<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3c.org/TR/REC-html40/strict.dtd">
<html><head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<title>IPv6 Conformance Test Report</title>
<meta name="GENERATOR" content="TAHI IPv6 Conformance Test Kit">
<script type="text/javascript">
var packets = new Array();
var POP_ID_PREFIX = "pop";
var PACKET_INFO_PREFIX = "koiPacketInfo";
var COLOR_BG = "#ffdddd";
var WINDOW_HEIGHT = 300;
var WINDOW_WIDTH = 300;
var OFFSET_HEIGHT = 5;
var OFFSET_WIDTH = 20;
var IE = false;
var FF = false;
var NN4 = false;
if (document.all) {
IE = true;
}
else if (document.getElementById) {
FF = true;
}
else if (document.layers) {
NN4 = true;
}
function popup(id, event) {
var header, footer, pos_x, pos_y, str;
if (NN4) {
return;
}
header = '<div style="';
// header += 'width:' + WINDOW_WIDTH + ';';
header += 'background-color:' + COLOR_BG + ';';
header += 'border-width:3pt;';
header += 'border-style:solid;';
header += 'border-color:' + COLOR_BG + ';';
//header += 'padding:0;'
//header += 'margin:0;';
header += '">';
footer = '</div>';
str = header;
str += '<pre style="line-height:90%">';
str += getPacket(id);
str += '</pre>';
str += footer;
key = POP_ID_PREFIX + id;
if (IE) {
pos_x = document.body.scrollLeft+event.clientX;
pos_y = document.body.scrollTop+event.clientY;
document.all(key).style.pixelLeft = pos_x+OFFSET_WIDTH;
document.all(key).style.pixelTop = pos_y+OFFSET_HEIGHT;
document.all(key).innerHTML = str;
document.all(key).style.visibility = 'visible';
}
else if (FF) {
pos_x = event.pageX;
pos_y = event.pageY;
document.getElementById(key).style.left = pos_x+OFFSET_WIDTH + 'px';
document.getElementById(key).style.top = pos_y+OFFSET_HEIGHT + 'px';
document.getElementById(key).innerHTML = str;
document.getElementById(key).style.visibility = 'visible';
}
else if (NN4) {
pos_x = event.pageX;
pos_y = event.pageY;
document.layers[key].moveTo(pos_x+OFFSET_WIDTH, pos_y+OFFSET_HEIGHT);
document.layers[key].document.open();
document.layers[key].document.write(str);
document.layers[key].document.close();
document.layers[key].visibility = 'show';
}
}
function popdown(id) {
key = POP_ID_PREFIX + id;
if (IE) {
document.all(key).style.visibility = "hidden";
}
else if (FF) {
document.getElementById(key).style.visibility = "hidden";
}
else if (NN4) {
document.layers[key].visibility = "hidden";
}
}
function getPacket(id) {
if (packets[id]) {
return packets[id];
}
var str = getInnerHTML(PACKET_INFO_PREFIX + id);
str = trimTag(str, 'pre');
packets[id] = str;
return str;
}
function getInnerHTML(id) {
if (IE) {
return document.all(id).innerHTML;
}
else if (FF) {
return document.getElementById(id).innerHTML;
}
}
function trimTag(str, tagName) {
var index = str.indexOf('<' + tagName);
index = str.indexOf('>', index + 1);
var lastIndex = str.lastIndexOf('</' + tagName + '>');
lastIndex = (lastIndex < 0) ? str.length : lastIndex;
return str.substring(index + 1, lastIndex);
}
</script>
</head><body bgcolor="#f0f0f0">
<h1>Test Information</h1>
<table border="1">
<tbody><tr><td>Title</td><td>IKEv2-EN-R-1-1-11-2-A</td></tr>
<tr><td>CommandLine</td><td>./2-EN-R/IKEv2-EN-R-1-1-11-2-A.seq -log 1000.html</td></tr>
<tr><td>TestVersion</td><td>REL_1_0_3</td></tr>
<tr><td>ToolVersion</td><td>REL_2_1_6</td></tr>
<tr><td>Start</td><td>2010/06/29 07:43:59</td></tr>
<tr><td>Tn</td><td>/usr/local/koi//etc//tn.def</td></tr>
<tr><td>Nu</td><td>/usr/local/koi//etc//nut.def</td></tr>
</tbody></table>
<hr><h1>Test Sequence Execution Log</h1>
<table border="1">
<tbody><tr><td>07:43:59</td><td>Start</td></tr>
<tr><td><br></td><td>
<font color="#ff0000" size="+1"><u><b>TEST SETUP</b></u></font></td></tr><tr><td><br></td><td>
initializing IKEv2 module ...</td></tr><tr><td><br></td><td>
configuring Common Topology for End-Node: End-Node to End-Node ...</td></tr><tr><td><br></td><td>
parsing ./config.pl ...</td></tr><tr><td><br></td><td>
<table border="1"><tbody><tr><th bgcolor="#a8b5d8">key</th><th bgcolor="#a8b5d8">value</th></tr><tr><td>Link A prefix</td><td>2001:0db8:0001:0001</td></tr><tr><td>Link X prefix</td><td>2001:0db8:000f:0001</td></tr><tr><td>Link A link-local address (TR1)</td><td>fe80::f</td></tr><tr><td>Link A global address (NUT)</td><td>2001:0db8:0001:0001::1234</td></tr><tr><td>pre-shared key (TN)</td><td>IKETEST12345678!</td></tr><tr><td>pre-shared key (NUT)</td><td>IKETEST12345678!</td></tr><tr><td>IKE_SA Lifetime</td><td>300</td></tr><tr><td>CHILD_SA Lifetime</td><td>30</td></tr><tr><td>IKE_SA_INIT Request RetransTimer</td><td>16</td></tr><tr><td>IKE_AUTH Request RetransTimer</td><td>16</td></tr><tr><td>CREATE_CHILD_SA Request RetransTimer</td><td>16</td></tr><tr><td>INFORMATIONAL Request RetransTimer</td><td>16</td></tr><tr><td>Liveness Check Timer</td><td>32</td></tr><tr><td># of Half-Open IKE_SAs to contain N(COOKIE)</td><td>32</td></tr></tbody></table></td></tr><tr><td><br></td><td>
setting up TN ...</td></tr><tr valign="top">
<td>07:44:00</td>
<td width="100%">
ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=1")<br>
<pre>net.inet6.ip6.forwarding: 0 -> 1
</pre></td>
</tr><tr valign="top">
<td>07:44:00</td>
<td width="100%">
ikev2Local("/sbin/ifconfig -a")<br>
<pre>an0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:02:8a:5c:a9:58
media: IEEE 802.11 Wireless Ethernet autoselect
status: no carrier
ssid 1:tsunami channel 1 (2412 Mhz 11b)
stationname ""
authmode OPEN privacy OFF deftxkey 1 txpower 0 rtsthreshold 0
fragthreshold 0 bmiss 0 ucastrate 0 mcastrate 0 mgmtrate 0 maxretry 0
roaming DEVICE bintval 0
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC>
ether 00:09:6b:e3:b1:40
inet 169.254.3.100 netmask 0xffffff00 broadcast 169.254.3.255
inet6 fe80::209:6bff:fee3:b140%fxp0 prefixlen 64 scopeid 0x2
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:04:ac:bb:03:3c
inet 9.3.181.251 netmask 0xffffff00 broadcast 9.3.181.255
inet6 fe80::204:acff:febb:33c%dc0 prefixlen 64 scopeid 0x5
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
</pre></td>
</tr><tr valign="top">
<td>07:44:00</td>
<td width="100%">
ikev2Local("/sbin/ifconfig fxp0 inet6 fe80::f%fxp0/64")<br>
<pre></pre></td>
</tr><tr valign="top">
<td>07:44:00</td>
<td width="100%">
ikev2Local("/sbin/ifconfig fxp0 inet6 2001:0db8:0001:0001::f/64")<br>
<pre></pre></td>
</tr><tr valign="top">
<td>07:44:00</td>
<td width="100%">
ikev2Local("/sbin/ifconfig lo1 create")<br>
<pre></pre></td>
</tr><tr valign="top">
<td>07:44:00</td>
<td width="100%">
ikev2Local("/sbin/ifconfig lo1 up")<br>
<pre></pre></td>
</tr><tr valign="top">
<td>07:44:00</td>
<td width="100%">
ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64")<br>
<pre></pre></td>
</tr><tr valign="top">
<td>07:44:03</td>
<td width="100%">
ikev2Local("/sbin/ifconfig -a")<br>
<pre>an0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:02:8a:5c:a9:58
media: IEEE 802.11 Wireless Ethernet autoselect
status: no carrier
ssid 1:tsunami channel 1 (2412 Mhz 11b)
stationname ""
authmode OPEN privacy OFF deftxkey 1 txpower 0 rtsthreshold 0
fragthreshold 0 bmiss 0 ucastrate 0 mcastrate 0 mgmtrate 0 maxretry 0
roaming DEVICE bintval 0
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2009<RXCSUM,VLAN_MTU,WOL_MAGIC>
ether 00:09:6b:e3:b1:40
inet 169.254.3.100 netmask 0xffffff00 broadcast 169.254.3.255
inet6 fe80::209:6bff:fee3:b140%fxp0 prefixlen 64 scopeid 0x2
inet6 fe80::f%fxp0 prefixlen 64 scopeid 0x2
inet6 2001:db8:1:1::f prefixlen 64
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 00:04:ac:bb:03:3c
inet 9.3.181.251 netmask 0xffffff00 broadcast 9.3.181.255
inet6 fe80::204:acff:febb:33c%dc0 prefixlen 64 scopeid 0x5
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 2001:db8:f:1::1 prefixlen 64
</pre></td>
</tr><tr valign="top">
<td>07:44:03</td>
<td width="100%">
ikev2Local("/usr/local/sbin/setkey -D")<br>
<pre>No SAD entries.
</pre></td>
</tr><tr valign="top">
<td>07:44:03</td>
<td width="100%">
ikev2Local("/usr/local/sbin/setkey -F")<br>
<pre></pre></td>
</tr><tr valign="top">
<td>07:44:06</td>
<td width="100%">
ikev2Local("/usr/local/sbin/setkey -D")<br>
<pre>No SAD entries.
</pre></td>
</tr><tr valign="top">
<td>07:44:06</td>
<td width="100%">
ikev2Local("/usr/local/sbin/setkey -DP")<br>
<pre>No SPD entries.
</pre></td>
</tr><tr valign="top">
<td>07:44:06</td>
<td width="100%">
ikev2Local("/usr/local/sbin/setkey -FP")<br>
<pre></pre></td>
</tr><tr valign="top">
<td>07:44:09</td>
<td width="100%">
ikev2Local("/usr/local/sbin/setkey -DP")<br>
<pre>No SPD entries.
</pre></td>
</tr><tr><td><br></td><td>
setting up NUT ...</td>
</tr>
<tr valign="TOP"><td>07:44:09</td>
<td width="100%">
kRemote(ifconfig.rmt)
``/usr/local/koi/bin/remotes/linux-strongswan//ifconfig.rmt
ifconfig.address=2001:0db8:0001:0001::1234/64
ifconfig.address_family=inet6 ifconfig.interface=eth1 ''<br>
kRemote()... /usr/local/koi/bin/remotes/linux-strongswan//ifconfig.rmt
ifconfig.address=2001:0db8:0001:0001::1234/64
ifconfig.address_family=inet6 ifconfig.interface=eth1 <pre>Connected
$
$ /sbin/ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:21:5E:E6:01:8C
inet addr:9.3.181.204 Bcast:9.3.181.255 Mask:255.255.255.0
inet6 addr: fe80::221:5eff:fee6:18c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:311104 errors:0 dropped:30129 overruns:0 frame:0
TX packets:13410 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31313382 (29.8 Mb) TX bytes:5670790 (5.4 Mb)
Interrupt:99
eth1 Link encap:Ethernet HWaddr 00:21:5E:E6:01:8D
inet addr:192.168.240.7 Bcast:192.168.255.255 Mask:255.255.128.0
inet6 addr: fe80::221:5eff:fee6:18d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:459 errors:0 dropped:306 overruns:0 frame:0
TX packets:177 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:74661 (72.9 Kb) TX bytes:22821 (22.2 Kb)
Interrupt:107
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:19265 errors:0 dropped:0 overruns:0 frame:0
TX packets:19265 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7381364 (7.0 Mb) TX bytes:7381364 (7.0 Mb)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
$
$ /sbin/ifconfig eth1 inet6 add 2001:0db8:0001:0001::1234/64
$
$ /sbin/ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:21:5E:E6:01:8C
inet addr:9.3.181.204 Bcast:9.3.181.255 Mask:255.255.255.0
inet6 addr: fe80::221:5eff:fee6:18c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:311137 errors:0 dropped:30132 overruns:0 frame:0
TX packets:13410 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:31316492 (29.8 Mb) TX bytes:5670790 (5.4 Mb)
Interrupt:99
eth1 Link encap:Ethernet HWaddr 00:21:5E:E6:01:8D
inet addr:192.168.240.7 Bcast:192.168.255.255 Mask:255.255.128.0
inet6 addr: 2001:db8:1:1::1234/64 Scope:Global
inet6 addr: fe80::221:5eff:fee6:18d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:459 errors:0 dropped:306 overruns:0 frame:0
TX packets:179 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:74661 (72.9 Kb) TX bytes:23009 (22.4 Kb)
Interrupt:107
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:19265 errors:0 dropped:0 overruns:0 frame:0
TX packets:19265 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7381364 (7.0 Mb) TX bytes:7381364 (7.0 Mb)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
$
$ ~
[EOT]
</pre>
</td></tr>
<tr valign="TOP"><td>07:44:13</td>
<td width="100%">
kRemote(route.rmt)
``/usr/local/koi/bin/remotes/linux-strongswan//route.rmt
route.0.address_family=inet6 route.0.gateway=fe80::f%eth1
route.0.interface=eth1 route.0.network=2001:0db8:000f:0001::/64
route.num=1''<br>
kRemote()... /usr/local/koi/bin/remotes/linux-strongswan//route.rmt
route.0.address_family=inet6 route.0.gateway=fe80::f%eth1
route.0.interface=eth1 route.0.network=2001:0db8:000f:0001::/64
route.num=1
<pre>Connected
$
$ /sbin/route --inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::1/128 :: U 0 438 1 lo
2001:db8:1:1::1234/128 :: U 0 0 1 lo
2001:db8:1:1::/64 :: U 256 0 0 eth1
fe80::221:5eff:fee6:18c/128 :: U 0 0 1 lo
fe80::221:5eff:fee6:18d/128 :: U 0 22 1 lo
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth1
ff01::1:12bc/128 ff01::1:12bc UC 0 8 0 eth0
ff02::16/128 ff02::16 UC 0 2 0 eth1
ff02::1:2/128 ff02::1:2 UC 0 44441 0 eth0
ff02::1:700/128 ff02::1:700 UC 0 1 0 eth0
ff02::1:12bc/128 ff02::1:12bc UC 0 8 0 eth0
ff02::1:ff00:f/128 ff02::1:ff00:f UC 0 2 0 eth1
ff02::1:fffa:f6a0/128 ff02::1:fffa:f6a0 UC 0 1 0 eth0
ff05::1:12bc/128 ff05::1:12bc UC 0 8 0 eth0
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth1
$
$ /sbin/route -A inet6 add 2001:0db8:000f:0001::/64 gw fe80::f dev eth1
$
$ /sbin/route --inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::1/128 :: U 0 438 1 lo
2001:db8:1:1::1234/128 :: U 0 0 1 lo
2001:db8:1:1::/64 :: U 256 0 0 eth1
2001:db8:f:1::/64 fe80::f UG 1 0 0 eth1
fe80::221:5eff:fee6:18c/128 :: U 0 0 1 lo
fe80::221:5eff:fee6:18d/128 :: U 0 22 1 lo
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth1
ff01::1:12bc/128 ff01::1:12bc UC 0 8 0 eth0
ff02::16/128 ff02::16 UC 0 2 0 eth1
ff02::1:2/128 ff02::1:2 UC 0 44448 0 eth0
ff02::1:700/128 ff02::1:700 UC 0 1 0 eth0
ff02::1:12bc/128 ff02::1:12bc UC 0 8 0 eth0
ff02::1:ff00:f/128 ff02::1:ff00:f UC 0 2 0 eth1
ff02::1:fffa:f6a0/128 ff02::1:fffa:f6a0 UC 0 1 0 eth0
ff05::1:12bc/128 ff05::1:12bc UC 0 8 0 eth0
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth1
$
$ ~
[EOT]
</pre>
</td></tr>
<tr valign="TOP"><td>07:44:17</td>
<td width="100%">
kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/linux-strongswan//ikev2.rmt operation=stop''<br>
kRemote()... /usr/local/koi/bin/remotes/linux-strongswan//ikev2.rmt operation=stop
<pre>Connected
$
$ date 102003452010
Wed Oct 20 03:45:00 UTC 2010
$
$ ip xfrm state show
$
$ ip xfrm policy show
$
$ /bin/ps | /bin/grep -e starter -e charon
18777 root 508 S /bin/grep -e starter -e charon
$
$ /usr/sbin/ipsec stop
Stopping strongSwan IPsec failed: starter is not running
$
$ /bin/ps | /bin/grep -e starter -e charon
18783 root 508 S /bin/grep -e starter -e charon
$
$ ip xfrm state flush
$
$ ip xfrm policy flush
$
$ ip xfrm state show
$
$ ip xfrm policy show
$
$ ~
[EOT]
</pre>
</td></tr>
<tr valign="TOP"><td>07:44:21</td>
<td width="100%">kRemote(ikev2.rmt)
``/usr/local/koi/bin/remotes/linux-strongswan//ikev2.rmt
ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr=
ikev2.addresspool.num=1
ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234
ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1
ikev2.ipsec.0.ext_sequence=off
ikev2.ipsec.0.ipsec_index=common_ipsec_index
ikev2.ipsec.0.ipsec_sa_lifetime_time=30
ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1
ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index
ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport
ikev2.policy.0.policy_index=common_policy_index
ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1
ikev2.remote.0.ikev2.auto=route
ikev2.remote.0.ikev2.fixed_ipsec_conf=false
ikev2.remote.0.ikev2.initial_contact.initial_contact=off
ikev2.remote.0.ikev2.kmp_auth_method=psk
ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024
ikev2.remote.0.ikev2.kmp_dh_group.num=1
ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc
ikev2.remote.0.ikev2.kmp_enc_alg.num=1
ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1
ikev2.remote.0.ikev2.kmp_hash_alg.num=1
ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1
ikev2.remote.0.ikev2.kmp_prf_alg.num=1
ikev2.remote.0.ikev2.kmp_sa_lifetime_time=300
ikev2.remote.0.ikev2.my_id.fqdn.num=0
ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234
ikev2.remote.0.ikev2.my_id.ipaddr.num=1
ikev2.remote.0.ikev2.my_id.keyid.num=0
ikev2.remote.0.ikev2.my_id.rfc822addr.num=0
ikev2.remote.0.ikev2.need_pfs=off
ikev2.remote.0.ikev2.peers_id.fqdn.num=0
ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1
ikev2.remote.0.ikev2.peers_id.ipaddr.num=1
ikev2.remote.0.ikev2.peers_id.keyid.num=0
ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0
ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1
ikev2.remote.0.ikev2.peers_ipaddr.port=500
ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678!
ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678!
ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on
ikev2.remote.0.ikev2.subnet=false
ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1
ikev2.sa.0.esp_auth_alg.0=hmac_sha1 ikev2.sa.0.esp_auth_alg.num=1
ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1
ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp
ikev2.sa.num=1 ikev2.selector.0.direction=outbound
ikev2.selector.0.dst.address=2001:0db8:000f:0001::1
ikev2.selector.0.dst.address_family=inet6
ikev2.selector.0.policy_index=common_policy_index
ikev2.selector.0.selector_index=common_selector_index_outbound
ikev2.selector.0.src.address=2001:0db8:0001:0001::1234
ikev2.selector.0.src.address_family=inet6
ikev2.selector.0.upper_layer_protocol.protocol=any
ikev2.selector.1.direction=inbound
ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234
ikev2.selector.1.dst.address_family=inet6
ikev2.selector.1.policy_index=common_policy_index
ikev2.selector.1.selector_index=common_selector_index_inbound
ikev2.selector.1.src.address=2001:0db8:000f:0001::1
ikev2.selector.1.src.address_family=inet6
ikev2.selector.1.upper_layer_protocol.protocol=any
ikev2.selector.num=2''<br>
kRemote()... /usr/local/koi/bin/remotes/linux-strongswan//ikev2.rmt
ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr=
ikev2.addresspool.num=1
ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234
ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1
ikev2.ipsec.0.ext_sequence=off
ikev2.ipsec.0.ipsec_index=common_ipsec_index
ikev2.ipsec.0.ipsec_sa_lifetime_time=30
ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1
ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index
ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport
ikev2.policy.0.policy_index=common_policy_index
ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1
ikev2.remote.0.ikev2.auto=route
ikev2.remote.0.ikev2.fixed_ipsec_conf=false
ikev2.remote.0.ikev2.initial_contact.initial_contact=off
ikev2.remote.0.ikev2.kmp_auth_method=psk
ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024
ikev2.remote.0.ikev2.kmp_dh_group.num=1
ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc
ikev2.remote.0.ikev2.kmp_enc_alg.num=1
ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1
ikev2.remote.0.ikev2.kmp_hash_alg.num=1
ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1
ikev2.remote.0.ikev2.kmp_prf_alg.num=1
ikev2.remote.0.ikev2.kmp_sa_lifetime_time=300
ikev2.remote.0.ikev2.my_id.fqdn.num=0
ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234
ikev2.remote.0.ikev2.my_id.ipaddr.num=1
ikev2.remote.0.ikev2.my_id.keyid.num=0
ikev2.remote.0.ikev2.my_id.rfc822addr.num=0
ikev2.remote.0.ikev2.need_pfs=off
ikev2.remote.0.ikev2.peers_id.fqdn.num=0
ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1
ikev2.remote.0.ikev2.peers_id.ipaddr.num=1
ikev2.remote.0.ikev2.peers_id.keyid.num=0
ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0
ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1
ikev2.remote.0.ikev2.peers_ipaddr.port=500
ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678!
ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678!
ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on
ikev2.remote.0.ikev2.subnet=false
ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1
ikev2.sa.0.esp_auth_alg.0=hmac_sha1 ikev2.sa.0.esp_auth_alg.num=1
ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1
ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp
ikev2.sa.num=1 ikev2.selector.0.direction=outbound
ikev2.selector.0.dst.address=2001:0db8:000f:0001::1
ikev2.selector.0.dst.address_family=inet6
ikev2.selector.0.policy_index=common_policy_index
ikev2.selector.0.selector_index=common_selector_index_outbound
ikev2.selector.0.src.address=2001:0db8:0001:0001::1234
ikev2.selector.0.src.address_family=inet6
ikev2.selector.0.upper_layer_protocol.protocol=any
ikev2.selector.1.direction=inbound
ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234
ikev2.selector.1.dst.address_family=inet6
ikev2.selector.1.policy_index=common_policy_index
ikev2.selector.1.selector_index=common_selector_index_inbound
ikev2.selector.1.src.address=2001:0db8:000f:0001::1
ikev2.selector.1.src.address_family=inet6
ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2
<pre>Connected
$
$ date 102003452010
Wed Oct 20 03:45:00 UTC 2010
$
$ cat > /etc/ipsec.secrets << EOF
> : PSK 'IKETEST12345678!'
> EOF
$ cat /etc/ipsec.secrets
: PSK 'IKETEST12345678!'
$
$ echo : PSK \'IKETEST12345678!\' > /etc/ipsec.secrets
$
$ cat /etc/ipsec.secrets
: PSK 'IKETEST12345678!'
$
$ chmod 0600 /etc/ipsec.secrets
$
$ ls -l /etc/ipsec.secrets
-rw------- 1 root root 25 Oct 20 03:45 /etc/ipsec.secrets
$ SUBNET IS >>>>> false <<<<<<
$ cat > /etc/ipsec.conf << EOF
> config setup
> crlcheckinterval=180
> strictcrlpolicy=no
> plutostart=no
> charondebug=" ike 3 "
> conn %default
> ikelifetime=300
> keylife=30
> rekeymargin=0
> keyingtries=1
> mobike=no
> keyexchange=ikev2
> conn host-host
> left=2001:0db8:0001:0001::1234
> right=2001:0db8:000f:0001::1
> authby=psk
> leftprotoport=any
> rightprotoport=any
> ike=3des-sha1-modp1024
> esp=3des-sha1-modp1024
> leftid=2001:0db8:0001:0001::1234
> rightid=2001:0db8:000f:0001::1
> type=transport
> auto=route
> leftsendcert=ifasked
>
> EOF
$ cat /etc/ipsec.conf
config setup
crlcheckinterval=180
strictcrlpolicy=no
plutostart=no
charondebug=" ike 3 "
conn %default
ikelifetime=300
keylife=30
rekeymargin=0
keyingtries=1
mobike=no
keyexchange=ikev2
conn host-host
left=2001:0db8:0001:0001::1234
right=2001:0db8:000f:0001::1
authby=psk
leftprotoport=any
rightprotoport=any
ike=3des-sha1-modp1024
esp=3des-sha1-modp1024
leftid=2001:0db8:0001:0001::1234
rightid=2001:0db8:000f:0001::1
type=transport
auto=route
leftsendcert=ifasked
$
$ ls -l /etc/ipsec.conf
-rwxr-xr-x 1 root root 651 Oct 20 03:45 /etc/ipsec.conf
$
$ /bin/ps | /bin/grep -e starter -e charon
18801 root 508 S /bin/grep -e starter -e charon
$
$ ping6 -c 2 2001:0db8:0001:0001::1234
PING (2001:db8:1:1::1234): 56 data bytes
64 bytes from 2001:db8:1:1::1234: icmp6_seq=0 ttl=-1 time=0.2 ms
64 bytes from 2001:db8:1:1::1234: icmp6_seq=1 ttl=-1 time=0.2 ms
--- ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.2/0.2/0.2 ms
$
$ /usr/sbin/ipsec start --debug-all --nofork &
$ Starting strongSwan 4.1.10 IPsec [starter]...
| Default route found: iface=eth0, addr=9.3.181.204, nexthop=9.3.181.1
| Loading config setup
| crlcheckinterval=180
| strictcrlpolicy=no
| plutostart=no
| charondebug= ike 3
| Loading conn %default
| ikelifetime=300
| keylife=30
| rekeymargin=0
| keyingtries=1
| mobike=no
| keyexchange=ikev2
| Loading conn 'host-host'
| left=2001:0db8:0001:0001::1234
| right=2001:0db8:000f:0001::1
| authby=psk
| leftprotoport=any
| rightprotoport=any
| ike=3des-sha1-modp1024
| esp=3des-sha1-modp1024
| leftid=2001:0db8:0001:0001::1234
| rightid=2001:0db8:000f:0001::1
| type=transport
| auto=route
| leftsendcert=ifasked
| Found netkey IPsec stack
| Attempting to start charon...
01[DMN] starting charon (strongSwan Version 4.1.10)
01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
01[LIB] loading ca certificate file '/etc/ipsec.d/cacerts/cacert.pem' (1359 bytes)
01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
01[CFG] loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
01[CFG] loading crls from '/etc/ipsec.d/crls'
01[CFG] loading secrets from "/etc/ipsec.secrets"
01[CFG] loading shared key for %any
01[CFG] loading control interface modules from '/usr/lib/ipsec/plugins/interfaces'
01[CFG] loaded control interface module successfully from libcharon-stroke.so
01[CFG] loading backend modules from '/usr/lib/ipsec/plugins/backends'
01[CFG] loaded backend module successfully from libcharon-local.so
01[KNL] listening on interfaces:
01[KNL] eth0
01[KNL] 9.3.181.204
01[KNL] fe80::221:5eff:fee6:18c
01[KNL] eth1
01[KNL] 192.168.240.7
01[KNL] 2001:db8:1:1::1234
01[KNL] fe80::221:5eff:fee6:18d
01[LIB] initializing libcurl
01[CFG] loading EAP modules from '/usr/lib/ipsec/plugins/eap'
01[JOB] spawning 16 worker threads
| charon (18815) started
03[CFG] received stroke: add connection 'host-host'
03[CFG] added configuration 'host-host': 2001:db8:1:1::1234[2001:db8:1:1::1234]...2001:db8:f:1::1[2001:db8:f:1::1]
03[CFG] received stroke: route 'host-host'
06[AUD] routing CHILD_SA
06[AUD] CHILD_SA routed
$ /bin/ps | /bin/grep -e starter -e charon
18803 root 812 S /usr/lib/ipsec/starter --debug-all --nofork
18815 root 2016 S /usr/lib/ipsec/charon --crlcheckinterval 180 --debug-
18833 root 508 S /bin/grep -e starter -e charon
$
$ ip xfrm state show
$
$ ~
[EOT]
</pre>
</td></tr>
<tr><td><br></td><td>
<font color="#ff0000" size="+1"><u><b>TEST PROCEDURE</b></u></font></td></tr><tr><td><br></td><td>
<pre> (R) (I)
NUT TN1
| |
|<--------------| IKE_SA_INIT request (HDR, SAi1, KEi, Ni)
| |
V V</pre></td></tr><tr valign="TOP">
<td>07:44:26</td><td>
Clear Buffer<br>
done<br>
</td>
</tr>
<tr valign="TOP">
<td>07:44:26</td><td>
Connect<br> SrcAddr:2001:0db8:000f:0001::1 SrcPort:500<br> DstAddr:2001:0db8:0001:0001::1234 DstPort:500<br>
done<br>
connected to SocketID:3<br>
sent to SocketID:3<br>
<a name="koiPacket1"></a>
<a href="#koiPacketDump1" onmouseover="popup(1,event);" onmouseout="popdown(1);">send 1st packet</a>
<div id="pop1" style="position: absolute; visibility: hidden;"></div>
<br>
</td>
</tr>
<tr><td><br></td><td>
<pre> (R) (I)
NUT TN1
| |
|-------------->| IKE_SA_INIT response (HDR, SAr1, KEr, Nr)
| |
V V</pre></td></tr><tr valign="TOP">
<td>07:44:26</td><td>
Receive<br>
SrcAddr:2001:db8:1:1::1234 SrcPort:500<br> DstAddr:2001:db8:f:1::1 DstPort:500<br>
done<br>
received from SocketID:3<br>
<a name="koiPacket2"></a>
<a href="#koiPacketDump2" onmouseover="popup(2,event);" onmouseout="popdown(2);">receive 2nd packet</a>
<div id="pop2" style="position: absolute; visibility: hidden;"></div>
<br>
</td>
</tr>
<tr><td><br></td><td>
compare the received packet with packets('common_remote_index')</td></tr><tr valign="top">
<td>07:44:26</td>
<td>Checking Payload Order ...</td></tr><tr valign="top">
<td></td><td><b>OK</b>: Payload Order ('HDR', 'SA', 'KE', 'Ni, Nr', 'CERTREQ')</td></tr><tr valign="top">
<td>07:44:26</td>
<td>Preparing Expected Packet ...</td></tr><tr valign="top">
<td></td><td>OK: Added Payloads:<pre>Added#0
cert_encoding = X.509 Certificate - Signature
inserted = 4
added = 1
self = CERTREQ
cert_authority = 59bf9ae8860831816a50d0fad731212deb83071c
critical = 0
length = 25
nexttype = 0
reserved = 0
offset = 228
</pre>OK: Modified Payloads:<pre><pre>Modified#0
critical = 0
length = ARRAY(0x8a5b344)
length_comparator = range
nexttype = CERTREQ
self = Ni, Nr
nonce = NaN
reserved = 0
modified = nexttype(0 -> CERTREQ)
</pre></pre></td></tr><tr valign="top">
<td>07:44:26</td>
<td>Checking Fields ...</td></tr><tr><td><br></td><td>
<pre><b>IKE Header</b>
<b>OK</b> initSPI: (received: f5c57111eaff84b7, expected: f5c57111eaff84b7, comp: eq)
<b>OK</b> respSPI: (received: b519ef9cc06c191b, expected: 0000000000000000, comp: ne)
<b>OK</b> nexttype: (received: SA, expected: SA, comp: eq)
<b>OK</b> major: (received: 2, expected: 2, comp: eq)
<b>OK</b> minor: (received: 0, expected: 0, comp: eq)
<b>OK</b> exchType: (received: IKE_SA_INIT, expected: IKE_SA_INIT, comp: eq)
<b>OK</b> reserved1: (received: 0, expected: 0, comp: eq)
<b>OK</b> initiator: (received: 0, expected: 0, comp: eq)
<b>OK</b> higher: (received: 0, expected: 0, comp: eq)
<b>OK</b> response: (received: 1, expected: 1, comp: eq)
<b>OK</b> reserved2: (received: 0, expected: 0, comp: eq)
<b>OK</b> messID: (received: 0, expected: 0, comp: eq)
<b>OK</b> length: (received: 253, expected: any, comp: eq)
</pre></td></tr><tr><td><br></td><td>
<pre><b>SA Proposal Comparison</b>
<b>OK</b> ENCR: (received:ENCR_3DES, expected:ENCR_3DES)
<b>OK</b> PRF: (received:PRF_HMAC_SHA1, expected:PRF_HMAC_SHA1)
<b>OK</b> INTEG: (received:INTEG_HMAC_SHA1_96, expected:INTEG_HMAC_SHA1_96)
<b>OK</b> D-H: (received:D-H_1024 MODP Group, expected:D-H_1024 MODP Group)
<b>OK</b> ESN: (received:, expected:)
</pre></td></tr><tr><td><br></td><td>
<pre><b>Security Association Payload</b>
<b>OK</b> nexttype: (received:KE, expected:KE, comp: ne)
<b>OK</b> reserved: (received:0, expected:0, comp: eq)
<b>OK</b> critical: (received:0, expected:0, comp: eq)
<b>OK</b> length: (received:44, expected:44, comp: eq)
</pre></td></tr><tr><td><br></td><td>
<pre><b>Proposal Substructure</b>
<b>OK</b> nexttype: (received:0, expected:0, comp: eq)
<b>OK</b> reserved: (received:0, expected:0, comp: eq)
<b>OK</b> number: (received:1, expected:1, comp: eq)
<b>OK</b> proposalLen: (received:40, expected:40, comp: eq)
<b>OK</b> transformCount: (received:4, expected:4, comp: eq)
<b>OK</b> id: (received:IKE, expected:IKE, comp: eq)
<b>OK</b> spiSize: (received:0, expected:0, comp: eq)
</pre></td></tr><tr><td><br></td><td>
<pre><b>Transform Substructure</b>
<b>OK</b> nexttype: (received:3, expected:3, comp: eq)
<b>OK</b> reserved1: (received:0, expected:0, comp: eq)
<b>OK</b> transformLen: (received:8, expected:8, comp: eq)
<b>OK</b> type: (received:ENCR, expected:ENCR, comp: eq)
<b>OK</b> reserved2: (received:0, expected:0, comp: eq)
<b>OK</b> id: (received:3DES, expected:3DES, comp: eq)
</pre></td></tr><tr><td><br></td><td>
<pre><b>Transform Substructure</b>
<b>OK</b> nexttype: (received:3, expected:3, comp: eq)
<b>OK</b> reserved1: (received:0, expected:0, comp: eq)
<b>OK</b> transformLen: (received:8, expected:8, comp: eq)
<b>OK</b> type: (received:INTEG, expected:INTEG, comp: eq)
<b>OK</b> reserved2: (received:0, expected:0, comp: eq)
<b>OK</b> id: (received:HMAC_SHA1_96, expected:HMAC_SHA1_96, comp: eq)
</pre></td></tr><tr><td><br></td><td>
<pre><b>Transform Substructure</b>
<b>OK</b> nexttype: (received:3, expected:3, comp: eq)
<b>OK</b> reserved1: (received:0, expected:0, comp: eq)
<b>OK</b> transformLen: (received:8, expected:8, comp: eq)
<b>OK</b> type: (received:PRF, expected:PRF, comp: eq)
<b>OK</b> reserved2: (received:0, expected:0, comp: eq)
<b>OK</b> id: (received:HMAC_SHA1, expected:HMAC_SHA1, comp: eq)
</pre></td></tr><tr><td><br></td><td>
<pre><b>Transform Substructure</b>
<b>OK</b> nexttype: (received:0, expected:0, comp: eq)
<b>OK</b> reserved1: (received:0, expected:0, comp: eq)
<b>OK</b> transformLen: (received:8, expected:8, comp: eq)
<b>OK</b> type: (received:D-H, expected:D-H, comp: eq)
<b>OK</b> reserved2: (received:0, expected:0, comp: eq)
<b>OK</b> id: (received:1024 MODP Group, expected:1024 MODP Group, comp: eq)
</pre></td></tr><tr><td><br></td><td>
<pre><b>Key Exchange Payload</b>
<b>OK</b> nexttype: (received: Ni, Nr, expected: Ni, Nr, comp: eq)
<b>OK</b> critical: (received: 0, expected: 0, comp: eq)
<b>OK</b> reserved: (received: 0, expected: 0, comp: eq)
<b>OK</b> length: (received: 136, expected: 136, comp: eq)
<b>OK</b> group: (received: 2, expected: 2, comp: eq)
<b>OK</b> reserved1: (received: 0, expected: 0, comp: eq)
<b>OK</b> publicKey: (received: 0x7a8ad309be4aedbbebeb44fdad6c7d5c09eb4e820a93f995a7d83ff75d20e26bfbe08c5569f01ed815a25beb14d79bba55d320ecc26acd5b236b5a4853fe2449860e3573244fd59a9b248fc58dcc445cb54d2e93fc9362f0dad44b0cb061e78965fab3df365bdbaddb9d2d9d0e95fe7bc0eebde9bfb421f8eda1ad0224f6a577, expected: any, comp: eq)
</pre></td></tr><tr><td><br></td><td>
<pre><b>Nonce Payload</b>
<b>OK</b> nexttype: (received: CERTREQ, expected: CERTREQ, comp: eq)
<b>OK</b> critical: (received: 0, expected: 0, comp: eq)
<b>OK</b> reserved: (received: 0, expected: 0, comp: eq)
<b>OK</b> length: (received: 20, expected: [20-260], comp: range)
<b>OK</b> nonce: (received: 0xb2c2e318e35a024a8d76040930e1cc3, expected: any, comp: eq)
</pre></td></tr><tr><td><br></td><td>
<pre><b>Certificate Request Payload</b>
<b>OK</b> nexttype: (received: 0, expected: 0, comp: eq)
<b>OK</b> critical: (received: 0, expected: 0, comp: eq)
<b>OK</b> reserved: (received: 0, expected: 0, comp: eq)
<b>OK</b> length: (received: 25, expected: 25, comp: eq)
<b>OK</b> cert_encoding: (received: X.509 Certificate - Signature, expected: X.509 Certificate - Signature, comp: eq)
<b>OK</b> cert_auth: (received: , expected: any, comp: eq)
</pre></td></tr><tr><td><br></td><td>
<b>Match with packet('common_remote_index')</b></td></tr><tr><td><br></td><td>
<table border="1"><tbody><tr><th bgcolor="#a8b5d8">key</th><th bgcolor="#a8b5d8">value</th></tr><tr><td>g^i</td><td>f54d853df7f8d52bf9c15b625066d89815d68a9dd2e902465f3597efbdbebb03e9da165f4d2bfe07d29c713ef47bde5e44c61d9f898cb0c323c3e1185e15d3a6a773e49489ed550ef617417d5a31a3d521729fc08cdf9550a945c5e97c61ebb550614874333900b222931bb39f84714ff458819ce4c1e59eec301bef075ebe8a</td></tr><tr><td>g^r</td><td>7a8ad309be4aedbbebeb44fdad6c7d5c09eb4e820a93f995a7d83ff75d20e26bfbe08c5569f01ed815a25beb14d79bba55d320ecc26acd5b236b5a4853fe2449860e3573244fd59a9b248fc58dcc445cb54d2e93fc9362f0dad44b0cb061e78965fab3df365bdbaddb9d2d9d0e95fe7bc0eebde9bfb421f8eda1ad0224f6a577</td></tr><tr><td>g^ir</td><td>ff8c621b5d255935f950278aa6ee231cb62077dc5a87865081c62ea48975554cb71842727908890a54f9cea2891cf198b53254dd3e75a86fe162551ed9096aded7aed17cbf8358c16ee36e2ffb6e281797a11a461efe88e0e3e597034cc5bcf385a790f8e7060814d7f0d72774f2702c3acfc496bab754f048438e76fa859311</td></tr><tr><td>Ni</td><td>aa402ea7fbd2fa66745da77474bc4aee8e55ec554599b432f1df060cbade5d3ee90c59bff2d4a9f976902e628e18941c757f22d26e09af8b89a3ea3018d6c842188b428badca1439f71c8ba76303b471514d81a5c11ef8987273c1e898845a8169858e4f8167eda82b1b9f2e6365006ec1dc4a4e8ae4f69f55fddd4731b5</td></tr><tr><td>Nr</td><td>0b2c2e318e35a024a8d76040930e1cc3</td></tr><tr><td>SPIi</td><td>f5c57111eaff84b7</td></tr><tr><td>SPIr</td><td>b519ef9cc06c191b</td></tr><tr><td>IKEv2 Transform Type 1 Algorithms</td><td>3DES</td></tr><tr><td>IKEv2 Transform Type 2 Algorithms</td><td>HMAC_SHA1</td></tr><tr><td>IKEv2 Transform Type 3 Algorithms</td><td>HMAC_SHA1_96</td></tr></tbody></table></td></tr><tr><td><br></td><td>
<pre> (R) (I)
NUT TN1
| |
|<--------------| IKE_AUTH request (HDR, SK {IDi, AUTH, N(USE_TRANSPORT_MODE), SAi2, TSi, TSr})
| |
V V</pre></td></tr><tr valign="TOP">
<td>07:44:26</td><td>
Clear Buffer<br>
done<br>
</td>
</tr>
<tr valign="TOP">
<td>07:44:26</td><td>
Send<br>
done<br>
sent to SocketID:3<br>
<a name="koiPacket3"></a>
<a href="#koiPacketDump3" onmouseover="popup(3,event);" onmouseout="popdown(3);">send 3rd packet</a>
<div id="pop3" style="position: absolute; visibility: hidden;"></div>
<br>
</td>
</tr>
<tr><td><br></td><td>
<pre> (R) (I)
NUT TN1
| |
|-------------->| IKE_AUTH response (HDR, SK {IDr, AUTH, N(USE_TRANSPORT_MODE), SAr2, TSi, TSr)
| |
V V</pre></td></tr><tr valign="TOP">
<td>07:44:26</td><td>
Receive<br>
SrcAddr:2001:db8:1:1::1234 SrcPort:500<br> DstAddr:2001:db8:f:1::1 DstPort:500<br>
done<br>
received from SocketID:3<br>
<a name="koiPacket4"></a>
<a href="#koiPacketDump4" onmouseover="popup(4,event);" onmouseout="popdown(4);">receive 4th packet</a>
<div id="pop4" style="position: absolute; visibility: hidden;"></div>
<br>
</td>
</tr>
<tr><td><br></td><td>
compare the received packet with packets('common_remote_index')</td></tr><tr valign="top">
<td>07:44:27</td>
<td>Checking Payload Order ...</td></tr><tr valign="top">
<td></td><td><font color="#0000ff"><b>NOTE</b></font>: Payload Order ('HDR', 'E', 'N')</td></tr><tr valign="top">
<td>07:44:27</td>
<td>Preparing Expected Packet ...</td></tr><tr><td><br></td><td>
<b>Not match with packet('common_remote_index')</b></td></tr><tr><td><br></td><td>
</td></tr><tr><td><br></td><td>
<font color="#ff0000">Can't observe IKE_AUTH response.</font></td></tr><tr><td><br></td><td>
<font color="#ff0000" size="+1"><u><b>TEST CLEANUP</b></u></font></td></tr><tr><td><br></td><td>
cleaning up NUT ...</td>
</tr>
<tr valign="TOP"><td>07:44:27</td>
<td width="100%">
kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/linux-strongswan//ikev2.rmt operation=stop''<br>
kRemote()... /usr/local/koi/bin/remotes/linux-strongswan//ikev2.rmt operation=stop
<pre>Connected
.jP®¹Å
jrrrrråj¤ÊÚ•µ~ª’ª²Ò
u2 "É2²²º¢ª"
Ý‚º¢º¢5¢
*UÂ*ªª*rrrr2Ñu¹¢Ñ¹R¹rª¹jR„ÊÚ%-u‚’º’Òªª¢ªÊÊÑš’2Å"‚²‚"ª"š**傪ʪ¹r’rrrrrrêårrÊÕ¤ÊÚ%-u’ÂÂÒ2É"Ñ‚
å2庲ʂ’*²’Â*ŠÂÊ¢Šºªº2’’rrrrr²¹r¹òrrª¹jRÊÚ%-uš‚¢Ò"É‚²*‚Ê
ÂÂÊ
Í*š‚ŠÂ"eᢒŠÂ¢’rr¹rrrrr‚rrr¹r5R‚ÊÚ%-uš’‚ÒÂ
Š¢šÊ2ÝŠÂ
Ý‚²š‚šÑºŠªŠ¢"ŠrrrrÊrrrr¹òŠE5¹jR†ÊÚ%-ušš²Ò
ÕÅŠ*2…ʺ’ºš*áÊ¢ª
Š²ÊªÂ*rrrrr’͹rrrÒ¹J¹òjRÊÚ%-ušª’Ò¢2Š²º*
á’ŠÊ2’*²š²ª‚‚²*"¢
z¹:¹rZrrr•¹r¹rR5R‚ÊÚ%-uš²ÂÒ¢*Â
*Ñ2ÙÊ2ªª2"¢ºšŠÕÑ
Á2Õr¹rrrª¹r:Årrrrrrj¤ÊÚ%-ušÂ¢ÒÂÂÊ’
ÉÂ"" Š¢ªš‚’ŠºŠ’2š²‚Â"rrrrrrr*Á
Š½â¹jR„ÊÚ%-uÚ•É•ÑêòŠ²åÑ•Í‚ÂÅ‚‚²ŠººÂj¤ÊÚ%-u‚Ңʢ¢ªª¢¢ªªšª¢šŠš’ššš¢šªš²šºšÂ’ŠJ-QMQÅ’š¢ª²ºÂ
j¤ÊÚ%-uZ•åÁ…‘êòŠºåÑ•Í‚ÂÅ‚‚¢¢Ê¢5R‚ÊÚ•µêª‚Ò¢òªºÊ’‚ª‚²Š²¢’‚²²²2º’’‚¢Ê¢¢ªº²ZUå‚…‘2½ÉJ-Ù5R‚ÊÚ•µzªŠ²Òš’’j¤ÊÚ%-u‚É™¡š•É•Ñ±Z•åÁ…‘¥‚êò’‚åÑ•Í‚ÂÅ‚‚²šº‚‚j¤ÊÚ%-u‚ÒšÊeáÊš‚’ª ‚*‚’‚ÊŠ¢Ê*¢*²²*Êrrrr*rrrrrrrr™¹jR‚ÊÚ•µ^ªŠ²Ò²²
Ù‚Š*‚Z©¹rjRÊÚ%-u
UQ!ê‚É™¡‚É™¡š•É•Ñ±Z•åÁ…‘¥bzÑ•ÑÍ¥êò’‚åÑ•Í‚ÂÅ‚‚²š²*ájR„ÊÚ%-u‚‚Ò*º’ššÊ’’¢
Á²"2²Â¢2Š*ªÙɺªr’Ír"rrj¹B=¹rrrª5R‚ÊÚ%-uŠ²Ò"Ù’’"åŠÊrrrj¤ÊÚ%-ušÕ•Í͙ձ±åÉ•…Ñ•‘š¡…É•‘Z•åj5R‚ÊÚUåjª:•¹•É…Ñ¥¹J-}UQ!’•ÍÁ½¹Í•ŠÚr¡
UQ!}%1¥‚ê5R‚ÊÚåUOÕš•¹‘¥¹‚…•Ñé2ɽµ’‚‚ŠÒ"‰áÒŠÒŠÒÒŠ’š¢ÚÕ‚‚ꢽ’‚‚ŠÒ"‰áÒ2éÊÒÒŠÚÕ‚‚ê5RjRDþkRemoteLogin: fail to login.
fail to login.
</pre>
</td></tr>
<tr><td><br></td><td>
<font color="#ff0000">NUT cleanup failure</font></td></tr><tr><td><br></td><td>
<font color="#ff0000">internal error</font></td></tr></tbody></table>
<hr><h1>Packet Reverse Log</h1>
<ul>
<a name="koiPacketDump1"></a><a href="#koiPacket1">1st packet at 07:44:26</a>
<div id="koiPacketInfo1">
<pre>IP Packet
| IP Header
| | Version = 6
| | Source Address = 2001:db8:f:1::1
| | Destination Address = 2001:db8:1:1::1234
| UDP Header
| | Source Port = 500
| | Destination Port = 500
| Internet Security Association and Key Management Protocol Payload
| | IKE Header
| | | IKE_SA Initiator's SPI = f5c57111eaff84b7
| | | IKE_SA Responder's SPI = 0000000000000000
| | | Next Payload = 33 (SA)
| | | Major Version = 2
| | | Minor Version = 0
| | | Exchange Type = 34 (IKE_SA_INIT)
| | | Flags = 8 (0b00001000)
| | | | Reserved (XX000000) = 0
| | | | Response (00R00000) = 0
| | | | Version (000V0000) = 0
| | | | Initiator (0000I000) = 1
| | | | Reserved (00000XXX) = 0
| | | Message ID = 0 (0x0)
| | | Length = 338 (0x152)
| | | SA Payload
| | | | Next Payload = 34 (KE)
| | | | Critical = 0
| | | | Reserved = 0
| | | | Payload Length = 44 (0x2c)
| | | | Proposal #1
| | | | | Next Payload = 0 (last)
| | | | | RESERVED = 0
| | | | | Proposal Length = 40
| | | | | Proposal # = 1
| | | | | Proposal ID = IKE
| | | | | SPI Size = 0
| | | | | # of Transforms = 4
| | | | | Transfrom
| | | | | | Next Payload = 3 (Transform)
| | | | | | RESERVED = 0
| | | | | | Transform Length = 8
| | | | | | Transform Type = 1 (ENCR)
| | | | | | RESERVED = 0
| | | | | | Transform ID = 3 (3DES)
| | | | | Transfrom
| | | | | | Next Payload = 3 (Transform)
| | | | | | RESERVED = 0
| | | | | | Transform Length = 8
| | | | | | Transform Type = 2 (PRF)
| | | | | | RESERVED = 0
| | | | | | Transform ID = 2 (HMAC_SHA1)
| | | | | Transfrom
| | | | | | Next Payload = 3 (Transform)
| | | | | | RESERVED = 0
| | | | | | Transform Length = 8
| | | | | | Transform Type = 3 (INTEG)
| | | | | | RESERVED = 0
| | | | | | Transform ID = 2 (HMAC_SHA1_96)
| | | | | Transfrom
| | | | | | Next Payload = 0 (last)
| | | | | | RESERVED = 0
| | | | | | Transform Length = 8
| | | | | | Transform Type = 4 (D-H)
| | | | | | RESERVED = 0
| | | | | | Transform ID = 2 (1024 MODP Group)
| | | KE Payload
| | | | Next Payload = 40 (Ni, Nr)
| | | | Critical = 0
| | | | Reserved = 0
| | | | Payload Length = 136 (0x88)
| | | | DH Group # = 2
| | | | RESERVED = 0
| | | | Key Exchange Data = 0xf54d853df7f8d52bf9c15b625066d89815d68a9dd2e902465f3597efbdbebb03e9da165f4d2bfe07d29c713ef47bde5e44c61d9f898cb0c323c3e1185e15d3a6a773e49489ed550ef617417d5a31a3d521729fc08cdf9550a945c5e97c61ebb550614874333900b222931bb39f84714ff458819ce4c1e59eec301bef075ebe8a
| | | Ni, Nr Payload
| | | | Next Payload = 0 (0)
| | | | Critical = 0
| | | | Reserved = 0
| | | | Payload Length = 130 (0x82)
| | | | Nonce Data = aa402ea7fbd2fa66745da77474bc4aee8e55ec554599b432f1df060cbade5d3ee90c59bff2d4a9f976902e628e18941c757f22d26e09af8b89a3ea3018d6c842188b428badca1439f71c8ba76303b471514d81a5c11ef8987273c1e898845a8169858e4f8167eda82b1b9f2e6365006ec1dc4a4e8ae4f69f55fddd4731b5
</pre>
</div>
<hr>
<a name="koiPacketDump2"></a><a href="#koiPacket2">2nd packet at 07:44:26</a>
<div id="koiPacketInfo2">
<pre>IP Packet
| IP Header
| | Version = 6
| | Source Address = 2001:db8:1:1::1234
| | Destination Address = 2001:db8:f:1::1
| UDP Header
| | Source Port = 500
| | Destination Port = 500
| Internet Security Association and Key Management Protocol Payload
| | IKE Header
| | | IKE_SA Initiator's SPI = f5c57111eaff84b7
| | | IKE_SA Responder's SPI = b519ef9cc06c191b
| | | Next Payload = 33 (SA)
| | | Major Version = 2
| | | Minor Version = 0
| | | Exchange Type = 34 (IKE_SA_INIT)
| | | Flags = 32 (0b00100000)
| | | | Reserved (XX000000) = 0
| | | | Response (00R00000) = 1
| | | | Version (000V0000) = 0
| | | | Initiator (0000I000) = 0
| | | | Reserved (00000XXX) = 0
| | | Message ID = 0 (0x0)
| | | Length = 253 (0xfd)
| | | SA Payload
| | | | Next Payload = 34 (KE)
| | | | Critical = 0
| | | | Reserved = 0
| | | | Payload Length = 44 (0x2c)
| | | | Proposal #1
| | | | | Next Payload = 0 (last)
| | | | | RESERVED = 0
| | | | | Proposal Length = 40
| | | | | Proposal # = 1
| | | | | Proposal ID = IKE
| | | | | SPI Size = 0
| | | | | # of Transforms = 4
| | | | | Transfrom
| | | | | | Next Payload = 3 (Transform)
| | | | | | RESERVED = 0
| | | | | | Transform Length = 8
| | | | | | Transform Type = 1 (ENCR)
| | | | | | RESERVED = 0
| | | | | | Transform ID = 3 (3DES)
| | | | | Transfrom
| | | | | | Next Payload = 3 (Transform)
| | | | | | RESERVED = 0
| | | | | | Transform Length = 8
| | | | | | Transform Type = 3 (INTEG)
| | | | | | RESERVED = 0
| | | | | | Transform ID = 2 (HMAC_SHA1_96)
| | | | | Transfrom
| | | | | | Next Payload = 3 (Transform)
| | | | | | RESERVED = 0
| | | | | | Transform Length = 8
| | | | | | Transform Type = 2 (PRF)
| | | | | | RESERVED = 0
| | | | | | Transform ID = 2 (HMAC_SHA1)
| | | | | Transfrom
| | | | | | Next Payload = 0 (last)
| | | | | | RESERVED = 0
| | | | | | Transform Length = 8
| | | | | | Transform Type = 4 (D-H)
| | | | | | RESERVED = 0
| | | | | | Transform ID = 2 (1024 MODP Group)
| | | KE Payload
| | | | Next Payload = 40 (Ni, Nr)
| | | | Critical = 0
| | | | Reserved = 0
| | | | Payload Length = 136 (0x88)
| | | | DH Group # = 2
| | | | RESERVED = 0
| | | | Key Exchange Data = 0x7a8ad309be4aedbbebeb44fdad6c7d5c09eb4e820a93f995a7d83ff75d20e26bfbe08c5569f01ed815a25beb14d79bba55d320ecc26acd5b236b5a4853fe2449860e3573244fd59a9b248fc58dcc445cb54d2e93fc9362f0dad44b0cb061e78965fab3df365bdbaddb9d2d9d0e95fe7bc0eebde9bfb421f8eda1ad0224f6a577
| | | Ni, Nr Payload
| | | | Next Payload = 38 (CERTREQ)
| | | | Critical = 0
| | | | Reserved = 0
| | | | Payload Length = 20 (0x14)
| | | | Nonce Data = 0b2c2e318e35a024a8d76040930e1cc3
| | | CERTREQ Payload
| | | | Next Payload = 0 (0)
| | | | Critical = 0
| | | | Reserved = 0
| | | | Payload Length = 25 (0x19)
| | | | Certificate Encoding = 4 (X.509 Certificate - Signature)
| | | | Certificate Authority = 59bf9ae8860831816a50d0fad731212deb83071c
</pre>
</div>
<hr>
<a name="koiPacketDump3"></a><a href="#koiPacket3">3rd packet at 07:44:26</a>
<div id="koiPacketInfo3">
<pre>IP Packet
| IP Header
| | Version = 6
| | Source Address = 2001:db8:f:1::1
| | Destination Address = 2001:db8:1:1::1234
| UDP Header
| | Source Port = 500
| | Destination Port = 500
| Internet Security Association and Key Management Protocol Payload
| | IKE Header
| | | IKE_SA Initiator's SPI = f5c57111eaff84b7
| | | IKE_SA Responder's SPI = b519ef9cc06c191b
| | | Next Payload = 46 (E)
| | | Major Version = 2
| | | Minor Version = 0
| | | Exchange Type = 35 (IKE_AUTH)
| | | Flags = 73 (0b01001001)
| | | | Reserved (XX000000) = 64
| | | | Response (00R00000) = 0
| | | | Version (000V0000) = 0
| | | | Initiator (0000I000) = 1
| | | | Reserved (00000XXX) = 1
| | | Message ID = 1 (0x1)
| | | Length = 252 (0xfc)
| | | E Payload
| | | | Next Payload = 35 (IDi)
| | | | Critical = 1
| | | | Reserved = 1
| | | | Payload Length = 224 (0xe0)
| | | | Initialization Vector = e12d6041f33cb50c
| | | | Encrypted IKE Payloads
| | | | | IDi Payload
| | | | | | Next Payload = 39 (AUTH)
| | | | | | Critical = 1
| | | | | | Reserved = 1
| | | | | | Payload Length = 24 (0x18)
| | | | | | ID Type = 5 (IPV6_ADDR)
| | | | | | RESERVED = 1
| | | | | | Identification Data = 20010db8000f00010000000000000001 (2001:db8:f:1::1)
| | | | | AUTH Payload
| | | | | | Next Payload = 41 (N)
| | | | | | Critical = 1
| | | | | | Reserved = 1
| | | | | | Payload Length = 28 (0x1c)
| | | | | | Auth Method = 2 (SK_MIC)
| | | | | | RESERVED = 1
| | | | | | Authentication Data = 3366653939353532343832356432356264306232
| | | | | N Payload
| | | | | | Next Payload = 33 (SA)
| | | | | | Critical = 1
| | | | | | Reserved = 1
| | | | | | Payload Length = 8 (0x8)
| | | | | | Protocol ID = 0 (no relation)
| | | | | | SPI Size = 0
| | | | | | Notify Message Type = 16391 (USE_TRANSPORT_MODE)
| | | | | SA Payload
| | | | | | Next Payload = 44 (TSi)
| | | | | | Critical = 1
| | | | | | Reserved = 1
| | | | | | Payload Length = 40 (0x28)
| | | | | | Proposal #1
| | | | | | | Next Payload = 0 (last)
| | | | | | | RESERVED = 1
| | | | | | | Proposal Length = 36
| | | | | | | Proposal # = 1
| | | | | | | Proposal ID = ESP
| | | | | | | SPI Size = 4
| | | | | | | # of Transforms = 3
| | | | | | | SPI = d7394571
| | | | | | | Transfrom
| | | | | | | | Next Payload = 3 (Transform)
| | | | | | | | RESERVED = 1
| | | | | | | | Transform Length = 8
| | | | | | | | Transform Type = 1 (ENCR)
| | | | | | | | RESERVED = 1
| | | | | | | | Transform ID = 3 (3DES)
| | | | | | | Transfrom
| | | | | | | | Next Payload = 3 (Transform)
| | | | | | | | RESERVED = 1
| | | | | | | | Transform Length = 8
| | | | | | | | Transform Type = 3 (INTEG)
| | | | | | | | RESERVED = 1
| | | | | | | | Transform ID = 2 (HMAC_SHA1_96)
| | | | | | | Transfrom
| | | | | | | | Next Payload = 0 (last)
| | | | | | | | RESERVED = 1
| | | | | | | | Transform Length = 8
| | | | | | | | Transform Type = 5 (ESN)
| | | | | | | | RESERVED = 1
| | | | | | | | Transform ID = 0 (No ESN)
| | | | | TSi Payload
| | | | | | Next Payload = 45 (TSr)
| | | | | | Critical = 1
| | | | | | Reserved = 1
| | | | | | Payload Length = 48 (0x30)
| | | | | | Number of TSs = 1
| | | | | | RESERVED = 1
| | | | | | Traffic Selector
| | | | | | | TS Type = 8 (IPV6_ADDR_RANGE)
| | | | | | | IP Protocol ID = 0 (any)
| | | | | | | Selector Length = 40
| | | | | | | Start Port = 0
| | | | | | | End Port = 65535
| | | | | | | Starting Address = 20010db8000f00010000000000000001
| | | | | | | Ending Address = 20010db8000f00010000000000000001
| | | | | TSr Payload
| | | | | | Next Payload = 0 (0)
| | | | | | Critical = 1
| | | | | | Reserved = 1
| | | | | | Payload Length = 48 (0x30)
| | | | | | Number of TSs = 1
| | | | | | RESERVED = 1
| | | | | | Traffic Selector
| | | | | | | TS Type = 8 (IPV6_ADDR_RANGE)
| | | | | | | IP Protocol ID = 0 (any)
| | | | | | | Selector Length = 40
| | | | | | | Start Port = 0
| | | | | | | End Port = 65535
| | | | | | | Starting Address = 20010db8000100010000000000001234
| | | | | | | Ending Address = 20010db8000100010000000000001234
| | | | Integrity Checksum Data = dbb136265b43d4f0dbaed7b3
</pre>
</div>
<hr>
<a name="koiPacketDump4"></a><a href="#koiPacket4">4th packet at 07:44:27</a>
<div id="koiPacketInfo4">
<pre>IP Packet
| IP Header
| | Version = 6
| | Source Address = 2001:db8:1:1::1234
| | Destination Address = 2001:db8:f:1::1
| UDP Header
| | Source Port = 500
| | Destination Port = 500
| Internet Security Association and Key Management Protocol Payload
| | IKE Header
| | | IKE_SA Initiator's SPI = f5c57111eaff84b7
| | | IKE_SA Responder's SPI = b519ef9cc06c191b
| | | Next Payload = 46 (E)
| | | Major Version = 2
| | | Minor Version = 0
| | | Exchange Type = 35 (IKE_AUTH)
| | | Flags = 32 (0b00100000)
| | | | Reserved (XX000000) = 0
| | | | Response (00R00000) = 1
| | | | Version (000V0000) = 0
| | | | Initiator (0000I000) = 0
| | | | Reserved (00000XXX) = 0
| | | Message ID = 1 (0x1)
| | | Length = 68 (0x44)
| | | E Payload
| | | | Next Payload = 41 (N)
| | | | Critical = 0
| | | | Reserved = 0
| | | | Payload Length = 40 (0x28)
| | | | Initialization Vector = 5dcb7251678dea3e
| | | | Encrypted IKE Payloads
| | | | | N Payload
| | | | | | Next Payload = 0 (0)
| | | | | | Critical = 0
| | | | | | Reserved = 0
| | | | | | Payload Length = 8 (0x8)
| | | | | | Protocol ID = 0 (no relation)
| | | | | | SPI Size = 0
| | | | | | Notify Message Type = 24 (AUTHENTICATION_FAILED)
| | | | Integrity Checksum Data = 4d5cc308c2671a7ef3e3bf0f
</pre>
</div>
<hr>
</ul>
<!-- 5fa635eda444f77ba8cba18e32fe6dd1 -->
<!-- f4fcd153b1d3b718189ead5efac4626d -->
</body></html>