android手机无法连接

[includewins0ck2]

win7电脑连接正常,但android系统手机(android6.0的360 n4s,android 7.0的坚果pro2,android8.0 的荣耀v9)均无法连接,按教程修改conf参数也不行.

[hwdsl2]

@includewins0ck2 Hello! Can you check your Libreswan and xl2tpd logs for errors: “grep pluto /var/log/auth.log” “grep xl2tpd /var/log/syslog”

[jsheradin]

I'm using the latest docker image as of this post and am having a similar issue. I can connect from a Mac computer successfully but I am unable to connect from an Android 7.1.2 phone. The server is Fedora 27 4.16.7-100.fc26.x86_64.

It may be worth noting that after updating image I had to increase the length of my PSK in order to connect with anything. Libreswan logs showed that the key was too short despite it working with the previous versions of the docker image and kernel 4.14.something.

I have also tried changing sha2-truncbug=no in the container's /etc/ipsec.conf to no effect.

Main docker logs output nothing when trying to connect.

libreswan log outputs the following when trying to connect (IPs removed):

May 23 16:46:46 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: responding to Main Mode from unknown peer carrier.ip.add.ress on port 38084
May 23 16:46:46 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: Oakley Transform [AES_CBC (256), HMAC_SHA2_384, MODP1024] refused
May 23 16:46:46 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: STATE_MAIN_R1: sent MR1, expecting MI2
May 23 16:46:46 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: STATE_MAIN_R2: sent MR2, expecting MI3
May 23 16:46:46 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: Peer ID is ID_IPV4_ADDR: 'different.carrier.ip.address'
May 23 16:46:46 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_256 integ=sha2_256 group=MODP1024}
May 23 16:46:46 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000, length=28
May 23 16:46:46 fc3a879d6c89 pluto[2495]: | ISAKMP Notification Payload
May 23 16:46:46 fc3a879d6c89 pluto[2495]: | 00 00 00 1c 00 00 00 01 01 10 60 02
May 23 16:46:46 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: received and ignored informational message
May 23 16:46:47 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: the peer proposed: server.ip.add.ress/32:17/1701 -> different.carrier.ip.address/32:17/0
May 23 16:46:47 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #15: ESP IPsec Transform refused: AES_CBC_256-HMAC_SHA2_512_256
May 23 16:46:47 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #15: no acceptable Proposal in IPsec SA
May 23 16:46:47 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #15: sending encrypted notification NO_PROPOSAL_CHOSEN to carrier.ip.add.ress:38088
May 23 16:46:47 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #15: deleting state (STATE_QUICK_R0)
May 23 16:46:50 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: the peer proposed: server.ip.add.ress/32:17/1701 -> different.carrier.ip.address/32:17/0
May 23 16:46:50 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #16: ESP IPsec Transform refused: AES_CBC_256-HMAC_SHA2_512_256
May 23 16:46:50 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #16: no acceptable Proposal in IPsec SA
May 23 16:46:50 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #16: sending encrypted notification NO_PROPOSAL_CHOSEN to carrier.ip.add.ress:38088
May 23 16:46:50 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #16: deleting state (STATE_QUICK_R0)
May 23 16:46:53 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: the peer proposed: server.ip.add.ress/32:17/1701 -> different.carrier.ip.address/32:17/0
May 23 16:46:53 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #17: ESP IPsec Transform refused: AES_CBC_256-HMAC_SHA2_512_256
May 23 16:46:53 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #17: no acceptable Proposal in IPsec SA
May 23 16:46:53 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #17: sending encrypted notification NO_PROPOSAL_CHOSEN to carrier.ip.add.ress:38088
May 23 16:46:53 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #17: deleting state (STATE_QUICK_R0)
May 23 16:46:56 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: the peer proposed: server.ip.add.ress/32:17/1701 -> different.carrier.ip.address/32:17/0
May 23 16:46:56 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #18: ESP IPsec Transform refused: AES_CBC_256-HMAC_SHA2_512_256
May 23 16:46:56 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #18: no acceptable Proposal in IPsec SA
May 23 16:46:56 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #18: sending encrypted notification NO_PROPOSAL_CHOSEN to carrier.ip.add.ress:38088
May 23 16:46:56 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #18: deleting state (STATE_QUICK_R0)
May 23 16:46:59 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: the peer proposed: server.ip.add.ress/32:17/1701 -> different.carrier.ip.address/32:17/0
May 23 16:46:59 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #19: ESP IPsec Transform refused: AES_CBC_256-HMAC_SHA2_512_256
May 23 16:46:59 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #19: no acceptable Proposal in IPsec SA
May 23 16:46:59 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #19: sending encrypted notification NO_PROPOSAL_CHOSEN to carrier.ip.add.ress:38088
May 23 16:46:59 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #19: deleting state (STATE_QUICK_R0)
May 23 16:47:02 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: the peer proposed: server.ip.add.ress/32:17/1701 -> different.carrier.ip.address/32:17/0
May 23 16:47:02 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #20: ESP IPsec Transform refused: AES_CBC_256-HMAC_SHA2_512_256
May 23 16:47:02 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #20: no acceptable Proposal in IPsec SA
May 23 16:47:02 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #20: sending encrypted notification NO_PROPOSAL_CHOSEN to carrier.ip.add.ress:38088
May 23 16:47:02 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #20: deleting state (STATE_QUICK_R0)
May 23 16:47:05 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: the peer proposed: server.ip.add.ress/32:17/1701 -> different.carrier.ip.address/32:17/0
May 23 16:47:05 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #21: ESP IPsec Transform refused: AES_CBC_256-HMAC_SHA2_512_256
May 23 16:47:05 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #21: no acceptable Proposal in IPsec SA
May 23 16:47:05 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #21: sending encrypted notification NO_PROPOSAL_CHOSEN to carrier.ip.add.ress:38088
May 23 16:47:05 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #21: deleting state (STATE_QUICK_R0)
May 23 16:47:09 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: the peer proposed: server.ip.add.ress/32:17/1701 -> different.carrier.ip.address/32:17/0
May 23 16:47:09 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #22: ESP IPsec Transform refused: AES_CBC_256-HMAC_SHA2_512_256
May 23 16:47:09 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #22: no acceptable Proposal in IPsec SA
May 23 16:47:09 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #22: sending encrypted notification NO_PROPOSAL_CHOSEN to carrier.ip.add.ress:38088
May 23 16:47:09 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #22: deleting state (STATE_QUICK_R0)
May 23 16:47:11 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: the peer proposed: server.ip.add.ress/32:17/1701 -> different.carrier.ip.address/32:17/0
May 23 16:47:11 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #23: ESP IPsec Transform refused: AES_CBC_256-HMAC_SHA2_512_256
May 23 16:47:11 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #23: no acceptable Proposal in IPsec SA
May 23 16:47:11 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #23: sending encrypted notification NO_PROPOSAL_CHOSEN to carrier.ip.add.ress:38088
May 23 16:47:11 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #23: deleting state (STATE_QUICK_R0)
May 23 16:47:14 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #14: the peer proposed: server.ip.add.ress/32:17/1701 -> different.carrier.ip.address/32:17/0
May 23 16:47:14 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #24: ESP IPsec Transform refused: AES_CBC_256-HMAC_SHA2_512_256
May 23 16:47:14 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #24: no acceptable Proposal in IPsec SA
May 23 16:47:14 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #24: sending encrypted notification NO_PROPOSAL_CHOSEN to carrier.ip.add.ress:38088
May 23 16:47:14 fc3a879d6c89 pluto[2495]: "l2tp-psk"[2] carrier.ip.add.ress #24: deleting state (STATE_QUICK_R0)

/var/log/syslog has no lines containing xl2tpd.

[AlexisWIT]

Problem solved.
For Android 6.0+, in /etc/ipsec.conf simply comment
ike=3des-sha1,3des-sha2,aes-sha1,aes-sha1;modp1024,aes-sha2,aes-sha2;modp1024
and
phase2alg=3des-sha1,3des-sha2,aes-sha1,aes-sha2
and keep sha2-truncbug=yes
then everything will be fine.

[hwdsl2]

Fixed in 95bcadb and the latest Docker image.

[jsheradin]

Latest docker image confirmed working. Thanks!

[includewins0ck2]

最新版解决了,果然大牛.