[strongSwan] OSX weakswan pfkey_open no such file
Alejandro Valcarcel - ODEC
avalcarcel at odec.es
Wed Feb 25 16:08:01 CET 2015
Hi Tobias,
thanks for your help. I just did and uninstall and install without options,
using same conf files, but with other internet provider, and now it works
as espected, in the second attempt.
Looks like the ipsec trafic was not allowed in that spot.
I didn't need to use leftsourceip=%config, since in the sonicwall profile
we use the option "Virtual adapter settings: DHCP Lease or Manual
Configuration".
I'll like to congratulate all of you for your effort.
I have the same conn configuration running in RHEL 6, centOS 6, openSUSE
13.2, ubuntu 14.4 and OSX 10.10. The only diference is that in ubuntu and
opensuse, our rigthid that uses espaces have to be "double quoted", because
it runs version 5.1.
Now I'm trying iOS and Android ;-)
Thanks again.
--
Alejandro Valcarcel Garcia
Responsable de sistemas y comunicaciones
ODEC - Construimos Soluciones
avalcarcel at odec.es - http://www.odec.es - Calle Vicent Macip, 1 (46701)
Gandia SPAIN - T: +34 962 860 466 ext 1292 - M: +34 699 679 435
2015-02-24 15:02 GMT+01:00 Tobias Brunner <tobias at strongswan.org>:
> Hi Alejandro,
>
> > brew install strongswan --with-curl --with-suite-b
>
> If you use `--with-suite-b` our own userland IPsec implementation will
> be used instead of the kernel's via PF_KEY. So you won't see any output
> in `setkey -D` (also you'd have to run that command as superuser with
> sudo).
>
> > parsed INFORMATIONAL_V1 request 2418823313 [ HASH N(INITIAL_CONTACT) ]
> > configuration payload missing in XAuth request
> > ...
> > The tunnel is stablished OK always in the second try, sonicwalls asks
> > twice for the username and password.
>
> Looks like Sonicwall sends an INITIAL_CONTACT in an INFORMATIONAL
> exchange during the XAuth exchange (and even though it is the server).
> Apparently, charon has trouble handling this properly. In the second
> try the Sonicwall perhaps still has the state from the first attempt
> around and therefore does not send the notify.
>
> > But once stablished no packets are arriving to the VPN Server.
>
> You might need to request a virtual IP address [1] from the server using
> `leftsourceip=%config`, which is usually the case in remote access
> scenarios.
>
> Regards,
> Tobias
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150225/bfdf6275/attachment-0001.html>
More information about the Users
mailing list