<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-text-flowed" style="font-family: -moz-fixed;
font-size: 14px;" lang="x-western">I originally sent this email on
10/4/2013 but I got no replies, and after a month, I still have
this problem. Can anyone help?<br>
<br>
I followed the configuration shown in the wiki for Apple IOS
clients.
<br>
<a class="moz-txt-link-freetext"
href="http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29">http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)</a>
<a class="moz-txt-link-rfc2396E"
href="http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29"><http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29></a>
<br>
<br>
It works on one remote client (iPad). When I connect a second
remote client (Android phone) to the VPN, the iPad is disconnected
immediately. The ipsec.conf, ipsec.secrets, and strongswan.conf
files are same as the wiki example with two changes to support
multiple clients (change rightsourceip and removed rightcert).
<br>
<br>
$ diff ipsec.conf ipsec.conf.template
<br>
< rightsourceip=10.0.0.0/24
<br>
---
<br>
> rightsourceip=10.0.0.2
<br>
> rightcert=clientCert.pem
<br>
<br>
The /var/log/auth.log is attached starting from when USER #2
connects to the VPN (at this time USER #1 is already connected and
everything is working). Thank you.
<br>
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from
192.168.0.3:500: received Vendor ID payload [RFC 3947]
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from
192.168.0.3:500: ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02]
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from
192.168.0.3:500: ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n]
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from
192.168.0.3:500: ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from
192.168.0.3:500: received Vendor ID payload [XAUTH]
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from
192.168.0.3:500: ignoring Vendor ID payload [Cisco-Unity]
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from
192.168.0.3:500: ignoring Vendor ID payload [FRAGMENTATION
80000000]
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from
192.168.0.3:500: received Vendor ID payload [Dead Peer Detection]
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4:
responding to Main Mode from unknown peer 192.168.0.3
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4:
NAT-Traversal: Result using RFC 3947: both are NATed
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4:
Peer ID is ID_DER_ASN1_DN: 'C=CH, O=strongSwan,
CN=win7.mycompany.local'
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4:
crl not found
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4:
certificate status unknown
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3 #4:
deleting connection "ios" instance with peer 192.168.0.3
{isakmp=#0/ipsec=#0}
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3 #4:
we have a cert and are sending it upon request
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3 #4:
deleting connection "ios" instance with peer 70.139.113.210
{isakmp=#2/ipsec=#3}
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios" #3: deleting state
(STATE_QUICK_R2)
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios" #2: deleting state
(STATE_MODE_CFG_R1)
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: lease 10.10.4.1 by
'vmware' went offline
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: | NAT-T: new mapping
192.168.0.3:500/4500)
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: sent MR3, ISAKMP SA established
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: sending XAUTH request
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from
192.168.0.3:4500: Informational Exchange is for an unknown
(expired?) SA
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: parsing XAUTH reply
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: extended authentication was successful
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: sending XAUTH status
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: parsing XAUTH ack
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: received XAUTH ack, established
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: parsing ModeCfg request
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: peer requested virtual IP %any
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: reassigning offline lease
to 'vmware'
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: assigning virtual IP 10.10.4.1 to peer
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: sending ModeCfg reply
<br>
Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500
#4: sent ModeCfg reply, established
<br>
<br>
</div>
</body>
</html>