Noob here with respect to IPSEC..........

TerrTech

So me the genius decided to try IPSEC trying to setup a site to site VPN using a Negate 2100 (Main) and a Negate 1100 at the branch location.

I have tried a few times even following this Netgate Recipies but to no avail and I am unsure of what logs you would require for analysis.

Thank you in advance.

the other

@TerrTech
hey there,
noting wrong with trying new things...being a noob myself, I dare to say that... ;)

For starters:
log under Status > System logs > there should be a IPsec log... (client and server side)...
Not that I could help you with that log interpretation. That's up to others here...but that log should include some error messages. Also: any entries under your System log itself?
Have you tried other VPN types (openVPN i.e)?

TerrTech

Thank you for the reply, In regards to trying other VPN types yes I did try setting up openVPN again with limited success but settled on IPSEC as I thought it would be more seamless creating a tunnel between the two networks. I'll post the logs next probably within the hour again thank you for the reply just a noob learning new %^&*

TerrTech

Server logs or #1 IPSEC.

ug 27 17:25:02 charon 57054 05[KNL] creating acquire job for policy 99.255.178.179/32|/0 === 172.24.0.233/32|/0 with reqid {1}
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> queueing IKE_VENDOR task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> queueing IKE_INIT task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> queueing IKE_NATD task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> queueing IKE_CERT_PRE task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> queueing IKE_AUTH task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> queueing IKE_CERT_POST task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> queueing IKE_CONFIG task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> queueing IKE_AUTH_LIFETIME task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> queueing IKE_ESTABLISH task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> queueing CHILD_CREATE task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> activating new tasks
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> activating IKE_VENDOR task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> activating IKE_INIT task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> activating IKE_NATD task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> activating IKE_CERT_PRE task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> activating IKE_AUTH task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> activating IKE_CERT_POST task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> activating IKE_CONFIG task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> activating IKE_AUTH_LIFETIME task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> activating IKE_ESTABLISH task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> activating CHILD_CREATE task
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> initiating IKE_SA con1[246] to 172.24.0.233
Aug 27 17:25:02 charon 57054 07[IKE] <con1|246> IKE_SA con1[246] state change: CREATED => CONNECTING
Aug 27 17:25:02 charon 57054 07[CFG] <con1|246> configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 27 17:25:02 charon 57054 07[CFG] <con1|246> sending supported signature hash algorithms: sha256 sha384 sha512 identity
Aug 27 17:25:02 charon 57054 07[ENC] <con1|246> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 27 17:25:02 charon 57054 07[NET] <con1|246> sending packet: from 99.255.178.179[500] to 172.24.0.233[500] (464 bytes)
Aug 27 17:25:06 charon 57054 07[IKE] <con1|246> retransmit 1 of request with message ID 0
Aug 27 17:25:06 charon 57054 07[NET] <con1|246> sending packet: from 99.255.178.179[500] to 172.24.0.233[500] (464 bytes)
Aug 27 17:25:13 charon 57054 05[IKE] <con1|246> retransmit 2 of request with message ID 0
Aug 27 17:25:13 charon 57054 05[NET] <con1|246> sending packet: from 99.255.178.179[500] to 172.24.0.233[500] (464 bytes)
Aug 27 17:25:26 charon 57054 05[IKE] <con1|246> retransmit 3 of request with message ID 0
Aug 27 17:25:26 charon 57054 05[NET] <con1|246> sending packet: from 99.255.178.179[500] to 172.24.0.233[500] (464 bytes)
Aug 27 17:25:50 charon 57054 05[IKE] <con1|246> retransmit 4 of request with message ID 0
Aug 27 17:25:50 charon 57054 05[NET] <con1|246> sending packet: from 99.255.178.179[500] to 172.24.0.233[500] (464 bytes)
Aug 27 17:26:32 charon 57054 16[IKE] <con1|246> retransmit 5 of request with message ID 0
Aug 27 17:26:32 charon 57054 16[NET] <con1|246> sending packet: from 99.255.178.179[500] to 172.24.0.233[500] (464 bytes)
Aug 27 17:27:47 charon 57054 16[IKE] <con1|246> giving up after 5 retransmits
Aug 27 17:27:47 charon 57054 16[IKE] <con1|246> establishing IKE_SA failed, peer not responding
Aug 27 17:27:47 charon 57054 16[IKE] <con1|246> IKE_SA con1[246] state change: CONNECTING => DESTROYING
Aug 27 17:29:27 charon 57054 09[KNL] creating acquire job for policy 99.255.178.179/32|/0 === 172.24.0.233/32|/0 with reqid {1}
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> queueing IKE_VENDOR task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> queueing IKE_INIT task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> queueing IKE_NATD task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> queueing IKE_CERT_PRE task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> queueing IKE_AUTH task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> queueing IKE_CERT_POST task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> queueing IKE_CONFIG task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> queueing IKE_AUTH_LIFETIME task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> queueing IKE_ESTABLISH task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> queueing CHILD_CREATE task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> activating new tasks
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> activating IKE_VENDOR task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> activating IKE_INIT task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> activating IKE_NATD task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> activating IKE_CERT_PRE task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> activating IKE_AUTH task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> activating IKE_CERT_POST task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> activating IKE_CONFIG task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> activating IKE_AUTH_LIFETIME task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> activating IKE_ESTABLISH task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> activating CHILD_CREATE task
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> initiating IKE_SA con1[247] to 172.24.0.233
Aug 27 17:29:27 charon 57054 06[IKE] <con1|247> IKE_SA con1[247] state change: CREATED => CONNECTING
A

TerrTech

I'll also post logs from #2 IPSEC:

Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> queueing CHILD_CREATE task
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> activating new tasks
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> activating IKE_VENDOR task
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> activating IKE_INIT task
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> activating IKE_NATD task
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> activating IKE_CERT_PRE task
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> activating IKE_AUTH task
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> activating IKE_CERT_POST task
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> activating IKE_CONFIG task
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> activating IKE_AUTH_LIFETIME task
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> activating IKE_ESTABLISH task
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> activating CHILD_CREATE task
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> initiating IKE_SA con1[381] to 99.255.178.179
Aug 27 17:56:34 charon 56449 13[IKE] <con1|381> IKE_SA con1[381] state change: CREATED => CONNECTING
Aug 27 17:56:34 charon 56449 13[CFG] <con1|381> configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 27 17:56:34 charon 56449 13[CFG] <con1|381> sending supported signature hash algorithms: sha256 sha384 sha512 identity
Aug 27 17:56:34 charon 56449 13[ENC] <con1|381> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 27 17:56:34 charon 56449 13[NET] <con1|381> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 17:56:38 charon 56449 13[IKE] <con1|381> retransmit 1 of request with message ID 0
Aug 27 17:56:38 charon 56449 13[NET] <con1|381> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 17:56:45 charon 56449 13[IKE] <con1|381> retransmit 2 of request with message ID 0
Aug 27 17:56:45 charon 56449 13[NET] <con1|381> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 17:56:58 charon 56449 13[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 17:56:58 charon 56449 13[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 17:56:58 charon 56449 08[IKE] <con1|381> retransmit 3 of request with message ID 0
Aug 27 17:56:58 charon 56449 08[NET] <con1|381> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 17:57:11 charon 56449 08[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 17:57:11 charon 56449 08[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 17:57:21 charon 56449 08[IKE] <con1|381> retransmit 4 of request with message ID 0
Aug 27 17:57:21 charon 56449 08[NET] <con1|381> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 17:57:34 charon 56449 08[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 17:57:34 charon 56449 08[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 17:57:58 charon 56449 08[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 17:57:58 charon 56449 08[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 17:58:03 charon 56449 14[IKE] <con1|381> retransmit 5 of request with message ID 0
Aug 27 17:58:03 charon 56449 14[NET] <con1|381> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 17:58:11 charon 56449 14[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 17:58:11 charon 56449 08[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 17:58:32 charon 56449 08[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 17:58:32 charon 56449 08[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 17:58:51 charon 56449 14[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 17:58:51 charon 56449 14[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 17:59:04 charon 56449 08[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 17:59:04 charon 56449 08[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 17:59:14 charon 56449 14[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 17:59:14 charon 56449 08[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 17:59:19 charon 56449 14[IKE] <con1|381> giving up after 5 retransmits
Aug 27 17:59:19 charon 56449 14[IKE] <con1|381> establishing IKE_SA failed, peer not responding
Aug 27 17:59:19 charon 56449 14[IKE] <con1|381> IKE_SA con1[381] state change: CONNECTING => DESTROYING
Aug 27 17:59:34 charon 56449 14[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> queueing IKE_VENDOR task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> queueing IKE_INIT task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> queueing IKE_NATD task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> queueing IKE_CERT_PRE task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> queueing IKE_AUTH task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> queueing IKE_CERT_POST task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> queueing IKE_CONFIG task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> queueing IKE_AUTH_LIFETIME task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> queueing IKE_ESTABLISH task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> queueing CHILD_CREATE task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> activating new tasks
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> activating IKE_VENDOR task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> activating IKE_INIT task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> activating IKE_NATD task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> activating IKE_CERT_PRE task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> activating IKE_AUTH task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> activating IKE_CERT_POST task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> activating IKE_CONFIG task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> activating IKE_AUTH_LIFETIME task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> activating IKE_ESTABLISH task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> activating CHILD_CREATE task
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> initiating IKE_SA con1[382] to 99.255.178.179
Aug 27 17:59:34 charon 56449 14[IKE] <con1|382> IKE_SA con1[382] state change: CREATED => CONNECTING
Aug 27 17:59:34 charon 56449 14[CFG] <con1|382> configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 27 17:59:34 charon 56449 14[CFG] <con1|382> sending supported signature hash algorithms: sha256 sha384 sha512 identity
Aug 27 17:59:34 charon 56449 14[ENC] <con1|382> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 27 17:59:34 charon 56449 14[NET] <con1|382> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 17:59:38 charon 56449 14[IKE] <con1|382> retransmit 1 of request with message ID 0
Aug 27 17:59:38 charon 56449 14[NET] <con1|382> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 17:59:45 charon 56449 14[IKE] <con1|382> retransmit 2 of request with message ID 0
Aug 27 17:59:45 charon 56449 14[NET] <con1|382> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 17:59:49 charon 56449 14[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 17:59:49 charon 56449 14[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 17:59:58 charon 56449 14[IKE] <con1|382> retransmit 3 of request with message ID 0
Aug 27 17:59:58 charon 56449 14[NET] <con1|382> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 18:00:10 charon 56449 14[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 18:00:10 charon 56449 14[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 18:00:21 charon 56449 16[IKE] <con1|382> retransmit 4 of request with message ID 0
Aug 27 18:00:21 charon 56449 16[NET] <con1|382> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 18:00:32 charon 56449 16[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 18:00:32 charon 56449 16[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 18:00:52 charon 56449 14[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 18:00:52 charon 56449 14[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 18:01:03 charon 56449 16[IKE] <con1|382> retransmit 5 of request with message ID 0
Aug 27 18:01:03 charon 56449 16[NET] <con1|382> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 27 18:01:12 charon 56449 14[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 18:01:12 charon 56449 14[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 18:01:34 charon 56449 12[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 18:01:34 charon 56449 12[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 18:01:57 charon 56449 14[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 18:01:57 charon 56449 14[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 18:02:10 charon 56449 12[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}
Aug 27 18:02:10 charon 56449 12[CFG] ignoring acquire for reqid 1, connection attempt pending
Aug 27 18:02:19 charon 56449 14[IKE] <con1|382> giving up after 5 retransmits
Aug 27 18:02:19 charon 56449 14[IKE] <con1|382> establishing IKE_SA failed, peer not responding
Aug 27 18:02:19 charon 56449 14[IKE] <con1|382> IKE_SA con1[382] state change: CONNECTING => DESTROYING
Aug 27 18:02:32 charon 56449 14[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}

NOCling

The one site is a privat IP, looks like you need NAT-T to reach this endpoint.

How do you reach the Internet on the 172.24.0.233 site? CGN? DS-Lite?

Do you have IPv6 on both sites, then go for Dual Stack in Phase 1.

TerrTech

Thank you NOCling,

I just removed both IPSEC from the devices and will start over I figured out why it was getting an private address that is what the negate device sees in the Wan due to it being satellite connection it handed out a private address but I found the Gateway and try and post back.

TerrTech

More logs still no success.

2100 Logs
Aug 28 23:10:56 charon 25380 05[NET] <201> received packet: from 24.51.235.3[4500] to 99.255.178.179[4500] (304 bytes)
Aug 28 23:10:56 charon 25380 05[ENC] <201> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Aug 28 23:10:56 charon 25380 05[IKE] <201> local endpoint changed from 99.255.178.179[500] to 99.255.178.179[4500]
Aug 28 23:10:56 charon 25380 05[IKE] <201> remote endpoint changed from 24.51.235.3[500] to 24.51.235.3[4500]
Aug 28 23:10:56 charon 25380 05[CFG] <201> looking for peer configs matching 99.255.178.179[99.255.178.179]...24.51.235.3[172.24.0.233]
Aug 28 23:10:56 charon 25380 05[CFG] <201> no matching peer config found
Aug 28 23:10:56 charon 25380 05[IKE] <201> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Aug 28 23:10:56 charon 25380 05[ENC] <201> generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Aug 28 23:10:56 charon 25380 05[NET] <201> sending packet: from 99.255.178.179[4500] to 24.51.235.3[4500] (80 bytes)
Aug 28 23:10:56 charon 25380 05[IKE] <201> IKE_SA (unnamed)[201] state change: CONNECTING => DESTROYING
Aug 28 23:11:01 charon 25380 10[CFG] vici client 603 connected
Aug 28 23:11:01 charon 25380 10[CFG] vici client 603 registered for: list-sa
Aug 28 23:11:01 charon 25380 10[CFG] vici client 603 requests: list-sas
Aug 28 23:11:01 charon 25380 06[CFG] vici client 603 disconnected
Aug 28 23:11:07 charon 25380 07[CFG] vici client 604 connected
Aug 28 23:11:07 charon 25380 07[CFG] vici client 604 registered for: list-sa
Aug 28 23:11:07 charon 25380 07[CFG] vici client 604 requests: list-sas
Aug 28 23:11:07 charon 25380 09[CFG] vici client 604 disconnected
Aug 28 23:11:12 charon 25380 13[CFG] vici client 605 connected
Aug 28 23:11:12 charon 25380 13[CFG] vici client 605 registered for: list-sa
Aug 28 23:11:12 charon 25380 07[CFG] vici client 605 requests: list-sas
Aug 28 23:11:12 charon 25380 12[CFG] vici client 605 disconnected

1100 Logs

Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> initiating IKE_SA con1[221] to 99.255.178.179
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> IKE_SA con1[221] state change: CREATED => CONNECTING
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> sending supported signature hash algorithms: sha256 sha384 sha512 identity
Aug 28 23:16:56 charon 80583 06[ENC] <con1|221> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Aug 28 23:16:56 charon 80583 06[NET] <con1|221> sending packet: from 172.24.0.233[500] to 99.255.178.179[500] (464 bytes)
Aug 28 23:16:56 charon 80583 06[NET] <con1|221> received packet: from 99.255.178.179[500] to 172.24.0.233[500] (472 bytes)
Aug 28 23:16:56 charon 80583 06[ENC] <con1|221> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> received FRAGMENTATION_SUPPORTED notify
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> received SIGNATURE_HASH_ALGORITHMS notify
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> received CHILDLESS_IKEV2_SUPPORTED notify
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> selecting proposal:
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> proposal matches
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> received proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> received supported signature hash algorithms: sha256 sha384 sha512 identity
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> local host is behind NAT, sending keep alives
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> reinitiating already active tasks
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> IKE_CERT_PRE task
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> IKE_AUTH task
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> authentication of '172.24.0.233' (myself) with pre-shared key
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> successfully created shared key MAC
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> proposing traffic selectors for us:
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> 192.168.2.0/24|/0
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> proposing traffic selectors for other:
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> 192.168.1.0/24|/0
Aug 28 23:16:56 charon 80583 06[CFG] <con1|221> configured proposals: ESP:AES_GCM_16_128/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> establishing CHILD_SA con1{206} reqid 1
Aug 28 23:16:56 charon 80583 06[ENC] <con1|221> generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Aug 28 23:16:56 charon 80583 06[NET] <con1|221> sending packet: from 172.24.0.233[4500] to 99.255.178.179[4500] (304 bytes)
Aug 28 23:16:56 charon 80583 06[NET] <con1|221> received packet: from 99.255.178.179[4500] to 172.24.0.233[4500] (80 bytes)
Aug 28 23:16:56 charon 80583 06[ENC] <con1|221> parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> received AUTHENTICATION_FAILED notify error
Aug 28 23:16:56 charon 80583 06[CHD] <con1|221> CHILD_SA con1{206} state change: CREATED => DESTROYING
Aug 28 23:16:56 charon 80583 06[IKE] <con1|221> IKE_SA con1[221] state change: CONNECTING => DESTROYING
Aug 28 23:17:17 charon 80583 06[KNL] creating acquire job for policy 172.24.0.233/32|/0 === 99.255.178.179/32|/0 with reqid {1}