<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span>Hi there,<br>
</span>
<div><br>
</div>
<div>I have found this informative page: wiki.strongswan.org/projects/strongswan/wiki/HelpRequests<br>
</div>
<div><br>
</div>
<div>I am unable to establish a connection, connecting but not connected. Please help.<br>
</div>
<div><br>
</div>
<div>Thus please find the required details below:<br>
</div>
<div><br>
</div>
<div>Logs<br>
</div>
<div>Aug 15 17:13:30 Ubuntu-18 sudo[1932]: user : TTY=pts/0 ; PWD=/home/user ; USER=root ; COMMAND=/usr/sbin/ipsec restart<br>
</div>
<div>Aug 15 17:13:30 Ubuntu-18 sudo[1932]: pam_unix(sudo:session): session opened for user root by (uid=0)<br>
</div>
<div>Aug 15 17:13:30 Ubuntu-18 ipsec_starter[1818]: charon stopped after 200 ms<br>
</div>
<div>Aug 15 17:13:30 Ubuntu-18 ipsec_starter[1818]: ipsec starter stopped<br>
</div>
<div>Aug 15 17:13:32 Ubuntu-18 ipsec_starter[1933]: Starting weakSwan 5.6.2 IPsec [starter]...<br>
</div>
<div>Aug 15 17:13:32 Ubuntu-18 sudo[1932]: pam_unix(sudo:session): session closed for user root<br>
</div>
<div>Aug 15 17:13:32 Ubuntu-18 audit[1962]: AVC apparmor="ALLOWED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/var/log/charon_debug.log" pid=1962 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0<br>
</div>
<div>Aug 15 17:13:32 Ubuntu-18 audit[1962]: AVC apparmor="ALLOWED" operation="open" profile="/usr/lib/ipsec/charon" name="/var/log/charon_debug.log" pid=1962 comm="charon" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=0<br>
</div>
<div>Aug 15 17:13:32 Ubuntu-18 kernel: audit: type=1400 audit(1565885612.563:84): apparmor="ALLOWED" operation="mknod" profile="/usr/lib/ipsec/charon" name="/var/log/charon_debug.log" pid=1962 comm="charon" requested_mask="c" denied_mask="c" fsuid=0 ouid=0<br>
</div>
<div>Aug 15 17:13:32 Ubuntu-18 kernel: audit: type=1400 audit(1565885612.563:85): apparmor="ALLOWED" operation="open" profile="/usr/lib/ipsec/charon" name="/var/log/charon_debug.log" pid=1962 comm="charon" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=0<br>
</div>
<div>Aug 15 17:13:32 Ubuntu-18 ipsec_starter[1961]: charon (1962) started after 40 ms<br>
</div>
<div>Aug 15 17:13:38 Ubuntu-18 sudo[1979]: user : TTY=pts/0 ; PWD=/home/user ; USER=root ; COMMAND=/usr/sbin/ipsec up officeVPN<br>
</div>
<div>Aug 15 17:13:38 Ubuntu-18 sudo[1979]: pam_unix(sudo:session): session opened for user root by (uid=0)<br>
</div>
<div>Aug 15 17:13:46 Ubuntu-18 sudo[1985]: user : TTY=pts/2 ; PWD=/home/user ; USER=root ; COMMAND=/usr/sbin/ipsec statusall<br>
</div>
<div>Aug 15 17:13:46 Ubuntu-18 sudo[1985]: pam_unix(sudo:session): session opened for user root by (uid=0)<br>
</div>
<div>Aug 15 17:13:46 Ubuntu-18 sudo[1985]: pam_unix(sudo:session): session closed for user root<br>
</div>
<div>Aug 15 17:14:44 Ubuntu-18 sudo[1979]: pam_unix(sudo:session): session closed for user root<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>Configuration<br>
</div>
<div><br>
</div>
<div>/etc/ipsec.conf<br>
</div>
<div>conn officeVPN<br>
</div>
<div> aggressive=yes<br>
</div>
<div> keyexchange=ikev1<br>
</div>
<div> type=tunnel<br>
</div>
<div> authby=secret<br>
</div>
<div> ike=aes128-sha1-modp2048<br>
</div>
<div> left=%defaultroute<br>
</div>
<div> leftsourceip=%config<br>
</div>
<div> modeconfig=push<br>
</div>
<div> leftprotoport=udp/%any<br>
</div>
<div> right=50.45.0.51<br>
</div>
<div> rightsubnet=192.168.50.0/24<br>
</div>
<div> rightprotoport=udp/%any<br>
</div>
<div> rightid=196.198.128.64<br>
</div>
<div> auto=add<br>
</div>
<div> xauth_identity=user<br>
</div>
<div><br>
</div>
<div>/etc/strongswan.conf<br>
</div>
<div>charon {<br>
</div>
<div> keep_alive=0<br>
</div>
<div> i_dont_care_about_security_and_use_aggressive_mode_psk=yes<br>
</div>
<div> load_modular = yes<br>
</div>
<div> plugins {<br>
</div>
<div> include strongswan.d/charon/*.conf<br>
</div>
<div> }<br>
</div>
<div> filelog {<br>
</div>
<div> /var/log/charon_debug.log {<br>
</div>
<div> time_format = %a, %Y-%m-%d %R<br>
</div>
<div> default = 2<br>
</div>
<div> mgr = 0<br>
</div>
<div> net = 1<br>
</div>
<div> enc = 1<br>
</div>
<div> asn = 1<br>
</div>
<div> job = 1<br>
</div>
<div> ike_name = yes<br>
</div>
<div> append = no<br>
</div>
<div> flush_line = yes<br>
</div>
<div> }<br>
</div>
<div> }<br>
</div>
<div><br>
</div>
<div>}<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>$ sudo ipsec statusall<br>
</div>
<div>Status of IKE charon daemon (weakSwan 5.6.2, Linux 5.0.0-23-generic, x86_64):<br>
</div>
<div> uptime: 14 seconds, since Aug 15 17:13:32 2019<br>
</div>
<div> malloc: sbrk 2162688, mmap 0, used 572608, free 1590080<br>
</div>
<div> worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3<br>
</div>
<div> loaded plugins: charon aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici
updown eap-mschapv2 xauth-generic counters<br>
</div>
<div>Listening IP addresses:<br>
</div>
<div> 10.0.0.3<br>
</div>
<div>Connections:<br>
</div>
<div>officeVPN: %any...50.45.0.51 IKEv1 Aggressive<br>
</div>
<div>officeVPN: local: [10.0.0.3] uses pre-shared key authentication<br>
</div>
<div>officeVPN: remote: [196.198.128.64] uses pre-shared key authentication<br>
</div>
<div>officeVPN: child: dynamic === dynamic TUNNEL<br>
</div>
<div>Security Associations (1 up, 0 connecting):<br>
</div>
<div>officeVPN[1]: ESTABLISHED 8 seconds ago, 10.0.0.3[10.0.0.3]...50.45.0.51[196.198.128.64]<br>
</div>
<div>officeVPN[1]: IKEv1 SPIs: <SANITISED VALUE>_i* <SANITISED VALUE>_r, pre-shared key reauthentication in 2 hours<br>
</div>
<div>officeVPN[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048<br>
</div>
<div>officeVPN[1]: Tasks queued: QUICK_MODE<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>sudo iptables-save<br>
</div>
<div># Generated by iptables-save v1.6.1 on Thu Aug 15 12:11:29 2019<br>
</div>
<div>*nat<br>
</div>
<div>:PREROUTING ACCEPT [114:18309]<br>
</div>
<div>:INPUT ACCEPT [71:7900]<br>
</div>
<div>:OUTPUT ACCEPT [734:82033]<br>
</div>
<div>:POSTROUTING ACCEPT [734:82033]<br>
</div>
<div>-A POSTROUTING -o enp4s0 -j MASQUERADE<br>
</div>
<div>-A POSTROUTING -o enp4s0 ! -p esp -j SNAT --to-source 50.45.0.51<br>
</div>
<div>COMMIT<br>
</div>
<div># Completed on Thu Aug 15 12:11:29 2019<br>
</div>
<div># Generated by iptables-save v1.6.1 on Thu Aug 15 12:11:29 2019<br>
</div>
<div>*filter<br>
</div>
<div>:INPUT ACCEPT [1033:70520]<br>
</div>
<div>:FORWARD ACCEPT [0:0]<br>
</div>
<div>:OUTPUT ACCEPT [485:53012]<br>
</div>
<div>-A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT<br>
</div>
<div>-A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT<br>
</div>
<div>-A INPUT -p udp -m udp -m udp --dport 1701 -j REJECT --reject-with icmp-port-unreachable<br>
</div>
<div>-A INPUT -p esp -j ACCEPT<br>
</div>
<div>-A INPUT -p ah -j ACCEPT<br>
</div>
<div>-A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT<br>
</div>
<div>-A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT<br>
</div>
<div>-A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT<br>
</div>
<div>-A OUTPUT -p udp -m policy --dir out --pol ipsec -m udp --dport 1701 -j ACCEPT<br>
</div>
<div>-A OUTPUT -p udp -m udp -m udp --dport 1701 -j REJECT --reject-with icmp-port-unreachable<br>
</div>
<div>-A OUTPUT -p esp -j ACCEPT<br>
</div>
<div>-A OUTPUT -p ah -j ACCEPT<br>
</div>
<div>COMMIT<br>
</div>
<div># Completed on Thu Aug 15 12:11:29 2019<br>
</div>
<div><br>
</div>
<div>sudo ip6tables-save<br>
</div>
<div># Generated by ip6tables-save v1.6.1 on Thu Aug 15 17:18:10 2019<br>
</div>
<div>*filter<br>
</div>
<div>:INPUT ACCEPT [61:9719]<br>
</div>
<div>:FORWARD ACCEPT [0:0]<br>
</div>
<div>:OUTPUT ACCEPT [107:13371]<br>
</div>
<div>COMMIT<br>
</div>
<div># Completed on Thu Aug 15 17:18:10 2019<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>$ ip route show table all<br>
</div>
<div>default via 10.0.0.1 dev wlp2s0 proto dhcp metric 600 <br>
</div>
<div>169.254.0.0/16 dev wlp2s0 scope link metric 1000 <br>
</div>
<div>10.0.0.0/28 dev wlp2s0 proto kernel scope link src 10.0.0.3 metric 600 <br>
</div>
<div>broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
<br>
</div>
<div>local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 <br>
</div>
<div>local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 <br>
</div>
<div>broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
<br>
</div>
<div>broadcast 10.0.0.0 dev wlp2s0 table local proto kernel scope link src 10.0.0.3
<br>
</div>
<div>local 10.0.0.3 dev wlp2s0 table local proto kernel scope host src 10.0.0.3 <br>
</div>
<div>broadcast 10.0.0.15 dev wlp2s0 table local proto kernel scope link src 10.0.0.3
<br>
</div>
<div>::1 dev lo proto kernel metric 256 pref medium<br>
</div>
<div>fe80::/64 dev wlp2s0 proto kernel metric 256 pref medium<br>
</div>
<div>fe80::/64 dev wlp2s0 proto kernel metric 600 pref medium<br>
</div>
<div>local ::1 dev lo table local proto kernel metric 0 pref medium<br>
</div>
<div>local <SANITISED VALUE> dev wlp2s0 table local proto kernel metric 0 pref medium<br>
</div>
<div>ff00::/8 dev wlp2s0 table local metric 256 pref medium<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>ip address<br>
</div>
<div>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000<br>
</div>
<div> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br>
</div>
<div> inet 127.0.0.1/8 scope host lo<br>
</div>
<div> valid_lft forever preferred_lft forever<br>
</div>
<div> inet6 ::1/128 scope host <br>
</div>
<div> valid_lft forever preferred_lft forever<br>
</div>
<div>2: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000<br>
</div>
<div> link/ether <SANITISED VALUE> brd ff:ff:ff:ff:ff:ff<br>
</div>
<div>3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000<br>
</div>
<div> link/ether <SANITISED VALUE> brd ff:ff:ff:ff:ff:ff<br>
</div>
<div> inet 10.0.0.3/28 brd 10.0.0.15 scope global dynamic noprefixroute wlp2s0<br>
</div>
<div> valid_lft 83281sec preferred_lft 83281sec<br>
</div>
<div> inet6 <SANITISED VALUE>/64 scope link noprefixroute <br>
</div>
<div> valid_lft forever preferred_lft forever<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>sudo ipsec up officeVPN<br>
</div>
<div>initiating Aggressive Mode IKE_SA officeVPN[1] to 50.45.0.51<br>
</div>
<div>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]<br>
</div>
<div>sending packet: from 10.0.0.3[500] to 50.45.0.51[500] (548 bytes)<br>
</div>
<div>received packet: from 50.45.0.51[500] to 10.0.0.3[500] (564 bytes)<br>
</div>
<div>parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ]<br>
</div>
<div>received NAT-T (RFC 3947) vendor ID<br>
</div>
<div>received DPD vendor ID<br>
</div>
<div>received XAuth vendor ID<br>
</div>
<div>received unknown vendor ID: <SANITISED VALUE><br>
</div>
<div>received FRAGMENTATION vendor ID<br>
</div>
<div>received FRAGMENTATION vendor ID<br>
</div>
<div>local host is behind NAT, sending keep alives<br>
</div>
<div>remote host is behind NAT<br>
</div>
<div>IKE_SA officeVPN[1] established between 10.0.0.3[10.0.0.3]...50.45.0.51[196.198.128.64]<br>
</div>
<div>scheduling reauthentication in 9883s<br>
</div>
<div>maximum IKE_SA lifetime 10423s<br>
</div>
<div>generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]<br>
</div>
<div>sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (108 bytes)<br>
</div>
<div>received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)<br>
</div>
<div>parsed TRANSACTION request 2194615948 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]<br>
</div>
<div>generating TRANSACTION response 2194615948 [ HASH CP ]<br>
</div>
<div>sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (76 bytes)<br>
</div>
<div>received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (92 bytes)<br>
</div>
<div>parsed INFORMATIONAL_V1 request 3863129339 [ HASH N(DPD) ]<br>
</div>
<div>generating INFORMATIONAL_V1 request 608732088 [ HASH N(DPD_ACK) ]<br>
</div>
<span>sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)</span></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Please help, thank you.<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
--</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Kind regards</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Stephen Feyrer<br>
</div>
<p style="font-size:6pt; font-family: 'Cambria','times roman',serif;">This message is for the designated recipient only and may contain privileged, proprietary or otherwise confidential information. If you have received this in error, please contact the sender
immediately and delete the original. Any other use of this e-mail by you is prohibited. If we collect and use your personal data we will use it in accordance with our
<a href="http://www.greensill.com/privacy/">privacy policy</a>. Greensill Capital (UK) Limited. Registered in England and Wales. Registered Number: 8126173. Registered Office: One Southampton Street, Covent Garden, London, WC2R 0LR, United Kingdom. Greensill
Capital Pty Limited. Australian Company Number: 154 088 132. Registered Office: 62 –66 Woondooma Street, Bundaberg, Queensland 4670, Australia.</p>
<br>
</body>
</html>