<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Hi, I had a thread back in October around setting up Openswan with Android using L2TP and IPSEC.<BR>
<BR>
I've since got the IPSec VPN conntection fully working between my Android phone and Ubuntu box, with the exception that once the VPN is connected I seem to lose internet access on the Android device. I am looking to tunnel the Android internet access through the VPN and Ubunutu box to the internet, securing my internet sessions when I am on public wi-fi.<BR>
<BR>
I suspect that I have an issue with my routing / NAT traversal which is disrupting the internet queries from my Android phone. Can someone advise how I can diagnose the issue?<BR>
<BR>
The Android device is not rooted so using a Shell is impossible, hence tracing my network traffic from the handset has proven difficult. There may be something obviously wrong in my ipsec config files:<BR>
<BR>
Setup<BR>
====<BR>
Ubuntu 10.04<BR>Openswan 2.6.28<BR>xl2tpd 1.2.7<BR>Google Nexus One with Android 2.2.1 using an IPsec PSK tunnel and the <BR>l2tp secret not enabled.<BR><BR><BR>
<BR>
###############################################################################<BR>/etc/ipsec.conf<BR>###############################################################################<BR># /etc/ipsec.conf - Openswan IPsec configuration file<BR># RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $<BR><BR># This file: /usr/share/doc/openswan/ipsec.conf-sample<BR>#<BR># Manual: ipsec.conf.5<BR><BR>version 2.0 # conforms to second version of ipsec.conf specification<BR><BR># basic configuration<BR>config setup<BR> nat_traversal=yes<BR> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<BR> oe=off<BR> protostack=netkey<BR> nhelpers=0<BR><BR>conn L2TP<BR> authby=secret<BR> auto=add<BR> pfs=no<BR> type=transport<BR> rekey=no<BR><BR> left=192.168.1.100<BR> leftnexthop=192.168.1.1<BR> leftprotoport=17/1701<BR><BR> right=%any<BR> rightsubnet=vhost:%no,%priv<BR> rightprotoport=17/1701<BR> forceencaps=yes<BR><BR><BR>###############################################################################<BR>/etc/xl2tpd/xl2tpd.conf<BR>###############################################################################<BR>[global]<BR>ipsec saref = no<BR>auth file = /etc/ppp/chap-secrets<BR>port = 1701<BR>debug tunnel = yes<BR>debug avp = yes<BR>debug packet = yes<BR>debug network = yes<BR>debug state = yes<BR><BR>[lns default]<BR>ip range = 192.168.1.51-192.168.1.55<BR>local ip = 192.168.1.50<BR>require chap = yes<BR>refuse pap = yes<BR>require authentication = yes<BR>name = Zebedee<BR>ppp debug = yes<BR>pppoptfile = /etc/ppp/options.xl2tpd<BR>length bit = yes<BR><BR><BR>###############################################################################<BR>/etc/ppp/chap-secrets<BR>###############################################################################<BR># Secrets for authentication using CHAP<BR># client server secret IP addresses<BR>* * "testpass" *<BR><BR><BR>###############################################################################<BR>/etc/ppp/options.xl2tpd<BR>###############################################################################<BR>ipcp-accept-local<BR>ipcp-accept-remote<BR>noccp<BR>auth<BR>#crtscts<BR>idle 1800<BR>mtu 1410<BR>mru 1410<BR>nodefaultroute<BR>debug<BR>lock<BR>proxyarp<BR>connect-delay 5000<BR>ms-dns 192.168.1.1<BR><BR><BR>                                            </body>
</html>