Hi, I have an android tablet in front of me and am connecting to a cert-based libreswan implementation. There exists a number of windows clients and there is no current will to move to xauth, but I don't think that would solve the problem anyway. I can see in the logs that several devices are connected, and there have been no reports of any problems since I changed this box over to libreswan.
When I connect to wifi on my local network, the android connects to the vpn just fine and traffic passes as expected. When I connect the android to lte or wcdma, the connection gets stuck at STATE_MAIN_R2: sent MR2, expecting MI3. I tried things like enabling forceencaps, changing 17/%any to 17/0, and a few other suggestions I found on google, but none of that has changed the situation. I read a few suggestions that the problem could be ipv6 related, but libreswan logs report a connection from an ipv4 address. In the logs I found that libreswan thinks the device is still behind nat, and digging deeper, I found that when connected to the lte/wcdma network, the android actually has a 10.x.x.x address, so I guess it is true, and I guess that means this is not an ipv6 problem. But this didn't enlighten me any, as the virtual_private line has the 10/8 network in it, so this should work equally well whether behind my nat device or behind the lte nat device. so I got to thinking then the cell network must be blocking something, so I dusted off the old windows machine and configured the android device as a hotspot. The windows machine connects just fine to the vpn using the android as a wifi hotspot, so I take that to mean the cell network is not blocking the traffic. Given that people are using the vpn I don't want to mess around too much with the ipsec config, and the android has a limited number of applicable options, all of which I have messed with endlessly, or at least so it seems. I am not sure what the next step is to figuring out why this doesn't work, wondering if anyone has any suggestions? -- Computerisms Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
