Hello, I don't mean to bring up an old thread, but I was wondering if anyone else was experiencing issues with OpenBSD 5.8 and Android 6.0.1 (preferably the version on the Nexus line of devices) connecting to ipsec/l2tp.
I had this working late last year some time and hadn't used it in a few months. When I went to use it again a few days ago it didn't work at all. After rebooting my phone and even trying it on my tablet that coincidentally runs the exact same version of stock Android 6.0.1, it too didn't work there. I have confirmed some interesting behavior. First if I tweak the ipsec.conf stanza to something like: > ike passive esp transport \ > proto udp from X.X.X.X to any port 1701 \ > main auth "hmac-sha2-256" enc "aes-256" group "modp1024" \ > quick auth "hmac-sha2-s256" enc "aes-256" group "modp1024" \ > psk "redacted" It creates an IPSEC SA and flow as shown by ipsecctl -s all, but npppd never sees a connection attempt and tcpdumping enc0 shows no traffic and ultimately the connection fails. If I modify it to hmac-md5, aes, modp2048 I can get my Chromebook with latest updates to connect successfully. If I modify it to hmac-sha2-256, aes-256, modp2048 I can get an iPhone with iOS 9.3 to connect successfully. If I modify it to hmac-sha, aes, modp2048 I can get a Windows 10 box to connect successfully. If I restore it to hmac-sha1, aes, modp1024 I can get an older Android tablet (one of my kid's) to connect successfully. What else can I do to troubleshoot this? Because I signed up to a free 1 day trial of some Internet based VPN provider and successfully was able to connect to their IPSEC/L2TP VPN using my Android phone so I know it works. It must just be a recent change in Android (or during the OpenBSD 5.7->5.8) update that is causing this incompatibility that makes it almost work. Any help would be greatly appreciated. Sly
