Project

General

Profile

strongSwan Connection Status and Log Information

With ipsec start the charon IKEv2 daemon is started, the win7 connection definition is loaded,
and the win7 virtual IP address pool consisting of a single address is created.

Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[DMN] starting charon (strongSwan Version 4.2.11) 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts' 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[LIB]   loaded certificate file '/etc/ipsec.d/cacerts/cacert.pem' 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts' 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts' 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts' 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[CFG] loading crls from '/etc/ipsec.d/crls' 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[CFG] loading secrets from '/etc/ipsec.secrets' 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[CFG]   loaded private key file '/etc/ipsec.d/private/aKey.pem' 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[DMN] loaded plugins: aes des sha1 sha2 md5 fips-prf random x509 pubkey xcbc hmac gmp kernel-netlink stroke updown  
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[KNL] listening on interfaces: 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[KNL]   eth0 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[KNL]     131.181.6.180 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[KNL]     fd00::2 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[KNL]     fe80::250:56ff:fe88:4069 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[KNL]   dummy0 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[KNL]     192.168.0.1 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[KNL]     fe80::ac72:3dff:fec4:1653 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 01[JOB] spawning 16 worker threads 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 10[CFG] received stroke: add connection 'win7' 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 10[LIB]   loaded certificate file '/etc/ipsec.d/certs/aCert.pem' 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 10[CFG]   peerid 131.181.6.180 not confirmed by certificate, defaulting to subject DN 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 10[CFG] added configuration 'win7': 131.181.6.180[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=a, E=a@isi.qut.edu.au]...%any[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au] 
Jan 21 18:36:58 Ubuntu-Test-180 charon: 10[CFG] adding virtual IP address pool 'win7': 192.168.1.245/32 

On the Windows 7 client the VPN connection is started by pressing the Connect button.
The strongSwan log shows that Windows7 sends certificate requests for several CAs and
the configuration payload requesting a virtual IP address contains also the Microsoft proprietary
attributes INTERNAL_IP4_SERVER and INTERNAL_IP6_SERVER. Windows 7 announces MOBIKE support.

Jan 21 18:37:32 Ubuntu-Test-180 charon: 16[NET] received packet: from 131.181.6.245r500 to 131.181.6.180r500 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 16[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 16[IKE] 131.181.6.245 is initiating an IKE_SA 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 16[IKE] sending cert request for "C=AU, ST=Queensland, L=Brisbane, O=QUT, OU=ISI, CN=isi-admin, E=admin@isi.qut.edu.au" 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 16[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ] 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 16[NET] sending packet: from 131.181.6.180r500 to 131.181.6.245r500 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[NET] received packet: from 131.181.6.245r4500 to 131.181.6.180r4500 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[ENC] unknown attribute type INTERNAL_IP4_SERVER 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[ENC] unknown attribute type INTERNAL_IP6_SERVER 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH N(MOBIKE_SUP) CP SA TSi TSr ] 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received cert request for unknown ca with keyid 0e:ac:82:60:40:56:27:97:e5:25:13:fc:2a:e1:0a:53:95:59:e4:a4 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received cert request for unknown ca with keyid dd:bc:bd:86:9c:3f:07:ed:40:e3:1b:08:ef:ce:c4:d1:88:cd:3b:15 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received cert request for "C=AU, ST=Queensland, L=Brisbane, O=QUT, OU=ISI, CN=isi-admin, E=admin@isi.qut.edu.au" 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received cert request for unknown ca with keyid 4a:5c:75:22:aa:46:bf:a4:08:9d:39:97:4e:bd:b4:a3:60:f7:a0:1d 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received cert request for unknown ca with keyid 01:f0:33:4c:1a:a1:d9:ee:5b:7b:a9:de:43:bc:02:7d:57:09:33:fb 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received cert request for unknown ca with keyid 22:cd:37:f1:b1:47:50:ae:53:7c:8c:6a:03:67:47:e2:b7:1e:17:b7 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received cert request for unknown ca with keyid 34:4f:30:2d:25:69:31:91:ea:f7:73:5c:ab:f5:86:8d:37:82:40:ec 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received cert request for unknown ca with keyid 3e:df:29:0c:c1:f5:cc:73:2c:eb:3d:24:e1:7e:52:da:bd:27:e2:f0 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received cert request for unknown ca with keyid 5f:f3:24:6c:8f:91:24:af:9b:5f:3e:b0:34:6a:f4:2d:5c:a8:5d:cc 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received cert request for unknown ca with keyid e2:7f:7b:d8:77:d5:df:9e:0a:3f:9e:b4:cb:0e:2e:a9:ef:db:69:77 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] received end entity cert "C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au" 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[CFG]   using certificate "C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au" 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[CFG]   using trusted ca certificate "C=AU, ST=Queensland, L=Brisbane, O=QUT, OU=ISI, CN=isi-admin, E=admin@isi.qut.edu.au" 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[CFG] checking certificate status of "C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au" 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[CFG] certificate status is not available 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] authentication of 'C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au' with RSA signature successful 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[CFG] found matching peer config "win7": C=AU, ST=Queensland, O=QUT, OU=ISI, CN=a, E=a@isi.qut.edu.au...C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au with prio 21.5 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] ignoring INTERNAL_IP4_NBNS config attribute 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] ignoring INTERNAL_IP4_SERVER config attribute 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] ignoring INTERNAL_IP6_SERVER config attribute 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] peer supports MOBIKE 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] authentication of 'C=AU, ST=Queensland, O=QUT, OU=ISI, CN=a, E=a@isi.qut.edu.au' (myself) with RSA signature successful 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] scheduling reauthentication in 10235s 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] maximum IKE_SA lifetime 10775s 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] IKE_SA win7r1 established between 131.181.6.180[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=a, E=a@isi.qut.edu.au]...131.181.6.245[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au] 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] sending end entity cert "C=AU, ST=Queensland, O=QUT, OU=ISI, CN=a, E=a@isi.qut.edu.au" 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] peer requested virtual IP %any 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[CFG] assigning new lease to C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] assigning virtual IP 192.168.1.245 to peer 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[IKE] CHILD_SA win7{1} established with SPIs c03452c7_i c515d3a9_o and TS 192.168.0.0/24 === 192.168.1.245/32  
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CP SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) ] 
Jan 21 18:37:32 Ubuntu-Test-180 charon: 17[NET] sending packet: from 131.181.6.180r4500 to 131.181.6.245r4500 

The ipsec listall command gives an overview of the X.509 End Entity and CA certificates
used as well as all registered IKEv2 cryptographical algorithms that are available.

List of X.509 End Entity Certificates:

  subject:  "C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au" 
  issuer:   "C=AU, ST=Queensland, L=Brisbane, O=QUT, OU=ISI, CN=isi-admin, E=admin@isi.qut.edu.au" 
  serial:    07
  validity:  not before Jan 19 18:33:00 2009, ok
             not after  Jan 17 18:33:00 2019, ok
  pubkey:    RSA 1024 bits
  keyid:     59:fb:31:cb:83:e9:16:c2:5e:9d:d8:95:a2:f3:c7:8c:bc:a8:5d:c3
  subjkey:   08:80:16:8d:67:a6:80:ad:83:6d:eb:d5:36:58:e7:fa:26:f9:40:d1
  authkey:   80:7c:e3:f6:01:03:55:0d:82:a7:09:b5:5c:cd:42:ed:a8:8f:2e:7d

  subject:  "C=AU, ST=Queensland, O=QUT, OU=ISI, CN=a, E=a@isi.qut.edu.au" 
  issuer:   "C=AU, ST=Queensland, L=Brisbane, O=QUT, OU=ISI, CN=isi-admin, E=admin@isi.qut.edu.au" 
  serial:    05
  validity:  not before Jan 19 18:32:17 2009, ok
             not after  Jan 17 18:32:17 2019, ok
  pubkey:    RSA 1024 bits, has private key
  keyid:     49:98:85:02:27:14:0e:64:55:e5:41:52:2d:3c:f6:79:a2:d6:72:8d
  subjkey:   54:4a:a0:02:1b:58:12:41:64:8a:7f:bb:32:74:50:91:4c:00:10:02
  authkey:   80:7c:e3:f6:01:03:55:0d:82:a7:09:b5:5c:cd:42:ed:a8:8f:2e:7d

List of X.509 CA Certificates:

  subject:  "C=AU, ST=Queensland, L=Brisbane, O=QUT, OU=ISI, CN=isi-admin, E=admin@isi.qut.edu.au" 
  issuer:   "C=AU, ST=Queensland, L=Brisbane, O=QUT, OU=ISI, CN=isi-admin, E=admin@isi.qut.edu.au" 
  serial:    00:ce:c1:54:71:77:e1:89:ae
  validity:  not before Jan 19 18:26:01 2009, ok
             not after  Sep 28 19:26:01 2022, ok
  pubkey:    RSA 1024 bits
  keyid:     70:1d:2c:c9:cf:4b:fb:36:6b:07:89:dd:01:e4:29:b2:f0:4a:05:86
  subjkey:   80:7c:e3:f6:01:03:55:0d:82:a7:09:b5:5c:cd:42:ed:a8:8f:2e:7d
  authkey:   80:7c:e3:f6:01:03:55:0d:82:a7:09:b5:5c:cd:42:ed:a8:8f:2e:7d

List of registered IKEv2 Algorithms:

  encryption: AES_CBC 3DES DES
  integrity:  AES_XCBC_96 HMAC_SHA1_96 AUTH_HMAC_SHA1_128 AUTH_HMAC_SHA2_256_128 HMAC_MD5_96 AUTH_HMAC_SHA2_384_192 AUTH_HMASHA2_512_256
  hasher:     HASH_SHA1 HASH_SHA256 HASH_SHA384 HASH_SHA512 HASH_MD5
  prf:        PRF_KEYED_SHA1 PRF_FIPS_SHA1_160 PRF_AES128_CBC PRF_HMAC_SHA2_256 PRF_HMAC_SHA1 PRF_HMAC_MD5 PRF_HMAC_SHA2_384RF_HMAC_SHA2_512
  dh-group:   MODP_2048_BIT MODP_1536_BIT MODP_3072_BIT MODP_4096_BIT MODP_6144_BIT MODP_8192_BIT MODP_1024_BIT MODP_768_BIT

On the Windows 7 client the VPN connection is tested by pinging the host 192.168.0.1 located in the subnet
hidden behind the strongSwan gateway

C:\Users\asteffen>ping 192.168.0.1

Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64
Reply from 192.168.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.0.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

The output of ipsec statusall win7 on the strongSwan VPN gateway looks as follows

Performance:
  uptime: 106 seconds, since Jan 21 18:36:58 2009
  worker threads: 9 idle of 16, job queue load: 0, scheduled events: 2
  loaded plugins: aes des sha1 sha2 md5 fips-prf random x509 pubkey xcbc hmac gmp kernel-netlink stroke updown
Virtual IP pools (size/online/offline):
  win7: 1/1/0
Listening IP addresses:
  131.181.6.180
  fd00::2
  192.168.0.1
Connections:
        win7:  131.181.6.180[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=a, E=a@isi.qut.edu.au]...%any[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au]
        win7:  CAs: "C=AU, ST=Queensland, L=Brisbane, O=QUT, OU=ISI, CN=isi-admin, E=admin@isi.qut.edu.au"...%any
        win7:  public key authentication
        win7:    192.168.0.0/24 === dynamic/32
Security Associations:
        win7r1: ESTABLISHED 72 seconds, 131.181.6.180[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=a, E=a@isi.qut.edu.au]...131.181.6.245[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au]
        win7r1: IKE SPIs: 618be5c2068018dd_i 0aa98412bbb2d218_r*, public key reauthentication in 2 hours
        win7r1: IKE proposal: 3DES/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_BIT
        win7{1}:  INSTALLED, TUNNEL, ESP SPIs: c03452c7_i c515d3a9_o
        win7{1}:  AES_CBC-256/HMAC_SHA1_96, rekeying in 42 minutes, last use: 9s_i 9s_o
        win7{1}:   192.168.0.0/24 === 192.168.1.245/32

After about 6 minutes of network inactivity the VPN tunnel is automatically taken down by Windows 7 by issuing a CHILD_SA delete notification
to the strongSwan gateway.

Jan 21 18:43:35 Ubuntu-Test-180 charon: 10[NET] received packet: from 131.181.6.245r4500 to 131.181.6.180r4500 
Jan 21 18:43:35 Ubuntu-Test-180 charon: 10[ENC] parsed INFORMATIONAL request 2 [ D ] 
Jan 21 18:43:35 Ubuntu-Test-180 charon: 10[IKE] received DELETE for ESP CHILD_SA with SPI c515d3a9 
Jan 21 18:43:35 Ubuntu-Test-180 charon: 10[IKE] closing CHILD_SA win7{1} with SPIs c03452c7_i c515d3a9_o and TS 192.168.0.0/24 === 192.168.1.245/32  
Jan 21 18:43:35 Ubuntu-Test-180 charon: 10[IKE] sending DELETE for ESP CHILD_SA with SPI c03452c7 
Jan 21 18:43:35 Ubuntu-Test-180 charon: 10[IKE] CHILD_SA closed 
Jan 21 18:43:35 Ubuntu-Test-180 charon: 10[ENC] generating INFORMATIONAL response 2 [ D ] 
Jan 21 18:43:35 Ubuntu-Test-180 charon: 10[NET] sending packet: from 131.181.6.180r4500 to 131.181.6.245r4500 

As soon as a payload packet needs to use the tunnel, Windows 7 starts a CREATE_CHILD_SA exchange and re-establishes
the IPsec SA. To our big surprise Windows 7 does not drop any payload packets during this transitional phase!

Jan 21 18:44:39 Ubuntu-Test-180 charon: 13[NET] received packet: from 131.181.6.245r4500 to 131.181.6.180r4500 
Jan 21 18:44:39 Ubuntu-Test-180 charon: 13[ENC] parsed CREATE_CHILD_SA request 3 [ SA No TSi TSr ] 
Jan 21 18:44:39 Ubuntu-Test-180 charon: 13[IKE] CHILD_SA win7{2} established with SPIs cd49a622_i d89f10f1_o and TS 192.168.0.0/24 === 192.168.1.245/32  
Jan 21 18:44:39 Ubuntu-Test-180 charon: 13[ENC] generating CREATE_CHILD_SA response 3 [ SA No TSi TSr ] 
Jan 21 18:44:39 Ubuntu-Test-180 charon: 13[NET] sending packet: from 131.181.6.180r4500 to 131.181.6.245r4500 

Here is the new connection status according to ipsec statusall win7

Performance:
  uptime: 7 minutes, since Jan 21 18:36:58 2009
  worker threads: 9 idle of 16, job queue load: 0, scheduled events: 2
  loaded plugins: aes des sha1 sha2 md5 fips-prf random x509 pubkey xcbc hmac gmp kernel-netlink stroke updown
Virtual IP pools (size/online/offline):
  win7: 1/1/0
Listening IP addresses:
  131.181.6.180
  fd00::2
  192.168.0.1
Connections:
        win7:  131.181.6.180[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=a, E=a@isi.qut.edu.au]...%any[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au]
        win7:  CAs: "C=AU, ST=Queensland, L=Brisbane, O=QUT, OU=ISI, CN=isi-admin, E=admin@isi.qut.edu.au"...%any
        win7:  public key authentication
        win7:    192.168.0.0/24 === dynamic/32
Security Associations:
        win7r1: ESTABLISHED 7 minutes, 131.181.6.180[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=a, E=a@isi.qut.edu.au]...131.181.6.245[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au]
        win7r1: IKE SPIs: 618be5c2068018dd_i 0aa98412bbb2d218_r*, public key reauthentication in 2 hours
        win7r1: IKE proposal: 3DES/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024_BIT
        win7{2}:  INSTALLED, TUNNEL, ESP SPIs: cd49a622_i d89f10f1_o
        win7{2}:  AES_CBC-256/HMAC_SHA1_96, rekeying in 43 minutes, last use: 9s_i 9s_o
        win7{2}:   192.168.0.0/24 === 192.168.1.245/32

Pressing the Disconnect button on the Windows 7 client deletes the win7 IKE_SA

Jan 21 18:45:51 Ubuntu-Test-180 charon: 17[NET] received packet: from 131.181.6.245r4500 to 131.181.6.180r4500 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 17[ENC] parsed INFORMATIONAL request 4 [ D ] 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 17[IKE] received DELETE for ESP CHILD_SA with SPI d89f10f1 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 17[IKE] closing CHILD_SA win7{2} with SPIs cd49a622_i d89f10f1_o and TS 192.168.0.0/24 === 192.168.1.245/32  
Jan 21 18:45:51 Ubuntu-Test-180 charon: 17[IKE] sending DELETE for ESP CHILD_SA with SPI cd49a622 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 17[IKE] CHILD_SA closed 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 17[ENC] generating INFORMATIONAL response 4 [ D ] 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 17[NET] sending packet: from 131.181.6.180r4500 to 131.181.6.245r4500 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 03[NET] received packet: from 131.181.6.245r4500 to 131.181.6.180r4500 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 03[ENC] parsed INFORMATIONAL request 5 [ D ] 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 03[IKE] received DELETE for IKE_SA win7r1 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 03[IKE] deleting IKE_SA win7r1 between 131.181.6.180[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=a, E=a@isi.qut.edu.au]...131.181.6.245[C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au] 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 03[IKE] IKE_SA deleted 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 03[ENC] generating INFORMATIONAL response 5 [ ] 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 03[NET] sending packet: from 131.181.6.180r4500 to 131.181.6.245r4500 
Jan 21 18:45:51 Ubuntu-Test-180 charon: 03[CFG] lease 192.168.1.245 to C=AU, ST=Queensland, O=QUT, OU=ISI, CN=c, E=c@isi.qut.edu.au went offline