Android 4.0.X, Ice Cream Sandwich to pfSense
-
Hi @ll,
I' tried the following: IPsec Xauth PSK (IP Server Setup & Client Setup: http://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0)
Still no luck:-(
The last entry in the IPSec log is: login succeeded for user "vpn", ok the User is ok but what does this mean:
racoon: INFO: NAT-D payload #1 doesn't matchHere is the full log (IP's changed, so don't be confused about the not matching IP's)
May 17 13:07:58 racoon: [1.2.1.71] INFO: DPD: remote (ISAKMP-SA spi=1e00add3ca021995:137bacd5a3eaf441) seems to be dead. May 17 13:07:58 racoon: INFO: purging ISAKMP-SA spi=1e00add3ca021995:137bacd5a3eaf441:00008ff2. May 17 13:07:58 racoon: INFO: purged ISAKMP-SA spi=1e00add3ca021995:137bacd5a3eaf441:00008ff2. May 17 13:07:58 racoon: [Self]: INFO: ISAKMP-SA deleted 8.2.2.7[4500]-1.2.1.1[30114] spi:1e00add3ca021995:137bacd5a3eaf441 May 17 13:07:58 racoon: INFO: Released port 0 May 17 13:08:03 racoon: [Self]: INFO: respond new phase 1 negotiation: 8.2.2.7[500]<=>1.2.1.71[30148] May 17 13:08:03 racoon: INFO: begin Aggressive mode. May 17 13:08:03 racoon: INFO: received broken Microsoft ID: FRAGMENTATION May 17 13:08:03 racoon: INFO: received Vendor ID: RFC 3947 May 17 13:08:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 May 17 13:08:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 May 17 13:08:03 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 May 17 13:08:03 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt May 17 13:08:03 racoon: INFO: received Vendor ID: CISCO-UNITY May 17 13:08:03 racoon: INFO: received Vendor ID: DPD May 17 13:08:03 racoon: [1.2.1.1] INFO: Selected NAT-T version: RFC 3947 May 17 13:08:03 racoon: INFO: Adding remote and local NAT-D payloads. May 17 13:08:03 racoon: [1.2.1.1] INFO: Hashing 1.2.1.1[30148] with algo #2 May 17 13:08:03 racoon: [Self]: [8.2.2.7] INFO: Hashing 8.2.2.5[500] with algo #2 May 17 13:08:03 racoon: INFO: Adding xauth VID payload. May 17 13:08:03 racoon: [Self]: INFO: NAT-T: ports changed to: 1.2.1.7[30114]<->8.2.2.5[4500] May 17 13:08:03 racoon: [Self]: [84.227.229.75] INFO: Hashing 8.2.2.5[4500] with algo #2 May 17 13:08:03 racoon: INFO: NAT-D payload #0 verified May 17 13:08:03 racoon: [194.230.159.71] INFO: Hashing 1.2.1.1[30114] with algo #2 May 17 13:08:03 racoon: INFO: NAT-D payload #1 doesn't match May 17 13:08:03 racoon: INFO: NAT detected: PEER May 17 13:08:03 racoon: INFO: Sending Xauth request May 17 13:08:03 racoon: [Self]: INFO: ISAKMP-SA established 8.2.2.5[4500]-1.2.1.1[30114] spi:84561ca2af4f4dd6:35882d27fc8536ef May 17 13:08:03 racoon: [194.230.159.71] INFO: received INITIAL-CONTACT May 17 13:08:03 racoon: INFO: Using port 0 May 17 13:08:03 racoon: INFO: login succeeded for user "vpn"
Anbody got it working? Any ideas how to solve this or is there a workaround?
Regards from Switzerland
-
Great News :)
Found a VPN Client which works with IPsec Xauth PSK -> VpnCilla (from Playstore)
-
OpenVPN client for ICS also works :-)
No root required:
https://play.google.com/store/apps/details?id=de.blinkt.openvpnI have ICS on my Transformer Prime, and so far I haven't managed to get a working IPsec connection from there. Though I do get one on my Droid X and Droid RAZR. Hopefully the RAZR gets ICS soonish so I'll have an additional data point for 4.0…
-
Made a liar out of myself just now… Attempted an IPsec PSK+Xauth connection again and it worked.
Perhaps one of the several firmware updates since the last time I tried it made it work.