[strongSwan] --enable-unity bug?

Igor j at owind.com
Tue Nov 20 16:15:49 CET 2012


when compile with --enable-unity, then must be set any one of
unity_split_include like:

ipsec pool --addattr unity_split_include --subnet *****

so the iOS VPN can connect to SS, or not it failed.

Here is the failed log:

Nov 20 15:05:50 10[CFG] sending UNITY_SPLIT_INCLUDE: 0.0.0.0/0
Nov 20 15:05:50 10[ENC] generating TRANSACTION response 3961439185 [ HASH CP ]
Nov 20 15:05:50 10[NET] sending packet: from 1.1.82.106[4500] to
10.10.156.80[4500]
Nov 20 15:06:00 08[IKE] sending DPD request
Nov 20 15:06:00 08[ENC] generating INFORMATIONAL_V1 request 469988873
[ HASH N(DPD) ]
Nov 20 15:06:00 08[NET] sending packet: from 1.1.82.106[4500] to
10.10.156.80[4500]
Nov 20 15:06:01 15[NET] received packet: from 10.10.156.80[4500] to
1.1.82.106[4500]
Nov 20 15:06:01 15[ENC] parsed INFORMATIONAL_V1 request 3902819098 [
HASH N(DPD_ACK) ]
Nov 20 15:06:07 10[NET] received packet: from 10.10.156.80[4500] to
1.1.82.106[4500]
Nov 20 15:06:07 10[ENC] parsed INFORMATIONAL_V1 request 1875701886 [ HASH D ]
Nov 20 15:06:07 10[IKE] received DELETE for IKE_SA vpnc[3]
Nov 20 15:06:07 10[IKE] deleting IKE_SA vpnc[3] between
1.1.82.106[gw]...10.10.156.80[gw]

Bests,
-Igor




More information about the Users mailing list