Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mobile IPsec and Android Lollipop

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    4 Posts 2 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jaguar11735
      last edited by

      I've followed the guide for setting up mobile IPsec, and it used to work at some point in the past (pfsense 2.1, android 4.4 kitkat). Since then, I've upgraded to the latest 2.2 RC (built 12/30) and my phone is also now running android Lollipop (5.0.1). I'm unable to get Phase 1 to set up.

      On the IPsec Status page, there will briefly be a new entry with a status of "connecting", the algorithm says "AES_CBC:128
      HMAC_SHA1_96:0
      PRF_HMAC_SHA1
      MODP_1024" and the role says "IKEv1 responder"

      Here's what I can see in the log (I've monkeyed with the logging levels so I'm not sure if I'm seeing what I should):

      Dec 31 12:07:24 	charon: 10[MGR] check-in of IKE_SA successful.
Dec 31 12:07:24 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
Dec 31 12:07:24 	charon: 10[MGR] checkin IKE_SA con2[104]
Dec 31 12:07:24 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
Dec 31 12:07:24 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
Dec 31 12:07:24 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
Dec 31 12:07:24 	charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
Dec 31 12:07:24 	charon: 10[IKE] <con2|104> received retransmit of request with ID 0, retransmitting response
Dec 31 12:07:24 	charon: 10[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
Dec 31 12:07:24 	charon: 10[NET] <con2|104> received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA by message
Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA by message
Dec 31 12:07:24 	charon: 04[NET] waiting for data on sockets
Dec 31 12:07:24 	charon: 04[NET] waiting for data on sockets
Dec 31 12:07:24 	charon: 04[ENC] parsed a AGGRESSIVE message header
Dec 31 12:07:24 	charon: 04[ENC] parsed a AGGRESSIVE message header
Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload finished
Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload finished
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 14 U_INT_32
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 14 U_INT_32
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 13 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 13 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 12 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 12 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 11 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 11 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 10 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 10 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 9 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 9 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 8 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 8 FLAG
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 5 U_INT_8
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 5 U_INT_8
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 4 U_INT_4
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 4 U_INT_4
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 3 U_INT_4
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 3 U_INT_4
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 2 U_INT_8
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 2 U_INT_8
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 1 IKE_SPI
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 1 IKE_SPI
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 0 IKE_SPI
Dec 31 12:07:24 	charon: 04[ENC] parsing rule 0 IKE_SPI
Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
Dec 31 12:07:24 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
Dec 31 12:07:24 	charon: 04[ENC] parsing header of message
Dec 31 12:07:24 	charon: 04[ENC] parsing header of message
Dec 31 12:07:24 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
Dec 31 12:07:24 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
Dec 31 12:07:24 	charon: 10[MGR] check-in of IKE_SA successful.
Dec 31 12:07:24 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
Dec 31 12:07:24 	charon: 10[MGR] checkin IKE_SA con2[104]
Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
Dec 31 12:07:24 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
Dec 31 12:07:24 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
Dec 31 12:07:24 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
Dec 31 12:07:24 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
Dec 31 12:07:24 	charon: 10[IKE] sending retransmit 2 of response message ID 0, seq 1
Dec 31 12:07:24 	charon: 10[IKE] <con2|104> sending retransmit 2 of response message ID 0, seq 1
Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
Dec 31 12:07:24 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA
Dec 31 12:07:24 	charon: 10[MGR] checkout IKE_SA
Dec 31 12:07:21 	charon: 10[MGR] check-in of IKE_SA successful.
Dec 31 12:07:21 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
Dec 31 12:07:21 	charon: 10[MGR] checkin IKE_SA con2[104]
Dec 31 12:07:21 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
Dec 31 12:07:21 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
Dec 31 12:07:21 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
Dec 31 12:07:21 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
Dec 31 12:07:21 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
Dec 31 12:07:21 	charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
Dec 31 12:07:21 	charon: 10[IKE] <con2|104> received retransmit of request with ID 0, retransmitting response
Dec 31 12:07:21 	charon: 10[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
Dec 31 12:07:21 	charon: 10[NET] <con2|104> received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
Dec 31 12:07:21 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
Dec 31 12:07:21 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
Dec 31 12:07:21 	charon: 10[MGR] checkout IKE_SA by message
Dec 31 12:07:21 	charon: 04[NET] waiting for data on sockets
Dec 31 12:07:21 	charon: 04[NET] waiting for data on sockets
Dec 31 12:07:21 	charon: 10[MGR] checkout IKE_SA by message
Dec 31 12:07:21 	charon: 04[ENC] parsed a AGGRESSIVE message header
Dec 31 12:07:21 	charon: 04[ENC] parsed a AGGRESSIVE message header
Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload finished
Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload finished
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 14 U_INT_32
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 14 U_INT_32
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 13 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 13 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 12 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 12 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 11 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 11 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 10 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 10 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 9 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 9 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 8 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 8 FLAG
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 5 U_INT_8
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 5 U_INT_8
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 4 U_INT_4
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 4 U_INT_4
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 3 U_INT_4
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 3 U_INT_4
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 2 U_INT_8
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 2 U_INT_8
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 1 IKE_SPI
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 1 IKE_SPI
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 0 IKE_SPI
Dec 31 12:07:21 	charon: 04[ENC] parsing rule 0 IKE_SPI
Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
Dec 31 12:07:21 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
Dec 31 12:07:21 	charon: 04[ENC] parsing header of message
Dec 31 12:07:21 	charon: 04[ENC] parsing header of message
Dec 31 12:07:21 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
Dec 31 12:07:21 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
Dec 31 12:07:18 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
Dec 31 12:07:18 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
Dec 31 12:07:18 	charon: 10[MGR] check-in of IKE_SA successful.
Dec 31 12:07:18 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
Dec 31 12:07:18 	charon: 10[MGR] checkin IKE_SA con2[104]
Dec 31 12:07:18 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
Dec 31 12:07:18 	charon: 10[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
Dec 31 12:07:18 	charon: 10[NET] <con2|104> sending packet: from 69.135.168.176[500] to 96.11.188.190[209] (432 bytes)
Dec 31 12:07:18 	charon: 10[IKE] received retransmit of request with ID 0, retransmitting response
Dec 31 12:07:18 	charon: 10[IKE] <con2|104> received retransmit of request with ID 0, retransmitting response
Dec 31 12:07:18 	charon: 10[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
Dec 31 12:07:18 	charon: 10[NET] <con2|104> received packet: from 96.11.188.190[209] to 69.135.168.176[500] (654 bytes)
Dec 31 12:07:18 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
Dec 31 12:07:18 	charon: 10[MGR] IKE_SA con2[104] successfully checked out
Dec 31 12:07:18 	charon: 10[MGR] checkout IKE_SA by message
Dec 31 12:07:18 	charon: 10[MGR] checkout IKE_SA by message
Dec 31 12:07:18 	charon: 04[NET] waiting for data on sockets
Dec 31 12:07:18 	charon: 04[NET] waiting for data on sockets
Dec 31 12:07:18 	charon: 04[ENC] parsed a AGGRESSIVE message header
Dec 31 12:07:18 	charon: 04[ENC] parsed a AGGRESSIVE message header
Dec 31 12:07:18 	charon: 04[ENC] parsing HEADER payload finished
Dec 31 12:07:18 	charon: 04[ENC] parsing HEADER payload finished
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 15 HEADER_LENGTH
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 14 U_INT_32
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 14 U_INT_32
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 13 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 13 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 12 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 12 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 11 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 11 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 10 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 10 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 9 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 9 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 8 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 8 FLAG
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 7 RESERVED_BIT
Dec 31 12:07:18 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 6 RESERVED_BIT
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 5 U_INT_8
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 5 U_INT_8
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 4 U_INT_4
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 4 U_INT_4
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 3 U_INT_4
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 3 U_INT_4
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 2 U_INT_8
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 2 U_INT_8
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 1 IKE_SPI
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 1 IKE_SPI
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 0 IKE_SPI
Dec 31 12:07:17 	charon: 04[ENC] parsing rule 0 IKE_SPI
Dec 31 12:07:17 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
Dec 31 12:07:17 	charon: 04[ENC] parsing HEADER payload, 654 bytes left
Dec 31 12:07:17 	charon: 04[ENC] parsing header of message
Dec 31 12:07:17 	charon: 04[ENC] parsing header of message
Dec 31 12:07:17 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
Dec 31 12:07:17 	charon: 04[NET] received packet: from 96.11.188.190[209] to 69.135.168.176[500]
Dec 31 12:07:16 	charon: 10[MGR] check-in of IKE_SA successful.
Dec 31 12:07:16 	charon: 10[MGR] <con2|104> check-in of IKE_SA successful.
Dec 31 12:07:16 	charon: 10[MGR] checkin IKE_SA con2[104]
Dec 31 12:07:16 	charon: 10[MGR] <con2|104> checkin IKE_SA con2[104]
Dec 31 12:07:16 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]
Dec 31 12:07:16 	charon: 05[NET] sending packet: from 69.135.168.176[500] to 96.11.188.190[209]</con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104></con2|104>
      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I have a tablet running Lollipop (5.0.1) and I can connect using IPsec to a 2.1.x VM and it works OK, so it probably isn't Android. I'd check over the mobile IPsec P1/P2/Mobile tab settings on 2.2 and see if they are all still correct.

        We don't yet have an officially "blessed" config for mobile IPsec on 2.2 (Traditional, or IKEv2 or L2TP+IPsec) but that should all be coming very soon.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • J
          jaguar11735
          last edited by

          So far, I've tried various different encryptions/hashes on both phase 1 and 2, negotiation mode, my identifier, peer identifier, DH group, NAT traversal, lifetime, ikev1/2, and a few other settings and none seem to get me a working connection.

          I'm sure I'm probably just missing the right combo. More trial and error, I suppose.

          It'd help if I could get some log info out of Android. I am rooted - does anyone know where I can dig into some logs?

          1 Reply Last reply Reply Quote 0
          • J
            jaguar11735
            last edited by

            It appears that Android may have a bug in it relating to NAT traversal. In android, I get the following errors when attempting to connect:

            12-31 13:16:07.482 I/Vpn     (799): Switched from [Legacy VPN] to [Legacy VPN]
12-31 13:16:07.485 D/Vpn     (799): setting state=IDLE, reason=prepare
12-31 13:16:07.486 I/Vpn     (799): Switched from [Legacy VPN] to [Legacy VPN]
12-31 13:16:07.487 D/Vpn     (799): setting state=IDLE, reason=prepare
12-31 13:16:07.487 D/Vpn     (799): setting state=CONNECTING, reason=startLegacyVpn
12-31 13:16:07.497 V/LegacyVpnRunner(799): Waiting
12-31 13:16:07.502 V/LegacyVpnRunner(799): Executing
12-31 13:16:07.504 D/Vpn     (799): setting state=CONNECTING, reason=execute
12-31 13:16:07.520 D/racoon  (10824): Waiting for control socket
12-31 13:16:07.721 D/racoon  (10824): Received 9 arguments
12-31 13:16:07.735 I/racoon  (10824): ipsec-tools 0.7.3 (http://ipsec-tools.sf.net)
12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[500] used as isakmp port (fd=6)
12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[500] used for NAT-T
12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[4500] used as isakmp port (fd=7)
12-31 13:16:07.747 I/racoon  (10824): 10.0.203.120[4500] used for NAT-T
12-31 13:16:07.747 I/racoon  (10824): initiate new phase 1 negotiation: 10.0.203.120[500]<=>69.135.168.176[500]
12-31 13:16:07.747 I/racoon  (10824): begin Aggressive mode.
12-31 13:16:08.594 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:10.631 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:12.689 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:13.781 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:16.870 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:19.859 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:19.934 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:23.022 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:25.144 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:28.246 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:31.339 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:32.872 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:34.958 E/racoon  (10824): ignore the packet, received unexpecting payload type 20.
12-31 13:16:37.962 E/racoon  (10824): phase1 negotiation failed due to time up. 118a955695bcb745:0000000000000000
12-31 13:16:37.962 I/racoon  (10824): Bye
12-31 13:16:38.024 I/LegacyVpnRunner(799): Aborting
12-31 13:16:38.024 I/LegacyVpnRunner(799): java.lang.IllegalStateException: racoon is dead
12-31 13:16:38.024 I/LegacyVpnRunner(799): 	at com.android.server.connectivity.Vpn$LegacyVpnRunner.execute(Vpn.java:1213)
12-31 13:16:38.024 I/LegacyVpnRunner(799): 	at com.android.server.connectivity.Vpn$LegacyVpnRunner.run(Vpn.java:1092)
12-31 13:16:38.024 D/Vpn     (799): setting state=FAILED, reason=racoon is dead

            Googling the error, there is this bug report for strongswan: https://wiki.strongswan.org/issues/255

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.