[strongSwan] IKEv2 problem for PSK between 2 x ubuntu 12.04 hosted by VMware player
Huang, Ricky
rhhuang at soe.ucsd.edu
Fri Jun 22 18:33:04 CEST 2012
On Jun 22, 2012, at 7:08 AM, "Andreas Steffen" <andreas.steffen at strongswan.org> wrote:
> Hi Kristian,
>
> several things are wrong in your setup:
> [...]
>
> 2) There is syntax error in your ipsec.secrets:
>
> 192.168.141.10 192.168.141.20: PSK "Faxe Kondi Er Gudedrik"
> [...]
>
> The ':' separator must be surrounded by whitespace and rightid/leftid
> must be used:
>
> superman batman : PSK "Faxe Kondi Er Gudedrik"
>
If she does not declare leftid/rightid, then can she can leave it as IP addresses only?
> Regards
>
> Andreas
>
> On 22.06.2012 14:40, Kristian.Lippert at tieto.com wrote:
>> Hi
>>
>> I’m trying to create a setup with IKEv2 and PSK (preshared keys) using
>> two ubuntu 12.04 both running strongswan 4.5.2 using IKEv2 running under
>> a VMware player running on top of a Windows 7 machine.
>>
>> I have created a new network card on both machines and assigned two new
>> IPv4 network addresses on both, one for the public network and one for
>> the private network.
>>
>>
>>
>> The network plan looks like:
>>
>>
>>
>> Host A:
>>
>> Public: eth1: “192.168.141.10”
>>
>> Private: eth1: “0 10.0.10.10”
>>
>>
>>
>> Host B:
>>
>> Public: eth1: “192.168.141.20”
>>
>> Private: eth1:0: “10.0.20.20”
>>
>>
>>
>> I would like to ping 10.0.20.20 from host A tunneling it through IPsec!
>>
>>
>>
>> When I start the charon daemon (running ipsec start) on both machines I
>> never get a Security Association (SA). In the beginning the (for less
>> than a minute or so) I can see some negotiation goes on, but it all ends
>> up with no SA.
>>
>>
>>
>> The temporary negotiation looks like:
>>
>>
>>
>> kristian at ubuntu:~/ipsec$ sudo ipsec statusall
>>
>> Status of IKEv2 charon daemon (strongSwan 4.5.2):
>>
>> uptime: 55 minutes, since Jun 22 02:40:41 2012
>>
>> malloc: sbrk 278528, mmap 0, used 139584, free 138944
>>
>> worker threads: 7 idle of 16, job queue load: 0, scheduled events: 1
>>
>> loaded plugins: test-vectors curl ldap aes des sha1 sha2 md5 random
>> x509 revocation constraints pubkey pkcs1 pgp pem openssl fips-prf gmp
>> agent pkcs11 xcbc hmac ctr ccm gcm attr kernel-netlink resolve
>> socket-raw farp stroke updown eap-identity eap-aka eap-md5 eap-gtc
>> eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc dhcp led addrblock
>>
>> Listening IP addresses:
>>
>> 192.168.140.135
>>
>> 192.168.141.10
>>
>> 10.0.10.10
>>
>> Connections:
>>
>> IKEv2-PSK-hostA-hostB: 192.168.141.10...192.168.141.20
>>
>> IKEv2-PSK-hostA-hostB: local: [superman] uses pre-shared key
>> authentication
>>
>> IKEv2-PSK-hostA-hostB: remote: [%any] uses any authentication
>>
>> IKEv2-PSK-hostA-hostB: child: 10.0.10.0/24 === 10.0.20.0/24
>>
>> Security Associations:
>>
>> (unnamed)[4]: CONNECTING, 192.168.141.10[%any]...192.168.141.20[%any]
>>
>> (unnamed)[4]: IKE SPIs: 38ecec06d56379ba_i 83cb53b0abaae4f2_r*
>>
>> (unnamed)[4]: IKE proposal:
>> AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
>>
>> (unnamed)[4]: Tasks passive: IKE_CERT_PRE IKE_AUTHENTICATE
>> IKE_CERT_POST IKE_CONFIG CHILD_CREATE IKE_AUTH_LIFETIME IKE_MOBIKE
>>
>>
>>
>> But ends up with
>>
>> …
>>
>> Security Associations:
>>
>> None
>>
>>
>>
>> What am I doing wrong?
>>
>>
>>
>> Best Regards,
>>
>> Kristian
>>
>>
>>
>>
>>
>> The strongswan.conf files have not been modified after installation.
>>
>>
>>
>> The ipsec.secrets are similar on both machines and looks like:
>>
>> 192.168.141.10 192.168.141.20: PSK "Faxe Kondi Er Gudedrik"
>>
>>
>>
>> The ipsec.conf on host A looks like:
>>
>> # ipsec.conf - strongSwan IPsec configuration file
>>
>> # basic configuration
>>
>>
>>
>> config setup
>>
>> charondebug="dmn 4, ike 4, knl 4, cfg 4, mgr 4, chd 4, net 4"
>>
>> charonstart=yes
>>
>> plutostart=no
>>
>>
>>
>> # Add connections here.
>>
>>
>>
>> conn IKEv2-PSK-hostA-hostB
>>
>> ikelifetime=180m
>>
>> lifetime=60m
>>
>> rekeymargin=3m
>>
>> keyingtries=1
>>
>> keyexchange=ikev2
>>
>> left=192.168.141.10
>>
>> leftid=superman
>>
>> right=192.168.141.20
>>
>> rightid=%any
>>
>> leftsubnet=10.0.10.0/24
>>
>> rightsubnet=10.0.20.0/24
>>
>> auto=start
>>
>> authby=psk
>>
>> mobike=no
>>
>>
>>
>> include /var/lib/strongswan/ipsec.conf.inc
>>
>>
>>
>> The ipsec.conf on host B looks like:
>>
>> # ipsec.conf - strongSwan IPsec configuration file
>>
>>
>>
>> # basic configuration
>>
>>
>>
>> config setup
>>
>> charondebug="dmn 4, ike 4, knl 4, cfg 4, mgr 4, chd 4, net 4"
>>
>> charonstart=yes
>>
>> plutostart=no
>>
>>
>>
>> # Add connections here.
>>
>>
>>
>> conn IKEv2-PSK-hostA-hostB
>>
>> ikelifetime=180m
>>
>> lifetime=60m
>>
>> rekeymargin=3m
>>
>> keyingtries=1
>>
>> keyexchange=ikev2
>>
>> left=192.168.141.20
>>
>> leftid=superman
>>
>> right=192.168.141.10
>>
>> rightid=%any
>>
>> leftsubnet=10.0.20.0/24
>>
>> rightsubnet=10.0.10.0/24
>>
>> auto=start
>>
>> authby=psk
>>
>> mobike=no
>>
>>
>>
>> include /var/lib/strongswan/ipsec.conf.inc
>>
>>
>>
>> The syslog on host A (already started) looks like:
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] received IPv4 packet => 860 bytes
>> @ 0xb118c9b0
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 0: 45 00 03 5C 00 00 40 00 40
>> 11 9C 21 C0 A8 8D 14 E..\.. at .@..!....
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 16: C0 A8 8D 0A 01 F4 01 F4 03
>> 48 97 CE BA 79 63 D5 .........H...yc.
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 32: 06 EC EC 38 00 00 00 00 00
>> 00 00 00 21 20 22 08 ...8........! ".
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 48: 00 00 00 00 00 00 03 40 22
>> 00 01 C0 02 00 00 2C .......@"......,
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 64: 01 01 00 04 03 00 00 0C 01
>> 00 00 0C 80 0E 00 80 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 80: 03 00 00 08 03 00 00 02 03
>> 00 00 08 02 00 00 02 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 96: 00 00 00 08 04 00 00 0E 02
>> 00 00 28 02 01 00 04 ...........(....
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 112: 03 00 00 08 01 00 00 03 03
>> 00 00 08 03 00 00 02 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 128: 03 00 00 08 02 00 00 02 00
>> 00 00 08 04 00 00 05 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 144: 00 00 01 68 03 01 00 26 03
>> 00 00 0C 01 00 00 0C ...h...&........
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 160: 80 0E 00 80 03 00 00 0C 01
>> 00 00 0C 80 0E 00 C0 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 176: 03 00 00 0C 01 00 00 0C 80
>> 0E 01 00 03 00 00 08 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 192: 01 00 00 03 03 00 00 0C 01
>> 00 00 17 80 0E 00 80 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 208: 03 00 00 0C 01 00 00 17 80
>> 0E 00 C0 03 00 00 0C ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 224: 01 00 00 17 80 0E 01 00 03
>> 00 00 0C 01 00 00 0D ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 240: 80 0E 00 80 03 00 00 0C 01
>> 00 00 0D 80 0E 00 C0 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 256: 03 00 00 0C 01 00 00 0D 80
>> 0E 01 00 03 00 00 0C ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 272: 01 00 00 18 80 0E 00 80 03
>> 00 00 0C 01 00 00 18 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 288: 80 0E 00 C0 03 00 00 0C 01
>> 00 00 18 80 0E 01 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 304: 03 00 00 08 03 00 00 05 03
>> 00 00 08 03 00 00 02 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 320: 03 00 00 08 03 00 00 0C 03
>> 00 00 08 03 00 00 01 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 336: 03 00 00 08 03 00 00 0D 03
>> 00 00 08 03 00 00 0E ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 352: 03 00 00 08 02 00 00 04 03
>> 00 00 08 02 00 00 02 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 368: 03 00 00 08 02 00 00 05 03
>> 00 00 08 02 00 00 01 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 384: 03 00 00 08 02 00 00 06 03
>> 00 00 08 02 00 00 07 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 400: 03 00 00 08 04 00 00 0E 03
>> 00 00 08 04 00 00 17 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 416: 03 00 00 08 04 00 00 18 03
>> 00 00 08 04 00 00 05 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 432: 03 00 00 08 04 00 00 13 03
>> 00 00 08 04 00 00 14 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 448: 03 00 00 08 04 00 00 15 03
>> 00 00 08 04 00 00 1A ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 464: 03 00 00 08 04 00 00 19 03
>> 00 00 08 04 00 00 10 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 480: 03 00 00 08 04 00 00 12 03
>> 00 00 08 04 00 00 02 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 496: 00 00 00 08 04 00 00 16 28
>> 00 01 08 00 0E 00 00 ........(.......
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 512: A4 6E 08 EE 55 BC 90 EB 34
>> 3D 08 C5 A6 1E 03 CB .n..U...4=......
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 528: CC FF 30 F8 21 96 40 D6 EE
>> BE A4 80 BF 7C 5A 25 ..0.!. at ......|Z%
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 544: 97 20 0D E2 A4 2E A2 A4 5A
>> 78 0A EB A9 0B 7C 92 . ......Zx....|.
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 560: 07 B1 A6 30 98 2B 7A C7 60
>> 55 C9 89 D0 F7 CC 1D ...0.+z.`U......
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 576: E4 78 47 ED D6 30 0A 2A 6F
>> 93 40 DD 71 0A 10 9A .xG..0.*o. at .q...
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 592: 70 D9 DA 3C 50 CE 02 67 51
>> 07 64 7A 48 10 B7 4B p..<P..gQ.dzH..K
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 608: 77 B6 BD 4D D6 40 04 A1 12
>> 3D 0F 5E DD DA 13 FF w..M. at ...=.^....
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 624: 66 7C AD 79 EA AC 8B 46 A3
>> 9F 26 09 8D C9 2B D9 f|.y...F..&...+.
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 640: 0D BB 5D B4 67 D7 12 26 36
>> 16 54 33 49 0B 46 E6 ..].g..&6.T3I.F.
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 656: 3E DA 69 0C C7 A3 93 48 0F
>> 01 86 C9 A0 B4 83 54 >.i....H.......T
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 672: 16 73 D6 C7 87 3F F7 7B 1F
>> 8F A4 DB FE AD F9 93 .s...?.{........
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 688: 5A A8 BC DD 67 97 CA F9 BB
>> 3D C7 E7 03 D2 62 EC Z...g....=....b.
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 704: E7 E4 86 1A F8 EC 6F 87 CB
>> 84 86 BF 0D AC 5A 28 ......o.......Z(
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 720: 21 DA CB 99 78 C9 91 1B A2
>> 95 FA 30 E7 DC 90 B6 !...x......0....
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 736: 57 3C B7 F3 8E 78 60 76 F7
>> 4B AF 63 47 22 E4 AF W<...x`v.K.cG"..
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 752: 25 31 56 A7 36 B4 D3 2D 49
>> CC B5 A2 57 67 0F 09 %1V.6..-I...Wg..
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 768: 29 00 00 24 D1 31 81 7F ED
>> 9F 8A 63 7E 69 2D 1E )..$.1.....c~i-.
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 784: 73 0E D1 55 E8 8A E1 6E E8
>> 11 D6 D2 24 9E 4D AB s..U...n....$.M.
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 800: 5F 52 A1 FE 29 00 00 1C 00
>> 00 40 04 58 BA 87 41 _R..)..... at .X..A
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 816: 4E 47 1D 6C DE D0 04 CB 88
>> 3D F8 07 19 42 8F 39 NG.l.....=...B.9
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 832: 00 00 00 1C 00 00 40 05 48
>> C8 A5 42 A2 0D B4 43 ...... at .H..B...C
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] 848: 71 40 0A F4 FD E7 C9 97 9A
>> 88 CF 8A q at ..........
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] received packet: from
>> 192.168.141.20[500] to 192.168.141.10[500]
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] waiting for data on raw sockets
>>
>> Jun 22 05:10:45 ubuntu charon: 13[MGR] checkout IKE_SA by message
>>
>> Jun 22 05:10:45 ubuntu charon: 13[MGR] created IKE_SA (unnamed)[4]
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] received packet: from
>> 192.168.141.20[500] to 192.168.141.10[500]
>>
>> Jun 22 05:10:45 ubuntu charon: 13[ENC] parsed IKE_SA_INIT request 0 [ SA
>> KE No N(NATD_S_IP) N(NATD_D_IP) ]
>>
>> Jun 22 05:10:45 ubuntu charon: 13[CFG] looking for an ike config for
>> 192.168.141.10...192.168.141.20
>>
>> Jun 22 05:10:45 ubuntu charon: 13[CFG] candidate:
>> 192.168.141.10...192.168.141.20, prio 12
>>
>> Jun 22 05:10:45 ubuntu charon: 13[CFG] found matching ike config:
>> 192.168.141.10...192.168.141.20 with prio 12
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 192.168.141.20 is initiating an
>> IKE_SA
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] IKE_SA (unnamed)[4] state change:
>> CREATED => CONNECTING
>>
>> Jun 22 05:10:45 ubuntu charon: 13[CFG] selecting proposal:
>>
>> Jun 22 05:10:45 ubuntu charon: 13[CFG] proposal matches
>>
>> Jun 22 05:10:45 ubuntu charon: 13[CFG] received proposals:
>> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
>> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
>> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/AES_XCBC_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160
>>
>> Jun 22 05:10:45 ubuntu charon: 13[CFG] configured proposals:
>> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
>> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
>> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/AES_XCBC_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160
>>
>> Jun 22 05:10:45 ubuntu charon: 13[CFG] selected proposal:
>> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_chunk => 22 bytes @ 0xb8116888
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: BA 79 63 D5 06 EC EC 38 00
>> 00 00 00 00 00 00 00 .yc....8........
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: C0 A8 8D 0A 01
>> F4 ......
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_hash => 20 bytes @ 0xb811c638
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 48 C8 A5 42 A2 0D B4 43 71
>> 40 0A F4 FD E7 C9 97 H..B...Cq at ......
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 9A 88 CF
>> 8A ....
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_chunk => 22 bytes @ 0xb8116888
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: BA 79 63 D5 06 EC EC 38 00
>> 00 00 00 00 00 00 00 .yc....8........
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: C0 A8 8D 14 01
>> F4 ......
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_hash => 20 bytes @ 0xb8117150
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 58 BA 87 41 4E 47 1D 6C DE
>> D0 04 CB 88 3D F8 07 X..ANG.l.....=..
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 19 42 8F
>> 39 .B.9
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] precalculated src_hash => 20
>> bytes @ 0xb8117150
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 58 BA 87 41 4E 47 1D 6C DE
>> D0 04 CB 88 3D F8 07 X..ANG.l.....=..
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 19 42 8F
>> 39 .B.9
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] precalculated dst_hash => 20
>> bytes @ 0xb811c638
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 48 C8 A5 42 A2 0D B4 43 71
>> 40 0A F4 FD E7 C9 97 H..B...Cq at ......
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 9A 88 CF 8A
>> ....
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] received src_hash => 20 bytes @
>> 0xb811c128
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 58 BA 87 41 4E 47 1D 6C DE
>> D0 04 CB 88 3D F8 07 X..ANG.l.....=..
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 19 42 8F
>> 39 .B.9
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] received dst_hash => 20 bytes @
>> 0xb811c140
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 48 C8 A5 42 A2 0D B4 43 71
>> 40 0A F4 FD E7 C9 97 H..B...Cq at ......
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 9A 88 CF
>> 8A ....
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] shared Diffie Hellman secret =>
>> 256 bytes @ 0xb8117738
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 05 F5 3E AA FA 80 74 3F E2
>> 20 D8 9A 99 8E B2 28 ..>...t?. .....(
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: B0 DE 40 13 76 93 75 11 CD
>> C1 D8 01 80 9E 5E BB .. at .v.u.......^.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 32: 7A 36 E3 C6 43 BE C6 AB 89
>> B4 EA FC C2 75 F8 5D z6..C........u.]
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 48: 08 B1 A4 37 2E 1B DB 8B C6
>> 87 2B BB 9F 3E D7 44 ...7......+..>.D
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 64: 4E A6 A3 D3 39 FB C3 2D 4D
>> 80 81 69 56 9B 97 7D N...9..-M..iV..}
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 80: CF 18 46 8F 93 40 56 C4 40
>> A7 70 D4 05 61 81 C0 ..F.. at V.@.p..a..
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 96: 48 2E E0 9E CD 58 9A 19 C9
>> 33 B8 17 38 D3 83 D1 H....X...3..8...
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 112: 61 07 52 99 48 78 7F D4 C7
>> C3 C1 CE 0C F2 0E 39 a.R.Hx.........9
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 128: 57 F8 29 D6 2A 5A C2 09 F6
>> C7 2D 99 D8 78 E7 76 W.).*Z....-..x.v
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 144: BA E5 B1 ED 1B 15 39 AB 59
>> EA E0 A5 C9 DB 59 C8 ......9.Y.....Y.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 160: 46 F2 DD 65 27 6A 25 79 4F
>> A4 34 5E E4 FE 31 E9 F..e'j%yO.4^..1.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 176: 70 76 9E 40 A5 E9 64 BA E4
>> B6 0A 21 74 1E 6C 74 pv. at ..d....!t.lt
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 192: 1F 3D A5 8F DD 7D FA E2 43
>> 11 7C CD 64 C5 A8 1C .=...}..C.|.d...
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 208: 21 52 8E 3F 56 ED F7 2A 7B
>> 2C CA FB D4 9D 4A D5 !R.?V..*{,....J.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 224: FC 65 05 39 C5 1F FF 17 1C
>> C1 77 09 F3 A7 79 9E .e.9......w...y.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 240: C9 06 56 B4 24 C9 99 30 C1
>> AB 6D FB C9 A6 4A 3A ..V.$..0..m...J:
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] SKEYSEED => 20 bytes @ 0xb811d1c8
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 0E EA A7 44 7D 0C FF 8C 8D
>> F8 A9 71 A1 7F EE 2D ...D}......q...-
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: E1 97 96
>> FE ....
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_d secret => 20 bytes @ 0xb811d1c8
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 9E 18 5D 6F E1 BF 96 BE 65
>> DA A7 1B A9 E0 98 46 ..]o....e......F
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 2F BE 1B BA
>> /...
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_ai secret => 20 bytes @ 0xb8117150
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: C3 63 62 D1 1D 17 5A 5D 74
>> 2D EE 32 7F 69 9E B9 .cb...Z]t-.2.i..
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 01 37 30
>> 9C .70.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_ar secret => 20 bytes @ 0xb8117150
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 37 82 4D A3 FF 70 7B 55 9F
>> 66 5E 34 D2 E9 36 53 7.M..p{U.f^4..6S
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 35 E2 2F
>> B0 5./.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_ei secret => 16 bytes @ 0xb8117150
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: E1 05 B0 D2 5E 4E 2E DC CF
>> 38 4C 02 83 30 63 24 ....^N...8L..0c$
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_er secret => 16 bytes @ 0xb8117150
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 83 F8 E9 C7 00 C0 AC 39 8E
>> A6 D7 34 72 A2 68 01 .......9...4r.h.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_pi secret => 20 bytes @ 0xb8117150
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 2E B4 EE CD EC 6E 28 4D FE
>> BB 17 E2 BD 7F 67 8C .....n(M......g.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: C8 A2 D0
>> DF ....
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] Sk_pr secret => 20 bytes @ 0xb8117820
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 2F 09 0A 63 4C 97 34 44 35
>> DE 44 A0 69 C2 90 01 /..cL.4D5.D.i...
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 93 1A 9E
>> BD ....
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_chunk => 22 bytes @ 0xb8118518
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: BA 79 63 D5 06 EC EC 38 F2
>> E4 AA AB B0 53 CB 83 .yc....8.....S..
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: C0 A8 8D 0A 01
>> F4 ......
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_hash => 20 bytes @ 0xb811d2e8
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: 4A 5A 0E EF 69 BC 90 A1 88
>> 83 8F D2 7A 44 DC D3 JZ..i.......zD..
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: 1E 14 5C
>> 27 ..\'
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_chunk => 22 bytes @ 0xb8118518
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: BA 79 63 D5 06 EC EC 38 F2
>> E4 AA AB B0 53 CB 83 .yc....8.....S..
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: C0 A8 8D 14 01
>> F4 ......
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] natd_hash => 20 bytes @ 0xb811d2e8
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 0: E1 EB DC D1 5D 4B 61 E3 3A
>> 32 A9 54 1E CA B5 C4 ....]Ka.:2.T....
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] 16: A6 AD F5
>> 28 ...(
>>
>> Jun 22 05:10:45 ubuntu charon: 13[IKE] sending cert request for "C=DK,
>> ST=Aarhus, L=Aarhus, O=Tieto, OU=RD, CN=tieto.com, E=superman"
>>
>> Jun 22 05:10:45 ubuntu charon: 13[ENC] generating IKE_SA_INIT response 0
>> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] sending packet: from
>> 192.168.141.10[500] to 192.168.141.20[500]
>>
>> Jun 22 05:10:45 ubuntu charon: 11[NET] sending packet: from
>> 192.168.141.10[500] to 192.168.141.20[500]
>>
>> Jun 22 05:10:45 ubuntu charon: 13[MGR] checkin IKE_SA (unnamed)[4]
>>
>> Jun 22 05:10:45 ubuntu charon: 13[MGR] check-in of IKE_SA successful.
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] stroke message => 352 bytes @
>> 0xb6199100
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 0: 60 01 83 BF 09 00 00 00 01
>> 00 00 00 00 00 00 00 `...............
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 16: 00 00 00 00 01 00 00 00 00
>> 00 00 00 90 DE 83 BF ................
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 32: 00 00 00 00 00 00 00 00 E4
>> FF FF FF 44 EA 83 BF ............D...
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 48: E0 35 7B B7 C0 DE 83 BF 1E
>> 77 7B B7 00 00 00 00 .5{......w{.....
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 64: 00 00 00 00 01 00 00 00 1C
>> 77 7B B7 00 00 00 00 .........w{.....
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 80: A0 DE 83 BF 80 1A 5C B7 00
>> 00 00 00 1C 00 00 00 ......\.........
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 96: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 112: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 128: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 144: 78 B5 5E B7 E8 E6 83 BF F4
>> 8F 7F B7 78 B5 5E B7 x.^.........x.^.
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 160: B7 E8 7D B7 68 A1 5C B7 00
>> 00 00 00 E8 00 00 00 ..}.h.\.........
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 176: 12 08 00 00 03 00 00 00 00
>> 60 00 00 C0 B2 5E B7 .........`....^.
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 192: B7 E8 7D B7 44 F0 5C B7 00
>> 00 00 00 34 00 00 00 ..}.D.\.....4...
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 208: C0 D7 7E B7 03 00 00 00 00
>> 20 00 00 E8 E8 83 BF ..~...... ......
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 224: 40 EE 7D B7 00 00 00 00 00
>> 70 00 00 D0 6D 00 00 @.}......p...m..
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 240: D0 6D 00 00 00 00 00 00 05
>> 00 00 00 00 70 00 00 .m...........p..
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 256: 00 90 00 00 68 81 00 00 50
>> 82 00 00 00 60 00 00 ....h...P....`..
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 272: 03 00 00 00 F4 8F 7F B7 78
>> B5 5E B7 18 99 7F B7 ........x.^.....
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 288: E3 D8 7E B7 08 00 00 00 1F
>> 00 00 00 00 20 00 00 ..~.......... ..
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 304: 03 00 00 00 F4 8F 7F B7 C6
>> D8 7E B7 F4 8F 7F B7 ..........~.....
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 320: 80 30 7E B7 F0 B7 5E B7 58
>> B5 5E B7 1F 00 00 00 .0~...^.X.^.....
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 336: 03 00 00 00 F4 8F 7F B7 C6
>> D8 7E B7 2F B7 5E B7 ..........~./.^.
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] proposing traffic selectors for us:
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 10.0.10.0/24 (derived from
>> 10.0.10.0/24)
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] proposing traffic selectors for
>> other:
>>
>> Jun 22 05:10:51 ubuntu charon: 02[CFG] 10.0.20.0/24 (derived from
>> 10.0.20.0/24)
>>
>> Jun 22 05:11:15 ubuntu charon: 03[MGR] checkout IKE_SA
>>
>> Jun 22 05:11:15 ubuntu charon: 03[MGR] IKE_SA (unnamed)[4] successfully
>> checked out
>>
>> Jun 22 05:11:15 ubuntu charon: 03[JOB] deleting half open IKE_SA after
>> timeout
>>
>> Jun 22 05:11:15 ubuntu charon: 03[MGR] checkin and destroy IKE_SA
>> (unnamed)[4]
>>
>> Jun 22 05:11:15 ubuntu charon: 03[IKE] IKE_SA (unnamed)[4] state change:
>> CONNECTING => DESTROYING
>>
>> Jun 22 05:11:15 ubuntu charon: 03[MGR] check-in and destroy of IKE_SA
>> successful
>>
>>
>>
>>
>>
>>
>>
>> The syslog from host B (being started looks like):
>>
>>
>>
>>
>>
>>
>>
>> Jun 22 05:10:45 ubuntu charon: 00[DMN] Starting IKEv2 charon daemon
>> (strongSwan 4.5.2)
>>
>> Jun 22 05:10:45 ubuntu charon: 00[LIB] Padlock not found, CPU is
>> GenuineIntel
>>
>> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'padlock': failed to load
>> - padlock_plugin_create returned NULL
>>
>> Jun 22 05:10:45 ubuntu charon: 00[KNL] listening on interfaces:
>>
>> Jun 22 05:10:45 ubuntu charon: 00[KNL] eth0
>>
>> Jun 22 05:10:45 ubuntu charon: 00[KNL] 192.168.140.136
>>
>> Jun 22 05:10:45 ubuntu charon: 00[KNL] fe80::20c:29ff:fee8:4767
>>
>> Jun 22 05:10:45 ubuntu charon: 00[KNL] eth1
>>
>> Jun 22 05:10:45 ubuntu charon: 00[KNL] 192.168.141.20
>>
>> Jun 22 05:10:45 ubuntu charon: 00[KNL] 10.0.20.20
>>
>> Jun 22 05:10:45 ubuntu charon: 00[KNL] fe80::20c:29ff:fee8:4771
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading ca certificates from
>> '/etc/ipsec.d/cacerts'
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] loaded ca certificate "C=DK,
>> ST=Aarhus, L=Aarhus, O=Tieto, OU=RD, CN=tieto.com, E=superman" from
>> '/etc/ipsec.d/cacerts/strongswanCert.pem'
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading aa certificates from
>> '/etc/ipsec.d/aacerts'
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading ocsp signer certificates
>> from '/etc/ipsec.d/ocspcerts'
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading attribute certificates
>> from '/etc/ipsec.d/acerts'
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] loading secrets from
>> '/etc/ipsec.secrets'
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] line 13: missing ' : ' separator
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] sql plugin: database URI not set
>>
>> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'sql': failed to load -
>> sql_plugin_create returned NULL
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] loaded 0 RADIUS server configurations
>>
>> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'medsrv' failed to load:
>> /usr/lib/ipsec/plugins/libstrongswan-medsrv.so: cannot open shared
>> object file: No such file or directory
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] mediation client database URI not
>> defined, skipped
>>
>> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'medcli': failed to load -
>> medcli_plugin_create returned NULL
>>
>> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'nm' failed to load:
>> /usr/lib/ipsec/plugins/libstrongswan-nm.so: cannot open shared object
>> file: No such file or directory
>>
>> Jun 22 05:10:45 ubuntu charon: 00[CFG] HA config misses local/remote address
>>
>> Jun 22 05:10:45 ubuntu charon: 00[LIB] plugin 'ha': failed to load -
>> ha_plugin_create returned NULL
>>
>> Jun 22 05:10:45 ubuntu charon: 00[DMN] loaded plugins: test-vectors curl
>> ldap aes des sha1 sha2 md5 random x509 revocation constraints pubkey
>> pkcs1 pgp pem openssl fips-prf gmp agent pkcs11 xcbc hmac ctr ccm gcm
>> attr kernel-netlink resolve socket-raw farp stroke updown eap-identity
>> eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc
>> dhcp led addrblock
>>
>> Jun 22 05:10:45 ubuntu charon: 00[JOB] spawning 16 worker threads
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] waiting for data on raw sockets
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] stroke message => 524 bytes @
>> 0xb2182050
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 0: 0C 02 00 00 03 00 00 00 FF
>> FF FF FF 60 01 00 00 ............`...
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 16: 01 00 00 00 02 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 32: 00 00 00 00 00 00 00 00 02
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 48: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 64: 01 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 80: 01 00 00 00 76 01 00 00 9E
>> 01 00 00 01 00 00 00 ....v...........
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 96: 10 0E 00 00 30 2A 00 00 B4
>> 00 00 00 00 00 00 00 ....0*..........
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 112: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 128: 00 00 00 00 00 00 00 00 00
>> 00 00 00 01 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 144: 64 00 00 00 1E 00 00 00 00
>> 00 00 00 00 00 00 00 d...............
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 160: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 176: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 192: B4 01 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 208: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 224: 00 00 00 00 00 00 00 00 CF
>> 01 00 00 F4 01 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 240: 00 00 00 00 00 00 00 00 DE
>> 01 00 00 01 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 256: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 272: 00 00 00 00 EB 01 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 288: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 304: 00 00 00 00 00 00 00 00 00
>> 00 00 00 F0 01 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 320: F4 01 00 00 00 00 00 00 00
>> 00 00 00 FF 01 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 336: 01 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 352: 49 4B 45 76 32 2D 50 53 4B
>> 2D 68 6F 73 74 41 2D IKEv2-PSK-hostA-
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 368: 68 6F 73 74 42 00 61 65 73
>> 31 32 38 2D 73 68 61 hostB.aes128-sha
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 384: 31 2D 6D 6F 64 70 32 30 34
>> 38 2C 33 64 65 73 2D 1-modp2048,3des-
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 400: 73 68 61 31 2D 6D 6F 64 70
>> 31 35 33 36 00 61 65 sha1-modp1536.ae
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 416: 73 31 32 38 2D 73 68 61 31
>> 2C 33 64 65 73 2D 73 s128-sha1,3des-s
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 432: 68 61 31 00 6B 72 69 73 74
>> 69 61 6E 2E 6C 69 70 ha1.kristian.lip
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 448: 70 65 72 74 40 74 69 65 74
>> 6F 2E 63 6F 6D 00 31 pert at tieto.com.1
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 464: 39 32 2E 31 36 38 2E 31 34
>> 31 2E 32 30 00 31 30 92.168.141.20.10
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 480: 2E 30 2E 32 30 2E 30 2F 32
>> 34 00 25 61 6E 79 00 .0.20.0/24.%any.
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 496: 31 39 32 2E 31 36 38 2E 31
>> 34 31 2E 31 30 00 31 192.168.141.10.1
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] 512: 30 2E 30 2E 31 30 2E 30 2F
>> 32 34 00 0.0.10.0/24.
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] received stroke: add connection
>> 'IKEv2-PSK-hostA-hostB'
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] conn IKEv2-PSK-hostA-hostB
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] left=192.168.141.20
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftsubnet=10.0.20.0/24
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftsourceip=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftauth=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftauth2=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftid=superman
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftid2=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftcert=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftcert2=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftca=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftca2=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftgroups=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] leftupdown=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] right=192.168.141.10
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightsubnet=10.0.10.0/24
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightsourceip=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightauth=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightauth2=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightid=%any
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightid2=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightcert=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightcert2=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightca=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightca2=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightgroups=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] rightupdown=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] eap_identity=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] aaa_identity=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG]
>> ike=aes128-sha1-modp2048,3des-sha1-modp1536
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] esp=aes128-sha1,3des-sha1
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] mediation=no
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] mediated_by=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] me_peerid=(null)
>>
>> Jun 22 05:10:45 ubuntu charon: 10[KNL] getting interface name for
>> 192.168.141.10
>>
>> Jun 22 05:10:45 ubuntu charon: 10[KNL] 192.168.141.10 is not a local address
>>
>> Jun 22 05:10:45 ubuntu charon: 10[KNL] getting interface name for
>> 192.168.141.20
>>
>> Jun 22 05:10:45 ubuntu charon: 10[KNL] 192.168.141.20 is on interface eth1
>>
>> Jun 22 05:10:45 ubuntu charon: 10[CFG] added configuration
>> 'IKEv2-PSK-hostA-hostB'
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] stroke message => 374 bytes @
>> 0xb017e0e0
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 0: 76 01 00 00 00 00 00 00 FF
>> FF FF FF 60 01 00 00 v...........`...
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 16: 01 00 00 00 02 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 32: 00 00 00 00 00 00 00 00 02
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 48: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 64: 01 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 80: 01 00 00 00 76 01 00 00 9E
>> 01 00 00 01 00 00 00 ....v...........
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 96: 10 0E 00 00 30 2A 00 00 B4
>> 00 00 00 00 00 00 00 ....0*..........
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 112: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 128: 00 00 00 00 00 00 00 00 00
>> 00 00 00 01 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 144: 64 00 00 00 1E 00 00 00 00
>> 00 00 00 00 00 00 00 d...............
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 160: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 176: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 192: B4 01 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 208: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 224: 00 00 00 00 00 00 00 00 CF
>> 01 00 00 F4 01 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 240: 00 00 00 00 00 00 00 00 DE
>> 01 00 00 01 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 256: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 272: 00 00 00 00 EB 01 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 288: 00 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 304: 00 00 00 00 00 00 00 00 00
>> 00 00 00 F0 01 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 320: F4 01 00 00 00 00 00 00 00
>> 00 00 00 FF 01 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 336: 01 00 00 00 00 00 00 00 00
>> 00 00 00 00 00 00 00 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 352: 49 4B 45 76 32 2D 50 53 4B
>> 2D 68 6F 73 74 41 2D IKEv2-PSK-hostA-
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] 368: 68 6F 73 74 42
>> 00 hostB.
>>
>> Jun 22 05:10:45 ubuntu charon: 14[CFG] received stroke: initiate
>> 'IKEv2-PSK-hostA-hostB'
>>
>> Jun 22 05:10:45 ubuntu charon: 14[MGR] checkout IKE_SA by config
>>
>> Jun 22 05:10:45 ubuntu charon: 14[MGR] created IKE_SA (unnamed)[1]
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_VENDOR task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_INIT task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_NATD task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_CERT_PRE task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_AUTHENTICATE task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_CERT_POST task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_CONFIG task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_AUTH_LIFETIME task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing IKE_ME task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] queueing CHILD_CREATE task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating new tasks
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_VENDOR task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_INIT task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_NATD task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_CERT_PRE task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_ME task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_AUTHENTICATE task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_CERT_POST task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_CONFIG task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating CHILD_CREATE task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] activating IKE_AUTH_LIFETIME task
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] initiating IKE_SA
>> IKEv2-PSK-hostA-hostB[1] to 192.168.141.10
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] IKE_SA IKEv2-PSK-hostA-hostB[1]
>> state change: CREATED => CONNECTING
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] natd_chunk => 22 bytes @ 0xb7819d70
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] 0: BA 79 63 D5 06 EC EC 38 00
>> 00 00 00 00 00 00 00 .yc....8........
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] 16: C0 A8 8D 0A 01
>> F4 ......
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] natd_hash => 20 bytes @ 0xb78195d8
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] 0: 48 C8 A5 42 A2 0D B4 43 71
>> 40 0A F4 FD E7 C9 97 H..B...Cq at ......
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] 16: 9A 88 CF
>> 8A ....
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] natd_chunk => 22 bytes @ 0xb7819d70
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] 0: BA 79 63 D5 06 EC EC 38 00
>> 00 00 00 00 00 00 00 .yc....8........
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] 16: C0 A8 8D 14 01
>> F4 ......
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] natd_hash => 20 bytes @ 0xb78195d8
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] 0: 58 BA 87 41 4E 47 1D 6C DE
>> D0 04 CB 88 3D F8 07 X..ANG.l.....=..
>>
>> Jun 22 05:10:45 ubuntu charon: 14[IKE] 16: 19 42 8F
>> 39 .B.9
>>
>> Jun 22 05:10:45 ubuntu charon: 14[ENC] generating IKE_SA_INIT request 0
>> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
>>
>> Jun 22 05:10:45 ubuntu charon: 14[NET] sending packet: from
>> 192.168.141.20[500] to 192.168.141.10[500]
>>
>> Jun 22 05:10:45 ubuntu charon: 12[NET] sending packet: from
>> 192.168.141.20[500] to 192.168.141.10[500]
>>
>> Jun 22 05:10:45 ubuntu charon: 14[MGR] checkin IKE_SA
>> IKEv2-PSK-hostA-hostB[1]
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] received IPv4 packet => 493 bytes
>> @ 0xb097c9b0
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 0: 45 00 01 ED 00 00 40 00 40
>> 11 9D 90 C0 A8 8D 0A E..... at .@.......
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 16: C0 A8 8D 14 01 F4 01 F4 01
>> D9 74 BF BA 79 63 D5 ..........t..yc.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 32: 06 EC EC 38 F2 E4 AA AB B0
>> 53 CB 83 21 20 22 20 ...8.....S..! "
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 48: 00 00 00 00 00 00 01 D1 22
>> 00 00 30 00 00 00 2C ........"..0...,
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 64: 01 01 00 04 03 00 00 0C 01
>> 00 00 0C 80 0E 00 80 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 80: 03 00 00 08 03 00 00 02 03
>> 00 00 08 02 00 00 02 ................
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 96: 00 00 00 08 04 00 00 0E 28
>> 00 01 08 00 0E 00 00 ........(.......
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 112: C0 FF E5 3C 3B 57 A5 E1 DB
>> 5D 5A A9 B5 61 B8 D4 ...<;W...]Z..a..
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 128: 6E 5D 32 D9 AF E4 CB 6A 1A
>> EF B9 EC 05 11 38 C5 n]2....j......8.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 144: 30 7B 35 E9 D2 11 70 81 14
>> 99 9E E7 19 A9 AF 5E 0{5...p........^
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 160: 09 30 39 42 02 33 53 70 98
>> B8 DF 72 D0 94 F4 D2 .09B.3Sp...r....
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 176: C8 92 11 A1 E1 77 E0 2D CF
>> BE A5 A7 B3 D2 22 B0 .....w.-......".
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 192: 19 85 93 EC 37 53 6E E2 26
>> E5 29 2F F6 BD 49 02 ....7Sn.&.)/..I.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 208: 0F C5 53 95 B4 C9 49 E4 64
>> DE 0B 40 76 3B E6 93 ..S...I.d.. at v;..
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 224: C3 94 7E 5B E8 45 05 28 33
>> 03 6F B4 6F BE D5 DF ..~[.E.(3.o.o...
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 240: F7 4A 46 8B A0 13 0F D6 AC
>> EC 7D 72 78 D8 83 CE .JF.......}rx...
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 256: F1 01 12 C8 B4 32 0D 1E A6
>> 71 0B 8C 1D FF B1 7B .....2...q.....{
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 272: 8B B2 22 24 A0 24 82 2C F9
>> EC 0B 36 27 65 2E 4D .."$.$.,...6'e.M
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 288: A8 85 F7 BA 1A BE 30 E8 6D
>> A0 47 F4 C6 DD 55 75 ......0.m.G...Uu
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 304: 84 E3 8E 1B 90 5B 50 28 6B
>> 79 4D 40 BF 13 4C E2 .....[P(kyM at ..L.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 320: E9 DB 39 D6 4B 0B 34 7C EB
>> 1D 85 DE 5E C7 7A 26 ..9.K.4|....^.z&
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 336: 8C 9C EF A3 5B 81 3D 37 47
>> E6 A7 7B 73 2B 30 A5 ....[.=7G..{s+0.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 352: 53 30 E3 35 DB 39 CB 93 8E
>> 43 14 53 7E 19 AE BA S0.5.9...C.S~...
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 368: 29 00 00 24 E1 7D 3B 25 A2
>> 27 6E 65 5C ED 3D FD )..$.};%.'ne\.=.
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 384: 27 91 F9 D2 AD F5 F0 A2 58
>> 99 0D 56 10 C8 FB 7A '.......X..V...z
>>
>> Jun 22 05:10:45 ubuntu charon: 13[NET] 400: 0D 7F AE D1 29 00 00 1C 00
>> 00 40 04 4A 5A 0E EF ....)..... at .JZ..
>>
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
>
> --
> ======================================================================
> Andreas Steffen andreas.steffen at strongswan.org
> strongSwan - the Linux VPN Solution! www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list