Hi all!
First i get one question out of the way, i want to use ipsec because openvpn chews up the battery pretty fast. Now then this is the output of logcat | grep racoon on the phone (android 11, and dont even ask, idk why they give it this name):
05-08 19:49:36.743 0 0 I init : starting service 'racoon'... 05-08 19:49:36.744 0 0 I init : Created socket '/dev/socket/racoon', mode 600, user 1000, group 1000 05-08 19:49:36.747 0 0 I init : Control message: Processed ctl.start for 'racoon' from pid: 800 (system_server) 05-08 19:49:42.872 18166 18166 D racoon : Waiting for control socket 05-08 19:49:43.036 18166 18166 D racoon : Received 9 arguments 05-08 19:49:43.036 18166 18166 I racoon : ipsec-tools 0.7.3 (http://ipsec-tools.sf.net) 05-08 19:49:43.039 18166 18166 I racoon : <client_ip>[500] used as isakmp port (fd=6) 05-08 19:49:43.039 18166 18166 I racoon : <client_ip>[500] used for NAT-T 05-08 19:49:43.040 18166 18166 I racoon : <client_ip>[4500] used as isakmp port (fd=7) 05-08 19:49:43.040 18166 18166 I racoon : <client_ip>[4500] used for NAT-T 05-08 19:49:43.041 18166 18166 I racoon : initiate new phase 1 negotiation: <client_ip>[500]<=><server_ip>[500] 05-08 19:49:43.041 18166 18166 I racoon : begin Identity Protection mode. 05-08 19:49:43.421 18166 18166 I racoon : received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt 05-08 19:49:43.422 18166 18166 I racoon : received Vendor ID: DPD 05-08 19:49:43.422 18166 18166 I racoon : received broken Microsoft ID: FRAGMENTATION 05-08 19:49:43.422 18166 18166 I racoon : received Vendor ID: RFC 3947 05-08 19:49:43.422 18166 18166 I racoon : Selected NAT-T version: RFC 3947 05-08 19:49:43.446 18166 18166 I racoon : Hashing <server_ip>[500] with algo #5 05-08 19:49:43.447 18166 18166 I racoon : Hashing <client_ip>[500] with algo #5 05-08 19:49:43.447 18166 18166 I racoon : Adding remote and local NAT-D payloads. 05-08 19:49:43.501 18166 18166 I racoon : Hashing <client_ip>[500] with algo #5 05-08 19:49:43.501 18166 18166 I racoon : NAT-D payload #0 doesn't match 05-08 19:49:43.501 18166 18166 I racoon : Hashing <server_ip>[500] with algo #5 05-08 19:49:43.501 18166 18166 I racoon : NAT-D payload #1 verified 05-08 19:49:43.503 18166 18166 I racoon : NAT detected: ME 05-08 19:49:43.503 18166 18166 I racoon : KA list add: <client_ip>[4500]-><server_ip>[4500] 05-08 19:49:43.554 18166 18166 I racoon : ISAKMP-SA established <client_ip>[4500]-<server_ip>[4500] spi:43dc774af9e7fca0:4e57d2ce11b5cc54 05-08 19:49:43.834 18166 18166 W racoon : Ignored attribute UNITY_SAVE_PASSWD 05-08 19:49:43.850 371 371 W auditd : type=1415 audit(0.0:624): op=SPD-delete auid=4294967295 ses=4294967295 subj=u:r:racoon:s0 res=1 src=0.0.0.0 src_prefixlen=0 dst=10.125.209.1
Router log (custom pfsense box, 2.5.1:
May 8 19:49:43 fvs336g charon[45696]: 13[NET] <11> received packet: from <client_ext_ip>[6516] to <server_ip>[500] (756 bytes) May 8 19:49:43 fvs336g charon[45696]: 13[ENC] <11> parsed ID_PROT request 0 [ SA V V V V V V V V ] May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> received NAT-T (RFC 3947) vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> received draft-ietf-ipsec-nat-t-ike-02 vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> received draft-ietf-ipsec-nat-t-ike-00 vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> received XAuth vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> received Cisco Unity vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> received FRAGMENTATION vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> received DPD vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> <client_ext_ip> is initiating a Main Mode IKE_SA May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> IKE_SA (unnamed)[11] state change: CREATED => CONNECTING May 8 19:49:43 fvs336g charon[45696]: 13[CFG] <11> selected proposal: IKE:AES_CBC_128/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024 May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> sending XAuth vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> sending DPD vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> sending FRAGMENTATION vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> sending NAT-T (RFC 3947) vendor ID May 8 19:49:43 fvs336g charon[45696]: 13[ENC] <11> generating ID_PROT response 0 [ SA V V V V ] May 8 19:49:43 fvs336g charon[45696]: 13[NET] <11> sending packet: from <server_ip>[500] to <client_ext_ip>[6516] (160 bytes) May 8 19:49:43 fvs336g charon[45696]: 13[NET] <11> received packet: from <client_ext_ip>[6516] to <server_ip>[500] (284 bytes) May 8 19:49:43 fvs336g charon[45696]: 13[ENC] <11> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <11> remote host is behind NAT May 8 19:49:43 fvs336g charon[45696]: 13[ENC] <11> generating ID_PROT response 0 [ KE No NAT-D NAT-D ] May 8 19:49:43 fvs336g charon[45696]: 13[NET] <11> sending packet: from <server_ip>[500] to <client_ext_ip>[6516] (300 bytes) May 8 19:49:43 fvs336g charon[45696]: 13[NET] <11> received packet: from <client_ext_ip>[6420] to <server_ip>[4500] (124 bytes) May 8 19:49:43 fvs336g charon[45696]: 13[ENC] <11> parsed ID_PROT request 0 [ ID HASH ] May 8 19:49:43 fvs336g charon[45696]: 13[CFG] <11> looking for XAuthInitPSK peer configs matching <server_ip>...<client_ext_ip>[100.102.244.56] May 8 19:49:43 fvs336g charon[45696]: 13[CFG] <11> selected peer config "con-mobile" May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> queueing XAUTH task May 8 19:49:43 fvs336g charon[45696]: 13[ENC] <con-mobile|11> generating ID_PROT response 0 [ ID HASH ] May 8 19:49:43 fvs336g charon[45696]: 13[NET] <con-mobile|11> sending packet: from <server_ip>[4500] to <client_ext_ip>[6420] (108 bytes) May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> activating new tasks May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> activating XAUTH task May 8 19:49:43 fvs336g charon[45696]: 13[ENC] <con-mobile|11> generating TRANSACTION request 2276075918 [ HASH CPRQ(X_USER X_PWD) ] May 8 19:49:43 fvs336g charon[45696]: 13[NET] <con-mobile|11> sending packet: from <server_ip>[4500] to <client_ext_ip>[6420] (108 bytes) May 8 19:49:43 fvs336g charon[45696]: 13[NET] <con-mobile|11> received packet: from <client_ext_ip>[6420] to <server_ip>[4500] (140 bytes) May 8 19:49:43 fvs336g charon[45696]: 13[ENC] <con-mobile|11> parsed INFORMATIONAL_V1 request 2973757452 [ HASH N(INITIAL_CONTACT) ] May 8 19:49:43 fvs336g charon[45696]: 07[NET] <con-mobile|11> received packet: from <client_ext_ip>[6420] to <server_ip>[4500] (140 bytes) May 8 19:49:43 fvs336g charon[45696]: 07[ENC] <con-mobile|11> parsed TRANSACTION response 2276075918 [ HASH CPRP(X_USER X_PWD) ] May 8 19:49:43 fvs336g charon[29228]: user 'phone' authenticated May 8 19:49:43 fvs336g charon[45696]: 07[IKE] <con-mobile|11> XAuth-SCRIPT succeeded for user 'phone'. May 8 19:49:43 fvs336g charon[45696]: 07[IKE] <con-mobile|11> XAuth authentication of 'phone' successful May 8 19:49:43 fvs336g charon[45696]: 07[IKE] <con-mobile|11> reinitiating already active tasks May 8 19:49:43 fvs336g charon[45696]: 07[IKE] <con-mobile|11> XAUTH task May 8 19:49:43 fvs336g charon[45696]: 07[ENC] <con-mobile|11> generating TRANSACTION request 23630671 [ HASH CPS(X_STATUS) ] May 8 19:49:43 fvs336g charon[45696]: 07[NET] <con-mobile|11> sending packet: from <server_ip>[4500] to <client_ext_ip>[6420] (108 bytes) May 8 19:49:43 fvs336g charon[45696]: 07[NET] <con-mobile|11> received packet: from <client_ext_ip>[6420] to <server_ip>[4500] (124 bytes) May 8 19:49:43 fvs336g charon[45696]: 07[ENC] <con-mobile|11> parsed TRANSACTION response 23630671 [ HASH CPA(X_STATUS) ] May 8 19:49:43 fvs336g charon[45696]: 07[IKE] <con-mobile|11> IKE_SA con-mobile[11] established between <server_ip>[<server_ip>]...<client_ext_ip>[100.102.244.56] May 8 19:49:43 fvs336g charon[45696]: 07[IKE] <con-mobile|11> IKE_SA con-mobile[11] state change: CONNECTING => ESTABLISHED May 8 19:49:43 fvs336g charon[45696]: 07[IKE] <con-mobile|11> scheduling rekeying in 23331s May 8 19:49:43 fvs336g charon[45696]: 07[IKE] <con-mobile|11> maximum IKE_SA lifetime 26211s May 8 19:49:43 fvs336g charon[45696]: 07[IKE] <con-mobile|11> activating new tasks May 8 19:49:43 fvs336g charon[45696]: 07[IKE] <con-mobile|11> nothing to initiate May 8 19:49:43 fvs336g charon[45696]: 13[NET] <con-mobile|11> received packet: from <client_ext_ip>[6420] to <server_ip>[4500] (156 bytes) May 8 19:49:43 fvs336g charon[45696]: 13[ENC] <con-mobile|11> parsed TRANSACTION request 3119694497 [ HASH CPRQ(ADDR MASK DNS NBNS U_BANNER U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN VER) ] May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> processing INTERNAL_IP4_ADDRESS attribute May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> processing INTERNAL_IP4_NETMASK attribute May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> processing INTERNAL_IP4_DNS attribute May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> processing INTERNAL_IP4_NBNS attribute May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> processing UNITY_BANNER attribute May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> processing UNITY_DEF_DOMAIN attribute May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> processing UNITY_SPLITDNS_NAME attribute May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> processing UNITY_SPLIT_INCLUDE attribute May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> processing UNITY_LOCAL_LAN attribute May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> processing APPLICATION_VERSION attribute May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> peer requested virtual IP %any May 8 19:49:43 fvs336g charon[45696]: 13[CFG] <con-mobile|11> reassigning offline lease to 'phone' May 8 19:49:43 fvs336g charon[45696]: 13[IKE] <con-mobile|11> assigning virtual IP 10.125.209.1 to peer 'phone' May 8 19:49:43 fvs336g charon[45696]: 13[ENC] <con-mobile|11> generating TRANSACTION response 3119694497 [ HASH CPRP(ADDR DNS U_SAVEPWD) ] May 8 19:49:43 fvs336g charon[45696]: 13[NET] <con-mobile|11> sending packet: from <server_ip>[4500] to <client_ext_ip>[6420] (124 bytes) May 8 19:49:53 fvs336g charon[45696]: 10[IKE] <con-mobile|11> sending DPD request May 8 19:49:53 fvs336g charon[45696]: 10[IKE] <con-mobile|11> queueing ISAKMP_DPD task May 8 19:49:53 fvs336g charon[45696]: 10[IKE] <con-mobile|11> activating new tasks May 8 19:49:53 fvs336g charon[45696]: 10[IKE] <con-mobile|11> activating ISAKMP_DPD task May 8 19:49:53 fvs336g charon[45696]: 10[ENC] <con-mobile|11> generating INFORMATIONAL_V1 request 3537234717 [ HASH N(DPD) ] May 8 19:49:53 fvs336g charon[45696]: 10[NET] <con-mobile|11> sending packet: from <server_ip>[4500] to <client_ext_ip>[6420] (124 bytes) May 8 19:49:53 fvs336g charon[45696]: 10[IKE] <con-mobile|11> activating new tasks May 8 19:49:53 fvs336g charon[45696]: 10[IKE] <con-mobile|11> nothing to initiate May 8 19:49:53 fvs336g charon[45696]: 10[NET] <con-mobile|11> received packet: from <client_ext_ip>[6420] to <server_ip>[4500] (140 bytes) May 8 19:49:53 fvs336g charon[45696]: 10[ENC] <con-mobile|11> parsed INFORMATIONAL_V1 request 4237118571 [ HASH N(DPD_ACK) ] May 8 19:49:53 fvs336g charon[45696]: 10[IKE] <con-mobile|11> activating new tasks May 8 19:49:53 fvs336g charon[45696]: 10[IKE] <con-mobile|11> nothing to initiate May 8 19:50:03 fvs336g charon[45696]: 10[IKE] <con-mobile|11> sending DPD request May 8 19:50:03 fvs336g charon[45696]: 10[IKE] <con-mobile|11> queueing ISAKMP_DPD task May 8 19:50:03 fvs336g charon[45696]: 10[IKE] <con-mobile|11> activating new tasks May 8 19:50:03 fvs336g charon[45696]: 10[IKE] <con-mobile|11> activating ISAKMP_DPD task May 8 19:50:03 fvs336g charon[45696]: 10[ENC] <con-mobile|11> generating INFORMATIONAL_V1 request 4142009309 [ HASH N(DPD) ] May 8 19:50:03 fvs336g charon[45696]: 10[NET] <con-mobile|11> sending packet: from <server_ip>[4500] to <client_ext_ip>[6420] (124 bytes) May 8 19:50:03 fvs336g charon[45696]: 10[IKE] <con-mobile|11> activating new tasks May 8 19:50:03 fvs336g charon[45696]: 10[IKE] <con-mobile|11> nothing to initiate
The built in client says connected, the tun0 device has ip, but cant ping anything. Im trying to solve this since yesterday and tried several solutions i found on google but nothing fixed it.
Im pretty much open to any ideas.
Thanks in advance!