<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US">
<div class="WordSection1">
<p class="MsoNormal">I'm REALLY confused about what I'm seeing in the strongSwan log! I've probably got a serious configuration error, and would really appreciate some pointers toward fixing this. A summary description would be "VPN road warrior connections
established with one client generate log activity to/from another IP address".</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks!</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Here's my configuration information:</p>
<p class="MsoNormal">* Strongswan V5.6.0 on OpenSuse 42.3 with one VPN user configured at the moment (me on my iPhone).</p>
<p class="MsoNormal">* Build command line: </p>
<p class="MsoNormal"> $ ./configure --enable-eap-mschapv2 --enable-eap-identity --enable-openssl --enable-eap-md5 --enable-eap-tls --enable-eap-dynamic --enable-tools</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">* ipsec.conf:</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> config setup</p>
<p class="MsoNormal"> strictcrlpolicy=no</p>
<p class="MsoNormal"> uniqueids=no</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> conn %default</p>
<p class="MsoNormal"> dpdaction=clear</p>
<p class="MsoNormal"> dpddelay=35s</p>
<p class="MsoNormal"> dpdtimeout=120s</p>
<p class="MsoNormal"> fragmentation=yes</p>
<p class="MsoNormal"> rekey=no</p>
<p class="MsoNormal"> left=%any</p>
<p class="MsoNormal"> leftsubnet=0.0.0.0/0</p>
<p class="MsoNormal"> right=%any</p>
<p class="MsoNormal"> rightdns=192.168.92.2,8.8.8.8</p>
<p class="MsoNormal"> rightsourceip=10.92.10.1/24</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> conn iOS-IKEV2</p>
<p class="MsoNormal"> keyexchange=ikev2</p>
<p class="MsoNormal"> auto=add</p>
<p class="MsoNormal"> mobike=yes</p>
<p class="MsoNormal"> eap_identity=%any</p>
<p class="MsoNormal"> leftauth=psk</p>
<p class="MsoNormal"> leftid=net.mydomain.ipsec.server</p>
<p class="MsoNormal"> leftfirewall=yes</p>
<p class="MsoNormal"> rightsendcert=always</p>
<p class="MsoNormal"> rightauth=eap-mschapv2</p>
<p class="MsoNormal"> rightid=net.mydomain.ipsec.client</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">These bullets discuss the log snippet which follows at the end of this message. Except for 1 and 2, each one of these connections happened on a different day.</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">* [Connection 1]: You can see that a connection is made to the VPN from 166.176.187.128. But several lines later, ipsec reports a connection to 166.176.185.112 (See ***). I'm pretty sure that my cellphone doesn't get new IP addresses that
fast! But then, after ipsec reports the IP lease going offline (See ****), there is additional activity reported with the original IP address of 166.176.187.128, including recreating the whole VPN session.
</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">* [Connection 2]: This is a random hacker trying to connect to the VPN. I monitor the VPN with fail2ban, and this attempt blocked udp ports 500 and 4500 for 196.52.43.60.</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">* [Connection 3]: Another random connection. IP 168.1.128.76 blocked by fail2ban.
</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">* [Connection 4]: Another random connection. IP 92.53.47.72 blocked by fail2ban.</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">* [Connection 5]: This occurred last night. All of the IP addresses mentioned in connections 2,3,4 are still blocked via fail2ban. Then, there is a connection from 196.52.43.54, which generates a "received proposals inacceptable" error,
and then immediately following that there is ipsec log activity from a completely different address (166.176.187.128, which you may recall from Connection 1) which authenticates to the VPN. Then, following this there is traffic from 168.1.128.76 (Connection
2), and then traffic from 92.53.47.72 (Connection 4). </p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Logfiles snippets:</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">... [Connection 1]</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 12[NET] received packet: from 166.176.187.128[56885] to 192.168.92.2[500] (300 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 12[IKE] 166.176.187.128 is initiating an IKE_SA</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 12[IKE] 166.176.187.128 is initiating an IKE_SA</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 12[IKE] local host is behind NAT, sending keep alives</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 12[IKE] remote host is behind NAT</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 12[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 12[NET] sending packet: from 192.168.92.2[500] to 166.176.187.128[56885] (341 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 13[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (364 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 13[ENC] unknown attribute type (25)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 13[CFG] looking for peer configs matching 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 13[CFG] selected peer config 'iOS-IKEV2'</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 13[IKE] initiating EAP_IDENTITY method (id 0x00)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 13[IKE] peer supports MOBIKE</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 13[IKE] authentication of 'net.mydomain.ipsec.server' (myself) with pre-shared key</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 13[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (124 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 16[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 16[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 16[IKE] received EAP identity 'myid@mydomain.net'</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 16[IKE] initiating EAP_MSCHAPV2 method (id 0x0C)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 16[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 16[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (100 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 06[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (140 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 06[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 06[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 06[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (132 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 15[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 15[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 15[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 15[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 15[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (68 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] authentication of 'net.mydomain.ipsec.client' with EAP successful</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] authentication of 'net.mydomain.ipsec.server' (myself) with EAP</p>
<p class="MsoNormal">*** Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] IKE_SA iOS-IKEV2[3] established between 192.168.92.2[net.mydomain.ipsec.server]...166.176.185.112[net.mydomain.ipsec.client]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] peer requested virtual IP %any</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 09[CFG] reassigning offline lease to 'myid@mydomain.net'</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] assigning virtual IP 10.92.10.1 to peer 'myid@mydomain.net'</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] peer requested virtual IP %any6</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] no virtual IP found for %any6 requested by 'myid@mydomain.net'</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] CHILD_SA iOS-IKEV2{3} established with SPIs cf5c7974_i 0e80f84c_o and TS 0.0.0.0/0 === 10.92.10.1/32</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 09[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 09[NET] sending packet: from 192.168.92.2[4500] to 166.176.185.112[9569] (220 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 06[IKE] sending keep alive to 166.176.185.112[9569]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 15[IKE] sending DPD request</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 15[ENC] generating INFORMATIONAL request 0 [ ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 15[NET] sending packet: from 192.168.92.2[4500] to 166.176.185.112[9569] (60 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 07[NET] received packet: from 166.176.185.112[9569] to 192.168.92.2[4500] (60 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 07[ENC] parsed INFORMATIONAL response 0 [ ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 10[NET] received packet: from 166.176.185.112[9569] to 192.168.92.2[4500] (68 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 10[ENC] parsed INFORMATIONAL request 6 [ D ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 10[IKE] received DELETE for IKE_SA iOS-IKEV2[3]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 10[IKE] deleting IKE_SA iOS-IKEV2[3] between 192.168.92.2[net.mydomain.ipsec.server]...166.176.185.112[net.mydomain.ipsec.client]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 10[IKE] IKE_SA deleted</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 10[ENC] generating INFORMATIONAL response 6 [ ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 10[NET] sending packet: from 192.168.92.2[4500] to 166.176.185.112[9569] (60 bytes)</p>
<p class="MsoNormal">**** Nov 17 08:55:22 myhost ipsec[22734]: 10[CFG] lease 10.92.10.1 by 'myid@mydomain.net' went offline</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 12[NET] received packet: from 166.176.187.128[56885] to 192.168.92.2[500] (300 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] 166.176.187.128 is initiating an IKE_SA</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] local host is behind NAT, sending keep alives</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] remote host is behind NAT</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 12[NET] sending packet: from 192.168.92.2[500] to 166.176.187.128[56885] (341 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 13[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (364 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 13[ENC] unknown attribute type (25)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 13[CFG] looking for peer configs matching 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 13[CFG] selected peer config 'iOS-IKEV2'</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] initiating EAP_IDENTITY method (id 0x00)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] peer supports MOBIKE</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] authentication of 'net.mydomain.ipsec.server' (myself) with pre-shared key</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 13[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (124 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 16[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 16[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 16[IKE] received EAP identity 'myid@mydomain.net'</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 16[IKE] initiating EAP_MSCHAPV2 method (id 0x0C)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 16[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 16[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (100 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 06[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (140 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 06[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 06[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 06[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (132 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 15[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 15[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 15[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost ipsec[22734]: 15[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[ENC] parsed IKE_AUTH request 5 [ AUTH ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[IKE] authentication of 'net.mydomain.ipsec.client' with EAP successful</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[IKE] authentication of 'net.mydomain.ipsec.server' (myself) with EAP</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[IKE] IKE_SA iOS-IKEV2[4] established between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[IKE] IKE_SA iOS-IKEV2[4] established between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[IKE] peer requested virtual IP %any</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[CFG] reassigning offline lease to 'myid@mydomain.net'</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[IKE] assigning virtual IP 10.92.10.1 to peer 'myid@mydomain.net'</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[IKE] peer requested virtual IP %any6</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[IKE] no virtual IP found for %any6 requested by 'myid@mydomain.net'</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[IKE] CHILD_SA iOS-IKEV2{4} established with SPIs caa3f6e7_i 0ec431e6_o and TS 0.0.0.0/0 === 10.92.10.1/32</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[IKE] CHILD_SA iOS-IKEV2{4} established with SPIs caa3f6e7_i 0ec431e6_o and TS 0.0.0.0/0 === 10.92.10.1/32</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost vpn[21188]: + net.mydomain.ipsec.client 10.92.10.1/32 == 166.176.187.128 -- 192.168.92.2 == 0.0.0.0/0</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]</p>
<p class="MsoNormal">Nov 17 08:55:22 myhost charon[22748]: 07[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (220 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:56 myhost charon[22748]: 10[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:56 myhost charon[22748]: 10[ENC] parsed INFORMATIONAL request 6 [ D ]</p>
<p class="MsoNormal">Nov 17 08:55:56 myhost charon[22748]: 10[IKE] received DELETE for IKE_SA iOS-IKEV2[4]</p>
<p class="MsoNormal">Nov 17 08:55:56 myhost charon[22748]: 10[IKE] deleting IKE_SA iOS-IKEV2[4] between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]</p>
<p class="MsoNormal">Nov 17 08:55:56 myhost charon[22748]: 10[IKE] deleting IKE_SA iOS-IKEV2[4] between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]</p>
<p class="MsoNormal">Nov 17 08:55:56 myhost charon[22748]: 10[IKE] IKE_SA deleted</p>
<p class="MsoNormal">Nov 17 08:55:56 myhost charon[22748]: 10[IKE] IKE_SA deleted</p>
<p class="MsoNormal">Nov 17 08:55:56 myhost vpn[21225]: - net.mydomain.ipsec.client 10.92.10.1/32 == 166.176.187.128 -- 192.168.92.2 == 0.0.0.0/0</p>
<p class="MsoNormal">Nov 17 08:55:56 myhost charon[22748]: 10[ENC] generating INFORMATIONAL response 6 [ ]</p>
<p class="MsoNormal">Nov 17 08:55:56 myhost charon[22748]: 10[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (60 bytes)</p>
<p class="MsoNormal">Nov 17 08:55:56 myhost charon[22748]: 10[CFG] lease 10.92.10.1 by 'myid@mydomain.net' went offline</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">... [Connection 2]</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Nov 17 11:36:43 myhost charon[22748]: 16[NET] received packet: from 196.52.43.60[6712] to 192.168.92.2[4500] (288 bytes)</p>
<p class="MsoNormal">Nov 17 11:36:43 myhost charon[22748]: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]</p>
<p class="MsoNormal">Nov 17 11:36:43 myhost charon[22748]: 16[IKE] 196.52.43.60 is initiating an IKE_SA</p>
<p class="MsoNormal">Nov 17 11:36:43 myhost charon[22748]: 16[IKE] 196.52.43.60 is initiating an IKE_SA</p>
<p class="MsoNormal">Nov 17 11:36:43 myhost charon[22748]: 16[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"</p>
<p class="MsoNormal">Nov 17 11:36:43 myhost charon[22748]: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No CERTREQ N(MULT_AUTH) ]</p>
<p class="MsoNormal">Nov 17 11:36:43 myhost charon[22748]: 16[NET] sending packet: from 192.168.92.2[4500] to 196.52.43.60[6712] (277 bytes)</p>
<p class="MsoNormal">Nov 17 11:37:13 myhost charon[22748]: 06[JOB] deleting half open IKE_SA with 196.52.43.60 after timeout</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">... [Connection 3]</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Nov 18 04:32:16 myhost charon[22748]: 15[NET] received packet: from 168.1.128.76[6712] to 192.168.92.2[500] (280 bytes)</p>
<p class="MsoNormal">Nov 18 04:32:16 myhost charon[22748]: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]</p>
<p class="MsoNormal">Nov 18 04:32:16 myhost charon[22748]: 15[IKE] 168.1.128.76 is initiating an IKE_SA</p>
<p class="MsoNormal">Nov 18 04:32:16 myhost charon[22748]: 15[IKE] 168.1.128.76 is initiating an IKE_SA</p>
<p class="MsoNormal">Nov 18 04:32:16 myhost charon[22748]: 15[CFG] received proposals: IKE:DES_CBC/RC5_CBC/BLOWFISH_CBC/(0)/HMAC_MD5_96/HMAC_SHA1_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_256/MODP_1024</p>
<p class="MsoNormal">Nov 18 04:32:16 myhost charon[22748]: 15[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024,
IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024</p>
<p class="MsoNormal">Nov 18 04:32:16 myhost charon[22748]: 15[IKE] received proposals inacceptable</p>
<p class="MsoNormal">Nov 18 04:32:16 myhost charon[22748]: 15[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]</p>
<p class="MsoNormal">Nov 18 04:32:16 myhost charon[22748]: 15[NET] sending packet: from 192.168.92.2[500] to 168.1.128.76[6712] (36 bytes)</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">... [Connection 4]</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Nov 19 02:47:44 myhost charon[22748]: 05[NET] received packet: from 92.53.47.72[27989] to 192.168.92.2[500] (408 bytes)</p>
<p class="MsoNormal">Nov 19 02:47:44 myhost charon[22748]: 05[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]</p>
<p class="MsoNormal">Nov 19 02:47:44 myhost charon[22748]: 05[IKE] no IKE config found for 192.168.92.2...92.53.47.72, sending NO_PROPOSAL_CHOSEN</p>
<p class="MsoNormal">Nov 19 02:47:44 myhost charon[22748]: 05[ENC] generating INFORMATIONAL_V1 request 4224631939 [ N(NO_PROP) ]</p>
<p class="MsoNormal">Nov 19 02:47:44 myhost charon[22748]: 05[NET] sending packet: from 192.168.92.2[500] to 92.53.47.72[27989] (40 bytes)</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">... [Connection 5]</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Nov 21 01:57:37 myhost charon[22748]: 07[NET] received packet: from 196.52.43.54[6712] to 192.168.92.2[500] (280 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost charon[22748]: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost charon[22748]: 07[IKE] 196.52.43.54 is initiating an IKE_SA</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost charon[22748]: 07[IKE] 196.52.43.54 is initiating an IKE_SA</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost charon[22748]: 07[CFG] received proposals: IKE:DES_CBC/RC5_CBC/BLOWFISH_CBC/(0)/HMAC_MD5_96/HMAC_SHA1_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_256/MODP_1024</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost charon[22748]: 07[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024,
IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost charon[22748]: 07[IKE] received proposals inacceptable</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost charon[22748]: 07[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost charon[22748]: 07[NET] sending packet: from 192.168.92.2[500] to 196.52.43.54[6712] (36 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 15[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (68 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[ENC] parsed IKE_AUTH request 5 [ AUTH ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] authentication of 'net.mydomain.ipsec.client' with EAP successful</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] authentication of 'net.mydomain.ipsec.server' (myself) with EAP</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] IKE_SA iOS-IKEV2[4] established between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] peer requested virtual IP %any</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[CFG] reassigning offline lease to 'myid@mydomain.net'</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] assigning virtual IP 10.92.10.1 to peer 'myid@mydomain.net'</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] peer requested virtual IP %any6</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] no virtual IP found for %any6 requested by 'myid@mydomain.net'</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] CHILD_SA iOS-IKEV2{4} established with SPIs caa3f6e7_i 0ec431e6_o and TS 0.0.0.0/0 === 10.92.10.1/32</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (220 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 10[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 10[ENC] parsed INFORMATIONAL request 6 [ D ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 10[IKE] received DELETE for IKE_SA iOS-IKEV2[4]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 10[IKE] deleting IKE_SA iOS-IKEV2[4] between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 10[IKE] IKE_SA deleted</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 10[ENC] generating INFORMATIONAL response 6 [ ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 10[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (60 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 10[CFG] lease 10.92.10.1 by 'myid@mydomain.net' went offline</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 16[NET] received packet: from 196.52.43.60[6712] to 192.168.92.2[4500] (288 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 16[IKE] 196.52.43.60 is initiating an IKE_SA</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 16[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No CERTREQ N(MULT_AUTH) ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 16[NET] sending packet: from 192.168.92.2[4500] to 196.52.43.60[6712] (277 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 06[JOB] deleting half open IKE_SA with 196.52.43.60 after timeout</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 15[NET] received packet: from 168.1.128.76[6712] to 192.168.92.2[500] (280 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 15[IKE] 168.1.128.76 is initiating an IKE_SA</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 15[CFG] received proposals: IKE:DES_CBC/RC5_CBC/BLOWFISH_CBC/(0)/HMAC_MD5_96/HMAC_SHA1_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_256/MODP_1024</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 15[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024,
IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 15[IKE] received proposals inacceptable</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 15[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 15[NET] sending packet: from 192.168.92.2[500] to 168.1.128.76[6712] (36 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 05[NET] received packet: from 92.53.47.72[27989] to 192.168.92.2[500] (408 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 05[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 05[IKE] no IKE config found for 192.168.92.2...92.53.47.72, sending NO_PROPOSAL_CHOSEN</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 05[ENC] generating INFORMATIONAL_V1 request 4224631939 [ N(NO_PROP) ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 05[NET] sending packet: from 192.168.92.2[500] to 92.53.47.72[27989] (40 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[NET] received packet: from 196.52.43.54[6712] to 192.168.92.2[500] (280 bytes)</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]</p>
<p class="MsoNormal">Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] 196.52.43.54 is initiating an IKE_SA</p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>