RV130W IPSec server can't connect from Mac OS X (but from Windows yes)

surejam · ‎05-27-2019

Hi everyone,

As you probably know, Mac OS X High Sierra does not provide PPTP support any more.

That's why I have to switch to IPSec VPN protocol.

My topology is the following :

Provider box : network 192.168.1.0/24
RV130W WAN IP : 192.168.1.10 (DMZ set up in the provider box)
RV130W local network : 192.168.10.0/24
Two IPSec tunnels are connecting well from branches (networks 192.168.11.0/24 & 192.168.12.0/24).
PPTP clients are working well
IPSec Server is now set up (PSK + XAuth)

When connecting from a Windows machine with ShrewSoft VPN, it works.

When connecting from Mac OS X High Sierra integrated client it fails in phase 2 with that log :

1	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: received MODECFG message when in state STATE_MAIN_R3, and we aren't xauth client	 
2	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: Dead Peer Detection (RFC 3706): enabled	 
3	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established	 
4	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3	 
5	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: XAUTH: xauth_inR1(STF_OK)	 
6	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: XAUTH: User xxxxxx: Authentication Successful	 
7	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: XAUTH: checking user(xxxxxx:shrew)	 
8	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: XAUTH: password file (/etc/ipsec.d/passwd) open.	 
9	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: XAUTH: md5 authentication being called to authenticate user xxxxxx	 
10	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: XAUTH: User xxxxxx: Attempting to login	 
11	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: received and ignored informational message	 
12	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000	 
13	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: XAUTH: Sending Username/Password request (XAUTH_R0)	 
14	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: XAUTH: Sending XAUTH Login/Password Request	 
15	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: Dead Peer Detection (RFC 3706): enabled	 
16	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=OAKLEY_SHA2_256 group=modp1024}	 
17	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: new NAT mapping for #7, was 109.132.9.222:500, now 109.132.9.222:4500	 
18	2019-05-25 17:33:31	warning	pluto[17571]: "shrew"[2] 109.132.9.222 #7: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

My question is the following : do I need to configure IPSec VPN server with specific parameters (such as specific algorithms or IPSec SA lifetime) ? Specific DH group ?

Anyone else encountering this problem ?

EDIT : VPN client for Android gives me the same error and warning in the logs, seems to work with Windows VPN software only

Thanks in advance,

Sebastien

surejam · ‎07-05-2019

Hi,

Still no answer to my issue after weeks...

All I need is using my RV130W as a IPSec VPN server and connect to this VPN using a Mac or an iPhone.

What do I need to do ? (VPN correctly set up, I can connect from Windows using shrew VPN).

EDIT : does not work with Android VPN client IPSec Xauth neither, so with no mobile device at all...

If it's not compatible with Apple, why don't you tell it ?

Thank you.