<html><head></head><body bgcolor="#ffffff" text="#3d3d3d" link="#19b6ee" vlink="#3d3d3d"><div>On Sun, 2018-07-29 at 08:00 -0600, James Lay wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div>On Sun, 2018-07-29 at 07:53 -0600, James Lay wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div>On Wed, 2018-07-25 at 18:33 -0600, James Lay wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><div>On Wed, 2018-07-25 at 06:53 -0600, James Lay wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><pre>On 2018-07-24 06:51, Tobias Brunner wrote:</pre><pre></pre><pre>Hi James,</pre><pre><br></pre><pre></pre><pre>So I moved to Strongswan 5.6.2 during a distribution upgrade.</pre><pre><br></pre><pre>What distribution? What was the previous version? Do you still have</pre><pre>the same plugins installed and enabled?</pre><pre><br></pre><pre></pre><pre>My simple</pre><pre>setup no longer routes back to the client (I can see the incoming </pre><pre>pings</pre><pre>on the server, but nothing goes back). I establish a tunnel fine...my</pre><pre>setup looks like this:</pre><pre><br></pre><pre><br></pre><pre>external_IP_nic2 <-> 192.168.1.1_nic2 192.168.1.0/24 subnet</pre><pre><br></pre><pre>all I need is to have a connected device able to access</pre><pre>192.168.1.1...and it's only a single user.</pre><pre><br></pre><pre>Please read [1]. From the involved IPs I guess you used the farp </pre><pre>plugin</pre><pre>before, so make sure you still have that installed and loaded.</pre><pre><br></pre><pre>Regards,</pre><pre>Tobias</pre><pre><br></pre><pre>[1]</pre><pre><a href="https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling">https://wiki.strongswan.org/projects/strongswan/wiki/ForwardingAndSplitTunneling</a></pre><pre><br></pre><pre>Thanks Tobias...I have access to the old server so I'll see what's </pre><pre>there...I don't recall installing any other plugins, but we shall see. </pre><pre>I'll report my findings soon..thanks again.</pre><pre><br></pre><pre>James</pre><pre><br></pre></blockquote><div><br></div><div>So now I'm super confused. I changed to the below:</div><div><br></div><div style="white-space: normal;"><font face="monospace" size="3">conn rw </font></div><div style="white-space: normal;"><font face="monospace" size="3">leftsubnet=192.168.1.0/24</font></div><div style="white-space: normal;"><font face="monospace" size="3">leftcert=StrongSwanHostCert.pem</font></div><div style="white-space: normal;"><font face="monospace" size="3">right=%any</font></div><div style="white-space: normal;"><font face="monospace" size="3">rightsourceip=172.16.0.1</font></div><div style="white-space: normal;"><font face="monospace" size="3">auto=add </font></div><div><font face="monospace" size="3"><br></font></div><div><br></div><div>and added the below top 2 postrouting nat rules:</div><div><font face="monospace" size="3"> pkts bytes target prot opt in out source destination </font></div><div><font face="monospace" size="3"> 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 policy match dir out pol ipsec</font></div><div><font face="monospace" size="3"> 0 0 MASQUERADE all -- * enp0s31f6 172.16.0.1 0.0.0.0/0 </font></div><div><font face="monospace" size="3">24519 1646K MASQUERADE all -- * ppp0 192.168.1.0/24 0.0.0.0/0 </font></div><div><font face="monospace" size="3"><br></font></div><div>However when I attempt to ping, I see the ping on the ppp0 interface, and the source isn't 172.16.0.1:</div><div>2<font face="monospace" size="3">018-07-25 18:26:37.085194521 8.0.0.1 → 192.168.1.1 ICMP 100 Echo (ping) request id=0x0004, seq=1/256, ttl=64</font></div><div><font face="monospace" size="3"><br></font></div><div>Not exactly sure where to go next. I did install the extra plugins that include farp as well. Thank you.</div><div><br></div><div>James</div><div><div></div></div></blockquote><div><br></div><div><br></div><div>Anything on this? in testing I made this change:</div><div><br></div><div><font face="monospace" size="3">rightsourceip=10.10.10.0/24</font></div><div><br></div><div>Pinging from the client connected device gets me this:</div><div><br></div><div><font face="monospace" size="3">1 2018-07-29 07:50:27.606525877 8.0.10.1 → 192.168.1.1 ICMP 100 Echo (ping) request id=0x000f, seq=1/256, ttl=64</font></div><div><font face="monospace" size="3"><br></font></div><div>Something seems very broken. Thank you.</div><div><br></div><div>James</div></blockquote><div><br></div><div>And some startup and connect logs:</div><div><br></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-29-generic, x86_64)</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] PKCS11 module '<name>' lacks library path</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] disabling load-tester plugin, not configured</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] dnscert plugin is disabled</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] ipseckey plugin is disabled</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] attr-sql plugin: database URI not set</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] loaded ca certificate "C=CH, O=strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/StrongSwanCACert.pem'</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/StrongSwanHostKey.pem'</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] sql plugin: database URI not set</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] eap-simaka-sql database URI missing</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] loaded 0 RADIUS server configurations</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] HA config misses local/remote address</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] no threshold configured for systime-fix, disabled</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[CFG] coupling file path unspecified</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[LIB] loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 rdrand random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[LIB] dropped capabilities, running as uid 0, gid 0</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 00[JOB] spawning 16 worker threads</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway ipsec[12353]: charon (12392) started after 100 ms</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway ipsec_starter[12353]: charon (12392) started after 100 ms</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 06[CFG] received stroke: add connection 'rw'</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 06[CFG] adding virtual IP address pool 172.16.0.1</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 06[CFG] loaded certificate "C=CH, O=strongSwan, CN=ns1.domain" from 'StrongSwanHostCert.pem'</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 06[CFG] id 'external_ip' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=ns1.domain'</font></div><div><font face="monospace" size="3">Jul 29 07:29:44 gateway charon: 06[CFG] added configuration 'rw'</font></div><div><font face="monospace" size="3">Jul 29 07:30:13 gateway charon: 10[NET] received packet: from x.x.15.77[7388] to external_ip[500] (716 bytes)</font></div><div><font face="monospace" size="3">Jul 29 07:30:13 gateway charon: 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]</font></div><div><font face="monospace" size="3">Jul 29 07:30:13 gateway charon: 10[IKE] x.x.15.77 is initiating an IKE_SA</font></div><div><font face="monospace" size="3">Jul 29 07:30:13 gateway charon: 10[IKE] x.x.15.77 is initiating an IKE_SA</font></div><div><font face="monospace" size="3">Jul 29 07:30:13 gateway charon: 10[IKE] remote host is behind NAT</font></div><div><font face="monospace" size="3">Jul 29 07:30:13 gateway charon: 10[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"</font></div><div><font face="monospace" size="3">Jul 29 07:30:13 gateway charon: 10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]</font></div><div><font face="monospace" size="3">Jul 29 07:30:13 gateway charon: 10[NET] sending packet: from external_ip[500] to x.x.15.77[7388] (297 bytes)</font></div><div><font face="monospace" size="3">Jul 29 07:30:15 gateway charon: 11[NET] received packet: from x.x.15.77[7380] to external_ip[4500] (1364 bytes)</font></div><div><font face="monospace" size="3">Jul 29 07:30:15 gateway charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(1/4) ]</font></div><div><font face="monospace" size="3">Jul 29 07:30:15 gateway charon: 11[ENC] received fragment #1 of 4, waiting for complete IKE message</font></div><div><font face="monospace" size="3">Jul 29 07:30:15 gateway charon: 12[NET] received packet: from x.x.15.77[7380] to external_ip[4500] (1364 bytes)</font></div><div><font face="monospace" size="3">Jul 29 07:30:15 gateway charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(2/4) ]</font></div><div><font face="monospace" size="3">Jul 29 07:30:15 gateway charon: 12[ENC] received fragment #2 of 4, waiting for complete IKE message</font></div><div><font face="monospace" size="3">Jul 29 07:30:15 gateway charon: 13[NET] received packet: from x.x.15.77[7380] to external_ip[4500] (1364 bytes)</font></div><div><font face="monospace" size="3">Jul 29 07:30:15 gateway charon: 13[ENC] parsed IKE_AUTH request 1 [ EF(3/4) ]</font></div><div><font face="monospace" size="3">Jul 29 07:30:15 gateway charon: 13[ENC] received fragment #3 of 4, waiting for complete IKE message</font></div><div><font face="monospace" size="3">Jul 29 07:30:15 gateway charon: 14[NET] received packet: from x.x.15.77[7380] to external_ip[4500] (1156 bytes)</font></div><div><font face="monospace" size="3">Jul 29 07:30:15 gateway charon: 14[ENC] parsed IKE_AUTH request 1 [ EF(4/4) ]</font></div></blockquote><div><br></div><div><br></div><div>And startup and session logs from previous, working version:</div><div><br></div><div><font face="monospace" size="3">Apr 18 04:23:33 gateway charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.2, Linux 4.4.0-119-generic, x86_64)</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[CFG] loaded ca certificate "C=CH, O=strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/StrongSwanCACert.pem'</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/StrongSwanHostKey.pem'</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[LIB] loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pkcs1 pkcs7 pkcs8 pkcs12 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[LIB] unable to load 5 plugin features (5 due to unmet dependencies)</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[LIB] dropped capabilities, running as uid 0, gid 0</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 00[JOB] spawning 16 worker threads</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway ipsec_starter[26813]: charon (26814) started after 180 ms</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 05[CFG] received stroke: add connection 'rw'</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 05[CFG] left nor right host is our side, assuming left=local</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 05[CFG] adding virtual IP address pool 192.168.1.11</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 05[CFG] loaded certificate "C=CH, O=strongSwan, CN=ns1.domain" from 'StrongSwanHostCert.pem'</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 05[CFG] id '%any' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=ns1.domain'</font></div><div><font face="monospace" size="3">Apr 18 04:23:34 gateway charon: 05[CFG] added configuration 'rw'</font></div><div><font face="monospace" size="3"><br></font></div><div><font face="monospace" size="3"><br></font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 11[NET] received packet: from x.x.9.223[8351] to external_ip[500] (704 bytes)</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 11[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N((16430)) N((16431)) N(REDIR_SUP) ]</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 11[IKE] x.x.9.223 is initiating an IKE_SA</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 11[IKE] x.x.9.223 is initiating an IKE_SA</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 11[IKE] remote host is behind NAT</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 11[IKE] DH group ECP_256 inacceptable, requesting MODP_2048</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 11[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 11[NET] sending packet: from external_ip[500] to x.x.9.223[8351] (38 bytes)</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 12[NET] received packet: from x.x.9.223[8351] to external_ip[500] (896 bytes)</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N((16430)) N((16431)) N(REDIR_SUP) ]</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 12[IKE] x.x.9.223 is initiating an IKE_SA</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 12[IKE] x.x.9.223 is initiating an IKE_SA</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 12[IKE] remote host is behind NAT</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 12[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]</font></div><div><font face="monospace" size="3">Apr 22 12:22:52 gateway charon: 12[NET] sending packet: from external_ip[500] to x.x.9.223[8351] (465 bytes)</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[NET] received packet: from x.x.9.223[8331] to external_ip[4500] (5100 bytes)</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] received cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] received 156 cert requests for an unknown ca</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] received end entity cert "C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>"</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[CFG] looking for peer configs matching external_ip[%any]...x.x.9.223[C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>]</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[CFG] selected peer config 'rw'</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[CFG] using certificate "C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>"</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[CFG] using trusted ca certificate "C=CH, O=strongSwan, CN=strongSwan Root CA"</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[CFG] checking certificate status of "C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>"</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[CFG] certificate status is not available</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[CFG] reached self-signed root ca with a path length of 0</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] authentication of 'C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>' with RSA signature successful</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] peer supports MOBIKE</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] authentication of 'C=CH, O=strongSwan, CN=ns1.domain' (myself) with RSA signature successful</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] IKE_SA rw[6] established between external_ip[C=CH, O=strongSwan, CN=ns1.domain]...x.x.9.223[C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>]</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] IKE_SA rw[6] established between external_ip[C=CH, O=strongSwan, CN=ns1.domain]...x.x.9.223[C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>]</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] scheduling reauthentication in 9726s</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] maximum IKE_SA lifetime 10266s</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] sending end entity cert "C=CH, O=strongSwan, CN=ns1.domain"</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] peer requested virtual IP %any</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[CFG] reassigning offline lease to 'C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>'</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] assigning virtual IP 192.168.1.11 to peer 'C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>'</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] peer requested virtual IP %any6</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] no virtual IP found for %any6 requested by 'C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>'</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] CHILD_SA rw{4} established with SPIs cab12a0f_i 17e464af_o and TS 192.168.1.0/24 === 192.168.1.11/32 </font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[IKE] CHILD_SA rw{4} established with SPIs cab12a0f_i 17e464af_o and TS 192.168.1.0/24 === 192.168.1.11/32 </font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ]</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 14[NET] sending packet: from external_ip[4500] to x.x.9.223[8331] (2204 bytes)</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 15[NET] received packet: from x.x.9.223[8331] to external_ip[4500] (76 bytes)</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 15[ENC] parsed INFORMATIONAL request 2 [ N(NO_ADD_ADDR) ]</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 15[ENC] generating INFORMATIONAL response 2 [ ]</font></div><div><font face="monospace" size="3">Apr 22 12:22:53 gateway charon: 15[NET] sending packet: from external_ip[4500] to x.x.9.223[8331] (76 bytes)</font></div><div><font face="monospace" size="3">Apr 22 12:23:24 gateway charon: 06[NET] received packet: from x.x.9.223[8331] to external_ip[4500] (76 bytes)</font></div><div><font face="monospace" size="3">Apr 22 12:23:24 gateway charon: 06[ENC] parsed INFORMATIONAL request 3 [ D ]</font></div><div><font face="monospace" size="3">Apr 22 12:23:24 gateway charon: 06[IKE] received DELETE for IKE_SA rw[6]</font></div><div><font face="monospace" size="3">Apr 22 12:23:24 gateway charon: 06[IKE] deleting IKE_SA rw[6] between external_ip[C=CH, O=strongSwan, CN=ns1.domain]...x.x.9.223[C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>]</font></div><div><font face="monospace" size="3">Apr 22 12:23:24 gateway charon: 06[IKE] deleting IKE_SA rw[6] between external_ip[C=CH, O=strongSwan, CN=ns1.domain]...x.x.9.223[C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>]</font></div><div><font face="monospace" size="3">Apr 22 12:23:24 gateway charon: 06[IKE] IKE_SA deleted</font></div><div><font face="monospace" size="3">Apr 22 12:23:24 gateway charon: 06[IKE] IKE_SA deleted</font></div><div><font face="monospace" size="3">Apr 22 12:23:24 gateway charon: 06[ENC] generating INFORMATIONAL response 3 [ ]</font></div><div><font face="monospace" size="3">Apr 22 12:23:24 gateway charon: 06[NET] sending packet: from external_ip[4500] to x.x.9.223[8331] (76 bytes)</font></div><div><font face="monospace" size="3">Apr 22 12:23:24 gateway charon: 06[CFG] lease 192.168.1.11 by 'C=CH, O=strongSwan, <a href="mailto:CN=user@domain">CN=user@domain</a>' went offline</font></div><div></div></body></html>