Messages

Hi,

i have a strange problem with the vpn connection between opnsense (client side ) and an old version of endian 2.5 (server side ) VPN connection goes up but server side cannot be reached from client .. in the routing table there is somthing wrong

Code Select Expand

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.73.2       UGS         em1
127.0.0.1          link#4             UH          lo0
192.168.12.16      link#7             UHS         lo0
192.168.17.0/24    link#1             U           em0
192.168.17.3       link#1             UHS         lo0
192.168.73.0/24    link#2             U           em1
192.168.73.130     link#2             UHS         lo0
255.255.255.0      link#7             UH       ovpnc1



the network config opnsense side is
IPv4 Tunnel Network : 192.168.12.0/24
IPv4 Remote Network : 192.168.1.0/24

in the log there is many errors about "route add command failed"

Code Select Expand

2023-03-31T08:10:21 Notice openvpn_client1 Initialization Sequence Completed
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Warning openvpn_client1 ERROR: FreeBSD route add command failed: external program exited with error status: 1
2023-03-31T08:10:21 Notice openvpn_client1 /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup ovpnc1 1500 1622 192.168.12.16 255.255.255.0 init
2023-03-31T08:10:21 Notice openvpn_client1 /sbin/ifconfig ovpnc1 192.168.12.16 255.255.255.0 mtu 1500 netmask 255.255.255.255 up
2023-03-31T08:10:21 Notice openvpn_client1 TUN/TAP device /dev/tun1 opened
2023-03-31T08:10:21 Notice openvpn_client1 TUN/TAP device ovpnc1 exists previously, keep at program end
2023-03-31T08:10:21 Warning openvpn_client1 WARNING: Since you are using --dev tun with a point-to-point topology, the second argument to --ifconfig must be an IP address. You are using something (255.255.255.0) that looks more like a netmask. (silence this warning with --ifconfig-nowarn)
2023-03-31T08:10:21 Warning openvpn_client1 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
2023-03-31T08:10:21 Warning openvpn_client1 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-03-31T08:10:21 Warning openvpn_client1 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-03-31T08:10:20 Notice openvpn_client1 [127.0.0.1] Peer Connection Initiated with [AF_INET]88.54.217.98:1194
2023-03-31T08:10:20 Warning openvpn_client1 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'
2023-03-31T08:10:20 Warning openvpn_client1 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1574'
2023-03-31T08:10:20 Warning openvpn_client1 WARNING: 'dev-type' is used inconsistently, local='dev-type tun', remote='dev-type tap'
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-03-31T08:10:19 Notice openvpn_client1 UDP link remote: [AF_INET]88.54.217.98:1194
2023-03-31T08:10:19 Notice openvpn_client1 UDP link local (bound): [AF_INET]192.168.73.130:0
2023-03-31T08:10:19 Notice openvpn_client1 TCP/UDP: Preserving recently used remote address: [AF_INET]88.54.217.98:1194
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVPN 2.7.
2023-03-31T08:10:19 Warning openvpn_client1 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: using --pull/--client and --ifconfig together is probably not what you want
2023-03-31T08:10:19 Notice openvpn_client1 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
2023-03-31T08:10:19 Notice openvpn_client1 OpenVPN 2.5.8 amd64-portbld-freebsd13.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 23 2023
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: file '/var/etc/openvpn/client1.up' is group or others accessible
2023-03-31T08:10:19 Warning openvpn_client1 DEPRECATED OPTION: --cipher set to 'BF-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'BF-CBC' to --data-ciphers or change --cipher 'BF-CBC' to --data-ciphers-fallback 'BF-CBC' to silence this warning.
2023-03-31T08:10:19 Warning openvpn_client1 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2023-03-31T08:10:19 Notice openvpn_client1 SIGTERM[hard,] received, process exiting
2023-03-31T08:10:19 Notice openvpn_client1 /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown ovpnc1 1500 1622 192.168.12.16 255.255.255.0 init

i have tried to leave empty the tunnel network and remote network, assign the ovpnc1 to interface and route the remote subnet manually but nothing to do

i don't understand where i wrong

Thanks in advance

when i try to start the service the only message is this but the service not start

Code Select Expand

<13>1 2023-03-17T09:06:35+01:00 vpn.vmforbusiness.com configd.py 209 - [meta sequenceId="222"] [a76be5c3-7a08-4d36-8b82-8113a69675ad] IPsec service start
<13>1 2023-03-17T09:06:35+01:00 vpn.vmforbusiness.com configd.py 209 - [meta sequenceId="223"] [8aa0281c-0004-40db-a970-5d8f0a99bf6b] IPsec list legacy VirtualTunnelInterfaces


Code Select Expand

root@vpn:~ # ls -la /usr/local/etc/swanctl/
total 42
drwxr-xr-x  16 root  wheel     19 Mar 16 15:09 .
drwxr-xr-x  38 root  wheel    120 Mar 16 15:09 ..
drwxr-x---   2 root  wheel      2 Jan 23 04:10 bliss
drwxr-xr-x   2 root  wheel      2 Jan 25 11:23 conf.d
drwxr-x---   2 root  wheel      2 Jan 23 04:10 ecdsa
drwxr-x---   2 root  wheel      2 Jan 23 04:10 pkcs12
drwxr-x---   2 root  wheel      2 Jan 23 04:10 pkcs8
drwxr-x---   2 root  wheel      2 Jan 23 04:10 private
drwxr-xr-x   2 root  wheel      2 Jan 25 11:23 pubkey
-rw-r--r--   1 root  wheel     86 Mar 16 15:31 reqid_events.conf
drwxr-x---   2 root  wheel      2 Jan 23 04:10 rsa
-rw-r-----   1 root  wheel  16420 Mar  9 04:14 swanctl.conf
-rw-r-----   1 root  wheel  16420 Mar  9 04:14 swanctl.conf.sample
drwxr-xr-x   2 root  wheel      2 Jan 25 11:23 x509
drwxr-xr-x   2 root  wheel      2 Jan 25 11:23 x509aa
drwxr-xr-x   2 root  wheel      2 Jan 25 11:23 x509ac
drwxr-xr-x   2 root  wheel      2 Jan 25 11:23 x509ca
drwxr-xr-x   2 root  wheel      2 Jan 25 11:23 x509crl
drwxr-xr-x   2 root  wheel      2 Jan 25 11:23 x509ocsp


nothing to do

1) I restarted the machine disabling and re-enabling ipsec and save the service does not start the configuration file is not written

2) I have delete all the config, restart the machine, config  the mobile clients section, create phase 1 and 2, enabling ipsec and save the service does not start the configuration file is not written

3) I have delete all the config, restart the machine, in the mobile clients section only select type of authentication local user, enabling ipsec and save the service does not start the configuration file is not written

4 ) In the System > Firmware i have re-installed ipsec, in the mobile clients section only select type of authentication local user, enabling ipsec and save the service does not start the configuration file is not written

5) create a new fresh installation, only lan e wan interface configured in the wizard, in the mobile clients section only select type of authentication as local user, i have create phase 1 and 2 and i leave all as default .. enabling ipsec and save, the service does not start the configuration file is not written !

i have found one other post in the forum that talk ipsec thant not start and the log and the config are empty

https://forum.opnsense.org/index.php?topic=26682.0

Sure... I've done more checks and it appears that the web interface configuration is not reported in the config file

i have add in the authentication the local user and add a Pre-Shared Keys but the file  /usr/local/etc/ipsec.secrets is empty

if i run ipsec statusall the configuration and  the cert is not reported

Code Select Expand

Status of IKE charon daemon (strongSwan 5.9.10, FreeBSD 13.1-RELEASE-p7, amd64):
  uptime: 2 hours, since Mar 16 08:00:46 2023
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl pkcs8 fips-prf curve25519 xcbc cmac hmac kdf gcm drbg attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam whitelist addrblock counters
Listening IP addresses:
  192.168.1.1
  172.16.10.1
  192.168.10.200
  192.168.120.1
Connections:
Security Associations (0 up, 0 connecting):
  none




the result of the command must be something like this

Code Select Expand

Status of IKE charon daemon (strongSwan 5.9.4, FreeBSD 12.3-STABLE, amd64):
  uptime: 7 days, since Mar 08 16:17:33 2023
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon eap-radius unbound pkcs11 aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey ipseckey pem openssl fips-prf curve25519 xcbc cmac hmac drbg curl attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-sim eap-md5 eap-mschapv2 eap-dynamic eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam whitelist addrblock counters
Listening IP addresses:
  192.168.1.1
  172.16.10.2
  192.168.10.200
  192.168.120.1
Connections:
      bypass:  %any...127.0.0.1  IKEv1/2
      bypass:   local:  uses any authentication
      bypass:   remote: uses any authentication
   bypasslan:   child:  172.16.10.0/24|/0 === 172.16.10.0/24|/0 PASS
  con-mobile:  192.168.10.200...0.0.0.0/0, ::/0  IKEv2, dpddelay=10s
  con-mobile:   local:  [vpn.mydomain.com] uses public key authentication
  con-mobile:    cert:  "C=IT, ST=Italia, L=Nova Milanese, O=VM srl, E=admin@xxxxxxxxx.com, CN=office.xxxxxxxxx.com"
  con-mobile:   remote: [%any] uses EAP_RADIUS authentication with EAP identity '%any'
  con-mobile:   child:  172.16.10.0/24|/0 === dynamic TUNNEL, dpdaction=clear
Shunted Connections:
   bypasslan:  172.16.10.0/24|/0 === 172.16.10.0/24|/0 PASS
Security Associations (0 up, 0 connecting):
  none

Folks, "no proposal chosen" means there's a mismatch with your P1 settings. Under VPN/IPSec/Advanced Settings, bump up "Configuration management and plugins" logging to control instead of audit. Try to connect and check logs. You should see entries like this, showing what the client tried to use versus what the server can support. If there's success it will tell you what proposal was selected. Otherwise, it will give you "no proposal chosen" error.

Code Select Expand


2023-03-15T20:44:38-06:00 Informational charon 11[CFG] <4> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
2023-03-15T20:44:38-06:00 Informational charon 11[CFG] <4> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
2023-03-15T20:44:38-06:00 Informational charon 11[CFG] <4> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048


Configuration management and plugins set to Highest, restart opnsense ( after restart strongswan alway in down and i need to start manually from the shell ) but the log are the same

Code Select Expand

2023-03-16T08:01:07 Informational charon 16[NET] sending packet: from 192.168.10.200[500] to 5.90.77.85[43832] (36 bytes)
2023-03-16T08:01:07 Informational charon 16[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
2023-03-16T08:01:07 Informational charon 16[IKE] no IKE config found for 192.168.10.200...5.90.77.85, sending NO_PROPOSAL_CHOSEN
2023-03-16T08:01:07 Informational charon 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
2023-03-16T08:01:07 Informational charon 16[NET] received packet: from 5.90.77.85[43832] to 192.168.10.200[500] (544 bytes)
2023-03-16T08:00:47 Informational charon 00[JOB] spawning 16 worker threads
2023-03-16T08:00:47 Informational charon 00[LIB] loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl pkcs8 fips-prf curve25519 xcbc cmac hmac kdf gcm drbg attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam whitelist addrblock counters
2023-03-16T08:00:47 Informational charon 00[CFG] loaded 0 RADIUS server configurations
2023-03-16T08:00:47 Informational charon 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
2023-03-16T08:00:47 Informational charon 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
2023-03-16T08:00:47 Informational charon 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
2023-03-16T08:00:47 Informational charon 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
2023-03-16T08:00:47 Informational charon 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
2023-03-16T08:00:47 Informational charon 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
2023-03-16T08:00:47 Informational charon 00[NET] enabling UDP decapsulation for IPv4 on port 4500 failed
2023-03-16T08:00:47 Informational charon 00[KNL] unable to set UDP_ENCAP: Protocol not available
2023-03-16T08:00:47 Informational charon 00[NET] installing IKE bypass policy failed
2023-03-16T08:00:47 Informational charon 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
2023-03-16T08:00:47 Informational charon 00[NET] installing IKE bypass policy failed
2023-03-16T08:00:47 Informational charon 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
2023-03-16T08:00:47 Informational charon 00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed
2023-03-16T08:00:47 Informational charon 00[KNL] unable to set UDP_ENCAP: Invalid argument
2023-03-16T08:00:47 Informational charon 00[NET] installing IKE bypass policy failed
2023-03-16T08:00:47 Informational charon 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
2023-03-16T08:00:47 Informational charon 00[NET] installing IKE bypass policy failed
2023-03-16T08:00:47 Informational charon 00[KNL] unable to set IPSEC_POLICY on socket: Protocol not available
2023-03-16T08:00:47 Informational charon 00[CFG] using '/sbin/resolvconf' to install DNS servers
2023-03-16T08:00:47 Informational charon 00[DMN] Starting IKE charon daemon (strongSwan 5.9.10, FreeBSD 13.1-RELEASE-p7, amd64)


this is the /usr/local/etc/swanctl/swanctl.conf but it's correct that all the liens are commented ( the include conf.d/ dir is empty )??

Code Select Expand

# cat /usr/local/etc/swanctl/swanctl.conf
# Section defining IKE connection configurations.
# connections {

    # Section for an IKE connection named <conn>.
    # <conn> {

        # IKE major version to use for connection.
        # version = 0

        # Local address(es) to use for IKE communication, comma separated.
        #local_addrs = %any

        # Remote address(es) to use for IKE communication, comma separated.
        #Remote_addrs = %any

        # Local UDP port for IKE communication.
        # local_port = 500

        # Remote UDP port for IKE communication.
        # remote_port = 500

        # Comma separated proposals to accept for IKE.
        # proposals = default

        # Virtual IPs to request in configuration payload / Mode Config.
        # vips =

        # Use Aggressive Mode in IKEv1.
        # aggressive = no

        # Set the Mode Config mode to use.
        # pull = yes

        # Differentiated Services Field Codepoint to set on outgoing IKE packets
        # (six binary digits).
        # dscp = 000000

        # Enforce UDP encapsulation by faking NAT-D payloads.
        # encap = no

        # Enables MOBIKE on IKEv2 connections.
        # mobike = yes

        # Interval of liveness checks (DPD).
        # dpd_delay = 0s

        # Timeout for DPD checks (IKEV1 only).
        # dpd_timeout = 0s

        # Use IKE UDP datagram fragmentation (yes, accept, no or force).
        # fragmentation = yes

        # Use childless IKE_SA initiation (allow, prefer, force or never).
        # childless = allow

        # Send certificate requests payloads (yes or no).
        # send_certreq = yes

        # Send certificate payloads (always, never or ifasked).
        # send_cert = ifasked

        # String identifying the Postquantum Preshared Key (PPK) to be used.
        # ppk_id =

        # Whether a Postquantum Preshared Key (PPK) is required for this
        # connection.
        # ppk_required = no

        # Number of retransmission sequences to perform during initial connect.
        # keyingtries = 1

        # Connection uniqueness policy (never, no, keep or replace).
        # unique = no

        # Time to schedule IKE reauthentication.
        # reauth_time = 0s

        # Time to schedule IKE rekeying.
        # rekey_time = 4h

        # Hard IKE_SA lifetime if rekey/reauth does not complete, as time.
        # over_time = 10% of rekey_time/reauth_time

        # Range of random time to subtract from rekey/reauth times.
        # rand_time = over_time

        # Comma separated list of named IP pools.
        # pools =

        # Default inbound XFRM interface ID for children.
        # if_id_in = 0

        # Default outbound XFRM interface ID for children.
        # if_id_out = 0

        # Whether this connection is a mediation connection.
        # mediation = no

        # The name of the connection to mediate this connection through.
        # mediated_by =

        # Identity under which the peer is registered at the mediation server.
        # mediation_peer =

        # Section for a local authentication round.
        # local<suffix> {

            # Optional numeric identifier by which authentication rounds are
            # sorted.  If not specified rounds are ordered by their position in
            # the config file/VICI message.
            # round = 0

            # Comma separated list of certificate candidates to use for
            # authentication.
            # certs =

            # Section for a certificate candidate to use for authentication.
            # cert<suffix> =

            # Comma separated list of raw public key candidates to use for
            # authentication.
            # pubkeys =

            # Authentication to perform locally (pubkey, psk, xauth[-backend] or
            # eap[-method]).
            # auth = pubkey

            # IKE identity to use for authentication round.
            # id =

            # Client EAP-Identity to use in EAP-Identity exchange and the EAP
            # method.
            # eap_id = id

            # Server side EAP-Identity to expect in the EAP method.
            # aaa_id = remote-id

            # Client XAuth username used in the XAuth exchange.
            # xauth_id = id

            # cert<suffix> {

                # Absolute path to the certificate to load.
                # file =

                # Hex-encoded CKA_ID of the certificate on a token.
                # handle =

                # Optional slot number of the token that stores the certificate.
                # slot =

                # Optional PKCS#11 module name.
                # module =

            # }

        # }

        # Section for a remote authentication round.
        # remote<suffix> {

            # Optional numeric identifier by which authentication rounds are
            # sorted.  If not specified rounds are ordered by their position in
            # the config file/VICI message.
            # round = 0

            # IKE identity to expect for authentication round.
            # id = %any

            # Identity to use as peer identity during EAP authentication.
            # eap_id = id

            # Authorization group memberships to require.
            # groups =

            # Certificate policy OIDs the peer's certificate must have.
            # cert_policy =

            # Comma separated list of certificate to accept for authentication.
            # certs =

            # Section for a certificate to accept for authentication.
            # cert<suffix> =

            # Comma separated list of CA certificates to accept for
            # authentication.
            # cacerts =

            # Section for a CA certificate to accept for authentication.
            # cacert<suffix> =

            # Identity in CA certificate to accept for authentication.
            # ca_id =

            # Comma separated list of raw public keys to accept for
            # authentication.
            # pubkeys =

            # Certificate revocation policy, (strict, ifuri or relaxed).
            # revocation = relaxed

            # Authentication to expect from remote (pubkey, psk, xauth[-backend]
            # or eap[-method]).
            # auth = pubkey

            # cert<suffix> {

                # Absolute path to the certificate to load.
                # file =

                # Hex-encoded CKA_ID of the certificate on a token.
                # handle =

                # Optional slot number of the token that stores the certificate.
                # slot =

                # Optional PKCS#11 module name.
                # module =

            # }

            # cacert<suffix> {

                # Absolute path to the certificate to load.
                # file =

                # Hex-encoded CKA_ID of the CA certificate on a token.
                # handle =

                # Optional slot number of the token that stores the CA
                # certificate.
                # slot =

                # Optional PKCS#11 module name.
                # module =

            # }

        # }

        # children {

            # CHILD_SA configuration sub-section.
            # <child> {

                # AH proposals to offer for the CHILD_SA.
                # ah_proposals =

                # ESP proposals to offer for the CHILD_SA.
                # esp_proposals = default

                # Use incorrect 96-bit truncation for HMAC-SHA-256.
                # sha256_96 = no

                # Local traffic selectors to include in CHILD_SA.
                # local_ts = dynamic

                # Remote selectors to include in CHILD_SA.
                # remote_ts = dynamic

                # Time to schedule CHILD_SA rekeying.
                # rekey_time = 1h

                # Maximum lifetime before CHILD_SA gets closed, as time.
                # life_time = rekey_time + 10%

                # Range of random time to subtract from rekey_time.
                # rand_time = life_time - rekey_time

                # Number of bytes processed before initiating CHILD_SA rekeying.
                # rekey_bytes = 0

                # Maximum bytes processed before CHILD_SA gets closed.
                # life_bytes = rekey_bytes + 10%

                # Range of random bytes to subtract from rekey_bytes.
                # rand_bytes = life_bytes - rekey_bytes

                # Number of packets processed before initiating CHILD_SA
                # rekeying.
                # rekey_packets = 0

                # Maximum number of packets processed before CHILD_SA gets
                # closed.
                # life_packets = rekey_packets + 10%

                # Range of random packets to subtract from packets_bytes.
                # rand_packets = life_packets - rekey_packets

                # Updown script to invoke on CHILD_SA up and down events.
                # updown =

                # Hostaccess variable to pass to updown script.
                # hostaccess = no

                # IPsec Mode to establish (tunnel, transport, transport_proxy,
                # beet, pass or drop).
                # mode = tunnel

                # Whether to install IPsec policies or not.
                # policies = yes

                # Whether to install outbound FWD IPsec policies or not.
                # policies_fwd_out = no

                # Action to perform on DPD timeout (clear, trap or restart).
                # dpd_action = clear

                # Enable IPComp compression before encryption.
                # ipcomp = no

                # Timeout before closing CHILD_SA after inactivity.
                # inactivity = 0s

                # Fixed reqid to use for this CHILD_SA.
                # reqid = 0

                # Optional fixed priority for IPsec policies.
                # priority = 0

                # Optional interface name to restrict IPsec policies.
                # interface =

                # Netfilter mark and mask for input traffic.
                # mark_in = 0/0x00000000

                # Whether to set *mark_in* on the inbound SA.
                # mark_in_sa = no

                # Netfilter mark and mask for output traffic.
                # mark_out = 0/0x00000000

                # Netfilter mark applied to packets after the inbound IPsec SA
                # processed them.
                # set_mark_in = 0/0x00000000

                # Netfilter mark applied to packets after the outbound IPsec SA
                # processed them.
                # set_mark_out = 0/0x00000000

                # Inbound XFRM interface ID (32-bit unsigned integer).
                # if_id_in = 0

                # Outbound XFRM interface ID (32-bit unsigned integer).
                # if_id_out = 0

                # Optional security label (e.g. SELinux context), IKEv2 only.
                # Refer to label_mode for details on how labels are processed.
                # label =

                # Security label mode (system, simple or selinux), IKEv2 only.
                # label_mode = system

                # Traffic Flow Confidentiality padding.
                # tfc_padding = 0

                # IPsec replay window to configure for this CHILD_SA.
                # replay_window = 32

                # Enable hardware offload for this CHILD_SA, if supported by the
                # IPsec implementation.
                # hw_offload = no

                # Whether to copy the DF bit to the outer IPv4 header in tunnel
                # mode.
                # copy_df = yes

                # Whether to copy the ECN header field to/from the outer IP
                # header in tunnel mode.
                # copy_ecn = yes

                # Whether to copy the DSCP header field to/from the outer IP
                # header in tunnel mode.
                # copy_dscp = out

                # Action to perform after loading the configuration (none, trap,
                # start).
                # start_action = none

                # Action to perform after a CHILD_SA gets closed (none, trap,
                # start).
                # close_action = none

            # }

        # }

    # }

# }

# Section defining secrets for IKE/EAP/XAuth authentication and private key
# decryption.
# secrets {

    # EAP secret section for a specific secret.
    # eap<suffix> {

        # Value of the EAP/XAuth secret.
        # secret =

        # Identity the EAP/XAuth secret belongs to.
        # id<suffix> =

    # }

    # XAuth secret section for a specific secret.
    # xauth<suffix> {

    # }

    # NTLM secret section for a specific secret.
    # ntlm<suffix> {

        # Value of the NTLM secret.
        # secret =

        # Identity the NTLM secret belongs to.
        # id<suffix> =

    # }

    # IKE preshared secret section for a specific secret.
    # ike<suffix> {

        # Value of the IKE preshared secret.
        # secret =

        # IKE identity the IKE preshared secret belongs to.
        # id<suffix> =

    # }

    # Postquantum Preshared Key (PPK) section for a specific secret.
    # ppk<suffix> {

        # Value of the PPK.
        # secret =

        # PPK identity the PPK belongs to.
        # id<suffix> =

    # }

    # Private key decryption passphrase for a key in the private folder.
    # private<suffix> {

        # File name in the private folder for which this passphrase should be
        # used.
        # file =

        # Value of decryption passphrase for private key.
        # secret =

    # }

    # Private key decryption passphrase for a key in the rsa folder.
    # rsa<suffix> {

        # File name in the rsa folder for which this passphrase should be used.
        # file =

        # Value of decryption passphrase for RSA key.
        # secret =

    # }

    # Private key decryption passphrase for a key in the ecdsa folder.
    # ecdsa<suffix> {

        # File name in the ecdsa folder for which this passphrase should be
        # used.
        # file =

        # Value of decryption passphrase for ECDSA key.
        # secret =

    # }

    # Private key decryption passphrase for a key in the pkcs8 folder.
    # pkcs8<suffix> {

        # File name in the pkcs8 folder for which this passphrase should be
        # used.
        # file =

        # Value of decryption passphrase for PKCS#8 key.
        # secret =

    # }

    # PKCS#12 decryption passphrase for a container in the pkcs12 folder.
    # pkcs12<suffix> {

        # File name in the pkcs12 folder for which this passphrase should be
        # used.
        # file =

        # Value of decryption passphrase for PKCS#12 container.
        # secret =

    # }

    # Definition for a private key that's stored on a token/smartcard.
    # token<suffix> {

        # Hex-encoded CKA_ID of the private key on the token.
        # handle =

        # Optional slot number to access the token.
        # slot =

        # Optional PKCS#11 module name to access the token.
        # module =

        # Optional PIN required to access the key on the token. If none is
        # provided the user is prompted during an interactive --load-creds call.
        # pin =

    # }

# }

# Section defining named pools.
# pools {

    # Section defining a single pool with a unique name.
    # <name> {

        # Addresses allocated in pool.
        # addrs =

        # Comma separated list of additional attributes from type <attr>.
        # <attr> =

    # }

# }

# Section defining attributes of certification authorities.
# authorities {

    # Section defining a certification authority with a unique name.
    # <name> {

        # CA certificate belonging to the certification authority.
        # cacert =

        # Absolute path to the certificate to load.
        # file =

        # Hex-encoded CKA_ID of the CA certificate on a token.
        # handle =

        # Optional slot number of the token that stores the CA certificate.
        # slot =

        # Optional PKCS#11 module name.
        # module =

        # Comma-separated list of CRL distribution points.
        # crl_uris =

        # Comma-separated list of OCSP URIs.
        # ocsp_uris =

        # Defines the base URI for the Hash and URL feature supported by IKEv2.
        # cert_uri_base =

    # }

# }

# Include config snippets
include conf.d/*.conf



thanks

I'll say that in your certificate the SAN-DNS entry is missing. This is mine.

X509v3 Subject Alternative Name:
                DNS:vpn.mydomain.com
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2

Could you please post

Code Select Expand

cat /usr/local/etc/swanctl/swanctl.conf | grep local_ts
only to check if this is really 0.0.0.0/0

you have right .. i have not reported a part of the server certificate ..it looks like yours

        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Cert Type:
                SSL Server
            Netscape Comment:
                OPNsense Generated Server Certificate
            X509v3 Subject Key Identifier:
                81:B2:C1:F6:F7:33:5E:A0:1D:B5:10:1D:74:20:6D:75:A5:65:4A:99
            X509v3 Authority Key Identifier:
                keyid:DC:52:85:D6:C4:AB:A9:31:C5:D3:6B:F0:08:28:97:74:BC:6B:AF:22
                DirName:/C=IT/ST=MI/L=xxxxxxx/O=VM4B/emailAddress=adm@xxxxxxx.com/CN=vpn.mydomain.com
                serial:00

            X509v3 Extended Key Usage:
                TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2
            X509v3 Key Usage:
                Digital Signature, Key Encipherment
            X509v3 Subject Alternative Name:
                DNS:vpn.mydomain.com

Code Select Expand

cat /usr/local/etc/swanctl/swanctl.conf | grep local_ts
                # local_ts = dynamic


all the lines of the file swanctl.conf i't commented with #

thanks

... and please: X509v3 extensions" ( System -> Trust -> Certificates ) of your server certificate.

X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            Netscape Cert Type:
                SSL Server
            Netscape Comment:
                OPNsense Generated Server Certificate
            X509v3 Subject Key Identifier:
                81:B2:C1:F6:F7:33:5E:A0:1D:B5:10:1D:74:20:6D:75:A5:65:4A:99
            X509v3 Authority Key Identifier:
                keyid:DC:52:85:D6:C4:AB:A9:31:C5:D3:6B:F0:08:28:97:74:BC:6B:AF:22
                DirName:/C=IT/ST=MI/L=xxxxxxx/O=VM4B/emailAddress=adm@xxxxxxx.com/CN=vpn.mydomain.com
                serial:00

the ip address of source is changed .. 109.118.89.166

Code Select Expand

root@vpn:~ # tcpdump -vvni vmx2 host 192.168.10.200 and host 109.118.89.166
tcpdump: listening on vmx2, link-type EN10MB (Ethernet), capture size 262144 bytes
15:51:15.293532 IP (tos 0x0, ttl 112, id 13393, offset 0, flags , proto TCP (6), length 52)
    109.118.89.166.54068 > 192.168.10.200.443: Flags , cksum 0xac59 (correct), seq 3188826739, win 64240, options [mss 1400,nop,wscale 8,nop,nop,sackOK], length 0
15:51:15.293849 IP (tos 0x0, ttl 63, id 0, offset 0, flags , proto TCP (6), length 52)
    192.168.10.200.443 > 109.118.89.166.54068: Flags [S.], cksum 0x533d (correct), seq 3068371436, ack 3188826740, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
15:51:15.329029 IP (tos 0x0, ttl 112, id 13394, offset 0, flags , proto TCP (6), length 40)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [.], cksum 0x8cfe (correct), seq 1, ack 1, win 514, length 0
15:51:15.340584 IP (tos 0x0, ttl 111, id 0, offset 0, flags , proto TCP (6), length 557)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [P.], cksum 0xf1ca (correct), seq 1:518, ack 1, win 40960, length 517
15:51:15.340971 IP (tos 0x0, ttl 63, id 30058, offset 0, flags , proto TCP (6), length 40)
    192.168.10.200.443 > 109.118.89.166.54068: Flags [.], cksum 0x8b06 (correct), seq 1, ack 518, win 501, length 0
15:51:15.342638 IP (tos 0x0, ttl 63, id 30059, offset 0, flags , proto TCP (6), length 1440)
    192.168.10.200.443 > 109.118.89.166.54068: Flags [.], cksum 0x0916 (correct), seq 1:1401, ack 518, win 501, length 1400
15:51:15.342649 IP (tos 0x0, ttl 63, id 30060, offset 0, flags , proto TCP (6), length 1440)
    192.168.10.200.443 > 109.118.89.166.54068: Flags [.], cksum 0x8ff0 (correct), seq 1401:2801, ack 518, win 501, length 1400
15:51:15.342689 IP (tos 0x0, ttl 63, id 30061, offset 0, flags , proto TCP (6), length 565)
    192.168.10.200.443 > 109.118.89.166.54068: Flags [P.], cksum 0xbe55 (correct), seq 2801:3326, ack 518, win 501, length 525
15:51:15.352065 IP (tos 0x0, ttl 113, id 1, offset 0, flags , proto TCP (6), length 40)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [.], cksum 0xe788 (correct), seq 518, ack 1401, win 40954, length 0
15:51:15.352082 IP (tos 0x0, ttl 113, id 2, offset 0, flags , proto TCP (6), length 40)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [.], cksum 0xe215 (correct), seq 518, ack 2801, win 40949, length 0
15:51:15.352093 IP (tos 0x0, ttl 113, id 3, offset 0, flags , proto TCP (6), length 40)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [.], cksum 0xe00a (correct), seq 518, ack 3326, win 40947, length 0
15:51:15.376622 IP (tos 0x0, ttl 113, id 4, offset 0, flags , proto TCP (6), length 120)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [P.], cksum 0xef32 (correct), seq 518:598, ack 3326, win 40960, length 80
15:51:15.377067 IP (tos 0x0, ttl 63, id 30062, offset 0, flags , proto TCP (6), length 311)
    192.168.10.200.443 > 109.118.89.166.54068: Flags [P.], cksum 0x3914 (correct), seq 3326:3597, ack 598, win 501, length 271
15:51:15.377116 IP (tos 0x0, ttl 63, id 30063, offset 0, flags , proto TCP (6), length 311)
    192.168.10.200.443 > 109.118.89.166.54068: Flags [P.], cksum 0xe82e (correct), seq 3597:3868, ack 598, win 501, length 271
15:51:15.385521 IP (tos 0x0, ttl 113, id 5, offset 0, flags , proto TCP (6), length 40)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [.], cksum 0xdd92 (correct), seq 598, ack 3868, win 40957, length 0
15:51:15.405329 IP (tos 0x0, ttl 113, id 6, offset 0, flags , proto TCP (6), length 985)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [P.], cksum 0x7ca7 (correct), seq 598:1543, ack 3868, win 40957, length 945
15:51:15.435464 IP (tos 0x0, ttl 63, id 30064, offset 0, flags , proto TCP (6), length 1033)
    192.168.10.200.443 > 109.118.89.166.54068: Flags [P.], cksum 0x67d4 (correct), seq 3868:4861, ack 1543, win 501, length 993
15:51:15.444194 IP (tos 0x0, ttl 113, id 7, offset 0, flags , proto TCP (6), length 40)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [.], cksum 0xd603 (correct), seq 1543, ack 4861, win 40954, length 0
15:51:20.440757 IP (tos 0x0, ttl 63, id 30065, offset 0, flags , proto TCP (6), length 64)
    192.168.10.200.443 > 109.118.89.166.54068: Flags [P.], cksum 0x50c1 (correct), seq 4861:4885, ack 1543, win 501, length 24
15:51:20.440774 IP (tos 0x0, ttl 63, id 30066, offset 0, flags , proto TCP (6), length 40)
    192.168.10.200.443 > 109.118.89.166.54068: Flags [F.], cksum 0x73f0 (correct), seq 4885, ack 1543, win 501, length 0
15:51:20.449260 IP (tos 0x0, ttl 113, id 8, offset 0, flags , proto TCP (6), length 40)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [.], cksum 0xd5e6 (correct), seq 1543, ack 4885, win 40959, length 0
15:51:20.450394 IP (tos 0x0, ttl 113, id 9, offset 0, flags , proto TCP (6), length 40)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [.], cksum 0xd5e5 (correct), seq 1543, ack 4886, win 40959, length 0
15:51:20.563285 IP (tos 0x0, ttl 113, id 10, offset 0, flags , proto TCP (6), length 40)
    109.118.89.166.54068 > 192.168.10.200.443: Flags [F.], cksum 0xd5e3 (correct), seq 1543, ack 4886, win 40960, length 0
15:51:20.563576 IP (tos 0x0, ttl 63, id 30067, offset 0, flags , proto TCP (6), length 40)
    192.168.10.200.443 > 109.118.89.166.54068: Flags [.], cksum 0x73ef (correct), seq 4886, ack 1544, win 501, length 0
15:51:21.988990 IP (tos 0x0, ttl 114, id 13404, offset 0, flags , proto UDP (17), length 572)
    109.118.89.166.54073 > 192.168.10.200.500: [udp sum ok] isakmp 2.0 msgid 00000000 cookie c924710918dcbb12->0000000000000000: parent_sa ikev2_init:
    (sa: len=44
        (p: #1 protoid=isakmp transform=4 len=44
            (t: #1 type=encr id=aes (type=keylen value=0100))
            (t: #2 type=integ id=#12 )
            (t: #3 type=prf id=#5 )
            (t: #4 type=dh id=modp2048 )))
    (v2ke: len=256 group=modp2048)
    (nonce: len=48 nonce=(8759fa55a28df7a94de649308fb9b2680e99a96380ab070f95d4604150f2ce66c7fdabf3a335eca34a76843b25d68177) )
    (n: prot_id=#0 type=16430(status))
    (n: prot_id=#0 type=16388(nat_detection_source_ip))
    (n: prot_id=#0 type=16389(nat_detection_destination_ip))
    (v2vid: len=20 vid=.+Qi...}|......a....)
    (v2vid: len=16 vid=.....A.......U. )
    (v2vid: len=16 vid=&$M8..a..*6.....)
    (v2vid: len=20 vid=.R.......I...[*Q....)
15:51:21.990034 IP (tos 0x0, ttl 64, id 60996, offset 0, flags , proto UDP (17), length 64)
    192.168.10.200.500 > 109.118.89.166.54073: [udp sum ok] isakmp 2.0 msgid 00000000 cookie c924710918dcbb12->97483448dff7c2dd: parent_sa ikev2_init:
    (n: prot_id=#0 type=14(no_protocol_chosen)


Signature Algorithm: sha256WithRSAEncryption

Code Select Expand

2023-03-15T06:24:39 Informational charon 05[NET] sending packet: from 192.168.10.200[500] to 93.66.66.180[8899] (36 bytes)
2023-03-15T06:24:39 Informational charon 05[ENC] generating IKE_SA_INIT response 0 [ N(NO_PROP) ]
2023-03-15T06:24:39 Informational charon 05[IKE] no IKE config found for 192.168.10.200...93.66.66.180, sending NO_PROPOSAL_CHOSEN
2023-03-15T06:24:39 Informational charon 05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
2023-03-15T06:24:39 Informational charon 05[NET] received packet: from 93.66.66.180[8899] to 192.168.10.200[500] (544 bytes)


thanks

thanks

Code Select Expand


Nome registro:
Origine:       Microsoft-Windows-WFP
Data:          14/03/2023 16:49:28
ID evento:     1013
Categoria attività:Nessuna
Livello:       Informazioni
Parole chiave: (137438953472)
Utente:        N/D
Computer:      PC
Descrizione:
IPsec: Main Mode SA Terminated
XML evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1013</EventID>
    <Version>1</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000002000000000</Keywords>
    <TimeCreated SystemTime="2023-03-14T15:49:28.8252335Z" />
    <EventRecordID>24</EventRecordID>
    <Correlation />
    <Execution ProcessID="3968" ThreadID="16648" />
    <Channel>
    </Channel>
    <Computer>PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="MainModeLocalAddressLength">16</Data>
    <Data Name="MainModeLocalAddress">02000000AC140A020000000000000000</Data>
    <Data Name="MainModePeerAddressLength">16</Data>
    <Data Name="MainModePeerAddress">0200000002271F7C0000000000000000</Data>
    <Data Name="KeyingModule">2</Data>
    <Data Name="SaLuid">10</Data>
    <Data Name="ICookie">16589922534102917378</Data>
    <Data Name="RCookie">13349597362303481189</Data>
  </EventData>
</Event>

Nome registro:
Origine:       Microsoft-Windows-WFP
Data:          14/03/2023 16:49:28
ID evento:     1026
Categoria attività:Nessuna
Livello:       Informazioni
Parole chiave: (549755813888)
Utente:        N/D
Computer:      PC
Descrizione:
WFP: User Mode Error
XML evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2023-03-14T15:49:28.8251107Z" />
    <EventRecordID>22</EventRecordID>
    <Correlation />
    <Execution ProcessID="3968" ThreadID="16648" />
    <Channel>
    </Channel>
    <Computer>PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">Peer</Data>
    <Data Name="ErrorCode">13868</Data>
  </EventData>
</Event>

Nome registro:
Origine:       Microsoft-Windows-WFP
Data:          14/03/2023 16:49:28
ID evento:     1025
Categoria attività:Nessuna
Livello:       Informazioni
Parole chiave: (8589934592)
Utente:        N/D
Computer:      PC
Descrizione:
IPsec: Receive ISAKMP Packet
XML evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1025</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000200000000</Keywords>
    <TimeCreated SystemTime="2023-03-14T15:49:28.8250728Z" />
    <EventRecordID>20</EventRecordID>
    <Correlation />
    <Execution ProcessID="3968" ThreadID="16648" />
    <Channel>
    </Channel>
    <Computer>PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ICookie">02e173c8a53e3be6</Data>
    <Data Name="RCookie">65359762124c43b9</Data>
    <Data Name="ExchangeType">IKEv2 SA Init Mode</Data>
    <Data Name="Length">36</Data>
    <Data Name="NextPayload">NOTIFY</Data>
    <Data Name="Flags">32</Data>
    <Data Name="MessageID">0</Data>
    <Data Name="LocalAddress">172.20.10.2</Data>
    <Data Name="LocalPort">500</Data>
    <Data Name="LocalProtocol">0</Data>
    <Data Name="RemoteAddress">2.39.31.124</Data>
    <Data Name="RemotePort">500</Data>
    <Data Name="RemoteProtocol">0</Data>
    <Data Name="InterfaceLuid">19985273102270464</Data>
    <Data Name="ProfileId">1</Data>
  </EventData>
</Event>

Nome registro:
Origine:       Microsoft-Windows-WFP
Data:          14/03/2023 16:49:28
ID evento:     1024
Categoria attività:Nessuna
Livello:       Informazioni
Parole chiave: (4294967296)
Utente:        N/D
Computer:      PC
Descrizione:
IPsec: Send ISAKMP Packet
XML evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1024</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000100000000</Keywords>
    <TimeCreated SystemTime="2023-03-14T15:49:28.7694548Z" />
    <EventRecordID>18</EventRecordID>
    <Correlation />
    <Execution ProcessID="3968" ThreadID="16648" />
    <Channel>
    </Channel>
    <Computer>PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ICookie">02e173c8a53e3be6</Data>
    <Data Name="RCookie">0000000000000000</Data>
    <Data Name="ExchangeType">IKEv2 SA Init Mode</Data>
    <Data Name="Length">544</Data>
    <Data Name="NextPayload">SA</Data>
    <Data Name="Flags">8</Data>
    <Data Name="MessageID">0</Data>
    <Data Name="LocalAddress">172.20.10.2</Data>
    <Data Name="LocalPort">500</Data>
    <Data Name="LocalProtocol">0</Data>
    <Data Name="RemoteAddress">2.39.31.124</Data>
    <Data Name="RemotePort">500</Data>
    <Data Name="RemoteProtocol">0</Data>
    <Data Name="InterfaceLuid">19985273102270464</Data>
  </EventData>
</Event>

Nome registro:
Origine:       Microsoft-Windows-WFP
Data:          14/03/2023 16:49:28
ID evento:     1023
Categoria attività:Nessuna
Livello:       Informazioni
Parole chiave: (4294967296)
Utente:        N/D
Computer:      PC
Descrizione:
IPsec: Negotiation Request Initiated
XML evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1023</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000100000000</Keywords>
    <TimeCreated SystemTime="2023-03-14T15:49:28.7611708Z" />
    <EventRecordID>16</EventRecordID>
    <Correlation />
    <Execution ProcessID="3968" ThreadID="14960" />
    <Channel>
    </Channel>
    <Computer>PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="KeyingModule">IKEv2</Data>
    <Data Name="AcquireContext">31</Data>
    <Data Name="LocalAddressLength">16</Data>
    <Data Name="LocalAddress">02000000AC140A020000000000000000</Data>
    <Data Name="RemoteAddressLength">16</Data>
    <Data Name="RemoteAddress">0200000002271F7C0000000000000000</Data>
    <Data Name="Mode">Tunnel Mode</Data>
    <Data Name="FilterId">9223372036854789942</Data>
    <Data Name="IPProtocol">0</Data>
    <Data Name="InterfaceLuid">19985273102270464</Data>
    <Data Name="ProfileId">0</Data>
    <Data Name="LocalUdpEncapPort">0</Data>
    <Data Name="RemoteUdpEncapPort">0</Data>
    <Data Name="MMTargetName">vpn.vmforbusiness.com</Data>
    <Data Name="EMTargetName">NULL</Data>
    <Data Name="NumTokens">0</Data>
    <Data Name="Token1Type">NULL</Data>
    <Data Name="Token1Principal">NULL</Data>
    <Data Name="Token1Mode">NULL</Data>
    <Data Name="Token1">0</Data>
    <Data Name="Token2Type">NULL</Data>
    <Data Name="Token2Principal">NULL</Data>
    <Data Name="Token2Mode">NULL</Data>
    <Data Name="Token2">0</Data>
    <Data Name="Token3Type">NULL</Data>
    <Data Name="Token3Principal">NULL</Data>
    <Data Name="Token3Mode">NULL</Data>
    <Data Name="Token3">0</Data>
    <Data Name="Token4Type">NULL</Data>
    <Data Name="Token4Principal">NULL</Data>
    <Data Name="Token4Mode">NULL</Data>
    <Data Name="Token4">0</Data>
    <Data Name="VirtualIfTunnelId">8</Data>
    <Data Name="TrafficSelectorId">1</Data>
    <Data Name="Flags">24</Data>
    <Data Name="RekeySPI">0</Data>
    <Data Name="OrigVirtualIfTunnelId">0</Data>
    <Data Name="PacketLocalAddressLength">0</Data>
    <Data Name="PacketLocalAddress">
    </Data>
    <Data Name="PacketRemoteAddressLength">0</Data>
    <Data Name="PacketRemoteAddress">
    </Data>
    <Data Name="PacketIPProtocol">0</Data>
    <Data Name="PacketInterfaceLuid">0</Data>
    <Data Name="PacketProfileId">0</Data>
  </EventData>
</Event>

the only log different from "Informazioni   14/03/2023 16:49:28      0   Nessuna" are this

Code Select Expand

........
Informazioni 14/03/2023 16:49:28 0 Nessuna
Informazioni 14/03/2023 16:49:28 Microsoft-Windows-WFP 1013 Nessuna IPsec: Main Mode SA Terminated
Informazioni 14/03/2023 16:49:28 0 Nessuna
Informazioni 14/03/2023 16:49:28 Microsoft-Windows-WFP 1026 Nessuna WFP: User Mode Error
Informazioni 14/03/2023 16:49:28 0 Nessuna
Informazioni 14/03/2023 16:49:28 Microsoft-Windows-WFP 1025 Nessuna IPsec: Receive ISAKMP Packet
Informazioni 14/03/2023 16:49:28 0 Nessuna
Informazioni 14/03/2023 16:49:28 Microsoft-Windows-WFP 1024 Nessuna IPsec: Send ISAKMP Packet
Informazioni 14/03/2023 16:49:28 0 Nessuna
Informazioni 14/03/2023 16:49:28 Microsoft-Windows-WFP 1023 Nessuna IPsec: Negotiation Request Initiated
Informazioni 14/03/2023 16:49:28 0 Nessuna

.....
   

done ... this is the complete log

Code Select Expand

LLivello Data e ora Origine ID evento Categoria attività
Errore 14/03/2023 12:32:41 Microsoft-Windows-RRAS 12000 Nessuna From !!!!!SDOWRAPPER.LIB!!!!!!!!!!
Errore 14/03/2023 12:32:41 Microsoft-Windows-RRAS 12000 Nessuna From !!!!!SDOWRAPPER.LIB!!!!!!!!!!
Informazioni 14/03/2023 12:32:41 Microsoft-Windows-RRAS 16001 Nessuna IPv6CP: Setting tracing parameters
Informazioni 14/03/2023 12:32:41 Microsoft-Windows-RRAS 16001 Nessuna PAP: Setting tracing parameters
Informazioni 14/03/2023 12:32:41 Microsoft-Windows-RRAS 6001 Nessuna FROM !!!!!WFP.LIB!!!!!!!!
Informazioni 14/03/2023 12:32:41 Microsoft-Windows-RRAS 14001 Nessuna From !!!!HOSTROUT.LIB!!!!!
Informazioni 14/03/2023 12:32:51 Microsoft-Windows-RRAS 6001 Nessuna VPNIKE Recevied message PROTOCOL_MSG_GetNewIkeTunnelId
Informazioni 14/03/2023 12:32:51 Microsoft-Windows-RRAS 6001 Nessuna Entering BaseConnectionFactory::GenerateConnectionId...
Informazioni 14/03/2023 12:32:51 Microsoft-Windows-RRAS 6001 Nessuna Leaving BaseConnectionFactory::GenerateConnectionId (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna VPNIKE Recevied message PROTOCOL_MSG_Start
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering ConnectionTable::GetConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving ConnectionTable::GetConnection
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEProtocolEngine::GetRasDeviceParams...
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6002 Nessuna RasDeviceGetInfo=603,s=294
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6002 Nessuna RasDeviceGetInfo=0,s=294,noParams=3
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6002 Nessuna ConnectionId=4,Destination IP=x.xx.xx.xxx
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEProtocolEngine::GetRasDeviceParams (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Username: administrator
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Domain:
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Un-expected PSK size: 0 received. Ignoring the PSK.
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna CorrelationGuid: {13174144-53AF-0002-3093-2913AF53D901}
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna PhonebookPath: [C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk], EntryName: [VM4B]
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Destination Address: [x.xx.xx.xxx]
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna ConfigFlags: 0x08009288, ProtocolConfigFlags: 0x00000288
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna IdleTimeOut: -1, NetworkOutageTime: 1800
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna ipv6addres [IpRemote=0]
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna PrefixLength [0]
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering VPNIKEConnectionFactory::CreateConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering BaseConnection::BaseConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Configured IdleTimeOut:4294967295, approx. value used:4294967295
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna InterfaceIndex:12, MTU:1500
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving BaseConnection::BaseConnection (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEConnection::VPNIKEConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering IPv4Helper::IPv4Helper...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving IPv4Helper::IPv4Helper (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering IPv6Helper::IPv6Helper...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving IPv6Helper::IPv6Helper
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering IPNotifications::IPNotifications...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving IPNotifications::IPNotifications
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Created new IPNotifications instance
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEConnection::VPNIKEConnection (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEClientConnection::VPNIKEClientConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering BFEHandler::BFEHandler...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering BFEHandler::GetBfeHandle...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving BFEHandler::GetBfeHandle (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving BFEHandler::BFEHandler (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering ClientBFEHandler::ClientBFEHandler...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving ClientBFEHandler::ClientBFEHandler
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna BaseAAAHelper Instance is getting created
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Auth type is EAP hence initiating ClientEAPAuthHandler
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering EAPAuthHandler::EAPAuthHandler...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving EAPAuthHandler::EAPAuthHandler
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering ClientEAPAuthHandler::ClientEAPAuthHandler...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving ClientEAPAuthHandler::ClientEAPAuthHandler
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEClientConnection::VPNIKEClientConnection (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering ConnectionTable::Add...
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6000 Nessuna Add new connection with Id 4 @ index 4
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving ConnectionTable::Add (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Signalling the event that the number of connections are atleast 1
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving VPNIKEConnectionFactory::CreateConnection (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering BFEHandler::PopulateTrafficSelectors...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering TrafficSelectors::TrafficSelectors...
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6000 Nessuna Total list of TS Payloads = 1
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving TrafficSelectors::TrafficSelectors
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering TrafficSelectors::InitTsPayloads...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering TrafficSelectors::PopulateTsPayloadById...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering TrafficSelectors::GetDefaultTs...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving TrafficSelectors::GetDefaultTs
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering TrafficSelectors::GetDefaultTs...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving TrafficSelectors::GetDefaultTs
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving TrafficSelectors::PopulateTsPayloadById
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving TrafficSelectors::InitTsPayloads
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving BFEHandler::PopulateTrafficSelectors (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering ThreadPoolHelper::QueueWorkItem...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving ThreadPoolHelper::QueueWorkItem (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEProtocolEngine::DispatchMessageA...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Processing PROTOCOL_MSG_Start for hPort=3
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering ConnectionTable::GetConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving ConnectionTable::GetConnection
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEClientConnection::ProcessStart...
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6002 Nessuna ===> Eap Method Type : 26
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6002 Nessuna SetEapAuthData EapBegin EapMethodId =  0
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering ClientBFEHandler::PlumbPolicy...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Adding Policy for Server address
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Building custom Client IKEv2 proposals
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Custom Client IKEv2 proposal count: 1
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Adding EAP as LocalAuth method
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6002 Nessuna IsPeerCertValidationForEapDiasabled: RegQueryValueEx for IkeAuthTypeNoServerCert failed with 2
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Adding Cert as RemoteAuth method
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6002 Nessuna IsCertRequestPayloadDisabled: RegQueryValueEx for DisableCertReqPayload failed with 2
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Adding Cert(method type: 7) as RemoteAuth method
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Adding Cert(method type: 8) as RemoteAuth method
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Chosen encryption: 3,localauth: 1,remoteauth: 2
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering BFEHandler::GetBfeHandle...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving BFEHandler::GetBfeHandle (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving ClientBFEHandler::PlumbPolicy (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Adding header v4 remote address to additional addresses
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering LogAdditionalAddresses...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna "Additional Address:
NumberOfIPv4Address: [1]
[0]:x.xx.xx.xxx
NumberOfIPv6Address: [0]"
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving LogAdditionalAddresses
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEConnection::UpdatePeerAdditionalAddresses...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEConnection::UpdatePeerAdditionalAddresses
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering ClientBFEHandler::StartSANegotiation...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering BFEHandler::GetBfeHandle...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving BFEHandler::GetBfeHandle (status: 0).
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6002 Nessuna IsCertSubjectNameCheckDisabled failed: RegQueryValueEx for DisableIKENameEkuCheck failed with 2
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna TunnelProtocolV4
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6000 Nessuna StartService failed with error: 0
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving ClientBFEHandler::StartSANegotiation (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna UpdateState: 0x00000001
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEClientConnection::ProcessStart (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Processing done PROTOCOL_MSG_Start for hPort=3. Error:0
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEProtocolEngine::DispatchMessageA (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 8001 Nessuna Entered: CloseTunnel
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 8001 Nessuna Entering InitializeVpnIkeRpcClient...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 8001 Nessuna Leaving InitializeVpnIkeRpcClient
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering VpnikeCloseTunnel...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Tunnel ID: 0x4, Failure reason: 13868
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering SignalSynchronizingEvent...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering SynchronizationEventManager::SignalAndDeleteEventHandle...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering SynchronizationEventManager::SignalEventHandle...
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6000 Nessuna SyncEventEntry object with 4 could NOT be found
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving SynchronizationEventManager::SignalEventHandle (status: 1168).
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6000 Nessuna SignalEventHandle failed: 1168
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving SynchronizationEventManager::SignalAndDeleteEventHandle (status: 1168).
Errore 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6000 Nessuna Signaling of synchronizing event failed. Error = 1168
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving SignalSynchronizingEvent (status: 1168).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering ConnectionTable::GetConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving ConnectionTable::GetConnection
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEClientConnection::CloseTunnel...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering VPNIKEClientConnection::InitiateIkeCompleteCallback...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna UpdateState: 0x00000801
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Processing Close Tunnel with reason: 13868
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEClientConnection::Disconnect...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna UpdateState: 0x00100801
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEConnection::Disconnect...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna DisconnectReason: 2
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering IPv4Helper::Cleanup...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering IPv4Helper::ResetIPv4Settings...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving IPv4Helper::ResetIPv4Settings (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving IPv4Helper::Cleanup (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering IPv6Helper::Cleanup...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering IPv6Helper::ResetIPv6Settings...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving IPv6Helper::ResetIPv6Settings (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving IPv6Helper::Cleanup (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEConnection::Disconnect
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering ClientBFEHandler::DeletePolicy...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering BFEHandler::GetBfeHandle...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving BFEHandler::GetBfeHandle (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving ClientBFEHandler::DeletePolicy
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEClientConnection::Disconnect
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Connection State: 0x00100801
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEClientConnection::CloseTunnel (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving VpnikeCloseTunnel (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna InitiateIkeCompleteCallback:SA negotiation failure Status:13868 for TunnelID: 4
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna InitiateIkeCompleteCallback:All SA negotiation completed. Status:13868 for TunnelID: 4
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 8001 Nessuna Leaving: CloseTunnel
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna UpdateState: 0x00100C03
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna NotifyCaller(hPort=3, PROTOCOL_RES_Failure)
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Connection State: 0x00100C03
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving VPNIKEClientConnection::InitiateIkeCompleteCallback
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna VPNIKE Recevied message PROTOCOL_MSG_Stop
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering ThreadPoolHelper::QueueWorkItem...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving ThreadPoolHelper::QueueWorkItem (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEProtocolEngine::DispatchMessageA...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Processing PROTOCOL_MSG_Stop for hPort=3
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering ConnectionTable::GetConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving ConnectionTable::GetConnection
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEClientConnection::ProcessStop...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna UpdateState: 0x00101C03
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEClientConnection::Disconnect...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Disconnect is in progress. No need to initiate again.
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEClientConnection::Disconnect
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna UpdateState: 0x00103C03
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Connection State: 0x00103C03
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Notify Rasman about VPNIKE connection stopped
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna NotifyCaller(hPort=3, PROTOCOL_RES_Stopped)
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna VPNIKE Recevied message PROTOCOL_MSG_LineDown
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering ThreadPoolHelper::QueueWorkItem...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving ThreadPoolHelper::QueueWorkItem (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEProtocolEngine::DispatchMessageA...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Processing PROTOCOL_MSG_LineDown for hPort=3
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering ConnectionTable::GetConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving ConnectionTable::GetConnection
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna UpdateState: 0x00107C03
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEClientConnection::ProcessStop
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Processing done PROTOCOL_MSG_Stop for hPort=3. Error:0
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEProtocolEngine::DispatchMessageA (status: 0).
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEClientConnection::ProcessLineDown...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna UpdateState: 0x0010FC03
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEClientConnection::Disconnect...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Connection already disconnected. Hence nothing to cleanup
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEClientConnection::Disconnect
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEClientConnection::ProcessLineDown
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEConnection::IdleTimerStop...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEConnection::IdleTimerStop
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering ConnectionTable::Remove...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Found the connection object 4 at index 4
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Removed connection with Id 4 at index 4
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving ConnectionTable::Remove
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering BaseConnectionFactory::ReleaseConnectionId...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving BaseConnectionFactory::ReleaseConnectionId
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEClientConnection::~VPNIKEClientConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering RADIUSAccounting::StopInterimAccouting...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving RADIUSAccounting::StopInterimAccouting
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna BaseAAAHelper Instance is getting Deleted
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEClientConnection::~VPNIKEClientConnection
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEConnection::~VPNIKEConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEConnection::Cleanup...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEConnection::IdleTimerStop...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEConnection::IdleTimerStop
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering ClientBFEHandler::~ClientBFEHandler...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving ClientBFEHandler::~ClientBFEHandler
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering BFEHandler::~BFEHandler...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering TrafficSelectors::~TrafficSelectors...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving TrafficSelectors::~TrafficSelectors
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving BFEHandler::~BFEHandler
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering IPv4Helper::~IPv4Helper...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving IPv4Helper::~IPv4Helper
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering IPv6Helper::~IPv6Helper...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving IPv6Helper::~IPv6Helper
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering ClientEAPAuthHandler::~ClientEAPAuthHandler...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering ClientEAPAuthHandler::Cleanup...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving ClientEAPAuthHandler::Cleanup
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving ClientEAPAuthHandler::~ClientEAPAuthHandler
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Entering EAPAuthHandler::~EAPAuthHandler...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving EAPAuthHandler::~EAPAuthHandler
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Deleting IPNotifications instance
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering IPNotifications::~IPNotifications...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering IPNotifications::Cleanup...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving IPNotifications::Cleanup
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving IPNotifications::~IPNotifications
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEConnection::Cleanup
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEConnection::~VPNIKEConnection
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Entering BaseConnection::~BaseConnection...
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Leaving BaseConnection::~BaseConnection
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6001 Nessuna Signalling the event that the number of connections have reached to zero
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Processing done PROTOCOL_MSG_LineDown for hPort=3. Error:0
Informazioni 14/03/2023 12:32:58 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEProtocolEngine::DispatchMessageA (status: 0).
Informazioni 14/03/2023 12:33:00 Microsoft-Windows-RRAS 6001 Nessuna VPNIKE Recevied message PROTOCOL_MSG_GetNewIkeTunnelId
Informazioni 14/03/2023 12:33:00 Microsoft-Windows-RRAS 6001 Nessuna Entering BaseConnectionFactory::GenerateConnectionId...
Informazioni 14/03/2023 12:33:00 Microsoft-Windows-RRAS 6001 Nessuna Leaving BaseConnectionFactory::GenerateConnectionId (status: 0).
Informazioni 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6001 Nessuna VPNIKE Recevied message PROTOCOL_MSG_Start
Informazioni 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6001 Nessuna Entering ConnectionTable::GetConnection...
Informazioni 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6001 Nessuna Leaving ConnectionTable::GetConnection
Informazioni 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6003 Nessuna Entering VPNIKEProtocolEngine::GetRasDeviceParams...
Errore 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6002 Nessuna RasDeviceGetInfo=603,s=294
Errore 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6002 Nessuna RasDeviceGetInfo=0,s=294,noParams=3
Errore 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6002 Nessuna ConnectionId=5,Destination IP=x.xx.xx.xxx
Informazioni 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6003 Nessuna Leaving VPNIKEProtocolEngine::GetRasDeviceParams (status: 0).
Informazioni 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6001 Nessuna Username: administrator
Informazioni 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6001 Nessuna Domain:
Informazioni 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6001 Nessuna Un-expected PSK size: 0 received. Ignoring the PSK.
Informazioni 14/03/2023 12:33:08 Microsoft-Windows-RRAS 6001 Nessuna CorrelationGuid: {13174144-53AF-0002-6D93-2913AF53D901}

done ..  no IKE config found for xxxxxxxx...xxxxxxx, sending NO_PROPOSAL_CHOSEN

sorry for the mistake

you refer to the ESP rule on wan interface... rule added problem still persist