<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Sprechblasentext Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.SprechblasentextZchn
{mso-style-name:"Sprechblasentext Zchn";
mso-style-priority:99;
mso-style-link:Sprechblasentext;
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hi,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I am stuck in getting a connection from a Windows Phone 8.1 to strongswan 5.2.0 on a Ubuntu 12.04.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Here’s my ipsec.conf<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>config setup<o:p></o:p></p><p class=MsoNormal> uniqueids=never<o:p></o:p></p><p class=MsoNormal> # charondebug="cfg -1, dmn 11, ike -1, net -1"<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>conn myVPN<o:p></o:p></p><p class=MsoNormal> left=%any<o:p></o:p></p><p class=MsoNormal> leftsubnet=0.0.0.0/0<o:p></o:p></p><p class=MsoNormal> leftid=@took out the FQDN<o:p></o:p></p><p class=MsoNormal> lefthostaccess=yes<o:p></o:p></p><p class=MsoNormal> leftfirewall=yes<o:p></o:p></p><p class=MsoNormal> leftcert=server.crt<o:p></o:p></p><p class=MsoNormal> ike=aes256-sha1-modp1024!<o:p></o:p></p><p class=MsoNormal> esp=aes256-sha1!<o:p></o:p></p><p class=MsoNormal> rekey=no<o:p></o:p></p><p class=MsoNormal> keyexchange=ikev2<o:p></o:p></p><p class=MsoNormal> ikelifetime=8h<o:p></o:p></p><p class=MsoNormal> keylife=1h<o:p></o:p></p><p class=MsoNormal> right=%any<o:p></o:p></p><p class=MsoNormal> rightsourceip=192.168.188.50<o:p></o:p></p><p class=MsoNormal> rightauth=eap-mschapv2<o:p></o:p></p><p class=MsoNormal> compress=yes<o:p></o:p></p><p class=MsoNormal> dpdaction=clear<o:p></o:p></p><p class=MsoNormal> dpddelay=300s<o:p></o:p></p><p class=MsoNormal> rightsendcert=never<o:p></o:p></p><p class=MsoNormal> eap_identity=%any<o:p></o:p></p><p class=MsoNormal> auto=add<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>And this is the –nofork output<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Starting strongSwan 5.2.0 IPsec [starter]...<o:p></o:p></p><p class=MsoNormal>no netkey IPsec stack detected<o:p></o:p></p><p class=MsoNormal>no KLIPS IPsec stack detected<o:p></o:p></p><p class=MsoNormal>no known IPsec stack detected, ignoring!<o:p></o:p></p><p class=MsoNormal>00[DMN] Starting IKE charon daemon (strongSwan 5.2.0, Linux 2.6.32-042stab092.3, i686)<o:p></o:p></p><p class=MsoNormal>00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted<o:p></o:p></p><p class=MsoNormal>00[NET] installing IKE bypass policy failed<o:p></o:p></p><p class=MsoNormal>00[KNL] unable to set IPSEC_POLICY on socket: Operation not permitted<o:p></o:p></p><p class=MsoNormal>00[NET] installing IKE bypass policy failed<o:p></o:p></p><p class=MsoNormal>00[KNL] unable to set IPSEC_POLICY on socket: Invalid argument<o:p></o:p></p><p class=MsoNormal>00[NET] installing IKE bypass policy failed<o:p></o:p></p><p class=MsoNormal>00[KNL] unable to set IPSEC_POLICY on socket: Invalid argument<o:p></o:p></p><p class=MsoNormal>00[NET] installing IKE bypass policy failed<o:p></o:p></p><p class=MsoNormal>00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'<o:p></o:p></p><p class=MsoNormal>00[CFG] loaded ca certificate "C=DE, ST=Some-State, O=Andreas Seiler, CN=took out the FQDN" from '/etc/ipsec.d/cacerts/ca.crt'<o:p></o:p></p><p class=MsoNormal>00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'<o:p></o:p></p><p class=MsoNormal>00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'<o:p></o:p></p><p class=MsoNormal>00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'<o:p></o:p></p><p class=MsoNormal>00[CFG] loading crls from '/etc/ipsec.d/crls'<o:p></o:p></p><p class=MsoNormal>00[CFG] loading secrets from '/etc/ipsec.secrets'<o:p></o:p></p><p class=MsoNormal>00[CFG] loaded RSA private key from '/etc/ipsec.d/private/server.key'<o:p></o:p></p><p class=MsoNormal>00[CFG] loaded EAP secret for phone<o:p></o:p></p><p class=MsoNormal>00[LIB] loaded plugins: charon curl pkcs11 aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-identity eap-mschapv2 eap-tls eap-ttls xauth-generic<o:p></o:p></p><p class=MsoNormal>00[LIB] unable to load 3 plugin features (3 due to unmet dependencies)<o:p></o:p></p><p class=MsoNormal>00[JOB] spawning 16 worker threads<o:p></o:p></p><p class=MsoNormal>charon (22973) started after 20 ms<o:p></o:p></p><p class=MsoNormal>08[CFG] received stroke: add connection 'myVPN'<o:p></o:p></p><p class=MsoNormal>08[CFG] left nor right host is our side, assuming left=local<o:p></o:p></p><p class=MsoNormal>08[CFG] adding virtual IP address pool 192.168.188.50<o:p></o:p></p><p class=MsoNormal>08[CFG] loaded certificate "C=DE, ST=Some-State, O=Andreas Seiler, CN=took out the FQDN" from 'server.crt'<o:p></o:p></p><p class=MsoNormal>08[CFG] added configuration 'myVPN'<o:p></o:p></p><p class=MsoNormal>10[NET] received packet: from 80.187.107.73[500] to the real IP[500] (616 bytes)<o:p></o:p></p><p class=MsoNormal>10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]<o:p></o:p></p><p class=MsoNormal>10[ENC] received unknown vendor ID: 1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:09<o:p></o:p></p><p class=MsoNormal>10[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20<o:p></o:p></p><p class=MsoNormal>10[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19<o:p></o:p></p><p class=MsoNormal>10[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02<o:p></o:p></p><p class=MsoNormal>10[IKE] 80.187.107.73 is initiating an IKE_SA<o:p></o:p></p><p class=MsoNormal>10[IKE] remote host is behind NAT<o:p></o:p></p><p class=MsoNormal>10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]<o:p></o:p></p><p class=MsoNormal>10[NET] sending packet: from the real IP[500] to 80.187.107.73[500] (312 bytes)<o:p></o:p></p><p class=MsoNormal>11[NET] received packet: from 80.187.107.73[2869] to the real IP[4500] (1324 bytes)<o:p></o:p></p><p class=MsoNormal>11[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]<o:p></o:p></p><p class=MsoNormal>11[IKE] received cert request for "C=DE, ST=Some-State, O=Andreas Seiler, CN=took out the FQDN"<o:p></o:p></p><p class=MsoNormal>11[IKE] received 48 cert requests for an unknown ca<o:p></o:p></p><p class=MsoNormal>11[CFG] looking for peer configs matching the real IP[%any]...80.187.107.73[10.69.240.130]<o:p></o:p></p><p class=MsoNormal>11[CFG] selected peer config 'myVPN'<o:p></o:p></p><p class=MsoNormal>11[IKE] initiating EAP_IDENTITY method (id 0x00)<o:p></o:p></p><p class=MsoNormal>11[IKE] peer supports MOBIKE<o:p></o:p></p><p class=MsoNormal>11[IKE] authentication of 'took out the FQDN' (myself) with RSA signature successful<o:p></o:p></p><p class=MsoNormal>11[IKE] sending end entity cert "C=DE, ST=Some-State, O=Andreas Seiler, CN=took out the FQDN"<o:p></o:p></p><p class=MsoNormal>11[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]<o:p></o:p></p><p class=MsoNormal>11[NET] sending packet: from the real IP[4500] to 80.187.107.73[2869] (908 bytes)<o:p></o:p></p><p class=MsoNormal>12[NET] received packet: from 80.187.107.73[500] to the real IP[500] (616 bytes)<o:p></o:p></p><p class=MsoNormal>12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]<o:p></o:p></p><p class=MsoNormal>12[ENC] received unknown vendor ID: 1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:09<o:p></o:p></p><p class=MsoNormal>12[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20<o:p></o:p></p><p class=MsoNormal>12[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19<o:p></o:p></p><p class=MsoNormal>12[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02<o:p></o:p></p><p class=MsoNormal>12[IKE] 80.187.107.73 is initiating an IKE_SA<o:p></o:p></p><p class=MsoNormal>12[IKE] remote host is behind NAT<o:p></o:p></p><p class=MsoNormal>12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]<o:p></o:p></p><p class=MsoNormal>12[NET] sending packet: from the real IP[500] to 80.187.107.73[500] (312 bytes)<o:p></o:p></p><p class=MsoNormal>13[NET] received packet: from 80.187.107.73[500] to the real IP[500] (616 bytes)<o:p></o:p></p><p class=MsoNormal>13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]<o:p></o:p></p><p class=MsoNormal>13[IKE] received retransmit of request with ID 0, retransmitting response<o:p></o:p></p><p class=MsoNormal>13[NET] sending packet: from the real IP[500] to 80.187.107.73[500] (312 bytes)<o:p></o:p></p><p class=MsoNormal>14[NET] received packet: from 80.187.107.73[500] to the real IP[500] (616 bytes)<o:p></o:p></p><p class=MsoNormal>14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]<o:p></o:p></p><p class=MsoNormal>14[IKE] received retransmit of request with ID 0, retransmitting response<o:p></o:p></p><p class=MsoNormal>14[NET] sending packet: from the real IP[500] to 80.187.107.73[500] (312 bytes)<o:p></o:p></p><p class=MsoNormal>15[JOB] deleting half open IKE_SA after timeout<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Has anybody an idea what might be the problem?<o:p></o:p></p></div></body></html>