-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello Lawrence,
I think to make this work, you have to specify two different pars of XAUTH credentials in ipsec.secrets. One for your iPad and one for your Android phone. Regards Noel Kuntze On 05.11.2013 14:35, Lawrence Chiu wrote: > I originally sent this email on 10/4/2013 but I got no replies, and after a > month, I still have this problem. Can anyone help? > > I followed the configuration shown in the wiki for Apple IOS clients. > http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple) > <http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29> > > It works on one remote client (iPad). When I connect a second remote client > (Android phone) to the VPN, the iPad is disconnected immediately. The > ipsec.conf, ipsec.secrets, and strongswan.conf files are same as the wiki > example with two changes to support multiple clients (change rightsourceip > and removed rightcert). > > $ diff ipsec.conf ipsec.conf.template > < rightsourceip=10.0.0.0/24 > --- > > rightsourceip=10.0.0.2 > > rightcert=clientCert.pem > > The /var/log/auth.log is attached starting from when USER #2 connects to the > VPN (at this time USER #1 is already connected and everything is working). > Thank you. > > Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: > received Vendor ID payload [RFC 3947] > Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] > Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] > Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: > ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] > Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: > received Vendor ID payload [XAUTH] > Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: > ignoring Vendor ID payload [Cisco-Unity] > Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: > ignoring Vendor ID payload [FRAGMENTATION 80000000] > Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:500: > received Vendor ID payload [Dead Peer Detection] > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4: responding > to Main Mode from unknown peer 192.168.0.3 > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4: > NAT-Traversal: Result using RFC 3947: both are NATed > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4: Peer ID is > ID_DER_ASN1_DN: 'C=CH, O=strongSwan, CN=win7.mycompany.local' > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4: crl not > found > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[5] 192.168.0.3 #4: certificate > status unknown > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3 #4: deleting > connection "ios" instance with peer 192.168.0.3 {isakmp=#0/ipsec=#0} > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3 #4: we have a > cert and are sending it upon request > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3 #4: deleting > connection "ios" instance with peer 70.139.113.210 {isakmp=#2/ipsec=#3} > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios" #3: deleting state > (STATE_QUICK_R2) > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios" #2: deleting state > (STATE_MODE_CFG_R1) > Oct 4 16:56:01 vmware-u003 pluto[5989]: lease 10.10.4.1 by 'vmware' went > offline > Oct 4 16:56:01 vmware-u003 pluto[5989]: | NAT-T: new mapping > 192.168.0.3:500/4500) > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: sent > MR3, ISAKMP SA established > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: > sending XAUTH request > Oct 4 16:56:01 vmware-u003 pluto[5989]: packet from 192.168.0.3:4500: > Informational Exchange is for an unknown (expired?) SA > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: > parsing XAUTH reply > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: > extended authentication was successful > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: > sending XAUTH status > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: > parsing XAUTH ack > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: > received XAUTH ack, established > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: > parsing ModeCfg request > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: peer > requested virtual IP %any > Oct 4 16:56:01 vmware-u003 pluto[5989]: reassigning offline lease to 'vmware' > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: > assigning virtual IP 10.10.4.1 to peer > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: > sending ModeCfg reply > Oct 4 16:56:01 vmware-u003 pluto[5989]: "ios"[6] 192.168.0.3:4500 #4: sent > ModeCfg reply, established > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSeRBEAAoJEDg5KY9j7GZYRncP/2j79MpIhNHCOlmxO/4dF6qt F19yyvYMXfWzBo1tCEnPP0SCTmVYSppxC2JPt9MFobEmvY/MJJwZBrA559wF+B9U R4FeyKAfCgwtMkpuhCdVf4CuOrikkF7HRihnGuBF4FyyDlSNghB77D30BDtU88SP L8YcZEn3Vx5i/RHin0xCFvIBcX17rq+iqWkh1ewbYEgvsQXc9aftFRcAIfZyh6NW oOWwsIWymdawbUpdMLBzfe+1z/fnP26OCFcAI/2n6Y48WNY2tMhIzo+3Y8CcPV8P jK59nAz7YhbgAoL8TjVb5pvw+DiXzmZ9Ap5VawH9fzJjUe++wcJU9CxENaNoqWhU 9Jp2MXECxaHNTKs+t7eL4roleOut38sUwcxW/WiAqlS807yzDC22E/DDafsVRhOc tvsh60MqERSHWGD38CS1tz4pqtcoB+1Kkulotc9dDTnq2aD+C9L291wswwrLk9lJ Alpas+ytP8lAH87NaJMG5Xzjb0RGdtgV+i0U5AAmWeEZ8ShqXM1mod3RDKZniwvp WkGZ0rmlBU+jdzNvaGbnBArZ9kjZzoUSL9vtGgqLWvqhEmYtPkqc1lVn3D5p3CSJ MczKf9qce2on2Kb0yWJUi5i0/eeL3emReAfclXJiDsgeSSMKEm7wBJGkq2iaeG6B cIMhtYg6qF0O2LtT+88D =FD1A -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
