[Openswan dev] android interop issues, Re: [Openswan Users] Trying to get openswan working with android

Paul Wouters pwouters at redhat.com
Mon Feb 27 13:46:34 EST 2012

On Mon, 27 Feb 2012, Patrick Lists wrote:

> The connection to your test server from my Nexus S with Android 2.3.6 did 
> work. Since I no longer have Android 4.0.x ICS on my phone I asked someone 
> who has a phone with Android 4 to try it out (thanks Luca!). Unfortunately it 
> did *not* work. The log from the phone is pasted at the end. Hopefully the 
> logs from both ends will give a clue what is going wrong.

> I/racoon  ( 7195):[500] used for NAT-T

That seems to be coming from

packet from received Vendor ID payload [RFC 3947] method set to=115
packet from received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115
packet from received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115
packet from received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
packet from ignoring Vendor ID payload [FRAGMENTATION 80000000]
packet from received Vendor ID payload [Dead Peer Detection]
| nat-t detected, sending nat-t VID

So do we negotiate RFC 3947 .......
"l2tp-psk"[5846] #5958: responding to Main Mode from
unknown peer
"l2tp-psk"[5846] #5958: transition from state

Then it restarts negotiation midway..... but gets further

"l2tp-psk"[5846] #5958: STATE_MAIN_R2: sent MR2, expecting MI3

"l2tp-psk"[5846] #5958: Main mode peer ID is ID_IPV4_ADDR: ''

its odd to sent the internal IP as "id".....

I don't think we liked it too much,

"l2tp-psk"[5846] #5958: switched from "l2tp-psk" to "l2tp-psk"
"l2tp-psk"[5847] #5958: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
"l2tp-psk"[5847] #5958: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp1024}

| got payload 0x20(ISAKMP_NEXT_ID) needed: 0x0 opt: 0x200030
| ***parse ISAKMP Identification Payload (IPsec DOI):
|    next payload type: ISAKMP_NEXT_NAT-OA
|    length: 12
|    ID type: ID_IPV4_ADDR
|    Protocol ID: 17
|    port: 1701
|      obj:   c1 6e 9d 94
| got payload 0x200000(ISAKMP_NEXT_NAT-OA) needed: 0x0 opt: 0x200030
"l2tp-psk"[5847] #5958: byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
"l2tp-psk"[5847] #5958: malformed payload in packet
| payload malformed after IV
|   ce ae 9a 57  ce dc 8c 8e  e0 c0 73 58  91 c4 36 91
"l2tp-psk"[5847] #5958: sending notification PAYLOAD_MALFORMED to

I would like to try this out from a clean slate, just to get a better
idea of what is happening...


More information about the Dev mailing list