Re: [strongSwan] Windows 10 connects to StrongSwan but IP doesn't change
Hi Filipe, Sorry for the late reply. Below is the information you had requested. It shows 10.10.10.1 instead of 10.10.10.0. Is that the problem? What can I do? PPP adapter vpn-1.domain.net: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : vpn-1.domain.net Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.10.10.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220 NetBIOS over Tcpip. . . . . . . . : Enabled Many Thanks, Houman On Tue, 2 Apr 2019 at 16:09, Felipe Arturo Polanco wrote: > Hi, > > Do an ipconfig /all in windows and check that you have an 10.10.10.0/24 > IP in the output. > > On Tue, Apr 2, 2019 at 6:03 AM Houman wrote: > >> Hey guys, >> >> I wonder if this email went through and someone has an idea why this is >> happening. >> >> Many Thanks, >> Houman >> >> On Fri, 29 Mar 2019 at 17:04, Houman wrote: >> >>> Hello, >>> >>> Please help me with this, as I'm completely stuck. >>> >>> Windows 10 can connect to my StrongSwan server. But the IP address >>> doesn't change to the VPN. It still shows the local IP address. Accordingly >>> blocked websites remain blocked. >>> >>> config setup >>> strictcrlpolicy=yes >>> uniqueids=never >>> conn roadwarrior >>> auto=add >>> compress=no >>> type=tunnel >>> keyexchange=ikev2 >>> fragmentation=yes >>> forceencaps=yes >>> ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384 >>> esp=aes256-sha1,3des-sha1! >>> dpdaction=clear >>> dpddelay=180s >>> rekey=no >>> left=%any >>> leftid=@vpn-1.domain.net >>> leftcert=cert.pem >>> leftsendcert=always >>> leftsubnet=0.0.0.0/0 >>> right=%any >>> rightid=%any >>> rightauth=eap-radius >>> eap_identity=%any >>> rightdns=208.67.222.222,208.67.220.220 >>> rightsourceip=10.10.10.0/24 >>> rightsendcert=never >>> >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from >>> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA >>> KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 >>> vendor ID >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery >>> Capable vendor ID >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact >>> vendor ID >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID: >>> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an >>> IKE_SA >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending >>> keep alives >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 >>> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from >>> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ >>> EF(1/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting >>> for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ >>> EF(2/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting >>> for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ >>> EF(3/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting >>> for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ >>> EF(4/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4, >>> reassembling fragmented IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi >>> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an >>> unknown ca >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching >>> 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104] >>> >>> Mar 29
Re: [strongSwan] Windows 10 connects to StrongSwan but IP doesn't change
Hi,
Do an ipconfig /all in windows and check that you have an 10.10.10.0/24 IP
in the output.
On Tue, Apr 2, 2019 at 6:03 AM Houman wrote:
> Hey guys,
>
> I wonder if this email went through and someone has an idea why this is
> happening.
>
> Many Thanks,
> Houman
>
> On Fri, 29 Mar 2019 at 17:04, Houman wrote:
>
>> Hello,
>>
>> Please help me with this, as I'm completely stuck.
>>
>> Windows 10 can connect to my StrongSwan server. But the IP address
>> doesn't change to the VPN. It still shows the local IP address. Accordingly
>> blocked websites remain blocked.
>>
>> config setup
>> strictcrlpolicy=yes
>> uniqueids=never
>> conn roadwarrior
>> auto=add
>> compress=no
>> type=tunnel
>> keyexchange=ikev2
>> fragmentation=yes
>> forceencaps=yes
>> ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384
>> esp=aes256-sha1,3des-sha1!
>> dpdaction=clear
>> dpddelay=180s
>> rekey=no
>> left=%any
>> leftid=@vpn-1.domain.net
>> leftcert=cert.pem
>> leftsendcert=always
>> leftsubnet=0.0.0.0/0
>> right=%any
>> rightid=%any
>> rightauth=eap-radius
>> eap_identity=%any
>> rightdns=208.67.222.222,208.67.220.220
>> rightsourceip=10.10.10.0/24
>> rightsendcert=never
>>
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from
>> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA
>> KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9
>> vendor ID
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery
>> Capable vendor ID
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact vendor
>> ID
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID:
>> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an
>> IKE_SA
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending
>> keep alives
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [
>> SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from
>> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4)
>> ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting
>> for complete IKE message
>>
>> Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4)
>> ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting
>> for complete IKE message
>>
>> Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4)
>> ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting
>> for complete IKE message
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4)
>> ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4,
>> reassembling fragmented IKE message
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi
>> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an
>> unknown ca
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching
>> 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104]
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior'
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA request
>> 15 [ SA No TSi TSr ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3}
>> established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 ===
>> 10.10.10.1/32
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA
>> response 15 [ SA No TSi TSr ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request
>> 16 [ D ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP
>> CHILD_SA with SPI af63e684
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing
Re: [strongSwan] Windows 10 connects to StrongSwan but IP doesn't change
Hey guys,
I wonder if this email went through and someone has an idea why this is
happening.
Many Thanks,
Houman
On Fri, 29 Mar 2019 at 17:04, Houman wrote:
> Hello,
>
> Please help me with this, as I'm completely stuck.
>
> Windows 10 can connect to my StrongSwan server. But the IP address doesn't
> change to the VPN. It still shows the local IP address. Accordingly blocked
> websites remain blocked.
>
> config setup
> strictcrlpolicy=yes
> uniqueids=never
> conn roadwarrior
> auto=add
> compress=no
> type=tunnel
> keyexchange=ikev2
> fragmentation=yes
> forceencaps=yes
> ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384
> esp=aes256-sha1,3des-sha1!
> dpdaction=clear
> dpddelay=180s
> rekey=no
> left=%any
> leftid=@vpn-1.domain.net
> leftcert=cert.pem
> leftsendcert=always
> leftsubnet=0.0.0.0/0
> right=%any
> rightid=%any
> rightauth=eap-radius
> eap_identity=%any
> rightdns=208.67.222.222,208.67.220.220
> rightsourceip=10.10.10.0/24
> rightsendcert=never
>
>
> Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from
> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE
> No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9
> vendor ID
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery
> Capable vendor ID
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact vendor
> ID
>
> Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID:
> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an IKE_SA
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending
> keep alives
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT
>
> Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [
> SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
>
> Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from
> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4) ]
>
> Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting
> for complete IKE message
>
> Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4) ]
>
> Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting
> for complete IKE message
>
> Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4) ]
>
> Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting
> for complete IKE message
>
> Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4) ]
>
> Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4,
> reassembling fragmented IKE message
>
> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi
> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
>
> Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an
> unknown ca
>
> Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching
> 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104]
>
> Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior'
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA request
> 15 [ SA No TSi TSr ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3}
> established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 ===
> 10.10.10.1/32
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA
> response 15 [ SA No TSi TSr ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request 16
> [ D ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP
> CHILD_SA with SPI af63e684
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing CHILD_SA roadwarrior{2}
> with SPIs cf6737f5_i (104 bytes) af63e684_o (0 bytes) and TS 0.0.0.0/0
> === 10.10.10.1/32
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] sending DELETE for ESP CHILD_SA
> with SPI cf6737f5
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] CHILD_SA closed
>
> Mar 29 16:50:45 vpn-1
[strongSwan] Windows 10 connects to StrongSwan but IP doesn't change
Hello,
Please help me with this, as I'm completely stuck.
Windows 10 can connect to my StrongSwan server. But the IP address doesn't
change to the VPN. It still shows the local IP address. Accordingly blocked
websites remain blocked.
config setup
strictcrlpolicy=yes
uniqueids=never
conn roadwarrior
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384
esp=aes256-sha1,3des-sha1!
dpdaction=clear
dpddelay=180s
rekey=no
left=%any
leftid=@vpn-1.domain.net
leftcert=cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-radius
eap_identity=%any
rightdns=208.67.222.222,208.67.220.220
rightsourceip=10.10.10.0/24
rightsendcert=never
Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from
91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes)
Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE
No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9
vendor ID
Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery
Capable vendor ID
Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact vendor ID
Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an IKE_SA
Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending
keep alives
Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT
Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from
172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes)
Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4) ]
Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting
for complete IKE message
Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4) ]
Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting
for complete IKE message
Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4) ]
Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting
for complete IKE message
Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes)
Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4) ]
Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4,
reassembling fragmented IKE message
Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi
CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an
unknown ca
Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching
172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104]
Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior'
Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA request
15 [ SA No TSi TSr ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3}
established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 ===
10.10.10.1/32
Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA
response 15 [ SA No TSi TSr ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request 16
[ D ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP CHILD_SA
with SPI af63e684
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing CHILD_SA roadwarrior{2}
with SPIs cf6737f5_i (104 bytes) af63e684_o (0 bytes) and TS 0.0.0.0/0 ===
10.10.10.1/32
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] sending DELETE for ESP CHILD_SA
with SPI cf6737f5
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] CHILD_SA closed
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL
response 16 [ D ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 14[IKE] sending
