Re: [Swan] Android VPN not passing any traffic, OSX does work

Viktor Keremedchiev Tue, 14 Mar 2017 09:11:29 -0700

I’m sorry if I’ve made this confusing.

But simple answer is none of the stuff I’ve tried works for me when it comes to 
Android.
Windows and OSX - do work fine.



> On Mar 14, 2017, at 12:00 PM, Paul Wouters <[email protected]> wrote:
> 
> On Tue, 14 Mar 2017, Viktor Keremedchiev wrote:
> 
> And using AES_GCM does give traffic ?
> 
> Sorry, I'm really trying to make sure there are no new issues, and I'm
> still a little confused what works or does not work for you.
> 
> 
> Paul
> 
>> Date: Tue, 14 Mar 2017 11:51:22
>> From: Viktor Keremedchiev <[email protected]>
>> To: [email protected]
>> Subject: Re: [Swan] Android VPN not passing any traffic, OSX does work
>> Just tried
>> 
>> 000 "roaming":   ESP algorithms wanted: AES_GCM_C(20)_000-NONE(0), 
>> AES(12)_256-SHA2_256(5)
>> 000 "roaming":   ESP algorithms loaded: AES_GCM_C(20)_000-NONE(0), 
>> AES(12)_256-SHA2_256(5)
>> 
>> 
>> 
>> 
>> Mar 14 15:48:22: "roaming"[2] 199.7.157.124 #1: transition from state 
>> STATE_MODE_CFG_R0 to state STATE_MODE_CFG_R1
>> Mar 14 15:48:22: "roaming"[2] 199.7.157.124 #1: STATE_MODE_CFG_R1: ModeCfg 
>> Set sent, expecting Ack
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #1: the peer proposed: 
>> 0.0.0.0/0:0/0 -> 172.31.255.1/32:0/0
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2: responding to Quick Mode 
>> proposal {msgid:f15da5ee}
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2:     us: 
>> 0.0.0.0/0===172.31.255.216<172.31.255.216>[MS+XS+S=C]
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2:   them: 
>> 199.7.157.124[10.156.163.19,+MC+XC+S=C]===172.31.255.1/32
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2: transition from state 
>> STATE_QUICK_R0 to state STATE_QUICK_R1
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2: STATE_QUICK_R1: sent QR1, 
>> inbound IPsec SA installed, expecting QI2 tunnel mode {ESP/NAT=>0x034dd8f5 
>> <0xXXXXXXXX xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=199.7.157.124:53562 
>> DPD=passive username=XXXX
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2: transition from state 
>> STATE_QUICK_R1 to state STATE_QUICK_R2
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2: STATE_QUICK_R2: IPsec SA 
>> established tunnel mode {ESP/NAT=>0x034dd8f5 <0xXXXXXXXX 
>> xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=199.7.157.124:53562 DPD=passive 
>> username=XXXX
>> 
>> 
>> Connects, but no traffic
>> 
>> IP 199.7.157.124.53562 > 172.31.255.216.ipsec-nat-t: UDP-encap: 
>> ESP(spi=0xXXXXXXXX,seq=0x185), length 116
>> IP 199.7.157.124.53562 > 172.31.255.216.ipsec-nat-t: UDP-encap: 
>> ESP(spi=0xXXXXXXXX,seq=0x186), length 116
>> IP 199.7.157.124.53562 > 172.31.255.216.ipsec-nat-t: UDP-encap: 
>> ESP(spi=0xXXXXXXXX,seq=0x187), length 116
>> IP 199.7.157.124.53562 > 172.31.255.216.ipsec-nat-t: UDP-encap: 
>> ESP(spi=0xXXXXXXXX,seq=0x188), length 116
>> IP 199.7.157.124.53562 > 172.31.255.216.ipsec-nat-t: UDP-encap: 
>> ESP(spi=0xXXXXXXXX,seq=0x18a), length 100
>> 
>>> On Mar 14, 2017, at 11:15 AM, Paul Wouters <[email protected]> wrote:
>>> 
>>> On Tue, 14 Mar 2017, Viktor Keremedchiev wrote:
>>> 
>>>> I used this: phase2alg=aes_gcm-null
>>> 
>>> So Android does support AES-GCM now for phase2/esp ?
>>> 
>>> And traffic flow works properly with this?
>>> 
>>> Paul
>> 
>> _______________________________________________
>> Swan mailing list
>> [email protected]
>> https://lists.libreswan.org/mailman/listinfo/swan
>> 

_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Re: [Swan] Android VPN not passing any traffic, OSX does work

Reply via email to