[Swan] Windows 10 ipsec issues
Mason Wardle
mwardle at caengineering.com
Fri Jun 18 19:14:04 UTC 2021
If it's any help, here is the configuration of strongswan that allows
Windows connection without registry modification. Based on these settings,
I tried playing around with "encapsulation", "nat-ikev1-method",
"fragmentation", and "compress" settings:
ipsec.conf:
config setup
charondebug="ike 0, knl 0, cfg 0, net 0"
include /run/strongswan/ipsec.d/tunnels/*.config
/run/strongswan/ipsec.d/tunnels/lns-l2tp-server.ipsec.l2tp.config
# Generated automatically by ubios-udapi-server
# For ipsec transport (site-to-site) lns-l2tp-server (converted from L2TP
Server)
#
conn lns-l2tp-server
## basics ##
auto=add
authby=secret
type=transport
## timeouts ##
dpdaction=clear
dpddelay=15s
dpdtimeout=45s
## connection data ##
left=WWW.WWW.WWW.WWW
right=%any
## routing ##
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
fragmentation=yes
compress=no
## phase 1 (IKE) ##
keyexchange=ikev1
aggressive=no
ike=aes256-sha384-ecp384,aes256-sha384-modp4096,aes256-sha384-modp2048,aes256-sha384-modp1536,aes256-sha384-modp1024,aes256-sha256-modp4096,aes256-sha256-modp2048,aes256-sha256-modp1536,aes128-sha256-ecp256,aes128-sha256-modp2048,aes128-sha256-modp1536,aes128-sha256-modp1024,aes256-sha1-modp4096,aes256-sha1-modp2048,aes256-sha1-modp1024,aes128-sha1-modp4096,aes128-sha1-modp2048,aes128-sha1-modp1024!
reauth=yes
ikelifetime=3600s
## phase 2 (ESP) ##
esp=aes256-sha384-ecp384,aes256-sha384-modp4096,aes256-sha384-modp2048,aes256-sha384-modp1536,aes256-sha384-modp1024,aes256-sha256-modp4096,aes256-sha256-modp2048,aes256-sha256-modp1536,aes128-sha256-ecp256,aes128-sha256-modp2048,aes128-sha256-modp1536,aes128-sha256-modp1024,aes256-sha1-modp4096,aes256-sha1-modp2048,aes256-sha1-modp1024,aes128-sha1-modp4096,aes128-sha1-modp2048,aes128-sha1-modp1024,aes256-sha384,aes256-sha256,aes256-sha1,aes128-sha384,aes128-sha256,aes128-sha1!
rekey=yes
keylife=3600s
keyingtries=%forever
forceencaps=no
## notifications ##
leftupdown=/run/strongswan/ipsec.d/tunnels/lns-l2tp-server.ipsec.l2tp.updown
/run/strongswan/ipsec.d/tunnels/lns-l2tp-server.ipsec.l2tp.updown
#!/bin/sh
# Generated automatically by ubios-udapi-server
# For ipsec transport (site-to-site) lns-l2tp-server (converted from L2TP
Server)
#
ubios-udapi-client -n INTERNAL /vpn/ipsec/site-to-site/l2tp/lns-l2tp-server
'
{
"connection": "'${PLUTO_CONNECTION}'",
"peer_id": "'${PLUTO_REQID}'",
"peer_name": "'${PLUTO_PEER_ID}'",
On Fri, Jun 18, 2021 at 12:33 PM Mason Wardle <mwardle at caengineering.com>
wrote:
> Hi there,
>
> I've looked at the thread "Windows 7/10 ipsec issues" and John Crisp
> described my problem to a tee but I'm not sure John got things going or not.
>
> - I have an IPSec over L2TP VPN set up on an Ubuntu 20.04 server using
> LibreSwan and xl2tpd (I know this isn't super secure but I'm taking my
> company in baby steps)
> - I can connect to the VPN using Linux, Android, and MacOS clients
> - In these cases, I see traffic in xl2tpd logs (grep l2tp /var/log/syslog)
>
> In light of that (and as John supposed), it shouldn't be an issue with
> xl2tpd or iptables since the traffic flows flawlessly when connected using
> a non-Windows platform.
>
> - The xl2tpd log doesn't show anything when connecting with a Windows
> client -- all the action is in the pluto log.
>
> Note that I did disable my Windows firewall. I can connect to a different
> IPSec over LT2P VPN (and I'm pretty sure it's using libreswan or
> strongswan + xl2tpd) using the same Windows setup so Windows is working in
> that case. I've got to think it's a configuration issue.
>
> Here is my ipsec.conf file:
>
> version 2.0
>
> config setup
> virtual-private=%v4:
> 10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.159.42.0/24,%v4:!10.175.42.0/24,%v4:!192.168.43.0/24
> uniqueids=no
>
> conn shared
> left=%defaultroute
> leftid=ZZZ.ZZZ.ZZZ.ZZZ
> right=%any
> encapsulation=yes
> authby=secret
> pfs=no
> rekey=yes
> keyingtries=%forever
> dpddelay=15
> dpdtimeout=45
> dpdaction=clear
> ikev2=never
>
> ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024
>
> phase2alg=aes_gcm-null,aes128-sha1,aes256-sha1,aes256-sha2_512,aes128-sha2,aes256-sha2
> ikelifetime=24h
> salifetime=24h
> sha2-truncbug=no
>
> conn l2tp-psk
> auto=add
> leftprotoport=17/1701
> rightprotoport=17/%any
> type=transport
> also=shared
>
> I see a post here (https://github.com/libreswan/libreswan/issues/26) that
> has logs a lot like mine. I modified the registry and (after a reboot of
> Windows), was able to log in. But modifying the registry is difficult for
> some users and so, given that the registry change helped, is there instead
> a way I can reconfigure ipsec.conf to account for this issue?
>
> Below you'll find pluto logs for a successful connection from a MacOS
> client and a Windows client as well as a failed connection from the same
> Windows client.
>
> Based on these logs, I poked around on the Internet and found this post (
> https://serverfault.com/a/919277/155442) but adding the suggested
> security algorithms to support SHA1 + AES-CBC-256 + MODP2048 by adding
> ",aes256-sha1;modp2048" to the above ike setting didn't help (here's my
> complete ike setting after modification):
>
> ike=aes256-sha2,aes128-sha2,aes256-sha1,aes128-sha1,aes256-sha2;modp1024,aes128-sha1;modp1024,aes256-sha1;modp2048
>
>
> phase2alg setting already looked like it was configured to support SHA1 +
> AES-CBC-128 so I didn't touch it.
>
> I also saw the "96" in the failed attempt which maybe refers to 96 bit ICV
> (see pluto logs below) and found a mention of 96 bits in the ipsec.conf man
> page under the sha2-truncbug setting but setting sha2-truncbug=yes didn't
> help. I also set ms-dh-downgrade=yes (which is also mentioned in the man
> page) but it didn't help either.
>
> I thought maybe since the failure mentions that Windows has
> DPD=unsupported and since the successful attempt with the MacOS client
> shows DPD=active was perhaps an issue but the successful Windows client
> connection also has DPD=unsupported as well.
>
> Can you see any issues in the three sets of pluto logs below?
>
> Here are logs for a successful Window connection (after registration
> modification)
>
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
> responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:500
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
> Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
> Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
> sent Main Mode R1
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
> sent Main Mode R2
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
> STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
> Peer ID is ID_IPV4_ADDR: '10.0.0.206'
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY #23:
> switched from "l2tp-psk"[13] YYY.YYY.YYY.YYY to "l2tp-psk"
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[13] YYY.YYY.YYY.YYY:
> deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
> Peer ID is ID_IPV4_ADDR: '10.0.0.206'
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
> IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1
> group=MODP2048}
> Jun 18 18:19:47 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
> Configured DPD (RFC 3706) support not enabled because remote peer did not
> advertise DPD support
> Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
> retransmitting in response to duplicate packet; already STATE_MAIN_R3
> Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
> the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
> Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #23:
> NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
> Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #24:
> responding to Quick Mode proposal {msgid:00000001}
> Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #24:
> us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
> YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
> Jun 18 18:19:48 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #24:
> sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
> transport mode {ESPinUDP=>0xb6815fd6 <0xbd4c32d0
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
> Jun 18 18:19:49 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #24:
> STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response
> Jun 18 18:19:49 twofactor pluto[3145]: "l2tp-psk"[14] YYY.YYY.YYY.YYY #24:
> IPsec SA established transport mode {ESPinUDP=>0xb6815fd6 <0xbd4c32d0
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> And here are pluto logs concurrent with a failed attempt to connect from a
> Windows Client
>
> Jun 18 17:25:58 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
> responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:500
>
> Jun 18 17:25:58 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
> Oakley Transform [AES_CBC (256), HMAC_SHA1, DH20] refused
>
> Jun 18 17:25:58 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
> Oakley Transform [AES_CBC (128), HMAC_SHA1, DH19] refused
>
> Jun 18 17:25:58 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
> sent Main Mode R1
>
> Jun 18 17:25:59 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
> retransmitting in response to duplicate packet; already STATE_MAIN_R1
>
> Jun 18 17:25:59 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
> sent Main Mode R2
>
> Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
> STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
>
> Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
> Peer ID is ID_IPV4_ADDR: '10.0.0.206'
>
> Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY #9:
> switched from "l2tp-psk"[9] YYY.YYY.YYY.YYY to "l2tp-psk"
>
> Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[9] YYY.YYY.YYY.YYY:
> deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
>
> Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> Peer ID is ID_IPV4_ADDR: '10.0.0.206'
>
> Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1
> group=MODP2048}
>
> Jun 18 17:26:00 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> Configured DPD (RFC 3706) support not enabled because remote peer did not
> advertise DPD support
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> retransmitting in response to duplicate packet; already STATE_MAIN_R3
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
> responding to Quick Mode proposal {msgid:00000001}
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
> us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
> YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
> sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
> transport mode {ESPinUDP=>0x2e9fe5f4 <0xfd1bde5e
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
> STATE_QUICK_R1: retransmission; will wait 0.5 seconds for response
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
> IPsec SA established transport mode {ESPinUDP=>0x2e9fe5f4 <0xfd1bde5e
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
> responding to Quick Mode proposal {msgid:00000002}
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
> us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
> YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
> sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
> transport mode {ESPinUDP=>0x1bbf9872 <0xbe475c8a
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
> IPsec SA established transport mode {ESPinUDP=>0x1bbf9872 <0xbe475c8a
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> received Delete SA(0x2e9fe5f4) payload: deleting IPsec State #10
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
> deleting state (STATE_QUICK_R2) aged 0.57243s and sending notification
>
> Jun 18 17:26:01 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #10:
> ESP traffic information: in=0B out=0B
>
> Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
>
> Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
>
> Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
> responding to Quick Mode proposal {msgid:00000003}
>
> Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
> us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
> YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
>
> Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
> sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
> transport mode {ESPinUDP=>0xb6413a2a <0xbb46b64b
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
> IPsec SA established transport mode {ESPinUDP=>0xb6413a2a <0xbb46b64b
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> received Delete SA(0x1bbf9872) payload: deleting IPsec State #11
>
> Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
> deleting state (STATE_QUICK_R2) aged 3.078369s and sending notification
>
> Jun 18 17:26:04 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #11:
> ESP traffic information: in=0B out=0B
>
> Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
>
> Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
>
> Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
> responding to Quick Mode proposal {msgid:00000004}
>
> Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
> us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
> YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
>
> Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
> sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
> transport mode {ESPinUDP=>0x6f6f5d8e <0xa065c92f
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
> IPsec SA established transport mode {ESPinUDP=>0x6f6f5d8e <0xa065c92f
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> received Delete SA(0xb6413a2a) payload: deleting IPsec State #12
>
> Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
> deleting state (STATE_QUICK_R2) aged 4.038678s and sending notification
>
> Jun 18 17:26:08 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #12:
> ESP traffic information: in=0B out=0B
>
> Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
>
> Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
>
> Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
> responding to Quick Mode proposal {msgid:00000005}
>
> Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
> us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
> YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
>
> Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
> sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
> transport mode {ESPinUDP=>0x22702ed2 <0x602282e7
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
> IPsec SA established transport mode {ESPinUDP=>0x22702ed2 <0x602282e7
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> received Delete SA(0x6f6f5d8e) payload: deleting IPsec State #13
>
> Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
> deleting state (STATE_QUICK_R2) aged 8.025773s and sending notification
>
> Jun 18 17:26:16 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #13:
> ESP traffic information: in=0B out=0B
>
> Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.206/32:1701
>
> Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
>
> Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
> responding to Quick Mode proposal {msgid:00000006}
>
> Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
> us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
> YYY.YYY.YYY.YYY[10.0.0.206]:17/1701
>
> Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
> sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
> transport mode {ESPinUDP=>0x802a6e10 <0x00f5b56f
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
> IPsec SA established transport mode {ESPinUDP=>0x802a6e10 <0x00f5b56f
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.206 NATD=YYY.YYY.YYY.YYY:4500
> DPD=unsupported}
>
> Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> received Delete SA(0x22702ed2) payload: deleting IPsec State #14
>
> Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
> deleting state (STATE_QUICK_R2) aged 10.023239s and sending notification
>
> Jun 18 17:26:26 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #14:
> ESP traffic information: in=0B out=0B
>
> Jun 18 17:26:36 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> received Delete SA(0x802a6e10) payload: deleting IPsec State #15
>
> Jun 18 17:26:36 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
> deleting state (STATE_QUICK_R2) aged 10.010517s and sending notification
>
> Jun 18 17:26:36 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #15:
> ESP traffic information: in=0B out=0B
>
> Jun 18 17:26:36 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY #9:
> deleting state (STATE_MAIN_R3) aged 38.153205s and sending notification
>
> Jun 18 17:26:36 twofactor pluto[3145]: "l2tp-psk"[10] YYY.YYY.YYY.YYY:
> deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
>
> And for reference, here is a successful connection from a MacOS client
> where I got a connection established and then I disconnected right away.
>
> Jun 18 17:12:57 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
> responding to Main Mode from unknown peer XXX.XXX.XXX.XXX:6224
>
> Jun 18 17:12:57 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
> sent Main Mode R1
>
> Jun 18 17:13:00 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
> retransmitting in response to duplicate packet; already STATE_MAIN_R1
>
> Jun 18 17:13:00 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
> responding to Main Mode from unknown peer YYY.YYY.YYY.YYY:500
>
> Jun 18 17:13:00 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
> sent Main Mode R1
>
> Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
> sent Main Mode R2
>
> Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
> ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000,
> length=28
>
> Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
> Peer ID is ID_IPV4_ADDR: '192.168.1.4'
>
> Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX #5:
> switched from "l2tp-psk"[5] XXX.XXX.XXX.XXX to "l2tp-psk"
>
> Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[5] XXX.XXX.XXX.XXX:
> deleting connection instance with peer XXX.XXX.XXX.XXX {isakmp=#0/ipsec=#0}
>
> Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #5:
> Peer ID is ID_IPV4_ADDR: '192.168.1.4'
>
> Jun 18 17:13:01 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #5:
> IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256
> integ=HMAC_SHA2_256 group=MODP2048}
>
> Jun 18 17:13:03 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
> retransmitting in response to duplicate packet; already STATE_MAIN_R1
>
> Jun 18 17:13:03 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
> sent Main Mode R2
>
> Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
> STATE_MAIN_R2: retransmission; will wait 0.5 seconds for response
>
> Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
> ignoring informational payload IPSEC_INITIAL_CONTACT, msgid=00000000,
> length=28
>
> Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
> Peer ID is ID_IPV4_ADDR: '10.0.0.233'
>
> Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY #6:
> switched from "l2tp-psk"[6] YYY.YYY.YYY.YYY to "l2tp-psk"
>
> Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[6] YYY.YYY.YYY.YYY:
> deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
>
> Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
> Peer ID is ID_IPV4_ADDR: '10.0.0.233'
>
> Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
> IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256
> integ=HMAC_SHA2_256 group=MODP2048}
>
> Jun 18 17:13:04 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #5:
> retransmitting in response to duplicate packet; already STATE_MAIN_R3
>
> Jun 18 17:13:05 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #5:
> the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 192.168.1.4/32:57481
>
> Jun 18 17:13:05 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #5:
> NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
>
> Jun 18 17:13:05 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #7:
> responding to Quick Mode proposal {msgid:36e0468b}
>
> Jun 18 17:13:05 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #7:
> us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
> XXX.XXX.XXX.XXX[192.168.1.4]:17/57481
>
> Jun 18 17:13:05 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #7:
> sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
> transport mode {ESPinUDP=>0x058020b2 <0x0364524d
> xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=192.168.1.4
> NATD=XXX.XXX.XXX.XXX:6230 DPD=active}
>
> Jun 18 17:13:06 twofactor pluto[3145]: "l2tp-psk"[7] XXX.XXX.XXX.XXX #7:
> IPsec SA established transport mode {ESPinUDP=>0x058020b2 <0x0364524d
> xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=192.168.1.4
> NATD=XXX.XXX.XXX.XXX:6230 DPD=active}
>
> Jun 18 17:13:07 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
> retransmitting in response to duplicate packet; already STATE_MAIN_R3
>
> Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
> the peer proposed: ZZZ.ZZZ.ZZZ.ZZZ/32:1701 -UDP-> 10.0.0.233/32:64495
>
> Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
> NAT-Traversal: received 2 NAT-OA. Using first; ignoring others
>
> Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
> responding to Quick Mode proposal {msgid:1920fedb}
>
> Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
> us: 10.99.0.12[ZZZ.ZZZ.ZZZ.ZZZ]:17/1701 them:
> YYY.YYY.YYY.YYY[10.0.0.233]:17/64495
>
> Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
> sent Quick Mode reply, inbound IPsec SA installed, expecting confirmation
> transport mode {ESPinUDP=>0x04c69ac0 <0xa57c5e2b
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.233 NATD=YYY.YYY.YYY.YYY:4500
> DPD=active}
>
> Jun 18 17:13:08 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
> IPsec SA established transport mode {ESPinUDP=>0x04c69ac0 <0xa57c5e2b
> xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=10.0.0.233 NATD=YYY.YYY.YYY.YYY:4500
> DPD=active}
>
> Jun 18 17:13:19 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
> received Delete SA(0x04c69ac0) payload: deleting IPsec State #8
>
> Jun 18 17:13:19 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
> deleting state (STATE_QUICK_R2) aged 11.648737s and sending notification
>
> Jun 18 17:13:19 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #8:
> ESP traffic information: in=11KB out=807B
>
> Jun 18 17:13:19 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY #6:
> deleting state (STATE_MAIN_R3) aged 19.06668s and sending notification
>
> Jun 18 17:13:19 twofactor pluto[3145]: "l2tp-psk"[8] YYY.YYY.YYY.YYY:
> deleting connection instance with peer YYY.YYY.YYY.YYY {isakmp=#0/ipsec=#0}
>
> --
>
>
>
> *Mason Wardle*, Sr. Software/Embedded Firmware Systems Engineer
>
> 147 West Election Road, Suite 200 *|* Draper, UT 84020 *|* USA
>
> 801.749.4900 x73 (office) | 520.449.4278 (mobile)
>
> mwardle at caengineering.com | www.caengineering.com
>
>
>
> *|* CONFIDENTIALITY NOTICE *|*
> The information in this email may be confidential and/or privileged. This
> email is intended to be reviewed by only the individual or organization
> named as a recipient or cc:. If you are not the intended recipient or an
> authorized representative of the intended recipient, you are hereby
> notified that any review, dissemination or copying of this email and its
> attachments, if any, or the information contained herein is prohibited. If
> you have received this email in error, please immediately notify the sender
> by return email and delete this email from your system.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210618/5b6e488c/attachment-0001.html>
More information about the Swan
mailing list