Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec/ Road Warrior not working on pfsense2.4.4

    Scheduled Pinned Locked Moved
    IPsec
    1
    1
    178
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      damanb1
      last edited by damanb1

      Please someone help to guide me the issue within my configuration.

      See my logs.

      an 13 13:14:52 charon 08[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Jan 13 13:14:52 charon 08[CFG] loaded IKE secret for 10.0.0.68 @Dammie
      Jan 13 13:14:52 charon 08[CFG] loaded IKE secret for %any
      Jan 13 13:14:52 charon 08[CFG] rereading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
      Jan 13 13:14:52 charon 08[CFG] rereading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
      Jan 13 13:14:52 charon 08[CFG] rereading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
      Jan 13 13:14:52 charon 08[CFG] rereading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
      Jan 13 13:14:52 charon 08[CFG] rereading crls from '/usr/local/etc/ipsec.d/crls'
      Jan 13 13:14:52 charon 08[CFG] received stroke: unroute 'bypasslan'
      Jan 13 13:14:52 ipsec_starter 5419 shunt policy 'bypasslan' uninstalled
      Jan 13 13:14:52 charon 08[CFG] received stroke: delete connection 'bypasslan'
      Jan 13 13:14:52 charon 08[CFG] deleted connection 'bypasslan'
      Jan 13 13:14:52 charon 08[CFG] received stroke: delete connection 'con1'
      Jan 13 13:14:52 charon 08[CFG] deleted connection 'con1'
      Jan 13 13:14:52 charon 08[CFG] received stroke: add connection 'bypasslan'
      Jan 13 13:14:52 charon 08[CFG] added configuration 'bypasslan'
      Jan 13 13:14:52 charon 08[CFG] received stroke: route 'bypasslan'
      Jan 13 13:14:52 ipsec_starter 5419 'bypasslan' shunt PASS policy installed
      Jan 13 13:14:52 charon 09[CFG] received stroke: add connection 'con1'
      Jan 13 13:14:52 charon 09[CFG] added configuration 'con1'
      Jan 13 13:15:12 charon 00[DMN] signal of type SIGINT received. Shutting down
      Jan 13 13:15:12 ipsec_starter 5419 charon stopped after 200 ms
      Jan 13 13:15:12 ipsec_starter 5419 ipsec starter stopped
      Jan 13 13:16:11 ipsec_starter 52601 Starting weakSwan 5.6.0 IPsec [starter]...
      Jan 13 13:16:11 ipsec_starter 52601 no netkey IPsec stack detected
      Jan 13 13:16:11 ipsec_starter 52601 no KLIPS IPsec stack detected
      Jan 13 13:16:11 ipsec_starter 52601 no known IPsec stack detected, ignoring!
      Jan 13 13:16:11 charon 00[DMN] Starting IKE charon daemon (strongSwan 5.6.0, FreeBSD 10.3-RELEASE-p22, amd64)
      Jan 13 13:16:11 charon 00[KNL] unable to set UDP_ENCAP: Invalid argument
      Jan 13 13:16:11 charon 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
      Jan 13 13:16:11 charon 00[CFG] ipseckey plugin is disabled
      Jan 13 13:16:11 charon 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
      Jan 13 13:16:11 charon 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
      Jan 13 13:16:11 charon 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
      Jan 13 13:16:11 charon 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
      Jan 13 13:16:11 charon 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
      Jan 13 13:16:11 charon 00[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
      Jan 13 13:16:11 charon 00[CFG] loaded IKE secret for 10.0.0.68 @Dammie
      Jan 13 13:16:11 charon 00[CFG] loaded IKE secret for %any
      Jan 13 13:16:11 charon 00[CFG] opening triplet file /usr/local/etc/ipsec.d/triplets.dat failed: No such file or directory
      Jan 13 13:16:11 charon 00[CFG] loaded 0 RADIUS server configurations
      Jan 13 13:16:11 charon 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf curve25519 xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-sim eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock
      Jan 13 13:16:11 charon 00[JOB] spawning 16 worker threads
      Jan 13 13:16:11 ipsec_starter 55126 charon (55347) started after 40 ms
      Jan 13 13:16:11 charon 05[CFG] received stroke: add connection 'bypasslan'
      Jan 13 13:16:11 charon 05[CFG] added configuration 'bypasslan'
      Jan 13 13:16:11 charon 05[CFG] received stroke: route 'bypasslan'
      Jan 13 13:16:11 ipsec_starter 55126 'bypasslan' shunt PASS policy installed
      Jan 13 13:16:11 charon 05[CFG] received stroke: add connection 'con1'
      Jan 13 13:16:11 charon 05[CFG] added configuration 'con1'
      Jan 13 13:17:51 charon 05[NET] <1> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:17:51 charon 05[ENC] <1> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Jan 13 13:17:51 charon 05[IKE] <1> received FRAGMENTATION vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received NAT-T (RFC 3947) vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received draft-ietf-ipsec-nat-t-ike vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received XAuth vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received Cisco Unity vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> received DPD vendor ID
      Jan 13 13:17:51 charon 05[IKE] <1> 117.97.228.132 is initiating a Aggressive Mode IKE_SA
      Jan 13 13:17:51 charon 05[CFG] <1> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
      Jan 13 13:17:51 charon 05[CFG] <1> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Jan 13 13:17:51 charon 05[IKE] <1> no proposal found
      Jan 13 13:17:51 charon 05[ENC] <1> generating INFORMATIONAL_V1 request 3314339432 [ N(NO_PROP) ]
      Jan 13 13:17:51 charon 05[NET] <1> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (56 bytes)
      Jan 13 13:17:55 charon 05[NET] <2> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:17:55 charon 05[ENC] <2> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Jan 13 13:17:55 charon 05[IKE] <2> received FRAGMENTATION vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received NAT-T (RFC 3947) vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received draft-ietf-ipsec-nat-t-ike vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received XAuth vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received Cisco Unity vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> received DPD vendor ID
      Jan 13 13:17:55 charon 05[IKE] <2> 117.97.228.132 is initiating a Aggressive Mode IKE_SA
      Jan 13 13:17:55 charon 05[CFG] <2> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
      Jan 13 13:17:55 charon 05[CFG] <2> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Jan 13 13:17:55 charon 05[IKE] <2> no proposal found
      Jan 13 13:17:55 charon 05[ENC] <2> generating INFORMATIONAL_V1 request 2935263541 [ N(NO_PROP) ]
      Jan 13 13:17:55 charon 05[NET] <2> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (56 bytes)
      Jan 13 13:17:58 charon 05[NET] <3> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:17:58 charon 05[ENC] <3> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Jan 13 13:17:58 charon 05[IKE] <3> received FRAGMENTATION vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received NAT-T (RFC 3947) vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received draft-ietf-ipsec-nat-t-ike vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received XAuth vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received Cisco Unity vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> received DPD vendor ID
      Jan 13 13:17:58 charon 05[IKE] <3> 117.97.228.132 is initiating a Aggressive Mode IKE_SA
      Jan 13 13:17:58 charon 05[CFG] <3> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
      Jan 13 13:17:58 charon 05[CFG] <3> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Jan 13 13:17:58 charon 05[IKE] <3> no proposal found
      Jan 13 13:17:58 charon 05[ENC] <3> generating INFORMATIONAL_V1 request 758844087 [ N(NO_PROP) ]
      Jan 13 13:17:58 charon 05[NET] <3> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (56 bytes)
      Jan 13 13:18:01 charon 05[NET] <4> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:18:01 charon 05[ENC] <4> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Jan 13 13:18:01 charon 05[IKE] <4> received FRAGMENTATION vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received NAT-T (RFC 3947) vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received draft-ietf-ipsec-nat-t-ike vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received XAuth vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received Cisco Unity vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> received DPD vendor ID
      Jan 13 13:18:01 charon 05[IKE] <4> 117.97.228.132 is initiating a Aggressive Mode IKE_SA
      Jan 13 13:18:01 charon 05[CFG] <4> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
      Jan 13 13:18:01 charon 05[CFG] <4> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Jan 13 13:18:01 charon 05[IKE] <4> no proposal found
      Jan 13 13:18:01 charon 05[ENC] <4> generating INFORMATIONAL_V1 request 3023254799 [ N(NO_PROP) ]
      Jan 13 13:18:01 charon 05[NET] <4> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (56 bytes)
      Jan 13 13:18:01 charon 05[NET] <5> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:18:01 charon 05[ENC] <5> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Jan 13 13:18:01 charon 05[IKE] <5> received FRAGMENTATION vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received NAT-T (RFC 3947) vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received draft-ietf-ipsec-nat-t-ike vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received XAuth vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received Cisco Unity vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> received DPD vendor ID
      Jan 13 13:18:01 charon 05[IKE] <5> 117.97.228.132 is initiating a Aggressive Mode IKE_SA
      Jan 13 13:18:01 charon 05[CFG] <5> looking for XAuthInitPSK peer configs matching 10.0.0.68...117.97.228.132[Dammie]
      Jan 13 13:18:01 charon 05[CFG] <5> selected peer config "con1"
      Jan 13 13:18:01 charon 05[ENC] <con1|5> generating AGGRESSIVE response 0 [ SA KE No ID V V V V NAT-D NAT-D HASH ]
      Jan 13 13:18:01 charon 05[NET] <con1|5> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:18:05 charon 05[NET] <con1|5> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:18:05 charon 05[IKE] <con1|5> received retransmit of request with ID 0, retransmitting response
      Jan 13 13:18:05 charon 05[NET] <con1|5> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:18:05 charon 05[IKE] <con1|5> sending retransmit 1 of response message ID 0, seq 1
      Jan 13 13:18:05 charon 05[NET] <con1|5> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:18:08 charon 05[NET] <con1|5> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:18:08 charon 05[IKE] <con1|5> received retransmit of request with ID 0, retransmitting response
      Jan 13 13:18:08 charon 05[NET] <con1|5> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:18:11 charon 05[NET] <con1|5> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:18:11 charon 05[IKE] <con1|5> received retransmit of request with ID 0, retransmitting response
      Jan 13 13:18:11 charon 05[NET] <con1|5> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:18:12 charon 05[IKE] <con1|5> sending retransmit 2 of response message ID 0, seq 1
      Jan 13 13:18:12 charon 05[NET] <con1|5> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:18:25 charon 15[IKE] <con1|5> sending retransmit 3 of response message ID 0, seq 1
      Jan 13 13:18:25 charon 15[NET] <con1|5> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:18:31 charon 15[JOB] <con1|5> deleting half open IKE_SA with 117.97.228.132 after timeout
      Jan 13 13:18:50 charon 15[NET] <6> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:18:50 charon 15[ENC] <6> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Jan 13 13:18:50 charon 15[IKE] <6> received FRAGMENTATION vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received NAT-T (RFC 3947) vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received draft-ietf-ipsec-nat-t-ike vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received XAuth vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received Cisco Unity vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> received DPD vendor ID
      Jan 13 13:18:50 charon 15[IKE] <6> 117.97.228.132 is initiating a Aggressive Mode IKE_SA
      Jan 13 13:18:50 charon 15[CFG] <6> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
      Jan 13 13:18:50 charon 15[CFG] <6> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Jan 13 13:18:50 charon 15[IKE] <6> no proposal found
      Jan 13 13:18:50 charon 15[ENC] <6> generating INFORMATIONAL_V1 request 691047818 [ N(NO_PROP) ]
      Jan 13 13:18:50 charon 15[NET] <6> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (56 bytes)
      Jan 13 13:18:53 charon 15[NET] <7> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:18:53 charon 15[ENC] <7> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Jan 13 13:18:53 charon 15[IKE] <7> received FRAGMENTATION vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received NAT-T (RFC 3947) vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received XAuth vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received Cisco Unity vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> received DPD vendor ID
      Jan 13 13:18:53 charon 15[IKE] <7> 117.97.228.132 is initiating a Aggressive Mode IKE_SA
      Jan 13 13:18:53 charon 15[CFG] <7> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
      Jan 13 13:18:53 charon 15[CFG] <7> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Jan 13 13:18:53 charon 15[IKE] <7> no proposal found
      Jan 13 13:18:53 charon 15[ENC] <7> generating INFORMATIONAL_V1 request 3354320616 [ N(NO_PROP) ]
      Jan 13 13:18:53 charon 15[NET] <7> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (56 bytes)
      Jan 13 13:18:57 charon 15[NET] <8> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:18:57 charon 15[ENC] <8> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Jan 13 13:18:57 charon 15[IKE] <8> received FRAGMENTATION vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received NAT-T (RFC 3947) vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received draft-ietf-ipsec-nat-t-ike vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received XAuth vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received Cisco Unity vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> received DPD vendor ID
      Jan 13 13:18:57 charon 15[IKE] <8> 117.97.228.132 is initiating a Aggressive Mode IKE_SA
      Jan 13 13:18:57 charon 15[CFG] <8> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
      Jan 13 13:18:57 charon 15[CFG] <8> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Jan 13 13:18:57 charon 15[IKE] <8> no proposal found
      Jan 13 13:18:57 charon 15[ENC] <8> generating INFORMATIONAL_V1 request 480336133 [ N(NO_PROP) ]
      Jan 13 13:18:57 charon 15[NET] <8> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (56 bytes)
      Jan 13 13:19:00 charon 15[NET] <9> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:19:00 charon 15[ENC] <9> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Jan 13 13:19:00 charon 15[IKE] <9> received FRAGMENTATION vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received NAT-T (RFC 3947) vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received draft-ietf-ipsec-nat-t-ike vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received XAuth vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received Cisco Unity vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> received DPD vendor ID
      Jan 13 13:19:00 charon 15[IKE] <9> 117.97.228.132 is initiating a Aggressive Mode IKE_SA
      Jan 13 13:19:00 charon 15[CFG] <9> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
      Jan 13 13:19:00 charon 15[CFG] <9> configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
      Jan 13 13:19:00 charon 15[IKE] <9> no proposal found
      Jan 13 13:19:00 charon 15[ENC] <9> generating INFORMATIONAL_V1 request 1785090894 [ N(NO_PROP) ]
      Jan 13 13:19:00 charon 15[NET] <9> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (56 bytes)
      Jan 13 13:19:00 charon 15[NET] <10> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:19:00 charon 15[ENC] <10> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V V V ]
      Jan 13 13:19:00 charon 15[IKE] <10> received FRAGMENTATION vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received NAT-T (RFC 3947) vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received draft-ietf-ipsec-nat-t-ike vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received draft-ietf-ipsec-nat-t-ike-08 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received draft-ietf-ipsec-nat-t-ike-07 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received draft-ietf-ipsec-nat-t-ike-06 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received draft-ietf-ipsec-nat-t-ike-05 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received draft-ietf-ipsec-nat-t-ike-04 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received XAuth vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received Cisco Unity vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> received DPD vendor ID
      Jan 13 13:19:00 charon 15[IKE] <10> 117.97.228.132 is initiating a Aggressive Mode IKE_SA
      Jan 13 13:19:00 charon 15[CFG] <10> looking for XAuthInitPSK peer configs matching 10.0.0.68...117.97.228.132[Dammie]
      Jan 13 13:19:00 charon 15[CFG] <10> selected peer config "con1"
      Jan 13 13:19:00 charon 15[ENC] <con1|10> generating AGGRESSIVE response 0 [ SA KE No ID V V V V NAT-D NAT-D HASH ]
      Jan 13 13:19:00 charon 15[NET] <con1|10> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:19:03 charon 15[NET] <con1|10> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:19:03 charon 15[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
      Jan 13 13:19:03 charon 15[NET] <con1|10> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:19:04 charon 15[IKE] <con1|10> sending retransmit 1 of response message ID 0, seq 1
      Jan 13 13:19:04 charon 15[NET] <con1|10> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:19:07 charon 15[NET] <con1|10> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:19:07 charon 15[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
      Jan 13 13:19:07 charon 15[NET] <con1|10> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:19:10 charon 15[NET] <con1|10> received packet: from 117.97.228.132[28527] to 10.0.0.68[500] (762 bytes)
      Jan 13 13:19:10 charon 15[IKE] <con1|10> received retransmit of request with ID 0, retransmitting response
      Jan 13 13:19:10 charon 15[NET] <con1|10> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:19:11 charon 15[IKE] <con1|10> sending retransmit 2 of response message ID 0, seq 1
      Jan 13 13:19:11 charon 15[NET] <con1|10> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:19:24 charon 14[IKE] <con1|10> sending retransmit 3 of response message ID 0, seq 1
      Jan 13 13:19:24 charon 14[NET] <con1|10> sending packet: from 10.0.0.68[500] to 117.97.228.132[28527] (412 bytes)
      Jan 13 13:19:30 charon 14[JOB] <con1|10> deleting half open IKE_SA with 117.97.228.132 after timeout

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.