[strongSwan] Strongswan 5 & Apple iOS5

Michael Lam mikejuni at live.com
Fri Aug 31 05:22:47 CEST 2012


Hi,
I'm using StrongSwan on my OpenWRT based router to setup a VPN for my roadwarrior iOS 5 using XAUTH with PSK.
My setup is like this:
My internal network:
Network and range 172.16.67.96/255.255.255.224 (172.16.67.96 - 172.16.67.126)Gateway 172.16.67.97DNS 172.16.67.97
My OpenWRT is the gateway with IP address 172.16.67.97 and it obtains an external IP address assigned by my ISP. I'm using dyndns to get a proper name for the external IP.
And my virtual IP range for roadwarrior is
Network and range 172.16.67.128/255.255.255.224 (172.16.67.129 - 172.16.67.158)
DNS 172.16.67.97
My current ipsec.conf looks like this:
# /etc/ipsec.conf - strongSwan IPsec configuration file
config setup
conn ios        type=tunnel        keyexchange=ikev1        authby=xauthpsk        xauth=server        left=%defaultroute        leftsourceip=172.16.67.129        leftsubnet=0.0.0.0/0        leftfirewall=yes        right=%any        rightsourceip=172.16.67.130/27        auto=add
My strongswan.conf looks like this:
# /etc/strongswan.conf - strongSwan configuration file
charon {  dns1 = 172.16.67.97}
My ipsec.secrets file is setup properly. I could establish the VPN, a virtual IP address of 172.16.67.131. When I try to ping from my OpenWRT router or any internal LAN machine to the IP 172.16.67.131, it works.
I also have a SSH client in my iPhone, when I try to SSH to the internal LAN (with both IP and DNS name), it failed. Seems like traffic can go from my internal LAN to the iPhone but not vice versa. So it is not a problem with the DNS. I think its either routing or firewall.
Checked my firewall configuration using iptables -L FORWARDING, I do see 2 rules being added after the tunnel is established, allowing incoming 172.16.67.131 to any and allowing any from internal LAN to 172.16.67.131.
Anyone knows what have I setup wrong? 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120831/343ac30f/attachment.html>


More information about the Users mailing list