[strongSwan] Android client problems - possible bugs found

Mark M mark076h at yahoo.com
Mon Sep 24 07:52:43 CEST 2012


After playing around with it all weekend, i finally got the strongSwan Android client working! turns out that the gateway certificate has to have the subjectAltname field with the IP of the gateway.

Now I have noticed some strange behavior. When i go to a website it takes a very long time to even start loading. I setup Wireshark for my gateway and noticed that my client sends many DNS requests for the site, these are multiple IPv6(AAAA) requests, sometimes 5-10 before the site starts to load. I think this is the problem. Now I am not sure if this is a problem with my phone and Verizon network or something wrong with the strongSwan android client, any ideas?

Also, is there a way to have the client auto connect when a network connection is present. Is that possible with any android vpn client?

Also a strange thing is that it sends to the gateway requests for every CA cert stored on the Android phone. My Galaxy S3 comes with about 120 trusted CA certs and during the IKE it sends requests to the gateway for each one. On my gateway log file it reads "received 119 cert requests for an unkown CA" after that it uses the correct one. Is that some kind of bug with the android client?

Thanks again to Tobias for fixing my subjectAltname field problem, my internet browsing from my phone is now secure! :)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120923/96efd0be/attachment.html>

More information about the Users mailing list