Re: [Ipsec-tools-devel] iOS phase1 negotiation failed due to time up.

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

sorry wrong file.
This is the configuration:

remote anonymous
{
        exchange_mode    aggressive,main;
        passive          on;
        proposal_check   obey;
        support_proxy    on;
        nat_traversal    on;
        ike_frag         on;
        dpd_delay        20;
        proposal
        {
                encryption_algorithm  aes;
                hash_algorithm        sha1;
                authentication_method pre_shared_key;
                dh_group              modp1024;
        }
}
sainfo anonymous
{
        encryption_algorithm     aes;
        authentication_algorithm hmac_sha1;
        compression_algorithm    deflate;
        pfs_group                modp1024;
}

On Fri, Aug 30, 2013 at 12:26 AM, MagicFish1990 <mag...@gm...>wrote:

> iOS completely unable to connect, try several different configurations are
> invalid.
> There is an same bugreport on the debian.
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715440
>
> System: Debian 7.1
> Linux version 3.2.0-4-amd64 (deb...@li...) (gcc version
> 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.46-1
>
> ipsec-tools: 0.8.0
>
> configuration:
>
> conn L2TP-PSK-NAT
>     rightsubnet=vhost:%no,%priv
>     also=L2TP-PSK-noNAT
>
> conn L2TP-PSK-noNAT
>     authby=secret
>     pfs=no
>     auto=add
>     keyingtries=6
>     rekey=no
>     ike=aes256-sha1;modp1024
>     ikelifetime=8h
>     phase2alg=aes256-hmac_sha1
>     keylife=1h
>     dpddelay=30
>     dpdtimeout=600
>     dpdaction=clear
>     type=transport
>     left=50.x.x.x
>     leftprotoport=UDP/1701
>     right=%any
>
>
> syslog:
> 50.x.x.x is ipsec server.
> 123.x.x.x is iPhone.
>
> 14:15:47 racoon: INFO: respond new phase 1 negotiation:
> 50.x.x.x[500]<=>123.x.x.x[500]
> 14:15:47 racoon: INFO: begin Identity Protection mode.
> 14:15:47 racoon: INFO: received Vendor ID: RFC 3947
> 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
> 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
> 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
> 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
> 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
> 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
> 14:15:47 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
> 14:15:47 racoon: INFO: received Vendor ID:
> draft-ietf-ipsec-nat-t-ike-02#012
> 14:15:47 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
> 14:15:47 racoon: INFO: received Vendor ID: DPD
> 14:15:47 racoon: [123.x.x.x] INFO: Selected NAT-T version: RFC 3947
> 14:15:47 racoon: [50.x.x.x] INFO: Hashing 50.x.x.x[500] with algo #2
> 14:15:47 racoon: INFO: NAT-D payload #0 verified
> 14:15:47 racoon: [123.x.x.x] INFO: Hashing 123.x.x.x[500] with algo #2
> 14:15:47 racoon: INFO: NAT-D payload #1 doesn't match
> 14:15:47 racoon: INFO: NAT detected: PEER
> 14:15:47 racoon: [123.x.x.x] INFO: Hashing 123.x.x.x[500] with algo #2
> 14:15:47 racoon: [50.x.x.x] INFO: Hashing 50.x.x.x[500] with algo #2
> 14:15:47 racoon: INFO: Adding remote and local NAT-D payloads.
> 14:16:37 racoon: ERROR: phase1 negotiation failed due to time up.
> 93aa2108d760f910:c3dc5245a84cdbf1
>
>