[strongSwan] openwrt ikev2

Rafał Sanocki rafal.sanocki at gmail.com
Thu May 7 12:10:48 CEST 2015



W dniu 2015-05-06 o 19:49, Rafał Sanocki pisze:
> Hi, i cant run ipsec on my OpenWRT,
> pleas for any help
>
> client [win8] ---- router -----switch ------ router [openWRT - ipsec]
>                       (router cient) 192.168.0.3 ------- 192.168.0.4 ( 
> server)
>
> [strongswan.conf ]
> charon {
>         load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 
> revocation hmac stroke kernel-netlink socket-default updown attr farp 
> dhcp
>         dns1=192.168.10.1
>         load_modular = yes
>         i_dont_care_about_security_and_use_aggressive_mode_psk = yes
>         max_packet=20000
>         plugins {
>                 include strongswan.d/charon/*.conf
>         }
> }
> libstrongswan {
>         crypto_test {
>                         on_add = yes
>                     }
> }
>
>
> [ipsec.conf]
> config setup
>         charondebug="dmn 1, mgr 1, ike 1, chd 1, job 1, cfg 1, knl 1, 
> net 1, enc 1, lib 1"
>
>
> conn vpn-ikev2
>     keyexchange=ikev2
>     type=transport
>     leftsubnet=0.0.0.0/0
>     left=%any
>     leftfirewall = yes
>     leftcert=proxyWRT.s.cert
>     leftid="C=PL, ST=Malopolska, O=xxx, OU=Sec man, CN=px.xxx.org.pl, 
> E=kontakt at xxx.org.pl"
>     authby=rsasig
>     right=%any
>     rightrsasigkey=%cert
>     rightid="C=PL, ST=Malopolska, O=xxx, OU=Sec man, CN=*, 
> E=kontakt at xxx.org.pl"
>     auto=add
>
> [log] ipsec start
>
> May  6 19:35:36 OpenWrt ipsec_starter[12722]: Starting weakSwan 5.2.2 
> IPsec [starter]...
> May  6 19:35:36 OpenWrt ipsec_starter[12722]: !! Your strongswan.conf 
> contains manual plugin load options for charon.
> May  6 19:35:36 OpenWrt ipsec_starter[12722]: !! This is recommended 
> for experts only, see
> May  6 19:35:36 OpenWrt ipsec_starter[12722]: !! 
> http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad
> May  6 19:35:36 OpenWrt syslog: ah4 is already loaded
> May  6 19:35:36 OpenWrt syslog: esp4 is already loaded
> May  6 19:35:36 OpenWrt syslog: ipcomp is already loaded
> May  6 19:35:36 OpenWrt syslog: xfrm4_tunnel is already loaded
> May  6 19:35:36 OpenWrt syslog: xfrm_user is already loaded
> May  6 19:35:36 OpenWrt syslog: 00[DMN] Starting IKE charon daemon 
> (strongSwan 5.2.2, Linux 3.10.49, mips)
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  RNG_WEAK[gcrypt]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled RNG_WEAK[openssl]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled RNG_STRONG[gcrypt]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled RNG_STRONG[openssl]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled RNG_STRONG[random]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  RNG_TRUE[gcrypt]: 
> skipping test (disabled by config)
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  RNG_TRUE[random]: 
> skipping test (disabled by config)
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA1[af-alg]: 
> passed 4 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA1[gcrypt]: 
> passed 4 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA1[openssl]: 
> passed 4 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  HASH_SHA1[sha1]: 
> passed 4 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CBC[aes]: passed 
> 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CBC[aes]: passed 
> 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CBC[aes]: passed 
> 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  HASH_MD5[af-alg]: 
> passed 7 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_SHA1_96[af-alg]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_SHA1_128[af-alg]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_SHA1_160[af-alg]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_MD5_96[af-alg]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_MD5_128[af-alg]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled PRF_HMAC_SHA1[af-alg]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled PRF_HMAC_MD5[af-alg]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled DES_CBC[af-alg]: 
> des_cbc1 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled DES_ECB[af-alg]: 
> des_ecb1 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled 3DES_CBC[af-alg]: 
> des3_cbc1 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled AES_CBC[af-alg]: 
> aes_cbc1 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled AES_CBC[af-alg]: 
> aes_cbc1 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled AES_CBC[af-alg]: 
> aes_cbc1 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> BLOWFISH_CBC[blowfish]: passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> PRF_KEYED_SHA1[openssl]: no test vectors found
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled PRF_KEYED_SHA1[sha1]: 
> no test vectors found
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> PRF_FIPS_SHA1_160[fips-prf]: passed 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CTR[gcrypt]: 
> passed 9 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CTR[gcrypt]: 
> passed 9 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CTR[gcrypt]: 
> passed 9 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CBC[gcrypt]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CBC[gcrypt]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CBC[gcrypt]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled BLOWFISH_CBC[gcrypt]: 
> passed 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CTR[gcrypt]: 
> passed 9 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CTR[gcrypt]: 
> passed 9 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CTR[gcrypt]: 
> passed 9 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CBC[gcrypt]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CBC[gcrypt]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAMELLIA_CBC[gcrypt]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  CAST_CBC[gcrypt]: 
> passed 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  3DES_CBC[gcrypt]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  DES_CBC[gcrypt]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  DES_ECB[gcrypt]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled SERPENT_CBC[gcrypt]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled SERPENT_CBC[gcrypt]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled SERPENT_CBC[gcrypt]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled TWOFISH_CBC[gcrypt]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled TWOFISH_CBC[gcrypt]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  HASH_MD4[gcrypt]: 
> passed 7 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  HASH_MD5[gcrypt]: 
> passed 7 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA224[gcrypt]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA256[gcrypt]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA384[gcrypt]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA512[gcrypt]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  HASH_MD4[md4]: passed 
> 7 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CBC[openssl]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CBC[openssl]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  AES_CBC[openssl]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled CAST_CBC[openssl]: 
> passed 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled BLOWFISH_CBC[openssl]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 3DES_CBC[openssl]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  DES_CBC[openssl]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  DES_ECB[openssl]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  NULL[openssl]: passed 
> 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_MD4[openssl]: 
> passed 7 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_MD5[openssl]: 
> passed 7 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA224[openssl]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA256[openssl]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA384[openssl]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA512[openssl]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled PRF_HMAC_MD5[openssl]: 
> passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> PRF_HMAC_SHA1[openssl]: passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> PRF_HMAC_SHA2_256[openssl]: passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> PRF_HMAC_SHA2_384[openssl]: passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> PRF_HMAC_SHA2_512[openssl]: passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_MD5_96[openssl]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_MD5_128[openssl]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HMAC_SHA1_96[openssl]: 
> passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA1_128[openssl]: passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA1_160[openssl]: passed 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_256_128[openssl]: passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_256_256[openssl]: no test vectors found
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_384_192[openssl]: passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_384_384[openssl]: no test vectors found
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_512_256[openssl]: passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_512_512[openssl]: no test vectors found
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_8[openssl]: 
> passed 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_8[openssl]: 
> passed 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_8[openssl]: 
> passed 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_12[openssl]: 
> passed 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_12[openssl]: 
> passed 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_12[openssl]: 
> passed 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_16[openssl]: 
> passed 12 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_16[openssl]: 
> passed 12 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_GCM_16[openssl]: 
> passed 12 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled PRF_AES128_XCBC[xcbc]: 
> passed 7 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> PRF_CAMELLIA128_XCBC[xcbc]: passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> CAMELLIA_XCBC_96[xcbc]: passed 1 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled AES_XCBC_96[xcbc]: 
> passed 5 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  3DES_CBC[des]: passed 
> 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  DES_CBC[des]: passed 
> 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  DES_ECB[des]: passed 
> 2 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA224[sha2]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA256[sha2]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA384[sha2]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled HASH_SHA512[sha2]: 
> passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled  HASH_MD5[md5]: passed 
> 7 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled PRF_HMAC_SHA1[hmac]: 
> sha1_hmac_p1 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled PRF_HMAC_MD5[hmac]: 
> md5_hmac_p1 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> PRF_HMAC_SHA2_256[hmac]: passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> PRF_HMAC_SHA2_384[hmac]: passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> PRF_HMAC_SHA2_512[hmac]: passed 6 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled HMAC_SHA1_96[hmac]: 
> sha1_hmac_s1 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled HMAC_SHA1_128[hmac]: 
> sha1_hmac_s2 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled HMAC_SHA1_160[hmac]: 
> sha1_hmac_s3 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled HMAC_MD5_96[hmac]: 
> md5_hmac_s1 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] disabled HMAC_MD5_128[hmac]: 
> md5_hmac_s2 test vector failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_256_128[hmac]: passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_256_256[hmac]: no test vectors found
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_384_192[hmac]: passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_384_384[hmac]: no test vectors found
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_512_256[hmac]: passed 3 test vectors
> May  6 19:35:36 OpenWrt syslog: 00[LIB] enabled 
> HMAC_SHA2_512_512[hmac]: no test vectors found
> May  6 19:35:36 OpenWrt syslog: 00[CFG] loading ca certificates from 
> '/etc/ipsec.d/cacerts'
> May  6 19:35:36 OpenWrt syslog: 00[CFG]   loaded ca certificate "C=PL, 
> ST=Malopolska, O=xxx, OU=Sec man, CN=xxx.org.pl, E=kontakt at xxx.org.pl" 
> from '/etc/ipsec.d/cacerts/cacert.pem'
> May  6 19:35:36 OpenWrt syslog: 00[LIB] OpenSSL X.509 parsing failed
> May  6 19:35:36 OpenWrt syslog: 00[LIB] building CRED_CERTIFICATE - 
> X509 failed, tried 5 builders
> May  6 19:35:36 OpenWrt syslog: 00[CFG]   loading ca certificate from 
> '/etc/ipsec.d/cacerts/cakey.pem' failed
> May  6 19:35:36 OpenWrt syslog: 00[CFG] loading aa certificates from 
> '/etc/ipsec.d/aacerts'
> May  6 19:35:36 OpenWrt syslog: 00[CFG] loading ocsp signer 
> certificates from '/etc/ipsec.d/ocspcerts'
> May  6 19:35:36 OpenWrt syslog: 00[CFG] loading attribute certificates 
> from '/etc/ipsec.d/acerts'
> May  6 19:35:36 OpenWrt syslog: 00[CFG] loading crls from 
> '/etc/ipsec.d/crls'
> May  6 19:35:36 OpenWrt syslog: 00[CFG] loading secrets from 
> '/etc/ipsec.secrets'
> May  6 19:35:38 OpenWrt syslog: 00[CFG]   loaded RSA private key from 
> '/etc/ipsec.d/private/proxyWRT.s.key'
> May  6 19:35:38 OpenWrt syslog: 00[LIB] loaded plugins: charon aes 
> af-alg blowfish constraints dnskey fips-prf gcrypt md4 openssl pgp 
> pkcs11 pkcs8 pubkey resolve test-vectors xauth-generic xcbc des sha1 
> sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke 
> kernel-netlink socket-default updown attr farp dhcp
> May  6 19:35:38 OpenWrt syslog: 00[LIB] unable to load 4 plugin 
> features (4 due to unmet dependencies)
> May  6 19:35:38 OpenWrt syslog: 00[JOB] spawning 16 worker threads
> May  6 19:35:38 OpenWrt ipsec_starter[12735]: charon (12736) started 
> after 1600 ms
> May  6 19:35:38 OpenWrt syslog: 11[CFG] received stroke: add 
> connection 'vpn-ikev2'
> May  6 19:35:38 OpenWrt syslog: 11[CFG] left nor right host is our 
> side, assuming left=local
> May  6 19:35:38 OpenWrt syslog: 11[CFG]   loaded certificate "C=PL, 
> ST=Malopolska, O=xxx, OU=Sec man, CN=px.xxx.org.pl, 
> E=kontakt at xxx.org.pl" from 'proxyWRT.s.cert'
> May  6 19:35:38 OpenWrt syslog: 11[CFG] added configuration 'vpn-ikev2'
>
> when i try connect
>
> May  6 19:44:51 OpenWrt syslog: 05[NET] received packet: from 
> 192.168.0.3[500] to 192.168.0.4[500] (880 bytes)
> May  6 19:44:51 OpenWrt syslog: 05[ENC] parsed IKE_SA_INIT request 0 [ 
> SA KE No N(NATD_S_IP) N(NATD_D_IP) V V V V ]
> May  6 19:44:51 OpenWrt syslog: 05[ENC] received unknown vendor ID: 
> 1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:09
> May  6 19:44:51 OpenWrt syslog: 05[ENC] received unknown vendor ID: 
> fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
> May  6 19:44:51 OpenWrt syslog: 05[ENC] received unknown vendor ID: 
> 26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
> May  6 19:44:51 OpenWrt syslog: 05[ENC] received unknown vendor ID: 
> 01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
> May  6 19:44:51 OpenWrt syslog: 05[IKE] 192.168.0.3 is initiating an 
> IKE_SA
> May  6 19:44:51 OpenWrt syslog: 05[IKE] 192.168.0.3 is initiating an 
> IKE_SA
> May  6 19:44:51 OpenWrt syslog: 05[IKE] remote host is behind NAT
> May  6 19:44:51 OpenWrt syslog: 05[IKE] sending cert request for 
> "C=PL, ST=Malopolska, O=xxx, OU=Sec man, CN=xxx.org.pl, 
> E=kontakt at xxx.org.pl"
> May  6 19:44:51 OpenWrt syslog: 05[ENC] generating IKE_SA_INIT 
> response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
> May  6 19:44:51 OpenWrt syslog: 05[NET] sending packet: from 
> 192.168.0.4[500] to 192.168.0.3[500] (333 bytes)
> May  6 19:44:52 OpenWrt syslog: 04[NET] received packet: from 
> 192.168.0.3[4500] to 192.168.0.4[4500] (7188 bytes)
> May  6 19:44:52 OpenWrt syslog: 04[LIB] MAC verification failed
> May  6 19:44:52 OpenWrt syslog: 04[ENC] verifying encrypted payload 
> integrity failed
> May  6 19:44:52 OpenWrt syslog: 04[ENC] could not decrypt payloads
> May  6 19:44:52 OpenWrt syslog: 04[IKE] integrity check failed
> May  6 19:44:52 OpenWrt syslog: 04[IKE] IKE_AUTH request with message 
> ID 1 processing failed
> May  6 19:44:53 OpenWrt syslog: 03[NET] received packet: from 
> 192.168.0.3[4500] to 192.168.0.4[4500] (7188 bytes)
> May  6 19:44:53 OpenWrt syslog: 03[LIB] MAC verification failed
> May  6 19:44:53 OpenWrt syslog: 03[ENC] verifying encrypted payload 
> integrity failed
> May  6 19:44:53 OpenWrt syslog: 03[ENC] could not decrypt payloads
> May  6 19:44:53 OpenWrt syslog: 03[IKE] integrity check failed
> May  6 19:44:53 OpenWrt syslog: 03[IKE] IKE_AUTH request with message 
> ID 1 processing failed
> May  6 19:44:54 OpenWrt syslog: 02[NET] received packet: from 
> 192.168.0.3[4500] to 192.168.0.4[4500] (7188 bytes)
> May  6 19:44:54 OpenWrt syslog: 02[ENC] parsed IKE_AUTH request 1 [ 
> IDi CERT CERT CERTREQ AUTH N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 
> DNS6 SRV6) SA TSi TSr ]
> May  6 19:44:54 OpenWrt syslog: 02[IKE] received 37 cert requests for 
> an unknown ca
> May  6 19:44:54 OpenWrt syslog: 02[IKE] received end entity cert 
> "C=PL, ST=Malopolska, O=yyy, OU=Sec man, CN=yyy.pl, E=y at yy.pl"
> May  6 19:44:54 OpenWrt syslog: 02[IKE] received issuer cert "C=PL, 
> ST=Malopolska, O=Medycyna Praktyczna Publishing House, OU=MP For 
> authorizded use only, CN=yyy, E=admin at yy.pl"
> May  6 19:44:54 OpenWrt syslog: 02[CFG] looking for peer configs 
> matching 192.168.0.4[%any]...192.168.0.3[C=PL, ST=Malopolska, O=yyy, 
> OU=Sec man, CN=yyy.pl, E=y at yy.pl]
> May  6 19:44:54 OpenWrt syslog: 02[CFG] no matching peer config found
> May  6 19:44:54 OpenWrt syslog: 02[IKE] peer supports MOBIKE
> May  6 19:44:54 OpenWrt syslog: 02[ENC] generating IKE_AUTH response 1 
> [ N(AUTH_FAILED) ]
> May  6 19:44:54 OpenWrt syslog: 02[NET] sending packet: from 
> 192.168.0.4[4500] to 192.168.0.3[4500] (68 bytes)
>
>
> ---
> Ta wiadomość e-mail jest wolna od wirusów i złośliwego oprogramowania, 
> ponieważ ochrona avast! Antivirus jest aktywna.
> http://www.avast.com
>



More information about the Users mailing list