[strongSwan] Strongswan+Android+Xauth

Ingmar Rosenhagen IRosenhagen at gmx.net
Sun Feb 12 17:39:03 CET 2012


Hi,

after Android 4.0 supports Ipsec with Xauth I setup a little test-connection:


conn android2
        left=10.10.10.10.
	right=%any
	auto=add
        authby=xauthpsk
	xauth=server
        pfs=no

I've added a PSK for the IPSEC and an XAuth-User in ipsec.secrets:

10.10.10.10 %any: PSK "password"
: XAUTH xoom "t3st"

On my Xoom I've entered the Server-IP, the IPsec-PSK and the Xauth User/PW.
When trying to connect, the Ipsec-Connections seems to be established but Xauth fails after that. The log shows that the client seems to send the wrong password. I've tripple-checked the password on the client-side now, and I'm sure it's entered correct, and I executed "ipsec rereadsecrets" which showed now errors. 
Any hints where I should start to look? Strongswan-Version on the Server is 4.3.2-1.ubuntu1.

Thanks in advance!

Log: 

Feb 12 11:08:10 wiederkaeuer pluto[3763]: "android2": deleting connection
Feb 12 11:08:10 wiederkaeuer pluto[3763]:   loaded host cert file '/etc/ipsec.d/certs/wiederkaeuer.pem' (2464 bytes)
Feb 12 11:08:10 wiederkaeuer pluto[3763]:   loaded host cert file '/etc/ipsec.d/certs/adelheid.pem' (2427 bytes)
Feb 12 11:08:10 wiederkaeuer pluto[3763]: added connection description "adelheid"
Feb 12 11:08:10 wiederkaeuer pluto[3763]:   loaded host cert file '/etc/ipsec.d/certs/wiederkaeuer.pem' (2464 bytes)
Feb 12 11:08:10 wiederkaeuer pluto[3763]:   loaded host cert file '/etc/ipsec.d/certs/netbook.pem' (2439 bytes)
Feb 12 11:08:10 wiederkaeuer pluto[3763]: added connection description "netbook"
Feb 12 11:08:10 wiederkaeuer pluto[3763]: added connection description "android"
Feb 12 11:08:10 wiederkaeuer pluto[3763]: added connection description "android2"
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: received Vendor ID payload [RFC 3947]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: received Vendor ID payload [XAUTH]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: ignoring Vendor ID payload [Cisco-Unity]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: ignoring Vendor ID payload [FRAGMENTATION 80000000]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: received Vendor ID payload [Dead Peer Detection]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: "android2"[1] 82.113.99.80:33728 #34: responding to Main Mode from unknown peer 82.113.99.80:33728
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[1] 82.113.99.80:33728 #34: NAT-Traversal: Result using RFC 3947: peer is NATed
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[1] 82.113.99.80:33728 #34: Peer ID is ID_IPV4_ADDR: '10.59.79.80'
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:33728 #34: deleting connection "android2" instance with peer 82.113.99.80 {isakmp=#0/ipsec=#0}
Feb 12 11:08:23 wiederkaeuer pluto[3763]: | NAT-T: new mapping 82.113.99.80:33728/63442)
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: sent MR3, ISAKMP SA established
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: sending XAUTH request
Feb 12 11:08:23 wiederkaeuer pluto[3763]: packet from 82.113.99.80:63442: Informational Exchange is for an unknown (expired?) SA
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: parsing XAUTH reply
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: xauth user 'xoom' sent wrong password
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: extended authentication failed
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: sending XAUTH status:
Feb 12 11:08:24 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: parsing XAUTH ack
Feb 12 11:08:24 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442: deleting connection "android2" instance with peer 82.113.99.80 {isakmp=#0/ipsec=#0}
Feb 12 11:08:24 wiederkaeuer pluto[3763]: packet from 82.113.99.80:63442: Informational Exchange is for an unknown (expired?) SA

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de




More information about the Users mailing list