<div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Thanks Team for your ever valuable help. I can't log in and the error seems to have changed now. See below :</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default"><div class="gmail_default" style="font-family:tahoma,sans-serif">.210.45 DST=102.129.249.173 LEN=40 TOS=0x08 PREC=0x40 TTL=238 ID=38921 PROTO=TCP SPT=44785 DPT=4389 WINDOW=1024 RES=0x00 SYN URGP=0</div><div class="gmail_default" style="font-family:tahoma,sans-serif">Feb 15 20:13:11 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 08[NET] received packet: from 154.76.***.1*1[500] to
102.1*9.2*9.** [500] (632 bytes)</div><div class="gmail_default" style="font-family:tahoma,sans-serif">Feb 15 20:13:11 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]</div><div class="gmail_default" style="font-family:tahoma,sans-serif">Feb 15 20:13:11 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 08[CFG] looking for an ike config for
102.1*9.2*9.** ...154.76.***.1*1</div><div class="gmail_default" style="font-family:tahoma,sans-serif">Feb 15 20:13:11 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 08[IKE] no IKE config found for
102.1*9.2*9.** ...
154.76.***.1*1 , sending NO_PROPOSAL_CHOSEN</div><div class="gmail_default" style="font-family:tahoma,sans-serif">Feb 15 20:13:11 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 08[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]</div><div class="gmail_default" style="font-family:tahoma,sans-serif">Feb 15 20:13:11 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 08[NET] sending packet: from
102.1*9.2*9.** [500] to
154.76.***.1*1 [500] (36 bytes)</div><div class="gmail_default" style="font-family:tahoma,sans-serif">Feb 15 20:13:12 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a kernel: [ 1898.916216] [UFW BLOCK] IN=ens3 OUT= MAC=06:97:9c:00:00:8f:00:1d:b5:c0:a7:c0:08:00 SRC=154.76.122.161 DST=102.129.249.173 LEN=52 TOS=0x10 PREC=0x20 TTL=115 ID=24830 DF PROTO=TCP SPT=57716 DPT=443 WINDOW=17520 RES=0x00 SYN URGP=0</div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">My config set up is as follows :</div><div style="font-family:tahoma,sans-serif"><br></div><div><div><font face="tahoma, sans-serif">conn ikev2-vpn</font></div><div><font face="tahoma, sans-serif"> auto=add</font></div><div><font face="tahoma, sans-serif"> compress=no</font></div><div><font face="tahoma, sans-serif"> type=tunnel</font></div><div><font face="tahoma, sans-serif"> keyexchange=ikev2</font></div><div><font face="tahoma, sans-serif"> fragmentation=yes</font></div><div><font face="tahoma, sans-serif"> forceencaps=yes</font></div><div><font face="tahoma, sans-serif"> dpdaction=clear</font></div><div><font face="tahoma, sans-serif"> dpddelay=300s</font></div><div><font face="tahoma, sans-serif"> rekey=no</font></div><div><font face="tahoma, sans-serif"> left=%any</font></div><div><font face="tahoma, sans-serif"> leftid=102.1*9.2*9.**</font></div><div><font face="tahoma, sans-serif"> leftcert=server-cert.pem</font></div><div><font face="tahoma, sans-serif"> leftsendcert=always</font></div><div><font face="tahoma, sans-serif"> leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></font></div><div><font face="tahoma, sans-serif"> right=%any</font></div><div><font face="tahoma, sans-serif"> rightid=%any</font></div><div><font face="tahoma, sans-serif"> rightauth=eap-mschapv2</font></div><div><font face="tahoma, sans-serif"> rightsourceip=<a href="http://10.10.10.0/24">10.10.10.0/24</a></font></div><div><font face="tahoma, sans-serif"> rightdns=8.8.8.8,8.8.4.4</font></div><div><font face="tahoma, sans-serif"> rightsendcert=never</font></div><div><font face="tahoma, sans-serif"> eap_identity=%identity</font></div><div><font face="tahoma, sans-serif"><span style="white-space:pre"> </span>ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!,aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048</font></div><div><font face="tahoma, sans-serif"><span style="white-space:pre"> </span>esp=aes256-sha256,aes256-sha1,3des-sha1!,aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048</font></div></div><div><font face="tahoma, sans-serif"><br></font></div><div><font face="tahoma, sans-serif">Please </font></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Feb 15, 2019 at 10:01 PM Kostya Vasilyev <<a href="mailto:kman@fastmail.com">kman@fastmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div><div>Moses,<br></div>
<div><br></div>
<div>Try this in your *.conf file:<br></div>
<div><br></div>
<div>conn whatever<br></div>
<div> ....<br></div>
<div> ....<br></div>
<div> ike=aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048<br></div>
<div> esp=aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048<br></div>
<div><br></div>
<div>Technically for this particular client you only need the first one - aes256-sha256-modp2048<br></div>
<div><br></div>
<div id="gmail-m_-8112058198006237188sig24956113"><div class="gmail-m_-8112058198006237188signature">--<br></div>
<div class="gmail-m_-8112058198006237188signature">Kostya Vasilyev<br></div>
<div class="gmail-m_-8112058198006237188signature"><a href="mailto:kman@fastmail.com" target="_blank">kman@fastmail.com</a><br></div>
<div class="gmail-m_-8112058198006237188signature"><br></div>
<div><br></div>
</div>
<div>On Fri, Feb 15, 2019, at 9:46 PM, MOSES KARIUKI wrote:<br></div>
<blockquote type="cite"><div dir="ltr"><div style="font-family:tahoma,sans-serif">Thanks IL Ka,<br></div>
<div style="font-family:tahoma,sans-serif"><br></div>
<div style="font-family:tahoma,sans-serif">Which group should I add. I am a bit of a noob here. I have checked the Strongswan documentation but I cant trace a list of these commands.<br></div>
<div style="font-family:tahoma,sans-serif"><br></div>
<div style="font-family:tahoma,sans-serif">Thanks,<br></div>
<div style="font-family:tahoma,sans-serif"><br></div>
</div>
<div><br></div>
<div><div dir="ltr">On Fri, Feb 15, 2019 at 10:17 AM IL Ka <<a href="mailto:kazakevichilya@gmail.com" target="_blank">kazakevichilya@gmail.com</a>> wrote:<br></div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>I see DH problem as Tobias said.<br></div>
<div>look:<br></div>
<div><br></div>
<div><div>Client:<br></div>
<div><br></div>
<div>IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, <br></div>
<div>IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, <br></div>
<div>IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048<br></div>
<div><br></div>
<div>StrongSwan:<br></div>
<div>IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, <br></div>
<div>IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, <br></div>
<div>IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024<br></div>
</div>
<div><br></div>
<div>Client wants MODP_2048 while Swan has only MODP_1024 enabled.<br></div>
<div><br></div>
<div>As result, "<span class="gmail-m_-8112058198006237188font" style="font-family:tahoma,sans-serif">no acceptable DIFFIE_HELLMAN_GROUP found</span>" <br></div>
<div><br></div>
<div>See ipsec.conf for "ike" setting. Especially about "modpgroup".<br></div>
<div><br></div>
<div><br></div>
<div><br></div>
</div>
</div>
</div>
<div><div><br></div>
<table style="border-top:1px solid rgb(211,212,222)"><tbody><tr><td style="width:55px;padding-top:18px"><a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" target="_blank"><img src="https://www.fastmailusercontent.com/proxy/34fabfd1ef66c23f10afe7580be25c34a7ede99432436b8693e17fb50cd97f1e/8647470737a3f2f29607d63646e6e21667163747e236f6d6f296d616765637f29636f6e637f29636f6e6d256e66756c6f60756d2479636b6d276275656e6d2166776d26713e207e676/icon-envelope-tick-green-avg-v1.png" alt="" width="46" height="29" style="width: 46px; height: 29px;"></a><br></td><td style="width:470px;padding-top:17px;color:rgb(65,66,78);font-size:13px;font-family:Arial,Helvetica,sans-serif;line-height:18px">Без вирусов. <a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" style="color:rgb(68,83,234)" target="_blank">www.avg.com</a><br></td></tr></tbody></table><div><a href="#m_-8112058198006237188_m_8551562222874236904_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a><br></div>
</div>
<div><br></div>
<div><div dir="ltr">On Fri, Feb 15, 2019 at 8:42 AM MOSES KARIUKI <<a href="mailto:kariukims@gmail.com" target="_blank">kariukims@gmail.com</a>> wrote:<br></div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-family:tahoma,sans-serif">Dear Team,<br></div>
<div style="font-family:tahoma,sans-serif">Please see below:<br></div>
<div style="font-family:tahoma,sans-serif"><br></div>
<div><div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""><b><i>ipsec statusall</i></b></span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-45-generic, x86_64):</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> uptime: 17 hours, since Feb 14 11:52:17 2019</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> malloc: sbrk 1757184, mmap 0, used 534320, free 1222864</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Virtual IP pools (size/online/offline):</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> <a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a>: 254/0/0</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Listening IP addresses:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> 102.1*9.2*9.**</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Connections:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> ikev2-vpn: %any...%any IKEv2, dpddelay=300s</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> ikev2-vpn: local: [102.1*9.2*9.**] uses public key authentication</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> ikev2-vpn: cert: "CN=102.1*9.2*9.**"</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> ikev2-vpn: remote: [fromcert] uses EAP_MSCHAPV2 authentication with EAP identity '%any'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> ikev2-vpn: child: <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> === dynamic TUNNEL, dpdaction=clear</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Security Associations (0 up, 0 connecting):</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> none</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""></span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> </span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""><b><i>systemctl status strongswan</i></b></span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> Loaded: loaded (/lib/systemd/system/strongswan.service; enabled; vendor preset: enabled)</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> Active: active (running) since Thu 2019-02-14 11:52:17 UTC; 17h ago</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> Main PID: 2204 (starter)</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> Tasks: 18 (limit: 2275)</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> CGroup: /system.slice/strongswan.service</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> ├─2204 /usr/lib/ipsec/starter --daemon charon --nofork</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""> └─2232 /usr/lib/ipsec/charon --debug-ike 1 --debug-knl 1 --debug-cfg 2</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""></span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_C</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[IKE] remote host is behind NAT</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[IKE] received proposals inacceptable</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[NET] sending packet: from 102.1*9.2*9.**[500] to 154.153.1*0.***[500] (36 bytes)</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG] proposing traffic selectors for us:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG] <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG] proposing traffic selectors for other:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG] dynamic</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""></span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">The error log:</span><br></div>
<div><div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif""></span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[NET] received packet: from 154.153.1*0.***[500] to 102.1*9.2*9.**[500] (632 bytes)</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-45-generic, x86_64)</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loaded ca certificate "CN=VPN root CA" from '/etc/ipsec.d/cacerts/ca-cert.pem'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading crls from '/etc/ipsec.d/crls'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading secrets from '/etc/ipsec.secrets'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/server-key.pem'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loaded EAP secret for remoteprivate</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[LIB] dropped capabilities, running as uid 0, gid 0</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[JOB] spawning 16 worker threads</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] received stroke: add connection 'ikev2-vpn'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] conn ikev2-vpn</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] left=%any</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] leftsubnet=<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a></span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] leftid=102.1*9.2*9.**</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] leftcert=server-cert.pem</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] right=%any</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] rightsourceip=<a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a></span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] rightdns=8.8.8.8,8.8.4.4</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] rightauth=eap-mschapv2</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] rightid=%fromcert</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] eap_identity=%identity</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] esp=aes256-sha256,aes256-sha1,3des-sha1!</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] dpddelay=300</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] dpdtimeout=150</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] dpdaction=1</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] sha256_96=no</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] mediation=no</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] keyexchange=ikev2</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] adding virtual IP address pool <a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a></span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] loaded certificate "CN=102.1*9.2*9.**" from 'server-cert.pem'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] added configuration 'ikev2-vpn'</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[NET] received packet: from 216.218.206.86[8310] to 102.1*9.2*9.**[500] (64 bytes)</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[ENC] parsed ID_PROT request 0 [ SA ]</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] looking for an ike config for 102.1*9.2*9.**...154.153.1*0.***</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[CFG] looking for an ike config for 102.1*9.2*9.**...216.218.206.86</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[IKE] no IKE config found for 102.1*9.2*9.**...216.218.206.86, sending NO_PROPOSAL_CHOSEN</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[ENC] generating INFORMATIONAL_V1 request 2332246493 [ N(NO_PROP) ]</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[NET] sending packet: from 102.1*9.2*9.**[500] to 216.218.206.86[8310] (40 bytes)</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[NET] received packet: from 154.153.1*0.***[500] to 102.1*9.2*9.**[500] (632 bytes)</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] looking for an ike config for 102.1*9.2*9.**...154.153.1*0.***</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] candidate: %any...%any, prio 28</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] found matching ike config: %any...%any with prio 28</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] received MS-Negotiation Discovery Capable vendor ID</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] received Vid-Initial-Contact vendor ID</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] 154.153.1*0.*** is initiating an IKE_SA</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable DIFFIE_HELLMAN_GROUP found</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] candidate: %any...%any, prio 28</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] found matching ike config: %any...%any with prio 28</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] received MS-Negotiation Discovery Capable vendor ID</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] received Vid-Initial-Contact vendor ID</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] 154.153.1*0.*** is initiating an IKE_SA</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] selecting proposal:</span><br></div>
<div><span class="gmail-m_-8112058198006237188font" style="font-family:tahoma," sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] no acceptable DIFFIE_HELLMAN_GROUP found</span><br></div>
<div><br></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote></div>
</blockquote></div>
</blockquote><div><br></div>
</div>
</blockquote></div>