<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Marc-Christian,<br>
<br>
If I refer to what I document in the URL you pointed us to, the
Libreswan configuration in Mutual PSK + XAuth + DHCP + PAM mode
is:<br>
<br>
<pre> # Mutual PSK + XAuth + Fixed IP
conn Philippe_XAUTH_PSK
authby=secret
<b>aggrmode=yes</b>
leftxauthserver=yes
rightxauthclient=yes
rightid=@[GroupVPN]
xauthby=pam
also=FIXED_RIGHT_IP
# Mutual PSK + XAuth + DHCP
conn Philippe_XAUTH_PSK_DHCP
authby=secret
leftxauthserver=yes
rightxauthclient=yes
rightid=@[GroupVPN]
<b>aggrmode=yes</b>
also=DHCP_RIGHT_IP
xauthby=pam
</pre>
So I would say racoon on your iPhone is only configured to
negotiate Hybrid PSK + XAuth with Exchange type "aggresive"
instead of the Libreswan expected Mutual PSK + XAuth with Exchange
type "aggressive"<br>
<pre class="moz-signature" cols="72">Philippe Vouters (Fontainebleau/France)
URL: <a class="moz-txt-link-freetext" href="http://vouters.dyndns.org/">http://vouters.dyndns.org/</a>
SIP: <a class="moz-txt-link-abbreviated" href="mailto:sip:Vouters@sip.linphone.org">sip:Vouters@sip.linphone.org</a></pre>
On 03/28/2014 05:09 PM, Paul Wouters wrote:<br>
</div>
<blockquote
cite="mid:alpine.LFD.2.10.1403281208040.12457@bofh.nohats.ca"
type="cite">On Fri, 28 Mar 2014, Marc-Christian Petersen wrote:
<br>
<br>
<blockquote type="cite">yep, I know about the bug but it doesn't
happen here.
<br>
<br>
for whatever reason iOS is using hybrid mode when using
<br>
cisco ipsec mode with group name and PSK.
<br>
<br>
Maybe the problem is Libreswan not offering XAUTH when in
<br>
aggressive mode and iOS is falling back to hybrid?
<br>
</blockquote>
<br>
Does it not send the XAUTH vendor id in Aggressive Mode?
<br>
<br>
btw. There is unmaintained code in contrib/checkpoint-hybrid/ to
support
<br>
Hybrid Mode. If someone wants to merge in that code, and provide
some
<br>
interop testing (eg with Shrew Soft) we could pull that code into
the
<br>
main code base.
<br>
<br>
Paul
<br>
_______________________________________________
<br>
Swan mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<br>
<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
<br>
<br>
</blockquote>
<br>
</body>
</html>