Android 4 ICS: VPN with IPsec PSK fails
I really like Android Ice Cream Sandwich on my Google Nexus S except for one thing: IPsec has a bug and is unusable. The bug was already reported in December 2011. Unfortunately there is no feedback from Google whatsoever. And it’s not like this bug is hard to verify. Install CentOS 6.2 on a VM, configure Openswan and you can see that setting up an IPsec PSK link between Android ICS and Openswan fails because Android ICS seems to mess up the payload which causes this error:
byte 7 of ISAKMP NAT-OA Payload must be zero, but is not
Starting in March both Samsung and HTC will start to roll out Android ICS to (some of) their current phones. Unless the Android Development Team fixes this bug there will be millions and millions of users who can no longer setup a secure tunnel using IPsec. Let’s hope it does not get to that.