[strongSwan] I need a working config for Android (4.0.3) -> StrongSwan (4.5.6)
Clarence
clarencehj at gmail.com
Wed May 16 00:00:55 CEST 2012
I've been trying to get My android tablet to connect to the StrongSwan
Server all day today... Does anyone have a working config for connecting an
Android 4.0.3 devie to a StrongSwan server using the "IPSec Xauth PSK"
setting?
** I think I need a working config to look at... I'm Stumped! ***
This is the layout:
[tablet - 192.168.51.125] ----> [ strongswan_left - 192.168.51.101 ] ----
[ strongswan_right - 192.168.61.101 ] ---> 192.168.61.0/24 network
ipsec.secrets
----------------------
192.168.151.101 : PSK "password"
user1 : XAUTH "password" # <--- I'm not sure what this does.
: XAUTH "password" # <-- or this
ipsec.conf
---------------
config setup
# plutodebug=all
# crlcheckinterval=600
# strictcrlpolicy=yes
# cachecrls=yes
# nat_traversal=yes
# nat_traversal=no
charonstart=yes
plutostart=yes
plutodebug="control lifecycle dns oppo controlmore natt"
# Add connections here.
conn android
#authby=psk
authby=xauthpsk
xauth=server
keyexchange=ikev1
#type=tunnel
type=transport
left=192.168.51.101
#leftsubnet=0.0.0.0/0
leftnexthop=%defaultroute
right=%any
#rightsubnet=0.0.0.0/0
rightnexthop=%defaultroute
rightsourceip=192.168.61.5/25
pfs=no
auto=add
On the tablet I put "password" in the pre-shared key field.
and I put user1 and password in the username and password field that
pops up when it tries to connect.
-----
This is what happens... I use wireshark and I can see
6 - Identity Protection packets (Main Mode) packets
1 - Transaction (Config Mode) packet
1 - Informational
3 - Transactional ( config Mode ) packets
1 - Informational
Then thats it. Nothing else happens. The packets have the encrypted flag
set so I cant really see whats inside of them.
-----------
This is the end of the pluto.log file ..
*received 108 bytes from 192.168.51.125:500 on eth0
| ICOOKIE: ca 4c 24 cc 11 19 d6 0b
| RCOOKIE: 81 0a 06 3f 6a c5 df 16
| peer: c0 a8 97 7d
| state hash entry 27
| state object #4 found, in STATE_XAUTH_R1
"android"[4] 192.168.51.125 #4: parsing XAUTH reply
| processing XAUTH_USER_NAME attribute
| processing XAUTH_USER_PASSWORD attribute
| peer xauth user name is 'user1'
"android"[4] 192.168.51.125 #4: extended authentication failed
"android"[4] 192.168.51.125 #4: sending XAUTH status
| building XAUTH_STATUS attribute
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #4
| next event EVENT_RETRANSMIT in 10 seconds for #4
|
| *received 92 bytes from 192.168.51.125:500 on eth0
| ICOOKIE: ca 4c 24 cc 11 19 d6 0b
| RCOOKIE: 81 0a 06 3f 6a c5 df 16
| peer: c0 a8 97 7d
| state hash entry 27
| state object #4 found, in STATE_XAUTH_R2
"android"[4] 192.168.51.125 #4: parsing XAUTH ack
| processing XAUTH_STATUS attribute
| ICOOKIE: ca 4c 24 cc 11 19 d6 0b
| RCOOKIE: 81 0a 06 3f 6a c5 df 16
| peer: c0 a8 97 7d
| state hash entry 27
"android"[4] 192.168.51.125: deleting connection "android" instance with
peer 192.168.51.125 {isakmp=#0/ipsec=#0}
| certs and keys locked by 'delete_connection'
| certs and keys unlocked by 'delete_connection'
| next event EVENT_NAT_T_KEEPALIVE in 20 seconds
|
| *received 108 bytes from 192.168.51.125:500 on eth0
| ICOOKIE: ca 4c 24 cc 11 19 d6 0b
| RCOOKIE: 81 0a 06 3f 6a c5 df 16
| peer: c0 a8 97 7d
| state hash entry 27
| state object not found
packet from 192.168.51.125:500: Informational Exchange is for an unknown
(expired?) SA
| next event EVENT_NAT_T_KEEPALIVE in 20 seconds
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120515/28efd526/attachment.html>
More information about the Users
mailing list