[Swan] IKEv2 + PSK to Android question
Paul Wouters
paul at nohats.ca
Tue May 9 04:25:19 UTC 2017
On Mon, 8 May 2017, Nick Howitt wrote:
> I got the following to connect:
> left=82.19.158.192
> leftsourceip=172.17.2.1
> leftsubnet=172.17.2.0/24
> leftid=@nick
> right=%any
> rightid=@samsung
> rightaddresspool=172.17.4.16-172.17.4.31
> esp=aes256-sha2_512,aes_gcm256-null,aes_gcm128-null,aes256-sha2_512,aes128-sha2_512
> I needed some or all of the lines after the esp line. With this I had a connection but no traffic passed.
>
> In Android I then went into the advanced options and set the remote network to 172.17.2.0/24 and I could access the server on
> 172.17.2.1 but I could not ping anything on the LAN. OpenVPN can as can IPsec traffic from a remote router LAN-LAN VPN. Is
> this an Android bug or is there another issue? I saw another thread recently when someone also had problems routing traffic.
The android bug is with esp= and sha2_256, which you wisely did not add
to your esp= line.
I think you want:
leftupdown="ipsec _updown.netkey --route yes"
which enables proxyarp ?
Paul
More information about the Swan
mailing list