[strongSwan] StrongSwan, iPhone and IP Forwarding?

2012-06-12 Thread Sharon Sahar
Hi, I have running server of StrongSwan on a cloud (on Linux CentOS), configured for iPhone connections ( http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) ) and an iPhone which successfully connects o the server. Network topology is: [ iPhone (behind NAT) ] ---> [ SS on Cloud ]

Re: [strongSwan] strongSwan + iPhone

2009-07-14 Thread Wolfram Schlich
Hi Andreas! * Andreas Steffen [2009-07-13 14:40]: > I think any further analysis of the strongSwan log does not give > additional information. Upon the reception of the XAUTH request, > the iPhone client should return its username/password. Is there any > prompt on the client or are there any err

Re: [strongSwan] strongSwan + iPhone

2009-07-13 Thread Andreas Steffen
Wolfram Schlich wrote: > Hi Andreas! > > * Andreas Steffen [2009-07-13 13:08]: >> The iPhone client does not like the XAUTH request: >> >>> 12:11:05 pluto[23959]: | starting XAUTH server >>> 12:11:05 pluto[23959]: "iphone"[3] CLIENT-IP:11044 #3: >>sending XAUTH request >>

Re: [strongSwan] strongSwan + iPhone

2009-07-13 Thread Wolfram Schlich
Hi Andreas! * Andreas Steffen [2009-07-13 13:08]: > The iPhone client does not like the XAUTH request: > > > 12:11:05 pluto[23959]: | starting XAUTH server > > 12:11:05 pluto[23959]: "iphone"[3] CLIENT-IP:11044 #3: > sending XAUTH request > > because instead of the XAUTH

Re: [strongSwan] strongSwan + iPhone

2009-07-13 Thread Andreas Steffen
The iPhone client does not like the XAUTH request: > 12:11:05 pluto[23959]: | starting XAUTH server > 12:11:05 pluto[23959]: "iphone"[3] CLIENT-IP:11044 #3: sending XAUTH request because instead of the XAUTH reply it sends an INFORMATIONAL message: 12:11:06 pluto[23959]

Re: [strongSwan] strongSwan + iPhone

2009-07-13 Thread Wolfram Schlich
* Andreas Steffen [2009-07-10 18:44]: > Hi Wolfram, Hey Andreas! > have you enabled NAT-Traversal in ipsec.conf with the statement > > config setup >nat_traversal=yes > > since the source port of the IKE message is 29643 and not 500? Ah! I overlooked that :) Ok, added nat_traversal=y

Re: [strongSwan] strongSwan + iPhone

2009-07-10 Thread Andreas Steffen
Hi Wolfram, have you enabled NAT-Traversal in ipsec.conf with the statement config setup nat_traversal=yes since the source port of the IKE message is 29643 and not 500? Best regards Andreas Wolfram Schlich wrote: > Hi! > > I'm trying to establish an IPsec connection between an iPhone

[strongSwan] strongSwan + iPhone

2009-07-10 Thread Wolfram Schlich
Hi! I'm trying to establish an IPsec connection between an iPhone and strongSwan-4.3.2. iPhone IPsec VPN is working with racoon instead of strongSwan, see http://holger.carne.de/2008/12/13/vpnipsec-mit-iphone-und-racoon/ for a working racoon config which I've tested successfully. Here's the log