<div><font face="Monaco"><span style="font-size: 12px;">Have xauth-pam working great with a OS X Maverick client, but when connecting from Android 4.4.2 with the same shared key and credentials it fails. If I configure strongswan to use xauth-generic and the same password but as a secret in ipsec.secret then it works, it's only xauth-pam that fails on Android. This is the log from a Android connection attempt: </span></font></div><div><br></div><div><div>charon: 13[NET] received packet: from 77.218.255.139[1067] to 37.139.4.179[500] (720 bytes)</div><div>charon: 13[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]</div><div>charon: 13[IKE] received NAT-T (RFC 3947) vendor ID</div><div>charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID</div><div>charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID</div><div>charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID</div><div>charon: 13[IKE] received XAuth vendor ID</div><div>charon: 13[IKE] received Cisco Unity vendor ID</div><div>charon: 13[IKE] received FRAGMENTATION vendor ID</div><div>charon: 13[IKE] received DPD vendor ID</div><div>charon: 13[IKE] 77.218.255.139 is initiating a Main Mode IKE_SA</div><div>charon: 13[ENC] generating ID_PROT response 0 [ SA V V V V ]</div><div>charon: 13[NET] sending packet: from 37.139.4.179[500] to 77.218.255.139[1067] (160 bytes)</div><div>charon: 14[NET] received packet: from 77.218.255.139[1067] to 37.139.4.179[500] (252 bytes)</div><div>charon: 14[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]</div><div>charon: 14[IKE] remote host is behind NAT</div><div>charon: 14[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]</div><div>charon: 14[NET] sending packet: from 37.139.4.179[500] to 77.218.255.139[1067] (268 bytes)</div><div>charon: 15[NET] received packet: from 77.218.255.139[1071] to 37.139.4.179[4500] (108 bytes)</div><div>charon: 15[ENC] parsed ID_PROT request 0 [ ID HASH ]</div><div>charon: 15[CFG] looking for XAuthInitPSK peer configs matching 37.139.4.179...77.218.255.139[100.74.223.139]</div><div>charon: 15[CFG] selected peer config "psk-pam"</div><div>charon: 15[ENC] generating ID_PROT response 0 [ ID HASH ]</div><div>charon: 15[NET] sending packet: from 37.139.4.179[4500] to 77.218.255.139[1071] (92 bytes)</div><div>charon: 15[ENC] generating TRANSACTION request 4035148199 [ HASH CPRQ(X_USER X_PWD) ]</div><div>charon: 15[NET] sending packet: from 37.139.4.179[4500] to 77.218.255.139[1071] (92 bytes)</div><div>charon: 16[NET] received packet: from 77.218.255.139[1071] to 37.139.4.179[4500] (124 bytes)</div><div>charon: 16[ENC] parsed INFORMATIONAL_V1 request 3508586429 [ HASH N(INITIAL_CONTACT) ]</div><div>charon: 04[NET] received packet: from 77.218.255.139[1071] to 37.139.4.179[4500] (140 bytes)</div><div>charon: 04[ENC] parsed TRANSACTION response 4035148199 [ HASH CPRP(X_USER X_PWD) ]</div><div>charon: 04[IKE] XAuth pam_authenticate for 'carl' failed: Authentication failure</div><div>charon: 04[IKE] XAuth authentication of 'carl' failed</div><div>charon: 04[ENC] generating TRANSACTION request 1756209894 [ HASH CPS(X_STATUS) ]</div><div>charon: 04[NET] sending packet: from 37.139.4.179[4500] to 77.218.255.139[1071] (92 bytes)</div><div>charon: 02[NET] received packet: from 77.218.255.139[1071] to 37.139.4.179[4500] (108 bytes)</div><div>charon: 02[ENC] parsed TRANSACTION response 1756209894 [ HASH CPA(X_STATUS) ]</div><div>charon: 02[IKE] destroying IKE_SA after failed XAuth authentication</div><div><br></div><div><br></div></div>
<div></div>