Hi, just wanted to let everyone know that in switching to Charon-systemd all of
these bogus log entries have gone away (which was my hope when I started down
the path of switching!). In case anyone else is using a similar configuration,
here’s the equivalent swanctl.conf for the prior ipsec.conf
connections {
ikev2-eap-mschapv2 {
version = 2
# proposals =
aes192gcm16-aes128gcm16-aes192-prfsha256-ecp256-ecp521,aes192-sha256-modp3072,default
proposals = aes256-sha1-modp1024,aes192-sha256-modp3072,default
rekey_time = 0s
pools = primary-pool-ipv4
fragmentation = yes
dpd_delay = 30s
mobike = yes
local-1 {
certs = strongswanCert.pem
id = ipsec.server.starwhite
auth = psk
}
remote-1 {
auth = eap-mschapv2
id = ipsec.client.starwhite
eap_id = %any
}
children {
ikev2-eap-mschapv2 {
local_ts = 0.0.0.0/0
rekey_time = 0s
dpd_action = clear
# esp_proposals =
aes192gcm16-aes128gcm16-aes192-ecp256,aes192-sha256-modp3072,default
esp_proposals =
aes256-sha1-modp1024,aes192-sha256-modp3072,default
# updown = /libexec/ipsec/_updown iptables
}
}
}
ikev2-pubkey {
version = 2
proposals = aes256-sha1-modp1024,aes192-sha256-modp3072,default
rekey_time = 0s
pools = primary-pool-ipv4
fragmentation = yes
dpd_delay = 30s
local-1 {
certs = vpnHostCert.pem
id = ipsec.server.starwhite
}
remote-1 { # defaults are fine
}
children {
ikev2-pubkey {
local_ts = 0.0.0.0/0
rekey_time = 0s
dpd_action = clear
esp_proposals =
aes256-sha1-modp1024,aes192-sha256-modp3072,default
}
}
}
}
pools {
primary-pool-ipv4 {
addrs = 10.92.10.0/24
dns = 192.168.92.3, 8.8.8.8
}
}
include conf.d/*.conf
And here is the secrets file from /etc/swanctl/conf.d/swanctl-secrets.conf. I
put it in a separate file to simplify my script for generating secrets and
.mobileconfig files.
secrets {
ike-psk {
secret=biglongsecretstring
}
eap-xxx@mydomain {
id = xxx@mydomain
secret=biglongsecretstring2
}
}
From: bls s<mailto:[email protected]>
Sent: Tuesday, November 21, 2017 3:47 PM
To: [email protected]<mailto:[email protected]>
Subject: Very strange strongSwan log entries
I'm REALLY confused about what I'm seeing in the strongSwan log! I've probably
got a serious configuration error, and would really appreciate some pointers
toward fixing this. A summary description would be "VPN road warrior
connections established with one client generate log activity to/from another
IP address".
Thanks!
Here's my configuration information:
* Strongswan V5.6.0 on OpenSuse 42.3 with one VPN user configured at the moment
(me on my iPhone).
* Build command line:
$ ./configure --enable-eap-mschapv2 --enable-eap-identity --enable-openssl
--enable-eap-md5 --enable-eap-tls --enable-eap-dynamic --enable-tools
* ipsec.conf:
config setup
strictcrlpolicy=no
uniqueids=no
conn %default
dpdaction=clear
dpddelay=35s
dpdtimeout=120s
fragmentation=yes
rekey=no
left=%any
leftsubnet=0.0.0.0/0
right=%any
rightdns=192.168.92.2,8.8.8.8
rightsourceip=10.92.10.1/24
conn iOS-IKEV2
keyexchange=ikev2
auto=add
mobike=yes
eap_identity=%any
leftauth=psk
leftid=net.mydomain.ipsec.server
leftfirewall=yes
rightsendcert=always
rightauth=eap-mschapv2
rightid=net.mydomain.ipsec.client
These bullets discuss the log snippet which follows at the end of this message.
Except for 1 and 2, each one of these connections happened on a different day.
* [Connection 1]: You can see that a connection is made to the VPN from
166.176.187.128. But several lines later, ipsec reports a connection to
166.176.185.112 (See ***). I'm pretty sure that my cellphone doesn't get new IP
addresses that fast! But then, after ipsec reports the IP lease going offline
(See ****), there is additional activity reported with the original IP address
of 166.176.187.128, including recreating the whole VPN session.
* [Connection 2]: This is a random hacker trying to connect to the VPN. I
monitor the VPN with fail2ban, and this attempt blocked udp ports 500 and 4500
for 196.52.43.60.
* [Connection 3]: Another random connection. IP 168.1.128.76 blocked by
fail2ban.
* [Connection 4]: Another random connection. IP 92.53.47.72 blocked by fail2ban.
* [Connection 5]: This occurred last night. All of the IP addresses mentioned
in connections 2,3,4 are still blocked via fail2ban. Then, there is a
connection from 196.52.43.54, which generates a "received proposals
inacceptable" error, and then immediately following that there is ipsec log
activity from a completely different address (166.176.187.128, which you may
recall from Connection 1) which authenticates to the VPN. Then, following this
there is traffic from 168.1.128.76 (Connection 2), and then traffic from
92.53.47.72 (Connection 4).
Logfiles snippets:
... [Connection 1]
Nov 17 08:55:22 myhost charon[22748]: 12[NET] received packet: from
166.176.187.128[56885] to 192.168.92.2[500] (300 bytes)
Nov 17 08:55:22 myhost charon[22748]: 12[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Nov 17 08:55:22 myhost charon[22748]: 12[IKE] 166.176.187.128 is initiating an
IKE_SA
Nov 17 08:55:22 myhost charon[22748]: 12[IKE] 166.176.187.128 is initiating an
IKE_SA
Nov 17 08:55:22 myhost charon[22748]: 12[IKE] local host is behind NAT, sending
keep alives
Nov 17 08:55:22 myhost charon[22748]: 12[IKE] remote host is behind NAT
Nov 17 08:55:22 myhost charon[22748]: 12[IKE] sending cert request for "C=CH,
O=strongSwan, CN=strongSwan Root CA"
Nov 17 08:55:22 myhost charon[22748]: 12[ENC] generating IKE_SA_INIT response 0
[ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
Nov 17 08:55:22 myhost charon[22748]: 12[NET] sending packet: from
192.168.92.2[500] to 166.176.187.128[56885] (341 bytes)
Nov 17 08:55:22 myhost charon[22748]: 13[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (364 bytes)
Nov 17 08:55:22 myhost charon[22748]: 13[ENC] unknown attribute type (25)
Nov 17 08:55:22 myhost charon[22748]: 13[ENC] parsed IKE_AUTH request 1 [ IDi
N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6
(25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
Nov 17 08:55:22 myhost charon[22748]: 13[CFG] looking for peer configs matching
192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost charon[22748]: 13[CFG] selected peer config 'iOS-IKEV2'
Nov 17 08:55:22 myhost charon[22748]: 13[IKE] initiating EAP_IDENTITY method
(id 0x00)
Nov 17 08:55:22 myhost charon[22748]: 13[IKE] received
ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Nov 17 08:55:22 myhost charon[22748]: 13[IKE] peer supports MOBIKE
Nov 17 08:55:22 myhost charon[22748]: 13[IKE] authentication of
'net.mydomain.ipsec.server' (myself) with pre-shared key
Nov 17 08:55:22 myhost charon[22748]: 13[ENC] generating IKE_AUTH response 1 [
IDr AUTH EAP/REQ/ID ]
Nov 17 08:55:22 myhost charon[22748]: 13[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (124 bytes)
Nov 17 08:55:22 myhost charon[22748]: 16[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)
Nov 17 08:55:22 myhost charon[22748]: 16[ENC] parsed IKE_AUTH request 2 [
EAP/RES/ID ]
Nov 17 08:55:22 myhost charon[22748]: 16[IKE] received EAP identity
'[email protected]'
Nov 17 08:55:22 myhost charon[22748]: 16[IKE] initiating EAP_MSCHAPV2 method
(id 0x0C)
Nov 17 08:55:22 myhost charon[22748]: 16[ENC] generating IKE_AUTH response 2 [
EAP/REQ/MSCHAPV2 ]
Nov 17 08:55:22 myhost charon[22748]: 16[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (100 bytes)
Nov 17 08:55:22 myhost charon[22748]: 06[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (140 bytes)
Nov 17 08:55:22 myhost charon[22748]: 06[ENC] parsed IKE_AUTH request 3 [
EAP/RES/MSCHAPV2 ]
Nov 17 08:55:22 myhost charon[22748]: 06[ENC] generating IKE_AUTH response 3 [
EAP/REQ/MSCHAPV2 ]
Nov 17 08:55:22 myhost charon[22748]: 06[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (132 bytes)
Nov 17 08:55:22 myhost charon[22748]: 15[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)
Nov 17 08:55:22 myhost charon[22748]: 15[ENC] parsed IKE_AUTH request 4 [
EAP/RES/MSCHAPV2 ]
Nov 17 08:55:22 myhost charon[22748]: 15[IKE] EAP method EAP_MSCHAPV2
succeeded, MSK established
Nov 17 08:55:22 myhost charon[22748]: 15[ENC] generating IKE_AUTH response 4 [
EAP/SUCC ]
Nov 17 08:55:22 myhost charon[22748]: 15[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (68 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] authentication of
'net.mydomain.ipsec.client' with EAP successful
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] authentication of
'net.mydomain.ipsec.server' (myself) with EAP
*** Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] IKE_SA iOS-IKEV2[3]
established between
192.168.92.2[net.mydomain.ipsec.server]...166.176.185.112[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] peer requested virtual IP %any
Nov 17 08:55:22 myhost ipsec[22734]: 09[CFG] reassigning offline lease to
'[email protected]'
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] assigning virtual IP 10.92.10.1 to
peer '[email protected]'
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] peer requested virtual IP %any6
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] no virtual IP found for %any6
requested by '[email protected]'
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] CHILD_SA iOS-IKEV2{3} established
with SPIs cf5c7974_i 0e80f84c_o and TS 0.0.0.0/0 === 10.92.10.1/32
Nov 17 08:55:22 myhost ipsec[22734]: 09[ENC] generating IKE_AUTH response 5 [
AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Nov 17 08:55:22 myhost ipsec[22734]: 09[NET] sending packet: from
192.168.92.2[4500] to 166.176.185.112[9569] (220 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 06[IKE] sending keep alive to
166.176.185.112[9569]
Nov 17 08:55:22 myhost ipsec[22734]: 15[IKE] sending DPD request
Nov 17 08:55:22 myhost ipsec[22734]: 15[ENC] generating INFORMATIONAL request 0
[ ]
Nov 17 08:55:22 myhost ipsec[22734]: 15[NET] sending packet: from
192.168.92.2[4500] to 166.176.185.112[9569] (60 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 07[NET] received packet: from
166.176.185.112[9569] to 192.168.92.2[4500] (60 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 07[ENC] parsed INFORMATIONAL response 0 [ ]
Nov 17 08:55:22 myhost ipsec[22734]: 10[NET] received packet: from
166.176.185.112[9569] to 192.168.92.2[4500] (68 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 10[ENC] parsed INFORMATIONAL request 6 [ D
]
Nov 17 08:55:22 myhost ipsec[22734]: 10[IKE] received DELETE for IKE_SA
iOS-IKEV2[3]
Nov 17 08:55:22 myhost ipsec[22734]: 10[IKE] deleting IKE_SA iOS-IKEV2[3]
between
192.168.92.2[net.mydomain.ipsec.server]...166.176.185.112[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost ipsec[22734]: 10[IKE] IKE_SA deleted
Nov 17 08:55:22 myhost ipsec[22734]: 10[ENC] generating INFORMATIONAL response
6 [ ]
Nov 17 08:55:22 myhost ipsec[22734]: 10[NET] sending packet: from
192.168.92.2[4500] to 166.176.185.112[9569] (60 bytes)
**** Nov 17 08:55:22 myhost ipsec[22734]: 10[CFG] lease 10.92.10.1 by
'[email protected]' went offline
Nov 17 08:55:22 myhost ipsec[22734]: 12[NET] received packet: from
166.176.187.128[56885] to 192.168.92.2[500] (300 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 12[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] 166.176.187.128 is initiating an
IKE_SA
Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] local host is behind NAT, sending
keep alives
Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] remote host is behind NAT
Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] sending cert request for "C=CH,
O=strongSwan, CN=strongSwan Root CA"
Nov 17 08:55:22 myhost ipsec[22734]: 12[ENC] generating IKE_SA_INIT response 0
[ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
Nov 17 08:55:22 myhost ipsec[22734]: 12[NET] sending packet: from
192.168.92.2[500] to 166.176.187.128[56885] (341 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 13[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (364 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 13[ENC] unknown attribute type (25)
Nov 17 08:55:22 myhost ipsec[22734]: 13[ENC] parsed IKE_AUTH request 1 [ IDi
N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6
(25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
Nov 17 08:55:22 myhost ipsec[22734]: 13[CFG] looking for peer configs matching
192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost ipsec[22734]: 13[CFG] selected peer config 'iOS-IKEV2'
Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] initiating EAP_IDENTITY method (id
0x00)
Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] received
ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] peer supports MOBIKE
Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] authentication of
'net.mydomain.ipsec.server' (myself) with pre-shared key
Nov 17 08:55:22 myhost ipsec[22734]: 13[ENC] generating IKE_AUTH response 1 [
IDr AUTH EAP/REQ/ID ]
Nov 17 08:55:22 myhost ipsec[22734]: 13[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (124 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 16[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 16[ENC] parsed IKE_AUTH request 2 [
EAP/RES/ID ]
Nov 17 08:55:22 myhost ipsec[22734]: 16[IKE] received EAP identity
'[email protected]'
Nov 17 08:55:22 myhost ipsec[22734]: 16[IKE] initiating EAP_MSCHAPV2 method (id
0x0C)
Nov 17 08:55:22 myhost ipsec[22734]: 16[ENC] generating IKE_AUTH response 2 [
EAP/REQ/MSCHAPV2 ]
Nov 17 08:55:22 myhost ipsec[22734]: 16[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (100 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 06[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (140 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 06[ENC] parsed IKE_AUTH request 3 [
EAP/RES/MSCHAPV2 ]
Nov 17 08:55:22 myhost ipsec[22734]: 06[ENC] generating IKE_AUTH response 3 [
EAP/REQ/MSCHAPV2 ]
Nov 17 08:55:22 myhost ipsec[22734]: 06[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (132 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 15[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 15[ENC] parsed IKE_AUTH request 4 [
EAP/RES/MSCHAPV2 ]
Nov 17 08:55:22 myhost ipsec[22734]: 15[IKE] EAP method EAP_MSCHAPV2 succeeded,
MSK established
Nov 17 08:55:22 myhost ipsec[22734]: 15[ENC] generating IKE_AUTH response 4 [
EAP/SUCC ]
Nov 17 08:55:22 myhost charon[22748]: 07[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)
Nov 17 08:55:22 myhost charon[22748]: 07[ENC] parsed IKE_AUTH request 5 [ AUTH ]
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] authentication of
'net.mydomain.ipsec.client' with EAP successful
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] authentication of
'net.mydomain.ipsec.server' (myself) with EAP
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] IKE_SA iOS-IKEV2[4] established
between
192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] IKE_SA iOS-IKEV2[4] established
between
192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] peer requested virtual IP %any
Nov 17 08:55:22 myhost charon[22748]: 07[CFG] reassigning offline lease to
'[email protected]'
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] assigning virtual IP 10.92.10.1
to peer '[email protected]'
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] peer requested virtual IP %any6
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] no virtual IP found for %any6
requested by '[email protected]'
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] CHILD_SA iOS-IKEV2{4} established
with SPIs caa3f6e7_i 0ec431e6_o and TS 0.0.0.0/0 === 10.92.10.1/32
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] CHILD_SA iOS-IKEV2{4} established
with SPIs caa3f6e7_i 0ec431e6_o and TS 0.0.0.0/0 === 10.92.10.1/32
Nov 17 08:55:22 myhost vpn[21188]: + net.mydomain.ipsec.client 10.92.10.1/32 ==
166.176.187.128 -- 192.168.92.2 == 0.0.0.0/0
Nov 17 08:55:22 myhost charon[22748]: 07[ENC] generating IKE_AUTH response 5 [
AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Nov 17 08:55:22 myhost charon[22748]: 07[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (220 bytes)
Nov 17 08:55:56 myhost charon[22748]: 10[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)
Nov 17 08:55:56 myhost charon[22748]: 10[ENC] parsed INFORMATIONAL request 6 [
D ]
Nov 17 08:55:56 myhost charon[22748]: 10[IKE] received DELETE for IKE_SA
iOS-IKEV2[4]
Nov 17 08:55:56 myhost charon[22748]: 10[IKE] deleting IKE_SA iOS-IKEV2[4]
between
192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:56 myhost charon[22748]: 10[IKE] deleting IKE_SA iOS-IKEV2[4]
between
192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:56 myhost charon[22748]: 10[IKE] IKE_SA deleted
Nov 17 08:55:56 myhost charon[22748]: 10[IKE] IKE_SA deleted
Nov 17 08:55:56 myhost vpn[21225]: - net.mydomain.ipsec.client 10.92.10.1/32 ==
166.176.187.128 -- 192.168.92.2 == 0.0.0.0/0
Nov 17 08:55:56 myhost charon[22748]: 10[ENC] generating INFORMATIONAL response
6 [ ]
Nov 17 08:55:56 myhost charon[22748]: 10[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (60 bytes)
Nov 17 08:55:56 myhost charon[22748]: 10[CFG] lease 10.92.10.1 by
'[email protected]' went offline
... [Connection 2]
Nov 17 11:36:43 myhost charon[22748]: 16[NET] received packet: from
196.52.43.60[6712] to 192.168.92.2[4500] (288 bytes)
Nov 17 11:36:43 myhost charon[22748]: 16[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No ]
Nov 17 11:36:43 myhost charon[22748]: 16[IKE] 196.52.43.60 is initiating an
IKE_SA
Nov 17 11:36:43 myhost charon[22748]: 16[IKE] 196.52.43.60 is initiating an
IKE_SA
Nov 17 11:36:43 myhost charon[22748]: 16[IKE] sending cert request for "C=CH,
O=strongSwan, CN=strongSwan Root CA"
Nov 17 11:36:43 myhost charon[22748]: 16[ENC] generating IKE_SA_INIT response 0
[ SA KE No CERTREQ N(MULT_AUTH) ]
Nov 17 11:36:43 myhost charon[22748]: 16[NET] sending packet: from
192.168.92.2[4500] to 196.52.43.60[6712] (277 bytes)
Nov 17 11:37:13 myhost charon[22748]: 06[JOB] deleting half open IKE_SA with
196.52.43.60 after timeout
... [Connection 3]
Nov 18 04:32:16 myhost charon[22748]: 15[NET] received packet: from
168.1.128.76[6712] to 192.168.92.2[500] (280 bytes)
Nov 18 04:32:16 myhost charon[22748]: 15[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No ]
Nov 18 04:32:16 myhost charon[22748]: 15[IKE] 168.1.128.76 is initiating an
IKE_SA
Nov 18 04:32:16 myhost charon[22748]: 15[IKE] 168.1.128.76 is initiating an
IKE_SA
Nov 18 04:32:16 myhost charon[22748]: 15[CFG] received proposals:
IKE:DES_CBC/RC5_CBC/BLOWFISH_CBC/(0)/HMAC_MD5_96/HMAC_SHA1_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_256/MODP_1024
Nov 18 04:32:16 myhost charon[22748]: 15[CFG] configured proposals:
IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024,
IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024
Nov 18 04:32:16 myhost charon[22748]: 15[IKE] received proposals inacceptable
Nov 18 04:32:16 myhost charon[22748]: 15[ENC] generating IKE_SA_INIT response 0
[ N(NO_PROP) ]
Nov 18 04:32:16 myhost charon[22748]: 15[NET] sending packet: from
192.168.92.2[500] to 168.1.128.76[6712] (36 bytes)
... [Connection 4]
Nov 19 02:47:44 myhost charon[22748]: 05[NET] received packet: from
92.53.47.72[27989] to 192.168.92.2[500] (408 bytes)
Nov 19 02:47:44 myhost charon[22748]: 05[ENC] parsed ID_PROT request 0 [ SA V V
V V V V V V ]
Nov 19 02:47:44 myhost charon[22748]: 05[IKE] no IKE config found for
192.168.92.2...92.53.47.72, sending NO_PROPOSAL_CHOSEN
Nov 19 02:47:44 myhost charon[22748]: 05[ENC] generating INFORMATIONAL_V1
request 4224631939 [ N(NO_PROP) ]
Nov 19 02:47:44 myhost charon[22748]: 05[NET] sending packet: from
192.168.92.2[500] to 92.53.47.72[27989] (40 bytes)
... [Connection 5]
Nov 21 01:57:37 myhost charon[22748]: 07[NET] received packet: from
196.52.43.54[6712] to 192.168.92.2[500] (280 bytes)
Nov 21 01:57:37 myhost charon[22748]: 07[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No ]
Nov 21 01:57:37 myhost charon[22748]: 07[IKE] 196.52.43.54 is initiating an
IKE_SA
Nov 21 01:57:37 myhost charon[22748]: 07[IKE] 196.52.43.54 is initiating an
IKE_SA
Nov 21 01:57:37 myhost charon[22748]: 07[CFG] received proposals:
IKE:DES_CBC/RC5_CBC/BLOWFISH_CBC/(0)/HMAC_MD5_96/HMAC_SHA1_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_256/MODP_1024
Nov 21 01:57:37 myhost charon[22748]: 07[CFG] configured proposals:
IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024,
IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024
Nov 21 01:57:37 myhost charon[22748]: 07[IKE] received proposals inacceptable
Nov 21 01:57:37 myhost charon[22748]: 07[ENC] generating IKE_SA_INIT response 0
[ N(NO_PROP) ]
Nov 21 01:57:37 myhost charon[22748]: 07[NET] sending packet: from
192.168.92.2[500] to 196.52.43.54[6712] (36 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 15[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (68 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 07[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 07[ENC] parsed IKE_AUTH request 5 [ AUTH ]
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] authentication of
'net.mydomain.ipsec.client' with EAP successful
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] authentication of
'net.mydomain.ipsec.server' (myself) with EAP
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] IKE_SA iOS-IKEV2[4] established
between
192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] peer requested virtual IP %any
Nov 21 01:57:37 myhost ipsec[22734]: 07[CFG] reassigning offline lease to
'[email protected]'
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] assigning virtual IP 10.92.10.1 to
peer '[email protected]'
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] peer requested virtual IP %any6
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] no virtual IP found for %any6
requested by '[email protected]'
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] CHILD_SA iOS-IKEV2{4} established
with SPIs caa3f6e7_i 0ec431e6_o and TS 0.0.0.0/0 === 10.92.10.1/32
Nov 21 01:57:37 myhost ipsec[22734]: 07[ENC] generating IKE_AUTH response 5 [
AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Nov 21 01:57:37 myhost ipsec[22734]: 07[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (220 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 10[NET] received packet: from
166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 10[ENC] parsed INFORMATIONAL request 6 [ D
]
Nov 21 01:57:37 myhost ipsec[22734]: 10[IKE] received DELETE for IKE_SA
iOS-IKEV2[4]
Nov 21 01:57:37 myhost ipsec[22734]: 10[IKE] deleting IKE_SA iOS-IKEV2[4]
between
192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 21 01:57:37 myhost ipsec[22734]: 10[IKE] IKE_SA deleted
Nov 21 01:57:37 myhost ipsec[22734]: 10[ENC] generating INFORMATIONAL response
6 [ ]
Nov 21 01:57:37 myhost ipsec[22734]: 10[NET] sending packet: from
192.168.92.2[4500] to 166.176.187.128[30852] (60 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 10[CFG] lease 10.92.10.1 by
'[email protected]' went offline
Nov 21 01:57:37 myhost ipsec[22734]: 16[NET] received packet: from
196.52.43.60[6712] to 192.168.92.2[4500] (288 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 16[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No ]
Nov 21 01:57:37 myhost ipsec[22734]: 16[IKE] 196.52.43.60 is initiating an
IKE_SA
Nov 21 01:57:37 myhost ipsec[22734]: 16[IKE] sending cert request for "C=CH,
O=strongSwan, CN=strongSwan Root CA"
Nov 21 01:57:37 myhost ipsec[22734]: 16[ENC] generating IKE_SA_INIT response 0
[ SA KE No CERTREQ N(MULT_AUTH) ]
Nov 21 01:57:37 myhost ipsec[22734]: 16[NET] sending packet: from
192.168.92.2[4500] to 196.52.43.60[6712] (277 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 06[JOB] deleting half open IKE_SA with
196.52.43.60 after timeout
Nov 21 01:57:37 myhost ipsec[22734]: 15[NET] received packet: from
168.1.128.76[6712] to 192.168.92.2[500] (280 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 15[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No ]
Nov 21 01:57:37 myhost ipsec[22734]: 15[IKE] 168.1.128.76 is initiating an
IKE_SA
Nov 21 01:57:37 myhost ipsec[22734]: 15[CFG] received proposals:
IKE:DES_CBC/RC5_CBC/BLOWFISH_CBC/(0)/HMAC_MD5_96/HMAC_SHA1_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_256/MODP_1024
Nov 21 01:57:37 myhost ipsec[22734]: 15[CFG] configured proposals:
IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024,
IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024
Nov 21 01:57:37 myhost ipsec[22734]: 15[IKE] received proposals inacceptable
Nov 21 01:57:37 myhost ipsec[22734]: 15[ENC] generating IKE_SA_INIT response 0
[ N(NO_PROP) ]
Nov 21 01:57:37 myhost ipsec[22734]: 15[NET] sending packet: from
192.168.92.2[500] to 168.1.128.76[6712] (36 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 05[NET] received packet: from
92.53.47.72[27989] to 192.168.92.2[500] (408 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 05[ENC] parsed ID_PROT request 0 [ SA V V
V V V V V V ]
Nov 21 01:57:37 myhost ipsec[22734]: 05[IKE] no IKE config found for
192.168.92.2...92.53.47.72, sending NO_PROPOSAL_CHOSEN
Nov 21 01:57:37 myhost ipsec[22734]: 05[ENC] generating INFORMATIONAL_V1
request 4224631939 [ N(NO_PROP) ]
Nov 21 01:57:37 myhost ipsec[22734]: 05[NET] sending packet: from
192.168.92.2[500] to 92.53.47.72[27989] (40 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 07[NET] received packet: from
196.52.43.54[6712] to 192.168.92.2[500] (280 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 07[ENC] parsed IKE_SA_INIT request 0 [ SA
KE No ]
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] 196.52.43.54 is initiating an
IKE_SA
