<!DOCTYPE html>
<html>
<head>
<title></title>
<style type="text/css">p.MsoNormal,p.MsoNoSpacing{margin:0}</style>
</head>
<body><div>Moses,<br></div>
<div><br></div>
<div>Try this in your *.conf file:<br></div>
<div><br></div>
<div>conn whatever<br></div>
<div>    ....<br></div>
<div>    ....<br></div>
<div>    ike=aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048<br></div>
<div>    esp=aes256-sha256-modp2048,aes128-sha256-modp2048,aes256-sha1-modp2048,aes128-sha1-modp2048<br></div>
<div><br></div>
<div>Technically for this particular client you only need the first one - aes256-sha256-modp2048<br></div>
<div><br></div>
<div id="sig24956113"><div class="signature">--<br></div>
<div class="signature">Kostya Vasilyev<br></div>
<div class="signature">kman@fastmail.com<br></div>
<div class="signature"><br></div>
<div><br></div>
</div>
<div>On Fri, Feb 15, 2019, at 9:46 PM, MOSES KARIUKI wrote:<br></div>
<blockquote type="cite"><div dir="ltr"><div style="font-family:tahoma, sans-serif;">Thanks IL Ka,<br></div>
<div style="font-family:tahoma, sans-serif;"><br></div>
<div style="font-family:tahoma, sans-serif;">Which group should I add. I am a bit of a noob here. I have checked the Strongswan documentation but I cant trace a list of these commands.<br></div>
<div style="font-family:tahoma, sans-serif;"><br></div>
<div style="font-family:tahoma, sans-serif;">Thanks,<br></div>
<div style="font-family:tahoma, sans-serif;"><br></div>
</div>
<div><br></div>
<div defang_data-gmailquote="yes"><div dir="ltr">On Fri, Feb 15, 2019 at 10:17 AM IL Ka <<a href="mailto:kazakevichilya@gmail.com">kazakevichilya@gmail.com</a>> wrote:<br></div>
<blockquote defang_data-gmailquote="yes" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204, 204, 204);padding-left:1ex;"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div>I see DH problem as Tobias said.<br></div>
<div>look:<br></div>
<div><br></div>
<div><div>Client:<br></div>
<div><br></div>
<div>IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, <br></div>
<div>IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, <br></div>
<div>IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048<br></div>
<div><br></div>
<div>StrongSwan:<br></div>
<div>IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, <br></div>
<div>IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, <br></div>
<div>IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024<br></div>
</div>
<div><br></div>
<div>Client wants MODP_2048 while Swan has only MODP_1024 enabled.<br></div>
<div><br></div>
<div>As result, "<span class="font" style="font-family:tahoma, sans-serif">no acceptable DIFFIE_HELLMAN_GROUP found</span>"  <br></div>
<div><br></div>
<div>See ipsec.conf for "ike" setting. Especially about "modpgroup".<br></div>
<div><br></div>
<div><br></div>
<div><br></div>
</div>
</div>
</div>
<div><div><br></div>
<table style="border-top-width:1px;border-top-style:solid;border-top-color:rgb(211, 212, 222);"><tbody><tr><td style="width:55px;padding-top:18px;"><a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail"><img src="https://www.fastmailusercontent.com/proxy/34fabfd1ef66c23f10afe7580be25c34a7ede99432436b8693e17fb50cd97f1e/8647470737a3f2f29607d63646e6e21667163747e236f6d6f296d616765637f29636f6e637f29636f6e6d256e66756c6f60756d2479636b6d276275656e6d2166776d26713e207e676/icon-envelope-tick-green-avg-v1.png" alt="" width="46" height="29" style="width:46px;height:29px;"></a><br></td><td style="width:470px;padding-top:17px;color:rgb(65, 66, 78);font-size:13px;font-family:Arial, Helvetica, sans-serif;line-height:18px;">Без вирусов. <a href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail" style="color:rgb(68, 83, 234);">www.avg.com</a><br></td></tr></tbody></table><div><a href="#m_8551562222874236904_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"></a><br></div>
</div>
<div><br></div>
<div defang_data-gmailquote="yes"><div dir="ltr">On Fri, Feb 15, 2019 at 8:42 AM MOSES KARIUKI <<a href="mailto:kariukims@gmail.com">kariukims@gmail.com</a>> wrote:<br></div>
<blockquote defang_data-gmailquote="yes" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204, 204, 204);padding-left:1ex;"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-family:tahoma, sans-serif;">Dear Team,<br></div>
<div style="font-family:tahoma, sans-serif;">Please see below:<br></div>
<div style="font-family:tahoma, sans-serif;"><br></div>
<div><div><span class="font" style="font-family:tahoma, " sans-serif""><b><i>ipsec statusall</i></b></span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-45-generic, x86_64):</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">  uptime: 17 hours, since Feb 14 11:52:17 2019</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">  malloc: sbrk 1757184, mmap 0, used 534320, free 1222864</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">  loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Virtual IP pools (size/online/offline):</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">  <a href="http://10.10.10.0/24">10.10.10.0/24</a>: 254/0/0</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Listening IP addresses:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">  102.1*9.2*9.**</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Connections:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">   ikev2-vpn:  %any...%any  IKEv2, dpddelay=300s</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">   ikev2-vpn:   local:  [102.1*9.2*9.**] uses public key authentication</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">   ikev2-vpn:    cert:  "CN=102.1*9.2*9.**"</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">   ikev2-vpn:   remote: [fromcert] uses EAP_MSCHAPV2 authentication with EAP identity '%any'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">   ikev2-vpn:   child:  <a href="http://0.0.0.0/0">0.0.0.0/0</a> === dynamic TUNNEL, dpdaction=clear</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Security Associations (0 up, 0 connecting):</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">  none</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif""></span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">  </span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif""><b><i>systemctl status strongswan</i></b></span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">● strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">   Loaded: loaded (/lib/systemd/system/strongswan.service; enabled; vendor preset: enabled)</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">   Active: active (running) since Thu 2019-02-14 11:52:17 UTC; 17h ago</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif""> Main PID: 2204 (starter)</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">    Tasks: 18 (limit: 2275)</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">   CGroup: /system.slice/strongswan.service</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">           ├─2204 /usr/lib/ipsec/starter --daemon charon --nofork</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">           └─2232 /usr/lib/ipsec/charon --debug-ike 1 --debug-knl 1 --debug-cfg 2</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif""></span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_C</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[IKE] remote host is behind NAT</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[IKE] received proposals inacceptable</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 09[NET] sending packet: from 102.1*9.2*9.**[500] to 154.153.1*0.***[500] (36 bytes)</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG] proposing traffic selectors for us:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG]  <a href="http://0.0.0.0/0">0.0.0.0/0</a></span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG] proposing traffic selectors for other:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:31:32 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon[2232]: 10[CFG]  dynamic</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif""></span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">The error log:</span><br></div>
<div><div><span class="font" style="font-family:tahoma, " sans-serif""></span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[NET] received packet: from 154.153.1*0.***[500] to 102.1*9.2*9.**[500] (632 bytes)</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-45-generic, x86_64)</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG]   loaded ca certificate "CN=VPN root CA" from '/etc/ipsec.d/cacerts/ca-cert.pem'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading crls from '/etc/ipsec.d/crls'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG] loading secrets from '/etc/ipsec.secrets'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/server-key.pem'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[CFG]   loaded EAP secret for remoteprivate</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[LIB] loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[LIB] dropped capabilities, running as uid 0, gid 0</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 00[JOB] spawning 16 worker threads</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] received stroke: add connection 'ikev2-vpn'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] conn ikev2-vpn</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   left=%any</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   leftid=102.1*9.2*9.**</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   leftcert=server-cert.pem</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   right=%any</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   rightsourceip=<a href="http://10.10.10.0/24">10.10.10.0/24</a></span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   rightdns=8.8.8.8,8.8.4.4</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   rightauth=eap-mschapv2</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   rightid=%fromcert</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   eap_identity=%identity</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   esp=aes256-sha256,aes256-sha1,3des-sha1!</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   dpddelay=300</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   dpdtimeout=150</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   dpdaction=1</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   sha256_96=no</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   mediation=no</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   keyexchange=ikev2</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] adding virtual IP address pool <a href="http://10.10.10.0/24">10.10.10.0/24</a></span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG]   loaded certificate "CN=102.1*9.2*9.**" from 'server-cert.pem'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 05[CFG] added configuration 'ikev2-vpn'</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[NET] received packet: from 216.218.206.86[8310] to 102.1*9.2*9.**[500] (64 bytes)</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[ENC] parsed ID_PROT request 0 [ SA ]</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] looking for an ike config for 102.1*9.2*9.**...154.153.1*0.***</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[CFG] looking for an ike config for 102.1*9.2*9.**...216.218.206.86</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[IKE] no IKE config found for 102.1*9.2*9.**...216.218.206.86, sending NO_PROPOSAL_CHOSEN</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[ENC] generating INFORMATIONAL_V1 request 2332246493 [ N(NO_PROP) ]</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 08[NET] sending packet: from 102.1*9.2*9.**[500] to 216.218.206.86[8310] (40 bytes)</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[NET] received packet: from 154.153.1*0.***[500] to 102.1*9.2*9.**[500] (632 bytes)</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] looking for an ike config for 102.1*9.2*9.**...154.153.1*0.***</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG]   candidate: %any...%any, prio 28</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] found matching ike config: %any...%any with prio 28</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] received MS-Negotiation Discovery Capable vendor ID</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] received Vid-Initial-Contact vendor ID</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[IKE] 154.153.1*0.*** is initiating an IKE_SA</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG]   no acceptable PSEUDO_RANDOM_FUNCTION found</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG]   no acceptable PSEUDO_RANDOM_FUNCTION found</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG]   no acceptable ENCRYPTION_ALGORITHM found</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG]   no acceptable ENCRYPTION_ALGORITHM found</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG]   no acceptable ENCRYPTION_ALGORITHM found</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] selecting proposal:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG]   no acceptable ENCRYPTION_ALGORITHM found</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG]   candidate: %any...%any, prio 28</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a ipsec[2204]: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] found matching ike config: %any...%any with prio 28</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] received MS-Negotiation Discovery Capable vendor ID</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] received Vid-Initial-Contact vendor ID</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[IKE] 154.153.1*0.*** is initiating an IKE_SA</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG] selecting proposal:</span><br></div>
<div><span class="font" style="font-family:tahoma, " sans-serif"">Feb 15 05:11:49 VM-e2b7eaee-4c52-4455-8364-c1977c8afa6a charon: 09[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found</span><br></div>
<div><br></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote></div>
</blockquote></div>
</blockquote><div><br></div>
</body>
</html>