<div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div><span style="font-size:12.8000001907349px">This is the problem:</span><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">Apr 24 17:21:43 accel charon: 10[IKE] deleting duplicate IKE_SA for peer 'actmobile' due to uniqueness policy</span><br></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">Look for config option "uniqueids" here: <a href="https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection</a></span></div><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">M.</span></div></div><div class="gmail_extra"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr">Miroslav Svoboda | <a href="tel:%2B420%20608%20224%20486" value="+420608224486" target="_blank">+420 608 224 486</a></div></div></div></div></div>
<br><div class="gmail_quote">On 24 April 2015 at 19:23, Andrew Foss <span dir="ltr"><<a href="mailto:afoss@actmobile.com" target="_blank">afoss@actmobile.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Is this better?<br>
<br>
*** first device connects*****<br>
<br>
Apr 24 17:21:31 accel charon: 06[NET] received packet: from
166.170.42.208[36359] to 10.199.65.236[500]<br>
Apr 24 17:21:31 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:31 accel charon: 13[NET] received packet: from
166.170.42.208[36359] to 10.199.65.236[500] (668 bytes)<br>
Apr 24 17:21:31 accel charon: 13[CFG] looking for an ike config for
10.199.65.236...166.170.42.208<br>
Apr 24 17:21:31 accel charon: 13[CFG] candidate: %any...%any, prio
28<br>
Apr 24 17:21:31 accel charon: 13[CFG] found matching ike config:
%any...%any with prio 28<br>
Apr 24 17:21:31 accel charon: 13[IKE] received NAT-T (RFC 3947)
vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-08 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-07 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-06 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-05 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-04 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-03 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-02 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received XAuth vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received Cisco Unity vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received FRAGMENTATION vendor
ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received DPD vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] 166.170.42.208 is initiating a
Main Mode IKE_SA<br>
Apr 24 17:21:31 accel charon: 13[IKE] IKE_SA (unnamed)[3] state
change: CREATED => CONNECTING<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
PSEUDO_RANDOM_FUNCTION found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
PSEUDO_RANDOM_FUNCTION found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] proposal matches<br>
Apr 24 17:21:31 accel charon: 13[CFG] received proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024<br>
Apr 24 17:21:31 accel charon: 13[CFG] configured proposals:
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/HMAC_MD5_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/PRF_HMAC_MD5/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160<br>
Apr 24 17:21:31 accel charon: 13[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536<br>
Apr 24 17:21:31 accel charon: 13[IKE] sending XAuth vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] sending DPD vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] sending FRAGMENTATION vendor
ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] sending NAT-T (RFC 3947)
vendor ID<br>
Apr 24 17:21:31 accel charon: 13[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359] (160 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359]<br>
Apr 24 17:21:31 accel charon: 06[NET] received packet: from
166.170.42.208[36359] to 10.199.65.236[500]<br>
Apr 24 17:21:31 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:31 accel charon: 14[NET] received packet: from
166.170.42.208[36359] to 10.199.65.236[500] (292 bytes)<br>
Apr 24 17:21:31 accel charon: 14[LIB] size of DH secret exponent:
1535 bits<br>
Apr 24 17:21:31 accel charon: 14[IKE] local host is behind NAT,
sending keep alives<br>
Apr 24 17:21:31 accel charon: 14[IKE] remote host is behind NAT<br>
Apr 24 17:21:31 accel charon: 14[IKE] sending cert request for
"C=US, ST=California, L=New York, O=Internet Widgits Pty Ltd,
OU=ActMobile, CN=<a href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>, <a href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:31 charon: last message repeated 2 times<br>
Apr 24 17:21:31 accel charon: 14[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359] (548 bytes)<br>
Apr 24 17:21:31 accel charon: 14[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359] (399 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359]<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359]<br>
Apr 24 17:21:31 accel charon: 06[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:31 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:31 accel charon: 06[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:31 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:31 accel charon: 15[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500] (1280 bytes)<br>
Apr 24 17:21:31 accel charon: 15[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500] (164 bytes)<br>
Apr 24 17:21:31 accel charon: 15[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500] (1372 bytes)<br>
Apr 24 17:21:31 accel charon: 15[IKE] ignoring certificate request
without data<br>
Apr 24 17:21:31 accel charon: 15[IKE] received end entity cert
"C=US, O=strongSwan, CN=IDE-B1DA-3355-4C89-BA98-A580BD513292"<br>
Apr 24 17:21:31 accel charon: 15[CFG] looking for XAuthInitRSA peer
configs matching 10.199.65.236...166.170.42.208[C=US, O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292]<br>
Apr 24 17:21:31 accel charon: 15[CFG] candidate "ios", match:
1/1/28 (me/other/ike)<br>
Apr 24 17:21:31 accel charon: 15[CFG] selected peer config "ios"<br>
Apr 24 17:21:31 accel charon: 15[CFG] using certificate "C=US,
O=strongSwan, CN=IDE-B1DA-3355-4C89-BA98-A580BD513292"<br>
Apr 24 17:21:31 accel charon: 15[CFG] certificate "C=US,
O=strongSwan, CN=IDE-B1DA-3355-4C89-BA98-A580BD513292" key: 2048 bit
RSA<br>
Apr 24 17:21:31 accel charon: 15[CFG] using trusted ca certificate
"C=US, ST=California, L=New York, O=Internet Widgits Pty Ltd,
OU=ActMobile, CN=<a href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>, <a href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:31 accel charon: 15[CFG] checking certificate status of
"C=US, O=strongSwan, CN=IDE-B1DA-3355-4C89-BA98-A580BD513292"<br>
Apr 24 17:21:31 accel charon: 15[CFG] ocsp check skipped, no ocsp
found<br>
Apr 24 17:21:31 accel charon: 15[CFG] certificate status is not
available<br>
Apr 24 17:21:31 accel charon: 15[CFG] certificate "C=US,
ST=California, L=New York, O=Internet Widgits Pty Ltd, OU=ActMobile,
CN=<a href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>, <a href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>" key: 2048 bit
RSA<br>
Apr 24 17:21:31 accel charon: 15[CFG] reached self-signed root ca
with a path length of 0<br>
Apr 24 17:21:31 accel charon: 15[IKE] authentication of 'C=US,
O=strongSwan, CN=IDE-B1DA-3355-4C89-BA98-A580BD513292' with RSA
successful<br>
Apr 24 17:21:31 accel charon: 15[IKE] authentication of 'C=US,
ST=California, L=New York, O=Internet Widgits Pty Ltd, OU=ActMobile,
CN=<a href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>, <a href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>' (myself)
successful<br>
Apr 24 17:21:31 accel charon: 15[IKE] queueing XAUTH task<br>
Apr 24 17:21:31 accel charon: 15[IKE] sending end entity cert "C=US,
ST=California, L=New York, O=Internet Widgits Pty Ltd, OU=ActMobile,
CN=<a href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>, <a href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:31 accel charon: 15[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (544 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:31 accel charon: 15[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (544 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:31 accel charon: 15[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (544 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:31 accel charon: 15[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (92 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:31 accel charon: 15[IKE] activating new tasks<br>
Apr 24 17:21:31 accel charon: 15[IKE] activating XAUTH task<br>
Apr 24 17:21:31 accel charon: 15[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (76 bytes)<br>
Apr 24 17:21:31 accel rsyslogd-2177: imuxsock begins to drop
messages from pid 14031 due to rate-limiting<br>
Apr 24 17:21:32 accel rsyslogd-2177: imuxsock lost 12 messages from
pid 14031 due to rate-limiting<br>
Apr 24 17:21:32 accel charon: 06[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:32 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:32 accel charon: 06[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:32 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:32 accel charon: 03[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500] (76 bytes)<br>
Apr 24 17:21:32 accel charon: 03[IKE] IKE_SA ios[3] established
between 10.199.65.236[C=US, ST=California, L=New York, O=Internet
Widgits Pty Ltd, OU=ActMobile, CN=<a href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>]...166.170.42.208[C=US, O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292]<br>
Apr 24 17:21:32 accel charon: 03[IKE] IKE_SA ios[3] state change:
CONNECTING => ESTABLISHED<br>
Apr 24 17:21:32 accel charon: 03[IKE] activating new tasks<br>
Apr 24 17:21:32 accel charon: 03[IKE] nothing to initiate<br>
Apr 24 17:21:32 accel charon: 08[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500] (172 bytes)<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
INTERNAL_IP4_ADDRESS attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
INTERNAL_IP4_NETMASK attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing INTERNAL_IP4_DNS
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing INTERNAL_IP4_NBNS
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
INTERNAL_ADDRESS_EXPIRY attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing APPLICATION_VERSION
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing UNITY_BANNER
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing UNITY_DEF_DOMAIN
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing UNITY_SPLITDNS_NAME
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing UNITY_SPLIT_INCLUDE
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing UNITY_LOCAL_LAN
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing UNITY_PFS attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing UNITY_SAVE_PASSWD
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing UNITY_FW_TYPE
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
UNITY_BACKUP_SERVERS attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing (28683) attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] peer requested virtual IP %any<br>
Apr 24 17:21:32 accel charon: 08[CFG] reassigning offline lease to
'actmobile'<br>
Apr 24 17:21:32 accel charon: 08[IKE] assigning virtual IP
10.254.0.1 to peer 'actmobile'<br>
Apr 24 17:21:32 accel charon: 08[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (92 bytes)<br>
Apr 24 17:21:32 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:32 accel charon: 06[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:32 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:32 accel charon: 10[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500] (300 bytes)<br>
Apr 24 17:21:32 accel charon: 10[CFG] looking for a child config for
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> === <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> <br>
Apr 24 17:21:32 accel charon: 10[CFG] proposing traffic selectors
for us:<br>
Apr 24 17:21:32 accel charon: 10[CFG] <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
Apr 24 17:21:32 accel charon: 10[CFG] proposing traffic selectors
for other:<br>
Apr 24 17:21:32 accel charon: 10[CFG] <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a><br>
Apr 24 17:21:32 accel charon: 10[CFG] candidate "ios" with prio
5+5<br>
Apr 24 17:21:32 accel charon: 10[CFG] found matching child config
"ios" with prio 10<br>
Apr 24 17:21:32 accel charon: 10[CFG] selecting traffic selectors
for other:<br>
Apr 24 17:21:32 accel charon: 10[CFG] config: <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>,
received: <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> => match: <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a><br>
Apr 24 17:21:32 accel charon: 10[CFG] selecting traffic selectors
for us:<br>
Apr 24 17:21:32 accel charon: 10[CFG] config: <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>, received:
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> => match: <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
Apr 24 17:21:32 accel charon: 10[IKE] expected IPComp proposal but
peer did not send one, IPComp disabled<br>
Apr 24 17:21:32 accel charon: 10[CFG] selecting proposal:<br>
Apr 24 17:21:32 accel charon: 10[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:32 accel charon: 10[CFG] selecting proposal:<br>
Apr 24 17:21:32 accel charon: 10[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:32 accel charon: 10[CFG] selecting proposal:<br>
Apr 24 17:21:32 accel charon: 10[CFG] proposal matches<br>
Apr 24 17:21:32 accel charon: 10[CFG] received proposals:
ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ<br>
Apr 24 17:21:32 accel charon: 10[CFG] configured proposals:
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ<br>
Apr 24 17:21:32 accel charon: 10[CFG] selected proposal:
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ<br>
Apr 24 17:21:32 accel charon: 10[IKE] received 3600s lifetime,
configured 0s<br>
Apr 24 17:21:32 accel charon: 10[KNL] got SPI cdc2e52a<br>
Apr 24 17:21:32 accel charon: 10[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (172 bytes)<br>
Apr 24 17:21:32 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:32 accel charon: 06[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:32 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:32 accel charon: 11[NET] received packet: from
166.170.42.208[64139] to 10.199.65.236[4500] (60 bytes)<br>
Apr 24 17:21:32 accel charon: 11[CHD] using AES_CBC for encryption<br>
Apr 24 17:21:32 accel charon: 11[CHD] using HMAC_SHA1_96 for
integrity<br>
Apr 24 17:21:32 accel charon: 11[CHD] adding inbound ESP SA<br>
Apr 24 17:21:32 accel charon: 11[CHD] SPI 0xcdc2e52a, src
166.170.42.208 dst 10.199.65.236<br>
Apr 24 17:21:32 accel charon: 11[KNL] adding SAD entry with SPI
cdc2e52a and reqid {2} (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] using encryption algorithm
AES_CBC with key size 128<br>
Apr 24 17:21:32 accel charon: 11[KNL] using integrity algorithm
HMAC_SHA1_96 with key size 160<br>
Apr 24 17:21:32 accel charon: 11[KNL] using replay window of 32
packets<br>
Apr 24 17:21:32 accel charon: 11[CHD] adding outbound ESP SA<br>
Apr 24 17:21:32 accel charon: 11[CHD] SPI 0x0d6bbaab, src
10.199.65.236 dst 166.170.42.208<br>
Apr 24 17:21:32 accel charon: 11[KNL] adding SAD entry with SPI
0d6bbaab and reqid {2} (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] using encryption algorithm
AES_CBC with key size 128<br>
Apr 24 17:21:32 accel charon: 11[KNL] using integrity algorithm
HMAC_SHA1_96 with key size 160<br>
Apr 24 17:21:32 accel charon: 11[KNL] using replay window of 32
packets<br>
Apr 24 17:21:32 accel charon: 11[KNL] adding policy <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ===
<a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> out (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] adding policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
=== <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] adding policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
=== <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] getting a local address in
traffic selector <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
Apr 24 17:21:32 accel charon: 11[KNL] using host %any<br>
Apr 24 17:21:32 accel charon: 11[KNL] using 10.199.65.193 as nexthop
to reach <a href="http://166.170.42.208/32" target="_blank">166.170.42.208/32</a><br>
Apr 24 17:21:32 accel charon: 11[KNL] 10.199.65.236 is on interface
eth0<br>
Apr 24 17:21:32 accel charon: 11[KNL] installing route:
<a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> via 10.199.65.193 src %any dev eth0<br>
Apr 24 17:21:32 accel charon: 11[KNL] getting iface index for eth0<br>
Apr 24 17:21:32 accel charon: 11[KNL] policy <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ===
<a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> out (mark 0/0x00000000) already exists, increasing
refcount<br>
Apr 24 17:21:32 accel charon: 11[KNL] updating policy <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ===
<a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> out (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> ===
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000) already exists, increasing
refcount<br>
Apr 24 17:21:32 accel charon: 11[KNL] updating policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
=== <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> ===
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000) already exists, increasing
refcount<br>
Apr 24 17:21:32 accel charon: 11[KNL] updating policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
=== <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] getting a local address in
traffic selector <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
Apr 24 17:21:32 accel charon: 11[KNL] using host %any<br>
Apr 24 17:21:32 accel charon: 11[KNL] using 10.199.65.193 as nexthop
to reach <a href="http://166.170.42.208/32" target="_blank">166.170.42.208/32</a><br>
Apr 24 17:21:32 accel charon: 11[KNL] 10.199.65.236 is on interface
eth0<br>
Apr 24 17:21:32 accel charon: 11[IKE] CHILD_SA ios{2} established
with SPIs cdc2e52a_i 0d6bbaab_o and TS <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> === <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> <br>
Apr 24 17:21:32 accel charon: 11[KNL] 10.199.65.236 is on interface
eth0<br>
Apr 24 17:21:32 accel charon: 11[KNL] querying SAD entry with SPI
cdc2e52a (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] querying SAD entry with SPI
0d6bbaab (mark 0/0x00000000)<br>
<br>
<br>
<br>
<br>
<br>
<br>
***** second device connects *******<br>
<br>
Apr 24 17:21:42 accel charon: 06[NET] received packet: from
50.197.174.157[500] to 10.199.65.236[500]<br>
Apr 24 17:21:42 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:42 accel charon: 15[NET] received packet: from
50.197.174.157[500] to 10.199.65.236[500] (668 bytes)<br>
Apr 24 17:21:42 accel charon: 15[CFG] looking for an ike config for
10.199.65.236...50.197.174.157<br>
Apr 24 17:21:42 accel charon: 15[CFG] candidate: %any...%any, prio
28<br>
Apr 24 17:21:42 accel charon: 15[CFG] found matching ike config:
%any...%any with prio 28<br>
Apr 24 17:21:42 accel charon: 15[IKE] received NAT-T (RFC 3947)
vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-08 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-07 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-06 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-05 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-04 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-03 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-02 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received XAuth vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received Cisco Unity vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received FRAGMENTATION vendor
ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received DPD vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] 50.197.174.157 is initiating a
Main Mode IKE_SA<br>
Apr 24 17:21:42 accel charon: 15[IKE] IKE_SA (unnamed)[4] state
change: CREATED => CONNECTING<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
PSEUDO_RANDOM_FUNCTION found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
PSEUDO_RANDOM_FUNCTION found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] proposal matches<br>
Apr 24 17:21:42 accel charon: 15[CFG] received proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024<br>
Apr 24 17:21:42 accel charon: 15[CFG] configured proposals:
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/HMAC_MD5_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/PRF_HMAC_MD5/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160<br>
Apr 24 17:21:42 accel charon: 15[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536<br>
Apr 24 17:21:42 accel charon: 15[IKE] sending XAuth vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] sending DPD vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] sending FRAGMENTATION vendor
ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] sending NAT-T (RFC 3947)
vendor ID<br>
Apr 24 17:21:42 accel charon: 15[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500] (160 bytes)<br>
Apr 24 17:21:42 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500]<br>
Apr 24 17:21:43 accel charon: 06[NET] received packet: from
50.197.174.157[500] to 10.199.65.236[500]<br>
Apr 24 17:21:43 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:43 accel charon: 09[NET] received packet: from
50.197.174.157[500] to 10.199.65.236[500] (292 bytes)<br>
Apr 24 17:21:43 accel charon: 09[LIB] size of DH secret exponent:
1532 bits<br>
Apr 24 17:21:43 accel charon: 09[IKE] local host is behind NAT,
sending keep alives<br>
Apr 24 17:21:43 accel charon: 09[IKE] remote host is behind NAT<br>
Apr 24 17:21:43 accel charon: 09[IKE] sending cert request for
"C=US, ST=California, L=New York, O=Internet Widgits Pty Ltd,
OU=ActMobile, CN=<a href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>, <a href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:43 charon: last message repeated 2 times<br>
Apr 24 17:21:43 accel charon: 09[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500] (548 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500]<br>
Apr 24 17:21:43 accel charon: 09[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500] (399 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500]<br>
Apr 24 17:21:43 accel charon: 06[NET] received packet: from
50.197.174.157[4500] to 10.199.65.236[4500]<br>
Apr 24 17:21:43 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:43 accel charon: 03[NET] received packet: from
50.197.174.157[4500] to 10.199.65.236[4500] (1280 bytes)<br>
Apr 24 17:21:43 accel charon: 06[NET] received packet: from
50.197.174.157[4500] to 10.199.65.236[4500]<br>
Apr 24 17:21:43 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:43 accel charon: 16[NET] received packet: from
50.197.174.157[4500] to 10.199.65.236[4500] (164 bytes)<br>
Apr 24 17:21:43 accel charon: 16[NET] received packet: from
50.197.174.157[4500] to 10.199.65.236[4500] (1372 bytes)<br>
Apr 24 17:21:43 accel charon: 16[IKE] ignoring certificate request
without data<br>
Apr 24 17:21:43 accel charon: 16[IKE] received end entity cert
"C=US, O=strongSwan, CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307"<br>
Apr 24 17:21:43 accel charon: 16[CFG] looking for XAuthInitRSA peer
configs matching 10.199.65.236...50.197.174.157[C=US, O=strongSwan,
CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307]<br>
Apr 24 17:21:43 accel charon: 16[CFG] candidate "ios", match:
1/1/28 (me/other/ike)<br>
Apr 24 17:21:43 accel charon: 16[CFG] selected peer config "ios"<br>
Apr 24 17:21:43 accel charon: 16[CFG] using certificate "C=US,
O=strongSwan, CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307"<br>
Apr 24 17:21:43 accel charon: 16[CFG] certificate "C=US,
O=strongSwan, CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307" key: 2048 bit
RSA<br>
Apr 24 17:21:43 accel charon: 16[LIB] signature verification:<br>
Apr 24 17:21:43 accel charon: 16[CFG] using trusted ca certificate
"C=US, ST=California, L=New York, O=Internet Widgits Pty Ltd,
OU=ActMobile, CN=<a href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>, <a href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:43 accel charon: 16[CFG] checking certificate status of
"C=US, O=strongSwan, CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307"<br>
Apr 24 17:21:43 accel charon: 16[CFG] ocsp check skipped, no ocsp
found<br>
Apr 24 17:21:43 accel charon: 16[CFG] certificate status is not
available<br>
Apr 24 17:21:43 accel charon: 16[CFG] certificate "C=US,
ST=California, L=New York, O=Internet Widgits Pty Ltd, OU=ActMobile,
CN=<a href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>, <a href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>" key: 2048 bit
RSA<br>
Apr 24 17:21:43 accel charon: 16[CFG] reached self-signed root ca
with a path length of 0<br>
Apr 24 17:21:43 accel charon: 16[IKE] authentication of 'C=US,
O=strongSwan, CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307' with RSA
successful<br>
Apr 24 17:21:43 accel charon: 16[IKE] authentication of 'C=US,
ST=California, L=New York, O=Internet Widgits Pty Ltd, OU=ActMobile,
CN=<a href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>, <a href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>' (myself)
successful<br>
Apr 24 17:21:43 accel charon: 16[IKE] queueing XAUTH task<br>
Apr 24 17:21:43 accel charon: 16[IKE] sending end entity cert "C=US,
ST=California, L=New York, O=Internet Widgits Pty Ltd, OU=ActMobile,
CN=<a href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>, <a href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:43 accel charon: 16[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500] (544 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500]<br>
Apr 24 17:21:43 accel charon: 16[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500] (544 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500]<br>
Apr 24 17:21:43 accel charon: 16[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500] (544 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500]<br>
Apr 24 17:21:43 accel charon: 16[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500] (92 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500]<br>
Apr 24 17:21:43 accel charon: 16[IKE] activating new tasks<br>
Apr 24 17:21:43 accel charon: 16[IKE] activating XAUTH task<br>
Apr 24 17:21:43 accel charon: 16[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500] (76 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500]<br>
Apr 24 17:21:43 accel charon: 06[NET] received packet: from
50.197.174.157[4500] to 10.199.65.236[4500]<br>
Apr 24 17:21:43 accel charon: 06[NET] waiting for data on sockets<br>
Apr 24 17:21:43 accel charon: 10[NET] received packet: from
50.197.174.157[4500] to 10.199.65.236[4500] (92 bytes)<br>
Apr 24 17:21:43 accel charon: 10[IKE] XAuth authentication of
'actmobile' successful<br>
Apr 24 17:21:43 accel charon: 10[IKE] deleting duplicate IKE_SA for
peer 'actmobile' due to uniqueness policy<br>
Apr 24 17:21:43 accel charon: 10[IKE] queueing QUICK_DELETE task<br>
Apr 24 17:21:43 accel charon: 10[IKE] queueing ISAKMP_DELETE task<br>
Apr 24 17:21:43 accel charon: 10[IKE] activating new tasks<br>
Apr 24 17:21:43 accel charon: 10[IKE] activating QUICK_DELETE task<br>
Apr 24 17:21:43 accel charon: 10[KNL] querying SAD entry with SPI
cdc2e52a (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] querying SAD entry with SPI
0d6bbaab (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[IKE] closing CHILD_SA ios{2} with
SPIs cdc2e52a_i (1438 bytes) 0d6bbaab_o (4780 bytes) and TS
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> === <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> <br>
Apr 24 17:21:43 accel charon: 10[KNL] querying SAD entry with SPI
cdc2e52a (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] querying SAD entry with SPI
0d6bbaab (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ===
<a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> out (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] policy still used by another
CHILD_SA, not removed<br>
Apr 24 17:21:43 accel charon: 10[KNL] updating policy <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ===
<a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> out (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
=== <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] policy still used by another
CHILD_SA, not removed<br>
Apr 24 17:21:43 accel charon: 10[KNL] updating policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
=== <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
=== <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] policy still used by another
CHILD_SA, not removed<br>
Apr 24 17:21:43 accel charon: 10[KNL] updating policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
=== <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] getting a local address in
traffic selector <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
Apr 24 17:21:43 accel charon: 10[KNL] using host %any<br>
Apr 24 17:21:43 accel charon: 10[KNL] using 10.199.65.193 as nexthop
to reach <a href="http://166.170.42.208/32" target="_blank">166.170.42.208/32</a><br>
Apr 24 17:21:43 accel charon: 10[KNL] 10.199.65.236 is on interface
eth0<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ===
<a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a> out (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
=== <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
=== <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] getting iface index for eth0<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting SAD entry with SPI
cdc2e52a (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleted SAD entry with SPI
cdc2e52a (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting SAD entry with SPI
0d6bbaab (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleted SAD entry with SPI
0d6bbaab (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[IKE] sending DELETE for ESP
CHILD_SA with SPI cdc2e52a<br>
Apr 24 17:21:43 accel rsyslogd-2177: imuxsock begins to drop
messages from pid 14031 due to rate-limiting<br>
<br>
<div>On 4/24/15 10:04 AM, Miroslav Svoboda
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">This log does not show the information I am looking
for.
<div>Please move the old logfile away.<br>
<div>Please set all loglevels to 2 except "enc". You can do it
in file /etc/strongswan/strongswan.d/charon-logging</div>
<div>Then start strongswan, connect both phones and send me
the whole file.</div>
<div><br>
</div>
<div>Section filelog of the afore mentioned config file should
look like below:</div>
</div>
<div><br>
</div>
<div>
<div> filelog {</div>
<div><br>
</div>
<div> # <filename> is the full path to the log
file.</div>
<div> /var/log/strongswan.log {</div>
<div><br>
</div>
<div> # Loglevel for a specific subsystem.</div>
<div> # <subsystem> = <default></div>
<div> enc = 1</div>
<div> job = 1</div>
<div> cfg = 2</div>
<div> ike = 2</div>
<div> mgr = 2</div>
<div> knl = 2</div>
<div> chd = 2</div>
<div><br>
</div>
<div> # If this option is enabled log entries are
appended to the existing</div>
<div> # file.</div>
<div> append = yes</div>
<div><br>
</div>
<div> # Default loglevel.</div>
<div> default = 1</div>
<div><br>
</div>
<div> # Enabling this option disables block
buffering and enables line</div>
<div> # buffering.</div>
<div> flush_line = yes</div>
<div><br>
</div>
<div> # Prefix each log entry with the connection
name and a unique</div>
<div> # numerical identifier for each IKE_SA.</div>
<div> ike_name = yes</div>
<div><br>
</div>
<div> # Prefix each log entry with a timestamp. The
option accepts a</div>
<div> # format string as passed to strftime(3).</div>
<div> time_format = %F %T</div>
<div><br>
</div>
<div> }</div>
<div> }</div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">Miroslav Svoboda | <a href="tel:%2B420%20608%20224%20486" value="+420608224486" target="_blank">+420 608 224 486</a></div></div></div></div></div></div></blockquote></div></blockquote></div></div></div></div>