Hot!Unable to establish connection to strongswan server

Author
maxxer
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/03/21 04:42:32
  • Status: offline
2021/02/28 19:56:42 (permalink) 6.0
0

Unable to establish connection to strongswan server

Hi.
I've a strongswan server and a Fortigate 50E device running v6.0.9. 
 
This is the configuration on the fortinet side

 
 
In strongswan I have:
config setup
        charondebug="ike 3, knl 3, cfg 3, net 3, esp 3, dmn 3, mgr 3"
        uniqueids=yes
        strictcrlpolicy=no
 

conn sts-base
    fragmentation=yes
    dpdaction=restart
    ike=aes256-sha256-modp3072
    esp=aes256-sha256
    keyingtries=%forever
    leftsubnet=172.16.12.0/24
    lifetime=86400

conn site-3-legacy-base
    keyexchange=ikev1
    rightid=L***
    also=sts-base
    ike=aes256-sha256-modp3072
    esp=aes256-sha256
    rightsubnet=192.168.4.0/24,192.168.5.0/24
    right=95.x.x.x
    leftauth=psk
    auto=start

 
In debug I have:

 
FGT-FgtIdentifier # ike 0:to VpnTunnelName:378: out 8AD3789557DB282D9AA1D56EDDD9184605100201000000000000006C6EFC8335B133C6267388C1A0BEB63B6A2CC4E120DE7627C9166D99AFF9EAE094E5368631BB2626D86B31FFED37F29DB6CC4E5D6B2E8B9A6FA79DF8FC03531CB7EB476EC1CE6240D586943E6A675E4695
ike 0:to VpnTunnelName:378: sent IKE msg (P1_RETRANSMIT): 192.168.1.2:4500->95.x.x.x:4500, len=108, id=8ad3789557db282d/9aa1d56eddd91846
ike 0: comes 62.11.245.232:500->192.168.1.2:500,ifindex=4....
ike 0: IKEv1 exchange=Identity Protection id=fc70f37fa6c9ee8d/0000000000000000 len=452
ike 0: in FC70F37FA6C9EE8D00000000000000000110020000000000000001C40D000154000000010000000100000148010100080300002801010000800B0001000C00040001518080010007800E008080030001800200048004000E0300002802010000800B0001000C00040001518080010007800E00808003000180020004800400050300002803010000800B0001000C00040001518080010007800E010080030001800200048004000E0300002804010000800B0001000C00040001518080010007800E01008003000180020004800400050300002805010000800B0001000C00040001518080010007800E008080030001800200028004000E0300002806010000800B0001000C00040001518080010007800E00808003000180020002800400050300002807010000800B0001000C00040001518080010007800E010080030001800200028004000E0000002808010000800B0001000C00040001518080010007800E01008003000180020002800400050D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: responder: main mode get 1st message...
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D3C0000000
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: VID FORTIGATE 8299031757A36082C6A621DE00000000
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: incoming proposal:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: proposal id = 0:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:   protocol id = ISAKMP:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      trans_id = KEY_IKE.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      encapsulation = IKE/none
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=128
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_HASH_ALG, val=SHA2_256.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_GROUP, val=MODP2048.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: ISAKMP SA lifetime=86400
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: proposal id = 0:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:   protocol id = ISAKMP:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      trans_id = KEY_IKE.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      encapsulation = IKE/none
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=128
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_HASH_ALG, val=SHA2_256.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_GROUP, val=MODP1536.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: ISAKMP SA lifetime=86400
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: proposal id = 0:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:   protocol id = ISAKMP:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      trans_id = KEY_IKE.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      encapsulation = IKE/none
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_HASH_ALG, val=SHA2_256.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_GROUP, val=MODP2048.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: ISAKMP SA lifetime=86400
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: proposal id = 0:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:   protocol id = ISAKMP:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      trans_id = KEY_IKE.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      encapsulation = IKE/none
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_HASH_ALG, val=SHA2_256.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_GROUP, val=MODP1536.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: ISAKMP SA lifetime=86400
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: proposal id = 0:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:   protocol id = ISAKMP:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      trans_id = KEY_IKE.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      encapsulation = IKE/none
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=128
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_HASH_ALG, val=SHA.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_GROUP, val=MODP2048.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: ISAKMP SA lifetime=86400
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: proposal id = 0:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:   protocol id = ISAKMP:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      trans_id = KEY_IKE.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      encapsulation = IKE/none
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=128
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_HASH_ALG, val=SHA.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_GROUP, val=MODP1536.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: ISAKMP SA lifetime=86400
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: proposal id = 0:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:   protocol id = ISAKMP:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      trans_id = KEY_IKE.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      encapsulation = IKE/none
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_HASH_ALG, val=SHA.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_GROUP, val=MODP2048.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: ISAKMP SA lifetime=86400
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: proposal id = 0:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:   protocol id = ISAKMP:
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      trans_id = KEY_IKE.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:      encapsulation = IKE/none
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_HASH_ALG, val=SHA.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383:         type=OAKLEY_GROUP, val=MODP1536.
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: ISAKMP SA lifetime=86400
ike 0:fc70f37fa6c9ee8d/0000000000000000:383: negotiation failure
ike Negotiate ISAKMP SA Error: ike 0:fc70f37fa6c9ee8d/0000000000000000:383: no SA proposal chosen
ike 0:to VpnTunnelName:378: negotiation timeout, deleting
ike 0:to VpnTunnelName: connection expiring due to phase1 down
ike 0:to VpnTunnelName: deleting
ike 0:to VpnTunnelName: deleted
ike 0:to VpnTunnelName: schedule auto-negotiate
ike 0:to VpnTunnelName: auto-negotiate connection
ike 0:to VpnTunnelName: created connection: 0x424aff8 4 192.168.1.2->95.x.x.x:500.
ike 0:to VpnTunnelName:384: initiator: main mode is sending 1st message...
ike 0:to VpnTunnelName:384: cookie c10b9be64dc0d904/0000000000000000
ike 0:to VpnTunnelName:384: out C10B9BE64DC0D90400000000000000000110020000000000000001240D00003C000000010000000100000030010100010000002801010000800B0001000C00040001518080010007800E010080030001800200048004000F0D0000144A131C81070358455C5728F20E95452F0D0000147D9419A65310CA6F2C179D9215529D560D000014CD60464335DF21F87CFDB2FC68B6A4480D00001490CB80913EBB696E086381B5EC427B1F0D00001416F6CA16E4A4066D83821A0F0AEAA8620D0000144485152D18B6BBCD0BE8A8469579DDCC0D000014AFCAD71368A1F1C96B8696FC775701000D0000144048B7D56EBCE88525E7DE7F00D6C2D30D0000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000000000148299031757A36082C6A621DE00000000
ike 0:to VpnTunnelName:384: sent IKE msg (ident_i1send): 192.168.1.2:500->95.x.x.x:500, len=292, id=c10b9be64dc0d904/0000000000000000
ike 0: comes 95.x.x.x:500->192.168.1.2:500,ifindex=4....
ike 0: IKEv1 exchange=Identity Protection id=c10b9be64dc0d904/589d6282b4f462c9 len=164
ike 0: in C10B9BE64DC0D904589D6282B4F462C90110020000000000000000A40D00003C00000001000000010000003001010001000000280101000080010007800E0100800200048004000F80030001800B0001000C0004000151800D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000184048B7D56EBCE88525E7DE7F00D6C2D380000000000000144A131C81070358455C5728F20E95452F
ike 0:to VpnTunnelName:384: initiator: main mode get 1st response...
ike 0:to VpnTunnelName:384: VID draft-ietf-ipsra-isakmp-xauth-06.txt 09002689DFD6B712
ike 0:to VpnTunnelName:384: VID DPD AFCAD71368A1F1C96B8696FC77570100
ike 0:to VpnTunnelName:384: DPD negotiated
ike 0:to VpnTunnelName:384: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000
ike 0:to VpnTunnelName:384: VID RFC 3947 4A131C81070358455C5728F20E95452F
ike 0:to VpnTunnelName:384: selected NAT-T version: RFC 3947
ike 0:to VpnTunnelName:384: negotiation result
ike 0:to VpnTunnelName:384: proposal id = 1:
ike 0:to VpnTunnelName:384:   protocol id = ISAKMP:
ike 0:to VpnTunnelName:384:      trans_id = KEY_IKE.
ike 0:to VpnTunnelName:384:      encapsulation = IKE/none
ike 0:to VpnTunnelName:384:         type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256
ike 0:to VpnTunnelName:384:         type=OAKLEY_HASH_ALG, val=SHA2_256.
ike 0:to VpnTunnelName:384:         type=AUTH_METHOD, val=PRESHARED_KEY.
ike 0:to VpnTunnelName:384:         type=OAKLEY_GROUP, val=MODP3072.
ike 0:to VpnTunnelName:384: ISAKMP SA lifetime=86400
ike 0:to VpnTunnelName:384: out C10B9BE64DC0D904589D6282B4F462C90410020000000000000001FC0A000184FD41F812E5C6DE946C198E07D71ED83CA1AB034F7AC7EA9C9DB184B2B0D2C35C8C2BEB7E6B298B87A5736D8344DDA782E3D813DE08FA8FD8423892B18F10E9DD24C23C81AB9C0BF5A56DEE1D0577CB4B0161A7CB88832FB484C4433B3FB20386EEFABCFCF0B862C61EA21EB6783EAE9A2C11156BC929113D2A5A9FB9D4DF7D8B09B26EC447FAA35219E95CF5D6436F68379BA3CA42E10C06B9924EF3CAF6EEACB95EFC2781FBBD4AC29C4C11426BCB28AFCF87D0B448A2B265322612526B56AED5192548CD958565FB5DC7036E6A953B7A99BDC5DB3DEE1A1E4008EA20E44BAF8C2BDB4DEC62DFADF29B1587A1C42429711694EA0F6E702DB541C08D3E40A1A7D089EF57A1CCBD6AC286D79927306533A2DB587990C0FCE20010A12A826218CEDA95EEBE08AB4623479C0A699284D4EF602EB8855B88040F117E10AB3F18A065759DBF31C359622F2A52500988D7F9FE1D3569CC49070387B05A289B3DA8443F7DAFFF248064B2687503E81E4DDA38478659A53DD15D35EA326B4F90AC7821DC14000014659CD5B151F1779BA7C8D21003510EB6140000247CA2BC74DD9D1E4D89993957656B637ECB524C9E69117E86ED55949C6C3DB0260000002488B2BA8589F1C3AE72E9E5EEC659F89AE235D2451581D4A6820F1E1FC73EB8BE
ike 0:to VpnTunnelName:384: sent IKE msg (ident_i2send): 192.168.1.2:500->95.x.x.x:500, len=508, id=c10b9be64dc0d904/589d6282b4f462c9
ike 0: comes 95.x.x.x:500->192.168.1.2:500,ifindex=4....
ike 0: IKEv1 exchange=Identity Protection id=c10b9be64dc0d904/589d6282b4f462c9 len=524
ike 0: in C10B9BE64DC0D904589D6282B4F462C904100200000000000000020C0A00018494E5DE50E190B4D173E52E36616C64FEF471C0F85ACB206E8A76B32B425E35326F27ACF0C57CA5E6F50951E72E67F0798CEFA5525A40D6B4EBBCD7BD028EDF39A72DAA9B0D0D274A9DF0B21D37D72E03B9E188F08FD3C56E33CC1772AEF96B809CA4372FA9D1B3D0815722035722C85DC7B7CCDB96FF7D713A30327FAF173D8934B9D484D4F009A458A48A943D7B1A49F056E25E398A43832474F776339AB55D9298F0E15F79B14619882B8AD3B86094F04507A06FC651256ABEF72F090E5579EE9D138314A7F8C2184EBB68526149F2F375224B825CD78553E2089F00D60460A36F76EC46FE8B5B17EA07E15AC4FB8F79D3221ABD2FA47F0524AF025DB15A32B67EBC1D07996E62FE0FA1379DC320D54AFF6A0DA4EFE2EEAE112529F3103B8F49A524DBB9C9C4D72194E6B4CC002067F79337B46B365F5C95CD537EE18C4F41A947D641516023D7A705159BC61D109710FA6A5B20C99F87CC9CC0BE736EAA178E0D07B3282D669901298B40CD24C7EBBA64A72989441A9CE1E33DAFC57915A414000024965FEDABF0477240EAEA804FF51B9AE8ED87EF3B4C689DC2A192836D98440226140000241DC24402C80C6E7F1EA2A5EFACD8CD9684DDB75D14C9608C931254AF4D6A8E73000000247CA2BC74DD9D1E4D89993957656B637ECB524C9E69117E86ED55949C6C3DB026
ike 0:to VpnTunnelName:384: initiator: main mode get 2nd response...
ike 0:to VpnTunnelName:384: received NAT-D payload type 20
ike 0:to VpnTunnelName:384: received NAT-D payload type 20
ike 0:to VpnTunnelName:384: NAT detected: ME
ike 0:to VpnTunnelName:384: NAT-T float port 4500
ike 0:to VpnTunnelName:384: ISAKMP SA c10b9be64dc0d904/589d6282b4f462c9 key 32:A14C8EA6DCB45DD9A940941BDB0342AFB8D00E8153BC9EEABB117532FE53E6D0
ike 0:to VpnTunnelName:384: add INITIAL-CONTACT
ike 0:to VpnTunnelName:384: enc C10B9BE64DC0D904589D6282B4F462C905100201000000000000006B0800000F020000004C6F63616E64610B0000240E2C5E431EDC18A1A71432A2D63F3A735CF38FF3B15088600EA1C4DFA8DBAE540000001C0000000101106002C10B9BE64DC0D904589D6282B4F462C9
ike 0:to VpnTunnelName:384: out C10B9BE64DC0D904589D6282B4F462C905100201000000000000006C0A9523A71AA4D181655F68680E687AAE143646431BCF52A9AAE986F371BD20D0165F406F6525CE7BD4E99E87756AE721C2EA71E8B0D76B6DDAA3BAE63545FE806E4DABC6DBF23D09165665B8EBA17F4B
ike 0:to VpnTunnelName:384: sent IKE msg (ident_i3send): 192.168.1.2:4500->95.x.x.x:4500, len=108, id=c10b9be64dc0d904/589d6282b4f462c9
ike 0: comes 95.x.x.x:4500->192.168.1.2:4500,ifindex=4....
ike 0: IKEv1 exchange=Informational id=c10b9be64dc0d904/589d6282b4f462c9:3401b0f7 len=108
ike 0: in C10B9BE64DC0D904589D6282B4F462C9081005013401B0F70000006CCBD929F01609C09C15FB168C6027327324BD1D6560143B39C69FF01070831099C7520EDB88EBF51AC8CF9AFF5A8649CECE18DADC661F7EB7698D90A5ECEC8DB81EC258089F8E48EEBB2313BE63C33FF5
 
 
 

 
I don't get why I get all proposals with id = 0.
Also those combinations are not offered by the server... Why? thanks
post edited by maxxer - 2021/02/28 19:58:14

Attached Image(s)

#1

3 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 6097
    • Scores: 414
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    Re: Unable to establish connection to strongswan server 2021/03/01 01:41:21 (permalink)
    0
    Okay my observations;
     
    1:I would not use modulus3072. It's rarely supported or even used . DHGRP 14 would be much better supported
     
    2: I would not do your "conn"s like what you. I'm even surprised that would work but here's what I would do.
     
    # move the common stuff to base
    #
    conn sts-base
        keyexchange=ikev1
        fragmentation=yes
        dpdaction=restart
        ike=aes256-sha256-modp3072
        esp=aes256-sha256
        keyingtries=%forever
        leftsubnet=172.16.12.0/24
        lifetime=86400
        leftauth=psk
        righid=L****
        auto=start
        right=95.x.x.x
     
    # define your phase2 and associate to base 
    #
    #
    conn site-3-1
        also=sts-base
        leftsubnet=172.16.12.0/24
        rightsubnet=192.168.4.0/24
     
    conn site-3-2
        also=sts-base
        leftsubnet=172.16.12.0/24
        rightsubnet=192.168.5.0/24
     
    make sure if iptables  or firewalld is used to have a policy   in the IN/OUT chain and for IKE
     
    Now your gui screen shot is not showing the whole picture so here's a cli format of the match 
    fortios cfg
     
     
    config vpn ipsec phase1-interface
        edit "sts-base"
            set interface "wan1". # put the correct public facing interfaces here
            set peertype any
            set net-device disable
            set proposal aes256-sha256
            set dhgrp 16
            set remote remote-gw "strongswan public-ip"
            set psksecret   "match ipsec.secrets    x.x.x.x  : PSK "
        next
    end
    config vpn ipsec phase2-interface
        edit "site-3-1"
            set phase1name "sts-base"
            set keylifeseconds 3600
            set keepalive enable
            set src-subnet 192.168.4.0/24
            set dst-subnet 172.16.12.0/24
        next
        edit "site-3-2"
            set phase1name "sts-base"
            set keepalive enable
            set keylifeseconds 3600
            set src-subnet 192.168.5.0/24
            set dst-subnet 172.16.12.0/24
        next
    end
     
    Make sure to have a route and policy 
     
     
    Try that and if you still get errors, change dhgrp16 to dhgrp14 ( mod2048 )  , and see if that cleans up the connection.
     
    strongswan
    /*  or strongswan status  statusall */
     
     ipsec status
     ipsec statusall
     
    fortios
     
     diag vpn ike gateway
     dag vpn tunnel list
     
    Also, I would look at Fortios6.2 as an upgrade direction at some future time.
     
    Ken Felix

    PCNSE 
    NSE 
    StrongSwan  
    #2
    maxxer
    New Member
    • Total Posts : 8
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/03/21 04:42:32
    • Status: offline
    Re: Unable to establish connection to strongswan server 2021/03/01 23:33:32 (permalink)
    0
    Thank you very much for your reply.
     
    I picked the configuration from Strongswan examples. Also I found there are these limitations, that's why I did a single ipsec config with both subnets.
     
    I will try a fresh config based on your suggestions, will let you know.
    Thanks again
     
    P.S. yes I am going to update to 6.2 as soon as I can get a timeslot for it
    #3
    maxxer
    New Member
    • Total Posts : 8
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/03/21 04:42:32
    • Status: offline
    Re: Unable to establish connection to strongswan server 2021/05/04 09:31:40 (permalink)
    0
    I finally was able to have a look at this again... Unfortunately without success.
     
    I did some minor changes to your config:
    * used rightid and set the corresponding on the firewall
    * had to omit set net-device disable because the device I'm currently testing on runs 6.0.2 (not upgraded yet)
    * if I got it correctly there's a mismatch between the two dh key groups. Anyway I tried all from 14 to 16 (modp2048 to modp4096)
    * for failsafe I added both IP and ID in the secrets file... As I often had messages of secret not found on strongswan
     
    Anyway I'm still stuck and unable to figure out what's wrong.
     
    Thanks again for your feedback and support.
     
    I'm posting all the relevant debug info.

    # ipsec statusall
    Status of IKE charon daemon (strongSwan 5.6.2, Linux 4.15.0-123-generic, x86_64):
      uptime: 42 seconds, since May 04 17:17:19 2021
      malloc: sbrk 2342912, mmap 532480, used 1437152, free 905760
      worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 1
      loaded plugins: charon test-vectors unbound ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey dnscert ipseckey pem openssl gcrypt af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ctr ccm gcm ntru bliss curl soup mysql sqlite attr kernel-netlink resolve socket-default connmark farp stroke vici updown eap-identity eap-sim eap-sim-pcsc eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam xauth-noauth tnc-tnccs tnccs-20 tnccs-11 tnccs-dynamic dhcp whitelist lookip error-notify certexpire led radattr addrblock unity counters
    Listening IP addresses:
      STRONGSWAN_IP
      172.32.1.5
    Connections:
        sts-base:  %any...FORTINET_PUBLIC_IP  IKEv1, dpddelay=30s
        sts-base:   local:  [STRONGSWAN_IP] uses pre-shared key authentication
        sts-base:   remote: [FORTINET_PUBLIC_IP] uses pre-shared key authentication
        sts-base:   child:  172.32.1.0/24 === dynamic TUNNEL, dpdaction=restart
        site-3-1:   child:  172.32.1.0/24 === 192.168.8.0/24 TUNNEL, dpdaction=restart
        site-3-2:   child:  172.32.1.0/24 === 192.168.9.0/24 TUNNEL, dpdaction=restart
    Security Associations (0 up, 0 connecting):
      none

    # cat /etc/ipsec.conf
    conn sts-base
        keyexchange=ikev1
        fragmentation=yes
        dpdaction=restart
        ike=aes256-sha256-modp3072
        esp=aes256-sha256
        keyingtries=%forever
        leftsubnet=172.32.1.0/24
        lifetime=86400
        leftauth=psk
        rightauth=psk
        righid=Identifier01
        auto=start
        right=FORTINET_PUBLIC_IP

    # define your phase2 and associate to base
    conn site-3-1
        also=sts-base
        leftsubnet=172.32.1.0/24
        rightsubnet=192.168.8.0/24

    conn site-3-2
        also=sts-base
        leftsubnet=172.32.1.0/24
        rightsubnet=192.168.9.0/24

    # cat /etc/ipsec.secrets
    FORTINET_PUBLIC_IP : PSK 'abc#qk!'
    Identifier01 : PSK 'abc#qk!'


    # syslog
    May  4 17:17:20 vpn01 systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf.
    May  4 17:17:20 vpn01 charon: 10[NET] received packet: from FORTINET_PUBLIC_IP[500] to STRONGSWAN_IP[500] (292 bytes)
    May  4 17:17:20 vpn01 charon: 10[ENC] parsed ID_PROT request 0 [ SA V V V V V V V V V V ]
    May  4 17:17:20 vpn01 charon: 10[IKE] received NAT-T (RFC 3947) vendor ID
    May  4 17:17:20 vpn01 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
    May  4 17:17:20 vpn01 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
    May  4 17:17:20 vpn01 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    May  4 17:17:20 vpn01 charon: 10[ENC] received unknown vendor ID: 16:f6:ca:16:e4:a4:06:6d:83:82:1a:0f:0a:ea:a8:62
    May  4 17:17:20 vpn01 charon: 10[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
    May  4 17:17:20 vpn01 charon: 10[IKE] received DPD vendor ID
    May  4 17:17:20 vpn01 charon: 10[IKE] received FRAGMENTATION vendor ID
    May  4 17:17:20 vpn01 charon: 10[IKE] received FRAGMENTATION vendor ID
    May  4 17:17:20 vpn01 charon: 10[ENC] received unknown vendor ID: 82:99:03:17:57:a3:60:82:c6:a6:21:de:00:00:00:00
    May  4 17:17:20 vpn01 charon: 10[IKE] FORTINET_PUBLIC_IP is initiating a Main Mode IKE_SA
    May  4 17:17:20 vpn01 charon: 10[ENC] generating ID_PROT response 0 [ SA V V V V ]
    May  4 17:17:20 vpn01 charon: 10[NET] sending packet: from STRONGSWAN_IP[500] to FORTINET_PUBLIC_IP[500] (164 bytes)
    May  4 17:17:20 vpn01 charon: 09[NET] received packet: from FORTINET_PUBLIC_IP[500] to STRONGSWAN_IP[500] (508 bytes)
    May  4 17:17:20 vpn01 charon: 09[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
    May  4 17:17:20 vpn01 charon: 09[IKE] remote host is behind NAT
    May  4 17:17:20 vpn01 charon: 09[ENC] generating ID_PROT response 0 [ KE No NAT-D NAT-D ]
    May  4 17:17:20 vpn01 charon: 09[NET] sending packet: from STRONGSWAN_IP[500] to FORTINET_PUBLIC_IP[500] (524 bytes)
    May  4 17:17:20 vpn01 charon: 12[NET] received packet: from FORTINET_PUBLIC_IP[4500] to STRONGSWAN_IP[4500] (108 bytes)
    May  4 17:17:20 vpn01 charon: 12[ENC] parsed ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    May  4 17:17:20 vpn01 charon: 12[CFG] looking for pre-shared key peer configs matching STRONGSWAN_IP...FORTINET_PUBLIC_IP[Identifier01]
    May  4 17:17:20 vpn01 charon: 12[IKE] no peer config found
    May  4 17:17:20 vpn01 charon: 12[ENC] generating INFORMATIONAL_V1 request 3067967679 [ HASH N(AUTH_FAILED) ]
    May  4 17:17:20 vpn01 charon: 12[NET] sending packet: from STRONGSWAN_IP[4500] to FORTINET_PUBLIC_IP[4500] (108 bytes)


    # config
    config vpn ipsec phase1-interface
        edit "sts-base"
            set interface "wan1"
            set peertype any
            set proposal aes256-sha256
            set localid "Identifier01"
            set dhgrp 15
            set remote-gw STRONGSWAN_IP
            set psksecret ENC X+abc==
        next
    end
    config vpn ipsec phase2-interface
        edit "site-3-1"
            set phase1name "sts-base"
            set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
            set keepalive enable
            set keylifeseconds 3600
            set src-subnet 192.168.8.0 255.255.255.0
            set dst-subnet 172.32.1.0 255.255.255.0
        next
        edit "site-3-2"
            set phase1name "sts-base"
            set proposal aes128-sha1 aes256-sha1 aes128-sha256 aes256-sha256 aes128gcm aes256gcm chacha20poly1305
            set keepalive enable
            set keylifeseconds 3600
            set src-subnet 192.168.9.0 255.255.255.0
            set dst-subnet 172.32.1.0 255.255.255.0
        next
    end

    # get vpn ipsec tunnel summary
    'sts-base' STRONGSWAN_IP:0  selectors(total,up): 2/0  rx(pkt,err): 0/0  tx(pkt,err): 0/1


    # Fortinet debug

    FGT-Identifier01 # ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=2761fa9214821b47/0000000000000000 len=240
    ike 0: in 2761FA9214821B4700000000000000000110020000000000000000F00D00007400000001000000010000006800010003030000240101000080010007800E0100800200048004000F80030001800B0001800C2A30030000240201000080010007800E0080800200048004001380030001800B0001800C2A3000000018030100008004001380030001800B0001800C2A300D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000184048B7D56EBCE88525E7DE7F00D6C2D3800000000D0000144A131C81070358455C5728F20E95452F0000001490CB80913EBB696E086381B5EC427B1F
    ike 0:2761fa9214821b47/0000000000000000:2778: responder: main mode get 1st message...
    ike 0:2761fa9214821b47/0000000000000000:2778: VID draft-ietf-ipsra-isakmp-xauth-06.txt 09002689DFD6B712
    ike 0:2761fa9214821b47/0000000000000000:2778: VID DPD AFCAD71368A1F1C96B8696FC77570100
    ike 0:2761fa9214821b47/0000000000000000:2778: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000
    ike 0:2761fa9214821b47/0000000000000000:2778: VID RFC 3947 4A131C81070358455C5728F20E95452F
    ike 0:2761fa9214821b47/0000000000000000:2778: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F
    ike 0:2761fa9214821b47/0000000000000000:2778: negotiation result
    ike 0:2761fa9214821b47/0000000000000000:2778: proposal id = 1:
    ike 0:2761fa9214821b47/0000000000000000:2778:   protocol id = ISAKMP:
    ike 0:2761fa9214821b47/0000000000000000:2778:      trans_id = KEY_IKE.
    ike 0:2761fa9214821b47/0000000000000000:2778:      encapsulation = IKE/none
    ike 0:2761fa9214821b47/0000000000000000:2778:         type=OAKLEY_ENCRYPT_ALG, val=AES_CBC, key-len=256
    ike 0:2761fa9214821b47/0000000000000000:2778:         type=OAKLEY_HASH_ALG, val=SHA2_256.
    ike 0:2761fa9214821b47/0000000000000000:2778:         type=AUTH_METHOD, val=PRESHARED_KEY.
    ike 0:2761fa9214821b47/0000000000000000:2778:         type=OAKLEY_GROUP, val=MODP3072.
    ike 0:2761fa9214821b47/0000000000000000:2778: ISAKMP SA lifetime=86400
    ike 0:2761fa9214821b47/0000000000000000:2778: SA proposal chosen, matched gateway sts-base
    ike 0: found sts-base 192.168.1.2 4 -> STRONGSWAN_IP:500
    ike 0:sts-base:2778: selected NAT-T version: RFC 3947
    ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=2761fa9214821b47/afc986d6414ec9a6 len=524
    ike 0: in 2761FA9214821B47AFC986D6414EC9A604100200000000000000020C0A0001843D54D76780834DE893553E821E8361BA6BE1E595E353DFAA2DBF4350965D69007FA402C0E89C215179F0893E0B5B0A8ED54FE3C785EC56BC598BF9DFD6536357B2612DAD10027EA897704D7E25F4874CF611C76C439996CA19001F1A4E40A7D013151BD064A4907B2875E77E50A2850A8633E6460AD31B23B83D94368D4DB67FD214C2AF6A7E1CBBB4B663BD662EF01D6F13BCE04674E1A9E231206CE114953D9A2B9A8A08D6214BFE629766884D761032914496BB121FEED5761B8C00DD97482013B4FB339C045FBABF0C2854640625AB94716298245D98157F97C34489D2EAB7A7B6DA32FA3613C04DFCDF4D8B1BF10CAE946DF4E4455972BA2F5232E8BAC7ECFE528BEA7D2EEA3BD383DE25156D2C6ED6195A0AAE8945D79ACC0E695C093E583CF52F743D5A237B57089BF8E5B502CE99140BAE2D0D2065169CBC108A4A96252B66F588BF953ADE308A22E3A4978AD034DB9F2AC370445EAA2F6ED2A29FBF314EF804C3452C75C64DF1E68B407965F278D309BB4E48593888B8EC5F7CCDC1140000248BB8E738AA6817004D681761AF4C75F433BC57EA0FF22FAA283D025C3CEB940D140000243C61D277D269F273784438A2C09D1885B1FA2BDB61B973EA0C546385F44788FF000000244C928931AECAC3D95620C9F351040AD13467D00F6FD1CCFEF8693A92D9B86426
    ike 0: comes STRONGSWAN_IP:4500->192.168.1.2:4500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=2761fa9214821b47/afc986d6414ec9a6 len=108
    ike 0: in 2761FA9214821B47AFC986D6414EC9A605100201000000000000006C0447B06DBEF21E97290F734027CFD481273710E21D9DB94136BED68A3B9A9DE5F78C82CF2543B94AD13C80C9370B94F184FD2463CAAFBCE575CD68564C8D33F278D203D6C2F1F9028A9C628665751DAA
    ike 0:sts-base: carrier up
    ike 0: comes STRONGSWAN_IP:4500->192.168.1.2:4500,ifindex=4....
    ike 0: IKEv1 exchange=Informational id=2761fa9214821b47/afc986d6414ec9a6:3168e506 len=108
    ike 0: in 2761FA9214821B47AFC986D6414EC9A6081005013168E5060000006C53E0BF94246E8A781E8AFFAB109D1E03190B8F91471F39CE2965023CFA102248C36E77963E693866442BEC56550C52A982B1C49DA6DA4BF40020316C8687BD84652B56B101CA1F5FAF06AE36A6096BCD
    ike 0:sts-base: carrier down
    ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=52ee2e43b9d233cc/aa83ea66bf3f46b3 len=164
    ike 0: in 52EE2E43B9D233CCAA83EA66BF3F46B30110020000000000000000A40D00003C00000001000000010000003001010001000000280101000080010007800E0100800200048004000F80030001800B0001000C0004000151800D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000184048B7D56EBCE88525E7DE7F00D6C2D380000000000000144A131C81070358455C5728F20E95452F
    ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=52ee2e43b9d233cc/aa83ea66bf3f46b3 len=524
    ike 0: in 52EE2E43B9D233CCAA83EA66BF3F46B304100200000000000000020C0A0001842A606D3EC584B8DEED2D2D0AEE5CCCB4C79765065B9D5A785718DDC0F65A8C0202869924CEF9821A5592C121F2BCB041292EE8FB535D7F90C5127FB9083B3ADEA3AA781378804A5CFFEBD9AC291A2F25C222C6F88FA9CF34F2E389F34AD0AD1D05296F11D518B6FFD4515C1BDBFC0B7DDB6368561B1483256C93446E8037156F7DF25DB52C1C2438DEBE1080BFC6036FBC9F14AE909F7B88D0E62821D48AC8989D0B2C2818EE0758D07B68AC73A8343F9CB14B3F94B027CE24E6EA0348DC9B03B5A25CBC891454FE4C86963E44E0CC7EA22E1E06AB138678713BBF7A3BC21B031346F5754E96F032EE2811C20B2E973F5C80E92B3F6C3067DAE94CE1EEBEE84458BEE2DEE662D0C4BFE13D5D87A6BEC9C7601C6BD4460D8690C8849C0E6DE3BAFF50C82CBCE4A39FB4C0EFC010FB7F220C65C7B54FE493E933176C6EDF1D65A37B86E5C8B8385AE4A7EA3242A99420421810D55AD74B4F9975E355F230BFF784F038B11710F7725E3E1C03E8127BF1D891D94A34C83F69F958B23E74FB25BFD814000024C6B35B611576DD0863B652897E8736DD0B2BE054E44B57524B30FD1ABC468B791400002440FCC410B275922E2EA93AE307E68EBC56C9CE92C27DC46B65FF6D4C6DCA141D0000002489A69CD4B2309AA9A5B9DFEA6C94186D2AFB3100B1788173B9CBA965E1BF3142
    ike 0: comes STRONGSWAN_IP:4500->192.168.1.2:4500,ifindex=4....
    ike 0: IKEv1 exchange=Informational id=52ee2e43b9d233cc/aa83ea66bf3f46b3:b6dd78bf len=108
    ike 0: in 52EE2E43B9D233CCAA83EA66BF3F46B308100501B6DD78BF0000006CBFE53268A6CC52F6C88E7CF954624FF512A38B6211012D2DD6E0F88B4F2B8EAA8D1D69B86C45D8DCCE2D474ABBB7DCEBE63C8F66F2D14BAA862B84DD76761BEF708F912A5A4B2EBE73E8B50C2BF4B156
    ike shrank heap by 126976 bytes
    ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=38a5b41bfa29f04e/a41b8884f4e89d6a len=164
    ike 0: in 38A5B41BFA29F04EA41B8884F4E89D6A0110020000000000000000A40D00003C00000001000000010000003001010001000000280101000080010007800E0100800200048004000F80030001800B0001000C0004000151800D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000184048B7D56EBCE88525E7DE7F00D6C2D380000000000000144A131C81070358455C5728F20E95452F
    ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=38a5b41bfa29f04e/a41b8884f4e89d6a len=524
    ike 0: in 38A5B41BFA29F04EA41B8884F4E89D6A04100200000000000000020C0A000184D698447D928913E530494E0935AE4266268A6A80731D3CE62C41FA9D233C17EB3941A8EFEA435BF4FCDA37E302E93372CACB3770F16C8981866690539806A8B135EEF7C0FAF7A65874CF02E3A8438C7A969188A11EE5086BE0ADEFF3145880F6CA3C7EF1D1912470F31B81DCE483B3A20632089D510BEA4AA955801CFAECD3B28F733B954E51D75309C1B0DCCB95BDF873979A7EA580486B1326646656B61AD2D764857F3834A39EC56823C5F765171CB38B1BBB333C85D25831C50D0A37FC0BB016838ACC83454B6E6B0D0CF42110AD81E94B2D42FB58AC203654768A70AA7CBF5208973DB50A8D0A0A3ECBF2734D43636819AD2692D3538E6AC698E23A416D07C4EF9BB2D9130F92B95938157EA90CDDB609D315BDA61326D37914E8100DC8FE7B248C52A1187C4CC1BB7D47EA47E74AD14B0C007E3BC106FD704AA64F30D29CA16BE6ED952FB6E6E95DB7CDB3C35344CC3D3B9E7EF8583DAFF2CB949B16B915FB6587321151A1A5143C139ECFE0AB7713A805485D4A0153022F78F34D64AB140000247E717AE82180E48827DD375194B620813E1DEC07E33653ABD142180EB229B8EF140000247584901C074A7A306E0D0FFD6F1C02B68AA4A6A8767CED00C43BA3C8DD2BD1F2000000243358CE1CC6ADE045B3D4832B923682F702E30893844A10E32603A77848D2F746
    ike 0: comes STRONGSWAN_IP:4500->192.168.1.2:4500,ifindex=4....
    ike 0: IKEv1 exchange=Informational id=38a5b41bfa29f04e/a41b8884f4e89d6a:8f8dece2 len=108
    ike 0: in 38A5B41BFA29F04EA41B8884F4E89D6A081005018F8DECE20000006CDB395C20A27369C90BCC862D20257E46D57CC77E22B3CBF47D7EECFB8115158989169C001E50B182249500233F4DCEFC929555E0D53150A84F8C192646F84C5EA2D848CE2029B90E4BABCBDF55CBAFDE
    ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=dd22d4d8e3e615ad/a764fe7b215be79b len=164
    ike 0: in DD22D4D8E3E615ADA764FE7B215BE79B0110020000000000000000A40D00003C00000001000000010000003001010001000000280101000080010007800E0100800200048004000F80030001800B0001000C0004000151800D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000184048B7D56EBCE88525E7DE7F00D6C2D380000000000000144A131C81070358455C5728F20E95452F
    ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=dd22d4d8e3e615ad/a764fe7b215be79b len=524
    ike 0: in DD22D4D8E3E615ADA764FE7B215BE79B04100200000000000000020C0A000184E928C51D373B739956D2E58A80754D87B63926E167780EEB3A0588A4DE97537321134A022043189663FFA3D54ECAB6F2B04079164C5557A72422F2BFFD0D7F88B075BFE54BC06B722AFA67A1C1216A96A0320B0C03D324E799DE7ED23B455F21D18D3BFAB2033C9533D0E4E599E57F3CD18055EE45422D844590A040A3D27174C1FF742F5C712D525B652B3507FA7C6A94D50C4A90A92005CA9D7990AC76930C0B04CA43104DE074DC5FA8BED124235EF7DFE374E19C74F59C4E6763E1CF43FE8E3930F98BC31895D83C79F9E87A635EB83FBAF8CAD8AE2FD11CC702786A16A3AE9F7A98E5A134C68EDC8AE7ED4212E9D1A3E443EE6B06835457BD658C9FA23926F2579FA1672B093D17C5827CA85A87F7833F0FDA6D0E4B84EA23E08F5BC1816A62D4EC2D871438FE14CEE6138E6B1338282DA280684838772279893EABC14BBA2C890009745077882EDE3D6E5C37B8B96F1E32AA26473151FD569994E67627397F095CC97D2BF6B1F4D26D71CF207C2AABEDF4381DED43A62248339BD2C8E714000024194E6CAE3CF25FF7026DBFB0584CD758302827A9A1B2D2EE4FD735F09CBB49C31400002455EB83D915DCBE62F857EE90BD7E0150B00D21A0109E9C83216190B7809200B3000000241CF888C525D70D445322785726C3513E271BEBD8288C1BB0627F64236F32C601
    ike 0: comes STRONGSWAN_IP:4500->192.168.1.2:4500,ifindex=4....
    ike 0: IKEv1 exchange=Informational id=dd22d4d8e3e615ad/a764fe7b215be79b:bdacbbe6 len=108
    ike 0: in DD22D4D8E3E615ADA764FE7B215BE79B08100501BDACBBE60000006C029416414DB3DB915970AFD1967D1F08C303529FE2587D4057FCE113639024FAD4CCFCD5B9B27EC1FA75215027C757D3E874D90207868B383AD838E8EA8454377C492923D7C2AB517D19A270DA2831FA
    ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=4c829109074c5d68/7600779e229a9719 len=164
    ike 0: in 4C829109074C5D687600779E229A97190110020000000000000000A40D00003C00000001000000010000003001010001000000280101000080010007800E0100800200048004000F80030001800B0001000C0004000151800D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000184048B7D56EBCE88525E7DE7F00D6C2D380000000000000144A131C81070358455C5728F20E95452F
    ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=4c829109074c5d68/7600779e229a9719 len=524
    ike 0: in 4C829109074C5D687600779E229A971904100200000000000000020C0A00018400E0065CBBDD60889126B647A229478D85500A9BB315BA24298F45D0C22F0285E18B7A3D70CC627B735A80D7DD8EDC0B586D7FEF79BA9E3C5726DDA3B5F70561A4F9FB2F887E25F6A3A9C8B11C93174B3287479A0F0F66EF14E810E0D059F2DC78F86601F12405E39DC92A445159D102403DF3B73024389B6EE9AFBBDBD85F81C0BB1DABF7F24F9AAA676059093DEA0C08A6B95DC6F05A41B687AF541A50CF085C1002B6BEA682A0475C4509F75FBAD5E317359246D95D0654C8263B657BE30499731BC217234C502289617B8A38F19E785E9780CE516DE151A066FEF43F7B6E1AED6C1A5502AA2D3605EBB2D59977B5B9D5D21EA09B46E8645AE420427B231A6706E03F1D6AC97D7FBA53E1A1AAA4E5BFAC4924481C0B18D85A365AE2AF36313A20D652BA94867720C44BF6797AB537FE6E58A6A01562194A72A7F9DB6D2F04648A1BCE0D94B0535D0AB75BF6FB2076598F747E8827840CCBC6D5CD3A34B7CF49B72CA60FE345B320F0E4CBFEB36786AA2412622A0281E4775AE7D417FD40BF14000024B052A17B6026C487DA5259AB3161B95D274F076FE1B21EB2C4F64667671FD418140000247D02CCF72035BEEA9E42A44B81D29567D18DAFA09C24DF119C799711582B2A5B00000024444F7CA0F2821C191424D786289772F219EBDC5D756692DBCF01A5195FC731BF
    ike 0: comes STRONGSWAN_IP:4500->192.168.1.2:4500,ifindex=4....
    ike 0: IKEv1 exchange=Informational id=4c829109074c5d68/7600779e229a9719:070f32a5 len=108
    ike 0: in 4C829109074C5D687600779E229A971908100501070F32A50000006C69771E04AB6DAB20CB042C65E7175228021CB49892566C9E6C6708D9086873925E1D41362C59785D9C0C26F8691BF19EBEDED75A20547B861E5CC40F1F3D6FE5A0F903C4003BE64985ED64E50AC40CBB
    ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=98475cd064d39e86/8f8caccf85271506 len=164
    ike 0: in 98475CD064D39E868F8CACCF852715060110020000000000000000A40D00003C00000001000000010000003001010001000000280101000080010007800E0100800200048004000F80030001800B0001000C0004000151800D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000184048B7D56EBCE88525E7DE7F00D6C2D380000000000000144A131C81070358455C5728F20E95452F
    ike 0: comes STRONGSWAN_IP:500->192.168.1.2:500,ifindex=4....
    ike 0: IKEv1 exchange=Identity Protection id=98475cd064d39e86/8f8caccf85271506 len=524
    ike 0: in 98475CD064D39E868F8CACCF8527150604100200000000000000020C0A0001840B90F73080457F6CC0C1AC47812D6590739364259B4E47687863C6433A7C23EA8AF5554CFEFC8429C432E496B71E163D01C7D53EED1927BEC0C81BA2D85BEF693DED68CF4B7B70EDCBF1C4F11F6DF13BCE0C74BEAA249E4051122C330022215F75BF853EED6213E1D3A896B5FE8AE689E175B596EDF24FE17D15847ED3506F900896DDE70DF3CB69286C902DF4975AA631DF7327153B92DBF5D1DDABFF0F346DD715B1FFD851B1A0ABA42FACE84DCF84D97B6F88750FF7D233D7DAD735FB0FE79FA77AF330AC3C71F3B60B312ED06644C3AD4034244417F3416F8B13B93A64E00FB7F68F975FC427660FA5ED01C56746E58EBBF036FC97137E20FD76B56273696A727C8C7492A6E9B37AFFB608E031BEC8F8BDC7C76BD03BB9ADC6C5B183E3A837C19CD7BD43C4F7F13D674A471A15A9F4C2C3D0EFD3B576CB58C8C599801C44C806393CCA1F64D197C01878AD72C4BF97D02218AE34360002D3EE9793542A96BE47B386E9D8E6DA207AFEFCD6862B716F6BA5F4BF8ED370D39DE503C5D2337614000024E5611363F7DC41FCB846DEDA48C81C6427DE3A277B2F998EE20A769DCFBECD6B14000024913E75C90C4D9455FBED7AC95BCA0BF446849B9FA3D7A9BE5725695C01B877180000002401A6C6496CC769454448B184423B2E9A22BDB67B25EE559A007EE27DE434DCAA
    ike 0: comes STRONGSWAN_IP:4500->192.168.1.2:4500,ifindex=4....
    ike 0: IKEv1 exchange=Informational id=98475cd064d39e86/8f8caccf85271506:3ea3779e len=108
    ike 0: in 98475CD064D39E868F8CACCF85271506081005013EA3779E0000006C0D3ED58B1271FC88583F7BFE5D08D9B16A781DF3F2F15C2F427515291C2B2E474A08F05F3833716C44CDE01FE79E9DB937BCD55863E34481891100A2869F7D072CBA93AC7BB0C2371FF602C6B5D7441E

    #4
    Jump to:
    © 2021 APG vNext Commercial Version 5.5