4. Getting IPSec Working with 2.2.6 & iOS 9

Getting IPSec Working with 2.2.6 & iOS 9

  • R

    I have followed a bunch of different howto docs found online and still cannot locate where the error is.

    Negotiation mode is set as Main in VPN: IPsec: Edit Phase 1: Mobile Client.  I have tried setting it as Aggressive with no change.

    Of note is it seems that my iPhone (79.196.XXX.XXX) is requesting Main mode.  Is there a setting in VPN in iOS to change?

    Any help would be greatly appreciated.  This is driving me nuts.

    May 10 11:01:48 charon: 12[NET] <1> sending packet: from 192.168.XX.XXX [4500] to 70.196.XXX.XXX [2545] (108 bytes)
    May 10 11:01:48  charon: 12[ENC] <1> generating INFORMATIONAL_V1 request 165331397 [ HASH N(AUTH_FAILED) ]
    May 10 11:01:48 charon: 12[IKE] <1> found 1 matching config, but none allows XAuthInitPSK authentication using Main Mode
    May 10 11:01:48 charon: 12[CFG] <1> looking for XAuthInitPSK peer configs matching 192.168.XX.XXX70.196.XXX.XXX
    May 10 11:01:48 charon: 12[ENC] <1> parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    May 10 11:01:48 charon: 12[NET] <1> received packet: from 70.196.XXX.XXX[2545] to 192.168.XX.XXX[4500] (108 bytes)
    May 10 11:01:48 charon: 12[NET] <1> sending packet: from 192.168.XX.XXX[500] to 70.196.XXX.XXX[2542] (396 bytes)
    May 10 11:01:48 charon: 12[ENC] <1> generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    May 10 11:01:48 charon: 12[IKE] <1> remote host is behind NAT
    May 10 11:01:48 charon: 12[IKE] <1> local host is behind NAT, sending keep alives
    May 10 11:01:48 charon: 12[ENC] <1> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    May 10 11:01:48 charon: 12[NET] <1> received packet: from 70.196.XXX.XXX[2542] to 192.168.XX.XXX[500] (380 bytes)
    May 10 11:01:48 charon: 12[NET] <1> sending packet: from 192.168.XX.XXX [500] to 70.196.XXX.XXX[2542] (156 bytes)
    May 10 11:01:48 charon: 12[ENC] <1> generating ID_PROT response 0 [ SA V V V V ]
    May 10 11:01:48 charon: 12[IKE] <1> 70.196.XXX.XXX is initiating a Main Mode IKE_SA

    0
  • R

    OK, so if I specify a Group Name in iOS, the request becomes aggressive.  It still fails at:

    May 10 12:06:15 charon: 06[IKE] <15> found 1 matching config, but none allows XAuthInitPSK authentication using Aggressive Mode
    May 10 12:06:15 charon: 06[CFG] <15> looking for XAuthInitPSK peer configs matching 192.168.XX.XXX70.196.XXX.XXX[VPN]

    From VPN: IPsec: Edit Phase 1: Mobile Client - Phase 1 Proposal:

    Authentication method - Mutual PSK & Xauth
    Negotiation mode - Aggressive
    My Identifier - My IP Address
    Peer Identifier - Distinguished Name - VPN
    Pre-Shared Key - XXX

    What am I missing?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy