50.6. Connection Logs

A logging system (logcat) is incorporated into Android. It receives and caches log messages from all applications, such as the VPN system. An additional app is required for viewing and exporting. Since the log files are typically quite large and extensive, we recommend that you do not analyze them on the device itself, but send them to a PC by email or file transfer. There are several apps that support this function.

We can recommend a simple and reliable app SendLog by Neil Boyd.

In SendLog, select time and send the log e.g. by email to a PC.

VPN system entries are marked by date and time with the program name "racoon".

A successful connection setup will look like this in the log:

I/racoon  (12321): 192.168.3.66[500] used for NAT-T
I/racoon  (12321): 192.168.3.66[500] used as isakmp port (fd=10)
I/racoon  (12321): 192.168.3.66[4500] used for NAT-T
I/racoon  (12321): 192.168.3.66[4500] used as isakmp port (fd=11)
I/racoon  (12321): initiate new phase 1 negotiation: 
                   192.168.3.66[500]<=>88.89.90.1[500]
I/racoon  (12321): begin Identity Protection mode.
I/racoon  (12321): received Vendor ID: CISCO-UNITY
I/racoon  (12321): received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
I/racoon  (12321): received Vendor ID: DPD
I/racoon  (12321): received Vendor ID: RFC 3947
I/racoon  (12321): Selected NAT-T version: RFC 3947
I/racoon  (12321): Hashing 88.89.90.1[500] with algo #2 
I/racoon  (12321): Hashing 192.168.3.66[500] with algo #2 
I/racoon  (12321): Adding remote and local NAT-D payloads.
I/racoon  (12321): Hashing 192.168.3.66[500] with algo #2 
I/racoon  (12321): NAT-D payload #0 verified
I/racoon  (12321): Hashing 88.89.90.1[500] with algo #2 
I/racoon  (12321): NAT-D payload #1 verified
I/racoon  (12321): NAT not detected 
W/racoon  (12321): unable to get certificate CRL(3) at depth:
                   0 SubjectName:/CN=mein-server.dyndns.org
I/racoon  (12321): ISAKMP-SA established 192.168.3.66[500]-88.89.90.1[500]
                   spi:9188e3843d64a14d:e6b839a89f64ea7f
W/racoon  (12321): Ignored attribute UNITY_BANNER
W/racoon  (12321): Ignored attribute APPLICATION_VERSION
V/Vpn     (17141): interface tun0 added
D/VpnJni  (17141): Route added on tun0: 0.0.0.0/0
V/LegacyVpnRunner(17141): set routes 0.0.0.0/0 on tun0
D/ConnectivityService(17141): adding dns 192.168.13.254 for VPN
I/LegacyVpnRunner(17141): Connected!

Android is currently setting up Phase 1 and configuring a route and the DNS server. Phase 2 is only activated when data is actually available for transmission:

I/racoon  (12321): initiate new phase 2 negotiation: 
                   192.168.3.66[500]<=>88.89.90.1[500]
W/racoon  (12321): low key length proposed, mine:256 peer:128.
W/racoon  (12321): authtype mismatched: my:hmac-md5 peer:hmac-sha
I/racoon  (12321): IPsec-SA established: ESP/Tunnel 
                   192.168.3.66[500]->88.89.90.1[500] spi=80734113(0x4cfe7a1)
I/racoon  (12321): IPsec-SA established: ESP/Tunnel 
                   192.168.3.66[500]->88.89.90.1[500] spi=3232115548(0xc0a62b5c)