1
0
mirror of synced 2024-11-22 04:56:03 +03:00

Added note for Android 6.0 users

Android 6.0 users must enable SHA2 in /etc/ipsec.conf.
Thanks @rodolfobandeira for the hint!
Ref: 544a25ab77
This commit is contained in:
hwdsl2 2016-01-14 14:33:51 -06:00
parent 4f198ab994
commit 46a3f9e0b1
3 changed files with 12 additions and 0 deletions

View File

@ -84,6 +84,8 @@ You may use `vpnupgrade_Libreswan.sh` (for Ubuntu/Debian) and `vpnupgrade_Libres
For **Windows users**, a <a href="https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809" target="_blank">one-time registry change</a> is required for connections to a VPN server behind NAT (e.g. Amazon EC2).
**Android 6.0 users**: Edit `/etc/ipsec.conf` and append `,aes256-sha2_256` to the end of both `ike=` and `phase2alg=`, then add a new line `sha2-truncbug=yes`. Start lines with two spaces. When finished, run `service ipsec restart`. (<a href="https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow" target="_blank">Source</a>)
To support multiple VPN users with different credentials, just <a href="https://gist.github.com/hwdsl2/123b886f29f4c689f531" target="_blank">edit a few lines</a> in the scripts.
Clients are configured to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN connection is active. This setting is controlled by `ms-dns` in `/etc/ppp/options.xl2tpd`.

View File

@ -44,6 +44,11 @@ VPN_PASSWORD=your_very_secure_password
# to a VPN server behind NAT (e.g. Amazon EC2). Please see:
# https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809
# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of both
# "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Start lines with two spaces.
# When finished, run "service ipsec restart". Source:
# https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow
# To support multiple VPN users with different credentials, see:
# https://gist.github.com/hwdsl2/123b886f29f4c689f531

View File

@ -53,6 +53,11 @@ VPN_PASSWORD=your_very_secure_password
# to a VPN server behind NAT (e.g. Amazon EC2). Please see:
# https://documentation.meraki.com/MX-Z/Client_VPN/Troubleshooting_Client_VPN#Windows_Error_809
# **Android 6.0 users**: Edit /etc/ipsec.conf and append ",aes256-sha2_256" to the end of both
# "ike=" and "phase2alg=", then add a new line "sha2-truncbug=yes". Start lines with two spaces.
# When finished, run "service ipsec restart". Source:
# https://libreswan.org/wiki/FAQ#Android_6.0_connection_comes_up_but_no_packet_flow
# To support multiple VPN users with different credentials, see:
# https://gist.github.com/hwdsl2/123b886f29f4c689f531