Issue #955: Can't connect to Watchguard hosted IPSEC VPN from Android app - strongSwan

Issue #955

Can't connect to Watchguard hosted IPSEC VPN from Android app

Added by tom chiverton over 10 years ago. Updated over 10 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

interoperability

Affected version:

dr|rc|master

Resolution:

No change required

Description

The Watchgaurd end logs
2015-05-14 09:56:19 iked (193.133.125.60<->82.132.220.211)Process IKE Packet: got NULL resp cookie in XchgType 34, only MAIN or AGGR mode is supported Debug
2015-05-14 09:56:21 iked (193.133.125.60<->82.132.220.211)Process IKE Packet: got NULL resp cookie in XchgType 34, only MAIN or AGGR mode is supported Debug
2015-05-14 09:56:23 iked (193.133.125.60<->82.132.220.211)Process IKE Packet: got NULL resp cookie in XchgType 34, only MAIN or AGGR mode is supported

and the Android 4.4 phone logs@
May 14 10:51:00 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1dr1, Linux 3.4.0-perf-g0109737, armv7l)
May 14 10:51:00 00[KNL] kernel-netlink plugin might require CAP_NET_ADMIN capability
May 14 10:51:00 00[LIB] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default kernel-netlink eap-identity eap-mschapv2 eap-md5 eap-gtc eap-tls
May 14 10:51:00 00[LIB] unable to load 9 plugin features (9 due to unmet dependencies)
May 14 10:51:00 00[JOB] spawning 16 worker threads
May 14 10:51:00 07[IKE] initiating IKE_SA android¹ to 193.133.125.60
May 14 10:51:00 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
May 14 10:51:00 07[NET] sending packet: from 10.144.63.128⁵⁹¹⁶⁹ to 193.133.125.60⁵⁰⁰ (996 bytes)
May 14 10:51:02 10[IKE] retransmit 1 of request with message ID 0
May 14 10:51:02 10[NET] sending packet: from 10.144.63.128⁵⁹¹⁶⁹ to 193.133.125.60⁵⁰⁰ (996 bytes)
May 14 10:51:05 11[IKE] retransmit 2 of request with message ID 0
May 14 10:51:05 11[NET] sending packet: from 10.144.63.128⁵⁹¹⁶⁹ to 193.133.125.60⁵⁰⁰ (996 bytes)
May 14 10:51:09 12[IKE] retransmit 3 of request with message ID 0
May 14 10:51:09 12[NET] sending packet: from 10.144.63.128⁵⁹¹⁶⁹ to 193.133.125.60⁵⁰⁰ (996 bytes)
May 14 10:51:15 13[IKE] giving up after 3 retransmits
May 14 10:51:15 13[IKE] peer not responding, trying again (2/0)
May 14 10:51:15 13[IKE] initiating IKE_SA android¹ to 193.133.125.60
May 14 10:51:15 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
May 14 10:51:15 13[NET] sending packet: from 10.144.63.128⁵⁹¹⁶⁹ to 193.133.125.60⁵⁰⁰ (996 bytes)
May 14 10:51:15 15[IKE] destroying IKE_SA in state CONNECTING without notification

History

#1 Updated by Noel Kuntze over 10 years ago

Hello Tom,

The strongSwan Android App only supports IKEv2.
The logs from the Watchguard firewall indicate that it only supports IKEv1.

Regards,
Noel

#2 Updated by tom chiverton over 10 years ago

Ahh, my bad. I though the Watchguard did.

#3 Updated by Tobias Brunner over 10 years ago

Category changed from android to interoperability
Status changed from New to Closed
Resolution set to No change required

Project

General

Profile