<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Miroslav,<br>
<br>
thank you, that did it! Wow, did I log some hours trying different
combinations, but didn't get that one and you also helped by
suggesting I turn off enc logging, now my logs are more helpful,
before they always ended in "dropped rate-limiting" so really
weren't telling me much.<br>
<br>
Interestingly, both the connected devices now have the same virtual
ip 10.254.0.1/32, but both seem to be working fine and the 2 devices
never need to talk directly to one another, so maybe all the devices
can use/assign the same ip address for the client's tunnel? Is that
a common way to run?<br>
<br>
andrew<br>
<br>
<div class="moz-cite-prefix">On 4/24/15 11:36 AM, Miroslav Svoboda
wrote:<br>
</div>
<blockquote
cite="mid:CAD6VQRJ5F=96Fb=8yRmLyD9DDvtF2v81GNzrQXJusf-+pFStWA@mail.gmail.com"
type="cite">
<div dir="ltr">This is the problem:
<div><span style="font-size:12.8000001907349px">Apr 24 17:21:43
accel charon: 10[IKE] deleting duplicate IKE_SA for peer
'actmobile' due to uniqueness policy</span><br>
</div>
<div><span style="font-size:12.8000001907349px"><br>
</span></div>
<div><span style="font-size:12.8000001907349px">Look for config
option "uniqueids" here: <a moz-do-not-send="true"
href="https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection">https://wiki.strongswan.org/projects/strongswan/wiki/ConfigSetupSection</a></span></div>
<div><span style="font-size:12.8000001907349px"><br>
</span></div>
<div><span style="font-size:12.8000001907349px">M.</span></div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">
<div class="gmail_signature">
<div dir="ltr">Miroslav Svoboda | +420 608 224 486</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On 24 April 2015 at 19:23, Andrew Foss
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:afoss@actmobile.com" target="_blank">afoss@actmobile.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Is this better?<br>
<br>
*** first device connects*****<br>
<br>
Apr 24 17:21:31 accel charon: 06[NET] received packet:
from 166.170.42.208[36359] to 10.199.65.236[500]<br>
Apr 24 17:21:31 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:31 accel charon: 13[NET] received packet:
from 166.170.42.208[36359] to 10.199.65.236[500] (668
bytes)<br>
Apr 24 17:21:31 accel charon: 13[CFG] looking for an ike
config for 10.199.65.236...166.170.42.208<br>
Apr 24 17:21:31 accel charon: 13[CFG] candidate:
%any...%any, prio 28<br>
Apr 24 17:21:31 accel charon: 13[CFG] found matching ike
config: %any...%any with prio 28<br>
Apr 24 17:21:31 accel charon: 13[IKE] received NAT-T (RFC
3947) vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-08 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-07 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-06 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-05 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-04 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-03 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-02 vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received XAuth
vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received Cisco Unity
vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received
FRAGMENTATION vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] received DPD vendor
ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] 166.170.42.208 is
initiating a Main Mode IKE_SA<br>
Apr 24 17:21:31 accel charon: 13[IKE] IKE_SA (unnamed)[3]
state change: CREATED => CONNECTING<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
PSEUDO_RANDOM_FUNCTION found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
PSEUDO_RANDOM_FUNCTION found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:31 accel charon: 13[CFG] selecting proposal:<br>
Apr 24 17:21:31 accel charon: 13[CFG] proposal matches<br>
Apr 24 17:21:31 accel charon: 13[CFG] received proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024<br>
Apr 24 17:21:31 accel charon: 13[CFG] configured
proposals:
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/HMAC_MD5_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/PRF_HMAC_MD5/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160<br>
Apr 24 17:21:31 accel charon: 13[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536<br>
Apr 24 17:21:31 accel charon: 13[IKE] sending XAuth vendor
ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] sending DPD vendor
ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] sending
FRAGMENTATION vendor ID<br>
Apr 24 17:21:31 accel charon: 13[IKE] sending NAT-T (RFC
3947) vendor ID<br>
Apr 24 17:21:31 accel charon: 13[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359] (160 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359]<br>
Apr 24 17:21:31 accel charon: 06[NET] received packet:
from 166.170.42.208[36359] to 10.199.65.236[500]<br>
Apr 24 17:21:31 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:31 accel charon: 14[NET] received packet:
from 166.170.42.208[36359] to 10.199.65.236[500] (292
bytes)<br>
Apr 24 17:21:31 accel charon: 14[LIB] size of DH secret
exponent: 1535 bits<br>
Apr 24 17:21:31 accel charon: 14[IKE] local host is behind
NAT, sending keep alives<br>
Apr 24 17:21:31 accel charon: 14[IKE] remote host is
behind NAT<br>
Apr 24 17:21:31 accel charon: 14[IKE] sending cert request
for "C=US, ST=California, L=New York, O=Internet Widgits
Pty Ltd, OU=ActMobile, CN=<a moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:31 charon: last message repeated 2 times<br>
Apr 24 17:21:31 accel charon: 14[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359] (548 bytes)<br>
Apr 24 17:21:31 accel charon: 14[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359] (399 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359]<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 166.170.42.208[36359]<br>
Apr 24 17:21:31 accel charon: 06[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:31 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:31 accel charon: 06[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:31 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:31 accel charon: 15[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500] (1280
bytes)<br>
Apr 24 17:21:31 accel charon: 15[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500] (164
bytes)<br>
Apr 24 17:21:31 accel charon: 15[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500] (1372
bytes)<br>
Apr 24 17:21:31 accel charon: 15[IKE] ignoring certificate
request without data<br>
Apr 24 17:21:31 accel charon: 15[IKE] received end entity
cert "C=US, O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292"<br>
Apr 24 17:21:31 accel charon: 15[CFG] looking for
XAuthInitRSA peer configs matching
10.199.65.236...166.170.42.208[C=US, O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292]<br>
Apr 24 17:21:31 accel charon: 15[CFG] candidate "ios",
match: 1/1/28 (me/other/ike)<br>
Apr 24 17:21:31 accel charon: 15[CFG] selected peer config
"ios"<br>
Apr 24 17:21:31 accel charon: 15[CFG] using certificate
"C=US, O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292"<br>
Apr 24 17:21:31 accel charon: 15[CFG] certificate "C=US,
O=strongSwan, CN=IDE-B1DA-3355-4C89-BA98-A580BD513292"
key: 2048 bit RSA<br>
Apr 24 17:21:31 accel charon: 15[CFG] using trusted ca
certificate "C=US, ST=California, L=New York, O=Internet
Widgits Pty Ltd, OU=ActMobile, CN=<a
moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:31 accel charon: 15[CFG] checking certificate
status of "C=US, O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292"<br>
Apr 24 17:21:31 accel charon: 15[CFG] ocsp check skipped,
no ocsp found<br>
Apr 24 17:21:31 accel charon: 15[CFG] certificate status
is not available<br>
Apr 24 17:21:31 accel charon: 15[CFG] certificate "C=US,
ST=California, L=New York, O=Internet Widgits Pty Ltd,
OU=ActMobile, CN=<a moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"
key: 2048 bit RSA<br>
Apr 24 17:21:31 accel charon: 15[CFG] reached
self-signed root ca with a path length of 0<br>
Apr 24 17:21:31 accel charon: 15[IKE] authentication of
'C=US, O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292' with RSA
successful<br>
Apr 24 17:21:31 accel charon: 15[IKE] authentication of
'C=US, ST=California, L=New York, O=Internet Widgits Pty
Ltd, OU=ActMobile, CN=<a moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>'
(myself) successful<br>
Apr 24 17:21:31 accel charon: 15[IKE] queueing XAUTH task<br>
Apr 24 17:21:31 accel charon: 15[IKE] sending end entity
cert "C=US, ST=California, L=New York, O=Internet Widgits
Pty Ltd, OU=ActMobile, CN=<a moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:31 accel charon: 15[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (544 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:31 accel charon: 15[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (544 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:31 accel charon: 15[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (544 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:31 accel charon: 15[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (92 bytes)<br>
Apr 24 17:21:31 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:31 accel charon: 15[IKE] activating new tasks<br>
Apr 24 17:21:31 accel charon: 15[IKE] activating XAUTH
task<br>
Apr 24 17:21:31 accel charon: 15[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (76 bytes)<br>
Apr 24 17:21:31 accel rsyslogd-2177: imuxsock begins to
drop messages from pid 14031 due to rate-limiting<br>
Apr 24 17:21:32 accel rsyslogd-2177: imuxsock lost 12
messages from pid 14031 due to rate-limiting<br>
Apr 24 17:21:32 accel charon: 06[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:32 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:32 accel charon: 06[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:32 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:32 accel charon: 03[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500] (76
bytes)<br>
Apr 24 17:21:32 accel charon: 03[IKE] IKE_SA ios[3]
established between 10.199.65.236[C=US, ST=California,
L=New York, O=Internet Widgits Pty Ltd, OU=ActMobile, CN=<a
moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>]...166.170.42.208[C=US,
O=strongSwan, CN=IDE-B1DA-3355-4C89-BA98-A580BD513292]<br>
Apr 24 17:21:32 accel charon: 03[IKE] IKE_SA ios[3] state
change: CONNECTING => ESTABLISHED<br>
Apr 24 17:21:32 accel charon: 03[IKE] activating new tasks<br>
Apr 24 17:21:32 accel charon: 03[IKE] nothing to initiate<br>
Apr 24 17:21:32 accel charon: 08[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500] (172
bytes)<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
INTERNAL_IP4_ADDRESS attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
INTERNAL_IP4_NETMASK attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
INTERNAL_IP4_DNS attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
INTERNAL_IP4_NBNS attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
INTERNAL_ADDRESS_EXPIRY attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
APPLICATION_VERSION attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
UNITY_BANNER attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
UNITY_DEF_DOMAIN attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
UNITY_SPLITDNS_NAME attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
UNITY_SPLIT_INCLUDE attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
UNITY_LOCAL_LAN attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing UNITY_PFS
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
UNITY_SAVE_PASSWD attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
UNITY_FW_TYPE attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing
UNITY_BACKUP_SERVERS attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] processing (28683)
attribute<br>
Apr 24 17:21:32 accel charon: 08[IKE] peer requested
virtual IP %any<br>
Apr 24 17:21:32 accel charon: 08[CFG] reassigning offline
lease to 'actmobile'<br>
Apr 24 17:21:32 accel charon: 08[IKE] assigning virtual IP
10.254.0.1 to peer 'actmobile'<br>
Apr 24 17:21:32 accel charon: 08[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (92 bytes)<br>
Apr 24 17:21:32 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:32 accel charon: 06[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:32 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:32 accel charon: 10[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500] (300
bytes)<br>
Apr 24 17:21:32 accel charon: 10[CFG] looking for a child
config for <a moz-do-not-send="true"
href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
=== <a moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> <br>
Apr 24 17:21:32 accel charon: 10[CFG] proposing traffic
selectors for us:<br>
Apr 24 17:21:32 accel charon: 10[CFG] <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a><br>
Apr 24 17:21:32 accel charon: 10[CFG] proposing traffic
selectors for other:<br>
Apr 24 17:21:32 accel charon: 10[CFG] <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a><br>
Apr 24 17:21:32 accel charon: 10[CFG] candidate "ios"
with prio 5+5<br>
Apr 24 17:21:32 accel charon: 10[CFG] found matching child
config "ios" with prio 10<br>
Apr 24 17:21:32 accel charon: 10[CFG] selecting traffic
selectors for other:<br>
Apr 24 17:21:32 accel charon: 10[CFG] config: <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a>, received: <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> => match: <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a><br>
Apr 24 17:21:32 accel charon: 10[CFG] selecting traffic
selectors for us:<br>
Apr 24 17:21:32 accel charon: 10[CFG] config: <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a>, received: <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> => match: <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a><br>
Apr 24 17:21:32 accel charon: 10[IKE] expected IPComp
proposal but peer did not send one, IPComp disabled<br>
Apr 24 17:21:32 accel charon: 10[CFG] selecting proposal:<br>
Apr 24 17:21:32 accel charon: 10[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:32 accel charon: 10[CFG] selecting proposal:<br>
Apr 24 17:21:32 accel charon: 10[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:32 accel charon: 10[CFG] selecting proposal:<br>
Apr 24 17:21:32 accel charon: 10[CFG] proposal matches<br>
Apr 24 17:21:32 accel charon: 10[CFG] received proposals:
ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ<br>
Apr 24 17:21:32 accel charon: 10[CFG] configured
proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ<br>
Apr 24 17:21:32 accel charon: 10[CFG] selected proposal:
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ<br>
Apr 24 17:21:32 accel charon: 10[IKE] received 3600s
lifetime, configured 0s<br>
Apr 24 17:21:32 accel charon: 10[KNL] got SPI cdc2e52a<br>
Apr 24 17:21:32 accel charon: 10[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139] (172 bytes)<br>
Apr 24 17:21:32 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 166.170.42.208[64139]<br>
Apr 24 17:21:32 accel charon: 06[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500]<br>
Apr 24 17:21:32 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:32 accel charon: 11[NET] received packet:
from 166.170.42.208[64139] to 10.199.65.236[4500] (60
bytes)<br>
Apr 24 17:21:32 accel charon: 11[CHD] using AES_CBC for
encryption<br>
Apr 24 17:21:32 accel charon: 11[CHD] using HMAC_SHA1_96
for integrity<br>
Apr 24 17:21:32 accel charon: 11[CHD] adding inbound ESP
SA<br>
Apr 24 17:21:32 accel charon: 11[CHD] SPI 0xcdc2e52a,
src 166.170.42.208 dst 10.199.65.236<br>
Apr 24 17:21:32 accel charon: 11[KNL] adding SAD entry
with SPI cdc2e52a and reqid {2} (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] using encryption
algorithm AES_CBC with key size 128<br>
Apr 24 17:21:32 accel charon: 11[KNL] using integrity
algorithm HMAC_SHA1_96 with key size 160<br>
Apr 24 17:21:32 accel charon: 11[KNL] using replay
window of 32 packets<br>
Apr 24 17:21:32 accel charon: 11[CHD] adding outbound ESP
SA<br>
Apr 24 17:21:32 accel charon: 11[CHD] SPI 0x0d6bbaab,
src 10.199.65.236 dst 166.170.42.208<br>
Apr 24 17:21:32 accel charon: 11[KNL] adding SAD entry
with SPI 0d6bbaab and reqid {2} (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] using encryption
algorithm AES_CBC with key size 128<br>
Apr 24 17:21:32 accel charon: 11[KNL] using integrity
algorithm HMAC_SHA1_96 with key size 160<br>
Apr 24 17:21:32 accel charon: 11[KNL] using replay
window of 32 packets<br>
Apr 24 17:21:32 accel charon: 11[KNL] adding policy <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> === <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> out (mark
0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] adding policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] adding policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] getting a local
address in traffic selector <a moz-do-not-send="true"
href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
Apr 24 17:21:32 accel charon: 11[KNL] using host %any<br>
Apr 24 17:21:32 accel charon: 11[KNL] using 10.199.65.193
as nexthop to reach <a moz-do-not-send="true"
href="http://166.170.42.208/32" target="_blank">166.170.42.208/32</a><br>
Apr 24 17:21:32 accel charon: 11[KNL] 10.199.65.236 is on
interface eth0<br>
Apr 24 17:21:32 accel charon: 11[KNL] installing route: <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> via 10.199.65.193 src
%any dev eth0<br>
Apr 24 17:21:32 accel charon: 11[KNL] getting iface index
for eth0<br>
Apr 24 17:21:32 accel charon: 11[KNL] policy <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> === <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> out (mark
0/0x00000000) already exists, increasing refcount<br>
Apr 24 17:21:32 accel charon: 11[KNL] updating policy <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> === <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> out (mark
0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000)
already exists, increasing refcount<br>
Apr 24 17:21:32 accel charon: 11[KNL] updating policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000)
already exists, increasing refcount<br>
Apr 24 17:21:32 accel charon: 11[KNL] updating policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] getting a local
address in traffic selector <a moz-do-not-send="true"
href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
Apr 24 17:21:32 accel charon: 11[KNL] using host %any<br>
Apr 24 17:21:32 accel charon: 11[KNL] using 10.199.65.193
as nexthop to reach <a moz-do-not-send="true"
href="http://166.170.42.208/32" target="_blank">166.170.42.208/32</a><br>
Apr 24 17:21:32 accel charon: 11[KNL] 10.199.65.236 is on
interface eth0<br>
Apr 24 17:21:32 accel charon: 11[IKE] CHILD_SA ios{2}
established with SPIs cdc2e52a_i 0d6bbaab_o and TS <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> === <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> <br>
Apr 24 17:21:32 accel charon: 11[KNL] 10.199.65.236 is on
interface eth0<br>
Apr 24 17:21:32 accel charon: 11[KNL] querying SAD entry
with SPI cdc2e52a (mark 0/0x00000000)<br>
Apr 24 17:21:32 accel charon: 11[KNL] querying SAD entry
with SPI 0d6bbaab (mark 0/0x00000000)<br>
<br>
<br>
<br>
<br>
<br>
<br>
***** second device connects *******<br>
<br>
Apr 24 17:21:42 accel charon: 06[NET] received packet:
from 50.197.174.157[500] to 10.199.65.236[500]<br>
Apr 24 17:21:42 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:42 accel charon: 15[NET] received packet:
from 50.197.174.157[500] to 10.199.65.236[500] (668 bytes)<br>
Apr 24 17:21:42 accel charon: 15[CFG] looking for an ike
config for 10.199.65.236...50.197.174.157<br>
Apr 24 17:21:42 accel charon: 15[CFG] candidate:
%any...%any, prio 28<br>
Apr 24 17:21:42 accel charon: 15[CFG] found matching ike
config: %any...%any with prio 28<br>
Apr 24 17:21:42 accel charon: 15[IKE] received NAT-T (RFC
3947) vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-08 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-07 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-06 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-05 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-04 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-03 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-02 vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received XAuth
vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received Cisco Unity
vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received
FRAGMENTATION vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] received DPD vendor
ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] 50.197.174.157 is
initiating a Main Mode IKE_SA<br>
Apr 24 17:21:42 accel charon: 15[IKE] IKE_SA (unnamed)[4]
state change: CREATED => CONNECTING<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
PSEUDO_RANDOM_FUNCTION found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
DIFFIE_HELLMAN_GROUP found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
PSEUDO_RANDOM_FUNCTION found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] no acceptable
ENCRYPTION_ALGORITHM found<br>
Apr 24 17:21:42 accel charon: 15[CFG] selecting proposal:<br>
Apr 24 17:21:42 accel charon: 15[CFG] proposal matches<br>
Apr 24 17:21:42 accel charon: 15[CFG] received proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024,
IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024<br>
Apr 24 17:21:42 accel charon: 15[CFG] configured
proposals:
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/HMAC_MD5_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/PRF_HMAC_MD5/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160<br>
Apr 24 17:21:42 accel charon: 15[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536<br>
Apr 24 17:21:42 accel charon: 15[IKE] sending XAuth vendor
ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] sending DPD vendor
ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] sending
FRAGMENTATION vendor ID<br>
Apr 24 17:21:42 accel charon: 15[IKE] sending NAT-T (RFC
3947) vendor ID<br>
Apr 24 17:21:42 accel charon: 15[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500] (160 bytes)<br>
Apr 24 17:21:42 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500]<br>
Apr 24 17:21:43 accel charon: 06[NET] received packet:
from 50.197.174.157[500] to 10.199.65.236[500]<br>
Apr 24 17:21:43 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:43 accel charon: 09[NET] received packet:
from 50.197.174.157[500] to 10.199.65.236[500] (292 bytes)<br>
Apr 24 17:21:43 accel charon: 09[LIB] size of DH secret
exponent: 1532 bits<br>
Apr 24 17:21:43 accel charon: 09[IKE] local host is behind
NAT, sending keep alives<br>
Apr 24 17:21:43 accel charon: 09[IKE] remote host is
behind NAT<br>
Apr 24 17:21:43 accel charon: 09[IKE] sending cert request
for "C=US, ST=California, L=New York, O=Internet Widgits
Pty Ltd, OU=ActMobile, CN=<a moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:43 charon: last message repeated 2 times<br>
Apr 24 17:21:43 accel charon: 09[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500] (548 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500]<br>
Apr 24 17:21:43 accel charon: 09[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500] (399 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[500] to 50.197.174.157[500]<br>
Apr 24 17:21:43 accel charon: 06[NET] received packet:
from 50.197.174.157[4500] to 10.199.65.236[4500]<br>
Apr 24 17:21:43 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:43 accel charon: 03[NET] received packet:
from 50.197.174.157[4500] to 10.199.65.236[4500] (1280
bytes)<br>
Apr 24 17:21:43 accel charon: 06[NET] received packet:
from 50.197.174.157[4500] to 10.199.65.236[4500]<br>
Apr 24 17:21:43 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:43 accel charon: 16[NET] received packet:
from 50.197.174.157[4500] to 10.199.65.236[4500] (164
bytes)<br>
Apr 24 17:21:43 accel charon: 16[NET] received packet:
from 50.197.174.157[4500] to 10.199.65.236[4500] (1372
bytes)<br>
Apr 24 17:21:43 accel charon: 16[IKE] ignoring certificate
request without data<br>
Apr 24 17:21:43 accel charon: 16[IKE] received end entity
cert "C=US, O=strongSwan,
CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307"<br>
Apr 24 17:21:43 accel charon: 16[CFG] looking for
XAuthInitRSA peer configs matching
10.199.65.236...50.197.174.157[C=US, O=strongSwan,
CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307]<br>
Apr 24 17:21:43 accel charon: 16[CFG] candidate "ios",
match: 1/1/28 (me/other/ike)<br>
Apr 24 17:21:43 accel charon: 16[CFG] selected peer config
"ios"<br>
Apr 24 17:21:43 accel charon: 16[CFG] using certificate
"C=US, O=strongSwan,
CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307"<br>
Apr 24 17:21:43 accel charon: 16[CFG] certificate "C=US,
O=strongSwan, CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307"
key: 2048 bit RSA<br>
Apr 24 17:21:43 accel charon: 16[LIB] signature
verification:<br>
Apr 24 17:21:43 accel charon: 16[CFG] using trusted ca
certificate "C=US, ST=California, L=New York, O=Internet
Widgits Pty Ltd, OU=ActMobile, CN=<a
moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:43 accel charon: 16[CFG] checking certificate
status of "C=US, O=strongSwan,
CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307"<br>
Apr 24 17:21:43 accel charon: 16[CFG] ocsp check skipped,
no ocsp found<br>
Apr 24 17:21:43 accel charon: 16[CFG] certificate status
is not available<br>
Apr 24 17:21:43 accel charon: 16[CFG] certificate "C=US,
ST=California, L=New York, O=Internet Widgits Pty Ltd,
OU=ActMobile, CN=<a moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"
key: 2048 bit RSA<br>
Apr 24 17:21:43 accel charon: 16[CFG] reached
self-signed root ca with a path length of 0<br>
Apr 24 17:21:43 accel charon: 16[IKE] authentication of
'C=US, O=strongSwan,
CN=IDE-4B53-E547-4C2A-A2B7-78D2BA436307' with RSA
successful<br>
Apr 24 17:21:43 accel charon: 16[IKE] authentication of
'C=US, ST=California, L=New York, O=Internet Widgits Pty
Ltd, OU=ActMobile, CN=<a moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>'
(myself) successful<br>
Apr 24 17:21:43 accel charon: 16[IKE] queueing XAUTH task<br>
Apr 24 17:21:43 accel charon: 16[IKE] sending end entity
cert "C=US, ST=California, L=New York, O=Internet Widgits
Pty Ltd, OU=ActMobile, CN=<a moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com" target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com" target="_blank">E=support@actmobile.com</a>"<br>
Apr 24 17:21:43 accel charon: 16[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500] (544 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500]<br>
Apr 24 17:21:43 accel charon: 16[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500] (544 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500]<br>
Apr 24 17:21:43 accel charon: 16[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500] (544 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500]<br>
Apr 24 17:21:43 accel charon: 16[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500] (92 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500]<br>
Apr 24 17:21:43 accel charon: 16[IKE] activating new tasks<br>
Apr 24 17:21:43 accel charon: 16[IKE] activating XAUTH
task<br>
Apr 24 17:21:43 accel charon: 16[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500] (76 bytes)<br>
Apr 24 17:21:43 accel charon: 07[NET] sending packet: from
10.199.65.236[4500] to 50.197.174.157[4500]<br>
Apr 24 17:21:43 accel charon: 06[NET] received packet:
from 50.197.174.157[4500] to 10.199.65.236[4500]<br>
Apr 24 17:21:43 accel charon: 06[NET] waiting for data on
sockets<br>
Apr 24 17:21:43 accel charon: 10[NET] received packet:
from 50.197.174.157[4500] to 10.199.65.236[4500] (92
bytes)<br>
Apr 24 17:21:43 accel charon: 10[IKE] XAuth authentication
of 'actmobile' successful<br>
Apr 24 17:21:43 accel charon: 10[IKE] deleting duplicate
IKE_SA for peer 'actmobile' due to uniqueness policy<br>
Apr 24 17:21:43 accel charon: 10[IKE] queueing
QUICK_DELETE task<br>
Apr 24 17:21:43 accel charon: 10[IKE] queueing
ISAKMP_DELETE task<br>
Apr 24 17:21:43 accel charon: 10[IKE] activating new tasks<br>
Apr 24 17:21:43 accel charon: 10[IKE] activating
QUICK_DELETE task<br>
Apr 24 17:21:43 accel charon: 10[KNL] querying SAD entry
with SPI cdc2e52a (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] querying SAD entry
with SPI 0d6bbaab (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[IKE] closing CHILD_SA
ios{2} with SPIs cdc2e52a_i (1438 bytes) 0d6bbaab_o (4780
bytes) and TS <a moz-do-not-send="true"
href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
=== <a moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> <br>
Apr 24 17:21:43 accel charon: 10[KNL] querying SAD entry
with SPI cdc2e52a (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] querying SAD entry
with SPI 0d6bbaab (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> === <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> out (mark
0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] policy still used by
another CHILD_SA, not removed<br>
Apr 24 17:21:43 accel charon: 10[KNL] updating policy <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> === <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> out (mark
0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] policy still used by
another CHILD_SA, not removed<br>
Apr 24 17:21:43 accel charon: 10[KNL] updating policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] policy still used by
another CHILD_SA, not removed<br>
Apr 24 17:21:43 accel charon: 10[KNL] updating policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] getting a local
address in traffic selector <a moz-do-not-send="true"
href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a><br>
Apr 24 17:21:43 accel charon: 10[KNL] using host %any<br>
Apr 24 17:21:43 accel charon: 10[KNL] using 10.199.65.193
as nexthop to reach <a moz-do-not-send="true"
href="http://166.170.42.208/32" target="_blank">166.170.42.208/32</a><br>
Apr 24 17:21:43 accel charon: 10[KNL] 10.199.65.236 is on
interface eth0<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> === <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> out (mark
0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> in (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting policy <a
moz-do-not-send="true" href="http://10.254.0.1/32"
target="_blank">10.254.0.1/32</a> === <a
moz-do-not-send="true" href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a> fwd (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] getting iface index
for eth0<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting SAD entry
with SPI cdc2e52a (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleted SAD entry
with SPI cdc2e52a (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleting SAD entry
with SPI 0d6bbaab (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[KNL] deleted SAD entry
with SPI 0d6bbaab (mark 0/0x00000000)<br>
Apr 24 17:21:43 accel charon: 10[IKE] sending DELETE for
ESP CHILD_SA with SPI cdc2e52a<br>
Apr 24 17:21:43 accel rsyslogd-2177: imuxsock begins to
drop messages from pid 14031 due to rate-limiting<br>
<br>
<div>On 4/24/15 10:04 AM, Miroslav Svoboda wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">This log does not show the information I
am looking for.
<div>Please move the old logfile away.<br>
<div>Please set all loglevels to 2 except "enc". You
can do it in file
/etc/strongswan/strongswan.d/charon-logging</div>
<div>Then start strongswan, connect both phones and
send me the whole file.</div>
<div><br>
</div>
<div>Section filelog of the afore mentioned config
file should look like below:</div>
</div>
<div><br>
</div>
<div>
<div> filelog {</div>
<div><br>
</div>
<div> # <filename> is the full path to
the log file.</div>
<div> /var/log/strongswan.log {</div>
<div><br>
</div>
<div> # Loglevel for a specific
subsystem.</div>
<div> # <subsystem> =
<default></div>
<div> enc = 1</div>
<div> job = 1</div>
<div> cfg = 2</div>
<div> ike = 2</div>
<div> mgr = 2</div>
<div> knl = 2</div>
<div> chd = 2</div>
<div><br>
</div>
<div> # If this option is enabled log
entries are appended to the existing</div>
<div> # file.</div>
<div> append = yes</div>
<div><br>
</div>
<div> # Default loglevel.</div>
<div> default = 1</div>
<div><br>
</div>
<div> # Enabling this option disables
block buffering and enables line</div>
<div> # buffering.</div>
<div> flush_line = yes</div>
<div><br>
</div>
<div> # Prefix each log entry with the
connection name and a unique</div>
<div> # numerical identifier for each
IKE_SA.</div>
<div> ike_name = yes</div>
<div><br>
</div>
<div> # Prefix each log entry with a
timestamp. The option accepts a</div>
<div> # format string as passed to
strftime(3).</div>
<div> time_format = %F %T</div>
<div><br>
</div>
<div> }</div>
<div> }</div>
</div>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">Miroslav Svoboda | <a
moz-do-not-send="true"
href="tel:%2B420%20608%20224%20486"
value="+420608224486" target="_blank">+420
608 224 486</a></div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On 24 April 2015 at 18:38,
Andrew Foss <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:afoss@actmobile.com"
target="_blank">afoss@actmobile.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Miroslav,<br>
<br>
Here's the log output, I've added an annotation
where the second device connected;<br>
<br>
Both devices get the addres <a
moz-do-not-send="true"
href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a><br>
<br>
It seems as if my range <a
moz-do-not-send="true"
href="http://10.254.0.0/16" target="_blank">10.254.0.0/16</a>
is being sent to the client and letting the
client pick an address from the range and the
clients always pick the same 10.254.0.1, is that
how the range works?<br>
<br>
****first device connects********<br>
Apr 24 16:31:47 accel charon: 15[ENC] insert
decrypted payload of type DELETE_V1 at end of
list<br>
Apr 24 16:31:47 accel charon: 15[ENC] verifying
message structure<br>
Apr 24 16:31:47 accel charon: 15[ENC] found
payload of type DELETE_V1<br>
Apr 24 16:31:47 accel charon: 15[ENC] parsed
INFORMATIONAL_V1 request 35463176 [ HASH D ]<br>
Apr 24 16:31:47 accel charon: 15[IKE] received
DELETE for IKE_SA ios[6]<br>
Apr 24 16:31:47 accel charon: 15[IKE] deleting
IKE_SA ios[6] between 10.199.65.236[C=US,
ST=California, L=New York, O=Internet Widgits
Pty Ltd, OU=ActMobile, CN=<a
moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com"
target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com"
target="_blank">E=support@actmobile.com</a>]...166.170.42.208[C=US,
O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292]<br>
Apr 24 16:31:47 accel charon: 15[IKE] IKE_SA
ios[6] state change: ESTABLISHED => DELETING<br>
Apr 24 16:31:47 accel charon: 15[IKE] IKE_SA
ios[6] state change: DELETING => DELETING<br>
Apr 24 16:31:47 accel charon: 15[IKE] IKE_SA
ios[6] state change: DELETING => DESTROYING<br>
Apr 24 16:31:47 accel charon: 15[CFG] lease
10.254.0.1 by 'actmobile' went offline<br>
Apr 24 16:33:42 accel charon: 03[NET] received
packet: from 166.170.42.208[36359] to
10.199.65.236[500]<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
header of message<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
HEADER payload, 668 bytes left<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 0 IKE_SPI<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 1 IKE_SPI<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 2 U_INT_8<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 3 U_INT_4<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 4 U_INT_4<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 5 U_INT_8<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 6 RESERVED_BIT<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 7 RESERVED_BIT<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 8 FLAG<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 9 FLAG<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 10 FLAG<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 11 FLAG<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 12 FLAG<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 13 FLAG<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 14 U_INT_32<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
rule 15 HEADER_LENGTH<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsing
HEADER payload finished<br>
Apr 24 16:33:42 accel charon: 03[ENC] parsed a
ID_PROT message header<br>
Apr 24 16:33:42 accel charon: 03[NET] waiting
for data on sockets<br>
Apr 24 16:33:42 accel charon: 09[NET] received
packet: from 166.170.42.208[36359] to
10.199.65.236[500] (668 bytes)<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
body of message, first payload is
SECURITY_ASSOCIATION_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] starting
parsing a SECURITY_ASSOCIATION_V1 payload<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
SECURITY_ASSOCIATION_V1 payload, 640 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 RESERVED_BIT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 RESERVED_BIT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 RESERVED_BIT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 4 RESERVED_BIT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 5 RESERVED_BIT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 6 RESERVED_BIT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 7 RESERVED_BIT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 8 RESERVED_BIT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 9 PAYLOAD_LENGTH<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 10 U_INT_32<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 11 U_INT_32<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 12 (1258)<br>
Apr 24 16:33:42 accel charon: 09[ENC] 352
bytes left, parsing recursively
PROPOSAL_SUBSTRUCTURE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
PROPOSAL_SUBSTRUCTURE_V1 payload, 628 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 RESERVED_BYTE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 PAYLOAD_LENGTH<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 4 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 5 SPI_SIZE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 6 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 7 SPI<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 8 (1260)<br>
Apr 24 16:33:42 accel charon: 09[ENC] 344
bytes left, parsing recursively
TRANSFORM_SUBSTRUCTURE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_SUBSTRUCTURE_V1 payload, 620 bytes
left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 RESERVED_BYTE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 PAYLOAD_LENGTH<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 4 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 5 RESERVED_BYTE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 6 RESERVED_BYTE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 7 (1262)<br>
Apr 24 16:33:42 accel charon: 09[ENC] 28 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 612 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 24 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 608 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 20 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 604 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 16 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 600 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 12 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 596 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 8 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 592 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 4 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 588 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_SUBSTRUCTURE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 308
bytes left, parsing recursively
TRANSFORM_SUBSTRUCTURE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_SUBSTRUCTURE_V1 payload, 584 bytes
left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 RESERVED_BYTE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 PAYLOAD_LENGTH<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 4 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 5 RESERVED_BYTE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 6 RESERVED_BYTE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 7 (1262)<br>
Apr 24 16:33:42 accel charon: 09[ENC] 28 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 576 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 24 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 572 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 20 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 568 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 16 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 564 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 12 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 560 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 8 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 556 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 4 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 552 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_SUBSTRUCTURE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 272
bytes left, parsing recursively
TRANSFORM_SUBSTRUCTURE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_SUBSTRUCTURE_V1 payload, 548 bytes
left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 RESERVED_BYTE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 PAYLOAD_LENGTH<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 4 U_INT_8<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 5 RESERVED_BYTE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 6 RESERVED_BYTE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 7 (1262)<br>
Apr 24 16:33:42 accel charon: 09[ENC] 28 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 540 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 24 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 536 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:33:42 accel charon: 09[ENC] 20 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 532 bytes left<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:33:42 accel charon: 09[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:33:42 accel rsyslogd-2177: imuxsock
begins to drop messages from pid 8547 due to
rate-limiting<br>
<br>
<br>
<br>
<br>
<br>
<br>
Apr 24 16:34:02 accel rsyslogd-2177: imuxsock
lost 2784 messages from pid 8547 due to
rate-limiting<br>
Apr 24 16:34:02 accel charon: 07[KNL] querying
policy <a moz-do-not-send="true"
href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
=== <a moz-do-not-send="true"
href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
out (mark 0/0x00000000)<br>
<br>
<br>
Apr 24 16:34:08 accel charon: 15[KNL] querying
policy <a moz-do-not-send="true"
href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
=== <a moz-do-not-send="true"
href="http://10.254.0.1/32" target="_blank">10.254.0.1/32</a>
out (mark 0/0x00000000)<br>
Apr 24 16:34:08 accel charon: 15[IKE] sending
keep alive to 166.170.42.208[64139]<br>
Apr 24 16:34:08 accel charon: 14[NET] sending
packet: from 10.199.65.236[4500] to
166.170.42.208[64139]<br>
<br>
<br>
<br>
****second device connected*****<br>
<br>
<br>
<br>
<br>
Apr 24 16:34:17 accel charon: 03[NET] received
packet: from 50.197.174.157[500] to
10.199.65.236[500]<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
header of message<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
HEADER payload, 668 bytes left<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 0 IKE_SPI<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 1 IKE_SPI<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 2 U_INT_8<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 3 U_INT_4<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 4 U_INT_4<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 5 U_INT_8<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 6 RESERVED_BIT<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 7 RESERVED_BIT<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 8 FLAG<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 9 FLAG<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 10 FLAG<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 11 FLAG<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 12 FLAG<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 13 FLAG<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 14 U_INT_32<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
rule 15 HEADER_LENGTH<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsing
HEADER payload finished<br>
Apr 24 16:34:17 accel charon: 03[ENC] parsed a
ID_PROT message header<br>
Apr 24 16:34:17 accel charon: 03[NET] waiting
for data on sockets<br>
Apr 24 16:34:17 accel charon: 16[NET] received
packet: from 50.197.174.157[500] to
10.199.65.236[500] (668 bytes)<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
body of message, first payload is
SECURITY_ASSOCIATION_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] starting
parsing a SECURITY_ASSOCIATION_V1 payload<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
SECURITY_ASSOCIATION_V1 payload, 640 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 RESERVED_BIT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 RESERVED_BIT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 RESERVED_BIT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 4 RESERVED_BIT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 5 RESERVED_BIT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 6 RESERVED_BIT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 7 RESERVED_BIT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 8 RESERVED_BIT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 9 PAYLOAD_LENGTH<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 10 U_INT_32<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 11 U_INT_32<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 12 (1258)<br>
Apr 24 16:34:17 accel charon: 16[ENC] 352
bytes left, parsing recursively
PROPOSAL_SUBSTRUCTURE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
PROPOSAL_SUBSTRUCTURE_V1 payload, 628 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 RESERVED_BYTE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 PAYLOAD_LENGTH<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 4 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 5 SPI_SIZE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 6 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 7 SPI<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 8 (1260)<br>
Apr 24 16:34:17 accel charon: 16[ENC] 344
bytes left, parsing recursively
TRANSFORM_SUBSTRUCTURE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_SUBSTRUCTURE_V1 payload, 620 bytes
left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 RESERVED_BYTE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 PAYLOAD_LENGTH<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 4 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 5 RESERVED_BYTE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 6 RESERVED_BYTE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 7 (1262)<br>
Apr 24 16:34:17 accel charon: 16[ENC] 28 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 612 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 24 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 608 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 20 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 604 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 16 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 600 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 12 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 596 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 8 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 592 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 4 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 588 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_SUBSTRUCTURE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 308
bytes left, parsing recursively
TRANSFORM_SUBSTRUCTURE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_SUBSTRUCTURE_V1 payload, 584 bytes
left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 RESERVED_BYTE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 PAYLOAD_LENGTH<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 4 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 5 RESERVED_BYTE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 6 RESERVED_BYTE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 7 (1262)<br>
Apr 24 16:34:17 accel charon: 16[ENC] 28 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 576 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 24 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 572 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 20 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 568 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 16 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 564 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 12 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 560 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 8 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 556 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 4 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 552 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_SUBSTRUCTURE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 272
bytes left, parsing recursively
TRANSFORM_SUBSTRUCTURE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_SUBSTRUCTURE_V1 payload, 548 bytes
left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 RESERVED_BYTE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 PAYLOAD_LENGTH<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 4 U_INT_8<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 5 RESERVED_BYTE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 6 RESERVED_BYTE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 7 (1262)<br>
Apr 24 16:34:17 accel charon: 16[ENC] 28 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 540 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 24 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 536 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload finished<br>
Apr 24 16:34:17 accel charon: 16[ENC] 20 bytes
left, parsing recursively TRANSFORM_ATTRIBUTE_V1<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
TRANSFORM_ATTRIBUTE_V1 payload, 532 bytes left<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 0 ATTRIBUTE_FORMAT<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 1 ATTRIBUTE_TYPE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 2 ATTRIBUTE_LENGTH_OR_VALUE<br>
Apr 24 16:34:17 accel charon: 16[ENC] parsing
rule 3 ATTRIBUTE_VALUE<br>
Apr 24 16:34:17 accel rsyslogd-2177: imuxsock
begins to drop messages from pid 8547 due to
rate-limiting
<div>
<div><br>
<br>
<div>On 4/24/15 8:49 AM, Miroslav Svoboda
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hi,</div>
Can you send me the before mentioned
logfile with logelevels set to 2 showing
followin scenario?
<div><br>
</div>
<div>1. restart strongswan</div>
<div>2. connect first phone and let it
connected</div>
<div>3. as soon as possible connect
second phone</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">Miroslav Svoboda |
<a moz-do-not-send="true"
href="tel:%2B420%20608%20224%20486"
value="+420608224486"
target="_blank">+420 608 224
486</a>
<div><br>
</div>
</div>
</div>
</div>
<div class="gmail_quote">On 24 April
2015 at 17:22, Andrew Foss <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:afoss@actmobile.com"
target="_blank">afoss@actmobile.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000"> Miroslav,<br>
<br>
thank you for responding, I
believe the second device
connecting is getting the same
IP address as the first;<br>
<br>
Here's a log I spit out of
updown scripts, both devices get
<a moz-do-not-send="true"
href="http://10.255.0.1/32"
target="_blank">10.255.0.1/32</a>,
the intent it to have <a
moz-do-not-send="true"
href="http://10.255.0.0/16"
target="_blank">10.255.0.0/16</a>
as a pool of addresses for the
connecting devices.<br>
<br>
up-client C=US, O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292
bytes in '0' out '0' packets
in '0' out '0' <br>
up-client eth0 0 <a
moz-do-not-send="true"
href="http://10.255.0.1/32"
target="_blank">10.255.0.1/32</a>
10.199.65.236 -m policy --pol
ipsec --proto esp --reqid 7
--dir in<br>
down-client C=US, O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292
bytes in '1478' out '5161'
packets in '17' out '14' <br>
up-client C=US, O=strongSwan,
CN=IDE-0DF5-9A4B-47B0-829E-245DDF715C4E
bytes in '0' out '0' packets
in '0' out '0' <br>
up-client eth0 0 <a
moz-do-not-send="true"
href="http://10.255.0.1/32"
target="_blank">10.255.0.1/32</a>
10.199.65.236 -m policy --pol
ipsec --proto esp --reqid 8
--dir in<br>
down-client C=US, O=strongSwan,
CN=IDE-0DF5-9A4B-47B0-829E-245DDF715C4E
bytes in '3937' out '9212'
packets in '28' out '23' <br>
up-client C=US, O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292
bytes in '0' out '0' packets
in '0' out '0' <br>
up-client eth0 0 <a
moz-do-not-send="true"
href="http://10.255.0.1/32"
target="_blank">10.255.0.1/32</a>
10.199.65.236 -m policy --pol
ipsec --proto esp --reqid 9
--dir in<br>
<br>
and the route<br>
ip route list table 220<br>
10.255.0.1 via 10.199.65.193 dev
eth0 proto static <br>
<br>
statusall only shows the first
device to connect<br>
Status of IKE charon daemon
(strongSwan 5.3.0, Linux
3.2.0-54-virtual, x86_64):<br>
uptime: 18 minutes, since Apr
24 15:04:24 2015<br>
malloc: sbrk 2555904, mmap 0,
used 473168, free 2082736<br>
worker threads: 11 of 16 idle,
5/0/0/0 working, job queue:
0/0/0/0, scheduled: 23<br>
loaded plugins: charon aes des
rc2 sha1 sha2 md5 random nonce
x509 revocation constraints
pubkey pkcs1 pkcs7 pkcs8 pkcs12
pgp dnskey sshkey pem fips-prf
gmp xcbc cmac hmac curl attr
kernel-netlink resolve
socket-default stroke updown
xauth-generic<br>
Virtual IP pools
(size/online/offline):<br>
<a moz-do-not-send="true"
href="http://10.255.0.0/16"
target="_blank">10.255.0.0/16</a>:
65534/1/0<br>
Listening IP addresses:<br>
10.199.65.236<br>
10.0.0.116<br>
10.0.1.10<br>
10.0.1.12<br>
10.0.0.242<br>
10.0.0.120<br>
10.0.0.122<br>
10.0.0.238<br>
Connections:<br>
ios: %any,<a
moz-do-not-send="true"
href="http://0.0.0.0/0,::/0...%any"
target="_blank">0.0.0.0/0,::/0...%any</a>
IKEv1<br>
ios: local: [C=US,
ST=California, L=New York,
O=Internet Widgits Pty Ltd,
OU=ActMobile, CN=<a
moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com"
target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com"
target="_blank">E=support@actmobile.com</a>]
uses public key authentication<br>
ios: cert: "C=US,
ST=California, L=New York,
O=Internet Widgits Pty Ltd,
OU=ActMobile, CN=<a
moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com"
target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com"
target="_blank">E=support@actmobile.com</a>"<br>
ios: remote: uses
public key authentication<br>
ios: remote: uses
XAuth authentication: any<br>
ios: child: <a
moz-do-not-send="true"
href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a>
=== dynamic TUNNEL<br>
Security Associations (1 up, 0
connecting):<br>
ios[12]: ESTABLISHED 2
minutes ago, 10.199.65.236[C=US,
ST=California, L=New York,
O=Internet Widgits Pty Ltd,
OU=ActMobile, CN=<a
moz-do-not-send="true"
href="http://ipsec.corp.actmobile.com"
target="_blank">ipsec.corp.actmobile.com</a>,
<a moz-do-not-send="true"
href="mailto:E=support@actmobile.com"
target="_blank">E=support@actmobile.com</a>]...166.170.42.208[C=US,
O=strongSwan,
CN=IDE-B1DA-3355-4C89-BA98-A580BD513292]<br>
ios[12]: Remote XAuth
identity: actmobile<br>
ios[12]: IKEv1 SPIs:
387433cc7c4e0cf7_i
b7f0e6ff754ca158_r*, public key
reauthentication in 2 hours<br>
ios[12]: IKE proposal:
AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536<br>
ios{11}: INSTALLED,
TUNNEL, reqid 11, ESP in UDP
SPIs: cca21352_i 0ef3c1ab_o<br>
ios{11}:
AES_CBC_128/HMAC_SHA1_96, 1534
bytes_i (18 pkts, 104s ago),
5393 bytes_o (15 pkts, 104s
ago), rekeying in 23 hours<br>
ios{11}: <a
moz-do-not-send="true"
href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a>
=== <a moz-do-not-send="true"
href="http://10.255.0.1/32"
target="_blank">10.255.0.1/32</a>
<br>
<br>
Here's the conn from ipsec.conf,
do I really need to setup a dhcp
service instead?<br>
<br>
conn
ios
<br>
keyexchange=ikev1
<br>
authby=xauthrsasig
<br>
xauth=server
<br>
left=%any
<br>
leftsubnet=<a
moz-do-not-send="true"
href="http://0.0.0.0/0"
target="_blank">0.0.0.0/0</a>
<br>
leftsourceip =
%modeconfig
<br>
leftallowany =
yes
<br>
lefthostaccess=yes
<br>
leftupdown=/opt/actmobile/accelerator/actmobile_ipsec_updown
<br>
leftcert=serverCert.pem
<br>
right=%any
<br>
rightsourceip=<a
moz-do-not-send="true"
href="http://10.255.0.0/16"
target="_blank">10.255.0.0/16</a>
<br>
<br>
rightfirewall=yes
<br>
righthostaccess=yes
<br>
auto=start
<br>
rekey=yes
<br>
fragmentation=yes
<br>
lifetime=24h
<br>
dpddelay=0
<br>
dpdtimeout=24h<br>
<br>
<div>On 4/24/15 12:51 AM,
Miroslav Svoboda wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Please can you
provide:
<div>- log with default
loglevel set to 2, showing
start of both iPhones
connection</div>
<div>- output of command
"strongswan statusall" at
the time both iphone are
connected</div>
<div>- route table and
iptables rules (tables
filter, nat, mangle)</div>
<div><br>
</div>
<div>I believe this question
would be next time better
fit for users list and
even might get answered
quicker there.</div>
<div><br>
</div>
<div>Miroslav</div>
<br>
On Thursday, April 23, 2015
at 4:40:15 PM UTC+2, Andrew
Foss wrote:
<blockquote
class="gmail_quote"
style="margin:0;margin-left:0.8ex;border-left:1px
#ccc
solid;padding-left:1ex">I
am bringing up an ipsec
server for our ios users
and suspect my "left" <br>
parameters aren't quite
right, but so far my
changes have made it not <br>
work at all and I am not
fully understanding the
descriptions. I am <br>
running 5.3.0, our
ifupdown scripts open
iptables rules to allow
access <br>
to dns and the servers. <br>
<br>
What is see is first
device on a network
connects and works fine.
Second <br>
device connects and
neither works, second
device gets disconnected,
as <br>
if the routing/nat
handling is sending
packets down the wrong
tunnel. <br>
<br>
Here's my config, I
suspect leftsubnet should
be 0/0, these are just <br>
devices connecting for
themselves, not another
vpn gateway connecting a <br>
network. Any pointers? <br>
<br>
conn ios <br>
keyexchange=ikev1 <br>
#esp=null-sha1! <br>
authby=xauthrsasig <br>
xauth=server <br>
left=%defaultroute <br>
leftsubnet=<a
moz-do-not-send="true"
href="http://0.0.0.0/0"
rel="nofollow"
target="_blank">0.0.0.0/0</a>
<br>
#leftsubnet=<a
moz-do-not-send="true"
href="http://10.66.0.0/16"
rel="nofollow"
target="_blank">10.66.0.0/16</a>
<br>
#leftfirewall=yes <br>
leftupdown=/opt/actmobile/accelerator/actmobile_ipsec_updown
<br>
leftcert=serverCert.pem <br>
right=%any <br>
rightsourceip=<a
moz-do-not-send="true"
href="http://10.0.0.0/16"
rel="nofollow"
target="_blank">10.0.0.0/16</a>
<br>
#rightsourceip=<a
moz-do-not-send="true"
href="http://10.100.255.0/28"
rel="nofollow"
target="_blank">10.100.255.0/28</a>
<br>
#rightcert=clientCert.pem
<br>
#pfs=no <br>
auto=start <br>
rekey=yes <br>
fragmentation=yes <br>
lifetime=24h <br>
dpddelay=0 <br>
dpdtimeout=24h <br>
actmobile@accel:~-u <br>
<br>
thanks, <br>
andrew <br>
_______________________________________________
<br>
Dev mailing list <br>
<a moz-do-not-send="true"
href="mailto:Dev@lists.strongswan.org" rel="nofollow" target="_blank">Dev@lists.strongswan.org</a>
<br>
<a moz-do-not-send="true"
href="https://lists.strongswan.org/mailman/listinfo/dev" rel="nofollow"
target="_blank">https://lists.strongswan.org/mailman/listinfo/dev</a>
<br>
</blockquote>
</div>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>