On Thu, 9 Oct 2014, Bob Miller wrote:
When I connect to wifi on my local network, the android connects to the
vpn just fine and traffic passes as expected. When I connect the
android to lte or wcdma, the connection gets stuck at STATE_MAIN_R2:
sent MR2, expecting MI3.
Can you try setting ike-frag=force (or ike_frag=force ?)
It looks like you are hitting UDP fragmentation of IKE packets where the
fragments are getting lost. The ike-frag option triggers fragmentation
on the IKE level before the UDP fragmentation kicks in.
Alternatively, you could try to generate a certificate for this device
with a smaller RSA key (eg 1024) and see if that would (temporarilly)
work around it.
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
