[strongSwan] I need a working config for Android (4.0.3) -> StrongSwan (4.5.6)
Gerd v. Egidy
lists at egidy.de
Wed May 16 17:08:00 CEST 2012
> # Add connections here.
> conn android
> #authby=psk
> authby=xauthpsk
> xauth=server
> keyexchange=ikev1
> #type=tunnel
> type=transport
> left=192.168.51.101
> #leftsubnet=0.0.0.0/0
you shouldn't comment this out, the Android client expects 0.0.0.0/0 on the
other side.
> leftnexthop=%defaultroute
> right=%any
> #rightsubnet=0.0.0.0/0
> rightnexthop=%defaultroute
> rightsourceip=192.168.61.5/25
This is not how the Android client expects it. Use "modeconfig=push" and add an
ip pool for the client to use (like "rightsourceip=%poolname").
Then you can use the ipsec pool command to add some IPs to your pool (see the
strongswan wiki how to use it).
Also you should upgrade to strongswan 4.6.3 as it includes a patch to make
Xauth with Android work.
> This is the end of the pluto.log file ..
you probably also want to take a look at the Android side of the log. You can
either get the log with adb or install a small log forwarding tool on your
Android device. I can recommend SendLog by Neil Boyd for this, just search for
it on the Play market.
Kind regards,
Gerd
More information about the Users
mailing list