configured rc1 with: ./configure --sysconfdir=/etc --prefix=/usr --libexecdir=/usr/lib --enable-openssl --enable-nm --enable-agent --enable-gcrypt --enable-eap-gtc --enable-eap-md5 --enable-eap-mschapv2 --enable-eap-aka --enable-eap-aka-3gpp2 --enable-eap-identity
and am getting the following message: 00[LIB] feature PRIVKEY:DSA in 'pem' plugin has unsatisfied dependency: PRIVKEY:DSA 00[LIB] feature PUBKEY:DSA in 'pem' plugin has unsatisfied dependency: PUBKEY:DSA 00[LIB] feature CERT_DECODE:X509_OCSP_REQUEST in 'pem' plugin has unsatisfied dependency: CERT_DECODE:X509_OCSP_REQUEST Cant work out which options I am missing? Cheers Craig On Wed, Jun 20, 2012 at 8:23 PM, Craig Day <[email protected]> wrote: > Thanks Andreas. rc1, here I come!! > > Sent from my iPhone > > On 20/06/2012, at 7:54 PM, Andreas Steffen > <[email protected]> wrote: > > > Hi Craig, > > > > the OSX client sends an IKEv1 message but the strongSwan 4.6.4 charon > > daemon expects an IKEv2 negotiation and therefore ignores all > > IKEv1 messages. > > > > Workarounds: > > > > - Define keyexchange=ikev1 in ipsec.conf and start the pluto > > IKEv1 daemon by setting plutostart=yes in the config setup > > section of ipsec.conf. > > > > or > > > > - Download strongswan-5.0.0rc1 which has a combined IKEv1/IKEv2 > > charon daemon. You can omit the keyexchange parameter altogether > > so that the charon daemon will be able to handle both IKEv1 > > and IKEv2 connections. > > > > http://www.strongswan.org/uml/testresults5rc/ike/rw-cert/moon.statusall > > > > Best regards > > > > Andreas > > > > On 06/20/2012 12:11 PM, Craig Day wrote: > >> Hi Users, > >> > >> I am trying to setup a VPN between OSX (client) and Linux (server). I > >> have generated and successfully installed all the required keys and > >> certificates i.e. a CA cert, and a cert for both the client and the > >> server (signed with the CA cert). Wrapped up the client and CA cert into > >> pkcs12 and successfully installed and trusted them on the OSX client > >> side. I am using the built in OSX VPN client, configured to use the > >> client cert for user auth and machine auth. All looks good. On the > >> server side: > >> > >> root@lwlserver:~/strongswan-4.6.4# ipsec --version > >> Linux strongSwan U4.6.4/K2.6.35-32-server > >> > >> ipsec.conf: > >> > >> config setup > >> crlcheckinterval=180 > >> strictcrlpolicy=no > >> > >> ca livewireca > >> cacert=LivewireCACert.pem > >> auto=add > >> > >> conn %default > >> ikelifetime=60m > >> keylife=20m > >> rekeymargin=3m > >> keyingtries=1 > >> > >> conn rw > >> left=203.161.119.62 > >> leftcert=VPNServerCert.pem > >> leftid="C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, > >> CN=Livewire Labs VPNServer" > >> leftsubnet=192.168.20.0/24 <http://192.168.20.0/24> > >> rightid="C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, > >> CN=Livewire Labs VPNClient" > >> auto=add > >> > >> ipsec.secrets: > >> > >> # /etc/ipsec.secrets - strongSwan IPsec secrets file > >> > >> : RSA VPNServerKey.pem "its a secret" > >> > >> Running ipsec statusall before connect attempt give me: > >> > >> root@lwlserver:~/strongswan-4.6.4# ipsec statusall > >> Status of IKEv2 charon daemon (strongSwan 4.6.4): > >> uptime: 7 seconds, since Jun 20 17:35:27 2012 > >> malloc: sbrk 405504, mmap 0, used 285632, free 119872 > >> worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0, > >> scheduled: 0 > >> loaded plugins: aes des sha1 sha2 md5 random x509 revocation > >> constraints pubkey pkcs1 pkcs8 pgp pem openssl gcrypt fips-prf gmp agent > >> xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown > >> eap-identity eap-aka eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2 > >> Listening IP addresses: > >> 192.168.20.2 > >> Connections: > >> rw: 203.161.119.62...%any > >> rw: local: [C=AU, ST=Western Australia, O=Livewire Labs Pty > >> Ltd, CN=Livewire Labs VPNServer] uses public key authentication > >> rw: cert: "C=AU, ST=Western Australia, O=Livewire Labs Pty > >> Ltd, CN=Livewire Labs VPNServer" > >> rw: remote: [C=AU, ST=Western Australia, O=Livewire Labs Pty > >> Ltd, CN=Livewire Labs VPNClient] uses any authentication > >> rw: child: 192.168.20.0/24 <http://192.168.20.0/24> === > >> dynamic TUNNEL > >> Security Associations (0 up, 0 connecting): > >> none > >> > >> Heres the log of the startup and subsequent failed connection attempt: > >> > >> root@lwlserver:/etc/ipsec.d/private# grep -v ASN /var/log/charon.log > >> 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.6.4) > >> 00[LIB] plugin 'aes': loaded successfully > >> 00[LIB] plugin 'des': loaded successfully > >> 00[LIB] plugin 'sha1': loaded successfully > >> 00[LIB] plugin 'sha2': loaded successfully > >> 00[LIB] plugin 'md5': loaded successfully > >> 00[LIB] plugin 'random': loaded successfully > >> 00[LIB] plugin 'x509': loaded successfully > >> 00[LIB] plugin 'revocation': loaded successfully > >> 00[LIB] plugin 'constraints': loaded successfully > >> 00[LIB] plugin 'pubkey': loaded successfully > >> 00[LIB] plugin 'pkcs1': loaded successfully > >> 00[LIB] plugin 'pkcs8': loaded successfully > >> 00[LIB] plugin 'pgp': loaded successfully > >> 00[LIB] plugin 'pem': loaded successfully > >> 00[LIB] plugin 'openssl': loaded successfully > >> 00[LIB] plugin 'gcrypt': loaded successfully > >> 00[LIB] plugin 'fips-prf': loaded successfully > >> 00[LIB] plugin 'gmp': loaded successfully > >> 00[LIB] plugin 'agent': loaded successfully > >> 00[LIB] plugin 'xcbc': loaded successfully > >> 00[LIB] plugin 'cmac': loaded successfully > >> 00[LIB] plugin 'hmac': loaded successfully > >> 00[LIB] plugin 'attr': loaded successfully > >> 00[LIB] plugin 'kernel-netlink': loaded successfully > >> 00[KNL] listening on interfaces: > >> 00[KNL] eth0 > >> 00[KNL] 192.168.20.2 > >> 00[KNL] fe80::21e:58ff:fe49:5037 > >> 00[LIB] plugin 'resolve': loaded successfully > >> 00[LIB] plugin 'socket-default': loaded successfully > >> 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' > >> 00[CFG] loaded ca certificate "C=AU, ST=Western Australia, L=Perth, > >> O=Livewire Labs Pty Ltd, CN=Livewire Labs CA" from > >> '/etc/ipsec.d/cacerts/LivewireCACert.pem' > >> 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' > >> 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' > >> 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' > >> 00[CFG] loading crls from '/etc/ipsec.d/crls' > >> 00[CFG] loading secrets from '/etc/ipsec.secrets' > >> 00[CFG] loaded RSA private key from > >> '/etc/ipsec.d/private/VPNServerKey.pem' > >> 00[LIB] plugin 'stroke': loaded successfully > >> 00[LIB] plugin 'updown': loaded successfully > >> 00[LIB] plugin 'eap-identity': loaded successfully > >> 00[LIB] plugin 'eap-aka': loaded successfully > >> 00[LIB] plugin 'eap-aka-3gpp2': loaded successfully > >> 00[LIB] plugin 'eap-md5': loaded successfully > >> 00[LIB] plugin 'eap-gtc': loaded successfully > >> 00[LIB] plugin 'eap-mschapv2': loaded successfully > >> 00[CFG] DBUS binding failed > >> 00[LIB] plugin 'nm': failed to load - nm_plugin_create returned NULL > >> 00[DMN] loaded plugins: aes des sha1 sha2 md5 random x509 revocation > >> constraints pubkey pkcs1 pkcs8 pgp pem openssl gcrypt fips-prf gmp agent > >> xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown > >> eap-identity eap-aka eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2 > >> 00[JOB] spawning 16 worker threads > >> 01[LIB] created thread 01 [11370] > >> 01[JOB] started worker thread 01 > >> 02[LIB] created thread 02 [11371] > >> 02[JOB] started worker thread 02 > >> 04[LIB] created thread 04 [11373] > >> 03[LIB] created thread 03 [11372] > >> 03[JOB] started worker thread 03 > >> 06[LIB] created thread 06 [11375] > >> 06[JOB] started worker thread 06 > >> 08[LIB] created thread 08 [11377] > >> 08[JOB] started worker thread 08 > >> 05[LIB] created thread 05 [11374] > >> 13[LIB] created thread 13 [11382] > >> 10[LIB] created thread 10 [11379] > >> 15[LIB] created thread 15 [11384] > >> 15[JOB] started worker thread 15 > >> 01[JOB] no events, waiting > >> 11[LIB] created thread 11 [11380] > >> 11[JOB] started worker thread 11 > >> 12[LIB] created thread 12 [11381] > >> 12[JOB] started worker thread 12 > >> 11[NET] waiting for data on sockets > >> 09[LIB] created thread 09 [11378] > >> 09[JOB] started worker thread 09 > >> 14[LIB] created thread 14 [11383] > >> 14[JOB] started worker thread 14 > >> 10[JOB] started worker thread 10 > >> 07[LIB] created thread 07 [11376] > >> 07[JOB] started worker thread 07 > >> 13[JOB] started worker thread 13 > >> 04[JOB] started worker thread 04 > >> 05[JOB] started worker thread 05 > >> 16[LIB] created thread 16 [11385] > >> 16[JOB] started worker thread 16 > >> 12[CFG] stroke message => 614 bytes @ 0x7f8eb7892a80 > >> ... (removed for brevity) > >> 12[CFG] received stroke: add ca 'livewireca' > >> 12[CFG] ca livewireca > >> 12[CFG] cacert=LivewireCACert.pem > >> 12[CFG] crluri=(null) > >> 12[CFG] crluri2=(null) > >> 12[CFG] ocspuri=(null) > >> 12[CFG] ocspuri2=(null) > >> 12[CFG] certuribase=(null) > >> 12[CFG] added ca 'livewireca' > >> 10[CFG] stroke message => 863 bytes @ 0x7f8eb8894990 > >> ... (removed for brevity) > >> 10[CFG] received stroke: add connection 'rw' > >> 10[CFG] conn rw > >> 10[CFG] left=203.161.119.62 > >> 10[CFG] leftsubnet=192.168.20.0/24 <http://192.168.20.0/24> > >> 10[CFG] leftsourceip=(null) > >> 10[CFG] leftauth=(null) > >> 10[CFG] leftauth2=(null) > >> 10[CFG] leftid=C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, > >> CN=Livewire Labs VPNServer > >> 10[CFG] leftid2=(null) > >> 10[CFG] leftrsakey=(null) > >> 10[CFG] leftcert=VPNServerCert.pem > >> 10[CFG] leftcert2=(null) > >> 10[CFG] leftca=(null) > >> 10[CFG] leftca2=(null) > >> 10[CFG] leftgroups=(null) > >> 10[CFG] leftupdown=(null) > >> 10[CFG] right=%any > >> 10[CFG] rightsubnet=(null) > >> 10[CFG] rightsourceip=(null) > >> 10[CFG] rightauth=(null) > >> 10[CFG] rightauth2=(null) > >> 10[CFG] rightid=C=AU, ST=Western Australia, O=Livewire Labs Pty Ltd, > >> CN=Livewire Labs VPNClient > >> 10[CFG] rightid2=(null) > >> 10[CFG] rightrsakey=(null) > >> 10[CFG] rightcert=(null) > >> 10[CFG] rightcert2=(null) > >> 10[CFG] rightca=(null) > >> 10[CFG] rightca2=(null) > >> 10[CFG] rightgroups=(null) > >> 10[CFG] rightupdown=(null) > >> 10[CFG] eap_identity=(null) > >> 10[CFG] aaa_identity=(null) > >> 10[CFG] ike=aes128-sha1-modp2048,3des-sha1-modp1536 > >> 10[CFG] esp=aes128-sha1,3des-sha1 > >> 10[CFG] dpddelay=30 > >> 10[CFG] dpdaction=0 > >> 10[CFG] closeaction=0 > >> 10[CFG] mediation=no > >> 10[CFG] mediated_by=(null) > >> 10[CFG] me_peerid=(null) > >> 10[KNL] getting interface name for %any > >> 10[KNL] %any is not a local address > >> 10[KNL] getting interface name for 203.161.119.62 > >> 10[KNL] 203.161.119.62 is not a local address > >> 10[CFG] left nor right host is our side, assuming left=local > >> 10[CFG] loaded certificate "C=AU, ST=Western Australia, O=Livewire > >> Labs Pty Ltd, CN=Livewire Labs VPNServer" from 'VPNServerCert.pem' > >> 10[CFG] added configuration 'rw' > >> 07[CFG] stroke message => 584 bytes @ 0x7f8eba097aa0 > >> ... (removed for brevity) > >> 07[CFG] proposing traffic selectors for us: > >> 07[CFG] 192.168.20.0/24 <http://192.168.20.0/24> (derived from > >> 192.168.20.0/24 <http://192.168.20.0/24>) > >> 07[CFG] proposing traffic selectors for other: > >> 07[CFG] dynamic (derived from dynamic) > >> 11[NET] received packet => 476 bytes @ 0x7f8eb8091370 > >> 11[NET] 0: 22 6E D8 2A 38 A2 4A C2 00 00 00 00 00 00 00 00 > >> "n.*8.J......... > >> 11[NET] 16: 01 10 02 00 00 00 00 00 00 00 01 DC 0D 00 00 E4 > >> ................ > >> 11[NET] 32: 00 00 00 01 00 00 00 01 00 00 00 D8 01 01 00 06 > >> ................ > >> 11[NET] 48: 03 00 00 24 01 01 00 00 80 0B 00 01 80 0C 0E 10 > >> ...$............ > >> 11[NET] 64: 80 01 00 07 80 0E 01 00 80 03 00 03 80 02 00 02 > >> ................ > >> 11[NET] 80: 80 04 00 02 03 00 00 24 02 01 00 00 80 0B 00 01 > >> .......$........ > >> 11[NET] 96: 80 0C 0E 10 80 01 00 07 80 0E 01 00 80 03 00 03 > >> ................ > >> 11[NET] 112: 80 02 00 01 80 04 00 02 03 00 00 24 03 01 00 00 > >> ...........$.... > >> 11[NET] 128: 80 0B 00 01 80 0C 0E 10 80 01 00 07 80 0E 00 80 > >> ................ > >> 11[NET] 144: 80 03 00 03 80 02 00 02 80 04 00 02 03 00 00 24 > >> ...............$ > >> 11[NET] 160: 04 01 00 00 80 0B 00 01 80 0C 0E 10 80 01 00 07 > >> ................ > >> 11[NET] 176: 80 0E 00 80 80 03 00 03 80 02 00 01 80 04 00 02 > >> ................ > >> 11[NET] 192: 03 00 00 20 05 01 00 00 80 0B 00 01 80 0C 0E 10 ... > >> ............ > >> 11[NET] 208: 80 01 00 05 80 03 00 03 80 02 00 02 80 04 00 02 > >> ................ > >> 11[NET] 224: 00 00 00 20 06 01 00 00 80 0B 00 01 80 0C 0E 10 ... > >> ............ > >> 11[NET] 240: 80 01 00 05 80 03 00 03 80 02 00 01 80 04 00 02 > >> ................ > >> 11[NET] 256: 0D 00 00 14 4A 13 1C 81 07 03 58 45 5C 57 28 F2 > >> ....J.....XE\W(. > >> 11[NET] 272: 0E 95 45 2F 0D 00 00 14 4D F3 79 28 E9 FC 4F D1 > >> ..E/....M.y(..O. > >> 11[NET] 288: B3 26 21 70 D5 15 C6 62 0D 00 00 14 8F 8D 83 82 > >> .&!p...b........ > >> 11[NET] 304: 6D 24 6B 6F C7 A8 A6 A4 28 C1 1D E8 0D 00 00 14 > >> m$ko....(....... > >> 11[NET] 320: 43 9B 59 F8 BA 67 6C 4C 77 37 AE 22 EA B8 F5 82 > >> C.Y..glLw7.".... > >> 11[NET] 336: 0D 00 00 14 4D 1E 0E 13 6D EA FA 34 C4 F3 EA 9F > >> ....M...m..4.... > >> 11[NET] 352: 02 EC 72 85 0D 00 00 14 80 D0 BB 3D EF 54 56 5E > >> ..r........=.TV^ > >> 11[NET] 368: E8 46 45 D4 C8 5C E3 EE 0D 00 00 14 99 09 B6 4E > >> .FE..\.........N > >> 11[NET] 384: ED 93 7C 65 73 DE 52 AC E9 52 FA 6B 0D 00 00 14 > >> ..|es.R..R.k.... > >> 11[NET] 400: 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56 > >> }...S..o,....R.V > >> 11[NET] 416: 0D 00 00 14 CD 60 46 43 35 DF 21 F8 7C FD B2 FC > >> .....`FC5.!.|... > >> 11[NET] 432: 68 B6 A4 48 0D 00 00 14 90 CB 80 91 3E BB 69 6E > >> h..H........>.in > >> 11[NET] 448: 08 63 81 B5 EC 42 7B 1F 00 00 00 14 AF CA D7 13 > >> .c...B{......... > >> 11[NET] 464: 68 A1 F1 C9 6B 86 96 FC 77 57 01 00 > h...k...wW.. > >> 11[NET] received packet: from 192.168.20.3[500] to 192.168.20.2[500] > >> 11[ENC] parsing header of message > >> 11[ENC] parsing HEADER payload, 476 bytes left > >> 11[ENC] parsing payload from => 476 bytes @ 0x7f8eb0000d20 > >> 11[ENC] 0: 22 6E D8 2A 38 A2 4A C2 00 00 00 00 00 00 00 00 > >> "n.*8.J......... > >> 11[ENC] 16: 01 10 02 00 00 00 00 00 00 00 01 DC 0D 00 00 E4 > >> ................ > >> 11[ENC] 32: 00 00 00 01 00 00 00 01 00 00 00 D8 01 01 00 06 > >> ................ > >> 11[ENC] 48: 03 00 00 24 01 01 00 00 80 0B 00 01 80 0C 0E 10 > >> ...$............ > >> 11[ENC] 64: 80 01 00 07 80 0E 01 00 80 03 00 03 80 02 00 02 > >> ................ > >> 11[ENC] 80: 80 04 00 02 03 00 00 24 02 01 00 00 80 0B 00 01 > >> .......$........ > >> 11[ENC] 96: 80 0C 0E 10 80 01 00 07 80 0E 01 00 80 03 00 03 > >> ................ > >> 11[ENC] 112: 80 02 00 01 80 04 00 02 03 00 00 24 03 01 00 00 > >> ...........$.... > >> 11[ENC] 128: 80 0B 00 01 80 0C 0E 10 80 01 00 07 80 0E 00 80 > >> ................ > >> 11[ENC] 144: 80 03 00 03 80 02 00 02 80 04 00 02 03 00 00 24 > >> ...............$ > >> 11[ENC] 160: 04 01 00 00 80 0B 00 01 80 0C 0E 10 80 01 00 07 > >> ................ > >> 11[ENC] 176: 80 0E 00 80 80 03 00 03 80 02 00 01 80 04 00 02 > >> ................ > >> 11[ENC] 192: 03 00 00 20 05 01 00 00 80 0B 00 01 80 0C 0E 10 ... > >> ............ > >> 11[ENC] 208: 80 01 00 05 80 03 00 03 80 02 00 02 80 04 00 02 > >> ................ > >> 11[ENC] 224: 00 00 00 20 06 01 00 00 80 0B 00 01 80 0C 0E 10 ... > >> ............ > >> 11[ENC] 240: 80 01 00 05 80 03 00 03 80 02 00 01 80 04 00 02 > >> ................ > >> 11[ENC] 256: 0D 00 00 14 4A 13 1C 81 07 03 58 45 5C 57 28 F2 > >> ....J.....XE\W(. > >> 11[ENC] 272: 0E 95 45 2F 0D 00 00 14 4D F3 79 28 E9 FC 4F D1 > >> ..E/....M.y(..O. > >> 11[ENC] 288: B3 26 21 70 D5 15 C6 62 0D 00 00 14 8F 8D 83 82 > >> .&!p...b........ > >> 11[ENC] 304: 6D 24 6B 6F C7 A8 A6 A4 28 C1 1D E8 0D 00 00 14 > >> m$ko....(....... > >> 11[ENC] 320: 43 9B 59 F8 BA 67 6C 4C 77 37 AE 22 EA B8 F5 82 > >> C.Y..glLw7.".... > >> 11[ENC] 336: 0D 00 00 14 4D 1E 0E 13 6D EA FA 34 C4 F3 EA 9F > >> ....M...m..4.... > >> 11[ENC] 352: 02 EC 72 85 0D 00 00 14 80 D0 BB 3D EF 54 56 5E > >> ..r........=.TV^ > >> 11[ENC] 368: E8 46 45 D4 C8 5C E3 EE 0D 00 00 14 99 09 B6 4E > >> .FE..\.........N > >> 11[ENC] 384: ED 93 7C 65 73 DE 52 AC E9 52 FA 6B 0D 00 00 14 > >> ..|es.R..R.k.... > >> 11[ENC] 400: 7D 94 19 A6 53 10 CA 6F 2C 17 9D 92 15 52 9D 56 > >> }...S..o,....R.V > >> 11[ENC] 416: 0D 00 00 14 CD 60 46 43 35 DF 21 F8 7C FD B2 FC > >> .....`FC5.!.|... > >> 11[ENC] 432: 68 B6 A4 48 0D 00 00 14 90 CB 80 91 3E BB 69 6E > >> h..H........>.in > >> 11[ENC] 448: 08 63 81 B5 EC 42 7B 1F 00 00 00 14 AF CA D7 13 > >> .c...B{......... > >> 11[ENC] 464: 68 A1 F1 C9 6B 86 96 FC 77 57 01 00 > h...k...wW.. > >> 11[ENC] parsing rule 0 IKE_SPI > >> 11[ENC] => => 8 bytes @ 0x7f8eb0001280 > >> 11[ENC] 0: 22 6E D8 2A 38 A2 4A C2 "n.*8.J. > >> 11[ENC] parsing rule 1 IKE_SPI > >> 11[ENC] => => 8 bytes @ 0x7f8eb0001288 > >> 11[ENC] 0: 00 00 00 00 00 00 00 00 ........ > >> 11[ENC] parsing rule 2 U_INT_8 > >> 11[ENC] => 1 > >> 11[ENC] parsing rule 3 U_INT_4 > >> 11[ENC] => 1 > >> 11[ENC] parsing rule 4 U_INT_4 > >> 11[ENC] => 0 > >> 11[ENC] parsing rule 5 U_INT_8 > >> 11[ENC] => 2 > >> 11[ENC] parsing rule 6 RESERVED_BIT > >> 11[ENC] => 0 > >> 11[ENC] parsing rule 7 RESERVED_BIT > >> 11[ENC] => 0 > >> 11[ENC] parsing rule 8 FLAG > >> 11[ENC] => 0 > >> 11[ENC] parsing rule 9 FLAG > >> 11[ENC] => 0 > >> 11[ENC] parsing rule 10 FLAG > >> 11[ENC] => 0 > >> 11[ENC] parsing rule 11 RESERVED_BIT > >> 11[ENC] => 0 > >> 11[ENC] parsing rule 12 RESERVED_BIT > >> 11[ENC] => 0 > >> 11[ENC] parsing rule 13 RESERVED_BIT > >> 11[ENC] => 0 > >> 11[ENC] parsing rule 14 U_INT_32 > >> 11[ENC] => 0 > >> 11[ENC] parsing rule 15 HEADER_LENGTH > >> 11[ENC] => 476 > >> 11[ENC] parsing HEADER payload finished > >> 11[ENC] header verification failed > >> 11[NET] received invalid IKE header from 192.168.20.3 - ignored > >> 11[NET] waiting for data on sockets > >> 11[NET] received packet => 476 bytes @ 0x7f8eb8091370 > >> 11[NET] 0: 22 6E D8 2A 38 A2 4A C2 00 00 00 00 00 00 00 00 > >> "n.*8.J......... > >> > >> This last chunk of entries is repeated 3 times as the OSX client > retries. > >> > >> The OSX log matches the behaviour: > >> > >> 20/06/12 5:49:33.357 PM configd: SCNC: start, triggered by System > >> Preferen, type L2TP, status 0 > >> 20/06/12 5:49:33.399 PM pppd: pppd 2.4.2 (Apple version 560.13) started > >> by craig, uid 501 > >> 20/06/12 5:49:33.413 PM pppd: L2TP connecting to server '192.168.20.2' > >> (192.168.20.2)... > >> 20/06/12 5:49:33.415 PM pppd: IPSec connection started > >> 20/06/12 5:49:33.493 PM racoon: Connecting. > >> 20/06/12 5:49:33.493 PM racoon: IPSec Phase1 started (Initiated by me). > >> 20/06/12 5:49:33.494 PM racoon: IKE Packet: transmit success. > >> (Initiator, Main-Mode message 1). > >> 20/06/12 5:49:36.497 PM racoon: IKE Packet: transmit success. (Phase1 > >> Retransmit). > >> 20/06/12 5:49:39.500 PM racoon: IKE Packet: transmit success. (Phase1 > >> Retransmit). > >> 20/06/12 5:49:42.503 PM racoon: IKE Packet: transmit success. (Phase1 > >> Retransmit). > >> 20/06/12 5:49:43.494 PM pppd: IPSec connection failed > >> > >> Can anyone help with my problem? FWIW I would be happy to write up the > >> process I went through for the wiki if I can just get over this final > >> hump. I can't believe I am the only one out there trying to get OSX > >> talking to Strongswan (maybe I am the only one failing though :) ) > >> > >> Cheers > >> Craig > >> > >> p.s. I tried the built in Vpn client on a Windows 7 box and it appeared > >> to get a lot further, though I didn't bother setting up the auth/certs > >> correctly. It definitely managed to send headers and subsequent messages > >> that Strongswan was able to parse. > >> > >> > >> > >> > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> https://lists.strongswan.org/mailman/listinfo/users > > > > > > -- > > ====================================================================== > > Andreas Steffen [email protected] > > strongSwan - the Linux VPN Solution! www.strongswan.org > > Institute for Internet Technologies and Applications > > University of Applied Sciences Rapperswil > > CH-8640 Rapperswil (Switzerland) > > ===========================================================[ITA-HSR]== >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
