[strongSwan] Client Attestation in StrongSwan
Charak, Vikas
vicharak at verisign.com
Tue May 31 20:38:44 CEST 2016
No worries…I figured this one out.
-Vik
From: Users <users-bounces at lists.strongswan.org<mailto:users-bounces at lists.strongswan.org>> on behalf of "Charak, Vikas" <vicharak at verisign.com<mailto:vicharak at verisign.com>>
Date: Tuesday, May 31, 2016 at 11:57 AM
To: "users at lists.strongswan.org<mailto:users at lists.strongswan.org>" <users at lists.strongswan.org<mailto:users at lists.strongswan.org>>
Subject: [strongSwan] Client Attestation in StrongSwan
Hi,
I need help/suggestion on the issue I am facing with StrongSwan attestation.
I am working on enabling StrongSwan to verify PCRS of TPM of a client machine.
I followed instruction from StrongSwan wiki:
https://wiki.strongswan.org/projects/strongswan/wiki/IMA
I have a client with CENTOS 7 client with TPM Emulator and Trousers s/w running tpm_version version prints following
tpm_version
TPM 1.2 Version Info:
Chip Version: 1.2.18.145
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: IBM
TPM Version: 01010000
Manufacturer Info: 49424d00
So all good here.
Following the instructions, I installed strongTNC Manager also..
Looks like client is connecting to the server fine as can be seen from the log statements . I see the device id being generated also in logs but strongTNC manager does not show that device id.
As per instruction , I suppose the devices will get added to the SqlLite db as soon they connect to the server and then they can be made to Trust by checking the box in the strongTNC UI.
Here is the partial log from the server side (ss-moon).
I see imv_attestation_agent :no workitems available - no evaluation possible
(I added imv_attestation_agent to the src code to see from where the above message is coming)
imcv.conf on serverside (moon) has following
libimcv {
plugins {
imv-attestation {
database = sqlite:///etc/pts/config.db
hash_algorithm = sha1
}
}
}
And
/etc/tnc_config on server has
IMV "Attestation" /usr/lib64/strongswan/imcvs/imv-attestation.so
Please let me know if you any thing else .
May 31 15:47:05 ss-moon charon: 07[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ]
May 31 15:47:05 ss-moon charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
May 31 15:47:05 ss-moon charon: 07[TNC] assigned TNCCS Connection ID 2
May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
May 31 15:47:05 ss-moon charon: 07[IMV] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
May 31 15:47:05 ss-moon charon: 07[IMV] user AR identity 'ss-carol' of type username authenticated by certificate
May 31 15:47:05 ss-moon charon: 07[IMV] machine AR identity ‘<IP>' of type IPv4 address authenticated by unknown method
May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Handshake'
May 31 15:47:05 ss-moon charon: 07[TNC] received TNCCS batch (360 bytes)
May 31 15:47:05 ss-moon charon: 07[TNC] => 360 bytes @ 0x7fb8480018b6
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 02 00 00 01 00 00 01 68 00 00 00 00 00 00 00 06 .......h........
May 31 15:47:05 ss-moon charon: 07[TNC] 16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75 ....Accept-Langu
May 31 15:47:05 ss-moon charon: 07[TNC] 32: 61 67 65 3A 20 65 6E 80 00 00 00 00 00 00 01 00 age: en.........
May 31 15:47:05 ss-moon charon: 07[TNC] 48: 00 00 F1 00 00 00 00 00 00 00 01 00 01 FF FF 01 ................
May 31 15:47:05 ss-moon charon: 07[TNC] 64: 00 00 00 44 53 1E 5F 00 00 00 00 00 00 00 02 00 ...DS._.........
May 31 15:47:05 ss-moon charon: 07[TNC] 80: 00 00 17 00 00 00 00 00 43 65 6E 74 4F 53 00 00 ........CentOS..
May 31 15:47:05 ss-moon charon: 07[TNC] 96: 00 00 00 00 00 04 00 00 00 26 17 37 2E 31 2E 31 .........&.7.1.1
May 31 15:47:05 ss-moon charon: 07[TNC] 112: 35 30 33 20 28 43 6F 72 65 29 20 20 78 38 36 5F 503 (Core) x86_
May 31 15:47:05 ss-moon charon: 07[TNC] 128: 36 34 00 00 00 00 00 00 00 00 00 03 00 00 00 1C 64..............
May 31 15:47:05 ss-moon charon: 07[TNC] 144: 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00 ................
May 31 15:47:05 ss-moon charon: 07[TNC] 160: 00 00 00 00 00 00 00 05 00 00 00 24 03 01 00 00 ...........$....
May 31 15:47:05 ss-moon charon: 07[TNC] 176: 32 30 31 36 2D 30 35 2D 32 39 54 31 36 3A 32 36 2016-05-29T16:26
May 31 15:47:05 ss-moon charon: 07[TNC] 192: 3A 30 32 5A 00 00 00 00 00 00 00 0B 00 00 00 10 :02Z............
May 31 15:47:05 ss-moon charon: 07[TNC] 208: 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 10 ................
May 31 15:47:05 ss-moon charon: 07[TNC] 224: 00 00 00 00 00 00 90 2A 00 00 00 08 00 00 00 34 .......*.......4
May 31 15:47:05 ss-moon charon: 07[TNC] 240: 33 38 65 30 33 33 30 37 32 36 38 31 30 39 35 63 38e033072681095c
May 31 15:47:05 ss-moon charon: 07[TNC] 256: 31 31 66 35 62 36 35 30 66 65 31 36 61 38 65 37 11f5b650fe16a8e7
May 31 15:47:05 ss-moon charon: 07[TNC] 272: 63 62 62 30 38 37 39 32 80 00 00 00 00 00 00 01 cbb08792........
May 31 15:47:05 ss-moon charon: 07[TNC] 288: 00 00 00 50 00 00 00 00 00 00 00 07 00 02 FF FF ...P............
May 31 15:47:05 ss-moon charon: 07[TNC] 304: 01 00 00 00 97 8B C2 6F 80 00 00 00 00 00 00 06 .......o........
May 31 15:47:05 ss-moon charon: 07[TNC] 320: 00 00 00 30 00 06 47 05 00 06 00 16 00 11 01 F4 ...0..G.........
May 31 15:47:05 ss-moon charon: 07[TNC] 336: 00 11 E1 00 00 11 00 44 00 11 11 94 00 11 A8 9F .......D........
May 31 15:47:05 ss-moon charon: 07[TNC] 352: 00 11 40 7A 00 11 F3 AB .. at z....
May 31 15:47:05 ss-moon charon: 07[TNC] TNC server is handling inbound connection
May 31 15:47:05 ss-moon charon: 07[TNC] processing PB-TNC CDATA batch for Connection ID 2
May 31 15:47:05 ss-moon charon: 07[TNC] PB-TNC state transition from 'Init' to 'Server Working'
May 31 15:47:05 ss-moon charon: 07[TNC] processing IETF/PB-Language-Preference message (31 bytes)
May 31 15:47:05 ss-moon charon: 07[TNC] processing IETF/PB-PA message (241 bytes)
May 31 15:47:05 ss-moon charon: 07[TNC] processing IETF/PB-PA message (80 bytes)
May 31 15:47:05 ss-moon charon: 07[TNC] setting language preference to 'en'
May 31 15:47:05 ss-moon charon: 07[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 1
May 31 15:47:05 ss-moon charon: 07[IMV] => 217 bytes @ 0x7fb848003770
May 31 15:47:05 ss-moon charon: 07[IMV] 0: 01 00 00 00 44 53 1E 5F 00 00 00 00 00 00 00 02 ....DS._........
May 31 15:47:05 ss-moon charon: 07[IMV] 16: 00 00 00 17 00 00 00 00 00 43 65 6E 74 4F 53 00 .........CentOS.
May 31 15:47:05 ss-moon charon: 07[IMV] 32: 00 00 00 00 00 00 04 00 00 00 26 17 37 2E 31 2E ..........&.7.1.
May 31 15:47:05 ss-moon charon: 07[IMV] 48: 31 35 30 33 20 28 43 6F 72 65 29 20 20 78 38 36 1503 (Core) x86
May 31 15:47:05 ss-moon charon: 07[IMV] 64: 5F 36 34 00 00 00 00 00 00 00 00 00 03 00 00 00 _64.............
May 31 15:47:05 ss-moon charon: 07[IMV] 80: 1C 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 ................
May 31 15:47:05 ss-moon charon: 07[IMV] 96: 00 00 00 00 00 00 00 00 05 00 00 00 24 03 01 00 ............$...
May 31 15:47:05 ss-moon charon: 07[IMV] 112: 00 32 30 31 36 2D 30 35 2D 32 39 54 31 36 3A 32 .2016-05-29T16:2
May 31 15:47:05 ss-moon charon: 07[IMV] 128: 36 3A 30 32 5A 00 00 00 00 00 00 00 0B 00 00 00 6:02Z...........
May 31 15:47:05 ss-moon charon: 07[IMV] 144: 10 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 ................
May 31 15:47:05 ss-moon charon: 07[IMV] 160: 10 00 00 00 00 00 00 90 2A 00 00 00 08 00 00 00 ........*.......
May 31 15:47:05 ss-moon charon: 07[IMV] 176: 34 33 38 65 30 33 33 30 37 32 36 38 31 30 39 35 438e033072681095
May 31 15:47:05 ss-moon charon: 07[IMV] 192: 63 31 31 66 35 62 36 35 30 66 65 31 36 61 38 65 c11f5b650fe16a8e
May 31 15:47:05 ss-moon charon: 07[IMV] 208: 37 63 62 62 30 38 37 39 32 7cbb08792
May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC message with ID 0x44531e5f
May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
May 31 15:47:05 ss-moon charon: 07[TNC] => 11 bytes @ 0x7fb848003784
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 00 00 00 43 65 6E 74 4F 53 .....CentOS
May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
May 31 15:47:05 ss-moon charon: 07[TNC] => 26 bytes @ 0x7fb84800379b
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 17 37 2E 31 2E 31 35 30 33 20 28 43 6F 72 65 29 .7.1.1503 (Core)
May 31 15:47:05 ss-moon charon: 07[TNC] 16: 20 20 78 38 36 5F 36 34 00 00 x86_64..
May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
May 31 15:47:05 ss-moon charon: 07[TNC] => 16 bytes @ 0x7fb8480037c1
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00 ................
May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
May 31 15:47:05 ss-moon charon: 07[TNC] => 24 bytes @ 0x7fb8480037dd
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 03 01 00 00 32 30 31 36 2D 30 35 2D 32 39 54 31 ....2016-05-29T1
May 31 15:47:05 ss-moon charon: 07[TNC] 16: 36 3A 32 36 3A 30 32 5A 6:26:02Z
May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848003801
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 00 00 ....
May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848003811
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 00 00 ....
May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
May 31 15:47:05 ss-moon charon: 07[TNC] => 40 bytes @ 0x7fb848003821
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 33 38 65 30 33 33 30 37 32 36 38 31 30 39 35 63 38e033072681095c
May 31 15:47:05 ss-moon charon: 07[TNC] 16: 31 31 66 35 62 36 35 30 66 65 31 36 61 38 65 37 11f5b650fe16a8e7
May 31 15:47:05 ss-moon charon: 07[TNC] 32: 63 62 62 30 38 37 39 32 cbb08792
May 31 15:47:05 ss-moon charon: 07[IMV] operating system name is 'CentOS'
May 31 15:47:05 ss-moon charon: 07[IMV] operating system version is '7.1.1503 (Core) x86_64'
May 31 15:47:05 ss-moon charon: 07[IMV] device ID is 38e033072681095c11f5b650fe16a8e7cbb08792
May 31 15:47:05 ss-moon charon: 07[TNC] handling PB-PA message type 'IETF/VPN' 0x000000/0x00000007
May 31 15:47:05 ss-moon charon: 07[TNC] message type 0x000000/0x00000007 not supported by any IMV
May 31 15:47:05 ss-moon charon: 07[IMV] imv_id=1
May 31 15:47:05 ss-moon charon: 07[IMV] imv_attestation_agent
May 31 15:47:05 ss-moon charon: 07[IMV] imv_attestation_agent :no workitems available - no evaluation possible
May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001
May 31 15:47:05 ss-moon charon: 07[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC message with ID 0x65852610
May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
May 31 15:47:05 ss-moon charon: 07[TNC] => 8 bytes @ 0x7fb848003780
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 05 F5 E1 00 00 00 FF A6 ........
May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848002660
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 00 0E ....
May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848003da0
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 80 00 ....
May 31 15:47:05 ss-moon charon: 07[IMV] created PA-TNC message: => 60 bytes @ 0x7fb848003460
May 31 15:47:05 ss-moon charon: 07[IMV] 0: 01 00 00 00 65 85 26 10 00 00 55 97 00 00 00 21 ....e.&...U....!
May 31 15:47:05 ss-moon charon: 07[IMV] 16: 00 00 00 14 05 F5 E1 00 00 00 FF A6 80 00 55 97 ..............U.
May 31 15:47:05 ss-moon charon: 07[IMV] 32: 01 00 00 00 00 00 00 10 00 00 00 0E 80 00 55 97 ..............U.
May 31 15:47:05 ss-moon charon: 07[IMV] 48: 06 00 00 00 00 00 00 10 00 00 80 00 ............
May 31 15:47:05 ss-moon charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
May 31 15:47:05 ss-moon charon: 07[TNC] TNC server is handling outbound connection
May 31 15:47:05 ss-moon charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
May 31 15:47:05 ss-moon charon: 07[TNC] creating PB-TNC SDATA batch
May 31 15:47:05 ss-moon charon: 07[TNC] adding IETF/PB-PA message
May 31 15:47:05 ss-moon charon: 07[TNC] sending PB-TNC SDATA batch (92 bytes) for Connection ID 2
May 31 15:47:05 ss-moon charon: 07[TNC] => 92 bytes @ 0x7fb848003ea0
May 31 15:47:05 ss-moon charon: 07[TNC] 0: 02 80 00 02 00 00 00 5C 80 00 00 00 00 00 00 01 .......\........
May 31 15:47:05 ss-moon charon: 07[TNC] 16: 00 00 00 54 00 00 55 97 00 00 00 01 FF FF 00 01 ...T..U.........
May 31 15:47:05 ss-moon charon: 07[TNC] 32: 01 00 00 00 65 85 26 10 00 00 55 97 00 00 00 21 ....e.&...U....!
May 31 15:47:05 ss-moon charon: 07[TNC] 48: 00 00 00 14 05 F5 E1 00 00 00 FF A6 80 00 55 97 ..............U.
May 31 15:47:05 ss-moon charon: 07[TNC] 64: 01 00 00 00 00 00 00 10 00 00 00 0E 80 00 55 97 ..............U.
May 31 15:47:05 ss-moon charon: 07[TNC] 80: 06 00 00 00 00 00 00 10 00 00 80 00 ............
May 31 15:47:05 ss-moon charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
May 31 15:47:05 ss-moon charon: 07[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ]
May 31 15:47:05 ss-moon charon: 07[NET] sending packet: from 172.28.128.4[4500] to 172.28.128.5[4500] (224 bytes)
May 31 15:47:05 ss-moon charon: 02[NET] received packet: from 172.28.128.5[4500] to 172.28.128.4[4500] (224 bytes)
May 31 15:47:05 ss-moon charon: 02[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ]
May 31 15:47:05 ss-moon charon: 02[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
May 31 15:47:05 ss-moon charon: 02[TNC] received TNCCS batch (92 bytes)
May 31 15:47:05 ss-moon charon: 02[TNC] => 92 bytes @ 0x7fb8340008c6
May 31 15:47:05 ss-moon charon: 02[TNC] 0: 02 00 00 01 00 00 00 5C 80 00 00 00 00 00 00 01 .......\........
May 31 15:47:05 ss-moon charon: 02[TNC] 16: 00 00 00 54 80 00 55 97 00 00 00 01 00 03 00 01 ...T..U.........
May 31 15:47:05 ss-moon charon: 02[TNC] 32: 01 00 00 00 B3 F1 23 9B 00 00 55 97 00 00 00 22 ......#...U...."
May 31 15:47:05 ss-moon charon: 02[TNC] 48: 00 00 00 14 05 F5 E1 00 00 00 7F A6 00 00 55 97 ..............U.
May 31 15:47:05 ss-moon charon: 02[TNC] 64: 02 00 00 00 00 00 00 10 00 00 00 0E 00 00 55 97 ..............U.
May 31 15:47:05 ss-moon charon: 02[TNC] 80: 07 00 00 00 00 00 00 10 00 00 80 00 ............
May 31 15:47:05 ss-moon charon: 02[TNC] TNC server is handling inbound connection
May 31 15:47:05 ss-moon charon: 02[TNC] processing PB-TNC CDATA batch for Connection ID 2
May 31 15:47:05 ss-moon charon: 02[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
May 31 15:47:05 ss-moon charon: 02[TNC] processing IETF/PB-PA message (84 bytes)
May 31 15:47:05 ss-moon charon: 02[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 3 to IMV 1
May 31 15:47:05 ss-moon charon: 02[IMV] => 60 bytes @ 0x7fb8340034e0
May 31 15:47:05 ss-moon charon: 02[IMV] 0: 01 00 00 00 B3 F1 23 9B 00 00 55 97 00 00 00 22 ......#...U...."
May 31 15:47:05 ss-moon charon: 02[IMV] 16: 00 00 00 14 05 F5 E1 00 00 00 7F A6 00 00 55 97 ..............U.
May 31 15:47:05 ss-moon charon: 02[IMV] 32: 02 00 00 00 00 00 00 10 00 00 00 0E 00 00 55 97 ..............U.
May 31 15:47:05 ss-moon charon: 02[IMV] 48: 07 00 00 00 00 00 00 10 00 00 80 00 ............
May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC message with ID 0xb3f1239b
May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
May 31 15:47:05 ss-moon charon: 02[TNC] => 8 bytes @ 0x7fb8340034f4
May 31 15:47:05 ss-moon charon: 02[TNC] 0: 05 F5 E1 00 00 00 7F A6 ........
May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
May 31 15:47:05 ss-moon charon: 02[TNC] => 4 bytes @ 0x7fb834003508
May 31 15:47:05 ss-moon charon: 02[TNC] 0: 00 00 00 0E ....
May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
May 31 15:47:05 ss-moon charon: 02[TNC] => 4 bytes @ 0x7fb834003518
May 31 15:47:05 ss-moon charon: 02[TNC] 0: 00 00 80 00 ....
May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 received a segmentation contract response from IMC 3 for PA message type 'TCG/PTS' 0x005597/0x00000001
May 31 15:47:05 ss-moon charon: 02[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 32678 bytes
May 31 15:47:05 ss-moon charon: 02[PTS] supported PTS protocol capabilities: .VDT.
May 31 15:47:05 ss-moon charon: 02[PTS] selected PTS measurement algorithm is HASH_SHA1
May 31 15:47:05 ss-moon charon: 02[IMV] imv_id=1
May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 has 1.2no workitems - no evaluation requested
May 31 15:47:05 ss-moon charon: 02[TNC] creating PA-TNC message with ID 0x2c467f5a
May 31 15:47:05 ss-moon charon: 02[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
May 31 15:47:05 ss-moon charon: 02[TNC] => 4 bytes @ 0x7fb834000ee0
May 31 15:47:05 ss-moon charon: 02[TNC] 0: 00 00 00 04 ....
May 31 15:47:05 ss-moon charon: 02[IMV] created PA-TNC message: => 24 bytes @ 0x7fb834002c30
May 31 15:47:05 ss-moon charon: 02[IMV] 0: 01 00 00 00 2C 46 7F 5A 00 00 00 00 00 00 00 09 ....,F.Z........
May 31 15:47:05 ss-moon charon: 02[IMV] 16: 00 00 00 10 00 00 00 04 ........
May 31 15:47:05 ss-moon charon: 02[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
May 31 15:47:05 ss-moon charon: 02[TNC] IMV 1 provides recommendation 'allow' and evaluation 'don't know'
May 31 15:47:05 ss-moon charon: 02[TNC] TNC server is handling outbound connection
May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Allowed'
May 31 15:47:05 ss-moon charon: 02[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
May 31 15:47:05 ss-moon charon: 02[TNC] creating PB-TNC RESULT batch
May 31 15:47:05 ss-moon charon: 02[TNC] adding IETF/PB-PA message
May 31 15:47:05 ss-moon charon: 02[TNC] adding IETF/PB-Assessment-Result message
May 31 15:47:05 ss-moon charon: 02[TNC] adding IETF/PB-Access-Recommendation message
May 31 15:47:05 ss-moon charon: 02[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 2
May 31 15:47:05 ss-moon charon: 02[TNC] => 88 bytes @ 0x7fb834005db0
May 31 15:47:05 ss-moon charon: 02[TNC] 0: 02 80 00 03 00 00 00 58 80 00 00 00 00 00 00 01 .......X........
May 31 15:47:05 ss-moon charon: 02[TNC] 16: 00 00 00 30 00 00 55 97 00 00 00 01 FF FF 00 01 ...0..U.........
May 31 15:47:05 ss-moon charon: 02[TNC] 32: 01 00 00 00 2C 46 7F 5A 00 00 00 00 00 00 00 09 ....,F.Z........
May 31 15:47:05 ss-moon charon: 02[TNC] 48: 00 00 00 10 00 00 00 04 80 00 00 00 00 00 00 02 ................
May 31 15:47:05 ss-moon charon: 02[TNC] 64: 00 00 00 10 00 00 00 04 00 00 00 00 00 00 00 03 ................
May 31 15:47:05 ss-moon charon: 02[TNC] 80: 00 00 00 10 00 00 00 01 ........
May 31 15:47:05 ss-moon charon: 02[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT]
May 31 15:47:05 ss-moon charon: 02[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ]
May 31 15:47:05 ss-moon charon: 02[NET] sending packet: from 172.28.128.4[4500] to 172.28.128.5[4500] (224 bytes)
May 31 15:47:05 ss-moon charon: 03[NET] received packet: from 172.28.128.5[4500] to 172.28.128.4[4500] (144 bytes)
May 31 15:47:05 ss-moon charon: 03[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ]
May 31 15:47:05 ss-moon charon: 03[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT]
May 31 15:47:05 ss-moon charon: 03[TNC] received TNCCS batch (8 bytes)
May 31 15:47:05 ss-moon charon: 03[TNC] => 8 bytes @ 0x7fb844000dc6
May 31 15:47:05 ss-moon charon: 03[TNC] 0: 02 00 00 06 00 00 00 08 ........
May 31 15:47:05 ss-moon charon: 03[TNC] TNC server is handling inbound connection
May 31 15:47:05 ss-moon charon: 03[TNC] processing PB-TNC CLOSE batch for Connection ID 2
May 31 15:47:05 ss-moon charon: 03[TNC] PB-TNC state transition from 'Decided' to 'End'
May 31 15:47:05 ss-moon charon: 03[TNC] final recommendation is 'allow' and evaluation is 'don't know'
May 31 15:47:05 ss-moon charon: 03[TNC] policy enforced on peer 'ss-carol.cto.vrsn.com' is 'allow'
May 31 15:47:05 ss-moon charon: 03[TNC] policy enforcement point added group membership 'allow'
May 31 15:47:05 ss-moon charon: 03[IKE] EAP_TTLS phase2 authentication of 'ss-carol.cto.vrsn.com' with EAP_PT_EAP successful
May 31 15:47:05 ss-moon charon: 03[IMV] IMV 1 "Attestation" deleted the state of Connection ID 2
May 31 15:47:05 ss-moon charon: 03[TNC] removed TNCCS Connection ID 2
May 31 15:47:05 ss-moon charon: 03[IKE] EAP method EAP_TTLS succeeded, MSK established
May 31 15:47:05 ss-moon charon: 03[ENC] generating IKE_AUTH response 9 [ EAP/SUCC ]
May 31 15:47:05 ss-moon charon: 03[NET] sending packet: from 172.28.128.4[4500] to 172.28.128.5[4500] (80 bytes)
May 31 15:47:05 ss-moon charon: 04[NET] received packet: from 172.28.128.5[4500] to 172.28.128.4[4500] (112 bytes)
May 31 15:47:05 ss-moon charon: 04[ENC] parsed IKE_AUTH request 10 [ AUTH ]
May 31 15:47:05 ss-moon charon: 04[IKE] authentication of 'ss-carol.cto.vrsn.com' with EAP successful
May 31 15:47:05 ss-moon charon: 04[IKE] authentication of 'ss-moon.cto.vrsn.com' (myself) with EAP
May 31
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160531/2be7eba5/attachment-0001.html>
More information about the Users
mailing list