Hello, Please help me with this, as I'm completely stuck.
Windows 10 can connect to my StrongSwan server. But the IP address doesn't change to the VPN. It still shows the local IP address. Accordingly blocked websites remain blocked. config setup strictcrlpolicy=yes uniqueids=never conn roadwarrior auto=add compress=no type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384 esp=aes256-sha1,3des-sha1! dpdaction=clear dpddelay=180s rekey=no left=%any leftid=@vpn-1.domain.net leftcert=cert.pem leftsendcert=always leftsubnet=0.0.0.0/0 right=%any rightid=%any rightauth=eap-radius eap_identity=%any rightdns=208.67.222.222,208.67.220.220 rightsourceip=10.10.10.0/24 rightsendcert=never Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes) Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery Capable vendor ID Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact vendor ID Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an IKE_SA Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending keep alives Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes) Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4) ] Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting for complete IKE message Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4) ] Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting for complete IKE message Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4) ] Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting for complete IKE message Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes) Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4) ] Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4, reassembling fragmented IKE message Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an unknown ca Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104] Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior' Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA request 15 [ SA No TSi TSr ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3} established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 === 10.10.10.1/32 Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA response 15 [ SA No TSi TSr ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request 16 [ D ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP CHILD_SA with SPI af63e684 Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing CHILD_SA roadwarrior{2} with SPIs cf6737f5_i (104 bytes) af63e684_o (0 bytes) and TS 0.0.0.0/0 === 10.10.10.1/32 Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] sending DELETE for ESP CHILD_SA with SPI cf6737f5 Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] CHILD_SA closed Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL response 16 [ D ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:50:45 vpn-1 ipsec[1051]: 14[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:50:45 vpn-1 ipsec[1051]: 13[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:50:45 vpn-1 ipsec[1051]: 06[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] parsed INFORMATIONAL request 17 [ D ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] received DELETE for ESP CHILD_SA with SPI d57f9f2c Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] closing CHILD_SA roadwarrior{3} with SPIs ccadd085_i (2260 bytes) d57f9f2c_o (0 bytes) and TS 0.0.0.0/0 === 10.10.10.1/32 Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] sending DELETE for ESP CHILD_SA with SPI ccadd085 Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] CHILD_SA closed Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] generating INFORMATIONAL response 17 [ D ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request 18 [ D ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for IKE_SA roadwarrior[1] Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] deleting IKE_SA roadwarrior[1] between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104] Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] IKE_SA deleted Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS Accounting-Request to server 'server-a' Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] received RADIUS Accounting-Response from server 'server-a' Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL response 18 [ ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] lease 10.10.10.1 by 'userx' went offline Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] received packet: from 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS-Negotiation Discovery Capable vendor ID Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received Vid-Initial-Contact vendor ID Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] 91.98.xxx.xxx is initiating an IKE_SA Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] local host is behind NAT, sending keep alives Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] remote host is behind NAT Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] sending packet: from 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4) ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] received fragment #1 of 4, waiting for complete IKE message Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4) ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] received fragment #2 of 4, waiting for complete IKE message Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4) ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] received fragment #3 of 4, waiting for complete IKE message Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4) ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] received fragment #4 of 4, reassembling fragmented IKE message Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] received 57 cert requests for an unknown ca Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] looking for peer configs matching 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104] Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] selected peer config 'roadwarrior' Mar 29 16:50:45 vpn-1 charon: 11[IKE] initiating EAP_IDENTITY method (id 0x00) Mar 29 16:50:45 vpn-1 charon: 11[IKE] peer supports MOBIKE Mar 29 16:50:45 vpn-1 charon: 11[IKE] authentication of 'vpn-1.domain.net' (myself) with RSA signature successful Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending end entity cert "CN= vpn-1.domain.net" Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3" Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ] Mar 29 16:50:45 vpn-1 charon: 11[ENC] splitting IKE message with length of 2924 bytes into 3 fragments Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ EF(1/3) ] Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ EF(2/3) ] Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ EF(3/3) ] Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes) Mar 29 16:50:45 vpn-1 charon: 14[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:45 vpn-1 charon: 14[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ] Mar 29 16:50:45 vpn-1 charon: 14[IKE] received EAP identity 'userx' Mar 29 16:50:45 vpn-1 charon: 14[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:45 vpn-1 charon: 14[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:45 vpn-1 charon: 14[IKE] initiating EAP_MD5 method (id 0x01) Mar 29 16:50:45 vpn-1 charon: 14[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MD5 ] Mar 29 16:50:45 vpn-1 charon: 14[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes) Mar 29 16:50:45 vpn-1 charon: 13[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:45 vpn-1 charon: 13[ENC] parsed IKE_AUTH request 3 [ EAP/RES/NAK ] Mar 29 16:50:45 vpn-1 charon: 13[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:45 vpn-1 charon: 13[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:45 vpn-1 charon: 13[ENC] generating IKE_AUTH response 3 [ EAP/REQ/PEAP ] Mar 29 16:50:45 vpn-1 charon: 13[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) Mar 29 16:50:46 vpn-1 charon: 15[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes) Mar 29 16:50:46 vpn-1 charon: 15[ENC] parsed IKE_AUTH request 4 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 charon: 15[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 charon: 15[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 charon: 15[ENC] generating IKE_AUTH response 4 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 charon: 15[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes) Mar 29 16:50:46 vpn-1 charon: 06[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:46 vpn-1 charon: 06[ENC] parsed IKE_AUTH request 5 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 charon: 06[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 charon: 06[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 charon: 06[ENC] generating IKE_AUTH response 5 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 charon: 06[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes) Mar 29 16:50:46 vpn-1 charon: 05[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes) Mar 29 16:50:46 vpn-1 charon: 05[ENC] parsed IKE_AUTH request 6 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 charon: 05[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 charon: 05[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 charon: 05[ENC] generating IKE_AUTH response 6 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 charon: 05[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes) Mar 29 16:50:46 vpn-1 charon: 16[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:46 vpn-1 charon: 16[ENC] parsed IKE_AUTH request 7 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 charon: 16[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 charon: 16[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 charon: 16[ENC] generating IKE_AUTH response 7 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 charon: 16[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes) Mar 29 16:50:46 vpn-1 charon: 07[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes) Mar 29 16:50:46 vpn-1 charon: 07[ENC] parsed IKE_AUTH request 8 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 charon: 07[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 charon: 07[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 charon: 07[ENC] generating IKE_AUTH response 8 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 charon: 07[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes) Mar 29 16:50:46 vpn-1 charon: 08[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes) Mar 29 16:50:46 vpn-1 charon: 08[ENC] parsed IKE_AUTH request 9 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 charon: 08[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 charon: 08[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 charon: 08[ENC] generating IKE_AUTH response 9 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 charon: 08[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] initiating EAP_IDENTITY method (id 0x00) Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] peer supports MOBIKE Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] authentication of ' vpn-1.domain.net' (myself) with RSA signature successful Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending end entity cert "CN= vpn-1.domain.net" Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending issuer cert "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3" Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] splitting IKE message with length of 2924 bytes into 3 fragments Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 [ EF(1/3) ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 [ EF(2/3) ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 [ EF(3/3) ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] received EAP identity 'userx' Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] initiating EAP_MD5 method (id 0x01) Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MD5 ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] parsed IKE_AUTH request 3 [ EAP/RES/NAK ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] generating IKE_AUTH response 3 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] parsed IKE_AUTH request 4 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] generating IKE_AUTH response 4 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 charon: 09[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] parsed IKE_AUTH request 5 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] generating IKE_AUTH response 5 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] parsed IKE_AUTH request 6 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] generating IKE_AUTH response 6 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] parsed IKE_AUTH request 7 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] generating IKE_AUTH response 7 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] parsed IKE_AUTH request 8 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] generating IKE_AUTH response 8 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes) Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_AUTH request 9 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] generating IKE_AUTH response 9 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 10 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes) Mar 29 16:50:46 vpn-1 charon: 09[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 charon: 09[CFG] received RADIUS Access-Challenge from server 'server-a' Mar 29 16:50:46 vpn-1 charon: 09[ENC] generating IKE_AUTH response 10 [ EAP/REQ/PEAP ] Mar 29 16:50:46 vpn-1 charon: 09[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes) Mar 29 16:50:46 vpn-1 charon: 10[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (124 bytes) Mar 29 16:50:46 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 11 [ EAP/RES/PEAP ] Mar 29 16:50:46 vpn-1 charon: 10[CFG] sending RADIUS Access-Request to server 'server-a' Mar 29 16:50:46 vpn-1 charon: 10[CFG] received RADIUS Access-Accept from server 'server-a' Mar 29 16:50:46 vpn-1 charon: 10[CFG] scheduling RADIUS Interim-Updates every 300s Mar 29 16:50:46 vpn-1 charon: 10[IKE] RADIUS authentication of 'userx' successful Mar 29 16:50:46 vpn-1 charon: 10[IKE] EAP method EAP_PEAP succeeded, MSK established Mar 29 16:50:46 vpn-1 charon: 10[ENC] generating IKE_AUTH response 11 [ EAP/SUCC ] Mar 29 16:50:46 vpn-1 charon: 10[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) Mar 29 16:50:47 vpn-1 charon: 12[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (92 bytes) Mar 29 16:50:47 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 12 [ AUTH ] Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of '192.168.1.104' with EAP successful Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of 'vpn-1.domain.net' (myself) with EAP Mar 29 16:50:47 vpn-1 charon: 12[IKE] IKE_SA roadwarrior[2] established between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104] Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any Mar 29 16:50:47 vpn-1 charon: 12[CFG] reassigning offline lease to 'userx' Mar 29 16:50:47 vpn-1 charon: 12[IKE] assigning virtual IP 10.10.10.1 to peer 'userx' Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any6 Mar 29 16:50:47 vpn-1 charon: 12[IKE] no virtual IP found for %any6 requested by 'userx' Mar 29 16:50:47 vpn-1 charon: 12[IKE] CHILD_SA roadwarrior{4} established with SPIs c10aa3f3_i 32cfd28c_o and TS 0.0.0.0/0 === 10.10.10.1/32 Mar 29 16:50:47 vpn-1 charon: 12[CFG] sending RADIUS Accounting-Request to server 'server-a' Mar 29 16:50:47 vpn-1 charon: 12[CFG] received RADIUS Accounting-Response from server 'server-a' Mar 29 16:50:47 vpn-1 charon: 12[ENC] generating IKE_AUTH response 12 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ] Mar 29 16:50:47 vpn-1 charon: 12[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (236 bytes) Mar 29 16:51:07 vpn-1 charon: 15[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:51:27 vpn-1 charon: 16[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:51:47 vpn-1 charon: 07[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:52:07 vpn-1 charon: 09[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:52:27 vpn-1 charon: 11[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:52:47 vpn-1 charon: 12[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:53:07 vpn-1 charon: 14[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:53:27 vpn-1 charon: 15[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:53:47 vpn-1 charon: 16[IKE] sending keep alive to 91.98.xxx.xxx[4500]