sorry wrong file.
This is the configuration:
remote anonymous
{
        exchange_mode    aggressive,main;
        passive          on;
        proposal_check   obey;
        support_proxy    on;
        nat_traversal    on;
        ike_frag         on;
        dpd_delay        20;
        proposal
        {
                encryption_algorithm  aes;
                hash_algorithm        sha1;
                authentication_method pre_shared_key;
                dh_group              modp1024;
        }
}
sainfo anonymous
{
        encryption_algorithm     aes;
        authentication_algorithm hmac_sha1;
        compression_algorithm    deflate;
        pfs_group                modp1024;
}


On Fri, Aug 30, 2013 at 12:26 AM, MagicFish1990 <magicfish1990@gmail.com> wrote:
iOS completely unable to connect, try several different configurations are invalid.
There is an same bugreport on the debian. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715440

System: Debian 7.1
Linux version 3.2.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.46-1

ipsec-tools: 0.8.0

configuration:

conn L2TP-PSK-NAT
    rightsubnet=vhost:%no,%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    authby=secret
    pfs=no
    auto=add
    keyingtries=6
    rekey=no
    ike=aes256-sha1;modp1024
    ikelifetime=8h
    phase2alg=aes256-hmac_sha1
    keylife=1h
    dpddelay=30
    dpdtimeout=600
    dpdaction=clear
    type=transport
    left=50.x.x.x
    leftprotoport=UDP/1701
    right=%any


syslog:
50.x.x.x is ipsec server.
123.x.x.x is iPhone.

14:15:47 racoon: INFO: respond new phase 1 negotiation: 50.x.x.x[500]<=>123.x.x.x[500]
14:15:47 racoon: INFO: begin Identity Protection mode.
14:15:47 racoon: INFO: received Vendor ID: RFC 3947
14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02#012
14:15:47 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
14:15:47 racoon: INFO: received Vendor ID: DPD
14:15:47 racoon: [123.x.x.x] INFO: Selected NAT-T version: RFC 3947
14:15:47 racoon: [50.x.x.x] INFO: Hashing 50.x.x.x[500] with algo #2
14:15:47 racoon: INFO: NAT-D payload #0 verified
14:15:47 racoon: [123.x.x.x] INFO: Hashing 123.x.x.x[500] with algo #2
14:15:47 racoon: INFO: NAT-D payload #1 doesn't match
14:15:47 racoon: INFO: NAT detected: PEER
14:15:47 racoon: [123.x.x.x] INFO: Hashing 123.x.x.x[500] with algo #2
14:15:47 racoon: [50.x.x.x] INFO: Hashing 50.x.x.x[500] with algo #2
14:15:47 racoon: INFO: Adding remote and local NAT-D payloads.
14:16:37 racoon: ERROR: phase1 negotiation failed due to time up. 93aa2108d760f910:c3dc5245a84cdbf1