[strongSwan] iOs and android problem

Hamid Zamani if.else.fi at gmail.com
Mon Nov 19 13:04:21 CET 2012


Hello ,

i'm trying to establish a iphone ipsec to my server , and in my log the
client gets ip address and authentication is ok but at other side client
shows me an error and it won't connect :


PSK + XAUTH


here my log :

Nov 19 08:00:56 4 charon: 02[NET] received packet: from y.y.y.y[500] to
x.x.x.x[500]
Nov 19 08:00:56 4 charon: 02[ENC] parsed ID_PROT request 0 [ SA V V V V V V
V V V V V V V
]

Nov 19 08:00:56 4 charon: 02[IKE] received NAT-T (RFC 3947) vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike
vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-08
vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-07
vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-06
vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-05
vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-04
vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-03
vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-02
vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-02\n
vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received XAuth vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received Cisco Unity vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] received DPD vendor
ID

Nov 19 08:00:56 4 charon: 02[IKE] y.y.y.y is initiating a Main Mode
IKE_SA

Nov 19 08:00:56 4 charon: 02[IKE] IKE_SA (unnamed)[1] state change: CREATED
=>
CONNECTING

Nov 19 08:00:56 4 charon: 02[ENC] generating ID_PROT response 0 [ SA V V V
]

Nov 19 08:00:56 4 charon: 02[NET] sending packet: from x.x.x.x[500] to
y.y.y.y[500]

Nov 19 08:00:57 4 charon: 01[NET] received packet: from y.y.y.y[500] to
x.x.x.x[500]

Nov 19 08:00:57 4 charon: 01[ENC] parsed ID_PROT request 0 [ KE No NAT-D
NAT-D
]

Nov 19 08:00:57 4 charon: 01[IKE] remote host is behind
NAT

Nov 19 08:00:57 4 charon: 01[ENC] generating ID_PROT response 0 [ KE No
NAT-D NAT-D
]

Nov 19 08:00:57 4 charon: 01[NET] sending packet: from x.x.x.x[500] to
y.y.y.y[500]

Nov 19 08:00:57 4 charon: 12[NET] received packet: from y.y.y.y[4500] to
x.x.x.x[4500]

Nov 19 08:00:57 4 charon: 12[ENC] parsed ID_PROT request 0 [ ID HASH
N(INITIAL_CONTACT)
]

Nov 19 08:00:57 4 charon: 12[IKE] queueing XAUTH
task

Nov 19 08:00:57 4 charon: 12[ENC] generating ID_PROT response 0 [ ID HASH
]

Nov 19 08:00:57 4 charon: 12[NET] sending packet: from x.x.x.x[4500] to
y.y.y.y[4500]

Nov 19 08:00:57 4 charon: 12[IKE] activating new tasks
Nov 19 08:00:57 4 charon: 12[IKE]   activating XAUTH task
Nov 19 08:00:57 4 charon: 12[ENC] generating TRANSACTION request 525259943
[ HASH CP ]
Nov 19 08:00:57 4 charon: 12[NET] sending packet: from x.x.x.x[4500] to
y.y.y.y[4500]
Nov 19 08:00:57 4 charon: 03[NET] received packet: from y.y.y.y[4500] to
x.x.x.x[4500]
Nov 19 08:00:57 4 charon: 03[ENC] parsed TRANSACTION response 525259943 [
HASH CP ]
Nov 19 08:00:57 4 charon: 03[IKE] RADIUS authentication of 'username'
successful
Nov 19 08:00:57 4 charon: 03[IKE] XAuth authentication of 'username'
successful
Nov 19 08:00:57 4 charon: 03[IKE] reinitiating already active tasks
Nov 19 08:00:57 4 charon: 03[IKE]   XAUTH task
Nov 19 08:00:57 4 charon: 03[ENC] generating TRANSACTION request 978266665
[ HASH CP ]
Nov 19 08:00:57 4 charon: 03[NET] sending packet: from x.x.x.x[4500] to
y.y.y.y[4500]
Nov 19 08:00:58 4 charon: 15[NET] received packet: from y.y.y.y[4500] to
x.x.x.x[4500]
Nov 19 08:00:58 4 charon: 15[ENC] parsed TRANSACTION response 978266665 [
HASH CP ]
Nov 19 08:00:58 4 charon: 15[IKE] IKE_SA ioss[1] established between
x.x.x.x[x.x.x.x]...y.y.y.y[192.168.5.43]
Nov 19 08:00:58 4 charon: 15[IKE] IKE_SA ioss[1] state change: CONNECTING
=> ESTABLISHED
Nov 19 08:00:58 4 charon: 15[IKE] scheduling reauthentication in 9991s
Nov 19 08:00:58 4 charon: 15[IKE] maximum IKE_SA lifetime 10531s
Nov 19 08:00:58 4 charon: 15[IKE] activating new tasks
Nov 19 08:00:58 4 charon: 15[IKE] nothing to initiate
Nov 19 08:00:58 4 charon: 11[NET] received packet: from y.y.y.y[4500] to
x.x.x.x[4500]
Nov 19 08:00:58 4 charon: 11[ENC] unknown attribute type (28683)
Nov 19 08:00:58 4 charon: 11[ENC] parsed TRANSACTION request 573998017 [
HASH CP ]
Nov 19 08:00:58 4 charon: 11[IKE] processing INTERNAL_IP4_ADDRESS attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing INTERNAL_IP4_NETMASK attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing INTERNAL_IP4_DNS attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing INTERNAL_IP4_NBNS attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing INTERNAL_ADDRESS_EXPIRY
attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing APPLICATION_VERSION attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing UNITY_BANNER attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing UNITY_DEF_DOMAIN attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing UNITY_SPLITDNS_NAME attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing UNITY_SPLIT_INCLUDE attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing UNITY_LOCAL_LAN attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing UNITY_PFS attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing UNITY_SAVE_PASSWD attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing UNITY_FW_TYPE attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing UNITY_BACKUP_SERVERS attribute
Nov 19 08:00:58 4 charon: 11[IKE] processing (28683) attribute
Nov 19 08:00:58 4 charon: 11[IKE] peer requested virtual IP %any
Nov 19 08:00:58 4 charon: 11[IKE] assigning virtual IP 10.2.2.1 to peer
'username'
Nov 19 08:00:58 4 charon: 11[IKE] building INTERNAL_IP4_DNS attribute
Nov 19 08:00:58 4 charon: 11[IKE] building INTERNAL_IP4_DNS attribute
Nov 19 08:00:58 4 charon: 11[IKE] building UNITY_SPLIT_INCLUDE attribute
Nov 19 08:00:58 4 charon: 11[ENC] generating TRANSACTION response 573998017
[ HASH CP ]
Nov 19 08:00:58 4 charon: 11[NET] sending packet: from x.x.x.x[4500] to
y.y.y.y[4500]
Nov 19 08:01:14 4 charon: 02[NET] received packet: from y.y.y.y[4500] to
x.x.x.x[4500]
Nov 19 08:01:14 4 charon: 02[ENC] parsed INFORMATIONAL_V1 request
4000219355 [ HASH D ]
Nov 19 08:01:14 4 charon: 02[IKE] received DELETE for IKE_SA ioss[1]
Nov 19 08:01:14 4 charon: 02[IKE] deleting IKE_SA ioss[1] between
x.x.x.x[x.x.x.x]...y.y.y.y[192.168.5.43]
Nov 19 08:01:14 4 charon: 02[IKE] IKE_SA ioss[1] state change: ESTABLISHED
=> DELETING
Nov 19 08:01:14 4 charon: 02[IKE] IKE_SA ioss[1] state change: DELETING =>
DESTROYING


and this situation occurs for another device (android) (Galaxy Note) and it
is interesting to saying that the other one (android) can connect
successfully


Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121119/60e78340/attachment.html>


More information about the Users mailing list