IPSEC.1- VPN con12 Supports 'Cisco Unity', 3x P2 in rightsubnet works. IPSEC.2- VPN with 2 conn sections defined in ipsec.conf con7 & con14, to same site, same psk, same id's, different P2,reqid.. works IPSEC.3- VPN con7 fails for second host when only 1 conn section is defined. pfSense WAN-ip: 1.2.3.203 Site1 ip: 2.3.4.22 (supports: Cisco Unity) Site1-P2: (con12) 10.10.0.144 / 10.10.0.145 / 10.10.0.146 << these 3 work ok Site2 ip: 3.4.5.58 (uses NAT-T) Site2-P2: (con7) 10.40.0.33 / 10.40.0.191 << only the first works Site2-P2: (con14) 10.40.0.67 << this does work ############################################################################## ### IPSEC.1- VPN con12 Supports 'Cisco Unity', 3x P2 in rightsubnet works. ### ############################################################################## 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 12[KNL] creating acquire job for policy 1.2.3.203/32|/0 === 2.3.4.22/32|/0 with reqid {12} 2014-12-20 16:37:00 System0.Inf 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] initiating Main Mode IKE_SA con12[9] to 2.3.4.22 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] initiating Main Mode IKE_SA con12[9] to 2.3.4.22 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[ENC] generating ID_PROT request 0 [ SA V V V V V V ] 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (200 bytes) 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (180 bytes) 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[ENC] parsed ID_PROT response 0 [ SA V V V V V ] 2014-12-20 16:37:00 System0.Inf 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] received XAuth vendor ID 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] received XAuth vendor ID 2014-12-20 16:37:00 System0.Inf 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] received Cisco Unity vendor ID 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] received Cisco Unity vendor ID 2014-12-20 16:37:00 System0.Inf 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] received DPD vendor ID 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] received DPD vendor ID 2014-12-20 16:37:00 System0.Inf 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] received FRAGMENTATION vendor ID 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] received FRAGMENTATION vendor ID 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[ENC] received unknown vendor ID: a9:b9:b1:03:4f:7e:50:a2:51:3b:47:b1:00:bb:85:a9 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[ENC] generating ID_PROT request 0 [ KE No ] 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (260 bytes) 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (244 bytes) 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[ENC] parsed ID_PROT response 0 [ KE No ] 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[ENC] generating ID_PROT request 0 [ ID HASH ] 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (76 bytes) 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (76 bytes) 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[ENC] parsed ID_PROT response 0 [ ID HASH ] 2014-12-20 16:37:00 System0.Inf 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] IKE_SA con12[9] established between 1.2.3.203[1.2.3.203]...2.3.4.22[2.3.4.22] 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] IKE_SA con12[9] established between 1.2.3.203[1.2.3.203]...2.3.4.22[2.3.4.22] 2014-12-20 16:37:00 System0.Inf 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] scheduling reauthentication in 27776s 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] scheduling reauthentication in 27776s 2014-12-20 16:37:00 System0.Inf 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] maximum IKE_SA lifetime 28316s 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] maximum IKE_SA lifetime 28316s ## --P1 done-- 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[ENC] generating QUICK_MODE request 3434393421 [ HASH SA No KE ID ID ] 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (380 bytes) 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (364 bytes) 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[ENC] parsed QUICK_MODE response 3434393421 [ HASH SA No KE ID ID ] 2014-12-20 16:37:00 System0.Inf 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] CHILD_SA con12{12} established with SPIs c98b7a36_i ed19ad07_o and TS 192.168.8.0/24|/0 === 10.10.0.144/32|/0 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[IKE] CHILD_SA con12{12} established with SPIs c98b7a36_i ed19ad07_o and TS 192.168.8.0/24|/0 === 10.10.0.144/32|/0 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[ENC] generating QUICK_MODE request 3434393421 [ HASH ] 2014-12-20 16:37:00 Daemon.Info 192.168.8.3 Dec 20 16:37:00 charon: 11[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (60 bytes) ## ping .144 works 2014-12-20 16:37:28 Daemon.Info 192.168.8.3 Dec 20 16:37:27 charon: 12[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (364 bytes) 2014-12-20 16:37:28 Daemon.Info 192.168.8.3 Dec 20 16:37:27 charon: 12[ENC] parsed QUICK_MODE request 2980998030 [ HASH SA No KE ID ID ] 2014-12-20 16:37:28 Daemon.Info 192.168.8.3 Dec 20 16:37:27 charon: 12[ENC] generating QUICK_MODE response 2980998030 [ HASH SA No KE ID ID ] 2014-12-20 16:37:28 Daemon.Info 192.168.8.3 Dec 20 16:37:27 charon: 12[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (380 bytes) 2014-12-20 16:37:28 Daemon.Info 192.168.8.3 Dec 20 16:37:27 charon: 11[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (60 bytes) 2014-12-20 16:37:28 Daemon.Info 192.168.8.3 Dec 20 16:37:27 charon: 11[ENC] parsed QUICK_MODE request 2980998030 [ HASH ] 2014-12-20 16:37:28 System0.Inf 192.168.8.3 Dec 20 16:37:27 charon: 11[IKE] CHILD_SA con12{12} established with SPIs ced4e00c_i e3000bc3_o and TS 192.168.8.0/24|/0 === 10.10.0.145/32|/0 2014-12-20 16:37:28 Daemon.Info 192.168.8.3 Dec 20 16:37:27 charon: 11[IKE] CHILD_SA con12{12} established with SPIs ced4e00c_i e3000bc3_o and TS 192.168.8.0/24|/0 === 10.10.0.145/32|/0 ## ping .145 works 2014-12-20 16:38:01 Daemon.Info 192.168.8.3 Dec 20 16:38:00 charon: 13[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (364 bytes) 2014-12-20 16:38:01 Daemon.Info 192.168.8.3 Dec 20 16:38:00 charon: 13[ENC] parsed QUICK_MODE request 3538110311 [ HASH SA No KE ID ID ] 2014-12-20 16:38:02 Daemon.Info 192.168.8.3 Dec 20 16:38:00 charon: 13[ENC] generating QUICK_MODE response 3538110311 [ HASH SA No KE ID ID ] 2014-12-20 16:38:02 Daemon.Info 192.168.8.3 Dec 20 16:38:00 charon: 13[NET] sending packet: from 1.2.3.203[500] to 2.3.4.22[500] (380 bytes) 2014-12-20 16:38:02 Daemon.Info 192.168.8.3 Dec 20 16:38:00 charon: 13[NET] received packet: from 2.3.4.22[500] to 1.2.3.203[500] (60 bytes) 2014-12-20 16:38:02 Daemon.Info 192.168.8.3 Dec 20 16:38:00 charon: 13[ENC] parsed QUICK_MODE request 3538110311 [ HASH ] 2014-12-20 16:38:02 System0.Inf 192.168.8.3 Dec 20 16:38:00 charon: 13[IKE] CHILD_SA con12{12} established with SPIs cc49fc37_i d7dd63b3_o and TS 192.168.8.0/24|/0 === 10.10.0.146/32|/0 2014-12-20 16:38:02 Daemon.Info 192.168.8.3 Dec 20 16:38:00 charon: 13[IKE] CHILD_SA con12{12} established with SPIs cc49fc37_i d7dd63b3_o and TS 192.168.8.0/24|/0 === 10.10.0.146/32|/0 ## ping .146 works ############################################################################## ### IPSEC.2- VPN with 2 conn sections defined in ipsec.conf con7 & con14, to same site, same psk, same id's, different P2,reqid.. works ### ############################################################################## 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 09[KNL] creating acquire job for policy 1.2.3.203/32|/0 === 3.4.5.58/32|/0 with reqid {7} 2014-12-20 16:31:43 System0.Inf 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] initiating Main Mode IKE_SA con7[5] to 3.4.5.58 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] initiating Main Mode IKE_SA con7[5] to 3.4.5.58 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[ENC] generating ID_PROT request 0 [ SA V V V V V V ] 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[NET] sending packet: from 1.2.3.203[500] to 3.4.5.58[500] (204 bytes) 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[NET] received packet: from 3.4.5.58[500] to 1.2.3.203[500] (120 bytes) 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[ENC] parsed ID_PROT response 0 [ SA V V ] 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[ENC] received unknown vendor ID: 5b:36:2b:c8:20:f6:00:07 2014-12-20 16:31:43 System0.Inf 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] received NAT-T (RFC 3947) vendor ID 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] received NAT-T (RFC 3947) vendor ID 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[NET] sending packet: from 1.2.3.203[500] to 3.4.5.58[500] (244 bytes) 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[NET] received packet: from 3.4.5.58[500] to 1.2.3.203[500] (276 bytes) 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[ENC] parsed ID_PROT response 0 [ KE NAT-D NAT-D No V V V ] 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[ENC] received unknown vendor ID: 40:4b:f4:39:52:2c:a3:f6 2014-12-20 16:31:43 System0.Inf 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] received XAuth vendor ID 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] received XAuth vendor ID 2014-12-20 16:31:43 System0.Inf 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] received DPD vendor ID 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] received DPD vendor ID 2014-12-20 16:31:43 System0.Inf 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] local host is behind NAT, sending keep alives 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] local host is behind NAT, sending keep alives 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[ENC] generating ID_PROT request 0 [ ID HASH ] 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (76 bytes) 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[NET] received packet: from 3.4.5.58[4500] to 1.2.3.203[4500] (76 bytes) 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[ENC] parsed ID_PROT response 0 [ ID HASH ] 2014-12-20 16:31:43 System0.Inf 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] IKE_SA con7[5] established between 1.2.3.203[1.2.3.203]...3.4.5.58[3.4.5.58] 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] IKE_SA con7[5] established between 1.2.3.203[1.2.3.203]...3.4.5.58[3.4.5.58] 2014-12-20 16:31:43 System0.Inf 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] scheduling reauthentication in 85813s 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] scheduling reauthentication in 85813s 2014-12-20 16:31:43 System0.Inf 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] maximum IKE_SA lifetime 86353s 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] maximum IKE_SA lifetime 86353s ## --P1 done-- 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[ENC] generating QUICK_MODE request 1048692260 [ HASH SA No KE ID ID ] 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (316 bytes) 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[NET] received packet: from 3.4.5.58[4500] to 1.2.3.203[4500] (300 bytes) 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[ENC] parsed QUICK_MODE response 1048692260 [ HASH SA No KE ID ID ] 2014-12-20 16:31:43 System0.Inf 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] CHILD_SA con7{7} established with SPIs c5bb0965_i 27ca498e_o and TS 192.168.8.0/24|/0 === 10.40.0.33/32|/0 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[IKE] CHILD_SA con7{7} established with SPIs c5bb0965_i 27ca498e_o and TS 192.168.8.0/24|/0 === 10.40.0.33/32|/0 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[ENC] generating QUICK_MODE request 1048692260 [ HASH ] 2014-12-20 16:31:43 Daemon.Info 192.168.8.3 Dec 20 16:31:43 charon: 08[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (60 bytes) ## ping 10.40.0.33 works 2014-12-20 16:32:29 Daemon.Info 192.168.8.3 Dec 20 16:32:29 charon: 08[KNL] creating acquire job for policy 1.2.3.203/32|/0 === 3.4.5.58/32|/0 with reqid {14} 2014-12-20 16:32:29 Daemon.Info 192.168.8.3 Dec 20 16:32:29 charon: 06[ENC] generating QUICK_MODE request 539705231 [ HASH SA No KE ID ID ] 2014-12-20 16:32:29 Daemon.Info 192.168.8.3 Dec 20 16:32:29 charon: 06[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (316 bytes) 2014-12-20 16:32:29 Daemon.Info 192.168.8.3 Dec 20 16:32:29 charon: 06[NET] received packet: from 3.4.5.58[4500] to 1.2.3.203[4500] (300 bytes) 2014-12-20 16:32:29 Daemon.Info 192.168.8.3 Dec 20 16:32:29 charon: 06[ENC] parsed QUICK_MODE response 539705231 [ HASH SA No KE ID ID ] 2014-12-20 16:32:29 System0.Inf 192.168.8.3 Dec 20 16:32:29 charon: 06[IKE] CHILD_SA con14{14} established with SPIs cad306d2_i d8c3be7b_o and TS 192.168.8.0/24|/0 === 10.40.0.67/32|/0 2014-12-20 16:32:29 Daemon.Info 192.168.8.3 Dec 20 16:32:29 charon: 06[IKE] CHILD_SA con14{14} established with SPIs cad306d2_i d8c3be7b_o and TS 192.168.8.0/24|/0 === 10.40.0.67/32|/0 2014-12-20 16:32:29 Daemon.Info 192.168.8.3 Dec 20 16:32:29 charon: 06[ENC] generating QUICK_MODE request 539705231 [ HASH ] 2014-12-20 16:32:29 Daemon.Info 192.168.8.3 Dec 20 16:32:29 charon: 06[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (60 bytes) ## ping 10.40.0.67 works ############################################################################## ### IPSEC.3- VPN con7 fails for second subnet when only 1 conn section is defined. ############################################################################## 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 13[KNL] creating acquire job for policy 1.2.3.203/32|/0 === 3.4.5.58/32|/0 with reqid {7} 2014-12-20 23:50:42 System0.Inf 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] initiating Main Mode IKE_SA con7[1] to 3.4.5.58 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] initiating Main Mode IKE_SA con7[1] to 3.4.5.58 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[ENC] generating ID_PROT request 0 [ SA V V V V V V ] 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[NET] sending packet: from 1.2.3.203[500] to 3.4.5.58[500] (204 bytes) 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[NET] received packet: from 3.4.5.58[500] to 1.2.3.203[500] (120 bytes) 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[ENC] parsed ID_PROT response 0 [ SA V V ] 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[ENC] received unknown vendor ID: 5b:36:2b:c8:20:f6:00:07 2014-12-20 23:50:42 System0.Inf 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] received NAT-T (RFC 3947) vendor ID 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] received NAT-T (RFC 3947) vendor ID 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[NET] sending packet: from 1.2.3.203[500] to 3.4.5.58[500] (244 bytes) 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[NET] received packet: from 3.4.5.58[500] to 1.2.3.203[500] (276 bytes) 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[ENC] parsed ID_PROT response 0 [ KE NAT-D NAT-D No V V V ] 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[ENC] received unknown vendor ID: 40:4b:f4:39:52:2c:a3:f6 2014-12-20 23:50:42 System0.Inf 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] received XAuth vendor ID 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] received XAuth vendor ID 2014-12-20 23:50:42 System0.Inf 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] received DPD vendor ID 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] received DPD vendor ID 2014-12-20 23:50:42 System0.Inf 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] local host is behind NAT, sending keep alives 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] local host is behind NAT, sending keep alives 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[ENC] generating ID_PROT request 0 [ ID HASH ] 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (76 bytes) 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[NET] received packet: from 3.4.5.58[4500] to 1.2.3.203[4500] (76 bytes) 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[ENC] parsed ID_PROT response 0 [ ID HASH ] 2014-12-20 23:50:42 System0.Inf 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] IKE_SA con7[1] established between 1.2.3.203[1.2.3.203]...3.4.5.58[3.4.5.58] 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] IKE_SA con7[1] established between 1.2.3.203[1.2.3.203]...3.4.5.58[3.4.5.58] 2014-12-20 23:50:42 System0.Inf 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] scheduling reauthentication in 85510s 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] scheduling reauthentication in 85510s 2014-12-20 23:50:42 System0.Inf 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] maximum IKE_SA lifetime 86050s 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] maximum IKE_SA lifetime 86050s ## --P1 done-- 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[ENC] generating QUICK_MODE request 3177465872 [ HASH SA No KE ID ID ] 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[NET] sending packet: from 1.2.3.203[4500] to 3.4.5.58[4500] (316 bytes) 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[NET] received packet: from 3.4.5.58[4500] to 1.2.3.203[4500] (108 bytes) 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[ENC] parsed INFORMATIONAL_V1 request 433438160 [ HASH N(NO_PROP) ] 2014-12-20 23:50:42 System0.Inf 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] received NO_PROPOSAL_CHOSEN error notify 2014-12-20 23:50:42 Daemon.Info 192.168.8.3 Dec 20 23:50:41 charon: 16[IKE] received NO_PROPOSAL_CHOSEN error notify ## fails to ping .191