Re: [strongSwan] ANNOUNCE: strongswan-5.0.2rc1 released

[Andre Valentin]

Hi,

I cannot establish an VPN. I tested it with an Galaxy S3 and get an 
timeout on the client. Here's the log:

Jan 21 11:38:29 rossini charon: 13[NET] received packet: from 
217.255.60.212[500] to X.X.X.69[500] (476 bytes)
Jan 21 11:38:29 rossini charon: 13[ENC] parsed ID_PROT request 0 [ SA V V V V V 
V V V ]
Jan 21 11:38:29 rossini charon: 13[IKE] received NAT-T (RFC 3947) vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02 
vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received 
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-00 
vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received XAuth vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received Cisco Unity vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received FRAGMENTATION vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received DPD vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] 217.255.60.212 is initiating a Main 
Mode IKE_SA
Jan 21 11:38:29 rossini charon: 13[ENC] generating ID_PROT response 0 [ SA V V 
V V ]
Jan 21 11:38:29 rossini charon: 13[NET] sending packet: from X.X.X.69[500] to 
217.255.60.212[500] (160 bytes)
Jan 21 11:38:29 rossini charon: 09[NET] received packet: from 
217.255.60.212[500] to X.X.X.69[500] (228 bytes)
Jan 21 11:38:29 rossini charon: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D 
NAT-D ]
Jan 21 11:38:29 rossini charon: 09[IKE] remote host is behind NAT
Jan 21 11:38:29 rossini charon: 09[IKE] sending cert request for "C=DE, ST=NRW, 
L=Bielefeld, O=MarcanT GmbH, CN=MarcanT GmbH CA, E=n...@marcant.net"
Jan 21 11:38:29 rossini charon: 09[ENC] generating ID_PROT response 0 [ KE No 
CERTREQ NAT-D NAT-D ]
Jan 21 11:38:29 rossini charon: 09[NET] sending packet: from X.X.X.69[500] to 
217.255.60.212[500] (380 bytes)
Jan 21 11:38:29 rossini charon: 10[NET] received packet: from 
217.255.60.212[4500] to X.X.X.69[4500] (1916 bytes)
Jan 21 11:38:29 rossini charon: 10[ENC] parsed ID_PROT request 0 [ ID CERT SIG 
CERTREQ ]
Jan 21 11:38:29 rossini charon: 10[IKE] ignoring certificate request without 
data
Jan 21 11:38:29 rossini charon: 10[IKE] received end entity cert "C=DE, ST=NRW, 
L=Bielefeld, O=MarcanT GmbH, CN=avalentin, E=n...@marcant.net"
Jan 21 11:38:29 rossini charon: 10[CFG] looking for XAuthInitRSA peer configs 
matching X.X.X.69...217.255.60.212[C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, 
CN=avalentin, E=n...@marcant.net]
Jan 21 11:38:29 rossini charon: 10[CFG] selected peer config "rw-cert"
Jan 21 11:38:29 rossini charon: 10[CFG]   using certificate "C=DE, ST=NRW, 
L=Bielefeld, O=MarcanT GmbH, CN=avalentin, E=n...@marcant.net"
Jan 21 11:38:29 rossini charon: 10[CFG]   using trusted ca certificate "C=DE, 
ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=MarcanT GmbH CA, E=n...@marcant.net"
Jan 21 11:38:29 rossini charon: 10[CFG] checking certificate status of "C=DE, 
ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=avalentin, E=n...@marcant.net"
Jan 21 11:38:29 rossini charon: 10[CFG] certificate status is not available
Jan 21 11:38:29 rossini charon: 10[CFG]   reached self-signed root ca with a 
path length of 0
Jan 21 11:38:29 rossini charon: 10[IKE] authentication of 'C=DE, ST=NRW, 
L=Bielefeld, O=MarcanT GmbH, CN=avalentin, E=n...@marcant.net' with RSA 
successful
Jan 21 11:38:29 rossini charon: 10[IKE] authentication of 'C=DE, ST=NRW, 
L=Bielefeld, O=MarcanT GmbH, CN=rossini.marcant.net, E=n...@marcant.net' 
(myself) successful
Jan 21 11:38:29 rossini charon: 10[IKE] sending end entity cert "C=DE, ST=NRW, 
L=Bielefeld, O=MarcanT GmbH, CN=rossini.marcant.net, E=n...@marcant.net"
Jan 21 11:38:29 rossini charon: 10[ENC] generating ID_PROT response 0 [ ID CERT 
SIG ]
Jan 21 11:38:29 rossini charon: 10[IKE] sending IKE message with length of 1948 
bytes in 4 fragments
Jan 21 11:38:29 rossini charon: 10[ENC] generating ID_PROT response 0 [ FRAG ]
Jan 21 11:38:29 rossini charon: 10[NET] sending packet: from X.X.X.69[4500] to 
217.255.60.212[4500] (544 bytes)
Jan 21 11:38:29 rossini charon: 10[ENC] generating ID_PROT response 0 [ FRAG ]
Jan 21 11:38:29 rossini charon: 10[NET] sending packet: from X.X.X.69[4500] to 
217.255.60.212[4500] (544 bytes)
Jan 21 11:38:29 rossini charon: 10[ENC] generating ID_PROT response 0 [ FRAG ]
Jan 21 11:38:29 rossini charon: 10[NET] sending packet: from X.X.X.69[4500] to 
217.255.60.212[4500] (544 bytes)
Jan 21 11:38:29 rossini charon: 10[ENC] generating ID_PROT response 0 [ FRAG ]
Jan 21 11:38:29 rossini charon: 10[NET] sending packet: from X.X.X.69[4500] to 
217.255.60.212[4500] (460 bytes)
Jan 21 11:38:29 rossini charon: 10[ENC] generating TRANSACTION request 
3335900084 [ HASH CP ]
Jan 21 11:38:29 rossini charon: 10[NET] sending packet: from X.X.X.69[4500] to 
217.255.60.212[4500] (76 bytes)
Jan 21 11:38:29 rossini charon: 08[NET] received packet: from 
217.255.60.212[4500] to X.X.X.69[4500] (108 bytes)
Jan 21 11:38:29 rossini charon: 08[ENC] parsed INFORMATIONAL_V1 request 
3860382840 [ HASH N(INITIAL_CONTACT) ]
Jan 21 11:38:29 rossini charon: 11[NET] received packet: from 
217.255.60.212[4500] to X.X.X.69[4500] (108 bytes)
Jan 21 11:38:29 rossini charon: 11[ENC] parsed TRANSACTION response 3335900084 
[ HASH CP ]
Jan 21 11:38:29 rossini charon: 11[CFG] sending RADIUS Access-Request to server 
'primary'
Jan 21 11:38:29 rossini charon: 11[CFG] received RADIUS Access-Challenge from 
server 'primary'
Jan 21 11:38:29 rossini charon: 11[CFG] sending RADIUS Access-Request to server 
'primary'
Jan 21 11:38:29 rossini charon: 11[CFG] received RADIUS Access-Challenge from 
server 'primary'
Jan 21 11:38:29 rossini charon: 11[IKE] EAP-MS-CHAPv2 succeeded: '(null)'
Jan 21 11:38:29 rossini charon: 11[CFG] sending RADIUS Access-Request to server 
'primary'
Jan 21 11:38:29 rossini charon: 11[CFG] received RADIUS Access-Accept from 
server 'primary'
Jan 21 11:38:29 rossini charon: 11[IKE] RADIUS authentication of 'avalentin' 
successful
Jan 21 11:38:29 rossini charon: 11[IKE] XAuth authentication of 'avalentin' 
successful
Jan 21 11:38:29 rossini charon: 11[ENC] generating TRANSACTION request 
1011896396 [ HASH CP ]
Jan 21 11:38:29 rossini charon: 11[NET] sending packet: from X.X.X.69[4500] to 
217.255.60.212[4500] (76 bytes)
Jan 21 11:38:29 rossini charon: 12[NET] received packet: from 
217.255.60.212[4500] to X.X.X.69[4500] (92 bytes)
Jan 21 11:38:29 rossini charon: 12[ENC] parsed TRANSACTION response 1011896396 
[ HASH CP ]
Jan 21 11:38:29 rossini charon: 12[IKE] IKE_SA rw-cert[21] established between 
X.X.X.69[C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=rossini.marcant.net, 
E=n...@marcant.net]...217.255.60.212[C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, 
CN=avalentin, E=n...@marcant.net]
Jan 21 11:38:29 rossini charon: 12[IKE] scheduling reauthentication in 3292s
Jan 21 11:38:29 rossini charon: 12[IKE] maximum IKE_SA lifetime 3472s
Jan 21 11:38:29 rossini charon: 15[NET] received packet: from 
217.255.60.212[4500] to X.X.X.69[4500] (124 bytes)
Jan 21 11:38:29 rossini charon: 15[ENC] parsed TRANSACTION request 2246836868 [ 
HASH CP ]
Jan 21 11:38:29 rossini charon: 15[IKE] peer requested virtual IP %any
Jan 21 11:38:29 rossini charon: 15[CFG] acquired existing lease for address 
192.168.101.3 in pool 'vpnclients'
Jan 21 11:38:29 rossini charon: 15[IKE] assigning virtual IP 192.168.101.3 to 
peer 'avalentin'
Jan 21 11:38:29 rossini charon: 15[CFG] sending UNITY_SPLIT_INCLUDE: 0.0.0.0/0
Jan 21 11:38:29 rossini charon: 15[CFG] sending RADIUS Accounting-Request to 
server 'primary'
Jan 21 11:38:29 rossini charon: 15[CFG] received RADIUS Accounting-Response 
from server 'primary'
Jan 21 11:38:29 rossini charon: 15[ENC] generating TRANSACTION response 
2246836868 [ HASH CP ]
Jan 21 11:38:29 rossini charon: 15[NET] sending packet: from X.X.X.69[4500] to 
217.255.60.212[4500] (172 bytes)
.. Nothing happens ..

Any idea ?

Kind regards,

André

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users