[strongSwan] vpn server for iOS devices fails with no peer config found

Martin Willi martin at strongswan.org
Wed Oct 24 10:31:57 CEST 2012


Hi,

> # ipsec command not found

Some packagers have renamed the "ipsec" script to "strongswan", I think
this is the case on Fedora.

> conn ios
>         authby=secret

You have a PSK authenticated config, but your client

> looking for XAuthInitPSK peer configs matching
>    10.16.1.3...81.83.206.8[192.168.17.121]
> no peer config found

uses XAuth with PSK. Hence you have no connection match.

If you want to use XAuth with PSK, try

   leftauth=psk
   rightauth=psk
   rightauth2=xauth

Of course this requires an additional XAuth secret in ipsec.secrets.

> As like most people I have also a need to connect iOS devices to the
> corporate lan

If you are serious about security, don't use PSK + XAuth for a larger
user base. Each user needs access to a common PSK, but can misuse it to
impersonate the gateway and collect XAuth credentials.

Regards
Martin





More information about the Users mailing list