[strongSwan] Trouble with Android 4 client from Google Play

Mariano Lazzaro marianolazzaro at gmail.com
Tue Mar 26 05:31:38 CET 2013 

Hi!  I've been using stronSwan for about some time between linuxes and 
mixed linux/windows.

I have been trying to make it work first with Android 2.3.7, using 
RSA-pubkey, PSK, etc... I was a real pain to learn the complicated auth 
stuff with android, which I learned uses a modified racoon, IKEv1 + 
L2TP.  I could make that work (including using RSA certs, which is not 
easy) but worked only in a non-NATted environment (direct ESP packets, 
non-encapsulated) but when traversing a NAT the encapsulated ESPs didn't 
work for me, I tried EVERYTHING and I couldn't make them work.

A few days ago I happened to install an Android 4.2.1 (Jelly Bean) "ROM" 
on my cell phone.  That would support the strongSwan client natively.  
That would make IKEv2 work...  that was the holy, so awaited 
solution...  which, of course, didn't work.

I don't understand why it is failing, I've seen both the log files 
(cli/serv) and the serv does everything OK, so does the client to the 
point of creating a valid IKE SA, but then both daemons kill the SA 
because the client caused a "*failed to build TUN device*" error, which 
I had never seen.

Here are the important lines from the Client log file:
---
*Mar 26 00:56:01 13[LIB] builder: failed to build TUN device**
**Mar 26 00:56:01 13[DMN] failed to setup TUN device**
*---

Could this be caused by a missing kernel module, something like 
"tun.ko"?  Maybe my ROM is very little, very stripped to make Android 4 
work and they left out important stuff for VPN which the strongSwan 
client needs finally to create the tunnel after all the auth has been 
validated.

Please help me with this...  I've never been so frustrated...  I've 
spent days and days and days trying to use a DECENT VPN solution on the 
GOD DAMNED Android OS.

Thanks you for your time!  (If it weren't for the Android-related 
problems, I would say strongSwan is very good software and works really 
well)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130326/9906f03a/attachment.html>

More information about the Users mailing list