Hello everyone,
i'm trying for two days now to setup an IKedV2 Roadwarrior VPN.
the logfiles show, that something is not working correctly during
connection establishment.
I changed configs in every way i can think of without success. Why is
it not working ?
Here is the setup.
PF is permissive
Home(internet:178.x.x.x, NAT, lan 192.168.1.0/24) --
internet --
Smartphone(internet:89.x.x.x, NAT, WLanAP 192.168.43.0/24) --
Notebook(OpenBSD6.3, 192.168.43.253)
Home config
ikev2 "VPN HOME" passive esp \
from 192.168.1.1 to 192.168.43.253 \
local 178.x.x.x peer any \
srcid 178.x.x.x \
psk "key" \
config address 192.168.1.100/8 \
config netmask 255.255.255.0 \
config name-server 192.168.1.1
Notebook config
ikev2 "VPN HOME" active esp \
from 192.168.43.253 to 192.168.1.1 peer 178.x.x.x \
psk "key" \
tag "VPN" tap enc0
Home
net.inet.ip.forwarding=1
net.inet.ah.enable=1
net.inet.esp.enable=1
net.inet.esp.udpencap=1
net.inet.esp.udpencap_port=4500
net.inet.ipcomp.enable=1
Notebook
net.inet.ip.forwarding=1
net.inet.ah.enable=1
net.inet.esp.enable=1
net.inet.esp.udpencap=1
net.inet.esp.udpencap_port=4500
net.inet.ipcomp.enable=0
Home
server# iked -dvv
ikev2 "VPN HOME" passive esp inet from 192.168.1.1 to 192.168.43.253
local 178.x.x.x peer any ikesa enc aes-256,aes-192,aes-128,3des prf
hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group
modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth
hmac-sha2-256,hmac-sha1 srcid 178.x.x.x lifetime 10800 bytes 536870912
psk key config address 192.168.1.100 config netmask 255.255.255.0
config name-server 192.168.1.1
/etc/iked.conf: loaded 1 configuration rules
ca_privkey_serialize: type RSA_KEY length 1190
ca_pubkey_serialize: type RSA_KEY length 270
config_getpolicy: received policy
ca_privkey_to_method: type RSA_KEY method RSA_SIG
ca_getkey: received private key type RSA_KEY length 1190
ca_getkey: received public key type RSA_KEY length 270
ca_dispatch_parent: config reset
config_getpfkey: received pfkey fd 3
config_getcompile: compilation done
config_getsocket: received socket fd 4
config_getsocket: received socket fd 5
config_getsocket: received socket fd 6
config_getsocket: received socket fd 7
config_getmobike: mobike
ca_reload: local cert type RSA_KEY
config_getocsp: ocsp_url none
ikev2_dispatch_cert: updated local CERTREQ type RSA_KEY length 0
ikev2_recv: IKE_SA_INIT request from initiator 89.x.x.x:10749 to
178.x.x.x:500 policy 'VPN HOME' id 0, 510 bytes
ikev2_recv: ispi 0x6fa80e0bb275c9db rspi 0x0000000000000000
ikev2_policy2id: srcid IPV4/178.x.x.x length 8
ikev2_pld_parse: header ispi 0x6fa80e0bb275c9db rspi
0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT
flags 0x08 msgid 0 length 510 response 0
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 112
ikev2_pld_sa: more 0 reserved 0 length 108 proposal #1 protoid IKE
spisize 0 xforms 11 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_1536
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_nat_detection: peer source 0x6fa80e0bb275c9db 0x0000000000000000
89.x.x.x:10749
ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP
encapsulation
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_nat_detection: peer destination 0x6fa80e0bb275c9db
0x0000000000000000 178.x.x.x:500
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
ikev2_pld_notify: signature hash SHA2_256 (2)
ikev2_pld_notify: signature hash SHA2_384 (3)
ikev2_pld_notify: signature hash SHA2_512 (4)
sa_state: INIT -> SA_INIT
ikev2_sa_negotiate: score 4
sa_stateok: SA_INIT flags 0x0000, require 0x0000
sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
ikev2_sa_keys: DHSECRET with 256 bytes
ikev2_sa_keys: SKEYSEED with 32 bytes
ikev2_sa_keys: S with 80 bytes
ikev2_prfplus: T1 with 32 bytes
ikev2_prfplus: T2 with 32 bytes
ikev2_prfplus: T3 with 32 bytes
ikev2_prfplus: T4 with 32 bytes
ikev2_prfplus: T5 with 32 bytes
ikev2_prfplus: T6 with 32 bytes
ikev2_prfplus: T7 with 32 bytes
ikev2_prfplus: Tn with 224 bytes
ikev2_sa_keys: SK_d with 32 bytes
ikev2_sa_keys: SK_ai with 32 bytes
ikev2_sa_keys: SK_ar with 32 bytes
ikev2_sa_keys: SK_ei with 32 bytes
ikev2_sa_keys: SK_er with 32 bytes
ikev2_sa_keys: SK_pi with 32 bytes
ikev2_sa_keys: SK_pr with 32 bytes
ikev2_add_proposals: length 44
ikev2_next_payload: length 48 nextpayload KE
ikev2_next_payload: length 264 nextpayload NONCE
ikev2_next_payload: length 36 nextpayload NOTIFY
ikev2_nat_detection: local source 0x6fa80e0bb275c9db
0x103d599e83dc26f7 178.x.x.x:500
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_nat_detection: local destination 0x6fa80e0bb275c9db
0x103d599e83dc26f7 89.x.x.x:10749
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_next_payload: length 14 nextpayload NONE
ikev2_pld_parse: header ispi 0x6fa80e0bb275c9db rspi
0x103d599e83dc26f7 nextpayload SA version 0x20 exchange IKE_SA_INIT
flags 0x20 msgid 0 length 446 response 1
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
ikev2_msg_send: IKE_SA_INIT response from 178.x.x.x:500 to
89.x.x.x:10749 msgid 0, 446 bytes
config_free_proposals: free 0x1f284fa6df80
ikev2_recv: IKE_AUTH request from initiator 89.x.x.x:15384 to
178.x.x.x:4500 policy 'VPN HOME' id 1, 272 bytes
ikev2_recv: ispi 0x6fa80e0bb275c9db rspi 0x103d599e83dc26f7
ikev2_recv: updated SA to peer 89.x.x.x:15384 local 178.x.x.x:4500
ikev2_pld_parse: header ispi 0x6fa80e0bb275c9db rspi
0x103d599e83dc26f7 nextpayload SK version 0x20 exchange IKE_AUTH flags
0x08 msgid 1 length 272 response 0
ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 244
ikev2_msg_decrypt: IV length 16
ikev2_msg_decrypt: encrypted payload length 208
ikev2_msg_decrypt: integrity checksum length 16
ikev2_msg_decrypt: integrity check succeeded
ikev2_msg_decrypt: decrypted payload length 208/208 padding 13
ikev2_pld_payloads: decrypted payload IDi nextpayload AUTH critical
0x00 length 22
ikev2_pld_id: id FQDN/x131e.void.net length 18
ikev2_pld_payloads: decrypted payload AUTH nextpayload SA critical
0x00 length 40
ikev2_pld_auth: method SHARED_KEY_MIC length 32
sa_state: SA_INIT -> AUTH_REQUEST
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 84
ikev2_pld_sa: more 0 reserved 0 length 80 proposal #1 protoid ESP
spisize 4 xforms 7 spi 0x16998449
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
0x00 length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535
ikev2_pld_ts: start 192.168.43.253 end 192.168.43.253
ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical
0x00 length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535
ikev2_pld_ts: start 192.168.1.1 end 192.168.1.1
ikev2_resp_recv: NAT-T message received, updated SA
sa_stateok: SA_INIT flags 0x0000, require 0x0000
policy_lookup: peerid 'x131e.void.net'
ikev2_msg_auth: responder auth data length 510
ikev2_msg_auth: initiator auth data length 574
ikev2_msg_authverify: method SHARED_KEY_MIC keylen 32 type NONE
ikev2_msg_authverify: authentication successful
sa_state: AUTH_REQUEST -> AUTH_SUCCESS
sa_stateflags: 0x0028 -> 0x0038 auth,authvalid,sa (required 0x0038
auth,authvalid,sa)
ikev2_sa_negotiate: score 3
sa_stateflags: 0x0038 -> 0x0038 auth,authvalid,sa (required 0x0038
auth,authvalid,sa)
sa_stateok: VALID flags 0x0038, require 0x0038 auth,authvalid,sa
sa_state: AUTH_SUCCESS -> VALID
sa_stateok: VALID flags 0x0038, require 0x0038 auth,authvalid,sa
ikev2_cp_setaddr: pool configured, but IKEV2_CP_REQUEST missing
ikev2_resp_recv: failed to send auth response
sa_state: VALID -> CLOSED from 89.x.x.x:15384 to 178.x.x.x:4500 policy
'VPN HOME'
ikev2_recv: closing SA
sa_free: ispi 0x6fa80e0bb275c9db rspi 0x103d599e83dc26f7
config_free_proposals: free 0x1f27b6434380
config_free_proposals: free 0x1f283477de00
config_free_proposals: free 0x1f284fa6db00
ikev2_recv: IKE_AUTH request from initiator 89.x.x.x:15384 to
178.x.x.x:4500 policy 'VPN HOME' id 1, 272 bytes
ikev2_recv: ispi 0x6fa80e0bb275c9db rspi 0x103d599e83dc26f7
ikev2_recv: IKE_AUTH request from initiator 89.x.x.x:15384 to
178.x.x.x:4500 policy 'VPN HOME' id 1, 272 bytes
ikev2_recv: ispi 0x6fa80e0bb275c9db rspi 0x103d599e83dc26f7
ikev2_recv: IKE_AUTH request from initiator 89.x.x.x:15384 to
178.x.x.x:4500 policy 'VPN HOME' id 1, 272 bytes
ikev2_recv: ispi 0x6fa80e0bb275c9db rspi 0x103d599e83dc26f7
ikev2_recv: IKE_AUTH request from initiator 89.x.x.x:15384 to
178.x.x.x:4500 policy 'VPN HOME' id 1, 272 bytes
ikev2_recv: ispi 0x6fa80e0bb275c9db rspi 0x103d599e83dc26f7
Notebook
[root@x131e jan]$ iked -dvv
set_policy: could not find pubkey for /etc/iked/pubkeys/ipv4/178.x.x.x
ikev2 "VPN HOME" active esp inet from 192.168.43.253 to 192.168.1.1
local any peer 178.x.x.x ikesa enc aes-256,aes-192,aes-128,3des prf
hmac-sha2-256,hmac-sha1 auth hmac-sha2-256,hmac-sha1 group
modp2048,modp1536,modp1024 childsa enc aes-256,aes-192,aes-128 auth
hmac-sha2-256,hmac-sha1 lifetime 10800 bytes 536870912 psk key tag
"VPN"
/etc/iked.conf: loaded 1 configuration rules
ca_privkey_serialize: type RSA_KEY length 1191
ca_pubkey_serialize: type RSA_KEY length 270
config_getpolicy: received policy
ca_privkey_to_method: type RSA_KEY method RSA_SIG
ca_getkey: received private key type RSA_KEY length 1191
ca_getkey: received public key type RSA_KEY length 270
ca_dispatch_parent: config reset
config_getpfkey: received pfkey fd 3
config_getcompile: compilation done
config_getsocket: received socket fd 4
config_getsocket: received socket fd 5
config_getsocket: received socket fd 6
config_getsocket: received socket fd 7
config_getmobike: mobike
ca_reload: local cert type RSA_KEY
config_getocsp: ocsp_url none
ikev2_dispatch_cert: updated local CERTREQ type RSA_KEY length 0
ikev2_init_ike_sa: initiating "VPN HOME"
ikev2_policy2id: srcid FQDN/x131e.void.net length 18
ikev2_add_proposals: length 108
ikev2_next_payload: length 112 nextpayload KE
ikev2_next_payload: length 264 nextpayload NONCE
ikev2_next_payload: length 36 nextpayload NOTIFY
ikev2_nat_detection: local source 0x6fa80e0bb275c9db
0x0000000000000000 0.0.0.0:500
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_nat_detection: local destination 0x6fa80e0bb275c9db
0x0000000000000000 178.x.x.x:500
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_next_payload: length 14 nextpayload NONE
ikev2_pld_parse: header ispi 0x6fa80e0bb275c9db rspi
0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT
flags 0x08 msgid 0 length 510 response 0
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 112
ikev2_pld_sa: more 0 reserved 0 length 108 proposal #1 protoid IKE
spisize 0 xforms 11 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_1536
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
ikev2_msg_send: IKE_SA_INIT request from 0.0.0.0:500 to 178.x.x.x:500
msgid 0, 510 bytes
sa_state: INIT -> SA_INIT
ikev2_recv: IKE_SA_INIT response from responder 178.x.x.x:500 to
192.168.43.253:500 policy 'VPN HOME' id 0, 446 bytes
ikev2_recv: ispi 0x6fa80e0bb275c9db rspi 0x103d599e83dc26f7
ikev2_recv: updated SA to peer 178.x.x.x:500 local 192.168.43.253:500
ikev2_pld_parse: header ispi 0x6fa80e0bb275c9db rspi
0x103d599e83dc26f7 nextpayload SA version 0x20 exchange IKE_SA_INIT
flags 0x20 msgid 0 length 446 response 1
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE
spisize 0 xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_nat_detection: peer source 0x6fa80e0bb275c9db 0x103d599e83dc26f7
178.x.x.x:500
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_nat_detection: peer destination 0x6fa80e0bb275c9db
0x103d599e83dc26f7 192.168.43.253:500
ikev2_pld_notify: NAT_DETECTION_DESTINATION_IP detected NAT, enabling
UDP encapsulation
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
ikev2_pld_notify: signature hash SHA2_256 (2)
ikev2_pld_notify: signature hash SHA2_384 (3)
ikev2_pld_notify: signature hash SHA2_512 (4)
ikev2_init_recv: NAT detected, updated SA to peer 178.x.x.x:4500 local
192.168.43.253:4500
ikev2_sa_negotiate: score 4
sa_stateok: SA_INIT flags 0x0000, require 0x0008 auth
ikev2_sa_keys: DHSECRET with 256 bytes
ikev2_sa_keys: SKEYSEED with 32 bytes
ikev2_sa_keys: S with 80 bytes
ikev2_prfplus: T1 with 32 bytes
ikev2_prfplus: T2 with 32 bytes
ikev2_prfplus: T3 with 32 bytes
ikev2_prfplus: T4 with 32 bytes
ikev2_prfplus: T5 with 32 bytes
ikev2_prfplus: T6 with 32 bytes
ikev2_prfplus: T7 with 32 bytes
ikev2_prfplus: Tn with 224 bytes
ikev2_sa_keys: SK_d with 32 bytes
ikev2_sa_keys: SK_ai with 32 bytes
ikev2_sa_keys: SK_ar with 32 bytes
ikev2_sa_keys: SK_ei with 32 bytes
ikev2_sa_keys: SK_er with 32 bytes
ikev2_sa_keys: SK_pi with 32 bytes
ikev2_sa_keys: SK_pr with 32 bytes
ikev2_msg_auth: initiator auth data length 574
sa_stateok: SA_INIT flags 0x0008, require 0x0008 auth
ikev2_next_payload: length 22 nextpayload AUTH
ikev2_next_payload: length 40 nextpayload SA
pfkey_sa_getspi: spi 0x16998449
pfkey_sa_init: new spi 0x16998449
ikev2_add_proposals: length 80
ikev2_next_payload: length 84 nextpayload TSi
ikev2_next_payload: length 24 nextpayload TSr
ikev2_next_payload: length 24 nextpayload NONE
ikev2_msg_encrypt: decrypted length 194
ikev2_msg_encrypt: padded length 208
ikev2_msg_encrypt: length 195, padding 13, output length 240
ikev2_next_payload: length 244 nextpayload IDi
ikev2_msg_integr: message length 272
ikev2_msg_integr: integrity checksum length 16
ikev2_pld_parse: header ispi 0x6fa80e0bb275c9db rspi
0x103d599e83dc26f7 nextpayload SK version 0x20 exchange IKE_AUTH flags
0x08 msgid 1 length 272 response 0
ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 244
ikev2_msg_decrypt: IV length 16
ikev2_msg_decrypt: encrypted payload length 208
ikev2_msg_decrypt: integrity checksum length 16
ikev2_msg_decrypt: integrity check succeeded
ikev2_msg_decrypt: decrypted payload length 208/208 padding 13
ikev2_pld_payloads: decrypted payload IDi nextpayload AUTH critical
0x00 length 22
ikev2_pld_id: id FQDN/x131e.void.net length 18
ikev2_pld_payloads: decrypted payload AUTH nextpayload SA critical
0x00 length 40
ikev2_pld_auth: method SHARED_KEY_MIC length 32
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 84
ikev2_pld_sa: more 0 reserved 0 length 80 proposal #1 protoid ESP
spisize 4 xforms 7 spi 0x16998449
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 3 reserved 0 length 8 type ESN id ESN
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical
0x00 length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535
ikev2_pld_ts: start 192.168.43.253 end 192.168.43.253
ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical
0x00 length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535
ikev2_pld_ts: start 192.168.1.1 end 192.168.1.1
ikev2_msg_send: IKE_AUTH request from 192.168.43.253:4500 to
178.x.x.x:4500 msgid 1, 272 bytes, NAT-T
config_free_proposals: free 0x19f32f68ea00
