Created
May 24, 2017 14:21
-
-
Save FransUrbo/2cc5104fded000edfeae4154b30fdac9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
** CLIENT ** | |
root@raspberrypi:~# ipsec up company | |
initiating IKE_SA company[13] to VPN_IP | |
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ] | |
sending packet: from 10.11.3.21[500] to VPN_IP[500] (1400 bytes) | |
received packet: from VPN_IP[500] to 10.11.3.21[500] (38 bytes) | |
parsed IKE_SA_INIT response 0 [ N(INVAL_KE) ] | |
peer didn't accept DH group MODP_1536, it requested MODP_2048 | |
initiating IKE_SA company[13] to VPN_IP | |
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ] | |
sending packet: from 10.11.3.21[500] to VPN_IP[500] (1464 bytes) | |
received packet: from VPN_IP[500] to 10.11.3.21[500] (513 bytes) | |
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ] | |
local host is behind NAT, sending keep alives | |
remote host is behind NAT | |
received cert request for "COMPANY_CA_CERT_DN" | |
received 2 cert requests for an unknown ca | |
sending cert request for "COMPANY_CA_CERT_DN" | |
authentication of 'raspberrypi' (myself) with pre-shared key | |
establishing CHILD_SA company | |
generating IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ] | |
sending packet: from 10.11.3.21[4500] to VPN_IP[4500] (396 bytes) | |
received packet: from VPN_IP[4500] to 10.11.3.21[4500] (76 bytes) | |
parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ] | |
received AUTHENTICATION_FAILED notify error | |
establishing connection 'company' failed | |
** SERVER ** | |
May 24 15:16:40 jumpbox charon: 03[NET] received packet: from COMPANY_NAT_IP[1011] to VPN_INTERNAL_IP[500] (1400 bytes) | |
May 24 15:16:40 jumpbox charon: 03[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ] | |
May 24 15:16:41 jumpbox charon: 03[IKE] COMPANY_NAT_IP is initiating an IKE_SA | |
May 24 15:16:41 jumpbox charon: 03[IKE] local host is behind NAT, sending keep alives | |
May 24 15:16:41 jumpbox charon: 03[IKE] remote host is behind NAT | |
May 24 15:16:41 jumpbox charon: 03[IKE] DH group MODP_1536 inacceptable, requesting MODP_2048 | |
May 24 15:16:41 jumpbox charon: 03[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ] | |
May 24 15:16:41 jumpbox charon: 03[NET] sending packet: from VPN_INTERNAL_IP[500] to COMPANY_NAT_IP[1011] (38 bytes) | |
May 24 15:16:41 jumpbox charon: 16[NET] received packet: from COMPANY_NAT_IP[1011] to VPN_INTERNAL_IP[500] (1464 bytes) | |
May 24 15:16:41 jumpbox charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ] | |
May 24 15:16:41 jumpbox charon: 16[IKE] COMPANY_NAT_IP is initiating an IKE_SA | |
May 24 15:16:41 jumpbox charon: 16[IKE] local host is behind NAT, sending keep alives | |
May 24 15:16:41 jumpbox charon: 16[IKE] remote host is behind NAT | |
May 24 15:16:41 jumpbox charon: 16[IKE] sending cert request for "COMPANY_CA_CERT_DN" | |
May 24 15:16:41 jumpbox charon: 16[IKE] sending cert request for "TURBO_CA_CERT_DN" | |
May 24 15:16:41 jumpbox charon: 16[IKE] sending cert request for "COMPANY_CA_CERT_DN" | |
May 24 15:16:41 jumpbox charon: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ] | |
May 24 15:16:41 jumpbox charon: 16[NET] sending packet: from VPN_INTERNAL_IP[500] to COMPANY_NAT_IP[1011] (513 bytes) | |
May 24 15:16:41 jumpbox charon: 07[NET] received packet: from COMPANY_NAT_IP[59101] to VPN_INTERNAL_IP[4500] (396 bytes) | |
May 24 15:16:41 jumpbox charon: 07[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ] | |
May 24 15:16:41 jumpbox charon: 07[IKE] received cert request for "COMPANY_CA_CERT_DN" | |
May 24 15:16:41 jumpbox charon: 07[CFG] looking for peer configs matching VPN_INTERNAL_IP[vpn.domain.tld]...COMPANY_NAT_IP[raspberrypi] | |
May 24 15:16:41 jumpbox charon: 07[CFG] selected peer config 'client_psk' | |
May 24 15:16:41 jumpbox charon: 07[IKE] tried 1 shared key for 'vpn.domain.tld' - 'raspberrypi', but MAC mismatched | |
May 24 15:16:41 jumpbox charon: 07[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ] | |
May 24 15:16:41 jumpbox charon: 07[NET] sending packet: from VPN_INTERNAL_IP[4500] to COMPANY_NAT_IP[59101] (76 bytes) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment