[strongSwan] certificate status is not available
Farivar Tanha, Bijan (Bijan)
bijan.farivar_tanha at alcatel-lucent.com
Tue Nov 23 09:37:07 CET 2010
Hello,
If I check in the client's logs then after the below message the whole tunnel is removed from strongSwan.
Nov 18 11:52:55 destgd0h003661 charon: 07[CFG] constraint check failed: identity 'C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M, CN=JUNIPER' required
I think the identity is wrongly configured on the strongSwan client.
I can see the rigthid configured as :-->
rightid=C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless, CN=JN11AEB36ADD,CN=rsa-key, CN=SSG320M, CN=JUNIPER
Can somebody explain me how have to be configured the leftid and rightid according to the certificates information below?
Bijan
---------------------------------------------------
Hello,
we have a problem with authentication of the peer using certificate, as you see below
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] checking certificate status of "C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, CN=192.168.20.254, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER"
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] ocsp check skipped, no ocsp found
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] certificate status is not available
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] authentication of 'SSG320M.' with RSA signature successful
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] constraint check failed: identity 'C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M, CN=JUNIPER' required
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] selected peer config 'net-net' inacceptable
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] no alternative config found
Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] deleting SAD entry with SPI c8795470
We included below the certificates.
Could you please help us to find out which options in the certificates are not correct?
Regards,
Bijan
---------------------------------------------------------------------
Nov 18 11:58:23 destgd0h003661 starter[2379]: ipsec starter stopped
Nov 18 11:58:26 destgd0h003661 ipsec_starter[2661]: Starting strongSwan 4.3.4 IPsec [starter]...
Nov 18 11:58:26 destgd0h003661 charon: 01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.4)
Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] listening on interfaces:
Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] eth1
Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] 192.168.20.51
Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] fe80::217:3fff:fed0:772c
Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] eth0
Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] 149.204.17.51
Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] fe80::224:81ff:fe1d:d4fa
Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Nov 18 11:58:26 destgd0h003661 charon: 01[LIB] loaded certificate file '/etc/ipsec.d/cacerts/Myroot2.pem'
Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading crls from '/etc/ipsec.d/crls'
Nov 18 11:58:26 destgd0h003661 charon: 01[LIB] loaded crl file '/etc/ipsec.d/crls/crl_Myroot1.pem'
Nov 18 11:58:26 destgd0h003661 charon: 01[LIB] loaded crl file '/etc/ipsec.d/crls/crl_Myroot2.pem'
Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading secrets from '/etc/ipsec.secrets'
Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loaded private key file '/etc/ipsec.d/private/MyBTS1_key.pem'
Nov 18 11:58:26 destgd0h003661 charon: 01[DMN] loaded plugins: curl ldap aes des sha1 sha2 md5 fips-prf random x509 pubkey openssl gcrypt xcbc hmac gmp kernel-netlink stroke updown attr resolv-conf
Nov 18 11:58:26 destgd0h003661 charon: 01[JOB] spawning 16 worker threads
Nov 18 11:58:26 destgd0h003661 ipsec_starter[2683]: charon (2684) started after 20 ms
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] stroke message => 272 bytes @ 0xb604f160
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 0: 10 01 73 B7 0C 00 00 00 FF FF FF FF 01 00 00 00 ..s.............
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 16: 48 B7 E5 BF 6B 86 06 08 A0 89 01 00 60 A6 06 08 H...k.......`...
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 32: 48 B7 E5 BF 27 B7 E5 BF 00 94 73 B7 32 36 38 33 H...'.....s.2683
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 48: 08 00 00 00 74 86 06 08 10 00 00 00 08 00 00 00 ....t...........
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 64: F4 9F 73 B7 58 86 06 08 00 00 00 00 A0 B3 73 B7 ..s.X.........s.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 80: 50 86 64 B7 13 C8 64 B7 C0 8F 73 B7 02 00 00 00 P.d...d...s.....
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 96: C0 41 06 08 08 20 00 00 F4 9F 73 B7 60 86 06 08 .A... ....s.`...
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 112: 13 C8 64 B7 40 14 00 00 F0 B6 73 B7 C0 D6 5D B7 ..d. at .....s...].
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 128: 03 99 64 B7 D0 2B 06 08 00 00 00 00 F4 9F 73 B7 ..d..+........s.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 144: 58 A9 01 00 A8 86 06 08 D0 2B 06 08 F4 9F 73 B7 X........+....s.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 160: A0 B3 73 B7 00 00 00 00 C0 D6 5D B7 DD FF 64 B7 ..s.......]...d.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 176: 00 00 00 00 F4 9F 73 B7 F4 9F 73 B7 A0 B3 73 B7 ......s...s...s.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 192: D0 2B 06 08 C0 D6 5D B7 DD FF 64 B7 C0 D6 5D B7 .+....]...d...].
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 208: F4 9F 73 B7 F4 9F 73 B7 14 00 00 00 77 C9 6A B7 ..s...s.....w.j.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 224: 60 86 06 08 60 86 06 08 4A 00 00 00 00 40 00 00 `...`...J.... at ..
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 240: 00 94 73 B7 E0 99 73 B7 02 00 00 00 1A 00 00 00 ..s...s.........
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 256: 3A 00 00 00 0B 00 00 00 12 00 00 00 0A 00 00 00 :...............
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] crl caching to /etc/ipsec.d/crls enabled
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] stroke message => 289 bytes @ 0xb604f150
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 0: 21 01 73 B7 09 00 00 00 FF FF FF FF 10 01 00 00 !.s.............
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 16: 15 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 32: 00 00 00 00 00 00 00 00 00 94 73 B7 32 36 38 33 ..........s.2683
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 48: 08 00 00 00 74 86 06 08 10 00 00 00 08 00 00 00 ....t...........
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 64: F4 9F 73 B7 58 86 06 08 00 00 00 00 A0 B3 73 B7 ..s.X.........s.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 80: 50 86 64 B7 13 C8 64 B7 C0 8F 73 B7 02 00 00 00 P.d...d...s.....
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 96: C0 41 06 08 08 20 00 00 F4 9F 73 B7 60 86 06 08 .A... ....s.`...
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 112: 13 C8 64 B7 40 14 00 00 F0 B6 73 B7 C0 D6 5D B7 ..d. at .....s...].
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 128: 03 99 64 B7 D0 2B 06 08 00 00 00 00 F4 9F 73 B7 ..d..+........s.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 144: 58 A9 01 00 A8 86 06 08 D0 2B 06 08 F4 9F 73 B7 X........+....s.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 160: A0 B3 73 B7 00 00 00 00 C0 D6 5D B7 DD FF 64 B7 ..s.......]...d.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 176: 00 00 00 00 F4 9F 73 B7 F4 9F 73 B7 A0 B3 73 B7 ......s...s...s.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 192: D0 2B 06 08 C0 D6 5D B7 DD FF 64 B7 C0 D6 5D B7 .+....]...d...].
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 208: F4 9F 73 B7 F4 9F 73 B7 14 00 00 00 77 C9 6A B7 ..s...s.....w.j.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 224: 60 86 06 08 60 86 06 08 4A 00 00 00 00 40 00 00 `...`...J.... at ..
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 240: 00 94 73 B7 E0 99 73 B7 02 00 00 00 1A 00 00 00 ..s...s.........
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 256: 3A 00 00 00 0B 00 00 00 12 00 00 00 0A 00 00 00 :...............
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 272: 73 77 61 6E 00 4D 79 72 6F 6F 74 32 2E 70 65 6D swan.Myroot2.pem
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 288: 00 .
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] received stroke: add ca 'swan'
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] ca swan
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] cacert=Myroot2.pem
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] crluri=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] crluri2=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] ocspuri=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] ocspuri2=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] certuribase=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[LIB] loaded certificate file '/etc/ipsec.d/cacerts/Myroot2.pem'
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] added ca 'swan'
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] stroke message => 503 bytes @ 0xb604f070
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 0: F7 01 00 00 03 00 00 00 FF FF FF FF 10 01 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 16: 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 32: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 48: 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 64: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00 ........,.......
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 80: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00 .p...p..........
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 96: 64 00 00 00 3C 00 00 00 03 00 00 00 00 00 00 00 d...<...........
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 112: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 ........ at .......
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 128: 00 00 00 00 00 00 00 00 00 00 00 00 47 01 00 00 ............G...
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 160: 00 00 00 00 52 01 00 00 00 00 00 00 01 00 00 00 ....R...........
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 176: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 192: 00 00 00 00 60 01 00 00 00 00 00 00 67 01 00 00 ....`.......g...
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 240: D8 01 00 00 00 00 00 00 00 00 00 00 E7 01 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 256: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 272: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 288: 31 2D 6D 6F 64 70 31 30 32 34 21 00 33 64 65 73 1-modp1024!.3des
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 304: 2D 73 68 61 31 2D 6D 6F 64 70 31 30 32 34 21 00 -sha1-modp1024!.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 320: 72 73 61 73 69 67 00 4D 79 42 54 53 31 2E 70 65 rsasig.MyBTS1.pe
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 336: 6D 00 31 39 32 2E 31 36 38 2E 32 30 2E 35 31 00 m.192.168.20.51.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 352: 72 73 61 73 69 67 00 43 3D 44 45 2C 20 53 54 3D rsasig.C=DE, ST=
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 368: 47 65 72 6D 61 6E 79 2C 20 4C 3D 53 74 75 74 74 Germany, L=Stutt
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 384: 67 61 72 74 2C 20 4F 3D 41 6C 63 61 74 65 6C 2D gart, O=Alcatel-
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 400: 4C 75 63 65 6E 74 2C 20 4F 55 3D 57 69 72 65 6C Lucent, OU=Wirel
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 416: 65 73 73 2C 20 43 4E 3D 4A 4E 31 31 41 45 42 33 ess, CN=JN11AEB3
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 432: 36 41 44 44 2C 43 4E 3D 72 73 61 2D 6B 65 79 2C 6ADD,CN=rsa-key,
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 448: 20 43 4E 3D 53 53 47 33 32 30 4D 2C 20 43 4E 3D CN=SSG320M, CN=
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 464: 4A 55 4E 49 50 45 52 00 31 39 32 2E 31 36 38 2E JUNIPER.192.168.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 480: 32 30 2E 32 35 34 00 31 39 32 2E 31 36 38 2E 33 20.254.192.168.3
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 496: 30 2E 30 2F 32 34 00 0.0/24.
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] received stroke: add connection 'net-net'
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] conn net-net
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] left=192.168.20.51
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftsubnet=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftsourceip=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftauth=rsasig
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftauth2=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftid=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftid2=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftcert=MyBTS1.pem
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftcert2=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftca=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftca2=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftgroups=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftupdown=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] right=192.168.20.254
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightsubnet=192.168.30.0/24
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightsourceip=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightauth=rsasig
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightauth2=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightid=C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless, CN=JN11AEB36ADD,CN=rsa-key, CN=SSG320M, CN=JUNIPER
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightid2=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightcert=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightcert2=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightca=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightca2=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightgroups=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightupdown=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] eap_identity=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] ike=3des-sha1-modp1024!
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] esp=3des-sha1-modp1024!
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] mediation=no
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] mediated_by=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] me_peerid=(null)
Nov 18 11:58:26 destgd0h003661 charon: 04[KNL] getting interface name for 192.168.20.254
Nov 18 11:58:26 destgd0h003661 charon: 04[KNL] 192.168.20.254 is not a local address
Nov 18 11:58:26 destgd0h003661 charon: 04[KNL] getting interface name for 192.168.20.51
Nov 18 11:58:26 destgd0h003661 charon: 04[KNL] 192.168.20.51 is on interface eth1
Nov 18 11:58:26 destgd0h003661 charon: 04[LIB] loaded certificate file '/etc/ipsec.d/certs/MyBTS1.pem'
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] peerid 192.168.20.51 not confirmed by certificate, defaulting to subject DN: C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN
Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] added configuration 'net-net'
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] stroke message => 280 bytes @ 0xb2047150
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 0: 18 01 00 00 00 00 00 00 FF FF FF FF 10 01 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 16: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 32: 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 48: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00 ........,.......
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 64: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00 .p...p..........
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 80: 64 00 00 00 3C 00 00 00 03 00 00 00 00 00 00 00 d...<...........
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 96: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 ........ at .......
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 112: 00 00 00 00 00 00 00 00 00 00 00 00 47 01 00 00 ............G...
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 144: 00 00 00 00 52 01 00 00 00 00 00 00 01 00 00 00 ....R...........
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 160: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 176: 00 00 00 00 60 01 00 00 00 00 00 00 67 01 00 00 ....`.......g...
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 224: D8 01 00 00 00 00 00 00 00 00 00 00 E7 01 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 240: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 256: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 272: 6E 65 74 2D 6E 65 74 00 net-net.
Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] received stroke: initiate 'net-net'
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_INIT task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_NATD task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_CERT_PRE task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_AUTHENTICATE task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_CERT_POST task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_CONFIG task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_AUTH_LIFETIME task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing CHILD_CREATE task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating new tasks
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating IKE_INIT task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating IKE_NATD task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating IKE_CERT_PRE task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating IKE_AUTHENTICATE task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating IKE_CERT_POST task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating IKE_CONFIG task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating CHILD_CREATE task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating IKE_AUTH_LIFETIME task
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] IKE_SA net-net[1] state change: CREATED => CONNECTING
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] natd_chunk => 22 bytes @ 0x80a9d20
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 0: 4E 5D 6F 38 14 2B 36 FE 00 00 00 00 00 00 00 00 N]o8.+6.........
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 16: C0 A8 14 FE 01 F4 ......
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] natd_hash => 20 bytes @ 0x80a7c80
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 0: A8 0D E1 2B 4D CB 4D 42 BC 26 59 E4 3C 3E 88 89 ...+M.MB.&Y.<>..
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 16: AE DD E1 76 ...v
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] natd_chunk => 22 bytes @ 0x80a9d20
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 0: 4E 5D 6F 38 14 2B 36 FE 00 00 00 00 00 00 00 00 N]o8.+6.........
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 16: C0 A8 14 33 01 F4 ...3..
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] natd_hash => 20 bytes @ 0x80a7c80
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 0: 18 27 5C 02 7C C7 51 BA 46 EC DB 4A D9 93 4F 27 .'\.|.Q.F..J..O'
Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 16: 34 4A A6 7E 4J.~
Nov 18 11:58:26 destgd0h003661 charon: 12[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
Nov 18 11:58:26 destgd0h003661 charon: 12[NET] sending packet: from 192.168.20.51[500] to 192.168.20.254[500]
Nov 18 11:58:26 destgd0h003661 charon: 15[NET] received packet: from 192.168.20.254[500] to 192.168.20.51[500]
Nov 18 11:58:26 destgd0h003661 charon: 15[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ ]
Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] selecting proposal:
Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] proposal matches
Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] shared Diffie Hellman secret => 128 bytes @ 0x80ab128
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 9F 14 EA 4A F4 9F 14 1F 4B B6 43 64 BF 61 DC FF ...J....K.Cd.a..
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: C0 B2 57 93 BE 68 89 20 5E 41 6F 51 AA FE E7 4D ..W..h. ^AoQ...M
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 32: 59 77 E5 4D 28 8E 88 86 E3 99 C9 98 9F 89 4E 50 Yw.M(.........NP
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 48: 5E 2B DE 97 07 96 6A 29 F7 68 9A 79 50 9F 9B 85 ^+....j).h.yP...
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 64: 03 33 B3 7E 95 53 EB A4 37 7F BB 40 AD CD 60 D1 .3.~.S..7.. at ..`.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 80: 90 D8 0C 8C F0 D8 48 FF 51 F1 46 AF 09 A9 8A D9 ......H.Q.F.....
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 96: 4A 48 C4 E2 DA F4 BC 8F FA 82 91 59 06 33 AE FD JH.........Y.3..
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 112: 65 86 21 55 33 D0 03 3B 20 CE 7F F8 DA E3 9B 36 e.!U3..; ......6
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] SKEYSEED => 20 bytes @ 0x80a9818
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 2B 3E 58 5F A9 48 DF 6B CC 8A C9 C3 83 48 7D 1B +>X_.H.k.....H}.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: D7 03 B1 3B ...;
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_d secret => 20 bytes @ 0x80a9818
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 6E 7B 67 D8 84 EC 1D AB 14 2F 32 F4 76 03 59 54 n{g....../2.v.YT
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: B7 2A 55 3B .*U;
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_ai secret => 20 bytes @ 0x80a9e08
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: A4 51 BF B7 C9 64 ED 8C 02 E0 2C B5 33 B6 94 24 .Q...d....,.3..$
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 23 20 99 A8 # ..
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_ar secret => 20 bytes @ 0x80a9e08
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: BB E8 5F 0F AF 03 69 FA CB CB C8 BD 58 F3 AE 43 .._...i.....X..C
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 44 CB CB D8 D...
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_ei secret => 24 bytes @ 0x80aa670
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 33 8B DA 24 E0 8B A6 39 0F 88 05 03 31 F2 66 7B 3..$...9....1.f{
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 83 68 1E 3C 50 B7 39 AF .h.<P.9.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_er secret => 24 bytes @ 0x80aa670
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 52 DB EB 02 57 4D 4D 00 CE 9E 5D 31 FB 39 74 37 R...WMM...]1.9t7
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: CE 0C E0 99 94 1C E5 84 ........
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_pi secret => 20 bytes @ 0x80a9c68
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: F9 0B C5 61 80 3D FC 9A F1 19 9B 94 97 E6 EF 26 ...a.=.........&
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: E1 97 83 5C ...\
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_pr secret => 20 bytes @ 0x80a9e08
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: E1 AA 58 8B 27 36 64 F6 9A 9B 8E DF 3E 0A 66 5F ..X.'6d.....>.f_
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 26 27 E1 6C &'.l
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] natd_chunk => 22 bytes @ 0x80a5918
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 4E 5D 6F 38 14 2B 36 FE 6C E2 E9 07 32 41 86 85 N]o8.+6.l...2A..
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: C0 A8 14 33 01 F4 ...3..
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] natd_hash => 20 bytes @ 0x80a9a30
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 82 BE D1 D4 FB 95 A9 68 63 2D A8 F2 D9 0C E2 0D .......hc-......
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 75 BF 12 E2 u...
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] natd_chunk => 22 bytes @ 0x80a5918
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 4E 5D 6F 38 14 2B 36 FE 6C E2 E9 07 32 41 86 85 N]o8.+6.l...2A..
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: C0 A8 14 FE 01 F4 ......
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] natd_hash => 20 bytes @ 0x80a60e8
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 7A 5F 7F 27 B4 71 8D 77 3D 5C FC DA 57 F5 2F 07 z_.'.q.w=\..W./.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 0A 64 53 5A .dSZ
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] precalculated src_hash => 20 bytes @ 0x80a60e8
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 7A 5F 7F 27 B4 71 8D 77 3D 5C FC DA 57 F5 2F 07 z_.'.q.w=\..W./.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 0A 64 53 5A .dSZ
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] precalculated dst_hash => 20 bytes @ 0x80a9a30
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 82 BE D1 D4 FB 95 A9 68 63 2D A8 F2 D9 0C E2 0D .......hc-......
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 75 BF 12 E2 u...
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] received cert request for unknown ca with keyid 12:b9:6f:ae:3c:15:64:e2:f1:16:5f:e9:be:e3:3a:ca:03:65:af:c5
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] reinitiating already active tasks
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] IKE_CERT_PRE task
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] IKE_AUTHENTICATE task
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] sending cert request for "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot"
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] sending cert request for "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN"
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] IDx' => 78 bytes @ 0xb0844040
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 09 00 00 00 30 48 31 0B 30 09 06 03 55 04 06 13 ....0H1.0...U...
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 02 44 45 31 17 30 15 06 03 55 04 0A 13 0E 41 6C .DE1.0...U....Al
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 32: 63 61 74 65 6C 2D 4C 75 63 65 6E 74 31 11 30 0F catel-Lucent1.0.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 48: 06 03 55 04 0B 13 08 57 69 72 65 6C 65 73 73 31 ..U....Wireless1
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 64: 0D 30 0B 06 03 55 04 03 13 04 53 57 41 4E .0...U....SWAN
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] SK_p => 20 bytes @ 0x80a9c68
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: F9 0B C5 61 80 3D FC 9A F1 19 9B 94 97 E6 EF 26 ...a.=.........&
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: E1 97 83 5C ...\
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] octets = message + nonce + prf(Sk_px, IDx') => 352 bytes @ 0x80ab850
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 4E 5D 6F 38 14 2B 36 FE 00 00 00 00 00 00 00 00 N]o8.+6.........
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 21 20 22 08 00 00 00 00 00 00 01 2C 22 00 00 2C ! "........,"..,
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(.......
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 80: B3 FB 9A 96 FF 15 BE C0 3B CA 64 6C C1 13 C5 3A ........;.dl...:
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 96: 7E 3E 98 1A 21 2E 3D 5E 8C 2C 3D 7C E2 EA 4F CA ~>..!.=^.,=|..O.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 112: 8D 89 AB F5 0D 6C 83 2E 54 41 6B 84 61 DF D8 F0 .....l..TAk.a...
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 128: 1B 2C A3 B6 0D BB BF 5D 1F 8F 0B 5E 81 A0 A1 34 .,.....]...^...4
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 144: 13 E4 26 CB FD DB 3D 6C C1 8D A7 11 3B 32 38 58 ..&...=l....;28X
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 160: A9 0D 9D 28 85 6A B2 53 3D 43 37 8B 6C B2 93 47 ...(.j.S=C7.l..G
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 176: B7 C9 8E FE CD D5 1F FC D2 02 69 8C 84 18 C8 79 ..........i....y
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 192: A1 00 34 BC 8E B7 C5 17 FE D1 9F 8D 62 DF 0C 3E ..4.........b..>
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 208: 29 00 00 24 F9 3B 41 2C 32 74 27 AD 38 44 45 2B )..$.;A,2t'.8DE+
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 224: 8D 44 C6 84 78 16 4A C4 FB 05 9A 11 67 DB C1 EF .D..x.J.....g...
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 240: 22 A7 4E C5 29 00 00 1C 00 00 40 04 18 27 5C 02 ".N.)..... at ..'\.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 256: 7C C7 51 BA 46 EC DB 4A D9 93 4F 27 34 4A A6 7E |.Q.F..J..O'4J.~
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 272: 00 00 00 1C 00 00 40 05 A8 0D E1 2B 4D CB 4D 42 ...... at ....+M.MB
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 288: BC 26 59 E4 3C 3E 88 89 AE DD E1 76 3F 85 3B E1 .&Y.<>.....v?.;.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 304: 67 0D E8 E2 4E 07 76 65 BE 0A B5 F8 8B 04 59 0B g...N.ve......Y.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 320: BB D2 B0 CF AF 22 98 56 79 CD CF 60 7F B0 66 C4 .....".Vy..`..f.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 336: 93 9D 64 33 33 C8 ED 50 DE 44 D1 67 E3 7B 38 11 ..d33..P.D.g.{8.
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] authentication of 'C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN' (myself) with RSA signature successful
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] sending end entity cert "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN"
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] establishing CHILD_SA net-net
Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] establishing CHILD_SA net-net
Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] proposing traffic selectors for us:
Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] dynamic (derived from dynamic)
Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] proposing traffic selectors for other:
Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] 192.168.30.0/24 (derived from 192.168.30.0/24)
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] getting SPI for reqid {1}
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] sending XFRM_MSG_ALLOCSPI: => 244 bytes @ 0xb0843cfc
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 0: F4 00 00 00 16 00 01 00 C9 00 00 00 7C 0A 00 00 ............|...
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 64: 00 00 00 00 00 00 00 00 C0 A8 14 33 00 00 00 00 ...........3....
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 80: 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 ............2...
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 96: C0 A8 14 FE 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 224: 01 00 00 00 02 00 01 00 00 00 00 00 00 00 00 C0 ................
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 240: FF FF FF CF ....
Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] got SPI c8795470 for reqid {1}
Nov 18 11:58:26 destgd0h003661 charon: 15[ENC] generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH CP SA TSi TSr ]
Nov 18 11:58:26 destgd0h003661 charon: 15[NET] sending packet: from 192.168.20.51[500] to 192.168.20.254[500]
Nov 18 11:58:26 destgd0h003661 charon: 08[NET] received packet: from 192.168.20.254[500] to 192.168.20.51[500]
Nov 18 11:58:26 destgd0h003661 charon: 08[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CP SA N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) TSi TSr ]
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] received end entity cert "C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, CN=192.168.20.254, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER"
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] received NON_FIRST_FRAGMENTS_ALSO notify
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] IDx' => 12 bytes @ 0xb404b0b0
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 0: 02 00 00 00 53 53 47 33 32 30 4D 2E ....SSG320M.
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] SK_p => 20 bytes @ 0x80a9e08
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 0: E1 AA 58 8B 27 36 64 F6 9A 9B 8E DF 3E 0A 66 5F ..X.'6d.....>.f_
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 16: 26 27 E1 6C &'.l
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] octets = message + nonce + prf(Sk_px, IDx') => 321 bytes @ 0x80ab938
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 0: 4E 5D 6F 38 14 2B 36 FE 6C E2 E9 07 32 41 86 85 N]o8.+6.l...2A..
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 16: 21 20 22 20 00 00 00 00 00 00 01 0D 22 00 00 2C ! " ........"..,
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 48: 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 ................
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(.......
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 80: 52 D2 C9 D1 FF D4 83 82 A9 1C C4 4F 53 75 CA FE R..........OSu..
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 96: BA 35 1C C4 CC 4B E1 1C 94 F1 20 FD F9 BC C8 1A .5...K.... .....
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 112: E2 16 A2 F8 ED 29 2D FA 5F 14 57 B2 75 09 EF E6 .....)-._.W.u...
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 128: 5C 22 E2 4D 80 52 8B 45 6E 2A FE AF 78 84 8B D1 \".M.R.En*..x...
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 144: B7 DF DA 39 17 F2 E3 38 36 84 C7 2C 42 BA 50 20 ...9...86..,B.P
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 160: EA 7E 4B 37 E3 A1 14 1D CE A3 81 5B 4B F7 9A F4 .~K7.......[K...
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 176: 9C 83 97 40 37 50 66 55 B5 D4 E1 90 F1 BA 87 B0 ... at 7PfU........
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 192: 3F D2 00 BC DD CD C2 D8 7F 0F 7C 3A 70 57 A0 F0 ?.........|:pW..
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 208: 26 00 00 24 3F 85 3B E1 67 0D E8 E2 4E 07 76 65 &..$?.;.g...N.ve
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 224: BE 0A B5 F8 8B 04 59 0B BB D2 B0 CF AF 22 98 56 ......Y......".V
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 240: 79 CD CF 60 00 00 00 19 04 12 B9 6F AE 3C 15 64 y..`.......o.<.d
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 256: E2 F1 16 5F E9 BE E3 3A CA 03 65 AF C5 F9 3B 41 ..._...:..e...;A
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 272: 2C 32 74 27 AD 38 44 45 2B 8D 44 C6 84 78 16 4A ,2t'.8DE+.D..x.J
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 288: C4 FB 05 9A 11 67 DB C1 EF 22 A7 4E C5 2B DF F4 .....g...".N.+..
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 304: FE 5A 53 27 87 F8 4B 3B D9 92 0C 9F 33 38 26 93 .ZS'..K;....38&.
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 320: AA .
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] using certificate "C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, CN=192.168.20.254, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER"
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] using trusted ca certificate "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot"
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] checking certificate status of "C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, CN=192.168.20.254, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER"
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] ocsp check skipped, no ocsp found
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] certificate status is not available
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] authentication of 'SSG320M.' with RSA signature successful
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] constraint check failed: identity 'C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M, CN=JUNIPER' required
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] selected peer config 'net-net' inacceptable
Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] no alternative config found
Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] deleting SAD entry with SPI c8795470
Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] sending XFRM_MSG_DELSA: => 40 bytes @ 0xb404ad7c
Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] 0: 28 00 00 00 11 00 05 00 CA 00 00 00 7C 0A 00 00 (...........|...
Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] 16: C0 A8 14 33 00 00 00 00 00 00 00 00 00 00 00 00 ...3............
Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] 32: C8 79 54 70 02 00 00 00 .yTp....
Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] received netlink error: Invalid argument (22)
Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] unable to delete SAD entry with SPI c8795470
Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] IKE_SA net-net[1] state change: CONNECTING => DESTROYING
Nov 18 11:58:56 destgd0h003661 charon: 02[KNL] received a XFRM_MSG_EXPIRE
Nov 18 11:58:56 destgd0h003661 charon: 02[KNL] creating delete job for ESP CHILD_SA with SPI c8795470 and reqid {1}
Nov 18 11:58:56 destgd0h003661 charon: 10[JOB] CHILD_SA with reqid 1 not found for delete
----------------------------------------------------------------------------------------------------------------------------------------------
Contents of CA Myroot2
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
92:5e:a6:77:59:63:3c:74
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot
Validity
Not Before: Nov 18 07:37:16 2010 GMT
Not After : Dec 18 07:37:16 2010 GMT
Subject: C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:e2:31:7f:4b:9f:4e:c6:8d:44:e8:00:1c:45:df:
78:a9:bd:f1:ba:8e:35:e9:ee:e2:38:d9:ba:74:d3:
11:fe:75:ca:70:07:15:0a:a5:ed:73:b0:5c:6c:d3:
4e:f7:8c:15:28:36:48:ae:88:13:8b:a3:ca:36:d7:
93:dc:6b:7f:d8:35:b8:24:85:f9:9f:28:c7:ac:0b:
1e:94:4d:17:59:52:a8:ae:78:99:7e:91:90:28:3f:
4c:e7:73:1c:2c:7f:50:13:18:37:f6:f9:2d:55:d5:
43:8e:3d:bd:6c:ec:13:a0:8a:b4:9f:a5:3f:77:9f:
f4:5a:91:d5:9e:1f:d0:de:f1:2b:c8:3a:a3:0f:f7:
6a:3e:8a:41:a8:7a:0e:b6:7a:0a:76:da:b7:9a:8e:
63:1c:c1:2f:67:70:0b:7a:b1:b4:64:f9:bd:e6:17:
a9:10:4e:e5:1e:48:7b:65:87:b2:76:89:4c:72:0b:
a6:65:c4:33:74:5e:97:42:8c:0b:46:65:e8:c9:74:
88:a0:3c:84:39:1a:39:87:cf:a7:5a:74:a5:59:c0:
93:e7:90:c0:91:b0:e7:a3:60:c5:84:16:21:8f:59:
33:8c:ee:8d:0d:d4:79:03:af:f9:61:89:60:e1:73:
91:28:2a:7a:69:1d:63:81:97:02:90:f0:64:96:33:
a1:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:B1:07:7A:EE:CF:E0:01:61:44:E1:3D:4D:70:FE:D2:9A:F9:C7:C4
X509v3 Authority Key Identifier:
keyid:83:B1:07:7A:EE:CF:E0:01:61:44:E1:3D:4D:70:FE:D2:9A:F9:C7:C4
DirName:/C=DE/O=Alcatel-Lucent/OU=Wireless/CN=JuniperRoot
serial:92:5E:A6:77:59:63:3C:74
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
35:1c:1d:b4:58:2e:b9:02:c7:22:ea:c5:2c:16:b0:cf:0b:5f:
c2:32:0b:cb:16:b5:09:ee:d5:0e:42:90:24:fe:6f:54:0e:87:
ed:f4:a0:b7:9b:b7:27:61:39:68:89:15:6c:aa:d0:c1:36:a5:
59:9b:22:73:19:48:5a:10:ea:22:33:bb:f2:b6:65:aa:f1:86:
a8:ba:42:c5:f6:56:a0:bf:5e:ca:32:96:14:d4:7f:98:85:2f:
2e:9b:4e:7f:c8:d7:35:0d:6c:de:03:07:e9:88:18:6a:84:21:
23:79:96:f0:05:05:68:c7:82:d2:f8:0d:2e:7f:7b:d5:2f:64:
c0:10:9d:cd:cf:d0:b9:b6:eb:75:db:32:7a:3e:70:c8:93:c4:
5b:87:be:16:b6:2a:c4:5b:05:c9:d0:41:ff:8d:69:88:7c:39:
66:43:b2:1b:3f:05:25:d5:7b:83:62:a6:d6:27:4f:8b:a8:2d:
40:27:39:69:6c:76:d1:6a:0d:87:ba:20:23:43:0b:28:e4:72:
75:58:c3:1f:19:80:d5:a6:d9:e0:99:49:4a:0b:d7:3a:f6:6a:
ae:df:69:da:f4:b2:0d:7f:a6:d6:d5:1c:5f:d8:07:0e:67:0a:
f2:a6:5a:06:ca:34:29:a6:c0:c7:e7:a9:e9:75:23:a8:14:d3:
0b:36:24:9b
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
Contents of peer certificate received
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 330 (0x14a)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot
Validity
Not Before: Nov 18 10:46:51 2010 GMT
Not After : Nov 15 10:46:51 2020 GMT
Subject: C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, CN=192.168.20.254, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:be:ab:04:cc:f9:59:2b:12:f7:62:52:44:b6:f8:
46:09:77:95:38:e5:a4:c7:3d:f6:3a:89:9e:7c:25:
43:5c:56:8a:d9:8a:4f:ca:9a:f9:6d:15:0e:f6:40:
cd:e4:33:d1:37:23:6e:ce:cb:93:0e:4c:8b:d9:7f:
ea:04:4c:86:0d:56:b8:1a:12:e9:ff:2a:07:8b:ae:
06:4d:57:7e:72:fa:9a:9e:7e:6e:b4:6d:ac:17:84:
30:86:d2:07:5c:8a:18:6a:3e:b2:01:9c:06:46:30:
82:d5:e3:ea:69:d2:fd:8d:63:ec:d1:7c:80:16:fa:
14:96:d3:13:3e:1f:0d:a0:ce:37:36:50:6e:f0:80:
59:91:67:ba:18:d5:d0:d6:75:e8:5f:31:56:a3:8c:
1a:a6:df:63:17:fa:63:c8:b3:a8:f4:23:88:b8:7f:
ca:0d:39:46:5e:2c:64:41:0e:0e:6c:e0:a4:e6:c1:
47:f2:9d:72:30:49:b5:7b:92:05:c5:58:6c:86:14:
a6:df:16:6a:03:cd:14:ae:5d:72:f8:5e:af:1e:cd:
b5:36:4e:aa:e7:15:01:b0:e6:54:20:49:d4:b3:12:
cd:7b:6b:79:28:3f:c8:86:37:66:be:c1:e1:36:70:
15:61:8c:8c:da:f6:b4:27:04:ab:29:a8:12:6b:a2:
5f:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE, pathlen:1
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
C4:81:52:16:BD:CB:A8:C6:E5:A1:97:8A:CE:1A:8B:2E:7D:F4:5B:A9
X509v3 Authority Key Identifier:
keyid:83:B1:07:7A:EE:CF:E0:01:61:44:E1:3D:4D:70:FE:D2:9A:F9:C7:C4
X509v3 Subject Alternative Name:
email:juniper at alcatel-lucent.com, IP Address:192.168.20.254, DNS:SSG320M.
Signature Algorithm: sha1WithRSAEncryption
b8:65:51:b5:eb:dd:85:bf:3a:f3:84:83:d9:07:70:af:25:59:
ae:89:11:fb:87:8b:86:a1:7c:92:a8:55:69:fc:eb:7e:5c:74:
ea:c8:57:4c:a8:ce:c0:98:f4:d8:62:62:92:b2:69:44:31:57:
84:04:c0:50:5c:4e:96:07:6d:b5:42:36:f3:1e:13:60:4b:87:
82:6b:27:c4:00:fd:ce:4c:a2:cf:ac:61:d5:58:a5:5a:79:1c:
ca:a0:01:67:0d:65:67:d2:7e:97:4b:6a:f5:58:89:52:04:a3:
a7:b1:d0:53:4f:4b:f1:3c:db:e6:0a:b2:89:66:77:2a:a1:70:
2e:24:92:40:6f:e1:b1:84:e2:d8:8d:d1:6d:23:d2:7e:3b:74:
b4:73:35:8d:ad:23:11:e7:62:4f:9b:f6:f5:e5:62:5a:1c:c4:
06:b7:74:5c:45:4a:17:a5:e1:38:3e:54:ab:76:03:4f:39:f1:
05:bd:e9:27:43:9e:7c:f2:d0:60:eb:d5:7c:c1:9e:10:c9:e4:
c4:ff:63:03:6b:9a:87:7f:bf:68:92:2b:3e:f0:27:7d:8f:0c:
c2:cb:1e:48:eb:3c:28:b8:1f:9f:b7:a3:fe:dc:c3:6d:eb:fb:
01:73:d1:1c:2f:60:88:19:52:1d:39:ed:f8:3a:75:5c:dd:de:
f0:4e:06:eb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101123/f6192e23/attachment.html>
More information about the Users
mailing list