[strongSwan] Very strange strongSwan log entries

bls s bls3427 at outlook.com
Fri Dec 8 17:51:16 CET 2017


Hi, just wanted to let everyone know that in switching to Charon-systemd all of these bogus log entries have gone away (which was my hope when I started down the path of switching!). In case anyone else is using a similar configuration, here’s the equivalent swanctl.conf for the prior ipsec.conf

connections {

    ikev2-eap-mschapv2 {
            version = 2
#            proposals = aes192gcm16-aes128gcm16-aes192-prfsha256-ecp256-ecp521,aes192-sha256-modp3072,default
            proposals = aes256-sha1-modp1024,aes192-sha256-modp3072,default
            rekey_time = 0s
            pools = primary-pool-ipv4
            fragmentation = yes
            dpd_delay = 30s
            mobike = yes

         local-1 {
             certs = strongswanCert.pem
             id = ipsec.server.starwhite
             auth = psk
         }

         remote-1 {
             auth = eap-mschapv2
             id = ipsec.client.starwhite
             eap_id = %any
        }

        children {
            ikev2-eap-mschapv2 {
                local_ts = 0.0.0.0/0
                rekey_time = 0s
                dpd_action = clear
#                esp_proposals = aes192gcm16-aes128gcm16-aes192-ecp256,aes192-sha256-modp3072,default
                esp_proposals = aes256-sha1-modp1024,aes192-sha256-modp3072,default
#               updown = /libexec/ipsec/_updown iptables
                }
            }
    }
    ikev2-pubkey {
             version = 2
             proposals = aes256-sha1-modp1024,aes192-sha256-modp3072,default
             rekey_time = 0s
             pools = primary-pool-ipv4
             fragmentation = yes
             dpd_delay = 30s

             local-1 {
                 certs = vpnHostCert.pem
                 id = ipsec.server.starwhite
             }

             remote-1 {   # defaults are fine
             }

             children {
                 ikev2-pubkey {
                     local_ts = 0.0.0.0/0
                     rekey_time = 0s
                     dpd_action = clear
                     esp_proposals = aes256-sha1-modp1024,aes192-sha256-modp3072,default
                 }
            }
    }
}

pools {
    primary-pool-ipv4 {
        addrs = 10.92.10.0/24
        dns = 192.168.92.3, 8.8.8.8
    }
}

include conf.d/*.conf

And here is the secrets file from /etc/swanctl/conf.d/swanctl-secrets.conf. I put it in a separate file to simplify my script for generating secrets and .mobileconfig files.

secrets {
    ike-psk {
        secret=biglongsecretstring
    }
    eap-xxx at mydomain {
        id = xxx at mydomain
        secret=biglongsecretstring2
    }
}

From: bls s<mailto:bls3427 at outlook.com>
Sent: Tuesday, November 21, 2017 3:47 PM
To: users at lists.strongswan.org<mailto:users at lists.strongswan.org>
Subject: Very strange strongSwan log entries

I'm REALLY confused about what I'm seeing in the strongSwan log! I've probably got a serious configuration error, and would really appreciate some pointers toward fixing this. A summary description would be "VPN road warrior connections established with one client generate log activity to/from another IP address".

Thanks!

Here's my configuration information:
* Strongswan V5.6.0 on OpenSuse 42.3 with one VPN user configured at the moment (me on my iPhone).
* Build command line:
  $ ./configure --enable-eap-mschapv2 --enable-eap-identity --enable-openssl --enable-eap-md5 --enable-eap-tls --enable-eap-dynamic --enable-tools

* ipsec.conf:

    config setup
        strictcrlpolicy=no
        uniqueids=no

    conn %default
        dpdaction=clear
        dpddelay=35s
        dpdtimeout=120s
        fragmentation=yes
        rekey=no
        left=%any
        leftsubnet=0.0.0.0/0
        right=%any
        rightdns=192.168.92.2,8.8.8.8
        rightsourceip=10.92.10.1/24

    conn iOS-IKEV2
        keyexchange=ikev2
        auto=add
        mobike=yes
        eap_identity=%any
        leftauth=psk
        leftid=net.mydomain.ipsec.server
        leftfirewall=yes
        rightsendcert=always
        rightauth=eap-mschapv2
        rightid=net.mydomain.ipsec.client

These bullets discuss the log snippet which follows at the end of this message. Except for 1 and 2, each one of these connections happened on a different day.

* [Connection 1]: You can see that a connection is made to the VPN from 166.176.187.128. But several lines later, ipsec reports a connection to 166.176.185.112 (See ***). I'm pretty sure that my cellphone doesn't get new IP addresses that fast! But then, after ipsec reports the IP lease going offline (See ****), there is additional activity reported with the original IP address of 166.176.187.128, including recreating the whole VPN session.

* [Connection 2]: This is a random hacker trying to connect to the VPN. I monitor the VPN with fail2ban, and this attempt blocked udp ports 500 and 4500 for 196.52.43.60.

* [Connection 3]: Another random connection. IP 168.1.128.76 blocked by fail2ban.

* [Connection 4]: Another random connection. IP 92.53.47.72 blocked by fail2ban.

* [Connection 5]: This occurred last night. All of the IP addresses mentioned in connections 2,3,4 are still blocked via fail2ban. Then, there is a connection from 196.52.43.54, which generates a "received proposals inacceptable" error, and then immediately following that there is ipsec log activity from a completely different address (166.176.187.128, which you may recall from Connection 1) which authenticates to the VPN. Then, following this there is traffic from 168.1.128.76 (Connection 2), and then traffic from 92.53.47.72 (Connection 4).

Logfiles snippets:

... [Connection 1]

Nov 17 08:55:22 myhost charon[22748]: 12[NET] received packet: from 166.176.187.128[56885] to 192.168.92.2[500] (300 bytes)
Nov 17 08:55:22 myhost charon[22748]: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Nov 17 08:55:22 myhost charon[22748]: 12[IKE] 166.176.187.128 is initiating an IKE_SA
Nov 17 08:55:22 myhost charon[22748]: 12[IKE] 166.176.187.128 is initiating an IKE_SA
Nov 17 08:55:22 myhost charon[22748]: 12[IKE] local host is behind NAT, sending keep alives
Nov 17 08:55:22 myhost charon[22748]: 12[IKE] remote host is behind NAT
Nov 17 08:55:22 myhost charon[22748]: 12[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"
Nov 17 08:55:22 myhost charon[22748]: 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
Nov 17 08:55:22 myhost charon[22748]: 12[NET] sending packet: from 192.168.92.2[500] to 166.176.187.128[56885] (341 bytes)
Nov 17 08:55:22 myhost charon[22748]: 13[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (364 bytes)
Nov 17 08:55:22 myhost charon[22748]: 13[ENC] unknown attribute type (25)
Nov 17 08:55:22 myhost charon[22748]: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
Nov 17 08:55:22 myhost charon[22748]: 13[CFG] looking for peer configs matching 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost charon[22748]: 13[CFG] selected peer config 'iOS-IKEV2'
Nov 17 08:55:22 myhost charon[22748]: 13[IKE] initiating EAP_IDENTITY method (id 0x00)
Nov 17 08:55:22 myhost charon[22748]: 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Nov 17 08:55:22 myhost charon[22748]: 13[IKE] peer supports MOBIKE
Nov 17 08:55:22 myhost charon[22748]: 13[IKE] authentication of 'net.mydomain.ipsec.server' (myself) with pre-shared key
Nov 17 08:55:22 myhost charon[22748]: 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]
Nov 17 08:55:22 myhost charon[22748]: 13[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (124 bytes)
Nov 17 08:55:22 myhost charon[22748]: 16[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)
Nov 17 08:55:22 myhost charon[22748]: 16[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Nov 17 08:55:22 myhost charon[22748]: 16[IKE] received EAP identity 'myid at mydomain.net'
Nov 17 08:55:22 myhost charon[22748]: 16[IKE] initiating EAP_MSCHAPV2 method (id 0x0C)
Nov 17 08:55:22 myhost charon[22748]: 16[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Nov 17 08:55:22 myhost charon[22748]: 16[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (100 bytes)
Nov 17 08:55:22 myhost charon[22748]: 06[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (140 bytes)
Nov 17 08:55:22 myhost charon[22748]: 06[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Nov 17 08:55:22 myhost charon[22748]: 06[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
Nov 17 08:55:22 myhost charon[22748]: 06[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (132 bytes)
Nov 17 08:55:22 myhost charon[22748]: 15[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)
Nov 17 08:55:22 myhost charon[22748]: 15[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
Nov 17 08:55:22 myhost charon[22748]: 15[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established
Nov 17 08:55:22 myhost charon[22748]: 15[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ]
Nov 17 08:55:22 myhost charon[22748]: 15[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (68 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] authentication of 'net.mydomain.ipsec.client' with EAP successful
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] authentication of 'net.mydomain.ipsec.server' (myself) with EAP
*** Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] IKE_SA iOS-IKEV2[3] established between 192.168.92.2[net.mydomain.ipsec.server]...166.176.185.112[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] peer requested virtual IP %any
Nov 17 08:55:22 myhost ipsec[22734]: 09[CFG] reassigning offline lease to 'myid at mydomain.net'
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] assigning virtual IP 10.92.10.1 to peer 'myid at mydomain.net'
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] peer requested virtual IP %any6
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] no virtual IP found for %any6 requested by 'myid at mydomain.net'
Nov 17 08:55:22 myhost ipsec[22734]: 09[IKE] CHILD_SA iOS-IKEV2{3} established with SPIs cf5c7974_i 0e80f84c_o and TS 0.0.0.0/0 === 10.92.10.1/32
Nov 17 08:55:22 myhost ipsec[22734]: 09[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Nov 17 08:55:22 myhost ipsec[22734]: 09[NET] sending packet: from 192.168.92.2[4500] to 166.176.185.112[9569] (220 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 06[IKE] sending keep alive to 166.176.185.112[9569]
Nov 17 08:55:22 myhost ipsec[22734]: 15[IKE] sending DPD request
Nov 17 08:55:22 myhost ipsec[22734]: 15[ENC] generating INFORMATIONAL request 0 [ ]
Nov 17 08:55:22 myhost ipsec[22734]: 15[NET] sending packet: from 192.168.92.2[4500] to 166.176.185.112[9569] (60 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 07[NET] received packet: from 166.176.185.112[9569] to 192.168.92.2[4500] (60 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 07[ENC] parsed INFORMATIONAL response 0 [ ]
Nov 17 08:55:22 myhost ipsec[22734]: 10[NET] received packet: from 166.176.185.112[9569] to 192.168.92.2[4500] (68 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 10[ENC] parsed INFORMATIONAL request 6 [ D ]
Nov 17 08:55:22 myhost ipsec[22734]: 10[IKE] received DELETE for IKE_SA iOS-IKEV2[3]
Nov 17 08:55:22 myhost ipsec[22734]: 10[IKE] deleting IKE_SA iOS-IKEV2[3] between 192.168.92.2[net.mydomain.ipsec.server]...166.176.185.112[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost ipsec[22734]: 10[IKE] IKE_SA deleted
Nov 17 08:55:22 myhost ipsec[22734]: 10[ENC] generating INFORMATIONAL response 6 [ ]
Nov 17 08:55:22 myhost ipsec[22734]: 10[NET] sending packet: from 192.168.92.2[4500] to 166.176.185.112[9569] (60 bytes)
**** Nov 17 08:55:22 myhost ipsec[22734]: 10[CFG] lease 10.92.10.1 by 'myid at mydomain.net' went offline
Nov 17 08:55:22 myhost ipsec[22734]: 12[NET] received packet: from 166.176.187.128[56885] to 192.168.92.2[500] (300 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] 166.176.187.128 is initiating an IKE_SA
Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] local host is behind NAT, sending keep alives
Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] remote host is behind NAT
Nov 17 08:55:22 myhost ipsec[22734]: 12[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"
Nov 17 08:55:22 myhost ipsec[22734]: 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
Nov 17 08:55:22 myhost ipsec[22734]: 12[NET] sending packet: from 192.168.92.2[500] to 166.176.187.128[56885] (341 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 13[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (364 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 13[ENC] unknown attribute type (25)
Nov 17 08:55:22 myhost ipsec[22734]: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
Nov 17 08:55:22 myhost ipsec[22734]: 13[CFG] looking for peer configs matching 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost ipsec[22734]: 13[CFG] selected peer config 'iOS-IKEV2'
Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] initiating EAP_IDENTITY method (id 0x00)
Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] peer supports MOBIKE
Nov 17 08:55:22 myhost ipsec[22734]: 13[IKE] authentication of 'net.mydomain.ipsec.server' (myself) with pre-shared key
Nov 17 08:55:22 myhost ipsec[22734]: 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]
Nov 17 08:55:22 myhost ipsec[22734]: 13[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (124 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 16[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 16[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Nov 17 08:55:22 myhost ipsec[22734]: 16[IKE] received EAP identity 'myid at mydomain.net'
Nov 17 08:55:22 myhost ipsec[22734]: 16[IKE] initiating EAP_MSCHAPV2 method (id 0x0C)
Nov 17 08:55:22 myhost ipsec[22734]: 16[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Nov 17 08:55:22 myhost ipsec[22734]: 16[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (100 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 06[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (140 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 06[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Nov 17 08:55:22 myhost ipsec[22734]: 06[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
Nov 17 08:55:22 myhost ipsec[22734]: 06[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (132 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 15[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)
Nov 17 08:55:22 myhost ipsec[22734]: 15[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
Nov 17 08:55:22 myhost ipsec[22734]: 15[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established
Nov 17 08:55:22 myhost ipsec[22734]: 15[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ]
Nov 17 08:55:22 myhost charon[22748]: 07[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)
Nov 17 08:55:22 myhost charon[22748]: 07[ENC] parsed IKE_AUTH request 5 [ AUTH ]
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] authentication of 'net.mydomain.ipsec.client' with EAP successful
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] authentication of 'net.mydomain.ipsec.server' (myself) with EAP
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] IKE_SA iOS-IKEV2[4] established between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] IKE_SA iOS-IKEV2[4] established between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] peer requested virtual IP %any
Nov 17 08:55:22 myhost charon[22748]: 07[CFG] reassigning offline lease to 'myid at mydomain.net'
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] assigning virtual IP 10.92.10.1 to peer 'myid at mydomain.net'
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] peer requested virtual IP %any6
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] no virtual IP found for %any6 requested by 'myid at mydomain.net'
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] CHILD_SA iOS-IKEV2{4} established with SPIs caa3f6e7_i 0ec431e6_o and TS 0.0.0.0/0 === 10.92.10.1/32
Nov 17 08:55:22 myhost charon[22748]: 07[IKE] CHILD_SA iOS-IKEV2{4} established with SPIs caa3f6e7_i 0ec431e6_o and TS 0.0.0.0/0 === 10.92.10.1/32
Nov 17 08:55:22 myhost vpn[21188]: + net.mydomain.ipsec.client 10.92.10.1/32 == 166.176.187.128 -- 192.168.92.2 == 0.0.0.0/0
Nov 17 08:55:22 myhost charon[22748]: 07[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Nov 17 08:55:22 myhost charon[22748]: 07[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (220 bytes)
Nov 17 08:55:56 myhost charon[22748]: 10[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)
Nov 17 08:55:56 myhost charon[22748]: 10[ENC] parsed INFORMATIONAL request 6 [ D ]
Nov 17 08:55:56 myhost charon[22748]: 10[IKE] received DELETE for IKE_SA iOS-IKEV2[4]
Nov 17 08:55:56 myhost charon[22748]: 10[IKE] deleting IKE_SA iOS-IKEV2[4] between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:56 myhost charon[22748]: 10[IKE] deleting IKE_SA iOS-IKEV2[4] between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 17 08:55:56 myhost charon[22748]: 10[IKE] IKE_SA deleted
Nov 17 08:55:56 myhost charon[22748]: 10[IKE] IKE_SA deleted
Nov 17 08:55:56 myhost vpn[21225]: - net.mydomain.ipsec.client 10.92.10.1/32 == 166.176.187.128 -- 192.168.92.2 == 0.0.0.0/0
Nov 17 08:55:56 myhost charon[22748]: 10[ENC] generating INFORMATIONAL response 6 [ ]
Nov 17 08:55:56 myhost charon[22748]: 10[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (60 bytes)
Nov 17 08:55:56 myhost charon[22748]: 10[CFG] lease 10.92.10.1 by 'myid at mydomain.net' went offline

... [Connection 2]

Nov 17 11:36:43 myhost charon[22748]: 16[NET] received packet: from 196.52.43.60[6712] to 192.168.92.2[4500] (288 bytes)
Nov 17 11:36:43 myhost charon[22748]: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]
Nov 17 11:36:43 myhost charon[22748]: 16[IKE] 196.52.43.60 is initiating an IKE_SA
Nov 17 11:36:43 myhost charon[22748]: 16[IKE] 196.52.43.60 is initiating an IKE_SA
Nov 17 11:36:43 myhost charon[22748]: 16[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"
Nov 17 11:36:43 myhost charon[22748]: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No CERTREQ N(MULT_AUTH) ]
Nov 17 11:36:43 myhost charon[22748]: 16[NET] sending packet: from 192.168.92.2[4500] to 196.52.43.60[6712] (277 bytes)
Nov 17 11:37:13 myhost charon[22748]: 06[JOB] deleting half open IKE_SA with 196.52.43.60 after timeout

... [Connection 3]

Nov 18 04:32:16 myhost charon[22748]: 15[NET] received packet: from 168.1.128.76[6712] to 192.168.92.2[500] (280 bytes)
Nov 18 04:32:16 myhost charon[22748]: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]
Nov 18 04:32:16 myhost charon[22748]: 15[IKE] 168.1.128.76 is initiating an IKE_SA
Nov 18 04:32:16 myhost charon[22748]: 15[IKE] 168.1.128.76 is initiating an IKE_SA
Nov 18 04:32:16 myhost charon[22748]: 15[CFG] received proposals: IKE:DES_CBC/RC5_CBC/BLOWFISH_CBC/(0)/HMAC_MD5_96/HMAC_SHA1_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_256/MODP_1024
Nov 18 04:32:16 myhost charon[22748]: 15[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024
Nov 18 04:32:16 myhost charon[22748]: 15[IKE] received proposals inacceptable
Nov 18 04:32:16 myhost charon[22748]: 15[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Nov 18 04:32:16 myhost charon[22748]: 15[NET] sending packet: from 192.168.92.2[500] to 168.1.128.76[6712] (36 bytes)

... [Connection 4]

Nov 19 02:47:44 myhost charon[22748]: 05[NET] received packet: from 92.53.47.72[27989] to 192.168.92.2[500] (408 bytes)
Nov 19 02:47:44 myhost charon[22748]: 05[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Nov 19 02:47:44 myhost charon[22748]: 05[IKE] no IKE config found for 192.168.92.2...92.53.47.72, sending NO_PROPOSAL_CHOSEN
Nov 19 02:47:44 myhost charon[22748]: 05[ENC] generating INFORMATIONAL_V1 request 4224631939 [ N(NO_PROP) ]
Nov 19 02:47:44 myhost charon[22748]: 05[NET] sending packet: from 192.168.92.2[500] to 92.53.47.72[27989] (40 bytes)

... [Connection 5]

Nov 21 01:57:37 myhost charon[22748]: 07[NET] received packet: from 196.52.43.54[6712] to 192.168.92.2[500] (280 bytes)
Nov 21 01:57:37 myhost charon[22748]: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]
Nov 21 01:57:37 myhost charon[22748]: 07[IKE] 196.52.43.54 is initiating an IKE_SA
Nov 21 01:57:37 myhost charon[22748]: 07[IKE] 196.52.43.54 is initiating an IKE_SA
Nov 21 01:57:37 myhost charon[22748]: 07[CFG] received proposals: IKE:DES_CBC/RC5_CBC/BLOWFISH_CBC/(0)/HMAC_MD5_96/HMAC_SHA1_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_256/MODP_1024
Nov 21 01:57:37 myhost charon[22748]: 07[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024
Nov 21 01:57:37 myhost charon[22748]: 07[IKE] received proposals inacceptable
Nov 21 01:57:37 myhost charon[22748]: 07[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Nov 21 01:57:37 myhost charon[22748]: 07[NET] sending packet: from 192.168.92.2[500] to 196.52.43.54[6712] (36 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 15[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (68 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 07[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (84 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 07[ENC] parsed IKE_AUTH request 5 [ AUTH ]
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] authentication of 'net.mydomain.ipsec.client' with EAP successful
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] authentication of 'net.mydomain.ipsec.server' (myself) with EAP
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] IKE_SA iOS-IKEV2[4] established between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] peer requested virtual IP %any
Nov 21 01:57:37 myhost ipsec[22734]: 07[CFG] reassigning offline lease to 'myid at mydomain.net'
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] assigning virtual IP 10.92.10.1 to peer 'myid at mydomain.net'
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] peer requested virtual IP %any6
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] no virtual IP found for %any6 requested by 'myid at mydomain.net'
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] CHILD_SA iOS-IKEV2{4} established with SPIs caa3f6e7_i 0ec431e6_o and TS 0.0.0.0/0 === 10.92.10.1/32
Nov 21 01:57:37 myhost ipsec[22734]: 07[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Nov 21 01:57:37 myhost ipsec[22734]: 07[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (220 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 10[NET] received packet: from 166.176.187.128[30852] to 192.168.92.2[4500] (68 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 10[ENC] parsed INFORMATIONAL request 6 [ D ]
Nov 21 01:57:37 myhost ipsec[22734]: 10[IKE] received DELETE for IKE_SA iOS-IKEV2[4]
Nov 21 01:57:37 myhost ipsec[22734]: 10[IKE] deleting IKE_SA iOS-IKEV2[4] between 192.168.92.2[net.mydomain.ipsec.server]...166.176.187.128[net.mydomain.ipsec.client]
Nov 21 01:57:37 myhost ipsec[22734]: 10[IKE] IKE_SA deleted
Nov 21 01:57:37 myhost ipsec[22734]: 10[ENC] generating INFORMATIONAL response 6 [ ]
Nov 21 01:57:37 myhost ipsec[22734]: 10[NET] sending packet: from 192.168.92.2[4500] to 166.176.187.128[30852] (60 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 10[CFG] lease 10.92.10.1 by 'myid at mydomain.net' went offline
Nov 21 01:57:37 myhost ipsec[22734]: 16[NET] received packet: from 196.52.43.60[6712] to 192.168.92.2[4500] (288 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]
Nov 21 01:57:37 myhost ipsec[22734]: 16[IKE] 196.52.43.60 is initiating an IKE_SA
Nov 21 01:57:37 myhost ipsec[22734]: 16[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan Root CA"
Nov 21 01:57:37 myhost ipsec[22734]: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No CERTREQ N(MULT_AUTH) ]
Nov 21 01:57:37 myhost ipsec[22734]: 16[NET] sending packet: from 192.168.92.2[4500] to 196.52.43.60[6712] (277 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 06[JOB] deleting half open IKE_SA with 196.52.43.60 after timeout
Nov 21 01:57:37 myhost ipsec[22734]: 15[NET] received packet: from 168.1.128.76[6712] to 192.168.92.2[500] (280 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]
Nov 21 01:57:37 myhost ipsec[22734]: 15[IKE] 168.1.128.76 is initiating an IKE_SA
Nov 21 01:57:37 myhost ipsec[22734]: 15[CFG] received proposals: IKE:DES_CBC/RC5_CBC/BLOWFISH_CBC/(0)/HMAC_MD5_96/HMAC_SHA1_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_512/PRF_HMAC_SHA2_256/MODP_1024
Nov 21 01:57:37 myhost ipsec[22734]: 15[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024
Nov 21 01:57:37 myhost ipsec[22734]: 15[IKE] received proposals inacceptable
Nov 21 01:57:37 myhost ipsec[22734]: 15[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
Nov 21 01:57:37 myhost ipsec[22734]: 15[NET] sending packet: from 192.168.92.2[500] to 168.1.128.76[6712] (36 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 05[NET] received packet: from 92.53.47.72[27989] to 192.168.92.2[500] (408 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 05[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
Nov 21 01:57:37 myhost ipsec[22734]: 05[IKE] no IKE config found for 192.168.92.2...92.53.47.72, sending NO_PROPOSAL_CHOSEN
Nov 21 01:57:37 myhost ipsec[22734]: 05[ENC] generating INFORMATIONAL_V1 request 4224631939 [ N(NO_PROP) ]
Nov 21 01:57:37 myhost ipsec[22734]: 05[NET] sending packet: from 192.168.92.2[500] to 92.53.47.72[27989] (40 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 07[NET] received packet: from 196.52.43.54[6712] to 192.168.92.2[500] (280 bytes)
Nov 21 01:57:37 myhost ipsec[22734]: 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No ]
Nov 21 01:57:37 myhost ipsec[22734]: 07[IKE] 196.52.43.54 is initiating an IKE_SA


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171208/db3e7753/attachment-0001.html>


More information about the Users mailing list