[strongSwan] ANNOUNCE: strongswan-5.0.2rc1 released

Andre Valentin avalentin at marcant.net
Mon Jan 21 11:42:05 CET 2013


Hi,

I cannot establish an VPN. I tested it with an Galaxy S3 and get an 
timeout on the client. Here's the log:

Jan 21 11:38:29 rossini charon: 13[NET] received packet: from 217.255.60.212[500] to X.X.X.69[500] (476 bytes)
Jan 21 11:38:29 rossini charon: 13[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Jan 21 11:38:29 rossini charon: 13[IKE] received NAT-T (RFC 3947) vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received XAuth vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received Cisco Unity vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received FRAGMENTATION vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] received DPD vendor ID
Jan 21 11:38:29 rossini charon: 13[IKE] 217.255.60.212 is initiating a Main Mode IKE_SA
Jan 21 11:38:29 rossini charon: 13[ENC] generating ID_PROT response 0 [ SA V V V V ]
Jan 21 11:38:29 rossini charon: 13[NET] sending packet: from X.X.X.69[500] to 217.255.60.212[500] (160 bytes)
Jan 21 11:38:29 rossini charon: 09[NET] received packet: from 217.255.60.212[500] to X.X.X.69[500] (228 bytes)
Jan 21 11:38:29 rossini charon: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Jan 21 11:38:29 rossini charon: 09[IKE] remote host is behind NAT
Jan 21 11:38:29 rossini charon: 09[IKE] sending cert request for "C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=MarcanT GmbH CA, E=noc at marcant.net"
Jan 21 11:38:29 rossini charon: 09[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]
Jan 21 11:38:29 rossini charon: 09[NET] sending packet: from X.X.X.69[500] to 217.255.60.212[500] (380 bytes)
Jan 21 11:38:29 rossini charon: 10[NET] received packet: from 217.255.60.212[4500] to X.X.X.69[4500] (1916 bytes)
Jan 21 11:38:29 rossini charon: 10[ENC] parsed ID_PROT request 0 [ ID CERT SIG CERTREQ ]
Jan 21 11:38:29 rossini charon: 10[IKE] ignoring certificate request without data
Jan 21 11:38:29 rossini charon: 10[IKE] received end entity cert "C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=avalentin, E=noc at marcant.net"
Jan 21 11:38:29 rossini charon: 10[CFG] looking for XAuthInitRSA peer configs matching X.X.X.69...217.255.60.212[C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=avalentin, E=noc at marcant.net]
Jan 21 11:38:29 rossini charon: 10[CFG] selected peer config "rw-cert"
Jan 21 11:38:29 rossini charon: 10[CFG]   using certificate "C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=avalentin, E=noc at marcant.net"
Jan 21 11:38:29 rossini charon: 10[CFG]   using trusted ca certificate "C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=MarcanT GmbH CA, E=noc at marcant.net"
Jan 21 11:38:29 rossini charon: 10[CFG] checking certificate status of "C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=avalentin, E=noc at marcant.net"
Jan 21 11:38:29 rossini charon: 10[CFG] certificate status is not available
Jan 21 11:38:29 rossini charon: 10[CFG]   reached self-signed root ca with a path length of 0
Jan 21 11:38:29 rossini charon: 10[IKE] authentication of 'C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=avalentin, E=noc at marcant.net' with RSA successful
Jan 21 11:38:29 rossini charon: 10[IKE] authentication of 'C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=rossini.marcant.net, E=noc at marcant.net' (myself) successful
Jan 21 11:38:29 rossini charon: 10[IKE] sending end entity cert "C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=rossini.marcant.net, E=noc at marcant.net"
Jan 21 11:38:29 rossini charon: 10[ENC] generating ID_PROT response 0 [ ID CERT SIG ]
Jan 21 11:38:29 rossini charon: 10[IKE] sending IKE message with length of 1948 bytes in 4 fragments
Jan 21 11:38:29 rossini charon: 10[ENC] generating ID_PROT response 0 [ FRAG ]
Jan 21 11:38:29 rossini charon: 10[NET] sending packet: from X.X.X.69[4500] to 217.255.60.212[4500] (544 bytes)
Jan 21 11:38:29 rossini charon: 10[ENC] generating ID_PROT response 0 [ FRAG ]
Jan 21 11:38:29 rossini charon: 10[NET] sending packet: from X.X.X.69[4500] to 217.255.60.212[4500] (544 bytes)
Jan 21 11:38:29 rossini charon: 10[ENC] generating ID_PROT response 0 [ FRAG ]
Jan 21 11:38:29 rossini charon: 10[NET] sending packet: from X.X.X.69[4500] to 217.255.60.212[4500] (544 bytes)
Jan 21 11:38:29 rossini charon: 10[ENC] generating ID_PROT response 0 [ FRAG ]
Jan 21 11:38:29 rossini charon: 10[NET] sending packet: from X.X.X.69[4500] to 217.255.60.212[4500] (460 bytes)
Jan 21 11:38:29 rossini charon: 10[ENC] generating TRANSACTION request 3335900084 [ HASH CP ]
Jan 21 11:38:29 rossini charon: 10[NET] sending packet: from X.X.X.69[4500] to 217.255.60.212[4500] (76 bytes)
Jan 21 11:38:29 rossini charon: 08[NET] received packet: from 217.255.60.212[4500] to X.X.X.69[4500] (108 bytes)
Jan 21 11:38:29 rossini charon: 08[ENC] parsed INFORMATIONAL_V1 request 3860382840 [ HASH N(INITIAL_CONTACT) ]
Jan 21 11:38:29 rossini charon: 11[NET] received packet: from 217.255.60.212[4500] to X.X.X.69[4500] (108 bytes)
Jan 21 11:38:29 rossini charon: 11[ENC] parsed TRANSACTION response 3335900084 [ HASH CP ]
Jan 21 11:38:29 rossini charon: 11[CFG] sending RADIUS Access-Request to server 'primary'
Jan 21 11:38:29 rossini charon: 11[CFG] received RADIUS Access-Challenge from server 'primary'
Jan 21 11:38:29 rossini charon: 11[CFG] sending RADIUS Access-Request to server 'primary'
Jan 21 11:38:29 rossini charon: 11[CFG] received RADIUS Access-Challenge from server 'primary'
Jan 21 11:38:29 rossini charon: 11[IKE] EAP-MS-CHAPv2 succeeded: '(null)'
Jan 21 11:38:29 rossini charon: 11[CFG] sending RADIUS Access-Request to server 'primary'
Jan 21 11:38:29 rossini charon: 11[CFG] received RADIUS Access-Accept from server 'primary'
Jan 21 11:38:29 rossini charon: 11[IKE] RADIUS authentication of 'avalentin' successful
Jan 21 11:38:29 rossini charon: 11[IKE] XAuth authentication of 'avalentin' successful
Jan 21 11:38:29 rossini charon: 11[ENC] generating TRANSACTION request 1011896396 [ HASH CP ]
Jan 21 11:38:29 rossini charon: 11[NET] sending packet: from X.X.X.69[4500] to 217.255.60.212[4500] (76 bytes)
Jan 21 11:38:29 rossini charon: 12[NET] received packet: from 217.255.60.212[4500] to X.X.X.69[4500] (92 bytes)
Jan 21 11:38:29 rossini charon: 12[ENC] parsed TRANSACTION response 1011896396 [ HASH CP ]
Jan 21 11:38:29 rossini charon: 12[IKE] IKE_SA rw-cert[21] established between X.X.X.69[C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=rossini.marcant.net, E=noc at marcant.net]...217.255.60.212[C=DE, ST=NRW, L=Bielefeld, O=MarcanT GmbH, CN=avalentin, E=noc at marcant.net]
Jan 21 11:38:29 rossini charon: 12[IKE] scheduling reauthentication in 3292s
Jan 21 11:38:29 rossini charon: 12[IKE] maximum IKE_SA lifetime 3472s
Jan 21 11:38:29 rossini charon: 15[NET] received packet: from 217.255.60.212[4500] to X.X.X.69[4500] (124 bytes)
Jan 21 11:38:29 rossini charon: 15[ENC] parsed TRANSACTION request 2246836868 [ HASH CP ]
Jan 21 11:38:29 rossini charon: 15[IKE] peer requested virtual IP %any
Jan 21 11:38:29 rossini charon: 15[CFG] acquired existing lease for address 192.168.101.3 in pool 'vpnclients'
Jan 21 11:38:29 rossini charon: 15[IKE] assigning virtual IP 192.168.101.3 to peer 'avalentin'
Jan 21 11:38:29 rossini charon: 15[CFG] sending UNITY_SPLIT_INCLUDE: 0.0.0.0/0
Jan 21 11:38:29 rossini charon: 15[CFG] sending RADIUS Accounting-Request to server 'primary'
Jan 21 11:38:29 rossini charon: 15[CFG] received RADIUS Accounting-Response from server 'primary'
Jan 21 11:38:29 rossini charon: 15[ENC] generating TRANSACTION response 2246836868 [ HASH CP ]
Jan 21 11:38:29 rossini charon: 15[NET] sending packet: from X.X.X.69[4500] to 217.255.60.212[4500] (172 bytes)
.. Nothing happens ..

Any idea ?

Kind regards,

André




More information about the Users mailing list