Project

General

Profile

Issue #473

problem with strongswan android app for android 4.4

Added by yang sun over 7 years ago. Updated over 7 years ago.

Status:
Rejected
Priority:
Normal
Category:
android
Affected version:
5.1.1
Resolution:
Duplicate

Description

setup a server with strongswan
test strongswan android app client ,works ok for android 4.1-4.3 OS.
but faild for android 4.4

[22:00:24] zhaozhongwei: 12-29 09:03:50.577: D/dalvikvm(1417): GC_FOR_ALLOC freed 1095K, 26% free 6017K/8068K, paused 30ms, total 36ms
12-29 09:03:50.797: I/charon(1417): 00[KNL] kernel-netlink plugin might require CAP_NET_ADMIN capability
12-29 09:03:51.137: I/charon(1417): 00[LIB] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default kernel-netlink eap-identity eap-mschapv2 eap-md5 eap-gtc
12-29 09:03:51.137: I/charon(1417): 00[LIB] unable to load 9 plugin features (9 due to unmet dependencies)
12-29 09:03:51.137: I/charon(1417): 00[JOB] spawning 16 worker threads
12-29 09:03:51.157: I/CharonVpnService(1417): charon started
12-29 09:03:51.157: I/charon(1417): 08[IKE] initiating IKE_SA android5 to 98.126.129.243
12-29 09:03:51.227: I/charon(1417): 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
12-29 09:03:51.317: I/charon(1417): 08[NET] sending packet: from 10.0.2.1538029 to 98.126.129.243500 (660 bytes)
12-29 09:03:51.677: I/charon(1417): 11[NET] received packet: from 98.126.129.243500 to 10.0.2.1538029 (312 bytes)
12-29 09:03:51.687: I/charon(1417): 11[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
12-29 09:03:51.727: I/charon(1417): 11[IKE] local host is behind NAT, sending keep alives
12-29 09:03:51.757: I/charon(1417): 11[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA"
12-29 09:03:51.757: I/charon(1417): 11[IKE] establishing CHILD_SA android
12-29 09:03:51.767: I/charon(1417): 11[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
12-29 09:03:51.807: I/charon(1417): 11[NET] sending packet: from 10.0.2.1537122 to 98.126.129.2434500 (524 bytes)
12-29 09:03:52.167: I/charon(1417): 12[NET] received packet: from 98.126.129.2434500 to 10.0.2.1537122 (1260 bytes)
12-29 09:03:52.167: I/charon(1417): 12[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
12-29 09:03:52.167: I/charon(1417): 12[IKE] received end entity cert "C=CH, O=strongSwan, CN=98.126.129.243"
12-29 09:03:52.177: I/charon(1417): 12[CFG] using certificate "C=CH, O=strongSwan, CN=98.126.129.243"
12-29 09:03:52.177: I/charon(1417): 12[CFG] using trusted ca certificate "C=CH, O=strongSwan, CN=strongSwan CA"
12-29 09:03:52.177: I/charon(1417): 12[CFG] reached self-signed root ca with a path length of 0
12-29 09:03:52.187: I/charon(1417): 12[IKE] authentication of 'C=CH, O=strongSwan, CN=98.126.129.243' with RSA signature successful
12-29 09:03:52.187: I/charon(1417): 12[IKE] server requested EAP_IDENTITY (id 0x00), sending 'test'
12-29 09:03:52.197: I/charon(1417): 12[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
12-29 09:03:52.197: I/charon(1417): 12[NET] sending packet: from 10.0.2.1537122 to 98.126.129.2434500 (76 bytes)
12-29 09:03:52.517: I/charon(1417): 13[NET] received packet: from 98.126.129.2434500 to 10.0.2.1537122 (108 bytes)
12-29 09:03:52.517: I/charon(1417): 13[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
12-29 09:03:52.517: I/charon(1417): 13[IKE] server requested EAP_MSCHAPV2 authentication (id 0x01)
12-29 09:03:52.527: I/charon(1417): 13[ENC] generating IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
12-29 09:03:52.527: I/charon(1417): 13[NET] sending packet: from 10.0.2.1537122 to 98.126.129.2434500 (140 bytes)
12-29 09:03:52.837: I/charon(1417): 14[NET] received packet: from 98.126.129.2434500 to 10.0.2.1537122 (124 bytes)
12-29 09:03:52.837: I/charon(1417): 14[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
12-29 09:03:52.837: I/charon(1417): 14[IKE] EAP-MS-CHAPv2 succeeded: '(null)'
12-29 09:03:52.847: I/charon(1417): 14[ENC] generating IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
12-29 09:03:52.857: I/charon(1417): 14[NET] sending packet: from 10.0.2.1537122 to 98.126.129.2434500 (76 bytes)
12-29 09:03:53.197: I/charon(1417): 15[NET] received packet: from 98.126.129.2434500 to 10.0.2.1537122 (76 bytes)
12-29 09:03:53.197: I/charon(1417): 15[ENC] parsed IKE_AUTH response 4 [ EAP/SUCC ]
12-29 09:03:53.197: I/charon(1417): 15[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established
12-29 09:03:53.197: I/charon(1417): 15[IKE] authentication of 'test' (myself) with EAP
12-29 09:03:53.197: I/charon(1417): 15[ENC] generating IKE_AUTH request 5 [ AUTH ]
12-29 09:03:53.197: I/charon(1417): 15[NET] sending packet: from 10.0.2.1537122 to 98.126.129.2434500 (92 bytes)
12-29 09:03:55.207: I/charon(1417): 12[IKE] retransmit 1 of request with message ID 5
12-29 09:03:55.207: I/charon(1417): 12[NET] sending packet: from 10.0.2.1537122 to 98.126.129.2434500 (92 bytes)
12-29 09:03:55.507: I/charon(1417): 13[NET] received packet: from 98.126.129.2434500 to 10.0.2.1537122 (252 bytes)
12-29 09:03:55.517: I/charon(1417): 13[ENC] parsed IKE_AUTH response 5 [ AUTH CPRP SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
12-29 09:03:55.517: I/charon(1417): 13[IKE] authentication of 'C=CH, O=strongSwan, CN=98.126.129.243' with EAP successful
12-29 09:03:55.527: I/charon(1417): 13[IKE] IKE_SA android5 established between 10.0.2.15[test]...98.126.129.243[C=CH, O=strongSwan, CN=98.126.129.243]
12-29 09:03:55.527: I/charon(1417): 13[IKE] scheduling rekeying in 35756s
12-29 09:03:55.527: I/charon(1417): 13[IKE] maximum IKE_SA lifetime 36356s
12-29 09:03:55.577: I/charon(1417): 13[IKE] installing new virtual IP 10.12.0.5
12-29 09:03:55.587: I/charon(1417): 13[IKE] CHILD_SA android{5} established with SPIs ad792da2_i c1cd74c6_o and TS 10.12.0.5/32 === 0.0.0.0/0
12-29 09:03:55.587: I/charon(1417): 13[DMN] setting up TUN device for CHILD_SA android{5}
12-29 09:03:55.897: W/System.err(1417): java.lang.IllegalStateException: command '82 interface fwmark rule add tun0' failed with '400 82 Failed to add fwmark rule (No such device)'
12-29 09:03:55.907: W/System.err(1417): at android.os.Parcel.readException(Parcel.java:1469)
12-29 09:03:55.907: W/System.err(1417): at android.os.Parcel.readException(Parcel.java:1415)
12-29 09:03:55.937: W/System.err(1417): at android.net.IConnectivityManager$Stub$Proxy.establishVpn(IConnectivityManager.java:1555)
12-29 09:03:55.947: W/System.err(1417): at android.net.VpnService$Builder.establish(VpnService.java:471)
12-29 09:03:55.947: W/System.err(1417): at org.strongswan.android.logic.CharonVpnService$BuilderAdapter.establish(CharonVpnService.java:736)
12-29 09:03:55.977: W/System.err(1417): at dalvik.system.NativeStart.run(Native Method)
12-29 09:03:55.977: I/charon(1417): 13[LIB] builder: failed to build TUN device
12-29 09:03:56.007: I/charon(1417): 13[DMN] failed to setup TUN device
12-29 09:03:56.127: I/charon(1417): 13[IKE] peer supports MOBIKE
12-29 09:03:56.337: I/charon(1417): 00[IKE] deleting IKE_SA android5 between 10.0.2.15[test]...98.126.129.243[C=CH, O=strongSwan, CN=98.126.129.243]
12-29 09:03:56.337: I/charon(1417): 00[IKE] sending DELETE for IKE_SA android5
12-29 09:03:56.337: I/charon(1417): 00[ENC] generating INFORMATIONAL request 6 [ D ]
12-29 09:03:56.367: I/charon(1417): 00[NET] sending packet: from 10.0.2.1537122 to 98.126.129.2434500 (76 bytes)
12-29 09:03:56.507: I/CharonVpnService(1417): charon stopped


Related issues

Is duplicate of Issue #462: strongswan android app can not use on android 4.4 OS Feedback06.12.2013

History

#1 Updated by Tobias Brunner over 7 years ago

  • Category set to android
  • Status changed from New to Rejected
  • Assignee set to Tobias Brunner
  • Priority changed from High to Normal
  • Resolution set to Duplicate

Also available in: Atom PDF