[Swan] USE_DH2 Re: Libreswan 4.6: connection IKEv2 win10 to Linux freezes soon after Android device connects
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Fri Jan 14 22:37:02 EET 2022
On 1/14/2022 4:21 PM, Paul Wouters wrote:
> BTW, Android L2TP connection tested with 4.5 USE_DH2=true did not
> connect
>>> from Android, while it did from Windows 10. I would like to have
>>> them all
>>> running stable and symmetrically.
>
> whether you compile USE_DH2 in or not should not make a difference,
> unless you are changing the ike= or esp=/phase2alg= line to include
> modp1024 (which you shouldn't).
Experiment proves otherwise. I have made two parallel compiles,
USE_DH2=true and USE_DH2=false. Then `make install; ipsec restart` from
each directory, each time attempting to connect L2TP with PSK from
Android 11 native client. The result is interesting: USE_DH2=false
version could not connect, and the othe one could.
Proof of the concept is in the logs (as the proverb sayeth "if the goat
is lying, the horn isnt" :)
[1] https://domac.alu.hr/mtodorov/l2tp-20220114-dh2=true-01.log (connected)
[2] https://domac.alu.hr/mtodorov/l2tp-20220114-nodh2-01.log (unsuccessful)
Hope this helps, because OAKLEY auth loop looks like a bug IMHO.
Kind regards,
Mirsad
--
Mirsad Goran Todorovac
CARNet sistem inženjer
Grafički fakultet | Akademija likovnih umjetnosti
Sveučilište u Zagrebu
--
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb, Republic of Croatia
tel. +385 (0)1 3711 451
mob. +385 91 57 88 355
More information about the Swan
mailing list