[strongSwan] Configuring site-to-site IPsec VPN to a Fortigate using certificates

JR Mon, 14 Oct 2019 09:40:29 -0700

Hi

I am trying to configure a VPN tunnel between a Linux VM in Azure with a 
customer's Fortigate firewall. The Azure VM is behind an Azure load balancer, 
so has a different public IP from the local VM IP. The good news is that the 
configuration is working with PSK. However, when trying to use 
certificate-based authentication, the connection is not establishing. I can see 
the connection request coming in from the customer, but it fails to complete.


I am not sure what the "id" values should be for a Fortigate when using 
certificates. I have tried: IP address, FQDN, and Distinguished Name, but none 
appear to be working. We have tried using a third party "proper" certificate, 
and also a self-signed certificate (the below is based on the self-signed 
certificate. Both ends have the same self-signed/created CA root certificate 
installed).

Please see the logs and command outputs below. customer name and IPs have been 
sanitized.

Version: 5.6.2-1ubuntu2.4 (latest available on Ubuntu 18.04.2 LTS

Any help would be appreciated! We have spent three days trying to debug this 
without success.

Thanks

Julian


The output of swanctl -l:

(unnamed): #1, CONNECTING, IKEv2, d97222f0d8c960ed_i 4f771e61521bd11a_r*
  local  '%any' @ 172.26.0.85[500]
  remote '%any' @ 123.123.123.123[500]
  AES_CBC-256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
  passive: IKE_CERT_PRE IKE_AUTH IKE_CERT_POST IKE_CONFIG CHILD_CREATE 
IKE_AUTH_LIFETIME IKE_MOBIKE

The output of swanctl -L:
customername: IKEv2, no reauthentication, rekeying every 14400s
  local:  172.26.0.85
  remote: 123.123.123.123
  local public key authentication:
    id: vpnrsa-ss.production.onecloud.companyname.cloud
    certs: C=GB, ST=County, O=CompanyName, OU=Technical Services, 
CN=vpnrsa-ss.production.onecloud.companyname.cloud
  remote public key authentication:
    id: vpn1.customername.gov.uk
  datacentre-customername: TUNNEL, rekeying every 3600s or 4608000 bytes
    local:  172.26.0.85/32 172.16.16.64/27 172.16.44.32/28 172.16.60.0/22 
172.16.30.196/32
    remote: 10.10.8.1/32 10.10.8.2/32 10.10.8.22/32 10.10.8.23/32 10.10.8.24/32 
10.10.8.25/32 10.10.8.45/32


The output of iptables -L:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

The output of ip route show table all:

10.10.8.1 via 172.26.0.81 dev eth0 table 220 proto static src 172.26.0.85
10.10.8.2 via 172.26.0.81 dev eth0 table 220 proto static src 172.26.0.85
10.10.8.22 via 172.26.0.81 dev eth0 table 220 proto static src 172.26.0.85
10.10.8.23 via 172.26.0.81 dev eth0 table 220 proto static src 172.26.0.85
10.10.8.24 via 172.26.0.81 dev eth0 table 220 proto static src 172.26.0.85
10.10.8.25 via 172.26.0.81 dev eth0 table 220 proto static src 172.26.0.85
10.10.8.45 via 172.26.0.81 dev eth0 table 220 proto static src 172.26.0.85
default via 172.26.0.81 dev eth0 proto dhcp src 172.26.0.85 metric 100
168.63.129.16 via 172.26.0.81 dev eth0 proto dhcp src 172.26.0.85 metric 100
169.254.169.254 via 172.26.0.81 dev eth0 proto dhcp src 172.26.0.85 metric 100
172.26.0.80/28 dev eth0 proto kernel scope link src 172.26.0.85
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 
127.0.0.1
broadcast 172.26.0.80 dev eth0 table local proto kernel scope link src 
172.26.0.85
local 172.26.0.85 dev eth0 table local proto kernel scope host src 172.26.0.85
broadcast 172.26.0.95 dev eth0 table local proto kernel scope link src 
172.26.0.85
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::20d:3aff:fe7e:9150 dev eth0 table local proto kernel metric 0 pref 
medium
ff00::/8 dev eth0 table local metric 256 pref medium

The output of  ip addr:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group 
default qlen 1000
    link/ether 00:0d:3a:7e:91:50 brd ff:ff:ff:ff:ff:ff
    inet 172.26.0.85/28 brd 172.26.0.95 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20d:3aff:fe7e:9150/64 scope link
       valid_lft forever preferred_lft forever


The only configuration file change I have made is to create a customername.conf 
file in /etc/swanctl/conf.d with the following:

# customername
connections {

   customername {
      local_addrs  = 172.26.0.85
      remote_addrs = 123.123.123.123

      local {
         #auth = psk
         #id = 172.26.0.85

         auth = pubkey
         id = vpnrsa-ss.production.onecloud.companyname.cloud
         certs = strongswan_self_signed2.crt
         #id = "C=GB, ST=London, L=London, O=CompanyName PLC, 
CN=vpnrsa.production.onecloud.companyname.cloud"
      }
      remote {
         auth = psk
         #id = 123.123.123.123
         id = vpn1.customername.gov.uk
         #auth = pubkey
         #id = "C=GB, S=customername, L=Town, O=customername County Council, 
OU=customername County Council, CN=vpn1.customername.gov.uk"
         #id = "C=GB, ST=County, O=CompanyName, OU=Technical Services, 
CN=vpn1.customername.gov.uk"
      }
      children {
         datacentre-customername {
            local_ts  = 
172.26.0.85,172.16.16.64/27,172.16.44.32/28,172.16.60.0/22,172.16.30.196/32
            remote_ts = 
10.10.8.1,10.10.8.2,10.10.8.22,10.10.8.23,10.10.8.24,10.10.8.25,10.10.8.45
            dpd_action = restart
            start_action = trap
            rekey_bytes = 4608000
            esp_proposals = aes256-sha256-modp2048 #phase 2
         }
      }
      version = 2
      mobike = no
      proposals = aes256-sha256-modp2048 #phase 1 customername proposed
   }
}

secrets {
   ike-customername {
        id = 172.26.0.85
        secret = <snipped>
   }
   ike-customer2 {
        id = 123.123.123.123
        secret = <snipped>
   }
   ike-customer3 {
        id = vpn1.customername.gov.uk
        secret = <snipped>
   }
}

root@vpnserver01:/tmp# cat charon_debug.log
Mon, 2019-10-14 17:15 00[LIB] plugin 'test-vectors': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'unbound': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'ldap': loaded successfully
Mon, 2019-10-14 17:15 00[CFG] PKCS11 module '<name>' lacks library path
Mon, 2019-10-14 17:15 00[LIB] plugin 'pkcs11': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'tpm': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'aesni': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'aes': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'rc2': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'sha2': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'sha1': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'md4': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'md5': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'mgf1': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'rdrand': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] detected RDRAND support, enabled
Mon, 2019-10-14 17:15 00[LIB] plugin 'random': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'nonce': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'x509': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'revocation': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'constraints': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'acert': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'pubkey': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'pkcs1': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'pkcs7': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'pkcs8': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'pkcs12': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'pgp': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'dnskey': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'sshkey': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'dnscert': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'ipseckey': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'pem': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'openssl': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'gcrypt': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'af-alg': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'fips-prf': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'gmp': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'curve25519': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'agent': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'chapoly': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'xcbc': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'cmac': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'hmac': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'ctr': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'ccm': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'gcm': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'ntru': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'bliss': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'curl': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'soup': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'mysql': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] using SQLite 3.22.0, thread safety 1
Mon, 2019-10-14 17:15 00[LIB] plugin 'sqlite': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'attr': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'attr-sql': loaded successfully
Mon, 2019-10-14 17:15 00[CFG] disabling load-tester plugin, not configured
Mon, 2019-10-14 17:15 00[LIB] plugin 'load-tester': failed to load - 
load_tester_plugin_create returned NULL
Mon, 2019-10-14 17:15 00[LIB] plugin 'kernel-netlink': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'resolve': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'socket-default': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'connmark': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'farp': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'stroke': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'vici': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'sql': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'updown': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-identity': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-sim': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-sim-file': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-sim-pcsc': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-aka': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-aka-3gpp2': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-simaka-sql': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-simaka-pseudonym': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-simaka-reauth': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-md5': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-gtc': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-mschapv2': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-dynamic': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-radius': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-tls': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-ttls': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-peap': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'eap-tnc': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'xauth-generic': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'xauth-eap': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'xauth-pam': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'xauth-noauth': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'tnc-tnccs': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'tnccs-20': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'tnccs-11': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'tnccs-dynamic': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'dhcp': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'ha': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'whitelist': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'lookip': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'error-notify': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'certexpire': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'systime-fix': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'led': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'coupling': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'radattr': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'addrblock': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'unity': loaded successfully
Mon, 2019-10-14 17:15 00[LIB] plugin 'counters': loaded successfully
Mon, 2019-10-14 17:15 00[KNL] known interfaces and IP addresses:
Mon, 2019-10-14 17:15 00[KNL]   lo
Mon, 2019-10-14 17:15 00[KNL]     127.0.0.1
Mon, 2019-10-14 17:15 00[KNL]     ::1
Mon, 2019-10-14 17:15 00[KNL]   eth0
Mon, 2019-10-14 17:15 00[KNL]     172.26.0.85
Mon, 2019-10-14 17:15 00[KNL]     fe80::20d:3aff:fe7e:9150
Mon, 2019-10-14 17:15 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet 
dependency: PUBKEY:DSA
Mon, 2019-10-14 17:15 00[CFG] loading unbound resolver config from 
'/etc/resolv.conf'
Mon, 2019-10-14 17:15 00[CFG] loading unbound trust anchors from 
'/etc/ipsec.d/dnssec.keys'
Mon, 2019-10-14 17:15 00[CFG] dnscert plugin is disabled
Mon, 2019-10-14 17:15 00[CFG] loading unbound resolver config from 
'/etc/resolv.conf'
Mon, 2019-10-14 17:15 00[CFG] loading unbound trust anchors from 
'/etc/ipsec.d/dnssec.keys'
Mon, 2019-10-14 17:15 00[CFG] ipseckey plugin is disabled
Mon, 2019-10-14 17:15 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet 
dependency: PRIVKEY:DSA
Mon, 2019-10-14 17:15 00[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin 'pem' 
has unmet dependency: CERT_DECODE:OCSP_REQUEST
Mon, 2019-10-14 17:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_224 in 
plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
Mon, 2019-10-14 17:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_256 in 
plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
Mon, 2019-10-14 17:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_384 in 
plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
Mon, 2019-10-14 17:15 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_512 in 
plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
Mon, 2019-10-14 17:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_224 in 
plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
Mon, 2019-10-14 17:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_256 in 
plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
Mon, 2019-10-14 17:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_384 in 
plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
Mon, 2019-10-14 17:15 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_512 in 
plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
Mon, 2019-10-14 17:15 00[LIB] feature PRIVKEY_SIGN:BLISS_WITH_SHA3_256 in 
plugin 'bliss' has unmet dependency: HASHER:HASH_SHA3_256
Mon, 2019-10-14 17:15 00[LIB] feature PRIVKEY_SIGN:BLISS_WITH_SHA3_384 in 
plugin 'bliss' has unmet dependency: HASHER:HASH_SHA3_384
Mon, 2019-10-14 17:15 00[LIB] feature PRIVKEY_SIGN:BLISS_WITH_SHA3_512 in 
plugin 'bliss' has unmet dependency: HASHER:HASH_SHA3_512
Mon, 2019-10-14 17:15 00[LIB] feature PUBKEY_VERIFY:BLISS_WITH_SHA3_256 in 
plugin 'bliss' has unmet dependency: HASHER:HASH_SHA3_256
Mon, 2019-10-14 17:15 00[LIB] feature PUBKEY_VERIFY:BLISS_WITH_SHA3_384 in 
plugin 'bliss' has unmet dependency: HASHER:HASH_SHA3_384
Mon, 2019-10-14 17:15 00[LIB] feature PUBKEY_VERIFY:BLISS_WITH_SHA3_512 in 
plugin 'bliss' has unmet dependency: HASHER:HASH_SHA3_512
Mon, 2019-10-14 17:15 00[CFG] attr-sql plugin: database URI not set
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:attr-sql in plugin 'attr-sql' 
failed to load
Mon, 2019-10-14 17:15 00[CFG] loading ca certificates from 
'/etc/ipsec.d/cacerts'
Mon, 2019-10-14 17:15 00[CFG] loading aa certificates from 
'/etc/ipsec.d/aacerts'
Mon, 2019-10-14 17:15 00[CFG] loading ocsp signer certificates from 
'/etc/ipsec.d/ocspcerts'
Mon, 2019-10-14 17:15 00[CFG] loading attribute certificates from 
'/etc/ipsec.d/acerts'
Mon, 2019-10-14 17:15 00[CFG] loading crls from '/etc/ipsec.d/crls'
Mon, 2019-10-14 17:15 00[CFG] loading secrets from '/etc/ipsec.secrets'
Mon, 2019-10-14 17:15 00[CFG] sql plugin: database URI not set
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:sql in plugin 'sql' failed to load
Mon, 2019-10-14 17:15 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat 
failed: No such file or directory
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:eap-sim-file-triplets in plugin 
'eap-sim-file' failed to load
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:sim-card in plugin 'eap-sim-file' 
has unmet dependency: CUSTOM:eap-sim-file-triplets
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:sim-provider in plugin 
'eap-sim-file' has unmet dependency: CUSTOM:eap-sim-file-triplets
Mon, 2019-10-14 17:15 00[CFG] eap-simaka-sql database URI missing
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:eap-simaka-sql-db in plugin 
'eap-simaka-sql' failed to load
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:aka-card in plugin 
'eap-simaka-sql' has unmet dependency: CUSTOM:eap-simaka-sql-db
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:sim-card in plugin 
'eap-simaka-sql' has unmet dependency: CUSTOM:eap-simaka-sql-db
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:aka-provider in plugin 
'eap-simaka-sql' has unmet dependency: CUSTOM:eap-simaka-sql-db
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:sim-provider in plugin 
'eap-simaka-sql' has unmet dependency: CUSTOM:eap-simaka-sql-db
Mon, 2019-10-14 17:15 00[CFG] loaded 0 RADIUS server configurations
Mon, 2019-10-14 17:15 00[CFG] HA config misses local/remote address
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:ha in plugin 'ha' failed to load
Mon, 2019-10-14 17:15 00[CFG] no threshold configured for systime-fix, disabled
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:systime-fix in plugin 
'systime-fix' failed to load
Mon, 2019-10-14 17:15 00[CFG] coupling file path unspecified
Mon, 2019-10-14 17:15 00[LIB] feature CUSTOM:coupling in plugin 'coupling' 
failed to load
Mon, 2019-10-14 17:15 00[LIB] unloading plugin 'attr-sql' without loaded 
features
Mon, 2019-10-14 17:15 00[LIB] unloading plugin 'sql' without loaded features
Mon, 2019-10-14 17:15 00[LIB] unloading plugin 'eap-sim-file' without loaded 
features
Mon, 2019-10-14 17:15 00[LIB] unloading plugin 'eap-simaka-sql' without loaded 
features
Mon, 2019-10-14 17:15 00[LIB] unloading plugin 'ha' without loaded features
Mon, 2019-10-14 17:15 00[LIB] unloading plugin 'systime-fix' without loaded 
features
Mon, 2019-10-14 17:15 00[LIB] unloading plugin 'coupling' without loaded 
features
Mon, 2019-10-14 17:15 00[LIB] loaded plugins: charon-systemd charon-systemd 
test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 
rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 
pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf 
gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup 
mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke 
vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 
eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic 
eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam 
xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip 
error-notify certexpire led radattr addrblock unity counters
Mon, 2019-10-14 17:15 00[LIB] unable to load 30 plugin features (23 due to 
unmet dependencies)
Mon, 2019-10-14 17:15 00[LIB] dropped capabilities, running as uid 0, gid 0
Mon, 2019-10-14 17:15 00[JOB] spawning 16 worker threads
Mon, 2019-10-14 17:15 01[LIB] created thread 01 [5971]
Mon, 2019-10-14 17:15 02[LIB] created thread 02 [5972]
Mon, 2019-10-14 17:15 03[LIB] created thread 03 [5973]
Mon, 2019-10-14 17:15 04[LIB] created thread 04 [5974]
Mon, 2019-10-14 17:15 05[LIB] created thread 05 [5975]
Mon, 2019-10-14 17:15 06[LIB] created thread 06 [5987]
Mon, 2019-10-14 17:15 07[LIB] created thread 07 [5979]
Mon, 2019-10-14 17:15 08[LIB] created thread 08 [5978]
Mon, 2019-10-14 17:15 09[LIB] created thread 09 [5980]
Mon, 2019-10-14 17:15 10[LIB] created thread 10 [5981]
Mon, 2019-10-14 17:15 11[LIB] created thread 11 [5982]
Mon, 2019-10-14 17:15 12[LIB] created thread 12 [5983]
Mon, 2019-10-14 17:15 13[LIB] created thread 13 [5984]
Mon, 2019-10-14 17:15 14[LIB] created thread 14 [5985]
Mon, 2019-10-14 17:15 15[LIB] created thread 15 [5976]
Mon, 2019-10-14 17:15 16[LIB] created thread 16 [5977]
Mon, 2019-10-14 17:15 05[CFG] vici client 1 connected
Mon, 2019-10-14 17:15 08[CFG] vici client 1 requests: get-keys
Mon, 2019-10-14 17:15 11[CFG] vici client 1 requests: get-shared
Mon, 2019-10-14 17:15 16[CFG] vici client 1 requests: load-cert
Mon, 2019-10-14 17:15 16[CFG] loaded certificate 'C=GB, ST=County, 
O=CompanyName, OU=Technical Services, 
CN=vpnrsa-ss.production.onecloud.companyname.cloud'
Mon, 2019-10-14 17:15 07[CFG] vici client 1 requests: load-cert
Mon, 2019-10-14 17:15 07[CFG] loaded certificate 'C=GB, ST=County, L=Town, 
O=CompanyName, OU=Technical Services, CN=CompanyName Test CA Root'
Mon, 2019-10-14 17:15 12[CFG] vici client 1 requests: load-key
Mon, 2019-10-14 17:15 12[CFG] loaded ANY private key
Mon, 2019-10-14 17:15 16[CFG] vici client 1 requests: load-shared
Mon, 2019-10-14 17:15 16[CFG] loaded IKE shared key with id 'ike-customername' 
for: '172.26.0.85'
Mon, 2019-10-14 17:15 09[CFG] vici client 1 requests: load-shared
Mon, 2019-10-14 17:15 09[CFG] loaded IKE shared key with id 'ike-customername2' 
for: '123.123.123.123'
Mon, 2019-10-14 17:15 11[CFG] vici client 1 requests: load-shared
Mon, 2019-10-14 17:15 11[CFG] loaded IKE shared key with id 'ike-customername3' 
for: 'vpn1.customername.gov.uk'
Mon, 2019-10-14 17:15 15[CFG] vici client 1 requests: get-authorities
Mon, 2019-10-14 17:15 09[CFG] vici client 1 requests: get-pools
Mon, 2019-10-14 17:15 11[CFG] vici client 1 requests: get-conns
Mon, 2019-10-14 17:15 05[CFG] vici client 1 requests: load-conn
Mon, 2019-10-14 17:15 05[CFG]  conn customername:
Mon, 2019-10-14 17:15 05[CFG]   child datacentre-customername:
Mon, 2019-10-14 17:15 05[CFG]    rekey_time = 3600
Mon, 2019-10-14 17:15 05[CFG]    life_time = 3960
Mon, 2019-10-14 17:15 05[CFG]    rand_time = 360
Mon, 2019-10-14 17:15 05[CFG]    rekey_bytes = 4608000
Mon, 2019-10-14 17:15 05[CFG]    life_bytes = 5068800
Mon, 2019-10-14 17:15 05[CFG]    rand_bytes = 460800
Mon, 2019-10-14 17:15 05[CFG]    rekey_packets = 0
Mon, 2019-10-14 17:15 05[CFG]    life_packets = 0
Mon, 2019-10-14 17:15 05[CFG]    rand_packets = 0
Mon, 2019-10-14 17:15 05[CFG]    updown = (null)
Mon, 2019-10-14 17:15 05[CFG]    hostaccess = 0
Mon, 2019-10-14 17:15 05[CFG]    ipcomp = 0
Mon, 2019-10-14 17:15 05[CFG]    mode = TUNNEL
Mon, 2019-10-14 17:15 05[CFG]    policies = 1
Mon, 2019-10-14 17:15 05[CFG]    policies_fwd_out = 0
Mon, 2019-10-14 17:15 05[CFG]    dpd_action = restart
Mon, 2019-10-14 17:15 05[CFG]    start_action = hold
Mon, 2019-10-14 17:15 05[CFG]    close_action = clear
Mon, 2019-10-14 17:15 05[CFG]    reqid = 0
Mon, 2019-10-14 17:15 05[CFG]    tfc = 0
Mon, 2019-10-14 17:15 05[CFG]    priority = 0
Mon, 2019-10-14 17:15 05[CFG]    interface = (null)
Mon, 2019-10-14 17:15 05[CFG]    mark_in = 0/0
Mon, 2019-10-14 17:15 05[CFG]    mark_in_sa = 0
Mon, 2019-10-14 17:15 05[CFG]    mark_out = 0/0
Mon, 2019-10-14 17:15 05[CFG]    inactivity = 0
Mon, 2019-10-14 17:15 05[CFG]    proposals = 
ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ
Mon, 2019-10-14 17:15 05[CFG]    local_ts = 172.26.0.85/32 172.16.16.64/27 
172.16.44.32/28 172.16.60.0/22 172.16.30.196/32
Mon, 2019-10-14 17:15 05[CFG]    remote_ts = 10.10.8.1/32 10.10.8.2/32 
10.10.8.22/32 10.10.8.23/32 10.10.8.24/32 10.10.8.25/32 10.10.8.45/32
Mon, 2019-10-14 17:15 05[CFG]    hw_offload = 0
Mon, 2019-10-14 17:15 05[CFG]    sha256_96 = 0
Mon, 2019-10-14 17:15 05[CFG]   version = 2
Mon, 2019-10-14 17:15 05[CFG]   local_addrs = 172.26.0.85
Mon, 2019-10-14 17:15 05[CFG]   remote_addrs = 123.123.123.123
Mon, 2019-10-14 17:15 05[CFG]   local_port = 500
Mon, 2019-10-14 17:15 05[CFG]   remote_port = 500
Mon, 2019-10-14 17:15 05[CFG]   send_certreq = 1
Mon, 2019-10-14 17:15 05[CFG]   send_cert = CERT_SEND_IF_ASKED
Mon, 2019-10-14 17:15 05[CFG]   mobike = 0
Mon, 2019-10-14 17:15 05[CFG]   aggressive = 0
Mon, 2019-10-14 17:15 05[CFG]   dscp = 0x00
Mon, 2019-10-14 17:15 05[CFG]   encap = 0
Mon, 2019-10-14 17:15 05[CFG]   dpd_delay = 0
Mon, 2019-10-14 17:15 05[CFG]   dpd_timeout = 0
Mon, 2019-10-14 17:15 05[CFG]   fragmentation = 2
Mon, 2019-10-14 17:15 05[CFG]   unique = UNIQUE_NO
Mon, 2019-10-14 17:15 05[CFG]   keyingtries = 1
Mon, 2019-10-14 17:15 05[CFG]   reauth_time = 0
Mon, 2019-10-14 17:15 05[CFG]   rekey_time = 14400
Mon, 2019-10-14 17:15 05[CFG]   over_time = 1440
Mon, 2019-10-14 17:15 05[CFG]   rand_time = 1440
Mon, 2019-10-14 17:15 05[CFG]   proposals = 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mon, 2019-10-14 17:15 05[CFG]   mediation = 0
Mon, 2019-10-14 17:15 05[CFG]   local:
Mon, 2019-10-14 17:15 05[CFG]    id = 
vpnrsa-ss.production.onecloud.companyname.cloud
Mon, 2019-10-14 17:15 05[CFG]    class = public key
Mon, 2019-10-14 17:15 05[CFG]   remote:
Mon, 2019-10-14 17:15 05[CFG]    id = vpn1.customername.gov.uk
Mon, 2019-10-14 17:15 05[CFG]    class = public key
Mon, 2019-10-14 17:15 05[CFG] added vici connection: customername
Mon, 2019-10-14 17:15 05[CFG] installing 'datacentre-customername'
Mon, 2019-10-14 17:15 05[CFG] proposing traffic selectors for us:
Mon, 2019-10-14 17:15 05[CFG]  172.26.0.85/32
Mon, 2019-10-14 17:15 05[CFG]  172.16.16.64/27
Mon, 2019-10-14 17:15 05[CFG]  172.16.44.32/28
Mon, 2019-10-14 17:15 05[CFG]  172.16.60.0/22
Mon, 2019-10-14 17:15 05[CFG]  172.16.30.196/32
Mon, 2019-10-14 17:15 05[CFG] proposing traffic selectors for other:
Mon, 2019-10-14 17:15 05[CFG]  10.10.8.1/32
Mon, 2019-10-14 17:15 05[CFG]  10.10.8.2/32
Mon, 2019-10-14 17:15 05[CFG]  10.10.8.22/32
Mon, 2019-10-14 17:15 05[CFG]  10.10.8.23/32
Mon, 2019-10-14 17:15 05[CFG]  10.10.8.24/32
Mon, 2019-10-14 17:15 05[CFG]  10.10.8.25/32
Mon, 2019-10-14 17:15 05[CFG]  10.10.8.45/32
Mon, 2019-10-14 17:15 05[CFG] configured proposals: 
ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.1/32 === 172.16.16.64/27 in 
[priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.1/32 === 172.16.16.64/27 
fwd [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.16.64/27 === 10.10.8.1/32 
out [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.2/32 === 172.16.16.64/27 in 
[priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.2/32 === 172.16.16.64/27 
fwd [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.16.64/27 === 10.10.8.2/32 
out [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.22/32 === 172.16.16.64/27 
in [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.22/32 === 172.16.16.64/27 
fwd [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.16.64/27 === 10.10.8.22/32 
out [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.23/32 === 172.16.16.64/27 
in [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.23/32 === 172.16.16.64/27 
fwd [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.16.64/27 === 10.10.8.23/32 
out [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.24/32 === 172.16.16.64/27 
in [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.24/32 === 172.16.16.64/27 
fwd [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.16.64/27 === 10.10.8.24/32 
out [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.25/32 === 172.16.16.64/27 
in [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.25/32 === 172.16.16.64/27 
fwd [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.16.64/27 === 10.10.8.25/32 
out [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.45/32 === 172.16.16.64/27 
in [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.45/32 === 172.16.16.64/27 
fwd [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.16.64/27 === 10.10.8.45/32 
out [priority 369792, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.16.64/27
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.1/32 === 172.16.30.196/32 
in [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.1/32 === 172.16.30.196/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.30.196/32 === 10.10.8.1/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.2/32 === 172.16.30.196/32 
in [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.2/32 === 172.16.30.196/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.30.196/32 === 10.10.8.2/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.22/32 === 172.16.30.196/32 
in [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.22/32 === 172.16.30.196/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.30.196/32 === 10.10.8.22/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.23/32 === 172.16.30.196/32 
in [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.23/32 === 172.16.30.196/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.30.196/32 === 10.10.8.23/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.24/32 === 172.16.30.196/32 
in [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.24/32 === 172.16.30.196/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.30.196/32 === 10.10.8.24/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.25/32 === 172.16.30.196/32 
in [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.25/32 === 172.16.30.196/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.30.196/32 === 10.10.8.25/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.45/32 === 172.16.30.196/32 
in [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.45/32 === 172.16.30.196/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.30.196/32 === 10.10.8.45/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.30.196/32
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.1/32 === 172.16.44.32/28 in 
[priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.1/32 === 172.16.44.32/28 
fwd [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.44.32/28 === 10.10.8.1/32 
out [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.2/32 === 172.16.44.32/28 in 
[priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.2/32 === 172.16.44.32/28 
fwd [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.44.32/28 === 10.10.8.2/32 
out [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.22/32 === 172.16.44.32/28 
in [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.22/32 === 172.16.44.32/28 
fwd [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.44.32/28 === 10.10.8.22/32 
out [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.23/32 === 172.16.44.32/28 
in [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.23/32 === 172.16.44.32/28 
fwd [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.44.32/28 === 10.10.8.23/32 
out [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.24/32 === 172.16.44.32/28 
in [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.24/32 === 172.16.44.32/28 
fwd [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.44.32/28 === 10.10.8.24/32 
out [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.25/32 === 172.16.44.32/28 
in [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.25/32 === 172.16.44.32/28 
fwd [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.44.32/28 === 10.10.8.25/32 
out [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.45/32 === 172.16.44.32/28 
in [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.45/32 === 172.16.44.32/28 
fwd [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.44.32/28 === 10.10.8.45/32 
out [priority 369280, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.44.32/28
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.1/32 === 172.16.60.0/22 in 
[priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.1/32 === 172.16.60.0/22 fwd 
[priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.60.0/22 === 10.10.8.1/32 out 
[priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.2/32 === 172.16.60.0/22 in 
[priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.2/32 === 172.16.60.0/22 fwd 
[priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.60.0/22 === 10.10.8.2/32 out 
[priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.22/32 === 172.16.60.0/22 in 
[priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.22/32 === 172.16.60.0/22 
fwd [priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.60.0/22 === 10.10.8.22/32 
out [priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.23/32 === 172.16.60.0/22 in 
[priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.23/32 === 172.16.60.0/22 
fwd [priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.60.0/22 === 10.10.8.23/32 
out [priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.24/32 === 172.16.60.0/22 in 
[priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.24/32 === 172.16.60.0/22 
fwd [priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.60.0/22 === 10.10.8.24/32 
out [priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.25/32 === 172.16.60.0/22 in 
[priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.25/32 === 172.16.60.0/22 
fwd [priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.60.0/22 === 10.10.8.25/32 
out [priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.45/32 === 172.16.60.0/22 in 
[priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.45/32 === 172.16.60.0/22 
fwd [priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.16.60.0/22 === 10.10.8.45/32 
out [priority 372352, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] no local address found in traffic selector 
172.16.60.0/22
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.1/32 === 172.26.0.85/32 in 
[priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.1/32 === 172.26.0.85/32 fwd 
[priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.26.0.85/32 === 10.10.8.1/32 out 
[priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.26.0.85/32
Mon, 2019-10-14 17:15 05[KNL] using host 172.26.0.85
Mon, 2019-10-14 17:15 05[KNL] getting iface name for index 2
Mon, 2019-10-14 17:15 05[KNL] using 172.26.0.81 as nexthop and eth0 as dev to 
reach 123.123.123.123/32
Mon, 2019-10-14 17:15 05[KNL] installing route: 10.10.8.1/32 via 172.26.0.81 
src 172.26.0.85 dev eth0
Mon, 2019-10-14 17:15 05[KNL] getting iface index for eth0
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.2/32 === 172.26.0.85/32 in 
[priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.2/32 === 172.26.0.85/32 fwd 
[priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.26.0.85/32 === 10.10.8.2/32 out 
[priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.26.0.85/32
Mon, 2019-10-14 17:15 05[KNL] using host 172.26.0.85
Mon, 2019-10-14 17:15 05[KNL] getting iface name for index 2
Mon, 2019-10-14 17:15 05[KNL] using 172.26.0.81 as nexthop and eth0 as dev to 
reach 123.123.123.123/32
Mon, 2019-10-14 17:15 05[KNL] installing route: 10.10.8.2/32 via 172.26.0.81 
src 172.26.0.85 dev eth0
Mon, 2019-10-14 17:15 05[KNL] getting iface index for eth0
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.22/32 === 172.26.0.85/32 in 
[priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.22/32 === 172.26.0.85/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.26.0.85/32 === 10.10.8.22/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.26.0.85/32
Mon, 2019-10-14 17:15 05[KNL] using host 172.26.0.85
Mon, 2019-10-14 17:15 05[KNL] getting iface name for index 2
Mon, 2019-10-14 17:15 05[KNL] using 172.26.0.81 as nexthop and eth0 as dev to 
reach 123.123.123.123/32
Mon, 2019-10-14 17:15 05[KNL] installing route: 10.10.8.22/32 via 172.26.0.81 
src 172.26.0.85 dev eth0
Mon, 2019-10-14 17:15 05[KNL] getting iface index for eth0
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.23/32 === 172.26.0.85/32 in 
[priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.23/32 === 172.26.0.85/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.26.0.85/32 === 10.10.8.23/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.26.0.85/32
Mon, 2019-10-14 17:15 05[KNL] using host 172.26.0.85
Mon, 2019-10-14 17:15 05[KNL] getting iface name for index 2
Mon, 2019-10-14 17:15 05[KNL] using 172.26.0.81 as nexthop and eth0 as dev to 
reach 123.123.123.123/32
Mon, 2019-10-14 17:15 05[KNL] installing route: 10.10.8.23/32 via 172.26.0.81 
src 172.26.0.85 dev eth0
Mon, 2019-10-14 17:15 05[KNL] getting iface index for eth0
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.24/32 === 172.26.0.85/32 in 
[priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.24/32 === 172.26.0.85/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.26.0.85/32 === 10.10.8.24/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.26.0.85/32
Mon, 2019-10-14 17:15 05[KNL] using host 172.26.0.85
Mon, 2019-10-14 17:15 05[KNL] getting iface name for index 2
Mon, 2019-10-14 17:15 05[KNL] using 172.26.0.81 as nexthop and eth0 as dev to 
reach 123.123.123.123/32
Mon, 2019-10-14 17:15 05[KNL] installing route: 10.10.8.24/32 via 172.26.0.81 
src 172.26.0.85 dev eth0
Mon, 2019-10-14 17:15 05[KNL] getting iface index for eth0
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.25/32 === 172.26.0.85/32 in 
[priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.25/32 === 172.26.0.85/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.26.0.85/32 === 10.10.8.25/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.26.0.85/32
Mon, 2019-10-14 17:15 05[KNL] using host 172.26.0.85
Mon, 2019-10-14 17:15 05[KNL] getting iface name for index 2
Mon, 2019-10-14 17:15 05[KNL] using 172.26.0.81 as nexthop and eth0 as dev to 
reach 123.123.123.123/32
Mon, 2019-10-14 17:15 05[KNL] installing route: 10.10.8.25/32 via 172.26.0.81 
src 172.26.0.85 dev eth0
Mon, 2019-10-14 17:15 05[KNL] getting iface index for eth0
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.45/32 === 172.26.0.85/32 in 
[priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 10.10.8.45/32 === 172.26.0.85/32 
fwd [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] adding policy 172.26.0.85/32 === 10.10.8.45/32 
out [priority 367232, refcount 1]
Mon, 2019-10-14 17:15 05[KNL] getting a local address in traffic selector 
172.26.0.85/32
Mon, 2019-10-14 17:15 05[KNL] using host 172.26.0.85
Mon, 2019-10-14 17:15 05[KNL] getting iface name for index 2
Mon, 2019-10-14 17:15 05[KNL] using 172.26.0.81 as nexthop and eth0 as dev to 
reach 123.123.123.123/32
Mon, 2019-10-14 17:15 05[KNL] installing route: 10.10.8.45/32 via 172.26.0.81 
src 172.26.0.85 dev eth0
Mon, 2019-10-14 17:15 05[KNL] getting iface index for eth0
Mon, 2019-10-14 17:15 05[CHD] CHILD_SA datacentre-customername{1} state change: 
CREATED => ROUTED
Mon, 2019-10-14 17:15 15[CFG] vici client 1 disconnected
Mon, 2019-10-14 17:15 16[NET] <1> received packet: from 123.123.123.123[500] to 
172.26.0.85[500] (416 bytes)
Mon, 2019-10-14 17:15 16[ENC] <1> parsed IKE_SA_INIT request 0 [ SA KE No 
N(NATD_S_IP) N(NATD_D_IP) ]
Mon, 2019-10-14 17:15 16[CFG] <1> looking for an ike config for 
172.26.0.85...123.123.123.123
Mon, 2019-10-14 17:15 16[CFG] <1>   candidate: 172.26.0.85...123.123.123.123, 
prio 3100
Mon, 2019-10-14 17:15 16[CFG] <1> found matching ike config: 
172.26.0.85...123.123.123.123 with prio 3100
Mon, 2019-10-14 17:15 16[IKE] <1> 123.123.123.123 is initiating an IKE_SA
Mon, 2019-10-14 17:15 16[IKE] <1> IKE_SA (unnamed)[1] state change: CREATED => 
CONNECTING
Mon, 2019-10-14 17:15 16[CFG] <1> selecting proposal:
Mon, 2019-10-14 17:15 16[CFG] <1>   proposal matches
Mon, 2019-10-14 17:15 16[CFG] <1> received proposals: 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mon, 2019-10-14 17:15 16[CFG] <1> configured proposals: 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mon, 2019-10-14 17:15 16[CFG] <1> selected proposal: 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mon, 2019-10-14 17:15 16[LIB] <1> size of DH secret exponent: 2047 bits
Mon, 2019-10-14 17:15 16[IKE] <1> local host is behind NAT, sending keep alives
Mon, 2019-10-14 17:15 16[IKE] <1> sending cert request for "C=GB, ST=County, 
L=Town, O=CompanyName, OU=Technical Services, CN=CompanyName Test CA Root"
Mon, 2019-10-14 17:15 16[ENC] <1> generating IKE_SA_INIT response 0 [ SA KE No 
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Mon, 2019-10-14 17:15 16[NET] <1> sending packet: from 172.26.0.85[500] to 
123.123.123.123[500] (465 bytes)
Mon, 2019-10-14 17:15 08[CFG] vici client 2 connected
Mon, 2019-10-14 17:15 09[CFG] vici client 2 registered for: list-sa
Mon, 2019-10-14 17:15 14[CFG] vici client 2 requests: list-sas
Mon, 2019-10-14 17:15 12[CFG] vici client 2 disconnected
Mon, 2019-10-14 17:16 06[IKE] <1> sending keep alive to 123.123.123.123[500]
Mon, 2019-10-14 17:16 08[NET] <2> received packet: from 123.123.123.123[500] to 
172.26.0.85[500] (416 bytes)
Mon, 2019-10-14 17:16 08[ENC] <2> parsed IKE_SA_INIT request 0 [ SA KE No 
N(NATD_S_IP) N(NATD_D_IP) ]
Mon, 2019-10-14 17:16 08[CFG] <2> looking for an ike config for 
172.26.0.85...123.123.123.123
Mon, 2019-10-14 17:16 08[CFG] <2>   candidate: 172.26.0.85...123.123.123.123, 
prio 3100
Mon, 2019-10-14 17:16 08[CFG] <2> found matching ike config: 
172.26.0.85...123.123.123.123 with prio 3100
Mon, 2019-10-14 17:16 08[IKE] <2> 123.123.123.123 is initiating an IKE_SA
Mon, 2019-10-14 17:16 08[IKE] <2> IKE_SA (unnamed)[2] state change: CREATED => 
CONNECTING
Mon, 2019-10-14 17:16 08[CFG] <2> selecting proposal:
Mon, 2019-10-14 17:16 08[CFG] <2>   proposal matches
Mon, 2019-10-14 17:16 08[CFG] <2> received proposals: 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mon, 2019-10-14 17:16 08[CFG] <2> configured proposals: 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mon, 2019-10-14 17:16 08[CFG] <2> selected proposal: 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mon, 2019-10-14 17:16 08[LIB] <2> size of DH secret exponent: 2047 bits
Mon, 2019-10-14 17:16 07[JOB] <1> deleting half open IKE_SA with 
123.123.123.123 after timeout
Mon, 2019-10-14 17:16 07[IKE] <1> IKE_SA (unnamed)[1] state change: CONNECTING 
=> DESTROYING
Mon, 2019-10-14 17:16 08[IKE] <2> local host is behind NAT, sending keep alives
Mon, 2019-10-14 17:16 08[IKE] <2> sending cert request for "C=GB, ST=County, 
L=Town, O=CompanyName, OU=Technical Services, CN=CompanyName Test CA Root"
Mon, 2019-10-14 17:16 08[ENC] <2> generating IKE_SA_INIT response 0 [ SA KE No 
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Mon, 2019-10-14 17:16 08[NET] <2> sending packet: from 172.26.0.85[500] to 
123.123.123.123[500] (465 bytes)
Mon, 2019-10-14 17:16 10[IKE] <2> sending keep alive to 123.123.123.123[500]
Mon, 2019-10-14 17:16 13[JOB] <2> deleting half open IKE_SA with 
123.123.123.123 after timeout
Mon, 2019-10-14 17:16 13[IKE] <2> IKE_SA (unnamed)[2] state change: CONNECTING 
=> DESTROYING
Mon, 2019-10-14 17:16 05[NET] <3> received packet: from 123.123.123.123[500] to 
172.26.0.85[500] (416 bytes)
Mon, 2019-10-14 17:16 05[ENC] <3> parsed IKE_SA_INIT request 0 [ SA KE No 
N(NATD_S_IP) N(NATD_D_IP) ]
Mon, 2019-10-14 17:16 05[CFG] <3> looking for an ike config for 
172.26.0.85...123.123.123.123
Mon, 2019-10-14 17:16 05[CFG] <3>   candidate: 172.26.0.85...123.123.123.123, 
prio 3100
Mon, 2019-10-14 17:16 05[CFG] <3> found matching ike config: 
172.26.0.85...123.123.123.123 with prio 3100
Mon, 2019-10-14 17:16 05[IKE] <3> 123.123.123.123 is initiating an IKE_SA
Mon, 2019-10-14 17:16 05[IKE] <3> IKE_SA (unnamed)[3] state change: CREATED => 
CONNECTING
Mon, 2019-10-14 17:16 05[CFG] <3> selecting proposal:
Mon, 2019-10-14 17:16 05[CFG] <3>   proposal matches
Mon, 2019-10-14 17:16 05[CFG] <3> received proposals: 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mon, 2019-10-14 17:16 05[CFG] <3> configured proposals: 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mon, 2019-10-14 17:16 05[CFG] <3> selected proposal: 
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Mon, 2019-10-14 17:16 05[LIB] <3> size of DH secret exponent: 2047 bits
Mon, 2019-10-14 17:16 05[IKE] <3> local host is behind NAT, sending keep alives
Mon, 2019-10-14 17:16 05[IKE] <3> sending cert request for "C=GB, ST=County, 
L=Town, O=CompanyName, OU=Technical Services, CN=CompanyName Test CA Root"
Mon, 2019-10-14 17:16 05[ENC] <3> generating IKE_SA_INIT response 0 [ SA KE No 
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Mon, 2019-10-14 17:16 05[NET] <3> sending packet: from 172.26.0.85[500] to 
123.123.123.123[500] (465 bytes)
root@vpnserver01:/tmp#

[strongSwan] Configuring site-to-site IPsec VPN to a Fortigate using certificates

Reply via email to