<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
font-size:10.5pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=ZH-CN link="#0563C1" vlink="#954F72" style='text-justify-trim:punctuation'><div class=WordSection1><p class=MsoNormal><span lang=EN-US>Hi, <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I’m running a new strongswan server on Windows Azure, but the issue happened when connect from win7. Here is the log following below:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, Linux 3.13.0-40-generic, x86_64)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[LIB] created TUN device: ipsec0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[CFG] loaded ca certificate "C=DE, O=Personal, CN=xxx.xxx.net" from '/usr/local/etc/ipsec.d/cacerts/ca.cert.pem'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[CFG] loaded RSA private key from '/usr/local/etc/ipsec.d/private/server.pem'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[CFG] loaded IKE secret for %any<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[CFG] loaded EAP secret for test<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[CFG] loaded 0 RADIUS server configurations<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[LIB] loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf xcbc cmac hmac attr kernel-libipsec kernel-netlink resolve socket-default stroke updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp certexpire radattr addrblock unity<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[LIB] unable to load 3 plugin features (3 due to unmet dependencies)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 00[JOB] spawning 16 worker threads<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 14[CFG] received stroke: add connection 'iOS_cert'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 14[CFG] left nor right host is our side, assuming left=local<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 14[CFG] adding virtual IP address pool 10.0.0.0/24<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 14[CFG] loaded certificate "C=DE, O=Personal, CN=xxx.xxx.net" from 'server.cert.pem'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 14[CFG] id '%any' not confirmed by certificate, defaulting to 'C=DE, O=Personal, CN=xxx.xxx.net'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 14[CFG] loaded certificate "C=DE, O=Personal, CN=xxx.xxx.net" from 'client.cert.pem'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 14[CFG] id '%any' not confirmed by certificate, defaulting to 'C=DE, O=Personal, CN=xxx.xxx.net'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 14[CFG] added configuration 'iOS_cert'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 16[CFG] received stroke: add connection 'android_xauth_psk'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 16[CFG] left nor right host is our side, assuming left=local<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 16[CFG] reusing virtual IP address pool 10.0.0.0/24<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 16[CFG] added configuration 'android_xauth_psk'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 04[CFG] received stroke: add connection 'networkmanager-strongswan'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 04[CFG] left nor right host is our side, assuming left=local<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 04[CFG] reusing virtual IP address pool 10.0.0.0/24<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 04[CFG] loaded certificate "C=DE, O=Personal, CN=xxx.xxx.net" from 'server.cert.pem'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 04[CFG] id '%any' not confirmed by certificate, defaulting to 'C=DE, O=Personal, CN=xxx.xxx.net'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 04[CFG] loaded certificate "C=DE, O=Personal, CN=xxx.xxx.net" from 'client.cert.pem'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 04[CFG] id '%any' not confirmed by certificate, defaulting to 'C=DE, O=Personal, CN=xxx.xxx.net'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 04[CFG] added configuration 'networkmanager-strongswan'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 02[CFG] received stroke: add connection 'windows7'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 02[CFG] left nor right host is our side, assuming left=local<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 02[CFG] reusing virtual IP address pool 10.0.0.0/24<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 02[CFG] loaded certificate "C=DE, O=Personal, CN=xxx.xxx.net" from 'server.cert.pem'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 02[CFG] id '%any' not confirmed by certificate, defaulting to 'C=DE, O=Personal, CN=xxx.xxx.net'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:30:58 02[CFG] added configuration 'windows7'<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:31:57 16[NET] received packet: from vpn_client_ip[500] to strongswan_server_ip[500] (528 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:31:57 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:31:57 16[IKE] vpn_client_ip is initiating an IKE_SA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:31:57 16[IKE] local host is behind NAT, sending keep alives<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:31:57 16[IKE] remote host is behind NAT<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:31:57 16[IKE] sending cert request for "C=DE, O=Personal, CN=xxx.xxx.net"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:31:57 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:31:57 16[NET] sending packet: from strongswan_server_ip[500] to vpn_client_ip[500] (333 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:32:17 02[IKE] sending keep alive to vpn_client_ip[500]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:32:27 15[JOB] deleting half open IKE_SA after timeout<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:36:13 15[NET] received packet: from vpn_client_ip[500] to strongswan_server_ip[500] (528 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:36:13 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:36:13 15[IKE] vpn_client_ip is initiating an IKE_SA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:36:13 15[IKE] local host is behind NAT, sending keep alives<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:36:13 15[IKE] remote host is behind NAT<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:36:13 15[IKE] sending cert request for "C=DE, O=Personal, CN=xxx.xxx.net"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:36:13 15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:36:13 15[NET] sending packet: from strongswan_server_ip[500] to vpn_client_ip[500] (333 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:36:33 01[IKE] sending keep alive to vpn_client_ip[500]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:36:43 16[JOB] deleting half open IKE_SA after timeout<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:17 04[NET] received packet: from vpn_client_ip2[500] to strongswan_server_ip[500] (528 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:17 04[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:17 04[IKE] vpn_client_ip2 is initiating an IKE_SA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:17 04[IKE] local host is behind NAT, sending keep alives<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:17 04[IKE] remote host is behind NAT<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:17 04[IKE] sending cert request for "C=DE, O=Personal, CN=xxx.xxx.net"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:17 04[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:17 04[NET] sending packet: from strongswan_server_ip[500] to vpn_client_ip2[500] (333 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:18 14[NET] received packet: from vpn_client_ip2[500] to strongswan_server_ip[500] (528 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:18 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:18 14[IKE] received retransmit of request with ID 0, retransmitting response<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:18 14[NET] sending packet: from strongswan_server_ip[500] to vpn_client_ip2[500] (333 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:37 03[IKE] sending keep alive to vpn_client_ip2[500]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:50:47 01[JOB] deleting half open IKE_SA after timeout<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:07 05[NET] received packet: from vpn_client_ip[500] to strongswan_server_ip[500] (528 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:07 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:07 05[IKE] vpn_client_ip is initiating an IKE_SA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:07 05[IKE] local host is behind NAT, sending keep alives<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:07 05[IKE] remote host is behind NAT<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:07 05[IKE] sending cert request for "C=DE, O=Personal, CN=xxx.xxx.net"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:07 05[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:07 05[NET] sending packet: from strongswan_server_ip[500] to vpn_client_ip[500] (333 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:27 16[IKE] sending keep alive to vpn_client_ip[500]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:33 02[NET] received packet: from vpn_client_ip[500] to strongswan_server_ip[500] (528 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:33 02[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:33 02[IKE] vpn_client_ip is initiating an IKE_SA<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:33 02[IKE] local host is behind NAT, sending keep alives<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:33 02[IKE] remote host is behind NAT<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:33 02[IKE] sending cert request for "C=DE, O=Personal, CN=xxx.xxx.net"<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:33 02[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:33 02[NET] sending packet: from strongswan_server_ip[500] to vpn_client_ip[500] (333 bytes)<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:37 04[JOB] deleting half open IKE_SA after timeout<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:57:53 03[IKE] sending keep alive to vpn_client_ip[500]<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Dec 11 08:58:03 02[JOB] deleting half open IKE_SA after timeout<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>Ipsec.conf:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>conn windows7<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> keyexchange=ikev2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> ike=aes256-sha1-modp1024!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> dpdaction=none<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> rekey=no<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> left=%any<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> leftsubnet=0.0.0.0/0<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> leftauth=pubkey<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> leftcert=server.cert.pem<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> right=%any<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> rightsourceip=10.0.0.0/24<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> rightauth=eap-mschapv2<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> rightsendcert=never<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> eap_identity=%any<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US> auto=add<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>I have opened 4500(udp),500(udp),500(tcp) ports on the website, but still not work. Appreciate for the help. <o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p></div></body></html>