[Swan] Windows 10 ipsec issues
Mason Wardle
mwardle at caengineering.com
Fri Jun 18 18:33:39 UTC 2021
Hi there,
I've looked at the thread "Windows 7/10 ipsec issues" and John Crisp
described my problem to a tee but I'm not sure John got things going or not.
- I have an IPSec over L2TP VPN set up on an Ubuntu 20.04 server using
LibreSwan and xl2tpd (I know this isn't super secure but I'm taking my
company in baby steps)
- I can connect to the VPN using Linux, Android, and MacOS clients
- In these cases, I see traffic in xl2tpd logs (grep l2tp /var/log/syslog)
In light of that (and as John supposed), it shouldn't be an issue with
xl2tpd or iptables since the traffic flows flawlessly when connected using
a non-Windows platform.
- The xl2tpd log doesn't show anything when connecting with a Windows
client -- all the action is in the pluto log.
Note that I did disable my Windows firewall. I can connect to a different
IPSec over LT2P VPN (and I'm pretty sure it's using libreswan or
strongswan + xl2tpd) using the same Windows setup so Windows is working in
that case. I've got to think it's a configuration issue.
Here is my ipsec.conf file:
version 2.0
config setup
virtual-private=%v4:
10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.159.42.0/24,%v4:!10.175.42.0/24,%v4:!192.168.43.0/24
uniqueids=no
conn shared
left=%defaultroute
leftid=ZZZ.ZZZ.ZZZ.ZZZ
right=%any
encapsulation=yes
authby=secret
pfs=no
rekey=yes
keyingtries=%forever
dpddelay=15
dpdtimeout=45
dpdaction=clear
ikev2=never
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
ikelifetime=24h
salifetime=24h
sha2-truncbug=no
conn l2tp-psk
auto=add
leftprotoport=17/1701
rightprotoport=17/%any
type=transport
also=shared
I see a post here (https://github.com/libreswan/libreswan/issues/26) that
has logs a lot like mine. I modified the registry and (after a reboot of
Windows), was able to log in. But modifying the registry is difficult for
some users and so, given that the registry change helped, is there instead
a way I can reconfigure ipsec.conf to account for this issue?
Below you'll find pluto logs for a successful connection from a MacOS
client and a Windows client as well as a failed connection from the same
Windows client.
Based on these logs, I poked around on the Internet and found this post (
https://serverfault.com/a/919277/155442) but adding the suggested security
algorithms to support SHA1 + AES-CBC-256 + MODP2048 by adding
",aes256-sha1;modp2048" to the above ike setting didn't help (here's my
complete ike setting after modification):
ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024,aes256-sha1;modp2048
phase2alg setting already looked like it was configured to support SHA1 +
AES-CBC-128 so I didn't touch it.
I also saw the "96" in the failed attempt which maybe refers to 96 bit ICV
(see pluto logs below) and found a mention of 96 bits in the ipsec.conf man
page under the sha2-truncbug setting but setting sha2-truncbug=yes didn't
help. I also set ms-dh-downgrade=yes (which is also mentioned in the man
page) but it didn't help either.
I thought maybe since the failure mentions that Windows has DPD=unsupported
and since the successful attempt with the MacOS client shows DPD=active was
perhaps an issue but the successful Windows client connection also has
DPD=unsupported as well.
Can you see any issues in the three sets of pluto logs below?
Here are logs for a successful Window connection (after registration
modification)
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:500
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
sent Main Mode R1
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
sent Main Mode R2
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
Peer ID is ID_IPV4_ADDR: '10.0.0.206'
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
switched from "l2tp-psk"[13] YYY.YYY.YYY.YYY to "l2tp-psk"
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY:
deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
Peer ID is ID_IPV4_ADDR: '10.0.0.206'
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1
group=MODP2048}
Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
Configured DPD (RFC 3706) support not enabled because remote peer did not
advertise DPD support
Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
retransmitting in response to duplicate packet; already STATE_MAIN_R3
Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #24:
responding to Quick Mode proposal {msgid:00000001}
Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #24:
us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #24:
sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
transport mode {ESPinUDP=>0xb6815fd6 <0xbd4c32d0
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 18:19:49 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #24:
STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response
Jun 18 18:19:49 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #24:
IPsec SA established transport mode {ESPinUDP=>0xb6815fd6 <0xbd4c32d0
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
And here are pluto logs concurrent with a failed attempt to connect from a
Windows Client
Jun 18 17:25:58 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:500
Jun 18 17:25:58 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
Jun 18 17:25:58 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
Jun 18 17:25:58 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
sent Main Mode R1
Jun 18 17:25:59 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
retransmitting in response to duplicate packet; already STATE_MAIN_R1
Jun 18 17:25:59 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
sent Main Mode R2
Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
Peer ID is ID_IPV4_ADDR: '10.0.0.206'
Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
switched from "l2tp-psk"[9] YYY.YYY.YYY.YYY to "l2tp-psk"
Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY:
deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
Peer ID is ID_IPV4_ADDR: '10.0.0.206'
Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1
group=MODP2048}
Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
Configured DPD (RFC 3706) support not enabled because remote peer did not
advertise DPD support
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
retransmitting in response to duplicate packet; already STATE_MAIN_R3
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
responding to Quick Mode proposal {msgid:00000001}
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
transport mode {ESPinUDP=>0x2e9fe5f4 <0xfd1bde5e
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
IPsec SA established transport mode {ESPinUDP=>0x2e9fe5f4 <0xfd1bde5e
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
responding to Quick Mode proposal {msgid:00000002}
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
transport mode {ESPinUDP=>0x1bbf9872 <0xbe475c8a
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
IPsec SA established transport mode {ESPinUDP=>0x1bbf9872 <0xbe475c8a
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
received Delete SA(0x2e9fe5f4) payload: deleting IPsec State #10
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
deleting state (STATE_QUICK_R2) aged 0.57243s and sending notification
Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
ESP traffic information: in=0B out=0B
Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
responding to Quick Mode proposal {msgid:00000003}
Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
transport mode {ESPinUDP=>0xb6413a2a <0xbb46b64b
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
IPsec SA established transport mode {ESPinUDP=>0xb6413a2a <0xbb46b64b
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
received Delete SA(0x1bbf9872) payload: deleting IPsec State #11
Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
deleting state (STATE_QUICK_R2) aged 3.078369s and sending notification
Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
ESP traffic information: in=0B out=0B
Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
responding to Quick Mode proposal {msgid:00000004}
Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
transport mode {ESPinUDP=>0x6f6f5d8e <0xa065c92f
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
IPsec SA established transport mode {ESPinUDP=>0x6f6f5d8e <0xa065c92f
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
received Delete SA(0xb6413a2a) payload: deleting IPsec State #12
Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
deleting state (STATE_QUICK_R2) aged 4.038678s and sending notification
Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
ESP traffic information: in=0B out=0B
Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
responding to Quick Mode proposal {msgid:00000005}
Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
transport mode {ESPinUDP=>0x22702ed2 <0x602282e7
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
IPsec SA established transport mode {ESPinUDP=>0x22702ed2 <0x602282e7
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
received Delete SA(0x6f6f5d8e) payload: deleting IPsec State #13
Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
deleting state (STATE_QUICK_R2) aged 8.025773s and sending notification
Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
ESP traffic information: in=0B out=0B
Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
responding to Quick Mode proposal {msgid:00000006}
Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
transport mode {ESPinUDP=>0x802a6e10 <0x00f5b56f
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
IPsec SA established transport mode {ESPinUDP=>0x802a6e10 <0x00f5b56f
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
DPD=unsupported}
Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
received Delete SA(0x22702ed2) payload: deleting IPsec State #14
Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
deleting state (STATE_QUICK_R2) aged 10.023239s and sending notification
Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
ESP traffic information: in=0B out=0B
Jun 18 17:26:36 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
received Delete SA(0x802a6e10) payload: deleting IPsec State #15
Jun 18 17:26:36 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
deleting state (STATE_QUICK_R2) aged 10.010517s and sending notification
Jun 18 17:26:36 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
ESP traffic information: in=0B out=0B
Jun 18 17:26:36 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
deleting state (STATE_MAIN_R3) aged 38.153205s and sending notification
Jun 18 17:26:36 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY:
deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
And for reference, here is a successful connection from a MacOS client
where I got a connection established and then I disconnected right away.
Jun 18 17:12:57 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
responding to Main Mode from unknown peer XXX.XXX.XXX.XXX:6224
Jun 18 17:12:57 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
sent Main Mode R1
Jun 18 17:13:00 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
retransmitting in response to duplicate packet; already STATE_MAIN_R1
Jun 18 17:13:00 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:500
Jun 18 17:13:00 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
sent Main Mode R1
Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
sent Main Mode R2
Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000,
length=28
Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
Peer ID is ID_IPV4_ADDR: '192.168.1.4'
Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
switched from "l2tp-psk"[5] XXX.XXX.XXX.XXX to "l2tp-psk"
Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX:
deleting connection instance with peer XXX.XXX.XXX.XXX {isakmp=#0/ipsec=#0}
Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #5:
Peer ID is ID_IPV4_ADDR: '192.168.1.4'
Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #5:
IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256
integ=HMAC_SHA2_256 group=MODP2048}
Jun 18 17:13:03 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
retransmitting in response to duplicate packet; already STATE_MAIN_R1
Jun 18 17:13:03 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
sent Main Mode R2
Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000,
length=28
Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
Peer ID is ID_IPV4_ADDR: '10.0.0.233'
Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
switched from "l2tp-psk"[6] YYY.YYY.YYY.YYY to "l2tp-psk"
Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY:
deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
Peer ID is ID_IPV4_ADDR: '10.0.0.233'
Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256
integ=HMAC_SHA2_256 group=MODP2048}
Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #5:
retransmitting in response to duplicate packet; already STATE_MAIN_R3
Jun 18 17:13:05 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #5:
the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 192.168.1.4/32:57481
Jun 18 17:13:05 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #5:
NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Jun 18 17:13:05 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #7:
responding to Quick Mode proposal {msgid:36e0468b}
Jun 18 17:13:05 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #7:
us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
XXX.XXX.XXX.XXX[192.168.1.4]:17/57481
Jun 18 17:13:05 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #7:
sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
transport mode {ESPinUDP=>0x058020b2 <0x0364524d
xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=192.168.1.4
NATD=XXX.XXX.XXX.XXX:6230 DPD=active}
Jun 18 17:13:06 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #7:
IPsec SA established transport mode {ESPinUDP=>0x058020b2 <0x0364524d
xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=192.168.1.4
NATD=XXX.XXX.XXX.XXX:6230 DPD=active}
Jun 18 17:13:07 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
retransmitting in response to duplicate packet; already STATE_MAIN_R3
Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.233/32:64495
Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
responding to Quick Mode proposal {msgid:1920fedb}
Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
YYY.YYY.YYY.YYY[10.0.0.233]:17/64495
Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
transport mode {ESPinUDP=>0x04c69ac0 <0xa57c5e2b
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.233 NATD=YYY.YYY.YYY.YYY:4500
DPD=active}
Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
IPsec SA established transport mode {ESPinUDP=>0x04c69ac0 <0xa57c5e2b
xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.233 NATD=YYY.YYY.YYY.YYY:4500
DPD=active}
Jun 18 17:13:19 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
received Delete SA(0x04c69ac0) payload: deleting IPsec State #8
Jun 18 17:13:19 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
deleting state (STATE_QUICK_R2) aged 11.648737s and sending notification
Jun 18 17:13:19 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
ESP traffic information: in=11KB out=807B
Jun 18 17:13:19 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
deleting state (STATE_MAIN_R3) aged 19.06668s and sending notification
Jun 18 17:13:19 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY:
deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
--
*Mason Wardle*, Sr. Software/Embedded Firmware Systems Engineer
147 West Election Road, Suite 200 *|* Draper, UT 84020 *|* USA
801.749.4900 x73 (office) | 520.449.4278 (mobile)
mwardle at caengineering.com | www.caengineering.com
*|* CONFIDENTIALITY NOTICE *|*
The information in this email may be confidential and/or privileged. This
email is intended to be reviewed by only the individual or organization
named as a recipient or cc:. If you are not the intended recipient or an
authorized representative of the intended recipient, you are hereby
notified that any review, dissemination or copying of this email and its
attachments, if any, or the information contained herein is prohibited. If
you have received this email in error, please immediately notify the sender
by return email and delete this email from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210618/74cad627/attachment-0001.html>
More information about the Swan
mailing list