IPSec VPN (IKEv2) and Windows Phone 8: a failed marriage



  • Hello!

    I'm trying to enable the IPSec VPN to be able to connect my Windows Phone 8.1.
    I've followed the step-to-step guides, but get stuck in the same point.

    The log always reachs this point… and no more.

    
    Mar 31 15:50:56 	charon: 15[CFG] <7> looking for peer configs matching 200.70.23.138[%any]...186.141.198.11[10.202.57.30]
    Mar 31 15:50:56 	charon: 15[CFG] <con4|7>selected peer config 'con4'
    Mar 31 15:50:56 	charon: 15[IKE] <con4|7>initiating EAP_IDENTITY method (id 0x00)
    Mar 31 15:50:56 	charon: 15[IKE] <con4|7>processing INTERNAL_IP4_ADDRESS attribute
    Mar 31 15:50:56 	charon: 15[IKE] <con4|7>processing INTERNAL_IP4_DNS attribute
    Mar 31 15:50:56 	charon: 15[IKE] <con4|7>processing INTERNAL_IP4_NBNS attribute
    Mar 31 15:50:56 	charon: 15[IKE] <con4|7>processing INTERNAL_IP4_SERVER attribute
    Mar 31 15:50:56 	charon: 15[IKE] <con4|7>processing INTERNAL_IP6_ADDRESS attribute
    Mar 31 15:50:56 	charon: 15[IKE] <con4|7>processing INTERNAL_IP6_DNS attribute
    Mar 31 15:50:56 	charon: 15[IKE] <con4|7>processing INTERNAL_IP6_SERVER attribute
    Mar 31 15:50:56 	charon: 15[IKE] <con4|7>peer supports MOBIKE
    Mar 31 15:50:56 	charon: 15[IKE] <con4|7>authentication of 'C=AR, ST=Buenos Aires, L=Virrey del Pino, O=Runfo SA, E=sistemas@runfo.com.ar, CN=200.70.23.138' (myself) with RSA signature successful
    Mar 31 15:50:56 	charon: 15[IKE] <con4|7>sending end entity cert "C=AR, ST=Buenos Aires, L=Virrey del Pino, O=Runfo SA, E=sistemas@runfo.com.ar, CN=200.70.23.138"
    Mar 31 15:50:56 	charon: 15[ENC] <con4|7>generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
    Mar 31 15:50:56 	charon: 15[NET] <con4|7>sending packet: from 200.70.23.138[4500] to 186.141.198.11[9417] (1808 bytes)</con4|7></con4|7></con4|7></con4|7></con4|7></con4|7></con4|7></con4|7></con4|7></con4|7></con4|7></con4|7></con4|7></con4|7> 
    

    I've checked the EAP key configuration ('ve reading of the convenience of using email as identifier).
    Also generated new certificates, and imported those in the phone.
    Also i've tried to open the firewall to ALL the traffic from the IP of the phone.
    And 've another IPsec VPN site-to-site working, so isn't a firewall blocking problem.
    Tried also to disable MOBIKE.

    Any ideas?

    Jaír


  • Rebel Alliance Developer Netgate

    Have you been able to connect to that mobile VPN with any other clients that aren't Windows Phone?

    Nothing in the logs you posted suggest that it's being rejected by the server, which means the client is rejecting something the server is sending.

    9 times out of 10 that ends up being something that isn't right with the server certificate.


Log in to reply