Hello everyone,
i`m trying to set up a VPN tunnel with the native Android 13 (Grapheneos) VPN Client. The connection comes up and goes down directly.
IKE Dubug Output:
[url=https://filehorst.de/d/eHkcHkhm]Datei von filehorst.de laden[/url]
I hope that someone can help me.
Thanks in advanced.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @AIXNET
I verified the ike debugs you have shared, I can see the dynamic tunnel was created for 80.187.102.50
ike 0:Smartphone: adding new dynamic tunnel for 80.187.102.50:8986
ike 0:Smartphone_0: tunnel created tun_id 192.168.151.50/::10.0.0.26 remote_location 0.0.0.0
ike 0:Smartphone_0: added new dynamic tunnel for 80.187.102.50:8986
As it is dial-up connection so mode-config is enabled, and the DNS details and IP details are pushed as per the debugs.
But once the tunnel is established, post to the SNMP trap for the tunnel to be up. When FGT sends the AUTH response and it receives a new informational message with the peer to delete the SA kindly find the logs below :
ike 0:Smartphone_0:38108: out F147B1D8882DCC255A387A1EB02A72F52E2023200000000100000130240001141B78E0D7AFDEBA32C9F5D66DB8D7E8DBDEA0940C43637EA905D5111782E5F12F73D6DCA2E32FFE50083FE51921F65FBF006E859DE565F4BFA6CE1D9835E4AB18F20C841632BCB8C9A375173BA56542C1D7003185C36ED3463307EB298AB655F904F20584DD771B3BA508DB3180CF1EFA6B1756D0D8D63FD4EBDC33F5240D9A837B83240AB45F47C0D3EF94FD2F139744522C477DC50B201F0DDC7DFD7D58BF7C9A1D82C1828E85AAB7D23F53D8015A24B1AD13F6E86EFF4B3D7D6411B778A69FB12A9911AC7BCEB2F17913E68B07F9F5707C4CDF79588E9CBF008827FE576C9CE954F285C498BA65AD1275AD7BFAD938FAB81E366A82037DD506D715A7E9DF1715EEDDAF103FB14096E981D3D27976C7
ike 0:Smartphone_0:38108: sent IKE msg (AUTH_RESPONSE): 192.168.178.21:4500->80.187.102.50:8986, len=304, vrf=0, id=f147b1d8882dcc25/5a387a1eb02a72f5:00000001
ike 0: comes 80.187.102.50:8986->192.168.178.21:4500,ifindex=5,vrf=0....
ike 0: IKEv2 exchange=INFORMATIONAL id=f147b1d8882dcc25/5a387a1eb02a72f5:00000002 len=80
ike 0: in F147B1D8882DCC255A387A1EB02A72F52E20250800000002000000502A000034675FF1B13D01112A1F312680FAD5BA1D89A1DAB2EAEF14998BAC994DA52A6F2F6A19B8B924C6C2328C0AF897352DC43B
ike 0:Smartphone_0:38108: dec F147B1D8882DCC255A387A1EB02A72F52E20250800000002000000282A0000040000000801000000
ike 0:Smartphone_0:38108: received informational request
ike 0:Smartphone_0:38108: processing delete request (proto 1) >> getting the delete request
ike 0:Smartphone_0:38108: deleting IKE SA f147b1d8882dcc25/5a387a1eb02a72f5
ike 0:Smartphone_0:38108: schedule delete of IKE SA f147b1d8882dcc25/5a387a1eb02a72f5
ike 0:Smartphone_0:38108: enc 0F0E0D0C0B0A0908070605040302010F
ike 0:Smartphone_0:38108: out F147B1D8882DCC255A387A1EB02A72F52E202520000000020000005000000034F23F5729A1260A19661C8809390FF02A5870068A479C16D48DBE0E20E7E36C355AAB6E221308BC141C9E2B37B5264297
ike 0:Smartphone_0:38108: sent IKE msg (INFORMATIONAL_RESPONSE): 192.168.178.21:4500->80.187.102.50:8986, len=80, vrf=0, id=f147b1d8882dcc25/5a387a1eb02a72f5:00000002
Hi @asengar,
thanks for your reply.
The question is why the client is sending the delete request. In Android 13 you can only configure the VPN type (IKEv2/IPSec PSK), server address, ipsec id and the PSK.
I configured the VPN tunnel with the same settings on a LANCOM router and its working properly. It seems to me that the Fortigate send something in the AUTH_Response what the client is unable to handle with.
Any further ideas what i can do (traces etc.) to locate the problem?
Thanks in advanced
AIXNET
Hi @AIXNET ,
Could you please confirm what configuration has been configured in firewall and phone.
You may refer below article , See if it is will helpful :
Created on 08-20-2024 07:52 PM Edited on 08-22-2024 09:06 PM
Wrong content has been deleted.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.