Hi
I have just configured StrongSwan for VPN connections to my network. When using windows 10 and 11 as clients both work fine. The problem that I am having is when it try to VPN via android using the same certificate that I used when using windows. I get failed to connect. I tried my domain name that points to my router and also the IP address. below is the errror get when using IP address
any help or point me in the right direction would be very appreciated.
thanks
bill
I have just configured StrongSwan for VPN connections to my network. When using windows 10 and 11 as clients both work fine. The problem that I am having is when it try to VPN via android using the same certificate that I used when using windows. I get failed to connect. I tried my domain name that points to my router and also the IP address. below is the errror get when using IP address
Code:
May 6 12:23:54 00[DMN] Starting IKE service (strongSwan 5.9.13, Android 10 - QP1A.190711.020.G970USQU3DTE8/2020-06-01, SM-G970U - samsung/beyond0qltesq/samsung, Linux 4.14.117-18725736, aarch64, org.strongswan.android)May 6 12:23:54 00[LIB] providers loaded by OpenSSL: default legacyMay 6 12:23:54 00[LIB] loaded plugins: androidbridge charon android-log socket-default openssl nonce pkcs1 pem x509 xcbc kdf revocation eap-identity eap-mschapv2 eap-md5 eap-gtc eap-tlsMay 6 12:23:54 00[JOB] spawning 16 worker threadsMay 6 12:23:54 15[IKE] initiating IKE_SA android[81] to xx.xxx.xxx.xxMay 6 12:23:54 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]May 6 12:23:54 15[NET] sending packet: from 192.0.0.2[53375] to xx.xxx.xxx.xx[500] (948 bytes)May 6 12:23:54 10[NET] received packet: from xx.xxx.xxx.xx[500] to 192.0.0.2[53375] (38 bytes)May 6 12:23:54 10[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]May 6 12:23:54 10[IKE] peer didn't accept DH group ECP_256, it requested CURVE_25519May 6 12:23:54 10[IKE] initiating IKE_SA android[81] to xx.xxx.xxx.xxxMay 6 12:23:54 10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]May 6 12:23:54 10[NET] sending packet: from 192.0.0.2[53375] to xx.xxx.xxx.xx500] (916 bytes)May 6 12:23:54 11[NET] received packet: from xx.xxx.xxx.xx[500] to 192.0.0.2[53375] (236 bytes)May 6 12:23:54 11[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]May 6 12:23:54 11[CFG] selected proposal: IKE:CHACHA20_POLY1305/PRF_HMAC_SHA2_512/CURVE_25519May 6 12:23:54 11[IKE] local host is behind NAT, sending keep alivesMay 6 12:23:54 11[IKE] remote host is behind NATMay 6 12:23:54 11[IKE] sending cert request for "CN=VPN root PC"May 6 12:23:54 11[IKE] establishing CHILD_SA android{80}May 6 12:23:54 11[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]May 6 12:23:54 11[NET] sending packet: from 192.0.0.2[44035] to xx.xxx.xxx.xx[4500] (441 bytes)May 6 12:23:54 12[NET] received packet: from xx.xxx.xxx.xx[4500] to 192.0.0.2[44035] (65 bytes)May 6 12:23:54 12[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]May 6 12:23:54 12[IKE] received AUTHENTICATION_FAILED notify errorthanks
bill
Statistics: Posted by binglis — 2024-05-06 12:29 — Replies 1 — Views 60