[strongSwan] StrongSwan generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ] (Linux/Anroid)
x x
unvilon at gmail.com
Tue Dec 6 14:35:24 CET 2016
Hi everyone!,
When I'm trying to connect my server using Strongswan Network Manager
for linux or Strongswan VPN for Android and I'm getting the following
error:
Client logs:
Dec 6 03:59:46 linuxlite-VirtualBox charon-nm: 14[NET] received
packet: from *.*.*.*[500] to 10.0.2.15[56910] (38 bytes)
Dec 6 03:59:46 linuxlite-VirtualBox charon-nm: 14[ENC] parsed
IKE_SA_INIT response 0 [ N(INVAL_KE) ]
Dec 6 03:59:46 linuxlite-VirtualBox charon-nm: 14[IKE] peer didn't
accept DH group MODP_2048, it requested MODP_1024
Dec 6 03:59:46 linuxlite-VirtualBox charon-nm: 14[IKE] initiating
IKE_SA VPN connection 1[2] to *.*.*.*
Dec 6 03:59:46 linuxlite-VirtualBox charon-nm: 14[ENC] generating
IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG)
]
Dec 6 03:59:46 linuxlite-VirtualBox charon-nm: 14[NET] sending
packet: from 10.0.2.15[56910] to *.*.*.*[500] (1128 bytes)
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 15[NET] received
packet: from *.*.*.*[500] to 10.0.2.15[56910] (328 bytes)
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 15[ENC] parsed
IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP)
N(HASH_ALG) N(MULT_AUTH) ]
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 15[IKE] local host is
behind NAT, sending keep alives
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 15[IKE] remote host is
behind NAT
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 15[IKE] establishing
CHILD_SA VPN connection 1
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 15[ENC] generating
IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR DNS NBNS) SA
TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 15[NET] sending
packet: from 10.0.2.15[4500] to *.*.*.*[4500] (348 bytes)
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 16[NET] received
packet: from *.*.*.*[4500] to 10.0.2.15[4500] (2028 bytes)
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 16[ENC] parsed
IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 16[IKE] received end
entity cert "C=com, O=myvpn, CN=*.*.*.*"
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 16[CFG] no issuer
certificate found for "C=com, O=myvpn, CN=*.*.*.*"
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 16[CFG] using
trusted certificate "C=com, O=myvpn, CN=*.*.*.*"
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 16[IKE] signature
validation failed, looking for another key
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 16[CFG] using
certificate "C=com, O=myvpn, CN=*.*.*.*"
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 16[CFG] no issuer
certificate found for "C=com, O=myvpn, CN=*.*.*.*"
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 16[ENC] generating
INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
Dec 6 03:59:47 linuxlite-VirtualBox charon-nm: 16[NET] sending
packet: from 10.0.2.15[4500] to *.*.*.*[4500] (76 bytes)
Dec 6 03:59:47 linuxlite-VirtualBox NetworkManager[901]: <warn>
[1481025587.1913]
vpn-connection[0x134c7e0,115781dc-3a16-4f78-83ac-d2d09d00431b,"VPN
connection 1",0]: VPN plugin: failed: connect-failed (1)
Dec 6 03:59:47 linuxlite-VirtualBox NetworkManager[901]: <info>
[1481025587.1915]
vpn-connection[0x134c7e0,115781dc-3a16-4f78-83ac-d2d09d00431b,"VPN
connection 1",0]: VPN plugin: state changed: stopped (6)
Dec 6 03:59:47 linuxlite-VirtualBox NetworkManager[901]: <info>
[1481025587.1920]
vpn-connection[0x134c7e0,115781dc-3a16-4f78-83ac-d2d09d00431b,"VPN
connection 1",0]: VPN plugin: state change reason: unknown (0)
Server Logs:
Dec 6 07:24:38 02[MGR] IKE_SA IKEv2-EAP[2] successfully checked out
Dec 6 07:24:38 02[NET] <IKEv2-EAP|2> received packet: from
*.*.*.*[54942] to *.*.*.*[4500] (76 bytes)
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing body of message, first
payload is ENCRYPTED
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> starting parsing a ENCRYPTED payload
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing ENCRYPTED payload, 48 bytes left
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing payload from => 48 bytes
@ 0x7f8bac000f70
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 29 00 00 30 DE 8E 7A 8D DB
AB 4B 52 BD 02 86 AE )..0..z...KR....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 16: 3B A4 97 DE 4B DF 54 C3 D8
88 52 E4 39 DE 65 CF ;...K.T...R.9.e.
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 32: 93 E7 92 E6 39 2A BE D1 1A
45 8F 81 60 2C D8 CF ....9*...E..`,..
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 0 U_INT_8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 41
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 1 U_INT_8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 2 PAYLOAD_LENGTH
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 48
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 3 CHUNK_DATA
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 44 bytes @ 0x7f8ba0000bb0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: DE 8E 7A 8D DB AB 4B 52 BD
02 86 AE 3B A4 97 DE ..z...KR....;...
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 16: 4B DF 54 C3 D8 88 52 E4 39
DE 65 CF 93 E7 92 E6 K.T...R.9.e.....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 32: 39 2A BE D1 1A 45 8F 81 60
2C D8 CF 9*...E..`,..
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing ENCRYPTED payload finished
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> verifying payload of type ENCRYPTED
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> ENCRYPTED payload verified,
adding to payload list
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> ENCRYPTED payload found, stop parsing
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> process payload of type ENCRYPTED
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> found an encrypted payload
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> encrypted payload decryption:
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> IV => 16 bytes @ 0x7f8ba0000bb0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: DE 8E 7A 8D DB AB 4B 52 BD
02 86 AE 3B A4 97 DE ..z...KR....;...
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> encrypted => 28 bytes @ 0x7f8ba0000bc0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 4B DF 54 C3 D8 88 52 E4 39
DE 65 CF 93 E7 92 E6 K.T...R.9.e.....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 16: 39 2A BE D1 1A 45 8F 81 60
2C D8 CF 9*...E..`,..
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> ICV => 12 bytes @ 0x7f8ba0000bd0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 39 2A BE D1 1A 45 8F 81 60
2C D8 CF 9*...E..`,..
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> assoc => 32 bytes @ 0x7f8ba0000c10
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 7F C8 54 2B 99 F3 C8 3C B6
AE 7A 15 F1 16 9C ED ..T+...<..z.....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 16: 2E 20 25 08 00 00 00 02 00
00 00 4C 29 00 00 30 . %........L)..0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> plain => 8 bytes @ 0x7f8ba0000bc0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 00 00 00 08 00 00 00 18
........
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> padding => 8 bytes @ 0x7f8ba0000bc8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 57 0A 7D 3A B4 9C DB 07
W.}:....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing NOTIFY payload, 8 bytes left
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing payload from => 8 bytes
@ 0x7f8ba0000bc0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 00 00 00 08 00 00 00 18
........
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 0 U_INT_8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 1 FLAG
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 2 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 3 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 4 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 5 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 6 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 7 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 8 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 9 PAYLOAD_LENGTH
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 10 U_INT_8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 11 SPI_SIZE
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 12 U_INT_16
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 24
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 13 SPI
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0 bytes @ (nil)
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing rule 14 CHUNK_DATA
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0 bytes @ (nil)
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsing NOTIFY payload finished
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsed content of encrypted payload
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> insert decrypted payload of type
NOTIFY at end of list
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> verifying message structure
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> found payload of type NOTIFY
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> parsed INFORMATIONAL request 2 [
N(AUTH_FAILED) ]
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> added payload of type NOTIFY to message
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> order payloads in message
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> added payload of type NOTIFY to message
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating INFORMATIONAL
response 2 [ N(AUTH_FAILED) ]
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> insert payload NOTIFY into
encrypted payload
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating payload of type HEADER
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 0 IKE_SPI
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 8 bytes @ 0x7f8ba0001728
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 7F C8 54 2B 99 F3 C8 3C
..T+...<
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 1 IKE_SPI
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 8 bytes @ 0x7f8ba0001730
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: B6 AE 7A 15 F1 16 9C ED
..z.....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 2 U_INT_8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 46
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 3 U_INT_4
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 32
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 4 U_INT_4
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 32
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 5 U_INT_8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 37
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 6 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 7 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 8 FLAG
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 32
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 9 FLAG
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 32
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 10 FLAG
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 32
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 11 FLAG
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 32
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 12 FLAG
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 32
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 13 FLAG
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 32
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 14 U_INT_32
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 4 bytes @ 0x7f8bbfe028c4
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 00 00 00 02
....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 15 HEADER_LENGTH
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 4 bytes @ 0x7f8bbfe028c4
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 00 00 00 1C
....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating HEADER payload finished
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generated data for this payload
=> 28 bytes @ 0x7f8ba0001420
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 7F C8 54 2B 99 F3 C8 3C B6
AE 7A 15 F1 16 9C ED ..T+...<..z.....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 16: 2E 20 25 20 00 00 00 02 00
00 00 1C . % ........
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generated data of this generator
=> 28 bytes @ 0x7f8ba0001420
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 7F C8 54 2B 99 F3 C8 3C B6
AE 7A 15 F1 16 9C ED ..T+...<..z.....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 16: 2E 20 25 20 00 00 00 02 00
00 00 1C . % ........
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating payload of type NOTIFY
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 0 U_INT_8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 1 FLAG
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 2 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 3 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 4 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 5 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 6 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 7 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 8 RESERVED_BIT
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 9 PAYLOAD_LENGTH
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 2 bytes @ 0x7f8bbfe02a54
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 00 08
..
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 10 U_INT_8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 11 SPI_SIZE
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 12 U_INT_16
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 2 bytes @ 0x7f8bbfe02a54
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 00 18
..
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 13 SPI
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0 bytes @ (nil)
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 14 CHUNK_DATA
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0 bytes @ (nil)
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating NOTIFY payload finished
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generated data for this payload
=> 8 bytes @ 0x7f8ba0001620
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 00 00 00 08 00 00 00 18
........
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generated data of this generator
=> 8 bytes @ 0x7f8ba0001620
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 00 00 00 08 00 00 00 18
........
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generated content in encrypted payload
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> encrypted payload encryption:
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> IV => 16 bytes @ 0x7f8ba0000bb0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: E5 A6 C1 F8 7B 09 D4 DA 88
AE DA 28 A9 EE 97 F6 ....{......(....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> plain => 8 bytes @ 0x7f8ba0000bc0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 00 00 00 08 00 00 00 18
........
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> padding => 8 bytes @ 0x7f8ba0000bc8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 49 DA 12 EA F7 7F C1 07
I.......
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> assoc => 32 bytes @ 0x7f8ba0000c10
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 7F C8 54 2B 99 F3 C8 3C B6
AE 7A 15 F1 16 9C ED ..T+...<..z.....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 16: 2E 20 25 20 00 00 00 02 00
00 00 4C 29 00 00 30 . % .......L)..0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> encrypted => 16 bytes @ 0x7f8ba0000bc0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 0C A8 F1 88 DB B8 5B 9E 2A
F9 34 EE F4 9E 86 C4 ......[.*.4.....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> ICV => 12 bytes @ 0x7f8ba0000bd0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 83 6A AE 3D 70 A7 51 4C 10
40 3E E9 .j.=p.QL.@>.
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating payload of type ENCRYPTED
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 0 U_INT_8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 41
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 1 U_INT_8
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 2 PAYLOAD_LENGTH
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 2 bytes @ 0x7f8bbfe02af4
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 00 30
.0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating rule 3 CHUNK_DATA
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> => 44 bytes @ 0x7f8ba0000bb0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: E5 A6 C1 F8 7B 09 D4 DA 88
AE DA 28 A9 EE 97 F6 ....{......(....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 16: 0C A8 F1 88 DB B8 5B 9E 2A
F9 34 EE F4 9E 86 C4 ......[.*.4.....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 32: 83 6A AE 3D 70 A7 51 4C 10
40 3E E9 .j.=p.QL.@>.
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generating ENCRYPTED payload finished
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generated data for this payload
=> 48 bytes @ 0x7f8ba000143c
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 29 00 00 30 E5 A6 C1 F8 7B
09 D4 DA 88 AE DA 28 )..0....{......(
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 16: A9 EE 97 F6 0C A8 F1 88 DB
B8 5B 9E 2A F9 34 EE ..........[.*.4.
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 32: F4 9E 86 C4 83 6A AE 3D 70
A7 51 4C 10 40 3E E9 .....j.=p.QL.@>.
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> generated data of this generator
=> 76 bytes @ 0x7f8ba0001420
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 0: 7F C8 54 2B 99 F3 C8 3C B6
AE 7A 15 F1 16 9C ED ..T+...<..z.....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 16: 2E 20 25 20 00 00 00 02 00
00 00 4C 29 00 00 30 . % .......L)..0
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 32: E5 A6 C1 F8 7B 09 D4 DA 88
AE DA 28 A9 EE 97 F6 ....{......(....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 48: 0C A8 F1 88 DB B8 5B 9E 2A
F9 34 EE F4 9E 86 C4 ......[.*.4.....
Dec 6 07:24:38 02[ENC] <IKEv2-EAP|2> 64: 83 6A AE 3D 70 A7 51 4C 10
40 3E E9 .j.=p.QL.@>.
Dec 6 07:24:38 02[NET] <IKEv2-EAP|2> sending packet: from
*.*.*.*[4500] to *.*.*.*[54942] (76 bytes)
Dec 6 07:24:38 07[NET] sending packet: from *.*.*.*[4500] to *.*.*.*[54942]
Dec 6 07:24:38 02[MGR] <IKEv2-EAP|2> checkin and destroy IKE_SA IKEv2-EAP[2]
Dec 6 07:24:38 02[IKE] <IKEv2-EAP|2> IKE_SA IKEv2-EAP[2] state
change: CONNECTING => DESTROYING
Dec 6 07:24:38 02[MGR] check-in and destroy of IKE_SA successful
Dec 6 07:25:08 04[JOB] got event, queuing job for execution
Dec 6 07:25:08 04[JOB] no events, waiting
Dec 6 07:25:08 01[MGR] checkout IKE_SA
Config:
# ipsec.conf - strongSwan IPsec configuration file
config setup
uniqueids=never
conn %default
keyexchange=ikev2
ike=aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
esp=aes256-sha256,aes256-sha1,3des-sha1!
rekey=no
dpdaction=clear
dpddelay=300s
left=%any
leftsubnet=0.0.0.0/0
leftcert=server.cert.pem
right=%any
rightsourceip=10.31.2.0/24
auto=add
conn IKEv2-EAP
ike=aes256-sha1-modp1024!
esp=aes256-sha1!
leftsendcert=always
leftauth=pubkey
leftid=%any
rightsendcert=never
rightauth=eap-mschapv2
rightid=%any
eap_identity=%identity
rekey=no
fragmentation=yes
strongswan version - 5.5.1
But it works fine under windows 8/10.. Any ideas?
More information about the Users
mailing list