[strongSwan] Strongswan with iphone
Nicole Hähnel
ml at nicole-haehnel.de
Sun Oct 24 19:19:02 CEST 2010
Hi,
I am trying to setup a vpn connection from an iphone with cert.
The first connection works, but if I try to connect a second time, I do
not get a virtual ip.
'iphone' already has an online lease, unable to assign address
Tried to use a subnet as rightsourceip, but this does not work at all.
Any experiences with that?
Thanks!
Nicole
strongswan 4.4.1 on sles 10 sp2
config setup
plutodebug=none
charonstart=yes
plutostart=yes
charondebug=no
nat_traversal=yes
uniqueids=no
crlcheckinterval=0
strictcrlpolicy=no
conn %default
keyexchange=ikev2
mobike=no
compress=no
authby=rsasig
left=xxx
leftid=@vpngw
leftcert=xxx
leftrsasigkey=%cert
rightrsasigkey=%cert
lefthostaccess=yes
ike=3des-sha-modp2048
esp=3des-md5
conn iphone
auto=add
dpdaction=clear
authby=xauthrsasig
xauth=server
keyexchange=ikev1
pfs=no
leftsubnet=0.0.0.0/0
right=%any
rightsourceip=172.27.xx.xx
rightcert=rw
ike=aes128-md5-modp1024
esp=aes128-md5
Oct 24 19:06:29 vpngw pluto[21306]: packet from 46.xx.xx.xx:500:
received Vendor ID payload [Dead Peer Detection]
Oct 24 19:06:29 vpngw pluto[21306]: "iphone"[7] 46.xx.xx.xx #9:
responding to Main Mode from unknown peer 46.xx.xx.xx
Oct 24 19:06:30 vpngw pluto[21306]: "iphone"[7] 46.xx.xx.xx #9:
NAT-Traversal: Result using RFC 3947: peer is NATed
Oct 24 19:06:30 vpngw pluto[21306]: "iphone"[7] 46.xx.xx.xx #9: ignoring
informational payload, type IPSEC_INITIAL_CONTACT
Oct 24 19:06:30 vpngw pluto[21306]: "iphone"[7] 46.xx.xx.xx #9: Peer ID
is ID_DER_ASN1_DN: 'C=DE, ST=xx, L=xx, O=xxx, OU=xx, CN=xx, E=xx'
Oct 24 19:06:30 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx #9: deleting
connection "iphone" instance with peer 46.xx.xx.xx {isakmp=#0/ipsec=#0}
Oct 24 19:06:30 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx #9: we have
a cert and are sending it upon request
Oct 24 19:06:30 vpngw pluto[21306]: | NAT-T: new mapping
46.xx.xx.xx:500/4500)
Oct 24 19:06:30 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
sent MR3, ISAKMP SA established
Oct 24 19:06:30 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
sending XAUTH request
Oct 24 19:06:43 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
parsing XAUTH reply
Oct 24 19:06:43 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
extended authentication was successful
Oct 24 19:06:43 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
sending XAUTH status
Oct 24 19:06:43 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
parsing XAUTH ack
Oct 24 19:06:43 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
received XAUTH ack, established
Oct 24 19:06:43 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
parsing ModeCfg request
Oct 24 19:06:43 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
unknown attribute type (28683)
Oct 24 19:06:43 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
peer requested virtual IP %any
Oct 24 19:06:43 vpngw pluto[21306]: 'iphone' already has an online
lease, unable to assign address
Oct 24 19:06:43 vpngw pluto[21306]: acquiring address from pool 'iphone'
failed
Oct 24 19:06:43 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
sending ModeCfg reply
Oct 24 19:06:43 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
sent ModeCfg reply, established
Oct 24 19:07:00 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500 #9:
received Delete SA payload: deleting ISAKMP State #9
Oct 24 19:07:00 vpngw pluto[21306]: "iphone"[8] 46.xx.xx.xx:4500:
deleting connection "iphone" instance with peer 46.xx.xx.xx
{isakmp=#0/ipsec=#0}
Oct 24 19:07:00 vpngw pluto[21306]: ERROR: asynchronous network error
report on eth1 for message to 46.xx.xx.xx port 4500, complainant
46.xx.xx.xx: Connection refused [errno 111, origin ICMP type 3 code 3
(not authenticated)]
More information about the Users
mailing list