Have xauth-pam working great with a OS X Maverick client, but when connecting from Android 4.4.2 with the same shared key and credentials it fails. If I configure strongswan to use xauth-generic and the same password but as a secret in ipsec.secret then it works, it's only xauth-pam that fails on Android. This is the log from a Android connection attempt:
charon: 13[NET] received packet: from 77.218.255.139[1067] to 37.139.4.179[500] (720 bytes) charon: 13[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ] charon: 13[IKE] received NAT-T (RFC 3947) vendor ID charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID charon: 13[IKE] received XAuth vendor ID charon: 13[IKE] received Cisco Unity vendor ID charon: 13[IKE] received FRAGMENTATION vendor ID charon: 13[IKE] received DPD vendor ID charon: 13[IKE] 77.218.255.139 is initiating a Main Mode IKE_SA charon: 13[ENC] generating ID_PROT response 0 [ SA V V V V ] charon: 13[NET] sending packet: from 37.139.4.179[500] to 77.218.255.139[1067] (160 bytes) charon: 14[NET] received packet: from 77.218.255.139[1067] to 37.139.4.179[500] (252 bytes) charon: 14[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] charon: 14[IKE] remote host is behind NAT charon: 14[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ] charon: 14[NET] sending packet: from 37.139.4.179[500] to 77.218.255.139[1067] (268 bytes) charon: 15[NET] received packet: from 77.218.255.139[1071] to 37.139.4.179[4500] (108 bytes) charon: 15[ENC] parsed ID_PROT request 0 [ ID HASH ] charon: 15[CFG] looking for XAuthInitPSK peer configs matching 37.139.4.179...77.218.255.139[100.74.223.139] charon: 15[CFG] selected peer config "psk-pam" charon: 15[ENC] generating ID_PROT response 0 [ ID HASH ] charon: 15[NET] sending packet: from 37.139.4.179[4500] to 77.218.255.139[1071] (92 bytes) charon: 15[ENC] generating TRANSACTION request 4035148199 [ HASH CPRQ(X_USER X_PWD) ] charon: 15[NET] sending packet: from 37.139.4.179[4500] to 77.218.255.139[1071] (92 bytes) charon: 16[NET] received packet: from 77.218.255.139[1071] to 37.139.4.179[4500] (124 bytes) charon: 16[ENC] parsed INFORMATIONAL_V1 request 3508586429 [ HASH N(INITIAL_CONTACT) ] charon: 04[NET] received packet: from 77.218.255.139[1071] to 37.139.4.179[4500] (140 bytes) charon: 04[ENC] parsed TRANSACTION response 4035148199 [ HASH CPRP(X_USER X_PWD) ] charon: 04[IKE] XAuth pam_authenticate for 'carl' failed: Authentication failure charon: 04[IKE] XAuth authentication of 'carl' failed charon: 04[ENC] generating TRANSACTION request 1756209894 [ HASH CPS(X_STATUS) ] charon: 04[NET] sending packet: from 37.139.4.179[4500] to 77.218.255.139[1071] (92 bytes) charon: 02[NET] received packet: from 77.218.255.139[1071] to 37.139.4.179[4500] (108 bytes) charon: 02[ENC] parsed TRANSACTION response 1756209894 [ HASH CPA(X_STATUS) ] charon: 02[IKE] destroying IKE_SA after failed XAuth authentication
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
