[Openswan Users] android l2tp crt connection

[Bob Miller]

For the benefit of anyone else looking to accomplish this, here is what
I found:
As per an article I found, and my logs support it, a certificate will
only work if you put the IP address of the remote device into the remote
device's certificate.  Since the devices are mobile, this would require
a new cert be generated every time the device gets an address, or would
require the mobile device to somehow have a static IP.  Since that isn't
practical, the path of least resistance in my case is to add a conn for
using PSKs. 


On Fri, 2011-07-15 at 23:05 -0700, Bob Miller wrote:
> Hello,
> I have an existing vpn server working with xp and ubuntu clients.  Enter
> android tablet for a fun-filled thrilling Friday evening ;)
> The connection gets as far as establishing the ISAKMP SA, then the log
> reports it is retransmitting in response to duplicate packet.  By
> tcpdump, a few seconds later a packet comes from the tablet, the server
> responds with a packet and another entry about retransmitting shows up
> in the log.  5 or 10 seconds later the tablet sends another packet, the
> server responds and logs as before, and it is done.
> I have tried adjusting protoports from 1701/0/%any, and removed and
> added a few lines from the existing config, most of which broke the
> existing system.  I have tried to find some kind of logging on the
> tablet, but can find no such thing. 
> I have the connection coming up if I use PSK instead of certs.  I tried
> using the authby=secret|rsasig, but after that failed I found a recent
> post that explains that is to be expected
> This smells like some attribute the certificate needs to have to for
> android to play with it.  
> Google indicates some have it working, would anyone be willing to share
> their experience?
> 

-- 
Bob Miller
334-7117/660-5315
http://computerisms.ca
bob at computerisms.ca
Network, Internet, Server,
and Open Source Solutions