Community discussions

MUM Europe 2020
 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

iPhone's Cisco VPN without split-tunneling not working

Thu Nov 28, 2013 1:58 pm

Hello guys,

Two scenarios, one works, the other doesn't.

I'm trying to connect to my home LAN based on RouterOS 6.6 (RB751G-2HnD) from my iPhone with iOS 7.0.4 using "Cisco VPN" and from my Mac with OS X 10.9

When I have split-include enabled, I can successfully connect and access my home LAN. All other traffic goes through the default gateway of the physical connection.

When I remove the "split-include" setting, the connection will not be established at all and the iPhone will report something like: "Negotiation with the VPN server failed".

What could be the problem? I need to access the internet through the VPN connection to my home router.

Logs from my mac:
28/11/13 18:53:09,260 configd[19]: SCNC: start, triggered by (46322) com.apple.prefe, type IPSec, status 0, trafficClass 0
28/11/13 18:53:09,264 configd[19]: network changed.
28/11/13 18:53:09,265 configd[19]: IPSec Phase1 starting.
28/11/13 18:53:09,292 racoon[46385]: accepted connection on vpn control socket.
28/11/13 18:53:09,292 racoon[46385]: IPSec connecting to server 192.0.2.1
28/11/13 18:53:09,292 racoon[46385]: Connecting.
28/11/13 18:53:09,292 racoon[46385]: IPSec Phase 1 started (Initiated by me).
28/11/13 18:53:09,293 racoon[46385]: IKE Packet: transmit success. (Initiator, Main-Mode message 1).
28/11/13 18:53:09,293 racoon[46385]: >>>>> phase change status = Phase 1 started by us
28/11/13 18:53:09,296 configd[19]: network changed.
28/11/13 18:53:09,323 racoon[46385]: >>>>> phase change status = Phase 1 started by peer
28/11/13 18:53:09,323 racoon[46385]: IKE Packet: receive success. (Initiator, Main-Mode message 2).
28/11/13 18:53:09,326 configd[19]: network changed.
28/11/13 18:53:09,327 racoon[46385]: IKE Packet: transmit success. (Initiator, Main-Mode message 3).
28/11/13 18:53:09,469 racoon[46385]: IKE Packet: receive success. (Initiator, Main-Mode message 4).
28/11/13 18:53:09,483 racoon[46385]: IKE Packet: transmit success. (Initiator, Main-Mode message 5).
28/11/13 18:53:09,598 racoon[46385]: IKEv1 Phase 1 AUTH: success. (Initiator, Main-Mode Message 6).
28/11/13 18:53:09,598 racoon[46385]: IKE Packet: receive success. (Initiator, Main-Mode message 6).
28/11/13 18:53:09,598 racoon[46385]: IKEv1 Phase 1 Initiator: success. (Initiator, Main-Mode).
28/11/13 18:53:09,598 racoon[46385]: IPSec Phase 1 established (Initiated by me).
28/11/13 18:53:09,598 racoon[46385]: IPSec Extended Authentication requested.
28/11/13 18:53:09,599 configd[19]: IPSec requesting Extended Authentication.
28/11/13 18:53:09,603 configd[19]: network changed.
28/11/13 18:53:09,611 configd[19]: IPSec sending Extended Authentication.
28/11/13 18:53:09,612 racoon[46385]: IKE Packet: transmit success. (Mode-Config message).
28/11/13 18:53:09,612 racoon[46385]: IPSec Extended Authentication sent.
28/11/13 18:53:09,614 configd[19]: network changed.
28/11/13 18:53:09,633 racoon[46385]: IKEv1 XAUTH: success. (XAUTH Status is OK).
28/11/13 18:53:09,633 racoon[46385]: IPSec Extended Authentication Passed.
28/11/13 18:53:09,633 racoon[46385]: IKE Packet: transmit success. (Mode-Config message).
28/11/13 18:53:09,633 racoon[46385]: IKEv1 Config: retransmited. (Mode-Config retransmit).
28/11/13 18:53:09,633 racoon[46385]: IPSec Network Configuration requested.
28/11/13 18:53:09,655 racoon[46385]: Ignored attribute APPLICATION_VERSION
28/11/13 18:53:09,655 racoon[46385]: IPSec Network Configuration established.
28/11/13 18:53:09,655 racoon[46385]: >>>>> phase change status = Phase 1 established
28/11/13 18:53:09,655 racoon[46385]: IKE Packet: receive success. (MODE-Config).
28/11/13 18:53:09,655 configd[19]: IPSec Network Configuration started.
28/11/13 18:53:09,655 configd[19]: IPSec Network Configuration: INTERNAL-IP4-ADDRESS = 192.168.55.158.
28/11/13 18:53:09,655 configd[19]: IPSec Network Configuration: INTERNAL-IP4-MASK = 255.255.255.0.
28/11/13 18:53:09,655 configd[19]: Failed to add policy. Number of policies processed 0 (with 0 drained).
28/11/13 18:53:09,656 configd[19]: IPSec Controller: IPSecInstallPolicies failed 'no policies found'

28/11/13 18:53:09,656 configd[19]: IPSec Phase1 established.
28/11/13 18:53:26,577 configd[19]: IPSec disconnecting from server 192.0.2.1
28/11/13 18:53:26,577 racoon[46385]: IPSec disconnecting from server 192.0.2.1
28/11/13 18:53:26,577 racoon[46385]: IKE Packet: transmit success. (Information message).
28/11/13 18:53:26,578 racoon[46385]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
28/11/13 18:53:26,579 racoon[46385]: glob found no matches for path "/var/run/racoon/*.conf"
28/11/13 18:53:26,579 racoon[46385]: IPSec disconnecting from server 192.0.2.1
28/11/13 18:53:26,581 configd[19]: network changed.
28/11/13 18:53:26,588 configd[19]: network changed.

ros code

/ip ipsec mode-cfg
name=home-vpn add address-pool=vpn-pool address-prefix-length=27 name=home-vpn send-dns=no split-include=192.168.77.0/24
name=home-with-internet add address-pool=vpn-pool address-prefix-length=27
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128
/ip ipsec peer
add auth-method=pre-shared-key-xauth enc-algorithm=aes-128 generate-policy=port-strict mode-cfg=home-with-internet \
    nat-traversal=yes passive=yes secret=megasecret send-initial-contact=no
Logs:
15:40:56 ipsec,debug,packet Attribute UNITY_BACKUP_SERVERS, len 0
15:40:56 ipsec,debug,packet Ignored attribute UNITY_BACKUP_SERVERS
15:40:56 ipsec,debug,packet Attribute 28683, len 0
15:40:56 ipsec,debug Ignored attribute 28683
15:40:56 ipsec,debug,packet Sending MODE_CFG REPLY
15:40:56 ipsec,debug,packet HASH with:
15:40:56 ipsec,debug,packet 725574f1 00000044 0200550b 00010004 c0a8379f 00020004 ffffffe0 00030004
15:40:56 ipsec,debug,packet 51091101 00030004 51091201 00070014 7261636f 6f6e202f 20495073 65632d74
15:40:56 ipsec,debug,packet 6f6f6c73 70040000
15:40:56 ipsec,debug,packet hmac(hmac_md5)
15:40:56 ipsec,debug,packet HASH computed:
15:40:56 ipsec,debug,packet 5eb42b1c bdbdc132 3bbf86ed 9dac4adf
15:40:56 ipsec,debug,packet MODE_CFG packet to send
15:40:56 ipsec,debug,packet 0c714e01 6f586599 2a34fafc c68a1817 08100601 725574f1 00000074 0e000014
15:40:56 ipsec,debug,packet 5eb42b1c bdbdc132 3bbf86ed 9dac4adf 00000044 0200550b 00010004 c0a8379f
15:40:56 ipsec,debug,packet 00020004 ffffffe0 00030004 51091101 00030004 51091201 00070014 7261636f
15:40:56 ipsec,debug,packet 6f6e202f 20495073 65632d74 6f6f6c73 70040000
15:40:56 ipsec,debug,packet begin encryption.
15:40:56 ipsec,debug,packet encryption(aes)
15:40:56 ipsec,debug,packet pad length = 8
15:40:56 ipsec,debug,packet 0e000014 5eb42b1c bdbdc132 3bbf86ed 9dac4adf 00000044 0200550b 00010004
15:40:56 ipsec,debug,packet c0a8379f 00020004 ffffffe0 00030004 51091101 00030004 51091201 00070014
15:40:56 ipsec,debug,packet 7261636f 6f6e202f 20495073 65632d74 6f6f6c73 70040000 399550cd f4291407
15:40:56 ipsec,debug,packet encryption(aes)
15:40:56 ipsec,debug,packet with key:
15:40:56 ipsec,debug,packet 25027316 71269cfd 9a2179b9 59335481
15:40:56 ipsec,debug,packet encrypted payload by IV:
15:40:56 ipsec,debug,packet 36623431 e1fb5679 5d575757 6204a155
15:40:56 ipsec,debug,packet save IV for next:
15:40:56 ipsec,debug,packet 2f47cd80 2d4718d2 65336c07 7cf26cfc
15:40:56 ipsec,debug,packet encrypted.
15:40:56 ipsec,debug,packet Adding NON-ESP marker
15:40:56 ipsec,debug,packet 128 bytes from 192.0.2.128[4500] to 192.0.2.1[4500]
15:40:56 ipsec,debug,packet sockname 192.0.2.128[4500]
15:40:56 ipsec,debug,packet send packet from 192.0.2.128[4500]
15:40:56 ipsec,debug,packet send packet to 192.0.2.1[4500]
15:40:56 ipsec,debug,packet src4 192.0.2.128[4500]
15:40:56 ipsec,debug,packet dst4 192.0.2.1[4500]
15:40:56 ipsec,debug,packet 1 times of 128 bytes message will be sent to 192.0.2.1[4500]
15:40:56 ipsec,debug,packet 00000000 0c714e01 6f586599 2a34fafc c68a1817 08100601 725574f1 0000007c
15:40:56 ipsec,debug,packet 5d5d115b 623b4596 f3f9a5dd 81007cee 07d1397c af43a79c f0e1ad0f fbc9345d
15:40:56 ipsec,debug,packet ed40fa35 b03b1181 0287d57b d3b7f29a 438fc0d3 82a4eba5 9e60a830 7fbff78d
15:40:56 ipsec,debug,packet 464eecb7 68ce4b1f 7084a5d6 fce95b56 2f47cd80 2d4718d2 65336c07 7cf26cfc
15:40:56 ipsec,debug,packet sendto mode config 14.
15:41:00 ipsec,debug,packet KA: 192.0.2.128[4500]->192.0.2.1[4500]
15:41:00 ipsec,debug,packet sockname 192.0.2.128[4500]
15:41:00 ipsec,debug,packet send packet from 192.0.2.128[4500]
15:41:00 ipsec,debug,packet send packet to 192.0.2.1[4500]
15:41:00 ipsec,debug,packet src4 192.0.2.128[4500]
15:41:00 ipsec,debug,packet dst4 192.0.2.1[4500]
15:41:00 ipsec,debug,packet 1 times of 1 bytes message will be sent to 192.0.2.1[4500]
15:41:00 ipsec,debug,packet ff
15:41:12 ipsec,debug,packet ==========
15:41:12 ipsec,debug,packet 92 bytes message received from 192.0.2.1[4500] to 192.0.2.128[4500]
15:41:12 ipsec,debug,packet 0c714e01 6f586599 2a34fafc c68a1817 08100501 3f16e355 0000005c 2fcd2ffb
15:41:12 ipsec,debug,packet 6848573d a8657612 5ca0f403 e8920652 53df0dd3 c0287eb4 278b7841 79a93da4
15:41:12 ipsec,debug,packet c0882015 ed668d90 a54f508e 04ec208c daaf0e97 390ab842 ccc6255a
15:41:12 ipsec,debug,packet receive Information.
15:41:12 ipsec,debug,packet compute IV for phase2
15:41:12 ipsec,debug,packet phase1 last IV:
15:41:12 ipsec,debug,packet 6df50016 b6586c62 5ebd83a0 789eda79 3f16e355
15:41:12 ipsec,debug,packet hash(md5)
15:41:12 ipsec,debug,packet encryption(aes)
15:41:12 ipsec,debug,packet phase2 IV computed:
15:41:12 ipsec,debug,packet 3be0dc20 b7f4d168 743e7e23 bf4fc8c8
15:41:12 ipsec,debug,packet encryption(aes)
15:41:12 ipsec,debug,packet IV was saved for next processing:
15:41:12 ipsec,debug,packet 04ec208c daaf0e97 390ab842 ccc6255a
15:41:12 ipsec,debug,packet encryption(aes)
15:41:12 ipsec,debug,packet with key:
15:41:12 ipsec,debug,packet 25027316 71269cfd 9a2179b9 59335481
15:41:12 ipsec,debug,packet decrypted payload by IV:
15:41:12 ipsec,debug,packet 3be0dc20 b7f4d168 743e7e23 bf4fc8c8
15:41:12 ipsec,debug,packet decrypted payload, but not trimed.
15:41:12 ipsec,debug,packet 0c000014 639a2ab3 f6ad4004 2538992b 69084243 0000001c 00000001 01100001
15:41:12 ipsec,debug,packet 0c714e01 6f586599 2a34fafc c68a1817 00000000 00000000 00000000 00000010
15:41:12 ipsec,debug,packet padding len=17
15:41:12 ipsec,debug,packet skip to trim padding.
15:41:12 ipsec,debug,packet decrypted.
15:41:12 ipsec,debug,packet 0c714e01 6f586599 2a34fafc c68a1817 08100501 3f16e355 0000005c 0c000014
15:41:12 ipsec,debug,packet 639a2ab3 f6ad4004 2538992b 69084243 0000001c 00000001 01100001 0c714e01
15:41:12 ipsec,debug,packet 6f586599 2a34fafc c68a1817 00000000 00000000 00000000 00000010
15:41:12 ipsec,debug,packet HASH with:
15:41:12 ipsec,debug,packet 3f16e355 0000001c 00000001 01100001 0c714e01 6f586599 2a34fafc c68a1817
15:41:12 ipsec,debug,packet hmac(hmac_md5)
15:41:12 ipsec,debug,packet HASH computed:
15:41:12 ipsec,debug,packet 639a2ab3 f6ad4004 2538992b 69084243
15:41:12 ipsec,debug,packet hash validated.
15:41:12 ipsec,debug,packet begin.
15:41:12 ipsec,debug,packet seen nptype=8(hash)
15:41:12 ipsec,debug,packet seen nptype=12(delete)
15:41:12 ipsec,debug,packet succeed.
15:41:12 ipsec,debug,packet delete payload for protocol ISAKMP
15:41:12 ipsec,debug purging ISAKMP-SA spi=0c714e016f586599:2a34fafcc68a1817:725574f1.
15:41:12 ipsec,debug,packet purged SAs.
15:41:13 ipsec,debug ISAKMP-SA deleted 192.0.2.128[4500]-192.0.2.1[4500] spi:0c714e016f586599:2a34fafcc68a1817
15:41:13 ipsec,debug KA remove: 192.0.2.128[4500]->192.0.2.1[4500]
15:41:13 ipsec,debug,packet KA tree dump: 192.0.2.128[4500]->192.0.2.1[4500] (in_use=1)
15:41:13 ipsec,debug,packet KA removing this one...
15:41:13 ipsec,debug,packet an undead schedule has been deleted.
 
Sunsun
just joined
Posts: 3
Joined: Mon Jun 03, 2013 9:47 am

Re: iPhone's Cisco VPN without split-tunneling not working

Sat Jul 19, 2014 2:15 pm

Any ideas? I have same problem on 6.17!

Who is online

Users browsing this forum: No registered users and 70 guests