Mar 10 19:36:26 moon systemd[1]: Starting strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Mar 10 19:36:26 moon charon-systemd: 00[DMN] Starting charon-systemd IKE daemon (strongSwan 6.0.1, Linux 6.13.6, x86_64)
Mar 10 19:36:26 moon charon-systemd: 00[LIB] providers loaded by OpenSSL: legacy default
Mar 10 19:36:26 moon charon-systemd: 00[LIB] loaded plugins: charon-systemd pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
Mar 10 19:36:26 moon charon-systemd: 00[JOB] spawning 16 worker threads
Mar 10 19:36:26 moon charon-systemd: 06[CFG] loaded certificate 'C=CH, O=strongSwan Project, CN=moon.strongswan.org'
Mar 10 19:36:26 moon charon-systemd: 06[CFG] loaded certificate 'C=CH, O=strongSwan Project, CN=strongSwan Root CA'
Mar 10 19:36:26 moon charon-systemd: 06[CFG] loaded certificate 'C=CH, O=strongSwan Project, OU=Sales, CN=Sales CA'
Mar 10 19:36:26 moon charon-systemd: 06[CFG] loaded certificate 'C=CH, O=strongSwan Project, OU=Research, CN=Research CA'
Mar 10 19:36:26 moon charon-systemd: 06[CFG] loaded RSA private key
Mar 10 19:36:26 moon charon-systemd: 10[CFG] added vici connection: research
Mar 10 19:36:26 moon charon-systemd: 06[CFG] added vici connection: sales
Mar 10 19:36:26 moon swanctl[47230]: loaded certificate from '/etc/swanctl/x509/moonCert.pem'
Mar 10 19:36:26 moon swanctl[47230]: loaded certificate from '/etc/swanctl/x509ca/strongswanCert.pem'
Mar 10 19:36:26 moon swanctl[47230]: loaded certificate from '/etc/swanctl/x509ca/salesCert.pem'
Mar 10 19:36:26 moon swanctl[47230]: loaded certificate from '/etc/swanctl/x509ca/researchCert.pem'
Mar 10 19:36:26 moon swanctl[47230]: loaded rsa key from '/etc/swanctl/rsa/moonKey.pem'
Mar 10 19:36:26 moon swanctl[47230]: loaded authority 'strongswan'
Mar 10 19:36:26 moon swanctl[47230]: loaded authority 'research'
Mar 10 19:36:26 moon swanctl[47230]: loaded authority 'sales'
Mar 10 19:36:26 moon swanctl[47230]: successfully loaded 3 authorities, 0 unloaded
Mar 10 19:36:26 moon swanctl[47230]: no pools found, 0 unloaded
Mar 10 19:36:26 moon swanctl[47230]: loaded connection 'research'
Mar 10 19:36:26 moon swanctl[47230]: loaded connection 'sales'
Mar 10 19:36:26 moon swanctl[47230]: successfully loaded 2 connections, 0 unloaded
Mar 10 19:36:26 moon systemd[1]: Started strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
Mar 10 19:36:28 moon charon-systemd: 04[NET] received packet: from 192.168.0.100[500] to 192.168.0.1[500] (272 bytes)
Mar 10 19:36:28 moon charon-systemd: 04[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Mar 10 19:36:28 moon charon-systemd: 04[IKE] 192.168.0.100 is initiating an IKE_SA
Mar 10 19:36:28 moon charon-systemd: 04[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
Mar 10 19:36:28 moon charon-systemd: 04[IKE] sending cert request for "C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
Mar 10 19:36:28 moon charon-systemd: 04[IKE] sending cert request for "C=CH, O=strongSwan Project, OU=Sales, CN=Sales CA"
Mar 10 19:36:28 moon charon-systemd: 04[IKE] sending cert request for "C=CH, O=strongSwan Project, CN=strongSwan Root CA"
Mar 10 19:36:28 moon charon-systemd: 04[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Mar 10 19:36:28 moon charon-systemd: 04[NET] sending packet: from 192.168.0.1[500] to 192.168.0.100[500] (345 bytes)
Mar 10 19:36:28 moon charon-systemd: 15[NET] received packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1236 bytes)
Mar 10 19:36:28 moon charon-systemd: 15[ENC] parsed IKE_AUTH request 1 [ EF(1/2) ]
Mar 10 19:36:28 moon charon-systemd: 15[ENC] received fragment #1 of 2, waiting for complete IKE message
Mar 10 19:36:28 moon charon-systemd: 09[NET] received packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (756 bytes)
Mar 10 19:36:28 moon charon-systemd: 09[ENC] parsed IKE_AUTH request 1 [ EF(2/2) ]
Mar 10 19:36:28 moon charon-systemd: 09[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1920 bytes)
Mar 10 19:36:28 moon charon-systemd: 09[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Mar 10 19:36:28 moon charon-systemd: 09[IKE] received cert request for "C=CH, O=strongSwan Project, CN=strongSwan Root CA"
Mar 10 19:36:28 moon charon-systemd: 09[IKE] received end entity cert "C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org"
Mar 10 19:36:28 moon charon-systemd: 09[CFG] looking for peer configs matching 192.168.0.1[moon.strongswan.org]...192.168.0.100[carol@strongswan.org]
Mar 10 19:36:28 moon charon-systemd: 09[CFG] selected peer config 'research'
Mar 10 19:36:28 moon charon-systemd: 09[CFG]   using certificate "C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org"
Mar 10 19:36:28 moon charon-systemd: 09[CFG]   using trusted intermediate ca certificate "C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
Mar 10 19:36:28 moon charon-systemd: 09[CFG]   using trusted ca certificate "C=CH, O=strongSwan Project, CN=strongSwan Root CA"
Mar 10 19:36:28 moon charon-systemd: 09[CFG]   reached self-signed root ca with a path length of 1
Mar 10 19:36:28 moon charon-systemd: 09[CFG] checking certificate status of "C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org"
Mar 10 19:36:28 moon charon-systemd: 09[CFG]   requesting ocsp status from 'http://ocsp.strongswan.org:8880' ...
Mar 10 19:36:29 moon charon-systemd: 09[CFG]   ocsp response correctly signed by "C=CH, O=strongSwan Project, OU=Research OCSP Signing Authority, CN=ocsp.research.strongswan.org"
Mar 10 19:36:29 moon charon-systemd: 09[CFG]   ocsp response is valid: until Mar 10 19:41:29 2025
Mar 10 19:36:29 moon charon-systemd: 09[CFG] certificate status is good
Mar 10 19:36:29 moon charon-systemd: 09[CFG] checking certificate status of "C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
Mar 10 19:36:29 moon charon-systemd: 09[CFG]   requesting ocsp status from 'http://ocsp.strongswan.org:8880' ...
Mar 10 19:36:29 moon charon-systemd: 09[CFG]   ocsp response correctly signed by "C=CH, O=strongSwan Project, OU=OCSP Signing Authority, CN=ocsp.strongswan.org"
Mar 10 19:36:29 moon charon-systemd: 09[CFG]   ocsp response is valid: until Mar 10 19:41:29 2025
Mar 10 19:36:29 moon charon-systemd: 09[CFG] certificate status is good
Mar 10 19:36:29 moon charon-systemd: 09[IKE] authentication of 'carol@strongswan.org' with RSA_EMSA_PKCS1_SHA2_256 successful
Mar 10 19:36:29 moon charon-systemd: 09[IKE] peer supports MOBIKE
Mar 10 19:36:29 moon charon-systemd: 09[IKE] authentication of 'moon.strongswan.org' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
Mar 10 19:36:29 moon charon-systemd: 09[IKE] sending end entity cert "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
Mar 10 19:36:29 moon charon-systemd: 09[IKE] IKE_SA research[1] established between 192.168.0.1[moon.strongswan.org]...192.168.0.100[carol@strongswan.org]
Mar 10 19:36:29 moon charon-systemd: 09[IKE] scheduling rekeying in 14104s
Mar 10 19:36:29 moon charon-systemd: 09[IKE] maximum IKE_SA lifetime 15544s
Mar 10 19:36:29 moon charon-systemd: 09[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/NO_EXT_SEQ
Mar 10 19:36:29 moon charon-systemd: 09[IKE] CHILD_SA alice{1} established with SPIs c1bf5ef5_i cfd233df_o and TS 10.1.0.10/32 === 192.168.0.100/32
Mar 10 19:36:29 moon charon-systemd: 09[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
Mar 10 19:36:29 moon charon-systemd: 09[ENC] splitting IKE message (1840 bytes) into 2 fragments
Mar 10 19:36:29 moon charon-systemd: 09[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
Mar 10 19:36:29 moon charon-systemd: 09[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
Mar 10 19:36:29 moon charon-systemd: 09[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1236 bytes)
Mar 10 19:36:29 moon charon-systemd: 09[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (676 bytes)
Mar 10 19:36:29 moon charon-systemd: 07[NET] received packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (288 bytes)
Mar 10 19:36:29 moon charon-systemd: 07[ENC] parsed CREATE_CHILD_SA request 2 [ SA No KE TSi TSr ]
Mar 10 19:36:29 moon charon-systemd: 07[IKE] traffic selectors 10.1.0.20/32 === 192.168.0.100/32 unacceptable
Mar 10 19:36:29 moon charon-systemd: 07[IKE] failed to establish CHILD_SA, keeping IKE_SA
Mar 10 19:36:29 moon charon-systemd: 07[ENC] generating CREATE_CHILD_SA response 2 [ N(TS_UNACCEPT) ]
Mar 10 19:36:29 moon charon-systemd: 07[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (80 bytes)
Mar 10 19:36:29 moon charon-systemd: 02[NET] received packet: from 192.168.0.200[500] to 192.168.0.1[500] (272 bytes)
Mar 10 19:36:29 moon charon-systemd: 02[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Mar 10 19:36:29 moon charon-systemd: 02[IKE] 192.168.0.200 is initiating an IKE_SA
Mar 10 19:36:29 moon charon-systemd: 02[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
Mar 10 19:36:29 moon charon-systemd: 02[IKE] sending cert request for "C=CH, O=strongSwan Project, OU=Research, CN=Research CA"
Mar 10 19:36:29 moon charon-systemd: 02[IKE] sending cert request for "C=CH, O=strongSwan Project, OU=Sales, CN=Sales CA"
Mar 10 19:36:29 moon charon-systemd: 02[IKE] sending cert request for "C=CH, O=strongSwan Project, CN=strongSwan Root CA"
Mar 10 19:36:29 moon charon-systemd: 02[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Mar 10 19:36:29 moon charon-systemd: 02[NET] sending packet: from 192.168.0.1[500] to 192.168.0.200[500] (345 bytes)
Mar 10 19:36:30 moon charon-systemd: 06[NET] received packet: from 192.168.0.200[4500] to 192.168.0.1[4500] (1236 bytes)
Mar 10 19:36:30 moon charon-systemd: 06[ENC] parsed IKE_AUTH request 1 [ EF(1/2) ]
Mar 10 19:36:30 moon charon-systemd: 06[ENC] received fragment #1 of 2, waiting for complete IKE message
Mar 10 19:36:30 moon charon-systemd: 10[NET] received packet: from 192.168.0.200[4500] to 192.168.0.1[4500] (740 bytes)
Mar 10 19:36:30 moon charon-systemd: 10[ENC] parsed IKE_AUTH request 1 [ EF(2/2) ]
Mar 10 19:36:30 moon charon-systemd: 10[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1904 bytes)
Mar 10 19:36:30 moon charon-systemd: 10[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Mar 10 19:36:30 moon charon-systemd: 10[IKE] received cert request for "C=CH, O=strongSwan Project, CN=strongSwan Root CA"
Mar 10 19:36:30 moon charon-systemd: 10[IKE] received end entity cert "C=CH, O=strongSwan Project, OU=Sales, CN=dave@strongswan.org"
Mar 10 19:36:30 moon charon-systemd: 10[CFG] looking for peer configs matching 192.168.0.1[moon.strongswan.org]...192.168.0.200[dave@strongswan.org]
Mar 10 19:36:30 moon charon-systemd: 10[CFG] selected peer config 'research'
Mar 10 19:36:30 moon charon-systemd: 10[CFG]   using certificate "C=CH, O=strongSwan Project, OU=Sales, CN=dave@strongswan.org"
Mar 10 19:36:30 moon charon-systemd: 10[CFG]   using trusted intermediate ca certificate "C=CH, O=strongSwan Project, OU=Sales, CN=Sales CA"
Mar 10 19:36:30 moon charon-systemd: 10[CFG]   using trusted ca certificate "C=CH, O=strongSwan Project, CN=strongSwan Root CA"
Mar 10 19:36:30 moon charon-systemd: 10[CFG]   reached self-signed root ca with a path length of 1
Mar 10 19:36:30 moon charon-systemd: 10[CFG] checking certificate status of "C=CH, O=strongSwan Project, OU=Sales, CN=dave@strongswan.org"
Mar 10 19:36:30 moon charon-systemd: 10[CFG]   requesting ocsp status from 'http://ocsp.strongswan.org:8880' ...
Mar 10 19:36:30 moon charon-systemd: 10[CFG]   ocsp response correctly signed by "C=CH, O=strongSwan Project, OU=Sales OCSP Signing Authority, CN=ocsp.sales.strongswan.org"
Mar 10 19:36:30 moon charon-systemd: 10[CFG]   ocsp response is valid: until Mar 10 19:41:30 2025
Mar 10 19:36:30 moon charon-systemd: 10[CFG] certificate status is good
Mar 10 19:36:30 moon charon-systemd: 10[CFG] checking certificate status of "C=CH, O=strongSwan Project, OU=Sales, CN=Sales CA"
Mar 10 19:36:30 moon charon-systemd: 10[CFG]   requesting ocsp status from 'http://ocsp.strongswan.org:8880' ...
Mar 10 19:36:30 moon charon-systemd: 10[LIB]   certificate from Mar 10 19:36:31 2025 is newer - existing certificate from Mar 10 19:36:29 2025 replaced
Mar 10 19:36:30 moon charon-systemd: 10[CFG]   ocsp response correctly signed by "C=CH, O=strongSwan Project, OU=OCSP Signing Authority, CN=ocsp.strongswan.org"
Mar 10 19:36:30 moon charon-systemd: 10[CFG]   ocsp response is valid: until Mar 10 19:41:31 2025
Mar 10 19:36:30 moon charon-systemd: 10[CFG] certificate status is good
Mar 10 19:36:30 moon charon-systemd: 10[IKE] authentication of 'dave@strongswan.org' with RSA_EMSA_PKCS1_SHA2_256 successful
Mar 10 19:36:30 moon charon-systemd: 10[CFG] constraint check failed: peer not authenticated by CA 'C=CH, O=strongSwan Project, OU=Research, CN=Research CA'
Mar 10 19:36:30 moon charon-systemd: 10[CFG] selected peer config 'research' unacceptable: non-matching authentication done
Mar 10 19:36:30 moon charon-systemd: 10[CFG] switching to peer config 'sales'
Mar 10 19:36:30 moon charon-systemd: 10[IKE] peer supports MOBIKE
Mar 10 19:36:30 moon charon-systemd: 10[IKE] authentication of 'moon.strongswan.org' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
Mar 10 19:36:30 moon charon-systemd: 10[IKE] sending end entity cert "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
Mar 10 19:36:30 moon charon-systemd: 10[IKE] IKE_SA sales[2] established between 192.168.0.1[moon.strongswan.org]...192.168.0.200[dave@strongswan.org]
Mar 10 19:36:30 moon charon-systemd: 10[IKE] scheduling rekeying in 14128s
Mar 10 19:36:30 moon charon-systemd: 10[IKE] maximum IKE_SA lifetime 15568s
Mar 10 19:36:30 moon charon-systemd: 10[IKE] traffic selectors 10.1.0.10/32 === 192.168.0.200/32 unacceptable
Mar 10 19:36:30 moon charon-systemd: 10[IKE] failed to establish CHILD_SA, keeping IKE_SA
Mar 10 19:36:30 moon charon-systemd: 10[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(TS_UNACCEPT) ]
Mar 10 19:36:30 moon charon-systemd: 10[ENC] splitting IKE message (1760 bytes) into 2 fragments
Mar 10 19:36:30 moon charon-systemd: 10[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
Mar 10 19:36:30 moon charon-systemd: 10[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
Mar 10 19:36:30 moon charon-systemd: 10[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.200[4500] (1236 bytes)
Mar 10 19:36:30 moon charon-systemd: 10[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.200[4500] (596 bytes)
Mar 10 19:36:30 moon charon-systemd: 16[NET] received packet: from 192.168.0.200[4500] to 192.168.0.1[4500] (288 bytes)
Mar 10 19:36:30 moon charon-systemd: 16[ENC] parsed CREATE_CHILD_SA request 2 [ SA No KE TSi TSr ]
Mar 10 19:36:30 moon charon-systemd: 16[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA2_256_128/ECP_256/NO_EXT_SEQ
Mar 10 19:36:30 moon charon-systemd: 16[IKE] CHILD_SA venus{2} established with SPIs cb8b7d16_i c5da73d6_o and TS 10.1.0.20/32 === 192.168.0.200/32
Mar 10 19:36:30 moon charon-systemd: 16[ENC] generating CREATE_CHILD_SA response 2 [ SA No KE TSi TSr ]
Mar 10 19:36:30 moon charon-systemd: 16[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.200[4500] (288 bytes)
Mar 10 19:36:36 moon charon-systemd: 07[NET] received packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (80 bytes)
Mar 10 19:36:36 moon charon-systemd: 07[ENC] parsed INFORMATIONAL request 3 [ D ]
Mar 10 19:36:36 moon charon-systemd: 07[IKE] received DELETE for IKE_SA research[1]
Mar 10 19:36:36 moon charon-systemd: 07[IKE] deleting IKE_SA research[1] between 192.168.0.1[moon.strongswan.org]...192.168.0.100[carol@strongswan.org]
Mar 10 19:36:36 moon charon-systemd: 07[IKE] IKE_SA deleted
Mar 10 19:36:36 moon charon-systemd: 07[ENC] generating INFORMATIONAL response 3 [ ]
Mar 10 19:36:36 moon charon-systemd: 07[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (80 bytes)
Mar 10 19:36:36 moon charon-systemd: 08[NET] received packet: from 192.168.0.200[4500] to 192.168.0.1[4500] (80 bytes)
Mar 10 19:36:36 moon charon-systemd: 08[ENC] parsed INFORMATIONAL request 3 [ D ]
Mar 10 19:36:36 moon charon-systemd: 08[IKE] received DELETE for IKE_SA sales[2]
Mar 10 19:36:36 moon charon-systemd: 08[IKE] deleting IKE_SA sales[2] between 192.168.0.1[moon.strongswan.org]...192.168.0.200[dave@strongswan.org]
Mar 10 19:36:36 moon charon-systemd: 08[IKE] IKE_SA deleted
Mar 10 19:36:36 moon charon-systemd: 08[ENC] generating INFORMATIONAL response 3 [ ]
Mar 10 19:36:36 moon charon-systemd: 08[NET] sending packet: from 192.168.0.1[4500] to 192.168.0.200[4500] (80 bytes)
Mar 10 19:36:36 moon charon-systemd: 00[DMN] SIGTERM received, shutting down
Mar 10 19:36:36 moon systemd[1]: Stopping strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Mar 10 19:36:36 moon systemd[1]: strongswan.service: Deactivated successfully.
Mar 10 19:36:36 moon systemd[1]: Stopped strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
Mar 10 19:36:36 moon systemd[1]: strongswan.service: Consumed 1.296s CPU time.