[strongSwan] iOS9.0.2 can not connect to strongswan 5.3.3 via IKEv2

Eric Y. Zhang debiansid at gmail.com
Sun Oct 4 16:59:40 CEST 2015 

change ipsec.conf

remove rightid and rightcert , change rightauth=eap-tls

it works now

On Sun, Oct 4, 2015 at 9:23 PM, Eric Y. Zhang <debiansid at gmail.com> wrote:

> Hi all
>
> when I tried to upgrade my ikev1 to ikev2 for my iphone6, I got this error.
>
> btw ikev1 with xauth is good.
>
> 12[CFG] received stroke: add connection 'iOS_ikev2'
> 12[CFG] adding virtual IP address pool 192.168.85.0/24
> 12[CFG]   loaded certificate "C=CH, O=strongSwan, CN=vps ip" from
> 'linodeCert.pem'
> 12[CFG] added configuration 'iOS_ikev2'
> 13[NET] received packet: from 182.144.188.209[29466] to vps ip[500] (388
> bytes)
> 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP)
> N(NATD_D_IP) N(FRAG_SUP) ]
> 13[IKE] 182.144.188.209 is initiating an IKE_SA
> 13[IKE] remote host is behind NAT
> 13[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP)
> N(NATD_D_IP) N(MULT_AUTH) ]
> 13[NET] sending packet: from vps ip [500] to 182.144.188.209[29466] (312
> bytes)
> 14[NET] received packet: from 182.144.188.209[29467] to vps ip[4500] (412
> bytes)
> 14[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr
> CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N)
> N(NON_FIRST_FRAG) SA TSi TSr ]
> 14[CFG] looking for peer configs matching vps ip [vps
> ip]...182.144.188.209[10.169.114.138]
> 14[CFG] no matching peer config found
> 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
> 14[IKE] peer supports MOBIKE
> 14[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
> 14[NET] sending packet: from vps ip [4500] to 182.144.188.209[29467] (76
> bytes)
>
>
> ipsec.conf
>
> conn iOS_ikev2
>      keyexchange=ikev2
>      #fragmentation=yes
>      leftsendcert=always
>      left=%defaultroute
>      leftcert=linodeCert.pem
>      leftid="C=CH, O=strongSwan, CN=vps ip"
>      leftsubnet=0.0.0.0/0
>      right=%any
>      rightsourceip=192.168.85.0/24
>      rightid="C=CH, O=strongSwan, CN=debiansid at gmail.com"
>      #rightcert=ezhangCert.pem
>      rightsendcert=never
>      rightfirewall=yes
>      dpdaction=clear
>      auto=add
> --
> Life is harsh
>



-- 
Life is harsh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151004/26ba9caa/attachment.html>

More information about the Users mailing list