[strongSwan] Routing problem with iPhone as roadwarrior

Mon Dec 6 16:03:55 CET 2010

Dear list

I tried to setup a VPN connection between the iPhone and my linux server. The tunnel builds up successfully using PSK or certificates (thanks to Michael Niehren for http://www.mail-archive.com/users@lists.strongswan.org/msg00798.html).

But I cannot get any connection running over that tunnel. Using tcpdump on the gateway, I can see the incoming ping packets getting sent to the iphone as encrypted packets, but there is no answer coming back.

When I try to brows the lan/web from the iPhone, nothing is being sent to the vpn gateway. There's just a "Cannot open page" message displayed, although the connection is showed as working.

I'm using PSK+XAUTH with strongSwan 4.3.2 and pluto/ikev1. 

What could the problem be? Any hints on troubleshooting?

Any help is highly appreciated. Thanks in advance.

Tom

Here's my ipsec.conf
config setup
        plutodebug=none
        uniqueids=yes
        nat_traversal=yes
        plutostart=yes
        interfaces="%defaultroute"

conn %default
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        keyingtries=1
        keylife=20m
        ikelifetime=240m

conn psk
        auto=add
        dpdaction=clear
        authby=xauthpsk
        xauth=server
        pfs=no
        left=192.168.0.40
        leftsubnet=0.0.0.0/0
        right=%any
        rightsourceip=172.17.0.2

-- 
Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief!  
Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail