[strongSwan] Help - StrongSwan for iPad

Benoît benoitpotot at yahoo.fr
Thu Feb 9 23:39:30 CET 2012 

Hello,

I'm trying to connect an iPad to an Ubuntu server with StrongSwan.  should be clothed to make it work. (I hope.) But I have a problem. Here is the result of #tail -f /var/logs/auth.log :
pluto[980]: packet from 10.0.0.3:500: received Vendor ID payload [RFC 3947]
pluto[980]: packet from 10.0.0.3:500: received Vendor ID payload [XAUTH]
pluto[980]: packet from 10.0.0.3:500: ignoring Vendor ID payload [Cisco-Unity]
pluto[980]: packet from 10.0.0.3:500: received Vendor ID payload [Dead Peer Detection]
pluto[980]: "ios"[1] 10.0.0.3 #1: responding to Main Mode from unknown peer 10.0.0.3
pluto[980]: "ios"[1] 10.0.0.3 #1: NAT-Traversal: Result using RFC 3947: no NAT detected
pluto[980]: "ios"[1] 10.0.0.3 #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
pluto[980]: "ios"[1] 10.0.0.3 #1: Peer ID is ID_DER_ASN1_DN: 'C=FR, O=dipliad, CN=client_2'
pluto[980]: "ios"[1] 10.0.0.3 #1: crl not found
pluto[980]: "ios"[1] 10.0.0.3 #1: certificate status unknown
pluto[980]: "ios"[1] 10.0.0.3 #1: we have a cert and are sending it upon request
pluto[980]: "ios"[1] 10.0.0.3 #1: sent MR3, ISAKMP SA established
pluto[980]: "ios"[1] 10.0.0.3 #1: sending XAUTH request
pluto[980]: "ios"[1] 10.0.0.3 #1: parsing XAUTH reply
pluto[980]: "ios"[1] 10.0.0.3 #1: extended authentication was successful
pluto[980]: "ios"[1] 10.0.0.3 #1: sending XAUTH status
pluto[980]: "ios"[1] 10.0.0.3 #1: parsing XAUTH ack
pluto[980]: "ios"[1] 10.0.0.3 #1: received XAUTH ack, established
pluto[980]: "ios"[1] 10.0.0.3 #1: parsing ModeCfg request
pluto[980]: "ios"[1] 10.0.0.3 #1: unknown attribute type (28683)
pluto[980]: "ios"[1] 10.0.0.3 #1: peer requested virtual IP %any
pluto[980]: assigning new lease to 'ipad'
pluto[980]: "ios"[1] 10.0.0.3 #1: assigning virtual IP 10.10.0.2 to peer
pluto[980]: "ios"[1] 10.0.0.3 #1: sending ModeCfg reply
pluto[980]: "ios"[1] 10.0.0.3 #1: sent ModeCfg reply, established
pluto[980]: "ios"[1] 10.0.0.3 #2: responding to Quick Mode
pluto[980]: "ios"[1] 10.0.0.3 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3fafad46 (perhaps this is a duplicated packet)
pluto[980]: "ios"[1] 10.0.0.3 #1: sending encrypted notification INVALID_MESSAGE_ID to 10.0.0.3:500
pluto[980]: "ios"[1] 10.0.0.3 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3fafad46 (perhaps this is a duplicated packet)
pluto[980]: "ios"[1] 10.0.0.3 #1: sending encrypted notification INVALID_MESSAGE_ID to 10.0.0.3:500

Is somebody can help me and say me what does mean "Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x3fafad46"

Thanks a lot.

Benoît.

Here is the ipsec.conf :
# ipsec.conf - strongSwan IPsec configuration file

# basic configuration
config setup
nat_traversal=yes
plutostart=yes
conn ios
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=%defaultroute
leftsubnet=0.0.0.0/0
leftfirewall=yes
leftcert=serverCert.pem
right=%any
rightsubnet=10.10.0.0/24
rightsourceip=10.10.0.2
rightcert=clientCert.pem
pfs=no
auto=add
dpdtimeout=30
dpddelay=5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120209/4f2c273d/attachment.html>

More information about the Users mailing list