[strongSwan] transport mode android problems
Lewis Robson
robsonl at conscious.co.uk
Thu Jul 22 15:31:13 CEST 2021
Hi all,
I am having trouble connecting an android device to strongswan in
transport mode.
android works with tunnel mode and certificates
android doesnt work with transport mode and certificates
here is my current config I am using for testing transport mode (working
tunnel mode conf below)
conn host
left=myexternalip
leftcert=mycert
leftsendcert=always
leftauth=pubkey
right=%any
rightid=%any
type=transport
auto=add
rightauth=pubkey
authby=pubkey
error im seeing
from server end:
peer requested virtual IP %any
no virtual IP found, sending INTERNAL_ADDRESS_FAILURE
Jul 22 14:25:50 cerberus charon: 16[IKE] configuration payload
negotiation failed, no CHILD_SA built
Jul 22 14:25:50 cerberus charon: 16[IKE] failed to establish CHILD_SA,
keeping IKE_SA
from android end:
received internal address failure notify, no child sa built
closing ike sa due child sa setup failure
config that works with android device in tunnel mode and x509
certificates thats working below
(removing left subnet, changing type and removing right source ip breaks
the connection ad i cant get in)
conn phones-on
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
dpdaction=clear
dpddelay=300s
rekey=no
left=%any
leftid=externalip
leftcert=mycert
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightsendcert=always
rightauth=pubkey
authby=pubkey
#rightauth=eap-mschapv2
rightsourceip=10.10.10.0/24
rightdns=8.8.8.8,8.8.4.4
rightsendcert=never
eap_identity=%identity
ike=chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
any ideas?
thankyou :)
--
Lewis Robson
Systems Administrator
More information about the Users
mailing list