<div dir="ltr">Oh I thought I had attached it earlier. Sorry about that. Attached here.<div><br></div><div>--karuna</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, May 11, 2021 at 4:09 PM Noel Kuntze <noel.kuntze@thermi.consulting> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Okay, what's your complete ipsec.conf? Can you send it?<br>
<br>
Kind regards<br>
Noel<br>
<br>
Am 12.05.21 um 00:54 schrieb Karuna Sagar Krishna:<br>
> Attaching full charon logs.<br>
><br>
> Can you help with the ipsec.conf interface. I'll plan to switch to swanctl going forward, but currently this is blocking our releases.<br>
><br>
> --karuna<br>
><br>
><br>
> On Tue, May 11, 2021 at 2:54 PM Noel Kuntze <noel.kuntze+strongswan-users-ml@thermi.consulting> wrote:<br>
><br>
> Hi,<br>
><br>
> Full logs please, as shown on the HelpRequests[1] page on the wiki.<br>
> Also, it's strongly recommended to use swanctl instead if possible. That's the better configuration backend.<br>
><br>
> Kind regards<br>
> Noel<br>
><br>
> [1] <a href="https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests" rel="noreferrer" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests</a> <<a href="https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests" rel="noreferrer" target="_blank">https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests</a>><br>
><br>
> Am 11.05.21 um 23:50 schrieb Karuna Sagar Krishna:<br>
> > Hi,<br>
> ><br>
> > I'm setting up a IPSec connection between a bunch of Ubuntu 18.04 LTS nodes. I'm using Strongswan (Linux strongSwan U5.6.2/K5.4.0-1046-azure) on the Ubuntu nodes. The number of nodes is dynamic i.e. there are frequent scale out/ins. So the ipsec.conf file (see attached) is updated with additional conn sections and `sudo ipsec update` is used to reload the config file. However, I've noticed intermittent network connectivity issues and the syslog shows -> "no IKE config found for 10.0.0.14...10.0.0.18, sending NO_PROPOSAL_CHOSEN". Clearly, the ipsec status shows that the daemon has not reloaded the config irrespective of issuing `sudo ipsec update` multiple times.<br>
> ><br>
> > Can you help understand why the config is not updated and how to fix this issue?<br>
> ><br>
> ><br>
> ><br>
> > IPSec status:<br>
> > -----------------<br>
> ><br>
> > > sudo ipsec statusall<br>
> ><br>
> > Status of IKE charon daemon (strongSwan 5.6.2, Linux 5.4.0-1046-azure, x86_64):<br>
> > uptime: 45 minutes, since May 11 20:42:07 2021<br>
> > malloc: sbrk 2703360, mmap 0, used 778800, free 1924560<br>
> > worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2<br>
> > loaded plugins: charon aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown eap-mschapv2 xauth-generic counters<br>
> > Listening IP addresses:<br>
> > 10.0.0.14<br>
> > Connections:<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: 10.0.0.14...10.0.0.15 IKEv2<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: local: [CN=<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>>>] uses public key authentication<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: cert: "CN=<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>>>"<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: remote: [CN=<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>>>] uses public key authentication<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: cert: "CN=<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>>>"<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: child: dynamic === dynamic TRANSPORT<br>
> > <a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: 10.0.0.14...10.0.0.14 IKEv2<br>
> > <a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: local: [CN=<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>>>] uses public key authentication<br>
> > <a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: cert: "CN=<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>>>"<br>
> > <a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: remote: [CN=<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>>>] uses public key authentication<br>
> > <a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: cert: "CN=<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>>>"<br>
> > <a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>: child: dynamic === dynamic TRANSPORT<br>
> > /*Routed Connections:<br>
> > <a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>{2}: ROUTED, TRANSPORT, reqid 2<br>
> > <a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn1-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>{2}: <a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">10.0.0.14/32</a> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a>> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a>>> === <a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">10.0.0.14/32</a> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a>> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a>>><br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>{1}: ROUTED, TRANSPORT, reqid 1<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>{1}: <a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">10.0.0.14/32</a> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a>> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a>>> === <a href="http://10.0.0.15/32" rel="noreferrer" target="_blank">10.0.0.15/32</a> <<a href="http://10.0.0.15/32" rel="noreferrer" target="_blank">http://10.0.0.15/32</a>> <<a href="http://10.0.0.15/32" rel="noreferrer" target="_blank">http://10.0.0.15/32</a> <<a href="http://10.0.0.15/32" rel="noreferrer" target="_blank">http://10.0.0.15/32</a>>>*/<br>
> > Security Associations (1 up, 0 connecting):<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>[11]: ESTABLISHED 26 minutes ago, 10.0.0.14[CN=<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>>>]...10.0.0.15[CN=<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a> <<a href="http://IP-37fa1445fc.hdinsight-stable.azure-test.net" rel="noreferrer" target="_blank">http://IP-37fa1445fc.hdinsight-stable.azure-test.net</a>>>]<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>[11]: IKEv2 SPIs: 1536ce9853bef399_i c00b62dfefa5f4ce_r*, public key reauthentication in 7 hours<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>[11]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>{3}: INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c73ba254_i c0ffd04a_o<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>{3}: AES_CBC_256/HMAC_SHA2_256_128, 44961 bytes_i (822 pkts, 0s ago), 193357 bytes_o (570 pkts, 1557s ago), rekeying in 7 hours<br>
> > <a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a> <<a href="http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net" rel="noreferrer" target="_blank">http://hn0-kkafka.p0gi1uxxaaeebnlz4hfuq0bvkf.dx.internal.cloudapp.net</a>>>{3}: <a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">10.0.0.14/32</a> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a>> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a> <<a href="http://10.0.0.14/32" rel="noreferrer" target="_blank">http://10.0.0.14/32</a>>> === <a href="http://10.0.0.15/32" rel="noreferrer" target="_blank">10.0.0.15/32</a> <<a href="http://10.0.0.15/32" rel="noreferrer" target="_blank">http://10.0.0.15/32</a>> <<a href="http://10.0.0.15/32" rel="noreferrer" target="_blank">http://10.0.0.15/32</a> <<a href="http://10.0.0.15/32" rel="noreferrer" target="_blank">http://10.0.0.15/32</a>>><br>
> ><br>
> ><br>
> > Charon logs:<br>
> > -----------------<br>
> ><br>
> > May 11 21:23:20 hn1-kkafka charon: 09[NET] received packet: from 10.0.0.18[500] to 10.0.0.14[500] (536 bytes)<br>
> > May 11 21:23:20 hn1-kkafka charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]<br>
> > May 11 21:23:20 hn1-kkafka charon: 09[IKE] /*no IKE config found for 10.0.0.14...10.0.0.18, sending NO_PROPOSAL_CHOSEN*/<br>
> > May 11 21:23:20 hn1-kkafka charon: 09[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]<br>
> > May 11 21:23:20 hn1-kkafka charon: 09[NET] sending packet: from 10.0.0.14[500] to 10.0.0.18[500] (36 bytes)<br>
> ><br>
> > --karuna<br>
> ><br>
><br>
<br>
<br>
</blockquote></div>