[strongSwan] Strongswan+Android+Xauth

Ingmar Rosenhagen Sun, 12 Feb 2012 08:39:13 -0800

Hi,

after Android 4.0 supports Ipsec with Xauth I setup a little test-connection:



conn android2
        left=10.10.10.10.
        right=%any
        auto=add
        authby=xauthpsk
        xauth=server
        pfs=no

I've added a PSK for the IPSEC and an XAuth-User in ipsec.secrets:

10.10.10.10 %any: PSK "password"
: XAUTH xoom "t3st"

On my Xoom I've entered the Server-IP, the IPsec-PSK and the Xauth User/PW.
When trying to connect, the Ipsec-Connections seems to be established but Xauth 
fails after that. The log shows that the client seems to send the wrong 
password. I've tripple-checked the password on the client-side now, and I'm 
sure it's entered correct, and I executed "ipsec rereadsecrets" which showed 
now errors. 
Any hints where I should start to look? Strongswan-Version on the Server is 
4.3.2-1.ubuntu1.

Thanks in advance!

Log: 

Feb 12 11:08:10 wiederkaeuer pluto[3763]: "android2": deleting connection
Feb 12 11:08:10 wiederkaeuer pluto[3763]:   loaded host cert file 
'/etc/ipsec.d/certs/wiederkaeuer.pem' (2464 bytes)
Feb 12 11:08:10 wiederkaeuer pluto[3763]:   loaded host cert file 
'/etc/ipsec.d/certs/adelheid.pem' (2427 bytes)
Feb 12 11:08:10 wiederkaeuer pluto[3763]: added connection description 
"adelheid"
Feb 12 11:08:10 wiederkaeuer pluto[3763]:   loaded host cert file 
'/etc/ipsec.d/certs/wiederkaeuer.pem' (2464 bytes)
Feb 12 11:08:10 wiederkaeuer pluto[3763]:   loaded host cert file 
'/etc/ipsec.d/certs/netbook.pem' (2439 bytes)
Feb 12 11:08:10 wiederkaeuer pluto[3763]: added connection description "netbook"
Feb 12 11:08:10 wiederkaeuer pluto[3763]: added connection description "android"
Feb 12 11:08:10 wiederkaeuer pluto[3763]: added connection description 
"android2"
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: 
received Vendor ID payload [RFC 3947]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: 
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: 
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: 
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: 
received Vendor ID payload [XAUTH]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: 
ignoring Vendor ID payload [Cisco-Unity]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: 
ignoring Vendor ID payload [FRAGMENTATION 80000000]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: packet from 82.113.99.80:33728: 
received Vendor ID payload [Dead Peer Detection]
Feb 12 11:08:22 wiederkaeuer pluto[3763]: "android2"[1] 82.113.99.80:33728 #34: 
responding to Main Mode from unknown peer 82.113.99.80:33728
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[1] 82.113.99.80:33728 #34: 
NAT-Traversal: Result using RFC 3947: peer is NATed
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[1] 82.113.99.80:33728 #34: 
Peer ID is ID_IPV4_ADDR: '10.59.79.80'
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:33728 #34: 
deleting connection "android2" instance with peer 82.113.99.80 
{isakmp=#0/ipsec=#0}
Feb 12 11:08:23 wiederkaeuer pluto[3763]: | NAT-T: new mapping 
82.113.99.80:33728/63442)
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: 
sent MR3, ISAKMP SA established
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: 
sending XAUTH request
Feb 12 11:08:23 wiederkaeuer pluto[3763]: packet from 82.113.99.80:63442: 
Informational Exchange is for an unknown (expired?) SA
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: 
parsing XAUTH reply
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: 
xauth user 'xoom' sent wrong password
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: 
extended authentication failed
Feb 12 11:08:23 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: 
sending XAUTH status:
Feb 12 11:08:24 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442 #34: 
parsing XAUTH ack
Feb 12 11:08:24 wiederkaeuer pluto[3763]: "android2"[2] 82.113.99.80:63442: 
deleting connection "android2" instance with peer 82.113.99.80 
{isakmp=#0/ipsec=#0}
Feb 12 11:08:24 wiederkaeuer pluto[3763]: packet from 82.113.99.80:63442: 
Informational Exchange is for an unknown (expired?) SA

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

[strongSwan] Strongswan+Android+Xauth

Reply via email to