[Openswan Users] need help with ipsec tunnel to iphone

Paul Wouters paul at xelerance.com
Tue May 24 16:08:03 EDT 2011

On Tue, 24 May 2011, Richard Pagotto wrote:

> i have created certificates and emailed myself, installed fine on iphone
> not sure which account name and password to set on the phone, i had to put in the password i used for the cert to
> install it

The one you put in /etc/ppp/chap-secrets on the l2tp server (or if you use ldap/radius those)

That assumes you are using L2TP. If using XAUTH, then the user/pass comes from the /etc/ipsec.d/htpasswd
file or if compiled with system pam, from your system password.

>         dpddelay=10
>         authby=rsasig
>         pfs=no
>         leftcert=/etc/ipsec.d/certs/strongswanCert.pem
>         left=
>         leftsubnet=
>         leftxauthserver=yes
>         leftmodecfgclient=yes
>         right=%any
>         rightsourceip=

Remove the rightsourceip= as the remote is not using openswan

>         rightcert=/etc/ipsec.d/certs/hostCert.pem
>         rightnexthop=%defaultroute

Same for rightnexthop=
>         rightxauthserver=yes
>         rightmodecfgclient=yes

Add: rightsubnet=vhost:%priv,%no

> May 24 21:28:52 linuxserver pluto[3517]: packet from initial Main Mode message received on
> but no connection has been authorized with policy=RSASIG

It fails to match your connection. You're not even getting to the XAUTH phase yet.


More information about the Users mailing list