Hello,
I’m trying to setup a Site-to-Site VPN configuration for my Mikrotik router and a VPS that is located somewhere else on the internet. I’m currently following this guide: https://rbgeek.wordpress.com/2014/04/29/linux-ipsec-site-to-site-vpn-aws-vpc-mikrotik-router/. My config has deviated significantly from this guide because it didn’t work out-of-the-box.
In the following logs / configuration files x.x.x.x is the Mikrotik router, and y.y.y.y is the remote site running StrongSwan.
Here are my router logs:
e5d43cde 70c9d89a
10:09:47 ipsec,debug,packet 0a0000b8 00000001 00000001 000000ac 00030405 cbb109ca
03000020 010c0000
10:09:47 ipsec,debug,packet 80060080 80050005 80030002 80040003 80010001 80020e10
03000020 020c0000
10:09:47 ipsec,debug,packet 80060080 80050002 80030002 80040003 80010001 80020e10
03000020 030c0000
10:09:47 ipsec,debug,packet 80060100 80050006 80030002 80040003 80010001 80020e10
03000020 040c0000
10:09:47 ipsec,debug,packet 80060100 80050005 80030002 80040003 80010001 80020e10
00000020 050c0000
10:09:47 ipsec,debug,packet 80060100 80050002 80030002 80040003 80010001 80020e10
04000024 7b99ef9a
10:09:47 ipsec,debug,packet b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d c052cf04
7b93efa9 05000084
10:09:47 ipsec,debug,packet 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f 3aecdb1d
45d9e08e d3c71cb3
10:09:47 ipsec,debug,packet 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963 6a3de8bd
0db6d621 93718d98
10:09:47 ipsec,debug,packet bc18dec5 0004224d 227953e3 b969c697 577bdc53 18a57268
0e73a9d7 ccd6fd28
10:09:47 ipsec,debug,packet b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1 ec645893
5ba1f519 4b9e45f9
10:09:47 ipsec,debug,packet 0500000c 01000000 a758710c 0000000c 01000000 689c6418
00000000
10:09:47 ipsec,debug,packet begin.
10:09:47 ipsec,debug,packet seen nptype=8(hash)
10:09:47 ipsec,debug,packet seen nptype=1(sa)
10:09:47 ipsec,debug,packet seen nptype=10(nonce)
10:09:47 ipsec,debug,packet seen nptype=4(ke)
10:09:47 ipsec,debug,packet seen nptype=5(id)
10:09:47 ipsec,debug,packet seen nptype=5(id)
10:09:47 ipsec,debug,packet succeed.
10:09:47 ipsec,debug,packet received IDci2:
10:09:47 ipsec,debug,packet 01000000 a758710c
10:09:47 ipsec,debug,packet received IDcr2:
10:09:47 ipsec,debug,packet 01000000 689c6418
10:09:47 ipsec,debug,packet HASH(1) validate:
10:09:47 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:09:47 ipsec,debug,packet HASH with:
10:09:47 ipsec,debug,packet f118b66a 0a0000b8 00000001 00000001 000000ac 00030405
cbb109ca 03000020
10:09:47 ipsec,debug,packet 010c0000 80060080 80050005 80030002 80040003 80010001
80020e10 03000020
10:09:47 ipsec,debug,packet 020c0000 80060080 80050002 80030002 80040003 80010001
80020e10 03000020
10:09:47 ipsec,debug,packet 030c0000 80060100 80050006 80030002 80040003 80010001
80020e10 03000020
10:09:47 ipsec,debug,packet 040c0000 80060100 80050005 80030002 80040003 80010001
80020e10 00000020
10:09:47 ipsec,debug,packet 050c0000 80060100 80050002 80030002 80040003 80010001
80020e10 04000024
10:09:47 ipsec,debug,packet 7b99ef9a b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d
c052cf04 7b93efa9
10:09:47 ipsec,debug,packet 05000084 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f
3aecdb1d 45d9e08e
10:09:47 ipsec,debug,packet d3c71cb3 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963
6a3de8bd 0db6d621
10:09:47 ipsec,debug,packet 93718d98 bc18dec5 0004224d 227953e3 b969c697 577bdc53
18a57268 0e73a9d7
10:09:47 ipsec,debug,packet ccd6fd28 b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1
ec645893 5ba1f519
10:09:47 ipsec,debug,packet 4b9e45f9 0500000c 01000000 a758710c 0000000c 01000000
689c6418
10:09:47 ipsec,debug,packet hmac(hmac_sha2_256)
10:09:47 ipsec,debug,packet HASH computed:
10:09:47 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:09:47 ipsec,debug,packet get a src address from ID payload y.y.y.y[0] pre
fixlen=32 ul_proto=255
10:09:47 ipsec,debug,packet get dst address from ID payload x.x.x.x[0] pref
ixlen=32 ul_proto=255
10:09:47 ipsec,debug,packet 0x7fb9a360 masked with /16: 167.88.0.0[0]
10:09:47 ipsec,debug,packet 0x478aa0 masked with /16: 10.100.0.0[0]
10:09:47 ipsec,debug no policy found: y.y.y.y/32[0] x.x.x.x/32[0] pro
to=any dir=in
[b]10:09:47 ipsec,debug failed to get proposal for responder.
10:09:47 ipsec,error failed to pre-process ph2 packet. [/b]
10:09:51 ipsec,debug,packet ==========
10:09:51 ipsec,debug,packet 444 bytes message received from y.y.y.y[4500] to
x.x.x.x[4500]
10:09:51 ipsec,debug,packet 89920023 82b50330 82e5f1cd d7812915 08102001 f118b66a
000001bc 38d644ea
10:09:51 ipsec,debug,packet bca91849 1e36a7a4 6a6c175a 7e5e98e9 9de6b5f7 c614dfaa
05511ed0 26be3d38
10:09:51 ipsec,debug,packet 426349eb 1fdf6d6f cf54a31f 5411072b 49bf496e 03fd2939
367b0540 9f664bd9
10:09:51 ipsec,debug,packet 352213a3 dceb6df9 374062bb f7813d1c 7dd22725 1dcca0df
a9a49ab0 b96589ea
10:09:51 ipsec,debug,packet a05a25a9 5b2d1021 1460a927 bff0bd42 6698fa67 a462d94f
2f236a77 6434dcf5
10:09:51 ipsec,debug,packet c4e7b2da dbd9d855 45d7b69e 3350e7d7 ae935e3b 5b0cd764
b7514f02 d44da6fa
10:09:51 ipsec,debug,packet 76f54b05 5abe0be1 9d2cea26 bdeb04f8 e9fafd0f f692ff56
285c81d9 48f87be7
10:09:51 ipsec,debug,packet 200d719a 0dc5c47f 9586d675 1d6db380 cdc33187 778092c0
d00508de adb5ef77
10:09:51 ipsec,debug,packet d96615b1 0a778807 a9c35494 1b11c606 07572e6f b074fd6f
5aed52bd f24a0665
10:09:51 ipsec,debug,packet 33458020 8a912c99 aaaa4237 f825f69a 08a1419e 1da84af6
ab83fad0 d5395387
10:09:51 ipsec,debug,packet 63e336d0 b9ae8a57 b2f33f40 392712c9 155e81b7 4f9b3b8d
8001e73a 70404b3f
10:09:51 ipsec,debug,packet 2cd0e70d dfeaff5b 16c97b86 e07411ee f3bb05aa 5b27cec3
8933d143 72ab54b0
10:09:51 ipsec,debug,packet 54d26bd3 86a97cac 851024a6 11e76523 b85b8f56 a15e9b88
7d67b260 99c5f7e3
10:09:51 ipsec,debug,packet 54a52f86 22df51d1 2ee08f6a f8a1f878 a501ad37 5ddb3a69
c0d70a8c
10:09:51 ipsec,debug,packet compute IV for phase2
10:09:51 ipsec,debug,packet phase1 last IV:
10:09:51 ipsec,debug,packet eee07590 df944610 854d7617 9fe32714 f118b66a
10:09:51 ipsec,debug,packet hash(sha2_256)
10:09:51 ipsec,debug,packet encryption(aes)
10:09:51 ipsec,debug,packet phase2 IV computed:
10:09:51 ipsec,debug,packet a7db0367 593e3ca9 16ae3eb2 113c6237
10:09:51 ipsec,debug,packet ===
10:09:51 ipsec,debug respond new phase 2 negotiation: x.x.x.x[4500]<=>y.y.y.y[4500]
10:09:51 ipsec,debug,packet encryption(aes)
10:09:51 ipsec,debug,packet IV was saved for next processing:
10:09:51 ipsec,debug,packet f8a1f878 a501ad37 5ddb3a69 c0d70a8c
10:09:51 ipsec,debug,packet encryption(aes)
10:09:51 ipsec,debug,packet with key:
10:09:51 ipsec,debug,packet REDACTED
10:09:51 ipsec,debug,packet decrypted payload by IV:
10:09:51 ipsec,debug,packet a7db0367 593e3ca9 16ae3eb2 113c6237
10:09:51 ipsec,debug,packet decrypted payload, but not trimed.
10:09:51 ipsec,debug,packet 01000024 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a
d064e242 e5d43cde
10:09:51 ipsec,debug,packet 70c9d89a 0a0000b8 00000001 00000001 000000ac 00030405
cbb109ca 03000020
10:09:51 ipsec,debug,packet 010c0000 80060080 80050005 80030002 80040003 80010001
80020e10 03000020
10:09:51 ipsec,debug,packet 020c0000 80060080 80050002 80030002 80040003 80010001
80020e10 03000020
10:09:51 ipsec,debug,packet 030c0000 80060100 80050006 80030002 80040003 80010001
80020e10 03000020
10:09:51 ipsec,debug,packet 040c0000 80060100 80050005 80030002 80040003 80010001
80020e10 00000020
10:09:51 ipsec,debug,packet 050c0000 80060100 80050002 80030002 80040003 80010001
80020e10 04000024
10:09:51 ipsec,debug,packet 7b99ef9a b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d
c052cf04 7b93efa9
10:09:51 ipsec,debug,packet 05000084 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f
3aecdb1d 45d9e08e
10:09:51 ipsec,debug,packet d3c71cb3 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963
6a3de8bd 0db6d621
10:09:51 ipsec,debug,packet 93718d98 bc18dec5 0004224d 227953e3 b969c697 577bdc53
18a57268 0e73a9d7
10:09:51 ipsec,debug,packet ccd6fd28 b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1
ec645893 5ba1f519
10:09:51 ipsec,debug,packet 4b9e45f9 0500000c 01000000 a758710c 0000000c 01000000
689c6418 00000000
10:09:51 ipsec,debug,packet padding len=1
10:09:51 ipsec,debug,packet skip to trim padding.
10:09:51 ipsec,debug,packet decrypted.
10:09:51 ipsec,debug,packet 89920023 82b50330 82e5f1cd d7812915 08102001 f118b66a
000001bc 01000024
10:09:51 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:09:51 ipsec,debug,packet 0a0000b8 00000001 00000001 000000ac 00030405 cbb109ca
03000020 010c0000
10:09:51 ipsec,debug,packet 80060080 80050005 80030002 80040003 80010001 80020e10
03000020 020c0000
10:09:51 ipsec,debug,packet 80060080 80050002 80030002 80040003 80010001 80020e10
03000020 030c0000
10:09:51 ipsec,debug,packet 80060100 80050006 80030002 80040003 80010001 80020e10
03000020 040c0000
10:09:51 ipsec,debug,packet 80060100 80050005 80030002 80040003 80010001 80020e10
00000020 050c0000
10:09:51 ipsec,debug,packet 80060100 80050002 80030002 80040003 80010001 80020e10
04000024 7b99ef9a
10:09:51 ipsec,debug,packet b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d c052cf04
7b93efa9 05000084
10:09:51 ipsec,debug,packet 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f 3aecdb1d
45d9e08e d3c71cb3
10:09:51 ipsec,debug,packet 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963 6a3de8bd
0db6d621 93718d98
10:09:51 ipsec,debug,packet bc18dec5 0004224d 227953e3 b969c697 577bdc53 18a57268
0e73a9d7 ccd6fd28
10:09:51 ipsec,debug,packet b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1 ec645893
5ba1f519 4b9e45f9
10:09:51 ipsec,debug,packet 0500000c 01000000 a758710c 0000000c 01000000 689c6418
00000000
10:09:51 ipsec,debug,packet begin.
10:09:51 ipsec,debug,packet seen nptype=8(hash)
10:09:51 ipsec,debug,packet seen nptype=1(sa)
10:09:51 ipsec,debug,packet seen nptype=10(nonce)
10:09:51 ipsec,debug,packet seen nptype=4(ke)
10:09:51 ipsec,debug,packet seen nptype=5(id)
10:09:51 ipsec,debug,packet seen nptype=5(id)
10:09:51 ipsec,debug,packet succeed.
10:09:51 ipsec,debug,packet received IDci2:
10:09:51 ipsec,debug,packet 01000000 a758710c
10:09:51 ipsec,debug,packet received IDcr2:
10:09:51 ipsec,debug,packet 01000000 689c6418
10:09:51 ipsec,debug,packet HASH(1) validate:
10:09:51 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:09:51 ipsec,debug,packet HASH with:
10:09:51 ipsec,debug,packet f118b66a 0a0000b8 00000001 00000001 000000ac 00030405
cbb109ca 03000020
10:09:51 ipsec,debug,packet 010c0000 80060080 80050005 80030002 80040003 80010001
80020e10 03000020
10:09:51 ipsec,debug,packet 020c0000 80060080 80050002 80030002 80040003 80010001
80020e10 03000020
10:09:51 ipsec,debug,packet 030c0000 80060100 80050006 80030002 80040003 80010001
80020e10 03000020
10:09:51 ipsec,debug,packet 040c0000 80060100 80050005 80030002 80040003 80010001
80020e10 00000020
10:09:51 ipsec,debug,packet 050c0000 80060100 80050002 80030002 80040003 80010001
80020e10 04000024
10:09:51 ipsec,debug,packet 7b99ef9a b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d
c052cf04 7b93efa9
10:09:51 ipsec,debug,packet 05000084 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f
3aecdb1d 45d9e08e
10:09:51 ipsec,debug,packet d3c71cb3 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963
6a3de8bd 0db6d621
10:09:51 ipsec,debug,packet 93718d98 bc18dec5 0004224d 227953e3 b969c697 577bdc53
18a57268 0e73a9d7
10:09:51 ipsec,debug,packet ccd6fd28 b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1
ec645893 5ba1f519
10:09:51 ipsec,debug,packet 4b9e45f9 0500000c 01000000 a758710c 0000000c 01000000
689c6418
10:09:51 ipsec,debug,packet hmac(hmac_sha2_256)
10:09:51 ipsec,debug,packet HASH computed:
10:09:51 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:09:51 ipsec,debug,packet get a src address from ID payload y.y.y.y[0] pre
fixlen=32 ul_proto=255
10:09:51 ipsec,debug,packet get dst address from ID payload x.x.x.x[0] pref
ixlen=32 ul_proto=255
10:09:51 ipsec,debug,packet 0x7fb9a360 masked with /16: 167.88.0.0[0]
10:09:51 ipsec,debug,packet 0x478aa0 masked with /16: 10.100.0.0[0]
10:09:51 ipsec,debug no policy found: y.y.y.y/32[0] x.x.x.x/32[0] pro
to=any dir=in
[b]10:09:51 ipsec,debug failed to get proposal for responder.
10:09:51 ipsec,error failed to pre-process ph2 packet. [/b]
10:09:52 ipsec,debug,packet KA: x.x.x.x[4500]->y.y.y.y[4500]
10:09:52 ipsec,debug,packet sockname x.x.x.x[4500]
10:09:52 ipsec,debug,packet send packet from x.x.x.x[4500]
10:09:52 ipsec,debug,packet send packet to y.y.y.y[4500]
10:09:52 ipsec,debug,packet src4 x.x.x.x[4500]
10:09:52 ipsec,debug,packet dst4 y.y.y.y[4500]
10:09:52 ipsec,debug,packet 1 times of 1 bytes message will be sent to 167.88.113.
12[4500]
10:09:52 ipsec,debug,packet ff
10:09:57 ipsec,debug,packet ==========
10:09:57 ipsec,debug,packet 108 bytes message received from y.y.y.y[4500] to
x.x.x.x[4500]
10:09:57 ipsec,debug,packet c9e78300 85550182 43223705 c888dcaa 08100501 a2374910
0000006c 4c863299
10:09:57 ipsec,debug,packet bdb68a5c e7860f4c 63002409 d8ee4f03 db087243 4c19e0d3
7909b0e0 697e77f9
10:09:57 ipsec,debug,packet 2255191e 0c1cfb83 2f8d76a4 9027eecb 045ea102 794bbc78
462f358a 6c06fe3a
10:09:57 ipsec,debug,packet c9577f20 0e79a4ad ea48d6cd
10:09:57 ipsec,debug,packet receive Information.
10:09:57 ipsec,debug,packet compute IV for phase2
10:09:57 ipsec,debug,packet phase1 last IV:
10:09:57 ipsec,debug,packet bcad48d5 718dc570 5e534db8 7d67d84c a2374910
10:09:57 ipsec,debug,packet hash(sha2_256)
10:09:57 ipsec,debug,packet encryption(aes)
10:09:57 ipsec,debug,packet phase2 IV computed:
10:09:57 ipsec,debug,packet 93f72fdb 7ea9c996 9e6391b4 d8a2181a
10:09:57 ipsec,debug,packet encryption(aes)
10:09:57 ipsec,debug,packet IV was saved for next processing:
10:09:57 ipsec,debug,packet 6c06fe3a c9577f20 0e79a4ad ea48d6cd
10:09:57 ipsec,debug,packet encryption(aes)
10:09:57 ipsec,debug,packet with key:
10:09:57 ipsec,debug,packet REDACTED
10:09:57 ipsec,debug,packet decrypted payload by IV:
10:09:57 ipsec,debug,packet 93f72fdb 7ea9c996 9e6391b4 d8a2181a
10:09:57 ipsec,debug,packet decrypted payload, but not trimed.
10:09:57 ipsec,debug,packet 0c000024 eac86ad9 5062f7b0 9346ad08 46c03c3e a6d16d5d
1b9d7e32 2a705b5d
10:09:57 ipsec,debug,packet 2926e2a2 0000001c 00000001 01100001 c9e78300 85550182
43223705 c888dcaa
10:09:57 ipsec,debug,packet 00000000 00000000 00000000 00000000
10:09:57 ipsec,debug,packet padding len=1
10:09:57 ipsec,debug,packet skip to trim padding.
10:09:57 ipsec,debug,packet decrypted.
10:09:57 ipsec,debug,packet c9e78300 85550182 43223705 c888dcaa 08100501 a2374910
0000006c 0c000024
10:09:57 ipsec,debug,packet eac86ad9 5062f7b0 9346ad08 46c03c3e a6d16d5d 1b9d7e32
2a705b5d 2926e2a2
10:09:57 ipsec,debug,packet 0000001c 00000001 01100001 c9e78300 85550182 43223705
c888dcaa 00000000
10:09:57 ipsec,debug,packet 00000000 00000000 00000000
10:09:57 ipsec,debug,packet HASH with:
10:09:57 ipsec,debug,packet a2374910 0000001c 00000001 01100001 c9e78300 85550182
43223705 c888dcaa
10:09:57 ipsec,debug,packet hmac(hmac_sha2_256)
10:09:57 ipsec,debug,packet HASH computed:
10:09:57 ipsec,debug,packet eac86ad9 5062f7b0 9346ad08 46c03c3e a6d16d5d 1b9d7e32
2a705b5d 2926e2a2
10:09:57 ipsec,debug,packet hash validated.
10:09:57 ipsec,debug,packet begin.
10:09:57 ipsec,debug,packet seen nptype=8(hash)
10:09:57 ipsec,debug,packet seen nptype=12(delete)
10:09:57 ipsec,debug,packet succeed.
10:09:57 ipsec,debug,packet delete payload for protocol ISAKMP
10:09:57 ipsec,debug purging ISAKMP-SA x.x.x.x[4500]<=>y.y.y.y[4500]
spi=c9e7830085550182:43223705c888dcaa:d8c13e64.
10:09:57 ipsec purged ISAKMP-SA x.x.x.x[4500]<=>y.y.y.y[4500] spi=c9e
7830085550182:43223705c888dcaa:d8c13e64.
10:09:57 ipsec,debug,packet purged SAs.
10:09:58 ipsec,debug ISAKMP-SA deleted x.x.x.x[4500]-y.y.y.y[4500] sp
i:c9e7830085550182:43223705c888dcaa
10:09:58 ipsec,debug KA remove: x.x.x.x[4500]->y.y.y.y[4500]
10:09:58 ipsec,debug,packet KA tree dump: x.x.x.x[4500]->y.y.y.y[4500
] (in_use=2)
10:09:58 ipsec,debug,packet an undead schedule has been deleted.
10:09:58 ipsec,debug,packet ==========
10:09:58 ipsec,debug,packet 444 bytes message received from y.y.y.y[4500] to
x.x.x.x[4500]
10:09:58 ipsec,debug,packet 89920023 82b50330 82e5f1cd d7812915 08102001 f118b66a
000001bc 38d644ea
10:09:58 ipsec,debug,packet bca91849 1e36a7a4 6a6c175a 7e5e98e9 9de6b5f7 c614dfaa
05511ed0 26be3d38
10:09:58 ipsec,debug,packet 426349eb 1fdf6d6f cf54a31f 5411072b 49bf496e 03fd2939
367b0540 9f664bd9
10:09:58 ipsec,debug,packet 352213a3 dceb6df9 374062bb f7813d1c 7dd22725 1dcca0df
a9a49ab0 b96589ea
10:09:58 ipsec,debug,packet a05a25a9 5b2d1021 1460a927 bff0bd42 6698fa67 a462d94f
2f236a77 6434dcf5
10:09:58 ipsec,debug,packet c4e7b2da dbd9d855 45d7b69e 3350e7d7 ae935e3b 5b0cd764
b7514f02 d44da6fa
10:09:58 ipsec,debug,packet 76f54b05 5abe0be1 9d2cea26 bdeb04f8 e9fafd0f f692ff56
285c81d9 48f87be7
10:09:58 ipsec,debug,packet 200d719a 0dc5c47f 9586d675 1d6db380 cdc33187 778092c0
d00508de adb5ef77
10:09:58 ipsec,debug,packet d96615b1 0a778807 a9c35494 1b11c606 07572e6f b074fd6f
5aed52bd f24a0665
10:09:58 ipsec,debug,packet 33458020 8a912c99 aaaa4237 f825f69a 08a1419e 1da84af6
ab83fad0 d5395387
10:09:58 ipsec,debug,packet 63e336d0 b9ae8a57 b2f33f40 392712c9 155e81b7 4f9b3b8d
8001e73a 70404b3f
10:09:58 ipsec,debug,packet 2cd0e70d dfeaff5b 16c97b86 e07411ee f3bb05aa 5b27cec3
8933d143 72ab54b0
10:09:58 ipsec,debug,packet 54d26bd3 86a97cac 851024a6 11e76523 b85b8f56 a15e9b88
7d67b260 99c5f7e3
10:09:58 ipsec,debug,packet 54a52f86 22df51d1 2ee08f6a f8a1f878 a501ad37 5ddb3a69
c0d70a8c
10:09:58 ipsec,debug,packet compute IV for phase2
10:09:58 ipsec,debug,packet phase1 last IV:
10:09:58 ipsec,debug,packet eee07590 df944610 854d7617 9fe32714 f118b66a
10:09:58 ipsec,debug,packet hash(sha2_256)
10:09:58 ipsec,debug,packet encryption(aes)
10:09:58 ipsec,debug,packet phase2 IV computed:
10:09:58 ipsec,debug,packet a7db0367 593e3ca9 16ae3eb2 113c6237
10:09:58 ipsec,debug,packet ===
10:09:58 ipsec,debug respond new phase 2 negotiation: x.x.x.x[4500]<=>y.y.y.y[4500]
10:09:58 ipsec,debug,packet encryption(aes)
10:09:58 ipsec,debug,packet IV was saved for next processing:
10:09:58 ipsec,debug,packet f8a1f878 a501ad37 5ddb3a69 c0d70a8c
10:09:58 ipsec,debug,packet encryption(aes)
10:09:58 ipsec,debug,packet with key:
10:09:58 ipsec,debug,packet REDACTED
10:09:58 ipsec,debug,packet decrypted payload by IV:
10:09:58 ipsec,debug,packet a7db0367 593e3ca9 16ae3eb2 113c6237
10:09:58 ipsec,debug,packet decrypted payload, but not trimed.
10:09:58 ipsec,debug,packet 01000024 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a
d064e242 e5d43cde
10:09:58 ipsec,debug,packet 70c9d89a 0a0000b8 00000001 00000001 000000ac 00030405
cbb109ca 03000020
10:09:58 ipsec,debug,packet 010c0000 80060080 80050005 80030002 80040003 80010001
80020e10 03000020
10:09:58 ipsec,debug,packet 020c0000 80060080 80050002 80030002 80040003 80010001
80020e10 03000020
10:09:58 ipsec,debug,packet 030c0000 80060100 80050006 80030002 80040003 80010001
80020e10 03000020
10:09:58 ipsec,debug,packet 040c0000 80060100 80050005 80030002 80040003 80010001
80020e10 00000020
10:09:58 ipsec,debug,packet 050c0000 80060100 80050002 80030002 80040003 80010001
80020e10 04000024
10:09:58 ipsec,debug,packet 7b99ef9a b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d
c052cf04 7b93efa9
10:09:58 ipsec,debug,packet 05000084 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f
3aecdb1d 45d9e08e
10:09:58 ipsec,debug,packet d3c71cb3 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963
6a3de8bd 0db6d621
10:09:58 ipsec,debug,packet 93718d98 bc18dec5 0004224d 227953e3 b969c697 577bdc53
18a57268 0e73a9d7
10:09:58 ipsec,debug,packet ccd6fd28 b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1
ec645893 5ba1f519
10:09:58 ipsec,debug,packet 4b9e45f9 0500000c 01000000 a758710c 0000000c 01000000
689c6418 00000000
10:09:58 ipsec,debug,packet padding len=1
10:09:58 ipsec,debug,packet skip to trim padding.
10:09:58 ipsec,debug,packet decrypted.
10:09:58 ipsec,debug,packet 89920023 82b50330 82e5f1cd d7812915 08102001 f118b66a
000001bc 01000024
10:09:58 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:09:58 ipsec,debug,packet 0a0000b8 00000001 00000001 000000ac 00030405 cbb109ca
03000020 010c0000
10:09:58 ipsec,debug,packet 80060080 80050005 80030002 80040003 80010001 80020e10
03000020 020c0000
10:09:58 ipsec,debug,packet 80060080 80050002 80030002 80040003 80010001 80020e10
03000020 030c0000
10:09:58 ipsec,debug,packet 80060100 80050006 80030002 80040003 80010001 80020e10
03000020 040c0000
10:09:58 ipsec,debug,packet 80060100 80050005 80030002 80040003 80010001 80020e10
00000020 050c0000
10:09:58 ipsec,debug,packet 80060100 80050002 80030002 80040003 80010001 80020e10
04000024 7b99ef9a
10:09:58 ipsec,debug,packet b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d c052cf04
7b93efa9 05000084
10:09:58 ipsec,debug,packet 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f 3aecdb1d
45d9e08e d3c71cb3
10:09:58 ipsec,debug,packet 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963 6a3de8bd
0db6d621 93718d98
10:09:58 ipsec,debug,packet bc18dec5 0004224d 227953e3 b969c697 577bdc53 18a57268
0e73a9d7 ccd6fd28
10:09:58 ipsec,debug,packet b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1 ec645893
5ba1f519 4b9e45f9
10:09:58 ipsec,debug,packet 0500000c 01000000 a758710c 0000000c 01000000 689c6418
00000000
10:09:58 ipsec,debug,packet begin.
10:09:58 ipsec,debug,packet seen nptype=8(hash)
10:09:58 ipsec,debug,packet seen nptype=1(sa)
10:09:58 ipsec,debug,packet seen nptype=10(nonce)
10:09:58 ipsec,debug,packet seen nptype=4(ke)
10:09:58 ipsec,debug,packet seen nptype=5(id)
10:09:58 ipsec,debug,packet seen nptype=5(id)
10:09:58 ipsec,debug,packet succeed.
10:09:58 ipsec,debug,packet received IDci2:
10:09:58 ipsec,debug,packet 01000000 a758710c
10:09:58 ipsec,debug,packet received IDcr2:
10:09:58 ipsec,debug,packet 01000000 689c6418
10:09:58 ipsec,debug,packet HASH(1) validate:
10:09:58 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:09:58 ipsec,debug,packet HASH with:
10:09:58 ipsec,debug,packet f118b66a 0a0000b8 00000001 00000001 000000ac 00030405
cbb109ca 03000020
10:09:58 ipsec,debug,packet 010c0000 80060080 80050005 80030002 80040003 80010001
80020e10 03000020
10:09:58 ipsec,debug,packet 020c0000 80060080 80050002 80030002 80040003 80010001
80020e10 03000020
10:09:58 ipsec,debug,packet 030c0000 80060100 80050006 80030002 80040003 80010001
80020e10 03000020
10:09:58 ipsec,debug,packet 040c0000 80060100 80050005 80030002 80040003 80010001
80020e10 00000020
10:09:58 ipsec,debug,packet 050c0000 80060100 80050002 80030002 80040003 80010001
80020e10 04000024
10:09:58 ipsec,debug,packet 7b99ef9a b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d
c052cf04 7b93efa9
10:09:58 ipsec,debug,packet 05000084 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f
3aecdb1d 45d9e08e
10:09:58 ipsec,debug,packet d3c71cb3 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963
6a3de8bd 0db6d621
10:09:58 ipsec,debug,packet 93718d98 bc18dec5 0004224d 227953e3 b969c697 577bdc53
18a57268 0e73a9d7
10:09:58 ipsec,debug,packet ccd6fd28 b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1
ec645893 5ba1f519
10:09:58 ipsec,debug,packet 4b9e45f9 0500000c 01000000 a758710c 0000000c 01000000
689c6418
10:09:58 ipsec,debug,packet hmac(hmac_sha2_256)
10:09:58 ipsec,debug,packet HASH computed:
10:09:58 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:09:58 ipsec,debug,packet get a src address from ID payload y.y.y.y[0] pre
fixlen=32 ul_proto=255
10:09:58 ipsec,debug,packet get dst address from ID payload x.x.x.x[0] pref
ixlen=32 ul_proto=255
10:09:58 ipsec,debug,packet 0x7fb9a360 masked with /16: 167.88.0.0[0]
10:09:58 ipsec,debug,packet 0x478aa0 masked with /16: 10.100.0.0[0]
10:09:58 ipsec,debug no policy found: y.y.y.y/32[0] x.x.x.x/32[0] pro
to=any dir=in
[b]10:09:58 ipsec,debug failed to get proposal for responder.
10:09:58 ipsec,error failed to pre-process ph2 packet. [/b]
10:10:11 ipsec,debug,packet ==========
10:10:11 ipsec,debug,packet 444 bytes message received from y.y.y.y[4500] to
x.x.x.x[4500]
10:10:11 ipsec,debug,packet 89920023 82b50330 82e5f1cd d7812915 08102001 f118b66a
000001bc 38d644ea
10:10:11 ipsec,debug,packet bca91849 1e36a7a4 6a6c175a 7e5e98e9 9de6b5f7 c614dfaa
05511ed0 26be3d38
10:10:11 ipsec,debug,packet 426349eb 1fdf6d6f cf54a31f 5411072b 49bf496e 03fd2939
367b0540 9f664bd9
10:10:11 ipsec,debug,packet 352213a3 dceb6df9 374062bb f7813d1c 7dd22725 1dcca0df
a9a49ab0 b96589ea
10:10:11 ipsec,debug,packet a05a25a9 5b2d1021 1460a927 bff0bd42 6698fa67 a462d94f
2f236a77 6434dcf5
10:10:11 ipsec,debug,packet c4e7b2da dbd9d855 45d7b69e 3350e7d7 ae935e3b 5b0cd764
b7514f02 d44da6fa
10:10:11 ipsec,debug,packet 76f54b05 5abe0be1 9d2cea26 bdeb04f8 e9fafd0f f692ff56
285c81d9 48f87be7
10:10:11 ipsec,debug,packet 200d719a 0dc5c47f 9586d675 1d6db380 cdc33187 778092c0
d00508de adb5ef77
10:10:11 ipsec,debug,packet d96615b1 0a778807 a9c35494 1b11c606 07572e6f b074fd6f
5aed52bd f24a0665
10:10:11 ipsec,debug,packet 33458020 8a912c99 aaaa4237 f825f69a 08a1419e 1da84af6
ab83fad0 d5395387
10:10:11 ipsec,debug,packet 63e336d0 b9ae8a57 b2f33f40 392712c9 155e81b7 4f9b3b8d
8001e73a 70404b3f
10:10:11 ipsec,debug,packet 2cd0e70d dfeaff5b 16c97b86 e07411ee f3bb05aa 5b27cec3
8933d143 72ab54b0
10:10:11 ipsec,debug,packet 54d26bd3 86a97cac 851024a6 11e76523 b85b8f56 a15e9b88
7d67b260 99c5f7e3
10:10:11 ipsec,debug,packet 54a52f86 22df51d1 2ee08f6a f8a1f878 a501ad37 5ddb3a69
c0d70a8c
10:10:11 ipsec,debug,packet compute IV for phase2
10:10:11 ipsec,debug,packet phase1 last IV:
10:10:11 ipsec,debug,packet eee07590 df944610 854d7617 9fe32714 f118b66a
10:10:11 ipsec,debug,packet hash(sha2_256)
10:10:11 ipsec,debug,packet encryption(aes)
10:10:11 ipsec,debug,packet phase2 IV computed:
10:10:11 ipsec,debug,packet a7db0367 593e3ca9 16ae3eb2 113c6237
10:10:11 ipsec,debug,packet ===
10:10:11 ipsec,debug respond new phase 2 negotiation: x.x.x.x[4500]<=>y.y.y.y[4500]
10:10:11 ipsec,debug,packet encryption(aes)
10:10:11 ipsec,debug,packet IV was saved for next processing:
10:10:11 ipsec,debug,packet f8a1f878 a501ad37 5ddb3a69 c0d70a8c
10:10:11 ipsec,debug,packet encryption(aes)
10:10:11 ipsec,debug,packet with key:
10:10:11 ipsec,debug,packet REDACTED
10:10:11 ipsec,debug,packet decrypted payload by IV:
10:10:11 ipsec,debug,packet a7db0367 593e3ca9 16ae3eb2 113c6237
10:10:11 ipsec,debug,packet decrypted payload, but not trimed.
10:10:11 ipsec,debug,packet 01000024 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a
d064e242 e5d43cde
10:10:11 ipsec,debug,packet 70c9d89a 0a0000b8 00000001 00000001 000000ac 00030405
cbb109ca 03000020
10:10:11 ipsec,debug,packet 010c0000 80060080 80050005 80030002 80040003 80010001
80020e10 03000020
10:10:11 ipsec,debug,packet 020c0000 80060080 80050002 80030002 80040003 80010001
80020e10 03000020
10:10:11 ipsec,debug,packet 030c0000 80060100 80050006 80030002 80040003 80010001
80020e10 03000020
10:10:11 ipsec,debug,packet 040c0000 80060100 80050005 80030002 80040003 80010001
80020e10 00000020
10:10:11 ipsec,debug,packet 050c0000 80060100 80050002 80030002 80040003 80010001
80020e10 04000024
10:10:11 ipsec,debug,packet 7b99ef9a b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d
c052cf04 7b93efa9
10:10:11 ipsec,debug,packet 05000084 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f
3aecdb1d 45d9e08e
10:10:11 ipsec,debug,packet d3c71cb3 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963
6a3de8bd 0db6d621
10:10:11 ipsec,debug,packet 93718d98 bc18dec5 0004224d 227953e3 b969c697 577bdc53
18a57268 0e73a9d7
10:10:11 ipsec,debug,packet ccd6fd28 b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1
ec645893 5ba1f519
10:10:11 ipsec,debug,packet 4b9e45f9 0500000c 01000000 a758710c 0000000c 01000000
689c6418 00000000
10:10:11 ipsec,debug,packet padding len=1
10:10:11 ipsec,debug,packet skip to trim padding.
10:10:11 ipsec,debug,packet decrypted.
10:10:11 ipsec,debug,packet 89920023 82b50330 82e5f1cd d7812915 08102001 f118b66a
000001bc 01000024
10:10:11 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:10:11 ipsec,debug,packet 0a0000b8 00000001 00000001 000000ac 00030405 cbb109ca
03000020 010c0000
10:10:11 ipsec,debug,packet 80060080 80050005 80030002 80040003 80010001 80020e10
03000020 020c0000
10:10:11 ipsec,debug,packet 80060080 80050002 80030002 80040003 80010001 80020e10
03000020 030c0000
10:10:11 ipsec,debug,packet 80060100 80050006 80030002 80040003 80010001 80020e10
03000020 040c0000
10:10:11 ipsec,debug,packet 80060100 80050005 80030002 80040003 80010001 80020e10
00000020 050c0000
10:10:11 ipsec,debug,packet 80060100 80050002 80030002 80040003 80010001 80020e10
04000024 7b99ef9a
10:10:11 ipsec,debug,packet b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d c052cf04
7b93efa9 05000084
10:10:11 ipsec,debug,packet 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f 3aecdb1d
45d9e08e d3c71cb3
10:10:11 ipsec,debug,packet 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963 6a3de8bd
0db6d621 93718d98
10:10:11 ipsec,debug,packet bc18dec5 0004224d 227953e3 b969c697 577bdc53 18a57268
0e73a9d7 ccd6fd28
10:10:11 ipsec,debug,packet b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1 ec645893
5ba1f519 4b9e45f9
10:10:11 ipsec,debug,packet 0500000c 01000000 a758710c 0000000c 01000000 689c6418
00000000
10:10:11 ipsec,debug,packet begin.
10:10:11 ipsec,debug,packet seen nptype=8(hash)
10:10:11 ipsec,debug,packet seen nptype=1(sa)
10:10:11 ipsec,debug,packet seen nptype=10(nonce)
10:10:11 ipsec,debug,packet seen nptype=4(ke)
10:10:11 ipsec,debug,packet seen nptype=5(id)
10:10:11 ipsec,debug,packet seen nptype=5(id)
10:10:11 ipsec,debug,packet succeed.
10:10:11 ipsec,debug,packet received IDci2:
10:10:11 ipsec,debug,packet 01000000 a758710c
10:10:11 ipsec,debug,packet received IDcr2:
10:10:11 ipsec,debug,packet 01000000 689c6418
10:10:11 ipsec,debug,packet HASH(1) validate:
10:10:11 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:10:11 ipsec,debug,packet HASH with:
10:10:11 ipsec,debug,packet f118b66a 0a0000b8 00000001 00000001 000000ac 00030405
cbb109ca 03000020
10:10:11 ipsec,debug,packet 010c0000 80060080 80050005 80030002 80040003 80010001
80020e10 03000020
10:10:11 ipsec,debug,packet 020c0000 80060080 80050002 80030002 80040003 80010001
80020e10 03000020
10:10:11 ipsec,debug,packet 030c0000 80060100 80050006 80030002 80040003 80010001
80020e10 03000020
10:10:11 ipsec,debug,packet 040c0000 80060100 80050005 80030002 80040003 80010001
80020e10 00000020
10:10:11 ipsec,debug,packet 050c0000 80060100 80050002 80030002 80040003 80010001
80020e10 04000024
10:10:11 ipsec,debug,packet 7b99ef9a b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d
c052cf04 7b93efa9
10:10:11 ipsec,debug,packet 05000084 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f
3aecdb1d 45d9e08e
10:10:11 ipsec,debug,packet d3c71cb3 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963
6a3de8bd 0db6d621
10:10:11 ipsec,debug,packet 93718d98 bc18dec5 0004224d 227953e3 b969c697 577bdc53
18a57268 0e73a9d7
10:10:11 ipsec,debug,packet ccd6fd28 b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1
ec645893 5ba1f519
10:10:11 ipsec,debug,packet 4b9e45f9 0500000c 01000000 a758710c 0000000c 01000000
689c6418
10:10:11 ipsec,debug,packet hmac(hmac_sha2_256)
10:10:11 ipsec,debug,packet HASH computed:
10:10:11 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:10:11 ipsec,debug,packet get a src address from ID payload y.y.y.y[0] pre
fixlen=32 ul_proto=255
10:10:11 ipsec,debug,packet get dst address from ID payload x.x.x.x[0] pref
ixlen=32 ul_proto=255
10:10:11 ipsec,debug,packet 0x7fb9a360 masked with /16: 167.88.0.0[0]
10:10:11 ipsec,debug,packet 0x478aa0 masked with /16: 10.100.0.0[0]
10:10:11 ipsec,debug no policy found: y.y.y.y/32[0] x.x.x.x/32[0] pro
to=any dir=in
[b]10:10:11 ipsec,debug failed to get proposal for responder.
10:10:11 ipsec,error failed to pre-process ph2 packet. [/b]
10:10:12 ipsec,debug,packet KA: x.x.x.x[4500]->y.y.y.y[4500]
10:10:12 ipsec,debug,packet sockname x.x.x.x[4500]
10:10:12 ipsec,debug,packet send packet from x.x.x.x[4500]
10:10:12 ipsec,debug,packet send packet to y.y.y.y[4500]
10:10:12 ipsec,debug,packet src4 x.x.x.x[4500]
10:10:12 ipsec,debug,packet dst4 y.y.y.y[4500]
10:10:12 ipsec,debug,packet 1 times of 1 bytes message will be sent to 167.88.113.
12[4500]
10:10:12 ipsec,debug,packet ff
10:10:32 ipsec,debug,packet KA: x.x.x.x[4500]->y.y.y.y[4500]
10:10:32 ipsec,debug,packet sockname x.x.x.x[4500]
10:10:32 ipsec,debug,packet send packet from x.x.x.x[4500]
10:10:32 ipsec,debug,packet send packet to y.y.y.y[4500]
10:10:32 ipsec,debug,packet src4 x.x.x.x[4500]
10:10:32 ipsec,debug,packet dst4 y.y.y.y[4500]
10:10:32 ipsec,debug,packet 1 times of 1 bytes message will be sent to 167.88.113.
12[4500]
10:10:32 ipsec,debug,packet ff
10:10:34 ipsec,debug,packet ==========
10:10:34 ipsec,debug,packet 444 bytes message received from y.y.y.y[4500] to
x.x.x.x[4500]
10:10:34 ipsec,debug,packet 89920023 82b50330 82e5f1cd d7812915 08102001 f118b66a
000001bc 38d644ea
10:10:34 ipsec,debug,packet bca91849 1e36a7a4 6a6c175a 7e5e98e9 9de6b5f7 c614dfaa
05511ed0 26be3d38
10:10:34 ipsec,debug,packet 426349eb 1fdf6d6f cf54a31f 5411072b 49bf496e 03fd2939
367b0540 9f664bd9
10:10:34 ipsec,debug,packet 352213a3 dceb6df9 374062bb f7813d1c 7dd22725 1dcca0df
a9a49ab0 b96589ea
10:10:34 ipsec,debug,packet a05a25a9 5b2d1021 1460a927 bff0bd42 6698fa67 a462d94f
2f236a77 6434dcf5
10:10:34 ipsec,debug,packet c4e7b2da dbd9d855 45d7b69e 3350e7d7 ae935e3b 5b0cd764
b7514f02 d44da6fa
10:10:34 ipsec,debug,packet 76f54b05 5abe0be1 9d2cea26 bdeb04f8 e9fafd0f f692ff56
285c81d9 48f87be7
10:10:34 ipsec,debug,packet 200d719a 0dc5c47f 9586d675 1d6db380 cdc33187 778092c0
d00508de adb5ef77
10:10:34 ipsec,debug,packet d96615b1 0a778807 a9c35494 1b11c606 07572e6f b074fd6f
5aed52bd f24a0665
10:10:34 ipsec,debug,packet 33458020 8a912c99 aaaa4237 f825f69a 08a1419e 1da84af6
ab83fad0 d5395387
10:10:34 ipsec,debug,packet 63e336d0 b9ae8a57 b2f33f40 392712c9 155e81b7 4f9b3b8d
8001e73a 70404b3f
10:10:34 ipsec,debug,packet 2cd0e70d dfeaff5b 16c97b86 e07411ee f3bb05aa 5b27cec3
8933d143 72ab54b0
10:10:34 ipsec,debug,packet 54d26bd3 86a97cac 851024a6 11e76523 b85b8f56 a15e9b88
7d67b260 99c5f7e3
10:10:34 ipsec,debug,packet 54a52f86 22df51d1 2ee08f6a f8a1f878 a501ad37 5ddb3a69
c0d70a8c
10:10:34 ipsec,debug,packet compute IV for phase2
10:10:34 ipsec,debug,packet phase1 last IV:
10:10:34 ipsec,debug,packet eee07590 df944610 854d7617 9fe32714 f118b66a
10:10:34 ipsec,debug,packet hash(sha2_256)
10:10:34 ipsec,debug,packet encryption(aes)
10:10:34 ipsec,debug,packet phase2 IV computed:
10:10:34 ipsec,debug,packet a7db0367 593e3ca9 16ae3eb2 113c6237
10:10:34 ipsec,debug,packet ===
10:10:34 ipsec,debug respond new phase 2 negotiation: x.x.x.x[4500]<=>y.y.y.y[4500]
10:10:34 ipsec,debug,packet encryption(aes)
10:10:34 ipsec,debug,packet IV was saved for next processing:
10:10:34 ipsec,debug,packet f8a1f878 a501ad37 5ddb3a69 c0d70a8c
10:10:34 ipsec,debug,packet encryption(aes)
10:10:34 ipsec,debug,packet with key:
10:10:34 ipsec,debug,packet REDACTED
10:10:34 ipsec,debug,packet decrypted payload by IV:
10:10:34 ipsec,debug,packet a7db0367 593e3ca9 16ae3eb2 113c6237
10:10:34 ipsec,debug,packet decrypted payload, but not trimed.
10:10:34 ipsec,debug,packet 01000024 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a
d064e242 e5d43cde
10:10:34 ipsec,debug,packet 70c9d89a 0a0000b8 00000001 00000001 000000ac 00030405
cbb109ca 03000020
10:10:34 ipsec,debug,packet 010c0000 80060080 80050005 80030002 80040003 80010001
80020e10 03000020
10:10:34 ipsec,debug,packet 020c0000 80060080 80050002 80030002 80040003 80010001
80020e10 03000020
10:10:34 ipsec,debug,packet 030c0000 80060100 80050006 80030002 80040003 80010001
80020e10 03000020
10:10:34 ipsec,debug,packet 040c0000 80060100 80050005 80030002 80040003 80010001
80020e10 00000020
10:10:34 ipsec,debug,packet 050c0000 80060100 80050002 80030002 80040003 80010001
80020e10 04000024
10:10:34 ipsec,debug,packet 7b99ef9a b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d
c052cf04 7b93efa9
10:10:34 ipsec,debug,packet 05000084 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f
3aecdb1d 45d9e08e
10:10:34 ipsec,debug,packet d3c71cb3 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963
6a3de8bd 0db6d621
10:10:34 ipsec,debug,packet 93718d98 bc18dec5 0004224d 227953e3 b969c697 577bdc53
18a57268 0e73a9d7
10:10:34 ipsec,debug,packet ccd6fd28 b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1
ec645893 5ba1f519
10:10:34 ipsec,debug,packet 4b9e45f9 0500000c 01000000 a758710c 0000000c 01000000
689c6418 00000000
10:10:34 ipsec,debug,packet padding len=1
10:10:34 ipsec,debug,packet skip to trim padding.
10:10:34 ipsec,debug,packet decrypted.
10:10:34 ipsec,debug,packet 89920023 82b50330 82e5f1cd d7812915 08102001 f118b66a
000001bc 01000024
10:10:34 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:10:34 ipsec,debug,packet 0a0000b8 00000001 00000001 000000ac 00030405 cbb109ca
03000020 010c0000
10:10:34 ipsec,debug,packet 80060080 80050005 80030002 80040003 80010001 80020e10
03000020 020c0000
10:10:34 ipsec,debug,packet 80060080 80050002 80030002 80040003 80010001 80020e10
03000020 030c0000
10:10:34 ipsec,debug,packet 80060100 80050006 80030002 80040003 80010001 80020e10
03000020 040c0000
10:10:34 ipsec,debug,packet 80060100 80050005 80030002 80040003 80010001 80020e10
00000020 050c0000
10:10:34 ipsec,debug,packet 80060100 80050002 80030002 80040003 80010001 80020e10
04000024 7b99ef9a
10:10:34 ipsec,debug,packet b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d c052cf04
7b93efa9 05000084
10:10:34 ipsec,debug,packet 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f 3aecdb1d
45d9e08e d3c71cb3
10:10:34 ipsec,debug,packet 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963 6a3de8bd
0db6d621 93718d98
10:10:34 ipsec,debug,packet bc18dec5 0004224d 227953e3 b969c697 577bdc53 18a57268
0e73a9d7 ccd6fd28
10:10:34 ipsec,debug,packet b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1 ec645893
5ba1f519 4b9e45f9
10:10:34 ipsec,debug,packet 0500000c 01000000 a758710c 0000000c 01000000 689c6418
00000000
10:10:34 ipsec,debug,packet begin.
10:10:34 ipsec,debug,packet seen nptype=8(hash)
10:10:34 ipsec,debug,packet seen nptype=1(sa)
10:10:34 ipsec,debug,packet seen nptype=10(nonce)
10:10:34 ipsec,debug,packet seen nptype=4(ke)
10:10:34 ipsec,debug,packet seen nptype=5(id)
10:10:34 ipsec,debug,packet seen nptype=5(id)
10:10:34 ipsec,debug,packet succeed.
10:10:34 ipsec,debug,packet received IDci2:
10:10:34 ipsec,debug,packet 01000000 a758710c
10:10:34 ipsec,debug,packet received IDcr2:
10:10:34 ipsec,debug,packet 01000000 689c6418
10:10:34 ipsec,debug,packet HASH(1) validate:
10:10:34 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:10:34 ipsec,debug,packet HASH with:
10:10:34 ipsec,debug,packet f118b66a 0a0000b8 00000001 00000001 000000ac 00030405
cbb109ca 03000020
10:10:34 ipsec,debug,packet 010c0000 80060080 80050005 80030002 80040003 80010001
80020e10 03000020
10:10:34 ipsec,debug,packet 020c0000 80060080 80050002 80030002 80040003 80010001
80020e10 03000020
10:10:34 ipsec,debug,packet 030c0000 80060100 80050006 80030002 80040003 80010001
80020e10 03000020
10:10:34 ipsec,debug,packet 040c0000 80060100 80050005 80030002 80040003 80010001
80020e10 00000020
10:10:34 ipsec,debug,packet 050c0000 80060100 80050002 80030002 80040003 80010001
80020e10 04000024
10:10:34 ipsec,debug,packet 7b99ef9a b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d
c052cf04 7b93efa9
10:10:34 ipsec,debug,packet 05000084 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f
3aecdb1d 45d9e08e
10:10:34 ipsec,debug,packet d3c71cb3 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963
6a3de8bd 0db6d621
10:10:34 ipsec,debug,packet 93718d98 bc18dec5 0004224d 227953e3 b969c697 577bdc53
18a57268 0e73a9d7
10:10:34 ipsec,debug,packet ccd6fd28 b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1
ec645893 5ba1f519
10:10:34 ipsec,debug,packet 4b9e45f9 0500000c 01000000 a758710c 0000000c 01000000
689c6418
10:10:34 ipsec,debug,packet hmac(hmac_sha2_256)
10:10:34 ipsec,debug,packet HASH computed:
10:10:34 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:10:34 ipsec,debug,packet get a src address from ID payload y.y.y.y[0] pre
fixlen=32 ul_proto=255
10:10:34 ipsec,debug,packet get dst address from ID payload x.x.x.x[0] pref
ixlen=32 ul_proto=255
10:10:34 ipsec,debug,packet 0x7fb9a360 masked with /16: 167.88.0.0[0]
10:10:34 ipsec,debug,packet 0x478aa0 masked with /16: 10.100.0.0[0]
10:10:34 ipsec,debug no policy found: y.y.y.y/32[0] x.x.x.x/32[0] pro
to=any dir=in
[b]10:10:34 ipsec,debug failed to get proposal for responder.
10:10:34 ipsec,error failed to pre-process ph2 packet. [/b]
10:10:48 system,error,critical login failure for user anonymous from 116.255.204.2
via ftp
10:10:52 ipsec,debug,packet KA: x.x.x.x[4500]->y.y.y.y[4500]
10:10:52 ipsec,debug,packet sockname x.x.x.x[4500]
10:10:52 ipsec,debug,packet send packet from x.x.x.x[4500]
10:10:52 ipsec,debug,packet send packet to y.y.y.y[4500]
10:10:52 ipsec,debug,packet src4 x.x.x.x[4500]
10:10:52 ipsec,debug,packet dst4 y.y.y.y[4500]
10:10:52 ipsec,debug,packet 1 times of 1 bytes message will be sent to 167.88.113.
12[4500]
10:10:52 ipsec,debug,packet ff
10:11:12 ipsec,debug,packet KA: x.x.x.x[4500]->y.y.y.y[4500]
10:11:12 ipsec,debug,packet sockname x.x.x.x[4500]
10:11:12 ipsec,debug,packet send packet from x.x.x.x[4500]
10:11:12 ipsec,debug,packet send packet to y.y.y.y[4500]
10:11:12 ipsec,debug,packet src4 x.x.x.x[4500]
10:11:12 ipsec,debug,packet dst4 y.y.y.y[4500]
10:11:12 ipsec,debug,packet 1 times of 1 bytes message will be sent to 167.88.113.
12[4500]
10:11:12 ipsec,debug,packet ff
10:11:16 ipsec,debug,packet ==========
10:11:16 ipsec,debug,packet 444 bytes message received from y.y.y.y[4500] to
x.x.x.x[4500]
10:11:16 ipsec,debug,packet 89920023 82b50330 82e5f1cd d7812915 08102001 f118b66a
000001bc 38d644ea
10:11:16 ipsec,debug,packet bca91849 1e36a7a4 6a6c175a 7e5e98e9 9de6b5f7 c614dfaa
05511ed0 26be3d38
10:11:16 ipsec,debug,packet 426349eb 1fdf6d6f cf54a31f 5411072b 49bf496e 03fd2939
367b0540 9f664bd9
10:11:16 ipsec,debug,packet 352213a3 dceb6df9 374062bb f7813d1c 7dd22725 1dcca0df
a9a49ab0 b96589ea
10:11:16 ipsec,debug,packet a05a25a9 5b2d1021 1460a927 bff0bd42 6698fa67 a462d94f
2f236a77 6434dcf5
10:11:16 ipsec,debug,packet c4e7b2da dbd9d855 45d7b69e 3350e7d7 ae935e3b 5b0cd764
b7514f02 d44da6fa
10:11:16 ipsec,debug,packet 76f54b05 5abe0be1 9d2cea26 bdeb04f8 e9fafd0f f692ff56
285c81d9 48f87be7
10:11:16 ipsec,debug,packet 200d719a 0dc5c47f 9586d675 1d6db380 cdc33187 778092c0
d00508de adb5ef77
10:11:16 ipsec,debug,packet d96615b1 0a778807 a9c35494 1b11c606 07572e6f b074fd6f
5aed52bd f24a0665
10:11:16 ipsec,debug,packet 33458020 8a912c99 aaaa4237 f825f69a 08a1419e 1da84af6
ab83fad0 d5395387
10:11:16 ipsec,debug,packet 63e336d0 b9ae8a57 b2f33f40 392712c9 155e81b7 4f9b3b8d
8001e73a 70404b3f
10:11:16 ipsec,debug,packet 2cd0e70d dfeaff5b 16c97b86 e07411ee f3bb05aa 5b27cec3
8933d143 72ab54b0
10:11:16 ipsec,debug,packet 54d26bd3 86a97cac 851024a6 11e76523 b85b8f56 a15e9b88
7d67b260 99c5f7e3
10:11:16 ipsec,debug,packet 54a52f86 22df51d1 2ee08f6a f8a1f878 a501ad37 5ddb3a69
c0d70a8c
10:11:16 ipsec,debug,packet compute IV for phase2
10:11:16 ipsec,debug,packet phase1 last IV:
10:11:16 ipsec,debug,packet eee07590 df944610 854d7617 9fe32714 f118b66a
10:11:16 ipsec,debug,packet hash(sha2_256)
10:11:16 ipsec,debug,packet encryption(aes)
10:11:16 ipsec,debug,packet phase2 IV computed:
10:11:16 ipsec,debug,packet a7db0367 593e3ca9 16ae3eb2 113c6237
10:11:16 ipsec,debug,packet ===
10:11:16 ipsec,debug respond new phase 2 negotiation: x.x.x.x[4500]<=>y.y.y.y[4500]
10:11:16 ipsec,debug,packet encryption(aes)
10:11:16 ipsec,debug,packet IV was saved for next processing:
10:11:16 ipsec,debug,packet f8a1f878 a501ad37 5ddb3a69 c0d70a8c
10:11:16 ipsec,debug,packet encryption(aes)
10:11:16 ipsec,debug,packet with key:
10:11:16 ipsec,debug,packet REDACTED
10:11:16 ipsec,debug,packet decrypted payload by IV:
10:11:16 ipsec,debug,packet a7db0367 593e3ca9 16ae3eb2 113c6237
10:11:16 ipsec,debug,packet decrypted payload, but not trimed.
10:11:16 ipsec,debug,packet 01000024 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a
d064e242 e5d43cde
10:11:16 ipsec,debug,packet 70c9d89a 0a0000b8 00000001 00000001 000000ac 00030405
cbb109ca 03000020
10:11:16 ipsec,debug,packet 010c0000 80060080 80050005 80030002 80040003 80010001
80020e10 03000020
10:11:16 ipsec,debug,packet 020c0000 80060080 80050002 80030002 80040003 80010001
80020e10 03000020
10:11:16 ipsec,debug,packet 030c0000 80060100 80050006 80030002 80040003 80010001
80020e10 03000020
10:11:16 ipsec,debug,packet 040c0000 80060100 80050005 80030002 80040003 80010001
80020e10 00000020
10:11:16 ipsec,debug,packet 050c0000 80060100 80050002 80030002 80040003 80010001
80020e10 04000024
10:11:16 ipsec,debug,packet 7b99ef9a b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d
c052cf04 7b93efa9
10:11:16 ipsec,debug,packet 05000084 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f
3aecdb1d 45d9e08e
10:11:16 ipsec,debug,packet d3c71cb3 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963
6a3de8bd 0db6d621
10:11:16 ipsec,debug,packet 93718d98 bc18dec5 0004224d 227953e3 b969c697 577bdc53
18a57268 0e73a9d7
10:11:16 ipsec,debug,packet ccd6fd28 b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1
ec645893 5ba1f519
10:11:16 ipsec,debug,packet 4b9e45f9 0500000c 01000000 a758710c 0000000c 01000000
689c6418 00000000
10:11:16 ipsec,debug,packet padding len=1
10:11:16 ipsec,debug,packet skip to trim padding.
10:11:16 ipsec,debug,packet decrypted.
10:11:16 ipsec,debug,packet 89920023 82b50330 82e5f1cd d7812915 08102001 f118b66a
000001bc 01000024
10:11:16 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:11:16 ipsec,debug,packet 0a0000b8 00000001 00000001 000000ac 00030405 cbb109ca
03000020 010c0000
10:11:16 ipsec,debug,packet 80060080 80050005 80030002 80040003 80010001 80020e10
03000020 020c0000
10:11:16 ipsec,debug,packet 80060080 80050002 80030002 80040003 80010001 80020e10
03000020 030c0000
10:11:16 ipsec,debug,packet 80060100 80050006 80030002 80040003 80010001 80020e10
03000020 040c0000
10:11:16 ipsec,debug,packet 80060100 80050005 80030002 80040003 80010001 80020e10
00000020 050c0000
10:11:16 ipsec,debug,packet 80060100 80050002 80030002 80040003 80010001 80020e10
04000024 7b99ef9a
10:11:16 ipsec,debug,packet b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d c052cf04
7b93efa9 05000084
10:11:16 ipsec,debug,packet 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f 3aecdb1d
45d9e08e d3c71cb3
10:11:16 ipsec,debug,packet 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963 6a3de8bd
0db6d621 93718d98
10:11:16 ipsec,debug,packet bc18dec5 0004224d 227953e3 b969c697 577bdc53 18a57268
0e73a9d7 ccd6fd28
10:11:16 ipsec,debug,packet b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1 ec645893
5ba1f519 4b9e45f9
10:11:16 ipsec,debug,packet 0500000c 01000000 a758710c 0000000c 01000000 689c6418
00000000
10:11:16 ipsec,debug,packet begin.
10:11:16 ipsec,debug,packet seen nptype=8(hash)
10:11:16 ipsec,debug,packet seen nptype=1(sa)
10:11:16 ipsec,debug,packet seen nptype=10(nonce)
10:11:16 ipsec,debug,packet seen nptype=4(ke)
10:11:16 ipsec,debug,packet seen nptype=5(id)
10:11:16 ipsec,debug,packet seen nptype=5(id)
10:11:16 ipsec,debug,packet succeed.
10:11:16 ipsec,debug,packet received IDci2:
10:11:16 ipsec,debug,packet 01000000 a758710c
10:11:16 ipsec,debug,packet received IDcr2:
10:11:16 ipsec,debug,packet 01000000 689c6418
10:11:16 ipsec,debug,packet HASH(1) validate:
10:11:16 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:11:16 ipsec,debug,packet HASH with:
10:11:16 ipsec,debug,packet f118b66a 0a0000b8 00000001 00000001 000000ac 00030405
cbb109ca 03000020
10:11:16 ipsec,debug,packet 010c0000 80060080 80050005 80030002 80040003 80010001
80020e10 03000020
10:11:16 ipsec,debug,packet 020c0000 80060080 80050002 80030002 80040003 80010001
80020e10 03000020
10:11:16 ipsec,debug,packet 030c0000 80060100 80050006 80030002 80040003 80010001
80020e10 03000020
10:11:16 ipsec,debug,packet 040c0000 80060100 80050005 80030002 80040003 80010001
80020e10 00000020
10:11:16 ipsec,debug,packet 050c0000 80060100 80050002 80030002 80040003 80010001
80020e10 04000024
10:11:16 ipsec,debug,packet 7b99ef9a b1bac69d 0fd68a9d e2ffe7ec 97cb88ab 30c28f1d
c052cf04 7b93efa9
10:11:16 ipsec,debug,packet 05000084 2ac1c0bd f2b16805 dfd75e2f a1f25da5 e1f34a4f
3aecdb1d 45d9e08e
10:11:16 ipsec,debug,packet d3c71cb3 662e2e99 8b08977c b2f140a9 ada96d1d 724a1963
6a3de8bd 0db6d621
10:11:16 ipsec,debug,packet 93718d98 bc18dec5 0004224d 227953e3 b969c697 577bdc53
18a57268 0e73a9d7
10:11:16 ipsec,debug,packet ccd6fd28 b9c6e1d4 870ba3b8 d907dba2 23603f19 122c8ad1
ec645893 5ba1f519
10:11:16 ipsec,debug,packet 4b9e45f9 0500000c 01000000 a758710c 0000000c 01000000
689c6418
10:11:16 ipsec,debug,packet hmac(hmac_sha2_256)
10:11:16 ipsec,debug,packet HASH computed:
10:11:16 ipsec,debug,packet 8b9717cd dca5c4f2 98ac019e 275a9ffd cd57ad0a d064e242
e5d43cde 70c9d89a
10:11:16 ipsec,debug,packet get a src address from ID payload y.y.y.y[0] pre
fixlen=32 ul_proto=255
10:11:16 ipsec,debug,packet get dst address from ID payload x.x.x.x[0] pref
ixlen=32 ul_proto=255
10:11:16 ipsec,debug,packet 0x7fb9a360 masked with /16: 167.88.0.0[0]
10:11:16 ipsec,debug,packet 0x478aa0 masked with /16: 10.100.0.0[0]
10:11:16 ipsec,debug no policy found: y.y.y.y/32[0] x.x.x.x/32[0] pro
to=any dir=in
[b]10:11:16 ipsec,debug failed to get proposal for responder.
10:11:16 ipsec,error failed to pre-process ph2 packet. [/b]
10:11:27 system,info,account user admin logged in from 104.129.192.116 via telnet
[admin@rogerwilco] /log>
===================================================================================
Here are the logs from my StrongSwan instance which is the remote site:
Sep 15 18:04:28 nightvine charon: 08[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Sep 15 18:04:28 nightvine charon: 08[IKE] received Cisco Unity vendor ID
Sep 15 18:04:28 nightvine charon: 08[IKE] received DPD vendor ID
Sep 15 18:04:28 nightvine charon: 08[IKE] x.x.x.x is initiating a Main Mode IKE_SA
Sep 15 18:04:28 nightvine charon: 08[ENC] generating ID_PROT response 0 [ SA V V V ]
Sep 15 18:04:28 nightvine charon: 08[NET] sending packet: from y.y.y.y[500] to x.x.x.x[500] (140 bytes)
Sep 15 18:04:28 nightvine charon: 11[NET] received packet: from x.x.x.x[500] to y.y.y.y[500] (260 bytes)
Sep 15 18:04:28 nightvine charon: 11[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
Sep 15 18:04:28 nightvine charon: 11[IKE] faking NAT situation to enforce UDP encapsulation
Sep 15 18:04:28 nightvine charon: 11[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
Sep 15 18:04:28 nightvine charon: 11[NET] sending packet: from y.y.y.y[500] to x.x.x.x[500] (268 bytes)
Sep 15 18:04:29 nightvine charon: 10[NET] received packet: from x.x.x.x[4500] to y.y.y.y[4500] (92 bytes)
Sep 15 18:04:29 nightvine charon: 10[ENC] parsed ID_PROT request 0 [ ID HASH ]
Sep 15 18:04:29 nightvine charon: 10[CFG] looking for pre-shared key peer configs matching y.y.y.y...x.x.x.x[x.x.x.x]
Sep 15 18:04:29 nightvine charon: 10[CFG] selected peer config "WESTIN2SUNSET"
Sep 15 18:04:29 nightvine charon: 10[IKE] IKE_SA WESTIN2SUNSET[380] established between y.y.y.y[y.y.y.y]...x.x.x.x[x.x.x.x]
Sep 15 18:04:29 nightvine charon: 10[IKE] scheduling reauthentication in 9922s
Sep 15 18:04:29 nightvine charon: 10[IKE] maximum IKE_SA lifetime 10462s
Sep 15 18:04:29 nightvine charon: 10[ENC] generating ID_PROT response 0 [ ID HASH ]
Sep 15 18:04:29 nightvine charon: 10[NET] sending packet: from y.y.y.y[4500] to x.x.x.x[4500] (92 bytes)
Sep 15 18:04:29 nightvine charon: 10[ENC] generating TRANSACTION request 3636543076 [ HASH CPRQ(ADDR DNS) ]
Sep 15 18:04:29 nightvine charon: 10[NET] sending packet: from y.y.y.y[4500] to x.x.x.x[4500] (92 bytes)
Sep 15 18:04:29 nightvine charon: 14[NET] received packet: from x.x.x.x[4500] to y.y.y.y[4500] (76 bytes)
Sep 15 18:04:29 nightvine charon: 14[ENC] parsed TRANSACTION response 3636543076 [ HASH CP ]
Sep 15 18:04:42 nightvine charon: 04[KNL] creating delete job for CHILD_SA ESP/0xc693abfd/y.y.y.y
Sep 15 18:04:42 nightvine charon: 04[JOB] CHILD_SA ESP/0xc693abfd/y.y.y.y not found for delete
Sep 15 18:04:42 nightvine charon: 07[IKE] giving up after 5 retransmits
Sep 15 18:04:42 nightvine charon: 07[IKE] initiating Main Mode IKE_SA WESTIN2SUNSET[381] to x.x.x.x
Sep 15 18:04:42 nightvine charon: 07[ENC] generating ID_PROT request 0 [ SA V V V V ]
Sep 15 18:04:42 nightvine charon: 07[NET] sending packet: from y.y.y.y[500] to x.x.x.x[500] (840 bytes)
Sep 15 18:04:42 nightvine charon: 13[NET] received packet: from x.x.x.x[500] to y.y.y.y[500] (136 bytes)
Sep 15 18:04:42 nightvine charon: 13[ENC] parsed ID_PROT response 0 [ SA V V V ]
Sep 15 18:04:42 nightvine charon: 13[IKE] received NAT-T (RFC 3947) vendor ID
Sep 15 18:04:42 nightvine charon: 13[IKE] received XAuth vendor ID
Sep 15 18:04:42 nightvine charon: 13[IKE] received DPD vendor ID
Sep 15 18:04:42 nightvine charon: 13[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
Sep 15 18:04:42 nightvine charon: 13[NET] sending packet: from y.y.y.y[500] to x.x.x.x[500] (268 bytes)
Sep 15 18:04:42 nightvine charon: 08[NET] received packet: from x.x.x.x[500] to y.y.y.y[500] (260 bytes)
Sep 15 18:04:42 nightvine charon: 08[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
Sep 15 18:04:42 nightvine charon: 08[IKE] faking NAT situation to enforce UDP encapsulation
Sep 15 18:04:42 nightvine charon: 08[ENC] generating ID_PROT request 0 [ ID HASH ]
Sep 15 18:04:42 nightvine charon: 08[NET] sending packet: from y.y.y.y[4500] to x.x.x.x[4500] (92 bytes)
obnauticus@nightvine:/var/log$ sudo tail -f syslog
Sep 15 18:04:42 nightvine charon: 11[IKE] scheduling reauthentication in 9904s
Sep 15 18:04:42 nightvine charon: 11[IKE] maximum IKE_SA lifetime 10444s
Sep 15 18:04:42 nightvine charon: 11[ENC] generating TRANSACTION request 2292326240 [ HASH CPRQ(ADDR DNS) ]
Sep 15 18:04:42 nightvine charon: 11[NET] sending packet: from y.y.y.y[4500] to x.x.x.x[4500] (92 bytes)
Sep 15 18:04:42 nightvine charon: 10[NET] received packet: from x.x.x.x[4500] to y.y.y.y[4500] (76 bytes)
Sep 15 18:04:42 nightvine charon: 10[ENC] parsed TRANSACTION response 2292326240 [ HASH CP ]
Sep 15 18:04:42 nightvine charon: 10[ENC] generating QUICK_MODE request 4044928618 [ HASH SA No KE ID ID ]
Sep 15 18:04:42 nightvine charon: 10[NET] sending packet: from y.y.y.y[4500] to x.x.x.x[4500] (444 bytes)
Sep 15 18:04:46 nightvine charon: 09[IKE] sending retransmit 1 of request message ID 4044928618, seq 5
Sep 15 18:04:46 nightvine charon: 09[NET] sending packet: from y.y.y.y[4500] to x.x.x.x[4500] (444 bytes)
Sep 15 18:04:52 nightvine charon: 12[IKE] deleting IKE_SA WESTIN2SUNSET[380] between y.y.y.y[y.y.y.y]...x.x.x.x[x.x.x.x]
Sep 15 18:04:52 nightvine charon: 12[IKE] sending DELETE for IKE_SA WESTIN2SUNSET[380]
Sep 15 18:04:52 nightvine charon: 12[ENC] generating INFORMATIONAL_V1 request 2721532176 [ HASH D ]
Sep 15 18:04:52 nightvine charon: 12[NET] sending packet: from y.y.y.y[4500] to x.x.x.x[4500] (108 bytes)
Sep 15 18:04:53 nightvine charon: 04[IKE] sending retransmit 2 of request message ID 4044928618, seq 5
Sep 15 18:04:53 nightvine charon: 04[NET] sending packet: from y.y.y.y[4500] to x.x.x.x[4500] (444 bytes)
Sep 15 18:05:06 nightvine charon: 13[IKE] sending retransmit 3 of request message ID 4044928618, seq 5
Sep 15 18:05:06 nightvine charon: 13[NET] sending packet: from y.y.y.y[4500] to x.x.x.x[4500] (444 bytes)
Sep 15 18:05:30 nightvine charon: 08[IKE] sending retransmit 4 of request message ID 4044928618, seq 5
Sep 15 18:05:30 nightvine charon: 08[NET] sending packet: from y.y.y.y[4500] to x.x.x.x[4500] (444 bytes)
===================================================================================
Here is my current configuration for my router:
[admin@rogerwilco]
[admin@rogerwilco] /ip ipsec> peer print
Flags: X - disabled, D - dynamic
0 address=y.y.y.y/32 local-address=:: passive=no port=500 auth-method=pre-shared-key secret=REDACTED generate-policy=no policy-template-group=default exchange-mode=main send-initial-contact=yes nat-traversal=yes
proposal-check=obey hash-algorithm=sha256 enc-algorithm=aes-128 dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=2m dpd-maximum-failures=5
[admin@rogerwilco] /ip ipsec> proposal print
Flags: X - disabled, * - default
0 * name="default" auth-algorithms=sha1 enc-algorithms=aes-128-cbc lifetime=30m pfs-group=modp1024
1 name="LAN2WESTINProposal" auth-algorithms=sha1 enc-algorithms=aes-256-cbc,aes-256-ctr lifetime=30m pfs-group=none
[admin@rogerwilco] /ip ipsec> policy print
Flags: T - template, X - disabled, D - dynamic, I - inactive, * - default
0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes
1 src-address=10.0.4.0/24 src-port=any dst-address=10.100.0.0/16 dst-port=any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=x.x.x.x sa-dst-address=y.y.y.y proposal=LAN2WESTINProposal
priority=0
[admin@rogerwilco] /ip ipsec> remote-peers print
0 local-address=x.x.x.x port=4500 remote-address=y.y.y.y port=4500 state=established side=responder established=17s
[admin@rogerwilco] /ip ipsec> /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=scrnat action=accept src-address=10.0.4.0/24 dst-address=10.100.0.0/16 log=no log-prefix=""
===================================================================================
Here is my StrongSwan IPSec config (/etc/ipsec.conf) on the remote site:
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
#config setup
# nat_traversal=yes
# protostack=netkey
# force_keepalive=yes
# keep_alive=60
# oe=off
# nhelpers=0
# strictcrlpolicy=yes
# uniqueids = no
config setup
charondebug=4
uniqueids=yes
strictcrlpolicy=no
conn %default
keyexchange=ikev1
#ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!
#esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
# Add connections here.
conn WESTIN2SUNSET
#left=10.100.10.10
leftsubnets=10.100.0.0/16
leftid=y.y.y.y
leftsourceip=10.100.10.10
right=x.x.x.x
rightsubnets=10.0.4.0/24
rightid=x.x.x.x
pfs=no
forceencaps=yes
authby=secret
auto=start
esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024,aes128gcm16,aes256gcm16,aes128-sha256,aes128-sha1,aes256-sha384,aes256-sha256,aes256-sha1!
ike=aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,aes128-sha256-modp1536,aes128-sha1-modp1536,aes256-sha384-modp2048,aes256-sha256-modp2048,aes256-sha1-modp2048,aes128-sha256-modp1024,aes128-sha1-modp1024,aes256-sha384-modp1536,aes256-sha256-modp1536,aes256-sha1-modp1536,aes256-sha384-modp1024,aes256-sha256-modp1024,aes256-sha1-modp1024!