<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">We have a test setup with strongSwan U5.5.3/K4.9.80 on a Raspberry Pi initiating an IPSec tunnel to strongSwan U5.3.5/K4.15.0-46-generic on Ubuntu/x86.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This used to work, but we lost the R-Pi configuration, and when we tried to re-create it we are getting a strange error. The responder has not changed at all.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The outer subnet is 192.168.29.0/24 and the responder uses dnsmasq to assign an IP address from 192.168.3.0/24 for the inner (encrypted) traffic.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The current config files, and the log files (from both old working session and current broken session) are below.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The first difference is that the successful log had this (IP address listed is “leftsourceip” value from responder config file):<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> Mar 27 15:21:59 femto-ipsec charon: 16[CFG] looking for a child config for 192.168.3.0/24 === 0.0.0.0/0<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">But the failed log has this (IP address listed is the outer IP address of the physical interface and “left” value from responder config file):<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> May 8 13:50:52 femto-ipsec charon: 06[CFG] looking for a child config for 192.168.29.110/32 === 0.0.0.0/0<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">If this is my problem, I don’t understand why the same configuration results in different behavior now.<o:p></o:p></p>
<p class="MsoNormal"><br>
The next difference I see is that the successful attempt has this:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] candidate "IPSec-IKEv2" with prio 5+1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] found matching child config "IPSec-IKEv2" with prio 6<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] selecting proposal:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] proposal matches<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">While the failed attempt has this (again note outer IP address used):<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[IKE] traffic selectors 192.168.29.110/32 === 0.0.0.0/0 inacceptable<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[IKE] failed to establish CHILD_SA, keeping IKE_SA<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS) N(MOBIKE_SUP) N(ADD_4_ADDR) N(TS_UNACCEPT) ]<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I suspect this second difference is caused by the first difference?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks,<o:p></o:p></p>
<p class="MsoNormal">Aram<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---------------------------------------------<o:p></o:p></p>
<p class="MsoNormal">Initiator configuration:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># ipsec.conf - strongSwan IPsec configuration file<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">config setup<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # uniqueids = never<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> charondebug="cfg 3, dmn 2, ike 2, net 2"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">conn %default<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> keyexchange=ikev2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> ike=aes256-sha256-modp4096!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> esp=aes256-sha256-modp4096!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> dpdaction=clear<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> dpddelay=300s<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> rekey=no<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">conn hydra<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> type=tunnel<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> auto=start<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> leftcert=MatthewClientCert.pem<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> left=%defaultroute<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> leftsourceip=%config<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> right=192.168.29.110<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---------------------------------------------<o:p></o:p></p>
<p class="MsoNormal">Responder configuration:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New""># ipsec.conf - strongSwan IPsec configuration file<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">config setup<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # uniqueids=never<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> charondebug="cfg 2, dmn 2, ike 2, net 2"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">conn %default<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> keyexchange=ikev2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> ike=aes256-sha256-modp4096!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> esp=aes256-sha256-modp4096!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> dpdaction=clear<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> dpddelay=300s<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> rekey=no<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> left=192.168.29.110<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> leftsubnet=192.168.3.0/24<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> leftcert=MatthewVPNHostCert.pem<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> leftdns=8.8.8.8,8.8.4.4<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> rightsourceip=%dhcp<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">conn IPSec-IKEv2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> keyexchange=ikev2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> auto=add<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> right=%any<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">conn IPSec-IKEv2-EAP<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> also="IPSec-IKEv2"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> rightauth=eap-mschapv2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> rightsendcert=never<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> eap_identity=%any<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">conn CiscoIPSec<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> keyexchange=ikev1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> # forceencaps=yes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> rightauth=pubkey<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> rightauth2=xauth<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> auto=add<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---------------------------------------------<o:p></o:p></p>
<p class="MsoNormal">Responder log from when it worked:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:56 femto-ipsec charon: 16[IKE] IKE_SA IPSec-IKEv2[5] established between 192.168.29.110[192.168.29.110]...192.168.29.217[C=CH, O=strongSwan,
<a href="mailto:CN=mdavis@denaliai.com">CN=mdavis@denaliai.com</a>]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:56 femto-ipsec charon: 16[IKE] IKE_SA IPSec-IKEv2[5] state change: CONNECTING => ESTABLISHED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:56 femto-ipsec charon: 16[IKE] sending end entity cert "C=CH, O=strongSwan, CN=192.168.29.110"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:56 femto-ipsec charon: 16[IKE] peer requested virtual IP %any<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:56 femto-ipsec charon: 16[CFG] sending DHCP DISCOVER to 192.168.3.255<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:57 femto-ipsec charon: 16[CFG] sending DHCP DISCOVER to 192.168.3.255<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec dnsmasq-dhcp[1058]: DHCPDISCOVER(ens4) 7a:a7:7c:ec:48:ba<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec dnsmasq-dhcp[1058]: DHCPOFFER(ens4) 192.168.3.76 7a:a7:7c:ec:48:ba<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec dnsmasq-dhcp[1058]: DHCPDISCOVER(ens4) 7a:a7:7c:ec:48:ba<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec dnsmasq-dhcp[1058]: DHCPOFFER(ens4) 192.168.3.76 7a:a7:7c:ec:48:ba<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 07[CFG] received DHCP OFFER 192.168.3.76 from 192.168.3.1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] sending DHCP REQUEST for 192.168.3.76 to 192.168.3.1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec dnsmasq-dhcp[1058]: DHCPREQUEST(ens4) 192.168.3.76 7a:a7:7c:ec:48:ba<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec dnsmasq-dhcp[1058]: DHCPACK(ens4) 192.168.3.76 7a:a7:7c:ec:48:ba<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 12[CFG] received DHCP ACK for 192.168.3.76<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[IKE] assigning virtual IP 192.168.3.76 to peer 'C=CH, O=strongSwan,
<a href="mailto:CN=mdavis@denaliai.com">CN=mdavis@denaliai.com</a>'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[IKE] building INTERNAL_IP4_DNS attribute<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] looking for a child config for 192.168.3.0/24 === 0.0.0.0/0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] proposing traffic selectors for us:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] 192.168.3.0/24<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] proposing traffic selectors for other:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] 192.168.3.76/32<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] candidate "IPSec-IKEv2" with prio 5+1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] found matching child config "IPSec-IKEv2" with prio 6<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] selecting proposal:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] proposal matches<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_4096/NO_EXT_SEQ<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] selecting traffic selectors for us:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] config: 192.168.3.0/24, received: 192.168.3.0/24 => match: 192.168.3.0/24<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] selecting traffic selectors for other:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[CFG] config: 192.168.3.76/32, received: 0.0.0.0/0 => match: 192.168.3.76/32<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[IKE] CHILD_SA IPSec-IKEv2{4} established with SPIs c9f96d14_i c41fd9d5_o and TS 192.168.3.0/24 === 192.168.3.76/32<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 16[NET] sending packet: from 192.168.29.110[4500] to 192.168.29.217[4500] (1616 bytes)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Mar 27 15:21:59 femto-ipsec charon: 05[NET] sending packet: from 192.168.29.110[4500] to 192.168.29.217[4500]<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">---------------------------------------------<o:p></o:p></p>
<p class="MsoNormal">Current responder log (not working):<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:49 femto-ipsec charon: 06[IKE] IKE_SA IPSec-IKEv2[5] established between 192.168.29.110[192.168.29.110]...192.168.29.217[C=CH, O=strongSwan,
<a href="mailto:CN=mdavis@denaliai.com">CN=mdavis@denaliai.com</a>]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:49 femto-ipsec charon: 06[IKE] IKE_SA IPSec-IKEv2[5] state change: CONNECTING => ESTABLISHED<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:49 femto-ipsec charon: 06[IKE] sending end entity cert "C=CH, O=strongSwan, CN=192.168.29.110"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:49 femto-ipsec charon: 06[IKE] peer requested virtual IP %any<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:49 femto-ipsec charon: 06[CFG] sending DHCP DISCOVER to 192.168.3.255<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:50 femto-ipsec charon: 06[CFG] sending DHCP DISCOVER to 192.168.3.255<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec dnsmasq-dhcp[1080]: DHCPDISCOVER(ens4) 7a:a7:7b:bb:3d:b6<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec dnsmasq-dhcp[1080]: DHCPOFFER(ens4) 192.168.3.52 7a:a7:7b:bb:3d:b6<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec dnsmasq-dhcp[1080]: DHCPDISCOVER(ens4) 7a:a7:7b:bb:3d:b6<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec dnsmasq-dhcp[1080]: DHCPOFFER(ens4) 192.168.3.52 7a:a7:7b:bb:3d:b6<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 05[CFG] received DHCP OFFER 192.168.3.52 from 192.168.3.1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[CFG] sending DHCP REQUEST for 192.168.3.52 to 192.168.3.1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec dnsmasq-dhcp[1080]: DHCPREQUEST(ens4) 192.168.3.52 7a:a7:7b:bb:3d:b6<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec dnsmasq-dhcp[1080]: DHCPACK(ens4) 192.168.3.52 7a:a7:7b:bb:3d:b6<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 01[CFG] received DHCP ACK for 192.168.3.52<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[IKE] assigning virtual IP 192.168.3.52 to peer 'C=CH, O=strongSwan,
<a href="mailto:CN=mdavis@denaliai.com">CN=mdavis@denaliai.com</a>'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[IKE] building INTERNAL_IP4_DNS attribute<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[CFG] looking for a child config for 192.168.29.110/32 === 0.0.0.0/0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[CFG] proposing traffic selectors for us:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[CFG] 192.168.3.0/24<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[CFG] proposing traffic selectors for other:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[CFG] 192.168.3.52/32<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[IKE] traffic selectors 192.168.29.110/32 === 0.0.0.0/0 inacceptable<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[IKE] failed to establish CHILD_SA, keeping IKE_SA<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS) N(MOBIKE_SUP) N(ADD_4_ADDR) N(TS_UNACCEPT) ]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 06[NET] sending packet: from 192.168.29.110[4500] to 192.168.29.217[4500] (1536 bytes)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">May 8 13:50:52 femto-ipsec charon: 15[NET] sending packet: from 192.168.29.110[4500] to 192.168.29.217[4500]<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>