IPsec tunnel to Android device not created even though there is an IKE SA

androidipsecnetworkingtunneling

I'm trying to configure a VPN tunnel between an Android device running 4.1 and a Fedora 17 Linux box running strongSwan 5.0. The device reports that it is connected and strongSwan statusall returns that there is an IKE SA, but doesn't display a tunnel. I used the instructions for iOS in the wiki to generate certificates and configure strongSwan. Since Android uses a modified version of racoon this should work and since the connection is partly established I think I am on the right track. I don't see any errors about not being able to create the tunnel.

This is the configuration for the strongSwan connection

conn android2
    keyexchange=ikev1
    authby=xauthrsasig
    xauth=server
    left=96.244.142.28
    leftsubnet=0.0.0.0/0
    leftfirewall=yes
    leftcert=serverCert.pem
    right=%any
    rightsubnet=10.0.0.0/24
    rightsourceip=10.0.0.2
    rightcert=clientCert.pem
    ike=aes256-sha1-modp1024
    auto=add

This is the output of strongswan statusall

Status of IKE charon daemon (strongSwan 5.0.0, Linux 3.3.4-5.fc17.x86_64, x86_64):
uptime: 20 minutes, since Oct 31 10:27:31 2012
malloc: sbrk 270336, mmap 0, used 198144, free 72192
worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0, scheduled: 7
loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints  pubkey pkcs1 pkcs8 pgp dnskey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic
Virtual IP pools (size/online/offline):
  android-hybrid: 1/0/0
  android2: 1/1/0
Listening IP addresses:
  96.244.142.28
Connections:
    android-hybrid:  %any...%any  IKEv1
    android-hybrid:   local:  [C=CH, O=strongSwan, CN=vpn.strongswan.org] uses public key authentication
    android-hybrid:    cert:  "C=CH, O=strongSwan, CN=vpn.strongswan.org"
    android-hybrid:   remote: [%any] uses XAuth authentication: any
    android-hybrid:   child:  dynamic === dynamic TUNNEL
    android2:  96.244.142.28...%any  IKEv1
    android2:   local:  [C=CH, O=strongSwan, CN=vpn.strongswan.org] uses public key    authentication
    android2:    cert:  "C=CH, O=strongSwan, CN=vpn.strongswan.org"
    android2:   remote: [C=CH, O=strongSwan, CN=client] uses public key authentication
    android2:    cert:  "C=CH, O=strongSwan, CN=client"
    android2:   remote: [%any] uses XAuth authentication: any
    android2:   child:  0.0.0.0/0 === 10.0.0.0/24 TUNNEL
 Security Associations (1 up, 0 connecting):
    android2[3]: ESTABLISHED 10 seconds ago, 96.244.142.28[C=CH, O=strongSwan,    CN=vpn.strongswan.org]...208.54.35.241[C=CH, O=strongSwan, CN=client]
    android2[3]: Remote XAuth identity: android
    android2[3]: IKEv1 SPIs: 4151e371ad46b20d_i 59a56390d74792d2_r*, public key     reauthentication in 56 minutes
    android2[3]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024

The output of ip -s xfrm policy

src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
    socket in action allow index 3819 priority 0 ptype main share any flag  (0x00000000)
    lifetime config:
      limit: soft 0(bytes), hard 0(bytes)
      limit: soft 0(packets), hard 0(packets)
      expire add: soft 0(sec), hard 0(sec)
      expire use: soft 0(sec), hard 0(sec)
    lifetime current:
      0(bytes), 0(packets)
      add 2012-10-31 13:29:08 use 2012-10-31 13:29:39
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
    socket out action allow index 3812 priority 0 ptype main share any flag  (0x00000000)
    lifetime config:
      limit: soft 0(bytes), hard 0(bytes)
      limit: soft 0(packets), hard 0(packets)
      expire add: soft 0(sec), hard 0(sec)
      expire use: soft 0(sec), hard 0(sec)
    lifetime current:
      0(bytes), 0(packets)
      add 2012-10-31 13:29:08 use 2012-10-31 13:29:22
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
    socket in action allow index 3803 priority 0 ptype main share any flag  (0x00000000)
    lifetime config:
      limit: soft 0(bytes), hard 0(bytes)
      limit: soft 0(packets), hard 0(packets)
      expire add: soft 0(sec), hard 0(sec)
      expire use: soft 0(sec), hard 0(sec)
    lifetime current:
      0(bytes), 0(packets)
      add 2012-10-31 13:29:08 use 2012-10-31 13:29:20
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
    socket out action allow index 3796 priority 0 ptype main share any flag  (0x00000000)
    lifetime config:
      limit: soft 0(bytes), hard 0(bytes)
      limit: soft 0(packets), hard 0(packets)
      expire add: soft 0(sec), hard 0(sec)
      expire use: soft 0(sec), hard 0(sec)
    lifetime current:
      0(bytes), 0(packets)
      add 2012-10-31 13:29:08 use 2012-10-31 13:29:20

So a xfrm policy isn't being created for the connection, even though there is an SA between device and strongswan. Executing ip -s xfrm policy on the android device results in the following output:

src 0.0.0.0/0 dst 10.0.0.2/32 uid 0
dir in action allow index 40 priority 2147483648 share any flag  (0x00000000)
lifetime config:
  limit: soft (INF)(bytes), hard (INF)(bytes)
  limit: soft (INF)(packets), hard (INF)(packets)
  expire add: soft 0(sec), hard 0(sec)
  expire use: soft 0(sec), hard 0(sec)
lifetime current:
  0(bytes), 0(packets)
  add 2012-10-31 13:42:08 use -
tmpl src 96.244.142.28 dst 25.239.33.30
    proto esp spi 0x00000000(0) reqid 0(0x00000000) mode tunnel
    level required share any 
    enc-mask 00000000 auth-mask 00000000 comp-mask 00000000
src 10.0.0.2/32 dst 0.0.0.0/0 uid 0
dir out action allow index 33 priority 2147483648 share any flag  (0x00000000)
lifetime config:
  limit: soft (INF)(bytes), hard (INF)(bytes)
  limit: soft (INF)(packets), hard (INF)(packets)
  expire add: soft 0(sec), hard 0(sec)
  expire use: soft 0(sec), hard 0(sec)
lifetime current:
  0(bytes), 0(packets)
  add 2012-10-31 13:42:08 use -
tmpl src 25.239.33.30 dst 96.244.142.28
    proto esp spi 0x00000000(0) reqid 0(0x00000000) mode tunnel
    level required share any 
    enc-mask 00000000 auth-mask 00000000 comp-mask 00000000

Logs from charon:

00[DMN] Starting IKE charon daemon (strongSwan 5.0.0, Linux 3.3.4-5.fc17.x86_64, x86_64)

00[KNL] listening on interfaces:
00[KNL]   em1
00[KNL]     96.244.142.28
00[KNL]     fe80::224:e8ff:fed2:18b2
00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts'
00[CFG]   loaded ca certificate "C=CH, O=strongSwan, CN=strongSwan CA" from '/etc/strongswan/ipsec.d/cacerts/caCert.pem'
00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts'
00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls'
00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets'
00[CFG]   loaded RSA private key from '/etc/strongswan/ipsec.d/private/clientKey.pem'
00[CFG]   loaded IKE secret for %any
00[CFG]   loaded EAP secret for android
00[CFG]   loaded EAP secret for android
00[DMN] loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic
08[NET] waiting for data on sockets
16[LIB] created thread 16 [15338]
16[JOB] started worker thread 16
11[CFG] received stroke: add connection 'android-hybrid'
11[CFG] conn android-hybrid
11[CFG]   left=%any
11[CFG]   leftsubnet=(null)
11[CFG]   leftsourceip=(null)
11[CFG]   leftauth=pubkey
11[CFG]   leftauth2=(null)
11[CFG]   leftid=(null)
11[CFG]   leftid2=(null)
11[CFG]   leftrsakey=(null)
11[CFG]   leftcert=serverCert.pem
11[CFG]   leftcert2=(null)
11[CFG]   leftca=(null)
11[CFG]   leftca2=(null)
11[CFG]   leftgroups=(null)
11[CFG]   leftupdown=ipsec _updown iptables
11[CFG]   right=%any
11[CFG]   rightsubnet=(null)
11[CFG]   rightsourceip=96.244.142.3
11[CFG]   rightauth=xauth
11[CFG]   rightauth2=(null)
11[CFG]   rightid=%any
11[CFG]   rightid2=(null)
11[CFG]   rightrsakey=(null)
11[CFG]   rightcert=(null)
11[CFG]   rightcert2=(null)
11[CFG]   rightca=(null)
11[CFG]   rightca2=(null)
11[CFG]   rightgroups=(null)
11[CFG]   rightupdown=(null)
11[CFG]   eap_identity=(null)
11[CFG]   aaa_identity=(null)
11[CFG]   xauth_identity=(null)
11[CFG]   ike=aes256-sha1-modp1024
11[CFG]   esp=aes128-sha1-modp2048,3des-sha1-modp1536
11[CFG]   dpddelay=30
11[CFG]   dpdtimeout=150
11[CFG]   dpdaction=0
11[CFG]   closeaction=0
11[CFG]   mediation=no
11[CFG]   mediated_by=(null)
11[CFG]   me_peerid=(null)
11[CFG]   keyexchange=ikev1
11[KNL] getting interface name for %any
11[KNL] %any is not a local address
11[KNL] getting interface name for %any
11[KNL] %any is not a local address
11[CFG] left nor right host is our side, assuming left=local
11[CFG]   loaded certificate "C=CH, O=strongSwan, CN=vpn.strongswan.org" from 'serverCert.pem'
11[CFG]   id '%any' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=vpn.strongswan.org'
11[CFG] added configuration 'android-hybrid'
11[CFG] adding virtual IP address pool 'android-hybrid': 96.244.142.3/32
13[CFG] received stroke: add connection 'android2'
13[CFG] conn android2
13[CFG]   left=96.244.142.28
13[CFG]   leftsubnet=0.0.0.0/0
13[CFG]   leftsourceip=(null)
13[CFG]   leftauth=pubkey
13[CFG]   leftauth2=(null)
13[CFG]   leftid=(null)
13[CFG]   leftid2=(null)
13[CFG]   leftrsakey=(null)
13[CFG]   leftcert=serverCert.pem
13[CFG]   leftcert2=(null)
13[CFG]   leftca=(null)
13[CFG]   leftca2=(null)
13[CFG]   leftgroups=(null)
13[CFG]   leftupdown=ipsec _updown iptables
13[CFG]   right=%any
13[CFG]   rightsubnet=10.0.0.0/24
13[CFG]   rightsourceip=10.0.0.2
13[CFG]   rightauth=pubkey
13[CFG]   rightauth2=xauth
13[CFG]   rightid=(null)
13[CFG]   rightid2=(null)
13[CFG]   rightrsakey=(null)
13[CFG]   rightcert=clientCert.pem
13[CFG]   rightcert2=(null)
13[CFG]   rightca=(null)
13[CFG]   rightca2=(null)
13[CFG]   rightgroups=(null)
13[CFG]   rightupdown=(null)
13[CFG]   eap_identity=(null)
13[CFG]   aaa_identity=(null)
13[CFG]   xauth_identity=(null)
13[CFG]   ike=aes256-sha1-modp1024
13[CFG]   esp=aes128-sha1-modp2048,3des-sha1-modp1536
13[CFG]   dpddelay=30
13[CFG]   dpdtimeout=150
13[CFG]   dpdaction=0
13[CFG]   closeaction=0
13[CFG]   mediation=no
13[CFG]   mediated_by=(null)
13[CFG]   me_peerid=(null)
13[CFG]   keyexchange=ikev0
13[KNL] getting interface name for %any
13[KNL] %any is not a local address
13[KNL] getting interface name for 96.244.142.28
13[KNL] 96.244.142.28 is on interface em1
13[CFG]   loaded certificate "C=CH, O=strongSwan, CN=vpn.strongswan.org" from 'serverCert.pem'
13[CFG]   id '96.244.142.28' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=vpn.strongswan.org'
13[CFG]   loaded certificate "C=CH, O=strongSwan, CN=client" from 'clientCert.pem'
13[CFG]   id '%any' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=client'
13[CFG] added configuration 'android2'
13[CFG] adding virtual IP address pool 'android2': 10.0.0.2/32
08[NET] received packet: from 208.54.35.241[32235] to 96.244.142.28[500]
15[CFG] looking for an ike config for 96.244.142.28...208.54.35.241
15[CFG]   candidate: %any...%any, prio 2
15[CFG]   candidate: 96.244.142.28...%any, prio 5
15[CFG] found matching ike config: 96.244.142.28...%any with prio 5
01[JOB] next event in 29s 999ms, waiting
15[IKE] received NAT-T (RFC 3947) vendor ID
15[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
15[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
15[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
15[IKE] received XAuth vendor ID
15[IKE] received Cisco Unity vendor ID
15[IKE] received DPD vendor ID
15[IKE] 208.54.35.241 is initiating a Main Mode IKE_SA
15[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
15[CFG] selecting proposal:
15[CFG]   proposal matches
15[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
15[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160
15[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
15[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235]
04[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235]
15[MGR] checkin IKE_SA (unnamed)[1]
15[MGR] check-in of IKE_SA successful.
08[NET] received packet: from 208.54.35.241[32235] to 96.244.142.28[500]
08[NET] waiting for data on sockets
07[MGR] checkout IKE_SA by message
07[MGR] IKE_SA (unnamed)[1] successfully checked out
07[NET] received packet: from 208.54.35.241[32235] to 96.244.142.28[500]
07[LIB] size of DH secret exponent: 1023 bits
07[IKE] remote host is behind NAT
07[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA"
07[ENC] generating NAT_D_V1 payload finished
07[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235]
07[MGR] checkin IKE_SA (unnamed)[1]
07[MGR] check-in of IKE_SA successful.
04[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235]
08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
10[IKE] ignoring certificate request without data
10[IKE] received end entity cert "C=CH, O=strongSwan, CN=client"
10[CFG] looking for XAuthInitRSA peer configs matching 96.244.142.28...208.54.35.241[C=CH, O=strongSwan, CN=client]
10[CFG]   candidate "android-hybrid", match: 1/1/2/2 (me/other/ike/version)
10[CFG]   candidate "android2", match: 1/20/5/1 (me/other/ike/version)
10[CFG] selected peer config "android2"
10[CFG]   certificate "C=CH, O=strongSwan, CN=client" key: 2048 bit RSA
10[CFG]   using trusted ca certificate "C=CH, O=strongSwan, CN=strongSwan CA"
10[CFG] checking certificate status of "C=CH, O=strongSwan, CN=client"
10[CFG] ocsp check skipped, no ocsp found
10[CFG] certificate status is not available
10[CFG]   certificate "C=CH, O=strongSwan, CN=strongSwan CA" key: 2048 bit RSA
10[CFG]   reached self-signed root ca with a path length of 0
10[CFG]   using trusted certificate "C=CH, O=strongSwan, CN=client"
10[IKE] authentication of 'C=CH, O=strongSwan, CN=client' with RSA successful
10[ENC] added payload of type ID_V1 to message
10[ENC] added payload of type SIGNATURE_V1 to message
10[IKE] authentication of 'C=CH, O=strongSwan, CN=vpn.strongswan.org' (myself) successful
10[IKE] queueing XAUTH task
10[IKE] sending end entity cert "C=CH, O=strongSwan, CN=vpn.strongswan.org"
10[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
10[IKE] activating new tasks
10[IKE]   activating XAUTH task
10[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
01[JOB] next event in 3s 999ms, waiting
10[MGR] checkin IKE_SA android2[1]
10[MGR] check-in of IKE_SA successful.
08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
08[NET] waiting for data on sockets
12[MGR] checkout IKE_SA by message
12[MGR] IKE_SA android2[1] successfully checked out
12[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
12[MGR] checkin IKE_SA android2[1]
12[MGR] check-in of IKE_SA successful.
08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
16[MGR] checkout IKE_SA by message
16[MGR] IKE_SA android2[1] successfully checked out
16[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
08[NET] waiting for data on sockets                           
16[IKE] XAuth authentication of 'android' successful
16[IKE] reinitiating already active tasks
16[IKE]   XAUTH task
16[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
16[MGR] checkin IKE_SA android2[1]
01[JOB] next event in 3s 907ms, waiting
16[MGR] check-in of IKE_SA successful.
08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
09[MGR] checkout IKE_SA by message
09[MGR] IKE_SA android2[1] successfully checked out
09[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]                                   .8rS
09[IKE] IKE_SA android2[1] established between 96.244.142.28[C=CH, O=strongSwan, CN=vpn.strongswan.org]...208.54.35.241[C=CH, O=strongSwan, CN=client]
09[IKE] IKE_SA android2[1] state change: CONNECTING => ESTABLISHED
09[IKE] scheduling reauthentication in 3409s
09[IKE] maximum IKE_SA lifetime 3589s
09[IKE] activating new tasks
09[IKE] nothing to initiate
09[MGR] checkin IKE_SA android2[1]
09[MGR] check-in of IKE_SA successful.
09[MGR] checkout IKE_SA
09[MGR] IKE_SA android2[1] successfully checked out
09[MGR] checkin IKE_SA android2[1]
09[MGR] check-in of IKE_SA successful.
01[JOB] next event in 3s 854ms, waiting
08[NET] waiting for data on sockets
08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
14[MGR] checkout IKE_SA by message
14[MGR] IKE_SA android2[1] successfully checked out
14[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
14[IKE] processing INTERNAL_IP4_ADDRESS attribute
14[IKE] processing INTERNAL_IP4_NETMASK attribute
14[IKE] processing INTERNAL_IP4_DNS attribute
14[IKE] processing INTERNAL_IP4_NBNS attribute
14[IKE] processing UNITY_BANNER attribute
14[IKE] processing UNITY_DEF_DOMAIN attribute
14[IKE] processing UNITY_SPLITDNS_NAME attribute
14[IKE] processing UNITY_SPLIT_INCLUDE attribute
14[IKE] processing UNITY_LOCAL_LAN attribute
14[IKE] processing APPLICATION_VERSION attribute
14[IKE] peer requested virtual IP %any
14[CFG] assigning new lease to 'android'
14[IKE] assigning virtual IP 10.0.0.2 to peer 'android'
14[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
14[MGR] checkin IKE_SA android2[1]
14[MGR] check-in of IKE_SA successful.
04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
08[NET] waiting for data on sockets
01[JOB] got event, queuing job for execution
01[JOB] next event in 91ms, waiting
13[MGR] checkout IKE_SA
13[MGR] IKE_SA android2[1] successfully checked out
13[MGR] checkin IKE_SA android2[1]
13[MGR] check-in of IKE_SA successful.
01[JOB] got event, queuing job for execution
01[JOB] next event in 24s 136ms, waiting
15[MGR] checkout IKE_SA
15[MGR] IKE_SA android2[1] successfully checked out
15[MGR] checkin IKE_SA android2[1]
15[MGR] check-in of IKE_SA successful.

Android Device:

tcpdump: listening on wlan0, link-type EN10MB (Ethernet), capture size 96 bytes
09:58:28.990424 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 504) 10.1.12.140.500 > 96.244.142.28.500: isakmp 1.0 msgid : phase 1 I ident: [|sa]
09:58:29.037879 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 164) 96.244.142.28.500 > 10.1.12.140.500: isakmp 1.0 msgid : phase 1 R ident: [|sa]
09:58:29.058692 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 256) 10.1.12.140.500 > 96.244.142.28.500: isakmp 1.0 msgid : phase 1 I ident: [|ke]
09:58:29.111273 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 337) 96.244.142.28.500 > 10.1.12.140.500: isakmp 1.0 msgid : phase 1 R ident: [|ke]
09:58:29.174781 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1212) 10.1.12.140.4500 > 96.244.142.28.4500: NONESP-encap: isakmp 1.0 msgid : phase 1 I ident[E]: [encrypted id]
09:58:29.204199 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 1276) 96.244.142.28.4500 > 10.1.12.140.4500: NONESP-encap: isakmp 1.0 msgid : phase 1 R ident[E]: [encrypted id]
09:58:29.204352 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 108) 96.244.142.28.4500 > 10.1.12.140.4500: NONESP-encap: isakmp 1.0 msgid : phase 2/others R #6[E]: [encrypted hash]
09:58:29.207953 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 140) 10.1.12.140.4500 > 96.244.142.28.4500: NONESP-encap: isakmp 1.0 msgid : phase 2/others I inf[E]: [encrypted hash]
09:58:29.208869 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 140) 10.1.12.140.4500 > 96.244.142.28.4500: NONESP-encap: isakmp 1.0 msgid : phase 2/others I #6[E]: [encrypted hash]
09:58:29.283637 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 124) 96.244.142.28.4500 > 10.1.12.140.4500: NONESP-encap: isakmp 1.0 msgid : phase 2/others ? inf[E]: [encrypted hash]
09:58:29.283881 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 108) 96.244.142.28.4500 > 10.1.12.140.4500: NONESP-encap: isakmp 1.0 msgid : phase 2/others R #6[E]: [encrypted hash]
09:58:29.285498 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 124) 10.1.12.140.4500 > 96.244.142.28.4500: NONESP-encap: isakmp 1.0 msgid : phase 2/others I #6[E]: [encrypted hash]
09:58:29.286658 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 156) 10.1.12.140.4500 > 96.244.142.28.4500: NONESP-encap: isakmp 1.0 msgid : phase 2/others I #6[E]: [encrypted hash]
09:58:29.323554 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 108) 96.244.142.28.4500 > 10.1.12.140.4500: NONESP-encap: isakmp 1.0 msgid : phase 2/others R #6[E]: [encrypted hash]
09:58:48.447272 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 29) 10.1.12.140.4500 > 96.244.142.28.4500: isakmp-nat-keep-alive

Strongswan machine:

tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
09:58:29.005470 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 504)
    96.244.142.3.isakmp > 96.244.142.28.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=8
            (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fded)(type=hash value=sha1)(type=group desc value=modp1024))
            (t: #2 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0100)(type=auth value=fded)(type=hash value=md5)(type=group desc value=modp1024))
            (t: #3 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0080)(type=auth value=fded)(type=hash value=sha1)(type=group desc value=modp1024))
            (t: #4 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=aes)(type=keylen value=0080)(type=auth value=fded)(type=hash value=md5)(type=group desc value=modp1024))
            (t: #5 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=fded)(type=hash value=sha1)(type=group desc value=modp1024))
            (t: #6 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=3des)(type=auth value=fded)(type=hash value=md5)(type=group desc value=modp1024))
            (t: #7 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=1des)(type=auth value=fded)(type=hash value=sha1)(type=group desc value=modp1024))
            (t: #8 id=ike (type=lifetype value=sec)(type=lifeduration value=7080)(type=enc value=1des)(type=auth value=fded)(type=hash value=md5)(type=group desc value=modp1024))))
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=16)
    (vid: len=8)
    (vid: len=16)
    (vid: len=20)
    (vid: len=16)
09:58:29.021590 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 164)
    96.244.142.28.isakmp > 96.244.142.3.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=enc value=aes)(type=keylen value=0100)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=fded)(type=lifetype value=sec)(type=lifeduration value=7080))))
    (vid: len=8)
    (vid: len=16)
    (vid: len=16)
09:58:29.065654 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 256)
    96.244.142.3.isakmp > 96.244.142.28.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident:
    (ke: key len=128)
    (nonce: n len=16)
    (pay20)
    (pay20)
09:58:29.073252 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 337)
    96.244.142.28.isakmp > 96.244.142.3.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
    (cr: len=61 type=x509sign)
    (pay20)
    (pay20)
09:58:29.172970 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 1212)
    96.244.142.3.44673 > 96.244.142.28.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 00000000: phase 1 I ident[E]: [encrypted id]
09:58:29.182596 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1276)
    96.244.142.28.ipsec-nat-t > 96.244.142.3.44673: NONESP-encap: isakmp 1.0 msgid 00000000: phase 1 R ident[E]: [encrypted id]
09:58:29.183033 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 108)
    96.244.142.28.ipsec-nat-t > 96.244.142.3.44673: NONESP-encap: isakmp 1.0 msgid 25eb381b: phase 2/others R #6[E]: [encrypted hash]
09:58:29.250287 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 140)
    96.244.142.3.44673 > 96.244.142.28.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid bbbe7b6d: phase 2/others I inf[E]: [encrypted hash]
09:58:29.250325 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 140)
    96.244.142.3.44673 > 96.244.142.28.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 25eb381b: phase 2/others I #6[E]: [encrypted hash]
09:58:29.256037 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 124)
    96.244.142.28.ipsec-nat-t > 96.244.142.3.44673: NONESP-encap: isakmp 1.0 msgid beb336b4: phase 2/others ? inf[E]: [encrypted hash]
09:58:29.257801 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 108)
    96.244.142.28.ipsec-nat-t > 96.244.142.3.44673: NONESP-encap: isakmp 1.0 msgid 15d8cae0: phase 2/others R #6[E]: [encrypted hash]
09:58:29.300333 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 124)
    96.244.142.3.44673 > 96.244.142.28.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid 15d8cae0: phase 2/others I #6[E]: [encrypted hash]
09:58:29.300362 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 156)
    96.244.142.3.44673 > 96.244.142.28.ipsec-nat-t: NONESP-encap: isakmp 1.0 msgid b96496f8: phase 2/others I #6[E]: [encrypted hash]
09:58:29.307755 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 108)
    96.244.142.28.ipsec-nat-t > 96.244.142.3.44673: NONESP-encap: isakmp 1.0 msgid b96496f8: phase 2/others R #6[E]: [encrypted hash]
09:58:48.449886 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 29)
    96.244.142.3.44673 > 96.244.142.28.ipsec-nat-t: isakmp-nat-keep-alive
09:59:08.488463 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto UDP (17), length 29)

Best Answer

The SA you see in the output of strongswan statusall is an IKE_SA (or rather ISAKMP SA as this is IKEv1) not an IPsec SA. Hence, there must be some kind of problem after Main Mode is finished.

ModeConfig (the assignment of the virtual IP and other attributes) seems to work fine, this is also reflected by the IPsec policy installed on the Android device. But what is missing is the Quick Mode request (that's when the IPsec SA would be negotiated):

14[IKE] assigning virtual IP 10.0.0.2 to peer 'android'
14[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]

This is the ModeConfig response that is sent to the Android device, but charon does not receive any message afterwards.

I was now able to reproduce this. This behavior is on purpose. When ModeConfig is finished and the ISAKMP SA is established the following is logged to logcat:

I/racoon  (11096): ISAKMP-SA established [...]
D/VpnJni  (  310): Route added on tun0: 0.0.0.0/0
I/LegacyVpnRunner(  310): Connected!

Also, the virtual IP (in your case 10.0.0.2) received during ModeConfig is added to tun0 and IPsec policies for 10.0.0.2 <=> 0.0.0.0/0 are installed in the kernel (this can also be seen in the ip xfrm policies output you posted).

Now, the IPsec SA is not established until traffic matches the outbound policy. Because 0.0.0.0/0 is used as remote traffic selector (also for the route via tun0) any packet will match the policy and, thus, trigger the Quick Mode negotiation.

In my case as soon as I opened the browser the following was logged:

I/racoon  (15504): initiate new phase 2 negotiation: [...]
I/racoon  (15504): NAT detected -> UDP encapsulation (ENC_MODE 1->3).
W/racoon  (15504): attribute has been modified.
I/racoon  (15504): Adjusting my encmode UDP-Tunnel->Tunnel
I/racoon  (15504): Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)
W/racoon  (15504): low key length proposed, mine:256 peer:128.
W/racoon  (15504): authtype mismatched: my:hmac-md5 peer:hmac-sha
I/racoon  (15504): IPsec-SA established: ESP/Tunnel [...]

Which also resulted in the expected output on the strongSwan gateway:

android2{1}:  INSTALLED, TUNNEL, ESP in UDP SPIs: cd7ceff0_i 0e7ab2fc_o
android2{1}:  AES_CBC_128/HMAC_SHA1_96, 60 bytes_i, 0 bytes_o, rekeying in 41 minutes
android2{1}:   0.0.0.0/0 === 10.0.0.2/32
Related Topic