[strongSwan] [help]My iOS Certificate cfg conflicts with Android Xauth PSK one

Marguerite Su i at marguerite.su
Sat Jun 8 04:32:21 CEST 2013


Hi, listmates,

I can't connect to strongswan on my iPad, and the server log shows:

[IKE]received end entity cert "C=CN, O=strongSwan, CN=client"
[CFG] looking for XAuthInitRSA peer configs matching
<Myserver>...<MyIP>[C=CN, O=strongSwan, CN=client]
[CFG]   candidate "iOS_cert", match: 1/20/6 (me/other/ike)
[CFG]   candidate "android_xauth_psk", match: 1/1/6 (me/other/ike)
[IKE] no peer config found
[IKE] queueing INFORMATIONAL task

is that normal? I think my cfgs conflict with each other, here:

conn iOS_cert
    keyexchange=ikev1
    aggressive=yes
    # strongswan version >= 5.0.2, compatible with iOS 6.0,6.0.1
    fragmentation=yes
    left=%defaultroute
    leftauth=pubkey
    leftsubnet=0.0.0.0/0
    leftcert=server.cert.pem
    right=%any
    rightauth=pubkey
    rightauth2=xauth
    rightsourceip=10.0.0.0/24
    rightcert=client.cert.pem
    auto=add

# also supports Windows vista and iOS PSK
conn android_xauth_psk
     keyexchange=ikev1
     left=%defaultroute
     leftauth=psk
     leftsubnet=0.0.0.0/0
     right=%any
     rightauth=psk
     rightauth2=xauth
     rightsourceip=10.0.0.0/24
     auto=add

The only difference between them is the authorization method (I
think), so strongswan seems didn't know which one to use. Any
suggestions?


Greetings

Marguerite




More information about the Users mailing list