[Swan] IPSec/XAuth, Android 8.1, and "always-on VPN"
Paul Wouters
paul at nohats.ca
Fri Aug 10 18:49:07 UTC 2018
On Wed, 25 Jul 2018, Tan Chee Eng wrote:
> I don't think that's the problem. I see the following lines in the log:
>
> "xauth-rsa"[1] {CLIENT IP} #2: STATE_QUICK_R1: sent QR1, inbound IPsec
> SA installed, expecting QI2 tunnel mode {ESP/NAT=>0x0dcbfd24
> <0x2ddf4c55 xfrm=AES_CBC_256-HMAC_SHA2_512_256 NATOA=none NATD={CLIENT
> IP}:31360 DPD=passive username=tan-ce}
> "xauth-rsa"[1] {CLIENT IP} #2: STATE_QUICK_R2: IPsec SA established
> tunnel mode {ESP/NAT=>0x0dcbfd24 <0x2ddf4c55
> xfrm=AES_CBC_256-HMAC_SHA2_512_256 NATOA=none NATD={CLIENT IP}:31360
> DPD=passive username=tan-ce}
>
> Which seems to indicate that SHA2-512/256 was negotiated. I also have
> the "truncbug" option enabled. That also doesn't explain why a manual
> VPN connection _succeeds_. I only see this problem when I enable the
> "Always-on VPN" option of my device.
Did you ever find out what the issue was?
Paul
More information about the Swan
mailing list