[strongSwan] certificate status is not available
Groebl, Laurence (Laurence)
laurence.groebl at alcatel-lucent.com
Tue Nov 30 08:56:31 CET 2010
Hello Andreas,
thanks for the reply.
we fixed the issue of the missing '.' (full stop) character at the end.
However it's still not working, it seems we have a problem in the net-net configuration "selected peer config 'net-net' inacceptable". Could you please help us finding the error?
Thanks for your support,
Best regards,
Laurence & Bijan
-------
ipsec_starter[28203]: Starting strongSwan 4.3.4 IPsec [starter]...
charon: 01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.4)
charon: 01[KNL] listening on interfaces:
charon: 01[KNL] eth1
charon: 01[KNL] 192.168.20.51
charon: 01[KNL] fe80::217:3fff:fed0:772c
charon: 01[KNL] eth0
charon: 01[KNL] 149.204.17.51
charon: 01[KNL] fe80::224:81ff:fe1d:d4fa
charon: 01[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
charon: 01[LIB] loaded certificate file '/etc/ipsec.d/cacerts/Myroot2.pem'
charon: 01[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
charon: 01[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
charon: 01[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
charon: 01[CFG] loading crls from '/etc/ipsec.d/crls'
charon: 01[LIB] loaded crl file '/etc/ipsec.d/crls/crl_Myroot1.pem'
charon: 01[LIB] loaded crl file '/etc/ipsec.d/crls/crl_Myroot2.pem'
charon: 01[CFG] loading secrets from '/etc/ipsec.secrets'
charon: 01[CFG] loaded private key file '/etc/ipsec.d/private/MyBTS1_key.pem'
charon: 01[DMN] loaded plugins: curl ldap aes des sha1 sha2 md5 fips-prf random x509 pubkey openssl gcrypt xcbc hmac gmp kernel-netlink stroke updown attr resolv-conf
charon: 01[JOB] spawning 16 worker threads
ipsec_starter[28222]: charon (28223) started after 20 ms
charon: 05[CFG] stroke message => 272 bytes @ 0xb5945160
charon: 05[CFG] 0: 10 01 78 B7 0C 00 00 00 FF FF FF FF 01 00 00 00 ..x.............
charon: 05[CFG] 16: 98 6C EB BF 6B 86 06 08 A0 89 01 00 60 A6 06 08 .l..k.......`...
charon: 05[CFG] 32: 98 6C EB BF 77 6C EB BF 00 44 78 32 38 32 32 32 .l..wl...Dx28222
charon: 05[CFG] 48: 08 00 00 00 74 86 06 08 10 00 00 00 08 00 00 00 ....t...........
charon: 05[CFG] 64: F4 4F 78 B7 58 86 06 08 00 00 00 00 A0 63 78 B7 .Ox.X........cx.
charon: 05[CFG] 80: 50 36 69 B7 13 78 69 B7 C0 3F 78 B7 02 00 00 00 P6i..xi..?x.....
charon: 05[CFG] 96: C0 41 06 08 08 20 00 00 F4 4F 78 B7 60 86 06 08 .A... ...Ox.`...
charon: 05[CFG] 112: 13 78 69 B7 B8 15 00 00 F0 66 78 B7 C0 86 62 B7 .xi......fx...b.
charon: 05[CFG] 128: 03 49 69 B7 58 2A 06 08 00 00 00 00 F4 4F 78 B7 .Ii.X*.......Ox.
charon: 05[CFG] 144: 50 A9 01 00 B0 86 06 08 58 2A 06 08 F4 4F 78 B7 P.......X*...Ox.
charon: 05[CFG] 160: A0 63 78 B7 00 00 00 00 C0 86 62 B7 DD AF 69 B7 .cx.......b...i.
charon: 05[CFG] 176: 00 00 00 00 F4 4F 78 B7 F4 4F 78 B7 A0 63 78 B7 .....Ox..Ox..cx.
charon: 05[CFG] 192: 58 2A 06 08 C0 86 62 B7 DD AF 69 B7 C0 86 62 B7 X*....b...i...b.
charon: 05[CFG] 208: F4 4F 78 B7 F4 4F 78 B7 14 00 00 00 77 79 6F B7 .Ox..Ox.....wyo.
charon: 05[CFG] 224: 60 86 06 08 60 86 06 08 4C 00 00 00 00 40 00 00 `...`...L.... at ..
charon: 05[CFG] 240: 00 44 78 B7 E0 49 78 B7 02 00 00 00 24 00 00 00 .Dx..Ix.....$...
charon: 05[CFG] 256: 01 00 00 00 10 00 00 00 19 00 00 00 0A 00 00 00 ................
charon: 05[CFG] crl caching to /etc/ipsec.d/crls enabled
charon: 08[CFG] stroke message => 399 bytes @ 0xb41420e0
charon: 08[CFG] 0: 8F 01 00 00 03 00 00 00 FF FF FF FF 10 01 00 00 ................
charon: 08[CFG] 16: 01 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 08[CFG] 32: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 08[CFG] 48: 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ................
charon: 08[CFG] 64: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00 ........,.......
charon: 08[CFG] 80: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00 .p...p..........
charon: 08[CFG] 96: 64 00 00 00 3C 00 00 00 03 00 00 00 00 00 00 00 d...<...........
charon: 08[CFG] 112: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 ........ at .......
charon: 08[CFG] 128: 00 00 00 00 00 00 00 00 00 00 00 00 47 01 00 00 ............G...
charon: 08[CFG] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 08[CFG] 160: 00 00 00 00 52 01 00 00 00 00 00 00 01 00 00 00 ....R...........
charon: 08[CFG] 176: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................
charon: 08[CFG] 192: 00 00 00 00 60 01 00 00 00 00 00 00 67 01 00 00 ....`.......g...
charon: 08[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 08[CFG] 224: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 08[CFG] 240: 70 01 00 00 00 00 00 00 00 00 00 00 7F 01 00 00 p...............
charon: 08[CFG] 256: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 08[CFG] 272: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
charon: 08[CFG] 288: 31 2D 6D 6F 64 70 31 30 32 34 21 00 33 64 65 73 1-modp1024!.3des
charon: 08[CFG] 304: 2D 73 68 61 31 2D 6D 6F 64 70 31 30 32 34 21 00 -sha1-modp1024!.
charon: 08[CFG] 320: 72 73 61 73 69 67 00 4D 79 42 54 53 31 2E 70 65 rsasig.MyBTS1.pe
charon: 08[CFG] 336: 6D 00 31 39 32 2E 31 36 38 2E 32 30 2E 35 31 00 m.192.168.20.51.
charon: 08[CFG] 352: 72 73 61 73 69 67 00 53 53 47 33 32 30 4D 2E 00 rsasig.SSG320M..
charon: 08[CFG] 368: 31 39 32 2E 31 36 38 2E 32 30 2E 32 35 34 00 31 192.168.20.254.1
charon: 08[CFG] 384: 39 32 2E 31 36 38 2E 33 30 2E 30 2F 32 34 00 92.168.30.0/24.
charon: 08[CFG] received stroke: add connection 'net-net'
charon: 08[CFG] conn net-net
charon: 08[CFG] left=192.168.20.51
charon: 08[CFG] leftsubnet=(null)
charon: 08[CFG] leftsourceip=(null)
charon: 08[CFG] leftauth=rsasig
charon: 08[CFG] leftauth2=(null)
charon: 08[CFG] leftid=(null)
charon: 08[CFG] leftid2=(null)
charon: 08[CFG] leftcert=MyBTS1.pem
charon: 08[CFG] leftcert2=(null)
charon: 08[CFG] leftca=(null)
charon: 08[CFG] leftca2=(null)
charon: 08[CFG] leftgroups=(null)
charon: 08[CFG] leftupdown=(null)
charon: 08[CFG] right=192.168.20.254
charon: 08[CFG] rightsubnet=192.168.30.0/24
charon: 08[CFG] rightsourceip=(null)
charon: 08[CFG] rightauth=rsasig
charon: 08[CFG] rightauth2=(null)
charon: 08[CFG] rightid=SSG320M.
charon: 08[CFG] rightid2=(null)
charon: 08[CFG] rightcert=(null)
charon: 08[CFG] rightcert2=(null)
charon: 08[CFG] rightca=(null)
charon: 08[CFG] rightca2=(null)
charon: 08[CFG] rightgroups=(null)
charon: 08[CFG] rightupdown=(null)
charon: 08[CFG] eap_identity=(null)
charon: 08[CFG] ike=3des-sha1-modp1024!
charon: 08[CFG] esp=3des-sha1-modp1024!
charon: 08[CFG] mediation=no
charon: 08[CFG] mediated_by=(null)
charon: 08[CFG] me_peerid=(null)
charon: 08[KNL] getting interface name for 192.168.20.254
charon: 08[KNL] 192.168.20.254 is not a local address
charon: 08[KNL] getting interface name for 192.168.20.51
charon: 08[KNL] 192.168.20.51 is on interface eth1
charon: 08[LIB] loaded certificate file '/etc/ipsec.d/certs/MyBTS1.pem'
charon: 08[CFG] peerid 192.168.20.51 not confirmed by certificate, defaulting to subject DN: C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN
charon: 08[CFG] added configuration 'net-net'
charon: 10[CFG] stroke message => 280 bytes @ 0xb3140150
charon: 10[CFG] 0: 18 01 00 00 00 00 00 00 FF FF FF FF 10 01 00 00 ................
charon: 10[CFG] 16: 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 10[CFG] 32: 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 ................
charon: 10[CFG] 48: 01 00 00 00 18 01 00 00 2C 01 00 00 00 00 00 00 ........,.......
charon: 10[CFG] 64: D0 70 00 00 80 70 00 00 80 16 00 00 01 00 00 00 .p...p..........
charon: 10[CFG] 80: 64 00 00 00 3C 00 00 00 03 00 00 00 00 00 00 00 d...<...........
charon: 10[CFG] 96: 00 00 00 00 00 00 00 00 40 01 00 00 00 00 00 00 ........ at .......
charon: 10[CFG] 112: 00 00 00 00 00 00 00 00 00 00 00 00 47 01 00 00 ............G...
charon: 10[CFG] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 10[CFG] 144: 00 00 00 00 52 01 00 00 00 00 00 00 01 00 00 00 ....R...........
charon: 10[CFG] 160: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................
charon: 10[CFG] 176: 00 00 00 00 60 01 00 00 00 00 00 00 67 01 00 00 ....`.......g...
charon: 10[CFG] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 10[CFG] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 10[CFG] 224: 70 01 00 00 00 00 00 00 00 00 00 00 7F 01 00 00 p...............
charon: 10[CFG] 240: 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 10[CFG] 256: 6E 65 74 2D 6E 65 74 00 33 64 65 73 2D 73 68 61 net-net.3des-sha
charon: 10[CFG] 272: 6E 65 74 2D 6E 65 74 00 net-net.
charon: 10[CFG] received stroke: initiate 'net-net'
charon: 10[IKE] queueing IKE_INIT task
charon: 10[IKE] queueing IKE_NATD task
charon: 10[IKE] queueing IKE_CERT_PRE task
charon: 10[IKE] queueing IKE_AUTHENTICATE task
charon: 10[IKE] queueing IKE_CERT_POST task
charon: 10[IKE] queueing IKE_CONFIG task
charon: 10[IKE] queueing IKE_AUTH_LIFETIME task
charon: 10[IKE] queueing CHILD_CREATE task
charon: 10[IKE] activating new tasks
charon: 10[IKE] activating IKE_INIT task
charon: 10[IKE] activating IKE_NATD task
charon: 10[IKE] activating IKE_CERT_PRE task
charon: 10[IKE] activating IKE_AUTHENTICATE task
charon: 10[IKE] activating IKE_CERT_POST task
charon: 10[IKE] activating IKE_CONFIG task
charon: 10[IKE] activating CHILD_CREATE task
charon: 10[IKE] activating IKE_AUTH_LIFETIME task
charon: 10[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
charon: 10[IKE] initiating IKE_SA net-net[1] to 192.168.20.254
charon: 10[IKE] IKE_SA net-net[1] state change: CREATED => CONNECTING
charon: 10[IKE] natd_chunk => 22 bytes @ 0x80a9b08
[...]
charon: 10[IKE] natd_hash => 20 bytes @ 0x80a8af8
[...]
charon: 10[IKE] natd_chunk => 22 bytes @ 0x80a9b08
[...]
charon: 10[IKE] natd_hash => 20 bytes @ 0x80a8af8
[...]
charon: 10[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
charon: 10[NET] sending packet: from 192.168.20.51[500] to 192.168.20.254[500]
charon: 14[NET] received packet: from 192.168.20.254[500] to 192.168.20.51[500]
charon: 14[ENC] parsed IKE_SA_INIT response 0 [ SA KE No CERTREQ ]
charon: 14[CFG] selecting proposal:
charon: 14[CFG] proposal matches
charon: 14[CFG] received proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
charon: 14[CFG] configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
charon: 14[CFG] selected proposal: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
charon: 14[IKE] shared Diffie Hellman secret => 128 bytes @ 0x80aaf10
charon: 14[IKE] 0: 6A 1F DA 68 36 7B B2 25 B5 1B 82 DC 93 B5 E6 37 j..h6{.%.......7
charon: 14[IKE] 16: BF 35 D4 69 9E 39 04 B8 C3 C6 10 54 D8 6F 89 6A .5.i.9.....T.o.j
charon: 14[IKE] 32: 21 97 99 41 C7 9A DE 19 2B 6E 20 5B 8A C4 F4 23 !..A....+n [...#
charon: 14[IKE] 48: 07 26 7C 5A D7 9E CC C9 D6 B8 49 2C 76 1F 97 96 .&|Z......I,v...
charon: 14[IKE] 64: A1 DE 62 D2 E7 29 76 0F CA 8D CB 7F AB 54 E3 F3 ..b..)v......T..
charon: 14[IKE] 80: 3A A6 99 A6 4A 00 24 0E DF B5 04 E1 16 CF FF 96 :...J.$.........
charon: 14[IKE] 96: 93 8C 37 8A DD 7D F7 AD 1A 88 C1 5F D3 FB 29 5D ..7..}....._..)]
charon: 14[IKE] 112: F5 77 AB 45 96 0B 2E 4E C6 74 36 73 87 A7 72 32 .w.E...N.t6s..r2
charon: 14[IKE] SKEYSEED => 20 bytes @ 0x80a9bf0
charon: 14[IKE] 0: 66 76 89 78 63 67 D7 E1 73 C7 51 CF 4C 19 F3 9F fv.xcg..s.Q.L...
charon: 14[IKE] 16: B1 94 6B 5A ..kZ
charon: 14[IKE] Sk_d secret => 20 bytes @ 0x80a9bf0
[...]
charon: 14[IKE] Sk_ai secret => 20 bytes @ 0x80a9568
[...]
charon: 14[IKE] Sk_ar secret => 20 bytes @ 0x80a9568
[...]
charon: 14[IKE] Sk_ei secret => 24 bytes @ 0x80a58f0
[...]
charon: 14[IKE] Sk_er secret => 24 bytes @ 0x80a58f0
[...]
charon: 14[IKE] Sk_pi secret => 20 bytes @ 0x80ab130
[...]
charon: 14[IKE] Sk_pr secret => 20 bytes @ 0x80a58f0
[...]
charon: 14[IKE] natd_chunk => 22 bytes @ 0x80a9a38
[...]
charon: 14[IKE] natd_hash => 20 bytes @ 0x80a9818
[...]
charon: 14[IKE] natd_chunk => 22 bytes @ 0x80a9a38
[...]
charon: 14[IKE] natd_hash => 20 bytes @ 0x80aaf88
[...]
charon: 14[IKE] precalculated src_hash => 20 bytes @ 0x80aaf88
[...]
charon: 14[IKE] precalculated dst_hash => 20 bytes @ 0x80a9818
[...]
charon: 14[IKE] received cert request for unknown ca with keyid 12:b9:6f:ae:3c:15:64:e2:f1:16:5f:e9:be:e3:3a:ca:03:65:af:c5
charon: 14[IKE] reinitiating already active tasks
charon: 14[IKE] IKE_CERT_PRE task
charon: 14[IKE] IKE_AUTHENTICATE task
charon: 14[IKE] sending cert request for "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot"
charon: 14[IKE] sending cert request for "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN"
charon: 14[IKE] IDx' => 78 bytes @ 0xb113c040
charon: 14[IKE] 0: 09 00 00 00 30 48 31 0B 30 09 06 03 55 04 06 13 ....0H1.0...U...
charon: 14[IKE] 16: 02 44 45 31 17 30 15 06 03 55 04 0A 13 0E 41 6C .DE1.0...U....Al
charon: 14[IKE] 32: 63 61 74 65 6C 2D 4C 75 63 65 6E 74 31 11 30 0F catel-Lucent1.0.
charon: 14[IKE] 48: 06 03 55 04 0B 13 08 57 69 72 65 6C 65 73 73 31 ..U....Wireless1
charon: 14[IKE] 64: 0D 30 0B 06 03 55 04 03 13 04 53 57 41 4E .0...U....SWAN
charon: 14[IKE] SK_p => 20 bytes @ 0x80ab130
[...]
charon: 14[IKE] octets = message + nonce + prf(Sk_px, IDx') => 352 bytes @ 0x80aa830
charon: 14[IKE] 0: 97 A7 A7 71 4F A1 D1 A0 00 00 00 00 00 00 00 00 ...qO...........
charon: 14[IKE] 16: 21 20 22 08 00 00 00 00 00 00 01 2C 22 00 00 2C ! "........,"..,
charon: 14[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
charon: 14[IKE] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................
charon: 14[IKE] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(.......
charon: 14[IKE] 80: 5E 84 A5 38 A5 CF 89 C5 14 91 C9 0F 33 E3 58 55 ^..8........3.XU
charon: 14[IKE] 96: 15 7F 86 72 BB D1 F1 1B 2A 3F 7D 86 B2 EF D3 F6 ...r....*?}.....
charon: 14[IKE] 112: DB 9A D6 C6 0B A0 C2 08 84 C3 F8 9D 64 A4 2E 05 ............d...
charon: 14[IKE] 128: 79 AE C3 ED E2 D9 7C 61 30 AC 22 76 B3 F2 33 0F y.....|a0."v..3.
charon: 14[IKE] 144: 6D FB 9A A9 3C BF BB 2A 68 6D 58 A9 40 56 CD A3 m...<..*hmX. at V..
charon: 14[IKE] 160: 1D 26 B0 42 A2 4F AA 80 6B 69 D2 39 92 D2 FB CB .&.B.O..ki.9....
charon: 14[IKE] 176: 20 AE 3C 97 7C DA 5F 26 79 C0 CE 5C DF AD A9 2E .<.|._&y..\....
charon: 14[IKE] 192: 52 49 52 07 F8 3F 42 19 64 AA 04 12 9B C4 82 2B RIR..?B.d......+
charon: 14[IKE] 208: 29 00 00 24 7C FB 5D EA CB 7A 33 43 6A A4 B8 1F )..$|.]..z3Cj...
charon: 14[IKE] 224: AA 34 97 43 68 E4 0E 97 69 7B EA D2 53 D8 57 17 .4.Ch...i{..S.W.
charon: 14[IKE] 240: 15 B6 FE AE 29 00 00 1C 00 00 40 04 07 71 78 C1 ....)..... at ..qx.
charon: 14[IKE] 256: C7 62 8B 12 21 84 00 C9 DE 9D EE 45 AE EA 8A A7 .b..!......E....
charon: 14[IKE] 272: 00 00 00 1C 00 00 40 05 EF ED 1A 4E 48 95 05 A8 ...... at ....NH...
charon: 14[IKE] 288: AA C7 F9 09 73 66 34 F9 E0 DC A2 46 5A EC 23 7C ....sf4....FZ.#|
charon: 14[IKE] 304: 2E C2 BF EE C1 96 BB 6E 56 CE 3F 76 31 5E 2F FE .......nV.?v1^/.
charon: 14[IKE] 320: A8 67 6E 49 E6 20 DA 03 7E FB D3 DA 8B C8 D1 7A .gnI. ..~......z
charon: 14[IKE] 336: BD C5 10 1E 10 DA 9A 3C 04 5E 99 C6 7E AC 6D FA .......<.^..~.m.
charon: 14[IKE] authentication of 'C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN' (myself) with RSA signature successful
charon: 14[IKE] sending end entity cert "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=SWAN"
charon: 14[IKE] establishing CHILD_SA net-net
charon: 14[IKE] establishing CHILD_SA net-net
charon: 14[CFG] proposing traffic selectors for us:
charon: 14[CFG] dynamic (derived from dynamic)
charon: 14[CFG] proposing traffic selectors for other:
charon: 14[CFG] 192.168.30.0/24 (derived from 192.168.30.0/24)
charon: 14[KNL] getting SPI for reqid {1}
charon: 14[KNL] sending XFRM_MSG_ALLOCSPI: => 244 bytes @ 0xb113bcfc
charon: 14[KNL] 0: F4 00 00 00 16 00 01 00 C9 00 00 00 3F 6E 00 00 ............?n..
charon: 14[KNL] 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 14[KNL] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 14[KNL] 48: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 14[KNL] 64: 00 00 00 00 00 00 00 00 C0 A8 14 33 00 00 00 00 ...........3....
charon: 14[KNL] 80: 00 00 00 00 00 00 00 00 00 00 00 00 32 00 00 00 ............2...
charon: 14[KNL] 96: C0 A8 14 FE 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 14[KNL] 112: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 14[KNL] 128: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 14[KNL] 144: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 14[KNL] 160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 14[KNL] 176: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 14[KNL] 192: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 14[KNL] 208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
charon: 14[KNL] 224: 01 00 00 00 02 00 01 00 00 00 00 00 00 00 00 C0 ................
charon: 14[KNL] 240: FF FF FF CF ....
charon: 14[KNL] got SPI cc514bb7 for reqid {1}
charon: 14[ENC] generating IKE_AUTH request 1 [ IDi CERT CERTREQ IDr AUTH CP SA TSi TSr ]
charon: 14[NET] sending packet: from 192.168.20.51[500] to 192.168.20.254[500]
charon: 15[NET] received packet: from 192.168.20.254[500] to 192.168.20.51[500]
charon: 15[ENC] parsed IKE_AUTH response 1 [ IDr CERT AUTH CP SA N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) TSi TSr ]
charon: 15[IKE] received end entity cert "C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, CN=192.168.20.254, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER"
charon: 15[IKE] received ESP_TFC_PADDING_NOT_SUPPORTED notify
charon: 15[IKE] received NON_FIRST_FRAGMENTS_ALSO notify
charon: 15[IKE] IDx' => 12 bytes @ 0xb093b0b0
charon: 15[IKE] 0: 02 00 00 00 53 53 47 33 32 30 4D 2E ....SSG320M.
charon: 15[IKE] SK_p => 20 bytes @ 0x80a58f0
[...]
charon: 15[IKE] octets = message + nonce + prf(Sk_px, IDx') => 321 bytes @ 0x80af038
charon: 15[IKE] 0: 97 A7 A7 71 4F A1 D1 A0 C6 07 61 F6 90 51 A6 BB ...qO.....a..Q..
charon: 15[IKE] 16: 21 20 22 20 00 00 00 00 00 00 01 0D 22 00 00 2C ! " ........"..,
charon: 15[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............
charon: 15[IKE] 48: 03 00 00 08 02 00 00 02 03 00 00 08 03 00 00 02 ................
charon: 15[IKE] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(.......
charon: 15[IKE] 80: AE 6E 04 03 6F 30 88 9C FC BE 50 CA 59 B3 93 64 .n..o0....P.Y..d
charon: 15[IKE] 96: 4A 0C 74 6C 4E 69 2D 85 4A FA 78 7E 7E 09 79 2E J.tlNi-.J.x~~.y.
charon: 15[IKE] 112: C2 B3 8E 5F 1E 23 6D A1 41 20 7D 50 79 7F 52 80 ..._.#m.A }Py.R.
charon: 15[IKE] 128: F3 E2 F6 1D 73 15 9B F4 08 8E A6 B1 55 05 25 A8 ....s.......U.%.
charon: 15[IKE] 144: 01 CC 30 33 37 C0 DE 4B 75 C3 57 99 00 93 24 76 ..037..Ku.W...$v
charon: 15[IKE] 160: D0 55 33 CC F8 60 51 8E 5B 17 2B E8 D8 67 A2 EA .U3..`Q.[.+..g..
charon: 15[IKE] 176: 05 CB 6E AE 55 F0 3B 79 6E 11 57 B8 02 07 01 86 ..n.U.;yn.W.....
charon: 15[IKE] 192: 8C 95 2A 4D 3C BF 87 78 A8 2F 07 55 7A A9 5E 33 ..*M<..x./.Uz.^3
charon: 15[IKE] 208: 26 00 00 24 5A EC 23 7C 2E C2 BF EE C1 96 BB 6E &..$Z.#|.......n
charon: 15[IKE] 224: 56 CE 3F 76 31 5E 2F FE A8 67 6E 49 E6 20 DA 03 V.?v1^/..gnI. ..
charon: 15[IKE] 240: 7E FB D3 DA 00 00 00 19 04 12 B9 6F AE 3C 15 64 ~..........o.<.d
charon: 15[IKE] 256: E2 F1 16 5F E9 BE E3 3A CA 03 65 AF C5 7C FB 5D ..._...:..e..|.]
charon: 15[IKE] 272: EA CB 7A 33 43 6A A4 B8 1F AA 34 97 43 68 E4 0E ..z3Cj....4.Ch..
charon: 15[IKE] 288: 97 69 7B EA D2 53 D8 57 17 15 B6 FE AE 0F CC 32 .i{..S.W.......2
charon: 15[IKE] 304: 56 F5 80 93 1D 1F B9 42 6B 32 BC 18 8B FE 82 27 V......Bk2.....'
charon: 15[IKE] 320: A8 .
charon: 15[CFG] using certificate "C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, CN=192.168.20.254, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER"
charon: 15[CFG] using trusted ca certificate "C=DE, O=Alcatel-Lucent, OU=Wireless, CN=JuniperRoot"
charon: 15[CFG] checking certificate status of "C=DE, ST=Germany, L=Stuttgart, O=Alcatel-Lucent, CN=192.168.20.254, CN=JN11AEB36ADD, CN=rsa-key, CN=SSG320M., CN=JUNIPER"
charon: 15[CFG] ocsp check skipped, no ocsp found
charon: 15[CFG] certificate status is not available
charon: 15[IKE] authentication of 'SSG320M.' with RSA signature successful
charon: 15[CFG] constraint check failed: RULE_CRL_VALIDATION is SKIPPED, but requires at least GOOD
charon: 15[CFG] selected peer config 'net-net' inacceptable
charon: 15[CFG] no alternative config found
charon: 15[KNL] deleting SAD entry with SPI cc514bb7
charon: 15[KNL] sending XFRM_MSG_DELSA: => 40 bytes @ 0xb093ad7c
charon: 15[KNL] 0: 28 00 00 00 11 00 05 00 CA 00 00 00 3F 6E 00 00 (...........?n..
charon: 15[KNL] 16: C0 A8 14 33 00 00 00 00 00 00 00 00 00 00 00 00 ...3............
charon: 15[KNL] 32: CC 51 4B B7 02 00 00 00 .QK.....
charon: 15[KNL] received netlink error: Invalid argument (22)
charon: 15[KNL] unable to delete SAD entry with SPI cc514bb7
charon: 15[IKE] IKE_SA net-net[1] state change: CONNECTING => DESTROYING
charon: 03[KNL] received a XFRM_MSG_EXPIRE
charon: 03[KNL] creating delete job for ESP CHILD_SA with SPI cc514bb7 and reqid {1}
charon: 16[JOB] CHILD_SA with reqid 1 not found for delete
su: (to root) ksim on /dev/pts/4
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101130/d18f45ea/attachment.html>
More information about the Users
mailing list