[strongSwan] iOS Config

Chris Arnold carnold at electrichendrix.com
Thu Mar 21 01:46:22 CET 2013


Am Freitag, 15. März 2013, 18:13:04 schrieb Chris Arnold:
> Trying to get multiple iOS devices connected to strongSwan 4.4.0 on SLES11.
> When trying from iPhone 5 with iOS6, i get vpn did not respond. Nothing
> appears in the charon logs either. I have verified the strongSwan public ip
> is correct. Here is my iOS section of ipsec.conf:
> 
> conn iOS
> 	keyexchange=ikev1
> 	authby=xauthpsk
> 	xauth=server
> 	left=%defaultroute
> 	leftsubnet=192.168.1.0/24
> 	right=%any
> 	rightsourceip=192.168.3.0/24
> 	pfs=no
> 	auto=add
> 
> ipsec.secrets:
> : PSK "my psk"
> 
> I am following this advise:
> http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29
> 
> Can someone help with this?

>I have the same problem, and upgraded to strongswan 5.0.2 because of that, but 
>it didn't help either. My thread is "wiki article iOS". Let's see if we can 
>solve that.


charon log shows:
11[CFG] received stroke: initiate 'iOS'
11[CFG] ignoring initiation request for IKEv1 config

ipsec statusall
000 Status of IKEv1 pluto daemon (strongSwan 4.4.0):
000 interface lo/lo 127.0.0.1:4500
000 interface lo/lo 127.0.0.1:500
000 interface lo/lo 127.0.0.2:4500
000 interface lo/lo 127.0.0.2:500
000 interface eth0/eth0 192.168.1.18:4500
000 interface eth0/eth0 192.168.1.18:500
000 %myid = '%any'
000 loaded plugins: curl ldap aes des sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem openssl gcrypt hmac gmp attr
000 debug options: none
000 Virtual IP pools (size/online/offline):
000 "iOS": 255/0/0
000
000 "iOS": 192.168.1.0/24===192.168.1.18[192.168.1.18]---192.168.1.1...%any[%any]===%iOS; unrouted; eroute owner: #0
000 "iOS":   ike_life: 28800s; ipsec_life: 1200s; rekey_margin: 180s; rekey_fuzz: 100%; keyingtries: 1
000 "iOS":   policy: ENCRYPT+TUNNEL+XAUTHPSK+XAUTHSERVER; prio: 24,32; interface: eth0;
000 "iOS":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000

Does this look right?

_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users




More information about the Users mailing list