[strongSwan] Getting reply from the wrong ip?!

Peter Andersson peter at turbin.se
Thu Jan 2 17:18:20 CET 2020 

Hi!

I'm having trouble getting the strongSwan server to work. I'm trying to 
connect to a remote VPN server and I get replies from an entirely 
different server from a different company.
The log looks like this:

Jan  2 16:59:21 Server charon: 08[NET] sending packet: from 
46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes)
Jan  2 16:59:25 Server charon: 09[IKE] retransmit 1 of request with 
message ID 0
Jan  2 16:37:43 Server charon: 09[NET] sending packet: from 
46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes)
Jan  2 16:37:46 Server charon: 10[NET] received packet: from 
80.72.XXX.XXX[500] to 46.246.XXX.XXX[500] (284 bytes)

Our ISP only delivers internet connections, no firewalls, vpn services 
or something similar.
And all our firewall does is to allow connections on UDP port 500 from 
62.181.XXX.XXX. It has no port forwarding or anything special.
I'm at a total loss here as we have never had any contact with the 
company with the 80.72.XXX.XXX address.
We did have a hardware firewall (Sonicwall) that was working just fine 
with the same settings.

I would be extremely grateful if any of you experts could help me find a 
solution or point me in the right direction.

Thanks!

/Peter


This is my config:

config setup
         charondebug="cfg 2"
         strictcrlpolicy=no

conn VPN
authby=secret
left=46.246.XXX.XXX
leftsubnet=1.1.1.0/24
leftfirewall=yes
right=62.181.XXX.XXX
rightsubnet=1.1.10.200/32
ike=aes128-sha1-modp1024
esp=aes128-sha1
keyexchange=ike
keyingtries=0
ikelifetime=12h
lifetime=6h
dpddelay=30
dpdtimeout=120
dpdaction=restart
auto=start
type=tunnel

ipsec.secrets;
46.246.XXX.XXX 62.181.XXX.XXX : PSK 'ABCDEFGH'

strongswan.conf:
charon {
         load_modular = yes
         plugins {
                 include strongswan.d/charon/*.conf
         }
}
include strongswan.d/*.conf

And the log:

Jan  2 17:11:07 Server charon: 00[DMN] Starting IKE charon daemon 
(strongSwan 5.7.2, Linux 5.3.0-24-generic, x86_64)
Jan  2 17:11:07 Server charon: 00[CFG] loading ca certificates from 
'/etc/ipsec.d/cacerts'
Jan  2 17:11:07 Server charon: 00[CFG] loading aa certificates from 
'/etc/ipsec.d/aacerts'
Jan  2 17:11:07 Server charon: 00[CFG] loading ocsp signer certificates 
from '/etc/ipsec.d/ocspcerts'
Jan  2 17:11:07 Server charon: 00[CFG] loading attribute certificates 
from '/etc/ipsec.d/acerts'
Jan  2 17:11:07 Server charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jan  2 17:11:07 Server charon: 00[CFG] loading secrets from 
'/etc/ipsec.secrets'
Jan  2 17:11:07 Server charon: 00[CFG]   loaded IKE secret for 
46.246.XXX.XXX 62.181.XXX.XXX
Jan  2 17:11:07 Server charon: 00[LIB] loaded plugins: charon aesni aes 
rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints 
pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf 
gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default 
connmark stroke updown eap-mschapv2 xauth-generic counters
Jan  2 17:11:07 Server charon: 00[LIB] dropped capabilities, running as 
uid 0, gid 0
Jan  2 17:11:07 Server charon: 00[JOB] spawning 16 worker threads
Jan  2 17:11:07 Server charon: 05[CFG] received stroke: add connection 'VPN'
Jan  2 17:11:07 Server charon: 05[CFG] conn VPN
Jan  2 17:11:07 Server charon: 05[CFG]   left=46.246.XXX.XXX
Jan  2 17:11:07 Server charon: 05[CFG]   leftsubnet=1.1.1.0/24
Jan  2 17:11:07 Server charon: 05[CFG]   leftauth=psk
Jan  2 17:11:07 Server charon: 05[CFG]   leftupdown=ipsec _updown iptables
Jan  2 17:11:07 Server charon: 05[CFG]   right=62.181.XXX.XXX
Jan  2 17:11:07 Server charon: 05[CFG]   rightsubnet=1.1.10.200/32
Jan  2 17:11:07 Server charon: 05[CFG]   rightauth=psk
Jan  2 17:11:07 Server charon: 05[CFG]   ike=aes128-sha1-modp1024
Jan  2 17:11:07 Server charon: 05[CFG]   esp=aes128-sha1
Jan  2 17:11:07 Server charon: 05[CFG]   dpddelay=30
Jan  2 17:11:07 Server charon: 05[CFG]   dpdtimeout=120
Jan  2 17:11:07 Server charon: 05[CFG]   dpdaction=3
Jan  2 17:11:07 Server charon: 05[CFG]   sha256_96=no
Jan  2 17:11:07 Server charon: 05[CFG]   mediation=no
Jan  2 17:11:07 Server charon: 05[CFG] added configuration 'VPN'
Jan  2 17:11:07 Server charon: 08[CFG] received stroke: initiate 'VPN'
Jan  2 17:11:07 Server charon: 08[IKE] initiating IKE_SA VPN[1] to 
62.181.XXX.XXX
Jan  2 17:11:07 Server charon: 08[CFG] configured proposals: 
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, 
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, 
IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Jan  2 17:11:07 Server charon: 08[CFG] sending supported signature hash 
algorithms: sha256 sha384 sha512 identity
Jan  2 17:11:07 Server charon: 08[ENC] generating IKE_SA_INIT request 0 
[ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jan  2 17:11:07 Server charon: 08[NET] sending packet: from 
46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes)
Jan  2 17:11:09 Server charon: 09[NET] received packet: from 
80.72.XXX.XXX[500] to 46.246.XXX.XXX[500] (284 bytes)
Jan  2 17:11:09 Server charon: 09[ENC] parsed ID_PROT request 0 [ SA V V 
V V V V V V V V ]
Jan  2 17:11:09 Server charon: 09[CFG] looking for an IKEv1 config for 
46.246.XXX.XXX...80.72.XXX.XXX
Jan  2 17:11:09 Server charon: 09[IKE] no IKE config found for 
46.246.XXX.XXX...80.72.XXX.XXX, sending NO_PROPOSAL_CHOSEN
Jan  2 17:11:09 Server charon: 09[ENC] generating INFORMATIONAL_V1 
request 2752600603 [ N(NO_PROP) ]
Jan  2 17:11:09 Server charon: 09[NET] sending packet: from 
46.246.XXX.XXX[500] to 80.72.XXX.XXX[500] (40 bytes)
Jan  2 17:11:11 Server charon: 10[IKE] retransmit 1 of request with 
message ID 0
Jan  2 17:11:11 Server charon: 10[NET] sending packet: from 
46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes)
Jan  2 17:11:18 Server charon: 12[IKE] retransmit 2 of request with 
message ID 0
Jan  2 17:11:18 Server charon: 12[NET] sending packet: from 
46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes)
Jan  2 17:11:21 Server charon: 11[NET] received packet: from 
80.72.XXX.XXX[500] to 46.246.XXX.XXX[500] (284 bytes)
Jan  2 17:11:21 Server charon: 11[ENC] parsed ID_PROT request 0 [ SA V V 
V V V V V V V V ]
Jan  2 17:11:21 Server charon: 11[CFG] looking for an IKEv1 config for 
46.246.XXX.XXX...80.72.XXX.XXX
Jan  2 17:11:21 Server charon: 11[IKE] no IKE config found for 
46.246.XXX.XXX...80.72.XXX.XXX, sending NO_PROPOSAL_CHOSEN
Jan  2 17:11:21 Server charon: 11[ENC] generating INFORMATIONAL_V1 
request 2913320541 [ N(NO_PROP) ]
Jan  2 17:11:21 Server charon: 11[NET] sending packet: from 
46.246.XXX.XXX[500] to 80.72.XXX.XXX[500] (40 bytes)
Jan  2 17:11:31 Server charon: 13[IKE] retransmit 3 of request with 
message ID 0
Jan  2 17:11:31 Server charon: 13[NET] sending packet: from 
46.246.XXX.XXX[500] to 62.181.XXX.XXX[500] (1036 bytes)
Jan  2 17:11:32 Server charon: 00[DMN] signal of type SIGINT received. 
Shutting down

More information about the Users mailing list