[strongSwan] Problem with Windows 10 machine certificate authorization.

Alexander O. 900632 at gmail.com
Mon Aug 8 15:13:13 CEST 2016


Hello!

I have a fully working configuration on Debian 8 for Windows 7 IKEv2
clients (machine certificate authorization), but I ran into the problem
with Windows 10 clients (same on Windows 8.1)...

What I did step-by-step?

I have issued a set of keys and certificates by following this:

ipsec pki --gen > caKey.der
ipsec pki --self --in caKey.der --dn "C=RU, O=TestLab, CN=TestLab CA" --ca
> caCert.der
ipsec pki --gen > peerKey.der
ipsec pki --pub --in peerKey.der | ipsec pki --issue --flag serverAuth
--flag ikeIntermediate --san "vpn.local" --cacert caCert.der --cakey
caKey.der --dn "C=RU, O=TestLab, CN=vpn.local" > peerCert.der
openssl x509 -inform der -outform pem -in caCert.der -out caCert.pem
openssl x509 -inform der -outform pem -in peerCert.der -out peerCert.pem
openssl rsa -inform der -outform pem -in peerKey.der -out peerKey.pem
openssl pkcs12 -in peerCert.pem -inkey peerKey.pem -certfile caCert.pem
-export -out peer.p12
cp caCert.der /etc/ipsec.d/cacerts/caCert.der
cp peerCert.der /etc/ipsec.d/certs/peerCert.der
cp peerKey.der /etc/ipsec.d/private/peerKey.der

Set up the following configuration files:

/etc/ipsec.secrets
: RSA peerKey.der


/etc/ipsec.conf
config setup
        charondebug="cfg 2, ike 4, net 2, esp 2"
        uniqueids = no

conn %default
        auto=add
        left=%any
        right=%any
        rekey=no

ike=aes256-sha1-modp2048,aes256-sha1-modp1024,aes256-sha256-modp2048!
        esp=aes256-sha1,aes128-sha1,aes256-sha256!

conn IKEV2-pubkey
        keyexchange=ikev2
        leftauth=pubkey
        leftcert=peerCert.der
        leftsendcert=always
        leftsubnet=10.0.0.0/8
        rightauth=pubkey
        rightsourceip=192.168.3.0/27
        rightdns=8.8.8.8
        dpdaction=clear
        dpddelay=35s
        dpdtimeout=300s


Status of IPsec daemon:

root at vpn:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.2.1, Linux 3.16.0-4-amd64,
x86_64):
  uptime: 26 minutes, since Aug 08 15:21:14 2016
  malloc: sbrk 2445312, mmap 0, used 328096, free 2117216
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
  loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation
constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl
fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default
stroke updown
Virtual IP pools (size/online/offline):
  192.168.3.0/27: 30/0/1
Listening IP addresses:
  192.168.1.24
Connections:
IKEV2-pubkey:  %any...%any  IKEv2, dpddelay=35s
IKEV2-pubkey:   local:  [C=RU, O=TestLab, CN=vpn.local] uses public key
authentication
IKEV2-pubkey:    cert:  "C=RU, O=TestLab, CN=vpn.local"
IKEV2-pubkey:   remote: uses public key authentication
IKEV2-pubkey:   child:  10.0.0.0/8 === dynamic TUNNEL, dpdaction=clear
Security Associations (0 up, 0 connecting):
  none

I have installed peer.p12 on Windows 10 machine just like I did it on
Windows 7 machines (by following guides from this
https://wiki.strongswan.org/projects/strongswan/wiki/Windows7 page).
The problem is while Windows 7 successfully authenticates on VPN server,
Windows 10 or 8.1 returns error 13806...

Client and server on the same local network to exclude any possible
problems in the middle.

Syslog output:
Aug  8 15:45:30 vpn charon: 04[NET] received packet: from 192.168.1.10[500]
to 192.168.1.24[500]
Aug  8 15:45:30 vpn charon: 04[NET] waiting for data on sockets
Aug  8 15:45:30 vpn charon: 14[NET] received packet: from 192.168.1.10[500]
to 192.168.1.24[500] (616 bytes)
Aug  8 15:45:30 vpn charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Aug  8 15:45:30 vpn charon: 14[CFG] looking for an ike config for
192.168.1.24...192.168.1.10
Aug  8 15:45:30 vpn charon: 14[CFG]   candidate: %any...%any, prio 28
Aug  8 15:45:30 vpn charon: 14[CFG] found matching ike config: %any...%any
with prio 28
Aug  8 15:45:30 vpn charon: 14[ENC] received unknown vendor ID:
1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:09
Aug  8 15:45:30 vpn charon: 14[ENC] received unknown vendor ID:
fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Aug  8 15:45:30 vpn charon: 14[ENC] received unknown vendor ID:
26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Aug  8 15:45:30 vpn charon: 14[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Aug  8 15:45:30 vpn charon: 14[IKE] 192.168.1.10 is initiating an IKE_SA
Aug  8 15:45:30 vpn charon: 14[IKE] IKE_SA (unnamed)[10] state change:
CREATED => CONNECTING
Aug  8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 14[CFG]   no acceptable ENCRYPTION_ALGORITHM
found
Aug  8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 14[CFG]   no acceptable DIFFIE_HELLMAN_GROUP
found
Aug  8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 14[CFG]   no acceptable ENCRYPTION_ALGORITHM
found
Aug  8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 14[CFG]   no acceptable PSEUDO_RANDOM_FUNCTION
found
Aug  8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 14[CFG]   no acceptable ENCRYPTION_ALGORITHM
found
Aug  8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 14[CFG]   no acceptable PSEUDO_RANDOM_FUNCTION
found
Aug  8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 14[CFG]   no acceptable ENCRYPTION_ALGORITHM
found
Aug  8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 14[CFG]   proposal matches
Aug  8 15:45:30 vpn charon: 14[CFG] received proposals:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024,
IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024
Aug  8 15:45:30 vpn charon: 14[CFG] configured proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug  8 15:45:30 vpn charon: 14[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug  8 15:45:30 vpn charon: 14[IKE] natd_chunk => 22 bytes @ 0x7fe288005fd0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: B6 1B 44 16 F0 04 F9 FD 00 00 00
00 00 00 00 00  ..D.............
Aug  8 15:45:30 vpn charon: 14[IKE]   16: C0 A8 01 18 01 F4
               ......
Aug  8 15:45:30 vpn charon: 14[IKE] natd_hash => 20 bytes @ 0x7fe288005200
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 4E 20 72 B9 60 F2 F7 08 CB EF 8D
2F 0F EE D0 9B  N r.`....../....
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 85 B6 8B 9D
               ....
Aug  8 15:45:30 vpn charon: 14[IKE] natd_chunk => 22 bytes @ 0x7fe288005fd0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: B6 1B 44 16 F0 04 F9 FD 00 00 00
00 00 00 00 00  ..D.............
Aug  8 15:45:30 vpn charon: 14[IKE]   16: C0 A8 01 0A 01 F4
               ......
Aug  8 15:45:30 vpn charon: 14[IKE] natd_hash => 20 bytes @ 0x7fe288005370
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 65 C2 68 A4 3A C9 9C F4 09 BF A3
F1 01 1D CC 7D  e.h.:..........}
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 83 9F 34 4C
               ..4L
Aug  8 15:45:30 vpn charon: 14[IKE] precalculated src_hash => 20 bytes @
0x7fe288005370
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 65 C2 68 A4 3A C9 9C F4 09 BF A3
F1 01 1D CC 7D  e.h.:..........}
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 83 9F 34 4C
               ..4L
Aug  8 15:45:30 vpn charon: 14[IKE] precalculated dst_hash => 20 bytes @
0x7fe288005200
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 4E 20 72 B9 60 F2 F7 08 CB EF 8D
2F 0F EE D0 9B  N r.`....../....
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 85 B6 8B 9D
               ....
Aug  8 15:45:30 vpn charon: 14[IKE] received src_hash => 20 bytes @
0x7fe288003cf0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 65 C2 68 A4 3A C9 9C F4 09 BF A3
F1 01 1D CC 7D  e.h.:..........}
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 83 9F 34 4C
               ..4L
Aug  8 15:45:30 vpn charon: 14[IKE] received dst_hash => 20 bytes @
0x7fe288003e10
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 4E 20 72 B9 60 F2 F7 08 CB EF 8D
2F 0F EE D0 9B  N r.`....../....
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 85 B6 8B 9D
               ....
Aug  8 15:45:30 vpn charon: 14[IKE] shared Diffie Hellman secret => 128
bytes @ 0x7fe288006de0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 04 82 FD 7D A7 94 F8 21 1F B7 BE
53 C7 8E EE C3  ...}...!...S....
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 2D 6F AB B3 91 7A 3A 4C 6A BF 93
F3 CB FA 89 62  -o...z:Lj......b
Aug  8 15:45:30 vpn charon: 14[IKE]   32: EE 1A B0 27 D2 2E 22 26 61 56 0E
03 6C BA 15 6B  ...'.."&aV..l..k
Aug  8 15:45:30 vpn charon: 14[IKE]   48: E4 DF CF CB 51 27 A6 34 14 D8 AE
86 F7 A6 D6 F6  ....Q'.4........
Aug  8 15:45:30 vpn charon: 14[IKE]   64: BD 48 CB 7E 5D CE 4C BD 68 F7 06
42 DA C9 73 D9  .H.~].L.h..B..s.
Aug  8 15:45:30 vpn charon: 14[IKE]   80: 6E 54 AC 5E FB 62 BF 8C E9 3E C4
0D B0 1C 3D 92  nT.^.b...>....=.
Aug  8 15:45:30 vpn charon: 14[IKE]   96: 4F 80 7A CE 4D F6 96 D4 68 F3 95
72 56 BD B2 7E  O.z.M...h..rV..~
Aug  8 15:45:30 vpn charon: 14[IKE]  112: E2 2B D2 FE 24 A9 A5 75 F8 15 4A
5F FE A2 C8 68  .+..$..u..J_...h
Aug  8 15:45:30 vpn charon: 14[IKE] SKEYSEED => 20 bytes @ 0x7fe288006ae0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: B2 85 01 F5 84 BA 5B F6 20 50 AD
8C B5 25 7E 6F  ......[. P...%~o
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 3B F9 EC CF
               ;...
Aug  8 15:45:30 vpn charon: 14[IKE] Sk_d secret => 20 bytes @ 0x7fe288006ae0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 0C 15 F1 AB CF 7C FC 8F 8A 7B C9
D4 88 80 17 0B  .....|...{......
Aug  8 15:45:30 vpn charon: 14[IKE]   16: D8 8E B0 E3
               ....
Aug  8 15:45:30 vpn charon: 14[IKE] Sk_ai secret => 20 bytes @
0x7fe288005200
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 1E F2 0B A2 FF 2A 63 1A 79 B0 6B
EF 50 56 4C 38  .....*c.y.k.PVL8
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 45 B9 EC 5F
               E.._
Aug  8 15:45:30 vpn charon: 14[IKE] Sk_ar secret => 20 bytes @
0x7fe2880048d0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 58 49 F2 22 7F 2B D1 32 66 AA 68
45 33 8A 91 C3  XI.".+.2f.hE3...
Aug  8 15:45:30 vpn charon: 14[IKE]   16: B0 67 22 17
               .g".
Aug  8 15:45:30 vpn charon: 14[IKE] Sk_ei secret => 32 bytes @
0x7fe2880048d0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 65 8C 10 7B 44 16 3D CE 29 F5 13
08 07 CB A2 2F  e..{D.=.)....../
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 68 53 B9 63 AC BD D0 B4 67 7D 82
0F 7C A8 4F 97  hS.c....g}..|.O.
Aug  8 15:45:30 vpn charon: 14[IKE] Sk_er secret => 32 bytes @
0x7fe2880048d0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 66 FE C5 07 5D 14 1B 09 1C A6 FA
EA F4 39 20 A1  f...]........9 .
Aug  8 15:45:30 vpn charon: 14[IKE]   16: FF C2 73 43 0A E7 9A B2 B6 F7 AA
13 23 64 F1 11  ..sC........#d..
Aug  8 15:45:30 vpn charon: 14[IKE] Sk_pi secret => 20 bytes @
0x7fe288007d20
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 30 1C 85 04 75 84 B0 11 26 FD 58
43 F6 B2 24 29  0...u...&.XC..$)
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 7F 51 D4 14
               .Q..
Aug  8 15:45:30 vpn charon: 14[IKE] Sk_pr secret => 20 bytes @
0x7fe2880048d0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: 6F DC 42 13 E2 FE DB 38 84 CC 59
F9 D2 BC B9 C4  o.B....8..Y.....
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 56 9E 99 A9
               V...
Aug  8 15:45:30 vpn charon: 14[IKE] natd_chunk => 22 bytes @ 0x7fe288004900
Aug  8 15:45:30 vpn charon: 14[IKE]    0: B6 1B 44 16 F0 04 F9 FD 00 8D B6
83 BA 48 50 F3  ..D..........HP.
Aug  8 15:45:30 vpn charon: 14[IKE]   16: C0 A8 01 18 01 F4
               ......
Aug  8 15:45:30 vpn charon: 14[IKE] natd_hash => 20 bytes @ 0x7fe288005150
Aug  8 15:45:30 vpn charon: 14[IKE]    0: DF E6 CD 25 70 78 E7 70 64 E7 47
06 88 49 11 A7  ...%px.pd.G..I..
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 3F C4 71 79
               ?.qy
Aug  8 15:45:30 vpn charon: 14[IKE] natd_chunk => 22 bytes @ 0x7fe2880039d0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: B6 1B 44 16 F0 04 F9 FD 00 8D B6
83 BA 48 50 F3  ..D..........HP.
Aug  8 15:45:30 vpn charon: 14[IKE]   16: C0 A8 01 0A 01 F4
               ......
Aug  8 15:45:30 vpn charon: 14[IKE] natd_hash => 20 bytes @ 0x7fe2880053a0
Aug  8 15:45:30 vpn charon: 14[IKE]    0: A5 68 65 6B CF 6B 05 79 00 44 D3
15 01 91 6F D2  .hek.k.y.D....o.
Aug  8 15:45:30 vpn charon: 14[IKE]   16: 0C 15 9D 4B
               ...K
Aug  8 15:45:30 vpn charon: 14[IKE] sending cert request for "C=RU,
O=TestLab, CN=TestLab CA"
Aug  8 15:45:30 vpn charon: 14[ENC] generating IKE_SA_INIT response 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Aug  8 15:45:30 vpn charon: 14[NET] sending packet: from 192.168.1.24[500]
to 192.168.1.10[500] (337 bytes)
Aug  8 15:45:30 vpn charon: 09[NET] sending packet: from 192.168.1.24[500]
to 192.168.1.10[500]
Aug  8 15:45:30 vpn charon: 04[NET] received packet: from 192.168.1.10[500]
to 192.168.1.24[500]
Aug  8 15:45:30 vpn charon: 04[NET] waiting for data on sockets
Aug  8 15:45:30 vpn charon: 12[NET] received packet: from 192.168.1.10[500]
to 192.168.1.24[500] (616 bytes)
Aug  8 15:45:30 vpn charon: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Aug  8 15:45:30 vpn charon: 12[CFG] looking for an ike config for
192.168.1.24...192.168.1.10
Aug  8 15:45:30 vpn charon: 12[CFG]   candidate: %any...%any, prio 28
Aug  8 15:45:30 vpn charon: 12[CFG] found matching ike config: %any...%any
with prio 28
Aug  8 15:45:30 vpn charon: 12[ENC] received unknown vendor ID:
1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:09
Aug  8 15:45:30 vpn charon: 12[ENC] received unknown vendor ID:
fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Aug  8 15:45:30 vpn charon: 12[ENC] received unknown vendor ID:
26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Aug  8 15:45:30 vpn charon: 12[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Aug  8 15:45:30 vpn charon: 12[IKE] 192.168.1.10 is initiating an IKE_SA
Aug  8 15:45:30 vpn charon: 12[IKE] IKE_SA (unnamed)[11] state change:
CREATED => CONNECTING
Aug  8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 12[CFG]   no acceptable ENCRYPTION_ALGORITHM
found
Aug  8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 12[CFG]   no acceptable DIFFIE_HELLMAN_GROUP
found
Aug  8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 12[CFG]   no acceptable ENCRYPTION_ALGORITHM
found
Aug  8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 12[CFG]   no acceptable PSEUDO_RANDOM_FUNCTION
found
Aug  8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 12[CFG]   no acceptable ENCRYPTION_ALGORITHM
found
Aug  8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 12[CFG]   no acceptable PSEUDO_RANDOM_FUNCTION
found
Aug  8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 12[CFG]   no acceptable ENCRYPTION_ALGORITHM
found
Aug  8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug  8 15:45:30 vpn charon: 12[CFG]   proposal matches
Aug  8 15:45:30 vpn charon: 12[CFG] received proposals:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024,
IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024
Aug  8 15:45:30 vpn charon: 12[CFG] configured proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug  8 15:45:30 vpn charon: 12[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug  8 15:45:30 vpn charon: 04[NET] received packet: from 192.168.1.10[500]
to 192.168.1.24[500]
Aug  8 15:45:30 vpn charon: 04[NET] waiting for data on sockets
Aug  8 15:45:30 vpn charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fe28c002e60
Aug  8 15:45:30 vpn charon: 12[IKE]    0: E5 31 E5 B5 46 09 82 85 00 00 00
00 00 00 00 00  .1..F...........
Aug  8 15:45:30 vpn charon: 12[IKE]   16: C0 A8 01 18 01 F4
               ......
Aug  8 15:45:30 vpn charon: 12[IKE] natd_hash => 20 bytes @ 0x7fe28c0027d0
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 2B A4 40 DB DB 5F CB A2 5A D4 57
BC 93 D9 6C E3  +. at .._..Z.W...l.
Aug  8 15:45:30 vpn charon: 12[IKE]   16: D0 71 3D 55
               .q=U
Aug  8 15:45:30 vpn charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fe28c002e60
Aug  8 15:45:30 vpn charon: 12[IKE]    0: E5 31 E5 B5 46 09 82 85 00 00 00
00 00 00 00 00  .1..F...........
Aug  8 15:45:30 vpn charon: 12[IKE]   16: C0 A8 01 0A 01 F4
               ......
Aug  8 15:45:30 vpn charon: 12[IKE] natd_hash => 20 bytes @ 0x7fe28c006740
Aug  8 15:45:30 vpn charon: 12[IKE]    0: B2 AC 37 61 EA 9B 8C C4 FA F5 FD
05 58 0E B1 75  ..7a........X..u
Aug  8 15:45:30 vpn charon: 12[IKE]   16: 50 FE F4 77
               P..w
Aug  8 15:45:30 vpn charon: 12[IKE] precalculated src_hash => 20 bytes @
0x7fe28c006740
Aug  8 15:45:30 vpn charon: 12[IKE]    0: B2 AC 37 61 EA 9B 8C C4 FA F5 FD
05 58 0E B1 75  ..7a........X..u
Aug  8 15:45:30 vpn charon: 12[IKE]   16: 50 FE F4 77
               P..w
Aug  8 15:45:30 vpn charon: 12[IKE] precalculated dst_hash => 20 bytes @
0x7fe28c0027d0
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 2B A4 40 DB DB 5F CB A2 5A D4 57
BC 93 D9 6C E3  +. at .._..Z.W...l.
Aug  8 15:45:30 vpn charon: 12[IKE]   16: D0 71 3D 55
               .q=U
Aug  8 15:45:30 vpn charon: 10[NET] received unencrypted informational:
from 192.168.1.10[500] to 192.168.1.24[500]
Aug  8 15:45:30 vpn charon: 10[ENC] payload type NOTIFY was not encrypted
Aug  8 15:45:30 vpn charon: 10[ENC] could not decrypt payloads
Aug  8 15:45:30 vpn charon: 10[IKE] INFORMATIONAL request with message ID 0
processing failed
Aug  8 15:45:30 vpn charon: 12[IKE] received src_hash => 20 bytes @
0x7fe28c001740
Aug  8 15:45:30 vpn charon: 12[IKE]    0: B2 AC 37 61 EA 9B 8C C4 FA F5 FD
05 58 0E B1 75  ..7a........X..u
Aug  8 15:45:30 vpn charon: 12[IKE]   16: 50 FE F4 77
               P..w
Aug  8 15:45:30 vpn charon: 12[IKE] received dst_hash => 20 bytes @
0x7fe28c001860
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 2B A4 40 DB DB 5F CB A2 5A D4 57
BC 93 D9 6C E3  +. at .._..Z.W...l.
Aug  8 15:45:30 vpn charon: 12[IKE]   16: D0 71 3D 55
               .q=U
Aug  8 15:45:30 vpn charon: 12[IKE] shared Diffie Hellman secret => 128
bytes @ 0x7fe28c003500
Aug  8 15:45:30 vpn charon: 12[IKE]    0: A5 7C 53 52 10 CC 8B 0D C9 BC 97
B8 1A 71 F5 08  .|SR.........q..
Aug  8 15:45:30 vpn charon: 12[IKE]   16: 21 FE BF 60 92 31 7A 27 3A 02 B0
BE 64 29 95 1A  !..`.1z':...d)..
Aug  8 15:45:30 vpn charon: 12[IKE]   32: 00 5D 30 75 D6 69 69 12 43 D1 05
BA 73 9F B3 36  .]0u.ii.C...s..6
Aug  8 15:45:30 vpn charon: 12[IKE]   48: 8F 96 F1 B4 52 84 51 A9 FB BF 95
94 89 9D EF A7  ....R.Q.........
Aug  8 15:45:30 vpn charon: 12[IKE]   64: EB 00 75 C9 C3 E7 B9 91 D3 0F 52
AA 16 89 7E 01  ..u.......R...~.
Aug  8 15:45:30 vpn charon: 12[IKE]   80: 5D 42 48 47 CF 74 4F D2 A5 E3 16
4D 6B 77 B8 AB  ]BHG.tO....Mkw..
Aug  8 15:45:30 vpn charon: 12[IKE]   96: 2C 92 48 91 4A 0A D8 0E 91 5E 97
28 FF 8E 6B 8C  ,.H.J....^.(..k.
Aug  8 15:45:30 vpn charon: 12[IKE]  112: 4B 78 4E DB AF 82 BD A6 63 4B 44
86 75 3A 95 57  KxN.....cKD.u:.W
Aug  8 15:45:30 vpn charon: 12[IKE] SKEYSEED => 20 bytes @ 0x7fe28c0037f0
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 07 59 32 CD 65 F8 EA 59 6C 71 09
49 0A CB DF AF  .Y2.e..Ylq.I....
Aug  8 15:45:30 vpn charon: 12[IKE]   16: 73 57 C7 F9
               sW..
Aug  8 15:45:30 vpn charon: 12[IKE] Sk_d secret => 20 bytes @ 0x7fe28c0037f0
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 27 7A 69 38 3E 6B 9C AB 84 73 12
67 0B B6 A3 DD  'zi8>k...s.g....
Aug  8 15:45:30 vpn charon: 12[IKE]   16: DB 8A C1 CC
               ....
Aug  8 15:45:30 vpn charon: 12[IKE] Sk_ai secret => 20 bytes @
0x7fe28c002910
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 10 DA ED 55 8B 52 0D 72 99 9F 5E
24 EC 13 35 A9  ...U.R.r..^$..5.
Aug  8 15:45:30 vpn charon: 12[IKE]   16: D7 C4 78 C1
               ..x.
Aug  8 15:45:30 vpn charon: 12[IKE] Sk_ar secret => 20 bytes @
0x7fe28c002b10
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 28 F1 3F 83 EA 9F DB 58 82 F1 69
8A 5F 10 A9 CA  (.?....X..i._...
Aug  8 15:45:30 vpn charon: 12[IKE]   16: 83 0A 52 4D
               ..RM
Aug  8 15:45:30 vpn charon: 12[IKE] Sk_ei secret => 32 bytes @
0x7fe28c002b10
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 7D E5 BE 51 EC 8B 38 2A AD 7C 05
ED 13 68 59 6F  }..Q..8*.|...hYo
Aug  8 15:45:30 vpn charon: 12[IKE]   16: F6 2D 36 4B B4 C2 56 AA 24 35 2C
E4 CE 36 EE CC  .-6K..V.$5,..6..
Aug  8 15:45:30 vpn charon: 12[IKE] Sk_er secret => 32 bytes @
0x7fe28c002b10
Aug  8 15:45:30 vpn charon: 12[IKE]    0: AD E9 3B B0 06 E1 D0 C5 CE 7D 11
6F 2D 2E 0A 53  ..;......}.o-..S
Aug  8 15:45:30 vpn charon: 12[IKE]   16: E9 F7 8D BA 9F 71 86 56 D7 41 A7
BD 87 CD CA 29  .....q.V.A.....)
Aug  8 15:45:30 vpn charon: 12[IKE] Sk_pi secret => 20 bytes @
0x7fe28c004070
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 35 61 FD 18 83 28 5A 7A 45 8A 13
20 53 77 F3 84  5a...(ZzE.. Sw..
Aug  8 15:45:30 vpn charon: 12[IKE]   16: 88 6D 7E 56
               .m~V
Aug  8 15:45:30 vpn charon: 12[IKE] Sk_pr secret => 20 bytes @
0x7fe28c002910
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 28 30 A3 D6 46 14 D2 9D 80 6C 6B
A4 30 66 18 D7  (0..F....lk.0f..
Aug  8 15:45:30 vpn charon: 12[IKE]   16: 54 29 4A B5
               T)J.
Aug  8 15:45:30 vpn charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fe28c006da0
Aug  8 15:45:30 vpn charon: 12[IKE]    0: E5 31 E5 B5 46 09 82 85 A2 D4 19
31 65 6E 42 E5  .1..F......1enB.
Aug  8 15:45:30 vpn charon: 12[IKE]   16: C0 A8 01 18 01 F4
               ......
Aug  8 15:45:30 vpn charon: 12[IKE] natd_hash => 20 bytes @ 0x7fe28c0029f0
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 19 92 F3 CE 5C A7 A9 55 BB CF CB
42 91 CD A9 C3  ....\..U...B....
Aug  8 15:45:30 vpn charon: 12[IKE]   16: A3 BF DB CC
               ....
Aug  8 15:45:30 vpn charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fe28c002af0
Aug  8 15:45:30 vpn charon: 12[IKE]    0: E5 31 E5 B5 46 09 82 85 A2 D4 19
31 65 6E 42 E5  .1..F......1enB.
Aug  8 15:45:30 vpn charon: 12[IKE]   16: C0 A8 01 0A 01 F4
               ......
Aug  8 15:45:30 vpn charon: 12[IKE] natd_hash => 20 bytes @ 0x7fe28c0079d0
Aug  8 15:45:30 vpn charon: 12[IKE]    0: 54 F2 96 1C D1 9C 7C BC 6F 23 DA
92 67 34 C6 BF  T.....|.o#..g4..
Aug  8 15:45:30 vpn charon: 12[IKE]   16: 62 95 74 1A
               b.t.
Aug  8 15:45:30 vpn charon: 12[IKE] sending cert request for "C=RU,
O=TestLab, CN=TestLab CA"
Aug  8 15:45:30 vpn charon: 12[ENC] generating IKE_SA_INIT response 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Aug  8 15:45:30 vpn charon: 12[NET] sending packet: from 192.168.1.24[500]
to 192.168.1.10[500] (337 bytes)
Aug  8 15:45:30 vpn charon: 09[NET] sending packet: from 192.168.1.24[500]
to 192.168.1.10[500]


What should I do?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160808/328ac2a4/attachment-0001.html>


More information about the Users mailing list