L2TP/IPSEC with Android phone

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
syhsyh
Posts: 4
Joined: Sun Oct 14, 2018 1:45 pm

L2TP/IPSEC with Android phone

Post by syhsyh » Wed Oct 17, 2018 7:53 am

Hi There,

Using an Android phone connecting to SoftEther running on a CentOS, and with L2TP/IPSec setup, always get failure on mobile phone, server log shows below messages, please help to know how to fix, thanks.


2018-10-17 03:45:21.527 IPsec Client 22 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:21.527 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x265106601B256489, Responder Cookie: 0xF4B5E60E1C713416, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:24.256 IPsec Client 22 (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The port number information of this client is updated.
2018-10-17 03:45:24.256 IPsec Client 22 (x.x.x.x:47756 -> xx.xxx.xx.xx:4500):
2018-10-17 03:45:24.256 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IKE SA is established between the server and the client.
2018-10-17 03:45:26.533 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The client initiates a QuickMode negotiation.
2018-10-17 03:45:26.533 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0x506A952E, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:26.533 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x39D1080, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:28.262 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The server initiates a QuickMode negotiation.
2018-10-17 03:45:28.262 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xB768D18F, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:28.262 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x0, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:30.263 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The server initiates a QuickMode negotiation.
2018-10-17 03:45:30.263 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xE49E4578, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:30.263 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x0, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:30.627 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The SPI which has been pending is now set. New SPI: 0x8F33F0D
2018-10-17 03:45:30.627 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is established between the server and the client.
2018-10-17 03:45:35.555 IPsec Client 22 (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The L2TP Server Module is started.
2018-10-17 03:45:36.535 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:36.535 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:38.531 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:38.531 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:43.442 IPsec Client 23 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:43.442 IPsec Client 23 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:45.634 IPsec Client 24 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:45.634 IPsec Client 24 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:52.100 IPsec Client 25 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:52.100 IPsec Client 25 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:53.738 IPsec Client 23 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:45:54.698 IPsec Client 26 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:54.698 IPsec Client 26 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:55.755 IPsec Client 24 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:45:57.716 IPsec Client 27 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:57.716 IPsec Client 27 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:00.720 IPsec Client 28 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:00.720 IPsec Client 28 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:02.329 IPsec Client 25 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:04.117 IPsec Client 29 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:04.117 IPsec Client 29 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:04.848 IPsec Client 26 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:06.904 IPsec Client 30 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:06.904 IPsec Client 30 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:07.883 IPsec Client 27 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:09.894 IPsec Client 31 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:09.894 IPsec Client 31 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:10.922 IPsec Client 28 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:14.277 IPsec Client 29 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:16.975 IPsec Client 30 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:20.001 IPsec Client 31 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.

syhsyh
Posts: 4
Joined: Sun Oct 14, 2018 1:45 pm

Re: L2TP/IPSEC with Android phone

Post by syhsyh » Fri Oct 19, 2018 12:58 am

Please, anyone know the solution?

slim8020
Posts: 5
Joined: Thu Aug 23, 2018 12:02 pm

Re: L2TP/IPSEC with Android phone

Post by slim8020 » Sun Oct 21, 2018 12:45 pm

Are using build-in android VPN client?
Third-party android VPN clients e.g. OpenVPN can't handle L2TP.

syhsyh
Posts: 4
Joined: Sun Oct 14, 2018 1:45 pm

Re: L2TP/IPSEC with Android phone

Post by syhsyh » Mon Oct 22, 2018 2:45 am

Yes, using Android built-in L2TP function, not third party software is using for the connections.

cmd wh0ami
Posts: 125
Joined: Sun Jul 16, 2017 6:58 pm

Re: L2TP/IPSEC with Android phone

Post by cmd wh0ami » Mon Oct 22, 2018 3:32 pm

Are you using Username / Password Auth on the server and client? If you did it would eliminate a cert issue.

Another thing could be you didn't open up UDP ports 500 and 4500 on the router/firewall the VPN server is behind.
VPN Discord invite: https://discord.gg/QByKXA9

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: L2TP/IPSEC with Android phone

Post by thisjun » Thu Nov 01, 2018 7:54 am

What version of Android do you use?

Post Reply