[strongSwan] Getting reply from the wrong ip?!

Thu, 02 Jan 2020 08:19:11 -0800 

Hi!
I'm having trouble getting the strongSwan server to work. I'm trying to connect to a remote VPN server and I get replies from an entirely different server from a different company. 
The log looks like this:
Jan  2 16:59:21 Server charon: 08[NET] sending packet: from 46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes) Jan  2 16:59:25 Server charon: 09[IKE] retransmit 1 of request with message ID 0 Jan  2 16:37:43 Server charon: 09[NET] sending packet: from 46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes) Jan  2 16:37:46 Server charon: 10[NET] received packet: from 80.72.XXX.XXX[500] to 46.246.XXX.XXX[500] (284 bytes)
Our ISP only delivers internet connections, no firewalls, vpn services or something similar. And all our firewall does is to allow connections on UDP port 500 from 62.181.XXX.XXX. It has no port forwarding or anything special. I'm at a total loss here as we have never had any contact with the company with the 80.72.XXX.XXX address. We did have a hardware firewall (Sonicwall) that was working just fine with the same settings.
I would be extremely grateful if any of you experts could help me find a solution or point me in the right direction. 

Thanks!

/Peter


This is my config:

config setup
        charondebug="cfg 2"
        strictcrlpolicy=no

conn VPN
authby=secret
left=46.246.XXX.XXX
leftsubnet=1.1.1.0/24
leftfirewall=yes
right=62.181.XXX.XXX
rightsubnet=1.1.10.200/32
ike=aes128-sha1-modp1024
esp=aes128-sha1
keyexchange=ike
keyingtries=0
ikelifetime=12h
lifetime=6h
dpddelay=30
dpdtimeout=120
dpdaction=restart
auto=start
type=tunnel

ipsec.secrets;
46.246.XXX.XXX 62.181.XXX.XXX : PSK 'ABCDEFGH'

strongswan.conf:
charon {
        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf
        }
}
include strongswan.d/*.conf

And the log:
Jan  2 17:11:07 Server charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 5.3.0-24-generic, x86_64) Jan  2 17:11:07 Server charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Jan  2 17:11:07 Server charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Jan  2 17:11:07 Server charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Jan  2 17:11:07 Server charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' 
Jan  2 17:11:07 Server charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jan  2 17:11:07 Server charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Jan  2 17:11:07 Server charon: 00[CFG]   loaded IKE secret for 46.246.XXX.XXX 62.181.XXX.XXX Jan  2 17:11:07 Server charon: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters Jan  2 17:11:07 Server charon: 00[LIB] dropped capabilities, running as uid 0, gid 0 
Jan  2 17:11:07 Server charon: 00[JOB] spawning 16 worker threads
Jan  2 17:11:07 Server charon: 05[CFG] received stroke: add connection 'VPN'
Jan  2 17:11:07 Server charon: 05[CFG] conn VPN
Jan  2 17:11:07 Server charon: 05[CFG]   left=46.246.XXX.XXX
Jan  2 17:11:07 Server charon: 05[CFG]   leftsubnet=1.1.1.0/24
Jan  2 17:11:07 Server charon: 05[CFG]   leftauth=psk
Jan  2 17:11:07 Server charon: 05[CFG]   leftupdown=ipsec _updown iptables
Jan  2 17:11:07 Server charon: 05[CFG]   right=62.181.XXX.XXX
Jan  2 17:11:07 Server charon: 05[CFG]   rightsubnet=1.1.10.200/32
Jan  2 17:11:07 Server charon: 05[CFG]   rightauth=psk
Jan  2 17:11:07 Server charon: 05[CFG]   ike=aes128-sha1-modp1024
Jan  2 17:11:07 Server charon: 05[CFG]   esp=aes128-sha1
Jan  2 17:11:07 Server charon: 05[CFG]   dpddelay=30
Jan  2 17:11:07 Server charon: 05[CFG]   dpdtimeout=120
Jan  2 17:11:07 Server charon: 05[CFG]   dpdaction=3
Jan  2 17:11:07 Server charon: 05[CFG]   sha256_96=no
Jan  2 17:11:07 Server charon: 05[CFG]   mediation=no
Jan  2 17:11:07 Server charon: 05[CFG] added configuration 'VPN'
Jan  2 17:11:07 Server charon: 08[CFG] received stroke: initiate 'VPN'
Jan  2 17:11:07 Server charon: 08[IKE] initiating IKE_SA VPN[1] to 62.181.XXX.XXX Jan  2 17:11:07 Server charon: 08[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 Jan  2 17:11:07 Server charon: 08[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity Jan  2 17:11:07 Server charon: 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Jan  2 17:11:07 Server charon: 08[NET] sending packet: from 46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes) Jan  2 17:11:09 Server charon: 09[NET] received packet: from 80.72.XXX.XXX[500] to 46.246.XXX.XXX[500] (284 bytes) Jan  2 17:11:09 Server charon: 09[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V ] Jan  2 17:11:09 Server charon: 09[CFG] looking for an IKEv1 config for 46.246.XXX.XXX...80.72.XXX.XXX Jan  2 17:11:09 Server charon: 09[IKE] no IKE config found for 46.246.XXX.XXX...80.72.XXX.XXX, sending NO_PROPOSAL_CHOSEN Jan  2 17:11:09 Server charon: 09[ENC] generating INFORMATIONAL_V1 request 2752600603 [ N(NO_PROP) ] Jan  2 17:11:09 Server charon: 09[NET] sending packet: from 46.246.XXX.XXX[500] to 80.72.XXX.XXX[500] (40 bytes) Jan  2 17:11:11 Server charon: 10[IKE] retransmit 1 of request with message ID 0 Jan  2 17:11:11 Server charon: 10[NET] sending packet: from 46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes) Jan  2 17:11:18 Server charon: 12[IKE] retransmit 2 of request with message ID 0 Jan  2 17:11:18 Server charon: 12[NET] sending packet: from 46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes) Jan  2 17:11:21 Server charon: 11[NET] received packet: from 80.72.XXX.XXX[500] to 46.246.XXX.XXX[500] (284 bytes) Jan  2 17:11:21 Server charon: 11[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V ] Jan  2 17:11:21 Server charon: 11[CFG] looking for an IKEv1 config for 46.246.XXX.XXX...80.72.XXX.XXX Jan  2 17:11:21 Server charon: 11[IKE] no IKE config found for 46.246.XXX.XXX...80.72.XXX.XXX, sending NO_PROPOSAL_CHOSEN Jan  2 17:11:21 Server charon: 11[ENC] generating INFORMATIONAL_V1 request 2913320541 [ N(NO_PROP) ] Jan  2 17:11:21 Server charon: 11[NET] sending packet: from 46.246.XXX.XXX[500] to 80.72.XXX.XXX[500] (40 bytes) Jan  2 17:11:31 Server charon: 13[IKE] retransmit 3 of request with message ID 0 Jan  2 17:11:31 Server charon: 13[NET] sending packet: from 46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes) Jan  2 17:11:32 Server charon: 00[DMN] signal of type SIGINT received. Shutting down

Reply via email to