Hi Filipe, Sorry for the late reply. Below is the information you had requested. It shows 10.10.10.1 instead of 10.10.10.0. Is that the problem? What can I do?
PPP adapter vpn-1.domain.net: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : vpn-1.domain.net Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.10.10.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220 NetBIOS over Tcpip. . . . . . . . : Enabled Many Thanks, Houman On Tue, 2 Apr 2019 at 16:09, Felipe Arturo Polanco <felipeapola...@gmail.com> wrote: > Hi, > > Do an ipconfig /all in windows and check that you have an 10.10.10.0/24 > IP in the output. > > On Tue, Apr 2, 2019 at 6:03 AM Houman <hou...@gmail.com> wrote: > >> Hey guys, >> >> I wonder if this email went through and someone has an idea why this is >> happening. >> >> Many Thanks, >> Houman >> >> On Fri, 29 Mar 2019 at 17:04, Houman <hou...@gmail.com> wrote: >> >>> Hello, >>> >>> Please help me with this, as I'm completely stuck. >>> >>> Windows 10 can connect to my StrongSwan server. But the IP address >>> doesn't change to the VPN. It still shows the local IP address. Accordingly >>> blocked websites remain blocked. >>> >>> config setup >>> strictcrlpolicy=yes >>> uniqueids=never >>> conn roadwarrior >>> auto=add >>> compress=no >>> type=tunnel >>> keyexchange=ikev2 >>> fragmentation=yes >>> forceencaps=yes >>> ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384 >>> esp=aes256-sha1,3des-sha1! >>> dpdaction=clear >>> dpddelay=180s >>> rekey=no >>> left=%any >>> leftid=@vpn-1.domain.net >>> leftcert=cert.pem >>> leftsendcert=always >>> leftsubnet=0.0.0.0/0 >>> right=%any >>> rightid=%any >>> rightauth=eap-radius >>> eap_identity=%any >>> rightdns=208.67.222.222,208.67.220.220 >>> rightsourceip=10.10.10.0/24 >>> rightsendcert=never >>> >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from >>> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA >>> KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 >>> vendor ID >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery >>> Capable vendor ID >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact >>> vendor ID >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID: >>> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an >>> IKE_SA >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending >>> keep alives >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 >>> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from >>> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ >>> EF(1/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting >>> for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ >>> EF(2/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting >>> for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ >>> EF(3/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting >>> for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ >>> EF(4/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4, >>> reassembling fragmented IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi >>> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an >>> unknown ca >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching >>> 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104] >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior' >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA >>> request 15 [ SA No TSi TSr ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3} >>> established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 === >>> 10.10.10.1/32 >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA >>> response 15 [ SA No TSi TSr ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request >>> 16 [ D ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP >>> CHILD_SA with SPI af63e684 >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing CHILD_SA >>> roadwarrior{2} with SPIs cf6737f5_i (104 bytes) af63e684_o (0 bytes) and TS >>> 0.0.0.0/0 === 10.10.10.1/32 >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] sending DELETE for ESP >>> CHILD_SA with SPI cf6737f5 >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] CHILD_SA closed >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL >>> response 16 [ D ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 14[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 13[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 06[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] parsed INFORMATIONAL request >>> 17 [ D ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] received DELETE for ESP >>> CHILD_SA with SPI d57f9f2c >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] closing CHILD_SA >>> roadwarrior{3} with SPIs ccadd085_i (2260 bytes) d57f9f2c_o (0 bytes) and >>> TS 0.0.0.0/0 === 10.10.10.1/32 >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] sending DELETE for ESP >>> CHILD_SA with SPI ccadd085 >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] CHILD_SA closed >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] generating INFORMATIONAL >>> response 17 [ D ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request >>> 18 [ D ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for IKE_SA >>> roadwarrior[1] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] deleting IKE_SA >>> roadwarrior[1] between 172.31.0.243[vpn-1.domain.net >>> ]...91.98.xxx.xxx[192.168.1.104] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] IKE_SA deleted >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS >>> Accounting-Request to server 'server-a' >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] received RADIUS >>> Accounting-Response from server 'server-a' >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL >>> response 18 [ ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] lease 10.10.10.1 by 'userx' >>> went offline >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] received packet: from >>> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_SA_INIT request 0 >>> [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS NT5 ISAKMPOAKLEY >>> v9 vendor ID >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS-Negotiation >>> Discovery Capable vendor ID >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received Vid-Initial-Contact >>> vendor ID >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] received unknown vendor ID: >>> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] 91.98.xxx.xxx is initiating >>> an IKE_SA >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] local host is behind NAT, >>> sending keep alives >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] remote host is behind NAT >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] generating IKE_SA_INIT >>> response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] sending packet: from >>> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] parsed IKE_AUTH request 1 [ >>> EF(1/4) ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] received fragment #1 of 4, >>> waiting for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] parsed IKE_AUTH request 1 [ >>> EF(2/4) ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] received fragment #2 of 4, >>> waiting for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] parsed IKE_AUTH request 1 [ >>> EF(3/4) ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] received fragment #3 of 4, >>> waiting for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes) >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [ >>> EF(4/4) ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] received fragment #4 of 4, >>> reassembling fragmented IKE message >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [ >>> IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi >>> TSr ] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] received 57 cert requests for >>> an unknown ca >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] looking for peer configs >>> matching 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104] >>> >>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] selected peer config >>> 'roadwarrior' >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] initiating EAP_IDENTITY method (id >>> 0x00) >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] peer supports MOBIKE >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] authentication of ' >>> vpn-1.domain.net' (myself) with RSA signature successful >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending end entity cert "CN= >>> vpn-1.domain.net" >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending issuer cert "C=US, O=Let's >>> Encrypt, CN=Let's Encrypt Authority X3" >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ >>> IDr CERT CERT AUTH EAP/REQ/ID ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] splitting IKE message with length >>> of 2924 bytes into 3 fragments >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ >>> EF(1/3) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ >>> EF(2/3) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ >>> EF(3/3) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 14[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 14[ENC] parsed IKE_AUTH request 2 [ >>> EAP/RES/ID ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 14[IKE] received EAP identity 'userx' >>> >>> Mar 29 16:50:45 vpn-1 charon: 14[CFG] sending RADIUS Access-Request to >>> server 'server-a' >>> >>> Mar 29 16:50:45 vpn-1 charon: 14[CFG] received RADIUS Access-Challenge >>> from server 'server-a' >>> >>> Mar 29 16:50:45 vpn-1 charon: 14[IKE] initiating EAP_MD5 method (id 0x01) >>> >>> Mar 29 16:50:45 vpn-1 charon: 14[ENC] generating IKE_AUTH response 2 [ >>> EAP/REQ/MD5 ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 14[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 13[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 13[ENC] parsed IKE_AUTH request 3 [ >>> EAP/RES/NAK ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 13[CFG] sending RADIUS Access-Request to >>> server 'server-a' >>> >>> Mar 29 16:50:45 vpn-1 charon: 13[CFG] received RADIUS Access-Challenge >>> from server 'server-a' >>> >>> Mar 29 16:50:45 vpn-1 charon: 13[ENC] generating IKE_AUTH response 3 [ >>> EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 13[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 15[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 15[ENC] parsed IKE_AUTH request 4 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 15[CFG] sending RADIUS Access-Request to >>> server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 15[CFG] received RADIUS Access-Challenge >>> from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 15[ENC] generating IKE_AUTH response 4 [ >>> EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 15[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 06[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 06[ENC] parsed IKE_AUTH request 5 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 06[CFG] sending RADIUS Access-Request to >>> server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 06[CFG] received RADIUS Access-Challenge >>> from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 06[ENC] generating IKE_AUTH response 5 [ >>> EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 06[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 05[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 05[ENC] parsed IKE_AUTH request 6 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 05[CFG] sending RADIUS Access-Request to >>> server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 05[CFG] received RADIUS Access-Challenge >>> from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 05[ENC] generating IKE_AUTH response 6 [ >>> EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 05[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 16[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 16[ENC] parsed IKE_AUTH request 7 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 16[CFG] sending RADIUS Access-Request to >>> server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 16[CFG] received RADIUS Access-Challenge >>> from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 16[ENC] generating IKE_AUTH response 7 [ >>> EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 16[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 07[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 07[ENC] parsed IKE_AUTH request 8 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 07[CFG] sending RADIUS Access-Request to >>> server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 07[CFG] received RADIUS Access-Challenge >>> from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 07[ENC] generating IKE_AUTH response 8 [ >>> EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 07[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 08[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 08[ENC] parsed IKE_AUTH request 9 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 08[CFG] sending RADIUS Access-Request to >>> server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 08[CFG] received RADIUS Access-Challenge >>> from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 08[ENC] generating IKE_AUTH response 9 [ >>> EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 08[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] initiating EAP_IDENTITY >>> method (id 0x00) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] peer supports MOBIKE >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] authentication of ' >>> vpn-1.domain.net' (myself) with RSA signature successful >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending end entity cert "CN= >>> vpn-1.domain.net" >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending issuer cert "C=US, >>> O=Let's Encrypt, CN=Let's Encrypt Authority X3" >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response >>> 1 [ IDr CERT CERT AUTH EAP/REQ/ID ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] splitting IKE message with >>> length of 2924 bytes into 3 fragments >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response >>> 1 [ EF(1/3) ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response >>> 1 [ EF(2/3) ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response >>> 1 [ EF(3/3) ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] parsed IKE_AUTH request 2 [ >>> EAP/RES/ID ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] received EAP identity 'userx' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] sending RADIUS Access-Request >>> to server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] received RADIUS >>> Access-Challenge from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] initiating EAP_MD5 method (id >>> 0x01) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] generating IKE_AUTH response >>> 2 [ EAP/REQ/MD5 ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] parsed IKE_AUTH request 3 [ >>> EAP/RES/NAK ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] sending RADIUS Access-Request >>> to server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] received RADIUS >>> Access-Challenge from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] generating IKE_AUTH response >>> 3 [ EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] parsed IKE_AUTH request 4 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] sending RADIUS Access-Request >>> to server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] received RADIUS >>> Access-Challenge from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] generating IKE_AUTH response >>> 4 [ EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 09[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] parsed IKE_AUTH request 5 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] sending RADIUS Access-Request >>> to server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] received RADIUS >>> Access-Challenge from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] generating IKE_AUTH response >>> 5 [ EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] parsed IKE_AUTH request 6 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] sending RADIUS Access-Request >>> to server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] received RADIUS >>> Access-Challenge from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] generating IKE_AUTH response >>> 6 [ EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] parsed IKE_AUTH request 7 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] sending RADIUS Access-Request >>> to server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] received RADIUS >>> Access-Challenge from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] generating IKE_AUTH response >>> 7 [ EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] parsed IKE_AUTH request 8 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS Access-Request >>> to server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] received RADIUS >>> Access-Challenge from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] generating IKE_AUTH response >>> 8 [ EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes) >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_AUTH request 9 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] sending RADIUS Access-Request >>> to server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] received RADIUS >>> Access-Challenge from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] generating IKE_AUTH response >>> 9 [ EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 10 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 09[CFG] sending RADIUS Access-Request to >>> server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 09[CFG] received RADIUS Access-Challenge >>> from server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 09[ENC] generating IKE_AUTH response 10 [ >>> EAP/REQ/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 09[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 10[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (124 bytes) >>> >>> Mar 29 16:50:46 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 11 [ >>> EAP/RES/PEAP ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 10[CFG] sending RADIUS Access-Request to >>> server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 10[CFG] received RADIUS Access-Accept from >>> server 'server-a' >>> >>> Mar 29 16:50:46 vpn-1 charon: 10[CFG] scheduling RADIUS Interim-Updates >>> every 300s >>> >>> Mar 29 16:50:46 vpn-1 charon: 10[IKE] RADIUS authentication of 'userx' >>> successful >>> >>> Mar 29 16:50:46 vpn-1 charon: 10[IKE] EAP method EAP_PEAP succeeded, MSK >>> established >>> >>> Mar 29 16:50:46 vpn-1 charon: 10[ENC] generating IKE_AUTH response 11 [ >>> EAP/SUCC ] >>> >>> Mar 29 16:50:46 vpn-1 charon: 10[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (92 bytes) >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 12 [ AUTH ] >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of '192.168.1.104' >>> with EAP successful >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of ' >>> vpn-1.domain.net' (myself) with EAP >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] IKE_SA roadwarrior[2] established >>> between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104] >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[CFG] reassigning offline lease to >>> 'userx' >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] assigning virtual IP 10.10.10.1 to >>> peer 'userx' >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any6 >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] no virtual IP found for %any6 >>> requested by 'userx' >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] CHILD_SA roadwarrior{4} >>> established with SPIs c10aa3f3_i 32cfd28c_o and TS 0.0.0.0/0 === >>> 10.10.10.1/32 >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[CFG] sending RADIUS Accounting-Request >>> to server 'server-a' >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[CFG] received RADIUS >>> Accounting-Response from server 'server-a' >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[ENC] generating IKE_AUTH response 12 [ >>> AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ] >>> >>> Mar 29 16:50:47 vpn-1 charon: 12[NET] sending packet: from >>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (236 bytes) >>> >>> Mar 29 16:51:07 vpn-1 charon: 15[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:51:27 vpn-1 charon: 16[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:51:47 vpn-1 charon: 07[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:52:07 vpn-1 charon: 09[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:52:27 vpn-1 charon: 11[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:52:47 vpn-1 charon: 12[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:53:07 vpn-1 charon: 14[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:53:27 vpn-1 charon: 15[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>> Mar 29 16:53:47 vpn-1 charon: 16[IKE] sending keep alive to >>> 91.98.xxx.xxx[4500] >>> >>>