IPsec Log.csv - pfSense - pfSense bugtracker

Bug #15155 » IPsec Log.csv

Andrew Almond, 01/11/2024 01:18 AM

 /10/2024 15:25,charon,28746,06[CHD] <con-mobile|186417> CHILD_SA con-mobile{264358} state change: INSTALLING => INSTALLED
 /10/2024 15:25,charon,28746,06[IKE] <con-mobile|186417> CHILD_SA con-mobile{264358} established with SPIs c078fa2f_i 2ef2c6ce_o and TS 10.0.100.0/24|/0 10.1.1.0/24|/0 10.2.3.0/24|/0 10.6.1.0/24|/0 10.20.13.12/32|/0 10.20.20.0/24|/0 192.168.19.0/24|/0 192.168.75.0/24|/0 === 10.9.0.150/32|/0
 /10/2024 15:25,charon,28746,"06[CHD] <con-mobile|186417> SPI 0x2ef2c6ce, src <<firewall>> dst <<client>>"
 /10/2024 15:25,charon,28746,06[CHD] <con-mobile|186417> adding outbound ESP SA
 /10/2024 15:25,charon,28746,"06[CHD] <con-mobile|186417> SPI 0xc078fa2f, src <<client>> dst <<firewall>>"
 /10/2024 15:25,charon,28746,06[CHD] <con-mobile|186417> adding inbound ESP SA
 /10/2024 15:25,charon,28746,06[CHD] <con-mobile|186417> using HMAC_SHA2_256_128 for integrity
 /10/2024 15:25,charon,28746,06[CHD] <con-mobile|186417> using AES_CBC for encryption
 /10/2024 15:25,charon,28746,06[CHD] <con-mobile|186417> CHILD_SA con-mobile{264358} state change: CREATED => INSTALLING
 /10/2024 15:25,charon,28746,06[CFG] <con-mobile|186417> selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
 /10/2024 15:25,charon,28746,05[IKE] <con-mobile|186417> nothing to initiate
 /10/2024 15:25,charon,28746,05[IKE] <con-mobile|186417> activating new tasks
 /10/2024 15:25,charon,28746,05[CHD] <con-mobile|186417> CHILD_SA con-mobile{264356} state change: DELETED => DESTROYING
 /10/2024 15:25,charon,28746,05[CHD] <con-mobile|186417> CHILD_SA con-mobile{264356} state change: DELETING => DELETED
 /10/2024 15:25,charon,28746,05[IKE] <con-mobile|186417> CHILD_SA closed
 /10/2024 15:25,charon,28746,05[IKE] <con-mobile|186417> received DELETE for ESP CHILD_SA with SPI 560d3b7c
 /10/2024 15:25,charon,28746,05[CHD] <con-mobile|186417> CHILD_SA con-mobile{264356} state change: INSTALLED => DELETING
 /10/2024 15:25,charon,28746,05[IKE] <con-mobile|186417> sending DELETE for ESP CHILD_SA with SPI c4f7f66d
 /10/2024 15:25,charon,28746,05[IKE] <con-mobile|186417> closing CHILD_SA con-mobile{264356} with SPIs c4f7f66d_i (5838 bytes) 560d3b7c_o (11756 bytes) and TS 10.0.100.0/24|/0 10.1.1.0/24|/0 10.2.3.0/24|/0 10.6.1.0/24|/0 10.20.13.12/32|/0 10.20.20.0/24|/0 192.168.19.0/24|/0 192.168.75.0/24|/0 === 10.9.0.150/32|/0
 /10/2024 15:25,charon,28746,05[IKE] <con-mobile|186417> activating CHILD_DELETE task
 /10/2024 15:25,charon,28746,05[IKE] <con-mobile|186417> activating new tasks
 /10/2024 15:25,charon,28746,05[IKE] <con-mobile|186417> queueing CHILD_DELETE task
 /10/2024 15:23,charon,28746,13[CHD] <con-mobile|186417> CHILD_SA con-mobile{264356} state change: INSTALLING => INSTALLED
 /10/2024 15:23,charon,28746,13[IKE] <con-mobile|186417> CHILD_SA con-mobile{264356} established with SPIs c4f7f66d_i 560d3b7c_o and TS 10.0.100.0/24|/0 10.1.1.0/24|/0 10.2.3.0/24|/0 10.6.1.0/24|/0 10.20.13.12/32|/0 10.20.20.0/24|/0 192.168.19.0/24|/0 192.168.75.0/24|/0 === 10.9.0.150/32|/0
 /10/2024 15:23,charon,28746,"13[CHD] <con-mobile|186417> SPI 0x560d3b7c, src <<firewall>> dst <<client>>"
 /10/2024 15:23,charon,28746,13[CHD] <con-mobile|186417> adding outbound ESP SA
 /10/2024 15:23,charon,28746,"13[CHD] <con-mobile|186417> SPI 0xc4f7f66d, src <<client>> dst <<firewall>>"
 /10/2024 15:23,charon,28746,13[CHD] <con-mobile|186417> adding inbound ESP SA
 /10/2024 15:23,charon,28746,13[CHD] <con-mobile|186417> using HMAC_SHA2_256_128 for integrity
 /10/2024 15:23,charon,28746,13[CHD] <con-mobile|186417> using AES_CBC for encryption
 /10/2024 15:23,charon,28746,13[CHD] <con-mobile|186417> CHILD_SA con-mobile{264356} state change: CREATED => INSTALLING
 /10/2024 15:23,charon,28746,13[CFG] <con-mobile|186417> selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
 /10/2024 15:23,charon,28746,05[IKE] <con-mobile|186417> nothing to initiate
 /10/2024 15:23,charon,28746,05[IKE] <con-mobile|186417> activating new tasks
 /10/2024 15:23,charon,28746,05[CHD] <con-mobile|186417> CHILD_SA con-mobile{264323} state change: DELETED => DESTROYING
 /10/2024 15:23,charon,28746,05[CHD] <con-mobile|186417> CHILD_SA con-mobile{264323} state change: DELETING => DELETED
 /10/2024 15:23,charon,28746,05[IKE] <con-mobile|186417> CHILD_SA closed
 /10/2024 15:23,charon,28746,05[IKE] <con-mobile|186417> received DELETE for ESP CHILD_SA with SPI d338a6ce
 /10/2024 15:23,charon,28746,10[CHD] <con-mobile|186417> CHILD_SA con-mobile{264323} state change: INSTALLED => DELETING
 /10/2024 15:23,charon,28746,10[IKE] <con-mobile|186417> sending DELETE for ESP CHILD_SA with SPI c8363326
 /10/2024 15:23,charon,28746,10[IKE] <con-mobile|186417> closing CHILD_SA con-mobile{264323} with SPIs c8363326_i (140022 bytes) d338a6ce_o (281964 bytes) and TS 10.0.100.0/24|/0 10.1.1.0/24|/0 10.2.3.0/24|/0 10.6.1.0/24|/0 10.20.13.12/32|/0 10.20.20.0/24|/0 192.168.19.0/24|/0 192.168.75.0/24|/0 === 10.9.0.150/32|/0
 /10/2024 15:23,charon,28746,10[IKE] <con-mobile|186417> activating CHILD_DELETE task
 /10/2024 15:23,charon,28746,10[IKE] <con-mobile|186417> activating new tasks
 /10/2024 15:23,charon,28746,10[IKE] <con-mobile|186417> queueing CHILD_DELETE task
 /10/2024 14:43,charon,28746,11[IKE] <con-mobile|186417> outbound CHILD_SA con-mobile{264323} established with SPIs c8363326_i d338a6ce_o and TS 10.0.100.0/24|/0 10.1.1.0/24|/0 10.2.3.0/24|/0 10.6.1.0/24|/0 10.20.13.12/32|/0 10.20.20.0/24|/0 192.168.19.0/24|/0 192.168.75.0/24|/0 === 10.9.0.150/32|/0
 /10/2024 14:43,charon,28746,11[IKE] <con-mobile|186417> CHILD_SA closed
 /10/2024 14:43,charon,28746,11[IKE] <con-mobile|186417> sending DELETE for ESP CHILD_SA with SPI c40d9832
 /10/2024 14:43,charon,28746,11[IKE] <con-mobile|186417> closing CHILD_SA con-mobile{264270} with SPIs c40d9832_i (236940 bytes) 86b95cfa_o (549736 bytes) and TS 10.0.100.0/24|/0 10.1.1.0/24|/0 10.2.3.0/24|/0 10.6.1.0/24|/0 10.20.13.12/32|/0 10.20.20.0/24|/0 192.168.19.0/24|/0 192.168.75.0/24|/0 === 10.9.0.150/32|/0
 /10/2024 14:43,charon,28746,11[IKE] <con-mobile|186417> received DELETE for ESP CHILD_SA with SPI 86b95cfa
 /10/2024 14:43,charon,28746,11[IKE] <con-mobile|186417> inbound CHILD_SA con-mobile{264323} established with SPIs c8363326_i d338a6ce_o and TS 10.0.100.0/24|/0 10.1.1.0/24|/0 10.2.3.0/24|/0 10.6.1.0/24|/0 10.20.13.12/32|/0 10.20.20.0/24|/0 192.168.19.0/24|/0 192.168.75.0/24|/0 === 10.9.0.150/32|/0
 /10/2024 14:43,charon,28746,11[CFG] <con-mobile|186417> selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
 /10/2024 13:47,charon,28746,05[IKE] <con-mobile|186417> outbound CHILD_SA con-mobile{264270} established with SPIs c40d9832_i 86b95cfa_o and TS 10.0.100.0/24|/0 10.1.1.0/24|/0 10.2.3.0/24|/0 10.6.1.0/24|/0 10.20.13.12/32|/0 10.20.20.0/24|/0 192.168.19.0/24|/0 192.168.75.0/24|/0 === 10.9.0.150/32|/0
 /10/2024 13:47,charon,28746,05[IKE] <con-mobile|186417> CHILD_SA closed
 /10/2024 13:47,charon,28746,05[IKE] <con-mobile|186417> sending DELETE for ESP CHILD_SA with SPI c9146656
 /10/2024 13:47,charon,28746,05[IKE] <con-mobile|186417> closing CHILD_SA con-mobile{264209} with SPIs c9146656_i (547809 bytes) 131849fc_o (4926612 bytes) and TS 10.0.100.0/24|/0 10.1.1.0/24|/0 10.2.3.0/24|/0 10.6.1.0/24|/0 10.20.13.12/32|/0 10.20.20.0/24|/0 192.168.19.0/24|/0 192.168.75.0/24|/0 === 10.9.0.150/32|/0
 /10/2024 13:47,charon,28746,05[IKE] <con-mobile|186417> received DELETE for ESP CHILD_SA with SPI 131849fc
 /10/2024 13:47,charon,28746,05[IKE] <con-mobile|186417> inbound CHILD_SA con-mobile{264270} established with SPIs c40d9832_i 86b95cfa_o and TS 10.0.100.0/24|/0 10.1.1.0/24|/0 10.2.3.0/24|/0 10.6.1.0/24|/0 10.20.13.12/32|/0 10.20.20.0/24|/0 192.168.19.0/24|/0 192.168.75.0/24|/0 === 10.9.0.150/32|/0
 /10/2024 13:47,charon,28746,05[CFG] <con-mobile|186417> selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/MODP_1024/NO_EXT_SEQ
 /10/2024 12:55,charon,28746,05[IKE] <con-mobile|186417> sending DPD request
 /10/2024 12:54,charon,28746,10[IKE] <con-mobile|186417> sending DPD request
 /10/2024 12:54,charon,28746,09[IKE] <con-mobile|186417> sending DPD request
 /10/2024 12:53,charon,28746,11[IKE] <con-mobile|186417> sending DPD request
 /10/2024 12:53,charon,28746,01[IKE] <con-mobile|186417> sending DPD request
 /10/2024 12:52,charon,28746,09[IKE] <con-mobile|186417> sending DPD request
 /10/2024 12:52,charon,28746,01[IKE] <con-mobile|186417> sending DPD request
 /10/2024 12:51,charon,28746,07[IKE] <con-mobile|186417> CHILD_SA con-mobile{264209} established with SPIs c9146656_i 131849fc_o and TS 10.0.100.0/24|/0 10.1.1.0/24|/0 10.2.3.0/24|/0 10.6.1.0/24|/0 10.20.13.12/32|/0 10.20.20.0/24|/0 192.168.19.0/24|/0 192.168.75.0/24|/0 === 10.9.0.150/32|/0
 /10/2024 12:51,charon,28746,07[CFG] <con-mobile|186417> selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
 /10/2024 12:51,charon,28746,07[IKE] <con-mobile|186417> IKE_SA con-mobile[186417] established between <<firewall>>[<<fqdn>>]...<<client>>[192.168.1.136]
 /10/2024 12:51,charon,28746,07[IKE] <con-mobile|186417> no virtual IP found for %any6 requested by '<<user>>'
 /10/2024 12:51,charon,28746,07[IKE] <con-mobile|186417> peer requested virtual IP %any6
 /10/2024 12:51,charon,28746,07[IKE] <con-mobile|186417> assigning virtual IP 10.9.0.150 to peer '<<user>>'
 /10/2024 12:51,charon,28746,07[CFG] <con-mobile|186417> assigning new lease to '<<user>>'
 /10/2024 12:51,charon,28746,07[IKE] <con-mobile|186417> peer requested virtual IP %any
 /10/2024 12:51,charon,28746,07[IKE] <con-mobile|186417> authentication of '<<fqdn>>' (myself) with EAP
 /10/2024 12:51,charon,28746,07[IKE] <con-mobile|186417> authentication of '192.168.1.136' with EAP successful
 /10/2024 12:51,charon,28746,"01[IKE] <con-mobile|186417> EAP method EAP_MSCHAPV2 succeeded, MSK established"
 /10/2024 12:51,charon,28746,01[IKE] <con-mobile|186417> RADIUS authentication of '<<user>>' successful
 /10/2024 12:51,charon,28746,01[CFG] <con-mobile|186417> received group membership 'Netgate_VPN' from RADIUS
 /10/2024 12:51,charon,28746,01[CFG] <con-mobile|186417> received RADIUS Access-Accept from server 'dc1_radius'
 /10/2024 12:51,charon,28746,01[CFG] <con-mobile|186417> sending RADIUS Access-Request to server 'dc1_radius'
 /10/2024 12:51,charon,28746,01[CFG] <con-mobile|186417> received RADIUS Access-Challenge from server 'dc1_radius'
 /10/2024 12:51,charon,28746,01[CFG] <con-mobile|186417> sending RADIUS Access-Request to server 'dc1_radius'
 /10/2024 12:51,charon,28746,01[IKE] <con-mobile|186417> initiating EAP_MSCHAPV2 method (id 0x01)
 /10/2024 12:51,charon,28746,01[CFG] <con-mobile|186417> received RADIUS Access-Challenge from server 'dc1_radius'
 /10/2024 12:51,charon,28746,01[CFG] <con-mobile|186417> sending RADIUS Access-Request to server 'dc1_radius'
 /10/2024 12:51,charon,28746,01[IKE] <con-mobile|186417> received EAP identity '<<user>>'
 /10/2024 12:51,charon,28746,"01[IKE] <con-mobile|186417> sending end entity cert ""CN=<<fqdn>>, C=CA"""
 /10/2024 12:51,charon,28746,01[IKE] <con-mobile|186417> authentication of '<<fqdn>>' (myself) with RSA signature successful
 /10/2024 12:51,charon,28746,01[IKE] <con-mobile|186417> peer supports MOBIKE
 /10/2024 12:51,charon,28746,01[IKE] <con-mobile|186417> initiating EAP_IDENTITY method (id 0x00)
 /10/2024 12:51,charon,28746,01[CFG] <con-mobile|186417> selected peer config 'con-mobile'
 /10/2024 12:51,charon,28746,01[CFG] <186417> looking for peer configs matching <<firewall>>[%any]...<<client>>[192.168.1.136]
 /10/2024 12:51,charon,28746,01[IKE] <186417> received 70 cert requests for an unknown ca
 /10/2024 12:51,charon,28746,"01[IKE] <186417> received cert request for ""CN=internal-ca"""
 /10/2024 12:51,charon,28746,"11[IKE] <186417> sending cert request for ""CN=internal-ca"""
 /10/2024 12:51,charon,28746,11[IKE] <186417> remote host is behind NAT
 /10/2024 12:51,charon,28746,11[CFG] <186417> selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024
 /10/2024 12:51,charon,28746,11[IKE] <186417> <<client>> is initiating an IKE_SA
 /10/2024 12:51,charon,28746,11[IKE] <186417> received Vid-Initial-Contact vendor ID
 /10/2024 12:51,charon,28746,11[IKE] <186417> received MS-Negotiation Discovery Capable vendor ID
 /10/2024 12:51,charon,28746,11[IKE] <186417> received MS NT5 ISAKMPOAKLEY v9 vendor ID

(1-1/1)

Project

General

Profile

pfSense

Bug #15155 » IPsec Log.csv