[Swan] Connecting to OS X Server

Ali Gangji ali at neonrain.com
Sun Jan 11 19:08:06 EET 2015 

Thanks for your help, Paul. I switched the type to tunnel but that didn't
help. It just hangs now. Here's the output of ipsec auto --up:

002 "ner" #22: initiating Main Mode
104 "ner" #22: STATE_MAIN_I1: initiate
003 "ner" #22: received Vendor ID payload [RFC 3947]
003 "ner" #22: received Vendor ID payload [Dead Peer Detection]
002 "ner" #22: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)
002 "ner" #22: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "ner" #22: STATE_MAIN_I2: sent MI2, expecting MR2
003 "ner" #22: NAT-Traversal: Result using RFC 3947 (NAT-Traversal) sender
port 500: I am behind NAT+peer behind NAT
002 "ner" #22: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "ner" #22: STATE_MAIN_I3: sent MI3, expecting MR3
002 "ner" #22: Main mode peer ID is ID_IPV4_ADDR: '192.168.0.21'
002 "ner" #22: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "ner" #22: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY
cipher=aes_128 integ=sha group=MODP1024}
002 "ner" #22: Dead Peer Detection (RFC 3706): enabled
002 "ner" #23: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using
isakmp#22 msgid:61187bd5 proposal=defaults pfsgroup=no-pfs}
117 "ner" #23: STATE_QUICK_I1: initiate
010 "ner" #23: STATE_QUICK_I1: retransmission; will wait 10s for response
010 "ner" #23: STATE_QUICK_I1: retransmission; will wait 20s for response


On Sun, Jan 11, 2015 at 9:00 AM, Paul Wouters <paul at nohats.ca> wrote:

> On Sun, 11 Jan 2015, Ali Gangji wrote:
>
>  ipsec.conf connection config:
>>
>>         type=transport
>>         pfs=no
>>         keyingtries=0
>>         left=192.168.1.102
>>         leftsubnet=192.168.1.0/24
>>         right=XXX.dyndns.org
>>         rightid=192.168.0.X
>>         rightsubnet=192.168.0.0/24
>>
>
> wait, you must use type=tunnel if you have subnets.
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20150111/eed4b20a/attachment-0001.html>

More information about the Swan mailing list