I'm trying to configure IPsec on a Astlinux 1.0.4 to connect to an iPad and a Mac. I configured the systems by following the directions at doc.astlinux.org/userdoc:tt_ipsec_vpn_apple_ios. I believe the only difference is that I included a push network for the LAN side of the AstLinux box. Neither of the client devices are able to connect successfully. The error message I get from the iPad is "Could not validate the server certificate." The Mac says "the negotiation with the VPN server failed. Verify the server address and try reconnecting." Below is the log from when I try to connect with the iPad. Since this is all being done in a test environment, all the IP's are private, 192.168.1.216 is the WAN i/f of Astlinux, and .25 is the IP of the iPad. Originally, the WAN i/f was assigned via DHCP using a MAC reservation from my router. I retested using a static definition with Astlinux, and that didn't seem to help. Any suggestions as to what might be the problem?
Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: respond new phase 1 negotiation: 192.168.1.216[500]<=>192.168.1.25[500] Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: begin Identity Protection mode. Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: RFC 3947 Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08 Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07 Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06 Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05 Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04 Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: CISCO-UNITY Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: received Vendor ID: DPD Sep 11 22:15:51 pbx2 daemon.info racoon: [192.168.1.25] INFO: Selected NAT-T version: RFC 3947 Sep 11 22:15:51 pbx2 daemon.info racoon: INFO: Adding xauth VID payload. Sep 11 22:15:52 pbx2 daemon.info racoon: [192.168.1.216] INFO: Hashing 192.168.1.216[500] with algo #2 Sep 11 22:15:52 pbx2 daemon.info racoon: INFO: NAT-D payload #0 verified Sep 11 22:15:52 pbx2 daemon.info racoon: [192.168.1.25] INFO: Hashing 192.168.1.25[500] with algo #2 Sep 11 22:15:52 pbx2 daemon.info racoon: INFO: NAT-D payload #1 verified Sep 11 22:15:52 pbx2 daemon.info racoon: INFO: NAT not detected Sep 11 22:15:52 pbx2 daemon.info racoon: [192.168.1.25] INFO: Hashing 192.168.1.25[500] with algo #2 Sep 11 22:15:52 pbx2 daemon.info racoon: [192.168.1.216] INFO: Hashing 192.168.1.216[500] with algo #2 Sep 11 22:15:52 pbx2 daemon.info racoon: INFO: Adding remote and local NAT-D payloads. Sep 11 22:15:52 pbx2 daemon.info racoon: WARNING: unable to get certificate CRL(3) at depth:0 SubjectName:/C=US/ST=Nebraska/L=Omaha/O=AstLinux Management/OU=IPsec Mobile Server/CN=iPad/emailAddress=i...@astlinux.org Sep 11 22:15:52 pbx2 daemon.info racoon: WARNING: unable to get certificate CRL(3) at depth:1 SubjectName:/C=US/ST=Nebraska/L=Omaha/O=AstLinux Management/OU=IPsec Mobile Server/CN=pbx2.lab.local/emailAddress=i...@astlinux.org Sep 11 22:15:52 pbx2 daemon.info racoon: INFO: Sending Xauth request Sep 11 22:15:53 pbx2 daemon.info racoon: [192.168.1.25] INFO: received INITIAL-CONTACT Sep 11 22:15:53 pbx2 daemon.info racoon: INFO: ISAKMP-SA established 192.168.1.216[500]-192.168.1.25[500] spi:2edf3d11d1435fc7:d0ed00ee21ce8efd Sep 11 22:15:53 pbx2 daemon.info racoon: ERROR: ignore information because the message is too short - 76 byte(s). Sep 11 22:15:58 pbx2 user.info kernel: AIF:PRIV UDP broadcast: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:60:c5:47:0a:43:c0:08:00 SRC=192.168.1.11 DST=192.168.1.255 LEN=240 TOS=0x00 PREC=0x00 TTL=64 ID=58993 PROTO=UDP SPT=138 DPT=138 LEN=220 Sep 11 22:16:49 pbx2 daemon.info racoon: [192.168.1.25] INFO: DPD: remote (ISAKMP-SA spi=2edf3d11d1435fc7:d0ed00ee21ce8efd) seems to be dead. Sep 11 22:16:49 pbx2 daemon.info racoon: INFO: purging ISAKMP-SA spi=2edf3d11d1435fc7:d0ed00ee21ce8efd. Sep 11 22:16:49 pbx2 daemon.info racoon: INFO: purged ISAKMP-SA spi=2edf3d11d1435fc7:d0ed00ee21ce8efd. Sep 11 22:16:49 pbx2 daemon.info racoon: INFO: ISAKMP-SA deleted 192.168.1.216[500]-192.168.1.25[500] spi:2edf3d11d1435fc7:d0ed00ee21ce8efd ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
