<ipsec> <phase1> <ikeid>1</ikeid> <iketype>ikev1</iketype> <interface>wan</interface> <mode>main</mode> <protocol>inet</protocol> <myid_type>myaddress</myid_type> <peerid_type>peeraddress</peerid_type> <encryption-algorithm> <name>aes</name> <keylen>256</keylen> </encryption-algorithm> <hash-algorithm>sha256</hash-algorithm> <dhgroup>18</dhgroup> <lifetime>86400</lifetime> <pre-shared-key>XXX</pre-shared-key> <authentication_method>pre_shared_key</authentication_method> <descr>VPN-Tunnel to Remote</descr> <nat_traversal>on</nat_traversal> <private-key/> <remote-gateway>REMOTE_GATEWAY</remote-gateway> <dpd_delay>10</dpd_delay> <dpd_maxfail>5</dpd_maxfail> </phase1> <phase2> <ikeid>1</ikeid> <uniqid>5920b017a7c2b</uniqid> <mode>tunnel</mode> <pfsgroup>18</pfsgroup> <lifetime>3600</lifetime> <pinghost>REMOTE_IP</pinghost> <descr>remote host</descr> <protocol>esp</protocol> <natlocalid> <type>address</type> <address>WAN_IP</address> <nattype>auto</nattype> </natlocalid> <localid> <type>lan</type> </localid> <remoteid> <type>address</type> <address>REMOTE_IP</address> </remoteid> <encryption-algorithm-option> <name>aes</name> <keylen>256</keylen> </encryption-algorithm-option> <hash-algorithm-option>hmac_sha256</hash-algorithm-option> </phase2> </ipsec>
00[DMN] Starting IKE charon daemon (strongSwan 5.5.2, FreeBSD 11.0-RELEASE-p10, amd64)00[KNL] unable to set UDP_ENCAP: Invalid argument00[NET] enabling UDP decapsulation for IPv6 on port 4500 failed00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'00[CFG] loaded IKE secret for <REMOTE_GATEWAY>00[CFG] loaded 0 RADIUS server configurations00[LIB] loaded plugins: charon aes des blowfish rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf curve25519 xcbc cmac hmac gcm attr kernel-pfkey kernel-pfroute resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap xauth-generic whitelist addrblock00[JOB] spawning 16 worker threads16[CFG] received stroke: add connection 'con1'16[CFG] added configuration 'con1'05[CFG] received stroke: route 'con1'05[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (212 bytes)05[ENC] parsed ID_PROT request 0 [ SA V V V V ]05[IKE] received DPD vendor ID05[IKE] received FRAGMENTATION vendor ID05[IKE] received FRAGMENTATION vendor ID05[ENC] received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:05:02:e605[IKE] <REMOTE_GATEWAY> is initiating a Main Mode IKE_SA05[IKE] <REMOTE_GATEWAY> is initiating a Main Mode IKE_SA05[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING05[IKE] sending XAuth vendor ID05[IKE] sending DPD vendor ID05[IKE] sending FRAGMENTATION vendor ID05[ENC] generating ID_PROT response 0 [ SA V V V ]05[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (144 bytes)05[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (1076 bytes)05[ENC] parsed ID_PROT request 0 [ KE No ]05[ENC] generating ID_PROT response 0 [ KE No ]05[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (1092 bytes)05[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (108 bytes)05[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]05[CFG] looking for pre-shared key peer configs matching <WAN_IP>...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]05[CFG] selected peer config "con1"05[IKE] IKE_SA con1[1] established between <WAN_IP>[<WAN_IP>]...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]05[IKE] IKE_SA con1[1] established between <WAN_IP>[<WAN_IP>]...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]05[IKE] IKE_SA con1[1] state change: CONNECTING => ESTABLISHED05[IKE] scheduling reauthentication in 85487s05[IKE] maximum IKE_SA lifetime 86027s05[ENC] generating ID_PROT response 0 [ ID HASH ]05[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (92 bytes)15[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (1196 bytes)15[ENC] parsed QUICK_MODE request 2120383014 [ HASH SA No KE ID ID ]15[IKE] no matching CHILD_SA config found15[IKE] queueing INFORMATIONAL task15[IKE] activating new tasks15[IKE] activating INFORMATIONAL task15[ENC] generating INFORMATIONAL_V1 request 2879248864 [ HASH N(INVAL_ID) ]15[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (92 bytes)[...]15[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (1196 bytes)15[ENC] parsed QUICK_MODE request 2120383014 [ HASH SA No KE ID ID ]15[ENC] received HASH payload does not match15[IKE] integrity check failed15[ENC] generating INFORMATIONAL_V1 request 3665471938 [ HASH N(INVAL_HASH) ]15[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (92 bytes)15[IKE] QUICK_MODE request with message ID 2120383014 processing failed15[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (108 bytes)15[ENC] parsed INFORMATIONAL_V1 request 1902660597 [ HASH N(DPD) ]15[IKE] queueing ISAKMP_DPD task15[IKE] activating new tasks15[IKE] activating ISAKMP_DPD task15[ENC] generating INFORMATIONAL_V1 request 2994610690 [ HASH N(DPD_ACK) ]15[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (108 bytes)[...]10[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (108 bytes)10[ENC] parsed INFORMATIONAL_V1 request 3827322351 [ HASH D ]10[IKE] received DELETE for IKE_SA con1[1]10[IKE] deleting IKE_SA con1[1] between <WAN_IP>[<WAN_IP>]...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]10[IKE] deleting IKE_SA con1[1] between <WAN_IP>[<WAN_IP>]...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]10[IKE] IKE_SA con1[1] state change: ESTABLISHED => DELETING10[IKE] IKE_SA con1[1] state change: DELETING => DELETING10[IKE] IKE_SA con1[1] state change: DELETING => DESTROYING10[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (212 bytes)10[ENC] parsed ID_PROT request 0 [ SA V V V V ]10[IKE] received DPD vendor ID10[IKE] received FRAGMENTATION vendor ID10[IKE] received FRAGMENTATION vendor ID10[ENC] received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:05:02:e610[IKE] <REMOTE_GATEWAY> is initiating a Main Mode IKE_SA10[IKE] <REMOTE_GATEWAY> is initiating a Main Mode IKE_SA10[IKE] IKE_SA (unnamed)[2] state change: CREATED => CONNECTING10[IKE] sending XAuth vendor ID10[IKE] sending DPD vendor ID10[IKE] sending FRAGMENTATION vendor ID10[ENC] generating ID_PROT response 0 [ SA V V V ]10[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (144 bytes)10[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (1076 bytes)10[ENC] parsed ID_PROT request 0 [ KE No ]10[ENC] generating ID_PROT response 0 [ KE No ]10[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (1092 bytes)10[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (108 bytes)10[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]10[CFG] looking for pre-shared key peer configs matching <WAN_IP>...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]10[CFG] selected peer config "con1"10[IKE] IKE_SA con1[2] established between <WAN_IP>[<WAN_IP>]...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]10[IKE] IKE_SA con1[2] established between <WAN_IP>[<WAN_IP>]...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]10[IKE] IKE_SA con1[2] state change: CONNECTING => ESTABLISHED10[IKE] scheduling reauthentication in 85592s10[IKE] maximum IKE_SA lifetime 86132s10[ENC] generating ID_PROT response 0 [ ID HASH ]10[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (92 bytes)05[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (364 bytes)05[ENC] parsed QUICK_MODE request 1287641317 [ HASH SA No KE ID ID ]05[IKE] no matching CHILD_SA config found05[IKE] queueing INFORMATIONAL task05[IKE] activating new tasks05[IKE] activating INFORMATIONAL task05[ENC] generating INFORMATIONAL_V1 request 1308943122 [ HASH N(INVAL_ID) ]05[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (92 bytes)05[IKE] activating new tasks05[IKE] nothing to initiate10[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (364 bytes)10[IKE] received retransmit of request with ID 1287641317, but no response to retransmit10[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (108 bytes)10[ENC] parsed INFORMATIONAL_V1 request 3364558570 [ HASH N(DPD) ]10[IKE] queueing ISAKMP_DPD task10[IKE] activating new tasks10[IKE] activating ISAKMP_DPD task10[ENC] generating INFORMATIONAL_V1 request 521142270 [ HASH N(DPD_ACK) ]10[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (108 bytes)10[IKE] activating new tasks10[IKE] nothing to initiate10[KNL] creating acquire job for policy <WAN_IP>/32 === <REMOTE_GATEWAY>/32 with reqid {1}10[IKE] queueing QUICK_MODE task10[IKE] activating new tasks10[IKE] activating QUICK_MODE task10[ENC] generating QUICK_MODE request 3012369156 [ HASH SA No KE ID ID ]10[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (1228 bytes)10[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (364 bytes)10[ENC] parsed QUICK_MODE request 1287641317 [ HASH SA No KE ID ID ]10[ENC] received HASH payload does not match10[IKE] integrity check failed10[ENC] generating INFORMATIONAL_V1 request 3041320764 [ HASH N(INVAL_HASH) ]10[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (92 bytes)10[IKE] QUICK_MODE request with message ID 1287641317 processing failed10[IKE] sending retransmit 1 of request message ID 3012369156, seq 310[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (1228 bytes)10[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (108 bytes)10[ENC] parsed INFORMATIONAL_V1 request 407145585 [ HASH N(DPD) ]10[IKE] queueing ISAKMP_DPD task10[IKE] delaying task initiation, QUICK_MODE exchange in progress10[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (108 bytes)10[ENC] parsed INFORMATIONAL_V1 request 3707031783 [ HASH N(DPD) ]10[IKE] queueing ISAKMP_DPD task10[IKE] delaying task initiation, QUICK_MODE exchange in progress10[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (364 bytes)10[ENC] parsed QUICK_MODE request 1287641317 [ HASH SA No KE ID ID ]10[ENC] received HASH payload does not match10[IKE] integrity check failed10[ENC] generating INFORMATIONAL_V1 request 1596815564 [ HASH N(INVAL_HASH) ]10[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (92 bytes)10[IKE] QUICK_MODE request with message ID 1287641317 processing failed10[IKE] sending retransmit 2 of request message ID 3012369156, seq 310[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (1228 bytes)10[KNL] creating acquire job for policy <WAN_IP>/32 === <REMOTE_GATEWAY>/32 with reqid {1}10[CFG] ignoring acquire, connection attempt pending10[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (108 bytes)10[ENC] parsed INFORMATIONAL_V1 request 1524991498 [ HASH N(DPD) ]10[IKE] queueing ISAKMP_DPD task10[IKE] delaying task initiation, QUICK_MODE exchange in progress09[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (108 bytes)09[ENC] parsed INFORMATIONAL_V1 request 3342942689 [ HASH D ]09[IKE] received DELETE for IKE_SA con1[2]09[IKE] deleting IKE_SA con1[2] between <WAN_IP>[<WAN_IP>]...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]09[IKE] deleting IKE_SA con1[2] between <WAN_IP>[<WAN_IP>]...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]09[IKE] IKE_SA con1[2] state change: ESTABLISHED => DELETING09[IKE] queueing ISAKMP_VENDOR task09[IKE] queueing ISAKMP_CERT_PRE task09[IKE] queueing MAIN_MODE task09[IKE] queueing ISAKMP_CERT_POST task09[IKE] queueing ISAKMP_NATD task09[IKE] activating new tasks09[IKE] activating ISAKMP_VENDOR task09[IKE] activating ISAKMP_CERT_PRE task09[IKE] activating MAIN_MODE task09[IKE] activating ISAKMP_CERT_POST task09[IKE] activating ISAKMP_NATD task09[IKE] sending XAuth vendor ID09[IKE] sending DPD vendor ID09[IKE] sending FRAGMENTATION vendor ID09[IKE] sending NAT-T (RFC 3947) vendor ID09[IKE] sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID09[IKE] initiating Main Mode IKE_SA con1[3] to <REMOTE_GATEWAY>09[IKE] initiating Main Mode IKE_SA con1[3] to <REMOTE_GATEWAY>09[IKE] IKE_SA con1[3] state change: CREATED => CONNECTING09[ENC] generating ID_PROT request 0 [ SA V V V V V ]09[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (184 bytes)09[IKE] IKE_SA con1[2] state change: DELETING => DELETING09[IKE] IKE_SA con1[2] state change: DELETING => DESTROYING09[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (172 bytes)09[ENC] parsed ID_PROT response 0 [ SA V V V V ]09[IKE] received DPD vendor ID09[ENC] received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:05:02:e609[IKE] received FRAGMENTATION vendor ID09[IKE] received FRAGMENTATION vendor ID09[IKE] reinitiating already active tasks09[IKE] ISAKMP_VENDOR task09[IKE] MAIN_MODE task09[ENC] generating ID_PROT request 0 [ KE No ]09[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (1092 bytes)09[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (1076 bytes)09[ENC] parsed ID_PROT response 0 [ KE No ]09[IKE] reinitiating already active tasks09[IKE] ISAKMP_VENDOR task09[IKE] MAIN_MODE task09[ENC] generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]09[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (108 bytes)09[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (92 bytes)09[ENC] parsed ID_PROT response 0 [ ID HASH ]09[IKE] IKE_SA con1[3] established between <WAN_IP>[<WAN_IP>]...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]09[IKE] IKE_SA con1[3] established between <WAN_IP>[<WAN_IP>]...<REMOTE_GATEWAY>[<REMOTE_GATEWAY>]09[IKE] IKE_SA con1[3] state change: CONNECTING => ESTABLISHED09[IKE] scheduling reauthentication in 85598s09[IKE] maximum IKE_SA lifetime 86138s09[IKE] activating new tasks09[IKE] activating QUICK_MODE task09[ENC] generating QUICK_MODE request 150100022 [ HASH SA No KE ID ID ]09[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (1228 bytes)09[KNL] creating acquire job for policy <WAN_IP>/32 === <REMOTE_GATEWAY>/32 with reqid {1}08[IKE] queueing QUICK_MODE task08[IKE] delaying task initiation, QUICK_MODE exchange in progress08[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (364 bytes)08[ENC] parsed QUICK_MODE request 1622390271 [ HASH SA No KE ID ID ]08[IKE] no matching CHILD_SA config found08[IKE] queueing INFORMATIONAL task08[IKE] delaying task initiation, QUICK_MODE exchange in progress08[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (364 bytes)08[IKE] received retransmit of request with ID 1622390271, but no response to retransmit08[IKE] sending retransmit 1 of request message ID 150100022, seq 408[NET] sending packet: from <WAN_IP>[500] to <REMOTE_GATEWAY>[500] (1228 bytes)09[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (108 bytes)09[ENC] parsed INFORMATIONAL_V1 request 1440918862 [ HASH N(DPD) ]09[IKE] queueing ISAKMP_DPD task09[IKE] delaying task initiation, QUICK_MODE exchange in progress09[NET] received packet: from <REMOTE_GATEWAY>[500] to <WAN_IP>[500] (364 bytes)09[ENC] invalid HASH_V1 payload length, decryption failed?09[ENC] could not decrypt payloads09[IKE] message parsing failed