<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
I followed this recipe to install StrongSwan on my linux server:<br>
<br>
<a moz-do-not-send="true"
href="https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-16-04">How
to Set Up an IKEv2 VPN Server with StrongSwan on Ubuntu 16.04</a><br>
<br>
This is working fine with a Windows client, so I know it is
configured properly.<br>
<br>
After this success I attempted to install the above client on my
android Nougat phone. Unfortunately this is not working with the
default options on the client. Here is the log entries from the
linux server attempting to open the VPN connection:<br>
<br>
Dec 26 18:07:11 DG41TY charon: 09[NET] received packet: from
108.31.28.59[1024] to 192.168.80.11[500] (716 bytes)<br>
Dec 26 18:07:11 DG41TY charon: 09[ENC] parsed IKE_SA_INIT request 0
[ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
N(REDIR_SUP) ]<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] looking for an ike config for
192.168.80.11...108.31.28.59<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] candidate: %any...%any,
prio 28<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] found matching ike config:
%any...%any with prio 28<br>
Dec 26 18:07:11 DG41TY charon: 09[IKE] 108.31.28.59 is initiating an
IKE_SA<br>
Dec 26 18:07:11 DG41TY charon: 09[IKE] IKE_SA (unnamed)[15] state
change: CREATED => CONNECTING<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal:<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal:<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal:<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal:<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] received proposals:
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/(31)/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048,
IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/(31)/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048<br>
Dec 26 18:07:11 DG41TY charon: 09[CFG] configured proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024<br>
Dec 26 18:07:11 DG41TY charon: 09[IKE] local host is behind NAT,
sending keep alives<br>
Dec 26 18:07:11 DG41TY charon: 09[IKE] remote host is behind NAT<br>
Dec 26 18:07:11 DG41TY charon: 09[IKE] received proposals
inacceptable<br>
Dec 26 18:07:11 DG41TY charon: 09[ENC] generating IKE_SA_INIT
response 0 [ N(NO_PROP) ]<br>
Dec 26 18:07:11 DG41TY charon: 09[NET] sending packet: from
192.168.80.11[500] to 108.31.28.59[1024] (36 bytes)<br>
Dec 26 18:07:11 DG41TY charon: 09[IKE] IKE_SA (unnamed)[15] state
change: CONNECTING => DESTROYING<br>
<br>
What do I need to change in the android client configuration? I
would prefer not to touch the linux server as it is working with
windows clients, but will do so if absolutely necessary. Thank you
for your assistance in this matter.<br>
<br>
Dave<br>
</body>
</html>