pastebls

theclient-vpnlog

Sep 7th, 2019
131
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Sep 07 19:28:25 theclient systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
  2. Sep 07 19:28:25 theclient charon-systemd[830]: loaded plugins: charon-systemd aes des rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default vici updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-tls xauth-generic counters
  3. Sep 07 19:28:25 theclient charon-systemd[830]: spawning 16 worker threads
  4. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=rpi3p2-pi22-theclient@myvpn.net'
  5. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=rpi3p2-pi77-theclient@myvpn.net'
  6. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=theclient.domain.com'
  7. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=rpi3p2-pi65-theclient@myvpn.net'
  8. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=theclient.domain.com'
  9. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=rpi3p2-ib12-theclient@myvpn.net'
  10. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=rpi3p2-vax99-theclient@myvpn.net'
  11. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=theclient.domain.com'
  12. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=rpi3p2-hum1-theclient@myvpn.net'
  13. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=rpi3p2-pi2-theclient@myvpn.net'
  14. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theserver-strongSwan, CN=theclient-pi-theserver@myvpn.net'
  15. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=rpi3p2-o44-theclient@myvpn.net'
  16. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=rpi3p2-pi99-theclient@myvpn.net'
  17. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=rpi3p2-pi-theclient@myvpn.net'
  18. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theserver-strongSwan, CN=strongSwan theserver Root CA'
  19. Sep 07 19:28:25 theclient charon-systemd[830]: loaded certificate 'C=US, O=theclient-strongSwan, CN=strongSwan theclient Root CA'
  20. Sep 07 19:28:25 theclient charon-systemd[830]: loaded ANY private key
  21. Sep 07 19:28:26 theclient charon-systemd[830]: loaded ANY private key
  22. Sep 07 19:28:26 theclient charon-systemd[830]: loaded ANY private key
  23. Sep 07 19:28:26 theclient charon-systemd[830]: loaded ANY private key
  24. Sep 07 19:28:26 theclient charon-systemd[830]: loaded ANY private key
  25. Sep 07 19:28:26 theclient charon-systemd[830]: loaded ANY private key
  26. Sep 07 19:28:26 theclient charon-systemd[830]: loaded ANY private key
  27. Sep 07 19:28:26 theclient charon-systemd[830]: loaded ANY private key
  28. Sep 07 19:28:26 theclient charon-systemd[830]: loaded ANY private key
  29. Sep 07 19:28:26 theclient charon-systemd[830]: loaded ANY private key
  30. Sep 07 19:28:26 theclient charon-systemd[830]: loaded ANY private key
  31. Sep 07 19:28:27 theclient charon-systemd[830]: loaded ANY private key
  32. Sep 07 19:28:27 theclient charon-systemd[830]: loaded ANY private key
  33. Sep 07 19:28:27 theclient charon-systemd[830]: loaded ANY private key
  34. Sep 07 19:28:27 theclient charon-systemd[830]: loaded ANY private key
  35. Sep 07 19:28:27 theclient swanctl[848]: no authorities found, 0 unloaded
  36. Sep 07 19:28:27 theclient charon-systemd[830]: added vici pool primary-pool-ipv4: 10.92.10.0, 254 entries
  37. Sep 07 19:28:27 theclient charon-systemd[830]: added vici connection: theclient-theserver
  38. Sep 07 19:28:27 theclient charon-systemd[830]: added vici connection: ikev2-pubkey-linux
  39. Sep 07 19:28:27 theclient charon-systemd[830]: added vici connection: ikev2-pubkey-ios
  40. Sep 07 19:28:27 theclient charon-systemd[830]: id not specified, defaulting to cert subject 'C=US, O=theclient-strongSwan, CN=theclient.domain.com'
  41. Sep 07 19:28:27 theclient charon-systemd[830]: added vici connection: ikev2-pubkey-windows
  42. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/rpi3p2-pi22-theclientCert.pem'
  43. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/rpi3p2-pi77-theclientCert.pem'
  44. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/windows-strongSwanVPNCert.pem'
  45. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/rpi3p2-pi65-theclientCert.pem'
  46. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/linux-strongSwanVPNCert.pem'
  47. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/rpi3p2-ib12-theclientCert.pem'
  48. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/rpi3p2-vax99-theclientCert.pem'
  49. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/ios-strongSwanVPNCert.pem'
  50. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/rpi3p2-hum1-theclientCert.pem'
  51. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/rpi3p2-pi2-theclientCert.pem'
  52. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/theclient-pi-theserverCert.pem'
  53. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/rpi3p2-o44-theclientCert.pem'
  54. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/rpi3p2-pi99-theclientCert.pem'
  55. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509/rpi3p2-pi-theclientCert.pem'
  56. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509ca/theserver-strongSwanCACert.pem'
  57. Sep 07 19:28:27 theclient swanctl[848]: loaded certificate from '/etc/swanctl/x509ca/strongSwanCACert.pem'
  58. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/rpi3p2-hum1-theclientKey.pem'
  59. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/windows-strongSwanVPNKey.pem'
  60. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/theclient-pi-theserverKey.pem'
  61. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/rpi3p2-pi65-theclientKey.pem'
  62. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/rpi3p2-pi2-theclientKey.pem'
  63. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/rpi3p2-pi99-theclientKey.pem'
  64. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/rpi3p2-pi-theclientKey.pem'
  65. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/rpi3p2-o44-theclientKey.pem'
  66. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/rpi3p2-ib12-theclientKey.pem'
  67. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/strongSwanCAKey.pem'
  68. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/rpi3p2-pi77-theclientKey.pem'
  69. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/rpi3p2-vax99-theclientKey.pem'
  70. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/linux-strongSwanVPNKey.pem'
  71. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/rpi3p2-pi22-theclientKey.pem'
  72. Sep 07 19:28:27 theclient swanctl[848]: loaded private key from '/etc/swanctl/private/ios-strongSwanVPNKey.pem'
  73. Sep 07 19:28:27 theclient swanctl[848]: loaded pool 'primary-pool-ipv4'
  74. Sep 07 19:28:27 theclient swanctl[848]: successfully loaded 1 pools, 0 unloaded
  75. Sep 07 19:28:27 theclient swanctl[848]: loaded connection 'theclient-theserver'
  76. Sep 07 19:28:27 theclient swanctl[848]: loaded connection 'ikev2-pubkey-linux'
  77. Sep 07 19:28:27 theclient swanctl[848]: loaded connection 'ikev2-pubkey-ios'
  78. Sep 07 19:28:27 theclient swanctl[848]: loaded connection 'ikev2-pubkey-windows'
  79. Sep 07 19:28:27 theclient swanctl[848]: successfully loaded 4 connections, 0 unloaded
  80. Sep 07 19:28:27 theclient systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
  81. Sep 07 19:28:34 theclient charon-systemd[830]: vici initiate CHILD_SA 'theclient-theserver'
  82. Sep 07 19:28:34 theclient charon-systemd[830]: initiating IKE_SA theclient-theserver[1] to 50.47.109.48
  83. Sep 07 19:28:34 theclient charon-systemd[830]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
  84. Sep 07 19:28:34 theclient charon-systemd[830]: sending packet: from 172.20.10.6[500] to 50.47.109.48[500] (792 bytes)
  85. Sep 07 19:28:34 theclient charon-systemd[830]: received packet: from 50.47.109.48[500] to 172.20.10.6[500] (297 bytes)
  86. Sep 07 19:28:34 theclient charon-systemd[830]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
  87. Sep 07 19:28:34 theclient charon-systemd[830]: selected proposal: IKE:AES_GCM_16_192/PRF_HMAC_SHA2_256/ECP_256
  88. Sep 07 19:28:34 theclient charon-systemd[830]: local host is behind NAT, sending keep alives
  89. Sep 07 19:28:34 theclient charon-systemd[830]: remote host is behind NAT
  90. Sep 07 19:28:34 theclient charon-systemd[830]: received cert request for "C=US, O=theserver-strongSwan, CN=strongSwan theserver Root CA"
  91. Sep 07 19:28:34 theclient charon-systemd[830]: sending cert request for "C=US, O=theclient-strongSwan, CN=strongSwan theclient Root CA"
  92. Sep 07 19:28:34 theclient charon-systemd[830]: sending cert request for "C=US, O=theserver-strongSwan, CN=strongSwan theserver Root CA"
  93. Sep 07 19:28:34 theclient charon-systemd[830]: authentication of 'theclient-pi-theserver@myvpn.net' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
  94. Sep 07 19:28:34 theclient charon-systemd[830]: sending end entity cert "C=US, O=theserver-strongSwan, CN=theclient-pi-theserver@myvpn.net"
  95. Sep 07 19:28:34 theclient charon-systemd[830]: establishing CHILD_SA theclient-theserver{1}
  96. Sep 07 19:28:34 theclient charon-systemd[830]: generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
  97. Sep 07 19:28:34 theclient charon-systemd[830]: splitting IKE message (1772 bytes) into 2 fragments
  98. Sep 07 19:28:34 theclient charon-systemd[830]: generating IKE_AUTH request 1 [ EF(1/2) ]
  99. Sep 07 19:28:34 theclient charon-systemd[830]: generating IKE_AUTH request 1 [ EF(2/2) ]
  100. Sep 07 19:28:34 theclient charon-systemd[830]: sending packet: from 172.20.10.6[4500] to 50.47.109.48[4500] (1248 bytes)
  101. Sep 07 19:28:34 theclient charon-systemd[830]: sending packet: from 172.20.10.6[4500] to 50.47.109.48[4500] (589 bytes)
  102. Sep 07 19:28:34 theclient charon-systemd[830]: received packet: from 50.47.109.48[4500] to 172.20.10.6[4500] (1248 bytes)
  103. Sep 07 19:28:34 theclient charon-systemd[830]: parsed IKE_AUTH response 1 [ EF(1/2) ]
  104. Sep 07 19:28:34 theclient charon-systemd[830]: received fragment #1 of 2, waiting for complete IKE message
  105. Sep 07 19:28:34 theclient charon-systemd[830]: received packet: from 50.47.109.48[4500] to 172.20.10.6[4500] (993 bytes)
  106. Sep 07 19:28:34 theclient charon-systemd[830]: parsed IKE_AUTH response 1 [ EF(2/2) ]
  107. Sep 07 19:28:34 theclient charon-systemd[830]: received fragment #2 of 2, reassembled fragmented IKE message (2176 bytes)
  108. Sep 07 19:28:34 theclient charon-systemd[830]: parsed IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS DNS) SA TSi TSr ]
  109. Sep 07 19:28:35 theclient charon-systemd[830]: received end entity cert "C=US, O=theserver-strongSwan, CN=theserver.domain.com"
  110. Sep 07 19:28:35 theclient charon-systemd[830]: using trusted ca certificate "C=US, O=theclient-strongSwan, CN=strongSwan theclient Root CA"
  111. Sep 07 19:28:35 theclient charon-systemd[830]: checking certificate status of "C=US, O=theclient-strongSwan, CN=theclient.domain.com"
  112. Sep 07 19:28:35 theclient charon-systemd[830]: certificate status is not available
  113. Sep 07 19:28:35 theclient charon-systemd[830]: reached self-signed root ca with a path length of 0
  114. Sep 07 19:28:35 theclient charon-systemd[830]: using trusted certificate "C=US, O=theclient-strongSwan, CN=theclient.domain.com"
  115. Sep 07 19:28:35 theclient charon-systemd[830]: signature validation failed, looking for another key
  116. Sep 07 19:28:35 theclient charon-systemd[830]: using certificate "C=US, O=theserver-strongSwan, CN=theserver.domain.com"
  117. Sep 07 19:28:35 theclient charon-systemd[830]: using trusted ca certificate "C=US, O=theserver-strongSwan, CN=strongSwan theserver Root CA"
  118. Sep 07 19:28:35 theclient charon-systemd[830]: checking certificate status of "C=US, O=theserver-strongSwan, CN=theserver.domain.com"
  119. Sep 07 19:28:35 theclient charon-systemd[830]: certificate status is not available
  120. Sep 07 19:28:35 theclient charon-systemd[830]: reached self-signed root ca with a path length of 0
  121. Sep 07 19:28:35 theclient charon-systemd[830]: authentication of 'linux.domain.com' with RSA_EMSA_PKCS1_SHA2_384 successful
  122. Sep 07 19:28:35 theclient charon-systemd[830]: IKE_SA theclient-theserver[1] established between 172.20.10.6[theclient-pi-theserver@myvpn.net]...50.47.109.48[linux.domain.com]
  123. Sep 07 19:28:35 theclient charon-systemd[830]: scheduling reauthentication in 10215s
  124. Sep 07 19:28:35 theclient charon-systemd[830]: maximum IKE_SA lifetime 11295s
  125. Sep 07 19:28:35 theclient charon-systemd[830]: installing DNS server 192.168.92.3 via resolvconf
  126. Sep 07 19:28:35 theclient charon-systemd[830]: installing DNS server 1.1.1.1 via resolvconf
  127. Sep 07 19:28:35 theclient charon-systemd[830]: installing new virtual IP 10.92.10.1
  128. Sep 07 19:28:35 theclient avahi-daemon[313]: Registering new address record for 10.92.10.1 on wlan0.IPv4.
  129. Sep 07 19:28:35 theclient charon-systemd[830]: selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
  130. Sep 07 19:28:35 theclient kernel: cryptd: max_cpu_qlen set to 1000
  131. Sep 07 19:28:35 theclient charon-systemd[830]: CHILD_SA theclient-theserver{1} established with SPIs cbaad7d2_i c11f1f32_o and TS 10.92.10.1/32 === 50.47.109.48/32
  132. Sep 07 19:28:58 theclient charon-systemd[830]: sending keep alive to 50.47.109.48[4500]
  133. Sep 07 19:29:04 theclient charon-systemd[830]: received packet: from 50.47.109.48[4500] to 172.20.10.6[4500] (57 bytes)
  134. Sep 07 19:29:04 theclient charon-systemd[830]: parsed INFORMATIONAL request 0 [ ]
  135. Sep 07 19:29:04 theclient charon-systemd[830]: generating INFORMATIONAL response 0 [ ]
  136. Sep 07 19:29:04 theclient charon-systemd[830]: sending packet: from 172.20.10.6[4500] to 50.47.109.48[4500] (57 bytes)
  137. Sep 07 19:29:13 theclient charon-systemd[830]: vici terminate CHILD_SA 'theclient-theserver'
  138. Sep 07 19:29:13 theclient charon-systemd[830]: closing CHILD_SA theclient-theserver{1} with SPIs cbaad7d2_i (0 bytes) c11f1f32_o (0 bytes) and TS 10.92.10.1/32 === 50.47.109.48/32
  139. Sep 07 19:29:13 theclient charon-systemd[830]: sending DELETE for ESP CHILD_SA with SPI cbaad7d2
  140. Sep 07 19:29:13 theclient charon-systemd[830]: generating INFORMATIONAL request 2 [ D ]
  141. Sep 07 19:29:13 theclient charon-systemd[830]: sending packet: from 172.20.10.6[4500] to 50.47.109.48[4500] (69 bytes)
  142. Sep 07 19:29:13 theclient charon-systemd[830]: received packet: from 50.47.109.48[4500] to 172.20.10.6[4500] (69 bytes)
  143. Sep 07 19:29:13 theclient charon-systemd[830]: parsed INFORMATIONAL response 2 [ D ]
  144. Sep 07 19:29:13 theclient charon-systemd[830]: received DELETE for ESP CHILD_SA with SPI c11f1f32
  145. Sep 07 19:29:13 theclient charon-systemd[830]: CHILD_SA closed
  146. Sep 07 19:29:13 theclient charon-systemd[830]: vici terminate IKE_SA 'theclient-theserver'
  147. Sep 07 19:29:13 theclient charon-systemd[830]: deleting IKE_SA theclient-theserver[1] between 172.20.10.6[theclient-pi-theserver@myvpn.net]...50.47.109.48[linux.domain.com]
  148. Sep 07 19:29:13 theclient charon-systemd[830]: sending DELETE for IKE_SA theclient-theserver[1]
  149. Sep 07 19:29:13 theclient charon-systemd[830]: generating INFORMATIONAL request 3 [ D ]
  150. Sep 07 19:29:13 theclient charon-systemd[830]: sending packet: from 172.20.10.6[4500] to 50.47.109.48[4500] (65 bytes)
  151. Sep 07 19:29:13 theclient charon-systemd[830]: received packet: from 50.47.109.48[4500] to 172.20.10.6[4500] (57 bytes)
  152. Sep 07 19:29:13 theclient charon-systemd[830]: parsed INFORMATIONAL response 3 [ ]
  153. Sep 07 19:29:13 theclient charon-systemd[830]: IKE_SA deleted
  154. Sep 07 19:29:13 theclient charon-systemd[830]: removing DNS server 1.1.1.1 via resolvconf
  155. Sep 07 19:29:13 theclient charon-systemd[830]: removing DNS server 192.168.92.3 via resolvconf
  156. Sep 07 19:29:13 theclient avahi-daemon[313]: Withdrawing address record for 10.92.10.1 on wlan0.
RAW Paste Data