IPSEC ikev1 VPN site to site StrongSwan

inyakigil · August 27, 2020, 1:09pm

Hello friends
I am new using this firmware, i am very happy for found this
I need help to configure an old vpn ikev1 site yo site because i configure this using this how to

https://openwrt.org/docs/guide-user/services/vpn/ipsec/strongswan/site2site

But No connecting
No proposal choosen
Is the Error message

Vpn OpenWrt and Juniper Netscreen

I am confuse, i read a lot of forums, a lot of information but i dont know, many test but i have same proble.

vgaetera · August 27, 2020, 2:47pm

Unless you have a particular requirement for IPsec, you should consider using WireGuard or OpenVPN.
It should be much easier to set up and troubleshoot.

inyakigil · August 27, 2020, 3:00pm

Yes, we have to connect a Public Entity (we client) with a other Public Entiti, we need IPSEC and the Juniper fw uses IPSEC .

For others clients i will try OpenVpn

But for this we need IPSEC ikev1

Thanks a lot

inyakigil · August 27, 2020, 3:14pm

This is a Juniper configuración

* En el Autokey Advanced--> Gateway: static ip: 212.21.xxx.xx

                                                         Preshared Key:  xxxxxxxxx

                                                         Security Level, User defined, Phase 1 Proporsal: pre-g2-3des-sha

                                                        Mode: Main

                                                        Heartbeat: Hello=20, Reconnect=60, Threshold=5



* En el Autokey IKE:   Security Level, User defined, Phase 2 Proporsal: g2-esp-3des-sha

                                Replay protection

                                Proxy -ID: Local IP: la de la red de la entidad

                                               Remote IP: 192.168.1.0/26 Servicio ANY



*En las Políticas:        (Untrust) --> (Trust)        vpn_ipsec (192.168.1.0/26)--> Entidad: allow any service

                                (Trust) --> (Trust)            Entidad --> vpn_ipsec (192.168.1.0/26): Permitir ICMP, terminal server (3389), http (80), SQL (1433)

                                                                    Entidad --> 192.168.1.4/32: Permitir 445, 139

Keep network 192.168.100.0/24 for the Entity de TownName and set IP 192.168.100.152 to fw

mpa · August 27, 2020, 3:27pm

Set strongswan debuglevel cfg=2 and initiate the connection again.
In the log, look for messages like

received proposals: IKE:AES_GCM_16_128/PRF_AES128_XCBC/CURVE_25519
configured proposals: IKE:AES_GCM_16_128/PRF_AES128_XCBC/CURVE_25519

and post them here.
Please also show us your current ipsec.conf.

Which side is the IKEv1 initiator?

inyakigil · August 27, 2020, 3:31pm

Juniper is the initiator ikev1

Tomorrow I will have access the fw and configure debug mode 2

Which log file i need Check?
Syslog, system log dont have this information

mpa · August 27, 2020, 3:34pm

No need to set the debuglevel 2 for everything; cfg=2 should be enough.

On OpenWrt, use the logread command.
You can also configure strongswan to send its logs to a file, perhaps in /tmp or external storage.

inyakigil · August 27, 2020, 3:36pm

Cfg=2

In the /etc/ipsec.conf file ??

mpa · August 27, 2020, 3:45pm

Either:
/etc/ipsec.conf

config setup
        charondebug="cfg 2"

or /etc/strongswan.d/local.conf

charon {
	syslog {
		daemon {
			cfg = 2
		}
	}
}

For details, see the Logger Configuration.

inyakigil · August 27, 2020, 3:46pm

Wow
Thanks a lot

inyakigil · August 28, 2020, 7:47am

Hello, good morning,
i make this change, and send the log:

Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[MGR] checkout IKEv1 SA by message with SPIs e86673a8a014ace3_i 0000000000000000_r
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[MGR] created IKE_SA (unnamed)[486]
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[MGR] created IKE_SA (unnamed)[486]
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[NET] received packet: from 212.21.xxx.xx[500] to 172.26.0.2[500] (160 bytes)
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[NET] received packet: from 212.21.xxx.xx[500] to 172.26.0.2[500] (160 bytes)
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing body of message, first payload is SECURITY_ASSOCIATION_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing body of message, first payload is SECURITY_ASSOCIATION_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] starting parsing a SECURITY_ASSOCIATION_V1 payload
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] starting parsing a SECURITY_ASSOCIATION_V1 payload
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing SECURITY_ASSOCIATION_V1 payload, 132 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing SECURITY_ASSOCIATION_V1 payload, 132 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 4 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 4 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 5 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 5 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 8 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 8 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 9 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 9 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 10 U_INT_32
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 10 U_INT_32
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 11 U_INT_32
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 11 U_INT_32
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 12 (1259)
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 12 (1259)
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] 44 bytes left, parsing recursively PROPOSAL_SUBSTRUCTURE_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] 44 bytes left, parsing recursively PROPOSAL_SUBSTRUCTURE_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing PROPOSAL_SUBSTRUCTURE_V1 payload, 120 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing PROPOSAL_SUBSTRUCTURE_V1 payload, 120 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 RESERVED_BYTE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 RESERVED_BYTE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 4 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 4 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 5 SPI_SIZE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 5 SPI_SIZE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 6 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 6 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 7 SPI
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 7 SPI
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 8 (1261)
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 8 (1261)
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] 36 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] 36 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_SUBSTRUCTURE_V1 payload, 112 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_SUBSTRUCTURE_V1 payload, 112 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 RESERVED_BYTE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 RESERVED_BYTE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 4 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 4 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 5 RESERVED_BYTE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 5 RESERVED_BYTE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 6 RESERVED_BYTE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 6 RESERVED_BYTE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 7 (1263)
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 7 (1263)
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] 28 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] 28 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 104 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 104 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] 24 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] 24 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 100 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 100 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] 20 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] 20 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 96 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 96 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] 16 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] 16 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 92 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 92 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] 12 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] 12 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 88 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 88 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] 8 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] 8 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 84 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 84 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] 4 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] 4 bytes left, parsing recursively TRANSFORM_ATTRIBUTE_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 80 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload, 80 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 ATTRIBUTE_FORMAT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 ATTRIBUTE_TYPE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 ATTRIBUTE_VALUE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_ATTRIBUTE_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing TRANSFORM_SUBSTRUCTURE_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing TRANSFORM_SUBSTRUCTURE_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing PROPOSAL_SUBSTRUCTURE_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing PROPOSAL_SUBSTRUCTURE_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing SECURITY_ASSOCIATION_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing SECURITY_ASSOCIATION_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] verifying payload of type SECURITY_ASSOCIATION_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] verifying payload of type SECURITY_ASSOCIATION_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] SECURITY_ASSOCIATION_V1 payload verified, adding to payload list
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] SECURITY_ASSOCIATION_V1 payload verified, adding to payload list
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] starting parsing a VENDOR_ID_V1 payload
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] starting parsing a VENDOR_ID_V1 payload
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload, 76 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload, 76 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 FLAG
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 FLAG
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 4 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 4 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 5 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 5 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 8 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 8 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 9 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 9 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 10 CHUNK_DATA
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 10 CHUNK_DATA
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] verifying payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] verifying payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] VENDOR_ID_V1 payload verified, adding to payload list
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] VENDOR_ID_V1 payload verified, adding to payload list
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] starting parsing a VENDOR_ID_V1 payload
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] starting parsing a VENDOR_ID_V1 payload
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload, 44 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload, 44 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 FLAG
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 FLAG
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 4 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 4 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 5 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 5 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 8 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 8 RESERVED_BIT

inyakigil · August 28, 2020, 7:48am

Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 9 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 9 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 10 CHUNK_DATA
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 10 CHUNK_DATA
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] verifying payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] verifying payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] VENDOR_ID_V1 payload verified, adding to payload list
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] VENDOR_ID_V1 payload verified, adding to payload list
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] starting parsing a VENDOR_ID_V1 payload
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] starting parsing a VENDOR_ID_V1 payload
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload, 24 bytes left
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload, 24 bytes left
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 1 FLAG
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 1 FLAG
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 2 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 2 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 3 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 3 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 4 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 4 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 5 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 5 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 8 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 8 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 9 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 9 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing rule 10 CHUNK_DATA
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing rule 10 CHUNK_DATA
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsing VENDOR_ID_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] verifying payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] verifying payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] VENDOR_ID_V1 payload verified, adding to payload list
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] VENDOR_ID_V1 payload verified, adding to payload list
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] process payload of type SECURITY_ASSOCIATION_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] process payload of type SECURITY_ASSOCIATION_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] process payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] process payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] process payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] process payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] process payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] process payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] verifying message structure
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] verifying message structure
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] found payload of type SECURITY_ASSOCIATION_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] found payload of type SECURITY_ASSOCIATION_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] found payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] found payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] found payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] found payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] found payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] found payload of type VENDOR_ID_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] parsed ID_PROT request 0 [ SA V V V ]
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] parsed ID_PROT request 0 [ SA V V V ]
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[CFG] looking for an IKEv1 config for 172.26.0.2...212.21.xxx.xx
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[CFG] looking for an IKEv1 config for 172.26.0.2...212.21.xxx.xx
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[IKE] no IKE config found for 172.26.0.2...212.21.xxx.xx, sending NO_PROPOSAL_CHOSEN
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[IKE] no IKE config found for 172.26.0.2...212.21.xxx.xx, sending NO_PROPOSAL_CHOSEN
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] added payload of type NOTIFY_V1 to message
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] added payload of type NOTIFY_V1 to message
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] order payloads in message
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] order payloads in message
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] added payload of type NOTIFY_V1 to message
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] added payload of type NOTIFY_V1 to message
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating INFORMATIONAL_V1 request 2648353325 [ N(NO_PROP) ]
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating INFORMATIONAL_V1 request 2648353325 [ N(NO_PROP) ]
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] not encrypting payloads
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] not encrypting payloads
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating payload of type HEADER
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating payload of type HEADER
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 0 IKE_SPI
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 0 IKE_SPI
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 1 IKE_SPI
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 1 IKE_SPI
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 2 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 2 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 3 U_INT_4
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 3 U_INT_4
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 4 U_INT_4
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 4 U_INT_4
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 5 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 5 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 8 FLAG
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 8 FLAG
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 9 FLAG
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 9 FLAG
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 10 FLAG
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 10 FLAG
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 11 FLAG
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 11 FLAG
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 12 FLAG
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 12 FLAG
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 13 FLAG
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 13 FLAG
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 14 U_INT_32
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 14 U_INT_32
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 15 HEADER_LENGTH
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 15 HEADER_LENGTH
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating HEADER payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating HEADER payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating payload of type NOTIFY_V1
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating payload of type NOTIFY_V1
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 0 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 1 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 1 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 2 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 2 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 3 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 3 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 4 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 4 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 5 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 5 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 6 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 7 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 8 RESERVED_BIT
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 8 RESERVED_BIT
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 9 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 9 PAYLOAD_LENGTH
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 10 U_INT_32
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 10 U_INT_32
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 11 U_INT_8
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 11 U_INT_8
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 12 SPI_SIZE
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 12 SPI_SIZE
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 13 U_INT_16
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 13 U_INT_16
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 14 SPI
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 14 SPI
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating rule 15 CHUNK_DATA
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating rule 15 CHUNK_DATA
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[ENC] generating NOTIFY_V1 payload finished
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[ENC] generating NOTIFY_V1 payload finished
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[NET] sending packet: from 172.26.0.2[500] to 212.21.xxx.xx[500] (40 bytes)
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[NET] sending packet: from 172.26.0.2[500] to 212.21.xxx.xx[500] (40 bytes)
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[MGR] checkin and destroy IKE_SA (unnamed)[486]
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 08[NET] sending packet: from 172.26.0.2[500] to 212.21.xxx.xx[500]
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[MGR] checkin and destroy IKE_SA (unnamed)[486]
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 08[NET] sending packet: from 172.26.0.2[500] to 212.21.xxx.xx[500]
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[IKE] IKE_SA (unnamed)[486] state change: CREATED => DESTROYING
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[IKE] IKE_SA (unnamed)[486] state change: CREATED => DESTROYING
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[MGR] checkin and destroy of IKE_SA successful
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[MGR] checkin and destroy of IKE_SA successful

inyakigil · August 28, 2020, 8:01am

Maybe a lot of logs, sorry
i check the configuration

Now, ikev1 initiator is OpenWrt

include /var/ipsec/ipsec.conf --> is empty
my config in /etc/ipsec.conf

config 'ipsec'
list listen ''

config 'remote' 'vpn_network'
keyexchange=ike
option 'enable' '1'
option 'gateway' '212.21.xxx.xx'
option 'authentication_method' 'psk'
option 'pre_shared_key' 'MyPassword'
option 'exchange_mode' 'main'
list 'p1_proposal' 'pre_g2_aes_sha1'
list 'tunnel' 'remote_lan'

config 'p1_proposal' 'pre_g2_aes_sha1'
option 'encrytpion_algorithm' 'aes128'
option 'hash_algorithm' 'sha1'
option 'dh_group' '2'

config 'tunnel' 'remote_lan'
option 'local_subnet' '192.168.100.0/24'
option 'remote_subnet' '192.168.1.0/26'
option 'crypto_proposal' 'g2_aes_sha1'

config 'p2_proposal' 'g2_aes_sha1'
option 'pfs_group' '2'
option 'encryption_algorithm' 'aes128'
option 'authentication_algorithm' 'sha1'
include /var/ipsec/ipsec.conf

tcpdump -vv port 500
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
07:56:47.467861 IP (tos 0x0, ttl 52, id 52587, offset 0, flags [none], proto UDP (17), length 188)
212.21.xxx.xx.static.user.ono.com.500 > 172.26.0.2.500: [no cksum] isakmp 1.0 msgid 00000000 cookie 54f090ef7df718d7->0000000000000000: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=enc value=aes)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=keylen value=0080)(type=lifetype value=sec)(type=lifeduration value=7080))))
(vid: len=28)
(vid: len=16)
(vid: len=20)
07:56:47.517433 IP (tos 0x0, ttl 64, id 21451, offset 0, flags [DF], proto UDP (17), length 68)
172.26.0.2.500 > 212.21.xxx.xx.static.user.ono.com.500: [bad udp cksum 0x62c7 -> 0x994e!] isakmp 1.0 msgid 06f8aba8 cookie 54f090ef7df718d7->2dd959ab17792032: phase 2/others R inf:
(n: doi=ipsec proto=isakmp type=NO-PROPOSAL-CHOSEN)

mpa · August 28, 2020, 9:08am

Please use the </> preformatted text tool for config files and logs.

inyakigil:

Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[CFG] looking for an IKEv1 config for 172.26.0.2...212.21.xxx.xx
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[CFG] looking for an IKEv1 config for 172.26.0.2...212.21.xxx.xx
Fri Aug 28 07:31:07 2020 authpriv.info ipsec: 10[IKE] no IKE config found for 172.26.0.2...212.21.xxx.xx, sending NO_PROPOSAL_CHOSEN
Fri Aug 28 07:31:07 2020 daemon.info ipsec: 10[IKE] no IKE config found for 172.26.0.2...212.21.xxx.xx, sending NO_PROPOSAL_CHOSEN

There is the problem.

The file you posted looks rather like /etc/config/ipsec. To simplify the debugging, please try to find out if there is an ipsec.conf file generated from it. I would like to see this file.

Does the Juniper Netscreen support IKEv2? This would be preferable over IKEv1.

Do the gateways each have a static IP address on the Internet?

inyakigil · August 28, 2020, 9:28am

ok, i will use preformatted text tool, sorry

my /etc/ipsec.conf and /etc/config/ipsec are same

the juniper is old, only IKEv1 its posible

Yes, two gateways have an static IP address

mpa · August 28, 2020, 9:45am

I write my config straight into /etc/ipsec.conf, so I am not familiar with /etc/config/ipsec.
I'm out of ideas at the moment about the config file, maybe someone else can help.

But do they have a public address on the Internet?
Which gateway is using 172.26.0.2? It looks like a private address.
Is this gateway perhaps not the main router itself, but operating behind another router with NAT?

inyakigil · August 28, 2020, 9:48am

ok, maybe i can erase the config gile /etc/config/ipsec and use /etc/ipsec.conf
maybe, you can show me how configure this file ?

yess, the fw is a DMZ object

mpa · August 28, 2020, 10:58am

Which device is located in a DMZ - Juniper, OpenWrt, or both?
Does the ISP contract there come with just a single public IP address, or a range of public IP addresses, of which you could dedicate one to the IPsec gateway in order to avoid the NAT?

/etc/ipsec.conf

config setup
        charondebug="cfg 2"

conn %default
        reauth=no

conn vpn_network
        keyexchange=ikev1
        #
        leftid= # OpenWrt's IP address, as seen from the public Internet
        leftauth=psk
        leftsubnet=192.168.100.0/24
        #
        right=212.21.xxx.xx
        rightauth=psk
        rightsubnet=192.168.1.0/26
        #
        dpdaction=hold
        auto=route

/etc/ipsec.secrets (Update: add missing space)

212.21.xxx.xx : PSK "MyPassword"

Documentation can be found in the strongSwan wiki, for example.

inyakigil · August 28, 2020, 1:50pm

ok, veery good, i writte /etc/ipsec.conf like your writte,
yes, now i can see reports on the logread
i think the fw are talking but any problem, i dont know

Fri Aug 28 13:49:02 2020 daemon.info : 12[ENC] generating INFORMATIONAL_V1 request 2072214105 [ N(NO_PROP) ]
Fri Aug 28 13:49:02 2020 daemon.info : 12[NET] sending packet: from 172.26.0.2[500] to 212.21.xxx.xx[500] (56 bytes)
Fri Aug 28 13:49:03 2020 daemon.warn dnsmasq-dhcp[2126]: no address range available for DHCP request via eth0.1
Fri Aug 28 13:49:06 2020 daemon.info : 13[NET] received packet: from 212.21.xxx.xx[500] to 172.26.0.2[500] (156 bytes)
Fri Aug 28 13:49:06 2020 daemon.info : 13[ENC] parsed ID_PROT request 0 [ SA V V V ]
Fri Aug 28 13:49:06 2020 daemon.info : 13[CFG] looking for an IKEv1 config for 172.26.0.2...212.21.xxx.xx
Fri Aug 28 13:49:06 2020 daemon.info : 13[CFG]   candidate: %any...212.21.xxx.xx, prio 2076
Fri Aug 28 13:49:06 2020 daemon.info : 13[CFG] found matching ike config: %any...212.21.xxx.xx with prio 2076
Fri Aug 28 13:49:06 2020 daemon.info : 13[ENC] received unknown vendor ID: 05:16:dc:8a:88:2c:54:a5:66:90:dc:05:bd:da:3b:9e:c8:05:e5:86:12:00:00:00:1e:06:00:00
Fri Aug 28 13:49:06 2020 daemon.info : 13[IKE] received DPD vendor ID
Fri Aug 28 13:49:06 2020 daemon.info : 13[ENC] received unknown vendor ID: 48:65:61:72:74:42:65:61:74:5f:4e:6f:74:69:66:79:38:6b:01:00
Fri Aug 28 13:49:06 2020 daemon.info : 13[IKE] 212.21.xxx.xx is initiating a Main Mode IKE_SA
Fri Aug 28 13:49:06 2020 authpriv.info : 13[IKE] 212.21.xxx.xx is initiating a Main Mode IKE_SA
Fri Aug 28 13:49:06 2020 daemon.info : 13[CFG] selecting proposal:
Fri Aug 28 13:49:06 2020 daemon.info : 13[CFG]   no acceptable ENCRYPTION_ALGORITHM found
Fri Aug 28 13:49:06 2020 daemon.info : 13[CFG] received proposals: IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Fri Aug 28 13:49:06 2020 daemon.info : 13[CFG] configured proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Fri Aug 28 13:49:06 2020 daemon.info : 13[IKE] no proposal found
Fri Aug 28 13:49:06 2020 daemon.info : 13[ENC] generating INFORMATIONAL_V1 request 2574706699 [ N(NO_PROP) ]
Fri Aug 28 13:49:06 2020 daemon.info : 13[NET] sending packet: from 172.26.0.2[500] to 212.21.xxx.xx[500] (56 bytes)

mpa · August 28, 2020, 2:35pm

Both DES and MODP_1024 are broken and should not be relied on for security.
SHA-1 is also broken, but might still be OK when used as HMAC.

Can you configure secure algorithms on the Juniper?
Try at least 3DES or AES for encryption, and MODP_2048 (group 14) for Diffie-Hellman.

Does the device still receive firmware updates from the vendor?
If yes, install the latest update and retry.
Otherwise, consider replacing it.