[strongSwan] iphone/ipad get connection but no internet
holli at holli.at
holli at holli.at
Sun Nov 27 23:54:24 CET 2011
hello,
i'm new to strongswan and try to use it for my ipad and iphone to access my lan (i have openvpn running on my windows boxes (client) and the openvpn server on the same box as the ipsec but with ipsec i can connect but only this box where ipsec is on - so it looks like the config from the wiki http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) works for connecting but not for accessing any other box on my lan than the box where ipsec is on.
iphone ---> xx.dyndns.org (router IP: 192.168.1.254) --> port 500/4500 are routed to 192.168.1.51 where strongswan is running on
my config looks like this:
ipsec.conf:
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
nat_traversal=yes
# charonstart=yes
plutostart=yes
# Add connections here.
conn ios
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=%defaultroute
leftsubnet=0.0.0.0/0
# left=hohaso.dyndns.org
leftfirewall=yes
leftcert=serverCert.pem
right=%any
# rightsubnet=10.8.0.0/24
# rightsourceip=10.8.0.5
rightsubnet=192.168.1.0/24
rightsourceip=192.168.1.11
rightcert=clientCert.pem
pfs=no
auto=add
i tried here to use the lan ip's as well but some result not difference for 10 or 192 network
strongswan.conf
charon {
# number of worker threads in charon
threads = 16
# plugins to load in charon
load = aes des sha1 md5 sha2 hmac gmp random pubkey xcbc x509 stroke
# plugins {
# sql {
# loglevel to log into sql database
# loglevel = -1
# URI to the database
# database = sqlite:///path/to/file.db
# database = mysql://user:password@localhost/database
# }
# }
# ...
}
pluto {
# plugins to load in pluto
# load = aes des sha1 md5 sha2 hmac gmp random pubkey
dns1 = 192.168.1.254
}
libstrongswan {
# set to no, the DH exponent size is optimized
# dh_exponent_ansi_x9_42 = no
}
so within the log file all looks ok i guess?
Nov 27 23:52:02 holli-nas-2 pluto[31618]: | NAT-T: new mapping 46.207.255.74:22256/5848)
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: sent MR3, ISAKMP SA established
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: sending XAUTH request
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: parsing XAUTH reply
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: extended authentication was successful
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: sending XAUTH status
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: parsing XAUTH ack
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: received XAUTH ack, established
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: parsing ModeCfg request
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: unknown attribute type (28683)
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: peer requested virtual IP %any
Nov 27 23:52:02 holli-nas-2 pluto[31618]: reassigning offline lease to 'holli'
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: assigning virtual IP 10.8.0.5 to peer
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: sending ModeCfg reply
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #3: sent ModeCfg reply, established
Nov 27 23:52:02 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #4: responding to Quick Mode
Nov 27 23:52:03 holli-nas-2 pluto[31618]: "ios"[2] 46.207.255.74:5848 #4: IPsec SA established {ESP=>0x0174e0da <0xccf7980d NATOA=0.0.0.0}
and on the iphone i get a welcome with success but i can only access the box where ipsec is on so what is the trick to access all boxes on the lan and have also access to the internet?
thanks
holli
More information about the Users
mailing list