Hi Users,<div><br></div><div>I am trying to setup a VPN between OSX (client) and Linux (server). I have generated and successfully installed all the required keys and certificates i.e. a CA cert, and a cert for both the client and the server (signed with the CA cert). Wrapped up the client and CA cert into pkcs12 and successfully installed and trusted them on the OSX client side. I am using the built in OSX VPN client, configured to use the client cert for user auth and machine auth. All looks good. On the server side:</div>
<div><br></div><div><div>root@lwlserver:~/strongswan-4.6.4# ipsec --version</div><div>Linux strongSwan U4.6.4/K2.6.35-32-server</div></div><div><br></div><div>ipsec.conf:</div><div><br></div><div><div>config setup</div><div>
crlcheckinterval=180</div><div> strictcrlpolicy=no</div><div><br></div><div>ca livewireca</div><div> cacert=LivewireCACert.pem</div><div> auto=add</div><div><br></div><div>conn %default</div><div>
ikelifetime=60m</div><div> keylife=20m</div><div> rekeymargin=3m</div><div> keyingtries=1</div><div><br></div><div>conn rw</div><div> left=203.161.119.62</div><div> leftcert=VPNServerCert.pem</div>
<div> leftid="C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, CN=Livewire Labs VPNServer"</div><div> leftsubnet=<a href="http://192.168.20.0/24">192.168.20.0/24</a></div><div> rightid="C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, CN=Livewire Labs VPNClient"</div>
<div> auto=add</div></div><div><br></div><div>ipsec.secrets:</div><div><br></div><div><div># /etc/ipsec.secrets - strongSwan IPsec secrets file</div><div><br></div><div>: RSA VPNServerKey.pem "its a secret"</div>
<div><br></div></div><div>Running ipsec statusall before connect attempt give me:</div><div><br></div><div><div>root@lwlserver:~/strongswan-4.6.4# ipsec statusall</div><div>Status of IKEv2 charon daemon (strongSwan 4.6.4):</div>
<div> uptime: 7 seconds, since Jun 20 17:35:27 2012</div><div> malloc: sbrk 405504, mmap 0, used 285632, free 119872</div><div> worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0, scheduled: 0</div><div>
loaded plugins: aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem openssl gcrypt fips-prf gmp agent xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-identity eap-aka eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2</div>
<div>Listening IP addresses:</div><div> 192.168.20.2</div><div>Connections:</div><div> rw: 203.161.119.62...%any</div><div> rw: local: [C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, CN=Livewire Labs VPNServer] uses public key authentication</div>
<div> rw: cert: "C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, CN=Livewire Labs VPNServer"</div><div> rw: remote: [C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, CN=Livewire Labs VPNClient] uses any authentication</div>
<div> rw: child: <a href="http://192.168.20.0/24">192.168.20.0/24</a> === dynamic TUNNEL</div><div>Security Associations (0 up, 0 connecting):</div><div> none</div></div><div><br></div><div>Heres the log of the startup and subsequent failed connection attempt:</div>
<div><br></div><div><div>root@lwlserver:/etc/ipsec.d/private# grep -v ASN /var/log/charon.log </div><div>00[DMN] Starting IKEv2 charon daemon (strongSwan 4.6.4)</div><div>00[LIB] plugin 'aes': loaded successfully</div>
<div>00[LIB] plugin 'des': loaded successfully</div><div>00[LIB] plugin 'sha1': loaded successfully</div><div>00[LIB] plugin 'sha2': loaded successfully</div><div>00[LIB] plugin 'md5': loaded successfully</div>
<div>00[LIB] plugin 'random': loaded successfully</div><div>00[LIB] plugin 'x509': loaded successfully</div><div>00[LIB] plugin 'revocation': loaded successfully</div><div>00[LIB] plugin 'constraints': loaded successfully</div>
<div>00[LIB] plugin 'pubkey': loaded successfully</div><div>00[LIB] plugin 'pkcs1': loaded successfully</div><div>00[LIB] plugin 'pkcs8': loaded successfully</div><div>00[LIB] plugin 'pgp': loaded successfully</div>
<div>00[LIB] plugin 'pem': loaded successfully</div><div>00[LIB] plugin 'openssl': loaded successfully</div><div>00[LIB] plugin 'gcrypt': loaded successfully</div><div>00[LIB] plugin 'fips-prf': loaded successfully</div>
<div>00[LIB] plugin 'gmp': loaded successfully</div><div>00[LIB] plugin 'agent': loaded successfully</div><div>00[LIB] plugin 'xcbc': loaded successfully</div><div>00[LIB] plugin 'cmac': loaded successfully</div>
<div>00[LIB] plugin 'hmac': loaded successfully</div><div>00[LIB] plugin 'attr': loaded successfully</div><div>00[LIB] plugin 'kernel-netlink': loaded successfully</div><div>00[KNL] listening on interfaces:</div>
<div>00[KNL] eth0</div><div>00[KNL] 192.168.20.2</div><div>00[KNL] fe80::21e:58ff:fe49:5037</div><div>00[LIB] plugin 'resolve': loaded successfully</div><div>00[LIB] plugin 'socket-default': loaded successfully</div>
<div>00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'</div><div>00[CFG] loaded ca certificate "C=AU, ST=Western Australia, L=Perth, O=Livewire Labs Pty Ltd, CN=Livewire Labs CA" from '/etc/ipsec.d/cacerts/LivewireCACert.pem'</div>
<div>00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'</div><div>00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'</div><div>00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'</div>
<div>00[CFG] loading crls from '/etc/ipsec.d/crls'</div><div>00[CFG] loading secrets from '/etc/ipsec.secrets'</div><div>00[CFG] loaded RSA private key from '/etc/ipsec.d/private/VPNServerKey.pem'</div>
<div>00[LIB] plugin 'stroke': loaded successfully</div><div>00[LIB] plugin 'updown': loaded successfully</div><div>00[LIB] plugin 'eap-identity': loaded successfully</div><div>00[LIB] plugin 'eap-aka': loaded successfully</div>
<div>00[LIB] plugin 'eap-aka-3gpp2': loaded successfully</div><div>00[LIB] plugin 'eap-md5': loaded successfully</div><div>00[LIB] plugin 'eap-gtc': loaded successfully</div><div>00[LIB] plugin 'eap-mschapv2': loaded successfully</div>
<div>00[CFG] DBUS binding failed</div><div>00[LIB] plugin 'nm': failed to load - nm_plugin_create returned NULL</div><div>00[DMN] loaded plugins: aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem openssl gcrypt fips-prf gmp agent xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-identity eap-aka eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2</div>
<div>00[JOB] spawning 16 worker threads</div><div>01[LIB] created thread 01 [11370]</div><div>01[JOB] started worker thread 01</div><div>02[LIB] created thread 02 [11371]</div><div>02[JOB] started worker thread 02</div><div>
04[LIB] created thread 04 [11373]</div><div>03[LIB] created thread 03 [11372]</div><div>03[JOB] started worker thread 03</div><div>06[LIB] created thread 06 [11375]</div><div>06[JOB] started worker thread 06</div><div>08[LIB] created thread 08 [11377]</div>
<div>08[JOB] started worker thread 08</div><div>05[LIB] created thread 05 [11374]</div><div>13[LIB] created thread 13 [11382]</div><div>10[LIB] created thread 10 [11379]</div><div>15[LIB] created thread 15 [11384]</div><div>
15[JOB] started worker thread 15</div><div>01[JOB] no events, waiting</div><div>11[LIB] created thread 11 [11380]</div><div>11[JOB] started worker thread 11</div><div>12[LIB] created thread 12 [11381]</div><div>12[JOB] started worker thread 12</div>
<div>11[NET] waiting for data on sockets</div><div>09[LIB] created thread 09 [11378]</div><div>09[JOB] started worker thread 09</div><div>14[LIB] created thread 14 [11383]</div><div>14[JOB] started worker thread 14</div><div>
10[JOB] started worker thread 10</div><div>07[LIB] created thread 07 [11376]</div><div>07[JOB] started worker thread 07</div><div>13[JOB] started worker thread 13</div><div>04[JOB] started worker thread 04</div><div>05[JOB] started worker thread 05</div>
<div>16[LIB] created thread 16 [11385]</div><div>16[JOB] started worker thread 16</div><div>12[CFG] stroke message => 614 bytes @ 0x7f8eb7892a80</div><div>... (removed for brevity)</div><div>12[CFG] received stroke: add ca 'livewireca'</div>
<div>12[CFG] ca livewireca</div><div>12[CFG] cacert=LivewireCACert.pem</div><div>12[CFG] crluri=(null)</div><div>12[CFG] crluri2=(null)</div><div>12[CFG] ocspuri=(null)</div><div>12[CFG] ocspuri2=(null)</div><div>
12[CFG] certuribase=(null)</div><div>12[CFG] added ca 'livewireca'</div><div>10[CFG] stroke message => 863 bytes @ 0x7f8eb8894990</div><div>... (removed for brevity)</div><div>10[CFG] received stroke: add connection 'rw'</div>
<div>10[CFG] conn rw</div><div>10[CFG] left=203.161.119.62</div><div>10[CFG] leftsubnet=<a href="http://192.168.20.0/24">192.168.20.0/24</a></div><div>10[CFG] leftsourceip=(null)</div><div>10[CFG] leftauth=(null)</div>
<div>10[CFG] leftauth2=(null)</div><div>10[CFG] leftid=C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, CN=Livewire Labs VPNServer</div><div>10[CFG] leftid2=(null)</div><div>10[CFG] leftrsakey=(null)</div><div>
10[CFG] leftcert=VPNServerCert.pem</div><div>10[CFG] leftcert2=(null)</div><div>10[CFG] leftca=(null)</div><div>10[CFG] leftca2=(null)</div><div>10[CFG] leftgroups=(null)</div><div>10[CFG] leftupdown=(null)</div>
<div>10[CFG] right=%any</div><div>10[CFG] rightsubnet=(null)</div><div>10[CFG] rightsourceip=(null)</div><div>10[CFG] rightauth=(null)</div><div>10[CFG] rightauth2=(null)</div><div>10[CFG] rightid=C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, CN=Livewire Labs VPNClient</div>
<div>10[CFG] rightid2=(null)</div><div>10[CFG] rightrsakey=(null)</div><div>10[CFG] rightcert=(null)</div><div>10[CFG] rightcert2=(null)</div><div>10[CFG] rightca=(null)</div><div>10[CFG] rightca2=(null)</div>
<div>10[CFG] rightgroups=(null)</div><div>10[CFG] rightupdown=(null)</div><div>10[CFG] eap_identity=(null)</div><div>10[CFG] aaa_identity=(null)</div><div>10[CFG] ike=aes128-sha1-modp2048,3des-sha1-modp1536</div>
<div>10[CFG] esp=aes128-sha1,3des-sha1</div><div>10[CFG] dpddelay=30</div><div>10[CFG] dpdaction=0</div><div>10[CFG] closeaction=0</div><div>10[CFG] mediation=no</div><div>10[CFG] mediated_by=(null)</div><div>
10[CFG] me_peerid=(null)</div><div>10[KNL] getting interface name for %any</div><div>10[KNL] %any is not a local address</div><div>10[KNL] getting interface name for 203.161.119.62</div><div>10[KNL] 203.161.119.62 is not a local address</div>
<div>10[CFG] left nor right host is our side, assuming left=local</div><div>10[CFG] loaded certificate "C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, CN=Livewire Labs VPNServer" from 'VPNServerCert.pem'</div>
<div>10[CFG] added configuration 'rw'</div><div>07[CFG] stroke message => 584 bytes @ 0x7f8eba097aa0</div><div>... (removed for brevity)</div><div>07[CFG] proposing traffic selectors for us:</div><div>07[CFG] <a href="http://192.168.20.0/24">192.168.20.0/24</a> (derived from <a href="http://192.168.20.0/24">192.168.20.0/24</a>)</div>
<div>07[CFG] proposing traffic selectors for other:</div><div>07[CFG] dynamic (derived from dynamic)</div><div>11[NET] received packet => 476 bytes @ 0x7f8eb8091370</div><div>11[NET] 0: 22 6E D8 2A 38 A2 4A C2 00 00 00 00 00 00 00 00 "n.*8.J.........</div>
<div>11[NET] 16: 01 10 02 00 00 00 00 00 00 00 01 DC 0D 00 00 E4 ................</div><div>11[NET] 32: 00 00 00 01 00 00 00 01 00 00 00 D8 01 01 00 06 ................</div><div>11[NET] 48: 03 00 00 24 01 01 00 00 80 0B 00 01 80 0C 0E 10 ...$............</div>
<div>11[NET] 64: 80 01 00 07 80 0E 01 00 80 03 00 03 80 02 00 02 ................</div><div>11[NET] 80: 80 04 00 02 03 00 00 24 02 01 00 00 80 0B 00 01 .......$........</div><div>11[NET] 96: 80 0C 0E 10 80 01 00 07 80 0E 01 00 80 03 00 03 ................</div>
<div>11[NET] 112: 80 02 00 01 80 04 00 02 03 00 00 24 03 01 00 00 ...........$....</div><div>11[NET] 128: 80 0B 00 01 80 0C 0E 10 80 01 00 07 80 0E 00 80 ................</div><div>11[NET] 144: 80 03 00 03 80 02 00 02 80 04 00 02 03 00 00 24 ...............$</div>
<div>11[NET] 160: 04 01 00 00 80 0B 00 01 80 0C 0E 10 80 01 00 07 ................</div><div>11[NET] 176: 80 0E 00 80 80 03 00 03 80 02 00 01 80 04 00 02 ................</div><div>11[NET] 192: 03 00 00 20 05 01 00 00 80 0B 00 01 80 0C 0E 10 ... ............</div>
<div>11[NET] 208: 80 01 00 05 80 03 00 03 80 02 00 02 80 04 00 02 ................</div><div>11[NET] 224: 00 00 00 20 06 01 00 00 80 0B 00 01 80 0C 0E 10 ... ............</div><div>11[NET] 240: 80 01 00 05 80 03 00 03 80 02 00 01 80 04 00 02 ................</div>
<div>11[NET] 256: 0D 00 00 14 4A 13 1C 81 07 03 58 45 5C 57 28 F2 ....J.....XE\W(.</div><div>11[NET] 272: 0E 95 45 2F 0D 00 00 14 4D F3 79 28 E9 FC 4F D1 ..E/....M.y(..O.</div><div>11[NET] 288: B3 26 21 70 D5 15 C6 62 0D 00 00 14 8F 8D 83 82 .&!p...b........</div>
<div>11[NET] 304: 6D 24 6B 6F C7 A8 A6 A4 28 C1 1D E8 0D 00 00 14 m$ko....(.......</div><div>11[NET] 320: 43 9B 59 F8 BA 67 6C 4C 77 37 AE 22 EA B8 F5 82 C.Y..glLw7."....</div><div>11[NET] 336: 0D 00 00 14 4D 1E 0E 13 6D EA FA 34 C4 F3 EA 9F ....M...m..4....</div>
<div>11[NET] 352: 02 EC 72 85 0D 00 00 14 80 D0 BB 3D EF 54 56 5E ..r........=.TV^</div><div>11[NET] 368: E8 46 45 D4 C8 5C E3 EE 0D 00 00 14 99 09 B6 4E .FE..\.........N</div><div>11[NET] 384: ED 93 7C 65 73 DE 52 AC E9 52 FA 6B 0D 00 00 14 ..|es.R..R.k....</div>
<div>11[NET] 400: 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56 }...S..o,....R.V</div><div>11[NET] 416: 0D 00 00 14 CD 60 46 43 35 DF 21 F8 7C FD B2 FC .....`FC5.!.|...</div><div>11[NET] 432: 68 B6 A4 48 0D 00 00 14 90 CB 80 91 3E BB 69 6E h..H........>.in</div>
<div>11[NET] 448: 08 63 81 B5 EC 42 7B 1F 00 00 00 14 AF CA D7 13 .c...B{.........</div><div>11[NET] 464: 68 A1 F1 C9 6B 86 96 FC 77 57 01 00 h...k...wW..</div><div>11[NET] received packet: from 192.168.20.3[500] to 192.168.20.2[500]</div>
<div>11[ENC] parsing header of message</div><div>11[ENC] parsing HEADER payload, 476 bytes left</div><div>11[ENC] parsing payload from => 476 bytes @ 0x7f8eb0000d20</div><div>11[ENC] 0: 22 6E D8 2A 38 A2 4A C2 00 00 00 00 00 00 00 00 "n.*8.J.........</div>
<div>11[ENC] 16: 01 10 02 00 00 00 00 00 00 00 01 DC 0D 00 00 E4 ................</div><div>11[ENC] 32: 00 00 00 01 00 00 00 01 00 00 00 D8 01 01 00 06 ................</div><div>11[ENC] 48: 03 00 00 24 01 01 00 00 80 0B 00 01 80 0C 0E 10 ...$............</div>
<div>11[ENC] 64: 80 01 00 07 80 0E 01 00 80 03 00 03 80 02 00 02 ................</div><div>11[ENC] 80: 80 04 00 02 03 00 00 24 02 01 00 00 80 0B 00 01 .......$........</div><div>11[ENC] 96: 80 0C 0E 10 80 01 00 07 80 0E 01 00 80 03 00 03 ................</div>
<div>11[ENC] 112: 80 02 00 01 80 04 00 02 03 00 00 24 03 01 00 00 ...........$....</div><div>11[ENC] 128: 80 0B 00 01 80 0C 0E 10 80 01 00 07 80 0E 00 80 ................</div><div>11[ENC] 144: 80 03 00 03 80 02 00 02 80 04 00 02 03 00 00 24 ...............$</div>
<div>11[ENC] 160: 04 01 00 00 80 0B 00 01 80 0C 0E 10 80 01 00 07 ................</div><div>11[ENC] 176: 80 0E 00 80 80 03 00 03 80 02 00 01 80 04 00 02 ................</div><div>11[ENC] 192: 03 00 00 20 05 01 00 00 80 0B 00 01 80 0C 0E 10 ... ............</div>
<div>11[ENC] 208: 80 01 00 05 80 03 00 03 80 02 00 02 80 04 00 02 ................</div><div>11[ENC] 224: 00 00 00 20 06 01 00 00 80 0B 00 01 80 0C 0E 10 ... ............</div><div>11[ENC] 240: 80 01 00 05 80 03 00 03 80 02 00 01 80 04 00 02 ................</div>
<div>11[ENC] 256: 0D 00 00 14 4A 13 1C 81 07 03 58 45 5C 57 28 F2 ....J.....XE\W(.</div><div>11[ENC] 272: 0E 95 45 2F 0D 00 00 14 4D F3 79 28 E9 FC 4F D1 ..E/....M.y(..O.</div><div>11[ENC] 288: B3 26 21 70 D5 15 C6 62 0D 00 00 14 8F 8D 83 82 .&!p...b........</div>
<div>11[ENC] 304: 6D 24 6B 6F C7 A8 A6 A4 28 C1 1D E8 0D 00 00 14 m$ko....(.......</div><div>11[ENC] 320: 43 9B 59 F8 BA 67 6C 4C 77 37 AE 22 EA B8 F5 82 C.Y..glLw7."....</div><div>11[ENC] 336: 0D 00 00 14 4D 1E 0E 13 6D EA FA 34 C4 F3 EA 9F ....M...m..4....</div>
<div>11[ENC] 352: 02 EC 72 85 0D 00 00 14 80 D0 BB 3D EF 54 56 5E ..r........=.TV^</div><div>11[ENC] 368: E8 46 45 D4 C8 5C E3 EE 0D 00 00 14 99 09 B6 4E .FE..\.........N</div><div>11[ENC] 384: ED 93 7C 65 73 DE 52 AC E9 52 FA 6B 0D 00 00 14 ..|es.R..R.k....</div>
<div>11[ENC] 400: 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56 }...S..o,....R.V</div><div>11[ENC] 416: 0D 00 00 14 CD 60 46 43 35 DF 21 F8 7C FD B2 FC .....`FC5.!.|...</div><div>11[ENC] 432: 68 B6 A4 48 0D 00 00 14 90 CB 80 91 3E BB 69 6E h..H........>.in</div>
<div>11[ENC] 448: 08 63 81 B5 EC 42 7B 1F 00 00 00 14 AF CA D7 13 .c...B{.........</div><div>11[ENC] 464: 68 A1 F1 C9 6B 86 96 FC 77 57 01 00 h...k...wW..</div><div>11[ENC] parsing rule 0 IKE_SPI</div><div>
11[ENC] => => 8 bytes @ 0x7f8eb0001280</div><div>11[ENC] 0: 22 6E D8 2A 38 A2 4A C2 "n.*8.J.</div><div>11[ENC] parsing rule 1 IKE_SPI</div><div>11[ENC] => => 8 bytes @ 0x7f8eb0001288</div>
<div>11[ENC] 0: 00 00 00 00 00 00 00 00 ........</div><div>11[ENC] parsing rule 2 U_INT_8</div><div>11[ENC] => 1</div><div>11[ENC] parsing rule 3 U_INT_4</div><div>11[ENC] => 1</div>
<div>11[ENC] parsing rule 4 U_INT_4</div><div>11[ENC] => 0</div><div>11[ENC] parsing rule 5 U_INT_8</div><div>11[ENC] => 2</div><div>11[ENC] parsing rule 6 RESERVED_BIT</div><div>11[ENC] => 0</div>
<div>11[ENC] parsing rule 7 RESERVED_BIT</div><div>11[ENC] => 0</div><div>11[ENC] parsing rule 8 FLAG</div><div>11[ENC] => 0</div><div>11[ENC] parsing rule 9 FLAG</div><div>11[ENC] => 0</div><div>11[ENC] parsing rule 10 FLAG</div>
<div>11[ENC] => 0</div><div>11[ENC] parsing rule 11 RESERVED_BIT</div><div>11[ENC] => 0</div><div>11[ENC] parsing rule 12 RESERVED_BIT</div><div>11[ENC] => 0</div><div>11[ENC] parsing rule 13 RESERVED_BIT</div>
<div>11[ENC] => 0</div><div>11[ENC] parsing rule 14 U_INT_32</div><div>11[ENC] => 0</div><div>11[ENC] parsing rule 15 HEADER_LENGTH</div><div>11[ENC] => 476</div><div>11[ENC] parsing HEADER payload finished</div>
<div>11[ENC] header verification failed</div><div>11[NET] received invalid IKE header from 192.168.20.3 - ignored</div><div>11[NET] waiting for data on sockets</div><div>11[NET] received packet => 476 bytes @ 0x7f8eb8091370</div>
<div>11[NET] 0: 22 6E D8 2A 38 A2 4A C2 00 00 00 00 00 00 00 00 "n.*8.J.........</div><div><br></div></div><div>This last chunk of entries is repeated 3 times as the OSX client retries.</div><div><br></div><div>The OSX log matches the behaviour:</div>
<div><br></div><div><div>20/06/12 5:49:33.357 PM configd: SCNC: start, triggered by System Preferen, type L2TP, status 0</div><div>20/06/12 5:49:33.399 PM pppd: pppd 2.4.2 (Apple version 560.13) started by craig, uid 501</div>
<div>20/06/12 5:49:33.413 PM pppd: L2TP connecting to server '192.168.20.2' (192.168.20.2)...</div><div>20/06/12 5:49:33.415 PM pppd: IPSec connection started</div><div>20/06/12 5:49:33.493 PM racoon: Connecting.</div>
<div>20/06/12 5:49:33.493 PM racoon: IPSec Phase1 started (Initiated by me).</div><div>20/06/12 5:49:33.494 PM racoon: IKE Packet: transmit success. (Initiator, Main-Mode message 1).</div><div>20/06/12 5:49:36.497 PM racoon: IKE Packet: transmit success. (Phase1 Retransmit).</div>
<div>20/06/12 5:49:39.500 PM racoon: IKE Packet: transmit success. (Phase1 Retransmit).</div><div>20/06/12 5:49:42.503 PM racoon: IKE Packet: transmit success. (Phase1 Retransmit).</div><div>20/06/12 5:49:43.494 PM pppd: IPSec connection failed</div>
</div><div><br></div><div>Can anyone help with my problem? FWIW I would be happy to write up the process I went through for the wiki if I can just get over this final hump. I can't believe I am the only one out there trying to get OSX talking to Strongswan (maybe I am the only one failing though :) )</div>
<div><br></div><div>Cheers</div><div>Craig</div><div><br></div><div>p.s. I tried the built in Vpn client on a Windows 7 box and it appeared to get a lot further, though I didn't bother setting up the auth/certs correctly. It definitely managed to send headers and subsequent messages that Strongswan was able to parse.</div>
<div><br></div><div><br></div>