[strongSwan] iPhone 3G connects fine, but Windows 7 doesn't!

[Tobias Brunner]

Hi Deniz,

> I am using iPhone 3G with exact same WiFi and router, but it connects 
> fine. If this is a problem with my router or ISP, wouldn't I encounter 
> the same problem with iPhone?

No, because the iPhone uses IKEv1 to setup the connection, whereas the
default Windows 7 VPN client uses IKEv2, the results could be quite
different.  Although the protocols use the same ports and share some
basic details they are different.  Some routers try to handle IPsec
specially thus might mess with IKEv2 packets.
I actually have this exact issue at home with a D-Link DIR-615 router
which occasionally seems to filter the IKE_AUTH response packets (while
IKEv1 works perfectly the whole time).  The workaround I found for my
situation is strange but clearly indicates a router bug:  After each
restart of the router I have to enable wifi (which I have disabled by
default as I use a separate AP) and disable it again.  This seems to
trigger something in the router which makes IKEv2 work afterwards.  This
might not help in your situation, but it illustrates that there could
very well be something that selectively breaks IKEv2 while IKEv1 works fine.
As a workaround you could try to setup the connection with IKEv1 from
Windows 7 as well (see [1] or [2] for pointers) or use a third-party
IKEv1 client (e.g. Shrew [3]).

Regards,
Tobias

[1] http://wiki.strongswan.org/projects/strongswan/wiki/WindowsVista
[2] http://wiki.strongswan.org/projects/strongswan/wiki/WindowsSuiteB
[3] http://www.shrew.net/