Hi, everyone: I am a new openBSD user and I found it's extramly difficult to setup a L2TP/IPSec(IKEv1) Road Warrior server to getting work with Android devices.
I followed the tutorial here Configuring L2TP Over IPSec on OpenBSD for Mac OS X Clients [1], deployed on fresh openBSD 5.8 and found out that iOS9.x ipad works like a charm. But the android devices I had won't work by all means. I found out that Android 5.x L2TP/IPSec VPN client works in: hash algorithm: hmac-sha2-256 encrypt method: aes_cbc life time: 28800 The ipsec.conf with: `` ike passive esp tunnel \ from "IP_ADDRESS" to any \ main auth "hmac-sha2-256" enc "aes" group "modp1024" lifetime 2880\ quick group "modp1024" \ psk "SECRET_KEY" '' didn't make a chage.(after `ipsecctl -f /etc/ipsec.conf`) The /var/log/messages didn't report anything as the VPN connection failed on Android device. When debugging at the foreground with `isakmpd -v -K -d` It still reported that: `` 002212.657833 Default isakmpd: starting [priv] 002219.561051 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561236 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561386 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561546 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561664 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561746 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561832 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 002219.561916 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 002219.562003 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 002219.562085 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got DES_CBC, expected 3DES_CBC 002219.562189 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got DES_CBC, expected 3DES_CBC 002219.562308 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got DES_CBC, expected 3DES_CBC 002219.562385 Default message_negotiate_sa: no compatible proposal found 002219.562459 Default dropped message from 139.227.237.86 port 500 due to notification type NO_PROPOSAL_CHOSEN ^C002221.748476 Default isakmpd: shutting down... 002221.748562 Default isakmpd: exit "" I am trying to use aes and encryption algorithm but it seems that it keep using 3des, what can I do? Please help. I have spent all my weekends on it, still no idea. Other idea on VPN type with setup (except OpenVPN which needs additional software implement) are welcome. Jiahao Dai