Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mobile IPsec and Android Lollipop

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    4 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jaguar11735
      last edited by

      I've followed the guide for setting up mobile IPsec, and it used to work at some point in the past (pfsense 2.1, android 4.4 kitkat). Since then, I've upgraded to the latest 2.2 RC (built 12/30) and my phone is also now running android Lollipop (5.0.1). I'm unable to get Phase 1 to set up.

      On the IPsec Status page, there will briefly be a new entry with a status of "connecting", the algorithm says "AES_CBC:128
      HMAC_SHA1_96:0
      PRF_HMAC_SHA1
      MODP_1024" and the role says "IKEv1 responder"

      Here's what I can see in the log (I've monkeyed with the logging levels so I'm not sure if I'm seeing what I should):

      Dec 31 12:07:24 	charon: 10[MGR] check-in of IKE_SA successful.
      Dec 31 12:07:24 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
      Dec 31 12:07:24 	charon: 10[MGR] checkin IKE_SA con2[104]
      Dec 31 12:07:24 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
      Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
      Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
      Dec 31 12:07:24 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
      Dec 31 12:07:24 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
      Dec 31 12:07:24 	charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
      Dec 31 12:07:24 	charon: 10[IKE] <con2|104> received retransmit of request with ID 0, retransmitting response
      Dec 31 12:07:24 	charon: 10[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
      Dec 31 12:07:24 	charon: 10[NET] <con2|104> received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
      Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
      Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
      Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA by message
      Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA by message
      Dec 31 12:07:24 	charon: 04[NET] waiting for data on sockets
      Dec 31 12:07:24 	charon: 04[NET] waiting for data on sockets
      Dec 31 12:07:24 	charon: 04[ENC] parsed a AGGRESSIVE message header
      Dec 31 12:07:24 	charon: 04[ENC] parsed a AGGRESSIVE message header
      Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload finished
      Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload finished
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 14 U_INT_32
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 14 U_INT_32
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 13 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 13 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 12 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 12 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 11 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 11 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 10 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 10 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 9 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 9 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 8 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 8 FLAG
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 5 U_INT_8
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 5 U_INT_8
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 4 U_INT_4
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 4 U_INT_4
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 3 U_INT_4
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 3 U_INT_4
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 2 U_INT_8
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 2 U_INT_8
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 1 IKE_SPI
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 1 IKE_SPI
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 0 IKE_SPI
      Dec 31 12:07:24 	charon: 04[ENC] parsing rule 0 IKE_SPI
      Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
      Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
      Dec 31 12:07:24 	charon: 04[ENC] parsing header of message
      Dec 31 12:07:24 	charon: 04[ENC] parsing header of message
      Dec 31 12:07:24 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
      Dec 31 12:07:24 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
      Dec 31 12:07:24 	charon: 10[MGR] check-in of IKE_SA successful.
      Dec 31 12:07:24 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
      Dec 31 12:07:24 	charon: 10[MGR] checkin IKE_SA con2[104]
      Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
      Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
      Dec 31 12:07:24 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
      Dec 31 12:07:24 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
      Dec 31 12:07:24 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
      Dec 31 12:07:24 	charon: 10[IKE] sending retransmit 2 of response message ID 0, seq 1
      Dec 31 12:07:24 	charon: 10[IKE] <con2|104> sending retransmit 2 of response message ID 0, seq 1
      Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
      Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
      Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA
      Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA
      Dec 31 12:07:21 	charon: 10[MGR] check-in of IKE_SA successful.
      Dec 31 12:07:21 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
      Dec 31 12:07:21 	charon: 10[MGR] checkin IKE_SA con2[104]
      Dec 31 12:07:21 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
      Dec 31 12:07:21 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
      Dec 31 12:07:21 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
      Dec 31 12:07:21 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
      Dec 31 12:07:21 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
      Dec 31 12:07:21 	charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
      Dec 31 12:07:21 	charon: 10[IKE] <con2|104> received retransmit of request with ID 0, retransmitting response
      Dec 31 12:07:21 	charon: 10[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
      Dec 31 12:07:21 	charon: 10[NET] <con2|104> received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
      Dec 31 12:07:21 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
      Dec 31 12:07:21 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
      Dec 31 12:07:21 	charon: 10[MGR] checkout IKE_SA by message
      Dec 31 12:07:21 	charon: 04[NET] waiting for data on sockets
      Dec 31 12:07:21 	charon: 04[NET] waiting for data on sockets
      Dec 31 12:07:21 	charon: 10[MGR] checkout IKE_SA by message
      Dec 31 12:07:21 	charon: 04[ENC] parsed a AGGRESSIVE message header
      Dec 31 12:07:21 	charon: 04[ENC] parsed a AGGRESSIVE message header
      Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload finished
      Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload finished
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 14 U_INT_32
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 14 U_INT_32
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 13 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 13 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 12 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 12 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 11 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 11 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 10 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 10 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 9 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 9 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 8 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 8 FLAG
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 5 U_INT_8
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 5 U_INT_8
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 4 U_INT_4
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 4 U_INT_4
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 3 U_INT_4
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 3 U_INT_4
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 2 U_INT_8
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 2 U_INT_8
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 1 IKE_SPI
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 1 IKE_SPI
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 0 IKE_SPI
      Dec 31 12:07:21 	charon: 04[ENC] parsing rule 0 IKE_SPI
      Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
      Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
      Dec 31 12:07:21 	charon: 04[ENC] parsing header of message
      Dec 31 12:07:21 	charon: 04[ENC] parsing header of message
      Dec 31 12:07:21 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
      Dec 31 12:07:21 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
      Dec 31 12:07:18 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
      Dec 31 12:07:18 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
      Dec 31 12:07:18 	charon: 10[MGR] check-in of IKE_SA successful.
      Dec 31 12:07:18 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
      Dec 31 12:07:18 	charon: 10[MGR] checkin IKE_SA con2[104]
      Dec 31 12:07:18 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
      Dec 31 12:07:18 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
      Dec 31 12:07:18 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
      Dec 31 12:07:18 	charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
      Dec 31 12:07:18 	charon: 10[IKE] <con2|104> received retransmit of request with ID 0, retransmitting response
      Dec 31 12:07:18 	charon: 10[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
      Dec 31 12:07:18 	charon: 10[NET] <con2|104> received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
      Dec 31 12:07:18 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
      Dec 31 12:07:18 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
      Dec 31 12:07:18 	charon: 10[MGR] checkout IKE_SA by message
      Dec 31 12:07:18 	charon: 10[MGR] checkout IKE_SA by message
      Dec 31 12:07:18 	charon: 04[NET] waiting for data on sockets
      Dec 31 12:07:18 	charon: 04[NET] waiting for data on sockets
      Dec 31 12:07:18 	charon: 04[ENC] parsed a AGGRESSIVE message header
      Dec 31 12:07:18 	charon: 04[ENC] parsed a AGGRESSIVE message header
      Dec 31 12:07:18 	charon: 04[ENC] parsing HEADER payload finished
      Dec 31 12:07:18 	charon: 04[ENC] parsing HEADER payload finished
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 14 U_INT_32
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 14 U_INT_32
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 13 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 13 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 12 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 12 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 11 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 11 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 10 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 10 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 9 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 9 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 8 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 8 FLAG
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
      Dec 31 12:07:18 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 5 U_INT_8
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 5 U_INT_8
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 4 U_INT_4
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 4 U_INT_4
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 3 U_INT_4
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 3 U_INT_4
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 2 U_INT_8
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 2 U_INT_8
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 1 IKE_SPI
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 1 IKE_SPI
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 0 IKE_SPI
      Dec 31 12:07:17 	charon: 04[ENC] parsing rule 0 IKE_SPI
      Dec 31 12:07:17 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
      Dec 31 12:07:17 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
      Dec 31 12:07:17 	charon: 04[ENC] parsing header of message
      Dec 31 12:07:17 	charon: 04[ENC] parsing header of message
      Dec 31 12:07:17 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
      Dec 31 12:07:17 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
      Dec 31 12:07:16 	charon: 10[MGR] check-in of IKE_SA successful.
      Dec 31 12:07:16 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
      Dec 31 12:07:16 	charon: 10[MGR] checkin IKE_SA con2[104]
      Dec 31 12:07:16 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
      Dec 31 12:07:16 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
      Dec 31 12:07:16 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]</con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104>
      
      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I have a tablet running Lollipop (5.0.1) and I can connect using IPsec to a 2.1.x VM and it works OK, so it probably isn't Android. I'd check over the mobile IPsec P1/P2/Mobile tab settings on 2.2 and see if they are all still correct.

        We don't yet have an officially "blessed" config for mobile IPsec on 2.2 (Traditional, or IKEv2 or L2TP+IPsec) but that should all be coming very soon.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • J
          jaguar11735
          last edited by

          So far, I've tried various different encryptions/hashes on both phase 1 and 2, negotiation mode, my identifier, peer identifier, DH group, NAT traversal, lifetime, ikev1/2, and a few other settings and none seem to get me a working connection.

          I'm sure I'm probably just missing the right combo. More trial and error, I suppose.

          It'd help if I could get some log info out of Android. I am rooted - does anyone know where I can dig into some logs?

          1 Reply Last reply Reply Quote 0
          • J
            jaguar11735
            last edited by

            It appears that Android may have a bug in it relating to NAT traversal. In android, I get the following errors when attempting to connect:

            12-31 13:16:07.482 I/Vpn     (799): Switched from [Legacy VPN] to [Legacy VPN]
            12-31 13:16:07.485 D/Vpn     (799): setting state=IDLE, reason=prepare
            12-31 13:16:07.486 I/Vpn     (799): Switched from [Legacy VPN] to [Legacy VPN]
            12-31 13:16:07.487 D/Vpn     (799): setting state=IDLE, reason=prepare
            12-31 13:16:07.487 D/Vpn     (799): setting state=CONNECTING, reason=startLegacyVpn
            12-31 13:16:07.497 V/LegacyVpnRunner(799): Waiting
            12-31 13:16:07.502 V/LegacyVpnRunner(799): Executing
            12-31 13:16:07.504 D/Vpn     (799): setting state=CONNECTING, reason=execute
            12-31 13:16:07.520 D/racoon  (10824): Waiting for control socket
            12-31 13:16:07.721 D/racoon  (10824): Received 9 arguments
            12-31 13:16:07.735 I/racoon  (10824): ipsec-tools 0.7.3 (http://ipsec-tools.sf.net)
            12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[500] used as isakmp port (fd=6)
            12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[500] used for NAT-T
            12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[4500] used as isakmp port (fd=7)
            12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[4500] used for NAT-T
            12-31 13:16:07.747 I/racoon  (10824): initiate new phase 1 negotiation: 10.0.203.120[500]<=>69.135.168.176[500]
            12-31 13:16:07.747 I/racoon  (10824): begin Aggressive mode.
            12-31 13:16:08.594 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:10.631 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:12.689 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:13.781 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:16.870 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:19.859 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:19.934 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:23.022 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:25.144 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:28.246 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:31.339 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:32.872 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:34.958 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
            12-31 13:16:37.962 E/racoon  (10824): phase1 negotiation failed due to time up. 118a955695bcb745:0000000000000000
            12-31 13:16:37.962 I/racoon  (10824): Bye
            12-31 13:16:38.024 I/LegacyVpnRunner(799): Aborting
            12-31 13:16:38.024 I/LegacyVpnRunner(799): java.lang.IllegalStateException: racoon is dead
            12-31 13:16:38.024 I/LegacyVpnRunner(799): 	at com.android.server.connectivity.Vpn$LegacyVpnRunner.execute(Vpn.java:1213)
            12-31 13:16:38.024 I/LegacyVpnRunner(799): 	at com.android.server.connectivity.Vpn$LegacyVpnRunner.run(Vpn.java:1092)
            12-31 13:16:38.024 D/Vpn     (799): setting state=FAILED, reason=racoon is dead
            
            

            Googling the error, there is this bug report for strongswan: https://wiki.strongswan.org/issues/255

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.