L2TP/IPSEC with Android phone
Posted: Wed Oct 17, 2018 7:53 am
Hi There,
Using an Android phone connecting to SoftEther running on a CentOS, and with L2TP/IPSec setup, always get failure on mobile phone, server log shows below messages, please help to know how to fix, thanks.
2018-10-17 03:45:21.527 IPsec Client 22 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:21.527 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x265106601B256489, Responder Cookie: 0xF4B5E60E1C713416, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:24.256 IPsec Client 22 (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The port number information of this client is updated.
2018-10-17 03:45:24.256 IPsec Client 22 (x.x.x.x:47756 -> xx.xxx.xx.xx:4500):
2018-10-17 03:45:24.256 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IKE SA is established between the server and the client.
2018-10-17 03:45:26.533 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The client initiates a QuickMode negotiation.
2018-10-17 03:45:26.533 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0x506A952E, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:26.533 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x39D1080, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:28.262 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The server initiates a QuickMode negotiation.
2018-10-17 03:45:28.262 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xB768D18F, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:28.262 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x0, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:30.263 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The server initiates a QuickMode negotiation.
2018-10-17 03:45:30.263 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xE49E4578, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:30.263 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x0, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:30.627 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The SPI which has been pending is now set. New SPI: 0x8F33F0D
2018-10-17 03:45:30.627 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is established between the server and the client.
2018-10-17 03:45:35.555 IPsec Client 22 (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The L2TP Server Module is started.
2018-10-17 03:45:36.535 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:36.535 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:38.531 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:38.531 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:43.442 IPsec Client 23 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:43.442 IPsec Client 23 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:45.634 IPsec Client 24 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:45.634 IPsec Client 24 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:52.100 IPsec Client 25 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:52.100 IPsec Client 25 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:53.738 IPsec Client 23 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:45:54.698 IPsec Client 26 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:54.698 IPsec Client 26 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:55.755 IPsec Client 24 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:45:57.716 IPsec Client 27 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:57.716 IPsec Client 27 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:00.720 IPsec Client 28 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:00.720 IPsec Client 28 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:02.329 IPsec Client 25 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:04.117 IPsec Client 29 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:04.117 IPsec Client 29 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:04.848 IPsec Client 26 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:06.904 IPsec Client 30 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:06.904 IPsec Client 30 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:07.883 IPsec Client 27 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:09.894 IPsec Client 31 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:09.894 IPsec Client 31 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:10.922 IPsec Client 28 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:14.277 IPsec Client 29 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:16.975 IPsec Client 30 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:20.001 IPsec Client 31 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
Using an Android phone connecting to SoftEther running on a CentOS, and with L2TP/IPSec setup, always get failure on mobile phone, server log shows below messages, please help to know how to fix, thanks.
2018-10-17 03:45:21.527 IPsec Client 22 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:21.527 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IKE SA (Main Mode) is created. Initiator Cookie: 0x265106601B256489, Responder Cookie: 0xF4B5E60E1C713416, DH Group: MODP 1024 (Group 2), Hash Algorithm: SHA-2-256, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:24.256 IPsec Client 22 (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The port number information of this client is updated.
2018-10-17 03:45:24.256 IPsec Client 22 (x.x.x.x:47756 -> xx.xxx.xx.xx:4500):
2018-10-17 03:45:24.256 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IKE SA is established between the server and the client.
2018-10-17 03:45:26.533 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The client initiates a QuickMode negotiation.
2018-10-17 03:45:26.533 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0x506A952E, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:26.533 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x39D1080, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:28.262 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The server initiates a QuickMode negotiation.
2018-10-17 03:45:28.262 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xB768D18F, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:28.262 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x0, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:30.263 IPsec IKE Session (IKE SA) 11 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The server initiates a QuickMode negotiation.
2018-10-17 03:45:30.263 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0xE49E4578, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:30.263 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x0, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 28800 seconds
2018-10-17 03:45:30.627 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The SPI which has been pending is now set. New SPI: 0x8F33F0D
2018-10-17 03:45:30.627 IPsec ESP Session (IPsec SA) 3 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is established between the server and the client.
2018-10-17 03:45:35.555 IPsec Client 22 (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): The L2TP Server Module is started.
2018-10-17 03:45:36.535 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:36.535 IPsec ESP Session (IPsec SA) 1 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:38.531 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:38.531 IPsec ESP Session (IPsec SA) 2 (Client: 22) (x.x.x.x:47756 -> xx.xxx.xx.xx:4500): This IPsec SA is deleted.
2018-10-17 03:45:43.442 IPsec Client 23 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:43.442 IPsec Client 23 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:45.634 IPsec Client 24 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:45.634 IPsec Client 24 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:52.100 IPsec Client 25 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:52.100 IPsec Client 25 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:53.738 IPsec Client 23 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:45:54.698 IPsec Client 26 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:54.698 IPsec Client 26 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:45:55.755 IPsec Client 24 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:45:57.716 IPsec Client 27 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:45:57.716 IPsec Client 27 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:00.720 IPsec Client 28 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:00.720 IPsec Client 28 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:02.329 IPsec Client 25 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:04.117 IPsec Client 29 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:04.117 IPsec Client 29 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:04.848 IPsec Client 26 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:06.904 IPsec Client 30 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:06.904 IPsec Client 30 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:07.883 IPsec Client 27 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:09.894 IPsec Client 31 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): A new IPsec client is created.
2018-10-17 03:46:09.894 IPsec Client 31 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): There are no acceptable transform proposals from the client for establishing an IKE SA.
2018-10-17 03:46:10.922 IPsec Client 28 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:14.277 IPsec Client 29 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:16.975 IPsec Client 30 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.
2018-10-17 03:46:20.001 IPsec Client 31 (x.x.x.x:18021 -> xx.xxx.xx.xx:500): This IPsec Client is deleted.