Hallo Wolfram, hallo Andreas,
the most important thing is an expanded x509v3 certificate with the following
attribute.
create Certificate with modified openssl.cnf for this vpn-gateway.
-subjectAltName=email:copy
+subjectAltName=email:copy, DNS:dns1.vpngatewaydomain.de,
DNS.dns2.vpngatewaydoma
Wolfram Schlich wrote:
> Hi Andreas!
>
> * Andreas Steffen [2009-07-13 13:08]:
>> The iPhone client does not like the XAUTH request:
>>
>>> 12:11:05 pluto[23959]: | starting XAUTH server
>>> 12:11:05 pluto[23959]: "iphone"[3] CLIENT-IP:11044 #3:
>>sending XAUTH request
>>
Hi Andreas!
* Andreas Steffen [2009-07-13 13:08]:
> The iPhone client does not like the XAUTH request:
>
> > 12:11:05 pluto[23959]: | starting XAUTH server
> > 12:11:05 pluto[23959]: "iphone"[3] CLIENT-IP:11044 #3:
> sending XAUTH request
>
> because instead of the XAUTH
The iPhone client does not like the XAUTH request:
> 12:11:05 pluto[23959]: | starting XAUTH server
> 12:11:05 pluto[23959]: "iphone"[3] CLIENT-IP:11044 #3:
sending XAUTH request
because instead of the XAUTH reply it sends an INFORMATIONAL message:
12:11:06 pluto[23959]
* Andreas Steffen [2009-07-10 18:44]:
> Hi Wolfram,
Hey Andreas!
> have you enabled NAT-Traversal in ipsec.conf with the statement
>
> config setup
>nat_traversal=yes
>
> since the source port of the IKE message is 29643 and not 500?
Ah! I overlooked that :)
Ok, added nat_traversal=y