[strongSwan] Trouble with Android 4 client from Google Play
Mariano Lazzaro
marianolazzaro at gmail.com
Tue Mar 26 05:31:38 CET 2013
Hi! I've been using stronSwan for about some time between linuxes and
mixed linux/windows.
I have been trying to make it work first with Android 2.3.7, using
RSA-pubkey, PSK, etc... I was a real pain to learn the complicated auth
stuff with android, which I learned uses a modified racoon, IKEv1 +
L2TP. I could make that work (including using RSA certs, which is not
easy) but worked only in a non-NATted environment (direct ESP packets,
non-encapsulated) but when traversing a NAT the encapsulated ESPs didn't
work for me, I tried EVERYTHING and I couldn't make them work.
A few days ago I happened to install an Android 4.2.1 (Jelly Bean) "ROM"
on my cell phone. That would support the strongSwan client natively.
That would make IKEv2 work... that was the holy, so awaited
solution... which, of course, didn't work.
I don't understand why it is failing, I've seen both the log files
(cli/serv) and the serv does everything OK, so does the client to the
point of creating a valid IKE SA, but then both daemons kill the SA
because the client caused a "*failed to build TUN device*" error, which
I had never seen.
Here are the important lines from the Client log file:
---
*Mar 26 00:56:01 13[LIB] builder: failed to build TUN device**
**Mar 26 00:56:01 13[DMN] failed to setup TUN device**
*---
Could this be caused by a missing kernel module, something like
"tun.ko"? Maybe my ROM is very little, very stripped to make Android 4
work and they left out important stuff for VPN which the strongSwan
client needs finally to create the tunnel after all the auth has been
validated.
Please help me with this... I've never been so frustrated... I've
spent days and days and days trying to use a DECENT VPN solution on the
GOD DAMNED Android OS.
Thanks you for your time! (If it weren't for the Android-related
problems, I would say strongSwan is very good software and works really
well)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130326/9906f03a/attachment.html>
More information about the Users
mailing list