Mobile IPsec and Android Lollipop



  • I've followed the guide for setting up mobile IPsec, and it used to work at some point in the past (pfsense 2.1, android 4.4 kitkat). Since then, I've upgraded to the latest 2.2 RC (built 12/30) and my phone is also now running android Lollipop (5.0.1). I'm unable to get Phase 1 to set up.

    On the IPsec Status page, there will briefly be a new entry with a status of "connecting", the algorithm says "AES_CBC:128
    HMAC_SHA1_96:0
    PRF_HMAC_SHA1
    MODP_1024" and the role says "IKEv1 responder"

    Here's what I can see in the log (I've monkeyed with the logging levels so I'm not sure if I'm seeing what I should):

    Dec 31 12:07:24 	charon: 10[MGR] check-in of IKE_SA successful.
    Dec 31 12:07:24 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
    Dec 31 12:07:24 	charon: 10[MGR] checkin IKE_SA con2[104]
    Dec 31 12:07:24 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
    Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
    Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
    Dec 31 12:07:24 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
    Dec 31 12:07:24 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
    Dec 31 12:07:24 	charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
    Dec 31 12:07:24 	charon: 10[IKE] <con2|104> received retransmit of request with ID 0, retransmitting response
    Dec 31 12:07:24 	charon: 10[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
    Dec 31 12:07:24 	charon: 10[NET] <con2|104> received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
    Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
    Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
    Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA by message
    Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA by message
    Dec 31 12:07:24 	charon: 04[NET] waiting for data on sockets
    Dec 31 12:07:24 	charon: 04[NET] waiting for data on sockets
    Dec 31 12:07:24 	charon: 04[ENC] parsed a AGGRESSIVE message header
    Dec 31 12:07:24 	charon: 04[ENC] parsed a AGGRESSIVE message header
    Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload finished
    Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload finished
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 14 U_INT_32
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 14 U_INT_32
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 13 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 13 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 12 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 12 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 11 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 11 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 10 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 10 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 9 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 9 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 8 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 8 FLAG
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 5 U_INT_8
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 5 U_INT_8
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 4 U_INT_4
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 4 U_INT_4
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 3 U_INT_4
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 3 U_INT_4
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 2 U_INT_8
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 2 U_INT_8
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 1 IKE_SPI
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 1 IKE_SPI
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 0 IKE_SPI
    Dec 31 12:07:24 	charon: 04[ENC] parsing rule 0 IKE_SPI
    Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
    Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
    Dec 31 12:07:24 	charon: 04[ENC] parsing header of message
    Dec 31 12:07:24 	charon: 04[ENC] parsing header of message
    Dec 31 12:07:24 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
    Dec 31 12:07:24 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
    Dec 31 12:07:24 	charon: 10[MGR] check-in of IKE_SA successful.
    Dec 31 12:07:24 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
    Dec 31 12:07:24 	charon: 10[MGR] checkin IKE_SA con2[104]
    Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
    Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
    Dec 31 12:07:24 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
    Dec 31 12:07:24 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
    Dec 31 12:07:24 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
    Dec 31 12:07:24 	charon: 10[IKE] sending retransmit 2 of response message ID 0, seq 1
    Dec 31 12:07:24 	charon: 10[IKE] <con2|104> sending retransmit 2 of response message ID 0, seq 1
    Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
    Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
    Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA
    Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA
    Dec 31 12:07:21 	charon: 10[MGR] check-in of IKE_SA successful.
    Dec 31 12:07:21 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
    Dec 31 12:07:21 	charon: 10[MGR] checkin IKE_SA con2[104]
    Dec 31 12:07:21 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
    Dec 31 12:07:21 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
    Dec 31 12:07:21 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
    Dec 31 12:07:21 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
    Dec 31 12:07:21 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
    Dec 31 12:07:21 	charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
    Dec 31 12:07:21 	charon: 10[IKE] <con2|104> received retransmit of request with ID 0, retransmitting response
    Dec 31 12:07:21 	charon: 10[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
    Dec 31 12:07:21 	charon: 10[NET] <con2|104> received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
    Dec 31 12:07:21 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
    Dec 31 12:07:21 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
    Dec 31 12:07:21 	charon: 10[MGR] checkout IKE_SA by message
    Dec 31 12:07:21 	charon: 04[NET] waiting for data on sockets
    Dec 31 12:07:21 	charon: 04[NET] waiting for data on sockets
    Dec 31 12:07:21 	charon: 10[MGR] checkout IKE_SA by message
    Dec 31 12:07:21 	charon: 04[ENC] parsed a AGGRESSIVE message header
    Dec 31 12:07:21 	charon: 04[ENC] parsed a AGGRESSIVE message header
    Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload finished
    Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload finished
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 14 U_INT_32
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 14 U_INT_32
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 13 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 13 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 12 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 12 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 11 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 11 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 10 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 10 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 9 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 9 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 8 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 8 FLAG
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 5 U_INT_8
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 5 U_INT_8
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 4 U_INT_4
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 4 U_INT_4
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 3 U_INT_4
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 3 U_INT_4
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 2 U_INT_8
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 2 U_INT_8
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 1 IKE_SPI
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 1 IKE_SPI
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 0 IKE_SPI
    Dec 31 12:07:21 	charon: 04[ENC] parsing rule 0 IKE_SPI
    Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
    Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
    Dec 31 12:07:21 	charon: 04[ENC] parsing header of message
    Dec 31 12:07:21 	charon: 04[ENC] parsing header of message
    Dec 31 12:07:21 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
    Dec 31 12:07:21 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
    Dec 31 12:07:18 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
    Dec 31 12:07:18 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
    Dec 31 12:07:18 	charon: 10[MGR] check-in of IKE_SA successful.
    Dec 31 12:07:18 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
    Dec 31 12:07:18 	charon: 10[MGR] checkin IKE_SA con2[104]
    Dec 31 12:07:18 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
    Dec 31 12:07:18 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
    Dec 31 12:07:18 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
    Dec 31 12:07:18 	charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
    Dec 31 12:07:18 	charon: 10[IKE] <con2|104> received retransmit of request with ID 0, retransmitting response
    Dec 31 12:07:18 	charon: 10[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
    Dec 31 12:07:18 	charon: 10[NET] <con2|104> received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
    Dec 31 12:07:18 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
    Dec 31 12:07:18 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
    Dec 31 12:07:18 	charon: 10[MGR] checkout IKE_SA by message
    Dec 31 12:07:18 	charon: 10[MGR] checkout IKE_SA by message
    Dec 31 12:07:18 	charon: 04[NET] waiting for data on sockets
    Dec 31 12:07:18 	charon: 04[NET] waiting for data on sockets
    Dec 31 12:07:18 	charon: 04[ENC] parsed a AGGRESSIVE message header
    Dec 31 12:07:18 	charon: 04[ENC] parsed a AGGRESSIVE message header
    Dec 31 12:07:18 	charon: 04[ENC] parsing HEADER payload finished
    Dec 31 12:07:18 	charon: 04[ENC] parsing HEADER payload finished
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 14 U_INT_32
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 14 U_INT_32
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 13 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 13 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 12 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 12 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 11 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 11 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 10 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 10 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 9 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 9 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 8 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 8 FLAG
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
    Dec 31 12:07:18 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 5 U_INT_8
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 5 U_INT_8
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 4 U_INT_4
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 4 U_INT_4
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 3 U_INT_4
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 3 U_INT_4
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 2 U_INT_8
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 2 U_INT_8
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 1 IKE_SPI
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 1 IKE_SPI
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 0 IKE_SPI
    Dec 31 12:07:17 	charon: 04[ENC] parsing rule 0 IKE_SPI
    Dec 31 12:07:17 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
    Dec 31 12:07:17 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
    Dec 31 12:07:17 	charon: 04[ENC] parsing header of message
    Dec 31 12:07:17 	charon: 04[ENC] parsing header of message
    Dec 31 12:07:17 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
    Dec 31 12:07:17 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
    Dec 31 12:07:16 	charon: 10[MGR] check-in of IKE_SA successful.
    Dec 31 12:07:16 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
    Dec 31 12:07:16 	charon: 10[MGR] checkin IKE_SA con2[104]
    Dec 31 12:07:16 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
    Dec 31 12:07:16 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
    Dec 31 12:07:16 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]</con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104>
    

  • Rebel Alliance Developer Netgate

    I have a tablet running Lollipop (5.0.1) and I can connect using IPsec to a 2.1.x VM and it works OK, so it probably isn't Android. I'd check over the mobile IPsec P1/P2/Mobile tab settings on 2.2 and see if they are all still correct.

    We don't yet have an officially "blessed" config for mobile IPsec on 2.2 (Traditional, or IKEv2 or L2TP+IPsec) but that should all be coming very soon.



  • So far, I've tried various different encryptions/hashes on both phase 1 and 2, negotiation mode, my identifier, peer identifier, DH group, NAT traversal, lifetime, ikev1/2, and a few other settings and none seem to get me a working connection.

    I'm sure I'm probably just missing the right combo. More trial and error, I suppose.

    It'd help if I could get some log info out of Android. I am rooted - does anyone know where I can dig into some logs?



  • It appears that Android may have a bug in it relating to NAT traversal. In android, I get the following errors when attempting to connect:

    12-31 13:16:07.482 I/Vpn     (799): Switched from [Legacy VPN] to [Legacy VPN]
    12-31 13:16:07.485 D/Vpn     (799): setting state=IDLE, reason=prepare
    12-31 13:16:07.486 I/Vpn     (799): Switched from [Legacy VPN] to [Legacy VPN]
    12-31 13:16:07.487 D/Vpn     (799): setting state=IDLE, reason=prepare
    12-31 13:16:07.487 D/Vpn     (799): setting state=CONNECTING, reason=startLegacyVpn
    12-31 13:16:07.497 V/LegacyVpnRunner(799): Waiting
    12-31 13:16:07.502 V/LegacyVpnRunner(799): Executing
    12-31 13:16:07.504 D/Vpn     (799): setting state=CONNECTING, reason=execute
    12-31 13:16:07.520 D/racoon  (10824): Waiting for control socket
    12-31 13:16:07.721 D/racoon  (10824): Received 9 arguments
    12-31 13:16:07.735 I/racoon  (10824): ipsec-tools 0.7.3 (http://ipsec-tools.sf.net)
    12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[500] used as isakmp port (fd=6)
    12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[500] used for NAT-T
    12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[4500] used as isakmp port (fd=7)
    12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[4500] used for NAT-T
    12-31 13:16:07.747 I/racoon  (10824): initiate new phase 1 negotiation: 10.0.203.120[500]<=>69.135.168.176[500]
    12-31 13:16:07.747 I/racoon  (10824): begin Aggressive mode.
    12-31 13:16:08.594 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:10.631 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:12.689 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:13.781 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:16.870 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:19.859 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:19.934 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:23.022 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:25.144 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:28.246 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:31.339 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:32.872 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:34.958 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
    12-31 13:16:37.962 E/racoon  (10824): phase1 negotiation failed due to time up. 118a955695bcb745:0000000000000000
    12-31 13:16:37.962 I/racoon  (10824): Bye
    12-31 13:16:38.024 I/LegacyVpnRunner(799): Aborting
    12-31 13:16:38.024 I/LegacyVpnRunner(799): java.lang.IllegalStateException: racoon is dead
    12-31 13:16:38.024 I/LegacyVpnRunner(799): 	at com.android.server.connectivity.Vpn$LegacyVpnRunner.execute(Vpn.java:1213)
    12-31 13:16:38.024 I/LegacyVpnRunner(799): 	at com.android.server.connectivity.Vpn$LegacyVpnRunner.run(Vpn.java:1092)
    12-31 13:16:38.024 D/Vpn     (799): setting state=FAILED, reason=racoon is dead
    
    

    Googling the error, there is this bug report for strongswan: https://wiki.strongswan.org/issues/255


Log in to reply