsubnetwithin=<a href="tel:10.0.0.0/8" x-apple-data-detectors="true">10.0.0.0/8</a> <<a href="http://10.0.0.0/8"></a><a href="http://10.0.0.0/8"></a><a href="http://10.0.0.0/8"><a href="http://10.0.0.0/8">http://10.0.0.0/8</a></a>>

</i>><i>         auto=add

</i>><i>

</i>><i> And here are the errors I see:

</i>><i>

</i>><i> Mar 26 15:41:11 ubuntu-desktop pluto[8372]: added connection 

</i>><i> description "L2TP"

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: received Vendor ID 

</i>><i> payload [RFC 3947]

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID 

</i>><i> payload [4df37928e9fc4fd1b3262170d515c662]

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID 

</i>><i> payload [8f8d83826d246b6fc7a8a6a428c11de8]

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID 

</i>><i> payload [439b59f8ba676c4c7737ae22eab8f582]

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID 

</i>><i> payload [4d1e0e136deafa34c4f3ea9f02ec7285]

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID 

</i>><i> payload [80d0bb3def54565ee84645d4c85ce3ee]

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID 

</i>><i> payload [9909b64eed937c6573de52ace952fa6b]

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID 

</i>><i> payload [draft-ietf-ipsec-nat-t-ike-03]

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID 

</i>><i> payload [draft-ietf-ipsec-nat-t-ike-02]

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: ignoring Vendor ID 

</i>><i> payload [draft-ietf-ipsec-nat-t-ike-02_n]

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: packet from 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>: received Vendor ID 

</i>><i> payload [Dead Peer Detection]

</i>><i> Mar 26 15:41:51 ubuntu-desktop pluto[8372]: "L2TP"[1] 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>> #1: responding to 

</i>><i> Main Mode from unknown peer 166.121.15.14:15873 

</i>><i> <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>>

</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[1] 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>> #1: NAT-Traversal: 

</i>><i> Result using RFC 3947: both are NATed

</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[1] 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>> #1: ignoring 

</i>><i> informational payload, type IPSEC_INITIAL_CONTACT

</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[1] 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>> #1: Peer ID is 

</i>><i> ID_IPV4_ADDR: '<a href="tel:10.70.21.33" x-apple-data-detectors="true">10.70.21.33</a>'

</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[2] 

</i>><i> 166.121.15.14:15873 <<a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873/"></a><a href="http://166.121.15.14:15873"><a href="http://166.121.15.14:15873">http://166.121.15.14:15873</a></a>> #1: deleting 

</i>><i> connection "L2TP" instance with peer 166.121.15.14 {isakmp=#0/ipsec=#0}

</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: | NAT-T: new mapping 

</i>><i> 166.121.15.14:<a href="tel:15873/15893" x-apple-data-detectors="true">15873/15893</a> <<a href="http://166.121.15.14:15873/15893"></a><a href="http://166.121.15.14:15873/15893"></a><a href="http://166.121.15.14:15873/15893"><a href="http://166.121.15.14:15873/15893">http://166.121.15.14:15873/15893</a></a>>)

</i>><i> Mar 26 15:41:52 ubuntu-desktop pluto[8372]: "L2TP"[2] 

</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: sent MR3, ISAKMP 

</i>><i> SA established

</i>><i> Mar 26 15:41:53 ubuntu-desktop pluto[8372]: "L2TP"[2] 

</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: cannot respond to 

</i>><i> IPsec SA request because no connection is known for 

</i>><i> 53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===<a href="tel:10.70.21.33/32" x-apple-data-detectors="true">10.70.21.33/32</a> 

</i>><i> <<a href="http://53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32"></a><a href="http://53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32"></a><a href="http://53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32"><a href="http://53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32">http://53.74.66.108/32===192.168.1.10:4500:17/%any...166.121.15.14:15893[10.70.21.33]:17/%any===10.70.21.33/32</a></a>>

</i>><i> Mar 26 15:41:53 ubuntu-desktop pluto[8372]: "L2TP"[2] 

</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: sending encrypted 

</i>><i> notification INVALID_ID_INFORMATION to 166.121.15.14:15893 

</i>><i> <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>>

</i>><i> Mar 26 15:41:56 ubuntu-desktop pluto[8372]: "L2TP"[2] 

</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: Quick Mode I1 

</i>><i> message is unacceptable because it uses a previously used Message ID 

</i>><i> 0xab4fb5b4 (perhaps this is a duplicated packet)

</i>><i> Mar 26 15:41:56 ubuntu-desktop pluto[8372]: "L2TP"[2] 

</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: sending encrypted 

</i>><i> notification INVALID_MESSAGE_ID to 166.121.15.14:15893 

</i>><i> <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>>

</i>><i> Mar 26 15:41:59 ubuntu-desktop pluto[8372]: "L2TP"[2] 

</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: Quick Mode I1 

</i>><i> message is unacceptable because it uses a previously used Message ID 

</i>><i> 0xab4fb5b4 (perhaps this is a duplicated packet)

</i>><i> Mar 26 15:41:59 ubuntu-desktop pluto[8372]: "L2TP"[2] 

</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: sending encrypted 

</i>><i> notification INVALID_MESSAGE_ID to 166.121.15.14:15893 

</i>><i> <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>>

</i>><i> Mar 26 15:42:03 ubuntu-desktop pluto[8372]: "L2TP"[2] 

</i>><i> 166.121.15.14:15893 <<a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893/"></a><a href="http://166.121.15.14:15893"><a href="http://166.121.15.14:15893">http://166.121.15.14:15893</a></a>> #1: Quick Mode I1 

</i>><i> message is unacceptable because it uses a previously used Message ID 

</i>><i> Mar 26 Mar 26 15:42:05 ubuntu-desktop pluto[8372]: ERROR: asynchronous 

</i>><i> network error report on eth0 for message to 166.121.15.14 port 15893, 

</i>><i> complainant 166.121.15.14 <<a href="http://166.121.15.14/"></a><a href="http://166.121.15.14/"></a><a href="http://166.121.15.14"><a href="http://166.121.15.14">http://166.121.15.14</a></a>>: Connection refused 

</i>><i> [errno 111, origin ICMP type 3 code 3 (not authenticated)]

</i>><i>

</i>><i>

</i>><i> _______________________________________________

</i>><i> Users mailing list

</i>><i> <a href="https://lists.strongswan.org/mailman/listinfo/users">Users at </a><a href="http://lists.strongswan.org/"></a><a href="http://lists.strongswan.org"><a href="http://lists.strongswan.org">lists.strongswan.org</a></a>

</i>><i> <a href="https://lists.strongswan.org/mailman/listinfo/users"></a><a href="https://lists.strongswan.org/mailman/listinfo/users"></a><a href="https://lists.strongswan.org/mailman/listinfo/users"><a href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a></a>

</i>Hi Dan,

It looks like your connection cannot be matched right. I'm a newby so 

may advices may be misleading, but you can try a two more configuration 

for your ipsec.conf ( one at a time)

ipsec.conf of openswan/debian:

config setup

        nat_traversal=yes

        charonstart=yes

        plutostart=yes

conn L2TP-PSK-NAT-OSX

         authby=secret

         forceencaps=yes

         pfs=no

         auto=add

         keyingtries=3

         dpdtimeout=60

         dpdaction=clear

         rekey=no

         left=%defaultroute

         leftprotoport=17/1701

         right=%any

         rightprotoport=17/%any

         rightsubnet=vhost:%priv,%no

or

conn %default

        nat_traversal=yes

        charonstart=yes

        plutostart=yes

         forceencaps=yes

         dpddelay=10

         dpdtimeout=60

         dpdaction=clear

         auto=add

conn L2TP-PSK-NAT

          rightsubnet=vhost:%priv

          also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT

          authby=secret

          pfs=no

          auto=add

          keyingtries=3

          rekey=no

          ikelifetime=8h

          keylife=1h

          type=transport

          left=<a href="tel:192.168.1.10" x-apple-data-detectors="true">192.168.1.10</a>

         leftprotoport=17/1701

          leftnexthop=<a href="tel:53.74.66.108" x-apple-data-detectors="true">53.74.66.108</a> ( or whatever pub IP you have)

          rightnexthop=%defaultroute

          right=%any

          rightprotoport=17/%any

if you get any errors for some of the options , just comment them.

make sure that xl2tpd is running and listening on port 1701, and ipsec(pluto or charon I'm not shure) are listenning on port 500,4500,

you can check with #netstat -lpna

and if still is not working paste #tcpdump proto UDP , and the same output log that you include in fur firs mail

You better disable port forward 1701 on your router, only VPN pass-trough and if does not work correctly then enable forward UDP 500, 4500 to

192.168.1.10,

Also #iptables -L will be useful but not necessary .

Recently I had problems with IPhone connecting to Ubuntu box, second time, because tunnel cannot be disconnected, but you are not there yet ;) I sow fix for that in strongswan 4.5.1.

Regards

Martin

-------------- next part --------------

An HTML attachment was scrubbed...

URL: <a href="http://lists.strongswan.org/pipermail/users/attachments/20110328/18cac209/attachment-0001.html"></a><a href="http://lists.strongswan.org/pipermail/users/attachments/20110328/18cac209/attachment-0001.html"></a><a href="http://lists.strongswan.org/pipermail/users/attachments/20110328/18cac209/attachment-0001.html"><a href="http://lists.strongswan.org/pipermail/users/attachments/20110328/18cac209/attachment-0001.html">http://lists.strongswan.org/pipermail/users/attachments/20110328/18cac209/attachment-0001.html</a></a> 

</pre></span></blockquote><div style="-webkit-tap-highlight-color: rgba(26, 26, 26, 0.296875); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); font-size: medium; "><span class="Apple-style-span" style="font-family: Times; -webkit-tap-highlight-color: rgba(26, 26, 26, 0.292969); -webkit-composition-fill-color: rgba(175, 192, 227, 0.230469); -webkit-composition-frame-color: rgba(77, 128, 180, 0.230469); font-size: medium; "><pre>Hi, </pre><pre>I tried the very same with my Ipad and I hat the wall, the NAT firewall, to be more precise.</pre><pre>My settings worked well via WLAN even into a NATed VM but as soon as I tried to connect from the outside I ran into the same error.</pre><pre>The problem sems to be caused by the fact that the IPAD is NATed as well with a dynamic IP adrees. Two NATed dynamic IP addresses seems to be more than strongswan can handle.</pre><pre>There's been another posting on that this month asking whether this is a bug or a feature. It's a pity that it doesn't work because I would love to be able to access my home network with my Ipad in a safer way.</pre><pre>I hope I didn't discourage you, please keep trying if you have the time and energy. I'd be happy to know if there is a solution to that.</pre><pre>Somewhere I read that Openswan may do the trick. Did you try that one?</pre><pre>Cheers</pre><pre>Uli</pre></span></div><div></div></div><div></div></body></html>