[strongSwan] Connecting but not connected
Stephen Feyrer
stephen.feyrer at greensill.com
Fri Aug 16 17:59:10 CEST 2019
Hi Tobias,
Part Pull
I am concerned about spamming so I hope this isn't too much.
conn officeVPN
aggressive=yes
keyexchange=ikev1
type=tunnel
authby=xauthpsk
ike=aes128-sha1-modp2048
left=%defaultroute
leftsourceip=%config
modeconfig=push|pull
right=50.45.0.51
rightid=196.198.128.64
rightfirewall=yes
auto=add
xauth_identity=user
Logs modeconfig=push
~$ sudo ipsec statusall
Status of IKE charon daemon (weakSwan 5.6.2, Linux 5.0.0-23-generic, x86_64):
uptime: 2 minutes, since Aug 16 16:14:25 2019
malloc: sbrk 2568192, mmap 0, used 602752, free 1965440
worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
loaded plugins: charon aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown eap-mschapv2 xauth-generic counters
Listening IP addresses:
10.0.0.3
Connections:
officeVPN: %any...50.45.0.51 IKEv1 Aggressive
officeVPN: local: [10.0.0.3] uses pre-shared key authentication
officeVPN: local: uses XAuth authentication: any with XAuth identity 'user'
officeVPN: remote: [196.198.128.64] uses pre-shared key authentication
officeVPN: child: dynamic === dynamic TUNNEL
Security Associations (1 up, 0 connecting):
officeVPN[1]: ESTABLISHED 2 minutes ago, 10.0.0.3[10.0.0.3]...50.45.0.51[196.198.128.64]
officeVPN[1]: IKEv1 SPIs: <SANITISED VALUE>_i* <SANITISED VALUE>_r, pre-shared key+XAuth reauthentication in 2 hours
officeVPN[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
officeVPN[1]: Tasks queued: QUICK_MODE
$ sudo ipsec up officeVPN
initiating Aggressive Mode IKE_SA officeVPN[1] to 50.45.0.51
generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
sending packet: from 10.0.0.3[500] to 50.45.0.51[500] (548 bytes)
received packet: from 50.45.0.51[500] to 10.0.0.3[500] (564 bytes)
parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ]
received NAT-T (RFC 3947) vendor ID
received DPD vendor ID
received XAuth vendor ID
received unknown vendor ID: <SANITISED VALUE>
received FRAGMENTATION vendor ID
received FRAGMENTATION vendor ID
local host is behind NAT, sending keep alives
remote host is behind NAT
generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (108 bytes)
received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)
parsed TRANSACTION request 771264833 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]
generating TRANSACTION response 771264833 [ HASH CPRP(X_USER X_PWD) ]
sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)
parsed TRANSACTION request 3349886284 [ HASH CPS(X_STATUS) ]
XAuth authentication of 'user' (myself) successful
IKE_SA officeVPN[1] established between 10.0.0.3[10.0.0.3]...50.45.0.51[196.198.128.64]
scheduling reauthentication in 9852s
maximum IKE_SA lifetime 10392s
generating TRANSACTION response 3349886284 [ HASH CPA(X_STATUS) ]
sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (76 bytes)
received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (92 bytes)
parsed INFORMATIONAL_V1 request 1714123051 [ HASH N(DPD) ]
generating INFORMATIONAL_V1 request 3290006026 [ HASH N(DPD_ACK) ]
sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (92 bytes)
parsed INFORMATIONAL_V1 request 2545931713 [ HASH N(DPD) ]
generating INFORMATIONAL_V1 request 3138418696 [ HASH N(DPD_ACK) ]
sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (92 bytes)
parsed INFORMATIONAL_V1 request 4173293943 [ HASH N(DPD) ]
generating INFORMATIONAL_V1 request 529988676 [ HASH N(DPD_ACK) ]
sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
Fri, 2019-08-16 16:14 15[NET] <officeVPN|1> received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (92 bytes)
Fri, 2019-08-16 16:14 15[ENC] <officeVPN|1> parsed INFORMATIONAL_V1 request 2068099626 [ HASH N(DPD) ]
Fri, 2019-08-16 16:14 15[IKE] <officeVPN|1> queueing ISAKMP_DPD task
Fri, 2019-08-16 16:14 15[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:14 15[IKE] <officeVPN|1> activating ISAKMP_DPD task
Fri, 2019-08-16 16:14 15[ENC] <officeVPN|1> generating INFORMATIONAL_V1 request 2123307044 [ HASH N(DPD_ACK) ]
Fri, 2019-08-16 16:14 15[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
Fri, 2019-08-16 16:14 15[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:14 15[IKE] <officeVPN|1> nothing to initiate
Fri, 2019-08-16 16:14 00[DMN] signal of type SIGINT received. Shutting down
Fri, 2019-08-16 16:14 00[IKE] <officeVPN|1> queueing ISAKMP_DELETE task
Fri, 2019-08-16 16:14 00[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:14 00[IKE] <officeVPN|1> activating ISAKMP_DELETE task
Fri, 2019-08-16 16:14 00[IKE] <officeVPN|1> deleting IKE_SA officeVPN[1] between 10.0.0.3[10.0.0.3]...50.45.0.51[196.198.128.64]
Fri, 2019-08-16 16:14 00[IKE] <officeVPN|1> sending DELETE for IKE_SA officeVPN[1]
Fri, 2019-08-16 16:14 00[IKE] <officeVPN|1> IKE_SA officeVPN[1] state change: ESTABLISHED => DELETING
Fri, 2019-08-16 16:14 00[ENC] <officeVPN|1> generating INFORMATIONAL_V1 request 2996366783 [ HASH D ]
Fri, 2019-08-16 16:14 00[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
Fri, 2019-08-16 16:14 00[IKE] <officeVPN|1> IKE_SA officeVPN[1] state change: DELETING => DESTROYING
Fri, 2019-08-16 16:14 00[IKE] <officeVPN|1> removing DNS server 196.198.128.32 from /etc/resolv.conf
Fri, 2019-08-16 16:14 00[KNL] <officeVPN|1> deleting virtual IP 192.168.50.13
tail: /var/log/charon_debug.log: file truncated
Fri, 2019-08-16 16:14 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 5.0.0-23-generic, x86_64)
Fri, 2019-08-16 16:14 00[LIB] plugin 'aesni': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'aes': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'rc2': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'sha2': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'sha1': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'md4': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'md5': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'mgf1': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'random': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'nonce': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'x509': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'revocation': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'constraints': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'pubkey': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'pkcs1': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'pkcs7': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'pkcs8': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'pkcs12': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'pgp': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'dnskey': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'sshkey': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'pem': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'openssl': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'fips-prf': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'gmp': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'agent': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'xcbc': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'hmac': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'gcm': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'attr': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'kernel-netlink': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'resolve': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'socket-default': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'connmark': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'stroke': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'vici': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'updown': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'eap-mschapv2': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'xauth-generic': loaded successfully
Fri, 2019-08-16 16:14 00[LIB] plugin 'counters': loaded successfully
Fri, 2019-08-16 16:14 00[KNL] known interfaces and IP addresses:
Fri, 2019-08-16 16:14 00[KNL] lo
Fri, 2019-08-16 16:14 00[KNL] 127.0.0.1
Fri, 2019-08-16 16:14 00[KNL] ::1
Fri, 2019-08-16 16:14 00[KNL] enp4s0
Fri, 2019-08-16 16:14 00[KNL] wlp2s0
Fri, 2019-08-16 16:14 00[KNL] 10.0.0.3
Fri, 2019-08-16 16:14 00[KNL] <SANITISED VALUE>
Fri, 2019-08-16 16:14 00[LIB] feature PUBKEY:ED25519 in plugin 'pem' has unmet dependency: PUBKEY:ED25519
Fri, 2019-08-16 16:14 00[LIB] feature PUBKEY:BLISS in plugin 'pem' has unmet dependency: PUBKEY:BLISS
Fri, 2019-08-16 16:14 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
Fri, 2019-08-16 16:14 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
Fri, 2019-08-16 16:14 00[LIB] feature PRIVKEY:BLISS in plugin 'pem' has unmet dependency: PRIVKEY:BLISS
Fri, 2019-08-16 16:14 00[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
Fri, 2019-08-16 16:14 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
Fri, 2019-08-16 16:14 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
Fri, 2019-08-16 16:14 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
Fri, 2019-08-16 16:14 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
Fri, 2019-08-16 16:14 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
Fri, 2019-08-16 16:14 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
Fri, 2019-08-16 16:14 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
Fri, 2019-08-16 16:14 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
Fri, 2019-08-16 16:14 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Fri, 2019-08-16 16:14 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Fri, 2019-08-16 16:14 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Fri, 2019-08-16 16:14 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Fri, 2019-08-16 16:14 00[CFG] loading crls from '/etc/ipsec.d/crls'
Fri, 2019-08-16 16:14 00[CFG] loading secrets from '/etc/ipsec.secrets'
Fri, 2019-08-16 16:14 00[CFG] loaded IKE secret for 50.45.0.51 %any
Fri, 2019-08-16 16:14 00[CFG] loaded EAP secret for user %any
Fri, 2019-08-16 16:14 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-ee18db9c-522d-4da5-8a69-d3dcb8d23097.secrets'
Fri, 2019-08-16 16:14 00[CFG] loaded IKE secret for 50.45.0.51
Fri, 2019-08-16 16:14 00[LIB] unloading plugin 'aesni' without loaded features
Fri, 2019-08-16 16:14 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown eap-mschapv2 xauth-generic counters
Fri, 2019-08-16 16:14 00[LIB] unable to load 14 plugin features (14 due to unmet dependencies)
Fri, 2019-08-16 16:14 00[LIB] dropped capabilities, running as uid 0, gid 0
Fri, 2019-08-16 16:14 00[JOB] spawning 16 worker threads
Fri, 2019-08-16 16:14 01[LIB] created thread 01 [6452]
Fri, 2019-08-16 16:14 03[LIB] created thread 03 [6453]
Fri, 2019-08-16 16:14 02[LIB] created thread 02 [6454]
Fri, 2019-08-16 16:14 06[LIB] created thread 06 [6457]
Fri, 2019-08-16 16:14 05[LIB] created thread 05 [6456]
Fri, 2019-08-16 16:14 04[LIB] created thread 04 [6455]
Fri, 2019-08-16 16:14 09[LIB] created thread 09 [6460]
Fri, 2019-08-16 16:14 07[LIB] created thread 07 [6458]
Fri, 2019-08-16 16:14 08[LIB] created thread 08 [6459]
Fri, 2019-08-16 16:14 10[LIB] created thread 10 [6461]
Fri, 2019-08-16 16:14 11[LIB] created thread 11 [6462]
Fri, 2019-08-16 16:14 12[LIB] created thread 12 [6463]
Fri, 2019-08-16 16:14 13[LIB] created thread 13 [6464]
Fri, 2019-08-16 16:14 14[LIB] created thread 14 [6466]
Fri, 2019-08-16 16:14 16[LIB] created thread 16 [6467]
Fri, 2019-08-16 16:14 15[LIB] created thread 15 [6465]
Fri, 2019-08-16 16:14 04[CFG] received stroke: add connection 'officeVPN'
Fri, 2019-08-16 16:14 04[CFG] conn officeVPN
Fri, 2019-08-16 16:14 04[CFG] left=%any
Fri, 2019-08-16 16:14 04[CFG] leftsourceip=%config
Fri, 2019-08-16 16:14 04[CFG] leftauth=psk
Fri, 2019-08-16 16:14 04[CFG] leftauth2=xauth
Fri, 2019-08-16 16:14 04[CFG] right=50.45.0.51
Fri, 2019-08-16 16:14 04[CFG] rightauth=psk
Fri, 2019-08-16 16:14 04[CFG] rightid=196.198.128.64
Fri, 2019-08-16 16:14 04[CFG] rightupdown=ipsec _updown iptables
Fri, 2019-08-16 16:14 04[CFG] xauth_identity=user
Fri, 2019-08-16 16:14 04[CFG] ike=aes128-sha1-modp2048
Fri, 2019-08-16 16:14 04[CFG] dpddelay=30
Fri, 2019-08-16 16:14 04[CFG] dpdtimeout=150
Fri, 2019-08-16 16:14 04[CFG] sha256_96=no
Fri, 2019-08-16 16:14 04[CFG] mediation=no
Fri, 2019-08-16 16:14 04[CFG] keyexchange=ikev1
Fri, 2019-08-16 16:14 04[KNL] 50.45.0.51 is not a local address or the interface is down
Fri, 2019-08-16 16:14 04[CFG] added configuration 'officeVPN'
Fri, 2019-08-16 16:14 09[CFG] received stroke: initiate 'officeVPN'
Fri, 2019-08-16 16:14 08[KNL] <officeVPN|1> using 10.0.0.3 as address to reach 50.45.0.51/32
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> queueing ISAKMP_VENDOR task
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> queueing ISAKMP_CERT_PRE task
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> queueing AGGRESSIVE_MODE task
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> queueing ISAKMP_CERT_POST task
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> queueing ISAKMP_NATD task
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> queueing QUICK_MODE task
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> activating ISAKMP_VENDOR task
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> activating ISAKMP_CERT_PRE task
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> activating AGGRESSIVE_MODE task
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> activating ISAKMP_CERT_POST task
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> activating ISAKMP_NATD task
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> sending XAuth vendor ID
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> sending DPD vendor ID
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> sending FRAGMENTATION vendor ID
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> sending NAT-T (RFC 3947) vendor ID
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> initiating Aggressive Mode IKE_SA officeVPN[1] to 50.45.0.51
Fri, 2019-08-16 16:14 08[IKE] <officeVPN|1> IKE_SA officeVPN[1] state change: CREATED => CONNECTING
Fri, 2019-08-16 16:14 08[CFG] <officeVPN|1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Fri, 2019-08-16 16:14 08[LIB] <officeVPN|1> size of DH secret exponent: 2047 bits
Fri, 2019-08-16 16:14 08[ENC] <officeVPN|1> generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
Fri, 2019-08-16 16:14 08[NET] <officeVPN|1> sending packet: from 10.0.0.3[500] to 50.45.0.51[500] (548 bytes)
Fri, 2019-08-16 16:14 10[NET] <officeVPN|1> received packet: from 50.45.0.51[500] to 10.0.0.3[500] (564 bytes)
Fri, 2019-08-16 16:14 10[ENC] <officeVPN|1> parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ]
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> received NAT-T (RFC 3947) vendor ID
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> received DPD vendor ID
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> received XAuth vendor ID
Fri, 2019-08-16 16:14 10[ENC] <officeVPN|1> received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> received FRAGMENTATION vendor ID
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> received FRAGMENTATION vendor ID
Fri, 2019-08-16 16:14 10[CFG] <officeVPN|1> selecting proposal:
Fri, 2019-08-16 16:14 10[CFG] <officeVPN|1> proposal matches
Fri, 2019-08-16 16:14 10[CFG] <officeVPN|1> received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Fri, 2019-08-16 16:14 10[CFG] <officeVPN|1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Fri, 2019-08-16 16:14 10[CFG] <officeVPN|1> selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> local host is behind NAT, sending keep alives
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> remote host is behind NAT
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> reinitiating already active tasks
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> ISAKMP_VENDOR task
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> AGGRESSIVE_MODE task
Fri, 2019-08-16 16:14 10[ENC] <officeVPN|1> generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
Fri, 2019-08-16 16:14 10[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (108 bytes)
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:14 10[IKE] <officeVPN|1> nothing to initiate
Fri, 2019-08-16 16:14 11[NET] <officeVPN|1> received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)
Fri, 2019-08-16 16:14 11[ENC] <officeVPN|1> parsed TRANSACTION request 771264833 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]
Fri, 2019-08-16 16:14 11[ENC] <officeVPN|1> generating TRANSACTION response 771264833 [ HASH CPRP(X_USER X_PWD) ]
Fri, 2019-08-16 16:14 11[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
Fri, 2019-08-16 16:14 12[NET] <officeVPN|1> received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)
Fri, 2019-08-16 16:14 12[ENC] <officeVPN|1> parsed TRANSACTION request 3349886284 [ HASH CPS(X_STATUS) ]
Fri, 2019-08-16 16:14 12[IKE] <officeVPN|1> XAuth authentication of 'user' (myself) successful
Fri, 2019-08-16 16:14 12[IKE] <officeVPN|1> IKE_SA officeVPN[1] established between 10.0.0.3[10.0.0.3]...50.45.0.51[196.198.128.64]
Fri, 2019-08-16 16:14 12[IKE] <officeVPN|1> IKE_SA officeVPN[1] state change: CONNECTING => ESTABLISHED
Fri, 2019-08-16 16:14 12[IKE] <officeVPN|1> scheduling reauthentication in 9852s
Fri, 2019-08-16 16:14 12[IKE] <officeVPN|1> maximum IKE_SA lifetime 10392s
Fri, 2019-08-16 16:14 12[ENC] <officeVPN|1> generating TRANSACTION response 3349886284 [ HASH CPA(X_STATUS) ]
Fri, 2019-08-16 16:14 12[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (76 bytes)
Fri, 2019-08-16 16:14 12[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:14 12[IKE] <officeVPN|1> nothing to initiate
Fri, 2019-08-16 16:15 04[NET] <officeVPN|1> received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (92 bytes)
Fri, 2019-08-16 16:15 04[ENC] <officeVPN|1> parsed INFORMATIONAL_V1 request 1714123051 [ HASH N(DPD) ]
Fri, 2019-08-16 16:15 04[IKE] <officeVPN|1> queueing ISAKMP_DPD task
Fri, 2019-08-16 16:15 04[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:15 04[IKE] <officeVPN|1> activating ISAKMP_DPD task
Fri, 2019-08-16 16:15 04[ENC] <officeVPN|1> generating INFORMATIONAL_V1 request 3290006026 [ HASH N(DPD_ACK) ]
Fri, 2019-08-16 16:15 04[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
Fri, 2019-08-16 16:15 04[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:15 04[IKE] <officeVPN|1> nothing to initiate
Fri, 2019-08-16 16:16 11[NET] <officeVPN|1> received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (92 bytes)
Fri, 2019-08-16 16:16 11[ENC] <officeVPN|1> parsed INFORMATIONAL_V1 request 2545931713 [ HASH N(DPD) ]
Fri, 2019-08-16 16:16 11[IKE] <officeVPN|1> queueing ISAKMP_DPD task
Fri, 2019-08-16 16:16 11[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:16 11[IKE] <officeVPN|1> activating ISAKMP_DPD task
Fri, 2019-08-16 16:16 11[ENC] <officeVPN|1> generating INFORMATIONAL_V1 request 3138418696 [ HASH N(DPD_ACK) ]
Fri, 2019-08-16 16:16 11[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
Fri, 2019-08-16 16:16 11[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:16 11[IKE] <officeVPN|1> nothing to initiate
Fri, 2019-08-16 16:17 14[CFG] proposing traffic selectors for us:
Fri, 2019-08-16 16:17 14[CFG] dynamic
Fri, 2019-08-16 16:17 14[CFG] proposing traffic selectors for other:
Fri, 2019-08-16 16:17 14[CFG] dynamic
Fri, 2019-08-16 16:17 05[NET] <officeVPN|1> received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (92 bytes)
Fri, 2019-08-16 16:17 05[ENC] <officeVPN|1> parsed INFORMATIONAL_V1 request 4173293943 [ HASH N(DPD) ]
Fri, 2019-08-16 16:17 05[IKE] <officeVPN|1> queueing ISAKMP_DPD task
Fri, 2019-08-16 16:17 05[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:17 05[IKE] <officeVPN|1> activating ISAKMP_DPD task
Fri, 2019-08-16 16:17 05[ENC] <officeVPN|1> generating INFORMATIONAL_V1 request 529988676 [ HASH N(DPD_ACK) ]
Fri, 2019-08-16 16:17 05[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
Fri, 2019-08-16 16:17 05[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:17 05[IKE] <officeVPN|1> nothing to initiate
Thank you
--
Kind regards
Stephen Feyrer
________________________________
From: Tobias Brunner <tobias at strongswan.org>
Sent: 16 August 2019 15:48
To: Stephen Feyrer <stephen.feyrer at greensill.com>; strongSwan Users-Mailinglist <users at lists.strongswan.org>
Subject: Re: [strongSwan] Connecting but not connected
This message was sent from outside of Greensill Capital. Please do not open attachments or click on links unless you recognise the source of this email and are certain the content is safe.
Hi Stephen,
> I have already advised the team that Aggressive
> mode with psk is unsafe.
If you are at it, they shouldn't use IKEv1 or L2TP (if they actually do)
anymore either.
Looks like you might now have to add leftsourceip=%config again (the
peer is apparently not ready yet to accept Quick Mode requests, so it
might be waiting for Mode Config).
Regards,
Tobias
This message is for the designated recipient only and may contain privileged, proprietary or otherwise confidential information. If you have received this in error, please contact the sender immediately and delete the original. Any other use of this e-mail by you is prohibited. If we collect and use your personal data we will use it in accordance with our privacy policy<http://www.greensill.com/privacy/>. Greensill Capital (UK) Limited. Registered in England and Wales. Registered Number: 8126173. Registered Office: One Southampton Street, Covent Garden, London, WC2R 0LR, United Kingdom. Greensill Capital Pty Limited. Australian Company Number: 154 088 132. Registered Office: 62 -66 Woondooma Street, Bundaberg, Queensland 4670, Australia.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190816/8924b221/attachment-0001.html>
More information about the Users
mailing list