[Openswan Users] OpenSwan and iPhone again

Paul Wouters paul at xelerance.com
Tue Sep 13 20:02:29 EDT 2011

On Tue, 13 Sep 2011, Shinji Ikari wrote:

> I'm trying to configure a pure rsa+xauth ipec vpn with openswan and iphone, but during negociation that message
> appear in log:

> Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[2] #1: XAUTH: Sending XAUTH Login/Password Request
> Sep 13 14:55:41 hefesto pluto[14933]: "iphone"[2] #1: XAUTH: Sending Username/Password request

> conn %default
>         authby=rsasig
>         leftrsasigkey=%cert
>         rightrsasigkey=%cert
>         keyingtries=1
>         keylife=20m
>         ikelifetime=240m
> conn iphone
>         auto=add
>         authby=rsasig
>         left=
>         right=%any
>         leftxauthserver=yes

add rightxauthclient=yes

>         leftca=cacert

Is that a filename? you shouldn't really need to specify this.

>         leftcert=hefesto

same here, is this a filename without extension? It should be a filename.

check if those certificates loaded with ipsec auto --listall

>         leftrsasigkey=%cert

You might need leftmodecfg/rightmodecf, please see "man ipsec.conf" for details.


More information about the Users mailing list