On Fri, 5 Dec 2014, Wolfgang Nothdurft wrote:
A customer reported a problem with an iphone (IOS8) xauth connection and
libreswan 3.9.
The same connection works from one net without problems, but if trying from
another net, the connection can't be established.
After examine the log, the problem seems to be that the iphone get the xauth
login request before finishing phase one.
Dec 5 13:10:58 iPad-von-roe racoon[455] <Error>: mode config 6 from
xxx.x.xx.xxx[4500], but ISAKMP-SA 23dc52d8e2241e77:1ce13e6f0962d19e isn't
established.
Dec 5 13:10:58 iPad-von-roe racoon[455] <Notice>: IPSec Phase 1 established
(Initiated by me).
See attached logs from both sides.
A quick and dirty workaround was putting a delay before xauth_send_request.
See attached patch.
I will try to tweak this parameter next week.
Is this a known problem?
We have seen related issues in the past with iphone on some carriers,
but the problem went away. Is it possible to try with libreswan-3.12?
There were some fixes related to helper and xauth states.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
