[strongSwan] strongSwan VPN Client on my Samsung Galaxy S III

Brett Heroux brett.j.heroux at gmail.com
Fri Dec 21 04:45:36 CET 2012 

I haven't quite completed getting this to work. My gateway is strongSwan 
4.4.1 on Debian Linux. I got the subjectAltName right in the gateway 
certificate, because I got past where that was failing. Now, on my 
gateway's auth.log I see:

Dec 20 21:16:24 east-gateway charon: 01[IKE] IKE_SA android[4] 
established between 192.168.1.12[C=US,,, 
E=brett.j.heroux at gmail.com]...192.168.1.105[C=US,,, 
E=brett.j.heroux at gmail.com]
Dec 20 21:16:24 east-gateway pluto[3388]: |
Dec 20 21:16:24 east-gateway pluto[3388]: | *received 76 bytes from 
192.168.1.105:51834 on eth5
..... [ bytes deleted ]
Dec 20 21:16:24 east-gateway pluto[3388]: |   ignoring IKEv2 packet
Dec 20 21:16:24 east-gateway pluto[3388]: | next event EVENT_RETRANSMIT 
in 17 seconds for #22
Dec 20 21:16:24 east-gateway charon: 13[IKE] deleting IKE_SA android[4] 
between 192.168.1.12[C=US,,, 
E=brett.j.heroux at gmail.com]...192.168.1.105[C=US,,, 
E=brett.j.heroux at gmail.com]
Dec 20 21:16:24 east-gateway charon: 13[IKE] IKE_SA deleted

I know this is a different timestamp, but this is the same scenario in 
the strongSwan VPN Client

Dec 20 21:32:57 12[IKE] IKE_SA android[6] established between 192.168.1.105[C=US,,, E=brett.j.heroux at gmail.com]...192.168.1.12[C=US,,,E=brett.j.heroux at gmail.com]
Dec 20 21:32:57 12[IKE] scheduling rekeying in 35857s
Dec 20 21:32:57 12[IKE] maximum IKE_SA lifetime 36457s
Dec 20 21:32:57 12[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built
Dec 20 21:32:57 12[IKE] closing IKE_SA due CHILD_SA setup failure
Dec 20 21:32:57 12[IKE] received AUTH_LIFETIME of 9789s, scheduling reauthentication in 9189s
Dec 20 21:32:57 12[IKE] peer supports MOBIKE
Dec 20 21:32:57 13[IKE] deleting IKE_SA android[6] between 192.168.1.105[C=US

If it helps, my ipsec.conf looks like this:

conn android
         left=192.168.1.12
         leftcert=east-gatewayCert.pem
         leftid="C=US,,, E=brett.j.heroux at gmail.com"
         right=192.168.1.105
         rightcert=intelligenceCert.pem
         rightid="C=US,,, E=brett.j.heroux at gmail.com"
         keyexchange=ikev2
         auto=start

If you can help me get a tunnel from my phone to my gateway, I would 
appreciate it.

Brett Heroux

More information about the Users mailing list