Jul 7 00:26:21 irkalla charon: 13[NET] received packet: from 1.1.1.1[58939] to 2.2.2.2[500] (732 bytes) Jul 7 00:26:21 irkalla charon: 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N((16431)) N(REDIR_SUP) ] Jul 7 00:26:21 irkalla charon: 13[IKE] 1.1.1.1 is initiating an IKE_SA Jul 7 00:26:21 irkalla charon: 13[IKE] remote host is behind NAT Jul 7 00:26:21 irkalla charon: 13[IKE] DH group ECP_256 inacceptable, requesting MODP_2048 Jul 7 00:26:21 irkalla charon: 13[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ] Jul 7 00:26:21 irkalla charon: 13[NET] sending packet: from 2.2.2.2[500] to 1.1.1.1[58939] (38 bytes) Jul 7 00:26:22 irkalla charon: 04[NET] received packet: from 1.1.1.1[58939] to 2.2.2.2[500] (924 bytes) Jul 7 00:26:22 irkalla charon: 04[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N((16431)) N(REDIR_SUP) ] Jul 7 00:26:22 irkalla charon: 04[IKE] 1.1.1.1 is initiating an IKE_SA Jul 7 00:26:22 irkalla charon: 04[IKE] remote host is behind NAT Jul 7 00:26:22 irkalla charon: 04[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] Jul 7 00:26:22 irkalla charon: 04[NET] sending packet: from 2.2.2.2[500] to 1.1.1.1[58939] (448 bytes) Jul 7 00:26:22 irkalla ipsec[19836]: 00[DMN] Starting IKE charon daemon (strongSwan 5.2.1, Linux 3.16.0-4-amd64, x86_64) Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] HA config misses local/remote address Jul 7 00:26:22 irkalla ipsec[19836]: 00[LIB] plugin 'ha': failed to load - ha_plugin_create returned NULL Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] loading crls from '/etc/ipsec.d/crls' Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] loading secrets from '/etc/ipsec.secrets' Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] expanding file expression '/var/lib/strongswan/ipsec.secrets.inc' failed Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] loaded IKE secret for 2.2.2.2 %any Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/privkey.pem' Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] loaded EAP secret for laurens3 Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] loaded EAP secret for laurens3 Jul 7 00:26:22 irkalla ipsec[19836]: 00[IKE] forwarding RADIUS attribute Framed-IP-Address Jul 7 00:26:22 irkalla ipsec[19836]: 00[CFG] loaded 1 RADIUS server configuration Jul 7 00:26:22 irkalla ipsec[19836]: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt af-alg fips-prf gmp agent xcbc cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity Jul 7 00:26:22 irkalla ipsec[19836]: 00[LIB] unable to load 5 plugin features (5 due to unmet dependencies) Jul 7 00:26:22 irkalla ipsec[19836]: 00[LIB] dropped capabilities, running as uid 0, gid 0 Jul 7 00:26:22 irkalla ipsec[19836]: 00[JOB] spawning 16 worker threads Jul 7 00:26:22 irkalla ipsec[19836]: 15[CFG] received stroke: add connection 'iOS-radius' Jul 7 00:26:22 irkalla ipsec[19836]: 15[CFG] loaded certificate "CN=some.host.domain" from 'fullchain.pem' Jul 7 00:26:22 irkalla ipsec[19836]: 15[CFG] added configuration 'iOS-radius' Jul 7 00:26:22 irkalla ipsec[19836]: 11[CFG] received stroke: add connection 'iOS' Jul 7 00:26:22 irkalla ipsec[19836]: 11[CFG] adding virtual IP address pool 1.1.2.0/24 Jul 7 00:26:22 irkalla ipsec[19836]: 11[CFG] loaded certificate "CN=some.host.domain" from 'fullchain.pem' Jul 7 00:26:22 irkalla ipsec[19836]: 11[CFG] added configuration 'iOS' Jul 7 00:26:22 irkalla ipsec[19836]: 12[CFG] received stroke: add connection 'ssapp' Jul 7 00:26:22 irkalla ipsec[19836]: 12[CFG] adding virtual IP address pool 10.0.0.0/24 Jul 7 00:26:22 irkalla ipsec[19836]: 12[CFG] loaded certificate "CN=some.host.domain" from 'fullchain.pem' Jul 7 00:26:22 irkalla ipsec[19836]: 12[CFG] added configuration 'ssapp' Jul 7 00:26:22 irkalla ipsec[19836]: 13[CFG] received stroke: add connection 'android_xauth_psk' Jul 7 00:26:22 irkalla ipsec[19836]: 13[CFG] left nor right host is our side, assuming left=local Jul 7 00:26:22 irkalla ipsec[19836]: 13[CFG] reusing virtual IP address pool 10.0.0.0/24 Jul 7 00:26:22 irkalla ipsec[19836]: 13[CFG] loaded certificate "CN=some.host.domain" from 'fullchain.pem' Jul 7 00:26:22 irkalla ipsec[19836]: 13[CFG] id '%any' not confirmed by certificate, defaulting to 'CN=some.host.domain' Jul 7 00:26:22 irkalla ipsec[19836]: 13[CFG] added configuration 'android_xauth_psk' Jul 7 00:26:22 irkalla ipsec[19836]: 14[CFG] received stroke: add connection 'test1' Jul 7 00:26:22 irkalla ipsec[19836]: 14[CFG] left nor right host is our side, assuming left=local Jul 7 00:26:22 irkalla ipsec[19836]: 14[CFG] adding virtual IP address pool 192.168.1.1/24 Jul 7 00:26:22 irkalla ipsec[19836]: 14[CFG] loaded certificate "CN=some.host.domain" from 'fullchain.pem' Jul 7 00:26:22 irkalla ipsec[19836]: 14[CFG] id '%any' not confirmed by certificate, defaulting to 'CN=some.host.domain' Jul 7 00:26:22 irkalla ipsec[19836]: 14[CFG] added configuration 'test1' Jul 7 00:26:22 irkalla ipsec[19836]: 08[CFG] received stroke: add connection 'L2TP-PSK' Jul 7 00:26:22 irkalla ipsec[19836]: 08[CFG] loaded certificate "CN=some.host.domain" from 'fullchain.pem' Jul 7 00:26:22 irkalla ipsec[19836]: 08[CFG] id '%any' not confirmed by certificate, defaulting to 'CN=some.host.domain' Jul 7 00:26:22 irkalla ipsec[19836]: 08[CFG] added configuration 'L2TP-PSK' Jul 7 00:26:22 irkalla ipsec[19836]: 07[CFG] received stroke: add connection 'vpn-connection' Jul 7 00:26:22 irkalla ipsec[19836]: 07[CFG] left nor right host is our side, assuming left=local Jul 7 00:26:22 irkalla ipsec[19836]: 07[CFG] loaded certificate "CN=some.host.domain" from 'fullchain.pem' Jul 7 00:26:22 irkalla ipsec[19836]: 07[CFG] added configuration 'vpn-connection' Jul 7 00:26:22 irkalla ipsec[19836]: 13[NET] received packet: from 1.1.1.1[58939] to 2.2.2.2[500] (732 bytes) Jul 7 00:26:22 irkalla ipsec[19836]: 13[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N((16431)) N(REDIR_SUP) ] Jul 7 00:26:22 irkalla ipsec[19836]: 13[IKE] 1.1.1.1 is initiating an IKE_SA Jul 7 00:26:22 irkalla ipsec[19836]: 13[IKE] remote host is behind NAT Jul 7 00:26:22 irkalla ipsec[19836]: 13[IKE] DH group ECP_256 inacceptable, requesting MODP_2048 Jul 7 00:26:22 irkalla ipsec[19836]: 13[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ] Jul 7 00:26:22 irkalla ipsec[19836]: 13[NET] sending packet: from 2.2.2.2[500] to 1.1.1.1[58939] (38 bytes) Jul 7 00:26:22 irkalla ipsec[19836]: 04[NET] received packet: from 1.1.1.1[58939] to 2.2.2.2[500] (924 bytes) Jul 7 00:26:22 irkalla ipsec[19836]: 04[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N((16431)) N(REDIR_SUP) ] Jul 7 00:26:22 irkalla ipsec[19836]: 04[IKE] 1.1.1.1 is initiating an IKE_SA Jul 7 00:26:22 irkalla ipsec[19836]: 04[IKE] remote host is behind NAT Jul 7 00:26:23 irkalla charon: 05[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:23 irkalla charon: 05[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:23 irkalla charon: 05[ENC] received fragment #1 of 4, waiting for complete IKE message Jul 7 00:26:23 irkalla charon: 08[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:23 irkalla charon: 08[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:23 irkalla charon: 08[ENC] received fragment #2 of 4, waiting for complete IKE message Jul 7 00:26:25 irkalla charon: 10[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:25 irkalla charon: 10[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:25 irkalla charon: 10[ENC] received duplicate fragment #1 Jul 7 00:26:25 irkalla charon: 11[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:25 irkalla charon: 11[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:25 irkalla charon: 11[ENC] received duplicate fragment #2 Jul 7 00:26:27 irkalla charon: 08[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:27 irkalla charon: 08[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:27 irkalla charon: 08[ENC] received duplicate fragment #1 Jul 7 00:26:31 irkalla charon: 12[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:31 irkalla charon: 12[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:31 irkalla charon: 12[ENC] received duplicate fragment #1 Jul 7 00:26:31 irkalla charon: 06[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:31 irkalla charon: 06[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:31 irkalla charon: 06[ENC] received duplicate fragment #2 Jul 7 00:26:31 irkalla charon: 06[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:31 irkalla charon: 06[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:31 irkalla charon: 06[ENC] received fragment #3 of 4, waiting for complete IKE message Jul 7 00:26:31 irkalla charon: 13[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (80 bytes) Jul 7 00:26:31 irkalla charon: 13[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:31 irkalla charon: 13[ENC] received fragment #4 of 4, reassembling fragmented IKE message Jul 7 00:26:31 irkalla charon: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] Jul 7 00:26:31 irkalla charon: 13[IKE] received 156 cert requests for an unknown ca Jul 7 00:26:31 irkalla charon: 13[CFG] looking for peer configs matching 2.2.2.2[%any]...1.1.1.1[laurens2] Jul 7 00:26:32 irkalla charon: 13[CFG] selected peer config 'iOS-radius' Jul 7 00:26:32 irkalla charon: 13[IKE] initiating EAP_IDENTITY method (id 0x00) Jul 7 00:26:32 irkalla charon: 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jul 7 00:26:32 irkalla charon: 13[IKE] peer supports MOBIKE Jul 7 00:26:32 irkalla charon: 13[IKE] authentication of 'some.host.domain' (myself) with RSA signature successful Jul 7 00:26:32 irkalla charon: 13[IKE] sending end entity cert "CN=some.host.domain" Jul 7 00:26:32 irkalla charon: 13[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ] Jul 7 00:26:32 irkalla charon: 13[ENC] splitting IKE message with length of 1644 bytes into 4 fragments Jul 7 00:26:32 irkalla charon: 13[ENC] payload ENCRYPTED_FRAGMENT has no ordering rule in IKE_AUTH response Jul 7 00:26:32 irkalla charon: 13[ENC] generating IKE_AUTH response 1 [ EF ] Jul 7 00:26:32 irkalla charon: 13[ENC] payload ENCRYPTED_FRAGMENT has no ordering rule in IKE_AUTH response Jul 7 00:26:32 irkalla charon: 13[ENC] generating IKE_AUTH response 1 [ EF ] Jul 7 00:26:32 irkalla charon: 13[ENC] payload ENCRYPTED_FRAGMENT has no ordering rule in IKE_AUTH response Jul 7 00:26:32 irkalla charon: 13[ENC] generating IKE_AUTH response 1 [ EF ] Jul 7 00:26:32 irkalla charon: 13[ENC] payload ENCRYPTED_FRAGMENT has no ordering rule in IKE_AUTH response Jul 7 00:26:32 irkalla charon: 13[ENC] generating IKE_AUTH response 1 [ EF ] Jul 7 00:26:32 irkalla charon: 13[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (544 bytes) Jul 7 00:26:32 irkalla charon: 13[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (544 bytes) Jul 7 00:26:32 irkalla charon: 13[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (544 bytes) Jul 7 00:26:32 irkalla charon: 13[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (208 bytes) Jul 7 00:26:32 irkalla charon: 05[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (92 bytes) Jul 7 00:26:32 irkalla charon: 05[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ] Jul 7 00:26:32 irkalla charon: 05[IKE] received EAP identity 'laurens2' Jul 7 00:26:32 irkalla charon: 05[CFG] sending RADIUS Access-Request to server 'server-a' Jul 7 00:26:32 irkalla charon: 05[CFG] received RADIUS Access-Challenge from server 'server-a' Jul 7 00:26:32 irkalla charon: 05[IKE] initiating EAP_MD5 method (id 0x01) Jul 7 00:26:32 irkalla charon: 05[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MD5 ] Jul 7 00:26:32 irkalla charon: 05[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (92 bytes) Jul 7 00:26:32 irkalla charon: 08[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (92 bytes) Jul 7 00:26:32 irkalla charon: 08[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MD5 ] Jul 7 00:26:32 irkalla charon: 08[CFG] sending RADIUS Access-Request to server 'server-a' Jul 7 00:26:32 irkalla charon: 08[CFG] received RADIUS Access-Accept from server 'server-a' Jul 7 00:26:32 irkalla charon: 08[LIB] 5 bytes insufficient to parse 6 bytes of data Jul 7 00:26:32 irkalla charon: 08[IKE] RADIUS authentication of 'laurens2' successful Jul 7 00:26:32 irkalla charon: 08[IKE] EAP method EAP_MD5 succeeded, no MSK established Jul 7 00:26:32 irkalla charon: 08[ENC] generating IKE_AUTH response 3 [ EAP/SUCC ] Jul 7 00:26:32 irkalla charon: 08[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (76 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 04[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ] Jul 7 00:26:32 irkalla ipsec[19836]: 04[NET] sending packet: from 2.2.2.2[500] to 1.1.1.1[58939] (448 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 05[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 05[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 05[ENC] received fragment #1 of 4, waiting for complete IKE message Jul 7 00:26:32 irkalla ipsec[19836]: 08[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 08[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 08[ENC] received fragment #2 of 4, waiting for complete IKE message Jul 7 00:26:32 irkalla ipsec[19836]: 10[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 10[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 10[ENC] received duplicate fragment #1 Jul 7 00:26:32 irkalla ipsec[19836]: 11[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 11[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 11[ENC] received duplicate fragment #2 Jul 7 00:26:32 irkalla ipsec[19836]: 08[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 08[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 08[ENC] received duplicate fragment #1 Jul 7 00:26:32 irkalla ipsec[19836]: 12[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 12[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 12[ENC] received duplicate fragment #1 Jul 7 00:26:32 irkalla ipsec[19836]: 06[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 06[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 06[ENC] received duplicate fragment #2 Jul 7 00:26:32 irkalla ipsec[19836]: 06[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (1248 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 06[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 06[ENC] received fragment #3 of 4, waiting for complete IKE message Jul 7 00:26:32 irkalla ipsec[19836]: 13[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (80 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] parsed IKE_AUTH request 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] received fragment #4 of 4, reassembling fragmented IKE message Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ] Jul 7 00:26:32 irkalla ipsec[19836]: 13[IKE] received 156 cert requests for an unknown ca Jul 7 00:26:32 irkalla ipsec[19836]: 13[CFG] looking for peer configs matching 2.2.2.2[%any]...1.1.1.1[laurens2] Jul 7 00:26:32 irkalla ipsec[19836]: 13[CFG] selected peer config 'iOS-radius' Jul 7 00:26:32 irkalla ipsec[19836]: 13[IKE] initiating EAP_IDENTITY method (id 0x00) Jul 7 00:26:32 irkalla ipsec[19836]: 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding Jul 7 00:26:32 irkalla ipsec[19836]: 13[IKE] peer supports MOBIKE Jul 7 00:26:32 irkalla ipsec[19836]: 13[IKE] authentication of 'some.host.domain' (myself) with RSA signature successful Jul 7 00:26:32 irkalla ipsec[19836]: 13[IKE] sending end entity cert "CN=some.host.domain" Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ] Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] splitting IKE message with length of 1644 bytes into 4 fragments Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] payload ENCRYPTED_FRAGMENT has no ordering rule in IKE_AUTH response Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] generating IKE_AUTH response 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] payload ENCRYPTED_FRAGMENT has no ordering rule in IKE_AUTH response Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] generating IKE_AUTH response 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] payload ENCRYPTED_FRAGMENT has no ordering rule in IKE_AUTH response Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] generating IKE_AUTH response 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] payload ENCRYPTED_FRAGMENT has no ordering rule in IKE_AUTH response Jul 7 00:26:32 irkalla ipsec[19836]: 13[ENC] generating IKE_AUTH response 1 [ EF ] Jul 7 00:26:32 irkalla ipsec[19836]: 13[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (544 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 13[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (544 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 13[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (544 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 13[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (208 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 05[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (92 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 05[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ] Jul 7 00:26:32 irkalla ipsec[19836]: 05[IKE] received EAP identity 'laurens2' Jul 7 00:26:32 irkalla ipsec[19836]: 05[CFG] sending RADIUS Access-Request to server 'server-a' Jul 7 00:26:32 irkalla ipsec[19836]: 05[CFG] received RADIUS Access-Challenge from server 'server-a' Jul 7 00:26:32 irkalla ipsec[19836]: 05[IKE] initiating EAP_MD5 method (id 0x01) Jul 7 00:26:32 irkalla ipsec[19836]: 05[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MD5 ] Jul 7 00:26:32 irkalla ipsec[19836]: 05[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (92 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 08[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (92 bytes) Jul 7 00:26:32 irkalla ipsec[19836]: 08[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MD5 ] Jul 7 00:26:32 irkalla ipsec[19836]: 08[CFG] sending RADIUS Access-Request to server 'server-a' Jul 7 00:26:32 irkalla charon: 15[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (92 bytes) Jul 7 00:26:32 irkalla charon: 15[ENC] parsed IKE_AUTH request 4 [ AUTH ] Jul 7 00:26:32 irkalla charon: 15[IKE] authentication of 'laurens2' with EAP successful Jul 7 00:26:32 irkalla charon: 15[IKE] authentication of 'some.host.domain' (myself) with EAP Jul 7 00:26:32 irkalla charon: 15[IKE] IKE_SA iOS-radius[2] established between 2.2.2.2[some.host.domain]...1.1.1.1[laurens2] Jul 7 00:26:32 irkalla charon: 15[IKE] scheduling reauthentication in 10105s Jul 7 00:26:32 irkalla charon: 15[IKE] maximum IKE_SA lifetime 10645s Jul 7 00:26:32 irkalla charon: 15[IKE] peer requested virtual IP %any Jul 7 00:26:32 irkalla charon: 15[IKE] assigning virtual IP 10.1.0.15 to peer 'laurens2' Jul 7 00:26:32 irkalla charon: 15[IKE] peer requested virtual IP %any6 Jul 7 00:26:32 irkalla charon: 15[IKE] no virtual IP found for %any6 requested by 'laurens2' Jul 7 00:26:32 irkalla charon: 15[IKE] CHILD_SA iOS-radius{1} established with SPIs cabb26a4_i 00b6d9f2_o and TS 0.0.0.0/0 === 10.1.0.15/32 Jul 7 00:26:32 irkalla charon: 15[CFG] scheduling RADIUS Interim-Updates every 300s Jul 7 00:26:32 irkalla charon: 15[CFG] sending RADIUS Accounting-Request to server 'server-a' Jul 7 00:26:32 irkalla charon: 15[CFG] received RADIUS Accounting-Response from server 'server-a' Jul 7 00:26:32 irkalla charon: 15[ENC] generating IKE_AUTH response 4 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) ] Jul 7 00:26:32 irkalla charon: 15[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (268 bytes) Jul 7 00:26:32 irkalla charon: 10[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (76 bytes) Jul 7 00:26:32 irkalla charon: 10[ENC] parsed INFORMATIONAL request 5 [ N(NO_ADD_ADDR) ] Jul 7 00:26:32 irkalla charon: 10[ENC] generating INFORMATIONAL response 5 [ ] Jul 7 00:26:32 irkalla charon: 10[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (76 bytes) Jul 7 00:26:39 irkalla charon: 14[NET] received packet: from 1.1.1.1[56080] to 2.2.2.2[4500] (76 bytes) Jul 7 00:26:39 irkalla charon: 14[ENC] parsed INFORMATIONAL request 6 [ D ] Jul 7 00:26:39 irkalla charon: 14[IKE] received DELETE for IKE_SA iOS-radius[2] Jul 7 00:26:39 irkalla charon: 14[IKE] deleting IKE_SA iOS-radius[2] between 2.2.2.2[some.host.domain]...1.1.1.1[laurens2] Jul 7 00:26:39 irkalla charon: 14[IKE] IKE_SA deleted Jul 7 00:26:39 irkalla charon: 14[CFG] sending RADIUS Accounting-Request to server 'server-a' Jul 7 00:26:39 irkalla charon: 14[CFG] received RADIUS Accounting-Response from server 'server-a' Jul 7 00:26:39 irkalla charon: 14[ENC] generating INFORMATIONAL response 6 [ ] Jul 7 00:26:39 irkalla charon: 14[NET] sending packet: from 2.2.2.2[4500] to 1.1.1.1[56080] (76 bytes)