Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MBruenisholz
New Contributor

Created on ‎08-29-2012 07:44 AM

Android VPN with IPSec/XAuth

Hi everyone I' m trying to establish a VPN-Connection between an android-tablet (Android 4.0.3) with our Fortigate (MR3Patch8). I know the cookbook-article about how to establish a connection using L2TP over IPSec... but that' s not what i want. Since it is possible to use IPSec with Xauth since Android 4, i want to use this. We' re already using it with iPhones/iPads. And some blog-articles state that it' s also possible with android... but i cant get it to work. Actually i see just one single " negotiate progress IPsec phase 1" message with status success, that' s all. Not a proposal mismatch or error. And after a short time, i get a timeout on the tablet and see a delete_phase1_sa in the eventlog. My configuration looks like this atm Phase1 
 config vpn ipsec phase1-interface
     edit " v_test_android" 
         set type dynamic
         set interface " cc_inet" 
         set dhgrp 2
         set peertype one
         set xauthtype auto
         set mode aggressive
         set mode-cfg enable
         set proposal aes128-sha1
         set peerid " androidvpn" 
         set authusrgrp " androidvpn" 
         set ipv4-start-ip 192.168.244.30
         set ipv4-end-ip 192.168.244.40
         set ipv4-netmask 255.255.255.0
         set dns-mode auto
         set psksecret ***
     next
 end
Phase2 
config vpn ipsec phase2-interface
     edit " v_test_android_ph2" 
         set phase1name " v_test_android" 
         set proposal aes128-sha1
     next
 end
On the tablet i' ve configured a " IPSec Xauth PSK" connection, using the " androidvpn" as IPsec-ID. I' ve already tried many combinations with different proposals, with or without peertype, with PAP or CHAP instead of auto... nothing worked. I' m sure it' s no matter of user/password or PSK, because on an iPad i can connect with this proposals. Does anyone already made this to work or has some hints for me? Thx a lot Mike
5454
0 Kudos
4 REPLIES 4
MBruenisholz
New Contributor

Created on ‎08-30-2012 04:33 AM

Little update: Obviously i had an error with the psk (don' t know how this could happen...) But now i' m stuck at " XAUTH authentication failed"
3181
0 Kudos
MBruenisholz
New Contributor

Created on ‎08-30-2012 05:51 AM

OK, we can close this case... seems to be an android-bug. Here my observations, hope i can help someone else who' s stuck with something similar. I did some debugging, with diag debug app ike 255, and found this: 
2012-08-30 14:35:23 ike 0:v_test_android_0:232958: received XAUTH_USER_NAME ' andr2'  length 5
 2012-08-30 14:35:23 ike 0:v_test_android_0:232958: received XAUTH_USER_PASSWORD length 9
 2012-08-30 13:56:27 ike 0:v_test_android_0: XAUTH failed for user " andr2" , retry(2).
I was confused about the XAUTH_USER_PASSWORD length 9... because the password of this user is only 8 characters long. Tried some other passwords with other lengts, and every try was one digit longer than it should be. I found the " VpnCilla" App in the Play store and gave it a try. It worked like a charm! 
2012-08-30 14:35:23 ike 0:v_test_android_0:232958: received XAUTH_USER_NAME ' andr2'  length 5
 2012-08-30 14:35:23 ike 0:v_test_android_0:232958: received XAUTH_USER_PASSWORD length 8
 2012-08-30 14:35:23 ike 0:v_test_android_0: XAUTH user " andr2"  in group ' androidvpn'  (9)
 2012-08-30 14:35:23 ike 0:v_test_android_0: XAUTH succeeded for user " andr2
You can see, the length is now 8, exactly as it should be. Seems like the built-in vpn client does not submit the password the right way. I' m happy to see it was no problem on the fortigate Will now see if this is a known bug in android, otherwise i' ll try to submit it.
3181
0 Kudos
IT_Operations
New Contributor

Created on ‎09-09-2012 09:56 PM

I had this same problem on ICS, both tablet and phone. Must be some sort of android bug in their client, because i also ended up going the VpnCilla route, which i' m very happy with. -Tony
3181
0 Kudos
MBruenisholz
New Contributor

Created on ‎09-09-2012 11:55 PM

Thanks for your reply, good to know that i' m not the only one with this problem. I' ve created a bugreport ( [link]https://code.google.com/p/android/issues/detail?id=36879&thanks=36879&ts=1346334949[/link] ), but no reaction untill yet. Mike
3181
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.