On Mon, 8 May 2017, Nick Howitt wrote:
I got the following to connect:
left=82.19.158.192 leftsourceip=172.17.2.1 leftsubnet=172.17.2.0/24 leftid=@nick right=%any rightid=@samsung
rightaddresspool=172.17.4.16-172.17.4.31
esp=aes256-sha2_512,aes_gcm256-null,aes_gcm128-null,aes256-sha2_512,aes128-sha2_512
I needed some or all of the lines after the esp line. With this I had a connection but no traffic passed. In Android I then went into the advanced options and set the remote network to 172.17.2.0/24 and I could access the server on 172.17.2.1 but I could not ping anything on the LAN. OpenVPN can as can IPsec traffic from a remote router LAN-LAN VPN. Is this an Android bug or is there another issue? I saw another thread recently when someone also had problems routing traffic.
The android bug is with esp= and sha2_256, which you wisely did not add to your esp= line. I think you want: leftupdown="ipsec _updown.netkey --route yes" which enables proxyarp ? Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
