Can't get IPSEC to connect, been trying for days.
-
Trying whole days to make working VPN tunnel between 2 computers, here is the log:
May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[MGR] checkout IKE_SA by config May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[MGR] created IKE_SA (unnamed)[15] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] queueing IKE_VENDOR task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] queueing IKE_INIT task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] queueing IKE_NATD task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] queueing IKE_CERT_PRE task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] queueing IKE_AUTH task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] queueing IKE_CERT_POST task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] queueing IKE_CONFIG task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] queueing IKE_AUTH_LIFETIME task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] queueing IKE_MOBIKE task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] queueing IKE_ME task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] queueing CHILD_CREATE task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating new tasks May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating IKE_VENDOR task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating IKE_INIT task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating IKE_NATD task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating IKE_CERT_PRE task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating IKE_ME task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating IKE_AUTH task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating IKE_CERT_POST task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating IKE_CONFIG task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating CHILD_CREATE task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating IKE_AUTH_LIFETIME task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] activating IKE_MOBIKE task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] initiating IKE_SA hosttohost[15] to fd00:4444:5555:6666::2 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[IKE] IKE_SA hosttohost[15] state change: CREATED => CONNECTING May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[NET] sending packet: from fd00:1111:2222:3333::2[500] to fd00:4444:5555:6666::2[500] (1428 bytes) May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[MGR] checkin IKE_SA hosttohost[15] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 07[MGR] checkin of IKE_SA successful May 22 18:29:01 martin-Legion-5-15IAH7H charon: 01[NET] sending packet: from fd00:1111:2222:3333::2[500] to fd00:4444:5555:6666::2[500] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 02[NET] received packet: from fd00:4444:5555:6666::2[500] to fd00:1111:2222:3333::2[500] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 02[NET] waiting for data on sockets May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[MGR] checkout IKEv2 SA by message with SPIs 68ef76643a2e8079_i 0000000000000000_r May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[MGR] IKE_SA hosttohost[15] successfully checked out May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[NET] received packet: from fd00:4444:5555:6666::2[500] to fd00:1111:2222:3333::2[500] (38 bytes) May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[ENC] parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] peer didn't accept DH group MODP_4096, it requested MODP_3072 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] IKE_SA hosttohost[15] state change: CONNECTING => CREATED May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] queueing IKE_VENDOR task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] queueing IKE_ME task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating new tasks May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating IKE_VENDOR task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating IKE_INIT task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating IKE_NATD task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating IKE_CERT_PRE task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating IKE_ME task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating IKE_AUTH task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating IKE_CERT_POST task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating IKE_CONFIG task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating CHILD_CREATE task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating IKE_AUTH_LIFETIME task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] activating IKE_MOBIKE task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] initiating IKE_SA hosttohost[15] to fd00:4444:5555:6666::2 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[IKE] IKE_SA hosttohost[15] state change: CREATED => CONNECTING May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[NET] sending packet: from fd00:1111:2222:3333::2[500] to fd00:4444:5555:6666::2[500] (1300 bytes) May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[MGR] checkin IKE_SA hosttohost[15] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 03[MGR] checkin of IKE_SA successful May 22 18:29:01 martin-Legion-5-15IAH7H charon: 01[NET] sending packet: from fd00:1111:2222:3333::2[500] to fd00:4444:5555:6666::2[500] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 02[NET] received packet: from fd00:4444:5555:6666::2[500] to fd00:1111:2222:3333::2[500] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 02[NET] waiting for data on sockets May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[MGR] checkout IKEv2 SA by message with SPIs 68ef76643a2e8079_i 93f2f33fc778e485_r May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[MGR] IKE_SA hosttohost[15] successfully checked out May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[NET] received packet: from fd00:4444:5555:6666::2[500] to fd00:1111:2222:3333::2[500] (625 bytes) May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[IKE] received FRAGMENTATION_SUPPORTED notify May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[IKE] received SIGNATURE_HASH_ALGORITHMS notify May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[IKE] received CHILDLESS_IKEV2_SUPPORTED notify May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] selecting proposal: May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] no acceptable INTEGRITY_ALGORITHM found May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] selecting proposal: May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] proposal matches May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] received supported signature hash algorithms: sha256 sha384 sha512 identity May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[IKE] received cert request for "CN=CA" May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[IKE] reinitiating already active tasks May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[IKE] IKE_CERT_PRE task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[IKE] IKE_AUTH task May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[IKE] sending cert request for "CN=CA" May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[IKE] authentication of 'O=OU, CN=computer1' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[IKE] sending end entity cert "O=OU, CN=computer1" May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] proposing traffic selectors for us: May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] fd00:1111:2222:3333::2/128 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] proposing traffic selectors for other: May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] dynamic May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ, ESP:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[IKE] establishing CHILD_SA hosttohost{7} May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[KNL] got SPI cf250833 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[ENC] splitting IKE message (2016 bytes) into 2 fragments May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[ENC] generating IKE_AUTH request 1 [ EF(1/2) ] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[ENC] generating IKE_AUTH request 1 [ EF(2/2) ] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[NET] sending packet: from fd00:1111:2222:3333::2[4500] to fd00:4444:5555:6666::2[4500] (1220 bytes) May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[NET] sending packet: from fd00:1111:2222:3333::2[4500] to fd00:4444:5555:6666::2[4500] (868 bytes) May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[MGR] checkin IKE_SA hosttohost[15] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 10[MGR] checkin of IKE_SA successful May 22 18:29:01 martin-Legion-5-15IAH7H charon: 01[NET] sending packet: from fd00:1111:2222:3333::2[4500] to fd00:4444:5555:6666::2[4500] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 01[NET] sending packet: from fd00:1111:2222:3333::2[4500] to fd00:4444:5555:6666::2[4500] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 02[NET] received packet: from fd00:4444:5555:6666::2[4500] to fd00:1111:2222:3333::2[4500] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 02[NET] waiting for data on sockets May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[MGR] checkout IKEv2 SA by message with SPIs 68ef76643a2e8079_i 93f2f33fc778e485_r May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[MGR] IKE_SA hosttohost[15] successfully checked out May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[NET] received packet: from fd00:4444:5555:6666::2[4500] to fd00:1111:2222:3333::2[4500] (80 bytes) May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[IKE] received AUTHENTICATION_FAILED notify error May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[KNL] deleting SAD entry with SPI cf250833 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[KNL] deleted SAD entry with SPI cf250833 May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[MGR] checkin and destroy IKE_SA hosttohost[15] May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[IKE] IKE_SA hosttohost[15] state change: CONNECTING => DESTROYING May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[MGR] checkin and destroy of IKE_SA successful May 22 18:29:05 martin-Legion-5-15IAH7H charon: 05[MGR] checkout IKEv2 SA with SPIs 68ef76643a2e8079_i 0000000000000000_r May 22 18:29:05 martin-Legion-5-15IAH7H charon: 05[MGR] IKE_SA checkout not successful May 22 18:29:05 martin-Legion-5-15IAH7H charon: 04[MGR] checkout IKEv2 SA with SPIs 68ef76643a2e8079_i 0000000000000000_r May 22 18:29:05 martin-Legion-5-15IAH7H charon: 04[MGR] IKE_SA checkout not successful May 22 18:29:05 martin-Legion-5-15IAH7H charon: 08[MGR] checkout IKEv2 SA with SPIs 68ef76643a2e8079_i 93f2f33fc778e485_r May 22 18:29:05 martin-Legion-5-15IAH7H charon: 08[MGR] IKE_SA checkout not successful log when I try to make connection from second computer: May 22 18:47:43 martin-Legion-5-15IAH7H charon: 02[NET] received packet: from fd00:4444:5555:6666::2[500] to fd00:1111:2222:3333::2[500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 02[NET] waiting for data on sockets May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[MGR] checkout IKEv2 SA by message with SPIs 7d403999cc845a29_i 0000000000000000_r May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[MGR] created IKE_SA (unnamed)[17] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[NET] received packet: from fd00:4444:5555:6666::2[500] to fd00:1111:2222:3333::2[500] (1428 bytes) May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] looking for an IKEv2 config for fd00:1111:2222:3333::2...fd00:4444:5555:6666::2 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] candidate: fd00:1111:2222:3333::2...fd00:4444:5555:6666::2, prio 3100 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] candidate: fd00:1111:2222:3333::2...fd00:4444:5555:6666::2, prio 3100 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] candidate: fd00:1111:2222:3333::2...fd00:4444:5555:6666::2, prio 3096 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] found matching ike config: fd00:1111:2222:3333::2...fd00:4444:5555:6666::2 with prio 3100 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[IKE] local endpoint changed from 0.0.0.0[500] to fd00:1111:2222:3333::2[500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[IKE] remote endpoint changed from 0.0.0.0 to fd00:4444:5555:6666::2[500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[IKE] fd00:4444:5555:6666::2 is initiating an IKE_SA May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[IKE] IKE_SA (unnamed)[17] state change: CREATED => CONNECTING May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] selecting proposal: May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] no acceptable INTEGRITY_ALGORITHM found May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] selecting proposal: May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] proposal matches May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/MODP_4096/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/MODP_4096/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_6144/MODP_8192/MODP_2048 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[CFG] received supported signature hash algorithms: sha256 sha384 sha512 identity May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[IKE] DH group MODP_4096 unacceptable, requesting MODP_3072 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[NET] sending packet: from fd00:1111:2222:3333::2[500] to fd00:4444:5555:6666::2[500] (38 bytes) May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[MGR] checkin and destroy IKE_SA (unnamed)[17] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[IKE] IKE_SA (unnamed)[17] state change: CONNECTING => DESTROYING May 22 18:47:43 martin-Legion-5-15IAH7H charon: 15[MGR] checkin and destroy of IKE_SA successful May 22 18:47:43 martin-Legion-5-15IAH7H charon: 01[NET] sending packet: from fd00:1111:2222:3333::2[500] to fd00:4444:5555:6666::2[500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 02[NET] received packet: from fd00:4444:5555:6666::2[500] to fd00:1111:2222:3333::2[500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 02[NET] waiting for data on sockets May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[MGR] checkout IKEv2 SA by message with SPIs 7d403999cc845a29_i 0000000000000000_r May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[MGR] created IKE_SA (unnamed)[18] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[NET] received packet: from fd00:4444:5555:6666::2[500] to fd00:1111:2222:3333::2[500] (1300 bytes) May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] looking for an IKEv2 config for fd00:1111:2222:3333::2...fd00:4444:5555:6666::2 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] candidate: fd00:1111:2222:3333::2...fd00:4444:5555:6666::2, prio 3100 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] candidate: fd00:1111:2222:3333::2...fd00:4444:5555:6666::2, prio 3100 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] candidate: fd00:1111:2222:3333::2...fd00:4444:5555:6666::2, prio 3096 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] found matching ike config: fd00:1111:2222:3333::2...fd00:4444:5555:6666::2 with prio 3100 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[IKE] local endpoint changed from 0.0.0.0[500] to fd00:1111:2222:3333::2[500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[IKE] remote endpoint changed from 0.0.0.0 to fd00:4444:5555:6666::2[500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[IKE] fd00:4444:5555:6666::2 is initiating an IKE_SA May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[IKE] IKE_SA (unnamed)[18] state change: CREATED => CONNECTING May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] selecting proposal: May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] proposal matches May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] received proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/MODP_3072/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/MODP_3072/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_4096 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/CURVE_25519/CURVE_448/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_3072 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] received supported signature hash algorithms: sha256 sha384 sha512 identity May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[IKE] sending cert request for "CN=CA" May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[NET] sending packet: from fd00:1111:2222:3333::2[500] to fd00:4444:5555:6666::2[500] (625 bytes) May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[MGR] checkin IKE_SA (unnamed)[18] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 06[MGR] checkin of IKE_SA successful May 22 18:47:43 martin-Legion-5-15IAH7H charon: 01[NET] sending packet: from fd00:1111:2222:3333::2[500] to fd00:4444:5555:6666::2[500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 02[NET] received packet: from fd00:4444:5555:6666::2[4500] to fd00:1111:2222:3333::2[4500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 02[NET] waiting for data on sockets May 22 18:47:43 martin-Legion-5-15IAH7H charon: 02[NET] received packet: from fd00:4444:5555:6666::2[4500] to fd00:1111:2222:3333::2[4500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 02[NET] waiting for data on sockets May 22 18:47:43 martin-Legion-5-15IAH7H charon: 12[MGR] checkout IKEv2 SA by message with SPIs 7d403999cc845a29_i 63789b80147600e2_r May 22 18:47:43 martin-Legion-5-15IAH7H charon: 12[MGR] IKE_SA (unnamed)[18] successfully checked out May 22 18:47:43 martin-Legion-5-15IAH7H charon: 12[NET] received packet: from fd00:4444:5555:6666::2[4500] to fd00:1111:2222:3333::2[4500] (1220 bytes) May 22 18:47:43 martin-Legion-5-15IAH7H charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(1/2) ] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 12[IKE] local endpoint changed from fd00:1111:2222:3333::2[500] to fd00:1111:2222:3333::2[4500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 12[IKE] remote endpoint changed from fd00:4444:5555:6666::2[500] to fd00:4444:5555:6666::2[4500] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 12[ENC] received fragment #1 of 2, waiting for complete IKE message May 22 18:47:43 martin-Legion-5-15IAH7H charon: 12[MGR] checkin IKE_SA (unnamed)[18] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 12[MGR] checkin of IKE_SA successful May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[MGR] checkout IKEv2 SA by message with SPIs 7d403999cc845a29_i 63789b80147600e2_r May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[MGR] IKE_SA (unnamed)[18] successfully checked out May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[NET] received packet: from fd00:4444:5555:6666::2[4500] to fd00:1111:2222:3333::2[4500] (884 bytes) May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[ENC] parsed IKE_AUTH request 1 [ EF(2/2) ] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[ENC] received fragment #2 of 2, reassembled fragmented IKE message (2032 bytes) May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[IKE] received cert request for "CN=CA" May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[IKE] received end entity cert "O=OU, CN=computer2" May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[CFG] looking for peer configs matching fd00:1111:2222:3333::2[computer1]...fd00:4444:5555:6666::2[O=OU, CN=computer2] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[CFG] no matching peer config found May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[IKE] peer supports MOBIKE May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[IKE] got additional MOBIKE peer address: 192.168.88.246 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[IKE] got additional MOBIKE peer address: 192.168.1.38 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[IKE] got additional MOBIKE peer address: fd00:4444:5555:6666:7379:3fd6:6178:f67d May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[IKE] got additional MOBIKE peer address: fd00:9999:8888:7777:9d4:e1dd:7a3d:502a May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[IKE] got additional MOBIKE peer address: fd00:1111:2222:3333:70cf:7fe3:26c5:7345 May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[NET] sending packet: from fd00:1111:2222:3333::2[4500] to fd00:4444:5555:6666::2[4500] (80 bytes) May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[MGR] checkin and destroy IKE_SA (unnamed)[18] May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[IKE] IKE_SA (unnamed)[18] state change: CONNECTING => DESTROYING May 22 18:47:43 martin-Legion-5-15IAH7H charon: 07[MGR] checkin and destroy of IKE_SA successful May 22 18:47:43 martin-Legion-5-15IAH7H charon: 01[NET] sending packet: from fd00:1111:2222:3333::2[4500] to fd00:4444:5555:6666::2[4500] -
@sunka said in Can't get IPSEC to connect, been trying for days.:
May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
May 22 18:29:01 martin-Legion-5-15IAH7H charon: 16[IKE] received AUTHENTICATION_FAILED notify errorThis suggests that part of your handshaking is wrong.
SSLs or keys or a mix of the two or whatever the config is.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.