On Wed, Mar 30, 2016 at 8:18 AM, YASUOKA Masahiko <[email protected]> wrote: > On Tue, 29 Mar 2016 11:37:14 +0200 > Mattieu Baptiste <[email protected]> wrote: >> On Tue, Mar 29, 2016 at 5:43 AM, Sly Midnight <[email protected]> wrote: >>> I don't mean to bring up an old thread, but I was wondering if anyone >>> else was experiencing issues with OpenBSD 5.8 and Android 6.0.1 >>> (preferably the version on the Nexus line of devices) connecting to >>> ipsec/l2tp. >>> >>> I had this working late last year some time and hadn't used it in a few >>> months. When I went to use it again a few days ago it didn't work at >>> all. After rebooting my phone and even trying it on my tablet that >>> coincidentally runs the exact same version of stock Android 6.0.1, it >>> too didn't work there. >> >> I have the very same problem. >> To me, It's caused by some Android updates. I saw this since 6.0, but >> some security updates near 5.1.1 seems to trigger the same behavior. >> I've tried to tweak ipsec.conf like you without luck. Unfortunately, I >> did not have the time to dig further... > > My colleague and I also hit this issue.
[...] > We can force using MD5 or SHA for HMAC to workaround this issue. To > do this, put the text below to /etc/isakmpd/isakmpd.policy and remove > "-K" from isakmpd_flags. > > Authorizer: "POLICY" > Comment: This is test > Licensees: "passphrase:PASSPHRASE" > conditions: app_domain == "IPsec policy" && doi == "ipsec" && esp_present > == "yes" && (esp_auth_alg == "hmac-md5" || esp_auth_alg == "hmac-sha") -> > "true"; Thank you, it works flawlessly with that change. -- Mattieu Baptiste "/earth is 102% full ... please delete anyone you can."
