[strongSwan] Strongswan 5 & Apple iOS5

Michael Lam mikejuni at live.com
Fri Aug 31 05:22:47 CEST 2012

I'm using StrongSwan on my OpenWRT based router to setup a VPN for my roadwarrior iOS 5 using XAUTH with PSK.
My setup is like this:
My internal network:
Network and range ( -
My OpenWRT is the gateway with IP address and it obtains an external IP address assigned by my ISP. I'm using dyndns to get a proper name for the external IP.
And my virtual IP range for roadwarrior is
Network and range ( -
My current ipsec.conf looks like this:
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
conn ios        type=tunnel        keyexchange=ikev1        authby=xauthpsk        xauth=server        left=%defaultroute        leftsourceip=        leftsubnet=        leftfirewall=yes        right=%any        rightsourceip=        auto=add
My strongswan.conf looks like this:
# /etc/strongswan.conf - strongSwan configuration file
charon {  dns1 =}
My ipsec.secrets file is setup properly. I could establish the VPN, a virtual IP address of When I try to ping from my OpenWRT router or any internal LAN machine to the IP, it works.
I also have a SSH client in my iPhone, when I try to SSH to the internal LAN (with both IP and DNS name), it failed. Seems like traffic can go from my internal LAN to the iPhone but not vice versa. So it is not a problem with the DNS. I think its either routing or firewall.
Checked my firewall configuration using iptables -L FORWARDING, I do see 2 rules being added after the tunnel is established, allowing incoming to any and allowing any from internal LAN to
Anyone knows what have I setup wrong? 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120831/343ac30f/attachment.html>

More information about the Users mailing list