[strongSwan] Web sockets Can't Connect on ikev2

joshua gross grossjo2 at hotmail.com
Tue Feb 23 17:42:39 CET 2016

I have a very simple ikev2 connection block. Sample below:I can connect and browse http/https fine. But if I try to use a web socket, the connection fails.
Sample url that fails to even load the pagehttp://www.websocket.org/echo.html
Is there something I need to setup to get web sockets working correctly?

config setup  charondebug="dmn 1, mgr 1, ike 1, chd 1, job 1, cfg 1, knl 1, net 1, asn 1, enc 1, lib 1, esp 1, tls 1"  #plutodebug=all  # crlcheckinterval=600  strictcrlpolicy=no  # cachecrls=yes  # charondebug=4  nat_traversal=yes  #charonstart=no  #plutostart=no
ca servers  auto=add
conn %default  ikelifetime=60m  keylife=20m  rekeymargin=3m  keyingtries=1  keyexchange=ikev1  auto=add

conn iphone-ios8-ike-v2  ike=aes256-sha256-modp2048,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024! # Win7 is aes256, sha-1, modp1024; iOS is aes256, sha-256, modp1024; OS X is 3DES, sha-1, modp1024  esp=aes256-sha256-modp2048,aes256-sha256,aes256-sha1,3des-sha1! # Win 7 is aes256-sha1, iOS is aes256-sha256, OS X is 3des-shal1  keyexchange=ikev2  rightauth=pubkey  left=%defaultroute  leftid=@*.example.com  leftsubnet=  leftfirewall=no  leftcert=example.pem  leftsendcert=always  leftupdown=/usr/local/example/bin/up_down/se_updown  right=%any  # !!!do not specify rightsubnet!!!  #rightsubnet=  rightsourceip=  rightsendcert=always  # Require all subject fields to be matched by star  # As well as CA's pull in  #rightid="C=US, ST=*, L=*, O=*, CN=*"  eap_identity=%any  fragmentation=yes  auto=add

Joshua J. Gross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160223/ec69f15a/attachment.html>

More information about the Users mailing list