[strongSwan] ikev2 - configuration payload in spite of explicit virtual IP address
Groebl, Laurence (Laurence)
laurence.groebl at alcatel-lucent.com
Tue Nov 2 10:09:42 CET 2010
Hello,
we have a configuration problem when using a strongswan client with a Juniper Gateway.
We don't expect that the client request an address from the responder and configured the strongswan client for IKEv2 with an explicit virtual IP address (leftsourceip=192.168.10.20).
However in the ike_auth sent by the client, we can see that the client sends a configuration payload with the following content.
Why is this sent, how could we inhibit this?
Extract from the wireshark trace:
Configuration payload
Next payload: Security Association (33)
0... .... = Not critical
Payload length: 20
CFG Type ISAKMP_CFG_REQUEST (1)
INTERNAL_IP4_ADDRESS (3232238100e)
INTERNAL_IP4_DNS: <too big (0 bytes)>
Extract from ipsec.conf:
conn net-net
left=192.168.20.51
leftsourceip=192.168.10.20
right=192.168.20.254
rightsubnet=192.168.30.0/24
leftfirewall=yes
leftid=bijan at de.alcatel-lucent.com
auto=start
Extract from the client trace:
Oct 28 17:50:04 destgd0h003661 ipsec_starter[14752]: Starting strongSwan 4.3.4 IPsec [starter]...
Oct 28 17:50:04 destgd0h003661 charon: 01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.4)
Oct 28 17:50:04 destgd0h003661 charon: 01[KNL] listening on interfaces:
Oct 28 17:50:04 destgd0h003661 charon: 01[KNL] eth1
Oct 28 17:50:04 destgd0h003661 charon: 01[KNL] 192.168.20.51
Oct 28 17:50:04 destgd0h003661 charon: 01[KNL] fe80::217:3fff:fed0:772c
Oct 28 17:50:04 destgd0h003661 charon: 01[KNL] eth0
Oct 28 17:50:04 destgd0h003661 charon: 01[KNL] 149.204.17.51
Oct 28 17:50:04 destgd0h003661 charon: 01[KNL] fe80::224:81ff:fe1d:d4fa
Oct 28 17:50:04 destgd0h003661 charon: 01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Oct 28 17:50:04 destgd0h003661 charon: 01[LIB] loaded certificate file '/etc/ipsec.d/cacerts/Myroot2.pem'
Oct 28 17:50:04 destgd0h003661 charon: 01[CFG] ca certificate must have ca basic constraint set, discarded
Oct 28 17:50:04 destgd0h003661 charon: 01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Oct 28 17:50:04 destgd0h003661 charon: 01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Oct 28 17:50:04 destgd0h003661 charon: 01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Oct 28 17:50:04 destgd0h003661 charon: 01[CFG] loading crls from '/etc/ipsec.d/crls'
Oct 28 17:50:04 destgd0h003661 charon: 01[CFG] loading secrets from '/etc/ipsec.secrets'
Oct 28 17:50:04 destgd0h003661 charon: 01[CFG] loaded IKE secret for @de.alcatel-lucent.com @suse.oamtest.org @brick.oamtest.org
Oct 28 17:50:04 destgd0h003661 charon: 01[CFG] secret: 73:68:61:72:65:64:73:65:63:72:65:74
Oct 28 17:50:04 destgd0h003661 charon: 01[CFG] loaded IKE secret for 192.168.20.51 192.168.20.254
Oct 28 17:50:04 destgd0h003661 charon: 01[CFG] secret: 73:65:63:72:65:74:6b:65:79
Oct 28 17:50:04 destgd0h003661 charon: 01[DMN] loaded plugins: curl ldap aes des sha1 sha2 md5 fips-prf random x509 pubkey openssl gcrypt xcbc hmac gmp kernel-netlink stroke updown attr resolv-conf
Oct 28 17:50:04 destgd0h003661 charon: 01[JOB] spawning 16 worker threads
Oct 28 17:50:04 destgd0h003661 ipsec_starter[14787]: charon (14788) started after 20 ms
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] stroke message => 438 bytes @ 0xb59730b0
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 0: B6 01 00 00 03 00 00 00 FF FF FF FF 10 01 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 16: 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 32: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 48: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 64: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00 ........,.......
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 80: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00 .p...p..........
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 96: 64 00 00 00 1E 00 00 00 00 00 00 00 00 00 00 00 d...............
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 112: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 ........ at .......
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 128: 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D...............
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 160: 60 01 00 00 77 01 00 00 85 01 00 00 20 00 00 00 `...w....... ...
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 176: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 192: 00 00 00 00 93 01 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 240: 97 01 00 00 00 00 00 00 00 00 00 00 A6 01 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 256: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 272: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 288: 31 2D 6D 6F 64 70 31 30 32 34 21 00 33 64 65 73 1-modp1024!.3des
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 304: 2D 73 68 61 31 2D 6D 6F 64 70 31 30 32 34 21 00 -sha1-modp1024!.
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 320: 70 73 6B 00 62 69 6A 61 6E 40 64 65 2E 61 6C 63 psk.bijan at de.alc
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 336: 61 74 65 6C 2D 6C 75 63 65 6E 74 2E 63 6F 6D 00 atel-lucent.com.
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 352: 69 70 73 65 63 20 5F 75 70 64 6F 77 6E 20 69 70 ipsec _updown ip
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 368: 74 61 62 6C 65 73 00 31 39 32 2E 31 36 38 2E 32 tables.192.168.2
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 384: 30 2E 35 31 00 31 39 32 2E 31 36 38 2E 31 30 2E 0.51.192.168.10.
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 400: 32 30 00 70 73 6B 00 31 39 32 2E 31 36 38 2E 32 20.psk.192.168.2
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 416: 30 2E 32 35 34 00 31 39 32 2E 31 36 38 2E 33 30 0.254.192.168.30
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] 432: 2E 30 2F 32 34 00 .0/24.
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] received stroke: add connection 'net-net'
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] conn net-net
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] left=192.168.20.51
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftsubnet=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftsourceip=192.168.10.20
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftauth=psk
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftauth2=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftid=bijan at de.alcatel-lucent.com
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftid2=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftcert=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftcert2=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftca=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftca2=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftgroups=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] leftupdown=ipsec _updown iptables
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] right=192.168.20.254
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightsubnet=192.168.30.0/24
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightsourceip=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightauth=psk
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightauth2=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightid=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightid2=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightcert=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightcert2=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightca=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightca2=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightgroups=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] rightupdown=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] eap_identity=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] ike=3des-sha1-modp1024!
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] esp=3des-sha1-modp1024!
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] mediation=no
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] mediated_by=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] me_peerid=(null)
Oct 28 17:50:04 destgd0h003661 charon: 05[KNL] getting interface name for 192.168.20.254
Oct 28 17:50:04 destgd0h003661 charon: 05[KNL] 192.168.20.254 is not a local address
Oct 28 17:50:04 destgd0h003661 charon: 05[KNL] getting interface name for 192.168.20.51
Oct 28 17:50:04 destgd0h003661 charon: 05[KNL] 192.168.20.51 is on interface eth1
Oct 28 17:50:04 destgd0h003661 charon: 05[CFG] added configuration 'net-net'
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] stroke message => 280 bytes @ 0xb4170150
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 0: 18 01 00 00 00 00 00 00 FF FF FF FF 10 01 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 16: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 32: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 48: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00 ........,.......
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 64: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00 .p...p..........
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 80: 64 00 00 00 1E 00 00 00 00 00 00 00 00 00 00 00 d...............
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 96: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 ........ at .......
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 112: 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D...............
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 144: 60 01 00 00 77 01 00 00 85 01 00 00 20 00 00 00 `...w....... ...
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 160: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 176: 00 00 00 00 93 01 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 224: 97 01 00 00 00 00 00 00 00 00 00 00 A6 01 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 240: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 256: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] 272: 6E 65 74 2D 6E 65 74 00 net-net.
Oct 28 17:50:04 destgd0h003661 charon: 08[CFG] received stroke: initiate 'net-net'
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] queueing IKE_INIT task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] queueing IKE_NATD task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] queueing IKE_CERT_PRE task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] queueing IKE_AUTHENTICATE task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] queueing IKE_CERT_POST task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] queueing IKE_CONFIG task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] queueing IKE_AUTH_LIFETIME task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] queueing CHILD_CREATE task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] activating new tasks
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] activating IKE_INIT task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] activating IKE_NATD task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] activating IKE_CERT_PRE task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] activating IKE_AUTHENTICATE task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] activating IKE_CERT_POST task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] activating IKE_CONFIG task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] activating CHILD_CREATE task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] activating IKE_AUTH_LIFETIME task
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] IKE_SA net-net[1] state change: CREATED => CONNECTING
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] natd_chunk => 22 bytes @ 0x80a80a0
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] 0: F6 52 AE EA 9F 30 A2 67 00 00 00 00 00 00 00 00 .R...0.g........
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] 16: C0 A8 14 FE 01 F4 ......
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] natd_hash => 20 bytes @ 0x80a75e8
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] 0: AE D3 60 A6 C8 93 8C FF E9 38 26 07 5D 7C 8E 0E ..`......8&.]|..
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] 16: 8F D9 AD 6F ...o
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] natd_chunk => 22 bytes @ 0x80a80a0
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] 0: F6 52 AE EA 9F 30 A2 67 00 00 00 00 00 00 00 00 .R...0.g........
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] 16: C0 A8 14 33 01 F4 ...3..
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] natd_hash => 20 bytes @ 0x80a75e8
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] 0: E5 68 68 F4 D5 B1 2F CB 45 54 6B 23 81 4E 43 14 .hh.../.ETk#.NC.
Oct 28 17:50:04 destgd0h003661 charon: 08[IKE] 16: C5 1A 0E B4 ....
Oct 28 17:50:04 destgd0h003661 charon: 08[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Oct 28 17:50:04 destgd0h003661 charon: 08[NET] sending packet: from 192.168.20.51[500] to 192.168.20.254[500]
Oct 28 17:50:04 destgd0h003661 charon: 12[NET] received packet: from 192.168.20.254[500] to 192.168.20.51[500]
Oct 28 17:50:04 destgd0h003661 charon: 12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No ]
Oct 28 17:50:04 destgd0h003661 charon: 12[CFG] selecting proposal:
Oct 28 17:50:04 destgd0h003661 charon: 12[CFG] proposal matches
Oct 28 17:50:04 destgd0h003661 charon: 12[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Oct 28 17:50:04 destgd0h003661 charon: 12[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Oct 28 17:50:04 destgd0h003661 charon: 12[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] shared Diffie Hellman secret => 128 bytes @ 0x80a9488
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 9D 8B 81 0F 70 4F CA DE 9E 1B EF 20 27 57 A3 BA ....pO..... 'W..
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 61 13 41 12 73 FF D7 CF 54 BA 52 39 54 C9 9D 5A a.A.s...T.R9T..Z
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 32: 5B 21 17 95 C2 9B EA 11 EB 96 70 74 5B CA CA 50 [!........pt[..P
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 48: E3 CB A1 5C 76 BB F1 5F 72 90 34 AB 6C 21 71 5B ...\v.._r.4.l!q[
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 64: 69 09 72 0C 0B 34 55 94 E0 F7 06 62 D5 30 57 91 i.r..4U....b.0W.
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 80: 47 43 48 6A 61 48 DB DC 49 64 32 FE 2B 08 89 64 GCHjaH..Id2.+..d
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 96: F1 00 C7 02 4D 4A C4 BB 8C EF 65 41 06 90 B9 97 ....MJ....eA....
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 112: 1F 7F 89 40 3C 37 0E 77 51 A0 3F 67 BD E7 85 B3 ...@<7.wQ.?g....
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] SKEYSEED => 20 bytes @ 0x80a8188
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: E8 A8 54 B7 5D 04 94 BE E3 62 63 24 BC 69 F7 FB ..T.]....bc$.i..
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: CD EE 48 CC ..H.
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] Sk_d secret => 20 bytes @ 0x80a8188
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 09 B5 5F 6F FB 2C F3 EC 9C 10 CE 67 61 50 E2 D6 .._o.,.....gaP..
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: ED C6 A1 E7 ....
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] Sk_ai secret => 20 bytes @ 0x80a8db0
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 2F 22 C6 55 9A A6 0E 3C 8B B5 D2 C6 2A 8F E3 B8 /".U...<....*...
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 8B B7 6F C4 ..o.
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] Sk_ar secret => 20 bytes @ 0x80a8db0
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 7D F9 B6 69 ED 69 93 44 A7 27 45 F2 82 D9 0C F3 }..i.i.D.'E.....
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: AA BC AE 7C ...|
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] Sk_ei secret => 24 bytes @ 0x80a7bc8
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 9F 13 78 19 5D 30 A2 97 54 EE 2F E0 27 F5 F5 17 ..x.]0..T./.'...
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 97 86 3B 88 11 DD E0 63 ..;....c
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] Sk_er secret => 24 bytes @ 0x80a7bc8
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 21 51 F4 A5 AE FD FC CB 22 D9 F3 0B 1C E9 CC 3B !Q......"......;
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: E9 C1 8F 94 97 0B 2C 93 ......,.
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] Sk_pi secret => 20 bytes @ 0x80a9240
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 3C D5 5E 70 A9 E4 F1 8B BB A3 C1 71 A8 18 0D 68 <.^p.......q...h
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 3B 14 E7 AB ;...
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] Sk_pr secret => 20 bytes @ 0x80a7b98
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: E5 07 4B 0D 69 5B 33 12 DB A2 7F E8 6C E9 69 21 ..K.i[3.....l.i!
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: FF 8A A0 62 ...b
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] natd_chunk => 22 bytes @ 0x80a7bc8
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: F6 52 AE EA 9F 30 A2 67 FA B0 58 61 03 9D BA 39 .R...0.g..Xa...9
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: C0 A8 14 33 01 F4 ...3..
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] natd_hash => 20 bytes @ 0x80a7db0
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: A4 66 4F 7F 4A 7C 56 30 E4 D2 58 3B A1 85 C1 CE .fO.J|V0..X;....
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 3D A9 66 61 =.fa
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] natd_chunk => 22 bytes @ 0x80a7bc8
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: F6 52 AE EA 9F 30 A2 67 FA B0 58 61 03 9D BA 39 .R...0.g..Xa...9
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: C0 A8 14 FE 01 F4 ......
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] natd_hash => 20 bytes @ 0x80a8db0
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 34 43 C0 2D 29 E7 1C C7 E5 BE 3A 17 99 FC EC 80 4C.-).....:.....
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 98 4F 66 CF .Of.
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] precalculated src_hash => 20 bytes @ 0x80a8db0
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 34 43 C0 2D 29 E7 1C C7 E5 BE 3A 17 99 FC EC 80 4C.-).....:.....
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 98 4F 66 CF .Of.
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] precalculated dst_hash => 20 bytes @ 0x80a7db0
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: A4 66 4F 7F 4A 7C 56 30 E4 D2 58 3B A1 85 C1 CE .fO.J|V0..X;....
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 3D A9 66 61 =.fa
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] reinitiating already active tasks
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] IKE_CERT_PRE task
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] IKE_AUTHENTICATE task
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] authentication of 'bijan at de.alcatel-lucent.com' (myself) with pre-shared key
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] IDx' => 31 bytes @ 0xb216c000
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 03 00 00 00 62 69 6A 61 6E 40 64 65 2E 61 6C 63 ....bijan at de.alc
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 61 74 65 6C 2D 6C 75 63 65 6E 74 2E 63 6F 6D atel-lucent.com
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] SK_p => 20 bytes @ 0x80a9240
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 3C D5 5E 70 A9 E4 F1 8B BB A3 C1 71 A8 18 0D 68 <.^p.......q...h
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 3B 14 E7 AB ;...
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] octets = message + nonce + prf(Sk_px, IDx') => 352 bytes @ 0x80a8db0
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: F6 52 AE EA 9F 30 A2 67 00 00 00 00 00 00 00 00 .R...0.g........
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 21 20 22 08 00 00 00 00 00 00 01 2C 22 00 00 2C ! "........,"..,
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(.......
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 80: C0 4E B9 4B 44 E9 BF 75 41 8F 09 BA 4A C7 16 AC .N.KD..uA...J...
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 96: B0 2A E1 1B 9F E4 B4 7C C5 F3 AF E7 C8 18 52 3A .*.....|......R:
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 112: 1D 01 FD 10 C3 48 3B B5 8A BF DB C7 B3 CB 25 51 .....H;.......%Q
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 128: B6 3E 25 90 37 31 B7 17 22 9C B9 3F B3 4A F0 B7 .>%.71.."..?.J..
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 144: 20 BD 6B 7C C3 3C 03 46 E3 B9 21 27 E6 54 A9 0C .k|.<.F..!'.T..
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 160: 49 11 CF DA 4E 8F 15 2D 4C 41 3F 53 F1 3B 5B F7 I...N..-LA?S.;[.
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 176: E4 B2 A9 AA 21 24 A6 B6 E9 D5 F0 63 6D FD 01 64 ....!$.....cm..d
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 192: 6F 30 27 55 5C 4B 03 76 CC 7E 3B FA 4E EE C7 66 o0'U\K.v.~;.N..f
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 208: 29 00 00 24 DB B7 28 D2 63 4D 6D 3A 3C DA 2E 36 )..$..(.cMm:<..6
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 224: E1 96 9B FE 8D B4 A3 5B 7C 8D 0D C1 DD 1D 35 EF .......[|.....5.
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 240: 42 5C 2C 9B 29 00 00 1C 00 00 40 04 E5 68 68 F4 B\,.)..... at ..hh.
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 256: D5 B1 2F CB 45 54 6B 23 81 4E 43 14 C5 1A 0E B4 ../.ETk#.NC.....
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 272: 00 00 00 1C 00 00 40 05 AE D3 60 A6 C8 93 8C FF ...... at ...`.....
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 288: E9 38 26 07 5D 7C 8E 0E 8F D9 AD 6F F4 75 E7 AA .8&.]|.....o.u..
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 304: 0A 0E B8 4D 5D 83 C4 FD 42 A7 B9 B0 9E 77 EC A6 ...M]...B....w..
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 320: A5 16 FE 41 E9 34 F4 DA 3A 45 D5 35 37 97 10 9D ...A.4..:E.57...
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 336: E9 FE E7 13 07 4E DE 06 8B 1C C0 F2 2D 52 F0 D4 .....N......-R..
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] secret => 9 bytes @ 0x80a3658
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: 73 65 63 72 65 74 6B 65 79 secretkey
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] prf(secret, keypad) => 20 bytes @ 0x80a75e8
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: BC 99 33 71 96 AD 92 E9 C8 55 C8 3F DD 2F 36 6D ..3q.....U.?./6m
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: BD 76 6A 31 .vj1
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] AUTH = prf(prf(secret, keypad), octets) => 20 bytes @ 0x80a8658
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 0: F3 20 B8 85 73 BA 7F 17 38 36 93 65 9F BF 1B D7 . ..s...86.e....
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] 16: 04 3E C8 01 .>..
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] successfully created shared key MAC
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] establishing CHILD_SA net-net
Oct 28 17:50:04 destgd0h003661 charon: 12[IKE] establishing CHILD_SA net-net
Oct 28 17:50:04 destgd0h003661 charon: 12[CFG] proposing traffic selectors for us:
Oct 28 17:50:04 destgd0h003661 charon: 12[CFG] dynamic (derived from dynamic)
Oct 28 17:50:04 destgd0h003661 charon: 12[CFG] proposing traffic selectors for other:
Oct 28 17:50:04 destgd0h003661 charon: 12[CFG] 192.168.30.0/24 (derived from 192.168.30.0/24)
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] getting SPI for reqid {1}
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] sending XFRM_MSG_ALLOCSPI: => 244 bytes @ 0xb216bcfc
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 0: F4 00 00 00 16 00 01 00 C9 00 00 00 C4 39 00 00 .............9..
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 64: 00 00 00 00 00 00 00 00 C0 A8 14 33 00 00 00 00 ...........3....
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 80: 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 ............2...
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 96: C0 A8 14 FE 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 224: 01 00 00 00 02 00 01 00 00 00 00 00 00 00 00 C0 ................
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] 240: FF FF FF CF ....
Oct 28 17:50:04 destgd0h003661 charon: 12[KNL] got SPI c4b44910 for reqid {1}
Oct 28 17:50:04 destgd0h003661 charon: 12[ENC] generating IKE_AUTH request 1 [ IDi IDr AUTH CP SA TSi TSr ]
Oct 28 17:50:04 destgd0h003661 charon: 12[NET] sending packet: from 192.168.20.51[500] to 192.168.20.254[500]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101102/fa245b6d/attachment.html>
More information about the Users
mailing list