strongswan log analyze

2014年12月25日 / kirito / 0 Comments

1.Configuration load

 Starting IKE charon daemon (strongSwan 5.2.1, Linux 2.6.32-358.el6.i686, i686)                                              
 openssl FIPS mode(0) - disabled                                                                                             
 loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'                                                               
   loaded ca certificate "C=US, O=Organization, CN=domain" from '/usr/local/etc/ipsec.d/cacerts/ca.cert.pem'                 
 loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'                                                               
 loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'                                                    
 loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'                                                         
 loading crls from '/usr/local/etc/ipsec.d/crls'                                                                             
 loading secrets from '/usr/local/etc/ipsec.secrets'                                                                         
   loaded RSA private key from '/usr/local/etc/ipsec.d/private/server.pem'                                                   
   loaded IKE secret for %any                                                                                                
   loaded EAP secret for xxx                                                                                                 
   loaded EAP secret for xxx2                                                                                                
   loaded EAP secret for "domain\xxx"                                                                                        
   loaded EAP secret for xxx1                                                                                                
   loaded EAP secret for "domain\xxx1"                                                                                       
 loaded 0 RADIUS server configurations                                                                                       
 loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pg
 unable to load 3 plugin features (3 due to unmet dependencies)                                                              
 spawning 16 worker threads                                                                                                  
 received stroke: add connection 'iOS_cert'                                                                                  
 left nor right host is our side, assuming left=local                                                                        
 adding virtual IP address pool 10.0.0.0/24                                                                                  
   loaded certificate "C=US, O=Organization, CN=domain" from 'server.cert.pem'                                               
   id '%any' not confirmed by certificate, defaulting to 'C=US, O=Organization, CN=domain'                                   
   loaded certificate "C=US, O=Organization, CN=domain" from 'client.cert.pem'                                               
   id '%any' not confirmed by certificate, defaulting to 'C=US, O=Organization, CN=domain'                                   
 added configuration 'iOS_cert'                                                                                              
 received stroke: add connection 'android_xauth_psk'                                                                         
 left nor right host is our side, assuming left=local                                                                        
 reusing virtual IP address pool 10.0.0.0/24                                                                                 
 added configuration 'android_xauth_psk'                                                                                     
 received stroke: add connection 'networkmanager-strongswan'                                                                 
 left nor right host is our side, assuming left=local                                                                        
 reusing virtual IP address pool 10.0.0.0/24                                                                                 
   loaded certificate "C=US, O=Organization, CN=domain" from 'server.cert.pem'                                               
   id '%any' not confirmed by certificate, defaulting to 'C=US, O=Organization, CN=domain'                                   
   loaded certificate "C=US, O=Organization, CN=domain" from 'client.cert.pem'                                               
   id '%any' not confirmed by certificate, defaulting to 'C=US, O=Organization, CN=domain'                                   
 added configuration 'networkmanager-strongswan'                                                                             
 received stroke: add connection 'windows7'                                                                                  
 left nor right host is our side, assuming left=local                                                                        
 reusing virtual IP address pool 10.0.0.0/24                                                                                 
   loaded certificate "C=US, O=Organization, CN=domain" from 'server.cert.pem'                                               
   id '%any' not confirmed by certificate, defaulting to 'C=US, O=Organization, CN=domain'                                   
 added configuration 'windows7'

Starting IKE charon daemon (strongSwan 5.2.1, Linux 2.6.32-358.el6.i686, i686)

openssl FIPS mode(0) - disabled

loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'

loaded ca certificate "C=US, O=Organization, CN=domain" from '/usr/local/etc/ipsec.d/cacerts/ca.cert.pem'

loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'

loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'

loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'

loading crls from '/usr/local/etc/ipsec.d/crls'

loading secrets from '/usr/local/etc/ipsec.secrets'

loaded RSA private key from '/usr/local/etc/ipsec.d/private/server.pem'

loaded IKE secret for %any

loaded EAP secret for xxx

loaded EAP secret for xxx2

loaded EAP secret for "domain\xxx"

loaded EAP secret for xxx1

loaded EAP secret for "domain\xxx1"

loaded 0 RADIUS server configurations

loaded plugins: charon aes des rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pg

unable to load 3 plugin features (3 due to unmet dependencies)

spawning 16 worker threads

received stroke: add connection 'iOS_cert'

left nor right host is our side, assuming left=local

adding virtual IP address pool 10.0.0.0/24

loaded certificate "C=US, O=Organization, CN=domain" from 'server.cert.pem'

id '%any' not confirmed by certificate, defaulting to 'C=US, O=Organization, CN=domain'

loaded certificate "C=US, O=Organization, CN=domain" from 'client.cert.pem'

id '%any' not confirmed by certificate, defaulting to 'C=US, O=Organization, CN=domain'

added configuration 'iOS_cert'

received stroke: add connection 'android_xauth_psk'

left nor right host is our side, assuming left=local

reusing virtual IP address pool 10.0.0.0/24

added configuration 'android_xauth_psk'

received stroke: add connection 'networkmanager-strongswan'

left nor right host is our side, assuming left=local

reusing virtual IP address pool 10.0.0.0/24

loaded certificate "C=US, O=Organization, CN=domain" from 'server.cert.pem'

id '%any' not confirmed by certificate, defaulting to 'C=US, O=Organization, CN=domain'

loaded certificate "C=US, O=Organization, CN=domain" from 'client.cert.pem'

id '%any' not confirmed by certificate, defaulting to 'C=US, O=Organization, CN=domain'

added configuration 'networkmanager-strongswan'

received stroke: add connection 'windows7'

left nor right host is our side, assuming left=local

reusing virtual IP address pool 10.0.0.0/24

loaded certificate "C=US, O=Organization, CN=domain" from 'server.cert.pem'

id '%any' not confirmed by certificate, defaulting to 'C=US, O=Organization, CN=domain'

added configuration 'windows7'

2.Connect
1)

received packet: from client_ip[500] to server_ip[500] (616 bytes)                              
parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]                     
received unknown vendor ID: 1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:09         
received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20                     
received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19                     
received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02         
client_ip is initiating an IKE_SA                                                               
remote host is behind NAT                                                                       
sending cert request for "C=US, O=Organization, CN=domain"                                      
generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]   
sending packet: from server_ip[500] to client_ip[500] (333 bytes)

received packet: from client_ip[500] to server_ip[500] (616 bytes)

parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]

received unknown vendor ID: 1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:09

received unknown vendor ID: fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20

received unknown vendor ID: 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19

received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02

client_ip is initiating an IKE_SA

remote host is behind NAT

sending cert request for "C=US, O=Organization, CN=domain"

generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]

sending packet: from server_ip[500] to client_ip[500] (333 bytes)

received packet: from client_ip[41070] to server_ip[4500] (1164 bytes)                                      
parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]  
received cert request for "C=US, O=Organization, CN=domain"                                                 
received 41 cert requests for an unknown ca                                                                 
looking for peer configs matching server_ip[%any]...client_ip[192.168.2.7]                                  
selected peer config 'windows7'                                                                             
initiating EAP_IDENTITY method (id 0x00)                                                                    
peer supports MOBIKE                                                                                        
authentication of 'C=US, O=Organization, CN=domain' (myself) with RSA signature successful                  
sending end entity cert "C=US, O=Organization, CN=domain"                                                   
generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]                                                 
sending packet: from server_ip[4500] to client_ip[41070] (1268 bytes)

received packet: from client_ip[41070] to server_ip[4500] (1164 bytes)

parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]

received cert request for "C=US, O=Organization, CN=domain"

received 41 cert requests for an unknown ca

looking for peer configs matching server_ip[%any]...client_ip[192.168.2.7]

selected peer config 'windows7'

initiating EAP_IDENTITY method (id 0x00)

peer supports MOBIKE

authentication of 'C=US, O=Organization, CN=domain' (myself) with RSA signature successful

sending end entity cert "C=US, O=Organization, CN=domain"

generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]

sending packet: from server_ip[4500] to client_ip[41070] (1268 bytes)

received packet: from client_ip[41070] to server_ip[4500] (84 bytes)    
parsed IKE_AUTH request 2 [ EAP/RES/ID ]                                
received EAP identity 'domain\xxx'                                      
initiating EAP_MSCHAPV2 method (id 0xD2)                                
generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]                     
sending packet: from server_ip[4500] to client_ip[41070] (100 bytes)

received packet: from client_ip[41070] to server_ip[4500] (84 bytes)

parsed IKE_AUTH request 2 [ EAP/RES/ID ]

received EAP identity 'domain\xxx'

initiating EAP_MSCHAPV2 method (id 0xD2)

generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ]

sending packet: from server_ip[4500] to client_ip[41070] (100 bytes)

received packet: from client_ip[41070] to server_ip[4500] (140 bytes) 
parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]                        
generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]                   
sending packet: from server_ip[4500] to client_ip[41070] (132 bytes)

received packet: from client_ip[41070] to server_ip[4500] (140 bytes)

parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ]

generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]

sending packet: from server_ip[4500] to client_ip[41070] (132 bytes)

received packet: from client_ip[41070] to server_ip[4500] (68 bytes)
parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]                      
EAP method EAP_MSCHAPV2 succeeded, MSK established                  
generating IKE_AUTH response 4 [ EAP/SUCC ]                         
sending packet: from server_ip[4500] to client_ip[41070] (68 bytes)

received packet: from client_ip[41070] to server_ip[4500] (68 bytes)

parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]

EAP method EAP_MSCHAPV2 succeeded, MSK established

generating IKE_AUTH response 4 [ EAP/SUCC ]

sending packet: from server_ip[4500] to client_ip[41070] (68 bytes)

received packet: from client_ip[41070] to server_ip[4500] (84 bytes)                                              
parsed IKE_AUTH request 5 [ AUTH ]                                                                                
authentication of '192.168.2.7' with EAP successful                                                               
authentication of 'C=US, O=Organization, CN=domain' (myself) with EAP                                             
IKE_SA windows7[1] established between server_ip[C=US, O=Organization, CN=domain]...client_ip[192.168.2.7]        
peer requested virtual IP %any                                                                                    
assigning new lease to 'domain\xxx'                                                                               
assigning virtual IP 10.0.0.1 to peer 'domain\xxx'                                                                
peer requested virtual IP %any6                                                                                   
no virtual IP found for %any6 requested by 'domain\xxx'                                                           
CHILD_SA windows7{1} established with SPIs c67ad14d_i 725d3244_o and TS 0.0.0.0/0 === 10.0.0.1/32                 
generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS NBNS DNS NBNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]      
sending packet: from server_ip[4500] to client_ip[41070] (236 bytes)

received packet: from client_ip[41070] to server_ip[4500] (84 bytes)

parsed IKE_AUTH request 5 [ AUTH ]

authentication of '192.168.2.7' with EAP successful

authentication of 'C=US, O=Organization, CN=domain' (myself) with EAP

IKE_SA windows7[1] established between server_ip[C=US, O=Organization, CN=domain]...client_ip[192.168.2.7]

peer requested virtual IP %any

assigning new lease to 'domain\xxx'

assigning virtual IP 10.0.0.1 to peer 'domain\xxx'

peer requested virtual IP %any6

no virtual IP found for %any6 requested by 'domain\xxx'

CHILD_SA windows7{1} established with SPIs c67ad14d_i 725d3244_o and TS 0.0.0.0/0 === 10.0.0.1/32

generating IKE_AUTH response 5 [ AUTH CPRP(ADDR DNS NBNS DNS NBNS) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) ]

sending packet: from server_ip[4500] to client_ip[41070] (236 bytes)

3.Disconnect
1)

received packet: from client_ip[41070] to server_ip[4500] (68 bytes)                                                       
parsed INFORMATIONAL request 6 [ D ]                                                                                       
received DELETE for ESP CHILD_SA with SPI 725d3244                                                                         
closing CHILD_SA windows7{1} with SPIs c67ad14d_i (56725 bytes) 725d3244_o (289688 bytes) and TS 0.0.0.0/0 === 10.0.0.1/32 
sending DELETE for ESP CHILD_SA with SPI c67ad14d                                                                          
CHILD_SA closed                                                                                                            
generating INFORMATIONAL response 6 [ D ]                                                                                  
sending packet: from server_ip[4500] to client_ip[41070] (68 bytes)

received packet: from client_ip[41070] to server_ip[4500] (68 bytes)

parsed INFORMATIONAL request 6 [ D ]

received DELETE for ESP CHILD_SA with SPI 725d3244

closing CHILD_SA windows7{1} with SPIs c67ad14d_i (56725 bytes) 725d3244_o (289688 bytes) and TS 0.0.0.0/0 === 10.0.0.1/32

sending DELETE for ESP CHILD_SA with SPI c67ad14d

CHILD_SA closed

generating INFORMATIONAL response 6 [ D ]

sending packet: from server_ip[4500] to client_ip[41070] (68 bytes)

received packet: from client_ip[41070] to server_ip[4500] (68 bytes)                                      
parsed INFORMATIONAL request 7 [ D ]                                                                      
received DELETE for IKE_SA windows7[1]                                                                    
deleting IKE_SA windows7[1] between server_ip[C=US, O=Organization, CN=domain]...client_ip[192.168.2.7]   
IKE_SA deleted                                                                                            
generating INFORMATIONAL response 7 [ ]                                                                   
sending packet: from server_ip[4500] to client_ip[41070] (60 bytes)                                       
lease 10.0.0.1 by 'domain\xxx' went offline

received packet: from client_ip[41070] to server_ip[4500] (68 bytes)

parsed INFORMATIONAL request 7 [ D ]

received DELETE for IKE_SA windows7[1]

deleting IKE_SA windows7[1] between server_ip[C=US, O=Organization, CN=domain]...client_ip[192.168.2.7]

IKE_SA deleted

generating INFORMATIONAL response 7 [ ]

sending packet: from server_ip[4500] to client_ip[41070] (60 bytes)

lease 10.0.0.1 by 'domain\xxx' went offline

strongswan log analyze

Leave a Reply Cancel reply