StrongSwan ipsec logs2.txt - pfSense - pfSense bugtracker

Bug #4129 » StrongSwan ipsec logs2.txt

Logging from StrongSwan with 3 different tests - Pi Ba, 12/20/2014 05:16 PM

       IPSEC.1- VPN con12 Supports 'Cisco Unity', 3x P2 in rightsubnet works.
       IPSEC.2- VPN with 2 conn sections defined in ipsec.conf con7 & con14, to same site, same psk, same id's, different P2,reqid.. works
       IPSEC.3- VPN con7 fails for second host when only 1 conn section is defined.
       pfSense WAN-ip: 1.2.3.203
       Site1 ip: 2.3.4.22 (supports: Cisco Unity)
       Site1-P2: (con12) 10.10.0.144 /  10.10.0.145 /  10.10.0.146 << these 3 work ok
       Site2 ip: 3.4.5.58 (uses NAT-T)
       Site2-P2: (con7) 10.40.0.33 / 10.40.0.191  << only the first works
       Site2-P2: (con14) 10.40.0.67 << this does work
       ##############################################################################
       ### IPSEC.1- VPN con12 Supports 'Cisco Unity', 3x P2 in rightsubnet works. ###
       ##############################################################################
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 12[KNL] creating acquire job for policy 1.2.3.203/32|/0 === 2.3.4.22/32|/0 with reqid {12}
 -12-20 16:37:00	System0.Inf	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] <con12|9> initiating Main Mode IKE_SA con12[9] to 2.3.4.22
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] initiating Main Mode IKE_SA con12[9] to 2.3.4.22
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (200 bytes)
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (180 bytes)
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[ENC] parsed ID_PROT response 0 [ SA V V V V V ]
 -12-20 16:37:00	System0.Inf	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] <con12|9> received XAuth vendor ID
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] received XAuth vendor ID
 -12-20 16:37:00	System0.Inf	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] <con12|9> received Cisco Unity vendor ID
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] received Cisco Unity vendor ID
 -12-20 16:37:00	System0.Inf	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] <con12|9> received DPD vendor ID
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] received DPD vendor ID
 -12-20 16:37:00	System0.Inf	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] <con12|9> received FRAGMENTATION vendor ID
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] received FRAGMENTATION vendor ID
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[ENC] received unknown vendor ID: a9:b9:b1:03:4f:7e:50:a2:51:3b:47:b1:00:bb:85:a9
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[ENC] generating ID_PROT request 0 [ KE No ]
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (260 bytes)
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (244 bytes)
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[ENC] parsed ID_PROT response 0 [ KE No ]
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[ENC] generating ID_PROT request 0 [ ID HASH ]
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (76 bytes)
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (76 bytes)
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[ENC] parsed ID_PROT response 0 [ ID HASH ]
 -12-20 16:37:00	System0.Inf	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] <con12|9> IKE_SA con12[9] established between 1.2.3.203[1.2.3.203]...2.3.4.22[2.3.4.22]
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] IKE_SA con12[9] established between 1.2.3.203[1.2.3.203]...2.3.4.22[2.3.4.22]
 -12-20 16:37:00	System0.Inf	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] <con12|9> scheduling reauthentication in 27776s
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] scheduling reauthentication in 27776s
 -12-20 16:37:00	System0.Inf	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] <con12|9> maximum IKE_SA lifetime 28316s
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] maximum IKE_SA lifetime 28316s
       ## --P1 done--
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[ENC] generating QUICK_MODE request 3434393421 [ HASH SA No KE ID ID ]
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (380 bytes)
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (364 bytes)
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[ENC] parsed QUICK_MODE response 3434393421 [ HASH SA No KE ID ID ]
 -12-20 16:37:00	System0.Inf	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] <con12|9> CHILD_SA con12{12} established with SPIs c98b7a36_i ed19ad07_o and TS 192.168.8.0/24|/0 === 10.10.0.144/32|/0
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[IKE] CHILD_SA con12{12} established with SPIs c98b7a36_i ed19ad07_o and TS 192.168.8.0/24|/0 === 10.10.0.144/32|/0
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[ENC] generating QUICK_MODE request 3434393421 [ HASH ]
 -12-20 16:37:00	Daemon.Info	192.168.8.3	Dec 20 16:37:00 charon: 11[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (60 bytes)
       ## ping .144 works
 -12-20 16:37:28	Daemon.Info	192.168.8.3	Dec 20 16:37:27 charon: 12[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (364 bytes)
 -12-20 16:37:28	Daemon.Info	192.168.8.3	Dec 20 16:37:27 charon: 12[ENC] parsed QUICK_MODE request 2980998030 [ HASH SA No KE ID ID ]
 -12-20 16:37:28	Daemon.Info	192.168.8.3	Dec 20 16:37:27 charon: 12[ENC] generating QUICK_MODE response 2980998030 [ HASH SA No KE ID ID ]
 -12-20 16:37:28	Daemon.Info	192.168.8.3	Dec 20 16:37:27 charon: 12[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (380 bytes)
 -12-20 16:37:28	Daemon.Info	192.168.8.3	Dec 20 16:37:27 charon: 11[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (60 bytes)
 -12-20 16:37:28	Daemon.Info	192.168.8.3	Dec 20 16:37:27 charon: 11[ENC] parsed QUICK_MODE request 2980998030 [ HASH ]
 -12-20 16:37:28	System0.Inf	192.168.8.3	Dec 20 16:37:27 charon: 11[IKE] <con12|9> CHILD_SA con12{12} established with SPIs ced4e00c_i e3000bc3_o and TS 192.168.8.0/24|/0 === 10.10.0.145/32|/0
 -12-20 16:37:28	Daemon.Info	192.168.8.3	Dec 20 16:37:27 charon: 11[IKE] CHILD_SA con12{12} established with SPIs ced4e00c_i e3000bc3_o and TS 192.168.8.0/24|/0 === 10.10.0.145/32|/0
       ## ping .145 works
 -12-20 16:38:01	Daemon.Info	192.168.8.3	Dec 20 16:38:00 charon: 13[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (364 bytes)
 -12-20 16:38:01	Daemon.Info	192.168.8.3	Dec 20 16:38:00 charon: 13[ENC] parsed QUICK_MODE request 3538110311 [ HASH SA No KE ID ID ]
 -12-20 16:38:02	Daemon.Info	192.168.8.3	Dec 20 16:38:00 charon: 13[ENC] generating QUICK_MODE response 3538110311 [ HASH SA No KE ID ID ]
 -12-20 16:38:02	Daemon.Info	192.168.8.3	Dec 20 16:38:00 charon: 13[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (380 bytes)
 -12-20 16:38:02	Daemon.Info	192.168.8.3	Dec 20 16:38:00 charon: 13[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (60 bytes)
 -12-20 16:38:02	Daemon.Info	192.168.8.3	Dec 20 16:38:00 charon: 13[ENC] parsed QUICK_MODE request 3538110311 [ HASH ]
 -12-20 16:38:02	System0.Inf	192.168.8.3	Dec 20 16:38:00 charon: 13[IKE] <con12|9> CHILD_SA con12{12} established with SPIs cc49fc37_i d7dd63b3_o and TS 192.168.8.0/24|/0 === 10.10.0.146/32|/0
 -12-20 16:38:02	Daemon.Info	192.168.8.3	Dec 20 16:38:00 charon: 13[IKE] CHILD_SA con12{12} established with SPIs cc49fc37_i d7dd63b3_o and TS 192.168.8.0/24|/0 === 10.10.0.146/32|/0
       ## ping .146 works
       ##############################################################################
       ### IPSEC.2- VPN with 2 conn sections defined in ipsec.conf con7 & con14, to same site, same psk, same id's, different P2,reqid.. works ###
       ##############################################################################
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 09[KNL] creating acquire job for policy 1.2.3.203/32|/0 === 3.4.5.58/32|/0 with reqid {7}
 -12-20 16:31:43	System0.Inf	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] <con7|5> initiating Main Mode IKE_SA con7[5] to 3.4.5.58
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] initiating Main Mode IKE_SA con7[5] to 3.4.5.58
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[NET] sending packet: from 1.2.3.203[500] to 3.4.5.58[500] (204 bytes)
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[NET] received packet: from 3.4.5.58[500] to 1.2.3.203[500] (120 bytes)
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[ENC] parsed ID_PROT response 0 [ SA V V ]
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[ENC] received unknown vendor ID: 5b:36:2b:c8:20:f6:00:07
 -12-20 16:31:43	System0.Inf	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] <con7|5> received NAT-T (RFC 3947) vendor ID
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] received NAT-T (RFC 3947) vendor ID
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[NET] sending packet: from 1.2.3.203[500] to 3.4.5.58[500] (244 bytes)
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[NET] received packet: from 3.4.5.58[500] to 1.2.3.203[500] (276 bytes)
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[ENC] parsed ID_PROT response 0 [ KE NAT-D NAT-D No V V V ]
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[ENC] received unknown vendor ID: 40:4b:f4:39:52:2c:a3:f6
 -12-20 16:31:43	System0.Inf	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] <con7|5> received XAuth vendor ID
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] received XAuth vendor ID
 -12-20 16:31:43	System0.Inf	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] <con7|5> received DPD vendor ID
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] received DPD vendor ID
 -12-20 16:31:43	System0.Inf	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] <con7|5> local host is behind NAT, sending keep alives
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] local host is behind NAT, sending keep alives
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[ENC] generating ID_PROT request 0 [ ID HASH ]
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (76 bytes)
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[NET] received packet: from 3.4.5.58[4500] to 1.2.3.203[4500] (76 bytes)
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[ENC] parsed ID_PROT response 0 [ ID HASH ]
 -12-20 16:31:43	System0.Inf	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] <con7|5> IKE_SA con7[5] established between 1.2.3.203[1.2.3.203]...3.4.5.58[3.4.5.58]
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] IKE_SA con7[5] established between 1.2.3.203[1.2.3.203]...3.4.5.58[3.4.5.58]
 -12-20 16:31:43	System0.Inf	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] <con7|5> scheduling reauthentication in 85813s
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] scheduling reauthentication in 85813s
 -12-20 16:31:43	System0.Inf	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] <con7|5> maximum IKE_SA lifetime 86353s
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] maximum IKE_SA lifetime 86353s
       ## --P1 done--
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[ENC] generating QUICK_MODE request 1048692260 [ HASH SA No KE ID ID ]
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (316 bytes)
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[NET] received packet: from 3.4.5.58[4500] to 1.2.3.203[4500] (300 bytes)
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[ENC] parsed QUICK_MODE response 1048692260 [ HASH SA No KE ID ID ]
 -12-20 16:31:43	System0.Inf	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] <con7|5> CHILD_SA con7{7} established with SPIs c5bb0965_i 27ca498e_o and TS 192.168.8.0/24|/0 === 10.40.0.33/32|/0
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[IKE] CHILD_SA con7{7} established with SPIs c5bb0965_i 27ca498e_o and TS 192.168.8.0/24|/0 === 10.40.0.33/32|/0
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[ENC] generating QUICK_MODE request 1048692260 [ HASH ]
 -12-20 16:31:43	Daemon.Info	192.168.8.3	Dec 20 16:31:43 charon: 08[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (60 bytes)
       ## ping 10.40.0.33 works
 -12-20 16:32:29	Daemon.Info	192.168.8.3	Dec 20 16:32:29 charon: 08[KNL] creating acquire job for policy 1.2.3.203/32|/0 === 3.4.5.58/32|/0 with reqid {14}
 -12-20 16:32:29	Daemon.Info	192.168.8.3	Dec 20 16:32:29 charon: 06[ENC] generating QUICK_MODE request 539705231 [ HASH SA No KE ID ID ]
 -12-20 16:32:29	Daemon.Info	192.168.8.3	Dec 20 16:32:29 charon: 06[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (316 bytes)
 -12-20 16:32:29	Daemon.Info	192.168.8.3	Dec 20 16:32:29 charon: 06[NET] received packet: from 3.4.5.58[4500] to 1.2.3.203[4500] (300 bytes)
 -12-20 16:32:29	Daemon.Info	192.168.8.3	Dec 20 16:32:29 charon: 06[ENC] parsed QUICK_MODE response 539705231 [ HASH SA No KE ID ID ]
 -12-20 16:32:29	System0.Inf	192.168.8.3	Dec 20 16:32:29 charon: 06[IKE] <con7|5> CHILD_SA con14{14} established with SPIs cad306d2_i d8c3be7b_o and TS 192.168.8.0/24|/0 === 10.40.0.67/32|/0
 -12-20 16:32:29	Daemon.Info	192.168.8.3	Dec 20 16:32:29 charon: 06[IKE] CHILD_SA con14{14} established with SPIs cad306d2_i d8c3be7b_o and TS 192.168.8.0/24|/0 === 10.40.0.67/32|/0
 -12-20 16:32:29	Daemon.Info	192.168.8.3	Dec 20 16:32:29 charon: 06[ENC] generating QUICK_MODE request 539705231 [ HASH ]
 -12-20 16:32:29	Daemon.Info	192.168.8.3	Dec 20 16:32:29 charon: 06[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (60 bytes)
       ## ping 10.40.0.67 works
       ##############################################################################
       ### IPSEC.3- VPN con7 fails for second subnet when only 1 conn section is defined.
       ##############################################################################
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 13[KNL] creating acquire job for policy 1.2.3.203/32|/0 === 3.4.5.58/32|/0 with reqid {7}
 -12-20 23:50:42	System0.Inf	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] <con7|1> initiating Main Mode IKE_SA con7[1] to 3.4.5.58
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] initiating Main Mode IKE_SA con7[1] to 3.4.5.58
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[ENC] generating ID_PROT request 0 [ SA V V V V V V ]
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[NET] sending packet: from 1.2.3.203[500] to 3.4.5.58[500] (204 bytes)
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[NET] received packet: from 3.4.5.58[500] to 1.2.3.203[500] (120 bytes)
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[ENC] parsed ID_PROT response 0 [ SA V V ]
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[ENC] received unknown vendor ID: 5b:36:2b:c8:20:f6:00:07
 -12-20 23:50:42	System0.Inf	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] <con7|1> received NAT-T (RFC 3947) vendor ID
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] received NAT-T (RFC 3947) vendor ID
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[NET] sending packet: from 1.2.3.203[500] to 3.4.5.58[500] (244 bytes)
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[NET] received packet: from 3.4.5.58[500] to 1.2.3.203[500] (276 bytes)
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[ENC] parsed ID_PROT response 0 [ KE NAT-D NAT-D No V V V ]
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[ENC] received unknown vendor ID: 40:4b:f4:39:52:2c:a3:f6
 -12-20 23:50:42	System0.Inf	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] <con7|1> received XAuth vendor ID
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] received XAuth vendor ID
 -12-20 23:50:42	System0.Inf	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] <con7|1> received DPD vendor ID
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] received DPD vendor ID
 -12-20 23:50:42	System0.Inf	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] <con7|1> local host is behind NAT, sending keep alives
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] local host is behind NAT, sending keep alives
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[ENC] generating ID_PROT request 0 [ ID HASH ]
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (76 bytes)
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[NET] received packet: from 3.4.5.58[4500] to 1.2.3.203[4500] (76 bytes)
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[ENC] parsed ID_PROT response 0 [ ID HASH ]
 -12-20 23:50:42	System0.Inf	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] <con7|1> IKE_SA con7[1] established between 1.2.3.203[1.2.3.203]...3.4.5.58[3.4.5.58]
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] IKE_SA con7[1] established between 1.2.3.203[1.2.3.203]...3.4.5.58[3.4.5.58]
 -12-20 23:50:42	System0.Inf	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] <con7|1> scheduling reauthentication in 85510s
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] scheduling reauthentication in 85510s
 -12-20 23:50:42	System0.Inf	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] <con7|1> maximum IKE_SA lifetime 86050s
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] maximum IKE_SA lifetime 86050s
       ## --P1 done--
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[ENC] generating QUICK_MODE request 3177465872 [ HASH SA No KE ID ID ]
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (316 bytes)
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[NET] received packet: from 3.4.5.58[4500] to 1.2.3.203[4500] (108 bytes)
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[ENC] parsed INFORMATIONAL_V1 request 433438160 [ HASH N(NO_PROP) ]
 -12-20 23:50:42	System0.Inf	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] <con7|1> received NO_PROPOSAL_CHOSEN error notify
 -12-20 23:50:42	Daemon.Info	192.168.8.3	Dec 20 23:50:41 charon: 16[IKE] received NO_PROPOSAL_CHOSEN error notify
       ## fails to ping .191

(1-1/1)

Project

General

Profile

pfSense

Bug #4129 » StrongSwan ipsec logs2.txt