[Openswan Users] iPad IPSEC/L2TP->OpenSwan problem

Paul Wouters paul at xelerance.com
Wed Oct 27 17:10:45 EDT 2010

On Wed, 27 Oct 2010, John E.P. Hynes wrote:

> I have a configuration that works for windows clients but not for
> iPads.  I have included some of the changes suggested by (Nate Carlson?
> Can't remember) to the config files to allow Apple clients to connect.

> Oct 27 16:15:12 firewall pluto[5659]: "dynip-hosts"[3] x.x.x.x #7: byte
> 2 of ISAKMP Identification Payload must be zero, but is not
> Oct 27 16:15:12 firewall pluto[5659]: "dynip-hosts"[3] x.x.x.x #7:
> probable authentication failure (mismatch of preshared secrets?):
> malformed payload in packet

> The "mismatch of preshared secrets?" seems obvious - but I've checked to
> make sure they agree many times.

Did you make sure about this? Perhaps a weird character not supported on
the ipad?

> My "dynip-hosts" config looks like this:
> conn dynip-hosts
>     authby=secret
>     pfs=no
>     left=y.y.y.y
>     leftsubnet=
>     leftprotoport=17/1701
>     rightnexthop=%defaultroute
>     right=%any
>     rightprotoport=17/%any
>     rightsubnet=vhost:%priv,%no
>     forceencaps=yes
>     auto=add

forceencaps should not be needed.
leftsubnet= is wrong and should be left out
(if you put it there because your openswan server is behind a port foward,
remove it and put left=yourrealip there.

missing type=transport


More information about the Users mailing list