VPN Flex 50 Strongswan Android(15)

jcbais

Hello,
I’m trying to create a VPN between my Flex 50 and Strongswan on Android 15 and I always have the same error!!!!!

I did the configuration on the Flex by the wizard and exported the script to add it in the mobile.
Here are the mobile logs:

"Sep 3 16:09:28 00[DMN] Starting IKE service (strongSwan 6.0.1, Android 15 - AP3A.240905.015.A2.G991BXXSFHYE1/2025-05-01, SM-G991B - samsung/o1sxeea/samsung, Linux 5.4.242-30958140-abG991BXXSFHYE1, aarch64, org.strongswan.android)
Sep 3 16:09:28 00[LIB] providers loaded by OpenSSL: default legacy
Sep 3 16:09:28 00[LIB] loaded plugins: androidbridge charon android-log socket-default openssl nonce pkcs1 pem x509 xcbc kdf revocation eap-identity eap-mschapv2 eap-md5 eap-gtc eap-tls
Sep 3 16:09:28 00[JOB] spawning 16 worker threads
Sep 3 16:09:28 16[IKE] initiating IKE_SA android[20] to 66.111.66.111
Sep 3 16:09:28 16[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Sep 3 16:09:28 16[NET] sending packet: from 192.0.0.4[45273] to 66.111.66.111[500] (272 bytes)
Sep 3 16:09:28 09[NET] received packet: from 66.111.66.111[500] to 192.0.0.4[45273] (677 bytes)
Sep 3 16:09:28 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HTTP_CERT_LOOK) CERTREQ V V V V V V ]
Sep 3 16:09:28 09[ENC] received unknown vendor ID: f7:58:f2:26:68:75:0f:03:b0:8d:f6:eb:e1:d0:04:03
Sep 3 16:09:28 09[ENC] received unknown vendor ID: f9:19:6d:f8:6b:81:2f:b0:f6:80:26:d8:87:6d:cb:7b:00:04:32:00
Sep 3 16:09:28 09[ENC] received unknown vendor ID: ac:40:f8:c4:38:99:27:c6:e8:ac:24:53:1b:b7:8b:2b:14:d3:66:ab:9b:d8:6d:80:a3:d8:51:fd:a5:d9:df:44:9e:c3:ee:2d:a3:f7:bd:a7:85:18:55:f7:5b:89:3f:5f:01:b0:e6:47:83:6b:58:58:91:cc:ba:9e:23:44:2a:ef:08:90:ac:a6:0a:d0:dd:e9:28:28:5e:d1:be:0e:7d:7a:cf:9d:d3:de:f2:47:06:b8:c7:a4:35:67:bd:c6:62:69:94:4b:fa:86:e8:12:ee:85:61:01:9a:79:a3:a5:08:d7:5b:7e:4e:12:69:8b:f7:36:21:99:90:f0:3b:83:98:54
Sep 3 16:09:28 09[ENC] received unknown vendor ID: 24:ae:2f:6d:9e:a6:1b:d4:23:5e:e3:f3:c2:ee:65:6f:42:e5:69:6b:0a:e8:0c:c5:d0:b5:da:47:89:2d:4d:d5:4a:b3:a0:97:76:2d:b6:dd:c5:76:43:de:a3:d9:d9:71:6b:dd:34:87:e4:6b:06:48:3d:ea:32:2a:94:78:b0:73
Sep 3 16:09:28 09[ENC] received unknown vendor ID: 8a:3b:5b:d4:b8:94:b2:f3:37:0c:1e:65:67:2e:ec:44
Sep 3 16:09:28 09[ENC] received unknown vendor ID: b6:c9:8c:ca:29:0a:eb:be:37:f1:9f:31:12:d2:d7:cb
Sep 3 16:09:28 09[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
Sep 3 16:09:28 09[IKE] local host is behind NAT, sending keep alives
Sep 3 16:09:28 09[IKE] remote host is behind NAT
Sep 3 16:09:28 09[IKE] received cert request for "CN=66.111.66.111"
Sep 3 16:09:28 09[IKE] received 6 cert requests for an unknown ca
Sep 3 16:09:28 09[IKE] sending cert request for "CN=66.111.66.111"
Sep 3 16:09:28 09[IKE] establishing CHILD_SA android{20}
Sep 3 16:09:28 09[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr CPRQ(ADDR ADDR6 DNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Sep 3 16:09:28 09[NET] sending packet: from 192.0.0.4[58023] to 66.111.66.111[4500] (352 bytes)
Sep 3 16:09:28 10[NET] received packet: from 66.111.66.111[4500] to 192.0.0.4[58023] (128 bytes)
Sep 3 16:09:28 10[ENC] invalid notify data length for NO_PROPOSAL_CHOSEN (48)
Sep 3 16:09:28 10[ENC] NOTIFY verification failed
Sep 3 16:09:28 10[ENC] could not decrypt payloads
Sep 3 16:09:28 10[IKE] message verification failed
Sep 3 16:09:28 10[IKE] IKE_AUTH response with message ID 1 processing failed"

Please HELP ME.

I contacted the Zyxel Hotline but they don’t have time to help me😪😪

Bests Regards

JC

jcbais

Hello Tina,
sorry for this late response.
I just sent you the information in a private message.

Best Regards

JC

PeterUK

post the wizard settings it made with advanced options of both VPN gateway and VPN connection

post USG logs for IKE

Zyxel_Tina

Hi @jcbais,

Welcome to Zyxel Community!

We have tested the VPN connection between a ZLD firewall and the Strongswan client on Android, and the connection works correctly in our environment.

To further investigate why it fails in your case, could you please provide us with the following information via private message:

1. Firewall configuration file.
2. The Android VPN configuration file (the script you downloaded from the VPN wizard).
3. If possible, one temporary VPN test account (username/password) that we can use to reproduce the connection.

This will help us check if there are any mismatches in the configuration settings.

jcbais

Hello Tina,
sorry for this late response.
I just sent you the information in a private message.

Best Regards

JC