OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: inzrust on November 13, 2017, 11:59:45 am
-
Hi! All!
There is a problem when connecting OPNsense to MikroTik.
MikroTik can not configure SA.
I made up a test stand.
Versions last, stable.
Please tell me where I'm wrong.
Scheme
+----------+ +----------+
192.168.99.0/24 3| OPNsense |2 10.58.22.0/30 1| MikroTik | 192.168.88.0/24
+---|__________|---------------------|__________|---+
| |
2| 2|
+-------+ +-------+
| HOST1 | | HOST2 |
+-------+ +-------+
MikroTik
/ip address print
10.58.22.1/30 10.58.22.0 ether1
192.168.88.1/24 192.168.88.0 ether2-master
/ip firewall filter print
3 chain=input action=accept protocol=udp dst-port=500
4 chain=input action=accept protocol=udp dst-port=4500
5 chain=input action=accept protocol=ipsec-esp log=no
9 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
/ip firewall nat print
0 chain=srcnat action=accept src-address=192.168.88.0/24 dst-address=192.168.99.0/24
1 chain=srcnat action=masquerade out-interface=ether1
/ip ipsec proposal print
name="test" auth-algorithms=sha512 enc-algorithms=aes-256-gcm lifetime=30m pfs-group=modp2048
/ip ipsec peer print
address=10.58.22.2/32 auth-method=pre-shared-key secret="test" generate-policy=port-strict policy-template-group=test exchange-mode=ike2 send-initial-contact=yes hash-algorithm=sha512 enc-algorithm=aes-256 dh-group=modp2048 dpd-interval=2m
/ip ipsec policy print
group=test src-address=192.168.88.0/24 dst-address=192.168.99.0/24 protocol=all proposal=test template=yes
/ip ipsec policy group print
test
/log print
.....................
.....................
15:42:17 ipsec,info new ike2 SA (I): 10.58.22.1[4500]-10.58.22.2[4500] spi:9e96b25638ae0016:3cf48cce8745c6ff
15:42:17 ipsec,info peer authorized: 10.58.22.1[4500]-10.58.22.2[4500] spi:9e96b25638ae0016:3cf48cce8745c6ff
15:42:34 ipsec,error no proposal chosen
OPNSense
/usr/local/etc/ipsec.conf
# This file is automatically generated. Do not edit
config setup
uniqueids = yes
charondebug="chd 4"
conn con1
aggressive = no
fragmentation = yes
keyexchange = ikev2
mobike = yes
reauth = yes
rekey = yes
forceencaps = yes
installpolicy = yes
type = tunnel
dpdaction = none
left = 10.58.22.2
right = 10.58.22.1
leftid = 10.58.22.2
ikelifetime = 28800s
lifetime = 3600s
ike = aes256-sha512-modp2048!
leftauth = psk
rightauth = psk
rightid = 10.58.22.1
rightsubnet = 192.168.88.0/24
leftsubnet = 192.168.99.0/24
esp = aes256-sha512-modp2048,aes256gcm16-sha512-modp2048!
auto = route
ipsec statusall
Status of IKE charon daemon (strongSwan 5.6.0, FreeBSD 11.0-RELEASE-p12, amd64):
uptime: 2 minutes, since Nov 13 13:50:58 2017
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 4
loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac gcm attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic whitelist addrblock
Listening IP addresses:
192.168.99.3
10.58.22.2
Connections:
con1: 10.58.22.2...10.58.22.1 IKEv2
con1: local: [10.58.22.2] uses pre-shared key authentication
con1: remote: [10.58.22.1] uses pre-shared key authentication
con1: child: 192.168.99.0/24 === 192.168.88.0/24 TUNNEL
Routed Connections:
con1{1}: ROUTED, TUNNEL, reqid 1
con1{1}: 192.168.99.0/24 === 192.168.88.0/24
Security Associations (1 up, 0 connecting):
con1[2]: ESTABLISHED 2 minutes ago, 10.58.22.2[10.58.22.2]...10.58.22.1[10.58.22.1]
con1[2]: IKEv2 SPIs: 8151fd73911c4573_i ce875f1011cf37df_r*, pre-shared key reauthentication in 7 hours
con1[2]: IKE proposal: AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048
/var/log/ipsec.log
Nov 13 09:49:40 OPNsense charon: 00[IKE] sending DELETE for IKE_SA con1[1]
Nov 13 09:49:40 OPNsense charon: 00[ENC] generating INFORMATIONAL request 0 [ D ]
Nov 13 09:49:40 OPNsense charon: 00[NET] sending packet: from 10.58.22.2[4500] to 10.58.22.1[4500] (96 bytes)
Nov 13 09:49:40 OPNsense charon: 00[CHD] CHILD_SA con1{1} state change: ROUTED => DESTROYING
Nov 13 09:49:42 OPNsense charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.6.0, FreeBSD 11.0-RELEASE-p12, amd64)
Nov 13 09:49:42 OPNsense charon: 00[KNL] unable to set UDP_ENCAP: Invalid argument
Nov 13 09:49:42 OPNsense charon: 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
Nov 13 09:49:42 OPNsense charon: 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Nov 13 09:49:42 OPNsense charon: 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Nov 13 09:49:42 OPNsense charon: 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Nov 13 09:49:42 OPNsense charon: 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Nov 13 09:49:42 OPNsense charon: 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
Nov 13 09:49:42 OPNsense charon: 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
Nov 13 09:49:42 OPNsense charon: 00[CFG] loaded IKE secret for 10.58.22.1
Nov 13 09:49:42 OPNsense charon: 00[CFG] loaded IKE secret for test
Nov 13 09:49:42 OPNsense charon: 00[CFG] loaded 0 RADIUS server configurations
Nov 13 09:49:42 OPNsense charon: 00[LIB] loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac gcm attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic whitelist addrblock
Nov 13 09:49:42 OPNsense charon: 00[JOB] spawning 16 worker threads
Nov 13 09:49:42 OPNsense charon: 16[CFG] received stroke: add connection 'con1'
Nov 13 09:49:42 OPNsense charon: 16[CFG] added configuration 'con1'
Nov 13 09:49:42 OPNsense charon: 16[CFG] received stroke: route 'con1'
Nov 13 09:49:42 OPNsense charon: 16[CHD] CHILD_SA con1{1} state change: CREATED => ROUTED
Nov 13 09:49:46 OPNsense charon: 16[NET] received packet: from 10.58.22.1[4500] to 10.58.22.2[4500] (424 bytes)
Nov 13 09:49:46 OPNsense charon: 16[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Nov 13 09:49:46 OPNsense charon: 16[IKE] 10.58.22.1 is initiating an IKE_SA
Nov 13 09:49:46 OPNsense charon: 16[IKE] 10.58.22.1 is initiating an IKE_SA
Nov 13 09:49:46 OPNsense charon: 16[IKE] faking NAT situation to enforce UDP encapsulation
Nov 13 09:49:46 OPNsense charon: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
Nov 13 09:49:46 OPNsense charon: 16[NET] sending packet: from 10.58.22.2[4500] to 10.58.22.1[4500] (440 bytes)
Nov 13 09:49:46 OPNsense charon: 16[NET] received packet: from 10.58.22.1[4500] to 10.58.22.2[4500] (432 bytes)
Nov 13 09:49:46 OPNsense charon: 16[ENC] parsed IKE_AUTH request 1 [ IDi AUTH N(INIT_CONTACT) SA TSi TSr N(USE_TRANSP) ]
Nov 13 09:49:46 OPNsense charon: 16[CFG] looking for peer configs matching 10.58.22.2[%any]...10.58.22.1[10.58.22.1]
Nov 13 09:49:46 OPNsense charon: 16[CFG] selected peer config 'con1'
Nov 13 09:49:46 OPNsense charon: 16[IKE] authentication of '10.58.22.1' with pre-shared key successful
Nov 13 09:49:46 OPNsense charon: 16[IKE] authentication of '10.58.22.2' (myself) with pre-shared key
Nov 13 09:49:46 OPNsense charon: 16[IKE] IKE_SA con1[1] established between 10.58.22.2[10.58.22.2]...10.58.22.1[10.58.22.1]
Nov 13 09:49:46 OPNsense charon: 16[IKE] IKE_SA con1[1] established between 10.58.22.2[10.58.22.2]...10.58.22.1[10.58.22.1]
Nov 13 09:49:46 OPNsense charon: 16[IKE] scheduling reauthentication in 28209s
Nov 13 09:49:46 OPNsense charon: 16[IKE] maximum IKE_SA lifetime 28749s
Nov 13 09:49:46 OPNsense charon: 16[IKE] traffic selectors 10.58.22.2/32 === 10.58.22.1/32 inacceptable
Nov 13 09:49:46 OPNsense charon: 16[IKE] failed to establish CHILD_SA, keeping IKE_SA
Nov 13 09:49:46 OPNsense charon: 16[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(AUTH_LFT) N(TS_UNACCEPT) ]
Nov 13 09:49:46 OPNsense charon: 16[NET] sending packet: from 10.58.22.2[4500] to 10.58.22.1[4500] (192 bytes)
Nov 13 09:49:55 OPNsense charon: 16[KNL] creating acquire job for policy 10.58.22.2/32 === 10.58.22.1/32 with reqid {1}
Nov 13 09:49:55 OPNsense charon: 16[IKE] establishing CHILD_SA con1{2} reqid 1
Nov 13 09:49:55 OPNsense charon: 16[IKE] establishing CHILD_SA con1{2} reqid 1
Nov 13 09:49:55 OPNsense charon: 16[ENC] generating CREATE_CHILD_SA request 0 [ N(ESP_TFC_PAD_N) SA No KE TSi TSr ]
Nov 13 09:49:55 OPNsense charon: 16[NET] sending packet: from 10.58.22.2[4500] to 10.58.22.1[4500] (576 bytes)
Nov 13 09:49:56 OPNsense charon: 13[NET] received packet: from 10.58.22.1[4500] to 10.58.22.2[4500] (496 bytes)
Nov 13 09:49:56 OPNsense charon: 13[ENC] parsed CREATE_CHILD_SA request 2 [ No KE SA TSi TSr ]
Nov 13 09:49:56 OPNsense charon: 13[IKE] traffic selectors 10.58.22.2/32 === 10.58.22.1/32 inacceptable
Nov 13 09:49:56 OPNsense charon: 13[IKE] failed to establish CHILD_SA, keeping IKE_SA
Nov 13 09:49:56 OPNsense charon: 13[ENC] generating CREATE_CHILD_SA response 2 [ N(TS_UNACCEPT) ]
Nov 13 09:49:56 OPNsense charon: 13[NET] sending packet: from 10.58.22.2[4500] to 10.58.22.1[4500] (96 bytes)
Nov 13 09:49:56 OPNsense charon: 16[NET] received packet: from 10.58.22.1[4500] to 10.58.22.2[4500] (240 bytes)
Nov 13 09:49:56 OPNsense charon: 16[ENC] parsed CREATE_CHILD_SA response 0 [ N(NO_PROP) ]
Nov 13 09:49:56 OPNsense charon: 16[IKE] received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built
Nov 13 09:49:56 OPNsense charon: 16[IKE] failed to establish CHILD_SA, keeping IKE_SA
Nov 13 09:49:56 OPNsense charon: 16[CHD] CHILD_SA con1{2} state change: CREATED => DESTROYING
-
I have no idea of Mikrotik, but for me it seems at OPNsense it's Mode Tunnel and on Mikrotik Mode Transport ...
-
Hi, mimugmail.
It is template.
It must generate the necessary rule, but for some unknown reason it does not do so.
Now the situation is
/ip ipsec policy print
Flags: T - template, X - disabled, D - dynamic, I - invalid, A - active, * - default
0 XI src-address=192.168.88.0/24 src-port=any dst-address=192.168.99.0/24 dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=10.58.22.1 sa-dst-address=10.58.22.2 proposal=test ph2-count=0
1 T group=test src-address=0.0.0.0/0 dst-address=0.0.0.0/0 protocol=all proposal=test template=yes
2 DA src-address=10.58.22.1/32 src-port=any dst-address=10.58.22.2/32 dst-port=any protocol=all action=encrypt level=unique
ipsec-protocols=esp tunnel=yes sa-src-address=10.58.22.1 sa-dst-address=10.58.22.2 proposal=test ph2-count=1
/ip ipsec installed-sa print
Flags: H - hw-aead, A - AH, E - ESP
0 E spi=0 src-address=10.58.22.1:5 dst-address=10.58.22.2:1 state=larval add-lifetime=0s/30s replay=0
/log print
18:00:37 ipsec,error no proposal chosen
18:12:40 ipsec,info killing ike2 SA: 10.58.22.1[4500]-10.58.22.2[4500] spi:0aebd3e888ffbd8c:eb3d798833168faf
18:12:45 ipsec,info new ike2 SA (I): 10.58.22.1[4500]-10.58.22.2[4500] spi:69e2d179b2a2e9f9:697e0487c7b3d3fe
18:12:45 ipsec,info peer authorized: 10.58.22.1[4500]-10.58.22.2[4500] spi:69e2d179b2a2e9f9:697e0487c7b3d3fe
Nov 13 15:13:00 OPNsense charon: 15[CFG] received stroke: add connection 'con1'
Nov 13 15:13:00 OPNsense charon: 15[CFG] added configuration 'con1'
Nov 13 15:13:00 OPNsense charon: 14[CFG] received stroke: route 'con1'
Nov 13 15:13:00 OPNsense charon: 14[CHD] CHILD_SA con1{1} state change: CREATED => ROUTED
Nov 13 15:13:02 OPNsense charon: 14[MGR] checkout IKEv2 SA by message with SPIs 69e2d179b2a2e9f9_i 0000000000000000_r
Nov 13 15:13:02 OPNsense charon: 14[MGR] created IKE_SA (unnamed)[1]
Nov 13 15:13:02 OPNsense charon: 14[NET] received packet: from 10.58.22.1[4500] to 10.58.22.2[4500] (424 bytes)
Nov 13 15:13:02 OPNsense charon: 14[ENC] parsed IKE_SA_INIT request 0 [ N(NATD_D_IP) N(NATD_S_IP) No KE SA ]
Nov 13 15:13:02 OPNsense charon: 14[IKE] 10.58.22.1 is initiating an IKE_SA
Nov 13 15:13:02 OPNsense charon: 14[IKE] 10.58.22.1 is initiating an IKE_SA
Nov 13 15:13:02 OPNsense charon: 14[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
Nov 13 15:13:02 OPNsense charon: 14[IKE] natd_chunk => 22 bytes @ 0x000005f67b2fed80
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: 69 E2 D1 79 B2 A2 E9 F9 00 00 00 00 00 00 00 00 i..y............
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 0A 3A 16 02 11 94 .:....
Nov 13 15:13:02 OPNsense charon: 14[IKE] natd_hash => 20 bytes @ 0x000005f67b2fed60
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: CA FB B1 9B B7 EF FD FD E1 1A F1 30 E3 DC 7F 1C ...........0....
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 77 10 4A EA w.J.
Nov 13 15:13:02 OPNsense charon: 14[IKE] natd_chunk => 22 bytes @ 0x000005f67b2fed80
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: 69 E2 D1 79 B2 A2 E9 F9 00 00 00 00 00 00 00 00 i..y............
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 0A 3A 16 01 11 94 .:....
Nov 13 15:13:02 OPNsense charon: 14[IKE] natd_hash => 20 bytes @ 0x000005f67b2feda0
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: A2 C7 51 4B 71 33 0F 89 96 2B 94 EF AA 07 D6 F1 ..QKq3...+......
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 18 24 D6 B4 .$..
Nov 13 15:13:02 OPNsense charon: 14[IKE] precalculated src_hash => 20 bytes @ 0x000005f67b2feda0
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: A2 C7 51 4B 71 33 0F 89 96 2B 94 EF AA 07 D6 F1 ..QKq3...+......
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 18 24 D6 B4 .$..
Nov 13 15:13:02 OPNsense charon: 14[IKE] precalculated dst_hash => 20 bytes @ 0x000005f67b2fed60
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: CA FB B1 9B B7 EF FD FD E1 1A F1 30 E3 DC 7F 1C ...........0....
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 77 10 4A EA w.J.
Nov 13 15:13:02 OPNsense charon: 14[IKE] received dst_hash => 20 bytes @ 0x000005f67b2fe840
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: CA FB B1 9B B7 EF FD FD E1 1A F1 30 E3 DC 7F 1C ...........0....
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 77 10 4A EA w.J.
Nov 13 15:13:02 OPNsense charon: 14[IKE] received src_hash => 20 bytes @ 0x000005f67b2fe8c0
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: A2 C7 51 4B 71 33 0F 89 96 2B 94 EF AA 07 D6 F1 ..QKq3...+......
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 18 24 D6 B4 .$..
Nov 13 15:13:02 OPNsense charon: 14[IKE] faking NAT situation to enforce UDP encapsulation
Nov 13 15:13:02 OPNsense charon: 14[IKE] shared Diffie Hellman secret => 256 bytes @ 0x000005f67b39a700
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: 4E 55 14 75 5C E7 9C 43 49 A0 41 51 3E A6 B1 A7 NU.u\..CI.AQ>...
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: A8 8E 45 7F D6 60 80 66 A6 C9 45 81 C7 77 CD 7A ..E..`.f..E..w.z
Nov 13 15:13:02 OPNsense charon: 14[IKE] 32: D6 D1 C6 09 5C A8 97 F4 F8 0D ED 08 AB 92 7E A9 ....\.........~.
Nov 13 15:13:02 OPNsense charon: 14[IKE] 48: 7B 13 D0 F7 3D 8E 3E EB A0 AA FA 16 75 D4 38 61 {...=.>.....u.8a
Nov 13 15:13:02 OPNsense charon: 14[IKE] 64: DF 4B 3D 13 85 64 98 73 B9 57 72 E8 6A B5 0C CC .K=..d.s.Wr.j...
Nov 13 15:13:02 OPNsense charon: 14[IKE] 80: D1 8D 0B 7B F3 4C DF 0F 39 4F 10 45 BA CA B9 02 ...{.L..9O.E....
Nov 13 15:13:02 OPNsense charon: 14[IKE] 96: 61 66 EC 4A 9A 18 26 0C E1 7B 1B 0A 29 6D FC 4A af.J..&..{..)m.J
Nov 13 15:13:02 OPNsense charon: 14[IKE] 112: 2A 5A 89 05 7C D3 F2 2E 47 B7 20 0F 4B E1 A8 D8 *Z..|...G. .K...
Nov 13 15:13:02 OPNsense charon: 14[IKE] 128: 5B 73 53 CB 06 80 F2 DB 07 E5 68 20 91 D9 44 7A [sS.......h ..Dz
Nov 13 15:13:02 OPNsense charon: 14[IKE] 144: A3 B7 21 3D 06 9E 4D 15 D5 9F D0 16 68 68 9D 0D ..!=..M.....hh..
Nov 13 15:13:02 OPNsense charon: 14[IKE] 160: 1B 7C 01 54 2B 98 D8 EC A0 90 D9 15 D2 E2 6F 02 .|.T+.........o.
Nov 13 15:13:02 OPNsense charon: 14[IKE] 176: 49 41 AB 22 D2 02 A9 58 24 C4 35 F1 3C 5A 5A DA IA."...X$.5.<ZZ.
Nov 13 15:13:02 OPNsense charon: 14[IKE] 192: B7 96 2E 8F 65 4C BC 2E 32 97 60 A0 A0 E7 EA FA ....eL..2.`.....
Nov 13 15:13:02 OPNsense charon: 14[IKE] 208: 55 F7 6F CF 11 D5 0E 47 9F A1 88 43 96 20 21 DD U.o....G...C. !.
Nov 13 15:13:02 OPNsense charon: 14[IKE] 224: 26 D8 03 19 CB 6B FA BC 52 9D 92 B8 AE D9 81 3A &....k..R......:
Nov 13 15:13:02 OPNsense charon: 14[IKE] 240: 8A 04 3D EF 12 60 6E 3C FF 66 64 D9 51 55 DE F6 ..=..`n<.fd.QU..
Nov 13 15:13:02 OPNsense charon: 14[IKE] SKEYSEED => 64 bytes @ 0x000005f67b340300
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: 8A FD EC FB 20 56 CE 28 F6 3B 88 E2 51 C0 CC 58 .... V.(.;..Q..X
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 58 04 F8 BF 4C 0B B0 93 45 6F 64 17 1F 47 B3 EF X...L...Eod..G..
Nov 13 15:13:02 OPNsense charon: 14[IKE] 32: D2 E6 6F DC 98 28 E6 9D 7C 15 19 07 E5 E4 57 A1 ..o..(..|.....W.
Nov 13 15:13:02 OPNsense charon: 14[IKE] 48: A6 D0 95 E3 6D 40 4B 9D 7E 5E D1 6B 9F BC 35 E8 ....m@K.~^.k..5.
Nov 13 15:13:02 OPNsense charon: 14[IKE] Sk_d secret => 64 bytes @ 0x000005f67b340240
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: 5A 20 62 F0 3D BD C7 38 71 55 22 A9 A5 34 DB 0C Z b.=..8qU"..4..
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 0E 2C D5 AB 95 B5 B7 D9 E9 9B BE 85 47 03 C9 54 .,..........G..T
Nov 13 15:13:02 OPNsense charon: 14[IKE] 32: D6 7A 70 99 89 D0 AB 3E F2 C6 C1 C6 A7 FA CD 9C .zp....>........
Nov 13 15:13:02 OPNsense charon: 14[IKE] 48: 02 99 42 E9 28 BF 61 A7 17 CC 85 D6 34 0F DD 86 ..B.(.a.....4...
Nov 13 15:13:02 OPNsense charon: 14[IKE] Sk_ai secret => 64 bytes @ 0x000005f67b3402c0
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: BF 2E 0F 2D C3 66 3F 73 57 BE C2 32 4B 28 1E 04 ...-.f?sW..2K(..
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 5D 72 B7 81 09 1C 31 FA 86 49 40 BC 0B 30 95 2C ]r....1..I@..0.,
Nov 13 15:13:02 OPNsense charon: 14[IKE] 32: A3 A1 C8 98 AF 48 57 DD EB C2 5E 0A 53 16 A5 0F .....HW...^.S...
Nov 13 15:13:02 OPNsense charon: 14[IKE] 48: 65 5A AE 30 B7 FF 61 D3 61 13 5B FD 44 17 09 4D eZ.0..a.a.[.D..M
Nov 13 15:13:02 OPNsense charon: 14[IKE] Sk_ar secret => 64 bytes @ 0x000005f67b340300
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: 71 09 B5 F7 41 61 4F 45 32 C6 30 89 A2 11 2B C5 q...AaOE2.0...+.
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 81 9E 94 33 47 3C 58 32 CD 2B 5A 18 0A 02 0E 33 ...3G<X2.+Z....3
Nov 13 15:13:02 OPNsense charon: 14[IKE] 32: D3 33 A3 67 99 AC F8 55 2F AB 89 40 54 EB B3 7F .3.g...U/..@T...
Nov 13 15:13:02 OPNsense charon: 14[IKE] 48: 0E 9E 6E 4F 7E 47 71 B2 B3 87 5D 3C 32 8F FA 52 ..nO~Gq...]<2..R
Nov 13 15:13:02 OPNsense charon: 14[IKE] Sk_ei secret => 32 bytes @ 0x000005f67b2fed80
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: 59 9C CC 46 01 34 25 E8 B8 28 A4 14 C1 B3 DB 28 Y..F.4%..(.....(
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 1C 08 EC 20 92 02 75 45 44 4E 8B 92 EE AD CE 3C ... ..uEDN.....<
Nov 13 15:13:02 OPNsense charon: 14[IKE] Sk_er secret => 32 bytes @ 0x000005f67b2fedc0
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: A7 D9 54 DD C7 2B 0F 1B 3C A7 77 F7 59 8E FF 6B ..T..+..<.w.Y..k
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: F4 96 48 4C 74 38 0E 36 7B 14 75 0C 41 23 70 05 ..HLt8.6{.u.A#p.
Nov 13 15:13:02 OPNsense charon: 14[IKE] Sk_pi secret => 64 bytes @ 0x000005f67b340300
Nov 13 15:13:02 OPNsense charon: 14[IKE] 0: 5C D7 1C 66 DF 6A 88 FB 50 5B 85 9E 82 A7 75 B8 \..f.j..P[....u.
Nov 13 15:13:02 OPNsense charon: 14[IKE] 16: 1C 98 FB 9E 5B DB 32 36 2C 70 FB 75 9E 30 46 DD ....[.26,p.u.0F.
Nov 13 15:13:02 OPNsense charon: 14[IKE] 32: 41 8B EA 2F B0 3E 1B 01 73 D6 1D 7D AA FF E2 02 A../.>..s..}....
Nov 13 15:13:02 OPNsense charon: 14[IKE] 48: 4A 78 A2 B2 66 6D D4 04 3A A3 4B F5 06 37 D6 35 Jx..fm..:.K..7.5
Nov 13 15:13:02 OPNsense charon: 14[IKE] Sk_pr secret => 64 bytes @ 0x000005f67b3402c0
I now have an idea where I'm wrong. Now I'll check.
-
Thank you. The problem really was with "politics."