[strongSwan] Client Attestation in StrongSwan

Charak, Vikas vicharak at verisign.com
Tue May 31 17:57:19 CEST 2016


Hi,
I need help/suggestion on the issue I am facing with StrongSwan attestation.

I am working on enabling StrongSwan to verify PCRS of  TPM of  a client machine.
I followed instruction from StrongSwan wiki:

https://wiki.strongswan.org/projects/strongswan/wiki/IMA

I have a client with CENTOS 7 client with TPM Emulator  and Trousers s/w running tpm_version  version prints following

tpm_version

  TPM 1.2 Version Info:

  Chip Version:        1.2.18.145

  Spec Level:          2

  Errata Revision:     3

  TPM Vendor ID:       IBM

  TPM Version:         01010000

  Manufacturer Info:   49424d00

So all good here.

Following the instructions, I installed strongTNC Manager also..
Looks like client is connecting to the server fine as can be seen from the log statements . I see the device id being generated also in logs but strongTNC manager does not show that device id.
As per instruction , I suppose the devices will get added to the SqlLite db as soon they connect to the server and then they can be made to Trust by checking the box in the strongTNC UI.
Here is the partial log from  the server side (ss-moon).
I see imv_attestation_agent :no workitems available - no evaluation possible
(I added imv_attestation_agent to the src code to see  from where the above message is coming)

imcv.conf on serverside (moon) has following
libimcv {
        plugins {
                imv-attestation {
                database = sqlite:///etc/pts/config.db
                hash_algorithm = sha1
        }
        }
}

And
 /etc/tnc_config on server has

IMV "Attestation" /usr/lib64/strongswan/imcvs/imv-attestation.so


Please let me know if you any thing else .




May 31 15:47:05 ss-moon charon: 07[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ]

May 31 15:47:05 ss-moon charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]

May 31 15:47:05 ss-moon charon: 07[TNC] assigned TNCCS Connection ID 2

May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh

May 31 15:47:05 ss-moon charon: 07[IMV]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes

May 31 15:47:05 ss-moon charon: 07[IMV]   user AR identity 'ss-carol' of type username authenticated by certificate

May 31 15:47:05 ss-moon charon: 07[IMV]   machine AR identity ‘<IP>' of type IPv4 address authenticated by unknown method

May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Handshake'

May 31 15:47:05 ss-moon charon: 07[TNC] received TNCCS batch (360 bytes)

May 31 15:47:05 ss-moon charon: 07[TNC] => 360 bytes @ 0x7fb8480018b6

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 02 00 00 01 00 00 01 68 00 00 00 00 00 00 00 06  .......h........

May 31 15:47:05 ss-moon charon: 07[TNC]   16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75  ....Accept-Langu

May 31 15:47:05 ss-moon charon: 07[TNC]   32: 61 67 65 3A 20 65 6E 80 00 00 00 00 00 00 01 00  age: en.........

May 31 15:47:05 ss-moon charon: 07[TNC]   48: 00 00 F1 00 00 00 00 00 00 00 01 00 01 FF FF 01  ................

May 31 15:47:05 ss-moon charon: 07[TNC]   64: 00 00 00 44 53 1E 5F 00 00 00 00 00 00 00 02 00  ...DS._.........

May 31 15:47:05 ss-moon charon: 07[TNC]   80: 00 00 17 00 00 00 00 00 43 65 6E 74 4F 53 00 00  ........CentOS..

May 31 15:47:05 ss-moon charon: 07[TNC]   96: 00 00 00 00 00 04 00 00 00 26 17 37 2E 31 2E 31  .........&.7.1.1

May 31 15:47:05 ss-moon charon: 07[TNC]  112: 35 30 33 20 28 43 6F 72 65 29 20 20 78 38 36 5F  503 (Core)  x86_

May 31 15:47:05 ss-moon charon: 07[TNC]  128: 36 34 00 00 00 00 00 00 00 00 00 03 00 00 00 1C  64..............

May 31 15:47:05 ss-moon charon: 07[TNC]  144: 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00  ................

May 31 15:47:05 ss-moon charon: 07[TNC]  160: 00 00 00 00 00 00 00 05 00 00 00 24 03 01 00 00  ...........$....

May 31 15:47:05 ss-moon charon: 07[TNC]  176: 32 30 31 36 2D 30 35 2D 32 39 54 31 36 3A 32 36  2016-05-29T16:26

May 31 15:47:05 ss-moon charon: 07[TNC]  192: 3A 30 32 5A 00 00 00 00 00 00 00 0B 00 00 00 10  :02Z............

May 31 15:47:05 ss-moon charon: 07[TNC]  208: 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 10  ................

May 31 15:47:05 ss-moon charon: 07[TNC]  224: 00 00 00 00 00 00 90 2A 00 00 00 08 00 00 00 34  .......*.......4

May 31 15:47:05 ss-moon charon: 07[TNC]  240: 33 38 65 30 33 33 30 37 32 36 38 31 30 39 35 63  38e033072681095c

May 31 15:47:05 ss-moon charon: 07[TNC]  256: 31 31 66 35 62 36 35 30 66 65 31 36 61 38 65 37  11f5b650fe16a8e7

May 31 15:47:05 ss-moon charon: 07[TNC]  272: 63 62 62 30 38 37 39 32 80 00 00 00 00 00 00 01  cbb08792........

May 31 15:47:05 ss-moon charon: 07[TNC]  288: 00 00 00 50 00 00 00 00 00 00 00 07 00 02 FF FF  ...P............

May 31 15:47:05 ss-moon charon: 07[TNC]  304: 01 00 00 00 97 8B C2 6F 80 00 00 00 00 00 00 06  .......o........

May 31 15:47:05 ss-moon charon: 07[TNC]  320: 00 00 00 30 00 06 47 05 00 06 00 16 00 11 01 F4  ...0..G.........

May 31 15:47:05 ss-moon charon: 07[TNC]  336: 00 11 E1 00 00 11 00 44 00 11 11 94 00 11 A8 9F  .......D........

May 31 15:47:05 ss-moon charon: 07[TNC]  352: 00 11 40 7A 00 11 F3 AB                          .. at z....

May 31 15:47:05 ss-moon charon: 07[TNC] TNC server is handling inbound connection

May 31 15:47:05 ss-moon charon: 07[TNC] processing PB-TNC CDATA batch for Connection ID 2

May 31 15:47:05 ss-moon charon: 07[TNC] PB-TNC state transition from 'Init' to 'Server Working'

May 31 15:47:05 ss-moon charon: 07[TNC] processing IETF/PB-Language-Preference message (31 bytes)

May 31 15:47:05 ss-moon charon: 07[TNC] processing IETF/PB-PA message (241 bytes)

May 31 15:47:05 ss-moon charon: 07[TNC] processing IETF/PB-PA message (80 bytes)

May 31 15:47:05 ss-moon charon: 07[TNC] setting language preference to 'en'

May 31 15:47:05 ss-moon charon: 07[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001

May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 1

May 31 15:47:05 ss-moon charon: 07[IMV] => 217 bytes @ 0x7fb848003770

May 31 15:47:05 ss-moon charon: 07[IMV]    0: 01 00 00 00 44 53 1E 5F 00 00 00 00 00 00 00 02  ....DS._........

May 31 15:47:05 ss-moon charon: 07[IMV]   16: 00 00 00 17 00 00 00 00 00 43 65 6E 74 4F 53 00  .........CentOS.

May 31 15:47:05 ss-moon charon: 07[IMV]   32: 00 00 00 00 00 00 04 00 00 00 26 17 37 2E 31 2E  ..........&.7.1.

May 31 15:47:05 ss-moon charon: 07[IMV]   48: 31 35 30 33 20 28 43 6F 72 65 29 20 20 78 38 36  1503 (Core)  x86

May 31 15:47:05 ss-moon charon: 07[IMV]   64: 5F 36 34 00 00 00 00 00 00 00 00 00 03 00 00 00  _64.............

May 31 15:47:05 ss-moon charon: 07[IMV]   80: 1C 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00  ................

May 31 15:47:05 ss-moon charon: 07[IMV]   96: 00 00 00 00 00 00 00 00 05 00 00 00 24 03 01 00  ............$...

May 31 15:47:05 ss-moon charon: 07[IMV]  112: 00 32 30 31 36 2D 30 35 2D 32 39 54 31 36 3A 32  .2016-05-29T16:2

May 31 15:47:05 ss-moon charon: 07[IMV]  128: 36 3A 30 32 5A 00 00 00 00 00 00 00 0B 00 00 00  6:02Z...........

May 31 15:47:05 ss-moon charon: 07[IMV]  144: 10 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00  ................

May 31 15:47:05 ss-moon charon: 07[IMV]  160: 10 00 00 00 00 00 00 90 2A 00 00 00 08 00 00 00  ........*.......

May 31 15:47:05 ss-moon charon: 07[IMV]  176: 34 33 38 65 30 33 33 30 37 32 36 38 31 30 39 35  438e033072681095

May 31 15:47:05 ss-moon charon: 07[IMV]  192: 63 31 31 66 35 62 36 35 30 66 65 31 36 61 38 65  c11f5b650fe16a8e

May 31 15:47:05 ss-moon charon: 07[IMV]  208: 37 63 62 62 30 38 37 39 32                       7cbb08792

May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC message with ID 0x44531e5f

May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002

May 31 15:47:05 ss-moon charon: 07[TNC] => 11 bytes @ 0x7fb848003784

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 00 00 00 00 00 43 65 6E 74 4F 53                 .....CentOS

May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004

May 31 15:47:05 ss-moon charon: 07[TNC] => 26 bytes @ 0x7fb84800379b

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 17 37 2E 31 2E 31 35 30 33 20 28 43 6F 72 65 29  .7.1.1503 (Core)

May 31 15:47:05 ss-moon charon: 07[TNC]   16: 20 20 78 38 36 5F 36 34 00 00                      x86_64..

May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003

May 31 15:47:05 ss-moon charon: 07[TNC] => 16 bytes @ 0x7fb8480037c1

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00  ................

May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005

May 31 15:47:05 ss-moon charon: 07[TNC] => 24 bytes @ 0x7fb8480037dd

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 03 01 00 00 32 30 31 36 2D 30 35 2D 32 39 54 31  ....2016-05-29T1

May 31 15:47:05 ss-moon charon: 07[TNC]   16: 36 3A 32 36 3A 30 32 5A                          6:26:02Z

May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b

May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848003801

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 00 00 00 00                                      ....

May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c

May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848003811

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 00 00 00 00                                      ....

May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008

May 31 15:47:05 ss-moon charon: 07[TNC] => 40 bytes @ 0x7fb848003821

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 33 38 65 30 33 33 30 37 32 36 38 31 30 39 35 63  38e033072681095c

May 31 15:47:05 ss-moon charon: 07[TNC]   16: 31 31 66 35 62 36 35 30 66 65 31 36 61 38 65 37  11f5b650fe16a8e7

May 31 15:47:05 ss-moon charon: 07[TNC]   32: 63 62 62 30 38 37 39 32                          cbb08792

May 31 15:47:05 ss-moon charon: 07[IMV] operating system name is 'CentOS'

May 31 15:47:05 ss-moon charon: 07[IMV] operating system version is '7.1.1503 (Core)  x86_64'

May 31 15:47:05 ss-moon charon: 07[IMV] device ID is 38e033072681095c11f5b650fe16a8e7cbb08792

May 31 15:47:05 ss-moon charon: 07[TNC] handling PB-PA message type 'IETF/VPN' 0x000000/0x00000007

May 31 15:47:05 ss-moon charon: 07[TNC] message type 0x000000/0x00000007 not supported by any IMV

May 31 15:47:05 ss-moon charon: 07[IMV] imv_id=1

May 31 15:47:05 ss-moon charon: 07[IMV] imv_attestation_agent

May 31 15:47:05 ss-moon charon: 07[IMV] imv_attestation_agent :no workitems available - no evaluation possible

May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001

May 31 15:47:05 ss-moon charon: 07[IMV]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes

May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC message with ID 0x65852610

May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021

May 31 15:47:05 ss-moon charon: 07[TNC] => 8 bytes @ 0x7fb848003780

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 05 F5 E1 00 00 00 FF A6                          ........

May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000

May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848002660

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 00 00 00 0E                                      ....

May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000

May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848003da0

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 00 00 80 00                                      ....

May 31 15:47:05 ss-moon charon: 07[IMV] created PA-TNC message: => 60 bytes @ 0x7fb848003460

May 31 15:47:05 ss-moon charon: 07[IMV]    0: 01 00 00 00 65 85 26 10 00 00 55 97 00 00 00 21  ....e.&...U....!

May 31 15:47:05 ss-moon charon: 07[IMV]   16: 00 00 00 14 05 F5 E1 00 00 00 FF A6 80 00 55 97  ..............U.

May 31 15:47:05 ss-moon charon: 07[IMV]   32: 01 00 00 00 00 00 00 10 00 00 00 0E 80 00 55 97  ..............U.

May 31 15:47:05 ss-moon charon: 07[IMV]   48: 06 00 00 00 00 00 00 10 00 00 80 00              ............

May 31 15:47:05 ss-moon charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001

May 31 15:47:05 ss-moon charon: 07[TNC] TNC server is handling outbound connection

May 31 15:47:05 ss-moon charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'

May 31 15:47:05 ss-moon charon: 07[TNC] creating PB-TNC SDATA batch

May 31 15:47:05 ss-moon charon: 07[TNC] adding IETF/PB-PA message

May 31 15:47:05 ss-moon charon: 07[TNC] sending PB-TNC SDATA batch (92 bytes) for Connection ID 2

May 31 15:47:05 ss-moon charon: 07[TNC] => 92 bytes @ 0x7fb848003ea0

May 31 15:47:05 ss-moon charon: 07[TNC]    0: 02 80 00 02 00 00 00 5C 80 00 00 00 00 00 00 01  .......\........

May 31 15:47:05 ss-moon charon: 07[TNC]   16: 00 00 00 54 00 00 55 97 00 00 00 01 FF FF 00 01  ...T..U.........

May 31 15:47:05 ss-moon charon: 07[TNC]   32: 01 00 00 00 65 85 26 10 00 00 55 97 00 00 00 21  ....e.&...U....!

May 31 15:47:05 ss-moon charon: 07[TNC]   48: 00 00 00 14 05 F5 E1 00 00 00 FF A6 80 00 55 97  ..............U.

May 31 15:47:05 ss-moon charon: 07[TNC]   64: 01 00 00 00 00 00 00 10 00 00 00 0E 80 00 55 97  ..............U.

May 31 15:47:05 ss-moon charon: 07[TNC]   80: 06 00 00 00 00 00 00 10 00 00 80 00              ............

May 31 15:47:05 ss-moon charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]

May 31 15:47:05 ss-moon charon: 07[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ]

May 31 15:47:05 ss-moon charon: 07[NET] sending packet: from 172.28.128.4[4500] to 172.28.128.5[4500] (224 bytes)

May 31 15:47:05 ss-moon charon: 02[NET] received packet: from 172.28.128.5[4500] to 172.28.128.4[4500] (224 bytes)

May 31 15:47:05 ss-moon charon: 02[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ]

May 31 15:47:05 ss-moon charon: 02[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]

May 31 15:47:05 ss-moon charon: 02[TNC] received TNCCS batch (92 bytes)

May 31 15:47:05 ss-moon charon: 02[TNC] => 92 bytes @ 0x7fb8340008c6

May 31 15:47:05 ss-moon charon: 02[TNC]    0: 02 00 00 01 00 00 00 5C 80 00 00 00 00 00 00 01  .......\........

May 31 15:47:05 ss-moon charon: 02[TNC]   16: 00 00 00 54 80 00 55 97 00 00 00 01 00 03 00 01  ...T..U.........

May 31 15:47:05 ss-moon charon: 02[TNC]   32: 01 00 00 00 B3 F1 23 9B 00 00 55 97 00 00 00 22  ......#...U...."

May 31 15:47:05 ss-moon charon: 02[TNC]   48: 00 00 00 14 05 F5 E1 00 00 00 7F A6 00 00 55 97  ..............U.

May 31 15:47:05 ss-moon charon: 02[TNC]   64: 02 00 00 00 00 00 00 10 00 00 00 0E 00 00 55 97  ..............U.

May 31 15:47:05 ss-moon charon: 02[TNC]   80: 07 00 00 00 00 00 00 10 00 00 80 00              ............

May 31 15:47:05 ss-moon charon: 02[TNC] TNC server is handling inbound connection

May 31 15:47:05 ss-moon charon: 02[TNC] processing PB-TNC CDATA batch for Connection ID 2

May 31 15:47:05 ss-moon charon: 02[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'

May 31 15:47:05 ss-moon charon: 02[TNC] processing IETF/PB-PA message (84 bytes)

May 31 15:47:05 ss-moon charon: 02[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001

May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 3 to IMV 1

May 31 15:47:05 ss-moon charon: 02[IMV] => 60 bytes @ 0x7fb8340034e0

May 31 15:47:05 ss-moon charon: 02[IMV]    0: 01 00 00 00 B3 F1 23 9B 00 00 55 97 00 00 00 22  ......#...U...."

May 31 15:47:05 ss-moon charon: 02[IMV]   16: 00 00 00 14 05 F5 E1 00 00 00 7F A6 00 00 55 97  ..............U.

May 31 15:47:05 ss-moon charon: 02[IMV]   32: 02 00 00 00 00 00 00 10 00 00 00 0E 00 00 55 97  ..............U.

May 31 15:47:05 ss-moon charon: 02[IMV]   48: 07 00 00 00 00 00 00 10 00 00 80 00              ............

May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC message with ID 0xb3f1239b

May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022

May 31 15:47:05 ss-moon charon: 02[TNC] => 8 bytes @ 0x7fb8340034f4

May 31 15:47:05 ss-moon charon: 02[TNC]    0: 05 F5 E1 00 00 00 7F A6                          ........

May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000

May 31 15:47:05 ss-moon charon: 02[TNC] => 4 bytes @ 0x7fb834003508

May 31 15:47:05 ss-moon charon: 02[TNC]    0: 00 00 00 0E                                      ....

May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000

May 31 15:47:05 ss-moon charon: 02[TNC] => 4 bytes @ 0x7fb834003518

May 31 15:47:05 ss-moon charon: 02[TNC]    0: 00 00 80 00                                      ....

May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 received a segmentation contract response from IMC 3 for PA message type 'TCG/PTS' 0x005597/0x00000001

May 31 15:47:05 ss-moon charon: 02[IMV]   maximum attribute size of 100000000 bytes with maximum segment size of 32678 bytes

May 31 15:47:05 ss-moon charon: 02[PTS] supported PTS protocol capabilities: .VDT.

May 31 15:47:05 ss-moon charon: 02[PTS] selected PTS measurement algorithm is HASH_SHA1

May 31 15:47:05 ss-moon charon: 02[IMV] imv_id=1

May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 has 1.2no workitems - no evaluation requested

May 31 15:47:05 ss-moon charon: 02[TNC] creating PA-TNC message with ID 0x2c467f5a

May 31 15:47:05 ss-moon charon: 02[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009

May 31 15:47:05 ss-moon charon: 02[TNC] => 4 bytes @ 0x7fb834000ee0

May 31 15:47:05 ss-moon charon: 02[TNC]    0: 00 00 00 04                                      ....

May 31 15:47:05 ss-moon charon: 02[IMV] created PA-TNC message: => 24 bytes @ 0x7fb834002c30

May 31 15:47:05 ss-moon charon: 02[IMV]    0: 01 00 00 00 2C 46 7F 5A 00 00 00 00 00 00 00 09  ....,F.Z........

May 31 15:47:05 ss-moon charon: 02[IMV]   16: 00 00 00 10 00 00 00 04                          ........

May 31 15:47:05 ss-moon charon: 02[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001

May 31 15:47:05 ss-moon charon: 02[TNC] IMV 1 provides recommendation 'allow' and evaluation 'don't know'

May 31 15:47:05 ss-moon charon: 02[TNC] TNC server is handling outbound connection

May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Allowed'

May 31 15:47:05 ss-moon charon: 02[TNC] PB-TNC state transition from 'Server Working' to 'Decided'

May 31 15:47:05 ss-moon charon: 02[TNC] creating PB-TNC RESULT batch

May 31 15:47:05 ss-moon charon: 02[TNC] adding IETF/PB-PA message

May 31 15:47:05 ss-moon charon: 02[TNC] adding IETF/PB-Assessment-Result message

May 31 15:47:05 ss-moon charon: 02[TNC] adding IETF/PB-Access-Recommendation message

May 31 15:47:05 ss-moon charon: 02[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 2

May 31 15:47:05 ss-moon charon: 02[TNC] => 88 bytes @ 0x7fb834005db0

May 31 15:47:05 ss-moon charon: 02[TNC]    0: 02 80 00 03 00 00 00 58 80 00 00 00 00 00 00 01  .......X........

May 31 15:47:05 ss-moon charon: 02[TNC]   16: 00 00 00 30 00 00 55 97 00 00 00 01 FF FF 00 01  ...0..U.........

May 31 15:47:05 ss-moon charon: 02[TNC]   32: 01 00 00 00 2C 46 7F 5A 00 00 00 00 00 00 00 09  ....,F.Z........

May 31 15:47:05 ss-moon charon: 02[TNC]   48: 00 00 00 10 00 00 00 04 80 00 00 00 00 00 00 02  ................

May 31 15:47:05 ss-moon charon: 02[TNC]   64: 00 00 00 10 00 00 00 04 00 00 00 00 00 00 00 03  ................

May 31 15:47:05 ss-moon charon: 02[TNC]   80: 00 00 00 10 00 00 00 01                          ........

May 31 15:47:05 ss-moon charon: 02[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]

May 31 15:47:05 ss-moon charon: 02[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ]

May 31 15:47:05 ss-moon charon: 02[NET] sending packet: from 172.28.128.4[4500] to 172.28.128.5[4500] (224 bytes)

May 31 15:47:05 ss-moon charon: 03[NET] received packet: from 172.28.128.5[4500] to 172.28.128.4[4500] (144 bytes)

May 31 15:47:05 ss-moon charon: 03[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ]

May 31 15:47:05 ss-moon charon: 03[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]

May 31 15:47:05 ss-moon charon: 03[TNC] received TNCCS batch (8 bytes)

May 31 15:47:05 ss-moon charon: 03[TNC] => 8 bytes @ 0x7fb844000dc6

May 31 15:47:05 ss-moon charon: 03[TNC]    0: 02 00 00 06 00 00 00 08                          ........

May 31 15:47:05 ss-moon charon: 03[TNC] TNC server is handling inbound connection

May 31 15:47:05 ss-moon charon: 03[TNC] processing PB-TNC CLOSE batch for Connection ID 2

May 31 15:47:05 ss-moon charon: 03[TNC] PB-TNC state transition from 'Decided' to 'End'

May 31 15:47:05 ss-moon charon: 03[TNC] final recommendation is 'allow' and evaluation is 'don't know'

May 31 15:47:05 ss-moon charon: 03[TNC] policy enforced on peer 'ss-carol.cto.vrsn.com' is 'allow'

May 31 15:47:05 ss-moon charon: 03[TNC] policy enforcement point added group membership 'allow'

May 31 15:47:05 ss-moon charon: 03[IKE] EAP_TTLS phase2 authentication of 'ss-carol.cto.vrsn.com' with EAP_PT_EAP successful

May 31 15:47:05 ss-moon charon: 03[IMV] IMV 1 "Attestation" deleted the state of Connection ID 2

May 31 15:47:05 ss-moon charon: 03[TNC] removed TNCCS Connection ID 2

May 31 15:47:05 ss-moon charon: 03[IKE] EAP method EAP_TTLS succeeded, MSK established

May 31 15:47:05 ss-moon charon: 03[ENC] generating IKE_AUTH response 9 [ EAP/SUCC ]

May 31 15:47:05 ss-moon charon: 03[NET] sending packet: from 172.28.128.4[4500] to 172.28.128.5[4500] (80 bytes)

May 31 15:47:05 ss-moon charon: 04[NET] received packet: from 172.28.128.5[4500] to 172.28.128.4[4500] (112 bytes)

May 31 15:47:05 ss-moon charon: 04[ENC] parsed IKE_AUTH request 10 [ AUTH ]

May 31 15:47:05 ss-moon charon: 04[IKE] authentication of 'ss-carol.cto.vrsn.com' with EAP successful

May 31 15:47:05 ss-moon charon: 04[IKE] authentication of 'ss-moon.cto.vrsn.com' (myself) with EAP

May 31 15:47:05 ss-moon charon: 04[IKE] IKE_SA rw-allow[2] established between 172.28.128.4[ss-moon.cto.vrsn.com]...172.28.128.5[ss-carol.cto.vrsn.com]

May 31 15:47:05 ss-moon charon: 04[IKE] scheduling reauthentication in 9885s

May 31 15:47:05 ss-moon charon: 04[IKE] maximum IKE_SA lifetime 10425s

May 31 15:47:05 ss-moon charon: 04[IKE] CHILD_SA rw-allow{2} established with SPIs cc670f0f_i c65af4da_o and TS 10.1.0.0/28 === 172.28.128.5/32

May 31 15:47:05 ss-moon vpn: + ss-carol.cto.vrsn.com 172.28.128.5 -- 172.28.128.4 == 10.1.0.0/28

May 31 15:47:05 ss-moon charon: 04[ENC] generating IKE_AUTH response 10 [ AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ]

May 31 15:47:05 ss-moon charon: 04[NET] sending packet: from 172.28.128.4[4500] to 172.28.128.5[4500] (224 bytes)






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160531/c3321d1c/attachment-0001.html>


More information about the Users mailing list