IPSec VPN issues

[rbmattis]

I've got the Windows 7 Client connecting to my HDA which is good.

I still can't get my Droid X running stock Android 2.3 to connect.

Also suppose my client gets compromised, is there a way to create a PSK with more characters?

Thanks,
rbmattis

[dforbes]

You can create any PSK you like by editing /etc/racoon/psk.txt and then restart racoon (or just reboot). If your client is compromised, you might want to change your password as well.

Unfortunately, I don't have an Android device to test. Google suggests that there are generally issues getting Android devices to connect to via IPSec and I know others have tried without much success.

DF

[jaybea]

I still can't get my Droid X running stock Android 2.3 to connect.

I have been playing with IPSec on my HTC Incredible S on stock 2.3 as well. One problem I have found using the stock VPN client is that the connection is not made to one of the ports that should be used (UDP 500 and 4500). Looking at my logs, the connection is attempted to UDP 1701, which my firewall rejects.

I need to play some more...

[dforbes]

Port 1701 sounds like it's trying to connect to L2TP/IPsec rather than a pure IPsec tunnel - the two are quite different methods.

DF

[jaybea]

Port 1701 sounds like it's trying to connect to L2TP/IPsec rather than a pure IPsec tunnel - the two are quite different methods.DF

You are right. It does not look like Android currently does a pure IPSec VPN and don't support the installation of clients that do unless the phone is rooted. It looks like VPNC Widget may do the job - from the Market - but needs a kernel with TUN support.

It looks like ssh tunneling may be the way to go for the moment.