FransUrbo/gist:2cc5104fded000edfeae4154b30fdac9

## gistfile1.txt
** CLIENT **
root@raspberrypi:~# ipsec up company
initiating IKE_SA company[13] to VPN_IP
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
sending packet: from 10.11.3.21[500] to VPN_IP[500] (1400 bytes)
received packet: from VPN_IP[500] to 10.11.3.21[500] (38 bytes)
parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
peer didn't accept DH group MODP_1536, it requested MODP_2048
initiating IKE_SA company[13] to VPN_IP
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
sending packet: from 10.11.3.21[500] to VPN_IP[500] (1464 bytes)
received packet: from VPN_IP[500] to 10.11.3.21[500] (513 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
local host is behind NAT, sending keep alives
remote host is behind NAT
received cert request for "COMPANY_CA_CERT_DN"
received 2 cert requests for an unknown ca
sending cert request for "COMPANY_CA_CERT_DN"
authentication of 'raspberrypi' (myself) with pre-shared key
establishing CHILD_SA company
generating IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
sending packet: from 10.11.3.21[4500] to VPN_IP[4500] (396 bytes)
received packet: from VPN_IP[4500] to 10.11.3.21[4500] (76 bytes)
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
received AUTHENTICATION_FAILED notify error
establishing connection 'company' failed

** SERVER **
May 24 15:16:40 jumpbox charon: 03[NET] received packet: from COMPANY_NAT_IP[1011] to VPN_INTERNAL_IP[500] (1400 bytes)
May 24 15:16:40 jumpbox charon: 03[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
May 24 15:16:41 jumpbox charon: 03[IKE] COMPANY_NAT_IP is initiating an IKE_SA
May 24 15:16:41 jumpbox charon: 03[IKE] local host is behind NAT, sending keep alives
May 24 15:16:41 jumpbox charon: 03[IKE] remote host is behind NAT
May 24 15:16:41 jumpbox charon: 03[IKE] DH group MODP_1536 inacceptable, requesting MODP_2048
May 24 15:16:41 jumpbox charon: 03[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
May 24 15:16:41 jumpbox charon: 03[NET] sending packet: from VPN_INTERNAL_IP[500] to COMPANY_NAT_IP[1011] (38 bytes)
May 24 15:16:41 jumpbox charon: 16[NET] received packet: from COMPANY_NAT_IP[1011] to VPN_INTERNAL_IP[500] (1464 bytes)
May 24 15:16:41 jumpbox charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
May 24 15:16:41 jumpbox charon: 16[IKE] COMPANY_NAT_IP is initiating an IKE_SA
May 24 15:16:41 jumpbox charon: 16[IKE] local host is behind NAT, sending keep alives
May 24 15:16:41 jumpbox charon: 16[IKE] remote host is behind NAT
May 24 15:16:41 jumpbox charon: 16[IKE] sending cert request for "COMPANY_CA_CERT_DN"
May 24 15:16:41 jumpbox charon: 16[IKE] sending cert request for "TURBO_CA_CERT_DN"
May 24 15:16:41 jumpbox charon: 16[IKE] sending cert request for "COMPANY_CA_CERT_DN"
May 24 15:16:41 jumpbox charon: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
May 24 15:16:41 jumpbox charon: 16[NET] sending packet: from VPN_INTERNAL_IP[500] to COMPANY_NAT_IP[1011] (513 bytes)
May 24 15:16:41 jumpbox charon: 07[NET] received packet: from COMPANY_NAT_IP[59101] to VPN_INTERNAL_IP[4500] (396 bytes)
May 24 15:16:41 jumpbox charon: 07[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
May 24 15:16:41 jumpbox charon: 07[IKE] received cert request for "COMPANY_CA_CERT_DN"
May 24 15:16:41 jumpbox charon: 07[CFG] looking for peer configs matching VPN_INTERNAL_IP[vpn.domain.tld]...COMPANY_NAT_IP[raspberrypi]
May 24 15:16:41 jumpbox charon: 07[CFG] selected peer config 'client_psk'
May 24 15:16:41 jumpbox charon: 07[IKE] tried 1 shared key for 'vpn.domain.tld' - 'raspberrypi', but MAC mismatched
May 24 15:16:41 jumpbox charon: 07[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
May 24 15:16:41 jumpbox charon: 07[NET] sending packet: from VPN_INTERNAL_IP[4500] to COMPANY_NAT_IP[59101] (76 bytes)
	CLIENT
	root@raspberrypi:~# ipsec up company
	initiating IKE_SA company[13] to VPN_IP
	generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
	sending packet: from 10.11.3.21[500] to VPN_IP[500] (1400 bytes)
	received packet: from VPN_IP[500] to 10.11.3.21[500] (38 bytes)
	parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ]
	peer didn't accept DH group MODP_1536, it requested MODP_2048
	initiating IKE_SA company[13] to VPN_IP
	generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
	sending packet: from 10.11.3.21[500] to VPN_IP[500] (1464 bytes)
	received packet: from VPN_IP[500] to 10.11.3.21[500] (513 bytes)
	parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
	local host is behind NAT, sending keep alives
	remote host is behind NAT
	received cert request for "COMPANY_CA_CERT_DN"
	received 2 cert requests for an unknown ca
	sending cert request for "COMPANY_CA_CERT_DN"
	authentication of 'raspberrypi' (myself) with pre-shared key
	establishing CHILD_SA company
	generating IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
	sending packet: from 10.11.3.21[4500] to VPN_IP[4500] (396 bytes)
	received packet: from VPN_IP[4500] to 10.11.3.21[4500] (76 bytes)
	parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
	received AUTHENTICATION_FAILED notify error
	establishing connection 'company' failed

	SERVER
	May 24 15:16:40 jumpbox charon: 03[NET] received packet: from COMPANY_NAT_IP[1011] to VPN_INTERNAL_IP[500] (1400 bytes)
	May 24 15:16:40 jumpbox charon: 03[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
	May 24 15:16:41 jumpbox charon: 03[IKE] COMPANY_NAT_IP is initiating an IKE_SA
	May 24 15:16:41 jumpbox charon: 03[IKE] local host is behind NAT, sending keep alives
	May 24 15:16:41 jumpbox charon: 03[IKE] remote host is behind NAT
	May 24 15:16:41 jumpbox charon: 03[IKE] DH group MODP_1536 inacceptable, requesting MODP_2048
	May 24 15:16:41 jumpbox charon: 03[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
	May 24 15:16:41 jumpbox charon: 03[NET] sending packet: from VPN_INTERNAL_IP[500] to COMPANY_NAT_IP[1011] (38 bytes)
	May 24 15:16:41 jumpbox charon: 16[NET] received packet: from COMPANY_NAT_IP[1011] to VPN_INTERNAL_IP[500] (1464 bytes)
	May 24 15:16:41 jumpbox charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
	May 24 15:16:41 jumpbox charon: 16[IKE] COMPANY_NAT_IP is initiating an IKE_SA
	May 24 15:16:41 jumpbox charon: 16[IKE] local host is behind NAT, sending keep alives
	May 24 15:16:41 jumpbox charon: 16[IKE] remote host is behind NAT
	May 24 15:16:41 jumpbox charon: 16[IKE] sending cert request for "COMPANY_CA_CERT_DN"
	May 24 15:16:41 jumpbox charon: 16[IKE] sending cert request for "TURBO_CA_CERT_DN"
	May 24 15:16:41 jumpbox charon: 16[IKE] sending cert request for "COMPANY_CA_CERT_DN"
	May 24 15:16:41 jumpbox charon: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
	May 24 15:16:41 jumpbox charon: 16[NET] sending packet: from VPN_INTERNAL_IP[500] to COMPANY_NAT_IP[1011] (513 bytes)
	May 24 15:16:41 jumpbox charon: 07[NET] received packet: from COMPANY_NAT_IP[59101] to VPN_INTERNAL_IP[4500] (396 bytes)
	May 24 15:16:41 jumpbox charon: 07[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]
	May 24 15:16:41 jumpbox charon: 07[IKE] received cert request for "COMPANY_CA_CERT_DN"
	May 24 15:16:41 jumpbox charon: 07[CFG] looking for peer configs matching VPN_INTERNAL_IP[vpn.domain.tld]...COMPANY_NAT_IP[raspberrypi]
	May 24 15:16:41 jumpbox charon: 07[CFG] selected peer config 'client_psk'
	May 24 15:16:41 jumpbox charon: 07[IKE] tried 1 shared key for 'vpn.domain.tld' - 'raspberrypi', but MAC mismatched
	May 24 15:16:41 jumpbox charon: 07[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
	May 24 15:16:41 jumpbox charon: 07[NET] sending packet: from VPN_INTERNAL_IP[4500] to COMPANY_NAT_IP[59101] (76 bytes)