SoftEther VPN User Forum

SoftEther VPN User Forum
https://www.vpnusers.com/

iOS 8 NEVPNProtocolIPSec - softether rejecting connection

https://www.vpnusers.com/viewtopic.php?f=7&t=3842

Page 1 of 1

iOS 8 NEVPNProtocolIPSec - softether rejecting connection

Posted: Sat Nov 08, 2014 11:44 pm
by Complexi
we are attempting to programmatically create a vpn connection for iOS 8 devices. we are using the following to do so: https://gist.github.com/zqqf16/cbcbd2254e6cb965f1a3. however, softether will not allow the device to connect. if we manually create an L2TP profile via iOS settings the device connects. unfortunately, apple does not open up its L2TP api: NEVPNProtocolL2TP.

the /usr/local/vpnserver/server_log only shows the following: 2014-11-04 14:27:05.945 IPsec Client 108 (device_ip:500 -> server_ip:500): There are no acceptable transform proposals from the client for establishing an IKE SA.

udp ports 500 and 4500 are open in our firewall. attached is our vpn_server.config file. is there something we can do to allow SoftEther to accept IPSec traffic?

Re: iOS 8 NEVPNProtocolIPSec - softether rejecting connectio

Posted: Tue Nov 18, 2014 9:00 am
by thisjun
What does the parameter "useExtendedAuthentication" mean?

Re: iOS 8 NEVPNProtocolIPSec - softether rejecting connectio

Posted: Fri May 15, 2015 1:53 pm
by petero
I am experiencing the same issues when configuring a VPN connection through a profile. Configuring a VPN connection with the _same_ parameters manually works.

This is the log for the broken VPN connection attempt configured by the profile:
2015-05-15 13:43:04.370 IPsec Client 88 (188.122.7.xxx:38072 -> 10.235.74.xx:500): A new IPsec client is created.
2015-05-15 13:43:04.370 IPsec IKE Session (IKE SA) 73 (Client: 88) (188.122.7.xxx:38072 -> 10.235.74.xx:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0xE31546C88EF85CFB, Responder Cookie: 0x93786FF40CA758CF, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2015-05-15 13:43:04.794 IPsec Client 88 (188.122.7.xxx:37042 -> 10.235.74.xx:4500): The port number information of this client is updated.
2015-05-15 13:43:14.571 IPsec Client 88 (188.122.7.xxx:37042 -> 10.235.74.xx:4500): This IPsec Client is deleted.
2015-05-15 13:43:14.571 IPsec IKE Session (IKE SA) 73 (Client: 88) (188.122.7.xxx:37042 -> 10.235.74.xx:4500): This IKE SA is deleted.
2015-05-15 13:43:14.722 IPsec Client 89 (188.122.7.xxx:37042 -> 10.235.74.xx:4500): A new IPsec client is created.
2015-05-15 13:43:25.217 IPsec Client 89 (188.122.7.xxx:37042 -> 10.235.74.xx:4500): This IPsec Client is deleted.
2015-05-15 13:43:27.443 IPsec Client 90 (188.122.7.xxx:37042 -> 10.235.74.xx:4500): A new IPsec client is created.
2015-05-15 13:43:38.559 IPsec Client 90 (188.122.7.xxx:37042 -> 10.235.74.xx:4500): This IPsec Client is deleted.

Anybody got a clue?

Thanks,
Peter

Re: iOS 8 NEVPNProtocolIPSec - softether rejecting connectio

Posted: Fri May 22, 2015 12:19 pm
by petero
Sorry for the noise, I had my shared secret wrong.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/