[Swan] Problem with iPhone/iPad and XAUTH Group ID
Marc-Christian Petersen
m.c.p at gmx.de
Fri Mar 28 17:33:04 EET 2014
Hi Paul,
yep, I know about the bug but it doesn't happen here.
for whatever reason iOS is using hybrid mode when using
cisco ipsec mode with group name and PSK.
Maybe the problem is Libreswan not offering XAUTH when in
aggressive mode and iOS is falling back to hybrid?
Am 28.03.2014 um 16:25:33 Uhr schrieb Paul Wouters <paul at nohats.ca>:
> On Fri, 28 Mar 2014, Marc-Christian Petersen wrote:
>
>> Libreswan does not support Hybrid mode:
>>
>> Mar 28 16:04:51 vpn pluto[28426]: "XAUTH-GROUP"[2] 1.2.3.4 #2: Pluto does not support HybridInitRSA authentication. Attribute OAKLEY_AUTHENTICATION_METHOD
>
> The iphone should not be using hybrid mode. Be aware if you switch from
> PSK to CERT configurations on your iphone, and you don't wipe the
> PSK/ID information, your CERT connection will fail.
More information about the Swan
mailing list