Help needed with IPSec (OpenSwan).

[Heretic121]

I'm attempting to set up IPSec, on a VPS I bought, using racoon and certs. However, it seems to get stuck just before phase 2 negotiation like so:

 

 

2014-08-29 14:26:31: INFO: Sending Xauth request

2014-08-29 14:26:31: INFO: ISAKMP-SA established x.x.x.x[4500]-y.y.y.y[4500] spi:5d3b1f790fa4e134:36dd3536b05377e4

2014-08-29 14:26:34: NOTIFY: the packet is retransmitted by y.y.y.y[4500] (1).

2014-08-29 14:26:37: NOTIFY: the packet is retransmitted by y.y.y.y[4500] (1).

2014-08-29 14:26:40: NOTIFY: the packet is retransmitted by y.y.y.y[4500] (1).

2014-08-29 14:26:43: NOTIFY: the packet is retransmitted by y.y.y.y[4500] (1).

2014-08-29 14:26:46: NOTIFY: the packet is retransmitted by y.y.y.y[4500] (1).

 

x.x.x.x == Server public IP

y.y.y.y == Client public IP

 

I've scoured Google trying to find something that's even remotely relevant to my problem but nothing seems to work, or it's about OSX/Mac/pfSense/Openswan.

The client is an Android 4.2.2 so no logs to view on that side, unless someone has some wizardry for getting logs from the phone.

 

Hadafuq do I make it thingy the thingamajig?

[Heretic121]

Bumpity bump

[GI-JOE]

To answer your question on Whatsapp: 

 

 

However...might try this for viewing them logs on the Android? https://play.google.com/store/apps/details?id=yuku.logviewer&hl=en other than that I got nothin.

[Pepsi]

You can access your files and logs plugging your phone into your computer.... So you maybe able to find all logs through it that way because it could be a simple firewall or something on your phone that's making it hard to access or complete

[Heretic121]

Welp, since Jelly Bean, apps can only view logs about themselves unless they're system apps, but thanks anyway lol

 

Pepsi, nah I'd need logcat to see the logs.

 

I've connected it to my desktop and used adb to view the logs in real time but they never gave any useful information from what I can remember

Edited September 14, 2014 by Heretic121

[Pepsi]

Hmm that really sucks that's why I do all my important stuff off my computer lol

[GI-JOE]

 

Note: This app doesn't work any more on Jelly Bean devices, because since Jelly Bean, an app can only collect log messages originating from itself. If you can move this app into a System app (for example using Titanium Backup) then this app will be able to view all log entries again.

[daredevil]

What u are trying to do actually? 

[Heretic121]

DD, setting up an IPSec implementation on a VPS. Using IPSec because it's "native" in Android whereas OpenVPN isn't. Looking at a client => server configuration, instead of server/router <=> server/router.

Avoiding PPTP for obvious reasons, so the next logical step is IPSec

[daredevil]

Have u tried passing android data through proxy and then monitor traffic on it and monitor traffic on VPS through tcpdump or wireshark? and see where the issue? 

 

If i understand correctly you are not able to set up VPN access correctly? Is that correct? I am still confused a bit though.

[Heretic121]

Basically the idea is this:

Internet <==> VPN server <==> Android

The connection between Android and the VPN server being secured by an IPSec implementation.

After doing a metric crapton of research on Racoon, it would appear there's some sort of bug between the two, or with Racoon itself, and that I would be better going with something slightly more well-known.

 

Seeing as Racoon appeared to be the issue all along, I'm giving it another go but with a different application. This time I'm giving it a go with something called OpenSwan. However, the configuration for openswan is more confusing, to me, than trying to read Polish... well, maybe not that confusing but it's still pretty bloody confusing.

 

With all that said, thanks for the help with my connection woes. I'll update this topic when I either have a working connection or another question

 

EDIT: Forgot to ask... does anyone know which is the 'left' connection, and which is the 'right'? I'm assuming 'left' is local, and 'right' external, but no one seems to have mentioned it o.O

Edited September 23, 2014 by Heretic121