[strongSwan] iPhone IOS 7.0 strongswan issue on cellular network

[steven liu]

Hi All,

I have managed to get iPhone with IOS 7 to work with strongswan working on
WIFI by following the guide from strongswan wiki. But when on celluar
network, I often get following message "Negotiation with the VPN server
failed" on iPhone screen. At VPN gateway, I get following TCPDUMP message:

13:12:30.913877 IP [VPN_GW].500 >     [iPhone IP].42527: isakmp: phase 1 R
ident
13:12:31.181821 IP [iPhone IP].42527 > [VPN_GW].500: isakmp: phase 1 I ident
13:12:31.211092 IP [VPN_GW].500 >     [iPhone IP].42527: isakmp: phase 1 R
ident
13:12:31.603424 IP [iPhone IP].43078 > [VPN_GW].4500: NONESP-encap: isakmp:
phase 1 I ident[E]
13:12:31.614877 IP [VPN_GW].4500 >   [iPhone IP].43078: NONESP-encap:
isakmp: phase 1 R ident[E]
13:12:31.615015 IP [VPN_GW].4500 >   [iPhone IP].43078: NONESP-encap:
isakmp: phase 2/others R #6[E]
13:12:41.081164 IP [VPN_GW].4500 >   [iPhone IP].43078: NONESP-encap:
isakmp: phase 2/others R #6[E]
13:13:01.101374 IP [VPN_GW].4500 >   [iPhone IP].43078: NONESP-encap:
isakmp: phase 2/others R #6[E]
*13:13:01.486945 IP [iPhone IP] >     [VPN_GW]: ICMP 203.117.37.234 udp
port 43078 unreachable, length 36*

When I run tcpdump when iPhone is in WIFI, I found all ike packets from
iphone are using port 4500. And there is no udp port unreachable issue. VPN
can be connected quite fast in WIFI.

Is it because the port issue? Is it possible to set iphone client to use
port 4500 for ike packets when in cellular network? Thanks a lot.

Steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131028/4e4c34c5/attachment.html>