On 17-07-18 23:20:26, Tim Stewart wrote: > viq <vic...@gmail.com> writes: > > > On 17-06-25 21:44:24, Tim Stewart wrote: > >> Hi, > >> > >> In this message I've tried to encode everything I've done to allow > >> strongSwan on Android to connect with iked, including the latest patch. > >> I have also verified that it breaks neither initial negotiation nor > >> Child SA rekeying for OpenBSD, Windows, and strongSwan (on Android) > >> clients. > > > > This patch gets my android phone much closer to being able to negotiate > > a connection, but there are still issues. Paraphrasing analysis mikeb > > performed on IRC: > > android sends incorrect (for us) group, and with this patch we now send > > a failure message and android retries. But, we don't increment msgid > > "because we did sa_free and restarted, so we can assume that android > > thinks that negotiation continues, that's why it re-sends the > > IKE_SA_INIT" > > I'm glad it seems to help, though it's too bad that the patch doesn't > work completely for you. > > I haven't really considered msgids--I'll do some more reading to see > what I might be missing there. I do know that resending an IKE_SA_INIT > message with a different DH group is correct, however, and this does > work on my phone. For your reference, the first line of my strongSwan > log tells me that I'm using strongSwan 5.5.3 and Android 7.1.1. > > I see that you forwarded the iked logs in a reply to this email. Is > this the full log after a fresh iked startup with no existing SAs?
This is after a fresh startup, there exists an SA but for a separete site-to-site config I have in place. If completely fresh logs are needed I could comment that out. > Also, would it be possible to forward an anonymized config and the > strongSwan logs so that I can compare to mine? (I can also post my > logs, but I'll have to do it in the next day or two as I'm out of time > for today.) First, sorry for the delay with replying to this. Second, I'm not sure how to get to the logs, seeing as I'm using the built-in VPN client that came with Samsung S8.
