IPsec PSK+xauth works on Android 2.3.3 (Gingerbread)
-
So my Droid X on Verizon pulled down the Gingerbread update yesterday and I noticed it had "Advanced IPsec VPNs", so that got me thinking it was time to test things again.
Lo and behold, IPsec works! You can setup an IPsec instance using the phone's "PSK v1 (AES, xauth, aggressive)" VPN profile and it connects, but only if you have just the right settings on the server and client.
I put all of the details here:
http://doc.pfsense.org/index.php/Android_VPN_Connectivity#pfSense_2.0_vs_Gingerbread_PSK_v1_.28AES.2C_xauth.2C_aggressive.29 -
Awesome! I just followed your guide with my DX and it's working like a charm. Only question I have is if there's a way to force all traffic through the tunnel?
-
I haven't tried this yet, but on the VPN setup on the phone try putting 0.0.0.0 / 0 in for the subnet in the list at the bottom.
EDIT: I think you'll also need to add outbound NAT rules for the IPsec subnet. I don't think the mode config subnet gets automatic outbound NAT rules but I'd have to check to be sure.
EDIT 2: It wasn't a part of automatic outbound NAT before, but I added it in so it will be on future snapshots. :-)
-
DX doesn't allow a subnet mask of 0.
-
Yeah I just noticed that… lowest it goes is 2. So there may still be hope.
Try:
0.0.0.0 / 2
64.0.0.0 / 2
128.0.0.0 / 2
192.0.0.0 / 2 -
It doesn't seem to be working. Any other ideas/suggestions?
-
I couldn't get it to work either but I didn't try hard. When I tried it looked like DNS was going over the tunnel even for a local IP. There may not be a good way to tunnel all traffic effectively. Perhaps if you could hardcode the DNS somewhere on the phone to google public DNS instead of relying on DHCP for DNS that might help.
-
Now if only I could get PPTP to work :'(