[strongSwan] strongSwan VPN Client on my Samsung Galaxy S III

Thu, 20 Dec 2012 19:45:44 -0800 

I haven't quite completed getting this to work. My gateway is strongSwan 
4.4.1 on Debian Linux. I got the subjectAltName right in the gateway 
certificate, because I got past where that was failing. Now, on my 
gateway's auth.log I see:

Dec 20 21:16:24 east-gateway charon: 01[IKE] IKE_SA android[4] 
established between 192.168.1.12[C=US,,, 
[email protected]]...192.168.1.105[C=US,,, 
[email protected]]
Dec 20 21:16:24 east-gateway pluto[3388]: |
Dec 20 21:16:24 east-gateway pluto[3388]: | *received 76 bytes from 
192.168.1.105:51834 on eth5
..... [ bytes deleted ]
Dec 20 21:16:24 east-gateway pluto[3388]: |   ignoring IKEv2 packet
Dec 20 21:16:24 east-gateway pluto[3388]: | next event EVENT_RETRANSMIT 
in 17 seconds for #22
Dec 20 21:16:24 east-gateway charon: 13[IKE] deleting IKE_SA android[4] 
between 192.168.1.12[C=US,,, 
[email protected]]...192.168.1.105[C=US,,, 
[email protected]]
Dec 20 21:16:24 east-gateway charon: 13[IKE] IKE_SA deleted

I know this is a different timestamp, but this is the same scenario in 
the strongSwan VPN Client

Dec 20 21:32:57 12[IKE] IKE_SA android[6] established between 
192.168.1.105[C=US,,, 
[email protected]]...192.168.1.12[C=US,,,[email protected]]
Dec 20 21:32:57 12[IKE] scheduling rekeying in 35857s
Dec 20 21:32:57 12[IKE] maximum IKE_SA lifetime 36457s
Dec 20 21:32:57 12[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA 
built
Dec 20 21:32:57 12[IKE] closing IKE_SA due CHILD_SA setup failure
Dec 20 21:32:57 12[IKE] received AUTH_LIFETIME of 9789s, scheduling 
reauthentication in 9189s
Dec 20 21:32:57 12[IKE] peer supports MOBIKE
Dec 20 21:32:57 13[IKE] deleting IKE_SA android[6] between 192.168.1.105[C=US

If it helps, my ipsec.conf looks like this:

conn android
         left=192.168.1.12
         leftcert=east-gatewayCert.pem
         leftid="C=US,,, [email protected]"
         right=192.168.1.105
         rightcert=intelligenceCert.pem
         rightid="C=US,,, [email protected]"
         keyexchange=ikev2
         auto=start

If you can help me get a tunnel from my phone to my gateway, I would 
appreciate it.

Brett Heroux

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to