This widget could not be displayed.
This widget could not be displayed.
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IPSec VPN log activity and DDNS disconnect

KG49
Star III

‎12-01-2024 04:20 AM

Hi,

Two things happening. From time to time my DDNS connection stops working. When I view IPSec VPN details there is a prompt to connect or activate DDNS, even though it had previously been active.

Next, the IPSec VPN system log has a lot of activity that's not me. I've asked ASUS for help with this before, no response. Thanks in advance if anyone can decipher this log activity.

Private items replaced with xxxxx. I don't know why the date DEC31 is showing up. The subsequent entries are DEC01 (today) when I was attempting access.

Dec 31 19:00:33 00[DMN] Starting IKE charon daemon (strongSwan 5.9.13, Linux 4.19.183, aarch64)
Dec 31 19:00:33 00[KNL] received netlink error: Operation not supported (95)
Dec 31 19:00:33 00[KNL] failed to create XFRM interface 'xfrmi-test-9175'
Dec 31 19:00:33 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported (95)
Dec 31 19:00:33 00[NET] installing IKE bypass policy failed
Dec 31 19:00:33 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported (95)
Dec 31 19:00:33 00[NET] installing IKE bypass policy failed
Dec 31 19:00:33 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported (95)
Dec 31 19:00:33 00[NET] installing IKE bypass policy failed
Dec 31 19:00:33 00[KNL] unable to set IPSEC_POLICY on socket: Operation not supported (95)
Dec 31 19:00:33 00[NET] installing IKE bypass policy failed
Dec 31 19:00:33 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Dec 31 19:00:33 00[CFG] loaded ca certificate "C=TW, O=ASUS, CN=ASUS RT-AX86U Root CA" from '/etc/ipsec.d/cacerts/asusCert.pem'
Dec 31 19:00:33 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Dec 31 19:00:33 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Dec 31 19:00:33 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Dec 31 19:00:33 00[CFG] loading crls from '/etc/ipsec.d/crls'
Dec 31 19:00:33 00[CFG] loading secrets from '/etc/ipsec.secrets'
Dec 31 19:00:33 00[CFG] loaded IKE secret for %any
Dec 31 19:00:33 00[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:33 00[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:33 00[CFG] loaded RSA private key from '/etc/ipsec.d/private/svrKey.pem'
Dec 31 19:00:33 00[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:33 00[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:33 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md4 md5 random nonce x509 revocation constraints acert pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl pkcs8 fips-prf curve25519 agent xcbc cmac hmac kdf gcm drbg attr kernel-netlink socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-tls eap-peap xauth-generic counters
Dec 31 19:00:33 00[JOB] spawning 8 worker threads
Dec 31 19:00:33 05[CFG] received stroke: add connection 'Host-to-Net'
Dec 31 19:00:33 05[CFG] left nor right host is our side, assuming left=local
Dec 31 19:00:33 05[CFG] adding virtual IP address pool 10.10.10.0/24
Dec 31 19:00:33 05[CFG] added configuration 'Host-to-Net'
Dec 31 19:00:33 01[CFG] received stroke: add connection 'Host-to-Netv2'
Dec 31 19:00:33 01[CFG] left nor right host is our side, assuming left=local
Dec 31 19:00:33 01[CFG] reusing virtual IP address pool 10.10.10.0/24
Dec 31 19:00:33 01[CFG] loaded certificate "C=TW, O=ASUS, CN=xxxxxxxxxxx.asuscomm.com" from 'svrCert.pem'
Dec 31 19:00:33 01[CFG] added configuration 'Host-to-Netv2'
Dec 31 19:00:40 05[CFG] rereading secrets
Dec 31 19:00:40 05[CFG] loading secrets from '/etc/ipsec.secrets'
Dec 31 19:00:40 05[CFG] loaded IKE secret for %any
Dec 31 19:00:40 05[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:40 05[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:40 05[CFG] loaded RSA private key from '/etc/ipsec.d/private/svrKey.pem'
Dec 31 19:00:40 05[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:40 05[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:40 05[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts'
Dec 31 19:00:40 05[CFG] loaded ca certificate "C=TW, O=ASUS, CN=ASUS RT-AX86U Root CA" from '/etc/ipsec.d/cacerts/asusCert.pem'
Dec 31 19:00:40 05[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts'
Dec 31 19:00:40 05[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Dec 31 19:00:40 05[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts'
Dec 31 19:00:40 05[CFG] rereading crls from '/etc/ipsec.d/crls'
Dec 31 19:00:41 05[CFG] received stroke: delete connection 'Host-to-Net'
Dec 31 19:00:41 05[CFG] deleted connection 'Host-to-Net'
Dec 31 19:00:41 07[CFG] received stroke: delete connection 'Host-to-Netv2'
Dec 31 19:00:41 07[CFG] deleted connection 'Host-to-Netv2'
Dec 31 19:00:41 05[CFG] received stroke: add connection 'Host-to-Net'
Dec 31 19:00:41 05[CFG] left nor right host is our side, assuming left=local
Dec 31 19:00:41 05[CFG] reusing virtual IP address pool 10.10.10.0/24
Dec 31 19:00:41 05[CFG] added configuration 'Host-to-Net'
Dec 31 19:00:41 01[CFG] received stroke: add connection 'Host-to-Netv2'
Dec 31 19:00:41 01[CFG] left nor right host is our side, assuming left=local
Dec 31 19:00:41 01[CFG] reusing virtual IP address pool 10.10.10.0/24
Dec 31 19:00:41 01[CFG] loaded certificate "C=TW, O=ASUS, CN=xxxxxxxxxxx.asuscomm.com" from 'svrCert.pem'
Dec 31 19:00:41 01[CFG] added configuration 'Host-to-Netv2'
Dec 31 19:00:46 01[KNL] interface eth0 activated
Dec 31 19:00:51 07[KNL] 100.2.248.82 appeared on eth0
Dec 31 19:00:51 05[KNL] 100.2.248.82 disappeared from eth0
Dec 31 19:00:51 06[KNL] 100.2.248.82 appeared on eth0
Dec 31 19:00:54 06[CFG] rereading secrets
Dec 31 19:00:54 06[CFG] loading secrets from '/etc/ipsec.secrets'
Dec 31 19:00:54 06[CFG] loaded IKE secret for %any
Dec 31 19:00:54 06[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:54 06[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:54 06[CFG] loaded RSA private key from '/etc/ipsec.d/private/svrKey.pem'
Dec 31 19:00:54 06[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:54 06[CFG] loaded EAP secret for xxxxxxxxxxx
Dec 31 19:00:54 06[CFG] rereading ca certificates from '/etc/ipsec.d/cacerts'
Dec 31 19:00:54 06[CFG] loaded ca certificate "C=TW, O=ASUS, CN=ASUS RT-AX86U Root CA" from '/etc/ipsec.d/cacerts/asusCert.pem'
Dec 31 19:00:54 06[CFG] rereading aa certificates from '/etc/ipsec.d/aacerts'
Dec 31 19:00:54 06[CFG] rereading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Dec 31 19:00:54 06[CFG] rereading attribute certificates from '/etc/ipsec.d/acerts'
Dec 31 19:00:54 06[CFG] rereading crls from '/etc/ipsec.d/crls'
Dec 31 19:00:55 01[CFG] received stroke: delete connection 'Host-to-Net'
Dec 31 19:00:55 01[CFG] deleted connection 'Host-to-Net'
Dec 31 19:00:55 07[CFG] received stroke: delete connection 'Host-to-Netv2'
Dec 31 19:00:55 07[CFG] deleted connection 'Host-to-Netv2'
Dec 31 19:00:55 01[CFG] received stroke: add connection 'Host-to-Net'
Dec 31 19:00:55 01[CFG] reusing virtual IP address pool 10.10.10.0/24
Dec 31 19:00:55 01[CFG] added configuration 'Host-to-Net'
Dec 31 19:00:55 07[CFG] received stroke: add connection 'Host-to-Netv2'
Dec 31 19:00:55 07[CFG] reusing virtual IP address pool 10.10.10.0/24
Dec 31 19:00:55 07[CFG] loaded certificate "C=TW, O=ASUS, CN=xxxxxxxxxxx.asuscomm.com" from 'svrCert.pem'
Dec 31 19:00:55 07[CFG] added configuration 'Host-to-Netv2'

0 Kudos
3 REPLIES 3

jzchen
Zen Master I

a month ago

I'm no expert, but looks like some kind of malware has entered your router...

KG49
Star III

a month ago

Thank you. I’ll try to get input from ASUS and post it here. 

0 Kudos

Aureliannn_ASUS
Moderator
Moderator
In response to KG49

a week ago

Hi @KG49 ,

Thank you for contacting us. 

To better assist you with the issue you're experiencing, we would like to ask you to confirm the following:

  1. Router model and firmware version: Are you currently using an RT-AX86U router? Please provide the current firmware version of your router.
  2. Hard reset: We recommend that you try performing a hard reset to restore the router to its factory settings. For detailed hard reset steps, please refer to our FAQ:[Wireless Router] When Standard Reset Isn’t Working: Hard Factory Reset - Models list | Official Sup...
  3. Reconfigure the router: After the hard reset, please be sure to reconfigure your router and set a strong password. We recommend setting a password that is at least 10 characters long and includes uppercase and lowercase letters, numbers, and special characters. For example: Password123!. [Wireless] How to make my router more secure? | Official Support | ASUS Global
  4. Problem report: If the problem persists after completing the above steps, please log in to your router's management interface, go to "System Management" > "Problem Report", and send us the system log.

Provide relevant information: To help us troubleshoot the issue more quickly, please provide the following information:

  • Product serial number
  • Problem report submission time
  • Email address used to submit the problem report
  • Time when the problem occurred
  • Device MAC address
  • Your current network architecture diagram (if available)

Providing this information will help us identify the root cause of the problem more quickly. Thank you.

0 Kudos
Youtube support channel