Looks like the connection is "almost there" but gets blocked by your firewall (UFW)
Very end of your log: Feb 19 02:10:01 VM-e2b7 charon: 11[NET] sending packet: from 102.1*9.2**.***[4500] to 154.77.***.**[4500] (772 bytes) Feb 19 02:10:01 VM-e2b7 kernel: [ 2543.189073] [UFW BLOCK] IN=ens3 OUT= MAC=06:97:9c:00:00:8f:00:1d:b5:c0:a7:c0:08:00 SRC=154.77.***.** DST=102.1*9.2**.*** LEN=52 TOS=0x10 PREC=0x20 TTL=116 ID=27223 DF PROTO=TCP SPT=54229 DPT=443 WINDOW=17520 RES=0x00 SYN URGP=0 Feb 19 02:10:30 VM-e2b7 charon: 14[JOB] deleting half open IKE_SA with 154.77.***.** after timeout 1 - 02:10:01 - strongSwan sends a packet to client 3 - 02:10:30 - there is no response from client in 30 seconds, the SA is deleted 2 - 02:10:01 - something coming from client IP and going to server IP was blocked by the firewall FWIW, these are my UFW rules on the strongSwan server: ufw allow in from 89.0.0.1 proto gre ufw allow in from 89.0.0.1 proto ah ufw allow in from 89.0.0.1 proto esp ufw allow in proto udp from 89.0.0.1 port 500 ufw allow in proto udp from 89.0.0.1 port 4500 where 89.0.0.1 is the client's address. My tunnel is for GRE, not sure if yours is - if not you won't need the "proto gre" rule but I think you'll need another rule to allow *your* traffic. You could also try a "broad" rule allowing anything and everything from the client's IP (and tighten it later): ufw allow in from client_ip_here -- Kostya Vasilyev [email protected] On Tue, Feb 19, 2019, at 2:43 AM, MOSES KARIUKI wrote: > Dear Team, > > I have been having long days trying to configure Strongswan on Ubuntu 18.04. > I am not able to connect to the VPN from Windows 10 client, after following > the instructions on this link : > https://www.digitalocean.com/community/tutorials/how-to-set-up-an-ikev2-vpn-server-with-strongswan-on-ubuntu-18-04-2 > and setting up windows for modp_2048 following these instructions here : > https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048 > > See below my settings > > **ipsec statusall** > Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-45-generic, > x86_64): > uptime: 45 minutes, since Feb 19 01:27:59 2019 > malloc: sbrk 2568192, mmap 0, used 664784, free 1903408 > worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, > scheduled: 0 > loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce > x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey > pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve > socket-default connmark stroke updown eap-mschapv2 xauth-generic counters > Virtual IP pools (size/online/offline): > 10.10.10.0/24: 254/0/0 > Listening IP addresses: > 102.1*9.2**.*** > Connections: > ikev2-vpn: %any...%any IKEv2, dpddelay=300s > ikev2-vpn: local: [102.1*9.2**.***] uses public key authentication > ikev2-vpn: cert: "CN=102.1*9.2**.***" > ikev2-vpn: remote: uses EAP_MSCHAPV2 authentication with EAP identity > '%any' > ikev2-vpn: child: 0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear > Security Associations (0 up, 0 connecting): > none > > **vi /etc/ipsec.conf** > config setup > charondebug="ike 1, knl 1, cfg 2" > uniqueids=no > > conn ikev2-vpn > auto=add > compress=no > type=tunnel > keyexchange=ikev2 > fragmentation=yes > forceencaps=yes > dpdaction=clear > dpddelay=300s > rekey=no > left=%any > leftid=102.1*9.2**.*** > leftcert=server-cert.pem > leftsendcert=always > leftsubnet=0.0.0.0/0 > right=%any > rightid=%any > rightauth=eap-mschapv2 > rightsourceip=10.10.10.0/24 > rightdns=8.8.8.8,8.8.4.4 > rightsendcert=never > eap_identity=%identity > > ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024,aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048 > > esp=aes256-sha256,aes256-sha1,3des-sha1,aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048 > > Below is the log : > > Feb 19 02:10:00 VM-e2b7 charon: 07[NET] received packet: from > 154.77.***.**[500] to 102.1*9.2**.***[500] (632 bytes) > Feb 19 02:10:00 VM-e2b7 charon: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE > No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 11[CFG] configured proposals: > IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, > IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, > .... > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 11[CFG] selected proposal: > IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 11[IKE] remote host is behind NAT > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 11[ENC] generating IKE_SA_INIT response > 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 11[NET] sending packet: from > 102.1*9.2**.***[500] to 154.77.***.**[500] (448 bytes) > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[NET] received packet: from > 154.77.***.**[4500] to 102.1*9.2**.***[4500] (580 bytes) > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[ENC] parsed IKE_AUTH request 1 [ > EF(1/3) ] > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[ENC] received fragment #1 of 3, > waiting for complete IKE message > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[NET] received packet: from > 154.77.***.**[4500] to 102.1*9.2**.***[4500] (532 bytes) > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[ENC] parsed IKE_AUTH request 1 [ > EF(3/3) ] > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[ENC] received fragment #3 of 3, > waiting for complete IKE message > Feb 19 02:10:00 VM-e2b7 charon: 07[CFG] looking for an ike config for > 102.1*9.2**.***...154.77.***.** > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[NET] received packet: from > 154.77.***.**[4500] to 102.1*9.2**.***[4500] (580 bytes) > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[ENC] parsed IKE_AUTH request 1 [ > EF(2/3) ] > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[ENC] received fragment #2 of 3, > reassembling fragmented IKE message > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[ENC] parsed IKE_AUTH request 1 [ IDi > CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[IKE] received 53 cert requests for an > unknown ca > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[CFG] looking for peer configs > matching 102.1*9.2**.***[%any]...154.77.***.**[192.168.43.156] > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[CFG] candidate "ikev2-vpn", match: > 1/1/28 (me/other/ike) > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[CFG] selected peer config 'ikev2-vpn' > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[IKE] EAP-Identity request configured, > but not supported > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[IKE] initiating EAP_MSCHAPV2 method > (id 0x81) > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[IKE] peer supports MOBIKE > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[IKE] authentication of > '102.1*9.2**.***' (myself) with RSA signature successful > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[IKE] sending end entity cert > "CN=102.1*9.2**.***" > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[ENC] generating IKE_AUTH response 1 [ > IDr CERT AUTH EAP/REQ/MSCHAPV2 ] > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[ENC] splitting IKE message with > length of 1936 bytes into 2 fragments > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[ENC] generating IKE_AUTH response 1 [ > EF(1/2) ] > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[ENC] generating IKE_AUTH response 1 [ > EF(2/2) ] > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[NET] sending packet: from > 102.1*9.2**.***[4500] to 154.77.***.**[4500] (1236 bytes) > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 12[NET] sending packet: from > 102.1*9.2**.***[4500] to 154.77.***.**[4500] (772 bytes) > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 15[JOB] deleting half open IKE_SA with > 154.77.***.** after timeout > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 06[CFG] proposing traffic selectors for > us: > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 06[CFG] 0.0.0.0/0 > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 06[CFG] proposing traffic selectors for > other: > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 06[CFG] dynamic > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 05[CFG] proposing traffic selectors for > us: > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 05[CFG] 0.0.0.0/0 > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 05[CFG] proposing traffic selectors for > other: > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 05[CFG] dynamic > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 07[NET] received packet: from > 154.77.***.**[500] to 102.1*9.2**.***[500] (632 bytes) > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 07[ENC] parsed IKE_SA_INIT request 0 [ > SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 07[CFG] looking for an ike config for > 102.1*9.2**.***...154.77.***.** > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 07[CFG] candidate: %any...%any, prio 28 > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 07[CFG] found matching ike config: > %any...%any with prio 28 > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 07[IKE] received MS NT5 ISAKMPOAKLEY v9 > vendor ID > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 07[IKE] received MS-Negotiation > Discovery Capable vendor ID > Feb 19 02:10:00 VM-e2b7 charon: 07[CFG] candidate: %any...%any, prio 28 > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 07[IKE] received Vid-Initial-Contact > vendor ID > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 07[ENC] received unknown vendor ID: > 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 07[IKE] 154.77.***.** is initiating an > IKE_SA > Feb 19 02:10:00 VM-e2b7 ipsec[1011]: 07[CFG] selecting proposal: > Feb 19 02:10:00 VM-e2b7 charon: 07[CFG] found matching ike config: > %any...%any with prio 28 > Feb 19 02:10:00 VM-e2b7 charon: 07[IKE] received MS NT5 ISAKMPOAKLEY v9 > vendor ID > Feb 19 02:10:00 VM-e2b7 charon: 07[IKE] received MS-Negotiation Discovery > Capable vendor ID > Feb 19 02:10:00 VM-e2b7 charon: 07[IKE] received Vid-Initial-Contact vendor ID > Feb 19 02:10:00 VM-e2b7 charon: 07[ENC] received unknown vendor ID: > 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 > Feb 19 02:10:00 VM-e2b7 charon: 07[IKE] 154.77.***.** is initiating an IKE_SA > Feb 19 02:10:00 VM-e2b7 charon: 07[CFG] selecting proposal: > Feb 19 02:10:00 VM-e2b7 charon: 07[CFG] selecting proposal: > Feb 19 02:10:00 VM-e2b7 charon: 07[CFG] proposal matches > Feb 19 02:10:00 VM-e2b7 charon: 07[CFG] received proposals: > IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, > IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, > IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048 > Feb 19 02:10:00 VM-e2b7 charon: 07[CFG] configured proposals: > IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, > IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, > IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/ > HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, > IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, > IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, > IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 > Feb 19 02:10:00 VM-e2b7 charon: 07[CFG] selected proposal: > IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 > Feb 19 02:10:00 VM-e2b7 charon: 07[IKE] remote host is behind NAT > Feb 19 02:10:00 VM-e2b7 charon: 07[ENC] generating IKE_SA_INIT response 0 [ > SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] > Feb 19 02:10:00 VM-e2b7 charon: 07[NET] sending packet: from > 102.1*9.2**.***[500] to 154.77.***.**[500] (448 bytes) > Feb 19 02:10:00 VM-e2b7 charon: 09[NET] received packet: from > 154.77.***.**[4500] to 102.1*9.2**.***[4500] (580 bytes) > Feb 19 02:10:00 VM-e2b7 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/3) ] > Feb 19 02:10:00 VM-e2b7 charon: 09[ENC] received fragment #1 of 3, waiting > for complete IKE message > Feb 19 02:10:00 VM-e2b7 charon: 10[NET] received packet: from > 154.77.***.**[4500] to 102.1*9.2**.***[4500] (580 bytes) > Feb 19 02:10:00 VM-e2b7 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/3) ] > Feb 19 02:10:00 VM-e2b7 charon: 10[ENC] received fragment #2 of 3, waiting > for complete IKE message > Feb 19 02:10:01 VM-e2b7 charon: 11[NET] received packet: from > 154.77.***.**[4500] to 102.1*9.2**.***[4500] (532 bytes) > Feb 19 02:10:01 VM-e2b7 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(3/3) ] > Feb 19 02:10:01 VM-e2b7 charon: 11[ENC] received fragment #3 of 3, > reassembling fragmented IKE message > Feb 19 02:10:01 VM-e2b7 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi > CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] > Feb 19 02:10:01 VM-e2b7 charon: 11[IKE] received 53 cert requests for an > unknown ca > Feb 19 02:10:01 VM-e2b7 charon: 11[CFG] looking for peer configs matching > 102.1*9.2**.***[%any]...154.77.***.**[192.168.43.156] > Feb 19 02:10:01 VM-e2b7 charon: 11[CFG] candidate "ikev2-vpn", match: > 1/1/28 (me/other/ike) > Feb 19 02:10:01 VM-e2b7 charon: 11[CFG] selected peer config 'ikev2-vpn' > Feb 19 02:10:01 VM-e2b7 charon: 11[IKE] EAP-Identity request configured, but > not supported > Feb 19 02:10:01 VM-e2b7 charon: 11[IKE] initiating EAP_MSCHAPV2 method (id > 0x64) > Feb 19 02:10:01 VM-e2b7 charon: 11[IKE] peer supports MOBIKE > Feb 19 02:10:01 VM-e2b7 charon: 11[IKE] authentication of '102.1*9.2**.***' > (myself) with RSA signature successful > Feb 19 02:10:01 VM-e2b7 charon: 11[IKE] sending end entity cert > "CN=102.1*9.2**.***" > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 07[CFG] received proposals: > IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, > IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, > IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048 > Feb 19 02:10:01 VM-e2b7 charon: 11[ENC] generating IKE_AUTH response 1 [ IDr > CERT AUTH EAP/REQ/MSCHAPV2 ] > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 07[CFG] configured proposals: > IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024... > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 07[CFG] selected proposal: > IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 07[IKE] remote host is behind NAT > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 07[ENC] generating IKE_SA_INIT response > 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 07[NET] sending packet: from > 102.1*9.2**.***[500] to 154.77.***.**[500] (448 bytes) > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 09[NET] received packet: from > 154.77.***.**[4500] to 102.1*9.2**.***[4500] (580 bytes) > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 09[ENC] parsed IKE_AUTH request 1 [ > EF(1/3) ] > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 09[ENC] received fragment #1 of 3, > waiting for complete IKE message > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 10[NET] received packet: from > 154.77.***.**[4500] to 102.1*9.2**.***[4500] (580 bytes) > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 10[ENC] parsed IKE_AUTH request 1 [ > EF(2/3) ] > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 10[ENC] received fragment #2 of 3, > waiting for complete IKE message > Feb 19 02:10:01 VM-e2b7 charon: 11[ENC] splitting IKE message with length of > 1936 bytes into 2 fragments > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[NET] received packet: from > 154.77.***.**[4500] to 102.1*9.2**.***[4500] (532 bytes) > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[ENC] parsed IKE_AUTH request 1 [ > EF(3/3) ] > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[ENC] received fragment #3 of 3, > reassembling fragmented IKE message > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[ENC] parsed IKE_AUTH request 1 [ IDi > CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[IKE] received 53 cert requests for an > unknown ca > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[CFG] looking for peer configs > matching 102.1*9.2**.***[%any]...154.77.***.**[192.168.43.156] > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[CFG] candidate "ikev2-vpn", match: > 1/1/28 (me/other/ike) > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[CFG] selected peer config 'ikev2-vpn' > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[IKE] EAP-Identity request configured, > but not supported > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[IKE] initiating EAP_MSCHAPV2 method > (id 0x64) > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[IKE] peer supports MOBIKE > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[IKE] authentication of > '102.1*9.2**.***' (myself) with RSA signature successful > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[IKE] sending end entity cert > "CN=102.1*9.2**.***" > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[ENC] generating IKE_AUTH response 1 [ > IDr CERT AUTH EAP/REQ/MSCHAPV2 ] > Feb 19 02:10:01 VM-e2b7 ipsec[1011]: 11[ENC] splitting IKE message with > length of 1936 bytes into 2 fragments > Feb 19 02:10:01 VM-e2b7 charon: 11[ENC] generating IKE_AUTH response 1 [ > EF(1/2) ] > Feb 19 02:10:01 VM-e2b7 charon: 11[ENC] generating IKE_AUTH response 1 [ > EF(2/2) ] > Feb 19 02:10:01 VM-e2b7 charon: 11[NET] sending packet: from > 102.1*9.2**.***[4500] to 154.77.***.**[4500] (1236 bytes) > Feb 19 02:10:01 VM-e2b7 charon: 11[NET] sending packet: from > 102.1*9.2**.***[4500] to 154.77.***.**[4500] (772 bytes) > Feb 19 02:10:01 VM-e2b7 kernel: [ 2543.189073] [UFW BLOCK] IN=ens3 OUT= > MAC=06:97:9c:00:00:8f:00:1d:b5:c0:a7:c0:08:00 SRC=154.77.***.** > DST=102.1*9.2**.*** LEN=52 TOS=0x10 PREC=0x20 TTL=116 ID=27223 DF PROTO=TCP > SPT=54229 DPT=443 WINDOW=17520 RES=0x00 SYN URGP=0 > Feb 19 02:10:30 VM-e2b7 charon: 14[JOB] deleting half open IKE_SA with > 154.77.***.** after timeout > Feb 19 02:13:28 VM-e2b7 charon: 13[CFG] proposing traffic selectors for us: > Feb 19 02:13:28 VM-e2b7 charon: 13[CFG] 0.0.0.0/0 > Feb 19 02:13:28 VM-e2b7 charon: 13[CFG] proposing traffic selectors for other: > Feb 19 02:13:28 VM-e2b7 charon: 13[CFG] dynamic > > Please assist with this. I am almost there. > > Thanks in advance. > > regards, > Moses K
