Hello, the VPN gateway must assign a virtual IP address to your Android Client:
I/charon (17492): 15[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built
On a strongSwan gateway Ttis can be done by defining a dynamic address pool, e.g. rightsourceip=10.0.1.0/24 Regards Andreas On 07.01.2013 23:02, Gia T. Nguyen wrote:
Samsung Nexus III Android client. I've included the host IP as the SubjectAltName in the certificates and have seemed to get over that error, but I am still not able to connect: Error: Failure to connect to VPN, Authentication Failed. Any hint on where to look next would be appreciated. Regards, I/charon (17492): 00[DMN] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc I/charon (17492): 00[JOB] spawning 16 worker threads I/charon (17492): 16[CFG] loaded user certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key I/charon (17492): 16[CFG] loaded CA certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com' I/charon (17492): 16[IKE] initiating IKE_SA android[1] to 192.168.24.18 I/charon (17492): 16[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] I/charon (17492): 16[NET] sending packet: from 192.168.24.11[58445] to 192.168.24.18[500] I/charon (17492): 01[NET] received packet: from 192.168.24.18[500] to 192.168.24.11[58445] I/charon (17492): 01[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] I/charon (17492): 01[IKE] faking NAT situation to enforce UDP encapsulation I/charon (17492): 01[IKE] received cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 01[IKE] sending cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 01[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature successful I/charon (17492): 01[IKE] sending end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11" I/charon (17492): 01[IKE] establishing CHILD_SA android I/charon (17492): 01[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] I/charon (17492): 01[NET] sending packet: from 192.168.24.11[37948] to 192.168.24.18[4500] I/charon (17492): 05[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[37948] I/charon (17492): 05[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ] I/charon (17492): 05[IKE] received end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 05[CFG] using certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 05[CFG] using trusted ca certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 05[CFG] reached self-signed root ca with a path length of 0 I/charon (17492): 05[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful I/charon (17492): 05[IKE] IKE_SA android[1] established between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 05[IKE] scheduling rekeying in 35599s I/charon (17492): 05[IKE] maximum IKE_SA lifetime 36199s I/charon (17492): 05[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built I/charon (17492): 05[IKE] closing IKE_SA due CHILD_SA setup failure I/charon (17492): 05[IKE] received AUTH_LIFETIME of 3346s, scheduling reauthentication in 2746s I/charon (17492): 05[IKE] peer supports MOBIKE I/charon (17492): 02[IKE] deleting IKE_SA android[1] between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 02[IKE] sending DELETE for IKE_SA android[1] I/charon (17492): 02[ENC] generating INFORMATIONAL request 2 [ D ] I/charon (17492): 02[NET] sending packet: from 192.168.24.11[37948] to 192.168.24.18[4500] I/charon (17492): 06[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[37948] I/charon (17492): 06[ENC] parsed INFORMATIONAL response 2 [ ] I/charon (17492): 06[IKE] IKE_SA deleted I/charon (17492): 00[LIB] intentionally leaking private key reference due to a bug in the framework I/charon (17492): 00[DMN] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc I/charon (17492): 00[JOB] spawning 16 worker threads I/charon (17492): 07[CFG] loaded user certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key I/charon (17492): 07[CFG] loaded CA certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com' I/charon (17492): 07[IKE] initiating IKE_SA android[2] to 192.168.24.18 I/charon (17492): 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] I/charon (17492): 07[NET] sending packet: from 192.168.24.11[49017] to 192.168.24.18[500] I/charon (17492): 01[NET] received packet: from 192.168.24.18[500] to 192.168.24.11[49017] I/charon (17492): 01[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] I/charon (17492): 01[IKE] faking NAT situation to enforce UDP encapsulation I/charon (17492): 01[IKE] received cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 01[IKE] sending cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 01[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature successful I/charon (17492): 01[IKE] sending end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11" I/charon (17492): 01[IKE] establishing CHILD_SA android I/charon (17492): 01[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] I/charon (17492): 01[NET] sending packet: from 192.168.24.11[54864] to 192.168.24.18[4500] I/charon (17492): 04[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[54864] I/charon (17492): 04[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ] I/charon (17492): 04[IKE] received end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 04[CFG] using certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 04[CFG] using trusted ca certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 04[CFG] reached self-signed root ca with a path length of 0 I/charon (17492): 04[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful I/charon (17492): 04[IKE] IKE_SA android[2] established between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 04[IKE] scheduling rekeying in 35530s I/charon (17492): 04[IKE] maximum IKE_SA lifetime 36130s I/charon (17492): 04[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built I/charon (17492): 04[IKE] closing IKE_SA due CHILD_SA setup failure I/charon (17492): 04[IKE] received AUTH_LIFETIME of 3259s, scheduling reauthentication in 2659s I/charon (17492): 04[IKE] peer supports MOBIKE I/charon (17492): 05[IKE] deleting IKE_SA android[2] between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 05[IKE] sending DELETE for IKE_SA android[2] I/charon (17492): 05[ENC] generating INFORMATIONAL request 2 [ D ] I/charon (17492): 05[NET] sending packet: from 192.168.24.11[54864] to 192.168.24.18[4500] I/charon (17492): 14[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[54864] I/charon (17492): 14[ENC] parsed INFORMATIONAL response 2 [ ] I/charon (17492): 14[IKE] IKE_SA deleted I/charon (17492): 00[LIB] intentionally leaking private key reference due to a bug in the framework I/charon (17492): 00[DMN] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc I/charon (17492): 00[JOB] spawning 16 worker threads I/charon (17492): 07[CFG] loaded user certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key I/charon (17492): 07[CFG] loaded CA certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com' I/charon (17492): 07[IKE] initiating IKE_SA android[3] to 192.168.24.18 I/charon (17492): 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] I/charon (17492): 07[NET] sending packet: from 192.168.24.11[57516] to 192.168.24.18[500] I/charon (17492): 03[IKE] retransmit 1 of request with message ID 0 I/charon (17492): 03[NET] sending packet: from 192.168.24.11[57516] to 192.168.24.18[500] I/charon (17492): 14[IKE] retransmit 2 of request with message ID 0 I/charon (17492): 14[NET] sending packet: from 192.168.24.11[57516] to 192.168.24.18[500] I/charon (17492): 01[NET] received packet: from 192.168.24.18[500] to 192.168.24.11[57516] I/charon (17492): 01[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] I/charon (17492): 01[IKE] faking NAT situation to enforce UDP encapsulation I/charon (17492): 01[IKE] received cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 01[IKE] sending cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 01[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature successful I/charon (17492): 01[IKE] sending end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11" I/charon (17492): 01[IKE] establishing CHILD_SA android I/charon (17492): 01[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] I/charon (17492): 01[NET] sending packet: from 192.168.24.11[54831] to 192.168.24.18[4500] I/charon (17492): 15[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[54831] I/charon (17492): 15[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ] I/charon (17492): 15[IKE] received end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 15[CFG] using certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 15[CFG] using trusted ca certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 15[CFG] reached self-signed root ca with a path length of 0 I/charon (17492): 15[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful I/charon (17492): 15[IKE] IKE_SA android[3] established between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 15[IKE] scheduling rekeying in 35465s I/charon (17492): 15[IKE] maximum IKE_SA lifetime 36065s I/charon (17492): 15[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built I/charon (17492): 15[IKE] closing IKE_SA due CHILD_SA setup failure I/charon (17492): 15[IKE] received AUTH_LIFETIME of 3394s, scheduling reauthentication in 2794s I/charon (17492): 15[IKE] peer supports MOBIKE I/charon (17492): 02[IKE] deleting IKE_SA android[3] between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 02[IKE] sending DELETE for IKE_SA android[3] I/charon (17492): 02[ENC] generating INFORMATIONAL request 2 [ D ] I/charon (17492): 02[NET] sending packet: from 192.168.24.11[54831] to 192.168.24.18[4500] I/charon (17492): 13[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[54831] I/charon (17492): 13[ENC] parsed INFORMATIONAL response 2 [ ] I/charon (17492): 13[IKE] IKE_SA deleted I/charon (17492): 00[LIB] intentionally leaking private key reference due to a bug in the framework I/charon (17492): 00[DMN] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc I/charon (17492): 00[JOB] spawning 16 worker threads I/charon (17492): 15[CFG] loaded user certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key I/charon (17492): 15[CFG] loaded CA certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com' I/charon (17492): 15[IKE] initiating IKE_SA android[4] to 192.168.24.18 I/charon (17492): 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] I/charon (17492): 15[NET] sending packet: from 192.168.24.11[55665] to 192.168.24.18[500] I/charon (17492): 02[NET] received packet: from 192.168.24.18[500] to 192.168.24.11[55665] I/charon (17492): 02[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] I/charon (17492): 02[IKE] faking NAT situation to enforce UDP encapsulation I/charon (17492): 02[IKE] received cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 02[IKE] sending cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 02[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature successful I/charon (17492): 02[IKE] sending end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11" I/charon (17492): 02[IKE] establishing CHILD_SA android I/charon (17492): 02[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] I/charon (17492): 02[NET] sending packet: from 192.168.24.11[49192] to 192.168.24.18[4500] I/charon (17492): 03[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[49192] I/charon (17492): 03[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ] I/charon (17492): 03[IKE] received end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 03[CFG] using certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 03[CFG] using trusted ca certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 03[CFG] reached self-signed root ca with a path length of 0 I/charon (17492): 03[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful I/charon (17492): 03[IKE] IKE_SA android[4] established between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 03[IKE] scheduling rekeying in 35830s I/charon (17492): 03[IKE] maximum IKE_SA lifetime 36430s I/charon (17492): 03[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built I/charon (17492): 03[IKE] closing IKE_SA due CHILD_SA setup failure I/charon (17492): 03[IKE] received AUTH_LIFETIME of 3410s, scheduling reauthentication in 2810s I/charon (17492): 03[IKE] peer supports MOBIKE I/charon (17492): 10[IKE] deleting IKE_SA android[4] between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 10[IKE] sending DELETE for IKE_SA android[4] I/charon (17492): 10[ENC] generating INFORMATIONAL request 2 [ D ] I/charon (17492): 10[NET] sending packet: from 192.168.24.11[49192] to 192.168.24.18[4500] I/charon (17492): 07[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[49192] I/charon (17492): 07[ENC] parsed INFORMATIONAL response 2 [ ] I/charon (17492): 07[IKE] IKE_SA deleted I/charon (17492): 00[LIB] intentionally leaking private key reference due to a bug in the framework I/charon (17492): 00[DMN] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc I/charon (17492): 00[JOB] spawning 16 worker threads I/charon (17492): 06[CFG] loaded user certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key I/charon (17492): 06[CFG] loaded CA certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com' I/charon (17492): 06[IKE] initiating IKE_SA android[5] to 192.168.24.18 I/charon (17492): 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] I/charon (17492): 06[NET] sending packet: from 192.168.24.11[35807] to 192.168.24.18[500] I/charon (17492): 09[NET] received packet: from 192.168.24.18[500] to 192.168.24.11[35807] I/charon (17492): 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] I/charon (17492): 09[IKE] faking NAT situation to enforce UDP encapsulation I/charon (17492): 09[IKE] sending cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 09[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature successful I/charon (17492): 09[IKE] establishing CHILD_SA android I/charon (17492): 09[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] I/charon (17492): 09[NET] sending packet: from 192.168.24.11[53700] to 192.168.24.18[4500] I/charon (17492): 14[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[53700] I/charon (17492): 14[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] I/charon (17492): 14[IKE] received AUTHENTICATION_FAILED notify error I/charon (17492): 00[LIB] intentionally leaking private key reference due to a bug in the framework I/charon (17492): 00[DMN] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc I/charon (17492): 00[JOB] spawning 16 worker threads I/charon (17492): 15[CFG] loaded user certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key I/charon (17492): 15[CFG] loaded CA certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com' I/charon (17492): 15[IKE] initiating IKE_SA android[6] to 192.168.24.18 I/charon (17492): 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] I/charon (17492): 15[NET] sending packet: from 192.168.24.11[48308] to 192.168.24.18[500] I/charon (17492): 06[NET] received packet: from 192.168.24.18[500] to 192.168.24.11[48308] I/charon (17492): 06[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ] I/charon (17492): 06[IKE] faking NAT situation to enforce UDP encapsulation I/charon (17492): 06[IKE] sending cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 06[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature successful I/charon (17492): 06[IKE] establishing CHILD_SA android I/charon (17492): 06[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] I/charon (17492): 06[NET] sending packet: from 192.168.24.11[47129] to 192.168.24.18[4500] I/charon (17492): 07[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[47129] I/charon (17492): 07[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] I/charon (17492): 07[IKE] received AUTHENTICATION_FAILED notify error I/charon (17492): 00[LIB] intentionally leaking private key reference due to a bug in the framework I/charon (17492): 00[DMN] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc I/charon (17492): 00[JOB] spawning 16 worker threads I/charon (17492): 14[CFG] loaded user certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key I/charon (17492): 14[CFG] loaded CA certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com' I/charon (17492): 14[IKE] initiating IKE_SA android[7] to 192.168.24.18 I/charon (17492): 14[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] I/charon (17492): 14[NET] sending packet: from 192.168.24.11[45478] to 192.168.24.18[500] I/charon (17492): 12[NET] received packet: from 192.168.24.18[500] to 192.168.24.11[45478] I/charon (17492): 12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] I/charon (17492): 12[IKE] faking NAT situation to enforce UDP encapsulation I/charon (17492): 12[IKE] received cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 12[IKE] sending cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 12[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature successful I/charon (17492): 12[IKE] sending end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11" I/charon (17492): 12[IKE] establishing CHILD_SA android I/charon (17492): 12[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] I/charon (17492): 12[NET] sending packet: from 192.168.24.11[47752] to 192.168.24.18[4500] I/charon (17492): 04[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[47752] I/charon (17492): 04[ENC] parsed IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ] I/charon (17492): 04[IKE] no trusted RSA public key found for 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18' I/charon (17492): 00[LIB] intentionally leaking private key reference due to a bug in the framework I/charon (17492): 00[DMN] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc I/charon (17492): 00[JOB] spawning 16 worker threads I/charon (17492): 13[CFG] loaded user certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key I/charon (17492): 13[CFG] loaded CA certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com' I/charon (17492): 13[IKE] initiating IKE_SA android[8] to 192.168.24.18 I/charon (17492): 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] I/charon (17492): 13[NET] sending packet: from 192.168.24.11[48026] to 192.168.24.18[500] I/charon (17492): 08[NET] received packet: from 192.168.24.18[500] to 192.168.24.11[48026] I/charon (17492): 08[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] I/charon (17492): 08[IKE] faking NAT situation to enforce UDP encapsulation I/charon (17492): 08[IKE] received cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 08[IKE] sending cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 08[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature successful I/charon (17492): 08[IKE] sending end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11" I/charon (17492): 08[IKE] establishing CHILD_SA android I/charon (17492): 08[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] I/charon (17492): 08[NET] sending packet: from 192.168.24.11[44651] to 192.168.24.18[4500] I/charon (17492): 07[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[44651] I/charon (17492): 07[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ] I/charon (17492): 07[IKE] received end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 07[CFG] using certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 07[CFG] using trusted ca certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 07[CFG] reached self-signed root ca with a path length of 0 I/charon (17492): 07[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful I/charon (17492): 07[IKE] IKE_SA android[8] established between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 07[IKE] scheduling rekeying in 35896s I/charon (17492): 07[IKE] maximum IKE_SA lifetime 36496s I/charon (17492): 07[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built I/charon (17492): 07[IKE] closing IKE_SA due CHILD_SA setup failure I/charon (17492): 07[IKE] received AUTH_LIFETIME of 2779s, scheduling reauthentication in 2179s I/charon (17492): 07[IKE] peer supports MOBIKE I/charon (17492): 05[IKE] deleting IKE_SA android[8] between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 05[IKE] sending DELETE for IKE_SA android[8] I/charon (17492): 05[ENC] generating INFORMATIONAL request 2 [ D ] I/charon (17492): 05[NET] sending packet: from 192.168.24.11[44651] to 192.168.24.18[4500] I/charon (17492): 04[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[44651] I/charon (17492): 04[ENC] parsed INFORMATIONAL response 2 [ ] I/charon (17492): 04[IKE] IKE_SA deleted I/charon (17492): 00[LIB] intentionally leaking private key reference due to a bug in the framework I/charon (17492): 00[DMN] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc I/charon (17492): 00[JOB] spawning 16 worker threads I/charon (17492): 15[CFG] loaded user certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key I/charon (17492): 15[CFG] loaded CA certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com' I/charon (17492): 15[IKE] initiating IKE_SA android[9] to 192.168.24.18 I/charon (17492): 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] I/charon (17492): 15[NET] sending packet: from 192.168.24.11[36984] to 192.168.24.18[500] I/charon (17492): 08[NET] received packet: from 192.168.24.18[500] to 192.168.24.11[36984] I/charon (17492): 08[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] I/charon (17492): 08[IKE] faking NAT situation to enforce UDP encapsulation I/charon (17492): 08[IKE] received cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 08[IKE] sending cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 08[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature successful I/charon (17492): 08[IKE] sending end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11" I/charon (17492): 08[IKE] establishing CHILD_SA android I/charon (17492): 08[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] I/charon (17492): 08[NET] sending packet: from 192.168.24.11[40920] to 192.168.24.18[4500] I/charon (17492): 11[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[40920] I/charon (17492): 11[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ] I/charon (17492): 11[IKE] received end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 11[CFG] using certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 11[CFG] using trusted ca certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 11[CFG] reached self-signed root ca with a path length of 0 I/charon (17492): 11[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful I/charon (17492): 11[IKE] IKE_SA android[9] established between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 11[IKE] scheduling rekeying in 35644s I/charon (17492): 11[IKE] maximum IKE_SA lifetime 36244s I/charon (17492): 11[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built I/charon (17492): 11[IKE] closing IKE_SA due CHILD_SA setup failure I/charon (17492): 11[IKE] received AUTH_LIFETIME of 2933s, scheduling reauthentication in 2333s I/charon (17492): 11[IKE] peer supports MOBIKE I/charon (17492): 14[IKE] deleting IKE_SA android[9] between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 14[IKE] sending DELETE for IKE_SA android[9] I/charon (17492): 14[ENC] generating INFORMATIONAL request 2 [ D ] I/charon (17492): 14[NET] sending packet: from 192.168.24.11[40920] to 192.168.24.18[4500] I/charon (17492): 05[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[40920] I/charon (17492): 05[ENC] parsed INFORMATIONAL response 2 [ ] I/charon (17492): 05[IKE] IKE_SA deleted I/charon (17492): 00[LIB] intentionally leaking private key reference due to a bug in the framework I/charon (17492): 00[DMN] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc I/charon (17492): 00[JOB] spawning 16 worker threads I/charon (17492): 13[CFG] loaded user certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key I/charon (17492): 13[CFG] loaded CA certificate 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com' I/charon (17492): 13[IKE] initiating IKE_SA android[10] to 192.168.24.18 I/charon (17492): 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] I/charon (17492): 13[NET] sending packet: from 192.168.24.11[53254] to 192.168.24.18[500] I/charon (17492): 16[NET] received packet: from 192.168.24.18[500] to 192.168.24.11[53254] I/charon (17492): 16[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] I/charon (17492): 16[IKE] faking NAT situation to enforce UDP encapsulation I/charon (17492): 16[IKE] received cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 16[IKE] sending cert request for "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 16[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature successful I/charon (17492): 16[IKE] sending end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11" I/charon (17492): 16[IKE] establishing CHILD_SA android I/charon (17492): 16[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] I/charon (17492): 16[NET] sending packet: from 192.168.24.11[55504] to 192.168.24.18[4500] I/charon (17492): 03[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[55504] I/charon (17492): 03[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ] I/charon (17492): 03[IKE] received end entity cert "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 03[CFG] using certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18" I/charon (17492): 03[CFG] using trusted ca certificate "C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com" I/charon (17492): 03[CFG] reached self-signed root ca with a path length of 0 I/charon (17492): 03[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful I/charon (17492): 03[IKE] IKE_SA android[10] established between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 03[IKE] scheduling rekeying in 35778s I/charon (17492): 03[IKE] maximum IKE_SA lifetime 36378s I/charon (17492): 03[IKE] received INTERNAL_ADDRESS_FAILURE notify, no CHILD_SA built I/charon (17492): 03[IKE] closing IKE_SA due CHILD_SA setup failure I/charon (17492): 03[IKE] received AUTH_LIFETIME of 2881s, scheduling reauthentication in 2281s I/charon (17492): 03[IKE] peer supports MOBIKE I/charon (17492): 02[IKE] deleting IKE_SA android[10] between 192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18] I/charon (17492): 02[IKE] sending DELETE for IKE_SA android[10] I/charon (17492): 02[ENC] generating INFORMATIONAL request 2 [ D ] I/charon (17492): 02[NET] sending packet: from 192.168.24.11[55504] to 192.168.24.18[4500] I/charon (17492): 01[NET] received packet: from 192.168.24.18[4500] to 192.168.24.11[55504] I/charon (17492): 01[ENC] parsed INFORMATIONAL response 2 [ ] I/charon (17492): 01[IKE] IKE_SA deleted I/charon (17492): 00[LIB] intentionally leaking private key reference due to a bug in the framework
====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
