Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IKEv2

    Scheduled Pinned Locked Moved IPsec
    11 Posts 2 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mamawe @ssghudsonkj
      last edited by mamawe

      @ssghudsonkj said in IKEv2:

      Here are my pfsense ipsec logs from when I try to connect from windows:
      May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> lease 10.3.200.1 by 'kellenhudson@gmail.com' went offline
      May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> IKE_SA con-mobile[52] state change: DELETING => DESTROYING
      May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> sending packet: from 23.169.65.208[4500] to 69.63.95.99[46389] (80 bytes)
      May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> generating INFORMATIONAL response 6 [ ]
      May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> IKE_SA deleted
      May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> IKE_SA con-mobile[52] state change: ESTABLISHED => DELETING
      May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> deleting IKE_SA con-mobile[52] between 23.169.65.208[sgthudsonkj.ddns.net]...69.63.95.99[10.220.61.175]
      May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> received DELETE for IKE_SA con-mobile[52]
      May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> parsed INFORMATIONAL request 6 [ D ]
      May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> received packet: from 69.63.95.99[46389] to 23.169.65.208[4500] (80 bytes)
      May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> sending packet: from 23.169.65.208[4500] to 69.63.95.99[46389] (256 bytes)
      May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> generating IKE_AUTH response 5 [ AUTH CPRP(ADDR SUBNET U_SPLITINC DNS DNS U_DEFDOM U_SPLITDNS U_SAVEPWD) N(MOBIKE_SUP) N(ADD_4_ADDR) N(NO_PROP) ]
      May 30 17:46:30 charon 67324 01[CHD] <con-mobile|52> CHILD_SA con-mobile{23} state change: CREATED => DESTROYING
      May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> failed to establish CHILD_SA, keeping IKE_SA
      May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> no acceptable proposal found
      May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
      May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> received proposals: ESP:AES_CBC_256/NO_EXT_SEQ
      May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> no acceptable ENCRYPTION_ALGORITHM found
      May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> selecting proposal:
      May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> no acceptable ENCRYPTION_ALGORITHM found
      May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> selecting proposal:
      May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> no acceptable INTEGRITY_ALGORITHM found
      May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> selecting proposal:
      May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> found matching child config "con-mobile" with prio 12

      This looks like the Windows client sends a phase2 proposal without an integrity transform (ESP:AES_CBC_256/NO_EXT_SEQ).
      The pfsense does not find a matching proposal, declines the child SA but keeps the IKE SA.
      The Windows client then deletes the IKE SA.

      Kind regards,
      Mathias

      S 1 Reply Last reply Reply Quote 0
      • S
        ssghudsonkj @mamawe
        last edited by

        @mamawe How do I resolve this?

        I tried to follow this guide: https://www.stevenjordan.net/2016/09/secure-ikev2-win-10.html

        M 1 Reply Last reply Reply Quote 0
        • M
          mamawe @ssghudsonkj
          last edited by

          @ssghudsonkj said in IKEv2:

          @mamawe How do I resolve this?

          I tried to follow this guide: https://www.stevenjordan.net/2016/09/secure-ikev2-win-10.html

          How did you try to follow this guide?
          Did you use the registry key, the powershell command, or both?
          What exactly did you do, can you post the exact keys and values or the commands you typed?

          Kind regardas,
          Mathias

          S 1 Reply Last reply Reply Quote 0
          • S
            ssghudsonkj @mamawe
            last edited by

            @mamawe I created the registry key and set it to 2… I didn’t do anything else.

            M 1 Reply Last reply Reply Quote 0
            • M
              mamawe @ssghudsonkj
              last edited by

              @ssghudsonkj said in IKEv2:

              @mamawe I created the registry key and set it to 2… I didn’t do anything else.

              Please try adding hash algorithm SHA1 to the phase 2 proposal on the pfSense.

              S 3 Replies Last reply Reply Quote 0
              • S
                ssghudsonkj @mamawe
                last edited by

                @mamawe I still receive the invalid payload received error on the Windows 10 side.

                1 Reply Last reply Reply Quote 0
                • S
                  ssghudsonkj @mamawe
                  last edited by

                  Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 disconnected
                  Jun 7 09:36:42 charon 67324 09[CFG] updated vici connection: con-mobile
                  Jun 7 09:36:42 charon 67324 09[CFG] id = %any
                  Jun 7 09:36:42 charon 67324 09[CFG] eap_id = %any
                  Jun 7 09:36:42 charon 67324 09[CFG] class = EAP
                  Jun 7 09:36:42 charon 67324 09[CFG] eap-type = EAP_MSCHAPV2
                  Jun 7 09:36:42 charon 67324 09[CFG] remote:
                  Jun 7 09:36:42 charon 67324 09[CFG] cert = CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet
                  Jun 7 09:36:42 charon 67324 09[CFG] id = sgthudsonkj.ddns.net
                  Jun 7 09:36:42 charon 67324 09[CFG] class = public key
                  Jun 7 09:36:42 charon 67324 09[CFG] local:
                  Jun 7 09:36:42 charon 67324 09[CFG] if_id_out = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] if_id_in = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] proposals = IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
                  Jun 7 09:36:42 charon 67324 09[CFG] rand_time = 2880
                  Jun 7 09:36:42 charon 67324 09[CFG] over_time = 2880
                  Jun 7 09:36:42 charon 67324 09[CFG] rekey_time = 25920
                  Jun 7 09:36:42 charon 67324 09[CFG] reauth_time = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] keyingtries = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] unique = UNIQUE_REPLACE
                  Jun 7 09:36:42 charon 67324 09[CFG] childless = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] fragmentation = 2
                  Jun 7 09:36:42 charon 67324 09[CFG] dpd_timeout = 60
                  Jun 7 09:36:42 charon 67324 09[CFG] dpd_delay = 10
                  Jun 7 09:36:42 charon 67324 09[CFG] encap = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] dscp = 0x00
                  Jun 7 09:36:42 charon 67324 09[CFG] aggressive = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] mobike = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] ppk_required = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] ppk_id = (null)
                  Jun 7 09:36:42 charon 67324 09[CFG] send_cert = CERT_ALWAYS_SEND
                  Jun 7 09:36:42 charon 67324 09[CFG] send_certreq = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] remote_port = 500
                  Jun 7 09:36:42 charon 67324 09[CFG] local_port = 500
                  Jun 7 09:36:42 charon 67324 09[CFG] remote_addrs = 0.0.0.0/0, ::/0
                  Jun 7 09:36:42 charon 67324 09[CFG] local_addrs = 23.169.65.208
                  Jun 7 09:36:42 charon 67324 09[CFG] version = 2
                  Jun 7 09:36:42 charon 67324 09[CFG] copy_dscp = out
                  Jun 7 09:36:42 charon 67324 09[CFG] copy_ecn = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] copy_df = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] sha256_96 = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] hw_offload = no
                  Jun 7 09:36:42 charon 67324 09[CFG] remote_ts = dynamic
                  Jun 7 09:36:42 charon 67324 09[CFG] local_ts = 0.0.0.0/0|/0
                  Jun 7 09:36:42 charon 67324 09[CFG] proposals = ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
                  Jun 7 09:36:42 charon 67324 09[CFG] inactivity = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] set_mark_out = 0/0
                  Jun 7 09:36:42 charon 67324 09[CFG] set_mark_in = 0/0
                  Jun 7 09:36:42 charon 67324 09[CFG] mark_out = 0/0
                  Jun 7 09:36:42 charon 67324 09[CFG] mark_in_sa = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] mark_in = 0/0
                  Jun 7 09:36:42 charon 67324 09[CFG] if_id_out = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] if_id_in = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] interface = (null)
                  Jun 7 09:36:42 charon 67324 09[CFG] priority = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] tfc = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] reqid = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] close_action = clear
                  Jun 7 09:36:42 charon 67324 09[CFG] start_action = clear
                  Jun 7 09:36:42 charon 67324 09[CFG] dpd_action = clear
                  Jun 7 09:36:42 charon 67324 09[CFG] policies_fwd_out = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] policies = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] mode = TUNNEL
                  Jun 7 09:36:42 charon 67324 09[CFG] ipcomp = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] hostaccess = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] updown = (null)
                  Jun 7 09:36:42 charon 67324 09[CFG] rand_packets = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] life_packets = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] rekey_packets = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] rand_bytes = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] life_bytes = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] rekey_bytes = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] rand_time = 360
                  Jun 7 09:36:42 charon 67324 09[CFG] life_time = 3600
                  Jun 7 09:36:42 charon 67324 09[CFG] rekey_time = 3240
                  Jun 7 09:36:42 charon 67324 09[CFG] child con-mobile:
                  Jun 7 09:36:42 charon 67324 09[CFG] conn con-mobile:
                  Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: load-conn
                  Jun 7 09:36:42 charon 67324 09[CFG] updated vici connection: bypass
                  Jun 7 09:36:42 charon 67324 09[CFG] remote:
                  Jun 7 09:36:42 charon 67324 09[CFG] local:
                  Jun 7 09:36:42 charon 67324 09[CFG] if_id_out = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] if_id_in = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] proposals = IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
                  Jun 7 09:36:42 charon 67324 09[CFG] rand_time = 1440
                  Jun 7 09:36:42 charon 67324 09[CFG] over_time = 1440
                  Jun 7 09:36:42 charon 67324 09[CFG] rekey_time = 14400
                  Jun 7 09:36:42 charon 67324 09[CFG] reauth_time = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] keyingtries = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] unique = UNIQUE_NO
                  Jun 7 09:36:42 charon 67324 09[CFG] childless = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] fragmentation = 2
                  Jun 7 09:36:42 charon 67324 09[CFG] dpd_timeout = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] dpd_delay = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] encap = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] dscp = 0x00
                  Jun 7 09:36:42 charon 67324 09[CFG] aggressive = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] mobike = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] ppk_required = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] ppk_id = (null)
                  Jun 7 09:36:42 charon 67324 09[CFG] send_cert = CERT_SEND_IF_ASKED
                  Jun 7 09:36:42 charon 67324 09[CFG] send_certreq = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] remote_port = 500
                  Jun 7 09:36:42 charon 67324 09[CFG] local_port = 500
                  Jun 7 09:36:42 charon 67324 09[CFG] remote_addrs = 127.0.0.1
                  Jun 7 09:36:42 charon 67324 09[CFG] local_addrs = %any
                  Jun 7 09:36:42 charon 67324 09[CFG] version = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] copy_dscp = out
                  Jun 7 09:36:42 charon 67324 09[CFG] copy_ecn = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] copy_df = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] sha256_96 = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] hw_offload = no
                  Jun 7 09:36:42 charon 67324 09[CFG] remote_ts = 172.30.222.0/24|/0
                  Jun 7 09:36:42 charon 67324 09[CFG] local_ts = 172.30.222.0/24|/0
                  Jun 7 09:36:42 charon 67324 09[CFG] proposals = ESP:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ
                  Jun 7 09:36:42 charon 67324 09[CFG] inactivity = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] set_mark_out = 0/0
                  Jun 7 09:36:42 charon 67324 09[CFG] set_mark_in = 0/0
                  Jun 7 09:36:42 charon 67324 09[CFG] mark_out = 0/0
                  Jun 7 09:36:42 charon 67324 09[CFG] mark_in_sa = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] mark_in = 0/0
                  Jun 7 09:36:42 charon 67324 09[CFG] if_id_out = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] if_id_in = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] interface = (null)
                  Jun 7 09:36:42 charon 67324 09[CFG] priority = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] tfc = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] reqid = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] close_action = clear
                  Jun 7 09:36:42 charon 67324 09[CFG] start_action = hold
                  Jun 7 09:36:42 charon 67324 09[CFG] dpd_action = clear
                  Jun 7 09:36:42 charon 67324 09[CFG] policies_fwd_out = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] policies = 1
                  Jun 7 09:36:42 charon 67324 09[CFG] mode = PASS
                  Jun 7 09:36:42 charon 67324 09[CFG] ipcomp = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] hostaccess = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] updown = (null)
                  Jun 7 09:36:42 charon 67324 09[CFG] rand_packets = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] life_packets = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] rekey_packets = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] rand_bytes = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] life_bytes = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] rekey_bytes = 0
                  Jun 7 09:36:42 charon 67324 09[CFG] rand_time = 360
                  Jun 7 09:36:42 charon 67324 09[CFG] life_time = 3960
                  Jun 7 09:36:42 charon 67324 09[CFG] rekey_time = 3600
                  Jun 7 09:36:42 charon 67324 09[CFG] child bypasslan:
                  Jun 7 09:36:42 charon 67324 09[CFG] conn bypass:
                  Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: load-conn
                  Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: get-conns
                  Jun 7 09:36:42 charon 67324 09[CFG] updated vici pool mobile-pool-v4: 10.3.200.0, 254 entries
                  Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: load-pool
                  Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: get-pools
                  Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: get-authorities
                  Jun 7 09:36:42 charon 67324 13[CFG] loaded EAP shared key with id 'eap-1' for: 'kellenhudson@gmail.com'
                  Jun 7 09:36:42 charon 67324 13[CFG] vici client 42 requests: load-shared
                  Jun 7 09:36:42 charon 67324 13[CFG] loaded ANY private key
                  Jun 7 09:36:42 charon 67324 13[CFG] vici client 42 requests: load-key
                  Jun 7 09:36:42 charon 67324 13[CFG] loaded certificate 'CN=internal-ca, ST=Utah, L=EagleMountain, O=HudNet'
                  Jun 7 09:36:42 charon 67324 13[CFG] vici client 42 requests: load-cert
                  Jun 7 09:36:42 charon 67324 13[CFG] loaded certificate 'CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet'
                  Jun 7 09:36:42 charon 67324 13[CFG] vici client 42 requests: load-cert
                  Jun 7 09:36:42 charon 67324 06[CFG] vici client 42 requests: get-shared
                  Jun 7 09:36:42 charon 67324 06[CFG] vici client 42 requests: get-keys
                  Jun 7 09:36:42 charon 67324 11[CFG] vici client 42 connected
                  Jun 7 09:36:42 charon 67324 06[CFG] vici client 41 disconnected
                  Jun 7 09:36:42 charon 67324 11[CFG] loaded 0 RADIUS server configurations
                  Jun 7 09:36:42 charon 67324 11[CFG] loaded 0 entries for attr plugin configuration
                  Jun 7 09:36:42 charon 67324 11[CFG] ipseckey plugin is disabled
                  Jun 7 09:36:42 charon 67324 11[CFG] vici client 41 requests: reload-settings
                  Jun 7 09:36:42 charon 67324 11[CFG] vici client 41 connected
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> lease 10.3.200.1 by 'kellenhudson@gmail.com' went offline
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> IKE_SA con-mobile[78] state change: DELETING => DESTROYING
                  Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (80 bytes)
                  Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> generating INFORMATIONAL response 6 [ ]
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> IKE_SA deleted
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> IKE_SA con-mobile[78] state change: ESTABLISHED => DELETING
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> deleting IKE_SA con-mobile[78] between 23.169.65.208[sgthudsonkj.ddns.net]...172.30.222.172[172.30.222.172]
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> received DELETE for IKE_SA con-mobile[78]
                  Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> parsed INFORMATIONAL request 6 [ D ]
                  Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (80 bytes)
                  Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (256 bytes)
                  Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 5 [ AUTH CPRP(ADDR SUBNET U_SPLITINC DNS DNS U_DEFDOM U_SPLITDNS U_SAVEPWD) N(MOBIKE_SUP) N(ADD_4_ADDR) N(NO_PROP) ]
                  Jun 7 09:33:46 charon 67324 11[CHD] <con-mobile|78> CHILD_SA con-mobile{38} state change: CREATED => DESTROYING
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> failed to establish CHILD_SA, keeping IKE_SA
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> no acceptable proposal found
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> received proposals: ESP:AES_CBC_256/NO_EXT_SEQ
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable ENCRYPTION_ALGORITHM found
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable ENCRYPTION_ALGORITHM found
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable ENCRYPTION_ALGORITHM found
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable ENCRYPTION_ALGORITHM found
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable INTEGRITY_ALGORITHM found
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable INTEGRITY_ALGORITHM found
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> found matching child config "con-mobile" with prio 12
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> candidate "con-mobile" with prio 10+2
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> 10.3.200.1/32|/0
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> proposing traffic selectors for other:
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> 0.0.0.0/0|/0
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> proposing traffic selectors for us:
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> looking for a child config for 0.0.0.0/0|/0 ::/0|/0 === 0.0.0.0/0|/0 ::/0|/0
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building UNITY_SAVE_PASSWD attribute
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building UNITY_SPLITDNS_NAME attribute
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building UNITY_DEF_DOMAIN attribute
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building INTERNAL_IP4_DNS attribute
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building INTERNAL_IP4_DNS attribute
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building UNITY_SPLIT_INCLUDE attribute
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building INTERNAL_IP4_SUBNET attribute
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> no virtual IP found for %any6 requested by 'kellenhudson@gmail.com'
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> peer requested virtual IP %any6
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> assigning virtual IP 10.3.200.1 to peer 'kellenhudson@gmail.com'
                  Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> reassigning offline lease to 'kellenhudson@gmail.com'
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> peer requested virtual IP %any
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> maximum IKE_SA lifetime 28767s
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> scheduling rekeying in 25887s
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> IKE_SA con-mobile[78] state change: CONNECTING => ESTABLISHED
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> IKE_SA con-mobile[78] established between 23.169.65.208[sgthudsonkj.ddns.net]...172.30.222.172[172.30.222.172]
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> authentication of 'sgthudsonkj.ddns.net' (myself) with EAP
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> authentication of '172.30.222.172' with EAP successful
                  Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> parsed IKE_AUTH request 5 [ AUTH ]
                  Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (112 bytes)
                  Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (80 bytes)
                  Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 4 [ EAP/SUCC ]
                  Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> EAP method EAP_MSCHAPV2 succeeded, MSK established
                  Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
                  Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (80 bytes)
                  Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (144 bytes)
                  Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
                  Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
                  Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (160 bytes)
                  Jun 7 09:33:45 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (112 bytes)
                  Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> initiating EAP_MSCHAPV2 method (id 0x54)
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> received EAP identity 'kellenhudson@gmail.com'
                  Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> parsed IKE_AUTH request 2 [ EAP/RES/ID ]
                  Jun 7 09:33:45 charon 67324 11[NET] <con-mobile|78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (112 bytes)
                  Jun 7 09:33:45 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (372 bytes)
                  Jun 7 09:33:45 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (1236 bytes)
                  Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 1 [ EF(2/2) ]
                  Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 1 [ EF(1/2) ]
                  Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> splitting IKE message (1536 bytes) into 2 fragments
                  Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> sending end entity cert "CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet"
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> authentication of 'sgthudsonkj.ddns.net' (myself) with RSA signature successful
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> peer supports MOBIKE
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP6_SERVER attribute
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP6_DNS attribute
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP6_ADDRESS attribute
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP4_SERVER attribute
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP4_NBNS attribute
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP4_DNS attribute
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP4_ADDRESS attribute
                  Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> initiating EAP_IDENTITY method (id 0x00)
                  Jun 7 09:33:45 charon 67324 11[CFG] <con-mobile|78> selected peer config 'con-mobile'
                  Jun 7 09:33:45 charon 67324 11[CFG] <78> candidate "con-mobile", match: 1/1/1052 (me/other/ike)
                  Jun 7 09:33:45 charon 67324 11[CFG] <78> looking for peer configs matching 23.169.65.208[%any]...172.30.222.172[172.30.222.172]
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received 67 cert requests for an unknown ca
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 4f:9c:7d:21:79:9c:ad:0e:d8:b9:0c:57:9f:1a:02:99:e7:90:f3:87
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 68:33:0e:61:35:85:21:59:29:83:a3:c8:d2:d2:e1:40:6e:7a:b3:c1
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 17:4a:b8:2b:5f:fb:05:67:75:27:ad:49:5a:4a:5d:c4:22:cc:ea:4e
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 67:ec:9f:90:2d💿64:ae:fe:7e:bc💿f8:8c:51:28:f1:93:2c:12
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 4c:75:d4:85:80:62:aa:a9:44:9c:66:15:1e:6c:58:13:05:3a:9c:72
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 07:15:28:6d:70:73:aa:b2:8a:7c:0f:86:ce:38:93:00:38:05:8a:b1
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 90:2f:82:a3:7c:47:97:01:1e:0f:4b:a5:af:13:13:c2:11:13:47:ea
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid ee:e5:9f:1e:2a:a5:44:c3:cb:25:43:a6:9a:5b:d4:6a:25:bc:bb:8e
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid c8:95:13:68:01:97:28:0a:2c:55:c3:fc:d3:90:f5:3a:05:3b:c9:fb
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid bb:c2:3e:29:0b:b3:28:77:1d:ad:3e:a2:4d:bd:f4:23:bd:06:b0:3d
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid e6:ff:c3:94:e8:38:59:7f:51:d4:80:42:19:76:27:cf:db:94:8e:c6
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 23:4b:71:25:56:13:e1:30:dd:e3:42:69:c9:cc:30:d4:6f:08:41:e0
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 21:0f:2c:89:f7:c4:cd:5d:1b:82:5e:38:d6:c6:59:3b:a6:93:75:ae
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 3e:22:d4:2c:1f:02:44:b8:04:10:65:61:7c:c7:6b:ae:da:87:29:9c
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid fd:da:14:c4:9f:30:de:21:bd:1e:42:39:fc🆎63:23:49:e0:f1:84
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 3e:51:59:8b:a7:6f:54:5c:77:24:c5:66:eb:aa:fb:3e:2b:f3:ac:4f
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 3b:37:c0:c5:47:3d:fc:5b:9a:0d:01:5b:12:3b:53:cc:ad:b7:54:66
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 6d:aa:9b:09:87:c4:d0:d4:22:ed:40:07:37:4d:19:f1:91:ff:de:d3
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid a5:06:8a:78:cf:84:bd:74:32:dd:58:f9:65:eb:3a:55:e7:c7:80:dc
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 42:32:b6:16:fa:04:fd:fe:5d:4b:7a:c3:fd:f7:4c:40:1d:5a:43:af
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid ab:30:d3:af:4b:d8:f1:6b:58:69:ee:45:69:29:da:84:b8:73:94:88
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 12:b8:87:38:8b:9b:fd:4f:7a:19:9a:34:a5:b5:30:f3:6c:b2:c6:7c
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 59:79:12🇩🇪61:75:d6:6f:c4:23:b7:77:13:74:c7:96:de:6f:88:72
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid d5:2e:13:c1:ab:e3:49:da:e8:b4:95:94:ef:7c:38:43:60:64:66:bd
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 4a:81:0c🇩🇪f0:c0:90:0f:19:06:42:31:35:a2:a2:8d:d3:44:fd:08
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid ba:42:b0:81:88:53:88:1d:86:63:bd:4c:c0:5e:08:fe:ea:6e:bb:77
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 69:c4:27:db:59:69:68:18:47:e2:52:17:0a:e0:e5:7f:ab:9d:ef:0f
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 69:9f:1b:7a:e9:b8:da:18:49:6c:60:8b:ce:4f:4e:aa:f9:f0:b7:aa
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 73:97:82:ea:b4:04:16:6e:25:d4:82:3c:37:db:f8:a8:12:fb:cf:26
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 90:e2:41:c2:11:41:8b:95:b1:a9:e0:9c:37:24:7e:84:9f:e4:be:a1
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid a2:af:24:0a:da:e8:67:79:c8:a8:50:b3:c7:46:ee:d9:f7:1b:16:78
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid c4:30:28:c5:d3:e3:08:0c:10:44:8b:2c:77:ba:24:53:97:60:bb:f9
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 30:a4:e6:4f:de:76:8a:fc:ed:5a:90:84:28:30:46:79:2c:29:15:70
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid f7:93:19:ef:df:c1:f5:20:fb:ac:85:55:2c:f2:d2:8f:5a:b9:ca:0b
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid a8:e3:02:96:70:a6:8b:57:eb:ec:ef:cc:29:4e:91:74:9a:d4:92:38
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid c0:7a:98:68:8d:89:fb🆎05:64:0c:11:7d:aa:7d:65:b8:ca:cc:4e
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 86:26:cb:1b:c5:54:b3:9f:bd:6b:ed:63:7f:b9:89:a9:80:f1:f4:8a
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 5e:8c:53:18:22:60:1d:56:71:d6:6a:a0:cc:64:a0:60:07:43:d5:a8
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid f8:92:0b:e9:08:a9:c5:d5:a0:fb:f3:9a:aa:98:a5:74:37:49:ad:9f
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 87:e3:bf:32:24:27:c1:40:5d:27:36:c3:81:e0:1d:1a:71:d4:a0:39
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid ab:76:88:f4:e5:e1:38:c9:e9:50:17💿cd:b3:18:17:b3:3e:8c:f5
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid b3:86:36:7d:bc:e5:f8:4e:e2:8c:15:37:81:b2:1d:f5:3d:2c:15:cd
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 64:1d:f8:d5:0e:23:31:c2:29:b2:50:cb:32:f5:6d:f5:5c:8e:00:fa
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 7c:32:d4:85:fd:89:0a:66:b5:97:ce:86:f4:d5:26:a9:21:07:e8:3e
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for "CN=internal-ca, ST=Utah, L=EagleMountain, O=HudNet"
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid f9:27:b6:1b:0a:37:f3:c3:1a:fa:17:ec:2d:46:17:16:12:9d:0c:0e
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 7d:0b:0a:bb:79:98:02:5f:aa:69:a0:99:87:76:31:f0:89:fc:0b:15
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9🇩🇪43:bc:02:7d:57:09:33:fb
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid c8:32:93:8d:d8:69:21:f1:31:b9:17:43:81:ce:91:d9:59:49:18:b6
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 5c:b8:69:fe:8d:ef:c1:ed:66:27:ee:b2:12:0f:72:1b:b8:0a:0e:04
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 6e:58:4e:33:75:bd:57:f6:d5:42:1b:16:01:c2:d8:c0:f5:3a:9f:6e
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 23:f9:77:3f:35:bb:67:19:cc:d4:d0:d2:02:f3:a7:9c:6b:59:72:54
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88💿3b:15
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
                  Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 61:d8:54:e0:49:87:0e:5b:f2:2a:df:60:c6:9f:3b:43:22:b4:5a:66
                  Jun 7 09:33:45 charon 67324 11[ENC] <78> parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
                  Jun 7 09:33:45 charon 67324 11[ENC] <78> received fragment #3 of 4, reassembled fragmented IKE message (1664 bytes)
                  Jun 7 09:33:45 charon 67324 11[ENC] <78> parsed IKE_AUTH request 1 [ EF(3/4) ]
                  Jun 7 09:33:45 charon 67324 11[NET] <78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (580 bytes)
                  Jun 7 09:33:45 charon 67324 10[ENC] <78> received fragment #4 of 4, waiting for complete IKE message
                  Jun 7 09:33:45 charon 67324 10[ENC] <78> parsed IKE_AUTH request 1 [ EF(4/4) ]
                  Jun 7 09:33:45 charon 67324 10[NET] <78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (180 bytes)
                  Jun 7 09:33:45 charon 67324 06[ENC] <78> received fragment #2 of 4, waiting for complete IKE message
                  Jun 7 09:33:45 charon 67324 06[ENC] <78> parsed IKE_AUTH request 1 [ EF(2/4) ]
                  Jun 7 09:33:45 charon 67324 06[NET] <78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (580 bytes)
                  Jun 7 09:33:45 charon 67324 06[ENC] <78> received duplicate fragment #1
                  Jun 7 09:33:45 charon 67324 06[ENC] <78> parsed IKE_AUTH request 1 [ EF(1/4) ]
                  Jun 7 09:33:45 charon 67324 06[NET] <78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (580 bytes)
                  Jun 7 09:33:44 charon 67324 06[ENC] <78> received fragment #1 of 4, waiting for complete IKE message
                  Jun 7 09:33:44 charon 67324 06[ENC] <78> parsed IKE_AUTH request 1 [ EF(1/4) ]
                  Jun 7 09:33:44 charon 67324 06[NET] <78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (580 bytes)
                  Jun 7 09:33:44 charon 67324 06[NET] <78> sending packet: from 23.169.65.208[500] to 172.30.222.172[500] (501 bytes)

                  1 Reply Last reply Reply Quote 0
                  • S
                    ssghudsonkj @mamawe
                    last edited by

                    Jun 7 09:33:44 charon 67324 06[ENC] <78> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
                    Jun 7 09:33:44 charon 67324 06[IKE] <78> sending cert request for "CN=internal-ca, ST=Utah, L=EagleMountain, O=HudNet"
                    Jun 7 09:33:44 charon 67324 06[IKE] <78> sending cert request for "CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet"
                    Jun 7 09:33:44 charon 67324 06[CFG] <78> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
                    Jun 7 09:33:44 charon 67324 06[CFG] <78> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
                    Jun 7 09:33:44 charon 67324 06[CFG] <78> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048
                    Jun 7 09:33:44 charon 67324 06[CFG] <78> proposal matches
                    Jun 7 09:33:44 charon 67324 06[CFG] <78> selecting proposal:
                    Jun 7 09:33:44 charon 67324 06[CFG] <78> no acceptable INTEGRITY_ALGORITHM found
                    Jun 7 09:33:44 charon 67324 06[CFG] <78> selecting proposal:
                    Jun 7 09:33:44 charon 67324 06[IKE] <78> IKE_SA (unnamed)[78] state change: CREATED => CONNECTING
                    Jun 7 09:33:44 charon 67324 06[IKE] <78> 172.30.222.172 is initiating an IKE_SA
                    Jun 7 09:33:44 charon 67324 06[ENC] <78> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
                    Jun 7 09:33:44 charon 67324 06[IKE] <78> received Vid-Initial-Contact vendor ID
                    Jun 7 09:33:44 charon 67324 06[IKE] <78> received MS-Negotiation Discovery Capable vendor ID
                    Jun 7 09:33:44 charon 67324 06[IKE] <78> received MS NT5 ISAKMPOAKLEY v9 vendor ID
                    Jun 7 09:33:44 charon 67324 06[CFG] <78> found matching ike config: 23.169.65.208...0.0.0.0/0, ::/0 with prio 1052
                    Jun 7 09:33:44 charon 67324 06[CFG] <78> candidate: 23.169.65.208...0.0.0.0/0, ::/0, prio 1052
                    Jun 7 09:33:44 charon 67324 06[CFG] <78> looking for an IKEv2 config for 23.169.65.208...172.30.222.172
                    Jun 7 09:33:44 charon 67324 06[ENC] <78> parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
                    Jun 7 09:33:44 charon 67324 06[NET] <78> received packet: from 172.30.222.172[500] to 23.169.65.208[500] (632 bytes)
                    Jun 7 09:28:56 charon 67324 06[CFG] vici client 40 disconnected
                    Jun 7 09:28:56 charon 67324 06[CFG] updated vici connection: con-mobile
                    Jun 7 09:28:56 charon 67324 06[CFG] id = %any
                    Jun 7 09:28:56 charon 67324 06[CFG] eap_id = %any
                    Jun 7 09:28:56 charon 67324 06[CFG] class = EAP
                    Jun 7 09:28:56 charon 67324 06[CFG] eap-type = EAP_MSCHAPV2
                    Jun 7 09:28:56 charon 67324 06[CFG] remote:
                    Jun 7 09:28:56 charon 67324 06[CFG] cert = CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet
                    Jun 7 09:28:56 charon 67324 06[CFG] id = sgthudsonkj.ddns.net
                    Jun 7 09:28:56 charon 67324 06[CFG] class = public key
                    Jun 7 09:28:56 charon 67324 06[CFG] local:
                    Jun 7 09:28:56 charon 67324 06[CFG] if_id_out = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] if_id_in = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] proposals = IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
                    Jun 7 09:28:56 charon 67324 06[CFG] rand_time = 2880
                    Jun 7 09:28:56 charon 67324 06[CFG] over_time = 2880
                    Jun 7 09:28:56 charon 67324 06[CFG] rekey_time = 25920
                    Jun 7 09:28:56 charon 67324 06[CFG] reauth_time = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] keyingtries = 1
                    Jun 7 09:28:56 charon 67324 06[CFG] unique = UNIQUE_REPLACE
                    Jun 7 09:28:56 charon 67324 06[CFG] childless = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] fragmentation = 2
                    Jun 7 09:28:56 charon 67324 06[CFG] dpd_timeout = 60
                    Jun 7 09:28:56 charon 67324 06[CFG] dpd_delay = 10
                    Jun 7 09:28:56 charon 67324 06[CFG] encap = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] dscp = 0x00
                    Jun 7 09:28:56 charon 67324 06[CFG] aggressive = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] mobike = 1
                    Jun 7 09:28:56 charon 67324 06[CFG] ppk_required = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] ppk_id = (null)
                    Jun 7 09:28:56 charon 67324 06[CFG] send_cert = CERT_ALWAYS_SEND
                    Jun 7 09:28:56 charon 67324 06[CFG] send_certreq = 1
                    Jun 7 09:28:56 charon 67324 06[CFG] remote_port = 500
                    Jun 7 09:28:56 charon 67324 06[CFG] local_port = 500
                    Jun 7 09:28:56 charon 67324 06[CFG] remote_addrs = 0.0.0.0/0, ::/0
                    Jun 7 09:28:56 charon 67324 06[CFG] local_addrs = 23.169.65.208
                    Jun 7 09:28:56 charon 67324 06[CFG] version = 2
                    Jun 7 09:28:56 charon 67324 06[CFG] copy_dscp = out
                    Jun 7 09:28:56 charon 67324 06[CFG] copy_ecn = 1
                    Jun 7 09:28:56 charon 67324 06[CFG] copy_df = 1
                    Jun 7 09:28:56 charon 67324 06[CFG] sha256_96 = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] hw_offload = no
                    Jun 7 09:28:56 charon 67324 06[CFG] remote_ts = dynamic
                    Jun 7 09:28:56 charon 67324 06[CFG] local_ts = 0.0.0.0/0|/0
                    Jun 7 09:28:56 charon 67324 06[CFG] proposals = ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
                    Jun 7 09:28:56 charon 67324 06[CFG] inactivity = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] set_mark_out = 0/0
                    Jun 7 09:28:56 charon 67324 06[CFG] set_mark_in = 0/0
                    Jun 7 09:28:56 charon 67324 06[CFG] mark_out = 0/0
                    Jun 7 09:28:56 charon 67324 06[CFG] mark_in_sa = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] mark_in = 0/0
                    Jun 7 09:28:56 charon 67324 06[CFG] if_id_out = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] if_id_in = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] interface = (null)
                    Jun 7 09:28:56 charon 67324 06[CFG] priority = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] tfc = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] reqid = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] close_action = clear
                    Jun 7 09:28:56 charon 67324 06[CFG] start_action = clear
                    Jun 7 09:28:56 charon 67324 06[CFG] dpd_action = clear
                    Jun 7 09:28:56 charon 67324 06[CFG] policies_fwd_out = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] policies = 1
                    Jun 7 09:28:56 charon 67324 06[CFG] mode = TUNNEL
                    Jun 7 09:28:56 charon 67324 06[CFG] ipcomp = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] hostaccess = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] updown = (null)
                    Jun 7 09:28:56 charon 67324 06[CFG] rand_packets = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] life_packets = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] rekey_packets = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] rand_bytes = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] life_bytes = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] rekey_bytes = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] rand_time = 360
                    Jun 7 09:28:56 charon 67324 06[CFG] life_time = 3600
                    Jun 7 09:28:56 charon 67324 06[CFG] rekey_time = 3240
                    Jun 7 09:28:56 charon 67324 06[CFG] child con-mobile:
                    Jun 7 09:28:56 charon 67324 06[CFG] conn con-mobile:
                    Jun 7 09:28:56 charon 67324 06[CFG] vici client 40 requests: load-conn
                    Jun 7 09:28:56 charon 67324 06[CFG] updated vici connection: bypass
                    Jun 7 09:28:56 charon 67324 06[CFG] remote:
                    Jun 7 09:28:56 charon 67324 06[CFG] local:
                    Jun 7 09:28:56 charon 67324 06[CFG] if_id_out = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] if_id_in = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] proposals = IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
                    Jun 7 09:28:56 charon 67324 06[CFG] rand_time = 1440
                    Jun 7 09:28:56 charon 67324 06[CFG] over_time = 1440
                    Jun 7 09:28:56 charon 67324 06[CFG] rekey_time = 14400
                    Jun 7 09:28:56 charon 67324 06[CFG] reauth_time = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] keyingtries = 1
                    Jun 7 09:28:56 charon 67324 06[CFG] unique = UNIQUE_NO
                    Jun 7 09:28:56 charon 67324 06[CFG] childless = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] fragmentation = 2
                    Jun 7 09:28:56 charon 67324 06[CFG] dpd_timeout = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] dpd_delay = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] encap = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] dscp = 0x00
                    Jun 7 09:28:56 charon 67324 06[CFG] aggressive = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] mobike = 1
                    Jun 7 09:28:56 charon 67324 06[CFG] ppk_required = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] ppk_id = (null)
                    Jun 7 09:28:56 charon 67324 06[CFG] send_cert = CERT_SEND_IF_ASKED
                    Jun 7 09:28:56 charon 67324 06[CFG] send_certreq = 1
                    Jun 7 09:28:56 charon 67324 06[CFG] remote_port = 500
                    Jun 7 09:28:56 charon 67324 06[CFG] local_port = 500
                    Jun 7 09:28:56 charon 67324 06[CFG] remote_addrs = 127.0.0.1
                    Jun 7 09:28:56 charon 67324 06[CFG] local_addrs = %any
                    Jun 7 09:28:56 charon 67324 06[CFG] version = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] copy_dscp = out
                    Jun 7 09:28:56 charon 67324 06[CFG] copy_ecn = 1
                    Jun 7 09:28:56 charon 67324 06[CFG] copy_df = 1
                    Jun 7 09:28:56 charon 67324 06[CFG] sha256_96 = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] hw_offload = no
                    Jun 7 09:28:56 charon 67324 06[CFG] remote_ts = 172.30.222.0/24|/0
                    Jun 7 09:28:56 charon 67324 06[CFG] local_ts = 172.30.222.0/24|/0
                    Jun 7 09:28:56 charon 67324 06[CFG] proposals = ESP:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ
                    Jun 7 09:28:56 charon 67324 06[CFG] inactivity = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] set_mark_out = 0/0
                    Jun 7 09:28:56 charon 67324 06[CFG] set_mark_in = 0/0
                    Jun 7 09:28:56 charon 67324 06[CFG] mark_out = 0/0
                    Jun 7 09:28:56 charon 67324 06[CFG] mark_in_sa = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] mark_in = 0/0
                    Jun 7 09:28:56 charon 67324 06[CFG] if_id_out = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] if_id_in = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] interface = (null)
                    Jun 7 09:28:56 charon 67324 06[CFG] priority = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] tfc = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] reqid = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] close_action = clear
                    Jun 7 09:28:56 charon 67324 06[CFG] start_action = hold
                    Jun 7 09:28:56 charon 67324 06[CFG] dpd_action = clear
                    Jun 7 09:28:56 charon 67324 06[CFG] policies_fwd_out = 0
                    Jun 7 09:28:56 charon 67324 06[CFG] policies = 1

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      mamawe @ssghudsonkj
                      last edited by

                      @ssghudsonkj There is still the mismatch in the phase2 proposal

                      Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> failed to establish CHILD_SA, keeping IKE_SA
                      Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> no acceptable proposal found
                      Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
                      Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> received proposals: ESP:AES_CBC_256/NO_EXT_SEQ

                      The problem is that there is no integrety algorithm in the received proposal.

                      In the guide you mentioned it says for phase2 (QM)

                      QM: AES256-SHA1(HMAC)

                      I would interprete this as AES256/HMAC_SHA1 but this is not what was sent.

                      I don't know much about the configuration of IPsec on Windows.
                      Maybe you find another guide.

                      Kind regards,
                      Mathias

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        ssghudsonkj @mamawe
                        last edited by

                        @mamawe the guides I used to set up the firewall and the windows client were both from the netgate website. This other guide I’m using was based on what you said to try and troubleshoot this issue. My phone connects just fine to the firewall. My laptop does not.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.