I followed this recipe to install StrongSwan on my linux server: How to Set Up an IKEv2 VPN Server with StrongSwan on Ubuntu 16.04 <https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-16-04>
This is working fine with a Windows client, so I know it is configured properly. After this success I attempted to install the above client on my android Nougat phone. Unfortunately this is not working with the default options on the client. Here is the log entries from the linux server attempting to open the VPN connection: Dec 26 18:07:11 DG41TY charon: 09[NET] received packet: from 108.31.28.59[1024] to 192.168.80.11[500] (716 bytes) Dec 26 18:07:11 DG41TY charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Dec 26 18:07:11 DG41TY charon: 09[CFG] looking for an ike config for 192.168.80.11...108.31.28.59 Dec 26 18:07:11 DG41TY charon: 09[CFG] candidate: %any...%any, prio 28 Dec 26 18:07:11 DG41TY charon: 09[CFG] found matching ike config: %any...%any with prio 28 Dec 26 18:07:11 DG41TY charon: 09[IKE] 108.31.28.59 is initiating an IKE_SA Dec 26 18:07:11 DG41TY charon: 09[IKE] IKE_SA (unnamed)[15] state change: CREATED => CONNECTING Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal: Dec 26 18:07:11 DG41TY charon: 09[CFG] no acceptable DIFFIE_HELLMAN_GROUP found Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal: Dec 26 18:07:11 DG41TY charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal: Dec 26 18:07:11 DG41TY charon: 09[CFG] no acceptable DIFFIE_HELLMAN_GROUP found Dec 26 18:07:11 DG41TY charon: 09[CFG] selecting proposal: Dec 26 18:07:11 DG41TY charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found Dec 26 18:07:11 DG41TY charon: 09[CFG] received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/(31)/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/(31)/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 Dec 26 18:07:11 DG41TY charon: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Dec 26 18:07:11 DG41TY charon: 09[IKE] local host is behind NAT, sending keep alives Dec 26 18:07:11 DG41TY charon: 09[IKE] remote host is behind NAT Dec 26 18:07:11 DG41TY charon: 09[IKE] received proposals inacceptable Dec 26 18:07:11 DG41TY charon: 09[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ] Dec 26 18:07:11 DG41TY charon: 09[NET] sending packet: from 192.168.80.11[500] to 108.31.28.59[1024] (36 bytes) Dec 26 18:07:11 DG41TY charon: 09[IKE] IKE_SA (unnamed)[15] state change: CONNECTING => DESTROYING What do I need to change in the android client configuration? I would prefer not to touch the linux server as it is working with windows clients, but will do so if absolutely necessary. Thank you for your assistance in this matter. Dave
smime.p7s
Description: S/MIME Cryptographic Signature