Hello Nitin, if you define
left=%any than by default leftid=%any which is not a valid initiator ID type. As a workaround just define an explicit ID: leftid=<my_id> Regards Andreas On 11/22/2011 09:50 AM, Nitin Verma wrote: > Yes Andreas, that worked straightaway. Thanks. > > However, I am further facing two problems. First, in my configuration, I > get a dynamic IP for my android client and whereas in my ipsec.conf at > android, I am giving a fix ip address in the "left" field. When I use > "left=%defaultroute", I get the following error: > > # ipsec starter > uname: not found > uname: not found > [: not found > Starting strongSwan 4.6.1 IPsec [starter]... > removing pidfile '/data/misc/vpn/charon.pid', process not running > %defaultroute not supported, fallback to %any > modprobe: not found > modprobe: not found > modprobe: not found > modprobe: not found > modprobe: not found > removing pidfile '/data/misc/vpn/starter.pid', process not running > # > # > # > # ipsec stroke up android > uname: not found > uname: not found > [: not found > initiating IKE_SA android[1] to 192.168.1.154 > generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > sending packet: from 192.168.1.5[500] to 192.168.1.154[500] > received packet: from 192.168.1.154[500] to 192.168.1.5[500] > parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) > N(MULT_AUTH) ] > sending cert request for "C=UK, CN=nits" > establishing CHILD_SA android > generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr CP(ADDR > DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] > sending packet: from 192.168.1.5[4500] to 192.168.1.154[4500] > received packet: from 192.168.1.154[500] to 192.168.1.5[500] > parsed IKE_AUTH response 1 [ N(INVAL_SYN) ] > received INVALID_SYNTAX notify error > > LOGCAT:: > ====== > I/charon ( 466): 00[CFG] loading ca certificates from > '/system/etc/ipsec.d/cacerts' > I/charon ( 466): 00[CFG] loaded ca certificate "C=UK, CN=nits" from > '/system/etc/ipsec.d/cacerts/strongswanCert.pem' > I/charon ( 466): 00[CFG] loading aa certificates from > '/system/etc/ipsec.d/aacerts' > I/charon ( 466): 00[LIB] opening directory > '/system/etc/ipsec.d/aacerts' failed: No such file or directory > I/charon ( 466): 00[CFG] reading directory failed > I/charon ( 466): 00[CFG] loading ocsp signer certificates from > '/system/etc/ipsec.d/ocspcerts' > I/charon ( 466): 00[LIB] opening directory > '/system/etc/ipsec.d/ocspcerts' failed: No such file or directory > I/charon ( 466): 00[CFG] reading directory failed > I/charon ( 466): 00[CFG] loading attribute certificates from > '/system/etc/ipsec.d/acerts' > I/charon ( 466): 00[LIB] opening directory > '/system/etc/ipsec.d/acerts' failed: No such file or directory > I/charon ( 466): 00[CFG] reading directory failed > I/charon ( 466): 00[CFG] loading crls from '/system/etc/ipsec.d/crls' > I/charon ( 466): 00[LIB] opening directory '/system/etc/ipsec.d/crls' > failed: No such file or directory > I/charon ( 466): 00[CFG] reading directory failed > I/charon ( 466): 00[CFG] loading secrets from '/system/etc/ipsec.secrets' > I/charon ( 466): 00[CFG] loaded EAP secret for deepika > I/charon ( 466): 00[DMN] loaded plugins: openssl fips-prf random > pubkey pkcs1 pem xcbc hmac kernel-netlink socket-default android stroke > eap-identity eap-mschapv2 eap-md5 > I/charon ( 466): 00[JOB] spawning 16 worker threads > I/charon ( 466): 10[CFG] received stroke: add connection 'android' > I/charon ( 466): 10[CFG] left nor right host is our side, assuming > left=local > I/charon ( 466): 10[CFG] added configuration 'android' > I/charon ( 466): 03[CFG] received stroke: initiate 'android' > I/charon ( 466): 13[IKE] initiating IKE_SA android[1] to 192.168.1.154 > I/charon ( 466): 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No > N(NATD_S_IP) N(NATD_D_IP) ] > I/charon ( 466): 13[NET] sending packet: from 192.168.1.5[500] to > 192.168.1.154[500] > I/charon ( 466): 14[NET] received packet: from 192.168.1.154[500] to > 192.168.1.5[500] > I/charon ( 466): 14[ENC] parsed IKE_SA_INIT response 0 [ SA KE No > N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] > I/charon ( 466): 14[IKE] sending cert request for "C=UK, CN=nits" > I/charon ( 466): 14[IKE] establishing CHILD_SA android > I/charon ( 466): 14[ENC] generating IKE_AUTH request 1 [ IDi > N(INIT_CONTACT) CERTREQ IDr CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) > N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] > I/charon ( 466): 14[NET] sending packet: from 192.168.1.5[4500] to > 192.168.1.154[4500] > I/charon ( 466): 15[NET] received packet: from 192.168.1.154[500] to > 192.168.1.5[500] > I/charon ( 466): 15[ENC] parsed IKE_AUTH response 1 [ N(INVAL_SYN) ] > I/charon ( 466): 15[IKE] received INVALID_SYNTAX notify error > > SYSLOG at server: > ============== > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[MGR] checkout IKE_SA by > message > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[MGR] created IKE_SA > (unnamed)[4] > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[NET] received packet: > from 192.168.1.5[500] to 192.168.1.154[500] > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[ENC] parsed IKE_SA_INIT > request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[CFG] looking for an ike > config for 192.168.1.154...192.168.1.5 > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[CFG] candidate: > 192.168.1.154...%any, prio 5 > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[CFG] found matching ike > config: 192.168.1.154...%any with prio 5 > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[IKE] 192.168.1.5 is > initiating an IKE_SA > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[IKE] 192.168.1.5 is > initiating an IKE_SA > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[IKE] IKE_SA > (unnamed)[4] state change: CREATED => CONNECTING > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[CFG] selecting proposal: > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[CFG] proposal matches > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[CFG] received > proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, > IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, > IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/AES_XCBC_96/HMAC_SHA1_96/HMAC_MD5_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_HMAC_SHA1/PRF_HMAC_MD5/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160 > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[CFG] configured > proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, > IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, > IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/AES_XCBC_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160 > > Nov 22 13:32:08 ubuntu1-OptiPlex-160L charon: 10[CFG] selected proposal: > IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 10[ENC] generating > IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 10[NET] sending packet: > from 192.168.1.154[500] to 192.168.1.5[500] > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 10[MGR] checkin IKE_SA > (unnamed)[4] > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 10[MGR] check-in of IKE_SA > successful. > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[MGR] checkout IKE_SA by > message > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[MGR] IKE_SA > (unnamed)[4] successfully checked out > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[NET] received packet: > from 192.168.1.5[4500] to 192.168.1.154[4500] > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[ENC] received ID with > reserved type 0 > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[ENC] ID_INITIATOR > verification failed > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[ENC] could not decrypt > payloads > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[IKE] message > verification failed > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[ENC] generating > IKE_AUTH response 1 [ N(INVAL_SYN) ] > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[NET] sending packet: > from 192.168.1.154[500] to 192.168.1.5[500] > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[IKE] IKE_AUTH request > with message ID 1 processing failed > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[MGR] checkin IKE_SA > (unnamed)[4] > > Nov 22 13:32:09 ubuntu1-OptiPlex-160L charon: 16[MGR] check-in of IKE_SA > successful. > > Nov 22 13:32:38 ubuntu1-OptiPlex-160L charon: 04[MGR] checkout IKE_SA > > Nov 22 13:32:38 ubuntu1-OptiPlex-160L charon: 04[MGR] IKE_SA > (unnamed)[4] successfully checked out > > Nov 22 13:32:38 ubuntu1-OptiPlex-160L charon: 04[JOB] deleting half open > IKE_SA after timeout > > Nov 22 13:32:38 ubuntu1-OptiPlex-160L charon: 04[MGR] checkin and > destroy IKE_SA (unnamed)[4] > > Nov 22 13:32:38 ubuntu1-OptiPlex-160L charon: 04[IKE] IKE_SA > (unnamed)[4] state change: CONNECTING => DESTROYING > > Nov 22 13:32:38 ubuntu1-OptiPlex-160L charon: 04[MGR] check-in and > destroy of IKE_SA successful > > Does that mean "defaultroute" does not work at Android? Everytime I get > a different IP from gateway, do I have to modify the ipsec.conf? > > My second problem is that since ipsec stop command does not work > directly, I have to restart the phone everytime I make changes in > ipsec.conf. Is there any way to avoid the restart in Android? > > My appologies for bothering you with so many questions. > > Regards, > Nitin > > > > > On Mon, Nov 21, 2011 at 5:51 PM, Andreas Steffen > <[email protected] <mailto:[email protected]>> > wrote: > > Hi Nitin, > > on the Androis side add > > leftsourceip=%config > > to the connection definition in ipsec.conf. > > Regards > > Andreas > > On 21.11.2011 12:38, Nitin Verma wrote: > > Hi Andreas, > > Thanks for the quick reply. It solve the problem. > > Now at the Android: > > > > # ipsec stroke status > > uname: not found > > uname: not found > > [: not found > > Security Associations (1 up, 0 connecting): > > android[2]: ESTABLISHED 6 minutes ago, > > 192.168.1.2[192.168.1.2]...192.168.1.154[192.168.1.154] > > android{1}: INSTALLED, TUNNEL, ESP SPIs: c5974d0b_i c8a59239_o > > android{1}: 192.168.1.2/32 <http://192.168.1.2/32> > <http://192.168.1.2/32> === > > 192.168.1.154/32 <http://192.168.1.154/32> <http://192.168.1.154/32> > > # > > > > # ipsec stroke up android > > uname: not found > > uname: not found > > [: not found > > initiating IKE_SA android[2] to 192.168.1.154 > > generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) > N(NATD_D_IP) ] > > sending packet: from 192.168.1.2[500] to 192.168.1.154[500] > > received packet: from 192.168.1.154[500] to 192.168.1.2[500] > > parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) > > N(MULT_AUTH) ] > > sending cert request for "C=UK, CN=nits" > > establishing CHILD_SA android > > generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr > CP(DNS) > > SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] > > sending packet: from 192.168.1.2[4500] to 192.168.1.154[4500] > > received packet: from 192.168.1.154[4500] to 192.168.1.2[4500] > > parsed IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ] > > received end entity cert "C=UK, CN=nits" > > using certificate "C=UK, CN=nits" > > using trusted ca certificate "C=UK, CN=nits" > > reached self-signed root ca with a path length of 0 > > authentication of '192.168.1.154' with RSA signature successful > > server requested EAP_IDENTITY (id 0x00), sending 'deepika' > > generating IKE_AUTH request 2 [ EAP/RES/ID ] > > sending packet: from 192.168.1.2[4500] to 192.168.1.154[4500] > > received packet: from 192.168.1.154[4500] to 192.168.1.2[4500] > > parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ] > > server requested EAP_MSCHAPV2 authentication (id 0x79) > > generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ] > > sending packet: from 192.168.1.2[4500] to 192.168.1.154[4500] > > received packet: from 192.168.1.154[4500] to 192.168.1.2[4500] > > parsed IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ] > > EAP-MS-CHAPv2 succeeded: 'Welcome2strongSwan' > > generating IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ] > > sending packet: from 192.168.1.2[4500] to 192.168.1.154[4500] > > received packet: from 192.168.1.154[4500] to 192.168.1.2[4500] > > parsed IKE_AUTH response 4 [ EAP/SUCC ] > > EAP method EAP_MSCHAPV2 succeeded, MSK established > > authentication of '192.168.1.2' (myself) with EAP > > generating IKE_AUTH request 5 [ AUTH ] > > sending packet: from 192.168.1.2[4500] to 192.168.1.154[4500] > > received packet: from 192.168.1.154[4500] to 192.168.1.2[4500] > > parsed IKE_AUTH response 5 [ AUTH SA TSi TSr N(AUTH_LFT) > N(MOBIKE_SUP) > > N(NO_ADD_ADDR) ] > > authentication of '192.168.1.154' with EAP successful > > IKE_SA android[2] established between > > 192.168.1.2[192.168.1.2]...192.168.1.154[192.168.1.154] > > scheduling reauthentication in 3362s > > maximum IKE_SA lifetime 3542s > > > > I noticed that it doesn't request for virtual ip as it asked when > I used > > the front-end related changes. Is that possible to request for the > > virtual ip also? > > > > Thanks again. > > Regards, > > Nitin > > > > > > On Mon, Nov 21, 2011 at 4:19 PM, Andreas Steffen > > <[email protected] > <mailto:[email protected]> > <mailto:[email protected] > <mailto:[email protected]>>> > > wrote: > > > > Hello Nitin, > > > > your ubuntu server does not initiate EAP-Identity. Therefore > > the EAP-MSCHAPv2 authentication requested is for IKEv2 user > > identity 192.168.1.2 and not for EAP identity deepika. > > > > You should change the ubuntu server entry to > > > > eap_identity=%any > > > > and make sure that you enabled, built and loaded the eap_identity > > plugin. > > > > Regards > > > > Andreas > > > > On 21.11.2011 10:56, Nitin Verma wrote: > > > Hi, > > > I have been able to successfully establish IPSec IKEv2 tunnel > between > > > Nexus S (running 2.3.5_r1) and a ubuntu server. However, the latest > > > 4.6.1 release supports starter and stroke executables at > Android and I > > > am trying to establish the same connection using ipsec.conf and > > > ipsec.secrets. > > > > > > My server side configuration is: > > > ====================== > > > > > > server IP: /192.168.1.154/ <http://192.168.1.154/> > <http://192.168.1.154/> > > > > > > ipsec.conf: > > > > > > config setup > > > crlcheckinterval=180 > > > strictcrlpolicy=no > > > plutostart=no > > > charondebug="knl 3, cfg 2, ike 2, chd 2, mgr 2, dmn 2" > > > > > > conn %default > > > ikelifetime=60m > > > keylife=20m > > > rekeymargin=3m > > > keyingtries=1 > > > keyexchange=ikev2 > > > # leftcert=moonCert.pem > > > > > > # Add connections here. > > > > > > conn android > > > left=192.168.1.154 > > > leftid=192.168.1.154 > > > leftcert=moonCert.pem > > > leftauth=pubkey > > > right=%any > > > rightsourceip=10.0.5.0/24 <http://10.0.5.0/24> > <http://10.0.5.0/24> > > <http://10.0.5.0/24> > > > rightauth=eap-mschapv2 > > > rightsendcert=never > > > eap_identity=deepika > > > auto=add > > > > > > ipsec.secrets: > > > > > > : RSA moonKey.pem > > > > > > deepika : EAP "deepika" > > > > > > Configuration at Nexus S (Android 2.3.5_r1): > > > ================================ > > > > > > I manually created "ipsec.d" directory in /system/etc/ and put > my ca > > > certificate in cacerts there, and then created ipsec.conf and > > > ipsec.secrets in /system/etc/ > > > > > > /system/etc/ipsec.conf > > > > > > config setup > > > plutostart=no > > > charondebug="knl 3, cfg 2, ike 2, chd 2, mgr 2, dmn 2" > > > > > > conn %default > > > ikelifetime=60m > > > keylife=20m > > > rekeymargin=3m > > > keyingtries=1 > > > keyexchange=ikev2 > > > > > > # Add connections here. > > > > > > # Sample VPN connections > > > > > > conn android > > > left=192.168.1.2 > > > leftauth=eap > > > eap_identity=deepika > > > right=192.168.1.154 > > > rightid=192.168.1.154 > > > rightauth=pubkey > > > auto=add > > > > > > /system/etc/ipsec.secrets > > > > > > deepika : EAP "deepika" > > > > > > > > > > > > But when I start the connection I am getting the following error: > > > > > > # ipsec stroke up android > > > uname: not found > > > uname: not found > > > [: not found > > > initiating IKE_SA android[2] to 192.168.1.154 > > > generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) > > N(NATD_D_IP) ] > > > sending packet: from 192.168.1.2[500] to 192.168.1.154[500] > > > received packet: from 192.168.1.154[500] to 192.168.1.2[500] > > > parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) > > > N(MULT_AUTH) ] > > > sending cert request for "C=UK, CN=nits" > > > establishing CHILD_SA android > > > generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr > > CP(DNS) > > > SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] > > > sending packet: from 192.168.1.2[4500] to 192.168.1.154[4500] > > > received packet: from 192.168.1.154[4500] to 192.168.1.2[4500] > > > parsed IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/MSCHAPV2 ] > > > received end entity cert "C=UK, CN=nits" > > > using certificate "C=UK, CN=nits" > > > using trusted ca certificate "C=UK, CN=nits" > > > reached self-signed root ca with a path length of 0 > > > authentication of '192.168.1.154' with RSA signature successful > > > server requested EAP_MSCHAPV2 authentication (id 0x75) > > > no EAP key found for hosts '192.168.1.154' - '192.168.1.2' > > > EAP_MSCHAPV2 method failed > > > > > > > > > Output of logcat: > > > > > > I/charon ( 469): 00[CFG] loading ca certificates from > > > '/system/etc/ipsec.d/cacerts' > > > I/charon ( 469): 00[CFG] loaded ca certificate "C=UK, CN=nits" > > from > > > '/system/etc/ipsec.d/cacerts/strongswanCert.pem' > > > I/charon ( 469): 00[CFG] loading aa certificates from > > > '/system/etc/ipsec.d/aacerts' > > > I/charon ( 469): 00[LIB] opening directory > > > '/system/etc/ipsec.d/aacerts' failed: No such file or directory > > > I/charon ( 469): 00[CFG] reading directory failed > > > I/charon ( 469): 00[CFG] loading ocsp signer certificates from > > > '/system/etc/ipsec.d/ocspcerts' > > > I/charon ( 469): 00[LIB] opening directory > > > '/system/etc/ipsec.d/ocspcerts' failed: No such file or directory > > > I/charon ( 469): 00[CFG] reading directory failed > > > I/charon ( 469): 00[CFG] loading attribute certificates from > > > '/system/etc/ipsec.d/acerts' > > > I/charon ( 469): 00[LIB] opening directory > > > '/system/etc/ipsec.d/acerts' failed: No such file or directory > > > I/charon ( 469): 00[CFG] reading directory failed > > > I/charon ( 469): 00[CFG] loading crls from > > '/system/etc/ipsec.d/crls' > > > I/charon ( 469): 00[LIB] opening directory > > '/system/etc/ipsec.d/crls' > > > failed: No such file or directory > > > I/charon ( 469): 00[CFG] reading directory failed > > > I/charon ( 469): 00[CFG] loading secrets from > > '/system/etc/ipsec.secrets' > > > I/charon ( 469): 00[CFG] loaded EAP secret for deepika > > > I/charon ( 469): 00[DMN] loaded plugins: openssl fips-prf random > > > pubkey pkcs1 pem xcbc hmac kernel-netlink socket-default android > > stroke > > > eap-identity eap-mschapv2 eap-md5 > > > I/charon ( 469): 00[JOB] spawning 16 worker threads > > > I/charon ( 469): 11[CFG] received stroke: add connection > 'android' > > > I/charon ( 469): 11[CFG] added configuration 'android' > > > > > > I/charon ( 469): 12[CFG] received stroke: initiate 'android' > > > I/charon ( 469): 14[IKE] initiating IKE_SA android[1] to > > 192.168.1.154 > > > I/charon ( 469): 14[ENC] generating IKE_SA_INIT request 0 [ > SA KE No > > > N(NATD_S_IP) N(NATD_D_IP) ] > > > I/charon ( 469): 14[NET] sending packet: from 192.168.1.2[500] to > > > 192.168.1.154[500] > > > D/GpsLocationProvider( 107): NTP server returned: > 1321866231250 (Mon > > > Nov 21 09:03:51 GMT+00:00 2011) reference: 318100 certainty: 337 > > system > > > time offset: -20070741 > > > I/charon ( 469): 15[IKE] retransmit 1 of request with message > ID 0 > > > I/charon ( 469): 15[NET] sending packet: from 192.168.1.2[500] to > > > 192.168.1.154[500] > > > I/charon ( 469): 03[IKE] retransmit 2 of request with message > ID 0 > > > I/charon ( 469): 03[NET] sending packet: from 192.168.1.2[500] to > > > 192.168.1.154[500] > > > I/charon ( 469): 16[IKE] retransmit 3 of request with message > ID 0 > > > I/charon ( 469): 16[NET] sending packet: from 192.168.1.2[500] to > > > 192.168.1.154[500] > > > I/charon ( 469): 02[NET] received packet: from > 192.168.1.154[500] to > > > 192.168.1.2[500] > > > I/charon ( 469): 02[ENC] parsed IKE_SA_INIT response 0 [ SA KE No > > > N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] > > > I/charon ( 469): 02[IKE] sending cert request for "C=UK, CN=nits" > > > I/charon ( 469): 02[IKE] establishing CHILD_SA android > > > I/charon ( 469): 02[ENC] generating IKE_AUTH request 1 [ IDi > > > N(INIT_CONTACT) CERTREQ IDr CP(DNS) SA TSi TSr N(MOBIKE_SUP) > > > N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] > > > I/charon ( 469): 02[NET] sending packet: from > 192.168.1.2[4500] to > > > 192.168.1.154[4500] > > > I/charon ( 469): 01[NET] received packet: from > > 192.168.1.154[4500] to > > > 192.168.1.2[4500] > > > I/charon ( 469): 01[ENC] parsed IKE_AUTH response 1 [ IDr > CERT AUTH > > > EAP/REQ/MSCHAPV2 ] > > > I/charon ( 469): 01[IKE] received end entity cert "C=UK, CN=nits" > > > I/charon ( 469): 01[CFG] using certificate "C=UK, CN=nits" > > > I/charon ( 469): 01[CFG] using trusted ca certificate "C=UK, > > CN=nits" > > > I/charon ( 469): 01[CFG] reached self-signed root ca with a > path > > > length of 0 > > > I/charon ( 469): 01[IKE] authentication of '192.168.1.154' > with RSA > > > signature successful > > > I/charon ( 469): 01[IKE] server requested EAP_MSCHAPV2 > > authentication > > > (id 0xFD) > > > I/charon ( 469): 01[IKE] no EAP key found for hosts > > '192.168.1.154' - > > > '192.168.1.2' > > > I/charon ( 469): 01[IKE] EAP_MSCHAPV2 method failed > > > I/dalvikvm( 164): Total arena pages for JIT: 11 > > > I/charon ( 469): 11[CFG] received stroke: initiate 'android' > > > I/charon ( 469): 14[IKE] initiating IKE_SA android[2] to > > 192.168.1.154 > > > I/charon ( 469): 14[ENC] generating IKE_SA_INIT request 0 [ > SA KE No > > > N(NATD_S_IP) N(NATD_D_IP) ] > > > I/charon ( 469): 14[NET] sending packet: from 192.168.1.2[500] to > > > 192.168.1.154[500] > > > I/charon ( 469): 15[NET] received packet: from > 192.168.1.154[500] to > > > 192.168.1.2[500] > > > I/charon ( 469): 15[ENC] parsed IKE_SA_INIT response 0 [ SA KE No > > > N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] > > > I/charon ( 469): 15[IKE] sending cert request for "C=UK, CN=nits" > > > I/charon ( 469): 15[IKE] establishing CHILD_SA android > > > I/charon ( 469): 15[ENC] generating IKE_AUTH request 1 [ IDi > > > N(INIT_CONTACT) CERTREQ IDr CP(DNS) SA TSi TSr N(MOBIKE_SUP) > > > N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] > > > I/charon ( 469): 15[NET] sending packet: from > 192.168.1.2[4500] to > > > 192.168.1.154[4500] > > > I/charon ( 469): 03[NET] received packet: from > > 192.168.1.154[4500] to > > > 192.168.1.2[4500] > > > I/charon ( 469): 03[ENC] parsed IKE_AUTH response 1 [ IDr > CERT AUTH > > > EAP/REQ/MSCHAPV2 ] > > > I/charon ( 469): 03[IKE] received end entity cert "C=UK, CN=nits" > > > I/charon ( 469): 03[CFG] using certificate "C=UK, CN=nits" > > > I/charon ( 469): 03[CFG] using trusted ca certificate "C=UK, > > CN=nits" > > > I/charon ( 469): 03[CFG] reached self-signed root ca with a > path > > > length of 0 > > > I/charon ( 469): 03[IKE] authentication of '192.168.1.154' > with RSA > > > signature successful > > > I/charon ( 469): 03[IKE] server requested EAP_MSCHAPV2 > > authentication > > > (id 0x75) > > > I/charon ( 469): 03[IKE] no EAP key found for hosts > > '192.168.1.154' - > > > '192.168.1.2' > > > I/charon ( 469): 03[IKE] EAP_MSCHAPV2 method failed > > > > > > Am I missing something or there are some issues with the release? > > > > > > Thanks in advance. > > > Regards, > > ====================================================================== > Andreas Steffen [email protected] > <mailto:[email protected]> > strongSwan - the Linux VPN Solution! www.strongswan.org > <http://www.strongswan.org> > Institute for Internet Technologies and Applications > University of Applied Sciences Rapperswil > CH-8640 Rapperswil (Switzerland) > ===========================================================[ITA-HSR]== > > -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
