For the record, I have IPsec and xl2tpd implemented on a Linux (Ubuntu) firewall and have non-rooted Android clients. See <a href="http://goo.gl/by9zs">http://goo.gl/by9zs</a> for details (ignore the Proxy ARP bits).<div>
<br></div><div>KP<br><br><div class="gmail_quote">On Tue, Oct 16, 2012 at 8:08 AM, Erich Titl <span dir="ltr"><<a href="mailto:erich.titl@think.ch" target="_blank">erich.titl@think.ch</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi all<br>
<div class="im"><br>
at 16.10.2012 13:45, Willie Gillespie wrote:<br>
> On 10/16/2012 05:40 AM, Erich Titl wrote:<br>
>> Thanks, do you know a URL where this patch is located (not the htpm<br>
>> link :-(<br>
><br>
> <a href="http://people.redhat.com/pwouters/osw/openswan-2.6.38-android-ics-natoa.patch" target="_blank">http://people.redhat.com/pwouters/osw/openswan-2.6.38-android-ics-natoa.patch</a><br>
<br>
</div>Thanks a lot, applied it and now I am at the next hurdle<br>
<br>
Phase 2 IPSec is established correctly as can be seen at<br>
<br>
Oct 16 12:59:42 sentinel pluto[26463]: "mega-rw"[1] 195.141.2.242 #4:<br>
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1<br>
Oct 16 12:59:42 sentinel pluto[26463]: "mega-rw"[1] 195.141.2.242 #4:<br>
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2<br>
Oct 16 12:59:42 sentinel pluto[26463]: "mega-rw"[1] 195.141.2.242 #4:<br>
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<br>
Oct 16 12:59:42 sentinel pluto[26463]: "mega-rw"[1] 195.141.2.242 #4:<br>
STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x02456c24<br>
<0xd9005e09 xfrm=AES_256-HMAC_SHA1 N<br>
<br>
sentinel# ipsec eroute<br>
0 <a href="http://172.29.0.0/16" target="_blank">172.29.0.0/16</a> -> <a href="http://192.168.1.119/32" target="_blank">192.168.1.119/32</a> =><br>
<a href="mailto:esp0x2456c24@195.141.2.242">esp0x2456c24@195.141.2.242</a><br>
<br>
Now the client proposed a certain net, which I don't really want, can<br>
this be influenced somehow?<br>
<br>
Oct 16 12:59:42 sentinel pluto[26463]: "mega-rw"[1] 195.141.2.242 #3:<br>
the peer proposed: <a href="http://195.141.2.244/32:0/0" target="_blank">195.141.2.244/32:0/0</a> -> <a href="http://192.168.1.119/32:0/0" target="_blank">192.168.1.119/32:0/0</a><br>
<br>
Thanks<br>
<span class="HOEnZb"><font color="#888888"><br>
Erich<br>
<br>
</font></span><br>_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><span>-</span></div><span>Kit</span> <span>Peters</span> (W0KEH), Engineer II<br>
KMOS TV Channel 6 / KTBG 90.9 FM<br>
University of Central Missouri<br>
<a href="http://kmos.org/" target="_blank">http://kmos.org/</a> | <a href="http://ktbg.fm/" target="_blank">http://ktbg.fm/</a><br>
</div>