Hi All, I have managed to get iPhone with IOS 7 to work with strongswan working on WIFI by following the guide from strongswan wiki. But when on celluar network, I often get following message "Negotiation with the VPN server failed" on iPhone screen. At VPN gateway, I get following TCPDUMP message:
13:12:30.913877 IP [VPN_GW].500 > [iPhone IP].42527: isakmp: phase 1 R ident 13:12:31.181821 IP [iPhone IP].42527 > [VPN_GW].500: isakmp: phase 1 I ident 13:12:31.211092 IP [VPN_GW].500 > [iPhone IP].42527: isakmp: phase 1 R ident 13:12:31.603424 IP [iPhone IP].43078 > [VPN_GW].4500: NONESP-encap: isakmp: phase 1 I ident[E] 13:12:31.614877 IP [VPN_GW].4500 > [iPhone IP].43078: NONESP-encap: isakmp: phase 1 R ident[E] 13:12:31.615015 IP [VPN_GW].4500 > [iPhone IP].43078: NONESP-encap: isakmp: phase 2/others R #6[E] 13:12:41.081164 IP [VPN_GW].4500 > [iPhone IP].43078: NONESP-encap: isakmp: phase 2/others R #6[E] 13:13:01.101374 IP [VPN_GW].4500 > [iPhone IP].43078: NONESP-encap: isakmp: phase 2/others R #6[E] *13:13:01.486945 IP [iPhone IP] > [VPN_GW]: ICMP 203.117.37.234 udp port 43078 unreachable, length 36* When I run tcpdump when iPhone is in WIFI, I found all ike packets from iphone are using port 4500. And there is no udp port unreachable issue. VPN can be connected quite fast in WIFI. Is it because the port issue? Is it possible to set iphone client to use port 4500 for ike packets when in cellular network? Thanks a lot. Steven
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
