Hey, I want to connect to an IPSec secured L2TP tunnelled VPN network with a pre-shared-key.
I'm using networkmanager-l2tp for this. As Phase1 Algorithms as well as for Phase2 Algorithms I have: aes128-sha1-modp2048! Otherwise, I have like the standard settings.
I've looked into the journal of my operating system but there I only see that the CHAP authentication failed, I can't see anything helpful in the rest of the log. I can see on the server in/valog/auth.log` that the request is coming into the server.
http://i.imgur.com/4ACbNYj.png http://i.imgur.com/8zFUhrB.png Can someone have a look at the logs and help me? I've masked my IP address as 12.123.123.1 and the remote address as 98.987.98.987
Server(/valog/auth.log):
Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[28] 12.123.123.1 #30: responding to Main Mode from unknown peer 12.123.123.1 on port 62689 Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[28] 12.123.123.1 #30: STATE_MAIN_R1: sent MR1, expecting MI2 Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[28] 12.123.123.1 #30: STATE_MAIN_R2: sent MR2, expecting MI3 Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[28] 12.123.123.1 #30: Peer ID is ID_IPV4_ADDR: '192.168.178.84' Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[28] 12.123.123.1 #30: switched from "l2tp-psk"[28] 12.123.123.1 to "l2tp-psk" Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #30: deleting connection "l2tp-psk"[28] 12.123.123.1 instance with peer 12.123.123.1 {isakmp=#0/ipsec=#0} Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #30: Peer ID is ID_IPV4_ADDR: '192.168.178.84' Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #30: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_128 integ=HMAC_SHA1 group=MODP2048} Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #30: the peer proposed: 98.987.98.987/32:17/1701 -> 192.168.178.84/32:17/0 Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #30: NAT-Traversal: received 2 NAT-OA. Using first; ignoring others Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #31: responding to Quick Mode proposal {msgid:84624e31} Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #31: us: 10.0.0.2[98.987.98.987]:17/1701 Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #31: them: 12.123.123.1[192.168.178.84]:17/0 Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #31: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP/NAT=>0xc40fe38b <0x2bf17c20 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=192.168.178.84 NATD=12.123.123.1:62690 DPD=active} Apr 2 07:52:42 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #31: STATE_QUICK_R2: IPsec SA established transport mode {ESP/NAT=>0xc40fe38b <0x2bf17c20 xfrm=AES_CBC_128-HMAC_SHA1_96 NATOA=192.168.178.84 NATD=12.123.123.1:62690 DPD=active} Apr 2 07:52:46 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #30: received Delete SA(0xc40fe38b) payload: deleting IPSEC State #31 Apr 2 07:52:46 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #31: deleting other state #31 (STATE_QUICK_R2) and sending notification Apr 2 07:52:46 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1 #31: ESP traffic information: in=589B out=488B Apr 2 07:52:46 vpn pluto[2132]: "l2tp-psk" #30: deleting state (STATE_MAIN_R3) and sending notification Apr 2 07:52:46 vpn pluto[2132]: "l2tp-psk"[29] 12.123.123.1: deleting connection "l2tp-psk"[29] 12.123.123.1 instance with peer 12.123.123.1 {isakmp=#0/ipsec=#0}
Client(journal):
Apr 02 09:30:53 farbbox audit[738]: USYS_CONFIG pid=738 uid=0 auid=4294967295 ses=4294967295 msg='op=connection-activate uuid=06be7e74-f0fc-49be-884f-48f679984be7 name=56504E20636F6E6E656374696F6E2033 pid=1491 uid=1000 result=success exe="/usbin/NetworkManager" hostname=? addr=? terminal=? res=success' Apr 02 09:30:53 farbbox NetworkManager[738]: [1554190253.1395] audit: op="connection-activate" uuid="06be7e74-f0fc-49be-884f-48f679984be7" name="VPN connection 3" pid=1491 uid=1000 result="success" Apr 02 09:30:53 farbbox kernel: kauditd_printk_skb: 7 callbacks suppressed Apr 02 09:30:53 farbbox kernel: audit: type=1111 audit(1554190253.133:141): pid=738 uid=0 auid=4294967295 ses=4294967295 msg='op=connection-activate uuid=06be7e74-f0fc-49be-884f-48f679984be7 name=56504E20636F6E6E656374696F6E2033 pid=1491 uid=1000 result=success exe="/usbin/NetworkManager" hostname=? addr=? terminal=? res=success' Apr 02 09:30:53 farbbox NetworkManager[738]: [1554190253.1434] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: Started the VPN service, PID 19814 Apr 02 09:30:53 farbbox NetworkManager[738]: [1554190253.1518] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: Saw the service appear; activating connection Apr 02 09:30:53 farbbox NetworkManager[738]: [1554190253.2070] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN connection: (ConnectInteractive) reply received Apr 02 09:30:53 farbbox nm-l2tp-service[19814]: Check port 1701 Apr 02 09:30:53 farbbox NetworkManager[738]: Stopping strongSwan IPsec failed: starter is not running Apr 02 09:30:55 farbbox NetworkManager[738]: Starting strongSwan 5.7.2 IPsec [starter]... Apr 02 09:30:55 farbbox ipsec_starter[19827]: Starting strongSwan 5.7.2 IPsec [starter]... Apr 02 09:30:55 farbbox NetworkManager[738]: Loading config setup Apr 02 09:30:55 farbbox NetworkManager[738]: Loading conn '06be7e74-f0fc-49be-884f-48f679984be7' Apr 02 09:30:55 farbbox ipsec_starter[19827]: Loading config setup Apr 02 09:30:55 farbbox ipsec_starter[19827]: Loading conn '06be7e74-f0fc-49be-884f-48f679984be7' Apr 02 09:30:55 farbbox NetworkManager[738]: found netkey IPsec stack Apr 02 09:30:55 farbbox ipsec_starter[19827]: found netkey IPsec stack Apr 02 09:30:55 farbbox ipsec_starter[19843]: Attempting to start charon... Apr 02 09:30:55 farbbox charon[19844]: 00[DMN] Starting IKE charon daemon (strongSwan 5.7.2, Linux 5.0.5-arch1-1-ARCH, x86_64) Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] PKCS11 module '' lacks library path Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] attr-sql plugin: database URI not set Apr 02 09:30:55 farbbox charon[19844]: 00[NET] using forecast interface wlp3s0 Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250 Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] loading crls from '/etc/ipsec.d/crls' Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] loading secrets from '/etc/ipsec.secrets' Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets' Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] loaded IKE secret for %any Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] sql plugin: database URI not set Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] opening triplet file /etc/ipsec.d/triplets.dat failed: No such file or directory Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] loaded 0 RADIUS server configurations Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] HA config misses local/remote address Apr 02 09:30:55 farbbox charon[19844]: 00[CFG] no script for ext-auth script defined, disabled Apr 02 09:30:55 farbbox charon[19844]: 00[LIB] loaded plugins: charon ldap pkcs11 aesni aes des rc2 sha2 sha3 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp curve25519 agent chapoly xcbc cmac hmac ntru newhope bliss curl mysql sqlite attr kernel-netlink resolve socket-default bypass-lan connmark forecast farp stroke vici updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-pam xauth-noauth dhcp radattr unity counters Apr 02 09:30:55 farbbox charon[19844]: 00[LIB] dropped capabilities, running as uid 0, gid 0 Apr 02 09:30:55 farbbox charon[19844]: 00[JOB] spawning 16 worker threads Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:55 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:55 farbbox charon[19844]: 05[IKE] installed bypass policy for 192.168.178.0/24 Apr 02 09:30:55 farbbox charon[19844]: 05[KNL] received netlink error: Invalid argument (22) Apr 02 09:30:55 farbbox charon[19844]: 05[KNL] unable to install source route for %any6 Apr 02 09:30:55 farbbox charon[19844]: 05[IKE] installed bypass policy for ::1/128 Apr 02 09:30:55 farbbox charon[19844]: 05[IKE] installed bypass policy for 2003:e4:72b:f000::/64 Apr 02 09:30:55 farbbox charon[19844]: 05[IKE] installed bypass policy for fe80::/64 Apr 02 09:30:55 farbbox kernel: audit: type=1415 audit(1554190255.439:142): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 Apr 02 09:30:55 farbbox kernel: audit: type=1415 audit(1554190255.439:143): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 Apr 02 09:30:55 farbbox kernel: audit: type=1415 audit(1554190255.439:144): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 Apr 02 09:30:55 farbbox kernel: audit: type=1415 audit(1554190255.439:145): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 Apr 02 09:30:55 farbbox kernel: audit: type=1415 audit(1554190255.439:146): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 Apr 02 09:30:55 farbbox kernel: audit: type=1415 audit(1554190255.439:147): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 Apr 02 09:30:55 farbbox kernel: audit: type=1415 audit(1554190255.439:148): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:55 farbbox kernel: audit: type=1415 audit(1554190255.439:149): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:55 farbbox kernel: audit: type=1415 audit(1554190255.439:150): op=SPD-add auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:55 farbbox ipsec_starter[19843]: charon (19844) started after 20 ms Apr 02 09:30:55 farbbox charon[19844]: 09[CFG] received stroke: add connection '06be7e74-f0fc-49be-884f-48f679984be7' Apr 02 09:30:55 farbbox charon[19844]: 09[CFG] added configuration '06be7e74-f0fc-49be-884f-48f679984be7' Apr 02 09:30:56 farbbox charon[19844]: 11[CFG] rereading secrets Apr 02 09:30:56 farbbox charon[19844]: 11[CFG] loading secrets from '/etc/ipsec.secrets' Apr 02 09:30:56 farbbox charon[19844]: 11[CFG] loading secrets from '/etc/ipsec.d/ipsec.nm-l2tp.secrets' Apr 02 09:30:56 farbbox charon[19844]: 11[CFG] loaded IKE secret for %any Apr 02 09:30:56 farbbox charon[19844]: 14[CFG] received stroke: initiate '06be7e74-f0fc-49be-884f-48f679984be7' Apr 02 09:30:56 farbbox charon[19844]: 15[IKE] initiating Main Mode IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] to 98.987.98.987 Apr 02 09:30:56 farbbox charon[19844]: 15[IKE] initiating Main Mode IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] to 98.987.98.987 Apr 02 09:30:56 farbbox charon[19844]: 15[ENC] generating ID_PROT request 0 [ SA V V V V V ] Apr 02 09:30:56 farbbox charon[19844]: 15[NET] sending packet: from 192.168.178.84[500] to 98.987.98.987[500] (180 bytes) Apr 02 09:30:56 farbbox charon[19844]: 16[NET] received packet: from 98.987.98.987[500] to 192.168.178.84[500] (144 bytes) Apr 02 09:30:56 farbbox charon[19844]: 16[ENC] parsed ID_PROT response 0 [ SA V V V ] Apr 02 09:30:56 farbbox charon[19844]: 16[IKE] received FRAGMENTATION vendor ID Apr 02 09:30:56 farbbox charon[19844]: 16[IKE] received DPD vendor ID Apr 02 09:30:56 farbbox charon[19844]: 16[IKE] received NAT-T (RFC 3947) vendor ID Apr 02 09:30:56 farbbox charon[19844]: 16[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 Apr 02 09:30:56 farbbox charon[19844]: 16[ENC] generating ID_PROT request 0 [ KE No NAT-D NAT-D ] Apr 02 09:30:56 farbbox charon[19844]: 16[NET] sending packet: from 192.168.178.84[500] to 98.987.98.987[500] (372 bytes) Apr 02 09:30:56 farbbox charon[19844]: 07[NET] received packet: from 98.987.98.987[500] to 192.168.178.84[500] (372 bytes) Apr 02 09:30:56 farbbox charon[19844]: 07[ENC] parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] Apr 02 09:30:56 farbbox charon[19844]: 07[IKE] local host is behind NAT, sending keep alives Apr 02 09:30:56 farbbox charon[19844]: 07[IKE] remote host is behind NAT Apr 02 09:30:56 farbbox charon[19844]: 07[ENC] generating ID_PROT request 0 [ ID HASH ] Apr 02 09:30:56 farbbox charon[19844]: 07[NET] sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (76 bytes) Apr 02 09:30:56 farbbox charon[19844]: 06[NET] received packet: from 98.987.98.987[4500] to 192.168.178.84[4500] (76 bytes) Apr 02 09:30:56 farbbox charon[19844]: 06[ENC] parsed ID_PROT response 0 [ ID HASH V ] Apr 02 09:30:56 farbbox charon[19844]: 06[ENC] received unknown vendor ID: 49:4b:45:76:32 Apr 02 09:30:56 farbbox charon[19844]: 06[IKE] IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] established between 192.168.178.84[192.168.178.84]...98.987.98.987[98.987.98.987] Apr 02 09:30:56 farbbox charon[19844]: 06[IKE] IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] established between 192.168.178.84[192.168.178.84]...98.987.98.987[98.987.98.987] Apr 02 09:30:56 farbbox charon[19844]: 06[IKE] scheduling reauthentication in 9921s Apr 02 09:30:56 farbbox charon[19844]: 06[IKE] maximum IKE_SA lifetime 10461s Apr 02 09:30:56 farbbox charon[19844]: 06[ENC] generating QUICK_MODE request 723900467 [ HASH SA No KE ID ID NAT-OA NAT-OA ] Apr 02 09:30:56 farbbox charon[19844]: 06[NET] sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (460 bytes) Apr 02 09:30:56 farbbox charon[19844]: 08[NET] received packet: from 98.987.98.987[4500] to 192.168.178.84[4500] (428 bytes) Apr 02 09:30:56 farbbox charon[19844]: 08[ENC] parsed QUICK_MODE response 723900467 [ HASH SA No KE ID ID ] Apr 02 09:30:56 farbbox charon[19844]: 08[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ Apr 02 09:30:56 farbbox audit: MAC_IPSEC_EVENT op=SAD-add auid=4294967295 ses=4294967295 src=98.987.98.987 dst=192.168.178.84 spi=3251292912(0xc1cacaf0) res=1 Apr 02 09:30:56 farbbox audit: MAC_IPSEC_EVENT op=SAD-add auid=4294967295 ses=4294967295 src=192.168.178.84 dst=98.987.98.987 spi=4115387067(0xf54bd2bb) res=1 Apr 02 09:30:56 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=98.987.98.987 dst=192.168.178.84 Apr 02 09:30:56 farbbox audit: MAC_IPSEC_EVENT op=SPD-add auid=4294967295 ses=4294967295 res=1 src=192.168.178.84 dst=98.987.98.987 Apr 02 09:30:56 farbbox charon[19844]: 08[IKE] CHILD_SA 06be7e74-f0fc-49be-884f-48f679984be7{1} established with SPIs c1cacaf0_i f54bd2bb_o and TS 192.168.178.84/32[udp/l2f] === 98.987.98.987/32[udp/l2f] Apr 02 09:30:56 farbbox charon[19844]: 08[IKE] CHILD_SA 06be7e74-f0fc-49be-884f-48f679984be7{1} established with SPIs c1cacaf0_i f54bd2bb_o and TS 192.168.178.84/32[udp/l2f] === 98.987.98.987/32[udp/l2f] Apr 02 09:30:56 farbbox charon[19844]: 08[ENC] generating QUICK_MODE request 723900467 [ HASH ] Apr 02 09:30:56 farbbox NetworkManager[738]: initiating Main Mode IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] to 98.987.98.987 Apr 02 09:30:56 farbbox NetworkManager[738]: generating ID_PROT request 0 [ SA V V V V V ] Apr 02 09:30:56 farbbox NetworkManager[738]: sending packet: from 192.168.178.84[500] to 98.987.98.987[500] (180 bytes) Apr 02 09:30:56 farbbox NetworkManager[738]: received packet: from 98.987.98.987[500] to 192.168.178.84[500] (144 bytes) Apr 02 09:30:56 farbbox NetworkManager[738]: parsed ID_PROT response 0 [ SA V V V ] Apr 02 09:30:56 farbbox NetworkManager[738]: received FRAGMENTATION vendor ID Apr 02 09:30:56 farbbox NetworkManager[738]: received DPD vendor ID Apr 02 09:30:56 farbbox NetworkManager[738]: received NAT-T (RFC 3947) vendor ID Apr 02 09:30:56 farbbox NetworkManager[738]: selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048 Apr 02 09:30:56 farbbox NetworkManager[738]: generating ID_PROT request 0 [ KE No NAT-D NAT-D ] Apr 02 09:30:56 farbbox NetworkManager[738]: sending packet: from 192.168.178.84[500] to 98.987.98.987[500] (372 bytes) Apr 02 09:30:56 farbbox NetworkManager[738]: received packet: from 98.987.98.987[500] to 192.168.178.84[500] (372 bytes) Apr 02 09:30:56 farbbox NetworkManager[738]: parsed ID_PROT response 0 [ KE No NAT-D NAT-D ] Apr 02 09:30:56 farbbox NetworkManager[738]: local host is behind NAT, sending keep alives Apr 02 09:30:56 farbbox NetworkManager[738]: remote host is behind NAT Apr 02 09:30:56 farbbox NetworkManager[738]: generating ID_PROT request 0 [ ID HASH ] Apr 02 09:30:56 farbbox NetworkManager[738]: sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (76 bytes) Apr 02 09:30:56 farbbox NetworkManager[738]: received packet: from 98.987.98.987[4500] to 192.168.178.84[4500] (76 bytes) Apr 02 09:30:56 farbbox NetworkManager[738]: parsed ID_PROT response 0 [ ID HASH V ] Apr 02 09:30:56 farbbox NetworkManager[738]: received unknown vendor ID: 49:4b:45:76:32 Apr 02 09:30:56 farbbox NetworkManager[738]: IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] established between 192.168.178.84[192.168.178.84]...98.987.98.987[98.987.98.987] Apr 02 09:30:56 farbbox NetworkManager[738]: scheduling reauthentication in 9921s Apr 02 09:30:56 farbbox NetworkManager[738]: maximum IKE_SA lifetime 10461s Apr 02 09:30:56 farbbox NetworkManager[738]: generating QUICK_MODE request 723900467 [ HASH SA No KE ID ID NAT-OA NAT-OA ] Apr 02 09:30:56 farbbox NetworkManager[738]: sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (460 bytes) Apr 02 09:30:56 farbbox NetworkManager[738]: received packet: from 98.987.98.987[4500] to 192.168.178.84[4500] (428 bytes) Apr 02 09:30:56 farbbox NetworkManager[738]: parsed QUICK_MODE response 723900467 [ HASH SA No KE ID ID ] Apr 02 09:30:56 farbbox NetworkManager[738]: selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/MODP_2048/NO_EXT_SEQ Apr 02 09:30:56 farbbox NetworkManager[738]: CHILD_SA 06be7e74-f0fc-49be-884f-48f679984be7{1} established with SPIs c1cacaf0_i f54bd2bb_o and TS 192.168.178.84/32[udp/l2f] === 98.987.98.987/32[udp/l2f] Apr 02 09:30:56 farbbox NetworkManager[738]: connection '06be7e74-f0fc-49be-884f-48f679984be7' established successfully Apr 02 09:30:56 farbbox charon[19844]: 08[NET] sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (60 bytes) Apr 02 09:30:56 farbbox nm-l2tp-service[19814]: xl2tpd started with pid 19877 Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: Not looking for kernel SAref support. Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: Using l2tp kernel support. Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: xl2tpd version xl2tpd-1.3.13 started on farbbox PID:19877 Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc. Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: Forked by Scott Balmos and David Stipp, (C) 2001 Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: Inherited by Jeff McAdams, (C) 2002 Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016 Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: Listening on IP address 0.0.0.0, port 1701 Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: Connecting to host 98.987.98.987, port 1701 Apr 02 09:30:56 farbbox NetworkManager[738]: [1554190256.7594] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN plugin: state changed: starting (3) Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: Connection established to 98.987.98.987, 1701. Local: 18031, Remote: 6532 (ref=0/0). Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: Calling on tunnel 18031 Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: Call established with 98.987.98.987, Local: 59328, Remote: 58391, Serial: 1 (ref=0/0) Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: start_pppd: I'm running: Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: "/ussbin/pppd" Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: "plugin" Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: "pppol2tp.so" Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: "pppol2tp" Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: "7" Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: "passive" Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: "nodetach" Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: ":" Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: "file" Apr 02 09:30:56 farbbox NetworkManager[738]: xl2tpd[19877]: "/varun/nm-l2tp-06be7e74-f0fc-49be-884f-48f679984be7/ppp-options" Apr 02 09:30:56 farbbox pppd[19878]: Plugin pppol2tp.so loaded. Apr 02 09:30:56 farbbox pppd[19878]: Plugin /uslib/pppd/2.4.7/nm-l2tp-pppd-plugin.so loaded. Apr 02 09:30:56 farbbox pppd[19878]: pppd 2.4.7 started by root, uid 0 Apr 02 09:30:56 farbbox pppd[19878]: Using interface ppp0 Apr 02 09:30:56 farbbox pppd[19878]: Connect: ppp0 < Apr 02 09:30:56 farbbox pppd[19878]: Overriding mtu 1500 to 1400 Apr 02 09:30:56 farbbox pppd[19878]: Overriding mru 1500 to mtu value 1400 Apr 02 09:30:56 farbbox NetworkManager[738]: [1554190256.8151] manager: (ppp0): new Ppp device (/org/freedesktop/NetworkManageDevices/8) Apr 02 09:30:56 farbbox systemd-udevd[19881]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable. Apr 02 09:30:59 farbbox pppd[19878]: CHAP authentication failed Apr 02 09:30:59 farbbox pppd[19878]: CHAP authentication failed Apr 02 09:30:59 farbbox pppd[19878]: Overriding mtu 1500 to 1400 Apr 02 09:30:59 farbbox pppd[19878]: Overriding mru 1500 to mtu value 1400 Apr 02 09:30:59 farbbox pppd[19878]: Connection terminated. Apr 02 09:30:59 farbbox charon[19844]: 06[KNL] interface ppp0 deleted Apr 02 09:30:59 farbbox NetworkManager[738]: xl2tpd[19877]: death_handler: Fatal signal 15 received Apr 02 09:30:59 farbbox NetworkManager[738]: xl2tpd[19877]: Terminating pppd: sending TERM signal to pid 19878 Apr 02 09:30:59 farbbox NetworkManager[738]: xl2tpd[19877]: Connection 6532 closed to 98.987.98.987, port 1701 (Server closing) Apr 02 09:30:59 farbbox NetworkManager[738]: [1554190259.8744] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN plugin: failed: connect-failed (1) Apr 02 09:30:59 farbbox NetworkManager[738]: [1554190259.8773] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN plugin: state changed: stopping (5) Apr 02 09:30:59 farbbox NetworkManager[738]: Stopping strongSwan IPsec... Apr 02 09:30:59 farbbox charon[19844]: 00[DMN] signal of type SIGINT received. Shutting down Apr 02 09:30:59 farbbox charon[19844]: 00[IKE] closing CHILD_SA 06be7e74-f0fc-49be-884f-48f679984be7{1} with SPIs c1cacaf0_i (473 bytes) f54bd2bb_o (589 bytes) and TS 192.168.178.84/32[udp/l2f] === 98.987.98.987/32[udp/l2f] Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.178.84 dst=98.987.98.987 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=98.987.98.987 dst=192.168.178.84 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 src=98.987.98.987 dst=192.168.178.84 spi=3251292912(0xc1cacaf0) res=1 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SAD-delete auid=4294967295 ses=4294967295 src=192.168.178.84 dst=98.987.98.987 spi=4115387067(0xf54bd2bb) res=1 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=0000:0000:0000:0000:0000:0000:0000:0001 dst=0000:0000:0000:0000:0000:0000:0000:0001 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 Apr 02 09:30:59 farbbox kernel: kauditd_printk_skb: 7 callbacks suppressed Apr 02 09:30:59 farbbox kernel: audit: type=1415 audit(1554190259.883:158): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.178.84 dst=98.987.98.987 Apr 02 09:30:59 farbbox kernel: audit: type=1415 audit(1554190259.883:159): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=98.987.98.987 dst=192.168.178.84 Apr 02 09:30:59 farbbox kernel: audit: type=1415 audit(1554190259.883:160): op=SAD-delete auid=4294967295 ses=4294967295 src=98.987.98.987 dst=192.168.178.84 spi=3251292912(0xc1cacaf0) res=1 Apr 02 09:30:59 farbbox kernel: audit: type=1415 audit(1554190259.883:161): op=SAD-delete auid=4294967295 ses=4294967295 src=192.168.178.84 dst=98.987.98.987 spi=4115387067(0xf54bd2bb) res=1 Apr 02 09:30:59 farbbox kernel: audit: type=1415 audit(1554190259.883:162): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox kernel: audit: type=1415 audit(1554190259.883:163): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox kernel: audit: type=1415 audit(1554190259.883:164): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=fe80:0000:0000:0000:0000:0000:0000:0000 src_prefixlen=64 dst=fe80:0000:0000:0000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox kernel: audit: type=1415 audit(1554190259.883:165): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox kernel: audit: type=1415 audit(1554190259.883:166): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox kernel: audit: type=1415 audit(1554190259.883:167): op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=2003:00e4:072b:f000:0000:0000:0000:0000 src_prefixlen=64 dst=2003:00e4:072b:f000:0000:0000:0000:0000 dst_prefixlen=64 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SPD-delete auid=4294967295 ses=4294967295 res=1 src=192.168.178.0 src_prefixlen=24 dst=192.168.178.0 dst_prefixlen=24 Apr 02 09:30:59 farbbox charon[19844]: 00[IKE] closing CHILD_SA 06be7e74-f0fc-49be-884f-48f679984be7{1} with SPIs c1cacaf0_i (473 bytes) f54bd2bb_o (589 bytes) and TS 192.168.178.84/32[udp/l2f] === 98.987.98.987/32[udp/l2f] Apr 02 09:30:59 farbbox charon[19844]: 00[IKE] sending DELETE for ESP CHILD_SA with SPI c1cacaf0 Apr 02 09:30:59 farbbox charon[19844]: 00[ENC] generating INFORMATIONAL_V1 request 1337363464 [ HASH D ] Apr 02 09:30:59 farbbox charon[19844]: 00[NET] sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (76 bytes) Apr 02 09:30:59 farbbox charon[19844]: 00[IKE] deleting IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] between 192.168.178.84[192.168.178.84]...98.987.98.987[98.987.98.987] Apr 02 09:30:59 farbbox charon[19844]: 00[IKE] deleting IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] between 192.168.178.84[192.168.178.84]...98.987.98.987[98.987.98.987] Apr 02 09:30:59 farbbox charon[19844]: 00[IKE] sending DELETE for IKE_SA 06be7e74-f0fc-49be-884f-48f679984be7[1] Apr 02 09:30:59 farbbox charon[19844]: 00[ENC] generating INFORMATIONAL_V1 request 2220117092 [ HASH D ] Apr 02 09:30:59 farbbox charon[19844]: 00[NET] sending packet: from 192.168.178.84[4500] to 98.987.98.987[4500] (92 bytes) Apr 02 09:30:59 farbbox audit: MAC_IPSEC_EVENT op=SA-notfound src=98.987.98.987 dst=192.168.178.84 spi=3251292912(0xc1cacaf0) seqno=13 Apr 02 09:30:59 farbbox pppd[19878]: Exit. Apr 02 09:30:59 farbbox charon[19844]: 00[IKE] uninstalling bypass policy for 192.168.178.0/24 Apr 02 09:30:59 farbbox charon[19844]: 00[IKE] uninstalling bypass policy for 2003:e4:72b:f000::/64 Apr 02 09:30:59 farbbox charon[19844]: 00[IKE] uninstalling bypass policy for fe80::/64 Apr 02 09:30:59 farbbox charon[19844]: 00[IKE] uninstalling bypass policy for ::1/128 Apr 02 09:31:00 farbbox ipsec_starter[19843]: child 19844 (charon) has quit (exit code 0) Apr 02 09:31:00 farbbox ipsec_starter[19843]: Apr 02 09:31:00 farbbox ipsec_starter[19843]: charon stopped after 200 ms Apr 02 09:31:00 farbbox ipsec_starter[19843]: ipsec starter stopped Apr 02 09:31:00 farbbox nm-l2tp-service[19814]: ipsec shut down Apr 02 09:31:00 farbbox NetworkManager[738]: [1554190260.0988] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN plugin: state changed: stopped (6) Apr 02 09:31:00 farbbox NetworkManager[738]: [1554190260.1019] vpn-connection[0x55750abc26f0,06be7e74-f0fc-49be-884f-48f679984be7,"VPN connection 3",0]: VPN service disappeared