<div dir="ltr">

<div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Hello,</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">First time user of libreswan and I am trying to set up a test environment to evaluate the overhead of using IPsec with our product as follows:</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Database daemon (dbserver 10.2.130.186) <-> VPN gateway (vpnserver  10.2.130.207) <-> multiple Windows 10 clients (client*)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">The Windows clients are using the built-in VPN client and a route is automatically added on a connection. It is using X.509 certificates which are installed correctly on the client. It is on an internal network and all firewalls are currently disabled. Everything is currently in the same VLAN.</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">ipsec verify all [OK]</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Client IP 10.2.130.187</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Add-VpnConnection -Name "test" -ServerAddress "<a href="http://cbgps279.nms.dev.ps.ge.com/" style="box-sizing:border-box;color:rgb(0,0,238)">d</a>bserver.fully.qualified.domain" -TunnelType "IKEv2" -EncryptionLevel "Required" -AuthenticationMethod MachineCertificate -RememberCredential -SplitTunneling -PassThru -Force</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Set-VpnConnectionIPsecConfiguration -ConnectionName "test" -EncryptionMethod AES256 -DHGroup Group14 -IntegrityCheckMethod SHA256 -PfsGroup None –AuthenticationTransformConstants SHA256128 -CipherTransformConstants AES256 -PassThru -Force</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">(Get-VpnConnection -Name "test").ipseccustompolicy</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Add-VpnConnectionRoute -ConnectionName "test" -DestinationPrefix "<a href="http://10.2.130.186/32">10.2.130.186/32</a>" -RouteMetric 10</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Client routing table during test</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">IPv4 Route Table</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">===========================================================================</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Active Routes:</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Network Destination        Netmask          Gateway       Interface  Metric</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">          0.0.0.0          0.0.0.0       10.2.130.1     10.2.130.187    271</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">         10.0.0.0        255.0.0.0         On-link      10.2.130.211     26</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">       10.2.130.0    255.255.255.0         On-link      10.2.130.187    271</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">     10.2.130.186  255.255.255.255         On-link      10.2.130.211     35</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">     10.2.130.187  255.255.255.255         On-link      10.2.130.187    271</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">     10.2.130.207  255.255.255.255         On-link      10.2.130.187     16</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">     10.2.130.211  255.255.255.255         On-link      10.2.130.211    281</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">     10.2.130.255  255.255.255.255         On-link      10.2.130.187    271</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">   10.255.255.255  255.255.255.255         On-link      10.2.130.211    281</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        224.0.0.0        240.0.0.0         On-link      10.2.130.187    271</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        224.0.0.0        240.0.0.0         On-link      10.2.130.211    281</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">  255.255.255.255  255.255.255.255         On-link      10.2.130.187    271</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">  255.255.255.255  255.255.255.255         On-link      10.2.130.211    281</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">===========================================================================</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Persistent Routes:</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">  Network Address          Netmask  Gateway Address  Metric</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">          0.0.0.0          0.0.0.0       10.2.130.1  Default</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">===========================================================================</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">The Windows client connects, authenticates and establishes an AES256 tunnel. However, the dbserver is not accessible from any client (neither proprietary tcp/udp based protocol tests or ICMP ping). The same test from vpnserver to dbserver is successful. During the test on a Windows client there is observable ESP chatter on port 4500.</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Windows Event Viewer reports successful connection:</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">CoId={202425CC-59DB-42D4-A548-5439FA786107}: The user DDD\uuu has dialed a connection named test to the Remote Access Server which has successfully connected. The connection parameters are:</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">TunnelIpAddress = 10.2.130.211</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">TunnelIpv6Address = None</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Dial-in User = .</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">/var/log/secure during test</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:34:06 vpnserver pluto[50237]: packet from <a href="http://10.2.130.187:500">10.2.130.187:500</a>: ignoring unknown Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000002]</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:34:06 vpnserver pluto[50237]: packet from <a href="http://10.2.130.187:500">10.2.130.187:500</a>: local IKE proposals for testvpn (IKE SA responder matching remote proposals): 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP1024 4:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 5:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP2048 6:IKE:ENCR=AES_CBC_128;PRF=HMAC_SHA1;INTEG=HMAC_SHA1_96;DH=MODP1024</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:34:06 vpnserver pluto[50237]: packet from <a href="http://10.2.130.187:500">10.2.130.187:500</a>: proposal 2:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;PRF=HMAC_SHA1;DH=MODP2048[first-match] 2:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;PRF=HMAC_SHA2_256;DH=MODP2048[better-match] 3:IKE:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_384_192;PRF=HMAC_SHA2_384;DH=MODP2048</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:34:06 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #1: STATE_PARENT_R1: received v2I1, sent v2R1 {auth=IKEv2 cipher=aes_256 integ=sha256_128 prf=sha2_256 group=MODP2048}</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:34:06 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #1: certificate verified OK: O=xxxxxx,CN=<a href="http://cbgps282.nms.dev.ps.ge.com/" style="box-sizing:border-box;color:rgb(0,0,238)">client282.fully.qualified.domain</a></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:34:06 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #1: IKEv2 mode peer ID is ID_DER_ASN1_DN: 'CN=<a href="http://cbgps282.nms.dev.ps.ge.com/" style="box-sizing:border-box;color:rgb(0,0,238)">client282.fully.qualified.domain</a>, O=xxxxxx'</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:34:06 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #1: Authenticated using RSA</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:34:06 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #1: local ESP/AH proposals for testvpn (IKE SA responder matching remote ESP/AH proposals): 1:ESP:ENCR=AES_GCM_C_128,AES_GCM_C_256;INTEG=NONE;DH=NONE;ESN=DISABLED 2:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED 4:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA2_256_128;DH=NONE;ESN=DISABLED 5:ESP:ENCR=AES_CBC_128;INTEG=HMAC_SHA1_96;DH=NONE;ESN=DISABLED</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:34:06 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #1: proposal 1:ESP:SPI=0fd6e1e8;ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match]</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:34:06 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #2: negotiated connection [0.0.0.0-255.255.255.255:0-65535 0] -> [10.2.130.211-10.2.130.211:0-65535 0]</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:34:06 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #2: STATE_V2_IPSEC_R: IPsec SA established tunnel mode {ESP/NAT=>0x0fd6e1e8 <0xfe3b0d44 xfrm=AES_CBC_256-HMAC_SHA2_256_128 NATOA=none NATD=<a href="http://10.2.130.187:4500">10.2.130.187:4500</a> DPD=active}</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">...</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">...</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:35:27 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #1: received Delete SA payload: expire IPSEC State #2 now</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:35:27 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #2: deleting state (STATE_V2_IPSEC_R) and NOT sending notification</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:35:27 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #2: ESP traffic information: in=60KB out=0B</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:35:27 vpnserver pluto[50237]: expire unused parent SA #1 "testvpn"[1] 10.2.130.187</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:35:27 vpnserver pluto[50237]: "testvpn"[1] 10.2.130.187 #1: deleting state (STATE_IKESA_DEL) and NOT sending notification</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Feb 12 09:35:27 vpnserver pluto[50237]: packet from <a href="http://10.2.130.187:4500">10.2.130.187:4500</a>: deleting connection "testvpn"[1] 10.2.130.187 instance with peer 10.2.130.187 {isakmp=#0/ipsec=#0}</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">The Windows connection is terminated with error 631 (The port was disconnected by the user.). This is not a deliberate action.</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">conn testvpn</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        left=%defaultroute      # (1) - 10.2.130.207</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        leftcert=vpnserver.fully.qualified.domain # name changed</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        leftid=@vpnserver.fully.qualified.domain </div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        leftsendcert=always     # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a>    # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        #leftsubnet=<a href="http://10.2.130.186/32">10.2.130.186/32</a> # specific IP of dbserver</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        #leftsubnet=<a href="http://10.2.130.0/24">10.2.130.0/24</a></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        leftrsasigkey=%cert     # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        right=%any              # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        rightid=%fromcert       # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        rightaddresspool=10.2.130.211-10.2.130.254</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        rightca=%same           # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        rightrsasigkey=%cert    # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        narrowing=yes           # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        dpddelay=30             # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        dpdtimeout=40           # (1) - clear sooner. was 120</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        dpdaction=clear         # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        auto=add                # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        ikev2=insist            # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        rekey=no                # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        pfs=no                  # (1) </div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        ike-frag=yes            # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        ike=aes256-sha2,aes256-sha1,aes256-sha2;modp1024,aes128-sha2,aes128-sha1,aes128-sha1;modp1024</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">                                # (1) </div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        phase2alg=aes_gcm-null,aes256-sha2,aes256-sha1,aes128-sha2,aes128-sha1</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">                                # (1) </div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        # ipsec --version >= libreswan 3.23</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        modecfgdns=10.2.8.20,10.2.8.21</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">                                # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        encapsulation=yes       # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        mobike=no               # (1)</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        # (1)<span> </span><a href="https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md" style="box-sizing:border-box;color:rgb(0,0,238)">https://github.com/hwdsl2/setup-ipsec-vpn/blob/master/docs/ikev2-howto.md</a></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        # (2) <a href="https://libreswan.org/man/ipsec.conf.5.html" style="box-sizing:border-box;color:rgb(0,0,238)">https://libreswan.org/man/ipsec.conf.5.html</a></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        # (3)<span> </span><a href="https://libreswan.org/wiki/FAQ#Microsoft_Windows_connection_attempts_fail_with_NO_POROPOSAL_CHOSEN" style="box-sizing:border-box;color:rgb(0,0,238)">https://libreswan.org/wiki/FAQ#Microsoft_Windows_connection_attempts_fail_with_NO_POROPOSAL_CHOSEN</a></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        # (4) <a href="https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2" style="box-sizing:border-box;color:rgb(0,0,238)">https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv2</a></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">        # (5) <a href="https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients" style="box-sizing:border-box;color:rgb(0,0,238)">https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients</a></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">It may be something simple but I just can't figure out what it is. Any help to resolve this would be appreciated.</div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial"><br style="box-sizing:border-box"></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Thanks in advance<br></div><div style="box-sizing:border-box;margin:0px;padding:0px;color:rgb(0,0,0);font-family:Tahoma;font-size:medium;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">-paul</div>

</div>