[strongSwan] Endian Firewall and Android/iOS client

Sun Sep 22 20:10:40 CEST 2013

Hi to all
I've EFW 2.5.1 with strongSwan 4.6.4
I can connect with W7 and WXP client, after applying Q818043 and Q240262
but I can't connect with Android and iOS:

The part of log that I think is useful:

Sep 22 19:05:48 pluto[2692] "L2TP"[1] 87.0.178.18 #1: Peer ID is ID_IPV4_ADDR: 
'192.168.82.100'
Sep 22 19:05:48 pluto[2692] "L2TP"[2] 87.0.178.18 #1: deleting connection 
"L2TP" instance with peer 87.0.178.18 {isakmp=#0/ipsec=#0}
Sep 22 19:05:48 pluto[2692] | NAT-T: new mapping 87.0.178.18:500/15587)
Sep 22 19:05:48 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: sent MR3, ISAKMP 
SA established

[...]

Sep 22 19:05:49 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: byte 7 of ISAKMP 
NAT-OA Payload must be zero, but is not
Sep 22 19:05:49 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: malformed payload 
in packet
Sep 22 19:05:49 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: sending encrypted 
notification PAYLOAD_MALFORMED to 87.0.178.18:15587

[...]

Sep 22 19:06:44 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: Quick Mode I1 
message is unacceptable because it uses a previously used Message ID 0x4d5e5fb1 
(perhaps this is a duplicated packet)
Sep 22 19:06:44 pluto[2692] "L2TP"[2] 87.0.178.18:15587 #1: sending encrypted 
notification INVALID_MESSAGE_ID to 87.0.178.18:15587
Sep 22 19:06:47 xl2tpd[9961] network_thread: recv packet from 87.0.178.18, 
size = 69, tunnel = 0, call = 0 ref=0 refhim=0
Sep 22 19:06:47 xl2tpd[9961] get_call: allocating new tunnel for host 
87.0.178.18, port 17345.
Sep 22 19:06:47 xl2tpd[9961] handle_avps: handling avp's for tunnel 43220, 
call 9005
Sep 22 19:06:47 xl2tpd[9961] message_type_avp: message type 1 (Start-Control-
Connection-Request)
Sep 22 19:06:47 xl2tpd[9961] protocol_version_avp: peer is using version 1, 
revision 0.
Sep 22 19:06:47 xl2tpd[9961] hostname_avp: peer reports hostname 'anonymous'
Sep 22 19:06:47 xl2tpd[9961] framing_caps_avp: supported peer frames: async 
sync
Sep 22 19:06:47 xl2tpd[9961] assigned_tunnel_avp: using peer's tunnel 46540
Sep 22 19:06:47 xl2tpd[9961] receive_window_size_avp: peer wants RWS of 1. 
Will use flow control.
Sep 22 19:06:47 xl2tpd[9961] control_finish: message type is Start-Control-
Connection-Request(1). Tunnel is 46540, call is 0.
Sep 22 19:06:47 xl2tpd[9961] control_finish: sending SCCRP
Sep 22 19:06:49 xl2tpd[9961] network_thread: recv packet from 87.0.178.18, 
size = 36, tunnel = 0, call = 0 ref=0 refhim=0
Sep 22 19:06:49 xl2tpd[9961] get_call: allocating new tunnel for host 
87.0.178.18, port 17345.
Sep 22 19:06:49 xl2tpd[9961] check_control: Received out of order control 
packet on tunnel -1 (got 1, expected 0)
Sep 22 19:06:49 xl2tpd[9961] handle_packet: bad control packet!
Sep 22 19:06:49 xl2tpd[9961] network_thread: bad packet
Sep 22 19:06:49 xl2tpd[9961] build_fdset: closing down tunnel 44636
Sep 22 19:06:50 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:51 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:52 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:53 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:54 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:54 xl2tpd[9961] Maximum retries exceeded for tunnel 43220. 
Closing.
Sep 22 19:06:54 xl2tpd[9961] Connection 46540 closed to 87.0.178.18, port 
17345 (Timeout)
Sep 22 19:06:55 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:56 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:57 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:58 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:59 xl2tpd[9961] network_thread: select timeout
Sep 22 19:06:59 xl2tpd[9961] Unable to deliver closing message for tunnel 
43220. Destroying anyway.

Thanks for any help. 