Logs of VPN Working - OnPrem NAT with no NAT configured on Azure. 1/23/2023 13:41 charon 54655 12[NET] <3436> received packet: from 168.*.*.*[500] to 96.*.*.*[500] (536 bytes) 1/23/2023 13:41 charon 54655 12[ENC] <3436> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ] 1/23/2023 13:41 charon 54655 12[CFG] <3436> looking for an IKEv2 config for 96.*.*.*...168.*.*.* 1/23/2023 13:41 charon 54655 12[CFG] <3436> candidate: 96.*.*.*...168.*.*.*, prio 3100 1/23/2023 13:41 charon 54655 12[CFG] <3436> found matching ike config: 96.*.*.*...168.*.*.* with prio 3100 1/23/2023 13:41 charon 54655 12[IKE] <3436> local endpoint changed from 0.0.0.0[500] to 96.*.*.*[500] 1/23/2023 13:41 charon 54655 12[IKE] <3436> remote endpoint changed from 0.0.0.0 to 168.*.*.*[500] 1/23/2023 13:41 charon 54655 12[IKE] <3436> received MS NT5 ISAKMPOAKLEY v9 vendor ID 1/23/2023 13:41 charon 54655 12[IKE] <3436> received MS-Negotiation Discovery Capable vendor ID 1/23/2023 13:41 charon 54655 12[IKE] <3436> received Vid-Initial-Contact vendor ID 1/23/2023 13:41 charon 54655 12[ENC] <3436> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 1/23/2023 13:41 charon 54655 12[IKE] <3436> 168.*.*.* is initiating an IKE_SA 1/23/2023 13:41 charon 54655 12[IKE] <3436> IKE_SA (unnamed)[3436] state change: CREATED => CONNECTING 1/23/2023 13:41 charon 54655 12[CFG] <3436> selecting proposal: 1/23/2023 13:41 charon 54655 12[CFG] <3436> proposal matches 1/23/2023 13:41 charon 54655 12[CFG] <3436> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 1/23/2023 13:41 charon 54655 12[CFG] <3436> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 1/23/2023 13:41 charon 54655 12[CFG] <3436> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 1/23/2023 13:41 charon 54655 12[ENC] <3436> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(CHDLESS_SUP) N(MULT_AUTH) ] 1/23/2023 13:41 charon 54655 12[NET] <3436> sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (448 bytes) 1/23/2023 13:41 charon 54655 12[NET] <3436> received packet: from 168.*.*.*[500] to 96.*.*.*[500] (224 bytes) 1/23/2023 13:41 charon 54655 12[ENC] <3436> parsed IKE_AUTH request 1 [ IDi AUTH SA TSi TSr ] 1/23/2023 13:41 charon 54655 12[CFG] <3436> looking for peer configs matching 96.*.*.*[%any]...168.*.*.*[168.*.*.*] 1/23/2023 13:41 charon 54655 12[CFG] <3436> candidate "con1", match: 1/20/3100 (me/other/ike) 1/23/2023 13:41 charon 54655 12[CFG] selected peer config 'con1' 1/23/2023 13:41 charon 54655 12[IKE] authentication of '168.*.*.*' with pre-shared key successful 1/23/2023 13:41 charon 54655 12[IKE] authentication of '96.*.*.*' (myself) with pre-shared key 1/23/2023 13:41 charon 54655 12[IKE] successfully created shared key MAC 1/23/2023 13:41 charon 54655 12[IKE] IKE_SA con1[3436] established between 96.*.*.*[96.*.*.*]...168.*.*.*[168.*.*.*] 1/23/2023 13:41 charon 54655 12[IKE] IKE_SA con1[3436] state change: CONNECTING => ESTABLISHED 1/23/2023 13:41 charon 54655 12[IKE] scheduling rekeying in 24958s 1/23/2023 13:41 charon 54655 12[IKE] maximum IKE_SA lifetime 27838s 1/23/2023 13:41 charon 54655 12[CFG] looking for a child config for 0.0.0.0/0|/0 === 0.0.0.0/0|/0 1/23/2023 13:41 charon 54655 12[CFG] proposing traffic selectors for us: 1/23/2023 13:41 charon 54655 12[CFG] 110.0.0.0/24|10.0.0.0/24 1/23/2023 13:41 charon 54655 12[CFG] proposing traffic selectors for other: 1/23/2023 13:41 charon 54655 12[CFG] 10.4.0.0/16|/0 1/23/2023 13:41 charon 54655 12[CFG] candidate "con1" with prio 1+1 1/23/2023 13:41 charon 54655 12[CFG] found matching child config "con1" with prio 2 1/23/2023 13:41 charon 54655 12[CFG] selecting proposal: 1/23/2023 13:41 charon 54655 12[CFG] proposal matches 1/23/2023 13:41 charon 54655 12[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ 1/23/2023 13:41 charon 54655 12[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ 1/23/2023 13:41 charon 54655 12[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ 1/23/2023 13:41 charon 54655 12[CFG] selecting traffic selectors for us: 1/23/2023 13:41 charon 54655 12[CFG] config: 110.0.0.0/24|10.0.0.0/24, received: 0.0.0.0/0|/0 => match: 110.0.0.0/24|10.0.0.0/24 1/23/2023 13:41 charon 54655 12[CFG] selecting traffic selectors for other: 1/23/2023 13:41 charon 54655 12[CFG] config: 10.4.0.0/16|/0, received: 0.0.0.0/0|/0 => match: 10.4.0.0/16|/0 1/23/2023 13:41 charon 54655 12[CHD] CHILD_SA con1{3426} state change: CREATED => INSTALLING 1/23/2023 13:41 charon 54655 12[CHD] using AES_CBC for encryption 1/23/2023 13:41 charon 54655 12[CHD] using HMAC_SHA2_256_128 for integrity 1/23/2023 13:41 charon 54655 12[CHD] adding inbound ESP SA 1/23/2023 13:41 charon 54655 12[CHD] SPI 0xcd57a477, src 168.*.*.* dst 96.*.*.* 1/23/2023 13:41 charon 54655 12[CHD] adding outbound ESP SA 1/23/2023 13:41 charon 54655 12[CHD] SPI 0x198c92a6, src 96.*.*.* dst 168.*.*.* 1/23/2023 13:41 charon 54655 12[IKE] CHILD_SA con1{3426} established with SPIs cd57a477_i 198c92a6_o and TS 110.0.0.0/24|10.0.0.0/24 === 10.4.0.0/16|/0 1/23/2023 13:41 charon 54655 12[CHD] CHILD_SA con1{3426} state change: INSTALLING => INSTALLED 1/23/2023 13:41 charon 54655 12[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] 1/23/2023 13:41 charon 54655 12[NET] sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (224 bytes) 1/23/2023 13:41 charon 54655 10[CFG] vici client 8815 connected 1/23/2023 13:41 charon 54655 10[CFG] vici client 8815 registered for: list-sa 1/23/2023 13:41 charon 54655 12[CFG] vici client 8815 requests: list-sas 1/23/2023 13:41 charon 54655 10[CFG] vici client 8815 disconnected 1/23/2023 13:41 charon 54655 05[IKE] sending DPD request 1/23/2023 13:41 charon 54655 05[IKE] queueing IKE_DPD task 1/23/2023 13:41 charon 54655 05[IKE] activating new tasks 1/23/2023 13:41 charon 54655 05[IKE] activating IKE_DPD task 1/23/2023 13:41 charon 54655 05[ENC] generating INFORMATIONAL request 0 [ ] 1/23/2023 13:41 charon 54655 05[NET] sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (80 bytes) 1/23/2023 13:41 charon 54655 05[NET] received packet: from 168.*.*.*[500] to 96.*.*.*[500] (80 bytes) 1/23/2023 13:41 charon 54655 05[ENC] parsed INFORMATIONAL response 0 [ ] 1/23/2023 13:41 charon 54655 05[IKE] activating new tasks 1/23/2023 13:41 charon 54655 05[IKE] nothing to initiate 1/23/2023 13:41 charon 54655 10[NET] received packet: from 168.*.*.*[500] to 96.*.*.*[500] (80 bytes) 1/23/2023 13:41 charon 54655 10[ENC] parsed INFORMATIONAL request 2 [ ] 1/23/2023 13:41 charon 54655 10[ENC] generating INFORMATIONAL response 2 [ ] 1/23/2023 13:41 charon 54655 10[NET] sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (80 bytes) 1/23/2023 13:41 charon 54655 10[IKE] sending DPD request 1/23/2023 13:41 charon 54655 10[IKE] queueing IKE_DPD task 1/23/2023 13:41 charon 54655 10[IKE] activating new tasks 1/23/2023 13:41 charon 54655 10[IKE] activating IKE_DPD task 1/23/2023 13:41 charon 54655 10[ENC] generating INFORMATIONAL request 1 [ ] 1/23/2023 13:41 charon 54655 10[NET] sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (80 bytes) 1/23/2023 13:41 charon 54655 10[NET] received packet: from 168.*.*.*[500] to 96.*.*.*[500] (80 bytes) 1/23/2023 13:41 charon 54655 10[ENC] parsed INFORMATIONAL response 1 [ ] 1/23/2023 13:41 charon 54655 10[IKE] activating new tasks 1/23/2023 13:41 charon 54655 10[IKE] nothing to initiate 1/23/2023 13:41 charon 54655 10[NET] received packet: from 168.*.*.*[500] to 96.*.*.*[500] (80 bytes) 1/23/2023 13:41 charon 54655 10[ENC] parsed INFORMATIONAL request 3 [ ] 1/23/2023 13:41 charon 54655 10[ENC] generating INFORMATIONAL response 3 [ ] 1/23/2023 13:41 charon 54655 10[NET] sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (80 bytes) 1/23/2023 13:41 charon 54655 10[IKE] sending DPD request 1/23/2023 13:41 charon 54655 10[IKE] queueing IKE_DPD task 1/23/2023 13:41 charon 54655 10[IKE] activating new tasks 1/23/2023 13:41 charon 54655 10[IKE] activating IKE_DPD task 1/23/2023 13:41 charon 54655 10[ENC] generating INFORMATIONAL request 2 [ ] 1/23/2023 13:41 charon 54655 10[NET] sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (80 bytes) 1/23/2023 13:41 charon 54655 10[NET] received packet: from 168.*.*.*[500] to 96.*.*.*[500] (80 bytes) 1/23/2023 13:41 charon 54655 10[ENC] parsed INFORMATIONAL response 2 [ ] 1/23/2023 13:41 charon 54655 10[IKE] activating new tasks 1/23/2023 13:41 charon 54655 10[IKE] nothing to initiate 1/23/2023 13:41 charon 54655 10[NET] received packet: from 168.*.*.*[500] to 96.*.*.*[500] (80 bytes) 1/23/2023 13:41 charon 54655 10[ENC] parsed INFORMATIONAL request 4 [ ] 1/23/2023 13:41 charon 54655 10[ENC] generating INFORMATIONAL response 4 [ ] 1/23/2023 13:41 charon 54655 10[NET] sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (80 bytes) 1/23/2023 13:42 charon 54655 13[IKE] sending DPD request 1/23/2023 13:42 charon 54655 13[IKE] queueing IKE_DPD task 1/23/2023 13:42 charon 54655 13[IKE] activating new tasks 1/23/2023 13:42 charon 54655 13[IKE] activating IKE_DPD task 1/23/2023 13:42 charon 54655 13[ENC] generating INFORMATIONAL request 3 [ ] 1/23/2023 13:42 charon 54655 13[NET] sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (80 bytes) 1/23/2023 13:42 charon 54655 13[NET] received packet: from 168.*.*.*[500] to 96.*.*.*[500] (80 bytes) 1/23/2023 13:42 charon 54655 13[ENC] parsed INFORMATIONAL response 3 [ ] 1/23/2023 13:42 charon 54655 13[IKE] activating new tasks 1/23/2023 13:42 charon 54655 13[IKE] nothing to initiate 1/23/2023 13:42 charon 54655 13[NET] received packet: from 168.*.*.*[500] to 96.*.*.*[500] (80 bytes) 1/23/2023 13:42 charon 54655 13[ENC] parsed INFORMATIONAL request 5 [ ] 1/23/2023 13:42 charon 54655 13[ENC] generating INFORMATIONAL response 5 [ ] 1/23/2023 13:42 charon 54655 13[NET] sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (80 bytes) ________________________________________________________ VPN Not working - OnPrem NAT and only Azure EgressNAT configured. Logs are similar when IngressNAT only and both E and I-NAT configured. an 23 14:01:09 charon 54655 12[NET] <3441> received packet: from 168.*.*.*[500] to 96.*.*.*[500] (536 bytes) Jan 23 14:01:09 charon 54655 12[ENC] <3441> parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ] Jan 23 14:01:09 charon 54655 12[CFG] <3441> looking for an IKEv2 config for 96.*.*.*...168.*.*.* Jan 23 14:01:09 charon 54655 12[CFG] <3441> candidate: 96.*.*.*...168.*.*.*, prio 3100 Jan 23 14:01:09 charon 54655 12[CFG] <3441> found matching ike config: 96.*.*.*...168.*.*.* with prio 3100 Jan 23 14:01:09 charon 54655 12[IKE] <3441> local endpoint changed from 0.0.0.0[500] to 96.*.*.*[500] Jan 23 14:01:09 charon 54655 12[IKE] <3441> remote endpoint changed from 0.0.0.0 to 168.*.*.*[500] Jan 23 14:01:09 charon 54655 12[IKE] <3441> received MS NT5 ISAKMPOAKLEY v9 vendor ID Jan 23 14:01:09 charon 54655 12[IKE] <3441> received MS-Negotiation Discovery Capable vendor ID Jan 23 14:01:09 charon 54655 12[IKE] <3441> received Vid-Initial-Contact vendor ID Jan 23 14:01:09 charon 54655 12[ENC] <3441> received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02 Jan 23 14:01:09 charon 54655 12[IKE] <3441> 168.*.*.* is initiating an IKE_SA Jan 23 14:01:09 charon 54655 12[IKE] <3441> IKE_SA (unnamed)[3441] state change: CREATED => CONNECTING Jan 23 14:01:09 charon 54655 12[CFG] <3441> selecting proposal: Jan 23 14:01:09 charon 54655 12[CFG] <3441> proposal matches Jan 23 14:01:09 charon 54655 12[CFG] <3441> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 Jan 23 14:01:09 charon 54655 12[CFG] <3441> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 Jan 23 14:01:09 charon 54655 12[CFG] <3441> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 Jan 23 14:01:09 charon 54655 12[ENC] <3441> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(CHDLESS_SUP) N(MULT_AUTH) ] Jan 23 14:01:09 charon 54655 12[NET] <3441> sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (448 bytes) Jan 23 14:01:09 charon 54655 12[NET] <3441> received packet: from 168.*.*.*[500] to 96.*.*.*[500] (224 bytes) Jan 23 14:01:09 charon 54655 12[ENC] <3441> parsed IKE_AUTH request 1 [ IDi AUTH SA TSi TSr ] Jan 23 14:01:09 charon 54655 12[CFG] <3441> looking for peer configs matching 96.*.*.*[%any]...168.*.*.*[168.*.*.*] Jan 23 14:01:09 charon 54655 12[CFG] <3441> candidate "con1", match: 1/20/3100 (me/other/ike) Jan 23 14:01:09 charon 54655 12[CFG] selected peer config 'con1' Jan 23 14:01:09 charon 54655 12[IKE] authentication of '168.*.*.*' with pre-shared key successful Jan 23 14:01:09 charon 54655 12[IKE] authentication of '96.*.*.*' (myself) with pre-shared key Jan 23 14:01:09 charon 54655 12[IKE] successfully created shared key MAC Jan 23 14:01:09 charon 54655 12[IKE] IKE_SA con1[3441] established between 96.*.*.*[96.*.*.*]...168.*.*.*[168.*.*.*] Jan 23 14:01:09 charon 54655 12[IKE] IKE_SA con1[3441] state change: CONNECTING => ESTABLISHED Jan 23 14:01:09 charon 54655 12[IKE] scheduling rekeying in 25346s Jan 23 14:01:09 charon 54655 12[IKE] maximum IKE_SA lifetime 28226s Jan 23 14:01:09 charon 54655 12[CFG] looking for a child config for 0.0.0.0/0|/0 === 0.0.0.0/0|/0 Jan 23 14:01:09 charon 54655 12[CFG] proposing traffic selectors for us: Jan 23 14:01:09 charon 54655 12[CFG] 110.0.0.0/24|10.0.0.0/24 Jan 23 14:01:09 charon 54655 12[CFG] proposing traffic selectors for other: Jan 23 14:01:09 charon 54655 12[CFG] 100.64.0.0/16|/0 Jan 23 14:01:09 charon 54655 12[CFG] candidate "con1" with prio 1+1 Jan 23 14:01:09 charon 54655 12[CFG] found matching child config "con1" with prio 2 Jan 23 14:01:09 charon 54655 12[CFG] selecting proposal: Jan 23 14:01:09 charon 54655 12[CFG] proposal matches Jan 23 14:01:09 charon 54655 12[CFG] received proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ Jan 23 14:01:09 charon 54655 12[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/MODP_2048/NO_EXT_SEQ Jan 23 14:01:09 charon 54655 12[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ Jan 23 14:01:09 charon 54655 12[CFG] selecting traffic selectors for us: Jan 23 14:01:09 charon 54655 12[CFG] config: 110.0.0.0/24|10.0.0.0/24, received: 0.0.0.0/0|/0 => match: 110.0.0.0/24|10.0.0.0/24 Jan 23 14:01:09 charon 54655 12[CFG] selecting traffic selectors for other: Jan 23 14:01:09 charon 54655 12[CFG] config: 100.64.0.0/16|/0, received: 0.0.0.0/0|/0 => match: 100.64.0.0/16|/0 Jan 23 14:01:09 charon 54655 12[CHD] CHILD_SA con1{3432} state change: CREATED => INSTALLING Jan 23 14:01:09 charon 54655 12[CHD] using AES_CBC for encryption Jan 23 14:01:09 charon 54655 12[CHD] using HMAC_SHA2_256_128 for integrity Jan 23 14:01:09 charon 54655 12[CHD] adding inbound ESP SA Jan 23 14:01:09 charon 54655 12[CHD] SPI 0xcbd9a33b, src 168.*.*.* dst 96.*.*.* Jan 23 14:01:09 charon 54655 12[CHD] adding outbound ESP SA Jan 23 14:01:09 charon 54655 12[CHD] SPI 0x15867afe, src 96.*.*.* dst 168.*.*.* Jan 23 14:01:09 charon 54655 12[IKE] CHILD_SA con1{3432} established with SPIs cbd9a33b_i 15867afe_o and TS 110.0.0.0/24|10.0.0.0/24 === 100.64.0.0/16|/0 Jan 23 14:01:09 charon 54655 12[CHD] CHILD_SA con1{3432} state change: INSTALLING => INSTALLED Jan 23 14:01:09 charon 54655 12[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(ESP_TFC_PAD_N) SA TSi TSr ] Jan 23 14:01:09 charon 54655 12[NET] sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (224 bytes) Jan 23 14:01:09 charon 54655 12[NET] received packet: from 168.*.*.*[500] to 96.*.*.*[500] (80 bytes) Jan 23 14:01:09 charon 54655 12[ENC] parsed INFORMATIONAL request 2 [ D ] Jan 23 14:01:09 charon 54655 12[IKE] received DELETE for IKE_SA con1[3441] Jan 23 14:01:09 charon 54655 12[IKE] deleting IKE_SA con1[3441] between 96.*.*.*[96.*.*.*]...168.*.*.*[168.*.*.*] Jan 23 14:01:09 charon 54655 12[IKE] IKE_SA con1[3441] state change: ESTABLISHED => DELETING Jan 23 14:01:09 charon 54655 12[IKE] IKE_SA deleted Jan 23 14:01:09 charon 54655 12[ENC] generating INFORMATIONAL response 2 [ ] Jan 23 14:01:09 charon 54655 12[NET] sending packet: from 96.*.*.*[500] to 168.*.*.*[500] (80 bytes) Jan 23 14:01:09 charon 54655 12[IKE] IKE_SA con1[3441] state change: DELETING => DESTROYING Jan 23 14:01:09 charon 54655 12[CHD] CHILD_SA con1{3432} state change: INSTALLED => DESTROYING Jan 23 14:01:13 charon 54655 06[CFG] vici client 8826 connected Jan 23 14:01:13 charon 54655 06[CFG] vici client 8826 registered for: list-sa Jan 23 14:01:13 charon 54655 12[CFG] vici client 8826 requests: list-sas Jan 23 14:01:13 charon 54655 06[CFG] vici client 8826 disconnected