[strongSwan] iOS IKEv2

Sam Johnson sam at 80pct.com
Sat Sep 12 02:23:40 CEST 2015 

Hello,

I have been running into trouble getting IKEv2 setup with iOS 8.3. I am
using the VICI python library to insert connections.

An example connection dict: http://pastebin.com/NSuq5zGg

The error I'm running into is that for some reason the iOS device is not
responding to one of strongswans requests:

Sep 12 00:16:47 07[IKE] <1> xx.xx.xx.xx is initiating an IKE_SA
Sep 12 00:16:47 07[IKE] <1> local host is behind NAT, sending keep alives
Sep 12 00:16:47 07[IKE] <1> remote host is behind NAT
Sep 12 00:16:47 07[IKE] <1> sending cert request for "<CERT NAME>"
Sep 12 00:16:47 07[ENC] <1> generating IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Sep 12 00:16:47 07[NET] <1> sending packet: from xx.xx.xx.xx[500]
to xx.xx.xx.xx[500] (465 bytes)
Sep 12 00:16:47 02[NET] <1> received packet: from xx.xx.xx.xx[4500]
to xx.xx.xx.xx[4500] (380 bytes)
Sep 12 00:16:47 02[ENC] <1> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT)
IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N)
N(NON_FIRST_FRAG) SA TSi TSr ]
Sep 12 00:16:47 02[CFG] <1> looking for peer configs matching xx.xx.xx.xx[
dev-vpn-ios.frdm.to]...xx.xx.xx.xx[
98cece22c11940c1bef812dc161f51e6 at xxxxxxxx.com]
Sep 12 00:16:47 02[CFG] <98cece22c11940c1bef812dc161f51e6|1> selected peer
config '98cece22c11940c1bef812dc161f51e6'
Sep 12 00:16:47 02[IKE] <98cece22c11940c1bef812dc161f51e6|1> initiating
EAP_MSCHAPV2 method (id 0xC0)
Sep 12 00:16:47 02[IKE] <98cece22c11940c1bef812dc161f51e6|1> received
ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Sep 12 00:16:47 02[IKE] <98cece22c11940c1bef812dc161f51e6|1> authentication
of 'xxxx.com' (myself) with RSA signature successful
Sep 12 00:16:47 02[IKE] <98cece22c11940c1bef812dc161f51e6|1> sending end
entity cert "<CERT_NAME>"
Sep 12 00:16:47 02[ENC] <98cece22c11940c1bef812dc161f51e6|1> generating
IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/MSCHAPV2 ]
Sep 12 00:16:47 02[NET] <98cece22c11940c1bef812dc161f51e6|1> sending
packet: from xx.xx.xx.xx[4500] to xx.xx.xx.xx[4500] (1260 bytes)

Then is just hangs, times out, and closes the half open connection.

My iOS configuration is here: http://pastebin.com/QpFP3cGp

I had IKEv1 working....but would like to switch over to IKEv2. Any help
would be greatly appreciated!

Best,
Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150911/e708b936/attachment.html>

More information about the Users mailing list