Jan 30 08:30:35 ipsec_starter[37500]: Starting strongSwan 5.6.0 IPsec [starter]... Jan 30 08:30:35 ipsec_starter[37500]: no netkey IPsec stack detected Jan 30 08:30:35 ipsec_starter[37500]: no KLIPS IPsec stack detected Jan 30 08:30:35 ipsec_starter[37500]: no known IPsec stack detected, ignoring! Jan 30 08:30:35 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.0, FreeBSD 11.1-RELEASE-p6, amd64) Jan 30 08:30:35 charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument Jan 30 08:30:35 charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed Jan 30 08:30:36 charon: 00[CFG] loading unbound resolver config from '/etc/resolv.conf' Jan 30 08:30:36 charon: 00[CFG] loading unbound trust anchors from '/usr/local/etc/ipsec.d/dnssec.keys' Jan 30 08:30:36 charon: 00[CFG] ipseckey plugin is disabled Jan 30 08:30:36 charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' Jan 30 08:30:36 charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' Jan 30 08:30:36 charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' Jan 30 08:30:36 charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' Jan 30 08:30:36 charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' Jan 30 08:30:36 charon: 00[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Jan 30 08:30:36 charon: 00[CFG] loaded IKE secret for %any Jan 30 08:30:36 charon: 00[CFG] opening triplet file /usr/local/etc/ipsec.d/triplets.dat failed: No such file or directory Jan 30 08:30:36 charon: 00[CFG] loaded 0 RADIUS server configurations Jan 30 08:30:36 charon: 00[LIB] loaded plugins: charon unbound aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf curve25519 xcbc cmac hmac curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-sim eap-md5 eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap whitelist addrblock Jan 30 08:30:36 charon: 00[JOB] spawning 16 worker threads Jan 30 08:30:36 ipsec_starter[37980]: charon (38289) started after 140 ms Jan 30 08:30:36 charon: 01[CFG] received stroke: add connection 'bypasslan' Jan 30 08:30:36 charon: 01[CFG] conn bypasslan Jan 30 08:30:36 charon: 01[CFG] left=%any Jan 30 08:30:36 charon: 01[CFG] leftsubnet=10.0.0.0/16 Jan 30 08:30:36 charon: 01[CFG] right=%any Jan 30 08:30:36 charon: 01[CFG] rightsubnet=10.0.0.0/16 Jan 30 08:30:36 charon: 01[CFG] ike=aes128-sha256-curve25519 Jan 30 08:30:36 charon: 01[CFG] esp=aes128-sha256 Jan 30 08:30:36 charon: 01[CFG] dpddelay=30 Jan 30 08:30:36 charon: 01[CFG] dpdtimeout=150 Jan 30 08:30:36 charon: 01[CFG] sha256_96=no Jan 30 08:30:36 charon: 01[CFG] mediation=no Jan 30 08:30:36 charon: 01[CFG] added configuration 'bypasslan' Jan 30 08:30:36 charon: 05[CFG] received stroke: route 'bypasslan' Jan 30 08:30:36 charon: 05[CFG] proposing traffic selectors for us: Jan 30 08:30:36 charon: 05[CFG] 10.0.0.0/16|/0 Jan 30 08:30:36 charon: 05[CFG] proposing traffic selectors for other: Jan 30 08:30:36 charon: 05[CFG] 10.0.0.0/16|/0 Jan 30 08:30:36 ipsec_starter[37980]: 'bypasslan' shunt PASS policy installed Jan 30 08:30:36 ipsec_starter[37980]: Jan 30 08:30:36 charon: 15[CFG] received stroke: add connection 'con1' Jan 30 08:30:36 charon: 15[CFG] conn con1 Jan 30 08:30:36 charon: 15[CFG] left=%any Jan 30 08:30:36 charon: 15[CFG] leftauth=psk Jan 30 08:30:36 charon: 15[CFG] leftid=PFSENSE.WAN.IP.ADDRESS Jan 30 08:30:36 charon: 15[CFG] right=%any Jan 30 08:30:36 charon: 15[CFG] rightauth=psk Jan 30 08:30:36 charon: 15[CFG] ike=aes256-sha256-modp2048! Jan 30 08:30:36 charon: 15[CFG] esp=aes128-sha256! Jan 30 08:30:36 charon: 15[CFG] dpddelay=10 Jan 30 08:30:36 charon: 15[CFG] dpdtimeout=60 Jan 30 08:30:36 charon: 15[CFG] dpdaction=1 Jan 30 08:30:36 charon: 15[CFG] sha256_96=no Jan 30 08:30:36 charon: 15[CFG] mediation=no Jan 30 08:30:36 charon: 15[CFG] added configuration 'con1' Jan 30 08:39:39 charon: 13[CFG] rereading secrets Jan 30 08:39:39 charon: 13[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets' Jan 30 08:39:39 charon: 13[CFG] loaded IKE secret for %any Jan 30 08:39:39 charon: 13[CFG] rereading ca certificates from '/usr/local/etc/ipsec.d/cacerts' Jan 30 08:39:39 charon: 13[CFG] rereading aa certificates from '/usr/local/etc/ipsec.d/aacerts' Jan 30 08:39:39 charon: 13[CFG] rereading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' Jan 30 08:39:39 charon: 13[CFG] rereading attribute certificates from '/usr/local/etc/ipsec.d/acerts' Jan 30 08:39:39 charon: 13[CFG] rereading crls from '/usr/local/etc/ipsec.d/crls' Jan 30 08:39:39 charon: 13[CFG] received stroke: unroute 'bypasslan' Jan 30 08:39:39 charon: 13[CFG] proposing traffic selectors for us: Jan 30 08:39:39 charon: 13[CFG] 10.0.0.0/16|/0 Jan 30 08:39:39 charon: 13[CFG] proposing traffic selectors for other: Jan 30 08:39:39 charon: 13[CFG] 10.0.0.0/16|/0 Jan 30 08:39:39 ipsec_starter[37980]: shunt policy 'bypasslan' uninstalled Jan 30 08:39:39 ipsec_starter[37980]: Jan 30 08:39:39 charon: 12[CFG] received stroke: delete connection 'bypasslan' Jan 30 08:39:39 charon: 12[CFG] deleted connection 'bypasslan' Jan 30 08:39:39 charon: 12[CFG] received stroke: delete connection 'con1' Jan 30 08:39:39 charon: 12[CFG] deleted connection 'con1' Jan 30 08:39:39 charon: 12[CFG] received stroke: add connection 'bypasslan' Jan 30 08:39:39 charon: 12[CFG] conn bypasslan Jan 30 08:39:39 charon: 12[CFG] left=%any Jan 30 08:39:39 charon: 12[CFG] leftsubnet=10.0.0.0/16 Jan 30 08:39:39 charon: 12[CFG] right=%any Jan 30 08:39:39 charon: 12[CFG] rightsubnet=10.0.0.0/16 Jan 30 08:39:39 charon: 12[CFG] ike=aes128-sha256-curve25519 Jan 30 08:39:39 charon: 12[CFG] esp=aes128-sha256 Jan 30 08:39:39 charon: 12[CFG] dpddelay=30 Jan 30 08:39:39 charon: 12[CFG] dpdtimeout=150 Jan 30 08:39:39 charon: 12[CFG] sha256_96=no Jan 30 08:39:39 charon: 12[CFG] mediation=no Jan 30 08:39:39 charon: 12[CFG] added configuration 'bypasslan' Jan 30 08:39:39 charon: 10[CFG] received stroke: route 'bypasslan' Jan 30 08:39:39 charon: 10[CFG] proposing traffic selectors for us: Jan 30 08:39:39 charon: 10[CFG] 10.0.0.0/16|/0 Jan 30 08:39:39 charon: 10[CFG] proposing traffic selectors for other: Jan 30 08:39:39 charon: 10[CFG] 10.0.0.0/16|/0 Jan 30 08:39:39 ipsec_starter[37980]: 'bypasslan' shunt PASS policy installed Jan 30 08:39:39 ipsec_starter[37980]: Jan 30 08:39:39 charon: 11[CFG] received stroke: add connection 'con1' Jan 30 08:39:39 charon: 11[CFG] conn con1 Jan 30 08:39:39 charon: 11[CFG] left=%any Jan 30 08:39:39 charon: 11[CFG] leftauth=psk Jan 30 08:39:39 charon: 11[CFG] leftid=PFSENSE.WAN.IP.ADDRESS Jan 30 08:39:39 charon: 11[CFG] right=%any Jan 30 08:39:39 charon: 11[CFG] rightauth=psk Jan 30 08:39:39 charon: 11[CFG] ike=aes256-sha256-modp2048! Jan 30 08:39:39 charon: 11[CFG] esp=aes128-sha512! Jan 30 08:39:39 charon: 11[CFG] dpddelay=10 Jan 30 08:39:39 charon: 11[CFG] dpdtimeout=60 Jan 30 08:39:39 charon: 11[CFG] dpdaction=1 Jan 30 08:39:39 charon: 11[CFG] sha256_96=no Jan 30 08:39:39 charon: 11[CFG] mediation=no Jan 30 08:39:39 charon: 11[CFG] added configuration 'con1' Jan 30 08:40:04 charon: 11[NET] <1> received packet: from PHONE.4G.IP.ADDRESS[11688] to PFSENSE.WAN.IP.ADDRESS[500] (580 bytes) Jan 30 08:40:04 charon: 11[ENC] <1> parsed ID_PROT request 0 [ SA V V V V V V ] Jan 30 08:40:04 charon: 11[CFG] <1> looking for an ike config for PFSENSE.WAN.IP.ADDRESS...PHONE.4G.IP.ADDRESS Jan 30 08:40:04 charon: 11[CFG] <1> candidate: %any...%any, prio 24 Jan 30 08:40:04 charon: 11[CFG] <1> candidate: %any...%any, prio 24 Jan 30 08:40:04 charon: 11[CFG] <1> found matching ike config: %any...%any with prio 24 Jan 30 08:40:04 charon: 11[IKE] <1> received NAT-T (RFC 3947) vendor ID Jan 30 08:40:04 charon: 11[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02 vendor ID Jan 30 08:40:04 charon: 11[IKE] <1> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID Jan 30 08:40:04 charon: 11[IKE] <1> received draft-ietf-ipsec-nat-t-ike-00 vendor ID Jan 30 08:40:04 charon: 11[IKE] <1> received FRAGMENTATION vendor ID Jan 30 08:40:04 charon: 11[IKE] <1> received DPD vendor ID Jan 30 08:40:04 charon: 11[IKE] <1> PHONE.4G.IP.ADDRESS is initiating a Main Mode IKE_SA Jan 30 08:40:04 charon: 11[IKE] <1> IKE_SA (unnamed)[1] state change: CREATED => CONNECTING Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable PSEUDO_RANDOM_FUNCTION found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable PSEUDO_RANDOM_FUNCTION found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable DIFFIE_HELLMAN_GROUP found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:04 charon: 11[CFG] <1> selecting proposal: Jan 30 08:40:04 charon: 11[CFG] <1> proposal matches Jan 30 08:40:04 charon: 11[CFG] <1> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024 Jan 30 08:40:04 charon: 11[CFG] <1> configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024 Jan 30 08:40:04 charon: 11[CFG] <1> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024 Jan 30 08:40:04 charon: 11[IKE] <1> sending XAuth vendor ID Jan 30 08:40:04 charon: 11[IKE] <1> sending DPD vendor ID Jan 30 08:40:04 charon: 11[IKE] <1> sending FRAGMENTATION vendor ID Jan 30 08:40:04 charon: 11[IKE] <1> sending NAT-T (RFC 3947) vendor ID Jan 30 08:40:04 charon: 11[ENC] <1> generating ID_PROT response 0 [ SA V V V V ] Jan 30 08:40:04 charon: 11[NET] <1> sending packet: from PFSENSE.WAN.IP.ADDRESS[500] to PHONE.4G.IP.ADDRESS[11688] (160 bytes) Jan 30 08:40:04 charon: 10[NET] <1> received packet: from PHONE.4G.IP.ADDRESS[11688] to PFSENSE.WAN.IP.ADDRESS[500] (228 bytes) Jan 30 08:40:04 charon: 10[ENC] <1> parsed ID_PROT request 0 [ KE No NAT-D NAT-D ] Jan 30 08:40:04 charon: 10[IKE] <1> remote host is behind NAT Jan 30 08:40:04 charon: 10[CFG] <1> candidate "bypasslan", match: 1/1/24 (me/other/ike) Jan 30 08:40:04 charon: 10[CFG] <1> candidate "con1", match: 1/1/24 (me/other/ike) Jan 30 08:40:04 charon: 10[ENC] <1> generating ID_PROT response 0 [ KE No NAT-D NAT-D ] Jan 30 08:40:04 charon: 10[NET] <1> sending packet: from PFSENSE.WAN.IP.ADDRESS[500] to PHONE.4G.IP.ADDRESS[11688] (244 bytes) Jan 30 08:40:04 charon: 10[NET] <1> received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (92 bytes) Jan 30 08:40:04 charon: 10[ENC] <1> parsed ID_PROT request 0 [ ID HASH ] Jan 30 08:40:04 charon: 10[CFG] <1> looking for pre-shared key peer configs matching PFSENSE.WAN.IP.ADDRESS...PHONE.4G.IP.ADDRESS[100.100.206.219] Jan 30 08:40:04 charon: 10[CFG] <1> candidate "bypasslan", match: 1/1/24 (me/other/ike) Jan 30 08:40:04 charon: 10[CFG] <1> candidate "con1", match: 1/1/24 (me/other/ike) Jan 30 08:40:04 charon: 10[CFG] <1> selected peer config "con1" Jan 30 08:40:04 charon: 10[IKE] IKE_SA con1[1] established between PFSENSE.WAN.IP.ADDRESS[PFSENSE.WAN.IP.ADDRESS]...PHONE.4G.IP.ADDRESS[100.100.206.219] Jan 30 08:40:04 charon: 10[IKE] IKE_SA con1[1] state change: CONNECTING => ESTABLISHED Jan 30 08:40:04 charon: 10[IKE] scheduling reauthentication in 28251s Jan 30 08:40:04 charon: 10[IKE] maximum IKE_SA lifetime 28791s Jan 30 08:40:04 charon: 10[ENC] generating ID_PROT response 0 [ ID HASH ] Jan 30 08:40:04 charon: 10[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (76 bytes) Jan 30 08:40:04 charon: 12[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (108 bytes) Jan 30 08:40:04 charon: 12[ENC] parsed INFORMATIONAL_V1 request 3689217329 [ HASH N(INITIAL_CONTACT) ] Jan 30 08:40:05 charon: 12[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (460 bytes) Jan 30 08:40:05 charon: 12[ENC] parsed QUICK_MODE request 4162421179 [ HASH SA No ID ID ] Jan 30 08:40:05 charon: 12[IKE] changing received traffic selectors 100.100.206.219/32|/0[udp]=== PFSENSE.WAN.IP.ADDRESS/32|/0[udp/l2f] due to NAT Jan 30 08:40:05 charon: 12[CFG] looking for a child config for PFSENSE.WAN.IP.ADDRESS/32|/0[udp/l2f] === PHONE.4G.IP.ADDRESS/32|/0[udp] Jan 30 08:40:05 charon: 12[CFG] proposing traffic selectors for us: Jan 30 08:40:05 charon: 12[CFG] PFSENSE.WAN.IP.ADDRESS/32|/0 Jan 30 08:40:05 charon: 12[CFG] proposing traffic selectors for other: Jan 30 08:40:05 charon: 12[CFG] PHONE.4G.IP.ADDRESS/32|/0 Jan 30 08:40:05 charon: 12[CFG] candidate "con1" with prio 1+1 Jan 30 08:40:05 charon: 12[CFG] found matching child config "con1" with prio 2 Jan 30 08:40:05 charon: 12[CFG] selecting traffic selectors for other: Jan 30 08:40:05 charon: 12[CFG] config: PHONE.4G.IP.ADDRESS/32|/0, received: PHONE.4G.IP.ADDRESS/32|/0[udp] => match: PHONE.4G.IP.ADDRESS/32|/0[udp] Jan 30 08:40:05 charon: 12[CFG] selecting traffic selectors for us: Jan 30 08:40:05 charon: 12[CFG] config: PFSENSE.WAN.IP.ADDRESS/32|/0, received: PFSENSE.WAN.IP.ADDRESS/32|/0[udp/l2f] => match: PFSENSE.WAN.IP.ADDRESS/32|/0[udp/l2f] Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable INTEGRITY_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable INTEGRITY_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable INTEGRITY_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] selecting proposal: Jan 30 08:40:05 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:05 charon: 12[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_MD5_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ Jan 30 08:40:05 charon: 12[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA2_512_256/NO_EXT_SEQ Jan 30 08:40:05 charon: 12[IKE] received 28800s lifetime, configured 3600s Jan 30 08:40:05 charon: 12[IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN Jan 30 08:40:05 charon: 12[IKE] queueing INFORMATIONAL task Jan 30 08:40:05 charon: 12[IKE] activating new tasks Jan 30 08:40:05 charon: 12[IKE] activating INFORMATIONAL task Jan 30 08:40:05 charon: 12[ENC] generating INFORMATIONAL_V1 request 227678193 [ HASH N(NO_PROP) ] Jan 30 08:40:05 charon: 12[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (76 bytes) Jan 30 08:40:05 charon: 12[IKE] activating new tasks Jan 30 08:40:05 charon: 12[IKE] nothing to initiate Jan 30 08:40:08 charon: 12[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (460 bytes) Jan 30 08:40:08 charon: 12[IKE] received retransmit of request with ID 4162421179, but no response to retransmit Jan 30 08:40:12 charon: 12[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (460 bytes) Jan 30 08:40:12 charon: 12[IKE] received retransmit of request with ID 4162421179, but no response to retransmit Jan 30 08:40:15 charon: 12[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (460 bytes) Jan 30 08:40:15 charon: 12[IKE] received retransmit of request with ID 4162421179, but no response to retransmit Jan 30 08:40:15 charon: 12[IKE] sending DPD request Jan 30 08:40:15 charon: 12[IKE] queueing ISAKMP_DPD task Jan 30 08:40:15 charon: 12[IKE] activating new tasks Jan 30 08:40:15 charon: 12[IKE] activating ISAKMP_DPD task Jan 30 08:40:15 charon: 12[ENC] generating INFORMATIONAL_V1 request 3065278085 [ HASH N(DPD) ] Jan 30 08:40:15 charon: 12[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (92 bytes) Jan 30 08:40:15 charon: 12[IKE] activating new tasks Jan 30 08:40:15 charon: 12[IKE] nothing to initiate Jan 30 08:40:16 charon: 12[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (108 bytes) Jan 30 08:40:16 charon: 12[ENC] parsed INFORMATIONAL_V1 request 2520618926 [ HASH N(DPD_ACK) ] Jan 30 08:40:16 charon: 12[IKE] activating new tasks Jan 30 08:40:16 charon: 12[IKE] nothing to initiate Jan 30 08:40:18 charon: 12[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (460 bytes) Jan 30 08:40:18 charon: 12[ENC] parsed QUICK_MODE request 4162421179 [ HASH SA No ID ID ] Jan 30 08:40:18 charon: 12[ENC] received HASH payload does not match Jan 30 08:40:18 charon: 12[IKE] integrity check failed Jan 30 08:40:18 charon: 12[ENC] generating INFORMATIONAL_V1 request 2066252053 [ HASH N(INVAL_HASH) ] Jan 30 08:40:18 charon: 12[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (76 bytes) Jan 30 08:40:18 charon: 12[IKE] QUICK_MODE request with message ID 4162421179 processing failed Jan 30 08:40:21 charon: 12[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (460 bytes) Jan 30 08:40:21 charon: 12[ENC] parsed QUICK_MODE request 4162421179 [ HASH SA No ID ID ] Jan 30 08:40:21 charon: 12[ENC] received HASH payload does not match Jan 30 08:40:21 charon: 12[IKE] integrity check failed Jan 30 08:40:21 charon: 12[ENC] generating INFORMATIONAL_V1 request 2553682064 [ HASH N(INVAL_HASH) ] Jan 30 08:40:21 charon: 12[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (76 bytes) Jan 30 08:40:21 charon: 12[IKE] QUICK_MODE request with message ID 4162421179 processing failed Jan 30 08:40:24 charon: 12[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (460 bytes) Jan 30 08:40:24 charon: 12[ENC] parsed QUICK_MODE request 4162421179 [ HASH SA No ID ID ] Jan 30 08:40:24 charon: 12[IKE] changing received traffic selectors 100.100.206.219/32|/0[udp]=== PFSENSE.WAN.IP.ADDRESS/32|/0[udp/l2f] due to NAT Jan 30 08:40:24 charon: 12[CFG] looking for a child config for PFSENSE.WAN.IP.ADDRESS/32|/0[udp/l2f] === PHONE.4G.IP.ADDRESS/32|/0[udp] Jan 30 08:40:24 charon: 12[CFG] proposing traffic selectors for us: Jan 30 08:40:24 charon: 12[CFG] PFSENSE.WAN.IP.ADDRESS/32|/0 Jan 30 08:40:24 charon: 12[CFG] proposing traffic selectors for other: Jan 30 08:40:24 charon: 12[CFG] PHONE.4G.IP.ADDRESS/32|/0 Jan 30 08:40:24 charon: 12[CFG] candidate "con1" with prio 1+1 Jan 30 08:40:24 charon: 12[CFG] found matching child config "con1" with prio 2 Jan 30 08:40:24 charon: 12[CFG] selecting traffic selectors for other: Jan 30 08:40:24 charon: 12[CFG] config: PHONE.4G.IP.ADDRESS/32|/0, received: PHONE.4G.IP.ADDRESS/32|/0[udp] => match: PHONE.4G.IP.ADDRESS/32|/0[udp] Jan 30 08:40:24 charon: 12[CFG] selecting traffic selectors for us: Jan 30 08:40:24 charon: 12[CFG] config: PFSENSE.WAN.IP.ADDRESS/32|/0, received: PFSENSE.WAN.IP.ADDRESS/32|/0[udp/l2f] => match: PFSENSE.WAN.IP.ADDRESS/32|/0[udp/l2f] Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable INTEGRITY_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable INTEGRITY_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable INTEGRITY_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] selecting proposal: Jan 30 08:40:24 charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM found Jan 30 08:40:24 charon: 12[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_MD5_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_MD5_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_MD5_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_MD5_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA2_256_128/NO_EXT_SEQ Jan 30 08:40:24 charon: 12[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA2_512_256/NO_EXT_SEQ Jan 30 08:40:24 charon: 12[IKE] received 28800s lifetime, configured 3600s Jan 30 08:40:24 charon: 12[IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN Jan 30 08:40:24 charon: 12[IKE] queueing INFORMATIONAL task Jan 30 08:40:24 charon: 12[IKE] activating new tasks Jan 30 08:40:24 charon: 12[IKE] activating INFORMATIONAL task Jan 30 08:40:24 charon: 12[ENC] generating INFORMATIONAL_V1 request 2196097090 [ HASH N(NO_PROP) ] Jan 30 08:40:24 charon: 12[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (76 bytes) Jan 30 08:40:24 charon: 12[IKE] activating new tasks Jan 30 08:40:24 charon: 12[IKE] nothing to initiate Jan 30 08:40:27 charon: 10[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (460 bytes) Jan 30 08:40:27 charon: 10[IKE] received retransmit of request with ID 4162421179, but no response to retransmit Jan 30 08:40:30 charon: 10[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (460 bytes) Jan 30 08:40:30 charon: 10[IKE] received retransmit of request with ID 4162421179, but no response to retransmit Jan 30 08:40:33 charon: 10[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (460 bytes) Jan 30 08:40:33 charon: 10[IKE] received retransmit of request with ID 4162421179, but no response to retransmit Jan 30 08:40:34 charon: 10[IKE] sending DPD request Jan 30 08:40:34 charon: 10[IKE] queueing ISAKMP_DPD task Jan 30 08:40:34 charon: 10[IKE] activating new tasks Jan 30 08:40:34 charon: 10[IKE] activating ISAKMP_DPD task Jan 30 08:40:34 charon: 10[ENC] generating INFORMATIONAL_V1 request 1560874215 [ HASH N(DPD) ] Jan 30 08:40:34 charon: 10[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (92 bytes) Jan 30 08:40:34 charon: 10[IKE] activating new tasks Jan 30 08:40:34 charon: 10[IKE] nothing to initiate Jan 30 08:40:34 charon: 10[NET] received packet: from PHONE.4G.IP.ADDRESS[5004] to PFSENSE.WAN.IP.ADDRESS[4500] (108 bytes) Jan 30 08:40:34 charon: 10[ENC] parsed INFORMATIONAL_V1 request 3555995187 [ HASH N(DPD_ACK) ] Jan 30 08:40:34 charon: 10[IKE] activating new tasks Jan 30 08:40:34 charon: 10[IKE] nothing to initiate Jan 30 08:40:45 charon: 10[IKE] sending DPD request Jan 30 08:40:45 charon: 10[IKE] queueing ISAKMP_DPD task Jan 30 08:40:45 charon: 10[IKE] activating new tasks Jan 30 08:40:45 charon: 10[IKE] activating ISAKMP_DPD task Jan 30 08:40:45 charon: 10[ENC] generating INFORMATIONAL_V1 request 1823026341 [ HASH N(DPD) ] Jan 30 08:40:45 charon: 10[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (92 bytes) Jan 30 08:40:45 charon: 10[IKE] activating new tasks Jan 30 08:40:45 charon: 10[IKE] nothing to initiate Jan 30 08:40:55 charon: 10[IKE] sending DPD request Jan 30 08:40:55 charon: 10[IKE] queueing ISAKMP_DPD task Jan 30 08:40:55 charon: 10[IKE] activating new tasks Jan 30 08:40:55 charon: 10[IKE] activating ISAKMP_DPD task Jan 30 08:40:55 charon: 10[ENC] generating INFORMATIONAL_V1 request 1160826629 [ HASH N(DPD) ] Jan 30 08:40:55 charon: 10[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (92 bytes) Jan 30 08:40:55 charon: 10[IKE] activating new tasks Jan 30 08:40:55 charon: 10[IKE] nothing to initiate Jan 30 08:41:05 charon: 10[IKE] sending DPD request Jan 30 08:41:05 charon: 10[IKE] queueing ISAKMP_DPD task Jan 30 08:41:05 charon: 10[IKE] activating new tasks Jan 30 08:41:05 charon: 10[IKE] activating ISAKMP_DPD task Jan 30 08:41:05 charon: 10[ENC] generating INFORMATIONAL_V1 request 1558937606 [ HASH N(DPD) ] Jan 30 08:41:05 charon: 10[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (92 bytes) Jan 30 08:41:05 charon: 10[IKE] activating new tasks Jan 30 08:41:05 charon: 10[IKE] nothing to initiate Jan 30 08:41:15 charon: 10[IKE] sending DPD request Jan 30 08:41:15 charon: 10[IKE] queueing ISAKMP_DPD task Jan 30 08:41:15 charon: 10[IKE] activating new tasks Jan 30 08:41:15 charon: 10[IKE] activating ISAKMP_DPD task Jan 30 08:41:15 charon: 10[ENC] generating INFORMATIONAL_V1 request 1035159668 [ HASH N(DPD) ] Jan 30 08:41:15 charon: 10[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (92 bytes) Jan 30 08:41:15 charon: 10[IKE] activating new tasks Jan 30 08:41:15 charon: 10[IKE] nothing to initiate Jan 30 08:41:25 charon: 13[IKE] sending DPD request Jan 30 08:41:25 charon: 13[IKE] queueing ISAKMP_DPD task Jan 30 08:41:25 charon: 13[IKE] activating new tasks Jan 30 08:41:25 charon: 13[IKE] activating ISAKMP_DPD task Jan 30 08:41:25 charon: 13[ENC] generating INFORMATIONAL_V1 request 1524726655 [ HASH N(DPD) ] Jan 30 08:41:25 charon: 13[NET] sending packet: from PFSENSE.WAN.IP.ADDRESS[4500] to PHONE.4G.IP.ADDRESS[5004] (92 bytes) Jan 30 08:41:25 charon: 13[IKE] activating new tasks Jan 30 08:41:25 charon: 13[IKE] nothing to initiate Jan 30 08:41:35 charon: 13[JOB] DPD check timed out, enforcing DPD action Jan 30 08:41:35 charon: 13[IKE] IKE_SA con1[1] state change: ESTABLISHED => DESTROYING