[strongSwan] Problem in android (xauth+psk) and iphone (Cisco Ipsec) with storonswan

Hamid Zamani if.else.fi at gmail.com
Sat Oct 27 15:13:47 CEST 2012 

Hello ,

I've configured a debian server with following config :

IPsec.conf :

conn ioss
        keyexchange=ikev1
        authby=xauthpsk
        xauth=server
        left=%defaultroute
        leftsubnet=0.0.0.0/0
        leftfirewall=yes
        right=%any
        rightsubnet=0.0.0.0/0
        rightsourceip=10.10.9.0/24
        auto=add
        modeconfig=push


ipsec.secrets :

test1 : XAUTH "test123"
moon.strongswan.org %any : PSK "test123456"


Error :
[...]
Oct 27 09:25:06 4 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-08
vendor ID
Oct 27 09:25:06 4 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-07
vendor ID
Oct 27 09:25:06 4 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-06
vendor ID
Oct 27 09:25:06 4 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-05
vendor ID
Oct 27 09:25:06 4 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-04
vendor ID
Oct 27 09:25:06 4 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-03
vendor ID
Oct 27 09:25:06 4 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-02
vendor ID
Oct 27 09:25:06 4 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-02\n
vendor ID
Oct 27 09:25:06 4 charon: 15[IKE] received XAuth vendor ID
Oct 27 09:25:06 4 charon: 15[IKE] received Cisco Unity vendor ID
Oct 27 09:25:06 4 charon: 15[ENC] received unknown vendor ID:
40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3:80:00:00:00
Oct 27 09:25:06 4 charon: 15[IKE] received DPD vendor ID
Oct 27 09:25:06 4 charon: 15[IKE] y.y.y.y is initiating a Main Mode IKE_SA
Oct 27 09:25:06 4 charon: 15[ENC] generating ID_PROT response 0 [ SA V V V ]
Oct 27 09:25:06 4 charon: 15[NET] sending packet: from x.x.x.x[500] to
y.y.y.y[500]
Oct 27 09:25:06 4 charon: 16[NET] received packet: from y.y.y.y[500] to
x.x.x.x[500]
Oct 27 09:25:06 4 charon: 16[ENC] parsed ID_PROT request 0 [ KE No NAT-D
NAT-D ]
Oct 27 09:25:06 4 charon: 16[IKE] remote host is behind NAT
Oct 27 09:25:06 4 charon: 16[ENC] generating INFORMATIONAL_V1 request
2434938569 [ N(INVAL_KE) ]
Oct 27 09:25:06 4 charon: 16[NET] sending packet: from x.x.x.x[500] to
y.y.y.y[500]

So it doesn't connect to server .

Also with certifcate just android (Xauth + rsa) works and IPhone (Cisco
Ipsec ) doesn't work

Where is the problem ?

Thank you so much
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121027/89fecca2/attachment.html>

More information about the Users mailing list