[Durham] L2TP IPSec issuue with android 4.2.2

Andrew Glass andrewglass3 at gmail.com
Fri Jan 3 17:36:53 UTC 2014


Hey guys! Happy New Year!

Got a bit of a problem with android and I wondered if you could help please?

My L2TP IPSec vpn using PSK is connecting fine on my desktop and laptops -
it connects without any issues, however as soon as I try to connect my
xperia z running android 4.2.2 it wont connect.  Running cat
/var/log/auth.log produces the following output:

Jan  3 17:29:37 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #12:
OAKLEY_DES_CBC is not supported.  Attrib
Jan  3 17:29:37 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #12:
OAKLEY_DES_CBC is not supported.  Attrib
Jan  3 17:29:37 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #12:
OAKLEY_DES_CBC is not supported.  Attrib
Jan  3 17:29:37 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #12:
no acceptable Oakley Transform
Jan  3 17:29:37 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #12:
sending notification NO_PROPOSAL_CHOSEN
Jan  3 17:30:24 localhost pluto[6111]: packet from 92.17.213.37:500:
received Vendor ID payload [RFC 3947] method s
Jan  3 17:30:24 localhost pluto[6111]: packet from 92.17.213.37:500:
received Vendor ID payload [draft-ietf-ipsec-n
Jan  3 17:30:24 localhost pluto[6111]: packet from 92.17.213.37:500:
received Vendor ID payload [draft-ietf-ipsec-n
Jan  3 17:30:24 localhost pluto[6111]: packet from 92.17.213.37:500:
received Vendor ID payload [draft-ietf-ipsec-n
Jan  3 17:30:24 localhost pluto[6111]: packet from 92.17.213.37:500:
ignoring Vendor ID payload [FRAGMENTATION 8000
Jan  3 17:30:24 localhost pluto[6111]: packet from 92.17.213.37:500:
received Vendor ID payload [Dead Peer Detectio
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
responding to Main Mode from unknown pee
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
OAKLEY_SHA2_256 is not supported.  Attri
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
transition from state STATE_MAIN_R0 to s
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
STATE_MAIN_R1: sent MR1, expecting MI2
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
NAT-Traversal: Result using RFC 3947 (NA
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
transition from state STATE_MAIN_R1 to s
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
STATE_MAIN_R2: sent MR2, expecting MI3
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
Main mode peer ID is ID_IPV4_ADDR: '192.
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
transition from state STATE_MAIN_R2 to s
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
new NAT mapping for #13, was 92.17.213.3
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
STATE_MAIN_R3: sent MR3, ISAKMP SA estaboup=modp1024}
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
ignoring informational payload, type IPS
Jan  3 17:30:24 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
received and ignored informational messa
Jan  3 17:30:25 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #13:
the peer proposed: 162.243.11.193/32:17/
Jan  3 17:30:25 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #14:
responding to Quick Mode proposal {msgid
Jan  3 17:30:25 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #14:
    us: 162.243.11.193<162.243.11.193>[+
Jan  3 17:30:25 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #14:
  them: 92.17.213.37[192.168.1.100,+S=C]
Jan  3 17:30:25 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #14:
keeping refhim=4294901761 during rekey
Jan  3 17:30:25 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #14:
transition from state STATE_QUICK_R0 to
Jan  3 17:30:25 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #14:
STATE_QUICK_R1: sent QR1, inbound IPsec
Jan  3 17:30:25 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #14:
netlink_raw_eroute: WARNING: that_clientt.
Jan  3 17:30:25 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #14:
transition from state STATE_QUICK_R1 to
Jan  3 17:30:25 localhost pluto[6111]: "L2TP-PSK-NAT"[2] 92.17.213.37 #14:
STATE_QUICK_R2: IPsec SA established tra6 NATOA=none
NATD=92.17.213.37:4500DPD=none}


Can anyone shed any light as to the problem and possible fix please?

Cheers

Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/durham/attachments/20140103/5e429a10/attachment.html>


More information about the Durham mailing list