<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hi,<div><br></div><div>I am running a strongSwan version 5.2.1 on Debian Wheezy at Digital Ocean. I can connect to strongSwan VPN with both IKEv1 (for iOS 7) and IKEv2 (for iOS 9) on WiFi. On the other hand, if I switch my WiFi off, the connection cannot be established on 3G/4G. </div><div><br></div><div>Any idea why? </div><div><br></div><div>Many thanks,</div><div>Jim</div><div><br></div><div>My ipsec.conf is as follows:</div><div><br></div><div><div># ipsec.conf - strongSwan IPsec configuration file</div><div><br></div><div>config setup</div><div><span class="Apple-tab-span" style="white-space:pre"> </span># uniqueids=never</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>charondebug="cfg 2, dmn 2, ike 2, net 2"</div><div><br></div><div>conn %default</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>keyexchange=ikev2</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024! </div><div><span class="Apple-tab-span" style="white-space:pre"> </span>esp=aes256-sha256,aes256-sha1,3des-sha1! </div><div><span class="Apple-tab-span" style="white-space:pre"> </span>dpdaction=clear</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>dpddelay=300s</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rekey=no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>left=%any</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftsubnet=0.0.0.0/0</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftcert=vpnHostCert.pem</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>right=%any</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightdns=8.8.8.8,8.8.4.4</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightsourceip=172.16.16.0/24</div><div><br></div><div>conn IPSec-IKEv2</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>keyexchange=ikev2</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>auto=add</div><div><br></div><div>conn IPSec-IKEv2-EAP</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>also="IPSec-IKEv2"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightauth=eap-mschapv2</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightsendcert=never</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>eap_identity=%any</div><div><br></div><div>conn CiscoIPSec</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>keyexchange=ikev1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightauth=pubkey</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightauth2=xauth</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>auto=add</div><div><br></div><div>conn IKEv2-Apple</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>left=%any</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftsubnet=0.0.0.0/0</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftauth=pubkey</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftcert=vpnHostCert.pem</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftid=debian.xxxxxx.com</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>leftsendcert=always</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>right=%any</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightsourceip=172.16.16.0/24</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rightauth=eap-mschapv2</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>eap_identity=%any</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>auto=add</div><div><br></div><div>include /var/lib/strongswan/ipsec.conf.inc</div></div><div><br></div><div><br></div><div><br></div><div><span style="font-size: 12pt;">The successful server syslog on WiFi is below:</span></div><div><br></div><div><div>Dec 30 19:02:40 debian charon: 09[NET] received packet: from 88.15.182.250[500] to 176.16.191.232[500]</div><div>Dec 30 19:02:40 debian charon: 09[NET] waiting for data on sockets</div><div>Dec 30 19:02:40 debian charon: 05[NET] received packet: from 88.15.182.250[500] to 176.16.191.232[500] (388 bytes)</div><div>Dec 30 19:02:40 debian charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]</div><div>Dec 30 19:02:40 debian charon: 05[CFG] looking for an ike config for 176.16.191.232...88.15.182.250</div><div>Dec 30 19:02:40 debian charon: 05[CFG] candidate: %any...%any, prio 28</div><div>Dec 30 19:02:40 debian charon: 05[CFG] candidate: %any...%any, prio 28</div><div>Dec 30 19:02:40 debian charon: 05[CFG] candidate: %any...%any, prio 28</div><div>Dec 30 19:02:40 debian charon: 05[CFG] found matching ike config: %any...%any with prio 28</div><div>Dec 30 19:02:40 debian charon: 05[IKE] 88.15.182.250 is initiating an IKE_SA</div><div>Dec 30 19:02:40 debian charon: 05[IKE] IKE_SA (unnamed)[10] state change: CREATED => CONNECTING</div><div>Dec 30 19:02:40 debian charon: 05[CFG] selecting proposal:</div><div>Dec 30 19:02:40 debian charon: 05[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div>Dec 30 19:02:40 debian charon: 05[CFG] selecting proposal:</div><div>Dec 30 19:02:40 debian charon: 05[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found</div><div>Dec 30 19:02:40 debian charon: 05[CFG] selecting proposal:</div><div>Dec 30 19:02:40 debian charon: 05[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div>Dec 30 19:02:40 debian charon: 05[CFG] selecting proposal:</div><div>Dec 30 19:02:40 debian charon: 05[CFG] proposal matches</div><div>Dec 30 19:02:40 debian charon: 05[CFG] received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div><div>Dec 30 19:02:40 debian charon: 05[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div><div>Dec 30 19:02:40 debian charon: 05[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div><div>Dec 30 19:02:40 debian charon: 05[IKE] remote host is behind NAT</div><div>Dec 30 19:02:40 debian charon: 05[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"</div><div>Dec 30 19:02:40 debian charon: 05[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]</div><div>Dec 30 19:02:40 debian charon: 05[NET] sending packet: from 176.16.191.232[500] to 88.15.182.250[500] (337 bytes)</div><div>Dec 30 19:02:40 debian charon: 10[NET] sending packet: from 176.16.191.232[500] to 88.15.182.250[500]</div><div>Dec 30 19:02:40 debian charon: 09[NET] received packet: from 88.15.182.250[1024] to 176.16.191.232[4500]</div><div>Dec 30 19:02:40 debian charon: 09[NET] waiting for data on sockets</div><div>Dec 30 19:02:40 debian charon: 14[NET] received packet: from 88.15.182.250[1024] to 176.16.191.232[4500] (428 bytes)</div><div>Dec 30 19:02:40 debian charon: 14[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]</div><div>Dec 30 19:02:40 debian charon: 14[CFG] looking for peer configs matching 176.16.191.232[debian.xxxxxx.com]...88.15.182.250[192.168.1.233]</div><div>Dec 30 19:02:40 debian charon: 14[CFG] candidate "IKEv2-Apple", match: 20/1/28 (me/other/ike)</div><div>Dec 30 19:02:40 debian charon: 14[CFG] selected peer config 'IKEv2-Apple'</div><div>Dec 30 19:02:40 debian charon: 14[IKE] initiating EAP_IDENTITY method (id 0x00)</div><div>Dec 30 19:02:40 debian charon: 14[IKE] processing INTERNAL_IP4_ADDRESS attribute</div><div>Dec 30 19:02:40 debian charon: 14[IKE] processing INTERNAL_IP4_DHCP attribute</div><div>Dec 30 19:02:40 debian charon: 14[IKE] processing INTERNAL_IP4_DNS attribute</div><div>Dec 30 19:02:40 debian charon: 14[IKE] processing INTERNAL_IP4_NETMASK attribute</div><div>Dec 30 19:02:40 debian charon: 14[IKE] processing INTERNAL_IP6_ADDRESS attribute</div><div>Dec 30 19:02:40 debian charon: 14[IKE] processing INTERNAL_IP6_DHCP attribute</div><div>Dec 30 19:02:40 debian charon: 14[IKE] processing INTERNAL_IP6_DNS attribute</div><div>Dec 30 19:02:40 debian charon: 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding</div><div>Dec 30 19:02:40 debian charon: 14[IKE] peer supports MOBIKE</div><div>Dec 30 19:02:40 debian charon: 14[IKE] authentication of 'debian.xxxxxx.com' (myself) with RSA signature successful</div><div>Dec 30 19:02:40 debian charon: 14[IKE] sending end entity cert "C=CH, O=strongSwan, CN=debian.xxxxxx.com"</div><div>Dec 30 19:02:40 debian charon: 14[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]</div><div>Dec 30 19:02:40 debian charon: 14[NET] sending packet: from 176.16.191.232[4500] to 88.15.182.250[1024] (1516 bytes)</div><div>Dec 30 19:02:40 debian charon: 10[NET] sending packet: from 176.16.191.232[4500] to 88.15.182.250[1024]</div><div>Dec 30 19:02:40 debian charon: 09[NET] received packet: from 88.15.182.250[1024] to 176.16.191.232[4500]</div><div>Dec 30 19:02:40 debian charon: 09[NET] waiting for data on sockets</div><div>Dec 30 19:02:40 debian charon: 11[NET] received packet: from 88.15.182.250[1024] to 176.16.191.232[4500] (76 bytes)</div><div>Dec 30 19:02:40 debian charon: 11[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]</div><div>Dec 30 19:02:40 debian charon: 11[IKE] received EAP identity 'user1'</div><div>Dec 30 19:02:40 debian charon: 11[IKE] initiating EAP_MSCHAPV2 method (id 0xED)</div><div>Dec 30 19:02:40 debian charon: 11[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]</div><div>Dec 30 19:02:40 debian charon: 11[NET] sending packet: from 176.16.191.232[4500] to 88.15.182.250[1024] (108 bytes)</div><div>Dec 30 19:02:40 debian charon: 10[NET] sending packet: from 176.16.191.232[4500] to 88.15.182.250[1024]</div><div>Dec 30 19:02:40 debian charon: 09[NET] received packet: from 88.15.182.250[1024] to 176.16.191.232[4500]</div><div>Dec 30 19:02:40 debian charon: 09[NET] waiting for data on sockets</div><div>Dec 30 19:02:40 debian charon: 16[NET] received packet: from 88.15.182.250[1024] to 176.16.191.232[4500] (140 bytes)</div><div>Dec 30 19:02:40 debian charon: 16[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]</div><div>Dec 30 19:02:40 debian charon: 16[IKE] EAP-MS-CHAPv2 username: 'user1'</div><div>Dec 30 19:02:40 debian charon: 16[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]</div><div>Dec 30 19:02:40 debian charon: 16[NET] sending packet: from 176.16.191.232[4500] to 88.15.182.250[1024] (140 bytes)</div><div>Dec 30 19:02:40 debian charon: 10[NET] sending packet: from 176.16.191.232[4500] to 88.15.182.250[1024]</div><div>Dec 30 19:02:40 debian charon: 09[NET] received packet: from 88.15.182.250[1024] to 176.16.191.232[4500]</div><div>Dec 30 19:02:40 debian charon: 09[NET] waiting for data on sockets</div><div>Dec 30 19:02:40 debian charon: 06[NET] received packet: from 88.15.182.250[1024] to 176.16.191.232[4500] (76 bytes)</div><div>Dec 30 19:02:40 debian charon: 06[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]</div><div>Dec 30 19:02:40 debian charon: 06[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established</div><div>Dec 30 19:02:40 debian charon: 06[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ]</div><div>Dec 30 19:02:40 debian charon: 06[NET] sending packet: from 176.16.191.232[4500] to 88.15.182.250[1024] (76 bytes)</div><div>Dec 30 19:02:40 debian charon: 10[NET] sending packet: from 176.16.191.232[4500] to 88.15.182.250[1024]</div><div>Dec 30 19:02:40 debian charon: 09[NET] received packet: from 88.15.182.250[1024] to 176.16.191.232[4500]</div><div>Dec 30 19:02:40 debian charon: 09[NET] waiting for data on sockets</div><div>Dec 30 19:02:40 debian charon: 03[NET] received packet: from 88.15.182.250[1024] to 176.16.191.232[4500] (92 bytes)</div><div>Dec 30 19:02:40 debian charon: 03[ENC] parsed IKE_AUTH request 5 [ AUTH ]</div><div>Dec 30 19:02:40 debian charon: 03[IKE] authentication of '192.168.1.233' with EAP successful</div><div>Dec 30 19:02:40 debian charon: 03[IKE] authentication of 'debian.xxxxxx.com' (myself) with EAP</div><div>Dec 30 19:02:40 debian charon: 03[IKE] IKE_SA IKEv2-Apple[10] established between 176.16.191.232[debian.xxxxxx.com]...88.15.182.250[192.168.1.233]</div><div>Dec 30 19:02:40 debian charon: 03[IKE] IKE_SA IKEv2-Apple[10] state change: CONNECTING => ESTABLISHED</div><div>Dec 30 19:02:40 debian charon: 03[IKE] peer requested virtual IP %any</div><div>Dec 30 19:02:40 debian charon: 03[CFG] assigning new lease to 'user1'</div><div>Dec 30 19:02:40 debian charon: 03[IKE] assigning virtual IP 172.16.16.3 to peer 'user1'</div><div>Dec 30 19:02:40 debian charon: 03[IKE] peer requested virtual IP %any6</div><div>Dec 30 19:02:40 debian charon: 03[IKE] no virtual IP found for %any6 requested by 'user1'</div><div>Dec 30 19:02:40 debian charon: 03[IKE] building INTERNAL_IP4_DNS attribute</div><div>Dec 30 19:02:40 debian charon: 03[IKE] building INTERNAL_IP4_DNS attribute</div><div>Dec 30 19:02:40 debian charon: 03[CFG] looking for a child config for 0.0.0.0/0 ::/0 === 0.0.0.0/0 ::/0 </div><div>Dec 30 19:02:40 debian charon: 03[CFG] proposing traffic selectors for us:</div><div>Dec 30 19:02:40 debian charon: 03[CFG] 0.0.0.0/0</div><div>Dec 30 19:02:40 debian charon: 03[CFG] proposing traffic selectors for other:</div><div>Dec 30 19:02:40 debian charon: 03[CFG] 172.16.16.3/32</div><div>Dec 30 19:02:40 debian charon: 03[CFG] candidate "IKEv2-Apple" with prio 10+2</div><div>Dec 30 19:02:40 debian charon: 03[CFG] found matching child config "IKEv2-Apple" with prio 12</div><div>Dec 30 19:02:40 debian charon: 03[CFG] selecting proposal:</div><div>Dec 30 19:02:40 debian charon: 03[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div>Dec 30 19:02:40 debian charon: 03[CFG] selecting proposal:</div><div>Dec 30 19:02:40 debian charon: 03[CFG] proposal matches</div><div>Dec 30 19:02:40 debian charon: 03[CFG] received proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ</div><div>Dec 30 19:02:40 debian charon: 03[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ</div><div>Dec 30 19:02:40 debian charon: 03[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ</div><div>Dec 30 19:02:40 debian charon: 03[CFG] selecting traffic selectors for us:</div><div>Dec 30 19:02:40 debian charon: 03[CFG] config: 0.0.0.0/0, received: 0.0.0.0/0 => match: 0.0.0.0/0</div><div>Dec 30 19:02:40 debian charon: 03[CFG] config: 0.0.0.0/0, received: ::/0 => no match</div><div>Dec 30 19:02:40 debian charon: 03[CFG] selecting traffic selectors for other:</div><div>Dec 30 19:02:40 debian charon: 03[CFG] config: 172.16.16.3/32, received: 0.0.0.0/0 => match: 172.16.16.3/32</div><div>Dec 30 19:02:40 debian charon: 03[CFG] config: 172.16.16.3/32, received: ::/0 => no match</div><div>Dec 30 19:02:40 debian charon: 03[IKE] CHILD_SA IKEv2-Apple{4} established with SPIs c38df2ad_i 0866104b_o and TS 0.0.0.0/0 === 172.16.16.3/32 </div><div>Dec 30 19:02:40 debian charon: 03[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) ]</div><div>Dec 30 19:02:40 debian charon: 03[NET] sending packet: from 176.16.191.232[4500] to 88.15.182.250[1024] (268 bytes)</div><div>Dec 30 19:02:40 debian charon: 10[NET] sending packet: from 176.16.191.232[4500] to 88.15.182.250[1024]</div></div><div><br></div><div><br></div><div><div>The unsuccessful server syslog on 3G/4G is below:</div><div><br></div></div><div><div>Dec 30 19:04:06 debian charon: 09[NET] received packet: from 82.132.216.222[55749] to 176.16.191.232[500]</div><div>Dec 30 19:04:06 debian charon: 09[NET] waiting for data on sockets</div><div>Dec 30 19:04:06 debian charon: 12[NET] received packet: from 82.132.216.222[55749] to 176.16.191.232[500] (388 bytes)</div><div>Dec 30 19:04:06 debian charon: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]</div><div>Dec 30 19:04:06 debian charon: 12[CFG] looking for an ike config for 176.16.191.232...82.132.216.222</div><div>Dec 30 19:04:06 debian charon: 12[CFG] candidate: %any...%any, prio 28</div><div>Dec 30 19:04:06 debian charon: 12[CFG] candidate: %any...%any, prio 28</div><div>Dec 30 19:04:06 debian charon: 12[CFG] candidate: %any...%any, prio 28</div><div>Dec 30 19:04:06 debian charon: 12[CFG] found matching ike config: %any...%any with prio 28</div><div>Dec 30 19:04:06 debian charon: 12[IKE] 82.132.216.222 is initiating an IKE_SA</div><div>Dec 30 19:04:06 debian charon: 12[IKE] IKE_SA (unnamed)[11] state change: CREATED => CONNECTING</div><div>Dec 30 19:04:06 debian charon: 12[CFG] selecting proposal:</div><div>Dec 30 19:04:06 debian charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div>Dec 30 19:04:06 debian charon: 12[CFG] selecting proposal:</div><div>Dec 30 19:04:06 debian charon: 12[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found</div><div>Dec 30 19:04:06 debian charon: 12[CFG] selecting proposal:</div><div>Dec 30 19:04:06 debian charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found</div><div>Dec 30 19:04:06 debian charon: 12[CFG] selecting proposal:</div><div>Dec 30 19:04:06 debian charon: 12[CFG] proposal matches</div><div>Dec 30 19:04:06 debian charon: 12[CFG] received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div><div>Dec 30 19:04:06 debian charon: 12[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div><div>Dec 30 19:04:06 debian charon: 12[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div><div>Dec 30 19:04:06 debian charon: 12[IKE] remote host is behind NAT</div><div>Dec 30 19:04:06 debian charon: 12[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"</div><div>Dec 30 19:04:06 debian charon: 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]</div><div>Dec 30 19:04:06 debian charon: 12[NET] sending packet: from 176.16.191.232[500] to 82.132.216.222[55749] (337 bytes)</div><div>Dec 30 19:04:06 debian charon: 10[NET] sending packet: from 176.16.191.232[500] to 82.132.216.222[55749]</div><div>Dec 30 19:04:06 debian charon: 09[NET] received packet: from 82.132.216.222[55751] to 176.16.191.232[4500]</div><div>Dec 30 19:04:06 debian charon: 09[NET] waiting for data on sockets</div><div>Dec 30 19:04:06 debian charon: 15[NET] received packet: from 82.132.216.222[55751] to 176.16.191.232[4500] (428 bytes)</div><div>Dec 30 19:04:06 debian charon: 15[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]</div><div>Dec 30 19:04:06 debian charon: 15[CFG] looking for peer configs matching 176.16.191.232[debian.xxxxxx.com]...82.132.216.222[10.146.87.3]</div><div>Dec 30 19:04:06 debian charon: 15[CFG] candidate "IKEv2-Apple", match: 20/1/28 (me/other/ike)</div><div>Dec 30 19:04:06 debian charon: 15[CFG] selected peer config 'IKEv2-Apple'</div><div>Dec 30 19:04:06 debian charon: 15[IKE] initiating EAP_IDENTITY method (id 0x00)</div><div>Dec 30 19:04:06 debian charon: 15[IKE] processing INTERNAL_IP4_ADDRESS attribute</div><div>Dec 30 19:04:06 debian charon: 15[IKE] processing INTERNAL_IP4_DHCP attribute</div><div>Dec 30 19:04:06 debian charon: 15[IKE] processing INTERNAL_IP4_DNS attribute</div><div>Dec 30 19:04:06 debian charon: 15[IKE] processing INTERNAL_IP4_NETMASK attribute</div><div>Dec 30 19:04:06 debian charon: 15[IKE] processing INTERNAL_IP6_ADDRESS attribute</div><div>Dec 30 19:04:06 debian charon: 15[IKE] processing INTERNAL_IP6_DHCP attribute</div><div>Dec 30 19:04:06 debian charon: 15[IKE] processing INTERNAL_IP6_DNS attribute</div><div>Dec 30 19:04:06 debian charon: 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding</div><div>Dec 30 19:04:06 debian charon: 15[IKE] peer supports MOBIKE</div><div>Dec 30 19:04:06 debian charon: 15[IKE] authentication of 'debian.xxxxxx.com' (myself) with RSA signature successful</div><div>Dec 30 19:04:06 debian charon: 15[IKE] sending end entity cert "C=CH, O=strongSwan, CN=debian.xxxxxx.com"</div><div>Dec 30 19:04:06 debian charon: 15[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]</div><div>Dec 30 19:04:06 debian charon: 15[NET] sending packet: from 176.16.191.232[4500] to 82.132.216.222[55751] (1516 bytes)</div><div>Dec 30 19:04:06 debian charon: 10[NET] sending packet: from 176.16.191.232[4500] to 82.132.216.222[55751]</div><div>Dec 30 19:04:10 debian charon: 09[NET] received packet: from 82.132.216.222[55751] to 176.16.191.232[4500]</div><div>Dec 30 19:04:10 debian charon: 09[NET] waiting for data on sockets</div><div>Dec 30 19:04:10 debian charon: 05[NET] received packet: from 82.132.216.222[55751] to 176.16.191.232[4500] (428 bytes)</div><div>Dec 30 19:04:10 debian charon: 05[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]</div><div>Dec 30 19:04:10 debian charon: 05[IKE] received retransmit of request with ID 1, retransmitting response</div><div>Dec 30 19:04:10 debian charon: 05[NET] sending packet: from 176.16.191.232[4500] to 82.132.216.222[55751] (1516 bytes)</div><div>Dec 30 19:04:10 debian charon: 10[NET] sending packet: from 176.16.191.232[4500] to 82.132.216.222[55751]</div><div>Dec 30 19:04:13 debian charon: 09[NET] received packet: from 82.132.216.222[55751] to 176.16.191.232[4500]</div><div>Dec 30 19:04:13 debian charon: 09[NET] waiting for data on sockets</div><div>Dec 30 19:04:13 debian charon: 14[NET] received packet: from 82.132.216.222[55751] to 176.16.191.232[4500] (428 bytes)</div><div>Dec 30 19:04:13 debian charon: 14[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]</div><div>Dec 30 19:04:13 debian charon: 14[IKE] received retransmit of request with ID 1, retransmitting response</div><div>Dec 30 19:04:13 debian charon: 14[NET] sending packet: from 176.16.191.232[4500] to 82.132.216.222[55751] (1516 bytes)</div><div>Dec 30 19:04:13 debian charon: 10[NET] sending packet: from 176.16.191.232[4500] to 82.132.216.222[55751]</div><div>Dec 30 19:04:16 debian charon: 09[NET] received packet: from 82.132.216.222[55751] to 176.16.191.232[4500]</div><div>Dec 30 19:04:16 debian charon: 09[NET] waiting for data on sockets</div><div>Dec 30 19:04:16 debian charon: 11[NET] received packet: from 82.132.216.222[55751] to 176.16.191.232[4500] (428 bytes)</div><div>Dec 30 19:04:16 debian charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]</div><div>Dec 30 19:04:16 debian charon: 11[IKE] received retransmit of request with ID 1, retransmitting response</div><div>Dec 30 19:04:16 debian charon: 11[NET] sending packet: from 176.16.191.232[4500] to 82.132.216.222[55751] (1516 bytes)</div><div>Dec 30 19:04:16 debian charon: 10[NET] sending packet: from 176.16.191.232[4500] to 82.132.216.222[55751]</div><div>Dec 30 19:04:36 debian charon: 16[JOB] deleting half open IKE_SA after timeout</div><div>Dec 30 19:04:36 debian charon: 16[IKE] IKE_SA IKEv2-Apple[11] state change: CONNECTING => DESTROYING</div></div><div><br></div><div><br></div> </div></body>
</html>