[strongSwan] Windows 10 connects to StrongSwan but IP doesn't change

Houman houmie at gmail.com
Tue Apr 2 12:03:13 CEST 2019


Hey guys,

I wonder if this email went through and someone has an idea why this is
happening.

Many Thanks,
Houman

On Fri, 29 Mar 2019 at 17:04, Houman <houmie at gmail.com> wrote:

> Hello,
>
> Please help me with this, as I'm completely stuck.
>
> Windows 10 can connect to my StrongSwan server. But the IP address doesn't
> change to the VPN. It still shows the local IP address. Accordingly blocked
> websites remain blocked.
>
> config setup
>   strictcrlpolicy=yes
>   uniqueids=never
> conn roadwarrior
>   auto=add
>   compress=no
>   type=tunnel
>   keyexchange=ikev2
>   fragmentation=yes
>   forceencaps=yes
>   ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384
>   esp=aes256-sha1,3des-sha1!
>   dpdaction=clear
>   dpddelay=180s
>   rekey=no
>   left=%any
>   leftid=@vpn-1.domain.net
>   leftcert=cert.pem
>   leftsendcert=always
>   leftsubnet=0.0.0.0/0
>   right=%any
>   rightid=%any
>   rightauth=eap-radius
>   eap_identity=%any
>   rightdns=208.67.222.222,208.67.220.220
>   rightsourceip=10.10.10.0/24
>   rightsendcert=never
>
>
> Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from
> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE
> No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9
> vendor ID
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery
> Capable vendor ID
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact vendor
> ID
>
> Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID:
> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an IKE_SA
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending
> keep alives
>
> Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT
>
> Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [
> SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
>
> Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from
> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4) ]
>
> Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting
> for complete IKE message
>
> Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4) ]
>
> Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting
> for complete IKE message
>
> Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4) ]
>
> Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting
> for complete IKE message
>
> Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4) ]
>
> Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4,
> reassembling fragmented IKE message
>
> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi
> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
>
> Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an
> unknown ca
>
> Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching
> 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104]
>
> Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior'
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA request
> 15 [ SA No TSi TSr ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3}
> established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 ===
> 10.10.10.1/32
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA
> response 15 [ SA No TSi TSr ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request 16
> [ D ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP
> CHILD_SA with SPI af63e684
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing CHILD_SA roadwarrior{2}
> with SPIs cf6737f5_i (104 bytes) af63e684_o (0 bytes) and TS 0.0.0.0/0
> === 10.10.10.1/32
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] sending DELETE for ESP CHILD_SA
> with SPI cf6737f5
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] CHILD_SA closed
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL
> response 16 [ D ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 14[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 13[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 06[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] parsed INFORMATIONAL request 17
> [ D ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] received DELETE for ESP
> CHILD_SA with SPI d57f9f2c
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] closing CHILD_SA roadwarrior{3}
> with SPIs ccadd085_i (2260 bytes) d57f9f2c_o (0 bytes) and TS 0.0.0.0/0
> === 10.10.10.1/32
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] sending DELETE for ESP CHILD_SA
> with SPI ccadd085
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] CHILD_SA closed
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] generating INFORMATIONAL
> response 17 [ D ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request 18
> [ D ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for IKE_SA
> roadwarrior[1]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] deleting IKE_SA roadwarrior[1]
> between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] IKE_SA deleted
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS
> Accounting-Request to server 'server-a'
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] received RADIUS
> Accounting-Response from server 'server-a'
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL
> response 18 [ ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] lease 10.10.10.1 by 'userx'
> went offline
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] received packet: from
> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_SA_INIT request 0 [
> SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS NT5 ISAKMPOAKLEY v9
> vendor ID
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS-Negotiation
> Discovery Capable vendor ID
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received Vid-Initial-Contact
> vendor ID
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] received unknown vendor ID:
> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] 91.98.xxx.xxx is initiating an
> IKE_SA
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] local host is behind NAT,
> sending keep alives
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] remote host is behind NAT
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] generating IKE_SA_INIT response
> 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] sending packet: from
> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] parsed IKE_AUTH request 1 [
> EF(1/4) ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] received fragment #1 of 4,
> waiting for complete IKE message
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] parsed IKE_AUTH request 1 [
> EF(2/4) ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] received fragment #2 of 4,
> waiting for complete IKE message
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] parsed IKE_AUTH request 1 [
> EF(3/4) ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] received fragment #3 of 4,
> waiting for complete IKE message
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes)
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [
> EF(4/4) ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] received fragment #4 of 4,
> reassembling fragmented IKE message
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [ IDi
> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] received 57 cert requests for
> an unknown ca
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] looking for peer configs
> matching 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104]
>
> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] selected peer config
> 'roadwarrior'
>
> Mar 29 16:50:45 vpn-1 charon: 11[IKE] initiating EAP_IDENTITY method (id
> 0x00)
>
> Mar 29 16:50:45 vpn-1 charon: 11[IKE] peer supports MOBIKE
>
> Mar 29 16:50:45 vpn-1 charon: 11[IKE] authentication of 'vpn-1.domain.net'
> (myself) with RSA signature successful
>
> Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending end entity cert "CN=
> vpn-1.domain.net"
>
> Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending issuer cert "C=US, O=Let's
> Encrypt, CN=Let's Encrypt Authority X3"
>
> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ IDr
> CERT CERT AUTH EAP/REQ/ID ]
>
> Mar 29 16:50:45 vpn-1 charon: 11[ENC] splitting IKE message with length of
> 2924 bytes into 3 fragments
>
> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
> EF(1/3) ]
>
> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
> EF(2/3) ]
>
> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
> EF(3/3) ]
>
> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 14[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 14[ENC] parsed IKE_AUTH request 2 [
> EAP/RES/ID ]
>
> Mar 29 16:50:45 vpn-1 charon: 14[IKE] received EAP identity 'userx'
>
> Mar 29 16:50:45 vpn-1 charon: 14[CFG] sending RADIUS Access-Request to
> server 'server-a'
>
> Mar 29 16:50:45 vpn-1 charon: 14[CFG] received RADIUS Access-Challenge
> from server 'server-a'
>
> Mar 29 16:50:45 vpn-1 charon: 14[IKE] initiating EAP_MD5 method (id 0x01)
>
> Mar 29 16:50:45 vpn-1 charon: 14[ENC] generating IKE_AUTH response 2 [
> EAP/REQ/MD5 ]
>
> Mar 29 16:50:45 vpn-1 charon: 14[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 13[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:45 vpn-1 charon: 13[ENC] parsed IKE_AUTH request 3 [
> EAP/RES/NAK ]
>
> Mar 29 16:50:45 vpn-1 charon: 13[CFG] sending RADIUS Access-Request to
> server 'server-a'
>
> Mar 29 16:50:45 vpn-1 charon: 13[CFG] received RADIUS Access-Challenge
> from server 'server-a'
>
> Mar 29 16:50:45 vpn-1 charon: 13[ENC] generating IKE_AUTH response 3 [
> EAP/REQ/PEAP ]
>
> Mar 29 16:50:45 vpn-1 charon: 13[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 15[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 15[ENC] parsed IKE_AUTH request 4 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 15[CFG] sending RADIUS Access-Request to
> server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 15[CFG] received RADIUS Access-Challenge
> from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 15[ENC] generating IKE_AUTH response 4 [
> EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 15[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 06[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 06[ENC] parsed IKE_AUTH request 5 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 06[CFG] sending RADIUS Access-Request to
> server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 06[CFG] received RADIUS Access-Challenge
> from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 06[ENC] generating IKE_AUTH response 5 [
> EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 06[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 05[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 05[ENC] parsed IKE_AUTH request 6 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 05[CFG] sending RADIUS Access-Request to
> server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 05[CFG] received RADIUS Access-Challenge
> from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 05[ENC] generating IKE_AUTH response 6 [
> EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 05[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 16[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 16[ENC] parsed IKE_AUTH request 7 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 16[CFG] sending RADIUS Access-Request to
> server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 16[CFG] received RADIUS Access-Challenge
> from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 16[ENC] generating IKE_AUTH response 7 [
> EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 16[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 07[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 07[ENC] parsed IKE_AUTH request 8 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 07[CFG] sending RADIUS Access-Request to
> server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 07[CFG] received RADIUS Access-Challenge
> from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 07[ENC] generating IKE_AUTH response 8 [
> EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 07[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 08[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 08[ENC] parsed IKE_AUTH request 9 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 08[CFG] sending RADIUS Access-Request to
> server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 08[CFG] received RADIUS Access-Challenge
> from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 08[ENC] generating IKE_AUTH response 9 [
> EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 08[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] initiating EAP_IDENTITY method
> (id 0x00)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] peer supports MOBIKE
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] authentication of '
> vpn-1.domain.net' (myself) with RSA signature successful
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending end entity cert "CN=
> vpn-1.domain.net"
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending issuer cert "C=US,
> O=Let's Encrypt, CN=Let's Encrypt Authority X3"
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1
> [ IDr CERT CERT AUTH EAP/REQ/ID ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] splitting IKE message with
> length of 2924 bytes into 3 fragments
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1
> [ EF(1/3) ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1
> [ EF(2/3) ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1
> [ EF(3/3) ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] parsed IKE_AUTH request 2 [
> EAP/RES/ID ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] received EAP identity 'userx'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] sending RADIUS Access-Request
> to server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] received RADIUS
> Access-Challenge from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] initiating EAP_MD5 method (id
> 0x01)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] generating IKE_AUTH response 2
> [ EAP/REQ/MD5 ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] parsed IKE_AUTH request 3 [
> EAP/RES/NAK ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] sending RADIUS Access-Request
> to server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] received RADIUS
> Access-Challenge from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] generating IKE_AUTH response 3
> [ EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] parsed IKE_AUTH request 4 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] sending RADIUS Access-Request
> to server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] received RADIUS
> Access-Challenge from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] generating IKE_AUTH response 4
> [ EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 09[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] parsed IKE_AUTH request 5 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] sending RADIUS Access-Request
> to server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] received RADIUS
> Access-Challenge from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] generating IKE_AUTH response 5
> [ EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] parsed IKE_AUTH request 6 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] sending RADIUS Access-Request
> to server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] received RADIUS
> Access-Challenge from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] generating IKE_AUTH response 6
> [ EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] parsed IKE_AUTH request 7 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] sending RADIUS Access-Request
> to server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] received RADIUS
> Access-Challenge from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] generating IKE_AUTH response 7
> [ EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] parsed IKE_AUTH request 8 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS Access-Request
> to server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] received RADIUS
> Access-Challenge from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] generating IKE_AUTH response 8
> [ EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes)
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_AUTH request 9 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] sending RADIUS Access-Request
> to server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] received RADIUS
> Access-Challenge from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] generating IKE_AUTH response 9
> [ EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 10 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 09[CFG] sending RADIUS Access-Request to
> server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 09[CFG] received RADIUS Access-Challenge
> from server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 09[ENC] generating IKE_AUTH response 10 [
> EAP/REQ/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 09[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 10[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (124 bytes)
>
> Mar 29 16:50:46 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 11 [
> EAP/RES/PEAP ]
>
> Mar 29 16:50:46 vpn-1 charon: 10[CFG] sending RADIUS Access-Request to
> server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 10[CFG] received RADIUS Access-Accept from
> server 'server-a'
>
> Mar 29 16:50:46 vpn-1 charon: 10[CFG] scheduling RADIUS Interim-Updates
> every 300s
>
> Mar 29 16:50:46 vpn-1 charon: 10[IKE] RADIUS authentication of 'userx'
> successful
>
> Mar 29 16:50:46 vpn-1 charon: 10[IKE] EAP method EAP_PEAP succeeded, MSK
> established
>
> Mar 29 16:50:46 vpn-1 charon: 10[ENC] generating IKE_AUTH response 11 [
> EAP/SUCC ]
>
> Mar 29 16:50:46 vpn-1 charon: 10[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>
> Mar 29 16:50:47 vpn-1 charon: 12[NET] received packet: from
> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (92 bytes)
>
> Mar 29 16:50:47 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 12 [ AUTH ]
>
> Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of '192.168.1.104'
> with EAP successful
>
> Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of 'vpn-1.domain.net'
> (myself) with EAP
>
> Mar 29 16:50:47 vpn-1 charon: 12[IKE] IKE_SA roadwarrior[2] established
> between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104]
>
> Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any
>
> Mar 29 16:50:47 vpn-1 charon: 12[CFG] reassigning offline lease to 'userx'
>
> Mar 29 16:50:47 vpn-1 charon: 12[IKE] assigning virtual IP 10.10.10.1 to
> peer 'userx'
>
> Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any6
>
> Mar 29 16:50:47 vpn-1 charon: 12[IKE] no virtual IP found for %any6
> requested by 'userx'
>
> Mar 29 16:50:47 vpn-1 charon: 12[IKE] CHILD_SA roadwarrior{4} established
> with SPIs c10aa3f3_i 32cfd28c_o and TS 0.0.0.0/0 === 10.10.10.1/32
>
> Mar 29 16:50:47 vpn-1 charon: 12[CFG] sending RADIUS Accounting-Request to
> server 'server-a'
>
> Mar 29 16:50:47 vpn-1 charon: 12[CFG] received RADIUS Accounting-Response
> from server 'server-a'
>
> Mar 29 16:50:47 vpn-1 charon: 12[ENC] generating IKE_AUTH response 12 [
> AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
>
> Mar 29 16:50:47 vpn-1 charon: 12[NET] sending packet: from
> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (236 bytes)
>
> Mar 29 16:51:07 vpn-1 charon: 15[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:51:27 vpn-1 charon: 16[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:51:47 vpn-1 charon: 07[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:52:07 vpn-1 charon: 09[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:52:27 vpn-1 charon: 11[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:52:47 vpn-1 charon: 12[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:53:07 vpn-1 charon: 14[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:53:27 vpn-1 charon: 15[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
> Mar 29 16:53:47 vpn-1 charon: 16[IKE] sending keep alive to
> 91.98.xxx.xxx[4500]
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190402/044f8a9c/attachment-0001.html>


More information about the Users mailing list