peacey
commented
1 year ago Hey @x0zerocool0x,
Can you try to add id = pointtoserver.com to the remote-0 section in your purevpn.conf file?
Closed x0zerocool0x closed 1 year ago
peacey
commented
1 year ago Hey @x0zerocool0x,
Can you try to add id = pointtoserver.com to the remote-0 section in your purevpn.conf file?
x0zerocool0x
commented
1 year ago Hi @peacey, I did find that in another post and tried it. It did not work. Any suggestions or files you would like to see? Im in a real bind, my wife cant work while this is down.
x0zerocool0x
commented
1 year ago Heres their new certs: Ded UDP.txt Ded TCP.txt
The new server is: us-dux-5.pointtoserver.com
Heres more logs:
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
Starting strongSwan 5.9.6 IPsec [starter]...
Jan 30 07:37:55 00[DMN] Starting IKE charon daemon (strongSwan 5.9.6, Linux 4.19.152-al-linux-v10.2.0-v1.12.33.4328-5979f88, aarch64)
Jan 30 07:37:55 00[CFG] PKCS11 module '<name>' lacks library path
Jan 30 07:37:55 00[LIB] providers loaded by OpenSSL: legacy default
Jan 30 07:37:55 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jan 30 07:37:55 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jan 30 07:37:55 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jan 30 07:37:55 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jan 30 07:37:55 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jan 30 07:37:55 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jan 30 07:37:55 00[CFG] loaded 0 RADIUS server configurations
Jan 30 07:37:55 00[CFG] HA config misses local/remote address
Jan 30 07:37:55 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 tpm aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 fips-prf gmp curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm drbg curl attr kernel-netlink socket-default connmark farp stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters
Jan 30 07:37:55 00[LIB] dropped capabilities, running as uid 0, gid 0
Jan 30 07:37:55 00[JOB] spawning 16 worker threads
Jan 30 07:37:55 00[DMN] executing start script 'load-all' (swanctl --load-all)
charon (19) started after 60 ms
Jan 30 07:37:55 01[CFG] loaded EAP shared key with id 'eap-purevpn#########' for: 'purevpn#########'
Jan 30 07:37:55 00[DMN] load-all: loaded eap secret 'eap-purevpn#########'
Jan 30 07:37:55 00[DMN] load-all: no authorities found, 0 unloaded
Jan 30 07:37:55 00[DMN] load-all: no pools found, 0 unloaded
Jan 30 07:37:55 07[CFG] added vici connection: purevpn
Jan 30 07:37:55 07[CFG] initiating 'purevpn'
Jan 30 07:37:55 07[IKE] <purevpn|1> initiating IKE_SA purevpn[1] to 45.83.149.100
Jan 30 07:37:55 07[ENC] <purevpn|1> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jan 30 07:37:55 07[NET] <purevpn|1> sending packet: from MYIP[501] to 45.83.149.100[500] (332 bytes)
Jan 30 07:37:55 00[DMN] load-all: loaded connection 'purevpn'
Jan 30 07:37:55 00[DMN] load-all: successfully loaded 1 connections, 0 unloaded
Jan 30 07:37:55 15[NET] <purevpn|1> received packet: from 45.83.149.100[500] to MYIP[501] (332 bytes)
Jan 30 07:37:55 15[ENC] <purevpn|1> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Jan 30 07:37:55 15[CFG] <purevpn|1> selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jan 30 07:37:55 15[IKE] <purevpn|1> local host is behind NAT, sending keep alives
Jan 30 07:37:55 15[IKE] <purevpn|1> remote host is behind NAT
Jan 30 07:37:55 15[IKE] <purevpn|1> establishing CHILD_SA purevpn{1}
Jan 30 07:37:55 15[ENC] <purevpn|1> generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Jan 30 07:37:55 15[NET] <purevpn|1> sending packet: from MYIP[4501] to 45.83.149.100[4500] (356 bytes)
Jan 30 07:37:55 06[NET] <purevpn|1> received packet: from 45.83.149.100[4500] to MYIP[4501] (1248 bytes)
Jan 30 07:37:55 06[ENC] <purevpn|1> parsed IKE_AUTH response 1 [ EF(1/4) ]
Jan 30 07:37:55 06[ENC] <purevpn|1> received fragment #1 of 4, waiting for complete IKE message
Jan 30 07:37:55 01[NET] <purevpn|1> received packet: from 45.83.149.100[4500] to MYIP[4501] (1248 bytes)
Jan 30 07:37:55 01[ENC] <purevpn|1> parsed IKE_AUTH response 1 [ EF(2/4) ]
Jan 30 07:37:55 01[ENC] <purevpn|1> received fragment #2 of 4, waiting for complete IKE message
Jan 30 07:37:55 05[NET] <purevpn|1> received packet: from 45.83.149.100[4500] to MYIP[4501] (1248 bytes)
Jan 30 07:37:55 05[ENC] <purevpn|1> parsed IKE_AUTH response 1 [ EF(3/4) ]
Jan 30 07:37:55 05[ENC] <purevpn|1> received fragment #3 of 4, waiting for complete IKE message
Jan 30 07:37:55 06[NET] <purevpn|1> received packet: from 45.83.149.100[4500] to MYIP[4501] (680 bytes)
Jan 30 07:37:55 06[ENC] <purevpn|1> parsed IKE_AUTH response 1 [ EF(4/4) ]
Jan 30 07:37:55 06[ENC] <purevpn|1> received fragment #4 of 4, reassembled fragmented IKE message (4252 bytes)
Jan 30 07:37:55 06[ENC] <purevpn|1> parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
Jan 30 07:37:55 06[IKE] <purevpn|1> received end entity cert "CN=*.pointtoserver.com"
Jan 30 07:37:55 06[IKE] <purevpn|1> received issuer cert "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:37:55 06[CFG] <purevpn|1> using certificate "CN=*.pointtoserver.com"
Jan 30 07:37:55 06[CFG] <purevpn|1> using untrusted intermediate certificate "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:37:55 06[CFG] <purevpn|1> checking certificate status of "CN=*.pointtoserver.com"
Jan 30 07:37:55 06[CFG] <purevpn|1> requesting ocsp status from 'http://ocsp.sectigo.com' ...
Jan 30 07:37:56 06[CFG] <purevpn|1> ocsp response correctly signed by "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:37:56 06[CFG] <purevpn|1> ocsp response is valid: until Feb 05 04:22:27 2023
Jan 30 07:37:56 06[CFG] <purevpn|1> certificate status is good
Jan 30 07:37:56 06[CFG] <purevpn|1> no issuer certificate found for "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:37:56 06[CFG] <purevpn|1> issuer is "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
Jan 30 07:37:56 06[IKE] <purevpn|1> no trusted RSA public key found for 'pointtoserver.com'
Jan 30 07:37:56 06[ENC] <purevpn|1> generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
Jan 30 07:37:56 06[NET] <purevpn|1> sending packet: from MYIP[4501] to 45.83.149.100[4500] (68 bytes)
# podman logs strongswan-vti256
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
Starting strongSwan 5.9.6 IPsec [starter]...
Jan 30 07:37:55 00[DMN] Starting IKE charon daemon (strongSwan 5.9.6, Linux 4.19.152-al-linux-v10.2.0-v1.12.33.4328-5979f88, aarch64)
Jan 30 07:37:55 00[CFG] PKCS11 module '<name>' lacks library path
Jan 30 07:37:55 00[LIB] providers loaded by OpenSSL: legacy default
Jan 30 07:37:55 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Jan 30 07:37:55 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Jan 30 07:37:55 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Jan 30 07:37:55 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Jan 30 07:37:55 00[CFG] loading crls from '/etc/ipsec.d/crls'
Jan 30 07:37:55 00[CFG] loading secrets from '/etc/ipsec.secrets'
Jan 30 07:37:55 00[CFG] loaded 0 RADIUS server configurations
Jan 30 07:37:55 00[CFG] HA config misses local/remote address
Jan 30 07:37:55 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 tpm aes rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 fips-prf gmp curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm drbg curl attr kernel-netlink socket-default connmark farp stroke vici updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters
Jan 30 07:37:55 00[LIB] dropped capabilities, running as uid 0, gid 0
Jan 30 07:37:55 00[JOB] spawning 16 worker threads
Jan 30 07:37:55 00[DMN] executing start script 'load-all' (swanctl --load-all)
charon (19) started after 60 ms
Jan 30 07:37:55 01[CFG] loaded EAP shared key with id 'eap-purevpn#########' for: 'purevpn#########'
Jan 30 07:37:55 00[DMN] load-all: loaded eap secret 'eap-purevpn#########'
Jan 30 07:37:55 00[DMN] load-all: no authorities found, 0 unloaded
Jan 30 07:37:55 00[DMN] load-all: no pools found, 0 unloaded
Jan 30 07:37:55 07[CFG] added vici connection: purevpn
Jan 30 07:37:55 07[CFG] initiating 'purevpn'
Jan 30 07:37:55 07[IKE] <purevpn|1> initiating IKE_SA purevpn[1] to 45.83.149.100
Jan 30 07:37:55 07[ENC] <purevpn|1> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jan 30 07:37:55 07[NET] <purevpn|1> sending packet: from MYIP[501] to 45.83.149.100[500] (332 bytes)
Jan 30 07:37:55 00[DMN] load-all: loaded connection 'purevpn'
Jan 30 07:37:55 00[DMN] load-all: successfully loaded 1 connections, 0 unloaded
Jan 30 07:37:55 15[NET] <purevpn|1> received packet: from 45.83.149.100[500] to MYIP[501] (332 bytes)
Jan 30 07:37:55 15[ENC] <purevpn|1> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Jan 30 07:37:55 15[CFG] <purevpn|1> selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jan 30 07:37:55 15[IKE] <purevpn|1> local host is behind NAT, sending keep alives
Jan 30 07:37:55 15[IKE] <purevpn|1> remote host is behind NAT
Jan 30 07:37:55 15[IKE] <purevpn|1> establishing CHILD_SA purevpn{1}
Jan 30 07:37:55 15[ENC] <purevpn|1> generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Jan 30 07:37:55 15[NET] <purevpn|1> sending packet: from MYIP[4501] to 45.83.149.100[4500] (356 bytes)
Jan 30 07:37:55 06[NET] <purevpn|1> received packet: from 45.83.149.100[4500] to MYIP[4501] (1248 bytes)
Jan 30 07:37:55 06[ENC] <purevpn|1> parsed IKE_AUTH response 1 [ EF(1/4) ]
Jan 30 07:37:55 06[ENC] <purevpn|1> received fragment #1 of 4, waiting for complete IKE message
Jan 30 07:37:55 01[NET] <purevpn|1> received packet: from 45.83.149.100[4500] to MYIP[4501] (1248 bytes)
Jan 30 07:37:55 01[ENC] <purevpn|1> parsed IKE_AUTH response 1 [ EF(2/4) ]
Jan 30 07:37:55 01[ENC] <purevpn|1> received fragment #2 of 4, waiting for complete IKE message
Jan 30 07:37:55 05[NET] <purevpn|1> received packet: from 45.83.149.100[4500] to MYIP[4501] (1248 bytes)
Jan 30 07:37:55 05[ENC] <purevpn|1> parsed IKE_AUTH response 1 [ EF(3/4) ]
Jan 30 07:37:55 05[ENC] <purevpn|1> received fragment #3 of 4, waiting for complete IKE message
Jan 30 07:37:55 06[NET] <purevpn|1> received packet: from 45.83.149.100[4500] to MYIP[4501] (680 bytes)
Jan 30 07:37:55 06[ENC] <purevpn|1> parsed IKE_AUTH response 1 [ EF(4/4) ]
Jan 30 07:37:55 06[ENC] <purevpn|1> received fragment #4 of 4, reassembled fragmented IKE message (4252 bytes)
Jan 30 07:37:55 06[ENC] <purevpn|1> parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
Jan 30 07:37:55 06[IKE] <purevpn|1> received end entity cert "CN=*.pointtoserver.com"
Jan 30 07:37:55 06[IKE] <purevpn|1> received issuer cert "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:37:55 06[CFG] <purevpn|1> using certificate "CN=*.pointtoserver.com"
Jan 30 07:37:55 06[CFG] <purevpn|1> using untrusted intermediate certificate "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:37:55 06[CFG] <purevpn|1> checking certificate status of "CN=*.pointtoserver.com"
Jan 30 07:37:55 06[CFG] <purevpn|1> requesting ocsp status from 'http://ocsp.sectigo.com' ...
Jan 30 07:37:56 06[CFG] <purevpn|1> ocsp response correctly signed by "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:37:56 06[CFG] <purevpn|1> ocsp response is valid: until Feb 05 04:22:27 2023
Jan 30 07:37:56 06[CFG] <purevpn|1> certificate status is good
Jan 30 07:37:56 06[CFG] <purevpn|1> no issuer certificate found for "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:37:56 06[CFG] <purevpn|1> issuer is "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
Jan 30 07:37:56 06[IKE] <purevpn|1> no trusted RSA public key found for 'pointtoserver.com'
Jan 30 07:37:56 06[ENC] <purevpn|1> generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
Jan 30 07:37:56 06[NET] <purevpn|1> sending packet: from MYIP[4501] to 45.83.149.100[4500] (68 bytes)
Jan 30 07:38:00 11[CFG] received stroke: terminate 'purevpn'
Jan 30 07:38:00 11[CFG] no IKE_SA named 'purevpn' found
Jan 30 07:38:00 15[CFG] received stroke: initiate 'purevpn'
Jan 30 07:38:00 01[IKE] <purevpn|2> initiating IKE_SA purevpn[2] to 45.83.149.100
Jan 30 07:38:00 01[ENC] <purevpn|2> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Jan 30 07:38:00 01[NET] <purevpn|2> sending packet: from MYIP[501] to 45.83.149.100[500] (332 bytes)
Jan 30 07:38:00 06[NET] <purevpn|2> received packet: from 45.83.149.100[500] to MYIP[501] (332 bytes)
Jan 30 07:38:00 06[ENC] <purevpn|2> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Jan 30 07:38:00 06[CFG] <purevpn|2> selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jan 30 07:38:00 06[IKE] <purevpn|2> local host is behind NAT, sending keep alives
Jan 30 07:38:00 06[IKE] <purevpn|2> remote host is behind NAT
Jan 30 07:38:00 06[IKE] <purevpn|2> establishing CHILD_SA purevpn{2}
Jan 30 07:38:00 06[ENC] <purevpn|2> generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr CPRQ(ADDR) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Jan 30 07:38:00 06[NET] <purevpn|2> sending packet: from MYIP[4501] to 45.83.149.100[4500] (356 bytes)
Jan 30 07:38:00 10[NET] <purevpn|2> received packet: from 45.83.149.100[4500] to MYIP[4501] (1248 bytes)
Jan 30 07:38:00 10[ENC] <purevpn|2> parsed IKE_AUTH response 1 [ EF(1/4) ]
Jan 30 07:38:00 10[ENC] <purevpn|2> received fragment #1 of 4, waiting for complete IKE message
Jan 30 07:38:00 09[NET] <purevpn|2> received packet: from 45.83.149.100[4500] to MYIP[4501] (1248 bytes)
Jan 30 07:38:00 09[ENC] <purevpn|2> parsed IKE_AUTH response 1 [ EF(2/4) ]
Jan 30 07:38:00 09[ENC] <purevpn|2> received fragment #2 of 4, waiting for complete IKE message
Jan 30 07:38:00 10[NET] <purevpn|2> received packet: from 45.83.149.100[4500] to MYIP[4501] (1248 bytes)
Jan 30 07:38:00 10[ENC] <purevpn|2> parsed IKE_AUTH response 1 [ EF(3/4) ]
Jan 30 07:38:00 10[ENC] <purevpn|2> received fragment #3 of 4, waiting for complete IKE message
Jan 30 07:38:00 12[NET] <purevpn|2> received packet: from 45.83.149.100[4500] to MYIP[4501] (680 bytes)
Jan 30 07:38:00 12[ENC] <purevpn|2> parsed IKE_AUTH response 1 [ EF(4/4) ]
Jan 30 07:38:00 12[ENC] <purevpn|2> received fragment #4 of 4, reassembled fragmented IKE message (4252 bytes)
Jan 30 07:38:00 12[ENC] <purevpn|2> parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID ]
Jan 30 07:38:00 12[IKE] <purevpn|2> received end entity cert "CN=*.pointtoserver.com"
Jan 30 07:38:00 12[IKE] <purevpn|2> received issuer cert "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:38:00 12[CFG] <purevpn|2> using certificate "CN=*.pointtoserver.com"
Jan 30 07:38:00 12[CFG] <purevpn|2> using untrusted intermediate certificate "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:38:00 12[CFG] <purevpn|2> checking certificate status of "CN=*.pointtoserver.com"
Jan 30 07:38:00 12[CFG] <purevpn|2> ocsp response correctly signed by "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:38:00 12[CFG] <purevpn|2> ocsp response is valid: until Feb 05 04:22:27 2023
Jan 30 07:38:00 12[CFG] <purevpn|2> using cached ocsp response
Jan 30 07:38:00 12[CFG] <purevpn|2> certificate status is good
Jan 30 07:38:00 12[CFG] <purevpn|2> no issuer certificate found for "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:38:00 12[CFG] <purevpn|2> issuer is "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
Jan 30 07:38:00 12[IKE] <purevpn|2> no trusted RSA public key found for 'pointtoserver.com'
Jan 30 07:38:00 12[ENC] <purevpn|2> generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
Jan 30 07:38:00 12[NET] <purevpn|2> sending packet: from MYIP[4501] to 45.83.149.100[4500] (68 bytes)
# vim purevpn.conf
# vim purevpn.conf
# Jan 30 07:37:55 06[CFG] <purevpn|1> checking certificate status of "CN=*.pointtoserver.com"
-sh: can't open purevpn: no such file
Jan 30 07:37:55 06[CFG] <purevpn|1> requesting ocsp status from 'http://ocsp.sectigo.com' ...
Jan 30 07:37:56 06[CFG] <purevpn|1> ocsp response correctly signed by "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:37:56 06[CFG] <purevpn|1> ocsp response is valid: until Feb 05 04:22:27 2023
Jan 30 07:37:56 06[CFG] <purevpn|1> certificate status is good
Jan 30 07:37:56 06[CFG] <purevpn|1> no issuer certificate found for "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA"
Jan 30 07:37:56 06[CFG] <purevpn|1> issuer is "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
Jan 30 07:37:56 06[IKE] <purevpn|1> no trusted RSA public key found for 'pointtoserver.com'
Jan 30 07:37:56 06[ENC] <purevpn|1> generating INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
Jan 30 07:37:56 06[NET] <purevpn|1> sending packet: from MYIP[4501] to 45.83.149.100[4500] (68 bytes)
Jan 30 07:38:00 11[CFG] received stroke: terminate 'purevpn'
Jan 30 07:38:00 11[CFG] no IKE_SA named 'purevpn' found@x0zerocool0x, the certificates you linked to seem to be for OpenVPN and are also an OpenVPN configuration. Are they the same ones for IPSeC?
Can you show me your purevpn.conf and your run-vpn.sh?
I will try getting your server working on my end.
x0zerocool0x
commented
1 year ago Thank you! For IPSeC they dont give me a config file, just the URL which is: us2-ipsec.ptoserver.com
purevpn.conf:
connections {
purevpn {
remote_addrs = us-dux-5.pointtoserver.com
rekey_time = 4h
reauth_time = 0s
dpd_delay = 30s
local_addrs = %any
vips = 0.0.0.0
send_cert = never
send_certreq = no
proposals = 3des-sha1-modp1024
children {
purevpn {
start_action = start
dpd_action = start
close_action = start
esp_proposals = 3des-sha1
local_ts = dynamic
remote_ts = 0.0.0.0/0
mark_in = %unique
mark_out = %unique
updown = /etc/split-vpn/vpn/strongswan-updown.sh /etc/split-vpn/strongswan/purevpn/vpn.conf
}
}
local-0 {
auth = eap-mschapv2
id = @purevpn##########
eap_id = purevpn##########
}
remote-0 {
id = pointtoserver.com
auth = pubkey
cacerts = /etc/split-vpn/strongswan/purevpn/USERTrustRSACertificationAuthority.crt
}
}
}
pools {
}
authorities {
}
secrets {
eap-purevpn########## {
secret = "##########"
id-0=purevpn##########
}
}run-vpn.sh:
#!/bin/sh
#/etc/split-vpn/strongswan/purevpn/run-vpn.sh
cd "/etc/split-vpn/strongswan/purevpn"
. ./vpn.conf
podman rm -f strongswan-${DEV} &> /dev/null
#/etc/split-vpn/vpn/updown.sh ${DEV} pre-up
podman run -d --name strongswan-${DEV} --network host --privileged \
-v "./purevpn.conf:/etc/swanctl/conf.d/purevpn.conf" \
-v "${PWD}:${PWD}" \
-v "/etc/split-vpn/vpn:/etc/split-vpn/vpn" \
-e TZ="$(cat /etc/timezone)" \
-v "/etc/timezone:/etc/timezone" \
peacey/udm-strongswan
# Make sure VPN disconnects before reboot
initfile="/etc/init.d/S99999stopvpn"
if [ ! -f "$initfile" ]; then
echo "#!/bin/sh" > "$initfile"
chmod +x "$initfile"
fi
grep -q "strongswan-${DEV};" "$initfile"
if [ $? -ne 0 ]; then
echo 'if [ "$1" = "stop" ]; then podman rm -f strongswan-'"${DEV}"'; fi' >> "$initfile"
fiSo I just used your exact same config (with the id = pointtoserver.com) with the old certificate from this repository and it's working fine with your server on my end. You're saying even after adding that id, it's still failing? Make sure you didn't change the USERTrustRSACertificationAuthority.crt certificate. Did you modify it?
Can you try this running this:
cd "/etc/split-vpn/strongswan/purevpn"
curl -Lo USERTrustRSACertificationAuthority.crt https://raw.githubusercontent.com/peacey/split-vpn/main/examples/strongswan/purevpn/USERTrustRSACertificationAuthority.crt
podman rm -f strongswan-vti256
./run-vpn.shThen run podman logs strongswan-vti256 and show me the output. Thanks!
x0zerocool0x
commented
1 year ago Oh my word, I dont know what I did to break it but it is working now! Thank you so much! Please send me your venmo or a way to pay you.
I received a new dedicated IP from PureVPN. They changed their IPs and certificates for those. I updated the certificate but I am still getting the following error: Jan 29 22:27:21 12[ENC] <purevpn|4> received fragment #2 of 4, reassembled fragmented IKE message (4244 bytes) Jan 29 22:27:21 12[ENC] <purevpn|4> parsed IKE_AUTH response 1 [ IDr CERT CERT AUTH EAP/REQ/ID N(AUTH_FOLLOWS) ] Jan 29 22:27:21 12[IKE] <purevpn|4> received end entity cert "CN=*.pointtoserver.com" Jan 29 22:27:21 12[IKE] <purevpn|4> received issuer cert "C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limi ted, CN=Sectigo RSA Domain Validation Secure Server CA" Jan 29 22:27:21 12[IKE] <purevpn|4> no trusted RSA public key found for '45.83.149.100'
Please help!