[Openswan Users] need help with ipsec tunnel to iphone
Paul Wouters
paul at xelerance.com
Tue May 24 16:08:03 EDT 2011
On Tue, 24 May 2011, Richard Pagotto wrote:
> i have created certificates and emailed myself, installed fine on iphone
>
> not sure which account name and password to set on the phone, i had to put in the password i used for the cert to
> install it
The one you put in /etc/ppp/chap-secrets on the l2tp server (or if you use ldap/radius those)
That assumes you are using L2TP. If using XAUTH, then the user/pass comes from the /etc/ipsec.d/htpasswd
file or if compiled with system pam, from your system password.
> dpddelay=10
> authby=rsasig
> pfs=no
> leftcert=/etc/ipsec.d/certs/strongswanCert.pem
> left=192.168.0.1
> leftsubnet=0.0.0.0/0
> leftxauthserver=yes
> leftmodecfgclient=yes
> right=%any
> rightsourceip=192.168.0.2
Remove the rightsourceip= as the remote is not using openswan
> rightcert=/etc/ipsec.d/certs/hostCert.pem
> rightnexthop=%defaultroute
Same for rightnexthop=
> rightxauthserver=yes
> rightmodecfgclient=yes
Add: rightsubnet=vhost:%priv,%no
> May 24 21:28:52 linuxserver pluto[3517]: packet from 203.20.35.28:33009: initial Main Mode message received on
> 192.168.0.2:500 but no connection has been authorized with policy=RSASIG
It fails to match your connection. You're not even getting to the XAUTH phase yet.
Paul
More information about the Users
mailing list