-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Replied offlist.
GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 02.05.2014 11:11, schrieb martin naskovski: > I'm at the end of my wits here on how to setup a VPN between my Fedora 20 box > and my workplace CISCO IPSec gateway. I have it working with the "vpnc" > client, as well as from my Macbook Pro (Mavericks) "CISCO IPSec VPN" client - > and I just assumed it would be a straightforward thing, but I can't get past > this "NO PROPOSAL CHOSEN" error. > > I know it's something I'm not doing right... > > I followed the tutorial here: > > http://www.cisco.com/c/en/us/support/docs/network-management/remote-access/117257-config-ios-vpn-strongswan-00.html#anc2 > > and it seems to go well, the xauth succeeds, I get an IP assigned by the > Cisco IOS gateway, my resolv.conf gets updated and then it just fails with > this bloody message... > > Here's my ipsec.conf: > > # basic configuration > > version 2 > config setup > strictcrlpolicy=no > charondebug="ike 4, knl 4, cfg 2" #useful debugs > > conn %default > ikelifetime=1440m > keylife=60m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev1 > authby=xauthpsk > > conn "ezvpn" > keyexchange=ikev1 > ikelifetime=1440m > keylife=60m > aggressive=yes > ike=aes-sha1-modp1024 #Phase1 parameters > esp=aes-sha1 #Phase2 parameters > xauth=client #Xauth client mode > left=192.168.1.210 #local IP used to connect to IOS > leftid=IPSECRemoteUser #IKEID (group name) used for > IOS > leftsourceip=%config #apply received IP > leftauth=psk > rightauth=psk > leftauth2=xauth #use PSK for group RA and Xauth for user > cisco > right=70.168.54.2 #gateway (IOS) IP > rightsubnet=192.168.1.0/24 <http://192.168.1.0/24> > xauth_identity=mnaskovski #identity for Xauth, password in > ipsec.secrets > auto=add > > and here's some logging messages: > > May 2 01:59:54 yhwh charon: 09[CFG] received stroke: initiate 'ezvpn' > May 2 01:59:54 yhwh charon: 11[IKE] queueing ISAKMP_VENDOR task > May 2 01:59:54 yhwh charon: 11[IKE] queueing ISAKMP_CERT_PRE task > May 2 01:59:54 yhwh charon: 11[IKE] queueing AGGRESSIVE_MODE task > May 2 01:59:54 yhwh charon: 11[IKE] queueing ISAKMP_CERT_POST task > May 2 01:59:54 yhwh charon: 11[IKE] queueing ISAKMP_NATD task > May 2 01:59:54 yhwh charon: 11[IKE] queueing QUICK_MODE task > May 2 01:59:54 yhwh charon: 11[IKE] activating new tasks > May 2 01:59:54 yhwh charon: 11[IKE] activating ISAKMP_VENDOR task > May 2 01:59:54 yhwh charon: 11[IKE] activating ISAKMP_CERT_PRE task > May 2 01:59:54 yhwh charon: 11[IKE] activating AGGRESSIVE_MODE task > May 2 01:59:54 yhwh charon: 11[IKE] activating ISAKMP_CERT_POST task > May 2 01:59:54 yhwh charon: 11[IKE] activating ISAKMP_NATD task > May 2 01:59:54 yhwh charon: 11[IKE] sending XAuth vendor ID > May 2 01:59:54 yhwh charon: 11[IKE] sending DPD vendor ID > May 2 01:59:54 yhwh charon: 11[IKE] sending NAT-T (RFC 3947) vendor ID > May 2 01:59:54 yhwh charon: 11[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n > vendor ID > May 2 01:59:54 yhwh charon: 11[IKE] initiating Aggressive Mode IKE_SA > ezvpn[1] to 70.168.54.2 > May 2 01:59:54 yhwh charon: 11[IKE] IKE_SA ezvpn[1] state change: CREATED => > CONNECTING > May 2 01:59:54 yhwh charon: 11[CFG] configured proposals: > IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, > IKE:3DES_CBC/AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_9 > 6/AES_CMAC_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_AES128_XCBC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_CMAC/MODP_1024/MODP_1 > 536/MODP_2048/MODP_3072/MODP_4096/MODP_8192/MODP_1024_160/MODP_2048_224/MODP_2048_256 > May 2 01:59:54 yhwh charon: 11[ENC] generating AGGRESSIVE request 0 [ SA KE > No ID V V V V ] > May 2 01:59:54 yhwh charon: 11[NET] sending packet: from 192.168.1.210[500] > to 70.168.54.2[500] (387 bytes) > May 2 01:59:54 yhwh charon: 12[NET] received packet: from 70.168.54.2[500] > to 192.168.1.210[500] (428 bytes) > May 2 01:59:54 yhwh charon: 12[ENC] parsed AGGRESSIVE response 0 [ SA KE No > ID HASH V V V V NAT-D NAT-D V V ] > May 2 01:59:54 yhwh charon: 12[IKE] received Cisco Unity vendor ID > May 2 01:59:54 yhwh charon: 12[IKE] received XAuth vendor ID > May 2 01:59:54 yhwh charon: 12[IKE] received DPD vendor ID > May 2 01:59:54 yhwh charon: 12[IKE] received draft-ietf-ipsec-nat-t-ike-02\n > vendor ID > May 2 01:59:54 yhwh charon: 12[IKE] received FRAGMENTATION vendor ID > May 2 01:59:54 yhwh charon: 12[ENC] received unknown vendor ID: > 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00 > May 2 01:59:54 yhwh charon: 12[CFG] selecting proposal: > May 2 01:59:54 yhwh charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM > found > May 2 01:59:54 yhwh charon: 12[CFG] selecting proposal: > May 2 01:59:54 yhwh charon: 12[CFG] proposal matches > May 2 01:59:54 yhwh charon: 12[CFG] received proposals: > IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024 > May 2 01:59:54 yhwh charon: 12[CFG] configured proposals: > IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, > IKE:3DES_CBC/AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_AES128_XCBC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_CMAC/MODP_1024/MODP_1536/MODP_2048/MODP_3072/MODP_4096/MODP_8192/MODP_1024_160/MODP_2048_224/MODP_2048_256 > May 2 01:59:54 yhwh charon: 12[CFG] selected proposal: > IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024 > May 2 01:59:54 yhwh charon: 12[IKE] shared Diffie Hellman secret => 128 > bytes @ 0x7feca4002410 > May 2 01:59:54 yhwh charon: 12[IKE] 0: F3 3F 2F 11 BA 64 32 9A 08 93 33 > 1C 0C 63 37 B9 .?/..d2...3..c7. > May 2 01:59:54 yhwh charon: 12[IKE] 16: 18 E0 4C 55 C1 3C E6 40 F2 1F 86 > 6F 5C 80 58 56 ..LU.<[email protected]\.XV > May 2 01:59:54 yhwh charon: 12[IKE] 32: 43 30 93 AA 44 EB 19 08 2E 33 29 > D8 7A 7B D6 62 C0..D....3).z{.b > May 2 01:59:54 yhwh charon: 12[IKE] 48: 0B 90 2F 9A 81 51 6D BD FB 09 F6 > CE 9C 5C 26 FE ../..Qm......\&. > May 2 01:59:54 yhwh charon: 12[IKE] 64: 04 F8 A1 A2 CA 5C F6 1E 4F 73 FC > CB E0 AE 5F C7 .....\..Os...._. > May 2 01:59:54 yhwh charon: 12[IKE] 80: DD 97 6C EA D7 1C FB B5 BC 3F F2 > 46 BB 11 C0 62 ..l......?.F...b > May 2 01:59:54 yhwh charon: 12[IKE] 96: 03 B5 E9 F3 FA BC 0C D9 C4 F9 0C > DA 0A CF 50 65 ..............Pe > May 2 01:59:54 yhwh charon: 12[IKE] 112: 55 D4 2B 9D B3 12 AC 28 FE 93 95 > A2 78 83 50 60 U.+....(....x.P` > May 2 01:59:54 yhwh charon: 12[IKE] SKEYID => 16 bytes @ 0x7feca4001fc0 > May 2 01:59:54 yhwh charon: 12[IKE] 0: 22 85 8E 14 C0 11 58 CF 94 19 40 > C5 21 38 67 92 ".....X...@.!8g. > May 2 01:59:54 yhwh charon: 12[IKE] SKEYID_d => 16 bytes @ 0x7feca4002260 > May 2 01:59:54 yhwh charon: 12[IKE] 0: 9F 43 28 4C 8C 0A C4 32 45 06 A3 > CF C2 18 98 8C .C(L...2E....... > May 2 01:59:54 yhwh charon: 12[IKE] SKEYID_a => 16 bytes @ 0x7feca4001c00 > May 2 01:59:54 yhwh charon: 12[IKE] 0: B0 AC 36 D9 24 F8 6F 81 49 BC 10 > D2 F9 A5 04 99 ..6.$.o.I....... > May 2 01:59:54 yhwh charon: 12[IKE] SKEYID_e => 16 bytes @ 0x7feca4001e30 > May 2 01:59:54 yhwh charon: 12[IKE] 0: 88 63 A9 E7 DF 17 29 EF D8 DC AD > 5F D2 63 DA 67 .c....)...._.c.g > May 2 01:59:54 yhwh charon: 12[IKE] encryption key Ka => 24 bytes @ > 0x7feca4001fc0 > May 2 01:59:54 yhwh charon: 12[IKE] 0: 2C B3 CF 2F 36 55 BE 4E A4 AD E9 > 0E 8A E0 DB DC ,../6U.N........ > May 2 01:59:54 yhwh charon: 12[IKE] 16: 85 27 F1 FC 87 9E 6E 83 > .'....n. > May 2 01:59:54 yhwh charon: 12[IKE] initial IV => 8 bytes @ 0x7feca4002140 > May 2 01:59:54 yhwh charon: 12[IKE] 0: A0 F5 C1 90 9E CA 1D 3A > .......: > May 2 01:59:54 yhwh charon: 12[IKE] HASH_R data => 372 bytes @ 0x7feca4002940 > May 2 01:59:54 yhwh charon: 12[IKE] 0: BF 69 4E 0B D3 76 B3 69 2F 27 3D > 23 EB 60 AD 81 .iN..v.i/'=#.`.. > May 2 01:59:54 yhwh charon: 12[IKE] 16: 0A F2 97 F3 6F FE EC B4 5F 85 F8 > 6F 84 DB 24 3E ....o..._..o..$> > May 2 01:59:54 yhwh charon: 12[IKE] 32: 0B 29 70 27 56 9B 15 F4 3E B7 14 > 3D 51 7C 84 DA .)p'V...>..=Q|.. > May 2 01:59:54 yhwh charon: 12[IKE] 48: D9 6E 35 B5 1E 17 84 54 4A C8 A7 > 62 40 29 27 FF .n5....TJ..b@)'. > May 2 01:59:54 yhwh charon: 12[IKE] 64: 7F 84 0E 5A FC AE 9E 1C D5 3E 06 > E0 0B FF B7 3C ...Z.....>.....< > May 2 01:59:54 yhwh charon: 12[IKE] 80: F0 1B E7 B9 64 C6 35 62 4E 8B 7F > 82 1C 28 C7 30 ....d.5bN....(.0 > May 2 01:59:54 yhwh charon: 12[IKE] 96: C7 A0 40 B2 8E 5A D3 3A 55 7F F7 > 8E D6 17 08 74 [email protected].:U......t > May 2 01:59:54 yhwh charon: 12[IKE] 112: 44 C4 BF 1B C9 73 C5 D6 2D F7 9F > 22 56 7C 50 F8 D....s..-.."V|P. > May 2 01:59:54 yhwh charon: 12[IKE] 128: 25 C0 CD 7A 16 0D 13 C2 DD 61 80 > 92 C3 34 9C 6D %..z.....a...4.m > May 2 01:59:54 yhwh charon: 12[IKE] 144: 54 03 82 3A 83 41 71 19 A2 B8 5F > 15 9A 3A FD 3F T..:.Aq..._..:.? > May 2 01:59:54 yhwh charon: 12[IKE] 160: 32 F9 27 25 86 37 99 45 DD 72 C9 > 87 CC BD BD 4F 2.'%.7.E.r.....O > May 2 01:59:54 yhwh charon: 12[IKE] 176: F2 A2 2F 20 9A 4B 2D 35 32 B4 9D > E5 99 DF EB 0E ../ .K-52....... > May 2 01:59:54 yhwh charon: 12[IKE] 192: EE 54 96 C6 AB D8 84 70 B6 9A 94 > 3E 9B 8E 11 71 .T.....p...>...q > May 2 01:59:54 yhwh charon: 12[IKE] 208: E8 94 9C A7 7D 1E 22 D6 54 BC 89 > 70 8D 1B 49 51 ....}.".T..p..IQ > May 2 01:59:54 yhwh charon: 12[IKE] 224: CD F7 E0 AF 60 79 46 DB 51 DF 11 > 37 7B BF 9D 99 ....`yF.Q..7{... > May 2 01:59:54 yhwh charon: 12[IKE] 240: DB 69 17 FA 7D 27 CC 91 4E 12 5C > C6 C2 7B 8F F3 .i..}'..N.\..{.. > May 2 01:59:54 yhwh charon: 12[IKE] 256: B3 04 FB EE BE B9 E8 D2 D7 09 8F > 20 44 65 42 D2 ........... DeB. > May 2 01:59:54 yhwh charon: 12[IKE] 272: 00 00 00 01 00 00 00 01 00 00 00 > 54 00 01 00 02 ...........T.... > May 2 01:59:54 yhwh charon: 12[IKE] 288: 03 00 00 28 01 01 00 00 80 01 00 > 07 80 0E 00 80 ...(............ > May 2 01:59:54 yhwh charon: 12[IKE] 304: 80 02 00 02 80 04 00 02 80 03 FD > E9 80 0B 00 01 ................ > May 2 01:59:54 yhwh charon: 12[IKE] 320: 00 0C 00 04 00 01 51 80 00 00 00 > 24 02 01 00 00 ......Q....$.... > May 2 01:59:54 yhwh charon: 12[IKE] 336: 80 01 00 05 80 02 00 01 80 04 00 > 02 80 03 FD E9 ................ > May 2 01:59:54 yhwh charon: 12[IKE] 352: 80 0B 00 01 00 0C 00 04 00 01 51 > 80 01 11 00 00 ..........Q..... > May 2 01:59:54 yhwh charon: 12[IKE] 368: 46 A8 36 02 > F.6. > May 2 01:59:54 yhwh charon: 12[IKE] HASH_R => 16 bytes @ 0x7feca4002240 > May 2 01:59:54 yhwh charon: 12[IKE] 0: 16 BE 8E B7 CB 8F 4A 44 CB 7C 7A > 74 CF AD 4F 83 ......JD.|zt..O. > May 2 01:59:54 yhwh charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fece2dc6bc0 > May 2 01:59:54 yhwh charon: 12[IKE] 0: D7 09 8F 20 44 65 42 D2 B3 04 FB > EE BE B9 E8 D2 ... DeB......... > May 2 01:59:54 yhwh charon: 12[IKE] 16: C0 A8 01 D2 01 F4 > ...... > May 2 01:59:54 yhwh charon: 12[IKE] natd_hash => 16 bytes @ 0x7feca4002900 > May 2 01:59:54 yhwh charon: 12[IKE] 0: F2 7D 49 41 09 67 FF 86 A8 53 74 > 60 41 AF 1E 98 .}IA.g...St`A... > May 2 01:59:54 yhwh charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fece2dc6bc0 > May 2 01:59:54 yhwh charon: 12[IKE] 0: D7 09 8F 20 44 65 42 D2 B3 04 FB > EE BE B9 E8 D2 ... DeB......... > May 2 01:59:54 yhwh charon: 12[IKE] 16: 46 A8 36 02 01 F4 > F.6... > May 2 01:59:54 yhwh charon: 12[IKE] natd_hash => 16 bytes @ 0x7feca4001fc0 > May 2 01:59:54 yhwh charon: 12[IKE] 0: E5 0B 8D F7 C5 EA F5 60 78 CC A0 > D4 96 D5 3C 8B .......`x.....<. > May 2 01:59:54 yhwh charon: 12[IKE] precalculated src_hash => 16 bytes @ > 0x7feca4001fc0 > May 2 01:59:54 yhwh charon: 12[IKE] 0: E5 0B 8D F7 C5 EA F5 60 78 CC A0 > D4 96 D5 3C 8B .......`x.....<. > May 2 01:59:54 yhwh charon: 12[IKE] precalculated dst_hash => 16 bytes @ > 0x7feca4002900 > May 2 01:59:54 yhwh charon: 12[IKE] 0: F2 7D 49 41 09 67 FF 86 A8 53 74 > 60 41 AF 1E 98 .}IA.g...St`A... > May 2 01:59:54 yhwh charon: 12[IKE] received dst_hash => 16 bytes @ > 0x7feca4001950 > May 2 01:59:54 yhwh charon: 12[IKE] 0: 72 30 46 4F 1A 66 0C 10 2E DA 32 > D0 B3 A0 4E E8 r0FO.f....2...N. > May 2 01:59:54 yhwh charon: 12[IKE] received src_hash => 16 bytes @ > 0x7feca4001a10 > May 2 01:59:54 yhwh charon: 12[IKE] 0: E5 0B 8D F7 C5 EA F5 60 78 CC A0 > D4 96 D5 3C 8B .......`x.....<. > May 2 01:59:54 yhwh charon: 12[IKE] local host is behind NAT, sending keep > alives > May 2 01:59:54 yhwh charon: 12[IKE] reinitiating already active tasks > May 2 01:59:54 yhwh charon: 12[IKE] ISAKMP_VENDOR task > May 2 01:59:54 yhwh charon: 12[IKE] AGGRESSIVE_MODE task > May 2 01:59:54 yhwh charon: 12[IKE] HASH_I data => 383 bytes @ 0x7feca4002f30 > May 2 01:59:54 yhwh charon: 12[IKE] 0: 25 C0 CD 7A 16 0D 13 C2 DD 61 80 > 92 C3 34 9C 6D %..z.....a...4.m > May 2 01:59:54 yhwh charon: 12[IKE] 16: 54 03 82 3A 83 41 71 19 A2 B8 5F > 15 9A 3A FD 3F T..:.Aq..._..:.? > May 2 01:59:54 yhwh charon: 12[IKE] 32: 32 F9 27 25 86 37 99 45 DD 72 C9 > 87 CC BD BD 4F 2.'%.7.E.r.....O > May 2 01:59:54 yhwh charon: 12[IKE] 48: F2 A2 2F 20 9A 4B 2D 35 32 B4 9D > E5 99 DF EB 0E ../ .K-52....... > May 2 01:59:54 yhwh charon: 12[IKE] 64: EE 54 96 C6 AB D8 84 70 B6 9A 94 > 3E 9B 8E 11 71 .T.....p...>...q > May 2 01:59:54 yhwh charon: 12[IKE] 80: E8 94 9C A7 7D 1E 22 D6 54 BC 89 > 70 8D 1B 49 51 ....}.".T..p..IQ > May 2 01:59:54 yhwh charon: 12[IKE] 96: CD F7 E0 AF 60 79 46 DB 51 DF 11 > 37 7B BF 9D 99 ....`yF.Q..7{... > May 2 01:59:54 yhwh charon: 12[IKE] 112: DB 69 17 FA 7D 27 CC 91 4E 12 5C > C6 C2 7B 8F F3 .i..}'..N.\..{.. > May 2 01:59:54 yhwh charon: 12[IKE] 128: BF 69 4E 0B D3 76 B3 69 2F 27 3D > 23 EB 60 AD 81 .iN..v.i/'=#.`.. > May 2 01:59:54 yhwh charon: 12[IKE] 144: 0A F2 97 F3 6F FE EC B4 5F 85 F8 > 6F 84 DB 24 3E ....o..._..o..$> > May 2 01:59:54 yhwh charon: 12[IKE] 160: 0B 29 70 27 56 9B 15 F4 3E B7 14 > 3D 51 7C 84 DA .)p'V...>..=Q|.. > May 2 01:59:54 yhwh charon: 12[IKE] 176: D9 6E 35 B5 1E 17 84 54 4A C8 A7 > 62 40 29 27 FF .n5....TJ..b@)'. > May 2 01:59:54 yhwh charon: 12[IKE] 192: 7F 84 0E 5A FC AE 9E 1C D5 3E 06 > E0 0B FF B7 3C ...Z.....>.....< > May 2 01:59:54 yhwh charon: 12[IKE] 208: F0 1B E7 B9 64 C6 35 62 4E 8B 7F > 82 1C 28 C7 30 ....d.5bN....(.0 > May 2 01:59:54 yhwh charon: 12[IKE] 224: C7 A0 40 B2 8E 5A D3 3A 55 7F F7 > 8E D6 17 08 74 [email protected].:U......t > May 2 01:59:54 yhwh charon: 12[IKE] 240: 44 C4 BF 1B C9 73 C5 D6 2D F7 9F > 22 56 7C 50 F8 D....s..-.."V|P. > May 2 01:59:54 yhwh charon: 12[IKE] 256: D7 09 8F 20 44 65 42 D2 B3 04 FB > EE BE B9 E8 D2 ... DeB......... > May 2 01:59:54 yhwh charon: 12[IKE] 272: 00 00 00 01 00 00 00 01 00 00 00 > 54 00 01 00 02 ...........T.... > May 2 01:59:54 yhwh charon: 12[IKE] 288: 03 00 00 28 01 01 00 00 80 01 00 > 07 80 0E 00 80 ...(............ > May 2 01:59:54 yhwh charon: 12[IKE] 304: 80 02 00 02 80 04 00 02 80 03 FD > E9 80 0B 00 01 ................ > May 2 01:59:54 yhwh charon: 12[IKE] 320: 00 0C 00 04 00 01 51 80 00 00 00 > 24 02 01 00 00 ......Q....$.... > May 2 01:59:54 yhwh charon: 12[IKE] 336: 80 01 00 05 80 02 00 01 80 04 00 > 02 80 03 FD E9 ................ > May 2 01:59:54 yhwh charon: 12[IKE] 352: 80 0B 00 01 00 0C 00 04 00 01 51 > 80 02 00 00 00 ..........Q..... > May 2 01:59:54 yhwh charon: 12[IKE] 368: 49 50 53 45 43 52 65 6D 6F 74 65 > 55 73 65 72 IPSECRemoteUser > May 2 01:59:54 yhwh charon: 12[IKE] HASH_I => 16 bytes @ 0x7feca40027f0 > May 2 01:59:54 yhwh charon: 12[IKE] 0: 61 17 F7 6B DB 7C D1 B9 08 2A CC > EC C9 91 E1 EE a..k.|...*...... > May 2 01:59:54 yhwh charon: 12[IKE] queueing MODE_CONFIG task > May 2 01:59:54 yhwh charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fece2dc6b60 > May 2 01:59:54 yhwh charon: 12[IKE] 0: D7 09 8F 20 44 65 42 D2 B3 04 FB > EE BE B9 E8 D2 ... DeB......... > May 2 01:59:54 yhwh charon: 12[IKE] 16: 46 A8 36 02 11 94 > F.6... > May 2 01:59:54 yhwh charon: 12[IKE] natd_hash => 16 bytes @ 0x7feca4001cf0 > May 2 01:59:54 yhwh charon: 12[IKE] 0: EF CA 1D A5 82 07 AC 63 34 6A C5 > 04 C3 54 4F E2 .......c4j...TO. > May 2 01:59:54 yhwh charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fece2dc6b60 > May 2 01:59:54 yhwh charon: 12[IKE] 0: D7 09 8F 20 44 65 42 D2 B3 04 FB > EE BE B9 E8 D2 ... DeB......... > May 2 01:59:54 yhwh charon: 12[IKE] 16: C0 A8 01 D2 11 94 > ...... > May 2 01:59:54 yhwh charon: 12[IKE] natd_hash => 16 bytes @ 0x7feca4002ae0 > May 2 01:59:54 yhwh charon: 12[IKE] 0: A2 1A 78 90 9B 68 A5 38 71 9A 0F > 2D 8E BF A0 58 ..x..h.8q..-...X > May 2 01:59:54 yhwh charon: 12[ENC] generating AGGRESSIVE request 0 [ NAT-D > NAT-D HASH ] > May 2 01:59:54 yhwh charon: 12[IKE] next IV for MID 0 => 8 bytes @ > 0x7feca4001fc0 > May 2 01:59:54 yhwh charon: 12[IKE] 0: 45 CB 79 A4 70 58 05 C1 > E.y.pX.. > May 2 01:59:54 yhwh charon: 12[NET] sending packet: from 192.168.1.210[4500] > to 70.168.54.2[4500] (92 bytes) > May 2 01:59:54 yhwh charon: 12[IKE] activating new tasks > May 2 01:59:54 yhwh charon: 12[IKE] nothing to initiate > May 2 01:59:54 yhwh charon: 13[NET] received packet: from 70.168.54.2[4500] > to 192.168.1.210[4500] (68 bytes) > May 2 01:59:54 yhwh charon: 13[IKE] next IV for MID 693118219 => 8 bytes @ > 0x7feca8000aa0 > May 2 01:59:54 yhwh charon: 13[IKE] 0: 69 5E 06 DA 02 59 53 7C > i^...YS| > May 2 01:59:54 yhwh charon: 13[ENC] parsed TRANSACTION request 693118219 [ > HASH CPRQ(X_TYPE X_USER X_PWD) ] > May 2 01:59:54 yhwh charon: 13[IKE] Hash => 16 bytes @ 0x7feca80012a0 > May 2 01:59:54 yhwh charon: 13[IKE] 0: 89 0F 7E F1 9E 92 75 A1 1C D8 BC > 90 C0 24 48 78 ..~...u......$Hx > May 2 01:59:54 yhwh charon: 13[IKE] next IV for MID 693118219 => 8 bytes @ > 0x7feca8001080 > May 2 01:59:54 yhwh charon: 13[IKE] 0: A2 6C E7 02 51 FF 90 EE > .l..Q... > May 2 01:59:54 yhwh charon: 13[IKE] Hash => 16 bytes @ 0x7feca8000ac0 > May 2 01:59:54 yhwh charon: 13[IKE] 0: 33 76 62 F9 65 1D 59 A2 EF BF 53 > 54 21 70 41 F7 3vb.e.Y...ST!pA. > May 2 01:59:54 yhwh charon: 13[ENC] generating TRANSACTION response > 693118219 [ HASH CPRP(X_USER X_PWD) ] > May 2 01:59:54 yhwh charon: 13[IKE] next IV for MID 693118219 => 8 bytes @ > 0x7feca8001370 > May 2 01:59:54 yhwh charon: 13[IKE] 0: 85 53 4B 13 E4 12 9C D1 > .SK..... > May 2 01:59:54 yhwh charon: 13[NET] sending packet: from 192.168.1.210[4500] > to 70.168.54.2[4500] (84 bytes) > May 2 01:59:54 yhwh charon: 14[NET] received packet: from 70.168.54.2[4500] > to 192.168.1.210[4500] (60 bytes) > May 2 01:59:54 yhwh charon: 14[IKE] next IV for MID 3841658393 => 8 bytes @ > 0x7fec9c000aa0 > May 2 01:59:54 yhwh charon: 14[IKE] 0: 44 4C C6 F3 86 E3 EA 65 > DL.....e > May 2 01:59:54 yhwh charon: 14[ENC] parsed TRANSACTION request 3841658393 [ > HASH CPS(X_STATUS) ] > May 2 01:59:54 yhwh charon: 14[IKE] Hash => 16 bytes @ 0x7fec9c001140 > May 2 01:59:54 yhwh charon: 14[IKE] 0: 84 A4 9E 84 0C 1D 73 88 EB C3 A9 > EE 3F 1E CF 52 ......s.....?..R > May 2 01:59:54 yhwh charon: 14[IKE] next IV for MID 3841658393 => 8 bytes @ > 0x7fec9c000f20 > May 2 01:59:54 yhwh charon: 14[IKE] 0: AD 7A 3E 41 28 D1 39 EE > .z>A(.9. > May 2 01:59:54 yhwh charon: 14[IKE] XAuth authentication of 'mnaskovski' > (myself) successful > May 2 01:59:54 yhwh charon: 14[IKE] IKE_SA ezvpn[1] established between > 192.168.1.210[IPSECRemoteUser]...70.168.54.2[70.168.54.2] > May 2 01:59:54 yhwh charon: 14[IKE] IKE_SA ezvpn[1] state change: CONNECTING > => ESTABLISHED > May 2 01:59:54 yhwh charon: 14[IKE] scheduling reauthentication in 86127s > May 2 01:59:54 yhwh charon: 14[IKE] maximum IKE_SA lifetime 86307s > May 2 01:59:54 yhwh charon: 14[IKE] Hash => 16 bytes @ 0x7fec9c0014b0 > May 2 01:59:54 yhwh charon: 14[IKE] 0: 74 40 DC A0 46 E9 0C 6E 6F 09 BF > 08 B9 71 F6 EE [email protected].. > May 2 01:59:54 yhwh charon: 14[ENC] generating TRANSACTION response > 3841658393 [ HASH CPA(X_STATUS) ] > May 2 01:59:54 yhwh charon: 14[IKE] next IV for MID 3841658393 => 8 bytes @ > 0x7fec9c001c50 > May 2 01:59:54 yhwh charon: 14[IKE] 0: 6C C7 68 7F C8 7E 36 85 > l.h..~6. > May 2 01:59:54 yhwh charon: 14[NET] sending packet: from 192.168.1.210[4500] > to 70.168.54.2[4500] (68 bytes) > May 2 01:59:54 yhwh charon: 14[IKE] activating new tasks > May 2 01:59:54 yhwh charon: 14[IKE] activating MODE_CONFIG task > May 2 01:59:54 yhwh charon: 14[IKE] Hash => 16 bytes @ 0x7fec9c0013b0 > May 2 01:59:54 yhwh charon: 14[IKE] 0: 60 66 7B AB 29 68 2D B2 E0 CB 57 > FA 2C 26 97 AC `f{.)h-...W.,&.. > May 2 01:59:54 yhwh charon: 14[ENC] generating TRANSACTION request > 3024381547 [ HASH CPRQ(ADDR DNS) ] > May 2 01:59:54 yhwh charon: 14[IKE] next IV for MID 3024381547 => 8 bytes @ > 0x7fec9c002190 > May 2 01:59:54 yhwh charon: 14[IKE] 0: 44 45 FB 52 5C CC 0D E2 > DE.R\... > May 2 01:59:54 yhwh charon: 14[IKE] next IV for MID 3024381547 => 8 bytes @ > 0x7fec9c0011c0 > May 2 01:59:54 yhwh charon: 14[IKE] 0: 8A 19 B4 97 E1 C0 28 D4 > ......(. > May 2 01:59:54 yhwh charon: 14[NET] sending packet: from 192.168.1.210[4500] > to 70.168.54.2[4500] (68 bytes) > May 2 01:59:54 yhwh charon: 15[NET] received packet: from 70.168.54.2[4500] > to 192.168.1.210[4500] (76 bytes) > May 2 01:59:54 yhwh charon: 15[ENC] parsed TRANSACTION response 3024381547 [ > HASH CPRP(ADDR DNS) ] > May 2 01:59:54 yhwh charon: 15[IKE] Hash => 16 bytes @ 0x7feca0000b60 > May 2 01:59:54 yhwh charon: 15[IKE] 0: 08 5F 4A C5 DC 20 F6 8D A1 0F C0 > E4 A5 26 46 B4 ._J.. .......&F. > May 2 01:59:54 yhwh charon: 15[IKE] next IV for MID 3024381547 => 8 bytes @ > 0x7feca0000f60 > May 2 01:59:54 yhwh charon: 15[IKE] 0: 81 1B 83 01 8A 9E F4 D2 > ........ > May 2 01:59:54 yhwh charon: 15[IKE] processing INTERNAL_IP4_ADDRESS attribute > May 2 01:59:54 yhwh charon: 15[IKE] processing INTERNAL_IP4_DNS attribute > May 2 01:59:54 yhwh charon: 15[IKE] installing DNS server 172.16.10.20 to > /etc/strongswan/resolv.conf > May 2 01:59:54 yhwh charon: 15[KNL] 192.168.1.210 is on interface wlp3s0 > May 2 01:59:54 yhwh charon: 15[IKE] installing new virtual IP 192.168.10.116 > May 2 01:59:54 yhwh avahi-daemon[706]: Registering new address record for > 192.168.10.116 on wlp3s0.IPv4. > May 2 01:59:54 yhwh charon: 15[KNL] virtual IP 192.168.10.116 installed on > wlp3s0 > May 2 01:59:54 yhwh charon: 15[IKE] activating new tasks > May 2 01:59:54 yhwh charon: 15[IKE] activating QUICK_MODE task > May 2 01:59:54 yhwh charon: 15[CFG] configured proposals: > ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, > ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ > May 2 01:59:54 yhwh charon: 15[KNL] getting SPI for reqid {1} > May 2 01:59:54 yhwh charon: 15[KNL] sending XFRM_MSG_ALLOCSPI: => 248 bytes > @ 0x7fece15c3790 > May 2 01:59:54 yhwh charon: 15[KNL] 0: F8 00 00 00 16 00 01 00 C9 00 00 > 00 32 5C 00 00 ............2\.. > May 2 01:59:54 yhwh charon: 15[KNL] 16: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 32: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 48: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 64: 00 00 00 00 00 00 00 00 C0 A8 01 > D2 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 80: 00 00 00 00 00 00 00 00 00 00 00 > 00 32 00 00 00 ............2... > May 2 01:59:54 yhwh charon: 15[KNL] 96: 46 A8 36 02 00 00 00 00 00 00 00 > 00 00 00 00 00 F.6............. > May 2 01:59:54 yhwh charon: 15[KNL] 112: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 128: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 144: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 160: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 176: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 208: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 224: 01 00 00 00 02 00 01 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 240: 00 00 00 C0 FF FF FF CF > ........ > May 2 01:59:54 yhwh charon: 15[KNL] got SPI cf6784ea for reqid {1} > May 2 01:59:54 yhwh charon: 15[CFG] configured proposals: > ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, > ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ > May 2 01:59:54 yhwh charon: 15[CFG] proposing traffic selectors for us: > May 2 01:59:54 yhwh charon: 15[CFG] 192.168.10.116/32 > <http://192.168.10.116/32> > May 2 01:59:54 yhwh charon: 15[CFG] proposing traffic selectors for other: > May 2 01:59:54 yhwh charon: 15[CFG] 192.168.1.0/24 <http://192.168.1.0/24> > May 2 01:59:54 yhwh charon: 15[IKE] Hash(1) => 16 bytes @ 0x7feca0001de0 > May 2 01:59:54 yhwh charon: 15[IKE] 0: 0F 25 1D B9 AE 11 D5 F7 72 02 0B > 48 9A 7C 41 24 .%......r..H.|A$ > May 2 01:59:54 yhwh charon: 15[ENC] generating QUICK_MODE request 110702905 > [ HASH SA No ID ID ] > May 2 01:59:54 yhwh charon: 15[IKE] next IV for MID 110702905 => 8 bytes @ > 0x7feca0001b70 > May 2 01:59:54 yhwh charon: 15[IKE] 0: 2C 43 59 72 F3 76 3E EC > ,CYr.v>. > May 2 01:59:54 yhwh charon: 15[IKE] next IV for MID 110702905 => 8 bytes @ > 0x7feca00032f0 > May 2 01:59:54 yhwh charon: 15[IKE] 0: 19 D5 1B E8 B6 25 7A 12 > .....%z. > May 2 01:59:54 yhwh charon: 15[NET] sending packet: from 192.168.1.210[4500] > to 70.168.54.2[4500] (196 bytes) > May 2 01:59:54 yhwh charon: 07[NET] received packet: from 70.168.54.2[4500] > to 192.168.1.210[4500] (84 bytes) > May 2 01:59:54 yhwh charon: 07[IKE] next IV for MID 1897171263 => 8 bytes @ > 0x7fecb4000f20 > May 2 01:59:54 yhwh charon: 07[IKE] 0: C2 35 26 BF E9 3C 99 50 > .5&..<.P > May 2 01:59:54 yhwh charon: 07[ENC] parsed INFORMATIONAL_V1 request > 1897171263 [ HASH N(NO_PROP) ] > May 2 01:59:54 yhwh charon: 07[IKE] Hash => 16 bytes @ 0x7fecb4000960 > May 2 01:59:54 yhwh charon: 07[IKE] 0: ED B1 CF AD 58 0A 4A 5D D1 96 54 > D5 8A 15 94 84 ....X.J]..T..... > May 2 01:59:54 yhwh charon: 07[IKE] next IV for MID 1897171263 => 8 bytes @ > 0x7fecb4000ce0 > May 2 01:59:54 yhwh charon: 07[IKE] 0: 83 47 F1 E6 F0 27 C0 04 > .G...'.. > May 2 01:59:54 yhwh charon: 07[IKE] received NO_PROPOSAL_CHOSEN error notify > May 2 01:59:54 yhwh charon: 07[KNL] deleting SAD entry with SPI cf6784ea > (mark 0/0x00000000) > May 2 01:59:54 yhwh charon: 07[KNL] sending XFRM_MSG_DELSA: => 40 bytes @ > 0x7fece55cb7c0 > May 2 01:59:54 yhwh charon: 15[KNL] 176: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 208: 00 00 00 00 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 224: 01 00 00 00 02 00 01 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 15[KNL] 240: 00 00 00 C0 FF FF FF CF > ........ > May 2 01:59:54 yhwh charon: 15[KNL] got SPI cf6784ea for reqid {1} > May 2 01:59:54 yhwh charon: 15[CFG] configured proposals: > ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, > ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ > May 2 01:59:54 yhwh charon: 15[CFG] proposing traffic selectors for us: > May 2 01:59:54 yhwh charon: 15[CFG] 192.168.10.116/32 > <http://192.168.10.116/32> > May 2 01:59:54 yhwh charon: 15[CFG] proposing traffic selectors for other: > May 2 01:59:54 yhwh charon: 15[CFG] 192.168.1.0/24 <http://192.168.1.0/24> > May 2 01:59:54 yhwh charon: 15[IKE] Hash(1) => 16 bytes @ 0x7feca0001de0 > May 2 01:59:54 yhwh charon: 15[IKE] 0: 0F 25 1D B9 AE 11 D5 F7 72 02 0B > 48 9A 7C 41 24 .%......r..H.|A$ > May 2 01:59:54 yhwh charon: 15[ENC] generating QUICK_MODE request 110702905 > [ HASH SA No ID ID ] > May 2 01:59:54 yhwh charon: 15[IKE] next IV for MID 110702905 => 8 bytes @ > 0x7feca0001b70 > May 2 01:59:54 yhwh charon: 15[IKE] 0: 2C 43 59 72 F3 76 3E EC > ,CYr.v>. > May 2 01:59:54 yhwh charon: 15[IKE] next IV for MID 110702905 => 8 bytes @ > 0x7feca00032f0 > May 2 01:59:54 yhwh charon: 15[IKE] 0: 19 D5 1B E8 B6 25 7A 12 > .....%z. > May 2 01:59:54 yhwh charon: 15[NET] sending packet: from 192.168.1.210[4500] > to 70.168.54.2[4500] (196 bytes) > May 2 01:59:54 yhwh charon: 07[NET] received packet: from 70.168.54.2[4500] > to 192.168.1.210[4500] (84 bytes) > May 2 01:59:54 yhwh charon: 07[IKE] next IV for MID 1897171263 => 8 bytes @ > 0x7fecb4000f20 > May 2 01:59:54 yhwh charon: 07[IKE] 0: C2 35 26 BF E9 3C 99 50 > .5&..<.P > May 2 01:59:54 yhwh charon: 07[ENC] parsed INFORMATIONAL_V1 request > 1897171263 [ HASH N(NO_PROP) ] > May 2 01:59:54 yhwh charon: 07[IKE] Hash => 16 bytes @ 0x7fecb4000960 > May 2 01:59:54 yhwh charon: 07[IKE] 0: ED B1 CF AD 58 0A 4A 5D D1 96 54 > D5 8A 15 94 84 ....X.J]..T..... > May 2 01:59:54 yhwh charon: 07[IKE] next IV for MID 1897171263 => 8 bytes @ > 0x7fecb4000ce0 > May 2 01:59:54 yhwh charon: 07[IKE] 0: 83 47 F1 E6 F0 27 C0 04 > .G...'.. > May 2 01:59:54 yhwh charon: 07[IKE] received NO_PROPOSAL_CHOSEN error notify > May 2 01:59:54 yhwh charon: 07[KNL] deleting SAD entry with SPI cf6784ea > (mark 0/0x00000000) > May 2 01:59:54 yhwh charon: 07[KNL] sending XFRM_MSG_DELSA: => 40 bytes @ > 0x7fece55cb7c0 > May 2 01:59:54 yhwh charon: 07[KNL] 0: 28 00 00 00 11 00 05 00 CA 00 00 > 00 32 5C 00 00 (...........2\.. > May 2 01:59:54 yhwh charon: 07[KNL] 16: C0 A8 01 D2 00 00 00 00 00 00 00 > 00 00 00 00 00 ................ > May 2 01:59:54 yhwh charon: 07[KNL] 32: CF 67 84 EA 02 00 32 00 > .g....2. > May 2 01:59:54 yhwh charon: 07[KNL] deleted SAD entry with SPI cf6784ea > (mark 0/0x00000000) > May 2 01:59:54 yhwh charon: 08[NET] received packet: from 70.168.54.2[4500] > to 192.168.1.210[4500] (76 bytes) > May 2 01:59:54 yhwh charon: 08[IKE] next IV for MID 2733576068 => 8 bytes @ > 0x7fecb8000ae0 > May 2 01:59:54 yhwh charon: 08[IKE] 0: 65 5B 05 CE 91 EC ED 6D > e[.....m > May 2 01:59:54 yhwh charon: 08[ENC] parsed INFORMATIONAL_V1 request > 2733576068 [ HASH D ] > May 2 01:59:54 yhwh charon: 08[IKE] Hash => 16 bytes @ 0x7fecb8000f90 > May 2 01:59:54 yhwh charon: 08[IKE] 0: 1A EA 7F 82 36 09 EA 3F 9D 65 1C > 35 50 39 BE 24 ....6..?.e.5P9.$ > May 2 01:59:54 yhwh charon: 08[IKE] next IV for MID 2733576068 => 8 bytes @ > 0x7fecb8000d70 > May 2 01:59:54 yhwh charon: 08[IKE] 0: E5 5E A1 DC 19 CC CF 49 > .^.....I > May 2 01:59:54 yhwh charon: 08[IKE] received DELETE for IKE_SA ezvpn[1] > May 2 01:59:54 yhwh charon: 08[IKE] deleting IKE_SA ezvpn[1] between > 192.168.1.210[IPSECRemoteUser]...70.168.54.2[70.168.54.2] > May 2 01:59:54 yhwh charon: 08[IKE] IKE_SA ezvpn[1] state change: > ESTABLISHED => DELETING > May 2 01:59:54 yhwh charon: 08[IKE] IKE_SA ezvpn[1] state change: DELETING > => DELETING > May 2 01:59:54 yhwh charon: 08[IKE] IKE_SA ezvpn[1] state change: DELETING > => DESTROYING > May 2 01:59:54 yhwh charon: 08[IKE] removing DNS server 172.16.10.20 from > /etc/strongswan/resolv.conf > May 2 01:59:54 yhwh charon: 08[KNL] deleting virtual IP 192.168.10.116 > May 2 01:59:54 yhwh avahi-daemon[706]: Withdrawing address record for > 192.168.10.116 on wlp3s0. > May 2 02:01:01 yhwh systemd: Starting Session 7 of user root. > > > and here's the console output: > > [root@yhwh strongswan]# strongswan start > Starting strongSwan 5.1.3 IPsec [starter]... > [root@yhwh strongswan]# strongswan up ezvpn > initiating Aggressive Mode IKE_SA ezvpn[1] to 70.168.54.2 > generating AGGRESSIVE request 0 [ SA KE No ID V V V V ] > sending packet: from 192.168.1.210[500] to 70.168.54.2[500] (387 bytes) > received packet: from 70.168.54.2[500] to 192.168.1.210[500] (428 bytes) > parsed AGGRESSIVE response 0 [ SA KE No ID HASH V V V V NAT-D NAT-D V V ] > received Cisco Unity vendor ID > received XAuth vendor ID > received DPD vendor ID > received draft-ietf-ipsec-nat-t-ike-02\n vendor ID > received FRAGMENTATION vendor ID > received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00 > local host is behind NAT, sending keep alives > generating AGGRESSIVE request 0 [ NAT-D NAT-D HASH ] > sending packet: from 192.168.1.210[4500] to 70.168.54.2[4500] (92 bytes) > received packet: from 70.168.54.2[4500] to 192.168.1.210[4500] (68 bytes) > parsed TRANSACTION request 693118219 [ HASH CPRQ(X_TYPE X_USER X_PWD) ] > generating TRANSACTION response 693118219 [ HASH CPRP(X_USER X_PWD) ] > sending packet: from 192.168.1.210[4500] to 70.168.54.2[4500] (84 bytes) > received packet: from 70.168.54.2[4500] to 192.168.1.210[4500] (60 bytes) > parsed TRANSACTION request 3841658393 [ HASH CPS(X_STATUS) ] > XAuth authentication of 'mnaskovski' (myself) successful > IKE_SA ezvpn[1] established between > 192.168.1.210[IPSECRemoteUser]...70.168.54.2[70.168.54.2] > scheduling reauthentication in 86127s > maximum IKE_SA lifetime 86307s > generating TRANSACTION response 3841658393 [ HASH CPA(X_STATUS) ] > sending packet: from 192.168.1.210[4500] to 70.168.54.2[4500] (68 bytes) > generating TRANSACTION request 3024381547 [ HASH CPRQ(ADDR DNS) ] > sending packet: from 192.168.1.210[4500] to 70.168.54.2[4500] (68 bytes) > received packet: from 70.168.54.2[4500] to 192.168.1.210[4500] (76 bytes) > parsed TRANSACTION response 3024381547 [ HASH CPRP(ADDR DNS) ] > installing DNS server 172.16.10.20 to /etc/strongswan/resolv.conf > installing new virtual IP 192.168.10.116 > generating QUICK_MODE request 110702905 [ HASH SA No ID ID ] > sending packet: from 192.168.1.210[4500] to 70.168.54.2[4500] (196 bytes) > received packet: from 70.168.54.2[4500] to 192.168.1.210[4500] (84 bytes) > parsed INFORMATIONAL_V1 request 1897171263 [ HASH N(NO_PROP) ] > received NO_PROPOSAL_CHOSEN error notify > establishing connection 'ezvpn' failed > > My ipsec.secret: > > [root@yhwh strongswan]# cat ipsec.secrets > # /etc/ipsec.secrets - strongSwan IPsec secrets file > 70.168.54.2 : PSK "<removed>" #this is PSK for group password > mnaskovski : XAUTH "<removed>" #this is password for XAuth (user > cisco) > > : RSA myKey.der > [root@yhwh strongswan]# > > What am I doing wrong - why is VPNC flawless and something as cool as > strongswan failing? This will be the most educational experience for me :).. > > I appreciate ANYONE's guidance in this matter. > > Thank you, > Martin > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTY2PUAAoJEDg5KY9j7GZYdyUP/jEXuCkAKmmWBW1Pwyfp94+k z4uLubwucn9zPC7Y9rvjJQ4MRRwgNw2EnAFKPMnnFBCInP8cG/v2MFqv8r2uMe6y I13126oZjOgEjMVxyxSNydbwCK3jloICfBTH0h4MDhJgbx9HwdBNrLTpYehHv0f5 rIMRaFXHnBf2dCCV35l8gQnwj5dUr1bhe5Oz1Qfac2F2jKA4YyLuRNdUFtG0GlDI dTsFy1btMIKUSmaIQLO/ux221onZtv0QqgLezvVAnaoN06bN1HVZ1HnoNRoq1nTZ qiMC9ixi8jTR+LGmRAHJyvQVnwv5yMZMvVuN3uGy4xQgJp2SCJ0osVS5stLUxpcu pZfMToaISf4Lty0omEd8QF2UU962onhGKT+XKTqeKk6Xe3Umf5el9w8W35xF3N2A IxaY8ybKwOV43NLxrMhLiQ6BhBudAXZkd5z8mGb4/KFUUspPAY2u5y4L3BS7WCDC 9Vx2Ad80rStfbedrW0hFM5Jnb3LW7K0ixprKtJ/EJdUMKBZ8Z23s0Ah9Xnfh1cqR 5CXQyTdQdebguYOLysjF2LNlCAbwiBPYB/+3ZzOM71//yGwYwSc/f0eqB+XIqKbu WBySb6KyxTIxqaEojVCdznyOPK9RqlNn/VweZTiYuUXcMcyhMQiRb5KdhTMGMh1Z 7McEfrSIjX4SiT9fmYN2 =m4lw -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
