[Swan] Problem with iPhone/iPad and XAUTH Group ID
Philippe Vouters
philippe.vouters at laposte.net
Fri Mar 28 17:35:23 EET 2014
Dear Marc-Christian,
If you succeed to make racoon in your iPhone work in *Mutual RSA* mode,
then the document you pointed out should apply to the iPhone/Libreswan
pair and SSL certificates.
Yours truly,
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org
On 03/28/2014 04:06 PM, Marc-Christian Petersen wrote:
> Hi Philippe,
>
> Libreswan does not support Hybrid mode:
>
> Mar 28 16:04:51 vpn pluto[28426]: "XAUTH-GROUP"[2] 1.2.3.4 #2: Pluto does not support HybridInitRSA authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
>
> so the iPhone lies.
>
>
> Am 28.03.2014 um 15:45:55 Uhr schrieb Philippe Vouters <philippe.vouters at laposte.net>:
>
>> The document you draw the attention onto on my Web site describes
>> Shrew/Libreswan running in Mutual PSK/RSA + XAuth + DHCP + PAM
>> Your trace left by racoon on your iPhone says:
>>
>> racoon[16654]: [16654] ERROR: No SIG was passed, hybrid auth is enabled, but peer is no Xauth compliant
>>
>> So I would set Shrew in hybrid mode and check whether this mode is indeed implemented in today's Libreswan V3.8.
>>
>> A long time ago when I tested Shrew's hybrid mode, Libreswan was saying in my Fedora /var/log/secure:
>> #
>> # Hybrid RSA. Leads to
>> # Oct 11 16:53:00 victor pluto[12408]: "Philippe"[6] 192.168.1.3 #3: Pluto does not support HybridInitRSA authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
>> # Oct 11 16:53:00 victor pluto[12408]: "Philippe"[6] 192.168.1.3 #3: no acceptable Oakley Transform
>> # Oct 11 16:53:00 victor pluto[12408]: | complete state transition with (null)
>> #
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20140328/5cfcaa31/attachment.html>
More information about the Swan
mailing list