[strongSwan] Help Connecting Strongswan to iPhone

Andreas Steffen andreas.steffen at strongswan.org
Sun Mar 27 18:01:30 CEST 2011 

Hi Dan,

what is missing is

leftsubnet=53.74.66.108/32

as you have a double NAT situation. Can you configure
the iPhone to use IPsec Tunnel Mode so that the
internal destination IP would be 192.168.1.10, too?

Regards

Andreas

On 03/26/2011 09:06 PM, Dan Deming wrote:
> Hello,
> 
> I'm trying to get a strongswan VPN set up so I can connect my iPhone
> to my Ubuntu Lucid Lynx desktop, but I can't seem to get it
> working and would appreciate any help anyone can give me.
> 
> I feel like I'm close, but networking is not one of my
> strong suits, so the whole leftnexthop, rightprotoport
> thing is pretty confusing to me.
> 
> I've been generally following the directions on these 3
> pages:
> 
> http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/
> https://lists.strongswan.org/pipermail/users/2009-March/003291.html
> http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients.html
> 
> Currently, I'm getting the following error:
> 
> cannot respond to IPsec SA request because no connection is known for
> 53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32
> <http://53.74.66.108/32===192.168.1.10:17/%any...192.168.1.1[192.168.1.12]:17/%any===192.168.1.12/32>
> 
> Here are the stats on what I'm running:
> 
> Ubuntu Desktop:
>  * Internal IP address is 192.168.1.10
>  * Running custom compiled version of strongswan-4.3.2 with
> --enable-nat-transport option enabled
>  * Running xl2tpd
>  * Both were set up by following
> http://nielspeen.com/blog/2009/04/linux-l2tpipsec-with-iphone-and-mac-osx-clients/
>  * Firewall was off while I was trying to get this working
> 
> Linksys E3000 router:
>  * Internal IP address is 192.168.1.1
>  * Comcast IP address is 53.74.66.108 (not my actual IP, but you get the
> idea)
>  * NAT Enabled
>  * VPN Passthrough Enabled
>  * Ports 4500 and 1701 forwarded to 192.168.1.10
> 
> iPhone 3GS:
>  * I guess the IP for this device is 166.121.15.14? (Again, I changed it
> in the log below)
> 
> Here is my ipsec.conf:
> 
> config setup
>     nat_traversal=yes
>     charonstart=yes
>     plutostart=yes
> 
> conn L2TP
>         authby=psk
>         pfs=no
>         rekey=no
>         type=tunnel
>         esp=aes128-sha1
>         ike=aes128-sha-modp1024
>         left=192.168.1.10
>         leftnexthop=%defaultroute
>         #leftprotoport=17/%any
>         leftprotoport=17/1701
>         right=%any
>         rightprotoport=17/%any
>         #rightsubnetwithin=10.0.0.0/8 <http://10.0.0.0/8>
>         auto=add
> 
> 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

More information about the Users mailing list