[strongSwan] Connecting but not connected

Stephen Feyrer stephen.feyrer at greensill.com
Mon Aug 19 12:02:29 CEST 2019


Hi Tobias,

I think that was a copy/paste error on my part.  Below is the logs from the modeconfig of the 2019.08.16  This morning it is very different.  I will send updates for push and pull separately.  Sorry for all the emails...

Part Pull - revised

conn officeVPN
    aggressive=yes
    keyexchange=ikev1
    type=tunnel
    authby=xauthpsk
    ike=aes128-sha1-modp2048
    left=%defaultroute
    leftsourceip=%config
    modeconfig=push|pull
    right=50.45.0.51
    rightid=196.198.128.64
    rightfirewall=yes
    auto=add
    xauth_identity=user

Logs: modeconfig=pull

$ sudo ipsec up officeVPN
initiating Aggressive Mode IKE_SA officeVPN[1] to 50.45.0.51
generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
sending packet: from 10.0.0.3[500] to 50.45.0.51[500] (548 bytes)
received packet: from 50.45.0.51[500] to 10.0.0.3[500] (564 bytes)
parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ]
received NAT-T (RFC 3947) vendor ID
received DPD vendor ID
received XAuth vendor ID
received unknown vendor ID: <SANITISED VALUE>
received FRAGMENTATION vendor ID
received FRAGMENTATION vendor ID
local host is behind NAT, sending keep alives
remote host is behind NAT
generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (108 bytes)
received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)
parsed TRANSACTION request 2540514547 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]
generating TRANSACTION response 2540514547 [ HASH CPRP(X_USER X_PWD) ]
sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)
parsed TRANSACTION request 3642301609 [ HASH CPS(X_STATUS) ]
XAuth authentication of 'user' (myself) successful
IKE_SA officeVPN[1] established between 10.0.0.3[10.0.0.3]...50.45.0.51[196.198.128.64]
scheduling reauthentication in 10148s
maximum IKE_SA lifetime 10688s
generating TRANSACTION response 3642301609 [ HASH CPA(X_STATUS) ]
sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (76 bytes)
generating TRANSACTION request 3757793988 [ HASH CPRQ(ADDR DNS) ]
sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (76 bytes)
received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (92 bytes)
parsed TRANSACTION response 3757793988 [ HASH CPRP(ADDR DNS) ]
installing DNS server 196.198.128.32 to /etc/resolv.conf
installing new virtual IP 192.168.50.13
generating QUICK_MODE request 3055767202 [ HASH SA No ID ID ]
sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (172 bytes)
received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)
parsed INFORMATIONAL_V1 request 3215514754 [ HASH N(NO_PROP) ]
received NO_PROPOSAL_CHOSEN error notify
establishing connection 'officeVPN' failed

Fri, 2019-08-16 16:12 00[DMN] signal of type SIGINT received. Shutting down
Fri, 2019-08-16 16:12 00[CHD] <officeVPN|12> CHILD_SA officeVPN{12} state change: CREATED => DESTROYING
Fri, 2019-08-16 16:12 00[KNL] <officeVPN|12> deleting SAD entry with SPI c1f9e3ff
Fri, 2019-08-16 16:12 00[KNL] <officeVPN|12> deleted SAD entry with SPI c1f9e3ff
Fri, 2019-08-16 16:12 00[IKE] <officeVPN|12> queueing ISAKMP_DELETE task
Fri, 2019-08-16 16:12 00[IKE] <officeVPN|12> activating new tasks
Fri, 2019-08-16 16:12 00[IKE] <officeVPN|12>   activating ISAKMP_DELETE task
Fri, 2019-08-16 16:12 00[IKE] <officeVPN|12> deleting IKE_SA officeVPN[12] between 10.0.0.3[10.0.0.3]...50.45.0.51[196.198.128.64]
Fri, 2019-08-16 16:12 00[IKE] <officeVPN|12> sending DELETE for IKE_SA officeVPN[12]
Fri, 2019-08-16 16:12 00[IKE] <officeVPN|12> IKE_SA officeVPN[12] state change: ESTABLISHED => DELETING
Fri, 2019-08-16 16:12 00[ENC] <officeVPN|12> generating INFORMATIONAL_V1 request 1200469960 [ HASH D ]
Fri, 2019-08-16 16:12 00[NET] <officeVPN|12> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
Fri, 2019-08-16 16:12 00[IKE] <officeVPN|12> IKE_SA officeVPN[12] state change: DELETING => DESTROYING
tail: /var/log/charon_debug.log: file truncated
Fri, 2019-08-16 16:12 00[DMN] Starting IKE charon daemon (strongSwan 5.6.2, Linux 5.0.0-23-generic, x86_64)
Fri, 2019-08-16 16:12 00[LIB] plugin 'aesni': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'aes': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'rc2': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'sha2': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'sha1': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'md4': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'md5': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'mgf1': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'random': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'nonce': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'x509': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'revocation': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'constraints': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'pubkey': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'pkcs1': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'pkcs7': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'pkcs8': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'pkcs12': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'pgp': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'dnskey': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'sshkey': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'pem': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'openssl': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'fips-prf': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'gmp': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'agent': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'xcbc': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'hmac': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'gcm': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'attr': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'kernel-netlink': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'resolve': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'socket-default': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'connmark': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'stroke': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'vici': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'updown': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'eap-mschapv2': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'xauth-generic': loaded successfully
Fri, 2019-08-16 16:12 00[LIB] plugin 'counters': loaded successfully
Fri, 2019-08-16 16:12 00[KNL] known interfaces and IP addresses:
Fri, 2019-08-16 16:12 00[KNL]   lo
Fri, 2019-08-16 16:12 00[KNL]     127.0.0.1
Fri, 2019-08-16 16:12 00[KNL]     ::1
Fri, 2019-08-16 16:12 00[KNL]   enp4s0
Fri, 2019-08-16 16:12 00[KNL]   wlp2s0
Fri, 2019-08-16 16:12 00[KNL]     10.0.0.3
Fri, 2019-08-16 16:12 00[KNL]     <SANITISED VALUE>
Fri, 2019-08-16 16:12 00[LIB] feature PUBKEY:ED25519 in plugin 'pem' has unmet dependency: PUBKEY:ED25519
Fri, 2019-08-16 16:12 00[LIB] feature PUBKEY:BLISS in plugin 'pem' has unmet dependency: PUBKEY:BLISS
Fri, 2019-08-16 16:12 00[LIB] feature PUBKEY:DSA in plugin 'pem' has unmet dependency: PUBKEY:DSA
Fri, 2019-08-16 16:12 00[LIB] feature PRIVKEY:DSA in plugin 'pem' has unmet dependency: PRIVKEY:DSA
Fri, 2019-08-16 16:12 00[LIB] feature PRIVKEY:BLISS in plugin 'pem' has unmet dependency: PRIVKEY:BLISS
Fri, 2019-08-16 16:12 00[LIB] feature CERT_DECODE:OCSP_REQUEST in plugin 'pem' has unmet dependency: CERT_DECODE:OCSP_REQUEST
Fri, 2019-08-16 16:12 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
Fri, 2019-08-16 16:12 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
Fri, 2019-08-16 16:12 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
Fri, 2019-08-16 16:12 00[LIB] feature PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
Fri, 2019-08-16 16:12 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_224 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_224
Fri, 2019-08-16 16:12 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_256 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_256
Fri, 2019-08-16 16:12 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_384 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_384
Fri, 2019-08-16 16:12 00[LIB] feature PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA3_512 in plugin 'gmp' has unmet dependency: HASHER:HASH_SHA3_512
Fri, 2019-08-16 16:12 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Fri, 2019-08-16 16:12 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Fri, 2019-08-16 16:12 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Fri, 2019-08-16 16:12 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Fri, 2019-08-16 16:12 00[CFG] loading crls from '/etc/ipsec.d/crls'
Fri, 2019-08-16 16:12 00[CFG] loading secrets from '/etc/ipsec.secrets'
Fri, 2019-08-16 16:12 00[CFG]   loaded IKE secret for 50.45.0.51 %any
Fri, 2019-08-16 16:12 00[CFG]   loaded EAP secret for user %any
Fri, 2019-08-16 16:12 00[CFG] loading secrets from '/etc/ipsec.d/nm-l2tp-ipsec-ee18db9c-522d-4da5-8a69-d3dcb8d23097.secrets'
Fri, 2019-08-16 16:12 00[CFG]   loaded IKE secret for 50.45.0.51
Fri, 2019-08-16 16:12 00[LIB] unloading plugin 'aesni' without loaded features
Fri, 2019-08-16 16:12 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown eap-mschapv2 xauth-generic counters
Fri, 2019-08-16 16:12 00[LIB] unable to load 14 plugin features (14 due to unmet dependencies)
Fri, 2019-08-16 16:12 00[LIB] dropped capabilities, running as uid 0, gid 0
Fri, 2019-08-16 16:12 00[JOB] spawning 16 worker threads
Fri, 2019-08-16 16:12 01[LIB] created thread 01 [6387]
Fri, 2019-08-16 16:12 02[LIB] created thread 02 [6388]
Fri, 2019-08-16 16:12 03[LIB] created thread 03 [6389]
Fri, 2019-08-16 16:12 04[LIB] created thread 04 [6390]
Fri, 2019-08-16 16:12 05[LIB] created thread 05 [6391]
Fri, 2019-08-16 16:12 06[LIB] created thread 06 [6392]
Fri, 2019-08-16 16:12 07[LIB] created thread 07 [6393]
Fri, 2019-08-16 16:12 08[LIB] created thread 08 [6394]
Fri, 2019-08-16 16:12 09[LIB] created thread 09 [6396]
Fri, 2019-08-16 16:12 10[LIB] created thread 10 [6395]
Fri, 2019-08-16 16:12 11[LIB] created thread 11 [6397]
Fri, 2019-08-16 16:12 12[LIB] created thread 12 [6400]
Fri, 2019-08-16 16:12 13[LIB] created thread 13 [6401]
Fri, 2019-08-16 16:12 14[LIB] created thread 14 [6402]
Fri, 2019-08-16 16:12 16[LIB] created thread 16 [6398]
Fri, 2019-08-16 16:12 15[LIB] created thread 15 [6399]
Fri, 2019-08-16 16:12 05[CFG] received stroke: add connection 'officeVPN'
Fri, 2019-08-16 16:12 05[CFG] conn officeVPN
Fri, 2019-08-16 16:12 05[CFG]   left=%any
Fri, 2019-08-16 16:12 05[CFG]   leftsourceip=%config
Fri, 2019-08-16 16:12 05[CFG]   leftauth=psk
Fri, 2019-08-16 16:12 05[CFG]   leftauth2=xauth
Fri, 2019-08-16 16:12 05[CFG]   right=50.45.0.51
Fri, 2019-08-16 16:12 05[CFG]   rightauth=psk
Fri, 2019-08-16 16:12 05[CFG]   rightid=196.198.128.64
Fri, 2019-08-16 16:12 05[CFG]   rightupdown=ipsec _updown iptables
Fri, 2019-08-16 16:12 05[CFG]   xauth_identity=user
Fri, 2019-08-16 16:12 05[CFG]   ike=aes128-sha1-modp2048
Fri, 2019-08-16 16:12 05[CFG]   dpddelay=30
Fri, 2019-08-16 16:12 05[CFG]   dpdtimeout=150
Fri, 2019-08-16 16:12 05[CFG]   sha256_96=no
Fri, 2019-08-16 16:12 05[CFG]   mediation=no
Fri, 2019-08-16 16:12 05[CFG]   keyexchange=ikev1
Fri, 2019-08-16 16:12 05[KNL] 50.45.0.51 is not a local address or the interface is down
Fri, 2019-08-16 16:12 05[CFG] added configuration 'officeVPN'
Fri, 2019-08-16 16:12 07[CFG] received stroke: initiate 'officeVPN'
Fri, 2019-08-16 16:12 09[KNL] <officeVPN|1> using 10.0.0.3 as address to reach 50.45.0.51/32
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> queueing ISAKMP_VENDOR task
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> queueing ISAKMP_CERT_PRE task
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> queueing AGGRESSIVE_MODE task
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> queueing ISAKMP_CERT_POST task
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> queueing ISAKMP_NATD task
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> queueing QUICK_MODE task
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1>   activating ISAKMP_VENDOR task
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1>   activating ISAKMP_CERT_PRE task
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1>   activating AGGRESSIVE_MODE task
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1>   activating ISAKMP_CERT_POST task
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1>   activating ISAKMP_NATD task
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> sending XAuth vendor ID
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> sending DPD vendor ID
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> sending FRAGMENTATION vendor ID
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> sending NAT-T (RFC 3947) vendor ID
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> initiating Aggressive Mode IKE_SA officeVPN[1] to 50.45.0.51
Fri, 2019-08-16 16:12 09[IKE] <officeVPN|1> IKE_SA officeVPN[1] state change: CREATED => CONNECTING
Fri, 2019-08-16 16:12 09[CFG] <officeVPN|1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Fri, 2019-08-16 16:12 09[LIB] <officeVPN|1> size of DH secret exponent: 2047 bits
Fri, 2019-08-16 16:12 09[ENC] <officeVPN|1> generating AGGRESSIVE request 0 [ SA KE No ID V V V V V ]
Fri, 2019-08-16 16:12 09[NET] <officeVPN|1> sending packet: from 10.0.0.3[500] to 50.45.0.51[500] (548 bytes)
Fri, 2019-08-16 16:12 10[NET] <officeVPN|1> received packet: from 50.45.0.51[500] to 10.0.0.3[500] (564 bytes)
Fri, 2019-08-16 16:12 10[ENC] <officeVPN|1> parsed AGGRESSIVE response 0 [ SA KE No ID HASH V NAT-D NAT-D V V V V V ]
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1> received NAT-T (RFC 3947) vendor ID
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1> received DPD vendor ID
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1> received XAuth vendor ID
Fri, 2019-08-16 16:12 10[ENC] <officeVPN|1> received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1> received FRAGMENTATION vendor ID
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1> received FRAGMENTATION vendor ID
Fri, 2019-08-16 16:12 10[CFG] <officeVPN|1> selecting proposal:
Fri, 2019-08-16 16:12 10[CFG] <officeVPN|1>   proposal matches
Fri, 2019-08-16 16:12 10[CFG] <officeVPN|1> received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Fri, 2019-08-16 16:12 10[CFG] <officeVPN|1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Fri, 2019-08-16 16:12 10[CFG] <officeVPN|1> selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1> local host is behind NAT, sending keep alives
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1> remote host is behind NAT
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1> reinitiating already active tasks
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1>   ISAKMP_VENDOR task
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1>   AGGRESSIVE_MODE task
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1> queueing MODE_CONFIG task
Fri, 2019-08-16 16:12 10[ENC] <officeVPN|1> generating AGGRESSIVE request 0 [ HASH NAT-D NAT-D ]
Fri, 2019-08-16 16:12 10[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (108 bytes)
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:12 10[IKE] <officeVPN|1> nothing to initiate
Fri, 2019-08-16 16:12 11[NET] <officeVPN|1> received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)
Fri, 2019-08-16 16:12 11[ENC] <officeVPN|1> parsed TRANSACTION request 2540514547 [ HASH CPRQ(X_TYPE X_USER X_PWD) ]
Fri, 2019-08-16 16:12 11[ENC] <officeVPN|1> generating TRANSACTION response 2540514547 [ HASH CPRP(X_USER X_PWD) ]
Fri, 2019-08-16 16:12 11[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (92 bytes)
Fri, 2019-08-16 16:12 12[NET] <officeVPN|1> received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)
Fri, 2019-08-16 16:12 12[ENC] <officeVPN|1> parsed TRANSACTION request 3642301609 [ HASH CPS(X_STATUS) ]
Fri, 2019-08-16 16:12 12[IKE] <officeVPN|1> XAuth authentication of 'user' (myself) successful
Fri, 2019-08-16 16:12 12[IKE] <officeVPN|1> IKE_SA officeVPN[1] established between 10.0.0.3[10.0.0.3]...50.45.0.51[196.198.128.64]
Fri, 2019-08-16 16:12 12[IKE] <officeVPN|1> IKE_SA officeVPN[1] state change: CONNECTING => ESTABLISHED
Fri, 2019-08-16 16:12 12[IKE] <officeVPN|1> scheduling reauthentication in 10148s
Fri, 2019-08-16 16:12 12[IKE] <officeVPN|1> maximum IKE_SA lifetime 10688s
Fri, 2019-08-16 16:12 12[ENC] <officeVPN|1> generating TRANSACTION response 3642301609 [ HASH CPA(X_STATUS) ]
Fri, 2019-08-16 16:12 12[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (76 bytes)
Fri, 2019-08-16 16:12 12[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:12 12[IKE] <officeVPN|1>   activating MODE_CONFIG task
Fri, 2019-08-16 16:12 12[ENC] <officeVPN|1> generating TRANSACTION request 3757793988 [ HASH CPRQ(ADDR DNS) ]
Fri, 2019-08-16 16:12 12[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (76 bytes)
Fri, 2019-08-16 16:12 01[NET] <officeVPN|1> received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (92 bytes)
Fri, 2019-08-16 16:12 01[ENC] <officeVPN|1> parsed TRANSACTION response 3757793988 [ HASH CPRP(ADDR DNS) ]
Fri, 2019-08-16 16:12 01[IKE] <officeVPN|1> processing INTERNAL_IP4_ADDRESS attribute
Fri, 2019-08-16 16:12 01[IKE] <officeVPN|1> processing INTERNAL_IP4_DNS attribute
Fri, 2019-08-16 16:12 01[IKE] <officeVPN|1> installing DNS server 196.198.128.32 to /etc/resolv.conf
Fri, 2019-08-16 16:12 01[KNL] <officeVPN|1> 10.0.0.3 is on interface wlp2s0
Fri, 2019-08-16 16:12 01[IKE] <officeVPN|1> installing new virtual IP 192.168.50.13
Fri, 2019-08-16 16:12 01[KNL] <officeVPN|1> virtual IP 192.168.50.13 installed on wlp2s0
Fri, 2019-08-16 16:12 01[IKE] <officeVPN|1> activating new tasks
Fri, 2019-08-16 16:12 01[IKE] <officeVPN|1>   activating QUICK_MODE task
Fri, 2019-08-16 16:12 01[CFG] <officeVPN|1> configured proposals: ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ
Fri, 2019-08-16 16:12 01[KNL] <officeVPN|1> got SPI c1a6f32b
Fri, 2019-08-16 16:12 01[CFG] <officeVPN|1> configured proposals: ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ
Fri, 2019-08-16 16:12 01[CFG] <officeVPN|1> proposing traffic selectors for us:
Fri, 2019-08-16 16:12 01[CFG] <officeVPN|1>  192.168.50.13/32
Fri, 2019-08-16 16:12 01[CFG] <officeVPN|1> proposing traffic selectors for other:
Fri, 2019-08-16 16:12 01[CFG] <officeVPN|1>  50.45.0.51/32
Fri, 2019-08-16 16:12 01[ENC] <officeVPN|1> generating QUICK_MODE request 3055767202 [ HASH SA No ID ID ]
Fri, 2019-08-16 16:12 01[NET] <officeVPN|1> sending packet: from 10.0.0.3[4500] to 50.45.0.51[4500] (172 bytes)
Fri, 2019-08-16 16:12 06[NET] <officeVPN|1> received packet: from 50.45.0.51[4500] to 10.0.0.3[4500] (76 bytes)
Fri, 2019-08-16 16:12 06[ENC] <officeVPN|1> parsed INFORMATIONAL_V1 request 3215514754 [ HASH N(NO_PROP) ]
Fri, 2019-08-16 16:12 06[IKE] <officeVPN|1> received NO_PROPOSAL_CHOSEN error notify
Fri, 2019-08-16 16:12 06[CHD] <officeVPN|1> CHILD_SA officeVPN{1} state change: CREATED => DESTROYING
Fri, 2019-08-16 16:12 06[KNL] <officeVPN|1> deleting SAD entry with SPI c1a6f32b
Fri, 2019-08-16 16:12 06[KNL] <officeVPN|1> deleted SAD entry with SPI c1a6f32b

Thank you.


--
Kind regards

Stephen Feyrer
________________________________
From: Tobias Brunner <tobias at strongswan.org>
Sent: 19 August 2019 10:17
To: Stephen Feyrer <stephen.feyrer at greensill.com>; strongSwan Users-Mailinglist <users at lists.strongswan.org>
Subject: Re: [strongSwan] Connecting but not connected

This message was sent from outside of Greensill Capital. Please do not open attachments or click on links unless you recognise the source of this email and are certain the content is safe.

Hi Stephen,

> Part Pull

The log/status doesn't seem to match that.  There is no mode config
exchange in the log and the queued task given as QUICK_MODE.  With
`pull` (that's actually the default) the client should send a mode
config request after XAuth.

Regards,
Tobias

This message is for the designated recipient only and may contain privileged, proprietary or otherwise confidential information. If you have received this in error, please contact the sender immediately and delete the original. Any other use of this e-mail by you is prohibited. If we collect and use your personal data we will use it in accordance with our privacy policy<http://www.greensill.com/privacy/>. Greensill Capital (UK) Limited. Registered in England and Wales. Registered Number: 8126173. Registered Office: One Southampton Street, Covent Garden, London, WC2R 0LR, United Kingdom. Greensill Capital Pty Limited. Australian Company Number: 154 088 132. Registered Office: 62 -66 Woondooma Street, Bundaberg, Queensland 4670, Australia.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190819/1f699234/attachment-0001.html>


More information about the Users mailing list