IPsec tunnel to Android device not created even though there is an IKE SA
Posted
by
Quentin Swain
on Server Fault
See other posts from Server Fault
or by Quentin Swain
Published on 2012-10-31T14:54:20Z
Indexed on
2012/10/31
23:04 UTC
Read the original article
Hit count: 448
I'm trying to configure a VPN tunnel between an Android device running 4.1 and a Fedora 17 Linux box running strongSwan 5.0. The device reports that it is connected and strongSwan statusall returns that there is an IKE SA, but doesn't display a tunnel. I used the instructions for iOS in the wiki to generate certificates and configure strongSwan. Since Android uses a modified version of racoon this should work and since the connection is partly established I think I am on the right track. I don't see any errors about not being able to create the tunnel.
This is the configuration for the strongSwan connection
conn android2
keyexchange=ikev1
authby=xauthrsasig
xauth=server
left=96.244.142.28
leftsubnet=0.0.0.0/0
leftfirewall=yes
leftcert=serverCert.pem
right=%any
rightsubnet=10.0.0.0/24
rightsourceip=10.0.0.2
rightcert=clientCert.pem
ike=aes256-sha1-modp1024
auto=add
This is the output of strongswan statusall
Status of IKE charon daemon (strongSwan 5.0.0, Linux 3.3.4-5.fc17.x86_64, x86_64):
uptime: 20 minutes, since Oct 31 10:27:31 2012
malloc: sbrk 270336, mmap 0, used 198144, free 72192
worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0, scheduled: 7
loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic
Virtual IP pools (size/online/offline):
android-hybrid: 1/0/0
android2: 1/1/0
Listening IP addresses:
96.244.142.28
Connections:
android-hybrid: %any...%any IKEv1
android-hybrid: local: [C=CH, O=strongSwan, CN=vpn.strongswan.org] uses public key authentication
android-hybrid: cert: "C=CH, O=strongSwan, CN=vpn.strongswan.org"
android-hybrid: remote: [%any] uses XAuth authentication: any
android-hybrid: child: dynamic === dynamic TUNNEL
android2: 96.244.142.28...%any IKEv1
android2: local: [C=CH, O=strongSwan, CN=vpn.strongswan.org] uses public key authentication
android2: cert: "C=CH, O=strongSwan, CN=vpn.strongswan.org"
android2: remote: [C=CH, O=strongSwan, CN=client] uses public key authentication
android2: cert: "C=CH, O=strongSwan, CN=client"
android2: remote: [%any] uses XAuth authentication: any
android2: child: 0.0.0.0/0 === 10.0.0.0/24 TUNNEL
Security Associations (1 up, 0 connecting):
android2[3]: ESTABLISHED 10 seconds ago, 96.244.142.28[C=CH, O=strongSwan, CN=vpn.strongswan.org]...208.54.35.241[C=CH, O=strongSwan, CN=client]
android2[3]: Remote XAuth identity: android
android2[3]: IKEv1 SPIs: 4151e371ad46b20d_i 59a56390d74792d2_r*, public key reauthentication in 56 minutes
android2[3]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
The output of ip -s xfrm policy
src ::/0 dst ::/0 uid 0
socket in action allow index 3851 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:29:08 use -
src ::/0 dst ::/0 uid 0
socket out action allow index 3844 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:29:08 use -
src ::/0 dst ::/0 uid 0
socket in action allow index 3835 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:29:08 use -
src ::/0 dst ::/0 uid 0
socket out action allow index 3828 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:29:08 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket in action allow index 3819 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:29:08 use 2012-10-31 13:29:39
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket out action allow index 3812 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:29:08 use 2012-10-31 13:29:22
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket in action allow index 3803 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:29:08 use 2012-10-31 13:29:20
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
socket out action allow index 3796 priority 0 ptype main share any flag (0x00000000)
lifetime config:
limit: soft 0(bytes), hard 0(bytes)
limit: soft 0(packets), hard 0(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:29:08 use 2012-10-31 13:29:20
So a xfrm policy isn't being created for the connection, even though there is an SA between device and strongswan. Executing ip -s xfrm policy on the android device results in the following output:
src 0.0.0.0/0 dst 10.0.0.2/32 uid 0
dir in action allow index 40 priority 2147483648 share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:42:08 use -
tmpl src 96.244.142.28 dst 25.239.33.30
proto esp spi 0x00000000(0) reqid 0(0x00000000) mode tunnel
level required share any
enc-mask 00000000 auth-mask 00000000 comp-mask 00000000
src 10.0.0.2/32 dst 0.0.0.0/0 uid 0
dir out action allow index 33 priority 2147483648 share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:42:08 use -
tmpl src 25.239.33.30 dst 96.244.142.28
proto esp spi 0x00000000(0) reqid 0(0x00000000) mode tunnel
level required share any
enc-mask 00000000 auth-mask 00000000 comp-mask 00000000
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
dir 4 action allow index 28 priority 0 share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:42:04 use 2012-10-31 13:42:08
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
dir 3 action allow index 19 priority 0 share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:42:04 use 2012-10-31 13:42:08
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
dir 4 action allow index 12 priority 0 share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:42:04 use 2012-10-31 13:42:06
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
dir 3 action allow index 3 priority 0 share any flag (0x00000000)
lifetime config:
limit: soft (INF)(bytes), hard (INF)(bytes)
limit: soft (INF)(packets), hard (INF)(packets)
expire add: soft 0(sec), hard 0(sec)
expire use: soft 0(sec), hard 0(sec)
lifetime current:
0(bytes), 0(packets)
add 2012-10-31 13:42:04 use 2012-10-31 13:42:07
Logs from charon:
00[DMN] Starting IKE charon daemon (strongSwan 5.0.0, Linux 3.3.4-5.fc17.x86_64, x86_64)
00[KNL] listening on interfaces:
00[KNL] em1
00[KNL] 96.244.142.28
00[KNL] fe80::224:e8ff:fed2:18b2
00[CFG] loading ca certificates from '/etc/strongswan/ipsec.d/cacerts'
00[CFG] loaded ca certificate "C=CH, O=strongSwan, CN=strongSwan CA" from '/etc/strongswan/ipsec.d/cacerts/caCert.pem'
00[CFG] loading aa certificates from '/etc/strongswan/ipsec.d/aacerts'
00[CFG] loading ocsp signer certificates from '/etc/strongswan/ipsec.d/ocspcerts'
00[CFG] loading attribute certificates from '/etc/strongswan/ipsec.d/acerts'
00[CFG] loading crls from '/etc/strongswan/ipsec.d/crls'
00[CFG] loading secrets from '/etc/strongswan/ipsec.secrets'
00[CFG] loaded RSA private key from '/etc/strongswan/ipsec.d/private/clientKey.pem'
00[CFG] loaded IKE secret for %any
00[CFG] loaded EAP secret for android
00[CFG] loaded EAP secret for android
00[DMN] loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem openssl fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown xauth-generic
08[NET] waiting for data on sockets
16[LIB] created thread 16 [15338]
16[JOB] started worker thread 16
11[CFG] received stroke: add connection 'android-hybrid'
11[CFG] conn android-hybrid
11[CFG] left=%any
11[CFG] leftsubnet=(null)
11[CFG] leftsourceip=(null)
11[CFG] leftauth=pubkey
11[CFG] leftauth2=(null)
11[CFG] leftid=(null)
11[CFG] leftid2=(null)
11[CFG] leftrsakey=(null)
11[CFG] leftcert=serverCert.pem
11[CFG] leftcert2=(null)
11[CFG] leftca=(null)
11[CFG] leftca2=(null)
11[CFG] leftgroups=(null)
11[CFG] leftupdown=ipsec _updown iptables
11[CFG] right=%any
11[CFG] rightsubnet=(null)
11[CFG] rightsourceip=96.244.142.3
11[CFG] rightauth=xauth
11[CFG] rightauth2=(null)
11[CFG] rightid=%any
11[CFG] rightid2=(null)
11[CFG] rightrsakey=(null)
11[CFG] rightcert=(null)
11[CFG] rightcert2=(null)
11[CFG] rightca=(null)
11[CFG] rightca2=(null)
11[CFG] rightgroups=(null)
11[CFG] rightupdown=(null)
11[CFG] eap_identity=(null)
11[CFG] aaa_identity=(null)
11[CFG] xauth_identity=(null)
11[CFG] ike=aes256-sha1-modp1024
11[CFG] esp=aes128-sha1-modp2048,3des-sha1-modp1536
11[CFG] dpddelay=30
11[CFG] dpdtimeout=150
11[CFG] dpdaction=0
11[CFG] closeaction=0
11[CFG] mediation=no
11[CFG] mediated_by=(null)
11[CFG] me_peerid=(null)
11[CFG] keyexchange=ikev1
11[KNL] getting interface name for %any
11[KNL] %any is not a local address
11[KNL] getting interface name for %any
11[KNL] %any is not a local address
11[CFG] left nor right host is our side, assuming left=local
11[CFG] loaded certificate "C=CH, O=strongSwan, CN=vpn.strongswan.org" from 'serverCert.pem'
11[CFG] id '%any' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=vpn.strongswan.org'
11[CFG] added configuration 'android-hybrid'
11[CFG] adding virtual IP address pool 'android-hybrid': 96.244.142.3/32
13[CFG] received stroke: add connection 'android2'
13[CFG] conn android2
13[CFG] left=96.244.142.28
13[CFG] leftsubnet=0.0.0.0/0
13[CFG] leftsourceip=(null)
13[CFG] leftauth=pubkey
13[CFG] leftauth2=(null)
13[CFG] leftid=(null)
13[CFG] leftid2=(null)
13[CFG] leftrsakey=(null)
13[CFG] leftcert=serverCert.pem
13[CFG] leftcert2=(null)
13[CFG] leftca=(null)
13[CFG] leftca2=(null)
13[CFG] leftgroups=(null)
13[CFG] leftupdown=ipsec _updown iptables
13[CFG] right=%any
13[CFG] rightsubnet=10.0.0.0/24
13[CFG] rightsourceip=10.0.0.2
13[CFG] rightauth=pubkey
13[CFG] rightauth2=xauth
13[CFG] rightid=(null)
13[CFG] rightid2=(null)
13[CFG] rightrsakey=(null)
13[CFG] rightcert=clientCert.pem
13[CFG] rightcert2=(null)
13[CFG] rightca=(null)
13[CFG] rightca2=(null)
13[CFG] rightgroups=(null)
13[CFG] rightupdown=(null)
13[CFG] eap_identity=(null)
13[CFG] aaa_identity=(null)
13[CFG] xauth_identity=(null)
13[CFG] ike=aes256-sha1-modp1024
13[CFG] esp=aes128-sha1-modp2048,3des-sha1-modp1536
13[CFG] dpddelay=30
13[CFG] dpdtimeout=150
13[CFG] dpdaction=0
13[CFG] closeaction=0
13[CFG] mediation=no
13[CFG] mediated_by=(null)
13[CFG] me_peerid=(null)
13[CFG] keyexchange=ikev0
13[KNL] getting interface name for %any
13[KNL] %any is not a local address
13[KNL] getting interface name for 96.244.142.28
13[KNL] 96.244.142.28 is on interface em1
13[CFG] loaded certificate "C=CH, O=strongSwan, CN=vpn.strongswan.org" from 'serverCert.pem'
13[CFG] id '96.244.142.28' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=vpn.strongswan.org'
13[CFG] loaded certificate "C=CH, O=strongSwan, CN=client" from 'clientCert.pem'
13[CFG] id '%any' not confirmed by certificate, defaulting to 'C=CH, O=strongSwan, CN=client'
13[CFG] added configuration 'android2'
13[CFG] adding virtual IP address pool 'android2': 10.0.0.2/32
08[NET] received packet: from 208.54.35.241[32235] to 96.244.142.28[500]
15[CFG] looking for an ike config for 96.244.142.28...208.54.35.241
15[CFG] candidate: %any...%any, prio 2
15[CFG] candidate: 96.244.142.28...%any, prio 5
15[CFG] found matching ike config: 96.244.142.28...%any with prio 5
01[JOB] next event in 29s 999ms, waiting
15[IKE] received NAT-T (RFC 3947) vendor ID
15[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
15[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
15[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
15[IKE] received XAuth vendor ID
15[IKE] received Cisco Unity vendor ID
15[IKE] received DPD vendor ID
15[IKE] 208.54.35.241 is initiating a Main Mode IKE_SA
15[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
15[CFG] selecting proposal:
15[CFG] proposal matches
15[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024, IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:DES_CBC/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
15[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_MD5_96/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_MD5/PRF_HMAC_SHA1/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160
15[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
15[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235]
04[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235]
15[MGR] checkin IKE_SA (unnamed)[1]
15[MGR] check-in of IKE_SA successful.
08[NET] received packet: from 208.54.35.241[32235] to 96.244.142.28[500]
08[NET] waiting for data on sockets
07[MGR] checkout IKE_SA by message
07[MGR] IKE_SA (unnamed)[1] successfully checked out
07[NET] received packet: from 208.54.35.241[32235] to 96.244.142.28[500]
07[LIB] size of DH secret exponent: 1023 bits
07[IKE] remote host is behind NAT
07[IKE] sending cert request for "C=CH, O=strongSwan, CN=strongSwan CA"
07[ENC] generating NAT_D_V1 payload finished
07[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235]
07[MGR] checkin IKE_SA (unnamed)[1]
07[MGR] check-in of IKE_SA successful.
04[NET] sending packet: from 96.244.142.28[500] to 208.54.35.241[32235]
08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
10[IKE] ignoring certificate request without data
10[IKE] received end entity cert "C=CH, O=strongSwan, CN=client"
10[CFG] looking for XAuthInitRSA peer configs matching 96.244.142.28...208.54.35.241[C=CH, O=strongSwan, CN=client]
10[CFG] candidate "android-hybrid", match: 1/1/2/2 (me/other/ike/version)
10[CFG] candidate "android2", match: 1/20/5/1 (me/other/ike/version)
10[CFG] selected peer config "android2"
10[CFG] certificate "C=CH, O=strongSwan, CN=client" key: 2048 bit RSA
10[CFG] using trusted ca certificate "C=CH, O=strongSwan, CN=strongSwan CA"
10[CFG] checking certificate status of "C=CH, O=strongSwan, CN=client"
10[CFG] ocsp check skipped, no ocsp found
10[CFG] certificate status is not available
10[CFG] certificate "C=CH, O=strongSwan, CN=strongSwan CA" key: 2048 bit RSA
10[CFG] reached self-signed root ca with a path length of 0
10[CFG] using trusted certificate "C=CH, O=strongSwan, CN=client"
10[IKE] authentication of 'C=CH, O=strongSwan, CN=client' with RSA successful
10[ENC] added payload of type ID_V1 to message
10[ENC] added payload of type SIGNATURE_V1 to message
10[IKE] authentication of 'C=CH, O=strongSwan, CN=vpn.strongswan.org' (myself) successful
10[IKE] queueing XAUTH task
10[IKE] sending end entity cert "C=CH, O=strongSwan, CN=vpn.strongswan.org"
10[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
10[IKE] activating new tasks
10[IKE] activating XAUTH task
10[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
01[JOB] next event in 3s 999ms, waiting
10[MGR] checkin IKE_SA android2[1]
10[MGR] check-in of IKE_SA successful.
08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
08[NET] waiting for data on sockets
12[MGR] checkout IKE_SA by message
12[MGR] IKE_SA android2[1] successfully checked out
12[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
12[MGR] checkin IKE_SA android2[1]
12[MGR] check-in of IKE_SA successful.
08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
16[MGR] checkout IKE_SA by message
16[MGR] IKE_SA android2[1] successfully checked out
16[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
08[NET] waiting for data on sockets
16[IKE] XAuth authentication of 'android' successful
16[IKE] reinitiating already active tasks
16[IKE] XAUTH task
16[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
16[MGR] checkin IKE_SA android2[1]
01[JOB] next event in 3s 907ms, waiting
16[MGR] check-in of IKE_SA successful.
08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
09[MGR] checkout IKE_SA by message
09[MGR] IKE_SA android2[1] successfully checked out
09[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500] .8rS
09[IKE] IKE_SA android2[1] established between 96.244.142.28[C=CH, O=strongSwan, CN=vpn.strongswan.org]...208.54.35.241[C=CH, O=strongSwan, CN=client]
09[IKE] IKE_SA android2[1] state change: CONNECTING => ESTABLISHED
09[IKE] scheduling reauthentication in 3409s
09[IKE] maximum IKE_SA lifetime 3589s
09[IKE] activating new tasks
09[IKE] nothing to initiate
09[MGR] checkin IKE_SA android2[1]
09[MGR] check-in of IKE_SA successful.
09[MGR] checkout IKE_SA
09[MGR] IKE_SA android2[1] successfully checked out
09[MGR] checkin IKE_SA android2[1]
09[MGR] check-in of IKE_SA successful.
01[JOB] next event in 3s 854ms, waiting
08[NET] waiting for data on sockets
08[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
14[MGR] checkout IKE_SA by message
14[MGR] IKE_SA android2[1] successfully checked out
14[NET] received packet: from 208.54.35.241[35595] to 96.244.142.28[4500]
14[IKE] processing INTERNAL_IP4_ADDRESS attribute
14[IKE] processing INTERNAL_IP4_NETMASK attribute
14[IKE] processing INTERNAL_IP4_DNS attribute
14[IKE] processing INTERNAL_IP4_NBNS attribute
14[IKE] processing UNITY_BANNER attribute
14[IKE] processing UNITY_DEF_DOMAIN attribute
14[IKE] processing UNITY_SPLITDNS_NAME attribute
14[IKE] processing UNITY_SPLIT_INCLUDE attribute
14[IKE] processing UNITY_LOCAL_LAN attribute
14[IKE] processing APPLICATION_VERSION attribute
14[IKE] peer requested virtual IP %any
14[CFG] assigning new lease to 'android'
14[IKE] assigning virtual IP 10.0.0.2 to peer 'android'
14[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
14[MGR] checkin IKE_SA android2[1]
14[MGR] check-in of IKE_SA successful.
04[NET] sending packet: from 96.244.142.28[4500] to 208.54.35.241[35595]
08[NET] waiting for data on sockets
01[JOB] got event, queuing job for execution
01[JOB] next event in 91ms, waiting
13[MGR] checkout IKE_SA
13[MGR] IKE_SA android2[1] successfully checked out
13[MGR] checkin IKE_SA android2[1]
13[MGR] check-in of IKE_SA successful.
01[JOB] got event, queuing job for execution
01[JOB] next event in 24s 136ms, waiting
15[MGR] checkout IKE_SA
15[MGR] IKE_SA android2[1] successfully checked out
15[MGR] checkin IKE_SA android2[1]
15[MGR] check-in of IKE_SA successful.
© Server Fault or respective owner
