Mar 10 19:12:55 carol systemd[1]: Starting strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Mar 10 19:12:55 carol charon-systemd: 00[DMN] Starting charon-systemd IKE daemon (strongSwan 6.0.1, Linux 6.13.6, x86_64)
Mar 10 19:12:55 carol charon-systemd: 00[LIB] providers loaded by OpenSSL: legacy default
Mar 10 19:12:55 carol charon-systemd: 00[CFG] install DNS servers in '/etc/resolv.conf'
Mar 10 19:12:55 carol charon-systemd: 00[LIB] loaded plugins: charon-systemd random nonce openssl pem pkcs1 revocation curl kernel-netlink socket-default updown vici resolve
Mar 10 19:12:55 carol charon-systemd: 00[JOB] spawning 16 worker threads
Mar 10 19:12:56 carol charon-systemd: 09[CFG] loaded certificate 'C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org'
Mar 10 19:12:56 carol charon-systemd: 07[CFG] loaded certificate 'C=CH, O=strongSwan Project, CN=strongSwan Root CA'
Mar 10 19:12:56 carol charon-systemd: 03[CFG] loaded RSA private key
Mar 10 19:12:56 carol charon-systemd: 08[CFG] added vici connection: home
Mar 10 19:12:56 carol swanctl[18725]: loaded certificate from '/etc/swanctl/x509/carolCert.pem'
Mar 10 19:12:56 carol swanctl[18725]: loaded certificate from '/etc/swanctl/x509ca/strongswanCert.pem'
Mar 10 19:12:56 carol swanctl[18725]: loaded rsa key from '/etc/swanctl/rsa/carolKey.pem'
Mar 10 19:12:56 carol swanctl[18725]: no authorities found, 0 unloaded
Mar 10 19:12:56 carol swanctl[18725]: no pools found, 0 unloaded
Mar 10 19:12:56 carol swanctl[18725]: loaded connection 'home'
Mar 10 19:12:56 carol swanctl[18725]: successfully loaded 1 connections, 0 unloaded
Mar 10 19:12:56 carol systemd[1]: Started strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
Mar 10 19:12:58 carol charon-systemd: 09[CFG] vici initiate CHILD_SA 'home'
Mar 10 19:12:59 carol charon-systemd: 02[IKE] initiating IKE_SA home[1] to 192.168.0.1
Mar 10 19:12:59 carol charon-systemd: 02[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Mar 10 19:12:59 carol charon-systemd: 02[NET] sending packet: from 192.168.0.100[500] to 192.168.0.1[500] (240 bytes)
Mar 10 19:12:59 carol charon-systemd: 10[NET] received packet: from 192.168.0.1[500] to 192.168.0.100[500] (273 bytes)
Mar 10 19:12:59 carol charon-systemd: 10[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
Mar 10 19:12:59 carol charon-systemd: 10[CFG] selected proposal: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/CURVE_25519
Mar 10 19:12:59 carol charon-systemd: 10[IKE] received cert request for "C=CH, O=strongSwan Project, CN=strongSwan Root CA"
Mar 10 19:12:59 carol charon-systemd: 10[IKE] sending cert request for "C=CH, O=strongSwan Project, CN=strongSwan Root CA"
Mar 10 19:12:59 carol charon-systemd: 10[IKE] authentication of 'carol@strongswan.org' (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
Mar 10 19:12:59 carol charon-systemd: 10[IKE] sending end entity cert "C=CH, O=strongSwan Project, OU=Research, CN=carol@strongswan.org"
Mar 10 19:12:59 carol charon-systemd: 10[IKE] establishing CHILD_SA home{1}
Mar 10 19:12:59 carol charon-systemd: 10[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Mar 10 19:12:59 carol charon-systemd: 10[ENC] splitting IKE message (1936 bytes) into 2 fragments
Mar 10 19:12:59 carol charon-systemd: 10[ENC] generating IKE_AUTH request 1 [ EF(1/2) ]
Mar 10 19:12:59 carol charon-systemd: 10[ENC] generating IKE_AUTH request 1 [ EF(2/2) ]
Mar 10 19:12:59 carol charon-systemd: 10[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (1236 bytes)
Mar 10 19:12:59 carol charon-systemd: 10[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (772 bytes)
Mar 10 19:12:59 carol charon-systemd: 16[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (1236 bytes)
Mar 10 19:12:59 carol charon-systemd: 16[ENC] parsed IKE_AUTH response 1 [ EF(1/2) ]
Mar 10 19:12:59 carol charon-systemd: 16[ENC] received fragment #1 of 2, waiting for complete IKE message
Mar 10 19:12:59 carol charon-systemd: 06[NET] received packet: from 192.168.0.1[4500] to 192.168.0.100[4500] (708 bytes)
Mar 10 19:12:59 carol charon-systemd: 06[ENC] parsed IKE_AUTH response 1 [ EF(2/2) ]
Mar 10 19:12:59 carol charon-systemd: 06[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1872 bytes)
Mar 10 19:12:59 carol charon-systemd: 06[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
Mar 10 19:12:59 carol charon-systemd: 06[IKE] received end entity cert "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
Mar 10 19:12:59 carol charon-systemd: 06[CFG]   using certificate "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
Mar 10 19:12:59 carol charon-systemd: 06[CFG]   using trusted ca certificate "C=CH, O=strongSwan Project, CN=strongSwan Root CA"
Mar 10 19:12:59 carol charon-systemd: 06[CFG]   reached self-signed root ca with a path length of 0
Mar 10 19:12:59 carol charon-systemd: 06[CFG] checking certificate status of "C=CH, O=strongSwan Project, CN=moon.strongswan.org"
Mar 10 19:12:59 carol charon-systemd: 06[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan.crl' ...
Mar 10 19:12:59 carol charon-systemd: 06[CFG]   using trusted certificate "C=CH, O=strongSwan Project, CN=strongSwan Root CA"
Mar 10 19:12:59 carol charon-systemd: 06[CFG]   crl correctly signed by "C=CH, O=strongSwan Project, CN=strongSwan Root CA"
Mar 10 19:12:59 carol charon-systemd: 06[CFG]   crl is valid: until Mar 25 18:47:43 2025
Mar 10 19:12:59 carol charon-systemd: 06[CFG] certificate status is good
Mar 10 19:12:59 carol charon-systemd: 06[IKE] authentication of 'moon.strongswan.org' with RSA_EMSA_PKCS1_SHA2_256 successful
Mar 10 19:12:59 carol charon-systemd: 06[IKE] installing DNS server 192.168.0.150 to /etc/resolv.conf
Mar 10 19:12:59 carol charon-systemd: 06[IKE] installing new virtual IP 10.3.0.1
Mar 10 19:12:59 carol charon-systemd: 06[IKE] peer supports MOBIKE
Mar 10 19:12:59 carol charon-systemd: 06[IKE] IKE_SA home[1] established between 192.168.0.100[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
Mar 10 19:12:59 carol charon-systemd: 06[IKE] scheduling rekeying in 13091s
Mar 10 19:12:59 carol charon-systemd: 06[IKE] maximum IKE_SA lifetime 14531s
Mar 10 19:12:59 carol charon-systemd: 06[CFG] selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQ
Mar 10 19:12:59 carol charon-systemd: 06[IKE] CHILD_SA home{1} established with SPIs c636e4dc_i c70c31af_o and TS 10.3.0.1/32 === 10.3.0.0/16 10.4.0.0/16
Mar 10 19:13:07 carol charon-systemd: 00[DMN] SIGTERM received, shutting down
Mar 10 19:13:07 carol charon-systemd: 00[IKE] deleting IKE_SA home[1] between 192.168.0.100[carol@strongswan.org]...192.168.0.1[moon.strongswan.org]
Mar 10 19:13:07 carol charon-systemd: 00[IKE] sending DELETE for IKE_SA home[1]
Mar 10 19:13:07 carol charon-systemd: 00[ENC] generating INFORMATIONAL request 2 [ D ]
Mar 10 19:13:07 carol systemd[1]: Stopping strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
Mar 10 19:13:07 carol charon-systemd: 00[NET] sending packet: from 192.168.0.100[4500] to 192.168.0.1[4500] (80 bytes)
Mar 10 19:13:07 carol charon-systemd: 00[IKE] removing DNS server 192.168.0.150 from /etc/resolv.conf
Mar 10 19:13:07 carol systemd[1]: strongswan.service: Deactivated successfully.
Mar 10 19:13:07 carol systemd[1]: Stopped strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
Mar 10 19:13:07 carol systemd[1]: strongswan.service: Consumed 1.014s CPU time.