Hi, Do an ipconfig /all in windows and check that you have an 10.10.10.0/24 IP in the output.
On Tue, Apr 2, 2019 at 6:03 AM Houman <hou...@gmail.com> wrote: > Hey guys, > > I wonder if this email went through and someone has an idea why this is > happening. > > Many Thanks, > Houman > > On Fri, 29 Mar 2019 at 17:04, Houman <hou...@gmail.com> wrote: > >> Hello, >> >> Please help me with this, as I'm completely stuck. >> >> Windows 10 can connect to my StrongSwan server. But the IP address >> doesn't change to the VPN. It still shows the local IP address. Accordingly >> blocked websites remain blocked. >> >> config setup >> strictcrlpolicy=yes >> uniqueids=never >> conn roadwarrior >> auto=add >> compress=no >> type=tunnel >> keyexchange=ikev2 >> fragmentation=yes >> forceencaps=yes >> ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384 >> esp=aes256-sha1,3des-sha1! >> dpdaction=clear >> dpddelay=180s >> rekey=no >> left=%any >> leftid=@vpn-1.domain.net >> leftcert=cert.pem >> leftsendcert=always >> leftsubnet=0.0.0.0/0 >> right=%any >> rightid=%any >> rightauth=eap-radius >> eap_identity=%any >> rightdns=208.67.222.222,208.67.220.220 >> rightsourceip=10.10.10.0/24 >> rightsendcert=never >> >> >> Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from >> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA >> KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 >> vendor ID >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery >> Capable vendor ID >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact vendor >> ID >> >> Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID: >> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an >> IKE_SA >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending >> keep alives >> >> Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT >> >> Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [ >> SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] >> >> Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from >> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4) >> ] >> >> Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting >> for complete IKE message >> >> Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4) >> ] >> >> Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting >> for complete IKE message >> >> Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4) >> ] >> >> Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting >> for complete IKE message >> >> Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4) >> ] >> >> Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4, >> reassembling fragmented IKE message >> >> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi >> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] >> >> Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an >> unknown ca >> >> Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching >> 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104] >> >> Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior' >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA request >> 15 [ SA No TSi TSr ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3} >> established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 === >> 10.10.10.1/32 >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA >> response 15 [ SA No TSi TSr ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request >> 16 [ D ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP >> CHILD_SA with SPI af63e684 >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing CHILD_SA >> roadwarrior{2} with SPIs cf6737f5_i (104 bytes) af63e684_o (0 bytes) and TS >> 0.0.0.0/0 === 10.10.10.1/32 >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] sending DELETE for ESP >> CHILD_SA with SPI cf6737f5 >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] CHILD_SA closed >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL >> response 16 [ D ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 14[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 13[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 06[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] parsed INFORMATIONAL request >> 17 [ D ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] received DELETE for ESP >> CHILD_SA with SPI d57f9f2c >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] closing CHILD_SA >> roadwarrior{3} with SPIs ccadd085_i (2260 bytes) d57f9f2c_o (0 bytes) and >> TS 0.0.0.0/0 === 10.10.10.1/32 >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] sending DELETE for ESP >> CHILD_SA with SPI ccadd085 >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] CHILD_SA closed >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] generating INFORMATIONAL >> response 17 [ D ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request >> 18 [ D ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for IKE_SA >> roadwarrior[1] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] deleting IKE_SA roadwarrior[1] >> between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] IKE_SA deleted >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS >> Accounting-Request to server 'server-a' >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] received RADIUS >> Accounting-Response from server 'server-a' >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL >> response 18 [ ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] lease 10.10.10.1 by 'userx' >> went offline >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] received packet: from >> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_SA_INIT request 0 [ >> SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS NT5 ISAKMPOAKLEY >> v9 vendor ID >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS-Negotiation >> Discovery Capable vendor ID >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received Vid-Initial-Contact >> vendor ID >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] received unknown vendor ID: >> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] 91.98.xxx.xxx is initiating an >> IKE_SA >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] local host is behind NAT, >> sending keep alives >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] remote host is behind NAT >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] generating IKE_SA_INIT >> response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] sending packet: from >> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] parsed IKE_AUTH request 1 [ >> EF(1/4) ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] received fragment #1 of 4, >> waiting for complete IKE message >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] parsed IKE_AUTH request 1 [ >> EF(2/4) ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] received fragment #2 of 4, >> waiting for complete IKE message >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] parsed IKE_AUTH request 1 [ >> EF(3/4) ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] received fragment #3 of 4, >> waiting for complete IKE message >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes) >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [ >> EF(4/4) ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] received fragment #4 of 4, >> reassembling fragmented IKE message >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [ >> IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi >> TSr ] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] received 57 cert requests for >> an unknown ca >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] looking for peer configs >> matching 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104] >> >> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] selected peer config >> 'roadwarrior' >> >> Mar 29 16:50:45 vpn-1 charon: 11[IKE] initiating EAP_IDENTITY method (id >> 0x00) >> >> Mar 29 16:50:45 vpn-1 charon: 11[IKE] peer supports MOBIKE >> >> Mar 29 16:50:45 vpn-1 charon: 11[IKE] authentication of 'vpn-1.domain.net' >> (myself) with RSA signature successful >> >> Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending end entity cert "CN= >> vpn-1.domain.net" >> >> Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending issuer cert "C=US, O=Let's >> Encrypt, CN=Let's Encrypt Authority X3" >> >> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ >> IDr CERT CERT AUTH EAP/REQ/ID ] >> >> Mar 29 16:50:45 vpn-1 charon: 11[ENC] splitting IKE message with length >> of 2924 bytes into 3 fragments >> >> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ >> EF(1/3) ] >> >> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ >> EF(2/3) ] >> >> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ >> EF(3/3) ] >> >> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 14[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 14[ENC] parsed IKE_AUTH request 2 [ >> EAP/RES/ID ] >> >> Mar 29 16:50:45 vpn-1 charon: 14[IKE] received EAP identity 'userx' >> >> Mar 29 16:50:45 vpn-1 charon: 14[CFG] sending RADIUS Access-Request to >> server 'server-a' >> >> Mar 29 16:50:45 vpn-1 charon: 14[CFG] received RADIUS Access-Challenge >> from server 'server-a' >> >> Mar 29 16:50:45 vpn-1 charon: 14[IKE] initiating EAP_MD5 method (id 0x01) >> >> Mar 29 16:50:45 vpn-1 charon: 14[ENC] generating IKE_AUTH response 2 [ >> EAP/REQ/MD5 ] >> >> Mar 29 16:50:45 vpn-1 charon: 14[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 13[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:45 vpn-1 charon: 13[ENC] parsed IKE_AUTH request 3 [ >> EAP/RES/NAK ] >> >> Mar 29 16:50:45 vpn-1 charon: 13[CFG] sending RADIUS Access-Request to >> server 'server-a' >> >> Mar 29 16:50:45 vpn-1 charon: 13[CFG] received RADIUS Access-Challenge >> from server 'server-a' >> >> Mar 29 16:50:45 vpn-1 charon: 13[ENC] generating IKE_AUTH response 3 [ >> EAP/REQ/PEAP ] >> >> Mar 29 16:50:45 vpn-1 charon: 13[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 15[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 15[ENC] parsed IKE_AUTH request 4 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 15[CFG] sending RADIUS Access-Request to >> server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 15[CFG] received RADIUS Access-Challenge >> from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 15[ENC] generating IKE_AUTH response 4 [ >> EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 15[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 06[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 06[ENC] parsed IKE_AUTH request 5 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 06[CFG] sending RADIUS Access-Request to >> server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 06[CFG] received RADIUS Access-Challenge >> from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 06[ENC] generating IKE_AUTH response 5 [ >> EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 06[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 05[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 05[ENC] parsed IKE_AUTH request 6 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 05[CFG] sending RADIUS Access-Request to >> server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 05[CFG] received RADIUS Access-Challenge >> from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 05[ENC] generating IKE_AUTH response 6 [ >> EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 05[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 16[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 16[ENC] parsed IKE_AUTH request 7 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 16[CFG] sending RADIUS Access-Request to >> server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 16[CFG] received RADIUS Access-Challenge >> from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 16[ENC] generating IKE_AUTH response 7 [ >> EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 16[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 07[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 07[ENC] parsed IKE_AUTH request 8 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 07[CFG] sending RADIUS Access-Request to >> server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 07[CFG] received RADIUS Access-Challenge >> from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 07[ENC] generating IKE_AUTH response 8 [ >> EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 07[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 08[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 08[ENC] parsed IKE_AUTH request 9 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 08[CFG] sending RADIUS Access-Request to >> server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 08[CFG] received RADIUS Access-Challenge >> from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 08[ENC] generating IKE_AUTH response 9 [ >> EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 08[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] initiating EAP_IDENTITY method >> (id 0x00) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] peer supports MOBIKE >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] authentication of ' >> vpn-1.domain.net' (myself) with RSA signature successful >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending end entity cert "CN= >> vpn-1.domain.net" >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending issuer cert "C=US, >> O=Let's Encrypt, CN=Let's Encrypt Authority X3" >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 >> [ IDr CERT CERT AUTH EAP/REQ/ID ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] splitting IKE message with >> length of 2924 bytes into 3 fragments >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 >> [ EF(1/3) ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 >> [ EF(2/3) ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 >> [ EF(3/3) ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] parsed IKE_AUTH request 2 [ >> EAP/RES/ID ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] received EAP identity 'userx' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] sending RADIUS Access-Request >> to server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] received RADIUS >> Access-Challenge from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] initiating EAP_MD5 method (id >> 0x01) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] generating IKE_AUTH response 2 >> [ EAP/REQ/MD5 ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] parsed IKE_AUTH request 3 [ >> EAP/RES/NAK ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] sending RADIUS Access-Request >> to server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] received RADIUS >> Access-Challenge from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] generating IKE_AUTH response 3 >> [ EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] parsed IKE_AUTH request 4 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] sending RADIUS Access-Request >> to server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] received RADIUS >> Access-Challenge from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] generating IKE_AUTH response 4 >> [ EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 09[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] parsed IKE_AUTH request 5 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] sending RADIUS Access-Request >> to server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] received RADIUS >> Access-Challenge from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] generating IKE_AUTH response 5 >> [ EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] parsed IKE_AUTH request 6 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] sending RADIUS Access-Request >> to server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] received RADIUS >> Access-Challenge from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] generating IKE_AUTH response 6 >> [ EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] parsed IKE_AUTH request 7 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] sending RADIUS Access-Request >> to server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] received RADIUS >> Access-Challenge from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] generating IKE_AUTH response 7 >> [ EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] parsed IKE_AUTH request 8 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS Access-Request >> to server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] received RADIUS >> Access-Challenge from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] generating IKE_AUTH response 8 >> [ EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes) >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_AUTH request 9 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] sending RADIUS Access-Request >> to server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] received RADIUS >> Access-Challenge from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] generating IKE_AUTH response 9 >> [ EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 10 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 09[CFG] sending RADIUS Access-Request to >> server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 09[CFG] received RADIUS Access-Challenge >> from server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 09[ENC] generating IKE_AUTH response 10 [ >> EAP/REQ/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 09[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 10[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (124 bytes) >> >> Mar 29 16:50:46 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 11 [ >> EAP/RES/PEAP ] >> >> Mar 29 16:50:46 vpn-1 charon: 10[CFG] sending RADIUS Access-Request to >> server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 10[CFG] received RADIUS Access-Accept from >> server 'server-a' >> >> Mar 29 16:50:46 vpn-1 charon: 10[CFG] scheduling RADIUS Interim-Updates >> every 300s >> >> Mar 29 16:50:46 vpn-1 charon: 10[IKE] RADIUS authentication of 'userx' >> successful >> >> Mar 29 16:50:46 vpn-1 charon: 10[IKE] EAP method EAP_PEAP succeeded, MSK >> established >> >> Mar 29 16:50:46 vpn-1 charon: 10[ENC] generating IKE_AUTH response 11 [ >> EAP/SUCC ] >> >> Mar 29 16:50:46 vpn-1 charon: 10[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes) >> >> Mar 29 16:50:47 vpn-1 charon: 12[NET] received packet: from >> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (92 bytes) >> >> Mar 29 16:50:47 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 12 [ AUTH ] >> >> Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of '192.168.1.104' >> with EAP successful >> >> Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of 'vpn-1.domain.net' >> (myself) with EAP >> >> Mar 29 16:50:47 vpn-1 charon: 12[IKE] IKE_SA roadwarrior[2] established >> between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104] >> >> Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any >> >> Mar 29 16:50:47 vpn-1 charon: 12[CFG] reassigning offline lease to 'userx' >> >> Mar 29 16:50:47 vpn-1 charon: 12[IKE] assigning virtual IP 10.10.10.1 to >> peer 'userx' >> >> Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any6 >> >> Mar 29 16:50:47 vpn-1 charon: 12[IKE] no virtual IP found for %any6 >> requested by 'userx' >> >> Mar 29 16:50:47 vpn-1 charon: 12[IKE] CHILD_SA roadwarrior{4} established >> with SPIs c10aa3f3_i 32cfd28c_o and TS 0.0.0.0/0 === 10.10.10.1/32 >> >> Mar 29 16:50:47 vpn-1 charon: 12[CFG] sending RADIUS Accounting-Request >> to server 'server-a' >> >> Mar 29 16:50:47 vpn-1 charon: 12[CFG] received RADIUS Accounting-Response >> from server 'server-a' >> >> Mar 29 16:50:47 vpn-1 charon: 12[ENC] generating IKE_AUTH response 12 [ >> AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ] >> >> Mar 29 16:50:47 vpn-1 charon: 12[NET] sending packet: from >> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (236 bytes) >> >> Mar 29 16:51:07 vpn-1 charon: 15[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:51:27 vpn-1 charon: 16[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:51:47 vpn-1 charon: 07[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:52:07 vpn-1 charon: 09[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:52:27 vpn-1 charon: 11[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:52:47 vpn-1 charon: 12[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:53:07 vpn-1 charon: 14[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:53:27 vpn-1 charon: 15[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >> Mar 29 16:53:47 vpn-1 charon: 16[IKE] sending keep alive to >> 91.98.xxx.xxx[4500] >> >>