Comments (12)
hwdsl2
commented on May 8, 2024
@BSShapiro Did you forget to reboot the server after making changes?
Please post your ipsec.conf (with IPs removed).
from setup-ipsec-vpn.
BSShapiro
commented on May 8, 2024
Yes, I did reboot the server after making the changes.
version 2.0
config setup
virtual_private=
protostack=netkey
nhelpers=0
interfaces=%defaultroute
uniqueids=no
conn shared
sha2-truncbug=yes
left=
leftid=
right=%any
forceencaps=yes
authby=secret
pfs=no
rekey=no
keyingtries=5
dpddelay=30
dpdtimeout=120
dpdaction=clear
ike=3des-sha1,aes-sha1,aes256-sha2_256
phase2alg=3des-sha1,aes-sha1,aes256-sha2_256
conn l2tp-psk
auto=add
leftsubnet=
leftnexthop=%defaultroute
leftprotoport=17/1701
rightprotoport=17/%any
type=transport
auth=esp
also=shared
conn xauth-psk
auto=add
leftsubnet=0.0.0.0/0
rightaddresspool=
modecfgdns1=8.8.8.8
modecfgdns2=8.8.4.4
leftxauthserver=yes
rightxauthclient=yes
rightprotoport=17/%any
type=transport
auth=esp
also=shared
conn xauth-psk
auto=add
leftsubnet=0.0.0.0/0
rightaddresspool=
modecfgdns1=8.8.8.8
modecfgdns2=8.8.4.4
leftxauthserver=yes
rightxauthclient=yes
leftmodecfgserver=yes
rightmodecfgclient=yes
modecfgpull=yes
xauthby=file
ike-frag=yes
ikev2=never
cisco-unity=yes
also=shared
from setup-ipsec-vpn.
hwdsl2
commented on May 8, 2024
@BSShapiro Did you indent the new sha2-truncbug=yes line by two spaces?
Does your Android show any error message? Try removing and re-adding the VPN connection.
To further troubleshoot the issue, try connecting again and then run:
grep pluto /var/log/auth.log
Post the output with sensitive info removed.
from setup-ipsec-vpn.
BSShapiro
commented on May 8, 2024
Jun 8 18:16:02 BSShapiro pluto[18942]: NSS DB directory: sql:/etc/ipsec.d
Jun 8 18:16:02 BSShapiro pluto[18942]: NSS initialized
Jun 8 18:16:02 BSShapiro pluto[18942]: libcap-ng support [enabled]
Jun 8 18:16:02 BSShapiro pluto[18942]: FIPS HMAC integrity support [disabled]
Jun 8 18:16:02 BSShapiro pluto[18942]: Linux audit support [disabled]
Jun 8 18:16:02 BSShapiro pluto[18942]: Starting Pluto (Libreswan Version 3.17 XFRM(netkey) KLIPS USE_FORK USE_PTHREAD_SETSCHEDPRIO NSS DNSSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:18942
Jun 8 18:16:02 BSShapiro pluto[18942]: core dump dir: /var/run/pluto
Jun 8 18:16:02 BSShapiro pluto[18942]: secrets file: /etc/ipsec.secrets
Jun 8 18:16:02 BSShapiro pluto[18942]: leak-detective disabled
Jun 8 18:16:02 BSShapiro pluto[18942]: NSS crypto [enabled]
Jun 8 18:16:02 BSShapiro pluto[18942]: XAUTH PAM support [enabled]
Jun 8 18:16:02 BSShapiro pluto[18942]: NAT-Traversal support [enabled]
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating OAKLEY_AES_CTR: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_A: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_B: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_C: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_hash(): Activating DISABLED-OAKLEY_AES_XCBC: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: no crypto helpers will be started; all cryptographic operations will be done inline
Jun 8 18:16:02 BSShapiro pluto[18942]: Using Linux XFRM/NETKEY IPsec interface code on 3.16.0-59-generic
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating aes_ccm_8: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating aes_ccm_12: Ok
Jun 8 18:16:02 BSShapiro pluto[18942]: ike_alg_register_enc(): Activating aes_ccm_16: Ok
Jun 8 18:16:03 BSShapiro pluto[18942]: added connection description "l2tp-psk"
Jun 8 18:16:03 BSShapiro pluto[18942]: added connection description "xauth-psk"
Jun 8 18:16:03 BSShapiro pluto[18942]: listening for IKE messages
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface as0t3/as0t3
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface as0t3/as0t3
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface as0t2/as0t2
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface as0t2/as0t2
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface as0t1/as0t1
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface as0t1/as0t1
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface as0t0/as0t0
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface as0t0/as0t0
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface wlan0/wlan0
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface wlan0/wlan0
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface lo/lo
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface lo/lo
Jun 8 18:16:03 BSShapiro pluto[18942]: adding interface lo/lo ::1:500
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface lo:500 fd 26
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface lo:4500 fd 25
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface lo:500 fd 24
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface wlan0:4500 fd 23
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface wlan0:500 fd 22
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface as0t0:4500 fd 21
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface as0t0:500 fd 20
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface as0t1:4500 fd 19
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface as0t1:500 fd 18
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface as0t2:4500 fd 17
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface as0t2:500 fd 16
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface as0t3:4500 fd 15
Jun 8 18:16:03 BSShapiro pluto[18942]: | setup callback for interface as0t3:500 fd 14
Jun 8 18:16:03 BSShapiro pluto[18942]: loading secrets from "/etc/ipsec.secrets"
Jun 8 18:16:03 BSShapiro pluto[18942]: reapchild failed with errno=10 No child processes
Jun 8 18:33:28 BSShapiro pluto[18942]: forgetting secrets
Jun 8 18:33:28 BSShapiro pluto[18942]: "xauth-psk": deleting connection
Jun 8 18:33:28 BSShapiro pluto[18942]: "l2tp-psk": deleting connection
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface lo/lo ::1:500
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface lo/lo
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface lo/lo
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface wlan0/wlan0
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface wlan0/wlan0
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface as0t0/as0t0
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface as0t0/as0t0
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface as0t1/as0t1
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface as0t1/as0t1
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface as0t2/as0t2
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface as0t2/as0t2
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface as0t3/as0t3
Jun 8 18:33:28 BSShapiro pluto[18942]: shutting down interface as0t3/as0t3
Jun 8 18:33:30 BSShapiro pluto[21195]: NSS DB directory: sql:/etc/ipsec.d
Jun 8 18:33:30 BSShapiro pluto[21195]: NSS initialized
Jun 8 18:33:30 BSShapiro pluto[21195]: libcap-ng support [enabled]
Jun 8 18:33:30 BSShapiro pluto[21195]: FIPS HMAC integrity support [disabled]
Jun 8 18:33:30 BSShapiro pluto[21195]: Linux audit support [disabled]
Jun 8 18:33:30 BSShapiro pluto[21195]: Starting Pluto (Libreswan Version 3.17 XFRM(netkey) KLIPS USE_FORK USE_PTHREAD_SETSCHEDPRIO NSS DNSSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:21195
Jun 8 18:33:30 BSShapiro pluto[21195]: core dump dir: /var/run/pluto
Jun 8 18:33:30 BSShapiro pluto[21195]: secrets file: /etc/ipsec.secrets
Jun 8 18:33:30 BSShapiro pluto[21195]: leak-detective disabled
Jun 8 18:33:30 BSShapiro pluto[21195]: NSS crypto [enabled]
Jun 8 18:33:30 BSShapiro pluto[21195]: XAUTH PAM support [enabled]
Jun 8 18:33:30 BSShapiro pluto[21195]: NAT-Traversal support [enabled]
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating OAKLEY_AES_CTR: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_A: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_B: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_C: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_hash(): Activating DISABLED-OAKLEY_AES_XCBC: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: no crypto helpers will be started; all cryptographic operations will be done inline
Jun 8 18:33:30 BSShapiro pluto[21195]: Using Linux XFRM/NETKEY IPsec interface code on 3.16.0-59-generic
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating aes_ccm_8: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating aes_ccm_12: Ok
Jun 8 18:33:30 BSShapiro pluto[21195]: ike_alg_register_enc(): Activating aes_ccm_16: Ok
Jun 8 18:33:31 BSShapiro pluto[21195]: added connection description "l2tp-psk"
Jun 8 18:33:31 BSShapiro pluto[21195]: added connection description "xauth-psk"
Jun 8 18:33:31 BSShapiro pluto[21195]: listening for IKE messages
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface as0t3/as0t3
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface as0t3/as0t3
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface as0t2/as0t2
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface as0t2/as0t2
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface as0t1/as0t1
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface as0t1/as0t1
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface as0t0/as0t0
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface as0t0/as0t0
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface wlan0/wlan0
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface wlan0/wlan0
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface lo/lo
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface lo/lo
Jun 8 18:33:31 BSShapiro pluto[21195]: adding interface lo/lo ::1:500
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface lo:500 fd 26
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface lo:4500 fd 25
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface lo:500 fd 24
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface wlan0:4500 fd 23
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface wlan0:500 fd 22
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface as0t0:4500 fd 21
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface as0t0:500 fd 20
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface as0t1:4500 fd 19
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface as0t1:500 fd 18
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface as0t2:4500 fd 17
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface as0t2:500 fd 16
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface as0t3:4500 fd 15
Jun 8 18:33:31 BSShapiro pluto[21195]: | setup callback for interface as0t3:500 fd 14
Jun 8 18:33:31 BSShapiro pluto[21195]: loading secrets from "/etc/ipsec.secrets"
Jun 8 18:33:31 BSShapiro pluto[21195]: reapchild failed with errno=10 No child processes
Jun 8 18:35:31 BSShapiro pluto[21195]: forgetting secrets
Jun 8 18:35:31 BSShapiro pluto[21195]: "xauth-psk": deleting connection
Jun 8 18:35:31 BSShapiro pluto[21195]: "l2tp-psk": deleting connection
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface lo/lo ::1:500
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface lo/lo
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface lo/lo
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface wlan0/wlan0
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface wlan0/wlan0
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface as0t0/as0t0
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface as0t0/as0t0
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface as0t1/as0t1
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface as0t1/as0t1
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface as0t2/as0t2
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface as0t2/as0t2
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface as0t3/as0t3
Jun 8 18:35:31 BSShapiro pluto[21195]: shutting down interface as0t3/as0t3
Jun 8 18:35:32 BSShapiro pluto[21688]: NSS DB directory: sql:/etc/ipsec.d
Jun 8 18:35:32 BSShapiro pluto[21688]: NSS initialized
Jun 8 18:35:32 BSShapiro pluto[21688]: libcap-ng support [enabled]
Jun 8 18:35:32 BSShapiro pluto[21688]: FIPS HMAC integrity support [disabled]
Jun 8 18:35:32 BSShapiro pluto[21688]: Linux audit support [disabled]
Jun 8 18:35:32 BSShapiro pluto[21688]: Starting Pluto (Libreswan Version 3.17 XFRM(netkey) KLIPS USE_FORK USE_PTHREAD_SETSCHEDPRIO NSS DNSSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:21688
Jun 8 18:35:32 BSShapiro pluto[21688]: core dump dir: /var/run/pluto
Jun 8 18:35:32 BSShapiro pluto[21688]: secrets file: /etc/ipsec.secrets
Jun 8 18:35:32 BSShapiro pluto[21688]: leak-detective disabled
Jun 8 18:35:32 BSShapiro pluto[21688]: NSS crypto [enabled]
Jun 8 18:35:32 BSShapiro pluto[21688]: XAUTH PAM support [enabled]
Jun 8 18:35:32 BSShapiro pluto[21688]: NAT-Traversal support [enabled]
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating OAKLEY_AES_CTR: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_A: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_B: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_C: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_hash(): Activating DISABLED-OAKLEY_AES_XCBC: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: no crypto helpers will be started; all cryptographic operations will be done inline
Jun 8 18:35:32 BSShapiro pluto[21688]: Using Linux XFRM/NETKEY IPsec interface code on 3.16.0-59-generic
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating aes_ccm_8: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating aes_ccm_12: Ok
Jun 8 18:35:32 BSShapiro pluto[21688]: ike_alg_register_enc(): Activating aes_ccm_16: Ok
Jun 8 18:35:33 BSShapiro pluto[21688]: added connection description "l2tp-psk"
Jun 8 18:35:33 BSShapiro pluto[21688]: added connection description "xauth-psk"
Jun 8 18:35:33 BSShapiro pluto[21688]: listening for IKE messages
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface as0t3/as0t3
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface as0t3/as0t3
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface as0t2/as0t2
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface as0t2/as0t2
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface as0t1/as0t1
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface as0t1/as0t1
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface as0t0/as0t0
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface as0t0/as0t0
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface wlan0/wlan0
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface wlan0/wlan0
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface lo/lo
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface lo/lo
Jun 8 18:35:33 BSShapiro pluto[21688]: adding interface lo/lo ::1:500
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface lo:500 fd 26
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface lo:4500 fd 25
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface lo:500 fd 24
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface wlan0:4500 fd 23
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface wlan0:500 fd 22
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface as0t0:4500 fd 21
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface as0t0:500 fd 20
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface as0t1:4500 fd 19
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface as0t1:500 fd 18
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface as0t2:4500 fd 17
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface as0t2:500 fd 16
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface as0t3:4500 fd 15
Jun 8 18:35:33 BSShapiro pluto[21688]: | setup callback for interface as0t3:500 fd 14
Jun 8 18:35:33 BSShapiro pluto[21688]: loading secrets from "/etc/ipsec.secrets"
Jun 8 18:35:33 BSShapiro pluto[21688]: reapchild failed with errno=10 No child processes
Jun 8 18:38:04 BSShapiro pluto[21688]: forgetting secrets
Jun 8 18:38:04 BSShapiro pluto[21688]: "xauth-psk": deleting connection
Jun 8 18:38:04 BSShapiro pluto[21688]: "l2tp-psk": deleting connection
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface lo/lo ::1:500
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface lo/lo
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface lo/lo
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface wlan0/wlan0
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface wlan0/wlan0
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface as0t0/as0t0
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface as0t0/as0t0
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface as0t1/as0t1
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface as0t1/as0t1
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface as0t2/as0t2
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface as0t2/as0t2
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface as0t3/as0t3
Jun 8 18:38:04 BSShapiro pluto[21688]: shutting down interface as0t3/as0t3
Jun 8 18:38:05 BSShapiro pluto[22189]: NSS DB directory: sql:/etc/ipsec.d
Jun 8 18:38:05 BSShapiro pluto[22189]: NSS initialized
Jun 8 18:38:05 BSShapiro pluto[22189]: libcap-ng support [enabled]
Jun 8 18:38:05 BSShapiro pluto[22189]: FIPS HMAC integrity support [disabled]
Jun 8 18:38:05 BSShapiro pluto[22189]: Linux audit support [disabled]
Jun 8 18:38:05 BSShapiro pluto[22189]: Starting Pluto (Libreswan Version 3.17 XFRM(netkey) KLIPS USE_FORK USE_PTHREAD_SETSCHEDPRIO NSS DNSSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:22189
Jun 8 18:38:05 BSShapiro pluto[22189]: core dump dir: /var/run/pluto
Jun 8 18:38:05 BSShapiro pluto[22189]: secrets file: /etc/ipsec.secrets
Jun 8 18:38:05 BSShapiro pluto[22189]: leak-detective disabled
Jun 8 18:38:05 BSShapiro pluto[22189]: NSS crypto [enabled]
Jun 8 18:38:05 BSShapiro pluto[22189]: XAUTH PAM support [enabled]
Jun 8 18:38:05 BSShapiro pluto[22189]: NAT-Traversal support [enabled]
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating OAKLEY_AES_CTR: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_A: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_B: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_C: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_hash(): Activating DISABLED-OAKLEY_AES_XCBC: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: no crypto helpers will be started; all cryptographic operations will be done inline
Jun 8 18:38:05 BSShapiro pluto[22189]: Using Linux XFRM/NETKEY IPsec interface code on 3.16.0-59-generic
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating aes_ccm_8: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating aes_ccm_12: Ok
Jun 8 18:38:05 BSShapiro pluto[22189]: ike_alg_register_enc(): Activating aes_ccm_16: Ok
Jun 8 18:38:06 BSShapiro pluto[22189]: added connection description "l2tp-psk"
Jun 8 18:38:06 BSShapiro pluto[22189]: added connection description "xauth-psk"
Jun 8 18:38:06 BSShapiro pluto[22189]: listening for IKE messages
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface as0t3/as0t3
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface as0t3/as0t3
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface as0t2/as0t2
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface as0t2/as0t2
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface as0t1/as0t1
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface as0t1/as0t1
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface as0t0/as0t0
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface as0t0/as0t0
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface wlan0/wlan0
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface wlan0/wlan0
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface lo/lo
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface lo/lo
Jun 8 18:38:06 BSShapiro pluto[22189]: adding interface lo/lo ::1:500
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface lo:500 fd 26
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface lo:4500 fd 25
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface lo:500 fd 24
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface wlan0:4500 fd 23
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface wlan0:500 fd 22
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface as0t0:4500 fd 21
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface as0t0:500 fd 20
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface as0t1:4500 fd 19
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface as0t1:500 fd 18
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface as0t2:4500 fd 17
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface as0t2:500 fd 16
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface as0t3:4500 fd 15
Jun 8 18:38:06 BSShapiro pluto[22189]: | setup callback for interface as0t3:500 fd 14
Jun 8 18:38:06 BSShapiro pluto[22189]: loading secrets from "/etc/ipsec.secrets"
Jun 8 18:38:06 BSShapiro pluto[22189]: reapchild failed with errno=10 No child processes
Jun 8 19:23:29 BSShapiro pluto[22189]: forgetting secrets
Jun 8 19:23:29 BSShapiro pluto[22189]: "xauth-psk": deleting connection
Jun 8 19:23:29 BSShapiro pluto[22189]: "l2tp-psk": deleting connection
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface lo/lo ::1:500
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface lo/lo
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface lo/lo
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface wlan0/wlan0
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface wlan0/wlan0
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface as0t0/as0t0
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface as0t0/as0t0
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface as0t1/as0t1
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface as0t1/as0t1
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface as0t2/as0t2
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface as0t2/as0t2
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface as0t3/as0t3
Jun 8 19:23:29 BSShapiro pluto[22189]: shutting down interface as0t3/as0t3
Jun 8 19:23:31 BSShapiro pluto[26814]: NSS DB directory: sql:/etc/ipsec.d
Jun 8 19:23:31 BSShapiro pluto[26814]: NSS initialized
Jun 8 19:23:31 BSShapiro pluto[26814]: libcap-ng support [enabled]
Jun 8 19:23:31 BSShapiro pluto[26814]: FIPS HMAC integrity support [disabled]
Jun 8 19:23:31 BSShapiro pluto[26814]: Linux audit support [disabled]
Jun 8 19:23:31 BSShapiro pluto[26814]: Starting Pluto (Libreswan Version 3.17 XFRM(netkey) KLIPS USE_FORK USE_PTHREAD_SETSCHEDPRIO NSS DNSSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS)) pid:26814
Jun 8 19:23:31 BSShapiro pluto[26814]: core dump dir: /var/run/pluto
Jun 8 19:23:31 BSShapiro pluto[26814]: secrets file: /etc/ipsec.secrets
Jun 8 19:23:31 BSShapiro pluto[26814]: leak-detective disabled
Jun 8 19:23:31 BSShapiro pluto[26814]: NSS crypto [enabled]
Jun 8 19:23:31 BSShapiro pluto[26814]: XAUTH PAM support [enabled]
Jun 8 19:23:31 BSShapiro pluto[26814]: NAT-Traversal support [enabled]
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating OAKLEY_AES_CTR: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_A: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_B: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating OAKLEY_AES_GCM_C: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_hash(): Activating DISABLED-OAKLEY_AES_XCBC: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CBC: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating OAKLEY_CAMELLIA_CTR: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: no crypto helpers will be started; all cryptographic operations will be done inline
Jun 8 19:23:31 BSShapiro pluto[26814]: Using Linux XFRM/NETKEY IPsec interface code on 3.16.0-59-generic
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating aes_ccm_8: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating aes_ccm_12: Ok
Jun 8 19:23:31 BSShapiro pluto[26814]: ike_alg_register_enc(): Activating aes_ccm_16: Ok
Jun 8 19:23:32 BSShapiro pluto[26814]: added connection description "l2tp-psk"
Jun 8 19:23:32 BSShapiro pluto[26814]: added connection description "xauth-psk"
Jun 8 19:23:32 BSShapiro pluto[26814]: listening for IKE messages
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface as0t3/as0t3
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface as0t3/as0t3
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface as0t2/as0t2
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface as0t2/as0t2
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface as0t1/as0t1
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface as0t1/as0t1
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface as0t0/as0t0
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface as0t0/as0t0
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface wlan0/wlan0
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface wlan0/wlan0
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface lo/lo
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface lo/lo
Jun 8 19:23:32 BSShapiro pluto[26814]: adding interface lo/lo ::1:500
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface lo:500 fd 26
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface lo:4500 fd 25
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface lo:500 fd 24
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface wlan0:4500 fd 23
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface wlan0:500 fd 22
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface as0t0:4500 fd 21
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface as0t0:500 fd 20
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface as0t1:4500 fd 19
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface as0t1:500 fd 18
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface as0t2:4500 fd 17
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface as0t2:500 fd 16
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface as0t3:4500 fd 15
Jun 8 19:23:32 BSShapiro pluto[26814]: | setup callback for interface as0t3:500 fd 14
Jun 8 19:23:32 BSShapiro pluto[26814]: loading secrets from "/etc/ipsec.secrets"
Jun 8 19:23:32 BSShapiro pluto[26814]: reapchild failed with errno=10 No child processes
from setup-ipsec-vpn.
BSShapiro
commented on May 8, 2024
And yes, I did leave two spaces for sha2-truncbug=yes.
from setup-ipsec-vpn.
hwdsl2
commented on May 8, 2024
@BSShapiro First, the server does not see the connection from VPN client. There is no log of that.
Your server's network interfaces seem non-standard as I don't see eth0 in the list. Did you make any change to the script before using? Because normally if eth0 is not present, the script will refuse to run. You can find the active network interface from the output of cat /proc/net/dev.
from setup-ipsec-vpn.
BSShapiro
commented on May 8, 2024
I did make a change to the script, I removed:
os_type="$(lsb_release -si 2>/dev/null)"
if [ "$os_type" != "Ubuntu" ] && [ "$os_type" != "Debian" ]; then
echoerr "This script only supports Ubuntu/Debian."
exit 1
fi
I removed it because the script refused to run, even though I'm running Elementary OS, which is built on Ubuntu 14.04.
from setup-ipsec-vpn.
hwdsl2
commented on May 8, 2024
@BSShapiro I see. Can you please post the output of cat /proc/net/dev.
from setup-ipsec-vpn.
BSShapiro
commented on May 8, 2024
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
as0t3: 0 0 0 0 0 0 0 0 2848172 18380 0 0 0 0 0 0
as0t0: 0 0 0 0 0 0 0 0 2848172 18380 0 0 0 0 0 0
eth0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
wlan0: 2385892767 6514947 0 0 0 5706951 0 0 442061559 4041832 0 0 0 0 0 0
as0t2: 0 0 0 0 0 0 0 0 2848172 18380 0 0 0 0 0 0
ip_vti0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
lo: 446500268 843465 0 0 0 0 0 0 446500268 843465 0 0 0 0 0 0
as0t1: 0 0 0 0 0 0 0 0 2848172 18380 0 0 0 0 0 0
from setup-ipsec-vpn.
hwdsl2
commented on May 8, 2024
@BSShapiro Can you please post the output of
sudo iptables -nvL; sudo iptables -nvL -t nat
from setup-ipsec-vpn.
BSShapiro
commented on May 8, 2024
Chain INPUT (policy DROP 291 packets, 119K bytes)
pkts bytes target prot opt in out source destination
0 0 fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 500,4500
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1701 policy match dir in pol ipsec
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1701
20126 15M AS0_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
834 56504 AS0_ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 AS0_IN_PRE all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x2000000/0x2000000
0 0 AS0_ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.7 state NEW tcp dpt:915
0 0 AS0_ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.7 state NEW tcp dpt:914
0 0 AS0_ACCEPT udp -- * * 0.0.0.0/0 192.168.0.7 state NEW udp dpt:917
0 0 AS0_ACCEPT udp -- * * 0.0.0.0/0 192.168.0.7 state NEW udp dpt:916
0 0 AS0_WEBACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 AS0_WEBACCEPT tcp -- * * 0.0.0.0/0 192.168.0.7 state NEW tcp dpt:943
1158 203K ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
1158 203K ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
791 164K ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
291 119K ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
291 119K ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
291 119K ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 ACCEPT all -- eth+ ppp+ 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- ppp+ eth+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ppp+ ppp+ 192.168.42.0/24 192.168.42.0/24
0 0 ACCEPT all -- eth+ * 0.0.0.0/0 192.168.43.0/24 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- * eth+ 192.168.43.0/24 0.0.0.0/0
0 0 AS0_ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 AS0_IN_PRE all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x2000000/0x2000000
0 0 AS0_OUT_S2C all -- * as0t+ 0.0.0.0/0 0.0.0.0/0
0 0 ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-before-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-reject-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-track-forward all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2 packets, 168 bytes)
pkts bytes target prot opt in out source destination
944 188K AS0_OUT_LOCAL all -- * as0t+ 0.0.0.0/0 0.0.0.0/0
18606 2877K ufw-before-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
18606 2877K ufw-before-output all -- * * 0.0.0.0/0 0.0.0.0/0
1147 108K ufw-after-output all -- * * 0.0.0.0/0 0.0.0.0/0
1147 108K ufw-after-logging-output all -- * * 0.0.0.0/0 0.0.0.0/0
1147 108K ufw-reject-output all -- * * 0.0.0.0/0 0.0.0.0/0
1147 108K ufw-track-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_ACCEPT (7 references)
pkts bytes target prot opt in out source destination
20960 15M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_DNS (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 172.27.224.1
0 0 ACCEPT all -- * * 0.0.0.0/0 172.27.228.1
0 0 ACCEPT all -- * * 0.0.0.0/0 172.27.232.1
0 0 ACCEPT all -- * * 0.0.0.0/0 172.27.236.1
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_IN (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 172.27.224.1
0 0 AS0_IN_POST all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_IN_NAT (0 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x8000000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_IN_POST (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 192.168.0.0/24
0 0 AS0_OUT all -- * as0t+ 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_IN_PRE (2 references)
pkts bytes target prot opt in out source destination
0 0 AS0_DNS tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
0 0 AS0_DNS udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
0 0 AS0_IN all -- * * 0.0.0.0/0 192.168.0.0/16
0 0 AS0_IN all -- * * 0.0.0.0/0 172.16.0.0/12
0 0 AS0_IN all -- * * 0.0.0.0/0 10.0.0.0/8
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_IN_ROUTE (0 references)
pkts bytes target prot opt in out source destination
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK or 0x4000000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_OUT (2 references)
pkts bytes target prot opt in out source destination
0 0 AS0_OUT_POST all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_OUT_LOCAL (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 5
944 188K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_OUT_POST (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_OUT_S2C (1 references)
pkts bytes target prot opt in out source destination
0 0 AS0_OUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_WEBACCEPT (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-ssh (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
423 33552 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
20 4990 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
0 0 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 ufw-skip-to-policy-input tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
7 2353 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ufw-skip-to-policy-input udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
50 3654 ufw-skip-to-policy-input all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
291 119K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ufw-user-forward all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
1158 203K ufw-not-local all -- * * 0.0.0.0/0 0.0.0.0/0
367 39698 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 239.255.255.250 udp dpt:1900
791 164K ufw-user-input all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
1674 138K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
15785 2631K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1147 108K ufw-user-output all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
236 117K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
422 41678 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
500 44549 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
500 44549 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-track-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
525 31500 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
620 76359 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1723
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1194
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1723
Chain PREROUTING (policy ACCEPT 818 packets, 163K bytes)
pkts bytes target prot opt in out source destination
0 0 AS0_NAT_PRE_REL_EST all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 AS0_DPFWD_UDP udp -- * * 0.0.0.0/0 192.168.0.7 udp dpt:1194 state NEW
0 0 AS0_DPFWD_TCP tcp -- * * 0.0.0.0/0 192.168.0.7 tcp dpt:443 state NEW
Chain INPUT (policy ACCEPT 47 packets, 4456 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1980 packets, 171K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1980 packets, 171K bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * eth+ 192.168.42.0/24 0.0.0.0/0 to:192.168.0.7
0 0 SNAT all -- * eth+ 192.168.43.0/24 0.0.0.0/0 policy match dir out pol none to:192.168.0.7
0 0 AS0_NAT_POST_REL_EST all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 AS0_NAT_PRE all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x2000000/0x2000000
Chain AS0_DPFWD_TCP (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.0.7:914
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_DPFWD_UDP (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 to:192.168.0.7:916
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_NAT (3 references)
pkts bytes target prot opt in out source destination
0 0 SNAT all -- * wlan0 0.0.0.0/0 0.0.0.0/0 to:192.168.0.7
0 0 SNAT all -- * tun0 0.0.0.0/0 0.0.0.0/0 to:10.8.0.1
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_NAT_POST_REL_EST (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_NAT_PRE (1 references)
pkts bytes target prot opt in out source destination
0 0 AS0_NAT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x8000000/0x8000000
0 0 AS0_NAT_TEST all -- * * 0.0.0.0/0 192.168.0.0/16
0 0 AS0_NAT_TEST all -- * * 0.0.0.0/0 172.16.0.0/12
0 0 AS0_NAT_TEST all -- * * 0.0.0.0/0 10.0.0.0/8
0 0 AS0_NAT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_NAT_PRE_REL_EST (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain AS0_NAT_TEST (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * as0t+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x4000000/0x4000000
0 0 ACCEPT all -- * * 0.0.0.0/0 172.27.224.0/20
0 0 AS0_NAT all -- * * 0.0.0.0/0 0.0.0.0/0
from setup-ipsec-vpn.
hwdsl2
commented on May 8, 2024
@BSShapiro First let's check why the server does not see connections from your VPN client. Is the VPN server behind the same router as the Android VPN client? Which IP address did you use to connect to the server? The public IP or the private IP? If you prefer we can continue this discussion via email.
from setup-ipsec-vpn.
Related Issues (20)
- 关于buildroot 下 4g 链接问题 HOT 2
- ios17系统版本下 使用ikev2协议进行连接有误 HOT 1
- No Internet while connected to vpn HOT 5
- Problem to Connect with l2tp windows and android HOT 1
- No internet after a while when connected to VPN HOT 4
- 客户端互ping不通 HOT 1
- Unable to Connect to Ikev2 protocol HOT 1
- Increase maximum no of simultansous connections using same ikev2 file HOT 5
- Can I generate files while adding a new user for ikev2 with encryption algorithm ed448 or ed25519? HOT 1
- Can I use nftables instead of iptables HOT 1
- 目前手机是华为鸿蒙4.0系统,可以使用华为手机自带vpn连接不,不使用第三方vpn HOT 1
- OpenVPN overs IKEv2 slow HOT 1
- Error: Connection activation failed: The 'strongswan' plugin only supports a single active connection. HOT 2
- Windows客户端使用IKEv2连接成功一两个小时出现无法ping通,断开重连后恢复 HOT 1
- 【解决方案】Windows客户端IKEv2连接一段时间后丢失连接 HOT 2
- in ikev2setup.sh shouldn't this use openssl sha2 HOT 2
- 没事了
- Renew revoked or expired certificate HOT 1
- apt-get Install Failed HOT 2
- 路由器端口回流功能失效 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from setup-ipsec-vpn.