Database Info

[Q] VPN PPTP doesn't work

Trying to make a VPN connection from my new Droid Charge to a Microsoft server at work. This works fine on my G1 running CM6. I've tried it on Wifi and 3g with no luck. It tells me "Server negotiation failed. Server may disagree with your encryption option." I have encryption turned on just like I do on the G1. Turning it off doesn't work either (because the server requires it and what kind of vpn is it without encryption?).
Anyone have experience with this working or not?
More info:
I'm running ED1, rooted.
Found this in logcat
E/pppd (16706): MPPE required, but kernel has no support.
This lead me to find that other phones have this issue too. So, I guess the question becomes, does anyone know of a fix for this?

velocityfactor said:
Trying to make a VPN connection from my new Droid Charge to a Microsoft server at work. This works fine on my G1 running CM6. I've tried it on Wifi and 3g with no luck. It tells me "Server negotiation failed. Server may disagree with your encryption option." I have encryption turned on just like I do on the G1. Turning it off doesn't work either (because the server requires it and what kind of vpn is it without encryption?).
Anyone have experience with this working or not?
More info:
I'm running ED1, rooted.
Found this in logcat
E/pppd (16706): MPPE required, but kernel has no support.
This lead me to find that other phones have this issue too. So, I guess the question becomes, does anyone know of a fix for this?
Click to expand...
Click to collapse
Me too. Anybody else? Has there been a resolution for this?

It's a pia to do. I use a company exchange if your trying to do that you have to get with your it department and have them manually set it up. If its not company you will still have to manually set it up. Just google what your trying to set up and there is a how to on almost every type of server. Hope this helps.
Sent from my SCH-I510 using XDA App

I juzt reread your post. Vpn is a company deal. You will have to contact company it guy. You will have to manually put in you server address and a couple of other things.
Sent from my SCH-I510 using XDA App

PPTP Encrypted VPN doesn't work on the Charge, just as it didn't on the Droid X. The issue isn't on any companies IT, it is an issue with the phone. Go to any Verizon store and pick up the Thunderbolt and enter your VPN credentials and it will work. If you do the same on the Charge it will fail.

PPTP encryption fix (getting close)

For anyone interested in playing with it, I have built the ppp_mppe.ko module that is missing to make the PPTP with encryption work. My initial testing shows that it connects and passes traffic. Unfortunately, after a few minutes it stops passing traffic but remains connected. I need to investigate the logs...
To try it, open a terminal, cd to the folder where you stored it, su (YOU NEED ROOT), "insmod ppp_mppe.ko", and then go try an encrypted VPN PPTP connection. Mine failed the first time, and then worked on subsequent connections.
e081820061574b1ab1188294e62e1cff ppp_mppe.ko
I'm curious to see if anyone here cares about this and how it works for you.
Shayne

I'm really interested in make my VPN work. I'm using CM7 on Galaxy Tab. I don't think your module was made for my kernel.
Is this ever going to be fixed? I'm able to connect to my PPTP VPN provider, and it requires encryption. I can ping out for a while... but as soon as I open the browser or other app the actually uses the net the pings stop and connection stops transmitting, although still connected. So frustrating...

Yeah, the module isn't going to work on other devices.
I get the same result as you when I do a PPTP connection. Actually when I posted this I hadn't dug deep enough to find that this was a long standing problem, and I just figured that getting the module loaded in would fix it.
Seems like this module should be where the bug is, but I haven't had time to look at it more closely. Apparently there aren't enough people that care about this feature.

Looks like this problem is related to the MTU. I can send/rcv 1380 byte pings, but anything bigger causes the connection to quit working. I'm thinking that rebuilding pppd with a lower MTU might be interesting, but I need to get set up to do that. pppd does not pay attention to config files, and mtpd, akaik, doesn't pass an mtu/mru arg to it.

velocityfactor said:
Looks like this problem is related to the MTU. I can send/rcv 1380 byte pings, but anything bigger causes the connection to quit working. I'm thinking that rebuilding pppd with a lower MTU might be interesting, but I need to get set up to do that. pppd does not pay attention to config files, and mtpd, akaik, doesn't pass an mtu/mru arg to it.
Click to expand...
Click to collapse
I have come across this blog with some mtpd command line examples, see if it helps on manually connecting with custom MTUs.
I also tried a couple suggestions of changing MTU on the eth0 to 1480 and 1380 before and after connecting to the VPN, without any success. Also tried different MTUs on ppp0 after connection also with no success.

I just wanted to say that even though this stuff is far too above my head for me to contribute, thanks for working on this!
Now I can keep daydreaming about turning my phone into a PPTP server...

I understand that this thread hasn't been active for a while, however, I do want to say thanks for this! With the provided module, I was finally able to connect to our VPN server using PPTP with encryption. In fact, I was able to do so as well over 4G. I read through several threads on various sites regarding the commonality of this issue and possible firewall NAT restrictions on Verizon's behalf. It seems it was just a module needed that fixed all this.
On a side note, I haven't had the connection dropped so far. I'm about 1000 ping sequence in and connectivity is still up and running. Not sure if this is an effective means of validation it.
If it helps others looking into this issue as well, note, that I've tried virtually all available kernels as of date to this posting. Nothing worked. This module was the only thing that granted access to our VPN server.
Update: Spoke to soon. After attempting to log into a server, data was no longer able to pass through.

I'm glad to hear it has helped you. It didn't turn out to help me.
To test it further, I suggest you pass some real traffic over it. Regular ping traffic doesn't cause the loss of connection that I'm familiar with. If it continues to work, count yourself lucky, and you might want to convince your favorite kernel builder (imnuts, maybe) to include that module.
I spent some time looking into the dropped connection issue and was not successful at finding a solution. What I think I learned is that when the pptp server handles a packet larger than the mru and fragments the packet, the first fragment decrypts ok, but the second fragment decrypts to junk. It's supposed to be stateless encryption, but all subsequent packets silently fail to decrypt. Thus, all traffic stops moving and the link eventually times out.
This problem only seems to affect the reception of packets. The outgoing traffic seems to be unaffected.
The PPP and MPPE code in the froyo kernel is unchanged from that in the mainstream Linux kernel. My Ubuntu desktop can do PPTP with MPPE no problem. So why can't froyo?
This was absorbing too much of my time, so I finally gave in and set up L2TP.

velocityfactor said:
The PPP and MPPE code in the froyo kernel is unchanged from that in the mainstream Linux kernel. My Ubuntu desktop can do PPTP with MPPE no problem. So why can't froyo?
Click to expand...
Click to collapse
I'm not entirely sure if froyo's at fault as I was able to confirm with a few of my colleagues that they were able to VPN with PPTP just fine on their non-charge device that's on froyo. Additionally, I even tried the GB leak but ended up with the same results.
velocityfactor said:
This was absorbing too much of my time, so I finally gave in and set up L2TP.
Click to expand...
Click to collapse
Thanks for taking a stab at this though. It does seem that there isn't a big call for this feature within the community; a huge bummer for those that does need it.

Problem details
I have this problem with my HTC Inspire 4G and I've been researching it a lot.
The error reported on PPTP server side suggests that Android PPTP client tries to negotiate unsupported protocol:
pppd: Protocol-Reject for unsupported protocol 0xxx
but it is a misleading message since initially the protocol is negotiated correctly and the connection is established. Only after several dozens of frames are transmitted the error appears and it repeats with different value of unsupported protocol in the message.
Since then the PPTP tunnel is out of sync and Android client sends effectively random octets from the MPPE encryption module.
I will include links here to Web pages with details FYI if you are interested in more details about it.
http://www.securitykiss.com/resources/articles/android_vpn_bug/index.php
http://code.google.com/p/android/issues/detail?id=10901
http://code.google.com/p/android/issues/detail?id=4706

velocityfactor said:
This was absorbing too much of my time, so I finally gave in and set up L2TP.
Click to expand...
Click to collapse
Interesting that PPTP failed you, but L2TP worked. I had the opposite experience. A stock unrooted Android 2.2.2 connected to a debian pptpd just fine, mostly with default settings. (although I didn't go as far as to route traffic, just confirmed that there's an encrypted connection)
But it's ipsec that doesn't work for me. Would you please post the L2TP server configuration that works for you?
I'll post the PPTP server settings if anyone is interested.

The PPTP doesn't fail until you send traffic. Specifically, it works ok until you send a large packet that get fragmented. Then it seems the encryption becomes out of sync and things go downhill from there.
My L2TP is running on Windows Server just using default settings, so nothing to post really.
This thread should probably be closed since it doesn't really relate to the Charge specifically and the fix isn't "getting close" afaik.
Shayne

At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.
Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise
Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.

xdadevnube said:
At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.
Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise
Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.
Click to expand...
Click to collapse
I think samsung screwed it up more than the OS.

xdadevnube said:
At this point, I essentially gave up on PPTP on the Charge (more specifically, Froyo and Gingerbread), but I did some testing on ICS the Galaxy Nexus. The Galaxy Nexus works fine with my DD-WRT PPTP server. I didn't notice any issues with it.
But yeah, on both Froyo and Gingerbread I could get a PPTP connection to link up, but no traffic would pass.
Thankfully it seems that Google got it right with ICS, now I just have to spend more money on an ICS phone to get the features they advertise
Perhaps ICS will roll out to the Charge, but I'm not going to bet the farm on it. It would be interesting to try PPTP connectivity on JT's ICS build, but I do need the cellular radios to work so I haven't gotten around to trying it yet.
Click to expand...
Click to collapse
Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.
Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.

Haadkoe said:
Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.
Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.
Click to expand...
Click to collapse
I dunno, but I just got it working on ICS 4.03 CleanROM Kang Tapped Edition for the HTC Rezound.
MPPE enabled.
It passes traffic, can browse the web, copy files from a network share. Connectivity does not get lost.
It does use the remote gateway.
I didn't check on if it was possible to set a local gateway.
Anyways, I've been waiting for this damned feature for quite some time.
If all you want to do is access your PC's files, I suggest PocketCloud Explore.
It is pretty tight.

Haadkoe said:
Interesting, as my galaxy nexus on 4.0.4 is unable to effectively access my ddwrt based pptp Vpn server. With mppe encryption enabled, it won't connect at all. With encryption disabled, it connects but incoming traffic stalls like many people above mentioned. Nothing on the remote wan or remote LAN seem to be accessible from the phone as best as I can tell.
Ddwrt vpn server is configured correctly as my windows 7 PC can connect to it without a problem.
Click to expand...
Click to collapse
there is a specific way to force Encryption on the PPTP server on ddwrt
More info.
http://www.dd-wrt.com/wiki/index.php/PPTP_Server_Configuration

Okay, for anybody interested, I did get successful VPN with encryption working on the Droid Charge with an app called VPNRoot:
https://play.google.com/store/apps/details?id=com.did.vpnroot&hl=en
Plus, this allows one to have no pin or pattern unlock, no lock screen at all actually.
It worked for me on both the Droid Charge with Tweakstock 2.0 and the HTC Rezound with an ICS ROM.
I paid for the pro version of the VPNRoot app by donating to the dev. Now I finally have the feature I wanted over a year ago when I got my Charge.
ICS works with VPN, but you have to have a pin or pattern lockscreen on your phone. If you disable the lockscreen with NoLock or via a tweak, you still have to enter your pin or pattern every time you click a notification....
VPNRoot does exactly what I want. For some reason at first I had trouble with it, but the latest version seemed to fix all the issues.
I haven't done thorough testing on speed yet, but hopefully will soon.

xdadevnube said:
Okay, for anybody interested, I did get successful VPN with encryption working on the Droid Charge with an app called VPNRoot:
https://play.google.com/store/apps/details?id=com.did.vpnroot&hl=en
Plus, this allows one to have no pin or pattern unlock, no lock screen at all actually.
It worked for me on both the Droid Charge with Tweakstock 2.0 and the HTC Rezound with an ICS ROM.
I paid for the pro version of the VPNRoot app by donating to the dev. Now I finally have the feature I wanted over a year ago when I got my Charge.
ICS works with VPN, but you have to have a pin or pattern lockscreen on your phone. If you disable the lockscreen with NoLock or via a tweak, you still have to enter your pin or pattern every time you click a notification....
VPNRoot does exactly what I want. For some reason at first I had trouble with it, but the latest version seemed to fix all the issues.
I haven't done thorough testing on speed yet, but hopefully will soon.
Click to expand...
Click to collapse
VPNRoot works great, thanks! I have the same issue on my Hyundai T7 with android 4.0.4, times out connecting to my VPN, but this app solves that problem.

I'm using vpn root on a s4 with stock ics firmware.
it can connect but times out all the time.
I can do google searches fine but trying to load any Web page just hangs.
have a pptp vpn on dd-wrt.
is there any settings I need to change?

vpn / ics

Ok, maybe it is not related to ics. After installing ics, I lost my vnp connection for the office (maybe because I was not using any lock screen before) I have re-entered my vpn, but now I always get a "timeout" when I try to connect Do any of you who are using vpn's connection also have this issues, or maybe I have something wrong in my vpn settings ?

Anyone with stock firmware ics can confirm vpn is still working ?

Working fine for me, might be your specific vpn?
Sent from my Transformer TF101 using xda premium

Ok thanks. I'll make sure with the technicien here that everything is ok on their side

I had the same problem...the vpn connection settings were erased after ics update.
I created the connection one more time but didn't worked. I deleted that connection also and created another one...with the same details and worked.

Can confirm this issue also. After creating a new connection vpn works like a charm.

L2TP/IPSec PSK vpn is broken for me after upgrade to ICS. Seems to be a known problem with ICS. My colleague's Transformer Prime with ICS also not working with same type of VPN. It was working great with Honeycomb 3.2.1 before upgrade on both devices. I use the tablet for work extensively so this kind of sucks. Everything else is great.
Have a B90 TF101 so can't easily downgrade!

So is it an accurate assessment that L2 VPNs still do not work on ICS, such as solutions from Cisco and Juniper? We had to setup a special L2TP/IPSec PSK for just Android devices, whereas iDevices work just fine with industry standard SSL VPNs. Amazing that Google can't get on board with this. Wondering too if the Exchange cert issues still persist with the default mail client.

Yes. We setup L2TP/IPSec with PSK on a SonicWall firewall that works for both the iDevices and our Android devices. All android devices that upgraded to ICS stopped working. Will try to connect but will timeout trying to establish connection. I can't confirm all other L2TP VPN types but PSK is definitely not functioning.
We've never had any issues with Exchange push on the devices.

I can confirm it.
Today we have tested furthermore.
Everything is ok on the server side and on the client side.
Looking at the firewall, we can see the tf101 establishing a connection, but nothing about phase 2, it's like the server is giving the acknowledge about the PSK, but the TF101 can't hear or is not listening to it.. eventually it goes out with a timeout.
Everything was ok before ics.
where should i post this message, is it enough to be listed here or should a send a support mail to asus ? or google ?
by the way I've tried deleting and recreating, but still not working.

I formatted before and after ics. I would suggest a format first.
Sent from my GT-I9100 using xda premium

is there a solusion for not using a secure lock while using vpn on ics?
Sent from my HTC Sensation Z710e using xda premium

I've done a factory reset too, still the same problem

Alternative Solution
Hello,
This isnt a fix by any means but have you had a look at 2X Application XG Server, it is a little like citrix but a hell of a lot cheaper.
The client is awesome and works perfectly for windows, android and iOS.
It is free if you have a low count of concurrent users, I believe it is 5 concurrent users for free, anyway the link is below;
cant post links guys sorry it is 2x with www and .com in between...
If you need a hand with deployment drop me an email at [email protected] and we can sort something out, not doing the big sell here guys just something we use as a company when we decided to move our customers away from VPN's.
Anyway hope someone finds it useful.
cheers.

Don't know if this will help but i use vpnc widget and 2x client. My system is all cisco, and the only way i could get to it before was with an ipad, which i have since given away for obvious reasons. I have been on revolver for some time now, and just upgraded to 4, with no issues whatsoever - if anything it is more stable!

Works for me, too, but I sure would like to know if anyone has figured out how to disable the screen-lock when credential storage is enabled, as I am using mine for an individual OpenVPN and PPTP vpn and it is just plain irritating.

i've sent technical inquiries to Asus with no response. Very disappointing. I guess they are fixing other issues that have a more broad base of users before they take on things like VPN. I believe this is a general ICS issue as a quick search on Google shows varies reports across different manufacturers who have released ICS and the L2TP VPNs are broken. Several bug reports have been reported to Google. Great way for Google to alienate business users.
Do a Google search with these terms and you see all the references to this problem
"L2TP IPSEC PSK android ics"

I was wondering if anyone out there was using an IPSec Xauth PSK type connection? This is what we have at work. I set up the connection on my TF101, I put in all the correct info, and when I clicked connect it connected; however, there was no data sent or received. I disconnect and try reconnecting, but the connection times out. Before the ICS update I didn't even have this connection option so its a step in the right direction, the only problem is that nothing happens when I connect. Is anyone else having the same problem? Is this a known issue? Thanks in advance for any help you can offer.

x_kain_x said:
I was wondering if anyone out there was using an IPSec Xauth PSK type connection? This is what we have at work. I set up the connection on my TF101, I put in all the correct info, and when I clicked connect it connected; however, there was no data sent or received. I disconnect and try reconnecting, but the connection times out. Before the ICS update I didn't even have this connection option so its a step in the right direction, the only problem is that nothing happens when I connect. Is anyone else having the same problem? Is this a known issue? Thanks in advance for any help you can offer.
Click to expand...
Click to collapse
Works great here. I use the vpnc widget and x2 client as well works a treat since ics update.

vettejock99 said:
Works for me, too, but I sure would like to know if anyone has figured out how to disable the screen-lock when credential storage is enabled, as I am using mine for an individual OpenVPN and PPTP vpn and it is just plain irritating.
Click to expand...
Click to collapse
Grrr... indeed. But I've foud a free app on Market: VpnROOT - PPTP - Manager
karlr30 said:
I've done a factory reset too, still the same problem
Click to expand...
Click to collapse
+1
Edit: Hummm... for me I've found a temporary solution by using another app found on Market: "VpnROOT - PPTP - Manager".
My VPN use PPTP with MPPE encryption so, this one works fine for me.

PEAP Wifi

Anyone have luck connecting to a PEAP AP with credentials, I tried some apps that don't seem to work? I can't connect at my University.
Photon Q

I haven't been able to join my work's network with the photon q either. Someone in my thread suggested "explicitly trusting" the certificate but I haven't had the chance to see if the network team is competent enough to do that.
Other people at work also have other motorola phones with ICS so I'll ask them if they can connect. I haven't seen any other devices struggle like the photon q. It just constantly says connecting and then giving up. I can manually set everything correctly and it doesn't matter, if I don't manually create the profile it never asks for the rest of the information.
I'm really at a loss but if sprint's LTE announcements hold true in a couple weeks it may not even matter (assuming an LTE signal is even remotely discoverable).

same for me, I'm just hoping for an JB update soon(yeah right) cause LTE will never be here, but we don't even have wimax. thanks
Sent from my XT897 using xda app-developers app

Plancy said:
same for me, I'm just hoping for an JB update soon(yeah right) cause LTE will never be here, but we don't even have wimax. thanks
Sent from my XT897 using xda app-developers app
Click to expand...
Click to collapse
I know... I do miss my evo shift's wimax, sometimes my work network was so crappy that I'd just wirelessly tether to my phone and got much better speeds.
Interesting that you noted JB. Is the general consensus that Motorola is rather slow about releasing OS updates? My co-worker with the Droid 4 just got ICS a few weeks ago while the Galaxy Nexus has been starting to get JB on sprint.

Successful connect to EAP
Well, my university has 802.1x EAP for wifi encryption. I was unable to connect from my Photon Q using the wifi settings. I have, however, found a workaround. It consists of using this app "WiFi Connection Manager" (Sorry I can't post the link)
I added the network manually through this app, and my phone connects to the network automatically.
Ill write down the steps for my University's network:
1) Click on the app "WiFi Manager"
2) Click on the menu button inside the app
3) "Manual Add Network"
4)Put in the credentials
5) Click Add
6) the phone should connect to the Enterprise network now.
Hopefully it works for everyone who needs it.

zodiac12345 said:
I have, however, found a workaround. It consists of using this app "WiFi Connection Manager"
Click to expand...
Click to collapse
Free from the play store & working for me as well.

zodiac12345 said:
Well, my university has 802.1x EAP for wifi encryption. I was unable to connect from my Photon Q using the wifi settings. I have, however, found a workaround. It consists of using this app "WiFi Connection Manager" (Sorry I can't post the link)
Click to expand...
Click to collapse
I can!
https://play.google.com/store/apps/details?id=com.roamingsoft.manager

I'll have to give this a shot when I go to work tomorrow, I had the network director fiddling with my phone for a while and checking the AP manager and they just weren't talking properly. We loaded our certificate onto the phone as well and that had no effect.
EDIT: IT WORKED. Oddly enough the APs showed up as WPA/WPA2 PSK in the program, but when I manually created the profile with the settings that I know are correct it did eventually connect and work.

good work guys, my univeristy just switched over to peap and this thread helped.

Thanks, guys. Once I had gotten my Photon Q back in late September, I was able to connect to my Universities' wi-fi, although it was kind of a pain because I had to delete and re-create the network profile a few times before it would work. A few weeks ago, though, we had a security certificate expire, and so for the past three weeks I've been unable to connect to our wi-fi. Using the WiFi Connection Manager to manually create the profile worked like a charm though!
In case people are curious, our Universities wi-fi is 802.1X EAP/PEAP using MSCHAPv2 as Phase 2 authentication.

wingzeroismine said:
I'll have to give this a shot when I go to work tomorrow, I had the network director fiddling with my phone for a while and checking the AP manager and they just weren't talking properly. We loaded our certificate onto the phone as well and that had no effect.
EDIT: IT WORKED. Oddly enough the APs showed up as WPA/WPA2 PSK in the program, but when I manually created the profile with the settings that I know are correct it did eventually connect and work.
Click to expand...
Click to collapse
Thanks for this thread, and thanks for this post. I had the same thing happen. My work wifi showed WPA/WPA2, ect., and I could not enter my credentials. We also have an open wifi, which the program kept logging into automatically, but it doesn't work for me because it doesn't allow ssl. So, I had to delete the open network, go to the settings to filter the scan to ignore open networks, then add the secure network manually with all the credentials entered. Then it worked.

[Q] L2TP/IPSEC VPN never connects.

Has anyone got an L2TP/IPSEC vpn connecting on the s7 at all?
Everything I try just results in a failed attempt to connect, however, if I try the exact same connection settings on my N4 running 5.1.1 then it connects first time every time.

did you manage to get this to work ?
L2TP/IPSEC PSK here and not able to connect via S7 but does fine with my Windows 8 laptop. OpenVPN works on S7 though

Nope, not at all.
Marshmallow fails totally still. Did find a google link which suggests it is an OS issue.
https://code.google.com/p/android/issues/detail?id=196939

Trixster101 said:
Nope, not at all.
Marshmallow fails totally still. Did find a google link which suggests it is an OS issue.
https://code.google.com/p/android/issues/detail?id=196939
Click to expand...
Click to collapse
thanks for that https://code.google.com/p/android/issues/detail?id=196939#c70
I have found a work around. If you can force your VPN server (assuming you
are in control of it the way I am with mine), and can force it to use SHA1
instead of SHA2 then it works. It seems the version of SHA2-256 that
Android 6.x.x is using is an older draft specification and the one
implemented in many other IPsec implementations uses the official SHA2-256
implementation with the correct padding and whatever else.
Has anyone else tried this? I have it set on my server and works with both
new and old Android. Though I am not fond of having to intentionally
weaken my security strength by having to run an older hash algorithm but
considering we can't use Diffie Hellman group larger than 1024 bits anyhow,
seems like a moot point.
Sly
Click to expand...
Click to collapse
and https://code.google.com/p/android/issues/detail?id=196939#c35
In your ipsec.conf file you should add three additions,
add ,aes256-sha2_256 to both ike= and phase2alg=
Then add a newline with sha2-truncbug=yes
reload ipsec
You should now be able to connect to your VPN. I've tested it on my Nexus 5x now, and works like a charm!
Click to expand...
Click to collapse

I had a problem too connecting it to my Synology DS214+ L2PT/Ipsec. I got it by removing my capital letters in my password and after I was able to connect. I don't know the capital character was the problem but now it's working for me.

I am trying to set up a L2PT/IPSec VPN profile for my S7 running on Superman Rom (Android 6.0.1) but always when I connect to the VPN, it says "Unfortunatelly System UI has stopped" and the phone then crashes. Not sure, if this is Custom-ROM specific error, OS-specific error or something else.. Somebody too experiences this problem? Any solutions/ideas, how I can get the VPN connection work? Maybe there are some apps, capable of doing this (I found none capable of L2PT)?

blaukraut said:
I am trying to set up a L2PT/IPSec VPN profile for my S7 running on Superman Rom (Android 6.0.1) but always when I connect to the VPN, it says "Unfortunatelly System UI has stopped" and the phone then crashes. Not sure, if this is Custom-ROM specific error, OS-specific error or something else.. Somebody too experiences this problem? Any solutions/ideas, how I can get the VPN connection work? Maybe there are some apps, capable of doing this (I found none capable of L2PT)?
Click to expand...
Click to collapse
I have same problem with NOBLE rom did you fix it?

No. I then recognized that my VPN provider also supports the VPN connection via Cisco AnyConnect (also for Android), which was very simple and straight forward.