Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AIXNET
New Contributor

Android native VPN to Fortigate 40F

Hello everyone,

 

i`m trying to set up a VPN tunnel with the native Android 13 (Grapheneos) VPN Client. The connection comes up and goes down directly.

 

IKE Dubug Output:

[url=https://filehorst.de/d/eHkcHkhm]Datei von filehorst.de laden[/url]

 

I hope that someone can help me.

 

Thanks in advanced.

4 REPLIES 4
asengar
Staff
Staff

Hi @AIXNET 

 

I verified the ike debugs you have shared, I can see the dynamic tunnel was created for 80.187.102.50

ike 0:Smartphone: adding new dynamic tunnel for 80.187.102.50:8986
ike 0:Smartphone_0: tunnel created tun_id 192.168.151.50/::10.0.0.26 remote_location 0.0.0.0
ike 0:Smartphone_0: added new dynamic tunnel for 80.187.102.50:8986

 

As it is dial-up connection so mode-config is enabled, and the DNS details and IP details are pushed as per the debugs.

 

But once the tunnel is established, post to the SNMP trap for the tunnel to be up. When FGT sends the AUTH response and it receives a new informational message with the peer to delete the SA kindly find the logs below :

 

ike 0:Smartphone_0:38108: out F147B1D8882DCC255A387A1EB02A72F52E2023200000000100000130240001141B78E0D7AFDEBA32C9F5D66DB8D7E8DBDEA0940C43637EA905D5111782E5F12F73D6DCA2E32FFE50083FE51921F65FBF006E859DE565F4BFA6CE1D9835E4AB18F20C841632BCB8C9A375173BA56542C1D7003185C36ED3463307EB298AB655F904F20584DD771B3BA508DB3180CF1EFA6B1756D0D8D63FD4EBDC33F5240D9A837B83240AB45F47C0D3EF94FD2F139744522C477DC50B201F0DDC7DFD7D58BF7C9A1D82C1828E85AAB7D23F53D8015A24B1AD13F6E86EFF4B3D7D6411B778A69FB12A9911AC7BCEB2F17913E68B07F9F5707C4CDF79588E9CBF008827FE576C9CE954F285C498BA65AD1275AD7BFAD938FAB81E366A82037DD506D715A7E9DF1715EEDDAF103FB14096E981D3D27976C7
ike 0:Smartphone_0:38108: sent IKE msg (AUTH_RESPONSE): 192.168.178.21:4500->80.187.102.50:8986, len=304, vrf=0, id=f147b1d8882dcc25/5a387a1eb02a72f5:00000001
ike 0: comes 80.187.102.50:8986->192.168.178.21:4500,ifindex=5,vrf=0....
ike 0: IKEv2 exchange=INFORMATIONAL id=f147b1d8882dcc25/5a387a1eb02a72f5:00000002 len=80
ike 0: in F147B1D8882DCC255A387A1EB02A72F52E20250800000002000000502A000034675FF1B13D01112A1F312680FAD5BA1D89A1DAB2EAEF14998BAC994DA52A6F2F6A19B8B924C6C2328C0AF897352DC43B
ike 0:Smartphone_0:38108: dec F147B1D8882DCC255A387A1EB02A72F52E20250800000002000000282A0000040000000801000000
ike 0:Smartphone_0:38108: received informational request
ike 0:Smartphone_0:38108: processing delete request (proto 1) >> getting the delete request
ike 0:Smartphone_0:38108: deleting IKE SA f147b1d8882dcc25/5a387a1eb02a72f5
ike 0:Smartphone_0:38108: schedule delete of IKE SA f147b1d8882dcc25/5a387a1eb02a72f5
ike 0:Smartphone_0:38108: enc 0F0E0D0C0B0A0908070605040302010F
ike 0:Smartphone_0:38108: out F147B1D8882DCC255A387A1EB02A72F52E202520000000020000005000000034F23F5729A1260A19661C8809390FF02A5870068A479C16D48DBE0E20E7E36C355AAB6E221308BC141C9E2B37B5264297
ike 0:Smartphone_0:38108: sent IKE msg (INFORMATIONAL_RESPONSE): 192.168.178.21:4500->80.187.102.50:8986, len=80, vrf=0, id=f147b1d8882dcc25/5a387a1eb02a72f5:00000002

@bhishek
AIXNET
New Contributor

Hi @asengar,

 

thanks for your reply.

 

The question is why the client is sending the delete request. In Android 13 you can only configure the VPN type (IKEv2/IPSec PSK), server address, ipsec id and the PSK. 

I configured the VPN tunnel with the same settings on a LANCOM router and its working properly. It seems to me that the Fortigate send something in the AUTH_Response what the client is unable to handle with.

 

Any further ideas what i can do (traces etc.) to locate the problem?

 

Thanks in advanced

AIXNET

msanjaypadma
Staff
Staff

Hi @AIXNET ,

 

Could you please confirm what configuration has been configured in firewall and phone. 

You may refer below article , See if  it is will helpful : 

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Dail-up-Native-VPN-L2TP-is-no-longer-suppo...

Thanks,

Mayur Padma
Bertha

Wrong content has been deleted.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors