[strongSwan] [help]My iOS Certificate cfg conflicts with Android Xauth PSK one
Marguerite Su
i at marguerite.su
Sat Jun 8 08:18:20 CEST 2013
Hi, listmates,
Sorry to interrupt your sound sleep, I just got it solved.
After digging those logs in very detail:
* strongswan on server keeps complaining "no acceptable
ENCRYPTION_ALGORITHM found" and "no acceptable INTEGRITY_ALGORITHM
found".
* racoon on client keeps complaining "no ph1bind replacement found. NULL ph1."
I'm an openSUSE(a Linux distribution) dev (actually I research on this
for the official strongswan setup tutorial on our wiki), so it's
enough for me to get the wild guess:
* what's common between them?
then I found ph1 means "phrase 1", and in phrase 1 you can choose
aggressive/main mode.
Aggressive mode doesn't have any encryption[1] (that's why strongswan
complains).
so commenting
conn iOS_cert
#aggressive=yes
it works fine.
Seems it's not a match game that if our wiki said iOS uses aggressive
mode so we have to set it up on our server. I also research on the
modified version of racoon on iOS:
It does support main mode. but prefers aggressive mode.
Greetings
Marguerite
More information about the Users
mailing list