In mailing.openbsd.misc, you wrote:
> Hi, everyone:
>
> [...]
>
> But the android devices I had won't work by all means. I found out that
> Android 5.x
> L2TP/IPSec VPN client works in:
> hash algorithm: hmac-sha2-256
> encrypt method: aes_cbc
> life time: 28800
>
> The ipsec.conf with:
> ``
> ike passive esp tunnel \
> from "IP_ADDRESS" to any \
> main auth "hmac-sha2-256" enc "aes" group "modp1024" lifetime 2880\
> quick group "modp1024" \
> psk "SECRET_KEY"
> '' didn't make a chage.(after `ipsecctl -f /etc/ipsec.conf`)
Hi,
the following config worked for me when I was using it (with npppd)
last year (dumped it since I couldn't find a way to use it with iOS
and Android at the same time):
/etc/ipsec.conf
public_ip = "x.y.z.a"
ike passive esp transport \
proto udp from $public_ip to any port l2tp \
aggressive auth "hmac-sha1" enc "aes" group modp1024 \
psk "XXX"
IIRC Android required the use of "aggressive auth" where iOS only worked
with the default "main auth"...
