[strongSwan] certificate status is not available
Andreas Steffen
andreas.steffen at strongswan.org
Tue Nov 23 17:31:37 CET 2010
Hello Bijan,
in rightid you define CN=SSG320M
whereas the certificate says CN=SSG320M.
which has an additional '.' (full stop) character at the end.
Regards
Andreas
On 23.11.2010 09:37, Farivar Tanha, Bijan (Bijan) wrote:
> Hello,
>
> If I check in the client's logs then after the below message the whole
> tunnel is removed from strongSwan.
>
> Nov 18 11:52:55 destgd0h003661 charon: 07[CFG] constraint check failed:
> identity 'C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless,
> CN=JN11AEB36ADD, CN=rsa-key, , CN=JUNIPER' required
>
> I think the identity is wrongly configured on the strongSwan client.
> I can see the rigthid configured as :-->
>
> rightid=C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless,
> CN=JN11AEB36ADD,CN=rsa-key, CN=SSG320M, CN=JUNIPER
>
> Can somebody explain me how have to be configured the leftid and rightid
> according to the certificates information below?
>
> Bijan
> ---------------------------------------------------
> Hello,
>
> we have a problem with authentication of the peer using certificate, as
> you see below
>
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] checking certificate
> status of "C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent,
> CN=192.168.20.254, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER"
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] ocsp check skipped, no
> ocsp found
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] certificate status is not
> available
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] authentication of
> 'SSG320M.' with RSA signature successful
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] constraint check failed:
> identity 'C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless,
> CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M, CN=JUNIPER' required
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] selected peer config
> 'net-net' inacceptable
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] no alternative config found
> Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] deleting SAD entry with
> SPI c8795470
>
> We included below the certificates.
> Could you please help us to find out which options in the certificates
> are not correct?
>
> Regards,
> Bijan
>
> ---------------------------------------------------------------------
>
> Nov 18 11:58:23 destgd0h003661 starter[2379]: ipsec starter stopped
> Nov 18 11:58:26 destgd0h003661 ipsec_starter[2661]: Starting strongSwan
> 4.3.4 IPsec [starter]...
> Nov 18 11:58:26 destgd0h003661 charon: 01[DMN] Starting IKEv2 charon
> daemon (strongSwan 4.3.4)
> Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] listening on interfaces:
> Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] eth1
> Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] 192.168.20.51
> Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] fe80::217:3fff:fed0:772c
> Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] eth0
> Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] 149.204.17.51
> Nov 18 11:58:26 destgd0h003661 charon: 01[KNL] fe80::224:81ff:fe1d:d4fa
> Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading ca certificates
> from '/etc/ipsec.d/cacerts'
> Nov 18 11:58:26 destgd0h003661 charon: 01[LIB] loaded certificate file
> '/etc/ipsec.d/cacerts/Myroot2.pem'
> Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading aa certificates
> from '/etc/ipsec.d/aacerts'
> Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading ocsp signer
> certificates from '/etc/ipsec.d/ocspcerts'
> Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading attribute
> certificates from '/etc/ipsec.d/acerts'
> Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading crls from
> '/etc/ipsec.d/crls'
> Nov 18 11:58:26 destgd0h003661 charon: 01[LIB] loaded crl file
> '/etc/ipsec.d/crls/crl_Myroot1.pem'
> Nov 18 11:58:26 destgd0h003661 charon: 01[LIB] loaded crl file
> '/etc/ipsec.d/crls/crl_Myroot2.pem'
> Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loading secrets from
> '/etc/ipsec.secrets'
> Nov 18 11:58:26 destgd0h003661 charon: 01[CFG] loaded private key file
> '/etc/ipsec.d/private/MyBTS1_key.pem'
> Nov 18 11:58:26 destgd0h003661 charon: 01[DMN] loaded plugins: curl ldap
> aes des sha1 sha2 md5 fips-prf random x509 pubkey openssl gcrypt xcbc
> hmac gmp kernel-netlink stroke updown attr resolv-conf
> Nov 18 11:58:26 destgd0h003661 charon: 01[JOB] spawning 16 worker threads
> Nov 18 11:58:26 destgd0h003661 ipsec_starter[2683]: charon (2684)
> started after 20 ms
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] stroke message => 272
> bytes @ 0xb604f160
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 0: 10 01 73 B7 0C 00
> 00 00 FF FF FF FF 01 00 00 00 ..s.............
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 16: 48 B7 E5 BF 6B 86
> 06 08 A0 89 01 00 60 A6 06 08 H...k.......`...
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 32: 48 B7 E5 BF 27 B7
> E5 BF 00 94 73 B7 32 36 38 33 H...'.....s.2683
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 48: 08 00 00 00 74 86
> 06 08 10 00 00 00 08 00 00 00 ....t...........
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 64: F4 9F 73 B7 58 86
> 06 08 00 00 00 00 A0 B3 73 B7 ..s.X.........s.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 80: 50 86 64 B7 13 C8
> 64 B7 C0 8F 73 B7 02 00 00 00 P.d...d...s.....
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 96: C0 41 06 08 08 20
> 00 00 F4 9F 73 B7 60 86 06 08 .A... ....s.`...
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 112: 13 C8 64 B7 40 14
> 00 00 F0 B6 73 B7 C0 D6 5D B7 ..d. at .....s...].
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 128: 03 99 64 B7 D0 2B
> 06 08 00 00 00 00 F4 9F 73 B7 ..d..+........s.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 144: 58 A9 01 00 A8 86
> 06 08 D0 2B 06 08 F4 9F 73 B7 X........+....s.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 160: A0 B3 73 B7 00 00
> 00 00 C0 D6 5D B7 DD FF 64 B7 ..s.......]...d.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 176: 00 00 00 00 F4 9F
> 73 B7 F4 9F 73 B7 A0 B3 73 B7 ......s...s...s.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 192: D0 2B 06 08 C0 D6
> 5D B7 DD FF 64 B7 C0 D6 5D B7 .+....]...d...].
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 208: F4 9F 73 B7 F4 9F
> 73 B7 14 00 00 00 77 C9 6A B7 ..s...s.....w.j.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 224: 60 86 06 08 60 86
> 06 08 4A 00 00 00 00 40 00 00 `...`...J.... at ..
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 240: 00 94 73 B7 E0 99
> 73 B7 02 00 00 00 1A 00 00 00 ..s...s.........
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 256: 3A 00 00 00 0B 00
> 00 00 12 00 00 00 0A 00 00 00 :...............
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] crl caching to
> /etc/ipsec.d/crls enabled
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] stroke message => 289
> bytes @ 0xb604f150
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 0: 21 01 73 B7 09 00
> 00 00 FF FF FF FF 10 01 00 00 !.s.............
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 16: 15 01 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 32: 00 00 00 00 00 00
> 00 00 00 94 73 B7 32 36 38 33 ..........s.2683
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 48: 08 00 00 00 74 86
> 06 08 10 00 00 00 08 00 00 00 ....t...........
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 64: F4 9F 73 B7 58 86
> 06 08 00 00 00 00 A0 B3 73 B7 ..s.X.........s.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 80: 50 86 64 B7 13 C8
> 64 B7 C0 8F 73 B7 02 00 00 00 P.d...d...s.....
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 96: C0 41 06 08 08 20
> 00 00 F4 9F 73 B7 60 86 06 08 .A... ....s.`...
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 112: 13 C8 64 B7 40 14
> 00 00 F0 B6 73 B7 C0 D6 5D B7 ..d. at .....s...].
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 128: 03 99 64 B7 D0 2B
> 06 08 00 00 00 00 F4 9F 73 B7 ..d..+........s.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 144: 58 A9 01 00 A8 86
> 06 08 D0 2B 06 08 F4 9F 73 B7 X........+....s.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 160: A0 B3 73 B7 00 00
> 00 00 C0 D6 5D B7 DD FF 64 B7 ..s.......]...d.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 176: 00 00 00 00 F4 9F
> 73 B7 F4 9F 73 B7 A0 B3 73 B7 ......s...s...s.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 192: D0 2B 06 08 C0 D6
> 5D B7 DD FF 64 B7 C0 D6 5D B7 .+....]...d...].
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 208: F4 9F 73 B7 F4 9F
> 73 B7 14 00 00 00 77 C9 6A B7 ..s...s.....w.j.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 224: 60 86 06 08 60 86
> 06 08 4A 00 00 00 00 40 00 00 `...`...J.... at ..
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 240: 00 94 73 B7 E0 99
> 73 B7 02 00 00 00 1A 00 00 00 ..s...s.........
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 256: 3A 00 00 00 0B 00
> 00 00 12 00 00 00 0A 00 00 00 :...............
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 272: 73 77 61 6E 00 4D
> 79 72 6F 6F 74 32 2E 70 65 6D swan.Myroot2.pem
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 288:
> 00 .
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] received stroke: add ca
> 'swan'
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] ca swan
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] cacert=Myroot2.pem
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] crluri=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] crluri2=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] ocspuri=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] ocspuri2=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] certuribase=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[LIB] loaded certificate file
> '/etc/ipsec.d/cacerts/Myroot2.pem'
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] added ca 'swan'
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] stroke message => 503
> bytes @ 0xb604f070
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 0: F7 01 00 00 03 00
> 00 00 FF FF FF FF 10 01 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 16: 01 00 00 00 01 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 32: 00 00 00 00 02 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 48: 00 00 00 00 00 00
> 00 00 01 00 00 00 01 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 64: 01 00 00 00 18 01
> 00 00 2C 01 00 00 00 00 00 00 ........,.......
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 80: D0 70 00 00 80 70
> 00 00 80 16 00 00 01 00 00 00 .p...p..........
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 96: 64 00 00 00 3C 00
> 00 00 03 00 00 00 00 00 00 00 d...<...........
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 112: 00 00 00 00 00 00
> 00 00 40 01 00 00 00 00 00 00 ........ at .......
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 128: 00 00 00 00 00 00
> 00 00 00 00 00 00 47 01 00 00 ............G...
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 144: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 160: 00 00 00 00 52 01
> 00 00 00 00 00 00 01 00 00 00 ....R...........
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 176: 00 00 00 00 01 00
> 00 00 00 00 00 00 01 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 192: 00 00 00 00 60 01
> 00 00 00 00 00 00 67 01 00 00 ....`.......g...
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 208: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 224: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 240: D8 01 00 00 00 00
> 00 00 00 00 00 00 E7 01 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 256: 01 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 272: 6E 65 74 2D 6E 65
> 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 288: 31 2D 6D 6F 64 70
> 31 30 32 34 21 00 33 64 65 73 1-modp1024!.3des
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 304: 2D 73 68 61 31 2D
> 6D 6F 64 70 31 30 32 34 21 00 -sha1-modp1024!.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 320: 72 73 61 73 69 67
> 00 4D 79 42 54 53 31 2E 70 65 rsasig.MyBTS1.pe
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 336: 6D 00 31 39 32 2E
> 31 36 38 2E 32 30 2E 35 31 00 m.192.168.20.51.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 352: 72 73 61 73 69 67
> 00 43 3D 44 45 2C 20 53 54 3D rsasig.C=DE, ST=
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 368: 47 65 72 6D 61 6E
> 79 2C 20 4C 3D 53 74 75 74 74 Germany, L=Stutt
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 384: 67 61 72 74 2C 20
> 4F 3D 41 6C 63 61 74 65 6C 2D gart, O=Alcatel-
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 400: 4C 75 63 65 6E 74
> 2C 20 4F 55 3D 57 69 72 65 6C Lucent, OU=Wirel
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 416: 65 73 73 2C 20 43
> 4E 3D 4A 4E 31 31 41 45 42 33 ess, CN=JN11AEB3
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 432: 36 41 44 44 2C 43
> 4E 3D 72 73 61 2D 6B 65 79 2C 6ADD,CN=rsa-key,
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 448: 20 43 4E 3D 53 53
> 47 33 32 30 4D 2C 20 43 4E 3D CN=SSG320M, CN=
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 464: 4A 55 4E 49 50 45
> 52 00 31 39 32 2E 31 36 38 2E JUNIPER.192.168.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 480: 32 30 2E 32 35 34
> 00 31 39 32 2E 31 36 38 2E 33 20.254.192.168.3
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] 496: 30 2E 30 2F 32 34
> 00 0.0/24.
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] received stroke: add
> connection 'net-net'
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] conn net-net
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] left=192.168.20.51
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftsubnet=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftsourceip=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftauth=rsasig
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftauth2=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftid=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftid2=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftcert=MyBTS1.pem
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftcert2=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftca=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftca2=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftgroups=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] leftupdown=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] right=192.168.20.254
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightsubnet=192.168.30.0/24
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightsourceip=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightauth=rsasig
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightauth2=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightid=C=DE,
> ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless,
> CN=JN11AEB36ADD,CN=rsa-key, CN=SSG320M, CN=JUNIPER
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightid2=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightcert=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightcert2=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightca=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightca2=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightgroups=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] rightupdown=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] eap_identity=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] ike=3des-sha1-modp1024!
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] esp=3des-sha1-modp1024!
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] mediation=no
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] mediated_by=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] me_peerid=(null)
> Nov 18 11:58:26 destgd0h003661 charon: 04[KNL] getting interface name
> for 192.168.20.254
> Nov 18 11:58:26 destgd0h003661 charon: 04[KNL] 192.168.20.254 is not a
> local address
> Nov 18 11:58:26 destgd0h003661 charon: 04[KNL] getting interface name
> for 192.168.20.51
> Nov 18 11:58:26 destgd0h003661 charon: 04[KNL] 192.168.20.51 is on
> interface eth1
> Nov 18 11:58:26 destgd0h003661 charon: 04[LIB] loaded certificate file
> '/etc/ipsec.d/certs/MyBTS1.pem'
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] peerid 192.168.20.51
> not confirmed by certificate, defaulting to subject DN: C=DE,
> O=Alcatel-Lucent, OU=Wireless, CN=SWAN
> Nov 18 11:58:26 destgd0h003661 charon: 04[CFG] added configuration 'net-net'
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] stroke message => 280
> bytes @ 0xb2047150
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 0: 18 01 00 00 00 00
> 00 00 FF FF FF FF 10 01 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 16: 00 00 00 00 02 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 32: 00 00 00 00 00 00
> 00 00 01 00 00 00 01 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 48: 01 00 00 00 18 01
> 00 00 2C 01 00 00 00 00 00 00 ........,.......
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 64: D0 70 00 00 80 70
> 00 00 80 16 00 00 01 00 00 00 .p...p..........
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 80: 64 00 00 00 3C 00
> 00 00 03 00 00 00 00 00 00 00 d...<...........
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 96: 00 00 00 00 00 00
> 00 00 40 01 00 00 00 00 00 00 ........ at .......
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 112: 00 00 00 00 00 00
> 00 00 00 00 00 00 47 01 00 00 ............G...
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 128: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 144: 00 00 00 00 52 01
> 00 00 00 00 00 00 01 00 00 00 ....R...........
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 160: 00 00 00 00 01 00
> 00 00 00 00 00 00 01 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 176: 00 00 00 00 60 01
> 00 00 00 00 00 00 67 01 00 00 ....`.......g...
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 192: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 208: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 224: D8 01 00 00 00 00
> 00 00 00 00 00 00 E7 01 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 240: 01 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 256: 6E 65 74 2D 6E 65
> 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] 272: 6E 65 74 2D 6E 65
> 74 00 net-net.
> Nov 18 11:58:26 destgd0h003661 charon: 12[CFG] received stroke: initiate
> 'net-net'
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_INIT task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_NATD task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_CERT_PRE task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_AUTHENTICATE
> task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_CERT_POST task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing IKE_CONFIG task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing
> IKE_AUTH_LIFETIME task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] queueing CHILD_CREATE task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating new tasks
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating IKE_INIT task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating IKE_NATD task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating IKE_CERT_PRE
> task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating
> IKE_AUTHENTICATE task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating
> IKE_CERT_POST task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating IKE_CONFIG task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating CHILD_CREATE
> task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] activating
> IKE_AUTH_LIFETIME task
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] initiating IKE_SA
> net-net[1] to 192.168.20.254
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] initiating IKE_SA
> net-net[1] to 192.168.20.254
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] IKE_SA net-net[1] state
> change: CREATED => CONNECTING
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] natd_chunk => 22 bytes @
> 0x80a9d20
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 0: 4E 5D 6F 38 14 2B
> 36 FE 00 00 00 00 00 00 00 00 N]o8.+6.........
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 16: C0 A8 14 FE 01
> F4 ......
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] natd_hash => 20 bytes @
> 0x80a7c80
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 0: A8 0D E1 2B 4D CB
> 4D 42 BC 26 59 E4 3C 3E 88 89 ...+M.MB.&Y.<>..
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 16: AE DD E1
> 76 ...v
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] natd_chunk => 22 bytes @
> 0x80a9d20
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 0: 4E 5D 6F 38 14 2B
> 36 FE 00 00 00 00 00 00 00 00 N]o8.+6.........
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 16: C0 A8 14 33 01
> F4 ...3..
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] natd_hash => 20 bytes @
> 0x80a7c80
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 0: 18 27 5C 02 7C C7
> 51 BA 46 EC DB 4A D9 93 4F 27 .'\.|.Q.F..J..O'
> Nov 18 11:58:26 destgd0h003661 charon: 12[IKE] 16: 34 4A A6
> 7E 4J.~
> Nov 18 11:58:26 destgd0h003661 charon: 12[ENC] generating IKE_SA_INIT
> request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
> Nov 18 11:58:26 destgd0h003661 charon: 12[NET] sending packet: from
> 192.168.20.51[500] to 192.168.20.254[500]
> Nov 18 11:58:26 destgd0h003661 charon: 15[NET] received packet: from
> 192.168.20.254[500] to 192.168.20.51[500]
> Nov 18 11:58:26 destgd0h003661 charon: 15[ENC] parsed IKE_SA_INIT
> response 0 [ SA KE No CERTREQ ]
> Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] selecting proposal:
> Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] proposal matches
> Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] received proposals:
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] configured proposals:
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] selected proposal:
> IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] shared Diffie Hellman
> secret => 128 bytes @ 0x80ab128
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 9F 14 EA 4A F4 9F
> 14 1F 4B B6 43 64 BF 61 DC FF ...J....K.Cd.a..
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: C0 B2 57 93 BE 68
> 89 20 5E 41 6F 51 AA FE E7 4D ..W..h. ^AoQ...M
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 32: 59 77 E5 4D 28 8E
> 88 86 E3 99 C9 98 9F 89 4E 50 Yw.M(.........NP
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 48: 5E 2B DE 97 07 96
> 6A 29 F7 68 9A 79 50 9F 9B 85 ^+....j).h.yP...
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 64: 03 33 B3 7E 95 53
> EB A4 37 7F BB 40 AD CD 60 D1 .3.~.S..7.. at ..`.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 80: 90 D8 0C 8C F0 D8
> 48 FF 51 F1 46 AF 09 A9 8A D9 ......H.Q.F.....
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 96: 4A 48 C4 E2 DA F4
> BC 8F FA 82 91 59 06 33 AE FD JH.........Y.3..
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 112: 65 86 21 55 33 D0
> 03 3B 20 CE 7F F8 DA E3 9B 36 e.!U3..; ......6
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] SKEYSEED => 20 bytes @
> 0x80a9818
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 2B 3E 58 5F A9 48
> DF 6B CC 8A C9 C3 83 48 7D 1B +>X_.H.k.....H}.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: D7 03 B1
> 3B ...;
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_d secret => 20 bytes @
> 0x80a9818
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 6E 7B 67 D8 84 EC
> 1D AB 14 2F 32 F4 76 03 59 54 n{g....../2.v.YT
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: B7 2A 55
> 3B .*U;
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_ai secret => 20 bytes
> @ 0x80a9e08
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: A4 51 BF B7 C9 64
> ED 8C 02 E0 2C B5 33 B6 94 24 .Q...d....,.3..$
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 23 20 99
> A8 # ..
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_ar secret => 20 bytes
> @ 0x80a9e08
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: BB E8 5F 0F AF 03
> 69 FA CB CB C8 BD 58 F3 AE 43 .._...i.....X..C
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 44 CB CB
> D8 D...
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_ei secret => 24 bytes
> @ 0x80aa670
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 33 8B DA 24 E0 8B
> A6 39 0F 88 05 03 31 F2 66 7B 3..$...9....1.f{
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 83 68 1E 3C 50 B7
> 39 AF .h.<P.9.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_er secret => 24 bytes
> @ 0x80aa670
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 52 DB EB 02 57 4D
> 4D 00 CE 9E 5D 31 FB 39 74 37 R...WMM...]1.9t7
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: CE 0C E0 99 94 1C
> E5 84 ........
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_pi secret => 20 bytes
> @ 0x80a9c68
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: F9 0B C5 61 80 3D
> FC 9A F1 19 9B 94 97 E6 EF 26 ...a.=.........&
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: E1 97 83
> 5C ...\
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] Sk_pr secret => 20 bytes
> @ 0x80a9e08
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: E1 AA 58 8B 27 36
> 64 F6 9A 9B 8E DF 3E 0A 66 5F ..X.'6d.....>.f_
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 26 27 E1
> 6C &'.l
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] natd_chunk => 22 bytes @
> 0x80a5918
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 4E 5D 6F 38 14 2B
> 36 FE 6C E2 E9 07 32 41 86 85 N]o8.+6.l...2A..
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: C0 A8 14 33 01
> F4 ...3..
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] natd_hash => 20 bytes @
> 0x80a9a30
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 82 BE D1 D4 FB 95
> A9 68 63 2D A8 F2 D9 0C E2 0D .......hc-......
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 75 BF 12
> E2 u...
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] natd_chunk => 22 bytes @
> 0x80a5918
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 4E 5D 6F 38 14 2B
> 36 FE 6C E2 E9 07 32 41 86 85 N]o8.+6.l...2A..
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: C0 A8 14 FE 01
> F4 ......
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] natd_hash => 20 bytes @
> 0x80a60e8
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 7A 5F 7F 27 B4 71
> 8D 77 3D 5C FC DA 57 F5 2F 07 z_.'.q.w=\..W./.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 0A 64 53
> 5A .dSZ
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] precalculated src_hash =>
> 20 bytes @ 0x80a60e8
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 7A 5F 7F 27 B4 71
> 8D 77 3D 5C FC DA 57 F5 2F 07 z_.'.q.w=\..W./.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 0A 64 53
> 5A .dSZ
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] precalculated dst_hash =>
> 20 bytes @ 0x80a9a30
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 82 BE D1 D4 FB 95
> A9 68 63 2D A8 F2 D9 0C E2 0D .......hc-......
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 75 BF 12
> E2 u...
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] received cert request for
> unknown ca with keyid
> 12:b9:6f:ae:3c:15:64:e2:f1:16:5f:e9:be:e3:3a:ca:03:65:af:c5
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] reinitiating already
> active tasks
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] IKE_CERT_PRE task
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] IKE_AUTHENTICATE task
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] sending cert request for
> "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot"
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] sending cert request for
> "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN"
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] IDx' => 78 bytes @ 0xb0844040
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 09 00 00 00 30 48
> 31 0B 30 09 06 03 55 04 06 13 ....0H1.0...U...
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 02 44 45 31 17 30
> 15 06 03 55 04 0A 13 0E 41 6C .DE1.0...U....Al
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 32: 63 61 74 65 6C 2D
> 4C 75 63 65 6E 74 31 11 30 0F catel-Lucent1.0.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 48: 06 03 55 04 0B 13
> 08 57 69 72 65 6C 65 73 73 31 ..U....Wireless1
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 64: 0D 30 0B 06 03 55
> 04 03 13 04 53 57 41 4E .0...U....SWAN
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] SK_p => 20 bytes @ 0x80a9c68
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: F9 0B C5 61 80 3D
> FC 9A F1 19 9B 94 97 E6 EF 26 ...a.=.........&
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: E1 97 83
> 5C ...\
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] octets = message + nonce
> + prf(Sk_px, IDx') => 352 bytes @ 0x80ab850
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 0: 4E 5D 6F 38 14 2B
> 36 FE 00 00 00 00 00 00 00 00 N]o8.+6.........
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 16: 21 20 22 08 00 00
> 00 00 00 00 01 2C 22 00 00 2C ! "........,"..,
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 32: 00 00 00 28 01 01
> 00 04 03 00 00 08 01 00 00 03 ...(............
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 48: 03 00 00 08 03 00
> 00 02 03 00 00 08 02 00 00 02 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 64: 00 00 00 08 04 00
> 00 02 28 00 00 88 00 02 00 00 ........(.......
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 80: B3 FB 9A 96 FF 15
> BE C0 3B CA 64 6C C1 13 C5 3A ........;.dl...:
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 96: 7E 3E 98 1A 21 2E
> 3D 5E 8C 2C 3D 7C E2 EA 4F CA ~>..!.=^.,=|..O.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 112: 8D 89 AB F5 0D 6C
> 83 2E 54 41 6B 84 61 DF D8 F0 .....l..TAk.a...
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 128: 1B 2C A3 B6 0D BB
> BF 5D 1F 8F 0B 5E 81 A0 A1 34 .,.....]...^...4
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 144: 13 E4 26 CB FD DB
> 3D 6C C1 8D A7 11 3B 32 38 58 ..&...=l....;28X
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 160: A9 0D 9D 28 85 6A
> B2 53 3D 43 37 8B 6C B2 93 47 ...(.j.S=C7.l..G
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 176: B7 C9 8E FE CD D5
> 1F FC D2 02 69 8C 84 18 C8 79 ..........i....y
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 192: A1 00 34 BC 8E B7
> C5 17 FE D1 9F 8D 62 DF 0C 3E ..4.........b..>
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 208: 29 00 00 24 F9 3B
> 41 2C 32 74 27 AD 38 44 45 2B )..$.;A,2t'.8DE+
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 224: 8D 44 C6 84 78 16
> 4A C4 FB 05 9A 11 67 DB C1 EF .D..x.J.....g...
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 240: 22 A7 4E C5 29 00
> 00 1C 00 00 40 04 18 27 5C 02 ".N.)..... at ..'\.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 256: 7C C7 51 BA 46 EC
> DB 4A D9 93 4F 27 34 4A A6 7E |.Q.F..J..O'4J.~
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 272: 00 00 00 1C 00 00
> 40 05 A8 0D E1 2B 4D CB 4D 42 ...... at ....+M.MB
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 288: BC 26 59 E4 3C 3E
> 88 89 AE DD E1 76 3F 85 3B E1 .&Y.<>.....v?.;.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 304: 67 0D E8 E2 4E 07
> 76 65 BE 0A B5 F8 8B 04 59 0B g...N.ve......Y.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 320: BB D2 B0 CF AF 22
> 98 56 79 CD CF 60 7F B0 66 C4 .....".Vy..`..f.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] 336: 93 9D 64 33 33 C8
> ED 50 DE 44 D1 67 E3 7B 38 11 ..d33..P.D.g.{8.
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] authentication of 'C=DE,
> O=Alcatel-Lucent, OU=Wireless, CN=SWAN' (myself) with RSA signature
> successful
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] sending end entity cert
> "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN"
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] establishing CHILD_SA net-net
> Nov 18 11:58:26 destgd0h003661 charon: 15[IKE] establishing CHILD_SA net-net
> Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] proposing traffic
> selectors for us:
> Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] dynamic (derived from
> dynamic)
> Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] proposing traffic
> selectors for other:
> Nov 18 11:58:26 destgd0h003661 charon: 15[CFG] 192.168.30.0/24 (derived
> from 192.168.30.0/24)
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] getting SPI for reqid {1}
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] sending
> XFRM_MSG_ALLOCSPI: => 244 bytes @ 0xb0843cfc
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 0: F4 00 00 00 16 00
> 01 00 C9 00 00 00 7C 0A 00 00 ............|...
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 16: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 32: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 48: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 64: 00 00 00 00 00 00
> 00 00 C0 A8 14 33 00 00 00 00 ...........3....
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 80: 00 00 00 00 00 00
> 00 00 00 00 00 00 32 00 00 00 ............2...
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 96: C0 A8 14 FE 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 112: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 128: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 144: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 160: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 176: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 192: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 208: 00 00 00 00 00 00
> 00 00 00 00 00 00 00 00 00 00 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 224: 01 00 00 00 02 00
> 01 00 00 00 00 00 00 00 00 C0 ................
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] 240: FF FF FF
> CF ....
> Nov 18 11:58:26 destgd0h003661 charon: 15[KNL] got SPI c8795470 for
> reqid {1}
> Nov 18 11:58:26 destgd0h003661 charon: 15[ENC] generating IKE_AUTH
> request 1 [ IDi CERT CERTREQ IDr AUTH CP SA TSi TSr ]
> Nov 18 11:58:26 destgd0h003661 charon: 15[NET] sending packet: from
> 192.168.20.51[500] to 192.168.20.254[500]
> Nov 18 11:58:26 destgd0h003661 charon: 08[NET] received packet: from
> 192.168.20.254[500] to 192.168.20.51[500]
> Nov 18 11:58:26 destgd0h003661 charon: 08[ENC] parsed IKE_AUTH response
> 1 [ IDr CERT AUTH CP SA N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) TSi TSr ]
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] received end entity cert
> "C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, CN=192.168.20.254,
> CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER"
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] received
> ESP_TFC_PADDING_NOT_SUPPORTED notify
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] received
> NON_FIRST_FRAGMENTS_ALSO notify
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] IDx' => 12 bytes @ 0xb404b0b0
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 0: 02 00 00 00 53 53
> 47 33 32 30 4D 2E ....SSG320M.
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] SK_p => 20 bytes @ 0x80a9e08
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 0: E1 AA 58 8B 27 36
> 64 F6 9A 9B 8E DF 3E 0A 66 5F ..X.'6d.....>.f_
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 16: 26 27 E1
> 6C &'.l
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] octets = message + nonce
> + prf(Sk_px, IDx') => 321 bytes @ 0x80ab938
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 0: 4E 5D 6F 38 14 2B
> 36 FE 6C E2 E9 07 32 41 86 85 N]o8.+6.l...2A..
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 16: 21 20 22 20 00 00
> 00 00 00 00 01 0D 22 00 00 2C ! " ........"..,
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 32: 00 00 00 28 01 01
> 00 04 03 00 00 08 01 00 00 03 ...(............
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 48: 03 00 00 08 02 00
> 00 02 03 00 00 08 03 00 00 02 ................
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 64: 00 00 00 08 04 00
> 00 02 28 00 00 88 00 02 00 00 ........(.......
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 80: 52 D2 C9 D1 FF D4
> 83 82 A9 1C C4 4F 53 75 CA FE R..........OSu..
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 96: BA 35 1C C4 CC 4B
> E1 1C 94 F1 20 FD F9 BC C8 1A .5...K.... .....
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 112: E2 16 A2 F8 ED 29
> 2D FA 5F 14 57 B2 75 09 EF E6 .....)-._.W.u...
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 128: 5C 22 E2 4D 80 52
> 8B 45 6E 2A FE AF 78 84 8B D1 \".M.R.En*..x...
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 144: B7 DF DA 39 17 F2
> E3 38 36 84 C7 2C 42 BA 50 20 ...9...86..,B.P
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 160: EA 7E 4B 37 E3 A1
> 14 1D CE A3 81 5B 4B F7 9A F4 .~K7.......[K...
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 176: 9C 83 97 40 37 50
> 66 55 B5 D4 E1 90 F1 BA 87 B0 ... at 7PfU........
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 192: 3F D2 00 BC DD CD
> C2 D8 7F 0F 7C 3A 70 57 A0 F0 ?.........|:pW..
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 208: 26 00 00 24 3F 85
> 3B E1 67 0D E8 E2 4E 07 76 65 &..$?.;.g...N.ve
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 224: BE 0A B5 F8 8B 04
> 59 0B BB D2 B0 CF AF 22 98 56 ......Y......".V
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 240: 79 CD CF 60 00 00
> 00 19 04 12 B9 6F AE 3C 15 64 y..`.......o.<.d
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 256: E2 F1 16 5F E9 BE
> E3 3A CA 03 65 AF C5 F9 3B 41 ..._...:..e...;A
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 272: 2C 32 74 27 AD 38
> 44 45 2B 8D 44 C6 84 78 16 4A ,2t'.8DE+.D..x.J
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 288: C4 FB 05 9A 11 67
> DB C1 EF 22 A7 4E C5 2B DF F4 .....g...".N.+..
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 304: FE 5A 53 27 87 F8
> 4B 3B D9 92 0C 9F 33 38 26 93 .ZS'..K;....38&.
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] 320:
> AA .
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] using certificate
> "C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, CN=192.168.20.254,
> CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER"
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] using trusted ca
> certificate "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot"
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] checking certificate
> status of "C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent,
> CN=192.168.20.254, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER"
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] ocsp check skipped, no
> ocsp found
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] certificate status is not
> available
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] authentication of
> 'SSG320M.' with RSA signature successful
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] constraint check failed:
> identity 'C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, OU=Wireless,
> CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M, CN=JUNIPER' required
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] selected peer config
> 'net-net' inacceptable
> Nov 18 11:58:26 destgd0h003661 charon: 08[CFG] no alternative config found
> Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] deleting SAD entry with
> SPI c8795470
> Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] sending XFRM_MSG_DELSA:
> => 40 bytes @ 0xb404ad7c
> Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] 0: 28 00 00 00 11 00
> 05 00 CA 00 00 00 7C 0A 00 00 (...........|...
> Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] 16: C0 A8 14 33 00 00
> 00 00 00 00 00 00 00 00 00 00 ...3............
> Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] 32: C8 79 54 70 02 00
> 00 00 .yTp....
> Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] received netlink error:
> Invalid argument (22)
> Nov 18 11:58:26 destgd0h003661 charon: 08[KNL] unable to delete SAD
> entry with SPI c8795470
> Nov 18 11:58:26 destgd0h003661 charon: 08[IKE] IKE_SA net-net[1] state
> change: CONNECTING => DESTROYING
> Nov 18 11:58:56 destgd0h003661 charon: 02[KNL] received a XFRM_MSG_EXPIRE
> Nov 18 11:58:56 destgd0h003661 charon: 02[KNL] creating delete job for
> ESP CHILD_SA with SPI c8795470 and reqid {1}
> Nov 18 11:58:56 destgd0h003661 charon: 10[JOB] CHILD_SA with reqid 1 not
> found for delete
>
> ----------------------------------------------------------------------------------------------------------------------------------------------
> *Contents of CA Myroot2*
>
>
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 92:5e:a6:77:59:63:3c:74
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot
> Validity
> Not Before: Nov 18 07:37:16 2010 GMT
> Not After : Dec 18 07:37:16 2010 GMT
> Subject: C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (2048 bit)
> Modulus (2048 bit):
> 00:e2:31:7f:4b:9f:4e:c6:8d:44:e8:00:1c:45:df:
> 78:a9:bd:f1:ba:8e:35:e9:ee:e2:38:d9:ba:74:d3:
> 11:fe:75:ca:70:07:15:0a:a5:ed:73:b0:5c:6c:d3:
> 4e:f7:8c:15:28:36:48:ae:88:13:8b:a3:ca:36:d7:
> 93:dc:6b:7f:d8:35:b8:24:85:f9:9f:28:c7:ac:0b:
> 1e:94:4d:17:59:52:a8:ae:78:99:7e:91:90:28:3f:
> 4c:e7:73:1c:2c:7f:50:13:18:37:f6:f9:2d:55:d5:
> 43:8e:3d:bd:6c:ec:13:a0:8a:b4:9f:a5:3f:77:9f:
> f4:5a:91:d5:9e:1f:d0:de:f1:2b:c8:3a:a3:0f:f7:
> 6a:3e:8a:41:a8:7a:0e:b6:7a:0a:76:da:b7:9a:8e:
> 63:1c:c1:2f:67:70:0b:7a:b1:b4:64:f9:bd:e6:17:
> a9:10:4e:e5:1e:48:7b:65:87:b2:76:89:4c:72:0b:
> a6:65:c4:33:74:5e:97:42:8c:0b:46:65:e8:c9:74:
> 88:a0:3c:84:39:1a:39:87:cf:a7:5a:74:a5:59:c0:
> 93:e7:90:c0:91:b0:e7:a3:60:c5:84:16:21:8f:59:
> 33:8c:ee:8d:0d:d4:79:03:af:f9:61:89:60:e1:73:
> 91:28:2a:7a:69:1d:63:81:97:02:90:f0:64:96:33:
> a1:af
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Subject Key Identifier:
> 83:B1:07:7A:EE:CF:E0:01:61:44:E1:3D:4D:70:FE:D2:9A:F9:C7:C4
> X509v3 Authority Key Identifier:
>
> keyid:83:B1:07:7A:EE:CF:E0:01:61:44:E1:3D:4D:70:FE:D2:9A:F9:C7:C4
> DirName:/C=DE/O=Alcatel-Lucent/OU=Wireless/CN=JuniperRoot
> serial:92:5E:A6:77:59:63:3C:74
>
> X509v3 Basic Constraints:
> CA:TRUE
> Signature Algorithm: sha1WithRSAEncryption
> 35:1c:1d:b4:58:2e:b9:02:c7:22:ea:c5:2c:16:b0:cf:0b:5f:
> c2:32:0b:cb:16:b5:09:ee:d5:0e:42:90:24:fe:6f:54:0e:87:
> ed:f4:a0:b7:9b:b7:27:61:39:68:89:15:6c:aa:d0:c1:36:a5:
> 59:9b:22:73:19:48:5a:10:ea:22:33:bb:f2:b6:65:aa:f1:86:
> a8:ba:42:c5:f6:56:a0:bf:5e:ca:32:96:14:d4:7f:98:85:2f:
> 2e:9b:4e:7f:c8:d7:35:0d:6c:de:03:07:e9:88:18:6a:84:21:
> 23:79:96:f0:05:05:68:c7:82:d2:f8:0d:2e:7f:7b:d5:2f:64:
> c0:10:9d:cd:cf:d0:b9:b6:eb:75:db:32:7a:3e:70:c8:93:c4:
> 5b:87:be:16:b6:2a:c4:5b:05:c9:d0:41:ff:8d:69:88:7c:39:
> 66:43:b2:1b:3f:05:25:d5:7b:83:62:a6:d6:27:4f:8b:a8:2d:
> 40:27:39:69:6c:76:d1:6a:0d:87:ba:20:23:43:0b:28:e4:72:
> 75:58:c3:1f:19:80:d5:a6:d9:e0:99:49:4a:0b:d7:3a:f6:6a:
> ae:df:69:da:f4:b2:0d:7f:a6:d6:d5:1c:5f:d8:07:0e:67:0a:
> f2:a6:5a:06:ca:34:29:a6:c0:c7:e7:a9:e9:75:23:a8:14:d3:
> 0b:36:24:9b
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> *Contents of peer certificate received*
>
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 330 (0x14a)
> Signature Algorithm: sha1WithRSAEncryption
> Issuer: C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot
> Validity
> Not Before: Nov 18 10:46:51 2010 GMT
> Not After : Nov 15 10:46:51 2020 GMT
> Subject: C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent,
> CN=192.168.20.254, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (2048 bit)
> Modulus (2048 bit):
> 00:be:ab:04:cc:f9:59:2b:12:f7:62:52:44:b6:f8:
> 46:09:77:95:38:e5:a4:c7:3d:f6:3a:89:9e:7c:25:
> 43:5c:56:8a:d9:8a:4f:ca:9a:f9:6d:15:0e:f6:40:
> cd:e4:33:d1:37:23:6e:ce:cb:93:0e:4c:8b:d9:7f:
> ea:04:4c:86:0d:56:b8:1a:12:e9:ff:2a:07:8b:ae:
> 06:4d:57:7e:72:fa:9a:9e:7e:6e:b4:6d:ac:17:84:
> 30:86:d2:07:5c:8a:18:6a:3e:b2:01:9c:06:46:30:
> 82:d5:e3:ea:69:d2:fd:8d:63:ec:d1:7c:80:16:fa:
> 14:96:d3:13:3e:1f:0d:a0:ce:37:36:50:6e:f0:80:
> 59:91:67:ba:18:d5:d0:d6:75:e8:5f:31:56:a3:8c:
> 1a:a6:df:63:17:fa:63:c8:b3:a8:f4:23:88:b8:7f:
> ca:0d:39:46:5e:2c:64:41:0e:0e:6c:e0:a4:e6:c1:
> 47:f2:9d:72:30:49:b5:7b:92:05:c5:58:6c:86:14:
> a6:df:16:6a:03:cd:14:ae:5d:72:f8:5e:af:1e:cd:
> b5:36:4e:aa:e7:15:01:b0:e6:54:20:49:d4:b3:12:
> cd:7b:6b:79:28:3f:c8:86:37:66:be:c1:e1:36:70:
> 15:61:8c:8c:da:f6:b4:27:04:ab:29:a8:12:6b:a2:
> 5f:65
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Basic Constraints:
> CA:TRUE, pathlen:1
> Netscape Comment:
> OpenSSL Generated Certificate
> X509v3 Subject Key Identifier:
> C4:81:52:16:BD:CB:A8:C6:E5:A1:97:8A:CE:1A:8B:2E:7D:F4:5B:A9
> X509v3 Authority Key Identifier:
>
> keyid:83:B1:07:7A:EE:CF:E0:01:61:44:E1:3D:4D:70:FE:D2:9A:F9:C7:C4
>
> X509v3 Subject Alternative Name:
> email:juniper at alcatel-lucent.com, IP
> Address:192.168.20.254, DNS:SSG320M.
> Signature Algorithm: sha1WithRSAEncryption
> b8:65:51:b5:eb:dd:85:bf:3a:f3:84:83:d9:07:70:af:25:59:
> ae:89:11:fb:87:8b:86:a1:7c:92:a8:55:69:fc:eb:7e:5c:74:
> ea:c8:57:4c:a8:ce:c0:98:f4:d8:62:62:92:b2:69:44:31:57:
> 84:04:c0:50:5c:4e:96:07:6d:b5:42:36:f3:1e:13:60:4b:87:
> 82:6b:27:c4:00:fd:ce:4c:a2:cf:ac:61:d5:58:a5:5a:79:1c:
> ca:a0:01:67:0d:65:67:d2:7e:97:4b:6a:f5:58:89:52:04:a3:
> a7:b1:d0:53:4f:4b:f1:3c:db:e6:0a:b2:89:66:77:2a:a1:70:
> 2e:24:92:40:6f:e1:b1:84:e2:d8:8d:d1:6d:23:d2:7e:3b:74:
> b4:73:35:8d:ad:23:11:e7:62:4f:9b:f6:f5:e5:62:5a:1c:c4:
> 06:b7:74:5c:45:4a:17:a5:e1:38:3e:54:ab:76:03:4f:39:f1:
> 05:bd:e9:27:43:9e:7c:f2:d0:60:eb:d5:7c:c1:9e:10:c9:e4:
> c4:ff:63:03:6b:9a:87:7f:bf:68:92:2b:3e:f0:27:7d:8f:0c:
> c2:cb:1e:48:eb:3c:28:b8:1f:9f:b7:a3:fe:dc:c3:6d:eb:fb:
> 01:73:d1:1c:2f:60:88:19:52:1d:39:ed:f8:3a:75:5c:dd:de:
> f0:4e:06:eb
======================================================================
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
More information about the Users
mailing list