In mailing.openbsd.misc, you wrote: > Hi, everyone: > > [...] > > But the android devices I had won't work by all means. I found out that > Android 5.x > L2TP/IPSec VPN client works in: > hash algorithm: hmac-sha2-256 > encrypt method: aes_cbc > life time: 28800 > > The ipsec.conf with: > `` > ike passive esp tunnel \ > from "IP_ADDRESS" to any \ > main auth "hmac-sha2-256" enc "aes" group "modp1024" lifetime 2880\ > quick group "modp1024" \ > psk "SECRET_KEY" > '' didn't make a chage.(after `ipsecctl -f /etc/ipsec.conf`)
Hi, the following config worked for me when I was using it (with npppd) last year (dumped it since I couldn't find a way to use it with iOS and Android at the same time): /etc/ipsec.conf public_ip = "x.y.z.a" ike passive esp transport \ proto udp from $public_ip to any port l2tp \ aggressive auth "hmac-sha1" enc "aes" group modp1024 \ psk "XXX" IIRC Android required the use of "aggressive auth" where iOS only worked with the default "main auth"...