[strongSwan] strongSwan 5.1.3 -> CISCO IPSec gateway failed due to "received NO_PROPOSAL_CHOSEN error notify"
martin naskovski
martin at naskovski.info
Fri May 2 11:11:29 CEST 2014
I'm at the end of my wits here on how to setup a VPN between my Fedora 20
box and my workplace CISCO IPSec gateway. I have it working with the "vpnc"
client, as well as from my Macbook Pro (Mavericks) "CISCO IPSec VPN" client
- and I just assumed it would be a straightforward thing, but I can't get
past this "NO PROPOSAL CHOSEN" error.
I know it's something I'm not doing right...
I followed the tutorial here:
http://www.cisco.com/c/en/us/support/docs/network-management/remote-access/117257-config-ios-vpn-strongswan-00.html#anc2
and it seems to go well, the xauth succeeds, I get an IP assigned by the
Cisco IOS gateway, my resolv.conf gets updated and then it just fails with
this bloody message...
Here's my ipsec.conf:
# basic configuration
version 2
config setup
strictcrlpolicy=no
charondebug="ike 4, knl 4, cfg 2" #useful debugs
conn %default
ikelifetime=1440m
keylife=60m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
authby=xauthpsk
conn "ezvpn"
keyexchange=ikev1
ikelifetime=1440m
keylife=60m
aggressive=yes
ike=aes-sha1-modp1024 #Phase1 parameters
esp=aes-sha1 #Phase2 parameters
xauth=client #Xauth client mode
left=192.168.1.210 #local IP used to connect to IOS
leftid=IPSECRemoteUser #IKEID (group name) used for
IOS
leftsourceip=%config #apply received IP
leftauth=psk
rightauth=psk
leftauth2=xauth #use PSK for group RA and Xauth for user
cisco
right=70.168.54.2 #gateway (IOS) IP
rightsubnet=192.168.1.0/24
xauth_identity=mnaskovski #identity for Xauth, password in
ipsec.secrets
auto=add
and here's some logging messages:
May 2 01:59:54 yhwh charon: 09[CFG] received stroke: initiate 'ezvpn'
May 2 01:59:54 yhwh charon: 11[IKE] queueing ISAKMP_VENDOR task
May 2 01:59:54 yhwh charon: 11[IKE] queueing ISAKMP_CERT_PRE task
May 2 01:59:54 yhwh charon: 11[IKE] queueing AGGRESSIVE_MODE task
May 2 01:59:54 yhwh charon: 11[IKE] queueing ISAKMP_CERT_POST task
May 2 01:59:54 yhwh charon: 11[IKE] queueing ISAKMP_NATD task
May 2 01:59:54 yhwh charon: 11[IKE] queueing QUICK_MODE task
May 2 01:59:54 yhwh charon: 11[IKE] activating new tasks
May 2 01:59:54 yhwh charon: 11[IKE] activating ISAKMP_VENDOR task
May 2 01:59:54 yhwh charon: 11[IKE] activating ISAKMP_CERT_PRE task
May 2 01:59:54 yhwh charon: 11[IKE] activating AGGRESSIVE_MODE task
May 2 01:59:54 yhwh charon: 11[IKE] activating ISAKMP_CERT_POST task
May 2 01:59:54 yhwh charon: 11[IKE] activating ISAKMP_NATD task
May 2 01:59:54 yhwh charon: 11[IKE] sending XAuth vendor ID
May 2 01:59:54 yhwh charon: 11[IKE] sending DPD vendor ID
May 2 01:59:54 yhwh charon: 11[IKE] sending NAT-T (RFC 3947) vendor ID
May 2 01:59:54 yhwh charon: 11[IKE] sending
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 2 01:59:54 yhwh charon: 11[IKE] initiating Aggressive Mode IKE_SA
ezvpn[1] to 70.168.54.2
May 2 01:59:54 yhwh charon: 11[IKE] IKE_SA ezvpn[1] state change: CREATED
=> CONNECTING
May 2 01:59:54 yhwh charon: 11[CFG] configured proposals:
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_9
6/AES_CMAC_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_AES128_XCBC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_CMAC/MODP_1024/MODP_1
536/MODP_2048/MODP_3072/MODP_4096/MODP_8192/MODP_1024_160/MODP_2048_224/MODP_2048_256
May 2 01:59:54 yhwh charon: 11[ENC] generating AGGRESSIVE request 0 [ SA
KE No ID V V V V ]
May 2 01:59:54 yhwh charon: 11[NET] sending packet: from
192.168.1.210[500] to 70.168.54.2[500] (387 bytes)
May 2 01:59:54 yhwh charon: 12[NET] received packet: from 70.168.54.2[500]
to 192.168.1.210[500] (428 bytes)
May 2 01:59:54 yhwh charon: 12[ENC] parsed AGGRESSIVE response 0 [ SA KE
No ID HASH V V V V NAT-D NAT-D V V ]
May 2 01:59:54 yhwh charon: 12[IKE] received Cisco Unity vendor ID
May 2 01:59:54 yhwh charon: 12[IKE] received XAuth vendor ID
May 2 01:59:54 yhwh charon: 12[IKE] received DPD vendor ID
May 2 01:59:54 yhwh charon: 12[IKE] received
draft-ietf-ipsec-nat-t-ike-02\n vendor ID
May 2 01:59:54 yhwh charon: 12[IKE] received FRAGMENTATION vendor ID
May 2 01:59:54 yhwh charon: 12[ENC] received unknown vendor ID:
1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
May 2 01:59:54 yhwh charon: 12[CFG] selecting proposal:
May 2 01:59:54 yhwh charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM
found
May 2 01:59:54 yhwh charon: 12[CFG] selecting proposal:
May 2 01:59:54 yhwh charon: 12[CFG] proposal matches
May 2 01:59:54 yhwh charon: 12[CFG] received proposals:
IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
May 2 01:59:54 yhwh charon: 12[CFG] configured proposals:
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_AES128_XCBC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_CMAC/MODP_1024/MODP_1536/MODP_2048/MODP_3072/MODP_4096/MODP_8192/MODP_1024_160/MODP_2048_224/MODP_2048_256
May 2 01:59:54 yhwh charon: 12[CFG] selected proposal:
IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
May 2 01:59:54 yhwh charon: 12[IKE] shared Diffie Hellman secret => 128
bytes @ 0x7feca4002410
May 2 01:59:54 yhwh charon: 12[IKE] 0: F3 3F 2F 11 BA 64 32 9A 08 93 33
1C 0C 63 37 B9 .?/..d2...3..c7.
May 2 01:59:54 yhwh charon: 12[IKE] 16: 18 E0 4C 55 C1 3C E6 40 F2 1F 86
6F 5C 80 58 56 ..LU.<. at ...o\.XV
May 2 01:59:54 yhwh charon: 12[IKE] 32: 43 30 93 AA 44 EB 19 08 2E 33 29
D8 7A 7B D6 62 C0..D....3).z{.b
May 2 01:59:54 yhwh charon: 12[IKE] 48: 0B 90 2F 9A 81 51 6D BD FB 09 F6
CE 9C 5C 26 FE ../..Qm......\&.
May 2 01:59:54 yhwh charon: 12[IKE] 64: 04 F8 A1 A2 CA 5C F6 1E 4F 73 FC
CB E0 AE 5F C7 .....\..Os...._.
May 2 01:59:54 yhwh charon: 12[IKE] 80: DD 97 6C EA D7 1C FB B5 BC 3F F2
46 BB 11 C0 62 ..l......?.F...b
May 2 01:59:54 yhwh charon: 12[IKE] 96: 03 B5 E9 F3 FA BC 0C D9 C4 F9 0C
DA 0A CF 50 65 ..............Pe
May 2 01:59:54 yhwh charon: 12[IKE] 112: 55 D4 2B 9D B3 12 AC 28 FE 93 95
A2 78 83 50 60 U.+....(....x.P`
May 2 01:59:54 yhwh charon: 12[IKE] SKEYID => 16 bytes @ 0x7feca4001fc0
May 2 01:59:54 yhwh charon: 12[IKE] 0: 22 85 8E 14 C0 11 58 CF 94 19 40
C5 21 38 67 92 ".....X... at .!8g.
May 2 01:59:54 yhwh charon: 12[IKE] SKEYID_d => 16 bytes @ 0x7feca4002260
May 2 01:59:54 yhwh charon: 12[IKE] 0: 9F 43 28 4C 8C 0A C4 32 45 06 A3
CF C2 18 98 8C .C(L...2E.......
May 2 01:59:54 yhwh charon: 12[IKE] SKEYID_a => 16 bytes @ 0x7feca4001c00
May 2 01:59:54 yhwh charon: 12[IKE] 0: B0 AC 36 D9 24 F8 6F 81 49 BC 10
D2 F9 A5 04 99 ..6.$.o.I.......
May 2 01:59:54 yhwh charon: 12[IKE] SKEYID_e => 16 bytes @ 0x7feca4001e30
May 2 01:59:54 yhwh charon: 12[IKE] 0: 88 63 A9 E7 DF 17 29 EF D8 DC AD
5F D2 63 DA 67 .c....)...._.c.g
May 2 01:59:54 yhwh charon: 12[IKE] encryption key Ka => 24 bytes @
0x7feca4001fc0
May 2 01:59:54 yhwh charon: 12[IKE] 0: 2C B3 CF 2F 36 55 BE 4E A4 AD E9
0E 8A E0 DB DC ,../6U.N........
May 2 01:59:54 yhwh charon: 12[IKE] 16: 85 27 F1 FC 87 9E 6E 83
.'....n.
May 2 01:59:54 yhwh charon: 12[IKE] initial IV => 8 bytes @ 0x7feca4002140
May 2 01:59:54 yhwh charon: 12[IKE] 0: A0 F5 C1 90 9E CA 1D 3A
.......:
May 2 01:59:54 yhwh charon: 12[IKE] HASH_R data => 372 bytes @
0x7feca4002940
May 2 01:59:54 yhwh charon: 12[IKE] 0: BF 69 4E 0B D3 76 B3 69 2F 27 3D
23 EB 60 AD 81 .iN..v.i/'=#.`..
May 2 01:59:54 yhwh charon: 12[IKE] 16: 0A F2 97 F3 6F FE EC B4 5F 85 F8
6F 84 DB 24 3E ....o..._..o..$>
May 2 01:59:54 yhwh charon: 12[IKE] 32: 0B 29 70 27 56 9B 15 F4 3E B7 14
3D 51 7C 84 DA .)p'V...>..=Q|..
May 2 01:59:54 yhwh charon: 12[IKE] 48: D9 6E 35 B5 1E 17 84 54 4A C8 A7
62 40 29 27 FF .n5....TJ..b@)'.
May 2 01:59:54 yhwh charon: 12[IKE] 64: 7F 84 0E 5A FC AE 9E 1C D5 3E 06
E0 0B FF B7 3C ...Z.....>.....<
May 2 01:59:54 yhwh charon: 12[IKE] 80: F0 1B E7 B9 64 C6 35 62 4E 8B 7F
82 1C 28 C7 30 ....d.5bN....(.0
May 2 01:59:54 yhwh charon: 12[IKE] 96: C7 A0 40 B2 8E 5A D3 3A 55 7F F7
8E D6 17 08 74 .. at ..Z.:U......t
May 2 01:59:54 yhwh charon: 12[IKE] 112: 44 C4 BF 1B C9 73 C5 D6 2D F7 9F
22 56 7C 50 F8 D....s..-.."V|P.
May 2 01:59:54 yhwh charon: 12[IKE] 128: 25 C0 CD 7A 16 0D 13 C2 DD 61 80
92 C3 34 9C 6D %..z.....a...4.m
May 2 01:59:54 yhwh charon: 12[IKE] 144: 54 03 82 3A 83 41 71 19 A2 B8 5F
15 9A 3A FD 3F T..:.Aq..._..:.?
May 2 01:59:54 yhwh charon: 12[IKE] 160: 32 F9 27 25 86 37 99 45 DD 72 C9
87 CC BD BD 4F 2.'%.7.E.r.....O
May 2 01:59:54 yhwh charon: 12[IKE] 176: F2 A2 2F 20 9A 4B 2D 35 32 B4 9D
E5 99 DF EB 0E ../ .K-52.......
May 2 01:59:54 yhwh charon: 12[IKE] 192: EE 54 96 C6 AB D8 84 70 B6 9A 94
3E 9B 8E 11 71 .T.....p...>...q
May 2 01:59:54 yhwh charon: 12[IKE] 208: E8 94 9C A7 7D 1E 22 D6 54 BC 89
70 8D 1B 49 51 ....}.".T..p..IQ
May 2 01:59:54 yhwh charon: 12[IKE] 224: CD F7 E0 AF 60 79 46 DB 51 DF 11
37 7B BF 9D 99 ....`yF.Q..7{...
May 2 01:59:54 yhwh charon: 12[IKE] 240: DB 69 17 FA 7D 27 CC 91 4E 12 5C
C6 C2 7B 8F F3 .i..}'..N.\..{..
May 2 01:59:54 yhwh charon: 12[IKE] 256: B3 04 FB EE BE B9 E8 D2 D7 09 8F
20 44 65 42 D2 ........... DeB.
May 2 01:59:54 yhwh charon: 12[IKE] 272: 00 00 00 01 00 00 00 01 00 00 00
54 00 01 00 02 ...........T....
May 2 01:59:54 yhwh charon: 12[IKE] 288: 03 00 00 28 01 01 00 00 80 01 00
07 80 0E 00 80 ...(............
May 2 01:59:54 yhwh charon: 12[IKE] 304: 80 02 00 02 80 04 00 02 80 03 FD
E9 80 0B 00 01 ................
May 2 01:59:54 yhwh charon: 12[IKE] 320: 00 0C 00 04 00 01 51 80 00 00 00
24 02 01 00 00 ......Q....$....
May 2 01:59:54 yhwh charon: 12[IKE] 336: 80 01 00 05 80 02 00 01 80 04 00
02 80 03 FD E9 ................
May 2 01:59:54 yhwh charon: 12[IKE] 352: 80 0B 00 01 00 0C 00 04 00 01 51
80 01 11 00 00 ..........Q.....
May 2 01:59:54 yhwh charon: 12[IKE] 368: 46 A8 36 02
F.6.
May 2 01:59:54 yhwh charon: 12[IKE] HASH_R => 16 bytes @ 0x7feca4002240
May 2 01:59:54 yhwh charon: 12[IKE] 0: 16 BE 8E B7 CB 8F 4A 44 CB 7C 7A
74 CF AD 4F 83 ......JD.|zt..O.
May 2 01:59:54 yhwh charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fece2dc6bc0
May 2 01:59:54 yhwh charon: 12[IKE] 0: D7 09 8F 20 44 65 42 D2 B3 04 FB
EE BE B9 E8 D2 ... DeB.........
May 2 01:59:54 yhwh charon: 12[IKE] 16: C0 A8 01 D2 01 F4
......
May 2 01:59:54 yhwh charon: 12[IKE] natd_hash => 16 bytes @ 0x7feca4002900
May 2 01:59:54 yhwh charon: 12[IKE] 0: F2 7D 49 41 09 67 FF 86 A8 53 74
60 41 AF 1E 98 .}IA.g...St`A...
May 2 01:59:54 yhwh charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fece2dc6bc0
May 2 01:59:54 yhwh charon: 12[IKE] 0: D7 09 8F 20 44 65 42 D2 B3 04 FB
EE BE B9 E8 D2 ... DeB.........
May 2 01:59:54 yhwh charon: 12[IKE] 16: 46 A8 36 02 01 F4
F.6...
May 2 01:59:54 yhwh charon: 12[IKE] natd_hash => 16 bytes @ 0x7feca4001fc0
May 2 01:59:54 yhwh charon: 12[IKE] 0: E5 0B 8D F7 C5 EA F5 60 78 CC A0
D4 96 D5 3C 8B .......`x.....<.
May 2 01:59:54 yhwh charon: 12[IKE] precalculated src_hash => 16 bytes @
0x7feca4001fc0
May 2 01:59:54 yhwh charon: 12[IKE] 0: E5 0B 8D F7 C5 EA F5 60 78 CC A0
D4 96 D5 3C 8B .......`x.....<.
May 2 01:59:54 yhwh charon: 12[IKE] precalculated dst_hash => 16 bytes @
0x7feca4002900
May 2 01:59:54 yhwh charon: 12[IKE] 0: F2 7D 49 41 09 67 FF 86 A8 53 74
60 41 AF 1E 98 .}IA.g...St`A...
May 2 01:59:54 yhwh charon: 12[IKE] received dst_hash => 16 bytes @
0x7feca4001950
May 2 01:59:54 yhwh charon: 12[IKE] 0: 72 30 46 4F 1A 66 0C 10 2E DA 32
D0 B3 A0 4E E8 r0FO.f....2...N.
May 2 01:59:54 yhwh charon: 12[IKE] received src_hash => 16 bytes @
0x7feca4001a10
May 2 01:59:54 yhwh charon: 12[IKE] 0: E5 0B 8D F7 C5 EA F5 60 78 CC A0
D4 96 D5 3C 8B .......`x.....<.
May 2 01:59:54 yhwh charon: 12[IKE] local host is behind NAT, sending keep
alives
May 2 01:59:54 yhwh charon: 12[IKE] reinitiating already active tasks
May 2 01:59:54 yhwh charon: 12[IKE] ISAKMP_VENDOR task
May 2 01:59:54 yhwh charon: 12[IKE] AGGRESSIVE_MODE task
May 2 01:59:54 yhwh charon: 12[IKE] HASH_I data => 383 bytes @
0x7feca4002f30
May 2 01:59:54 yhwh charon: 12[IKE] 0: 25 C0 CD 7A 16 0D 13 C2 DD 61 80
92 C3 34 9C 6D %..z.....a...4.m
May 2 01:59:54 yhwh charon: 12[IKE] 16: 54 03 82 3A 83 41 71 19 A2 B8 5F
15 9A 3A FD 3F T..:.Aq..._..:.?
May 2 01:59:54 yhwh charon: 12[IKE] 32: 32 F9 27 25 86 37 99 45 DD 72 C9
87 CC BD BD 4F 2.'%.7.E.r.....O
May 2 01:59:54 yhwh charon: 12[IKE] 48: F2 A2 2F 20 9A 4B 2D 35 32 B4 9D
E5 99 DF EB 0E ../ .K-52.......
May 2 01:59:54 yhwh charon: 12[IKE] 64: EE 54 96 C6 AB D8 84 70 B6 9A 94
3E 9B 8E 11 71 .T.....p...>...q
May 2 01:59:54 yhwh charon: 12[IKE] 80: E8 94 9C A7 7D 1E 22 D6 54 BC 89
70 8D 1B 49 51 ....}.".T..p..IQ
May 2 01:59:54 yhwh charon: 12[IKE] 96: CD F7 E0 AF 60 79 46 DB 51 DF 11
37 7B BF 9D 99 ....`yF.Q..7{...
May 2 01:59:54 yhwh charon: 12[IKE] 112: DB 69 17 FA 7D 27 CC 91 4E 12 5C
C6 C2 7B 8F F3 .i..}'..N.\..{..
May 2 01:59:54 yhwh charon: 12[IKE] 128: BF 69 4E 0B D3 76 B3 69 2F 27 3D
23 EB 60 AD 81 .iN..v.i/'=#.`..
May 2 01:59:54 yhwh charon: 12[IKE] 144: 0A F2 97 F3 6F FE EC B4 5F 85 F8
6F 84 DB 24 3E ....o..._..o..$>
May 2 01:59:54 yhwh charon: 12[IKE] 160: 0B 29 70 27 56 9B 15 F4 3E B7 14
3D 51 7C 84 DA .)p'V...>..=Q|..
May 2 01:59:54 yhwh charon: 12[IKE] 176: D9 6E 35 B5 1E 17 84 54 4A C8 A7
62 40 29 27 FF .n5....TJ..b@)'.
May 2 01:59:54 yhwh charon: 12[IKE] 192: 7F 84 0E 5A FC AE 9E 1C D5 3E 06
E0 0B FF B7 3C ...Z.....>.....<
May 2 01:59:54 yhwh charon: 12[IKE] 208: F0 1B E7 B9 64 C6 35 62 4E 8B 7F
82 1C 28 C7 30 ....d.5bN....(.0
May 2 01:59:54 yhwh charon: 12[IKE] 224: C7 A0 40 B2 8E 5A D3 3A 55 7F F7
8E D6 17 08 74 .. at ..Z.:U......t
May 2 01:59:54 yhwh charon: 12[IKE] 240: 44 C4 BF 1B C9 73 C5 D6 2D F7 9F
22 56 7C 50 F8 D....s..-.."V|P.
May 2 01:59:54 yhwh charon: 12[IKE] 256: D7 09 8F 20 44 65 42 D2 B3 04 FB
EE BE B9 E8 D2 ... DeB.........
May 2 01:59:54 yhwh charon: 12[IKE] 272: 00 00 00 01 00 00 00 01 00 00 00
54 00 01 00 02 ...........T....
May 2 01:59:54 yhwh charon: 12[IKE] 288: 03 00 00 28 01 01 00 00 80 01 00
07 80 0E 00 80 ...(............
May 2 01:59:54 yhwh charon: 12[IKE] 304: 80 02 00 02 80 04 00 02 80 03 FD
E9 80 0B 00 01 ................
May 2 01:59:54 yhwh charon: 12[IKE] 320: 00 0C 00 04 00 01 51 80 00 00 00
24 02 01 00 00 ......Q....$....
May 2 01:59:54 yhwh charon: 12[IKE] 336: 80 01 00 05 80 02 00 01 80 04 00
02 80 03 FD E9 ................
May 2 01:59:54 yhwh charon: 12[IKE] 352: 80 0B 00 01 00 0C 00 04 00 01 51
80 02 00 00 00 ..........Q.....
May 2 01:59:54 yhwh charon: 12[IKE] 368: 49 50 53 45 43 52 65 6D 6F 74 65
55 73 65 72 IPSECRemoteUser
May 2 01:59:54 yhwh charon: 12[IKE] HASH_I => 16 bytes @ 0x7feca40027f0
May 2 01:59:54 yhwh charon: 12[IKE] 0: 61 17 F7 6B DB 7C D1 B9 08 2A CC
EC C9 91 E1 EE a..k.|...*......
May 2 01:59:54 yhwh charon: 12[IKE] queueing MODE_CONFIG task
May 2 01:59:54 yhwh charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fece2dc6b60
May 2 01:59:54 yhwh charon: 12[IKE] 0: D7 09 8F 20 44 65 42 D2 B3 04 FB
EE BE B9 E8 D2 ... DeB.........
May 2 01:59:54 yhwh charon: 12[IKE] 16: 46 A8 36 02 11 94
F.6...
May 2 01:59:54 yhwh charon: 12[IKE] natd_hash => 16 bytes @ 0x7feca4001cf0
May 2 01:59:54 yhwh charon: 12[IKE] 0: EF CA 1D A5 82 07 AC 63 34 6A C5
04 C3 54 4F E2 .......c4j...TO.
May 2 01:59:54 yhwh charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fece2dc6b60
May 2 01:59:54 yhwh charon: 12[IKE] 0: D7 09 8F 20 44 65 42 D2 B3 04 FB
EE BE B9 E8 D2 ... DeB.........
May 2 01:59:54 yhwh charon: 12[IKE] 16: C0 A8 01 D2 11 94
......
May 2 01:59:54 yhwh charon: 12[IKE] natd_hash => 16 bytes @ 0x7feca4002ae0
May 2 01:59:54 yhwh charon: 12[IKE] 0: A2 1A 78 90 9B 68 A5 38 71 9A 0F
2D 8E BF A0 58 ..x..h.8q..-...X
May 2 01:59:54 yhwh charon: 12[ENC] generating AGGRESSIVE request 0 [
NAT-D NAT-D HASH ]
May 2 01:59:54 yhwh charon: 12[IKE] next IV for MID 0 => 8 bytes @
0x7feca4001fc0
May 2 01:59:54 yhwh charon: 12[IKE] 0: 45 CB 79 A4 70 58 05 C1
E.y.pX..
May 2 01:59:54 yhwh charon: 12[NET] sending packet: from
192.168.1.210[4500] to 70.168.54.2[4500] (92 bytes)
May 2 01:59:54 yhwh charon: 12[IKE] activating new tasks
May 2 01:59:54 yhwh charon: 12[IKE] nothing to initiate
May 2 01:59:54 yhwh charon: 13[NET] received packet: from
70.168.54.2[4500] to 192.168.1.210[4500] (68 bytes)
May 2 01:59:54 yhwh charon: 13[IKE] next IV for MID 693118219 => 8 bytes @
0x7feca8000aa0
May 2 01:59:54 yhwh charon: 13[IKE] 0: 69 5E 06 DA 02 59 53 7C
i^...YS|
May 2 01:59:54 yhwh charon: 13[ENC] parsed TRANSACTION request 693118219 [
HASH CPRQ(X_TYPE X_USER X_PWD) ]
May 2 01:59:54 yhwh charon: 13[IKE] Hash => 16 bytes @ 0x7feca80012a0
May 2 01:59:54 yhwh charon: 13[IKE] 0: 89 0F 7E F1 9E 92 75 A1 1C D8 BC
90 C0 24 48 78 ..~...u......$Hx
May 2 01:59:54 yhwh charon: 13[IKE] next IV for MID 693118219 => 8 bytes @
0x7feca8001080
May 2 01:59:54 yhwh charon: 13[IKE] 0: A2 6C E7 02 51 FF 90 EE
.l..Q...
May 2 01:59:54 yhwh charon: 13[IKE] Hash => 16 bytes @ 0x7feca8000ac0
May 2 01:59:54 yhwh charon: 13[IKE] 0: 33 76 62 F9 65 1D 59 A2 EF BF 53
54 21 70 41 F7 3vb.e.Y...ST!pA.
May 2 01:59:54 yhwh charon: 13[ENC] generating TRANSACTION response
693118219 [ HASH CPRP(X_USER X_PWD) ]
May 2 01:59:54 yhwh charon: 13[IKE] next IV for MID 693118219 => 8 bytes @
0x7feca8001370
May 2 01:59:54 yhwh charon: 13[IKE] 0: 85 53 4B 13 E4 12 9C D1
.SK.....
May 2 01:59:54 yhwh charon: 13[NET] sending packet: from
192.168.1.210[4500] to 70.168.54.2[4500] (84 bytes)
May 2 01:59:54 yhwh charon: 14[NET] received packet: from
70.168.54.2[4500] to 192.168.1.210[4500] (60 bytes)
May 2 01:59:54 yhwh charon: 14[IKE] next IV for MID 3841658393 => 8 bytes
@ 0x7fec9c000aa0
May 2 01:59:54 yhwh charon: 14[IKE] 0: 44 4C C6 F3 86 E3 EA 65
DL.....e
May 2 01:59:54 yhwh charon: 14[ENC] parsed TRANSACTION request 3841658393
[ HASH CPS(X_STATUS) ]
May 2 01:59:54 yhwh charon: 14[IKE] Hash => 16 bytes @ 0x7fec9c001140
May 2 01:59:54 yhwh charon: 14[IKE] 0: 84 A4 9E 84 0C 1D 73 88 EB C3 A9
EE 3F 1E CF 52 ......s.....?..R
May 2 01:59:54 yhwh charon: 14[IKE] next IV for MID 3841658393 => 8 bytes
@ 0x7fec9c000f20
May 2 01:59:54 yhwh charon: 14[IKE] 0: AD 7A 3E 41 28 D1 39 EE
.z>A(.9.
May 2 01:59:54 yhwh charon: 14[IKE] XAuth authentication of 'mnaskovski'
(myself) successful
May 2 01:59:54 yhwh charon: 14[IKE] IKE_SA ezvpn[1] established between
192.168.1.210[IPSECRemoteUser]...70.168.54.2[70.168.54.2]
May 2 01:59:54 yhwh charon: 14[IKE] IKE_SA ezvpn[1] state change:
CONNECTING => ESTABLISHED
May 2 01:59:54 yhwh charon: 14[IKE] scheduling reauthentication in 86127s
May 2 01:59:54 yhwh charon: 14[IKE] maximum IKE_SA lifetime 86307s
May 2 01:59:54 yhwh charon: 14[IKE] Hash => 16 bytes @ 0x7fec9c0014b0
May 2 01:59:54 yhwh charon: 14[IKE] 0: 74 40 DC A0 46 E9 0C 6E 6F 09 BF
08 B9 71 F6 EE t at ..F..no....q..
May 2 01:59:54 yhwh charon: 14[ENC] generating TRANSACTION response
3841658393 [ HASH CPA(X_STATUS) ]
May 2 01:59:54 yhwh charon: 14[IKE] next IV for MID 3841658393 => 8 bytes
@ 0x7fec9c001c50
May 2 01:59:54 yhwh charon: 14[IKE] 0: 6C C7 68 7F C8 7E 36 85
l.h..~6.
May 2 01:59:54 yhwh charon: 14[NET] sending packet: from
192.168.1.210[4500] to 70.168.54.2[4500] (68 bytes)
May 2 01:59:54 yhwh charon: 14[IKE] activating new tasks
May 2 01:59:54 yhwh charon: 14[IKE] activating MODE_CONFIG task
May 2 01:59:54 yhwh charon: 14[IKE] Hash => 16 bytes @ 0x7fec9c0013b0
May 2 01:59:54 yhwh charon: 14[IKE] 0: 60 66 7B AB 29 68 2D B2 E0 CB 57
FA 2C 26 97 AC `f{.)h-...W.,&..
May 2 01:59:54 yhwh charon: 14[ENC] generating TRANSACTION request
3024381547 [ HASH CPRQ(ADDR DNS) ]
May 2 01:59:54 yhwh charon: 14[IKE] next IV for MID 3024381547 => 8 bytes
@ 0x7fec9c002190
May 2 01:59:54 yhwh charon: 14[IKE] 0: 44 45 FB 52 5C CC 0D E2
DE.R\...
May 2 01:59:54 yhwh charon: 14[IKE] next IV for MID 3024381547 => 8 bytes
@ 0x7fec9c0011c0
May 2 01:59:54 yhwh charon: 14[IKE] 0: 8A 19 B4 97 E1 C0 28 D4
......(.
May 2 01:59:54 yhwh charon: 14[NET] sending packet: from
192.168.1.210[4500] to 70.168.54.2[4500] (68 bytes)
May 2 01:59:54 yhwh charon: 15[NET] received packet: from
70.168.54.2[4500] to 192.168.1.210[4500] (76 bytes)
May 2 01:59:54 yhwh charon: 15[ENC] parsed TRANSACTION response 3024381547
[ HASH CPRP(ADDR DNS) ]
May 2 01:59:54 yhwh charon: 15[IKE] Hash => 16 bytes @ 0x7feca0000b60
May 2 01:59:54 yhwh charon: 15[IKE] 0: 08 5F 4A C5 DC 20 F6 8D A1 0F C0
E4 A5 26 46 B4 ._J.. .......&F.
May 2 01:59:54 yhwh charon: 15[IKE] next IV for MID 3024381547 => 8 bytes
@ 0x7feca0000f60
May 2 01:59:54 yhwh charon: 15[IKE] 0: 81 1B 83 01 8A 9E F4 D2
........
May 2 01:59:54 yhwh charon: 15[IKE] processing INTERNAL_IP4_ADDRESS
attribute
May 2 01:59:54 yhwh charon: 15[IKE] processing INTERNAL_IP4_DNS attribute
May 2 01:59:54 yhwh charon: 15[IKE] installing DNS server 172.16.10.20 to
/etc/strongswan/resolv.conf
May 2 01:59:54 yhwh charon: 15[KNL] 192.168.1.210 is on interface wlp3s0
May 2 01:59:54 yhwh charon: 15[IKE] installing new virtual IP
192.168.10.116
May 2 01:59:54 yhwh avahi-daemon[706]: Registering new address record for
192.168.10.116 on wlp3s0.IPv4.
May 2 01:59:54 yhwh charon: 15[KNL] virtual IP 192.168.10.116 installed on
wlp3s0
May 2 01:59:54 yhwh charon: 15[IKE] activating new tasks
May 2 01:59:54 yhwh charon: 15[IKE] activating QUICK_MODE task
May 2 01:59:54 yhwh charon: 15[CFG] configured proposals:
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
May 2 01:59:54 yhwh charon: 15[KNL] getting SPI for reqid {1}
May 2 01:59:54 yhwh charon: 15[KNL] sending XFRM_MSG_ALLOCSPI: => 248
bytes @ 0x7fece15c3790
May 2 01:59:54 yhwh charon: 15[KNL] 0: F8 00 00 00 16 00 01 00 C9 00 00
00 32 5C 00 00 ............2\..
May 2 01:59:54 yhwh charon: 15[KNL] 16: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 32: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 48: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 64: 00 00 00 00 00 00 00 00 C0 A8 01
D2 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 80: 00 00 00 00 00 00 00 00 00 00 00
00 32 00 00 00 ............2...
May 2 01:59:54 yhwh charon: 15[KNL] 96: 46 A8 36 02 00 00 00 00 00 00 00
00 00 00 00 00 F.6.............
May 2 01:59:54 yhwh charon: 15[KNL] 112: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 128: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 144: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 160: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 176: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 208: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 224: 01 00 00 00 02 00 01 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 240: 00 00 00 C0 FF FF FF CF
........
May 2 01:59:54 yhwh charon: 15[KNL] got SPI cf6784ea for reqid {1}
May 2 01:59:54 yhwh charon: 15[CFG] configured proposals:
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
May 2 01:59:54 yhwh charon: 15[CFG] proposing traffic selectors for us:
May 2 01:59:54 yhwh charon: 15[CFG] 192.168.10.116/32
May 2 01:59:54 yhwh charon: 15[CFG] proposing traffic selectors for other:
May 2 01:59:54 yhwh charon: 15[CFG] 192.168.1.0/24
May 2 01:59:54 yhwh charon: 15[IKE] Hash(1) => 16 bytes @ 0x7feca0001de0
May 2 01:59:54 yhwh charon: 15[IKE] 0: 0F 25 1D B9 AE 11 D5 F7 72 02 0B
48 9A 7C 41 24 .%......r..H.|A$
May 2 01:59:54 yhwh charon: 15[ENC] generating QUICK_MODE request
110702905 [ HASH SA No ID ID ]
May 2 01:59:54 yhwh charon: 15[IKE] next IV for MID 110702905 => 8 bytes @
0x7feca0001b70
May 2 01:59:54 yhwh charon: 15[IKE] 0: 2C 43 59 72 F3 76 3E EC
,CYr.v>.
May 2 01:59:54 yhwh charon: 15[IKE] next IV for MID 110702905 => 8 bytes @
0x7feca00032f0
May 2 01:59:54 yhwh charon: 15[IKE] 0: 19 D5 1B E8 B6 25 7A 12
.....%z.
May 2 01:59:54 yhwh charon: 15[NET] sending packet: from
192.168.1.210[4500] to 70.168.54.2[4500] (196 bytes)
May 2 01:59:54 yhwh charon: 07[NET] received packet: from
70.168.54.2[4500] to 192.168.1.210[4500] (84 bytes)
May 2 01:59:54 yhwh charon: 07[IKE] next IV for MID 1897171263 => 8 bytes
@ 0x7fecb4000f20
May 2 01:59:54 yhwh charon: 07[IKE] 0: C2 35 26 BF E9 3C 99 50
.5&..<.P
May 2 01:59:54 yhwh charon: 07[ENC] parsed INFORMATIONAL_V1 request
1897171263 [ HASH N(NO_PROP) ]
May 2 01:59:54 yhwh charon: 07[IKE] Hash => 16 bytes @ 0x7fecb4000960
May 2 01:59:54 yhwh charon: 07[IKE] 0: ED B1 CF AD 58 0A 4A 5D D1 96 54
D5 8A 15 94 84 ....X.J]..T.....
May 2 01:59:54 yhwh charon: 07[IKE] next IV for MID 1897171263 => 8 bytes
@ 0x7fecb4000ce0
May 2 01:59:54 yhwh charon: 07[IKE] 0: 83 47 F1 E6 F0 27 C0 04
.G...'..
May 2 01:59:54 yhwh charon: 07[IKE] received NO_PROPOSAL_CHOSEN error
notify
May 2 01:59:54 yhwh charon: 07[KNL] deleting SAD entry with SPI cf6784ea
(mark 0/0x00000000)
May 2 01:59:54 yhwh charon: 07[KNL] sending XFRM_MSG_DELSA: => 40 bytes @
0x7fece55cb7c0
May 2 01:59:54 yhwh charon: 15[KNL] 176: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 208: 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 224: 01 00 00 00 02 00 01 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 15[KNL] 240: 00 00 00 C0 FF FF FF CF
........
May 2 01:59:54 yhwh charon: 15[KNL] got SPI cf6784ea for reqid {1}
May 2 01:59:54 yhwh charon: 15[CFG] configured proposals:
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
May 2 01:59:54 yhwh charon: 15[CFG] proposing traffic selectors for us:
May 2 01:59:54 yhwh charon: 15[CFG] 192.168.10.116/32
May 2 01:59:54 yhwh charon: 15[CFG] proposing traffic selectors for other:
May 2 01:59:54 yhwh charon: 15[CFG] 192.168.1.0/24
May 2 01:59:54 yhwh charon: 15[IKE] Hash(1) => 16 bytes @ 0x7feca0001de0
May 2 01:59:54 yhwh charon: 15[IKE] 0: 0F 25 1D B9 AE 11 D5 F7 72 02 0B
48 9A 7C 41 24 .%......r..H.|A$
May 2 01:59:54 yhwh charon: 15[ENC] generating QUICK_MODE request
110702905 [ HASH SA No ID ID ]
May 2 01:59:54 yhwh charon: 15[IKE] next IV for MID 110702905 => 8 bytes @
0x7feca0001b70
May 2 01:59:54 yhwh charon: 15[IKE] 0: 2C 43 59 72 F3 76 3E EC
,CYr.v>.
May 2 01:59:54 yhwh charon: 15[IKE] next IV for MID 110702905 => 8 bytes @
0x7feca00032f0
May 2 01:59:54 yhwh charon: 15[IKE] 0: 19 D5 1B E8 B6 25 7A 12
.....%z.
May 2 01:59:54 yhwh charon: 15[NET] sending packet: from
192.168.1.210[4500] to 70.168.54.2[4500] (196 bytes)
May 2 01:59:54 yhwh charon: 07[NET] received packet: from
70.168.54.2[4500] to 192.168.1.210[4500] (84 bytes)
May 2 01:59:54 yhwh charon: 07[IKE] next IV for MID 1897171263 => 8 bytes
@ 0x7fecb4000f20
May 2 01:59:54 yhwh charon: 07[IKE] 0: C2 35 26 BF E9 3C 99 50
.5&..<.P
May 2 01:59:54 yhwh charon: 07[ENC] parsed INFORMATIONAL_V1 request
1897171263 [ HASH N(NO_PROP) ]
May 2 01:59:54 yhwh charon: 07[IKE] Hash => 16 bytes @ 0x7fecb4000960
May 2 01:59:54 yhwh charon: 07[IKE] 0: ED B1 CF AD 58 0A 4A 5D D1 96 54
D5 8A 15 94 84 ....X.J]..T.....
May 2 01:59:54 yhwh charon: 07[IKE] next IV for MID 1897171263 => 8 bytes
@ 0x7fecb4000ce0
May 2 01:59:54 yhwh charon: 07[IKE] 0: 83 47 F1 E6 F0 27 C0 04
.G...'..
May 2 01:59:54 yhwh charon: 07[IKE] received NO_PROPOSAL_CHOSEN error
notify
May 2 01:59:54 yhwh charon: 07[KNL] deleting SAD entry with SPI cf6784ea
(mark 0/0x00000000)
May 2 01:59:54 yhwh charon: 07[KNL] sending XFRM_MSG_DELSA: => 40 bytes @
0x7fece55cb7c0
May 2 01:59:54 yhwh charon: 07[KNL] 0: 28 00 00 00 11 00 05 00 CA 00 00
00 32 5C 00 00 (...........2\..
May 2 01:59:54 yhwh charon: 07[KNL] 16: C0 A8 01 D2 00 00 00 00 00 00 00
00 00 00 00 00 ................
May 2 01:59:54 yhwh charon: 07[KNL] 32: CF 67 84 EA 02 00 32 00
.g....2.
May 2 01:59:54 yhwh charon: 07[KNL] deleted SAD entry with SPI cf6784ea
(mark 0/0x00000000)
May 2 01:59:54 yhwh charon: 08[NET] received packet: from
70.168.54.2[4500] to 192.168.1.210[4500] (76 bytes)
May 2 01:59:54 yhwh charon: 08[IKE] next IV for MID 2733576068 => 8 bytes
@ 0x7fecb8000ae0
May 2 01:59:54 yhwh charon: 08[IKE] 0: 65 5B 05 CE 91 EC ED 6D
e[.....m
May 2 01:59:54 yhwh charon: 08[ENC] parsed INFORMATIONAL_V1 request
2733576068 [ HASH D ]
May 2 01:59:54 yhwh charon: 08[IKE] Hash => 16 bytes @ 0x7fecb8000f90
May 2 01:59:54 yhwh charon: 08[IKE] 0: 1A EA 7F 82 36 09 EA 3F 9D 65 1C
35 50 39 BE 24 ....6..?.e.5P9.$
May 2 01:59:54 yhwh charon: 08[IKE] next IV for MID 2733576068 => 8 bytes
@ 0x7fecb8000d70
May 2 01:59:54 yhwh charon: 08[IKE] 0: E5 5E A1 DC 19 CC CF 49
.^.....I
May 2 01:59:54 yhwh charon: 08[IKE] received DELETE for IKE_SA ezvpn[1]
May 2 01:59:54 yhwh charon: 08[IKE] deleting IKE_SA ezvpn[1] between
192.168.1.210[IPSECRemoteUser]...70.168.54.2[70.168.54.2]
May 2 01:59:54 yhwh charon: 08[IKE] IKE_SA ezvpn[1] state change:
ESTABLISHED => DELETING
May 2 01:59:54 yhwh charon: 08[IKE] IKE_SA ezvpn[1] state change: DELETING
=> DELETING
May 2 01:59:54 yhwh charon: 08[IKE] IKE_SA ezvpn[1] state change: DELETING
=> DESTROYING
May 2 01:59:54 yhwh charon: 08[IKE] removing DNS server 172.16.10.20 from
/etc/strongswan/resolv.conf
May 2 01:59:54 yhwh charon: 08[KNL] deleting virtual IP 192.168.10.116
May 2 01:59:54 yhwh avahi-daemon[706]: Withdrawing address record for
192.168.10.116 on wlp3s0.
May 2 02:01:01 yhwh systemd: Starting Session 7 of user root.
and here's the console output:
[root at yhwh strongswan]# strongswan start
Starting strongSwan 5.1.3 IPsec [starter]...
[root at yhwh strongswan]# strongswan up ezvpn
initiating Aggressive Mode IKE_SA ezvpn[1] to 70.168.54.2
generating AGGRESSIVE request 0 [ SA KE No ID V V V V ]
sending packet: from 192.168.1.210[500] to 70.168.54.2[500] (387 bytes)
received packet: from 70.168.54.2[500] to 192.168.1.210[500] (428 bytes)
parsed AGGRESSIVE response 0 [ SA KE No ID HASH V V V V NAT-D NAT-D V V ]
received Cisco Unity vendor ID
received XAuth vendor ID
received DPD vendor ID
received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
received FRAGMENTATION vendor ID
received unknown vendor ID: 1f:07:f7:0e:aa:65:14:d3:b0:fa:96:54:2a:50:01:00
local host is behind NAT, sending keep alives
generating AGGRESSIVE request 0 [ NAT-D NAT-D HASH ]
sending packet: from 192.168.1.210[4500] to 70.168.54.2[4500] (92 bytes)
received packet: from 70.168.54.2[4500] to 192.168.1.210[4500] (68 bytes)
parsed TRANSACTION request 693118219 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]
generating TRANSACTION response 693118219 [ HASH CPRP(X_USER X_PWD) ]
sending packet: from 192.168.1.210[4500] to 70.168.54.2[4500] (84 bytes)
received packet: from 70.168.54.2[4500] to 192.168.1.210[4500] (60 bytes)
parsed TRANSACTION request 3841658393 [ HASH CPS(X_STATUS) ]
XAuth authentication of 'mnaskovski' (myself) successful
IKE_SA ezvpn[1] established between
192.168.1.210[IPSECRemoteUser]...70.168.54.2[70.168.54.2]
scheduling reauthentication in 86127s
maximum IKE_SA lifetime 86307s
generating TRANSACTION response 3841658393 [ HASH CPA(X_STATUS) ]
sending packet: from 192.168.1.210[4500] to 70.168.54.2[4500] (68 bytes)
generating TRANSACTION request 3024381547 [ HASH CPRQ(ADDR DNS) ]
sending packet: from 192.168.1.210[4500] to 70.168.54.2[4500] (68 bytes)
received packet: from 70.168.54.2[4500] to 192.168.1.210[4500] (76 bytes)
parsed TRANSACTION response 3024381547 [ HASH CPRP(ADDR DNS) ]
installing DNS server 172.16.10.20 to /etc/strongswan/resolv.conf
installing new virtual IP 192.168.10.116
generating QUICK_MODE request 110702905 [ HASH SA No ID ID ]
sending packet: from 192.168.1.210[4500] to 70.168.54.2[4500] (196 bytes)
received packet: from 70.168.54.2[4500] to 192.168.1.210[4500] (84 bytes)
parsed INFORMATIONAL_V1 request 1897171263 [ HASH N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection 'ezvpn' failed
My ipsec.secret:
[root at yhwh strongswan]# cat ipsec.secrets
# /etc/ipsec.secrets - strongSwan IPsec secrets file
70.168.54.2 : PSK "<removed>" #this is PSK for group password
mnaskovski : XAUTH "<removed>" #this is password for XAuth
(user cisco)
: RSA myKey.der
[root at yhwh strongswan]#
What am I doing wrong - why is VPNC flawless and something as cool as
strongswan failing? This will be the most educational experience for me :)..
I appreciate ANYONE's guidance in this matter.
Thank you,
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140502/d026a3f2/attachment-0001.html>
More information about the Users
mailing list