[Swan] Problem with iPhone/iPad and XAUTH Group ID
Marc-Christian Petersen
m.c.p at gmx.de
Fri Mar 28 17:06:28 EET 2014
Hi Philippe,
Libreswan does not support Hybrid mode:
Mar 28 16:04:51 vpn pluto[28426]: "XAUTH-GROUP"[2] 1.2.3.4 #2: Pluto does not support HybridInitRSA authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
so the iPhone lies.
Am 28.03.2014 um 15:45:55 Uhr schrieb Philippe Vouters <philippe.vouters at laposte.net>:
> The document you draw the attention onto on my Web site describes
> Shrew/Libreswan running in Mutual PSK/RSA + XAuth + DHCP + PAM
> Your trace left by racoon on your iPhone says:
>
> racoon[16654]: [16654] ERROR: No SIG was passed, hybrid auth is enabled, but peer is no Xauth compliant
>
> So I would set Shrew in hybrid mode and check whether this mode is indeed implemented in today's Libreswan V3.8.
>
> A long time ago when I tested Shrew's hybrid mode, Libreswan was saying in my Fedora /var/log/secure:
> #
> # Hybrid RSA. Leads to
> # Oct 11 16:53:00 victor pluto[12408]: "Philippe"[6] 192.168.1.3 #3: Pluto does not support HybridInitRSA authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
> # Oct 11 16:53:00 victor pluto[12408]: "Philippe"[6] 192.168.1.3 #3: no acceptable Oakley Transform
> # Oct 11 16:53:00 victor pluto[12408]: | complete state transition with (null)
> #
More information about the Swan
mailing list