[strongSwan] ipsec.conf working vs swanctl.conf not working
Marco Berizzi
pupilla at hotmail.com
Thu May 3 17:33:39 CEST 2018
Hello everyone,
I'm running strongswan 5.6.3dr1 on Slackware linux.
I would like to migrate the configuration files from
the old ipsec.conf style to the new swanctl.conf
I'm experimenting a crazy behavior between an old
working configuration and the new non working one.
Here is the old working config:
conn customer
left=205.223.229.254
right=217.118.9.36
leftsubnet=10.68.63.3
leftsendcert=no
rightsendcert=no
leftauth=secret
rightauth=secret
ike=aes256-sha512-ecp521
esp=aes256-sha512-ecp521
compress=no
leftid=205.223.229.254
rightid=217.118.9.36
keyingtries=%forever
lifetime=4h
ikelifetime=24h
keyexchange=ikev2
conn customer-172.16.10.0
rightsubnet=172.16.10.0/24
auto=route
also=customer
and here is the new non working config:
connections {
customer {
local_addrs = 205.223.229.254
remote_addrs = 217.118.9.36
local {
auth = psk
id = 205.223.229.254
}
remote {
auth = psk
id = 217.118.9.36
}
children {
customer-networks {
local_ts = 10.68.63.3/32
remote_ts = 172.16.10.0/24
start_action = route
esp_proposals = aes256-sha512-ecp521
rekey_time = 14400
rekey_bytes = 4608000000
}
}
version = 2
mobike = no
proposals = aes256-sha512-ecp521
reauth_time = 24h
keyingtries = 0
send_cert = never
send_certreq = no
encap = yes
}
}
secrets {
ike-customer {
id = 217.118.9.36
id = 205.223.229.254
secret = 0sblablabla
}
}
Here is the output from the ipsec up:
initiating IKE_SA customer-172.16.10.0[47423] to 217.118.9.36
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
sending packet: from 205.223.229.254[500] to 217.118.9.36[500] (880 bytes)
received packet: from 217.118.9.36[500] to 205.223.229.254[500] (450 bytes)
parsed IKE_SA_INIT response 0 [ SA KE No V V N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) V ]
received Cisco Delete Reason vendor ID
received Cisco Copyright (c) 2009 vendor ID
received FRAGMENTATION vendor ID
authentication of '205.223.229.254' (myself) with pre-shared key
establishing CHILD_SA customer-172.16.10.0{64813}
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
sending packet: from 205.223.229.254[4500] to 217.118.9.36[4500] (432 bytes)
received packet: from 217.118.9.36[4500] to 205.223.229.254[4500] (304 bytes)
parsed IKE_AUTH response 1 [ V IDr AUTH SA TSi TSr N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) ]
authentication of '217.118.9.36' with pre-shared key successful
IKE_SA customer-172.16.10.0[47423] established between 205.223.229.254[205.223.229.254]...217.118.9.36[217.118.9.36]
scheduling reauthentication in 85491s
maximum IKE_SA lifetime 86031s
received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
CHILD_SA customer-172.16.10.0{64813} established with SPIs c1fbb908_i 33cdcd59_o and TS 10.68.68.3/32 === 172.16.10.0/24
connection 'customer-172.16.10.0' established successfully
By the way I don't understand why strongswan is
sending packets to 4500/udp.
and here is the output from swanctl:
[IKE] initiating IKE_SA customer[47454] to 217.118.9.36
[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
[NET] sending packet: from 205.223.229.254[500] to 217.118.9.36[500] (340 bytes)
[NET] received packet: from 217.118.9.36[500] to 205.223.229.254[500] (450 bytes)
[ENC] parsed IKE_SA_INIT response 0 [ SA KE No V V N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) V ]
[IKE] received Cisco Delete Reason vendor ID
[IKE] received Cisco Copyright (c) 2009 vendor ID
[IKE] received FRAGMENTATION vendor ID
[CFG] no IDi configured, fall back on IP address
[IKE] authentication of '205.223.229.254' (myself) with pre-shared key
[IKE] establishing CHILD_SA customer-networks{64861}
[ENC] generating IKE_AUTH request 1 [ IDi AUTH SA TSi TSr N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
[NET] sending packet: from 205.223.229.254[500] to 217.118.9.36[500] (288 bytes)
[NET] received packet: from 217.118.9.36[500] to 205.223.229.254[500] (96 bytes)
[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
[IKE] received AUTHENTICATION_FAILED notify error
initiate failed: establishing CHILD_SA 'customer-networks' failed
This time strongswan doesn't send packets to 4500/udp
What am I missing on the swanctl configuration?
TIA
Here is the more detailed output from swanctl:
[MGR] checkout IKE_SA by config
[JOB] watcher got notification, rebuilding
[JOB] watching 9 for reading
[JOB] watching 13 for reading
[JOB] watching 14 for reading
[JOB] watching 15 for reading
[IKE] queueing IKE_VENDOR task
[IKE] queueing IKE_INIT task
[IKE] queueing IKE_NATD task
[IKE] queueing IKE_CERT_PRE task
[IKE] queueing IKE_AUTH task
[IKE] queueing IKE_CERT_POST task
[IKE] queueing IKE_CONFIG task
[IKE] queueing IKE_AUTH_LIFETIME task
[IKE] queueing CHILD_CREATE task
[IKE] activating new tasks
[IKE] activating IKE_VENDOR task
[IKE] activating IKE_INIT task
[IKE] activating IKE_NATD task
[IKE] activating IKE_CERT_PRE task
[IKE] activating IKE_AUTH task
[IKE] activating IKE_CERT_POST task
[IKE] activating IKE_CONFIG task
[IKE] activating CHILD_CREATE task
[IKE] activating IKE_AUTH_LIFETIME task
[IKE] initiating IKE_SA customer[47511] to 217.118.9.36
[IKE] IKE_SA customer[47511] state change: CREATED => CONNECTING
[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521
[ENC] added payload of type SECURITY_ASSOCIATION to message
[ENC] added payload of type KEY_EXCHANGE to message
[ENC] added payload of type NONCE to message
[ENC] added payload of type NOTIFY to message
[ENC] added payload of type NOTIFY to message
[CFG] sending supported signature hash algorithms: sha256 sha384 sha512 identity
[ENC] added payload of type NOTIFY to message
[IKE]
[IKE]
[ENC] added payload of type NOTIFY to message
[IKE]
[IKE]
[ENC] added payload of type NOTIFY to message
[ENC] order payloads in message
[ENC] added payload of type SECURITY_ASSOCIATION to message
[ENC] added payload of type KEY_EXCHANGE to message
[ENC] added payload of type NONCE to message
[ENC] added payload of type NOTIFY to message
[ENC] added payload of type NOTIFY to message
[ENC] added payload of type NOTIFY to message
[ENC] added payload of type NOTIFY to message
[ENC] added payload of type NOTIFY to message
[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
[ENC] not encrypting payloads
[ENC] generating payload of type HEADER
[ENC] generating rule 0 IKE_SPI
[ENC]
[ENC] generating rule 1 IKE_SPI
[ENC]
[ENC] generating rule 2 U_INT_8
[ENC] => 33
[ENC] generating rule 3 U_INT_4
[ENC] => 32
[ENC] generating rule 4 U_INT_4
[ENC] => 32
[ENC] generating rule 5 U_INT_8
[ENC] => 34
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 FLAG
[ENC] => 0
[ENC] generating rule 9 FLAG
[ENC] => 0
[ENC] generating rule 10 FLAG
[ENC] => 8
[ENC] generating rule 11 FLAG
[ENC] => 8
[ENC] generating rule 12 FLAG
[ENC] => 8
[ENC] generating rule 13 FLAG
[ENC] => 8
[ENC] generating rule 14 U_INT_32
[ENC]
[ENC] generating rule 15 HEADER_LENGTH
[ENC]
[ENC] generating HEADER payload finished
[ENC]
[ENC] generating payload of type SECURITY_ASSOCIATION
[ENC] generating rule 0 U_INT_8
[ENC] => 34
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 (1258)
[ENC] generating payload of type SECURITY_ASSOCIATION
[ENC] generating rule 0 U_INT_8
[ENC] => 0
[ENC] generating rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 U_INT_8
[ENC] => 1
[ENC] generating rule 4 U_INT_8
[ENC] => 1
[ENC] generating rule 5 SPI_SIZE
[ENC] => 0
[ENC] generating rule 6 U_INT_8
[ENC] => 4
[ENC] generating rule 7 SPI
[ENC] => 0 bytes @ (nil)
[ENC] generating rule 8 (1261)
[ENC] generating payload of type TRANSFORM_SUBSTRUCTURE
[ENC] generating rule 0 U_INT_8
[ENC] => 3
[ENC] generating rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 U_INT_8
[ENC] => 1
[ENC] generating rule 4 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 5 U_INT_16
[ENC]
[ENC] generating rule 6 (1262)
[ENC] generating payload of type TRANSFORM_ATTRIBUTE
[ENC] generating rule 0 ATTRIBUTE_FORMAT
[ENC] => 128
[ENC] generating rule 1 ATTRIBUTE_TYPE
[ENC] => 3712
[ENC] generating rule 2 ATTRIBUTE_LENGTH_OR_VALUE
[ENC]
[ENC] generating rule 3 ATTRIBUTE_VALUE
[ENC] generating TRANSFORM_ATTRIBUTE payload finished
[ENC]
[ENC] generating TRANSFORM_SUBSTRUCTURE payload finished
[ENC]
[ENC] generating payload of type TRANSFORM_SUBSTRUCTURE
[ENC] generating rule 0 U_INT_8
[ENC] => 3
[ENC] generating rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 U_INT_8
[ENC] => 3
[ENC] generating rule 4 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 5 U_INT_16
[ENC]
[ENC] generating rule 6 (1262)
[ENC] generating TRANSFORM_SUBSTRUCTURE payload finished
[ENC]
[ENC] generating payload of type TRANSFORM_SUBSTRUCTURE
[ENC] generating rule 0 U_INT_8
[ENC] => 3
[ENC] generating rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 U_INT_8
[ENC] => 2
[ENC] generating rule 4 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 5 U_INT_16
[ENC]
[ENC] generating rule 6 (1262)
[ENC] generating TRANSFORM_SUBSTRUCTURE payload finished
[ENC]
[ENC] generating payload of type TRANSFORM_SUBSTRUCTURE
[ENC] generating rule 0 U_INT_8
[ENC] => 0
[ENC] generating rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 U_INT_8
[ENC] => 4
[ENC] generating rule 4 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 5 U_INT_16
[ENC]
[ENC] generating rule 6 (1262)
[ENC] generating TRANSFORM_SUBSTRUCTURE payload finished
[ENC]
[ENC] generating SECURITY_ASSOCIATION payload finished
[ENC]
[ENC] generating SECURITY_ASSOCIATION payload finished
[ENC]
[ENC] generating payload of type KEY_EXCHANGE
[ENC] generating rule 0 U_INT_8
[ENC] => 40
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_16
[ENC]
[ENC] generating rule 11 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 12 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 13 CHUNK_DATA
[ENC]
[ENC] generating KEY_EXCHANGE payload finished
[ENC]
[ENC] generating payload of type NONCE
[ENC] generating rule 0 U_INT_8
[ENC] => 41
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 CHUNK_DATA
[ENC]
[ENC] generating NONCE payload finished
[ENC]
[ENC] generating payload of type NOTIFY
[ENC] generating rule 0 U_INT_8
[ENC] => 41
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 0
[ENC] generating rule 11 SPI_SIZE
[ENC] => 0
[ENC] generating rule 12 U_INT_16
[ENC]
[ENC] generating rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] generating rule 14 CHUNK_DATA
[ENC]
[ENC] generating NOTIFY payload finished
[ENC]
[ENC] generating payload of type NOTIFY
[ENC] generating rule 0 U_INT_8
[ENC] => 41
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 0
[ENC] generating rule 11 SPI_SIZE
[ENC] => 0
[ENC] generating rule 12 U_INT_16
[ENC]
[ENC] generating rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] generating rule 14 CHUNK_DATA
[ENC]
[ENC] generating NOTIFY payload finished
[ENC]
[ENC] generating payload of type NOTIFY
[ENC] generating rule 0 U_INT_8
[ENC] => 41
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 0
[ENC] generating rule 11 SPI_SIZE
[ENC] => 0
[ENC] generating rule 12 U_INT_16
[ENC]
[ENC] generating rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] generating rule 14 CHUNK_DATA
[ENC] => 0 bytes @ (nil)
[ENC] generating NOTIFY payload finished
[ENC]
[ENC] generating payload of type NOTIFY
[ENC] generating rule 0 U_INT_8
[ENC] => 41
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 0
[ENC] generating rule 11 SPI_SIZE
[ENC] => 0
[ENC] generating rule 12 U_INT_16
[ENC]
[ENC] generating rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] generating rule 14 CHUNK_DATA
[ENC]
[ENC] generating NOTIFY payload finished
[ENC]
[ENC] generating payload of type NOTIFY
[ENC] generating rule 0 U_INT_8
[ENC] => 0
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 0
[ENC] generating rule 11 SPI_SIZE
[ENC] => 0
[ENC] generating rule 12 U_INT_16
[ENC]
[ENC] generating rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] generating rule 14 CHUNK_DATA
[ENC] => 0 bytes @ (nil)
[ENC] generating NOTIFY payload finished
[ENC]
[ENC]
[NET] sending packet: from 205.223.229.254[500] to 217.118.9.36[500] (340 bytes)
[MGR] checkin IKE_SA customer[47511]
[MGR] checkin of IKE_SA successful
[NET] received packet: from 217.118.9.36[500] to 205.223.229.254[500] (450 bytes)
[ENC] parsing body of message, first payload is SECURITY_ASSOCIATION
[ENC] starting parsing a SECURITY_ASSOCIATION payload
[ENC] parsing SECURITY_ASSOCIATION payload, 422 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 34
[ENC] parsing rule 1 FLAG
[ENC] => 0
[ENC] parsing rule 2 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 3 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 4 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 5 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 6 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 7 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 8 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 9 PAYLOAD_LENGTH
[ENC] => 48
[ENC] parsing rule 10 (1258)
[ENC] 44 bytes left, parsing recursively PROPOSAL_SUBSTRUCTURE
[ENC] parsing PROPOSAL_SUBSTRUCTURE payload, 418 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 0
[ENC] parsing rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] parsing rule 2 PAYLOAD_LENGTH
[ENC] => 44
[ENC] parsing rule 3 U_INT_8
[ENC] => 1
[ENC] parsing rule 4 U_INT_8
[ENC] => 1
[ENC] parsing rule 5 SPI_SIZE
[ENC] => 0
[ENC] parsing rule 6 U_INT_8
[ENC] => 4
[ENC] parsing rule 7 SPI
[ENC] => 0 bytes @ (nil)
[ENC] parsing rule 8 (1260)
[ENC] 36 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 410 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 3
[ENC] parsing rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] parsing rule 2 PAYLOAD_LENGTH
[ENC] => 12
[ENC] parsing rule 3 U_INT_8
[ENC] => 1
[ENC] parsing rule 4 RESERVED_BYTE
[ENC] => 0
[ENC] parsing rule 5 U_INT_16
[ENC] => 12
[ENC] parsing rule 6 (1262)
[ENC] 4 bytes left, parsing recursively TRANSFORM_ATTRIBUTE
[ENC] parsing TRANSFORM_ATTRIBUTE payload, 402 bytes left
[ENC]
[ENC] parsing rule 0 ATTRIBUTE_FORMAT
[ENC] => 1
[ENC] parsing rule 1 ATTRIBUTE_TYPE
[ENC] => 14
[ENC] parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
[ENC] => 256
[ENC] parsing rule 3 ATTRIBUTE_VALUE
[ENC] parsing TRANSFORM_ATTRIBUTE payload finished
[ENC] parsing TRANSFORM_SUBSTRUCTURE payload finished
[ENC] 24 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 398 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 3
[ENC] parsing rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] parsing rule 2 PAYLOAD_LENGTH
[ENC] => 8
[ENC] parsing rule 3 U_INT_8
[ENC] => 2
[ENC] parsing rule 4 RESERVED_BYTE
[ENC] => 0
[ENC] parsing rule 5 U_INT_16
[ENC] => 7
[ENC] parsing rule 6 (1262)
[ENC] parsing TRANSFORM_SUBSTRUCTURE payload finished
[ENC] 16 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 390 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 3
[ENC] parsing rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] parsing rule 2 PAYLOAD_LENGTH
[ENC] => 8
[ENC] parsing rule 3 U_INT_8
[ENC] => 3
[ENC] parsing rule 4 RESERVED_BYTE
[ENC] => 0
[ENC] parsing rule 5 U_INT_16
[ENC] => 14
[ENC] parsing rule 6 (1262)
[ENC] parsing TRANSFORM_SUBSTRUCTURE payload finished
[ENC] 8 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
[ENC] parsing TRANSFORM_SUBSTRUCTURE payload, 382 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 0
[ENC] parsing rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] parsing rule 2 PAYLOAD_LENGTH
[ENC] => 8
[ENC] parsing rule 3 U_INT_8
[ENC] => 4
[ENC] parsing rule 4 RESERVED_BYTE
[ENC] => 0
[ENC] parsing rule 5 U_INT_16
[ENC] => 21
[ENC] parsing rule 6 (1262)
[ENC] parsing TRANSFORM_SUBSTRUCTURE payload finished
[ENC] parsing PROPOSAL_SUBSTRUCTURE payload finished
[ENC] parsing SECURITY_ASSOCIATION payload finished
[ENC] verifying payload of type SECURITY_ASSOCIATION
[ENC] SECURITY_ASSOCIATION payload verified, adding to payload list
[ENC] starting parsing a KEY_EXCHANGE payload
[ENC] parsing KEY_EXCHANGE payload, 374 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 40
[ENC] parsing rule 1 FLAG
[ENC] => 0
[ENC] parsing rule 2 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 3 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 4 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 5 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 6 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 7 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 8 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 9 PAYLOAD_LENGTH
[ENC] => 140
[ENC] parsing rule 10 U_INT_16
[ENC] => 21
[ENC] parsing rule 11 RESERVED_BYTE
[ENC] => 0
[ENC] parsing rule 12 RESERVED_BYTE
[ENC] => 0
[ENC] parsing rule 13 CHUNK_DATA
[ENC]
[ENC] parsing KEY_EXCHANGE payload finished
[ENC] verifying payload of type KEY_EXCHANGE
[ENC] KEY_EXCHANGE payload verified, adding to payload list
[ENC] starting parsing a NONCE payload
[ENC] parsing NONCE payload, 234 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 43
[ENC] parsing rule 1 FLAG
[ENC] => 0
[ENC] parsing rule 2 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 3 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 4 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 5 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 6 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 7 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 8 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 9 PAYLOAD_LENGTH
[ENC] => 68
[ENC] parsing rule 10 CHUNK_DATA
[ENC]
[ENC] parsing NONCE payload finished
[ENC] verifying payload of type NONCE
[ENC] NONCE payload verified, adding to payload list
[ENC] starting parsing a VENDOR_ID payload
[ENC] parsing VENDOR_ID payload, 166 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 43
[ENC] parsing rule 1 FLAG
[ENC] => 0
[ENC] parsing rule 2 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 3 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 4 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 5 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 6 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 7 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 8 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 9 PAYLOAD_LENGTH
[ENC] => 23
[ENC] parsing rule 10 CHUNK_DATA
[ENC]
[ENC] parsing VENDOR_ID payload finished
[ENC] verifying payload of type VENDOR_ID
[ENC] VENDOR_ID payload verified, adding to payload list
[ENC] starting parsing a VENDOR_ID payload
[ENC] parsing VENDOR_ID payload, 143 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 41
[ENC] parsing rule 1 FLAG
[ENC] => 0
[ENC] parsing rule 2 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 3 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 4 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 5 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 6 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 7 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 8 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 9 PAYLOAD_LENGTH
[ENC] => 59
[ENC] parsing rule 10 CHUNK_DATA
[ENC]
[ENC] parsing VENDOR_ID payload finished
[ENC] verifying payload of type VENDOR_ID
[ENC] VENDOR_ID payload verified, adding to payload list
[ENC] starting parsing a NOTIFY payload
[ENC] parsing NOTIFY payload, 84 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 41
[ENC] parsing rule 1 FLAG
[ENC] => 0
[ENC] parsing rule 2 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 3 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 4 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 5 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 6 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 7 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 8 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 9 PAYLOAD_LENGTH
[ENC] => 28
[ENC] parsing rule 10 U_INT_8
[ENC] => 1
[ENC] parsing rule 11 SPI_SIZE
[ENC] => 0
[ENC] parsing rule 12 U_INT_16
[ENC] => 16388
[ENC] parsing rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] parsing rule 14 CHUNK_DATA
[ENC]
[ENC] parsing NOTIFY payload finished
[ENC] verifying payload of type NOTIFY
[ENC] NOTIFY payload verified, adding to payload list
[ENC] starting parsing a NOTIFY payload
[ENC] parsing NOTIFY payload, 56 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 41
[ENC] parsing rule 1 FLAG
[ENC] => 0
[ENC] parsing rule 2 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 3 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 4 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 5 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 6 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 7 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 8 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 9 PAYLOAD_LENGTH
[ENC] => 28
[ENC] parsing rule 10 U_INT_8
[ENC] => 1
[ENC] parsing rule 11 SPI_SIZE
[ENC] => 0
[ENC] parsing rule 12 U_INT_16
[ENC] => 16389
[ENC] parsing rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] parsing rule 14 CHUNK_DATA
[ENC]
[ENC] parsing NOTIFY payload finished
[ENC] verifying payload of type NOTIFY
[ENC] NOTIFY payload verified, adding to payload list
[ENC] starting parsing a NOTIFY payload
[ENC] parsing NOTIFY payload, 28 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 43
[ENC] parsing rule 1 FLAG
[ENC] => 0
[ENC] parsing rule 2 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 3 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 4 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 5 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 6 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 7 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 8 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 9 PAYLOAD_LENGTH
[ENC] => 8
[ENC] parsing rule 10 U_INT_8
[ENC] => 0
[ENC] parsing rule 11 SPI_SIZE
[ENC] => 0
[ENC] parsing rule 12 U_INT_16
[ENC] => 16430
[ENC] parsing rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] parsing rule 14 CHUNK_DATA
[ENC] => 0 bytes @ (nil)
[ENC] parsing NOTIFY payload finished
[ENC] verifying payload of type NOTIFY
[ENC] NOTIFY payload verified, adding to payload list
[ENC] starting parsing a VENDOR_ID payload
[ENC] parsing VENDOR_ID payload, 20 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 0
[ENC] parsing rule 1 FLAG
[ENC] => 0
[ENC] parsing rule 2 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 3 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 4 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 5 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 6 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 7 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 8 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 9 PAYLOAD_LENGTH
[ENC] => 20
[ENC] parsing rule 10 CHUNK_DATA
[ENC]
[ENC] parsing VENDOR_ID payload finished
[ENC] verifying payload of type VENDOR_ID
[ENC] VENDOR_ID payload verified, adding to payload list
[ENC] process payload of type SECURITY_ASSOCIATION
[ENC] process payload of type KEY_EXCHANGE
[ENC] process payload of type NONCE
[ENC] process payload of type VENDOR_ID
[ENC] process payload of type VENDOR_ID
[ENC] process payload of type NOTIFY
[ENC] process payload of type NOTIFY
[ENC] process payload of type NOTIFY
[ENC] process payload of type VENDOR_ID
[ENC] verifying message structure
[ENC] found payload of type NOTIFY
[ENC] found payload of type NOTIFY
[ENC] found payload of type NOTIFY
[ENC] found payload of type SECURITY_ASSOCIATION
[ENC] found payload of type KEY_EXCHANGE
[ENC] found payload of type NONCE
[ENC] found payload of type VENDOR_ID
[ENC] found payload of type VENDOR_ID
[ENC] found payload of type VENDOR_ID
[ENC] parsed IKE_SA_INIT response 0 [ SA KE No V V N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) V ]
[IKE] received Cisco Delete Reason vendor ID
[IKE] received Cisco Copyright (c) 2009 vendor ID
[IKE] received FRAGMENTATION vendor ID
[IKE] received FRAGMENTATION_SUPPORTED notify
[CFG] selecting proposal:
[CFG] proposal matches
[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521
[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521
[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_512_256/PRF_HMAC_SHA2_512/ECP_521
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE] faking NAT situation to enforce UDP encapsulation
[IKE] reinitiating already active tasks
[IKE] IKE_CERT_PRE task
[IKE] IKE_AUTH task
[ENC] added payload of type NOTIFY to message
[ENC] added payload of type NOTIFY to message
[ENC] added payload of type ID_RESPONDER to message
[ENC] added payload of type ID_INITIATOR to message
[ENC] added payload of type NOTIFY to message
[IKE] authentication of '205.223.229.254' (myself) with pre-shared key
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE]
[IKE] successfully created shared key MAC
[ENC] added payload of type AUTH to message
[CFG] proposing traffic selectors for us:
[CFG] 10.68.68.3/32
[CFG] proposing traffic selectors for other:
[CFG] 172.16.10.0/24
[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_512_256/NO_EXT_SEQ
[IKE] establishing CHILD_SA customer-networks{64948}
[KNL]
[KNL]
[KNL] got SPI cd040247
[ENC] added payload of type SECURITY_ASSOCIATION to message
[ENC] added payload of type TS_INITIATOR to message
[ENC] added payload of type TS_RESPONDER to message
[ENC] order payloads in message
[ENC] added payload of type ID_INITIATOR to message
[ENC] added payload of type NOTIFY to message
[ENC] added payload of type ID_RESPONDER to message
[ENC] added payload of type AUTH to message
[ENC] added payload of type SECURITY_ASSOCIATION to message
[ENC] added payload of type TS_INITIATOR to message
[ENC] added payload of type TS_RESPONDER to message
[ENC] added payload of type NOTIFY to message
[ENC] added payload of type NOTIFY to message
[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
[ENC] insert payload ID_INITIATOR into encrypted payload
[ENC] insert payload NOTIFY into encrypted payload
[ENC] insert payload ID_RESPONDER into encrypted payload
[ENC] insert payload AUTH into encrypted payload
[ENC] insert payload SECURITY_ASSOCIATION into encrypted payload
[ENC] insert payload TS_INITIATOR into encrypted payload
[ENC] insert payload TS_RESPONDER into encrypted payload
[ENC] insert payload NOTIFY into encrypted payload
[ENC] insert payload NOTIFY into encrypted payload
[ENC] generating payload of type HEADER
[ENC] generating rule 0 IKE_SPI
[ENC]
[ENC] generating rule 1 IKE_SPI
[ENC]
[ENC] generating rule 2 U_INT_8
[ENC] => 46
[ENC] generating rule 3 U_INT_4
[ENC] => 32
[ENC] generating rule 4 U_INT_4
[ENC] => 32
[ENC] generating rule 5 U_INT_8
[ENC] => 35
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 FLAG
[ENC] => 0
[ENC] generating rule 9 FLAG
[ENC] => 0
[ENC] generating rule 10 FLAG
[ENC] => 8
[ENC] generating rule 11 FLAG
[ENC] => 8
[ENC] generating rule 12 FLAG
[ENC] => 8
[ENC] generating rule 13 FLAG
[ENC] => 8
[ENC] generating rule 14 U_INT_32
[ENC]
[ENC] generating rule 15 HEADER_LENGTH
[ENC]
[ENC] generating HEADER payload finished
[ENC]
[ENC]
[ENC]
[ENC] generating payload of type ID_INITIATOR
[ENC] generating rule 0 U_INT_8
[ENC] => 41
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 1
[ENC] generating rule 11 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 12 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 13 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 14 CHUNK_DATA
[ENC]
[ENC] generating ID_INITIATOR payload finished
[ENC]
[ENC] generating payload of type NOTIFY
[ENC] generating rule 0 U_INT_8
[ENC] => 36
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 0
[ENC] generating rule 11 SPI_SIZE
[ENC] => 0
[ENC] generating rule 12 U_INT_16
[ENC]
[ENC] generating rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] generating rule 14 CHUNK_DATA
[ENC] => 0 bytes @ (nil)
[ENC] generating NOTIFY payload finished
[ENC]
[ENC] generating payload of type ID_RESPONDER
[ENC] generating rule 0 U_INT_8
[ENC] => 39
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 1
[ENC] generating rule 11 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 12 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 13 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 14 CHUNK_DATA
[ENC]
[ENC] generating ID_RESPONDER payload finished
[ENC]
[ENC] generating payload of type AUTH
[ENC] generating rule 0 U_INT_8
[ENC] => 33
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 2
[ENC] generating rule 11 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 12 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 13 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 14 CHUNK_DATA
[ENC]
[ENC] generating AUTH payload finished
[ENC]
[ENC] generating payload of type SECURITY_ASSOCIATION
[ENC] generating rule 0 U_INT_8
[ENC] => 44
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 (1258)
[ENC] generating payload of type SECURITY_ASSOCIATION
[ENC] generating rule 0 U_INT_8
[ENC] => 0
[ENC] generating rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 U_INT_8
[ENC] => 1
[ENC] generating rule 4 U_INT_8
[ENC] => 3
[ENC] generating rule 5 SPI_SIZE
[ENC] => 4
[ENC] generating rule 6 U_INT_8
[ENC] => 3
[ENC] generating rule 7 SPI
[ENC]
[ENC] generating rule 8 (1261)
[ENC] generating payload of type TRANSFORM_SUBSTRUCTURE
[ENC] generating rule 0 U_INT_8
[ENC] => 3
[ENC] generating rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 U_INT_8
[ENC] => 1
[ENC] generating rule 4 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 5 U_INT_16
[ENC]
[ENC] generating rule 6 (1262)
[ENC] generating payload of type TRANSFORM_ATTRIBUTE
[ENC] generating rule 0 ATTRIBUTE_FORMAT
[ENC] => 128
[ENC] generating rule 1 ATTRIBUTE_TYPE
[ENC] => 3712
[ENC] generating rule 2 ATTRIBUTE_LENGTH_OR_VALUE
[ENC]
[ENC] generating rule 3 ATTRIBUTE_VALUE
[ENC] generating TRANSFORM_ATTRIBUTE payload finished
[ENC]
[ENC] generating TRANSFORM_SUBSTRUCTURE payload finished
[ENC]
[ENC] generating payload of type TRANSFORM_SUBSTRUCTURE
[ENC] generating rule 0 U_INT_8
[ENC] => 3
[ENC] generating rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 U_INT_8
[ENC] => 3
[ENC] generating rule 4 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 5 U_INT_16
[ENC]
[ENC] generating rule 6 (1262)
[ENC] generating TRANSFORM_SUBSTRUCTURE payload finished
[ENC]
[ENC] generating payload of type TRANSFORM_SUBSTRUCTURE
[ENC] generating rule 0 U_INT_8
[ENC] => 0
[ENC] generating rule 1 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 U_INT_8
[ENC] => 5
[ENC] generating rule 4 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 5 U_INT_16
[ENC]
[ENC] generating rule 6 (1262)
[ENC] generating TRANSFORM_SUBSTRUCTURE payload finished
[ENC]
[ENC] generating SECURITY_ASSOCIATION payload finished
[ENC]
[ENC] generating SECURITY_ASSOCIATION payload finished
[ENC]
[ENC] generating payload of type TS_INITIATOR
[ENC] generating rule 0 U_INT_8
[ENC] => 45
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 1
[ENC] generating rule 11 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 12 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 13 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 14 (1264)
[ENC] generating payload of type TRAFFIC_SELECTOR_SUBSTRUCTURE
[ENC] generating rule 0 TS_TYPE
[ENC] => 7
[ENC] generating rule 1 U_INT_8
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 U_INT_16
[ENC]
[ENC] generating rule 4 U_INT_16
[ENC]
[ENC] generating rule 5 ADDRESS
[ENC]
[ENC] generating rule 6 ADDRESS
[ENC]
[ENC] generating TRAFFIC_SELECTOR_SUBSTRUCTURE payload finished
[ENC]
[ENC] generating TS_INITIATOR payload finished
[ENC]
[ENC] generating payload of type TS_RESPONDER
[ENC] generating rule 0 U_INT_8
[ENC] => 41
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 1
[ENC] generating rule 11 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 12 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 13 RESERVED_BYTE
[ENC] => 0
[ENC] generating rule 14 (1264)
[ENC] generating payload of type TRAFFIC_SELECTOR_SUBSTRUCTURE
[ENC] generating rule 0 TS_TYPE
[ENC] => 7
[ENC] generating rule 1 U_INT_8
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 U_INT_16
[ENC]
[ENC] generating rule 4 U_INT_16
[ENC]
[ENC] generating rule 5 ADDRESS
[ENC]
[ENC] generating rule 6 ADDRESS
[ENC]
[ENC] generating TRAFFIC_SELECTOR_SUBSTRUCTURE payload finished
[ENC]
[ENC] generating TS_RESPONDER payload finished
[ENC]
[ENC] generating payload of type NOTIFY
[ENC] generating rule 0 U_INT_8
[ENC] => 41
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rinitiate failed: establishing CHILD_SA 'customer-networks' failed
ule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 0
[ENC] generating rule 11 SPI_SIZE
[ENC] => 0
[ENC] generating rule 12 U_INT_16
[ENC]
[ENC] generating rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] generating rule 14 CHUNK_DATA
[ENC] => 0 bytes @ (nil)
[ENC] generating NOTIFY payload finished
[ENC]
[ENC] generating payload of type NOTIFY
[ENC] generating rule 0 U_INT_8
[ENC] => 0
[ENC] generating rule 1 FLAG
[ENC] => 0
[ENC] generating rule 2 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 3 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 4 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 5 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 6 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 7 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 8 RESERVED_BIT
[ENC] => 0
[ENC] generating rule 9 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 10 U_INT_8
[ENC] => 0
[ENC] generating rule 11 SPI_SIZE
[ENC] => 0
[ENC] generating rule 12 U_INT_16
[ENC]
[ENC] generating rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] generating rule 14 CHUNK_DATA
[ENC] => 0 bytes @ (nil)
[ENC] generating NOTIFY payload finished
[ENC]
[ENC]
[ENC] generated content in encrypted payload
[ENC] encrypted payload encryption:
[ENC]
[ENC]
[ENC]
[ENC]
[ENC]
[ENC]
[ENC] generating payload of type ENCRYPTED
[ENC] generating rule 0 U_INT_8
[ENC] => 35
[ENC] generating rule 1 U_INT_8
[ENC] => 0
[ENC] generating rule 2 PAYLOAD_LENGTH
[ENC]
[ENC] generating rule 3 CHUNK_DATA
[ENC]
[ENC] generating ENCRYPTED payload finished
[ENC]
[ENC]
[NET] sending packet: from 205.223.229.254[4500] to 217.118.9.36[4500] (304 bytes)
[MGR] checkin IKE_SA customer[47511]
[MGR] checkin of IKE_SA successful
[NET] received packet: from 217.118.9.36[4500] to 205.223.229.254[4500] (96 bytes)
[ENC] parsing body of message, first payload is ENCRYPTED
[ENC] starting parsing a ENCRYPTED payload
[ENC] parsing ENCRYPTED payload, 68 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 41
[ENC] parsing rule 1 U_INT_8
[ENC] => 0
[ENC] parsing rule 2 PAYLOAD_LENGTH
[ENC] => 68
[ENC] parsing rule 3 CHUNK_DATA
[ENC]
[ENC] parsing ENCRYPTED payload finished
[ENC] verifying payload of type ENCRYPTED
[ENC] ENCRYPTED payload verified, adding to payload list
[ENC] ENCRYPTED payload found, stop parsing
[ENC] process payload of type ENCRYPTED
[ENC] found an encrypted payload
[ENC] encrypted payload decryption:
[ENC]
[ENC]
[ENC]
[ENC]
[ENC]
[ENC]
[ENC] parsing NOTIFY payload, 8 bytes left
[ENC]
[ENC] parsing rule 0 U_INT_8
[ENC] => 0
[ENC] parsing rule 1 FLAG
[ENC] => 0
[ENC] parsing rule 2 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 3 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 4 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 5 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 6 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 7 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 8 RESERVED_BIT
[ENC] => 0
[ENC] parsing rule 9 PAYLOAD_LENGTH
[ENC] => 8
[ENC] parsing rule 10 U_INT_8
[ENC] => 1
[ENC] parsing rule 11 SPI_SIZE
[ENC] => 0
[ENC] parsing rule 12 U_INT_16
[ENC] => 24
[ENC] parsing rule 13 SPI
[ENC] => 0 bytes @ (nil)
[ENC] parsing rule 14 CHUNK_DATA
[ENC] => 0 bytes @ (nil)
[ENC] parsing NOTIFY payload finished
[ENC] parsed content of encrypted payload
[ENC] insert decrypted payload of type NOTIFY at end of list
[ENC] verifying message structure
[ENC] found payload of type NOTIFY
[ENC] parsed IKE_AUTH response 1 [ N(AUTH_FAILED) ]
[IKE] received AUTHENTICATION_FAILED notify error
[CHD] CHILD_SA customer-networks{64948} state change: CREATED => DESTROYING
[KNL] deleting SAD entry with SPI cd040247
[KNL]
More information about the Users
mailing list