Marc-Christian,
Apparently this does not apply to the iPhone and a cisco ipsec mode.
However between Cisco IOS
*Version 15.1(4)M4, RELEASE SOFTWARE (fc1)*
and Shrew in PSK mode, I have explicitly set Shrew running with *Mutual
PSK + XAuth* with a local identifier being a KeyID and the remote
identifier being an FQDN. With this Cisco IOS version, aggressive mode
has to be set while for PSK authentication.
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:[email protected]
On 03/28/2014 04:33 PM, Marc-Christian Petersen wrote:
Hi Paul,
yep, I know about the bug but it doesn't happen here.
for whatever reason iOS is using hybrid mode when using
cisco ipsec mode with group name and PSK.
Maybe the problem is Libreswan not offering XAUTH when in
aggressive mode and iOS is falling back to hybrid?
Am 28.03.2014 um 16:25:33 Uhr schrieb Paul Wouters <[email protected]>:
On Fri, 28 Mar 2014, Marc-Christian Petersen wrote:
Libreswan does not support Hybrid mode:
Mar 28 16:04:51 vpn pluto[28426]: "XAUTH-GROUP"[2] 1.2.3.4 #2: Pluto does not
support HybridInitRSA authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
The iphone should not be using hybrid mode. Be aware if you switch from
PSK to CERT configurations on your iphone, and you don't wipe the
PSK/ID information, your CERT connection will fail.
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
