[Swan] Android VPN not passing any traffic, OSX does work

Tue Mar 14 16:09:57 UTC 2017

I’m sorry if I’ve made this confusing.

But simple answer is none of the stuff I’ve tried works for me when it comes to Android.
Windows and OSX - do work fine.

> On Mar 14, 2017, at 12:00 PM, Paul Wouters <paul at nohats.ca> wrote:
> 
> On Tue, 14 Mar 2017, Viktor Keremedchiev wrote:
> 
> And using AES_GCM does give traffic ?
> 
> Sorry, I'm really trying to make sure there are no new issues, and I'm
> still a little confused what works or does not work for you.
> 
> 
> Paul
> 
>> Date: Tue, 14 Mar 2017 11:51:22
>> From: Viktor Keremedchiev <vkeremedchiev at adaptavist.com>
>> To: swan at lists.libreswan.org
>> Subject: Re: [Swan] Android VPN not passing any traffic, OSX does work
>> Just tried
>> 
>> 000 "roaming":   ESP algorithms wanted: AES_GCM_C(20)_000-NONE(0), AES(12)_256-SHA2_256(5)
>> 000 "roaming":   ESP algorithms loaded: AES_GCM_C(20)_000-NONE(0), AES(12)_256-SHA2_256(5)
>> 
>> 
>> 
>> 
>> Mar 14 15:48:22: "roaming"[2] 199.7.157.124 #1: transition from state STATE_MODE_CFG_R0 to state STATE_MODE_CFG_R1
>> Mar 14 15:48:22: "roaming"[2] 199.7.157.124 #1: STATE_MODE_CFG_R1: ModeCfg Set sent, expecting Ack
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #1: the peer proposed: 0.0.0.0/0:0/0 -> 172.31.255.1/32:0/0
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2: responding to Quick Mode proposal {msgid:f15da5ee}
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2:     us: 0.0.0.0/0===172.31.255.216<172.31.255.216>[MS+XS+S=C]
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2:   them: 199.7.157.124[10.156.163.19,+MC+XC+S=C]===172.31.255.1/32
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 tunnel mode {ESP/NAT=>0x034dd8f5 <0xXXXXXXXX xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=199.7.157.124:53562 DPD=passive username=XXXX
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
>> Mar 14 15:48:24: "roaming"[2] 199.7.157.124 #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x034dd8f5 <0xXXXXXXXX xfrm=AES_256-HMAC_SHA2_256 NATOA=none NATD=199.7.157.124:53562 DPD=passive username=XXXX
>> 
>> 
>> Connects, but no traffic
>> 
>> IP 199.7.157.124.53562 > 172.31.255.216.ipsec-nat-t: UDP-encap: ESP(spi=0xXXXXXXXX,seq=0x185), length 116
>> IP 199.7.157.124.53562 > 172.31.255.216.ipsec-nat-t: UDP-encap: ESP(spi=0xXXXXXXXX,seq=0x186), length 116
>> IP 199.7.157.124.53562 > 172.31.255.216.ipsec-nat-t: UDP-encap: ESP(spi=0xXXXXXXXX,seq=0x187), length 116
>> IP 199.7.157.124.53562 > 172.31.255.216.ipsec-nat-t: UDP-encap: ESP(spi=0xXXXXXXXX,seq=0x188), length 116
>> IP 199.7.157.124.53562 > 172.31.255.216.ipsec-nat-t: UDP-encap: ESP(spi=0xXXXXXXXX,seq=0x18a), length 100
>> 
>>> On Mar 14, 2017, at 11:15 AM, Paul Wouters <paul at nohats.ca> wrote:
>>> 
>>> On Tue, 14 Mar 2017, Viktor Keremedchiev wrote:
>>> 
>>>> I used this: phase2alg=aes_gcm-null
>>> 
>>> So Android does support AES-GCM now for phase2/esp ?
>>> 
>>> And traffic flow works properly with this?
>>> 
>>> Paul
>> 
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan
>> 