[strongSwan] iOS9.0.2 can not connect to strongswan 5.3.3 via IKEv2
Eric Y. Zhang
debiansid at gmail.com
Sun Oct 4 15:23:24 CEST 2015
Hi all
when I tried to upgrade my ikev1 to ikev2 for my iphone6, I got this error.
btw ikev1 with xauth is good.
12[CFG] received stroke: add connection 'iOS_ikev2'
12[CFG] adding virtual IP address pool 192.168.85.0/24
12[CFG] loaded certificate "C=CH, O=strongSwan, CN=vps ip" from
'linodeCert.pem'
12[CFG] added configuration 'iOS_ikev2'
13[NET] received packet: from 182.144.188.209[29466] to vps ip[500] (388
bytes)
13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP)
N(NATD_D_IP) N(FRAG_SUP) ]
13[IKE] 182.144.188.209 is initiating an IKE_SA
13[IKE] remote host is behind NAT
13[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP)
N(NATD_D_IP) N(MULT_AUTH) ]
13[NET] sending packet: from vps ip [500] to 182.144.188.209[29466] (312
bytes)
14[NET] received packet: from 182.144.188.209[29467] to vps ip[4500] (412
bytes)
14[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr
CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N)
N(NON_FIRST_FRAG) SA TSi TSr ]
14[CFG] looking for peer configs matching vps ip [vps
ip]...182.144.188.209[10.169.114.138]
14[CFG] no matching peer config found
14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
14[IKE] peer supports MOBIKE
14[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
14[NET] sending packet: from vps ip [4500] to 182.144.188.209[29467] (76
bytes)
ipsec.conf
conn iOS_ikev2
keyexchange=ikev2
#fragmentation=yes
leftsendcert=always
left=%defaultroute
leftcert=linodeCert.pem
leftid="C=CH, O=strongSwan, CN=vps ip"
leftsubnet=0.0.0.0/0
right=%any
rightsourceip=192.168.85.0/24
rightid="C=CH, O=strongSwan, CN=debiansid at gmail.com"
#rightcert=ezhangCert.pem
rightsendcert=never
rightfirewall=yes
dpdaction=clear
auto=add
--
Life is harsh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151004/c72a33ad/attachment.html>
More information about the Users
mailing list