<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px"><div id="yiv8396747130"><div id="yui_3_16_0_ym19_1_1484552142911_32136"><div style="color:#000;background-color:#fff;font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px;" id="yui_3_16_0_ym19_1_1484552142911_32135"><div id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224"><span></span></div><div dir="ltr" id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224">Andreas,</div><div dir="ltr" id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224"><br></div><div dir="ltr" id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224">I finally got the policy manager installed. However, I am not seeing the device when I form the connection and the android device disconnects. </div><div dir="ltr" id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224"><br></div><div dir="ltr" id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224">Any ideas on what could be wrong?</div><div dir="ltr" id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224"><br></div><div dir="ltr" id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224">This is what the stats page in the policy manager looks like - <a href="https://i.imgur.com/9M0sMa8.jpg">https://i.imgur.com/9M0sMa8.jpg</a></div><div dir="ltr" id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224"><br></div><div dir="ltr" id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224">Also the add groups button does not work and there are no entries under the policies and enforcement's? Hard to say if everything is working correctly.</div><div dir="ltr" id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224"><br></div><div dir="ltr" id="yiv8396747130yui_3_16_0_ym19_1_1484552142911_10224"><br></div> <div class="yiv8396747130qtdSeparateBR" id="yui_3_16_0_ym19_1_1484552142911_32134"><div id="yui_3_16_0_ym19_1_1484552142911_32323">00[DMN] Starting IKE charon daemon (strongSwan 5.5.1, Linux 4.8.0-22-generic, x86_64)</div><div id="yui_3_16_0_ym19_1_1484552142911_32324">00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'</div><div id="yui_3_16_0_ym19_1_1484552142911_32325">00[CFG] loaded ca certificate "C=US, ST=MD, L=TNC, O=TNC, OU=TNC, CN=192.168.1.5" from '/etc/ipsec.d/cacerts/rootCA.crt'</div><div id="yui_3_16_0_ym19_1_1484552142911_32326">00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'</div><div id="yui_3_16_0_ym19_1_1484552142911_32327">00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'</div><div id="yui_3_16_0_ym19_1_1484552142911_32328">00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'</div><div id="yui_3_16_0_ym19_1_1484552142911_32329">00[CFG] loading crls from '/etc/ipsec.d/crls'</div><div id="yui_3_16_0_ym19_1_1484552142911_32330">00[CFG] loading secrets from '/etc/ipsec.secrets'</div><div id="yui_3_16_0_ym19_1_1484552142911_32331">00[CFG] loaded RSA private key from '/etc/ipsec.d/private/tnc2.key'</div><div id="yui_3_16_0_ym19_1_1484552142911_32332">00[CFG] loaded EAP secret for carol@strongswan.org</div><div id="yui_3_16_0_ym19_1_1484552142911_32333">00[TNC] TNC recommendation policy is 'default'</div><div id="yui_3_16_0_ym19_1_1484552142911_32334">00[TNC] loading IMVs from '/etc/tnc_config'</div><div id="yui_3_16_0_ym19_1_1484552142911_32335">00[LIB] libimcv initialized</div><div id="yui_3_16_0_ym19_1_1484552142911_32336">00[IMV] IMV 1 "Attestation" initialized</div><div id="yui_3_16_0_ym19_1_1484552142911_32337">00[PTS] no PTS cacerts directory defined</div><div id="yui_3_16_0_ym19_1_1484552142911_32338">00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so'</div><div id="yui_3_16_0_ym19_1_1484552142911_32339">00[IMV] IMV 2 "Scanner" initialized</div><div id="yui_3_16_0_ym19_1_1484552142911_32340">00[TNC] IMV 2 "Scanner" loaded from '/usr/lib/ipsec/imcvs/imv-scanner.so'</div><div id="yui_3_16_0_ym19_1_1484552142911_32341">00[LIB] loaded plugins: charon des rc2 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl xcbc cmac hmac curl sqlite attr kernel-netlink resolve socket-default stroke vici updown eap-identity eap-md5 eap-mschapv2 eap-dynamic eap-ttls eap-tnc xauth-generic tnc-imv tnc-tnccs tnccs-20</div><div id="yui_3_16_0_ym19_1_1484552142911_32342">00[JOB] spawning 16 worker threads</div><div id="yui_3_16_0_ym19_1_1484552142911_32343">16[CFG] received stroke: add connection 'rw-allow'</div><div id="yui_3_16_0_ym19_1_1484552142911_32344">16[CFG] adding virtual IP address pool 192.168.3.55</div><div id="yui_3_16_0_ym19_1_1484552142911_32345">16[CFG] loaded certificate "C=US, ST=MD, L=TNC, O=TNC, OU=TNC, CN=192.168.1.5" from 'tncserver.crt'</div><div id="yui_3_16_0_ym19_1_1484552142911_32346">16[CFG] id '192.168.1.5' not confirmed by certificate, defaulting to 'C=US, ST=MD, L=TNC, O=TNC, OU=TNC, CN=192.168.1.5'</div><div id="yui_3_16_0_ym19_1_1484552142911_32347">16[CFG] added configuration 'rw-allow'</div><div id="yui_3_16_0_ym19_1_1484552142911_32348">06[CFG] received stroke: add connection 'rw-isolate'</div><div id="yui_3_16_0_ym19_1_1484552142911_32349">06[CFG] adding virtual IP address pool 192.168.4.0/24</div><div id="yui_3_16_0_ym19_1_1484552142911_32350">06[CFG] loaded certificate "C=US, ST=MD, L=TNC, O=TNC, OU=TNC, CN=192.168.1.5" from 'tncserver.crt'</div><div id="yui_3_16_0_ym19_1_1484552142911_32351">06[CFG] id '192.168.1.5' not confirmed by certificate, defaulting to 'C=US, ST=MD, L=TNC, O=TNC, OU=TNC, CN=192.168.1.5'</div><div id="yui_3_16_0_ym19_1_1484552142911_32352">06[CFG] added configuration 'rw-isolate'</div><div id="yui_3_16_0_ym19_1_1484552142911_32353">07[NET] received packet: from 192.168.1.11[51631] to 192.168.1.5[500] (732 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32354">07[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32355">07[IKE] 192.168.1.11 is initiating an IKE_SA</div><div id="yui_3_16_0_ym19_1_1484552142911_32356">07[IKE] remote host is behind NAT</div><div id="yui_3_16_0_ym19_1_1484552142911_32357">07[IKE] DH group ECP_256 inacceptable, requesting MODP_3072</div><div id="yui_3_16_0_ym19_1_1484552142911_32358">07[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32359">07[NET] sending packet: from 192.168.1.5[500] to 192.168.1.11[51631] (38 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32360">05[NET] received packet: from 192.168.1.11[51631] to 192.168.1.5[500] (1052 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32361">05[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32362">05[IKE] 192.168.1.11 is initiating an IKE_SA</div><div id="yui_3_16_0_ym19_1_1484552142911_32363">05[IKE] remote host is behind NAT</div><div id="yui_3_16_0_ym19_1_1484552142911_32364">05[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32365">05[NET] sending packet: from 192.168.1.5[500] to 192.168.1.11[51631] (592 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32366">16[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (544 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32367">16[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32368">16[IKE] received cert request for "C=US, ST=MD, L=TNC, O=TNC, OU=TNC, CN=192.168.1.5"</div><div id="yui_3_16_0_ym19_1_1484552142911_32369">16[CFG] looking for peer configs matching 192.168.1.5[%any]...192.168.1.11[carol@strongswan.org]</div><div id="yui_3_16_0_ym19_1_1484552142911_32370">16[CFG] selected peer config 'rw-allow'</div><div id="yui_3_16_0_ym19_1_1484552142911_32371">16[IKE] initiating EAP_TTLS method (id 0x4F)</div><div id="yui_3_16_0_ym19_1_1484552142911_32372">16[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding</div><div id="yui_3_16_0_ym19_1_1484552142911_32373">16[IKE] peer supports MOBIKE</div><div id="yui_3_16_0_ym19_1_1484552142911_32374">16[ENC] generating IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32375">16[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (176 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32376">12[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (240 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32377">12[ENC] parsed IKE_AUTH request 2 [ EAP/RES/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32378">12[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</div><div id="yui_3_16_0_ym19_1_1484552142911_32379">12[TLS] sending TLS server certificate 'C=US, ST=MD, L=TNC, O=TNC, OU=TNC, CN=192.168.1.5'</div><div id="yui_3_16_0_ym19_1_1484552142911_32380">12[TLS] sending TLS cert request for 'C=US, ST=MD, L=TNC, O=TNC, OU=TNC, CN=192.168.1.5'</div><div id="yui_3_16_0_ym19_1_1484552142911_32381">12[ENC] generating IKE_AUTH response 2 [ EAP/REQ/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32382">12[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (1104 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32383">06[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (80 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32384">06[ENC] parsed IKE_AUTH request 3 [ EAP/RES/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32385">06[ENC] generating IKE_AUTH response 3 [ EAP/REQ/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32386">06[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (432 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32387">09[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (240 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32388">09[ENC] parsed IKE_AUTH request 4 [ EAP/RES/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32389">09[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/ID]</div><div id="yui_3_16_0_ym19_1_1484552142911_32390">09[ENC] generating IKE_AUTH response 4 [ EAP/REQ/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32391">09[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (224 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32392">12[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (176 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32393">12[ENC] parsed IKE_AUTH request 5 [ EAP/RES/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32394">12[IKE] received tunneled EAP-TTLS AVP [EAP/RES/ID]</div><div id="yui_3_16_0_ym19_1_1484552142911_32395">12[IKE] received EAP identity 'carol@strongswan.org'</div><div id="yui_3_16_0_ym19_1_1484552142911_32396">12[IKE] phase2 method EAP_MD5 selected</div><div id="yui_3_16_0_ym19_1_1484552142911_32397">12[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/MD5]</div><div id="yui_3_16_0_ym19_1_1484552142911_32398">12[ENC] generating IKE_AUTH response 5 [ EAP/REQ/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32399">12[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (176 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32400">16[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (176 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32401">16[ENC] parsed IKE_AUTH request 6 [ EAP/RES/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32402">16[IKE] received tunneled EAP-TTLS AVP [EAP/RES/MD5]</div><div id="yui_3_16_0_ym19_1_1484552142911_32403">16[IKE] EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_MD5 successful</div><div id="yui_3_16_0_ym19_1_1484552142911_32404">16[IKE] phase2 method EAP_PT_EAP selected</div><div id="yui_3_16_0_ym19_1_1484552142911_32405">16[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]</div><div id="yui_3_16_0_ym19_1_1484552142911_32406">16[ENC] generating IKE_AUTH response 6 [ EAP/REQ/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32407">16[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (160 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32408">11[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (320 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32409">11[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32410">11[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]</div><div id="yui_3_16_0_ym19_1_1484552142911_32411">11[TNC] assigned TNCCS Connection ID 1</div><div id="yui_3_16_0_ym19_1_1484552142911_32412">11[TNC] received TNCCS batch (163 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32413">11[TNC] processing PB-TNC CDATA batch for Connection ID 1</div><div id="yui_3_16_0_ym19_1_1484552142911_32414">11[TNC] processing PA-TNC message with ID 0xdf457588</div><div id="yui_3_16_0_ym19_1_1484552142911_32415">11[IMV] operating system name is 'Android' from vendor Google</div><div id="yui_3_16_0_ym19_1_1484552142911_32416">11[IMV] operating system version is '6.0.1'</div><div id="yui_3_16_0_ym19_1_1484552142911_32417">11[IMV] device ID is 89f393cd96b7d8d1</div><div id="yui_3_16_0_ym19_1_1484552142911_32418">11[IMV] policy: imv_policy_manager start successful</div><div id="yui_3_16_0_ym19_1_1484552142911_32419">11[TNC] creating PA-TNC message with ID 0x58b417d9</div><div id="yui_3_16_0_ym19_1_1484552142911_32420">11[TNC] creating PA-TNC message with ID 0xec8c6991</div><div id="yui_3_16_0_ym19_1_1484552142911_32421">11[TNC] sending PB-TNC SDATA batch (144 bytes) for Connection ID 1</div><div id="yui_3_16_0_ym19_1_1484552142911_32422">11[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]</div><div id="yui_3_16_0_ym19_1_1484552142911_32423">11[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32424">11[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (304 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32425">07[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (256 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32426">07[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32427">07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]</div><div id="yui_3_16_0_ym19_1_1484552142911_32428">07[TNC] received TNCCS batch (92 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32429">07[TNC] processing PB-TNC CDATA batch for Connection ID 1</div><div id="yui_3_16_0_ym19_1_1484552142911_32430">07[TNC] processing PA-TNC message with ID 0x1bd50ae6</div><div id="yui_3_16_0_ym19_1_1484552142911_32431">07[TNC] creating PA-TNC message with ID 0x8aa751ea</div><div id="yui_3_16_0_ym19_1_1484552142911_32432">07[TNC] sending PB-TNC SDATA batch (56 bytes) for Connection ID 1</div><div id="yui_3_16_0_ym19_1_1484552142911_32433">07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]</div><div id="yui_3_16_0_ym19_1_1484552142911_32434">07[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32435">07[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (208 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32436">07[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (160 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32437">07[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32438">07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]</div><div id="yui_3_16_0_ym19_1_1484552142911_32439">07[TNC] received TNCCS batch (8 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32440">07[TNC] processing PB-TNC CDATA batch for Connection ID 1</div><div id="yui_3_16_0_ym19_1_1484552142911_32441">07[IMV] policy: recommendation for access requestor 192.168.1.11 is allow</div><div id="yui_3_16_0_ym19_1_1484552142911_32442">07[IMV] policy: imv_policy_manager stop successful</div><div id="yui_3_16_0_ym19_1_1484552142911_32443">07[TNC] sending PB-TNC RESULT batch (40 bytes) for Connection ID 1</div><div id="yui_3_16_0_ym19_1_1484552142911_32444">07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]</div><div id="yui_3_16_0_ym19_1_1484552142911_32445">07[ENC] generating IKE_AUTH response 9 [ EAP/REQ/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32446">07[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (192 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32447">08[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (160 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32448">08[ENC] parsed IKE_AUTH request 10 [ EAP/RES/TTLS ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32449">08[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]</div><div id="yui_3_16_0_ym19_1_1484552142911_32450">08[TNC] received TNCCS batch (8 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32451">08[TNC] processing PB-TNC CLOSE batch for Connection ID 1</div><div id="yui_3_16_0_ym19_1_1484552142911_32452">08[TNC] final recommendation is 'allow' and evaluation is 'don't know'</div><div id="yui_3_16_0_ym19_1_1484552142911_32453">08[TNC] policy enforced on peer 'carol@strongswan.org' is 'allow'</div><div id="yui_3_16_0_ym19_1_1484552142911_32454">08[TNC] policy enforcement point added group membership 'allow'</div><div id="yui_3_16_0_ym19_1_1484552142911_32455">08[IKE] EAP_TTLS phase2 authentication of 'carol@strongswan.org' with EAP_PT_EAP successful</div><div id="yui_3_16_0_ym19_1_1484552142911_32456">08[TNC] removed TNCCS Connection ID 1</div><div id="yui_3_16_0_ym19_1_1484552142911_32457">08[IKE] EAP method EAP_TTLS succeeded, MSK established</div><div id="yui_3_16_0_ym19_1_1484552142911_32458">08[ENC] generating IKE_AUTH response 10 [ EAP/SUCC ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32459">08[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (80 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32460">08[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (112 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32461">08[ENC] parsed IKE_AUTH request 11 [ AUTH ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32462">08[IKE] authentication of 'carol@strongswan.org' with EAP successful</div><div id="yui_3_16_0_ym19_1_1484552142911_32463">08[IKE] authentication of 'C=US, ST=MD, L=TNC, O=TNC, OU=TNC, CN=192.168.1.5' (myself) with EAP</div><div id="yui_3_16_0_ym19_1_1484552142911_32464">08[IKE] IKE_SA rw-allow[2] established between 192.168.1.5[C=US, ST=MD, L=TNC, O=TNC, OU=TNC, CN=192.168.1.5]...192.168.1.11[carol@strongswan.org]</div><div id="yui_3_16_0_ym19_1_1484552142911_32465">08[IKE] scheduling reauthentication in 9896s</div><div id="yui_3_16_0_ym19_1_1484552142911_32466">08[IKE] maximum IKE_SA lifetime 10436s</div><div id="yui_3_16_0_ym19_1_1484552142911_32467">08[IKE] peer requested virtual IP %any</div><div id="yui_3_16_0_ym19_1_1484552142911_32468">08[CFG] assigning new lease to 'carol@strongswan.org'</div><div id="yui_3_16_0_ym19_1_1484552142911_32469">08[IKE] assigning virtual IP 192.168.3.55 to peer 'carol@strongswan.org'</div><div id="yui_3_16_0_ym19_1_1484552142911_32470">08[IKE] peer requested virtual IP %any6</div><div id="yui_3_16_0_ym19_1_1484552142911_32471">08[IKE] no virtual IP found for %any6 requested by 'carol@strongswan.org'</div><div id="yui_3_16_0_ym19_1_1484552142911_32472">08[IKE] CHILD_SA rw-allow{1} established with SPIs cfa1ff42_i ccd4b585_o and TS 192.168.10.0/24 === 192.168.3.55/32</div><div id="yui_3_16_0_ym19_1_1484552142911_32473">08[ENC] generating IKE_AUTH response 11 [ AUTH CPRP(ADDR) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32474">08[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (272 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32475">11[NET] received packet: from 192.168.1.11[33660] to 192.168.1.5[4500] (80 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32476">11[ENC] parsed INFORMATIONAL request 12 [ N(AUTH_FAILED) ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32477">11[IKE] received DELETE for IKE_SA rw-allow[2]</div><div id="yui_3_16_0_ym19_1_1484552142911_32478">11[IKE] deleting IKE_SA rw-allow[2] between 192.168.1.5[C=US, ST=MD, L=TNC, O=TNC, OU=TNC, CN=192.168.1.5]...192.168.1.11[carol@strongswan.org]</div><div id="yui_3_16_0_ym19_1_1484552142911_32479">11[IKE] IKE_SA deleted</div><div id="yui_3_16_0_ym19_1_1484552142911_32480">11[ENC] generating INFORMATIONAL response 12 [ ]</div><div id="yui_3_16_0_ym19_1_1484552142911_32481">11[NET] sending packet: from 192.168.1.5[4500] to 192.168.1.11[33660] (80 bytes)</div><div id="yui_3_16_0_ym19_1_1484552142911_32482">11[CFG] lease 192.168.3.55 by 'carol@strongswan.org' went offline</div><div dir="ltr" id="yui_3_16_0_ym19_1_1484552142911_32483"><br id="yui_3_16_0_ym19_1_1484552142911_32484"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1484552142911_32483"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1484552142911_32483">Thanks,</div><div dir="ltr" id="yui_3_16_0_ym19_1_1484552142911_32483"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1484552142911_32483">Mark</div><div dir="ltr" id="yui_3_16_0_ym19_1_1484552142911_32483"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1484552142911_32483"><br></div><br clear="none"></div><div class="yiv8396747130yqt0899882101" id="yiv8396747130yqt49188"></div></div></div></div><div class=".yiv8396747130yahoo_quoted"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12px;"> <div style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px;"> <div dir="ltr"><font size="2" face="Arial"> On Saturday, January 14, 2017 7:49 PM, Andreas Steffen <andreas.steffen@strongswan.org> wrote:<br clear="none"></font></div> <br clear="none"><br clear="none"> <div class="yiv8396747130y_msg_container">Hi Mark,<br clear="none"><br clear="none">the strongTNC guide tells you how to create the config.db database:<br clear="none"><br clear="none"><a rel="nofollow" shape="rect" target="_blank" href="https://wiki.strongswan.org/projects/strongswan/wiki/StrongTnc#Initialize-PTS-Database">https://wiki.strongswan.org/projects/strongswan/wiki/StrongTnc#Initialize-PTS-Database</a><br clear="none"><br clear="none">Andreas<br clear="none"><br clear="none">On 15.01.2017 04:15, Mark M wrote:<br clear="none">> Andreas,<br clear="none">><br clear="none">> The guides that I follow do not create the /etc/pts/config.db database?<br clear="none">><br clear="none">> Thanks,<br clear="none">><br clear="none">> Mark<br clear="none">><br clear="none">><br clear="none">> On Thursday, January 12, 2017 2:26 PM, Mark M <<a rel="nofollow" shape="rect" ymailto="mailto:mark076h@yahoo.com" target="_blank" href="mailto:mark076h@yahoo.com">mark076h@yahoo.com</a>> wrote:<br clear="none">><br clear="none">><br clear="none">> Andreas,<br clear="none">><br clear="none">> Thank you for the info,<br clear="none">><br clear="none">> Now when I follow the guide to install the policy manager I only get the<br clear="none">> default apache page.<br clear="none">><br clear="none">> I am following this guide -<br clear="none">> <a rel="nofollow" shape="rect" target="_blank" href="https://wiki.strongswan.org/projects/strongswan/wiki/StrongTNC">https://wiki.strongswan.org/projects/strongswan/wiki/StrongTNC</a><br clear="none">><br clear="none">> Thanks,<br clear="none">><br clear="none">> Mark<br clear="none">><br clear="none">><br clear="none">> On Thursday, January 12, 2017 6:09 AM, Andreas Steffen<br clear="none">> <<a rel="nofollow" shape="rect" ymailto="mailto:andreas.steffen@strongswan.org" target="_blank" href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>> wrote:<br clear="none">><br clear="none">><br clear="none">> Hi Mark,<br clear="none">><br clear="none">> you can find a [little-outdated] TNC server configuration HOWTO<br clear="none">> under the following link:<br clear="none">><br clear="none">> <a rel="nofollow" shape="rect" target="_blank" href="https://wiki.strongswan.org/projects/strongswan/wiki/TNCS">https://wiki.strongswan.org/projects/strongswan/wiki/TNCS</a><br clear="none">><br clear="none">> In the meantime the TNC measurement policies are not hard-coded<br clear="none">> any more in /etc/strongswan.conf but can be configured via the<br clear="none">> strongTNC policy manager available from the strongSwan gitHub<br clear="none">> repository<br clear="none">><br clear="none">> <a rel="nofollow" shape="rect" target="_blank" href="https://wiki.strongswan.org/projects/strongswan/wiki/StrongTnc">https://wiki.strongswan.org/projects/strongswan/wiki/StrongTnc</a><br clear="none">><br clear="none">> The IMVs on the strongTNC server must now connect to the strongTNC<br clear="none">> /etc/pts/config.db database. A sample configuration can be found here<br clear="none">><br clear="none">><br clear="none">> <a rel="nofollow" shape="rect" target="_blank" href="https://wiki.strongswan.org/projects/strongswan/wiki/IMA#Set-up-the-Attestation-Server">https://wiki.strongswan.org/projects/strongswan/wiki/IMA#Set-up-the-Attestation-Server</a><br clear="none">><br clear="none">> Hope this helps!<br clear="none">><br clear="none">> Andreas<br clear="none">><br clear="none">> On 11.01.2017 10:43, Mark M wrote:<br clear="none">> > Hi,<br clear="none">> ><br clear="none">> > I would like to setup a basic demo of the android client using TNC<br clear="none">> > connecting to a strongSwan server as show in in this guide -<br clear="none">> > <a rel="nofollow" shape="rect" target="_blank" href="https://wiki.strongswan.org/projects/strongswan/wiki/BYOD">https://wiki.strongswan.org/projects/strongswan/wiki/BYOD</a><br clear="none">> ><br clear="none">> > Is there a guide I can follow for a basic strongSwan server setup to<br clear="none">> > test out TNC with the android client? And is there anything special that<br clear="none">> > needs to be configured on the android client or does the android client<br clear="none">> > support TNC by default?<br clear="none">> ><br clear="none">> > Thanks,<br clear="none">> ><br clear="none">> > Mark<br clear="none">><br clear="none">><br clear="none">> ======================================================================<br clear="none">> Andreas Steffen <a rel="nofollow" shape="rect" ymailto="mailto:andreas.steffen@strongswan.org" target="_blank" href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br clear="none">> <mailto:<a rel="nofollow" shape="rect" ymailto="mailto:andreas.steffen@strongswan.org" target="_blank" href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a>><br clear="none">> strongSwan - the Open Source VPN Solution! www.strongswan.org<br clear="none">> Institute for Internet Technologies and Applications<br clear="none">> University of Applied Sciences Rapperswil<br clear="none">> CH-8640 Rapperswil (Switzerland)<br clear="none">> ===========================================================[ITA-HSR]==<div class="yiv8396747130yqt3044544568" id="yiv8396747130yqtfd86967"><br clear="none">><br clear="none">><br clear="none">><br clear="none">><br clear="none">><br clear="none"><br clear="none">-- <br clear="none">======================================================================<br clear="none">Andreas Steffen <a rel="nofollow" shape="rect" ymailto="mailto:andreas.steffen@strongswan.org" target="_blank" href="mailto:andreas.steffen@strongswan.org">andreas.steffen@strongswan.org</a><br clear="none">strongSwan - the Open Source VPN Solution! www.strongswan.org<br clear="none">Institute for Internet Technologies and Applications<br clear="none">University of Applied Sciences Rapperswil<br clear="none">CH-8640 Rapperswil (Switzerland)<br clear="none">===========================================================[ITA-HSR]==<br clear="none"></div><br clear="none"><br clear="none"></div> </div> </div> </div></div></body></html>