Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 22 replies
  • Subscribers 1 subscriber
  • Views 8590 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

iPhone VPN and Web

yozh
Hello,

I have a successful tunnel (Cisco)back to astaro  7.507 with iPhone 4 iOS 4.0.1 and access to local network is fine, but I can browse the internet, I do not wish to do a split tunnel, I would like to tunnel thru my home network. Can this be done and what exactly should I be doing ? Because right now its telling me that Im not connected to the internet on the phone.


This thread was automatically locked due to age.
Parents
  • 0
    Ok here we go, here is the screen shot....



    and the log


    Live Log: IPSec VPN	
    Filter:	
    	Autoscroll
    2010:09:26-09:28:08 vpn pluto[7109]: loading secrets from "/etc/ipsec.secrets"
    2010:09:26-09:28:08 vpn pluto[7109]: loaded PSK secret for ***.***.***X.*** %any
    2010:09:26-09:28:08 vpn pluto[7109]: loaded private key from 'vpn.yozh.us.pem'
    2010:09:26-09:28:08 vpn pluto[7109]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2010:09:26-09:28:08 vpn pluto[7109]: loaded ca certificate from '/etc/ipsec.d/cacerts/Bundle_StartCA.pem'
    2010:09:26-09:28:08 vpn pluto[7109]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2010:09:26-09:28:08 vpn pluto[7109]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2010:09:26-09:28:08 vpn pluto[7109]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2010:09:26-09:28:08 vpn pluto[7109]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2010:09:26-09:28:08 vpn pluto[7109]: Changing to directory '/etc/ipsec.d/crls'
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [RFC 3947]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [XAUTH]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [Cisco-Unity]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [Dead Peer Detection]
    2010:09:26-09:28:43 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: responding to Main Mode from unknown peer 166.137.9.122:47802
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [RFC 3947]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [XAUTH]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [Cisco-Unity]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [Dead Peer Detection]
    2010:09:26-09:28:44 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #20: responding to Main Mode from unknown peer 166.137.9.122:47802
    2010:09:26-09:28:44 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: NAT-Traversal: Result using RFC 3947: peer is NATed
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: ignoring informational payload, type IPSEC_INITIAL_CONTACT
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: Peer ID is ID_DER_ASN1_DN: 'C=us, L=local, O=local, CN=root, E=steven.sh@gmail.com'
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: crl not found
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: certificate status unknown
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: we have a cert and are sending it
    2010:09:26-09:28:45 vpn pluto[7109]: | NAT-T: new mapping 166.137.9.122:47802/44116)
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: sent MR3, ISAKMP SA established
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: sending XAUTH request
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: parsing XAUTH reply
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: extended authentication was successful
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: sending XAUTH status
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: parsing XAUTH ack
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: received XAUTH ack, established
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: parsing ModeCfg request
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: unknown attribute type (28683)
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: peer requested virtual IP %any
    2010:09:26-09:28:46 vpn pluto[7109]: acquired existing lease for address 10.242.5.1 in pool 'VPN Pool (Cisco)'
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: assigning virtual IP 10.242.5.1 to peer
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: sending ModeCfg reply
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: sent ModeCfg reply, established
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #21: responding to Quick Mode
    2010:09:26-09:28:46 vpn pluto[7109]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="root" variant="ipsec" srcip="166.137.9.122" virtual_ip="10.242.5.1"
    2010:09:26-09:28:47 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #21: Dead Peer Detection (RFC 3706) enabled
    2010:09:26-09:28:47 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #21: IPsec SA established {ESP=>0x0bacdfe3 


    If I change to internal network, ofcourse it creates a split tunnel and works for internal only.
Reply
  • 0
    Ok here we go, here is the screen shot....



    and the log


    Live Log: IPSec VPN	
    Filter:	
    	Autoscroll
    2010:09:26-09:28:08 vpn pluto[7109]: loading secrets from "/etc/ipsec.secrets"
    2010:09:26-09:28:08 vpn pluto[7109]: loaded PSK secret for ***.***.***X.*** %any
    2010:09:26-09:28:08 vpn pluto[7109]: loaded private key from 'vpn.yozh.us.pem'
    2010:09:26-09:28:08 vpn pluto[7109]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2010:09:26-09:28:08 vpn pluto[7109]: loaded ca certificate from '/etc/ipsec.d/cacerts/Bundle_StartCA.pem'
    2010:09:26-09:28:08 vpn pluto[7109]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2010:09:26-09:28:08 vpn pluto[7109]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2010:09:26-09:28:08 vpn pluto[7109]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2010:09:26-09:28:08 vpn pluto[7109]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2010:09:26-09:28:08 vpn pluto[7109]: Changing to directory '/etc/ipsec.d/crls'
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [RFC 3947]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [XAUTH]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [Cisco-Unity]
    2010:09:26-09:28:43 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [Dead Peer Detection]
    2010:09:26-09:28:43 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: responding to Main Mode from unknown peer 166.137.9.122:47802
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [RFC 3947]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [XAUTH]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: ignoring Vendor ID payload [Cisco-Unity]
    2010:09:26-09:28:44 vpn pluto[7109]: packet from 166.137.9.122:47802: received Vendor ID payload [Dead Peer Detection]
    2010:09:26-09:28:44 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #20: responding to Main Mode from unknown peer 166.137.9.122:47802
    2010:09:26-09:28:44 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: NAT-Traversal: Result using RFC 3947: peer is NATed
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: ignoring informational payload, type IPSEC_INITIAL_CONTACT
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: Peer ID is ID_DER_ASN1_DN: 'C=us, L=local, O=local, CN=root, E=steven.sh@gmail.com'
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: crl not found
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: certificate status unknown
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:47802 #19: we have a cert and are sending it
    2010:09:26-09:28:45 vpn pluto[7109]: | NAT-T: new mapping 166.137.9.122:47802/44116)
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: sent MR3, ISAKMP SA established
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: sending XAUTH request
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: parsing XAUTH reply
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: extended authentication was successful
    2010:09:26-09:28:45 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: sending XAUTH status
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: parsing XAUTH ack
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: received XAUTH ack, established
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: parsing ModeCfg request
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: unknown attribute type (28683)
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: peer requested virtual IP %any
    2010:09:26-09:28:46 vpn pluto[7109]: acquired existing lease for address 10.242.5.1 in pool 'VPN Pool (Cisco)'
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: assigning virtual IP 10.242.5.1 to peer
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: sending ModeCfg reply
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #19: sent ModeCfg reply, established
    2010:09:26-09:28:46 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #21: responding to Quick Mode
    2010:09:26-09:28:46 vpn pluto[7109]: id="2201" severity="info" sys="SecureNet" sub="vpn" event="Connection started" username="root" variant="ipsec" srcip="166.137.9.122" virtual_ip="10.242.5.1"
    2010:09:26-09:28:47 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #21: Dead Peer Detection (RFC 3706) enabled
    2010:09:26-09:28:47 vpn pluto[7109]: "D_REF_nHFNoRPxsa"[5] 166.137.9.122:44116 #21: IPsec SA established {ESP=>0x0bacdfe3 


    If I change to internal network, ofcourse it creates a split tunnel and works for internal only.
Children
No Data