[strongSwan] openwrt ikev2
Rafał Sanocki
rafal.sanocki at gmail.com
Thu May 7 12:10:48 CEST 2015
W dniu 2015-05-06 o 19:49, Rafał Sanocki pisze:
> Hi, i cant run ipsec on my OpenWRT,
> pleas for any help
>
> client [win8] ---- router -----switch ------ router [openWRT - ipsec]
> (router cient) 192.168.0.3 ------- 192.168.0.4 (
> server)
>
> [strongswan.conf ]
> charon {
> load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509
> revocation hmac stroke kernel-netlink socket-default updown attr farp
> dhcp
> dns1=192.168.10.1
> load_modular = yes
> i_dont_care_about_security_and_use_aggressive_mode_psk = yes
> max_packet=20000
> plugins {
> include strongswan.d/charon/*.conf
> }
> }
> libstrongswan {
> crypto_test {
> on_add = yes
> }
> }
>
>
> [ipsec.conf]
> config setup
> charondebug="dmn 1, mgr 1, ike 1, chd 1, job 1, cfg 1, knl 1,
> net 1, enc 1, lib 1"
>
>
> conn vpn-ikev2
> keyexchange=ikev2
> type=transport
> leftsubnet=0.0.0.0/0
> left=%any
> leftfirewall = yes
> leftcert=proxyWRT.s.cert
> leftid="C=PL, ST=Malopolska, O=xxx, OU=Sec man, CN=px.xxx.org.pl,
> E=kontakt at xxx.org.pl"
> authby=rsasig
> right=%any
> rightrsasigkey=%cert
> rightid="C=PL, ST=Malopolska, O=xxx, OU=Sec man, CN=*,
> E=kontakt at xxx.org.pl"
> auto=add
>
> [log] ipsec start
>
> May 6 19:35:36 OpenWrt ipsec_starter[12722]: Starting weakSwan 5.2.2
> IPsec [starter]...
> May 6 19:35:36 OpenWrt ipsec_starter[12722]: !! Your strongswan.conf
> contains manual plugin load options for charon.
> May 6 19:35:36 OpenWrt ipsec_starter[12722]: !! This is recommended
> for experts only, see
> May 6 19:35:36 OpenWrt ipsec_starter[12722]: !!
> http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
> May 6 19:35:36 OpenWrt syslog: ah4 is already loaded
> May 6 19:35:36 OpenWrt syslog: esp4 is already loaded
> May 6 19:35:36 OpenWrt syslog: ipcomp is already loaded
> May 6 19:35:36 OpenWrt syslog: xfrm4_tunnel is already loaded
> May 6 19:35:36 OpenWrt syslog: xfrm_user is already loaded
> May 6 19:35:36 OpenWrt syslog: 00[DMN] Starting IKE charon daemon
> (strongSwan 5.2.2, Linux 3.10.49, mips)
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled RNG_WEAK[gcrypt]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled RNG_WEAK[openssl]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled RNG_STRONG[gcrypt]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled RNG_STRONG[openssl]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled RNG_STRONG[random]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled RNG_TRUE[gcrypt]:
> skipping test (disabled by config)
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled RNG_TRUE[random]:
> skipping test (disabled by config)
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA1[af-alg]:
> passed 4 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA1[gcrypt]:
> passed 4 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA1[openssl]:
> passed 4 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA1[sha1]:
> passed 4 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CBC[aes]: passed
> 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CBC[aes]: passed
> 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CBC[aes]: passed
> 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_MD5[af-alg]:
> passed 7 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_SHA1_96[af-alg]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_SHA1_128[af-alg]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_SHA1_160[af-alg]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_MD5_96[af-alg]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_MD5_128[af-alg]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled PRF_HMAC_SHA1[af-alg]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled PRF_HMAC_MD5[af-alg]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled DES_CBC[af-alg]:
> des_cbc1 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled DES_ECB[af-alg]:
> des_ecb1 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled 3DES_CBC[af-alg]:
> des3_cbc1 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled AES_CBC[af-alg]:
> aes_cbc1 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled AES_CBC[af-alg]:
> aes_cbc1 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled AES_CBC[af-alg]:
> aes_cbc1 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> BLOWFISH_CBC[blowfish]: passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> PRF_KEYED_SHA1[openssl]: no test vectors found
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled PRF_KEYED_SHA1[sha1]:
> no test vectors found
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> PRF_FIPS_SHA1_160[fips-prf]: passed 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CTR[gcrypt]:
> passed 9 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CTR[gcrypt]:
> passed 9 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CTR[gcrypt]:
> passed 9 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CBC[gcrypt]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CBC[gcrypt]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CBC[gcrypt]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled BLOWFISH_CBC[gcrypt]:
> passed 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CTR[gcrypt]:
> passed 9 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CTR[gcrypt]:
> passed 9 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CTR[gcrypt]:
> passed 9 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CBC[gcrypt]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CBC[gcrypt]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CBC[gcrypt]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAST_CBC[gcrypt]:
> passed 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled 3DES_CBC[gcrypt]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled DES_CBC[gcrypt]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled DES_ECB[gcrypt]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled SERPENT_CBC[gcrypt]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled SERPENT_CBC[gcrypt]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled SERPENT_CBC[gcrypt]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled TWOFISH_CBC[gcrypt]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled TWOFISH_CBC[gcrypt]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_MD4[gcrypt]:
> passed 7 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_MD5[gcrypt]:
> passed 7 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA224[gcrypt]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA256[gcrypt]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA384[gcrypt]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA512[gcrypt]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_MD4[md4]: passed
> 7 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CBC[openssl]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CBC[openssl]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_CBC[openssl]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAST_CBC[openssl]:
> passed 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled BLOWFISH_CBC[openssl]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled 3DES_CBC[openssl]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled DES_CBC[openssl]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled DES_ECB[openssl]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled NULL[openssl]: passed
> 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_MD4[openssl]:
> passed 7 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_MD5[openssl]:
> passed 7 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA224[openssl]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA256[openssl]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA384[openssl]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA512[openssl]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled PRF_HMAC_MD5[openssl]:
> passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> PRF_HMAC_SHA1[openssl]: passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> PRF_HMAC_SHA2_256[openssl]: passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> PRF_HMAC_SHA2_384[openssl]: passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> PRF_HMAC_SHA2_512[openssl]: passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_MD5_96[openssl]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_MD5_128[openssl]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_SHA1_96[openssl]:
> passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA1_128[openssl]: passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA1_160[openssl]: passed 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_256_128[openssl]: passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_256_256[openssl]: no test vectors found
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_384_192[openssl]: passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_384_384[openssl]: no test vectors found
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_512_256[openssl]: passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_512_512[openssl]: no test vectors found
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_8[openssl]:
> passed 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_8[openssl]:
> passed 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_8[openssl]:
> passed 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_12[openssl]:
> passed 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_12[openssl]:
> passed 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_12[openssl]:
> passed 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_16[openssl]:
> passed 12 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_16[openssl]:
> passed 12 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_16[openssl]:
> passed 12 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled PRF_AES128_XCBC[xcbc]:
> passed 7 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> PRF_CAMELLIA128_XCBC[xcbc]: passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> CAMELLIA_XCBC_96[xcbc]: passed 1 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_XCBC_96[xcbc]:
> passed 5 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled 3DES_CBC[des]: passed
> 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled DES_CBC[des]: passed
> 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled DES_ECB[des]: passed
> 2 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA224[sha2]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA256[sha2]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA384[sha2]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA512[sha2]:
> passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_MD5[md5]: passed
> 7 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled PRF_HMAC_SHA1[hmac]:
> sha1_hmac_p1 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled PRF_HMAC_MD5[hmac]:
> md5_hmac_p1 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> PRF_HMAC_SHA2_256[hmac]: passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> PRF_HMAC_SHA2_384[hmac]: passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> PRF_HMAC_SHA2_512[hmac]: passed 6 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled HMAC_SHA1_96[hmac]:
> sha1_hmac_s1 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled HMAC_SHA1_128[hmac]:
> sha1_hmac_s2 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled HMAC_SHA1_160[hmac]:
> sha1_hmac_s3 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled HMAC_MD5_96[hmac]:
> md5_hmac_s1 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] disabled HMAC_MD5_128[hmac]:
> md5_hmac_s2 test vector failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_256_128[hmac]: passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_256_256[hmac]: no test vectors found
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_384_192[hmac]: passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_384_384[hmac]: no test vectors found
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_512_256[hmac]: passed 3 test vectors
> May 6 19:35:36 OpenWrt syslog: 00[LIB] enabled
> HMAC_SHA2_512_512[hmac]: no test vectors found
> May 6 19:35:36 OpenWrt syslog: 00[CFG] loading ca certificates from
> '/etc/ipsec.d/cacerts'
> May 6 19:35:36 OpenWrt syslog: 00[CFG] loaded ca certificate "C=PL,
> ST=Malopolska, O=xxx, OU=Sec man, CN=xxx.org.pl, E=kontakt at xxx.org.pl"
> from '/etc/ipsec.d/cacerts/cacert.pem'
> May 6 19:35:36 OpenWrt syslog: 00[LIB] OpenSSL X.509 parsing failed
> May 6 19:35:36 OpenWrt syslog: 00[LIB] building CRED_CERTIFICATE -
> X509 failed, tried 5 builders
> May 6 19:35:36 OpenWrt syslog: 00[CFG] loading ca certificate from
> '/etc/ipsec.d/cacerts/cakey.pem' failed
> May 6 19:35:36 OpenWrt syslog: 00[CFG] loading aa certificates from
> '/etc/ipsec.d/aacerts'
> May 6 19:35:36 OpenWrt syslog: 00[CFG] loading ocsp signer
> certificates from '/etc/ipsec.d/ocspcerts'
> May 6 19:35:36 OpenWrt syslog: 00[CFG] loading attribute certificates
> from '/etc/ipsec.d/acerts'
> May 6 19:35:36 OpenWrt syslog: 00[CFG] loading crls from
> '/etc/ipsec.d/crls'
> May 6 19:35:36 OpenWrt syslog: 00[CFG] loading secrets from
> '/etc/ipsec.secrets'
> May 6 19:35:38 OpenWrt syslog: 00[CFG] loaded RSA private key from
> '/etc/ipsec.d/private/proxyWRT.s.key'
> May 6 19:35:38 OpenWrt syslog: 00[LIB] loaded plugins: charon aes
> af-alg blowfish constraints dnskey fips-prf gcrypt md4 openssl pgp
> pkcs11 pkcs8 pubkey resolve test-vectors xauth-generic xcbc des sha1
> sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke
> kernel-netlink socket-default updown attr farp dhcp
> May 6 19:35:38 OpenWrt syslog: 00[LIB] unable to load 4 plugin
> features (4 due to unmet dependencies)
> May 6 19:35:38 OpenWrt syslog: 00[JOB] spawning 16 worker threads
> May 6 19:35:38 OpenWrt ipsec_starter[12735]: charon (12736) started
> after 1600 ms
> May 6 19:35:38 OpenWrt syslog: 11[CFG] received stroke: add
> connection 'vpn-ikev2'
> May 6 19:35:38 OpenWrt syslog: 11[CFG] left nor right host is our
> side, assuming left=local
> May 6 19:35:38 OpenWrt syslog: 11[CFG] loaded certificate "C=PL,
> ST=Malopolska, O=xxx, OU=Sec man, CN=px.xxx.org.pl,
> E=kontakt at xxx.org.pl" from 'proxyWRT.s.cert'
> May 6 19:35:38 OpenWrt syslog: 11[CFG] added configuration 'vpn-ikev2'
>
> when i try connect
>
> May 6 19:44:51 OpenWrt syslog: 05[NET] received packet: from
> 192.168.0.3[500] to 192.168.0.4[500] (880 bytes)
> May 6 19:44:51 OpenWrt syslog: 05[ENC] parsed IKE_SA_INIT request 0 [
> SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]
> May 6 19:44:51 OpenWrt syslog: 05[ENC] received unknown vendor ID:
> 1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:09
> May 6 19:44:51 OpenWrt syslog: 05[ENC] received unknown vendor ID:
> fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
> May 6 19:44:51 OpenWrt syslog: 05[ENC] received unknown vendor ID:
> 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
> May 6 19:44:51 OpenWrt syslog: 05[ENC] received unknown vendor ID:
> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
> May 6 19:44:51 OpenWrt syslog: 05[IKE] 192.168.0.3 is initiating an
> IKE_SA
> May 6 19:44:51 OpenWrt syslog: 05[IKE] 192.168.0.3 is initiating an
> IKE_SA
> May 6 19:44:51 OpenWrt syslog: 05[IKE] remote host is behind NAT
> May 6 19:44:51 OpenWrt syslog: 05[IKE] sending cert request for
> "C=PL, ST=Malopolska, O=xxx, OU=Sec man, CN=xxx.org.pl,
> E=kontakt at xxx.org.pl"
> May 6 19:44:51 OpenWrt syslog: 05[ENC] generating IKE_SA_INIT
> response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
> May 6 19:44:51 OpenWrt syslog: 05[NET] sending packet: from
> 192.168.0.4[500] to 192.168.0.3[500] (333 bytes)
> May 6 19:44:52 OpenWrt syslog: 04[NET] received packet: from
> 192.168.0.3[4500] to 192.168.0.4[4500] (7188 bytes)
> May 6 19:44:52 OpenWrt syslog: 04[LIB] MAC verification failed
> May 6 19:44:52 OpenWrt syslog: 04[ENC] verifying encrypted payload
> integrity failed
> May 6 19:44:52 OpenWrt syslog: 04[ENC] could not decrypt payloads
> May 6 19:44:52 OpenWrt syslog: 04[IKE] integrity check failed
> May 6 19:44:52 OpenWrt syslog: 04[IKE] IKE_AUTH request with message
> ID 1 processing failed
> May 6 19:44:53 OpenWrt syslog: 03[NET] received packet: from
> 192.168.0.3[4500] to 192.168.0.4[4500] (7188 bytes)
> May 6 19:44:53 OpenWrt syslog: 03[LIB] MAC verification failed
> May 6 19:44:53 OpenWrt syslog: 03[ENC] verifying encrypted payload
> integrity failed
> May 6 19:44:53 OpenWrt syslog: 03[ENC] could not decrypt payloads
> May 6 19:44:53 OpenWrt syslog: 03[IKE] integrity check failed
> May 6 19:44:53 OpenWrt syslog: 03[IKE] IKE_AUTH request with message
> ID 1 processing failed
> May 6 19:44:54 OpenWrt syslog: 02[NET] received packet: from
> 192.168.0.3[4500] to 192.168.0.4[4500] (7188 bytes)
> May 6 19:44:54 OpenWrt syslog: 02[ENC] parsed IKE_AUTH request 1 [
> IDi CERT CERT CERTREQ AUTH N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6
> DNS6 SRV6) SA TSi TSr ]
> May 6 19:44:54 OpenWrt syslog: 02[IKE] received 37 cert requests for
> an unknown ca
> May 6 19:44:54 OpenWrt syslog: 02[IKE] received end entity cert
> "C=PL, ST=Malopolska, O=yyy, OU=Sec man, CN=yyy.pl, E=y at yy.pl"
> May 6 19:44:54 OpenWrt syslog: 02[IKE] received issuer cert "C=PL,
> ST=Malopolska, O=Medycyna Praktyczna Publishing House, OU=MP For
> authorizded use only, CN=yyy, E=admin at yy.pl"
> May 6 19:44:54 OpenWrt syslog: 02[CFG] looking for peer configs
> matching 192.168.0.4[%any]...192.168.0.3[C=PL, ST=Malopolska, O=yyy,
> OU=Sec man, CN=yyy.pl, E=y at yy.pl]
> May 6 19:44:54 OpenWrt syslog: 02[CFG] no matching peer config found
> May 6 19:44:54 OpenWrt syslog: 02[IKE] peer supports MOBIKE
> May 6 19:44:54 OpenWrt syslog: 02[ENC] generating IKE_AUTH response 1
> [ N(AUTH_FAILED) ]
> May 6 19:44:54 OpenWrt syslog: 02[NET] sending packet: from
> 192.168.0.4[4500] to 192.168.0.3[4500] (68 bytes)
>
>
> ---
> Ta wiadomość e-mail jest wolna od wirusów i złośliwego oprogramowania,
> ponieważ ochrona avast! Antivirus jest aktywna.
> http://www.avast.com
>
More information about the Users
mailing list