[Swan] android nat vs no-nat
Paul Wouters
paul at nohats.ca
Fri Oct 10 06:34:39 EEST 2014
On Thu, 9 Oct 2014, Bob Miller wrote:
> When I connect to wifi on my local network, the android connects to the
> vpn just fine and traffic passes as expected. When I connect the
> android to lte or wcdma, the connection gets stuck at STATE_MAIN_R2:
> sent MR2, expecting MI3.
Can you try setting ike-frag=force (or ike_frag=force ?)
It looks like you are hitting UDP fragmentation of IKE packets where the
fragments are getting lost. The ike-frag option triggers fragmentation
on the IKE level before the UDP fragmentation kicks in.
Alternatively, you could try to generate a certificate for this device
with a smaller RSA key (eg 1024) and see if that would (temporarilly)
work around it.
Paul
More information about the Swan
mailing list