I did not... Ended up going with strongswan and the android app. (ie. I abandoned the native IPSec client.)
- Chee Eng On Fri, 10 Aug 2018, 11:49 AM Paul Wouters, <[email protected]> wrote: > On Wed, 25 Jul 2018, Tan Chee Eng wrote: > > > I don't think that's the problem. I see the following lines in the log: > > > > "xauth-rsa"[1] {CLIENT IP} #2: STATE_QUICK_R1: sent QR1, inbound IPsec > > SA installed, expecting QI2 tunnel mode {ESP/NAT=>0x0dcbfd24 > > <0x2ddf4c55 xfrm=AES_CBC_256-HMAC_SHA2_512_256 NATOA=none NATD={CLIENT > > IP}:31360 DPD=passive username=tan-ce} > > "xauth-rsa"[1] {CLIENT IP} #2: STATE_QUICK_R2: IPsec SA established > > tunnel mode {ESP/NAT=>0x0dcbfd24 <0x2ddf4c55 > > xfrm=AES_CBC_256-HMAC_SHA2_512_256 NATOA=none NATD={CLIENT IP}:31360 > > DPD=passive username=tan-ce} > > > > Which seems to indicate that SHA2-512/256 was negotiated. I also have > > the "truncbug" option enabled. That also doesn't explain why a manual > > VPN connection _succeeds_. I only see this problem when I enable the > > "Always-on VPN" option of my device. > > Did you ever find out what the issue was? > > Paul >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
