IPSec problem over ISP (LTE clients works ok)

th0massin0 · October 5, 2021, 7:29am

Hello,
I have a problem with client that connects to CHR over IPSEC IKEv2. Connection via LTE (hotspot) works fine (tested on Windows and StrongSwan Android).. but not working via local ISP. Attaching log from CHR (Windows client tries to connect).

Oct/05/2021 09:12:27 ipsec,debug ===== received 624 bytes from <cli-ip>[1076] to <chr-ip>[500]
Oct/05/2021 09:12:27 ipsec -> ike2 request, exchange: SA_INIT:0 <cli-ip>[1076] e4b9734ebf0a74e5:0000000000000000
Oct/05/2021 09:12:27 ipsec ike2 respond
Oct/05/2021 09:12:27 ipsec payload seen: SA (256 bytes)
Oct/05/2021 09:12:27 ipsec payload seen: KE (136 bytes)
Oct/05/2021 09:12:27 ipsec payload seen: NONCE (52 bytes)
Oct/05/2021 09:12:27 ipsec payload seen: NOTIFY (8 bytes)
Oct/05/2021 09:12:27 ipsec payload seen: NOTIFY (28 bytes)
Oct/05/2021 09:12:27 ipsec payload seen: NOTIFY (28 bytes)
Oct/05/2021 09:12:27 ipsec payload seen: VID (24 bytes)
Oct/05/2021 09:12:27 ipsec,debug 1e2b516905991c7d7c96fcbfb587e46100000009
Oct/05/2021 09:12:27 ipsec payload seen: VID (20 bytes)
Oct/05/2021 09:12:27 ipsec,debug fb1de3cdf341b7ea16b7e5be0855f120
Oct/05/2021 09:12:27 ipsec payload seen: VID (20 bytes)
Oct/05/2021 09:12:27 ipsec,debug 26244d38eddb61b3172a36e3d0cfb819
Oct/05/2021 09:12:27 ipsec payload seen: VID (24 bytes)
Oct/05/2021 09:12:27 ipsec,debug 01528bbbc00696121849ab9a1c5b2a5100000002
Oct/05/2021 09:12:27 ipsec processing payload: NONCE
Oct/05/2021 09:12:27 ipsec processing payload: SA
Oct/05/2021 09:12:27 ipsec,debug unknown auth: #13
Oct/05/2021 09:12:27 ipsec,debug unknown prf: #6
Oct/05/2021 09:12:27 ipsec,debug unknown auth: #13
Oct/05/2021 09:12:27 ipsec,debug unknown prf: #6
Oct/05/2021 09:12:27 ipsec IKE Protocol: IKE
Oct/05/2021 09:12:27 ipsec  proposal #1
Oct/05/2021 09:12:27 ipsec   enc: 3des-cbc
Oct/05/2021 09:12:27 ipsec   prf: hmac-sha1
Oct/05/2021 09:12:27 ipsec   auth: sha1
Oct/05/2021 09:12:27 ipsec   dh: modp1024
Oct/05/2021 09:12:27 ipsec  proposal #2
Oct/05/2021 09:12:27 ipsec   enc: aes256-cbc
Oct/05/2021 09:12:27 ipsec   prf: hmac-sha1
Oct/05/2021 09:12:27 ipsec   auth: sha1
Oct/05/2021 09:12:27 ipsec   dh: modp1024
Oct/05/2021 09:12:27 ipsec  proposal #3
Oct/05/2021 09:12:27 ipsec   enc: 3des-cbc
Oct/05/2021 09:12:27 ipsec   prf: hmac-sha256
Oct/05/2021 09:12:27 ipsec   auth: sha256
Oct/05/2021 09:12:27 ipsec   dh: modp1024
Oct/05/2021 09:12:27 ipsec  proposal #4
Oct/05/2021 09:12:27 ipsec   enc: aes256-cbc
Oct/05/2021 09:12:27 ipsec   prf: hmac-sha256
Oct/05/2021 09:12:27 ipsec   auth: sha256
Oct/05/2021 09:12:27 ipsec   dh: modp1024
Oct/05/2021 09:12:27 ipsec  proposal #5
Oct/05/2021 09:12:27 ipsec   enc: 3des-cbc
Oct/05/2021 09:12:27 ipsec   prf: unknown
Oct/05/2021 09:12:27 ipsec   auth: unknown
Oct/05/2021 09:12:27 ipsec   dh: modp1024
Oct/05/2021 09:12:27 ipsec  proposal #6
Oct/05/2021 09:12:27 ipsec   enc: aes256-cbc
Oct/05/2021 09:12:27 ipsec   prf: unknown
Oct/05/2021 09:12:27 ipsec   auth: unknown
Oct/05/2021 09:12:27 ipsec   dh: modp1024
Oct/05/2021 09:12:27 ipsec matched proposal:
Oct/05/2021 09:12:27 ipsec  proposal #4
Oct/05/2021 09:12:27 ipsec   enc: aes256-cbc
Oct/05/2021 09:12:27 ipsec   prf: hmac-sha256
Oct/05/2021 09:12:27 ipsec   auth: sha256
Oct/05/2021 09:12:27 ipsec   dh: modp1024
Oct/05/2021 09:12:27 ipsec processing payload: KE
Oct/05/2021 09:12:27 ipsec,debug => shared secret (size 0x80)
Oct/05/2021 09:12:27 ipsec,debug a55dd078 ab6afab9 e6171159 c427a782 06b27be7 213298aa a31bf7b4 fdff8a81
Oct/05/2021 09:12:27 ipsec,debug ba4e39e0 6b74b7ab 5968ee42 f4f98fb1 02fa0f70 71bf45a8 32bab296 719e89cc
Oct/05/2021 09:12:27 ipsec,debug 3d46499a 8b52dc84 4813103e 99ebecdd 21b00ef0 f91810b5 daf1165f f5acd213
Oct/05/2021 09:12:27 ipsec,debug 6ccc2efd f60c16a8 6208f40f 3f09cbbb e24f8473 873c1e3a c2efd365 34ebd6b8
Oct/05/2021 09:12:27 ipsec adding payload: SA
Oct/05/2021 09:12:27 ipsec,debug => (size 0x30)
Oct/05/2021 09:12:27 ipsec,debug 00000030 0000002c 04010004 0300000c 0100000c 800e0100 03000008 02000005
Oct/05/2021 09:12:27 ipsec,debug 03000008 0300000c 00000008 04000002
Oct/05/2021 09:12:27 ipsec adding payload: KE
Oct/05/2021 09:12:27 ipsec,debug => (size 0x88)
Oct/05/2021 09:12:27 ipsec,debug 00000088 00020000 4c6fd5f2 8f74b094 8b38889f d1cec70d df8b29f8 ddc6f45b
Oct/05/2021 09:12:27 ipsec,debug 53b6abe2 761b44d5 2d23cf5c a0f9ef61 b12d2345 a680af71 47b9fe4d 4a11d288
Oct/05/2021 09:12:27 ipsec,debug 3ac80029 9f6aabdc 01a879a1 95136de0 8e8e78b3 f7f03652 7359589c 409bcbae
Oct/05/2021 09:12:27 ipsec,debug 857a1d30 01dc7d91 7d6b58ea a6f38f08 135057de ecdd21bd 106af8f7 8a2c6d92
Oct/05/2021 09:12:27 ipsec,debug 30a37da6 bb775765
Oct/05/2021 09:12:27 ipsec adding payload: NONCE
Oct/05/2021 09:12:27 ipsec,debug => (size 0x1c)
Oct/05/2021 09:12:27 ipsec,debug 0000001c 5521ecbd 1d47809e 1f5781c2 0a225a8e 621408f9 ccf155c7
Oct/05/2021 09:12:27 ipsec adding notify: NAT_DETECTION_SOURCE_IP
Oct/05/2021 09:12:27 ipsec,debug => (size 0x1c)
Oct/05/2021 09:12:27 ipsec,debug 0000001c 00004004 a3edfafd 0a0103f7 1ba055cd 03fca25e 31a51054
Oct/05/2021 09:12:27 ipsec adding notify: NAT_DETECTION_DESTINATION_IP
Oct/05/2021 09:12:27 ipsec,debug => (size 0x1c)
Oct/05/2021 09:12:27 ipsec,debug 0000001c 00004005 356ae762 70b8672e 1c9b0697 9d8c3c7f 9a4db134
Oct/05/2021 09:12:27 ipsec adding payload: CERTREQ
Oct/05/2021 09:12:27 ipsec,debug => (size 0x5)
Oct/05/2021 09:12:27 ipsec,debug 00000005 04
Oct/05/2021 09:12:27 ipsec <- ike2 reply, exchange: SA_INIT:0 <cli-ip>[1076] e4b9734ebf0a74e5:deda2bca2a98b9f9
Oct/05/2021 09:12:27 ipsec,debug ===== sending 301 bytes from <chr-ip>[500] to <cli-ip>[1076]
Oct/05/2021 09:12:27 ipsec,debug 1 times of 301 bytes message will be sent to <cli-ip>[1076]
Oct/05/2021 09:12:27 ipsec,debug => skeyseed (size 0x20)
Oct/05/2021 09:12:27 ipsec,debug edb0278b 20ebf99d c472169b 10070397 cbdcffc9 e93894b1 5ad0ff90 1c05c4d3
Oct/05/2021 09:12:27 ipsec,debug => keymat (size 0x20)
Oct/05/2021 09:12:27 ipsec,debug 57b54731 0ebb3fe9 e8ed7a88 80246551 8a907c8d 2b5e3407 a3ebdaa7 5a6cfdd4
Oct/05/2021 09:12:27 ipsec,debug => SK_ai (size 0x20)
Oct/05/2021 09:12:27 ipsec,debug 53fc68c5 6867ee33 54dad188 6e2f4c5a 1310594a 312f747d bdd3a1c6 cf500be0
Oct/05/2021 09:12:27 ipsec,debug => SK_ar (size 0x20)
Oct/05/2021 09:12:27 ipsec,debug 47dcedb7 c499945d 14028e6a 0ee62d1a 6c2e7c59 0cc81fe6 d8d83ca3 fb47a9ed
Oct/05/2021 09:12:27 ipsec,debug => SK_ei (size 0x20)
Oct/05/2021 09:12:27 ipsec,debug 61f23dbd d49d990e 18a26f6c ea427ec0 c6123ce0 be00f586 b6e474f7 eceb12e0
Oct/05/2021 09:12:27 ipsec,debug => SK_er (size 0x20)
Oct/05/2021 09:12:27 ipsec,debug ca5b8fad fb95a5ad b27a005b 57787702 f0e98e32 9b7c2331 a1d4a155 cd39a0a7
Oct/05/2021 09:12:27 ipsec,debug => SK_pi (size 0x20)
Oct/05/2021 09:12:27 ipsec,debug 318d2cd9 93288c92 62718ae6 b3d8fcf6 8c3cb97e e90c9965 5449fbba 493fd929
Oct/05/2021 09:12:27 ipsec,debug => SK_pr (size 0x20)
Oct/05/2021 09:12:27 ipsec,debug bc658756 7afb0ee9 2183598d 9471ee1b 627b14be 0fd51f00 f317dbef e7832477
Oct/05/2021 09:12:27 ipsec,info new ike2 SA (R): <chr-ip>[500]-<cli-ip>[1076] spi:deda2bca2a98b9f9:e4b9734ebf0a74e5
Oct/05/2021 09:12:27 ipsec processing payloads: VID
Oct/05/2021 09:12:27 ipsec peer is MS Windows (ISAKMPOAKLEY 9)
Oct/05/2021 09:12:27 ipsec processing payloads: NOTIFY
Oct/05/2021 09:12:27 ipsec   notify: IKEV2_FRAGMENTATION_SUPPORTED
Oct/05/2021 09:12:27 ipsec   notify: NAT_DETECTION_SOURCE_IP
Oct/05/2021 09:12:27 ipsec   notify: NAT_DETECTION_DESTINATION_IP
Oct/05/2021 09:12:27 ipsec (NAT-T) REMOTE 
Oct/05/2021 09:12:27 ipsec KA list add: <chr-ip>[4500]-><cli-ip>[1076]
Oct/05/2021 09:12:28 ipsec,debug ===== received 4160 bytes from <cli-ip>[15339] to <chr-ip>[4500]
Oct/05/2021 09:12:28 ipsec -> ike2 request, exchange: AUTH:1 <cli-ip>[15339] e4b9734ebf0a74e5:deda2bca2a98b9f9
Oct/05/2021 09:12:28 ipsec peer ports changed: 1076 -> 15339
Oct/05/2021 09:12:28 ipsec KA remove: <chr-ip>[4500]-><cli-ip>[1076]
Oct/05/2021 09:12:28 ipsec,debug KA tree dump: <chr-ip>[4500]-><cli-ip>[1076] (in_use=1)
Oct/05/2021 09:12:28 ipsec,debug KA tree dump: <chr-ip>[4500]-><cli-ip>[1076] (in_use=1)
Oct/05/2021 09:12:28 ipsec,debug KA removing this one...
Oct/05/2021 09:12:28 ipsec KA list add: <chr-ip>[4500]-><cli-ip>[15339]
Oct/05/2021 09:12:28 ipsec payload seen: ENC (4132 bytes)
Oct/05/2021 09:12:28 ipsec processing payload: ENC
Oct/05/2021 09:12:28 ipsec,debug => iv (size 0x10)
Oct/05/2021 09:12:28 ipsec,debug 85348391 79571f8f 8e86395c eb1a1a8d
Oct/05/2021 09:12:28 ipsec,debug => plain payload (trimmed) (first 0x100 of 0xff3)
Oct/05/2021 09:12:28 ipsec,debug 25000036 09000000 302c310b 30090603 55040613 02504c31 1d301b06 03550403
Oct/05/2021 09:12:28 ipsec,debug 0c146974 4076706e 2e6d6574 6669782e 636f6d2e 706c2600 057c0430 82057330
Oct/05/2021 09:12:28 ipsec,debug 82035ba0 03020102 0208171b d46b5d1b d0ce300d 06092a86 4886f70d 01010b05
Oct/05/2021 09:12:28 ipsec,debug 00302531 0b300906 03550406 1302504c 31163014 06035504 030c0d4d 45544649
Oct/05/2021 09:12:28 ipsec,debug 582d5650 4e204341 301e170d 32313039 32373132 32393231 5a170d33 31303932
Oct/05/2021 09:12:28 ipsec,debug 35313232 3932315a 302c310b 30090603 55040613 02504c31 1d301b06 03550403
Oct/05/2021 09:12:28 ipsec,debug 0c146974 4076706e 2e6d6574 6669782e 636f6d2e 706c3082 0222300d 06092a86
Oct/05/2021 09:12:28 ipsec,debug 4886f70d 01010105 00038202 0f003082 020a0282 020100c3 f03ffa8f 4f13d155
Oct/05/2021 09:12:28 ipsec,debug decrypted
Oct/05/2021 09:12:28 ipsec payload seen: ID_I (54 bytes)
Oct/05/2021 09:12:28 ipsec payload seen: CERT (1404 bytes)
Oct/05/2021 09:12:28 ipsec payload seen: CERTREQ (1865 bytes)
Oct/05/2021 09:12:28 ipsec payload seen: AUTH (520 bytes)
Oct/05/2021 09:12:28 ipsec payload seen: NOTIFY (8 bytes)
Oct/05/2021 09:12:28 ipsec payload seen: CONFIG (24 bytes)
Oct/05/2021 09:12:28 ipsec payload seen: SA (80 bytes)
Oct/05/2021 09:12:28 ipsec payload seen: TS_I (64 bytes)
Oct/05/2021 09:12:28 ipsec payload seen: TS_R (64 bytes)
Oct/05/2021 09:12:28 ipsec processing payloads: NOTIFY
Oct/05/2021 09:12:28 ipsec   notify: MOBIKE_SUPPORTED
Oct/05/2021 09:12:28 ipsec ike auth: respond
Oct/05/2021 09:12:28 ipsec processing payload: ID_I
Oct/05/2021 09:12:28 ipsec ID_I (DER DN): CN=it@vpn.firma.com.pl,C=PL,ST=,L=,O=,OU=,SN=
Oct/05/2021 09:12:28 ipsec processing payload: ID_R (not found)
Oct/05/2021 09:12:28 ipsec processing payload: AUTH
Oct/05/2021 09:12:28 ipsec processing payload: CERT
Oct/05/2021 09:12:28 ipsec got CERT: CN=it@vpn.firma.com.pl,C=PL,ST=,L=,O=,OU=,SN=
Oct/05/2021 09:12:28 ipsec,debug => (size 0x577)
Oct/05/2021 09:12:28 ipsec,debug 30820573 3082035b a0030201 02020817 1bd46b5d 1bd0ce30 0d06092a 864886f7
Oct/05/2021 09:12:28 ipsec,debug 0d01010b 05003025 310b3009 06035504 06130250 4c311630 14060355 04030c0d
Oct/05/2021 09:12:28 ipsec,debug 4d455446 49582d56 504e2043 41301e17 0d323130 39323731 32323932 315a170d
Oct/05/2021 09:12:28 ipsec,debug 33313039 32353132 32393231 5a302c31 0b300906 03550406 1302504c 311d301b
Oct/05/2021 09:12:28 ipsec,debug 06035504 030c1469 74407670 6e2e6d65 74666978 2e636f6d 2e706c30 82022230
Oct/05/2021 09:12:28 ipsec,debug 0d06092a 864886f7 0d010101 05000382 020f0030 82020a02 82020100 c3f03ffa
Oct/05/2021 09:12:28 ipsec,debug 8f4f13d1 5572c9f4 f9c4bb3b 506ed8a8 a702d586 a8609aca b939bed7 5c29aa85
Oct/05/2021 09:12:28 ipsec,debug 15e573a0 6d9349bc e971a257 ee53b6f1 f89bf970 bfda9dd3 7c49fc01 036413cc
Oct/05/2021 09:12:28 ipsec,debug 
Oct/05/2021 09:12:28 ipsec,debug cc8e2c5d a67e6d84 de672bcb 05d4f693 06240fa5 b4af92a1 256d6f3c 74c24137
Oct/05/2021 09:12:28 ipsec,debug 2c49aeec 8bc089dc cf394d33 caa8e3f7 bc1aeba7 aa0d7cf4 bc2d1bdf 3876ef0c
Oct/05/2021 09:12:28 ipsec,debug 1104a166 66980f0c 76b20150 24494769 ae4f44c0 4ebaf7b2 8b24a1e3 36d2ded6
Oct/05/2021 09:12:28 ipsec,debug 3b7b0184 3de63908 adefd367 3ed6b53b 713db4a7 e78195da 5da44316 34db9beb
Oct/05/2021 09:12:28 ipsec,debug cce989e9 a23aa2c8 7640c596 5ddf51e6 9476e28b da76cd76 ef928979 1756c252
Oct/05/2021 09:12:28 ipsec,debug 8d1632a2 6a659331 57ecf9d9 ea9e893e ac166bf9 cde0b538 7fb2ef8c 2b6f24aa
Oct/05/2021 09:12:28 ipsec,debug bedb838c b4b5b932 e3c63566 32d6b3f0 72126dd1 7c2e3b02 f468c642 1a7baf40
Oct/05/2021 09:12:28 ipsec,debug c739b56b 2c313e54 436bc634 5568015c f9f3cc0e 9aaa0283 d0a6a7be 6dcb8250
Oct/05/2021 09:12:28 ipsec,debug 
Oct/05/2021 09:12:28 ipsec,debug c3d6088e 3ed9e402 4e4123fb 1acdb1d3 bb037be3 b2779bcb 38c08dd4 b5c80274
Oct/05/2021 09:12:28 ipsec,debug c236fd07 44ea65a1 19d9f107 cb9767cd 389c0152 d8eb0f6f ef4e63d2 2abc12fb
Oct/05/2021 09:12:28 ipsec,debug 146e181a ccfaaab7 43459034 ececee4a 2092ad20 50e93486 09bb88ab 5467a3ad
Oct/05/2021 09:12:28 ipsec,debug bf611dd3 78bcf2db 9e6b2180 bfed1a73 2d47f625 874d2d00 877e0783 afc1227f
Oct/05/2021 09:12:28 ipsec,debug 899b30cf 638b74ef f6c06369 bc4fde55 90f7d899 128fbe4c 88bc1bb6 b6ea7b2c
Oct/05/2021 09:12:28 ipsec,debug 27753475 9901eb10 e5fb19be 1b033d55 5b9d8c80 6b085409 ebdd8cc3 02030100
Oct/05/2021 09:12:28 ipsec,debug 01a3819f 30819c30 13060355 1d25040c 300a0608 2b060105 05070302 301d0603
Oct/05/2021 09:12:28 ipsec,debug 551d0e04 16041400 25852a53 23bb3c7e 7cdbb262 a6988df2 a2e30a30 1f060355
Oct/05/2021 09:12:28 ipsec,debug 
Oct/05/2021 09:12:28 ipsec,debug 1d230418 30168014 02f7c925 b5c32cbc ae6dfa9d 3efe8738 62606e64 301f0603
Oct/05/2021 09:12:28 ipsec,debug 551d1104 18301681 14697440 76706e2e 6d657466 69782e63 6f6d2e70 6c302406
Oct/05/2021 09:12:28 ipsec,debug 09608648 0186f842 010d0417 16154765 6e657261 74656420 62792052 6f757465
Oct/05/2021 09:12:28 ipsec,debug 724f5330 0d06092a 864886f7 0d01010b 05000382 020100a3 0bd91890 8b7b899b
Oct/05/2021 09:12:28 ipsec,debug c86aa0ba 3ca522d8 40722c32 5171690a b2ef5935 748b4b53 4b446e5a 4f05c346
Oct/05/2021 09:12:28 ipsec,debug 110171d8 68fd1ea5 f0b38c79 3dd56f1f 92b0915d 404a16c3 fcfe2dfb 5cdbc733
Oct/05/2021 09:12:28 ipsec,debug 23fe9c7a 90f8e37f 6f5484c7 7332a8b8 2f204717 67a21eb6 d2973e9c 61eb3c95
Oct/05/2021 09:12:28 ipsec,debug 2828b64d d3ec0de6 f7e85ca2 0dd68ffb a03e6460 ecdeb880 765473e8 c32d3bc2
Oct/05/2021 09:12:28 ipsec,debug 
Oct/05/2021 09:12:28 ipsec,debug 480a25fb 2a6ef006 150a0f0c b839350d c64a60c9 4903a3a8 48667261 05302106
Oct/05/2021 09:12:28 ipsec,debug ea99cae3 a404b03f 2356979e e24c8dab 90bf77f8 7f4baa5b 147604ea bac3ba40
Oct/05/2021 09:12:28 ipsec,debug 68c4b72f 62081474 1e43e2fb 61ea624f af6a34ac fc237956 6f150ff9 990e3cc9
Oct/05/2021 09:12:28 ipsec,debug 3d5e078d 6e5ac8c5 e26a4146 47fb49e7 0523db90 43b9818b 376aeb9c 19ba62c8
Oct/05/2021 09:12:28 ipsec,debug 1f2be09c 0448844c cb595689 41b3ba1e 4d3181e4 54259704 0d847294 97038c05
Oct/05/2021 09:12:28 ipsec,debug 6873013a 567a59d3 8c4aed3f 95f8481c c192c942 60b56da3 74358688 38654808
Oct/05/2021 09:12:28 ipsec,debug 2e825699 8a651c3d 31fb763d f779408b c191c215 64fdf52a 7a734760 94e89fe1
Oct/05/2021 09:12:28 ipsec,debug e531a272 8633c238 3eb19c12 df243901 23217fff 71101e98 ff304cda 518f9cb5
Oct/05/2021 09:12:28 ipsec,debug 
Oct/05/2021 09:12:28 ipsec,debug 6d4aac04 60cf10c4 7288c5de 952cab51 965a21c1 527846c7 26cd1535 1716329e
Oct/05/2021 09:12:28 ipsec,debug 294d0653 9cf87ca4 42581f59 9730542d 081df53d 601a9fe6 ac7832ef 5129f0a2
Oct/05/2021 09:12:28 ipsec,debug 34c91194 faf962e8 5d7a1c97 6d0abdfb b4e86cc9 85412c40 44cb6a31 bede1ca2
Oct/05/2021 09:12:28 ipsec,debug 35594ba0 cb358146 738fe01e 2ba8aa53 2c032c8f 1b8a57
Oct/05/2021 09:12:28 ipsec processing payloads: NOTIFY
Oct/05/2021 09:12:28 ipsec   notify: MOBIKE_SUPPORTED
Oct/05/2021 09:12:28 ipsec processing payload: AUTH
Oct/05/2021 09:12:28 ipsec requested auth method: RSA
Oct/05/2021 09:12:28 ipsec,debug => peer's auth (first 0x100 of 0x200)
Oct/05/2021 09:12:28 ipsec,debug 8c0b3fa0 d842c941 d46c8bb7 8628fcea f98fa493 89889bb2 8e9263ea 0983dba3
Oct/05/2021 09:12:28 ipsec,debug eb5e4ffc 893cfb4a 3740bcc6 6b5120e4 7b7b123f ad4772fe cbc4ca4c d96d5487
Oct/05/2021 09:12:28 ipsec,debug 03e75f07 4e3ead4c 3e554c53 eb50b2ba 23d76c00 19fb2a5c f6da76e4 76141a3e
Oct/05/2021 09:12:28 ipsec,debug 07589370 5d400797 738bc5db fad3a6f8 505acb5c b0a347a9 157921ba 054db881
Oct/05/2021 09:12:28 ipsec,debug f01dd8b4 38ce14aa 36d488c1 2595fb53 a65e66fa 79497298 e023e858 0b5f4053
Oct/05/2021 09:12:28 ipsec,debug b5b46775 5352b383 f6bcd3c2 3d9a3d2a ff0447b4 8d498cd4 659ebf8c 958c949f
Oct/05/2021 09:12:28 ipsec,debug 508aa4d6 143c4436 a69cf403 61b6b098 235c5f36 cf846705 615236d1 515256f8
Oct/05/2021 09:12:28 ipsec,debug d36301b5 877eabae 0e656c4d 2e385ac1 d1ad6f68 51162274 30d56da8 de3a435a
Oct/05/2021 09:12:28 ipsec,debug => auth nonce (size 0x18)
Oct/05/2021 09:12:28 ipsec,debug 5521ecbd 1d47809e 1f5781c2 0a225a8e 621408f9 ccf155c7
Oct/05/2021 09:12:28 ipsec,debug => SK_p (size 0x20)
Oct/05/2021 09:12:28 ipsec,debug 318d2cd9 93288c92 62718ae6 b3d8fcf6 8c3cb97e e90c9965 5449fbba 493fd929
Oct/05/2021 09:12:28 ipsec,debug => idhash (size 0x20)
Oct/05/2021 09:12:28 ipsec,debug 2fde1e20 9734df42 de8457a6 09bdee36 d9c40719 df6182ef 123b11c6 09cc4e60
Oct/05/2021 09:12:28 ipsec,info,account peer authorized: <chr-ip>[4500]-<cli-ip>[15339] spi:deda2bca2a98b9f9:e4b9734ebf0a74e5
Oct/05/2021 09:12:28 ipsec processing payloads: NOTIFY
Oct/05/2021 09:12:28 ipsec   notify: MOBIKE_SUPPORTED
Oct/05/2021 09:12:28 ipsec peer wants tunnel mode
Oct/05/2021 09:12:28 ipsec processing payload: CONFIG
Oct/05/2021 09:12:28 ipsec   attribute: internal IPv4 address
Oct/05/2021 09:12:28 ipsec   attribute: internal IPv4 DNS
Oct/05/2021 09:12:28 ipsec   attribute: internal IPv4 NBNS
Oct/05/2021 09:12:28 ipsec   attribute: MS internal IPv4 server
Oct/05/2021 09:12:28 ipsec processing payload: TS_I
Oct/05/2021 09:12:28 ipsec 0.0.0.0/0
Oct/05/2021 09:12:28 ipsec [::/0]
Oct/05/2021 09:12:28 ipsec processing payload: TS_R
Oct/05/2021 09:12:28 ipsec 0.0.0.0/0
Oct/05/2021 09:12:28 ipsec [::/0]
Oct/05/2021 09:12:28 ipsec TSi in tunnel mode replaced with config address: 10.87.88.0/24
Oct/05/2021 09:12:28 ipsec canditate selectors: 0.0.0.0/0 <=> 10.87.88.20
Oct/05/2021 09:12:28 ipsec canditate selectors: [::/0] <=> [::/0]
Oct/05/2021 09:12:28 ipsec processing payload: SA
Oct/05/2021 09:12:28 ipsec IKE Protocol: ESP
Oct/05/2021 09:12:28 ipsec  proposal #1
Oct/05/2021 09:12:28 ipsec   enc: aes256-cbc
Oct/05/2021 09:12:28 ipsec   auth: sha1
Oct/05/2021 09:12:28 ipsec  proposal #2
Oct/05/2021 09:12:28 ipsec   enc: 3des-cbc
Oct/05/2021 09:12:28 ipsec   auth: sha1
Oct/05/2021 09:12:28 ipsec searching for policy for selector: 0.0.0.0/0 <=> 10.87.88.20
Oct/05/2021 09:12:28 ipsec generating policy
Oct/05/2021 09:12:28 ipsec matched proposal:
Oct/05/2021 09:12:28 ipsec  proposal #1
Oct/05/2021 09:12:28 ipsec   enc: aes256-cbc
Oct/05/2021 09:12:28 ipsec   auth: sha1
Oct/05/2021 09:12:28 ipsec ike auth: finish
Oct/05/2021 09:12:28 ipsec ID_R (FQDN): vpn.firma.com.pl
Oct/05/2021 09:12:28 ipsec processing payload: NONCE
Oct/05/2021 09:12:28 ipsec,debug => auth nonce (size 0x30)
Oct/05/2021 09:12:28 ipsec,debug cc71c8e8 e798dbd0 0926b59c 753986fe 8c30d194 368609f6 2ba05f38 bd5f8bf4
Oct/05/2021 09:12:28 ipsec,debug c08f45cf 3fc8bd9d 8483b74d 17c4cd3c
Oct/05/2021 09:12:28 ipsec,debug => SK_p (size 0x20)
Oct/05/2021 09:12:28 ipsec,debug bc658756 7afb0ee9 2183598d 9471ee1b 627b14be 0fd51f00 f317dbef e7832477
Oct/05/2021 09:12:28 ipsec,debug => idhash (size 0x20)
Oct/05/2021 09:12:28 ipsec,debug 0161f8fc f340b9c9 aee616dd 92507f63 797dbf2e b56d8ebd e066ba81 509d52b5
Oct/05/2021 09:12:28 ipsec,debug => my auth (first 0x100 of 0x200)
Oct/05/2021 09:12:28 ipsec,debug 9bd9715b 55a3d0b3 33f893e2 f7940277 0d5455fe dff62f86 23434710 0ae3ed1c
Oct/05/2021 09:12:28 ipsec,debug cddc96da bae6366d 0dd41ff3 cd577e22 afe85921 42886c07 b3aae57e b3a52fd4
Oct/05/2021 09:12:28 ipsec,debug 515730ce a4004069 c0a8d053 a54fd9df f5d740c3 3ca15714 c6ddb9f5 0416a65a
Oct/05/2021 09:12:28 ipsec,debug 8cd92234 c9da86e3 26cee5a1 b752cd65 cbf6011c 50acb917 77d04816 03bdb40d
Oct/05/2021 09:12:28 ipsec,debug efc24fef 6a1930d5 079a3f5f cf78b419 c60a61bb 87e56b48 084a6f2f 44f2900c
Oct/05/2021 09:12:28 ipsec,debug 14101635 09455327 3b3c1bff 62eb0674 4e890665 a9e9aa5b 0b7c43ac 245ec592
Oct/05/2021 09:12:28 ipsec,debug 310d27ef 0087f98d dbab30ce 96575f34 5887a1a3 3212ce86 e970c190 0612d0ad
Oct/05/2021 09:12:28 ipsec,debug 2c1c3afa 1d165ab5 895b5551 6d7a2e38 8d5ad9ec cd3e34e3 080a2e6d ca0f6269
Oct/05/2021 09:12:28 ipsec cert: CN=vpn.firma.com.pl,C=PL,ST=,L=,O=,OU=,SN=
Oct/05/2021 09:12:28 ipsec adding payload: CERT
Oct/05/2021 09:12:28 ipsec,debug => (first 0x100 of 0x586)
Oct/05/2021 09:12:28 ipsec,debug 00000586 04308205 7d308203 65a00302 01020208 17afbd1a 53c75675 300d0609
Oct/05/2021 09:12:28 ipsec,debug 2a864886 f70d0101 0b050030 25310b30 09060355 04061302 504c3116 30140603
Oct/05/2021 09:12:28 ipsec,debug 5504030c 0d4d4554 4649582d 56504e20 4341301e 170d3231 30363133 31353336
Oct/05/2021 09:12:28 ipsec,debug 33375a17 0d333130 36313131 35333633 375a3029 310b3009 06035504 06130250
Oct/05/2021 09:12:28 ipsec,debug 4c311a30 18060355 04030c11 76706e2e 6d657466 69782e63 6f6d2e70 6c308202
Oct/05/2021 09:12:28 ipsec,debug 22300d06 092a8648 86f70d01 01010500 0382020f 00308202 0a028202 0100b177
Oct/05/2021 09:12:28 ipsec,debug ee271bd4 4f0ca4d6 b9514a8c 7265607f 6dca6a7a d074b7d1 ebac5ffd 3b66f252
Oct/05/2021 09:12:28 ipsec,debug bc58dfc9 663807aa 38c1b513 b681b523 b2347d2d 8e22eaf9 07be6d7c 2507c013
Oct/05/2021 09:12:28 ipsec adding payload: ID_R
Oct/05/2021 09:12:28 ipsec,debug => (size 0x19)
Oct/05/2021 09:12:28 ipsec,debug 00000019 02000000 76706e2e 6d657466 69782e63 6f6d2e70 6c
Oct/05/2021 09:12:28 ipsec adding payload: AUTH
Oct/05/2021 09:12:28 ipsec,debug => (first 0x100 of 0x208)
Oct/05/2021 09:12:28 ipsec,debug 00000208 01000000 9bd9715b 55a3d0b3 33f893e2 f7940277 0d5455fe dff62f86
Oct/05/2021 09:12:28 ipsec,debug 23434710 0ae3ed1c cddc96da bae6366d 0dd41ff3 cd577e22 afe85921 42886c07
Oct/05/2021 09:12:28 ipsec,debug b3aae57e b3a52fd4 515730ce a4004069 c0a8d053 a54fd9df f5d740c3 3ca15714
Oct/05/2021 09:12:28 ipsec,debug c6ddb9f5 0416a65a 8cd92234 c9da86e3 26cee5a1 b752cd65 cbf6011c 50acb917
Oct/05/2021 09:12:28 ipsec,debug 77d04816 03bdb40d efc24fef 6a1930d5 079a3f5f cf78b419 c60a61bb 87e56b48
Oct/05/2021 09:12:28 ipsec,debug 084a6f2f 44f2900c 14101635 09455327 3b3c1bff 62eb0674 4e890665 a9e9aa5b
Oct/05/2021 09:12:28 ipsec,debug 0b7c43ac 245ec592 310d27ef 0087f98d dbab30ce 96575f34 5887a1a3 3212ce86
Oct/05/2021 09:12:28 ipsec,debug e970c190 0612d0ad 2c1c3afa 1d165ab5 895b5551 6d7a2e38 8d5ad9ec cd3e34e3
Oct/05/2021 09:12:28 ipsec preparing internal IPv4 address
Oct/05/2021 09:12:28 ipsec preparing internal IPv4 netmask
Oct/05/2021 09:12:28 ipsec preparing internal IPv6 subnet
Oct/05/2021 09:12:28 ipsec preparing internal IPv4 DNS
Oct/05/2021 09:12:28 ipsec adding payload: CONFIG
Oct/05/2021 09:12:28 ipsec,debug => (size 0x2c)
Oct/05/2021 09:12:28 ipsec,debug 0000002c 02000000 00010004 0a575814 00020004 ffffff00 000d0008 ac160000
Oct/05/2021 09:12:28 ipsec,debug ffff0000 00030004 ac160a01
Oct/05/2021 09:12:28 ipsec initiator selector: 10.87.88.20
Oct/05/2021 09:12:28 ipsec adding payload: TS_I
Oct/05/2021 09:12:28 ipsec,debug => (size 0x18)
Oct/05/2021 09:12:28 ipsec,debug 00000018 01000000 07000010 0000ffff 0a575814 0a575814
Oct/05/2021 09:12:28 ipsec responder selector: 0.0.0.0/0
Oct/05/2021 09:12:28 ipsec adding payload: TS_R
Oct/05/2021 09:12:28 ipsec,debug => (size 0x18)
Oct/05/2021 09:12:28 ipsec,debug 00000018 01000000 07000010 0000ffff 00000000 ffffffff
Oct/05/2021 09:12:28 ipsec adding payload: SA
Oct/05/2021 09:12:28 ipsec,debug => (size 0x2c)
Oct/05/2021 09:12:28 ipsec,debug 0000002c 00000028 01030403 084e465d 0300000c 0100000c 800e0100 03000008
Oct/05/2021 09:12:28 ipsec,debug 03000002 00000008 05000000
Oct/05/2021 09:12:28 ipsec <- ike2 reply, exchange: AUTH:1 <cli-ip>[15339] e4b9734ebf0a74e5:deda2bca2a98b9f9
Oct/05/2021 09:12:28 ipsec,debug ===== sending 2384 bytes from <chr-ip>[4500] to <cli-ip>[15339]
Oct/05/2021 09:12:28 ipsec,debug 1 times of 2388 bytes message will be sent to <cli-ip>[15339]
Oct/05/2021 09:12:28 ipsec,debug => child keymat (size 0x80)
Oct/05/2021 09:12:28 ipsec,debug 3814f8bd 1bce522c 02f3c614 536c4856 f503c411 9c8e79d3 62030055 42cde4bb
Oct/05/2021 09:12:28 ipsec,debug cd62151b 73c48970 7ea6d8f1 4fc16d4f 2915afba 082258d3 9b29e32e 90fabf06
Oct/05/2021 09:12:28 ipsec,debug 079979dd 7267999a 6b727e04 48bc0b5d 00df4ff3 9c324733 d422c546 900daf49
Oct/05/2021 09:12:28 ipsec,debug 5b44c6d2 e6305382 a4cfd03d dd7e293a 0e69b8ec da23a336 32602094 95f33a60
Oct/05/2021 09:12:28 ipsec IPsec-SA established: <cli-ip>[15339]-><chr-ip>[4500] spi=0x84e465d
Oct/05/2021 09:12:28 ipsec IPsec-SA established: <chr-ip>[4500]-><cli-ip>[15339] spi=0x30f81f68
Oct/05/2021 09:12:29 ipsec,debug ===== received 4160 bytes from <cli-ip>[15339] to <chr-ip>[4500]
Oct/05/2021 09:12:29 ipsec -> ike2 request, exchange: AUTH:1 <cli-ip>[15339] e4b9734ebf0a74e5:deda2bca2a98b9f9
Oct/05/2021 09:12:29 ipsec reply retransmission
Oct/05/2021 09:12:29 ipsec,debug ===== sending 2384 bytes from <chr-ip>[4500] to <cli-ip>[15339]
Oct/05/2021 09:12:29 ipsec,debug 1 times of 2388 bytes message will be sent to <cli-ip>[15339]
Oct/05/2021 09:12:30 ipsec,debug ===== received 4160 bytes from <cli-ip>[15339] to <chr-ip>[4500]
Oct/05/2021 09:12:30 ipsec -> ike2 request, exchange: AUTH:1 <cli-ip>[15339] e4b9734ebf0a74e5:deda2bca2a98b9f9
Oct/05/2021 09:12:30 ipsec reply retransmission
Oct/05/2021 09:12:30 ipsec,debug ===== sending 2384 bytes from <chr-ip>[4500] to <cli-ip>[15339]
Oct/05/2021 09:12:30 ipsec,debug 1 times of 2388 bytes message will be sent to <cli-ip>[15339]
Oct/05/2021 09:12:30 ipsec,debug KA: <chr-ip>[4500]-><cli2-ip>[30243]
Oct/05/2021 09:12:30 ipsec,debug 1 times of 1 bytes message will be sent to <cli2-ip>[30243]
Oct/05/2021 09:12:30 ipsec,debug KA: <chr-ip>[4500]-><cli-ip>[15339]
Oct/05/2021 09:12:30 ipsec,debug 1 times of 1 bytes message will be sent to <cli-ip>[15339]
Oct/05/2021 09:12:50 ipsec,debug KA: <chr-ip>[4500]-><cli2-ip>[30243]
Oct/05/2021 09:12:50 ipsec,debug 1 times of 1 bytes message will be sent to <cli2-ip>[30243]
Oct/05/2021 09:12:50 ipsec,debug KA: <chr-ip>[4500]-><cli-ip>[15339]
Oct/05/2021 09:12:50 ipsec,debug 1 times of 1 bytes message will be sent to <cli-ip>[15339]

SiB · October 5, 2021, 11:56pm

Hello,
I not see a obviouse problem from log.
The “policy for selector: 0.0.0.0/0 <=> 10.87.88.20” - I not like to use that type of network like 0.0.0.0/0 inside policy of ipsec and few times people who do smaller subnet fix they strange behavior. This is of course my guess in topic.
Other users here probably want a ipsec & firewall export to analyze situation.

PS. Fajna domena firma.com.pl :D.

th0massin0 · October 6, 2021, 9:15am

If Windows client tries to connect; and the policy is auto-generated; src-address will be 0.0.0.0/0 .
Domena obfuskowna

SiB · October 6, 2021, 10:10am

a IPSec Peer IP 0.0.0.0/0 in Phase1 can be used because you not know a remote IP of person who will connect to you, this is ok.
a IPSec Policy Src-Address is that network e.g. your LAN who will be at your site for that roadwarior’s and this can be configured by Default Policy. Each end-user who is connected have got a D=Dynamic entry in policy tab, true? That policy is created by Default Template you use. This can be configured and I say about this :).

I not know if some forum guru watch this thread, I am not a guru of IPSec but I use them a lot for Site2Site setups.