[Openswan Users] Trying to get openswan working with android

Robert Laverick robert+vpn at scabserver.com
Fri May 18 07:44:19 EDT 2012 

Paul Wouters <pwouters <at> redhat.com> writes:

> 
> On Fri, 24 Feb 2012, Patrick Lists wrote:
> 
> > I just tried it on a Nexus S with Android 2.3.6 and it connected 
> 
> Okay, so there are no problems with openswan, once we release 2.6.38. If
> someone is in a hurry, look for the "OSX" git commits from last week.
> 

Actually the problem from the originally linked bug report appears to have only 
been introduced with Android 4.0.x and above when they moved to ipsec-tools 
0.8.0 so a test from 2.3.6 doesn't actually test if this is resolved

http://code.google.com/p/android/issues/detail?id=23124

I've attempted to connect to the test VPN you mentioned from my Android 4.0.4 
device and I get timeout failures which mirror the ones I get using 
openswan-2.6.37-1.fc16.x86_64 on my own server.

I'm more than happy to help test this, but I'm a beginner at this VPN stuff, all 
I know is that I've got it configured to that my Windows 7 laptop can connect to 
the VPN just fine.

Here's an example of what I see in the logs from when I was trying to get this 
working last night on my own fedora 16 box from Android 4.0.4 on my Nexus S:

May 17 00:13:27 gozer pluto[5124]: "home-ipsec"[7] 149.254.180.87 #6: responding 
to Main Mode from unknown peer 149.254.180.87
May 17 00:13:27 gozer pluto[5124]: "home-ipsec"[7] 149.254.180.87 #6: transition 
from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 17 00:13:27 gozer pluto[5124]: "home-ipsec"[7] 149.254.180.87 #6: 
STATE_MAIN_R1: sent MR1, expecting MI2
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[7] 149.254.180.87 #6: NAT-
Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[7] 149.254.180.87 #6: transition 
from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[7] 149.254.180.87 #6: 
STATE_MAIN_R2: sent MR2, expecting MI3
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[7] 149.254.180.87 #6: Main mode 
peer ID is ID_IPV4_ADDR: '10.151.149.108'
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[7] 149.254.180.87 #6: switched 
from "home-ipsec" to "home-ipsec"
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: deleting 
connection "home-ipsec" instance with peer 149.254.180.87 {isakmp=#0/ipsec=#0}
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: transition 
from state STATE_MAIN_R2 to state STATE_MAIN_R3
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: new NAT 
mapping for #6, was 149.254.180.87:33678, now 149.254.180.87:33614
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY 
cipher=aes_256 prf=oakley_sha group=modp1024}
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: ignoring 
informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: received 
and ignored informational message
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: byte 7 of 
ISAKMP NAT-OA Payload must be zero, but is not
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: malformed 
payload in packet
May 17 00:13:28 gozer pluto[5124]: | payload malformed after IV
May 17 00:13:28 gozer pluto[5124]: |   c9 16 b7 aa  79 9c e4 84  45 8a bf 9d  7e 
84 67 e2
May 17 00:13:28 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: sending 
notification PAYLOAD_MALFORMED to 149.254.180.87:33614
May 17 00:13:31 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: byte 7 of 
ISAKMP NAT-OA Payload must be zero, but is not
May 17 00:13:31 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: malformed 
payload in packet
May 17 00:13:31 gozer pluto[5124]: | payload malformed after IV
May 17 00:13:31 gozer pluto[5124]: |   c9 16 b7 aa  79 9c e4 84  45 8a bf 9d  7e 
84 67 e2
May 17 00:13:31 gozer pluto[5124]: "home-ipsec"[8] 149.254.180.87 #6: sending 
notification PAYLOAD_MALFORMED to 149.254.180.87:33614

More information about the Users mailing list