IKEv2
-
I have followed this guide (https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-eap-mschapv2.html) and this guide (https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-client-windows.html) and this guide (https://docs.netgate.com/pfsense/en/latest/recipes/ipsec-mobile-ikev2-client-ubuntu.html) however I have decided either I am insane or it just doesn't work. I was able to get IkeV2 working on IOS. AMAZING!! I have got to the point on Windows 10 where when I try to connect it gives me an error which says "Invalid payload received". I don't know how to troubleshoot on windows or ubuntu with strongswan. I receive an error message on ubuntu which says VPN failed to connect and that is all. I was able to get my IOS device to work so I have decided it is ubuntu and windows 10. Can anyone in the world on this netgate forum help me troubleshoot this and figure out the problem?
Here are my pfsense ipsec logs from when I try to connect from windows:
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> lease 10.3.200.1 by 'kellenhudson@gmail.com' went offline
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> IKE_SA con-mobile[52] state change: DELETING => DESTROYING
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> sending packet: from 23.169.65.208[4500] to 69.63.95.99[46389] (80 bytes)
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> generating INFORMATIONAL response 6 [ ]
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> IKE_SA deleted
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> IKE_SA con-mobile[52] state change: ESTABLISHED => DELETING
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> deleting IKE_SA con-mobile[52] between 23.169.65.208[sgthudsonkj.ddns.net]...69.63.95.99[10.220.61.175]
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> received DELETE for IKE_SA con-mobile[52]
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> parsed INFORMATIONAL request 6 [ D ]
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> received packet: from 69.63.95.99[46389] to 23.169.65.208[4500] (80 bytes)
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> sending packet: from 23.169.65.208[4500] to 69.63.95.99[46389] (256 bytes)
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> generating IKE_AUTH response 5 [ AUTH CPRP(ADDR SUBNET U_SPLITINC DNS DNS U_DEFDOM U_SPLITDNS U_SAVEPWD) N(MOBIKE_SUP) N(ADD_4_ADDR) N(NO_PROP) ]
May 30 17:46:30 charon 67324 01[CHD] <con-mobile|52> CHILD_SA con-mobile{23} state change: CREATED => DESTROYING
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> failed to establish CHILD_SA, keeping IKE_SA
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> no acceptable proposal found
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> received proposals: ESP:AES_CBC_256/NO_EXT_SEQ
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> no acceptable ENCRYPTION_ALGORITHM found
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> selecting proposal:
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> no acceptable ENCRYPTION_ALGORITHM found
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> selecting proposal:
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> no acceptable INTEGRITY_ALGORITHM found
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> selecting proposal:
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> found matching child config "con-mobile" with prio 12
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> candidate "con-mobile" with prio 10+2
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> 10.3.200.1/32|/0
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> proposing traffic selectors for other:
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> 0.0.0.0/0|/0
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> proposing traffic selectors for us:
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> looking for a child config for 0.0.0.0/0|/0 ::/0|/0 === 0.0.0.0/0|/0 ::/0|/0
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> building UNITY_SAVE_PASSWD attribute
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> building UNITY_SPLITDNS_NAME attribute
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> building UNITY_DEF_DOMAIN attribute
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> building INTERNAL_IP4_DNS attribute
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> building INTERNAL_IP4_DNS attribute
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> building UNITY_SPLIT_INCLUDE attribute
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> building INTERNAL_IP4_SUBNET attribute
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> no virtual IP found for %any6 requested by 'kellenhudson@gmail.com'
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> peer requested virtual IP %any6
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> assigning virtual IP 10.3.200.1 to peer 'kellenhudson@gmail.com'
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> reassigning offline lease to 'kellenhudson@gmail.com'
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> peer requested virtual IP %any
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> maximum IKE_SA lifetime 27940s
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> scheduling rekeying in 25060s
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> IKE_SA con-mobile[52] state change: CONNECTING => ESTABLISHED
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> IKE_SA con-mobile[52] established between 23.169.65.208[sgthudsonkj.ddns.net]...69.63.95.99[10.220.61.175]
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> authentication of 'sgthudsonkj.ddns.net' (myself) with EAP
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> authentication of '10.220.61.175' with EAP successful
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> parsed IKE_AUTH request 5 [ AUTH ]
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> received packet: from 69.63.95.99[46389] to 23.169.65.208[4500] (112 bytes)
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> sending packet: from 23.169.65.208[4500] to 69.63.95.99[46389] (80 bytes)
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> generating IKE_AUTH response 4 [ EAP/SUCC ]
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> EAP method EAP_MSCHAPV2 succeeded, MSK established
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> received packet: from 69.63.95.99[46389] to 23.169.65.208[4500] (80 bytes)
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> sending packet: from 23.169.65.208[4500] to 69.63.95.99[46389] (144 bytes)
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> received packet: from 69.63.95.99[46389] to 23.169.65.208[4500] (160 bytes)
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> sending packet: from 23.169.65.208[4500] to 69.63.95.99[46389] (112 bytes)
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> initiating EAP_MSCHAPV2 method (id 0x6C)
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> received EAP identity 'kellenhudson@gmail.com'
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> parsed IKE_AUTH request 2 [ EAP/RES/ID ]
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> received packet: from 69.63.95.99[46389] to 23.169.65.208[4500] (112 bytes)
May 30 17:46:29 charon 67324 01[NET] <con-mobile|52> sending packet: from 23.169.65.208[4500] to 69.63.95.99[46389] (372 bytes)
May 30 17:46:29 charon 67324 01[NET] <con-mobile|52> sending packet: from 23.169.65.208[4500] to 69.63.95.99[46389] (1236 bytes)
May 30 17:46:29 charon 67324 01[ENC] <con-mobile|52> generating IKE_AUTH response 1 [ EF(2/2) ]
May 30 17:46:29 charon 67324 01[ENC] <con-mobile|52> generating IKE_AUTH response 1 [ EF(1/2) ]
May 30 17:46:29 charon 67324 01[ENC] <con-mobile|52> splitting IKE message (1536 bytes) into 2 fragments
May 30 17:46:29 charon 67324 01[ENC] <con-mobile|52> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
May 30 17:46:29 charon 67324 01[IKE] <con-mobile|52> sending end entity cert "CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet"
May 30 17:46:29 charon 67324 01[IKE] <con-mobile|52> authentication of 'sgthudsonkj.ddns.net' (myself) with RSA signature successful
May 30 17:46:29 charon 67324 01[IKE] <con-mobile|52> peer supports MOBIKE
May 30 17:46:29 charon 67324 01[IKE] <con-mobile|52> processing INTERNAL_IP6_SERVER attribute
May 30 17:46:29 charon 67324 01[IKE] <con-mobile|52> processing INTERNAL_IP6_DNS attribute
May 30 17:46:29 charon 67324 01[IKE] <con-mobile|52> processing INTERNAL_IP6_ADDRESS attribute
May 30 17:46:29 charon 67324 01[IKE] <con-mobile|52> processing INTERNAL_IP4_SERVER attribute
May 30 17:46:29 charon 67324 01[IKE] <con-mobile|52> processing INTERNAL_IP4_NBNS attribute
May 30 17:46:29 charon 67324 01[IKE] <con-mobile|52> processing INTERNAL_IP4_DNS attribute
May 30 17:46:29 charon 67324 01[IKE] <con-mobile|52> processing INTERNAL_IP4_ADDRESS attribute
May 30 17:46:29 charon 67324 01[IKE] <con-mobile|52> initiating EAP_IDENTITY method (id 0x00)
May 30 17:46:29 charon 67324 01[CFG] <con-mobile|52> selected peer config 'con-mobile'
May 30 17:46:29 charon 67324 01[CFG] <52> candidate "con-mobile", match: 1/1/1052 (me/other/ike)
May 30 17:46:29 charon 67324 01[CFG] <52> looking for peer configs matching 23.169.65.208[%any]...69.63.95.99[10.220.61.175]
May 30 17:46:29 charon 67324 01[IKE] <52> received 67 cert requests for an unknown ca
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 4f:9c:7d:21:79:9c:ad:0e:d8:b9:0c:57:9f:1a:02:99:e7:90:f3:87
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 68:33:0e:61:35:85:21:59:29:83:a3:c8:d2:d2:e1:40:6e:7a:b3:c1
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 17:4a:b8:2b:5f:fb:05:67:75:27:ad:49:5a:4a:5d:c4:22:cc:ea:4e
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 67:ec:9f:90:2d
64:ae:fe:7e:bcf8:8c:51:28:f1:93:2c:12
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 4c:75:d4:85:80:62:aa:a9:44:9c:66:15:1e:6c:58:13:05:3a:9c:72
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 07:15:28:6d:70:73:aa:b2:8a:7c:0f:86:ce:38:93:00:38:05:8a:b1
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 90:2f:82:a3:7c:47:97:01:1e:0f:4b:a5:af:13:13:c2:11:13:47:ea
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid ee:e5:9f:1e:2a:a5:44:c3:cb:25:43:a6:9a:5b:d4:6a:25:bc:bb:8e
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid c8:95:13:68:01:97:28:0a:2c:55:c3:fc:d3:90:f5:3a:05:3b:c9:fb
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid bb:c2:3e:29:0b:b3:28:77:1d:ad:3e:a2:4d:bd:f4:23:bd:06:b0:3d
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid e6:ff:c3:94:e8:38:59:7f:51:d4:80:42:19:76:27:cf:db:94:8e:c6
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 23:4b:71:25:56:13:e1:30:dd:e3:42:69:c9:cc:30:d4:6f:08:41:e0
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 21:0f:2c:89:f7:c4:cd:5d:1b:82:5e:38:d6:c6:59:3b:a6:93:75:ae
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 3e:22:d4:2c:1f:02:44:b8:04:10:65:61:7c:c7:6b:ae:da:87:29:9c
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid fd:da:14:c4:9f:30:de:21:bd:1e:42:39:fc
63:23:49:e0:f1:84
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 3e:51:59:8b:a7:6f:54:5c:77:24:c5:66:eb:aa:fb:3e:2b:f3:ac:4f
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 3b:37:c0:c5:47:3d:fc:5b:9a:0d:01:5b:12:3b:53:cc:ad:b7:54:66
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 6d:aa:9b:09:87:c4:d0:d4:22:ed:40:07:37:4d:19:f1:91:ff:de:d3
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid a5:06:8a:78:cf:84:bd:74:32:dd:58:f9:65:eb:3a:55:e7:c7:80:dc
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 42:32:b6:16:fa:04:fd:fe:5d:4b:7a:c3:fd:f7:4c:40:1d:5a:43:af
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid ab:30:d3:af:4b:d8:f1:6b:58:69:ee:45:69:29:da:84:b8:73:94:88
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 12:b8:87:38:8b:9b:fd:4f:7a:19:9a:34:a5:b5:30:f3:6c:b2:c6:7c
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 59:79:12
61:75:d6:6f:c4:23:b7:77:13:74:c7:96:de:6f:88:72
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid d5:2e:13:c1:ab:e3:49:da:e8:b4:95:94:ef:7c:38:43:60:64:66:bd
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 4a:81:0cf0:c0:90:0f:19:06:42:31:35:a2:a2:8d:d3:44:fd:08
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid ba:42:b0:81:88:53:88:1d:86:63:bd:4c:c0:5e:08:fe:ea:6e:bb:77
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 69:c4:27:db:59:69:68:18:47:e2:52:17:0a:e0:e5:7f:ab:9d:ef:0f
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 69:9f:1b:7a:e9:b8:da:18:49:6c:60:8b:ce:4f:4e:aa:f9:f0:b7:aa
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 73:97:82:ea:b4:04:16:6e:25:d4:82:3c:37:db:f8:a8:12:fb:cf:26
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 90:e2:41:c2:11:41:8b:95:b1:a9:e0:9c:37:24:7e:84:9f:e4:be:a1
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid a2:af:24:0a:da:e8:67:79:c8:a8:50:b3:c7:46:ee:d9:f7:1b:16:78
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid c4:30:28:c5:d3:e3:08:0c:10:44:8b:2c:77:ba:24:53:97:60:bb:f9
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 30:a4:e6:4f:de:76:8a:fc:ed:5a:90:84:28:30:46:79:2c:29:15:70
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid f7:93:19:ef:df:c1:f5:20:fb:ac:85:55:2c:f2:d2:8f:5a:b9:ca:0b
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid a8:e3:02:96:70:a6:8b:57:eb:ec:ef:cc:29:4e:91:74:9a:d4:92:38
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid c0:7a:98:68:8d:89:fb05:64:0c:11:7d:aa:7d:65:b8:ca:cc:4e
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 86:26:cb:1b:c5:54:b3:9f:bd:6b:ed:63:7f:b9:89:a9:80:f1:f4:8a
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 5e:8c:53:18:22:60:1d:56:71:d6:6a:a0:cc:64:a0:60:07:43:d5:a8
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid f8:92:0b:e9:08:a9:c5:d5:a0:fb:f3:9a:aa:98:a5:74:37:49:ad:9f
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 87:e3:bf:32:24:27:c1:40:5d:27:36:c3:81:e0:1d:1a:71:d4:a0:39
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid ab:76:88:f4:e5:e1:38:c9:e9:50:17cd:b3:18:17:b3:3e:8c:f5
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid b3:86:36:7d:bc:e5:f8:4e:e2:8c:15:37:81:b2:1d:f5:3d:2c:15:cd
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 64:1d:f8:d5:0e:23:31:c2:29:b2:50:cb:32:f5:6d:f5:5c:8e:00:fa
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 7c:32:d4:85:fd:89:0a:66:b5:97:ce:86:f4:d5:26:a9:21:07:e8:3e
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for "CN=internal-ca, ST=Utah, L=EagleMountain, O=HudNet"
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid f9:27:b6:1b:0a:37:f3:c3:1a:fa:17:ec:2d:46:17:16:12:9d:0c:0e
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 7d:0b:0a:bb:79:98:02:5f:aa:69:a0:99:87:76:31:f0:89:fc:0b:15
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a943:bc:02:7d:57:09:33:fb
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid c8:32:93:8d:d8:69:21:f1:31:b9:17:43:81:ce:91:d9:59:49:18:b6
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 5c:b8:69:fe:8d:ef:c1:ed:66:27:ee:b2:12:0f:72:1b:b8:0a:0e:04
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 6e:58:4e:33:75:bd:57:f6:d5:42:1b:16:01:c2:d8:c0:f5:3a:9f:6e
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 23:f9:77:3f:35:bb:67:19:cc:d4:d0:d2:02:f3:a7:9c:6b:59:72:54
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:883b:15
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
May 30 17:46:29 charon 67324 01[IKE] <52> received cert request for unknown ca with keyid 61:d8:54:e0:49:87:0e:5b:f2:2a:df:60:c6:9f:3b:43:22:b4:5a:66
May 30 17:46:29 charon 67324 01[ENC] <52> parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
May 30 17:46:29 charon 67324 01[ENC] <52> received fragment #3 of 4, reassembled fragmented IKE message (1664 bytes)
May 30 17:46:29 charon 67324 01[ENC] <52> parsed IKE_AUTH request 1 [ EF(3/4) ]
May 30 17:46:29 charon 67324 01[NET] <52> received packet: from 69.63.95.99[46389] to 23.169.65.208[4500] (580 bytes)
May 30 17:46:29 charon 67324 13[ENC] <52> received fragment #4 of 4, waiting for complete IKE message
May 30 17:46:29 charon 67324 13[ENC] <52> parsed IKE_AUTH request 1 [ EF(4/4) ]
May 30 17:46:29 charon 67324 13[NET] <52> received packet: from 69.63.95.99[46389] to 23.169.65.208[4500] (180 bytes)
May 30 17:46:29 charon 67324 10[ENC] <52> received fragment #2 of 4, waiting for complete IKE message
May 30 17:46:29 charon 67324 10[ENC] <52> parsed IKE_AUTH request 1 [ EF(2/4) ]
May 30 17:46:29 charon 67324 10[NET] <52> received packet: from 69.63.95.99[46389] to 23.169.65.208[4500] (580 bytes)
May 30 17:46:29 charon 67324 10[ENC] <52> received fragment #1 of 4, waiting for complete IKE message
May 30 17:46:29 charon 67324 10[ENC] <52> parsed IKE_AUTH request 1 [ EF(1/4) ]
May 30 17:46:29 charon 67324 10[NET] <52> received packet: from 69.63.95.99[46389] to 23.169.65.208[4500] (580 bytes)
May 30 17:46:29 charon 67324 15[NET] <52> sending packet: from 23.169.65.208[500] to 69.63.95.99[500] (501 bytes)
May 30 17:46:29 charon 67324 15[ENC] <52> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
May 30 17:46:29 charon 67324 15[IKE] <52> sending cert request for "CN=internal-ca, ST=Utah, L=EagleMountain, O=HudNet"
May 30 17:46:29 charon 67324 15[IKE] <52> sending cert request for "CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet"
May 30 17:46:29 charon 67324 15[IKE] <52> remote host is behind NAT
May 30 17:46:29 charon 67324 15[CFG] <52> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
May 30 17:46:29 charon 67324 15[CFG] <52> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
May 30 17:46:29 charon 67324 15[CFG] <52> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
May 30 17:46:29 charon 67324 15[CFG] <52> proposal matches
May 30 17:46:29 charon 67324 15[CFG] <52> selecting proposal:
May 30 17:46:29 charon 67324 15[IKE] <52> IKE_SA (unnamed)[52] state change: CREATED => CONNECTING
May 30 17:46:29 charon 67324 15[IKE] <52> 69.63.95.99 is initiating an IKE_SA
May 30 17:46:29 charon 67324 15[ENC] <52> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
May 30 17:46:29 charon 67324 15[IKE] <52> received Vid-Initial-Contact vendor ID
May 30 17:46:29 charon 67324 15[IKE] <52> received MS-Negotiation Discovery Capable vendor ID
May 30 17:46:29 charon 67324 15[IKE] <52> received MS NT5 ISAKMPOAKLEY v9 vendor ID
May 30 17:46:29 charon 67324 15[CFG] <52> found matching ike config: 23.169.65.208...0.0.0.0/0, ::/0 with prio 1052
May 30 17:46:29 charon 67324 15[CFG] <52> candidate: 23.169.65.208...0.0.0.0/0, ::/0, prio 1052
May 30 17:46:29 charon 67324 15[CFG] <52> looking for an IKEv2 config for 23.169.65.208...69.63.95.99
May 30 17:46:29 charon 67324 15[ENC] <52> parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
May 30 17:46:29 charon 67324 15[NET] <52> received packet: from 69.63.95.99[500] to 23.169.65.208[500] (544 bytes) -
@ssghudsonkj said in IKEv2:
Here are my pfsense ipsec logs from when I try to connect from windows:
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> lease 10.3.200.1 by 'kellenhudson@gmail.com' went offline
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> IKE_SA con-mobile[52] state change: DELETING => DESTROYING
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> sending packet: from 23.169.65.208[4500] to 69.63.95.99[46389] (80 bytes)
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> generating INFORMATIONAL response 6 [ ]
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> IKE_SA deleted
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> IKE_SA con-mobile[52] state change: ESTABLISHED => DELETING
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> deleting IKE_SA con-mobile[52] between 23.169.65.208[sgthudsonkj.ddns.net]...69.63.95.99[10.220.61.175]
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> received DELETE for IKE_SA con-mobile[52]
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> parsed INFORMATIONAL request 6 [ D ]
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> received packet: from 69.63.95.99[46389] to 23.169.65.208[4500] (80 bytes)
May 30 17:46:30 charon 67324 01[NET] <con-mobile|52> sending packet: from 23.169.65.208[4500] to 69.63.95.99[46389] (256 bytes)
May 30 17:46:30 charon 67324 01[ENC] <con-mobile|52> generating IKE_AUTH response 5 [ AUTH CPRP(ADDR SUBNET U_SPLITINC DNS DNS U_DEFDOM U_SPLITDNS U_SAVEPWD) N(MOBIKE_SUP) N(ADD_4_ADDR) N(NO_PROP) ]
May 30 17:46:30 charon 67324 01[CHD] <con-mobile|52> CHILD_SA con-mobile{23} state change: CREATED => DESTROYING
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> failed to establish CHILD_SA, keeping IKE_SA
May 30 17:46:30 charon 67324 01[IKE] <con-mobile|52> no acceptable proposal found
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> received proposals: ESP:AES_CBC_256/NO_EXT_SEQ
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> no acceptable ENCRYPTION_ALGORITHM found
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> selecting proposal:
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> no acceptable ENCRYPTION_ALGORITHM found
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> selecting proposal:
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> no acceptable INTEGRITY_ALGORITHM found
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> selecting proposal:
May 30 17:46:30 charon 67324 01[CFG] <con-mobile|52> found matching child config "con-mobile" with prio 12This looks like the Windows client sends a phase2 proposal without an integrity transform (ESP:AES_CBC_256/NO_EXT_SEQ).
The pfsense does not find a matching proposal, declines the child SA but keeps the IKE SA.
The Windows client then deletes the IKE SA.Kind regards,
Mathias -
@mamawe How do I resolve this?
I tried to follow this guide: https://www.stevenjordan.net/2016/09/secure-ikev2-win-10.html
-
@ssghudsonkj said in IKEv2:
@mamawe How do I resolve this?
I tried to follow this guide: https://www.stevenjordan.net/2016/09/secure-ikev2-win-10.html
How did you try to follow this guide?
Did you use the registry key, the powershell command, or both?
What exactly did you do, can you post the exact keys and values or the commands you typed?Kind regardas,
Mathias -
@mamawe I created the registry key and set it to 2โฆ I didnโt do anything else.
-
@ssghudsonkj said in IKEv2:
@mamawe I created the registry key and set it to 2โฆ I didnโt do anything else.
Please try adding hash algorithm SHA1 to the phase 2 proposal on the pfSense.
-
@mamawe I still receive the invalid payload received error on the Windows 10 side.
-
Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 disconnected
Jun 7 09:36:42 charon 67324 09[CFG] updated vici connection: con-mobile
Jun 7 09:36:42 charon 67324 09[CFG] id = %any
Jun 7 09:36:42 charon 67324 09[CFG] eap_id = %any
Jun 7 09:36:42 charon 67324 09[CFG] class = EAP
Jun 7 09:36:42 charon 67324 09[CFG] eap-type = EAP_MSCHAPV2
Jun 7 09:36:42 charon 67324 09[CFG] remote:
Jun 7 09:36:42 charon 67324 09[CFG] cert = CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet
Jun 7 09:36:42 charon 67324 09[CFG] id = sgthudsonkj.ddns.net
Jun 7 09:36:42 charon 67324 09[CFG] class = public key
Jun 7 09:36:42 charon 67324 09[CFG] local:
Jun 7 09:36:42 charon 67324 09[CFG] if_id_out = 0
Jun 7 09:36:42 charon 67324 09[CFG] if_id_in = 0
Jun 7 09:36:42 charon 67324 09[CFG] proposals = IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Jun 7 09:36:42 charon 67324 09[CFG] rand_time = 2880
Jun 7 09:36:42 charon 67324 09[CFG] over_time = 2880
Jun 7 09:36:42 charon 67324 09[CFG] rekey_time = 25920
Jun 7 09:36:42 charon 67324 09[CFG] reauth_time = 0
Jun 7 09:36:42 charon 67324 09[CFG] keyingtries = 1
Jun 7 09:36:42 charon 67324 09[CFG] unique = UNIQUE_REPLACE
Jun 7 09:36:42 charon 67324 09[CFG] childless = 0
Jun 7 09:36:42 charon 67324 09[CFG] fragmentation = 2
Jun 7 09:36:42 charon 67324 09[CFG] dpd_timeout = 60
Jun 7 09:36:42 charon 67324 09[CFG] dpd_delay = 10
Jun 7 09:36:42 charon 67324 09[CFG] encap = 0
Jun 7 09:36:42 charon 67324 09[CFG] dscp = 0x00
Jun 7 09:36:42 charon 67324 09[CFG] aggressive = 0
Jun 7 09:36:42 charon 67324 09[CFG] mobike = 1
Jun 7 09:36:42 charon 67324 09[CFG] ppk_required = 0
Jun 7 09:36:42 charon 67324 09[CFG] ppk_id = (null)
Jun 7 09:36:42 charon 67324 09[CFG] send_cert = CERT_ALWAYS_SEND
Jun 7 09:36:42 charon 67324 09[CFG] send_certreq = 1
Jun 7 09:36:42 charon 67324 09[CFG] remote_port = 500
Jun 7 09:36:42 charon 67324 09[CFG] local_port = 500
Jun 7 09:36:42 charon 67324 09[CFG] remote_addrs = 0.0.0.0/0, ::/0
Jun 7 09:36:42 charon 67324 09[CFG] local_addrs = 23.169.65.208
Jun 7 09:36:42 charon 67324 09[CFG] version = 2
Jun 7 09:36:42 charon 67324 09[CFG] copy_dscp = out
Jun 7 09:36:42 charon 67324 09[CFG] copy_ecn = 1
Jun 7 09:36:42 charon 67324 09[CFG] copy_df = 1
Jun 7 09:36:42 charon 67324 09[CFG] sha256_96 = 0
Jun 7 09:36:42 charon 67324 09[CFG] hw_offload = no
Jun 7 09:36:42 charon 67324 09[CFG] remote_ts = dynamic
Jun 7 09:36:42 charon 67324 09[CFG] local_ts = 0.0.0.0/0|/0
Jun 7 09:36:42 charon 67324 09[CFG] proposals = ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Jun 7 09:36:42 charon 67324 09[CFG] inactivity = 0
Jun 7 09:36:42 charon 67324 09[CFG] set_mark_out = 0/0
Jun 7 09:36:42 charon 67324 09[CFG] set_mark_in = 0/0
Jun 7 09:36:42 charon 67324 09[CFG] mark_out = 0/0
Jun 7 09:36:42 charon 67324 09[CFG] mark_in_sa = 0
Jun 7 09:36:42 charon 67324 09[CFG] mark_in = 0/0
Jun 7 09:36:42 charon 67324 09[CFG] if_id_out = 0
Jun 7 09:36:42 charon 67324 09[CFG] if_id_in = 0
Jun 7 09:36:42 charon 67324 09[CFG] interface = (null)
Jun 7 09:36:42 charon 67324 09[CFG] priority = 0
Jun 7 09:36:42 charon 67324 09[CFG] tfc = 0
Jun 7 09:36:42 charon 67324 09[CFG] reqid = 0
Jun 7 09:36:42 charon 67324 09[CFG] close_action = clear
Jun 7 09:36:42 charon 67324 09[CFG] start_action = clear
Jun 7 09:36:42 charon 67324 09[CFG] dpd_action = clear
Jun 7 09:36:42 charon 67324 09[CFG] policies_fwd_out = 0
Jun 7 09:36:42 charon 67324 09[CFG] policies = 1
Jun 7 09:36:42 charon 67324 09[CFG] mode = TUNNEL
Jun 7 09:36:42 charon 67324 09[CFG] ipcomp = 0
Jun 7 09:36:42 charon 67324 09[CFG] hostaccess = 0
Jun 7 09:36:42 charon 67324 09[CFG] updown = (null)
Jun 7 09:36:42 charon 67324 09[CFG] rand_packets = 0
Jun 7 09:36:42 charon 67324 09[CFG] life_packets = 0
Jun 7 09:36:42 charon 67324 09[CFG] rekey_packets = 0
Jun 7 09:36:42 charon 67324 09[CFG] rand_bytes = 0
Jun 7 09:36:42 charon 67324 09[CFG] life_bytes = 0
Jun 7 09:36:42 charon 67324 09[CFG] rekey_bytes = 0
Jun 7 09:36:42 charon 67324 09[CFG] rand_time = 360
Jun 7 09:36:42 charon 67324 09[CFG] life_time = 3600
Jun 7 09:36:42 charon 67324 09[CFG] rekey_time = 3240
Jun 7 09:36:42 charon 67324 09[CFG] child con-mobile:
Jun 7 09:36:42 charon 67324 09[CFG] conn con-mobile:
Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: load-conn
Jun 7 09:36:42 charon 67324 09[CFG] updated vici connection: bypass
Jun 7 09:36:42 charon 67324 09[CFG] remote:
Jun 7 09:36:42 charon 67324 09[CFG] local:
Jun 7 09:36:42 charon 67324 09[CFG] if_id_out = 0
Jun 7 09:36:42 charon 67324 09[CFG] if_id_in = 0
Jun 7 09:36:42 charon 67324 09[CFG] proposals = IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Jun 7 09:36:42 charon 67324 09[CFG] rand_time = 1440
Jun 7 09:36:42 charon 67324 09[CFG] over_time = 1440
Jun 7 09:36:42 charon 67324 09[CFG] rekey_time = 14400
Jun 7 09:36:42 charon 67324 09[CFG] reauth_time = 0
Jun 7 09:36:42 charon 67324 09[CFG] keyingtries = 1
Jun 7 09:36:42 charon 67324 09[CFG] unique = UNIQUE_NO
Jun 7 09:36:42 charon 67324 09[CFG] childless = 0
Jun 7 09:36:42 charon 67324 09[CFG] fragmentation = 2
Jun 7 09:36:42 charon 67324 09[CFG] dpd_timeout = 0
Jun 7 09:36:42 charon 67324 09[CFG] dpd_delay = 0
Jun 7 09:36:42 charon 67324 09[CFG] encap = 0
Jun 7 09:36:42 charon 67324 09[CFG] dscp = 0x00
Jun 7 09:36:42 charon 67324 09[CFG] aggressive = 0
Jun 7 09:36:42 charon 67324 09[CFG] mobike = 1
Jun 7 09:36:42 charon 67324 09[CFG] ppk_required = 0
Jun 7 09:36:42 charon 67324 09[CFG] ppk_id = (null)
Jun 7 09:36:42 charon 67324 09[CFG] send_cert = CERT_SEND_IF_ASKED
Jun 7 09:36:42 charon 67324 09[CFG] send_certreq = 1
Jun 7 09:36:42 charon 67324 09[CFG] remote_port = 500
Jun 7 09:36:42 charon 67324 09[CFG] local_port = 500
Jun 7 09:36:42 charon 67324 09[CFG] remote_addrs = 127.0.0.1
Jun 7 09:36:42 charon 67324 09[CFG] local_addrs = %any
Jun 7 09:36:42 charon 67324 09[CFG] version = 0
Jun 7 09:36:42 charon 67324 09[CFG] copy_dscp = out
Jun 7 09:36:42 charon 67324 09[CFG] copy_ecn = 1
Jun 7 09:36:42 charon 67324 09[CFG] copy_df = 1
Jun 7 09:36:42 charon 67324 09[CFG] sha256_96 = 0
Jun 7 09:36:42 charon 67324 09[CFG] hw_offload = no
Jun 7 09:36:42 charon 67324 09[CFG] remote_ts = 172.30.222.0/24|/0
Jun 7 09:36:42 charon 67324 09[CFG] local_ts = 172.30.222.0/24|/0
Jun 7 09:36:42 charon 67324 09[CFG] proposals = ESP:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ
Jun 7 09:36:42 charon 67324 09[CFG] inactivity = 0
Jun 7 09:36:42 charon 67324 09[CFG] set_mark_out = 0/0
Jun 7 09:36:42 charon 67324 09[CFG] set_mark_in = 0/0
Jun 7 09:36:42 charon 67324 09[CFG] mark_out = 0/0
Jun 7 09:36:42 charon 67324 09[CFG] mark_in_sa = 0
Jun 7 09:36:42 charon 67324 09[CFG] mark_in = 0/0
Jun 7 09:36:42 charon 67324 09[CFG] if_id_out = 0
Jun 7 09:36:42 charon 67324 09[CFG] if_id_in = 0
Jun 7 09:36:42 charon 67324 09[CFG] interface = (null)
Jun 7 09:36:42 charon 67324 09[CFG] priority = 0
Jun 7 09:36:42 charon 67324 09[CFG] tfc = 0
Jun 7 09:36:42 charon 67324 09[CFG] reqid = 0
Jun 7 09:36:42 charon 67324 09[CFG] close_action = clear
Jun 7 09:36:42 charon 67324 09[CFG] start_action = hold
Jun 7 09:36:42 charon 67324 09[CFG] dpd_action = clear
Jun 7 09:36:42 charon 67324 09[CFG] policies_fwd_out = 0
Jun 7 09:36:42 charon 67324 09[CFG] policies = 1
Jun 7 09:36:42 charon 67324 09[CFG] mode = PASS
Jun 7 09:36:42 charon 67324 09[CFG] ipcomp = 0
Jun 7 09:36:42 charon 67324 09[CFG] hostaccess = 0
Jun 7 09:36:42 charon 67324 09[CFG] updown = (null)
Jun 7 09:36:42 charon 67324 09[CFG] rand_packets = 0
Jun 7 09:36:42 charon 67324 09[CFG] life_packets = 0
Jun 7 09:36:42 charon 67324 09[CFG] rekey_packets = 0
Jun 7 09:36:42 charon 67324 09[CFG] rand_bytes = 0
Jun 7 09:36:42 charon 67324 09[CFG] life_bytes = 0
Jun 7 09:36:42 charon 67324 09[CFG] rekey_bytes = 0
Jun 7 09:36:42 charon 67324 09[CFG] rand_time = 360
Jun 7 09:36:42 charon 67324 09[CFG] life_time = 3960
Jun 7 09:36:42 charon 67324 09[CFG] rekey_time = 3600
Jun 7 09:36:42 charon 67324 09[CFG] child bypasslan:
Jun 7 09:36:42 charon 67324 09[CFG] conn bypass:
Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: load-conn
Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: get-conns
Jun 7 09:36:42 charon 67324 09[CFG] updated vici pool mobile-pool-v4: 10.3.200.0, 254 entries
Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: load-pool
Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: get-pools
Jun 7 09:36:42 charon 67324 09[CFG] vici client 42 requests: get-authorities
Jun 7 09:36:42 charon 67324 13[CFG] loaded EAP shared key with id 'eap-1' for: 'kellenhudson@gmail.com'
Jun 7 09:36:42 charon 67324 13[CFG] vici client 42 requests: load-shared
Jun 7 09:36:42 charon 67324 13[CFG] loaded ANY private key
Jun 7 09:36:42 charon 67324 13[CFG] vici client 42 requests: load-key
Jun 7 09:36:42 charon 67324 13[CFG] loaded certificate 'CN=internal-ca, ST=Utah, L=EagleMountain, O=HudNet'
Jun 7 09:36:42 charon 67324 13[CFG] vici client 42 requests: load-cert
Jun 7 09:36:42 charon 67324 13[CFG] loaded certificate 'CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet'
Jun 7 09:36:42 charon 67324 13[CFG] vici client 42 requests: load-cert
Jun 7 09:36:42 charon 67324 06[CFG] vici client 42 requests: get-shared
Jun 7 09:36:42 charon 67324 06[CFG] vici client 42 requests: get-keys
Jun 7 09:36:42 charon 67324 11[CFG] vici client 42 connected
Jun 7 09:36:42 charon 67324 06[CFG] vici client 41 disconnected
Jun 7 09:36:42 charon 67324 11[CFG] loaded 0 RADIUS server configurations
Jun 7 09:36:42 charon 67324 11[CFG] loaded 0 entries for attr plugin configuration
Jun 7 09:36:42 charon 67324 11[CFG] ipseckey plugin is disabled
Jun 7 09:36:42 charon 67324 11[CFG] vici client 41 requests: reload-settings
Jun 7 09:36:42 charon 67324 11[CFG] vici client 41 connected
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> lease 10.3.200.1 by 'kellenhudson@gmail.com' went offline
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> IKE_SA con-mobile[78] state change: DELETING => DESTROYING
Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (80 bytes)
Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> generating INFORMATIONAL response 6 [ ]
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> IKE_SA deleted
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> IKE_SA con-mobile[78] state change: ESTABLISHED => DELETING
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> deleting IKE_SA con-mobile[78] between 23.169.65.208[sgthudsonkj.ddns.net]...172.30.222.172[172.30.222.172]
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> received DELETE for IKE_SA con-mobile[78]
Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> parsed INFORMATIONAL request 6 [ D ]
Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (80 bytes)
Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (256 bytes)
Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 5 [ AUTH CPRP(ADDR SUBNET U_SPLITINC DNS DNS U_DEFDOM U_SPLITDNS U_SAVEPWD) N(MOBIKE_SUP) N(ADD_4_ADDR) N(NO_PROP) ]
Jun 7 09:33:46 charon 67324 11[CHD] <con-mobile|78> CHILD_SA con-mobile{38} state change: CREATED => DESTROYING
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> failed to establish CHILD_SA, keeping IKE_SA
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> no acceptable proposal found
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> received proposals: ESP:AES_CBC_256/NO_EXT_SEQ
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable ENCRYPTION_ALGORITHM found
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable ENCRYPTION_ALGORITHM found
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable ENCRYPTION_ALGORITHM found
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable ENCRYPTION_ALGORITHM found
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable INTEGRITY_ALGORITHM found
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> no acceptable INTEGRITY_ALGORITHM found
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> selecting proposal:
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> found matching child config "con-mobile" with prio 12
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> candidate "con-mobile" with prio 10+2
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> 10.3.200.1/32|/0
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> proposing traffic selectors for other:
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> 0.0.0.0/0|/0
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> proposing traffic selectors for us:
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> looking for a child config for 0.0.0.0/0|/0 ::/0|/0 === 0.0.0.0/0|/0 ::/0|/0
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building UNITY_SAVE_PASSWD attribute
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building UNITY_SPLITDNS_NAME attribute
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building UNITY_DEF_DOMAIN attribute
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building INTERNAL_IP4_DNS attribute
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building INTERNAL_IP4_DNS attribute
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building UNITY_SPLIT_INCLUDE attribute
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> building INTERNAL_IP4_SUBNET attribute
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> no virtual IP found for %any6 requested by 'kellenhudson@gmail.com'
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> peer requested virtual IP %any6
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> assigning virtual IP 10.3.200.1 to peer 'kellenhudson@gmail.com'
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> reassigning offline lease to 'kellenhudson@gmail.com'
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> peer requested virtual IP %any
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> maximum IKE_SA lifetime 28767s
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> scheduling rekeying in 25887s
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> IKE_SA con-mobile[78] state change: CONNECTING => ESTABLISHED
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> IKE_SA con-mobile[78] established between 23.169.65.208[sgthudsonkj.ddns.net]...172.30.222.172[172.30.222.172]
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> authentication of 'sgthudsonkj.ddns.net' (myself) with EAP
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> authentication of '172.30.222.172' with EAP successful
Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> parsed IKE_AUTH request 5 [ AUTH ]
Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (112 bytes)
Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (80 bytes)
Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 4 [ EAP/SUCC ]
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> EAP method EAP_MSCHAPV2 succeeded, MSK established
Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (80 bytes)
Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (144 bytes)
Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
Jun 7 09:33:46 charon 67324 11[ENC] <con-mobile|78> parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]
Jun 7 09:33:46 charon 67324 11[NET] <con-mobile|78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (160 bytes)
Jun 7 09:33:45 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (112 bytes)
Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> initiating EAP_MSCHAPV2 method (id 0x54)
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> received EAP identity 'kellenhudson@gmail.com'
Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> parsed IKE_AUTH request 2 [ EAP/RES/ID ]
Jun 7 09:33:45 charon 67324 11[NET] <con-mobile|78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (112 bytes)
Jun 7 09:33:45 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (372 bytes)
Jun 7 09:33:45 charon 67324 11[NET] <con-mobile|78> sending packet: from 23.169.65.208[4500] to 172.30.222.172[4500] (1236 bytes)
Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 1 [ EF(2/2) ]
Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 1 [ EF(1/2) ]
Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> splitting IKE message (1536 bytes) into 2 fragments
Jun 7 09:33:45 charon 67324 11[ENC] <con-mobile|78> generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> sending end entity cert "CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet"
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> authentication of 'sgthudsonkj.ddns.net' (myself) with RSA signature successful
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> peer supports MOBIKE
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP6_SERVER attribute
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP6_DNS attribute
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP6_ADDRESS attribute
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP4_SERVER attribute
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP4_NBNS attribute
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP4_DNS attribute
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> processing INTERNAL_IP4_ADDRESS attribute
Jun 7 09:33:45 charon 67324 11[IKE] <con-mobile|78> initiating EAP_IDENTITY method (id 0x00)
Jun 7 09:33:45 charon 67324 11[CFG] <con-mobile|78> selected peer config 'con-mobile'
Jun 7 09:33:45 charon 67324 11[CFG] <78> candidate "con-mobile", match: 1/1/1052 (me/other/ike)
Jun 7 09:33:45 charon 67324 11[CFG] <78> looking for peer configs matching 23.169.65.208[%any]...172.30.222.172[172.30.222.172]
Jun 7 09:33:45 charon 67324 11[IKE] <78> received 67 cert requests for an unknown ca
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 4f:9c:7d:21:79:9c:ad:0e:d8:b9:0c:57:9f:1a:02:99:e7:90:f3:87
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 68:33:0e:61:35:85:21:59:29:83:a3:c8:d2:d2:e1:40:6e:7a:b3:c1
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 17:4a:b8:2b:5f:fb:05:67:75:27:ad:49:5a:4a:5d:c4:22:cc:ea:4e
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 67:ec:9f:90:2d64:ae:fe:7e:bcf8:8c:51:28:f1:93:2c:12
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 4c:75:d4:85:80:62:aa:a9:44:9c:66:15:1e:6c:58:13:05:3a:9c:72
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 07:15:28:6d:70:73:aa:b2:8a:7c:0f:86:ce:38:93:00:38:05:8a:b1
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 90:2f:82:a3:7c:47:97:01:1e:0f:4b:a5:af:13:13:c2:11:13:47:ea
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid ee:e5:9f:1e:2a:a5:44:c3:cb:25:43:a6:9a:5b:d4:6a:25:bc:bb:8e
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid c8:95:13:68:01:97:28:0a:2c:55:c3:fc:d3:90:f5:3a:05:3b:c9:fb
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid bb:c2:3e:29:0b:b3:28:77:1d:ad:3e:a2:4d:bd:f4:23:bd:06:b0:3d
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid e6:ff:c3:94:e8:38:59:7f:51:d4:80:42:19:76:27:cf:db:94:8e:c6
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 23:4b:71:25:56:13:e1:30:dd:e3:42:69:c9:cc:30:d4:6f:08:41:e0
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 21:0f:2c:89:f7:c4:cd:5d:1b:82:5e:38:d6:c6:59:3b:a6:93:75:ae
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid b1:81:08:1a:19:a4:c0:94:1f:fa:e8:95:28:c1:24:c9:9b:34:ac:c7
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 55:e4:81:d1:11:80:be:d8:89:b9:08:a3:31:f9:a1:24:09:16:b9:70
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 3e:22:d4:2c:1f:02:44:b8:04:10:65:61:7c:c7:6b:ae:da:87:29:9c
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid fd:da:14:c4:9f:30:de:21:bd:1e:42:39:fc63:23:49:e0:f1:84
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 3e:51:59:8b:a7:6f:54:5c:77:24:c5:66:eb:aa:fb:3e:2b:f3:ac:4f
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 3b:37:c0:c5:47:3d:fc:5b:9a:0d:01:5b:12:3b:53:cc:ad:b7:54:66
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 83:31:7e:62:85:42:53:d6:d7:78:31:90:ec:91:90:56:e9:91:b9:e3
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 6d:aa:9b:09:87:c4:d0:d4:22:ed:40:07:37:4d:19:f1:91:ff:de:d3
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid a5:06:8a:78:cf:84:bd:74:32:dd:58:f9:65:eb:3a:55:e7:c7:80:dc
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 42:32:b6:16:fa:04:fd:fe:5d:4b:7a:c3:fd:f7:4c:40:1d:5a:43:af
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid ab:30:d3:af:4b:d8:f1:6b:58:69:ee:45:69:29:da:84:b8:73:94:88
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 12:b8:87:38:8b:9b:fd:4f:7a:19:9a:34:a5:b5:30:f3:6c:b2:c6:7c
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 6c:ca:bd:7d:b4:7e:94:a5:75:99:01:b6:a7:df:d4:5d:1c:09:1c:cc
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 59:79:1261:75:d6:6f:c4:23:b7:77:13:74:c7:96:de:6f:88:72
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid d5:2e:13:c1:ab:e3:49:da:e8:b4:95:94:ef:7c:38:43:60:64:66:bd
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 4a:81:0cf0:c0:90:0f:19:06:42:31:35:a2:a2:8d:d3:44:fd:08
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 87:db:d4:5f:b0:92:8d:4e:1d:f8:15:67:e7:f2:ab:af:d6:2b:67:75
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid ba:42:b0:81:88:53:88:1d:86:63:bd:4c:c0:5e:08:fe:ea:6e:bb:77
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 69:c4:27:db:59:69:68:18:47:e2:52:17:0a:e0:e5:7f:ab:9d:ef:0f
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 69:9f:1b:7a:e9:b8:da:18:49:6c:60:8b:ce:4f:4e:aa:f9:f0:b7:aa
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 73:97:82:ea:b4:04:16:6e:25:d4:82:3c:37:db:f8:a8:12:fb:cf:26
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 90:e2:41:c2:11:41:8b:95:b1:a9:e0:9c:37:24:7e:84:9f:e4:be:a1
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid a2:af:24:0a:da:e8:67:79:c8:a8:50:b3:c7:46:ee:d9:f7:1b:16:78
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid c4:30:28:c5:d3:e3:08:0c:10:44:8b:2c:77:ba:24:53:97:60:bb:f9
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 30:a4:e6:4f:de:76:8a:fc:ed:5a:90:84:28:30:46:79:2c:29:15:70
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid f7:93:19:ef:df:c1:f5:20:fb:ac:85:55:2c:f2:d2:8f:5a:b9:ca:0b
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid a8:e3:02:96:70:a6:8b:57:eb:ec:ef:cc:29:4e:91:74:9a:d4:92:38
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid c0:7a:98:68:8d:89:fb05:64:0c:11:7d:aa:7d:65:b8:ca:cc:4e
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 86:26:cb:1b:c5:54:b3:9f:bd:6b:ed:63:7f:b9:89:a9:80:f1:f4:8a
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 5e:8c:53:18:22:60:1d:56:71:d6:6a:a0:cc:64:a0:60:07:43:d5:a8
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid f8:92:0b:e9:08:a9:c5:d5:a0:fb:f3:9a:aa:98:a5:74:37:49:ad:9f
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 87:e3:bf:32:24:27:c1:40:5d:27:36:c3:81:e0:1d:1a:71:d4:a0:39
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid da:ed:64:74:14:9c:14:3c:ab:dd:99:a9:bd:5b:28:4d:8b:3c:c9:d8
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid ab:76:88:f4:e5:e1:38:c9:e9:50:17cd:b3:18:17:b3:3e:8c:f5
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid b3:86:36:7d:bc:e5:f8:4e:e2:8c:15:37:81:b2:1d:f5:3d:2c:15:cd
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 64:1d:f8:d5:0e:23:31:c2:29:b2:50:cb:32:f5:6d:f5:5c:8e:00:fa
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 7c:32:d4:85:fd:89:0a:66:b5:97:ce:86:f4:d5:26:a9:21:07:e8:3e
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for "CN=internal-ca, ST=Utah, L=EagleMountain, O=HudNet"
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid f9:27:b6:1b:0a:37:f3:c3:1a:fa:17:ec:2d:46:17:16:12:9d:0c:0e
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 88:a9:5a:ef:c0:84:fc:13:74:41:6b:b1:63:32:c2:cf:92:59:bb:3b
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 7d:0b:0a:bb:79:98:02:5f:aa:69:a0:99:87:76:31:f0:89:fc:0b:15
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a943:bc:02:7d:57:09:33:fb
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid c8:32:93:8d:d8:69:21:f1:31:b9:17:43:81:ce:91:d9:59:49:18:b6
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 6a:47:a2:67:c9:2e:2f:19:68:8b:9b:86:61:66:95:ed:c1:2c:13:00
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 5c:b8:69:fe:8d:ef:c1:ed:66:27:ee:b2:12:0f:72:1b:b8:0a:0e:04
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 6e:58:4e:33:75:bd:57:f6:d5:42:1b:16:01:c2:d8:c0:f5:3a:9f:6e
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 23:f9:77:3f:35:bb:67:19:cc:d4:d0:d2:02:f3:a7:9c:6b:59:72:54
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:883b:15
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4
Jun 7 09:33:45 charon 67324 11[IKE] <78> received cert request for unknown ca with keyid 61:d8:54:e0:49:87:0e:5b:f2:2a:df:60:c6:9f:3b:43:22:b4:5a:66
Jun 7 09:33:45 charon 67324 11[ENC] <78> parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
Jun 7 09:33:45 charon 67324 11[ENC] <78> received fragment #3 of 4, reassembled fragmented IKE message (1664 bytes)
Jun 7 09:33:45 charon 67324 11[ENC] <78> parsed IKE_AUTH request 1 [ EF(3/4) ]
Jun 7 09:33:45 charon 67324 11[NET] <78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (580 bytes)
Jun 7 09:33:45 charon 67324 10[ENC] <78> received fragment #4 of 4, waiting for complete IKE message
Jun 7 09:33:45 charon 67324 10[ENC] <78> parsed IKE_AUTH request 1 [ EF(4/4) ]
Jun 7 09:33:45 charon 67324 10[NET] <78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (180 bytes)
Jun 7 09:33:45 charon 67324 06[ENC] <78> received fragment #2 of 4, waiting for complete IKE message
Jun 7 09:33:45 charon 67324 06[ENC] <78> parsed IKE_AUTH request 1 [ EF(2/4) ]
Jun 7 09:33:45 charon 67324 06[NET] <78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (580 bytes)
Jun 7 09:33:45 charon 67324 06[ENC] <78> received duplicate fragment #1
Jun 7 09:33:45 charon 67324 06[ENC] <78> parsed IKE_AUTH request 1 [ EF(1/4) ]
Jun 7 09:33:45 charon 67324 06[NET] <78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (580 bytes)
Jun 7 09:33:44 charon 67324 06[ENC] <78> received fragment #1 of 4, waiting for complete IKE message
Jun 7 09:33:44 charon 67324 06[ENC] <78> parsed IKE_AUTH request 1 [ EF(1/4) ]
Jun 7 09:33:44 charon 67324 06[NET] <78> received packet: from 172.30.222.172[4500] to 23.169.65.208[4500] (580 bytes)
Jun 7 09:33:44 charon 67324 06[NET] <78> sending packet: from 23.169.65.208[500] to 172.30.222.172[500] (501 bytes) -
Jun 7 09:33:44 charon 67324 06[ENC] <78> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
Jun 7 09:33:44 charon 67324 06[IKE] <78> sending cert request for "CN=internal-ca, ST=Utah, L=EagleMountain, O=HudNet"
Jun 7 09:33:44 charon 67324 06[IKE] <78> sending cert request for "CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet"
Jun 7 09:33:44 charon 67324 06[CFG] <78> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Jun 7 09:33:44 charon 67324 06[CFG] <78> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Jun 7 09:33:44 charon 67324 06[CFG] <78> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048
Jun 7 09:33:44 charon 67324 06[CFG] <78> proposal matches
Jun 7 09:33:44 charon 67324 06[CFG] <78> selecting proposal:
Jun 7 09:33:44 charon 67324 06[CFG] <78> no acceptable INTEGRITY_ALGORITHM found
Jun 7 09:33:44 charon 67324 06[CFG] <78> selecting proposal:
Jun 7 09:33:44 charon 67324 06[IKE] <78> IKE_SA (unnamed)[78] state change: CREATED => CONNECTING
Jun 7 09:33:44 charon 67324 06[IKE] <78> 172.30.222.172 is initiating an IKE_SA
Jun 7 09:33:44 charon 67324 06[ENC] <78> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Jun 7 09:33:44 charon 67324 06[IKE] <78> received Vid-Initial-Contact vendor ID
Jun 7 09:33:44 charon 67324 06[IKE] <78> received MS-Negotiation Discovery Capable vendor ID
Jun 7 09:33:44 charon 67324 06[IKE] <78> received MS NT5 ISAKMPOAKLEY v9 vendor ID
Jun 7 09:33:44 charon 67324 06[CFG] <78> found matching ike config: 23.169.65.208...0.0.0.0/0, ::/0 with prio 1052
Jun 7 09:33:44 charon 67324 06[CFG] <78> candidate: 23.169.65.208...0.0.0.0/0, ::/0, prio 1052
Jun 7 09:33:44 charon 67324 06[CFG] <78> looking for an IKEv2 config for 23.169.65.208...172.30.222.172
Jun 7 09:33:44 charon 67324 06[ENC] <78> parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Jun 7 09:33:44 charon 67324 06[NET] <78> received packet: from 172.30.222.172[500] to 23.169.65.208[500] (632 bytes)
Jun 7 09:28:56 charon 67324 06[CFG] vici client 40 disconnected
Jun 7 09:28:56 charon 67324 06[CFG] updated vici connection: con-mobile
Jun 7 09:28:56 charon 67324 06[CFG] id = %any
Jun 7 09:28:56 charon 67324 06[CFG] eap_id = %any
Jun 7 09:28:56 charon 67324 06[CFG] class = EAP
Jun 7 09:28:56 charon 67324 06[CFG] eap-type = EAP_MSCHAPV2
Jun 7 09:28:56 charon 67324 06[CFG] remote:
Jun 7 09:28:56 charon 67324 06[CFG] cert = CN=sgthudsonkj.ddns.net, C=US, ST=Utah, L=EagleMountain, O=HudNet
Jun 7 09:28:56 charon 67324 06[CFG] id = sgthudsonkj.ddns.net
Jun 7 09:28:56 charon 67324 06[CFG] class = public key
Jun 7 09:28:56 charon 67324 06[CFG] local:
Jun 7 09:28:56 charon 67324 06[CFG] if_id_out = 0
Jun 7 09:28:56 charon 67324 06[CFG] if_id_in = 0
Jun 7 09:28:56 charon 67324 06[CFG] proposals = IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Jun 7 09:28:56 charon 67324 06[CFG] rand_time = 2880
Jun 7 09:28:56 charon 67324 06[CFG] over_time = 2880
Jun 7 09:28:56 charon 67324 06[CFG] rekey_time = 25920
Jun 7 09:28:56 charon 67324 06[CFG] reauth_time = 0
Jun 7 09:28:56 charon 67324 06[CFG] keyingtries = 1
Jun 7 09:28:56 charon 67324 06[CFG] unique = UNIQUE_REPLACE
Jun 7 09:28:56 charon 67324 06[CFG] childless = 0
Jun 7 09:28:56 charon 67324 06[CFG] fragmentation = 2
Jun 7 09:28:56 charon 67324 06[CFG] dpd_timeout = 60
Jun 7 09:28:56 charon 67324 06[CFG] dpd_delay = 10
Jun 7 09:28:56 charon 67324 06[CFG] encap = 0
Jun 7 09:28:56 charon 67324 06[CFG] dscp = 0x00
Jun 7 09:28:56 charon 67324 06[CFG] aggressive = 0
Jun 7 09:28:56 charon 67324 06[CFG] mobike = 1
Jun 7 09:28:56 charon 67324 06[CFG] ppk_required = 0
Jun 7 09:28:56 charon 67324 06[CFG] ppk_id = (null)
Jun 7 09:28:56 charon 67324 06[CFG] send_cert = CERT_ALWAYS_SEND
Jun 7 09:28:56 charon 67324 06[CFG] send_certreq = 1
Jun 7 09:28:56 charon 67324 06[CFG] remote_port = 500
Jun 7 09:28:56 charon 67324 06[CFG] local_port = 500
Jun 7 09:28:56 charon 67324 06[CFG] remote_addrs = 0.0.0.0/0, ::/0
Jun 7 09:28:56 charon 67324 06[CFG] local_addrs = 23.169.65.208
Jun 7 09:28:56 charon 67324 06[CFG] version = 2
Jun 7 09:28:56 charon 67324 06[CFG] copy_dscp = out
Jun 7 09:28:56 charon 67324 06[CFG] copy_ecn = 1
Jun 7 09:28:56 charon 67324 06[CFG] copy_df = 1
Jun 7 09:28:56 charon 67324 06[CFG] sha256_96 = 0
Jun 7 09:28:56 charon 67324 06[CFG] hw_offload = no
Jun 7 09:28:56 charon 67324 06[CFG] remote_ts = dynamic
Jun 7 09:28:56 charon 67324 06[CFG] local_ts = 0.0.0.0/0|/0
Jun 7 09:28:56 charon 67324 06[CFG] proposals = ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Jun 7 09:28:56 charon 67324 06[CFG] inactivity = 0
Jun 7 09:28:56 charon 67324 06[CFG] set_mark_out = 0/0
Jun 7 09:28:56 charon 67324 06[CFG] set_mark_in = 0/0
Jun 7 09:28:56 charon 67324 06[CFG] mark_out = 0/0
Jun 7 09:28:56 charon 67324 06[CFG] mark_in_sa = 0
Jun 7 09:28:56 charon 67324 06[CFG] mark_in = 0/0
Jun 7 09:28:56 charon 67324 06[CFG] if_id_out = 0
Jun 7 09:28:56 charon 67324 06[CFG] if_id_in = 0
Jun 7 09:28:56 charon 67324 06[CFG] interface = (null)
Jun 7 09:28:56 charon 67324 06[CFG] priority = 0
Jun 7 09:28:56 charon 67324 06[CFG] tfc = 0
Jun 7 09:28:56 charon 67324 06[CFG] reqid = 0
Jun 7 09:28:56 charon 67324 06[CFG] close_action = clear
Jun 7 09:28:56 charon 67324 06[CFG] start_action = clear
Jun 7 09:28:56 charon 67324 06[CFG] dpd_action = clear
Jun 7 09:28:56 charon 67324 06[CFG] policies_fwd_out = 0
Jun 7 09:28:56 charon 67324 06[CFG] policies = 1
Jun 7 09:28:56 charon 67324 06[CFG] mode = TUNNEL
Jun 7 09:28:56 charon 67324 06[CFG] ipcomp = 0
Jun 7 09:28:56 charon 67324 06[CFG] hostaccess = 0
Jun 7 09:28:56 charon 67324 06[CFG] updown = (null)
Jun 7 09:28:56 charon 67324 06[CFG] rand_packets = 0
Jun 7 09:28:56 charon 67324 06[CFG] life_packets = 0
Jun 7 09:28:56 charon 67324 06[CFG] rekey_packets = 0
Jun 7 09:28:56 charon 67324 06[CFG] rand_bytes = 0
Jun 7 09:28:56 charon 67324 06[CFG] life_bytes = 0
Jun 7 09:28:56 charon 67324 06[CFG] rekey_bytes = 0
Jun 7 09:28:56 charon 67324 06[CFG] rand_time = 360
Jun 7 09:28:56 charon 67324 06[CFG] life_time = 3600
Jun 7 09:28:56 charon 67324 06[CFG] rekey_time = 3240
Jun 7 09:28:56 charon 67324 06[CFG] child con-mobile:
Jun 7 09:28:56 charon 67324 06[CFG] conn con-mobile:
Jun 7 09:28:56 charon 67324 06[CFG] vici client 40 requests: load-conn
Jun 7 09:28:56 charon 67324 06[CFG] updated vici connection: bypass
Jun 7 09:28:56 charon 67324 06[CFG] remote:
Jun 7 09:28:56 charon 67324 06[CFG] local:
Jun 7 09:28:56 charon 67324 06[CFG] if_id_out = 0
Jun 7 09:28:56 charon 67324 06[CFG] if_id_in = 0
Jun 7 09:28:56 charon 67324 06[CFG] proposals = IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Jun 7 09:28:56 charon 67324 06[CFG] rand_time = 1440
Jun 7 09:28:56 charon 67324 06[CFG] over_time = 1440
Jun 7 09:28:56 charon 67324 06[CFG] rekey_time = 14400
Jun 7 09:28:56 charon 67324 06[CFG] reauth_time = 0
Jun 7 09:28:56 charon 67324 06[CFG] keyingtries = 1
Jun 7 09:28:56 charon 67324 06[CFG] unique = UNIQUE_NO
Jun 7 09:28:56 charon 67324 06[CFG] childless = 0
Jun 7 09:28:56 charon 67324 06[CFG] fragmentation = 2
Jun 7 09:28:56 charon 67324 06[CFG] dpd_timeout = 0
Jun 7 09:28:56 charon 67324 06[CFG] dpd_delay = 0
Jun 7 09:28:56 charon 67324 06[CFG] encap = 0
Jun 7 09:28:56 charon 67324 06[CFG] dscp = 0x00
Jun 7 09:28:56 charon 67324 06[CFG] aggressive = 0
Jun 7 09:28:56 charon 67324 06[CFG] mobike = 1
Jun 7 09:28:56 charon 67324 06[CFG] ppk_required = 0
Jun 7 09:28:56 charon 67324 06[CFG] ppk_id = (null)
Jun 7 09:28:56 charon 67324 06[CFG] send_cert = CERT_SEND_IF_ASKED
Jun 7 09:28:56 charon 67324 06[CFG] send_certreq = 1
Jun 7 09:28:56 charon 67324 06[CFG] remote_port = 500
Jun 7 09:28:56 charon 67324 06[CFG] local_port = 500
Jun 7 09:28:56 charon 67324 06[CFG] remote_addrs = 127.0.0.1
Jun 7 09:28:56 charon 67324 06[CFG] local_addrs = %any
Jun 7 09:28:56 charon 67324 06[CFG] version = 0
Jun 7 09:28:56 charon 67324 06[CFG] copy_dscp = out
Jun 7 09:28:56 charon 67324 06[CFG] copy_ecn = 1
Jun 7 09:28:56 charon 67324 06[CFG] copy_df = 1
Jun 7 09:28:56 charon 67324 06[CFG] sha256_96 = 0
Jun 7 09:28:56 charon 67324 06[CFG] hw_offload = no
Jun 7 09:28:56 charon 67324 06[CFG] remote_ts = 172.30.222.0/24|/0
Jun 7 09:28:56 charon 67324 06[CFG] local_ts = 172.30.222.0/24|/0
Jun 7 09:28:56 charon 67324 06[CFG] proposals = ESP:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ
Jun 7 09:28:56 charon 67324 06[CFG] inactivity = 0
Jun 7 09:28:56 charon 67324 06[CFG] set_mark_out = 0/0
Jun 7 09:28:56 charon 67324 06[CFG] set_mark_in = 0/0
Jun 7 09:28:56 charon 67324 06[CFG] mark_out = 0/0
Jun 7 09:28:56 charon 67324 06[CFG] mark_in_sa = 0
Jun 7 09:28:56 charon 67324 06[CFG] mark_in = 0/0
Jun 7 09:28:56 charon 67324 06[CFG] if_id_out = 0
Jun 7 09:28:56 charon 67324 06[CFG] if_id_in = 0
Jun 7 09:28:56 charon 67324 06[CFG] interface = (null)
Jun 7 09:28:56 charon 67324 06[CFG] priority = 0
Jun 7 09:28:56 charon 67324 06[CFG] tfc = 0
Jun 7 09:28:56 charon 67324 06[CFG] reqid = 0
Jun 7 09:28:56 charon 67324 06[CFG] close_action = clear
Jun 7 09:28:56 charon 67324 06[CFG] start_action = hold
Jun 7 09:28:56 charon 67324 06[CFG] dpd_action = clear
Jun 7 09:28:56 charon 67324 06[CFG] policies_fwd_out = 0
Jun 7 09:28:56 charon 67324 06[CFG] policies = 1 -
@ssghudsonkj There is still the mismatch in the phase2 proposal
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> failed to establish CHILD_SA, keeping IKE_SA
Jun 7 09:33:46 charon 67324 11[IKE] <con-mobile|78> no acceptable proposal found
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_192/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Jun 7 09:33:46 charon 67324 11[CFG] <con-mobile|78> received proposals: ESP:AES_CBC_256/NO_EXT_SEQThe problem is that there is no integrety algorithm in the received proposal.
In the guide you mentioned it says for phase2 (QM)
QM: AES256-SHA1(HMAC)
I would interprete this as AES256/HMAC_SHA1 but this is not what was sent.
I don't know much about the configuration of IPsec on Windows.
Maybe you find another guide.Kind regards,
Mathias -
@mamawe the guides I used to set up the firewall and the windows client were both from the netgate website. This other guide Iโm using was based on what you said to try and troubleshoot this issue. My phone connects just fine to the firewall. My laptop does not.