cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From swill <...@git.apache.org>
Subject [GitHub] cloudstack issue #872: Strongswan vpn feature
Date Fri, 07 Oct 2016 17:46:24 GMT
Github user swill commented on the issue:

    https://github.com/apache/cloudstack/pull/872
  
    If anyone has experience with Remote Access VPN on Windows and has any insight into why
the following is failing, please let me know. 
    
    **FAILING WINDOWS LOG:**
    ```
    charon: 11[NET] received packet: from 74.121.xx.yy[1011] to 74.121.ff.gg[500]
    charon: 11[NET] waiting for data on sockets
    charon: 02[NET] received packet: from 74.121.xx.yy[1011] to 74.121.ff.gg[500] (408 bytes)
    charon: 02[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V ]
    charon: 02[CFG] looking for an ike config for 74.121.ff.gg...74.121.xx.yy
    charon: 02[CFG]   candidate: 74.121.ff.gg...%any, prio 1052
    charon: 02[CFG] found matching ike config: 74.121.ff.gg...%any with prio 1052
    charon: 02[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:01
    charon: 02[IKE] received MS NT5 ISAKMPOAKLEY vendor ID
    charon: 02[IKE] received NAT-T (RFC 3947) vendor ID
    charon: 02[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    charon: 02[IKE] received FRAGMENTATION vendor ID
    charon: 02[ENC] received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
    charon: 02[ENC] received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
    charon: 02[ENC] received unknown vendor ID: e3:a5:96:6a:76:37:9f:e7:07:22:82:31:e5:ce:86:52
    charon: 02[IKE] 74.121.xx.yy is initiating a Main Mode IKE_SA
    charon: 02[IKE] IKE_SA (unnamed)[39] state change: CREATED => CONNECTING
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
    charon: 02[CFG] selecting proposal:
    charon: 02[CFG]   proposal matches
    charon: 02[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_384,
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/ECP_256, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    charon: 02[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160,
IKE:AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/
 PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160
    charon: 02[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
    charon: 02[IKE] sending XAuth vendor ID
    charon: 02[IKE] sending DPD vendor ID
    charon: 02[IKE] sending NAT-T (RFC 3947) vendor ID
    charon: 02[ENC] generating ID_PROT response 0 [ SA V V V ]
    charon: 02[NET] sending packet: from 74.121.ff.gg[500] to 74.121.xx.yy[1011] (136 bytes)
    charon: 08[NET] sending packet: from 74.121.ff.gg[500] to 74.121.xx.yy[1011]
    charon: 11[NET] received packet: from 74.121.xx.yy[1011] to 74.121.ff.gg[500]
    charon: 11[NET] waiting for data on sockets
    charon: 05[NET] received packet: from 74.121.xx.yy[1011] to 74.121.ff.gg[500] (388 bytes)
    charon: 05[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    charon: 05[IKE] remote host is behind NAT
    charon: 05[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    charon: 05[NET] sending packet: from 74.121.ff.gg[500] to 74.121.xx.yy[1011] (372 bytes)
    charon: 08[NET] sending packet: from 74.121.ff.gg[500] to 74.121.xx.yy[1011]
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 16[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (76 bytes)
    charon: 16[ENC] parsed ID_PROT request 0 [ ID HASH ]
    charon: 16[CFG] looking for pre-shared key peer configs matching 74.121.ff.gg...74.121.xx.yy[172.16.11.171]
    charon: 16[CFG]   candidate "L2TP-PSK", match: 1/1/1052 (me/other/ike)
    charon: 16[CFG] selected peer config "L2TP-PSK"
    charon: 16[IKE] IKE_SA L2TP-PSK[39] established between 74.121.ff.gg[74.121.ff.gg]...74.121.xx.yy[172.16.11.171]
    charon: 16[IKE] IKE_SA L2TP-PSK[39] state change: CONNECTING => ESTABLISHED
    charon: 16[ENC] generating ID_PROT response 0 [ ID HASH ]
    charon: 16[NET] sending packet: from 74.121.ff.gg[4500] to 74.121.xx.yy[64916] (76 bytes)
    charon: 08[NET] sending packet: from 74.121.ff.gg[4500] to 74.121.xx.yy[64916]
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 04[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (444 bytes)
    charon: 04[ENC] parsed QUICK_MODE request 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    charon: 04[IKE] changing received traffic selectors 172.16.11.171/32[udp/l2f]=== 74.121.ff.gg/32[udp/l2f]
due to NAT
    charon: 04[CFG] looking for a child config for 74.121.ff.gg/32[udp/l2f] === 74.121.xx.yy/32[udp/l2f]

    charon: 04[CFG] proposing traffic selectors for us:
    charon: 04[CFG]  74.121.ff.gg/32[udp/l2f]
    charon: 04[CFG] proposing traffic selectors for other:
    charon: 04[CFG]  0.0.0.0/0[udp]
    charon: 04[CFG]   candidate "L2TP-PSK" with prio 5+1
    charon: 04[CFG] found matching child config "L2TP-PSK" with prio 6
    charon: 04[CFG] selecting traffic selectors for other:
    charon: 04[CFG]  config: 0.0.0.0/0[udp], received: 74.121.xx.yy/32[udp/l2f] => match:
74.121.xx.yy/32[udp/l2f]
    charon: 04[CFG] selecting traffic selectors for us:
    charon: 04[CFG]  config: 74.121.ff.gg/32[udp/l2f], received: 74.121.ff.gg/32[udp/l2f]
=> match: 74.121.ff.gg/32[udp/l2f]
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   proposal matches
    charon: 04[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:NULL/HMAC_SHA1_96/NO_EXT_SEQ
    charon: 04[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
    charon: 04[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
    charon: 04[IKE] received 3600s lifetime, configured 0s
    charon: 04[IKE] received 250000000 lifebytes, configured 0
    charon: 04[ENC] generating QUICK_MODE response 1 [ HASH SA No ID ID NAT-OA NAT-OA ]
    charon: 04[NET] sending packet: from 74.121.ff.gg[4500] to 74.121.xx.yy[64916] (204 bytes)
    charon: 08[NET] sending packet: from 74.121.ff.gg[4500] to 74.121.xx.yy[64916]
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 01[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (60 bytes)
    charon: 01[ENC] parsed QUICK_MODE request 1 [ HASH ]
    charon: 01[CHD]   using AES_CBC for encryption
    charon: 01[CHD]   using HMAC_SHA1_96 for integrity
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 14[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (444 bytes)
    charon: 14[ENC] parsed QUICK_MODE request 4 [ HASH SA No ID ID NAT-OA NAT-OA ]
    charon: 14[IKE] changing received traffic selectors 172.16.11.171/32[udp/l2f]=== 74.121.ff.gg/32[udp/l2f]
due to NAT
    charon: 14[CFG] looking for a child config for 74.121.ff.gg/32[udp/l2f] === 74.121.xx.yy/32[udp/l2f]

    charon: 14[CFG] proposing traffic selectors for us:
    charon: 14[CFG]  74.121.ff.gg/32[udp/l2f]
    charon: 14[CFG] proposing traffic selectors for other:
    charon: 14[CFG]  0.0.0.0/0[udp]
    charon: 14[CFG]   candidate "L2TP-PSK" with prio 5+1
    charon: 14[CFG] found matching child config "L2TP-PSK" with prio 6
    charon: 14[CFG] selecting traffic selectors for other:
    charon: 14[CFG]  config: 0.0.0.0/0[udp], received: 74.121.xx.yy/32[udp/l2f] => match:
74.121.xx.yy/32[udp/l2f]
    charon: 14[CFG] selecting traffic selectors for us:
    charon: 14[CFG]  config: 74.121.ff.gg/32[udp/l2f], received: 74.121.ff.gg/32[udp/l2f]
=> match: 74.121.ff.gg/32[udp/l2f]
    charon: 14[CFG] selecting proposal:
    charon: 14[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 14[CFG] selecting proposal:
    charon: 14[CFG]   proposal matches
    charon: 14[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:NULL/HMAC_SHA1_96/NO_EXT_SEQ
    charon: 14[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
    charon: 14[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
    charon: 14[IKE] received 3600s lifetime, configured 0s
    charon: 14[IKE] received 250000000 lifebytes, configured 0
    charon: 14[IKE] detected rekeying of CHILD_SA L2TP-PSK{31}
    charon: 14[ENC] generating QUICK_MODE response 4 [ HASH SA No ID ID NAT-OA NAT-OA ]
    charon: 14[NET] sending packet: from 74.121.ff.gg[4500] to 74.121.xx.yy[64916] (204 bytes)
    charon: 08[NET] sending packet: from 74.121.ff.gg[4500] to 74.121.xx.yy[64916]
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 04[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (60 bytes)
    charon: 04[ENC] parsed QUICK_MODE request 4 [ HASH ]
    charon: 04[CHD]   using AES_CBC for encryption
    charon: 04[CHD]   using HMAC_SHA1_96 for integrity
    charon: 04[CHD] adding inbound ESP SA
    charon: 04[CHD]   SPI 0xcb67a786, src 74.121.xx.yy dst 74.121.ff.gg
    charon: 04[CHD] adding outbound ESP SA
    charon: 04[CHD]   SPI 0xf47c9bd6, src 74.121.ff.gg dst 74.121.xx.yy
    charon: 04[IKE] CHILD_SA L2TP-PSK{31} established with SPIs cb67a786_i f47c9bd6_o and
TS 74.121.ff.gg/32[udp/l2f] === 74.121.xx.yy/32[udp/l2f] 
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 01[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (76 bytes)
    charon: 01[ENC] parsed INFORMATIONAL_V1 request 713875247 [ HASH D ]
    charon: 01[IKE] received DELETE for ESP CHILD_SA with SPI 7cab1502
    charon: 01[IKE] closing CHILD_SA L2TP-PSK{31} with SPIs ca86fad4_i (0 bytes) 7cab1502_o
(0 bytes) and TS 74.121.ff.gg/32[udp/l2f] === 74.121.xx.yy/32[udp/l2f] 
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 05[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (444 bytes)
    charon: 05[ENC] parsed QUICK_MODE request 5 [ HASH SA No ID ID NAT-OA NAT-OA ]
    charon: 05[IKE] changing received traffic selectors 172.16.11.171/32[udp/l2f]=== 74.121.ff.gg/32[udp/l2f]
due to NAT
    charon: 05[CFG] looking for a child config for 74.121.ff.gg/32[udp/l2f] === 74.121.xx.yy/32[udp/l2f]

    charon: 05[CFG] proposing traffic selectors for us:
    charon: 05[CFG]  74.121.ff.gg/32[udp/l2f]
    charon: 05[CFG] proposing traffic selectors for other:
    charon: 05[CFG]  0.0.0.0/0[udp]
    charon: 05[CFG]   candidate "L2TP-PSK" with prio 5+1
    charon: 05[CFG] found matching child config "L2TP-PSK" with prio 6
    charon: 05[CFG] selecting traffic selectors for other:
    charon: 05[CFG]  config: 0.0.0.0/0[udp], received: 74.121.xx.yy/32[udp/l2f] => match:
74.121.xx.yy/32[udp/l2f]
    charon: 05[CFG] selecting traffic selectors for us:
    charon: 05[CFG]  config: 74.121.ff.gg/32[udp/l2f], received: 74.121.ff.gg/32[udp/l2f]
=> match: 74.121.ff.gg/32[udp/l2f]
    charon: 05[CFG] selecting proposal:
    charon: 05[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 05[CFG] selecting proposal:
    charon: 05[CFG]   proposal matches
    charon: 05[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:NULL/HMAC_SHA1_96/NO_EXT_SEQ
    charon: 05[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
    charon: 05[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
    charon: 05[IKE] received 3600s lifetime, configured 0s
    charon: 05[IKE] received 250000000 lifebytes, configured 0
    charon: 05[IKE] detected rekeying of CHILD_SA L2TP-PSK{31}
    charon: 05[ENC] generating QUICK_MODE response 5 [ HASH SA No ID ID NAT-OA NAT-OA ]
    charon: 05[NET] sending packet: from 74.121.ff.gg[4500] to 74.121.xx.yy[64916] (204 bytes)
    charon: 08[NET] sending packet: from 74.121.ff.gg[4500] to 74.121.xx.yy[64916]
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 16[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (60 bytes)
    charon: 16[ENC] parsed QUICK_MODE request 5 [ HASH ]
    charon: 16[CHD]   using AES_CBC for encryption
    charon: 16[CHD]   using HMAC_SHA1_96 for integrity
    charon: 16[CHD] adding inbound ESP SA
    charon: 16[CHD]   SPI 0xc5ee1900, src 74.121.xx.yy dst 74.121.ff.gg
    charon: 16[CHD] adding outbound ESP SA
    charon: 16[CHD]   SPI 0x4c3a16f0, src 74.121.ff.gg dst 74.121.xx.yy
    charon: 16[IKE] CHILD_SA L2TP-PSK{31} established with SPIs c5ee1900_i 4c3a16f0_o and
TS 74.121.ff.gg/32[udp/l2f] === 74.121.xx.yy/32[udp/l2f] 
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 14[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (76 bytes)
    charon: 14[ENC] parsed INFORMATIONAL_V1 request 4253829990 [ HASH D ]
    charon: 14[IKE] received DELETE for ESP CHILD_SA with SPI f47c9bd6
    charon: 14[IKE] closing CHILD_SA L2TP-PSK{31} with SPIs cb67a786_i (0 bytes) f47c9bd6_o
(0 bytes) and TS 74.121.ff.gg/32[udp/l2f] === 74.121.xx.yy/32[udp/l2f] 
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 13[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (444 bytes)
    charon: 13[ENC] parsed QUICK_MODE request 6 [ HASH SA No ID ID NAT-OA NAT-OA ]
    charon: 13[IKE] changing received traffic selectors 172.16.11.171/32[udp/l2f]=== 74.121.ff.gg/32[udp/l2f]
due to NAT
    charon: 13[CFG] looking for a child config for 74.121.ff.gg/32[udp/l2f] === 74.121.xx.yy/32[udp/l2f]

    charon: 13[CFG] proposing traffic selectors for us:
    charon: 13[CFG]  74.121.ff.gg/32[udp/l2f]
    charon: 13[CFG] proposing traffic selectors for other:
    charon: 13[CFG]  0.0.0.0/0[udp]
    charon: 13[CFG]   candidate "L2TP-PSK" with prio 5+1
    charon: 13[CFG] found matching child config "L2TP-PSK" with prio 6
    charon: 13[CFG] selecting traffic selectors for other:
    charon: 13[CFG]  config: 0.0.0.0/0[udp], received: 74.121.xx.yy/32[udp/l2f] => match:
74.121.xx.yy/32[udp/l2f]
    charon: 13[CFG] selecting traffic selectors for us:
    charon: 13[CFG]  config: 74.121.ff.gg/32[udp/l2f], received: 74.121.ff.gg/32[udp/l2f]
=> match: 74.121.ff.gg/32[udp/l2f]
    charon: 13[CFG] selecting proposal:
    charon: 13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 13[CFG] selecting proposal:
    charon: 13[CFG]   proposal matches
    charon: 13[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ, ESP:NULL/HMAC_SHA1_96/NO_EXT_SEQ
    charon: 13[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ, ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ
    charon: 13[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
    charon: 13[IKE] received 3600s lifetime, configured 0s
    charon: 13[IKE] received 250000000 lifebytes, configured 0
    charon: 13[IKE] detected rekeying of CHILD_SA L2TP-PSK{31}
    charon: 13[ENC] generating QUICK_MODE response 6 [ HASH SA No ID ID NAT-OA NAT-OA ]
    charon: 13[NET] sending packet: from 74.121.ff.gg[4500] to 74.121.xx.yy[64916] (204 bytes)
    charon: 08[NET] sending packet: from 74.121.ff.gg[4500] to 74.121.xx.yy[64916]
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 12[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (60 bytes)
    charon: 12[ENC] parsed QUICK_MODE request 6 [ HASH ]
    charon: 12[CHD]   using AES_CBC for encryption
    charon: 12[CHD]   using HMAC_SHA1_96 for integrity
    charon: 12[CHD] adding inbound ESP SA
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 12[CHD]   SPI 0xc5f602ad, src 74.121.xx.yy dst 74.121.ff.gg
    charon: 11[NET] waiting for data on sockets
    charon: 12[CHD] adding outbound ESP SA
    charon: 12[CHD]   SPI 0x09b7ea2c, src 74.121.ff.gg dst 74.121.xx.yy
    charon: 12[IKE] CHILD_SA L2TP-PSK{31} established with SPIs c5f602ad_i 09b7ea2c_o and
TS 74.121.ff.gg/32[udp/l2f] === 74.121.xx.yy/32[udp/l2f] 
    charon: 09[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (76 bytes)
    charon: 09[ENC] parsed INFORMATIONAL_V1 request 1167094233 [ HASH D ]
    charon: 09[IKE] received DELETE for ESP CHILD_SA with SPI 4c3a16f0
    charon: 09[IKE] closing CHILD_SA L2TP-PSK{31} with SPIs c5ee1900_i (0 bytes) 4c3a16f0_o
(0 bytes) and TS 74.121.ff.gg/32[udp/l2f] === 74.121.xx.yy/32[udp/l2f] 
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 05[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (76 bytes)
    charon: 05[ENC] parsed INFORMATIONAL_V1 request 3486435093 [ HASH D ]
    charon: 05[IKE] received DELETE for ESP CHILD_SA with SPI 09b7ea2c
    charon: 05[IKE] closing CHILD_SA L2TP-PSK{31} with SPIs c5f602ad_i (0 bytes) 09b7ea2c_o
(0 bytes) and TS 74.121.ff.gg/32[udp/l2f] === 74.121.xx.yy/32[udp/l2f] 
    charon: 16[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (92 bytes)
    charon: 16[ENC] parsed INFORMATIONAL_V1 request 3988841069 [ HASH D ]
    charon: 16[IKE] received DELETE for IKE_SA L2TP-PSK[39]
    charon: 16[IKE] deleting IKE_SA L2TP-PSK[39] between 74.121.ff.gg[74.121.ff.gg]...74.121.xx.yy[172.16.11.171]
    charon: 16[IKE] IKE_SA L2TP-PSK[39] state change: ESTABLISHED => DELETING
    charon: 16[IKE] IKE_SA L2TP-PSK[39] state change: DELETING => DELETING
    charon: 16[IKE] IKE_SA L2TP-PSK[39] state change: DELETING => DESTROYING
    ```
    
    The same config works for Mac OSX.
    
    SUCCESSFUL MAC LOG:
    ```
    charon: 11[NET] received packet: from 74.121.xx.yy[1011] to 74.121.ff.gg[500]
    charon: 11[NET] waiting for data on sockets
    charon: 04[NET] received packet: from 74.121.xx.yy[1011] to 74.121.ff.gg[500] (788 bytes)
    charon: 04[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V V V ]
    charon: 04[CFG] looking for an ike config for 74.121.ff.gg...74.121.xx.yy
    charon: 04[CFG]   candidate: 74.121.ff.gg...%any, prio 1052
    charon: 04[CFG] found matching ike config: 74.121.ff.gg...%any with prio 1052
    charon: 04[IKE] received NAT-T (RFC 3947) vendor ID
    charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
    charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
    charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
    charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
    charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
    charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
    charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    charon: 04[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    charon: 04[IKE] received FRAGMENTATION vendor ID
    charon: 04[IKE] received DPD vendor ID
    charon: 04[IKE] 74.121.xx.yy is initiating a Main Mode IKE_SA
    charon: 04[IKE] IKE_SA (unnamed)[40] state change: CREATED => CONNECTING
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable PSEUDO_RANDOM_FUNCTION found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable ENCRYPTION_ALGORITHM found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable DIFFIE_HELLMAN_GROUP found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   no acceptable PSEUDO_RANDOM_FUNCTION found
    charon: 04[CFG] selecting proposal:
    charon: 04[CFG]   proposal matches
    charon: 04[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1536,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
    charon: 04[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160,
IKE:AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/
 PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_3072/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160
    charon: 04[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
    charon: 04[IKE] sending XAuth vendor ID
    charon: 04[IKE] sending DPD vendor ID
    charon: 04[IKE] sending NAT-T (RFC 3947) vendor ID
    charon: 04[ENC] generating ID_PROT response 0 [ SA V V V ]
    charon: 04[NET] sending packet: from 74.121.ff.gg[500] to 74.121.xx.yy[1011] (136 bytes)
    charon: 08[NET] sending packet: from 74.121.ff.gg[500] to 74.121.xx.yy[1011]
    charon: 11[NET] received packet: from 74.121.xx.yy[1011] to 74.121.ff.gg[500]
    charon: 11[NET] waiting for data on sockets
    charon: 01[NET] received packet: from 74.121.xx.yy[1011] to 74.121.ff.gg[500] (380 bytes)
    charon: 01[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    charon: 01[IKE] remote host is behind NAT
    charon: 01[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    charon: 01[NET] sending packet: from 74.121.ff.gg[500] to 74.121.xx.yy[1011] (396 bytes)
    charon: 08[NET] sending packet: from 74.121.ff.gg[500] to 74.121.xx.yy[1011]
    charon: 11[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500]
    charon: 11[NET] waiting for data on sockets
    charon: 06[NET] received packet: from 74.121.xx.yy[64916] to 74.121.ff.gg[4500] (108 bytes)
    charon: 06[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    charon: 06[CFG] looking for pre-shared key peer configs matching 74.121.ff.gg...74.121.xx.yy[172.16.11.144]
    charon: 06[CFG]   candidate "L2TP-PSK", match: 1/1/1052 (me/other/ike)
    xl2tpd[2263]: control_finish: Peer requested tunnel 32 twice, ignoring second one.
    xl2tpd[2263]: Connection established to 74.121.xx.yy, 55281.  Local: 16822, Remote: 32
(ref=0/0).  LNS session is 'default'
    xl2tpd[2263]: start_pppd: I'm running: 
    xl2tpd[2263]: "/usr/sbin/pppd" 
    xl2tpd[2263]: "passive" 
    xl2tpd[2263]: "nodetach" 
    xl2tpd[2263]: "10.10.2.1:10.10.2.2" 
    xl2tpd[2263]: "refuse-pap" 
    xl2tpd[2263]: "file" 
    xl2tpd[2263]: "/etc/ppp/options.xl2tpd" 
    xl2tpd[2263]: "ipparam" 
    xl2tpd[2263]: "74.121.xx.yy" 
    xl2tpd[2263]: "/dev/pts/1" 
    xl2tpd[2263]: Call established with 74.121.xx.yy, Local: 22684, Remote: 32335, Serial:
1
    charon: 04[KNL] 10.10.2.1 appeared on ppp0
    charon: 06[KNL] 10.10.2.1 disappeared from ppp0
    charon: 12[KNL] 10.10.2.1 appeared on ppp0
    charon: 03[KNL] interface ppp0 activated
    charon: 02[IKE] keeping connection path 74.121.ff.gg - 74.121.xx.yy
    charon: 02[IKE] keeping connection path 74.121.ff.gg - 74.121.xx.yy
    ntpd[3211]: Listen normally on 12 ppp0 10.10.2.1 UDP 123
    ntpd[3211]: peers refreshed
    ```
    
    Any insights welcome.  :)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message