Hello,
I am facing issue with strongswan on Android (version 8/10).
Strongswan is able to connect and establish first CHILD SA successfully. App
also shows it is connected.12[IKE] CHILD_SA android{1} established with SPIs
a84e5850_i cd5ddffe_o and TS 172.5.0.16/32 === 192.168.124.0/24
Route corresponding to this tunnelip route show table 0
172.5.0.16 dev tun1 table 1181 proto static scope link
192.168.124.0/24 dev tun1 table 1181 proto static scope link
default via 10.117.198.1 dev rmnet0 table 1003 proto static
ifconfig tuntun1 Link encap:UNSPEC
inet addr:172.5.0.16 P-t-P:172.5.0.16 Mask:255.255.255.255
UP POINTOPOINT RUNNING MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 TX bytes:0
If I do ping to 192.168.124.100, it works well. Wireshark capture shows ESP
request/response packets.
However, if I open TCP connection for remote address as 192.168.124.100 port
6000, TCP packets are not going over tunnel interface, rather they go over wifi
interface and I can see destination of SYN packet as 192.168.124.100 and source
as wifi interface address.netstatProto Recv-Q Send-Q Local Address
Foreign Address State PID/Program Name
tcp 0 0 0.0.0.0:1467 0.0.0.0:*
LISTEN -
tcp 0 0 100.83.59.59:40979 216.239.36.135:443
ESTABLISHED -
tcp 0 1 100.83.59.59:40642 192.168.124.100:6000
SYN_SENT -No SYN ACK since packets are going directly on wifi interface.
I also tried to bind TCP socket to my TUN interface IP but still same issue -
SYN packet going directly out on the wifi interface.netstat showstcp6 0
1 ::ffff:172.5.0.16:6002 ::ffff:192.168.124:6000 SYN_SENT -
Configuration selected on Android appIKEv2 EAP (Username/Password)Andriod
version 10 and tried on 8. Tried with emulator and Samsung Galaxy 10.
Please let me know what could be the possible issue.
Thanks,Pankaj
