[strongSwan] IKE2 4500 Reply Not Making it Out

Info infosec at quantum-equities.com
Wed Mar 21 23:24:47 CET 2018


32 packets do in fact go into the IPSec gateway's daemon and Ok the
daemon's reply is on 500, which is making it out the LAN gateway.

But the app is waiting for a reply which it never gets.  I don't know
what that should look like.

(I have no explanation for why the phone-s IP is 192.0.0.4 yet what
arrives at the other end is 172.56.42.131.  Must be some kind of
T-Mobile firewall)

I would like to forward the proforma details as per the RequestingHelp
page, but am reluctant to as Noel was upset with me last time for
rambling so I am trying to be succinct.  There is just alot of data and
complexity.

---------------------------------------------------------------------------------

Mar 21 13:27:59 00[DMN] Starting IKE charon daemon (strongSwan 5.6.1dr3, Android 7.1.1 - NCX26.5/2017-08-01, Moto Z (2) - motorola/nash_tmo_c/motorola, Linux 4.4.103-Pantheon-v1.3, aarch64)
Mar 21 13:27:59 00[LIB] loaded plugins: androidbridge charon android-log openssl fips-prf random nonce pubkey chapoly curve25519 pkcs1 pkcs8 pem xcbc hmac socket-default revocation eap-identity eap-mschapv2 eap-md5 eap-gtc eap-tls x509
Mar 21 13:27:59 00[JOB] spawning 16 worker threads
Mar 21 13:27:59 16[CFG] loaded user certificate 'C=US, O=Quantum, CN=aries.darkmatter.org' and private key
Mar 21 13:27:59 16[CFG] loaded CA certificate 'C=US, O=Quantum, CN=darkmatter.org CA'
Mar 21 13:27:59 16[IKE] initiating IKE_SA android[47] to 50.47.99.2
Mar 21 13:27:59 16[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Mar 21 13:27:59 16[NET] sending packet: from 192.0.0.4[43669] to 50.47.99.2[500] (704 bytes)
Mar 21 13:28:00 05[NET] received packet: from 50.47.99.2[500] to 192.0.0.4[43669] (299 bytes)
Mar 21 13:28:00 05[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
Mar 21 13:28:00 05[IKE] local host is behind NAT, sending keep alives
Mar 21 13:28:00 05[IKE] remote host is behind NAT
Mar 21 13:28:00 05[IKE] received cert request for "C=US, O=Quantum, CN=darkmatter.org CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=CN, O=WoSign CA Limited, CN=CA WoSign ECC Root"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Autorit?? Racine"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign"
Mar 21 13:28:00 05[IKE] sending cert request for "C=FR, O=OpenTrust, CN=OpenTrust Root CA G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=JP, O=Japanese Government, OU=ApplicationCA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=FR, O=OpenTrust, CN=OpenTrust Root CA G1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=RO, O=certSIGN, OU=certSIGN ROOT CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015"
Mar 21 13:28:00 05[IKE] sending cert request for "C=FR, O=Dhimyotis, CN=Certigna"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign G2"
Mar 21 13:28:00 05[IKE] sending cert request for "O=RSA Security Inc, OU=RSA Security 2048 V3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=TR, L=Ankara, O=E-Tu??ra EBG Bili??im Teknolojileri ve Hizmetleri A.??., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4"
Mar 21 13:28:00 05[IKE] sending cert request for "C=TR, L=Gebze - Kocaeli, O=T??rkiye Bilimsel ve Teknolojik Ara??t??rma Kurumu - T??B??TAK, OU=Ulusal Elektronik ve Kriptoloji Ara??t??rma Enstit??s?? - UEKAE, OU=Kamu Sertifikasyon Merkezi, CN=T??B??TAK UEKAE K??k Sertifika Hizmet Sa??lay??c??s?? - S??r??m 3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, CN=IGC/A, E=igca at sgdn.pm.gouv.fr"
Mar 21 13:28:00 05[IKE] sending cert request for "C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=SecureTrust Corporation, CN=SecureTrust CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Trusted Certificate Services"
Mar 21 13:28:00 05[IKE] sending cert request for "C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Qualified CA Root"
Mar 21 13:28:00 05[IKE] sending cert request for "C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES"
Mar 21 13:28:00 05[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3"
Mar 21 13:28:00 05[IKE] sending cert request for "O=Cybertrust, Inc, CN=Cybertrust Global Root"
Mar 21 13:28:00 05[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, E=info at e-szigno.hu"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Commercial"
Mar 21 13:28:00 05[IKE] sending cert request for "C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC"
Mar 21 13:28:00 05[IKE] sending cert request for "C=FR, O=OpenTrust, CN=OpenTrust Root CA G3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009"
Mar 21 13:28:00 05[IKE] sending cert request for "C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068"
Mar 21 13:28:00 05[IKE] sending cert request for "E=pki at sk.ee, C=EE, O=AS Sertifitseerimiskeskus, CN=Juur-SK"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=FR, O=Certplus, CN=Certplus Root CA G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root EV CA 2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware"
Mar 21 13:28:00 05[IKE] sending cert request for "C=ES, O=Generalitat Valenciana, OU=PKIGVA, CN=Root CA Generalitat Valenciana"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6"
Mar 21 13:28:00 05[IKE] sending cert request for "C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=ES, O=IZENPE S.A., CN=Izenpe.com"
Mar 21 13:28:00 05[IKE] sending cert request for "CN=Atos TrustedRoot 2011, O=Atos, C=DE"
Mar 21 13:28:00 05[IKE] sending cert request for "C=FR, O=Certplus, CN=Certplus Root CA G1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=EU, L=Madrid (see current address at www.camerfirma.com/address), SN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=TR, L=Ankara, O=T??RKTRUST Bilgi ??leti??im ve Bili??im G??venli??i Hizmetleri A.??., CN=T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? H6"
Mar 21 13:28:00 05[IKE] sending cert request for "C=FR, O=Certplus, CN=Class 2 Primary CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services"
Mar 21 13:28:00 05[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=Secure Certificate Services"
Mar 21 13:28:00 05[IKE] sending cert request for "C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication EV RootCA1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=TR, L=Ankara, O=T??RKTRUST Bilgi ??leti??im ve Bili??im G??venli??i Hizmetleri A.??., CN=T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s?? H5"
Mar 21 13:28:00 05[IKE] sending cert request for "C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 CA 1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root"
Mar 21 13:28:00 05[IKE] sending cert request for "C=HU, L=Budapest, O=NetLock Kft., OU=Tan??s??tv??nykiad??k (Certification Services), CN=NetLock Arany (Class Gold) F??tan??s??tv??ny"
Mar 21 13:28:00 05[IKE] sending cert request for "C=FI, O=Sonera, CN=Sonera Class2 CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4"
Mar 21 13:28:00 05[IKE] sending cert request for "OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign"
Mar 21 13:28:00 05[IKE] sending cert request for "C=GB, O=Trustis Limited, OU=Trustis FPS Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3"
Mar 21 13:28:00 05[IKE] sending cert request for "CN=ACEDICOM Root, OU=PKI, O=EDICOM, C=ES"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign"
Mar 21 13:28:00 05[IKE] sending cert request for "C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "O=Digital Signature Trust Co., CN=DST Root CA X3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Public CA Root"
Mar 21 13:28:00 05[IKE] sending cert request for "C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=SecureTrust Corporation, CN=Secure Global CA"
Mar 21 13:28:00 05[IKE] sending cert request for "CN=EBG Elektronik Sertifika Hizmet Sa??lay??c??s??, O=EBG Bili??im Teknolojileri ve Hizmetleri A.??., C=TR"
Mar 21 13:28:00 05[IKE] sending cert request for "O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=GeoTrust Inc., CN=GeoTrust Global CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root"
Mar 21 13:28:00 05[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5"
Mar 21 13:28:00 05[IKE] sending cert request for "C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3"
Mar 21 13:28:00 05[IKE] sending cert request for "C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, E=pki at sk.ee"
Mar 21 13:28:00 05[IKE] sending cert request for "C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2"
Mar 21 13:28:00 05[IKE] sending cert request for "OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign"
Mar 21 13:28:00 05[IKE] sending cert request for "C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC"
Mar 21 13:28:00 05[IKE] sending cert request for "C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=SE, O=AddTrust AB, OU=AddTrust TTP Network, CN=AddTrust Class 1 CA Root"
Mar 21 13:28:00 05[IKE] sending cert request for "C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Premium"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root"
Mar 21 13:28:00 05[IKE] sending cert request for "O=TeliaSonera, CN=TeliaSonera Root CA v1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=HU, L=Budapest, O=Microsec Ltd., OU=e-Szigno CA, CN=Microsec e-Szigno Root CA"
Mar 21 13:28:00 05[IKE] sending cert request for "OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign"
Mar 21 13:28:00 05[IKE] sending cert request for "C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=PL, O=Unizeto Sp. z o.o., CN=Certum CA"
Mar 21 13:28:00 05[IKE] sending cert request for "C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009"
Mar 21 13:28:00 05[IKE] sending cert request for "C=TW, O=Government Root Certification Authority"
Mar 21 13:28:00 05[IKE] sending cert request for "C=EU, L=Madrid (see current address at www.camerfirma.com/address), SN=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008"
Mar 21 13:28:00 05[IKE] sending cert request for "C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2"
Mar 21 13:28:00 05[IKE] sending cert request for "C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT"
Mar 21 13:28:00 05[IKE] sending cert request for "C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA"
Mar 21 13:28:00 05[IKE] sending cert request for "CN=T??RKTRUST Elektronik Sertifika Hizmet Sa??lay??c??s??, C=TR, L=Ankara, O=T??RKTRUST Bilgi ??leti??im ve Bili??im G??venli??i Hizmetleri A.??. (c) Aral??k 2007"
Mar 21 13:28:00 05[IKE] sending cert request for "C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root"
Mar 21 13:28:00 05[IKE] sending cert request for "C=CN, O=WoSign CA Limited, CN=CA ???????????????"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=AffirmTrust, CN=AffirmTrust Networking"
Mar 21 13:28:00 05[IKE] sending cert request for "C=US, O=Quantum, CN=darkmatter.org CA"
Mar 21 13:28:01 05[IKE] authentication of 'C=US, O=Quantum, CN=aries.darkmatter.org' (myself) with RSA_EMSA_PKCS1_SHA2_512 successful
Mar 21 13:28:01 05[IKE] sending end entity cert "C=US, O=Quantum, CN=aries.darkmatter.org"
Mar 21 13:28:01 05[IKE] establishing CHILD_SA android{13}
Mar 21 13:28:01 05[ENC] generating IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ IDr AUTH CPRQ(ADDR ADDR6 DNS DNS6) N(ESP_TFC_PAD_N) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
Mar 21 13:28:01 05[ENC] splitting IKE message with length of 10240 bytes into 8 fragments
Mar 21 13:28:01 05[ENC] generating IKE_AUTH request 1 [ EF(1/8) ]
Mar 21 13:28:01 05[ENC] generating IKE_AUTH request 1 [ EF(2/8) ]
Mar 21 13:28:01 05[ENC] generating IKE_AUTH request 1 [ EF(3/8) ]
Mar 21 13:28:01 05[ENC] generating IKE_AUTH request 1 [ EF(4/8) ]
Mar 21 13:28:01 05[ENC] generating IKE_AUTH request 1 [ EF(5/8) ]
Mar 21 13:28:01 05[ENC] generating IKE_AUTH request 1 [ EF(6/8) ]
Mar 21 13:28:01 05[ENC] generating IKE_AUTH request 1 [ EF(7/8) ]
Mar 21 13:28:01 05[ENC] generating IKE_AUTH request 1 [ EF(8/8) ]
Mar 21 13:28:01 05[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:01 05[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1364 bytes) Mar 21 13:28:01
05[NET] sending packet: from 192.0.0.4[42116] to 50.47.99.2[4500] (1364
bytes) Mar 21 13:28:01 05[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:01 05[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1364 bytes) Mar 21 13:28:01
05[NET] sending packet: from 192.0.0.4[42116] to 50.47.99.2[4500] (1364
bytes) Mar 21 13:28:01 05[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:01 05[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1172 bytes) Mar 21 13:28:03 10[IKE] retransmit 1 of request with message ID 1
Mar 21 13:28:03 10[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:03 10[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1364 bytes) Mar 21 13:28:03
10[NET] sending packet: from 192.0.0.4[42116] to 50.47.99.2[4500] (1364
bytes) Mar 21 13:28:03 10[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:03 10[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1364 bytes) Mar 21 13:28:03
10[NET] sending packet: from 192.0.0.4[42116] to 50.47.99.2[4500] (1364
bytes) Mar 21 13:28:03 10[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:03 10[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1172 bytes) Mar 21 13:28:06 12[IKE] retransmit 2 of request with message ID 1
Mar 21 13:28:06 12[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:06 12[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1364 bytes) Mar 21 13:28:06
12[NET] sending packet: from 192.0.0.4[42116] to 50.47.99.2[4500] (1364
bytes) Mar 21 13:28:06 12[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:06 12[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1364 bytes) Mar 21 13:28:06
12[NET] sending packet: from 192.0.0.4[42116] to 50.47.99.2[4500] (1364
bytes) Mar 21 13:28:06 12[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:06 12[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1172 bytes)
Mar 21 13:28:10 11[IKE] retransmit 3 of request with message ID 1
Mar 21 13:28:10 11[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:10 11[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1364 bytes) Mar 21 13:28:10
11[NET] sending packet: from 192.0.0.4[42116] to 50.47.99.2[4500] (1364
bytes) Mar 21 13:28:10 11[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:10 11[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1364 bytes) Mar 21 13:28:10
11[NET] sending packet: from 192.0.0.4[42116] to 50.47.99.2[4500] (1364
bytes) Mar 21 13:28:10 11[NET] sending packet: from 192.0.0.4[42116] to
50.47.99.2[4500] (1364 bytes) Mar 21 13:28:10 11[NET] sending packet:
from 192.0.0.4[42116] to 50.47.99.2[4500] (1172 bytes)
Mar 21 13:28:16 13[IKE] giving up after 3 retransmits
Mar 21 13:28:16 13[IKE] peer not responding, trying again (2/0)
Mar 21 13:28:16 13[IKE] initiating IKE_SA android[47] to 50.47.99.2
Mar 21 13:28:16 13[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
Mar 21 13:28:16 13[NET] sending packet: from 192.0.0.4[43669] to 50.47.99.2[500] (704 bytes)
Mar 21 13:28:16 09[IKE] destroying IKE_SA in state CONNECTING without notification

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180321/a9d3c03c/attachment-0001.html>


More information about the Users mailing list