[Openswan Users] OpenSwan and iPhone
Paul Wouters
paul at xelerance.com
Tue Nov 24 16:10:02 EST 2009
On Tue, 24 Nov 2009, Helmut Manck wrote:
>
> when trying to establish an IPsec tunnel between a roadwarrior iphone OS
> 3.1 and an openswan server running 2.6.21 I get some trouble regarding
> modecfg settings.
Why not use L2TP? People are using that on their iphones to Openswan without
problems.
> Nov 24 19:35:30 server011 pluto[894]: "vpngateway-intranet"[2]
> <iphone-ip> #1: the peer proposed: 0.0.0.0/0:0/0 -> <iphone-ip>/32:0/0
> Nov 24 19:35:30 server011 pluto[894]: "vpngateway-intranet"[2]
> <iphone-ip> #1: cannot respond to IPsec SA request because no connection
> is known for 0.0.0.0/0===<openswan box ip> [C=DE, ST=Berlin, L=Berlin,
> O=eonas, OU=VPN Endpoint,
The peer claims to want 0.0.0.0/0 ? Beter not give it to them.
> When setting the leftsubnet (aka the openswan side) from
> "leftsubnet=10.2.0.0/24" to "leftsubnet=0.0.0.0/0" the tunnel is
> established but is not usable ( The openswan box is not reachable
> anymore, with or without the tunnel ).
Yes because it now "lives" at the iphone.
> STATE_MODE_CFG_R1, and we aren't xauth client
You would need to use the xauthclient= and xauthserver= options. See man ipsec.conf.
Paul
More information about the Users
mailing list