Hello
I’m trying to set up some android devices with always-on IPSec VPNs, using IPSec with x-auth/psk. I can connect fine with the devices normally, but when i turn them to ‘always on’, I get this error in the logs:
oct/08 20:12:17 ipsec,debug ipsec =>: rejected authmethod: DB(prop#1:trns#1):Peer(prop#1:trns#1) = XAuth pskey server:GSS-API on Kerberos 5
oct/08 20:12:17 ipsec,debug ipsec =>: no suitable proposal found.
oct/08 20:12:17 ipsec,error failed to get valid proposal.
oct/08 20:12:17 ipsec,error ipsec =>: failed to get valid proposal.
oct/08 20:12:17 ipsec,error failed to pre-process ph1 packet (side: 1, status 1).
oct/08 20:12:17 ipsec,error ipsec =>: failed to pre-process ph1 packet (side: 1, status 1).
oct/08 20:12:17 ipsec,error phase1 negotiation failed.
oct/08 20:12:17 ipsec,error ipsec =>: phase1 negotiation failed.
Here’s the peer config:
add auth-method=pre-shared-key-xauth enc-algorithm=aes-256 generate-policy=port-strict hash-algorithm=sha1 mode-config=xauth_mobile nat-traversal=no passive=yes policy-group=xauth_mobile
And the proposal:
add enc-algorithms=aes-256-cbc lifetime=8h name=xauth_mobile pfs-group=none
Also tried using certificates and hybrid RSA/PSK, same result. Is there any hope of getting this working? Anyone done it successfully?