您当前的位置:
【在线等】Android VPN的问题
最近一直在做Android VPN的东西,PPTPD和L2TPD都可以正常连上,但是L2TP/IPsec 的两个(PSK和CERT)都不能连接上去,
我用logcat跟了下大概是这个样子的:
D/SProxy_mtpd( 4562): Start VPN daemon: mtpd
D/mtpd ( 4724): Waiting for control socket
D/SProxy_mtpd( 4562): mtpd is running after 200 msec
D/mtpd ( 4724): Received 19 arguments
I/SProxy_mtpd( 4562): got data from control socket: 19
I/mtpd ( 4724): Using protocol l2tp
I/mtpd ( 4724): Connecting to xxx.xxx.xxx.xxx port 1701
I/mtpd ( 4724): Connection established (socket = 9)
D/mtpd ( 4724): Sending SCCRQ (local_tunnel = 54770)
I/racoon ( 4570): no in-bound policy found: xxx.xxx.xxx.xxx/32[1701] 10.0.1.3/32[0] proto=udp dir=in
I/racoon ( 4570): IPsec-SA request for xxx.xxx.xxx.xxx queued due to no phase1 found.
I/racoon ( 4570): initiate new phase 1 negotiation: 10.0.1.3[500]<=> xxx.xxx.xxx.xxx[500]
I/racoon ( 4570): begin Identity Protection mode.
I/ActivityManager( 78): Displayed activity com.android.settings/.vpn.VpnTypeSelection: 275 ms (total 275 ms)
I/racoon ( 4570): received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
I/racoon ( 4570):
I/racoon ( 4570): received broken Microsoft ID: FRAGMENTATION
I/racoon ( 4570): Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02
I/racoon ( 4570):
I/racoon ( 4570): Hashing xxx.xxx.xxx.xxx[500] with algo #2
I/racoon ( 4570): Hashing 10.0.1.3[500] with algo #2
I/racoon ( 4570): Adding remote and local NAT-D payloads.
I/racoon ( 4570): received Vendor ID: CISCO-UNITY
I/racoon ( 4570): received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
I/racoon ( 4570): Hashing 10.0.1.3[500] with algo #2
I/racoon ( 4570): NAT-D payload #0 doesn't match
I/racoon ( 4570): Hashing xxx.xxx.xxx.xxx[500] with algo #2
I/racoon ( 4570): NAT-D payload #1 verified
I/racoon ( 4570): NAT detected: ME
I/racoon ( 4570): KA list add: 10.0.1.3[4500]-> xxx.xxx.xxx.xxx[4500]
I/keystore( 56): uid: 1016 action: g -> 1 state: 1 -> 1 retry: 4
I/racoon ( 4570): received Vendor ID: DPD
W/racoon ( 4570): port 4500 expected, but 0
I/racoon ( 4570): ISAKMP-SA established 10.0.1.3[4500]- xxx.xxx.xxx.xxx[4500] spi:448a1dffe0955600:9b99664b15ac9898
I/racoon ( 4570): initiate new phase 2 negotiation: 10.0.1.3[4500]<=> xxx.xxx.xxx.xxx[4500]
I/racoon ( 4570): NAT detected -> UDP encapsulation (ENC_MODE 2->61444).
E/racoon ( 4570): fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
E/racoon ( 4570): Message: '???5'.
I/racoon ( 4570): ISAKMP-SA expired 10.0.1.3[4500]- xxx.xxx.xxx.xxx[4500] spi:448a1dffe0955600:9b99664b15ac9898
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
E/racoon ( 4570): phase2 negotiation failed due to phase1 expired. 448a1dffe0955600:9b99664b15ac9898:0000edcc
D/mtpd ( 4724): Timeout -> Sending SCCRQ
I/racoon ( 4570): ISAKMP-SA deleted 10.0.1.3[4500]- xxx.xxx.xxx.xxx[4500] spi:448a1dffe0955600:9b99664b15ac9898
I/racoon ( 4570): KA remove: 10.0.1.3[4500]-> xxx.xxx.xxx.xxx[4500]
D/mtpd ( 4724): Timeout -> Sending SCCRQ
一直卡在了发送SCCRQ这块,然后我就跟进内核里,在内核函数udp_sendmsg处查找安全路由时,被赋值了black hold路由,也就是在发包的时候直接抛掉了,在初始化的时候也看了下。也没有发现什么异常,很奇怪。谁做过这方面的帮看下。。我被这问题搞了好几个月了。
------解决方案--------------------
你有看到这句吗:E/racoon ( 4570): fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.