I've seen this question asked multiple times but we can't figure out what the issue is other than a problem with his physical laptop which doesn't make sense.
Things to note:
Their credentials work on my machine (so its not an authentication issue right)
My credentials don't work on their machine.
They can log into vpn.[Ourdomain].com
Their home wifi, phone hotspot, and our office LAN all produced same error.
They have an email in AD profile and belong to correct groups - I triple checked everything else to other users profiles.
Here is the log:
2024-07-17 01:39:29PM 00[DMN] Starting IKE service charon-svc (strongSwan 5.9.5, Windows Client 6.2.9200 (SP 0.0)
2024-07-17 01:39:29PM 00[LIB] TAP-Windows driver version 1.0 available.
2024-07-17 01:39:31PM 00[LIB] opened TUN device: {46DFBDC2-ECAF-425C-9933-241C5F11F75B}
2024-07-17 01:39:31PM 00[LIB] loaded plugins: charon-svc nonce x509 pubkey pkcs1 pkcs7 pkcs8 pkcs12 pem openssl kernel-libipsec kernel-iph socket-win vici eap-identity eap-gtc eap-mschapv2 xauth-generic windows-dns
2024-07-17 01:39:31PM 00[JOB] spawning 16 worker threads
2024-07-17 01:39:32PM 17[KNL] interface 16 'Microsoft Wi-Fi Direct Virtual Adapter' appeared
2024-07-17 01:41:18PM 18[KNL] interface 4 'Microsoft Wi-Fi Direct Virtual Adapter #2' appeared
2024-07-17 01:41:26PM 08[CFG] loaded certificate 'C=US, ST=NY, L=New York, O=Sidoti & Company, OU=IT, CN=vpn.sidoti.com, E=it@sidoti.com'
2024-07-17 01:41:26PM 11[CFG] loaded RSA private key
2024-07-17 01:41:27PM 09[CFG] loaded EAP shared key with id 'SidotiGlobal-user-id' for: 'ajohnson'
2024-07-17 01:41:27PM 15[LIB] TAP-Windows driver version 1.0 available.
2024-07-17 01:41:27PM 17[KNL] interface 13 'Sophos TAP Adapter' changed state from Down to Up
2024-07-17 01:41:29PM 15[CFG] added vici connection: SidotiGlobal
2024-07-17 01:41:30PM 09[CFG] vici initiate CHILD_SA 'SidotiGlobal-tunnel-1'
2024-07-17 01:41:30PM 15[IKE] <SidotiGlobal|1> initiating Main Mode IKE_SA SidotiGlobal[1] to 67.227.64.66
2024-07-17 01:41:30PM 15[ENC] <SidotiGlobal|1> generating ID_PROT request 0 [ SA V V V V V ]
2024-07-17 01:41:30PM 15[NET] <SidotiGlobal|1> sending packet: from 10.0.52.3[55561] to 67.227.64.66[500] (180 bytes)
2024-07-17 01:41:30PM 12[NET] <SidotiGlobal|1> received packet: from 67.227.64.66[500] to 10.0.52.3[55561] (180 bytes)
2024-07-17 01:41:30PM 12[ENC] <SidotiGlobal|1> parsed ID_PROT response 0 [ SA V V V V V ]
2024-07-17 01:41:30PM 12[IKE] <SidotiGlobal|1> received XAuth vendor ID
2024-07-17 01:41:30PM 12[IKE] <SidotiGlobal|1> received DPD vendor ID
2024-07-17 01:41:30PM 12[IKE] <SidotiGlobal|1> received Cisco Unity vendor ID
2024-07-17 01:41:30PM 12[IKE] <SidotiGlobal|1> received FRAGMENTATION vendor ID
2024-07-17 01:41:30PM 12[IKE] <SidotiGlobal|1> received NAT-T (RFC 3947) vendor ID
2024-07-17 01:41:30PM 12[CFG] <SidotiGlobal|1> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
2024-07-17 01:41:30PM 12[ENC] <SidotiGlobal|1> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
2024-07-17 01:41:30PM 12[NET] <SidotiGlobal|1> sending packet: from 10.0.52.3[55561] to 67.227.64.66[500] (396 bytes)
2024-07-17 01:41:30PM 15[NET] <SidotiGlobal|1> received packet: from 67.227.64.66[500] to 10.0.52.3[55561] (396 bytes)
2024-07-17 01:41:30PM 15[ENC] <SidotiGlobal|1> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
2024-07-17 01:41:30PM 15[IKE] <SidotiGlobal|1> local host is behind NAT, sending keep alives
2024-07-17 01:41:30PM 15[IKE] <SidotiGlobal|1> sending cert request for "C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA_dnQDi4Dd8hXQufb, E=na@example.com"
2024-07-17 01:41:30PM 15[IKE] <SidotiGlobal|1> authentication of 'C=US, ST=NY, L=New York, O=Sidoti & Company, OU=IT, CN=vpn.sidoti.com, E=it@sidoti.com' (myself) successful
2024-07-17 01:41:30PM 15[ENC] <SidotiGlobal|1> generating ID_PROT request 0 [ ID SIG CERTREQ N(INITIAL_CONTACT) ]
2024-07-17 01:41:30PM 15[NET] <SidotiGlobal|1> sending packet: from 10.0.52.3[55562] to 67.227.64.66[4500] (620 bytes)
2024-07-17 01:41:30PM 14[NET] <SidotiGlobal|1> received packet: from 67.227.64.66[4500] to 10.0.52.3[55562] (108 bytes)
2024-07-17 01:41:30PM 14[ENC] <SidotiGlobal|1> parsed INFORMATIONAL_V1 request 3446086368 [ HASH N(AUTH_FAILED) ]
2024-07-17 01:41:30PM 14[IKE] <SidotiGlobal|1> received AUTHENTICATION_FAILED error notify
2024-07-17 01:41:30PM 08[ESP] unsupported IP version
2024-07-17 01:41:30PM 11[CFG] vici terminate IKE_SA 'SidotiGlobal'
2024-07-17 01:41:30PM 17[KNL] interface 13 'Sophos TAP Adapter' changed state from Up to Down
2024-07-17 01:41:32PM 16[CFG] unloaded private key with id 4e20202407a67488fb4b1992848518abfa64592e
2024-07-17 01:41:32PM 08[CFG] unloaded shared key with id 'SidotiGlobal-user-id'
2024-07-17 01:42:02PM 09[CFG] loaded certificate 'C=US, ST=NY, L=New York, O=Sidoti & Company, OU=IT, CN=vpn.sidoti.com, E=it@sidoti.com'
2024-07-17 01:42:03PM 13[CFG] loaded RSA private key
2024-07-17 01:42:03PM 16[CFG] loaded EAP shared key with id 'SidotiGlobal-user-id' for: 'ajohnson'
2024-07-17 01:42:04PM 10[LIB] TAP-Windows driver version 1.0 available.
2024-07-17 01:42:04PM 18[KNL] interface 13 'Sophos TAP Adapter' changed state from Down to Up
2024-07-17 01:42:06PM 10[CFG] added vici connection: SidotiGlobal
2024-07-17 01:42:06PM 13[CFG] vici initiate CHILD_SA 'SidotiGlobal-tunnel-1'
2024-07-17 01:42:06PM 16[IKE] <SidotiGlobal|2> initiating Main Mode IKE_SA SidotiGlobal[2] to 67.227.64.66
2024-07-17 01:42:06PM 16[ENC] <SidotiGlobal|2> generating ID_PROT request 0 [ SA V V V V V ]
2024-07-17 01:42:06PM 16[NET] <SidotiGlobal|2> sending packet: from 10.0.52.3[55561] to 67.227.64.66[500] (180 bytes)
2024-07-17 01:42:06PM 08[NET] <SidotiGlobal|2> received packet: from 67.227.64.66[500] to 10.0.52.3[55561] (180 bytes)
2024-07-17 01:42:06PM 08[ENC] <SidotiGlobal|2> parsed ID_PROT response 0 [ SA V V V V V ]
2024-07-17 01:42:06PM 08[IKE] <SidotiGlobal|2> received XAuth vendor ID
2024-07-17 01:42:06PM 08[IKE] <SidotiGlobal|2> received DPD vendor ID
2024-07-17 01:42:06PM 08[IKE] <SidotiGlobal|2> received Cisco Unity vendor ID
2024-07-17 01:42:06PM 08[IKE] <SidotiGlobal|2> received FRAGMENTATION vendor ID
2024-07-17 01:42:06PM 08[IKE] <SidotiGlobal|2> received NAT-T (RFC 3947) vendor ID
2024-07-17 01:42:06PM 08[CFG] <SidotiGlobal|2> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
2024-07-17 01:42:06PM 08[ENC] <SidotiGlobal|2> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
2024-07-17 01:42:06PM 08[NET] <SidotiGlobal|2> sending packet: from 10.0.52.3[55561] to 67.227.64.66[500] (396 bytes)
2024-07-17 01:42:06PM 12[NET] <SidotiGlobal|2> received packet: from 67.227.64.66[500] to 10.0.52.3[55561] (396 bytes)
2024-07-17 01:42:06PM 12[ENC] <SidotiGlobal|2> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
2024-07-17 01:42:06PM 12[IKE] <SidotiGlobal|2> local host is behind NAT, sending keep alives
2024-07-17 01:42:06PM 12[IKE] <SidotiGlobal|2> sending cert request for "C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA_dnQDi4Dd8hXQufb, E=na@example.com"
2024-07-17 01:42:06PM 12[IKE] <SidotiGlobal|2> authentication of 'C=US, ST=NY, L=New York, O=Sidoti & Company, OU=IT, CN=vpn.sidoti.com, E=it@sidoti.com' (myself) successful
2024-07-17 01:42:06PM 12[ENC] <SidotiGlobal|2> generating ID_PROT request 0 [ ID SIG CERTREQ N(INITIAL_CONTACT) ]
2024-07-17 01:42:06PM 12[NET] <SidotiGlobal|2> sending packet: from 10.0.52.3[55562] to 67.227.64.66[4500] (620 bytes)
2024-07-17 01:42:06PM 14[NET] <SidotiGlobal|2> received packet: from 67.227.64.66[4500] to 10.0.52.3[55562] (108 bytes)
2024-07-17 01:42:07PM 14[ENC] <SidotiGlobal|2> parsed INFORMATIONAL_V1 request 798579358 [ HASH N(AUTH_FAILED) ]
2024-07-17 01:42:07PM 14[IKE] <SidotiGlobal|2> received AUTHENTICATION_FAILED error notify
2024-07-17 01:42:07PM 15[CFG] vici terminate IKE_SA 'SidotiGlobal'
2024-07-17 01:42:07PM 11[ESP] unsupported IP version
2024-07-17 01:42:07PM 18[KNL] interface 13 'Sophos TAP Adapter' changed state from Up to Down
2024-07-17 01:42:08PM 10[CFG] unloaded private key with id 4e20202407a67488fb4b1992848518abfa64592e
2024-07-17 01:42:08PM 09[CFG] unloaded shared key with id 'SidotiGlobal-user-id'
2024-07-17 01:42:20PM 13[CFG] loaded certificate 'C=US, ST=NY, L=New York, O=Sidoti & Company, OU=IT, CN=vpn.sidoti.com, E=it@sidoti.com'
2024-07-17 01:42:20PM 09[CFG] loaded RSA private key
2024-07-17 01:42:20PM 10[CFG] loaded EAP shared key with id 'SidotiGlobal-user-id' for: 'ajohnson'
2024-07-17 01:42:21PM 08[LIB] TAP-Windows driver version 1.0 available.
2024-07-17 01:42:21PM 18[KNL] interface 13 'Sophos TAP Adapter' changed state from Down to Up
2024-07-17 01:42:23PM 08[CFG] added vici connection: SidotiGlobal
2024-07-17 01:42:23PM 12[CFG] vici initiate CHILD_SA 'SidotiGlobal-tunnel-1'
2024-07-17 01:42:23PM 15[IKE] <SidotiGlobal|3> initiating Main Mode IKE_SA SidotiGlobal[3] to 67.227.64.66
2024-07-17 01:42:23PM 15[ENC] <SidotiGlobal|3> generating ID_PROT request 0 [ SA V V V V V ]
2024-07-17 01:42:23PM 15[NET] <SidotiGlobal|3> sending packet: from 10.0.52.3[55561] to 67.227.64.66[500] (180 bytes)
2024-07-17 01:42:23PM 08[NET] <SidotiGlobal|3> received packet: from 67.227.64.66[500] to 10.0.52.3[55561] (180 bytes)
2024-07-17 01:42:23PM 08[ENC] <SidotiGlobal|3> parsed ID_PROT response 0 [ SA V V V V V ]
2024-07-17 01:42:23PM 08[IKE] <SidotiGlobal|3> received XAuth vendor ID
2024-07-17 01:42:23PM 08[IKE] <SidotiGlobal|3> received DPD vendor ID
2024-07-17 01:42:23PM 08[IKE] <SidotiGlobal|3> received Cisco Unity vendor ID
2024-07-17 01:42:23PM 08[IKE] <SidotiGlobal|3> received FRAGMENTATION vendor ID
2024-07-17 01:42:23PM 08[IKE] <SidotiGlobal|3> received NAT-T (RFC 3947) vendor ID
2024-07-17 01:42:23PM 08[CFG] <SidotiGlobal|3> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
2024-07-17 01:42:23PM 08[ENC] <SidotiGlobal|3> generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
2024-07-17 01:42:23PM 08[NET] <SidotiGlobal|3> sending packet: from 10.0.52.3[55561] to 67.227.64.66[500] (396 bytes)
2024-07-17 01:42:23PM 09[NET] <SidotiGlobal|3> received packet: from 67.227.64.66[500] to 10.0.52.3[55561] (396 bytes)
2024-07-17 01:42:23PM 09[ENC] <SidotiGlobal|3> parsed ID_PROT response 0 [ KE No NAT-D NAT-D ]
2024-07-17 01:42:23PM 09[IKE] <SidotiGlobal|3> local host is behind NAT, sending keep alives
2024-07-17 01:42:23PM 09[IKE] <SidotiGlobal|3> sending cert request for "C=NA, ST=NA, L=NA, O=NA, OU=NA, CN=Default_CA_dnQDi4Dd8hXQufb, E=na@example.com"
2024-07-17 01:42:23PM 09[IKE] <SidotiGlobal|3> authentication of 'C=US, ST=NY, L=New York, O=Sidoti & Company, OU=IT, CN=vpn.sidoti.com, E=it@sidoti.com' (myself) successful
2024-07-17 01:42:23PM 09[ENC] <SidotiGlobal|3> generating ID_PROT request 0 [ ID SIG CERTREQ N(INITIAL_CONTACT) ]
2024-07-17 01:42:23PM 09[NET] <SidotiGlobal|3> sending packet: from 10.0.52.3[55562] to 67.227.64.66[4500] (620 bytes)
2024-07-17 01:42:23PM 14[NET] <SidotiGlobal|3> received packet: from 67.227.64.66[4500] to 10.0.52.3[55562] (108 bytes)
2024-07-17 01:42:23PM 14[ENC] <SidotiGlobal|3> parsed INFORMATIONAL_V1 request 1502529350 [ HASH N(AUTH_FAILED) ]
2024-07-17 01:42:23PM 14[IKE] <SidotiGlobal|3> received AUTHENTICATION_FAILED error notify
2024-07-17 01:42:24PM 13[ESP] unsupported IP version
2024-07-17 01:42:24PM 15[CFG] vici terminate IKE_SA 'SidotiGlobal'
2024-07-17 01:42:24PM 17[KNL] interface 13 'Sophos TAP Adapter' changed state from Up to Down
2024-07-17 01:42:26PM 08[CFG] unloaded private key with id 4e20202407a67488fb4b1992848518abfa64592e
2024-07-17 01:42:26PM 15[CFG] unloaded shared key with id 'SidotiGlobal-user-id'
This thread was automatically locked due to age.