Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 1 subscriber
  • Views 14368 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Droid L2TP over IPSec Connections Fail

Jhaislet
Any update on connecting to ASG with an android phone using L2TP over IPSec?  I saw a couple of posts in the 8.200 beta forum and it appeared as if this issue might be fixed.  However, I'm now running v8.201 and just tried it again with my Motorola Droid 2 and no dice.  Yet, according to the log, the connection appears to be established, yet the phone keeps stating "connection failed, retry."

Any ideas???

2011:08:27-22:23:25 firewall pluto[17656]: packet from 123.456.789.101:5044: received Vendor ID payload [RFC 3947]
2011:08:27-22:23:25 firewall pluto[17656]: packet from 123.456.789.101:5044: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2011:08:27-22:23:25 firewall pluto[17656]: packet from 123.456.789.101:5044: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2011:08:27-22:23:25 firewall pluto[17656]: packet from 123.456.789.101:5044: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2011:08:27-22:23:25 firewall pluto[17656]: packet from 123.456.789.101:5044: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2011:08:27-22:23:25 firewall pluto[17656]: "S_for androidphone"[15] 123.456.789.101:5044 #46: responding to Main Mode from unknown peer 123.456.789.101:5044
2011:08:27-22:23:25 firewall pluto[17656]: "S_for androidphone"[15] 123.456.789.101:5044 #46: NAT-Traversal: Result using RFC 3947: peer is NATed
2011:08:27-22:23:26 firewall pluto[17656]: "S_for androidphone"[15] 123.456.789.101:5044 #46: Peer ID is ID_IPV4_ADDR: '101.202.101.2'
2011:08:27-22:23:26 firewall pluto[17656]: "S_for androidphone"[16] 123.456.789.101:5044 #46: deleting connection "S_for androidphone"[15] instance with peer 123.456.789.101 {isakmp=#0/ipsec=#0}
2011:08:27-22:23:26 firewall pluto[17656]: | NAT-T: new mapping 123.456.789.101:5044/5024)
2011:08:27-22:23:26 firewall pluto[17656]: "S_for androidphone"[16] 123.456.789.101:5024 #46: sent MR3, ISAKMP SA established
2011:08:27-22:23:26 firewall pluto[17656]: "S_for androidphone"[16] 123.456.789.101:5024 #46: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2011:08:27-22:23:27 firewall pluto[17656]: "S_for androidphone"[1] 123.456.789.101:5024 #47: responding to Quick Mode
2011:08:27-22:23:27 firewall pluto[17656]: "S_for androidphone"[1] 123.456.789.101:5024 #47: IPsec SA established {ESP=>0x02738cbc 


This thread was automatically locked due to age.
Parents
  • 0
    Hello burn.rom.burn,

    I use Android version 2.2.2. Because at that moment I only had an AP 50 online behind the ASG I pinged this AP 50 with 1400 packetlength and accessed the webadmin over the vpn connection which worked fine.
Reply
  • 0
    Hello burn.rom.burn,

    I use Android version 2.2.2. Because at that moment I only had an AP 50 online behind the ASG I pinged this AP 50 with 1400 packetlength and accessed the webadmin over the vpn connection which worked fine.
Children
  • 0 in reply to asg_user
    Ok, thanks for the infos. 

    8.285 is a Beta, right?! 
    Can you list the exact settings you have made in the Android VPN connection and in your ASG? 
    Would be very helpfull for testing. 
    Thanks in advance.
  • 0 in reply to burn.rom.burn
    Yes the 8.285 is the current beta version of ASG 8.300. The ASG is configured as usual (see screenshot). 
    At android (because it's german phone i'll write the correct german menu point in brackets): system settings (System Einstellungen) > wireless & networks (Drahtlos und Netzwerke) > VPN Settings (VPN-Einstellungen) > Basic VPN (Grundlegendes VPN) > add VPN (VPN hinzufügen):

    new L2TP/IPsec PSK-VPN:
    VPN Name: vpn
    VPN Server: resolveable external hostname of ASG
    preshared IPsec Key: PSK like in ASG
    L2TP-Key: deaktivated
    DNS Search domain: not configured

    That's it.

    Regards,
    Marco
  • 0 in reply to asg_user
    Hello burn.rom.burn,
    I use Android version 2.2.2. 

    Hello asg_user, 

    I need a favor, could you check in you phone which kernel version you have, please? 
    It's in the system settings -> about the phone -> kernel version. 
    2.6.35.*** I guess...