[strongSwan] MacOS: IKEv1 fails after wakeup

Tobias Brunner tobias at strongswan.org
Tue Mar 15 12:13:19 CET 2016


Hi Harald,

> I have no idea why the Mac opens a new session now, instead of relying
> upon the old IKE_SA, but it seems to me that the Mac missed to send
> xauth info. Is this correct?

Yes, looks that way.  Which is strange because while in the previous
reconnection attempt the client did not request a virtual IP it did at
least respond to the XAuth request.  Here it apparently does neither
before sending a Quick Mode request.  Maybe it's a reauthentication.
This was a problem with (older) iOS versions, which lead to the
development of the xauth-noauth plugin [1].  Try checking the client log.

Regards,
Tobias

[1]
https://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29#ISAKMP-reauthentication-issues


More information about the Users mailing list