<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="�" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
text-justify:inter-ideograph;
font-size:10.5pt;
font-family:"Calibri","sans-serif";}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:18.0pt;
font-family:SimSun;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:SimSun;
font-weight:bold;}
.MsoChpDefault
{mso-style-type:export-only;}
/* Page Definitions */
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=ZH-CN link=blue vlink=purple style='text-justify-trim:punctuation'>
<div class=Section1>
<p class=MsoNormal><span lang=EN-US>Hi:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> I
am using strongswan 4.5 for test. The net environment is the same as “Test
ikev2/nat-one-rw” (the only difference is that alice’s IP is
10.2.0.10 and bob’s IP is 10.1.0.10). <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> The
host “alice” could setup esp-tunnel with Gateway “sun”
successfully and it’s virtual IP is assigned as “10.1.0.120”
by DHCP server which is behind the Gateway sun.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> But
the strange thing is that after tunnel established, alice could not visit sun’s
10.1.x.x subnet. And If alice do not require virtual IP, everything is OK. Why?
<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> I
really </span><span lang=EN-US style='font-family:"Arial","sans-serif";
color:#2B2B2B'>appreciate if someone could give me some advice. Thanks and best
regards.</span><span lang=EN-US><o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>1)Here is host NATed Alice’s
ipsec.conf file:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>config setup<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
crlcheckinterval=180<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
strictcrlpolicy=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
plutostart=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>conn %default<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
ikelifetime=60m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
keylife=20m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
rekeymargin=3m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
keyingtries=1<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
keyexchange=ikev2<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>conn hnb<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
authby=pubkey<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
compress=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
dpdaction=none<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
dpddelay=30s<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
dpdtimeout=150s<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
inactivity=0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
installpolicy=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
ikelifetime=60m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
#lifebytes=0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
lifepackets=102400000<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
lifetime=30m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
marginpackets=1024<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
#marginbytes=0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
margintime=5m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
mobike=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
reauth=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
rekey=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
rekeyfuzz=100%<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
type=tunnel<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
left=%any<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
leftcert=hnb.pem<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
leftid=hnb@percello.com<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
leftfirewall=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
right=192.168.0.61<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
rightid=secgw@percello.com<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
rightsubnet=10.1.0.0/32<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
leftsourceip=%config<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> auto=start<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>2)Here is Gateway sun’s ipsec.conf
file:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> config
setup<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
crlcheckinterval=180<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
strictcrlpolicy=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
plutostart=no<o:p></o:p></span></p>
<p class=MsoNormal style='margin-left:21.0pt'><span lang=EN-US>conn %default<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
ikelifetime=60m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
keylife=20m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> rekeymargin=3m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
keyingtries=1<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
keyexchange=ikev2<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
left=192.168.0.61<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
leftcert=secgw.pem<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
leftid=secgw@percello.com<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
leftfirewall=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
rekey=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
reauth=no<o:p></o:p></span></p>
<p class=MsoNormal style='text-indent:21.0pt'><span lang=EN-US>conn nat-t<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
leftsubnet=10.1.0.0/16<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
rightsubnet=0.0.0.0/0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
right=%any<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
rightsourceip=%dhcp<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
auto=add<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>3) Here is Alice’s log:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> ipsec
start --debug-all --nofork<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Starting strongSwan 4.5.0 IPsec
[starter]...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>!! Your strongswan.conf contains manual
plugin load options for<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>!! pluto and/or charon. This is recommended
for experts only, see<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>!!
http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| Loading config setup<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| crlcheckinterval=180<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| strictcrlpolicy=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| plutostart=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| Loading conn %default<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| ikelifetime=60m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| keylife=20m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| rekeymargin=3m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| keyingtries=1<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| keyexchange=ikev2<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| Loading conn 'hnb'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| authby=pubkey<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| compress=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| dpdaction=none<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| dpddelay=30s<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| dpdtimeout=150s<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| inactivity=0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| installpolicy=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| ikelifetime=60m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| lifepackets=102400000<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| lifetime=30m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| marginpackets=1024<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| margintime=5m<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| mobike=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| reauth=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| rekey=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| rekeyfuzz=100%<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| type=tunnel<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| left=%any<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| leftcert=hnb.pem<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| leftid=hnb@percello.com<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| leftfirewall=yes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| right=192.168.0.61<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| rightid=secgw@percello.com<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| rightsubnet=10.1.0.0/32<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| leftsourceip=%config<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| auto=start<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| Found netkey IPsec stack<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>| Attempting to start charon...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[DMN] Starting IKEv2 charon daemon
(strongSwan 4.5.0)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[CFG] loading ca certificates from
'/usr/local/etc/ipsec.d/cacerts'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[CFG] loaded ca certificate
"C=CN, ST=ln, L=dl, O=pctl, OU=rnd, CN=ipsec, E=ca@percello.com" from
'/usr/local/etc/ipsec.d/cacerts/ipsec.pem'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[CFG] loading aa certificates from
'/usr/local/etc/ipsec.d/aacerts'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[CFG] loading ocsp signer certificates
from '/usr/local/etc/ipsec.d/ocspcerts'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[CFG] loading attribute certificates from
'/usr/local/etc/ipsec.d/acerts'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[CFG] loading crls from
'/usr/local/etc/ipsec.d/crls'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[CFG] loading secrets from
'/usr/local/etc/ipsec.secrets'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[CFG] loaded RSA private key
from '/usr/local/etc/ipsec.d/private/hnbkey.pem'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[NET] installing IKE bypass policy failed<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[NET] installing IKE bypass policy failed<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[NET] installing IKE bypass policy failed<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[NET] installing IKE bypass policy failed<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[KNL] listening on interfaces:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[KNL] eth0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[KNL] 10.2.0.10<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[KNL]
fe80::20c:29ff:fe8e:3e10<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[DMN] loaded plugins: aes des sha1 sha2
md5 pem fips-prf pkcs1 pkcs11 gmp random pubkey x509 hmac xcbc stroke
socket-default attr kernel-netlink kernel-pfkey farp updown <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>00[JOB] spawning 16 worker threads<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>charon (3012) started after 20 ms<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] stroke message => 503 bytes @
0xb64660c0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 0: F7 01 00 00 03
00 00 00 FF FF FF FF 54 01 00 00 ............T...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 16: 01 00 00 00 01 00
00 00 00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 32: 00 00 00 00 00 00
00 00 02 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 48: 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 64: 01 00 00 00 00 00
00 00 00 00 00 00 01 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 80: 58 01 00 00 80 01
00 00 01 00 00 00 08 07 00 00 X...............<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 96: 10 0E 00 00 2C 01
00 00 00 00 00 00 00 00 00 00 ....,...........<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 112: 00 00 00 00 00 00 00 00
00 80 1A 06 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 128: 00 04 00 00 00 00 00 00
01 00 00 00 64 00 00 00 ............d...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 144: 1E 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 160: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 176: 00 00 00 00 00 00 00 00
00 00 00 00 96 01 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 192: 00 00 00 00 00 00 00 00
A7 01 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 208: 00 00 00 00 00 00 00 00
00 00 00 00 AF 01 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 224: C6 01 00 00 F4 01 00 00
00 00 00 00 01 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 240: 00 00 00 00 01 00 00 00
00 00 00 00 01 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 256: 00 00 00 00 00 00 00 00
00 00 00 00 CB 01 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 272: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 288: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 304: DE 01 00 00 F4 01 00 00
00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 320: EB 01 00 00 01 00 00 00
00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 336: 00 00 00 00 68 6E 62 00
61 65 73 31 32 38 2D 73 ....hnb.aes128-s<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 352: 68 61 31 2D 6D 6F 64 70
32 30 34 38 2C 33 64 65 ha1-modp2048,3de<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 368: 73 2D 73 68 61 31 2D 6D
6F 64 70 31 35 33 36 00 s-sha1-modp1536.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 384: 61 65 73 31 32 38 2D 73
68 61 31 2C 33 64 65 73 aes128-sha1,3des<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 400: 2D 73 68 61 31 00 68 6E
62 40 70 65 72 63 65 6C -sha1.hnb@percel<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 416: 6C 6F 2E 63 6F 6D 00 68
6E 62 2E 70 65 6D 00 69 lo.com.hnb.pem.i<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 432: 70 73 65 63 20 5F 75 70
64 6F 77 6E 20 69 70 74 psec _updown ipt<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 448: 61 62 6C 65 73 00 25 61
6E 79 00 73 65 63 67 77 ables.%any.secgw<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 464: 40 70 65 72 63 65 6C 6C
6F 2E 63 6F 6D 00 31 39 @percello.com.19<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 480: 32 2E 31 36 38 2E 30 2E
36 31 00 31 30 2E 31 2E 2.168.0.61.10.1.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] 496: 30 2E 30 2F 33 32
00
0.0/32.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] received stroke: add connection
'hnb'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] conn hnb<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] left=%any<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftsubnet=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftsourceip=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftauth=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftauth2=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftid=hnb@percello.com<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftid2=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftcert=hnb.pem<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftcert2=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftca=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftca2=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftgroups=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] leftupdown=ipsec
_updown iptables<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] right=192.168.0.61<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] rightsubnet=10.1.0.0/32<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] rightsourceip=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] rightauth=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] rightauth2=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG]
rightid=secgw@percello.com<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] rightid2=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] rightcert=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] rightcert2=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] rightca=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] rightca2=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] rightgroups=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] rightupdown=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] eap_identity=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] aaa_identity=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG]
ike=aes128-sha1-modp2048,3des-sha1-modp1536<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG]
esp=aes128-sha1,3des-sha1<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] mediation=no<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] mediated_by=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] me_peerid=(null)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] left nor right host is our side,
assuming left=local<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] loaded certificate
"C=CN, ST=ln, L=dl, O=pctl, OU=rnd, CN=hnb@percello.com,
E=hnb@percello.com" from 'hnb.pem'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>03[CFG] added configuration 'hnb'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] stroke message => 344 bytes @
0xb3afc160<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 0: 58 01 00 00 00
00 00 00 FF FF FF FF 54 01 00 00 X...........T...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 16: 01 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 32: 00 00 00 00 02 00
00 00 00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 48: 00 00 00 00 00 00
00 00 00 00 00 00 01 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 64: 00 00 00 00 00 00
00 00 01 00 00 00 58 01 00 00 ............X...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 80: 80 01 00 00 01 00
00 00 08 07 00 00 10 0E 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 96: 2C 01 00 00 00 00
00 00 00 00 00 00 00 00 00 00 ,...............<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 112: 00 00 00 00 00 80 1A 06
00 00 00 00 00 04 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 128: 00 00 00 00 01 00 00 00
64 00 00 00 1E 00 00 00 ........d.......<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 144: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 160: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 176: 00 00 00 00 00 00 00 00
96 01 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 192: 00 00 00 00 A7 01 00 00
00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 208: 00 00 00 00 00 00 00 00
AF 01 00 00 C6 01 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 224: F4 01 00 00 00 00 00 00
01 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 240: 01 00 00 00 00 00 00 00
01 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 256: 00 00 00 00 00 00 00 00
CB 01 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 272: 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 288: 00 00 00 00 00 00 00 00
00 00 00 00 DE 01 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 304: F4 01 00 00 00 00 00 00
00 00 00 00 EB 01 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 320: 01 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] 336: 68 6E 62 00 68 6E 62
00
hnb.hnb.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[CFG] received stroke: initiate 'hnb'<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] queueing IKE_VENDOR task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] queueing IKE_INIT task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] queueing IKE_NATD task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] queueing IKE_CERT_PRE task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] queueing IKE_AUTHENTICATE task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] queueing IKE_CERT_POST task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] queueing IKE_CONFIG task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] queueing IKE_AUTH_LIFETIME task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] queueing CHILD_CREATE task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] activating new tasks<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] activating IKE_VENDOR
task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] activating IKE_INIT
task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] activating IKE_NATD
task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] activating IKE_CERT_PRE
task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] activating
IKE_AUTHENTICATE task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] activating
IKE_CERT_POST task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] activating IKE_CONFIG
task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] activating CHILD_CREATE
task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] activating
IKE_AUTH_LIFETIME task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] initiating IKE_SA hnb[1] to
192.168.0.61<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] IKE_SA hnb[1] state change: CREATED
=> CONNECTING<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] natd_chunk => 22 bytes @
0x9035d78<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] 0: D8 C6 CA 02 42
5C 08 54 00 00 00 00 00 00 00 00 ....B\.T........<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] 16: C0 A8 00 3D 01
F4
...=..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] natd_hash => 20 bytes @
0x9035718<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] 0: 42 8F EA C3 6E
97 9E C7 90 F0 FD 0F 19 29 66 95 B...n........)f.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] 16: 73 64 74
86 sdt.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] natd_chunk => 22 bytes @
0x9036d50<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] 0: D8 C6 CA 02 42
5C 08 54 00 00 00 00 00 00 00 00 ....B\.T........<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] 16: 0A 02 00 0A 01
F4
......<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] natd_hash => 20 bytes @
0x9035718<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] 0: 69 7F 09 A1 9A
5A D9 AF B9 8E 06 71 2C 15 52 58 i....Z.....q,.RX<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[IKE] 16: 78 8E 79
CB
x.y.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[ENC] generating IKE_SA_INIT request 0 [
SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>08[NET] sending packet: from 10.2.0.10[500]
to 192.168.0.61[500]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[NET] received packet: from
192.168.0.61[500] to 10.2.0.10[500]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[ENC] parsed IKE_SA_INIT response 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[CFG] selecting proposal:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[CFG] proposal matches<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[CFG] received proposals:
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[CFG] configured proposals:
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1536,
IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/HMAC_SHA1_96/HMAC_SHA2_256_128/HMAC_MD5_96/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/PRF_HMAC_SHA2_256/PRF_HMAC_SHA1/PRF_HMAC_MD5/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_AES128_XCBC/MODP_2048/MODP_2048_224/MODP_2048_256/MODP_1536/MODP_4096/MODP_8192/MODP_1024/MODP_1024_160<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[CFG] selected proposal:
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] natd_chunk => 22 bytes @
0x90376e8<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 0: D8 C6 CA 02 42
5C 08 54 F3 CD 94 43 82 5A 81 21 ....B\.T...C.Z.!<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 16: 0A 02 00 0A 01
F4
......<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] natd_hash => 20 bytes @
0x9037758<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 0: 6E 01 0B 0A 28
23 68 3C 78 D0 5B CA AC 41 B8 1E n...(#h<x.[..A..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 16: 37 BF 76
0A
7.v.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] natd_chunk => 22 bytes @
0x90376e8<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 0: D8 C6 CA 02 42
5C 08 54 F3 CD 94 43 82 5A 81 21 ....B\.T...C.Z.!<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 16: C0 A8 00 3D 01
F4
...=..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] natd_hash => 20 bytes @
0x9037990<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 0: 5C 40 16 87 54
E8 24 F9 4F 5E 10 82 47 55 DB 7B \@..T.$.O^..GU.{<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 16: A4 96 0D
85 ....<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] precalculated src_hash => 20
bytes @ 0x9037990<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 0: 5C 40 16 87 54
E8 24 F9 4F 5E 10 82 47 55 DB 7B \@..T.$.O^..GU.{<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 16: A4 96 0D
85
....<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] precalculated dst_hash => 20
bytes @ 0x9037758<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 0: 6E 01 0B 0A 28
23 68 3C 78 D0 5B CA AC 41 B8 1E n...(#h<x.[..A..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 16: 37 BF 76
0A
7.v.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] received src_hash => 20 bytes @
0x9032360<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 0: 5C 40 16 87 54
E8 24 F9 4F 5E 10 82 47 55 DB 7B \@..T.$.O^..GU.{<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 16: A4 96 0D
85
....<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] received dst_hash => 20 bytes @
0x9032378<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 0: 06 50 CA 1E E7
17 86 3B 6A EA 04 D9 92 B2 E2 29 .P.....;j......)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 16: 77 E2 7F
B3
w...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] local host is behind NAT, sending
keep alives<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] received cert request for
"C=CN, ST=ln, L=dl, O=pctl, OU=rnd, CN=ipsec, E=ca@percello.com"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] reinitiating already active tasks<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] IKE_CERT_PRE task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] IKE_AUTHENTICATE task<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] sending cert request for
"C=CN, ST=ln, L=dl, O=pctl, OU=rnd, CN=ipsec, E=ca@percello.com"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] IDx' => 20 bytes @ 0xb22f8fe0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 0: 03 00 00 00 68
6E 62 40 70 65 72 63 65 6C 6C 6F ....hnb@percello<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 16: 2E 63 6F
6D
.com<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] SK_p => 20 bytes @ 0x9037908<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 0: 35 61 B9 5A D2
BC 3F 96 88 E0 C0 BB D7 C0 38 1F 5a.Z..?.......8.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 16: 8B 4D 8D
E7
.M..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] octets = message + nonce +
prf(Sk_px, IDx') => 736 bytes @ 0x90385d8<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 0: D8 C6 CA 02 42
5C 08 54 00 00 00 00 00 00 00 00 ....B\.T........<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 16: 21 20 22 08 00 00
00 00 00 00 02 AC 22 00 01 2C ! "........."..,<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 32: 02 00 00 2C 01 01
00 04 03 00 00 0C 01 00 00 0C ...,............<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 48: 80 0E 00 80 03 00
00 08 03 00 00 02 03 00 00 08 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 64: 02 00 00 02 00 00
00 08 04 00 00 0E 02 00 00 28 ...............(<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 80: 02 01 00 04 03 00
00 08 01 00 00 03 03 00 00 08 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 96: 03 00 00 02 03 00
00 08 02 00 00 02 00 00 00 08 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 112: 04 00 00 05 00 00 00 D4
03 01 00 18 03 00 00 0C ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 128: 01 00 00 0C 80 0E 00 80
03 00 00 0C 01 00 00 0C ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 144: 80 0E 00 C0 03 00 00 0C
01 00 00 0C 80 0E 01 00 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 160: 03 00 00 08 01 00 00 03
03 00 00 08 03 00 00 02 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 176: 03 00 00 08 03 00 00 0C
03 00 00 08 03 00 00 01 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 192: 03 00 00 08 03 00 00 0D
03 00 00 08 03 00 00 0E ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 208: 03 00 00 08 03 00 00 05
03 00 00 08 02 00 00 05 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 224: 03 00 00 08 02 00 00 02
03 00 00 08 02 00 00 01 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 240: 03 00 00 08 02 00 00 06
03 00 00 08 02 00 00 07 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 256: 03 00 00 08 02 00 00 04
03 00 00 08 04 00 00 0E ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 272: 03 00 00 08 04 00 00 17
03 00 00 08 04 00 00 18 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 288: 03 00 00 08 04 00 00 05
03 00 00 08 04 00 00 10 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 304: 03 00 00 08 04 00 00 12
03 00 00 08 04 00 00 02 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 320: 00 00 00 08 04 00 00 16
28 00 01 08 00 0E 00 00 ........(.......<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 336: D8 02 DB B2 D8 1D 9D C1
6D 68 E9 0C 99 E7 E0 97 ........mh......<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 352: E5 20 16 43 B1 94 87 68
EF F2 2B 50 44 66 76 E6 . .C...h..+PDfv.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 368: 00 70 56 80 63 7A 82 BB
09 2A C5 47 0E FE 5C 08 .pV.cz...*.G..\.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 384: 55 2D CD 40 CA 5E AB 44
DB D4 1E BC D5 7B 6D 17 U-.@.^.D.....{m.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 400: 62 39 81 21 B0 A9 12 B2
3F 27 74 FC 68 DB A5 F2 b9.!....?'t.h...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 416: 18 38 AC FA ED EF A4 72
20 FA 0B 49 21 B6 B7 CF .8.....r ..I!...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 432: B0 9B CE BD 2B B4 B3 D4
B0 EF B0 5E 8E A9 0C 07 ....+......^....<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 448: E9 46 31 EB C3 C8 A6 D5
9B AE F8 B0 EE 2D 5B BC .F1..........-[.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 464: F0 44 80 D7 78 6F 0E D9
6B F5 1E 8A 87 5D 37 55 .D..xo..k....]7U<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 480: 4D C8 7E 4B A0 95 55 7D
BC F1 74 1F E6 C1 89 B6 M.~K..U}..t.....<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 496: F4 64 98 8A 66 D5 4C 97
34 C3 16 D7 23 F5 0E 48 .d..f.L.4...#..H<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 512: AA 4C 8D 05 8B 30 68 73
EE 35 15 D8 C3 BE BB B2 .L...0hs.5......<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 528: 7F 5F B2 4D 14 C6 13 5C
F6 B6 27 E5 7D 46 61 19 ._.M...\..'.}Fa.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 544: B4 36 D7 72 9C 5D F6 5F
B9 8D A2 EB 6B 44 29 E6 .6.r.]._....kD).<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 560: C8 FE 24 3B 94 E1 37 0E
50 CB 42 6E 18 39 45 89 ..$;..7.P.Bn.9E.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 576: 1A 6E B9 CE 5B 6B A2 DE
CA 83 FF B6 F8 4C 95 15 .n..[k.......L..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 592: 29 00 00 24 46 09 20 75
9A CD 67 8E AA 25 13 85 )..$F. u..g..%..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 608: 86 B9 1B 9F 2F 73 FF 18
B8 88 41 30 A0 19 79 3B ..../s....A0..y;<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 624: 22 FB 87 B7 29 00 00 1C
00 00 40 04 69 7F 09 A1 "...).....@.i...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 640: 9A 5A D9 AF B9 8E 06 71
2C 15 52 58 78 8E 79 CB .Z.....q,.RXx.y.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 656: 00 00 00 1C 00 00 40 05
42 8F EA C3 6E 97 9E C7 ......@.B...n...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 672: 90 F0 FD 0F 19 29 66 95
73 64 74 86 0E 4C CD 00 .....)f.sdt..L..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 688: 3A 80 30 43 AB 8C 18 14
1D 94 63 80 BE 7B AB 1E :.0C......c..{..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 704: 46 32 AC 1E E0 99 5B 50
30 F5 33 A0 03 64 DF 98 F2....[P0.3..d..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] 720: FB FA 9E 04 F7 BF DF 5D
6C C7 7D 6E B7 94 13 94 .......]l.}n....<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] authentication of
'hnb@percello.com' (myself) with RSA signature successful<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] sending end entity cert "C=CN,
ST=ln, L=dl, O=pctl, OU=rnd, CN=hnb@percello.com, E=hnb@percello.com"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[IKE] establishing CHILD_SA hnb<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[CFG] proposing traffic selectors for us:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[CFG] dynamic (derived from
dynamic)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[CFG] proposing traffic selectors for
other:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[CFG] 10.1.0.0/32 (derived from
10.1.0.0/32)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[ENC] generating IKE_AUTH request 1 [ IDi
CERT CERTREQ IDr AUTH CP(ADDR) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) ]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>11[NET] sending packet: from
10.2.0.10[4500] to 192.168.0.61[4500]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[NET] received packet: from
192.168.0.61[4500] to 10.2.0.10[4500]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[ENC] parsed IKE_AUTH response 1 [ IDr
CERT AUTH CP(ADDR) SA TSi TSr ]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] received end entity cert
"C=CN, ST=ln, L=dl, O=pctl, OU=rnd, CN=secgw@percello.com,
E=secgw@percello.com"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] IDx' => 22 bytes @ 0xb12f7020<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 0: 03 00 00 00 73
65 63 67 77 40 70 65 72 63 65 6C ....secgw@percel<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 16: 6C 6F 2E 63 6F
6D
lo.com<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] SK_p => 20 bytes @ 0x9037630<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 0: 05 E2 47 31 7F
E1 CC 73 22 C5 00 08 C1 DB 12 F2 ..G1...s".......<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 16: A4 FF 1A
EC
....<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] octets = message + nonce +
prf(Sk_px, IDx') => 517 bytes @ 0x90359d8<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 0: D8 C6 CA 02 42
5C 08 54 F3 CD 94 43 82 5A 81 21 ....B\.T...C.Z.!<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 16: 21 20 22 20 00 00
00 00 00 00 01 D1 22 00 00 30 ! " ........"..0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 32: 00 00 00 2C 01 01
00 04 03 00 00 0C 01 00 00 0C ...,............<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 48: 80 0E 00 80 03 00
00 08 03 00 00 02 03 00 00 08 ................<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 64: 02 00 00 02 00 00
00 08 04 00 00 0E 28 00 01 08 ............(...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 80: 00 0E 00 00 86 02
37 3B 4B 41 0D CC 67 78 E7 83 ......7;KA..gx..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 96: 9C 36 DA C8 78 F1
5A AE 8C AB 3D 9E F0 B3 EC 29 .6..x.Z...=....)<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 112: CE 24 1A 37 E4 94 E3 D6
C9 C1 FD 3D 35 7E 0A 97 .$.7.......=5~..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 128: CC D4 E4 9E 2D 36 24 E9
CD F7 D9 E6 AB A6 9D 9F ....-6$.........<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 144: 92 DE 40 7A 44 45 1A F6
4C 7E 93 25 7B 7F 13 12 ..@zDE..L~.%{...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 160: 51 6B 9C A3 B4 AF C8 F1
E3 DB AA 7D 85 9F FD 57 Qk.........}...W<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 176: CB D6 61 C7 DB B1 3E 41
34 10 FD 01 BB D9 E6 80 ..a...>A4.......<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 192: DF 01 EB 6A CC 1E 0D CB
1C 1B C0 90 B2 D1 85 F0 ...j............<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 208: 30 E1 6A 76 44 4E 0E 12
C7 C1 13 A5 F2 E6 05 88 0.jvDN..........<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 224: 95 B1 C8 8B A2 6B 8B 81
86 49 D9 72 32 29 59 F2 .....k...I.r2)Y.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 240: 39 F9 E3 56 96 F0 E2 E5
E0 38 A5 7B 35 F0 07 46 9..V.....8.{5..F<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 256: 53 B4 03 13 6E E2 DB 16
71 0C B3 D1 54 59 A5 18 S...n...q...TY..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 272: 12 46 C4 36 67 8E 4B 27
28 4B 7A 7E 1D 8A 76 9F .F.6g.K'(Kz~..v.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 288: 77 99 D9 08 5F 36 21 F9
AD 40 9C A1 8A FA 48 C3 w..._6!..@....H.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 304: 59 C1 DD 97 D2 2B B9 B3
E5 C2 27 63 A6 C5 60 E9 Y....+....'c..`.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 320: A7 35 98 73 74 3A B6 08
A7 D5 30 4B D2 D9 51 79 .5.st:....0K..Qy<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 336: 0D C8 44 68 29 00 00 24
0E 4C CD 00 3A 80 30 43 ..Dh)..$.L..:.0C<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 352: AB 8C 18 14 1D 94 63 80
BE 7B AB 1E 46 32 AC 1E ......c..{..F2..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 368: E0 99 5B 50 30 F5 33 A0
29 00 00 1C 00 00 40 04 ..[P0.3.).....@.<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 384: 5C 40 16 87 54 E8 24 F9
4F 5E 10 82 47 55 DB 7B \@..T.$.O^..GU.{<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 400: A4 96 0D 85 26 00 00 1C
00 00 40 05 06 50 CA 1E ....&.....@..P..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 416: E7 17 86 3B 6A EA 04 D9
92 B2 E2 29 77 E2 7F B3 ...;j......)w...<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 432: 29 00 00 19 04 FB A2 A3
7E 22 4E C1 04 83 AA C5 ).......~"N.....<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 448: 97 E0 CF 88 94 03 BB D8
C4 00 00 00 08 00 00 40 ...............@<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 464: 14 46 09 20 75 9A CD 67
8E AA 25 13 85 86 B9 1B .F. u..g..%.....<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 480: 9F 2F 73 FF 18 B8 88 41
30 A0 19 79 3B 22 FB 87 ./s....A0..y;"..<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 496: B7 33 0B 57 16 E9 F9 EB
BD 4F 16 7C 25 F6 3E 2F .3.W.....O.|%.>/<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] 512: D1 5A 47 2C
60
.ZG,`<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] using certificate
"C=CN, ST=ln, L=dl, O=pctl, OU=rnd, CN=secgw@percello.com,
E=secgw@percello.com"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] using trusted ca
certificate "C=CN, ST=ln, L=dl, O=pctl, OU=rnd, CN=ipsec,
E=ca@percello.com"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] reached self-signed
root ca with a path length of 0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] authentication of
'secgw@percello.com' with RSA signature successful<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] IKE_SA hnb[1] established between
10.2.0.10[hnb@percello.com]...192.168.0.61[secgw@percello.com]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] IKE_SA hnb[1] state change:
CONNECTING => ESTABLISHED<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] scheduling reauthentication in
3174s<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] maximum IKE_SA lifetime 3474s<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] processing INTERNAL_IP4_ADDRESS
attribute<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] installing new virtual IP
10.1.0.120<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] selecting proposal:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] proposal matches<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] received proposals:
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] configured proposals: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ,
ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/3DES_CBC/BLOWFISH_CBC_256/HMAC_SHA1_96/AES_XCBC_96/HMAC_MD5_96/NO_EXT_SEQ<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] selected proposal:
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] selecting traffic selectors for us:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] config: 10.1.0.120/32,
received: 0.0.0.0/0 => match: 10.1.0.120/32<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] selecting traffic selectors for
other:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[CFG] config: 10.1.0.0/32,
received: 10.1.0.0/32 => match: 10.1.0.0/32<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] CHILD_SA hnb{1} established with
SPIs cd15012c_i c9f2481c_o and TS 10.1.0.120/32 === 10.1.0.0/32 <o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] activating new tasks<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>13[IKE] nothing to initiate<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>4)Here is Alice’s ipsec statusall<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Status of IKEv2 charon daemon (strongSwan
4.5.0):<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> uptime: 2 minutes, since Jan 20
14:58:04 2011<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> malloc: sbrk 135168, mmap 0, used
86688, free 48480<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> worker threads: 8 idle of 16, job
queue load: 0, scheduled events: 3<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> loaded plugins: aes des sha1 sha2
md5 pem fips-prf pkcs1 pkcs11 gmp random pubkey x509 hmac xcbc stroke
socket-default attr kernel-netlink kernel-pfkey farp updown<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Listening IP addresses:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US> 10.2.0.10<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Connections:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
hnb: %any...192.168.0.61<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
hnb: local: [hnb@percello.com] uses public key authentication<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
hnb: cert: "C=CN, ST=ln, L=dl, O=pctl, OU=rnd,
CN=hnb@percello.com, E=hnb@percello.com"<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
hnb: remote: [secgw@percello.com] uses any authentication<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
hnb: child: dynamic === 10.1.0.0/32<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>Security Associations:<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
hnb[1]: ESTABLISHED 2 minutes ago,
10.2.0.10[hnb@percello.com]...192.168.0.61[secgw@percello.com]<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
hnb[1]: IKE SPIs: 54085c4202cac6d8_i* 21815a824394cdf3_r, public key
reauthentication in 50 minutes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
hnb[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
hnb{1}: INSTALLED, TUNNEL, ESP in UDP SPIs: cd15012c_i c9f2481c_o<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
hnb{1}: AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 19
minutes<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>
hnb{1}: 10.1.0.120/32 === 10.1.0.0/32<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>5) Here is Alice’s ip route list<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>10.2.0.0/16 dev eth0 proto kernel
scope link src 10.2.0.10<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>10.1.0.0/16 via 10.2.0.1 dev eth0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>169.254.0.0/16 dev eth0 scope
link metric 1000<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US>default via 10.2.0.1 dev eth0<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US>According to the 5), it seems that the
subnet 10.1.0.0 is not route to 192.168.0.61(the gateway sun’s IP). Why?<o:p></o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
<p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p>
</div>
</body>
</html>