[Openswan Users] iPad IPSEC/L2TP->OpenSwan problem
Paul Wouters
paul at xelerance.com
Wed Oct 27 17:10:45 EDT 2010
On Wed, 27 Oct 2010, John E.P. Hynes wrote:
> I have a configuration that works for windows clients but not for
> iPads. I have included some of the changes suggested by (Nate Carlson?
> Can't remember) to the config files to allow Apple clients to connect.
> Oct 27 16:15:12 firewall pluto[5659]: "dynip-hosts"[3] x.x.x.x #7: byte
> 2 of ISAKMP Identification Payload must be zero, but is not
> Oct 27 16:15:12 firewall pluto[5659]: "dynip-hosts"[3] x.x.x.x #7:
> probable authentication failure (mismatch of preshared secrets?):
> malformed payload in packet
> The "mismatch of preshared secrets?" seems obvious - but I've checked to
> make sure they agree many times.
Did you make sure about this? Perhaps a weird character not supported on
the ipad?
> My "dynip-hosts" config looks like this:
>
> conn dynip-hosts
> authby=secret
> pfs=no
> left=y.y.y.y
> leftsubnet=10.0.0.0/24
> leftprotoport=17/1701
> rightnexthop=%defaultroute
> right=%any
> rightprotoport=17/%any
> rightsubnet=vhost:%priv,%no
> forceencaps=yes
> auto=add
forceencaps should not be needed.
leftsubnet= is wrong and should be left out
(if you put it there because your openswan server is behind a port foward,
remove it and put left=yourrealip there.
missing type=transport
Paul
More information about the Users
mailing list