[strongSwan] StrongSwan Android and PureVPN

Robbie Medford hypocritus at gmail.com
Sun Sep 4 02:52:59 CEST 2016


I am trying to get PureVPN's IKEv2 protocol to work on Android. The reason
is, I have a dedicated VPN IP address; but my ISP blocks PPTP and L2TP, and
PureVPN doesn't yet have a published Android IKEv2 nor SSTP client, nor an
OpenVPN client for Android that will do dedicated IP (their iOS app does
it. I has basically the same guts as the Android app). There is a paid
third-party app which will successfully do SSTP, but then I have the
constraints of a TCP connection with no option for UDP.

I think I'm getting somewhere with the connection, but it stops at
"constraint check failed: identity 'ser-ver.xxx.xxx.' required"

What can I do?

I read somewhere that I may be able to either 1) make an adequate
certificate from info that I have on hand or can obtain, or 2) pass the
necessary info through the "server identity" field added in version 1.6.0.

I have a few servers to choose from, but I'll just name "
vlbr-usvc1.pointtoserver.com"

I'm guessing I shouldn't bomb this email-list with pasting the texts of the
log and the other certificate-like files that I have, so I'm attaching them.
But here is some of the log...

Sep  3 19:50:16 13[CFG]   using certificate "OU=Domain Control Validated,
OU=PositiveSSL Multi-Domain, CN=PointtoServer.com"
Sep  3 19:50:16 13[CFG]   using untrusted intermediate certificate "C=GB,
ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain
Validation Secure Server CA"
Sep  3 19:50:16 13[CFG]   using untrusted intermediate certificate "C=GB,
ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA
Certification Authority"
Sep  3 19:50:16 13[CFG]   using trusted ca certificate "C=SE, O=AddTrust
AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root"
Sep  3 19:50:16 13[CFG]   reached self-signed root ca with a path length of
2
Sep  3 19:50:16 13[IKE] authentication of 'OU=Domain Control Validated,
OU=PositiveSSL Multi-Domain, CN=PointtoServer.com' with RSA signature
successful
Sep  3 19:50:16 13[CFG] constraint check failed: identity '
vlbr-usvc1.pointtoserver.com.' required
Sep  3 19:50:16 13[CFG] selected peer config 'android' inacceptable:
constraint checking failed
Sep  3 19:50:16 13[CFG] no alternative config found
Sep  3 19:50:16 13[ENC] generating INFORMATIONAL request 2 [ N(AUTH_FAILED)
]
Sep  3 19:50:16 13[NET] sending packet: from 10.31.144.248[60386] to
191.101.62.4[4500] (68 bytes)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160903/a7a22f15/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SS.log
Type: application/octet-stream
Size: 22878 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160903/a7a22f15/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ca.crt
Type: application/x-x509-server-cert
Size: 1667 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160903/a7a22f15/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.crt
Type: application/x-x509-server-cert
Size: 1766 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160903/a7a22f15/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.key
Type: application/pgp-keys
Size: 1704 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160903/a7a22f15/attachment-0002.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Wdc.key
Type: application/pgp-keys
Size: 657 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160903/a7a22f15/attachment-0003.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: USA-VIRGINIA(V)-UDP.ovpn
Type: application/octet-stream
Size: 322 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160903/a7a22f15/attachment-0003.obj>


More information about the Users mailing list