[strongSwan] [help]My iOS Certificate cfg conflicts with Android Xauth PSK one
Marguerite Su
i at marguerite.su
Sat Jun 8 04:32:21 CEST 2013
Hi, listmates,
I can't connect to strongswan on my iPad, and the server log shows:
[IKE]received end entity cert "C=CN, O=strongSwan, CN=client"
[CFG] looking for XAuthInitRSA peer configs matching
<Myserver>...<MyIP>[C=CN, O=strongSwan, CN=client]
[CFG] candidate "iOS_cert", match: 1/20/6 (me/other/ike)
[CFG] candidate "android_xauth_psk", match: 1/1/6 (me/other/ike)
[IKE] no peer config found
[IKE] queueing INFORMATIONAL task
is that normal? I think my cfgs conflict with each other, here:
conn iOS_cert
keyexchange=ikev1
aggressive=yes
# strongswan version >= 5.0.2, compatible with iOS 6.0,6.0.1
fragmentation=yes
left=%defaultroute
leftauth=pubkey
leftsubnet=0.0.0.0/0
leftcert=server.cert.pem
right=%any
rightauth=pubkey
rightauth2=xauth
rightsourceip=10.0.0.0/24
rightcert=client.cert.pem
auto=add
# also supports Windows vista and iOS PSK
conn android_xauth_psk
keyexchange=ikev1
left=%defaultroute
leftauth=psk
leftsubnet=0.0.0.0/0
right=%any
rightauth=psk
rightauth2=xauth
rightsourceip=10.0.0.0/24
auto=add
The only difference between them is the authorization method (I
think), so strongswan seems didn't know which one to use. Any
suggestions?
Greetings
Marguerite
More information about the Users
mailing list