IKEv2 remote access from iPhone

train_wreck · ‎01-03-2019

Can someone tell me what I'm doing wrong here? I am trying to configure certificate-based IKEv2 remote access VPN on a RV340W with new firmware 1.0.02.16. Here are the settings on the RV340W:

Here are the settings from the iPhone:

Here is the log of the failure connecting:

2019-01-03T18:59:51-06:00 <info>charon: 08[IKE] IKE_SA (unnamed)[1] state change: CONNECTING => DESTROYING
2019-01-03T18:59:51-06:00 <info>charon: 08[NET] sending packet: from CISCO_IPADDRESS[4500] to IPHONE_IPADDRESS[5174] (80 bytes)
2019-01-03T18:59:51-06:00 <info>charon: 08[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
2019-01-03T18:59:51-06:00 <info>charon: 08[IKE] peer supports MOBIKE
2019-01-03T18:59:51-06:00 <info>charon: 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
2019-01-03T18:59:51-06:00 <info>charon: 08[IKE] processing (25) attribute
2019-01-03T18:59:51-06:00 <info>charon: 08[IKE] processing INTERNAL_IP6_DNS attribute
2019-01-03T18:59:51-06:00 <info>charon: 08[IKE] processing INTERNAL_IP6_DHCP attribute
2019-01-03T18:59:51-06:00 <info>charon: 08[IKE] processing INTERNAL_IP6_ADDRESS attribute
2019-01-03T18:59:51-06:00 <info>charon: 08[IKE] processing INTERNAL_IP4_NETMASK attribute
2019-01-03T18:59:51-06:00 <info>charon: 08[IKE] processing INTERNAL_IP4_DNS attribute
2019-01-03T18:59:51-06:00 <info>charon: 08[IKE] processing INTERNAL_IP4_DHCP attribute
2019-01-03T18:59:51-06:00 <info>charon: 08[IKE] processing INTERNAL_IP4_ADDRESS attribute
2019-01-03T18:59:51-06:00 <info>charon: 08[CFG] no matching peer config found
2019-01-03T18:59:51-06:00 <info>charon: 08[CFG] looking for peer configs matching CISCO_IPADDRESS[CN=RV340.pLAN9.co]...IPHONE_IPADDRESS[OU=IPsec, CN=pLAN9-iPhone]
2019-01-03T18:59:51-06:00 <info>charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
2019-01-03T18:59:51-06:00 <info>charon: 08[ENC] unknown attribute type (25)
2019-01-03T18:59:51-06:00 <info>charon: 08[NET] received packet: from IPHONE_IPADDRESS[5174] to CISCO_IPADDRESS[4500] (528 bytes)
2019-01-03T18:59:51-06:00 <info>charon: 06[NET] sending packet: from CISCO_IPADDRESS[500] to IPHONE_IPADDRESS[5159] (473 bytes)
2019-01-03T18:59:51-06:00 <info>charon: 06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
2019-01-03T18:59:51-06:00 <info>charon: 06[IKE] sending cert request for CN=pLAN9 CA 2019-2021
2019-01-03T18:59:51-06:00 <info>charon: 06[IKE] remote host is behind NAT
2019-01-03T18:59:51-06:00 <info>charon: 06[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
2019-01-03T18:59:51-06:00 <info>charon: Last message '06[IKE] 174.196.134.' repeated 1 times, supressed by syslog-ng on TestRV340W
2019-01-03T18:59:51-06:00 <info>charon: 06[IKE] IPHONE_IPADDRESS is initiating an IKE_SA
2019-01-03T18:59:51-06:00 <info>charon: 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
2019-01-03T18:59:51-06:00 <info>charon: 06[NET] received packet: from IPHONE_IPADDRESS[5159] to CISCO_IPADDRESS[500] (604 bytes)

How do I proceed from here?

mipopov · ‎01-07-2019

Hello,

Happy New 2019 Year!

Try to create custom IPSec profile and choose it from drop down menu.

What happens?

Hope it helps

Cheers,

Mike

train_wreck · ‎01-07-2019

Not to be rude, but did you even look at the pictures in my post? I have already created a custom ipsec profile, as the drop-down box clearly shows. Here is the screenshot of the settings of the profile: