Unable to connect Android client 2.2.1
-
I've seen a few messages of others having some trouble with this, but I don't see that anyone's gotten it figured out. Configuration worked under 2.1, and I have added local network 0.0.0.0/0 in mobile phase 2 even though my problem is in phase 1. It's indicating some sort of issue requiring restransmissions but I've no idea why. pfSense is on a stable Internet connection and the Android device fails from Verizon's LTE network which, as far as I know, doesn't do anything unusual with IP traffic.
What am I doing wrong?
Mar 26 16:15:25 charon: 01[JOB] deleting half open IKE_SA after timeout Mar 26 16:15:22 charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:15:22 charon: 01[IKE] received retransmit of request with ID 0, retransmitting response Mar 26 16:15:22 charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response Mar 26 16:15:22 charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes) Mar 26 16:15:19 charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:15:19 charon: 01[IKE] sending retransmit 3 of response message ID 0, seq 1 Mar 26 16:15:19 charon: 01[IKE] <con1|1> sending retransmit 3 of response message ID 0, seq 1 Mar 26 16:15:19 charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:15:19 charon: 01[IKE] received retransmit of request with ID 0, retransmitting response Mar 26 16:15:19 charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response Mar 26 16:15:19 charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes) Mar 26 16:15:16 charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:15:16 charon: 01[IKE] received retransmit of request with ID 0, retransmitting response Mar 26 16:15:16 charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response Mar 26 16:15:16 charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes) Mar 26 16:15:13 charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:15:13 charon: 01[IKE] received retransmit of request with ID 0, retransmitting response Mar 26 16:15:13 charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response Mar 26 16:15:13 charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes) Mar 26 16:15:10 charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:15:10 charon: 01[IKE] received retransmit of request with ID 0, retransmitting response Mar 26 16:15:10 charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response Mar 26 16:15:10 charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes) Mar 26 16:15:07 charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:15:07 charon: 01[IKE] received retransmit of request with ID 0, retransmitting response Mar 26 16:15:07 charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response Mar 26 16:15:07 charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes) Mar 26 16:15:06 charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:15:06 charon: 01[IKE] sending retransmit 2 of response message ID 0, seq 1 Mar 26 16:15:06 charon: 01[IKE] <con1|1> sending retransmit 2 of response message ID 0, seq 1 Mar 26 16:15:04 charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:15:04 charon: 01[IKE] received retransmit of request with ID 0, retransmitting response Mar 26 16:15:04 charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response Mar 26 16:15:04 charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes) Mar 26 16:15:01 charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:15:01 charon: 01[IKE] received retransmit of request with ID 0, retransmitting response Mar 26 16:15:01 charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response Mar 26 16:15:01 charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes) Mar 26 16:14:59 charon: 16[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:14:59 charon: 16[IKE] sending retransmit 1 of response message ID 0, seq 1 Mar 26 16:14:59 charon: 16[IKE] <con1|1> sending retransmit 1 of response message ID 0, seq 1 Mar 26 16:14:58 charon: 16[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:14:58 charon: 16[IKE] received retransmit of request with ID 0, retransmitting response Mar 26 16:14:58 charon: 16[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response Mar 26 16:14:58 charon: 16[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes) Mar 26 16:14:55 charon: 16[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes) Mar 26 16:14:55 charon: 16[ENC] generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V V ] Mar 26 16:14:55 charon: 16[CFG] selected peer config "con1" Mar 26 16:14:55 charon: 16[CFG] looking for XAuthInitPSK peer configs matching <pfsense wan="" ip="">...<android client="" ip="">[home.doug.dimick.net] Mar 26 16:14:55 charon: 16[IKE] <android client="" ip=""> is initiating a Aggressive Mode IKE_SA Mar 26 16:14:55 charon: 16[IKE] <1> <android client="" ip=""> is initiating a Aggressive Mode IKE_SA Mar 26 16:14:55 charon: 16[IKE] received DPD vendor ID Mar 26 16:14:55 charon: 16[IKE] <1> received DPD vendor ID Mar 26 16:14:55 charon: 16[IKE] received Cisco Unity vendor ID Mar 26 16:14:55 charon: 16[IKE] <1> received Cisco Unity vendor ID Mar 26 16:14:55 charon: 16[IKE] received XAuth vendor ID Mar 26 16:14:55 charon: 16[IKE] <1> received XAuth vendor ID Mar 26 16:14:55 charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID Mar 26 16:14:55 charon: 16[IKE] <1> received draft-ietf-ipsec-nat-t-ike-00 vendor ID Mar 26 16:14:55 charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Mar 26 16:14:55 charon: 16[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Mar 26 16:14:55 charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID Mar 26 16:14:55 charon: 16[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Mar 26 16:14:55 charon: 16[IKE] received NAT-T (RFC 3947) vendor ID Mar 26 16:14:55 charon: 16[IKE] <1> received NAT-T (RFC 3947) vendor ID Mar 26 16:14:55 charon: 16[IKE] received FRAGMENTATION vendor ID Mar 26 16:14:55 charon: 16[IKE] <1> received FRAGMENTATION vendor ID Mar 26 16:14:55 charon: 16[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V ] Mar 26 16:14:55 charon: 16[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes)</pfsense></android></android></android></android></pfsense></android></pfsense></pfsense></android></con1|1></android></pfsense></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense>
-
Posted too soon. Not sure if my search-fu just wasn't up to it or what, but eventually I found strongSwan issue 255 at https://wiki.strongswan.org/issues/255. On the Android side, delete anything you might have in the IPSec identifier field. On the pfSense side, I switched Key Exchange version to Auto and changed Negotiation mode to Main.