[strongSwan] I need a working config for Android (4.0.3) -> StrongSwan (4.5.6)

Gerd v. Egidy lists at egidy.de
Wed May 16 17:08:00 CEST 2012

> # Add connections here.
> conn android
>           #authby=psk
>           authby=xauthpsk
>           xauth=server
>           keyexchange=ikev1
>           #type=tunnel
>           type=transport
>           left=
>           #leftsubnet=

you shouldn't comment this out, the Android client expects on the 
other side.

>           leftnexthop=%defaultroute
>           right=%any
>           #rightsubnet=
>           rightnexthop=%defaultroute
>           rightsourceip=

This is not how the Android client expects it. Use "modeconfig=push" and add an 
ip pool for the client to use (like "rightsourceip=%poolname").

Then you can use the ipsec pool command to add some IPs to your pool (see the 
strongswan wiki how to use it).

Also you should upgrade to strongswan 4.6.3 as it includes a patch to make 
Xauth with Android work.

> This is the end of the pluto.log file ..

you probably also want to take a look at the Android side of the log. You can 
either get the log with adb or install a small log forwarding tool on your 
Android device. I can recommend SendLog by Neil Boyd for this, just search for 
it on the Play market.

Kind regards,


More information about the Users mailing list