VPN Strongswan + Freeradius не подключается RDP через 5 минут простоя

0

1

Добрый день! Не так давно настроил VPN на сервере (Strongswan + Freeradius + PostgreSQL) для RDP-соединений со статическими ip клиентов. Все хорошо, но в какой-то момент соединения начали пропадать все чаще и чаще, и теперь, если не подключиться по RDP в течение 5 минут после перезапуска strongswan, то больше не подключиться. В то же время само VPN-соединение остается активным и его можно свободно устанавливать и отключать. Я пробовал несколько комбинаций ipsec.conf, но это не дало эффекта. Затем я перешел с ipsec на swanctl, но проблема не исчезла. Кроме того, я не могу пропинговать внутренний адрес с сервера (10.10.10.0), и когда я устанавливаю remote_ts, то уже совсем не могу подключиться к RDP.

Возможно проблема не в сервере, а в клиентах на Windows, к которым подключаюсь по RDP - они ровно через 5 минут бездействия присылают запрос DELETE. Самое паршивое то, что подключение не разрывается в самой винде и остается активным. Попробовал на IPhone подключиться и оставил экран включенным, в итоге спустя 6 минут сообщения о разрыве так и не пришли. Так же если в винде каждые несколько минут пробовать подключаться и отключаться по RDP, то DELETE тоже не приходит.

Решением проблемы вижу пинг сервера со стороны клиентов, но как писал выше, не получается пинговать внутреннюю сеть.

Ниже прикрепил логи (strongswan и freeradius), старый ipsec и текущий файл swanctl.conf. Логи снимал сразу после их очистки и перезагрузки сервера. 999.999.999.999 - это IP-адрес сервера.

Спасибо за помощь!

ipsec.conf:

config setup
    charondebug="ike 1, knl 1, cfg 0"
    uniqueids=never

conn ikev2-vpn
    auto=add
    compress=no
    type=tunnel
    keyexchange=ikev2
    fragmentation=yes
    forceencaps=yes
    dpdaction=clear
    dpddelay=300s
    rekey=no
    left=%any
    leftid=999.999.999.999
    leftcert=server-cert.pem
    leftsendcert=always
    leftsubnet=0.0.0.0/0
    right=%any
    rightid=%any
    rightauth=eap-radius
    rightsourceip=%radius
    rightdns=8.8.8.8,8.8.4.4
    rightsendcert=never
    eap_identity=%any
    ike=chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024!
    esp=chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1!
enter code here

swanctl.conf:

connections {
    myVpn {
        unique=never
        version = 2
        # local_addrs = 10.10.10.100/24
        # remote_addrs = 0.0.0.0/0,::/0
        local_port = 500
        remote_port = 500
        proposals = chacha20poly1305-sha512-curve25519-prfsha512,aes256gcm16-sha384-prfsha384-ecp384,aes256-sha1-modp1024,aes128-sha1-modp1024,3des-sha1-modp1024
        keyingtries = 0
        dpd_delay = 30s
        rekey_time = 70
        send_cert = always
        pools = radius
        local {
            # auth = psk
            id = 999.999.999.999
            certs = server-cert.pem
        }
        remote {
            auth = eap-radius
            # id = 0.0.0.0/0,::/0
            eap_id=%any
        }
        children {
            vpn {
                mode = tunnel
                local_ts = 10.10.10.0/24
                # remote_ts = 172.16.2.0/24
                dpd_action = trap
                start_action = trap
                esp_proposals = chacha20poly1305-sha512,aes256gcm16-ecp384,aes256-sha256,aes256-sha1,3des-sha1
            }
        }
    }
}

secrets {
    private-myVpn {
        file = server-key.pem
    }
}

journalctl -u strongswan: P.S. isxRemote and aminushkinRemote это удаленные ПК, к которым подключаюсь по RDP. isxLocal это ПК, с которого подключаюсь.

    user@myVps:~# journalctl -u strongswan
    Sep 28 09:31:06 myVps systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
    Sep 28 09:31:06 myVps charon-systemd[2265]: PKCS11 module '<name>' lacks library path
    Sep 28 09:31:06 myVps charon-systemd[2265]: providers loaded by OpenSSL: legacy default
    Sep 28 09:31:06 myVps charon-systemd[2265]: using forecast interface ens3
    Sep 28 09:31:06 myVps charon-systemd[2265]: joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0>
    Sep 28 09:31:06 myVps charon-systemd[2265]: loaded 1 RADIUS server configuration
    Sep 28 09:31:06 myVps charon-systemd[2265]: HA config misses local/remote address
    Sep 28 09:31:06 myVps charon-systemd[2265]: loaded plugins: charon-systemd test-vectors ldap pkcs11 tpm aesni aes rc2 s>
    Sep 28 09:31:06 myVps charon-systemd[2265]: dropped capabilities, running as uid 0, gid 0
    Sep 28 09:31:06 myVps charon-systemd[2265]: spawning 16 worker threads
    Sep 28 09:31:06 myVps charon-systemd[2265]: loaded certificate 'CN=999.999.999.999'
    Sep 28 09:31:07 myVps charon-systemd[2265]: loaded ANY private key
    Sep 28 09:31:07 myVps charon-systemd[2265]: added vici connection: myVpn
    Sep 28 09:31:07 myVps charon-systemd[2265]: installing 'vpn'
    Sep 28 09:31:07 myVps charon-systemd[2265]: installing trap failed, remote address unknown
    Sep 28 09:31:07 myVps swanctl[2282]: loaded certificate from '/etc/swanctl/x509/server-cert.pem'
    Sep 28 09:31:07 myVps swanctl[2282]: loaded private key from '/etc/swanctl/private/server-key.pem'
    Sep 28 09:31:07 myVps swanctl[2282]: no authorities found, 0 unloaded
    Sep 28 09:31:07 myVps swanctl[2282]: no pools found, 0 unloaded
    Sep 28 09:31:07 myVps swanctl[2282]: loaded connection 'myVpn'
    Sep 28 09:31:07 myVps swanctl[2282]: successfully loaded 1 connections, 0 unloaded
    Sep 28 09:31:07 myVps systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.
    Sep 28 09:31:47 myVps charon-systemd[2265]: received packet: from 87.117.185.54[2] to 999.999.999.999[500] (1104 bytes)
    Sep 28 09:31:47 myVps charon-systemd[2265]: parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_I>
    Sep 28 09:31:47 myVps charon-systemd[2265]: received MS NT5 ISAKMPOAKLEY v9 vendor ID
    Sep 28 09:31:47 myVps charon-systemd[2265]: received MS-Negotiation Discovery Capable vendor ID
    Sep 28 09:31:47 myVps charon-systemd[2265]: received Vid-Initial-Contact vendor ID
    Sep 28 09:31:47 myVps charon-systemd[2265]: received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51>
    Sep 28 09:31:47 myVps charon-systemd[2265]: 87.117.185.54 is initiating an IKE_SA
    Sep 28 09:31:47 myVps charon-systemd[2265]: selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Sep 28 09:31:47 myVps charon-systemd[2265]: remote host is behind NAT
    Sep 28 09:31:47 myVps charon-systemd[2265]: generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FR>
    Sep 28 09:31:47 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[500] to 87.117.185.54[2] (328 bytes)
    Sep 28 09:31:47 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (576 bytes)
    Sep 28 09:31:47 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(2/4) ]
    Sep 28 09:31:47 myVps charon-systemd[2265]: received fragment #2 of 4, waiting for complete IKE message
    Sep 28 09:31:47 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (576 bytes)
    Sep 28 09:31:47 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(3/4) ]
    Sep 28 09:31:47 myVps charon-systemd[2265]: received fragment #3 of 4, waiting for complete IKE message
    Sep 28 09:31:47 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (448 bytes)
    Sep 28 09:31:47 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(4/4) ]
    Sep 28 09:31:47 myVps charon-systemd[2265]: received fragment #4 of 4, waiting for complete IKE message
    Sep 28 09:31:48 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (576 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(1/4) ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: received fragment #1 of 4, reassembled fragmented IKE message (1932 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SR>
    Sep 28 09:31:48 myVps charon-systemd[2265]: received 74 cert requests for an unknown ca
    Sep 28 09:31:48 myVps charon-systemd[2265]: looking for peer configs matching 999.999.999.999[%any]...87.117.185.54[192.16>
    Sep 28 09:31:48 myVps charon-systemd[2265]: selected peer config 'myVpn'
    Sep 28 09:31:48 myVps charon-systemd[2265]: initiating EAP_IDENTITY method (id 0x00)
    Sep 28 09:31:48 myVps charon-systemd[2265]: peer supports MOBIKE
    Sep 28 09:31:48 myVps charon-systemd[2265]: authentication of '999.999.999.999' (myself) with RSA signature successful
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending end entity cert "CN=999.999.999.999"
    Sep 28 09:31:48 myVps charon-systemd[2265]: generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: splitting IKE message (1916 bytes) into 2 fragments
    Sep 28 09:31:48 myVps charon-systemd[2265]: generating IKE_AUTH response 1 [ EF(1/2) ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: generating IKE_AUTH response 1 [ EF(2/2) ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (1248 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (736 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (576 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(2/4) ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: received fragment #2 of 4, waiting for complete IKE message
    Sep 28 09:31:48 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (576 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(3/4) ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: received fragment #3 of 4, waiting for complete IKE message
    Sep 28 09:31:48 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (448 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(4/4) ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: received fragment #4 of 4, waiting for complete IKE message
    Sep 28 09:31:48 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (92 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: parsed IKE_AUTH request 2 [ EAP/RES/ID ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: received EAP identity 'isxLocal'
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:31:48 myVps charon-systemd[2265]: received RADIUS Access-Challenge from server 'radius'
    Sep 28 09:31:48 myVps charon-systemd[2265]: initiating EAP_MD5 method (id 0x01)
    Sep 28 09:31:48 myVps charon-systemd[2265]: generating IKE_AUTH response 2 [ EAP/REQ/MD5 ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (92 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: parsed IKE_AUTH request 3 [ EAP/RES/NAK ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:31:48 myVps charon-systemd[2265]: received RADIUS Access-Challenge from server 'radius'
    Sep 28 09:31:48 myVps charon-systemd[2265]: generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (108 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (140 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:31:48 myVps charon-systemd[2265]: received RADIUS Access-Challenge from server 'radius'
    Sep 28 09:31:48 myVps charon-systemd[2265]: generating IKE_AUTH response 4 [ EAP/REQ/MSCHAPV2 ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (124 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: parsed IKE_AUTH request 5 [ EAP/RES/MSCHAPV2 ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:31:48 myVps charon-systemd[2265]: received RADIUS Access-Accept from server 'radius'
    Sep 28 09:31:48 myVps charon-systemd[2265]: RADIUS authentication of 'isxLocal' successful
    Sep 28 09:31:48 myVps charon-systemd[2265]: EAP method EAP_MSCHAPV2 succeeded, MSK established
    Sep 28 09:31:48 myVps charon-systemd[2265]: generating IKE_AUTH response 5 [ EAP/SUCC ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (92 bytes)
    Sep 28 09:31:48 myVps charon-systemd[2265]: parsed IKE_AUTH request 6 [ AUTH ]
    Sep 28 09:31:48 myVps charon-systemd[2265]: authentication of '192.168.31.5' with EAP successful
    Sep 28 09:31:48 myVps charon-systemd[2265]: authentication of '999.999.999.999' (myself) with EAP
    Sep 28 09:31:48 myVps charon-systemd[2265]: IKE_SA myVpn[1] established between 999.999.999.999[999.999.999.999]...87.117.185>
    Sep 28 09:31:48 myVps charon-systemd[2265]: scheduling rekeying in 13331s
    Sep 28 09:31:48 myVps charon-systemd[2265]: maximum IKE_SA lifetime 14771s
    Sep 28 09:31:48 myVps charon-systemd[2265]: peer requested virtual IP %any
    Sep 28 09:31:48 myVps charon-systemd[2265]: assigning virtual IP 10.10.10.51 to peer 'isxLocal'
    Sep 28 09:31:48 myVps charon-systemd[2265]: peer requested virtual IP %any6
    Sep 28 09:31:48 myVps charon-systemd[2265]: no virtual IP found for %any6 requested by 'isxLocal'
    Sep 28 09:31:48 myVps charon-systemd[2265]: selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
    Sep 28 09:31:48 myVps charon-systemd[2265]: CHILD_SA vpn{1} established with SPIs c51683d5_i dcee5fe0_o and TS 10.10.10>
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending RADIUS Accounting-Request to server 'radius'
    Sep 28 09:31:48 myVps charon-systemd[2265]: received RADIUS Accounting-Response from server 'radius'
    Sep 28 09:31:48 myVps charon-systemd[2265]: generating IKE_AUTH response 6 [ AUTH CPRP(ADDR) SA TSi TSr N(MOBIKE_SUP) N>
    Sep 28 09:31:48 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (220 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: received packet: from 87.117.185.54[3] to 999.999.999.999[500] (624 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_I>
    Sep 28 09:32:08 myVps charon-systemd[2265]: received MS NT5 ISAKMPOAKLEY v9 vendor ID
    Sep 28 09:32:08 myVps charon-systemd[2265]: received MS-Negotiation Discovery Capable vendor ID
    Sep 28 09:32:08 myVps charon-systemd[2265]: received Vid-Initial-Contact vendor ID
    Sep 28 09:32:08 myVps charon-systemd[2265]: received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51>
    Sep 28 09:32:08 myVps charon-systemd[2265]: 87.117.185.54 is initiating an IKE_SA
    Sep 28 09:32:08 myVps charon-systemd[2265]: selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Sep 28 09:32:08 myVps charon-systemd[2265]: remote host is behind NAT
    Sep 28 09:32:08 myVps charon-systemd[2265]: generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FR>
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[500] to 87.117.185.54[3] (328 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (576 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(1/2) ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: received fragment #1 of 2, waiting for complete IKE message
    Sep 28 09:32:08 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (544 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(2/2) ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: received fragment #2 of 2, reassembled fragmented IKE message (1036 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SR>
    Sep 28 09:32:08 myVps charon-systemd[2265]: received 35 cert requests for an unknown ca
    Sep 28 09:32:08 myVps charon-systemd[2265]: looking for peer configs matching 999.999.999.999[%any]...87.117.185.54[192.16>
    Sep 28 09:32:08 myVps charon-systemd[2265]: selected peer config 'myVpn'
    Sep 28 09:32:08 myVps charon-systemd[2265]: initiating EAP_IDENTITY method (id 0x00)
    Sep 28 09:32:08 myVps charon-systemd[2265]: peer supports MOBIKE
    Sep 28 09:32:08 myVps charon-systemd[2265]: authentication of '999.999.999.999' (myself) with RSA signature successful
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending end entity cert "CN=999.999.999.999"
    Sep 28 09:32:08 myVps charon-systemd[2265]: generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: splitting IKE message (1916 bytes) into 2 fragments
    Sep 28 09:32:08 myVps charon-systemd[2265]: generating IKE_AUTH response 1 [ EF(1/2) ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: generating IKE_AUTH response 1 [ EF(2/2) ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (1248 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (736 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (92 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: parsed IKE_AUTH request 2 [ EAP/RES/ID ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: received EAP identity 'isxRemote'
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:32:08 myVps charon-systemd[2265]: received RADIUS Access-Challenge from server 'radius'
    Sep 28 09:32:08 myVps charon-systemd[2265]: initiating EAP_MD5 method (id 0x01)
    Sep 28 09:32:08 myVps charon-systemd[2265]: generating IKE_AUTH response 2 [ EAP/REQ/MD5 ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (92 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: parsed IKE_AUTH request 3 [ EAP/RES/NAK ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:32:08 myVps charon-systemd[2265]: received RADIUS Access-Challenge from server 'radius'
    Sep 28 09:32:08 myVps charon-systemd[2265]: generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (108 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (140 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:32:08 myVps charon-systemd[2265]: received RADIUS Access-Challenge from server 'radius'
    Sep 28 09:32:08 myVps charon-systemd[2265]: generating IKE_AUTH response 4 [ EAP/REQ/MSCHAPV2 ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (124 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: parsed IKE_AUTH request 5 [ EAP/RES/MSCHAPV2 ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:32:08 myVps charon-systemd[2265]: received RADIUS Access-Accept from server 'radius'
    Sep 28 09:32:08 myVps charon-systemd[2265]: RADIUS authentication of 'isxRemote' successful
    Sep 28 09:32:08 myVps charon-systemd[2265]: EAP method EAP_MSCHAPV2 succeeded, MSK established
    Sep 28 09:32:08 myVps charon-systemd[2265]: generating IKE_AUTH response 5 [ EAP/SUCC ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (92 bytes)
    Sep 28 09:32:08 myVps charon-systemd[2265]: parsed IKE_AUTH request 6 [ AUTH ]
    Sep 28 09:32:08 myVps charon-systemd[2265]: authentication of '192.168.31.220' with EAP successful
    Sep 28 09:32:08 myVps charon-systemd[2265]: authentication of '999.999.999.999' (myself) with EAP
    Sep 28 09:32:08 myVps charon-systemd[2265]: IKE_SA myVpn[2] established between 999.999.999.999[999.999.999.999]...87.117.185>
    Sep 28 09:32:08 myVps charon-systemd[2265]: scheduling rekeying in 14272s
    Sep 28 09:32:08 myVps charon-systemd[2265]: maximum IKE_SA lifetime 15712s
    Sep 28 09:32:08 myVps charon-systemd[2265]: peer requested virtual IP %any
    Sep 28 09:32:08 myVps charon-systemd[2265]: assigning virtual IP 10.10.10.52 to peer 'isxRemote'
    Sep 28 09:32:08 myVps charon-systemd[2265]: peer requested virtual IP %any6
    Sep 28 09:32:08 myVps charon-systemd[2265]: no virtual IP found for %any6 requested by 'isxRemote'
    Sep 28 09:32:08 myVps charon-systemd[2265]: selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
    Sep 28 09:32:08 myVps charon-systemd[2265]: CHILD_SA vpn{2} established with SPIs cfb104ec_i 634e41ea_o and TS 10.10.10>
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending RADIUS Accounting-Request to server 'radius'
    Sep 28 09:32:08 myVps charon-systemd[2265]: received RADIUS Accounting-Response from server 'radius'
    Sep 28 09:32:08 myVps charon-systemd[2265]: generating IKE_AUTH response 6 [ AUTH CPRP(ADDR) SA TSi TSr N(MOBIKE_SUP) N>
    Sep 28 09:32:08 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (220 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60860] to 999.999.999.999[500] (604 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_I>
    Sep 28 09:32:15 myVps charon-systemd[2265]: received MS NT5 ISAKMPOAKLEY v9 vendor ID
    Sep 28 09:32:15 myVps charon-systemd[2265]: received MS-Negotiation Discovery Capable vendor ID
    Sep 28 09:32:15 myVps charon-systemd[2265]: received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51>
    Sep 28 09:32:15 myVps charon-systemd[2265]: 87.238.234.219 is initiating an IKE_SA
    Sep 28 09:32:15 myVps charon-systemd[2265]: selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Sep 28 09:32:15 myVps charon-systemd[2265]: remote host is behind NAT
    Sep 28 09:32:15 myVps charon-systemd[2265]: generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FR>
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[500] to 87.238.234.219[60860] (328 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (576 byte>
    Sep 28 09:32:15 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(1/3) ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: received fragment #1 of 3, waiting for complete IKE message
    Sep 28 09:32:15 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (576 byte>
    Sep 28 09:32:15 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(2/3) ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: received fragment #2 of 3, waiting for complete IKE message
    Sep 28 09:32:15 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (256 byte>
    Sep 28 09:32:15 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ EF(3/3) ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: received fragment #3 of 3, reassembled fragmented IKE message (1244 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SR>
    Sep 28 09:32:15 myVps charon-systemd[2265]: received 45 cert requests for an unknown ca
    Sep 28 09:32:15 myVps charon-systemd[2265]: looking for peer configs matching 999.999.999.999[%any]...87.238.234.219[192.1>
    Sep 28 09:32:15 myVps charon-systemd[2265]: selected peer config 'myVpn'
    Sep 28 09:32:15 myVps charon-systemd[2265]: initiating EAP_IDENTITY method (id 0x00)
    Sep 28 09:32:15 myVps charon-systemd[2265]: peer supports MOBIKE
    Sep 28 09:32:15 myVps charon-systemd[2265]: authentication of '999.999.999.999' (myself) with RSA signature successful
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending end entity cert "CN=999.999.999.999"
    Sep 28 09:32:15 myVps charon-systemd[2265]: generating IKE_AUTH response 1 [ IDr CERT AUTH EAP/REQ/ID ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: splitting IKE message (1916 bytes) into 2 fragments
    Sep 28 09:32:15 myVps charon-systemd[2265]: generating IKE_AUTH response 1 [ EF(1/2) ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: generating IKE_AUTH response 1 [ EF(2/2) ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (1248 byte>
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (736 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (92 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: parsed IKE_AUTH request 2 [ EAP/RES/ID ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: received EAP identity 'aminushkinRemote'
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:32:15 myVps charon-systemd[2265]: received RADIUS Access-Challenge from server 'radius'
    Sep 28 09:32:15 myVps charon-systemd[2265]: initiating EAP_MD5 method (id 0x01)
    Sep 28 09:32:15 myVps charon-systemd[2265]: generating IKE_AUTH response 2 [ EAP/REQ/MD5 ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (92 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: parsed IKE_AUTH request 3 [ EAP/RES/NAK ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:32:15 myVps charon-systemd[2265]: received RADIUS Access-Challenge from server 'radius'
    Sep 28 09:32:15 myVps charon-systemd[2265]: generating IKE_AUTH response 3 [ EAP/REQ/MSCHAPV2 ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (108 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (156 byte>
    Sep 28 09:32:15 myVps charon-systemd[2265]: parsed IKE_AUTH request 4 [ EAP/RES/MSCHAPV2 ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:32:15 myVps charon-systemd[2265]: received RADIUS Access-Challenge from server 'radius'
    Sep 28 09:32:15 myVps charon-systemd[2265]: generating IKE_AUTH response 4 [ EAP/REQ/MSCHAPV2 ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (124 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: parsed IKE_AUTH request 5 [ EAP/RES/MSCHAPV2 ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending RADIUS Access-Request to server 'radius'
    Sep 28 09:32:15 myVps charon-systemd[2265]: received RADIUS Access-Accept from server 'radius'
    Sep 28 09:32:15 myVps charon-systemd[2265]: RADIUS authentication of 'aminushkinRemote' successful
    Sep 28 09:32:15 myVps charon-systemd[2265]: EAP method EAP_MSCHAPV2 succeeded, MSK established
    Sep 28 09:32:15 myVps charon-systemd[2265]: generating IKE_AUTH response 5 [ EAP/SUCC ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (92 bytes)
    Sep 28 09:32:15 myVps charon-systemd[2265]: parsed IKE_AUTH request 6 [ AUTH ]
    Sep 28 09:32:15 myVps charon-systemd[2265]: authentication of '192.168.0.105' with EAP successful
    Sep 28 09:32:15 myVps charon-systemd[2265]: authentication of '999.999.999.999' (myself) with EAP
    Sep 28 09:32:15 myVps charon-systemd[2265]: IKE_SA myVpn[3] established between 999.999.999.999[999.999.999.999]...87.238.234>
    Sep 28 09:32:15 myVps charon-systemd[2265]: scheduling rekeying in 14222s
    Sep 28 09:32:15 myVps charon-systemd[2265]: maximum IKE_SA lifetime 15662s
    Sep 28 09:32:15 myVps charon-systemd[2265]: peer requested virtual IP %any
    Sep 28 09:32:15 myVps charon-systemd[2265]: assigning virtual IP 10.10.10.55 to peer 'aminushkinRemote'
    Sep 28 09:32:15 myVps charon-systemd[2265]: peer requested virtual IP %any6
    Sep 28 09:32:15 myVps charon-systemd[2265]: no virtual IP found for %any6 requested by 'aminushkinRemote'
    Sep 28 09:32:15 myVps charon-systemd[2265]: selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
    Sep 28 09:32:15 myVps charon-systemd[2265]: CHILD_SA vpn{3} established with SPIs ce4e8144_i 393fd5a4_o and TS 10.10.10>
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending RADIUS Accounting-Request to server 'radius'
    Sep 28 09:32:15 myVps charon-systemd[2265]: received RADIUS Accounting-Response from server 'radius'
    Sep 28 09:32:15 myVps charon-systemd[2265]: generating IKE_AUTH response 6 [ AUTH CPRP(ADDR) SA TSi TSr N(MOBIKE_SUP) N>
    Sep 28 09:32:15 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (220 bytes)
    Sep 28 09:32:18 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:32:18 myVps charon-systemd[2265]: generating INFORMATIONAL request 0 [ ]
    Sep 28 09:32:18 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:32:18 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:32:18 myVps charon-systemd[2265]: parsed INFORMATIONAL response 0 [ ]
    Sep 28 09:32:38 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:32:38 myVps charon-systemd[2265]: generating INFORMATIONAL request 0 [ ]
    Sep 28 09:32:38 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:32:38 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:32:38 myVps charon-systemd[2265]: parsed INFORMATIONAL response 0 [ ]
    Sep 28 09:32:45 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:32:45 myVps charon-systemd[2265]: generating INFORMATIONAL request 0 [ ]
    Sep 28 09:32:45 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:32:45 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:32:45 myVps charon-systemd[2265]: parsed INFORMATIONAL response 0 [ ]
    Sep 28 09:32:48 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:32:48 myVps charon-systemd[2265]: generating INFORMATIONAL request 1 [ ]
    Sep 28 09:32:48 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:32:48 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:32:48 myVps charon-systemd[2265]: parsed INFORMATIONAL response 1 [ ]
    Sep 28 09:33:16 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:33:16 myVps charon-systemd[2265]: generating INFORMATIONAL request 1 [ ]
    Sep 28 09:33:16 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:33:16 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:33:16 myVps charon-systemd[2265]: parsed INFORMATIONAL response 1 [ ]
    Sep 28 09:33:32 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:33:32 myVps charon-systemd[2265]: generating INFORMATIONAL request 2 [ ]
    Sep 28 09:33:32 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:33:32 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:33:32 myVps charon-systemd[2265]: parsed INFORMATIONAL response 2 [ ]
    Sep 28 09:33:37 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:33:37 myVps charon-systemd[2265]: generating INFORMATIONAL request 1 [ ]
    Sep 28 09:33:37 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:33:37 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:33:37 myVps charon-systemd[2265]: parsed INFORMATIONAL response 1 [ ]
    Sep 28 09:33:47 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:33:47 myVps charon-systemd[2265]: generating INFORMATIONAL request 2 [ ]
    Sep 28 09:33:47 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:33:47 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:33:47 myVps charon-systemd[2265]: parsed INFORMATIONAL response 2 [ ]
    Sep 28 09:34:02 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:34:02 myVps charon-systemd[2265]: generating INFORMATIONAL request 3 [ ]
    Sep 28 09:34:02 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:34:02 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:34:02 myVps charon-systemd[2265]: parsed INFORMATIONAL response 3 [ ]
    Sep 28 09:34:07 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:34:07 myVps charon-systemd[2265]: generating INFORMATIONAL request 2 [ ]
    Sep 28 09:34:07 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:34:07 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:34:07 myVps charon-systemd[2265]: parsed INFORMATIONAL response 2 [ ]
    Sep 28 09:34:18 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:34:18 myVps charon-systemd[2265]: generating INFORMATIONAL request 3 [ ]
    Sep 28 09:34:18 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:34:18 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:34:18 myVps charon-systemd[2265]: parsed INFORMATIONAL response 3 [ ]
    Sep 28 09:34:32 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:34:32 myVps charon-systemd[2265]: generating INFORMATIONAL request 4 [ ]
    Sep 28 09:34:32 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:34:32 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:34:32 myVps charon-systemd[2265]: parsed INFORMATIONAL response 4 [ ]
    Sep 28 09:34:37 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:34:37 myVps charon-systemd[2265]: generating INFORMATIONAL request 3 [ ]
    Sep 28 09:34:37 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:34:37 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:34:37 myVps charon-systemd[2265]: parsed INFORMATIONAL response 3 [ ]
    Sep 28 09:34:48 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:34:48 myVps charon-systemd[2265]: generating INFORMATIONAL request 4 [ ]
    Sep 28 09:34:48 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:34:48 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:34:48 myVps charon-systemd[2265]: parsed INFORMATIONAL response 4 [ ]
    Sep 28 09:35:02 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:35:02 myVps charon-systemd[2265]: generating INFORMATIONAL request 5 [ ]
    Sep 28 09:35:02 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:35:02 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:35:02 myVps charon-systemd[2265]: parsed INFORMATIONAL response 5 [ ]
    Sep 28 09:35:07 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:35:07 myVps charon-systemd[2265]: generating INFORMATIONAL request 4 [ ]
    Sep 28 09:35:07 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:35:07 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:35:07 myVps charon-systemd[2265]: parsed INFORMATIONAL response 4 [ ]
    Sep 28 09:35:19 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:35:19 myVps charon-systemd[2265]: generating INFORMATIONAL request 5 [ ]
    Sep 28 09:35:19 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:35:19 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:35:19 myVps charon-systemd[2265]: parsed INFORMATIONAL response 5 [ ]
    Sep 28 09:35:32 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:35:32 myVps charon-systemd[2265]: generating INFORMATIONAL request 6 [ ]
    Sep 28 09:35:32 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:35:32 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:35:32 myVps charon-systemd[2265]: parsed INFORMATIONAL response 6 [ ]
    Sep 28 09:35:37 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:35:37 myVps charon-systemd[2265]: generating INFORMATIONAL request 5 [ ]
    Sep 28 09:35:37 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:35:37 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:35:37 myVps charon-systemd[2265]: parsed INFORMATIONAL response 5 [ ]
    Sep 28 09:35:50 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:35:50 myVps charon-systemd[2265]: generating INFORMATIONAL request 6 [ ]
    Sep 28 09:35:50 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:35:50 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:35:50 myVps charon-systemd[2265]: parsed INFORMATIONAL response 6 [ ]
    Sep 28 09:36:02 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:36:02 myVps charon-systemd[2265]: generating INFORMATIONAL request 7 [ ]
    Sep 28 09:36:02 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:36:02 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:36:02 myVps charon-systemd[2265]: parsed INFORMATIONAL response 7 [ ]
    Sep 28 09:36:07 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:36:07 myVps charon-systemd[2265]: generating INFORMATIONAL request 6 [ ]
    Sep 28 09:36:07 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:36:07 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:36:07 myVps charon-systemd[2265]: parsed INFORMATIONAL response 6 [ ]
    Sep 28 09:36:21 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:36:21 myVps charon-systemd[2265]: generating INFORMATIONAL request 7 [ ]
    Sep 28 09:36:21 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:36:21 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:36:21 myVps charon-systemd[2265]: parsed INFORMATIONAL response 7 [ ]
    Sep 28 09:36:32 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:36:32 myVps charon-systemd[2265]: generating INFORMATIONAL request 8 [ ]
    Sep 28 09:36:32 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:36:32 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:36:32 myVps charon-systemd[2265]: parsed INFORMATIONAL response 8 [ ]
    Sep 28 09:36:37 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:36:37 myVps charon-systemd[2265]: generating INFORMATIONAL request 7 [ ]
    Sep 28 09:36:37 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:36:37 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:36:37 myVps charon-systemd[2265]: parsed INFORMATIONAL response 7 [ ]
    Sep 28 09:36:52 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:36:52 myVps charon-systemd[2265]: generating INFORMATIONAL request 8 [ ]
    Sep 28 09:36:52 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:36:52 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:36:52 myVps charon-systemd[2265]: parsed INFORMATIONAL response 8 [ ]
    Sep 28 09:37:02 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:37:02 myVps charon-systemd[2265]: generating INFORMATIONAL request 9 [ ]
    Sep 28 09:37:02 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:37:02 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:37:02 myVps charon-systemd[2265]: parsed INFORMATIONAL response 9 [ ]
    Sep 28 09:37:07 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:37:07 myVps charon-systemd[2265]: generating INFORMATIONAL request 8 [ ]
    Sep 28 09:37:07 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:37:07 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:37:07 myVps charon-systemd[2265]: parsed INFORMATIONAL response 8 [ ]
    Sep 28 09:37:15 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:37:15 myVps charon-systemd[2265]: parsed INFORMATIONAL request 7 [ D ]
    Sep 28 09:37:15 myVps charon-systemd[2265]: received DELETE for ESP CHILD_SA with SPI 393fd5a4
    Sep 28 09:37:15 myVps charon-systemd[2265]: closing CHILD_SA vpn{3} with SPIs ce4e8144_i (0 bytes) 393fd5a4_o (0 bytes)>
    Sep 28 09:37:15 myVps charon-systemd[2265]: sending DELETE for ESP CHILD_SA with SPI ce4e8144
    Sep 28 09:37:15 myVps charon-systemd[2265]: CHILD_SA closed
    Sep 28 09:37:15 myVps charon-systemd[2265]: generating INFORMATIONAL response 7 [ D ]
    Sep 28 09:37:15 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:37:32 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:37:32 myVps charon-systemd[2265]: generating INFORMATIONAL request 10 [ ]
    Sep 28 09:37:32 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:37:32 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:37:32 myVps charon-systemd[2265]: parsed INFORMATIONAL response 10 [ ]
    Sep 28 09:37:37 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:37:37 myVps charon-systemd[2265]: generating INFORMATIONAL request 9 [ ]
    Sep 28 09:37:37 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:37:37 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:37:37 myVps charon-systemd[2265]: parsed INFORMATIONAL response 9 [ ]
    Sep 28 09:37:46 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:37:46 myVps charon-systemd[2265]: generating INFORMATIONAL request 9 [ ]
    Sep 28 09:37:46 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:37:46 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:37:46 myVps charon-systemd[2265]: parsed INFORMATIONAL response 9 [ ]
    Sep 28 09:38:02 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:38:02 myVps charon-systemd[2265]: generating INFORMATIONAL request 11 [ ]
    Sep 28 09:38:02 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:38:02 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:38:02 myVps charon-systemd[2265]: parsed INFORMATIONAL response 11 [ ]
    Sep 28 09:38:03 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:38:03 myVps charon-systemd[2265]: parsed INFORMATIONAL request 7 [ D ]
    Sep 28 09:38:03 myVps charon-systemd[2265]: received DELETE for ESP CHILD_SA with SPI 634e41ea
    Sep 28 09:38:03 myVps charon-systemd[2265]: closing CHILD_SA vpn{2} with SPIs cfb104ec_i (8184 bytes) 634e41ea_o (6723 >
    Sep 28 09:38:03 myVps charon-systemd[2265]: sending DELETE for ESP CHILD_SA with SPI cfb104ec
    Sep 28 09:38:03 myVps charon-systemd[2265]: CHILD_SA closed
    Sep 28 09:38:03 myVps charon-systemd[2265]: generating INFORMATIONAL response 7 [ D ]
    Sep 28 09:38:03 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:38:07 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:38:07 myVps charon-systemd[2265]: parsed INFORMATIONAL request 7 [ D ]
    Sep 28 09:38:07 myVps charon-systemd[2265]: received DELETE for ESP CHILD_SA with SPI dcee5fe0
    Sep 28 09:38:07 myVps charon-systemd[2265]: closing CHILD_SA vpn{1} with SPIs c51683d5_i (6723 bytes) dcee5fe0_o (8184 >
    Sep 28 09:38:07 myVps charon-systemd[2265]: sending DELETE for ESP CHILD_SA with SPI c51683d5
    Sep 28 09:38:07 myVps charon-systemd[2265]: CHILD_SA closed
    Sep 28 09:38:07 myVps charon-systemd[2265]: generating INFORMATIONAL response 7 [ D ]
    Sep 28 09:38:07 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:38:17 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:38:17 myVps charon-systemd[2265]: generating INFORMATIONAL request 10 [ ]
    Sep 28 09:38:17 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:38:17 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:38:17 myVps charon-systemd[2265]: parsed INFORMATIONAL response 10 [ ]
    Sep 28 09:38:32 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:38:32 myVps charon-systemd[2265]: generating INFORMATIONAL request 10 [ ]
    Sep 28 09:38:32 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:38:32 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:38:32 myVps charon-systemd[2265]: parsed INFORMATIONAL response 10 [ ]
    Sep 28 09:38:37 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:38:37 myVps charon-systemd[2265]: generating INFORMATIONAL request 12 [ ]
    Sep 28 09:38:37 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (76 bytes)
    Sep 28 09:38:37 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:38:37 myVps charon-systemd[2265]: parsed INFORMATIONAL response 12 [ ]
    Sep 28 09:38:48 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:38:48 myVps charon-systemd[2265]: generating INFORMATIONAL request 11 [ ]
    Sep 28 09:38:48 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:38:48 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:38:48 myVps charon-systemd[2265]: parsed INFORMATIONAL response 11 [ ]
    Sep 28 09:39:01 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4894] to 999.999.999.999[4500] (444 bytes)
    Sep 28 09:39:01 myVps charon-systemd[2265]: parsed CREATE_CHILD_SA request 8 [ SA No TSi TSr ]
    Sep 28 09:39:01 myVps charon-systemd[2265]: selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
    Sep 28 09:39:01 myVps charon-systemd[2265]: CHILD_SA vpn{4} established with SPIs c84cbd41_i 33d9aaba_o and TS 10.10.10>
    Sep 28 09:39:01 myVps charon-systemd[2265]: generating CREATE_CHILD_SA response 8 [ SA No TSi TSr ]
    Sep 28 09:39:01 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4894] (204 bytes)
    Sep 28 09:39:02 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:39:02 myVps charon-systemd[2265]: generating INFORMATIONAL request 11 [ ]
    Sep 28 09:39:02 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:39:02 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:39:02 myVps charon-systemd[2265]: parsed INFORMATIONAL response 11 [ ]
    Sep 28 09:39:19 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:39:19 myVps charon-systemd[2265]: generating INFORMATIONAL request 12 [ ]
    Sep 28 09:39:19 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.238.234.219[60859] (76 bytes)
    Sep 28 09:39:19 myVps charon-systemd[2265]: received packet: from 87.238.234.219[60859] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:39:19 myVps charon-systemd[2265]: parsed INFORMATIONAL response 12 [ ]
    Sep 28 09:39:32 myVps charon-systemd[2265]: sending DPD request
    Sep 28 09:39:32 myVps charon-systemd[2265]: generating INFORMATIONAL request 12 [ ]
    Sep 28 09:39:32 myVps charon-systemd[2265]: sending packet: from 999.999.999.999[4500] to 87.117.185.54[4874] (76 bytes)
    Sep 28 09:39:32 myVps charon-systemd[2265]: received packet: from 87.117.185.54[4874] to 999.999.999.999[4500] (76 bytes)
    Sep 28 09:39:32 myVps charon-systemd[2265]: parsed INFORMATIONAL response 12 [ ]
    lines 444-492/492 (END)

Тут меня смущают строки sending DELETE for ESP CHILD_SA with SPI ..., которые приходят ровно через 5 минут бездействия клиента.

freeradius -X показывает только инфу о подключениях VPN, но про RDP соединение ничего нет. Если нужно приложу, там много строк.

←	mkisofs - добавление с исходным каталогом

Darwin. Кто пробовал, какие ощущения?

→

dpdaction=clear

this.

Anoxemian ★★★★★
(30.09.24 14:30:51 MSK)

Ответ на: комментарий от Anoxemian 30.09.24 14:30:51 MSK

Так тоже пробовал. Конкретно сейчас потестил с

dpd_action = clear
start_action = start
close_action=start

но результат тот же - 5 минут и received DELETE for ESP CHILD_SA with SPI

a13428711
(30.09.24 14:52:07 MSK) автор топика

Ответ на: комментарий от a13428711 30.09.24 14:52:07 MSK

Странно еще, что DPD пакеты идут стабильно раз в 30 сек. Я думал они поддерживают жизнь соединения, но нет. А попытка подключения по RDP поддерживает. Вообще непонятно.

a13428711
(30.09.24 14:55:12 MSK) автор топика

Ответ на: комментарий от a13428711 30.09.24 14:52:07 MSK

Ты как себя чувствуешь?

Anoxemian ★★★★★
(30.09.24 15:02:39 MSK)

Ответ на: комментарий от Anoxemian 30.09.24 15:02:39 MSK

Как человек, который только начал работать с сетями) Все выходные читаю инфу по этой тематике, но общая картина пока не выстраивается.

a13428711
(30.09.24 15:12:43 MSK) автор топика

Ответ на: комментарий от a13428711 30.09.24 15:12:43 MSK

Ну давай головой попробуем:

- Аааа.... Ошибка!

- Вот ошибка: dpdaction=clear

- Я сделал
dpd_action = clear
start_action = start
close_action=start
, ошибка!

Ничего странного не находишь? ))

Anoxemian ★★★★★
(30.09.24 18:04:56 MSK)

Ответ на: комментарий от a13428711 30.09.24 15:12:43 MSK

В общем лови ответ: dpd - это механизм отлова stale connections, то, о чем ты говоришь - это keep alive механизм. Если ты пользуешь strongswan (одобряю), то надо так:

force_keepalive=yes
keep_alive=13
start_action = trap|start
dpd_action = restart

Все выходные читаю инфу

Читать надо прекрасную документацию. Все остальное - бесовское. https://docs.strongswan.org/

Anoxemian ★★★★★
(30.09.24 18:14:31 MSK)

Ответ на: комментарий от Anoxemian 30.09.24 18:14:31 MSK

Ничего странного не находишь? )) Ааа, ты об этом) Немного неправильно сформулировал ответ. В такой вариации как ты предлагал тоже пробовал, результатов не было, но к этому моменту остановился на той, что показал. Про нее упомянул на случай если похожие предложения будут)

В общем лови ответ: dpd - это механизм отлова stale connections, то, о чем ты говоришь - это keep alive механизм Я по началу так и думал, но ничего похожего на keep alive в описании конфигурационного файла не нашел. Собственно с параметрами

force_keepalive=yes
keep_alive=13

попытка запуска strongswan выдает ошибку

loading connection 'myVpn' failed: unknown option: force_keepalive, config discard>

Ни в описании swanctl ни в руководстве по миграции с ipsec на swanctl этих параметров не нашел, хотя на форумах в примерах он встречался.

то надо так Сделал (соответственно, без первых двух), но ситуация не изменилась.

a13428711
(30.09.24 22:37:28 MSK) автор топика

←	mkisofs - добавление с исходным каталогом

Admin

Darwin. Кто пробовал, какие ощущения?

→

Похожие темы