Hi Philippe, Libreswan does not support Hybrid mode:
Mar 28 16:04:51 vpn pluto[28426]: "XAUTH-GROUP"[2] 1.2.3.4 #2: Pluto does not support HybridInitRSA authentication. Attribute OAKLEY_AUTHENTICATION_METHOD so the iPhone lies. Am 28.03.2014 um 15:45:55 Uhr schrieb Philippe Vouters <[email protected]>: > The document you draw the attention onto on my Web site describes > Shrew/Libreswan running in Mutual PSK/RSA + XAuth + DHCP + PAM > Your trace left by racoon on your iPhone says: > > racoon[16654]: [16654] ERROR: No SIG was passed, hybrid auth is enabled, but > peer is no Xauth compliant > > So I would set Shrew in hybrid mode and check whether this mode is indeed > implemented in today's Libreswan V3.8. > > A long time ago when I tested Shrew's hybrid mode, Libreswan was saying in my > Fedora /var/log/secure: > # > # Hybrid RSA. Leads to > # Oct 11 16:53:00 victor pluto[12408]: "Philippe"[6] 192.168.1.3 #3: Pluto > does not support HybridInitRSA authentication. Attribute > OAKLEY_AUTHENTICATION_METHOD > # Oct 11 16:53:00 victor pluto[12408]: "Philippe"[6] 192.168.1.3 #3: no > acceptable Oakley Transform > # Oct 11 16:53:00 victor pluto[12408]: | complete state transition with (null) > # _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
