You are right - this is the network issue. I tried from another cell
operator and connection succeeded.
Looks like andoid's racoon is not supporting fragmentation for ikev1. I
switched to StrongSwan VPN for android and enabled ikev2. I've got 2
packets with fragmentation enabled, but one still with len mismatch (4
bytes difference!)
15:44:25.658799 IP (tos 0x48, ttl 54, id 26598, offset 0, flags [+],
proto UDP (17), length 1356)
host-106-158-66-217.spbmts.ru.26266 > xxxxxx.sae-urn: NONESP-encap:
isakmp 2.0 msgid 00000001 cookie 68c75642df85405f->764fda277f896169:
child_sa ikev2_auth[I]: [|#53] (len mismatch: isakmp 1360/ip 1324)
15:44:25.679637 IP (tos 0x48, ttl 54, id 0, offset 0, flags [DF], proto
UDP (17), length 672)
host-106-158-66-217.spbmts.ru.26266 > xxxxxx.sae-urn: [udp sum ok]
NONESP-encap: isakmp 2.0 msgid 00000001 cookie
68c75642df85405f->764fda277f896169: child_sa ikev2_auth[I]:
(#53)
On 22/05/2015 16:36, Tobias Brunner wrote:
Hi,
Can you give me the tips - where is the root of the problem - server,
client or strongswan ?
Some routers/firewalls may drop IP fragments. To avoid fragments on the
IP layer you could try enabling IKE fragmentation with fragmentation=yes
in your config.
Regards,
Tobias
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
