[strongSwan] Strongswan OpenVPN client

Gia T. Nguyen gia.nguyen at metronome-software.com
Mon Jan 7 23:02:09 CET 2013


Samsung Nexus III Android client.

I've included the host IP as the SubjectAltName in the certificates and have
seemed to get over that error, but I am still not able to connect:

Error:  Failure to connect to VPN, Authentication Failed.

Any hint on where to look next would be appreciated.
Regards,

I/charon  (17492): 00[DMN] loaded plugins: androidbridge charon android-log
openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac
socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc
I/charon  (17492): 00[JOB] spawning 16 worker threads
I/charon  (17492): 16[CFG] loaded user certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key
I/charon  (17492): 16[CFG] loaded CA certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com'
I/charon  (17492): 16[IKE] initiating IKE_SA android[1] to 192.168.24.18
I/charon  (17492): 16[ENC] generating IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) ]
I/charon  (17492): 16[NET] sending packet: from 192.168.24.11[58445] to
192.168.24.18[500]
I/charon  (17492): 01[NET] received packet: from 192.168.24.18[500] to
192.168.24.11[58445]
I/charon  (17492): 01[ENC] parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
I/charon  (17492): 01[IKE] faking NAT situation to enforce UDP encapsulation
I/charon  (17492): 01[IKE] received cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 01[IKE] sending cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 01[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature
successful
I/charon  (17492): 01[IKE] sending end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11"
I/charon  (17492): 01[IKE] establishing CHILD_SA android
I/charon  (17492): 01[ENC] generating IKE_AUTH request 1 [ IDi CERT
N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
I/charon  (17492): 01[NET] sending packet: from 192.168.24.11[37948] to
192.168.24.18[4500]
I/charon  (17492): 05[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[37948]
I/charon  (17492): 05[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH
N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ]
I/charon  (17492): 05[IKE] received end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 05[CFG]   using certificate "C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 05[CFG]   using trusted ca certificate "C=US,
ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 05[CFG]   reached self-signed root ca with a path length
of 0
I/charon  (17492): 05[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful
I/charon  (17492): 05[IKE] IKE_SA android[1] established between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 05[IKE] scheduling rekeying in 35599s
I/charon  (17492): 05[IKE] maximum IKE_SA lifetime 36199s
I/charon  (17492): 05[IKE] received INTERNAL_ADDRESS_FAILURE notify, no
CHILD_SA built
I/charon  (17492): 05[IKE] closing IKE_SA due CHILD_SA setup failure
I/charon  (17492): 05[IKE] received AUTH_LIFETIME of 3346s, scheduling
reauthentication in 2746s
I/charon  (17492): 05[IKE] peer supports MOBIKE
I/charon  (17492): 02[IKE] deleting IKE_SA android[1] between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 02[IKE] sending DELETE for IKE_SA android[1]
I/charon  (17492): 02[ENC] generating INFORMATIONAL request 2 [ D ]
I/charon  (17492): 02[NET] sending packet: from 192.168.24.11[37948] to
192.168.24.18[4500]
I/charon  (17492): 06[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[37948]
I/charon  (17492): 06[ENC] parsed INFORMATIONAL response 2 [ ]
I/charon  (17492): 06[IKE] IKE_SA deleted
I/charon  (17492): 00[LIB] intentionally leaking private key reference due
to a bug in the framework
I/charon  (17492): 00[DMN] loaded plugins: androidbridge charon android-log
openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac
socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc
I/charon  (17492): 00[JOB] spawning 16 worker threads
I/charon  (17492): 07[CFG] loaded user certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key
I/charon  (17492): 07[CFG] loaded CA certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com'
I/charon  (17492): 07[IKE] initiating IKE_SA android[2] to 192.168.24.18
I/charon  (17492): 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) ]
I/charon  (17492): 07[NET] sending packet: from 192.168.24.11[49017] to
192.168.24.18[500]
I/charon  (17492): 01[NET] received packet: from 192.168.24.18[500] to
192.168.24.11[49017]
I/charon  (17492): 01[ENC] parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
I/charon  (17492): 01[IKE] faking NAT situation to enforce UDP encapsulation
I/charon  (17492): 01[IKE] received cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 01[IKE] sending cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 01[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature
successful
I/charon  (17492): 01[IKE] sending end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11"
I/charon  (17492): 01[IKE] establishing CHILD_SA android
I/charon  (17492): 01[ENC] generating IKE_AUTH request 1 [ IDi CERT
N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
I/charon  (17492): 01[NET] sending packet: from 192.168.24.11[54864] to
192.168.24.18[4500]
I/charon  (17492): 04[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[54864]
I/charon  (17492): 04[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH
N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ]
I/charon  (17492): 04[IKE] received end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 04[CFG]   using certificate "C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 04[CFG]   using trusted ca certificate "C=US,
ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 04[CFG]   reached self-signed root ca with a path length
of 0
I/charon  (17492): 04[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful
I/charon  (17492): 04[IKE] IKE_SA android[2] established between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 04[IKE] scheduling rekeying in 35530s
I/charon  (17492): 04[IKE] maximum IKE_SA lifetime 36130s
I/charon  (17492): 04[IKE] received INTERNAL_ADDRESS_FAILURE notify, no
CHILD_SA built
I/charon  (17492): 04[IKE] closing IKE_SA due CHILD_SA setup failure
I/charon  (17492): 04[IKE] received AUTH_LIFETIME of 3259s, scheduling
reauthentication in 2659s
I/charon  (17492): 04[IKE] peer supports MOBIKE
I/charon  (17492): 05[IKE] deleting IKE_SA android[2] between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 05[IKE] sending DELETE for IKE_SA android[2]
I/charon  (17492): 05[ENC] generating INFORMATIONAL request 2 [ D ]
I/charon  (17492): 05[NET] sending packet: from 192.168.24.11[54864] to
192.168.24.18[4500]
I/charon  (17492): 14[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[54864]
I/charon  (17492): 14[ENC] parsed INFORMATIONAL response 2 [ ]
I/charon  (17492): 14[IKE] IKE_SA deleted
I/charon  (17492): 00[LIB] intentionally leaking private key reference due
to a bug in the framework
I/charon  (17492): 00[DMN] loaded plugins: androidbridge charon android-log
openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac
socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc
I/charon  (17492): 00[JOB] spawning 16 worker threads
I/charon  (17492): 07[CFG] loaded user certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key
I/charon  (17492): 07[CFG] loaded CA certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com'
I/charon  (17492): 07[IKE] initiating IKE_SA android[3] to 192.168.24.18
I/charon  (17492): 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) ]
I/charon  (17492): 07[NET] sending packet: from 192.168.24.11[57516] to
192.168.24.18[500]
I/charon  (17492): 03[IKE] retransmit 1 of request with message ID 0
I/charon  (17492): 03[NET] sending packet: from 192.168.24.11[57516] to
192.168.24.18[500]
I/charon  (17492): 14[IKE] retransmit 2 of request with message ID 0
I/charon  (17492): 14[NET] sending packet: from 192.168.24.11[57516] to
192.168.24.18[500]
I/charon  (17492): 01[NET] received packet: from 192.168.24.18[500] to
192.168.24.11[57516]
I/charon  (17492): 01[ENC] parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
I/charon  (17492): 01[IKE] faking NAT situation to enforce UDP encapsulation
I/charon  (17492): 01[IKE] received cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 01[IKE] sending cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 01[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature
successful
I/charon  (17492): 01[IKE] sending end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11"
I/charon  (17492): 01[IKE] establishing CHILD_SA android
I/charon  (17492): 01[ENC] generating IKE_AUTH request 1 [ IDi CERT
N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
I/charon  (17492): 01[NET] sending packet: from 192.168.24.11[54831] to
192.168.24.18[4500]
I/charon  (17492): 15[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[54831]
I/charon  (17492): 15[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH
N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ]
I/charon  (17492): 15[IKE] received end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 15[CFG]   using certificate "C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 15[CFG]   using trusted ca certificate "C=US,
ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 15[CFG]   reached self-signed root ca with a path length
of 0
I/charon  (17492): 15[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful
I/charon  (17492): 15[IKE] IKE_SA android[3] established between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 15[IKE] scheduling rekeying in 35465s
I/charon  (17492): 15[IKE] maximum IKE_SA lifetime 36065s
I/charon  (17492): 15[IKE] received INTERNAL_ADDRESS_FAILURE notify, no
CHILD_SA built
I/charon  (17492): 15[IKE] closing IKE_SA due CHILD_SA setup failure
I/charon  (17492): 15[IKE] received AUTH_LIFETIME of 3394s, scheduling
reauthentication in 2794s
I/charon  (17492): 15[IKE] peer supports MOBIKE
I/charon  (17492): 02[IKE] deleting IKE_SA android[3] between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 02[IKE] sending DELETE for IKE_SA android[3]
I/charon  (17492): 02[ENC] generating INFORMATIONAL request 2 [ D ]
I/charon  (17492): 02[NET] sending packet: from 192.168.24.11[54831] to
192.168.24.18[4500]
I/charon  (17492): 13[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[54831]
I/charon  (17492): 13[ENC] parsed INFORMATIONAL response 2 [ ]
I/charon  (17492): 13[IKE] IKE_SA deleted
I/charon  (17492): 00[LIB] intentionally leaking private key reference due
to a bug in the framework
I/charon  (17492): 00[DMN] loaded plugins: androidbridge charon android-log
openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac
socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc
I/charon  (17492): 00[JOB] spawning 16 worker threads
I/charon  (17492): 15[CFG] loaded user certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key
I/charon  (17492): 15[CFG] loaded CA certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com'
I/charon  (17492): 15[IKE] initiating IKE_SA android[4] to 192.168.24.18
I/charon  (17492): 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) ]
I/charon  (17492): 15[NET] sending packet: from 192.168.24.11[55665] to
192.168.24.18[500]
I/charon  (17492): 02[NET] received packet: from 192.168.24.18[500] to
192.168.24.11[55665]
I/charon  (17492): 02[ENC] parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
I/charon  (17492): 02[IKE] faking NAT situation to enforce UDP encapsulation
I/charon  (17492): 02[IKE] received cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 02[IKE] sending cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 02[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature
successful
I/charon  (17492): 02[IKE] sending end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11"
I/charon  (17492): 02[IKE] establishing CHILD_SA android
I/charon  (17492): 02[ENC] generating IKE_AUTH request 1 [ IDi CERT
N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
I/charon  (17492): 02[NET] sending packet: from 192.168.24.11[49192] to
192.168.24.18[4500]
I/charon  (17492): 03[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[49192]
I/charon  (17492): 03[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH
N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ]
I/charon  (17492): 03[IKE] received end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 03[CFG]   using certificate "C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 03[CFG]   using trusted ca certificate "C=US,
ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 03[CFG]   reached self-signed root ca with a path length
of 0
I/charon  (17492): 03[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful
I/charon  (17492): 03[IKE] IKE_SA android[4] established between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 03[IKE] scheduling rekeying in 35830s
I/charon  (17492): 03[IKE] maximum IKE_SA lifetime 36430s
I/charon  (17492): 03[IKE] received INTERNAL_ADDRESS_FAILURE notify, no
CHILD_SA built
I/charon  (17492): 03[IKE] closing IKE_SA due CHILD_SA setup failure
I/charon  (17492): 03[IKE] received AUTH_LIFETIME of 3410s, scheduling
reauthentication in 2810s
I/charon  (17492): 03[IKE] peer supports MOBIKE
I/charon  (17492): 10[IKE] deleting IKE_SA android[4] between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 10[IKE] sending DELETE for IKE_SA android[4]
I/charon  (17492): 10[ENC] generating INFORMATIONAL request 2 [ D ]
I/charon  (17492): 10[NET] sending packet: from 192.168.24.11[49192] to
192.168.24.18[4500]
I/charon  (17492): 07[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[49192]
I/charon  (17492): 07[ENC] parsed INFORMATIONAL response 2 [ ]
I/charon  (17492): 07[IKE] IKE_SA deleted
I/charon  (17492): 00[LIB] intentionally leaking private key reference due
to a bug in the framework
I/charon  (17492): 00[DMN] loaded plugins: androidbridge charon android-log
openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac
socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc
I/charon  (17492): 00[JOB] spawning 16 worker threads
I/charon  (17492): 06[CFG] loaded user certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key
I/charon  (17492): 06[CFG] loaded CA certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com'
I/charon  (17492): 06[IKE] initiating IKE_SA android[5] to 192.168.24.18
I/charon  (17492): 06[ENC] generating IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) ]
I/charon  (17492): 06[NET] sending packet: from 192.168.24.11[35807] to
192.168.24.18[500]
I/charon  (17492): 09[NET] received packet: from 192.168.24.18[500] to
192.168.24.11[35807]
I/charon  (17492): 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
I/charon  (17492): 09[IKE] faking NAT situation to enforce UDP encapsulation
I/charon  (17492): 09[IKE] sending cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 09[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature
successful
I/charon  (17492): 09[IKE] establishing CHILD_SA android
I/charon  (17492): 09[ENC] generating IKE_AUTH request 1 [ IDi
N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
I/charon  (17492): 09[NET] sending packet: from 192.168.24.11[53700] to
192.168.24.18[4500]
I/charon  (17492): 14[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[53700]
I/charon  (17492): 14[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
I/charon  (17492): 14[IKE] received AUTHENTICATION_FAILED notify error
I/charon  (17492): 00[LIB] intentionally leaking private key reference due
to a bug in the framework
I/charon  (17492): 00[DMN] loaded plugins: androidbridge charon android-log
openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac
socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc
I/charon  (17492): 00[JOB] spawning 16 worker threads
I/charon  (17492): 15[CFG] loaded user certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key
I/charon  (17492): 15[CFG] loaded CA certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com'
I/charon  (17492): 15[IKE] initiating IKE_SA android[6] to 192.168.24.18
I/charon  (17492): 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) ]
I/charon  (17492): 15[NET] sending packet: from 192.168.24.11[48308] to
192.168.24.18[500]
I/charon  (17492): 06[NET] received packet: from 192.168.24.18[500] to
192.168.24.11[48308]
I/charon  (17492): 06[ENC] parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
I/charon  (17492): 06[IKE] faking NAT situation to enforce UDP encapsulation
I/charon  (17492): 06[IKE] sending cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 06[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature
successful
I/charon  (17492): 06[IKE] establishing CHILD_SA android
I/charon  (17492): 06[ENC] generating IKE_AUTH request 1 [ IDi
N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
I/charon  (17492): 06[NET] sending packet: from 192.168.24.11[47129] to
192.168.24.18[4500]
I/charon  (17492): 07[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[47129]
I/charon  (17492): 07[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
I/charon  (17492): 07[IKE] received AUTHENTICATION_FAILED notify error
I/charon  (17492): 00[LIB] intentionally leaking private key reference due
to a bug in the framework
I/charon  (17492): 00[DMN] loaded plugins: androidbridge charon android-log
openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac
socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc
I/charon  (17492): 00[JOB] spawning 16 worker threads
I/charon  (17492): 14[CFG] loaded user certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key
I/charon  (17492): 14[CFG] loaded CA certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com'
I/charon  (17492): 14[IKE] initiating IKE_SA android[7] to 192.168.24.18
I/charon  (17492): 14[ENC] generating IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) ]
I/charon  (17492): 14[NET] sending packet: from 192.168.24.11[45478] to
192.168.24.18[500]
I/charon  (17492): 12[NET] received packet: from 192.168.24.18[500] to
192.168.24.11[45478]
I/charon  (17492): 12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
I/charon  (17492): 12[IKE] faking NAT situation to enforce UDP encapsulation
I/charon  (17492): 12[IKE] received cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 12[IKE] sending cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 12[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature
successful
I/charon  (17492): 12[IKE] sending end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11"
I/charon  (17492): 12[IKE] establishing CHILD_SA android
I/charon  (17492): 12[ENC] generating IKE_AUTH request 1 [ IDi CERT
N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
I/charon  (17492): 12[NET] sending packet: from 192.168.24.11[47752] to
192.168.24.18[4500]
I/charon  (17492): 04[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[47752]
I/charon  (17492): 04[ENC] parsed IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT)
N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ]
I/charon  (17492): 04[IKE] no trusted RSA public key found for 'C=US,
ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=192.168.24.18'
I/charon  (17492): 00[LIB] intentionally leaking private key reference due
to a bug in the framework
I/charon  (17492): 00[DMN] loaded plugins: androidbridge charon android-log
openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac
socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc
I/charon  (17492): 00[JOB] spawning 16 worker threads
I/charon  (17492): 13[CFG] loaded user certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key
I/charon  (17492): 13[CFG] loaded CA certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com'
I/charon  (17492): 13[IKE] initiating IKE_SA android[8] to 192.168.24.18
I/charon  (17492): 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) ]
I/charon  (17492): 13[NET] sending packet: from 192.168.24.11[48026] to
192.168.24.18[500]
I/charon  (17492): 08[NET] received packet: from 192.168.24.18[500] to
192.168.24.11[48026]
I/charon  (17492): 08[ENC] parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
I/charon  (17492): 08[IKE] faking NAT situation to enforce UDP encapsulation
I/charon  (17492): 08[IKE] received cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 08[IKE] sending cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 08[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature
successful
I/charon  (17492): 08[IKE] sending end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11"
I/charon  (17492): 08[IKE] establishing CHILD_SA android
I/charon  (17492): 08[ENC] generating IKE_AUTH request 1 [ IDi CERT
N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
I/charon  (17492): 08[NET] sending packet: from 192.168.24.11[44651] to
192.168.24.18[4500]
I/charon  (17492): 07[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[44651]
I/charon  (17492): 07[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH
N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ]
I/charon  (17492): 07[IKE] received end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 07[CFG]   using certificate "C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 07[CFG]   using trusted ca certificate "C=US,
ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 07[CFG]   reached self-signed root ca with a path length
of 0
I/charon  (17492): 07[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful
I/charon  (17492): 07[IKE] IKE_SA android[8] established between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 07[IKE] scheduling rekeying in 35896s
I/charon  (17492): 07[IKE] maximum IKE_SA lifetime 36496s
I/charon  (17492): 07[IKE] received INTERNAL_ADDRESS_FAILURE notify, no
CHILD_SA built
I/charon  (17492): 07[IKE] closing IKE_SA due CHILD_SA setup failure
I/charon  (17492): 07[IKE] received AUTH_LIFETIME of 2779s, scheduling
reauthentication in 2179s
I/charon  (17492): 07[IKE] peer supports MOBIKE
I/charon  (17492): 05[IKE] deleting IKE_SA android[8] between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 05[IKE] sending DELETE for IKE_SA android[8]
I/charon  (17492): 05[ENC] generating INFORMATIONAL request 2 [ D ]
I/charon  (17492): 05[NET] sending packet: from 192.168.24.11[44651] to
192.168.24.18[4500]
I/charon  (17492): 04[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[44651]
I/charon  (17492): 04[ENC] parsed INFORMATIONAL response 2 [ ]
I/charon  (17492): 04[IKE] IKE_SA deleted
I/charon  (17492): 00[LIB] intentionally leaking private key reference due
to a bug in the framework
I/charon  (17492): 00[DMN] loaded plugins: androidbridge charon android-log
openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac
socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc
I/charon  (17492): 00[JOB] spawning 16 worker threads
I/charon  (17492): 15[CFG] loaded user certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key
I/charon  (17492): 15[CFG] loaded CA certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com'
I/charon  (17492): 15[IKE] initiating IKE_SA android[9] to 192.168.24.18
I/charon  (17492): 15[ENC] generating IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) ]
I/charon  (17492): 15[NET] sending packet: from 192.168.24.11[36984] to
192.168.24.18[500]
I/charon  (17492): 08[NET] received packet: from 192.168.24.18[500] to
192.168.24.11[36984]
I/charon  (17492): 08[ENC] parsed IKE_SA_INIT response 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
I/charon  (17492): 08[IKE] faking NAT situation to enforce UDP encapsulation
I/charon  (17492): 08[IKE] received cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 08[IKE] sending cert request for "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 08[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature
successful
I/charon  (17492): 08[IKE] sending end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11"
I/charon  (17492): 08[IKE] establishing CHILD_SA android
I/charon  (17492): 08[ENC] generating IKE_AUTH request 1 [ IDi CERT
N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP)
N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
I/charon  (17492): 08[NET] sending packet: from 192.168.24.11[40920] to
192.168.24.18[4500]
I/charon  (17492): 11[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[40920]
I/charon  (17492): 11[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH
N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ]
I/charon  (17492): 11[IKE] received end entity cert "C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 11[CFG]   using certificate "C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 11[CFG]   using trusted ca certificate "C=US,
ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 11[CFG]   reached self-signed root ca with a path length
of 0
I/charon  (17492): 11[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON,
O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful
I/charon  (17492): 11[IKE] IKE_SA android[9] established between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 11[IKE] scheduling rekeying in 35644s
I/charon  (17492): 11[IKE] maximum IKE_SA lifetime 36244s
I/charon  (17492): 11[IKE] received INTERNAL_ADDRESS_FAILURE notify, no
CHILD_SA built
I/charon  (17492): 11[IKE] closing IKE_SA due CHILD_SA setup failure
I/charon  (17492): 11[IKE] received AUTH_LIFETIME of 2933s, scheduling
reauthentication in 2333s
I/charon  (17492): 11[IKE] peer supports MOBIKE
I/charon  (17492): 14[IKE] deleting IKE_SA android[9] between
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC,
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome
Software LLC, CN=192.168.24.18]
I/charon  (17492): 14[IKE] sending DELETE for IKE_SA android[9]
I/charon  (17492): 14[ENC] generating INFORMATIONAL request 2 [ D ]
I/charon  (17492): 14[NET] sending packet: from 192.168.24.11[40920] to
192.168.24.18[4500]
I/charon  (17492): 05[NET] received packet: from 192.168.24.18[4500] to
192.168.24.11[40920]
I/charon  (17492): 05[ENC] parsed INFORMATIONAL response 2 [ ]
I/charon  (17492): 05[IKE] IKE_SA deleted
I/charon  (17492): 00[LIB] intentionally leaking private key reference due
to a bug in the framework
I/charon  (17492): 00[DMN] loaded plugins: androidbridge charon android-log
openssl fips-prf random nonce pubkey pkcs1 pkcs8 pem xcbc hmac
socket-default eap-identity eap-mschapv2 eap-md5 eap-gtc
I/charon  (17492): 00[JOB] spawning 16 worker threads
I/charon  (17492): 13[CFG] loaded user certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11' and private key
I/charon  (17492): 13[CFG] loaded CA certificate 'C=US, ST=VIRGINIA,
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com'
I/charon  (17492): 13[IKE] initiating IKE_SA android[10] to 192.168.24.18
I/charon  (17492): 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) ]
I/charon  (17492): 13[NET] sending packet: from 192.168.24.11[53254] to
192.168.24.18[500]
I/charon  (17492): 16[NET] received packet: from 192.168.24.18[500] to 
192.168.24.11[53254]
I/charon  (17492): 16[ENC] parsed IKE_SA_INIT response 0 [ SA KE No 
N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
I/charon  (17492): 16[IKE] faking NAT situation to enforce UDP encapsulation
I/charon  (17492): 16[IKE] received cert request for "C=US, ST=VIRGINIA, 
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 16[IKE] sending cert request for "C=US, ST=VIRGINIA, 
L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 16[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, 
O=Metronome Software LLC, CN=192.168.24.11' (myself) with RSA signature 
successful
I/charon  (17492): 16[IKE] sending end entity cert "C=US, ST=VIRGINIA, 
L=RESTON, O=Metronome Software LLC, CN=192.168.24.11"
I/charon  (17492): 16[IKE] establishing CHILD_SA android
I/charon  (17492): 16[ENC] generating IKE_AUTH request 1 [ IDi CERT 
N(INIT_CONTACT) CERTREQ AUTH CP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) 
N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
I/charon  (17492): 16[NET] sending packet: from 192.168.24.11[55504] to 
192.168.24.18[4500]
I/charon  (17492): 03[NET] received packet: from 192.168.24.18[4500] to 
192.168.24.11[55504]
I/charon  (17492): 03[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH 
N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(INT_ADDR_FAIL) ]
I/charon  (17492): 03[IKE] received end entity cert "C=US, ST=VIRGINIA, 
L=RESTON, O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 03[CFG]   using certificate "C=US, ST=VIRGINIA, L=RESTON, 
O=Metronome Software LLC, CN=192.168.24.18"
I/charon  (17492): 03[CFG]   using trusted ca certificate "C=US, 
ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, CN=mns-lan.com"
I/charon  (17492): 03[CFG]   reached self-signed root ca with a path length 
of 0
I/charon  (17492): 03[IKE] authentication of 'C=US, ST=VIRGINIA, L=RESTON, 
O=Metronome Software LLC, CN=192.168.24.18' with RSA signature successful
I/charon  (17492): 03[IKE] IKE_SA android[10] established between 
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, 
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome 
Software LLC, CN=192.168.24.18]
I/charon  (17492): 03[IKE] scheduling rekeying in 35778s
I/charon  (17492): 03[IKE] maximum IKE_SA lifetime 36378s
I/charon  (17492): 03[IKE] received INTERNAL_ADDRESS_FAILURE notify, no 
CHILD_SA built
I/charon  (17492): 03[IKE] closing IKE_SA due CHILD_SA setup failure
I/charon  (17492): 03[IKE] received AUTH_LIFETIME of 2881s, scheduling 
reauthentication in 2281s
I/charon  (17492): 03[IKE] peer supports MOBIKE
I/charon  (17492): 02[IKE] deleting IKE_SA android[10] between 
192.168.24.11[C=US, ST=VIRGINIA, L=RESTON, O=Metronome Software LLC, 
CN=192.168.24.11]...192.168.24.18[C=US, ST=VIRGINIA, L=RESTON, O=Metronome 
Software LLC, CN=192.168.24.18]
I/charon  (17492): 02[IKE] sending DELETE for IKE_SA android[10]
I/charon  (17492): 02[ENC] generating INFORMATIONAL request 2 [ D ]
I/charon  (17492): 02[NET] sending packet: from 192.168.24.11[55504] to 
192.168.24.18[4500]
I/charon  (17492): 01[NET] received packet: from 192.168.24.18[4500] to 
192.168.24.11[55504]
I/charon  (17492): 01[ENC] parsed INFORMATIONAL response 2 [ ]
I/charon  (17492): 01[IKE] IKE_SA deleted
I/charon  (17492): 00[LIB] intentionally leaking private key reference due 
to a bug in the framework



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130107/ee4ddf4b/attachment.html>


More information about the Users mailing list