Please can you provide: - log with default loglevel set to 2, showing start of both iPhones connection - output of command "strongswan statusall" at the time both iphone are connected - route table and iptables rules (tables filter, nat, mangle)
I believe this question would be next time better fit for users list and even might get answered quicker there. Miroslav On Thursday, April 23, 2015 at 4:40:15 PM UTC+2, Andrew Foss wrote: > > I am bringing up an ipsec server for our ios users and suspect my "left" > parameters aren't quite right, but so far my changes have made it not > work at all and I am not fully understanding the descriptions. I am > running 5.3.0, our ifupdown scripts open iptables rules to allow access > to dns and the servers. > > What is see is first device on a network connects and works fine. Second > device connects and neither works, second device gets disconnected, as > if the routing/nat handling is sending packets down the wrong tunnel. > > Here's my config, I suspect leftsubnet should be 0/0, these are just > devices connecting for themselves, not another vpn gateway connecting a > network. Any pointers? > > conn ios > keyexchange=ikev1 > #esp=null-sha1! > authby=xauthrsasig > xauth=server > left=%defaultroute > leftsubnet=0.0.0.0/0 > #leftsubnet=10.66.0.0/16 > #leftfirewall=yes > leftupdown=/opt/actmobile/accelerator/actmobile_ipsec_updown > leftcert=serverCert.pem > right=%any > rightsourceip=10.0.0.0/16 > #rightsourceip=10.100.255.0/28 > #rightcert=clientCert.pem > #pfs=no > auto=start > rekey=yes > fragmentation=yes > lifetime=24h > dpddelay=0 > dpdtimeout=24h > actmobile@accel:~-u > > thanks, > andrew > _______________________________________________ > Dev mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/dev >
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
