<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#ffffff">
    <br>
    Am 12.04.2011 16:53, schrieb Benoit Foucher:
    <blockquote
      cite="mid:AE9B5367-DDE3-410A-A145-6EE725E99A6A@bittrap.com"
      type="cite">Hello,
      <div><br>
      </div>
      <div>You'll find more information on this INVALID_HASH_INFORMATION
        in the links I provided earlier on this thread, see at this
        link:
        <div><br>
        </div>
        <div>  <a moz-do-not-send="true"
href="https://lists.strongswan.org/pipermail/users/2011-February/005863.html">https://lists.strongswan.org/pipermail/users/2011-February/005863.html</a><br>
          <div><br>
          </div>
          <div>Basically, it seems the error is caused by a bug in
            raccoon OS X/iOS implementation. </div>
        </div>
      </div>
    </blockquote>
    since iOS 4.3.2 is now released - has anyone tested, if this "racoon
    bug" is fixed now?<br>
    <blockquote
      cite="mid:AE9B5367-DDE3-410A-A145-6EE725E99A6A@bittrap.com"
      type="cite">
      <div>
        <div>
          <div>I was able to get passed it by hacking strongSwan's code
            but ran into another issue. I didn't get further time to
            investigate this or report the raccoon issue to Apple...</div>
          <div><br>
          </div>
          <div>Benoit.</div>
          <div><br>
            <div>
              <div>Le 12 avr. 2011 à 15:41, Florian Wolters a écrit :</div>
              <br class="Apple-interchange-newline">
              <blockquote type="cite">
                <div bgcolor="#FFFFFF">
                  <div>Hello Martin,</div>
                  <div><br>
                  </div>
                  <div>I am currently working on the same problem. The
                    problem seems to ly with strongSwan and the IPad
                    computing hash values on different information. The
                    log of my strongSwan tells me:</div>
                  <div><span class="Apple-style-span"
                      style="font-family: Times;">
                      <pre>--- 8< snip ---
| received encrypted packet from 80.187.98.129:59786
| decrypting 48 bytes using algorithm AES_CBC
| decrypted:
|   0b 00 00 18  b7 1d 29 01  54 a8 d4 3e  34 83 34 7b
|   6e 56 9a d4  ea 41 c4 d8  00 00 00 0c  00 00 00 01
|   01 00 00 17  00 00 00 00  00 00 00 00  00 00 00 0c
| next IV:  73 7b 61 b4  66 c6 c1 60  dc 0c b0 a0  d4 d2 a9 73
| ***parse ISAKMP Hash Payload:
|    next payload type: ISAKMP_NEXT_N
|    length: 24
| ***parse ISAKMP Notification Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    length: 12
|    DOI: ISAKMP_DOI_IPSEC
|    protocol ID: 1
|    SPI size: 0
|    Notify Message Type: INVALID_HASH_INFORMATION
| removing 12 bytes of padding
"iPad_psk"[1] 80.187.98.129:59786 #1: ignoring informational payload,
type INVALID_HASH_INFORMATION
--- 8< snap ---
</pre>
                    </span>In my configuration both the iPad and the
                    strongSwan Server are NATed. The iPad is one of the
                    first edition but with the latest iOS. So NAT does
                    not seems to cause the problem but instead the
                    calculation of hashes. AFAIK there is no
                    configuration option to change this behavior on
                    strongSwan side.</div>
                  <div>Best regards</div>
                  <div><br>
                  </div>
                  <div>   Florian</div>
                  <div><br>
                  </div>
                  <div><br>
                  </div>
                  <div>Von meinem iPad gesendet</div>
                  <div><br>
                    Am 04.04.2011 um 20:23 schrieb Martin Kellermann
                    <<a moz-do-not-send="true"
                      href="mailto:kellermann@sk-datentechnik.com">kellermann@sk-datentechnik.com</a>>:<br>
                    <br>
                  </div>
                  <blockquote type="cite">
                    <div><span>hello andreas,</span><br>
                      <span></span><br>
                      <span>yes, you are right, but this still doesn't
                        solve the problem. i am still </span><br>
                      <span>stuck...</span><br>
                      <span></span><br>
                      <span>reading some current posts on APPLEs
                        discussion forum</span><br>
                      <span>(for ex: <a moz-do-not-send="true"
                          href="http://discussions.apple.com/thread.jspa?threadID=2778039">http://discussions.apple.com/thread.jspa?threadID=2778039</a>)</span><br>
                      <span>maybe this is a general problem with iOS
                        > 4.3 ?</span><br>
                      <span></span><br>
                      <span>so i'm very interested if anyone has managed
                        to get the iPad 2 (iOS 4.3.1)</span><br>
                      <span>connect to strongswan with one or both sides
                        being NATed?</span><br>
                      <span></span><br>
                      <span>or maybe someone has managed to connect to
                        open-/freeSWAN ?</span><br>
                      <span>(server is on debian 6)</span><br>
                      <span></span><br>
                      <span>any help is really appreciated!</span><br>
                      <span></span><br>
                      <span>thank you</span><br>
                      <span></span><br>
                      <span>Martin</span><span><br>
                      </span><span></span><br>
                    </div>
                  </blockquote>
                </div>
                _______________________________________________<br>
                Users mailing list<br>
                <a moz-do-not-send="true"
                  href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a><br>
                <a class="moz-txt-link-freetext" href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a></blockquote>
            </div>
            <br>
          </div>
        </div>
      </div>
      <pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.strongswan.org/mailman/listinfo/users">https://lists.strongswan.org/mailman/listinfo/users</a></pre>
    </blockquote>
  </body>
</html>