<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div>Hi,</div><div><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">After playing around with it all weekend, i finally got the strongSwan Android client working! turns out that the gateway certificate has to have the subjectAltname field with the IP of the gateway.</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Now I have noticed some strange behavior. When i go to a website it takes a very long time to even start loading. I setup Wireshark for my
gateway and noticed that my client sends many DNS requests for the site, these are multiple IPv6(AAAA) requests, sometimes 5-10 before the site starts to load. I think this is the problem. Now I am not sure if this is a problem with my phone and Verizon network or something wrong with the strongSwan android client, any ideas?</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Also, is there a way to have the client auto connect when a network connection is present. Is that possible with any android vpn client?</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div
style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Also a strange thing is that it sends to the gateway requests for every CA cert stored on the Android phone. My Galaxy S3 comes with about 120 trusted CA certs and during the IKE it sends requests to the gateway for each one. On my gateway log file it reads "received 119 cert requests for an unkown CA" after that it uses the correct one. Is that some kind of bug with the android client?</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new
york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Thanks again to Tobias for fixing my subjectAltname field problem, my internet browsing from my phone is now secure! :)</div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;"><br></div><div style="color: rgb(0, 0, 0); font-size: 16px; font-family: times new roman,new york,times,serif; background-color: transparent; font-style: normal;">Mark-<br></div></div></body></html>