IPSEC VPN Login Syslogs



  • Can anyone provide me with the sample syslogs for the ipsec vpn login, logout, connection events., etc


  • Galactic Empire

    NB I use FreeRadius for auth.

    1.2.3.4 = WAN

    Jul 16 12:04:32	charon		14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (60 bytes)
    Jul 16 12:04:32	charon		14[ENC] <con1|23> generating INFORMATIONAL response 7 [ ]
    Jul 16 12:04:32	charon		14[CFG] <con1|23> received RADIUS Accounting-Response from server 'local_radius_database'
    Jul 16 12:04:32	charon		14[CFG] <con1|23> sending RADIUS Accounting-Request to server 'local_radius_database'
    Jul 16 12:04:32	charon		14[IKE] <con1|23> IKE_SA deleted
    Jul 16 12:04:32	charon		14[IKE] <con1|23> deleting IKE_SA con1[23] between 1.2.3.4[vpn.blahblahblan.net]...82.132.224.191[10.8.7.115]
    Jul 16 12:04:32	charon		14[IKE] <con1|23> received DELETE for IKE_SA con1[23]
    Jul 16 12:04:32	charon		14[ENC] <con1|23> parsed INFORMATIONAL request 7 [ D ]
    Jul 16 12:04:32	charon		14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (68 bytes)
    Jul 16 12:04:18	charon		14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (436 bytes)
    Jul 16 12:04:18	charon		14[ENC] <con1|23> generating IKE_AUTH response 6 [ AUTH CPRP(ADDR DNS SUBNET U_DEFDOM U_SPLITDNS MASK) N(ESP_TFC_PAD_N) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
    Jul 16 12:04:18	charon		14[CFG] <con1|23> received RADIUS Accounting-Response from server 'local_radius_database'
    Jul 16 12:04:18	charon		14[CFG] <con1|23> sending RADIUS Accounting-Request to server 'local_radius_database'
    Jul 16 12:04:18	charon		14[IKE] <con1|23> CHILD_SA con1{6} established with SPIs cfb91246_i 07260c80_o and TS 0.0.0.0/0|/0 === 172.16.8.3/32|/0
    Jul 16 12:04:18	charon		14[IKE] <con1|23> no virtual IP found for %any6 requested by 'iphone'
    Jul 16 12:04:18	charon		14[IKE] <con1|23> peer requested virtual IP %any6
    Jul 16 12:04:18	charon		14[IKE] <con1|23> assigning virtual IP 172.16.8.3 to peer 'iphone'
    Jul 16 12:04:18	charon		14[IKE] <con1|23> peer requested virtual IP %any
    Jul 16 12:04:18	charon		14[IKE] <con1|23> maximum IKE_SA lifetime 28407s
    Jul 16 12:04:18	charon		14[IKE] <con1|23> scheduling reauthentication in 27867s
    Jul 16 12:04:18	charon		14[IKE] <con1|23> IKE_SA con1[23] established between 1.2.3.4[vpn.blahblahblan.net]...82.132.224.191[10.8.7.115]
    Jul 16 12:04:18	charon		14[IKE] <con1|23> authentication of 'vpn.blahblahblan.net' (myself) with EAP
    Jul 16 12:04:18	charon		14[IKE] <con1|23> authentication of '10.8.7.115' with EAP successful
    Jul 16 12:04:18	charon		14[ENC] <con1|23> parsed IKE_AUTH request 6 [ AUTH ]
    Jul 16 12:04:18	charon		14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (84 bytes)
    Jul 16 12:04:17	charon		14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (68 bytes)
    Jul 16 12:04:17	charon		14[ENC] <con1|23> generating IKE_AUTH response 5 [ EAP/SUCC ]
    Jul 16 12:04:17	charon		14[IKE] <con1|23> EAP method EAP_MSCHAPV2 succeeded, MSK established
    Jul 16 12:04:17	charon		14[IKE] <con1|23> RADIUS authentication of 'iphone' successful
    Jul 16 12:04:17	charon		14[IKE] <con1|23> received AUTH_LIFETIME of 275658943s, scheduling reauthentication in 275658403s
    Jul 16 12:04:17	charon		14[CFG] <con1|23> received RADIUS Access-Accept from server 'local_radius_database'
    Jul 16 12:04:17	charon		14[CFG] <con1|23> sending RADIUS Access-Request to server 'local_radius_database'
    Jul 16 12:04:17	charon		14[ENC] <con1|23> parsed IKE_AUTH request 5 [ EAP/RES/MSCHAPV2 ]
    Jul 16 12:04:17	charon		14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (68 bytes)
    Jul 16 12:04:17	charon		14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (108 bytes)
    Jul 16 12:04:17	charon		14[ENC] <con1|23> generating IKE_AUTH response 4 [ EAP/REQ/MSCHAPV2 ]
    Jul 16 12:04:17	charon		14[CFG] <con1|23> received RADIUS Access-Challenge from server 'local_radius_database'
    Jul 16 12:04:17	charon		14[CFG] <con1|23> sending RADIUS Access-Request to server 'local_radius_database'
    Jul 16 12:04:17	charon		14[ENC] <con1|23> parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
    Jul 16 12:04:17	charon		14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (132 bytes)
    Jul 16 12:04:17	charon		14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (100 bytes)
    Jul 16 12:04:17	charon		14[ENC] <con1|23> generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
    Jul 16 12:04:17	charon		14[CFG] <con1|23> received RADIUS Access-Challenge from server 'local_radius_database'
    Jul 16 12:04:17	charon		14[CFG] <con1|23> sending RADIUS Access-Request to server 'local_radius_database'
    Jul 16 12:04:17	charon		14[ENC] <con1|23> parsed IKE_AUTH request 3 [ EAP/RES/NAK ]
    Jul 16 12:04:17	charon		14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (68 bytes)
    Jul 16 12:04:17	charon		14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (68 bytes)
    Jul 16 12:04:17	charon		14[ENC] <con1|23> generating IKE_AUTH response 2 [ EAP/REQ/PEAP ]
    Jul 16 12:04:17	charon		14[IKE] <con1|23> initiating EAP_PEAP method (id 0x01)
    Jul 16 12:04:17	charon		14[CFG] <con1|23> received RADIUS Access-Challenge from server 'local_radius_database'
    Jul 16 12:04:17	charon		14[CFG] <con1|23> sending RADIUS Access-Request to server 'local_radius_database'
    Jul 16 12:04:17	charon		14[IKE] <con1|23> received EAP identity 'iphone'
    Jul 16 12:04:17	charon		14[ENC] <con1|23> parsed IKE_AUTH request 2 [ EAP/RES/ID ]
    Jul 16 12:04:17	charon		14[NET] <con1|23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (76 bytes)
    Jul 16 12:04:17	charon		14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (624 bytes)
    Jul 16 12:04:17	charon		14[NET] <con1|23> sending packet: from 1.2.3.4[4500] to 82.132.224.191[34706] (1248 bytes)
    Jul 16 12:04:17	charon		14[ENC] <con1|23> generating IKE_AUTH response 1 [ EF(2/2) ]
    Jul 16 12:04:17	charon		14[ENC] <con1|23> generating IKE_AUTH response 1 [ EF(1/2) ]
    Jul 16 12:04:17	charon		14[ENC] <con1|23> splitting IKE message with length of 1812 bytes into 2 fragments
    Jul 16 12:04:17	charon		14[ENC] <con1|23> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
    Jul 16 12:04:17	charon		14[IKE] <con1|23> sending end entity cert "C=GB, ST=County, L=Town, O=Blah Blah Blah, E=vpn@blahblahblan.net, CN=vpn.blahblahblan.net"
    Jul 16 12:04:17	charon		14[IKE] <con1|23> authentication of 'vpn.blahblahblan.net' (myself) with RSA signature successful
    Jul 16 12:04:17	charon		14[IKE] <con1|23> peer supports MOBIKE
    Jul 16 12:04:17	charon		14[IKE] <con1|23> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
    Jul 16 12:04:17	charon		14[IKE] <con1|23> initiating EAP_IDENTITY method (id 0x00)
    Jul 16 12:04:17	charon		14[CFG] <con1|23> selected peer config 'con1'
    Jul 16 12:04:17	charon		14[CFG] <23> looking for peer configs matching 1.2.3.4[vpn.blahblahblan.net]...82.132.224.191[10.8.7.115]
    Jul 16 12:04:17	charon		14[ENC] <23> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
    Jul 16 12:04:17	charon		14[ENC] <23> unknown attribute type (25)
    Jul 16 12:04:17	charon		14[NET] <23> received packet: from 82.132.224.191[34706] to 1.2.3.4[4500] (500 bytes)
    Jul 16 12:04:17	charon		08[NET] <23> sending packet: from 1.2.3.4[500] to 82.132.224.191[627] (341 bytes)
    Jul 16 12:04:17	charon		08[ENC] <23> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
    Jul 16 12:04:17	charon		08[IKE] <23> sending cert request for "C=GB, ST=County, L=Town, O=Blah Blah, E=vpn@blahblahblan.net, CN=Blah Blah Certification Authority"
    Jul 16 12:04:17	charon		08[IKE] <23> remote host is behind NAT
    Jul 16 12:04:17	charon		08[IKE] <23> 82.132.224.191 is initiating an IKE_SA
    Jul 16 12:04:17	charon		08[ENC] <23> parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
    Jul 16 12:04:17	charon		08[NET] <23> received packet: from 82.132.224.191[627] to 1.2.3.4[500] (476 bytes)
    Jul 16 12:04:17	charon		08[NET] <22> sending packet: from 1.2.3.4[500] to 82.132.224.191[627] (38 bytes)
    Jul 16 12:04:17	charon		08[ENC] <22> generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
    Jul 16 12:04:17	charon		08[IKE] <22> DH group MODP_2048 inacceptable, requesting MODP_1024
    Jul 16 12:04:17	charon		08[IKE] <22> remote host is behind NAT
    Jul 16 12:04:17	charon		08[IKE] <22> 82.132.224.191 is initiating an IKE_SA
    Jul 16 12:04:17	charon		08[ENC] <22> parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
    Jul 16 12:04:17	charon		08[NET] <22> received packet: from 82.132.224.191[627] to 1.2.3.4[500] (604 bytes)```

 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy