Hi Paul,
I've given up for the moment. I can connect with both
esp=aes256-sha2_512 on its own and esp=aes256-sha2_256 + trunck-bug
= yes. Randomly I can occasionally ping the remote server with or
without leftupdown specified, but I cannot get any traffic to pass
e.g. ssh to server.
In an earlier thread,
https://lists.libreswan.org/pipermail/swan/2017/002036.html, the
poster said only aes256-sha2_256 + trunck-bug = yes would allow
traffic to pass. I can't even get that far.
As this was only a challenge because I have a working VPN solution,
I can't afford to give any more time to it.
Regards,
Nick
On 09/05/2017 05:25, Paul Wouters
wrote:
On Mon, 8 May 2017, Nick Howitt wrote:
I got the following to connect:
left=82.19.158.192
leftsourceip=172.17.2.1
leftsubnet=172.17.2.0/24
leftid=@nick
right=%any
rightid=@samsung
rightaddresspool=172.17.4.16-172.17.4.31
esp=aes256-sha2_512,aes_gcm256-null,aes_gcm128-null,aes256-sha2_512,aes128-sha2_512
I needed some or all of the lines after
the esp line. With this I had a connection but no traffic
passed.
In Android I then went into the advanced options and set the
remote network to 172.17.2.0/24 and I could access the server on
172.17.2.1 but I could not ping anything on the LAN. OpenVPN can
as can IPsec traffic from a remote router LAN-LAN VPN. Is
this an Android bug or is there another issue? I saw another
thread recently when someone also had problems routing traffic.
The android bug is with esp= and sha2_256, which you wisely did
not add
to your esp= line.
I think you want:
leftupdown="ipsec _updown.netkey --route yes"
which enables proxyarp ?
Paul
|
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
