Feb 28 00:27:10 dave charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.6) Feb 28 00:27:10 dave charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' Feb 28 00:27:10 dave charon: 00[CFG] loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem' Feb 28 00:27:10 dave charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' Feb 28 00:27:10 dave charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' Feb 28 00:27:10 dave charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' Feb 28 00:27:10 dave charon: 00[CFG] loading crls from '/etc/ipsec.d/crls' Feb 28 00:27:10 dave charon: 00[CFG] loading secrets from '/etc/ipsec.secrets' Feb 28 00:27:10 dave charon: 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/daveKey.pem' Feb 28 00:27:10 dave charon: 00[KNL] listening on interfaces: Feb 28 00:27:10 dave charon: 00[KNL] eth0 Feb 28 00:27:10 dave charon: 00[KNL] 192.168.0.200 Feb 28 00:27:10 dave charon: 00[KNL] fec0::20 Feb 28 00:27:10 dave charon: 00[KNL] fe80::fcfd:c0ff:fea8:c8 Feb 28 00:27:10 dave charon: 00[CFG] read 3 triplets from /etc/ipsec.d/triplets.dat Feb 28 00:27:10 dave charon: 00[DMN] loaded plugins: curl aes des sha1 sha2 md5 pem pkcs1 gmp random x509 hmac xcbc stroke kernel-netlink fips-prf eap-sim eap-sim-file eap-identity updown Feb 28 00:27:10 dave charon: 00[JOB] spawning 16 worker threads Feb 28 00:27:10 dave charon: 05[CFG] received stroke: add connection 'home' Feb 28 00:27:10 dave charon: 05[CFG] loaded certificate "C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org" from 'daveCert.pem' Feb 28 00:27:10 dave charon: 05[CFG] added configuration 'home' Feb 28 00:27:12 dave charon: 13[CFG] received stroke: initiate 'home' Feb 28 00:27:12 dave charon: 14[IKE] initiating IKE_SA home[1] to 192.168.0.1 Feb 28 00:27:12 dave charon: 14[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] Feb 28 00:27:12 dave charon: 14[NET] sending packet: from 192.168.0.200[500] to 192.168.0.1[500] Feb 28 00:27:12 dave charon: 15[NET] received packet: from 192.168.0.1[500] to 192.168.0.200[500] Feb 28 00:27:12 dave charon: 15[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] Feb 28 00:27:13 dave charon: 15[IKE] received cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Feb 28 00:27:13 dave charon: 15[IKE] sending cert request for "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Feb 28 00:27:13 dave charon: 15[IKE] authentication of 'dave@strongswan.org' (myself) with RSA signature successful Feb 28 00:27:13 dave charon: 15[IKE] sending end entity cert "C=CH, O=Linux strongSwan, OU=Accounting, CN=dave@strongswan.org" Feb 28 00:27:13 dave charon: 15[IKE] establishing CHILD_SA home Feb 28 00:27:13 dave charon: 15[ENC] generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(AUTH_FOLLOWS) ] Feb 28 00:27:13 dave charon: 15[NET] sending packet: from 192.168.0.200[4500] to 192.168.0.1[4500] Feb 28 00:27:13 dave charon: 16[NET] received packet: from 192.168.0.1[4500] to 192.168.0.200[4500] Feb 28 00:27:13 dave charon: 16[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH ] Feb 28 00:27:13 dave charon: 16[IKE] received end entity cert "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" Feb 28 00:27:13 dave charon: 16[CFG] using certificate "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" Feb 28 00:27:13 dave charon: 16[CFG] using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Feb 28 00:27:13 dave charon: 16[CFG] checking certificate status of "C=CH, O=Linux strongSwan, CN=moon.strongswan.org" Feb 28 00:27:13 dave charon: 16[CFG] fetching crl from 'http://crl.strongswan.org/strongswan.crl' ... Feb 28 00:27:13 dave charon: 16[CFG] using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Feb 28 00:27:13 dave charon: 16[CFG] crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" Feb 28 00:27:13 dave charon: 16[CFG] crl is valid: until Mar 29 23:27:26 2010 Feb 28 00:27:13 dave charon: 16[CFG] certificate status is good Feb 28 00:27:13 dave charon: 16[CFG] reached self-signed root ca with a path length of 0 Feb 28 00:27:13 dave charon: 16[IKE] authentication of 'moon.strongswan.org' with RSA signature successful Feb 28 00:27:13 dave charon: 16[ENC] generating IKE_AUTH request 2 [ IDi ] Feb 28 00:27:13 dave charon: 16[NET] sending packet: from 192.168.0.200[4500] to 192.168.0.1[4500] Feb 28 00:27:13 dave charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.200[4500] Feb 28 00:27:13 dave charon: 03[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/ID ] Feb 28 00:27:13 dave charon: 03[IKE] server requested EAP_IDENTITY, sending '228060123456002' Feb 28 00:27:13 dave charon: 03[ENC] generating IKE_AUTH request 3 [ EAP/RES/ID ] Feb 28 00:27:13 dave charon: 03[NET] sending packet: from 192.168.0.200[4500] to 192.168.0.1[4500] Feb 28 00:27:13 dave charon: 02[NET] received packet: from 192.168.0.1[4500] to 192.168.0.200[4500] Feb 28 00:27:13 dave charon: 02[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/SIM ] Feb 28 00:27:13 dave charon: 02[IKE] server requested EAP_SIM authentication Feb 28 00:27:13 dave charon: 02[ENC] generating IKE_AUTH request 4 [ EAP/RES/SIM ] Feb 28 00:27:13 dave charon: 02[NET] sending packet: from 192.168.0.200[4500] to 192.168.0.1[4500] Feb 28 00:27:13 dave charon: 01[NET] received packet: from 192.168.0.1[4500] to 192.168.0.200[4500] Feb 28 00:27:13 dave charon: 01[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/SIM ] Feb 28 00:27:13 dave charon: 01[ENC] generating IKE_AUTH request 5 [ EAP/RES/SIM ] Feb 28 00:27:13 dave charon: 01[NET] sending packet: from 192.168.0.200[4500] to 192.168.0.1[4500] Feb 28 00:27:14 dave charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.200[4500] Feb 28 00:27:14 dave charon: 10[ENC] parsed IKE_AUTH response 5 [ EAP/FAIL ] Feb 28 00:27:14 dave charon: 10[IKE] received EAP_FAILURE, EAP authentication failed Feb 28 00:27:37 dave charon: 00[DMN] signal of type SIGINT received. Shutting down