[strongSwan] strongswan host to host setup problem
Randy Wyatt
rwwyatt01 at gmail.com
Fri Jul 17 04:41:04 CEST 2015
What does ipsec statusall show? Have you looked at the WiKi?
https://www.strongswan.org/uml/testresults/ikev2/net2net-psk/
or are you trying to authenticate with the Windows Agile Client?
Regards,
Randy
On Thu, Jul 16, 2015 at 6:56 PM, Aaron <hawaiiaaron at gmail.com> wrote:
> Hmm well I thought I already tried something like this which is what I
> think you're referring to?
> 10.1.0.1 10.2.0.1: PSK "secret shared by two hosts"
> But I may have tried only a unique PSK for each host ?
> On Jul 16, 2015 5:44 PM, "Randy Wyatt" <rwwyatt01 at gmail.com> wrote:
>
>> look deeply into your ipsec.secrets
>>
>> On Thu, Jul 16, 2015 at 5:21 PM, Aaron <hawaiiaaron at gmail.com> wrote:
>>
>>> Thanks. Here is the right side and left side.
>>> I notice on the left side it has this error. " no IKE config found for
>>> 10.100.1.20...10.100.1.131, sending NO_PROPOSAL_CHOSEN"
>>>
>>> #rightside
>>> Jul 17 00:14:06 vpn02 charon: 00[CFG] loading attribute certificates
>>> from '/etc/strongswan/ipsec.d/acerts'
>>> Jul 17 00:14:06 vpn02 charon: 00[CFG] loading crls from
>>> '/etc/strongswan/ipsec.d/crls'
>>> Jul 17 00:14:06 vpn02 charon: 00[CFG] loading secrets from
>>> '/etc/strongswan/ipsec.secrets'
>>> Jul 17 00:14:06 vpn02 charon: 00[CFG] loaded IKE secret for %any
>>> Jul 17 00:14:06 vpn02 charon: 00[LIB] loaded plugins: charon curl aes
>>> des rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints acert
>>> pubkey pkcs1 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp xcbc
>>> cmac hmac attr kernel-netlink resolve socket-default farp stroke vici
>>> updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap
>>> xauth-generic xauth-eap xauth-pam xauth-noauth dhcp
>>> Jul 17 00:14:06 vpn02 charon: 00[LIB] unable to load 3 plugin features
>>> (3 due to unmet dependencies)
>>> Jul 17 00:14:06 vpn02 charon: 00[JOB] spawning 16 worker threads
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] stroke message => 750 bytes @
>>> 0x7f6e00000b00
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 0: EE 02 00 00 03 00 00 00 FF
>>> FF FF FF 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 16: 90 02 00 00 00 00 00 00 02
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 32: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 48: 00 00 00 00 00 00 00 00 02
>>> 00 00 00 40 00 00 00 ............ at ...
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 64: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 80: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 96: 00 00 00 00 01 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 112: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 01 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 128: 93 02 00 00 00 00 00 00 A8
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 144: 00 00 00 00 00 00 00 00 01
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 160: B0 04 00 00 00 00 00 00 10
>>> 0E 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 176: B4 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 192: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 208: 00 00 00 00 00 00 00 00 01
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 224: 64 00 00 00 00 00 00 00 1E
>>> 00 00 00 00 00 00 00 d...............
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 240: 96 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 256: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 272: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 288: 00 00 00 00 00 00 00 00 B4
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 304: 00 00 00 00 00 00 00 00 B8
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 320: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 336: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 352: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 368: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 384: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 400: 00 00 00 00 00 00 00 00 C4
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 416: F4 01 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 432: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 448: 01 00 00 00 00 00 00 00 01
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 464: 00 00 00 00 FF FF 00 00 D0
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 480: 00 00 00 00 00 00 00 00 D4
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 496: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 512: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 528: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 544: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 560: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 576: 00 00 00 00 00 00 00 00 E1
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 592: F4 01 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 608: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 624: 01 00 00 00 00 00 00 00 01
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 640: 00 00 00 00 FF FF 00 00 FF
>>> FF FF FF 00 00 00 00 ................
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 656: 72 77 00 61 65 73 31 32 38
>>> 2D 73 68 61 31 2D 6D rw.aes128-sha1-m
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 672: 6F 64 70 31 30 32 34 00 61
>>> 65 73 31 32 38 2D 73 odp1024.aes128-s
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 688: 68 61 31 00 70 73 6B 00 31
>>> 30 2E 31 30 30 2E 31 ha1.psk.10.100.1
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 704: 2E 32 30 00 31 30 2E 31 30
>>> 30 2E 31 2E 32 30 00 .20.10.100.1.20.
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 720: 70 73 6B 00 31 30 2E 31 30
>>> 30 2E 31 2E 31 33 31 psk.10.100.1.131
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] 736: 00 31 30 2E 31 30 30 2E 31
>>> 2E 31 33 31 00 .10.100.1.131.
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] received stroke: add connection
>>> 'rw'
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] conn rw
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] left=10.100.1.20
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] leftauth=psk
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] leftid=10.100.1.20
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] right=10.100.1.131
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] rightauth=psk
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] rightid=10.100.1.131
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] ike=aes128-sha1-modp1024
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] esp=aes128-sha1
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] dpddelay=30
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] dpdtimeout=150
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] mediation=no
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] keyexchange=ikev2
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] left is other host, swapping ends
>>> Jul 17 00:14:06 vpn02 charon: 08[CFG] added configuration 'rw'
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] stroke message => 659 bytes @
>>> 0x7f6dec000a90
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 0: 93 02 00 00 00 00 00 00 01
>>> 00 00 00 FF 7F 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 16: 90 02 00 00 00 00 00 00 30
>>> E8 1F FE FF 7F 00 00 ........0.......
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 32: F0 E1 1F FE FF 7F 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 48: 80 9E A7 B0 3C 7F 00 00 D4
>>> 94 A6 B0 3C 7F 00 00 ....<.......<...
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 64: 00 00 00 D6 3F FC FF FF 00
>>> 00 00 00 00 00 00 00 ....?...........
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 80: 30 E2 1F FE FE FF FF FF C8
>>> 00 00 00 00 00 00 00 0...............
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 96: 02 00 00 00 3C 7F 00 00 F0
>>> E1 1F FE FF 7F 00 00 ....<...........
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 112: 50 77 87 00 00 00 00 00 C7
>>> 00 00 00 00 00 00 00 Pw..............
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 128: 30 E8 1F FE FF 7F 00 00 0D
>>> 00 04 00 02 00 00 00 0...............
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 144: 03 00 00 00 00 00 00 00 90
>>> EA 1F FE 00 00 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 160: 00 EA 1F FE FF 7F 00 00 F0
>>> E9 1F FE FF 7F 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 176: E0 E9 1F FE FF 7F 00 00 C8
>>> E9 1F FE FF 7F 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 192: D8 E9 1F FE FF 7F 00 00 01
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 208: 00 EB 1F FE FF 7F 00 00 06
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 224: 18 5B EA B0 3C 7F 00 00 C6
>>> BE C9 B0 3C 7F 00 00 .[..<.......<...
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 240: F0 86 88 00 00 00 00 00 D0
>>> 86 88 00 00 00 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 256: F0 86 88 00 00 00 00 00 F0
>>> 86 88 00 00 00 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 272: F0 86 88 00 00 00 00 00 E0
>>> 68 88 00 00 00 00 00 .........h......
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 288: E0 68 88 00 00 00 00 00 30
>>> 84 88 00 00 00 00 00 .h......0.......
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 304: 50 84 88 00 00 00 00 00 01
>>> 00 00 00 00 00 00 00 P...............
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 320: 20 E3 1F FE FF 7F 00 00 75
>>> D0 07 B0 3C 7F 00 00 .......u...<...
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 336: 00 50 EA B0 3C 7F 00 00 00
>>> 00 E0 C3 3F FC FF FF .P..<.......?...
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 352: 00 00 36 A3 93 61 79 FE 00
>>> 00 00 00 00 00 00 00 ..6..ay.........
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 368: E8 D6 EA B0 3C 7F 00 00 03
>>> 00 00 00 3C 7F 00 00 ....<.......<...
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 384: 00 00 00 00 01 00 00 00 58
>>> E6 1F 01 00 00 00 00 ........X.......
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 400: 00 00 00 00 3C 7F 00 00 0E
>>> 00 00 00 00 00 00 00 ....<...........
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 416: E0 E2 1F FE FF 7F 00 00 90
>>> EA 1F FE FF 7F 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 432: 00 EB 1F FE FF 7F 00 00 02
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 448: 20 00 00 00 30 00 00 00 80
>>> EA 1F FE FF 7F 00 00 ...0...........
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 464: B0 E9 1F FE FF 7F 00 00 D2
>>> B2 C9 B0 3C 7F 00 00 ............<...
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 480: 00 00 00 00 00 00 00 00 B6
>>> D1 C9 B0 3C 7F 00 00 ............<...
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 496: D8 FF EA B0 3C 7F 00 00 30
>>> 0F 29 B0 3C 7F 00 00 ....<...0.).<...
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 512: 00 EB 1F FE FF 7F 00 00 9E
>>> BA C9 B0 3C 7F 00 00 ............<...
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 528: 00 60 EA B0 3C 7F 00 00 98
>>> F9 EA B0 3C 7F 00 00 .`..<.......<...
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 544: 20 00 00 00 30 00 00 00 80
>>> EA 1F FE FF 7F 00 00 ...0...........
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 560: 20 00 00 00 30 00 00 00 F0
>>> EA 1F FE FF 7F 00 00 ...0...........
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 576: 20 EA 1F FE FF 7F 00 00 00
>>> 79 87 00 00 00 00 00 ........y......
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 592: 28 00 00 00 30 00 00 00 D0
>>> E6 1F FE FF 7F 00 00 (...0...........
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 608: 10 E6 1F FE FF 7F 00 00 00
>>> 79 87 00 00 00 00 00 .........y......
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 624: C0 E6 1F FE FF 7F 00 00 01
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 640: 20 00 00 00 30 00 00 00 40
>>> EB 1F FE FF 7F 00 00 ...0... at .......
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] 656: 72 77
>>> 00 rw.
>>> Jul 17 00:14:24 vpn02 charon: 12[CFG] received stroke: initiate 'rw'
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] queueing IKE_VENDOR task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] queueing IKE_INIT task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] queueing IKE_NATD task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] queueing IKE_CERT_PRE task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] queueing IKE_AUTH task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] queueing IKE_CERT_POST task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] queueing IKE_CONFIG task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] queueing IKE_AUTH_LIFETIME task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] queueing IKE_MOBIKE task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] queueing CHILD_CREATE task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] activating new tasks
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] activating IKE_VENDOR task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] activating IKE_INIT task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] activating IKE_NATD task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] activating IKE_CERT_PRE task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] activating IKE_AUTH task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] activating IKE_CERT_POST task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] activating IKE_CONFIG task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] activating CHILD_CREATE task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] activating IKE_AUTH_LIFETIME task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] activating IKE_MOBIKE task
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] initiating IKE_SA rw[1] to
>>> 10.100.1.20
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] IKE_SA rw[1] state change: CREATED
>>> => CONNECTING
>>> Jul 17 00:14:24 vpn02 charon: 14[CFG] configured proposals:
>>> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
>>> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP,
>>> IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] natd_chunk => 22 bytes @ 0x113f590
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] 0: F1 E5 AE 40 A7 E5 1B 7F 00
>>> 00 00 00 00 00 00 00 ... at ............
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] 16: 0A 64 01 14 01
>>> F4 .d....
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] natd_hash => 20 bytes @ 0x113f5b0
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] 0: 46 54 FB 3E 72 E6 77 AD 9C
>>> 88 CE FC 78 04 58 36 FT.>r.w.....x.X6
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] 16: F4 59 7F
>>> E4 .Y..
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] natd_chunk => 22 bytes @ 0x113f550
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] 0: F1 E5 AE 40 A7 E5 1B 7F 00
>>> 00 00 00 00 00 00 00 ... at ............
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] 16: 0A 64 01 83 01
>>> F4 .d....
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] natd_hash => 20 bytes @ 0x113f230
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] 0: 63 7A 7F F9 D8 CF 34 82 EF
>>> EB 30 16 21 8A 8A F0 cz....4...0.!...
>>> Jul 17 00:14:24 vpn02 charon: 14[IKE] 16: 29 A5 67
>>> E3 ).g.
>>> Jul 17 00:14:24 vpn02 charon: 14[ENC] generating IKE_SA_INIT request 0 [
>>> SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
>>> Jul 17 00:14:24 vpn02 charon: 14[NET] sending packet: from
>>> 10.100.1.131[500] to 10.100.1.20[500] (964 bytes)
>>> Jul 17 00:14:24 vpn02 charon: 15[NET] received packet: from
>>> 10.100.1.20[500] to 10.100.1.131[500] (36 bytes)
>>> Jul 17 00:14:24 vpn02 charon: 15[ENC] parsed IKE_SA_INIT response 0 [
>>> N(NO_PROP) ]
>>> Jul 17 00:14:24 vpn02 charon: 15[IKE] received NO_PROPOSAL_CHOSEN notify
>>> error
>>> Jul 17 00:14:24 vpn02 charon: 15[CFG] configured proposals:
>>> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
>>> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP,
>>> IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
>>> Jul 17 00:14:24 vpn02 charon: 15[IKE] IKE_SA rw[1] state change:
>>> CONNECTING => DESTROYING
>>>
>>> #leftside
>>> Jul 17 00:14:01 vpn02 charon: 00[CFG] loading secrets from
>>> '/etc/strongswan/ipsec.secrets'
>>> Jul 17 00:14:01 vpn02 charon: 00[CFG] loaded IKE secret for %any
>>> Jul 17 00:14:01 vpn02 charon: 00[LIB] loaded plugins: charon curl aes
>>> des rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints acert
>>> pubkey pkcs1 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp xcbc
>>> cmac hmac attr kernel-netlink resolve socket-default farp stroke vici
>>> updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap
>>> xauth-generic xauth-eap xauth-pam xauth-noauth dhcp
>>> Jul 17 00:14:01 vpn02 charon: 00[LIB] unable to load 3 plugin features
>>> (3 due to unmet dependencies)
>>> Jul 17 00:14:01 vpn02 charon: 00[JOB] spawning 16 worker threads
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] stroke message => 776 bytes @
>>> 0x7f30c8000b00
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 0: 08 03 00 00 03 00 00 00 FF
>>> FF FF FF 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 16: 90 02 00 00 00 00 00 00 02
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 32: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 48: 00 00 00 00 00 00 00 00 02
>>> 00 00 00 40 00 00 00 ............ at ...
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 64: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 80: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 96: 00 00 00 00 01 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 112: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 01 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 128: 93 02 00 00 00 00 00 00 A8
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 144: 00 00 00 00 00 00 00 00 01
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 160: B0 04 00 00 00 00 00 00 10
>>> 0E 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 176: B4 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 192: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 208: 00 00 00 00 00 00 00 00 01
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 224: 64 00 00 00 00 00 00 00 1E
>>> 00 00 00 00 00 00 00 d...............
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 240: 96 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 256: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 272: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 288: 00 00 00 00 00 00 00 00 B4
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 304: 00 00 00 00 00 00 00 00 B8
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 320: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 336: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 352: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 368: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 384: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 400: C4 02 00 00 00 00 00 00 E0
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 416: F4 01 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 432: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 448: 01 00 00 00 00 00 00 00 01
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 464: 00 00 00 00 FF FF 00 00 EC
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 480: 00 00 00 00 00 00 00 00 F0
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 496: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 512: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 528: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 544: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 560: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 576: 00 00 00 00 00 00 00 00 FC
>>> 02 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 592: F4 01 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 608: 00 00 00 00 00 00 00 00 00
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 624: 01 00 00 00 00 00 00 00 01
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 640: 00 00 00 00 FF FF 00 00 FF
>>> FF FF FF 00 00 00 00 ................
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 656: 72 77 00 61 65 73 31 32 38
>>> 2D 73 68 61 31 2D 6D rw.aes128-sha1-m
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 672: 6F 64 70 31 30 32 34 00 61
>>> 65 73 31 32 38 2D 73 odp1024.aes128-s
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 688: 68 61 31 00 70 73 6B 00 31
>>> 30 2E 31 30 30 2E 31 ha1.psk.10.100.1
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 704: 2E 32 30 00 73 74 72 6F 6E
>>> 67 73 77 61 6E 20 5F .20.strongswan _
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 720: 75 70 64 6F 77 6E 20 69 70
>>> 74 61 62 6C 65 73 00 updown iptables.
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 736: 31 30 2E 31 30 30 2E 31 2E
>>> 32 30 00 70 73 6B 00 10.100.1.20.psk.
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 752: 31 30 2E 31 30 30 2E 31 2E
>>> 33 31 00 31 30 2E 31 10.100.1.31.10.1
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] 768: 30 30 2E 31 2E 33 31
>>> 00 00.1.31.
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] received stroke: add connection
>>> 'rw'
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] conn rw
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] left=10.100.1.20
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] leftauth=psk
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] leftid=10.100.1.20
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] leftupdown=strongswan _updown
>>> iptables
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] right=10.100.1.31
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] rightauth=psk
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] rightid=10.100.1.31
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] ike=aes128-sha1-modp1024
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] esp=aes128-sha1
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] dpddelay=30
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] dpdtimeout=150
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] mediation=no
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] keyexchange=ikev2
>>> Jul 17 00:14:01 vpn02 charon: 08[CFG] added configuration 'rw'
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] stroke message => 659 bytes @
>>> 0x7f30b4000a90
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 0: 93 02 00 00 00 00 00 00 01
>>> 00 00 00 FF 7F 00 00 ................
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 16: 90 02 00 00 00 00 00 00 B0
>>> F0 BA 51 FF 7F 00 00 ...........Q....
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 32: 70 EA BA 51 FF 7F 00 00 00
>>> 00 00 00 00 00 00 00 p..Q............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 48: 80 0E 84 A5 E3 7F 00 00 D4
>>> 04 83 A5 E3 7F 00 00 ................
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 64: 00 00 00 E7 75 A3 FE FF 00
>>> 00 00 00 00 00 00 00 ....u...........
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 80: B0 EA BA 51 FE FF FF FF C8
>>> 00 00 00 00 00 00 00 ...Q............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 96: 02 00 00 00 E3 7F 00 00 70
>>> EA BA 51 FF 7F 00 00 ........p..Q....
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 112: 50 07 FA 00 00 00 00 00 C7
>>> 00 00 00 00 00 00 00 P...............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 128: B0 F0 BA 51 FF 7F 00 00 0D
>>> 00 04 00 02 00 00 00 ...Q............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 144: 03 00 00 00 00 00 00 00 10
>>> F3 BA 51 00 00 00 00 ...........Q....
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 160: 80 F2 BA 51 FF 7F 00 00 70
>>> F2 BA 51 FF 7F 00 00 ...Q....p..Q....
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 176: 60 F2 BA 51 FF 7F 00 00 48
>>> F2 BA 51 FF 7F 00 00 `..Q....H..Q....
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 192: 58 F2 BA 51 FF 7F 00 00 01
>>> 00 00 00 00 00 00 00 X..Q............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 208: 80 F3 BA 51 FF 7F 00 00 06
>>> 00 00 00 00 00 00 00 ...Q............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 224: 18 CB C6 A5 E3 7F 00 00 C6
>>> 2E A6 A5 E3 7F 00 00 ................
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 240: F0 16 FB 00 00 00 00 00 D0
>>> 16 FB 00 00 00 00 00 ................
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 256: F0 16 FB 00 00 00 00 00 F0
>>> 16 FB 00 00 00 00 00 ................
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 272: F0 16 FB 00 00 00 00 00 E0
>>> F8 FA 00 00 00 00 00 ................
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 288: E0 F8 FA 00 00 00 00 00 30
>>> 14 FB 00 00 00 00 00 ........0.......
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 304: 50 14 FB 00 00 00 00 00 01
>>> 00 00 00 00 00 00 00 P...............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 320: A0 EB BA 51 FF 7F 00 00 75
>>> 40 E4 A4 E3 7F 00 00 ...Q....u at ......
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 336: 00 C0 C6 A5 E3 7F 00 00 00
>>> 00 E0 D4 75 A3 FE FF ............u...
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 352: 00 00 36 83 4C 4B C7 FF 00
>>> 00 00 00 00 00 00 00 ..6.LK..........
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 368: E8 46 C7 A5 E3 7F 00 00 03
>>> 00 00 00 E3 7F 00 00 .F..............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 384: 00 00 00 00 01 00 00 00 D8
>>> EE BA 01 00 00 00 00 ................
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 400: 00 00 00 00 E3 7F 00 00 0E
>>> 00 00 00 00 00 00 00 ................
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 416: 60 EB BA 51 FF 7F 00 00 10
>>> F3 BA 51 FF 7F 00 00 `..Q.......Q....
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 432: 80 F3 BA 51 FF 7F 00 00 02
>>> 00 00 00 00 00 00 00 ...Q............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 448: 20 00 00 00 30 00 00 00 00
>>> F3 BA 51 FF 7F 00 00 ...0......Q....
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 464: 30 F2 BA 51 FF 7F 00 00 D2
>>> 22 A6 A5 E3 7F 00 00 0..Q....."......
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 480: 00 00 00 00 00 00 00 00 B6
>>> 41 A6 A5 E3 7F 00 00 .........A......
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 496: D8 6F C7 A5 E3 7F 00 00 30
>>> 7F 05 A5 E3 7F 00 00 .o......0.......
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 512: 80 F3 BA 51 FF 7F 00 00 9E
>>> 2A A6 A5 E3 7F 00 00 ...Q.....*......
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 528: 00 D0 C6 A5 E3 7F 00 00 98
>>> 69 C7 A5 E3 7F 00 00 .........i......
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 544: 20 00 00 00 30 00 00 00 00
>>> F3 BA 51 FF 7F 00 00 ...0......Q....
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 560: 20 00 00 00 30 00 00 00 70
>>> F3 BA 51 FF 7F 00 00 ...0...p..Q....
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 576: A0 F2 BA 51 FF 7F 00 00 00
>>> 09 FA 00 00 00 00 00 ...Q............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 592: 28 00 00 00 30 00 00 00 50
>>> EF BA 51 FF 7F 00 00 (...0...P..Q....
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 608: 90 EE BA 51 FF 7F 00 00 00
>>> 09 FA 00 00 00 00 00 ...Q............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 624: 40 EF BA 51 FF 7F 00 00 01
>>> 00 00 00 00 00 00 00 @..Q............
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 640: 20 00 00 00 30 00 00 00 C0
>>> F3 BA 51 FF 7F 00 00 ...0......Q....
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] 656: 72 77
>>> 00 rw.
>>> Jul 17 00:14:21 vpn02 charon: 12[CFG] received stroke: initiate 'rw'
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] queueing IKE_VENDOR task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] queueing IKE_INIT task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] queueing IKE_NATD task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] queueing IKE_CERT_PRE task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] queueing IKE_AUTH task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] queueing IKE_CERT_POST task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] queueing IKE_CONFIG task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] queueing IKE_AUTH_LIFETIME task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] queueing IKE_MOBIKE task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] queueing CHILD_CREATE task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] activating new tasks
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] activating IKE_VENDOR task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] activating IKE_INIT task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] activating IKE_NATD task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] activating IKE_CERT_PRE task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] activating IKE_AUTH task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] activating IKE_CERT_POST task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] activating IKE_CONFIG task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] activating CHILD_CREATE task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] activating IKE_AUTH_LIFETIME task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] activating IKE_MOBIKE task
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] initiating IKE_SA rw[1] to
>>> 10.100.1.31
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] IKE_SA rw[1] state change: CREATED
>>> => CONNECTING
>>> Jul 17 00:14:21 vpn02 charon: 14[CFG] configured proposals:
>>> IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
>>> IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP,
>>> IKE:AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160/ECP_256/ECP_384/ECP_521/ECP_224/ECP_192/ECP_224_BP/ECP_256_BP/ECP_384_BP/ECP_512_BP
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] natd_chunk => 22 bytes @ 0x15ae590
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] 0: 70 24 E2 E2 DF BC 86 58 00
>>> 00 00 00 00 00 00 00 p$.....X........
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] 16: 0A 64 01 1F 01
>>> F4 .d....
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] natd_hash => 20 bytes @ 0x15ae5b0
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] 0: 93 16 F6 BD 62 D5 F4 B6 BE
>>> 5A 55 43 51 48 98 AD ....b....ZUCQH..
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] 16: BA 14 1E
>>> F3 ....
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] natd_chunk => 22 bytes @ 0x15ae550
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] 0: 70 24 E2 E2 DF BC 86 58 00
>>> 00 00 00 00 00 00 00 p$.....X........
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] 16: 0A 64 01 14 01
>>> F4 .d....
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] natd_hash => 20 bytes @ 0x15ae230
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] 0: F1 D3 40 41 5A B9 3C F8 EF
>>> 68 0A 26 C9 76 87 51 .. at AZ.<..h.&.v.Q
>>> Jul 17 00:14:21 vpn02 charon: 14[IKE] 16: 70 78 0F
>>> 4A px.J
>>> Jul 17 00:14:21 vpn02 charon: 14[ENC] generating IKE_SA_INIT request 0 [
>>> SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
>>> Jul 17 00:14:21 vpn02 charon: 14[NET] sending packet: from
>>> 10.100.1.20[500] to 10.100.1.31[500] (964 bytes)
>>> Jul 17 00:14:24 vpn02 charon: 15[NET] received packet: from
>>> 10.100.1.131[500] to 10.100.1.20[500] (964 bytes)
>>> Jul 17 00:14:24 vpn02 charon: 15[ENC] parsed IKE_SA_INIT request 0 [ SA
>>> KE No N(NATD_S_IP) N(NATD_D_IP) ]
>>> Jul 17 00:14:24 vpn02 charon: 15[CFG] looking for an ike config for
>>> 10.100.1.20...10.100.1.131
>>> Jul 17 00:14:24 vpn02 charon: 15[CFG] ike config match: 0 (10.100.1.20
>>> 10.100.1.131 IKEv2)
>>> Jul 17 00:14:24 vpn02 charon: 15[IKE] no IKE config found for
>>> 10.100.1.20...10.100.1.131, sending NO_PROPOSAL_CHOSEN
>>> Jul 17 00:14:24 vpn02 charon: 15[ENC] generating IKE_SA_INIT response 0
>>> [ N(NO_PROP) ]
>>> Jul 17 00:14:24 vpn02 charon: 15[NET] sending packet: from
>>> 10.100.1.20[500] to 10.100.1.131[500] (36 bytes)
>>> Jul 17 00:14:24 vpn02 charon: 15[IKE] IKE_SA (unnamed)[2] state change:
>>> CREATED => DESTROYING
>>> Jul 17 00:14:25 vpn02 charon: 16[IKE] retransmit 1 of request with
>>> message ID 0
>>> Jul 17 00:14:25 vpn02 charon: 16[NET] sending packet: from
>>> 10.100.1.20[500] to 10.100.1.31[500] (964 bytes)
>>> Jul 17 00:14:32 vpn02 charon: 03[IKE] retransmit 2 of request with
>>> message ID 0
>>> Jul 17 00:14:32 vpn02 charon: 03[NET] sending packet: from
>>> 10.100.1.20[500] to 10.100.1.31[500] (964 bytes)
>>> Jul 17 00:14:45 vpn02 charon: 02[IKE] retransmit 3 of request with
>>> message ID 0
>>> Jul 17 00:14:45 vpn02 charon: 02[NET] sending packet: from
>>> 10.100.1.20[500] to 10.100.1.31[500] (964 bytes)
>>> Jul 17 00:15:08 vpn02 charon: 01[IKE] retransmit 4 of request with
>>> message ID 0
>>> Jul 17 00:15:08 vpn02 charon: 01[NET] sending packet: from
>>> 10.100.1.20[500] to 10.100.1.31[500] (964 bytes)
>>> Jul 17 00:15:50 vpn02 charon: 10[IKE] retransmit 5 of request with
>>> message ID 0
>>> Jul 17 00:15:50 vpn02 charon: 10[NET] sending packet: from
>>> 10.100.1.20[500] to 10.100.1.31[500] (964 bytes)
>>> Jul 17 00:17:06 vpn02 charon: 14[IKE] giving up after 5 retransmits
>>> Jul 17 00:17:06 vpn02 charon: 14[IKE] establishing IKE_SA failed, peer
>>> not responding
>>> Jul 17 00:17:06 vpn02 charon: 14[IKE] IKE_SA rw[1] state change:
>>> CONNECTING => DESTROYING
>>> [root at vpn02 strongswan]#
>>>
>>>
>>>
>>> On Thu, Jul 16, 2015 at 5:05 PM, Randy Wyatt <rwwyatt01 at gmail.com>
>>> wrote:
>>>
>>>> ipsec stroke loglevel cfg 3 or
>>>> place the following into your ipsec.conf
>>>>
>>>> charondebug="ike 3, knl 1, cfg 3" in
>>>>
>>>> a loglevel of 4 is only needed when asked by the experts.
>>>>
>>>>
>>>> On Thu, Jul 16, 2015 at 4:58 PM, Aaron <hawaiiaaron at gmail.com> wrote:
>>>>
>>>>> Where do I increase the logging for cfg?
>>>>>
>>>>> I added the options you mentioned. I also added a leftauth and
>>>>> rightauth
>>>>>
>>>>> config setup
>>>>> strictcrlpolicy=no
>>>>> # uniqueids = no
>>>>> charondebug="ike 4"
>>>>>
>>>>> # Add connections here.
>>>>> conn %default
>>>>> ikelifetime=60m
>>>>> keylife=20m
>>>>> rekeymargin=3m
>>>>> keyingtries=1
>>>>> keyexchange=ikev2
>>>>>
>>>>> conn rw
>>>>> ike=aes128-sha1-modp1024
>>>>> esp=aes128-sha1
>>>>> authby=secret
>>>>> leftauth=psk
>>>>> rightauth=psk
>>>>> left=10.100.1.20
>>>>> leftid=10.100.1.20
>>>>> leftfirewall=no
>>>>> right=10.100.1.131
>>>>> rightid=10.100.1.131
>>>>> auto=add
>>>>>
>>>>>
>>>>> On Thu, Jul 16, 2015 at 4:48 PM, Randy Wyatt <rwwyatt01 at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> It appears that we will need increased logging for cfg as well. Have
>>>>>> you thought about my suggestion and just hardcoding the proposal for now?
>>>>>>
>>>>>>
>>>>>> On Thu, Jul 16, 2015 at 4:44 PM, Aaron <hawaiiaaron at gmail.com> wrote:
>>>>>>
>>>>>>> Thanks. I've added the two lines to the ipsec.conf file and
>>>>>>> increased debugging. It appears to be the same error.
>>>>>>>
>>>>>>> Here is the log from the left side and right side as well as the
>>>>>>> strongswan.conf file.
>>>>>>> You'll see in the logs that some certs are loaded but I am not using
>>>>>>> them in my ipsec.conf. I just want to use PSK's at this time.
>>>>>>>
>>>>>>> #left side log
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[DMN] Starting IKE charon daemon
>>>>>>> (strongSwan 5.2.0, Linux 2.6.32-431.29.2.el6.x86_64, x86_64)
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[LIB] openssl FIPS mode(2) - enabled
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[CFG] loading ca certificates from
>>>>>>> '/etc/strongswan/ipsec.d/cacerts'
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[CFG] loaded ca certificate "C=US,
>>>>>>> ST=WA, L=xxxx, O=xxxx, OU=xxxx, CN=StrongSwan Intermediate CA" from
>>>>>>> '/etc/strongswan/ipsec.d/cacerts/int.pem'
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[CFG] loaded ca certificate "C=US,
>>>>>>> ST=WA, L=xxxx, O=xxxx, OU=xxxx, CN=StrongSwan Root CA" from
>>>>>>> '/etc/strongswan/ipsec.d/cacerts/rootCa.crt.pem'
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[CFG] loading aa certificates from
>>>>>>> '/etc/strongswan/ipsec.d/aacerts'
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[CFG] loading ocsp signer
>>>>>>> certificates from '/etc/strongswan/ipsec.d/ocspcerts'
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[CFG] loading attribute certificates
>>>>>>> from '/etc/strongswan/ipsec.d/acerts'
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[CFG] loading crls from
>>>>>>> '/etc/strongswan/ipsec.d/crls'
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[CFG] loading secrets from
>>>>>>> '/etc/strongswan/ipsec.secrets'
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[CFG] loaded IKE secret for %any
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[LIB] loaded plugins: charon curl
>>>>>>> aes des rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints
>>>>>>> acert pubkey pkcs1 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp
>>>>>>> xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke vici
>>>>>>> updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap
>>>>>>> xauth-generic xauth-eap xauth-pam xauth-noauth dhcp
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[LIB] unable to load 3 plugin
>>>>>>> features (3 due to unmet dependencies)
>>>>>>> Jul 16 23:27:17 vpn02 charon: 00[JOB] spawning 16 worker threads
>>>>>>> Jul 16 23:27:17 vpn02 charon: 08[CFG] received stroke: add
>>>>>>> connection 'rw'
>>>>>>> Jul 16 23:27:17 vpn02 charon: 08[CFG] added configuration 'rw'
>>>>>>> Jul 16 23:27:23 vpn02 charon: 10[CFG] received stroke: initiate 'rw'
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] queueing IKE_VENDOR task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] queueing IKE_INIT task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] queueing IKE_NATD task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] queueing IKE_CERT_PRE task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] queueing IKE_AUTH task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] queueing IKE_CERT_POST task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] queueing IKE_CONFIG task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] queueing IKE_AUTH_LIFETIME task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] queueing IKE_MOBIKE task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] queueing CHILD_CREATE task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] activating new tasks
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] activating IKE_VENDOR task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] activating IKE_INIT task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] activating IKE_NATD task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] activating IKE_CERT_PRE task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] activating IKE_AUTH task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] activating IKE_CERT_POST task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] activating IKE_CONFIG task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] activating CHILD_CREATE task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] activating IKE_AUTH_LIFETIME
>>>>>>> task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] activating IKE_MOBIKE task
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] initiating IKE_SA rw[1] to
>>>>>>> 10.100.1.31
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] IKE_SA rw[1] state change:
>>>>>>> CREATED => CONNECTING
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] natd_chunk => 22 bytes @
>>>>>>> 0x7fe30c0028c0
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] 0: 6A 4A DE E8 FC 8C FF D9
>>>>>>> 00 00 00 00 00 00 00 00 jJ..............
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] 16: 0A 64 01 1F 01
>>>>>>> F4 .d....
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] natd_hash => 20 bytes @
>>>>>>> 0x7fe30c0028e0
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] 0: BE 1C 33 77 01 44 51 EF
>>>>>>> 11 0C 28 5E 55 66 F1 65 ..3w.DQ...(^Uf.e
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] 16: 7C 85 04
>>>>>>> 6A |..j
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] natd_chunk => 22 bytes @
>>>>>>> 0x7fe30c0025c0
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] 0: 6A 4A DE E8 FC 8C FF D9
>>>>>>> 00 00 00 00 00 00 00 00 jJ..............
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] 16: 0A 64 01 14 01
>>>>>>> F4 .d....
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] natd_hash => 20 bytes @
>>>>>>> 0x7fe30c0025e0
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] 0: 2C 77 72 D7 74 8D 69 C1
>>>>>>> D7 5C 90 3E B7 66 79 D9 ,wr.t.i..\.>.fy.
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[IKE] 16: DB 4B 9B
>>>>>>> 3D .K.=
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[ENC] generating IKE_SA_INIT request
>>>>>>> 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
>>>>>>> Jul 16 23:27:23 vpn02 charon: 12[NET] sending packet: from
>>>>>>> 10.100.1.20[500] to 10.100.1.31[500] (964 bytes)
>>>>>>> Jul 16 23:27:27 vpn02 charon: 13[IKE] retransmit 1 of request with
>>>>>>> message ID 0
>>>>>>> Jul 16 23:27:27 vpn02 charon: 13[NET] sending packet: from
>>>>>>> 10.100.1.20[500] to 10.100.1.31[500] (964 bytes)
>>>>>>> Jul 16 23:27:29 vpn02 charon: 14[NET] received packet: from
>>>>>>> 10.100.1.131[500] to 10.100.1.20[500] (964 bytes)
>>>>>>> Jul 16 23:27:29 vpn02 charon: 14[ENC] parsed IKE_SA_INIT request 0 [
>>>>>>> SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
>>>>>>> Jul 16 23:27:29 vpn02 charon: 14[IKE] no IKE config found for
>>>>>>> 10.100.1.20...10.100.1.131, sending NO_PROPOSAL_CHOSEN
>>>>>>> Jul 16 23:27:29 vpn02 charon: 14[ENC] generating IKE_SA_INIT
>>>>>>> response 0 [ N(NO_PROP) ]
>>>>>>> Jul 16 23:27:29 vpn02 charon: 14[NET] sending packet: from
>>>>>>> 10.100.1.20[500] to 10.100.1.131[500] (36 bytes)
>>>>>>> Jul 16 23:27:29 vpn02 charon: 14[IKE] IKE_SA (unnamed)[2] state
>>>>>>> change: CREATED => DESTROYING
>>>>>>>
>>>>>>> #right side
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[DMN] Starting IKE charon daemon
>>>>>>> (strongSwan 5.2.0, Linux 2.6.32-431.29.2.el6.x86_64, x86_64)
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[LIB] openssl FIPS mode(2) - enabled
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[CFG] loading ca certificates from
>>>>>>> '/etc/strongswan/ipsec.d/cacerts'
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[CFG] loaded ca certificate "C=US,
>>>>>>> ST=WA, L=xxxxx, O=xxxxx, OU=xxxxx, CN=StrongSwan Intermediate CA" from
>>>>>>> '/etc/strongswan/ipsec.d/cacerts/int.crt.pem'
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[CFG] loaded ca certificate "C=US,
>>>>>>> ST=WA, L=xxxxx, O=xxxxx, OU=xxxxx, CN=StrongSwan Root CA" from
>>>>>>> '/etc/strongswan/ipsec.d/cacerts/rootCa.crt.pem'
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[CFG] loading aa certificates from
>>>>>>> '/etc/strongswan/ipsec.d/aacerts'
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[CFG] loading ocsp signer
>>>>>>> certificates from '/etc/strongswan/ipsec.d/ocspcerts'
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[CFG] loading attribute certificates
>>>>>>> from '/etc/strongswan/ipsec.d/acerts'
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[CFG] loading crls from
>>>>>>> '/etc/strongswan/ipsec.d/crls'
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[CFG] loading secrets from
>>>>>>> '/etc/strongswan/ipsec.secrets'
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[CFG] loaded IKE secret for %any
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[LIB] loaded plugins: charon curl
>>>>>>> aes des rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints
>>>>>>> acert pubkey pkcs1 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp
>>>>>>> xcbc cmac hmac attr kernel-netlink resolve socket-default farp stroke vici
>>>>>>> updown eap-identity eap-md5 eap-gtc eap-mschapv2 eap-tls eap-ttls eap-peap
>>>>>>> xauth-generic xauth-eap xauth-pam xauth-noauth dhcp
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[LIB] unable to load 3 plugin
>>>>>>> features (3 due to unmet dependencies)
>>>>>>> Jul 16 23:27:12 vpn03 charon: 00[JOB] spawning 16 worker threads
>>>>>>> Jul 16 23:27:12 vpn03 charon: 08[CFG] received stroke: add
>>>>>>> connection 'rw'
>>>>>>> Jul 16 23:27:12 vpn03 charon: 08[CFG] added configuration 'rw'
>>>>>>> Jul 16 23:27:29 vpn03 charon: 10[CFG] received stroke: initiate 'rw'
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] queueing IKE_VENDOR task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] queueing IKE_INIT task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] queueing IKE_NATD task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] queueing IKE_CERT_PRE task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] queueing IKE_AUTH task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] queueing IKE_CERT_POST task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] queueing IKE_CONFIG task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] queueing IKE_AUTH_LIFETIME task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] queueing IKE_MOBIKE task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] queueing CHILD_CREATE task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] activating new tasks
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] activating IKE_VENDOR task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] activating IKE_INIT task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] activating IKE_NATD task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] activating IKE_CERT_PRE task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] activating IKE_AUTH task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] activating IKE_CERT_POST task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] activating IKE_CONFIG task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] activating CHILD_CREATE task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] activating IKE_AUTH_LIFETIME
>>>>>>> task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] activating IKE_MOBIKE task
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] initiating IKE_SA rw[1] to
>>>>>>> 10.100.1.20
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] IKE_SA rw[1] state change:
>>>>>>> CREATED => CONNECTING
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] natd_chunk => 22 bytes @
>>>>>>> 0x7f586c0028c0
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] 0: 8E E1 E7 6D 58 37 7C 61
>>>>>>> 00 00 00 00 00 00 00 00 ...mX7|a........
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] 16: 0A 64 01 14 01
>>>>>>> F4 .d....
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] natd_hash => 20 bytes @
>>>>>>> 0x7f586c0028e0
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] 0: D5 57 BE 5C 11 13 5D A8
>>>>>>> 60 7D 72 BF FC 4E A3 CF .W.\..].`}r..N..
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] 16: 9C 06 49
>>>>>>> FD ..I.
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] natd_chunk => 22 bytes @
>>>>>>> 0x7f586c0025c0
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] 0: 8E E1 E7 6D 58 37 7C 61
>>>>>>> 00 00 00 00 00 00 00 00 ...mX7|a........
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] 16: 0A 64 01 83 01
>>>>>>> F4 .d....
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] natd_hash => 20 bytes @
>>>>>>> 0x7f586c0025e0
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] 0: 29 E2 9B CE 30 89 84 08
>>>>>>> B6 13 EF D5 75 EA 11 74 )...0.......u..t
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[IKE] 16: C7 9F E7
>>>>>>> 7B ...{
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[ENC] generating IKE_SA_INIT request
>>>>>>> 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
>>>>>>> Jul 16 23:27:29 vpn03 charon: 12[NET] sending packet: from
>>>>>>> 10.100.1.131[500] to 10.100.1.20[500] (964 bytes)
>>>>>>> Jul 16 23:27:29 vpn03 charon: 13[NET] received packet: from
>>>>>>> 10.100.1.20[500] to 10.100.1.131[500] (36 bytes)
>>>>>>> Jul 16 23:27:29 vpn03 charon: 13[ENC] parsed IKE_SA_INIT response 0
>>>>>>> [ N(NO_PROP) ]
>>>>>>> Jul 16 23:27:29 vpn03 charon: 13[IKE] received NO_PROPOSAL_CHOSEN
>>>>>>> notify error
>>>>>>> Jul 16 23:27:29 vpn03 charon: 13[IKE] IKE_SA rw[1] state change:
>>>>>>> CONNECTING => DESTROYING
>>>>>>>
>>>>>>> #strongswan.conf
>>>>>>> charon {
>>>>>>> load_modular = yes
>>>>>>> plugins {
>>>>>>> include strongswan.d/charon/*.conf
>>>>>>> }
>>>>>>> }
>>>>>>>
>>>>>>> include strongswan.d/*.conf
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Jul 16, 2015 at 3:10 PM, Randy Wyatt <rwwyatt01 at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Have you tried limiting the proposals supported?
>>>>>>>> ike=aes128-sha1-modp1024
>>>>>>>> esp=aes128-sha1
>>>>>>>>
>>>>>>>> If you don't specify the proposal, everything is sent. Can you
>>>>>>>> increase the debugging on ike so we can look a little more at the proposal
>>>>>>>> and configured?
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Randy
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Jul 16, 2015 at 2:08 PM, Aaron <hawaiiaaron at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hi, I have strongswan setup in a host to host configuration using
>>>>>>>>> a shared secret for testing, but am not able to get it to establish a
>>>>>>>>> tunnel. The left side attempts to retransmit packets till it gives up and
>>>>>>>>> on the right side I receive this error. Any help appreciated. Thanks!
>>>>>>>>>
>>>>>>>>> Jul 16 21:01:19 vpn02 charon: 12[NET] received packet: from
>>>>>>>>> 10.100.1.20[500] to 10.100.1.131[500] (36 bytes)
>>>>>>>>> Jul 16 21:01:19 vpn02 charon: 12[ENC] parsed IKE_SA_INIT response
>>>>>>>>> 0 [ N(NO_PROP) ]
>>>>>>>>> Jul 16 21:01:19 vpn02 charon: 12[IKE] received NO_PROPOSAL_CHOSEN
>>>>>>>>> notify error
>>>>>>>>>
>>>>>>>>> #ipsec.conf file
>>>>>>>>> #right side and leftside are identical
>>>>>>>>> config setup
>>>>>>>>> charondebug=all
>>>>>>>>>
>>>>>>>>> conn %default
>>>>>>>>> ikelifetime=60m
>>>>>>>>> keylife=20m
>>>>>>>>> rekeymargin=3m
>>>>>>>>> keyingtries=1
>>>>>>>>> keyexchange=ikev2
>>>>>>>>> authby=psk
>>>>>>>>>
>>>>>>>>> conn rw
>>>>>>>>> left=10.100.1.20
>>>>>>>>> leftid=10.100.1.20
>>>>>>>>> leftfirewall=no
>>>>>>>>> right=10.100.1.131
>>>>>>>>> rightid=10.100.1.131
>>>>>>>>> auto=start
>>>>>>>>> authby=psk
>>>>>>>>>
>>>>>>>>> # ipsec.secrets file
>>>>>>>>> : PSK "mypsksecret"
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Users mailing list
>>>>>>>>> Users at lists.strongswan.org
>>>>>>>>> https://lists.strongswan.org/mailman/listinfo/users
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150716/c3ef0167/attachment-0001.html>
More information about the Users
mailing list