Hi Alok, besides some unexpected packets everything seems ok. Both XAUTH and ModeConfig are established successfully but somehow the negotiation does not go on the IKE Quick Mode. Could you remove the modeconfig=push line since strange effects might occur if Mode Config is used in conjunction with XAUTH.
Regards
Andreas
Alok Thaker wrote:
> Hi Friends,
>
> I am a fan of strongswan and I have made l2tp with ipsec running
> succesffuly with iphone and strongswan. The only problem I am facing is to
> make only ipsec with XAUTH+PSK running with iphone.
>
> I have also enabled --enable-cisco-quirks=yes as iphone works as cisco vpn
> client as I read in the strongswan answers but I have got no luck in
> establishment.
> I get the following errors while connecting strongswan ipsec(XAUTH+PSK)
> wiith iphone ipsec.
>
> packet from 82.132.139.25:44759: ignoring Vendor ID payload [Cisco-Unity]
> Sep 6 14:48:43 uk_server3 pluto[24769]: packet from 82.132.139.25:44759:
> received Vendor ID payload [Dead Peer Detection]
> Sep 6 14:48:43 uk_server3 pluto[24769]: "win"[1] 82.132.139.25:44759 #1:
> responding to Main Mode from unknown peer 82.132.139.25:44759
> Sep 6 14:48:45 uk_server3 pluto[24769]: "win"[1] 82.132.139.25:44759 #1:
> NAT-Traversal: Result using RFC 3947: peer is NATed
> Sep 6 14:48:46 uk_server3 pluto[24769]: "win"[1] 82.132.139.25:44759 #1:
> Peer ID is ID_IPV4_ADDR: '10.38.42.53'
> Sep 6 14:48:46 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44759 #1:
> deleting connection "win" instance with peer 82.132.139.25
> {isakmp=#0/ipsec=#0}
> Sep 6 14:48:46 uk_server3 pluto[24769]: | NAT-T: new mapping
> 82.132.139.25:44759/44760)
> Sep 6 14:48:46 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44760 #1:
> sent MR3, ISAKMP SA established
> Sep 6 14:48:46 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44760 #1:
> sending XAUTH request
> Sep 6 14:48:46 uk_server3 pluto[24769]: packet from 82.132.139.25:44760:
> Informational Exchange is for an unknown (expired?) SA
> Sep 6 14:48:46 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44760 #1:
> parsing XAUTH reply
> Sep 6 14:48:46 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44760 #1:
> extended authentication was successful
> Sep 6 14:48:46 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44760 #1:
> sending XAUTH status:
> Sep 6 14:48:47 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44760 #1:
> parsing XAUTH ack
> Sep 6 14:48:47 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44760 #1:
> received XAUTH ack, established
> Sep 6 14:48:47 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44760 #1:
> sending ModeCfg set
> Sep 6 14:48:47 uk_server3 pluto[24769]: packet from 82.132.139.25:44760:
> ModeCfg message is for a non-existent (expired?) ISAKMP SA
> Sep 6 14:48:48 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44760 #1:
> parsing ModeCfg ack
> Sep 6 14:48:48 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44760 #1:
> received ModeCfg ack, established
> Sep 6 14:48:48 uk_server3 pluto[24769]: "win"[2] 82.132.139.25:44760 #1:
> unsupported ModeCfg attribute 28683?? received.
>
> My ipsec.conf for for psk + xauth has this entry
>
> config setup
> # crlcheckinterval=600
> # strictcrlpolicy=yes
> # cachecrls=yesA
> nat_traversal=yes
> conn win
> authby=xauthpsk
> xauth=server
> left=94.76.194.32
> leftnexthop=%direct
> rightsourceip=%modeconfig
> modeconfig=push
> auto=start
>
> My ipsec.secrets has
> 94.76.194.32 %any : PSK "alok"
> : XAUTH alok "alok"
>
> Please it is urgent for me can someone hellp me out so that it wld be great
> achievement making strongswan ipsec (XAUTH+PSK) running with iphone.
>
> Thanks,
> Alok
======================================================================
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
