Community discussions

MikroTik App
 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

VPN remote access best practices suggestions

Fri Apr 22, 2022 11:14 am

Hello everybody,
i'm going to implement a remote access VPN for our external user/smart working/remote connections to our corporate network as all main procedures are being porter into web interface usage.
I'm oriented on using IPSEC IKE2 for security reason, but i'm open to any other suggestion from your experience.
I was wondering if user manager/RADIUS can be used to authenticate connecting users or i need to manually setup a certificate for every account.

Thank you in advance for all your suggestions.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: VPN remote access best practices suggestions

Fri Apr 22, 2022 5:21 pm

There are many VPN protocols that you may use.
L2TP/IPsec PSK is good but has its own problems.
SSTP which I don't use much, disadvantage: high latency.
Wireguard is what I use. disadvantages: No accounting, No native connection, client end config is not easy as others.
Additionally, I use IKEv2 for my road warriors. of course, you can use radius for AUTH. The new MT user-man support's EAP so there is no problem with that. Furthermore, you can use the Let's Encrypt certificates so your Cert is legit too there is no need to add the certificate manually to client machines.
 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

Re: VPN remote access best practices suggestions

Fri Apr 22, 2022 6:09 pm

Thanks own3r1138!!
Can you suggest any guide/tutorial for the IKEv2/Let'sEncryp/User manager/Radius scenario you were describing?
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: VPN remote access best practices suggestions

Sat Apr 23, 2022 12:40 am

Thanks own3r1138!!
Can you suggest any guide/tutorial for the IKEv2/Let'sEncryp/User manager/Radius scenario you were describing?
Road Warrior setup
https://help.mikrotik.com/docs/display/ ... outerOSv7)
Certificate chain
https://letsencrypt.org/certificates/
2022-04-23_02-18-30.png
CLI
/certificate
enable-ssl-certificate dns=A/AAAA CNAME

You do not have the required permissions to view the files attached to this post.
 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 12:42 pm

Thanks own3r1138!!

I'm trying to follow your guide.
Is there any firewall rule to add in the firewall setting (or RAW ) to make this work?
I've done everything in the guide but i'm getting no connection from a Windows 10 client.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 12:47 pm

Can you share your current firewall rules, Please?
Also if you can provide a log from IPsec it would be helpful too.

These are mine.
add action=accept chain=input comment=IPsec dst-port=500,4500 protocol=udp
add action=accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input dst-port=53 ipsec-policy=in,ipsec protocol=udp
add action=accept chain=input dst-port=53 ipsec-policy=in,ipsec protocol=tcp

add action=accept chain=forward comment=IPsec ipsec-policy=in,ipsec
add action=accept chain=forward ipsec-policy=out,ipsec

 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 1:15 pm

It's based on the Advanced Firewall version of Mikrotik Help:
/ip firewall address-list
add address=0.0.0.0/8 comment="defconf: RFC6890" list=no_forward_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=no_forward_ipv4
add address=224.0.0.0/4 comment="defconf: multicast" list=no_forward_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=no_forward_ipv4
add address=127.0.0.0/8 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.0.0/24 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.2.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=198.51.100.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=203.0.113.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=240.0.0.0/4 comment="defconf: RFC6890 reserved" list=bad_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=10.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=100.64.0.0/10 comment="defconf: RFC6890" list=not_global_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=172.16.0.0/12 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.0.0.0/29 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.168.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=198.18.0.0/15 comment="defconf: RFC6890 benchmark" list=\
    not_global_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=not_global_ipv4
add address=224.0.0.0/4 comment="defconf: multicast" list=bad_src_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=bad_src_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=bad_dst_ipv4
add address=224.0.0.0/4 comment="defconf: RFC6890" list=bad_dst_ipv4
add address=192.168.0.0/16 list=local_ipv4
add address=10.10.0.0/16 list=local_ipv4

/ip firewall filter
add action=accept chain=forward connection-state=established,related \
    disabled=yes dst-address=192.168.1.0/24 src-address=192.168.0.0/24
add action=accept chain=forward connection-state=established,related \
    disabled=yes dst-address=192.168.0.0/24 src-address=192.168.1.0/24
add action=accept chain=input comment="test Let's encrypt" disabled=yes \
    dst-port=80 protocol=tcp
add action=accept chain=input comment="IPSEC allow access to router" \
    dst-address=192.168.0.1 in-interface=gre-tunnelRTV38 src-address=\
    192.168.1.0/24
add action=accept chain=input comment="defconf: accept ICMP after RAW" \
    protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment=\
    "defconf: accept all that matches IPSec policy" ipsec-policy=in,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=drop chain=forward comment="defconf: drop bad forward IPs" \
    src-address-list=no_forward_ipv4
add action=drop chain=forward comment="defconf: drop bad forward IPs" \
    dst-address-list=no_forward_ipv4
/ip firewall nat
add action=accept chain=srcnat comment=\
    "defconf: accept all that matches IPSec policy" disabled=yes \
    ipsec-policy=out,ipsec
add action=accept chain=srcnat disabled=yes dst-address=192.168.1.0/24 \
    src-address=192.168.0.0/24
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    out-interface-list=WAN
/ip firewall raw
add action=accept chain=prerouting disabled=yes protocol=gre
add action=accept chain=prerouting disabled=yes protocol=ipsec-esp
add action=accept chain=prerouting comment=\
    "defconf: enable for transparent firewall" disabled=yes
add action=accept chain=prerouting dst-address=192.168.0.0/24 src-address=\
    192.168.1.0/24
add action=accept chain=prerouting dst-address=192.168.1.0/24 src-address=\
    192.168.0.0/24
add action=accept chain=prerouting comment="test Let's encrypt" disabled=yes \
    dst-port=80 protocol=tcp
add action=accept chain=prerouting comment="defconf: accept DHCP discover" \
    dst-address=255.255.255.255 dst-port=67 in-interface-list=LAN protocol=\
    udp src-address=0.0.0.0 src-port=68
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    src-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    dst-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    src-address-list=bad_src_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    dst-address-list=bad_dst_ipv4
add action=drop chain=prerouting comment="defconf: drop non global from WAN" \
    in-interface-list=WAN src-address-list=not_global_ipv4
add action=drop chain=prerouting comment=\
    "defconf: drop forward to local lan from WAN" dst-address=192.168.0.0/24 \
    in-interface-list=WAN
add action=drop chain=prerouting comment=\
    "defconf: drop local if not from default IP range" in-interface-list=LAN \
    src-address-list=!local_ipv4
add action=drop chain=prerouting comment="defconf: drop bad UDP" port=0 \
    protocol=udp
add action=jump chain=prerouting comment="defconf: jump to ICMP chain" \
    jump-target=icmp4 protocol=icmp
add action=jump chain=prerouting comment="defconf: jump to TCP chain" \
    jump-target=bad_tcp protocol=tcp
add action=accept chain=prerouting comment=\
    "defconf: accept everything else from LAN" in-interface-list=LAN
add action=accept chain=prerouting comment=\
    "defconf: accept everything else from WAN" in-interface-list=WAN
add action=drop chain=prerouting comment="defconf: drop the rest"
add action=drop chain=bad_tcp comment="defconf: TCP flag filter" protocol=tcp \
    tcp-flags=!fin,!syn,!rst,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,syn
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,!ack
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=fin,urg
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=syn,rst
add action=drop chain=bad_tcp comment=defconf protocol=tcp tcp-flags=rst,urg
add action=drop chain=bad_tcp comment="defconf: TCP port 0 drop" port=0 \
    protocol=tcp
add action=accept chain=icmp4 comment="defconf: echo reply" icmp-options=0:0 \
    limit=5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: net unreachable" \
    icmp-options=3:0 protocol=icmp
add action=accept chain=icmp4 comment="defconf: host unreachable" \
    icmp-options=3:1 protocol=icmp
add action=accept chain=icmp4 comment="defconf: protocol unreachable" \
    icmp-options=3:2 protocol=icmp
add action=accept chain=icmp4 comment="defconf: port unreachable" \
    icmp-options=3:3 protocol=icmp
add action=accept chain=icmp4 comment="defconf: fragmentation needed" \
    icmp-options=3:4 protocol=icmp
add action=accept chain=icmp4 comment="defconf: echo" icmp-options=8:0 limit=\
    5,10:packet protocol=icmp
add action=accept chain=icmp4 comment="defconf: time exceeded " icmp-options=\
    11:0-255 protocol=icmp
add action=drop chain=icmp4 comment="defconf: drop other icmp" protocol=icmp
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 1:26 pm

Yes, you miss the IPsec protocol UDP 500,4500/ESP 50 in the input chain.
Also, I can see you blocked the Private IPs Make sure what you used for the tunnel IP Pool is not in that list.
I don't know anything about your network so I didn't check the forward chain.
 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 2:01 pm

That's what i suspected!!
Thanks now i'm getting further, now i get "IKE credentials not accetable" on Windows 10
I see creation and deletion of the SA in logs :

new ike2 SA (R): ike2 xxx.xxx.xxx.xxx[500]-yyy.yyy.yyy.yyy[500] spi:edc9726a8c99dd28:4114f6cdac90ff28
killing ike2 SA: ike2 xxx.xxx.xxx.xxx[4500]-yyy.yyy.yyy.yyy[4500] spi:edc9726a8c99dd28:4114f6cdac90ff28

also windows VPN setting is not keeping username password.........
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 2:06 pm

Enable your log for IPsec and you should be able to see what is going on.

/system logging
add disabled=yes prefix=IPSEC----> topics=ipsec,!packet
If I was in your shoes I would test my config with iOS devices and then move to windows as I saw too many windows clients with broken IPsec policies.
I have no issue regarding credentials save maybe because your connection was NOT successful it didn't store it. anyway, you can clear your sign-in info and try again.
2022-04-27_16-22-44.png
You do not have the required permissions to view the files attached to this post.
 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 3:58 pm

Thanks for helping.
Unfortunately i have no IOS devices here so i can only test it with Windows or Android.

Here is the log file:
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: ===== received 1104 bytes from xxx.xxx.xxx.xxx[500] to yyy.yy.yyy.yyy[500]
Apr/27/2022 14:55:45 ipsec IPSEC---->: -> ike2 request, exchange: SA_INIT:0 xxx.xxx.xxx.xxx[500] 682470130186f8ee:0000000000000000
Apr/27/2022 14:55:45 ipsec IPSEC---->: ike2 respond
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: SA (736 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: KE (136 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: NONCE (52 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: NOTIFY (8 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: NOTIFY (28 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: NOTIFY (28 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: VID (24 bytes)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 1e2b516905991c7d7c96fcbfb587e46100000009
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: VID (20 bytes)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: fb1de3cdf341b7ea16b7e5be0855f120
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: VID (20 bytes)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 26244d38eddb61b3172a36e3d0cfb819
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: VID (24 bytes)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 01528bbbc00696121849ab9a1c5b2a5100000002
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: SA
Apr/27/2022 14:55:45 ipsec IPSEC---->: IKE Protocol: IKE
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: 3des-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #2
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: 3des-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha256
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #3
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: 3des-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha384
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha384
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #4
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes128-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #5
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes128-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha256
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #6
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes128-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha384
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha384
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #7
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes192-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #8
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes192-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha256
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #9
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes192-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha384
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha384
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #10
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes256-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #11
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes256-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha256
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #12
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes256-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha384
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha384
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #13
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes128-gcm
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #14
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes128-gcm
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #15
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes128-gcm
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha384
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #16
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes256-gcm
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #17
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes256-gcm
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #18
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: aes256-gcm
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha384
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->: matched proposal:
Apr/27/2022 14:55:45 ipsec IPSEC---->:  proposal #1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   enc: 3des-cbc
Apr/27/2022 14:55:45 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   auth: sha1
Apr/27/2022 14:55:45 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: KE
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => shared secret (size 0x80)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: bea3a9cb f4a08558 0a800b63 d1e6bcc1 8732dbc0 d51a8b49 bef3ac33 761228f1
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: c20951b9 0a9c6f57 65d8825f 7f3854dc db059193 3d54782f 6f66ede3 2d2e48d8
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 9c93985f ca62dceb 37a53f1f b03f7393 c43e06c6 64f645bc bde8b7d6 88f0d688
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: c51bfa53 70c303d9 a52d04fc 9c904eac 0e995601 ea65826d 66c1af82 1970e792
Apr/27/2022 14:55:45 ipsec IPSEC---->: ike2 respond finish: request, exchange: SA_INIT:0 xxx.xxx.xxx.xxx[500] 682470130186f8ee:0000000000000000
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: NONCE
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding payload: SA
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (size 0x2c)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 0000002c 00000028 01010004 03000008 01000003 03000008 02000002 03000008
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 03000002 00000008 04000002
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding payload: KE
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (size 0x88)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 00000088 00020000 39a53352 11e91363 b5fb62de b6b3c25f 5d7a106a a32e3db8
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 3ddff7a7 02e002c2 ac2c0ac2 e5cca9c4 ea4e74f7 aa8e29ad 74ba8cd3 9c799ccb
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 36186156 bdfa0170 36821524 dd4fe377 3df27b70 dae7c8c6 cb6ac5a8 64dffa1c
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 7b014856 1768f5f9 73ebdcec 6f9fb421 7594b452 d53a0d72 4ba4be4f 4e287223
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 1eaa061d 8f1035b8
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding payload: NONCE
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (size 0x1c)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 0000001c 0b58bff5 a68f795e 8592c78f f953cb5f 04713216 75c2354f
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding notify: NAT_DETECTION_SOURCE_IP
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (size 0x1c)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 0000001c 00004004 e7a80b4c 568e40f4 6fd6f433 20e8d5b8 d4753e43
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding notify: NAT_DETECTION_DESTINATION_IP
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (size 0x1c)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 0000001c 00004005 5dd8d364 419ea226 3e6f8bb4 bf7cd16e 7333ed48
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding notify: IKEV2_FRAGMENTATION_SUPPORTED
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (size 0x8)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 00000008 0000402e
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding payload: CERTREQ
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (size 0x5)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 00000005 04
Apr/27/2022 14:55:45 ipsec IPSEC---->: <- ike2 reply, exchange: SA_INIT:0 xxx.xxx.xxx.xxx[500] 682470130186f8ee:27e95209df63789f
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: ===== sending 305 bytes from yyy.yyy.yyy.yyy[500] toxxx.xxx.xxx.xxx[500]
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 1 times of 305 bytes message will be sent to xxx.xxx.xxx.xxx[500]
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => skeyseed (size 0x14)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: caa1f738 3ed5923f c82f1fdd 92ef4cbc b6829826
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => keymat (size 0x14)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 9d6781a0 fd767a5f 145eeedc f3a79a03 e9398d27
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => SK_ai (size 0x14)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 7c968064 c0e4ce0e a831a61f 14d12bf6 c12ebb81
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => SK_ar (size 0x14)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: d714b07c 28442e89 483b6830 7b1fb958 ac9c5eda
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => SK_ei (size 0x18)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: f7d470ec 85449a1b 89839faf 1731ec6e 1af64c06 2e55e669
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => SK_er (size 0x18)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 5f5e9498 ac800b88 5cb8b5e9 3ddb7a41 e684743b 8d83a2a2
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => SK_pi (size 0x14)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: a14da26f 00cca708 c01f0a10 4365bfe8 f9237d15
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => SK_pr (size 0x14)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 06b2bd08 ed6e2251 585c9519 ff6015ef a05f13da
Apr/27/2022 14:55:45 ipsec,info IPSEC---->: new ike2 SA (R): ike2 yyy.yyy.yyy.yyy[500]-xxx.xxx.xxx.xxx[500] spi:27e95209df63789f:682470130186f8ee
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payloads: VID
Apr/27/2022 14:55:45 ipsec IPSEC---->: peer is MS Windows (ISAKMPOAKLEY 9)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payloads: NOTIFY
Apr/27/2022 14:55:45 ipsec IPSEC---->:   notify: IKEV2_FRAGMENTATION_SUPPORTED
Apr/27/2022 14:55:45 ipsec IPSEC---->:   notify: NAT_DETECTION_SOURCE_IP
Apr/27/2022 14:55:45 ipsec IPSEC---->:   notify: NAT_DETECTION_DESTINATION_IP
Apr/27/2022 14:55:45 ipsec IPSEC---->: (NAT-T) REMOTE 
Apr/27/2022 14:55:45 ipsec IPSEC---->: KA list add: yyy.yyy.yyy.yyy[4500]->xxx.xxx.xxx.xxx[4500]
Apr/27/2022 14:55:45 ipsec IPSEC---->: fragmentation negotiated
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: ===== received 568 bytes from xxx.xxx.xxx.xxx[4500] to yyy.yyy.yyy.yyy[4500]
Apr/27/2022 14:55:45 ipsec IPSEC---->: -> ike2 request, exchange: AUTH:1xxx.xxx.xxx.xxx[4500] 682470130186f8ee:27e95209df63789f
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: SKF (540 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: ENC (not found)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: SKF
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => iv (size 0x8)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: abc9ef90 fced5468
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: decrypted fragment 1 out of 4
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: need more fragments
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: ===== received 568 bytes from xxx.xxx.xxx.xxx[4500] to yyy.yyy.yyy.yyy2[4500]
Apr/27/2022 14:55:45 ipsec IPSEC---->: -> ike2 request, exchange: AUTH:1 xxx.xxx.xxx.xxx[4500] 682470130186f8ee:27e95209df63789f
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: SKF (540 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: ENC (not found)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: SKF
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => iv (size 0x8)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 908d3a6b 7e916e53
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: decrypted fragment 2 out of 4
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: need more fragments
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: ===== received 568 bytes from xxx.xxx.xxx.xxx[4500] to yyy.yyy.yyy.yyy[4500]
Apr/27/2022 14:55:45 ipsec IPSEC---->: -> ike2 request, exchange: AUTH:1 xxx.xxx.xxx.xxx[4500] 682470130186f8ee:27e95209df63789f
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: SKF (540 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: ENC (not found)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: SKF
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => iv (size 0x8)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 0b00e290 2a766a47
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: decrypted fragment 3 out of 4
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: need more fragments
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: ===== received 368 bytes from xxx.xxx.xxx.xxx[4500] to yyy.yyy.yyy.yyy[4500]
Apr/27/2022 14:55:45 ipsec IPSEC---->: -> ike2 request, exchange: AUTH:1 xxx.xxx.xxx.xxx[4500] 682470130186f8ee:27e95209df63789f
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: SKF (340 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: ENC (not found)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: SKF
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => iv (size 0x8)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: a0660e17 679d8eb9
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: decrypted fragment 4 out of 4
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: reassembling fragments
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: ID_I (12 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: CERTREQ (1445 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: NOTIFY (8 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: CONFIG (36 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: SA (192 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: TS_I (64 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: payload seen: TS_R (64 bytes)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payloads: NOTIFY
Apr/27/2022 14:55:45 ipsec IPSEC---->:   notify: MOBIKE_SUPPORTED
Apr/27/2022 14:55:45 ipsec IPSEC---->: ike auth: respond
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: ID_I
Apr/27/2022 14:55:45 ipsec IPSEC---->: ID_I (ADDR4): 192.168.1.137
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: ID_R (not found)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payload: AUTH (not found)
Apr/27/2022 14:55:45 ipsec IPSEC---->: processing payloads: NOTIFY
Apr/27/2022 14:55:45 ipsec IPSEC---->:   notify: MOBIKE_SUPPORTED
Apr/27/2022 14:55:45 ipsec IPSEC---->: ID_R (FQDN): uuuuuuuuu.sn.mynetname.net
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding payload: ID_R
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (size 0x24)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 00000024 02000000 68633730 37703865 6578792e 736e2e6d 796e6574 6e616d65
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 2e6e6574
Apr/27/2022 14:55:45 ipsec IPSEC---->: cert: uuuuuuuu.sn.mynetname.net
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding payload: CERT
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (first 0x100 of 0x547)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 00000547 04308205 3e308204 26a00302 01020212 03a32df9 0b05aa04 27bca4c6
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: f57b13eb 7db7300d 06092a86 4886f70d 01010b05 00303231 0b300906 03550406
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 13025553 31163014 06035504 0a130d4c 65742773 20456e63 72797074 310b3009
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 06035504 03130252 33301e17 0d323230 34323631 33333434 375a170d 32323037
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 32353133 33343436 5a302731 25302306 03550403 131c6863 37303770 38656578
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 792e736e 2e6d796e 65746e61 6d652e6e 65743082 0122300d 06092a86 4886f70d
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 01010105 00038201 0f003082 010a0282 010100cf 8de4a558 5826b9ec be648284
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 804597c7 d1604aa3 9166c34e 6ab4fb00 b0158c46 68f33af2 246b4de9 b418209c
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => auth nonce (size 0x30)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 9a67d807 96423e96 456189d9 569d88b8 fcea1dfa 0f440c7f 3be8cba3 bdf16c7f
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 46317a74 7897c413 322dd8ed 65b66708
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => SK_p (size 0x14)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 06b2bd08 ed6e2251 585c9519 ff6015ef a05f13da
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => idhash (size 0x14)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 1bb221f5 af3e877c 17b4b0dd f33acace 64fdf3ee
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => my auth (size 0x100)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 00c2b10b 2c0da4bd fb5ef0a7 f060fec4 4f7e7bda 709843fa b003203e 6f23b121
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 74dba151 825e136b 3e9d1065 984ef58b 4297c662 a07958dc 369960a4 2dd912b5
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 050b7b41 b3f4487d 2772d600 0794a06d d27bf9c3 146f5149 af05f8da 5e9cb850
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 617d3f53 74f98a78 033f6b3f 998ba6d4 6fed1b90 22e88a6c a1983da1 56965559
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 0e473859 b2a953ce 37f55b25 4738c724 ae2f7a32 2c4fb467 cccc668c b9baf07f
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 87778fef 98018ef9 d2ccd5d3 2c0f180e 15392012 10db84e1 28c2f863 c4a264b3
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 1bbafda0 7058db03 51659edb 7f314d34 e11907d6 34026ee8 1628c26c b56ac440
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: c6964d59 e0c189d7 ba0a7d07 474b7c31 effc1930 9d5a6bab c2498ff5 7d0f94cd
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding payload: AUTH
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (first 0x100 of 0x108)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 00000108 01000000 00c2b10b 2c0da4bd fb5ef0a7 f060fec4 4f7e7bda 709843fa
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: b003203e 6f23b121 74dba151 825e136b 3e9d1065 984ef58b 4297c662 a07958dc
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 369960a4 2dd912b5 050b7b41 b3f4487d 2772d600 0794a06d d27bf9c3 146f5149
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: af05f8da 5e9cb850 617d3f53 74f98a78 033f6b3f 998ba6d4 6fed1b90 22e88a6c
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: a1983da1 56965559 0e473859 b2a953ce 37f55b25 4738c724 ae2f7a32 2c4fb467
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: cccc668c b9baf07f 87778fef 98018ef9 d2ccd5d3 2c0f180e 15392012 10db84e1
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 28c2f863 c4a264b3 1bbafda0 7058db03 51659edb 7f314d34 e11907d6 34026ee8
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 1628c26c b56ac440 c6964d59 e0c189d7 ba0a7d07 474b7c31 effc1930 9d5a6bab
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding payload: EAP
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (size 0x9)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 00000009 01000005 01
Apr/27/2022 14:55:45 ipsec IPSEC---->: <- ike2 reply, exchange: AUTH:1 xxx.xxx.xxx.xxx[4500] 682470130186f8ee:27e95209df63789f
Apr/27/2022 14:55:45 ipsec IPSEC---->: fragmenting into 2 chunks
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding payload: SKF
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (first 0x100 of 0x46c)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 2400046c 00010002 b34d7a98 f36b6b90 d53f3c26 c7dd3593 a501bfe1 0ce5510e
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 695e5869 04fc5f30 39fe2774 ad13e4c7 009cf035 11627675 ba3dfcb3 783bea60
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 407596fb b057ae79 2656ede9 777d69fe 4781d4ba 18a07d39 b54f987a 443af196
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 0067b368 a5385de3 50b3926e b20bcb0e ec5d957d cc6eec54 565406f7 6c051af5
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: e9d21b0c e4753b04 c93bcafb 6306caa2 210bdf6c 62c4d633 54834e67 8b03c5a2
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 15b0950a 8f67ed64 c4e0d643 733d982c 77d5b258 6f5cf2bd 02451c26 c9ce8265
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 3e9691ac 016fc003 7a995e74 fbfa6ce3 c8222b4e 6a02c5e7 7b36a183 9c61e918
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 7625ce32 483fc598 7e44adca 132ae6d4 c8464081 adca6203 9b19a3e5 935eb715
Apr/27/2022 14:55:45 ipsec IPSEC---->: adding payload: SKF
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: => (first 0x100 of 0x334)
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 00000334 00020002 b34d7a98 f36b6b90 447d2e88 daad374f 3832abbb aacc9477
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 66c73258 08d76c5d f488a7f4 e3da6475 d3850a51 2451a5a0 302d5c13 264cf588
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 6e266528 30256366 b068d7fa c549c4d5 928f764b cae9088e 4699305e b842ec81
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 4119b630 260c9052 e291fbd9 747d4069 4d1be897 7a19d131 f475bb7a 96f35495
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: e1cec2c1 61cea214 e3e3635b 6d2656f9 24e26117 d5818bc9 27ad7b75 a0c4db17
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 959f17ba 8ee701ec 0323ae7f 2a85b603 aab728ae 81158544 7ab3bb51 cd41be4d
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 833c7976 c0468a2d e97b233d 4240a671 6f457280 f6648723 ba0e6e84 91b43d3d
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 35824fc1 68f0c11a cb93ec65 73e48ee7 4156c166 b29da0c0 e73f1c7b 450dc717
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: ===== sending 1160 bytes from yyy.yyy.yyy.yyy[4500] to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 1 times of 1164 bytes message will be sent to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: ===== sending 848 bytes from yyy.yyy.yyy.yyy[4500] to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 14:55:45 ipsec,debug IPSEC---->: 1 times of 852 bytes message will be sent to xxx.xxx.xxx.xxx[4500]
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 5:04 pm

Is this all the logs for one attempt? It should be more than this even if it fails.
 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 5:11 pm

Another attemp with some changes.
It seems like a RADIUS timeout but RADIUS is active on the router i cas sees attemps in the status window
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: ===== received 1104 bytes from xxx.xxx.xxx.xxx[500] to yyy.yyy.yyy.yyy[500]
Apr/27/2022 

16:09:25 ipsec IPSEC---->: -> ike2 request, exchange: SA_INIT:0 xxx.xxx.xxx.xxx[500] d6e060b9bf0bda77:0000000000000000
Apr/27/2022 

16:09:25 ipsec IPSEC---->: ike2 respond
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: SA (736 bytes)
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: payload seen: KE (136 bytes)
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: NONCE (52 bytes)
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: payload seen: NOTIFY (8 bytes)
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: NOTIFY (28 bytes)
Apr/27/2022 16:09:25 

ipsec IPSEC---->: payload seen: NOTIFY (28 bytes)
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: VID (24 bytes)
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 1e2b516905991c7d7c96fcbfb587e46100000009
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: VID (20 

bytes)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: fb1de3cdf341b7ea16b7e5be0855f120
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: 

VID (20 bytes)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 26244d38eddb61b3172a36e3d0cfb819
Apr/27/2022 16:09:25 ipsec IPSEC---->: 

payload seen: VID (24 bytes)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 01528bbbc00696121849ab9a1c5b2a5100000002
Apr/27/2022 16:09:25 

ipsec IPSEC---->: processing payload: SA
Apr/27/2022 16:09:25 ipsec IPSEC---->: IKE Protocol: IKE
Apr/27/2022 16:09:25 ipsec IPSEC---->:  

proposal #1
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: 3des-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   auth: sha1
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  

proposal #2
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: 3des-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   auth: sha256
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  

proposal #3
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: 3des-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha384
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   auth: sha384
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  

proposal #4
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes128-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   auth: sha1
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  

proposal #5
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes128-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   auth: sha256
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  

proposal #6
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes128-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha384
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   auth: sha384
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  

proposal #7
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes192-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   auth: sha1
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  

proposal #8
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes192-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   auth: sha256
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  

proposal #9
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes192-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha384
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   auth: sha384
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  

proposal #10
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes256-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   auth: sha1
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  

proposal #11
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes256-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 16:09:25 ipsec IPSEC---->:   auth: sha256
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec 

IPSEC---->:  proposal #12
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes256-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-

sha384
Apr/27/2022 16:09:25 ipsec IPSEC---->:   auth: sha384
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 

ipsec IPSEC---->:  proposal #13
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes128-gcm
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: 

hmac-sha1
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  proposal #14
Apr/27/2022 16:09:25 

ipsec IPSEC---->:   enc: aes128-gcm
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 16:09:25 ipsec IPSEC---->:   

dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  proposal #15
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes128-gcm
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   prf: hmac-sha384
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC----

>:  proposal #16
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes256-gcm
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  proposal #17
Apr/27/2022 16:09:25 ipsec 

IPSEC---->:   enc: aes256-gcm
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha256
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: 

modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->:  proposal #18
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: aes256-gcm
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   prf: hmac-sha384
Apr/27/2022 16:09:25 ipsec IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC----

>: matched proposal:
Apr/27/2022 16:09:25 ipsec IPSEC---->:  proposal #1
Apr/27/2022 16:09:25 ipsec IPSEC---->:   enc: 3des-cbc
Apr/27/2022 16:09:25 ipsec IPSEC---->:   prf: hmac-sha1
Apr/27/2022 16:09:25 ipsec IPSEC---->:   auth: sha1
Apr/27/2022 16:09:25 ipsec 

IPSEC---->:   dh: modp1024
Apr/27/2022 16:09:25 ipsec IPSEC---->: processing payload: KE
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => 

shared secret (size 0x80)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: a6a9bc1f 5ec3834f 98e34ab3 7413d089 9107593f fd84ff47 d8e44924 

df8be02b
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 0f1ac0c8 571dc9e4 7c93941d 3d43d2c4 2937d1a5 e82d1de3 18524b9e 02f31939
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 7066526c f066c667 8fc194d5 894061f8 b755b370 d3021f02 8ce3d32e 5708a61e
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: cbedf722 133eb8e6 7ca8585c 7dedae75 505fe56b b2d8d4c2 0fc2ed6b 40a3a540
Apr/27/2022 16:09:25 ipsec IPSEC---->: 

ike2 respond finish: request, exchange: SA_INIT:0 xxx.xxx.xxx.xxx[500] d6e060b9bf0bda77:0000000000000000
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: processing payload: NONCE
Apr/27/2022 16:09:25 ipsec IPSEC---->: adding payload: SA
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: => (size 0x2c)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 0000002c 00000028 01010004 03000008 01000003 03000008 02000002 

03000008
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 03000002 00000008 04000002
Apr/27/2022 16:09:25 ipsec IPSEC---->: adding payload: 

KE
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (size 0x88)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 00000088 00020000 f083822d 

f528b135 e29f7f05 c7fe619a 4f3bdf51 53f15a54
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: e6d0dfee 74df64e1 8b84f32b f2fd7c48 ca04ce0c 

ea5e07af c3a35b94 857b9fc1
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: d754f35f eedc5512 495e4a60 689bb13d 213f0c0f feef2b4d 60bb592c 

4c892594
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 368ac98a 7b130239 881e3758 660e8621 17245573 e2047038 04480af8 b8903fe0
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 580e6ded b5d725a8
Apr/27/2022 16:09:25 ipsec IPSEC---->: adding payload: NONCE
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: => (size 0x1c)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 0000001c c03cbf29 30890e82 83da3e86 16ad4dfa 

1907bc8f 118dc054
Apr/27/2022 16:09:25 ipsec IPSEC---->: adding notify: NAT_DETECTION_SOURCE_IP
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: => (size 0x1c)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 0000001c 00004004 1f9a752d 3d64fed9 3a6514c0 de3019e5 071c1a08
Apr/27/2022 16:09:25 ipsec IPSEC---->: adding notify: NAT_DETECTION_DESTINATION_IP
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (size 

0x1c)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 0000001c 00004005 d9935f0a 674f3980 38a6a185 79ae47fe c9044a32
Apr/27/2022 16:09:25 

ipsec IPSEC---->: adding notify: IKEV2_FRAGMENTATION_SUPPORTED
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (size 0x8)
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 00000008 0000402e
Apr/27/2022 16:09:25 ipsec IPSEC---->: adding payload: CERTREQ
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: => (size 0x5)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 00000005 04
Apr/27/2022 16:09:25 ipsec IPSEC---->: <- 

ike2 reply, exchange: SA_INIT:0 xxx.xxx.xxx.xxx[500] d6e060b9bf0bda77:aba852b1de24e375
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

===== sending 305 bytes from yyy.yyy.yyy.yyy[500] to xxx.xxx.xxx.xxx[500]
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 1 times of 305 

bytes message will be sent to xxx.xxx.xxx.xxx[500]
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => skeyseed (size 0x14)
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 77bed622 6cabc7ee 5154ebf6 9eef97ee 69bba3bd
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => keymat 

(size 0x14)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 7ed8dde6 904d79f2 2a4c47cb 1d425533 d1ff6e85
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: => SK_ai (size 0x14)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 9a408c58 f92f3fb2 03d84e53 1743933d cf6ecd73
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: => SK_ar (size 0x14)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 029570db 2e7ed188 722c8337 3ac6ff26 

831753f4
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => SK_ei (size 0x18)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 791cdcba 0245d26e 

495c45af 5561667a cd90296f 6c39d448
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => SK_er (size 0x18)
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: 80b3afd9 573cb059 4317c9cd 7aa652ec f811c50d 3cc34e0b
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => SK_pi (size 0x14)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: b5f38865 f7a6782c 977b2016 537ac876 1c9b3758
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

=> SK_pr (size 0x14)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 935d5a44 619cabe8 df3b2a8c f421c46f 4af7308a
Apr/27/2022 16:09:25 

ipsec,info IPSEC---->: new ike2 SA (R): ike2 yyy.yyy.yyy.yyy[500]-xxx.xxx.xxx.xxx[500] spi:aba852b1de24e375:d6e060b9bf0bda77
Apr/27/2022 

16:09:25 ipsec IPSEC---->: processing payloads: VID
Apr/27/2022 16:09:25 ipsec IPSEC---->: peer is MS Windows (ISAKMPOAKLEY 9)
Apr/27/2022 16:09:25 ipsec IPSEC---->: processing payloads: NOTIFY
Apr/27/2022 16:09:25 ipsec IPSEC---->:   notify: 

IKEV2_FRAGMENTATION_SUPPORTED
Apr/27/2022 16:09:25 ipsec IPSEC---->:   notify: NAT_DETECTION_SOURCE_IP
Apr/27/2022 16:09:25 ipsec 

IPSEC---->:   notify: NAT_DETECTION_DESTINATION_IP
Apr/27/2022 16:09:25 ipsec IPSEC---->: (NAT-T) REMOTE 
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: KA list add: yyy.yyy.yyy.yyy[4500]->xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:25 ipsec IPSEC---->: fragmentation negotiated
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: ===== received 568 bytes from xxx.xxx.xxx.xxx[4500] to yyy.yyy.yyy.yyy[4500]
Apr/27/2022 

16:09:25 ipsec IPSEC---->: -> ike2 request, exchange: AUTH:1 xxx.xxx.xxx.xxx[4500] d6e060b9bf0bda77:aba852b1de24e375
Apr/27/2022 

16:09:25 ipsec IPSEC---->: payload seen: SKF (540 bytes)
Apr/27/2022 16:09:25 ipsec IPSEC---->: processing payload: ENC (not found)
Apr/27/2022 16:09:25 ipsec IPSEC---->: processing payload: SKF
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => iv (size 0x8)
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: fe502eda 7209bc68
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: decrypted fragment 1 out of 4
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: need more fragments
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: ===== received 568 bytes from 

xxx.xxx.xxx.xxx[4500] to yyy.yyy.yyy.yyy[4500]
Apr/27/2022 16:09:25 ipsec IPSEC---->: -> ike2 request, exchange: AUTH:1 xxx.xxx.xxx.xxx

[4500] d6e060b9bf0bda77:aba852b1de24e375
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: SKF (540 bytes)
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: processing payload: ENC (not found)
Apr/27/2022 16:09:25 ipsec IPSEC---->: processing payload: SKF
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: => iv (size 0x8)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 87a9d365 b9d2910d
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: decrypted fragment 2 out of 4
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: need more fragments
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: ===== received 568 bytes from xxx.xxx.xxx.xxx[4500] to yyy.yyy.yyy.yyy[4500]
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: -> ike2 request, exchange: AUTH:1 xxx.xxx.xxx.xxx[4500] d6e060b9bf0bda77:aba852b1de24e375
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: payload seen: SKF (540 bytes)
Apr/27/2022 16:09:25 ipsec IPSEC---->: processing payload: ENC (not found)
Apr/27/2022 16:09:25 

ipsec IPSEC---->: processing payload: SKF
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => iv (size 0x8)
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: ba375163 99338af2
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: decrypted fragment 3 out of 4
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: need more fragments
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: ===== received 368 bytes from xxx.xxx.xxx.xxx[4500] to 

yyy.yyy.yyy.yyy[4500]
Apr/27/2022 16:09:25 ipsec IPSEC---->: -> ike2 request, exchange: AUTH:1 xxx.xxx.xxx.xxx[4500] 

d6e060b9bf0bda77:aba852b1de24e375
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: SKF (340 bytes)
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: processing payload: ENC (not found)
Apr/27/2022 16:09:25 ipsec IPSEC---->: processing payload: SKF
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: => iv (size 0x8)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: c09f3330 7fefa71f
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: decrypted fragment 4 out of 4
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: reassembling fragments
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: payload seen: ID_I (12 bytes)
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: CERTREQ (1445 bytes)
Apr/27/2022 16:09:25 

ipsec IPSEC---->: payload seen: NOTIFY (8 bytes)
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: CONFIG (36 bytes)
Apr/27/2022 

16:09:25 ipsec IPSEC---->: payload seen: SA (192 bytes)
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: TS_I (64 bytes)
Apr/27/2022 

16:09:25 ipsec IPSEC---->: payload seen: TS_R (64 bytes)
Apr/27/2022 16:09:25 ipsec IPSEC---->: processing payloads: NOTIFY
Apr/27/2022 

16:09:25 ipsec IPSEC---->:   notify: MOBIKE_SUPPORTED
Apr/27/2022 16:09:25 ipsec IPSEC---->: ike auth: respond
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: processing payload: ID_I
Apr/27/2022 16:09:25 ipsec IPSEC---->: ID_I (ADDR4): 192.168.1.137
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: processing payload: ID_R (not found)
Apr/27/2022 16:09:25 ipsec IPSEC---->: processing payload: AUTH (not found)
Apr/27/2022 

16:09:25 ipsec IPSEC---->: processing payloads: NOTIFY
Apr/27/2022 16:09:25 ipsec IPSEC---->:   notify: MOBIKE_SUPPORTED
Apr/27/2022 

16:09:25 ipsec IPSEC---->: ID_R (FQDN): AAAAAAAAAAA.sn.mynetname.net
Apr/27/2022 16:09:25 ipsec IPSEC---->: adding payload: ID_R
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (size 0x24)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 00000024 02000000 68633730 

37703865 6578792e 736e2e6d 796e6574 6e616d65
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 2e6e6574
Apr/27/2022 16:09:25 ipsec IPSEC---->: 

cert: AAAAAAAAA.sn.mynetname.net
Apr/27/2022 16:09:25 ipsec IPSEC---->: adding payload: CERT
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

=> (first 0x100 of 0x547)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 00000547 04308205 3e308204 26a00302 01020212 03a32df9 0b05aa04 

27bca4c6
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: f57b13eb 7db7300d 06092a86 4886f70d 01010b05 00303231 0b300906 03550406
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 13025553 31163014 06035504 0a130d4c 65742773 20456e63 72797074 310b3009
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: 06035504 03130252 33301e17 0d323230 34323631 33333434 375a170d 32323037
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: 32353133 33343436 5a302731 25302306 03550403 131c6863 37303770 38656578
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

792e736e 2e6d796e 65746e61 6d652e6e 65743082 0122300d 06092a86 4886f70d
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 01010105 00038201 

0f003082 010a0282 010100cf 8de4a558 5826b9ec be648284
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 804597c7 d1604aa3 9166c34e 6ab4fb00 

b0158c46 68f33af2 246b4de9 b418209c
Apr/27/2022 16:09:25 ipsec IPSEC---->: cert: CN=R3,C=US,ST=,L=,O=Let's Encrypt,OU=,SN=
Apr/27/2022 

16:09:25 ipsec IPSEC---->: adding payload: CERT
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (first 0x100 of 0x51f)
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 0000051f 04308205 16308202 fea00302 01020211 00912b08 4acf0c18 a753f6d6
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: 2e25a75f 5a300d06 092a8648 86f70d01 010b0500 304f310b 30090603 55040613
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: 02555331 29302706 0355040a 1320496e 7465726e 65742053 65637572 69747920
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

52657365 61726368 2047726f 75703115 30130603 55040313 0c495352 4720526f
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 6f742058 31301e17 

0d323030 39303430 30303030 305a170d 32353039 31353136
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 30303030 5a303231 0b300906 03550406 

13025553 31163014 06035504 0a130d4c
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 65742773 20456e63 72797074 310b3009 06035504 03130252 

33308201 22300d06
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 092a8648 86f70d01 01010500 0382010f 00308201 0a028201 0100bb02 1528ccf6
Apr/27/2022 16:09:25 ipsec IPSEC---->: cert: CN=ISRG Root X1,C=US,ST=,L=,O=Internet Security Research Group,OU=,SN=
Apr/27/2022 16:09:25 

ipsec IPSEC---->: adding payload: CERT
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (first 0x100 of 0x574)
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: 00000574 04308205 6b308203 53a00302 01020211 008210cf b0d240e3 594463e0
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: bb63828b 00300d06 092a8648 86f70d01 010b0500 304f310b 30090603 55040613
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

02555331 29302706 0355040a 1320496e 7465726e 65742053 65637572 69747920
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 52657365 61726368 

2047726f 75703115 30130603 55040313 0c495352 4720526f
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 6f742058 31301e17 0d313530 36303431 

31303433 385a170d 33353036 30343131
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 30343338 5a304f31 0b300906 03550406 13025553 31293027 

06035504 0a132049
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 6e746572 6e657420 53656375 72697479 20526573 65617263 68204772 6f757031
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 15301306 03550403 130c4953 52472052 6f6f7420 58313082 0222300d 06092a86
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: => auth nonce (size 0x30)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 8e38309d c6456561 e85d1b62 

cdff25d6 d3944797 7b5dac0d 26f8f6f2 a4de037c
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: b1e5f803 d4259c68 a6872cb0 b26e3251
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: => SK_p (size 0x14)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 935d5a44 619cabe8 df3b2a8c f421c46f 

4af7308a
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => idhash (size 0x14)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 90807fa7 

b24cf4ab 9f974806 18551d09 f77a82b3
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => my auth (size 0x100)
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: 199afb14 1cbfc4c8 67bd6971 fb91f9cc 0302196b 72b450f9 c5fcebc6 8a7f4243
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

90ced2f4 37f42721 b1b79d43 739c522c b8e39912 be8fdeb1 7f05dff6 49d428da
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: c79b3db0 1672992c 

3a236353 39f65da5 408f1106 06b85e6b df2d8e0b 4544438d
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: d031af50 10bda4ef f4795567 a7bb2991 

abae8efc dae084b7 75174d09 d4f1a146
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: bb500267 63a2c16e d6fc1c9b 591f6c33 860b5e3c 624376f7 

84955542 51d5f058
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: a2c3a9c7 86f7b943 e956501b f3fc7186 9b6beda0 6d4dcc12 e95a8d39 f322d59f
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 4deb803a 2f8678c0 86f959da 1276cb59 53aa0699 4f5f3822 7d4175a9 4a888209
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 6dbbe846 1cc92fbf 18e4fdba 99da8575 e9f66a31 b3b689e5 8868f107 501d1ee2
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: adding payload: AUTH
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (first 0x100 of 0x108)
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: 00000108 01000000 199afb14 1cbfc4c8 67bd6971 fb91f9cc 0302196b 72b450f9
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

c5fcebc6 8a7f4243 90ced2f4 37f42721 b1b79d43 739c522c b8e39912 be8fdeb1
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 7f05dff6 49d428da 

c79b3db0 1672992c 3a236353 39f65da5 408f1106 06b85e6b
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: df2d8e0b 4544438d d031af50 10bda4ef 

f4795567 a7bb2991 abae8efc dae084b7
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 75174d09 d4f1a146 bb500267 63a2c16e d6fc1c9b 591f6c33 

860b5e3c 624376f7
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 84955542 51d5f058 a2c3a9c7 86f7b943 e956501b f3fc7186 9b6beda0 6d4dcc12
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: e95a8d39 f322d59f 4deb803a 2f8678c0 86f959da 1276cb59 53aa0699 4f5f3822
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 7d4175a9 4a888209 6dbbe846 1cc92fbf 18e4fdba 99da8575 e9f66a31 b3b689e5
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: adding payload: EAP
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (size 0x9)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

00000009 01000005 01
Apr/27/2022 16:09:25 ipsec IPSEC---->: <- ike2 reply, exchange: AUTH:1 xxx.xxx.xxx.xxx[4500] 

d6e060b9bf0bda77:aba852b1de24e375
Apr/27/2022 16:09:25 ipsec IPSEC---->: fragmenting into 5 chunks
Apr/27/2022 16:09:25 ipsec IPSEC---->: 

adding payload: SKF
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (first 0x100 of 0x454)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

24000454 00010005 654444a2 71ae6a1c c8322bde a8e98944 650174d4 d0815555
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 94c8ae3c 44a3ca56 

57afa6cc bca4dc72 e2775f98 299879e5 beb04e4c 51fec4d2
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 789237db 61346271 2a39c446 7da26398 

df28f5e5 fee712c6 22ee639e ec16ba3a
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: a0599b42 47fb4026 a51cc8b5 d110d873 c1e46f17 80956bc9 

03ef20d4 4f2a7e1b
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 0214f22b 200b24ae f9b7e2e3 3cf98858 84c287c2 03dde386 14758033 e742e2b9
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: cb33eeb5 cc01f4b1 6c67173c 8150a518 77ac02c7 bcef1709 ab488911 bd6f17a0
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 8385823f edb868ac e7b1ac39 8e6a9ca1 48aff91b 1bf764a1 90772093 8e440165
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: 8df987d9 e46dc064 5a23dc87 e689c06b 2fa66e33 ade05f76 9865f68d 56b0ed62
Apr/27/2022 16:09:25 ipsec IPSEC---->: 

adding payload: SKF
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (first 0x100 of 0x44c)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

0000044c 00020005 654444a2 71ae6a1c cafc5593 1a0e5714 45972932 7e479326
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 88b3ad89 9519efb8 

521aec04 1f784343 d8826470 ee951546 10e27763 052ca2e3
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 137defa7 9f5f4d13 bca6be06 dc66aeab 

4d1cbecf 8dfd57ec e8826f3b e2f8f5be
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: de617ed7 0415dff2 c19563eb cca66630 66af290b 227e617b 

b3bdaaad bbfe3803
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 5c4c3a77 c4c2da3b a1c2ed73 0ddcc1b3 da0d2a9e b7fc82db 9933f153 baebbe2f
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: db0078b7 415eabca 9b28610c c35a0a31 89049284 688bf2aa a6ad6e56 c4d2a9e8
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: c59c9960 ac983329 751e3de4 98ed94dd e9bb80dd f78e2cd5 5296a3cc e48ceb5d
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: 0248b884 923ed5f0 fc192379 14f5147d 3ee0b63a 6cdc1e3b 70517f18 748239b3
Apr/27/2022 16:09:25 ipsec IPSEC---->: 

adding payload: SKF
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (first 0x100 of 0x444)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

00000444 00030005 654444a2 71ae6a1c a4b96b03 6b55d86f 3ede9912 17615f51
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 6ba0c565 5dfca730 

69bdbebe 66e5bd97 97c43493 39d7eb54 cee7b99f e86042b4
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 0a7de52f cde9213f 5182bb55 04ebd1c7 

6aeba49e f2b5a58d d8db5fc0 38e6d6cb
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 133a43bb 3859aba7 8896c8ce 066209a3 c5034434 110198ed 

267ec143 71aec15f
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 1d46b39e a92a72c0 32985f05 a7300feb a4c1c1a5 d66547d4 cc8d0729 1dd00e12
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: fd95948c b209b2f1 ec717c8a f090b82c 23f350ba 9d7a4ff2 29653572 5683d3ac
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 1df71e21 718a397e 77080d6f ead2b567 a5a73fba 08b08036 63f756cc f2bbac8c
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: 9ae30322 882fef7a 16002b1a a85d311a 49c215d1 7ed23db7 489cb7a6 119928dd
Apr/27/2022 16:09:25 ipsec IPSEC---->: 

adding payload: SKF
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (first 0x100 of 0x42c)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

0000042c 00040005 654444a2 71ae6a1c 9e7092bb 11ba8bc8 052f6193 9f27bcae
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: bc2cbabf 0dcf78b3 

5243927b 86200a47 986d71f5 d51a28fe 40fcf3d7 71ad2a89
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: e26ad524 d95ed0d9 870d9694 7be70132 

a2ec8efa 113b0bed 5b7b4818 77693745
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 20a5460f cc42d7e2 681bef5a 849f60c0 2c5b0ba9 9a1603ea 

c0972fc2 e1e3e151
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: dbf5dfbe addfa2f8 cf50c5fa b9af18a8 06fc970d db63b730 fed147a6 d08474e5
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 475f3b1f 31696a56 54e7fc44 9ce5af8f 8bac11dc c5d3a4f8 0011918b f794d6ce
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 8f4477cd 7f6cf750 3f573ba7 713edbda 4cee370d 5db16ffe e52e620a 96a27bb1
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: 3ed1b17b 70a02754 0b1203e0 e1be97c1 ce33d849 415b003c ba429058 88165000
Apr/27/2022 16:09:25 ipsec IPSEC---->: 

adding payload: SKF
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => (first 0x100 of 0x164)
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 

00000164 00050005 654444a2 71ae6a1c 096cad4b eaab1def 9a7ad3fe 07c6a138
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 93b3d8e5 be30ac31 

548c1d12 bcaac16b 84b5df8b b06169a5 c0fef6ea 4d4e8a4b
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 9fad3e2f e8ca24f7 f9bd757e b4d89225 

3b677fbd 0ae42028 fed90fdd 0703f5fc
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 5a06685a ef1cad5a 1061fc84 45dc6922 394bf451 79edffa5 

76b64e2d 0de20818
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: e62906a2 92f30c1f 671841ea 82fb6ff2 434a34f2 0b51198c 5d45a20d 9042de2b
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: e01a5341 427bc1dd e828cac8 fff4a910 f7d48ff3 dc339080 911d0484 a3770e0a
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 924bafa3 588b228e 6b1d4f37 6fde77ef f9cff70c 405d9a73 cbf6ff77 3846a9e9
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: 81753fd8 3e1c0c6b b4e91510 0b486bce 5452dbe1 604321f4 9ed0cbe3 fadf2384
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: ===== sending 1136 bytes from yyy.yyy.yyy.yyy[4500] to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 1 

times of 1140 bytes message will be sent to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: ===== sending 1128 bytes 

from yyy.yyy.yyy.yyy[4500] to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 1 times of 1132 bytes message will be 

sent to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: ===== sending 1120 bytes from yyy.yyy.yyy.yyy[4500] to 

xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 1 times of 1124 bytes message will be sent to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: ===== sending 1096 bytes from yyy.yyy.yyy.yyy[4500] to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 

16:09:25 ipsec,debug IPSEC---->: 1 times of 1100 bytes message will be sent to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:25 ipsec,debug 

IPSEC---->: ===== sending 384 bytes from yyy.yyy.yyy.yyy[4500] to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: 1 

times of 388 bytes message will be sent to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: ===== received 76 bytes 

from xxx.xxx.xxx.xxx[4500] to yyy.yyy.yyy.yyy[4500]
Apr/27/2022 16:09:25 ipsec IPSEC---->: -> ike2 request, exchange: AUTH:2 

xxx.xxx.xxx.xxx[4500] d6e060b9bf0bda77:aba852b1de24e375
Apr/27/2022 16:09:25 ipsec IPSEC---->: payload seen: ENC (48 bytes)
Apr/27/2022 

16:09:25 ipsec IPSEC---->: processing payload: ENC
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: => iv (size 0x8)
Apr/27/2022 16:09:25 

ipsec,debug IPSEC---->: 6e2e137f 2a929ca4
Apr/27/2022 16:09:25 ipsec,debug IPSEC---->: decrypted packet
Apr/27/2022 16:09:25 ipsec 

IPSEC---->: payload seen: EAP (17 bytes)
Apr/27/2022 16:09:25 ipsec IPSEC---->: processing payloads: NOTIFY (none found)
Apr/27/2022 

16:09:25 ipsec IPSEC---->: processing payload: EAP
Apr/27/2022 16:09:25 ipsec IPSEC---->: update peer's identity from EAP: fabrizio -> 

fabrizio
Apr/27/2022 16:09:26 ipsec,error IPSEC---->: radius timeout
Apr/27/2022 16:09:26 ipsec IPSEC---->: reply notify: 

AUTHENTICATION_FAILED
Apr/27/2022 16:09:26 ipsec IPSEC---->: adding notify: AUTHENTICATION_FAILED
Apr/27/2022 16:09:26 ipsec,debug 

IPSEC---->: => (size 0x8)
Apr/27/2022 16:09:26 ipsec,debug IPSEC---->: 00000008 00000018
Apr/27/2022 16:09:26 ipsec IPSEC---->: <- ike2 

reply, exchange: AUTH:2 xxx.xxx.xxx.xxx[4500] d6e060b9bf0bda77:aba852b1de24e375
Apr/27/2022 16:09:26 ipsec,debug IPSEC---->: ===== 

sending 84 bytes from yyy.yyy.yyy.yyy[4500] to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:26 ipsec,debug IPSEC---->: 1 times of 88 bytes 

message will be sent to xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:26 ipsec,info IPSEC---->: killing ike2 SA: ike2 yyy.yyy.yyy.yyy[4500]-

xxx.xxx.xxx.xxx[4500] spi:aba852b1de24e375:d6e060b9bf0bda77
Apr/27/2022 16:09:26 ipsec IPSEC---->: KA remove: yyy.yyy.yyy.yyy[4500]-

>xxx.xxx.xxx.xxx[4500]
Apr/27/2022 16:09:26 ipsec,debug IPSEC---->: KA tree dump: yyy.yyy.yyy.yyy[4500]->xxx.xxx.xxx.xxx[4500] 

(in_use=1)
Apr/27/2022 16:09:26 ipsec,debug IPSEC---->: KA removing this one...
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 5:20 pm

Another attemp with some changes.
It seems like a RADIUS timeout but RADIUS is active on the router i cas sees attemps in the status window
Did you allow the Radius protocol in the input chain? UDP 1812,1813,3799
processing payload: EAP
processing payloads: NOTIFY (none found)
update peer's identity from EAP: user
radius timeout
Apr/27/2022 16:09:26 ipsec IPSEC---->: reply notify:
AUTHENTICATION_FAILED


Suggestion
You should change your P1/P2 setting.
>: matched proposal:
proposal #1
enc: 3des-cbc
prf: hmac-sha1
auth: sha1
dh: modp1024
2022-04-27_18-58-36.png
2022-04-27_18-58-26.png
You do not have the required permissions to view the files attached to this post.
 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 6:55 pm

I made your suggested modification plus I created this rule:

Image

Still getting this error:
Apr/27/2022 17:44:32 ipsec IPSEC---->: payload seen: EAP (17 bytes)
Apr/27/2022 17:44:32 ipsec IPSEC---->: processing payloads: NOTIFY (none found)
Apr/27/2022 17:44:32 ipsec IPSEC---->: processing payload: EAP
Apr/27/2022 17:44:32 ipsec IPSEC---->: update peer's identity from EAP: user -> user
Apr/27/2022 17:44:33 ipsec,error IPSEC---->: radius timeout
Apr/27/2022 17:44:33 ipsec IPSEC---->: reply notify: AUTHENTICATION_FAILED
Apr/27/2022 17:44:33 ipsec IPSEC---->: adding notify: AUTHENTICATION_FAILED
Apr/27/2022 17:44:33 ipsec,debug IPSEC---->: => (size 0x8)
Apr/27/2022 17:44:33 ipsec,debug IPSEC---->: 00000008 00000018
You do not have the required permissions to view the files attached to this post.
 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 7:10 pm

Are this RADIUS settings correct ?
Is it the only setting to do?
Radius.PNG
You do not have the required permissions to view the files attached to this post.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: VPN remote access best practices suggestions

Wed Apr 27, 2022 7:15 pm

I can assist you with Anydesk/Teamviewer if you want to. as I don't know what is really going on in the config aspect and I'm more comfortable working with GUI/Winbox.

No there is another part in the user-manager in the routers section you have to fill that part too.
 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

Re: VPN remote access best practices suggestions

Thu Apr 28, 2022 10:29 am

That would be great!!
I'll arrange a remote connection.
Let me see if i can private message you
 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

Re: VPN remote access best practices suggestions

Thu Apr 28, 2022 1:46 pm

Meanwhile i have added some Radius logging, there is something going on with it:
Apr/28/2022 12:41:03 radius,debug RADIUS*-->: new request 55:69 code=Access-Request service=ipsec called-id=xxx.xxx.xxx.xxx
Apr/28/2022 12:41:03 radius,debug RADIUS*-->: sending 55:69 to 127.0.0.1:1812
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->: sending Access-Request with id 44 to 127.0.0.1:1812
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Signature = 0x7d30eefb2853d36472092e876d0b329d
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     User-Name = "user"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Called-Station-Id = "xxx.xxx.xxx.xxx"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Calling-Station-Id = "yyy.yyy.yyy.yyy"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-Port-Id = 0x0000000c
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-Port-Type = 5
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Service-Type = 2
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Event-Timestamp = 1651142463
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Framed-MTU = 1400
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     EAP-Message = 0x0200000d0166616272697a696f
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Message-Authenticator = 0xcf149b3a8c8679d7d11db4edb9fbb99e
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-Identifier = "Router"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-IP-Address = 127.0.0.1
Apr/28/2022 12:41:03 radius,debug RADIUS*-->: resending 55:69
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->: sending Access-Request with id 44 to 127.0.0.1:1812
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Signature = 0x7d30eefb2853d36472092e876d0b329d
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     User-Name = "user"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Called-Station-Id = "xxx.xxx.xxx.xxx"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Calling-Station-Id = "yyy.yyy.yyy.yyy"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-Port-Id = 0x0000000c
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-Port-Type = 5
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Service-Type = 2
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Event-Timestamp = 1651142463
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Framed-MTU = 1400
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     EAP-Message = 0x0200000d0166616272697a696f
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Message-Authenticator = 0xcf149b3a8c8679d7d11db4edb9fbb99e
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-Identifier = "Router"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-IP-Address = 127.0.0.1
Apr/28/2022 12:41:03 radius,debug RADIUS*-->: resending 55:69
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->: sending Access-Request with id 44 to 127.0.0.1:1812
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Signature = 0x7d30eefb2853d36472092e876d0b329d
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     User-Name = "user"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Called-Station-Id = "xxx.xxx.xxx.xxx"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Calling-Station-Id = "yyy.yyy.yyy.yyy"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-Port-Id = 0x0000000c
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-Port-Type = 5
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Service-Type = 2
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Event-Timestamp = 1651142463
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Framed-MTU = 1400
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     EAP-Message = 0x0200000d0166616272697a696f
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     Message-Authenticator = 0xcf149b3a8c8679d7d11db4edb9fbb99e
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-Identifier = "Router"
Apr/28/2022 12:41:03 radius,debug,packet RADIUS*-->:     NAS-IP-Address = 127.0.0.1
Apr/28/2022 12:41:04 radius,debug RADIUS*-->: timeout for 55:69
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: VPN remote access best practices suggestions

Thu Apr 28, 2022 2:14 pm

That would be great!!
I'll arrange a remote connection.
Let me see if i can private message you
There is no PM/DM at the forum. I checked the ras log entries nothing caught my eyes.
We can get in touch via email editied[at]live[dot]com
Last edited by own3r1138 on Thu Apr 28, 2022 5:55 pm, edited 1 time in total.
 
FabFab10
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 91
Joined: Mon Jul 14, 2008 2:17 pm

Re: VPN remote access best practices suggestions

Thu Apr 28, 2022 5:12 pm

I sent you an email but it bounced back:

The format of the e-mail address is incorrect. Check the address, look up the recipient in the Address Book, or contact the recipient directly to find out the correct address.
<SN4PR0801MB7774.namprd08.prod.outlook.com #5.1.351 smtp;550 5.1.351 Remote server returned unknown recipient or mailbox unavailable -> 550 Requested action not taken: mailbox unavailable>

reporting another address @mail.com
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 680
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: VPN remote access best practices suggestions

Thu Apr 28, 2022 5:57 pm

I sent you an email but it bounced back:

The format of the e-mail address is incorrect. Check the address, look up the recipient in the Address Book, or contact the recipient directly to find out the correct address.
<SN4PR0801MB7774.namprd08.prod.outlook.com #5.1.351 smtp;550 5.1.351 Remote server returned unknown recipient or mailbox unavailable -> 550 Requested action not taken: mailbox unavailable>

reporting another address @mail.com
I got your email and answered it, spam prevention :d

Who is online

Users browsing this forum: ccrsxx, Google [Bot], johnson73, Qalderu, rplant and 83 guests