<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<span>Hi Tobias,<br>
</span>
<div><br>
</div>
<div>Here are the details in full:<br>
</div>
<div><br>
</div>
<div>Aug 16 14:03:11 Ubuntu-18 sudo[5311]: user : TTY=pts/0 ; PWD=/home/user ; USER=root ; COMMAND=/usr/sbin/ipsec restart<br>
</div>
<div>Aug 16 14:03:11 Ubuntu-18 sudo[5311]: pam_unix(sudo:session): session opened for user root by (uid=0)<br>
</div>
<div>Aug 16 14:03:11 Ubuntu-18 ipsec_starter[5280]: charon stopped after 200 ms<br>
</div>
<div>Aug 16 14:03:11 Ubuntu-18 ipsec_starter[5280]: ipsec starter stopped<br>
</div>
<div>Aug 16 14:03:13 Ubuntu-18 ipsec_starter[5312]: Starting weakSwan 5.6.2 IPsec [starter]...<br>
</div>
<div>Aug 16 14:03:13 Ubuntu-18 sudo[5311]: pam_unix(sudo:session): session closed for user root<br>
</div>
<div>Aug 16 14:03:13 Ubuntu-18 audit[5337]: AVC apparmor="ALLOWED" operation="open" profile="/usr/lib/ipsec/charon" name="/var/log/charon_debug.log" pid=5337 comm="charon" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=0<br>
</div>
<div>Aug 16 14:03:13 Ubuntu-18 audit[5337]: AVC apparmor="ALLOWED" operation="truncate" profile="/usr/lib/ipsec/charon" name="/var/log/charon_debug.log" pid=5337 comm="charon" requested_mask="w" denied_mask="w" fsuid=0 ouid=0<br>
</div>
<div>Aug 16 14:03:13 Ubuntu-18 kernel: audit: type=1400 audit(1565960593.541:132): apparmor="ALLOWED" operation="open" profile="/usr/lib/ipsec/charon" name="/var/log/charon_debug.log" pid=5337 comm="charon" requested_mask="wc" denied_mask="wc" fsuid=0 ouid=0<br>
</div>
<div>Aug 16 14:03:13 Ubuntu-18 kernel: audit: type=1400 audit(1565960593.541:133): apparmor="ALLOWED" operation="truncate" profile="/usr/lib/ipsec/charon" name="/var/log/charon_debug.log" pid=5337 comm="charon" requested_mask="w" denied_mask="w" fsuid=0 ouid=0<br>
</div>
<div>Aug 16 14:03:13 Ubuntu-18 ipsec_starter[5336]: charon (5337) started after 40 ms<br>
</div>
<div>Aug 16 14:03:17 Ubuntu-18 sudo[5354]: user : TTY=pts/0 ; PWD=/home/user ; USER=root ; COMMAND=/usr/sbin/ipsec up officeVPN<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>$ sudo ipsec statusall<br>
</div>
<div>Status of IKE charon daemon (weakSwan 5.6.2, Linux 5.0.0-23-generic, x86_64):<br>
</div>
<div> uptime: 18 seconds, since Aug 16 14:03:14 2019<br>
</div>
<div> malloc: sbrk 2703360, mmap 0, used 598688, free 2104672<br>
</div>
<div> worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3<br>
</div>
<div> loaded plugins: charon aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici
updown eap-mschapv2 xauth-generic counters<br>
</div>
<div>Listening IP addresses:<br>
</div>
<div> 10.0.0.3<br>
</div>
<div>Connections:<br>
</div>
<div>officeVPN: %any...50.45.0.51 IKEv1 Aggressive<br>
</div>
<div>officeVPN: local: [10.0.0.3] uses pre-shared key authentication<br>
</div>
<div>officeVPN: remote: [196.198.128.64] uses pre-shared key authentication<br>
</div>
<div>officeVPN: child: dynamic[udp/l2f] === 192.168.50.0/24[udp/l2f] TUNNEL<br>
</div>
<div>Security Associations (1 up, 0 connecting):<br>
</div>
<div>officeVPN[1]: ESTABLISHED 14 seconds ago, 10.0.0.3[10.0.0.3]...50.45.0.51[196.198.128.64]<br>
</div>
<div>officeVPN[1]: IKEv1 SPIs: <SANITISED VALUE>_i* <SANITISED VALUE>_r, pre-shared key reauthentication in 2 hours<br>
</div>
<div>officeVPN[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048<br>
</div>
<div>officeVPN[1]: Tasks active: QUICK_MODE<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>$ sudo ipsec up officeVPN<br>
</div>
<div>initiating Aggressive Mode IKE_SA officeVPN[1] to 50.45.0.51<br>
</div>
<div>generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]<br>
</div>
<div>sending packet: from 10.0.0.3[500] to 50.45.0.51[500] (548 bytes)<br>
</div>
<div>received packet: from 50.45.0.51[500] to 10.0.0.3[500] (564 bytes)<br>
</div>
<div>parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ]<br>
</div>
<div>received NAT-T (RFC 3947) vendor ID<br>
</div>
<div>received DPD vendor ID<br>
</div>
<div>received XAuth vendor ID<br>
</div>
<div>received unknown vendor ID: <SANITISED VALUE><br>
</div>
<div>received FRAGMENTATION vendor ID<br>
</div>
<div>received FRAGMENTATION vendor ID<br>
</div>
<div>local host is behind NAT, sending keep alives<br>
</div>
<div>remote host is behind NAT<br>
</div>
<div>IKE_SA officeVPN[1] established between 10.0.0.3[10.0.0.3]...50.45.0.51[196.198.128.64]<br>
</div>
<div>scheduling reauthentication in 9927s<br>
</div>
<div>maximum IKE_SA lifetime 10467s<br>
</div>
<div>generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]<br>
</div>
<div>sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (108 bytes)<br>
</div>
<div>generating QUICK_MODE request 3107105294 [ HASH SA No ID ID ]<br>
</div>
<div>sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (204 bytes)<br>
</div>
<div>received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)<br>
</div>
<div>queueing TRANSACTION request as tasks still active<br>
</div>
<div>received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)<br>
</div>
<div>ignoring TRANSACTION request, queue full<br>
</div>
<div>sending retransmit 1 of request message ID 3107105294, seq 3<br>
</div>
<div>sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (204 bytes)<br>
</div>
<div>received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)<br>
</div>
<div>ignoring TRANSACTION request, queue full<br>
</div>
<div>sending retransmit 2 of request message ID 3107105294, seq 3<br>
</div>
<div>sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (204 bytes)<br>
</div>
<div>received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)<br>
</div>
<div>ignoring TRANSACTION request, queue full<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>conn officeVPN<br>
</div>
<div> aggressive=yes<br>
</div>
<div> keyexchange=ikev1<br>
</div>
<div> type=tunnel<br>
</div>
<div> authby=secret<br>
</div>
<div> ike=aes128-sha1-modp2048<br>
</div>
<div> left=%defaultroute<br>
</div>
<div> leftprotoport=udp/l2tp<br>
</div>
<div> right=50.45.0.51<br>
</div>
<div> rightsubnet=192.168.50.0/24<br>
</div>
<div> rightprotoport=udp/l2tp<br>
</div>
<div> rightid=196.198.128.64<br>
</div>
<div> rightfirewall=yes<br>
</div>
<div> auto=add<br>
</div>
<div> xauth_identity=user<br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>I have been provided some details from the Windows client that may be relevant:<br>
</div>
<div><br>
</div>
<div>Phase 1,</div>
<div>IKE version 1, Aggressive, Mode Config, Dead Peer Detection, NAT Traversal<br>
</div>
<div>IKE Proposal AES128 SHA1<br>
</div>
<div> AES256 SHA256<br>
</div>
<div><br>
</div>
<div>Phase 2,</div>
<div>Enable Replay Detection<br>
</div>
<div>IKE Proposal AES128 SHA1<br>
</div>
<div> AES256 SHA1<br>
</div>
<div><br>
</div>
<div>DH Group 5<br>
</div>
<div><br>
</div>
<div>The responder is a FortiGate NVA appliance.<br>
</div>
<div><br>
</div>
<span>Thank you.</span><br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Tobias Brunner <tobias@strongswan.org><br>
<b>Sent:</b> 16 August 2019 14:00<br>
<b>To:</b> Stephen Feyrer <stephen.feyrer@greensill.com>; strongSwan Users-Mailinglist <users@lists.strongswan.org><br>
<b>Subject:</b> Re: [strongSwan] Connecting but not connected</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">This message was sent from outside of Greensill Capital. Please do not open attachments or click on links unless you recognise the source of this email and are certain the content is safe.<br>
<br>
Hi Stephen,<br>
<br>
> I have tried with:<br>
><br>
> # leftsourceip=%config<br>
> modeconfig=pull<br>
<br>
Leave both enabled to use a virtual IP. Comment both (as you tried) to<br>
not use one.<br>
<br>
> These both result with:<br>
<br>
Please post the full logs.<br>
<br>
Regards,<br>
Tobias<br>
</div>
</span></font></div>
<p style="font-size:6pt; font-family: 'Cambria','times roman',serif;">This message is for the designated recipient only and may contain privileged, proprietary or otherwise confidential information. If you have received this in error, please contact the sender
immediately and delete the original. Any other use of this e-mail by you is prohibited. If we collect and use your personal data we will use it in accordance with our
<a href="http://www.greensill.com/privacy/">privacy policy</a>. Greensill Capital (UK) Limited. Registered in England and Wales. Registered Number: 8126173. Registered Office: One Southampton Street, Covent Garden, London, WC2R 0LR, United Kingdom. Greensill
Capital Pty Limited. Australian Company Number: 154 088 132. Registered Office: 62 –66 Woondooma Street, Bundaberg, Queensland 4670, Australia.</p>
<br>
</body>
</html>