[strongSwan] dns problem when using the dhcp plugin
Hasse Hagen Johansen
hasse-strongswan at hagenjohansen.dk
Mon Dec 8 21:21:19 CET 2014
Hi Noel
Sorry for slow answer, but here is the logfiles. I don't see anything
about charon assigning dns to the client. So there doesn't seem to be
much difference between the logfiles other than the DHCP request/offer
(and charon working as middleman)
But still. When using a static ip in the rightsourceip parameter the
client(android) is resolving my mailserver with the internal ip as it
should(because I set that up with the attr plugin), but when using
rightsourceip=%dhcp the settings for dns with attr plugin seems to be
ignored and then the client doesn't even get the dns assigned which the
dhcp says it should use(and then my mailserver resolves to the external
ip which cannot be accessed)
Best Regards
Hasse
Den 04/12/14 kl. 22:13 skrev Noel Kuntze:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello Hasse,
>
> Please post a logfile created with the settings shown below. The logfile should contain anything from when you start the daemon
> to when you stop the daemon after you tested it.
> Please use a filelogger. The necessary configuration steps are described at [1].
>
> Settings:
> default = 3
> mgr = 1
> ike = 1
> net = 1
> enc = 0
> cfg = 2
> asn = 1
> job = 1
> knl = 1
>
>
> [1] https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
>
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 04.12.2014 um 21:40 schrieb Hasse Hagen Johansen:
>> Hi
>>
>> I have setup a connection definition as from the sample for windows7
>>
>> I am using this for connecting my android phone with the strongswan client and sometimes a windows 7 client.
>>
>> For a long time I have had the rightsourceip set to a static ip-address on my local lan and used the attr plugin to set the DNS server to the local dns server on the strongswan endpoint. Which have worked fine (I am using split-horizon dns. So I have names which resolves to localnet addresses when using the local dns server and external addresses when using dns servers on the internet)
>>
>> Now I would like to use the dhcp plugin which I also got somewhat working. I am getting an address from the dhcp on the vpn client. The problem is that it seems the strongswan client on android is not setting the right dns (or is not getting the right dns from the strongswan server). I still the configuration with the attr config enabled & and I have also checked on my computer that I get the right DNS via DHCP. But my phone doesn't get the right DNS server when using the dhcp plugin, but works finr if I set rightsourceip to a static address again.
>>
>> On "server side" (a openwrt router) I am running strongswan 5.1.3
>>
>> and the strongswan android app is version 1.4.5 based on strongswan 5.2.1
>>
>> I hope someone have some insite into this - if it is a bug or I have made an mistake
>>
>> Best Regards
>> Hasse
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJUgM57AAoJEDg5KY9j7GZYflwP/A9gUEEaimfmXObFNLpHGkRA
> S6tATL7biTLr8J9rVjlg3k4BEiaXZ/E6F/gfvVToalhd7o5zSIDgEX9S/ceLogrJ
> /bWVcB9MhMpRjv2GagdbbNB02+0SKgrJW6YMO1b/9qQsvT4JRmmuBkkwFnd6/gsr
> 5H1DoI/OAmzkxR8csPFVTqexXp948/1IagyIxictj4r5s6wkdS6j2QzvTnHmWhIv
> NTWXrPtHB2gD9+Ax1c/VJtUNDArl4Yq4YFpYMCg7Gjxig6Pt+u4If3JgKtUq0sMv
> jaPw1rMb4wiJj7J03OhkwmNJKyyEEPwIhc0KOhUx0dqoXBkDjxcUE0b7VFter8uQ
> unNGSCAutPOJrYITD/6k0kNGcPRPKsxA6WibA6S2HDUHpgWWWJemVtydRUaB20Wg
> U1pSK2CppoRt88sS7HQ4zti8CUyUB4+ujOTXmwl01ns7N7oNEquEVoFtwksMntkt
> MdEcInKyNeBUAV7/ZKOd8/VzKrIfaK8GOh7B5Up98DfHuQK5Z1BeO/YoYD2+If2+
> LUqEwmTf+ic54c0tfCkjvlUJZWRQkB1HnKWXQHH4VnkJd2GEJ2hL/vamalwveVd+
> 85CCJgOuXWZlqQ31oNzHk5TccD25U7aMQHrtd/UU9WqAFGnQqGEHKqLgZJxQ6opW
> c8YQnyvMMyIlWOVAziA/
> =uM0p
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
-------------- next part --------------
Dec 8 20:59:21 00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 3.3.8, mips)
Dec 8 20:59:21 00[LIB] plugin 'test-vectors': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'curl': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'ldap': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'mysql': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'sqlite': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'pkcs11': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'aes': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'des': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'blowfish': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'sha1': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'sha2': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'md4': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'md5': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'random': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'nonce': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'x509': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'revocation': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'constraints': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'pubkey': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'pkcs1': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'pkcs8': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'pgp': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'dnskey': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'pem': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'openssl': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'gcrypt': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'af-alg': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'fips-prf': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'gmp' failed to load: File not found
Dec 8 20:59:21 00[LIB] plugin 'agent': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'xcbc': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'cmac': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'hmac': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'ctr': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'ccm': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'gcm': loaded successfully
Dec 8 20:59:21 00[CFG] loaded attribute INTERNAL_IP4_DNS: c0:a8:64:01
Dec 8 20:59:21 00[CFG] loaded attribute INTERNAL_IP4_DNS: 08:08:08:08
Dec 8 20:59:21 00[LIB] plugin 'attr': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'attr-sql': loaded successfully
Dec 8 20:59:21 00[CFG] disabling load-tester plugin, not configured
Dec 8 20:59:21 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Dec 8 20:59:21 00[LIB] plugin 'kernel-netlink': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'resolve': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'socket-default': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'farp': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'stroke': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'smp': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'sql': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'updown': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'eap-identity': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'eap-md5': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'eap-mschapv2': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'eap-radius': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'xauth-generic': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'xauth-eap': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'dhcp': loaded successfully
Dec 8 20:59:21 00[CFG] HA config misses local/remote address
Dec 8 20:59:21 00[LIB] plugin 'ha': failed to load - ha_plugin_create returned NULL
Dec 8 20:59:21 00[LIB] plugin 'whitelist': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'led': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'duplicheck': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'coupling': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'uci': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'addrblock': loaded successfully
Dec 8 20:59:21 00[LIB] plugin 'unity': loaded successfully
Dec 8 20:59:21 00[LIB] feature PUBKEY:ECDSA in plugin 'pem' has unmet dependency: PUBKEY:ECDSA
Dec 8 20:59:21 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
Dec 8 20:59:21 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
Dec 8 20:59:21 00[LIB] feature CERT_DECODE:X509_OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:X509_OCSP_REQUEST
Dec 8 20:59:21 00[CFG] attr-sql plugin: database URI not set
Dec 8 20:59:21 00[LIB] feature CUSTOM:attr-sql in plugin 'attr-sql' failed to load
Dec 8 20:59:21 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Dec 8 20:59:21 00[CFG] loaded ca certificate "C=DK, O=Linuxkonsulenten.dk, CN=VPN CA" from '/etc/ipsec.d/cacerts/caCert.der'
Dec 8 20:59:21 00[CFG] loaded ca certificate "C=DK, O=Linuxkonsulenten.dk, CN=VPN CA" from '/etc/ipsec.d/cacerts/caCert.pem'
Dec 8 20:59:21 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Dec 8 20:59:21 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Dec 8 20:59:21 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Dec 8 20:59:21 00[CFG] loading crls from '/etc/ipsec.d/crls'
Dec 8 20:59:21 00[CFG] loading secrets from '/etc/ipsec.secrets'
Dec 8 20:59:21 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/GatewayKey.der'
Dec 8 20:59:21 00[CFG] loaded EAP secret for hasse
Dec 8 20:59:21 00[CFG] sql plugin: database URI not set
Dec 8 20:59:21 00[LIB] feature CUSTOM:sql in plugin 'sql' failed to load
Dec 8 20:59:21 00[CFG] loaded 0 RADIUS server configurations
Dec 8 20:59:21 00[CFG] coupling file path unspecified
Dec 8 20:59:21 00[LIB] feature CUSTOM:coupling in plugin 'coupling' failed to load
Dec 8 20:59:21 00[LIB] unloading plugin 'attr-sql' without loaded features
Dec 8 20:59:21 00[LIB] unloading plugin 'sql' without loaded features
Dec 8 20:59:21 00[LIB] unloading plugin 'coupling' without loaded features
Dec 8 20:59:21 00[LIB] loaded plugins: charon test-vectors curl ldap mysql sqlite pkcs11 aes des blowfish sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem openssl gcrypt af-alg fips-prf agent xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default farp stroke smp updown eap-identity eap-md5 eap-mschapv2 eap-radius xauth-generic xauth-eap dhcp whitelist led duplicheck uci addrblock unity
Dec 8 20:59:21 00[LIB] unable to load 7 plugin features (4 due to unmet dependencies)
Dec 8 20:59:21 00[JOB] spawning 16 worker threads
Dec 8 20:59:21 15[LIB] created thread 15 [26804]
Dec 8 20:59:21 10[LIB] created thread 10 [26799]
Dec 8 20:59:21 14[LIB] created thread 14 [26803]
Dec 8 20:59:21 07[LIB] created thread 07 [26796]
Dec 8 20:59:21 11[LIB] created thread 11 [26800]
Dec 8 20:59:21 12[LIB] created thread 12 [26801]
Dec 8 20:59:21 16[LIB] created thread 16 [26805]
Dec 8 20:59:21 08[LIB] created thread 08 [26797]
Dec 8 20:59:21 09[LIB] created thread 09 [26798]
Dec 8 20:59:21 13[LIB] created thread 13 [26802]
Dec 8 20:59:21 06[LIB] created thread 06 [26795]
Dec 8 20:59:21 05[LIB] created thread 05 [26794]
Dec 8 20:59:21 04[LIB] created thread 04 [26793]
Dec 8 20:59:21 03[LIB] created thread 03 [26792]
Dec 8 20:59:21 02[LIB] created thread 02 [26791]
Dec 8 20:59:21 01[LIB] created thread 01 [26790]
Dec 8 20:59:21 16[CFG] received stroke: add connection 'win7'
Dec 8 20:59:21 16[CFG] conn win7
Dec 8 20:59:21 16[CFG] left=85.235.22.10
Dec 8 20:59:21 16[CFG] leftsubnet=192.168.100.0/24
Dec 8 20:59:21 16[CFG] leftsourceip=(null)
Dec 8 20:59:21 16[CFG] leftdns=(null)
Dec 8 20:59:21 16[CFG] leftauth=pubkey
Dec 8 20:59:21 16[CFG] leftauth2=(null)
Dec 8 20:59:21 16[CFG] leftid=(null)
Dec 8 20:59:21 16[CFG] leftid2=(null)
Dec 8 20:59:21 16[CFG] leftrsakey=(null)
Dec 8 20:59:21 16[CFG] leftcert=gatewayCert.der
Dec 8 20:59:21 16[CFG] leftcert2=(null)
Dec 8 20:59:21 16[CFG] leftca=(null)
Dec 8 20:59:21 16[CFG] leftca2=(null)
Dec 8 20:59:21 16[CFG] leftgroups=(null)
Dec 8 20:59:21 16[CFG] leftgroups2=(null)
Dec 8 20:59:21 16[CFG] leftupdown=ipsec _updown iptables
Dec 8 20:59:21 16[CFG] right=%any
Dec 8 20:59:21 16[CFG] rightsubnet=(null)
Dec 8 20:59:21 16[CFG] rightsourceip=%dhcp
Dec 8 20:59:21 16[CFG] rightdns=(null)
Dec 8 20:59:21 16[CFG] rightauth=eap-mschapv2
Dec 8 20:59:21 16[CFG] rightauth2=(null)
Dec 8 20:59:21 16[CFG] rightid=(null)
Dec 8 20:59:21 16[CFG] rightid2=(null)
Dec 8 20:59:21 16[CFG] rightrsakey=(null)
Dec 8 20:59:21 16[CFG] rightcert=(null)
Dec 8 20:59:21 16[CFG] rightcert2=(null)
Dec 8 20:59:21 16[CFG] rightca=(null)
Dec 8 20:59:21 16[CFG] rightca2=(null)
Dec 8 20:59:21 16[CFG] rightgroups=(null)
Dec 8 20:59:21 16[CFG] rightgroups2=(null)
Dec 8 20:59:21 16[CFG] rightupdown=(null)
Dec 8 20:59:21 16[CFG] eap_identity=%any
Dec 8 20:59:21 16[CFG] aaa_identity=(null)
Dec 8 20:59:21 16[CFG] xauth_identity=(null)
Dec 8 20:59:21 16[CFG] ike=aes256-sha1-modp1024!
Dec 8 20:59:21 16[CFG] esp=aes256-sha1!
Dec 8 20:59:21 16[CFG] ah=(null)
Dec 8 20:59:21 16[CFG] dpddelay=300
Dec 8 20:59:21 16[CFG] dpdtimeout=150
Dec 8 20:59:21 16[CFG] dpdaction=1
Dec 8 20:59:21 16[CFG] closeaction=0
Dec 8 20:59:21 16[CFG] mediation=no
Dec 8 20:59:21 16[CFG] mediated_by=(null)
Dec 8 20:59:21 16[CFG] me_peerid=(null)
Dec 8 20:59:21 16[CFG] keyexchange=ikev2
Dec 8 20:59:21 16[CFG] loaded certificate "C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway" from 'gatewayCert.der'
Dec 8 20:59:21 16[CFG] id '85.235.22.10' not confirmed by certificate, defaulting to 'C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway'
Dec 8 20:59:21 16[CFG] added configuration 'win7'
Dec 8 20:59:21 08[CFG] received stroke: initiate 'win7'
Dec 8 20:59:21 08[IKE] <win7|1> unable to resolve %any, initiate aborted
Dec 8 20:59:21 08[MGR] <win7|1> tried to check-in and delete nonexisting IKE_SA
Dec 8 20:59:29 09[NET] <2> received packet: from 80.62.117.18[33347] to 85.235.22.10[500] (996 bytes)
Dec 8 20:59:29 09[CFG] <2> looking for an ike config for 85.235.22.10...80.62.117.18
Dec 8 20:59:29 09[CFG] <2> candidate: 85.235.22.10...%any, prio 1052
Dec 8 20:59:29 09[CFG] <2> found matching ike config: 85.235.22.10...%any with prio 1052
Dec 8 20:59:29 09[IKE] <2> 80.62.117.18 is initiating an IKE_SA
Dec 8 20:59:29 09[CFG] <2> selecting proposal:
Dec 8 20:59:29 09[CFG] <2> proposal matches
Dec 8 20:59:29 09[CFG] <2> received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP, IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
Dec 8 20:59:29 09[CFG] <2> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 8 20:59:29 09[CFG] <2> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 8 20:59:29 09[LIB] <2> size of DH secret exponent: 2047 bits
Dec 8 20:59:30 09[IKE] <2> remote host is behind NAT
Dec 8 20:59:30 09[IKE] <2> DH group MODP_2048 inacceptable, requesting MODP_1024
Dec 8 20:59:30 09[NET] <2> sending packet: from 85.235.22.10[500] to 80.62.117.18[33347] (38 bytes)
Dec 8 20:59:30 08[NET] <3> received packet: from 80.62.117.18[33347] to 85.235.22.10[500] (868 bytes)
Dec 8 20:59:30 08[CFG] <3> looking for an ike config for 85.235.22.10...80.62.117.18
Dec 8 20:59:30 08[CFG] <3> candidate: 85.235.22.10...%any, prio 1052
Dec 8 20:59:30 08[CFG] <3> found matching ike config: 85.235.22.10...%any with prio 1052
Dec 8 20:59:30 08[IKE] <3> 80.62.117.18 is initiating an IKE_SA
Dec 8 20:59:30 08[CFG] <3> selecting proposal:
Dec 8 20:59:30 08[CFG] <3> proposal matches
Dec 8 20:59:30 08[CFG] <3> received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP, IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
Dec 8 20:59:30 08[CFG] <3> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 8 20:59:30 08[CFG] <3> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 8 20:59:30 08[LIB] <3> size of DH secret exponent: 1023 bits
Dec 8 20:59:30 08[IKE] <3> remote host is behind NAT
Dec 8 20:59:30 08[NET] <3> sending packet: from 85.235.22.10[500] to 80.62.117.18[33347] (312 bytes)
Dec 8 20:59:30 01[NET] <3> received packet: from 80.62.117.18[40984] to 85.235.22.10[4500] (3548 bytes)
Dec 8 20:59:30 01[IKE] <3> received cert request for "C=DK, O=Linuxkonsulenten.dk, CN=VPN CA"
Dec 8 20:59:30 01[IKE] <3> received 151 cert requests for an unknown ca
Dec 8 20:59:30 01[CFG] <3> looking for peer configs matching 85.235.22.10[%any]...80.62.117.18[hasse]
Dec 8 20:59:30 01[CFG] <3> candidate "win7", match: 1/1/1052 (me/other/ike)
Dec 8 20:59:30 01[CFG] <win7|3> selected peer config 'win7'
Dec 8 20:59:30 01[IKE] <win7|3> initiating EAP_IDENTITY method (id 0x00)
Dec 8 20:59:30 01[IKE] <win7|3> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Dec 8 20:59:30 01[IKE] <win7|3> peer supports MOBIKE
Dec 8 20:59:31 01[IKE] <win7|3> authentication of 'C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway' (myself) with RSA signature successful
Dec 8 20:59:31 01[IKE] <win7|3> sending end entity cert "C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway"
Dec 8 20:59:31 01[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[40984] (1244 bytes)
Dec 8 20:59:31 13[NET] <win7|3> received packet: from 80.62.117.18[40984] to 85.235.22.10[4500] (76 bytes)
Dec 8 20:59:31 13[IKE] <win7|3> received EAP identity 'hasse'
Dec 8 20:59:31 13[IKE] <win7|3> initiating EAP_MSCHAPV2 method (id 0xBE)
Dec 8 20:59:31 13[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[40984] (108 bytes)
Dec 8 20:59:31 06[NET] <win7|3> received packet: from 80.62.117.18[40984] to 85.235.22.10[4500] (140 bytes)
Dec 8 20:59:31 06[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[40984] (140 bytes)
Dec 8 20:59:31 08[NET] <win7|3> received packet: from 80.62.117.18[40984] to 85.235.22.10[4500] (76 bytes)
Dec 8 20:59:31 08[IKE] <win7|3> EAP method EAP_MSCHAPV2 succeeded, MSK established
Dec 8 20:59:31 08[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[40984] (76 bytes)
Dec 8 20:59:31 05[NET] <win7|3> received packet: from 80.62.117.18[40984] to 85.235.22.10[4500] (92 bytes)
Dec 8 20:59:31 05[IKE] <win7|3> authentication of 'hasse' with EAP successful
Dec 8 20:59:31 05[IKE] <win7|3> authentication of 'C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway' (myself) with EAP
Dec 8 20:59:31 05[IKE] <win7|3> IKE_SA win7[3] established between 85.235.22.10[C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway]...80.62.117.18[hasse]
Dec 8 20:59:31 05[IKE] <win7|3> peer requested virtual IP %any
Dec 8 20:59:31 05[CFG] <win7|3> sending DHCP DISCOVER to 192.168.100.255
Dec 8 20:59:32 05[CFG] <win7|3> sending DHCP DISCOVER to 192.168.100.255
Dec 8 20:59:33 01[MGR] ignoring request with ID 5, already processing
Dec 8 20:59:34 08[CFG] received DHCP OFFER 192.168.100.119 from 192.168.100.1
Dec 8 20:59:34 05[CFG] <win7|3> sending DHCP REQUEST for 192.168.100.119 to 192.168.100.1
Dec 8 20:59:34 05[CFG] <win7|3> sending DHCP REQUEST for 192.168.100.119 to 192.168.100.1
Dec 8 20:59:34 04[CFG] received DHCP ACK for 192.168.100.119
Dec 8 20:59:34 05[IKE] <win7|3> assigning virtual IP 192.168.100.119 to peer 'hasse'
Dec 8 20:59:34 05[IKE] <win7|3> peer requested virtual IP %any6
Dec 8 20:59:34 05[IKE] <win7|3> no virtual IP found for %any6 requested by 'hasse'
Dec 8 20:59:34 05[CFG] <win7|3> looking for a child config for 0.0.0.0/0 ::/0 === 0.0.0.0/0 ::/0
Dec 8 20:59:34 05[CFG] <win7|3> proposing traffic selectors for us:
Dec 8 20:59:34 05[CFG] <win7|3> 192.168.100.0/24
Dec 8 20:59:34 05[CFG] <win7|3> proposing traffic selectors for other:
Dec 8 20:59:34 05[CFG] <win7|3> 192.168.100.119/32
Dec 8 20:59:34 05[CFG] <win7|3> candidate "win7" with prio 2+2
Dec 8 20:59:34 05[CFG] <win7|3> found matching child config "win7" with prio 4
Dec 8 20:59:34 05[CFG] <win7|3> selecting proposal:
Dec 8 20:59:34 05[CFG] <win7|3> no acceptable ENCRYPTION_ALGORITHM found
Dec 8 20:59:34 05[CFG] <win7|3> selecting proposal:
Dec 8 20:59:34 05[CFG] <win7|3> no acceptable ENCRYPTION_ALGORITHM found
Dec 8 20:59:34 05[CFG] <win7|3> selecting proposal:
Dec 8 20:59:34 05[CFG] <win7|3> no acceptable INTEGRITY_ALGORITHM found
Dec 8 20:59:34 05[CFG] <win7|3> selecting proposal:
Dec 8 20:59:34 05[CFG] <win7|3> proposal matches
Dec 8 20:59:34 05[CFG] <win7|3> received proposals: ESP:AES_GCM_16_128/AES_GCM_16_256/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_384_192/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/NO_EXT_SEQ
Dec 8 20:59:34 05[CFG] <win7|3> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Dec 8 20:59:34 05[CFG] <win7|3> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Dec 8 20:59:34 05[CFG] <win7|3> selecting traffic selectors for us:
Dec 8 20:59:34 05[CFG] <win7|3> config: 192.168.100.0/24, received: 0.0.0.0/0 => match: 192.168.100.0/24
Dec 8 20:59:34 05[CFG] <win7|3> config: 192.168.100.0/24, received: ::/0 => no match
Dec 8 20:59:34 05[CFG] <win7|3> selecting traffic selectors for other:
Dec 8 20:59:34 05[CFG] <win7|3> config: 192.168.100.119/32, received: 0.0.0.0/0 => match: 192.168.100.119/32
Dec 8 20:59:34 05[CFG] <win7|3> config: 192.168.100.119/32, received: ::/0 => no match
Dec 8 20:59:34 05[CHD] <win7|3> using AES_CBC for encryption
Dec 8 20:59:34 05[CHD] <win7|3> using HMAC_SHA1_96 for integrity
Dec 8 20:59:34 05[CHD] <win7|3> adding inbound ESP SA
Dec 8 20:59:34 05[CHD] <win7|3> SPI 0xc2df5f27, src 80.62.117.18 dst 85.235.22.10
Dec 8 20:59:34 05[CHD] <win7|3> adding outbound ESP SA
Dec 8 20:59:34 05[CHD] <win7|3> SPI 0x826a050d, src 85.235.22.10 dst 80.62.117.18
Dec 8 20:59:34 05[IKE] <win7|3> CHILD_SA win7{1} established with SPIs c2df5f27_i 826a050d_o and TS 192.168.100.0/24 === 192.168.100.119/32
Dec 8 20:59:34 05[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[40984] (252 bytes)
Dec 8 20:59:40 03[NET] <win7|3> received packet: from 80.62.117.18[40984] to 85.235.22.10[4500] (76 bytes)
Dec 8 20:59:40 03[IKE] <win7|3> received DELETE for IKE_SA win7[3]
Dec 8 20:59:40 03[IKE] <win7|3> deleting IKE_SA win7[3] between 85.235.22.10[C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway]...80.62.117.18[hasse]
Dec 8 20:59:40 03[IKE] <win7|3> IKE_SA deleted
Dec 8 20:59:40 03[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[40984] (76 bytes)
Dec 8 20:59:40 03[CFG] <win7|3> sending DHCP RELEASE for 192.168.100.119 to 192.168.100.1
Dec 8 20:59:45 00[DMN] signal of type SIGINT received. Shutting down
-------------- next part --------------
Dec 8 21:05:10 00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 3.3.8, mips)
Dec 8 21:05:10 00[LIB] plugin 'test-vectors': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'curl': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'ldap': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'mysql': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'sqlite': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'pkcs11': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'aes': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'des': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'blowfish': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'sha1': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'sha2': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'md4': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'md5': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'random': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'nonce': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'x509': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'revocation': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'constraints': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'pubkey': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'pkcs1': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'pkcs8': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'pgp': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'dnskey': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'pem': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'openssl': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'gcrypt': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'af-alg': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'fips-prf': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'gmp' failed to load: File not found
Dec 8 21:05:10 00[LIB] plugin 'agent': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'xcbc': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'cmac': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'hmac': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'ctr': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'ccm': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'gcm': loaded successfully
Dec 8 21:05:10 00[CFG] loaded attribute INTERNAL_IP4_DNS: c0:a8:64:01
Dec 8 21:05:10 00[CFG] loaded attribute INTERNAL_IP4_DNS: 08:08:08:08
Dec 8 21:05:10 00[LIB] plugin 'attr': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'attr-sql': loaded successfully
Dec 8 21:05:10 00[CFG] disabling load-tester plugin, not configured
Dec 8 21:05:10 00[LIB] plugin 'load-tester': failed to load - load_tester_plugin_create returned NULL
Dec 8 21:05:10 00[LIB] plugin 'kernel-netlink': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'resolve': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'socket-default': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'farp': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'stroke': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'smp': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'sql': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'updown': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'eap-identity': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'eap-md5': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'eap-mschapv2': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'eap-radius': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'xauth-generic': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'xauth-eap': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'dhcp': loaded successfully
Dec 8 21:05:10 00[CFG] HA config misses local/remote address
Dec 8 21:05:10 00[LIB] plugin 'ha': failed to load - ha_plugin_create returned NULL
Dec 8 21:05:10 00[LIB] plugin 'whitelist': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'led': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'duplicheck': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'coupling': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'uci': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'addrblock': loaded successfully
Dec 8 21:05:10 00[LIB] plugin 'unity': loaded successfully
Dec 8 21:05:10 00[LIB] feature PUBKEY:ECDSA in plugin 'pem' has unmet dependency: PUBKEY:ECDSA
Dec 8 21:05:10 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
Dec 8 21:05:10 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
Dec 8 21:05:10 00[LIB] feature CERT_DECODE:X509_OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:X509_OCSP_REQUEST
Dec 8 21:05:10 00[CFG] attr-sql plugin: database URI not set
Dec 8 21:05:10 00[LIB] feature CUSTOM:attr-sql in plugin 'attr-sql' failed to load
Dec 8 21:05:10 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Dec 8 21:05:10 00[CFG] loaded ca certificate "C=DK, O=Linuxkonsulenten.dk, CN=VPN CA" from '/etc/ipsec.d/cacerts/caCert.der'
Dec 8 21:05:10 00[CFG] loaded ca certificate "C=DK, O=Linuxkonsulenten.dk, CN=VPN CA" from '/etc/ipsec.d/cacerts/caCert.pem'
Dec 8 21:05:10 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Dec 8 21:05:10 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Dec 8 21:05:10 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Dec 8 21:05:10 00[CFG] loading crls from '/etc/ipsec.d/crls'
Dec 8 21:05:10 00[CFG] loading secrets from '/etc/ipsec.secrets'
Dec 8 21:05:11 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/GatewayKey.der'
Dec 8 21:05:11 00[CFG] loaded EAP secret for hasse
Dec 8 21:05:11 00[CFG] sql plugin: database URI not set
Dec 8 21:05:11 00[LIB] feature CUSTOM:sql in plugin 'sql' failed to load
Dec 8 21:05:11 00[CFG] loaded 0 RADIUS server configurations
Dec 8 21:05:11 00[CFG] coupling file path unspecified
Dec 8 21:05:11 00[LIB] feature CUSTOM:coupling in plugin 'coupling' failed to load
Dec 8 21:05:11 00[LIB] unloading plugin 'attr-sql' without loaded features
Dec 8 21:05:11 00[LIB] unloading plugin 'sql' without loaded features
Dec 8 21:05:11 00[LIB] unloading plugin 'coupling' without loaded features
Dec 8 21:05:11 00[LIB] loaded plugins: charon test-vectors curl ldap mysql sqlite pkcs11 aes des blowfish sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem openssl gcrypt af-alg fips-prf agent xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default farp stroke smp updown eap-identity eap-md5 eap-mschapv2 eap-radius xauth-generic xauth-eap dhcp whitelist led duplicheck uci addrblock unity
Dec 8 21:05:11 00[LIB] unable to load 7 plugin features (4 due to unmet dependencies)
Dec 8 21:05:11 00[JOB] spawning 16 worker threads
Dec 8 21:05:11 15[LIB] created thread 15 [27179]
Dec 8 21:05:11 10[LIB] created thread 10 [27174]
Dec 8 21:05:11 14[LIB] created thread 14 [27178]
Dec 8 21:05:11 07[LIB] created thread 07 [27171]
Dec 8 21:05:11 11[LIB] created thread 11 [27175]
Dec 8 21:05:11 12[LIB] created thread 12 [27176]
Dec 8 21:05:11 16[LIB] created thread 16 [27180]
Dec 8 21:05:11 08[LIB] created thread 08 [27172]
Dec 8 21:05:11 09[LIB] created thread 09 [27173]
Dec 8 21:05:11 13[LIB] created thread 13 [27177]
Dec 8 21:05:11 06[LIB] created thread 06 [27170]
Dec 8 21:05:11 05[LIB] created thread 05 [27169]
Dec 8 21:05:11 04[LIB] created thread 04 [27168]
Dec 8 21:05:11 03[LIB] created thread 03 [27167]
Dec 8 21:05:11 02[LIB] created thread 02 [27166]
Dec 8 21:05:11 01[LIB] created thread 01 [27165]
Dec 8 21:05:11 09[CFG] received stroke: add connection 'win7'
Dec 8 21:05:11 09[CFG] conn win7
Dec 8 21:05:11 09[CFG] left=85.235.22.10
Dec 8 21:05:11 09[CFG] leftsubnet=192.168.100.0/24
Dec 8 21:05:11 09[CFG] leftsourceip=(null)
Dec 8 21:05:11 09[CFG] leftdns=(null)
Dec 8 21:05:11 09[CFG] leftauth=pubkey
Dec 8 21:05:11 09[CFG] leftauth2=(null)
Dec 8 21:05:11 09[CFG] leftid=(null)
Dec 8 21:05:11 09[CFG] leftid2=(null)
Dec 8 21:05:11 09[CFG] leftrsakey=(null)
Dec 8 21:05:11 09[CFG] leftcert=gatewayCert.der
Dec 8 21:05:11 09[CFG] leftcert2=(null)
Dec 8 21:05:11 09[CFG] leftca=(null)
Dec 8 21:05:11 09[CFG] leftca2=(null)
Dec 8 21:05:11 09[CFG] leftgroups=(null)
Dec 8 21:05:11 09[CFG] leftgroups2=(null)
Dec 8 21:05:11 09[CFG] leftupdown=ipsec _updown iptables
Dec 8 21:05:11 09[CFG] right=%any
Dec 8 21:05:11 09[CFG] rightsubnet=(null)
Dec 8 21:05:11 09[CFG] rightsourceip=192.168.100.50
Dec 8 21:05:11 09[CFG] rightdns=(null)
Dec 8 21:05:11 09[CFG] rightauth=eap-mschapv2
Dec 8 21:05:11 09[CFG] rightauth2=(null)
Dec 8 21:05:11 09[CFG] rightid=(null)
Dec 8 21:05:11 09[CFG] rightid2=(null)
Dec 8 21:05:11 09[CFG] rightrsakey=(null)
Dec 8 21:05:11 09[CFG] rightcert=(null)
Dec 8 21:05:11 09[CFG] rightcert2=(null)
Dec 8 21:05:11 09[CFG] rightca=(null)
Dec 8 21:05:11 09[CFG] rightca2=(null)
Dec 8 21:05:11 09[CFG] rightgroups=(null)
Dec 8 21:05:11 09[CFG] rightgroups2=(null)
Dec 8 21:05:11 09[CFG] rightupdown=(null)
Dec 8 21:05:11 09[CFG] eap_identity=%any
Dec 8 21:05:11 09[CFG] aaa_identity=(null)
Dec 8 21:05:11 09[CFG] xauth_identity=(null)
Dec 8 21:05:11 09[CFG] ike=aes256-sha1-modp1024!
Dec 8 21:05:11 09[CFG] esp=aes256-sha1!
Dec 8 21:05:11 09[CFG] ah=(null)
Dec 8 21:05:11 09[CFG] dpddelay=300
Dec 8 21:05:11 09[CFG] dpdtimeout=150
Dec 8 21:05:11 09[CFG] dpdaction=1
Dec 8 21:05:11 09[CFG] closeaction=0
Dec 8 21:05:11 09[CFG] mediation=no
Dec 8 21:05:11 09[CFG] mediated_by=(null)
Dec 8 21:05:11 09[CFG] me_peerid=(null)
Dec 8 21:05:11 09[CFG] keyexchange=ikev2
Dec 8 21:05:11 09[CFG] adding virtual IP address pool 192.168.100.50
Dec 8 21:05:11 09[CFG] loaded certificate "C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway" from 'gatewayCert.der'
Dec 8 21:05:11 09[CFG] id '85.235.22.10' not confirmed by certificate, defaulting to 'C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway'
Dec 8 21:05:11 09[CFG] added configuration 'win7'
Dec 8 21:05:11 04[CFG] received stroke: initiate 'win7'
Dec 8 21:05:11 04[IKE] <win7|1> unable to resolve %any, initiate aborted
Dec 8 21:05:11 04[MGR] <win7|1> tried to check-in and delete nonexisting IKE_SA
Dec 8 21:05:25 13[NET] <2> received packet: from 80.62.117.18[62036] to 85.235.22.10[500] (996 bytes)
Dec 8 21:05:25 13[CFG] <2> looking for an ike config for 85.235.22.10...80.62.117.18
Dec 8 21:05:25 13[CFG] <2> candidate: 85.235.22.10...%any, prio 1052
Dec 8 21:05:25 13[CFG] <2> found matching ike config: 85.235.22.10...%any with prio 1052
Dec 8 21:05:25 13[IKE] <2> 80.62.117.18 is initiating an IKE_SA
Dec 8 21:05:25 13[CFG] <2> selecting proposal:
Dec 8 21:05:25 13[CFG] <2> proposal matches
Dec 8 21:05:25 13[CFG] <2> received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP, IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
Dec 8 21:05:25 13[CFG] <2> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 8 21:05:25 13[CFG] <2> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 8 21:05:25 13[LIB] <2> size of DH secret exponent: 2047 bits
Dec 8 21:05:26 13[IKE] <2> remote host is behind NAT
Dec 8 21:05:26 13[IKE] <2> DH group MODP_2048 inacceptable, requesting MODP_1024
Dec 8 21:05:26 13[NET] <2> sending packet: from 85.235.22.10[500] to 80.62.117.18[62036] (38 bytes)
Dec 8 21:05:26 16[NET] <3> received packet: from 80.62.117.18[62036] to 85.235.22.10[500] (868 bytes)
Dec 8 21:05:26 16[CFG] <3> looking for an ike config for 85.235.22.10...80.62.117.18
Dec 8 21:05:26 16[CFG] <3> candidate: 85.235.22.10...%any, prio 1052
Dec 8 21:05:26 16[CFG] <3> found matching ike config: 85.235.22.10...%any with prio 1052
Dec 8 21:05:26 16[IKE] <3> 80.62.117.18 is initiating an IKE_SA
Dec 8 21:05:26 16[CFG] <3> selecting proposal:
Dec 8 21:05:26 16[CFG] <3> proposal matches
Dec 8 21:05:26 16[CFG] <3> received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP, IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
Dec 8 21:05:26 16[CFG] <3> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 8 21:05:26 16[CFG] <3> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Dec 8 21:05:26 16[LIB] <3> size of DH secret exponent: 1023 bits
Dec 8 21:05:26 16[IKE] <3> remote host is behind NAT
Dec 8 21:05:26 16[NET] <3> sending packet: from 85.235.22.10[500] to 80.62.117.18[62036] (312 bytes)
Dec 8 21:05:26 04[NET] <3> received packet: from 80.62.117.18[49190] to 85.235.22.10[4500] (3548 bytes)
Dec 8 21:05:26 04[IKE] <3> received cert request for "C=DK, O=Linuxkonsulenten.dk, CN=VPN CA"
Dec 8 21:05:26 04[IKE] <3> received 151 cert requests for an unknown ca
Dec 8 21:05:26 04[CFG] <3> looking for peer configs matching 85.235.22.10[%any]...80.62.117.18[hasse]
Dec 8 21:05:26 04[CFG] <3> candidate "win7", match: 1/1/1052 (me/other/ike)
Dec 8 21:05:26 04[CFG] <win7|3> selected peer config 'win7'
Dec 8 21:05:26 04[IKE] <win7|3> initiating EAP_IDENTITY method (id 0x00)
Dec 8 21:05:26 04[IKE] <win7|3> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Dec 8 21:05:26 04[IKE] <win7|3> peer supports MOBIKE
Dec 8 21:05:26 04[IKE] <win7|3> authentication of 'C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway' (myself) with RSA signature successful
Dec 8 21:05:26 04[IKE] <win7|3> sending end entity cert "C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway"
Dec 8 21:05:26 04[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[49190] (1244 bytes)
Dec 8 21:05:26 01[NET] <win7|3> received packet: from 80.62.117.18[49190] to 85.235.22.10[4500] (76 bytes)
Dec 8 21:05:26 01[IKE] <win7|3> received EAP identity 'hasse'
Dec 8 21:05:26 01[IKE] <win7|3> initiating EAP_MSCHAPV2 method (id 0x72)
Dec 8 21:05:26 01[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[49190] (108 bytes)
Dec 8 21:05:27 08[NET] <win7|3> received packet: from 80.62.117.18[49190] to 85.235.22.10[4500] (140 bytes)
Dec 8 21:05:27 08[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[49190] (140 bytes)
Dec 8 21:05:27 16[NET] <win7|3> received packet: from 80.62.117.18[49190] to 85.235.22.10[4500] (76 bytes)
Dec 8 21:05:27 16[IKE] <win7|3> EAP method EAP_MSCHAPV2 succeeded, MSK established
Dec 8 21:05:27 16[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[49190] (76 bytes)
Dec 8 21:05:27 05[NET] <win7|3> received packet: from 80.62.117.18[49190] to 85.235.22.10[4500] (92 bytes)
Dec 8 21:05:27 05[IKE] <win7|3> authentication of 'hasse' with EAP successful
Dec 8 21:05:27 05[IKE] <win7|3> authentication of 'C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway' (myself) with EAP
Dec 8 21:05:27 05[IKE] <win7|3> IKE_SA win7[3] established between 85.235.22.10[C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway]...80.62.117.18[hasse]
Dec 8 21:05:27 05[IKE] <win7|3> peer requested virtual IP %any
Dec 8 21:05:27 05[CFG] <win7|3> assigning new lease to 'hasse'
Dec 8 21:05:27 05[IKE] <win7|3> assigning virtual IP 192.168.100.50 to peer 'hasse'
Dec 8 21:05:27 05[IKE] <win7|3> peer requested virtual IP %any6
Dec 8 21:05:27 05[IKE] <win7|3> no virtual IP found for %any6 requested by 'hasse'
Dec 8 21:05:27 05[CFG] <win7|3> looking for a child config for 0.0.0.0/0 ::/0 === 0.0.0.0/0 ::/0
Dec 8 21:05:27 05[CFG] <win7|3> proposing traffic selectors for us:
Dec 8 21:05:27 05[CFG] <win7|3> 192.168.100.0/24
Dec 8 21:05:27 05[CFG] <win7|3> proposing traffic selectors for other:
Dec 8 21:05:27 05[CFG] <win7|3> 192.168.100.50/32
Dec 8 21:05:27 05[CFG] <win7|3> candidate "win7" with prio 2+2
Dec 8 21:05:27 05[CFG] <win7|3> found matching child config "win7" with prio 4
Dec 8 21:05:27 05[CFG] <win7|3> selecting proposal:
Dec 8 21:05:27 05[CFG] <win7|3> no acceptable ENCRYPTION_ALGORITHM found
Dec 8 21:05:27 05[CFG] <win7|3> selecting proposal:
Dec 8 21:05:27 05[CFG] <win7|3> no acceptable ENCRYPTION_ALGORITHM found
Dec 8 21:05:27 05[CFG] <win7|3> selecting proposal:
Dec 8 21:05:27 05[CFG] <win7|3> no acceptable INTEGRITY_ALGORITHM found
Dec 8 21:05:27 05[CFG] <win7|3> selecting proposal:
Dec 8 21:05:27 05[CFG] <win7|3> proposal matches
Dec 8 21:05:27 05[CFG] <win7|3> received proposals: ESP:AES_GCM_16_128/AES_GCM_16_256/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_384_192/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/NO_EXT_SEQ
Dec 8 21:05:27 05[CFG] <win7|3> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Dec 8 21:05:27 05[CFG] <win7|3> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
Dec 8 21:05:27 05[CFG] <win7|3> selecting traffic selectors for us:
Dec 8 21:05:27 05[CFG] <win7|3> config: 192.168.100.0/24, received: 0.0.0.0/0 => match: 192.168.100.0/24
Dec 8 21:05:27 05[CFG] <win7|3> config: 192.168.100.0/24, received: ::/0 => no match
Dec 8 21:05:27 05[CFG] <win7|3> selecting traffic selectors for other:
Dec 8 21:05:27 05[CFG] <win7|3> config: 192.168.100.50/32, received: 0.0.0.0/0 => match: 192.168.100.50/32
Dec 8 21:05:27 05[CFG] <win7|3> config: 192.168.100.50/32, received: ::/0 => no match
Dec 8 21:05:27 05[CHD] <win7|3> using AES_CBC for encryption
Dec 8 21:05:27 05[CHD] <win7|3> using HMAC_SHA1_96 for integrity
Dec 8 21:05:27 05[CHD] <win7|3> adding inbound ESP SA
Dec 8 21:05:27 05[CHD] <win7|3> SPI 0xc3a05c8b, src 80.62.117.18 dst 85.235.22.10
Dec 8 21:05:27 05[CHD] <win7|3> adding outbound ESP SA
Dec 8 21:05:27 05[CHD] <win7|3> SPI 0x6673b360, src 85.235.22.10 dst 80.62.117.18
Dec 8 21:05:27 05[IKE] <win7|3> CHILD_SA win7{1} established with SPIs c3a05c8b_i 6673b360_o and TS 192.168.100.0/24 === 192.168.100.50/32
Dec 8 21:05:27 05[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[49190] (236 bytes)
Dec 8 21:05:36 05[NET] <win7|3> received packet: from 80.62.117.18[49190] to 85.235.22.10[4500] (76 bytes)
Dec 8 21:05:36 05[IKE] <win7|3> received DELETE for IKE_SA win7[3]
Dec 8 21:05:36 05[IKE] <win7|3> deleting IKE_SA win7[3] between 85.235.22.10[C=DK, O=Linuxkonsulenten.dk, CN=VPN Gateway]...80.62.117.18[hasse]
Dec 8 21:05:36 05[IKE] <win7|3> IKE_SA deleted
Dec 8 21:05:36 05[NET] <win7|3> sending packet: from 85.235.22.10[4500] to 80.62.117.18[49190] (76 bytes)
Dec 8 21:05:36 05[CFG] <win7|3> lease 192.168.100.50 by 'hasse' went offline
Dec 8 21:05:43 00[DMN] signal of type SIGINT received. Shutting down
More information about the Users
mailing list