[strongSwan] certificate only vpn connection with mac

Cindy Moore ctmoore at cs.ucsd.edu
Fri Dec 12 23:39:04 CET 2014


Thought authby was deprecated long before Strongswan 5.2.1 (which is
what I'm using)?  In any case, I tested it out, but that didn't make a
difference).

On Fri, Dec 12, 2014 at 2:30 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello,
>
> Judging from the manpage, using "authby=xauthrsasig" is the same as your configuration with leftauth and rightauth parameters.
> Maybe try that? I don't know if it helps. *shrugs*
>
> Mit freundlichen Grüßen/Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
> Am 12.12.2014 um 23:19 schrieb Cindy Moore:
>> I'm really at a loss over this one.  I can get the connections going
>> with other clients, for example Network Manager on a Ubuntu 14.04 has
>> no difficulties connecting with my strongswan server.
>>
>> This seems to be a possible clue:
>> Dec 11 12:47:54 vpn charon: 10[IKE] found 1 matching config, but none
>> allows RSA signature authentication using Main Mode
>>
>> But I'm not sure how to interpret it, or begin to address it.
>>
>> I'm also unsure about how the mac's vpn connection should be
>> configured (I haven't found an equivalent to
>> https://wiki.strongswan.org/projects/strongswan/wiki/NetworkManager
>> under the Howto's for a Mac VPN setup, so I don't know if its some
>> kind of problem that I can't select the vpn host certificate from the
>> vpn setup dialog even though it shows up just fine in the system
>> keychain.  Any thoughts?
>>
>> On Thu, Dec 11, 2014 at 1:20 PM, Cindy Moore <ctmoore at cs.ucsd.edu> wrote:
>>> I'm trying to get a basic connection going with a mac os x client to
>>> strongswan (latest) installed on ubuntu (14.04 lts).  I'm not entirely
>>> certain what is going on.  It seems like the client isn't sending the
>>> desired certificate.  in the log file, vpnHostCert doesn't seem to
>>> play a part at all which i find unexpected.
>>>
>>> When I set up the mac I sent the p12 packages over to the mac, added
>>> the three of them (root, vpnHost, cindy) to the system keychain.
>>> What's weird though, is that I can only seem to select, for both User
>>> Authentication certificate & Machine Authentication certificate, the
>>> one identified with ctmoore at example.com (I had expected to select that
>>> for User Auth, and the vpn.example.com for Machine Auth -- all three
>>> (root, vpn, cindy) certificates are visible in the system keychain,
>>> but only the cindy one appears in the list of options when selecting
>>> User/Machine Auth in setting up a vpn connection on the mac.  I set
>>> the strongswan root up as a trusted cert, and authorized the use of
>>> all three in any kind of setting.
>>>
>>>
>>> Overview of setup (syslog copy at end)
>>>
>>>
>>> Created the certificates.  Sorry, my email program is eating tabs.
>>>
>>> ========
>>> "root":
>>> ipsec pki --gen --type rsa --size 4096 \
>>> --outform pem \
>>>> private/strongswanKey.pem
>>> chmod 600 private/strongswanKey.pem
>>> ipsec pki --self --ca --lifetime 3650 \
>>> --in private/strongswanKey.pem --type rsa \
>>> --dn "C=US, O=ThatsUs, CN=strongSwan Root CA" \
>>> --outform pem \
>>>> cacerts/strongswanCert.pem
>>>
>>> ========
>>> host:
>>> ipsec pki --gen --type rsa --size 2048 \
>>> --outform pem \
>>>> private/vpnHostKey.pem
>>> chmod 600 private/vpnHostKey.pem
>>> ipsec pki --pub --in private/vpnHostKey.pem --type rsa | \
>>> ipsec pki --issue --lifetime 730 \
>>> --cacert cacerts/strongswanCert.pem \
>>> --cakey private/strongswanKey.pem \
>>> --dn "C=US, O=ThatsUs, CN=vpn.example.com" \
>>> --san vpn.example.com \
>>> --flag serverAuth --flag ikeIntermediate \
>>> --outform pem > certs/vpnHostCert.pem
>>>
>>> ipsec pki --print looks okay for both
>>>
>>> ========
>>> created p12 packages
>>> # openssl pkcs12 -export -in certs/vpnHostCert.pem -nokeys -nodes -out
>>> exports/vpnHost.p12
>>> Enter Export Password:
>>> Verifying - Enter Export Password:
>>>
>>> # openssl pkcs12 -export -in cacerts/strongswanCert.pem -nokeys -nodes
>>> -out exports/strongSwan.p12
>>> Enter Export Password:
>>> Verifying - Enter Export Password:
>>>
>>> ========
>>> client certificate
>>> ipsec pki --gen --type rsa --size 2048 \
>>> --outform pem \
>>>> private/cindyKey.pem
>>> chmod 600 private/cindyKey.pem
>>> ipsec pki --pub --in private/cindyKey.pem --type rsa | \
>>> ipsec pki --issue --lifetime 730 \
>>> --cacert cacerts/strongswanCert.pem \
>>> --cakey private/strongswanKey.pem \
>>> --dn "C=US, O=ThatsUs, CN=ctmoore at example.com" \
>>> --san ctmoore at example.com \
>>> --outform pem > certs/cindyCert.pem
>>>
>>> (plus p12 packaging)
>>>
>>> ========
>>> ipsec.secrets
>>> : RSA vpnHostKey.pem
>>>
>>> =========
>>> ipsec.conf
>>>
>>> conn %default
>>>         ikelifetime=60m
>>>         keylife=60m
>>>         rekeymargin=3m
>>>         keyingtries=1
>>>         #vpn server
>>>         left=[vpn ip]
>>>         leftcert=vpnHostCert.pem
>>>         # certificate based ID
>>>         leftid="C=US, O=strongSwan, CN=vpn.example.com"
>>>         #allow full tunneling
>>>         leftsubnet=0.0.0.0/0
>>>         #assign ip addr from this pool
>>>         rightsourceip=[...]
>>>         # assign dns servers once connected
>>>         rightdns=[...]
>>>
>>> ca %default
>>>         cacert=strongswanCert.pem
>>>
>>> # certificate only
>>> conn roadwarrior-ikev2
>>>         keyexchange=ikev2
>>>         leftauth=pubkey
>>>         right=%any
>>>         rightid=%any
>>>         rightauth=pubkey
>>>         auto=add
>>>
>>> # certificate only, fakeout on xauth (for eg Mac/iOS that must do
>>> xauth. and ikev1 for that matter)
>>> conn roadwarrior-ikev1
>>>         keyexchange=ikev1
>>>         leftauth=pubkey
>>>         right=%any
>>>         rightid=%any
>>>         rightauth=pubkey
>>>         rightauth2=xauth-noauth
>>>         auto=add
>>>
>>>
>>> ========
>>>
>>>
>>> Using the same ctmoore cert on User/Machine auth in the mac vpn and
>>> connect anyway, I get the following in the syslog
>>>
>>> I find the
>>> Dec 11 12:47:54 vpn charon: 10[IKE] found 1 matching config, but none
>>> allows RSA signature authentication using Main Mode
>>> entry interesting, but I don't know if that's the issue, and if it is,
>>> what I can do about it.
>>>
>>>
>>> /var/log/syslog
>>> ========
>>> Dec 11 12:47:54 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:47:54 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:47:54 vpn charon: 04[NET] received packet: from [client
>>> ip][500] to [vpn ip][500] (300 bytes)
>>> Dec 11 12:47:54 vpn charon: 04[ENC] parsed ID_PROT request 0 [ SA V V
>>> V V V V V V V V V ]
>>> Dec 11 12:47:54 vpn charon: 04[CFG] looking for an ike config for [vpn
>>> ip]...[client ip]
>>> Dec 11 12:47:54 vpn charon: 04[CFG]   candidate: [vpn ip]...%any, prio 1052
>>> Dec 11 12:47:54 vpn charon: 04[CFG] found matching ike config: [vpn
>>> ip]...%any with prio 1052
>>> Dec 11 12:47:54 vpn charon: 04[IKE] received NAT-T (RFC 3947) vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-08 vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-07 vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-06 vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-05 vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-04 vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-03 vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-02 vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-02\n vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] received DPD vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] [client ip] is initiating a Main Mode IKE_SA
>>> Dec 11 12:47:54 vpn charon: 04[IKE] IKE_SA (unnamed)[3] state change:
>>> CREATED => CONNECTING
>>> Dec 11 12:47:54 vpn charon: 04[CFG] selecting proposal:
>>> Dec 11 12:47:54 vpn charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
>>> Dec 11 12:47:54 vpn charon: 04[CFG] selecting proposal:
>>> Dec 11 12:47:54 vpn charon: 04[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
>>> Dec 11 12:47:54 vpn charon: 04[CFG] selecting proposal:
>>> Dec 11 12:47:54 vpn charon: 04[CFG]   proposal matches
>>> Dec 11 12:47:54 vpn charon: 04[CFG] received proposals:
>>> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
>>> Dec 11 12:47:54 vpn charon: 04[CFG] configured proposals:
>>> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
>>> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
>>> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/HMAC_MD5_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/PRF_HMAC_MD5/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160
>>> Dec 11 12:47:54 vpn charon: 04[CFG] selected proposal:
>>> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
>>> Dec 11 12:47:54 vpn charon: 04[IKE] sending XAuth vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] sending DPD vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[IKE] sending NAT-T (RFC 3947) vendor ID
>>> Dec 11 12:47:54 vpn charon: 04[ENC] generating ID_PROT response 0 [ SA V V V ]
>>> Dec 11 12:47:54 vpn charon: 04[NET] sending packet: from [vpn ip][500]
>>> to [client ip][500] (132 bytes)
>>> Dec 11 12:47:54 vpn charon: 03[NET] sending packet: from [vpn ip][500]
>>> to [client ip][500]
>>> Dec 11 12:47:54 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:47:54 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:47:54 vpn charon: 09[NET] received packet: from [client
>>> ip][500] to [vpn ip][500] (228 bytes)
>>> Dec 11 12:47:54 vpn charon: 09[ENC] parsed ID_PROT request 0 [ KE No
>>> NAT-D NAT-D ]
>>> Dec 11 12:47:54 vpn charon: 09[IKE] sending cert request for "C=US,
>>> O=ThatsUs, CN=strongSwan Root CA"
>>> Dec 11 12:47:54 vpn charon: 09[ENC] generating ID_PROT response 0 [ KE
>>> No CERTREQ NAT-D NAT-D ]
>>> Dec 11 12:47:54 vpn charon: 09[NET] sending packet: from [vpn ip][500]
>>> to [client ip][500] (310 bytes)
>>> Dec 11 12:47:54 vpn charon: 03[NET] sending packet: from [vpn ip][500]
>>> to [client ip][500]
>>> Dec 11 12:47:54 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:47:54 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:47:54 vpn charon: 10[NET] received packet: from [client
>>> ip][500] to [vpn ip][500] (1492 bytes)
>>> Dec 11 12:47:54 vpn charon: 10[ENC] parsed ID_PROT request 0 [ ID CERT
>>> SIG CERTREQ N(INITIAL_CONTACT) ]
>>> Dec 11 12:47:54 vpn charon: 10[IKE] ignoring certificate request without data
>>> Dec 11 12:47:54 vpn charon: 10[IKE] received end entity cert "C=US,
>>> O=ThatsUs, CN=ctmoore at example.com"
>>> Dec 11 12:47:54 vpn charon: 10[CFG] looking for RSA signature peer
>>> configs matching [vpn ip]...[client ip][C=US, O=ThatsUs,
>>> CN=ctmoore at example.com]
>>> Dec 11 12:47:54 vpn charon: 10[CFG]   candidate "roadwarrior-ikev1",
>>> match: 1/1/1052 (me/other/ike)
>>> Dec 11 12:47:54 vpn charon: 10[IKE] found 1 matching config, but none
>>> allows RSA signature authentication using Main Mode
>>> Dec 11 12:47:54 vpn charon: 10[IKE] queueing INFORMATIONAL task
>>> Dec 11 12:47:54 vpn charon: 10[IKE] activating new tasks
>>> Dec 11 12:47:54 vpn charon: 10[IKE]   activating INFORMATIONAL task
>>> Dec 11 12:47:54 vpn charon: 10[ENC] generating INFORMATIONAL_V1
>>> request 2651689082 [ HASH N(AUTH_FAILED) ]
>>> Dec 11 12:47:54 vpn charon: 10[NET] sending packet: from [vpn ip][500]
>>> to [client ip][500] (84 bytes)
>>> Dec 11 12:47:54 vpn charon: 10[IKE] IKE_SA (unnamed)[3] state change:
>>> CONNECTING => DESTROYING
>>> Dec 11 12:47:54 vpn charon: 03[NET] sending packet: from [vpn ip][500]
>>> to [client ip][500]
>>> Dec 11 12:47:57 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:47:57 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:48:00 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:48:00 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:48:03 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:48:03 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:48:06 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:48:06 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:48:09 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:48:09 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:48:16 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:48:16 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:48:19 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:48:19 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:48:22 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:48:22 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:48:24 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:48:24 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:48:24 vpn charon: 04[NET] received packet: from [client
>>> ip][500] to [vpn ip][500] (300 bytes)
>>> Dec 11 12:48:24 vpn charon: 04[ENC] parsed ID_PROT request 0 [ SA V V
>>> V V V V V V V V V ]
>>> Dec 11 12:48:24 vpn charon: 04[CFG] looking for an ike config for [vpn
>>> ip]...[client ip]
>>> Dec 11 12:48:24 vpn charon: 04[CFG]   candidate: [vpn ip]...%any, prio 1052
>>> Dec 11 12:48:24 vpn charon: 04[CFG] found matching ike config: [vpn
>>> ip]...%any with prio 1052
>>> Dec 11 12:48:24 vpn charon: 04[IKE] received NAT-T (RFC 3947) vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-08 vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-07 vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-06 vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-05 vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-04 vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-03 vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-02 vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] received
>>> draft-ietf-ipsec-nat-t-ike-02\n vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] received DPD vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] [client ip] is initiating a Main Mode IKE_SA
>>> Dec 11 12:48:24 vpn charon: 04[IKE] IKE_SA (unnamed)[4] state change:
>>> CREATED => CONNECTING
>>> Dec 11 12:48:24 vpn charon: 04[CFG] selecting proposal:
>>> Dec 11 12:48:24 vpn charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
>>> Dec 11 12:48:24 vpn charon: 04[CFG] selecting proposal:
>>> Dec 11 12:48:24 vpn charon: 04[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
>>> Dec 11 12:48:24 vpn charon: 04[CFG] selecting proposal:
>>> Dec 11 12:48:24 vpn charon: 04[CFG]   proposal matches
>>> Dec 11 12:48:24 vpn charon: 04[CFG] received proposals:
>>> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
>>> Dec 11 12:48:24 vpn charon: 04[CFG] configured proposals:
>>> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
>>> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
>>> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/HMAC_MD5_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/PRF_HMAC_MD5/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160
>>> Dec 11 12:48:24 vpn charon: 04[CFG] selected proposal:
>>> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
>>> Dec 11 12:48:24 vpn charon: 04[IKE] sending XAuth vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] sending DPD vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[IKE] sending NAT-T (RFC 3947) vendor ID
>>> Dec 11 12:48:24 vpn charon: 04[ENC] generating ID_PROT response 0 [ SA V V V ]
>>> Dec 11 12:48:24 vpn charon: 04[NET] sending packet: from [vpn ip][500]
>>> to [client ip][500] (132 bytes)
>>> Dec 11 12:48:24 vpn charon: 03[NET] sending packet: from [vpn ip][500]
>>> to [client ip][500]
>>> Dec 11 12:48:24 vpn charon: 02[NET] received packet: from [client
>>> ip][500] to [vpn ip][500]
>>> Dec 11 12:48:24 vpn charon: 02[NET] waiting for data on sockets
>>> Dec 11 12:48:24 vpn charon: 09[NET] received packet: from [client
>>> ip][500] to [vpn ip][500] (228 bytes)
>>> Dec 11 12:48:24 vpn charon: 09[ENC] parsed ID_PROT request 0 [ KE No
>>> NAT-D NAT-D ]
>>> Dec 11 12:48:24 vpn charon: 09[IKE] sending cert request for "C=US,
>>> O=ThatsUs, CN=strongSwan Root CA"
>>> Dec 11 12:48:24 vpn charon: 09[ENC] generating ID_PROT response 0 [ KE
>>> No CERTREQ NAT-D NAT-D ]
>>> Dec 11 12:48:24 vpn charon: 09[NET] sending packet: from [vpn ip][500]
>>> to [client ip][500] (310 bytes)
>>> Dec 11 12:48:24 vpn charon: 03[NET] sending packet: from [vpn ip][500]
>>> to [client ip][500]
>>> Dec 11 12:48:54 vpn charon: 10[JOB] deleting half open IKE_SA after timeout
>>> Dec 11 12:48:54 vpn charon: 10[IKE] IKE_SA (unnamed)[4] state change:
>>> CONNECTING => DESTROYING
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJUi2yBAAoJEDg5KY9j7GZY9m8P/3PCh9zGrW9lwY22ITbmyFWk
> SRncTc9fOii0l6lSMxQTJmiBn6TkFtzP+4TOW4TnYnaoCyVxxnNeROeIN95iRchz
> QOwAX9hvLeDxxePWGw2VqtuRKRp4fb5qDUxEoCXVc5Bjmtq+BjOzYmpg+zDo3N0W
> ISvtKsPB7YgNDx/yFKsqbjuVNqOC5Qri/saWtQMB30p3W9rXO4C90sruBYB6hrEV
> +UOcLNojrPEjS6AwGPwc6eQ13Ic+JC8uQYF9Di5UykorQANJnjbaPEWuj8QWSzxx
> qCy2aESQfG+OENCa8e2xmVLGVVUDGtYkoXySamcg4vWgiTe9TiDQgOIBE0IV0zaP
> qfnlN3HIyS76Rg77yoejUEh8EWD2lGBqBGuLRMwh1c0tsHRn0AJGLC8bljBcy3tK
> +m3Kiyv9v0d9uuwLIGJpAew7JZN75wbXHkkrO/gSVDlQ/4imDQIo4tLEZjOXsuwE
> WWqJGmsTZOp8GLooBGhbfypPEDhte911A5cB3kHb+f4il0sj+Hg+go+KxdsOJ0TF
> l2KdXXIWqezzW6ZiVvUTRknB0/AUM7xlICx82+ZK5kB9WUCsflLchal8OO3Sq+yK
> cgT+vmMYiP3vSM/itnsdgqneP8rSPoE7x1AqWv8yj2nWaO5B0TywAiNvxETO+tUo
> EuxuuFFxj9HMEKtHGueC
> =n6gj
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users


More information about the Users mailing list