[Openswan Users] Problem with PSK - Certificate and iphone
Denis Beltramo
denis.beltramo at gmail.com
Thu Jan 29 12:01:21 EST 2009
Hello,
I have many problem with openswan.
I have now the iPhone.. so I have make the connection for this (see below)..
When i connect with mobile card (my iphone have a public ip) work,
when connect with a wireless behind nat NOT work
when connect with a windows xp behind nat to roadwarrior-iphone work.
the error is:
an 23 20:14:05 vpnserver pluto[10098]: "roadwarrior-iphone"[2]
11.22.33.44 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
Jan 23 20:14:05 vpnserver pluto[10098]: "roadwarrior-iphone"[2]
11.22.33.44 #1: ignoring informational payload, type
IPSEC_INITIAL_CONTACT
Jan 23 20:14:05 vpnserver pluto[10098]: "roadwarrior-iphone"[2]
11.22.33.44 #1: received and ignored informational message
Jan 23 20:14:06 vpnserver pluto[10098]: "roadwarrior-iphone"[2]
11.22.33.44 #1: cannot respond to IPsec SA request because no
connection is known for
123.123.123.124:17/1701...11.22.33.44[192.168.2.13]:17/49156===192.168.2.13/32
Jan 23 20:14:06 vpnserver pluto[10098]: "roadwarrior-iphone"[2]
11.22.33.44 #1: sending encrypted notification INVALID_ID_INFORMATION
to 11.22.33.44:36071
The the old connection (roadwarrior) with certificate don't work and say:
an 29 17:05:27 vpnserver pluto[6105]: "roadwarrior"[26] 22.43.21.44
#36: Dead Peer Detection (RFC 3706): not enabled because peer did not
advertise it
Jan 29 17:05:27 vpnserver pluto[6105]: "roadwarrior"[26] 22.43.21.44
#36: retransmitting in response to duplicate packet; already
STATE_MAIN_R3
Jan 29 17:05:27 vpnserver pluto[6105]: "roadwarrior"[26] 22.43.21.44
#37: responding to Quick Mode {msgid:6a15fc54}
Jan 29 17:05:27 vpnserver pluto[6105]: "roadwarrior"[26] 22.43.21.44
#37: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan 29 17:05:27 vpnserver pluto[6105]: "roadwarrior"[26] 22.43.21.44
#37: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting
QI2
Jan 29 17:05:28 vpnserver pluto[6105]: "roadwarrior"[26] 22.43.21.44
#37: Dead Peer Detection (RFC 3706): not enabled because peer did not
advertise it
Jan 29 17:05:28 vpnserver pluto[6105]: "roadwarrior"[26] 22.43.21.44
#37: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan 29 17:05:28 vpnserver pluto[6105]: "roadwarrior"[26] 22.43.21.44
#37: STATE_QUICK_R2: IPsec SA established {ESP/NAT=>0x00f59a30
<0x3e0da257 xfrm=3DES_0-HMAC_SHA1 NATD=22.43.21.44:4500 DPD=none}
You say the how to resolve my problem?
The conf file:
version 2.0
config setup
interfaces=%defaultroute
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!172.31.1.0/24
nat_traversal=yes
conn %default
keyingtries=3
compress=no
disablearrivalcheck=no
authby=rsasig
keyexchange=ike
ikelifetime=240m
keylife=60m
conn roadwarrior
left=123.123.123.123
leftcert=/etc/ipsec.d/certs/server2Cert.pem
leftid=123.123.123.123
leftrsasigkey=%cert
leftnexthop=%defaultroute
rightrsasigkey=%cert
leftprotoport=17/1701
rightprotoport=17/%any
rightsubnet=vhost:%priv,%no
forceencaps=yes
rightca=%same
right=%any
dpddelay=30
dpdtimeout=120
dpdaction=hold
type=transport
auto=add
pfs=no
conn roadwarrior-iphone
authby=secret
rekey=no
keyingtries=3
left=123.123.123.124
leftnexthop=%defaultroute
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
pfs=no
auto=add
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
--
Denis Beltramo
More information about the Users
mailing list