subject:"Android mobile \- OpenBSD IPSEC"

Android mobile - OpenBSD IPSEC

2013-06-14 Thread Jan Lambertz

Hi christopher,
After i figured out the npppd config setup (seems there were some recent
syntax changes) it worked like charm.
I post my config files here as soon as i am at home

Jan

Re: Android mobile - OpenBSD IPSEC

2013-01-24 Thread Jan Lambertz

Ohh i see. I totally missed the l2tp stuff. I thought android could do
plain ipsec or ipsec with l2tp.
I think things will flow now.
Thank you

Re: Android mobile - OpenBSD IPSEC

2013-01-24 Thread Stuart Henderson

On 2013-01-24, Jan Lambertz  wrote:
> Hi,
>
> Running OpenBSD 5.2 AMD64 release as homeserver.
> Got Andoid 2.3 Samsung Mobile.
> Want to connect via vpn IPSEC.
> Config:
> ike passive esp tunnel from any to any \
> main auth hmac-sha1 enc des \
> quick auth hmac-sha1 enc des \
> srcid  dstid (testted different things here without effect) \
> psk "test123"
>
>
> Also changed any to any to more concise settings, without effect.
> local ip and peer any didnt help, too.
>
>
> Jan 24 08:41:37 puffy isakmpd[10830]: attribute_unacceptable:
> ENCRYPTION_ALGORITHM: got 3DES_CBC, expected DES_CBC
> Jan 24 08:41:37 puffy isakmpd[10830]: attribute_unacceptable:
> ENCRYPTION_ALGORITHM: got 3DES_CBC, expected DES_CBC
> Jan 24 08:41:38 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
> 178.26.160.62
> Jan 24 08:41:38 puffy isakmpd[10830]: dropped message from 89.204.138.90
> port 51210 due to notification type INVALID_ID_INFORMATION
> Jan 24 08:41:50 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
> 178.26.160.62
> Jan 24 08:41:50 puffy isakmpd[10830]: dropped message from 89.204.138.90
> port 51210 due to notification type INVALID_ID_INFORMATION
> Jan 24 08:41:58 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
> 178.26.160.62
> Jan 24 08:41:58 puffy isakmpd[10830]: dropped message from 89.204.138.90
> port 51210 due to notification type INVALID_ID_INFORMATION
>
>
> 89.204.138.90 seems to be the mobile
> 10.166.112.90 ?? whats this ?
>
> btw. im using the standard vpn client built in android. before i can
> connect i have to enter a username / pw (not psk). is ipsec about username
> / pw stuff ? could find it anywhere in the manuals.
>
>
> thanks
>
>

The standard Android vpn client uses l2tp/ipsec. Here are some files
from a working setup with Android 4.1.2; I'm pretty sure similar worked
with Android 3.x, no idea about 2.x.

>> /etc/ipsec.conf

ike passive esp transport \
 proto udp from $SERVER_IP to any port 1701 \
 main auth "hmac-sha" enc "aes" group modp1024 \
 quick auth "hmac-sha" enc "aes" \
 psk "somepsk"

.

>> /etc/npppd/npppd.conf

authentication LOCAL type local {
users-file "/etc/npppd/npppd-users"
}
tunnel L2TP_ipv4 protocol l2tp {
listen on $SERVER_IP
}

ipcp IPCP {
pool-address 172.28.15.128-172.28.15.255
dns-servers 172.28.15.2
}

interface pppx0 address 172.28.15.1 ipcp IPCP
bind tunnel from L2TP_ipv4 authenticated by LOCAL to pppx0

.

>> /etc/npppd/npppd-users

someuser:\
:password=blahblah:\
:framed-ip-address=172.28.15.50:

.

>> /etc/sysctl.conf

net.pipex.enable=1
net.inet.ip.forwarding=1

Re: Android mobile - OpenBSD IPSEC

2013-01-23 Thread Johan Beisser

Are you using just ipsec, or L2TP?

On Wed, Jan 23, 2013 at 11:48 PM, Jan Lambertz  wrote:
> Hi,
>
> Running OpenBSD 5.2 AMD64 release as homeserver.
> Got Andoid 2.3 Samsung Mobile.
> Want to connect via vpn IPSEC.
> Config:
> ike passive esp tunnel from any to any \
> main auth hmac-sha1 enc des \
> quick auth hmac-sha1 enc des \
> srcid  dstid (testted different things here without effect) \
> psk "test123"
>
>
> Also changed any to any to more concise settings, without effect.
> local ip and peer any didnt help, too.
>
>
> Jan 24 08:41:37 puffy isakmpd[10830]: attribute_unacceptable:
> ENCRYPTION_ALGORITHM: got 3DES_CBC, expected DES_CBC
> Jan 24 08:41:37 puffy isakmpd[10830]: attribute_unacceptable:
> ENCRYPTION_ALGORITHM: got 3DES_CBC, expected DES_CBC
> Jan 24 08:41:38 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
> 178.26.160.62
> Jan 24 08:41:38 puffy isakmpd[10830]: dropped message from 89.204.138.90
> port 51210 due to notification type INVALID_ID_INFORMATION
> Jan 24 08:41:50 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
> 178.26.160.62
> Jan 24 08:41:50 puffy isakmpd[10830]: dropped message from 89.204.138.90
> port 51210 due to notification type INVALID_ID_INFORMATION
> Jan 24 08:41:58 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
> proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
> 178.26.160.62
> Jan 24 08:41:58 puffy isakmpd[10830]: dropped message from 89.204.138.90
> port 51210 due to notification type INVALID_ID_INFORMATION
>
>
> 89.204.138.90 seems to be the mobile
> 10.166.112.90 ?? whats this ?
>
> btw. im using the standard vpn client built in android. before i can
> connect i have to enter a username / pw (not psk). is ipsec about username
> / pw stuff ? could find it anywhere in the manuals.
>
>
> thanks

Android mobile - OpenBSD IPSEC

2013-01-23 Thread Jan Lambertz

Hi,

Running OpenBSD 5.2 AMD64 release as homeserver.
Got Andoid 2.3 Samsung Mobile.
Want to connect via vpn IPSEC.
Config:
ike passive esp tunnel from any to any \
main auth hmac-sha1 enc des \
quick auth hmac-sha1 enc des \
srcid  dstid (testted different things here without effect) \
psk "test123"


Also changed any to any to more concise settings, without effect.
local ip and peer any didnt help, too.


Jan 24 08:41:37 puffy isakmpd[10830]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected DES_CBC
Jan 24 08:41:37 puffy isakmpd[10830]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected DES_CBC
Jan 24 08:41:38 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
178.26.160.62
Jan 24 08:41:38 puffy isakmpd[10830]: dropped message from 89.204.138.90
port 51210 due to notification type INVALID_ID_INFORMATION
Jan 24 08:41:50 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
178.26.160.62
Jan 24 08:41:50 puffy isakmpd[10830]: dropped message from 89.204.138.90
port 51210 due to notification type INVALID_ID_INFORMATION
Jan 24 08:41:58 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
178.26.160.62
Jan 24 08:41:58 puffy isakmpd[10830]: dropped message from 89.204.138.90
port 51210 due to notification type INVALID_ID_INFORMATION


89.204.138.90 seems to be the mobile
10.166.112.90 ?? whats this ?

btw. im using the standard vpn client built in android. before i can
connect i have to enter a username / pw (not psk). is ipsec about username
/ pw stuff ? could find it anywhere in the manuals.


thanks

Android mobile - OpenBSD IPSEC

Re: Android mobile - OpenBSD IPSEC

Re: Android mobile - OpenBSD IPSEC

Re: Android mobile - OpenBSD IPSEC

Android mobile - OpenBSD IPSEC

5 matches

Site Navigation

Mail list logo

Footer information