Hello everyone, I'm new to this list and l2tp/openbsd (but do have working UNIX/Linux knowledge). After searching the previous forum posts (and the internet) I have found a lot of information on l2tp ipsec.conf connection strings. However, I can't get android to connect. I keep getting IKE negotiation failed errors.
I've looked at sites such as: http://bluepilltech.blogspot.com/2017/02/openbsd-l2tp-over-ipsec-android-601-ios.html https://www.authbsd.com/blog/?p=20 http://daemonforums.org/showthread.php?t=10326 https://rzemieniecki.wordpress.com/2014/05/28/debugging-ipsec-on-openbsd-invalid_cookie/ https://man.openbsd.org/npppd.conf.5 https://blog.gordonturner.com/2016/12/10/openbsd-6-0-vpn-endpoint-for-ios-and-osx/ https://marc.info/?l=openbsd-misc&m=145922338026396&w=2 https://marc.info/?l=openbsd-misc&m=145614573528471&w=2 https://www.mail-archive.com/misc@openbsd.org/msg145747.html ... etc I can get IOS to connect, but I can't get android 7 to connect. I've read that android has bugs with the vpn client in 6.x and 7.x (not sure if it is fixed in 8 or not). However, what is confusing is it connections just fine To my windows l2tp server. Bug tracker: https://issuetracker.google.com/issues/37074640#c35 My goal: Setup openbsd to work with IOS/android/windows/whatever. My questions. 1) Can you have more than one ike line in ipsec.conf? from my presumption of looking at sites on the internet, you can, however, I am not sure. https://www.authbsd.com/blog/?p=20 makes it seem like you can, unless it is just two examples 2) Every time I read a site that says, "this configuration worked for me on android", it doesn't work for me. I presume it is my lack of understanding, though, I'm not ruling out the possible android bug. I appreciate any help. Here is my ipsec.conf (this allows IOS to connect) public_ip = "x.x.x.x" ike passive esp transport \ proto udp from $public_ip to any port 1701 \ main auth "hmac-sha1" enc "aes" group modp1024\ quick auth "hmac-sha1" enc "aes" \ psk "PSK-GOES-HERE" Here is my npppd.conf authentication LOCAL type local { users-file "/etc/npppd/npppd-users" } tunnel L2TP protocol l2tp { listen on 0.0.0.0 listen on :: } ipcp IPCP { pool-address 10.0.0.101-10.0.0.254 dns-servers x.x.x.x } # use pppx(4) interface. use an interface per a ppp session. interface pppx0 address 10.0.0.1 ipcp IPCP bind tunnel from L2TP authenticated by LOCAL to pppx0
