Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Android native VPN to Fortigate 40F

Hello everyone,


i`m trying to set up a VPN tunnel with the native Android 13 (Grapheneos) VPN Client. The connection comes up and goes down directly.


IKE Dubug Output:

[url=]Datei von laden[/url]


I hope that someone can help me.


Thanks in advanced.




I verified the ike debugs you have shared, I can see the dynamic tunnel was created for

ike 0:Smartphone: adding new dynamic tunnel for
ike 0:Smartphone_0: tunnel created tun_id remote_location
ike 0:Smartphone_0: added new dynamic tunnel for


As it is dial-up connection so mode-config is enabled, and the DNS details and IP details are pushed as per the debugs.


But once the tunnel is established, post to the SNMP trap for the tunnel to be up. When FGT sends the AUTH response and it receives a new informational message with the peer to delete the SA kindly find the logs below :


ike 0:Smartphone_0:38108: out F147B1D8882DCC255A387A1EB02A72F52E2023200000000100000130240001141B78E0D7AFDEBA32C9F5D66DB8D7E8DBDEA0940C43637EA905D5111782E5F12F73D6DCA2E32FFE50083FE51921F65FBF006E859DE565F4BFA6CE1D9835E4AB18F20C841632BCB8C9A375173BA56542C1D7003185C36ED3463307EB298AB655F904F20584DD771B3BA508DB3180CF1EFA6B1756D0D8D63FD4EBDC33F5240D9A837B83240AB45F47C0D3EF94FD2F139744522C477DC50B201F0DDC7DFD7D58BF7C9A1D82C1828E85AAB7D23F53D8015A24B1AD13F6E86EFF4B3D7D6411B778A69FB12A9911AC7BCEB2F17913E68B07F9F5707C4CDF79588E9CBF008827FE576C9CE954F285C498BA65AD1275AD7BFAD938FAB81E366A82037DD506D715A7E9DF1715EEDDAF103FB14096E981D3D27976C7
ike 0:Smartphone_0:38108: sent IKE msg (AUTH_RESPONSE):>, len=304, vrf=0, id=f147b1d8882dcc25/5a387a1eb02a72f5:00000001
ike 0: comes>,ifindex=5,vrf=0....
ike 0: IKEv2 exchange=INFORMATIONAL id=f147b1d8882dcc25/5a387a1eb02a72f5:00000002 len=80
ike 0: in F147B1D8882DCC255A387A1EB02A72F52E20250800000002000000502A000034675FF1B13D01112A1F312680FAD5BA1D89A1DAB2EAEF14998BAC994DA52A6F2F6A19B8B924C6C2328C0AF897352DC43B
ike 0:Smartphone_0:38108: dec F147B1D8882DCC255A387A1EB02A72F52E20250800000002000000282A0000040000000801000000
ike 0:Smartphone_0:38108: received informational request
ike 0:Smartphone_0:38108: processing delete request (proto 1) >> getting the delete request
ike 0:Smartphone_0:38108: deleting IKE SA f147b1d8882dcc25/5a387a1eb02a72f5
ike 0:Smartphone_0:38108: schedule delete of IKE SA f147b1d8882dcc25/5a387a1eb02a72f5
ike 0:Smartphone_0:38108: enc 0F0E0D0C0B0A0908070605040302010F
ike 0:Smartphone_0:38108: out F147B1D8882DCC255A387A1EB02A72F52E202520000000020000005000000034F23F5729A1260A19661C8809390FF02A5870068A479C16D48DBE0E20E7E36C355AAB6E221308BC141C9E2B37B5264297
ike 0:Smartphone_0:38108: sent IKE msg (INFORMATIONAL_RESPONSE):>, len=80, vrf=0, id=f147b1d8882dcc25/5a387a1eb02a72f5:00000002

New Contributor

Hi @asengar,


thanks for your reply.


The question is why the client is sending the delete request. In Android 13 you can only configure the VPN type (IKEv2/IPSec PSK), server address, ipsec id and the PSK. 

I configured the VPN tunnel with the same settings on a LANCOM router and its working properly. It seems to me that the Fortigate send something in the AUTH_Response what the client is unable to handle with.


Any further ideas what i can do (traces etc.) to locate the problem?


Thanks in advanced





Could you please confirm what configuration has been configured in firewall and phone. 

You may refer below article , See if  it is will helpful :


Mayur Padma
Top Kudoed Authors