<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Folks, disregard, I found it, I need to add a patch to allow us to
    use the cert common name and allow the XAuthName to be the same for
    everyone, was a hand edit instead of a patchfile, so I missed it,
    sorry to waste your time.<br>
    <br>
    Miroslav, thanks again for your help, I have it dialed now w/ the
    logging and am close to up to speed with the code, it is really nice
    to work in, once I get the gist of it.<br>
    <br>
    andrew<br>
    <br>
    <br>
    <br>
    Miroslav,<br>
    <br>
    sorry my last response to you got blocked, but when I use
    rightsubnet this is what occurs in the logs and vpn doesn't connect,
    am I missing something?<br>
    <br>
    Apr 25 14:30:52 accel charon: 15[IKE] peer requested virtual IP %any<br>
    Apr 25 14:30:52 accel charon: 15[IKE] no virtual IP found for %any
    requested by 'IDE-B1DA-3355-4C89-BA98-A580BD513292'<br>
    <br>
    A little further further analysis and I have it working with
    uiqueids = yes, but raised more questions, that I was not readily
    able to answer by reviewing the code, but I am still coming up to
    speed on the structure of the code.<br>
    <br>
    We were using XAuthName "actmobile", I have changed it to the device
    id 'IDE-B1DA-3355-4C89-BA98-A580BD513292' and put a wildcard '*'
    into the ipsec.secrets file and it is working, thankfully we seem to
    allow a wildcard match with '*" for the secrets, though I suspect
    someone would file that as a bug.<br>
    <br>
    It appears the the ip address management may use the XAuthName as
    the id, not the Cert subject as the docs imply.<br>
    <br>
    Is that true? Is there any way to control that in the config and
    assure sessions, SAs, etc. are tracked by the cert subject name?<br>
    <br>
    Further, it appears that running version 5.0.2 it behaves better and
    in 5.3.0 the clients don't appear unique and all get the same ip
    address. I am not convinced it was quite right in 5.0.2, but does
    seem to behave differently.<br>
    <br>
    I am suspecting that to ensure positive control over this I should
    do a radius server and modify the dhcp plugin to really control the
    ip addresses, but I am hoping to procrastinate doing anything major.<br>
    <br>
    I think the question is;<br>
    <br>
    Am I doing something wrong or unusual in the config or can I control
    in the config to use the cert as the id for the clients? It feels
    like something that has the potential to bite back down the road, if
    I do something odd.<br>
    <br>
    Also, is there anywhere this part of the system is documented, that
    I coudl refer to as an assist while I review the code and understand
    what it is doing?<br>
    <br>
    thanks,<br>
    andrew<br>
    <br>
    Here is the config I am using, with a <br>
    <br>
    * : XAUTH "actmobile" in /etc/ipsec.secrets<br>
    <br>
    conn
    ios                                                                                    

    <br>
       
    keyexchange=ikev1                                                                       

    <br>
       
    #esp=null-sha1!                                                                         

    <br>
       
    authby=xauthrsasig                                                                      

    <br>
       
    xauth=server                                                                            

    <br>
       
    #left=%defaultroute                                                                     

    <br>
       
    leftsubnet=0.0.0.0/0                                                                    

                                                                       
    <br>
       
    leftupdown=/opt/actmobile/accelerator/actmobile_ipsec_updown                            

    <br>
       
    leftcert=serverCert.pem                                                                 

                                                                            

    <br>
       
    rightsourceip=172.20.0.0/16                                                          

                                                                                 

    <br>
       
    auto=add                                                                             

    <br>
       
    rekey=yes                                                                            

    <br>
       
    fragmentation=yes                                                                    

    <br>
       
    lifetime=24h                                                                         

    <br>
       
    dpddelay=0                                                                           

    <br>
       
    dpdtimeout=24h                                                                       

    <br>
        compress=yes  <br>
    <br>
    <div class="moz-cite-prefix">On 4/25/15 2:26 AM, Group Manager
      wrote:<br>
    </div>
    <blockquote
      cite="mid:59b1765a-83b3-4b0e-805f-58ddec7a657f@googlegroups.com"
      type="cite">
      <div dir="ltr">
        <div>I replied on yours same question on users list.</div>
        <div>I believe that you need to use "rightsubnet" instead of
          "rightsourceip" in your conf.</div>
        <div>M.</div>
        <div><br>
        </div>
        <div>On Saturday, April 25, 2015 at 3:04:46 AM UTC+2, Andrew
          Foss wrote:
          <blockquote class="gmail_quote" style="margin: 0;margin-left:
            0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;">It
            appears that our ip addresses are being assigned by the
            XAuthName <br>
            'actmobile', unfortunately that is not unique? <br>
            <br>
            On 4/24/15 5:28 PM, Andrew Foss wrote: <br>
            > Here's our situation; <br>
            > <br>
            > ios ipsec clients, they each have a certificate with a
            unique common <br>
            > name. <br>
            > <br>
            > I want to configure strongswan to give them a different
            ip address for <br>
            > each client/CN, regardless of what public ip address
            they may arrive <br>
            > from at the moment, it is a road warrior config. <br>
            > <br>
            > I am thinking I can write a plugin like dhcp to do it
            for sure, but <br>
            > seems like I may have something in the config that is
            wrong. I have to <br>
            > set uniqueids=no to get two clients to connect, which
            makes me think I <br>
            > am using something else for the id, other than the cert
            subject name. <br>
            > <br>
            > This error line seems to indicate the peer is referred
            to as 'actmobile' <br>
            > <br>
            > destroying duplicate IKE_SA for peer 'actmobile',
            received <br>
            > INITIAL_CONTACT <br>
            > <br>
            > in the updown scripts the PLUTO_PEER_ID does show up
            properly as <br>
            > [C=US, O=strongSwan, CN=IDE-4B53-E547-4C2A-A2B7-<wbr>78D2BA436307]


            <br>
            > <br>
            > All my clients seem to get 172.20.0.1 as their ip
            address and ipsec <br>
            > statusall shows just one SA even when I have 3 dvices
            connected. <br>
            > <br>
            > here's the config; <br>
            > <br>
            > conn ios <br>
            > keyexchange=ikev1 <br>
            > #esp=null-sha1! <br>
            > authby=xauthrsasig <br>
            > xauth=server <br>
            > #left=%defaultroute <br>
            > leftsubnet=<a moz-do-not-send="true"
              href="http://0.0.0.0/0" target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;">0.0.0.0/0</a> <br>
            > #leftsubnet=<a moz-do-not-send="true"
              href="http://10.66.0.0/16" target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.66.0.0%2F16\46sa\75D\46sntz\0751\46usg\75AFQjCNEMJumeZ0UqAnw7BMyrz8ElApXIhg';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.66.0.0%2F16\46sa\75D\46sntz\0751\46usg\75AFQjCNEMJumeZ0UqAnw7BMyrz8ElApXIhg';return


              true;">10.66.0.0/16</a> <br>
            > #leftfirewall=yes <br>
            > #lefthostaccess=yes <br>
            > leftupdown=/opt/actmobile/<wbr>accelerator/actmobile_ipsec_<wbr>updown


            <br>
            > leftcert=serverCert.pem <br>
            > #right=%any <br>
            > rightsourceip=<a moz-do-not-send="true"
              href="http://172.20.0.0/16" target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.0%2F16\46sa\75D\46sntz\0751\46usg\75AFQjCNFQdcglhwmer4JD1q58o_hJgy3ibg';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.0%2F16\46sa\75D\46sntz\0751\46usg\75AFQjCNFQdcglhwmer4JD1q58o_hJgy3ibg';return


              true;">172.20.0.0/16</a> <br>
            > #rightsourceip=<a moz-do-not-send="true"
              href="http://10.100.255.0/28" target="_blank"
              rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.100.255.0%2F28\46sa\75D\46sntz\0751\46usg\75AFQjCNHiOlcWLxoVFW9PFirg_-1XKvs26A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.100.255.0%2F28\46sa\75D\46sntz\0751\46usg\75AFQjCNHiOlcWLxoVFW9PFirg_-1XKvs26A';return


              true;">10.100.255.0/28</a> <br>
            > #rightcert=clientCert.pem <br>
            > #pfs=no <br>
            > auto=add <br>
            > rekey=yes <br>
            > fragmentation=yes <br>
            > lifetime=24h <br>
            > dpddelay=0 <br>
            > dpdtimeout=24h <br>
            >     compress=yes <br>
            > <br>
            > here's the log output of clients connecting; <br>
            > <br>
            > IKE_SA ios[6] established between 10.199.65.236[C=US,
            ST=California, <br>
            > L=New York, O=Internet Widgits Pty Ltd, OU=ActMobile, <br>
            > CN=<a moz-do-not-send="true"
              href="http://ipsec.corp.actmobile.com" target="_blank"
              rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2Fipsec.corp.actmobile.com\46sa\75D\46sntz\0751\46usg\75AFQjCNE8aXSQJ7PU3CYMVNi8JGRz7lKo5w';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2Fipsec.corp.actmobile.com\46sa\75D\46sntz\0751\46usg\75AFQjCNE8aXSQJ7PU3CYMVNi8JGRz7lKo5w';return


              true;">ipsec.corp.actmobile.com</a>, <br>
            > E=<a moz-do-not-send="true"
              href="mailto:support@actmobile.com" target="_blank"
              rel="nofollow"
              onmousedown="this.href='mailto:support@actmobile.com';return
              true;"
              onclick="this.href='mailto:support@actmobile.com';return
              true;">support@actmobile.com</a>]...50.<wbr>197.174.157[C=US,


            O=strongSwan, <br>
            > CN=IDE-4B53-E547-4C2A-A2B7-<wbr>78D2BA436307] <br>
            > Apr 25 00:12:43 accel charon: 12[IKE] IKE_SA ios[6]
            state change: <br>
            > CONNECTING => ESTABLISHED <br>
            > Apr 25 00:12:43 accel charon: 12[IKE] scheduling
            reauthentication in <br>
            > 10094s <br>
            > Apr 25 00:12:43 accel charon: 12[IKE] maximum IKE_SA
            lifetime 10634s <br>
            > Apr 25 00:12:43 accel charon: 12[IKE] activating new
            tasks <br>
            > Apr 25 00:12:43 accel charon: 12[IKE] nothing to
            initiate <br>
            > Apr 25 00:12:43 accel charon: 12[IKE] destroying
            duplicate IKE_SA for <br>
            > peer 'actmobile', received INITIAL_CONTACT <br>
            > Apr 25 00:12:43 accel charon: 12[IKE] IKE_SA ios[5]
            state change: <br>
            > ESTABLISHED => DESTROYING <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] deleting SAD
            entry with SPI <br>
            > c1648e6d  (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] deleted SAD entry
            with SPI <br>
            > c1648e6d (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] deleting SAD
            entry with SPI <br>
            > 0d133ab7  (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] deleted SAD entry
            with SPI <br>
            > 0d133ab7 (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] deleting policy <a
              moz-do-not-send="true" href="http://0.0.0.0/0"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;">0.0.0.0/0</a> === <br>
            > <a moz-do-not-send="true" href="http://172.20.0.1/32"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;">172.20.0.1/32</a> out  (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] policy still used
            by another <br>
            > CHILD_SA, not removed <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] updating policy <a
              moz-do-not-send="true" href="http://0.0.0.0/0"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;">0.0.0.0/0</a> === <br>
            > <a moz-do-not-send="true" href="http://172.20.0.1/32"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;">172.20.0.1/32</a> out  (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] deleting policy <a
              moz-do-not-send="true" href="http://172.20.0.1/32"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;">172.20.0.1/32</a> <br>
            > === <a moz-do-not-send="true" href="http://0.0.0.0/0"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;">0.0.0.0/0</a> in  (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] policy still used
            by another <br>
            > CHILD_SA, not removed <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] updating policy <a
              moz-do-not-send="true" href="http://172.20.0.1/32"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;">172.20.0.1/32</a> <br>
            > === <a moz-do-not-send="true" href="http://0.0.0.0/0"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;">0.0.0.0/0</a> in  (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] deleting policy <a
              moz-do-not-send="true" href="http://172.20.0.1/32"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;">172.20.0.1/32</a> <br>
            > === <a moz-do-not-send="true" href="http://0.0.0.0/0"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;">0.0.0.0/0</a> fwd  (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] policy still used
            by another <br>
            > CHILD_SA, not removed <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] updating policy <a
              moz-do-not-send="true" href="http://172.20.0.1/32"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;">172.20.0.1/32</a> <br>
            > === <a moz-do-not-send="true" href="http://0.0.0.0/0"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;">0.0.0.0/0</a> fwd  (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] getting a local
            address in <br>
            > traffic selector <a moz-do-not-send="true"
              href="http://0.0.0.0/0" target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;">0.0.0.0/0</a> <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] using host %any <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] using
            10.199.65.193 as nexthop <br>
            > to reach 166.170.42.208 <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] 10.199.65.236 is
            on interface eth0 <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] deleting policy <a
              moz-do-not-send="true" href="http://0.0.0.0/0"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;">0.0.0.0/0</a> === <br>
            > <a moz-do-not-send="true" href="http://172.20.0.1/32"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;">172.20.0.1/32</a> out  (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] deleting policy <a
              moz-do-not-send="true" href="http://172.20.0.1/32"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;">172.20.0.1/32</a> <br>
            > === <a moz-do-not-send="true" href="http://0.0.0.0/0"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;">0.0.0.0/0</a> in  (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] deleting policy <a
              moz-do-not-send="true" href="http://172.20.0.1/32"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.20.0.1%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHS76jkMlR-AxHuZHJc9f82hZmvVg';return


              true;">172.20.0.1/32</a> <br>
            > === <a moz-do-not-send="true" href="http://0.0.0.0/0"
              target="_blank" rel="nofollow"
              onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;"
              onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F0.0.0.0%2F0\46sa\75D\46sntz\0751\46usg\75AFQjCNETOu60a3HCyMN138-VZlWuvaAA1A';return


              true;">0.0.0.0/0</a> fwd  (mark 0/0x00000000) <br>
            > Apr 25 00:12:43 accel charon: 12[KNL] getting iface
            index for eth0 <br>
            > Apr 25 00:12:43 accel charon: 12[CFG] lease 172.20.0.1
            by 'actmobile' <br>
            > went offline <br>
            > ______________________________<wbr>_________________ <br>
            > Dev mailing list <br>
            > <a moz-do-not-send="true"
              href="mailto:Dev@lists.strongswan.org" target="_blank"
              rel="nofollow"
              onmousedown="this.href='mailto:Dev@lists.strongswan.org';return
              true;"
              onclick="this.href='mailto:Dev@lists.strongswan.org';return
              true;">Dev@lists.strongswan.org</a> <br>
            > <a moz-do-not-send="true"
              href="https://lists.strongswan.org/mailman/listinfo/dev"
              target="_blank" rel="nofollow"
              onmousedown="this.href='https://www.google.com/url?q\75https%3A%2F%2Flists.strongswan.org%2Fmailman%2Flistinfo%2Fdev\46sa\75D\46sntz\0751\46usg\75AFQjCNEpF7nDtcPxmX4p2hKudljFb7L7xg';return


              true;"
              onclick="this.href='https://www.google.com/url?q\75https%3A%2F%2Flists.strongswan.org%2Fmailman%2Flistinfo%2Fdev\46sa\75D\46sntz\0751\46usg\75AFQjCNEpF7nDtcPxmX4p2hKudljFb7L7xg';return


              true;">https://lists.strongswan.org/<wbr>mailman/listinfo/dev</a>
            <br>
            <br>
            ______________________________<wbr>_________________ <br>
            Dev mailing list <br>
            <a moz-do-not-send="true"
              href="mailto:Dev@lists.strongswan.org" target="_blank"
              rel="nofollow"
              onmousedown="this.href='mailto:Dev@lists.strongswan.org';return
              true;"
              onclick="this.href='mailto:Dev@lists.strongswan.org';return
              true;">Dev@lists.strongswan.org</a> <br>
            <a moz-do-not-send="true"
              href="https://lists.strongswan.org/mailman/listinfo/dev"
              target="_blank" rel="nofollow"
              onmousedown="this.href='https://www.google.com/url?q\75https%3A%2F%2Flists.strongswan.org%2Fmailman%2Flistinfo%2Fdev\46sa\75D\46sntz\0751\46usg\75AFQjCNEpF7nDtcPxmX4p2hKudljFb7L7xg';return


              true;"
              onclick="this.href='https://www.google.com/url?q\75https%3A%2F%2Flists.strongswan.org%2Fmailman%2Flistinfo%2Fdev\46sa\75D\46sntz\0751\46usg\75AFQjCNEpF7nDtcPxmX4p2hKudljFb7L7xg';return


              true;">https://lists.strongswan.org/<wbr>mailman/listinfo/dev</a>
            <br>
          </blockquote>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>