[strongSwan] Strongswan + Mac OSX
Martin Willi
martin at strongswan.org
Mon Sep 3 12:06:14 CEST 2012
Hi Claude,
> So far I had the VPN working in a hybrid mode where strongswan
> authenicates itself using its certificate and my Mac authenticates with
> username/groupname.
> When trying to authenticate the Mac with a signature, I get the
> following errors :
Your configuration indicates that you are using plain public key
authentication, without XAuth. How did you configure OS X to use plain
RSA signature authentication? From what I see, OS X only supports:
* XAuth with PSK
* XAuth with RSA
* (and Mountain Lion now seems to properly supports "Hybrid Mode"
if the group name contains the string "[hybrid]")
> conn RESTENA
> keyexchange=ikev1
> rightauth=pubkey
> rightsourceip=%ikev1
If you want to use XAuth with RSA, try to set rightauth=pubkey, and
rightauth2=xauth.
> generating ID_PROT response 0 [KE No CERTREQ NAT-D NAT-D ]
> sending packet: from 158.64.1.13[500] to 158.64.1.176[500]
> received packet: from 158.64.1.176[500] to 158.64.1.13[500]
> decryption failed, invalid length
> could not decrypt payloads
> integrity check failed
Hm, never seen that with certificates. Maybe a PSK is involved in the
key derivation, yielding to wrong encryption keys?
Regards
Martin
More information about the Users
mailing list