Good day,
IKEv2/IPSec PSK Android native VPN connection : ipsec identity not fund error
Android 14 (maybe 13 too) initialliy sends IPsec-ID as configured in the phone connection (In ROS: ID_I) but an empty remote id (ID_R).
Later it requests ID_R to check if configured vpn server matches ROS id. It closes the connection if it doesnt match.
Problem:
a) if i configure the identity in ROS to have both ID's (my id type:fqdn, my id: my.public.dns and remote id type: fqdn, id: ipsec.vpn for example)
ROS will not find that identity because it seems that it checks both id's (but ID_R from android is emtpy)
b) if i configure the identity in ROS to have empty value for my id, ROS will pick up that identity but report that empty value later when requseted
Finally android will send a DELETE to abort the connection.
i dont know if android behaves correctly, however it is possible to bypass checking "my id" value when selecting identity in case of empty value?
IKEv2/IPSec PSK Android native VPN connection : ipsec identity not fund error
Android 14 (maybe 13 too) initialliy sends IPsec-ID as configured in the phone connection (In ROS: ID_I) but an empty remote id (ID_R).
Later it requests ID_R to check if configured vpn server matches ROS id. It closes the connection if it doesnt match.
Problem:
a) if i configure the identity in ROS to have both ID's (my id type:fqdn, my id: my.public.dns and remote id type: fqdn, id: ipsec.vpn for example)
ROS will not find that identity because it seems that it checks both id's (but ID_R from android is emtpy)
b) if i configure the identity in ROS to have empty value for my id, ROS will pick up that identity but report that empty value later when requseted
Finally android will send a DELETE to abort the connection.
i dont know if android behaves correctly, however it is possible to bypass checking "my id" value when selecting identity in case of empty value?
Statistics: Posted by pedkoschi — Sun Mar 10, 2024 12:11 pm