[strongSwan] VPN works with only 1 remote client. second client logs in and disconnects the first.

Lawrence Chiu Lawrence_Chiu_TX3 at yahoo.com
Tue Nov 5 14:35:33 CET 2013 

I originally sent this email on 10/4/2013 but I got no replies, and 
after a month, I still have this problem.  Can anyone help?

I followed the configuration shown in the wiki for Apple IOS clients.
http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) 
<http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29>

It works on one remote client (iPad).  When I connect a second remote 
client (Android phone) to the VPN, the iPad is disconnected 
immediately.  The ipsec.conf, ipsec.secrets, and strongswan.conf files 
are same as the wiki example with two changes to support multiple 
clients (change rightsourceip and removed rightcert).

$ diff ipsec.conf ipsec.conf.template
<         rightsourceip=10.0.0.0/24
---
 >         rightsourceip=10.0.0.2
 >         rightcert=clientCert.pem

The /var/log/auth.log is attached starting from when USER #2 connects to 
the VPN (at this time USER #1 is already connected and everything is 
working).  Thank you.

Oct  4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: 
received Vendor ID payload [RFC 3947]
Oct  4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: 
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Oct  4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: 
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Oct  4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: 
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct  4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: 
received Vendor ID payload [XAUTH]
Oct  4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: 
ignoring Vendor ID payload [Cisco-Unity]
Oct  4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: 
ignoring Vendor ID payload [FRAGMENTATION 80000000]
Oct  4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: 
received Vendor ID payload [Dead Peer Detection]
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4: 
responding to Main Mode from unknown peer 192.168.0.3
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4: 
NAT-Traversal: Result using RFC 3947: both are NATed
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4: Peer 
ID is ID_DER_ASN1_DN: 'C=CH, O=strongSwan, CN=win7.mycompany.local'
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4: crl 
not found
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4: 
certificate status unknown
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3 #4: 
deleting connection "ios" instance with peer 192.168.0.3 
{isakmp=#0/ipsec=#0}
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3 #4: we 
have a cert and are sending it upon request
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3 #4: 
deleting connection "ios" instance with peer 70.139.113.210 
{isakmp=#2/ipsec=#3}
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios" #3: deleting state 
(STATE_QUICK_R2)
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios" #2: deleting state 
(STATE_MODE_CFG_R1)
Oct  4 16:56:01 vmware-u003 pluto[5989]: lease 10.10.4.1 by 'vmware' 
went offline
Oct  4 16:56:01 vmware-u003 pluto[5989]: | NAT-T: new mapping 
192.168.0.3:500/4500)
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
sent MR3, ISAKMP SA established
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
sending XAUTH request
Oct  4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:4500: 
Informational Exchange is for an unknown (expired?) SA
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
parsing XAUTH reply
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
extended authentication was successful
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
sending XAUTH status
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
parsing XAUTH ack
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
received XAUTH ack, established
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
parsing ModeCfg request
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
peer requested virtual IP %any
Oct  4 16:56:01 vmware-u003 pluto[5989]: reassigning offline lease to 
'vmware'
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
assigning virtual IP 10.10.4.1 to peer
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
sending ModeCfg reply
Oct  4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: 
sent ModeCfg reply, established

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131105/76f56090/attachment.html>

More information about the Users mailing list