Re: [strongSwan] Windows 10 connects to StrongSwan but IP doesn't change
Hi Filipe, Sorry for the late reply. Below is the information you had requested. It shows 10.10.10.1 instead of 10.10.10.0. Is that the problem? What can I do? PPP adapter vpn-1.domain.net: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : vpn-1.domain.net Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.10.10.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 208.67.222.222 208.67.220.220 NetBIOS over Tcpip. . . . . . . . : Enabled Many Thanks, Houman On Tue, 2 Apr 2019 at 16:09, Felipe Arturo Polanco wrote: > Hi, > > Do an ipconfig /all in windows and check that you have an 10.10.10.0/24 > IP in the output. > > On Tue, Apr 2, 2019 at 6:03 AM Houman wrote: > >> Hey guys, >> >> I wonder if this email went through and someone has an idea why this is >> happening. >> >> Many Thanks, >> Houman >> >> On Fri, 29 Mar 2019 at 17:04, Houman wrote: >> >>> Hello, >>> >>> Please help me with this, as I'm completely stuck. >>> >>> Windows 10 can connect to my StrongSwan server. But the IP address >>> doesn't change to the VPN. It still shows the local IP address. Accordingly >>> blocked websites remain blocked. >>> >>> config setup >>> strictcrlpolicy=yes >>> uniqueids=never >>> conn roadwarrior >>> auto=add >>> compress=no >>> type=tunnel >>> keyexchange=ikev2 >>> fragmentation=yes >>> forceencaps=yes >>> ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384 >>> esp=aes256-sha1,3des-sha1! >>> dpdaction=clear >>> dpddelay=180s >>> rekey=no >>> left=%any >>> leftid=@vpn-1.domain.net >>> leftcert=cert.pem >>> leftsendcert=always >>> leftsubnet=0.0.0.0/0 >>> right=%any >>> rightid=%any >>> rightauth=eap-radius >>> eap_identity=%any >>> rightdns=208.67.222.222,208.67.220.220 >>> rightsourceip=10.10.10.0/24 >>> rightsendcert=never >>> >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from >>> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA >>> KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 >>> vendor ID >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery >>> Capable vendor ID >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact >>> vendor ID >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID: >>> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an >>> IKE_SA >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending >>> keep alives >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 >>> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from >>> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ >>> EF(1/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting >>> for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ >>> EF(2/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting >>> for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ >>> EF(3/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting >>> for complete IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from >>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes) >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ >>> EF(4/4) ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4, >>> reassembling fragmented IKE message >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi >>> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an >>> unknown ca >>> >>> Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching >>> 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104] >>> >>> Mar 29
Re: [strongSwan] Windows 10 connects to StrongSwan but IP doesn't change
Hi, Do an ipconfig /all in windows and check that you have an 10.10.10.0/24 IP in the output. On Tue, Apr 2, 2019 at 6:03 AM Houman wrote: > Hey guys, > > I wonder if this email went through and someone has an idea why this is > happening. > > Many Thanks, > Houman > > On Fri, 29 Mar 2019 at 17:04, Houman wrote: > >> Hello, >> >> Please help me with this, as I'm completely stuck. >> >> Windows 10 can connect to my StrongSwan server. But the IP address >> doesn't change to the VPN. It still shows the local IP address. Accordingly >> blocked websites remain blocked. >> >> config setup >> strictcrlpolicy=yes >> uniqueids=never >> conn roadwarrior >> auto=add >> compress=no >> type=tunnel >> keyexchange=ikev2 >> fragmentation=yes >> forceencaps=yes >> ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384 >> esp=aes256-sha1,3des-sha1! >> dpdaction=clear >> dpddelay=180s >> rekey=no >> left=%any >> leftid=@vpn-1.domain.net >> leftcert=cert.pem >> leftsendcert=always >> leftsubnet=0.0.0.0/0 >> right=%any >> rightid=%any >> rightauth=eap-radius >> eap_identity=%any >> rightdns=208.67.222.222,208.67.220.220 >> rightsourceip=10.10.10.0/24 >> rightsendcert=never >> >> >> Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from >> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA >> KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 >> vendor ID >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery >> Capable vendor ID >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact vendor >> ID >> >> Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID: >> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an >> IKE_SA >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending >> keep alives >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT >> >> Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [ >> SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] >> >> Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from >> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4) >> ] >> >> Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting >> for complete IKE message >> >> Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4) >> ] >> >> Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting >> for complete IKE message >> >> Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4) >> ] >> >> Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting >> for complete IKE message >> >> Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4) >> ] >> >> Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4, >> reassembling fragmented IKE message >> >> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi >> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] >> >> Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an >> unknown ca >> >> Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching >> 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104] >> >> Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior' >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA request >> 15 [ SA No TSi TSr ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3} >> established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 === >> 10.10.10.1/32 >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA >> response 15 [ SA No TSi TSr ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request >> 16 [ D ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP >> CHILD_SA with SPI af63e684 >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing
Re: [strongSwan] Windows 10 connects to StrongSwan but IP doesn't change
Hey guys, I wonder if this email went through and someone has an idea why this is happening. Many Thanks, Houman On Fri, 29 Mar 2019 at 17:04, Houman wrote: > Hello, > > Please help me with this, as I'm completely stuck. > > Windows 10 can connect to my StrongSwan server. But the IP address doesn't > change to the VPN. It still shows the local IP address. Accordingly blocked > websites remain blocked. > > config setup > strictcrlpolicy=yes > uniqueids=never > conn roadwarrior > auto=add > compress=no > type=tunnel > keyexchange=ikev2 > fragmentation=yes > forceencaps=yes > ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384 > esp=aes256-sha1,3des-sha1! > dpdaction=clear > dpddelay=180s > rekey=no > left=%any > leftid=@vpn-1.domain.net > leftcert=cert.pem > leftsendcert=always > leftsubnet=0.0.0.0/0 > right=%any > rightid=%any > rightauth=eap-radius > eap_identity=%any > rightdns=208.67.222.222,208.67.220.220 > rightsourceip=10.10.10.0/24 > rightsendcert=never > > > Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from > 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes) > > Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE > No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] > > Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 > vendor ID > > Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery > Capable vendor ID > > Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact vendor > ID > > Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID: > 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 > > Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an IKE_SA > > Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending > keep alives > > Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT > > Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [ > SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] > > Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from > 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes) > > Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from > 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) > > Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4) ] > > Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting > for complete IKE message > > Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from > 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) > > Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4) ] > > Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting > for complete IKE message > > Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from > 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) > > Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4) ] > > Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting > for complete IKE message > > Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from > 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes) > > Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4) ] > > Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4, > reassembling fragmented IKE message > > Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi > CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] > > Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an > unknown ca > > Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching > 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104] > > Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior' > > Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA request > 15 [ SA No TSi TSr ] > > Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3} > established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 === > 10.10.10.1/32 > > Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA > response 15 [ SA No TSi TSr ] > > Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from > 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes) > > Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from > 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) > > Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request 16 > [ D ] > > Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP > CHILD_SA with SPI af63e684 > > Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing CHILD_SA roadwarrior{2} > with SPIs cf6737f5_i (104 bytes) af63e684_o (0 bytes) and TS 0.0.0.0/0 > === 10.10.10.1/32 > > Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] sending DELETE for ESP CHILD_SA > with SPI cf6737f5 > > Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] CHILD_SA closed > > Mar 29 16:50:45 vpn-1
[strongSwan] Windows 10 connects to StrongSwan but IP doesn't change
Hello, Please help me with this, as I'm completely stuck. Windows 10 can connect to my StrongSwan server. But the IP address doesn't change to the VPN. It still shows the local IP address. Accordingly blocked websites remain blocked. config setup strictcrlpolicy=yes uniqueids=never conn roadwarrior auto=add compress=no type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384 esp=aes256-sha1,3des-sha1! dpdaction=clear dpddelay=180s rekey=no left=%any leftid=@vpn-1.domain.net leftcert=cert.pem leftsendcert=always leftsubnet=0.0.0.0/0 right=%any rightid=%any rightauth=eap-radius eap_identity=%any rightdns=208.67.222.222,208.67.220.220 rightsourceip=10.10.10.0/24 rightsendcert=never Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes) Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery Capable vendor ID Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact vendor ID Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an IKE_SA Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending keep alives Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes) Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4) ] Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting for complete IKE message Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4) ] Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting for complete IKE message Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4) ] Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting for complete IKE message Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes) Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4) ] Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4, reassembling fragmented IKE message Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an unknown ca Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104] Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior' Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA request 15 [ SA No TSi TSr ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3} established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 === 10.10.10.1/32 Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA response 15 [ SA No TSi TSr ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request 16 [ D ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP CHILD_SA with SPI af63e684 Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing CHILD_SA roadwarrior{2} with SPIs cf6737f5_i (104 bytes) af63e684_o (0 bytes) and TS 0.0.0.0/0 === 10.10.10.1/32 Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] sending DELETE for ESP CHILD_SA with SPI cf6737f5 Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] CHILD_SA closed Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL response 16 [ D ] Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] sending keep alive to 91.98.xxx.xxx[4500] Mar 29 16:50:45 vpn-1 ipsec[1051]: 14[IKE] sending