##### BEGIN SECTION vpn VPN
VPN avmike
-------
ls: /var/tmp/ike.old: No such file or directory
-rw-r--r-- 1 root root 6642 Feb 11 09:35 /var/tmp/ike.log
1970-01-01 01:01:19 avmike:< add(appl=dsld,cname=iphone,localip=93.196.116.81, remoteip=0.0.0.0, p1ss=LT8h/all/all/all, p2ss=LT8h/esp-all-all/ah-none/comp-all/no-pfs p1mode=4 keepalive_ip=0.0.0.0 flags=0x803f tunnel xauth cfgmode nat_t no_certsrv_server_auth)
1970-01-01 01:01:19 avmike:new neighbour iphone: dynamic user every-id nat_t
1970-01-01 01:01:19 avmike:< add(appl=dsld,cname=ipad,localip=93.196.116.81, remoteip=0.0.0.0, p1ss=LT8h/all/all/all, p2ss=LT8h/esp-all-all/ah-none/comp-all/no-pfs p1mode=4 keepalive_ip=0.0.0.0 flags=0x803f tunnel xauth cfgmode nat_t no_certsrv_server_auth)
1970-01-01 01:01:19 avmike:new neighbour ipad: dynamic user every-id nat_t
1970-01-01 01:01:19 avmike:< add(appl=dsld,cname=a,localip=93.196.116.81, remoteip=0.0.0.0, p1ss=LT8h/all/all/all, p2ss=LT8h/esp-all-all/ah-none/comp-all/no-pfs p1mode=4 keepalive_ip=0.0.0.0 flags=0x803f tunnel xauth cfgmode nat_t no_certsrv_server_auth)
1970-01-01 01:01:19 avmike:new neighbour a: dynamic user every-id nat_t
1970-01-01 01:01:19 avmike:< add(appl=dsld,cname=4020LTE.dynamischerdns.de,localip=93.196.116.81, remoteip=0.0.0.0, p1ss=all/all/all, p2ss=esp-all-all/ah-none/comp-all/pfs p1mode=4 keepalive_ip=192.168.4.1 flags=0x8001 tunnel no_xauth no_cfgmode nat_t no_certsrv_server_auth)
1970-01-01 01:01:19 avmike:new neighbour 4020LTE.dynamischerdns.de: dynamic nat_t
1970-01-01 01:01:19 avmike:4020LTE.dynamischerdns.de start_vpn_keepalive 192.168.4.1
2018-02-11 08:25:33 avmike:mainmode 4020LTE.dynamischerdns.de: selected lifetime: 3600 sec(no notify)
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de remote peer supported XAUTH
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de remote peer supported DPD
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de remote peer supported NAT-T RFC 3947
2018-02-11 08:25:33 avmike:mainmode 4020LTE.dynamischerdns.de: add SA 1
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de: Warning: source changed from 0.0.0.0:500 to 80.187.96.87:13681
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de: switching to NAT-T (Responder)
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de: embedded inital contact message received
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de start_vpn_keepalive already running
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de: Phase 1 ready
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de: current=0.0.0.0 new=80.187.96.87:13681
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de start_vpn_keepalive already running
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de: no valid sa, reseting initialcontactdone flag
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de: remote is behind a nat
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de: start waiting connections
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de: NO waiting connections
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de: inital contact message received
2018-02-11 08:25:33 avmike:4020LTE.dynamischerdns.de start_vpn_keepalive already running
2018-02-11 08:25:34 avmike:4020LTE.dynamischerdns.de: Phase 2 ready
2018-02-11 08:25:34 avmike:< cb_sa_created(name=4020LTE.dynamischerdns.de,id=1,...,flags=0x00022103)
2018-02-11 08:25:34 avmike:4020LTE.dynamischerdns.de stop_vpn_keepalive to 192.168.4.1
2018-02-11 08:25:34 avmike:4020LTE.dynamischerdns.de start_keepalive_timer 3540 sec
2018-02-11 08:25:34 avmike:4020LTE.dynamischerdns.de: start waiting connections
2018-02-11 08:25:34 avmike:4020LTE.dynamischerdns.de: NO waiting connections
2018-02-11 08:25:34 avmike:4020LTE.dynamischerdns.de: Phase 2 ready
2018-02-11 08:25:34 avmike:< cb_sa_created(name=4020LTE.dynamischerdns.de,id=2,...,flags=0x00022003)
2018-02-11 08:25:34 avmike:4020LTE.dynamischerdns.de stop_vpn_keepalive to 192.168.4.1
2018-02-11 08:25:34 avmike:4020LTE.dynamischerdns.de restart keepalive_timer timer_id 2007781520
2018-02-11 08:25:34 avmike:4020LTE.dynamischerdns.de: start waiting connections
2018-02-11 08:25:34 avmike:4020LTE.dynamischerdns.de: NO waiting connections
2018-02-11 09:19:33 avmike:mainmode 4020LTE.dynamischerdns.de: selected lifetime: 3600 sec(no notify)
2018-02-11 09:19:33 avmike:4020LTE.dynamischerdns.de remote peer supported XAUTH
2018-02-11 09:19:33 avmike:4020LTE.dynamischerdns.de remote peer supported DPD
2018-02-11 09:19:33 avmike:4020LTE.dynamischerdns.de remote peer supported NAT-T RFC 3947
2018-02-11 09:19:34 avmike:mainmode 4020LTE.dynamischerdns.de: add SA 2
2018-02-11 09:19:34 avmike:4020LTE.dynamischerdns.de: Phase 1 ready
2018-02-11 09:19:34 avmike:4020LTE.dynamischerdns.de: current=80.187.96.87:13681 new=80.187.96.87:13681
2018-02-11 09:19:34 avmike:4020LTE.dynamischerdns.de: local is behind a nat
2018-02-11 09:19:34 avmike:4020LTE.dynamischerdns.de: remote is behind a nat
2018-02-11 09:19:34 avmike:4020LTE.dynamischerdns.de: start waiting connections
2018-02-11 09:19:34 avmike:4020LTE.dynamischerdns.de: NO waiting connections
2018-02-11 09:22:34 avmike:4020LTE.dynamischerdns.de: Phase 2 ready
2018-02-11 09:22:34 avmike:< cb_sa_created(name=4020LTE.dynamischerdns.de,id=3,...,flags=0x00032003)
2018-02-11 09:22:34 avmike:4020LTE.dynamischerdns.de stop_vpn_keepalive to 192.168.4.1
2018-02-11 09:22:34 avmike:4020LTE.dynamischerdns.de restart keepalive_timer timer_id 2007781520
2018-02-11 09:22:34 avmike:4020LTE.dynamischerdns.de: start waiting connections
2018-02-11 09:22:34 avmike:4020LTE.dynamischerdns.de: NO waiting connections
2018-02-11 09:22:34 avmike:FreeIPsecSA: spi=127bfb52 protocol=3 iotype=2
2018-02-11 09:22:34 avmike:< cb_sa_deleted(name=4020LTE.dynamischerdns.de,id=2,what=2)
2018-02-11 09:22:34 avmike:FreeIPsecSA: spi=48a1ef63 protocol=3 iotype=1
2018-02-11 09:22:34 avmike:FreeIPsecSA: spi=d765 protocol=4 iotype=1
2018-02-11 09:22:34 avmike:FreeIPsecSA: spi=8260f96d protocol=3 iotype=2
2018-02-11 09:22:34 avmike:FreeIPsecSA: spi=7a2a protocol=4 iotype=2
2018-02-11 09:22:34 avmike:FreeIPsecSA: spi=1b73 protocol=4 iotype=2
2018-02-11 09:22:34 avmike:< cb_sa_deleted(name=4020LTE.dynamischerdns.de,id=2,what=2)
2018-02-11 09:22:34 avmike:FreeIPsecSA: spi=d6454991 protocol=3 iotype=1
2018-02-11 09:22:34 avmike:FreeIPsecSA: spi=b87e protocol=4 iotype=1
2018-02-11 09:22:44 avmike:>>>4500 nat-t-keepalive[80.187.96.87:13681]
2018-02-11 09:25:33 avmike:mainmode 4020LTE.dynamischerdns.de: del SA 1
2018-02-11 09:35:50 avmike:FreeIPsecSA: spi=9fdb4b1 protocol=3 iotype=1
2018-02-11 09:35:50 avmike:FreeIPsecSA: spi=afa2 protocol=4 iotype=1
2018-02-11 09:35:50 avmike:FreeIPsecSA: spi=e93a74f6 protocol=3 iotype=2
2018-02-11 09:35:50 avmike:FreeIPsecSA: spi=4bf8 protocol=4 iotype=2
2018-02-11 09:35:50 avmike:mainmode 4020LTE.dynamischerdns.de: del SA 2
VPN assocs
----------
/proc/kdsld/dsliface/internet/ipsec/assocs:
iphone: 93.196.116.81:0.0.0.0 0.0.0.0:192.168.2.201 0 SAs valid enabled dynlocalip dynremoteip
permit ip any host 192.168.2.201
Forbidden Clients: 192.168.179.0/24
ipad: 93.196.116.81:0.0.0.0 0.0.0.0:192.168.2.202 0 SAs valid enabled dynlocalip dynremoteip
permit ip any host 192.168.2.202
Forbidden Clients: 192.168.179.0/24
a: 93.196.116.81:0.0.0.0 0.0.0.0:192.168.2.203 0 SAs valid enabled dynlocalip dynremoteip
permit ip any host 192.168.2.203
Forbidden Clients: 192.168.179.0/24
4020LTE.dynamischerdns.de: 93.196.116.81:0.0.0.0 80.187.96.87:0.0.0.0 0 SAs valid enabled dynlocalip dynremoteip
permit ip any 192.168.4.0 255.255.255.0
permit ip any 192.168.8.0 255.255.255.0
permit ip any host 109.237.176.33
Forbidden Clients: 192.168.179.0/24
VPN connections
----------
/proc/kdsld/dsliface/internet/ipsec/connections:
iphone: pmtu 0 mtu 1492 dont_filter_netbios
ipad: pmtu 0 mtu 1492 dont_filter_netbios
a: pmtu 0 mtu 1492 dont_filter_netbios
4020LTE.dynamischerdns.de: pmtu 0 mtu 1492 dpd_supported dont_filter_netbios local_nat remote_nat
##### END SECTION vpn
##### BEGIN SECTION vpn_cfg /var/flash/vpn.cfg
/*
* /var/flash/vpn.cfg
* Sun Jan 28 21:54:05 2018
*/
meta { encoding = "utf-8"; }
vpncfg {
vpncfg_version = 1;
connections {
enabled = yes;
editable = no;
conn_type = conntype_user;
name = "iphone";
boxuser_id = 11;
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 192.168.2.201;
keepalive_ip = 0.0.0.0;
remoteid {
key_id = "SECRET";
}
mode = phase1_mode_aggressive;
phase1ss = "LT8h/all/all/all";
keytype = connkeytype_pre_shared;
key = "SECRET";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = yes;
xauth {
valid = yes;
username = "SECRET";
passwd = "SECRET";
}
use_cfgmode = yes;
phase2localid {
ipnet {
ipaddr = 0.0.0.0;
mask = 0.0.0.0;
}
}
phase2remoteid {
ipaddr = 192.168.2.201;
}
phase2ss = "LT8h/esp-all-all/ah-none/comp-all/no-pfs";
accesslist =
"permit ip 0.0.0.0 0.0.0.0 192.168.2.201 255.255.255.255";
app_id = 0;
} {
enabled = yes;
editable = no;
conn_type = conntype_user;
name = "ipad";
boxuser_id = 12;
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 192.168.2.202;
keepalive_ip = 0.0.0.0;
remoteid {
key_id = "SECRET";
}
mode = phase1_mode_aggressive;
phase1ss = "LT8h/all/all/all";
keytype = connkeytype_pre_shared;
key = "SECRET";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = yes;
xauth {
valid = yes;
username = "SECRET";
passwd = "SECRET";
}
use_cfgmode = yes;
phase2localid {
ipnet {
ipaddr = 0.0.0.0;
mask = 0.0.0.0;
}
}
phase2remoteid {
ipaddr = 192.168.2.202;
}
phase2ss = "LT8h/esp-all-all/ah-none/comp-all/no-pfs";
accesslist =
"permit ip 0.0.0.0 0.0.0.0 192.168.2.202 255.255.255.255";
app_id = 0;
} {
enabled = yes;
editable = no;
conn_type = conntype_user;
name = "a";
boxuser_id = 13;
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 192.168.2.203;
keepalive_ip = 0.0.0.0;
remoteid {
key_id = "SECRET";
}
mode = phase1_mode_aggressive;
phase1ss = "LT8h/all/all/all";
keytype = connkeytype_pre_shared;
key = "SECRET";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = yes;
xauth {
valid = yes;
username = "SECRET";
passwd = "SECRET";
}
use_cfgmode = yes;
phase2localid {
ipnet {
ipaddr = 0.0.0.0;
mask = 0.0.0.0;
}
}
phase2remoteid {
ipaddr = 192.168.2.203;
}
phase2ss = "LT8h/esp-all-all/ah-none/comp-all/no-pfs";
accesslist =
"permit ip 0.0.0.0 0.0.0.0 192.168.2.203 255.255.255.255";
app_id = 0;
} {
enabled = yes;
editable = no;
conn_type = conntype_lan;
name = "4020LTE.dynamischerdns.de";
boxuser_id = 0;
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 0.0.0.0;
remotehostname = "";
keepalive_ip = 192.168.4.1;
localid {
fqdn = "SECRET";
}
remoteid {
fqdn = "SECRET";
}
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "SECRET";
cert_do_server_auth = no;
use_nat_t = yes;
use_xauth = no;
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 192.168.2.0;
mask = 255.255.255.0;
}
}
phase2remoteid {
ipnet {
ipaddr = 192.168.4.0;
mask = 255.255.255.0;
}
}
phase2ss = "esp-all-all/ah-none/comp-all/pfs";
accesslist = "permit ip any 192.168.4.0 255.255.255.0",
"permit ip any 192.168.8.0 255.255.255.0",
"permit ip any 109.237.176.33 255.255.255.255";
app_id = 0;
}
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
}
// EOF
##### END SECTION vpn_cfg