I've been trying to get My android tablet to connect to the StrongSwan Server all day today... Does anyone have a working config for connecting an Android 4.0.3 devie to a StrongSwan server using the "IPSec Xauth PSK" setting? <br>
<br><br>** I think I need a working config to look at... I'm Stumped! ***<br><br><br>This is the layout:<br><br>[tablet - 192.168.51.125] ----> [ strongswan_left - 192.168.51.101 ] ---- [ strongswan_right - 192.168.61.101 ] ---> <a href="http://192.168.61.0/24">192.168.61.0/24</a> network<br>
<br>ipsec.secrets<br>----------------------<br><br>192.168.151.101 : PSK "password"<br>user1 : XAUTH "password" # <--- I'm not sure what this does.<br>: XAUTH "password" # <-- or this <br>
<br>ipsec.conf<br>---------------<br>config setup<br> # plutodebug=all<br> # crlcheckinterval=600<br> # strictcrlpolicy=yes<br> # cachecrls=yes<br> # nat_traversal=yes<br> # nat_traversal=no<br>
charonstart=yes<br> plutostart=yes<br> plutodebug="control lifecycle dns oppo controlmore natt"<br><br># Add connections here.<br>conn android<br> #authby=psk<br> authby=xauthpsk<br>
xauth=server<br> keyexchange=ikev1<br> #type=tunnel<br> type=transport<br> left=192.168.51.101<br> #leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br> leftnexthop=%defaultroute<br>
right=%any<br> #rightsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a><br> rightnexthop=%defaultroute<br> rightsourceip=<a href="http://192.168.61.5/25">192.168.61.5/25</a><br> pfs=no<br>
auto=add<br><br>On the tablet I put "password" in the pre-shared key field.<br>and I put user1 and password in the username and password field that pops up when it tries to connect.<br><br><br>-----<br>
<br>This is what happens... I use wireshark and I can see<br><br> 6 - Identity Protection packets (Main Mode) packets<br> 1 - Transaction (Config Mode) packet<br> 1 - Informational <br> 3 - Transactional ( config Mode ) packets <br>
1 - Informational<br><br>Then thats it. Nothing else happens. The packets have the encrypted flag set so I cant really see whats inside of them.<br><br>-----------<br><br>This is the end of the pluto.log file ..<br><br>
*received 108 bytes from <a href="http://192.168.51.125:500">192.168.51.125:500</a> on eth0<br>| ICOOKIE: ca 4c 24 cc 11 19 d6 0b<br>| RCOOKIE: 81 0a 06 3f 6a c5 df 16<br>| peer: c0 a8 97 7d<br>| state hash entry 27<br>
| state object #4 found, in STATE_XAUTH_R1<br>"android"[4] 192.168.51.125 #4: parsing XAUTH reply<br>| processing XAUTH_USER_NAME attribute<br>| processing XAUTH_USER_PASSWORD attribute<br>| peer xauth user name is 'user1'<br>
"android"[4] 192.168.51.125 #4: extended authentication failed<br>"android"[4] 192.168.51.125 #4: sending XAUTH status<br>| building XAUTH_STATUS attribute<br>| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #4<br>
| next event EVENT_RETRANSMIT in 10 seconds for #4<br>|<br>| *received 92 bytes from <a href="http://192.168.51.125:500">192.168.51.125:500</a> on eth0<br>| ICOOKIE: ca 4c 24 cc 11 19 d6 0b<br>| RCOOKIE: 81 0a 06 3f 6a c5 df 16<br>
| peer: c0 a8 97 7d<br>| state hash entry 27<br>| state object #4 found, in STATE_XAUTH_R2<br>"android"[4] 192.168.51.125 #4: parsing XAUTH ack<br>| processing XAUTH_STATUS attribute<br>| ICOOKIE: ca 4c 24 cc 11 19 d6 0b<br>
| RCOOKIE: 81 0a 06 3f 6a c5 df 16<br>| peer: c0 a8 97 7d<br>| state hash entry 27<br>"android"[4] <a href="http://192.168.51.125">192.168.51.125</a>: deleting connection "android" instance with peer 192.168.51.125 {isakmp=#0/ipsec=#0}<br>
| certs and keys locked by 'delete_connection'<br>| certs and keys unlocked by 'delete_connection'<br>| next event EVENT_NAT_T_KEEPALIVE in 20 seconds<br>|<br>| *received 108 bytes from <a href="http://192.168.51.125:500">192.168.51.125:500</a> on eth0<br>
| ICOOKIE: ca 4c 24 cc 11 19 d6 0b<br>| RCOOKIE: 81 0a 06 3f 6a c5 df 16<br>| peer: c0 a8 97 7d<br>| state hash entry 27<br>| state object not found<br>packet from <a href="http://192.168.51.125:500">192.168.51.125:500</a>: Informational Exchange is for an unknown (expired?) SA<br>
| next event EVENT_NAT_T_KEEPALIVE in 20 seconds<br><br><br><br><br>