最近一直在做Android VPN的东西,PPTPD和L2TPD都可以正常连上,但是L2TP/IPsec 的两个(PSK和CERT)都不能连接上去,我用logcat跟了下大概是这个样子的:D/SProxy_mtpd( 4562): Start VPN daemon: mtpd
D/mtpd ( 4724): Waiting for control socket
D/SProxy_mtpd( 4562): mtpd is running after 200 msec
D/mtpd ( 4724): Received 19 arguments
I/SProxy_mtpd( 4562): got data from control socket: 19
I/mtpd ( 4724): Using protocol l2tp
I/mtpd ( 4724): Connecting to xxx.xxx.xxx.xxx port 1701
I/mtpd ( 4724): Connection established (socket = 9)
D/mtpd ( 4724): Sending SCCRQ (local_tunnel = 54770)
I/racoon ( 4570): no in-bound policy found: xxx.xxx.xxx.xxx/32[1701] 10.0.1.3/32[0] proto=udp dir=in
I/racoon ( 4570): IPsec-SA request for xxx.xxx.xxx.xxx queued due to no phase1 found.
I/racoon ( 4570): initiate new phase 1 negotiation: 10.0.1.3[500]<=> xxx.xxx.xxx.xxx[500]
I/racoon ( 4570): begin Identity Protection mode.
I/ActivityManager( 78): Displayed activity com.android.settings/.vpn.VpnTypeSelection: 275 ms (total 275 ms)
I/racoon ( 4570): received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
I/racoon ( 4570):
I/racoon ( 4570): received broken Microsoft ID: FRAGMENTATION
I/racoon ( 4570): Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02
I/racoon ( 4570):
I/racoon ( 4570): Hashing xxx.xxx.xxx.xxx[500] with algo #2
I/racoon ( 4570): Hashing 10.0.1.3[500] with algo #2
I/racoon ( 4570): Adding remote and local NAT-D payloads.
I/racoon ( 4570): received Vendor ID: CISCO-UNITY
I/racoon ( 4570): received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
I/racoon ( 4570): Hashing 10.0.1.3[500] with algo #2
I/racoon ( 4570): NAT-D payload #0 doesn't match
I/racoon ( 4570): Hashing xxx.xxx.xxx.xxx[500] with algo #2
I/racoon ( 4570): NAT-D payload #1 verified
I/racoon ( 4570): NAT detected: ME
I/racoon ( 4570): KA list add: 10.0.1.3[4500]-> xxx.xxx.xxx.xxx[4500]
I/keystore( 56): uid: 1016 action: g -> 1 state: 1 -> 1 retry: 4
I/racoon ( 4570): received Vendor ID: DPD
W/racoon ( 4570): port 4500 expected, but 0
I/racoon ( 4570): ISAKMP-SA established 10.0.1.3[4500]- xxx.xxx.xxx.xxx[4500] spi:448a1dffe0955600:9b99664b15ac9898
I/racoon ( 4570): initiate new phase 2 negotiation: 10.0.1.3[4500]<=> xxx.xxx.xxx.xxx[4500]
I/racoon ( 4570): NAT detected -> UDP encapsulation (ENC_MODE 2->61444).
E/racoon ( 4570): fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
E/racoon ( 4570): Message: '???5'.
I/racoon ( 4570): ISAKMP-SA expired 10.0.1.3[4500]- xxx.xxx.xxx.xxx[4500] spi:448a1dffe0955600:9b99664b15ac9898
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
E/racoon ( 4570): phase2 negotiation failed due to phase1 expired. 448a1dffe0955600:9b99664b15ac9898:0000edcc
D/mtpd ( 4724): Timeout -> Sending SCCRQ
I/racoon ( 4570): ISAKMP-SA deleted 10.0.1.3[4500]- xxx.xxx.xxx.xxx[4500] spi:448a1dffe0955600:9b99664b15ac9898
I/racoon ( 4570): KA remove: 10.0.1.3[4500]-> xxx.xxx.xxx.xxx[4500]
D/mtpd ( 4724): Timeout -> Sending SCCRQ一直卡在了发送SCCRQ这块,然后我就跟进内核里,在内核函数udp_sendmsg处查找安全路由时,被赋值了black hold路由,也就是在发包的时候直接抛掉了,在初始化的时候也看了下。也没有发现什么异常,很奇怪。谁做过这方面的帮看下。。我被这问题搞了好几个月了。
D/mtpd ( 4724): Waiting for control socket
D/SProxy_mtpd( 4562): mtpd is running after 200 msec
D/mtpd ( 4724): Received 19 arguments
I/SProxy_mtpd( 4562): got data from control socket: 19
I/mtpd ( 4724): Using protocol l2tp
I/mtpd ( 4724): Connecting to xxx.xxx.xxx.xxx port 1701
I/mtpd ( 4724): Connection established (socket = 9)
D/mtpd ( 4724): Sending SCCRQ (local_tunnel = 54770)
I/racoon ( 4570): no in-bound policy found: xxx.xxx.xxx.xxx/32[1701] 10.0.1.3/32[0] proto=udp dir=in
I/racoon ( 4570): IPsec-SA request for xxx.xxx.xxx.xxx queued due to no phase1 found.
I/racoon ( 4570): initiate new phase 1 negotiation: 10.0.1.3[500]<=> xxx.xxx.xxx.xxx[500]
I/racoon ( 4570): begin Identity Protection mode.
I/ActivityManager( 78): Displayed activity com.android.settings/.vpn.VpnTypeSelection: 275 ms (total 275 ms)
I/racoon ( 4570): received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
I/racoon ( 4570):
I/racoon ( 4570): received broken Microsoft ID: FRAGMENTATION
I/racoon ( 4570): Selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02
I/racoon ( 4570):
I/racoon ( 4570): Hashing xxx.xxx.xxx.xxx[500] with algo #2
I/racoon ( 4570): Hashing 10.0.1.3[500] with algo #2
I/racoon ( 4570): Adding remote and local NAT-D payloads.
I/racoon ( 4570): received Vendor ID: CISCO-UNITY
I/racoon ( 4570): received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
I/racoon ( 4570): Hashing 10.0.1.3[500] with algo #2
I/racoon ( 4570): NAT-D payload #0 doesn't match
I/racoon ( 4570): Hashing xxx.xxx.xxx.xxx[500] with algo #2
I/racoon ( 4570): NAT-D payload #1 verified
I/racoon ( 4570): NAT detected: ME
I/racoon ( 4570): KA list add: 10.0.1.3[4500]-> xxx.xxx.xxx.xxx[4500]
I/keystore( 56): uid: 1016 action: g -> 1 state: 1 -> 1 retry: 4
I/racoon ( 4570): received Vendor ID: DPD
W/racoon ( 4570): port 4500 expected, but 0
I/racoon ( 4570): ISAKMP-SA established 10.0.1.3[4500]- xxx.xxx.xxx.xxx[4500] spi:448a1dffe0955600:9b99664b15ac9898
I/racoon ( 4570): initiate new phase 2 negotiation: 10.0.1.3[4500]<=> xxx.xxx.xxx.xxx[4500]
I/racoon ( 4570): NAT detected -> UDP encapsulation (ENC_MODE 2->61444).
E/racoon ( 4570): fatal NO-PROPOSAL-CHOSEN notify messsage, phase1 should be deleted.
E/racoon ( 4570): Message: '???5'.
I/racoon ( 4570): ISAKMP-SA expired 10.0.1.3[4500]- xxx.xxx.xxx.xxx[4500] spi:448a1dffe0955600:9b99664b15ac9898
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
D/mtpd ( 4724): Timeout -> Sending SCCRQ
E/racoon ( 4570): phase2 negotiation failed due to phase1 expired. 448a1dffe0955600:9b99664b15ac9898:0000edcc
D/mtpd ( 4724): Timeout -> Sending SCCRQ
I/racoon ( 4570): ISAKMP-SA deleted 10.0.1.3[4500]- xxx.xxx.xxx.xxx[4500] spi:448a1dffe0955600:9b99664b15ac9898
I/racoon ( 4570): KA remove: 10.0.1.3[4500]-> xxx.xxx.xxx.xxx[4500]
D/mtpd ( 4724): Timeout -> Sending SCCRQ一直卡在了发送SCCRQ这块,然后我就跟进内核里,在内核函数udp_sendmsg处查找安全路由时,被赋值了black hold路由,也就是在发包的时候直接抛掉了,在初始化的时候也看了下。也没有发现什么异常,很奇怪。谁做过这方面的帮看下。。我被这问题搞了好几个月了。
解决方案 »
- 如何在Android/iOS游戏中集成社交分享按钮(新浪微博)
- 为什么我用httpurlconnection获取不到数据?求大神
- ksoap2调用WCF接口提示 Cannot serialize:11.0
- 关于如何屏蔽android的短信提示消息
- 请问关于startActivityForResult的问题
- 酷我听听 tab 滑动效果
- 申请android版主
- wifi小车
- win7 下如何运行安卓软件? BlueStacks安装有问题,不能用
- listView中加入progressBar,如何在控制错位的情况下还能够更新进度条
- android vpn实现 ,求大神帮助
- Android蓝牙开发问题,手机模拟蓝牙耳机,了解的帮忙看下
其实上面那个并不是我的输出日志,我只是看了下大概的情况,也是最后进入到了timeout那块,我这边的日志验证已经都正常通过了,因为我用别的版本的手机连过,没有问题,现在的手机输出日志和正常的日常是一样的,可是就是卡在了发送sccrq这块,我明天会贴出来日志。。