[strongSwan] revisiting problem with linux to VPN using network-manager-strongswan 1.4.5-2.1
David H Durgee
dhdurgee at verizon.net
Tue Jul 6 18:11:09 CEST 2021
I brought up the VPN over a WiFi connection this morning for a few
minutes in hopes of confirming it is operating correctly and securing
the internet traffic. Here are results in the terminal window:
> dhdurgee at z560:~/Downloads$ ip rule
> 0: from all lookup local
> 220: from all lookup 220
> 32766: from all lookup main
> 32767: from all lookup default
> dhdurgee at z560:~/Downloads$ ip route
> default via 192.168.1.1 dev wlp5s0 proto dhcp metric 600
> 169.254.0.0/16 dev wlp5s0 scope link metric 1000
> 192.168.1.0/24 dev wlp5s0 proto kernel scope link src 192.168.1.114
> metric 600
> dhdurgee at z560:~/Downloads$ ifconfig
> enp6s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> ether b8:70:f4:2c:6b:9f txqueuelen 1000 (Ethernet)
> RX packets 6620471 bytes 6659611738 (6.6 GB)
> RX errors 0 dropped 113 overruns 0 frame 0
> TX packets 5400612 bytes 627288507 (627.2 MB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
> inet 127.0.0.1 netmask 255.0.0.0
> inet6 ::1 prefixlen 128 scopeid 0x10<host>
> loop txqueuelen 1000 (Local Loopback)
> RX packets 607593 bytes 59022846 (59.0 MB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 607593 bytes 59022846 (59.0 MB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> wlp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 192.168.1.114 netmask 255.255.255.0 broadcast 192.168.1.255
> inet6 fe80::562f:7604:6d84:57ca prefixlen 64 scopeid 0x20<link>
> ether ac:81:12:a4:5e:43 txqueuelen 1000 (Ethernet)
> RX packets 6987 bytes 5181997 (5.1 MB)
> RX errors 0 dropped 0 overruns 0 frame 77207
> TX packets 7967 bytes 1225749 (1.2 MB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
> device interrupt 17
>
> dhdurgee at z560:~/Downloads$ route
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref
> Use Iface
> default _gateway 0.0.0.0 UG 600 0 0
> wlp5s0
> link-local 0.0.0.0 255.255.0.0 U 1000 0 0
> wlp5s0
> 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0
> wlp5s0
> dhdurgee at z560:~/Downloads$
Here is an extract from my syslog:
> Jul 6 11:50:46 Z560 NetworkManager[758]: <info> [1625586646.5967]
> manager: rfkill: Wi-Fi hardware radio set enabled
> Jul 6 11:50:46 Z560 NetworkManager[758]: <info> [1625586646.5985]
> audit: op="radio-control" arg="wireless-enabled" pid=811113 uid=1000
> result="success"
> Jul 6 11:50:46 Z560 charon-nm: 11[KNL] interface wlp5s0 activated
> Jul 6 11:50:46 Z560 systemd[1]: Starting Load/Save RF Kill Switch
> Status...
> Jul 6 11:50:46 Z560 systemd[1]: Started Load/Save RF Kill Switch Status.
> Jul 6 11:50:46 Z560 wpa_supplicant[818]: dbus:
> fill_dict_with_properties
> dbus_interface=fi.w1.wpa_supplicant1.Interface.P2PDevice
> dbus_property=P2PDeviceConfig getter failed
> Jul 6 11:50:46 Z560 NetworkManager[758]: <info> [1625586646.6794]
> sup-iface[0x562fdb83d4e0,wlp5s0]: supports 1 scan SSIDs
> Jul 6 11:50:46 Z560 NetworkManager[758]: <info> [1625586646.6808]
> device (wlp5s0): supplicant interface state: starting -> ready
> Jul 6 11:50:46 Z560 NetworkManager[758]: <info> [1625586646.6813]
> device (wlp5s0): state change: unavailable -> disconnected (reason
> 'supplicant-available', sys-iface-state: 'managed')
> Jul 6 11:50:46 Z560 wpa_supplicant[818]: wlp5s0:
> CTRL-EVENT-SCAN-FAILED ret=-22
> Jul 6 11:50:46 Z560 kernel: [706888.708759] ERROR @wl_cfg80211_scan :
> Jul 6 11:50:46 Z560 kernel: [706888.708762] WLC_SCAN error (-22)
> Jul 6 11:50:48 Z560 NetworkManager[758]: <info> [1625586648.4559]
> manager: rfkill: Wi-Fi now enabled by radio killswitch
> Jul 6 11:50:49 Z560 systemd[1]: NetworkManager-dispatcher.service:
> Succeeded.
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.2774]
> policy: auto-activating connection 'Auto Free WiFi by Karma'
> (3ccc719b-3616-44f7-a914-8c7d0344c87a)
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.2819]
> device (wlp5s0): Activation: starting connection 'Auto Free WiFi by
> Karma' (3ccc719b-3616-44f7-a914-8c7d0344c87a)
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.2834]
> device (wlp5s0): state change: disconnected -> prepare (reason 'none',
> sys-iface-state: 'managed')
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.2891]
> manager: NetworkManager state is now CONNECTING
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.2955]
> device (wlp5s0): state change: prepare -> config (reason 'none',
> sys-iface-state: 'managed')
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.2994]
> device (wlp5s0): Activation: (wifi) connection 'Auto Free WiFi by
> Karma' requires no security. No secrets needed.
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.2997]
> Config: added 'ssid' value 'Free WiFi by Karma'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.2998]
> Config: added 'scan_ssid' value '1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.2999]
> Config: added 'bgscan' value 'simple:30:-70:86400'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.2999]
> Config: added 'key_mgmt' value 'NONE'
> Jul 6 11:50:50 Z560 wpa_supplicant[818]: wlp5s0: Trying to associate
> with be:0f:2b:95:dd:58 (SSID='Free WiFi by Karma' freq=2462 MHz)
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.3676]
> device (wlp5s0): supplicant interface state: ready -> associating
> Jul 6 11:50:50 Z560 wpa_supplicant[818]: wlp5s0: Associated with
> be:0f:2b:95:dd:58
> Jul 6 11:50:50 Z560 wpa_supplicant[818]: wlp5s0: CTRL-EVENT-CONNECTED
> - Connection to be:0f:2b:95:dd:58 completed [id=0 id_str=]
> Jul 6 11:50:50 Z560 wpa_supplicant[818]: bgscan simple: Failed to
> enable signal strength monitoring
> Jul 6 11:50:50 Z560 kernel: [706892.471763] IPv6:
> ADDRCONF(NETDEV_CHANGE): wlp5s0: link becomes ready
> Jul 6 11:50:50 Z560 wpa_supplicant[818]: wlp5s0:
> CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
> Jul 6 11:50:50 Z560 wpa_supplicant[818]: wlp5s0:
> CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=US
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.4620]
> device (wlp5s0): supplicant interface state: associating -> completed
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.4622]
> device (wlp5s0): Activation: (wifi) Stage 2 of 5 (Device Configure)
> successful. Connected to wireless network "Free WiFi by Karma"
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.4663]
> device (wlp5s0): state change: config -> ip-config (reason 'none',
> sys-iface-state: 'managed')
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.4736]
> dhcp4 (wlp5s0): activation: beginning transaction (timeout in 45 seconds)
> Jul 6 11:50:50 Z560 avahi-daemon[750]: Joining mDNS multicast group
> on interface wlp5s0.IPv6 with address fe80::562f:7604:6d84:57ca.
> Jul 6 11:50:50 Z560 avahi-daemon[750]: New relevant interface
> wlp5s0.IPv6 for mDNS.
> Jul 6 11:50:50 Z560 avahi-daemon[750]: Registering new address record
> for fe80::562f:7604:6d84:57ca on wlp5s0.*.
> Jul 6 11:50:50 Z560 charon-nm: 12[KNL] fe80::562f:7604:6d84:57ca
> appeared on wlp5s0
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5754]
> dhcp4 (wlp5s0): option dhcp_lease_time => '10800'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5756]
> dhcp4 (wlp5s0): option domain_name_servers => '192.168.1.1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5757]
> dhcp4 (wlp5s0): option expiry => '1625597450'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5758]
> dhcp4 (wlp5s0): option ip_address => '192.168.1.114'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5758]
> dhcp4 (wlp5s0): option requested_broadcast_address => '1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5759]
> dhcp4 (wlp5s0): option requested_domain_name => '1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5759]
> dhcp4 (wlp5s0): option requested_domain_name_servers => '1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5760]
> dhcp4 (wlp5s0): option requested_domain_search => '1'
> Jul 6 11:50:50 Z560 avahi-daemon[750]: Joining mDNS multicast group
> on interface wlp5s0.IPv4 with address 192.168.1.114.
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5761]
> dhcp4 (wlp5s0): option requested_host_name => '1'
> Jul 6 11:50:50 Z560 charon-nm: 13[KNL] 192.168.1.114 appeared on wlp5s0
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5761]
> dhcp4 (wlp5s0): option requested_interface_mtu => '1'
> Jul 6 11:50:50 Z560 avahi-daemon[750]: New relevant interface
> wlp5s0.IPv4 for mDNS.
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5762]
> dhcp4 (wlp5s0): option requested_ms_classless_static_routes => '1'
> Jul 6 11:50:50 Z560 avahi-daemon[750]: Registering new address record
> for 192.168.1.114 on wlp5s0.IPv4.
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5763]
> dhcp4 (wlp5s0): option requested_nis_domain => '1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5764]
> dhcp4 (wlp5s0): option requested_nis_servers => '1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5764]
> dhcp4 (wlp5s0): option requested_ntp_servers => '1'
> Jul 6 11:50:50 Z560 charon-nm: 08[IKE] installed bypass policy for
> 192.168.1.0/24
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5765]
> dhcp4 (wlp5s0): option requested_rfc3442_classless_static_routes => '1'
> Jul 6 11:50:50 Z560 charon-nm: 08[IKE] installed bypass policy for
> fe80::/64
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5766]
> dhcp4 (wlp5s0): option requested_root_path => '1'
> Jul 6 11:50:50 Z560 dbus-daemon[754]: [system] Activating via
> systemd: service name='org.freedesktop.nm_dispatcher'
> unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.7'
> (uid=0 pid=758 comm="/usr/sbin/NetworkManager --no-daemon "
> label="unconfined")
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5766]
> dhcp4 (wlp5s0): option requested_routers => '1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5767]
> dhcp4 (wlp5s0): option requested_static_routes => '1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5768]
> dhcp4 (wlp5s0): option requested_subnet_mask => '1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5769]
> dhcp4 (wlp5s0): option requested_time_offset => '1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5769]
> dhcp4 (wlp5s0): option requested_wpad => '1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5770]
> dhcp4 (wlp5s0): option routers => '192.168.1.1'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5771]
> dhcp4 (wlp5s0): option subnet_mask => '255.255.255.0'
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.5771]
> dhcp4 (wlp5s0): state changed unknown -> bound
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.6015]
> device (wlp5s0): state change: ip-config -> ip-check (reason 'none',
> sys-iface-state: 'managed')
> Jul 6 11:50:50 Z560 systemd[1]: Starting Network Manager Script
> Dispatcher Service...
> Jul 6 11:50:50 Z560 dbus-daemon[754]: [system] Successfully activated
> service 'org.freedesktop.nm_dispatcher'
> Jul 6 11:50:50 Z560 systemd[1]: Started Network Manager Script
> Dispatcher Service.
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.7494]
> device (wlp5s0): state change: ip-check -> secondaries (reason 'none',
> sys-iface-state: 'managed')
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.7589]
> device (wlp5s0): state change: secondaries -> activated (reason
> 'none', sys-iface-state: 'managed')
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.7823]
> manager: NetworkManager state is now CONNECTED_LOCAL
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.8104]
> manager: NetworkManager state is now CONNECTED_SITE
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.8122]
> policy: set 'Auto Free WiFi by Karma' (wlp5s0) as default for IPv4
> routing and DNS
> Jul 6 11:50:50 Z560 NetworkManager[758]: <info> [1625586650.8230]
> device (wlp5s0): Activation: successful, device activated.
> Jul 6 11:50:51 Z560 charon-nm: 11[IKE] installed bypass policy for
> 169.254.0.0/16
> Jul 6 11:50:51 Z560 NetworkManager[758]: <info> [1625586651.2683]
> manager: NetworkManager state is now CONNECTED_GLOBAL
> Jul 6 11:50:53 Z560 systemd[1]: systemd-rfkill.service: Succeeded.
> Jul 6 11:50:57 Z560 NetworkManager[758]: <info> [1625586657.5896]
> audit: op="connection-activate"
> uuid="72e4370d-ecfb-4e33-8572-5cf04431abb9" name="Durgee Enterprises,
> LLC" pid=811113 uid=1000 result="success"
> Jul 6 11:50:57 Z560 NetworkManager[758]: <info> [1625586657.5965]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Saw the service appear; activating connection
> Jul 6 11:50:57 Z560 NetworkManager[758]: <info> [1625586657.7338]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN connection: (ConnectInteractive) reply received
> Jul 6 11:50:57 Z560 charon-nm: 05[CFG] received initiate for
> NetworkManager connection Durgee Enterprises, LLC
> Jul 6 11:50:57 Z560 charon-nm: 05[CFG] using CA certificate, gateway
> identity 'durgeeenterprises.publicvm.com'
> Jul 6 11:50:57 Z560 charon-nm: 05[IKE] initiating IKE_SA Durgee
> Enterprises, LLC[9] to 108.31.28.59
> Jul 6 11:50:57 Z560 charon-nm: 05[ENC] generating IKE_SA_INIT request
> 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
> N(REDIR_SUP) ]
> Jul 6 11:50:57 Z560 charon-nm: 05[NET] sending packet: from
> 192.168.1.114[55474] to 108.31.28.59[500] (768 bytes)
> Jul 6 11:50:57 Z560 NetworkManager[758]: <info> [1625586657.9830]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN plugin: state changed: starting (3)
> Jul 6 11:50:58 Z560 charon-nm: 09[NET] received packet: from
> 108.31.28.59[500] to 192.168.1.114[55474] (38 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 09[ENC] parsed IKE_SA_INIT response 0
> [ N(INVAL_KE) ]
> Jul 6 11:50:58 Z560 charon-nm: 09[IKE] peer didn't accept DH group
> ECP_256, it requested MODP_2048
> Jul 6 11:50:58 Z560 charon-nm: 09[IKE] initiating IKE_SA Durgee
> Enterprises, LLC[9] to 108.31.28.59
> Jul 6 11:50:58 Z560 charon-nm: 09[ENC] generating IKE_SA_INIT request
> 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
> N(REDIR_SUP) ]
> Jul 6 11:50:58 Z560 charon-nm: 09[NET] sending packet: from
> 192.168.1.114[55474] to 108.31.28.59[500] (960 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 14[NET] received packet: from
> 108.31.28.59[500] to 192.168.1.114[55474] (464 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 14[ENC] parsed IKE_SA_INIT response 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
> N(MULT_AUTH) ]
> Jul 6 11:50:58 Z560 charon-nm: 14[CFG] selected proposal:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
> Jul 6 11:50:58 Z560 charon-nm: 14[IKE] local host is behind NAT,
> sending keep alives
> Jul 6 11:50:58 Z560 charon-nm: 14[IKE] remote host is behind NAT
> Jul 6 11:50:58 Z560 charon-nm: 14[IKE] sending cert request for
> "C=US, O=Durgee Enterprises LLC, CN=VPN Server Root CA"
> Jul 6 11:50:58 Z560 charon-nm: 14[IKE] establishing CHILD_SA Durgee
> Enterprises, LLC{6}
> Jul 6 11:50:58 Z560 charon-nm: 14[ENC] generating IKE_AUTH request 1
> [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS NBNS DNS6) SA TSi
> TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY)
> N(MSG_ID_SYN_SUP) ]
> Jul 6 11:50:58 Z560 charon-nm: 14[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (412 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 07[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (544 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 07[ENC] parsed IKE_AUTH response 1 [
> EF(1/5) ]
> Jul 6 11:50:58 Z560 charon-nm: 07[ENC] received fragment #1 of 5,
> waiting for complete IKE message
> Jul 6 11:50:58 Z560 charon-nm: 08[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (544 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 08[ENC] parsed IKE_AUTH response 1 [
> EF(2/5) ]
> Jul 6 11:50:58 Z560 charon-nm: 08[ENC] received fragment #2 of 5,
> waiting for complete IKE message
> Jul 6 11:50:58 Z560 charon-nm: 10[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (544 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 10[ENC] parsed IKE_AUTH response 1 [
> EF(3/5) ]
> Jul 6 11:50:58 Z560 charon-nm: 10[ENC] received fragment #3 of 5,
> waiting for complete IKE message
> Jul 6 11:50:58 Z560 charon-nm: 06[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (544 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 06[ENC] parsed IKE_AUTH response 1 [
> EF(4/5) ]
> Jul 6 11:50:58 Z560 charon-nm: 06[ENC] received fragment #4 of 5,
> waiting for complete IKE message
> Jul 6 11:50:58 Z560 charon-nm: 12[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (176 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 12[ENC] parsed IKE_AUTH response 1 [
> EF(5/5) ]
> Jul 6 11:50:58 Z560 charon-nm: 12[ENC] received fragment #5 of 5,
> reassembled fragmented IKE message (2092 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 12[ENC] parsed IKE_AUTH response 1 [
> IDr CERT AUTH EAP/REQ/ID ]
> Jul 6 11:50:58 Z560 charon-nm: 12[IKE] received end entity cert
> "C=US, O=Durgee Enterprises LLC, CN=durgeeenterprises.publicvm.com"
> Jul 6 11:50:58 Z560 charon-nm: 12[CFG] using certificate "C=US,
> O=Durgee Enterprises LLC, CN=durgeeenterprises.publicvm.com"
> Jul 6 11:50:58 Z560 charon-nm: 12[CFG] using trusted ca certificate
> "C=US, O=Durgee Enterprises LLC, CN=VPN Server Root CA"
> Jul 6 11:50:58 Z560 charon-nm: 12[CFG] checking certificate status of
> "C=US, O=Durgee Enterprises LLC, CN=durgeeenterprises.publicvm.com"
> Jul 6 11:50:58 Z560 charon-nm: 12[CFG] certificate status is not
> available
> Jul 6 11:50:58 Z560 charon-nm: 12[CFG] reached self-signed root ca
> with a path length of 0
> Jul 6 11:50:58 Z560 charon-nm: 12[IKE] authentication of
> 'durgeeenterprises.publicvm.com' with RSA_EMSA_PKCS1_SHA2_384 successful
> Jul 6 11:50:58 Z560 charon-nm: 12[IKE] server requested EAP_IDENTITY
> (id 0x00), sending 'dhdurgee'
> Jul 6 11:50:58 Z560 charon-nm: 12[ENC] generating IKE_AUTH request 2
> [ EAP/RES/ID ]
> Jul 6 11:50:58 Z560 charon-nm: 12[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (92 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 01[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (108 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 01[ENC] parsed IKE_AUTH response 2 [
> EAP/REQ/MSCHAPV2 ]
> Jul 6 11:50:58 Z560 charon-nm: 01[IKE] server requested EAP_MSCHAPV2
> authentication (id 0x28)
> Jul 6 11:50:58 Z560 charon-nm: 01[ENC] generating IKE_AUTH request 3
> [ EAP/RES/MSCHAPV2 ]
> Jul 6 11:50:58 Z560 charon-nm: 01[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (140 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 13[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (140 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 13[ENC] parsed IKE_AUTH response 3 [
> EAP/REQ/MSCHAPV2 ]
> Jul 6 11:50:58 Z560 charon-nm: 13[IKE] EAP-MS-CHAPv2 succeeded:
> 'Welcome2strongSwan'
> Jul 6 11:50:58 Z560 charon-nm: 13[ENC] generating IKE_AUTH request 4
> [ EAP/RES/MSCHAPV2 ]
> Jul 6 11:50:58 Z560 charon-nm: 13[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (76 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 11[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (76 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 11[ENC] parsed IKE_AUTH response 4 [
> EAP/SUCC ]
> Jul 6 11:50:58 Z560 charon-nm: 11[IKE] EAP method EAP_MSCHAPV2
> succeeded, MSK established
> Jul 6 11:50:58 Z560 charon-nm: 11[IKE] authentication of 'dhdurgee'
> (myself) with EAP
> Jul 6 11:50:58 Z560 charon-nm: 11[ENC] generating IKE_AUTH request 5
> [ AUTH ]
> Jul 6 11:50:58 Z560 charon-nm: 11[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (92 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 15[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (236 bytes)
> Jul 6 11:50:58 Z560 charon-nm: 15[ENC] parsed IKE_AUTH response 5 [
> AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
> Jul 6 11:50:58 Z560 charon-nm: 15[IKE] authentication of
> 'durgeeenterprises.publicvm.com' with EAP successful
> Jul 6 11:50:58 Z560 charon-nm: 15[IKE] IKE_SA Durgee Enterprises,
> LLC[9] established between
> 192.168.1.114[dhdurgee]...108.31.28.59[durgeeenterprises.publicvm.com]
> Jul 6 11:50:58 Z560 charon-nm: 15[IKE] scheduling rekeying in 35676s
> Jul 6 11:50:58 Z560 charon-nm: 15[IKE] maximum IKE_SA lifetime 36276s
> Jul 6 11:50:58 Z560 charon-nm: 15[IKE] installing new virtual IP
> 10.10.10.2
> Jul 6 11:50:58 Z560 avahi-daemon[750]: Registering new address record
> for 10.10.10.2 on wlp5s0.IPv4.
> Jul 6 11:50:58 Z560 charon-nm: 15[CFG] selected proposal:
> ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
> Jul 6 11:50:58 Z560 charon-nm: 15[IKE] CHILD_SA Durgee Enterprises,
> LLC{6} established with SPIs c6b4df75_i c93e3b9a_o and TS
> 10.10.10.2/32 === 0.0.0.0/0
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6348]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN connection: (IP Config Get) reply received.
> Jul 6 11:50:58 Z560 charon-nm: 15[IKE] peer supports MOBIKE
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6355]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN plugin: state changed: started (4)
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6356]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN connection: (IP4 Config Get) reply received
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6369]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: VPN Gateway: 108.31.28.59
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6369]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Tunnel Device: (null)
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6370]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: IPv4 configuration:
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6370]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Internal Address: 10.10.10.2
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6370]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Internal Prefix: 32
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6371]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Internal Point-to-Point Address: 10.10.10.2
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6371]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Internal DNS: 8.8.8.8
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6372]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Internal DNS: 8.8.4.4
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6372]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: DNS Domain: '(none)'
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6373]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: No IPv6 configuration
> Jul 6 11:50:58 Z560 NetworkManager[758]: <info> [1625586658.6397]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN connection: (IP Config Get) complete
> Jul 6 11:51:02 Z560 NetworkManager[758]: <info> [1625586662.7579]
> audit: op="connection-deactivate"
> uuid="72e4370d-ecfb-4e33-8572-5cf04431abb9" name="Durgee Enterprises,
> LLC" pid=811113 uid=1000 result="success"
> Jul 6 11:51:02 Z560 avahi-daemon[750]: Withdrawing address record for
> 10.10.10.2 on wlp5s0.
> Jul 6 11:51:02 Z560 charon-nm: 06[IKE] deleting IKE_SA Durgee
> Enterprises, LLC[9] between
> 192.168.1.114[dhdurgee]...108.31.28.59[durgeeenterprises.publicvm.com]
> Jul 6 11:51:02 Z560 charon-nm: 06[IKE] sending DELETE for IKE_SA
> Durgee Enterprises, LLC[9]
> Jul 6 11:51:02 Z560 charon-nm: 06[ENC] generating INFORMATIONAL
> request 6 [ D ]
> Jul 6 11:51:02 Z560 charon-nm: 06[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (76 bytes)
> Jul 6 11:51:02 Z560 nm-dispatcher[913835]: run-parts: failed to stat
> component /etc/network/if-post-down.d/avahi-daemon: No such file or
> directory
> Jul 6 11:51:02 Z560 NetworkManager[758]: <info> [1625586662.7748]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN plugin: state changed: stopping (5)
> Jul 6 11:51:02 Z560 NetworkManager[758]: <info> [1625586662.7749]
> vpn-connection[0x562fdb93c0e0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN plugin: state changed: stopped (6)
> Jul 6 11:51:02 Z560 charon-nm: 12[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (76 bytes)
> Jul 6 11:51:02 Z560 charon-nm: 12[ENC] parsed INFORMATIONAL response
> 6 [ ]
> Jul 6 11:51:02 Z560 charon-nm: 12[IKE] IKE_SA deleted
> Jul 6 11:51:13 Z560 systemd[1]: NetworkManager-dispatcher.service:
> Succeeded.
> Jul 6 11:51:40 Z560 kernel: [706942.106869] mce: CPU1: Core
> temperature above threshold, cpu clock throttled (total events = 22442)
> Jul 6 11:51:40 Z560 kernel: [706942.106870] mce: CPU0: Core
> temperature above threshold, cpu clock throttled (total events = 22442)
> Jul 6 11:51:40 Z560 kernel: [706942.107920] mce: CPU1: Core
> temperature/speed normal
> Jul 6 11:51:40 Z560 kernel: [706942.107921] mce: CPU0: Core
> temperature/speed normal
> Jul 6 11:52:17 Z560 NetworkManager[758]: <info> [1625586737.5550]
> audit: op="connection-activate"
> uuid="72e4370d-ecfb-4e33-8572-5cf04431abb9" name="Durgee Enterprises,
> LLC" pid=811113 uid=1000 result="success"
> Jul 6 11:52:17 Z560 NetworkManager[758]: <info> [1625586737.5578]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Saw the service appear; activating connection
> Jul 6 11:52:17 Z560 NetworkManager[758]: <info> [1625586737.7003]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN connection: (ConnectInteractive) reply received
> Jul 6 11:52:17 Z560 charon-nm: 05[CFG] received initiate for
> NetworkManager connection Durgee Enterprises, LLC
> Jul 6 11:52:17 Z560 charon-nm: 05[CFG] using CA certificate, gateway
> identity 'durgeeenterprises.publicvm.com'
> Jul 6 11:52:17 Z560 charon-nm: 05[IKE] initiating IKE_SA Durgee
> Enterprises, LLC[10] to 108.31.28.59
> Jul 6 11:52:17 Z560 charon-nm: 05[ENC] generating IKE_SA_INIT request
> 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
> N(REDIR_SUP) ]
> Jul 6 11:52:17 Z560 charon-nm: 05[NET] sending packet: from
> 192.168.1.114[55474] to 108.31.28.59[500] (768 bytes)
> Jul 6 11:52:17 Z560 NetworkManager[758]: <info> [1625586737.8213]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN plugin: state changed: starting (3)
> Jul 6 11:52:17 Z560 charon-nm: 14[NET] received packet: from
> 108.31.28.59[500] to 192.168.1.114[55474] (38 bytes)
> Jul 6 11:52:17 Z560 charon-nm: 14[ENC] parsed IKE_SA_INIT response 0
> [ N(INVAL_KE) ]
> Jul 6 11:52:17 Z560 charon-nm: 14[IKE] peer didn't accept DH group
> ECP_256, it requested MODP_2048
> Jul 6 11:52:17 Z560 charon-nm: 14[IKE] initiating IKE_SA Durgee
> Enterprises, LLC[10] to 108.31.28.59
> Jul 6 11:52:17 Z560 charon-nm: 14[ENC] generating IKE_SA_INIT request
> 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
> N(REDIR_SUP) ]
> Jul 6 11:52:17 Z560 charon-nm: 14[NET] sending packet: from
> 192.168.1.114[55474] to 108.31.28.59[500] (960 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 15[NET] received packet: from
> 108.31.28.59[500] to 192.168.1.114[55474] (464 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 15[ENC] parsed IKE_SA_INIT response 0
> [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG)
> N(MULT_AUTH) ]
> Jul 6 11:52:18 Z560 charon-nm: 15[CFG] selected proposal:
> IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
> Jul 6 11:52:18 Z560 charon-nm: 15[IKE] local host is behind NAT,
> sending keep alives
> Jul 6 11:52:18 Z560 charon-nm: 15[IKE] remote host is behind NAT
> Jul 6 11:52:18 Z560 charon-nm: 15[IKE] sending cert request for
> "C=US, O=Durgee Enterprises LLC, CN=VPN Server Root CA"
> Jul 6 11:52:18 Z560 charon-nm: 15[IKE] establishing CHILD_SA Durgee
> Enterprises, LLC{7}
> Jul 6 11:52:18 Z560 charon-nm: 15[ENC] generating IKE_AUTH request 1
> [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS NBNS DNS6) SA TSi
> TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY)
> N(MSG_ID_SYN_SUP) ]
> Jul 6 11:52:18 Z560 charon-nm: 15[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (412 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 07[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (544 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 07[ENC] parsed IKE_AUTH response 1 [
> EF(1/5) ]
> Jul 6 11:52:18 Z560 charon-nm: 07[ENC] received fragment #1 of 5,
> waiting for complete IKE message
> Jul 6 11:52:18 Z560 charon-nm: 08[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (544 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 08[ENC] parsed IKE_AUTH response 1 [
> EF(2/5) ]
> Jul 6 11:52:18 Z560 charon-nm: 08[ENC] received fragment #2 of 5,
> waiting for complete IKE message
> Jul 6 11:52:18 Z560 charon-nm: 08[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (544 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 08[ENC] parsed IKE_AUTH response 1 [
> EF(4/5) ]
> Jul 6 11:52:18 Z560 charon-nm: 08[ENC] received fragment #4 of 5,
> waiting for complete IKE message
> Jul 6 11:52:18 Z560 charon-nm: 10[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (176 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 10[ENC] parsed IKE_AUTH response 1 [
> EF(5/5) ]
> Jul 6 11:52:18 Z560 charon-nm: 10[ENC] received fragment #5 of 5,
> waiting for complete IKE message
> Jul 6 11:52:18 Z560 charon-nm: 06[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (544 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 06[ENC] parsed IKE_AUTH response 1 [
> EF(3/5) ]
> Jul 6 11:52:18 Z560 charon-nm: 06[ENC] received fragment #3 of 5,
> reassembled fragmented IKE message (2092 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 06[ENC] parsed IKE_AUTH response 1 [
> IDr CERT AUTH EAP/REQ/ID ]
> Jul 6 11:52:18 Z560 charon-nm: 06[IKE] received end entity cert
> "C=US, O=Durgee Enterprises LLC, CN=durgeeenterprises.publicvm.com"
> Jul 6 11:52:18 Z560 charon-nm: 06[CFG] using certificate "C=US,
> O=Durgee Enterprises LLC, CN=durgeeenterprises.publicvm.com"
> Jul 6 11:52:18 Z560 charon-nm: 06[CFG] using trusted ca certificate
> "C=US, O=Durgee Enterprises LLC, CN=VPN Server Root CA"
> Jul 6 11:52:18 Z560 charon-nm: 06[CFG] checking certificate status of
> "C=US, O=Durgee Enterprises LLC, CN=durgeeenterprises.publicvm.com"
> Jul 6 11:52:18 Z560 charon-nm: 06[CFG] certificate status is not
> available
> Jul 6 11:52:18 Z560 charon-nm: 06[CFG] reached self-signed root ca
> with a path length of 0
> Jul 6 11:52:18 Z560 charon-nm: 06[IKE] authentication of
> 'durgeeenterprises.publicvm.com' with RSA_EMSA_PKCS1_SHA2_384 successful
> Jul 6 11:52:18 Z560 charon-nm: 06[IKE] server requested EAP_IDENTITY
> (id 0x00), sending 'dhdurgee'
> Jul 6 11:52:18 Z560 charon-nm: 06[ENC] generating IKE_AUTH request 2
> [ EAP/RES/ID ]
> Jul 6 11:52:18 Z560 charon-nm: 06[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (92 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 12[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (108 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 12[ENC] parsed IKE_AUTH response 2 [
> EAP/REQ/MSCHAPV2 ]
> Jul 6 11:52:18 Z560 charon-nm: 12[IKE] server requested EAP_MSCHAPV2
> authentication (id 0x07)
> Jul 6 11:52:18 Z560 charon-nm: 12[ENC] generating IKE_AUTH request 3
> [ EAP/RES/MSCHAPV2 ]
> Jul 6 11:52:18 Z560 charon-nm: 12[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (140 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 13[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (140 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 13[ENC] parsed IKE_AUTH response 3 [
> EAP/REQ/MSCHAPV2 ]
> Jul 6 11:52:18 Z560 charon-nm: 13[IKE] EAP-MS-CHAPv2 succeeded:
> 'Welcome2strongSwan'
> Jul 6 11:52:18 Z560 charon-nm: 13[ENC] generating IKE_AUTH request 4
> [ EAP/RES/MSCHAPV2 ]
> Jul 6 11:52:18 Z560 charon-nm: 13[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (76 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 11[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (76 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 11[ENC] parsed IKE_AUTH response 4 [
> EAP/SUCC ]
> Jul 6 11:52:18 Z560 charon-nm: 11[IKE] EAP method EAP_MSCHAPV2
> succeeded, MSK established
> Jul 6 11:52:18 Z560 charon-nm: 11[IKE] authentication of 'dhdurgee'
> (myself) with EAP
> Jul 6 11:52:18 Z560 charon-nm: 11[ENC] generating IKE_AUTH request 5
> [ AUTH ]
> Jul 6 11:52:18 Z560 charon-nm: 11[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (92 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 09[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (236 bytes)
> Jul 6 11:52:18 Z560 charon-nm: 09[ENC] parsed IKE_AUTH response 5 [
> AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
> Jul 6 11:52:18 Z560 charon-nm: 09[IKE] authentication of
> 'durgeeenterprises.publicvm.com' with EAP successful
> Jul 6 11:52:18 Z560 charon-nm: 09[IKE] IKE_SA Durgee Enterprises,
> LLC[10] established between
> 192.168.1.114[dhdurgee]...108.31.28.59[durgeeenterprises.publicvm.com]
> Jul 6 11:52:18 Z560 charon-nm: 09[IKE] scheduling rekeying in 35831s
> Jul 6 11:52:18 Z560 charon-nm: 09[IKE] maximum IKE_SA lifetime 36431s
> Jul 6 11:52:18 Z560 charon-nm: 09[IKE] installing new virtual IP
> 10.10.10.1
> Jul 6 11:52:18 Z560 avahi-daemon[750]: Registering new address record
> for 10.10.10.1 on wlp5s0.IPv4.
> Jul 6 11:52:18 Z560 charon-nm: 09[CFG] selected proposal:
> ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
> Jul 6 11:52:18 Z560 charon-nm: 09[IKE] CHILD_SA Durgee Enterprises,
> LLC{7} established with SPIs c271f27b_i cacae253_o and TS
> 10.10.10.1/32 === 0.0.0.0/0
> Jul 6 11:52:18 Z560 charon-nm: 09[IKE] peer supports MOBIKE
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5248]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN connection: (IP Config Get) reply received.
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5255]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN plugin: state changed: started (4)
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5256]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN connection: (IP4 Config Get) reply received
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5269]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: VPN Gateway: 108.31.28.59
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5270]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Tunnel Device: (null)
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5270]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: IPv4 configuration:
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5271]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Internal Address: 10.10.10.1
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5271]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Internal Prefix: 32
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5271]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Internal Point-to-Point Address: 10.10.10.1
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5272]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Internal DNS: 8.8.8.8
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5272]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: Internal DNS: 8.8.4.4
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5272]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: DNS Domain: '(none)'
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5273]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: Data: No IPv6 configuration
> Jul 6 11:52:18 Z560 NetworkManager[758]: <info> [1625586738.5286]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN connection: (IP Config Get) complete
> Jul 6 11:52:18 Z560 dbus-daemon[754]: [system] Activating via
> systemd: service name='org.freedesktop.nm_dispatcher'
> unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.7'
> (uid=0 pid=758 comm="/usr/sbin/NetworkManager --no-daemon "
> label="unconfined")
> Jul 6 11:52:18 Z560 systemd[1]: Starting Network Manager Script
> Dispatcher Service...
> Jul 6 11:52:18 Z560 dbus-daemon[754]: [system] Successfully activated
> service 'org.freedesktop.nm_dispatcher'
> Jul 6 11:52:18 Z560 systemd[1]: Started Network Manager Script
> Dispatcher Service.
> Jul 6 11:52:28 Z560 systemd[1]: NetworkManager-dispatcher.service:
> Succeeded.
> Jul 6 11:52:34 Z560 dbus-daemon[754]: [system] Activating via
> systemd: service name='org.freedesktop.nm_dispatcher'
> unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.7'
> (uid=0 pid=758 comm="/usr/sbin/NetworkManager --no-daemon "
> label="unconfined")
> Jul 6 11:52:34 Z560 NetworkManager[758]: <info> [1625586754.7510]
> audit: op="connection-deactivate"
> uuid="72e4370d-ecfb-4e33-8572-5cf04431abb9" name="Durgee Enterprises,
> LLC" pid=811113 uid=1000 result="success"
> Jul 6 11:52:34 Z560 systemd[1]: Starting Network Manager Script
> Dispatcher Service...
> Jul 6 11:52:34 Z560 dbus-daemon[754]: [system] Successfully activated
> service 'org.freedesktop.nm_dispatcher'
> Jul 6 11:52:34 Z560 systemd[1]: Started Network Manager Script
> Dispatcher Service.
> Jul 6 11:52:34 Z560 avahi-daemon[750]: Withdrawing address record for
> 10.10.10.1 on wlp5s0.
> Jul 6 11:52:34 Z560 charon-nm: 06[IKE] deleting IKE_SA Durgee
> Enterprises, LLC[10] between
> 192.168.1.114[dhdurgee]...108.31.28.59[durgeeenterprises.publicvm.com]
> Jul 6 11:52:34 Z560 charon-nm: 06[IKE] sending DELETE for IKE_SA
> Durgee Enterprises, LLC[10]
> Jul 6 11:52:34 Z560 charon-nm: 06[ENC] generating INFORMATIONAL
> request 6 [ D ]
> Jul 6 11:52:34 Z560 charon-nm: 06[NET] sending packet: from
> 192.168.1.114[47031] to 108.31.28.59[4500] (76 bytes)
> Jul 6 11:52:34 Z560 nm-dispatcher[914076]: run-parts: failed to stat
> component /etc/network/if-post-down.d/avahi-daemon: No such file or
> directory
> Jul 6 11:52:34 Z560 NetworkManager[758]: <info> [1625586754.7953]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN plugin: state changed: stopping (5)
> Jul 6 11:52:34 Z560 NetworkManager[758]: <info> [1625586754.7954]
> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
> Enterprises, LLC",0]: VPN plugin: state changed: stopped (6)
> Jul 6 11:52:34 Z560 charon-nm: 12[NET] received packet: from
> 108.31.28.59[4500] to 192.168.1.114[47031] (76 bytes)
> Jul 6 11:52:34 Z560 charon-nm: 12[ENC] parsed INFORMATIONAL response
> 6 [ ]
> Jul 6 11:52:34 Z560 charon-nm: 12[IKE] IKE_SA deleted
> Jul 6 11:52:41 Z560 charon-nm: 15[KNL] interface wlp5s0 deactivated
> Jul 6 11:52:41 Z560 wpa_supplicant[818]: wlp5s0:
> CTRL-EVENT-DISCONNECTED bssid=be:0f:2b:95:dd:58 reason=3
> locally_generated=1
> Jul 6 11:52:41 Z560 avahi-daemon[750]: Interface wlp5s0.IPv6 no
> longer relevant for mDNS.
> Jul 6 11:52:41 Z560 avahi-daemon[750]: Leaving mDNS multicast group
> on interface wlp5s0.IPv6 with address fe80::562f:7604:6d84:57ca.
> Jul 6 11:52:41 Z560 systemd[1]: Starting Load/Save RF Kill Switch
> Status...
> Jul 6 11:52:41 Z560 charon-nm: 10[KNL] fe80::562f:7604:6d84:57ca
> disappeared from wlp5s0
> Jul 6 11:52:41 Z560 avahi-daemon[750]: Interface wlp5s0.IPv4 no
> longer relevant for mDNS.
> Jul 6 11:52:41 Z560 avahi-daemon[750]: Leaving mDNS multicast group
> on interface wlp5s0.IPv4 with address 192.168.1.114.
> Jul 6 11:52:41 Z560 avahi-daemon[750]: Withdrawing address record for
> fe80::562f:7604:6d84:57ca on wlp5s0.
> Jul 6 11:52:41 Z560 avahi-daemon[750]: Withdrawing address record for
> 192.168.1.114 on wlp5s0.
> Jul 6 11:52:41 Z560 wpa_supplicant[818]: rfkill: WLAN soft blocked
> Jul 6 11:52:41 Z560 systemd[1]: Started Load/Save RF Kill Switch Status.
> Jul 6 11:52:41 Z560 NetworkManager[758]: <info> [1625586761.1466]
> manager: rfkill: Wi-Fi hardware radio set disabled
> Jul 6 11:52:41 Z560 NetworkManager[758]: <info> [1625586761.1469]
> device (wlp5s0): state change: activated -> unavailable (reason
> 'none', sys-iface-state: 'managed')
> Jul 6 11:52:41 Z560 NetworkManager[758]: <info> [1625586761.1750]
> dhcp4 (wlp5s0): canceled DHCP transaction
> Jul 6 11:52:41 Z560 NetworkManager[758]: <info> [1625586761.1750]
> dhcp4 (wlp5s0): state changed bound -> done
> Jul 6 11:52:41 Z560 charon-nm: 06[KNL] 192.168.1.114 disappeared from
> wlp5s0
> Jul 6 11:52:41 Z560 NetworkManager[758]: <info> [1625586761.1823]
> manager: NetworkManager state is now DISCONNECTED
> Jul 6 11:52:41 Z560 NetworkManager[758]: <info> [1625586761.1920]
> audit: op="radio-control" arg="wireless-enabled" pid=811113 uid=1000
> result="success"
> Jul 6 11:52:41 Z560 NetworkManager[758]: <info> [1625586761.1931]
> manager: rfkill: Wi-Fi now disabled by radio killswitch
> Jul 6 11:52:41 Z560 nm-dispatcher[914110]: run-parts: failed to stat
> component /etc/network/if-post-down.d/avahi-daemon: No such file or
> directory
> Jul 6 11:52:41 Z560 charon-nm: 11[IKE] uninstalling bypass policy for
> 192.168.1.0/24
> Jul 6 11:52:41 Z560 charon-nm: 11[KNL] error uninstalling route
> installed with policy 192.168.1.0/24 === 192.168.1.0/24 out
> Jul 6 11:52:41 Z560 charon-nm: 11[IKE] uninstalling bypass policy for
> 169.254.0.0/16
> Jul 6 11:52:41 Z560 charon-nm: 11[IKE] uninstalling bypass policy for
> fe80::/64
> Jul 6 11:52:41 Z560 wpa_supplicant[818]: nl80211: deinit
> ifname=wlp5s0 disabled_11b_rates=0
> Jul 6 11:52:46 Z560 systemd[1]: systemd-rfkill.service: Succeeded.
I am not sure that I have used the proper commands from the terminal
window to confirm that internet traffic is indeed being encrypted and
sent via the VPN as opposed to simply being carried via the WiFi
connection without encryption.
Could someone please let me know what terminal commands I should be
using to confirm proper operation of the VPN connection, assuming of
course that it is indeed operating correctly.
Dave
> Noel Kuntze wrote: Hello David,
>
> strongSwan by default builds policy based tunnels, not route based
> tunnels.
> Thus no interface is needed or created.
> Read up on how IPsec works on the wiki to get an understanding for it.
>
> GUI indicators are not inherently related to if any tunnel exists, or
> works.
>
> Kind regards
> Noel
>
> Am 01.07.21 um 20:31 schrieb David H Durgee:
>> I thought it might make sense to revisit this after the progress that
>> has been made. It now appears that the connection is being established:
>>
>>> Jun 29 11:21:34 Z560 charon-nm: 11[IKE] authentication of
>>> 'durgeeenterprises.publicvm.com' with EAP successful
>>> Jun 29 11:21:34 Z560 charon-nm: 11[IKE] IKE_SA Durgee Enterprises,
>>> LLC[7] established between
>>> 192.168.1.114[dhdurgee]...108.31.28.59[durgeeenterprises.publicvm.com]
>>> Jun 29 11:21:34 Z560 charon-nm: 11[IKE] scheduling rekeying in 35705s
>>> Jun 29 11:21:34 Z560 charon-nm: 11[IKE] maximum IKE_SA lifetime 36305s
>>> Jun 29 11:21:34 Z560 charon-nm: 11[IKE] installing new virtual IP
>>> 10.10.10.1
>>> Jun 29 11:21:34 Z560 avahi-daemon[750]: Registering new address
>>> record for 10.10.10.1 on wlp5s0.IPv4.
>>> Jun 29 11:21:34 Z560 charon-nm: 11[CFG] selected proposal:
>>> ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
>>> Jun 29 11:21:34 Z560 charon-nm: 11[IKE] CHILD_SA Durgee Enterprises,
>>> LLC{4} established with SPIs c8cad4e5_i c3f2eec4_o and TS
>>> 10.10.10.1/32 === 0.0.0.0/0
>>> Jun 29 11:21:34 Z560 charon-nm: 11[IKE] peer supports MOBIKE
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.6991]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: VPN connection: (IP Config Get) reply received.
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.6997]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: VPN plugin: state changed: started (4)
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.6997]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: VPN connection: (IP4 Config Get) reply received
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7003]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: Data: VPN Gateway: 108.31.28.59
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7003]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: Data: Tunnel Device: (null)
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7003]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: Data: IPv4 configuration:
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7003]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: Data: Internal Address: 10.10.10.1
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: Data: Internal Prefix: 32
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: Data: Internal Point-to-Point Address:
>>> 10.10.10.1
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: Data: Internal DNS: 8.8.8.8
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: Data: Internal DNS: 8.8.4.4
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: Data: DNS Domain: '(none)'
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7004]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: Data: No IPv6 configuration
>>> Jun 29 11:21:34 Z560 NetworkManager[758]: <info> [1624980094.7013]
>>> vpn-connection[0x562fdb93c2f0,72e4370d-ecfb-4e33-8572-5cf04431abb9,"Durgee
>>> Enterprises, LLC",0]: VPN connection: (IP Config Get) complete
>>
>> Unfortunately I am not seeing a tunnel interface being created and
>> routing added:
>>
>>> enp6s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>> ether b8:70:f4:2c:6b:9f txqueuelen 1000 (Ethernet)
>>> RX packets 1143393 bytes 1164336056 (1.1 GB)
>>> RX errors 0 dropped 20 overruns 0 frame 0
>>> TX packets 912738 bytes 112966285 (112.9 MB)
>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>
>>> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
>>> inet 127.0.0.1 netmask 255.0.0.0
>>> inet6 ::1 prefixlen 128 scopeid 0x10<host>
>>> loop txqueuelen 1000 (Local Loopback)
>>> RX packets 95404 bytes 9207887 (9.2 MB)
>>> RX errors 0 dropped 0 overruns 0 frame 0
>>> TX packets 95404 bytes 9207887 (9.2 MB)
>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>
>>> wlp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>> inet 192.168.1.114 netmask 255.255.255.0 broadcast
>>> 192.168.1.255
>>> inet6 fe80::562f:7604:6d84:57ca prefixlen 64 scopeid
>>> 0x20<link>
>>> ether ac:81:12:a4:5e:43 txqueuelen 1000 (Ethernet)
>>> RX packets 5644 bytes 4264877 (4.2 MB)
>>> RX errors 0 dropped 0 overruns 0 frame 62520
>>> TX packets 6377 bytes 1007195 (1.0 MB)
>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>> device interrupt 17
>>>
>>> dhdurgee at z560:~/Downloads$ route
>>> Kernel IP routing table
>>> Destination Gateway Genmask Flags Metric Ref Use
>>> Iface
>>> default _gateway 0.0.0.0 UG 20600 0
>>> 0 wlp5s0
>>> link-local 0.0.0.0 255.255.0.0 U 1000 0
>>> 0 wlp5s0
>>> 192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0
>>> wlp5s0
>>> dhdurgee at z560:~/Downloads$
>>
>> In case it is needed for reference, here is the ipsec.conf on the
>> server side:
>>
>>> config setup
>>> charondebug="ike 1, knl 1, cfg 1"
>>> uniqueids=no
>>>
>>> conn ikev2-vpn
>>> auto=add
>>> compress=no
>>> type=tunnel
>>> keyexchange=ikev2
>>> fragmentation=yes
>>> forceencaps=yes
>>> ike=aes256-sha1-modp2048,aes256-sha1-modp1024,3des-sha1-modp1024!
>>> esp=aes256-sha1,3des-sha1!
>>> dpdaction=clear
>>> dpddelay=300s
>>> rekey=no
>>> left=%any
>>> leftid=@durgeeenterprises.publicvm.com
>>> leftcert=/etc/ipsec.d/certs/vpn-server-cert.pem
>>> leftsendcert=always
>>> leftsubnet=0.0.0.0/0
>>> right=%any
>>> rightid=%any
>>> rightauth=eap-mschapv2
>>> rightsourceip=10.10.10.0/24
>>> rightdns=8.8.8.8,8.8.4.4
>>> rightsendcert=never
>>> eap_identity=%identity
>>
>> Here is the connection definition from
>> /etc/NewtorkManager/system-connections:
>>
>>> [connection]
>>> id=Durgee Enterprises, LLC
>>> uuid=72e4370d-ecfb-4e33-8572-5cf04431abb9
>>> type=vpn
>>> autoconnect=false
>>> permissions=user:dhdurgee:;
>>>
>>> [vpn]
>>> address=durgeeenterprises.publicvm.com
>>> certificate=/home/dhdurgee/Downloads/vpn_root_certificate.pem
>>> encap=no
>>> ipcomp=no
>>> method=eap
>>> password-flags=1
>>> proposal=no
>>> user=dhdurgee
>>> virtual=yes
>>> service-type=org.freedesktop.NetworkManager.strongswan
>>>
>>> [ipv4]
>>> dns-search=
>>> method=auto
>>>
>>> [ipv6]
>>> addr-gen-mode=stable-privacy
>>> dns-search=
>>> ip6-privacy=0
>>> method=auto
>>>
>>> [proxy]
>>
>> The listed connection was created via the GUI. I have screenshots of
>> the four pages from the GUI available for email as they violate size
>> restrictions of posting here..
>>
>> As the VPN connection is already working with android and windows
>> systems I want to make no changes to the ipsec.conf on the server.
>> All changes should be made to the linux connection.
>>
>> I can only assume there are revisions to be made, hopefully via the
>> GUI. Obviously if the GUI cannot address what is needed I can edit
>> the connection directly.
>>
>> Alternatively, am I misunderstanding what I am seeing and the tunnel
>> is actually being established? I see only the WiFi icon on the bar
>> at the bottom of the screen just as I do when opening the WiFi
>> connection. With another VPN service, now discontinued, I showed a
>> different icon indicating the secured tunnel was open. This other
>> discontinued service likewise created a tun interface and established
>> a route via that interface.
>>
>> If more information is required please let me know.
>>
>> Dave
>>
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20210706/cdf130a7/attachment-0001.bin>
More information about the Users
mailing list