Re: [strongSwan] Can anyone explain VPN oddity

Jafar Al-Gharaibeh Sat, 12 May 2018 07:57:51 -0700

Jody,

To narrow down the issue don't connect over WiFi. Have your iPhone oncellular,then restart strongSwan to start with a clean state.Try to initiate thevpn tunnel

after that. Observe the behavior and share the logs with us.


--Jafar


On 2018-05-11 19:26, Jody Whitesides wrote:

Thank you Jafar, so far I’ve been thru those pages already and
actually already use those IPTABLE settings to reduce the size. So it
must be something different. Here’s some output from the logs (18:06
time is on wifi, email worked, website worked. 18:07 on cellular,
email didn’t work, website didn’t load):

May 11 18:06:12 jodywhitesides charon: 03[NET] received packet: from
67.177.12.59[500] to 138.68.251.157[500]

May 11 18:06:12 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:06:12 jodywhitesides charon: 16[NET] received packet: from
67.177.12.59[500] to 138.68.251.157[500] (848 bytes)
May 11 18:06:12 jodywhitesides charon: 16[ENC] parsed ID_PROT request
0 [ SA V V V V V V V V V V V V V V ]
May 11 18:06:12 jodywhitesides charon: 16[CFG] looking for an ike
config for 138.68.251.157...67.177.12.59
May 11 18:06:12 jodywhitesides charon: 16[CFG]   candidate:
%any,0.0.0.0/0,::/0...%any,0.0.0.0/0,::/0, prio 28
May 11 18:06:12 jodywhitesides charon: 16[CFG] found matching ike
config: %any,0.0.0.0/0,::/0...%any,0.0.0.0/0,::/0 with prio 28
May 11 18:06:12 jodywhitesides charon: 16[IKE] received NAT-T (RFC
3947) vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received
draft-ietf-ipsec-nat-t-ike vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received
draft-ietf-ipsec-nat-t-ike-08 vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received
draft-ietf-ipsec-nat-t-ike-07 vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received
draft-ietf-ipsec-nat-t-ike-06 vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received
draft-ietf-ipsec-nat-t-ike-05 vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received
draft-ietf-ipsec-nat-t-ike-04 vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received
draft-ietf-ipsec-nat-t-ike-03 vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received
draft-ietf-ipsec-nat-t-ike-02 vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received XAuth vendor
ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received Cisco Unity
vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received FRAGMENTATION
vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] received DPD vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] 67.177.12.59 is
initiating a Main Mode IKE_SA
May 11 18:06:12 jodywhitesides charon: 16[IKE] IKE_SA (unnamed)[2]
state change: CREATED => CONNECTING
May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
May 11 18:06:12 jodywhitesides charon: 16[CFG]   no acceptable
PSEUDO_RANDOM_FUNCTION found
May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
May 11 18:06:12 jodywhitesides charon: 16[CFG]   no acceptable
DIFFIE_HELLMAN_GROUP found
May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
May 11 18:06:12 jodywhitesides charon: 16[CFG]   no acceptable
PSEUDO_RANDOM_FUNCTION found
May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
May 11 18:06:12 jodywhitesides charon: 16[CFG]   no acceptable
PSEUDO_RANDOM_FUNCTION found
May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
May 11 18:06:12 jodywhitesides charon: 16[CFG]   no acceptable
PSEUDO_RANDOM_FUNCTION found
May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
May 11 18:06:12 jodywhitesides charon: 16[CFG]   no acceptable
DIFFIE_HELLMAN_GROUP found
May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
May 11 18:06:12 jodywhitesides charon: 16[CFG]   no acceptable
PSEUDO_RANDOM_FUNCTION found
May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
May 11 18:06:12 jodywhitesides charon: 16[CFG]   proposal matches
May 11 18:06:12 jodywhitesides charon: 16[CFG] received proposals:
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:A$
May 11 18:06:12 jodywhitesides charon: 16[CFG] configured proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
May 11 18:06:12 jodywhitesides charon: 16[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
May 11 18:06:12 jodywhitesides charon: 16[IKE] sending XAuth vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] sending DPD vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] sending FRAGMENTATION
vendor ID
May 11 18:06:12 jodywhitesides charon: 16[IKE] sending NAT-T (RFC
3947) vendor ID
May 11 18:06:12 jodywhitesides charon: 16[ENC] generating ID_PROT
response 0 [ SA V V V V ]
May 11 18:06:12 jodywhitesides charon: 16[NET] sending packet: from
138.68.251.157[500] to 67.177.12.59[500] (160 bytes)
May 11 18:06:12 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[500] to 67.177.12.59[500]
May 11 18:06:12 jodywhitesides charon: 03[NET] received packet: from
67.177.12.59[500] to 138.68.251.157[500]
May 11 18:06:12 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:06:12 jodywhitesides charon: 06[NET] received packet: from
67.177.12.59[500] to 138.68.251.157[500] (228 bytes)
May 11 18:06:12 jodywhitesides charon: 06[ENC] parsed ID_PROT request
0 [ KE No NAT-D NAT-D ]
May 11 18:06:12 jodywhitesides charon: 06[IKE] remote host is behind
NAT

May 11 18:06:12 jodywhitesides charon: 06[IKE] sending cert request
for "C=US, O=JW Server VPN, CN=138.68.251.157 Root CA"
May 11 18:06:12 jodywhitesides charon: 06[ENC] generating ID_PROT
response 0 [ KE No CERTREQ NAT-D NAT-D ]
May 11 18:06:12 jodywhitesides charon: 06[NET] sending packet: from
138.68.251.157[500] to 67.177.12.59[500] (321 bytes)
May 11 18:06:12 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[500] to 67.177.12.59[500]
May 11 18:06:12 jodywhitesides charon: 03[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500]
May 11 18:06:12 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:06:12 jodywhitesides charon: 08[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500] (1280 bytes)
May 11 18:06:12 jodywhitesides charon: 08[ENC] parsed ID_PROT request
0 [ FRAG(1) ]
May 11 18:06:12 jodywhitesides charon: 08[ENC] received fragment #1,
waiting for complete IKE message
May 11 18:06:12 jodywhitesides charon: 03[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500]
May 11 18:06:12 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:06:12 jodywhitesides charon: 05[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500] (804 bytes)
May 11 18:06:12 jodywhitesides charon: 05[ENC] parsed ID_PROT request
0 [ FRAG(2/2) ]
May 11 18:06:12 jodywhitesides charon: 05[ENC] received fragment #2,
reassembling fragmented IKE message
May 11 18:06:12 jodywhitesides charon: 05[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500] (2012 bytes)
May 11 18:06:12 jodywhitesides charon: 05[ENC] parsed ID_PROT request
0 [ ID CERT SIG CERTREQ N(INITIAL_CONTACT) ]
May 11 18:06:12 jodywhitesides charon: 05[IKE] ignoring certificate
request without data
May 11 18:06:12 jodywhitesides charon: 05[IKE] received end entity
cert "C=US, O=JW Server VPN, CN=138.68.251.157"
May 11 18:06:12 jodywhitesides charon: 05[CFG] looking for
XAuthInitRSA peer configs matching 138.68.251.157...67.177.12.59[C=US,
O=JW Server VPN, CN=138.68.251.157]
May 11 18:06:12 jodywhitesides charon: 05[CFG]   candidate "ios",
match: 1/20/28 (me/other/ike)
May 11 18:06:12 jodywhitesides charon: 05[CFG] selected peer config
"ios"
May 11 18:06:12 jodywhitesides charon: 05[CFG]   certificate "C=US,
O=JW Server VPN, CN=138.68.251.157" key: 4096 bit RSA
May 11 18:06:12 jodywhitesides charon: 05[CFG]   using trusted ca
certificate "C=US, O=JW Server VPN, CN=138.68.251.157 Root CA"
May 11 18:06:13 jodywhitesides charon: 05[CFG] checking certificate
status of "C=US, O=JW Server VPN, CN=138.68.251.157"
May 11 18:06:13 jodywhitesides charon: 05[CFG] ocsp check skipped, no
ocsp found
May 11 18:06:13 jodywhitesides charon: 05[CFG] certificate status is
not available
May 11 18:06:13 jodywhitesides charon: 05[CFG]   certificate "C=US,
O=JW Server VPN, CN=138.68.251.157 Root CA" key: 4096 bit RSA
May 11 18:06:13 jodywhitesides charon: 05[CFG]   reached self-signed
root ca with a path length of 0
May 11 18:06:13 jodywhitesides charon: 05[CFG]   using trusted
certificate "C=US, O=JW Server VPN, CN=138.68.251.157"
May 11 18:06:13 jodywhitesides charon: 05[IKE] authentication of
'C=US, O=JW Server VPN, CN=138.68.251.157' with RSA_EMSA_PKCS1_NULL
successful
May 11 18:06:13 jodywhitesides charon: 05[IKE] authentication of
'138.68.251.157' (myself) successful
May 11 18:06:13 jodywhitesides charon: 05[IKE] queueing XAUTH task
May 11 18:06:13 jodywhitesides charon: 05[IKE] sending end entity cert
"C=US, O=JW Server VPN, CN=138.68.251.157"
May 11 18:06:13 jodywhitesides charon: 05[ENC] generating ID_PROT
response 0 [ ID CERT SIG ]
May 11 18:06:13 jodywhitesides charon: 05[ENC] splitting IKE message
with length of 1948 bytes into 2 fragments
May 11 18:06:13 jodywhitesides charon: 05[ENC] generating ID_PROT
response 0 [ FRAG(1) ]
May 11 18:06:13 jodywhitesides charon: 05[ENC] generating ID_PROT
response 0 [ FRAG(2/2) ]
May 11 18:06:13 jodywhitesides charon: 05[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350] (1248 bytes)
May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350]
May 11 18:06:13 jodywhitesides charon: 05[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350] (772 bytes)
May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350]
May 11 18:06:13 jodywhitesides charon: 05[IKE] activating new tasks
May 11 18:06:13 jodywhitesides charon: 05[IKE]   activating XAUTH task
May 11 18:06:13 jodywhitesides charon: 05[ENC] generating TRANSACTION
request 420309242 [ HASH CPRQ(X_USER X_PWD) ]
May 11 18:06:13 jodywhitesides charon: 05[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350] (76 bytes)
May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350]
May 11 18:06:13 jodywhitesides charon: 03[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500]
May 11 18:06:13 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:06:13 jodywhitesides charon: 09[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500] (108 bytes)
May 11 18:06:13 jodywhitesides charon: 09[ENC] parsed TRANSACTION
response 420309242 [ HASH CPRP(X_USER X_PWD) ]
May 11 18:06:13 jodywhitesides charon: 09[IKE] XAuth authentication of
'JodyiPhone' successful
May 11 18:06:13 jodywhitesides charon: 09[IKE] reinitiating already
active tasks
May 11 18:06:13 jodywhitesides charon: 09[IKE]   XAUTH task

May 11 18:06:13 jodywhitesides charon: 09[ENC] generating TRANSACTION
request 2511328619 [ HASH CPS(X_STATUS) ]
May 11 18:06:13 jodywhitesides charon: 09[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350] (76 bytes)
May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350]
May 11 18:06:13 jodywhitesides charon: 03[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500]
May 11 18:06:13 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:06:13 jodywhitesides charon: 03[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500]
May 11 18:06:13 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:06:13 jodywhitesides charon: 10[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500] (76 bytes)
May 11 18:06:13 jodywhitesides charon: 10[ENC] parsed TRANSACTION
response 2511328619 [ HASH CPA(X_STATUS) ]
May 11 18:06:13 jodywhitesides charon: 10[IKE] IKE_SA ios[2]
established between
138.68.251.157[138.68.251.157]...67.177.12.59[C=US, O=JW Server VPN,
CN=138.68.251.157]
May 11 18:06:13 jodywhitesides charon: 10[IKE] IKE_SA ios[2] state
change: CONNECTING => ESTABLISHED
May 11 18:06:13 jodywhitesides charon: 10[IKE] scheduling
reauthentication in 2931s
May 11 18:06:13 jodywhitesides charon: 10[IKE] maximum IKE_SA lifetime
3471s
May 11 18:06:13 jodywhitesides charon: 10[IKE] activating new tasks
May 11 18:06:13 jodywhitesides charon: 10[IKE] nothing to initiate
May 11 18:06:13 jodywhitesides charon: 10[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500] (172 bytes)
May 11 18:06:13 jodywhitesides charon: 10[ENC] unknown attribute type
(28683)
May 11 18:06:13 jodywhitesides charon: 10[ENC] parsed TRANSACTION
request 4034003366 [ HASH CPRQ(ADDR MASK DNS NBNS EXP VER U_BANNER
U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN U_PFS U_SAVEPWD U_FWTYPE
U_BKPSRV (28683)) ]
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
INTERNAL_IP4_ADDRESS attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
INTERNAL_IP4_NETMASK attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
INTERNAL_IP4_DNS attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
INTERNAL_IP4_NBNS attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
INTERNAL_ADDRESS_EXPIRY attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
APPLICATION_VERSION attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing UNITY_BANNER
attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
UNITY_DEF_DOMAIN attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
UNITY_SPLITDNS_NAME attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
UNITY_SPLIT_INCLUDE attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
UNITY_LOCAL_LAN attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing UNITY_PFS
attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
UNITY_SAVE_PASSWD attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
UNITY_FW_TYPE attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
UNITY_BACKUP_SERVERS attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] processing (28683)
attribute
May 11 18:06:13 jodywhitesides charon: 10[IKE] peer requested virtual
IP %any
May 11 18:06:13 jodywhitesides charon: 10[CFG] reassigning offline
lease to 'JodyiPhone'
May 11 18:06:13 jodywhitesides charon: 10[IKE] assigning virtual IP
10.10.10.2 to peer 'JodyiPhone'
May 11 18:06:13 jodywhitesides charon: 10[ENC] generating TRANSACTION
response 4034003366 [ HASH CPRP(ADDR DNS DNS DNS DNS DNS DNS6 DNS6) ]
May 11 18:06:13 jodywhitesides charon: 10[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350] (156 bytes)
May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350]
May 11 18:06:13 jodywhitesides charon: 03[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500]
May 11 18:06:13 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:06:13 jodywhitesides charon: 15[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500] (300 bytes)
May 11 18:06:13 jodywhitesides charon: 15[ENC] parsed QUICK_MODE
request 758508161 [ HASH SA No ID ID ]
May 11 18:06:13 jodywhitesides charon: 15[CFG] looking for a child
config for 0.0.0.0/0 === 10.10.10.2/32
May 11 18:06:13 jodywhitesides charon: 15[CFG] proposing traffic
selectors for us:
May 11 18:06:13 jodywhitesides charon: 15[CFG]  0.0.0.0/0
May 11 18:06:13 jodywhitesides charon: 15[CFG]  ::/0
May 11 18:06:13 jodywhitesides charon: 15[CFG] proposing traffic
selectors for other:
May 11 18:06:13 jodywhitesides charon: 15[CFG]  10.10.10.2/32
May 11 18:06:13 jodywhitesides charon: 15[CFG]   candidate "ios" with
prio 5+5
May 11 18:06:13 jodywhitesides charon: 15[CFG] found matching child
config "ios" with prio 10
May 11 18:06:13 jodywhitesides charon: 15[CFG] selecting traffic
selectors for other:
May 11 18:06:13 jodywhitesides charon: 15[CFG]  config: 10.10.10.2/32,
received: 10.10.10.2/32 => match: 10.10.10.2/32
May 11 18:06:13 jodywhitesides charon: 15[CFG] selecting traffic
selectors for us:
May 11 18:06:13 jodywhitesides charon: 15[CFG]  config: 0.0.0.0/0,
received: 0.0.0.0/0 => match: 0.0.0.0/0
May 11 18:06:13 jodywhitesides charon: 15[CFG]  config: ::/0,
received: 0.0.0.0/0 => no match
May 11 18:06:13 jodywhitesides charon: 15[CFG] selecting proposal:
May 11 18:06:13 jodywhitesides charon: 15[CFG]   proposal matches
May 11 18:06:13 jodywhitesides charon: 15[CFG] received proposals:
ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ, ESP:3DES_CBC$
May 11 18:06:13 jodywhitesides charon: 15[CFG] configured proposals:
ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
May 11 18:06:13 jodywhitesides charon: 15[CFG] selected proposal:
ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
May 11 18:06:13 jodywhitesides charon: 15[ENC] generating QUICK_MODE
response 758508161 [ HASH SA No ID ID ]
May 11 18:06:13 jodywhitesides charon: 15[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350] (172 bytes)
May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 67.177.12.59[39350]
May 11 18:06:13 jodywhitesides kernel: [80847.650748] audit: type=1400
audit(1526083573.226:1033): apparmor="DENIED" operation="open"
profile="/usr/lib/ipsec/charon" name="/proc/6996/fd/" pid=6996
comm="charon" requested_mask="r" denied_mask$
May 11 18:06:13 jodywhitesides charon: 03[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500]
May 11 18:06:13 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:06:13 jodywhitesides charon: 11[NET] received packet: from
67.177.12.59[39350] to 138.68.251.157[4500] (60 bytes)
May 11 18:06:13 jodywhitesides charon: 11[ENC] parsed QUICK_MODE
request 758508161 [ HASH ]
May 11 18:06:13 jodywhitesides charon: 11[IKE] CHILD_SA ios{2}
established with SPIs c3cca129_i 0ca16f85_o and TS 0.0.0.0/0 ===
10.10.10.2/32
May 11 18:06:13 jodywhitesides vpn: + C=US, O=JW Server VPN,
CN=138.68.251.157 10.10.10.2/32 == 67.177.12.59 -- 138.68.251.157 ==
0.0.0.0/0
May 11 18:06:19 jodywhitesides dovecot: imap-login: Login:
user=<singleoftheday>, method=PLAIN, rip=67.177.12.59,
lip=138.68.251.157, mpid=7013, TLS, session=<nhykBfdroLxDsQw7>
May 11 18:06:19 jodywhitesides dovecot: imap-login: Login:
user=<dancindeeraudio>, method=PLAIN, rip=67.177.12.59,
lip=138.68.251.157, mpid=7014, TLS, session=<ewmkBfdrj7hDsQw7>
May 11 18:06:19 jodywhitesides dovecot: imap-login: Login:
user=<onrecords>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
mpid=7015, TLS, session=<Dg2kBfdr36xDsQw7>
May 11 18:06:19 jodywhitesides dovecot: imap-login: Login:
user=<musicteam>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
mpid=7016, TLS, session=<irWkBfdrXJ9DsQw7>
May 11 18:06:19 jodywhitesides dovecot: imap-login: Login:
user=<jody>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
mpid=7017, TLS, session=<GbakBfdr069DsQw7>
May 11 18:06:19 jodywhitesides dovecot: imap(singleoftheday): Logged
out in=38 out=489
May 11 18:06:19 jodywhitesides dovecot: imap(dancindeeraudio): Logged
out in=38 out=489
May 11 18:06:19 jodywhitesides dovecot: imap(onrecords): Logged out
in=38 out=489
May 11 18:06:19 jodywhitesides dovecot: imap(musicteam): Logged out
in=38 out=489
May 11 18:06:19 jodywhitesides dovecot: imap(jody): Logged out in=38
out=489
May 11 18:06:20 jodywhitesides dovecot: imap-login: Login:
user=<musicteam>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
mpid=7021, TLS, session=<HZKyBfdr36NDsQw7>
May 11 18:06:20 jodywhitesides dovecot: imap-login: Login:
user=<dancindeeraudio>, method=PLAIN, rip=67.177.12.59,
lip=138.68.251.157, mpid=7022, TLS, session=<Z4ayBfdr/6RDsQw7>
May 11 18:06:20 jodywhitesides dovecot: imap-login: Login:
user=<jody>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
mpid=7023, TLS, session=<fLOyBfdrZa5DsQw7>
May 11 18:06:23 jodywhitesides dovecot: imap-login: Login:
user=<dancindeeraudio>, method=PLAIN, rip=67.177.12.59,
lip=138.68.251.157, mpid=7025, TLS, session=<Gg3gBfdrKLBDsQw7>
May 11 18:06:23 jodywhitesides dovecot: imap-login: Login:
user=<jody>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
mpid=7027, TLS, session=<AkzrBfdrCJNDsQw7>
May 11 18:06:24 jodywhitesides dovecot: imap-login: Login:
user=<jody>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
mpid=7029, TLS, session=<Or32Bfdrp5JDsQw7>
May 11 18:06:24 jodywhitesides dovecot: imap(jody): Logged out in=175
out=2492
May 11 18:06:27 jodywhitesides dovecot: imap-login: Login:
user=<musicteam>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
mpid=7031, TLS, session=<FsgeBvdrEqpDsQw7>
May 11 18:06:59 jodywhitesides smtpd[4612]: 0493341bb221d75f smtp
event=closed reason=quit
May 11 18:07:00 jodywhitesides smtpd[4612]: 0493342f6be42ad9 mta
event=error reason=Connection timeout
May 11 18:07:00 jodywhitesides smtpd[4612]: smtp-out: Disabling route
[] <-> IPv6:2607:f8b0:400e:c06::1a (pj-in-x1a.1e100.net [1]) for 15s
May 11 18:07:13 jodywhitesides kernel: [80908.130642] [UFW BLOCK]
IN=eth0 OUT= MAC=42:61:97:8f:73:ac:30:7c:5e:93:1c:70:08:00
SRC=172.58.38.179 DST=138.68.251.157 LEN=876 TOS=0x00 PREC=0x00
TTL=241 ID=0 DF PROTO=UDP SPT=35828 DPT=500 LEN=856
May 11 18:07:13 jodywhitesides charon: 03[NET] received packet: from
172.58.38.179[35828] to 138.68.251.157[500]
May 11 18:07:13 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:07:13 jodywhitesides charon: 05[NET] received packet: from
172.58.38.179[35828] to 138.68.251.157[500] (848 bytes)
May 11 18:07:13 jodywhitesides charon: 05[ENC] parsed ID_PROT request
0 [ SA V V V V V V V V V V V V V V ]
May 11 18:07:13 jodywhitesides charon: 05[CFG] looking for an ike
config for 138.68.251.157...172.58.38.179
May 11 18:07:13 jodywhitesides charon: 05[CFG]   candidate:
%any,0.0.0.0/0,::/0...%any,0.0.0.0/0,::/0, prio 28
May 11 18:07:13 jodywhitesides charon: 05[CFG] found matching ike
config: %any,0.0.0.0/0,::/0...%any,0.0.0.0/0,::/0 with prio 28
May 11 18:07:13 jodywhitesides charon: 05[IKE] received NAT-T (RFC
3947) vendor ID
May 11 18:07:13 jodywhitesides charon: 05[IKE] received
draft-ietf-ipsec-nat-t-ike vendor ID
May 11 18:07:13 jodywhitesides charon: 05[IKE] received
draft-ietf-ipsec-nat-t-ike-08 vendor ID

May 11 18:07:13 jodywhitesides charon: 05[IKE] received XAuth vendor
ID
May 11 18:07:13 jodywhitesides charon: 05[IKE] received Cisco Unity
vendor ID
May 11 18:07:13 jodywhitesides charon: 05[IKE] received FRAGMENTATION
vendor ID
May 11 18:07:13 jodywhitesides charon: 05[IKE] received DPD vendor ID
May 11 18:07:13 jodywhitesides charon: 05[IKE] 172.58.38.179 is
initiating a Main Mode IKE_SA
May 11 18:07:13 jodywhitesides charon: 05[IKE] IKE_SA (unnamed)[3]
state change: CREATED => CONNECTING
May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
May 11 18:07:13 jodywhitesides charon: 05[CFG]   no acceptable
PSEUDO_RANDOM_FUNCTION found
May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
May 11 18:07:13 jodywhitesides charon: 05[CFG]   no acceptable
DIFFIE_HELLMAN_GROUP found
May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
May 11 18:07:13 jodywhitesides charon: 05[CFG]   no acceptable
PSEUDO_RANDOM_FUNCTION found
May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
May 11 18:07:13 jodywhitesides charon: 05[CFG]   no acceptable
PSEUDO_RANDOM_FUNCTION found
May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
May 11 18:07:13 jodywhitesides charon: 05[CFG]   no acceptable
PSEUDO_RANDOM_FUNCTION found
May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
May 11 18:07:13 jodywhitesides charon: 05[CFG]   no acceptable
DIFFIE_HELLMAN_GROUP found
May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
May 11 18:07:13 jodywhitesides charon: 05[CFG]   no acceptable
PSEUDO_RANDOM_FUNCTION found
May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
May 11 18:07:13 jodywhitesides charon: 05[CFG]   proposal matches
May 11 18:07:13 jodywhitesides charon: 05[CFG] received proposals:
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:A$
May 11 18:07:13 jodywhitesides charon: 05[CFG] configured proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
May 11 18:07:13 jodywhitesides charon: 05[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
May 11 18:07:13 jodywhitesides charon: 05[IKE] sending XAuth vendor ID
May 11 18:07:13 jodywhitesides charon: 05[IKE] sending DPD vendor ID
May 11 18:07:13 jodywhitesides charon: 05[IKE] sending FRAGMENTATION
vendor ID
May 11 18:07:13 jodywhitesides charon: 05[IKE] sending NAT-T (RFC
3947) vendor ID
May 11 18:07:13 jodywhitesides charon: 05[ENC] generating ID_PROT
response 0 [ SA V V V V ]
May 11 18:07:13 jodywhitesides charon: 05[NET] sending packet: from
138.68.251.157[500] to 172.58.38.179[35828] (160 bytes)
May 11 18:07:13 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[500] to 172.58.38.179[35828]
May 11 18:07:13 jodywhitesides charon: 03[NET] received packet: from
172.58.38.179[35828] to 138.68.251.157[500]
May 11 18:07:13 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:07:13 jodywhitesides charon: 09[NET] received packet: from
172.58.38.179[35828] to 138.68.251.157[500] (228 bytes)
May 11 18:07:13 jodywhitesides charon: 09[ENC] parsed ID_PROT request
0 [ KE No NAT-D NAT-D ]
May 11 18:07:13 jodywhitesides charon: 09[IKE] local host is behind
NAT, sending keep alives
May 11 18:07:13 jodywhitesides charon: 09[IKE] remote host is behind
NAT
May 11 18:07:13 jodywhitesides charon: 09[IKE] sending cert request
for "C=US, O=JW Server VPN, CN=138.68.251.157 Root CA"
May 11 18:07:13 jodywhitesides charon: 09[ENC] generating ID_PROT
response 0 [ KE No CERTREQ NAT-D NAT-D ]
May 11 18:07:13 jodywhitesides charon: 09[NET] sending packet: from
138.68.251.157[500] to 172.58.38.179[35828] (321 bytes)
May 11 18:07:13 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[500] to 172.58.38.179[35828]
May 11 18:07:14 jodywhitesides kernel: [80908.690917] [UFW BLOCK]
IN=eth0 OUT= MAC=42:61:97:8f:73:ac:30:7c:5e:91:9c:30:08:00
SRC=172.58.38.179 DST=138.68.251.157 LEN=1312 TOS=0x00 PREC=0x00
TTL=241 ID=0 DF PROTO=UDP SPT=47188 DPT=4500 LEN=12$
May 11 18:07:14 jodywhitesides kernel: [80908.692123] [UFW BLOCK]
IN=eth0 OUT= MAC=42:61:97:8f:73:ac:30:7c:5e:91:9c:30:08:00
SRC=172.58.38.179 DST=138.68.251.157 LEN=836 TOS=0x00 PREC=0x00 TTL=54
ID=0 PROTO=UDP SPT=47188 DPT=4500 LEN=816
May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500]
May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:07:14 jodywhitesides charon: 10[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500] (1280 bytes)
May 11 18:07:14 jodywhitesides charon: 10[ENC] parsed ID_PROT request
0 [ FRAG(1) ]
May 11 18:07:14 jodywhitesides charon: 10[ENC] received fragment #1,
waiting for complete IKE message
May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500]
May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:07:14 jodywhitesides charon: 13[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500] (804 bytes)
May 11 18:07:14 jodywhitesides charon: 13[ENC] parsed ID_PROT request
0 [ FRAG(2/2) ]
May 11 18:07:14 jodywhitesides charon: 13[ENC] received fragment #2,
reassembling fragmented IKE message
May 11 18:07:14 jodywhitesides charon: 13[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500] (2012 bytes)
May 11 18:07:14 jodywhitesides charon: 13[ENC] parsed ID_PROT request
0 [ ID CERT SIG CERTREQ N(INITIAL_CONTACT) ]
May 11 18:07:14 jodywhitesides charon: 13[IKE] ignoring certificate
request without data
May 11 18:07:14 jodywhitesides charon: 13[IKE] received end entity
cert "C=US, O=JW Server VPN, CN=138.68.251.157"
May 11 18:07:14 jodywhitesides charon: 13[CFG] looking for
XAuthInitRSA peer configs matching
138.68.251.157...172.58.38.179[C=US, O=JW Server VPN,
CN=138.68.251.157]
May 11 18:07:14 jodywhitesides charon: 13[CFG]   candidate "ios",
match: 1/20/28 (me/other/ike)
May 11 18:07:14 jodywhitesides charon: 13[CFG] selected peer config
"ios"
May 11 18:07:14 jodywhitesides charon: 13[CFG]   certificate "C=US,
O=JW Server VPN, CN=138.68.251.157" key: 4096 bit RSA
May 11 18:07:14 jodywhitesides charon: 13[CFG]   using trusted ca
certificate "C=US, O=JW Server VPN, CN=138.68.251.157 Root CA"
May 11 18:07:14 jodywhitesides charon: 13[CFG] checking certificate
status of "C=US, O=JW Server VPN, CN=138.68.251.157"
May 11 18:07:14 jodywhitesides charon: 13[CFG] ocsp check skipped, no
ocsp found
May 11 18:07:14 jodywhitesides charon: 13[CFG] certificate status is
not available
May 11 18:07:14 jodywhitesides charon: 13[CFG]   certificate "C=US,
O=JW Server VPN, CN=138.68.251.157 Root CA" key: 4096 bit RSA
May 11 18:07:14 jodywhitesides charon: 13[CFG]   reached self-signed
root ca with a path length of 0
May 11 18:07:14 jodywhitesides charon: 13[CFG]   using trusted
certificate "C=US, O=JW Server VPN, CN=138.68.251.157"
May 11 18:07:14 jodywhitesides charon: 13[IKE] authentication of
'C=US, O=JW Server VPN, CN=138.68.251.157' with RSA_EMSA_PKCS1_NULL
successful
May 11 18:07:14 jodywhitesides charon: 13[IKE] authentication of
'138.68.251.157' (myself) successful
May 11 18:07:14 jodywhitesides charon: 13[IKE] queueing XAUTH task
May 11 18:07:14 jodywhitesides charon: 13[IKE] sending end entity cert
"C=US, O=JW Server VPN, CN=138.68.251.157"
May 11 18:07:14 jodywhitesides charon: 13[ENC] generating ID_PROT
response 0 [ ID CERT SIG ]
May 11 18:07:14 jodywhitesides charon: 13[ENC] splitting IKE message
with length of 1948 bytes into 2 fragments
May 11 18:07:14 jodywhitesides charon: 13[ENC] generating ID_PROT
response 0 [ FRAG(1) ]
May 11 18:07:14 jodywhitesides charon: 13[ENC] generating ID_PROT
response 0 [ FRAG(2/2) ]
May 11 18:07:14 jodywhitesides charon: 13[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188] (1248 bytes)
May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188]
May 11 18:07:14 jodywhitesides charon: 13[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188] (772 bytes)
May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188]
May 11 18:07:14 jodywhitesides charon: 13[IKE] activating new tasks
May 11 18:07:14 jodywhitesides charon: 13[IKE]   activating XAUTH task
May 11 18:07:14 jodywhitesides charon: 13[ENC] generating TRANSACTION
request 2660659739 [ HASH CPRQ(X_USER X_PWD) ]
May 11 18:07:14 jodywhitesides charon: 13[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188] (76 bytes)
May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188]
May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500]
May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:07:14 jodywhitesides charon: 15[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500] (108 bytes)
May 11 18:07:14 jodywhitesides charon: 15[ENC] parsed TRANSACTION
response 2660659739 [ HASH CPRP(X_USER X_PWD) ]
May 11 18:07:14 jodywhitesides charon: 15[IKE] XAuth authentication of
'JodyiPhone' successful
May 11 18:07:14 jodywhitesides charon: 15[IKE] reinitiating already
active tasks
May 11 18:07:14 jodywhitesides charon: 15[IKE]   XAUTH task
May 11 18:07:14 jodywhitesides charon: 15[ENC] generating TRANSACTION
request 867263320 [ HASH CPS(X_STATUS) ]
May 11 18:07:14 jodywhitesides charon: 15[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188] (76 bytes)
May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188]
May 11 18:07:14 jodywhitesides kernel: [80908.978366] audit: type=1400
audit(1526083634.554:1034): apparmor="DENIED" operation="open"
profile="/usr/lib/ipsec/charon" name="/proc/7035/fd/" pid=7035
comm="charon" requested_mask="r" denied_mask$
May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500]
May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
sockets

May 11 18:07:14 jodywhitesides vpn: - C=US, O=JW Server VPN,
CN=138.68.251.157 10.10.10.2/32 == 67.177.12.59 -- 138.68.251.157 ==
0.0.0.0/0
May 11 18:07:14 jodywhitesides charon: 14[IKE] IKE_SA ios[2] state
change: ESTABLISHED => DESTROYING
May 11 18:07:14 jodywhitesides charon: 14[CFG] lease 10.10.10.2 by
'JodyiPhone' went offline
May 11 18:07:14 jodywhitesides charon: 16[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500] (140 bytes)
May 11 18:07:14 jodywhitesides charon: 16[ENC] unknown attribute type
(28683)
May 11 18:07:14 jodywhitesides charon: 16[ENC] parsed TRANSACTION
request 739233501 [ HASH CPRQ(ADDR MASK DNS NBNS EXP VER U_BANNER
U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN U_PFS U_SAVEPWD U_FWTYPE
U_BKPSRV (28683)) ]
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
INTERNAL_IP4_ADDRESS attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
INTERNAL_IP4_NETMASK attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
INTERNAL_IP4_DNS attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
INTERNAL_IP4_NBNS attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
INTERNAL_ADDRESS_EXPIRY attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
APPLICATION_VERSION attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing UNITY_BANNER
attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
UNITY_DEF_DOMAIN attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
UNITY_SPLITDNS_NAME attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
UNITY_SPLIT_INCLUDE attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
UNITY_LOCAL_LAN attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing UNITY_PFS
attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
UNITY_SAVE_PASSWD attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
UNITY_FW_TYPE attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
UNITY_BACKUP_SERVERS attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] processing (28683)
attribute
May 11 18:07:14 jodywhitesides charon: 16[IKE] peer requested virtual
IP %any
May 11 18:07:14 jodywhitesides charon: 16[CFG] reassigning offline
lease to 'JodyiPhone'
May 11 18:07:14 jodywhitesides charon: 16[IKE] assigning virtual IP
10.10.10.2 to peer 'JodyiPhone'
May 11 18:07:14 jodywhitesides charon: 16[ENC] generating TRANSACTION
response 739233501 [ HASH CPRP(ADDR DNS DNS DNS DNS DNS DNS6 DNS6) ]
May 11 18:07:14 jodywhitesides charon: 16[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188] (156 bytes)
May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188]
May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500]
May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:07:14 jodywhitesides charon: 08[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500] (300 bytes)
May 11 18:07:14 jodywhitesides charon: 08[ENC] parsed QUICK_MODE
request 547495620 [ HASH SA No ID ID ]
May 11 18:07:14 jodywhitesides charon: 08[CFG] looking for a child
config for 0.0.0.0/0 === 10.10.10.2/32
May 11 18:07:14 jodywhitesides charon: 08[CFG] proposing traffic
selectors for us:
May 11 18:07:14 jodywhitesides charon: 08[CFG]  0.0.0.0/0
May 11 18:07:14 jodywhitesides charon: 08[CFG]  ::/0
May 11 18:07:14 jodywhitesides charon: 08[CFG] proposing traffic
selectors for other:
May 11 18:07:14 jodywhitesides charon: 08[CFG]  10.10.10.2/32
May 11 18:07:14 jodywhitesides charon: 08[CFG]   candidate "ios" with
prio 5+5
May 11 18:07:14 jodywhitesides charon: 08[CFG] found matching child
config "ios" with prio 10
May 11 18:07:14 jodywhitesides charon: 08[CFG] selecting traffic
selectors for other:
May 11 18:07:14 jodywhitesides charon: 08[CFG]  config: 10.10.10.2/32,
received: 10.10.10.2/32 => match: 10.10.10.2/32
May 11 18:07:14 jodywhitesides charon: 08[CFG] selecting traffic
selectors for us:
May 11 18:07:14 jodywhitesides charon: 08[CFG]  config: 0.0.0.0/0,
received: 0.0.0.0/0 => match: 0.0.0.0/0
May 11 18:07:14 jodywhitesides charon: 08[CFG]  config: ::/0,
received: 0.0.0.0/0 => no match
May 11 18:07:14 jodywhitesides charon: 08[CFG] selecting proposal:
May 11 18:07:14 jodywhitesides charon: 08[CFG]   proposal matches
May 11 18:07:14 jodywhitesides charon: 08[CFG] received proposals:
ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ, ESP:3DES_CBC$
May 11 18:07:14 jodywhitesides charon: 08[CFG] configured proposals:
ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
May 11 18:07:14 jodywhitesides charon: 08[CFG] selected proposal:
ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
May 11 18:07:14 jodywhitesides charon: 08[ENC] generating QUICK_MODE
response 547495620 [ HASH SA No ID ID ]
May 11 18:07:14 jodywhitesides charon: 08[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188] (172 bytes)
May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188]
May 11 18:07:14 jodywhitesides kernel: [80909.378854] audit: type=1400
audit(1526083634.954:1035): apparmor="DENIED" operation="open"
profile="/usr/lib/ipsec/charon" name="/proc/7046/fd/" pid=7046
comm="charon" requested_mask="r" denied_mask$
May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500]
May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:07:14 jodywhitesides charon: 07[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500] (60 bytes)
May 11 18:07:14 jodywhitesides charon: 07[ENC] parsed QUICK_MODE
request 547495620 [ HASH ]
May 11 18:07:14 jodywhitesides charon: 07[IKE] CHILD_SA ios{3}
established with SPIs ca4b4cf3_i 0e8240c6_o and TS 0.0.0.0/0 ===
10.10.10.2/32
May 11 18:07:14 jodywhitesides vpn: + C=US, O=JW Server VPN,
CN=138.68.251.157 10.10.10.2/32 == 172.58.38.179 -- 138.68.251.157 ==
0.0.0.0/0
May 11 18:07:15 jodywhitesides smtpd[4612]: smtp-out: Enabling route
[] <-> IPv6:2607:f8b0:400e:c06::1a (pj-in-x1a.1e100.net [1])
May 11 18:07:19 jodywhitesides dovecot: imap-login: Login:
user=<onrecords>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
mpid=7062, TLS, session=<SCg5Cfdr5plDsQw7>
May 11 18:07:19 jodywhitesides dovecot: imap-login: Login:
user=<dancindeeraudio>, method=PLAIN, rip=67.177.12.59,
lip=138.68.251.157, mpid=7063, TLS, session=<sk85Cfdrx75DsQw7>
May 11 18:07:19 jodywhitesides dovecot: imap-login: Login:
user=<musicteam>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
mpid=7064, TLS, session=<LFA5CfdrvKZDsQw7>
May 11 18:07:19 jodywhitesides dovecot: imap-login: Login:
user=<jody>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
mpid=7065, TLS, session=<XM85Cfdr1qlDsQw7>
May 11 18:07:19 jodywhitesides dovecot: imap-login: Login:
user=<singleoftheday>, method=PLAIN, rip=67.177.12.59,
lip=138.68.251.157, mpid=7066, TLS, session=<h2s6CfdrCL9DsQw7>
May 11 18:07:19 jodywhitesides dovecot: imap(onrecords): Logged out
in=38 out=489
May 11 18:07:19 jodywhitesides dovecot: imap(dancindeeraudio): Logged
out in=38 out=489
May 11 18:07:19 jodywhitesides dovecot: imap(musicteam): Logged out
in=38 out=489
May 11 18:07:19 jodywhitesides dovecot: imap(jody): Logged out in=38
out=489
May 11 18:07:19 jodywhitesides dovecot: imap(singleoftheday): Logged
out in=38 out=489
May 11 18:08:11 jodywhitesides charon: 11[IKE] sending keep alive to
172.58.38.179[47188]
May 11 18:08:11 jodywhitesides charon: 04[NET] sending packet: from
138.68.251.157[4500] to 172.58.38.179[47188]
May 11 18:08:13 jodywhitesides charon: 03[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500]
May 11 18:08:13 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:08:13 jodywhitesides charon: 03[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500]
May 11 18:08:13 jodywhitesides charon: 03[NET] waiting for data on
sockets
May 11 18:08:13 jodywhitesides charon: 08[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500] (76 bytes)
May 11 18:08:13 jodywhitesides charon: 08[ENC] parsed INFORMATIONAL_V1
request 1401124821 [ HASH D ]
May 11 18:08:13 jodywhitesides charon: 08[IKE] received DELETE for ESP
CHILD_SA with SPI 0e8240c6
May 11 18:08:13 jodywhitesides charon: 08[IKE] closing CHILD_SA ios{3}
with SPIs ca4b4cf3_i (39562 bytes) 0e8240c6_o (72023 bytes) and TS
0.0.0.0/0 === 10.10.10.2/32
May 11 18:08:13 jodywhitesides kernel: [80968.117023] audit: type=1400
audit(1526083693.693:1036): apparmor="DENIED" operation="open"
profile="/usr/lib/ipsec/charon" name="/proc/7076/fd/" pid=7076
comm="charon" requested_mask="r" denied_mask$
May 11 18:08:13 jodywhitesides vpn: - C=US, O=JW Server VPN,
CN=138.68.251.157 10.10.10.2/32 == 172.58.38.179 -- 138.68.251.157 ==
0.0.0.0/0
May 11 18:08:13 jodywhitesides charon: 05[NET] received packet: from
172.58.38.179[47188] to 138.68.251.157[4500] (92 bytes)
May 11 18:08:13 jodywhitesides charon: 05[ENC] parsed INFORMATIONAL_V1
request 2091759899 [ HASH D ]
May 11 18:08:13 jodywhitesides charon: 05[IKE] received DELETE for
IKE_SA ios[3]
May 11 18:08:13 jodywhitesides charon: 05[IKE] deleting IKE_SA ios[3]
between 138.68.251.157[138.68.251.157]...172.58.38.179[C=US, O=JW
Server VPN, CN=138.68.251.157]
May 11 18:08:13 jodywhitesides charon: 05[IKE] IKE_SA ios[3] state
change: ESTABLISHED => DELETING
May 11 18:08:13 jodywhitesides charon: 05[IKE] IKE_SA ios[3] state
change: DELETING => DELETING
May 11 18:08:13 jodywhitesides charon: 05[IKE] IKE_SA ios[3] state
change: DELETING => DESTROYING

Jody

On May 11, 2018, at 5:26 PM, Jafar Al-Gharaibeh <ja...@atcorp.com>
wrote:

Jody,
It is really hard to guess what the problem is without
information/logs.
In most situations where I had this issue (OK on WiFi but not OK
on cell) it turned out to be MTU related.
I am almost certain that the problem you are seeing is caused by
broken PMTU.
See the references below for some insight and possible solutions.

Regards,
Jafar

[1]

https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues

[2]

https://www.zeitgeist.se/2013/11/26/mtu-woes-in-ipsec-tunnels-how-to-fix/

[3] https://wiki.strongswan.org/issues/1025
[4]  https://wiki.strongswan.org/issues/632#note-14

On 5/11/2018 5:21 PM, Jody Whitesides wrote:

I have a working VPN that can connect to the internet at large.
That when a device is connected via WIFI it can also connect to
email and websites hosted on the same server as the VPN. However,
when a device is connected via a cellular connection to the VPN,
it can connect to the internet at large, but cannot connect to
email and websites on the same server.

Can anyone explain why this would occur? What is the difference
between a wild WIFI connection and a mobile cellular connection
that would cause the VPN to react differently to its host server?

Thank you,
Jody




Links:
------
[1] http://pj-in-x1a.1e100.net

Re: [strongSwan] Can anyone explain VPN oddity

Reply via email to