Project

General

Profile

Issue #462

strongswan android app can not use on android 4.4 OS

Added by yang sun over 4 years ago. Updated over 4 years ago.

Status:
Feedback
Priority:
Normal
Category:
android
Affected version:
5.1.1
Resolution:

Description

when I update to latest android os 4.4
the strongswan android app can not use
but ok for android os 4.3
what's problem?


Related issues

Related to Issue #695: StrongSwan Android: failed to setup up TUN device without DNSClosed2014-09-01
Has duplicate Issue #473: problem with strongswan android app for android 4.4Rejected2013-12-29
Has duplicate Issue #613: StrongSwan fails to reconnect after no internet for long period of timeClosed
Has duplicate Issue #668: TUN overlapping in Android 4.4.2Rejected

History

#1 Updated by Tobias Brunner over 4 years ago

  • Category set to android
  • Status changed from New to Feedback
  • Assignee set to Tobias Brunner
  • Priority changed from Urgent to Normal

I don't know what your exact problem might be as you provided no logs (from logcat and/or the app). But there are currently several known issues on Android 4.4.

Unfortunately, Google changed several aspects of the VpnService implementation and these changes broke most VPN apps.

You might want to have a look at the open issues on Google's issue tracker: 62714, 61948, 62410, 62872, 61678, 62588.

Apparently, some of these have been fixed with 4.4.1.

#2 Updated by Tyrael Wang over 4 years ago

Maybe , @yang sun meant Stongswan for android App did not support android 4.4 , because the new ART mode would crash the app

#3 Updated by yang sun over 4 years ago

@Tyrael Wang yes. android App did not support android 4.4. do you know how to solve it?

#4 Updated by Tobias Brunner over 4 years ago

Tyrael Wang wrote:

Maybe , @yang sun meant Stongswan for android App did not support android 4.4 , because the new ART mode would crash the app

ART is experimental and only enabled if the user does so manually in the developer options. Even so, the app actually seems to work fine with ART (I just tried it on a Nexus 5), so that's apparently not an issue.

yang sun wrote:

@Tyrael Wang yes. android App did not support android 4.4. do you know how to solve it?

You still don't describe what problem your are facing exactly (nor the device you are using or any other useful information).

#5 Updated by yang sun over 4 years ago

@Tyrael Wang hi you can use strongswan android app in your Nexus 5 without problem?

#6 Updated by yang sun over 4 years ago

@Tyrael Wang still problem with strongswan android app for android 4.4

[22:00:24] zhaozhongwei: 12-29 09:03:50.577: D/dalvikvm(1417): GC_FOR_ALLOC freed 1095K, 26% free 6017K/8068K, paused 30ms, total 36ms
12-29 09:03:50.797: I/charon(1417): 00[KNL] kernel-netlink plugin might require CAP_NET_ADMIN capability
12-29 09:03:51.137: I/charon(1417): 00[LIB] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default kernel-netlink eap-identity eap-mschapv2 eap-md5 eap-gtc
12-29 09:03:51.137: I/charon(1417): 00[LIB] unable to load 9 plugin features (9 due to unmet dependencies)
12-29 09:03:51.137: I/charon(1417): 00[JOB] spawning 16 worker threads
12-29 09:03:51.157: I/CharonVpnService(1417): charon started
12-29 09:03:51.157: I/charon(1417): 08[IKE] initiating IKE_SA android[5] to 98.126.129.243
12-29 09:03:51.227: I/charon(1417): 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
12-29 09:03:51.317: I/charon(1417): 08[NET] sending packet: from 10.0.2.15[38029] to 98.126.129.243[500] (660 bytes)
12-29 09:03:51.677: I/charon(1417): 11[NET] received packet: from 98.126.129.243[500] to 10.0.2.15[38029] (312 bytes)
12-29 09:03:51.687: I/charon(1417): 11[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
12-29 09:03:51.727: I/charon(1417): 11[IKE] local host is behind NAT, sending keep alives
12-29 09:03:51.757: I/charon(1417): 11[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA" 
12-29 09:03:51.757: I/charon(1417): 11[IKE] establishing CHILD_SA android
12-29 09:03:51.767: I/charon(1417): 11[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
12-29 09:03:51.807: I/charon(1417): 11[NET] sending packet: from 10.0.2.15[37122] to 98.126.129.243[4500] (524 bytes)
12-29 09:03:52.167: I/charon(1417): 12[NET] received packet: from 98.126.129.243[4500] to 10.0.2.15[37122] (1260 bytes)
12-29 09:03:52.167: I/charon(1417): 12[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
12-29 09:03:52.167: I/charon(1417): 12[IKE] received end entity cert "C=CH, O=strongSwan, CN=98.126.129.243" 
12-29 09:03:52.177: I/charon(1417): 12[CFG]   using certificate "C=CH, O=strongSwan, CN=98.126.129.243" 
12-29 09:03:52.177: I/charon(1417): 12[CFG]   using trusted ca certificate "C=CH, O=strongSwan, CN=strongSwan CA" 
12-29 09:03:52.177: I/charon(1417): 12[CFG]   reached self-signed root ca with a path length of 0
12-29 09:03:52.187: I/charon(1417): 12[IKE] authentication of 'C=CH, O=strongSwan, CN=98.126.129.243' with RSA signature successful
12-29 09:03:52.187: I/charon(1417): 12[IKE] server requested EAP_IDENTITY (id 0x00), sending 'test'
12-29 09:03:52.197: I/charon(1417): 12[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
12-29 09:03:52.197: I/charon(1417): 12[NET] sending packet: from 10.0.2.15[37122] to 98.126.129.243[4500] (76 bytes)
12-29 09:03:52.517: I/charon(1417): 13[NET] received packet: from 98.126.129.243[4500] to 10.0.2.15[37122] (108 bytes)
12-29 09:03:52.517: I/charon(1417): 13[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
12-29 09:03:52.517: I/charon(1417): 13[IKE] server requested EAP_MSCHAPV2 authentication (id 0x01)
12-29 09:03:52.527: I/charon(1417): 13[ENC] generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
12-29 09:03:52.527: I/charon(1417): 13[NET] sending packet: from 10.0.2.15[37122] to 98.126.129.243[4500] (140 bytes)
12-29 09:03:52.837: I/charon(1417): 14[NET] received packet: from 98.126.129.243[4500] to 10.0.2.15[37122] (124 bytes)
12-29 09:03:52.837: I/charon(1417): 14[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
12-29 09:03:52.837: I/charon(1417): 14[IKE] EAP-MS-CHAPv2 succeeded: '(null)'
12-29 09:03:52.847: I/charon(1417): 14[ENC] generating IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
12-29 09:03:52.857: I/charon(1417): 14[NET] sending packet: from 10.0.2.15[37122] to 98.126.129.243[4500] (76 bytes)
12-29 09:03:53.197: I/charon(1417): 15[NET] received packet: from 98.126.129.243[4500] to 10.0.2.15[37122] (76 bytes)
12-29 09:03:53.197: I/charon(1417): 15[ENC] parsed IKE_AUTH response 4 [ EAP/SUCC ]
12-29 09:03:53.197: I/charon(1417): 15[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established
12-29 09:03:53.197: I/charon(1417): 15[IKE] authentication of 'test' (myself) with EAP
12-29 09:03:53.197: I/charon(1417): 15[ENC] generating IKE_AUTH request 5 [ AUTH ]
12-29 09:03:53.197: I/charon(1417): 15[NET] sending packet: from 10.0.2.15[37122] to 98.126.129.243[4500] (92 bytes)
12-29 09:03:55.207: I/charon(1417): 12[IKE] retransmit 1 of request with message ID 5
12-29 09:03:55.207: I/charon(1417): 12[NET] sending packet: from 10.0.2.15[37122] to 98.126.129.243[4500] (92 bytes)
12-29 09:03:55.507: I/charon(1417): 13[NET] received packet: from 98.126.129.243[4500] to 10.0.2.15[37122] (252 bytes)
12-29 09:03:55.517: I/charon(1417): 13[ENC] parsed IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
12-29 09:03:55.517: I/charon(1417): 13[IKE] authentication of 'C=CH, O=strongSwan, CN=98.126.129.243' with EAP successful
12-29 09:03:55.527: I/charon(1417): 13[IKE] IKE_SA android[5] established between 10.0.2.15[test]...98.126.129.243[C=CH, O=strongSwan, CN=98.126.129.243]
12-29 09:03:55.527: I/charon(1417): 13[IKE] scheduling rekeying in 35756s
12-29 09:03:55.527: I/charon(1417): 13[IKE] maximum IKE_SA lifetime 36356s
12-29 09:03:55.577: I/charon(1417): 13[IKE] installing new virtual IP 10.12.0.5
12-29 09:03:55.587: I/charon(1417): 13[IKE] CHILD_SA android{5} established with SPIs ad792da2_i c1cd74c6_o and TS 10.12.0.5/32 === 0.0.0.0/0 
12-29 09:03:55.587: I/charon(1417): 13[DMN] setting up TUN device for CHILD_SA android{5}
12-29 09:03:55.897: W/System.err(1417): java.lang.IllegalStateException: command '82 interface fwmark rule add tun0' failed with '400 82 Failed to add fwmark rule (No such device)'
12-29 09:03:55.907: W/System.err(1417):  at android.os.Parcel.readException(Parcel.java:1469)
12-29 09:03:55.907: W/System.err(1417):  at android.os.Parcel.readException(Parcel.java:1415)
12-29 09:03:55.937: W/System.err(1417):  at android.net.IConnectivityManager$Stub$Proxy.establishVpn(IConnectivityManager.java:1555)
12-29 09:03:55.947: W/System.err(1417):  at android.net.VpnService$Builder.establish(VpnService.java:471)
12-29 09:03:55.947: W/System.err(1417):  at org.strongswan.android.logic.CharonVpnService$BuilderAdapter.establish(CharonVpnService.java:736)
12-29 09:03:55.977: W/System.err(1417):  at dalvik.system.NativeStart.run(Native Method)
12-29 09:03:55.977: I/charon(1417): 13[LIB] builder: failed to build TUN device
12-29 09:03:56.007: I/charon(1417): 13[DMN] failed to setup TUN device
12-29 09:03:56.127: I/charon(1417): 13[IKE] peer supports MOBIKE
12-29 09:03:56.337: I/charon(1417): 00[IKE] deleting IKE_SA android[5] between 10.0.2.15[test]...98.126.129.243[C=CH, O=strongSwan, CN=98.126.129.243]
12-29 09:03:56.337: I/charon(1417): 00[IKE] sending DELETE for IKE_SA android[5]
12-29 09:03:56.337: I/charon(1417): 00[ENC] generating INFORMATIONAL request 6 [ D ]
12-29 09:03:56.367: I/charon(1417): 00[NET] sending packet: from 10.0.2.15[37122] to 98.126.129.243[4500] (76 bytes)
12-29 09:03:56.507: I/CharonVpnService(1417): charon stopped

#7 Updated by Tobias Brunner over 4 years ago

Could be either the same or a similar issue as 62410. The message is not exactly the same and it seems to happen during the initial initiation not when the TUN devices are created overlapping (did you do this right after rebooting the device?).

#8 Updated by Tobias Brunner about 4 years ago

  • Has duplicate Issue #613: StrongSwan fails to reconnect after no internet for long period of time added

#9 Updated by Tobias Brunner about 4 years ago

  • Has duplicate Issue #668: TUN overlapping in Android 4.4.2 added

#10 Updated by Tobias Brunner almost 4 years ago

  • Related to Issue #695: StrongSwan Android: failed to setup up TUN device without DNS added

Also available in: Atom PDF