Re: [Ipsec-tools-devel] iOS phase1 negotiation failed due to time up.
Brought to you by:
mit_warlord,
netbsd
From: MagicFish1990 <mag...@gm...> - 2013-08-29 16:37:47
|
sorry wrong file. This is the configuration: remote anonymous { exchange_mode aggressive,main; passive on; proposal_check obey; support_proxy on; nat_traversal on; ike_frag on; dpd_delay 20; proposal { encryption_algorithm aes; hash_algorithm sha1; authentication_method pre_shared_key; dh_group modp1024; } } sainfo anonymous { encryption_algorithm aes; authentication_algorithm hmac_sha1; compression_algorithm deflate; pfs_group modp1024; } On Fri, Aug 30, 2013 at 12:26 AM, MagicFish1990 <mag...@gm...>wrote: > iOS completely unable to connect, try several different configurations are > invalid. > There is an same bugreport on the debian. > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715440 > > System: Debian 7.1 > Linux version 3.2.0-4-amd64 (deb...@li...) (gcc version > 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.46-1 > > ipsec-tools: 0.8.0 > > configuration: > > conn L2TP-PSK-NAT > rightsubnet=vhost:%no,%priv > also=L2TP-PSK-noNAT > > conn L2TP-PSK-noNAT > authby=secret > pfs=no > auto=add > keyingtries=6 > rekey=no > ike=aes256-sha1;modp1024 > ikelifetime=8h > phase2alg=aes256-hmac_sha1 > keylife=1h > dpddelay=30 > dpdtimeout=600 > dpdaction=clear > type=transport > left=50.x.x.x > leftprotoport=UDP/1701 > right=%any > > > syslog: > 50.x.x.x is ipsec server. > 123.x.x.x is iPhone. > > 14:15:47 racoon: INFO: respond new phase 1 negotiation: > 50.x.x.x[500]<=>123.x.x.x[500] > 14:15:47 racoon: INFO: begin Identity Protection mode. > 14:15:47 racoon: INFO: received Vendor ID: RFC 3947 > 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08 > 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07 > 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06 > 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05 > 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04 > 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 > 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 > 14:15:47 racoon: INFO: received Vendor ID: > draft-ietf-ipsec-nat-t-ike-02#012 > 14:15:47 racoon: INFO: received broken Microsoft ID: FRAGMENTATION > 14:15:47 racoon: INFO: received Vendor ID: DPD > 14:15:47 racoon: [123.x.x.x] INFO: Selected NAT-T version: RFC 3947 > 14:15:47 racoon: [50.x.x.x] INFO: Hashing 50.x.x.x[500] with algo #2 > 14:15:47 racoon: INFO: NAT-D payload #0 verified > 14:15:47 racoon: [123.x.x.x] INFO: Hashing 123.x.x.x[500] with algo #2 > 14:15:47 racoon: INFO: NAT-D payload #1 doesn't match > 14:15:47 racoon: INFO: NAT detected: PEER > 14:15:47 racoon: [123.x.x.x] INFO: Hashing 123.x.x.x[500] with algo #2 > 14:15:47 racoon: [50.x.x.x] INFO: Hashing 50.x.x.x[500] with algo #2 > 14:15:47 racoon: INFO: Adding remote and local NAT-D payloads. > 14:16:37 racoon: ERROR: phase1 negotiation failed due to time up. > 93aa2108d760f910:c3dc5245a84cdbf1 > > |