Andorid 6连接Libreswan L2TP VPN

手机升级到Android 6以后,以前正常使用的L2TP VPN却无法连接了。服务器端日志:

"vpnpsk"[119] 114.249.245.192 #240: no acceptable Proposal in IPsec SA
"vpnpsk"[119] 114.249.245.192 #240: sending encrypted notification NO_PROPOSAL_CHOSEN to 114.249.245.192:4500

看起来应该是在加密环节出现了问题。在Libreswan的bugzilla上找到了一段说明:

Android 6.0 appears to be stubborn and only wants to use
AES_256-HMAC_SHA2_256 (needing sha2-truncbug=yes)

phase2alg=aes_gcm-null,aes256-sha1,aes256-sha2_256

and other variations including aes_gcm-null have no positive effect.

The Android 5.1.1 version I am using (Cyanogenmod 12.1) happily runs with SHA1 both with sha2-truncbug=yes or no, so the configuration for now with these two Android versions are

phase2alg=aes_gcm-null,aes256-sha1,aes256-sha2_256
sha2-truncbug=yes

尝试对服务器上的/etc/ipsec.conf文件进行修改:

#修改以下两行配置,在行尾加入“aes256-sha2_256”,以此增加对sha2的支持ike=3des-sha1,aes-sha1,aes256-sha1,aes256-sha2_256
phase2alg=3des-sha1,aes-sha1,aes256-sha1,aes256-sha2_256
#新增一行配置
sha2-truncbug=yes

保存配置文件后重启IPSEC服务,Android 6手机连接恢复正常!

服务器环境:Ubuntu 12.04 LTS + Libreswan

上一篇:Load 和 DOMContentLoaded 区别


下一篇:在集群的个人账户下安装20版本 lammps(2019版本inter编译器,lammps安装版本为3Mar2020, 集群版本为Centos 7.5)