[strongSwan-dev] tunnel setup failure with iPAD+IOS 8 (beta)

SM K sacho.polo at gmail.com
Fri Aug 29 05:34:28 CEST 2014


I have started to testing a beta version of iOS 8 with strongswan and see a
problem with tunnel setup.

With strongswan 5.1.2 and iOS 8, I see a message saying "invalid HASH_V1
payload length, decryption failed" during connection setup time, which
leads to a [ HASH N(PLD_MAL) ] message being sent to the iPad. This is
using IKE v1 (iOS 8 supports IKEv2).

I have tried iOS 8 with a 4.x strongswan and the connection was
successfully setup (after a hack around the xauth problem with iOS).

I have also tried iOS 7 with 5.1.2 and this works. So it seems both 5.1.2
and iOS 8 work in my setup, but not with each other.

Is it possible that the error is something else and not really due to the
invalid payload length? Or is it that strongswan 5.1.2 is stricter about
this than strongswan 4.x ?

Note:Due to the XAuth problem with iOS, I am using the
"rightauth2=xauth-noauth" trick in the connection definition and use the
appropriate plugin.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20140828/f533733f/attachment.html>

More information about the Dev mailing list