<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
Hi,<br><br>I am using strongSwan on openwrt 10.03.1-rc4.<br><br>I am tryting to connect using using iphone and snow leopard using built in cisco client, but I get the same error. <br><br>iphone and osx is behind nat, but the router is connected directly to the internet.<br><br>I am able to connect using ipsec/l2tp on both the devices. I am also able to connect using cisco client using windows os.<br><a title="Send (Ctrl+Enter)" href="javascript:;" onclick="ComposePage._sending = true;" id="SendMessage"><span class="Label"></span></a><br>I followed the direction on the following page which allowed me to connect using cisco client using windows.<br><br>http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29<br><br>root@OpenWrt:~# ipsec version<br>Linux strongSwan U4.3.7/K2.6.32.25<br>Institute for Internet Technologies and Applications<br>University of Applied Sciences Rapperswil, Switzerland<br>See 'ipsec --copyright' for copyright information.<br><br><br>config setup<br> nat_traversal=yes<br> charonstart=no<br> plutostart=yes<br><br>conn L2TP<br> authby=psk<br> pfs=no<br> rekey=no<br> type=tunnel<br> esp=aes128-sha1<br> ike=aes128-sha-modp1024<br> left=%defaultroute<br> leftprotoport=17/1701<br> right=%any<br> rightprotoport=17/%any<br> rightsubnetwithin=0.0.0.0/0<br> auto=add<br><br>conn cisco<br> keyexchange=ikev1<br> authby=xauthrsasig<br> xauth=server<br> left=%defaultroute<br> leftsubnet=0.0.0.0/0<br> leftfirewall=yes<br> leftcert=serverCert.pem<br> right=%any<br> rightsubnet=192.168.168.0/24<br> rightsourceip=192.168.168.2<br> rightcert=clientCert.pem<br> pfs=no<br> auto=add<br><br><br><br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: received Vendor ID payload [RFC 3947]<br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]<br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]<br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]<br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]<br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]<br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]<br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]<br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]<br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]<br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: received Vendor ID payload [XAUTH]<br>Jun 9 09:44:21 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: NAT-Traversal: Result using RFC 3947: peer is NATed<br>Jun 9 09:44:25 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT<br>Jun 9 09:44:25 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: Peer ID is ID_DER_ASN1_DN: 'C=US, O=strongSwan, CN=client'<br>Jun 9 09:44:25 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: crl not found<br>Jun 9 09:44:25 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: certificate status unknown<br>Jun 9 09:44:25 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: we have a cert and are sending it upon request<br>Jun 9 09:44:26 OpenWrt authpriv.debug pluto[1538]: | NAT-T: new mapping 208.54.35.143:6720/32850)<br>Jun 9 09:44:26 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:32850 #2: sent MR3, ISAKMP SA established<br>Jun 9 09:44:26 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:32850 #2: sending XAUTH request<br>Jun 9 09:44:26 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:32850: Informational Exchange is for an unknown (expired?) SA<br><br> </body>
</html>