This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Droid L2TP over IPSec Connections Fail

Any update on connecting to ASG with an android phone using L2TP over IPSec? I saw a couple of posts in the 8.200 beta forum and it appeared as if this issue might be fixed. However, I'm now running v8.201 and just tried it again with my Motorola Droid 2 and no dice. Yet, according to the log, the connection appears to be established, yet the phone keeps stating "connection failed, retry."

Any ideas???

2011:08:27-22:23:25 firewall pluto[17656]: packet from 123.456.789.101:5044: received Vendor ID payload [RFC 3947]
2011:08:27-22:23:25 firewall pluto[17656]: packet from 123.456.789.101:5044: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2011:08:27-22:23:25 firewall pluto[17656]: packet from 123.456.789.101:5044: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2011:08:27-22:23:25 firewall pluto[17656]: packet from 123.456.789.101:5044: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2011:08:27-22:23:25 firewall pluto[17656]: packet from 123.456.789.101:5044: ignoring Vendor ID payload [FRAGMENTATION 80000000]
2011:08:27-22:23:25 firewall pluto[17656]: "S_for androidphone"[15] 123.456.789.101:5044 #46: responding to Main Mode from unknown peer 123.456.789.101:5044
2011:08:27-22:23:25 firewall pluto[17656]: "S_for androidphone"[15] 123.456.789.101:5044 #46: NAT-Traversal: Result using RFC 3947: peer is NATed
2011:08:27-22:23:26 firewall pluto[17656]: "S_for androidphone"[15] 123.456.789.101:5044 #46: Peer ID is ID_IPV4_ADDR: '101.202.101.2'
2011:08:27-22:23:26 firewall pluto[17656]: "S_for androidphone"[16] 123.456.789.101:5044 #46: deleting connection "S_for androidphone"[15] instance with peer 123.456.789.101 {isakmp=#0/ipsec=#0}
2011:08:27-22:23:26 firewall pluto[17656]: | NAT-T: new mapping 123.456.789.101:5044/5024)
2011:08:27-22:23:26 firewall pluto[17656]: "S_for androidphone"[16] 123.456.789.101:5024 #46: sent MR3, ISAKMP SA established
2011:08:27-22:23:26 firewall pluto[17656]: "S_for androidphone"[16] 123.456.789.101:5024 #46: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2011:08:27-22:23:27 firewall pluto[17656]: "S_for androidphone"[1] 123.456.789.101:5024 #47: responding to Quick Mode
2011:08:27-22:23:27 firewall pluto[17656]: "S_for androidphone"[1] 123.456.789.101:5024 #47: IPsec SA established {ESP=>0x02738cbc

This thread was automatically locked due to age.

Parents

0 burn.rom.burn over 13 years ago

Hello Marco,

thanks for that fast answer!
And good to hear that it is possible!

I have the same settings, but I get errors and can't get a connection.


2011:11:29-16:57:43 pluto[6896]: packet from 111.x.x.22:500: received Vendor ID payload [RFC 3947]

2011:11:29-16:57:43 pluto[6896]: packet from 111.x.x.22:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]

2011:11:29-16:57:43 pluto[6896]: packet from 111.x.x.22:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

2011:11:29-16:57:43 pluto[6896]: packet from 111.x.x.22:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

2011:11:29-16:57:43 pluto[6896]: packet from 111.x.x.22:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]

2011:11:29-16:57:43 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: responding to Main Mode from unknown peer 111.x.x.22:4500

2011:11:29-16:57:43 pluto[6896]: | NAT-T: new mapping 111.x.x.22:4500/500)

2011:11:29-16:57:43 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22 #5: NAT-Traversal: Result using RFC 3947: i am NATed

2011:11:29-16:57:43 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22 #5: Peer ID is ID_IPV4_ADDR: '111.x.x.22'

2011:11:29-16:57:43 pluto[6896]: | NAT-T: new mapping 111.x.x.22:500/4500)

2011:11:29-16:57:43 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: sent MR3, ISAKMP SA established

2011:11:29-16:57:43 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT

2011:11:29-16:57:45 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: cannot respond to IPsec SA request because no connection is known for 92.x.x.228/32===192.168.1.11:4500[192.168.1.11]:17/1701...111.x.x.22:4500[111.x.x.22]:17/%any

2011:11:29-16:57:45 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: sending encrypted notification INVALID_ID_INFORMATION to 111.x.x.22:4500

2011:11:29-16:57:55 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xe01471ef (perhaps this is a duplicated packet)

2011:11:29-16:57:55 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: sending encrypted notification INVALID_MESSAGE_ID to 111.x.x.22:4500

2011:11:29-16:58:04 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xe01471ef (perhaps this is a duplicated packet)

2011:11:29-16:58:04 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: sending encrypted notification INVALID_MESSAGE_ID to 111.x.x.22:4500


2011:11:29-16:57:45 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: cannot respond to IPsec SA request because no connection is known for 92.x.x.228/32===192.168.1.11:4500[192.168.1.11]:17/1701...111.x.x.22:4500[111.x.x.22]:17/%any

"92.x.x.228" is my current IP of the Astaro or rather the ISP router over DynDNS. Right now the Astaro is connected with an ISP with dynamic IPs.
So I use an DynDNS URL in the settings of my Android VPN. this should also work, right?

So what is my problem here? Is there anyone who can say or analyse this correctly?
I appreciate any help.

Reply

0 burn.rom.burn over 13 years ago

Hello Marco,

thanks for that fast answer!
And good to hear that it is possible!

I have the same settings, but I get errors and can't get a connection.


2011:11:29-16:57:43 pluto[6896]: packet from 111.x.x.22:500: received Vendor ID payload [RFC 3947]

2011:11:29-16:57:43 pluto[6896]: packet from 111.x.x.22:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]

2011:11:29-16:57:43 pluto[6896]: packet from 111.x.x.22:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

2011:11:29-16:57:43 pluto[6896]: packet from 111.x.x.22:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

2011:11:29-16:57:43 pluto[6896]: packet from 111.x.x.22:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]

2011:11:29-16:57:43 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: responding to Main Mode from unknown peer 111.x.x.22:4500

2011:11:29-16:57:43 pluto[6896]: | NAT-T: new mapping 111.x.x.22:4500/500)

2011:11:29-16:57:43 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22 #5: NAT-Traversal: Result using RFC 3947: i am NATed

2011:11:29-16:57:43 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22 #5: Peer ID is ID_IPV4_ADDR: '111.x.x.22'

2011:11:29-16:57:43 pluto[6896]: | NAT-T: new mapping 111.x.x.22:500/4500)

2011:11:29-16:57:43 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: sent MR3, ISAKMP SA established

2011:11:29-16:57:43 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT

2011:11:29-16:57:45 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: cannot respond to IPsec SA request because no connection is known for 92.x.x.228/32===192.168.1.11:4500[192.168.1.11]:17/1701...111.x.x.22:4500[111.x.x.22]:17/%any

2011:11:29-16:57:45 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: sending encrypted notification INVALID_ID_INFORMATION to 111.x.x.22:4500

2011:11:29-16:57:55 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xe01471ef (perhaps this is a duplicated packet)

2011:11:29-16:57:55 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: sending encrypted notification INVALID_MESSAGE_ID to 111.x.x.22:4500

2011:11:29-16:58:04 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xe01471ef (perhaps this is a duplicated packet)

2011:11:29-16:58:04 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: sending encrypted notification INVALID_MESSAGE_ID to 111.x.x.22:4500


2011:11:29-16:57:45 pluto[6896]: "S_for ANDROID"[2] 111.x.x.22:4500 #5: cannot respond to IPsec SA request because no connection is known for 92.x.x.228/32===192.168.1.11:4500[192.168.1.11]:17/1701...111.x.x.22:4500[111.x.x.22]:17/%any

Children

No Data