[strongSwan] no response from port 4500, port 500 is ok
Noel Kuntze
noel.kuntze+strongswan-users-ml at thermi.consulting
Fri Feb 4 21:49:04 CET 2022
Hello Anthony,
You need to allow traffic on port 4500 in the firewall on that host.
Kind regards
Noel
Am 04.02.22 um 21:02 schrieb Modster, Anthony:
> Hello
>
>
> Case 1: no response from port 4500, port 500 is ok
>
> We have a case were charon does not respond to port 4500 (500 is ok).
>
> Charon is our IPSEC client on Linux.
>
> Using strongswan 5.8.2
>
> The IPSEC server is Windows 2012R2
>
> * Sending packet on 500
> o 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[NET] sending packet: from 10.147.180.160[500] to 76.80.106.138[500] (480 bytes)
> o 2022 Feb 3 20:04:48+00:00 wglng-2294 charon [info] 14[NET] received packet: from 76.80.106.138[500] to 10.147.180.160[500] (492 bytes)
> * Sending packet on 4500, but no reply
> o 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
> o 2022 Feb 3 20:04:53+00:00 wglng-2294 charon [info] 09[IKE] retransmit 1 of request with message ID 1
>
> Our tcpdump capture does show 4500 being received
>
> * See dod-ipsec-error-for-strongswan-edit.csv
>
> This problem does not happen all the time.
>
> When it does happen, it will persist and not clear.
>
> 2022 Feb 3 19:58:07+00:00 wglng-2294 charon [info] 00[DMN] Starting IKE charon daemon (strongSwan 5.8.2, Linux 2.6.32.46.cge-TDY711999J-3+, mips64)
>
> 2022 Feb 3 19:58:07+00:00 wglng-2294 charon [info] 00[NET] could not open socket: Address family not supported by protocol
>
> 2022 Feb 3 19:58:07+00:00 wglng-2294 charon [info] 00[NET] could not open IPv6 socket, IPv6 disabled
>
> 2022 Feb 3 19:58:07+00:00 wglng-2294 charon [info] 00[KNL] received netlink error: Address family not supported by protocol (124)
>
> 2022 Feb 3 19:58:07+00:00 wglng-2294 charon [info] 00[KNL] unable to create IPv6 routing table rule
>
> 2022 Feb 3 19:58:07+00:00 wglng-2294 charon [info] 00[CFG] loaded 0 RADIUS server configurations
>
> 2022 Feb 3 19:58:07+00:00 wglng-2294 charon [info] 00[CFG] no threshold configured for systime-fix, disabled
>
> 2022 Feb 3 19:58:07+00:00 wglng-2294 charon [info] 00[LIB] loaded plugins: charon ldap aes des rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp curve25519 xcbc cmac hmac ntru drbg curl files attr kernel-netlink resolve socket-default vici updown eap-identity eap-mschapv2 eap-dynamic eap-radius eap-tls eap-peap xauth-generic xauth-eap error-notify counters
>
> 2022 Feb 3 19:58:07+00:00 wglng-2294 charon [info] 00[LIB] dropped capabilities, running as uid 0, gid 0
>
> 2022 Feb 3 19:58:07+00:00 wglng-2294 charon [info] 00[JOB] spawning 16 worker threads
>
> 2022 Feb 3 19:58:09+00:00 wglng-2294 charon [info] 14[CFG] vici client 1 connected
>
> 2022 Feb 3 19:58:09+00:00 wglng-2294 charon [info] 04[CFG] vici client 1 requests: clear-creds
>
> 2022 Feb 3 19:58:09+00:00 wglng-2294 charon [info] 09[CFG] vici client 1 disconnected
>
> 2022 Feb 3 19:58:11+00:00 wglng-2294 charon [info] 15[CFG] vici client 2 connected
>
> 2022 Feb 3 19:58:11+00:00 wglng-2294 charon [info] 14[CFG] vici client 2 registered for: ike-updown
>
> 2022 Feb 3 19:58:11+00:00 wglng-2294 charon [info] 06[CFG] vici client 2 registered for: child-updown
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 11[CFG] vici client 3 connected
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 04[CFG] vici client 3 requests: flush-certs
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 10[CFG] vici client 3 disconnected
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 11[CFG] vici client 4 connected
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 03[CFG] vici client 4 requests: get-keys
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 11[CFG] vici client 4 requests: get-shared
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 06[CFG] vici client 4 requests: load-cert
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 06[CFG] loaded certificate \'C=CA, O=Carillon Information Security Inc., OU=TEST, OU=Aircraft, OU=Teledyne Controls, CN=RA02294-219.auth\'
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 14[CFG] vici client 4 requests: load-cert
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 14[CFG] loaded certificate \'C=CA, O=Carillon Information Security Inc., OU=TEST Certification Authorities, CN=TEST CIS Signing CA1\'
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 11[CFG] vici client 4 requests: load-cert
>
> 2022 Feb 3 19:58:12+00:00 wglng-2294 charon [info] 11[CFG] loaded certificate \'C=CA, O=Carillon Information Security Inc., OU=TEST Certification Authorities, CN=TEST cisRCA1\'
>
> 2022 Feb 3 19:58:13+00:00 wglng-2294 charon [info] 08[CFG] vici client 4 requests: load-key
>
> 2022 Feb 3 19:58:13+00:00 wglng-2294 charon [info] 08[CFG] loaded RSA private key
>
> 2022 Feb 3 19:58:14+00:00 wglng-2294 charon [info] 03[CFG] vici client 4 requests: load-key
>
> 2022 Feb 3 19:58:14+00:00 wglng-2294 charon [info] 03[CFG] loaded RSA private key
>
> 2022 Feb 3 19:58:14+00:00 wglng-2294 charon [info] 10[CFG] vici client 4 disconnected
>
> 2022 Feb 3 19:58:15+00:00 wglng-2294 charon [info] 09[CFG] vici client 5 connected
>
> 2022 Feb 3 19:58:15+00:00 wglng-2294 charon [info] 11[CFG] vici client 5 requests: get-authorities
>
> 2022 Feb 3 19:58:15+00:00 wglng-2294 charon [info] 10[CFG] vici client 5 requests: load-authority
>
> 2022 Feb 3 19:58:15+00:00 wglng-2294 charon [info] 10[CFG] authority Org1-sca1:
>
> 2022 Feb 3 19:58:15+00:00 wglng-2294 charon [info] 10[CFG] cacert = C=CA, O=Carillon Information Security Inc., OU=TEST Certification Authorities, CN=TEST CIS Signing CA1
>
> 2022 Feb 3 19:58:15+00:00 wglng-2294 charon [info] 10[CFG] crl_uris = file:///etc/swanctl/ourCrl/Org1.scacrl1 <file:///etc/swanctl/ourCrl/Org1.scacrl1>
>
> 2022 Feb 3 19:58:15+00:00 wglng-2294 charon [info] 11[CFG] vici client 5 requests: load-authority
>
> 2022 Feb 3 19:58:15+00:00 wglng-2294 charon [info] 11[CFG] authority Org1-ta:
>
> 2022 Feb 3 19:58:15+00:00 wglng-2294 charon [info] 11[CFG] cacert = C=CA, O=Carillon Information Security Inc., OU=TEST Certification Authorities, CN=TEST cisRCA1
>
> 2022 Feb 3 19:58:15+00:00 wglng-2294 charon [info] 09[CFG] vici client 5 disconnected
>
> 2022 Feb 3 19:58:35+00:00 wglng-2294 charon [info] 06[CFG] vici client 6 connected
>
> 2022 Feb 3 19:58:35+00:00 wglng-2294 charon [info] 07[CFG] vici client 6 registered for: list-sa
>
> 2022 Feb 3 19:58:35+00:00 wglng-2294 charon [info] 05[CFG] vici client 6 requests: list-sas
>
> 2022 Feb 3 19:58:35+00:00 wglng-2294 charon [info] 10[CFG] vici client 6 disconnected
>
> 2022 Feb 3 20:00:35+00:00 wglng-2294 charon [info] 07[CFG] vici client 7 connected
>
> 2022 Feb 3 20:00:35+00:00 wglng-2294 charon [info] 16[CFG] vici client 7 registered for: list-sa
>
> 2022 Feb 3 20:00:35+00:00 wglng-2294 charon [info] 09[CFG] vici client 7 requests: list-sas
>
> 2022 Feb 3 20:00:35+00:00 wglng-2294 charon [info] 15[CFG] vici client 7 disconnected
>
> 2022 Feb 3 20:00:38+00:00 wglng-2294 charon [info] 16[CFG] vici client 8 connected
>
> 2022 Feb 3 20:00:38+00:00 wglng-2294 charon [info] 04[CFG] vici client 8 registered for: list-sa
>
> 2022 Feb 3 20:00:38+00:00 wglng-2294 charon [info] 08[CFG] vici client 8 requests: list-sas
>
> 2022 Feb 3 20:00:38+00:00 wglng-2294 charon [info] 15[CFG] vici client 8 disconnected
>
> 2022 Feb 3 20:00:40+00:00 wglng-2294 charon [info] 16[CFG] vici client 9 connected
>
> 2022 Feb 3 20:00:40+00:00 wglng-2294 charon [info] 14[CFG] vici client 9 registered for: list-sa
>
> 2022 Feb 3 20:00:40+00:00 wglng-2294 charon [info] 08[CFG] vici client 9 requests: list-sas
>
> 2022 Feb 3 20:00:40+00:00 wglng-2294 charon [info] 15[CFG] vici client 9 disconnected
>
> 2022 Feb 3 20:00:43+00:00 wglng-2294 charon [info] 16[CFG] vici client 10 connected
>
> 2022 Feb 3 20:00:43+00:00 wglng-2294 charon [info] 03[CFG] vici client 10 registered for: list-sa
>
> 2022 Feb 3 20:00:43+00:00 wglng-2294 charon [info] 11[CFG] vici client 10 requests: list-sas
>
> 2022 Feb 3 20:00:43+00:00 wglng-2294 charon [info] 16[CFG] vici client 10 disconnected
>
> 2022 Feb 3 20:03:43+00:00 wglng-2294 charon [info] 03[CFG] vici client 11 connected
>
> 2022 Feb 3 20:03:43+00:00 wglng-2294 charon [info] 11[CFG] vici client 11 registered for: list-sa
>
> 2022 Feb 3 20:03:43+00:00 wglng-2294 charon [info] 07[CFG] vici client 11 requests: list-sas
>
> 2022 Feb 3 20:03:43+00:00 wglng-2294 charon [info] 05[CFG] vici client 11 disconnected
>
> 2022 Feb 3 20:03:51+00:00 wglng-2294 charon [info] 09[CFG] vici client 12 connected
>
> 2022 Feb 3 20:03:51+00:00 wglng-2294 charon [info] 08[CFG] vici client 12 registered for: list-sa
>
> 2022 Feb 3 20:03:51+00:00 wglng-2294 charon [info] 07[CFG] vici client 12 requests: list-sas
>
> 2022 Feb 3 20:03:51+00:00 wglng-2294 charon [info] 05[CFG] vici client 12 disconnected
>
> 2022 Feb 3 20:04:37+00:00 wglng-2294 charon [info] 09[KNL] 10.147.180.160 appeared on ppp0
>
> 2022 Feb 3 20:04:37+00:00 wglng-2294 charon [info] 10[KNL] 10.147.180.160 disappeared from ppp0
>
> 2022 Feb 3 20:04:37+00:00 wglng-2294 charon [info] 15[KNL] 10.147.180.160 appeared on ppp0
>
> 2022 Feb 3 20:04:37+00:00 wglng-2294 charon [info] 16[KNL] interface ppp0 activated
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 15[CFG] vici client 13 connected
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] vici client 13 requests: load-conn
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] conn sgateway1-radio0:
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] child sgateway1-radio0:
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] rekey_time = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] life_time = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] rand_time = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] rekey_bytes = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] life_bytes = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] rand_bytes = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] rekey_packets = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] life_packets = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] rand_packets = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] updown = /usr/lib32/ipsec/_updown_tdy.py
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] hostaccess = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] ipcomp = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] mode = TUNNEL
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] policies = 1
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] policies_fwd_out = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] dpd_action = restart
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] start_action = clear
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] close_action = clear
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] reqid = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] tfc = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] priority = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] interface = (null)
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] if_id_in = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] if_id_out = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] mark_in = 0/0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] mark_in_sa = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] mark_out = 0/0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] set_mark_in = 0/0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] set_mark_out = 0/0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] inactivity = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] proposals = ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] local_ts = dynamic
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] remote_ts = 172.16.207.159/32
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] hw_offload = no
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] sha256_96 = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] copy_df = 1
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] copy_ecn = 1
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] copy_dscp = out
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] version = 2
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] local_addrs = 10.147.180.160
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] remote_addrs = 76.80.106.138
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] local_port = 500
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] remote_port = 500
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] send_certreq = 1
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] send_cert = CERT_SEND_IF_ASKED
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] ppk_id = (null)
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] ppk_required = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] mobike = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] aggressive = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] dscp = 0x00
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] encap = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] dpd_delay = 40
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] dpd_timeout = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] fragmentation = 2
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] childless = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] unique = UNIQUE_NO
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] keyingtries = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] reauth_time = 14400
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] rekey_time = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] over_time = 1440
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] rand_time = 1440
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] proposals = IKE:AES_CBC_256/HMAC_SHA2_384_192/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/MODP_2048
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] if_id_in = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] if_id_out = 0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] vips:
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] %any
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] local:
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] id = RA02294-219 at teledyne.com <mailto:RA02294-219 at teledyne.com>
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] class = EAP
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] cert = C=CA, O=Carillon Information Security Inc., OU=TEST, OU=Aircraft, OU=Teledyne Controls, CN=RA02294-219.auth
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] remote:
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] class = public key
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] id = C=CA, O=Carillon Information Security Inc., OU=TEST, OU=Devices, OU=Aircraft Operator Ground Stations, OU=Teledyne Controls, CN=ELS-VPAPP-WGL08 - ID
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 05[CFG] added vici connection: sgateway1-radio0
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 10[CFG] vici client 14 connected
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 04[CFG] vici client 14 requests: initiate
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 04[CFG] vici initiate CHILD_SA \'sgateway1-radio0\'
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 11[CFG] vici client 13 disconnected
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] queueing IKE_VENDOR task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] queueing IKE_INIT task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] queueing IKE_NATD task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] queueing IKE_CERT_PRE task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] queueing IKE_AUTH task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] queueing IKE_CERT_POST task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] queueing IKE_CONFIG task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] queueing IKE_AUTH_LIFETIME task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] queueing CHILD_CREATE task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] activating new tasks
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] activating IKE_VENDOR task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] activating IKE_INIT task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] activating IKE_NATD task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] activating IKE_CERT_PRE task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] activating IKE_AUTH task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] activating IKE_CERT_POST task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] activating IKE_CONFIG task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] activating CHILD_CREATE task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] activating IKE_AUTH_LIFETIME task
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] initiating IKE_SA sgateway1-radio0[1] to 76.80.106.138
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] initiating IKE_SA sgateway1-radio0[1] to 76.80.106.138
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[IKE] IKE_SA sgateway1-radio0[1] state change: CREATED => CONNECTING
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/MODP_2048
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
>
> 2022 Feb 3 20:04:46+00:00 wglng-2294 charon [info] 03[NET] sending packet: from 10.147.180.160[500] to 76.80.106.138[500] (480 bytes)
>
> 2022 Feb 3 20:04:48+00:00 wglng-2294 charon [info] 14[NET] received packet: from 76.80.106.138[500] to 10.147.180.160[500] (492 bytes)
>
> 2022 Feb 3 20:04:48+00:00 wglng-2294 charon [info] 14[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V ]
>
> 2022 Feb 3 20:04:48+00:00 wglng-2294 charon [info] 14[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
>
> 2022 Feb 3 20:04:48+00:00 wglng-2294 charon [info] 14[IKE] received MS-Negotiation Discovery Capable vendor ID
>
> 2022 Feb 3 20:04:48+00:00 wglng-2294 charon [info] 14[CFG] selecting proposal:
>
> 2022 Feb 3 20:04:48+00:00 wglng-2294 charon [info] 14[CFG] proposal matches
>
> 2022 Feb 3 20:04:48+00:00 wglng-2294 charon [info] 14[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
>
> 2022 Feb 3 20:04:48+00:00 wglng-2294 charon [info] 14[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/MODP_2048
>
> 2022 Feb 3 20:04:48+00:00 wglng-2294 charon [info] 14[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[IKE] local host is behind NAT, sending keep alives
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[IKE] remote host is behind NAT
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[IKE] reinitiating already active tasks
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[IKE] IKE_CERT_PRE task
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[IKE] IKE_AUTH task
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[IKE] sending cert request for \"C=CA, O=Carillon Information Security Inc., OU=TEST Certification Authorities, CN=TEST cisRCA1\"
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[IKE] sending cert request for \"C=CA, O=Carillon Information Security Inc., OU=TEST Certification Authorities, CN=TEST CIS Signing CA1\"
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[IKE] building INTERNAL_IP4_DNS attribute
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[CFG] proposing traffic selectors for us:
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[CFG] 0.0.0.0/0
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[CFG] proposing traffic selectors for other:
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[CFG] 172.16.207.159/32
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[IKE] establishing CHILD_SA sgateway1-radio0{1}
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[IKE] establishing CHILD_SA sgateway1-radio0{1}
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr CPRQ(ADDR DNS) SA TSi TSr N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
>
> 2022 Feb 3 20:04:49+00:00 wglng-2294 charon [info] 14[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:04:53+00:00 wglng-2294 charon [info] 09[IKE] retransmit 1 of request with message ID 1
>
> 2022 Feb 3 20:04:53+00:00 wglng-2294 charon [info] 09[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:04:56+00:00 wglng-2294 charon [info] 10[CFG] vici client 14 disconnected
>
> 2022 Feb 3 20:04:57+00:00 wglng-2294 charon [info] 07[IKE] retransmit 2 of request with message ID 1
>
> 2022 Feb 3 20:04:57+00:00 wglng-2294 charon [info] 07[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:05:01+00:00 wglng-2294 charon [info] 15[IKE] retransmit 3 of request with message ID 1
>
> 2022 Feb 3 20:05:01+00:00 wglng-2294 charon [info] 15[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:05:05+00:00 wglng-2294 charon [info] 11[IKE] retransmit 4 of request with message ID 1
>
> 2022 Feb 3 20:05:05+00:00 wglng-2294 charon [info] 11[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:05:09+00:00 wglng-2294 charon [info] 14[IKE] retransmit 5 of request with message ID 1
>
> 2022 Feb 3 20:05:09+00:00 wglng-2294 charon [info] 14[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 06[KNL] creating delete job for CHILD_SA ESP/0xc4e46da5/10.147.180.160
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 06[JOB] CHILD_SA ESP/0xc4e46da5/10.147.180.160 not found for delete
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] giving up after 5 retransmits
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] peer not responding, trying again (2/0)
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] IKE_SA sgateway1-radio0[1] state change: CONNECTING => CREATED
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 IPSecCfgIfManager [notice] bool ErrorNotifyMonitor::ProcessEvents() rx message is new or changed type=6 name=sgateway1-radio0 id=C=CA, O=Carillon Information Security Inc., OU=TEST, OU=Devices, OU=Aircraft Operator Ground Stations, OU=Teledyne Controls, CN=ELS-VPAPP-WGL08 - ID ip=76.80.106.138[4500] str=IKE message retransmission timed out.
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] queueing IKE_VENDOR task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] queueing IKE_INIT task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] queueing IKE_NATD task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] activating new tasks
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] activating IKE_VENDOR task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] activating IKE_INIT task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] activating IKE_NATD task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] activating IKE_CERT_PRE task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] activating IKE_AUTH task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] activating IKE_CERT_POST task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] activating IKE_CONFIG task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] activating CHILD_CREATE task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] activating IKE_AUTH_LIFETIME task
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] initiating IKE_SA sgateway1-radio0[1] to 76.80.106.138
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] initiating IKE_SA sgateway1-radio0[1] to 76.80.106.138
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[IKE] IKE_SA sgateway1-radio0[1] state change: CREATED => CONNECTING
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/MODP_2048
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
>
> 2022 Feb 3 20:05:13+00:00 wglng-2294 charon [info] 04[NET] sending packet: from 10.147.180.160[500] to 76.80.106.138[500] (480 bytes)
>
> 2022 Feb 3 20:05:15+00:00 wglng-2294 charon [info] 05[NET] received packet: from 76.80.106.138[500] to 10.147.180.160[500] (492 bytes)
>
> 2022 Feb 3 20:05:15+00:00 wglng-2294 charon [info] 05[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V ]
>
> 2022 Feb 3 20:05:15+00:00 wglng-2294 charon [info] 05[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
>
> 2022 Feb 3 20:05:15+00:00 wglng-2294 charon [info] 05[IKE] received MS-Negotiation Discovery Capable vendor ID
>
> 2022 Feb 3 20:05:15+00:00 wglng-2294 charon [info] 05[CFG] selecting proposal:
>
> 2022 Feb 3 20:05:15+00:00 wglng-2294 charon [info] 05[CFG] proposal matches
>
> 2022 Feb 3 20:05:15+00:00 wglng-2294 charon [info] 05[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
>
> 2022 Feb 3 20:05:15+00:00 wglng-2294 charon [info] 05[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/HMAC_SHA2_256_128/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_256/MODP_2048
>
> 2022 Feb 3 20:05:15+00:00 wglng-2294 charon [info] 05[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[IKE] reinitiating already active tasks
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[IKE] IKE_CERT_PRE task
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[IKE] IKE_AUTH task
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[IKE] sending cert request for \"C=CA, O=Carillon Information Security Inc., OU=TEST Certification Authorities, CN=TEST cisRCA1\"
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[IKE] sending cert request for \"C=CA, O=Carillon Information Security Inc., OU=TEST Certification Authorities, CN=TEST CIS Signing CA1\"
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[IKE] building INTERNAL_IP4_DNS attribute
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[CFG] proposing traffic selectors for us:
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[CFG] 0.0.0.0/0
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[CFG] proposing traffic selectors for other:
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[CFG] 172.16.207.159/32
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[IKE] establishing CHILD_SA sgateway1-radio0{2}
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[IKE] establishing CHILD_SA sgateway1-radio0{2}
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr CPRQ(ADDR DNS) SA TSi TSr N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
>
> 2022 Feb 3 20:05:16+00:00 wglng-2294 charon [info] 05[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:05:20+00:00 wglng-2294 charon [info] 10[IKE] retransmit 1 of request with message ID 1
>
> 2022 Feb 3 20:05:20+00:00 wglng-2294 charon [info] 10[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:05:24+00:00 wglng-2294 charon [info] 16[IKE] retransmit 2 of request with message ID 1
>
> 2022 Feb 3 20:05:24+00:00 wglng-2294 charon [info] 16[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:05:28+00:00 wglng-2294 charon [info] 15[IKE] retransmit 3 of request with message ID 1
>
> 2022 Feb 3 20:05:28+00:00 wglng-2294 charon [info] 15[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:05:32+00:00 wglng-2294 charon [info] 11[IKE] retransmit 4 of request with message ID 1
>
> 2022 Feb 3 20:05:32+00:00 wglng-2294 charon [info] 11[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:05:36+00:00 wglng-2294 charon [info] 03[IKE] retransmit 5 of request with message ID 1
>
> 2022 Feb 3 20:05:36+00:00 wglng-2294 charon [info] 03[NET] sending packet: from 10.147.180.160[4500] to 76.80.106.138[4500] (480 bytes)
>
> 2022 Feb 3 20:05:40+00:00 wglng-2294 charon [info] 14[KNL] creating delete job for CHILD_SA ESP/0xc30ca743/10.147.180.160
>
> 2022 Feb 3 20:05:40+00:00 wglng-2294 charon [info] 14[JOB] CHILD_SA ESP/0xc30ca743/10.147.180.160 not found for delete
>
> 2022 Feb 3 20:05:40+00:00 wglng-2294 charon [info] 06[IKE] giving up after 5 retransmits
>
> 2022 Feb 3 20:05:40+00:00 wglng-2294 charon [info] 06[IKE] peer not responding, trying again (3/0)
>
> Thanks
>
>
> Teledyne Confidential; Commercially Sensitive Business Data
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20220204/aff8df1f/attachment-0001.sig>
More information about the Users
mailing list