Snippets

Nguyễn Hồng Quân Debug site-to-site StrongSwan with presence of WireGuard

Created by Nguyễn Hồng Quân
Moon-server_journalctl_strongswan-swanctl.service
Raw 
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
Thg 2 11 17:56:50 quan.hoabinh.vn systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]: loaded plugins: charon-systemd aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark vici updown eap-mschapv2 xauth-generic counters
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]: dropped capabilities, running as uid 0, gid 0
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]: spawning 16 worker threads
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]: loaded certificate 'CN=quan.hoabinh.vn'
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]: loaded certificate 'C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3'
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]: loaded certificate 'C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009'
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]: loaded certificate 'C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009'
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]: loaded certificate 'O=Digital Signature Trust Co., CN=DST Root CA X3'
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]: loaded ANY private key
Thg 2 11 17:56:51 quan.hoabinh.vn swanctl[21337]: no authorities found, 0 unloaded
Thg 2 11 17:56:51 quan.hoabinh.vn swanctl[21337]: no pools found, 0 unloaded
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]:   id not specified, defaulting to cert subject 'CN=quan.hoabinh.vn'
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]: added vici connection: net-net
Thg 2 11 17:56:51 quan.hoabinh.vn charon-systemd[21311]: installing 'net-net'
Thg 2 11 17:56:51 quan.hoabinh.vn swanctl[21337]: loaded certificate from '/etc/swanctl/x509/fullchain.pem'
Thg 2 11 17:56:51 quan.hoabinh.vn swanctl[21337]: loaded certificate from '/etc/swanctl/x509/chain.pem'
Thg 2 11 17:56:51 quan.hoabinh.vn swanctl[21337]: loaded certificate from '/etc/swanctl/x509ca/D-TRUST_Root_Class_3_CA_2_EV_2009.pem'
Thg 2 11 17:56:51 quan.hoabinh.vn swanctl[21337]: loaded certificate from '/etc/swanctl/x509ca/D-TRUST_Root_Class_3_CA_2_2009.pem'
Thg 2 11 17:56:51 quan.hoabinh.vn swanctl[21337]: loaded certificate from '/etc/swanctl/x509ca/DST_Root_CA_X3.pem'
Thg 2 11 17:56:51 quan.hoabinh.vn swanctl[21337]: loaded private key from '/etc/swanctl/private/privkey.pem'
Thg 2 11 17:56:51 quan.hoabinh.vn swanctl[21337]: loaded connection 'net-net'
Thg 2 11 17:56:51 quan.hoabinh.vn swanctl[21337]: successfully loaded 1 connections, 0 unloaded
Thg 2 11 17:56:51 quan.hoabinh.vn systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: creating acquire job for policy 192.168.12.1/32[udp/52055] === 192.168.18.1/32[udp/1025] with reqid {1}
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: initiating IKE_SA net-net[1] to 104.248.153.183
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[500] to 104.248.153.183[500] (760 bytes)
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[500] to 103.92.28.225[500] (357 bytes)
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_AES128_XCBC/ECP_256
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: received cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: received cert request for "O=Digital Signature Trust Co., CN=DST Root CA X3"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: received cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: received cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: sending cert request for "O=Digital Signature Trust Co., CN=DST Root CA X3"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: sending cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: authentication of 'CN=quan.hoabinh.vn' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: sending end entity cert "CN=quan.hoabinh.vn"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: establishing CHILD_SA net-net{2} reqid 1
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: splitting IKE message (2080 bytes) into 2 fragments
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: generating IKE_AUTH request 1 [ EF(1/2) ]
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: generating IKE_AUTH request 1 [ EF(2/2) ]
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (1236 bytes)
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (916 bytes)
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (1236 bytes)
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: parsed IKE_AUTH response 1 [ EF(1/2) ]
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: received fragment #1 of 2, waiting for complete IKE message
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (740 bytes)
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: parsed IKE_AUTH response 1 [ EF(2/2) ]
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: received fragment #2 of 2, reassembled fragmented IKE message (1904 bytes)
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: parsed IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: received end entity cert "CN=parking.nanochip.io"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]:   using certificate "CN=parking.nanochip.io"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]:   using trusted intermediate ca certificate "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: checking certificate status of "CN=parking.nanochip.io"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]:   requesting ocsp status from 'http://ocsp.int-x3.letsencrypt.org' ...
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: unable to fetch from http://ocsp.int-x3.letsencrypt.org, no capable fetcher found
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: ocsp request to http://ocsp.int-x3.letsencrypt.org failed
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: ocsp check failed, fallback to crl
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: certificate status is not available
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]:   using trusted ca certificate "O=Digital Signature Trust Co., CN=DST Root CA X3"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: checking certificate status of "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]:   requesting ocsp status from 'http://isrg.trustid.ocsp.identrust.com' ...
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: unable to fetch from http://isrg.trustid.ocsp.identrust.com, no capable fetcher found
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: ocsp request to http://isrg.trustid.ocsp.identrust.com failed
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: ocsp check failed, fallback to crl
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]:   fetching crl from 'http://crl.identrust.com/DSTROOTCAX3CRL.crl' ...
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: unable to fetch from http://crl.identrust.com/DSTROOTCAX3CRL.crl, no capable fetcher found
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: crl fetching failed
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: certificate status is not available
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: certificate policy 2.23.140.1.2.1 for 'CN=parking.nanochip.io' not allowed by trustchain, ignored
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: certificate policy 1.3.6.1.4.1.44947.1.1.1 for 'CN=parking.nanochip.io' not allowed by trustchain, ignored
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]:   reached self-signed root ca with a path length of 1
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: authentication of 'CN=parking.nanochip.io' with RSA_EMSA_PKCS1_SHA2_256 successful
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: IKE_SA net-net[1] established between 103.92.28.225[CN=quan.hoabinh.vn]...104.248.153.183[CN=parking.nanochip.io]
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: scheduling rekeying in 14350s
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: maximum IKE_SA lifetime 15790s
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: CHILD_SA net-net{2} established with SPIs caa4ad82_i c101202c_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 17:56:54 quan.hoabinh.vn vpn[21436]: + CN=parking.nanochip.io 192.168.18.0/24 == 104.248.153.183 -- 103.92.28.225 == 192.168.12.0/24
Thg 2 11 17:56:54 quan.hoabinh.vn charon-systemd[21311]: peer supports MOBIKE
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: creating rekey job for CHILD_SA ESP/0xcaa4ad82/103.92.28.225
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: establishing CHILD_SA net-net{3} reqid 1
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: generating CREATE_CHILD_SA request 2 [ N(REKEY_SA) SA No TSi TSr ]
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (272 bytes)
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (208 bytes)
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: parsed CREATE_CHILD_SA response 2 [ SA No TSi TSr ]
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: inbound CHILD_SA net-net{3} established with SPIs cff897e2_i c6519b25_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: outbound CHILD_SA net-net{3} established with SPIs cff897e2_i c6519b25_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: closing CHILD_SA net-net{2} with SPIs caa4ad82_i (0 bytes) c101202c_o (0 bytes) and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: sending DELETE for ESP CHILD_SA with SPI caa4ad82
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: generating INFORMATIONAL request 3 [ D ]
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (80 bytes)
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (80 bytes)
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: parsed INFORMATIONAL response 3 [ D ]
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: received DELETE for ESP CHILD_SA with SPI c101202c
Thg 2 11 18:53:10 quan.hoabinh.vn charon-systemd[21311]: CHILD_SA closed
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: creating rekey job for CHILD_SA ESP/0xcff897e2/103.92.28.225
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: establishing CHILD_SA net-net{4} reqid 1
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: generating CREATE_CHILD_SA request 4 [ N(REKEY_SA) SA No TSi TSr ]
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (272 bytes)
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (208 bytes)
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: parsed CREATE_CHILD_SA response 4 [ SA No TSi TSr ]
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: inbound CHILD_SA net-net{4} established with SPIs c5632589_i c6fc228f_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: outbound CHILD_SA net-net{4} established with SPIs c5632589_i c6fc228f_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: closing CHILD_SA net-net{3} with SPIs cff897e2_i (0 bytes) c6519b25_o (0 bytes) and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: sending DELETE for ESP CHILD_SA with SPI cff897e2
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: generating INFORMATIONAL request 5 [ D ]
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (80 bytes)
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (80 bytes)
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: parsed INFORMATIONAL response 5 [ D ]
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: received DELETE for ESP CHILD_SA with SPI c6519b25
Thg 2 11 19:47:56 quan.hoabinh.vn charon-systemd[21311]: CHILD_SA closed
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (272 bytes)
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: parsed CREATE_CHILD_SA request 0 [ N(REKEY_SA) SA No TSi TSr ]
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: inbound CHILD_SA net-net{5} established with SPIs c741e418_i c3d2a18e_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: generating CREATE_CHILD_SA response 0 [ SA No TSi TSr ]
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (208 bytes)
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (80 bytes)
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: parsed INFORMATIONAL request 1 [ D ]
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: received DELETE for ESP CHILD_SA with SPI c6fc228f
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: closing CHILD_SA net-net{4} with SPIs c5632589_i (0 bytes) c6fc228f_o (0 bytes) and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: sending DELETE for ESP CHILD_SA with SPI c5632589
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: CHILD_SA closed
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: outbound CHILD_SA net-net{5} established with SPIs c741e418_i c3d2a18e_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: generating INFORMATIONAL response 1 [ D ]
Thg 2 11 20:43:19 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (80 bytes)
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: creating rekey job for CHILD_SA ESP/0xc741e418/103.92.28.225
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: establishing CHILD_SA net-net{6} reqid 1
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: generating CREATE_CHILD_SA request 6 [ N(REKEY_SA) SA No TSi TSr ]
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (272 bytes)
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (208 bytes)
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: parsed CREATE_CHILD_SA response 6 [ SA No TSi TSr ]
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: inbound CHILD_SA net-net{6} established with SPIs c5ada61f_i c383f574_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: outbound CHILD_SA net-net{6} established with SPIs c5ada61f_i c383f574_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: closing CHILD_SA net-net{5} with SPIs c741e418_i (0 bytes) c3d2a18e_o (0 bytes) and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: sending DELETE for ESP CHILD_SA with SPI c741e418
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: generating INFORMATIONAL request 7 [ D ]
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (80 bytes)
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (80 bytes)
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: parsed INFORMATIONAL response 7 [ D ]
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: received DELETE for ESP CHILD_SA with SPI c3d2a18e
Thg 2 11 21:38:54 quan.hoabinh.vn charon-systemd[21311]: CHILD_SA closed
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (896 bytes)
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: parsed CREATE_CHILD_SA request 2 [ SA No KE ]
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: 104.248.153.183 is initiating an IKE_SA
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: scheduling rekeying in 13680s
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: maximum IKE_SA lifetime 15120s
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: IKE_SA net-net[2] rekeyed between 103.92.28.225[CN=quan.hoabinh.vn]...104.248.153.183[CN=parking.nanochip.io]
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: generating CREATE_CHILD_SA response 2 [ SA No KE ]
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (240 bytes)
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (80 bytes)
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: parsed INFORMATIONAL request 3 [ D ]
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: received DELETE for IKE_SA net-net[1]
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: deleting IKE_SA net-net[1] between 103.92.28.225[CN=quan.hoabinh.vn]...104.248.153.183[CN=parking.nanochip.io]
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: IKE_SA deleted
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: generating INFORMATIONAL response 3 [ ]
Thg 2 11 21:45:16 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (80 bytes)
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: creating rekey job for CHILD_SA ESP/0xc5ada61f/103.92.28.225
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: establishing CHILD_SA net-net{7} reqid 1
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: generating CREATE_CHILD_SA request 0 [ N(REKEY_SA) SA No TSi TSr ]
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (272 bytes)
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (208 bytes)
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: parsed CREATE_CHILD_SA response 0 [ SA No TSi TSr ]
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: inbound CHILD_SA net-net{7} established with SPIs cedf038a_i cfa0b10c_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: outbound CHILD_SA net-net{7} established with SPIs cedf038a_i cfa0b10c_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: closing CHILD_SA net-net{6} with SPIs c5ada61f_i (0 bytes) c383f574_o (0 bytes) and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: sending DELETE for ESP CHILD_SA with SPI c5ada61f
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: generating INFORMATIONAL request 1 [ D ]
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (80 bytes)
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (80 bytes)
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: parsed INFORMATIONAL response 1 [ D ]
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: received DELETE for ESP CHILD_SA with SPI c383f574
Thg 2 11 22:37:20 quan.hoabinh.vn charon-systemd[21311]: CHILD_SA closed
Thg 2 11 23:24:45 quan.hoabinh.vn charon-systemd[21311]: SIGTERM received, shutting down
Thg 2 11 23:24:45 quan.hoabinh.vn systemd[1]: Stopping strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Thg 2 11 23:24:45 quan.hoabinh.vn charon-systemd[21311]: deleting IKE_SA net-net[2] between 103.92.28.225[CN=quan.hoabinh.vn]...104.248.153.183[CN=parking.nanochip.io]
Thg 2 11 23:24:45 quan.hoabinh.vn charon-systemd[21311]: sending DELETE for IKE_SA net-net[2]
Thg 2 11 23:24:45 quan.hoabinh.vn charon-systemd[21311]: generating INFORMATIONAL request 2 [ D ]
Thg 2 11 23:24:45 quan.hoabinh.vn charon-systemd[21311]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (80 bytes)
Thg 2 11 23:24:46 quan.hoabinh.vn vpn[17072]: - CN=parking.nanochip.io 192.168.18.0/24 == 104.248.153.183 -- 103.92.28.225 == 192.168.12.0/24
Thg 2 11 23:24:46 quan.hoabinh.vn systemd[1]: strongswan-swanctl.service: Succeeded.
Thg 2 11 23:24:46 quan.hoabinh.vn systemd[1]: Stopped strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
Thg 2 11 23:24:46 quan.hoabinh.vn systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]: loaded plugins: charon-systemd aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark vici updown eap-mschapv2 xauth-generic counters
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]: dropped capabilities, running as uid 0, gid 0
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]: spawning 16 worker threads
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]: loaded certificate 'CN=quan.hoabinh.vn'
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]: loaded certificate 'C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3'
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]: loaded certificate 'C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009'
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]: loaded certificate 'C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009'
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]: loaded certificate 'O=Digital Signature Trust Co., CN=DST Root CA X3'
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]: loaded ANY private key
Thg 2 11 23:24:46 quan.hoabinh.vn swanctl[17098]: no authorities found, 0 unloaded
Thg 2 11 23:24:46 quan.hoabinh.vn swanctl[17098]: no pools found, 0 unloaded
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]:   id not specified, defaulting to cert subject 'CN=quan.hoabinh.vn'
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]: added vici connection: net-net
Thg 2 11 23:24:46 quan.hoabinh.vn charon-systemd[17073]: installing 'net-net'
Thg 2 11 23:24:46 quan.hoabinh.vn swanctl[17098]: loaded certificate from '/etc/swanctl/x509/fullchain.pem'
Thg 2 11 23:24:46 quan.hoabinh.vn swanctl[17098]: loaded certificate from '/etc/swanctl/x509/chain.pem'
Thg 2 11 23:24:46 quan.hoabinh.vn swanctl[17098]: loaded certificate from '/etc/swanctl/x509ca/D-TRUST_Root_Class_3_CA_2_EV_2009.pem'
Thg 2 11 23:24:46 quan.hoabinh.vn swanctl[17098]: loaded certificate from '/etc/swanctl/x509ca/D-TRUST_Root_Class_3_CA_2_2009.pem'
Thg 2 11 23:24:46 quan.hoabinh.vn swanctl[17098]: loaded certificate from '/etc/swanctl/x509ca/DST_Root_CA_X3.pem'
Thg 2 11 23:24:46 quan.hoabinh.vn swanctl[17098]: loaded private key from '/etc/swanctl/private/privkey.pem'
Thg 2 11 23:24:46 quan.hoabinh.vn swanctl[17098]: loaded connection 'net-net'
Thg 2 11 23:24:46 quan.hoabinh.vn swanctl[17098]: successfully loaded 1 connections, 0 unloaded
Thg 2 11 23:24:46 quan.hoabinh.vn systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: creating acquire job for policy 192.168.12.1/32[udp/57687] === 192.168.18.1/32[udp/1025] with reqid {1}
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: initiating IKE_SA net-net[1] to 104.248.153.183
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: sending packet: from 103.92.28.225[500] to 104.248.153.183[500] (760 bytes)
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: received packet: from 104.248.153.183[500] to 103.92.28.225[500] (357 bytes)
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_AES128_XCBC/ECP_256
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: received cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: received cert request for "O=Digital Signature Trust Co., CN=DST Root CA X3"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: received cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: received cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: sending cert request for "O=Digital Signature Trust Co., CN=DST Root CA X3"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: sending cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: authentication of 'CN=quan.hoabinh.vn' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: sending end entity cert "CN=quan.hoabinh.vn"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: establishing CHILD_SA net-net{2} reqid 1
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: generating IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: splitting IKE message (2080 bytes) into 2 fragments
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: generating IKE_AUTH request 1 [ EF(1/2) ]
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: generating IKE_AUTH request 1 [ EF(2/2) ]
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (1236 bytes)
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: sending packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (916 bytes)
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (1236 bytes)
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: parsed IKE_AUTH response 1 [ EF(1/2) ]
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: received fragment #1 of 2, waiting for complete IKE message
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: received packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (740 bytes)
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: parsed IKE_AUTH response 1 [ EF(2/2) ]
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: received fragment #2 of 2, reassembled fragmented IKE message (1904 bytes)
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: parsed IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: received end entity cert "CN=parking.nanochip.io"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]:   using certificate "CN=parking.nanochip.io"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]:   using trusted intermediate ca certificate "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: checking certificate status of "CN=parking.nanochip.io"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]:   requesting ocsp status from 'http://ocsp.int-x3.letsencrypt.org' ...
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: unable to fetch from http://ocsp.int-x3.letsencrypt.org, no capable fetcher found
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: ocsp request to http://ocsp.int-x3.letsencrypt.org failed
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: ocsp check failed, fallback to crl
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: certificate status is not available
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]:   using trusted ca certificate "O=Digital Signature Trust Co., CN=DST Root CA X3"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: checking certificate status of "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]:   requesting ocsp status from 'http://isrg.trustid.ocsp.identrust.com' ...
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: unable to fetch from http://isrg.trustid.ocsp.identrust.com, no capable fetcher found
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: ocsp request to http://isrg.trustid.ocsp.identrust.com failed
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: ocsp check failed, fallback to crl
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]:   fetching crl from 'http://crl.identrust.com/DSTROOTCAX3CRL.crl' ...
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: unable to fetch from http://crl.identrust.com/DSTROOTCAX3CRL.crl, no capable fetcher found
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: crl fetching failed
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: certificate status is not available
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: certificate policy 2.23.140.1.2.1 for 'CN=parking.nanochip.io' not allowed by trustchain, ignored
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: certificate policy 1.3.6.1.4.1.44947.1.1.1 for 'CN=parking.nanochip.io' not allowed by trustchain, ignored
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]:   reached self-signed root ca with a path length of 1
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: authentication of 'CN=parking.nanochip.io' with RSA_EMSA_PKCS1_SHA2_256 successful
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: IKE_SA net-net[1] established between 103.92.28.225[CN=quan.hoabinh.vn]...104.248.153.183[CN=parking.nanochip.io]
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: scheduling rekeying in 13534s
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: maximum IKE_SA lifetime 14974s
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: CHILD_SA net-net{2} established with SPIs c7ba1954_i c2362207_o and TS 192.168.12.0/24 === 192.168.18.0/24
Thg 2 11 23:25:39 quan.hoabinh.vn vpn[18213]: + CN=parking.nanochip.io 192.168.18.0/24 == 104.248.153.183 -- 103.92.28.225 == 192.168.12.0/24
Thg 2 11 23:25:39 quan.hoabinh.vn charon-systemd[17073]: peer supports MOBIKE
Moon_all_IP.sh
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether f2:e3:86:d5:95:b3 brd ff:ff:ff:ff:ff:ff
    inet 103.92.28.225/25 brd 103.92.28.255 scope global dynamic ens18
       valid_lft 86373500sec preferred_lft 86373500sec
    inet6 fe80::f0e3:86ff:fed5:95b3/64 scope link 
       valid_lft forever preferred_lft forever
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 192.168.12.1/24 scope global wg0
       valid_lft forever preferred_lft forever
Moon_iptables.sh
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
$ sudo iptables-save
# Generated by iptables-save v1.8.3 on Tue Feb 11 23:34:50 2020
*nat
:PREROUTING ACCEPT [41015:2525073]
:INPUT ACCEPT [5911:443692]
:OUTPUT ACCEPT [754:59892]
:POSTROUTING ACCEPT [290:21840]
-A POSTROUTING -o ens18 -j MASQUERADE
COMMIT
# Completed on Tue Feb 11 23:34:50 2020
# Generated by iptables-save v1.8.3 on Tue Feb 11 23:34:50 2020
*filter
:INPUT ACCEPT [1181:210126]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [663:304107]
-A FORWARD -s 192.168.18.0/24 -d 192.168.12.0/24 -i ens18 -m policy --dir in --pol ipsec --reqid 1 --proto esp -j ACCEPT
-A FORWARD -s 192.168.12.0/24 -d 192.168.18.0/24 -o ens18 -m policy --dir out --pol ipsec --reqid 1 --proto esp -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT
COMMIT
# Completed on Tue Feb 11 23:34:50 2020
Moon_route_table.sh
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ ip route show table all
192.168.18.0/24 via 103.92.28.129 dev ens18 table 220 proto static src 192.168.12.1 
default via 103.92.28.129 dev ens18 proto dhcp src 103.92.28.225 metric 100 
103.92.28.128/25 dev ens18 proto kernel scope link src 103.92.28.225 
103.92.28.129 dev ens18 proto dhcp scope link src 103.92.28.225 metric 100 
192.168.12.0/24 dev wg0 proto kernel scope link src 192.168.12.1 
broadcast 103.92.28.128 dev ens18 table local proto kernel scope link src 103.92.28.225 
local 103.92.28.225 dev ens18 table local proto kernel scope host src 103.92.28.225 
broadcast 103.92.28.255 dev ens18 table local proto kernel scope link src 103.92.28.225 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.12.0 dev wg0 table local proto kernel scope link src 192.168.12.1 
local 192.168.12.1 dev wg0 table local proto kernel scope host src 192.168.12.1 
broadcast 192.168.12.255 dev wg0 table local proto kernel scope link src 192.168.12.1 
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev ens18 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::f0e3:86ff:fed5:95b3 dev ens18 table local proto kernel metric 0 pref medium
ff00::/8 dev ens18 table local metric 256 pref medium
ff00::/8 dev wg0 table local metric 256 pref medium
Moon_swnanctl_status.sh
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
$ sudo swanctl -L
net-net: IKEv1/2, no reauthentication, rekeying every 14400s
  local:  103.92.28.225
  remote: 104.248.153.183
  local public key authentication:
    id: CN=quan.hoabinh.vn
    certs: CN=quan.hoabinh.vn
  remote public key authentication:
  net-net: TUNNEL, rekeying every 3600s
    local:  192.168.12.0/24
    remote: 192.168.18.0/24

$ sudo swanctl -l
net-net: #1, ESTABLISHED, IKEv2, 35823d70cdb888a5_i* c103c62734fe5163_r
  local  'CN=quan.hoabinh.vn' @ 103.92.28.225[4500]
  remote 'CN=parking.nanochip.io' @ 104.248.153.183[4500]
  AES_CBC-128/HMAC_SHA2_256_128/PRF_AES128_XCBC/ECP_256
  established 453s ago, rekeying in 13081s
  net-net: #2, reqid 1, INSTALLED, TUNNEL, ESP:AES_CBC-128/HMAC_SHA2_256_128
    installed 453s ago, rekeying in 2929s, expires in 3507s
    in  c7ba1954,      0 bytes,     0 packets
    out c2362207,      0 bytes,     0 packets
    local  192.168.12.0/24
    remote 192.168.18.0/24
Sun-server_journalctl_strongswan-swanctl.service
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
Feb 11 23:25:24 parking systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Feb 11 23:25:24 parking charon-systemd[4635]: loaded plugins: charon-systemd aesni aes rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark vici updown eap-mschapv2 xauth-generic counters
Feb 11 23:25:24 parking charon-systemd[4635]: dropped capabilities, running as uid 0, gid 0
Feb 11 23:25:24 parking charon-systemd[4635]: spawning 16 worker threads
Feb 11 23:25:24 parking charon-systemd[4635]: loaded certificate 'C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3'
Feb 11 23:25:24 parking charon-systemd[4635]: loaded certificate 'CN=parking.nanochip.io'
Feb 11 23:25:24 parking charon-systemd[4635]: loaded certificate 'C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009'
Feb 11 23:25:24 parking charon-systemd[4635]: loaded certificate 'O=Digital Signature Trust Co., CN=DST Root CA X3'
Feb 11 23:25:24 parking charon-systemd[4635]: loaded certificate 'C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009'
Feb 11 23:25:24 parking charon-systemd[4635]: loaded ANY private key
Feb 11 23:25:24 parking swanctl[4662]: no authorities found, 0 unloaded
Feb 11 23:25:24 parking swanctl[4662]: no pools found, 0 unloaded
Feb 11 23:25:24 parking charon-systemd[4635]:   id not specified, defaulting to cert subject 'CN=parking.nanochip.io'
Feb 11 23:25:24 parking charon-systemd[4635]: added vici connection: net-net
Feb 11 23:25:24 parking charon-systemd[4635]: installing 'net-net'
Feb 11 23:25:24 parking swanctl[4662]: loaded certificate from '/etc/swanctl/x509/chain.pem'
Feb 11 23:25:24 parking swanctl[4662]: loaded certificate from '/etc/swanctl/x509/fullchain.pem'
Feb 11 23:25:24 parking swanctl[4662]: loaded certificate from '/etc/swanctl/x509ca/D-TRUST_Root_Class_3_CA_2_2009.pem'
Feb 11 23:25:24 parking swanctl[4662]: loaded certificate from '/etc/swanctl/x509ca/DST_Root_CA_X3.pem'
Feb 11 23:25:24 parking swanctl[4662]: loaded certificate from '/etc/swanctl/x509ca/D-TRUST_Root_Class_3_CA_2_EV_2009.pem'
Feb 11 23:25:24 parking swanctl[4662]: loaded private key from '/etc/swanctl/private/privkey.pem'
Feb 11 23:25:24 parking swanctl[4662]: loaded connection 'net-net'
Feb 11 23:25:24 parking swanctl[4662]: successfully loaded 1 connections, 0 unloaded
Feb 11 23:25:24 parking systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
Feb 11 23:25:39 parking charon-systemd[4635]: received packet: from 103.92.28.225[500] to 104.248.153.183[500] (760 bytes)
Feb 11 23:25:39 parking charon-systemd[4635]: parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Feb 11 23:25:39 parking charon-systemd[4635]: 103.92.28.225 is initiating an IKE_SA
Feb 11 23:25:39 parking charon-systemd[4635]: selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_AES128_XCBC/ECP_256
Feb 11 23:25:39 parking charon-systemd[4635]: sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009"
Feb 11 23:25:39 parking charon-systemd[4635]: sending cert request for "O=Digital Signature Trust Co., CN=DST Root CA X3"
Feb 11 23:25:39 parking charon-systemd[4635]: sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009"
Feb 11 23:25:39 parking charon-systemd[4635]: sending cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Feb 11 23:25:39 parking charon-systemd[4635]: generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Feb 11 23:25:39 parking charon-systemd[4635]: sending packet: from 104.248.153.183[500] to 103.92.28.225[500] (357 bytes)
Feb 11 23:25:39 parking charon-systemd[4635]: received packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (1236 bytes)
Feb 11 23:25:39 parking charon-systemd[4635]: parsed IKE_AUTH request 1 [ EF(1/2) ]
Feb 11 23:25:39 parking charon-systemd[4635]: received fragment #1 of 2, waiting for complete IKE message
Feb 11 23:25:39 parking charon-systemd[4635]: received packet: from 103.92.28.225[4500] to 104.248.153.183[4500] (916 bytes)
Feb 11 23:25:39 parking charon-systemd[4635]: parsed IKE_AUTH request 1 [ EF(2/2) ]
Feb 11 23:25:39 parking charon-systemd[4635]: received fragment #2 of 2, reassembled fragmented IKE message (2080 bytes)
Feb 11 23:25:39 parking charon-systemd[4635]: parsed IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Feb 11 23:25:39 parking charon-systemd[4635]: received cert request for "O=Digital Signature Trust Co., CN=DST Root CA X3"
Feb 11 23:25:39 parking charon-systemd[4635]: received cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009"
Feb 11 23:25:39 parking charon-systemd[4635]: received cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009"
Feb 11 23:25:39 parking charon-systemd[4635]: received cert request for "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Feb 11 23:25:39 parking charon-systemd[4635]: received end entity cert "CN=quan.hoabinh.vn"
Feb 11 23:25:39 parking charon-systemd[4635]: looking for peer configs matching 104.248.153.183[%any]...103.92.28.225[CN=quan.hoabinh.vn]
Feb 11 23:25:39 parking charon-systemd[4635]: selected peer config 'net-net'
Feb 11 23:25:39 parking charon-systemd[4635]:   using certificate "CN=quan.hoabinh.vn"
Feb 11 23:25:39 parking charon-systemd[4635]:   using trusted intermediate ca certificate "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Feb 11 23:25:39 parking charon-systemd[4635]: checking certificate status of "CN=quan.hoabinh.vn"
Feb 11 23:25:39 parking charon-systemd[4635]:   requesting ocsp status from 'http://ocsp.int-x3.letsencrypt.org' ...
Feb 11 23:25:39 parking charon-systemd[4635]: unable to fetch from http://ocsp.int-x3.letsencrypt.org, no capable fetcher found
Feb 11 23:25:39 parking charon-systemd[4635]: ocsp request to http://ocsp.int-x3.letsencrypt.org failed
Feb 11 23:25:39 parking charon-systemd[4635]: ocsp check failed, fallback to crl
Feb 11 23:25:39 parking charon-systemd[4635]: certificate status is not available
Feb 11 23:25:39 parking charon-systemd[4635]:   using trusted ca certificate "O=Digital Signature Trust Co., CN=DST Root CA X3"
Feb 11 23:25:39 parking charon-systemd[4635]: checking certificate status of "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3"
Feb 11 23:25:39 parking charon-systemd[4635]:   requesting ocsp status from 'http://isrg.trustid.ocsp.identrust.com' ...
Feb 11 23:25:39 parking charon-systemd[4635]: unable to fetch from http://isrg.trustid.ocsp.identrust.com, no capable fetcher found
Feb 11 23:25:39 parking charon-systemd[4635]: ocsp request to http://isrg.trustid.ocsp.identrust.com failed
Feb 11 23:25:39 parking charon-systemd[4635]: ocsp check failed, fallback to crl
Feb 11 23:25:39 parking charon-systemd[4635]:   fetching crl from 'http://crl.identrust.com/DSTROOTCAX3CRL.crl' ...
Feb 11 23:25:39 parking charon-systemd[4635]: unable to fetch from http://crl.identrust.com/DSTROOTCAX3CRL.crl, no capable fetcher found
Feb 11 23:25:39 parking charon-systemd[4635]: crl fetching failed
Feb 11 23:25:39 parking charon-systemd[4635]: certificate status is not available
Feb 11 23:25:39 parking charon-systemd[4635]: certificate policy 2.23.140.1.2.1 for 'CN=quan.hoabinh.vn' not allowed by trustchain, ignored
Feb 11 23:25:39 parking charon-systemd[4635]: certificate policy 1.3.6.1.4.1.44947.1.1.1 for 'CN=quan.hoabinh.vn' not allowed by trustchain, ignored
Feb 11 23:25:39 parking charon-systemd[4635]:   reached self-signed root ca with a path length of 1
Feb 11 23:25:39 parking charon-systemd[4635]: authentication of 'CN=quan.hoabinh.vn' with RSA_EMSA_PKCS1_SHA2_256 successful
Feb 11 23:25:39 parking charon-systemd[4635]: peer supports MOBIKE
Feb 11 23:25:39 parking charon-systemd[4635]: authentication of 'CN=parking.nanochip.io' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
Feb 11 23:25:39 parking charon-systemd[4635]: IKE_SA net-net[1] established between 104.248.153.183[CN=parking.nanochip.io]...103.92.28.225[CN=quan.hoabinh.vn]
Feb 11 23:25:39 parking charon-systemd[4635]: scheduling rekeying in 14138s
Feb 11 23:25:39 parking charon-systemd[4635]: maximum IKE_SA lifetime 15578s
Feb 11 23:25:39 parking charon-systemd[4635]: sending end entity cert "CN=parking.nanochip.io"
Feb 11 23:25:39 parking charon-systemd[4635]: selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Feb 11 23:25:39 parking charon-systemd[4635]: CHILD_SA net-net{2} established with SPIs c2362207_i c7ba1954_o and TS 192.168.18.0/24 === 192.168.12.0/24
Feb 11 23:25:39 parking vpn[5005]: + CN=quan.hoabinh.vn 192.168.12.0/24 == 103.92.28.225 -- 104.248.153.183 == 192.168.18.0/24
Feb 11 23:25:39 parking charon-systemd[4635]: generating IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
Feb 11 23:25:39 parking charon-systemd[4635]: splitting IKE message (1904 bytes) into 2 fragments
Feb 11 23:25:39 parking charon-systemd[4635]: generating IKE_AUTH response 1 [ EF(1/2) ]
Feb 11 23:25:39 parking charon-systemd[4635]: generating IKE_AUTH response 1 [ EF(2/2) ]
Feb 11 23:25:39 parking charon-systemd[4635]: sending packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (1236 bytes)
Feb 11 23:25:39 parking charon-systemd[4635]: sending packet: from 104.248.153.183[4500] to 103.92.28.225[4500] (740 bytes)
Sun_all_IP.sh
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
$ ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 2a:63:c8:01:6a:86 brd ff:ff:ff:ff:ff:ff
    inet 104.248.153.183/20 brd 104.248.159.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet 10.15.0.9/16 brd 10.15.255.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::2863:c8ff:fe01:6a86/64 scope link 
       valid_lft forever preferred_lft forever
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 192.168.18.1/24 scope global wg0
       valid_lft forever preferred_lft forever
Sun_iptables.sh
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
$ sudo iptables-save
# Generated by iptables-save v1.8.3 on Tue Feb 11 23:35:32 2020
*nat
:PREROUTING ACCEPT [29783:1670737]
:INPUT ACCEPT [24905:1377909]
:OUTPUT ACCEPT [213:21579]
:POSTROUTING ACCEPT [4917:295866]
-A POSTROUTING -o ens3 -j MASQUERADE
COMMIT
# Completed on Tue Feb 11 23:35:32 2020
# Generated by iptables-save v1.8.3 on Tue Feb 11 23:35:32 2020
*filter
:INPUT ACCEPT [4509:3343332]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4331:3558352]
-A FORWARD -s 192.168.12.0/24 -d 192.168.18.0/24 -i ens3 -m policy --dir in --pol ipsec --reqid 1 --proto esp -j ACCEPT
-A FORWARD -s 192.168.18.0/24 -d 192.168.12.0/24 -o ens3 -m policy --dir out --pol ipsec --reqid 1 --proto esp -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT
COMMIT
# Completed on Tue Feb 11 23:35:32 2020
Sun_route_table.sh
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
$ ip route show table all
192.168.12.0/24 via 104.248.144.1 dev ens3 table 220 proto static src 192.168.18.1 
default via 104.248.144.1 dev ens3 proto static 
10.15.0.0/16 dev ens3 proto kernel scope link src 10.15.0.9 
10.15.0.0/16 via 10.15.0.1 dev ens3 proto static 
104.248.144.0/20 dev ens3 proto kernel scope link src 104.248.153.183 
192.168.18.0/24 dev wg0 proto kernel scope link src 192.168.18.1 
broadcast 10.15.0.0 dev ens3 table local proto kernel scope link src 10.15.0.9 
local 10.15.0.9 dev ens3 table local proto kernel scope host src 10.15.0.9 
broadcast 10.15.255.255 dev ens3 table local proto kernel scope link src 10.15.0.9 
broadcast 104.248.144.0 dev ens3 table local proto kernel scope link src 104.248.153.183 
local 104.248.153.183 dev ens3 table local proto kernel scope host src 104.248.153.183 
broadcast 104.248.159.255 dev ens3 table local proto kernel scope link src 104.248.153.183 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.18.0 dev wg0 table local proto kernel scope link src 192.168.18.1 
local 192.168.18.1 dev wg0 table local proto kernel scope host src 192.168.18.1 
broadcast 192.168.18.255 dev wg0 table local proto kernel scope link src 192.168.18.1 
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev ens3 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::2863:c8ff:fe01:6a86 dev ens3 table local proto kernel metric 0 pref medium
ff00::/8 dev ens3 table local metric 256 pref medium
ff00::/8 dev wg0 table local metric 256 pref medium
Sun_swanctl_status.sh
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
$ sudo swanctl -L
net-net: IKEv1/2, no reauthentication, rekeying every 14400s
  local:  104.248.153.183
  remote: 103.92.28.225
  local public key authentication:
    id: CN=parking.nanochip.io
    certs: CN=parking.nanochip.io
  remote public key authentication:
  net-net: TUNNEL, rekeying every 3600s
    local:  192.168.18.0/24
    remote: 192.168.12.0/24

$ sudo swanctl -l
net-net: #1, ESTABLISHED, IKEv2, 35823d70cdb888a5_i c103c62734fe5163_r*
  local  'CN=parking.nanochip.io' @ 104.248.153.183[4500]
  remote 'CN=quan.hoabinh.vn' @ 103.92.28.225[4500]
  AES_CBC-128/HMAC_SHA2_256_128/PRF_AES128_XCBC/ECP_256
  established 524s ago, rekeying in 13614s
  net-net: #2, reqid 1, INSTALLED, TUNNEL, ESP:AES_CBC-128/HMAC_SHA2_256_128
    installed 524s ago, rekeying in 2980s, expires in 3436s
    in  c2362207,      0 bytes,     0 packets
    out c7ba1954,      0 bytes,     0 packets
    local  192.168.18.0/24
    remote 192.168.12.0/24
etc/swanctl/conf.d/moon.conf
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
connections {
	net-net {
		local_addrs = 103.92.28.225
		remote_addrs = 104.248.153.183
		local {
			auth = pubkey
			certs = fullchain.pem
		}
		remote {
			auth = pubkey
		}
		children {
			net-net {
				local_ts = 192.168.12.0/24
				remote_ts = 192.168.18.0/24
				updown = /usr/lib/ipsec/_updown iptables
				start_action = trap
			}
		}
	}
}

mobike = no
reauth_time = 10800
proposals = aes128-sha256-x25519
etc/swanctl/conf.d/sun.conf
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
connections {
	net-net {
		local_addrs = 104.248.153.183
		remote_addrs = 103.92.28.225
		local {
			auth = pubkey
			certs = fullchain.pem
		}
		remote {
			auth = pubkey
		}
		children {
			net-net {
				local_ts = 192.168.18.0/24
				remote_ts = 192.168.12.0/24
				updown = /usr/lib/ipsec/_updown iptables
				start_action = trap
			}
		}
	}
}

mobike = no
reauth_time = 10800
proposals = aes128-sha256-x25519

Comments (0)

HTTPS SSH

You can clone a snippet to your computer for local editing. Learn more.