API tools faq
paste
Guest User

Untitled

a guest
Apr 26th, 2018
278
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.92 KB | None | 0 0
raw download clone embed print report
  1. ipsec pki --gen --type rsa --size 4096 --outform pem > server-root-key.pem chmod 600 server-root-key.pem
  2.  
  3. ipsec pki --self --ca --lifetime 3650
  4. --in server-root-key.pem
  5. --type rsa --dn "C=DE, O=VPN Server, CN=VPN Server Root CA"
  6. --outform pem > server-root-ca.pem
  7.  
  8. ipsec pki --gen --type rsa --size 4096 --outform pem > vpn-server-key.pem
  9.  
  10. ipsec pki --pub --in vpn-server-key.pem
  11. --type rsa | ipsec pki --issue --lifetime 1825
  12. --cacert server-root-ca.pem
  13. --cakey server-root-key.pem
  14. --dn "C=US, O=VPN Server, CN=strongswan"
  15. --san strongswan
  16. --san vpn.example.com --san vpn.example.net
  17. --flag serverAuth --flag ikeIntermediate
  18. --outform pem > vpn-server-cert.pem
  19.  
  20. sudo cp ./vpn-server-cert.pem /etc/ipsec.d/certs/vpn-server-cert.pem
  21. sudo cp ./vpn-server-key.pem /etc/ipsec.d/private/vpn-server-key.pem
  22.  
  23. sudo chown root /etc/ipsec.d/private/vpn-server-key.pem
  24. sudo chgrp root /etc/ipsec.d/private/vpn-server-key.pem
  25. sudo chmod 600 /etc/ipsec.d/private/vpn-server-key.pem
  26.  
  27.  
  28.  
  29. ipsec pki --gen --type rsa --size 2048 --outform pem > JohnKey.pem
  30.  
  31. ipsec pki --pub --in JohnKey.pem --type rsa | ipsec pki --issue -- lifetime 730 --cacert server-root-ca.pem --cakey server-root-key.pem --dn "C=DE, O=VPN Server, CN=john@example.org" --san "john@example.org" --san "john@example.net" --outform pem > JohnCert.pem
  32.  
  33.  
  34. openssl pkcs12 -export -inkey JohnKey.pem -in JohnCert.pem -name "John's VPN Certificate" -certfile server-root-ca.pem -caname "strongSwan Root CA" -out John.p12
  35. ->password : password
  36.  
  37.  
  38. cp JohnKey.pem /etc/ipsec.d/private/JohnKey.pem
  39. chmod 600 /etc/ipsec.d/private/JohnKey.pem
  40.  
  41. cp JohnCert.pem /etc/ipsec.d/certs/JohnCert.pem
  42.  
  43. conn ikev2-vpn
  44. auto=add
  45. compress=no
  46. type=tunnel
  47. keyexchange=ikev2
  48. fragmentation=yes
  49. forceencaps=yes
  50. ike=aes256-sha1-modp1024,3des-sha1-modp1024!
  51. esp=aes256-sha1,3des-sha1!
  52. dpdaction=clear
  53. dpddelay=300s
  54. rekey=no
  55. left=%any
  56. leftid=@strongswan
  57. leftcert=/etc/ipsec.d/certs/vpn-server-cert.pem
  58. leftsendcert=always
  59. leftsubnet=0.0.0.0/0
  60. right=%any
  61. rightid=%any
  62. rightauth=eap-mschapv2
  63. rightdns=8.8.8.8,8.8.4.4
  64. rightsourceip=10.10.10.0/24
  65. rightsendcert=never
  66. eap_identity=%identity
  67.  
  68. : RSA "/etc/ipsec.d/private/vpn-server-key.pem"
  69. admin : EAP "password"
  70.  
  71. Apr 26 11:19:01 strongswan charon: 14[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (604 bytes)
  72. Apr 26 11:19:01 strongswan charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
  73. Apr 26 11:19:01 strongswan charon: 14[IKE] 192.168.178.42 is initiating an IKE_SA
  74. Apr 26 11:19:01 strongswan charon: 14[IKE] faking NAT situation to enforce UDP encapsulation
  75. Apr 26 11:19:01 strongswan charon: 14[IKE] DH group MODP_2048 inacceptable, requesting MODP_1024
  76. Apr 26 11:19:01 strongswan charon: 14[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
  77. Apr 26 11:19:01 strongswan charon: 14[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (38 bytes)
  78. Apr 26 11:19:01 strongswan charon: 15[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (476 bytes)
  79. Apr 26 11:19:01 strongswan charon: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
  80. Apr 26 11:19:01 strongswan charon: 15[IKE] 192.168.178.42 is initiating an IKE_SA
  81. Apr 26 11:19:01 strongswan charon: 15[IKE] faking NAT situation to enforce UDP encapsulation
  82. Apr 26 11:19:01 strongswan charon: 15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
  83. Apr 26 11:19:01 strongswan charon: 15[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (316 bytes)
  84. Apr 26 11:19:01 strongswan charon: 13[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (484 bytes)
  85. Apr 26 11:19:01 strongswan charon: 13[ENC] unknown attribute type (25)
  86. Apr 26 11:19:01 strongswan charon: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
  87. Apr 26 11:19:01 strongswan charon: 13[IKE] initiating EAP_IDENTITY method (id 0x00)
  88. Apr 26 11:19:01 strongswan charon: 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
  89. Apr 26 11:19:01 strongswan charon: 13[IKE] peer supports MOBIKE
  90. Apr 26 11:19:01 strongswan charon: 13[IKE] authentication of 'strongswan' (myself) with RSA signature successful
  91. Apr 26 11:19:01 strongswan charon: 13[IKE] sending end entity cert "C=US, O=VPN Server, CN=strongswan"
  92. Apr 26 11:19:01 strongswan charon: 13[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
  93. Apr 26 11:19:01 strongswan charon: 13[ENC] splitting IKE message with length of 2004 bytes into 2 fragments
  94. Apr 26 11:19:01 strongswan charon: 13[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
  95. Apr 26 11:19:01 strongswan charon: 13[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
  96. Apr 26 11:19:01 strongswan charon: 13[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (1248 bytes)
  97. Apr 26 11:19:01 strongswan charon: 13[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (824 bytes)
  98. Apr 26 11:19:01 strongswan charon: 06[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (68 bytes)
  99. Apr 26 11:19:01 strongswan charon: 06[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
  100. Apr 26 11:19:01 strongswan charon: 06[IKE] received EAP identity 'admin'
  101. Apr 26 11:19:01 strongswan charon: 06[IKE] initiating EAP_MSCHAPV2 method (id 0x57)
  102. Apr 26 11:19:01 strongswan charon: 06[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
  103. Apr 26 11:19:01 strongswan charon: 06[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (100 bytes)
  104. Apr 26 11:19:01 strongswan charon: 07[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (124 bytes)
  105. Apr 26 11:19:01 strongswan charon: 07[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
  106. Apr 26 11:19:01 strongswan charon: 07[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
  107. Apr 26 11:19:01 strongswan charon: 07[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (132 bytes)
  108. Apr 26 11:19:01 strongswan charon: 08[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (68 bytes)
  109. Apr 26 11:19:01 strongswan charon: 08[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
  110. Apr 26 11:19:01 strongswan charon: 08[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established
  111. Apr 26 11:19:01 strongswan charon: 08[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ]
  112. Apr 26 11:19:01 strongswan charon: 08[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (68 bytes)
  113. Apr 26 11:19:01 strongswan charon: 09[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (84 bytes)
  114. Apr 26 11:19:01 strongswan charon: 09[ENC] parsed IKE_AUTH request 5 [ AUTH ]
  115. Apr 26 11:19:01 strongswan charon: 09[IKE] authentication of '192.168.178.42' with EAP successful
  116. Apr 26 11:19:01 strongswan charon: 09[IKE] authentication of 'strongswan' (myself) with EAP
  117. Apr 26 11:19:01 strongswan charon: 09[IKE] IKE_SA ikev2-vpn[6] established between 192.168.178.83[strongswan]...192.168.178.42[192.168.178.42]
  118. Apr 26 11:19:01 strongswan charon: 09[IKE] peer requested virtual IP %any
  119. Apr 26 11:19:01 strongswan charon: 09[IKE] assigning virtual IP 10.10.10.1 to peer 'admin'
  120. Apr 26 11:19:01 strongswan charon: 09[IKE] peer requested virtual IP %any6
  121. Apr 26 11:19:01 strongswan charon: 09[IKE] no virtual IP found for %any6 requested by 'admin'
  122. Apr 26 11:19:01 strongswan charon: 09[IKE] CHILD_SA ikev2-vpn{3} established with SPIs cf64b56a_i 0554cc0e_o and TS 0.0.0.0/0 === 10.10.10.1/32
  123. Apr 26 11:19:01 strongswan charon: 09[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) ]
  124. Apr 26 11:19:01 strongswan charon: 09[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (260 bytes)
  125.  
  126. Apr 26 11:22:56 strongswan charon: 09[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (604 bytes)
  127. Apr 26 11:22:56 strongswan charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
  128. Apr 26 11:22:56 strongswan charon: 09[CFG] looking for an ike config for 192.168.178.83...192.168.178.42
  129. Apr 26 11:22:56 strongswan charon: 09[CFG] candidate: %any...%any, prio 28
  130. Apr 26 11:22:56 strongswan charon: 09[CFG] found matching ike config: %any...%any with prio 28
  131. Apr 26 11:22:56 strongswan charon: 09[IKE] 192.168.178.42 is initiating an IKE_SA
  132. Apr 26 11:22:56 strongswan charon: 09[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
  133. Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
  134. Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
  135. Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
  136. Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
  137. Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
  138. Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
  139. Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
  140. Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
  141. Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
  142. Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
  143. Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
  144. Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
  145. Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
  146. Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
  147. Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
  148. Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
  149. Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
  150. Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
  151. Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
  152. Apr 26 11:22:56 strongswan charon: 09[CFG] proposal matches
  153. Apr 26 11:22:56 strongswan charon: 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  154. Apr 26 11:22:56 strongswan charon: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  155. Apr 26 11:22:56 strongswan charon: 09[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  156. Apr 26 11:22:56 strongswan charon: 09[IKE] faking NAT situation to enforce UDP encapsulation
  157. Apr 26 11:22:56 strongswan charon: 09[IKE] DH group MODP_2048 inacceptable, requesting MODP_1024
  158. Apr 26 11:22:56 strongswan charon: 09[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
  159. Apr 26 11:22:56 strongswan charon: 09[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (38 bytes)
  160. Apr 26 11:22:56 strongswan charon: 09[MGR] checkin and destroy IKE_SA (unnamed)[1]
  161. Apr 26 11:22:56 strongswan charon: 09[IKE] IKE_SA (unnamed)[1] state change: CONNECTING => DESTROYING
  162. Apr 26 11:22:56 strongswan charon: 09[MGR] checkin and destroy of IKE_SA successful
  163. Apr 26 11:22:56 strongswan charon: 04[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500]
  164. Apr 26 11:22:56 strongswan charon: 03[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500]
  165. Apr 26 11:22:56 strongswan charon: 03[NET] waiting for data on sockets
  166. Apr 26 11:22:56 strongswan charon: 10[MGR] checkout IKEv2 SA by message with SPIs 46305c6dd06fc413_i 0000000000000000_r
  167. Apr 26 11:22:56 strongswan charon: 10[MGR] created IKE_SA (unnamed)[2]
  168. Apr 26 11:22:56 strongswan charon: 10[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (476 bytes)
  169. Apr 26 11:22:56 strongswan charon: 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
  170. Apr 26 11:22:56 strongswan charon: 10[CFG] looking for an ike config for 192.168.178.83...192.168.178.42
  171. Apr 26 11:22:56 strongswan charon: 10[CFG] candidate: %any...%any, prio 28
  172. Apr 26 11:22:56 strongswan charon: 10[CFG] found matching ike config: %any...%any with prio 28
  173. Apr 26 11:22:56 strongswan charon: 10[IKE] 192.168.178.42 is initiating an IKE_SA
  174. Apr 26 11:22:56 strongswan charon: 10[IKE] IKE_SA (unnamed)[2] state change: CREATED => CONNECTING
  175. Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
  176. Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
  177. Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
  178. Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
  179. Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
  180. Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
  181. Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
  182. Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
  183. Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
  184. Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
  185. Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
  186. Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
  187. Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
  188. Apr 26 11:22:57 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
  189. Apr 26 11:22:57 strongswan charon: 10[CFG] selecting proposal:
  190. Apr 26 11:22:57 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
  191. Apr 26 11:22:57 strongswan charon: 10[CFG] selecting proposal:
  192. Apr 26 11:22:57 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
  193. Apr 26 11:22:57 strongswan charon: 10[CFG] selecting proposal:
  194. Apr 26 11:22:57 strongswan charon: 10[CFG] proposal matches
  195. Apr 26 11:22:57 strongswan charon: 10[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  196. Apr 26 11:22:57 strongswan charon: 10[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  197. Apr 26 11:22:57 strongswan charon: 10[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
  198. Apr 26 11:22:57 strongswan charon: 10[IKE] faking NAT situation to enforce UDP encapsulation
  199. Apr 26 11:22:57 strongswan charon: 10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
  200. Apr 26 11:22:57 strongswan charon: 10[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (316 bytes)
  201. Apr 26 11:22:57 strongswan charon: 04[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500]
  202. Apr 26 11:22:57 strongswan charon: 10[MGR] checkin IKE_SA (unnamed)[2]
  203. Apr 26 11:22:57 strongswan charon: 10[MGR] checkin of IKE_SA successful
  204. Apr 26 11:22:57 strongswan charon: 03[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500]
  205. Apr 26 11:22:57 strongswan charon: 03[NET] waiting for data on sockets
  206. Apr 26 11:22:57 strongswan charon: 11[MGR] checkout IKEv2 SA by message with SPIs 46305c6dd06fc413_i 3b484cfd473d268b_r
  207. Apr 26 11:22:57 strongswan charon: 11[MGR] IKE_SA (unnamed)[2] successfully checked out
  208. Apr 26 11:22:57 strongswan charon: 11[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (484 bytes)
  209. Apr 26 11:22:57 strongswan charon: 11[ENC] unknown attribute type (25)
  210. Apr 26 11:22:57 strongswan charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
  211. Apr 26 11:22:57 strongswan charon: 11[CFG] looking for peer configs matching 192.168.178.83[strongswan]...192.168.178.42[192.168.178.42]
  212. Apr 26 11:22:57 strongswan charon: 11[CFG] candidate "ikev2-vpn", match: 20/1/28 (me/other/ike)
  213. Apr 26 11:22:57 strongswan charon: 11[CFG] selected peer config 'ikev2-vpn'
  214. Apr 26 11:22:57 strongswan charon: 11[IKE] initiating EAP_IDENTITY method (id 0x00)
  215. Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP4_ADDRESS attribute
  216. Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP4_DHCP attribute
  217. Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP4_DNS attribute
  218. Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP4_NETMASK attribute
  219. Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP6_ADDRESS attribute
  220. Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP6_DHCP attribute
  221. Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP6_DNS attribute
  222. Apr 26 11:22:57 strongswan charon: 11[IKE] processing (25) attribute
  223. Apr 26 11:22:57 strongswan charon: 11[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
  224. Apr 26 11:22:57 strongswan charon: 11[IKE] peer supports MOBIKE
  225. Apr 26 11:22:57 strongswan charon: 11[IKE] authentication of 'strongswan' (myself) with RSA signature successful
  226. Apr 26 11:22:57 strongswan charon: 11[IKE] sending end entity cert "C=US, O=VPN Server, CN=strongswan"
  227. Apr 26 11:22:57 strongswan charon: 11[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
  228. Apr 26 11:22:57 strongswan charon: 11[ENC] splitting IKE message with length of 2004 bytes into 2 fragments
  229. Apr 26 11:22:57 strongswan charon: 11[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
  230. Apr 26 11:22:57 strongswan charon: 11[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
  231. Apr 26 11:22:57 strongswan charon: 11[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (1248 bytes)
  232. Apr 26 11:22:57 strongswan charon: 04[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500]
  233. Apr 26 11:22:57 strongswan charon: 11[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (824 bytes)
  234. Apr 26 11:22:57 strongswan charon: 04[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500]
  235. Apr 26 11:22:57 strongswan charon: 11[MGR] checkin IKE_SA ikev2-vpn[2]
  236. Apr 26 11:22:57 strongswan charon: 11[MGR] checkin of IKE_SA successful
  237. Apr 26 11:22:57 strongswan charon: 03[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500]
  238. Apr 26 11:22:57 strongswan charon: 03[NET] waiting for data on sockets
  239. Apr 26 11:22:57 strongswan charon: 12[MGR] checkout IKEv2 SA by message with SPIs 46305c6dd06fc413_i 3b484cfd473d268b_r
  240. Apr 26 11:22:57 strongswan charon: 12[MGR] IKE_SA ikev2-vpn[2] successfully checked out
  241. Apr 26 11:22:57 strongswan charon: 12[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (84 bytes)
  242. Apr 26 11:22:57 strongswan charon: 12[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
  243. Apr 26 11:22:57 strongswan charon: 12[IKE] received EAP identity '192.168.178.42'
  244. Apr 26 11:22:57 strongswan charon: 12[IKE] initiating EAP_MSCHAPV2 method (id 0xF8)
  245. Apr 26 11:22:57 strongswan charon: 12[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
  246. Apr 26 11:22:57 strongswan charon: 12[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (100 bytes)
  247. Apr 26 11:22:57 strongswan charon: 12[MGR] checkin IKE_SA ikev2-vpn[2]
  248. Apr 26 11:22:57 strongswan charon: 12[MGR] checkin of IKE_SA successful
  249. Apr 26 11:22:57 strongswan charon: 04[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500]
  250. Apr 26 11:22:57 strongswan charon: 03[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500]
  251. Apr 26 11:22:57 strongswan charon: 03[NET] waiting for data on sockets
  252. Apr 26 11:22:57 strongswan charon: 13[MGR] checkout IKEv2 SA by message with SPIs 46305c6dd06fc413_i 3b484cfd473d268b_r
  253. Apr 26 11:22:57 strongswan charon: 13[MGR] IKE_SA ikev2-vpn[2] successfully checked out
  254. Apr 26 11:22:57 strongswan charon: 13[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (68 bytes)
  255. Apr 26 11:22:57 strongswan charon: 13[ENC] parsed IKE_AUTH request 3 [ EAP/RES/NAK ]
  256. Apr 26 11:22:57 strongswan charon: 13[IKE] received EAP_NAK, sending EAP_FAILURE
  257. Apr 26 11:22:57 strongswan charon: 13[ENC] generating IKE_AUTH response 3 [ EAP/FAIL ]
  258. Apr 26 11:22:57 strongswan charon: 13[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (68 bytes)
  259. Apr 26 11:22:57 strongswan charon: 13[MGR] checkin and destroy IKE_SA ikev2-vpn[2]
  260. Apr 26 11:22:57 strongswan charon: 13[IKE] IKE_SA ikev2-vpn[2] state change: CONNECTING => DESTROYING
  261. Apr 26 11:22:57 strongswan charon: 13[MGR] checkin and destroy of IKE_SA successful
  262. Apr 26 11:22:57 strongswan charon: 04[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500]
  263.  
  264. Apr 26 13:07:59 strongswan charon: 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
  265. Apr 26 13:07:59 strongswan charon: 08[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (316 bytes)
  266. Apr 26 13:07:59 strongswan charon: 09[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (484 bytes)
  267. Apr 26 13:07:59 strongswan charon: 09[ENC] unknown attribute type (25)
  268. Apr 26 13:07:59 strongswan charon: 09[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
  269. Apr 26 13:07:59 strongswan charon: 09[IKE] peer requested EAP, config inacceptable
  270. Apr 26 13:07:59 strongswan charon: 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
  271. Apr 26 13:07:59 strongswan charon: 09[IKE] peer supports MOBIKE
  272. Apr 26 13:07:59 strongswan charon: 09[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
  273. Apr 26 13:07:59 strongswan charon: 09[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (68 bytes)
  274. Apr 26 13:08:26 strongswan charon: 05[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (604 bytes)
  275. Apr 26 13:08:26 strongswan charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
  276. Apr 26 13:08:26 strongswan charon: 05[IKE] 192.168.178.42 is initiating an IKE_SA
  277. Apr 26 13:08:26 strongswan charon: 05[IKE] faking NAT situation to enforce UDP encapsulation
  278. Apr 26 13:08:26 strongswan charon: 05[IKE] DH group MODP_2048 inacceptable, requesting MODP_1024
  279. Apr 26 13:08:26 strongswan charon: 05[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
  280. Apr 26 13:08:26 strongswan charon: 05[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (38 bytes)
  281. Apr 26 13:08:26 strongswan charon: 06[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (476 bytes)
  282. Apr 26 13:08:26 strongswan charon: 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
  283. Apr 26 13:08:26 strongswan charon: 06[IKE] 192.168.178.42 is initiating an IKE_SA
  284. Apr 26 13:08:26 strongswan charon: 06[IKE] faking NAT situation to enforce UDP encapsulation
  285. Apr 26 13:08:26 strongswan charon: 06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
  286. Apr 26 13:08:26 strongswan charon: 06[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (316 bytes)
  287. Apr 26 13:08:26 strongswan charon: 07[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (484 bytes)
  288. Apr 26 13:08:26 strongswan charon: 07[ENC] unknown attribute type (25)
  289. Apr 26 13:08:26 strongswan charon: 07[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
  290. Apr 26 13:08:26 strongswan charon: 07[IKE] peer requested EAP, config inacceptable
  291. Apr 26 13:08:26 strongswan charon: 07[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
  292. Apr 26 13:08:26 strongswan charon: 07[IKE] peer supports MOBIKE
  293. Apr 26 13:08:26 strongswan charon: 07[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
  294. Apr 26 13:08:26 strongswan charon: 07[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (68 bytes)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!