Unable to connect Android client 2.2.1



  • I've seen a few messages of others having some trouble with this, but I don't see that anyone's gotten it figured out. Configuration worked under 2.1, and I have added local network 0.0.0.0/0 in mobile phase 2 even though my problem is in phase 1. It's indicating some sort of issue requiring restransmissions but I've no idea why. pfSense is on a stable Internet connection and the Android device fails from Verizon's LTE network which, as far as I know, doesn't do anything unusual with IP traffic.

    What am I doing wrong?

    Mar 26 16:15:25 	charon: 01[JOB] deleting half open IKE_SA after timeout
    Mar 26 16:15:22 	charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:15:22 	charon: 01[IKE] received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:22 	charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:22 	charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes)
    Mar 26 16:15:19 	charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:15:19 	charon: 01[IKE] sending retransmit 3 of response message ID 0, seq 1
    Mar 26 16:15:19 	charon: 01[IKE] <con1|1> sending retransmit 3 of response message ID 0, seq 1
    Mar 26 16:15:19 	charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:15:19 	charon: 01[IKE] received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:19 	charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:19 	charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes)
    Mar 26 16:15:16 	charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:15:16 	charon: 01[IKE] received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:16 	charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:16 	charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes)
    Mar 26 16:15:13 	charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:15:13 	charon: 01[IKE] received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:13 	charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:13 	charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes)
    Mar 26 16:15:10 	charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:15:10 	charon: 01[IKE] received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:10 	charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:10 	charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes)
    Mar 26 16:15:07 	charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:15:07 	charon: 01[IKE] received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:07 	charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:07 	charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes)
    Mar 26 16:15:06 	charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:15:06 	charon: 01[IKE] sending retransmit 2 of response message ID 0, seq 1
    Mar 26 16:15:06 	charon: 01[IKE] <con1|1> sending retransmit 2 of response message ID 0, seq 1
    Mar 26 16:15:04 	charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:15:04 	charon: 01[IKE] received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:04 	charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:04 	charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes)
    Mar 26 16:15:01 	charon: 01[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:15:01 	charon: 01[IKE] received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:01 	charon: 01[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response
    Mar 26 16:15:01 	charon: 01[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes)
    Mar 26 16:14:59 	charon: 16[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:14:59 	charon: 16[IKE] sending retransmit 1 of response message ID 0, seq 1
    Mar 26 16:14:59 	charon: 16[IKE] <con1|1> sending retransmit 1 of response message ID 0, seq 1
    Mar 26 16:14:58 	charon: 16[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:14:58 	charon: 16[IKE] received retransmit of request with ID 0, retransmitting response
    Mar 26 16:14:58 	charon: 16[IKE] <con1|1> received retransmit of request with ID 0, retransmitting response
    Mar 26 16:14:58 	charon: 16[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes)
    Mar 26 16:14:55 	charon: 16[NET] sending packet: from <pfsense wan="" ip="">[500] to <android client="" ip="">[9875] (432 bytes)
    Mar 26 16:14:55 	charon: 16[ENC] generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V V ]
    Mar 26 16:14:55 	charon: 16[CFG] selected peer config "con1"
    Mar 26 16:14:55 	charon: 16[CFG] looking for XAuthInitPSK peer configs matching <pfsense wan="" ip="">...<android client="" ip="">[home.doug.dimick.net]
    Mar 26 16:14:55 	charon: 16[IKE] <android client="" ip=""> is initiating a Aggressive Mode IKE_SA
    Mar 26 16:14:55 	charon: 16[IKE] <1> <android client="" ip=""> is initiating a Aggressive Mode IKE_SA
    Mar 26 16:14:55 	charon: 16[IKE] received DPD vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] <1> received DPD vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] received Cisco Unity vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] <1> received Cisco Unity vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] received XAuth vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] <1> received XAuth vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] <1> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] received NAT-T (RFC 3947) vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] <1> received NAT-T (RFC 3947) vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] received FRAGMENTATION vendor ID
    Mar 26 16:14:55 	charon: 16[IKE] <1> received FRAGMENTATION vendor ID
    Mar 26 16:14:55 	charon: 16[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V ]
    Mar 26 16:14:55 	charon: 16[NET] received packet: from <android client="" ip="">[9875] to <pfsense wan="" ip="">[500] (656 bytes)</pfsense></android></android></android></android></pfsense></android></pfsense></pfsense></android></con1|1></android></pfsense></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense></con1|1></android></pfsense></pfsense></android></con1|1></android></pfsense>
    


  • Posted too soon. Not sure if my search-fu just wasn't up to it or what, but eventually I found strongSwan issue 255 at https://wiki.strongswan.org/issues/255. On the Android side, delete anything you might have in the IPSec identifier field. On the pfSense side, I switched Key Exchange version to Auto and changed Negotiation mode to Main.


Log in to reply