[Openswan Users] Openswan pluto causes connection drop after 10s with Android IPsec/L2TP clients

René Mayrhofer rene at mayrhofer.eu.org
Thu Sep 1 14:43:34 EDT 2011


Hi Paul,

On 01.09.2011 18:40, Paul Wouters wrote:
> On Thu, 1 Sep 2011, René Mayrhofer wrote:
>
>> It seems that openswan pluto is having problems with Android clients. 
>> The
>> reproducible problem is that:
>>
>> - The gateway is a fresh Debian Squeeze installation with backported 
>> openswan
>> 2.6.35-1, strongswan 4.4.1-6, and xl2tpd 1.2.7+dfsg-1. Kernel is 
>> standard
>> 2.6.32-5 with and without SAref patch applied.
>>
>> - Android 2.3.4 can, with the built-in IPsec/L2TP client - configured
>> "normally" via the settings GUI with either PSK or X.509 certificates 
>> - connect
>> to an openswan/strongswan gateway with xl2tpd.
>
>        leftprotoport=17/1701
>         rightprotoport=17/0
>
> You should use rightprotoport=17/%any
>
> Strongswan might have a different interpretation from Openswan on the 
> meaning of 17/0
As far as I am aware, %any translates to 0.

> The ppp logs show the android phone is deciding to hang up. Can you 
> see its logs
> on why it is doing that?
According to the logs, yes. However, it seems unlikely that the Android 
client is behaving differently when connecting to openswan (as opposed 
to strongswan). Unfortunately, I have not yet found any detailed logs of 
the embedded racoon and therefore can't debug from the client side.

best regards,
Rene


More information about the Users mailing list