[strongSwan] Can anyone explain VPN oddity
Jafar Al-Gharaibeh
jafar at atcorp.com
Sat May 12 16:57:10 CEST 2018
Jody,
To narrow down the issue don't connect over WiFi. Have your iPhone on
cellular,
then restart strongSwan to start with a clean state.Try to initiate the
vpn tunnel
after that. Observe the behavior and share the logs with us.
--Jafar
On 2018-05-11 19:26, Jody Whitesides wrote:
> Thank you Jafar, so far I’ve been thru those pages already and
> actually already use those IPTABLE settings to reduce the size. So it
> must be something different. Here’s some output from the logs (18:06
> time is on wifi, email worked, website worked. 18:07 on cellular,
> email didn’t work, website didn’t load):
>
> May 11 18:06:12 jodywhitesides charon: 03[NET] received packet: from
> 67.177.12.59[500] to 138.68.251.157[500]
>
> May 11 18:06:12 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:06:12 jodywhitesides charon: 16[NET] received packet: from
> 67.177.12.59[500] to 138.68.251.157[500] (848 bytes)
> May 11 18:06:12 jodywhitesides charon: 16[ENC] parsed ID_PROT request
> 0 [ SA V V V V V V V V V V V V V V ]
> May 11 18:06:12 jodywhitesides charon: 16[CFG] looking for an ike
> config for 138.68.251.157...67.177.12.59
> May 11 18:06:12 jodywhitesides charon: 16[CFG] candidate:
> %any,0.0.0.0/0,::/0...%any,0.0.0.0/0,::/0, prio 28
> May 11 18:06:12 jodywhitesides charon: 16[CFG] found matching ike
> config: %any,0.0.0.0/0,::/0...%any,0.0.0.0/0,::/0 with prio 28
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received NAT-T (RFC
> 3947) vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received
> draft-ietf-ipsec-nat-t-ike vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received
> draft-ietf-ipsec-nat-t-ike-08 vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received
> draft-ietf-ipsec-nat-t-ike-07 vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received
> draft-ietf-ipsec-nat-t-ike-06 vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received
> draft-ietf-ipsec-nat-t-ike-05 vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received
> draft-ietf-ipsec-nat-t-ike-04 vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received
> draft-ietf-ipsec-nat-t-ike-03 vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received
> draft-ietf-ipsec-nat-t-ike-02 vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received
> draft-ietf-ipsec-nat-t-ike-02\n vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received XAuth vendor
> ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received Cisco Unity
> vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received FRAGMENTATION
> vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] received DPD vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] 67.177.12.59 is
> initiating a Main Mode IKE_SA
> May 11 18:06:12 jodywhitesides charon: 16[IKE] IKE_SA (unnamed)[2]
> state change: CREATED => CONNECTING
> May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
> May 11 18:06:12 jodywhitesides charon: 16[CFG] no acceptable
> PSEUDO_RANDOM_FUNCTION found
> May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
> May 11 18:06:12 jodywhitesides charon: 16[CFG] no acceptable
> DIFFIE_HELLMAN_GROUP found
> May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
> May 11 18:06:12 jodywhitesides charon: 16[CFG] no acceptable
> PSEUDO_RANDOM_FUNCTION found
> May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
> May 11 18:06:12 jodywhitesides charon: 16[CFG] no acceptable
> PSEUDO_RANDOM_FUNCTION found
> May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
> May 11 18:06:12 jodywhitesides charon: 16[CFG] no acceptable
> PSEUDO_RANDOM_FUNCTION found
> May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
> May 11 18:06:12 jodywhitesides charon: 16[CFG] no acceptable
> DIFFIE_HELLMAN_GROUP found
> May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
> May 11 18:06:12 jodywhitesides charon: 16[CFG] no acceptable
> PSEUDO_RANDOM_FUNCTION found
> May 11 18:06:12 jodywhitesides charon: 16[CFG] selecting proposal:
> May 11 18:06:12 jodywhitesides charon: 16[CFG] proposal matches
> May 11 18:06:12 jodywhitesides charon: 16[CFG] received proposals:
> IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
> IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:A$
> May 11 18:06:12 jodywhitesides charon: 16[CFG] configured proposals:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> May 11 18:06:12 jodywhitesides charon: 16[CFG] selected proposal:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> May 11 18:06:12 jodywhitesides charon: 16[IKE] sending XAuth vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] sending DPD vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] sending FRAGMENTATION
> vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[IKE] sending NAT-T (RFC
> 3947) vendor ID
> May 11 18:06:12 jodywhitesides charon: 16[ENC] generating ID_PROT
> response 0 [ SA V V V V ]
> May 11 18:06:12 jodywhitesides charon: 16[NET] sending packet: from
> 138.68.251.157[500] to 67.177.12.59[500] (160 bytes)
> May 11 18:06:12 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[500] to 67.177.12.59[500]
> May 11 18:06:12 jodywhitesides charon: 03[NET] received packet: from
> 67.177.12.59[500] to 138.68.251.157[500]
> May 11 18:06:12 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:06:12 jodywhitesides charon: 06[NET] received packet: from
> 67.177.12.59[500] to 138.68.251.157[500] (228 bytes)
> May 11 18:06:12 jodywhitesides charon: 06[ENC] parsed ID_PROT request
> 0 [ KE No NAT-D NAT-D ]
> May 11 18:06:12 jodywhitesides charon: 06[IKE] remote host is behind
> NAT
>
> May 11 18:06:12 jodywhitesides charon: 06[IKE] sending cert request
> for "C=US, O=JW Server VPN, CN=138.68.251.157 Root CA"
> May 11 18:06:12 jodywhitesides charon: 06[ENC] generating ID_PROT
> response 0 [ KE No CERTREQ NAT-D NAT-D ]
> May 11 18:06:12 jodywhitesides charon: 06[NET] sending packet: from
> 138.68.251.157[500] to 67.177.12.59[500] (321 bytes)
> May 11 18:06:12 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[500] to 67.177.12.59[500]
> May 11 18:06:12 jodywhitesides charon: 03[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500]
> May 11 18:06:12 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:06:12 jodywhitesides charon: 08[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500] (1280 bytes)
> May 11 18:06:12 jodywhitesides charon: 08[ENC] parsed ID_PROT request
> 0 [ FRAG(1) ]
> May 11 18:06:12 jodywhitesides charon: 08[ENC] received fragment #1,
> waiting for complete IKE message
> May 11 18:06:12 jodywhitesides charon: 03[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500]
> May 11 18:06:12 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:06:12 jodywhitesides charon: 05[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500] (804 bytes)
> May 11 18:06:12 jodywhitesides charon: 05[ENC] parsed ID_PROT request
> 0 [ FRAG(2/2) ]
> May 11 18:06:12 jodywhitesides charon: 05[ENC] received fragment #2,
> reassembling fragmented IKE message
> May 11 18:06:12 jodywhitesides charon: 05[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500] (2012 bytes)
> May 11 18:06:12 jodywhitesides charon: 05[ENC] parsed ID_PROT request
> 0 [ ID CERT SIG CERTREQ N(INITIAL_CONTACT) ]
> May 11 18:06:12 jodywhitesides charon: 05[IKE] ignoring certificate
> request without data
> May 11 18:06:12 jodywhitesides charon: 05[IKE] received end entity
> cert "C=US, O=JW Server VPN, CN=138.68.251.157"
> May 11 18:06:12 jodywhitesides charon: 05[CFG] looking for
> XAuthInitRSA peer configs matching 138.68.251.157...67.177.12.59[C=US,
> O=JW Server VPN, CN=138.68.251.157]
> May 11 18:06:12 jodywhitesides charon: 05[CFG] candidate "ios",
> match: 1/20/28 (me/other/ike)
> May 11 18:06:12 jodywhitesides charon: 05[CFG] selected peer config
> "ios"
> May 11 18:06:12 jodywhitesides charon: 05[CFG] certificate "C=US,
> O=JW Server VPN, CN=138.68.251.157" key: 4096 bit RSA
> May 11 18:06:12 jodywhitesides charon: 05[CFG] using trusted ca
> certificate "C=US, O=JW Server VPN, CN=138.68.251.157 Root CA"
> May 11 18:06:13 jodywhitesides charon: 05[CFG] checking certificate
> status of "C=US, O=JW Server VPN, CN=138.68.251.157"
> May 11 18:06:13 jodywhitesides charon: 05[CFG] ocsp check skipped, no
> ocsp found
> May 11 18:06:13 jodywhitesides charon: 05[CFG] certificate status is
> not available
> May 11 18:06:13 jodywhitesides charon: 05[CFG] certificate "C=US,
> O=JW Server VPN, CN=138.68.251.157 Root CA" key: 4096 bit RSA
> May 11 18:06:13 jodywhitesides charon: 05[CFG] reached self-signed
> root ca with a path length of 0
> May 11 18:06:13 jodywhitesides charon: 05[CFG] using trusted
> certificate "C=US, O=JW Server VPN, CN=138.68.251.157"
> May 11 18:06:13 jodywhitesides charon: 05[IKE] authentication of
> 'C=US, O=JW Server VPN, CN=138.68.251.157' with RSA_EMSA_PKCS1_NULL
> successful
> May 11 18:06:13 jodywhitesides charon: 05[IKE] authentication of
> '138.68.251.157' (myself) successful
> May 11 18:06:13 jodywhitesides charon: 05[IKE] queueing XAUTH task
> May 11 18:06:13 jodywhitesides charon: 05[IKE] sending end entity cert
> "C=US, O=JW Server VPN, CN=138.68.251.157"
> May 11 18:06:13 jodywhitesides charon: 05[ENC] generating ID_PROT
> response 0 [ ID CERT SIG ]
> May 11 18:06:13 jodywhitesides charon: 05[ENC] splitting IKE message
> with length of 1948 bytes into 2 fragments
> May 11 18:06:13 jodywhitesides charon: 05[ENC] generating ID_PROT
> response 0 [ FRAG(1) ]
> May 11 18:06:13 jodywhitesides charon: 05[ENC] generating ID_PROT
> response 0 [ FRAG(2/2) ]
> May 11 18:06:13 jodywhitesides charon: 05[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350] (1248 bytes)
> May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350]
> May 11 18:06:13 jodywhitesides charon: 05[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350] (772 bytes)
> May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350]
> May 11 18:06:13 jodywhitesides charon: 05[IKE] activating new tasks
> May 11 18:06:13 jodywhitesides charon: 05[IKE] activating XAUTH task
> May 11 18:06:13 jodywhitesides charon: 05[ENC] generating TRANSACTION
> request 420309242 [ HASH CPRQ(X_USER X_PWD) ]
> May 11 18:06:13 jodywhitesides charon: 05[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350] (76 bytes)
> May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350]
> May 11 18:06:13 jodywhitesides charon: 03[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500]
> May 11 18:06:13 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:06:13 jodywhitesides charon: 09[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500] (108 bytes)
> May 11 18:06:13 jodywhitesides charon: 09[ENC] parsed TRANSACTION
> response 420309242 [ HASH CPRP(X_USER X_PWD) ]
> May 11 18:06:13 jodywhitesides charon: 09[IKE] XAuth authentication of
> 'JodyiPhone' successful
> May 11 18:06:13 jodywhitesides charon: 09[IKE] reinitiating already
> active tasks
> May 11 18:06:13 jodywhitesides charon: 09[IKE] XAUTH task
>
> May 11 18:06:13 jodywhitesides charon: 09[ENC] generating TRANSACTION
> request 2511328619 [ HASH CPS(X_STATUS) ]
> May 11 18:06:13 jodywhitesides charon: 09[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350] (76 bytes)
> May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350]
> May 11 18:06:13 jodywhitesides charon: 03[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500]
> May 11 18:06:13 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:06:13 jodywhitesides charon: 03[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500]
> May 11 18:06:13 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:06:13 jodywhitesides charon: 10[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500] (76 bytes)
> May 11 18:06:13 jodywhitesides charon: 10[ENC] parsed TRANSACTION
> response 2511328619 [ HASH CPA(X_STATUS) ]
> May 11 18:06:13 jodywhitesides charon: 10[IKE] IKE_SA ios[2]
> established between
> 138.68.251.157[138.68.251.157]...67.177.12.59[C=US, O=JW Server VPN,
> CN=138.68.251.157]
> May 11 18:06:13 jodywhitesides charon: 10[IKE] IKE_SA ios[2] state
> change: CONNECTING => ESTABLISHED
> May 11 18:06:13 jodywhitesides charon: 10[IKE] scheduling
> reauthentication in 2931s
> May 11 18:06:13 jodywhitesides charon: 10[IKE] maximum IKE_SA lifetime
> 3471s
> May 11 18:06:13 jodywhitesides charon: 10[IKE] activating new tasks
> May 11 18:06:13 jodywhitesides charon: 10[IKE] nothing to initiate
> May 11 18:06:13 jodywhitesides charon: 10[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500] (172 bytes)
> May 11 18:06:13 jodywhitesides charon: 10[ENC] unknown attribute type
> (28683)
> May 11 18:06:13 jodywhitesides charon: 10[ENC] parsed TRANSACTION
> request 4034003366 [ HASH CPRQ(ADDR MASK DNS NBNS EXP VER U_BANNER
> U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN U_PFS U_SAVEPWD U_FWTYPE
> U_BKPSRV (28683)) ]
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> INTERNAL_IP4_ADDRESS attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> INTERNAL_IP4_NETMASK attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> INTERNAL_IP4_DNS attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> INTERNAL_IP4_NBNS attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> INTERNAL_ADDRESS_EXPIRY attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> APPLICATION_VERSION attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing UNITY_BANNER
> attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> UNITY_DEF_DOMAIN attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> UNITY_SPLITDNS_NAME attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> UNITY_SPLIT_INCLUDE attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> UNITY_LOCAL_LAN attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing UNITY_PFS
> attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> UNITY_SAVE_PASSWD attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> UNITY_FW_TYPE attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing
> UNITY_BACKUP_SERVERS attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] processing (28683)
> attribute
> May 11 18:06:13 jodywhitesides charon: 10[IKE] peer requested virtual
> IP %any
> May 11 18:06:13 jodywhitesides charon: 10[CFG] reassigning offline
> lease to 'JodyiPhone'
> May 11 18:06:13 jodywhitesides charon: 10[IKE] assigning virtual IP
> 10.10.10.2 to peer 'JodyiPhone'
> May 11 18:06:13 jodywhitesides charon: 10[ENC] generating TRANSACTION
> response 4034003366 [ HASH CPRP(ADDR DNS DNS DNS DNS DNS DNS6 DNS6) ]
> May 11 18:06:13 jodywhitesides charon: 10[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350] (156 bytes)
> May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350]
> May 11 18:06:13 jodywhitesides charon: 03[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500]
> May 11 18:06:13 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:06:13 jodywhitesides charon: 15[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500] (300 bytes)
> May 11 18:06:13 jodywhitesides charon: 15[ENC] parsed QUICK_MODE
> request 758508161 [ HASH SA No ID ID ]
> May 11 18:06:13 jodywhitesides charon: 15[CFG] looking for a child
> config for 0.0.0.0/0 === 10.10.10.2/32
> May 11 18:06:13 jodywhitesides charon: 15[CFG] proposing traffic
> selectors for us:
> May 11 18:06:13 jodywhitesides charon: 15[CFG] 0.0.0.0/0
> May 11 18:06:13 jodywhitesides charon: 15[CFG] ::/0
> May 11 18:06:13 jodywhitesides charon: 15[CFG] proposing traffic
> selectors for other:
> May 11 18:06:13 jodywhitesides charon: 15[CFG] 10.10.10.2/32
> May 11 18:06:13 jodywhitesides charon: 15[CFG] candidate "ios" with
> prio 5+5
> May 11 18:06:13 jodywhitesides charon: 15[CFG] found matching child
> config "ios" with prio 10
> May 11 18:06:13 jodywhitesides charon: 15[CFG] selecting traffic
> selectors for other:
> May 11 18:06:13 jodywhitesides charon: 15[CFG] config: 10.10.10.2/32,
> received: 10.10.10.2/32 => match: 10.10.10.2/32
> May 11 18:06:13 jodywhitesides charon: 15[CFG] selecting traffic
> selectors for us:
> May 11 18:06:13 jodywhitesides charon: 15[CFG] config: 0.0.0.0/0,
> received: 0.0.0.0/0 => match: 0.0.0.0/0
> May 11 18:06:13 jodywhitesides charon: 15[CFG] config: ::/0,
> received: 0.0.0.0/0 => no match
> May 11 18:06:13 jodywhitesides charon: 15[CFG] selecting proposal:
> May 11 18:06:13 jodywhitesides charon: 15[CFG] proposal matches
> May 11 18:06:13 jodywhitesides charon: 15[CFG] received proposals:
> ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ,
> ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ, ESP:3DES_CBC$
> May 11 18:06:13 jodywhitesides charon: 15[CFG] configured proposals:
> ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
> May 11 18:06:13 jodywhitesides charon: 15[CFG] selected proposal:
> ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
> May 11 18:06:13 jodywhitesides charon: 15[ENC] generating QUICK_MODE
> response 758508161 [ HASH SA No ID ID ]
> May 11 18:06:13 jodywhitesides charon: 15[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350] (172 bytes)
> May 11 18:06:13 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 67.177.12.59[39350]
> May 11 18:06:13 jodywhitesides kernel: [80847.650748] audit: type=1400
> audit(1526083573.226:1033): apparmor="DENIED" operation="open"
> profile="/usr/lib/ipsec/charon" name="/proc/6996/fd/" pid=6996
> comm="charon" requested_mask="r" denied_mask$
> May 11 18:06:13 jodywhitesides charon: 03[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500]
> May 11 18:06:13 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:06:13 jodywhitesides charon: 11[NET] received packet: from
> 67.177.12.59[39350] to 138.68.251.157[4500] (60 bytes)
> May 11 18:06:13 jodywhitesides charon: 11[ENC] parsed QUICK_MODE
> request 758508161 [ HASH ]
> May 11 18:06:13 jodywhitesides charon: 11[IKE] CHILD_SA ios{2}
> established with SPIs c3cca129_i 0ca16f85_o and TS 0.0.0.0/0 ===
> 10.10.10.2/32
> May 11 18:06:13 jodywhitesides vpn: + C=US, O=JW Server VPN,
> CN=138.68.251.157 10.10.10.2/32 == 67.177.12.59 -- 138.68.251.157 ==
> 0.0.0.0/0
> May 11 18:06:19 jodywhitesides dovecot: imap-login: Login:
> user=<singleoftheday>, method=PLAIN, rip=67.177.12.59,
> lip=138.68.251.157, mpid=7013, TLS, session=<nhykBfdroLxDsQw7>
> May 11 18:06:19 jodywhitesides dovecot: imap-login: Login:
> user=<dancindeeraudio>, method=PLAIN, rip=67.177.12.59,
> lip=138.68.251.157, mpid=7014, TLS, session=<ewmkBfdrj7hDsQw7>
> May 11 18:06:19 jodywhitesides dovecot: imap-login: Login:
> user=<onrecords>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
> mpid=7015, TLS, session=<Dg2kBfdr36xDsQw7>
> May 11 18:06:19 jodywhitesides dovecot: imap-login: Login:
> user=<musicteam>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
> mpid=7016, TLS, session=<irWkBfdrXJ9DsQw7>
> May 11 18:06:19 jodywhitesides dovecot: imap-login: Login:
> user=<jody>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
> mpid=7017, TLS, session=<GbakBfdr069DsQw7>
> May 11 18:06:19 jodywhitesides dovecot: imap(singleoftheday): Logged
> out in=38 out=489
> May 11 18:06:19 jodywhitesides dovecot: imap(dancindeeraudio): Logged
> out in=38 out=489
> May 11 18:06:19 jodywhitesides dovecot: imap(onrecords): Logged out
> in=38 out=489
> May 11 18:06:19 jodywhitesides dovecot: imap(musicteam): Logged out
> in=38 out=489
> May 11 18:06:19 jodywhitesides dovecot: imap(jody): Logged out in=38
> out=489
> May 11 18:06:20 jodywhitesides dovecot: imap-login: Login:
> user=<musicteam>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
> mpid=7021, TLS, session=<HZKyBfdr36NDsQw7>
> May 11 18:06:20 jodywhitesides dovecot: imap-login: Login:
> user=<dancindeeraudio>, method=PLAIN, rip=67.177.12.59,
> lip=138.68.251.157, mpid=7022, TLS, session=<Z4ayBfdr/6RDsQw7>
> May 11 18:06:20 jodywhitesides dovecot: imap-login: Login:
> user=<jody>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
> mpid=7023, TLS, session=<fLOyBfdrZa5DsQw7>
> May 11 18:06:23 jodywhitesides dovecot: imap-login: Login:
> user=<dancindeeraudio>, method=PLAIN, rip=67.177.12.59,
> lip=138.68.251.157, mpid=7025, TLS, session=<Gg3gBfdrKLBDsQw7>
> May 11 18:06:23 jodywhitesides dovecot: imap-login: Login:
> user=<jody>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
> mpid=7027, TLS, session=<AkzrBfdrCJNDsQw7>
> May 11 18:06:24 jodywhitesides dovecot: imap-login: Login:
> user=<jody>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
> mpid=7029, TLS, session=<Or32Bfdrp5JDsQw7>
> May 11 18:06:24 jodywhitesides dovecot: imap(jody): Logged out in=175
> out=2492
> May 11 18:06:27 jodywhitesides dovecot: imap-login: Login:
> user=<musicteam>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
> mpid=7031, TLS, session=<FsgeBvdrEqpDsQw7>
> May 11 18:06:59 jodywhitesides smtpd[4612]: 0493341bb221d75f smtp
> event=closed reason=quit
> May 11 18:07:00 jodywhitesides smtpd[4612]: 0493342f6be42ad9 mta
> event=error reason=Connection timeout
> May 11 18:07:00 jodywhitesides smtpd[4612]: smtp-out: Disabling route
> [] <-> IPv6:2607:f8b0:400e:c06::1a (pj-in-x1a.1e100.net [1]) for 15s
> May 11 18:07:13 jodywhitesides kernel: [80908.130642] [UFW BLOCK]
> IN=eth0 OUT= MAC=42:61:97:8f:73:ac:30:7c:5e:93:1c:70:08:00
> SRC=172.58.38.179 DST=138.68.251.157 LEN=876 TOS=0x00 PREC=0x00
> TTL=241 ID=0 DF PROTO=UDP SPT=35828 DPT=500 LEN=856
> May 11 18:07:13 jodywhitesides charon: 03[NET] received packet: from
> 172.58.38.179[35828] to 138.68.251.157[500]
> May 11 18:07:13 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:07:13 jodywhitesides charon: 05[NET] received packet: from
> 172.58.38.179[35828] to 138.68.251.157[500] (848 bytes)
> May 11 18:07:13 jodywhitesides charon: 05[ENC] parsed ID_PROT request
> 0 [ SA V V V V V V V V V V V V V V ]
> May 11 18:07:13 jodywhitesides charon: 05[CFG] looking for an ike
> config for 138.68.251.157...172.58.38.179
> May 11 18:07:13 jodywhitesides charon: 05[CFG] candidate:
> %any,0.0.0.0/0,::/0...%any,0.0.0.0/0,::/0, prio 28
> May 11 18:07:13 jodywhitesides charon: 05[CFG] found matching ike
> config: %any,0.0.0.0/0,::/0...%any,0.0.0.0/0,::/0 with prio 28
> May 11 18:07:13 jodywhitesides charon: 05[IKE] received NAT-T (RFC
> 3947) vendor ID
> May 11 18:07:13 jodywhitesides charon: 05[IKE] received
> draft-ietf-ipsec-nat-t-ike vendor ID
> May 11 18:07:13 jodywhitesides charon: 05[IKE] received
> draft-ietf-ipsec-nat-t-ike-08 vendor ID
>
> May 11 18:07:13 jodywhitesides charon: 05[IKE] received XAuth vendor
> ID
> May 11 18:07:13 jodywhitesides charon: 05[IKE] received Cisco Unity
> vendor ID
> May 11 18:07:13 jodywhitesides charon: 05[IKE] received FRAGMENTATION
> vendor ID
> May 11 18:07:13 jodywhitesides charon: 05[IKE] received DPD vendor ID
> May 11 18:07:13 jodywhitesides charon: 05[IKE] 172.58.38.179 is
> initiating a Main Mode IKE_SA
> May 11 18:07:13 jodywhitesides charon: 05[IKE] IKE_SA (unnamed)[3]
> state change: CREATED => CONNECTING
> May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
> May 11 18:07:13 jodywhitesides charon: 05[CFG] no acceptable
> PSEUDO_RANDOM_FUNCTION found
> May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
> May 11 18:07:13 jodywhitesides charon: 05[CFG] no acceptable
> DIFFIE_HELLMAN_GROUP found
> May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
> May 11 18:07:13 jodywhitesides charon: 05[CFG] no acceptable
> PSEUDO_RANDOM_FUNCTION found
> May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
> May 11 18:07:13 jodywhitesides charon: 05[CFG] no acceptable
> PSEUDO_RANDOM_FUNCTION found
> May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
> May 11 18:07:13 jodywhitesides charon: 05[CFG] no acceptable
> PSEUDO_RANDOM_FUNCTION found
> May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
> May 11 18:07:13 jodywhitesides charon: 05[CFG] no acceptable
> DIFFIE_HELLMAN_GROUP found
> May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
> May 11 18:07:13 jodywhitesides charon: 05[CFG] no acceptable
> PSEUDO_RANDOM_FUNCTION found
> May 11 18:07:13 jodywhitesides charon: 05[CFG] selecting proposal:
> May 11 18:07:13 jodywhitesides charon: 05[CFG] proposal matches
> May 11 18:07:13 jodywhitesides charon: 05[CFG] received proposals:
> IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
> IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:A$
> May 11 18:07:13 jodywhitesides charon: 05[CFG] configured proposals:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> May 11 18:07:13 jodywhitesides charon: 05[CFG] selected proposal:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> May 11 18:07:13 jodywhitesides charon: 05[IKE] sending XAuth vendor ID
> May 11 18:07:13 jodywhitesides charon: 05[IKE] sending DPD vendor ID
> May 11 18:07:13 jodywhitesides charon: 05[IKE] sending FRAGMENTATION
> vendor ID
> May 11 18:07:13 jodywhitesides charon: 05[IKE] sending NAT-T (RFC
> 3947) vendor ID
> May 11 18:07:13 jodywhitesides charon: 05[ENC] generating ID_PROT
> response 0 [ SA V V V V ]
> May 11 18:07:13 jodywhitesides charon: 05[NET] sending packet: from
> 138.68.251.157[500] to 172.58.38.179[35828] (160 bytes)
> May 11 18:07:13 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[500] to 172.58.38.179[35828]
> May 11 18:07:13 jodywhitesides charon: 03[NET] received packet: from
> 172.58.38.179[35828] to 138.68.251.157[500]
> May 11 18:07:13 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:07:13 jodywhitesides charon: 09[NET] received packet: from
> 172.58.38.179[35828] to 138.68.251.157[500] (228 bytes)
> May 11 18:07:13 jodywhitesides charon: 09[ENC] parsed ID_PROT request
> 0 [ KE No NAT-D NAT-D ]
> May 11 18:07:13 jodywhitesides charon: 09[IKE] local host is behind
> NAT, sending keep alives
> May 11 18:07:13 jodywhitesides charon: 09[IKE] remote host is behind
> NAT
> May 11 18:07:13 jodywhitesides charon: 09[IKE] sending cert request
> for "C=US, O=JW Server VPN, CN=138.68.251.157 Root CA"
> May 11 18:07:13 jodywhitesides charon: 09[ENC] generating ID_PROT
> response 0 [ KE No CERTREQ NAT-D NAT-D ]
> May 11 18:07:13 jodywhitesides charon: 09[NET] sending packet: from
> 138.68.251.157[500] to 172.58.38.179[35828] (321 bytes)
> May 11 18:07:13 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[500] to 172.58.38.179[35828]
> May 11 18:07:14 jodywhitesides kernel: [80908.690917] [UFW BLOCK]
> IN=eth0 OUT= MAC=42:61:97:8f:73:ac:30:7c:5e:91:9c:30:08:00
> SRC=172.58.38.179 DST=138.68.251.157 LEN=1312 TOS=0x00 PREC=0x00
> TTL=241 ID=0 DF PROTO=UDP SPT=47188 DPT=4500 LEN=12$
> May 11 18:07:14 jodywhitesides kernel: [80908.692123] [UFW BLOCK]
> IN=eth0 OUT= MAC=42:61:97:8f:73:ac:30:7c:5e:91:9c:30:08:00
> SRC=172.58.38.179 DST=138.68.251.157 LEN=836 TOS=0x00 PREC=0x00 TTL=54
> ID=0 PROTO=UDP SPT=47188 DPT=4500 LEN=816
> May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500]
> May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:07:14 jodywhitesides charon: 10[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500] (1280 bytes)
> May 11 18:07:14 jodywhitesides charon: 10[ENC] parsed ID_PROT request
> 0 [ FRAG(1) ]
> May 11 18:07:14 jodywhitesides charon: 10[ENC] received fragment #1,
> waiting for complete IKE message
> May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500]
> May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:07:14 jodywhitesides charon: 13[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500] (804 bytes)
> May 11 18:07:14 jodywhitesides charon: 13[ENC] parsed ID_PROT request
> 0 [ FRAG(2/2) ]
> May 11 18:07:14 jodywhitesides charon: 13[ENC] received fragment #2,
> reassembling fragmented IKE message
> May 11 18:07:14 jodywhitesides charon: 13[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500] (2012 bytes)
> May 11 18:07:14 jodywhitesides charon: 13[ENC] parsed ID_PROT request
> 0 [ ID CERT SIG CERTREQ N(INITIAL_CONTACT) ]
> May 11 18:07:14 jodywhitesides charon: 13[IKE] ignoring certificate
> request without data
> May 11 18:07:14 jodywhitesides charon: 13[IKE] received end entity
> cert "C=US, O=JW Server VPN, CN=138.68.251.157"
> May 11 18:07:14 jodywhitesides charon: 13[CFG] looking for
> XAuthInitRSA peer configs matching
> 138.68.251.157...172.58.38.179[C=US, O=JW Server VPN,
> CN=138.68.251.157]
> May 11 18:07:14 jodywhitesides charon: 13[CFG] candidate "ios",
> match: 1/20/28 (me/other/ike)
> May 11 18:07:14 jodywhitesides charon: 13[CFG] selected peer config
> "ios"
> May 11 18:07:14 jodywhitesides charon: 13[CFG] certificate "C=US,
> O=JW Server VPN, CN=138.68.251.157" key: 4096 bit RSA
> May 11 18:07:14 jodywhitesides charon: 13[CFG] using trusted ca
> certificate "C=US, O=JW Server VPN, CN=138.68.251.157 Root CA"
> May 11 18:07:14 jodywhitesides charon: 13[CFG] checking certificate
> status of "C=US, O=JW Server VPN, CN=138.68.251.157"
> May 11 18:07:14 jodywhitesides charon: 13[CFG] ocsp check skipped, no
> ocsp found
> May 11 18:07:14 jodywhitesides charon: 13[CFG] certificate status is
> not available
> May 11 18:07:14 jodywhitesides charon: 13[CFG] certificate "C=US,
> O=JW Server VPN, CN=138.68.251.157 Root CA" key: 4096 bit RSA
> May 11 18:07:14 jodywhitesides charon: 13[CFG] reached self-signed
> root ca with a path length of 0
> May 11 18:07:14 jodywhitesides charon: 13[CFG] using trusted
> certificate "C=US, O=JW Server VPN, CN=138.68.251.157"
> May 11 18:07:14 jodywhitesides charon: 13[IKE] authentication of
> 'C=US, O=JW Server VPN, CN=138.68.251.157' with RSA_EMSA_PKCS1_NULL
> successful
> May 11 18:07:14 jodywhitesides charon: 13[IKE] authentication of
> '138.68.251.157' (myself) successful
> May 11 18:07:14 jodywhitesides charon: 13[IKE] queueing XAUTH task
> May 11 18:07:14 jodywhitesides charon: 13[IKE] sending end entity cert
> "C=US, O=JW Server VPN, CN=138.68.251.157"
> May 11 18:07:14 jodywhitesides charon: 13[ENC] generating ID_PROT
> response 0 [ ID CERT SIG ]
> May 11 18:07:14 jodywhitesides charon: 13[ENC] splitting IKE message
> with length of 1948 bytes into 2 fragments
> May 11 18:07:14 jodywhitesides charon: 13[ENC] generating ID_PROT
> response 0 [ FRAG(1) ]
> May 11 18:07:14 jodywhitesides charon: 13[ENC] generating ID_PROT
> response 0 [ FRAG(2/2) ]
> May 11 18:07:14 jodywhitesides charon: 13[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188] (1248 bytes)
> May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188]
> May 11 18:07:14 jodywhitesides charon: 13[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188] (772 bytes)
> May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188]
> May 11 18:07:14 jodywhitesides charon: 13[IKE] activating new tasks
> May 11 18:07:14 jodywhitesides charon: 13[IKE] activating XAUTH task
> May 11 18:07:14 jodywhitesides charon: 13[ENC] generating TRANSACTION
> request 2660659739 [ HASH CPRQ(X_USER X_PWD) ]
> May 11 18:07:14 jodywhitesides charon: 13[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188] (76 bytes)
> May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188]
> May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500]
> May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:07:14 jodywhitesides charon: 15[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500] (108 bytes)
> May 11 18:07:14 jodywhitesides charon: 15[ENC] parsed TRANSACTION
> response 2660659739 [ HASH CPRP(X_USER X_PWD) ]
> May 11 18:07:14 jodywhitesides charon: 15[IKE] XAuth authentication of
> 'JodyiPhone' successful
> May 11 18:07:14 jodywhitesides charon: 15[IKE] reinitiating already
> active tasks
> May 11 18:07:14 jodywhitesides charon: 15[IKE] XAUTH task
> May 11 18:07:14 jodywhitesides charon: 15[ENC] generating TRANSACTION
> request 867263320 [ HASH CPS(X_STATUS) ]
> May 11 18:07:14 jodywhitesides charon: 15[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188] (76 bytes)
> May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188]
> May 11 18:07:14 jodywhitesides kernel: [80908.978366] audit: type=1400
> audit(1526083634.554:1034): apparmor="DENIED" operation="open"
> profile="/usr/lib/ipsec/charon" name="/proc/7035/fd/" pid=7035
> comm="charon" requested_mask="r" denied_mask$
> May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500]
> May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
> sockets
>
> May 11 18:07:14 jodywhitesides vpn: - C=US, O=JW Server VPN,
> CN=138.68.251.157 10.10.10.2/32 == 67.177.12.59 -- 138.68.251.157 ==
> 0.0.0.0/0
> May 11 18:07:14 jodywhitesides charon: 14[IKE] IKE_SA ios[2] state
> change: ESTABLISHED => DESTROYING
> May 11 18:07:14 jodywhitesides charon: 14[CFG] lease 10.10.10.2 by
> 'JodyiPhone' went offline
> May 11 18:07:14 jodywhitesides charon: 16[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500] (140 bytes)
> May 11 18:07:14 jodywhitesides charon: 16[ENC] unknown attribute type
> (28683)
> May 11 18:07:14 jodywhitesides charon: 16[ENC] parsed TRANSACTION
> request 739233501 [ HASH CPRQ(ADDR MASK DNS NBNS EXP VER U_BANNER
> U_DEFDOM U_SPLITDNS U_SPLITINC U_LOCALLAN U_PFS U_SAVEPWD U_FWTYPE
> U_BKPSRV (28683)) ]
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> INTERNAL_IP4_ADDRESS attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> INTERNAL_IP4_NETMASK attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> INTERNAL_IP4_DNS attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> INTERNAL_IP4_NBNS attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> INTERNAL_ADDRESS_EXPIRY attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> APPLICATION_VERSION attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing UNITY_BANNER
> attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> UNITY_DEF_DOMAIN attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> UNITY_SPLITDNS_NAME attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> UNITY_SPLIT_INCLUDE attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> UNITY_LOCAL_LAN attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing UNITY_PFS
> attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> UNITY_SAVE_PASSWD attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> UNITY_FW_TYPE attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing
> UNITY_BACKUP_SERVERS attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] processing (28683)
> attribute
> May 11 18:07:14 jodywhitesides charon: 16[IKE] peer requested virtual
> IP %any
> May 11 18:07:14 jodywhitesides charon: 16[CFG] reassigning offline
> lease to 'JodyiPhone'
> May 11 18:07:14 jodywhitesides charon: 16[IKE] assigning virtual IP
> 10.10.10.2 to peer 'JodyiPhone'
> May 11 18:07:14 jodywhitesides charon: 16[ENC] generating TRANSACTION
> response 739233501 [ HASH CPRP(ADDR DNS DNS DNS DNS DNS DNS6 DNS6) ]
> May 11 18:07:14 jodywhitesides charon: 16[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188] (156 bytes)
> May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188]
> May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500]
> May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:07:14 jodywhitesides charon: 08[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500] (300 bytes)
> May 11 18:07:14 jodywhitesides charon: 08[ENC] parsed QUICK_MODE
> request 547495620 [ HASH SA No ID ID ]
> May 11 18:07:14 jodywhitesides charon: 08[CFG] looking for a child
> config for 0.0.0.0/0 === 10.10.10.2/32
> May 11 18:07:14 jodywhitesides charon: 08[CFG] proposing traffic
> selectors for us:
> May 11 18:07:14 jodywhitesides charon: 08[CFG] 0.0.0.0/0
> May 11 18:07:14 jodywhitesides charon: 08[CFG] ::/0
> May 11 18:07:14 jodywhitesides charon: 08[CFG] proposing traffic
> selectors for other:
> May 11 18:07:14 jodywhitesides charon: 08[CFG] 10.10.10.2/32
> May 11 18:07:14 jodywhitesides charon: 08[CFG] candidate "ios" with
> prio 5+5
> May 11 18:07:14 jodywhitesides charon: 08[CFG] found matching child
> config "ios" with prio 10
> May 11 18:07:14 jodywhitesides charon: 08[CFG] selecting traffic
> selectors for other:
> May 11 18:07:14 jodywhitesides charon: 08[CFG] config: 10.10.10.2/32,
> received: 10.10.10.2/32 => match: 10.10.10.2/32
> May 11 18:07:14 jodywhitesides charon: 08[CFG] selecting traffic
> selectors for us:
> May 11 18:07:14 jodywhitesides charon: 08[CFG] config: 0.0.0.0/0,
> received: 0.0.0.0/0 => match: 0.0.0.0/0
> May 11 18:07:14 jodywhitesides charon: 08[CFG] config: ::/0,
> received: 0.0.0.0/0 => no match
> May 11 18:07:14 jodywhitesides charon: 08[CFG] selecting proposal:
> May 11 18:07:14 jodywhitesides charon: 08[CFG] proposal matches
> May 11 18:07:14 jodywhitesides charon: 08[CFG] received proposals:
> ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ,
> ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ, ESP:3DES_CBC$
> May 11 18:07:14 jodywhitesides charon: 08[CFG] configured proposals:
> ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
> ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
> May 11 18:07:14 jodywhitesides charon: 08[CFG] selected proposal:
> ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
> May 11 18:07:14 jodywhitesides charon: 08[ENC] generating QUICK_MODE
> response 547495620 [ HASH SA No ID ID ]
> May 11 18:07:14 jodywhitesides charon: 08[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188] (172 bytes)
> May 11 18:07:14 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188]
> May 11 18:07:14 jodywhitesides kernel: [80909.378854] audit: type=1400
> audit(1526083634.954:1035): apparmor="DENIED" operation="open"
> profile="/usr/lib/ipsec/charon" name="/proc/7046/fd/" pid=7046
> comm="charon" requested_mask="r" denied_mask$
> May 11 18:07:14 jodywhitesides charon: 03[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500]
> May 11 18:07:14 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:07:14 jodywhitesides charon: 07[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500] (60 bytes)
> May 11 18:07:14 jodywhitesides charon: 07[ENC] parsed QUICK_MODE
> request 547495620 [ HASH ]
> May 11 18:07:14 jodywhitesides charon: 07[IKE] CHILD_SA ios{3}
> established with SPIs ca4b4cf3_i 0e8240c6_o and TS 0.0.0.0/0 ===
> 10.10.10.2/32
> May 11 18:07:14 jodywhitesides vpn: + C=US, O=JW Server VPN,
> CN=138.68.251.157 10.10.10.2/32 == 172.58.38.179 -- 138.68.251.157 ==
> 0.0.0.0/0
> May 11 18:07:15 jodywhitesides smtpd[4612]: smtp-out: Enabling route
> [] <-> IPv6:2607:f8b0:400e:c06::1a (pj-in-x1a.1e100.net [1])
> May 11 18:07:19 jodywhitesides dovecot: imap-login: Login:
> user=<onrecords>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
> mpid=7062, TLS, session=<SCg5Cfdr5plDsQw7>
> May 11 18:07:19 jodywhitesides dovecot: imap-login: Login:
> user=<dancindeeraudio>, method=PLAIN, rip=67.177.12.59,
> lip=138.68.251.157, mpid=7063, TLS, session=<sk85Cfdrx75DsQw7>
> May 11 18:07:19 jodywhitesides dovecot: imap-login: Login:
> user=<musicteam>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
> mpid=7064, TLS, session=<LFA5CfdrvKZDsQw7>
> May 11 18:07:19 jodywhitesides dovecot: imap-login: Login:
> user=<jody>, method=PLAIN, rip=67.177.12.59, lip=138.68.251.157,
> mpid=7065, TLS, session=<XM85Cfdr1qlDsQw7>
> May 11 18:07:19 jodywhitesides dovecot: imap-login: Login:
> user=<singleoftheday>, method=PLAIN, rip=67.177.12.59,
> lip=138.68.251.157, mpid=7066, TLS, session=<h2s6CfdrCL9DsQw7>
> May 11 18:07:19 jodywhitesides dovecot: imap(onrecords): Logged out
> in=38 out=489
> May 11 18:07:19 jodywhitesides dovecot: imap(dancindeeraudio): Logged
> out in=38 out=489
> May 11 18:07:19 jodywhitesides dovecot: imap(musicteam): Logged out
> in=38 out=489
> May 11 18:07:19 jodywhitesides dovecot: imap(jody): Logged out in=38
> out=489
> May 11 18:07:19 jodywhitesides dovecot: imap(singleoftheday): Logged
> out in=38 out=489
> May 11 18:08:11 jodywhitesides charon: 11[IKE] sending keep alive to
> 172.58.38.179[47188]
> May 11 18:08:11 jodywhitesides charon: 04[NET] sending packet: from
> 138.68.251.157[4500] to 172.58.38.179[47188]
> May 11 18:08:13 jodywhitesides charon: 03[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500]
> May 11 18:08:13 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:08:13 jodywhitesides charon: 03[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500]
> May 11 18:08:13 jodywhitesides charon: 03[NET] waiting for data on
> sockets
> May 11 18:08:13 jodywhitesides charon: 08[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500] (76 bytes)
> May 11 18:08:13 jodywhitesides charon: 08[ENC] parsed INFORMATIONAL_V1
> request 1401124821 [ HASH D ]
> May 11 18:08:13 jodywhitesides charon: 08[IKE] received DELETE for ESP
> CHILD_SA with SPI 0e8240c6
> May 11 18:08:13 jodywhitesides charon: 08[IKE] closing CHILD_SA ios{3}
> with SPIs ca4b4cf3_i (39562 bytes) 0e8240c6_o (72023 bytes) and TS
> 0.0.0.0/0 === 10.10.10.2/32
> May 11 18:08:13 jodywhitesides kernel: [80968.117023] audit: type=1400
> audit(1526083693.693:1036): apparmor="DENIED" operation="open"
> profile="/usr/lib/ipsec/charon" name="/proc/7076/fd/" pid=7076
> comm="charon" requested_mask="r" denied_mask$
> May 11 18:08:13 jodywhitesides vpn: - C=US, O=JW Server VPN,
> CN=138.68.251.157 10.10.10.2/32 == 172.58.38.179 -- 138.68.251.157 ==
> 0.0.0.0/0
> May 11 18:08:13 jodywhitesides charon: 05[NET] received packet: from
> 172.58.38.179[47188] to 138.68.251.157[4500] (92 bytes)
> May 11 18:08:13 jodywhitesides charon: 05[ENC] parsed INFORMATIONAL_V1
> request 2091759899 [ HASH D ]
> May 11 18:08:13 jodywhitesides charon: 05[IKE] received DELETE for
> IKE_SA ios[3]
> May 11 18:08:13 jodywhitesides charon: 05[IKE] deleting IKE_SA ios[3]
> between 138.68.251.157[138.68.251.157]...172.58.38.179[C=US, O=JW
> Server VPN, CN=138.68.251.157]
> May 11 18:08:13 jodywhitesides charon: 05[IKE] IKE_SA ios[3] state
> change: ESTABLISHED => DELETING
> May 11 18:08:13 jodywhitesides charon: 05[IKE] IKE_SA ios[3] state
> change: DELETING => DELETING
> May 11 18:08:13 jodywhitesides charon: 05[IKE] IKE_SA ios[3] state
> change: DELETING => DESTROYING
>
> Jody
>
>> On May 11, 2018, at 5:26 PM, Jafar Al-Gharaibeh <jafar at atcorp.com>
>> wrote:
>>
>> Jody,
>> It is really hard to guess what the problem is without
>> information/logs.
>> In most situations where I had this issue (OK on WiFi but not OK
>> on cell) it turned out to be MTU related.
>> I am almost certain that the problem you are seeing is caused by
>> broken PMTU.
>> See the references below for some insight and possible solutions.
>>
>> Regards,
>> Jafar
>>
>> [1]
>>
> https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling#MTUMSS-issues
>> [2]
>>
> https://www.zeitgeist.se/2013/11/26/mtu-woes-in-ipsec-tunnels-how-to-fix/
>> [3] https://wiki.strongswan.org/issues/1025
>> [4] https://wiki.strongswan.org/issues/632#note-14
>>
>> On 5/11/2018 5:21 PM, Jody Whitesides wrote:
>>
>>> I have a working VPN that can connect to the internet at large.
>>> That when a device is connected via WIFI it can also connect to
>>> email and websites hosted on the same server as the VPN. However,
>>> when a device is connected via a cellular connection to the VPN,
>>> it can connect to the internet at large, but cannot connect to
>>> email and websites on the same server.
>>>
>>> Can anyone explain why this would occur? What is the difference
>>> between a wild WIFI connection and a mobile cellular connection
>>> that would cause the VPN to react differently to its host server?
>>>
>>> Thank you,
>>> Jody
>
>
>
> Links:
> ------
> [1] http://pj-in-x1a.1e100.net
More information about the Users
mailing list