[strongSwan] IKEv2 VPN server

Alexey Vlasov renton at renton.name
Thu Jul 25 16:00:54 CEST 2019


Hi,

After several days of digging and trying tens working configs I given up
to find out why in my case ikev2 does not work with any vpn clients.

So, I have fresh Gentoo box with strongswan 5.7.2,

ipsec.conf :
==================
config setup
	charondebug="ike 2, knl 2, cfg 2, net 2, esp 2, dmn 2, mgr 2"

conn VPN-IKEV2
        auto=add
        dpdaction=clear
        keyexchange=ikev2
        ike=aes256-sha1-modp1024,3des-sha1-modp1024!
        esp=aes256-sha1,3des-sha1!
        fragmentation=yes

        leftsubnet=0.0.0.0/0
        leftcert=/etc/ipsec.d/certs/vpn-server-cert.pem
        leftsendcert=always
        leftid=5.231.208.198

        rightauth=eap-mschapv2
==================

# ipsec listcerts

List of X.509 End Entity Certificates

  subject:  "C=DE, O=LLC Lucky-Host, CN=5.231.208.198"
  issuer:   "C=DE, O=LLC Lucky-Host, CN=Lucky-Host VPN Service Root CA"
  validity:  not before Jul 24 19:40:35 2019, ok
             not after  Jul 21 19:40:35 2029, ok (expires in 3649 days)
  serial:    57:d9:c8:a8:f3:c5:cf:5a
  altNames:  5.231.208.198
  flags:     serverAuth ikeIntermediate
  authkeyId: d3:77:ff:85:bc:51:12:6b:cc:cf:3f:97:da:f6:81:59:00:dd:81:f8
  subjkeyId: d5:bb:9c:d5:67:24:71:6c:40:ac:55:a7:d3:33:d3:ac:a6:1c:ac:d3
  pubkey:    RSA 4096 bits, has private key
  keyid:     04:9a:94:1e:de:5c:ee:33:20:4b:c3:c3:2a:62:8d:6a:11:58:74:03
  subjkey:   d5:bb:9c:d5:67:24:71:6c:40:ac:55:a7:d3:33:d3:ac:a6:1c:ac:d3

ipsec.secrets :
==================
vpn : EAP "testvpn"
5.231.208.198 : RSA /etc/ipsec.d/private/vpn-server-key.pem
==================

The built-in Windows 10 VPN client says "IKE authentication credentials are unacceptable" after an attempt to connect.

IPSec logs end on this row:
Jul 25 15:55:40 vpn1 charon: 13[NET] sending packet: from 5.231.208.198[4500] to 128.70.239.23[4500] (848 bytes)
Jul 25 15:55:40 vpn1 charon: 04[NET] sending packet: from 5.231.208.198[4500] to 128.70.239.23[4500]
Jul 25 15:55:40 vpn1 charon: 13[MGR] checkin IKE_SA VPN-IKEV2[5]
Jul 25 15:55:40 vpn1 charon: 13[MGR] checkin of IKE_SA successful

and after 30 seconds adding
Jul 25 15:56:10 vpn1 charon: 15[MGR] checkout IKEv2 SA with SPIs 6eed288a380403e2_i 1e6835aaf130f6fe_r
Jul 25 15:56:10 vpn1 charon: 15[MGR] IKE_SA VPN-IKEV2[5] successfully checked out
Jul 25 15:56:10 vpn1 charon: 15[JOB] deleting half open IKE_SA with 128.70.239.23 after timeout
Jul 25 15:56:10 vpn1 charon: 15[MGR] checkin and destroy IKE_SA VPN-IKEV2[5]
Jul 25 15:56:10 vpn1 charon: 15[IKE] IKE_SA VPN-IKEV2[5] state change: CONNECTING => DESTROYING
Jul 25 15:56:10 vpn1 charon: 15[MGR] checkin and destroy of IKE_SA successful

The CA cert have been installed on windows side.

Full log is in attach.

Are there any ideas what is wrong?

Thanks in advance.
-------------- next part --------------
Jul 25 15:55:40 vpn1 charon: 03[NET] received packet: from 128.70.239.23[500] to 5.231.208.198[500]
Jul 25 15:55:40 vpn1 charon: 03[NET] waiting for data on sockets
Jul 25 15:55:40 vpn1 charon: 11[MGR] checkout IKEv2 SA by message with SPIs 6eed288a380403e2_i 0000000000000000_r
Jul 25 15:55:40 vpn1 charon: 11[MGR] created IKE_SA (unnamed)[5]
Jul 25 15:55:40 vpn1 charon: 11[NET] received packet: from 128.70.239.23[500] to 5.231.208.198[500] (624 bytes)
Jul 25 15:55:40 vpn1 charon: 11[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Jul 25 15:55:40 vpn1 charon: 11[CFG] looking for an IKEv2 config for 5.231.208.198...128.70.239.23
Jul 25 15:55:40 vpn1 charon: 11[CFG]   candidate: %any...%any, prio 28
Jul 25 15:55:40 vpn1 charon: 11[CFG] found matching ike config: %any...%any with prio 28
Jul 25 15:55:40 vpn1 charon: 11[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
Jul 25 15:55:40 vpn1 charon: 11[IKE] received MS-Negotiation Discovery Capable vendor ID
Jul 25 15:55:40 vpn1 charon: 11[IKE] received Vid-Initial-Contact vendor ID
Jul 25 15:55:40 vpn1 charon: 11[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Jul 25 15:55:40 vpn1 charon: 11[IKE] 128.70.239.23 is initiating an IKE_SA
Jul 25 15:55:40 vpn1 charon: 11[IKE] IKE_SA (unnamed)[5] state change: CREATED => CONNECTING
Jul 25 15:55:40 vpn1 charon: 11[CFG] selecting proposal:
Jul 25 15:55:40 vpn1 charon: 11[CFG]   no acceptable ENCRYPTION_ALGORITHM found
Jul 25 15:55:40 vpn1 charon: 11[CFG] selecting proposal:
Jul 25 15:55:40 vpn1 charon: 11[CFG]   proposal matches
Jul 25 15:55:40 vpn1 charon: 11[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024
Jul 25 15:55:40 vpn1 charon: 11[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jul 25 15:55:40 vpn1 charon: 11[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jul 25 15:55:40 vpn1 charon: 11[IKE] remote host is behind NAT
Jul 25 15:55:40 vpn1 charon: 11[IKE] sending cert request for "C=DE, O=LLC Lucky-Host, CN=Lucky-Host VPN Service Root CA"
Jul 25 15:55:40 vpn1 charon: 11[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
Jul 25 15:55:40 vpn1 charon: 11[NET] sending packet: from 5.231.208.198[500] to 128.70.239.23[500] (345 bytes)
Jul 25 15:55:40 vpn1 charon: 11[MGR] checkin IKE_SA (unnamed)[5]
Jul 25 15:55:40 vpn1 charon: 11[MGR] checkin of IKE_SA successful
Jul 25 15:55:40 vpn1 charon: 04[NET] sending packet: from 5.231.208.198[500] to 128.70.239.23[500]
Jul 25 15:55:40 vpn1 charon: 03[NET] received packet: from 128.70.239.23[4500] to 5.231.208.198[4500]
Jul 25 15:55:40 vpn1 charon: 03[NET] waiting for data on sockets
Jul 25 15:55:40 vpn1 charon: 14[MGR] checkout IKEv2 SA by message with SPIs 6eed288a380403e2_i 1e6835aaf130f6fe_r
Jul 25 15:55:40 vpn1 charon: 03[NET] received packet: from 128.70.239.23[4500] to 5.231.208.198[4500]
Jul 25 15:55:40 vpn1 charon: 14[MGR] IKE_SA (unnamed)[5] successfully checked out
Jul 25 15:55:40 vpn1 charon: 03[NET] waiting for data on sockets
Jul 25 15:55:40 vpn1 charon: 13[MGR] checkout IKEv2 SA by message with SPIs 6eed288a380403e2_i 1e6835aaf130f6fe_r
Jul 25 15:55:40 vpn1 charon: 14[NET] received packet: from 128.70.239.23[4500] to 5.231.208.198[4500] (576 bytes)
Jul 25 15:55:40 vpn1 charon: 03[NET] received packet: from 128.70.239.23[4500] to 5.231.208.198[4500]
Jul 25 15:55:40 vpn1 charon: 03[NET] waiting for data on sockets
Jul 25 15:55:40 vpn1 charon: 03[NET] received packet: from 128.70.239.23[4500] to 5.231.208.198[4500]
Jul 25 15:55:40 vpn1 charon: 14[ENC] parsed IKE_AUTH request 1 [ EF(1/4) ]
Jul 25 15:55:40 vpn1 charon: 03[NET] waiting for data on sockets
Jul 25 15:55:40 vpn1 charon: 12[MGR] checkout IKEv2 SA by message with SPIs 6eed288a380403e2_i 1e6835aaf130f6fe_r
Jul 25 15:55:40 vpn1 charon: 14[ENC] received fragment #1 of 4, waiting for complete IKE message
Jul 25 15:55:40 vpn1 charon: 14[MGR] checkin IKE_SA (unnamed)[5]
Jul 25 15:55:40 vpn1 charon: 14[MGR] checkin of IKE_SA successful
Jul 25 15:55:40 vpn1 charon: 14[MGR] checkout IKEv2 SA by message with SPIs 6eed288a380403e2_i 1e6835aaf130f6fe_r
Jul 25 15:55:40 vpn1 charon: 14[MGR] IKE_SA (unnamed)[5] successfully checked out
Jul 25 15:55:40 vpn1 charon: 14[NET] received packet: from 128.70.239.23[4500] to 5.231.208.198[4500] (160 bytes)
Jul 25 15:55:40 vpn1 charon: 14[ENC] parsed IKE_AUTH request 1 [ EF(4/4) ]
Jul 25 15:55:40 vpn1 charon: 14[ENC] received fragment #4 of 4, waiting for complete IKE message
Jul 25 15:55:40 vpn1 charon: 14[MGR] checkin IKE_SA (unnamed)[5]
Jul 25 15:55:40 vpn1 charon: 14[MGR] checkin of IKE_SA successful
Jul 25 15:55:40 vpn1 charon: 12[MGR] IKE_SA (unnamed)[5] successfully checked out
Jul 25 15:55:40 vpn1 charon: 12[NET] received packet: from 128.70.239.23[4500] to 5.231.208.198[4500] (576 bytes)
Jul 25 15:55:40 vpn1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4) ]
Jul 25 15:55:40 vpn1 charon: 12[ENC] received fragment #3 of 4, waiting for complete IKE message
Jul 25 15:55:40 vpn1 charon: 12[MGR] checkin IKE_SA (unnamed)[5]
Jul 25 15:55:40 vpn1 charon: 12[MGR] checkin of IKE_SA successful
Jul 25 15:55:40 vpn1 charon: 13[MGR] IKE_SA (unnamed)[5] successfully checked out
Jul 25 15:55:40 vpn1 charon: 13[NET] received packet: from 128.70.239.23[4500] to 5.231.208.198[4500] (576 bytes)
Jul 25 15:55:40 vpn1 charon: 13[ENC] parsed IKE_AUTH request 1 [ EF(2/4) ]
Jul 25 15:55:40 vpn1 charon: 13[ENC] received fragment #2 of 4, reassembled fragmented IKE message (1644 bytes)
Jul 25 15:55:40 vpn1 charon: 13[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV) SA TSi TSr ]
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 5c:b8:69:fe:8d:ef:c1:ed:66:27:ee:b2:12:0f:72:1b:b8:0a:0e:04
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid ee:40:a7:33:bb:83:2d:1a:f4:de:5e:20:3b:26:a4:54:e0:d6:8b:1e
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid f7:0c:b2:1a:e9:24:b9:13:dd:87:34:c2:7f:bf:df:51:ab:43:d7:fa
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid f9:27:b6:1b:0a:37:f3:c3:1a:fa:17:ec:2d:46:17:16:12:9d:0c:0e
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 9b:0d:da:c0:ae:c1:78:6e:06:dd:0b:11:04:09:fb:49:00:9e:65:da
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid f9:a0:0c:20:0e:82:4b:ea:ac:48:e6:69:de:6a:15:1e:27:12:57:4b
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 98:ea:88:1b:7e:d4:d8:8a:5f:23:99:b7:7c:81:3c:33:09:f3:6c:30
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 7c:32:d4:85:fd:89:0a:66:b5:97:ce:86:f4:d5:26:a9:21:07:e8:3e
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid e1:a0:5a:95:34:75:78:a7:ff:4d:cf:32:52:5d:f2:f8:2c:1a:e1:15
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid ab:76:88:f4:e5:e1:38:c9:e9:50:17:cd:cd:b3:18:17:b3:3e:8c:f5
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 5e:8c:53:18:22:60:1d:56:71:d6:6a:a0:cc:64:a0:60:07:43:d5:a8
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 86:26:cb:1b:c5:54:b3:9f:bd:6b:ed:63:7f:b9:89:a9:80:f1:f4:8a
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid c0:7a:98:68:8d:89:fb:ab:05:64:0c:11:7d:aa:7d:65:b8:ca:cc:4e
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid a8:e3:02:96:70:a6:8b:57:eb:ec:ef:cc:29:4e:91:74:9a:d4:92:38
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid f7:93:19:ef:df:c1:f5:20:fb:ac:85:55:2c:f2:d2:8f:5a:b9:ca:0b
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 30:a4:e6:4f:de:76:8a:fc:ed:5a:90:84:28:30:46:79:2c:29:15:70
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 48:e6:68:f9:2b:d2:b2:95:d7:47:d8:23:20:10:4f:33:98:90:9f:d4
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 69:c4:27:db:59:69:68:18:47:e2:52:17:0a:e0:e5:7f:ab:9d:ef:0f
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid ba:42:b0:81:88:53:88:1d:86:63:bd:4c:c0:5e:08:fe:ea:6e:bb:77
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 6e:58:4e:33:75:bd:57:f6:d5:42:1b:16:01:c2:d8:c0:f5:3a:9f:6e
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 4a:81:0c:de:f0:c0:90:0f:19:06:42:31:35:a2:a2:8d:d3:44:fd:08
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid d5:2e:13:c1:ab:e3:49:da:e8:b4:95:94:ef:7c:38:43:60:64:66:bd
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid f7:f3:01:94:50:ba:3e:69:ec:9a:50:f5:02:d1:38:45:cc:93:13:72
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 59:79:12:de:61:75:d6:6f:c4:23:b7:77:13:74:c7:96:de:6f:88:72
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid ab:30:d3:af:4b:d8:f1:6b:58:69:ee:45:69:29:da:84:b8:73:94:88
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 42:32:b6:16:fa:04:fd:fe:5d:4b:7a:c3:fd:f7:4c:40:1d:5a:43:af
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 1a:21:b4:95:2b:62:93:ce:18:b3:65:ec:9c:0e:93:4c:b3:81:e6:d4
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid a5:06:8a:78:cf:84:bd:74:32:dd:58:f9:65:eb:3a:55:e7:c7:80:dc
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 48:2b:59:17:75:e2:61:7b:ef:c7:20:d3:7a:9c:ec:be:36:9e:84:e3
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 6d:aa:9b:09:87:c4:d0:d4:22:ed:40:07:37:4d:19:f1:91:ff:de:d3
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 7e:95:9f:ed:82:8e:2a:ed:c3:7c:0d:05:46:31:ef:53:97:cd:48:49
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid fd:da:14:c4:9f:30:de:21:bd:1e:42:39:fc:ab:63:23:49:e0:f1:84
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 3e:22:d4:2c:1f:02:44:b8:04:10:65:61:7c:c7:6b:ae:da:87:29:9c
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 21:0f:2c:89:f7:c4:cd:5d:1b:82:5e:38:d6:c6:59:3b:a6:93:75:ae
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 23:4b:71:25:56:13:e1:30:dd:e3:42:69:c9:cc:30:d4:6f:08:41:e0
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid bb:c2:3e:29:0b:b3:28:77:1d:ad:3e:a2:4d:bd:f4:23:bd:06:b0:3d
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid b0:19:89:e7:ef:fb:4a:af:cb:14:8f:58:46:39:76:22:41:50:e1:ba
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 7c:d3:95:1f:f4:48:1b:32:cf:6b:e3:55:43:03:6d:0b:45:7d:72:26
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid c8:95:13:68:01:97:28:0a:2c:55:c3:fc:d3:90:f5:3a:05:3b:c9:fb
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid ee:e5:9f:1e:2a:a5:44:c3:cb:25:43:a6:9a:5b:d4:6a:25:bc:bb:8e
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 90:2f:82:a3:7c:47:97:01:1e:0f:4b:a5:af:13:13:c2:11:13:47:ea
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 07:23:2d:45:65:87:b9:d7:b1:d9:7d:d1:c5:fb:65:c5:89:bf:92:96
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 22:f1:9e:2e:c6:ea:cc:fc:5d:23:46:f4:c2:e8:f6:c5:54:dd:5e:07
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 67:ec:9f:90:2d:cd:64:ae:fe:7e:bc:cd:f8:8c:51:28:f1:93:2c:12
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 17:4a:b8:2b:5f:fb:05:67:75:27:ad:49:5a:4a:5d:c4:22:cc:ea:4e
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 7c:32:d4:85:fd:89:0a:66:b5:97:ce:86:f4:d5:26:a9:21:07:e8:3e
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 68:33:0e:61:35:85:21:59:29:83:a3:c8:d2:d2:e1:40:6e:7a:b3:c1
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid a1:72:5f:26:1b:28:98:43:95:5d:07:37:d5:85:96:9d:4b:d2:c3:45
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 9c:a9:8d:00:af:74:0d:dd:81:80:d2:13:45:a5:8b:8f:2e:94:38:d6
Jul 25 15:55:40 vpn1 charon: 13[IKE] received cert request for unknown ca with keyid 4f:9c:7d:21:79:9c:ad:0e:d8:b9:0c:57:9f:1a:02:99:e7:90:f3:87
Jul 25 15:55:40 vpn1 charon: 13[IKE] received 66 cert requests for an unknown ca
Jul 25 15:55:40 vpn1 charon: 13[CFG] looking for peer configs matching 5.231.208.198[%any]...128.70.239.23[192.168.1.207]
Jul 25 15:55:40 vpn1 charon: 13[CFG]   candidate "VPN-IKEV2", match: 1/1/28 (me/other/ike)
Jul 25 15:55:40 vpn1 charon: 13[CFG] selected peer config 'VPN-IKEV2'
Jul 25 15:55:40 vpn1 charon: 13[IKE] initiating EAP_MSCHAPV2 method (id 0xD0)
Jul 25 15:55:40 vpn1 charon: 13[IKE] processing INTERNAL_IP4_ADDRESS attribute
Jul 25 15:55:40 vpn1 charon: 13[IKE] processing INTERNAL_IP4_DNS attribute
Jul 25 15:55:40 vpn1 charon: 13[IKE] processing INTERNAL_IP4_NBNS attribute
Jul 25 15:55:40 vpn1 charon: 13[IKE] processing INTERNAL_IP4_SERVER attribute
Jul 25 15:55:40 vpn1 charon: 13[IKE] peer supports MOBIKE
Jul 25 15:55:40 vpn1 charon: 13[IKE] authentication of '5.231.208.198' (myself) with RSA signature successful
Jul 25 15:55:40 vpn1 charon: 13[IKE] sending end entity cert "C=DE, O=LLC Lucky-Host, CN=5.231.208.198"
Jul 25 15:55:40 vpn1 charon: 13[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/MSCHAPV2 ]
Jul 25 15:55:40 vpn1 charon: 13[ENC] splitting IKE message (2028 bytes) into 2 fragments
Jul 25 15:55:40 vpn1 charon: 13[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
Jul 25 15:55:40 vpn1 charon: 13[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
Jul 25 15:55:40 vpn1 charon: 13[NET] sending packet: from 5.231.208.198[4500] to 128.70.239.23[4500] (1248 bytes)
Jul 25 15:55:40 vpn1 charon: 04[NET] sending packet: from 5.231.208.198[4500] to 128.70.239.23[4500]
Jul 25 15:55:40 vpn1 charon: 13[NET] sending packet: from 5.231.208.198[4500] to 128.70.239.23[4500] (848 bytes)
Jul 25 15:55:40 vpn1 charon: 04[NET] sending packet: from 5.231.208.198[4500] to 128.70.239.23[4500]
Jul 25 15:55:40 vpn1 charon: 13[MGR] checkin IKE_SA VPN-IKEV2[5]
Jul 25 15:55:40 vpn1 charon: 13[MGR] checkin of IKE_SA successful
Jul 25 15:56:10 vpn1 charon: 15[MGR] checkout IKEv2 SA with SPIs 6eed288a380403e2_i 1e6835aaf130f6fe_r
Jul 25 15:56:10 vpn1 charon: 15[MGR] IKE_SA VPN-IKEV2[5] successfully checked out
Jul 25 15:56:10 vpn1 charon: 15[JOB] deleting half open IKE_SA with 128.70.239.23 after timeout
Jul 25 15:56:10 vpn1 charon: 15[MGR] checkin and destroy IKE_SA VPN-IKEV2[5]
Jul 25 15:56:10 vpn1 charon: 15[IKE] IKE_SA VPN-IKEV2[5] state change: CONNECTING => DESTROYING
Jul 25 15:56:10 vpn1 charon: 15[MGR] checkin and destroy of IKE_SA successful


More information about the Users mailing list