[Openswan dev] android interop issues, Re: [Openswan Users] Trying to get openswan working with android
Paul Wouters
pwouters at redhat.com
Mon Feb 27 13:46:34 EST 2012
On Mon, 27 Feb 2012, Patrick Lists wrote:
> The connection to your test server from my Nexus S with Android 2.3.6 did
> work. Since I no longer have Android 4.0.x ICS on my phone I asked someone
> who has a phone with Android 4 to try it out (thanks Luca!). Unfortunately it
> did *not* work. The log from the phone is pasted at the end. Hopefully the
> logs from both ends will give a clue what is going wrong.
> I/racoon ( 7195): 10.232.167.168[500] used for NAT-T
That seems to be coming from 217.200.200.231....
packet from 217.200.200.231:500: received Vendor ID payload [RFC 3947] method set to=115
packet from 217.200.200.231:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
packet from 217.200.200.231:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
packet from 217.200.200.231:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
packet from 217.200.200.231:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
packet from 217.200.200.231:500: received Vendor ID payload [Dead Peer Detection]
| nat-t detected, sending nat-t VID
So do we negotiate RFC 3947 .......
"l2tp-psk"[5846] 217.200.200.231 #5958: responding to Main Mode from
unknown peer 217.200.200.231
"l2tp-psk"[5846] 217.200.200.231 #5958: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
Then it restarts negotiation midway..... but gets further
"l2tp-psk"[5846] 217.200.200.231 #5958: STATE_MAIN_R2: sent MR2, expecting MI3
"l2tp-psk"[5846] 217.200.200.231 #5958: Main mode peer ID is ID_IPV4_ADDR: '10.232.167.168'
its odd to sent the internal IP as "id".....
I don't think we liked it too much,
"l2tp-psk"[5846] 217.200.200.231 #5958: switched from "l2tp-psk" to "l2tp-psk"
"l2tp-psk"[5847] 217.200.200.231 #5958: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
"l2tp-psk"[5847] 217.200.200.230 #5958: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}
| got payload 0x20(ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
| ***parse ISAKMP Identification Payload (IPsec DOI):
| next payload type: ISAKMP_NEXT_NAT-OA
| length: 12
| ID type: ID_IPV4_ADDR
| Protocol ID: 17
| port: 1701
| obj: c1 6e 9d 94
| got payload 0x200000(ISAKMP_NEXT_NAT-OA) needed: 0x0 opt: 0x200030
"l2tp-psk"[5847] 217.200.200.230 #5958: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
"l2tp-psk"[5847] 217.200.200.230 #5958: malformed payload in packet
| payload malformed after IV
| ce ae 9a 57 ce dc 8c 8e e0 c0 73 58 91 c4 36 91
"l2tp-psk"[5847] 217.200.200.230 #5958: sending notification PAYLOAD_MALFORMED to 217.200.200.230:4500
I would like to try this out from a clean slate, just to get a better
idea of what is happening...
Paul
More information about the Dev
mailing list