[Openswan Users] OpenSwan and iPhone again
Shinji Ikari
bombayvdmo at yahoo.com.mx
Tue Sep 13 16:11:56 EDT 2011
Hi,
I'm trying to configure a pure rsa+xauth ipec vpn with openswan and iphone, but during negociation that message appear in log:
Sep 13 14:55:39 hefesto pluto[14933]: "iphone"[1] 172.23.254.126 #1: responding to Main Mode from unknown peer 172.23.254.126
Sep 13 14:55:39 hefesto pluto[14933]: "iphone"[1] 172.23.254.126 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 13 14:55:39 hefesto pluto[14933]: "iphone"[1] 172.23.254.126 #1: STATE_MAIN_R1: sent MR1, expecting MI2
Sep 13 14:55:40 hefesto pluto[14933]: "iphone"[1] 172.23.254.126 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
Sep 13 14:55:40 hefesto pluto[14933]: "iphone"[1] 172.23.254.126 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 13 14:55:40 hefesto pluto[14933]: "iphone"[1] 172.23.254.126 #1: STATE_MAIN_R2: sent MR2, expecting MI3
Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[1] 172.23.254.126 #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[1] 172.23.254.126 #1: Main mode peer ID is ID_DER_ASN1_DN: 'CN=host'
Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[1] 172.23.254.126 #1: no crl from issuer "CN=cacert" found (strict=no)
Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[1] 172.23.254.126 #1: switched from "iphone" to "iphone"
Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: deleting connection "iphone" instance with peer 172.23.254.126 {isakmp=#0/ipsec=#0}
Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: I am sending my cert
Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: new NAT mapping for #1, was 172.23.254.126:500, now 172.23.254.126:4500
Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_256 prf=oakley_sha group=modp1536}
Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: XAUTH: Sending XAUTH Login/Password Request
Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: XAUTH: Sending Username/Password request (XAUTH_R0)
Sep 13 14:55:44 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: discarding duplicate packet; already STATE_XAUTH_R0
Sep 13 14:55:47 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: discarding duplicate packet; already STATE_XAUTH_R0
Sep 13 14:55:50 hefesto pluto[14933]: "iphone"[2] 172.23.254.126 #1: discarding duplicate packet; already STATE_XAUTH_R0
My ipsec.conf file:
version2.0# conforms to second version of ipsec.conf specification
config setup
plutoopts="--perpeerlog"
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25/8
oe=off
protostack=netkey
conn %default
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
keyingtries=1
keylife=20m
ikelifetime=240m
conn iphone
auto=add
authby=rsasig
left=172.23.253.2
right=%any
leftxauthserver=yes
leftca=cacert
leftcert=hefesto
leftrsasigkey=%cert
ipsec.secrets
: RSA hefesto
@host : XAUTH "redhat"
passwd
host:lxMEQMBDRiWN6:*
RHEL6
openswan-2.6.32-4.el6_1.1.x86_64
Tks for your help.
Best regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110913/713aa3cc/attachment.html
More information about the Users
mailing list