Wow, thanks for this... For some reason I always thought that anything VPN related would require a rooted Android phone to mess with interfaces and routing, but clearly it doesn't. It took about 10 minutes to read https://www.openbsd.org/faq/faq17.html and configure a successful IKEv2 connection from strongSwan on the phone to the router.
One more thing, how do I know what IP address my client has gotten? `ipsecctl(8) -vsa` doesn't show that, and iked(8) output in /var/log/daemon doesn't either. Right now I'm pinging my router from my phone and tcpdump-ing the enc0 interface for icmp packets :) Dani ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, 1 July 2019 19:34, Stuart Henderson <s...@spacehopper.org> wrote: > On 2019-06-30, Lévai Dániel l...@ecentrum.hu wrote: > > > I know (saw) this has come up numerous times, and someone has been > > successful, others weren't. I thought I'd try this out myself, and not > > surprisingly it wasn't successful :) > > I've been using these howtos [1] -- I know these can be outdated and/or > > simply wrong, I just wanted to get the general idea on how to tackle this. > > I've made it through a couple of hurdles but now I'm stuck and thought I'd > > ask some questions here. > > L2TP+IPsec can be made to work, but to be perfectly honest, unless you > have a special reason (e.g. need to run this on a box which is also > doing other tunnels which have to be IKEv1), then I would switch to > IKEv2/iked and strongswan on Android (or the built-in client on Windows > or iOS), it is fast to connect and generally much more pleasant to use... > > (I still use IKEv1/isakmpd for lan-to-lan tunnels but now try to avoid > it for standard "roaming client" type connections).
publickey - leva@ecentrum.hu - 0x66E1F716.asc
Description: application/pgp-keys
