I did not... Ended up going with strongswan and the android app. (ie. I
abandoned the native IPSec client.)

- Chee Eng

On Fri, 10 Aug 2018, 11:49 AM Paul Wouters, <p...@nohats.ca> wrote:

> On Wed, 25 Jul 2018, Tan Chee Eng wrote:
>
> > I don't think that's the problem. I see the following lines in the log:
> >
> > "xauth-rsa"[1] {CLIENT IP} #2: STATE_QUICK_R1: sent QR1, inbound IPsec
> > SA installed, expecting QI2 tunnel mode {ESP/NAT=>0x0dcbfd24
> > <0x2ddf4c55 xfrm=AES_CBC_256-HMAC_SHA2_512_256 NATOA=none NATD={CLIENT
> > IP}:31360 DPD=passive username=tan-ce}
> > "xauth-rsa"[1] {CLIENT IP} #2: STATE_QUICK_R2: IPsec SA established
> > tunnel mode {ESP/NAT=>0x0dcbfd24 <0x2ddf4c55
> > xfrm=AES_CBC_256-HMAC_SHA2_512_256 NATOA=none NATD={CLIENT IP}:31360
> > DPD=passive username=tan-ce}
> >
> > Which seems to indicate that SHA2-512/256 was negotiated. I also have
> > the "truncbug" option enabled. That also doesn't explain why a manual
> > VPN connection _succeeds_. I only see this problem when I enable the
> > "Always-on VPN" option of my device.
>
> Did you ever find out what the issue was?
>
> Paul
>
_______________________________________________
Swan mailing list
Swan@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to