[strongSwan] No traffic between Strongswan 5.6.2 server and 5.7.2 roadwarrior, works in other client versions
Alexander Hill
alex at hill.net.au
Tue Oct 1 06:30:33 CEST 2019
Hi,
I have a roadwarrior setup with a server running 5.6.2 on Ubuntu Bionic.
Clients are a mix of 5.6.2 (Bionic), 5.3.5 (Xenial) and 5.5.1 (Stretch) and
all work fine.
I'm testing an updated client image on an Asus Tinkerboard S with Armbian
Buster which ships with 5.7.2. On this client, I can connect to the server,
but no decrypted traffic makes it through. If I ping the client from the
server and watch tcpdump on UDP port 4500 on the client, I can see packets
arriving each second corresponding to the pings from the server, but the
server receives no response.
I've included some charon logs, server and client configs, my extra
strongswan.d config, and output from tcpdump and ip xfrm policy.
>From what I can see all of this looks essentially the same as on the
working clients. Any ideas of next steps would be greatly appreciated!
Cheers,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191001/23c7c895/attachment-0001.html>
-------------- next part --------------
Status of IKE charon daemon (strongSwan 5.7.2, Linux 4.19.69-rockchip, armv7l):
uptime: 4 seconds, since Oct 01 03:58:02 2019
malloc: sbrk 1212416, mmap 0, used 235504, free 976912
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 6
loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown counters
Listening IP addresses:
192.168.1.180
192.168.1.88
Connections:
acme-psk: %any...<server-hostname> IKEv1/2, dpddelay=30s
acme-psk: local: [<client-hostname>] uses pre-shared key authentication
acme-psk: remote: [<server-hostname>] uses public key authentication
acme-psk: child: dynamic === 0.0.0.0/0 TUNNEL, dpdaction=restart
Security Associations (1 up, 0 connecting):
acme-psk[1]: ESTABLISHED 4 seconds ago, 192.168.1.180[<client-hostname>]...<server-ip>[<server-hostname>]
acme-psk[1]: IKEv2 SPIs: 1b3b00f9262000d4_i* ac061299be7aef04_r, rekeying in 2 hours
acme-psk[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_AES128_XCBC/MODP_3072
acme-psk{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c329744d_i c16977ec_o
acme-psk{1}: AES_CBC_128/HMAC_SHA2_256_128, 0 bytes_i, 0 bytes_o, rekeying in 47 minutes
acme-psk{1}: 172.20.1.3/32 === 172.20.0.0/16
-------------- next part --------------
A non-text attachment was scrubbed...
Name: charon-extra.conf
Type: application/octet-stream
Size: 152 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191001/23c7c895/attachment-0003.obj>
-------------- next part --------------
src 172.20.1.3/32 dst 172.20.0.0/16
dir out priority 375423
tmpl src 192.168.1.180 dst <server-ip>
proto esp spi 0xc16977ec reqid 1 mode tunnel
src 172.20.0.0/16 dst 172.20.1.3/32
dir fwd priority 375423
tmpl src <server-ip> dst 192.168.1.180
proto esp reqid 1 mode tunnel
src 172.20.0.0/16 dst 172.20.1.3/32
dir in priority 375423
tmpl src <server-ip> dst 192.168.1.180
proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
src ::/0 dst ::/0
socket in priority 0
src ::/0 dst ::/0
socket out priority 0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.conf
Type: application/octet-stream
Size: 606 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191001/23c7c895/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: server.conf
Type: application/octet-stream
Size: 563 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191001/23c7c895/attachment-0005.obj>
-------------- next part --------------
04:10:11.982377 IP <server-address>.ipsec-nat-t > 192.168.1.180.ipsec-nat-t: UDP-encap: ESP(spi=0xcaae2814,seq=0x1), length 776
04:10:13.003248 IP <server-address>.ipsec-nat-t > 192.168.1.180.ipsec-nat-t: UDP-encap: ESP(spi=0xcaae2814,seq=0x2), length 776
04:10:14.027274 IP <server-address>.ipsec-nat-t > 192.168.1.180.ipsec-nat-t: UDP-encap: ESP(spi=0xcaae2814,seq=0x3), length 776
04:10:15.052006 IP <server-address>.ipsec-nat-t > 192.168.1.180.ipsec-nat-t: UDP-encap: ESP(spi=0xcaae2814,seq=0x4), length 776
-------------- next part --------------
-- Logs begin at Sun 2019-09-29 10:04:27 UTC, end at Tue 2019-10-01 04:14:41 UTC. --
Oct 01 04:12:34 <client-hostname> ipsec[20005]: Starting strongSwan 5.7.2 IPsec [starter]...
Oct 01 04:12:34 <client-hostname> ipsec_starter[20005]: Starting strongSwan 5.7.2 IPsec [starter]...
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 4.19.69-rockchip, armv7l)
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[CFG] loaded ca certificate "<CA details>" from '/etc/ipsec.d/cacerts/ca-cert.pem'
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/kiosk-key.pem'
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[CFG] loading secrets from '/etc/ipsec.psk.secrets'
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[CFG] loaded IKE secret for %any
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown counters
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Oct 01 04:12:34 <client-hostname> charon[20019]: 00[JOB] spawning 16 worker threads
Oct 01 04:12:34 <client-hostname> ipsec_starter[20005]: charon (20019) started after 20 ms
Oct 01 04:12:34 <client-hostname> ipsec[20005]: charon (20019) started after 20 ms
Oct 01 04:12:34 <client-hostname> charon[20019]: 05[CFG] received stroke: add connection 'acme-psk'
Oct 01 04:12:34 <client-hostname> charon[20019]: 05[CFG] added configuration 'acme-psk'
Oct 01 04:12:34 <client-hostname> charon[20019]: 08[CFG] received stroke: initiate 'acme-psk'
Oct 01 04:12:34 <client-hostname> charon[20019]: 08[IKE] initiating IKE_SA acme-psk[1] to <server-ip>
Oct 01 04:12:34 <client-hostname> charon[20019]: 08[IKE] initiating IKE_SA acme-psk[1] to <server-ip>
Oct 01 04:12:34 <client-hostname> charon[20019]: 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Oct 01 04:12:34 <client-hostname> charon[20019]: 08[NET] sending packet: from 192.168.1.180[500] to <server-ip>[500] (710 bytes)
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[NET] received packet: from <server-ip>[500] to 192.168.1.180[500] (615 bytes)
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_AES128_XCBC/MODP_3072
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[IKE] local host is behind NAT, sending keep alives
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[IKE] remote host is behind NAT
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[IKE] received cert request for "<CA details>"
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[IKE] sending cert request for "<CA details>"
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[IKE] authentication of '<client-hostname>' (myself) with pre-shared key
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[IKE] establishing CHILD_SA acme-psk{1}
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[IKE] establishing CHILD_SA acme-psk{1}
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Oct 01 04:12:34 <client-hostname> charon[20019]: 09[NET] sending packet: from 192.168.1.180[4500] to <server-ip>[4500] (400 bytes)
Oct 01 04:12:35 <client-hostname> charon[20019]: 10[NET] received packet: from <server-ip>[4500] to 192.168.1.180[4500] (1236 bytes)
Oct 01 04:12:35 <client-hostname> charon[20019]: 10[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Oct 01 04:12:35 <client-hostname> charon[20019]: 10[ENC] received fragment #1 of 2, waiting for complete IKE message
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[NET] received packet: from <server-ip>[4500] to 192.168.1.180[4500] (1012 bytes)
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[ENC] received fragment #2 of 2, reassembled fragmented IKE message (2176 bytes)
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) ]
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[IKE] received end entity cert "<cert details>"
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[CFG] using certificate "<cert details>"
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[CFG] using trusted ca certificate "<CA details>"
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[CFG] checking certificate status of "<cert details>"
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[CFG] certificate status is not available
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[CFG] reached self-signed root ca with a path length of 0
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[IKE] authentication of '<server-hostname>' with RSA_EMSA_PKCS1_SHA2_384 successful
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[IKE] IKE_SA acme-psk[1] established between 192.168.1.180[<client-hostname>]...<server-ip>[<server-hostname>]
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[IKE] IKE_SA acme-psk[1] established between 192.168.1.180[<client-hostname>]...<server-ip>[<server-hostname>]
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[IKE] scheduling rekeying in 9855s
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[IKE] maximum IKE_SA lifetime 10395s
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[IKE] installing new virtual IP 172.20.1.3
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[IKE] CHILD_SA acme-psk{1} established with SPIs c4c552a1_i ceea14bc_o and TS 172.20.1.3/32 === 172.20.0.0/16
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[IKE] CHILD_SA acme-psk{1} established with SPIs c4c552a1_i ceea14bc_o and TS 172.20.1.3/32 === 172.20.0.0/16
Oct 01 04:12:35 <client-hostname> charon[20019]: 11[IKE] peer supports MOBIKE
Oct 01 04:12:58 <client-hostname> charon[20019]: 07[IKE] sending keep alive to <server-ip>[4500]
Oct 01 04:13:04 <client-hostname> charon[20019]: 09[NET] received packet: from <server-ip>[4500] to 192.168.1.180[4500] (80 bytes)
Oct 01 04:13:04 <client-hostname> charon[20019]: 09[ENC] parsed INFORMATIONAL request 0 [ ]
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 4.19.69-rockchip, armv7l)
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[CFG] loaded ca certificate "<CA details>" from '/etc/ipsec.d/cacerts/ca-cert.pem'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/kiosk-key.pem'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[CFG] loading secrets from '/etc/ipsec.psk.secrets'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[CFG] loaded IKE secret for %any
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[LIB] loaded plugins: charon aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-default stroke updown counters
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[LIB] dropped capabilities, running as uid 0, gid 0
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 00[JOB] spawning 16 worker threads
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 05[CFG] received stroke: add connection 'acme-psk'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 05[CFG] added configuration 'acme-psk'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 08[CFG] received stroke: initiate 'acme-psk'
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 08[IKE] initiating IKE_SA acme-psk[1] to <server-ip>
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 08[NET] sending packet: from 192.168.1.180[500] to <server-ip>[500] (710 bytes)
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[NET] received packet: from <server-ip>[500] to 192.168.1.180[500] (615 bytes)
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_AES128_XCBC/MODP_3072
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[IKE] local host is behind NAT, sending keep alives
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[IKE] remote host is behind NAT
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[IKE] received cert request for "<CA details>"
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[IKE] sending cert request for "<CA details>"
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[IKE] authentication of '<client-hostname>' (myself) with pre-shared key
Oct 01 04:13:04 <client-hostname> charon[20019]: 09[ENC] generating INFORMATIONAL response 0 [ ]
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[IKE] establishing CHILD_SA acme-psk{1}
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[NET] sending packet: from 192.168.1.180[4500] to <server-ip>[4500] (400 bytes)
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 10[NET] received packet: from <server-ip>[4500] to 192.168.1.180[4500] (1236 bytes)
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 10[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 10[ENC] received fragment #1 of 2, waiting for complete IKE message
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[NET] received packet: from <server-ip>[4500] to 192.168.1.180[4500] (1012 bytes)
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[ENC] received fragment #2 of 2, reassembled fragmented IKE message (2176 bytes)
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) ]
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[IKE] received end entity cert "<cert details>"
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[CFG] using certificate "<cert details>"
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[CFG] using trusted ca certificate "<CA details>"
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[CFG] checking certificate status of "<cert details>"
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[CFG] certificate status is not available
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[CFG] reached self-signed root ca with a path length of 0
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[IKE] authentication of '<server-hostname>' with RSA_EMSA_PKCS1_SHA2_384 successful
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[IKE] IKE_SA acme-psk[1] established between 192.168.1.180[<client-hostname>]...<server-ip>[<server-hostname>]
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[IKE] scheduling rekeying in 9855s
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[IKE] maximum IKE_SA lifetime 10395s
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[IKE] installing new virtual IP 172.20.1.3
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[IKE] CHILD_SA acme-psk{1} established with SPIs c4c552a1_i ceea14bc_o and TS 172.20.1.3/32 === 172.20.0.0/16
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 11[IKE] peer supports MOBIKE
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 07[IKE] sending keep alive to <server-ip>[4500]
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[NET] received packet: from <server-ip>[4500] to 192.168.1.180[4500] (80 bytes)
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[ENC] parsed INFORMATIONAL request 0 [ ]
Oct 01 04:13:04 <client-hostname> ipsec[20005]: 09[ENC] generating INFORMATIONAL response 0 [ ]
Oct 01 04:13:04 <client-hostname> charon[20019]: 09[NET] sending packet: from 192.168.1.180[4500] to <server-ip>[4500] (80 bytes)
Oct 01 04:13:24 <client-hostname> charon[20019]: 13[IKE] sending keep alive to <server-ip>[4500]
Oct 01 04:13:34 <client-hostname> charon[20019]: 14[NET] received packet: from <server-ip>[4500] to 192.168.1.180[4500] (80 bytes)
Oct 01 04:13:34 <client-hostname> charon[20019]: 14[ENC] parsed INFORMATIONAL request 1 [ ]
Oct 01 04:13:34 <client-hostname> charon[20019]: 14[ENC] generating INFORMATIONAL response 1 [ ]
Oct 01 04:13:34 <client-hostname> charon[20019]: 14[NET] sending packet: from 192.168.1.180[4500] to <server-ip>[4500] (80 bytes)
Oct 01 04:14:05 <client-hostname> charon[20019]: 06[IKE] sending DPD request
Oct 01 04:14:05 <client-hostname> charon[20019]: 06[ENC] generating INFORMATIONAL request 2 [ N(NATD_S_IP) N(NATD_D_IP) ]
Oct 01 04:14:05 <client-hostname> charon[20019]: 06[NET] sending packet: from 192.168.1.180[4500] to <server-ip>[4500] (128 bytes)
Oct 01 04:14:05 <client-hostname> charon[20019]: 05[NET] received packet: from <server-ip>[4500] to 192.168.1.180[4500] (128 bytes)
Oct 01 04:14:05 <client-hostname> charon[20019]: 05[ENC] parsed INFORMATIONAL response 2 [ N(NATD_S_IP) N(NATD_D_IP) ]
Oct 01 04:14:28 <client-hostname> charon[20019]: 10[IKE] sending keep alive to <server-ip>[4500]
Oct 01 04:14:34 <client-hostname> charon[20019]: 12[NET] received packet: from <server-ip>[4500] to 192.168.1.180[4500] (80 bytes)
Oct 01 04:14:34 <client-hostname> charon[20019]: 12[ENC] parsed INFORMATIONAL request 2 [ ]
Oct 01 04:14:34 <client-hostname> charon[20019]: 12[ENC] generating INFORMATIONAL response 2 [ ]
More information about the Users
mailing list