[strongSwan] Windows 10 connects to StrongSwan but IP doesn't change

Houman houmie at gmail.com
Sun Apr 14 21:06:13 CEST 2019


Hi Filipe,

Sorry for the late reply.  Below is the information you had requested. It
shows 10.10.10.1 instead of 10.10.10.0. Is that the problem?
What can I do?

PPP adapter vpn-1.domain.net:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : vpn-1.domain.net
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.10.10.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled

Many Thanks,
Houman

On Tue, 2 Apr 2019 at 16:09, Felipe Arturo Polanco <felipeapolanco at gmail.com>
wrote:

> Hi,
>
> Do an ipconfig /all in windows and check that you have an 10.10.10.0/24
> IP in the output.
>
> On Tue, Apr 2, 2019 at 6:03 AM Houman <houmie at gmail.com> wrote:
>
>> Hey guys,
>>
>> I wonder if this email went through and someone has an idea why this is
>> happening.
>>
>> Many Thanks,
>> Houman
>>
>> On Fri, 29 Mar 2019 at 17:04, Houman <houmie at gmail.com> wrote:
>>
>>> Hello,
>>>
>>> Please help me with this, as I'm completely stuck.
>>>
>>> Windows 10 can connect to my StrongSwan server. But the IP address
>>> doesn't change to the VPN. It still shows the local IP address. Accordingly
>>> blocked websites remain blocked.
>>>
>>> config setup
>>>   strictcrlpolicy=yes
>>>   uniqueids=never
>>> conn roadwarrior
>>>   auto=add
>>>   compress=no
>>>   type=tunnel
>>>   keyexchange=ikev2
>>>   fragmentation=yes
>>>   forceencaps=yes
>>>   ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384
>>>   esp=aes256-sha1,3des-sha1!
>>>   dpdaction=clear
>>>   dpddelay=180s
>>>   rekey=no
>>>   left=%any
>>>   leftid=@vpn-1.domain.net
>>>   leftcert=cert.pem
>>>   leftsendcert=always
>>>   leftsubnet=0.0.0.0/0
>>>   right=%any
>>>   rightid=%any
>>>   rightauth=eap-radius
>>>   eap_identity=%any
>>>   rightdns=208.67.222.222,208.67.220.220
>>>   rightsourceip=10.10.10.0/24
>>>   rightsendcert=never
>>>
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from
>>> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA
>>> KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9
>>> vendor ID
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery
>>> Capable vendor ID
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact
>>> vendor ID
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID:
>>> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an
>>> IKE_SA
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending
>>> keep alives
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0
>>> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from
>>> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [
>>> EF(1/4) ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting
>>> for complete IKE message
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [
>>> EF(2/4) ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting
>>> for complete IKE message
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [
>>> EF(3/4) ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting
>>> for complete IKE message
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [
>>> EF(4/4) ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4,
>>> reassembling fragmented IKE message
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi
>>> CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an
>>> unknown ca
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching
>>> 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior'
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA
>>> request 15 [ SA No TSi TSr ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3}
>>> established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 ===
>>> 10.10.10.1/32
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA
>>> response 15 [ SA No TSi TSr ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request
>>> 16 [ D ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP
>>> CHILD_SA with SPI af63e684
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing CHILD_SA
>>> roadwarrior{2} with SPIs cf6737f5_i (104 bytes) af63e684_o (0 bytes) and TS
>>> 0.0.0.0/0 === 10.10.10.1/32
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] sending DELETE for ESP
>>> CHILD_SA with SPI cf6737f5
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] CHILD_SA closed
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL
>>> response 16 [ D ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 14[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 13[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 06[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] parsed INFORMATIONAL request
>>> 17 [ D ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] received DELETE for ESP
>>> CHILD_SA with SPI d57f9f2c
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] closing CHILD_SA
>>> roadwarrior{3} with SPIs ccadd085_i (2260 bytes) d57f9f2c_o (0 bytes) and
>>> TS 0.0.0.0/0 === 10.10.10.1/32
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] sending DELETE for ESP
>>> CHILD_SA with SPI ccadd085
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] CHILD_SA closed
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] generating INFORMATIONAL
>>> response 17 [ D ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request
>>> 18 [ D ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for IKE_SA
>>> roadwarrior[1]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] deleting IKE_SA
>>> roadwarrior[1] between 172.31.0.243[vpn-1.domain.net
>>> ]...91.98.xxx.xxx[192.168.1.104]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] IKE_SA deleted
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS
>>> Accounting-Request to server 'server-a'
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] received RADIUS
>>> Accounting-Response from server 'server-a'
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL
>>> response 18 [ ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] lease 10.10.10.1 by 'userx'
>>> went offline
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] received packet: from
>>> 91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_SA_INIT request 0
>>> [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS NT5 ISAKMPOAKLEY
>>> v9 vendor ID
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS-Negotiation
>>> Discovery Capable vendor ID
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received Vid-Initial-Contact
>>> vendor ID
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] received unknown vendor ID:
>>> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] 91.98.xxx.xxx is initiating
>>> an IKE_SA
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] local host is behind NAT,
>>> sending keep alives
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] remote host is behind NAT
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] generating IKE_SA_INIT
>>> response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] sending packet: from
>>> 172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] parsed IKE_AUTH request 1 [
>>> EF(1/4) ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] received fragment #1 of 4,
>>> waiting for complete IKE message
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] parsed IKE_AUTH request 1 [
>>> EF(2/4) ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] received fragment #2 of 4,
>>> waiting for complete IKE message
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] parsed IKE_AUTH request 1 [
>>> EF(3/4) ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] received fragment #3 of 4,
>>> waiting for complete IKE message
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [
>>> EF(4/4) ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] received fragment #4 of 4,
>>> reassembling fragmented IKE message
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [
>>> IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi
>>> TSr ]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] received 57 cert requests for
>>> an unknown ca
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] looking for peer configs
>>> matching 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104]
>>>
>>> Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] selected peer config
>>> 'roadwarrior'
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] initiating EAP_IDENTITY method (id
>>> 0x00)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] peer supports MOBIKE
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] authentication of '
>>> vpn-1.domain.net' (myself) with RSA signature successful
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending end entity cert "CN=
>>> vpn-1.domain.net"
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending issuer cert "C=US, O=Let's
>>> Encrypt, CN=Let's Encrypt Authority X3"
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
>>> IDr CERT CERT AUTH EAP/REQ/ID ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] splitting IKE message with length
>>> of 2924 bytes into 3 fragments
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
>>> EF(1/3) ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
>>> EF(2/3) ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
>>> EF(3/3) ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 14[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 14[ENC] parsed IKE_AUTH request 2 [
>>> EAP/RES/ID ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 14[IKE] received EAP identity 'userx'
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 14[CFG] sending RADIUS Access-Request to
>>> server 'server-a'
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 14[CFG] received RADIUS Access-Challenge
>>> from server 'server-a'
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 14[IKE] initiating EAP_MD5 method (id 0x01)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 14[ENC] generating IKE_AUTH response 2 [
>>> EAP/REQ/MD5 ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 14[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 13[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 13[ENC] parsed IKE_AUTH request 3 [
>>> EAP/RES/NAK ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 13[CFG] sending RADIUS Access-Request to
>>> server 'server-a'
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 13[CFG] received RADIUS Access-Challenge
>>> from server 'server-a'
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 13[ENC] generating IKE_AUTH response 3 [
>>> EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:45 vpn-1 charon: 13[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 15[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 15[ENC] parsed IKE_AUTH request 4 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 15[CFG] sending RADIUS Access-Request to
>>> server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 15[CFG] received RADIUS Access-Challenge
>>> from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 15[ENC] generating IKE_AUTH response 4 [
>>> EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 15[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 06[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 06[ENC] parsed IKE_AUTH request 5 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 06[CFG] sending RADIUS Access-Request to
>>> server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 06[CFG] received RADIUS Access-Challenge
>>> from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 06[ENC] generating IKE_AUTH response 5 [
>>> EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 06[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 05[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 05[ENC] parsed IKE_AUTH request 6 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 05[CFG] sending RADIUS Access-Request to
>>> server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 05[CFG] received RADIUS Access-Challenge
>>> from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 05[ENC] generating IKE_AUTH response 6 [
>>> EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 05[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 16[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 16[ENC] parsed IKE_AUTH request 7 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 16[CFG] sending RADIUS Access-Request to
>>> server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 16[CFG] received RADIUS Access-Challenge
>>> from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 16[ENC] generating IKE_AUTH response 7 [
>>> EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 16[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 07[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 07[ENC] parsed IKE_AUTH request 8 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 07[CFG] sending RADIUS Access-Request to
>>> server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 07[CFG] received RADIUS Access-Challenge
>>> from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 07[ENC] generating IKE_AUTH response 8 [
>>> EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 07[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 08[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 08[ENC] parsed IKE_AUTH request 9 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 08[CFG] sending RADIUS Access-Request to
>>> server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 08[CFG] received RADIUS Access-Challenge
>>> from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 08[ENC] generating IKE_AUTH response 9 [
>>> EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 08[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] initiating EAP_IDENTITY
>>> method (id 0x00)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] peer supports MOBIKE
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] authentication of '
>>> vpn-1.domain.net' (myself) with RSA signature successful
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending end entity cert "CN=
>>> vpn-1.domain.net"
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending issuer cert "C=US,
>>> O=Let's Encrypt, CN=Let's Encrypt Authority X3"
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response
>>> 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] splitting IKE message with
>>> length of 2924 bytes into 3 fragments
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response
>>> 1 [ EF(1/3) ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response
>>> 1 [ EF(2/3) ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response
>>> 1 [ EF(3/3) ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] parsed IKE_AUTH request 2 [
>>> EAP/RES/ID ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] received EAP identity 'userx'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] sending RADIUS Access-Request
>>> to server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] received RADIUS
>>> Access-Challenge from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] initiating EAP_MD5 method (id
>>> 0x01)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] generating IKE_AUTH response
>>> 2 [ EAP/REQ/MD5 ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] parsed IKE_AUTH request 3 [
>>> EAP/RES/NAK ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] sending RADIUS Access-Request
>>> to server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] received RADIUS
>>> Access-Challenge from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] generating IKE_AUTH response
>>> 3 [ EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] parsed IKE_AUTH request 4 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] sending RADIUS Access-Request
>>> to server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] received RADIUS
>>> Access-Challenge from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] generating IKE_AUTH response
>>> 4 [ EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 09[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] parsed IKE_AUTH request 5 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] sending RADIUS Access-Request
>>> to server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] received RADIUS
>>> Access-Challenge from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] generating IKE_AUTH response
>>> 5 [ EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] parsed IKE_AUTH request 6 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] sending RADIUS Access-Request
>>> to server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] received RADIUS
>>> Access-Challenge from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] generating IKE_AUTH response
>>> 6 [ EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] parsed IKE_AUTH request 7 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] sending RADIUS Access-Request
>>> to server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] received RADIUS
>>> Access-Challenge from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] generating IKE_AUTH response
>>> 7 [ EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] parsed IKE_AUTH request 8 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS Access-Request
>>> to server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] received RADIUS
>>> Access-Challenge from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] generating IKE_AUTH response
>>> 8 [ EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_AUTH request 9 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] sending RADIUS Access-Request
>>> to server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] received RADIUS
>>> Access-Challenge from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] generating IKE_AUTH response
>>> 9 [ EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 10 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 09[CFG] sending RADIUS Access-Request to
>>> server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 09[CFG] received RADIUS Access-Challenge
>>> from server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 09[ENC] generating IKE_AUTH response 10 [
>>> EAP/REQ/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 09[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 10[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (124 bytes)
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 11 [
>>> EAP/RES/PEAP ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 10[CFG] sending RADIUS Access-Request to
>>> server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 10[CFG] received RADIUS Access-Accept from
>>> server 'server-a'
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 10[CFG] scheduling RADIUS Interim-Updates
>>> every 300s
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 10[IKE] RADIUS authentication of 'userx'
>>> successful
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 10[IKE] EAP method EAP_PEAP succeeded, MSK
>>> established
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 10[ENC] generating IKE_AUTH response 11 [
>>> EAP/SUCC ]
>>>
>>> Mar 29 16:50:46 vpn-1 charon: 10[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[NET] received packet: from
>>> 91.98.xxx.xxx[4500] to 172.31.0.243[4500] (92 bytes)
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 12 [ AUTH ]
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of '192.168.1.104'
>>> with EAP successful
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of '
>>> vpn-1.domain.net' (myself) with EAP
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] IKE_SA roadwarrior[2] established
>>> between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104]
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[CFG] reassigning offline lease to
>>> 'userx'
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] assigning virtual IP 10.10.10.1 to
>>> peer 'userx'
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any6
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] no virtual IP found for %any6
>>> requested by 'userx'
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[IKE] CHILD_SA roadwarrior{4}
>>> established with SPIs c10aa3f3_i 32cfd28c_o and TS 0.0.0.0/0 ===
>>> 10.10.10.1/32
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[CFG] sending RADIUS Accounting-Request
>>> to server 'server-a'
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[CFG] received RADIUS
>>> Accounting-Response from server 'server-a'
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[ENC] generating IKE_AUTH response 12 [
>>> AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
>>>
>>> Mar 29 16:50:47 vpn-1 charon: 12[NET] sending packet: from
>>> 172.31.0.243[4500] to 91.98.xxx.xxx[4500] (236 bytes)
>>>
>>> Mar 29 16:51:07 vpn-1 charon: 15[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:51:27 vpn-1 charon: 16[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:51:47 vpn-1 charon: 07[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:52:07 vpn-1 charon: 09[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:52:27 vpn-1 charon: 11[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:52:47 vpn-1 charon: 12[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:53:07 vpn-1 charon: 14[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:53:27 vpn-1 charon: 15[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>> Mar 29 16:53:47 vpn-1 charon: 16[IKE] sending keep alive to
>>> 91.98.xxx.xxx[4500]
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190414/9ffb0361/attachment-0001.html>


More information about the Users mailing list