Connecting to MPD from Android and IOS

Help
2013-02-08
2013-03-27
  • Tim Gustafson

    Tim Gustafson - 2013-02-08

    Hi,

    I set up my MPD server by following these instructions:

    http://wiki.stocksy.co.uk/wiki/L2TP_VPN_in_FreeBSD

    Windows and Macintosh clients can connect successfully, but Android and IOS devices cannot.  Here's my mpd.conf file:

    startup:
            set user admin password admin
            set console self 192.168.0.2 5005
            set console open
            set web self 192.168.0.2 5006
            set web open
    default:
            load l2tp_server
    l2tp_server:
            set ippool add pool_l2tp 192.168.1.20 192.168.1.99
            create bundle template B_l2tp
            set iface enable proxy-arp
            set iface enable tcpmssfix
            set ipcp yes vjcomp
            set ipcp ranges 192.168.1.4/24 ippool pool_l2tp
            set ipcp dns 192.168.48.22 
            create link template L_l2tp l2tp
            set link action bundle B_l2tp
            set link enable multilink
            set link no pap chap eap
            set link enable chap
            set link keep-alive 0 0
            set link mtu 1280
            set l2tp self 192.168.0.2
            set l2tp enable length
            set link enable incoming
            set link max-children 1000
    

    And here's my racoon.conf:

    path pre_shared_key "/usr/local/etc/racoon/psk.txt";
    listen
    {
            isakmp           192.168.0.2 [500];
            isakmp_natt      192.168.0.2 [4500];
            strict_address;
    }
    remote anonymous
    {
            exchange_mode    main;
            passive          on;
            proposal_check   obey;
            support_proxy    on;
            nat_traversal    on;
            ike_frag         on;
            dpd_delay        20;
            proposal
            {
                    encryption_algorithm  aes;
                    hash_algorithm        sha1;
                    authentication_method pre_shared_key;
                    dh_group              modp1024;
            }
            proposal
            {
                    encryption_algorithm  3des;
                    hash_algorithm        sha1;
                    authentication_method pre_shared_key;
                    dh_group              modp1024;
            }
    }
    sainfo anonymous
    {
            encryption_algorithm     aes,3des;
            authentication_algorithm hmac_sha1;
            compression_algorithm    deflate;
            pfs_group                modp1024;
    }
    

    When I try to connect from an Android device, this is what I see in racoon.log:

    2013-02-08 10:57:53: INFO: respond new phase 1 negotiation: 192.168.0.2[500]<=>10.0.0.5[11667]
    2013-02-08 10:57:53: INFO: begin Identity Protection mode.
    2013-02-08 10:57:53: INFO: received Vendor ID: RFC 3947
    2013-02-08 10:57:53: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    2013-02-08 10:57:53: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
    2013-02-08 10:57:53: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
    2013-02-08 10:57:53: INFO: received broken Microsoft ID: FRAGMENTATION
    2013-02-08 10:57:53: INFO: received Vendor ID: DPD
    2013-02-08 10:57:53: [10.0.0.5] INFO: Selected NAT-T version: RFC 3947
    2013-02-08 10:57:53: [192.168.0.2] INFO: Hashing 192.168.0.2[500] with algo #2 
    2013-02-08 10:57:53: INFO: NAT-D payload #0 verified
    2013-02-08 10:57:53: [10.0.0.5] INFO: Hashing 10.0.0.5[11667] with algo #2 
    2013-02-08 10:57:53: INFO: NAT-D payload #1 doesn't match
    2013-02-08 10:57:53: INFO: NAT detected: PEER
    2013-02-08 10:57:53: [10.0.0.5] INFO: Hashing 10.0.0.5[11667] with algo #2 
    2013-02-08 10:57:53: [192.168.0.2] INFO: Hashing 192.168.0.2[500] with algo #2 
    2013-02-08 10:57:53: INFO: Adding remote and local NAT-D payloads.
    2013-02-08 10:57:53: INFO: NAT-T: ports changed to: 10.0.0.5[11651]<->192.168.0.2[4500]
    2013-02-08 10:57:53: INFO: KA list add: 192.168.0.2[4500]->10.0.0.5[11651]
    2013-02-08 10:57:53: INFO: ISAKMP-SA established 192.168.0.2[4500]-10.0.0.5[11651] spi:9b6483dc2d960777:3a67eb2d8625b334
    2013-02-08 10:57:53: [10.0.0.5] INFO: received INITIAL-CONTACT
    2013-02-08 10:57:54: INFO: respond new phase 2 negotiation: 192.168.0.2[4500]<=>10.0.0.5[11651]
    2013-02-08 10:57:54: INFO: Adjusting my encmode UDP-Transport->Transport
    2013-02-08 10:57:54: INFO: Adjusting peer's encmode UDP-Transport(4)->Transport(2)
    2013-02-08 10:57:54: INFO: IPsec-SA established: ESP/Transport 192.168.0.2[500]->10.0.0.5[500] spi=24307251(0x172e633)
    2013-02-08 10:57:54: INFO: IPsec-SA established: ESP/Transport 192.168.0.2[500]->10.0.0.5[500] spi=112641816(0x6b6c718)
    

    What am I doing wrong?  I'm guessing that I'm just missing some subtle option, probably related to raccoon.

     
  • Tim Gustafson

    Tim Gustafson - 2013-02-08

    One more tidbit of information: if I connect my Android device to Wifi, I am able to connect.  It's only when I'm connected over the Cellular network that it does not work.

     
  • Dmitry S. Luhtionov

    Put your detailed mpd.log here, please.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks