OpenBSD Mail Box: Re: L2TP/IPSec PSK with Android -- INVALID_ID

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.5.1
Comment: https://openpgpjs.org

xjMEXLy3oxYJKwYBBAHaRw8BAQdA1u+3PBDg+JyMo01717GQuPnJCv7coei7
Wa/mZ7ehSj/NJSJsZXZhQGVjZW50cnVtLmh1IiA8bGV2YUBlY2VudHJ1bS5o
dT7CdwQQFgoAHwUCXLy3owYLCQcIAwIEFQgKAgMWAgECGQECGwMCHgEACgkQ
DEGOClIQCPwAQwEA6t0v62AryOh8TC7zQ1UsKX11XnTCe/VdltU2oPo8GpkB
AMMJ9i4sNsD+n2mFEARyCjeDCgT8aDgYpVdOZMbmwWkEzjgEXLy3oxIKKwYB
BAGXVQEFAQEHQEAbn78Ua1uhxrBz+4GqkHFZ7S+DSqU6YLDGruK/PLUDAwEI
B8JhBBgWCAAJBQJcvLejAhsMAAoJEAxBjgpSEAj8moABALrjTKLxEnoTBfxb
HiYXWaZxlubOPO2zpz/f9ZBRqGz4AP4/a0fJisj8dDrGf/7JnVonh+KF7L98
v0SH1CTPXK6gDA==
=r0Cq
-----END PGP PUBLIC KEY BLOCK-----
Wow, thanks for this... For some reason I always thought that anything VPN related would require a rooted Android phone to mess with interfaces and routing, but clearly it doesn't.
It took about 10 minutes to read https://www.openbsd.org/faq/faq17.html and configure a successful IKEv2 connection from strongSwan on the phone to the router.

One more thing, how do I know what IP address my client has gotten? `ipsecctl(8) -vsa` doesn't show that, and iked(8) output in /var/log/daemon doesn't either. Right now I'm pinging my router from my phone and tcpdump-ing the enc0 interface for icmp packets :)

Dani

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, 1 July 2019 19:34, Stuart Henderson <stu@spacehopper.org> wrote:

> On 2019-06-30, Lévai Dániel leva@ecentrum.hu wrote:
>
> > I know (saw) this has come up numerous times, and someone has been successful, others weren't. I thought I'd try this out myself, and not surprisingly it wasn't successful :)
> > I've been using these howtos [1] -- I know these can be outdated and/or simply wrong, I just wanted to get the general idea on how to tackle this.
> > I've made it through a couple of hurdles but now I'm stuck and thought I'd ask some questions here.
>
> L2TP+IPsec can be made to work, but to be perfectly honest, unless you
> have a special reason (e.g. need to run this on a box which is also
> doing other tunnels which have to be IKEv1), then I would switch to
> IKEv2/iked and strongswan on Android (or the built-in client on Windows
> or iOS), it is fast to connect and generally much more pleasant to use...
>
> (I still use IKEv1/isakmpd for lan-to-lan tunnels but now try to avoid
> it for standard "roaming client" type connections).

OpenBSD Mail Box

Monday, July 01, 2019

Re: L2TP/IPSec PSK with Android -- INVALID_ID_INFORMATION

No comments:

Post a Comment