[strongSwan] ikev2 - configuration payload in spite of explicit virtual IP address
Groebl, Laurence (Laurence)
laurence.groebl at alcatel-lucent.com
Tue Nov 2 12:51:00 CET 2010
Hi Martin,
thank you for this answer.
we removed the leftsourceip parameter, but it didn't change anything.
Extract from ipsec.conf:
conn net-net
left=192.168.20.51
#leftsourceip=192.168.10.20
right=192.168.20.254
rightsubnet=192.168.30.0/24
leftsubnet=192.168.10.20/32
leftfirewall=yes
leftid=bijan at de.alcatel-lucent.com
auto=start
Also in the traces of the strongswan client, we wondered it didn't change:
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftsubnet=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftsourceip=192.168.10.20
The initiator stills send the configuration payload
Configuration payload
Next payload: Security Association (33)
0... .... = Not critical
Payload length: 20
CFG Type ISAKMP_CFG_REQUEST (1)
INTERNAL_IP4_ADDRESS (3232238100e)
INTERNAL_IP4_DNS: <too big (0 bytes)>
What you you mean exactly by "Also, the IP address is not installed by the daemon."
For a better understanding, I depicted our simple configuration (ikev2, pre-shared keys, no NAT, fixed IP@)
-------------------- ----------------- -----------------
| Client Strongswan| ----- | Responder | ===============| Windows PC |
| Initiator | IPsec | Juniper GW | trusted | 192.168.30.51|
| 192.168.20.51 | | 192.168.20.254| | (no IPsec) |
| (fixed IP) | | (fixed IP) | | |
-------------------- ----------------- -----------------
Tunnel IP: (PC used to ping 102.168.10.20)
102.168.10.20
(fixed IP)
Nov 2 11:55:16 destgd0h003661 charon: 01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.4)
Nov 2 11:55:16 destgd0h003661 charon: 01[KNL] listening on interfaces:
Nov 2 11:55:16 destgd0h003661 charon: 01[KNL] eth1
Nov 2 11:55:16 destgd0h003661 charon: 01[KNL] 192.168.20.51
Nov 2 11:55:16 destgd0h003661 charon: 01[KNL] fe80::217:3fff:fed0:772c
Nov 2 11:55:16 destgd0h003661 charon: 01[KNL] eth0
Nov 2 11:55:16 destgd0h003661 charon: 01[KNL] 149.204.17.51
Nov 2 11:55:16 destgd0h003661 charon: 01[KNL] fe80::224:81ff:fe1d:d4fa
Nov 2 11:55:16 destgd0h003661 charon: 01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Nov 2 11:55:16 destgd0h003661 charon: 01[LIB] loaded certificate file '/etc/ipsec.d/cacerts/Myroot2.pem'
Nov 2 11:55:16 destgd0h003661 charon: 01[CFG] ca certificate must have ca basic constraint set, discarded
Nov 2 11:55:16 destgd0h003661 charon: 01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Nov 2 11:55:16 destgd0h003661 charon: 01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov 2 11:55:16 destgd0h003661 charon: 01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov 2 11:55:16 destgd0h003661 charon: 01[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 2 11:55:16 destgd0h003661 charon: 01[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 2 11:55:16 destgd0h003661 charon: 01[CFG] loaded IKE secret for @de.alcatel-lucent.com @suse.oamtest.org @brick.oamtest.org
Nov 2 11:55:16 destgd0h003661 charon: 01[CFG] secret: 73:68:61:72:65:64:73:65:63:72:65:74
Nov 2 11:55:16 destgd0h003661 charon: 01[CFG] loaded IKE secret for 192.168.20.51 192.168.20.254
Nov 2 11:55:16 destgd0h003661 charon: 01[CFG] secret: 73:65:63:72:65:74:6b:65:79
Nov 2 11:55:16 destgd0h003661 charon: 01[DMN] loaded plugins: curl ldap aes des sha1 sha2 md5 fips-prf random x509 pubkey openssl gcrypt xcbc hmac gmp kernel-netlink stroke updown attr resolv-conf
Nov 2 11:55:16 destgd0h003661 charon: 01[JOB] spawning 16 worker threads
Nov 2 11:55:16 destgd0h003661 ipsec_starter[677]: charon (679) started after 20 ms
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] stroke message => 438 bytes @ 0xb51480b0
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 0: B6 01 00 00 03 00 00 00 FF FF FF FF 10 01 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 16: 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 32: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 48: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 64: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00 ........,.......
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 80: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00 .p...p..........
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 96: 64 00 00 00 1E 00 00 00 00 00 00 00 00 00 00 00 d...............
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 112: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 ........ at .......
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 128: 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D...............
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 160: 60 01 00 00 77 01 00 00 85 01 00 00 20 00 00 00 `...w....... ...
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 176: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 192: 00 00 00 00 93 01 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 240: 97 01 00 00 00 00 00 00 00 00 00 00 A6 01 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 256: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 272: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 288: 31 2D 6D 6F 64 70 31 30 32 34 21 00 33 64 65 73 1-modp1024!.3des
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 304: 2D 73 68 61 31 2D 6D 6F 64 70 31 30 32 34 21 00 -sha1-modp1024!.
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 320: 70 73 6B 00 62 69 6A 61 6E 40 64 65 2E 61 6C 63 psk.bijan at de.alc
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 336: 61 74 65 6C 2D 6C 75 63 65 6E 74 2E 63 6F 6D 00 atel-lucent.com.
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 352: 69 70 73 65 63 20 5F 75 70 64 6F 77 6E 20 69 70 ipsec _updown ip
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 368: 74 61 62 6C 65 73 00 31 39 32 2E 31 36 38 2E 32 tables.192.168.2
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 384: 30 2E 35 31 00 31 39 32 2E 31 36 38 2E 31 30 2E 0.51.192.168.10.
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 400: 32 30 00 70 73 6B 00 31 39 32 2E 31 36 38 2E 32 20.psk.192.168.2
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 416: 30 2E 32 35 34 00 31 39 32 2E 31 36 38 2E 33 30 0.254.192.168.30
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] 432: 2E 30 2F 32 34 00 .0/24.
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] received stroke: add connection 'net-net'
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] conn net-net
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] left=192.168.20.51
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftsubnet=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftsourceip=192.168.10.20
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftauth=psk
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftauth2=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftid=bijan at de.alcatel-lucent.com
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftid2=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftcert=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftcert2=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftca=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftca2=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftgroups=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] leftupdown=ipsec _updown iptables
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] right=192.168.20.254
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightsubnet=192.168.30.0/24
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightsourceip=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightauth=psk
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightauth2=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightid=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightid2=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightcert=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightcert2=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightca=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightca2=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightgroups=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] rightupdown=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] eap_identity=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] ike=3des-sha1-modp1024!
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] esp=3des-sha1-modp1024!
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] mediation=no
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] mediated_by=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] me_peerid=(null)
Nov 2 11:55:16 destgd0h003661 charon: 05[KNL] getting interface name for 192.168.20.254
Nov 2 11:55:16 destgd0h003661 charon: 05[KNL] 192.168.20.254 is not a local address
Nov 2 11:55:16 destgd0h003661 charon: 05[KNL] getting interface name for 192.168.20.51
Nov 2 11:55:16 destgd0h003661 charon: 05[KNL] 192.168.20.51 is on interface eth1
Nov 2 11:55:16 destgd0h003661 charon: 05[CFG] added configuration 'net-net'
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] stroke message => 280 bytes @ 0xb3144150
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 0: 18 01 00 00 00 00 00 00 FF FF FF FF 10 01 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 16: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 32: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 48: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00 ........,.......
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 64: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00 .p...p..........
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 80: 64 00 00 00 1E 00 00 00 00 00 00 00 00 00 00 00 d...............
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 96: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 ........ at .......
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 112: 44 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D...............
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 144: 60 01 00 00 77 01 00 00 85 01 00 00 20 00 00 00 `...w....... ...
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 160: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 176: 00 00 00 00 93 01 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 224: 97 01 00 00 00 00 00 00 00 00 00 00 A6 01 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 240: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 256: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] 272: 6E 65 74 2D 6E 65 74 00 net-net.
Nov 2 11:55:16 destgd0h003661 charon: 09[CFG] received stroke: initiate 'net-net'
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] queueing IKE_INIT task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] queueing IKE_NATD task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] queueing IKE_CERT_PRE task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] queueing IKE_AUTHENTICATE task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] queueing IKE_CERT_POST task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] queueing IKE_CONFIG task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] queueing IKE_AUTH_LIFETIME task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] queueing CHILD_CREATE task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] activating new tasks
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] activating IKE_INIT task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] activating IKE_NATD task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] activating IKE_CERT_PRE task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] activating IKE_AUTHENTICATE task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] activating IKE_CERT_POST task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] activating IKE_CONFIG task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] activating CHILD_CREATE task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] activating IKE_AUTH_LIFETIME task
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] IKE_SA net-net[1] state change: CREATED => CONNECTING
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] natd_chunk => 22 bytes @ 0x80a8088
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] 0: 58 EE 48 EB 6E 60 D4 46 00 00 00 00 00 00 00 00 X.H.n`.F........
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] 16: C0 A8 14 FE 01 F4 ......
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] natd_hash => 20 bytes @ 0x80a5ba0
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] 0: 9D EF 21 C2 1B 27 FD 94 22 22 B6 75 BB DA 2C 9C ..!..'.."".u..,.
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] 16: 34 16 E5 48 4..H
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] natd_chunk => 22 bytes @ 0x80a8088
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] 0: 58 EE 48 EB 6E 60 D4 46 00 00 00 00 00 00 00 00 X.H.n`.F........
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] 16: C0 A8 14 33 01 F4 ...3..
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] natd_hash => 20 bytes @ 0x80a5ba0
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] 0: 3A 2C E6 F1 A7 97 C4 DF 9B D2 08 31 96 DF FC 3E :,.........1...>
Nov 2 11:55:16 destgd0h003661 charon: 09[IKE] 16: 4E A3 B3 02 N...
Nov 2 11:55:16 destgd0h003661 charon: 09[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Nov 2 11:55:16 destgd0h003661 charon: 09[NET] sending packet: from 192.168.20.51[500] to 192.168.20.254[500]
Nov 2 11:55:16 destgd0h003661 charon: 12[NET] received packet: from 192.168.20.254[500] to 192.168.20.51[500]
Nov 2 11:55:16 destgd0h003661 charon: 12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No ]
Nov 2 11:55:16 destgd0h003661 charon: 12[CFG] selecting proposal:
Nov 2 11:55:16 destgd0h003661 charon: 12[CFG] proposal matches
Nov 2 11:55:16 destgd0h003661 charon: 12[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 2 11:55:16 destgd0h003661 charon: 12[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 2 11:55:16 destgd0h003661 charon: 12[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] shared Diffie Hellman secret => 128 bytes @ 0x80a9470
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 85 D8 4C 12 04 E4 77 38 D9 E4 9A BA BB AB 47 66 ..L...w8......Gf
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: 63 56 1B 01 0C B9 AA 2E 48 9A 2D EA 4C BE 16 A6 cV......H.-.L...
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 32: 0D FD 87 E3 A5 EF 80 EA 63 D0 9A 2D 5F 65 8C 5E ........c..-_e.^
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 48: 6A 02 93 0A 32 86 C8 3F F5 96 C9 57 0A A0 BF 94 j...2..?...W....
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 64: BC 27 FC D8 76 A7 E0 01 45 0E E9 43 9F 99 73 D2 .'..v...E..C..s.
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 80: 74 A5 C3 27 1C 06 2F F1 A2 2A 47 1C D2 AD 7F 53 t..'../..*G....S
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 96: 6A C3 04 F6 C3 A3 AD B4 A8 E4 83 DC 24 97 4F 8B j...........$.O.
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 112: 8F E8 87 FD D6 31 E6 89 E6 09 C8 5E C6 CC BE 26 .....1.....^...&
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] SKEYSEED => 20 bytes @ 0x80a8170
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: B8 AE 90 A7 24 8E 9D BD 59 5E 4F B6 E0 6E 15 E7 ....$...Y^O..n..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: D8 AF 57 02 ..W.
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] Sk_d secret => 20 bytes @ 0x80a8170
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 3C 1B 9B 16 19 1B 79 67 D7 C1 9C DF 9D 2C B3 1F <.....yg.....,..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: 57 2A 0D 5D W*.]
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] Sk_ai secret => 20 bytes @ 0x80a8d98
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 28 92 B0 D7 DA 29 8C 22 99 FC D1 3A A1 C2 41 C5 (....)."...:..A.
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: 10 58 CB A9 .X..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] Sk_ar secret => 20 bytes @ 0x80a8d98
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 51 D9 7E E6 06 E4 EC 2A F9 62 61 18 87 FF 48 81 Q.~....*.ba...H.
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: 04 A4 49 62 ..Ib
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] Sk_ei secret => 24 bytes @ 0x80a7bb0
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 43 D3 4C CB 1C 36 A5 77 4A 62 57 EE CB 95 FB 5C C.L..6.wJbW....\
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: DB 29 2A 4E C7 D3 9E 53 .)*N...S
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] Sk_er secret => 24 bytes @ 0x80a7bb0
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 35 81 58 48 A9 A4 9A 0D 1B CC 54 EF 1F FB 98 27 5.XH......T....'
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: 4E 94 4B 3E 46 63 CD D8 N.K>Fc..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] Sk_pi secret => 20 bytes @ 0x80a7fd0
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: F2 0C D0 D7 7D 2D 69 C5 53 0E 7B 8F AF 7A 8E D8 ....}-i.S.{..z..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: AC D3 8E C9 ....
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] Sk_pr secret => 20 bytes @ 0x80a7b80
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 94 72 9A 2D 46 38 17 B2 D2 0C A1 7F BB 83 79 57 .r.-F8........yW
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: F6 B7 17 38 ...8
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] natd_chunk => 22 bytes @ 0x80a7bb0
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 58 EE 48 EB 6E 60 D4 46 DC B3 5A 57 AA BF 8A 7C X.H.n`.F..ZW...|
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: C0 A8 14 33 01 F4 ...3..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] natd_hash => 20 bytes @ 0x80a7d98
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: EF 78 39 B7 6D F9 96 5F 94 92 ED 41 8E 10 F3 21 .x9.m.._...A...!
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: BD 9A 31 B8 ..1.
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] natd_chunk => 22 bytes @ 0x80a7bb0
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 58 EE 48 EB 6E 60 D4 46 DC B3 5A 57 AA BF 8A 7C X.H.n`.F..ZW...|
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: C0 A8 14 FE 01 F4 ......
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] natd_hash => 20 bytes @ 0x80a8d98
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: FC FD 2A 42 D7 D9 82 29 2E 6F 4D 93 AC AC 29 AB ..*B...).oM...).
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: 5B 07 9B CF [...
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] precalculated src_hash => 20 bytes @ 0x80a8d98
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: FC FD 2A 42 D7 D9 82 29 2E 6F 4D 93 AC AC 29 AB ..*B...).oM...).
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: 5B 07 9B CF [...
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] precalculated dst_hash => 20 bytes @ 0x80a7d98
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: EF 78 39 B7 6D F9 96 5F 94 92 ED 41 8E 10 F3 21 .x9.m.._...A...!
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: BD 9A 31 B8 ..1.
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] reinitiating already active tasks
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] IKE_CERT_PRE task
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] IKE_AUTHENTICATE task
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] authentication of 'bijan at de.alcatel-lucent.com' (myself) with pre-shared key
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] IDx' => 31 bytes @ 0xb1941000
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 03 00 00 00 62 69 6A 61 6E 40 64 65 2E 61 6C 63 ....bijan at de.alc
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: 61 74 65 6C 2D 6C 75 63 65 6E 74 2E 63 6F 6D atel-lucent.com
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] SK_p => 20 bytes @ 0x80a7fd0
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: F2 0C D0 D7 7D 2D 69 C5 53 0E 7B 8F AF 7A 8E D8 ....}-i.S.{..z..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: AC D3 8E C9 ....
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] octets = message + nonce + prf(Sk_px, IDx') => 352 bytes @ 0x80a8d98
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 58 EE 48 EB 6E 60 D4 46 00 00 00 00 00 00 00 00 X.H.n`.F........
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: 21 20 22 08 00 00 00 00 00 00 01 2C 22 00 00 2C ! "........,"..,
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(.......
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 80: 4F 95 89 2A C1 5C 60 35 63 DC 55 EF 85 C5 93 3B O..*.\`5c.U....;
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 96: EC 9C 87 AB 28 19 35 71 E9 FC D2 DD 02 61 98 C2 ....(.5q.....a..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 112: B1 1E E0 CB 79 6E 29 59 75 F0 00 E0 95 EC 8C DF ....yn)Yu.......
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 128: 4F 51 8E A2 65 51 54 30 96 A7 63 63 96 10 C2 9B OQ..eQT0..cc....
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 144: 0B 94 DC 73 75 4B 28 E2 71 C5 2C B6 C9 1A F6 AB ...suK(.q.,.....
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 160: 1F 26 03 33 77 13 E2 6D 18 4A 30 23 62 25 45 5B .&.3w..m.J0#b%E[
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 176: C9 39 DF AD E8 DD 0E 37 14 FB 35 34 06 35 14 CC .9.....7..54.5..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 192: 6C 25 C1 3B 52 02 9C E5 DF 76 52 48 E6 3B C9 01 l%.;R....vRH.;..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 208: 29 00 00 24 11 DC D4 C3 72 52 3E 7B 73 DF 28 BE )..$....rR>{s.(.
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 224: 41 7E 41 EC E7 6E 20 08 99 67 2F C1 A0 60 A6 1B A~A..n ..g/..`..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 240: 57 E6 8B FA 29 00 00 1C 00 00 40 04 3A 2C E6 F1 W...)..... at .:,..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 256: A7 97 C4 DF 9B D2 08 31 96 DF FC 3E 4E A3 B3 02 .......1...>N...
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 272: 00 00 00 1C 00 00 40 05 9D EF 21 C2 1B 27 FD 94 ...... at ...!..'..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 288: 22 22 B6 75 BB DA 2C 9C 34 16 E5 48 26 EC 2D 69 "".u..,.4..H&.-i
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 304: 16 E0 2E 9E 4D 40 46 9C A8 50 F0 50 8A 52 7C 93 ....M at F..P.P.R|.
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 320: 25 71 28 59 21 02 23 EA 5F 87 CD AB 8E 68 E1 B5 %q(Y!.#._....h..
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 336: 07 D4 74 8E 85 5A 16 05 18 82 2E F5 AD 92 97 67 ..t..Z.........g
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] secret => 9 bytes @ 0x80a3658
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 73 65 63 72 65 74 6B 65 79 secretkey
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] prf(secret, keypad) => 20 bytes @ 0x80a5ba0
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: BC 99 33 71 96 AD 92 E9 C8 55 C8 3F DD 2F 36 6D ..3q.....U.?./6m
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: BD 76 6A 31 .vj1
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] AUTH = prf(prf(secret, keypad), octets) => 20 bytes @ 0x80a8060
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 0: 0B 6C B7 08 60 66 3D ED FF 63 CB 0D 3B B3 4D D1 .l..`f=..c..;.M.
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] 16: D9 3C 27 11 .<'.
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] successfully created shared key MAC
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] establishing CHILD_SA net-net
Nov 2 11:55:16 destgd0h003661 charon: 12[IKE] establishing CHILD_SA net-net
Nov 2 11:55:16 destgd0h003661 charon: 12[CFG] proposing traffic selectors for us:
Nov 2 11:55:16 destgd0h003661 charon: 12[CFG] dynamic (derived from dynamic)
Nov 2 11:55:16 destgd0h003661 charon: 12[CFG] proposing traffic selectors for other:
Nov 2 11:55:16 destgd0h003661 charon: 12[CFG] 192.168.30.0/24 (derived from 192.168.30.0/24)
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] getting SPI for reqid {1}
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] sending XFRM_MSG_ALLOCSPI: => 244 bytes @ 0xb1940cfc
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 0: F4 00 00 00 16 00 01 00 C9 00 00 00 A7 02 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 64: 00 00 00 00 00 00 00 00 C0 A8 14 33 00 00 00 00 ...........3....
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 80: 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 ............2...
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 96: C0 A8 14 FE 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 224: 01 00 00 00 02 00 01 00 00 00 00 00 00 00 00 C0 ................
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] 240: FF FF FF CF ....
Nov 2 11:55:16 destgd0h003661 charon: 12[KNL] got SPI cfc1fd6c for reqid {1}
Nov 2 11:55:16 destgd0h003661 charon: 12[ENC] generating IKE_AUTH request 1 [ IDi IDr AUTH CP SA TSi TSr ]
Nov 2 11:55:16 destgd0h003661 charon: 12[NET] sending packet: from 192.168.20.51[500] to 192.168.20.254[500]
Nov 2 11:55:16 destgd0h003661 charon: 14[NET] received packet: from 192.168.20.254[500] to 192.168.20.51[500]
Nov 2 11:55:16 destgd0h003661 charon: 14[ENC] parsed IKE_AUTH response 1 [ IDr AUTH SA N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) TSi TSr ]
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] received NON_FIRST_FRAGMENTS_ALSO notify
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] IDx' => 8 bytes @ 0xb694b030
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 0: 01 00 00 00 C0 A8 14 FE ........
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] SK_p => 20 bytes @ 0x80a7b80
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 0: 94 72 9A 2D 46 38 17 B2 D2 0C A1 7F BB 83 79 57 .r.-F8........yW
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 16: F6 B7 17 38 ...8
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] octets = message + nonce + prf(Sk_px, IDx') => 296 bytes @ 0x80a9b88
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 0: 58 EE 48 EB 6E 60 D4 46 DC B3 5A 57 AA BF 8A 7C X.H.n`.F..ZW...|
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 16: 21 20 22 20 00 00 00 00 00 00 00 F4 22 00 00 2C ! " ........"..,
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 48: 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(.......
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 80: C1 C5 69 1A F0 5D 62 AF DF DC B0 A8 21 35 9B 35 ..i..]b.....!5.5
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 96: 73 59 95 1B C7 7F 38 FE C8 D7 E5 19 16 1E 0A B5 sY....8.........
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 112: 83 A0 32 68 9B 40 F4 4A 58 EB E9 12 18 2D 32 62 ..2h. at .JX....-2b
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 128: 6A 81 1C 61 AD 0E FD 88 7A 3C CE DB 8A C8 06 6C j..a....z<.....l
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 144: 21 54 67 59 27 56 A8 12 5C 05 76 1E C1 24 5C 4A !TgY'V..\.v..$\J
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 160: FE C7 70 D0 8D E5 08 E6 28 65 B7 C3 2D 6B 11 F8 ..p.....(e..-k..
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 176: C3 8B 76 B7 5E 5E 1A 74 1F EC BA E0 FF DC 3A 0B ..v.^^.t......:.
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 192: EB 6C FE FE 74 2F 3D D8 1E A5 4D 30 25 93 40 93 .l..t/=...M0%. at .
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 208: 00 00 00 24 26 EC 2D 69 16 E0 2E 9E 4D 40 46 9C ...$&.-i....M at F.
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 224: A8 50 F0 50 8A 52 7C 93 25 71 28 59 21 02 23 EA .P.P.R|.%q(Y!.#.
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 240: 5F 87 CD AB 11 DC D4 C3 72 52 3E 7B 73 DF 28 BE _.......rR>{s.(.
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 256: 41 7E 41 EC E7 6E 20 08 99 67 2F C1 A0 60 A6 1B A~A..n ..g/..`..
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 272: 57 E6 8B FA EF E0 45 60 50 9A 7C 24 F6 1D 62 3F W.....E`P.|$..b?
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 288: 80 D5 4E EE C7 24 14 61 ..N..$.a
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] secret => 9 bytes @ 0x80a3658
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 0: 73 65 63 72 65 74 6B 65 79 secretkey
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] prf(secret, keypad) => 20 bytes @ 0x80a8f10
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 0: BC 99 33 71 96 AD 92 E9 C8 55 C8 3F DD 2F 36 6D ..3q.....U.?./6m
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 16: BD 76 6A 31 .vj1
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] AUTH = prf(prf(secret, keypad), octets) => 20 bytes @ 0x80a8f28
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 0: DA 7A 06 87 B8 62 F3 6F 66 7C 8C 4A 47 F5 08 83 .z...b.of|.JG...
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] 16: 7C A8 7F 7D |..}
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] authentication of '192.168.20.254' with pre-shared key successful
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] IKE_SA net-net[1] state change: CONNECTING => ESTABLISHED
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] scheduling rekeying in 21429s
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] maximum IKE_SA lifetime 27189s
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] IKE_SA net-net[1] established between 192.168.20.51[bijan at de.alcatel-lucent.com]...192.168.20.254[192.168.20.254]
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] IKE_SA net-net[1] established between 192.168.20.51[bijan at de.alcatel-lucent.com]...192.168.20.254[192.168.20.254]
Nov 2 11:55:16 destgd0h003661 charon: 14[CFG] selecting proposal:
Nov 2 11:55:16 destgd0h003661 charon: 14[CFG] proposal matches
Nov 2 11:55:16 destgd0h003661 charon: 14[CFG] received proposals: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Nov 2 11:55:16 destgd0h003661 charon: 14[CFG] configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
Nov 2 11:55:16 destgd0h003661 charon: 14[CFG] selected proposal: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ
Nov 2 11:55:16 destgd0h003661 charon: 14[CFG] selecting traffic selectors for us:
Nov 2 11:55:16 destgd0h003661 charon: 14[CFG] config: 192.168.20.51/32, received: 0.0.0.0/0 => match: 192.168.20.51/32
Nov 2 11:55:16 destgd0h003661 charon: 14[CFG] selecting traffic selectors for other:
Nov 2 11:55:16 destgd0h003661 charon: 14[CFG] config: 192.168.30.0/24, received: 192.168.30.0/24 => match: 192.168.30.0/24
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] adding SAD entry with SPI cfc1fd6c and reqid {1}
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] using encryption algorithm 3DES_CBC with key size 192
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] sending XFRM_MSG_UPDSA: => 424 bytes @ 0xb694ac5c
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 0: A8 01 00 00 1A 00 05 00 CA 00 00 00 A7 02 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 64: 00 00 00 00 00 00 00 00 C0 A8 14 33 00 00 00 00 ...........3....
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 80: 00 00 00 00 00 00 00 00 CF C1 FD 6C 32 00 00 00 ...........l2...
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 96: C0 A8 14 FE 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 112: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 128: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 144: DD 4B 00 00 00 00 00 00 D0 70 00 00 00 00 00 00 .K.......p......
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 224: 01 00 00 00 02 00 01 20 20 00 00 00 60 00 02 00 ....... ...`...
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 240: 64 65 73 33 5F 65 64 65 00 00 00 00 00 00 00 00 des3_ede........
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 304: C0 00 00 00 7F BB E7 A0 F6 FA AD C4 5C E7 D1 F5 ............\...
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 320: CD 32 C0 62 5E EC 3B 98 53 A1 33 D3 5C 00 01 00 .2.b^.;.S.3.\...
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 336: 73 68 61 31 00 00 00 00 00 00 00 00 00 00 00 00 sha1............
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 352: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 368: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 400: A0 00 00 00 DC 2D 6D 61 9D 75 35 2F 26 0F 81 13 .....-ma.u5/&...
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 416: 12 42 B8 32 AE 80 CC 73 .B.2...s
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] adding SAD entry with SPI c94b0caa and reqid {1}
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] using encryption algorithm 3DES_CBC with key size 192
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] sending XFRM_MSG_NEWSA: => 424 bytes @ 0xb694ac5c
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 0: A8 01 00 00 10 00 05 00 CB 00 00 00 A7 02 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 64: 00 00 00 00 00 00 00 00 C0 A8 14 FE 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 80: 00 00 00 00 00 00 00 00 C9 4B 0C AA 32 00 00 00 .........K..2...
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 96: C0 A8 14 33 00 00 00 00 00 00 00 00 00 00 00 00 ...3............
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 112: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 128: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 144: 00 00 00 00 00 00 00 00 D0 70 00 00 00 00 00 00 .........p......
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 224: 01 00 00 00 02 00 01 20 20 00 00 00 60 00 02 00 ....... ...`...
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 240: 64 65 73 33 5F 65 64 65 00 00 00 00 00 00 00 00 des3_ede........
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 256: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 272: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 288: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 304: C0 00 00 00 78 24 83 0F 65 92 D8 70 E4 FF 58 C1 ....x$..e..p..X.
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 320: 54 35 98 63 D3 41 64 E4 AC 46 78 AD 5C 00 01 00 T5.c.Ad..Fx.\...
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 336: 73 68 61 31 00 00 00 00 00 00 00 00 00 00 00 00 sha1............
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 352: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 368: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 384: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 400: A0 00 00 00 74 3C 48 07 EF 13 7B DE 7D 8E 31 E7 ....t<H...{.}.1.
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 416: 20 6D 59 5E 4A 4C 91 84 mY^JL..
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] adding policy 192.168.20.51/32 === 192.168.30.0/24 out
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] sending XFRM_MSG_NEWPOLICY: => 248 bytes @ 0xb694acac
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 0: F8 00 00 00 13 00 05 00 CC 00 00 00 A7 02 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 16: C0 A8 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 32: C0 A8 14 33 00 00 00 00 00 00 00 00 00 00 00 00 ...3............
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 48: 00 00 00 00 00 00 00 00 02 00 18 20 00 00 00 00 ........... ....
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 64: 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 80: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 96: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 160: 00 00 00 00 00 00 00 00 90 06 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 176: 01 00 00 00 44 00 05 00 C0 A8 14 FE 00 00 00 00 ....D...........
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 ............2...
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 208: 02 00 00 00 C0 A8 14 33 00 00 00 00 00 00 00 00 .......3........
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 224: 00 00 00 00 01 00 00 00 01 00 00 00 FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 240: FF FF FF FF FF FF FF FF ........
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] adding policy 192.168.30.0/24 === 192.168.20.51/32 in
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] sending XFRM_MSG_NEWPOLICY: => 248 bytes @ 0xb694acac
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 0: F8 00 00 00 13 00 05 00 CD 00 00 00 A7 02 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 16: C0 A8 14 33 00 00 00 00 00 00 00 00 00 00 00 00 ...3............
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 32: C0 A8 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 48: 00 00 00 00 00 00 00 00 02 00 20 18 00 00 00 00 .......... .....
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 64: 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 80: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 96: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 160: 00 00 00 00 00 00 00 00 E0 06 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 176: 00 00 00 00 44 00 05 00 C0 A8 14 33 00 00 00 00 ....D......3....
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 ............2...
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 208: 02 00 00 00 C0 A8 14 FE 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 224: 00 00 00 00 01 00 00 00 01 00 00 00 FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 240: FF FF FF FF FF FF FF FF ........
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] adding policy 192.168.30.0/24 === 192.168.20.51/32 fwd
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] sending XFRM_MSG_NEWPOLICY: => 248 bytes @ 0xb694acac
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 0: F8 00 00 00 13 00 05 00 CE 00 00 00 A7 02 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 16: C0 A8 14 33 00 00 00 00 00 00 00 00 00 00 00 00 ...3............
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 32: C0 A8 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 48: 00 00 00 00 00 00 00 00 02 00 20 18 00 00 00 00 .......... .....
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 64: 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 80: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 96: FF FF FF FF FF FF FF FF 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 160: 00 00 00 00 00 00 00 00 E0 06 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 176: 02 00 00 00 44 00 05 00 C0 A8 14 33 00 00 00 00 ....D......3....
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 ............2...
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 208: 02 00 00 00 C0 A8 14 FE 00 00 00 00 00 00 00 00 ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 224: 00 00 00 00 01 00 00 00 01 00 00 00 FF FF FF FF ................
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 240: FF FF FF FF FF FF FF FF ........
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] getting a local address in traffic selector 192.168.20.51/32
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] using host 192.168.20.51
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] getting address to reach 192.168.20.254
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] getting interface name for 192.168.20.51
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 192.168.20.51 is on interface eth1
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] getting iface index for eth1
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] getting interface name for 192.168.20.51
Nov 2 11:55:16 destgd0h003661 charon: 14[KNL] 192.168.20.51 is on interface eth1
Nov 2 11:55:16 destgd0h003661 vpn: + 192.168.20.254 192.168.30.0/24 == 192.168.20.254 -- 192.168.20.51
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] CHILD_SA net-net{1} established with SPIs cfc1fd6c_i c94b0caa_o and TS 192.168.20.51/32 === 192.168.30.0/24
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] CHILD_SA net-net{1} established with SPIs cfc1fd6c_i c94b0caa_o and TS 192.168.20.51/32 === 192.168.30.0/24
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] activating new tasks
Nov 2 11:55:16 destgd0h003661 charon: 14[IKE] nothing to initiate
Best regards,
Laurence
> -----Original Message-----
> From: Martin Willi [mailto:martin at strongswan.org]
> Sent: Dienstag, 2. November 2010 10:24
> To: Groebl, Laurence (Laurence)
> Cc: users at lists.strongswan.org
> Subject: Re: [strongSwan] ikev2 - configuration payload in
> spite of explicit virtual IP address
>
> Hi Laurence,
>
> > We don't expect that the client request an address from the
> responder
> > and configured the strongswan client for IKEv2 with an explicit
> > virtual IP address (leftsourceip=192.168.10.20).
>
> An IP specified with leftsourceip is always requested via a
> configuration payload in IKEv2, even if it is fixed. If you
> don't want this, just omit the leftsourceip parameter.
>
> Of course you'll have to make sure your source IP is in the
> negotiated tunnel, e.g. by settings
> leftsubnet=192.168.10.20/32. Also, the IP address is not
> installed by the daemon.
>
> Regards
> Martin
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101102/b28a5103/attachment.html>
More information about the Users
mailing list