[strongSwan] Working Android 6 Native XAUTH configuration?

Michael Lipp mnl at mnl.de
Fri Feb 26 12:41:28 CET 2016


Hi,

does anybody have a working configuration for Android 6.0 IPSec RSA/Xauth?

I got as far as a "half open IKE_SA". Authentications were successful

11[IKE] authentication of 'C=DE, O=TLN, CN=LG-D2' with RSA successful
11[IKE] authentication of 'C=DE, O=TLN, CN=Lar' (myself) successful

XAUTH task is started:

11[IKE] queueing XAUTH task
11[ENC] generating ID_PROT response 0 [ ID SIG ]
11[NET] sending packet: from 192.168.200.2[4500] to 192.168.200.1[64868]
(348 bytes)
11[IKE] activating new tasks
11[ENC] generating TRANSACTION request 118312633 [ HASH CPRQ(X_USER X_PWD) ]
11[NET] sending packet: from 192.168.200.2[4500] to 192.168.200.1[64868]
(92 bytes)
08[NET] received packet: from 192.168.200.1[64868] to
192.168.200.2[4500] (108 bytes)

but from there on things go wrong:

08[ENC] invalid HASH_V1 payload length, decryption failed?

I searched for "invalid HASH_V1 payload length, decryption failed?" and
found several bug reports, most closed without real solution. I tried
every hint I could find there to no avail.

 - Michael




More information about the Users mailing list