Hi everyone,
i've been banging my heads against this issue for several days and i cannot establish connection with VPN server (Centos/Strongswan v5.1.2) from my Android phone using IPSec Xauth RSA (ikev1) connection type. I tried various tutorials but the problem remains the same. Have no problem connecting from iPhone (ikev1) and Android (ikev2).
I am getting "invalid HASH_V1 payload length, decryption failed?" error
ipsec.conf
Code:
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
conn android_IPSec_ikev1
keyexchange=ikev1
left=%defaultroute
leftsubnet=0.0.0.0/0
leftcert=serverCert.pem
leftfirewall=yes
right=%any
rightsourceip=10.255.0.0/24
rightdns=212.59.1.1
rightauth=pubkey
rightauth2=xauth
auto=add
ipsec.secret
Code:
: RSA serverKey.pem
kemeris : XAUTH "pass1"
error.log
Code:
Apr 8 11:31:32 s1 charon: 11[NET] received packet: from 10.0.0.11[500] to 78.60.3.52[500] (476 bytes)
Apr 8 11:31:32 s1 charon: 11[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Apr 8 11:31:32 s1 charon: 11[IKE] received NAT-T (RFC 3947) vendor ID
Apr 8 11:31:32 s1 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Apr 8 11:31:32 s1 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Apr 8 11:31:32 s1 charon: 11[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Apr 8 11:31:32 s1 charon: 11[IKE] received XAuth vendor ID
Apr 8 11:31:32 s1 charon: 11[IKE] received Cisco Unity vendor ID
Apr 8 11:31:32 s1 charon: 11[IKE] received FRAGMENTATION vendor ID
Apr 8 11:31:32 s1 charon: 11[IKE] received DPD vendor ID
Apr 8 11:31:32 s1 charon: 11[IKE] 10.0.0.11 is initiating a Main Mode IKE_SA
Apr 8 11:31:32 s1 charon: 11[ENC] generating ID_PROT response 0 [ SA V V V ]
Apr 8 11:31:32 s1 charon: 11[NET] sending packet: from 78.60.3.52[500] to 10.0.0.11[500] (136 bytes)
Apr 8 11:31:32 s1 charon: 10[NET] received packet: from 10.0.0.11[500] to 78.60.3.52[500] (228 bytes)
Apr 8 11:31:32 s1 charon: 10[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Apr 8 11:31:32 s1 charon: 10[IKE] sending cert request for "C=LT, S=Vilniaus m., L=Vilnius, O=Zeusman MB, CN=vpn.zeusman.lt"
Apr 8 11:31:32 s1 charon: 10[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]
Apr 8 11:31:32 s1 charon: 10[NET] sending packet: from 78.60.3.52[500] to 10.0.0.11[500] (350 bytes)
Apr 8 11:31:32 s1 charon: 12[NET] received packet: from 10.0.0.11[500] to 78.60.3.52[500] (1228 bytes)
Apr 8 11:31:32 s1 charon: 12[ENC] parsed ID_PROT request 0 [ ID CERT SIG ]
Apr 8 11:31:32 s1 charon: 12[IKE] received end entity cert "C=GB, O=Zeusman MB, CN=Tadas Blinda"
Apr 8 11:31:32 s1 charon: 12[CFG] looking for XAuthInitRSA peer configs matching 78.60.3.52...10.0.0.11[C=GB, O=Zeusman MB, CN=Tadas Blinda]
Apr 8 11:31:32 s1 charon: 12[CFG] selected peer config "ios_IPSec_ikev1"
Apr 8 11:31:32 s1 charon: 12[CFG] using trusted ca certificate "C=LT, S=Vilniaus m., L=Vilnius, O=Zeusman MB, CN=vpn.zeusman.lt"
Apr 8 11:31:32 s1 charon: 12[CFG] checking certificate status of "C=GB, O=Zeusman MB, CN=Tadas Blinda"
Apr 8 11:31:32 s1 charon: 12[CFG] certificate status is not available
Apr 8 11:31:32 s1 charon: 12[CFG] reached self-signed root ca with a path length of 0
Apr 8 11:31:32 s1 charon: 12[CFG] using trusted certificate "C=GB, O=Zeusman MB, CN=Tadas Blinda"
Apr 8 11:31:32 s1 charon: 12[IKE] authentication of 'C=GB, O=Zeusman MB, CN=Tadas Blinda' with RSA successful
Apr 8 11:31:32 s1 charon: 12[IKE] authentication of 'C=LT, S=Vilniaus m., L=Vilnius, O=Zeusman MB, CN=vpn.zeusman.lt' (myself) successful
Apr 8 11:31:32 s1 charon: 12[ENC] generating ID_PROT response 0 [ ID SIG ]
Apr 8 11:31:32 s1 charon: 12[NET] sending packet: from 78.60.3.52[500] to 10.0.0.11[500] (412 bytes)
Apr 8 11:31:32 s1 charon: 12[ENC] generating TRANSACTION request 3632658472 [ HASH CPRQ(X_USER X_PWD) ]
Apr 8 11:31:32 s1 charon: 12[NET] sending packet: from 78.60.3.52[500] to 10.0.0.11[500] (76 bytes)
Apr 8 11:31:32 s1 charon: 13[NET] received packet: from 10.0.0.11[500] to 78.60.3.52[500] (92 bytes)
Apr 8 11:31:32 s1 charon: 13[ENC] invalid HASH_V1 payload length, decryption failed?
Apr 8 11:31:32 s1 charon: 13[ENC] could not decrypt payloads
Apr 8 11:31:32 s1 charon: 13[IKE] message parsing failed
Apr 8 11:31:32 s1 charon: 13[IKE] ignore malformed INFORMATIONAL request
Apr 8 11:31:32 s1 charon: 13[IKE] INFORMATIONAL_V1 request with message ID 2246676801 processing failed
Apr 8 11:31:35 s1 charon: 15[NET] received packet: from 10.0.0.11[500] to 78.60.3.52[500] (1228 bytes)
Apr 8 11:31:35 s1 charon: 15[IKE] received retransmit of request with ID 0, retransmitting response
Apr 8 11:31:35 s1 charon: 15[NET] sending packet: from 78.60.3.52[500] to 10.0.0.11[500] (412 bytes)
Apr 8 11:31:35 s1 charon: 05[NET] received packet: from 10.0.0.11[500] to 78.60.3.52[500] (92 bytes)
Apr 8 11:31:35 s1 charon: 05[ENC] invalid HASH_V1 payload length, decryption failed?
Apr 8 11:31:35 s1 charon: 05[ENC] could not decrypt payloads
Apr 8 11:31:35 s1 charon: 05[IKE] message parsing failed
Apr 8 11:31:35 s1 charon: 05[IKE] ignore malformed INFORMATIONAL request