[strongSwan] strongSwan + Windows 7 + IKEv2 + MSCHAPv2 (Username and password)
Kerschbaum, Sven
sven.kerschbaum at siemens.com
Fri May 7 16:14:54 CEST 2010
Unfortunately, I did not know about these Win 7 cert requirements. It helped me a lot! Thanks!
Now the authentication process almost finihes but at the end I get a strange kind of error by strongSwan:
09[IKE] peer requested virtual IP %any
09[CFG] assigning new lease to '192.168.10.12'
09[IKE] assigning virtual IP 10.10.3.1 to peer
09[IKE] allocating SPI failed
09[ENC] generating IKE_AUTH response 5 [ AUTH CP N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(NO_PROP) ]
09[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500]
Why does the allocation of the SPI fail? With the same machines (Win 7 and openSuse 10.2 + strongSwan 4.3.2) I was able to authenticate a user by MSCHAPv2 using machine certificates (no username and no password required). And, as far as I know, there have been SPIs successfully allocated. Can this be a configuration issue, too? I have no clue about this error...
For completeness here´s my complete strongSwan log:
01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.2)
01[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
01[LIB] userx encoded => 101 bytes @ 0x809016f
01[LIB] 0: 30 63 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 0c1.0...U....Sie
01[LIB] 16: 6D 65 6E 73 31 0C 30 0A 06 03 55 04 0B 13 03 41 mens1.0...U....A
01[LIB] 32: 54 53 31 12 30 10 06 03 55 04 07 13 09 4E 75 72 TS1.0...U....Nur
01[LIB] 48: 65 6D 62 65 72 67 31 10 30 0E 06 03 55 04 08 13 emberg1.0...U...
01[LIB] 64: 07 42 61 76 61 72 69 61 31 0B 30 09 06 03 55 04 .Bavaria1.0...U.
01[LIB] 80: 06 13 02 44 45 31 0E 30 0C 06 03 55 04 03 13 05 ...DE1.0...U....
01[LIB] 96: 69 6B 65 63 61 ikeca
01[LIB] userx encoded => 101 bytes @ 0x80901f4
01[LIB] 0: 30 63 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 0c1.0...U....Sie
01[LIB] 16: 6D 65 6E 73 31 0C 30 0A 06 03 55 04 0B 13 03 41 mens1.0...U....A
01[LIB] 32: 54 53 31 12 30 10 06 03 55 04 07 13 09 4E 75 72 TS1.0...U....Nur
01[LIB] 48: 65 6D 62 65 72 67 31 10 30 0E 06 03 55 04 08 13 emberg1.0...U...
01[LIB] 64: 07 42 61 76 61 72 69 61 31 0B 30 09 06 03 55 04 .Bavaria1.0...U.
01[LIB] 80: 06 13 02 44 45 31 0E 30 0C 06 03 55 04 03 13 05 ...DE1.0...U....
01[LIB] 96: 69 6B 65 63 61 ikeca
01[LIB] hash input userx => 140 bytes @ 0x8090b78
01[LIB] 0: 30 81 89 02 81 81 00 9C 2F 95 20 6B 1B 11 0D 7A 0......./. k...z
01[LIB] 16: 1D C3 E4 A8 2D CE D5 6D E3 07 8B E8 5C 5D 1A 07 ....-..m....\]..
01[LIB] 32: A1 D2 3C EA B1 5F AE 4C 98 F4 C9 5E E5 DF 25 A7 ..<.._.L...^..%.
01[LIB] 48: 99 2B C8 05 7C 04 F6 ED B0 C2 FA 25 84 EB B7 30 .+..|......%...0
01[LIB] 64: 1E 0A AC 47 C9 A2 B3 84 45 05 FE 17 EA 04 08 E8 ...G....E.......
01[LIB] 80: 02 7F 6F 9B 4F 37 AC B9 65 E8 65 D7 23 99 E1 92 ..o.O7..e.e.#...
01[LIB] 96: 3D 0C D6 5B 9D A1 B1 9B 50 D3 0E 96 F7 E1 47 9F =..[....P.....G.
01[LIB] 112: C6 30 23 C8 F8 85 0E 04 DF AB 83 B4 A4 52 C1 0B .0#..........R..
01[LIB] 128: 8F 35 38 51 0B 2D 75 02 03 01 00 01 .58Q.-u.....
01[LIB] hash output userx => 20 bytes @ 0x8090c08
01[LIB] 0: 55 CD D8 E4 3C C4 BE 01 12 25 09 ED AB 68 1A AC U...<....%...h..
01[LIB] 16: 1E B0 C0 A1 ....
01[LIB] userx encoded => 20 bytes @ 0x8090c08
01[LIB] 0: 55 CD D8 E4 3C C4 BE 01 12 25 09 ED AB 68 1A AC U...<....%...h..
01[LIB] 16: 1E B0 C0 A1 ....
01[LIB] hash input userx => 162 bytes @ 0x8090d70
01[LIB] 0: 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 0..0...*.H......
01[LIB] 16: 05 00 03 81 8D 00 30 81 89 02 81 81 00 9C 2F 95 ......0......./.
01[LIB] 32: 20 6B 1B 11 0D 7A 1D C3 E4 A8 2D CE D5 6D E3 07 k...z....-..m..
01[LIB] 48: 8B E8 5C 5D 1A 07 A1 D2 3C EA B1 5F AE 4C 98 F4 ..\]....<.._.L..
01[LIB] 64: C9 5E E5 DF 25 A7 99 2B C8 05 7C 04 F6 ED B0 C2 .^..%..+..|.....
01[LIB] 80: FA 25 84 EB B7 30 1E 0A AC 47 C9 A2 B3 84 45 05 .%...0...G....E.
01[LIB] 96: FE 17 EA 04 08 E8 02 7F 6F 9B 4F 37 AC B9 65 E8 ........o.O7..e.
01[LIB] 112: 65 D7 23 99 E1 92 3D 0C D6 5B 9D A1 B1 9B 50 D3 e.#...=..[....P.
01[LIB] 128: 0E 96 F7 E1 47 9F C6 30 23 C8 F8 85 0E 04 DF AB ....G..0#.......
01[LIB] 144: 83 B4 A4 52 C1 0B 8F 35 38 51 0B 2D 75 02 03 01 ...R...58Q.-u...
01[LIB] 160: 00 01 ..
01[LIB] hash output userx => 20 bytes @ 0x8090cd8
01[LIB] 0: 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 45 ......j<.9EWx.AE
01[LIB] 16: 12 B0 33 6F ..3o
01[LIB] userx encoded => 20 bytes @ 0x8090cd8
01[LIB] 0: 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 45 ......j<.9EWx.AE
01[LIB] 16: 12 B0 33 6F ..3o
01[LIB] userx encoded => 20 bytes @ 0x809033e
01[LIB] 0: 55 CD D8 E4 3C C4 BE 01 12 25 09 ED AB 68 1A AC U...<....%...h..
01[LIB] 16: 1E B0 C0 A1 ....
01[LIB] hash input userx => 785 bytes @ 0x8090148
01[LIB] 0: 30 82 03 0D 30 82 02 76 A0 03 02 01 02 02 09 00 0...0..v........
01[LIB] 16: B4 9F 78 3E 3E 76 A5 42 30 0D 06 09 2A 86 48 86 ..x>>v.B0...*.H.
01[LIB] 32: F7 0D 01 01 04 05 00 30 63 31 10 30 0E 06 03 55 .......0c1.0...U
01[LIB] 48: 04 0A 13 07 53 69 65 6D 65 6E 73 31 0C 30 0A 06 ....Siemens1.0..
01[LIB] 64: 03 55 04 0B 13 03 41 54 53 31 12 30 10 06 03 55 .U....ATS1.0...U
01[LIB] 80: 04 07 13 09 4E 75 72 65 6D 62 65 72 67 31 10 30 ....Nuremberg1.0
01[LIB] 96: 0E 06 03 55 04 08 13 07 42 61 76 61 72 69 61 31 ...U....Bavaria1
01[LIB] 112: 0B 30 09 06 03 55 04 06 13 02 44 45 31 0E 30 0C .0...U....DE1.0.
01[LIB] 128: 06 03 55 04 03 13 05 69 6B 65 63 61 30 1E 17 0D ..U....ikeca0...
01[LIB] 144: 30 39 31 32 31 38 31 34 30 32 31 34 5A 17 0D 31 091218140214Z..1
01[LIB] 160: 31 31 32 31 38 31 34 30 32 31 34 5A 30 63 31 10 11218140214Z0c1.
01[LIB] 176: 30 0E 06 03 55 04 0A 13 07 53 69 65 6D 65 6E 73 0...U....Siemens
01[LIB] 192: 31 0C 30 0A 06 03 55 04 0B 13 03 41 54 53 31 12 1.0...U....ATS1.
01[LIB] 208: 30 10 06 03 55 04 07 13 09 4E 75 72 65 6D 62 65 0...U....Nurembe
01[LIB] 224: 72 67 31 10 30 0E 06 03 55 04 08 13 07 42 61 76 rg1.0...U....Bav
01[LIB] 240: 61 72 69 61 31 0B 30 09 06 03 55 04 06 13 02 44 aria1.0...U....D
01[LIB] 256: 45 31 0E 30 0C 06 03 55 04 03 13 05 69 6B 65 63 E1.0...U....ikec
01[LIB] 272: 61 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 a0..0...*.H.....
01[LIB] 288: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 9C 2F .......0......./
01[LIB] 304: 95 20 6B 1B 11 0D 7A 1D C3 E4 A8 2D CE D5 6D E3 . k...z....-..m.
01[LIB] 320: 07 8B E8 5C 5D 1A 07 A1 D2 3C EA B1 5F AE 4C 98 ...\]....<.._.L.
01[LIB] 336: F4 C9 5E E5 DF 25 A7 99 2B C8 05 7C 04 F6 ED B0 ..^..%..+..|....
01[LIB] 352: C2 FA 25 84 EB B7 30 1E 0A AC 47 C9 A2 B3 84 45 ..%...0...G....E
01[LIB] 368: 05 FE 17 EA 04 08 E8 02 7F 6F 9B 4F 37 AC B9 65 .........o.O7..e
01[LIB] 384: E8 65 D7 23 99 E1 92 3D 0C D6 5B 9D A1 B1 9B 50 .e.#...=..[....P
01[LIB] 400: D3 0E 96 F7 E1 47 9F C6 30 23 C8 F8 85 0E 04 DF .....G..0#......
01[LIB] 416: AB 83 B4 A4 52 C1 0B 8F 35 38 51 0B 2D 75 02 03 ....R...58Q.-u..
01[LIB] 432: 01 00 01 A3 81 C8 30 81 C5 30 0C 06 03 55 1D 13 ......0..0...U..
01[LIB] 448: 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 ..0....0...U....
01[LIB] 464: 04 14 55 CD D8 E4 3C C4 BE 01 12 25 09 ED AB 68 ..U...<....%...h
01[LIB] 480: 1A AC 1E B0 C0 A1 30 81 95 06 03 55 1D 23 04 81 ......0....U.#..
01[LIB] 496: 8D 30 81 8A 80 14 55 CD D8 E4 3C C4 BE 01 12 25 .0....U...<....%
01[LIB] 512: 09 ED AB 68 1A AC 1E B0 C0 A1 A1 67 A4 65 30 63 ...h.......g.e0c
01[LIB] 528: 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 6D 65 1.0...U....Sieme
01[LIB] 544: 6E 73 31 0C 30 0A 06 03 55 04 0B 13 03 41 54 53 ns1.0...U....ATS
01[LIB] 560: 31 12 30 10 06 03 55 04 07 13 09 4E 75 72 65 6D 1.0...U....Nurem
01[LIB] 576: 62 65 72 67 31 10 30 0E 06 03 55 04 08 13 07 42 berg1.0...U....B
01[LIB] 592: 61 76 61 72 69 61 31 0B 30 09 06 03 55 04 06 13 avaria1.0...U...
01[LIB] 608: 02 44 45 31 0E 30 0C 06 03 55 04 03 13 05 69 6B .DE1.0...U....ik
01[LIB] 624: 65 63 61 82 09 00 B4 9F 78 3E 3E 76 A5 42 30 0D eca.....x>>v.B0.
01[LIB] 640: 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 ..*.H...........
01[LIB] 656: 00 8A C7 24 FC 4C AE F7 CF FA CF 3B 5D 98 57 B1 ...$.L.....;].W.
01[LIB] 672: 94 81 5B 3C B5 83 FC BC FC 17 9F FE 1F C0 E6 8A ..[<............
01[LIB] 688: C0 CB 2A 8D A5 1F E6 53 9E 77 3C 91 79 1C 02 FB ..*....S.w<.y...
01[LIB] 704: D6 27 D2 DC D7 2E D1 30 48 0C 98 D5 72 C5 26 A2 .'.....0H...r.&.
01[LIB] 720: 0B DA F4 85 5C 12 79 F8 59 67 07 C6 C0 0A C6 34 ....\.y.Yg.....4
01[LIB] 736: 35 4F 6A 01 4F 12 68 57 D5 C6 C2 07 A2 BD 5C 52 5Oj.O.hW......\R
01[LIB] 752: 01 E2 A3 8A CB 31 71 DE 9C 23 F9 A6 EE 49 75 38 .....1q..#...Iu8
01[LIB] 768: 94 2B 75 54 EA FA E2 5D 5C D5 62 9D 91 7D 5F 4C .+uT...]\.b..}_L
01[LIB] 784: 22 "
01[LIB] hash output userx => 20 bytes @ 0x8090130
01[LIB] 0: 1D 63 B8 CD F2 BA 81 4F F1 58 25 B2 1B DF 70 2A .c.....O.X%...p*
01[LIB] 16: 00 95 B5 73 ...s
01[LIB] loaded certificate file '/usr/local/etc/ipsec.d/cacerts/cacert.pem'
01[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
01[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
01[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
01[CFG] loading crls from '/usr/local/etc/ipsec.d/crls'
01[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
01[LIB] hash input userx => 140 bytes @ 0x808e628
01[LIB] 0: 30 81 89 02 81 81 00 AA 3C 16 C2 3D FA 4A FC D7 0.......<..=.J..
01[LIB] 16: 08 17 9C 54 F2 D5 35 71 AB 22 6C F8 90 40 B6 D0 ...T..5q."l.. at ..
01[LIB] 32: EE B0 C3 EF 73 46 DD 9E CA EB DD EE 08 2E 77 66 ....sF........wf
01[LIB] 48: C9 63 99 5A 69 BF 03 E9 B7 C0 5B E2 D5 95 4E DD .c.Zi.....[...N.
01[LIB] 64: 28 F4 50 8B 2B 05 B6 20 85 65 A2 E8 11 98 74 67 (.P.+.. .e....tg
01[LIB] 80: FF 9D C1 38 14 5F 75 72 41 84 54 45 E8 F0 F7 48 ...8._urA.TE...H
01[LIB] 96: 0F EF 25 EB 2F A7 4C 38 20 03 C1 E8 EF F0 75 85 ..%./.L8 .....u.
01[LIB] 112: F8 72 FC B8 19 81 43 63 70 5C 75 AC 5C 3B 7C 44 .r....Ccp\u.\;|D
01[LIB] 128: E6 1A 7E 39 56 2A 23 02 03 01 00 01 ..~9V*#.....
01[LIB] hash output userx => 20 bytes @ 0x8090a50
01[LIB] 0: E5 C7 4A 32 CF 5A A1 C1 D5 83 B5 2D 7F 85 F0 4B ..J2.Z.....-...K
01[LIB] 16: 90 C0 AD 0F ....
01[LIB] userx encoded => 20 bytes @ 0x8090a50
01[LIB] 0: E5 C7 4A 32 CF 5A A1 C1 D5 83 B5 2D 7F 85 F0 4B ..J2.Z.....-...K
01[LIB] 16: 90 C0 AD 0F ....
01[LIB] hash input userx => 162 bytes @ 0x808e518
01[LIB] 0: 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 0..0...*.H......
01[LIB] 16: 05 00 03 81 8D 00 30 81 89 02 81 81 00 AA 3C 16 ......0.......<.
01[LIB] 32: C2 3D FA 4A FC D7 08 17 9C 54 F2 D5 35 71 AB 22 .=.J.....T..5q."
01[LIB] 48: 6C F8 90 40 B6 D0 EE B0 C3 EF 73 46 DD 9E CA EB l.. at ......sF....
01[LIB] 64: DD EE 08 2E 77 66 C9 63 99 5A 69 BF 03 E9 B7 C0 ....wf.c.Zi.....
01[LIB] 80: 5B E2 D5 95 4E DD 28 F4 50 8B 2B 05 B6 20 85 65 [...N.(.P.+.. .e
01[LIB] 96: A2 E8 11 98 74 67 FF 9D C1 38 14 5F 75 72 41 84 ....tg...8._urA.
01[LIB] 112: 54 45 E8 F0 F7 48 0F EF 25 EB 2F A7 4C 38 20 03 TE...H..%./.L8 .
01[LIB] 128: C1 E8 EF F0 75 85 F8 72 FC B8 19 81 43 63 70 5C ....u..r....Ccp\
01[LIB] 144: 75 AC 5C 3B 7C 44 E6 1A 7E 39 56 2A 23 02 03 01 u.\;|D..~9V*#...
01[LIB] 160: 00 01 ..
01[LIB] hash output userx => 20 bytes @ 0x8090a50
01[LIB] 0: 55 7C FE B0 AE 3F 9C 76 39 EB 7D FC 46 09 7C 2D U|...?.v9.}.F.|-
01[LIB] 16: 59 D9 7A 64 Y.zd
01[LIB] userx encoded => 20 bytes @ 0x8090a50
01[LIB] 0: 55 7C FE B0 AE 3F 9C 76 39 EB 7D FC 46 09 7C 2D U|...?.v9.}.F.|-
01[LIB] 16: 59 D9 7A 64 Y.zd
01[CFG] loaded private key file '/usr/local/etc/ipsec.d/private/clientkey.pem'
01[CFG] loaded EAP secret for test
01[DMN] loaded plugins: aes des sha1 sha2 md4 md5 fips-prf random x509 pubkey xcbc hmac gmp stroke eap-identity eap-mschapv2
01[JOB] spawning 16 worker threads
15[CFG] received stroke: add connection 'host-host'
15[CFG] left nor right host is our side, assuming left=local
15[LIB] userx encoded => 101 bytes @ 0x80917c7
15[LIB] 0: 30 63 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 0c1.0...U....Sie
15[LIB] 16: 6D 65 6E 73 31 0C 30 0A 06 03 55 04 0B 13 03 41 mens1.0...U....A
15[LIB] 32: 54 53 31 12 30 10 06 03 55 04 07 13 09 4E 75 72 TS1.0...U....Nur
15[LIB] 48: 65 6D 62 65 72 67 31 10 30 0E 06 03 55 04 08 13 emberg1.0...U...
15[LIB] 64: 07 42 61 76 61 72 69 61 31 0B 30 09 06 03 55 04 .Bavaria1.0...U.
15[LIB] 80: 06 13 02 44 45 31 0E 30 0C 06 03 55 04 03 13 05 ...DE1.0...U....
15[LIB] 96: 69 6B 65 63 61 ikeca
15[LIB] userx encoded => 88 bytes @ 0x809184c
15[LIB] 0: 30 56 31 0B 30 09 06 03 55 04 06 13 02 44 45 31 0V1.0...U....DE1
15[LIB] 16: 10 30 0E 06 03 55 04 08 13 07 42 61 76 61 72 69 .0...U....Bavari
15[LIB] 32: 61 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 6D a1.0...U....Siem
15[LIB] 48: 65 6E 73 31 0F 30 0D 06 03 55 04 0B 13 06 61 6E ens1.0...U....an
15[LIB] 64: 64 65 72 65 31 12 30 10 06 03 55 04 03 13 09 69 dere1.0...U....i
15[LIB] 80: 6B 65 63 6C 69 65 6E 74 keclient
15[LIB] hash input userx => 140 bytes @ 0x8092870
15[LIB] 0: 30 81 89 02 81 81 00 AA 3C 16 C2 3D FA 4A FC D7 0.......<..=.J..
15[LIB] 16: 08 17 9C 54 F2 D5 35 71 AB 22 6C F8 90 40 B6 D0 ...T..5q."l.. at ..
15[LIB] 32: EE B0 C3 EF 73 46 DD 9E CA EB DD EE 08 2E 77 66 ....sF........wf
15[LIB] 48: C9 63 99 5A 69 BF 03 E9 B7 C0 5B E2 D5 95 4E DD .c.Zi.....[...N.
15[LIB] 64: 28 F4 50 8B 2B 05 B6 20 85 65 A2 E8 11 98 74 67 (.P.+.. .e....tg
15[LIB] 80: FF 9D C1 38 14 5F 75 72 41 84 54 45 E8 F0 F7 48 ...8._urA.TE...H
15[LIB] 96: 0F EF 25 EB 2F A7 4C 38 20 03 C1 E8 EF F0 75 85 ..%./.L8 .....u.
15[LIB] 112: F8 72 FC B8 19 81 43 63 70 5C 75 AC 5C 3B 7C 44 .r....Ccp\u.\;|D
15[LIB] 128: E6 1A 7E 39 56 2A 23 02 03 01 00 01 ..~9V*#.....
15[LIB] hash output userx => 20 bytes @ 0x8092900
15[LIB] 0: E5 C7 4A 32 CF 5A A1 C1 D5 83 B5 2D 7F 85 F0 4B ..J2.Z.....-...K
15[LIB] 16: 90 C0 AD 0F ....
15[LIB] userx encoded => 20 bytes @ 0x8092900
15[LIB] 0: E5 C7 4A 32 CF 5A A1 C1 D5 83 B5 2D 7F 85 F0 4B ..J2.Z.....-...K
15[LIB] 16: 90 C0 AD 0F ....
15[LIB] hash input userx => 162 bytes @ 0x8092a68
15[LIB] 0: 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 0..0...*.H......
15[LIB] 16: 05 00 03 81 8D 00 30 81 89 02 81 81 00 AA 3C 16 ......0.......<.
15[LIB] 32: C2 3D FA 4A FC D7 08 17 9C 54 F2 D5 35 71 AB 22 .=.J.....T..5q."
15[LIB] 48: 6C F8 90 40 B6 D0 EE B0 C3 EF 73 46 DD 9E CA EB l.. at ......sF....
15[LIB] 64: DD EE 08 2E 77 66 C9 63 99 5A 69 BF 03 E9 B7 C0 ....wf.c.Zi.....
15[LIB] 80: 5B E2 D5 95 4E DD 28 F4 50 8B 2B 05 B6 20 85 65 [...N.(.P.+.. .e
15[LIB] 96: A2 E8 11 98 74 67 FF 9D C1 38 14 5F 75 72 41 84 ....tg...8._urA.
15[LIB] 112: 54 45 E8 F0 F7 48 0F EF 25 EB 2F A7 4C 38 20 03 TE...H..%./.L8 .
15[LIB] 128: C1 E8 EF F0 75 85 F8 72 FC B8 19 81 43 63 70 5C ....u..r....Ccp\
15[LIB] 144: 75 AC 5C 3B 7C 44 E6 1A 7E 39 56 2A 23 02 03 01 u.\;|D..~9V*#...
15[LIB] 160: 00 01 ..
15[LIB] hash output userx => 20 bytes @ 0x80929d0
15[LIB] 0: 55 7C FE B0 AE 3F 9C 76 39 EB 7D FC 46 09 7C 2D U|...?.v9.}.F.|-
15[LIB] 16: 59 D9 7A 64 Y.zd
15[LIB] userx encoded => 20 bytes @ 0x80929d0
15[LIB] 0: 55 7C FE B0 AE 3F 9C 76 39 EB 7D FC 46 09 7C 2D U|...?.v9.}.F.|-
15[LIB] 16: 59 D9 7A 64 Y.zd
15[LIB] userx encoded => 9 bytes @ 0x8091979
15[LIB] 0: 69 6B 65 63 6C 69 65 6E 74 ikeclient
15[LIB] hash input userx => 632 bytes @ 0x80917a8
15[LIB] 0: 30 82 02 74 30 82 01 DD A0 03 02 01 02 02 01 02 0..t0...........
15[LIB] 16: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 30 0...*.H........0
15[LIB] 32: 63 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 6D c1.0...U....Siem
15[LIB] 48: 65 6E 73 31 0C 30 0A 06 03 55 04 0B 13 03 41 54 ens1.0...U....AT
15[LIB] 64: 53 31 12 30 10 06 03 55 04 07 13 09 4E 75 72 65 S1.0...U....Nure
15[LIB] 80: 6D 62 65 72 67 31 10 30 0E 06 03 55 04 08 13 07 mberg1.0...U....
15[LIB] 96: 42 61 76 61 72 69 61 31 0B 30 09 06 03 55 04 06 Bavaria1.0...U..
15[LIB] 112: 13 02 44 45 31 0E 30 0C 06 03 55 04 03 13 05 69 ..DE1.0...U....i
15[LIB] 128: 6B 65 63 61 30 1E 17 0D 30 39 31 32 31 38 31 34 keca0...09121814
15[LIB] 144: 30 33 30 36 5A 17 0D 31 31 31 32 31 38 31 34 30 0306Z..111218140
15[LIB] 160: 33 30 36 5A 30 56 31 0B 30 09 06 03 55 04 06 13 306Z0V1.0...U...
15[LIB] 176: 02 44 45 31 10 30 0E 06 03 55 04 08 13 07 42 61 .DE1.0...U....Ba
15[LIB] 192: 76 61 72 69 61 31 10 30 0E 06 03 55 04 0A 13 07 varia1.0...U....
15[LIB] 208: 53 69 65 6D 65 6E 73 31 0F 30 0D 06 03 55 04 0B Siemens1.0...U..
15[LIB] 224: 13 06 61 6E 64 65 72 65 31 12 30 10 06 03 55 04 ..andere1.0...U.
15[LIB] 240: 03 13 09 69 6B 65 63 6C 69 65 6E 74 30 81 9F 30 ...ikeclient0..0
15[LIB] 256: 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 ...*.H..........
15[LIB] 272: 8D 00 30 81 89 02 81 81 00 AA 3C 16 C2 3D FA 4A ..0.......<..=.J
15[LIB] 288: FC D7 08 17 9C 54 F2 D5 35 71 AB 22 6C F8 90 40 .....T..5q."l..@
15[LIB] 304: B6 D0 EE B0 C3 EF 73 46 DD 9E CA EB DD EE 08 2E ......sF........
15[LIB] 320: 77 66 C9 63 99 5A 69 BF 03 E9 B7 C0 5B E2 D5 95 wf.c.Zi.....[...
15[LIB] 336: 4E DD 28 F4 50 8B 2B 05 B6 20 85 65 A2 E8 11 98 N.(.P.+.. .e....
15[LIB] 352: 74 67 FF 9D C1 38 14 5F 75 72 41 84 54 45 E8 F0 tg...8._urA.TE..
15[LIB] 368: F7 48 0F EF 25 EB 2F A7 4C 38 20 03 C1 E8 EF F0 .H..%./.L8 .....
15[LIB] 384: 75 85 F8 72 FC B8 19 81 43 63 70 5C 75 AC 5C 3B u..r....Ccp\u.\;
15[LIB] 400: 7C 44 E6 1A 7E 39 56 2A 23 02 03 01 00 01 A3 45 |D..~9V*#......E
15[LIB] 416: 30 43 30 0B 06 03 55 1D 0F 04 04 03 02 05 A0 30 0C0...U........0
15[LIB] 432: 13 06 03 55 1D 25 04 0C 30 0A 06 08 2B 06 01 05 ...U.%..0...+...
15[LIB] 448: 05 07 03 02 30 14 06 03 55 1D 11 04 0D 30 0B 82 ....0...U....0..
15[LIB] 464: 09 69 6B 65 63 6C 69 65 6E 74 30 09 06 03 55 1D .ikeclient0...U.
15[LIB] 480: 13 04 02 30 00 30 0D 06 09 2A 86 48 86 F7 0D 01 ...0.0...*.H....
15[LIB] 496: 01 04 05 00 03 81 81 00 76 19 D1 31 DC 9E 5B 61 ........v..1..[a
15[LIB] 512: AD 7F 96 59 7E 53 3C 71 99 D2 5D 25 90 F8 57 2B ...Y~S<q..]%..W+
15[LIB] 528: 63 0C A1 15 C1 3E 32 89 C1 FB 7C CE 8D 3B 01 CD c....>2...|..;..
15[LIB] 544: 17 45 5D 1E 02 50 97 74 35 1F 42 35 C6 0A CA 21 .E]..P.t5.B5...!
15[LIB] 560: 27 38 39 6C AE D8 5C 0E 32 62 E8 FF 2D AC 18 28 '89l..\.2b..-..(
15[LIB] 576: 76 76 5A 7C 07 D1 F2 24 90 0C 5E EE E4 7E 84 EA vvZ|...$..^..~..
15[LIB] 592: DE BA FE 94 7A 85 72 61 0A 9C EF 6A 8D 6C 54 A4 ....z.ra...j.lT.
15[LIB] 608: 7E 5C 5F 90 1F 2C F8 08 30 25 91 F7 59 60 58 D7 ~\_..,..0%..Y`X.
15[LIB] 624: 2E 6F 9D CD E2 18 C1 AF .o......
15[LIB] hash output userx => 20 bytes @ 0x8091790
15[LIB] 0: A1 EA 8C 1C E0 6C 07 03 2F BD F5 8B 2F 3B 7D 2D .....l../.../;}-
15[LIB] 16: 8F D1 BA 87 ....
15[LIB] loaded certificate file '/usr/local/etc/ipsec.d/certs/clientcert.pem'
15[CFG] peerid %any not confirmed by certificate, defaulting to subject DN: C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient
15[CFG] added configuration 'host-host'
15[CFG] adding virtual IP address pool 'host-host': 10.10.3.0/24
04[LIB] hash input userx => 528 bytes @ 0x8093788
04[LIB] 0: E0 C2 AB 38 7D 4B 37 54 00 00 00 00 00 00 00 00 ...8}K7T........
04[LIB] 16: 21 20 22 08 00 00 00 00 00 00 02 10 22 00 01 00 ! "........."...
04[LIB] 32: 02 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
04[LIB] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................
04[LIB] 64: 00 00 00 08 04 00 00 02 02 00 00 2C 02 01 00 04 ...........,....
04[LIB] 80: 03 00 00 0C 01 00 00 0C 80 0E 01 00 03 00 00 08 ................
04[LIB] 96: 03 00 00 02 03 00 00 08 02 00 00 02 00 00 00 08 ................
04[LIB] 112: 04 00 00 02 02 00 00 28 03 01 00 04 03 00 00 08 .......(........
04[LIB] 128: 01 00 00 03 03 00 00 08 03 00 00 0C 03 00 00 08 ................
04[LIB] 144: 02 00 00 05 00 00 00 08 04 00 00 02 02 00 00 2C ...............,
04[LIB] 160: 04 01 00 04 03 00 00 0C 01 00 00 0C 80 0E 01 00 ................
04[LIB] 176: 03 00 00 08 03 00 00 0C 03 00 00 08 02 00 00 05 ................
04[LIB] 192: 00 00 00 08 04 00 00 02 02 00 00 28 05 01 00 04 ...........(....
04[LIB] 208: 03 00 00 08 01 00 00 03 03 00 00 08 03 00 00 0D ................
04[LIB] 224: 03 00 00 08 02 00 00 06 00 00 00 08 04 00 00 02 ................
04[LIB] 240: 00 00 00 2C 06 01 00 04 03 00 00 0C 01 00 00 0C ...,............
04[LIB] 256: 80 0E 01 00 03 00 00 08 03 00 00 0D 03 00 00 08 ................
04[LIB] 272: 02 00 00 06 00 00 00 08 04 00 00 02 28 00 00 88 ............(...
04[LIB] 288: 00 02 00 00 CB 6B 7A 3D EC 3F E7 CB EF 4A 84 56 .....kz=.?...J.V
04[LIB] 304: 13 12 13 8C 83 C2 77 39 32 9B 99 2C BC 6E D7 D6 ......w92..,.n..
04[LIB] 320: 0A 3A CE 66 3F 69 9B 79 39 6B AD 9A A9 9B E9 86 .:.f?i.y9k......
04[LIB] 336: E1 66 EC 15 53 DD 0C 60 EE 40 6C AF FA F1 CA CA .f..S..`. at l.....
04[LIB] 352: AC AF 6B 6D 44 C8 4B 37 5E 75 FE DC CB 19 BF 47 ..kmD.K7^u.....G
04[LIB] 368: 61 8A D2 D0 80 B1 C4 28 DB 3D 5F C4 E4 74 9E 6A a......(.=_..t.j
04[LIB] 384: A3 E1 B2 2D BC EB DB 2C 25 54 7D 32 CF BC 4A 28 ...-...,%T}2..J(
04[LIB] 400: 82 34 14 4C 30 6F 8A 49 B1 38 BD 7D 3B 57 2F FA .4.L0o.I.8.};W/.
04[LIB] 416: FF 73 1E 9E 29 00 00 34 AA 04 4B 22 1E 13 B9 71 .s..)..4..K"...q
04[LIB] 432: 00 4D 84 A4 D5 91 70 A5 7D B9 7B 75 A2 32 86 14 .M....p.}.{u.2..
04[LIB] 448: 38 1A DB E0 CB 95 9B E6 13 79 00 E8 79 75 D9 32 8........y..yu.2
04[LIB] 464: 52 6E 2F 33 6F 70 94 FA 29 00 00 1C 00 00 40 04 Rn/3op..)..... at .
04[LIB] 480: 76 2B 00 04 4A 79 19 9B 13 EF B8 D6 61 63 5E 80 v+..Jy......ac^.
04[LIB] 496: E8 24 7F B2 00 00 00 1C 00 00 40 05 1B 23 74 7B .$........ at ..#t{
04[LIB] 512: F9 4C 1D D8 11 24 AF E6 09 FF E8 F6 44 CF AE 1C .L...$......D...
04[LIB] hash output userx => 20 bytes @ 0x808fac8
04[LIB] 0: 4C 3B FA EF 7C 3B 5B A7 5D 29 D4 17 D5 E3 D4 50 L;..|;[.]).....P
04[LIB] 16: AF 1B F8 29 ...)
04[LIB] userx encoded => 0 bytes @ (nil)
04[LIB] userx encoded => 0 bytes @ (nil)
04[NET] received packet: from 192.168.10.12[500] to 192.168.10.90[500]
04[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
04[IKE] 192.168.10.12 is initiating an IKE_SA
04[LIB] hash input userx => 22 bytes @ 0x8097590
04[LIB] 0: E0 C2 AB 38 7D 4B 37 54 00 00 00 00 00 00 00 00 ...8}K7T........
04[LIB] 16: C0 A8 0A 5A 01 F4 ...Z..
04[LIB] hash output userx => 20 bytes @ 0x80966f0
04[LIB] 0: 1B 23 74 7B F9 4C 1D D8 11 24 AF E6 09 FF E8 F6 .#t{.L...$......
04[LIB] 16: 44 CF AE 1C D...
04[LIB] hash input userx => 22 bytes @ 0x8097590
04[LIB] 0: E0 C2 AB 38 7D 4B 37 54 00 00 00 00 00 00 00 00 ...8}K7T........
04[LIB] 16: C0 A8 0A 0C 01 F4 ......
04[LIB] hash output userx => 20 bytes @ 0x8095a30
04[LIB] 0: 76 2B 00 04 4A 79 19 9B 13 EF B8 D6 61 63 5E 80 v+..Jy......ac^.
04[LIB] 16: E8 24 7F B2 .$..
04[LIB] hash input userx => 22 bytes @ 0x8096f28
04[LIB] 0: E0 C2 AB 38 7D 4B 37 54 36 AD A0 1C B1 F5 48 5C ...8}K7T6.....H\
04[LIB] 16: C0 A8 0A 5A 01 F4 ...Z..
04[LIB] hash output userx => 20 bytes @ 0x8095a30
04[LIB] 0: D7 DB 7C 57 50 1E D4 27 40 F0 80 8D 22 F5 CA AA ..|WP..'@..."...
04[LIB] 16: 49 F2 57 81 I.W.
04[LIB] hash input userx => 22 bytes @ 0x8096f28
04[LIB] 0: E0 C2 AB 38 7D 4B 37 54 36 AD A0 1C B1 F5 48 5C ...8}K7T6.....H\
04[LIB] 16: C0 A8 0A 0C 01 F4 ......
04[LIB] hash output userx => 20 bytes @ 0x8095a30
04[LIB] 0: 33 75 16 0A ED E8 6A 44 55 4F 33 7C BA E0 BA 76 3u....jDUO3|...v
04[LIB] 16: D7 1E 7E 90 ..~.
04[IKE] sending cert request for "O=Siemens, OU=ATS, L=Nuremberg, ST=Bavaria, C=DE, CN=ikeca"
04[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
04[NET] sending packet: from 192.168.10.90[500] to 192.168.10.12[500]
05[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500]
05[ENC] data before decryption => 200 bytes @ 0x8097e98
05[ENC] 0: B2 6A 45 EE 7A 61 93 15 7B EA 8A D4 33 0A D6 FC .jE.za..{...3...
05[ENC] 16: 4E 15 43 08 AF 64 46 80 37 16 CB 8C AD 7B 66 D2 N.C..dF.7....{f.
05[ENC] 32: ED A0 1B 67 D3 3E 3D A5 EB D1 C7 33 48 24 71 61 ...g.>=....3H$qa
05[ENC] 48: A0 F4 A1 3F 12 0A 4D DC 67 38 2E 7F 4D 28 D9 F4 ...?..M.g8..M(..
05[ENC] 64: A9 C0 9A CF F5 16 ED F0 84 11 3F DE 2F 02 EC D7 ..........?./...
05[ENC] 80: 83 AE F9 CC 1B A3 91 E4 02 F5 E4 7D 36 36 0C 62 ...........}66.b
05[ENC] 96: 06 AD 6E A9 FE 6E 4A F2 84 5D CC 52 87 7E AF FC ..n..nJ..].R.~..
05[ENC] 112: 46 5F 9D 18 4C 2E C6 C2 D6 A3 5A BF A6 5B 2C 97 F_..L.....Z..[,.
05[ENC] 128: 6D A0 13 0A FB 04 44 1A 57 A8 5B 34 98 69 D6 78 m.....D.W.[4.i.x
05[ENC] 144: E5 1F AB 1B B7 FC 52 05 4C A5 97 A7 8A 7E ED B7 ......R.L....~..
05[ENC] 160: 29 14 9F A7 BB 81 BA DC B1 79 25 4E 3F 22 57 AB )........y%N?"W.
05[ENC] 176: F5 F4 BC 7C F2 BB 53 7E 45 C9 DA 6B D0 3B 84 84 ...|..S~E..k.;..
05[ENC] 192: 97 3B DD 84 4E 73 E2 57 .;..Ns.W
05[ENC] data after decryption with padding => 200 bytes @ 0x8095c48
05[ENC] 0: 26 00 00 0C 01 00 00 00 C0 A8 0A 0C 29 00 00 19 &...........)...
05[ENC] 16: 04 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 .......j<.9EWx.A
05[ENC] 32: 45 12 B0 33 6F 2F 00 00 08 00 00 40 0C 21 00 00 E..3o/..... at .!..
05[ENC] 48: 18 01 00 00 00 00 01 00 00 00 03 00 00 00 04 00 ................
05[ENC] 64: 00 5B A0 00 00 2C 00 00 50 02 00 00 28 01 03 04 .[...,..P...(...
05[ENC] 80: 03 12 F7 46 A9 03 00 00 0C 01 00 00 0C 80 0E 01 ...F............
05[ENC] 96: 00 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 ................
05[ENC] 112: 00 00 00 00 24 02 03 04 03 12 F7 46 A9 03 00 00 ....$......F....
05[ENC] 128: 08 01 00 00 03 03 00 00 08 03 00 00 02 00 00 00 ................
05[ENC] 144: 08 05 00 00 00 2D 00 00 18 01 00 00 00 07 00 00 .....-..........
05[ENC] 160: 10 00 00 FF FF 00 00 00 00 FF FF FF FF 00 00 00 ................
05[ENC] 176: 18 01 00 00 00 07 00 00 10 00 00 FF FF 00 00 00 ................
05[ENC] 192: 00 FF FF FF FF 00 00 02 ........
05[ENC] unknown attribute type INTERNAL_IP4_SERVER
05[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CP SA TSi TSr ]
05[LIB] userx encoded => 20 bytes @ 0x8097578
05[LIB] 0: 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 45 ......j<.9EWx.AE
05[LIB] 16: 12 B0 33 6F ..3o
05[IKE] received cert request for "O=Siemens, OU=ATS, L=Nuremberg, ST=Bavaria, C=DE, CN=ikeca"
05[LIB] userx encoded => 0 bytes @ (nil)
05[LIB] userx encoded => 4 bytes @ 0x8095e78
05[LIB] 0: C0 A8 0A 0C ....
05[CFG] looking for peer configs matching 192.168.10.90[%any]...192.168.10.12[192.168.10.12]
05[CFG] selected peer config 'host-host'
05[IKE] initiating EAP-Identity request
05[IKE] peer supports MOBIKE
05[IKE] IDx' => 92 bytes @ 0xb6597100
05[IKE] 0: 09 00 00 00 30 56 31 0B 30 09 06 03 55 04 06 13 ....0V1.0...U...
05[IKE] 16: 02 44 45 31 10 30 0E 06 03 55 04 08 13 07 42 61 .DE1.0...U....Ba
05[IKE] 32: 76 61 72 69 61 31 10 30 0E 06 03 55 04 0A 13 07 varia1.0...U....
05[IKE] 48: 53 69 65 6D 65 6E 73 31 0F 30 0D 06 03 55 04 0B Siemens1.0...U..
05[IKE] 64: 13 06 61 6E 64 65 72 65 31 12 30 10 06 03 55 04 ..andere1.0...U.
05[IKE] 80: 03 13 09 69 6B 65 63 6C 69 65 6E 74 ...ikeclient
05[IKE] skp' => 20 bytes @ 0x8097210
05[IKE] 0: 3D 75 98 E0 6D F6 75 5D 1A 5A 41 C6 D1 A9 FB 04 =u..m.u].ZA.....
05[IKE] 16: 64 6F 46 E7 doF.
05[IKE] octets = message + nonce + prf(Sk_px, IDx') => 401 bytes @ 0x8094f30
05[IKE] 0: E0 C2 AB 38 7D 4B 37 54 36 AD A0 1C B1 F5 48 5C ...8}K7T6.....H\
05[IKE] 16: 21 20 22 20 00 00 00 00 00 00 01 4D 22 00 00 2C ! " .......M"..,
05[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
05[IKE] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................
05[IKE] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(.......
05[IKE] 80: 55 4F 27 67 EF 8D 2B F5 E2 B2 72 45 1A D3 72 41 UO'g..+...rE..rA
05[IKE] 96: FE 04 12 09 D7 B0 DD 7E 2B 77 6B DA CB AF 0B 71 .......~+wk....q
05[IKE] 112: EF BA CB 44 28 0E AF 8E 5B 44 0B 50 E9 EF C1 7F ...D(...[D.P....
05[IKE] 128: CC EC 22 76 8D F9 C0 08 77 8D C8 1A C4 79 49 03 .."v....w....yI.
05[IKE] 144: 00 1C F0 C7 60 E0 58 29 A4 D4 8E AD 5D 87 4D B0 ....`.X)....].M.
05[IKE] 160: 87 A5 6C 11 48 2C 36 20 FB E2 71 5F B8 16 6D B6 ..l.H,6 ..q_..m.
05[IKE] 176: 33 7D 30 A8 77 65 0F 51 64 9E 54 02 B3 9B F4 CA 3}0.we.Qd.T.....
05[IKE] 192: 15 E4 D6 E5 F0 7D 27 35 F2 27 A0 DB 57 B6 B8 CC .....}'5.'..W...
05[IKE] 208: 29 00 00 24 D7 BB 21 6C FF 32 4C 79 2E C5 BD 41 )..$..!l.2Ly...A
05[IKE] 224: DF 90 28 C3 B1 B9 90 46 16 70 21 BE 0D E5 5D E4 ..(....F.p!...].
05[IKE] 240: 23 05 71 6A 29 00 00 1C 00 00 40 04 D7 DB 7C 57 #.qj)..... at ...|W
05[IKE] 256: 50 1E D4 27 40 F0 80 8D 22 F5 CA AA 49 F2 57 81 P..'@..."...I.W.
05[IKE] 272: 26 00 00 1C 00 00 40 05 33 75 16 0A ED E8 6A 44 &..... at .3u....jD
05[IKE] 288: 55 4F 33 7C BA E0 BA 76 D7 1E 7E 90 29 00 00 19 UO3|...v..~.)...
05[IKE] 304: 04 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 .......j<.9EWx.A
05[IKE] 320: 45 12 B0 33 6F 00 00 00 08 00 00 40 14 AA 04 4B E..3o...... at ...K
05[IKE] 336: 22 1E 13 B9 71 00 4D 84 A4 D5 91 70 A5 7D B9 7B "...q.M....p.}.{
05[IKE] 352: 75 A2 32 86 14 38 1A DB E0 CB 95 9B E6 13 79 00 u.2..8........y.
05[IKE] 368: E8 79 75 D9 32 52 6E 2F 33 6F 70 94 FA 17 AF 31 .yu.2Rn/3op....1
05[IKE] 384: 63 95 65 44 19 1E DF 46 0A A1 45 A5 08 68 EA 43 c.eD...F..E..h.C
05[IKE] 400: B9 .
05[LIB] hash input userx => 401 bytes @ 0x8094f30
05[LIB] 0: E0 C2 AB 38 7D 4B 37 54 36 AD A0 1C B1 F5 48 5C ...8}K7T6.....H\
05[LIB] 16: 21 20 22 20 00 00 00 00 00 00 01 4D 22 00 00 2C ! " .......M"..,
05[LIB] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
05[LIB] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................
05[LIB] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(.......
05[LIB] 80: 55 4F 27 67 EF 8D 2B F5 E2 B2 72 45 1A D3 72 41 UO'g..+...rE..rA
05[LIB] 96: FE 04 12 09 D7 B0 DD 7E 2B 77 6B DA CB AF 0B 71 .......~+wk....q
05[LIB] 112: EF BA CB 44 28 0E AF 8E 5B 44 0B 50 E9 EF C1 7F ...D(...[D.P....
05[LIB] 128: CC EC 22 76 8D F9 C0 08 77 8D C8 1A C4 79 49 03 .."v....w....yI.
05[LIB] 144: 00 1C F0 C7 60 E0 58 29 A4 D4 8E AD 5D 87 4D B0 ....`.X)....].M.
05[LIB] 160: 87 A5 6C 11 48 2C 36 20 FB E2 71 5F B8 16 6D B6 ..l.H,6 ..q_..m.
05[LIB] 176: 33 7D 30 A8 77 65 0F 51 64 9E 54 02 B3 9B F4 CA 3}0.we.Qd.T.....
05[LIB] 192: 15 E4 D6 E5 F0 7D 27 35 F2 27 A0 DB 57 B6 B8 CC .....}'5.'..W...
05[LIB] 208: 29 00 00 24 D7 BB 21 6C FF 32 4C 79 2E C5 BD 41 )..$..!l.2Ly...A
05[LIB] 224: DF 90 28 C3 B1 B9 90 46 16 70 21 BE 0D E5 5D E4 ..(....F.p!...].
05[LIB] 240: 23 05 71 6A 29 00 00 1C 00 00 40 04 D7 DB 7C 57 #.qj)..... at ...|W
05[LIB] 256: 50 1E D4 27 40 F0 80 8D 22 F5 CA AA 49 F2 57 81 P..'@..."...I.W.
05[LIB] 272: 26 00 00 1C 00 00 40 05 33 75 16 0A ED E8 6A 44 &..... at .3u....jD
05[LIB] 288: 55 4F 33 7C BA E0 BA 76 D7 1E 7E 90 29 00 00 19 UO3|...v..~.)...
05[LIB] 304: 04 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 .......j<.9EWx.A
05[LIB] 320: 45 12 B0 33 6F 00 00 00 08 00 00 40 14 AA 04 4B E..3o...... at ...K
05[LIB] 336: 22 1E 13 B9 71 00 4D 84 A4 D5 91 70 A5 7D B9 7B "...q.M....p.}.{
05[LIB] 352: 75 A2 32 86 14 38 1A DB E0 CB 95 9B E6 13 79 00 u.2..8........y.
05[LIB] 368: E8 79 75 D9 32 52 6E 2F 33 6F 70 94 FA 17 AF 31 .yu.2Rn/3op....1
05[LIB] 384: 63 95 65 44 19 1E DF 46 0A A1 45 A5 08 68 EA 43 c.eD...F..E..h.C
05[LIB] 400: B9 .
05[LIB] hash output userx => 20 bytes @ 0x8095bd0
05[LIB] 0: 27 EB BA 3F 79 C8 12 1C 63 0E CC B1 BF 75 4E 96 '..?y...c....uN.
05[LIB] 16: 96 C6 EB 85 ....
05[IKE] authentication of 'C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient' (myself) with RSA signature successful
05[IKE] sending end entity cert "C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient"
05[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP ]
05[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500]
06[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500]
06[ENC] data before decryption => 16 bytes @ 0x8096258
06[ENC] 0: E9 1C F7 22 C3 55 47 5D BA 2E 2F A2 05 29 F4 B5 ...".UG]../..)..
06[ENC] data after decryption with padding => 16 bytes @ 0x8096338
06[ENC] 0: 00 00 00 0D 02 00 00 09 01 74 65 73 74 00 00 02 .........test...
06[ENC] parsed IKE_AUTH request 2 [ EAP ]
06[IKE] received EAP identity 'test'
06[IKE] initiating EAP_MSCHAPV2
06[ENC] generating IKE_AUTH response 2 [ EAP ]
06[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500]
07[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500]
07[ENC] data before decryption => 72 bytes @ 0x8094e60
07[ENC] 0: F8 CE B5 A5 4C E5 01 C7 90 1E 08 35 35 ED 3E 8B ....L......55.>.
07[ENC] 16: BA C2 C4 94 05 52 7C 04 10 7B C8 6D D9 35 12 05 .....R|..{.m.5..
07[ENC] 32: A2 64 A3 B7 3C 70 B5 98 FF 8D 9E 4D D0 A8 70 65 .d..<p.....M..pe
07[ENC] 48: 8D 8F 93 F0 1F D6 AC 2A 76 36 F6 02 30 7E A6 0A .......*v6..0~..
07[ENC] 64: 83 10 E7 1A 55 A6 FF 57 ....U..W
07[ENC] data after decryption with padding => 72 bytes @ 0x8093730
07[ENC] 0: 00 00 00 43 02 AD 00 3F 1A 02 AD 00 3A 31 DA 81 ...C...?....:1..
07[ENC] 16: 3E 87 D4 BA 59 EF DE 07 EC F1 5B 22 39 86 00 00 >...Y.....["9...
07[ENC] 32: 00 00 00 00 00 00 D4 BF D8 C3 0B A8 76 75 29 DA ............vu).
07[ENC] 48: 3C 06 41 B3 B4 42 88 E0 4B 51 1F 7A AB 16 00 74 <.A..B..KQ.z...t
07[ENC] 64: 65 73 74 00 00 00 00 04 est.....
07[ENC] parsed IKE_AUTH request 3 [ EAP ]
07[LIB] hash input userx => 36 bytes @ 0xb5594e20
07[LIB] 0: DA 81 3E 87 D4 BA 59 EF DE 07 EC F1 5B 22 39 86 ..>...Y.....["9.
07[LIB] 16: D9 DE BA 7A 29 E2 4E 05 B6 56 1F 74 FD 2A AF 17 ...z).N..V.t.*..
07[LIB] 32: 74 65 73 74 test
07[LIB] hash output userx => 20 bytes @ 0x8096f28
07[LIB] 0: 38 B8 A7 13 0C 34 52 66 1B 76 07 C7 8C 35 79 FA 8....4Rf.v...5y.
07[LIB] 16: AD DB A6 C9 ....
07[LIB] hash input userx => 79 bytes @ 0xb5594e00
07[LIB] 0: 20 66 65 6E 05 C2 2F 3A 99 5A D9 EC FE D9 13 D6 fen../:.Z......
07[LIB] 16: D4 BF D8 C3 0B A8 76 75 29 DA 3C 06 41 B3 B4 42 ......vu).<.A..B
07[LIB] 32: 88 E0 4B 51 1F 7A AB 16 4D 61 67 69 63 20 73 65 ..KQ.z..Magic se
07[LIB] 48: 72 76 65 72 20 74 6F 20 63 6C 69 65 6E 74 20 73 rver to client s
07[LIB] 64: 69 67 6E 69 6E 67 20 63 6F 6E 73 74 61 6E 74 igning constant
07[LIB] hash output userx => 20 bytes @ 0x8094a10
07[LIB] 0: EE 8D 11 5B 10 B1 74 10 49 30 EE 6B 46 C8 26 5F ...[..t.I0.kF.&_
07[LIB] 16: C8 FE 5A 93 ..Z.
07[LIB] hash input userx => 69 bytes @ 0xb5594da0
07[LIB] 0: EE 8D 11 5B 10 B1 74 10 49 30 EE 6B 46 C8 26 5F ...[..t.I0.kF.&_
07[LIB] 16: C8 FE 5A 93 38 B8 A7 13 0C 34 52 66 50 61 64 20 ..Z.8....4RfPad
07[LIB] 32: 74 6F 20 6D 61 6B 65 20 69 74 20 64 6F 20 6D 6F to make it do mo
07[LIB] 48: 72 65 20 74 68 61 6E 20 6F 6E 65 20 69 74 65 72 re than one iter
07[LIB] 64: 61 74 69 6F 6E ation
07[LIB] hash output userx => 20 bytes @ 0x80971b0
07[LIB] 0: 39 D4 99 D3 92 A9 43 33 BD 73 8F 0C 15 9E 26 4B 9.....C3.s....&K
07[LIB] 16: 22 F8 3D 2C ".=,
07[LIB] hash input userx => 67 bytes @ 0xb5594dd0
07[LIB] 0: 20 66 65 6E 05 C2 2F 3A 99 5A D9 EC FE D9 13 D6 fen../:.Z......
07[LIB] 16: D4 BF D8 C3 0B A8 76 75 29 DA 3C 06 41 B3 B4 42 ......vu).<.A..B
07[LIB] 32: 88 E0 4B 51 1F 7A AB 16 54 68 69 73 20 69 73 20 ..KQ.z..This is
07[LIB] 48: 74 68 65 20 4D 50 50 45 20 4D 61 73 74 65 72 20 the MPPE Master
07[LIB] 64: 4B 65 79 Key
07[LIB] hash output userx => 20 bytes @ 0x80971c8
07[LIB] 0: C1 B1 CC F2 9A D8 84 9D D6 C3 9A 22 63 7F EC D4 ..........."c...
07[LIB] 16: B1 AB FC 52 ...R
07[LIB] hash input userx => 180 bytes @ 0xb5594d00
07[LIB] 0: C1 B1 CC F2 9A D8 84 9D D6 C3 9A 22 63 7F EC D4 ..........."c...
07[LIB] 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07[LIB] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07[LIB] 48: 00 00 00 00 00 00 00 00 4F 6E 20 74 68 65 20 63 ........On the c
07[LIB] 64: 6C 69 65 6E 74 20 73 69 64 65 2C 20 74 68 69 73 lient side, this
07[LIB] 80: 20 69 73 20 74 68 65 20 73 65 6E 64 20 6B 65 79 is the send key
07[LIB] 96: 3B 20 6F 6E 20 74 68 65 20 73 65 72 76 65 72 20 ; on the server
07[LIB] 112: 73 69 64 65 2C 20 69 74 20 69 73 20 74 68 65 20 side, it is the
07[LIB] 128: 72 65 63 65 69 76 65 20 6B 65 79 2E F2 F2 F2 F2 receive key.....
07[LIB] 144: F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 ................
07[LIB] 160: F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 ................
07[LIB] 176: F2 F2 F2 F2 ....
07[LIB] hash output userx => 20 bytes @ 0x8094a10
07[LIB] 0: FE AE 67 1B 8E FC CF 6E A2 3E E6 E2 BC A2 10 F9 ..g....n.>......
07[LIB] 16: 05 B0 35 38 ..58
07[LIB] hash input userx => 180 bytes @ 0xb5594c30
07[LIB] 0: C1 B1 CC F2 9A D8 84 9D D6 C3 9A 22 63 7F EC D4 ..........."c...
07[LIB] 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07[LIB] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
07[LIB] 48: 00 00 00 00 00 00 00 00 4F 6E 20 74 68 65 20 63 ........On the c
07[LIB] 64: 6C 69 65 6E 74 20 73 69 64 65 2C 20 74 68 69 73 lient side, this
07[LIB] 80: 20 69 73 20 74 68 65 20 72 65 63 65 69 76 65 20 is the receive
07[LIB] 96: 6B 65 79 3B 20 6F 6E 20 74 68 65 20 73 65 72 76 key; on the serv
07[LIB] 112: 65 72 20 73 69 64 65 2C 20 69 74 20 69 73 20 74 er side, it is t
07[LIB] 128: 68 65 20 73 65 6E 64 20 6B 65 79 2E F2 F2 F2 F2 he send key.....
07[LIB] 144: F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 ................
07[LIB] 160: F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 ................
07[LIB] 176: F2 F2 F2 F2 ....
07[LIB] hash output userx => 20 bytes @ 0x8093730
07[LIB] 0: E5 A5 23 DC 08 A9 09 1D C4 45 06 AF 60 6E AB 42 ..#......E..`n.B
07[LIB] 16: C6 33 40 53 .3 at S
07[ENC] generating IKE_AUTH response 3 [ EAP ]
07[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500]
08[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500]
08[ENC] data before decryption => 16 bytes @ 0x8094e88
08[ENC] 0: 3C A5 14 27 CA E1 A0 41 F4 DE 3F 19 30 C1 8E 03 <..'...A..?.0...
08[ENC] data after decryption with padding => 16 bytes @ 0x8097578
08[ENC] 0: 00 00 00 0A 02 AE 00 06 1A 03 00 00 00 00 00 05 ................
08[ENC] parsed IKE_AUTH request 4 [ EAP ]
08[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established
08[ENC] generating IKE_AUTH response 4 [ EAP ]
08[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500]
09[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500]
09[ENC] data before decryption => 32 bytes @ 0x8094d00
09[ENC] 0: DC D0 71 31 6C 67 AF B2 7A 51 94 1E 8F A3 4B D6 ..q1lg..zQ....K.
09[ENC] 16: 37 D3 18 FC 68 81 10 D6 D1 92 DB B7 37 ED A0 AF 7...h.......7...
09[ENC] data after decryption with padding => 32 bytes @ 0x8094d30
09[ENC] 0: 00 00 00 1C 02 00 00 00 ED 6B 09 2E 9B B6 9E 9A .........k......
09[ENC] 16: D3 21 08 AA C2 88 8B 93 20 01 9F BD 00 00 00 03 .!...... .......
09[ENC] parsed IKE_AUTH request 5 [ AUTH ]
09[IKE] IDx' => 8 bytes @ 0xb45930d0
09[IKE] 0: 01 00 00 00 C0 A8 0A 0C ........
09[IKE] skp' => 20 bytes @ 0x80961b8
09[IKE] 0: 3B 5F B7 0B E0 3B AE 9A 17 CF 55 C6 E3 2F 0D 2A ;_...;....U../.*
09[IKE] 16: 2A 20 3F A6 * ?.
09[IKE] octets = message + nonce + prf(Sk_px, IDx') => 580 bytes @ 0x8094950
09[IKE] 0: E0 C2 AB 38 7D 4B 37 54 00 00 00 00 00 00 00 00 ...8}K7T........
09[IKE] 16: 21 20 22 08 00 00 00 00 00 00 02 10 22 00 01 00 ! "........."...
09[IKE] 32: 02 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
09[IKE] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................
09[IKE] 64: 00 00 00 08 04 00 00 02 02 00 00 2C 02 01 00 04 ...........,....
09[IKE] 80: 03 00 00 0C 01 00 00 0C 80 0E 01 00 03 00 00 08 ................
09[IKE] 96: 03 00 00 02 03 00 00 08 02 00 00 02 00 00 00 08 ................
09[IKE] 112: 04 00 00 02 02 00 00 28 03 01 00 04 03 00 00 08 .......(........
09[IKE] 128: 01 00 00 03 03 00 00 08 03 00 00 0C 03 00 00 08 ................
09[IKE] 144: 02 00 00 05 00 00 00 08 04 00 00 02 02 00 00 2C ...............,
09[IKE] 160: 04 01 00 04 03 00 00 0C 01 00 00 0C 80 0E 01 00 ................
09[IKE] 176: 03 00 00 08 03 00 00 0C 03 00 00 08 02 00 00 05 ................
09[IKE] 192: 00 00 00 08 04 00 00 02 02 00 00 28 05 01 00 04 ...........(....
09[IKE] 208: 03 00 00 08 01 00 00 03 03 00 00 08 03 00 00 0D ................
09[IKE] 224: 03 00 00 08 02 00 00 06 00 00 00 08 04 00 00 02 ................
09[IKE] 240: 00 00 00 2C 06 01 00 04 03 00 00 0C 01 00 00 0C ...,............
09[IKE] 256: 80 0E 01 00 03 00 00 08 03 00 00 0D 03 00 00 08 ................
09[IKE] 272: 02 00 00 06 00 00 00 08 04 00 00 02 28 00 00 88 ............(...
09[IKE] 288: 00 02 00 00 CB 6B 7A 3D EC 3F E7 CB EF 4A 84 56 .....kz=.?...J.V
09[IKE] 304: 13 12 13 8C 83 C2 77 39 32 9B 99 2C BC 6E D7 D6 ......w92..,.n..
09[IKE] 320: 0A 3A CE 66 3F 69 9B 79 39 6B AD 9A A9 9B E9 86 .:.f?i.y9k......
09[IKE] 336: E1 66 EC 15 53 DD 0C 60 EE 40 6C AF FA F1 CA CA .f..S..`. at l.....
09[IKE] 352: AC AF 6B 6D 44 C8 4B 37 5E 75 FE DC CB 19 BF 47 ..kmD.K7^u.....G
09[IKE] 368: 61 8A D2 D0 80 B1 C4 28 DB 3D 5F C4 E4 74 9E 6A a......(.=_..t.j
09[IKE] 384: A3 E1 B2 2D BC EB DB 2C 25 54 7D 32 CF BC 4A 28 ...-...,%T}2..J(
09[IKE] 400: 82 34 14 4C 30 6F 8A 49 B1 38 BD 7D 3B 57 2F FA .4.L0o.I.8.};W/.
09[IKE] 416: FF 73 1E 9E 29 00 00 34 AA 04 4B 22 1E 13 B9 71 .s..)..4..K"...q
09[IKE] 432: 00 4D 84 A4 D5 91 70 A5 7D B9 7B 75 A2 32 86 14 .M....p.}.{u.2..
09[IKE] 448: 38 1A DB E0 CB 95 9B E6 13 79 00 E8 79 75 D9 32 8........y..yu.2
09[IKE] 464: 52 6E 2F 33 6F 70 94 FA 29 00 00 1C 00 00 40 04 Rn/3op..)..... at .
09[IKE] 480: 76 2B 00 04 4A 79 19 9B 13 EF B8 D6 61 63 5E 80 v+..Jy......ac^.
09[IKE] 496: E8 24 7F B2 00 00 00 1C 00 00 40 05 1B 23 74 7B .$........ at ..#t{
09[IKE] 512: F9 4C 1D D8 11 24 AF E6 09 FF E8 F6 44 CF AE 1C .L...$......D...
09[IKE] 528: D7 BB 21 6C FF 32 4C 79 2E C5 BD 41 DF 90 28 C3 ..!l.2Ly...A..(.
09[IKE] 544: B1 B9 90 46 16 70 21 BE 0D E5 5D E4 23 05 71 6A ...F.p!...].#.qj
09[IKE] 560: C2 DB E6 88 68 A3 17 66 4B 9A CA 0A F3 54 E0 B2 ....h..fK....T..
09[IKE] 576: 81 C9 15 F9 ....
09[IKE] authentication of '192.168.10.12' with EAP successful
09[IKE] authentication of 'C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient' (myself) with EAP
09[IKE] IDx' => 92 bytes @ 0xb4593080
09[IKE] 0: 09 00 00 00 30 56 31 0B 30 09 06 03 55 04 06 13 ....0V1.0...U...
09[IKE] 16: 02 44 45 31 10 30 0E 06 03 55 04 08 13 07 42 61 .DE1.0...U....Ba
09[IKE] 32: 76 61 72 69 61 31 10 30 0E 06 03 55 04 0A 13 07 varia1.0...U....
09[IKE] 48: 53 69 65 6D 65 6E 73 31 0F 30 0D 06 03 55 04 0B Siemens1.0...U..
09[IKE] 64: 13 06 61 6E 64 65 72 65 31 12 30 10 06 03 55 04 ..andere1.0...U.
09[IKE] 80: 03 13 09 69 6B 65 63 6C 69 65 6E 74 ...ikeclient
09[IKE] skp' => 20 bytes @ 0x8097210
09[IKE] 0: 3D 75 98 E0 6D F6 75 5D 1A 5A 41 C6 D1 A9 FB 04 =u..m.u].ZA.....
09[IKE] 16: 64 6F 46 E7 doF.
09[IKE] octets = message + nonce + prf(Sk_px, IDx') => 401 bytes @ 0x8094950
09[IKE] 0: E0 C2 AB 38 7D 4B 37 54 36 AD A0 1C B1 F5 48 5C ...8}K7T6.....H\
09[IKE] 16: 21 20 22 20 00 00 00 00 00 00 01 4D 22 00 00 2C ! " .......M"..,
09[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
09[IKE] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................
09[IKE] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(.......
09[IKE] 80: 55 4F 27 67 EF 8D 2B F5 E2 B2 72 45 1A D3 72 41 UO'g..+...rE..rA
09[IKE] 96: FE 04 12 09 D7 B0 DD 7E 2B 77 6B DA CB AF 0B 71 .......~+wk....q
09[IKE] 112: EF BA CB 44 28 0E AF 8E 5B 44 0B 50 E9 EF C1 7F ...D(...[D.P....
09[IKE] 128: CC EC 22 76 8D F9 C0 08 77 8D C8 1A C4 79 49 03 .."v....w....yI.
09[IKE] 144: 00 1C F0 C7 60 E0 58 29 A4 D4 8E AD 5D 87 4D B0 ....`.X)....].M.
09[IKE] 160: 87 A5 6C 11 48 2C 36 20 FB E2 71 5F B8 16 6D B6 ..l.H,6 ..q_..m.
09[IKE] 176: 33 7D 30 A8 77 65 0F 51 64 9E 54 02 B3 9B F4 CA 3}0.we.Qd.T.....
09[IKE] 192: 15 E4 D6 E5 F0 7D 27 35 F2 27 A0 DB 57 B6 B8 CC .....}'5.'..W...
09[IKE] 208: 29 00 00 24 D7 BB 21 6C FF 32 4C 79 2E C5 BD 41 )..$..!l.2Ly...A
09[IKE] 224: DF 90 28 C3 B1 B9 90 46 16 70 21 BE 0D E5 5D E4 ..(....F.p!...].
09[IKE] 240: 23 05 71 6A 29 00 00 1C 00 00 40 04 D7 DB 7C 57 #.qj)..... at ...|W
09[IKE] 256: 50 1E D4 27 40 F0 80 8D 22 F5 CA AA 49 F2 57 81 P..'@..."...I.W.
09[IKE] 272: 26 00 00 1C 00 00 40 05 33 75 16 0A ED E8 6A 44 &..... at .3u....jD
09[IKE] 288: 55 4F 33 7C BA E0 BA 76 D7 1E 7E 90 29 00 00 19 UO3|...v..~.)...
09[IKE] 304: 04 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 .......j<.9EWx.A
09[IKE] 320: 45 12 B0 33 6F 00 00 00 08 00 00 40 14 AA 04 4B E..3o...... at ...K
09[IKE] 336: 22 1E 13 B9 71 00 4D 84 A4 D5 91 70 A5 7D B9 7B "...q.M....p.}.{
09[IKE] 352: 75 A2 32 86 14 38 1A DB E0 CB 95 9B E6 13 79 00 u.2..8........y.
09[IKE] 368: E8 79 75 D9 32 52 6E 2F 33 6F 70 94 FA 17 AF 31 .yu.2Rn/3op....1
09[IKE] 384: 63 95 65 44 19 1E DF 46 0A A1 45 A5 08 68 EA 43 c.eD...F..E..h.C
09[IKE] 400: B9 .
09[IKE] scheduling reauthentication in 9797s
09[IKE] maximum IKE_SA lifetime 10337s
09[IKE] IKE_SA host-host[1] established between 192.168.10.90[C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient]...192.168.10.12[192.168.10.12]
09[IKE] peer requested virtual IP %any
09[CFG] assigning new lease to '192.168.10.12'
09[IKE] assigning virtual IP 10.10.3.1 to peer
09[IKE] allocating SPI failed
09[ENC] generating IKE_AUTH response 5 [ AUTH CP N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(NO_PROP) ]
09[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500]
10[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500]
10[ENC] data before decryption => 16 bytes @ 0x8094d60
10[ENC] 0: 45 FC C3 F7 62 B6 E0 BC 02 D3 AE AB 94 F4 0F 1A E...b...........
10[ENC] data after decryption with padding => 16 bytes @ 0x80974f8
10[ENC] 0: 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 07 ................
10[ENC] parsed INFORMATIONAL request 6 [ D ]
10[IKE] received DELETE for IKE_SA host-host[1]
10[IKE] deleting IKE_SA host-host[1] between 192.168.10.90[C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient]...192.168.10.12[192.168.10.12]
10[IKE] IKE_SA deleted
10[ENC] generating INFORMATIONAL response 6 [ ]
10[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500]
10[CFG] lease 10.10.3.1 by '192.168.10.12' went offline
01[DMN] signal of type SIGINT received. Shutting down
Mit freundlichem Gruß / Best regards
Sven Kerschbaum
Siemens AG
Industry Sector Industry Automation Division
mailto:sven.kerschbaum at siemens.com
http://www.siemens.com/automation
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme
Managing Board: Peter Loescher, Chairman, President and Chief Executive Officer;
Wolfgang Dehen, Heinrich Hiesinger, Joe Kaeser, Barbara Kux, Hermann Requardt,
Siegfried Russwurm, Peter Y. Solmssen
Registered offices: Berlin and Munich;
Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684
WEEE-Reg.-No. DE 23691322
-----Ursprüngliche Nachricht-----
Von: Andreas Steffen [mailto:andreas.steffen at hsr.ch]
Gesendet: Freitag, 7. Mai 2010 15:01
An: Kerschbaum, Sven; Martin Willi
Cc: users at lists.strongswan.org
Betreff: Aw: Re: [strongSwan] strongSwan + Windows 7 + IKEv2 + MSCHAPv2 (Username and password)
Did you read the certificate constraints
defined in
http://wiki.strongswan.org/projects/strongswan/wiki/Win7cCertReq
- gateway name contained either in CN or subjectAltName.
- serverAuth Extended Key Usage flag
andreas
----- Ursprüngliche Mitteilung -----
> Yeah, right. I already changed the ipsec.conf to:
>
> leftsendcert=always
>
> strongSwan generates now the IKE AUTH response IKE AUTH [Idr AUTH CERT EAP].
>
> Now it's a step further but Win 7 still complains with the following message:
>
> "Error 13801: IKE authentication credentials are unacceptable"
>
> In Win 7 I installed CA certificate used by the strongSwan server as a trusted
> root certificate. I also made an entry to the Win 7 - host file mapping cert
> details to the IP address of the strongSwan server.
>
> 192.168.10.90 ikeclient
>
> Hmm... Thanks for your assistance and great help!
>
> Mit freundlichem Gruß / Best regards
>
> Sven Kerschbaum
>
> Siemens AG
> Industry Sector Industry Automation Division, I IA&DT ATS 12
> mailto:sven.kerschbaum at siemens.com
> http://www.siemens.com/automation
>
> Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme
> Managing Board: Peter Loescher, Chairman, President and Chief Executive Officer;
> Wolfgang Dehen, Heinrich Hiesinger, Joe Kaeser, Barbara Kux, Hermann Requardt,
> Siegfried Russwurm, Peter Y. Solmssen
> Registered offices: Berlin and Munich;
> Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684
> WEEE-Reg.-No. DE 23691322
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Martin Willi [mailto:martin at strongswan.org]
> Gesendet: Freitag, 7. Mai 2010 13:44
> An: Kerschbaum, Sven
> Cc: users at lists.strongswan.org
> Betreff: Re: AW: [strongSwan] strongSwan + Windows 7 + IKEv2 + MSCHAPv2
> (Username and password)
>
> Hi again,
>
> > the response is just a little bit below:
>
> A yes, haven't seen the first authentication round in the log.
>
> > Why does strongSwan not reply with IKE AUTH [Idr AUTH CERT EAP REQ/ID]
>
> > leftsendcert=never
>
> Looks suspicious ;-). The example configuration uses
> rightsendcert=never, which actually says to not request a certificate
> from the client. leftsendcert=never will not include our own
> certificate, for example if a client already has the peer certificate of
> the gateway. But Windows 7 always expects a certificate payload to
> authenticate the gateway.
>
> Regards
> Martin
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list