<div dir="ltr">Good morning,<div><br></div><div>I have disabled forseencaps and enabled IPv6. I can establish a VPN connection via IPv6. But no traffic goes through. IPv4 connection is working.</div><div>I'm sharing my config below. I would really appreciate it if somebody could help me with that.</div><div><br></div><div><b>/etc/sysctl.conf</b><br></div><div>net.ipv4.ip_forward = 1<br>net.ipv4.ip_no_pmtu_disc = 1<br>net.ipv4.conf.all.rp_filter = 1<br>net.ipv4.conf.all.accept_redirects = 0<br>net.ipv4.conf.all.send_redirects = 0<br>net.ipv6.conf.all.forwarding = 1<br></div><div><br></div><div><b>/etc/strongswan.d/charon/socket-default.conf</b><br></div><div>socket-default {<br> load = yes<br> use_ipv4 = yes<br> use_ipv6 = yes<br>}<br></div><div><br></div><div><b>charon.log</b></div><div><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[NET] <3> received packet: from 2a01:4b00:867c:6d00:461:484e:456f:317a[500] to 2a01:4f8:c17:1f2d:cafe::123[500] (232 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[ENC] <3> parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[CFG] <3> looking for an IKEv2 config for 2a01:4f8:c17:1f2d:cafe::123...2a01:4b00:867c:6d00:461:484e:456f:317a</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[CFG] <3> <span class="gmail-Apple-converted-space"> </span>candidate: %any...%any, prio 28</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[CFG] <3> found matching ike config: %any...%any with prio 28</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[IKE] <3> local endpoint changed from 0.0.0.0[500] to 2a01:4f8:c17:1f2d:cafe::123[500]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[IKE] <3> remote endpoint changed from 0.0.0.0 to 2a01:4b00:867c:6d00:461:484e:456f:317a[500]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[IKE] <3> 2a01:4b00:867c:6d00:461:484e:456f:317a is initiating an IKE_SA</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[IKE] <3> IKE_SA (unnamed)[3] state change: CREATED => CONNECTING</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[CFG] <3> selecting proposal:</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[CFG] <3> <span class="gmail-Apple-converted-space"> </span>proposal matches</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[CFG] <3> received proposals: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/ECP_256</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[CFG] <3> configured proposals: IKE:AES_GCM_16_256/AES_GCM_16_192/AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_521/ECP_256/MODP_4096/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_521/ECP_256/MODP_4096/MODP_2048</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[CFG] <3> selected proposal: IKE:AES_GCM_16_256/PRF_HMAC_SHA2_256/ECP_256</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[IKE] <3> sending cert request for "C=US, O=Let's Encrypt, CN=R3"</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[ENC] <3> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 09[NET] <3> sending packet: from 2a01:4f8:c17:1f2d:cafe::123[500] to 2a01:4b00:867c:6d00:461:484e:456f:317a[500] (281 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[NET] <3> received packet: from 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] to 2a01:4f8:c17:1f2d:cafe::123[4500] (352 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[ENC] <3> unknown attribute type INTERNAL_DNS_DOMAIN</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[ENC] <3> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR MASK DHCP DNS ADDR6 DHCP6 DNS6 DOMAIN) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr N(MOBIKE_SUP) N(EAP_ONLY) ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <3> local endpoint changed from 2a01:4f8:c17:1f2d:cafe::123[500] to 2a01:4f8:c17:1f2d:cafe::123[4500]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <3> remote endpoint changed from 2a01:4b00:867c:6d00:461:484e:456f:317a[500] to 2a01:4b00:867c:6d00:461:484e:456f:317a[4500]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[CFG] <3> looking for peer configs matching 2a01:4f8:c17:1f2d:cafe::123[<a href="http://de-test-1.mydomain.net">de-test-1.mydomain.net</a>]...2a01:4b00:867c:6d00:461:484e:456f:317a[mydomain VPN]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[CFG] <3> <span class="gmail-Apple-converted-space"> </span>candidate "TEST-1", match: 20/1/28 (me/other/ike)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[CFG] <TEST-1|3> selected peer config 'TEST-1'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> initiating EAP_IDENTITY method (id 0x00)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> processing INTERNAL_IP4_ADDRESS attribute</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> processing INTERNAL_IP4_NETMASK attribute</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> processing INTERNAL_IP4_DHCP attribute</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> processing INTERNAL_IP4_DNS attribute</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> processing INTERNAL_IP6_ADDRESS attribute</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> processing INTERNAL_IP6_DHCP attribute</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> processing INTERNAL_IP6_DNS attribute</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> processing INTERNAL_DNS_DOMAIN attribute</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> peer supports MOBIKE</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> authentication of '<a href="http://de-test-1.mydomain.net">de-test-1.mydomain.net</a>' (myself) with RSA signature successful</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> sending end entity cert "CN=<a href="http://de-test-1.mydomain.net">de-test-1.mydomain.net</a>"</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[IKE] <TEST-1|3> sending issuer cert "C=US, O=Let's Encrypt, CN=R3"</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[ENC] <TEST-1|3> generating IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[ENC] <TEST-1|3> splitting IKE message (3004 bytes) into 3 fragments</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[ENC] <TEST-1|3> generating IKE_AUTH response 1 [ EF(1/3) ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[ENC] <TEST-1|3> generating IKE_AUTH response 1 [ EF(2/3) ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[ENC] <TEST-1|3> generating IKE_AUTH response 1 [ EF(3/3) ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[NET] <TEST-1|3> sending packet: from 2a01:4f8:c17:1f2d:cafe::123[4500] to 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] (1228 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[NET] <TEST-1|3> sending packet: from 2a01:4f8:c17:1f2d:cafe::123[4500] to 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] (1228 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 12[NET] <TEST-1|3> sending packet: from 2a01:4f8:c17:1f2d:cafe::123[4500] to 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] (674 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 11[NET] <TEST-1|3> received packet: from 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] to 2a01:4f8:c17:1f2d:cafe::123[4500] (104 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 11[ENC] <TEST-1|3> parsed IKE_AUTH request 2 [ EAP/RES/ID ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 11[IKE] <TEST-1|3> received EAP identity 'ceec523e-6059-4cba-b6e4-a1fd2eb0a469'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 11[CFG] <TEST-1|3> RADIUS server 'server-a' is candidate: 210</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 11[CFG] <TEST-1|3> sending RADIUS Access-Request to server 'server-a'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 11[CFG] <TEST-1|3> received RADIUS Access-Challenge from server 'server-a'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 11[IKE] <TEST-1|3> initiating EAP_MD5 method (id 0x01)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 11[ENC] <TEST-1|3> generating IKE_AUTH response 2 [ EAP/REQ/MD5 ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 11[NET] <TEST-1|3> sending packet: from 2a01:4f8:c17:1f2d:cafe::123[4500] to 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] (83 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 13[NET] <TEST-1|3> received packet: from 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] to 2a01:4f8:c17:1f2d:cafe::123[4500] (72 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 13[ENC] <TEST-1|3> parsed IKE_AUTH request 3 [ EAP/RES/NAK ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 13[CFG] <TEST-1|3> sending RADIUS Access-Request to server 'server-a'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 13[CFG] <TEST-1|3> received RADIUS Access-Challenge from server 'server-a'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 13[ENC] <TEST-1|3> generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 13[NET] <TEST-1|3> sending packet: from 2a01:4f8:c17:1f2d:cafe::123[4500] to 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] (104 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 14[NET] <TEST-1|3> received packet: from 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] to 2a01:4f8:c17:1f2d:cafe::123[4500] (160 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 14[ENC] <TEST-1|3> parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 14[CFG] <TEST-1|3> sending RADIUS Access-Request to server 'server-a'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 14[CFG] <TEST-1|3> received RADIUS Access-Challenge from server 'server-a'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 14[ENC] <TEST-1|3> generating IKE_AUTH response 4 [ EAP/REQ/MSCHAPV2 ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 14[NET] <TEST-1|3> sending packet: from 2a01:4f8:c17:1f2d:cafe::123[4500] to 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] (112 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 15[NET] <TEST-1|3> received packet: from 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] to 2a01:4f8:c17:1f2d:cafe::123[4500] (72 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 15[ENC] <TEST-1|3> parsed IKE_AUTH request 5 [ EAP/RES/MSCHAPV2 ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 15[CFG] <TEST-1|3> sending RADIUS Access-Request to server 'server-a'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 15[CFG] <TEST-1|3> received RADIUS Access-Accept from server 'server-a'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 15[CFG] <TEST-1|3> scheduling RADIUS Interim-Updates every 300s</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 15[IKE] <TEST-1|3> RADIUS authentication of 'ceec523e-6059-4cba-b6e4-a1fd2eb0a469' successful</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 15[IKE] <TEST-1|3> EAP method EAP_MSCHAPV2 succeeded, MSK established</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 15[ENC] <TEST-1|3> generating IKE_AUTH response 5 [ EAP/SUCC ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 15[NET] <TEST-1|3> sending packet: from 2a01:4f8:c17:1f2d:cafe::123[4500] to 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] (65 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[NET] <TEST-1|3> received packet: from 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] to 2a01:4f8:c17:1f2d:cafe::123[4500] (104 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[ENC] <TEST-1|3> parsed IKE_AUTH request 6 [ AUTH ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[IKE] <TEST-1|3> authentication of 'mydomain VPN' with EAP successful</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[IKE] <TEST-1|3> authentication of '<a href="http://de-test-1.mydomain.net">de-test-1.mydomain.net</a>' (myself) with EAP</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[IKE] <TEST-1|3> IKE_SA TEST-1[3] established between 2a01:4f8:c17:1f2d:cafe::123[<a href="http://de-test-1.mydomain.net">de-test-1.mydomain.net</a>]...2a01:4b00:867c:6d00:461:484e:456f:317a[mydomain VPN]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[IKE] <TEST-1|3> IKE_SA TEST-1[3] state change: CONNECTING => ESTABLISHED</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[IKE] <TEST-1|3> peer requested virtual IP %any</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> reassigning offline lease to 'ceec523e-6059-4cba-b6e4-a1fd2eb0a469'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[IKE] <TEST-1|3> assigning virtual IP 10.10.10.0 to peer 'ceec523e-6059-4cba-b6e4-a1fd2eb0a469'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[IKE] <TEST-1|3> peer requested virtual IP %any6</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> reassigning offline lease to 'ceec523e-6059-4cba-b6e4-a1fd2eb0a469'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[IKE] <TEST-1|3> assigning virtual IP 2a01:4f8:c17:1f2d::1 to peer 'ceec523e-6059-4cba-b6e4-a1fd2eb0a469'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[IKE] <TEST-1|3> building INTERNAL_IP4_DNS attribute</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[IKE] <TEST-1|3> building INTERNAL_IP6_DNS attribute</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> looking for a child config for <a href="http://0.0.0.0/0">0.0.0.0/0</a> ::/0 === <a href="http://0.0.0.0/0">0.0.0.0/0</a> ::/0</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> proposing traffic selectors for us:</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span><a href="http://0.0.0.0/0">0.0.0.0/0</a></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span>::/0</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> proposing traffic selectors for other:</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span><a href="http://10.10.10.0/32">10.10.10.0/32</a></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span>2a01:4f8:c17:1f2d::1/128</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> <span class="gmail-Apple-converted-space"> </span>candidate "TEST-1" with prio 15+3</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> found matching child config "TEST-1" with prio 18</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> selecting proposal:</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> <span class="gmail-Apple-converted-space"> </span>proposal matches</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> received proposals: ESP:AES_GCM_16_256/NO_EXT_SEQ</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> configured proposals: ESP:AES_GCM_16_256/AES_GCM_16_192/AES_GCM_16_128/ECP_521/ECP_256/MODP_4096/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA1_96/ECP_521/ECP_256/MODP_4096/MODP_2048/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA1_96/NO_EXT_SEQ</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> selected proposal: ESP:AES_GCM_16_256/NO_EXT_SEQ</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> got SPI c1e8e177</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> selecting traffic selectors for us:</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span>config: <a href="http://0.0.0.0/0">0.0.0.0/0</a>, received: <a href="http://0.0.0.0/0">0.0.0.0/0</a> => match: <a href="http://0.0.0.0/0">0.0.0.0/0</a></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span>config: <a href="http://0.0.0.0/0">0.0.0.0/0</a>, received: ::/0 => no match</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span>config: ::/0, received: <a href="http://0.0.0.0/0">0.0.0.0/0</a> => no match</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span>config: ::/0, received: ::/0 => match: ::/0</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> selecting traffic selectors for other:</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span>config: <a href="http://10.10.10.0/32">10.10.10.0/32</a>, received: <a href="http://0.0.0.0/0">0.0.0.0/0</a> => match: <a href="http://10.10.10.0/32">10.10.10.0/32</a></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span>config: <a href="http://10.10.10.0/32">10.10.10.0/32</a>, received: ::/0 => no match</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span>config: 2a01:4f8:c17:1f2d::1/128, received: <a href="http://0.0.0.0/0">0.0.0.0/0</a> => no match</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3><span class="gmail-Apple-converted-space"> </span>config: 2a01:4f8:c17:1f2d::1/128, received: ::/0 => match: 2a01:4f8:c17:1f2d::1/128</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CHD] <TEST-1|3> CHILD_SA TEST-1{2} state change: CREATED => INSTALLING</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CHD] <TEST-1|3> <span class="gmail-Apple-converted-space"> </span>using AES_GCM_16 for encryption</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CHD] <TEST-1|3> adding inbound ESP SA</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CHD] <TEST-1|3> <span class="gmail-Apple-converted-space"> </span>SPI 0xc1e8e177, src 2a01:4b00:867c:6d00:461:484e:456f:317a dst 2a01:4f8:c17:1f2d:cafe::123</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> adding SAD entry with SPI c1e8e177 and reqid {1}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> <span class="gmail-Apple-converted-space"> </span>using encryption algorithm AES_GCM_16 with key size 288</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> <span class="gmail-Apple-converted-space"> </span>using replay window of 32 packets</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> <span class="gmail-Apple-converted-space"> </span>HW offload: no</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CHD] <TEST-1|3> adding outbound ESP SA</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CHD] <TEST-1|3> <span class="gmail-Apple-converted-space"> </span>SPI 0x01fb3039, src 2a01:4f8:c17:1f2d:cafe::123 dst 2a01:4b00:867c:6d00:461:484e:456f:317a</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> adding SAD entry with SPI 01fb3039 and reqid {1}</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> <span class="gmail-Apple-converted-space"> </span>using encryption algorithm AES_GCM_16 with key size 288</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> <span class="gmail-Apple-converted-space"> </span>using replay window of 0 packets</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> <span class="gmail-Apple-converted-space"> </span>HW offload: no</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> adding policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> in [priority 383615, refcount 1]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> adding policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> fwd [priority 383615, refcount 1]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> adding policy <a href="http://0.0.0.0/0">0.0.0.0/0</a> === <a href="http://10.10.10.0/32">10.10.10.0/32</a> out [priority 383615, refcount 1]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> adding policy 2a01:4f8:c17:1f2d::1/128 === ::/0 in [priority 334463, refcount 1]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> adding policy 2a01:4f8:c17:1f2d::1/128 === ::/0 fwd [priority 334463, refcount 1]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[KNL] <TEST-1|3> adding policy ::/0 === 2a01:4f8:c17:1f2d::1/128 out [priority 334463, refcount 1]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[IKE] <TEST-1|3> CHILD_SA TEST-1{2} established with SPIs c1e8e177_i 01fb3039_o and TS <a href="http://0.0.0.0/0">0.0.0.0/0</a> ::/0 === <a href="http://10.10.10.0/32">10.10.10.0/32</a> 2a01:4f8:c17:1f2d::1/128</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CHD] <TEST-1|3> CHILD_SA TEST-1{2} state change: INSTALLING => INSTALLED</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> RADIUS server 'server-a' is candidate: 210</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> sending RADIUS Accounting-Request to server 'server-a'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[CFG] <TEST-1|3> received RADIUS Accounting-Response from server 'server-a'</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[ENC] <TEST-1|3> generating IKE_AUTH response 6 [ AUTH CPRP(ADDR ADDR6 DNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:02 06[NET] <TEST-1|3> sending packet: from 2a01:4f8:c17:1f2d:cafe::123[4500] to 2a01:4b00:867c:6d00:461:484e:456f:317a[4500] (394 bytes)</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:34 05[CFG] vici client 974 connected</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:34 12[CFG] vici client 974 registered for: list-sa</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:34 05[CFG] vici client 974 requests: list-sas</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:34 05[KNL] <TEST-1|3> querying SAD entry with SPI c1e8e177</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:34 05[KNL] <TEST-1|3> querying policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> in</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:34 05[KNL] <TEST-1|3> querying policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> fwd</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:34 05[KNL] <TEST-1|3> querying policy 2a01:4f8:c17:1f2d::1/128 === ::/0 in</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:34 05[KNL] <TEST-1|3> querying policy 2a01:4f8:c17:1f2d::1/128 === ::/0 fwd</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:34 05[KNL] <TEST-1|3> querying SAD entry with SPI 01fb3039</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:05:34 09[CFG] vici client 974 disconnected</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:14 13[CFG] vici client 975 connected</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:14 16[CFG] vici client 975 registered for: list-sa</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:14 13[CFG] vici client 975 requests: list-sas</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:14 13[KNL] <TEST-1|3> querying SAD entry with SPI c1e8e177</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:14 13[KNL] <TEST-1|3> querying policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> in</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:14 13[KNL] <TEST-1|3> querying policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> fwd</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:14 13[KNL] <TEST-1|3> querying policy 2a01:4f8:c17:1f2d::1/128 === ::/0 in</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:14 13[KNL] <TEST-1|3> querying policy 2a01:4f8:c17:1f2d::1/128 === ::/0 fwd</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:14 13[KNL] <TEST-1|3> querying SAD entry with SPI 01fb3039</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:14 06[CFG] vici client 975 disconnected</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:54 05[CFG] vici client 976 connected</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:54 12[CFG] vici client 976 registered for: list-sa</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:54 05[CFG] vici client 976 requests: list-sas</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:54 05[KNL] <TEST-1|3> querying SAD entry with SPI c1e8e177</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:54 05[KNL] <TEST-1|3> querying policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> in</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:54 05[KNL] <TEST-1|3> querying policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> fwd</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:54 05[KNL] <TEST-1|3> querying policy 2a01:4f8:c17:1f2d::1/128 === ::/0 in</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:54 05[KNL] <TEST-1|3> querying policy 2a01:4f8:c17:1f2d::1/128 === ::/0 fwd</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:54 05[KNL] <TEST-1|3> querying SAD entry with SPI 01fb3039</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:06:54 09[CFG] vici client 976 disconnected</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:07:34 13[CFG] vici client 977 connected</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:07:34 16[CFG] vici client 977 registered for: list-sa</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:07:34 13[CFG] vici client 977 requests: list-sas</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:07:34 13[KNL] <TEST-1|3> querying SAD entry with SPI c1e8e177</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:07:34 13[KNL] <TEST-1|3> querying policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> in</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:07:34 13[KNL] <TEST-1|3> querying policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> fwd</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:07:34 13[KNL] <TEST-1|3> querying policy 2a01:4f8:c17:1f2d::1/128 === ::/0 in</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:07:34 13[KNL] <TEST-1|3> querying policy 2a01:4f8:c17:1f2d::1/128 === ::/0 fwd</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:07:34 13[KNL] <TEST-1|3> querying SAD entry with SPI 01fb3039</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:07:34 06[CFG] vici client 977 disconnected</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:08:14 05[CFG] vici client 978 connected</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:08:14 12[CFG] vici client 978 registered for: list-sa</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:08:14 05[CFG] vici client 978 requests: list-sas</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:08:14 05[KNL] <TEST-1|3> querying SAD entry with SPI c1e8e177</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:08:14 05[KNL] <TEST-1|3> querying policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> in</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:08:14 05[KNL] <TEST-1|3> querying policy <a href="http://10.10.10.0/32">10.10.10.0/32</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a> fwd</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:08:14 05[KNL] <TEST-1|3> querying policy 2a01:4f8:c17:1f2d::1/128 === ::/0 in</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:08:14 05[KNL] <TEST-1|3> querying policy 2a01:4f8:c17:1f2d::1/128 === ::/0 fwd</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:08:14 05[KNL] <TEST-1|3> querying SAD entry with SPI 01fb3039</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">Fri, 2021-11-12, 07:08:14 09[CFG] vici client 978 disconnected</p></div><div><br></div><div><b>ipsec.conf</b></div><div><p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">config setup</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>strictcrlpolicy=yes</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>uniqueids=never</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica">conn TEST-1</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>auto=add</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>compress=no</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>type=tunnel</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>keyexchange=ikev2</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>fragmentation=yes</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>forceencaps=no</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>ike=aes256gcm16-aes192gcm16-aes128gcm16-prfsha256-ecp521-ecp256-modp4096-modp2048, aes256-sha256-ecp521-ecp256-modp4096-modp2048!</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>esp=aes256gcm16-aes192gcm16-aes128gcm16-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1-ecp521-ecp256-modp4096-modp2048, aes256-sha256-sha1!</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>dpdaction=clear</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>dpddelay=2400s</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>dpdtimeout=3600s</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>rekey=no</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>left=%any</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>leftid=@<a href="http://de-test-1.mydomain.net">de-test-1.mydomain.net</a></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>leftcert=cert.pem</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>leftsendcert=always</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a>, ::/0</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>right=%any</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>rightid=%any</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>rightauth=eap-radius</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>eap_identity=%any</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>rightdns=1.1.1.1,2606:4700:4700::1111</p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>rightsourceip=<a href="http://10.10.10.0/17,2a01:4f8:c17:1f2d::/64">10.10.10.0/17,2a01:4f8:c17:1f2d::/64</a></p>
<p style="margin:0px;font-stretch:normal;font-size:12px;line-height:normal;font-family:Helvetica"><span class="gmail-Apple-converted-space"> </span>leftfirewall=no</p></div><div><br></div><div><b>sudo systemctl status strongswan-starter</b><br>● strongswan-starter.service - strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf<br> Loaded: loaded (/lib/systemd/system/strongswan-starter.service; enabled; vendor preset: enabled)<br> Active: active (running) since Thu 2021-11-11 20:16:27 UTC; 11h ago<br> Main PID: 905 (starter)<br> Tasks: 18 (limit: 2276)<br> Memory: 11.3M<br> CPU: 685ms<br> CGroup: /system.slice/strongswan-starter.service<br> ├─905 /usr/libexec/ipsec/starter --daemon charon --nofork<br> └─918 /usr/libexec/ipsec/charon<br>Nov 11 20:16:27 de-test-1 systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.<br>Nov 11 20:16:27 de-test-1 ipsec[905]: Starting strongSwan 5.9.4 IPsec [starter]...<br>Nov 11 20:16:27 de-test-1 ipsec_starter[905]: Starting strongSwan 5.9.4 IPsec [starter]...<br>Nov 11 20:16:29 de-test-1 ipsec[905]: charon (918) started after 1620 ms<br>Nov 11 20:16:29 de-test-1 ipsec_starter[905]: charon (918) started after 1620 ms<br></div><div><br></div><div><b>ip6tables-save</b></div><div>*filter<br>:INPUT DROP [0:0]<br>:FORWARD DROP [176:15578]<br>:OUTPUT ACCEPT [2539:673098]<br>:OUTGOING - [0:0]<br>-A INPUT -i lo -j ACCEPT<br>-A INPUT -p ipv6-icmp -j ACCEPT<br>-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT<br>-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT<br>-A INPUT -p tcp -m tcp --dport 275 -j ACCEPT<br>-A INPUT -p udp -m udp --dport 500 -j ACCEPT<br>-A INPUT -p udp -m udp --dport 4500 -j ACCEPT<br>-A INPUT -p esp -m esp -j ACCEPT<br>-A INPUT -m ah -j ACCEPT<br>-A FORWARD -m policy --dir in --pol ipsec -j OUTGOING<br>-A FORWARD -m policy --dir out --pol ipsec -j ACCEPT<br>-A OUTGOING -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT<br>-A OUTGOING -m hashlimit --hashlimit-upto 5/sec --hashlimit-burst 5 --hashlimit-mode srcip,dstip --hashlimit-name NETSCANv6 --hashlimit-dstmask 64 -j ACCEPT<br>COMMIT<br># Completed on Fri Nov 12 07:18:59 2021<br># Generated by ip6tables-save v1.8.7 on Fri Nov 12 07:18:59 2021<br>*nat<br>:PREROUTING ACCEPT [848:78316]<br>:INPUT ACCEPT [12:2456]<br>:OUTPUT ACCEPT [17:1616]<br>:POSTROUTING ACCEPT [677:61898]<br>-A POSTROUTING -m policy --dir out --pol ipsec -j ACCEPT<br>-A POSTROUTING -m addrtype ! --src-type LOCAL -j MASQUERADE<br>COMMIT<b><br></b></div><div><br></div><div><b>ip route show table all</b><br></div><div>default via 172.31.1.1 dev eth0<br>172.31.1.1 dev eth0 scope link<br>broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1<br>local <a href="http://127.0.0.0/8">127.0.0.0/8</a> dev lo table local proto kernel scope host src 127.0.0.1<br>local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1<br>broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1<br>local 162.55.173.134 dev eth0 table local proto kernel scope host src 162.55.173.134<br>broadcast 162.55.173.134 dev eth0 table local proto kernel scope link src 162.55.173.134<br>::1 dev lo proto kernel metric 256 pref medium<br>2a01:4f8:c17:1f2d::1 dev eth0 proto kernel metric 256 pref medium<br>2a01:4f8:c17:1f2d:cafe::123 dev eth0 proto kernel metric 256 pref medium<br>2a01:4f8:c17:1f2d:ffff::/80 dev eth0 proto kernel metric 256 pref medium<br>fe80::/64 dev eth0 proto kernel metric 256 pref medium<br>default via fe80::1 dev eth0 metric 1024 onlink pref medium<br>local ::1 dev lo table local proto kernel metric 0 pref medium<br>local 2a01:4f8:c17:1f2d::1 dev eth0 table local proto kernel metric 0 pref medium<br>local 2a01:4f8:c17:1f2d:cafe::123 dev eth0 table local proto kernel metric 0 pref medium<br>local 2a01:4f8:c17:1f2d:ffff:: dev eth0 table local proto kernel metric 0 pref medium<br>anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium<br>local fe80::9400:ff:fef1:6bcb dev eth0 table local proto kernel metric 0 pref medium<br>multicast ff00::/8 dev eth0 table local proto kernel metric 256 pref medium<b><br></b></div><div><br></div><div><b>ip address</b><br></div><div>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000<br> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br> inet <a href="http://127.0.0.1/8">127.0.0.1/8</a> scope host lo<br> valid_lft forever preferred_lft forever<br> inet6 ::1/128 scope host<br> valid_lft forever preferred_lft forever<br>2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000<br> link/ether 96:00:00:f1:6b:cb brd ff:ff:ff:ff:ff:ff<br> altname enp0s3<br> altname ens3<br> inet <a href="http://162.55.173.134/32">162.55.173.134/32</a> brd 162.55.173.134 scope global dynamic eth0<br> valid_lft 82750sec preferred_lft 82750sec<br> inet6 2a01:4f8:c17:1f2d:ffff::/80 scope global<br> valid_lft forever preferred_lft forever<br> inet6 2a01:4f8:c17:1f2d:cafe::123/128 scope global<br> valid_lft forever preferred_lft forever<br> inet6 2a01:4f8:c17:1f2d::1/128 scope global<br> valid_lft forever preferred_lft forever<br> inet6 fe80::9400:ff:fef1:6bcb/64 scope link<br> valid_lft forever preferred_lft forever<b><br></b></div><div><br></div><div>Please let me know if you need anything else. Much appreciated.</div><div>Thank you,</div><div>Houman</div></div>