[strongSwan] vpn server for iOS devices fails with no peer config found
Martin Willi
martin at strongswan.org
Wed Oct 24 10:31:57 CEST 2012
Hi,
> # ipsec command not found
Some packagers have renamed the "ipsec" script to "strongswan", I think
this is the case on Fedora.
> conn ios
> authby=secret
You have a PSK authenticated config, but your client
> looking for XAuthInitPSK peer configs matching
> 10.16.1.3...81.83.206.8[192.168.17.121]
> no peer config found
uses XAuth with PSK. Hence you have no connection match.
If you want to use XAuth with PSK, try
leftauth=psk
rightauth=psk
rightauth2=xauth
Of course this requires an additional XAuth secret in ipsec.secrets.
> As like most people I have also a need to connect iOS devices to the
> corporate lan
If you are serious about security, don't use PSK + XAuth for a larger
user base. Each user needs access to a common PSK, but can misuse it to
impersonate the gateway and collect XAuth credentials.
Regards
Martin
More information about the Users
mailing list