[strongSwan-dev] config w/ multiple ios devices on a network...

Miroslav Svoboda goodmirek at goodmirek.cz
Fri Apr 24 09:51:23 CEST 2015


Please can you provide:
- log with default loglevel set to 2, showing start of both iPhones 
connection
- output of command "strongswan statusall" at the time both iphone are 
connected
- route table and iptables rules (tables filter, nat, mangle)

I believe this question would be next time better fit for users list and 
even might get answered quicker there.

Miroslav

On Thursday, April 23, 2015 at 4:40:15 PM UTC+2, Andrew Foss wrote:
>
> I am bringing up an ipsec server for our ios users and suspect my "left" 
> parameters aren't quite right, but so far my changes have made it not 
> work at all and I am not fully understanding the descriptions. I am 
> running 5.3.0, our ifupdown scripts open iptables rules to allow access 
> to dns and the servers. 
>
> What is see is first device on a network connects and works fine. Second 
> device connects and neither works, second device gets disconnected, as 
> if the routing/nat handling is sending packets down the wrong tunnel. 
>
> Here's my config, I suspect leftsubnet should be 0/0, these are just 
> devices connecting for themselves, not another vpn gateway connecting a 
> network. Any pointers? 
>
> conn ios 
>      keyexchange=ikev1 
>      #esp=null-sha1! 
>      authby=xauthrsasig 
>      xauth=server 
>      left=%defaultroute 
>      leftsubnet=0.0.0.0/0 
>      #leftsubnet=10.66.0.0/16 
>      #leftfirewall=yes 
>      leftupdown=/opt/actmobile/accelerator/actmobile_ipsec_updown 
>      leftcert=serverCert.pem 
>      right=%any 
>      rightsourceip=10.0.0.0/16 
>      #rightsourceip=10.100.255.0/28 
>      #rightcert=clientCert.pem 
>      #pfs=no 
>      auto=start 
>      rekey=yes 
>      fragmentation=yes 
>      lifetime=24h 
>      dpddelay=0 
>      dpdtimeout=24h 
> actmobile at accel:~-u 
>
> thanks, 
> andrew 
> _______________________________________________ 
> Dev mailing list 
> Dev at lists.strongswan.org 
> https://lists.strongswan.org/mailman/listinfo/dev 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20150424/8a3f29f7/attachment.html>


More information about the Dev mailing list