[Swan] android nat vs no-nat
Bob Miller
bob at computerisms.ca
Tue Oct 21 23:53:17 EEST 2014
Greetings fellow list dwellers,
> Alternatively, you could try to generate a certificate for this device
> with a smaller RSA key (eg 1024) and see if that would (temporarilly)
> work around it.
Turned out this was the correct path to a fix, but I didn't see it till
I did a verbose tcpdump. The cert with 1024 bit key was still too big,
so I made another cert with an 800 bit key, and that succeeded in
connecting.
I am curious as to how one identifies what is causing this. when I saw
it in the tcpdump, it was giving an error like len mismatch: isakmp
1532/ip 1468 when I was using the 1024 key, which makes me think I am
not receiving fragmented packets. Yet when I set the tablet as a
hotspot and connect with a windows machine through it, I can connect
with a 4096 bit cert, and when connecting with the tablet through a
non-lte network, the 4096 key works on the tablet too, so surely things
are fragmenting? so is this problem a function of the tablet, the
firewall, or something in between?
More information about the Swan
mailing list