IPSEC, Android 3.1
-
Hello!
i have been trying to setup my first VPN ever the last few days and its been really hard but i think i have come a long way now…. but i have 2 problems left....
my setup looks like this:
Samsung Galaxy Pad 10.1 (Android 3.1) (Dynamic IP with a no-ip DDNS.) -> Internet -> WAN (Dynamic IP with a no-ip DDNS) -> PFSense 2.0-RC3 AMD x64 (todays build) -> HP ProCurve Switch (unmanaged) -> 192.168.0.0/24IPSec Phase2 set to "LAN SUBNET". Mobile Client 192.168.1.0/24.
xxx.xxx.xxx.xxx = MY WAN IP
$ cat /var/etc/racoon.conf # This file is automatically generated. Do not edit path pre_shared_key "/var/etc/psk.txt"; path certificate "/var/etc"; listen { adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660; isakmp xxx.xxx.xxx.xxx [500]; isakmp_natt xxx.xxx.xxx.xxx [4500]; } mode_cfg { auth_source system; group_source system; pool_size 253; network4 192.168.1.1; netmask4 255.255.255.0; save_passwd on; } remote anonymous { ph1id 1; exchange_mode main; my_identifier address xxx.xxx.xxx.xxx; ike_frag on; generate_policy = unique; initial_contact = on; nat_traversal = on; support_proxy on; proposal_check strict; passive on; proposal { authentication_method pre_shared_key; encryption_algorithm aes 128; hash_algorithm sha1; dh_group 2; lifetime time 106400 secs; } } sainfo subnet 192.168.0.0/24 any anonymous { remoteid 1; encryption_algorithm aes 128; authentication_algorithm hmac_sha1; lifetime time 106400 secs; compression_algorithm deflate; }xxx.xxx.xxx.xxx = MY WAN IP
$ cat /var/etc/psk.txt mytablet Password123 yyy.no-ip.org Password123 yyy.yyy.yyy.yyy Password123yyy = not my real no-ip.org adress
yyy.yyy.yyy.yyy = Tablet Android 3.1 WAN IPJul 14 22:43:54 racoon: [Unknown Gateway/Dynamic]: DEBUG: 128 bytes from xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500] Jul 14 22:43:54 racoon: [Unknown Gateway/Dynamic]: DEBUG: sockname xxx.xxx.xxx.xxx[500] Jul 14 22:43:54 racoon: [Unknown Gateway/Dynamic]: DEBUG: send packet from xxx.xxx.xxx.xxx[500] Jul 14 22:43:54 racoon: [Unknown Gateway/Dynamic]: DEBUG: send packet to yyy.yyy.yyy.yyy[500] Jul 14 22:43:54 racoon: [Unknown Gateway/Dynamic]: DEBUG: 1 times of 128 bytes message will be sent to yyy.yyy.yyy.yyy[500]xxx.xxx.xxx.xxx = PFSense WAN IP
yyy.yyy.yyy.yyy = Tablet Android 3.1 WAN IPJul 14 22:44:17 racoon: DEBUG: getsainfo params: loc='xxx.xxx.xxx.xxx' rmt='yyy.yyy.yyy.yyy' peer='yyy.yyy.yyy.yyy' client='yyy.yyy.yyy.yyy' id=1 Jul 14 22:44:17 racoon: DEBUG: evaluating sainfo: loc='192.168.0.0/24', rmt='ANONYMOUS', peer='ANY', id=1 Jul 14 22:44:17 racoon: DEBUG: check and compare ids : value mismatch (IPv4_subnet) Jul 14 22:44:17 racoon: DEBUG: cmpid target: 'xxx.xxx.xxx.xxx' Jul 14 22:44:17 racoon: DEBUG: cmpid source: '192.168.0.0/24' Jul 14 22:44:17 racoon: ERROR: failed to get sainfo. Jul 14 22:44:17 racoon: ERROR: failed to get sainfo. Jul 14 22:44:17 racoon: [yyy.yyy.yyy.yyy] ERROR: failed to pre-process ph2 packet [Check Phase 2 settings, networks] (side: 1, status: 1). Jul 14 22:44:17 racoon: DEBUG: IV freedxxx.xxx.xxx.xxx = PFSense WAN IP
yyy.yyy.yyy.yyy = Tablet Android 3.1 WAN IPanyone here got a clue what i have done wrong? as i said before this is my first VPN EVER.
-
is this because my tablet uses a 3g connection? and if so is there a way to work around it?
-
i think i just found something….
$ cat /var/etc/spd.conf
spdadd 192.168.0.1/32 192.168.0.0/24 any -P out none;
spdadd 192.168.0.0/24 192.168.0.1/32 any -P in none;$ setkey -DP
192.168.0.0/24[any] 192.168.0.1[any] 255
in none
spid=2 seq=1 pid=40194
refcnt=1
192.168.0.1[any] 192.168.0.0/24[any] 255
out none
spid=1 seq=0 pid=40194
refcnt=1is this really correct?????
-
Works for me on wifi or 3g on my Droid X:
http://doc.pfsense.org/index.php/Android_VPN_Connectivity#pfSense_2.0_vs_Gingerbread_PSK_v1_.28AES.2C_xauth.2C_aggressive.29 -
yeah… i followed that guide like it was a bible... i cant get my galaxy pad 10.1 or my HTC Desire (with 2.3.3 android) to work with that....
-