On Mon, Feb 21, 2022 at 02:55:39PM +0100, Tobias Heider wrote: >On Sat, Feb 19, 2022 at 12:28:15AM -0600, rea...@catastrophe.net wrote: >> IKE is failing when I connect using a simple password defined in >> /etc/iked.conf. I'm connecting from a native Mac client...is >> mschap-v2 on MacOS broken or are my configs wrong? Thanks in advance. >> [..] >> /etc/iked.conf - fails with username/password >> ############################################## >> user "testuser" "testpassword" >> ikev2 "ROAD_WARRIOR" esp \ >> from 0.0.0.0/0 to 10.1.255.0/24 \ >> peer any local vpn.company.com \ >> srcid vpn.company.com \ >> dstid mac-laptop \ >> eap "mschap-v2" \ >> config address 10.1.255.0/24 \ >> config name-server 10.1.255.1 \ >> tag "$name-$id" >> >Hard to tell what's going wrong here. Looks like the mac ignores the IKE_AUTH >response and restarts the handshake. I haven't seen any other reports about >problems with the mac implementation and i don't have one to test. >You could try enabling verbose logging with 'iked -dvvv' or >'ikectl log verbose' and see if that gives us any clues.
Here is the output of iked -dvvv bash-5.1# iked -dvvv create_ike: using signature for peer mac-laptop ikev2 "ROAD_WARRIOR" passive tunnel esp inet from 0.0.0.0/0 to 10.1.255.0/24 local 192.168.110.50 peer any ikesa enc aes-128-gcm enc aes-256-gcm prf hmac-sha2-256 prf hmac-sha2-384 prf hmac-sha2-512 prf hmac-sha1 group curve25519 group ecp521 group ecp384 group ecp256 group modp4096 group modp3072 group modp2048 group modp1536 group modp1024 ikesa enc aes-256 enc aes-192 enc aes-128 enc 3des prf hmac-sha2-256 prf hmac-sha2-384 prf hmac-sha2-512 prf hmac-sha1 auth hmac-sha2-256 auth hmac-sha2-384 auth hmac-sha2-512 auth hmac-sha1 group curve25519 group ecp521 group ecp384 group ecp256 group modp4096 group modp3072 group modp2048 group modp1536 group modp1024 childsa enc aes-128-gcm enc aes-256-gcm group none esn noesn childsa enc aes-256 enc aes-192 enc aes-128 auth hmac-sha2-256 auth hmac-sha2-384 auth hmac-sha2-512 auth hmac-sha1 group none esn noesn srcid vpn.company.com dstid mac-laptop lifetime 10800 bytes 4294967296 eap "MSCHAP_V2" config address 10.1.255.0 config name-server 10.1.255.1 tag "$name-$id" /etc/iked.conf: loaded 2 configuration rules ca_privkey_serialize: type RSA_KEY length 1192 ca_pubkey_serialize: type RSA_KEY length 270 ca_privkey_to_method: type RSA_KEY method RSA_SIG ca_getkey: received private key type RSA_KEY length 1192 ca_getkey: received public key type RSA_KEY length 270 ca_dispatch_parent: config reset ca_reload: loaded cert file vpn.company.com.crt ca_validate_cert: /C=US/ST=Anystate/L=Anytown/O=Company.COM/OU=Remote Network Services/CN=vpn.company.com/emailAddress=r...@company.com unable to get local issuer certificate ca_reload: local cert type RSA_KEY config_getocsp: ocsp_url none tolerate 0 maxage -1 config_new_user: inserting new user testuser user "testuser" "testpassword" ikev2_dispatch_cert: updated local CERTREQ type RSA_KEY length 0 config_getpolicy: received policy config_getpfkey: received pfkey fd 3 config_getcompile: compilation done config_getsocket: received socket fd 4 config_getsocket: received socket fd 5 config_getsocket: received socket fd 6 config_getsocket: received socket fd 7 config_getstatic: dpd_check_interval 60 config_getstatic: no enforcesingleikesa config_getstatic: no fragmentation config_getstatic: mobike config_getstatic: nattport 4500 config_getstatic: no stickyaddress policy_lookup: setting policy 'ROAD_WARRIOR' spi=0x2cb46a467283eb2e: recv IKE_SA_INIT req 0 peer 172.20.20.11:62336 local 192.168.110.50:500, 604 bytes, policy 'ROAD_WARRIOR' ikev2_recv: ispi 0x2cb46a467283eb2e rspi 0x0000000000000000 ikev2_policy2id: srcid FQDN/vpn.company.com length 23 ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 604 response 0 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 220 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #2 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #3 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #4 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 ikev2_pld_sa: more 0 reserved 0 length 40 proposal #5 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 ikev2_pld_ke: dh group MODP_2048 reserved 0 f1adbc44 9431f98e fbaf500c d2f6b8ca d2082592 1b3e8ca0 174d67c1 90bf9fb4 5c76a67d 55040437 45034959 48509849 6666b033 1415c1ca 5904c8ef f41db23b 89a7efba f0b7995f 4ef3d492 60e8ca1d e7b5cc9d 040f2e1f 1a150a16 05b73244 a4287c20 d2bbb2ff b0d51144 aa22136a 41b1350b f25de907 5d1c717b 078fd526 6eb67e46 214db63a 0963304e 943f9cd6 5a8e09ce 5aa8c12f cf05631e 3e673c89 a2994584 69cb9dff d9e867fc 4655fbf3 7181b1a8 e4654651 b4a1d31f 8c168e7a 202949b6 be506df1 64362729 7160a118 4e37c8a1 03abb6ee 6543e4cb 7c5c578d d2a9afa3 90fb675a 1754d1bd 20a2b82e 2eb7dbfc c68300df f99cfca1 8ea4d13d ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 20 cbc87c0b 2cdd22f5 e27d5728 293a1ed5 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP 285c3347 02e18980 3a311319 c820a2b0 e672941a ikev2_nat_detection: peer source 0x2cb46a467283eb2e 0x0000000000000000 172.20.20.11:62336 ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT 0d2d900b bca747f3 9b712d11 83aaa930 c7a76467 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP 763f3eea 3095b3e5 1552866e b9233f03 aa9bc2b2 ikev2_nat_detection: peer destination 0x2cb46a467283eb2e 0x0000000000000000 192.168.110.50:500 763f3eea 3095b3e5 1552866e b9233f03 aa9bc2b2 ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 1 <-> 1 (13): DH MODP_2048 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 2 <-> 1 (7): DH ECP_256 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 3 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 3 <-> 1 (15): DH MODP_1536 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 4 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 4 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 5 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 5 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 1 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 1 <-> 2 (13): DH MODP_2048 (keylength 0 <-> 0) proposals_negotiate: score 16 proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 2 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 2 <-> 2 (7): DH ECP_256 (keylength 0 <-> 0) proposals_negotiate: score 10 proposals_match: xform 3 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 3 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 3 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 3 <-> 2 (15): DH MODP_1536 (keylength 0 <-> 0) proposals_negotiate: score 18 proposals_match: xform 4 <-> 2 (7): ENCR AES_CBC (keylength 128 <-> 0) 128 proposals_match: xform 4 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 4 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) proposals_match: xform 4 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 38 proposals_match: xform 5 <-> 2 (10): ENCR 3DES (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 41 policy_lookup: setting policy 'ROAD_WARRIOR' spi=0x2cb46a467283eb2e: sa_state: INIT -> SA_INIT proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 1 <-> 1 (13): DH MODP_2048 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 2 <-> 1 (7): DH ECP_256 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 3 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 3 <-> 1 (15): DH MODP_1536 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 4 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 4 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 5 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 5 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 1 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 1 <-> 2 (13): DH MODP_2048 (keylength 0 <-> 0) proposals_negotiate: score 16 proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 2 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 2 <-> 2 (7): DH ECP_256 (keylength 0 <-> 0) proposals_negotiate: score 10 proposals_match: xform 3 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 3 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 3 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 3 <-> 2 (15): DH MODP_1536 (keylength 0 <-> 0) proposals_negotiate: score 18 proposals_match: xform 4 <-> 2 (7): ENCR AES_CBC (keylength 128 <-> 0) 128 proposals_match: xform 4 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 4 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) proposals_match: xform 4 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 38 proposals_match: xform 5 <-> 2 (10): ENCR 3DES (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 41 proposals_negotiate: score 1: ENCR AES_CBC 256 proposals_negotiate: score 1: PRF HMAC_SHA2_256 proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128 proposals_negotiate: score 7: DH ECP_256 sa_stateok: SA_INIT flags 0x0000, require 0x0000 sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) spi=0x2cb46a467283eb2e: ikev2_sa_responder_dh: want dh ECP_256, KE has MODP_2048 spi=0x2cb46a467283eb2e: ikev2_resp_recv: failed to negotiate IKE SA spi=0x2cb46a467283eb2e: ikev2_add_error: INVALID_KE_PAYLOAD ikev2_add_error: done ikev2_next_payload: length 10 nextpayload NONE ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x940480243829496e nextpayload NOTIFY version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 38 response 1 ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 10 ikev2_pld_notify: protoid NONE spisize 0 type INVALID_KE_PAYLOAD 0013 spi=0x2cb46a467283eb2e: send IKE_SA_INIT res 0 peer 172.20.20.11:62336 local 192.168.110.50:500, 38 bytes spi=0x2cb46a467283eb2e: sa_state: SA_INIT -> CLOSED from any to any policy 'ROAD_WARRIOR' config_free_proposals: free 0x8f3b2d19b00 config_free_proposals: free 0x8f3b2d19a00 config_free_proposals: free 0x8f3b2d15f80 config_free_proposals: free 0x8f3b2d26480 config_free_proposals: free 0x8f3b2d15200 spi=0x2cb46a467283eb2e: recv IKE_SA_INIT req 0 peer 172.20.20.11:62336 local 192.168.110.50:500, 412 bytes, policy 'ROAD_WARRIOR' ikev2_recv: ispi 0x2cb46a467283eb2e rspi 0x0000000000000000 spi=0x2cb46a467283eb2e: sa_free: ispi 0x2cb46a467283eb2e rspi 0x940480243829496e config_free_proposals: free 0x8f3b2d26680 ikev2_policy2id: srcid FQDN/vpn.company.com length 23 ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 412 response 0 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 220 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #2 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #3 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536 ikev2_pld_sa: more 2 reserved 0 length 44 proposal #4 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 ikev2_pld_sa: more 0 reserved 0 length 40 proposal #5 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72 ikev2_pld_ke: dh group ECP_256 reserved 0 7f3ea78a fe2e796b 7f90510a 50b18846 2416d5d0 b822bcd2 03cec7a7 e41642dd 31ead620 1a9dcf82 7598d586 236c9071 3f90d5f3 69907b05 d2906b2e c2aad6ff ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 20 7997057e 92b50e5b ff320add d69bcfa4 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP 285c3347 02e18980 3a311319 c820a2b0 e672941a ikev2_nat_detection: peer source 0x2cb46a467283eb2e 0x0000000000000000 172.20.20.11:62336 ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT 0d2d900b bca747f3 9b712d11 83aaa930 c7a76467 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP 763f3eea 3095b3e5 1552866e b9233f03 aa9bc2b2 ikev2_nat_detection: peer destination 0x2cb46a467283eb2e 0x0000000000000000 192.168.110.50:500 763f3eea 3095b3e5 1552866e b9233f03 aa9bc2b2 ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 1 <-> 1 (13): DH MODP_2048 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 2 <-> 1 (7): DH ECP_256 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 3 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 3 <-> 1 (15): DH MODP_1536 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 4 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 4 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 5 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 5 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 1 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 1 <-> 2 (13): DH MODP_2048 (keylength 0 <-> 0) proposals_negotiate: score 16 proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 2 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 2 <-> 2 (7): DH ECP_256 (keylength 0 <-> 0) proposals_negotiate: score 10 proposals_match: xform 3 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 3 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 3 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 3 <-> 2 (15): DH MODP_1536 (keylength 0 <-> 0) proposals_negotiate: score 18 proposals_match: xform 4 <-> 2 (7): ENCR AES_CBC (keylength 128 <-> 0) 128 proposals_match: xform 4 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 4 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) proposals_match: xform 4 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 38 proposals_match: xform 5 <-> 2 (10): ENCR 3DES (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 41 policy_lookup: setting policy 'ROAD_WARRIOR' spi=0x2cb46a467283eb2e: sa_state: INIT -> SA_INIT proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 1 <-> 1 (13): DH MODP_2048 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 2 <-> 1 (7): DH ECP_256 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 3 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 3 <-> 1 (15): DH MODP_1536 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 4 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 4 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 5 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 5 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 1 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 1 <-> 2 (13): DH MODP_2048 (keylength 0 <-> 0) proposals_negotiate: score 16 proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 2 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 2 <-> 2 (7): DH ECP_256 (keylength 0 <-> 0) proposals_negotiate: score 10 proposals_match: xform 3 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 3 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 3 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 3 <-> 2 (15): DH MODP_1536 (keylength 0 <-> 0) proposals_negotiate: score 18 proposals_match: xform 4 <-> 2 (7): ENCR AES_CBC (keylength 128 <-> 0) 128 proposals_match: xform 4 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 4 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) proposals_match: xform 4 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 38 proposals_match: xform 5 <-> 2 (10): ENCR 3DES (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) proposals_negotiate: score 41 proposals_negotiate: score 1: ENCR AES_CBC 256 proposals_negotiate: score 1: PRF HMAC_SHA2_256 proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128 proposals_negotiate: score 7: DH ECP_256 sa_stateok: SA_INIT flags 0x0000, require 0x0000 sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) spi=0x2cb46a467283eb2e: ikev2_sa_keys: DHSECRET with 32 bytes 1f76cfd9 fa8e7dbd eb97aafd 5a6f3639 66513e1d 62d5dcd8 1f7dc816 8dc7a659 ikev2_sa_keys: SKEYSEED with 32 bytes 523a456d 8f704897 fc26dcbc 90bddaab ba4cc016 a28e5156 2a4d0b26 11c5c472 spi=0x2cb46a467283eb2e: ikev2_sa_keys: S with 64 bytes 7997057e 92b50e5b ff320add d69bcfa4 1eafa8f6 509355cf 1d59f792 78ff16f5 3dea18b3 7eed86b1 70d2e060 079a8ae1 2cb46a46 7283eb2e 137bbbbd 92cea87c ikev2_prfplus: T1 with 32 bytes 520d97dd 76d89239 b9b2d5ea 18550ceb 6427eb8c ea4b2ef1 9d1214e0 f6026556 ikev2_prfplus: T2 with 32 bytes 50f6e4d6 75a7913c 4435290f d02a18e3 ca6e104f 6aab8b80 28c938f8 09282808 ikev2_prfplus: T3 with 32 bytes 5f367cb9 c8280134 78bea101 dd96d6d4 2690f873 bc6cbbef aafe51e1 363a2cab ikev2_prfplus: T4 with 32 bytes 383497fb ff43f3f8 40326518 c54cbc91 cfef2c31 87001c20 866e4e94 4ca2dedc ikev2_prfplus: T5 with 32 bytes e535455d da8f3e11 10611ea2 902735b5 7abc655c 7d3783b2 faac4eb2 ceadfe51 ikev2_prfplus: T6 with 32 bytes 6e76a748 31b01edb 5fcee843 990d27c9 d30fb621 beada2c0 cb0f1fb9 c6606781 ikev2_prfplus: T7 with 32 bytes e44029df d507c482 29b92b68 702a8961 1533a795 616a29a9 28432bba 928c97ad ikev2_prfplus: Tn with 224 bytes 520d97dd 76d89239 b9b2d5ea 18550ceb 6427eb8c ea4b2ef1 9d1214e0 f6026556 50f6e4d6 75a7913c 4435290f d02a18e3 ca6e104f 6aab8b80 28c938f8 09282808 5f367cb9 c8280134 78bea101 dd96d6d4 2690f873 bc6cbbef aafe51e1 363a2cab 383497fb ff43f3f8 40326518 c54cbc91 cfef2c31 87001c20 866e4e94 4ca2dedc e535455d da8f3e11 10611ea2 902735b5 7abc655c 7d3783b2 faac4eb2 ceadfe51 6e76a748 31b01edb 5fcee843 990d27c9 d30fb621 beada2c0 cb0f1fb9 c6606781 e44029df d507c482 29b92b68 702a8961 1533a795 616a29a9 28432bba 928c97ad ikev2_sa_keys: SK_d with 32 bytes 520d97dd 76d89239 b9b2d5ea 18550ceb 6427eb8c ea4b2ef1 9d1214e0 f6026556 ikev2_sa_keys: SK_ai with 32 bytes 50f6e4d6 75a7913c 4435290f d02a18e3 ca6e104f 6aab8b80 28c938f8 09282808 ikev2_sa_keys: SK_ar with 32 bytes 5f367cb9 c8280134 78bea101 dd96d6d4 2690f873 bc6cbbef aafe51e1 363a2cab ikev2_sa_keys: SK_ei with 32 bytes 383497fb ff43f3f8 40326518 c54cbc91 cfef2c31 87001c20 866e4e94 4ca2dedc ikev2_sa_keys: SK_er with 32 bytes e535455d da8f3e11 10611ea2 902735b5 7abc655c 7d3783b2 faac4eb2 ceadfe51 ikev2_sa_keys: SK_pi with 32 bytes 6e76a748 31b01edb 5fcee843 990d27c9 d30fb621 beada2c0 cb0f1fb9 c6606781 ikev2_sa_keys: SK_pr with 32 bytes e44029df d507c482 29b92b68 702a8961 1533a795 616a29a9 28432bba 928c97ad ikev2_resp_ike_sa_init: detected NAT, enabling UDP encapsulation ikev2_add_proposals: length 44 ikev2_next_payload: length 48 nextpayload KE ikev2_next_payload: length 72 nextpayload NONCE ikev2_next_payload: length 36 nextpayload NOTIFY ikev2_nat_detection: local source 0x2cb46a467283eb2e 0x137bbbbd92cea87c 192.168.110.50:500 ikev2_next_payload: length 28 nextpayload NOTIFY ikev2_nat_detection: local destination 0x2cb46a467283eb2e 0x137bbbbd92cea87c 172.20.20.11:62336 ikev2_next_payload: length 28 nextpayload CERTREQ ikev2_add_certreq: type RSA_KEY length 1 ikev2_next_payload: length 5 nextpayload NONE ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x137bbbbd92cea87c nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 245 response 1 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 ikev2_pld_sa: more 0 reserved 0 length 44 proposal #2 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72 ikev2_pld_ke: dh group ECP_256 reserved 0 953ceb3a f2531b9e 9c941b69 ccca92ec 64b42b61 9ea1ba83 bccd0bad a51757cc 3b07840f af0e4d7b 4ab35534 f54a222d f701b9f8 42e02632 930abc89 7d9deae7 ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 1eafa8f6 509355cf 1d59f792 78ff16f5 3dea18b3 7eed86b1 70d2e060 079a8ae1 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP 081b7a6d 260c19d6 e805e851 d3c9f345 7cc31ac3 ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP ba7bba2f fb6401e3 6168e557 aaf4a39e c7efa043 ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 5 ikev2_pld_certreq: type RSA_KEY length 0 spi=0x2cb46a467283eb2e: send IKE_SA_INIT res 0 peer 172.20.20.11:62336 local 192.168.110.50:500, 245 bytes config_free_proposals: free 0x8f3b2d26700 config_free_proposals: free 0x8f3b2d26000 config_free_proposals: free 0x8f3b2d10b00 config_free_proposals: free 0x8f3b2d2c580 config_free_proposals: free 0x8f3b2d2c600 spi=0x2cb46a467283eb2e: recv IKE_AUTH req 1 peer 172.20.20.11:55618 local 192.168.110.50:4500, 512 bytes, policy 'ROAD_WARRIOR' ikev2_recv: ispi 0x2cb46a467283eb2e rspi 0x137bbbbd92cea87c ikev2_recv: updated SA to peer 172.20.20.11:55618 local 192.168.110.50:4500 ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x137bbbbd92cea87c nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 512 response 0 ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 484 ikev2_msg_decrypt: IV length 16 592a8094 82131658 c5df646a d25a602b ikev2_msg_decrypt: encrypted payload length 448 a2c02504 f472968e 438b05d1 c2592024 9ac07bed 06b3643d ec41a78a 856ea751 f3970957 ebaf2d2d 9f4ae9c4 79495303 d2cee529 6050dd97 36f14420 87b36aa9 34d44944 ad717a20 18272577 7b7f5953 159485c3 98959a31 e6514ba7 ddd04afe 53ce1637 d317c829 84205694 7b684ede e8dfc960 929248cd 4f3f09bf fcc83d69 085f5795 9b80e315 e0d76707 56a13703 4e99b0c4 498c752e 1d1d91e3 eab98087 42872c91 20dc81bc 5f436be4 9f41c9e4 d59153dc 946592af 3be94873 2a17f39e e605cfe9 3a6b4d4d c663f9e8 b765be00 6e5b1560 7cdf96f0 a047873a 34fb1266 fc033ac5 8e34d88c 021b3bb1 3a829314 78bbc484 ea051799 5739872d 92ce5b9f 973c48d2 a8759922 3a302b95 d8819f12 3bf8b789 625ca26a 3e0bf0c3 a59746cc 89a3beb1 0ef270cb 78978c49 8eda5e12 e0212977 b7f34067 73428f1d b4531ca8 448e65a6 9d4f22f7 cbfeb1c4 b869983c f480cce1 e2ebc711 7639327a 8f98ff5b 0acdbd2f 76590773 a9a76925 9e719717 237f6167 ce123a13 e168a3bb 42efce12 41a69050 cfa6cbfe 4c7099f5 631532a4 2b12803b f6463c92 8518e3a4 80d58b2f 06dba1ff 6fc83218 231d93a3 75e27f16 c42c22e2 fe0054fc 1797452d a3c9c6f8 ikev2_msg_decrypt: integrity checksum length 16 5288433e f46da10b 0bfbb802 4a312467 ikev2_msg_decrypt: integrity check succeeded 5288433e f46da10b 0bfbb802 4a312467 ikev2_msg_decrypt: decrypted payload length 448/448 padding 5 2900000f 02000000 6e657074 756e6524 00000800 0040002f 00001b02 0000006c 61782e63 61746173 74726f70 68652e6e 65742900 00280100 00000001 00000002 00000006 00000003 00000008 0000000c 0000000a 00000019 00002900 00080000 400a2100 00080000 400b2c00 00c80200 00280103 04030e4a 6ada0300 000c0100 000c800e 01000300 00080300 000c0000 00080500 00000200 00280203 0403009c 37b70300 000c0100 000c800e 01000300 00080300 000c0000 00080500 00000200 00280303 04030ff4 35160300 000c0100 000c800e 01000300 00080300 000c0000 00080500 00000200 00280403 040303f5 f8250300 000c0100 000c800e 00800300 00080300 00020000 00080500 00000000 00240503 04030c0e f0b00300 00080100 00030300 00080300 00020000 00080500 00002d00 00400200 00000700 00100000 ffff0000 0000ffff ffff0800 00280000 ffff0000 00000000 00000000 00000000 0000ffff ffffffff ffffffff ffffffff ffff2900 00400200 00000700 00100000 ffff0000 0000ffff ffff0800 00280000 ffff0000 00000000 00000000 00000000 0000ffff ffffffff ffffffff ffffffff ffff0000 00080000 400c42b8 4403f205 ikev2_pld_payloads: decrypted payload IDi nextpayload NOTIFY critical 0x00 length 15 ikev2_pld_id: id FQDN/mac-laptop length 11 ikev2_pld_payloads: decrypted payload NOTIFY nextpayload IDr critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT ikev2_pld_payloads: decrypted payload IDr nextpayload CP critical 0x00 length 27 ikev2_pld_id: id FQDN/vpn.company.com length 23 ikev2_pld_id: unexpected id payload ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 length 40 ikev2_pld_cp: type REQUEST length 32 00010000 00020000 00060000 00030000 00080000 000c0000 000a0000 00190000 ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0 ikev2_pld_cp: INTERNAL_IP4_NETMASK 0x0002 length 0 ikev2_pld_cp: INTERNAL_IP4_DHCP 0x0006 length 0 ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0 ikev2_pld_cp: INTERNAL_IP6_ADDRESS 0x0008 length 0 ikev2_pld_cp: INTERNAL_IP6_DHCP 0x000c length 0 ikev2_pld_cp: INTERNAL_IP6_DNS 0x000a length 0 ikev2_pld_cp: <UNKNOWN:25> 0x0019 length 0 ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type ESP_TFC_PADDING_NOT_SUPPORTED ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type NON_FIRST_FRAGMENTS_ALSO ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 200 ikev2_pld_sa: more 2 reserved 0 length 40 proposal #1 protoid ESP spisize 4 xforms 3 spi 0x0e4a6ada ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE ikev2_pld_sa: more 2 reserved 0 length 40 proposal #2 protoid ESP spisize 4 xforms 3 spi 0x009c37b7 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE ikev2_pld_sa: more 2 reserved 0 length 40 proposal #3 protoid ESP spisize 4 xforms 3 spi 0x0ff43516 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE ikev2_pld_sa: more 2 reserved 0 length 40 proposal #4 protoid ESP spisize 4 xforms 3 spi 0x03f5f825 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE ikev2_pld_sa: more 0 reserved 0 length 36 proposal #5 protoid ESP spisize 4 xforms 3 spi 0x0c0ef0b0 ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 64 ikev2_pld_tss: count 2 length 56 ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535 ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255 ikev2_pld_tss: type IPV6_ADDR_RANGE protoid 0 length 40 startport 0 endport 65535 ikev2_pld_ts: start :: end ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical 0x00 length 64 ikev2_pld_tss: count 2 length 56 ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535 ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255 ikev2_pld_tss: type IPV6_ADDR_RANGE protoid 0 length 40 startport 0 endport 65535 ikev2_pld_ts: start :: end ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED ikev2_handle_notifies: mobike enabled sa_stateok: SA_INIT flags 0x0000, require 0x0000 spi=0x2cb46a467283eb2e: sa_state: SA_INIT -> EAP policy_lookup: peerid 'mac-laptop' proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 2 <-> 1 (7): DH ECP_256 (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 0 <-> 0) 256 proposals_match: xform 2 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 2 <-> 2 (7): DH ECP_256 (keylength 0 <-> 0) proposals_negotiate: score 10 policy_lookup: setting policy 'ROAD_WARRIOR' ikev2_policy2id: srcid FQDN/vpn.company.com length 23 sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x0079 cert,auth,authvalid,sa,eapvalid) ikev2_msg_auth: responder auth data length 293 2cb46a46 7283eb2e 137bbbbd 92cea87c 21202220 00000000 000000f5 22000030 0000002c 02010004 0300000c 0100000c 800e0100 03000008 02000005 03000008 0300000c 00000008 04000013 28000048 00130000 953ceb3a f2531b9e 9c941b69 ccca92ec 64b42b61 9ea1ba83 bccd0bad a51757cc 3b07840f af0e4d7b 4ab35534 f54a222d f701b9f8 42e02632 930abc89 7d9deae7 29000024 1eafa8f6 509355cf 1d59f792 78ff16f5 3dea18b3 7eed86b1 70d2e060 079a8ae1 2900001c 00004004 081b7a6d 260c19d6 e805e851 d3c9f345 7cc31ac3 2600001c 00004005 ba7bba2f fb6401e3 6168e557 aaf4a39e c7efa043 00000005 0b799705 7e92b50e 5bff320a ddd69bcf a46bec8a 91381953 c2f07d10 dae1411b 424b4c2f 9d0fd191 18a345c5 1ffec1c8 fa ca_setauth: switching SIG to RSA_SIG(*) ca_setauth: auth length 293 proposals_match: xform 1 <-> 1 (2): ESN NONE (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 2 <-> 1 (2): ESN NONE (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 3 <-> 1 (2): ESN NONE (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 4 <-> 1 (2): ESN NONE (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 5 <-> 1 (2): ESN NONE (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_match: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 1 <-> 2 (2): ESN NONE (keylength 0 <-> 0) proposals_negotiate: score 4 proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 2 <-> 2 (2): ESN NONE (keylength 0 <-> 0) proposals_negotiate: score 4 proposals_match: xform 3 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 proposals_match: xform 3 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 0) proposals_match: xform 3 <-> 2 (2): ESN NONE (keylength 0 <-> 0) proposals_negotiate: score 4 proposals_match: xform 4 <-> 2 (7): ENCR AES_CBC (keylength 128 <-> 0) 128 proposals_match: xform 4 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) proposals_match: xform 4 <-> 2 (2): ESN NONE (keylength 0 <-> 0) proposals_negotiate: score 19 proposals_match: xform 5 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) proposals_match: xform 5 <-> 2 (2): ESN NONE (keylength 0 <-> 0) proposals_negotiate: score 0 proposals_negotiate: score 1: ENCR AES_CBC 256 proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128 proposals_negotiate: score 2: ESN NONE sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x0079 cert,auth,authvalid,sa,eapvalid) config_free_proposals: free 0x8f3b2d15680 config_free_proposals: free 0x8f3b2d2c800 config_free_proposals: free 0x8f3b2d10080 config_free_proposals: free 0x8f3b2d10100 config_free_proposals: free 0x8f3b2d15600 ca_getreq: using local public key of type RSA_KEY ca_setauth: auth length 256 ikev2_getimsgdata: imsg 22 rspi 0x137bbbbd92cea87c ispi 0x2cb46a467283eb2e initiator 0 sa valid type 11 data length 270 ikev2_dispatch_cert: cert type RSA_KEY length 270, ok sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x0079 cert,auth,authvalid,sa,eapvalid) ikev2_getimsgdata: imsg 35 rspi 0x137bbbbd92cea87c ispi 0x2cb46a467283eb2e initiator 0 sa valid type 1 data length 256 ikev2_dispatch_cert: AUTH type 1 len 256 sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required 0x0079 cert,auth,authvalid,sa,eapvalid) ikev2_next_payload: length 27 nextpayload CERT ikev2_next_payload: length 275 nextpayload AUTH ikev2_next_payload: length 264 nextpayload EAP ikev2_next_payload: length 9 nextpayload NONE ikev2_next_payload: length 612 nextpayload IDr ikev2_msg_encrypt: decrypted length 575 2500001b 02000000 6c61782e 63617461 7374726f 7068652e 6e657427 0001130b 3082010a 02820101 00c399db 355d8f29 015c1af3 1ac78343 2f2bab59 4fb72ea2 d7e5dc06 127a589b f2322355 82c523ec 876573c6 08ef62f7 3f581ce8 e2cc7e3f 34c5d1e0 efb8677c f0ff59d1 7d505c34 a733f600 1acb73f9 a8b5c572 eb9a8e92 5a6d91ed 3d162e0f 83b34866 179cf49a fa44f754 135c7745 29988e90 ac9697b8 d49e027e 11e7defb fc49bbd7 d8aca879 668844dd cda40ac0 25aaada4 80164790 3737993a c6f20d18 a250e500 09684da6 fd6161ec cfc1d34a ed4fe025 feb743b6 8eda8f5d dc7f1310 11b0c81b 249a514d da1b269a 0f1b7922 cd141b67 5e38037a ff1c49aa 7f0123f1 f435a919 51d7d2d9 4041ead4 bf5153af 42ff26b2 2c8ce716 6309a439 664b4749 a1020301 00013000 01080100 00002fb7 311a6a7b 623d8941 081e8bf5 030f4ee9 a7c9f18d c7c5df95 133691c5 bf93c265 56e5cf57 f26702d4 59be3837 f29d98a3 4fd806c9 9a20eba1 546cefb4 ae527b11 24cef99d c238981e d098c6f2 01af46de 52c67863 b47c15cb fa4f7bee 4cbae348 2a1c39e4 713a6b9b b46e89f5 17262966 2ebee2e6 308d9486 7debe2de 1cfe731b 3d65c300 61928c89 507eaa7a b91c0d9d 7e44513a 0bb02d18 cc4e4494 c0ab802a 7255a79a 84f60ed2 9b187714 c82a961b f2f5c8af 7f0c4dc2 91216be0 7b4441b3 828e4c3e a08df000 d3f05e0d 1a080765 b95a9546 c80847f3 030e884c 415ad83e afb0b2d2 9762162a 978aee7a 14486d8f 5409be1b 1abbcd07 0d4bea8c c7180000 00090100 000501 ikev2_msg_encrypt: padded length 576 2500001b 02000000 6c61782e 63617461 7374726f 7068652e 6e657427 0001130b 3082010a 02820101 00c399db 355d8f29 015c1af3 1ac78343 2f2bab59 4fb72ea2 d7e5dc06 127a589b f2322355 82c523ec 876573c6 08ef62f7 3f581ce8 e2cc7e3f 34c5d1e0 efb8677c f0ff59d1 7d505c34 a733f600 1acb73f9 a8b5c572 eb9a8e92 5a6d91ed 3d162e0f 83b34866 179cf49a fa44f754 135c7745 29988e90 ac9697b8 d49e027e 11e7defb fc49bbd7 d8aca879 668844dd cda40ac0 25aaada4 80164790 3737993a c6f20d18 a250e500 09684da6 fd6161ec cfc1d34a ed4fe025 feb743b6 8eda8f5d dc7f1310 11b0c81b 249a514d da1b269a 0f1b7922 cd141b67 5e38037a ff1c49aa 7f0123f1 f435a919 51d7d2d9 4041ead4 bf5153af 42ff26b2 2c8ce716 6309a439 664b4749 a1020301 00013000 01080100 00002fb7 311a6a7b 623d8941 081e8bf5 030f4ee9 a7c9f18d c7c5df95 133691c5 bf93c265 56e5cf57 f26702d4 59be3837 f29d98a3 4fd806c9 9a20eba1 546cefb4 ae527b11 24cef99d c238981e d098c6f2 01af46de 52c67863 b47c15cb fa4f7bee 4cbae348 2a1c39e4 713a6b9b b46e89f5 17262966 2ebee2e6 308d9486 7debe2de 1cfe731b 3d65c300 61928c89 507eaa7a b91c0d9d 7e44513a 0bb02d18 cc4e4494 c0ab802a 7255a79a 84f60ed2 9b187714 c82a961b f2f5c8af 7f0c4dc2 91216be0 7b4441b3 828e4c3e a08df000 d3f05e0d 1a080765 b95a9546 c80847f3 030e884c 415ad83e afb0b2d2 9762162a 978aee7a 14486d8f 5409be1b 1abbcd07 0d4bea8c c7180000 00090100 00050100 ikev2_msg_encrypt: length 576, padding 0, output length 608 85c15226 1ff9cd72 af54ba13 d83d2b57 5e0adab8 7b3d10d3 f197dda8 45c3719f a6b42345 0d8ffd4e e8aba2c5 7b3003f1 a91bde6a b4d18b12 b4a56d11 b362386c b9957a18 51bd72bb c612baee 9613acd9 01747041 38ea3f0e e325aa1f ab8c9da6 f4585f8f eec07f8c e16d9d9e 7035685a 1f62151d 498a163f bc176854 111c8d13 ff3130ed 739e18bb 0a071b93 f840a71e 38be4753 d7276bc1 84e0172c 26031dfc 6e7b5695 7e623c8c 5433c51a 884cd418 2147dce2 e4dfd3ae ea485c35 351fd03f a416f2ad aa81f224 f3735b3d 5abae41c caa86d6f 9c0b3e60 0a6bff83 09abeaa2 1af83329 2e0c6b4b 53c78d9e 8190ac83 b49ebde1 1e499dfb 446b1518 9ae44ec5 4b0728be 70353f3f 848c3f0e 55219bf5 26566aa3 5c908a67 b179590f 02edd4a4 7949d29e 37d1f29a 2e792c8f 3987ba61 da38d56d a7a92e00 988e6885 9d2c45ed dcfed8de afa48aed f8be37fd e8e0c344 cf598aa4 a4667c70 0f093a3d e42e3926 81b65674 13944628 90d1787a 15ec6c1d 25f96982 875e2258 fec7ec08 86083c4f 5d76e8c1 2ab11b20 9cfd4200 37cadebe 464678b0 873603d8 519dc5fd c90913f9 b3bb987c facc2b9f 1eacf5dc 8279ecdf dc4e70ea b57e41c1 f63c6c2e 81e16015 175bc715 3c4d0411 c68845bc b1335055 fdf9382d 9ff158be 4a0300d9 a2c14f58 19ca000c 279ed955 7908bc6e 773d0a60 8d1fc74a 1dac4bc6 62bac0cb b0aef764 8a440d7f 43f88e2c 4a3c2fd2 34d1f1c3 d0dc26cd e60976d4 624c9cc5 bf91bb53 39dcf14f fdca67e7 f005bb10 722a7f65 5446def7 2d5e005b 7f1af083 6cb36144 e20cee0c 1f1e02f2 bb326941 d49bf0c6 00000000 00000000 00000000 00000000 ikev2_msg_integr: message length 640 2cb46a46 7283eb2e 137bbbbd 92cea87c 2e202320 00000001 00000280 24000264 85c15226 1ff9cd72 af54ba13 d83d2b57 5e0adab8 7b3d10d3 f197dda8 45c3719f a6b42345 0d8ffd4e e8aba2c5 7b3003f1 a91bde6a b4d18b12 b4a56d11 b362386c b9957a18 51bd72bb c612baee 9613acd9 01747041 38ea3f0e e325aa1f ab8c9da6 f4585f8f eec07f8c e16d9d9e 7035685a 1f62151d 498a163f bc176854 111c8d13 ff3130ed 739e18bb 0a071b93 f840a71e 38be4753 d7276bc1 84e0172c 26031dfc 6e7b5695 7e623c8c 5433c51a 884cd418 2147dce2 e4dfd3ae ea485c35 351fd03f a416f2ad aa81f224 f3735b3d 5abae41c caa86d6f 9c0b3e60 0a6bff83 09abeaa2 1af83329 2e0c6b4b 53c78d9e 8190ac83 b49ebde1 1e499dfb 446b1518 9ae44ec5 4b0728be 70353f3f 848c3f0e 55219bf5 26566aa3 5c908a67 b179590f 02edd4a4 7949d29e 37d1f29a 2e792c8f 3987ba61 da38d56d a7a92e00 988e6885 9d2c45ed dcfed8de afa48aed f8be37fd e8e0c344 cf598aa4 a4667c70 0f093a3d e42e3926 81b65674 13944628 90d1787a 15ec6c1d 25f96982 875e2258 fec7ec08 86083c4f 5d76e8c1 2ab11b20 9cfd4200 37cadebe 464678b0 873603d8 519dc5fd c90913f9 b3bb987c facc2b9f 1eacf5dc 8279ecdf dc4e70ea b57e41c1 f63c6c2e 81e16015 175bc715 3c4d0411 c68845bc b1335055 fdf9382d 9ff158be 4a0300d9 a2c14f58 19ca000c 279ed955 7908bc6e 773d0a60 8d1fc74a 1dac4bc6 62bac0cb b0aef764 8a440d7f 43f88e2c 4a3c2fd2 34d1f1c3 d0dc26cd e60976d4 624c9cc5 bf91bb53 39dcf14f fdca67e7 f005bb10 722a7f65 5446def7 2d5e005b 7f1af083 6cb36144 e20cee0c 1f1e02f2 bb326941 d49bf0c6 00000000 00000000 00000000 00000000 ikev2_msg_integr: integrity checksum length 16 a3badec3 bc5bd2fc 67089d67 462ccf19 5ca2b136 3ddc5e52 104b9f65 29a739f6 ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x137bbbbd92cea87c nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 640 response 1 ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 612 ikev2_msg_decrypt: IV length 16 85c15226 1ff9cd72 af54ba13 d83d2b57 ikev2_msg_decrypt: encrypted payload length 576 5e0adab8 7b3d10d3 f197dda8 45c3719f a6b42345 0d8ffd4e e8aba2c5 7b3003f1 a91bde6a b4d18b12 b4a56d11 b362386c b9957a18 51bd72bb c612baee 9613acd9 01747041 38ea3f0e e325aa1f ab8c9da6 f4585f8f eec07f8c e16d9d9e 7035685a 1f62151d 498a163f bc176854 111c8d13 ff3130ed 739e18bb 0a071b93 f840a71e 38be4753 d7276bc1 84e0172c 26031dfc 6e7b5695 7e623c8c 5433c51a 884cd418 2147dce2 e4dfd3ae ea485c35 351fd03f a416f2ad aa81f224 f3735b3d 5abae41c caa86d6f 9c0b3e60 0a6bff83 09abeaa2 1af83329 2e0c6b4b 53c78d9e 8190ac83 b49ebde1 1e499dfb 446b1518 9ae44ec5 4b0728be 70353f3f 848c3f0e 55219bf5 26566aa3 5c908a67 b179590f 02edd4a4 7949d29e 37d1f29a 2e792c8f 3987ba61 da38d56d a7a92e00 988e6885 9d2c45ed dcfed8de afa48aed f8be37fd e8e0c344 cf598aa4 a4667c70 0f093a3d e42e3926 81b65674 13944628 90d1787a 15ec6c1d 25f96982 875e2258 fec7ec08 86083c4f 5d76e8c1 2ab11b20 9cfd4200 37cadebe 464678b0 873603d8 519dc5fd c90913f9 b3bb987c facc2b9f 1eacf5dc 8279ecdf dc4e70ea b57e41c1 f63c6c2e 81e16015 175bc715 3c4d0411 c68845bc b1335055 fdf9382d 9ff158be 4a0300d9 a2c14f58 19ca000c 279ed955 7908bc6e 773d0a60 8d1fc74a 1dac4bc6 62bac0cb b0aef764 8a440d7f 43f88e2c 4a3c2fd2 34d1f1c3 d0dc26cd e60976d4 624c9cc5 bf91bb53 39dcf14f fdca67e7 f005bb10 722a7f65 5446def7 2d5e005b 7f1af083 6cb36144 e20cee0c 1f1e02f2 bb326941 d49bf0c6 ikev2_msg_decrypt: integrity checksum length 16 a3badec3 bc5bd2fc 67089d67 462ccf19 ikev2_msg_decrypt: integrity check succeeded a3badec3 bc5bd2fc 67089d67 462ccf19 ikev2_msg_decrypt: decrypted payload length 576/576 padding 0 2500001b 02000000 6c61782e 63617461 7374726f 7068652e 6e657427 0001130b 3082010a 02820101 00c399db 355d8f29 015c1af3 1ac78343 2f2bab59 4fb72ea2 d7e5dc06 127a589b f2322355 82c523ec 876573c6 08ef62f7 3f581ce8 e2cc7e3f 34c5d1e0 efb8677c f0ff59d1 7d505c34 a733f600 1acb73f9 a8b5c572 eb9a8e92 5a6d91ed 3d162e0f 83b34866 179cf49a fa44f754 135c7745 29988e90 ac9697b8 d49e027e 11e7defb fc49bbd7 d8aca879 668844dd cda40ac0 25aaada4 80164790 3737993a c6f20d18 a250e500 09684da6 fd6161ec cfc1d34a ed4fe025 feb743b6 8eda8f5d dc7f1310 11b0c81b 249a514d da1b269a 0f1b7922 cd141b67 5e38037a ff1c49aa 7f0123f1 f435a919 51d7d2d9 4041ead4 bf5153af 42ff26b2 2c8ce716 6309a439 664b4749 a1020301 00013000 01080100 00002fb7 311a6a7b 623d8941 081e8bf5 030f4ee9 a7c9f18d c7c5df95 133691c5 bf93c265 56e5cf57 f26702d4 59be3837 f29d98a3 4fd806c9 9a20eba1 546cefb4 ae527b11 24cef99d c238981e d098c6f2 01af46de 52c67863 b47c15cb fa4f7bee 4cbae348 2a1c39e4 713a6b9b b46e89f5 17262966 2ebee2e6 308d9486 7debe2de 1cfe731b 3d65c300 61928c89 507eaa7a b91c0d9d 7e44513a 0bb02d18 cc4e4494 c0ab802a 7255a79a 84f60ed2 9b187714 c82a961b f2f5c8af 7f0c4dc2 91216be0 7b4441b3 828e4c3e a08df000 d3f05e0d 1a080765 b95a9546 c80847f3 030e884c 415ad83e afb0b2d2 9762162a 978aee7a 14486d8f 5409be1b 1abbcd07 0d4bea8c c7180000 00090100 00050100 ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 length 27 ikev2_pld_id: id FQDN/vpn.company.com length 23 ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 length 275 ikev2_pld_cert: type RSA_KEY length 270 3082010a 02820101 00c399db 355d8f29 015c1af3 1ac78343 2f2bab59 4fb72ea2 d7e5dc06 127a589b f2322355 82c523ec 876573c6 08ef62f7 3f581ce8 e2cc7e3f 34c5d1e0 efb8677c f0ff59d1 7d505c34 a733f600 1acb73f9 a8b5c572 eb9a8e92 5a6d91ed 3d162e0f 83b34866 179cf49a fa44f754 135c7745 29988e90 ac9697b8 d49e027e 11e7defb fc49bbd7 d8aca879 668844dd cda40ac0 25aaada4 80164790 3737993a c6f20d18 a250e500 09684da6 fd6161ec cfc1d34a ed4fe025 feb743b6 8eda8f5d dc7f1310 11b0c81b 249a514d da1b269a 0f1b7922 cd141b67 5e38037a ff1c49aa 7f0123f1 f435a919 51d7d2d9 4041ead4 bf5153af 42ff26b2 2c8ce716 6309a439 664b4749 a1020301 0001 ikev2_pld_payloads: decrypted payload AUTH nextpayload EAP critical 0x00 length 264 ikev2_pld_auth: method RSA_SIG length 256 2fb7311a 6a7b623d 8941081e 8bf5030f 4ee9a7c9 f18dc7c5 df951336 91c5bf93 c26556e5 cf57f267 02d459be 3837f29d 98a34fd8 06c99a20 eba1546c efb4ae52 7b1124ce f99dc238 981ed098 c6f201af 46de52c6 7863b47c 15cbfa4f 7bee4cba e3482a1c 39e4713a 6b9bb46e 89f51726 29662ebe e2e6308d 94867deb e2de1cfe 731b3d65 c3006192 8c89507e aa7ab91c 0d9d7e44 513a0bb0 2d18cc4e 4494c0ab 802a7255 a79a84f6 0ed29b18 7714c82a 961bf2f5 c8af7f0c 4dc29121 6be07b44 41b3828e 4c3ea08d f000d3f0 5e0d1a08 0765b95a 9546c808 47f3030e 884c415a d83eafb0 b2d29762 162a978a ee7a1448 6d8f5409 be1b1abb cd070d4b ea8cc718 ikev2_pld_payloads: decrypted payload EAP nextpayload NONE critical 0x00 length 9 spi=0x2cb46a467283eb2e: ikev2_pld_eap: REQUEST id 0 length 5 EAP-IDENTITY spi=0x2cb46a467283eb2e: send IKE_AUTH res 1 peer 172.20.20.11:55618 local 192.168.110.50:4500, 640 bytes, NAT-T ^Cconfig_doreset: flushing policies config_doreset: flushing SAs config_free_proposals: free 0x8f3b2d15580 config_free_proposals: free 0x8f3b2d15700 config_free_proposals: free 0x8f3b2d26d80 config_free_proposals: free 0x8f3b2d2ca00 config_free_proposals: free 0x8f3b2d26e00 config_free_proposals: free 0x8f3b2d2c300 config_free_flows: free 0x8f3b2d05400 config_doreset: flushing users ca exiting, pid 69111 control exiting, pid 57526 ikev2 exiting, pid 38703 parent terminating Thanks for the help.
