[strongSwan] Windows 10 connects to StrongSwan but IP doesn't change
Felipe Arturo Polanco
felipeapolanco at gmail.com
Tue Apr 2 17:09:15 CEST 2019
Hi,
Do an ipconfig /all in windows and check that you have an 10.10.10.0/24 IP
in the output.
On Tue, Apr 2, 2019 at 6:03 AM Houman <houmie at gmail.com> wrote:
> Hey guys,
>
> I wonder if this email went through and someone has an idea why this is
> happening.
>
> Many Thanks,
> Houman
>
> On Fri, 29 Mar 2019 at 17:04, Houman <houmie at gmail.com> wrote:
>
>> Hello,
>>
>> Please help me with this, as I'm completely stuck.
>>
>> Windows 10 can connect to my StrongSwan server. But the IP address
>> doesn't change to the VPN. It still shows the local IP address. Accordingly
>> blocked websites remain blocked.
>>
>> config setup
>> strictcrlpolicy=yes
>> uniqueids=never
>> conn roadwarrior
>> auto=add
>> compress=no
>> type=tunnel
>> keyexchange=ikev2
>> fragmentation=yes
>> forceencaps=yes
>> ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384
>> esp=aes256-sha1,3des-sha1!
>> dpdaction=clear
>> dpddelay=180s
>> rekey=no
>> left=%any
>> leftid=@vpn-1.domain.net
>> leftcert=cert.pem
>> leftsendcert=always
>> leftsubnet=0.0.0.0/0
>> right=%any
>> rightid=%any
>> rightauth=eap-radius
>> eap_identity=%any
>> rightdns=208.67.222.222,208.67.220.220
>> rightsourceip=10.10.10.0/24
>> rightsendcert=never
>>
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from
>> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA
>> KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9
>> vendor ID
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery
>> Capable vendor ID
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact vendor
>> ID
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID:
>> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an
>> IKE_SA
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending
>> keep alives
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [
>> SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from
>> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4)
>> ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting
>> for complete IKE message
>>
>> Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4)
>> ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting
>> for complete IKE message
>>
>> Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4)
>> ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting
>> for complete IKE message
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4)
>> ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4,
>> reassembling fragmented IKE message
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi
>> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an
>> unknown ca
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching
>> 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104]
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior'
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA request
>> 15 [ SA No TSi TSr ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3}
>> established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 ===
>> 10.10.10.1/32
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA
>> response 15 [ SA No TSi TSr ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request
>> 16 [ D ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP
>> CHILD_SA with SPI af63e684
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing CHILD_SA
>> roadwarrior{2} with SPIs cf6737f5_i (104 bytes) af63e684_o (0 bytes) and TS
>> 0.0.0.0/0 === 10.10.10.1/32
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] sending DELETE for ESP
>> CHILD_SA with SPI cf6737f5
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] CHILD_SA closed
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL
>> response 16 [ D ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 14[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 13[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 06[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] parsed INFORMATIONAL request
>> 17 [ D ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] received DELETE for ESP
>> CHILD_SA with SPI d57f9f2c
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] closing CHILD_SA
>> roadwarrior{3} with SPIs ccadd085_i (2260 bytes) d57f9f2c_o (0 bytes) and
>> TS 0.0.0.0/0 === 10.10.10.1/32
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] sending DELETE for ESP
>> CHILD_SA with SPI ccadd085
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] CHILD_SA closed
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] generating INFORMATIONAL
>> response 17 [ D ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request
>> 18 [ D ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for IKE_SA
>> roadwarrior[1]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] deleting IKE_SA roadwarrior[1]
>> between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] IKE_SA deleted
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS
>> Accounting-Request to server 'server-a'
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] received RADIUS
>> Accounting-Response from server 'server-a'
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL
>> response 18 [ ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] lease 10.10.10.1 by 'userx'
>> went offline
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] received packet: from
>> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_SA_INIT request 0 [
>> SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS NT5 ISAKMPOAKLEY
>> v9 vendor ID
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS-Negotiation
>> Discovery Capable vendor ID
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received Vid-Initial-Contact
>> vendor ID
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] received unknown vendor ID:
>> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] 91.98.xxx.xxx is initiating an
>> IKE_SA
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] local host is behind NAT,
>> sending keep alives
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] remote host is behind NAT
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] generating IKE_SA_INIT
>> response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] sending packet: from
>> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] parsed IKE_AUTH request 1 [
>> EF(1/4) ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] received fragment #1 of 4,
>> waiting for complete IKE message
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] parsed IKE_AUTH request 1 [
>> EF(2/4) ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] received fragment #2 of 4,
>> waiting for complete IKE message
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] parsed IKE_AUTH request 1 [
>> EF(3/4) ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] received fragment #3 of 4,
>> waiting for complete IKE message
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes)
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [
>> EF(4/4) ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] received fragment #4 of 4,
>> reassembling fragmented IKE message
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [
>> IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi
>> TSr ]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] received 57 cert requests for
>> an unknown ca
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] looking for peer configs
>> matching 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104]
>>
>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] selected peer config
>> 'roadwarrior'
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] initiating EAP_IDENTITY method (id
>> 0x00)
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] peer supports MOBIKE
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] authentication of 'vpn-1.domain.net'
>> (myself) with RSA signature successful
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending end entity cert "CN=
>> vpn-1.domain.net"
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending issuer cert "C=US, O=Let's
>> Encrypt, CN=Let's Encrypt Authority X3"
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
>> IDr CERT CERT AUTH EAP/REQ/ID ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] splitting IKE message with length
>> of 2924 bytes into 3 fragments
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
>> EF(1/3) ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
>> EF(2/3) ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
>> EF(3/3) ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 14[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 14[ENC] parsed IKE_AUTH request 2 [
>> EAP/RES/ID ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 14[IKE] received EAP identity 'userx'
>>
>> Mar 29 16:50:45 vpn-1 charon: 14[CFG] sending RADIUS Access-Request to
>> server 'server-a'
>>
>> Mar 29 16:50:45 vpn-1 charon: 14[CFG] received RADIUS Access-Challenge
>> from server 'server-a'
>>
>> Mar 29 16:50:45 vpn-1 charon: 14[IKE] initiating EAP_MD5 method (id 0x01)
>>
>> Mar 29 16:50:45 vpn-1 charon: 14[ENC] generating IKE_AUTH response 2 [
>> EAP/REQ/MD5 ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 14[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 13[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:45 vpn-1 charon: 13[ENC] parsed IKE_AUTH request 3 [
>> EAP/RES/NAK ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 13[CFG] sending RADIUS Access-Request to
>> server 'server-a'
>>
>> Mar 29 16:50:45 vpn-1 charon: 13[CFG] received RADIUS Access-Challenge
>> from server 'server-a'
>>
>> Mar 29 16:50:45 vpn-1 charon: 13[ENC] generating IKE_AUTH response 3 [
>> EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:45 vpn-1 charon: 13[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 15[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 15[ENC] parsed IKE_AUTH request 4 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 15[CFG] sending RADIUS Access-Request to
>> server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 15[CFG] received RADIUS Access-Challenge
>> from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 15[ENC] generating IKE_AUTH response 4 [
>> EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 15[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 06[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 06[ENC] parsed IKE_AUTH request 5 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 06[CFG] sending RADIUS Access-Request to
>> server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 06[CFG] received RADIUS Access-Challenge
>> from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 06[ENC] generating IKE_AUTH response 5 [
>> EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 06[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 05[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 05[ENC] parsed IKE_AUTH request 6 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 05[CFG] sending RADIUS Access-Request to
>> server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 05[CFG] received RADIUS Access-Challenge
>> from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 05[ENC] generating IKE_AUTH response 6 [
>> EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 05[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 16[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 16[ENC] parsed IKE_AUTH request 7 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 16[CFG] sending RADIUS Access-Request to
>> server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 16[CFG] received RADIUS Access-Challenge
>> from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 16[ENC] generating IKE_AUTH response 7 [
>> EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 16[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 07[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 07[ENC] parsed IKE_AUTH request 8 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 07[CFG] sending RADIUS Access-Request to
>> server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 07[CFG] received RADIUS Access-Challenge
>> from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 07[ENC] generating IKE_AUTH response 8 [
>> EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 07[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 08[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 08[ENC] parsed IKE_AUTH request 9 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 08[CFG] sending RADIUS Access-Request to
>> server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 08[CFG] received RADIUS Access-Challenge
>> from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 08[ENC] generating IKE_AUTH response 9 [
>> EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 08[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] initiating EAP_IDENTITY method
>> (id 0x00)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] peer supports MOBIKE
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] authentication of '
>> vpn-1.domain.net' (myself) with RSA signature successful
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending end entity cert "CN=
>> vpn-1.domain.net"
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending issuer cert "C=US,
>> O=Let's Encrypt, CN=Let's Encrypt Authority X3"
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1
>> [ IDr CERT CERT AUTH EAP/REQ/ID ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] splitting IKE message with
>> length of 2924 bytes into 3 fragments
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1
>> [ EF(1/3) ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1
>> [ EF(2/3) ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1
>> [ EF(3/3) ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] parsed IKE_AUTH request 2 [
>> EAP/RES/ID ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] received EAP identity 'userx'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] sending RADIUS Access-Request
>> to server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] received RADIUS
>> Access-Challenge from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] initiating EAP_MD5 method (id
>> 0x01)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] generating IKE_AUTH response 2
>> [ EAP/REQ/MD5 ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] parsed IKE_AUTH request 3 [
>> EAP/RES/NAK ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] sending RADIUS Access-Request
>> to server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] received RADIUS
>> Access-Challenge from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] generating IKE_AUTH response 3
>> [ EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] parsed IKE_AUTH request 4 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] sending RADIUS Access-Request
>> to server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] received RADIUS
>> Access-Challenge from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] generating IKE_AUTH response 4
>> [ EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 09[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] parsed IKE_AUTH request 5 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] sending RADIUS Access-Request
>> to server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] received RADIUS
>> Access-Challenge from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] generating IKE_AUTH response 5
>> [ EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] parsed IKE_AUTH request 6 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] sending RADIUS Access-Request
>> to server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] received RADIUS
>> Access-Challenge from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] generating IKE_AUTH response 6
>> [ EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] parsed IKE_AUTH request 7 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] sending RADIUS Access-Request
>> to server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] received RADIUS
>> Access-Challenge from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] generating IKE_AUTH response 7
>> [ EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] parsed IKE_AUTH request 8 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS Access-Request
>> to server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] received RADIUS
>> Access-Challenge from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] generating IKE_AUTH response 8
>> [ EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes)
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_AUTH request 9 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] sending RADIUS Access-Request
>> to server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] received RADIUS
>> Access-Challenge from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] generating IKE_AUTH response 9
>> [ EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 10 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 09[CFG] sending RADIUS Access-Request to
>> server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 09[CFG] received RADIUS Access-Challenge
>> from server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 09[ENC] generating IKE_AUTH response 10 [
>> EAP/REQ/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 09[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 10[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (124 bytes)
>>
>> Mar 29 16:50:46 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 11 [
>> EAP/RES/PEAP ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 10[CFG] sending RADIUS Access-Request to
>> server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 10[CFG] received RADIUS Access-Accept from
>> server 'server-a'
>>
>> Mar 29 16:50:46 vpn-1 charon: 10[CFG] scheduling RADIUS Interim-Updates
>> every 300s
>>
>> Mar 29 16:50:46 vpn-1 charon: 10[IKE] RADIUS authentication of 'userx'
>> successful
>>
>> Mar 29 16:50:46 vpn-1 charon: 10[IKE] EAP method EAP_PEAP succeeded, MSK
>> established
>>
>> Mar 29 16:50:46 vpn-1 charon: 10[ENC] generating IKE_AUTH response 11 [
>> EAP/SUCC ]
>>
>> Mar 29 16:50:46 vpn-1 charon: 10[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[NET] received packet: from
>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (92 bytes)
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 12 [ AUTH ]
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of '192.168.1.104'
>> with EAP successful
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of 'vpn-1.domain.net'
>> (myself) with EAP
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] IKE_SA roadwarrior[2] established
>> between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104]
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[CFG] reassigning offline lease to 'userx'
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] assigning virtual IP 10.10.10.1 to
>> peer 'userx'
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any6
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] no virtual IP found for %any6
>> requested by 'userx'
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] CHILD_SA roadwarrior{4} established
>> with SPIs c10aa3f3_i 32cfd28c_o and TS 0.0.0.0/0 === 10.10.10.1/32
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[CFG] sending RADIUS Accounting-Request
>> to server 'server-a'
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[CFG] received RADIUS Accounting-Response
>> from server 'server-a'
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[ENC] generating IKE_AUTH response 12 [
>> AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
>>
>> Mar 29 16:50:47 vpn-1 charon: 12[NET] sending packet: from
>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (236 bytes)
>>
>> Mar 29 16:51:07 vpn-1 charon: 15[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:51:27 vpn-1 charon: 16[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:51:47 vpn-1 charon: 07[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:52:07 vpn-1 charon: 09[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:52:27 vpn-1 charon: 11[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:52:47 vpn-1 charon: 12[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:53:07 vpn-1 charon: 14[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:53:27 vpn-1 charon: 15[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>> Mar 29 16:53:47 vpn-1 charon: 16[IKE] sending keep alive to
>> 91.98.xxx.xxx[4500]
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190402/91ce79af/attachment-0001.html>
More information about the Users
mailing list