Hello,<br /><br />I have a problem with openswan, I hope in your suggestion.<br /><br />I connect my windows mobile 6, 5, windows vista an xp to vpn ipsec with debian box / openswan.<br />Now I must connect an macOS Tiger but i Have two problem:<br />- the mac not connect<br />- the mobile not connect.<br /><br />My configuration is this:<br /><br />version 2.0<br /><br />config setup<br /> interfaces=%defaultroute<br /> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!172.31.1.0/24<br /> klipsdebug=none<br /> plutodebug=none<br /><br />conn %default<br /> keyingtries=3<br /> compress=no<br /> disablearrivalcheck=no<br />
authby=rsasig<br /> keyexchange=ike<br /> ikelifetime=240m<br /> keylife=60m<br /><br />conn roadwarrior<br /> left=123.123.123.123<br /> leftcert=/etc/ipsec.d/certs/serverCert.pem<br /> leftrsasigkey=%cert<br /> rightrsasigkey=%cert<br /> leftprotoport=17/1701<br /> leftnexthop=%defaultroute<br /> right=%any<br /> rightprotoport=17/1701<br /> rightsubnet=vhost:%priv,%no<br /> rightca=%same<br />
type=transport<br /> auto=add<br /> pfs=no<br /><br />conn roadwarrior-mac<br /> left=123.123.123.123<br /> leftid=123.123.123.123<br /> leftcert=/etc/ipsec.d/certs/servermacCert.pem<br /> leftrsasigkey=%cert<br /> rightrsasigkey=%cert<br /> leftprotoport=17/1701<br /> leftnexthop=%defaultroute<br /> right=%any<br /> rightprotoport=17/%any<br /> rightsubnet=vhost:%priv,%no<br /> rightca=%same<br />
type=transport<br /> auto=add<br /> pfs=no<br /><br />conn block<br /> auto=ignore<br /><br />conn clear-or-private<br /> auto=ignore<br /><br />conn clear<br /> auto=ignore<br /><br />conn packetdefault<br /> auto=ignore<br /><br /><br />The certificate are signed by same CA for both conn (roadwarrior and roadwarrior-mac), but the serverCert.pem when I have create this in the openssl.cnf i have put this:<br />extendedKeyUsage=1.3.6.1.5.5.8.2.2,serverAuth<br />SubjectAltName=IP:123.123.123.123<br />and for serverCert.pem, I have commented this.<br />When i comment all conn roadwarrior-mac the connection with mobile go up, but when i comment out dont'work, in the log i see that It use only roadwarrior-mac.<br /><br />The ques
tion:
what are the modify that i could use windows mobile and mac in the same configuration?<br /><br />When I try the connection with mac don't work and log say this:<br /><br />Apr 16 17:06:49 vpnserver pluto[4876]: "roadwarrior-mac"[1] 123.155.255.11 #1: responding to Main Mode from unknown peer 123.155.255.11<br />Apr 16 17:06:49 vpnserver pluto[4876]: "roadwarrior-mac"[1] 123.155.255.11 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br />Apr 16 17:06:49 vpnserver pluto[4876]: "roadwarrior-mac"[1] 123.155.255.11 #1: STATE_MAIN_R1: sent MR1, expecting MI2<br />Apr 16 17:06:50 vpnserver pluto[4876]: "roadwarrior-mac"[1] 123.155.255.11 #1: ignoring Vendor ID payload [KAME/racoon]<br />Apr 16 17:06:50 vpnserver pluto[4876]: "roadwarrior-mac"[1] 123.155.255.11 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<br />Apr 16 17:06:50 vpnserver pluto[4876]: "roadwarrior-mac"[1] 123.155.255.11 #1:
STATE_MAIN_R2: sent MR2, expecting MI3<br />Apr 16 17:06:50 vpnserver pluto[4876]: "roadwarrior-mac"[1] 123.155.255.11 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Italia, O=Merlospa, OU=Merlospa, CN=ISILine mac, E=noc@isiline.net'<br />Apr 16 17:06:50 vpnserver pluto[4876]: "roadwarrior-mac"[1] 123.155.255.11 #1: switched from "roadwarrior-mac" to "roadwarrior-mac"<br />Apr 16 17:06:50 vpnserver pluto[4876]: "roadwarrior-mac"[2] 2123.155.255.11 #1: deleting connection "roadwarrior-mac" instance with peer 123.155.255.11 {isakmp=#0/ipsec=#0}<br />Apr 16 17:06:50 vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1: I am sending my cert<br />Apr 16 17:06:50 vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<br />Apr 16 17:06:50 vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1: STATE_M
AIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<br />Apr 16 17:06:52 vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1: cannot respond to IPsec SA request because no connection is known for 212.210.164.87:17/1701...123.155.255.11[C=IT, ST=Italia, O=Merlospa, OU=Merlospa, CN=ISILine mac, E=noc@isiline.net]:17/%any===192.168.1.2/32<br />Apr 16 17:06:52 vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1: sending encrypted notification INVALID_ID_INFORMATION to 123.155.255.11:51071<br />Apr 16 17:06:55 vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x96aabc27 (perhaps this is a duplicated packet)<br />Apr 16 17:06:55 vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1: sending encrypted notification INVALID_MESSAGE_ID to 123.155.255.11:51071<br />Ap
r 16
17:06:58 vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x96aabc27 (perhaps this is a duplicated packet)<br />Apr 16 17:06:58 vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1: sending encrypted notification INVALID_MESSAGE_ID to 123.155.255.11:51071<br />Apr 16 17:07:01 vpnserver pluto[4876]: "roadwarrior-mac"[2] 123.155.255.11 #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x96aabc27 (perhaps this is a duplicated packet)<br /><br />For mac, where is the problem?