# WINDOWS 11 - NATIVE Connexion VPN IKEv2 MSCHAPv2 (Username/Password) - Server Log - test auth CONF SERVER IKE -> proposals = default CONF SERVER IKE -> proposals = aes128-sha256-ecp256 Nov 13 02:43:57 07[NET] <102> received packet: from 109.210.56.240[1024] to 158.69.126.137[500] (624 bytes) Nov 13 02:43:57 07[ENC] <102> parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] Nov 13 02:43:57 07[IKE] <102> received MS NT5 ISAKMPOAKLEY v9 vendor ID Nov 13 02:43:57 07[IKE] <102> received MS-Negotiation Discovery Capable vendor ID Nov 13 02:43:57 07[IKE] <102> received Vid-Initial-Contact vendor ID Nov 13 02:43:57 07[ENC] <102> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 Nov 13 02:43:57 07[IKE] <102> 109.210.56.240 is initiating an IKE_SA Nov 13 02:43:57 07[CFG] <102> received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024 Nov 13 02:43:57 07[CFG] <102> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448/KE4_HQC_L5/KE4_KE_NONE, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448/KE2_BIKE_L3/KE2_HQC_L3, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519/KE1_KYBER_L3/KE1_FRODO_AES_L3, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384 Nov 13 02:43:57 07[IKE] <102> no matching proposal found, trying alternative config Nov 13 02:43:57 07[CFG] <102> received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024 Nov 13 02:43:57 07[CFG] <102> configured proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 Nov 13 02:43:57 07[IKE] <102> no matching proposal found, trying alternative config Nov 13 02:43:57 07[CFG] <102> received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024 Nov 13 02:43:57 07[CFG] <102> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448/KE4_HQC_L5/KE4_KE_NONE, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448/KE2_BIKE_L3/KE2_HQC_L3, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519/KE1_KYBER_L3/KE1_FRODO_AES_L3, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384, IKE:AES_GCM_16_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/ECP_384, IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256 Nov 13 02:43:57 07[IKE] <102> no matching proposal found, trying alternative config Nov 13 02:43:57 07[CFG] <102> received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024 Nov 13 02:43:57 07[CFG] <102> configured proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 Nov 13 02:43:57 07[IKE] <102> remote host is behind NAT Nov 13 02:43:57 07[IKE] <102> received proposals unacceptable Nov 13 02:43:57 07[ENC] <102> generating IKE_SA_INIT response 0 [ N(NO_PROP) ] Nov 13 02:43:57 07[NET] <102> sending packet: from 158.69.126.137[500] to 109.210.56.240[1024] (36 bytes) # ------------------------- received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024 IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024 IKE -> proposals = aes256-sha384-prfsha384-modp1024 ESP -> esp_proposals = aes256-sha384-prfsha384-modp1024 ESP -> esp_proposals = chacha20poly1305, default, aes256-sha384-prfsha384-modp1024 ESP -> esp_proposals = chacha20poly1305, aes256gcm16-ecp384, aes128gcm16-ecp256, aes256gmac-ecp384, aes128gmac-ecp256, default # ------------------------- IKE -> proposals = aes256-sha384-x448-ke4_hqc5-ke4_none, aes256-sha384-x448-ke2_bike3-ke2_hqc3, aes256-sha256-x25519-ke1_kyber3-ke1_frodoa3, aes256gcm16-prfsha384-ecp384, aes128gcm16-prfsha256-ecp256, aes256-sha384-ecp384, aes128-sha256-ecp256, aes256-sha384-prfsha384-modp1024 configured proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448/KE4_HQC_L5/KE4_KE_NONE, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448/KE2_BIKE_L3/KE2_HQC_L3, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519/KE1_KYBER_L3/KE1_FRODO_AES_L3, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384 Nov 13 05:28:40 10[IKE] <137> no matching proposal found, trying alternative config IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448/KE4_HQC_L5/KE4_KE_NONE, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448/KE2_BIKE_L3/KE2_HQC_L3, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519/KE1_KYBER_L3/KE1_FRODO_AES_L3, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384 configured proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 # ------------------------- # Config serveur # proposals = aes256-sha384-x448-ke4_hqc5-ke4_none, aes256-sha384-x448-ke2_bike3-ke2_hqc3, aes256-sha256-x25519-ke1_kyber3-ke1_frodoa3, aes256gcm16-prfsha384-ecp384, aes128gcm16-prfsha256-ecp256, aes256-sha384-ecp384, aes128-sha256-ecp256, aes256-sha384-prfsha384-modp1024 IKE -> proposals = aes128-sha256-ecp256 (Android), aes256-sha384-prfsha384-modp1024 (Win11) # ------------------------- # Native VPN Client Windows 11 (KO) - Log server # Error ? : <108> looking for peer configs matching 158.69.126.137[%any]...109.210.56.240[172.16.0.142] Nov 13 03:08:57 15[NET] <108> received packet: from 109.210.56.240[1024] to 158.69.126.137[500] (624 bytes) Nov 13 03:08:57 15[ENC] <108> parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ] Nov 13 03:08:57 15[IKE] <108> received MS NT5 ISAKMPOAKLEY v9 vendor ID Nov 13 03:08:57 15[IKE] <108> received MS-Negotiation Discovery Capable vendor ID Nov 13 03:08:57 15[IKE] <108> received Vid-Initial-Contact vendor ID Nov 13 03:08:57 15[ENC] <108> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 Nov 13 03:08:57 15[IKE] <108> 109.210.56.240 is initiating an IKE_SA Nov 13 03:08:57 15[CFG] <108> received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024 Nov 13 03:08:57 15[CFG] <108> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448/KE4_HQC_L5/KE4_KE_NONE, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448/KE2_BIKE_L3/KE2_HQC_L3, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519/KE1_KYBER_L3/KE1_FRODO_AES_L3, IKE:AES_GCM_16_256/PRF_HMAC_SHA2_384/ECP_384 Nov 13 03:08:57 15[IKE] <108> no matching proposal found, trying alternative config Nov 13 03:08:57 15[CFG] <108> received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024 Nov 13 03:08:57 15[CFG] <108> configured proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/AES_CMAC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/CHACHA20_POLY1305/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/CURVE_448/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048 Nov 13 03:08:57 15[IKE] <108> no matching proposal found, trying alternative config Nov 13 03:08:57 15[CFG] <108> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024 Nov 13 03:08:57 15[IKE] <108> remote host is behind NAT Nov 13 03:08:57 15[IKE] <108> sending cert request for "C=FR, O=LAB3W, CN=ZW3B Cyber Root CA : rsa_3072" Nov 13 03:08:57 15[ENC] <108> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) V ] Nov 13 03:08:57 15[NET] <108> sending packet: from 158.69.126.137[500] to 109.210.56.240[1024] (373 bytes) Nov 13 03:08:57 10[NET] <108> received packet: from 109.210.56.240[13449] to 158.69.126.137[4500] (588 bytes) Nov 13 03:08:57 10[ENC] <108> parsed IKE_AUTH request 1 [ EF(1/3) ] Nov 13 03:08:57 10[ENC] <108> received fragment #1 of 3, waiting for complete IKE message Nov 13 03:08:57 05[NET] <108> received packet: from 109.210.56.240[13449] to 158.69.126.137[4500] (588 bytes) Nov 13 03:08:57 05[ENC] <108> parsed IKE_AUTH request 1 [ EF(2/3) ] Nov 13 03:08:57 05[ENC] <108> received fragment #2 of 3, waiting for complete IKE message Nov 13 03:08:57 09[NET] <108> received packet: from 109.210.56.240[13449] to 158.69.126.137[4500] (236 bytes) Nov 13 03:08:57 09[ENC] <108> parsed IKE_AUTH request 1 [ EF(3/3) ] Nov 13 03:08:57 09[ENC] <108> received fragment #3 of 3, reassembled fragmented IKE message (1224 bytes) Nov 13 03:08:57 09[ENC] <108> parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ] Nov 13 03:08:57 09[IKE] <108> received 44 cert requests for an unknown ca Nov 13 03:08:57 09[CFG] <108> looking for peer configs matching 158.69.126.137[%any]...109.210.56.240[172.16.0.142] Nov 13 03:08:57 09[CFG] selected peer config 'ikev2-eap-mschapv2' Nov 13 03:08:57 09[IKE] initiating EAP_IDENTITY method (id 0x00) Nov 13 03:08:57 09[IKE] peer supports MOBIKE Nov 13 03:08:57 09[IKE] authentication of 'srv.ca.lab3w.com' (myself) with RSA signature successful Nov 13 03:08:57 09[IKE] sending end entity cert "C=FR, O=LAB3W, CN=srv.ca.lab3w.com" Nov 13 03:08:57 09[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ] Nov 13 03:08:57 09[ENC] splitting IKE message (1704 bytes) into 2 fragments Nov 13 03:08:57 09[ENC] generating IKE_AUTH response 1 [ EF(1/2) ] Nov 13 03:08:57 09[ENC] generating IKE_AUTH response 1 [ EF(2/2) ] Nov 13 03:08:57 09[NET] sending packet: from 158.69.126.137[4500] to 109.210.56.240[13449] (1436 bytes) Nov 13 03:08:57 09[NET] sending packet: from 158.69.126.137[4500] to 109.210.56.240[13449] (348 bytes) # ------------------------- # strongSwan VPN Client 2.5.2 for Android 12 (OK) - Log server # Enjoy : <123> looking for peer configs matching 158.69.126.137[srv.ca.lab3w.com]...109.210.56.240[orj@lab3w.fr] Nov 13 04:01:35 08[NET] <122> received packet: from 109.210.56.240[46962] to 158.69.126.137[500] (948 bytes) Nov 13 04:01:35 08[ENC] <122> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Nov 13 04:01:35 08[IKE] <122> 109.210.56.240 is initiating an IKE_SA Nov 13 04:01:35 08[CFG] <122> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448 Nov 13 04:01:35 08[IKE] <122> key exchange method in received payload ECP_256 doesn't match negotiated CURVE_448 Nov 13 04:01:35 08[IKE] <122> remote host is behind NAT Nov 13 04:01:35 08[IKE] <122> DH group ECP_256 unacceptable, requesting CURVE_448 Nov 13 04:01:35 08[ENC] <122> generating IKE_SA_INIT response 0 [ N(INVAL_KE) V ] Nov 13 04:01:35 08[NET] <122> sending packet: from 158.69.126.137[500] to 109.210.56.240[46962] (58 bytes) Nov 13 04:01:35 10[NET] <123> received packet: from 109.210.56.240[46962] to 158.69.126.137[500] (940 bytes) Nov 13 04:01:35 10[ENC] <123> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ] Nov 13 04:01:35 10[IKE] <123> 109.210.56.240 is initiating an IKE_SA Nov 13 04:01:35 10[CFG] <123> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/CURVE_448 Nov 13 04:01:35 10[IKE] <123> remote host is behind NAT Nov 13 04:01:35 10[IKE] <123> sending cert request for "C=FR, O=LAB3W, CN=ZW3B Cyber Root CA : rsa_3072" Nov 13 04:01:35 10[ENC] <123> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) V ] Nov 13 04:01:35 10[NET] <123> sending packet: from 158.69.126.137[500] to 109.210.56.240[46962] (317 bytes) Nov 13 04:01:35 06[NET] <123> received packet: from 109.210.56.240[49301] to 158.69.126.137[4500] (488 bytes) Nov 13 04:01:35 06[ENC] <123> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr CPRQ(ADDR ADDR6 DNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ] Nov 13 04:01:35 06[IKE] <123> received cert request for "C=FR, O=LAB3W, CN=ZW3B Cyber Root CA : rsa_3072" Nov 13 04:01:35 06[CFG] <123> looking for peer configs matching 158.69.126.137[srv.ca.lab3w.com]...109.210.56.240[orj@lab3w.fr] Nov 13 04:01:35 06[CFG] selected peer config 'ikev2-eap' Nov 13 04:01:35 06[IKE] peer requested EAP, config unacceptable Nov 13 04:01:35 06[CFG] switching to peer config 'ikev2-eap-mschapv2' Nov 13 04:01:35 06[IKE] initiating EAP_IDENTITY method (id 0x00) Nov 13 04:01:35 06[IKE] peer supports MOBIKE Nov 13 04:01:35 06[IKE] authentication of 'srv.ca.lab3w.com' (myself) with RSA_EMSA_PSS_SHA2_256_SALT_32 successful Nov 13 04:01:35 06[IKE] sending end entity cert "C=FR, O=LAB3W, CN=srv.ca.lab3w.com" Nov 13 04:01:35 06[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ] Nov 13 04:01:35 06[ENC] splitting IKE message (1768 bytes) into 2 fragments Nov 13 04:01:35 06[ENC] generating IKE_AUTH response 1 [ EF(1/2) ] Nov 13 04:01:35 06[ENC] generating IKE_AUTH response 1 [ EF(2/2) ] Nov 13 04:01:35 06[NET] sending packet: from 158.69.126.137[4500] to 109.210.56.240[49301] (1436 bytes) Nov 13 04:01:35 06[NET] sending packet: from 158.69.126.137[4500] to 109.210.56.240[49301] (412 bytes) Nov 13 04:01:35 15[NET] received packet: from 109.210.56.240[49301] to 158.69.126.137[4500] (104 bytes) Nov 13 04:01:35 15[ENC] parsed IKE_AUTH request 2 [ EAP/RES/ID ] Nov 13 04:01:35 15[IKE] received EAP identity 'orj@lab3w.fr' Nov 13 04:01:35 15[IKE] initiating EAP_MSCHAPV2 method (id 0x12) Nov 13 04:01:35 15[ENC] generating IKE_AUTH response 2 [ EAP/REQ/MSCHAPV2 ] Nov 13 04:01:35 15[NET] sending packet: from 158.69.126.137[4500] to 109.210.56.240[49301] (120 bytes) Nov 13 04:01:35 09[NET] received packet: from 109.210.56.240[49301] to 158.69.126.137[4500] (152 bytes) Nov 13 04:01:35 09[ENC] parsed IKE_AUTH request 3 [ EAP/RES/MSCHAPV2 ] Nov 13 04:01:35 09[ENC] generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ] Nov 13 04:01:35 09[NET] sending packet: from 158.69.126.137[4500] to 109.210.56.240[49301] (152 bytes) Nov 13 04:01:35 05[NET] received packet: from 109.210.56.240[49301] to 158.69.126.137[4500] (88 bytes) Nov 13 04:01:35 05[ENC] parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ] Nov 13 04:01:35 05[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established Nov 13 04:01:35 05[ENC] generating IKE_AUTH response 4 [ EAP/SUCC ] Nov 13 04:01:35 05[NET] sending packet: from 158.69.126.137[4500] to 109.210.56.240[49301] (88 bytes) Nov 13 04:01:35 13[NET] received packet: from 109.210.56.240[49301] to 158.69.126.137[4500] (136 bytes) Nov 13 04:01:35 13[ENC] parsed IKE_AUTH request 5 [ AUTH ] Nov 13 04:01:35 13[IKE] authentication of 'orj@lab3w.fr' with EAP successful Nov 13 04:01:35 13[IKE] authentication of 'srv.ca.lab3w.com' (myself) with EAP Nov 13 04:01:35 13[IKE] peer requested virtual IP %any Nov 13 04:01:35 13[CFG] reassigning offline lease to 'orj@lab3w.fr' Nov 13 04:01:35 13[IKE] assigning virtual IP 172.16.8.100 to peer 'orj@lab3w.fr' Nov 13 04:01:35 13[IKE] peer requested virtual IP %any6 Nov 13 04:01:35 13[CFG] reassigning offline lease to 'orj@lab3w.fr' Nov 13 04:01:35 13[IKE] assigning virtual IP fec0::eeee:1ab3:ca:d000 to peer 'orj@lab3w.fr' Nov 13 04:01:35 13[IKE] IKE_SA ikev2-eap-mschapv2[123] established between 158.69.126.137[srv.ca.lab3w.com]...109.210.56.240[orj@lab3w.fr] Nov 13 04:01:35 13[CFG] selected proposal: ESP:CHACHA20_POLY1305/NO_EXT_SEQ Nov 13 04:01:35 13[IKE] CHILD_SA ikev2-eap-mschapv2{307} established with SPIs cf86961a_i 92781b12_o and TS 0.0.0.0/0 ::/0 === 172.16.8.100/32 fec0::eeee:1ab3:ca:d000/128 Nov 13 04:01:35 13[ENC] generating IKE_AUTH response 5 [ AUTH CPRP(ADDR ADDR6 DNS DNS DNS6 DNS6) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ] Nov 13 04:01:35 13[NET] sending packet: from 158.69.126.137[4500] to 109.210.56.240[49301] (584 bytes)