IPSEC NOT WORKING
-
Dec 14 20:02:02 charon: 12[NET] <con2000|1> sending packet: from 192.168.102.254[500] to 185.103.140.4[500] (224 bytes)
Dec 14 20:02:02 charon: 12[IKE] <con2000|1> sending retransmit 1 of request message ID 0, seq 1
Dec 14 20:01:58 charon: 12[NET] <con2000|1> sending packet: from 192.168.102.254[500] to 185.103.140.4[500] (224 bytes)
Dec 14 20:01:58 charon: 12[ENC] <con2000|1> generating ID_PROT request 0 [ SA V V V V V ]
Dec 14 20:01:58 charon: 12[CFG] <con2000|1> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> IKE_SA con2000[1] state change: CREATED => CONNECTING
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> initiating Main Mode IKE_SA con2000[1] to 185.103.140.4
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> sending NAT-T (RFC 3947) vendor ID
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> sending FRAGMENTATION vendor ID
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> sending DPD vendor ID
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> sending XAuth vendor ID
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> activating ISAKMP_NATD task
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> activating ISAKMP_CERT_POST task
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> activating MAIN_MODE task
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> activating ISAKMP_CERT_PRE task
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> activating ISAKMP_VENDOR task
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> activating new tasks
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> queueing QUICK_MODE task
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> queueing ISAKMP_NATD task
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> queueing ISAKMP_CERT_POST task
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> queueing MAIN_MODE task
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> queueing ISAKMP_CERT_PRE task
Dec 14 20:01:58 charon: 12[IKE] <con2000|1> queueing ISAKMP_VENDOR task
Dec 14 20:01:58 charon: 12[KNL] creating acquire job for policy 192.168.102.254/32|/0 === 185.103.140.4/32|/0 with reqid {1}
Dec 14 20:01:58 ipsec_starter[2353]:
Dec 14 20:01:58 ipsec_starter[2353]: 'con2000' routed
Dec 14 20:01:58 charon: 15[CHD] CHILD_SA con2000{1} state change: CREATED => ROUTED
Dec 14 20:01:58 charon: 15[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_GCM_16_128/NO_EXT_SEQ
Dec 14 20:01:58 charon: 15[CFG] received stroke: route 'con2000'
Dec 14 20:01:58 charon: 06[CFG] added configuration 'con2000'
Dec 14 20:01:58 charon: 06[CFG] keyexchange=ikev1
Dec 14 20:01:58 charon: 06[CFG] mediation=no
Dec 14 20:01:58 charon: 06[CFG] sha256_96=no
Dec 14 20:01:58 charon: 06[CFG] dpdaction=3
Dec 14 20:01:58 charon: 06[CFG] dpdtimeout=165
Dec 14 20:01:58 charon: 06[CFG] dpddelay=15
Dec 14 20:01:58 charon: 06[CFG] esp=aes128-sha256-modp2048,aes128gcm128-sha256-modp2048!
Dec 14 20:01:58 charon: 06[CFG] ike=aes256-sha256-modp2048,aes128-sha256-modp2048!
Dec 14 20:01:58 charon: 06[CFG] rightid=185.103.140.4
Dec 14 20:01:58 charon: 06[CFG] rightauth=psk
Dec 14 20:01:58 charon: 06[CFG] rightsubnet=10.0.0.0/23
Dec 14 20:01:58 charon: 06[CFG] right=185.103.140.4
Dec 14 20:01:58 charon: 06[CFG] leftid=192.168.102.254
Dec 14 20:01:58 charon: 06[CFG] leftauth=psk
Dec 14 20:01:58 charon: 06[CFG] leftsubnet=10.100.0.0/24
Dec 14 20:01:58 charon: 06[CFG] left=192.168.102.254
Dec 14 20:01:58 charon: 06[CFG] conn con2000
Dec 14 20:01:58 charon: 06[CFG] received stroke: add connection 'con2000'
Dec 14 20:01:58 ipsec_starter[2353]:
Dec 14 20:01:58 ipsec_starter[2353]: 'bypasslan' shunt PASS policy installed
Dec 14 20:01:58 charon: 05[CFG] received stroke: route 'bypasslan'
Dec 14 20:01:58 charon: 05[CFG] added configuration 'bypasslan'
Dec 14 20:01:58 charon: 05[CFG] mediation=no
Dec 14 20:01:58 charon: 05[CFG] sha256_96=no
Dec 14 20:01:58 charon: 05[CFG] dpdtimeout=150
Dec 14 20:01:58 charon: 05[CFG] dpddelay=30
Dec 14 20:01:58 charon: 05[CFG] rightsubnet=10.100.0.0/24
Dec 14 20:01:58 charon: 05[CFG] right=%any
Dec 14 20:01:58 charon: 05[CFG] leftsubnet=10.100.0.0/24
Dec 14 20:01:58 charon: 05[CFG] left=%any
Dec 14 20:01:58 charon: 05[CFG] conn bypasslan
Dec 14 20:01:58 charon: 05[CFG] received stroke: add connection 'bypasslan'
Dec 14 20:01:58 ipsec_starter[2353]: charon (2658) started after 220 ms
Dec 14 20:01:58 charon: 00[JOB] spawning 16 worker threads
Dec 14 20:01:58 charon: 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf curve25519 xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-sim eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock counters
Dec 14 20:01:58 charon: 00[CFG] loaded 0 RADIUS server configurations
Dec 14 20:01:58 charon: 00[CFG] opening triplet file /usr/local/etc/ipsec.d/triplets.dat failed: No such file or directory
Dec 14 20:01:58 charon: 00[CFG] loaded IKE secret for %any 185.103.140.4
Dec 14 20:01:58 charon: 00[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Dec 14 20:01:58 charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
Dec 14 20:01:58 charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Dec 14 20:01:58 charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Dec 14 20:01:58 charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Dec 14 20:01:58 charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Dec 14 20:01:58 charon: 00[CFG] ipseckey plugin is disabled
Dec 14 20:01:58 charon: 00[CFG] loading unbound trust anchors from '/usr/local/etc/ipsec.d/dnssec.keys'
Dec 14 20:01:58 charon: 00[CFG] loading unbound resolver config from '/etc/resolv.conf'
Dec 14 20:01:58 charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Dec 14 20:01:58 charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
Dec 14 20:01:58 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.1, FreeBSD 11.2-RELEASE-p6, amd64)
Dec 14 20:01:58 ipsec_starter[2023]: no known IPsec stack detected, ignoring!
Dec 14 20:01:58 ipsec_starter[2023]: no KLIPS IPsec stack detected
Dec 14 20:01:58 ipsec_starter[2023]: no netkey IPsec stack detected
Dec 14 20:01:58 ipsec_starter[2023]: Starting strongSwan 5.7.1 IPsec [starter]...