Topic: Cant connect to VPN

The content of this topic has been archived on 30 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

johanrd

19 Jul 2017, 12:42

Hi all,

I've got some issues with openvpn/strongswan.

I have created a CA/server/mobileconfig using Arokhs script.

When I try to connect the VPN from my iphone I get the following log entries but its not connecting.

Wed Jul 19 13:27:09 2017 daemon.info : 03[NET] received packet: from 192.168.1.68[500] to 192.168.1.93[500]
Wed Jul 19 13:27:09 2017 daemon.info : 03[NET] waiting for data on sockets
Wed Jul 19 13:27:09 2017 daemon.info : 10[NET] received packet: from 192.168.1.68[500] to 192.168.1.93[500] (432 bytes)
Wed Jul 19 13:27:09 2017 daemon.info : 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Wed Jul 19 13:27:09 2017 daemon.info : 10[CFG] looking for an ike config for 192.168.1.93...192.168.1.68
Wed Jul 19 13:27:09 2017 daemon.info : 10[CFG]   candidate: %any...%any, prio 28
Wed Jul 19 13:27:09 2017 daemon.info : 10[CFG] found matching ike config: %any...%any with prio 28
Wed Jul 19 13:27:09 2017 daemon.info : 10[IKE] 192.168.1.68 is initiating an IKE_SA
Wed Jul 19 13:27:09 2017 authpriv.info : 10[IKE] 192.168.1.68 is initiating an IKE_SA
Wed Jul 19 13:27:09 2017 daemon.info : 10[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
Wed Jul 19 13:27:09 2017 daemon.info : 10[CFG] selecting proposal:
Wed Jul 19 13:27:09 2017 daemon.info : 10[CFG]   no acceptable PSEUDO_RANDOM_FUNCTION found
Wed Jul 19 13:27:09 2017 daemon.info : 10[CFG] selecting proposal:
Wed Jul 19 13:27:09 2017 daemon.info : 10[CFG]   proposal matches
Wed Jul 19 13:27:09 2017 daemon.info : 10[CFG] received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Wed Jul 19 13:27:09 2017 daemon.info : 10[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_Wed Jul 19 13:27:09 2017 daemon.info : 10[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Wed Jul 19 13:27:10 2017 daemon.info : 10[IKE] sending cert request for "C=CA, O=192.168.1.93, CN=192.168.1.93 Root CA"
Wed Jul 19 13:27:10 2017 daemon.info : 10[IKE] sending cert request for "CN=OpenWrt CA"
Wed Jul 19 13:27:10 2017 daemon.info : 10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
Wed Jul 19 13:27:10 2017 daemon.info : 10[NET] sending packet: from 192.168.1.93[500] to 192.168.1.68[500] (493 bytes)
Wed Jul 19 13:27:10 2017 daemon.info : 04[NET] sending packet: from 192.168.1.93[500] to 192.168.1.68[500]
Wed Jul 19 13:27:10 2017 daemon.info : 03[NET] received packet: from 192.168.1.68[4500] to 192.168.1.93[4500]
Wed Jul 19 13:27:10 2017 daemon.info : 03[NET] waiting for data on sockets
Wed Jul 19 13:27:10 2017 daemon.info : 03[NET] received packet: from 192.168.1.68[4500] to 192.168.1.93[4500]
Wed Jul 19 13:27:10 2017 daemon.info : 03[NET] waiting for data on sockets
Wed Jul 19 13:27:10 2017 daemon.info : 11[NET] received packet: from 192.168.1.68[4500] to 192.168.1.93[4500] (544 bytes)
Wed Jul 19 13:27:10 2017 daemon.info : 11[ENC] parsed IKE_AUTH request 1 [ EF(1/2) ]
Wed Jul 19 13:27:10 2017 daemon.info : 11[ENC] received fragment #1 of 2, waiting for complete IKE message
Wed Jul 19 13:27:10 2017 daemon.info : 11[NET] received packet: from 192.168.1.68[4500] to 192.168.1.93[4500] (512 bytes)
Wed Jul 19 13:27:10 2017 daemon.info : 11[ENC] parsed IKE_AUTH request 1 [ EF(2/2) ]
Wed Jul 19 13:27:10 2017 daemon.info : 11[ENC] received fragment #2 of 2, reassembling fragmented IKE message
Wed Jul 19 13:27:10 2017 daemon.info : 11[ENC] unknown attribute type (25)
Wed Jul 19 13:27:10 2017 daemon.info : 11[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr AUTH CERT CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] received end entity cert "CN=johan1"
Wed Jul 19 13:27:10 2017 daemon.info : 11[CFG] looking for peer configs matching 192.168.1.93[192.168.1.93]...192.168.1.68[johan1]
Wed Jul 19 13:27:10 2017 daemon.info : 11[CFG]   candidate "johan1", match: 20/1/28 (me/other/ike)
Wed Jul 19 13:27:10 2017 daemon.info : 11[CFG] selected peer config 'johan1'
Wed Jul 19 13:27:10 2017 daemon.info : 11[CFG]   using certificate "CN=johan1"
Wed Jul 19 13:27:10 2017 daemon.info : 11[CFG]   certificate "CN=johan1" key: 1024 bit RSA
Wed Jul 19 13:27:10 2017 daemon.info : 11[CFG]   using trusted ca certificate "CN=OpenWrt CA"
Wed Jul 19 13:27:10 2017 daemon.info : 11[CFG]   certificate "CN=OpenWrt CA" key: 1024 bit RSA
Wed Jul 19 13:27:10 2017 daemon.info : 11[CFG]   reached self-signed root ca with a path length of 0
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] authentication of 'johan1' with RSA signature successful
Wed Jul 19 13:27:10 2017 daemon.info : 11[CFG] constraint requires EAP_TLS, but EAP_NAK was used
Wed Jul 19 13:27:10 2017 daemon.info : 11[CFG] selected peer config 'johan1' inacceptable: non-matching authentication done
Wed Jul 19 13:27:10 2017 daemon.info : 11[CFG] no alternative config found
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] processing INTERNAL_IP4_ADDRESS attribute
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] processing INTERNAL_IP4_DHCP attribute
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] processing INTERNAL_IP4_DNS attribute
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] processing INTERNAL_IP4_NETMASK attribute
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] processing INTERNAL_IP6_ADDRESS attribute
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] processing INTERNAL_IP6_DHCP attribute
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] processing INTERNAL_IP6_DNS attribute
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] processing (25) attribute
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] peer supports MOBIKE
Wed Jul 19 13:27:10 2017 daemon.info : 11[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Wed Jul 19 13:27:10 2017 daemon.info : 11[NET] sending packet: from 192.168.1.93[4500] to 192.168.1.68[4500] (76 bytes)
Wed Jul 19 13:27:10 2017 daemon.info : 04[NET] sending packet: from 192.168.1.93[4500] to 192.168.1.68[4500]
Wed Jul 19 13:27:10 2017 daemon.info : 11[IKE] IKE_SA johan1[1] state change: CONNECTING => DESTROYING

IPSEC.CONF

config setup
        # strictcrlpolicy=yes
        # uniqueids = no
        charondebug="cfg 2, dmn 2, ike 2, net 2"

# Add connections here.

conn johan1
    keyexchange=ikev2
    esp=aes128gcm16-ecp256,aes256gcm16-ecp384,aes128-sha256-ecp256,aes256-sha384-ecp384,aes128-sha256-modp2048,aes128-sha1-modp2048,aes256-sha384-modp4096,aes256-sha256-modp4096,aes256-sha1-modp4096,ae$
    dpdaction=clear
    dpddelay=300s
    ExtendedAuthEnabled=0
    rekey=no
    leftsendcert=always
    leftauth=pubkey
    leftfirewall=yes
    leftid=192.168.1.93
    leftsubnet=0.0.0.0/0
    leftcert=/etc/CA/serverCert.pem
    right=%any
    rightdns=8.8.8.8,8.8.4.4
    rightsourceip=10.66.0.1/24
    rightauth=eap-tls
    rightsendcert=yes
    auto=add

This is all setup on the lan.

Internet (where my iPhone has an IP) [192.168.1.*]-> router with OpenVPN(172.16.1.*) [wan ip: 192.168.1.93].

Any idea why this is not connecting?

(Last edited by johanrd on 19 Jul 2017, 12:47)

Post #2

slh

19 Jul 2017, 21:02

Remove the esp= line for testing, so it can fall back to its defaults.

Post #3

johanrd

20 Jul 2017, 09:14

Thanks for the reply. Still getting the same error unfortunately.

Thu Jul 20 10:10:42 2017 daemon.info : 03[NET] received packet: from 192.168.1.68[500] to 192.168.1.93[500]
Thu Jul 20 10:10:42 2017 daemon.info : 03[NET] waiting for data on sockets
Thu Jul 20 10:10:42 2017 daemon.info : 07[NET] received packet: from 192.168.1.68[500] to 192.168.1.93[500] (432 bytes)
Thu Jul 20 10:10:42 2017 daemon.info : 07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Thu Jul 20 10:10:42 2017 daemon.info : 07[CFG] looking for an ike config for 192.168.1.93...192.168.1.68
Thu Jul 20 10:10:42 2017 daemon.info : 07[CFG]   candidate: %any...%any, prio 28
Thu Jul 20 10:10:42 2017 daemon.info : 07[CFG] found matching ike config: %any...%any with prio 28
Thu Jul 20 10:10:42 2017 daemon.info : 07[IKE] 192.168.1.68 is initiating an IKE_SA
Thu Jul 20 10:10:42 2017 authpriv.info : 07[IKE] 192.168.1.68 is initiating an IKE_SA
Thu Jul 20 10:10:42 2017 daemon.info : 07[IKE] IKE_SA (unnamed)[1] state change: CREATED => CONNECTING
Thu Jul 20 10:10:42 2017 daemon.info : 07[CFG] selecting proposal:
Thu Jul 20 10:10:42 2017 daemon.info : 07[CFG]   no acceptable PSEUDO_RANDOM_FUNCTION found
Thu Jul 20 10:10:42 2017 daemon.info : 07[CFG] selecting proposal:
Thu Jul 20 10:10:42 2017 daemon.info : 07[CFG]   proposal matches
Thu Jul 20 10:10:42 2017 daemon.info : 07[CFG] received proposals: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Thu Jul 20 10:10:42 2017 daemon.info : 07[CFG] configured proposals: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_MD5_96/HMAC_SHA1_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_MD5/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_8192/MODP_2048/MODP_1024, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_Thu Jul 20 10:10:42 2017 daemon.info : 07[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
Thu Jul 20 10:10:42 2017 daemon.info : 07[IKE] sending cert request for "C=CA, O=192.168.1.93, CN=192.168.1.93 Root CA"
Thu Jul 20 10:10:42 2017 daemon.info : 07[IKE] sending cert request for "CN=OpenWrt CA"
Thu Jul 20 10:10:42 2017 daemon.info : 07[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
Thu Jul 20 10:10:42 2017 daemon.info : 07[NET] sending packet: from 192.168.1.93[500] to 192.168.1.68[500] (493 bytes)
Thu Jul 20 10:10:42 2017 daemon.info : 04[NET] sending packet: from 192.168.1.93[500] to 192.168.1.68[500]
Thu Jul 20 10:10:42 2017 daemon.info : 03[NET] received packet: from 192.168.1.68[4500] to 192.168.1.93[4500]
Thu Jul 20 10:10:42 2017 daemon.info : 03[NET] waiting for data on sockets
Thu Jul 20 10:10:42 2017 daemon.info : 03[NET] received packet: from 192.168.1.68[4500] to 192.168.1.93[4500]
Thu Jul 20 10:10:42 2017 daemon.info : 03[NET] waiting for data on sockets
Thu Jul 20 10:10:42 2017 daemon.info : 08[NET] received packet: from 192.168.1.68[4500] to 192.168.1.93[4500] (544 bytes)
Thu Jul 20 10:10:42 2017 daemon.info : 08[ENC] parsed IKE_AUTH request 1 [ EF(1/2) ]
Thu Jul 20 10:10:42 2017 daemon.info : 08[ENC] received fragment #1 of 2, waiting for complete IKE message
Thu Jul 20 10:10:42 2017 daemon.info : 08[NET] received packet: from 192.168.1.68[4500] to 192.168.1.93[4500] (512 bytes)
Thu Jul 20 10:10:42 2017 daemon.info : 08[ENC] parsed IKE_AUTH request 1 [ EF(2/2) ]
Thu Jul 20 10:10:42 2017 daemon.info : 08[ENC] received fragment #2 of 2, reassembling fragmented IKE message
Thu Jul 20 10:10:42 2017 daemon.info : 08[ENC] unknown attribute type (25)
Thu Jul 20 10:10:42 2017 daemon.info : 08[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr AUTH CERT CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] received end entity cert "CN=johan1"
Thu Jul 20 10:10:42 2017 daemon.info : 08[CFG] looking for peer configs matching 192.168.1.93[192.168.1.93]...192.168.1.68[johan1]
Thu Jul 20 10:10:42 2017 daemon.info : 08[CFG]   candidate "johan1", match: 20/1/28 (me/other/ike)
Thu Jul 20 10:10:42 2017 daemon.info : 08[CFG] selected peer config 'johan1'
Thu Jul 20 10:10:42 2017 daemon.info : 08[CFG]   using certificate "CN=johan1"
Thu Jul 20 10:10:42 2017 daemon.info : 08[CFG]   certificate "CN=johan1" key: 1024 bit RSA
Thu Jul 20 10:10:42 2017 daemon.info : 08[CFG]   using trusted ca certificate "CN=OpenWrt CA"
Thu Jul 20 10:10:42 2017 daemon.info : 08[CFG]   certificate "CN=OpenWrt CA" key: 1024 bit RSA
Thu Jul 20 10:10:42 2017 daemon.info : 08[CFG]   reached self-signed root ca with a path length of 0
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] authentication of 'johan1' with RSA signature successful
Thu Jul 20 10:10:42 2017 daemon.info : 08[CFG] constraint requires EAP_TLS, but EAP_NAK was used
Thu Jul 20 10:10:42 2017 daemon.info : 08[CFG] selected peer config 'johan1' inacceptable: non-matching authentication done
Thu Jul 20 10:10:42 2017 daemon.info : 08[CFG] no alternative config found
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] processing INTERNAL_IP4_ADDRESS attribute
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] processing INTERNAL_IP4_DHCP attribute
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] processing INTERNAL_IP4_DNS attribute
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] processing INTERNAL_IP4_NETMASK attribute
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] processing INTERNAL_IP6_ADDRESS attribute
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] processing INTERNAL_IP6_DHCP attribute
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] processing INTERNAL_IP6_DNS attribute
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] processing (25) attribute
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] peer supports MOBIKE
Thu Jul 20 10:10:42 2017 daemon.info : 08[ENC] generating IKE_AUTH response 1 [ N(AUTH_FAILED) ]
Thu Jul 20 10:10:42 2017 daemon.info : 08[NET] sending packet: from 192.168.1.93[4500] to 192.168.1.68[4500] (76 bytes)
Thu Jul 20 10:10:42 2017 daemon.info : 04[NET] sending packet: from 192.168.1.93[4500] to 192.168.1.68[4500]
Thu Jul 20 10:10:42 2017 daemon.info : 08[IKE] IKE_SA johan1[1] state change: CONNECTING => DESTROYING

Post #4

johanrd

24 Jul 2017, 20:36

Ok, so I think I've gotten further, but I'm still being thrown out straight away.

My ipsec.conf is now:

config setup

conn %default
 keyexchange=ikev2

conn roadwarrior
 left=%any
 leftauth=pubkey
 leftcert=/etc/CA/serverCert.pem
 leftid=myddnsentry.ddns.net
 leftsubnet=0.0.0.0/0,::/0
 right=%any
 rightsourceip=10.0.1.0/24
 auto=add

And here is the log:

Mon Jul 24 21:31:12 2017 daemon.info : 12[NET] received packet: from a.a.a.a[24073] to x.x.x.x[500] (432 bytes)
Mon Jul 24 21:31:12 2017 daemon.info : 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Mon Jul 24 21:31:12 2017 daemon.info : 12[IKE] a.a.a.a is initiating an IKE_SA
Mon Jul 24 21:31:12 2017 authpriv.info : 12[IKE] a.a.a.a is initiating an IKE_SA
Mon Jul 24 21:31:13 2017 daemon.info : 12[IKE] remote host is behind NAT
Mon Jul 24 21:31:13 2017 daemon.info : 12[IKE] sending cert request for "CN=OpenWrt CA"
Mon Jul 24 21:31:13 2017 daemon.info : 12[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(MULT_AUTH) ]
Mon Jul 24 21:31:13 2017 daemon.info : 12[NET] sending packet: from x.x.x.x[500] to a.a.a.a[24073] (473 bytes)
Mon Jul 24 21:31:13 2017 daemon.info : 13[NET] received packet: from a.a.a.a[12623] to x.x.x.x[4500] (544 bytes)
Mon Jul 24 21:31:13 2017 daemon.info : 13[ENC] parsed IKE_AUTH request 1 [ EF(1/2) ]
Mon Jul 24 21:31:13 2017 daemon.info : 13[ENC] received fragment #1 of 2, waiting for complete IKE message
Mon Jul 24 21:31:13 2017 daemon.info : 14[NET] received packet: from a.a.a.a[12623] to x.x.x.x[4500] (512 bytes)
Mon Jul 24 21:31:13 2017 daemon.info : 14[ENC] parsed IKE_AUTH request 1 [ EF(2/2) ]
Mon Jul 24 21:31:13 2017 daemon.info : 14[ENC] received fragment #2 of 2, reassembling fragmented IKE message
Mon Jul 24 21:31:13 2017 daemon.info : 14[ENC] unknown attribute type (25)
Mon Jul 24 21:31:13 2017 daemon.info : 14[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr AUTH CERT CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] received end entity cert "CN=johan"
Mon Jul 24 21:31:13 2017 daemon.info : 14[CFG] looking for peer configs matching x.x.x.x[myddnsentry.ddns.net]...a.a.a.a[johan]
Mon Jul 24 21:31:13 2017 daemon.info : 14[CFG] selected peer config 'roadwarrior'
Mon Jul 24 21:31:13 2017 daemon.info : 14[CFG]   using certificate "CN=johan"
Mon Jul 24 21:31:13 2017 daemon.info : 14[CFG]   using trusted ca certificate "CN=OpenWrt CA"
Mon Jul 24 21:31:13 2017 daemon.info : 14[CFG]   reached self-signed root ca with a path length of 0
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] authentication of 'johan' with RSA signature successful
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] peer supports MOBIKE
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] authentication of 'myddnsentry.ddns.net' (myself) with RSA signature successful
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] destroying duplicate IKE_SA for peer 'johan', received INITIAL_CONTACT
Mon Jul 24 21:31:13 2017 daemon.info : 14[CFG] lease 10.0.1.1 by 'johan' went offline
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] IKE_SA roadwarrior[2] established between x.x.x.x[myddnsentry.ddns.net]...a.a.a.a[johan]
Mon Jul 24 21:31:13 2017 authpriv.info : 14[IKE] IKE_SA roadwarrior[2] established between x.x.x.x[myddnsentry.ddns.net]...a.a.a.a[johan]
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] scheduling reauthentication in 9960s
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] maximum IKE_SA lifetime 10500s
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] peer requested virtual IP %any
Mon Jul 24 21:31:13 2017 daemon.info : 14[CFG] reassigning offline lease to 'johan'
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] assigning virtual IP 10.0.1.1 to peer 'johan'
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] peer requested virtual IP %any6
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] no virtual IP found for %any6 requested by 'johan'
Mon Jul 24 21:31:13 2017 daemon.info : 14[IKE] CHILD_SA roadwarrior{2} established with SPIs c6b498d8_i 054a4029_o and TS 0.0.0.0/0 ::/0 === 10.0.1.1/32
Mon Jul 24 21:31:13 2017 authpriv.info : 14[IKE] CHILD_SA roadwarrior{2} established with SPIs c6b498d8_i 054a4029_o and TS 0.0.0.0/0 ::/0 === 10.0.1.1/32
Mon Jul 24 21:31:13 2017 daemon.info : 14[ENC] generating IKE_AUTH response 1 [ IDr AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) ]
Mon Jul 24 21:31:13 2017 daemon.info : 14[NET] sending packet: from x.x.x.x[4500] to a.a.a.a[12623] (444 bytes)

x.x.x.x is my external IP
myddnsentry.ddns.net is not my real ddns entry
a.a.a.a is my phones ip (not on wifi)

Any suggestions?

The discussion might have continued from here.

Page 1 of 1