[strongSwan] strongSwan 5.1.0 cannot connect from iOS 7.0.4: generating INFORMATIONAL_V1 request 2748476017 [ HASH N(AUTH_FAILED) ]

Justin Piszcz jpiszcz at lucidpixels.com
Sat Dec 28 16:13:39 CET 2013 

Hello,

Using Debian Testing x86_64 w/strongSwan 5.1.0 (and also compiled my own),
issue occurs with both versions.

I followed the steps here:
http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)

When I try to connect, I get the following with iOS 7.0.4:

Dec 28 10:12:05 atom charon: 12[NET] received packet: from
ios.client.ip[39868] to my.ip[500] (668 bytes)
Dec 28 10:12:05 atom charon: 12[ENC] parsed ID_PROT request 0 [ SA V V V V V
V V V V V V V V V ]
Dec 28 10:12:05 atom charon: 12[CFG] looking for an ike config for
my.ip...ios.client.ip
Dec 28 10:12:05 atom charon: 12[CFG] ike config match: 6 (my.ip
ios.client.ip IKEv1)
Dec 28 10:12:05 atom charon: 12[CFG]   candidate: %any...%any, prio 6
Dec 28 10:12:05 atom charon: 12[CFG] found matching ike config: %any...%any
with prio 6
Dec 28 10:12:05 atom charon: 12[IKE] received NAT-T (RFC 3947) vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike
vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-08
vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-07
vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-06
vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-05
vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-04
vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-03
vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02
vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received XAuth vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received Cisco Unity vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received FRAGMENTATION vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] received DPD vendor ID
Dec 28 10:12:05 atom charon: 12[IKE] ios.client.ip is initiating a Main Mode
IKE_SA
Dec 28 10:12:05 atom charon: 12[CFG] selecting proposal:
Dec 28 10:12:05 atom charon: 12[CFG]   proposal matches
Dec 28 10:12:05 atom charon: 12[CFG] received proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Dec 28 10:12:05 atom charon: 12[CFG] configured proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Dec 28 10:12:05 atom charon: 12[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536
Dec 28 10:12:05 atom charon: 12[ENC] generating ID_PROT response 0 [ SA V V
V V ]
Dec 28 10:12:05 atom charon: 12[NET] sending packet: from my.ip[500] to
ios.client.ip[39868] (156 bytes)
Dec 28 10:12:05 atom charon: 13[NET] received packet: from
ios.client.ip[39868] to my.ip[500] (292 bytes)
Dec 28 10:12:05 atom charon: 13[ENC] parsed ID_PROT request 0 [ KE No NAT-D
NAT-D ]
Dec 28 10:12:05 atom charon: 13[IKE] remote host is behind NAT
Dec 28 10:12:05 atom charon: 13[IKE] sending cert request for "C=US,
O=mydomain, CN=mydomain CA"
Dec 28 10:12:05 atom charon: 13[ENC] generating ID_PROT response 0 [ KE No
CERTREQ NAT-D NAT-D ]
Dec 28 10:12:05 atom charon: 13[NET] sending packet: from my.ip[500] to
ios.client.ip[39868] (375 bytes)
Dec 28 10:12:05 atom charon: 15[NET] received packet: from
ios.client.ip[2945] to my.ip[4500] (1132 bytes)
Dec 28 10:12:05 atom charon: 15[ENC] parsed ID_PROT request 0 [ ID CERT SIG
CERTREQ N(INITIAL_CONTACT) ]
Dec 28 10:12:05 atom charon: 15[IKE] ignoring certificate request without
data
Dec 28 10:12:05 atom charon: 15[IKE] received end entity cert "C=US,
O=mydomain, CN=client"
Dec 28 10:12:05 atom charon: 15[CFG] looking for XAuthInitRSA peer configs
matching my.ip...ios.client.ip[ios]
Dec 28 10:12:05 atom charon: 15[CFG] peer config match local: 1 (ID_ANY)
Dec 28 10:12:05 atom charon: 15[CFG] peer config match remote: 0 (ID_KEY_ID
-> 69:6f:73)
Dec 28 10:12:05 atom charon: 15[CFG] ike config match: 6 (my.ip
ios.client.ip IKEv1)
Dec 28 10:12:05 atom charon: 15[IKE] no peer config found
Dec 28 10:12:05 atom charon: 15[ENC] generating INFORMATIONAL_V1 request
4064123545 [ HASH N(AUTH_FAILED) ]
Dec 28 10:12:05 atom charon: 15[NET] sending packet: from my.ip[4500] to
ios.client.ip[2945] (92 bytes)

Justin.

More information about the Users mailing list