[strongSwan] IKEv2 problem for PSK between 2 x ubuntu 12.04 hosted by VMware player
Andreas Steffen
andreas.steffen at strongswan.org
Fri Jun 22 16:08:28 CEST 2012
Hi Kristian,
several things are wrong in your setup:
1) you cannot name both your hosts "superman":
Host A:
conn IKEv2-PSK-hostA-hostB
left=192.168.141.10
leftid=superman
right=192.168.141.20
rightid=%any
Host B:
conn IKEv2-PSK-hostA-hostB
left=192.168.141.20
leftid=superman
right=192.168.141.10
rightid=%any
so call Host A "superman" and Host B "batman" and the config becomes
Host A:
conn IKEv2-PSK-hostA-hostB
left=192.168.141.10
leftid=superman
right=192.168.141.20
rightid=batman
Host B:
conn IKEv2-PSK-hostA-hostB
left=192.168.141.20
leftid=batman
right=192.168.141.10
rightid=superman
2) There is syntax error in your ipsec.secrets:
192.168.141.10 192.168.141.20: PSK "Faxe Kondi Er Gudedrik"
Jun 22 05:10:45 ubuntu charon: 00[CFG] loading secrets from
'/etc/ipsec.secrets'
Jun 22 05:10:45 ubuntu charon: 00[CFG] line 13: missing ' : ' separator
The ':' separator must be surrounded by whitespace and rightid/leftid
must be used:
superman batman : PSK "Faxe Kondi Er Gudedrik"
Regards
Andreas
On 22.06.2012 14:40, Kristian.Lippert at tieto.com wrote:
> Hi
>
> I’m trying to create a setup with IKEv2 and PSK (preshared keys) using
> two ubuntu 12.04 both running strongswan 4.5.2 using IKEv2 running under
> a VMware player running on top of a Windows 7 machine.
>
> I have created a new network card on both machines and assigned two new
> IPv4 network addresses on both, one for the public network and one for
> the private network.
>
>
>
> The network plan looks like:
>
>
>
> Host A:
>
> Public: eth1: “192.168.141.10”
>
> Private: eth1: “0 10.0.10.10”
>
>
>
> Host B:
>
> Public: eth1: “192.168.141.20”
>
> Private: eth1:0: “10.0.20.20”
>
>
>
> I would like to ping 10.0.20.20 from host A tunneling it through IPsec!
>
>
>
> When I start the charon daemon (running ipsec start) on both machines I
> never get a Security Association (SA). In the beginning the (for less
> than a minute or so) I can see some negotiation goes on, but it all ends
> up with no SA.
>
>
>
> The temporary negotiation looks like:
>
>
>
> kristian at ubuntu:~/ipsec$ sudo ipsec statusall
>
> Status of IKEv2 charon daemon (strongSwan 4.5.2):
>
> uptime: 55 minutes, since Jun 22 02:40:41 2012
>
> malloc: sbrk 278528, mmap 0, used 139584, free 138944
>
> worker threads: 7 idle of 16, job queue load: 0, scheduled events: 1
>
> loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random
> x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp
> agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve
> socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc
> eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc dhcp led addrblock
>
> Listening IP addresses:
>
> 192.168.140.135
>
> 192.168.141.10
>
> 10.0.10.10
>
> Connections:
>
> IKEv2-PSK-hostA-hostB: 192.168.141.10...192.168.141.20
>
> IKEv2-PSK-hostA-hostB: local: [superman] uses pre-shared key
> authentication
>
> IKEv2-PSK-hostA-hostB: remote: [%any] uses any authentication
>
> IKEv2-PSK-hostA-hostB: child: 10.0.10.0/24 === 10.0.20.0/24
>
> Security Associations:
>
> (unnamed)[4]: CONNECTING, 192.168.141.10[%any]...192.168.141.20[%any]
>
> (unnamed)[4]: IKE SPIs: 38ecec06d56379ba_i 83cb53b0abaae4f2_r*
>
> (unnamed)[4]: IKE proposal:
> AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
>
> (unnamed)[4]: Tasks passive: IKE_CERT_PRE IKE_AUTHENTICATE
> IKE_CERT_POST IKE_CONFIG CHILD_CREATE IKE_AUTH_LIFETIME IKE_MOBIKE
>
>
>
> But ends up with
>
> …
>
> Security Associations:
>
> None
>
>
>
> What am I doing wrong?
>
>
>
> Best Regards,
>
> Kristian
>
>
>
>
>
> The strongswan.conf files have not been modified after installation.
>
>
>
> The ipsec.secrets are similar on both machines and looks like:
>
> 192.168.141.10 192.168.141.20: PSK "Faxe Kondi Er Gudedrik"
>
>
>
> The ipsec.conf on host A looks like:
>
> # ipsec.conf - strongSwan IPsec configuration file
>
> # basic configuration
>
>
>
> config setup
>
> charondebug="dmn 4, ike 4, knl 4, cfg 4, mgr 4, chd 4, net 4"
>
> charonstart=yes
>
> plutostart=no
>
>
>
> # Add connections here.
>
>
>
> conn IKEv2-PSK-hostA-hostB
>
> ikelifetime=180m
>
> lifetime=60m
>
> rekeymargin=3m
>
> keyingtries=1
>
> keyexchange=ikev2
>
> left=192.168.141.10
>
> leftid=superman
>
> right=192.168.141.20
>
> rightid=%any
>
> leftsubnet=10.0.10.0/24
>
> rightsubnet=10.0.20.0/24
>
> auto=start
>
> authby=psk
>
> mobike=no
>
>
>
> include /var/lib/strongswan/ipsec.conf.inc
>
>
>
> The ipsec.conf on host B looks like:
>
> # ipsec.conf - strongSwan IPsec configuration file
>
>
>
> # basic configuration
>
>
>
> config setup
>
> charondebug="dmn 4, ike 4, knl 4, cfg 4, mgr 4, chd 4, net 4"
>
> charonstart=yes
>
> plutostart=no
>
>
>
> # Add connections here.
>
>
>
> conn IKEv2-PSK-hostA-hostB
>
> ikelifetime=180m
>
> lifetime=60m
>
> rekeymargin=3m
>
> keyingtries=1
>
> keyexchange=ikev2
>
> left=192.168.141.20
>
> leftid=superman
>
> right=192.168.141.10
>
> rightid=%any
>
> leftsubnet=10.0.20.0/24
>
> rightsubnet=10.0.10.0/24
>
> auto=start
>
> authby=psk
>
> mobike=no
>
>
>
> include /var/lib/strongswan/ipsec.conf.inc
>
>
>
> The syslog on host A (already started) looks like:
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] received IPv4 packet => 860 bytes
> @ 0xb118c9b0
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 0: 45 00 03 5C 00 00 40 00 40
> 11 9C 21 C0 A8 8D 14 E..\.. at .@..!....
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 16: C0 A8 8D 0A 01 F4 01 F4 03
> 48 97 CE BA 79 63 D5 .........H...yc.
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 32: 06 EC EC 38 00 00 00 00 00
> 00 00 00 21 20 22 08 ...8........! ".
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 48: 00 00 00 00 00 00 03 40 22
> 00 01 C0 02 00 00 2C .......@"......,
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 64: 01 01 00 04 03 00 00 0C 01
> 00 00 0C 80 0E 00 80 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 80: 03 00 00 08 03 00 00 02 03
> 00 00 08 02 00 00 02 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 96: 00 00 00 08 04 00 00 0E 02
> 00 00 28 02 01 00 04 ...........(....
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 112: 03 00 00 08 01 00 00 03 03
> 00 00 08 03 00 00 02 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 128: 03 00 00 08 02 00 00 02 00
> 00 00 08 04 00 00 05 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 144: 00 00 01 68 03 01 00 26 03
> 00 00 0C 01 00 00 0C ...h...&........
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 160: 80 0E 00 80 03 00 00 0C 01
> 00 00 0C 80 0E 00 C0 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 176: 03 00 00 0C 01 00 00 0C 80
> 0E 01 00 03 00 00 08 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 192: 01 00 00 03 03 00 00 0C 01
> 00 00 17 80 0E 00 80 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 208: 03 00 00 0C 01 00 00 17 80
> 0E 00 C0 03 00 00 0C ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 224: 01 00 00 17 80 0E 01 00 03
> 00 00 0C 01 00 00 0D ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 240: 80 0E 00 80 03 00 00 0C 01
> 00 00 0D 80 0E 00 C0 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 256: 03 00 00 0C 01 00 00 0D 80
> 0E 01 00 03 00 00 0C ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 272: 01 00 00 18 80 0E 00 80 03
> 00 00 0C 01 00 00 18 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 288: 80 0E 00 C0 03 00 00 0C 01
> 00 00 18 80 0E 01 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 304: 03 00 00 08 03 00 00 05 03
> 00 00 08 03 00 00 02 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 320: 03 00 00 08 03 00 00 0C 03
> 00 00 08 03 00 00 01 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 336: 03 00 00 08 03 00 00 0D 03
> 00 00 08 03 00 00 0E ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 352: 03 00 00 08 02 00 00 04 03
> 00 00 08 02 00 00 02 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 368: 03 00 00 08 02 00 00 05 03
> 00 00 08 02 00 00 01 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 384: 03 00 00 08 02 00 00 06 03
> 00 00 08 02 00 00 07 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 400: 03 00 00 08 04 00 00 0E 03
> 00 00 08 04 00 00 17 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 416: 03 00 00 08 04 00 00 18 03
> 00 00 08 04 00 00 05 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 432: 03 00 00 08 04 00 00 13 03
> 00 00 08 04 00 00 14 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 448: 03 00 00 08 04 00 00 15 03
> 00 00 08 04 00 00 1A ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 464: 03 00 00 08 04 00 00 19 03
> 00 00 08 04 00 00 10 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 480: 03 00 00 08 04 00 00 12 03
> 00 00 08 04 00 00 02 ................
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 496: 00 00 00 08 04 00 00 16 28
> 00 01 08 00 0E 00 00 ........(.......
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 512: A4 6E 08 EE 55 BC 90 EB 34
> 3D 08 C5 A6 1E 03 CB .n..U...4=......
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 528: CC FF 30 F8 21 96 40 D6 EE
> BE A4 80 BF 7C 5A 25 ..0.!. at ......|Z%
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 544: 97 20 0D E2 A4 2E A2 A4 5A
> 78 0A EB A9 0B 7C 92 . ......Zx....|.
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 560: 07 B1 A6 30 98 2B 7A C7 60
> 55 C9 89 D0 F7 CC 1D ...0.+z.`U......
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 576: E4 78 47 ED D6 30 0A 2A 6F
> 93 40 DD 71 0A 10 9A .xG..0.*o. at .q...
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 592: 70 D9 DA 3C 50 CE 02 67 51
> 07 64 7A 48 10 B7 4B p..<P..gQ.dzH..K
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 608: 77 B6 BD 4D D6 40 04 A1 12
> 3D 0F 5E DD DA 13 FF w..M. at ...=.^....
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 624: 66 7C AD 79 EA AC 8B 46 A3
> 9F 26 09 8D C9 2B D9 f|.y...F..&...+.
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 640: 0D BB 5D B4 67 D7 12 26 36
> 16 54 33 49 0B 46 E6 ..].g..&6.T3I.F.
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 656: 3E DA 69 0C C7 A3 93 48 0F
> 01 86 C9 A0 B4 83 54 >.i....H.......T
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 672: 16 73 D6 C7 87 3F F7 7B 1F
> 8F A4 DB FE AD F9 93 .s...?.{........
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 688: 5A A8 BC DD 67 97 CA F9 BB
> 3D C7 E7 03 D2 62 EC Z...g....=....b.
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 704: E7 E4 86 1A F8 EC 6F 87 CB
> 84 86 BF 0D AC 5A 28 ......o.......Z(
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 720: 21 DA CB 99 78 C9 91 1B A2
> 95 FA 30 E7 DC 90 B6 !...x......0....
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 736: 57 3C B7 F3 8E 78 60 76 F7
> 4B AF 63 47 22 E4 AF W<...x`v.K.cG"..
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 752: 25 31 56 A7 36 B4 D3 2D 49
> CC B5 A2 57 67 0F 09 %1V.6..-I...Wg..
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 768: 29 00 00 24 D1 31 81 7F ED
> 9F 8A 63 7E 69 2D 1E )..$.1.....c~i-.
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 784: 73 0E D1 55 E8 8A E1 6E E8
> 11 D6 D2 24 9E 4D AB s..U...n....$.M.
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 800: 5F 52 A1 FE 29 00 00 1C 00
> 00 40 04 58 BA 87 41 _R..)..... at .X..A
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 816: 4E 47 1D 6C DE D0 04 CB 88
> 3D F8 07 19 42 8F 39 NG.l.....=...B.9
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 832: 00 00 00 1C 00 00 40 05 48
> C8 A5 42 A2 0D B4 43 ...... at .H..B...C
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] 848: 71 40 0A F4 FD E7 C9 97 9A
> 88 CF 8A q at ..........
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] received packet: from
> 192.168.141.20[500] to 192.168.141.10[500]
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] waiting for data on raw sockets
>
> Jun 22 05:10:45 ubuntu charon: 13[MGR] checkout IKE_SA by message
>
> Jun 22 05:10:45 ubuntu charon: 13[MGR] created IKE_SA (unnamed)[4]
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] received packet: from
> 192.168.141.20[500] to 192.168.141.10[500]
>
> Jun 22 05:10:45 ubuntu charon: 13[ENC] parsed IKE_SA_INIT request 0 [ SA
> KE No N(NATD_S_IP) N(NATD_D_IP) ]
>
> Jun 22 05:10:45 ubuntu charon: 13[CFG] looking for an ike config for
> 192.168.141.10...192.168.141.20
>
> Jun 22 05:10:45 ubuntu charon: 13[CFG] candidate:
> 192.168.141.10...192.168.141.20, prio 12
>
> Jun 22 05:10:45 ubuntu charon: 13[CFG] found matching ike config:
> 192.168.141.10...192.168.141.20 with prio 12
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 192.168.141.20 is initiating an
> IKE_SA
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] IKE_SA (unnamed)[4] state change:
> CREATED => CONNECTING
>
> Jun 22 05:10:45 ubuntu charon: 13[CFG] selecting proposal:
>
> Jun 22 05:10:45 ubuntu charon: 13[CFG] proposal matches
>
> Jun 22 05:10:45 ubuntu charon: 13[CFG] received proposals:
> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/AES_XCBC_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160
>
> Jun 22 05:10:45 ubuntu charon: 13[CFG] configured proposals:
> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/AES_XCBC_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160
>
> Jun 22 05:10:45 ubuntu charon: 13[CFG] selected proposal:
> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_chunk => 22 bytes @ 0xb8116888
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: BA 79 63 D5 06 EC EC 38 00
> 00 00 00 00 00 00 00 .yc....8........
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: C0 A8 8D 0A 01
> F4 ......
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_hash => 20 bytes @ 0xb811c638
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 48 C8 A5 42 A2 0D B4 43 71
> 40 0A F4 FD E7 C9 97 H..B...Cq at ......
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 9A 88 CF
> 8A ....
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_chunk => 22 bytes @ 0xb8116888
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: BA 79 63 D5 06 EC EC 38 00
> 00 00 00 00 00 00 00 .yc....8........
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: C0 A8 8D 14 01
> F4 ......
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_hash => 20 bytes @ 0xb8117150
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 58 BA 87 41 4E 47 1D 6C DE
> D0 04 CB 88 3D F8 07 X..ANG.l.....=..
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 19 42 8F
> 39 .B.9
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] precalculated src_hash => 20
> bytes @ 0xb8117150
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 58 BA 87 41 4E 47 1D 6C DE
> D0 04 CB 88 3D F8 07 X..ANG.l.....=..
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 19 42 8F
> 39 .B.9
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] precalculated dst_hash => 20
> bytes @ 0xb811c638
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 48 C8 A5 42 A2 0D B4 43 71
> 40 0A F4 FD E7 C9 97 H..B...Cq at ......
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 9A 88 CF 8A
> ....
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] received src_hash => 20 bytes @
> 0xb811c128
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 58 BA 87 41 4E 47 1D 6C DE
> D0 04 CB 88 3D F8 07 X..ANG.l.....=..
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 19 42 8F
> 39 .B.9
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] received dst_hash => 20 bytes @
> 0xb811c140
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 48 C8 A5 42 A2 0D B4 43 71
> 40 0A F4 FD E7 C9 97 H..B...Cq at ......
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 9A 88 CF
> 8A ....
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] shared Diffie Hellman secret =>
> 256 bytes @ 0xb8117738
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 05 F5 3E AA FA 80 74 3F E2
> 20 D8 9A 99 8E B2 28 ..>...t?. .....(
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: B0 DE 40 13 76 93 75 11 CD
> C1 D8 01 80 9E 5E BB .. at .v.u.......^.
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 32: 7A 36 E3 C6 43 BE C6 AB 89
> B4 EA FC C2 75 F8 5D z6..C........u.]
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 48: 08 B1 A4 37 2E 1B DB 8B C6
> 87 2B BB 9F 3E D7 44 ...7......+..>.D
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 64: 4E A6 A3 D3 39 FB C3 2D 4D
> 80 81 69 56 9B 97 7D N...9..-M..iV..}
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 80: CF 18 46 8F 93 40 56 C4 40
> A7 70 D4 05 61 81 C0 ..F.. at V.@.p..a..
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 96: 48 2E E0 9E CD 58 9A 19 C9
> 33 B8 17 38 D3 83 D1 H....X...3..8...
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 112: 61 07 52 99 48 78 7F D4 C7
> C3 C1 CE 0C F2 0E 39 a.R.Hx.........9
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 128: 57 F8 29 D6 2A 5A C2 09 F6
> C7 2D 99 D8 78 E7 76 W.).*Z....-..x.v
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 144: BA E5 B1 ED 1B 15 39 AB 59
> EA E0 A5 C9 DB 59 C8 ......9.Y.....Y.
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 160: 46 F2 DD 65 27 6A 25 79 4F
> A4 34 5E E4 FE 31 E9 F..e'j%yO.4^..1.
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 176: 70 76 9E 40 A5 E9 64 BA E4
> B6 0A 21 74 1E 6C 74 pv. at ..d....!t.lt
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 192: 1F 3D A5 8F DD 7D FA E2 43
> 11 7C CD 64 C5 A8 1C .=...}..C.|.d...
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 208: 21 52 8E 3F 56 ED F7 2A 7B
> 2C CA FB D4 9D 4A D5 !R.?V..*{,....J.
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 224: FC 65 05 39 C5 1F FF 17 1C
> C1 77 09 F3 A7 79 9E .e.9......w...y.
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 240: C9 06 56 B4 24 C9 99 30 C1
> AB 6D FB C9 A6 4A 3A ..V.$..0..m...J:
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] SKEYSEED => 20 bytes @ 0xb811d1c8
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 0E EA A7 44 7D 0C FF 8C 8D
> F8 A9 71 A1 7F EE 2D ...D}......q...-
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: E1 97 96
> FE ....
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_d secret => 20 bytes @ 0xb811d1c8
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 9E 18 5D 6F E1 BF 96 BE 65
> DA A7 1B A9 E0 98 46 ..]o....e......F
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 2F BE 1B BA
> /...
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_ai secret => 20 bytes @ 0xb8117150
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: C3 63 62 D1 1D 17 5A 5D 74
> 2D EE 32 7F 69 9E B9 .cb...Z]t-.2.i..
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 01 37 30
> 9C .70.
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_ar secret => 20 bytes @ 0xb8117150
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 37 82 4D A3 FF 70 7B 55 9F
> 66 5E 34 D2 E9 36 53 7.M..p{U.f^4..6S
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 35 E2 2F
> B0 5./.
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_ei secret => 16 bytes @ 0xb8117150
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: E1 05 B0 D2 5E 4E 2E DC CF
> 38 4C 02 83 30 63 24 ....^N...8L..0c$
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_er secret => 16 bytes @ 0xb8117150
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 83 F8 E9 C7 00 C0 AC 39 8E
> A6 D7 34 72 A2 68 01 .......9...4r.h.
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_pi secret => 20 bytes @ 0xb8117150
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 2E B4 EE CD EC 6E 28 4D FE
> BB 17 E2 BD 7F 67 8C .....n(M......g.
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: C8 A2 D0
> DF ....
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_pr secret => 20 bytes @ 0xb8117820
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 2F 09 0A 63 4C 97 34 44 35
> DE 44 A0 69 C2 90 01 /..cL.4D5.D.i...
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 93 1A 9E
> BD ....
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_chunk => 22 bytes @ 0xb8118518
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: BA 79 63 D5 06 EC EC 38 F2
> E4 AA AB B0 53 CB 83 .yc....8.....S..
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: C0 A8 8D 0A 01
> F4 ......
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_hash => 20 bytes @ 0xb811d2e8
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 4A 5A 0E EF 69 BC 90 A1 88
> 83 8F D2 7A 44 DC D3 JZ..i.......zD..
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 1E 14 5C
> 27 ..\'
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_chunk => 22 bytes @ 0xb8118518
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: BA 79 63 D5 06 EC EC 38 F2
> E4 AA AB B0 53 CB 83 .yc....8.....S..
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: C0 A8 8D 14 01
> F4 ......
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_hash => 20 bytes @ 0xb811d2e8
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: E1 EB DC D1 5D 4B 61 E3 3A
> 32 A9 54 1E CA B5 C4 ....]Ka.:2.T....
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: A6 AD F5
> 28 ...(
>
> Jun 22 05:10:45 ubuntu charon: 13[IKE] sending cert request for "C=DK,
> ST=Aarhus, L=Aarhus, O=Tieto, OU=RD, CN=tieto.com, E=superman"
>
> Jun 22 05:10:45 ubuntu charon: 13[ENC] generating IKE_SA_INIT response 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] sending packet: from
> 192.168.141.10[500] to 192.168.141.20[500]
>
> Jun 22 05:10:45 ubuntu charon: 11[NET] sending packet: from
> 192.168.141.10[500] to 192.168.141.20[500]
>
> Jun 22 05:10:45 ubuntu charon: 13[MGR] checkin IKE_SA (unnamed)[4]
>
> Jun 22 05:10:45 ubuntu charon: 13[MGR] check-in of IKE_SA successful.
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] stroke message => 352 bytes @
> 0xb6199100
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 0: 60 01 83 BF 09 00 00 00 01
> 00 00 00 00 00 00 00 `...............
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 16: 00 00 00 00 01 00 00 00 00
> 00 00 00 90 DE 83 BF ................
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 32: 00 00 00 00 00 00 00 00 E4
> FF FF FF 44 EA 83 BF ............D...
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 48: E0 35 7B B7 C0 DE 83 BF 1E
> 77 7B B7 00 00 00 00 .5{......w{.....
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 64: 00 00 00 00 01 00 00 00 1C
> 77 7B B7 00 00 00 00 .........w{.....
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 80: A0 DE 83 BF 80 1A 5C B7 00
> 00 00 00 1C 00 00 00 ......\.........
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 96: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 112: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 128: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 144: 78 B5 5E B7 E8 E6 83 BF F4
> 8F 7F B7 78 B5 5E B7 x.^.........x.^.
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 160: B7 E8 7D B7 68 A1 5C B7 00
> 00 00 00 E8 00 00 00 ..}.h.\.........
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 176: 12 08 00 00 03 00 00 00 00
> 60 00 00 C0 B2 5E B7 .........`....^.
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 192: B7 E8 7D B7 44 F0 5C B7 00
> 00 00 00 34 00 00 00 ..}.D.\.....4...
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 208: C0 D7 7E B7 03 00 00 00 00
> 20 00 00 E8 E8 83 BF ..~...... ......
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 224: 40 EE 7D B7 00 00 00 00 00
> 70 00 00 D0 6D 00 00 @.}......p...m..
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 240: D0 6D 00 00 00 00 00 00 05
> 00 00 00 00 70 00 00 .m...........p..
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 256: 00 90 00 00 68 81 00 00 50
> 82 00 00 00 60 00 00 ....h...P....`..
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 272: 03 00 00 00 F4 8F 7F B7 78
> B5 5E B7 18 99 7F B7 ........x.^.....
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 288: E3 D8 7E B7 08 00 00 00 1F
> 00 00 00 00 20 00 00 ..~.......... ..
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 304: 03 00 00 00 F4 8F 7F B7 C6
> D8 7E B7 F4 8F 7F B7 ..........~.....
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 320: 80 30 7E B7 F0 B7 5E B7 58
> B5 5E B7 1F 00 00 00 .0~...^.X.^.....
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 336: 03 00 00 00 F4 8F 7F B7 C6
> D8 7E B7 2F B7 5E B7 ..........~./.^.
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] proposing traffic selectors for us:
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 10.0.10.0/24 (derived from
> 10.0.10.0/24)
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] proposing traffic selectors for
> other:
>
> Jun 22 05:10:51 ubuntu charon: 02[CFG] 10.0.20.0/24 (derived from
> 10.0.20.0/24)
>
> Jun 22 05:11:15 ubuntu charon: 03[MGR] checkout IKE_SA
>
> Jun 22 05:11:15 ubuntu charon: 03[MGR] IKE_SA (unnamed)[4] successfully
> checked out
>
> Jun 22 05:11:15 ubuntu charon: 03[JOB] deleting half open IKE_SA after
> timeout
>
> Jun 22 05:11:15 ubuntu charon: 03[MGR] checkin and destroy IKE_SA
> (unnamed)[4]
>
> Jun 22 05:11:15 ubuntu charon: 03[IKE] IKE_SA (unnamed)[4] state change:
> CONNECTING => DESTROYING
>
> Jun 22 05:11:15 ubuntu charon: 03[MGR] check-in and destroy of IKE_SA
> successful
>
>
>
>
>
>
>
> The syslog from host B (being started looks like):
>
>
>
>
>
>
>
> Jun 22 05:10:45 ubuntu charon: 00[DMN] Starting IKEv2 charon daemon
> (strongSwan 4.5.2)
>
> Jun 22 05:10:45 ubuntu charon: 00[LIB] Padlock not found, CPU is
> GenuineIntel
>
> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'padlock': failed to load
> - padlock_plugin_create returned NULL
>
> Jun 22 05:10:45 ubuntu charon: 00[KNL] listening on interfaces:
>
> Jun 22 05:10:45 ubuntu charon: 00[KNL] eth0
>
> Jun 22 05:10:45 ubuntu charon: 00[KNL] 192.168.140.136
>
> Jun 22 05:10:45 ubuntu charon: 00[KNL] fe80::20c:29ff:fee8:4767
>
> Jun 22 05:10:45 ubuntu charon: 00[KNL] eth1
>
> Jun 22 05:10:45 ubuntu charon: 00[KNL] 192.168.141.20
>
> Jun 22 05:10:45 ubuntu charon: 00[KNL] 10.0.20.20
>
> Jun 22 05:10:45 ubuntu charon: 00[KNL] fe80::20c:29ff:fee8:4771
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading ca certificates from
> '/etc/ipsec.d/cacerts'
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] loaded ca certificate "C=DK,
> ST=Aarhus, L=Aarhus, O=Tieto, OU=RD, CN=tieto.com, E=superman" from
> '/etc/ipsec.d/cacerts/strongswanCert.pem'
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading aa certificates from
> '/etc/ipsec.d/aacerts'
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading ocsp signer certificates
> from '/etc/ipsec.d/ocspcerts'
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading attribute certificates
> from '/etc/ipsec.d/acerts'
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading secrets from
> '/etc/ipsec.secrets'
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] line 13: missing ' : ' separator
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] sql plugin: database URI not set
>
> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'sql': failed to load -
> sql_plugin_create returned NULL
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] loaded 0 RADIUS server configurations
>
> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'medsrv' failed to load:
> /usr/lib/ipsec/plugins/libstrongswan-medsrv.so: cannot open shared
> object file: No such file or directory
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] mediation client database URI not
> defined, skipped
>
> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'medcli': failed to load -
> medcli_plugin_create returned NULL
>
> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'nm' failed to load:
> /usr/lib/ipsec/plugins/libstrongswan-nm.so: cannot open shared object
> file: No such file or directory
>
> Jun 22 05:10:45 ubuntu charon: 00[CFG] HA config misses local/remote address
>
> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'ha': failed to load -
> ha_plugin_create returned NULL
>
> Jun 22 05:10:45 ubuntu charon: 00[DMN] loaded plugins: test-vectors curl
> ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey
> pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm
> attr kernel-netlink resolve socket-raw farp stroke updown eap-identity
> eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc
> dhcp led addrblock
>
> Jun 22 05:10:45 ubuntu charon: 00[JOB] spawning 16 worker threads
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] waiting for data on raw sockets
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] stroke message => 524 bytes @
> 0xb2182050
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 0: 0C 02 00 00 03 00 00 00 FF
> FF FF FF 60 01 00 00 ............`...
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 16: 01 00 00 00 02 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 32: 00 00 00 00 00 00 00 00 02
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 48: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 64: 01 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 80: 01 00 00 00 76 01 00 00 9E
> 01 00 00 01 00 00 00 ....v...........
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 96: 10 0E 00 00 30 2A 00 00 B4
> 00 00 00 00 00 00 00 ....0*..........
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 112: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 128: 00 00 00 00 00 00 00 00 00
> 00 00 00 01 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 144: 64 00 00 00 1E 00 00 00 00
> 00 00 00 00 00 00 00 d...............
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 160: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 176: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 192: B4 01 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 208: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 224: 00 00 00 00 00 00 00 00 CF
> 01 00 00 F4 01 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 240: 00 00 00 00 00 00 00 00 DE
> 01 00 00 01 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 256: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 272: 00 00 00 00 EB 01 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 288: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 304: 00 00 00 00 00 00 00 00 00
> 00 00 00 F0 01 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 320: F4 01 00 00 00 00 00 00 00
> 00 00 00 FF 01 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 336: 01 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 352: 49 4B 45 76 32 2D 50 53 4B
> 2D 68 6F 73 74 41 2D IKEv2-PSK-hostA-
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 368: 68 6F 73 74 42 00 61 65 73
> 31 32 38 2D 73 68 61 hostB.aes128-sha
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 384: 31 2D 6D 6F 64 70 32 30 34
> 38 2C 33 64 65 73 2D 1-modp2048,3des-
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 400: 73 68 61 31 2D 6D 6F 64 70
> 31 35 33 36 00 61 65 sha1-modp1536.ae
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 416: 73 31 32 38 2D 73 68 61 31
> 2C 33 64 65 73 2D 73 s128-sha1,3des-s
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 432: 68 61 31 00 6B 72 69 73 74
> 69 61 6E 2E 6C 69 70 ha1.kristian.lip
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 448: 70 65 72 74 40 74 69 65 74
> 6F 2E 63 6F 6D 00 31 pert at tieto.com.1
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 464: 39 32 2E 31 36 38 2E 31 34
> 31 2E 32 30 00 31 30 92.168.141.20.10
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 480: 2E 30 2E 32 30 2E 30 2F 32
> 34 00 25 61 6E 79 00 .0.20.0/24.%any.
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 496: 31 39 32 2E 31 36 38 2E 31
> 34 31 2E 31 30 00 31 192.168.141.10.1
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] 512: 30 2E 30 2E 31 30 2E 30 2F
> 32 34 00 0.0.10.0/24.
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] received stroke: add connection
> 'IKEv2-PSK-hostA-hostB'
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] conn IKEv2-PSK-hostA-hostB
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] left=192.168.141.20
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftsubnet=10.0.20.0/24
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftsourceip=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftauth=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftauth2=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftid=superman
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftid2=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftcert=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftcert2=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftca=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftca2=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftgroups=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftupdown=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] right=192.168.141.10
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightsubnet=10.0.10.0/24
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightsourceip=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightauth=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightauth2=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightid=%any
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightid2=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightcert=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightcert2=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightca=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightca2=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightgroups=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightupdown=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] eap_identity=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] aaa_identity=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG]
> ike=aes128-sha1-modp2048,3des-sha1-modp1536
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] esp=aes128-sha1,3des-sha1
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] mediation=no
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] mediated_by=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] me_peerid=(null)
>
> Jun 22 05:10:45 ubuntu charon: 10[KNL] getting interface name for
> 192.168.141.10
>
> Jun 22 05:10:45 ubuntu charon: 10[KNL] 192.168.141.10 is not a local address
>
> Jun 22 05:10:45 ubuntu charon: 10[KNL] getting interface name for
> 192.168.141.20
>
> Jun 22 05:10:45 ubuntu charon: 10[KNL] 192.168.141.20 is on interface eth1
>
> Jun 22 05:10:45 ubuntu charon: 10[CFG] added configuration
> 'IKEv2-PSK-hostA-hostB'
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] stroke message => 374 bytes @
> 0xb017e0e0
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 0: 76 01 00 00 00 00 00 00 FF
> FF FF FF 60 01 00 00 v...........`...
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 16: 01 00 00 00 02 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 32: 00 00 00 00 00 00 00 00 02
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 48: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 64: 01 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 80: 01 00 00 00 76 01 00 00 9E
> 01 00 00 01 00 00 00 ....v...........
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 96: 10 0E 00 00 30 2A 00 00 B4
> 00 00 00 00 00 00 00 ....0*..........
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 112: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 128: 00 00 00 00 00 00 00 00 00
> 00 00 00 01 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 144: 64 00 00 00 1E 00 00 00 00
> 00 00 00 00 00 00 00 d...............
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 160: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 176: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 192: B4 01 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 208: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 224: 00 00 00 00 00 00 00 00 CF
> 01 00 00 F4 01 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 240: 00 00 00 00 00 00 00 00 DE
> 01 00 00 01 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 256: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 272: 00 00 00 00 EB 01 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 288: 00 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 304: 00 00 00 00 00 00 00 00 00
> 00 00 00 F0 01 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 320: F4 01 00 00 00 00 00 00 00
> 00 00 00 FF 01 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 336: 01 00 00 00 00 00 00 00 00
> 00 00 00 00 00 00 00 ................
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 352: 49 4B 45 76 32 2D 50 53 4B
> 2D 68 6F 73 74 41 2D IKEv2-PSK-hostA-
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] 368: 68 6F 73 74 42
> 00 hostB.
>
> Jun 22 05:10:45 ubuntu charon: 14[CFG] received stroke: initiate
> 'IKEv2-PSK-hostA-hostB'
>
> Jun 22 05:10:45 ubuntu charon: 14[MGR] checkout IKE_SA by config
>
> Jun 22 05:10:45 ubuntu charon: 14[MGR] created IKE_SA (unnamed)[1]
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_VENDOR task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_INIT task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_NATD task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_CERT_PRE task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_AUTHENTICATE task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_CERT_POST task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_CONFIG task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_AUTH_LIFETIME task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_ME task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing CHILD_CREATE task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating new tasks
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_VENDOR task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_INIT task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_NATD task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_CERT_PRE task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_ME task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_AUTHENTICATE task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_CERT_POST task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_CONFIG task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating CHILD_CREATE task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_AUTH_LIFETIME task
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] initiating IKE_SA
> IKEv2-PSK-hostA-hostB[1] to 192.168.141.10
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] IKE_SA IKEv2-PSK-hostA-hostB[1]
> state change: CREATED => CONNECTING
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] natd_chunk => 22 bytes @ 0xb7819d70
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] 0: BA 79 63 D5 06 EC EC 38 00
> 00 00 00 00 00 00 00 .yc....8........
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] 16: C0 A8 8D 0A 01
> F4 ......
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] natd_hash => 20 bytes @ 0xb78195d8
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] 0: 48 C8 A5 42 A2 0D B4 43 71
> 40 0A F4 FD E7 C9 97 H..B...Cq at ......
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] 16: 9A 88 CF
> 8A ....
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] natd_chunk => 22 bytes @ 0xb7819d70
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] 0: BA 79 63 D5 06 EC EC 38 00
> 00 00 00 00 00 00 00 .yc....8........
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] 16: C0 A8 8D 14 01
> F4 ......
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] natd_hash => 20 bytes @ 0xb78195d8
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] 0: 58 BA 87 41 4E 47 1D 6C DE
> D0 04 CB 88 3D F8 07 X..ANG.l.....=..
>
> Jun 22 05:10:45 ubuntu charon: 14[IKE] 16: 19 42 8F
> 39 .B.9
>
> Jun 22 05:10:45 ubuntu charon: 14[ENC] generating IKE_SA_INIT request 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
>
> Jun 22 05:10:45 ubuntu charon: 14[NET] sending packet: from
> 192.168.141.20[500] to 192.168.141.10[500]
>
> Jun 22 05:10:45 ubuntu charon: 12[NET] sending packet: from
> 192.168.141.20[500] to 192.168.141.10[500]
>
> Jun 22 05:10:45 ubuntu charon: 14[MGR] checkin IKE_SA
> IKEv2-PSK-hostA-hostB[1]
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] received IPv4 packet => 493 bytes
> @ 0xb097c9b0
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 0: 45 00 01 ED 00 00 40 00 40
> 11 9D 90 C0 A8 8D 0A E..... at .@.......
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 16: C0 A8 8D 14 01 F4 01 F4 01
> D9 74 BF BA 79 63 D5 ..........t..yc.
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 32: 06 EC EC 38 F2 E4 AA AB B0
> 53 CB 83 21 20 22 20 ...8.....S..! "
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 48: 00 00 00 00 00 00 01 D1 22
> 00 00 30 00 00 00 2C ........"..0...,
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 64: 01 01 00 04 03 00 00 0C 01
> 00 00 0C 80 0E 00 80 ................
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 80: 03 00 00 08 03 00 00 02 03
> 00 00 08 02 00 00 02 ................
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 96: 00 00 00 08 04 00 00 0E 28
> 00 01 08 00 0E 00 00 ........(.......
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 112: C0 FF E5 3C 3B 57 A5 E1 DB
> 5D 5A A9 B5 61 B8 D4 ...<;W...]Z..a..
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 128: 6E 5D 32 D9 AF E4 CB 6A 1A
> EF B9 EC 05 11 38 C5 n]2....j......8.
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 144: 30 7B 35 E9 D2 11 70 81 14
> 99 9E E7 19 A9 AF 5E 0{5...p........^
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 160: 09 30 39 42 02 33 53 70 98
> B8 DF 72 D0 94 F4 D2 .09B.3Sp...r....
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 176: C8 92 11 A1 E1 77 E0 2D CF
> BE A5 A7 B3 D2 22 B0 .....w.-......".
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 192: 19 85 93 EC 37 53 6E E2 26
> E5 29 2F F6 BD 49 02 ....7Sn.&.)/..I.
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 208: 0F C5 53 95 B4 C9 49 E4 64
> DE 0B 40 76 3B E6 93 ..S...I.d.. at v;..
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 224: C3 94 7E 5B E8 45 05 28 33
> 03 6F B4 6F BE D5 DF ..~[.E.(3.o.o...
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 240: F7 4A 46 8B A0 13 0F D6 AC
> EC 7D 72 78 D8 83 CE .JF.......}rx...
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 256: F1 01 12 C8 B4 32 0D 1E A6
> 71 0B 8C 1D FF B1 7B .....2...q.....{
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 272: 8B B2 22 24 A0 24 82 2C F9
> EC 0B 36 27 65 2E 4D .."$.$.,...6'e.M
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 288: A8 85 F7 BA 1A BE 30 E8 6D
> A0 47 F4 C6 DD 55 75 ......0.m.G...Uu
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 304: 84 E3 8E 1B 90 5B 50 28 6B
> 79 4D 40 BF 13 4C E2 .....[P(kyM at ..L.
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 320: E9 DB 39 D6 4B 0B 34 7C EB
> 1D 85 DE 5E C7 7A 26 ..9.K.4|....^.z&
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 336: 8C 9C EF A3 5B 81 3D 37 47
> E6 A7 7B 73 2B 30 A5 ....[.=7G..{s+0.
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 352: 53 30 E3 35 DB 39 CB 93 8E
> 43 14 53 7E 19 AE BA S0.5.9...C.S~...
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 368: 29 00 00 24 E1 7D 3B 25 A2
> 27 6E 65 5C ED 3D FD )..$.};%.'ne\.=.
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 384: 27 91 F9 D2 AD F5 F0 A2 58
> 99 0D 56 10 C8 FB 7A '.......X..V...z
>
> Jun 22 05:10:45 ubuntu charon: 13[NET] 400: 0D 7F AE D1 29 00 00 1C 00
> 00 40 04 4A 5A 0E EF ....)..... at .JZ..
>
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
--
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4489 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120622/bc48a569/attachment.bin>
More information about the Users
mailing list