[Openswan Users] OpenSwan and iPhone

Paul Wouters paul at xelerance.com
Tue Nov 24 16:10:02 EST 2009

On Tue, 24 Nov 2009, Helmut Manck wrote:

> when trying to establish an IPsec tunnel between a roadwarrior iphone OS 
> 3.1 and an openswan server running 2.6.21 I get some trouble regarding 
> modecfg settings.

Why not use L2TP? People are using that on their iphones to Openswan without

> Nov 24 19:35:30 server011 pluto[894]: "vpngateway-intranet"[2] 
> <iphone-ip> #1: the peer proposed: -> <iphone-ip>/32:0/0
> Nov 24 19:35:30 server011 pluto[894]: "vpngateway-intranet"[2] 
> <iphone-ip> #1: cannot respond to IPsec SA request because no connection 
> is known for<openswan box ip> [C=DE, ST=Berlin, L=Berlin, 
> O=eonas, OU=VPN Endpoint, 

The peer claims to want ? Beter not give it to them.

> When setting the leftsubnet (aka the openswan side) from 
> "leftsubnet=" to "leftsubnet=" the tunnel is 
> established but is not usable ( The openswan box is not reachable 
> anymore, with or without the tunnel ).

Yes because it now "lives" at the iphone.

> STATE_MODE_CFG_R1, and we aren't xauth client

You would need to use the xauthclient= and xauthserver= options. See man ipsec.conf.


More information about the Users mailing list