On 26.11.2011 15:09, Klaus Darilion wrote: > Trying to answer myself... > > On 26.11.2011 12:13, Klaus Darilion wrote: >> Hi! >> >> Thanks for the nice tutorial at >> http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29. I >> followed it and it works, but with some problems: >> >> I have configured it identical to the WIKI page except: >> rightsubnet=192.168.102.0/24 >> rightsourceip=192.168.102.2 >> >> The subnet 192.168.102.0/24 is natted to the public IP address >> 88.198.163.203. >> >> Question 1: Connection setup works only on the first time. When I >> disable the VPN on iPhone and enable it again it fails to connect. If I >> restart strongSwan it works again. (Strangly I have the same issue with >> Openwan in L2TP mode but not with strongSwan in L2TP mode). >> >> This is a known problem? Any ideas how to fix it? > > It seems that it is a known problem: > https://lists.strongswan.org/pipermail/users/2010-October/005462.html > > I have the same problem, the connection is not properly released. I > guess as the client reconnects from the same IP:port, somehow the old > connection settings are used instead of creating a new one. Thus, even > expanding the pool does not work. > > I added > dpdaction=clear > dpddelay=60 > dpdtimeout=60 > but after some minutes "ipsec leases" still shows the IP address as > assigned and re-login does not work.
Weird. It seems that the connection is actually shut down: Turning on VPN on the iPhone: # ipsec status 000 "RoadWarrior-CiscoIPsec": 0.0.0.0/0===88.198.53.113[C=CH, O=pernau.at strongSwan VPN, CN=pernau.at]---88.198.53.97...%any[%any]===%RoadWarrior-CiscoIPsec; unrouted; eroute owner: #0 000 "RoadWarrior-CiscoIPsec": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "RoadWarrior-CiscoIPsec"[2]: 0.0.0.0/0===88.198.53.113:4500[C=CH, O=pernau.at strongSwan VPN, CN=pernau.at]---88.198.53.97...84.112.137.170:4500[C=US, O=pernau.at strongSwan VPN, CN=client klaus]===192.168.102.3/32; erouted; eroute owner: #2 000 "RoadWarrior-CiscoIPsec"[2]: newest ISAKMP SA: #1; newest IPsec SA: #2; 000 000 #2: "RoadWarrior-CiscoIPsec"[2] 84.112.137.170:4500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 3320s; newest IPSEC; eroute owner 000 #2: "RoadWarrior-CiscoIPsec"[2] 84.112.137.170:4500 [email protected] (0 bytes) [email protected] (0 bytes); tunnel 000 #1: "RoadWarrior-CiscoIPsec"[2] 84.112.137.170:4500 STATE_MODE_CFG_R1 (sent ModeCfg reply, established); EVENT_SA_REPLACE in 3319s; newest ISAKMP 000 Turning off VPN on the iPhone: # ipsec status 000 "RoadWarrior-CiscoIPsec": 0.0.0.0/0===88.198.53.113[C=CH, O=pernau.at strongSwan VPN, CN=pernau.at]---88.198.53.97...%any[%any]===%RoadWarrior-CiscoIPsec; unrouted; eroute owner: #0 000 "RoadWarrior-CiscoIPsec": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 Thus it seems, that the connection is closed. Anyway the IP address is not released and re-connect does not work :-( regards Klaus _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
