Comments
-
It turned out to be a faster resolution than I thought. A rookie issue apparently… The certificate expired on 8th of November… Interesting though, that it drops local IP mismatch.
-
Theoretically it could work. The certificate is created by you inside the ATP, under objects-certificates. This needs to be exported as file and imported into the Android phone. How did you make it work last time? Not like this?
-
Correct
-
You might have overlooked what PeterUK wrote: "If the certificate says a IP then the fw needs to have that IP and be WAN" So since the router has the external IP, your ATP claims to have an internal IP which in turn will not match the one set in the certificate.
-
Its a Samsung limitaton on hashing algorithms as I recall. Anyway Strongswan seamlessly integrates into Android.
-
I am also using it like that on a USGFLEX100
-
Well client VPN needs a fw exposed to a public IP. Hidden behind a NAT will obviously not work. The only exception is when this FW will act as a client to another one that has public IP, then they can build a tunnel between themselves.
-
Is that same ip included in the certificate too?
-
Hi James, I got it going, thanks!
-
Hi Chris, Seems to work now fine, thank you very much for the clarification. Have a wonderful weekend! :-)
-
Yep, but if I change it to that, the tunnel stops working. What should be the Address content - in the last text box?
-
anyway if I change the subnet to an IP that it could ping, the tunnel stops working, so it's not a solution unfortunately...
-
Oh I see now, the text is confusing, you may consider changing it to Connectivity Check IP address.. :-) BTW, what shall I include in the "address" text box (the last one)? No explanation there for this. Thanks for helping Chris! :-)
-
Hi Chris, I may not fully understand you, so you're saying I should put here the subnet interface IP? without the /24? Or the other firewall's inside IP?
-