[strongSwan] Windows 10 connects to StrongSwan but IP doesn't change
Houman
houmie at gmail.com
Fri Mar 29 18:04:54 CET 2019
Hello,
Please help me with this, as I'm completely stuck.
Windows 10 can connect to my StrongSwan server. But the IP address doesn't
change to the VPN. It still shows the local IP address. Accordingly blocked
websites remain blocked.
config setup
strictcrlpolicy=yes
uniqueids=never
conn roadwarrior
auto=add
compress=no
type=tunnel
keyexchange=ikev2
fragmentation=yes
forceencaps=yes
ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384
esp=aes256-sha1,3des-sha1!
dpdaction=clear
dpddelay=180s
rekey=no
left=%any
leftid=@vpn-1.domain.net
leftcert=cert.pem
leftsendcert=always
leftsubnet=0.0.0.0/0
right=%any
rightid=%any
rightauth=eap-radius
eap_identity=%any
rightdns=208.67.222.222,208.67.220.220
rightsourceip=10.10.10.0/24
rightsendcert=never
Mar 29 16:50:45 vpn-1 charon: 08[NET] received packet: from
91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes)
Mar 29 16:50:45 vpn-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE
No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9
vendor ID
Mar 29 16:50:45 vpn-1 charon: 08[IKE] received MS-Negotiation Discovery
Capable vendor ID
Mar 29 16:50:45 vpn-1 charon: 08[IKE] received Vid-Initial-Contact vendor ID
Mar 29 16:50:45 vpn-1 charon: 08[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Mar 29 16:50:45 vpn-1 charon: 08[IKE] 91.98.xxx.xxx is initiating an IKE_SA
Mar 29 16:50:45 vpn-1 charon: 08[IKE] local host is behind NAT, sending
keep alives
Mar 29 16:50:45 vpn-1 charon: 08[IKE] remote host is behind NAT
Mar 29 16:50:45 vpn-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
Mar 29 16:50:45 vpn-1 charon: 08[NET] sending packet: from
172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes)
Mar 29 16:50:45 vpn-1 charon: 09[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
Mar 29 16:50:45 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 1 [ EF(1/4) ]
Mar 29 16:50:45 vpn-1 charon: 09[ENC] received fragment #1 of 4, waiting
for complete IKE message
Mar 29 16:50:45 vpn-1 charon: 10[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
Mar 29 16:50:45 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/4) ]
Mar 29 16:50:45 vpn-1 charon: 10[ENC] received fragment #2 of 4, waiting
for complete IKE message
Mar 29 16:50:45 vpn-1 charon: 12[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
Mar 29 16:50:45 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(3/4) ]
Mar 29 16:50:45 vpn-1 charon: 12[ENC] received fragment #3 of 4, waiting
for complete IKE message
Mar 29 16:50:45 vpn-1 charon: 11[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes)
Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ EF(4/4) ]
Mar 29 16:50:45 vpn-1 charon: 11[ENC] received fragment #4 of 4,
reassembling fragmented IKE message
Mar 29 16:50:45 vpn-1 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi
CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Mar 29 16:50:45 vpn-1 charon: 11[IKE] received 57 cert requests for an
unknown ca
Mar 29 16:50:45 vpn-1 charon: 11[CFG] looking for peer configs matching
172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104]
Mar 29 16:50:45 vpn-1 charon: 11[CFG] selected peer config 'roadwarrior'
Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] parsed CREATE_CHILD_SA request
15 [ SA No TSi TSr ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[IKE] CHILD_SA roadwarrior{3}
established with SPIs ccadd085_i d57f9f2c_o and TS 0.0.0.0/0 ===
10.10.10.1/32
Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[ENC] generating CREATE_CHILD_SA
response 15 [ SA No TSi TSr ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 05[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (204 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request 16
[ D ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for ESP CHILD_SA
with SPI af63e684
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] closing CHILD_SA roadwarrior{2}
with SPIs cf6737f5_i (104 bytes) af63e684_o (0 bytes) and TS 0.0.0.0/0 ===
10.10.10.1/32
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] sending DELETE for ESP CHILD_SA
with SPI cf6737f5
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] CHILD_SA closed
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL
response 16 [ D ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 14[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 13[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 06[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] parsed INFORMATIONAL request 17
[ D ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] received DELETE for ESP CHILD_SA
with SPI d57f9f2c
Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] closing CHILD_SA roadwarrior{3}
with SPIs ccadd085_i (2260 bytes) d57f9f2c_o (0 bytes) and TS 0.0.0.0/0 ===
10.10.10.1/32
Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] sending DELETE for ESP CHILD_SA
with SPI ccadd085
Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[IKE] CHILD_SA closed
Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[ENC] generating INFORMATIONAL
response 17 [ D ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 16[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] parsed INFORMATIONAL request 18
[ D ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] received DELETE for IKE_SA
roadwarrior[1]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] deleting IKE_SA roadwarrior[1]
between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[IKE] IKE_SA deleted
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS
Accounting-Request to server 'server-a'
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] received RADIUS
Accounting-Response from server 'server-a'
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[ENC] generating INFORMATIONAL
response 18 [ ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 07[CFG] lease 10.10.10.1 by 'userx' went
offline
Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] received packet: from
91.98.xxx.xxx[500] to 172.31.0.243[500] (632 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_SA_INIT request 0 [
SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS NT5 ISAKMPOAKLEY v9
vendor ID
Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received MS-Negotiation
Discovery Capable vendor ID
Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] received Vid-Initial-Contact
vendor ID
Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] 91.98.xxx.xxx is initiating an
IKE_SA
Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] local host is behind NAT,
sending keep alives
Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[IKE] remote host is behind NAT
Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[ENC] generating IKE_SA_INIT response
0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 08[NET] sending packet: from
172.31.0.243[500] to 91.98.xxx.xxx[500] (448 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] parsed IKE_AUTH request 1 [
EF(1/4) ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 09[ENC] received fragment #1 of 4,
waiting for complete IKE message
Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] parsed IKE_AUTH request 1 [
EF(2/4) ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 10[ENC] received fragment #2 of 4,
waiting for complete IKE message
Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (576 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] parsed IKE_AUTH request 1 [
EF(3/4) ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 12[ENC] received fragment #3 of 4,
waiting for complete IKE message
Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (112 bytes)
Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [
EF(4/4) ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] received fragment #4 of 4,
reassembling fragmented IKE message
Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[ENC] parsed IKE_AUTH request 1 [ IDi
CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[IKE] received 57 cert requests for an
unknown ca
Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] looking for peer configs
matching 172.31.0.243[%any]...91.98.xxx.xxx[192.168.1.104]
Mar 29 16:50:45 vpn-1 ipsec[1051]: 11[CFG] selected peer config
'roadwarrior'
Mar 29 16:50:45 vpn-1 charon: 11[IKE] initiating EAP_IDENTITY method (id
0x00)
Mar 29 16:50:45 vpn-1 charon: 11[IKE] peer supports MOBIKE
Mar 29 16:50:45 vpn-1 charon: 11[IKE] authentication of 'vpn-1.domain.net'
(myself) with RSA signature successful
Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending end entity cert "CN=
vpn-1.domain.net"
Mar 29 16:50:45 vpn-1 charon: 11[IKE] sending issuer cert "C=US, O=Let's
Encrypt, CN=Let's Encrypt Authority X3"
Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [ IDr
CERT CERT AUTH EAP/REQ/ID ]
Mar 29 16:50:45 vpn-1 charon: 11[ENC] splitting IKE message with length of
2924 bytes into 3 fragments
Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
EF(1/3) ]
Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
EF(2/3) ]
Mar 29 16:50:45 vpn-1 charon: 11[ENC] generating IKE_AUTH response 1 [
EF(3/3) ]
Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
Mar 29 16:50:45 vpn-1 charon: 11[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes)
Mar 29 16:50:45 vpn-1 charon: 14[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:45 vpn-1 charon: 14[ENC] parsed IKE_AUTH request 2 [
EAP/RES/ID ]
Mar 29 16:50:45 vpn-1 charon: 14[IKE] received EAP identity 'userx'
Mar 29 16:50:45 vpn-1 charon: 14[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:45 vpn-1 charon: 14[CFG] received RADIUS Access-Challenge from
server 'server-a'
Mar 29 16:50:45 vpn-1 charon: 14[IKE] initiating EAP_MD5 method (id 0x01)
Mar 29 16:50:45 vpn-1 charon: 14[ENC] generating IKE_AUTH response 2 [
EAP/REQ/MD5 ]
Mar 29 16:50:45 vpn-1 charon: 14[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes)
Mar 29 16:50:45 vpn-1 charon: 13[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:45 vpn-1 charon: 13[ENC] parsed IKE_AUTH request 3 [
EAP/RES/NAK ]
Mar 29 16:50:45 vpn-1 charon: 13[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:45 vpn-1 charon: 13[CFG] received RADIUS Access-Challenge from
server 'server-a'
Mar 29 16:50:45 vpn-1 charon: 13[ENC] generating IKE_AUTH response 3 [
EAP/REQ/PEAP ]
Mar 29 16:50:45 vpn-1 charon: 13[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
Mar 29 16:50:46 vpn-1 charon: 15[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes)
Mar 29 16:50:46 vpn-1 charon: 15[ENC] parsed IKE_AUTH request 4 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 15[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 15[CFG] received RADIUS Access-Challenge from
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 15[ENC] generating IKE_AUTH response 4 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 15[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes)
Mar 29 16:50:46 vpn-1 charon: 06[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:46 vpn-1 charon: 06[ENC] parsed IKE_AUTH request 5 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 06[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 06[CFG] received RADIUS Access-Challenge from
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 06[ENC] generating IKE_AUTH response 5 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 06[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes)
Mar 29 16:50:46 vpn-1 charon: 05[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes)
Mar 29 16:50:46 vpn-1 charon: 05[ENC] parsed IKE_AUTH request 6 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 05[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 05[CFG] received RADIUS Access-Challenge from
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 05[ENC] generating IKE_AUTH response 6 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 05[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
Mar 29 16:50:46 vpn-1 charon: 16[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:46 vpn-1 charon: 16[ENC] parsed IKE_AUTH request 7 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 16[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 16[CFG] received RADIUS Access-Challenge from
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 16[ENC] generating IKE_AUTH response 7 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 16[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes)
Mar 29 16:50:46 vpn-1 charon: 07[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
Mar 29 16:50:46 vpn-1 charon: 07[ENC] parsed IKE_AUTH request 8 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 07[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 07[CFG] received RADIUS Access-Challenge from
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 07[ENC] generating IKE_AUTH response 8 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 07[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes)
Mar 29 16:50:46 vpn-1 charon: 08[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes)
Mar 29 16:50:46 vpn-1 charon: 08[ENC] parsed IKE_AUTH request 9 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 08[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 08[CFG] received RADIUS Access-Challenge from
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 08[ENC] generating IKE_AUTH response 9 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 08[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] initiating EAP_IDENTITY method
(id 0x00)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] peer supports MOBIKE
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] authentication of '
vpn-1.domain.net' (myself) with RSA signature successful
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending end entity cert "CN=
vpn-1.domain.net"
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[IKE] sending issuer cert "C=US,
O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 [
IDr CERT CERT AUTH EAP/REQ/ID ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] splitting IKE message with
length of 2924 bytes into 3 fragments
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 [
EF(1/3) ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 [
EF(2/3) ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[ENC] generating IKE_AUTH response 1 [
EF(3/3) ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1248 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 11[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (560 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] parsed IKE_AUTH request 2 [
EAP/RES/ID ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] received EAP identity 'userx'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[CFG] received RADIUS Access-Challenge
from server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[IKE] initiating EAP_MD5 method (id
0x01)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[ENC] generating IKE_AUTH response 2 [
EAP/REQ/MD5 ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 14[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (92 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] parsed IKE_AUTH request 3 [
EAP/RES/NAK ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[CFG] received RADIUS Access-Challenge
from server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[ENC] generating IKE_AUTH response 3 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 13[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (236 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] parsed IKE_AUTH request 4 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[CFG] received RADIUS Access-Challenge
from server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[ENC] generating IKE_AUTH response 4 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 09[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 15[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (1084 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] parsed IKE_AUTH request 5 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[CFG] received RADIUS Access-Challenge
from server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[ENC] generating IKE_AUTH response 5 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 06[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (332 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (204 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] parsed IKE_AUTH request 6 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[CFG] received RADIUS Access-Challenge
from server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[ENC] generating IKE_AUTH response 6 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 05[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (76 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] parsed IKE_AUTH request 7 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[CFG] received RADIUS Access-Challenge
from server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[ENC] generating IKE_AUTH response 7 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 16[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (108 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (108 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] parsed IKE_AUTH request 8 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[CFG] received RADIUS Access-Challenge
from server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[ENC] generating IKE_AUTH response 8 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 07[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (140 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (172 bytes)
Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] parsed IKE_AUTH request 9 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[CFG] received RADIUS Access-Challenge
from server 'server-a'
Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[ENC] generating IKE_AUTH response 9 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 09[ENC] parsed IKE_AUTH request 10 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 ipsec[1051]: 08[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (156 bytes)
Mar 29 16:50:46 vpn-1 charon: 09[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 09[CFG] received RADIUS Access-Challenge from
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 09[ENC] generating IKE_AUTH response 10 [
EAP/REQ/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 09[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (124 bytes)
Mar 29 16:50:46 vpn-1 charon: 10[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (124 bytes)
Mar 29 16:50:46 vpn-1 charon: 10[ENC] parsed IKE_AUTH request 11 [
EAP/RES/PEAP ]
Mar 29 16:50:46 vpn-1 charon: 10[CFG] sending RADIUS Access-Request to
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 10[CFG] received RADIUS Access-Accept from
server 'server-a'
Mar 29 16:50:46 vpn-1 charon: 10[CFG] scheduling RADIUS Interim-Updates
every 300s
Mar 29 16:50:46 vpn-1 charon: 10[IKE] RADIUS authentication of 'userx'
successful
Mar 29 16:50:46 vpn-1 charon: 10[IKE] EAP method EAP_PEAP succeeded, MSK
established
Mar 29 16:50:46 vpn-1 charon: 10[ENC] generating IKE_AUTH response 11 [
EAP/SUCC ]
Mar 29 16:50:46 vpn-1 charon: 10[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (76 bytes)
Mar 29 16:50:47 vpn-1 charon: 12[NET] received packet: from
91.98.xxx.xxx[4500] to 172.31.0.243[4500] (92 bytes)
Mar 29 16:50:47 vpn-1 charon: 12[ENC] parsed IKE_AUTH request 12 [ AUTH ]
Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of '192.168.1.104'
with EAP successful
Mar 29 16:50:47 vpn-1 charon: 12[IKE] authentication of 'vpn-1.domain.net'
(myself) with EAP
Mar 29 16:50:47 vpn-1 charon: 12[IKE] IKE_SA roadwarrior[2] established
between 172.31.0.243[vpn-1.domain.net]...91.98.xxx.xxx[192.168.1.104]
Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any
Mar 29 16:50:47 vpn-1 charon: 12[CFG] reassigning offline lease to 'userx'
Mar 29 16:50:47 vpn-1 charon: 12[IKE] assigning virtual IP 10.10.10.1 to
peer 'userx'
Mar 29 16:50:47 vpn-1 charon: 12[IKE] peer requested virtual IP %any6
Mar 29 16:50:47 vpn-1 charon: 12[IKE] no virtual IP found for %any6
requested by 'userx'
Mar 29 16:50:47 vpn-1 charon: 12[IKE] CHILD_SA roadwarrior{4} established
with SPIs c10aa3f3_i 32cfd28c_o and TS 0.0.0.0/0 === 10.10.10.1/32
Mar 29 16:50:47 vpn-1 charon: 12[CFG] sending RADIUS Accounting-Request to
server 'server-a'
Mar 29 16:50:47 vpn-1 charon: 12[CFG] received RADIUS Accounting-Response
from server 'server-a'
Mar 29 16:50:47 vpn-1 charon: 12[ENC] generating IKE_AUTH response 12 [
AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Mar 29 16:50:47 vpn-1 charon: 12[NET] sending packet: from
172.31.0.243[4500] to 91.98.xxx.xxx[4500] (236 bytes)
Mar 29 16:51:07 vpn-1 charon: 15[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:51:27 vpn-1 charon: 16[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:51:47 vpn-1 charon: 07[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:52:07 vpn-1 charon: 09[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:52:27 vpn-1 charon: 11[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:52:47 vpn-1 charon: 12[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:53:07 vpn-1 charon: 14[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:53:27 vpn-1 charon: 15[IKE] sending keep alive to
91.98.xxx.xxx[4500]
Mar 29 16:53:47 vpn-1 charon: 16[IKE] sending keep alive to
91.98.xxx.xxx[4500]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20190329/ce08c805/attachment-0001.html>
More information about the Users
mailing list