API tools faq
paste
Guest User

Untitled

a guest
Jun 21st, 2018
94
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.75 KB | None | 0 0
raw download clone embed print report
  1. /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-128- cbc lifetime=1h pfs-group=none
  2. /ip ipsec peer add address=87.236.194.196/32 dh-group=modp1024 enc-algorithm=aes-256 exchange-mode=ike2 lifetime=8h secret=XYZ
  3. /ip ipsec policy add dst-address=192.168.80.0/24 sa-dst-address=87.236.194.196 sa-src-address=0.0.0.0 src-address=192.168.XX.0/24 tunnel=yes
  4.  
  5. config setup
  6. charondebug="all"
  7. uniqueids=yes
  8. strictcrlpolicy=no
  9.  
  10. conn %default
  11. keyexchange=ikev2
  12.  
  13. conn tunnel
  14. reauth=no
  15. rightsendcert=never
  16. left=87.236.194.196
  17. leftsubnet=192.168.80.0/24
  18. right=%any
  19. rightsubnet=0.0.0.0/0
  20. keyingtries=0
  21. ikelifetime=1h
  22. lifetime=8h
  23. dpddelay=30
  24. dpdtimeout=120
  25. dpdaction=clear
  26. authby=secret
  27. auto=route
  28. type=tunnel
  29.  
  30. Jun 19 19:09:32 mvvk4-1 charon: 13[NET] received packet: from 89.102.219.9[4500] to 87.236.194.196[4500] (296 bytes)
  31. Jun 19 19:09:32 mvvk4-1 charon: 13[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
  32. Jun 19 19:09:32 mvvk4-1 charon: 13[IKE] 89.102.219.9 is initiating an IKE_SA
  33. Jun 19 19:09:32 mvvk4-1 charon: 13[IKE] remote host is behind NAT
  34. Jun 19 19:09:32 mvvk4-1 charon: 13[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
  35. Jun 19 19:09:32 mvvk4-1 charon: 13[NET] sending packet: from 87.236.194.196[4500] to 89.102.219.9[4500] (312 bytes)
  36. Jun 19 19:09:32 mvvk4-1 charon: 15[NET] received packet: from 89.102.219.9[4500] to 87.236.194.196[4500] (300 bytes)
  37. Jun 19 19:09:32 mvvk4-1 charon: 15[ENC] parsed IKE_AUTH request 1 [ IDi AUTH N(INIT_CONTACT) SA TSi TSr ]
  38. Jun 19 19:09:32 mvvk4-1 charon: 15[CFG] looking for peer configs matching 87.236.194.196[%any]...89.102.219.9[192.168.1.137]
  39. Jun 19 19:09:32 mvvk4-1 charon: 15[CFG] selected peer config 'tunnel'
  40. Jun 19 19:09:32 mvvk4-1 charon: 15[IKE] authentication of '192.168.1.137' with pre-shared key successful
  41. Jun 19 19:09:32 mvvk4-1 charon: 15[IKE] authentication of '87.236.194.196' (myself) with pre-shared key
  42. Jun 19 19:09:32 mvvk4-1 charon: 15[IKE] IKE_SA tunnel[42] established between 87.236.194.196[87.236.194.196]...89.102.219.9[192.168.1.137]
  43. Jun 19 19:09:32 mvvk4-1 charon: 15[IKE] scheduling rekeying in 2962s
  44. Jun 19 19:09:32 mvvk4-1 charon: 15[IKE] maximum IKE_SA lifetime 3502s
  45. Jun 19 19:09:32 mvvk4-1 charon: 15[IKE] CHILD_SA tunnel{58} established with SPIs c394e689_i 037ac6e1_o and TS 192.168.80.0/24 === 192.168.88.0/24
  46. Jun 19 19:09:32 mvvk4-1 charon: 15[CFG] sending RADIUS Accounting-Request to server 'local'
  47. Jun 19 19:09:32 mvvk4-1 charon: 15[CFG] received RADIUS Accounting-Response from server 'local'
  48. Jun 19 19:09:32 mvvk4-1 charon: 15[ENC] generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr ]
  49. Jun 19 19:09:32 mvvk4-1 charon: 15[NET] sending packet: from 87.236.194.196[4500] to 89.102.219.9[4500] (204 bytes)
  50. Jun 19 19:10:16 mvvk4-1 charon: 05[IKE] sending DPD request
  51. Jun 19 19:10:16 mvvk4-1 charon: 05[ENC] generating INFORMATIONAL request 0 [ ]
  52. Jun 19 19:10:16 mvvk4-1 charon: 05[NET] sending packet: from 87.236.194.196[4500] to 89.102.219.9[4500] (76 bytes)
  53. Jun 19 19:10:20 mvvk4-1 charon: 15[IKE] retransmit 1 of request with message ID 0
  54. Jun 19 19:10:20 mvvk4-1 charon: 15[NET] sending packet: from 87.236.194.196[4500] to 89.102.219.9[4500] (76 bytes)
  55. Jun 19 19:10:27 mvvk4-1 charon: 10[IKE] retransmit 2 of request with message ID 0
  56. Jun 19 19:10:27 mvvk4-1 charon: 10[NET] sending packet: from 87.236.194.196[4500] to 89.102.219.9[4500] (76 bytes)
  57. Jun 19 19:10:40 mvvk4-1 charon: 05[IKE] retransmit 3 of request with message ID 0
  58. Jun 19 19:10:40 mvvk4-1 charon: 05[NET] sending packet: from 87.236.194.196[4500] to 89.102.219.9[4500] (76 bytes)
  59. Jun 19 19:10:50 mvvk4-1 charon: 08[NET] received packet: from 89.102.219.9[4500] to 87.236.194.196[4500] (296 bytes)
  60. Jun 19 19:10:50 mvvk4-1 charon: 08[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
  61. Jun 19 19:10:50 mvvk4-1 charon: 08[IKE] 89.102.219.9 is initiating an IKE_SA
  62. Jun 19 19:10:50 mvvk4-1 charon: 08[IKE] remote host is behind NAT
  63. Jun 19 19:10:50 mvvk4-1 charon: 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
  64. Jun 19 19:10:50 mvvk4-1 charon: 08[NET] sending packet: from 87.236.194.196[4500] to 89.102.219.9[4500] (312 bytes)
  65. Jun 19 19:10:50 mvvk4-1 charon: 14[NET] received packet: from 89.102.219.9[4500] to 87.236.194.196[4500] (300 bytes)
  66. Jun 19 19:10:50 mvvk4-1 charon: 14[ENC] parsed IKE_AUTH request 1 [ IDi AUTH N(INIT_CONTACT) SA TSi TSr ]
  67. Jun 19 19:10:50 mvvk4-1 charon: 14[CFG] looking for peer configs matching 87.236.194.196[%any]...89.102.219.9[192.168.1.137]
  68. Jun 19 19:10:50 mvvk4-1 charon: 14[CFG] selected peer config 'tunnel'
  69. Jun 19 19:10:50 mvvk4-1 charon: 14[IKE] authentication of '192.168.1.137' with pre-shared key successful
  70. Jun 19 19:10:50 mvvk4-1 charon: 14[IKE] destroying duplicate IKE_SA for peer '192.168.1.137', received INITIAL_CONTACT
  71. Jun 19 19:10:50 mvvk4-1 charon: 14[CFG] sending RADIUS Accounting-Request to server 'local'
  72. Jun 19 19:10:51 mvvk4-1 charon: 14[CFG] received RADIUS Accounting-Response from server 'local'
  73. Jun 19 19:10:51 mvvk4-1 charon: 14[IKE] authentication of '87.236.194.196' (myself) with pre-shared key
  74. Jun 19 19:10:51 mvvk4-1 charon: 14[IKE] IKE_SA tunnel[43] established between 87.236.194.196[87.236.194.196]...89.102.219.9[192.168.1.137]
  75. Jun 19 19:10:51 mvvk4-1 charon: 14[IKE] scheduling rekeying in 2673s
  76. Jun 19 19:10:51 mvvk4-1 charon: 14[IKE] maximum IKE_SA lifetime 3213s
  77. Jun 19 19:10:51 mvvk4-1 charon: 14[IKE] CHILD_SA tunnel{59} established with SPIs c962c381_i 04c993a8_o and TS 192.168.80.0/24 === 192.168.88.0/24
  78. Jun 19 19:10:51 mvvk4-1 charon: 14[CFG] sending RADIUS Accounting-Request to server 'local'
  79. Jun 19 19:10:51 mvvk4-1 charon: 14[CFG] received RADIUS Accounting-Response from server 'local'
  80. Jun 19 19:10:51 mvvk4-1 charon: 14[ENC] generating IKE_AUTH response 1 [ IDr AUTH SA TSi TSr ]
  81. Jun 19 19:10:51 mvvk4-1 charon: 14[NET] sending packet: from 87.236.194.196[4500] to 89.102.219.9[4500] (204 bytes)
  82. Jun 19 19:11:39 mvvk4-1 charon: 12[IKE] sending DPD request
  83. Jun 19 19:11:39 mvvk4-1 charon: 12[ENC] generating INFORMATIONAL request 0 [ ]
  84. Jun 19 19:11:39 mvvk4-1 charon: 12[NET] sending packet: from 87.236.194.196[4500] to 89.102.219.9[4500] (76 bytes)
  85. Jun 19 19:11:39 mvvk4-1 charon: 07[NET] received packet: from 89.102.219.9[4500] to 87.236.194.196[4500] (108 bytes)
  86. Jun 19 19:11:39 mvvk4-1 charon: 07[ENC] parsed INFORMATIONAL response 0 [ ]
  87. Jun 19 19:12:09 mvvk4-1 charon: 12[IKE] sending DPD request
  88.  
  89. Jun 20 18:36:46 mvvk4-1 charon: 14[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
  90. Jun 20 18:36:46 mvvk4-1 charon: 14[IKE] 89.24.60.60 is initiating an IKE_SA
  91. Jun 20 18:36:46 mvvk4-1 charon: 14[IKE] remote host is behind NAT
  92. Jun 20 18:36:46 mvvk4-1 charon: 14[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
  93. Jun 20 18:36:46 mvvk4-1 charon: 14[NET] sending packet: from 87.236.194.196[4500] to 89.24.60.60[38055] (312 bytes)
  94. Jun 20 18:36:46 mvvk4-1 charon: 13[NET] received packet: from 89.24.60.60[38055] to 87.236.194.196[4500] (332 bytes)
  95. Jun 20 18:36:46 mvvk4-1 charon: 13[ENC] parsed IKE_AUTH request 1 [ IDi AUTH N(INIT_CONTACT) SA TSi TSr ]
  96. Jun 20 18:36:46 mvvk4-1 charon: 13[CFG] looking for peer configs matching 87.236.194.196[%any]...89.24.60.60[100.80.138.125]
  97. Jun 20 18:36:46 mvvk4-1 charon: 13[CFG] selected peer config 'tunnel'
  98. Jun 20 18:36:46 mvvk4-1 charon: 13[IKE] authentication of '100.80.138.125' with pre-shared key successful
  99. Jun 20 18:36:46 mvvk4-1 charon: 13[IKE] authentication of '87.236.194.196' (myself) with pre-shared key
  100. Jun 20 18:36:46 mvvk4-1 charon: 13[IKE] IKE_SA tunnel[75] established between 87.236.194.196[87.236.194.196]...89.24.60.60[100.80.138.125]
  101. Jun 20 18:36:46 mvvk4-1 charon: 13[IKE] scheduling rekeying in 2874s
  102. Jun 20 18:36:46 mvvk4-1 charon: 13[IKE] maximum IKE_SA lifetime 3414s
  103. Jun 20 18:36:46 mvvk4-1 charon: 13[CFG] unable to install policy 192.168.80.0/24 === 192.168.150.0/24 out (mark 0/0x00000000) for reqid 53, the same policy for reqid 52 exists
  104. Jun 20 18:36:46 mvvk4-1 charon: 13[CFG] unable to install policy 192.168.150.0/24 === 192.168.80.0/24 in (mark 0/0x00000000) for reqid 53, the same policy for reqid 52 exists
  105. Jun 20 18:36:46 mvvk4-1 charon: 13[CFG] unable to install policy 192.168.150.0/24 === 192.168.80.0/24 fwd (mark 0/0x00000000) for reqid 53, the same policy for reqid 52 exists
  106. Jun 20 18:36:46 mvvk4-1 charon: 13[CFG] unable to install policy 192.168.80.0/24 === 192.168.150.0/24 out (mark 0/0x00000000) for reqid 53, the same policy for reqid 52 exists
  107. Jun 20 18:36:46 mvvk4-1 charon: 13[CFG] unable to install policy 192.168.150.0/24 === 192.168.80.0/24 in (mark 0/0x00000000) for reqid 53, the same policy for reqid 52 exists
  108. Jun 20 18:36:46 mvvk4-1 charon: 13[CFG] unable to install policy 192.168.150.0/24 === 192.168.80.0/24 fwd (mark 0/0x00000000) for reqid 53, the same policy for reqid 52 exists
  109. Jun 20 18:36:46 mvvk4-1 charon: 13[IKE] unable to install IPsec policies (SPD) in kernel
  110. Jun 20 18:36:46 mvvk4-1 charon: 13[IKE] failed to establish CHILD_SA, keeping IKE_SA
  111. Jun 20 18:36:46 mvvk4-1 charon: 13[KNL] deleting policy 192.168.80.0/24 === 192.168.150.0/24 out failed, not found
  112. Jun 20 18:36:46 mvvk4-1 charon: 13[KNL] deleting policy 192.168.150.0/24 === 192.168.80.0/24 in failed, not found
  113. Jun 20 18:36:46 mvvk4-1 charon: 13[KNL] deleting policy 192.168.150.0/24 === 192.168.80.0/24 fwd failed, not found
  114. Jun 20 18:36:46 mvvk4-1 charon: 13[KNL] deleting policy 192.168.80.0/24 === 192.168.150.0/24 out failed, not found
  115. Jun 20 18:36:46 mvvk4-1 charon: 13[KNL] deleting policy 192.168.150.0/24 === 192.168.80.0/24 in failed, not found
  116. Jun 20 18:36:46 mvvk4-1 charon: 13[KNL] deleting policy 192.168.150.0/24 === 192.168.80.0/24 fwd failed, not found
  117. Jun 20 18:36:46 mvvk4-1 charon: 13[CFG] sending RADIUS Accounting-Request to server 'local'
  118. Jun 20 18:36:46 mvvk4-1 charon: 13[CFG] received RADIUS Accounting-Response from server 'local'
  119. Jun 20 18:36:46 mvvk4-1 charon: 13[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(TS_UNACCEPT) ]
  120. Jun 20 18:36:46 mvvk4-1 charon: 13[NET] sending packet: from 87.236.194.196[4500] to 89.24.60.60[38055] (124 bytes)
  121. Jun 20 18:36:51 mvvk4-1 charon: 10[NET] received packet: from 89.24.60.60[38055] to 87.236.194.196[4500] (252 bytes)
  122. Jun 20 18:36:51 mvvk4-1 charon: 10[ENC] parsed CREATE_CHILD_SA request 2 [ No SA TSi TSr ]
  123. Jun 20 18:36:51 mvvk4-1 charon: 10[CFG] unable to install policy 192.168.80.0/24 === 192.168.150.0/24 out (mark 0/0x00000000) for reqid 54, the same policy for reqid 52 exists
  124. Jun 20 18:36:51 mvvk4-1 charon: 10[CFG] unable to install policy 192.168.150.0/24 === 192.168.80.0/24 in (mark 0/0x00000000) for reqid 54, the same policy for reqid 52 exists
  125. Jun 20 18:36:51 mvvk4-1 charon: 10[CFG] unable to install policy 192.168.150.0/24 === 192.168.80.0/24 fwd (mark 0/0x00000000) for reqid 54, the same policy for reqid 52 exists
  126. Jun 20 18:36:51 mvvk4-1 charon: 10[CFG] unable to install policy 192.168.80.0/24 === 192.168.150.0/24 out (mark 0/0x00000000) for reqid 54, the same policy for reqid 52 exists
  127. Jun 20 18:36:51 mvvk4-1 charon: 10[CFG] unable to install policy 192.168.150.0/24 === 192.168.80.0/24 in (mark 0/0x00000000) for reqid 54, the same policy for reqid 52 exists
  128. Jun 20 18:36:51 mvvk4-1 charon: 10[CFG] unable to install policy 192.168.150.0/24 === 192.168.80.0/24 fwd (mark 0/0x00000000) for reqid 54, the same policy for reqid 52 exists
  129. Jun 20 18:36:51 mvvk4-1 charon: 10[IKE] unable to install IPsec policies (SPD) in kernel
  130. Jun 20 18:36:51 mvvk4-1 charon: 10[IKE] failed to establish CHILD_SA, keeping IKE_SA
  131. Jun 20 18:36:51 mvvk4-1 charon: 10[KNL] deleting policy 192.168.80.0/24 === 192.168.150.0/24 out failed, not found
  132. Jun 20 18:36:51 mvvk4-1 charon: 10[KNL] deleting policy 192.168.150.0/24 === 192.168.80.0/24 in failed, not found
  133. Jun 20 18:36:51 mvvk4-1 charon: 10[KNL] deleting policy 192.168.150.0/24 === 192.168.80.0/24 fwd failed, not found
  134. Jun 20 18:36:51 mvvk4-1 charon: 10[KNL] deleting policy 192.168.80.0/24 === 192.168.150.0/24 out failed, not found
  135. Jun 20 18:36:51 mvvk4-1 charon: 10[KNL] deleting policy 192.168.150.0/24 === 192.168.80.0/24 in failed, not found
  136. Jun 20 18:36:51 mvvk4-1 charon: 10[KNL] deleting policy 192.168.150.0/24 === 192.168.80.0/24 fwd failed, not found
  137. Jun 20 18:36:51 mvvk4-1 charon: 10[ENC] generating CREATE_CHILD_SA response 2 [ N(TS_UNACCEPT) ]
  138. Jun 20 18:36:51 mvvk4-1 charon: 10[NET] sending packet: from 87.236.194.196[4500] to 89.24.60.60[38055] (76 bytes)
  139. Jun 20 18:36:56 mvvk4-1 charon: 06[NET] received packet: from 89.24.60.60[38055] to 87.236.194.196[4500] (268 bytes)
  140. Jun 20 18:36:56 mvvk4-1 charon: 06[ENC] parsed CREATE_CHILD_SA request 3 [ No SA TSi TSr ]
  141.  
  142. 8:38:14 mvvk4-1 charon: 08[IKE] giving up after 5 retransmits
  143. Jun 20 18:38:14 mvvk4-1 charon: 08[CFG] sending RADIUS Accounting-Request to server 'local'
  144. Jun 20 18:38:14 mvvk4-1 charon: 08[CFG] received RADIUS Accounting-Response from server 'local'
  145. Jun 20 18:38:17 mvvk4-1 charon: 09[NET] received packet: from 89.24.60.60[38055] to 87.236.194.196[4500] (252 bytes)
  146. Jun 20 18:38:17 mvvk4-1 charon: 09[ENC] parsed CREATE_CHILD_SA request 19 [ No SA TSi TSr ]
  147. Jun 20 18:38:17 mvvk4-1 charon: 09[IKE] CHILD_SA tunnel{71} established with SPIs c27e6319_i 04d17e54_o and TS 192.168.80.0/24 === 192.168.150.0/24
  148. Jun 20 18:38:17 mvvk4-1 charon: 09[ENC] generating CREATE_CHILD_SA response 19 [ SA No TSi TSr ]
  149. Jun 20 18:38:17 mvvk4-1 charon: 09[NET] sending packet: from 87.236.194.196[4500] to 89.24.60.60[38055] (204 bytes)
  150. Jun 20 18:38:47 mvvk4-1 charon: 15[IKE] sending DPD request
  151. Jun 20 18:38:47 mvvk4-1 charon: 15[ENC] generating INFORMATIONAL request 0 [ ]
  152. Jun 20 18:38:47 mvvk4-1 charon: 15[NET] sending packet: from 87.236.194.196[4500] to 89.24.60.60[38055] (76 bytes)
  153. Jun 20 18:38:47 mvvk4-1 charon: 16[NET] received packet: from 89.24.60.60[38055] to 87.236.194.196[4500] (92 bytes)
  154. Jun 20 18:38:47 mvvk4-1 charon: 16[ENC] parsed INFORMATIONAL response 0 [ ]
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!