[strongSwan] [help]My iOS Certificate cfg conflicts with Android Xauth PSK one

Marguerite Su i at marguerite.su
Sat Jun 8 08:18:20 CEST 2013

Hi, listmates,

Sorry to interrupt your sound sleep, I just got it solved.

After digging those logs in very detail:

* strongswan on server keeps complaining "no acceptable
* racoon on client keeps complaining "no ph1bind replacement found. NULL ph1."

I'm an openSUSE(a Linux distribution) dev (actually I research on this
for the official strongswan setup tutorial on our wiki), so it's
enough for me to get the wild guess:

* what's common between them?

then I found ph1 means "phrase 1", and in phrase 1 you can choose
aggressive/main mode.

Aggressive mode doesn't have any encryption[1] (that's why strongswan

so commenting

conn iOS_cert

it works fine.

Seems it's not a match game that if our wiki said iOS uses aggressive
mode so we have to set it up on our server. I also research on the
modified version of racoon on iOS:

It does support main mode. but prefers aggressive mode.



More information about the Users mailing list