Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Server ipsec.conf:
- config setup
- charondebug="tls 2, ike 2"
- conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- conn dtss-vpn
- left=203.37.210.230
- leftcert=vpn.datacomtss.com.au.cert
- leftid="OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- leftauth=pubkey
- rightauth=eap-tls
- leftsubnet=192.168.0.0/16
- right=%any
- rightca="C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=Datacom TSS Corp VPN CA"
- rightsendcert=never
- eap_identity=%any
- rightsourceip=172.16.0.97/27
- rightdns=192.168.8.10,8.8.8.8
- auto=add
- Server logs:
- Jul 29 23:49:34 vpn kernel: IPTables-Accepted: IN=eno16777728 OUT= MAC=00:50:56:8a:c8:af:00:1b:17:b8:14:01:08:00 SRC=172.16.0.10 DST=203.37.210.230 LEN=752 TOS=0x00 PREC=0x00 TTL=62 ID=36838 DF PROTO=UDP SPT=29688 DPT=500 LEN=732
- Jul 29 23:49:34 vpn charon: 15[NET] received packet: from 172.16.0.10[29688] to 203.37.210.230[500] (724 bytes)
- Jul 29 23:49:34 vpn charon: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
- Jul 29 23:49:34 vpn charon: 15[IKE] 172.16.0.10 is initiating an IKE_SA
- Jul 29 23:49:34 vpn charon: 15[IKE] IKE_SA (unnamed)[11] state change: CREATED => CONNECTING
- Jul 29 23:49:34 vpn charon: 15[IKE] remote host is behind NAT
- Jul 29 23:49:34 vpn charon: 15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
- Jul 29 23:49:34 vpn charon: 15[NET] sending packet: from 203.37.210.230[500] to 172.16.0.10[29688] (456 bytes)
- Jul 29 23:49:34 vpn kernel: IPTables-Accepted: IN=eno16777728 OUT= MAC=00:50:56:8a:c8:af:00:1b:17:b8:14:01:08:00 SRC=172.16.0.10 DST=203.37.210.230 LEN=732 TOS=0x00 PREC=0x00 TTL=62 ID=36839 DF PROTO=UDP SPT=26648 DPT=4500 LEN=712
- Jul 29 23:49:34 vpn charon: 12[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (700 bytes)
- Jul 29 23:49:34 vpn charon: 12[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
- Jul 29 23:49:34 vpn charon: 12[CFG] looking for peer configs matching 203.37.210.230[OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au]...172.16.0.10[C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au]
- Jul 29 23:49:34 vpn charon: 12[CFG] selected peer config 'dtss-vpn'
- Jul 29 23:49:34 vpn charon: 12[IKE] initiating EAP_IDENTITY method (id 0x00)
- Jul 29 23:49:34 vpn charon: 12[IKE] processing INTERNAL_IP4_ADDRESS attribute
- Jul 29 23:49:34 vpn charon: 12[IKE] processing INTERNAL_IP4_DNS attribute
- Jul 29 23:49:34 vpn charon: 12[IKE] peer supports MOBIKE
- Jul 29 23:49:34 vpn charon: 12[IKE] got additional MOBIKE peer address: 172.17.42.1
- Jul 29 23:49:34 vpn charon: 12[IKE] authentication of 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au' (myself) with RSA_EMSA_PKCS1_SHA256 successful
- Jul 29 23:49:34 vpn charon: 12[ENC] generating IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]
- Jul 29 23:49:34 vpn charon: 12[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (524 bytes)
- Jul 29 23:49:34 vpn ipsec: 06[TLS] received EAP_TLS acknowledgement packet
- Jul 29 23:49:34 vpn ipsec: 06[TLS] sending EAP_TLS final fragment (427 bytes)
- Jul 29 23:49:34 vpn ipsec: 06[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn ipsec: 06[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[23731] (492 bytes)
- Jul 29 23:49:34 vpn ipsec: 07[NET] received packet: from 172.16.0.10[23731] to 203.37.210.230[4500] (1100 bytes)
- Jul 29 23:49:34 vpn ipsec: 07[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn ipsec: 07[TLS] buffering 1014 bytes, 1014 bytes of 1968 byte TLS record received
- Jul 29 23:49:34 vpn ipsec: 07[TLS] sending EAP_TLS acknowledgement packet
- Jul 29 23:49:34 vpn ipsec: 07[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn ipsec: 07[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[23731] (76 bytes)
- Jul 29 23:49:34 vpn ipsec: 09[NET] received packet: from 172.16.0.10[23731] to 203.37.210.230[4500] (1100 bytes)
- Jul 29 23:49:34 vpn ipsec: 09[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn ipsec: 09[TLS] buffering 954 bytes, 1968 bytes of 1968 byte TLS record received
- Jul 29 23:49:34 vpn ipsec: 09[TLS] processing buffered TLS Handshake record (1963 bytes)
- Jul 29 23:49:34 vpn ipsec: 09[TLS] received TLS Certificate handshake (1433 bytes)
- Jul 29 23:49:34 vpn ipsec: 09[TLS] received TLS peer certificate 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 29 23:49:34 vpn ipsec: 09[TLS] received TLS ClientKeyExchange handshake (258 bytes)
- Jul 29 23:49:34 vpn ipsec: 09[TLS] received TLS CertificateVerify handshake (260 bytes)
- Jul 29 23:49:34 vpn ipsec: 09[CFG] using certificate "C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au"
- Jul 29 23:49:34 vpn ipsec: 09[CFG] no issuer certificate found for "C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au"
- Jul 29 23:49:34 vpn ipsec: 09[TLS] no trusted certificate found for 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au' to verify TLS peer
- Jul 29 23:49:34 vpn ipsec: 09[TLS] processing TLS ChangeCipherSpec record (1 bytes)
- Jul 29 23:49:34 vpn ipsec: 09[TLS] buffering 58 bytes, 58 bytes of 69 byte TLS record received
- Jul 29 23:49:34 vpn ipsec: 09[TLS] sending fatal TLS alert 'certificate unknown'
- Jul 29 23:49:34 vpn ipsec: 09[TLS] sending TLS Alert record (2 bytes)
- Jul 29 23:49:34 vpn ipsec: 09[TLS] sending EAP_TLS packet (17 bytes)
- Jul 29 23:49:34 vpn ipsec: 09[ENC] generating IKE_AUTH response 9 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn charon: 10[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (252 bytes)
- Jul 29 23:49:34 vpn charon: 10[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
- Jul 29 23:49:34 vpn charon: 10[IKE] received EAP identity 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 29 23:49:34 vpn charon: 10[TLS] disabling ECDSA suites, no backend found
- Jul 29 23:49:34 vpn charon: 10[TLS] 13 supported TLS cipher suites:
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_RSA_WITH_AES_128_CBC_SHA
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_RSA_WITH_AES_256_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 09[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[23731] (92 bytes)
- Jul 29 23:49:34 vpn ipsec: 13[NET] received packet: from 172.16.0.10[23731] to 203.37.210.230[4500] (76 bytes)
- Jul 29 23:49:34 vpn ipsec: 13[ENC] parsed INFORMATIONAL request 10 [ N(AUTH_FAILED) ]
- Jul 29 23:49:34 vpn ipsec: 13[ENC] generating INFORMATIONAL response 10 [ N(AUTH_FAILED) ]
- Jul 29 23:49:34 vpn ipsec: 13[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[23731] (76 bytes)
- Jul 29 23:49:34 vpn ipsec: 13[IKE] IKE_SA dtss-vpn[10] state change: CONNECTING => DESTROYING
- Jul 29 23:49:34 vpn ipsec: 15[NET] received packet: from 172.16.0.10[29688] to 203.37.210.230[500] (724 bytes)
- Jul 29 23:49:34 vpn ipsec: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
- Jul 29 23:49:34 vpn ipsec: 15[IKE] 172.16.0.10 is initiating an IKE_SA
- Jul 29 23:49:34 vpn ipsec: 15[IKE] IKE_SA (unnamed)[11] state change: CREATED => CONNECTING
- Jul 29 23:49:34 vpn ipsec: 15[IKE] remote host is behind NAT
- Jul 29 23:49:34 vpn ipsec: 15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
- Jul 29 23:49:34 vpn ipsec: 15[NET] sending packet: from 203.37.210.230[500] to 172.16.0.10[29688] (456 bytes)
- Jul 29 23:49:34 vpn ipsec: 12[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (700 bytes)
- Jul 29 23:49:34 vpn ipsec: 12[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
- Jul 29 23:49:34 vpn ipsec: 12[CFG] looking for peer configs matching 203.37.210.230[OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au]...172.16.0.10[C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au]
- Jul 29 23:49:34 vpn ipsec: 12[CFG] selected peer config 'dtss-vpn'
- Jul 29 23:49:34 vpn ipsec: 12[IKE] initiating EAP_IDENTITY method (id 0x00)
- Jul 29 23:49:34 vpn ipsec: 12[IKE] processing INTERNAL_IP4_ADDRESS attribute
- Jul 29 23:49:34 vpn ipsec: 12[IKE] processing INTERNAL_IP4_DNS attribute
- Jul 29 23:49:34 vpn ipsec: 12[IKE] peer supports MOBIKE
- Jul 29 23:49:34 vpn ipsec: 12[IKE] got additional MOBIKE peer address: 172.17.42.1
- Jul 29 23:49:34 vpn ipsec: 12[IKE] authentication of 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au' (myself) with RSA_EMSA_PKCS1_SHA256 successful
- Jul 29 23:49:34 vpn ipsec: 12[ENC] generating IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_RSA_WITH_NULL_SHA
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_RSA_WITH_NULL_SHA256
- Jul 29 23:49:34 vpn charon: 10[TLS] TLS_RSA_WITH_NULL_MD5
- Jul 29 23:49:34 vpn charon: 10[TLS] sending EAP_TLS start packet (6 bytes)
- Jul 29 23:49:34 vpn charon: 10[IKE] initiating EAP_TLS method (id 0x62)
- Jul 29 23:49:34 vpn charon: 10[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn charon: 10[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (76 bytes)
- Jul 29 23:49:34 vpn charon: 08[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (172 bytes)
- Jul 29 23:49:34 vpn charon: 08[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn charon: 08[TLS] processing TLS Handshake record (89 bytes)
- Jul 29 23:49:34 vpn charon: 08[TLS] received TLS ClientHello handshake (85 bytes)
- Jul 29 23:49:34 vpn charon: 08[TLS] received TLS 'signature algorithms' extension
- Jul 29 23:49:34 vpn charon: 08[TLS] received 13 TLS cipher suites:
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_RSA_WITH_AES_128_CBC_SHA
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_RSA_WITH_AES_256_CBC_SHA
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_RSA_WITH_NULL_SHA
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_RSA_WITH_NULL_SHA256
- Jul 29 23:49:34 vpn charon: 08[TLS] TLS_RSA_WITH_NULL_MD5
- Jul 29 23:49:34 vpn charon: 08[TLS] negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS ServerHello handshake (54 bytes)
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS server certificate 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au'
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS intermediate certificate 'C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3'
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS intermediate certificate 'C=US, O=GeoTrust Inc., CN=GeoTrust Global CA'
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS Certificate handshake (3175 bytes)
- Jul 29 23:49:34 vpn charon: 08[TLS] selected DH group MODP_2048
- Jul 29 23:49:34 vpn charon: 08[TLS] created signature with SHA256/RSA
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS ServerKeyExchange handshake (779 bytes)
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS cert request for 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=Datacom TSS Corp VPN CA'
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS cert request for 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=Datacom TSS Root CA'
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS cert request for 'C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3'
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS cert request for 'C=US, O=GeoTrust Inc., CN=GeoTrust Global CA'
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS CertificateRequest handshake (456 bytes)
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS ServerHelloDone handshake (0 bytes)
- Jul 29 23:49:34 vpn charon: 08[TLS] sending TLS Handshake record (4484 bytes)
- Jul 29 23:49:34 vpn charon: 08[TLS] sending EAP_TLS first fragment (1024 bytes)
- Jul 29 23:49:34 vpn charon: 08[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn charon: 08[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (1100 bytes)
- Jul 29 23:49:34 vpn charon: 04[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (76 bytes)
- Jul 29 23:49:34 vpn charon: 04[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn charon: 04[TLS] received EAP_TLS acknowledgement packet
- Jul 29 23:49:34 vpn charon: 04[TLS] sending EAP_TLS further fragment (1024 bytes)
- Jul 29 23:49:34 vpn charon: 04[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn charon: 04[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (1100 bytes)
- Jul 29 23:49:34 vpn charon: 06[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (76 bytes)
- Jul 29 23:49:34 vpn charon: 06[ENC] parsed IKE_AUTH request 5 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn charon: 06[TLS] received EAP_TLS acknowledgement packet
- Jul 29 23:49:34 vpn charon: 06[TLS] sending EAP_TLS further fragment (1024 bytes)
- Jul 29 23:49:34 vpn charon: 06[ENC] generating IKE_AUTH response 5 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn charon: 06[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (1100 bytes)
- Jul 29 23:49:34 vpn ipsec: 12[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (524 bytes)
- Jul 29 23:49:34 vpn ipsec: 10[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (252 bytes)
- Jul 29 23:49:34 vpn ipsec: 10[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
- Jul 29 23:49:34 vpn ipsec: 10[IKE] received EAP identity 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 29 23:49:34 vpn ipsec: 10[TLS] disabling ECDSA suites, no backend found
- Jul 29 23:49:34 vpn ipsec: 10[TLS] 13 supported TLS cipher suites:
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_RSA_WITH_AES_128_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_RSA_WITH_AES_256_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_RSA_WITH_NULL_SHA
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_RSA_WITH_NULL_SHA256
- Jul 29 23:49:34 vpn ipsec: 10[TLS] TLS_RSA_WITH_NULL_MD5
- Jul 29 23:49:34 vpn ipsec: 10[TLS] sending EAP_TLS start packet (6 bytes)
- Jul 29 23:49:34 vpn ipsec: 10[IKE] initiating EAP_TLS method (id 0x62)
- Jul 29 23:49:34 vpn ipsec: 10[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn ipsec: 10[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (76 bytes)
- Jul 29 23:49:34 vpn ipsec: 08[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (172 bytes)
- Jul 29 23:49:34 vpn ipsec: 08[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn ipsec: 08[TLS] processing TLS Handshake record (89 bytes)
- Jul 29 23:49:34 vpn ipsec: 08[TLS] received TLS ClientHello handshake (85 bytes)
- Jul 29 23:49:34 vpn ipsec: 08[TLS] received TLS 'signature algorithms' extension
- Jul 29 23:49:34 vpn ipsec: 08[TLS] received 13 TLS cipher suites:
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_RSA_WITH_AES_128_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_RSA_WITH_AES_256_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_RSA_WITH_NULL_SHA
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_RSA_WITH_NULL_SHA256
- Jul 29 23:49:34 vpn ipsec: 08[TLS] TLS_RSA_WITH_NULL_MD5
- Jul 29 23:49:34 vpn ipsec: 08[TLS] negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS ServerHello handshake (54 bytes)
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS server certificate 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au'
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS intermediate certificate 'C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3'
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS intermediate certificate 'C=US, O=GeoTrust Inc., CN=GeoTrust Global CA'
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS Certificate handshake (3175 bytes)
- Jul 29 23:49:34 vpn ipsec: 08[TLS] selected DH group MODP_2048
- Jul 29 23:49:34 vpn ipsec: 08[TLS] created signature with SHA256/RSA
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS ServerKeyExchange handshake (779 bytes)
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS cert request for 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=Datacom TSS Corp VPN CA'
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS cert request for 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=Datacom TSS Root CA'
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS cert request for 'C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3'
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS cert request for 'C=US, O=GeoTrust Inc., CN=GeoTrust Global CA'
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS CertificateRequest handshake (456 bytes)
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS ServerHelloDone handshake (0 bytes)
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending TLS Handshake record (4484 bytes)
- Jul 29 23:49:34 vpn ipsec: 08[TLS] sending EAP_TLS first fragment (1024 bytes)
- Jul 29 23:49:34 vpn ipsec: 08[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn ipsec: 08[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (1100 bytes)
- Jul 29 23:49:34 vpn ipsec: 04[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (76 bytes)
- Jul 29 23:49:34 vpn ipsec: 04[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn ipsec: 04[TLS] received EAP_TLS acknowledgement packet
- Jul 29 23:49:34 vpn ipsec: 04[TLS] sending EAP_TLS further fragment (1024 bytes)
- Jul 29 23:49:34 vpn ipsec: 04[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn ipsec: 04[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (1100 bytes)
- Jul 29 23:49:34 vpn ipsec: 06[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (76 bytes)
- Jul 29 23:49:34 vpn ipsec: 06[ENC] parsed IKE_AUTH request 5 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn charon: 07[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (76 bytes)
- Jul 29 23:49:34 vpn charon: 07[ENC] parsed IKE_AUTH request 6 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn charon: 07[TLS] received EAP_TLS acknowledgement packet
- Jul 29 23:49:34 vpn charon: 07[TLS] sending EAP_TLS further fragment (1024 bytes)
- Jul 29 23:49:34 vpn charon: 07[ENC] generating IKE_AUTH response 6 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn charon: 07[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (1100 bytes)
- Jul 29 23:49:34 vpn charon: 09[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (76 bytes)
- Jul 29 23:49:34 vpn charon: 09[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn charon: 09[TLS] received EAP_TLS acknowledgement packet
- Jul 29 23:49:34 vpn charon: 09[TLS] sending EAP_TLS final fragment (427 bytes)
- Jul 29 23:49:34 vpn charon: 09[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn charon: 09[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (492 bytes)
- Jul 29 23:49:34 vpn ipsec: 06[TLS] received EAP_TLS acknowledgement packet
- Jul 29 23:49:34 vpn charon: 13[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (1100 bytes)
- Jul 29 23:49:34 vpn charon: 13[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn charon: 13[TLS] buffering 1014 bytes, 1014 bytes of 1968 byte TLS record received
- Jul 29 23:49:34 vpn charon: 13[TLS] sending EAP_TLS acknowledgement packet
- Jul 29 23:49:34 vpn charon: 13[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn charon: 13[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (76 bytes)
- Jul 29 23:49:34 vpn charon: 11[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (1100 bytes)
- Jul 29 23:49:34 vpn charon: 11[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TLS ]
- Jul 29 23:49:34 vpn charon: 11[TLS] buffering 954 bytes, 1968 bytes of 1968 byte TLS record received
- Jul 29 23:49:34 vpn charon: 11[TLS] processing buffered TLS Handshake record (1963 bytes)
- Jul 29 23:49:34 vpn charon: 11[TLS] received TLS Certificate handshake (1433 bytes)
- Jul 29 23:49:34 vpn charon: 11[TLS] received TLS peer certificate 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 29 23:49:34 vpn charon: 11[TLS] received TLS ClientKeyExchange handshake (258 bytes)
- Jul 29 23:49:34 vpn charon: 11[TLS] received TLS CertificateVerify handshake (260 bytes)
- Jul 29 23:49:34 vpn charon: 11[CFG] using certificate "C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au"
- Jul 29 23:49:34 vpn charon: 11[CFG] no issuer certificate found for "C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au"
- Jul 29 23:49:34 vpn charon: 11[TLS] no trusted certificate found for 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au' to verify TLS peer
- Jul 29 23:49:34 vpn charon: 11[TLS] processing TLS ChangeCipherSpec record (1 bytes)
- Jul 29 23:49:34 vpn charon: 11[TLS] buffering 58 bytes, 58 bytes of 69 byte TLS record received
- Jul 29 23:49:34 vpn charon: 11[TLS] sending fatal TLS alert 'certificate unknown'
- Jul 29 23:49:34 vpn charon: 11[TLS] sending TLS Alert record (2 bytes)
- Jul 29 23:49:34 vpn charon: 11[TLS] sending EAP_TLS packet (17 bytes)
- Jul 29 23:49:34 vpn charon: 11[ENC] generating IKE_AUTH response 9 [ EAP/REQ/TLS ]
- Jul 29 23:49:34 vpn charon: 11[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (92 bytes)
- Jul 29 23:49:34 vpn charon: 16[NET] received packet: from 172.16.0.10[26648] to 203.37.210.230[4500] (76 bytes)
- Jul 29 23:49:34 vpn charon: 16[ENC] parsed INFORMATIONAL request 10 [ N(AUTH_FAILED) ]
- Jul 29 23:49:34 vpn charon: 16[ENC] generating INFORMATIONAL response 10 [ N(AUTH_FAILED) ]
- Jul 29 23:49:34 vpn charon: 16[NET] sending packet: from 203.37.210.230[4500] to 172.16.0.10[26648] (76 bytes)
- Jul 29 23:49:34 vpn charon: 16[IKE] IKE_SA dtss-vpn[11] state change: CONNECTING => DESTROYING
- Client ipsec.conf:
- config setup
- charondebug="tls 2, ike 2"
- conn %default
- ikelifetime=60m
- keylife=20m
- rekeymargin=3m
- keyingtries=1
- keyexchange=ikev2
- conn home
- left=192.168.80.10
- leftcert=craddie.cert.pem
- leftauth=eap
- leftid="C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au"
- leftsourceip=%config
- right=vpn.datacomtss.com.au
- rightcert=vpn.datacomtss.com.au.cert
- rightid="OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- rightauth=any
- rightsubnet=192.168.0.0/16
- rightsendcert=never
- auto=add
- client logs:
- Jul 30 09:50:35 lina charon: 14[CFG] received stroke: initiate 'home'
- Jul 30 09:50:35 lina charon: 14[CFG] received stroke: initiate 'home'
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_VENDOR task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_INIT task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_VENDOR task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_NATD task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_INIT task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_CERT_PRE task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_NATD task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_AUTH task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_CERT_PRE task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_CERT_POST task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_AUTH task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_CONFIG task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_CERT_POST task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_AUTH_LIFETIME task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_CONFIG task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_MOBIKE task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_AUTH_LIFETIME task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing CHILD_CREATE task
- Jul 30 09:50:35 lina charon: 13[IKE] queueing IKE_MOBIKE task
- Jul 30 09:50:35 lina charon: 13[IKE] activating new tasks
- Jul 30 09:50:35 lina charon: 13[IKE] queueing CHILD_CREATE task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_VENDOR task
- Jul 30 09:50:35 lina charon: 13[IKE] activating new tasks
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_INIT task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_VENDOR task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_NATD task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_INIT task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_CERT_PRE task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_NATD task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_AUTH task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_CERT_PRE task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_CERT_POST task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_AUTH task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_CONFIG task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_CERT_POST task
- Jul 30 09:50:35 lina charon: 13[IKE] activating CHILD_CREATE task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_CONFIG task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_AUTH_LIFETIME task
- Jul 30 09:50:35 lina charon: 13[IKE] activating CHILD_CREATE task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_MOBIKE task
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_AUTH_LIFETIME task
- Jul 30 09:50:35 lina charon: 13[IKE] initiating IKE_SA home[3] to 203.37.210.230
- Jul 30 09:50:35 lina charon: 13[IKE] activating IKE_MOBIKE task
- Jul 30 09:50:35 lina charon: 13[IKE] initiating IKE_SA home[3] to 203.37.210.230
- Jul 30 09:50:35 lina charon: 13[IKE] IKE_SA home[3] state change: CREATED => CONNECTING
- Jul 30 09:50:35 lina charon: 13[IKE] IKE_SA home[3] state change: CREATED => CONNECTING
- Jul 30 09:50:35 lina charon: 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
- Jul 30 09:50:35 lina charon: 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
- Jul 30 09:50:35 lina charon: 13[NET] sending packet: from 192.168.80.10[500] to 203.37.210.230[500] (724 bytes)
- Jul 30 09:50:35 lina charon: 13[NET] sending packet: from 192.168.80.10[500] to 203.37.210.230[500] (724 bytes)
- Jul 30 09:50:35 lina charon: 04[NET] received packet: from 203.37.210.230[500] to 192.168.80.10[500] (456 bytes)
- Jul 30 09:50:35 lina charon: 04[NET] received packet: from 203.37.210.230[500] to 192.168.80.10[500] (456 bytes)
- Jul 30 09:50:35 lina charon: 04[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
- Jul 30 09:50:35 lina charon: 04[IKE] received SIGNATURE_HASH_ALGORITHMS notify
- Jul 30 09:50:35 lina charon: 04[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
- Jul 30 09:50:35 lina charon: 04[IKE] received SIGNATURE_HASH_ALGORITHMS notify
- Jul 30 09:50:35 lina charon: 04[IKE] local host is behind NAT, sending keep alives
- Jul 30 09:50:35 lina charon: 04[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 04[IKE] local host is behind NAT, sending keep alives
- Jul 30 09:50:35 lina charon: 04[IKE] IKE_CERT_PRE task
- Jul 30 09:50:35 lina charon: 04[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 04[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 04[IKE] IKE_CERT_PRE task
- Jul 30 09:50:35 lina charon: 04[IKE] building INTERNAL_IP4_DNS attribute
- Jul 30 09:50:35 lina charon: 04[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 04[IKE] establishing CHILD_SA home
- Jul 30 09:50:35 lina charon: 04[IKE] building INTERNAL_IP4_DNS attribute
- Jul 30 09:50:35 lina charon: 04[IKE] establishing CHILD_SA home
- Jul 30 09:50:35 lina charon: 04[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
- Jul 30 09:50:35 lina charon: 04[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (700 bytes)
- Jul 30 09:50:35 lina charon: 04[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
- Jul 30 09:50:35 lina charon: 04[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (700 bytes)
- Jul 30 09:50:35 lina charon: 12[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (524 bytes)
- Jul 30 09:50:35 lina charon: 12[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (524 bytes)
- Jul 30 09:50:35 lina charon: 12[ENC] parsed IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]
- Jul 30 09:50:35 lina charon: 12[ENC] parsed IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]
- Jul 30 09:50:35 lina charon: 12[CFG] no issuer certificate found for "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina charon: 12[CFG] using trusted certificate "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina charon: 12[IKE] authentication of 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au' with RSA_EMSA_PKCS1_SHA256 successful
- Jul 30 09:50:35 lina charon: 12[IKE] server requested EAP_IDENTITY (id 0x00), sending 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 30 09:50:35 lina charon: 12[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 12[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 12[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
- Jul 30 09:50:35 lina charon: 12[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (252 bytes)
- Jul 30 09:50:35 lina charon: 12[CFG] no issuer certificate found for "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina charon: 12[CFG] using trusted certificate "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina charon: 12[IKE] authentication of 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au' with RSA_EMSA_PKCS1_SHA256 successful
- Jul 30 09:50:35 lina charon: 12[IKE] server requested EAP_IDENTITY (id 0x00), sending 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 30 09:50:35 lina charon: 12[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 12[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 12[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
- Jul 30 09:50:35 lina charon: 12[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (252 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] received TLS cert request for unknown CA 'C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3'
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] received TLS cert request for unknown CA 'C=US, O=GeoTrust Inc., CN=GeoTrust Global CA'
- Jul 30 09:50:35 lina ipsec: 08[TLS] received TLS cert request for unknown CA 'C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3'
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] received TLS ServerHelloDone handshake (0 bytes)
- Jul 30 09:50:35 lina ipsec: 08[TLS] received TLS cert request for unknown CA 'C=US, O=GeoTrust Inc., CN=GeoTrust Global CA'
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] sending TLS peer certificate 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 30 09:50:35 lina ipsec: 08[TLS] received TLS ServerHelloDone handshake (0 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] sending TLS Certificate handshake (1433 bytes)
- Jul 30 09:50:35 lina ipsec: 08[TLS] sending TLS peer certificate 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] sending TLS ClientKeyExchange handshake (258 bytes)
- Jul 30 09:50:35 lina ipsec: 08[TLS] sending TLS Certificate handshake (1433 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] created signature with SHA256/RSA
- Jul 30 09:50:35 lina ipsec: 08[TLS] sending TLS ClientKeyExchange handshake (258 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] sending TLS CertificateVerify handshake (260 bytes)
- Jul 30 09:50:35 lina ipsec: 08[TLS] created signature with SHA256/RSA
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] sending TLS Handshake record (1963 bytes)
- Jul 30 09:50:35 lina ipsec: 08[TLS] sending TLS CertificateVerify handshake (260 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] sending TLS ChangeCipherSpec record (1 bytes)
- Jul 30 09:50:35 lina ipsec: 08[TLS] sending TLS Handshake record (1963 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] sending TLS Finished handshake (12 bytes)
- Jul 30 09:50:35 lina ipsec: 08[TLS] sending TLS ChangeCipherSpec record (1 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] sending TLS Handshake record (64 bytes)
- Jul 30 09:50:35 lina ipsec: 08[TLS] sending TLS Finished handshake (12 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] sending EAP_TLS first fragment (1024 bytes)
- Jul 30 09:50:35 lina ipsec: 08[TLS] sending TLS Handshake record (64 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec: 08[TLS] sending EAP_TLS first fragment (1024 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec: 08[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec[31096]: 08[ENC] generating IKE_AUTH request 8 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec: 08[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec[31096]: 08[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec: 08[ENC] generating IKE_AUTH request 8 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 07[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec: 08[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 07[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec: 07[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 07[TLS] received EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina ipsec: 07[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 07[TLS] sending EAP_TLS further fragment (1024 bytes)
- Jul 30 09:50:35 lina ipsec: 07[TLS] received EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina ipsec[31096]: 07[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec: 07[TLS] sending EAP_TLS further fragment (1024 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 07[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec: 07[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec[31096]: 07[ENC] generating IKE_AUTH request 9 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec: 07[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec[31096]: 07[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec: 07[ENC] generating IKE_AUTH request 9 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 09[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (92 bytes)
- Jul 30 09:50:35 lina ipsec: 07[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 09[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec: 09[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (92 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 09[TLS] processing TLS Alert record (2 bytes)
- Jul 30 09:50:35 lina ipsec: 09[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 09[TLS] received fatal TLS alert 'certificate unknown'
- Jul 30 09:50:35 lina ipsec: 09[TLS] processing TLS Alert record (2 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 09[IKE] EAP_TLS method failed
- Jul 30 09:50:35 lina ipsec: 09[TLS] received fatal TLS alert 'certificate unknown'
- Jul 30 09:50:35 lina ipsec[31096]: 09[ENC] generating INFORMATIONAL request 10 [ N(AUTH_FAILED) ]
- Jul 30 09:50:35 lina ipsec: 09[IKE] EAP_TLS method failed
- Jul 30 09:50:35 lina ipsec[31096]: 09[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec: 09[ENC] generating INFORMATIONAL request 10 [ N(AUTH_FAILED) ]
- Jul 30 09:50:35 lina ipsec[31096]: 09[IKE] IKE_SA home[2] state change: CONNECTING => DESTROYING
- Jul 30 09:50:35 lina ipsec: 09[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 14[CFG] received stroke: initiate 'home'
- Jul 30 09:50:35 lina ipsec: 09[IKE] IKE_SA home[2] state change: CONNECTING => DESTROYING
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] queueing IKE_VENDOR task
- Jul 30 09:50:35 lina ipsec: 14[CFG] received stroke: initiate 'home'
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] queueing IKE_INIT task
- Jul 30 09:50:35 lina ipsec: 13[IKE] queueing IKE_VENDOR task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] queueing IKE_NATD task
- Jul 30 09:50:35 lina ipsec: 13[IKE] queueing IKE_INIT task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] queueing IKE_CERT_PRE task
- Jul 30 09:50:35 lina ipsec: 13[IKE] queueing IKE_NATD task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] queueing IKE_AUTH task
- Jul 30 09:50:35 lina ipsec: 13[IKE] queueing IKE_CERT_PRE task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] queueing IKE_CERT_POST task
- Jul 30 09:50:35 lina ipsec: 13[IKE] queueing IKE_AUTH task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] queueing IKE_CONFIG task
- Jul 30 09:50:35 lina ipsec: 13[IKE] queueing IKE_CERT_POST task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] queueing IKE_AUTH_LIFETIME task
- Jul 30 09:50:35 lina ipsec: 13[IKE] queueing IKE_CONFIG task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] queueing IKE_MOBIKE task
- Jul 30 09:50:35 lina ipsec: 13[IKE] queueing IKE_AUTH_LIFETIME task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] queueing CHILD_CREATE task
- Jul 30 09:50:35 lina ipsec: 13[IKE] queueing IKE_MOBIKE task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] activating new tasks
- Jul 30 09:50:35 lina ipsec: 13[IKE] queueing CHILD_CREATE task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] activating IKE_VENDOR task
- Jul 30 09:50:35 lina ipsec: 13[IKE] activating new tasks
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] activating IKE_INIT task
- Jul 30 09:50:35 lina ipsec: 13[IKE] activating IKE_VENDOR task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] activating IKE_NATD task
- Jul 30 09:50:35 lina ipsec: 13[IKE] activating IKE_INIT task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] activating IKE_CERT_PRE task
- Jul 30 09:50:35 lina ipsec: 13[IKE] activating IKE_NATD task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] activating IKE_AUTH task
- Jul 30 09:50:35 lina ipsec: 13[IKE] activating IKE_CERT_PRE task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] activating IKE_CERT_POST task
- Jul 30 09:50:35 lina ipsec: 13[IKE] activating IKE_AUTH task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] activating IKE_CONFIG task
- Jul 30 09:50:35 lina ipsec: 13[IKE] activating IKE_CERT_POST task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] activating CHILD_CREATE task
- Jul 30 09:50:35 lina ipsec: 13[IKE] activating IKE_CONFIG task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] activating IKE_AUTH_LIFETIME task
- Jul 30 09:50:35 lina ipsec: 13[IKE] activating CHILD_CREATE task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] activating IKE_MOBIKE task
- Jul 30 09:50:35 lina ipsec: 13[IKE] activating IKE_AUTH_LIFETIME task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] initiating IKE_SA home[3] to 203.37.210.230
- Jul 30 09:50:35 lina ipsec: 13[IKE] activating IKE_MOBIKE task
- Jul 30 09:50:35 lina ipsec[31096]: 13[IKE] IKE_SA home[3] state change: CREATED => CONNECTING
- Jul 30 09:50:35 lina ipsec: 13[IKE] initiating IKE_SA home[3] to 203.37.210.230
- Jul 30 09:50:35 lina ipsec[31096]: 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
- Jul 30 09:50:35 lina ipsec: 13[IKE] IKE_SA home[3] state change: CREATED => CONNECTING
- Jul 30 09:50:35 lina ipsec[31096]: 13[NET] sending packet: from 192.168.80.10[500] to 203.37.210.230[500] (724 bytes)
- Jul 30 09:50:35 lina ipsec: 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
- Jul 30 09:50:35 lina ipsec[31096]: 04[NET] received packet: from 203.37.210.230[500] to 192.168.80.10[500] (456 bytes)
- Jul 30 09:50:35 lina ipsec: 13[NET] sending packet: from 192.168.80.10[500] to 203.37.210.230[500] (724 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 04[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
- Jul 30 09:50:35 lina ipsec: 04[NET] received packet: from 203.37.210.230[500] to 192.168.80.10[500] (456 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 04[IKE] received SIGNATURE_HASH_ALGORITHMS notify
- Jul 30 09:50:35 lina ipsec: 04[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) N(MULT_AUTH) ]
- Jul 30 09:50:35 lina ipsec[31096]: 04[IKE] local host is behind NAT, sending keep alives
- Jul 30 09:50:35 lina ipsec: 04[IKE] received SIGNATURE_HASH_ALGORITHMS notify
- Jul 30 09:50:35 lina ipsec[31096]: 04[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec: 04[IKE] local host is behind NAT, sending keep alives
- Jul 30 09:50:35 lina ipsec[31096]: 04[IKE] IKE_CERT_PRE task
- Jul 30 09:50:35 lina ipsec: 04[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec[31096]: 04[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec: 04[IKE] IKE_CERT_PRE task
- Jul 30 09:50:35 lina ipsec[31096]: 04[IKE] building INTERNAL_IP4_DNS attribute
- Jul 30 09:50:35 lina ipsec: 04[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec[31096]: 04[IKE] establishing CHILD_SA home
- Jul 30 09:50:35 lina ipsec: 04[IKE] building INTERNAL_IP4_DNS attribute
- Jul 30 09:50:35 lina ipsec[31096]: 04[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
- Jul 30 09:50:35 lina ipsec: 04[IKE] establishing CHILD_SA home
- Jul 30 09:50:35 lina ipsec[31096]: 04[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (700 bytes)
- Jul 30 09:50:35 lina ipsec: 04[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
- Jul 30 09:50:35 lina ipsec[31096]: 12[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (524 bytes)
- Jul 30 09:50:35 lina ipsec: 04[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (700 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 12[ENC] parsed IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]
- Jul 30 09:50:35 lina ipsec: 12[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (524 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 12[CFG] no issuer certificate found for "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina ipsec: 12[ENC] parsed IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]
- Jul 30 09:50:35 lina ipsec: 12[CFG] no issuer certificate found for "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina charon: 15[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 15[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 15[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 15[IKE] server requested EAP_TLS authentication (id 0x33)
- Jul 30 09:50:35 lina charon: 15[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 15[TLS] disabling ECDSA suites, no backend found
- Jul 30 09:50:35 lina charon: 15[IKE] server requested EAP_TLS authentication (id 0x33)
- Jul 30 09:50:35 lina charon: 15[TLS] 13 supported TLS cipher suites:
- Jul 30 09:50:35 lina charon: 15[TLS] disabling ECDSA suites, no backend found
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] 13 supported TLS cipher suites:
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_AES_128_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_AES_128_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_AES_256_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_AES_256_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_NULL_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_NULL_SHA256
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_NULL_SHA
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_NULL_MD5
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_NULL_SHA256
- Jul 30 09:50:35 lina charon: 15[TLS] sending TLS ClientHello handshake (85 bytes)
- Jul 30 09:50:35 lina charon: 15[TLS] TLS_RSA_WITH_NULL_MD5
- Jul 30 09:50:35 lina charon: 15[TLS] sending TLS Handshake record (89 bytes)
- Jul 30 09:50:35 lina charon: 15[TLS] sending TLS ClientHello handshake (85 bytes)
- Jul 30 09:50:35 lina charon: 15[TLS] sending EAP_TLS packet (104 bytes)
- Jul 30 09:50:35 lina charon: 15[TLS] sending TLS Handshake record (89 bytes)
- Jul 30 09:50:35 lina charon: 15[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 15[TLS] sending EAP_TLS packet (104 bytes)
- Jul 30 09:50:35 lina charon: 15[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 15[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 15[ENC] generating IKE_AUTH request 3 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 15[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 15[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (172 bytes)
- Jul 30 09:50:35 lina charon: 15[ENC] generating IKE_AUTH request 3 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 15[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (172 bytes)
- Jul 30 09:50:35 lina charon: 05[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 05[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 05[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 05[TLS] buffering 1014 bytes, 1014 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina charon: 05[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 05[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina charon: 05[TLS] buffering 1014 bytes, 1014 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina charon: 05[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 05[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina charon: 05[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 05[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 05[ENC] generating IKE_AUTH request 4 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 05[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 05[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 05[ENC] generating IKE_AUTH request 4 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 05[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 06[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 06[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 06[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 06[TLS] buffering 1018 bytes, 2032 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina charon: 06[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 06[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina charon: 06[TLS] buffering 1018 bytes, 2032 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina charon: 06[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 06[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina charon: 06[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 06[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 06[ENC] generating IKE_AUTH request 5 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 06[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 06[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 06[ENC] generating IKE_AUTH request 5 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 06[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 08[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 08[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 08[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 08[TLS] buffering 1018 bytes, 3050 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina charon: 08[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 08[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina charon: 08[TLS] buffering 1018 bytes, 3050 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina charon: 08[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 08[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina charon: 08[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 08[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 08[ENC] generating IKE_AUTH request 6 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 08[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 08[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 08[ENC] generating IKE_AUTH request 6 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 08[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 07[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 07[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 07[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 07[TLS] buffering 1018 bytes, 4068 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina charon: 07[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 07[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina charon: 07[TLS] buffering 1018 bytes, 4068 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina charon: 07[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 07[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina charon: 07[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 07[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 07[ENC] generating IKE_AUTH request 7 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 07[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 07[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 07[ENC] generating IKE_AUTH request 7 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 07[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 09[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (492 bytes)
- Jul 30 09:50:35 lina charon: 09[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (492 bytes)
- Jul 30 09:50:35 lina charon: 09[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 09[TLS] buffering 421 bytes, 4489 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina charon: 09[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 09[TLS] processing buffered TLS Handshake record (4484 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] buffering 421 bytes, 4489 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS ServerHello handshake (54 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] processing buffered TLS Handshake record (4484 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS ServerHello handshake (54 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS Certificate handshake (3175 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] negotiated TLS 1.2 using suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS server certificate 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au'
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS Certificate handshake (3175 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS server certificate 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au'
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS intermediate certificate 'C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3'
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS intermediate certificate 'C=US, O=GeoTrust Inc., CN=GeoTrust Global CA'
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS ServerKeyExchange handshake (779 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS intermediate certificate 'C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3'
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS intermediate certificate 'C=US, O=GeoTrust Inc., CN=GeoTrust Global CA'
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS ServerKeyExchange handshake (779 bytes)
- Jul 30 09:50:35 lina charon: 09[CFG] using untrusted intermediate certificate "C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3"
- Jul 30 09:50:35 lina charon: 09[CFG] checking certificate status of "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina charon: 09[CFG] using untrusted intermediate certificate "C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3"
- Jul 30 09:50:35 lina charon: 09[CFG] requesting ocsp status from 'http://gv.symcd.com' ...
- Jul 30 09:50:35 lina charon: 09[CFG] checking certificate status of "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina charon: 09[LIB] unable to fetch from http://gv.symcd.com, no capable fetcher found
- Jul 30 09:50:35 lina charon: 09[CFG] requesting ocsp status from 'http://gv.symcd.com' ...
- Jul 30 09:50:35 lina charon: 09[CFG] ocsp request to http://gv.symcd.com failed
- Jul 30 09:50:35 lina charon: 09[LIB] unable to fetch from http://gv.symcd.com, no capable fetcher found
- Jul 30 09:50:35 lina charon: 09[CFG] ocsp check failed, fallback to crl
- Jul 30 09:50:35 lina charon: 09[CFG] ocsp request to http://gv.symcd.com failed
- Jul 30 09:50:35 lina charon: 09[CFG] fetching crl from 'http://gv.symcb.com/gv.crl' ...
- Jul 30 09:50:35 lina charon: 09[CFG] ocsp check failed, fallback to crl
- Jul 30 09:50:35 lina charon: 09[LIB] unable to fetch from http://gv.symcb.com/gv.crl, no capable fetcher found
- Jul 30 09:50:35 lina charon: 09[CFG] fetching crl from 'http://gv.symcb.com/gv.crl' ...
- Jul 30 09:50:35 lina charon: 09[CFG] crl fetching failed
- Jul 30 09:50:35 lina charon: 09[LIB] unable to fetch from http://gv.symcb.com/gv.crl, no capable fetcher found
- Jul 30 09:50:35 lina charon: 09[CFG] certificate status is not available
- Jul 30 09:50:35 lina charon: 09[CFG] crl fetching failed
- Jul 30 09:50:35 lina charon: 09[CFG] certificate policy 2.23.140.1.2.1 for 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au' not allowed by trustchain, ignored
- Jul 30 09:50:35 lina charon: 09[CFG] certificate status is not available
- Jul 30 09:50:35 lina charon: 09[CFG] reached self-signed root ca with a path length of 0
- Jul 30 09:50:35 lina charon: 09[CFG] certificate policy 2.23.140.1.2.1 for 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au' not allowed by trustchain, ignored
- Jul 30 09:50:35 lina charon: 09[CFG] using trusted certificate "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina charon: 09[CFG] reached self-signed root ca with a path length of 0
- Jul 30 09:50:35 lina charon: 09[TLS] verified signature with SHA256/RSA
- Jul 30 09:50:35 lina charon: 09[CFG] using trusted certificate "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina ipsec[31096]: 12[CFG] using trusted certificate "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina charon: 09[TLS] verified signature with SHA256/RSA
- Jul 30 09:50:35 lina ipsec[31096]: 12[IKE] authentication of 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au' with RSA_EMSA_PKCS1_SHA256 successful
- Jul 30 09:50:35 lina ipsec: 12[CFG] using trusted certificate "OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au"
- Jul 30 09:50:35 lina ipsec[31096]: 12[IKE] server requested EAP_IDENTITY (id 0x00), sending 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 30 09:50:35 lina ipsec: 12[IKE] authentication of 'OU=GT09599516, OU=See www.rapidssl.com/resources/cps (c)15, OU=Domain Control Validated - RapidSSL(R), CN=vpn.datacomtss.com.au' with RSA_EMSA_PKCS1_SHA256 successful
- Jul 30 09:50:35 lina ipsec[31096]: 12[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec: 12[IKE] server requested EAP_IDENTITY (id 0x00), sending 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 30 09:50:35 lina ipsec[31096]: 12[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec: 12[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec[31096]: 12[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
- Jul 30 09:50:35 lina ipsec: 12[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec[31096]: 12[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (252 bytes)
- Jul 30 09:50:35 lina ipsec: 12[ENC] generating IKE_AUTH request 2 [ EAP/RES/ID ]
- Jul 30 09:50:35 lina ipsec[31096]: 15[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec: 12[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (252 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 15[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec: 15[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 15[IKE] server requested EAP_TLS authentication (id 0x33)
- Jul 30 09:50:35 lina ipsec: 15[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] disabling ECDSA suites, no backend found
- Jul 30 09:50:35 lina ipsec: 15[IKE] server requested EAP_TLS authentication (id 0x33)
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] 13 supported TLS cipher suites:
- Jul 30 09:50:35 lina ipsec: 15[TLS] disabling ECDSA suites, no backend found
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 30 09:50:35 lina ipsec: 15[TLS] 13 supported TLS cipher suites:
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_RSA_WITH_AES_128_CBC_SHA
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_RSA_WITH_AES_128_CBC_SHA
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_RSA_WITH_AES_256_CBC_SHA
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_RSA_WITH_AES_128_CBC_SHA256
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_RSA_WITH_AES_256_CBC_SHA
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_RSA_WITH_AES_256_CBC_SHA256
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_RSA_WITH_NULL_SHA
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_RSA_WITH_3DES_EDE_CBC_SHA
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_RSA_WITH_NULL_SHA256
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_RSA_WITH_NULL_SHA
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] TLS_RSA_WITH_NULL_MD5
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_RSA_WITH_NULL_SHA256
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] sending TLS ClientHello handshake (85 bytes)
- Jul 30 09:50:35 lina ipsec: 15[TLS] TLS_RSA_WITH_NULL_MD5
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] sending TLS Handshake record (89 bytes)
- Jul 30 09:50:35 lina ipsec: 15[TLS] sending TLS ClientHello handshake (85 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 15[TLS] sending EAP_TLS packet (104 bytes)
- Jul 30 09:50:35 lina ipsec: 15[TLS] sending TLS Handshake record (89 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 15[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec: 15[TLS] sending EAP_TLS packet (104 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 15[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec: 15[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec[31096]: 15[ENC] generating IKE_AUTH request 3 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec: 15[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec[31096]: 15[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (172 bytes)
- Jul 30 09:50:35 lina ipsec: 15[ENC] generating IKE_AUTH request 3 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 05[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec: 15[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (172 bytes)
- Jul 30 09:50:35 lina ipsec: 05[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 05[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 05[TLS] buffering 1014 bytes, 1014 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina ipsec: 05[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 05[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina ipsec: 05[TLS] buffering 1014 bytes, 1014 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina ipsec[31096]: 05[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec: 05[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina ipsec[31096]: 05[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec: 05[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec[31096]: 05[ENC] generating IKE_AUTH request 4 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec: 05[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec[31096]: 05[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec: 05[ENC] generating IKE_AUTH request 4 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 06[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec: 05[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 06[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec: 06[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 06[TLS] buffering 1018 bytes, 2032 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina ipsec: 06[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 06[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina ipsec: 06[TLS] buffering 1018 bytes, 2032 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina ipsec[31096]: 06[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec: 06[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina ipsec[31096]: 06[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec: 06[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec[31096]: 06[ENC] generating IKE_AUTH request 5 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec: 06[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec[31096]: 06[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec: 06[ENC] generating IKE_AUTH request 5 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 08[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec: 06[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec: 08[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] buffering 1018 bytes, 3050 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina ipsec: 08[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 08[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina ipsec: 08[TLS] buffering 1018 bytes, 3050 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina ipsec[31096]: 08[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec: 08[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina ipsec[31096]: 08[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec: 08[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec[31096]: 08[ENC] generating IKE_AUTH request 6 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec: 08[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec[31096]: 08[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec: 08[ENC] generating IKE_AUTH request 6 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec: 08[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 07[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 07[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec: 07[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (1100 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 07[TLS] buffering 1018 bytes, 4068 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina ipsec: 07[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 07[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina ipsec: 07[TLS] buffering 1018 bytes, 4068 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina ipsec[31096]: 07[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec: 07[TLS] sending EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina ipsec[31096]: 07[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec: 07[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina ipsec[31096]: 07[ENC] generating IKE_AUTH request 7 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec: 07[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina ipsec[31096]: 07[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec: 07[ENC] generating IKE_AUTH request 7 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 09[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (492 bytes)
- Jul 30 09:50:35 lina ipsec: 07[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 09[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec: 09[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (492 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 09[TLS] buffering 421 bytes, 4489 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina ipsec: 09[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina ipsec[31096]: 09[TLS] processing buffered TLS Handshake record (4484 bytes)
- Jul 30 09:50:35 lina ipsec: 09[TLS] buffering 421 bytes, 4489 bytes of 4489 byte TLS record received
- Jul 30 09:50:35 lina ipsec: 09[TLS] processing buffered TLS Handshake record (4484 bytes)
- Jul 30 09:50:35 lina ipsec[31096]: 09[TLS] received TLS ServerHello handshake (54 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS CertificateRequest handshake (456 bytes)
- Jul 30 09:50:35 lina ipsec: 09[TLS] received TLS ServerHello handshake (54 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS cert request for 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=Datacom TSS Corp VPN CA
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS CertificateRequest handshake (456 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS cert request for 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=Datacom TSS Root CA
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS cert request for 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=Datacom TSS Corp VPN CA
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS cert request for unknown CA 'C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3'
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS cert request for 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=Datacom TSS Root CA
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS cert request for unknown CA 'C=US, O=GeoTrust Inc., CN=GeoTrust Global CA'
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS cert request for unknown CA 'C=US, O=GeoTrust Inc., CN=RapidSSL SHA256 CA - G3'
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS ServerHelloDone handshake (0 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS cert request for unknown CA 'C=US, O=GeoTrust Inc., CN=GeoTrust Global CA'
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS peer certificate 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 30 09:50:35 lina charon: 09[TLS] received TLS ServerHelloDone handshake (0 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS Certificate handshake (1433 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS peer certificate 'C=AU, ST=Australian Capital Territory, L=Canberra, O=Datacom TSS, OU=Corp, CN=craddie, E=chris.addie@datacom.com.au'
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS ClientKeyExchange handshake (258 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS Certificate handshake (1433 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] created signature with SHA256/RSA
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS ClientKeyExchange handshake (258 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS CertificateVerify handshake (260 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] created signature with SHA256/RSA
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS Handshake record (1963 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS CertificateVerify handshake (260 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS ChangeCipherSpec record (1 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS Handshake record (1963 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS Finished handshake (12 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS ChangeCipherSpec record (1 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS Handshake record (64 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS Finished handshake (12 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending EAP_TLS first fragment (1024 bytes)
- Jul 30 09:50:35 lina charon: 09[TLS] sending TLS Handshake record (64 bytes)
- Jul 30 09:50:35 lina charon: 09[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 09[TLS] sending EAP_TLS first fragment (1024 bytes)
- Jul 30 09:50:35 lina charon: 09[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 09[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 09[ENC] generating IKE_AUTH request 8 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 09[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 09[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 09[ENC] generating IKE_AUTH request 8 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 10[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 09[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 10[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 10[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 10[TLS] received EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina charon: 10[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 10[TLS] received EAP_TLS acknowledgement packet
- Jul 30 09:50:35 lina charon: 10[TLS] sending EAP_TLS further fragment (1024 bytes)
- Jul 30 09:50:35 lina charon: 10[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 10[TLS] sending EAP_TLS further fragment (1024 bytes)
- Jul 30 09:50:35 lina charon: 10[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 10[IKE] reinitiating already active tasks
- Jul 30 09:50:35 lina charon: 10[ENC] generating IKE_AUTH request 9 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 10[IKE] IKE_AUTH task
- Jul 30 09:50:35 lina charon: 10[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 10[ENC] generating IKE_AUTH request 9 [ EAP/RES/TLS ]
- Jul 30 09:50:35 lina charon: 10[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (1100 bytes)
- Jul 30 09:50:35 lina charon: 11[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (92 bytes)
- Jul 30 09:50:35 lina charon: 11[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 11[NET] received packet: from 203.37.210.230[4500] to 192.168.80.10[4500] (92 bytes)
- Jul 30 09:50:35 lina charon: 11[TLS] processing TLS Alert record (2 bytes)
- Jul 30 09:50:35 lina charon: 11[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TLS ]
- Jul 30 09:50:35 lina charon: 11[TLS] received fatal TLS alert 'certificate unknown'
- Jul 30 09:50:35 lina charon: 11[TLS] processing TLS Alert record (2 bytes)
- Jul 30 09:50:35 lina charon: 11[IKE] EAP_TLS method failed
- Jul 30 09:50:35 lina charon: 11[TLS] received fatal TLS alert 'certificate unknown'
- Jul 30 09:50:35 lina charon: 11[ENC] generating INFORMATIONAL request 10 [ N(AUTH_FAILED) ]
- Jul 30 09:50:35 lina charon: 11[IKE] EAP_TLS method failed
- Jul 30 09:50:35 lina charon: 11[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 11[ENC] generating INFORMATIONAL request 10 [ N(AUTH_FAILED) ]
- Jul 30 09:50:35 lina charon: 11[IKE] IKE_SA home[3] state change: CONNECTING => DESTROYING
- Jul 30 09:50:35 lina charon: 11[NET] sending packet: from 192.168.80.10[4500] to 203.37.210.230[4500] (76 bytes)
- Jul 30 09:50:35 lina charon: 11[IKE] IKE_SA home[3] state change: CONNECTING => DESTROYING
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement