Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ipsec pki --gen --type rsa --size 4096 --outform pem > server-root-key.pem chmod 600 server-root-key.pem
- ipsec pki --self --ca --lifetime 3650
- --in server-root-key.pem
- --type rsa --dn "C=DE, O=VPN Server, CN=VPN Server Root CA"
- --outform pem > server-root-ca.pem
- ipsec pki --gen --type rsa --size 4096 --outform pem > vpn-server-key.pem
- ipsec pki --pub --in vpn-server-key.pem
- --type rsa | ipsec pki --issue --lifetime 1825
- --cacert server-root-ca.pem
- --cakey server-root-key.pem
- --dn "C=US, O=VPN Server, CN=strongswan"
- --san strongswan
- --san vpn.example.com --san vpn.example.net
- --flag serverAuth --flag ikeIntermediate
- --outform pem > vpn-server-cert.pem
- sudo cp ./vpn-server-cert.pem /etc/ipsec.d/certs/vpn-server-cert.pem
- sudo cp ./vpn-server-key.pem /etc/ipsec.d/private/vpn-server-key.pem
- sudo chown root /etc/ipsec.d/private/vpn-server-key.pem
- sudo chgrp root /etc/ipsec.d/private/vpn-server-key.pem
- sudo chmod 600 /etc/ipsec.d/private/vpn-server-key.pem
- ipsec pki --gen --type rsa --size 2048 --outform pem > JohnKey.pem
- ipsec pki --pub --in JohnKey.pem --type rsa | ipsec pki --issue -- lifetime 730 --cacert server-root-ca.pem --cakey server-root-key.pem --dn "C=DE, O=VPN Server, CN=john@example.org" --san "john@example.org" --san "john@example.net" --outform pem > JohnCert.pem
- openssl pkcs12 -export -inkey JohnKey.pem -in JohnCert.pem -name "John's VPN Certificate" -certfile server-root-ca.pem -caname "strongSwan Root CA" -out John.p12
- ->password : password
- cp JohnKey.pem /etc/ipsec.d/private/JohnKey.pem
- chmod 600 /etc/ipsec.d/private/JohnKey.pem
- cp JohnCert.pem /etc/ipsec.d/certs/JohnCert.pem
- conn ikev2-vpn
- auto=add
- compress=no
- type=tunnel
- keyexchange=ikev2
- fragmentation=yes
- forceencaps=yes
- ike=aes256-sha1-modp1024,3des-sha1-modp1024!
- esp=aes256-sha1,3des-sha1!
- dpdaction=clear
- dpddelay=300s
- rekey=no
- left=%any
- leftid=@strongswan
- leftcert=/etc/ipsec.d/certs/vpn-server-cert.pem
- leftsendcert=always
- leftsubnet=0.0.0.0/0
- right=%any
- rightid=%any
- rightauth=eap-mschapv2
- rightdns=8.8.8.8,8.8.4.4
- rightsourceip=10.10.10.0/24
- rightsendcert=never
- eap_identity=%identity
- : RSA "/etc/ipsec.d/private/vpn-server-key.pem"
- admin : EAP "password"
- Apr 26 11:19:01 strongswan charon: 14[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (604 bytes)
- Apr 26 11:19:01 strongswan charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
- Apr 26 11:19:01 strongswan charon: 14[IKE] 192.168.178.42 is initiating an IKE_SA
- Apr 26 11:19:01 strongswan charon: 14[IKE] faking NAT situation to enforce UDP encapsulation
- Apr 26 11:19:01 strongswan charon: 14[IKE] DH group MODP_2048 inacceptable, requesting MODP_1024
- Apr 26 11:19:01 strongswan charon: 14[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
- Apr 26 11:19:01 strongswan charon: 14[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (38 bytes)
- Apr 26 11:19:01 strongswan charon: 15[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (476 bytes)
- Apr 26 11:19:01 strongswan charon: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
- Apr 26 11:19:01 strongswan charon: 15[IKE] 192.168.178.42 is initiating an IKE_SA
- Apr 26 11:19:01 strongswan charon: 15[IKE] faking NAT situation to enforce UDP encapsulation
- Apr 26 11:19:01 strongswan charon: 15[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
- Apr 26 11:19:01 strongswan charon: 15[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (316 bytes)
- Apr 26 11:19:01 strongswan charon: 13[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (484 bytes)
- Apr 26 11:19:01 strongswan charon: 13[ENC] unknown attribute type (25)
- Apr 26 11:19:01 strongswan charon: 13[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
- Apr 26 11:19:01 strongswan charon: 13[IKE] initiating EAP_IDENTITY method (id 0x00)
- Apr 26 11:19:01 strongswan charon: 13[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
- Apr 26 11:19:01 strongswan charon: 13[IKE] peer supports MOBIKE
- Apr 26 11:19:01 strongswan charon: 13[IKE] authentication of 'strongswan' (myself) with RSA signature successful
- Apr 26 11:19:01 strongswan charon: 13[IKE] sending end entity cert "C=US, O=VPN Server, CN=strongswan"
- Apr 26 11:19:01 strongswan charon: 13[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
- Apr 26 11:19:01 strongswan charon: 13[ENC] splitting IKE message with length of 2004 bytes into 2 fragments
- Apr 26 11:19:01 strongswan charon: 13[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
- Apr 26 11:19:01 strongswan charon: 13[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
- Apr 26 11:19:01 strongswan charon: 13[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (1248 bytes)
- Apr 26 11:19:01 strongswan charon: 13[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (824 bytes)
- Apr 26 11:19:01 strongswan charon: 06[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (68 bytes)
- Apr 26 11:19:01 strongswan charon: 06[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
- Apr 26 11:19:01 strongswan charon: 06[IKE] received EAP identity 'admin'
- Apr 26 11:19:01 strongswan charon: 06[IKE] initiating EAP_MSCHAPV2 method (id 0x57)
- Apr 26 11:19:01 strongswan charon: 06[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
- Apr 26 11:19:01 strongswan charon: 06[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (100 bytes)
- Apr 26 11:19:01 strongswan charon: 07[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (124 bytes)
- Apr 26 11:19:01 strongswan charon: 07[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
- Apr 26 11:19:01 strongswan charon: 07[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
- Apr 26 11:19:01 strongswan charon: 07[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (132 bytes)
- Apr 26 11:19:01 strongswan charon: 08[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (68 bytes)
- Apr 26 11:19:01 strongswan charon: 08[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
- Apr 26 11:19:01 strongswan charon: 08[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established
- Apr 26 11:19:01 strongswan charon: 08[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ]
- Apr 26 11:19:01 strongswan charon: 08[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (68 bytes)
- Apr 26 11:19:01 strongswan charon: 09[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (84 bytes)
- Apr 26 11:19:01 strongswan charon: 09[ENC] parsed IKE_AUTH request 5 [ AUTH ]
- Apr 26 11:19:01 strongswan charon: 09[IKE] authentication of '192.168.178.42' with EAP successful
- Apr 26 11:19:01 strongswan charon: 09[IKE] authentication of 'strongswan' (myself) with EAP
- Apr 26 11:19:01 strongswan charon: 09[IKE] IKE_SA ikev2-vpn[6] established between 192.168.178.83[strongswan]...192.168.178.42[192.168.178.42]
- Apr 26 11:19:01 strongswan charon: 09[IKE] peer requested virtual IP %any
- Apr 26 11:19:01 strongswan charon: 09[IKE] assigning virtual IP 10.10.10.1 to peer 'admin'
- Apr 26 11:19:01 strongswan charon: 09[IKE] peer requested virtual IP %any6
- Apr 26 11:19:01 strongswan charon: 09[IKE] no virtual IP found for %any6 requested by 'admin'
- Apr 26 11:19:01 strongswan charon: 09[IKE] CHILD_SA ikev2-vpn{3} established with SPIs cf64b56a_i 0554cc0e_o and TS 0.0.0.0/0 === 10.10.10.1/32
- Apr 26 11:19:01 strongswan charon: 09[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS DNS) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) ]
- Apr 26 11:19:01 strongswan charon: 09[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (260 bytes)
- Apr 26 11:22:56 strongswan charon: 09[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (604 bytes)
- Apr 26 11:22:56 strongswan charon: 09[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
- Apr 26 11:22:56 strongswan charon: 09[CFG] looking for an ike config for 192.168.178.83...192.168.178.42
- Apr 26 11:22:56 strongswan charon: 09[CFG] candidate: %any...%any, prio 28
- Apr 26 11:22:56 strongswan charon: 09[CFG] found matching ike config: %any...%any with prio 28
- Apr 26 11:22:56 strongswan charon: 09[IKE] 192.168.178.42 is initiating an IKE_SA
- Apr 26 11:22:56 strongswan charon: 09[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
- Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
- Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
- Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
- Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 09[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:56 strongswan charon: 09[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 09[CFG] proposal matches
- Apr 26 11:22:56 strongswan charon: 09[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
- Apr 26 11:22:56 strongswan charon: 09[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
- Apr 26 11:22:56 strongswan charon: 09[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
- Apr 26 11:22:56 strongswan charon: 09[IKE] faking NAT situation to enforce UDP encapsulation
- Apr 26 11:22:56 strongswan charon: 09[IKE] DH group MODP_2048 inacceptable, requesting MODP_1024
- Apr 26 11:22:56 strongswan charon: 09[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
- Apr 26 11:22:56 strongswan charon: 09[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (38 bytes)
- Apr 26 11:22:56 strongswan charon: 09[MGR] checkin and destroy IKE_SA (unnamed)[1]
- Apr 26 11:22:56 strongswan charon: 09[IKE] IKE_SA (unnamed)[1] state change: CONNECTING => DESTROYING
- Apr 26 11:22:56 strongswan charon: 09[MGR] checkin and destroy of IKE_SA successful
- Apr 26 11:22:56 strongswan charon: 04[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500]
- Apr 26 11:22:56 strongswan charon: 03[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500]
- Apr 26 11:22:56 strongswan charon: 03[NET] waiting for data on sockets
- Apr 26 11:22:56 strongswan charon: 10[MGR] checkout IKEv2 SA by message with SPIs 46305c6dd06fc413_i 0000000000000000_r
- Apr 26 11:22:56 strongswan charon: 10[MGR] created IKE_SA (unnamed)[2]
- Apr 26 11:22:56 strongswan charon: 10[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (476 bytes)
- Apr 26 11:22:56 strongswan charon: 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
- Apr 26 11:22:56 strongswan charon: 10[CFG] looking for an ike config for 192.168.178.83...192.168.178.42
- Apr 26 11:22:56 strongswan charon: 10[CFG] candidate: %any...%any, prio 28
- Apr 26 11:22:56 strongswan charon: 10[CFG] found matching ike config: %any...%any with prio 28
- Apr 26 11:22:56 strongswan charon: 10[IKE] 192.168.178.42 is initiating an IKE_SA
- Apr 26 11:22:56 strongswan charon: 10[IKE] IKE_SA (unnamed)[2] state change: CREATED => CONNECTING
- Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
- Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
- Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable PSEUDO_RANDOM_FUNCTION found
- Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
- Apr 26 11:22:56 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:56 strongswan charon: 10[CFG] selecting proposal:
- Apr 26 11:22:57 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:57 strongswan charon: 10[CFG] selecting proposal:
- Apr 26 11:22:57 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:57 strongswan charon: 10[CFG] selecting proposal:
- Apr 26 11:22:57 strongswan charon: 10[CFG] no acceptable ENCRYPTION_ALGORITHM found
- Apr 26 11:22:57 strongswan charon: 10[CFG] selecting proposal:
- Apr 26 11:22:57 strongswan charon: 10[CFG] proposal matches
- Apr 26 11:22:57 strongswan charon: 10[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
- Apr 26 11:22:57 strongswan charon: 10[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
- Apr 26 11:22:57 strongswan charon: 10[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
- Apr 26 11:22:57 strongswan charon: 10[IKE] faking NAT situation to enforce UDP encapsulation
- Apr 26 11:22:57 strongswan charon: 10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
- Apr 26 11:22:57 strongswan charon: 10[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (316 bytes)
- Apr 26 11:22:57 strongswan charon: 04[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500]
- Apr 26 11:22:57 strongswan charon: 10[MGR] checkin IKE_SA (unnamed)[2]
- Apr 26 11:22:57 strongswan charon: 10[MGR] checkin of IKE_SA successful
- Apr 26 11:22:57 strongswan charon: 03[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500]
- Apr 26 11:22:57 strongswan charon: 03[NET] waiting for data on sockets
- Apr 26 11:22:57 strongswan charon: 11[MGR] checkout IKEv2 SA by message with SPIs 46305c6dd06fc413_i 3b484cfd473d268b_r
- Apr 26 11:22:57 strongswan charon: 11[MGR] IKE_SA (unnamed)[2] successfully checked out
- Apr 26 11:22:57 strongswan charon: 11[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (484 bytes)
- Apr 26 11:22:57 strongswan charon: 11[ENC] unknown attribute type (25)
- Apr 26 11:22:57 strongswan charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
- Apr 26 11:22:57 strongswan charon: 11[CFG] looking for peer configs matching 192.168.178.83[strongswan]...192.168.178.42[192.168.178.42]
- Apr 26 11:22:57 strongswan charon: 11[CFG] candidate "ikev2-vpn", match: 20/1/28 (me/other/ike)
- Apr 26 11:22:57 strongswan charon: 11[CFG] selected peer config 'ikev2-vpn'
- Apr 26 11:22:57 strongswan charon: 11[IKE] initiating EAP_IDENTITY method (id 0x00)
- Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP4_ADDRESS attribute
- Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP4_DHCP attribute
- Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP4_DNS attribute
- Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP4_NETMASK attribute
- Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP6_ADDRESS attribute
- Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP6_DHCP attribute
- Apr 26 11:22:57 strongswan charon: 11[IKE] processing INTERNAL_IP6_DNS attribute
- Apr 26 11:22:57 strongswan charon: 11[IKE] processing (25) attribute
- Apr 26 11:22:57 strongswan charon: 11[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
- Apr 26 11:22:57 strongswan charon: 11[IKE] peer supports MOBIKE
- Apr 26 11:22:57 strongswan charon: 11[IKE] authentication of 'strongswan' (myself) with RSA signature successful
- Apr 26 11:22:57 strongswan charon: 11[IKE] sending end entity cert "C=US, O=VPN Server, CN=strongswan"
- Apr 26 11:22:57 strongswan charon: 11[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
- Apr 26 11:22:57 strongswan charon: 11[ENC] splitting IKE message with length of 2004 bytes into 2 fragments
- Apr 26 11:22:57 strongswan charon: 11[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
- Apr 26 11:22:57 strongswan charon: 11[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
- Apr 26 11:22:57 strongswan charon: 11[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (1248 bytes)
- Apr 26 11:22:57 strongswan charon: 04[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500]
- Apr 26 11:22:57 strongswan charon: 11[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (824 bytes)
- Apr 26 11:22:57 strongswan charon: 04[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500]
- Apr 26 11:22:57 strongswan charon: 11[MGR] checkin IKE_SA ikev2-vpn[2]
- Apr 26 11:22:57 strongswan charon: 11[MGR] checkin of IKE_SA successful
- Apr 26 11:22:57 strongswan charon: 03[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500]
- Apr 26 11:22:57 strongswan charon: 03[NET] waiting for data on sockets
- Apr 26 11:22:57 strongswan charon: 12[MGR] checkout IKEv2 SA by message with SPIs 46305c6dd06fc413_i 3b484cfd473d268b_r
- Apr 26 11:22:57 strongswan charon: 12[MGR] IKE_SA ikev2-vpn[2] successfully checked out
- Apr 26 11:22:57 strongswan charon: 12[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (84 bytes)
- Apr 26 11:22:57 strongswan charon: 12[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ]
- Apr 26 11:22:57 strongswan charon: 12[IKE] received EAP identity '192.168.178.42'
- Apr 26 11:22:57 strongswan charon: 12[IKE] initiating EAP_MSCHAPV2 method (id 0xF8)
- Apr 26 11:22:57 strongswan charon: 12[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
- Apr 26 11:22:57 strongswan charon: 12[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (100 bytes)
- Apr 26 11:22:57 strongswan charon: 12[MGR] checkin IKE_SA ikev2-vpn[2]
- Apr 26 11:22:57 strongswan charon: 12[MGR] checkin of IKE_SA successful
- Apr 26 11:22:57 strongswan charon: 04[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500]
- Apr 26 11:22:57 strongswan charon: 03[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500]
- Apr 26 11:22:57 strongswan charon: 03[NET] waiting for data on sockets
- Apr 26 11:22:57 strongswan charon: 13[MGR] checkout IKEv2 SA by message with SPIs 46305c6dd06fc413_i 3b484cfd473d268b_r
- Apr 26 11:22:57 strongswan charon: 13[MGR] IKE_SA ikev2-vpn[2] successfully checked out
- Apr 26 11:22:57 strongswan charon: 13[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (68 bytes)
- Apr 26 11:22:57 strongswan charon: 13[ENC] parsed IKE_AUTH request 3 [ EAP/RES/NAK ]
- Apr 26 11:22:57 strongswan charon: 13[IKE] received EAP_NAK, sending EAP_FAILURE
- Apr 26 11:22:57 strongswan charon: 13[ENC] generating IKE_AUTH response 3 [ EAP/FAIL ]
- Apr 26 11:22:57 strongswan charon: 13[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (68 bytes)
- Apr 26 11:22:57 strongswan charon: 13[MGR] checkin and destroy IKE_SA ikev2-vpn[2]
- Apr 26 11:22:57 strongswan charon: 13[IKE] IKE_SA ikev2-vpn[2] state change: CONNECTING => DESTROYING
- Apr 26 11:22:57 strongswan charon: 13[MGR] checkin and destroy of IKE_SA successful
- Apr 26 11:22:57 strongswan charon: 04[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500]
- Apr 26 13:07:59 strongswan charon: 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
- Apr 26 13:07:59 strongswan charon: 08[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (316 bytes)
- Apr 26 13:07:59 strongswan charon: 09[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (484 bytes)
- Apr 26 13:07:59 strongswan charon: 09[ENC] unknown attribute type (25)
- Apr 26 13:07:59 strongswan charon: 09[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
- Apr 26 13:07:59 strongswan charon: 09[IKE] peer requested EAP, config inacceptable
- Apr 26 13:07:59 strongswan charon: 09[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
- Apr 26 13:07:59 strongswan charon: 09[IKE] peer supports MOBIKE
- Apr 26 13:07:59 strongswan charon: 09[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
- Apr 26 13:07:59 strongswan charon: 09[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (68 bytes)
- Apr 26 13:08:26 strongswan charon: 05[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (604 bytes)
- Apr 26 13:08:26 strongswan charon: 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
- Apr 26 13:08:26 strongswan charon: 05[IKE] 192.168.178.42 is initiating an IKE_SA
- Apr 26 13:08:26 strongswan charon: 05[IKE] faking NAT situation to enforce UDP encapsulation
- Apr 26 13:08:26 strongswan charon: 05[IKE] DH group MODP_2048 inacceptable, requesting MODP_1024
- Apr 26 13:08:26 strongswan charon: 05[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
- Apr 26 13:08:26 strongswan charon: 05[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (38 bytes)
- Apr 26 13:08:26 strongswan charon: 06[NET] received packet: from 192.168.178.42[500] to 192.168.178.83[500] (476 bytes)
- Apr 26 13:08:26 strongswan charon: 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
- Apr 26 13:08:26 strongswan charon: 06[IKE] 192.168.178.42 is initiating an IKE_SA
- Apr 26 13:08:26 strongswan charon: 06[IKE] faking NAT situation to enforce UDP encapsulation
- Apr 26 13:08:26 strongswan charon: 06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
- Apr 26 13:08:26 strongswan charon: 06[NET] sending packet: from 192.168.178.83[500] to 192.168.178.42[500] (316 bytes)
- Apr 26 13:08:26 strongswan charon: 07[NET] received packet: from 192.168.178.42[4500] to 192.168.178.83[4500] (484 bytes)
- Apr 26 13:08:26 strongswan charon: 07[ENC] unknown attribute type (25)
- Apr 26 13:08:26 strongswan charon: 07[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
- Apr 26 13:08:26 strongswan charon: 07[IKE] peer requested EAP, config inacceptable
- Apr 26 13:08:26 strongswan charon: 07[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
- Apr 26 13:08:26 strongswan charon: 07[IKE] peer supports MOBIKE
- Apr 26 13:08:26 strongswan charon: 07[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
- Apr 26 13:08:26 strongswan charon: 07[NET] sending packet: from 192.168.178.83[4500] to 192.168.178.42[4500] (68 bytes)
Add Comment
Please, Sign In to add comment