[Openswan Users] Openswan pluto causes connection drop after 10s with Android IPsec/L2TP clients
Paul Wouters
paul at xelerance.com
Thu Sep 1 16:46:55 EDT 2011
On Thu, 1 Sep 2011, René Mayrhofer wrote:
>> leftprotoport=17/1701
>> rightprotoport=17/0
>>
>> You should use rightprotoport=17/%any
>>
>> Strongswan might have a different interpretation from Openswan on the
>> meaning of 17/0
> As far as I am aware, %any translates to 0.
There is a difference.
- 0 means "everything"
- %any meants "any 1 port"
Also, %any causes instantiation. I am not sure if 0 causes that.
>> The ppp logs show the android phone is deciding to hang up. Can you see its
>> logs
>> on why it is doing that?
> According to the logs, yes. However, it seems unlikely that the Android
> client is behaving differently when connecting to openswan (as opposed to
> strongswan).
Well, it is not hanging up on strongswan, so it is behaving differently.
What's cause and effect can be argued. Having logs would have been nice.
With ppp packets flowing, it seems that IPsec is working fine. So I don't
know why it is hanging up....
> Unfortunately, I have not yet found any detailed logs of the
> embedded racoon and therefore can't debug from the client side.
That complicates things, yes. I would still recommand trying %any
Paul
More information about the Users
mailing list