Hi, Ok, next issue :). I'm trying to setup an OS X client IPSec/L2TP connection to strongSwan 4.5.0.
The strongSwan server and the OS X client are both behind a NAT. I managed to
find the configuration to get the tunnel establishment to pass phase 1 but it
fails in phase 2. The OS X client (raccoon) fails to match its computed HASH(2)
with strongSwan's hash passed with the STATE_QUICK_R0 message. I've attached
the strongSwan debug traces and raccoon debug traces to this email. Any ideas
why raccoon and strongSwan don't agree on the hash value?
Someone reported a similar issue last month and indicated that things were
working when the strongSwan server was NOT behind a NAT but failed when it was
behind a NAT.
Here's the config I'm using:
conn rw
esp=aes128-sha1
ike=aes128-sha-modp1024
keyexchange=ikev1
keyingtries=3
type=transport
left=%defaultroute
leftsubnet=aa.aa.aa.aa/32
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
rightsubnetwithin=0.0.0.0/0
authby=psk
pfs=no
compress=no
auto=add
Cheers,
Benoit.
racoon.log
Description: Binary data
pluto2.log
Description: Binary data
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
