On Mon, Feb 21, 2022 at 09:12:27AM -0600, rea...@catastrophe.net wrote: > On Mon, Feb 21, 2022 at 02:55:39PM +0100, Tobias Heider wrote: > >On Sat, Feb 19, 2022 at 12:28:15AM -0600, rea...@catastrophe.net wrote: > >> IKE is failing when I connect using a simple password defined in > >> /etc/iked.conf. I'm connecting from a native Mac client...is > >> mschap-v2 on MacOS broken or are my configs wrong? Thanks in advance. > >> > [..] > >> /etc/iked.conf - fails with username/password > >> ############################################## > >> user "testuser" "testpassword" > >> ikev2 "ROAD_WARRIOR" esp \ > >> from 0.0.0.0/0 to 10.1.255.0/24 \ > >> peer any local vpn.company.com \ > >> srcid vpn.company.com \ > >> dstid mac-laptop \ > >> eap "mschap-v2" \ > >> config address 10.1.255.0/24 \ > >> config name-server 10.1.255.1 \ > >> tag "$name-$id" > >> > >Hard to tell what's going wrong here. Looks like the mac ignores the IKE_AUTH > >response and restarts the handshake. I haven't seen any other reports about > >problems with the mac implementation and i don't have one to test. > >You could try enabling verbose logging with 'iked -dvvv' or > >'ikectl log verbose' and see if that gives us any clues. > > Here is the output of iked -dvvv
Looks all ok. Is there any way to get logs from the mac? It still looks like the other side just drops the AUTH response for no obvious reason. > > bash-5.1# iked -dvvv > create_ike: using signature for peer mac-laptop > ikev2 "ROAD_WARRIOR" passive tunnel esp inet from 0.0.0.0/0 to 10.1.255.0/24 > local 192.168.110.50 peer any ikesa enc aes-128-gcm enc aes-256-gcm prf > hmac-sha2-256 prf hmac-sha2-384 prf hmac-sha2-512 prf hmac-sha1 group > curve25519 group ecp521 group ecp384 group ecp256 group modp4096 group > modp3072 group modp2048 group modp1536 group modp1024 ikesa enc aes-256 enc > aes-192 enc aes-128 enc 3des prf hmac-sha2-256 prf hmac-sha2-384 prf > hmac-sha2-512 prf hmac-sha1 auth hmac-sha2-256 auth hmac-sha2-384 auth > hmac-sha2-512 auth hmac-sha1 group curve25519 group ecp521 group ecp384 group > ecp256 group modp4096 group modp3072 group modp2048 group modp1536 group > modp1024 childsa enc aes-128-gcm enc aes-256-gcm group none esn noesn childsa > enc aes-256 enc aes-192 enc aes-128 auth hmac-sha2-256 auth hmac-sha2-384 > auth hmac-sha2-512 auth hmac-sha1 group none esn noesn srcid vpn.company.com > dstid mac-laptop lifetime 10800 bytes 4294967296 eap "MSCHAP_V2" config > address 10.1.255.0 config name-server 10.1.255.1 tag "$name-$id" > /etc/iked.conf: loaded 2 configuration rules > ca_privkey_serialize: type RSA_KEY length 1192 > ca_pubkey_serialize: type RSA_KEY length 270 > ca_privkey_to_method: type RSA_KEY method RSA_SIG > ca_getkey: received private key type RSA_KEY length 1192 > ca_getkey: received public key type RSA_KEY length 270 > ca_dispatch_parent: config reset > ca_reload: loaded cert file vpn.company.com.crt > ca_validate_cert: /C=US/ST=Anystate/L=Anytown/O=Company.COM/OU=Remote Network > Services/CN=vpn.company.com/emailAddress=r...@company.com unable to get local > issuer certificate > ca_reload: local cert type RSA_KEY > config_getocsp: ocsp_url none tolerate 0 maxage -1 > config_new_user: inserting new user testuser > user "testuser" "testpassword" > ikev2_dispatch_cert: updated local CERTREQ type RSA_KEY length 0 > config_getpolicy: received policy > config_getpfkey: received pfkey fd 3 > config_getcompile: compilation done > config_getsocket: received socket fd 4 > config_getsocket: received socket fd 5 > config_getsocket: received socket fd 6 > config_getsocket: received socket fd 7 > config_getstatic: dpd_check_interval 60 > config_getstatic: no enforcesingleikesa > config_getstatic: no fragmentation > config_getstatic: mobike > config_getstatic: nattport 4500 > config_getstatic: no stickyaddress > policy_lookup: setting policy 'ROAD_WARRIOR' > spi=0x2cb46a467283eb2e: recv IKE_SA_INIT req 0 peer 172.20.20.11:62336 local > 192.168.110.50:500, 604 bytes, policy 'ROAD_WARRIOR' > ikev2_recv: ispi 0x2cb46a467283eb2e rspi 0x0000000000000000 > ikev2_policy2id: srcid FQDN/vpn.company.com length 23 > ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x0000000000000000 > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length > 604 response 0 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 220 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #2 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #3 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #4 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #5 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 > ikev2_pld_ke: dh group MODP_2048 reserved 0 > f1adbc44 9431f98e fbaf500c d2f6b8ca d2082592 1b3e8ca0 174d67c1 90bf9fb4 > 5c76a67d 55040437 45034959 48509849 6666b033 1415c1ca 5904c8ef f41db23b > 89a7efba f0b7995f 4ef3d492 60e8ca1d e7b5cc9d 040f2e1f 1a150a16 05b73244 > a4287c20 d2bbb2ff b0d51144 aa22136a 41b1350b f25de907 5d1c717b 078fd526 > 6eb67e46 214db63a 0963304e 943f9cd6 5a8e09ce 5aa8c12f cf05631e 3e673c89 > a2994584 69cb9dff d9e867fc 4655fbf3 7181b1a8 e4654651 b4a1d31f 8c168e7a > 202949b6 be506df1 64362729 7160a118 4e37c8a1 03abb6ee 6543e4cb 7c5c578d > d2a9afa3 90fb675a 1754d1bd 20a2b82e 2eb7dbfc c68300df f99cfca1 8ea4d13d > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 20 > cbc87c0b 2cdd22f5 e27d5728 293a1ed5 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > 285c3347 02e18980 3a311319 c820a2b0 e672941a > ikev2_nat_detection: peer source 0x2cb46a467283eb2e 0x0000000000000000 > 172.20.20.11:62336 > ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT > 0d2d900b bca747f3 9b712d11 83aaa930 c7a76467 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > 763f3eea 3095b3e5 1552866e b9233f03 aa9bc2b2 > ikev2_nat_detection: peer destination 0x2cb46a467283eb2e 0x0000000000000000 > 192.168.110.50:500 > 763f3eea 3095b3e5 1552866e b9233f03 aa9bc2b2 > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED > proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 1 <-> 1 (13): DH MODP_2048 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 2 <-> 1 (7): DH ECP_256 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 3 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 3 <-> 1 (15): DH MODP_1536 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 4 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 5 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 1 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 1 <-> 2 (13): DH MODP_2048 (keylength 0 <-> 0) > proposals_negotiate: score 16 > proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 2 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 2 <-> 2 (7): DH ECP_256 (keylength 0 <-> 0) > proposals_negotiate: score 10 > proposals_match: xform 3 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 3 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 3 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 3 <-> 2 (15): DH MODP_1536 (keylength 0 <-> 0) > proposals_negotiate: score 18 > proposals_match: xform 4 <-> 2 (7): ENCR AES_CBC (keylength 128 <-> 0) 128 > proposals_match: xform 4 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 38 > proposals_match: xform 5 <-> 2 (10): ENCR 3DES (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 41 > policy_lookup: setting policy 'ROAD_WARRIOR' > spi=0x2cb46a467283eb2e: sa_state: INIT -> SA_INIT > proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 1 <-> 1 (13): DH MODP_2048 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 2 <-> 1 (7): DH ECP_256 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 3 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 3 <-> 1 (15): DH MODP_1536 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 4 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 5 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 1 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 1 <-> 2 (13): DH MODP_2048 (keylength 0 <-> 0) > proposals_negotiate: score 16 > proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 2 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 2 <-> 2 (7): DH ECP_256 (keylength 0 <-> 0) > proposals_negotiate: score 10 > proposals_match: xform 3 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 3 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 3 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 3 <-> 2 (15): DH MODP_1536 (keylength 0 <-> 0) > proposals_negotiate: score 18 > proposals_match: xform 4 <-> 2 (7): ENCR AES_CBC (keylength 128 <-> 0) 128 > proposals_match: xform 4 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 38 > proposals_match: xform 5 <-> 2 (10): ENCR 3DES (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 41 > proposals_negotiate: score 1: ENCR AES_CBC 256 > proposals_negotiate: score 1: PRF HMAC_SHA2_256 > proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128 > proposals_negotiate: score 7: DH ECP_256 > sa_stateok: SA_INIT flags 0x0000, require 0x0000 > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) > spi=0x2cb46a467283eb2e: ikev2_sa_responder_dh: want dh ECP_256, KE has > MODP_2048 > spi=0x2cb46a467283eb2e: ikev2_resp_recv: failed to negotiate IKE SA > spi=0x2cb46a467283eb2e: ikev2_add_error: INVALID_KE_PAYLOAD > ikev2_add_error: done > ikev2_next_payload: length 10 nextpayload NONE > ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x940480243829496e > nextpayload NOTIFY version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 > length 38 response 1 > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 10 > ikev2_pld_notify: protoid NONE spisize 0 type INVALID_KE_PAYLOAD > 0013 > spi=0x2cb46a467283eb2e: send IKE_SA_INIT res 0 peer 172.20.20.11:62336 local > 192.168.110.50:500, 38 bytes > spi=0x2cb46a467283eb2e: sa_state: SA_INIT -> CLOSED from any to any policy > 'ROAD_WARRIOR' > config_free_proposals: free 0x8f3b2d19b00 > config_free_proposals: free 0x8f3b2d19a00 > config_free_proposals: free 0x8f3b2d15f80 > config_free_proposals: free 0x8f3b2d26480 > config_free_proposals: free 0x8f3b2d15200 > spi=0x2cb46a467283eb2e: recv IKE_SA_INIT req 0 peer 172.20.20.11:62336 local > 192.168.110.50:500, 412 bytes, policy 'ROAD_WARRIOR' > ikev2_recv: ispi 0x2cb46a467283eb2e rspi 0x0000000000000000 > spi=0x2cb46a467283eb2e: sa_free: ispi 0x2cb46a467283eb2e rspi > 0x940480243829496e > config_free_proposals: free 0x8f3b2d26680 > ikev2_policy2id: srcid FQDN/vpn.company.com length 23 > ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x0000000000000000 > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length > 412 response 0 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 220 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #2 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #3 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1536 > ikev2_pld_sa: more 2 reserved 0 length 44 proposal #4 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 > ikev2_pld_sa: more 0 reserved 0 length 40 proposal #5 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72 > ikev2_pld_ke: dh group ECP_256 reserved 0 > 7f3ea78a fe2e796b 7f90510a 50b18846 2416d5d0 b822bcd2 03cec7a7 e41642dd > 31ead620 1a9dcf82 7598d586 236c9071 3f90d5f3 69907b05 d2906b2e c2aad6ff > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 20 > 7997057e 92b50e5b ff320add d69bcfa4 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > 285c3347 02e18980 3a311319 c820a2b0 e672941a > ikev2_nat_detection: peer source 0x2cb46a467283eb2e 0x0000000000000000 > 172.20.20.11:62336 > ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT > 0d2d900b bca747f3 9b712d11 83aaa930 c7a76467 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > 763f3eea 3095b3e5 1552866e b9233f03 aa9bc2b2 > ikev2_nat_detection: peer destination 0x2cb46a467283eb2e 0x0000000000000000 > 192.168.110.50:500 > 763f3eea 3095b3e5 1552866e b9233f03 aa9bc2b2 > ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 > ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED > proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 1 <-> 1 (13): DH MODP_2048 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 2 <-> 1 (7): DH ECP_256 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 3 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 3 <-> 1 (15): DH MODP_1536 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 4 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 5 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 1 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 1 <-> 2 (13): DH MODP_2048 (keylength 0 <-> 0) > proposals_negotiate: score 16 > proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 2 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 2 <-> 2 (7): DH ECP_256 (keylength 0 <-> 0) > proposals_negotiate: score 10 > proposals_match: xform 3 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 3 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 3 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 3 <-> 2 (15): DH MODP_1536 (keylength 0 <-> 0) > proposals_negotiate: score 18 > proposals_match: xform 4 <-> 2 (7): ENCR AES_CBC (keylength 128 <-> 0) 128 > proposals_match: xform 4 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 38 > proposals_match: xform 5 <-> 2 (10): ENCR 3DES (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 41 > policy_lookup: setting policy 'ROAD_WARRIOR' > spi=0x2cb46a467283eb2e: sa_state: INIT -> SA_INIT > proposals_match: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 1 <-> 1 (13): DH MODP_2048 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 2 <-> 1 (7): DH ECP_256 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 3 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 3 <-> 1 (15): DH MODP_1536 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 4 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 5 <-> 1 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 1 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 1 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 1 <-> 2 (13): DH MODP_2048 (keylength 0 <-> 0) > proposals_negotiate: score 16 > proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 2 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 2 <-> 2 (7): DH ECP_256 (keylength 0 <-> 0) > proposals_negotiate: score 10 > proposals_match: xform 3 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 3 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 3 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 3 <-> 2 (15): DH MODP_1536 (keylength 0 <-> 0) > proposals_negotiate: score 18 > proposals_match: xform 4 <-> 2 (7): ENCR AES_CBC (keylength 128 <-> 0) 128 > proposals_match: xform 4 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 38 > proposals_match: xform 5 <-> 2 (10): ENCR 3DES (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (4): PRF HMAC_SHA1 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (17): DH MODP_1024 (keylength 0 <-> 0) > proposals_negotiate: score 41 > proposals_negotiate: score 1: ENCR AES_CBC 256 > proposals_negotiate: score 1: PRF HMAC_SHA2_256 > proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128 > proposals_negotiate: score 7: DH ECP_256 > sa_stateok: SA_INIT flags 0x0000, require 0x0000 > sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) > spi=0x2cb46a467283eb2e: ikev2_sa_keys: DHSECRET with 32 bytes > 1f76cfd9 fa8e7dbd eb97aafd 5a6f3639 66513e1d 62d5dcd8 1f7dc816 8dc7a659 > ikev2_sa_keys: SKEYSEED with 32 bytes > 523a456d 8f704897 fc26dcbc 90bddaab ba4cc016 a28e5156 2a4d0b26 11c5c472 > spi=0x2cb46a467283eb2e: ikev2_sa_keys: S with 64 bytes > 7997057e 92b50e5b ff320add d69bcfa4 1eafa8f6 509355cf 1d59f792 78ff16f5 > 3dea18b3 7eed86b1 70d2e060 079a8ae1 2cb46a46 7283eb2e 137bbbbd 92cea87c > ikev2_prfplus: T1 with 32 bytes > 520d97dd 76d89239 b9b2d5ea 18550ceb 6427eb8c ea4b2ef1 9d1214e0 f6026556 > ikev2_prfplus: T2 with 32 bytes > 50f6e4d6 75a7913c 4435290f d02a18e3 ca6e104f 6aab8b80 28c938f8 09282808 > ikev2_prfplus: T3 with 32 bytes > 5f367cb9 c8280134 78bea101 dd96d6d4 2690f873 bc6cbbef aafe51e1 363a2cab > ikev2_prfplus: T4 with 32 bytes > 383497fb ff43f3f8 40326518 c54cbc91 cfef2c31 87001c20 866e4e94 4ca2dedc > ikev2_prfplus: T5 with 32 bytes > e535455d da8f3e11 10611ea2 902735b5 7abc655c 7d3783b2 faac4eb2 ceadfe51 > ikev2_prfplus: T6 with 32 bytes > 6e76a748 31b01edb 5fcee843 990d27c9 d30fb621 beada2c0 cb0f1fb9 c6606781 > ikev2_prfplus: T7 with 32 bytes > e44029df d507c482 29b92b68 702a8961 1533a795 616a29a9 28432bba 928c97ad > ikev2_prfplus: Tn with 224 bytes > 520d97dd 76d89239 b9b2d5ea 18550ceb 6427eb8c ea4b2ef1 9d1214e0 f6026556 > 50f6e4d6 75a7913c 4435290f d02a18e3 ca6e104f 6aab8b80 28c938f8 09282808 > 5f367cb9 c8280134 78bea101 dd96d6d4 2690f873 bc6cbbef aafe51e1 363a2cab > 383497fb ff43f3f8 40326518 c54cbc91 cfef2c31 87001c20 866e4e94 4ca2dedc > e535455d da8f3e11 10611ea2 902735b5 7abc655c 7d3783b2 faac4eb2 ceadfe51 > 6e76a748 31b01edb 5fcee843 990d27c9 d30fb621 beada2c0 cb0f1fb9 c6606781 > e44029df d507c482 29b92b68 702a8961 1533a795 616a29a9 28432bba 928c97ad > ikev2_sa_keys: SK_d with 32 bytes > 520d97dd 76d89239 b9b2d5ea 18550ceb 6427eb8c ea4b2ef1 9d1214e0 f6026556 > ikev2_sa_keys: SK_ai with 32 bytes > 50f6e4d6 75a7913c 4435290f d02a18e3 ca6e104f 6aab8b80 28c938f8 09282808 > ikev2_sa_keys: SK_ar with 32 bytes > 5f367cb9 c8280134 78bea101 dd96d6d4 2690f873 bc6cbbef aafe51e1 363a2cab > ikev2_sa_keys: SK_ei with 32 bytes > 383497fb ff43f3f8 40326518 c54cbc91 cfef2c31 87001c20 866e4e94 4ca2dedc > ikev2_sa_keys: SK_er with 32 bytes > e535455d da8f3e11 10611ea2 902735b5 7abc655c 7d3783b2 faac4eb2 ceadfe51 > ikev2_sa_keys: SK_pi with 32 bytes > 6e76a748 31b01edb 5fcee843 990d27c9 d30fb621 beada2c0 cb0f1fb9 c6606781 > ikev2_sa_keys: SK_pr with 32 bytes > e44029df d507c482 29b92b68 702a8961 1533a795 616a29a9 28432bba 928c97ad > ikev2_resp_ike_sa_init: detected NAT, enabling UDP encapsulation > ikev2_add_proposals: length 44 > ikev2_next_payload: length 48 nextpayload KE > ikev2_next_payload: length 72 nextpayload NONCE > ikev2_next_payload: length 36 nextpayload NOTIFY > ikev2_nat_detection: local source 0x2cb46a467283eb2e 0x137bbbbd92cea87c > 192.168.110.50:500 > ikev2_next_payload: length 28 nextpayload NOTIFY > ikev2_nat_detection: local destination 0x2cb46a467283eb2e 0x137bbbbd92cea87c > 172.20.20.11:62336 > ikev2_next_payload: length 28 nextpayload CERTREQ > ikev2_add_certreq: type RSA_KEY length 1 > ikev2_next_payload: length 5 nextpayload NONE > ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x137bbbbd92cea87c > nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length > 245 response 1 > ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 > ikev2_pld_sa: more 0 reserved 0 length 44 proposal #2 protoid IKE spisize 0 > xforms 4 spi 0 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type DH id ECP_256 > ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 72 > ikev2_pld_ke: dh group ECP_256 reserved 0 > 953ceb3a f2531b9e 9c941b69 ccca92ec 64b42b61 9ea1ba83 bccd0bad a51757cc > 3b07840f af0e4d7b 4ab35534 f54a222d f701b9f8 42e02632 930abc89 7d9deae7 > ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 > 1eafa8f6 509355cf 1d59f792 78ff16f5 3dea18b3 7eed86b1 70d2e060 079a8ae1 > ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP > 081b7a6d 260c19d6 e805e851 d3c9f345 7cc31ac3 > ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28 > ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP > ba7bba2f fb6401e3 6168e557 aaf4a39e c7efa043 > ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 5 > ikev2_pld_certreq: type RSA_KEY length 0 > spi=0x2cb46a467283eb2e: send IKE_SA_INIT res 0 peer 172.20.20.11:62336 local > 192.168.110.50:500, 245 bytes > config_free_proposals: free 0x8f3b2d26700 > config_free_proposals: free 0x8f3b2d26000 > config_free_proposals: free 0x8f3b2d10b00 > config_free_proposals: free 0x8f3b2d2c580 > config_free_proposals: free 0x8f3b2d2c600 > spi=0x2cb46a467283eb2e: recv IKE_AUTH req 1 peer 172.20.20.11:55618 local > 192.168.110.50:4500, 512 bytes, policy 'ROAD_WARRIOR' > ikev2_recv: ispi 0x2cb46a467283eb2e rspi 0x137bbbbd92cea87c > ikev2_recv: updated SA to peer 172.20.20.11:55618 local 192.168.110.50:4500 > ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x137bbbbd92cea87c > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 512 > response 0 > ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 484 > ikev2_msg_decrypt: IV length 16 > 592a8094 82131658 c5df646a d25a602b > ikev2_msg_decrypt: encrypted payload length 448 > a2c02504 f472968e 438b05d1 c2592024 9ac07bed 06b3643d ec41a78a 856ea751 > f3970957 ebaf2d2d 9f4ae9c4 79495303 d2cee529 6050dd97 36f14420 87b36aa9 > 34d44944 ad717a20 18272577 7b7f5953 159485c3 98959a31 e6514ba7 ddd04afe > 53ce1637 d317c829 84205694 7b684ede e8dfc960 929248cd 4f3f09bf fcc83d69 > 085f5795 9b80e315 e0d76707 56a13703 4e99b0c4 498c752e 1d1d91e3 eab98087 > 42872c91 20dc81bc 5f436be4 9f41c9e4 d59153dc 946592af 3be94873 2a17f39e > e605cfe9 3a6b4d4d c663f9e8 b765be00 6e5b1560 7cdf96f0 a047873a 34fb1266 > fc033ac5 8e34d88c 021b3bb1 3a829314 78bbc484 ea051799 5739872d 92ce5b9f > 973c48d2 a8759922 3a302b95 d8819f12 3bf8b789 625ca26a 3e0bf0c3 a59746cc > 89a3beb1 0ef270cb 78978c49 8eda5e12 e0212977 b7f34067 73428f1d b4531ca8 > 448e65a6 9d4f22f7 cbfeb1c4 b869983c f480cce1 e2ebc711 7639327a 8f98ff5b > 0acdbd2f 76590773 a9a76925 9e719717 237f6167 ce123a13 e168a3bb 42efce12 > 41a69050 cfa6cbfe 4c7099f5 631532a4 2b12803b f6463c92 8518e3a4 80d58b2f > 06dba1ff 6fc83218 231d93a3 75e27f16 c42c22e2 fe0054fc 1797452d a3c9c6f8 > ikev2_msg_decrypt: integrity checksum length 16 > 5288433e f46da10b 0bfbb802 4a312467 > ikev2_msg_decrypt: integrity check succeeded > 5288433e f46da10b 0bfbb802 4a312467 > ikev2_msg_decrypt: decrypted payload length 448/448 padding 5 > 2900000f 02000000 6e657074 756e6524 00000800 0040002f 00001b02 0000006c > 61782e63 61746173 74726f70 68652e6e 65742900 00280100 00000001 00000002 > 00000006 00000003 00000008 0000000c 0000000a 00000019 00002900 00080000 > 400a2100 00080000 400b2c00 00c80200 00280103 04030e4a 6ada0300 000c0100 > 000c800e 01000300 00080300 000c0000 00080500 00000200 00280203 0403009c > 37b70300 000c0100 000c800e 01000300 00080300 000c0000 00080500 00000200 > 00280303 04030ff4 35160300 000c0100 000c800e 01000300 00080300 000c0000 > 00080500 00000200 00280403 040303f5 f8250300 000c0100 000c800e 00800300 > 00080300 00020000 00080500 00000000 00240503 04030c0e f0b00300 00080100 > 00030300 00080300 00020000 00080500 00002d00 00400200 00000700 00100000 > ffff0000 0000ffff ffff0800 00280000 ffff0000 00000000 00000000 00000000 > 0000ffff ffffffff ffffffff ffffffff ffff2900 00400200 00000700 00100000 > ffff0000 0000ffff ffff0800 00280000 ffff0000 00000000 00000000 00000000 > 0000ffff ffffffff ffffffff ffffffff ffff0000 00080000 400c42b8 4403f205 > ikev2_pld_payloads: decrypted payload IDi nextpayload NOTIFY critical 0x00 > length 15 > ikev2_pld_id: id FQDN/mac-laptop length 11 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload IDr critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT > ikev2_pld_payloads: decrypted payload IDr nextpayload CP critical 0x00 length > 27 > ikev2_pld_id: id FQDN/vpn.company.com length 23 > ikev2_pld_id: unexpected id payload > ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 > length 40 > ikev2_pld_cp: type REQUEST length 32 > 00010000 00020000 00060000 00030000 00080000 000c0000 000a0000 00190000 > ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0 > ikev2_pld_cp: INTERNAL_IP4_NETMASK 0x0002 length 0 > ikev2_pld_cp: INTERNAL_IP4_DHCP 0x0006 length 0 > ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0 > ikev2_pld_cp: INTERNAL_IP6_ADDRESS 0x0008 length 0 > ikev2_pld_cp: INTERNAL_IP6_DHCP 0x000c length 0 > ikev2_pld_cp: INTERNAL_IP6_DNS 0x000a length 0 > ikev2_pld_cp: <UNKNOWN:25> 0x0019 length 0 > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type ESP_TFC_PADDING_NOT_SUPPORTED > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type NON_FIRST_FRAGMENTS_ALSO > ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length > 200 > ikev2_pld_sa: more 2 reserved 0 length 40 proposal #1 protoid ESP spisize 4 > xforms 3 spi 0x0e4a6ada > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_sa: more 2 reserved 0 length 40 proposal #2 protoid ESP spisize 4 > xforms 3 spi 0x009c37b7 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_sa: more 2 reserved 0 length 40 proposal #3 protoid ESP spisize 4 > xforms 3 spi 0x0ff43516 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_sa: more 2 reserved 0 length 40 proposal #4 protoid ESP spisize 4 > xforms 3 spi 0x03f5f825 > ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC > ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #5 protoid ESP spisize 4 > xforms 3 spi 0x0c0ef0b0 > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 > length 64 > ikev2_pld_tss: count 2 length 56 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255 > ikev2_pld_tss: type IPV6_ADDR_RANGE protoid 0 length 40 startport 0 endport > 65535 > ikev2_pld_ts: start :: end ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff > ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical 0x00 > length 64 > ikev2_pld_tss: count 2 length 56 > ikev2_pld_tss: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport > 65535 > ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255 > ikev2_pld_tss: type IPV6_ADDR_RANGE protoid 0 length 40 startport 0 endport > 65535 > ikev2_pld_ts: start :: end ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 > length 8 > ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED > ikev2_handle_notifies: mobike enabled > sa_stateok: SA_INIT flags 0x0000, require 0x0000 > spi=0x2cb46a467283eb2e: sa_state: SA_INIT -> EAP > policy_lookup: peerid 'mac-laptop' > proposals_match: xform 2 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 2 <-> 1 (7): DH ECP_256 (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 0 <-> 0) 256 > proposals_match: xform 2 <-> 2 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) > proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 2 <-> 2 (7): DH ECP_256 (keylength 0 <-> 0) > proposals_negotiate: score 10 > policy_lookup: setting policy 'ROAD_WARRIOR' > ikev2_policy2id: srcid FQDN/vpn.company.com length 23 > sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x0079 > cert,auth,authvalid,sa,eapvalid) > ikev2_msg_auth: responder auth data length 293 > 2cb46a46 7283eb2e 137bbbbd 92cea87c 21202220 00000000 000000f5 22000030 > 0000002c 02010004 0300000c 0100000c 800e0100 03000008 02000005 03000008 > 0300000c 00000008 04000013 28000048 00130000 953ceb3a f2531b9e 9c941b69 > ccca92ec 64b42b61 9ea1ba83 bccd0bad a51757cc 3b07840f af0e4d7b 4ab35534 > f54a222d f701b9f8 42e02632 930abc89 7d9deae7 29000024 1eafa8f6 509355cf > 1d59f792 78ff16f5 3dea18b3 7eed86b1 70d2e060 079a8ae1 2900001c 00004004 > 081b7a6d 260c19d6 e805e851 d3c9f345 7cc31ac3 2600001c 00004005 ba7bba2f > fb6401e3 6168e557 aaf4a39e c7efa043 00000005 0b799705 7e92b50e 5bff320a > ddd69bcf a46bec8a 91381953 c2f07d10 dae1411b 424b4c2f 9d0fd191 18a345c5 > 1ffec1c8 fa > ca_setauth: switching SIG to RSA_SIG(*) > ca_setauth: auth length 293 > proposals_match: xform 1 <-> 1 (2): ESN NONE (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 2 <-> 1 (2): ESN NONE (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 3 <-> 1 (2): ESN NONE (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 4 <-> 1 (2): ESN NONE (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 5 <-> 1 (2): ESN NONE (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_match: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 1 <-> 2 (2): ESN NONE (keylength 0 <-> 0) > proposals_negotiate: score 4 > proposals_match: xform 2 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 2 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 2 <-> 2 (2): ESN NONE (keylength 0 <-> 0) > proposals_negotiate: score 4 > proposals_match: xform 3 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 0) 256 > proposals_match: xform 3 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> > 0) > proposals_match: xform 3 <-> 2 (2): ESN NONE (keylength 0 <-> 0) > proposals_negotiate: score 4 > proposals_match: xform 4 <-> 2 (7): ENCR AES_CBC (keylength 128 <-> 0) 128 > proposals_match: xform 4 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) > proposals_match: xform 4 <-> 2 (2): ESN NONE (keylength 0 <-> 0) > proposals_negotiate: score 19 > proposals_match: xform 5 <-> 2 (10): INTEGR HMAC_SHA1_96 (keylength 0 <-> 0) > proposals_match: xform 5 <-> 2 (2): ESN NONE (keylength 0 <-> 0) > proposals_negotiate: score 0 > proposals_negotiate: score 1: ENCR AES_CBC 256 > proposals_negotiate: score 1: INTEGR HMAC_SHA2_256_128 > proposals_negotiate: score 2: ESN NONE > sa_stateflags: 0x0024 -> 0x0024 certreq,sa (required 0x0079 > cert,auth,authvalid,sa,eapvalid) > config_free_proposals: free 0x8f3b2d15680 > config_free_proposals: free 0x8f3b2d2c800 > config_free_proposals: free 0x8f3b2d10080 > config_free_proposals: free 0x8f3b2d10100 > config_free_proposals: free 0x8f3b2d15600 > ca_getreq: using local public key of type RSA_KEY > ca_setauth: auth length 256 > ikev2_getimsgdata: imsg 22 rspi 0x137bbbbd92cea87c ispi 0x2cb46a467283eb2e > initiator 0 sa valid type 11 data length 270 > ikev2_dispatch_cert: cert type RSA_KEY length 270, ok > sa_stateflags: 0x0024 -> 0x0025 cert,certreq,sa (required 0x0079 > cert,auth,authvalid,sa,eapvalid) > ikev2_getimsgdata: imsg 35 rspi 0x137bbbbd92cea87c ispi 0x2cb46a467283eb2e > initiator 0 sa valid type 1 data length 256 > ikev2_dispatch_cert: AUTH type 1 len 256 > sa_stateflags: 0x0025 -> 0x002d cert,certreq,auth,sa (required 0x0079 > cert,auth,authvalid,sa,eapvalid) > ikev2_next_payload: length 27 nextpayload CERT > ikev2_next_payload: length 275 nextpayload AUTH > ikev2_next_payload: length 264 nextpayload EAP > ikev2_next_payload: length 9 nextpayload NONE > ikev2_next_payload: length 612 nextpayload IDr > ikev2_msg_encrypt: decrypted length 575 > 2500001b 02000000 6c61782e 63617461 7374726f 7068652e 6e657427 0001130b > 3082010a 02820101 00c399db 355d8f29 015c1af3 1ac78343 2f2bab59 4fb72ea2 > d7e5dc06 127a589b f2322355 82c523ec 876573c6 08ef62f7 3f581ce8 e2cc7e3f > 34c5d1e0 efb8677c f0ff59d1 7d505c34 a733f600 1acb73f9 a8b5c572 eb9a8e92 > 5a6d91ed 3d162e0f 83b34866 179cf49a fa44f754 135c7745 29988e90 ac9697b8 > d49e027e 11e7defb fc49bbd7 d8aca879 668844dd cda40ac0 25aaada4 80164790 > 3737993a c6f20d18 a250e500 09684da6 fd6161ec cfc1d34a ed4fe025 feb743b6 > 8eda8f5d dc7f1310 11b0c81b 249a514d da1b269a 0f1b7922 cd141b67 5e38037a > ff1c49aa 7f0123f1 f435a919 51d7d2d9 4041ead4 bf5153af 42ff26b2 2c8ce716 > 6309a439 664b4749 a1020301 00013000 01080100 00002fb7 311a6a7b 623d8941 > 081e8bf5 030f4ee9 a7c9f18d c7c5df95 133691c5 bf93c265 56e5cf57 f26702d4 > 59be3837 f29d98a3 4fd806c9 9a20eba1 546cefb4 ae527b11 24cef99d c238981e > d098c6f2 01af46de 52c67863 b47c15cb fa4f7bee 4cbae348 2a1c39e4 713a6b9b > b46e89f5 17262966 2ebee2e6 308d9486 7debe2de 1cfe731b 3d65c300 61928c89 > 507eaa7a b91c0d9d 7e44513a 0bb02d18 cc4e4494 c0ab802a 7255a79a 84f60ed2 > 9b187714 c82a961b f2f5c8af 7f0c4dc2 91216be0 7b4441b3 828e4c3e a08df000 > d3f05e0d 1a080765 b95a9546 c80847f3 030e884c 415ad83e afb0b2d2 9762162a > 978aee7a 14486d8f 5409be1b 1abbcd07 0d4bea8c c7180000 00090100 000501 > ikev2_msg_encrypt: padded length 576 > 2500001b 02000000 6c61782e 63617461 7374726f 7068652e 6e657427 0001130b > 3082010a 02820101 00c399db 355d8f29 015c1af3 1ac78343 2f2bab59 4fb72ea2 > d7e5dc06 127a589b f2322355 82c523ec 876573c6 08ef62f7 3f581ce8 e2cc7e3f > 34c5d1e0 efb8677c f0ff59d1 7d505c34 a733f600 1acb73f9 a8b5c572 eb9a8e92 > 5a6d91ed 3d162e0f 83b34866 179cf49a fa44f754 135c7745 29988e90 ac9697b8 > d49e027e 11e7defb fc49bbd7 d8aca879 668844dd cda40ac0 25aaada4 80164790 > 3737993a c6f20d18 a250e500 09684da6 fd6161ec cfc1d34a ed4fe025 feb743b6 > 8eda8f5d dc7f1310 11b0c81b 249a514d da1b269a 0f1b7922 cd141b67 5e38037a > ff1c49aa 7f0123f1 f435a919 51d7d2d9 4041ead4 bf5153af 42ff26b2 2c8ce716 > 6309a439 664b4749 a1020301 00013000 01080100 00002fb7 311a6a7b 623d8941 > 081e8bf5 030f4ee9 a7c9f18d c7c5df95 133691c5 bf93c265 56e5cf57 f26702d4 > 59be3837 f29d98a3 4fd806c9 9a20eba1 546cefb4 ae527b11 24cef99d c238981e > d098c6f2 01af46de 52c67863 b47c15cb fa4f7bee 4cbae348 2a1c39e4 713a6b9b > b46e89f5 17262966 2ebee2e6 308d9486 7debe2de 1cfe731b 3d65c300 61928c89 > 507eaa7a b91c0d9d 7e44513a 0bb02d18 cc4e4494 c0ab802a 7255a79a 84f60ed2 > 9b187714 c82a961b f2f5c8af 7f0c4dc2 91216be0 7b4441b3 828e4c3e a08df000 > d3f05e0d 1a080765 b95a9546 c80847f3 030e884c 415ad83e afb0b2d2 9762162a > 978aee7a 14486d8f 5409be1b 1abbcd07 0d4bea8c c7180000 00090100 00050100 > ikev2_msg_encrypt: length 576, padding 0, output length 608 > 85c15226 1ff9cd72 af54ba13 d83d2b57 5e0adab8 7b3d10d3 f197dda8 45c3719f > a6b42345 0d8ffd4e e8aba2c5 7b3003f1 a91bde6a b4d18b12 b4a56d11 b362386c > b9957a18 51bd72bb c612baee 9613acd9 01747041 38ea3f0e e325aa1f ab8c9da6 > f4585f8f eec07f8c e16d9d9e 7035685a 1f62151d 498a163f bc176854 111c8d13 > ff3130ed 739e18bb 0a071b93 f840a71e 38be4753 d7276bc1 84e0172c 26031dfc > 6e7b5695 7e623c8c 5433c51a 884cd418 2147dce2 e4dfd3ae ea485c35 351fd03f > a416f2ad aa81f224 f3735b3d 5abae41c caa86d6f 9c0b3e60 0a6bff83 09abeaa2 > 1af83329 2e0c6b4b 53c78d9e 8190ac83 b49ebde1 1e499dfb 446b1518 9ae44ec5 > 4b0728be 70353f3f 848c3f0e 55219bf5 26566aa3 5c908a67 b179590f 02edd4a4 > 7949d29e 37d1f29a 2e792c8f 3987ba61 da38d56d a7a92e00 988e6885 9d2c45ed > dcfed8de afa48aed f8be37fd e8e0c344 cf598aa4 a4667c70 0f093a3d e42e3926 > 81b65674 13944628 90d1787a 15ec6c1d 25f96982 875e2258 fec7ec08 86083c4f > 5d76e8c1 2ab11b20 9cfd4200 37cadebe 464678b0 873603d8 519dc5fd c90913f9 > b3bb987c facc2b9f 1eacf5dc 8279ecdf dc4e70ea b57e41c1 f63c6c2e 81e16015 > 175bc715 3c4d0411 c68845bc b1335055 fdf9382d 9ff158be 4a0300d9 a2c14f58 > 19ca000c 279ed955 7908bc6e 773d0a60 8d1fc74a 1dac4bc6 62bac0cb b0aef764 > 8a440d7f 43f88e2c 4a3c2fd2 34d1f1c3 d0dc26cd e60976d4 624c9cc5 bf91bb53 > 39dcf14f fdca67e7 f005bb10 722a7f65 5446def7 2d5e005b 7f1af083 6cb36144 > e20cee0c 1f1e02f2 bb326941 d49bf0c6 00000000 00000000 00000000 00000000 > ikev2_msg_integr: message length 640 > 2cb46a46 7283eb2e 137bbbbd 92cea87c 2e202320 00000001 00000280 24000264 > 85c15226 1ff9cd72 af54ba13 d83d2b57 5e0adab8 7b3d10d3 f197dda8 45c3719f > a6b42345 0d8ffd4e e8aba2c5 7b3003f1 a91bde6a b4d18b12 b4a56d11 b362386c > b9957a18 51bd72bb c612baee 9613acd9 01747041 38ea3f0e e325aa1f ab8c9da6 > f4585f8f eec07f8c e16d9d9e 7035685a 1f62151d 498a163f bc176854 111c8d13 > ff3130ed 739e18bb 0a071b93 f840a71e 38be4753 d7276bc1 84e0172c 26031dfc > 6e7b5695 7e623c8c 5433c51a 884cd418 2147dce2 e4dfd3ae ea485c35 351fd03f > a416f2ad aa81f224 f3735b3d 5abae41c caa86d6f 9c0b3e60 0a6bff83 09abeaa2 > 1af83329 2e0c6b4b 53c78d9e 8190ac83 b49ebde1 1e499dfb 446b1518 9ae44ec5 > 4b0728be 70353f3f 848c3f0e 55219bf5 26566aa3 5c908a67 b179590f 02edd4a4 > 7949d29e 37d1f29a 2e792c8f 3987ba61 da38d56d a7a92e00 988e6885 9d2c45ed > dcfed8de afa48aed f8be37fd e8e0c344 cf598aa4 a4667c70 0f093a3d e42e3926 > 81b65674 13944628 90d1787a 15ec6c1d 25f96982 875e2258 fec7ec08 86083c4f > 5d76e8c1 2ab11b20 9cfd4200 37cadebe 464678b0 873603d8 519dc5fd c90913f9 > b3bb987c facc2b9f 1eacf5dc 8279ecdf dc4e70ea b57e41c1 f63c6c2e 81e16015 > 175bc715 3c4d0411 c68845bc b1335055 fdf9382d 9ff158be 4a0300d9 a2c14f58 > 19ca000c 279ed955 7908bc6e 773d0a60 8d1fc74a 1dac4bc6 62bac0cb b0aef764 > 8a440d7f 43f88e2c 4a3c2fd2 34d1f1c3 d0dc26cd e60976d4 624c9cc5 bf91bb53 > 39dcf14f fdca67e7 f005bb10 722a7f65 5446def7 2d5e005b 7f1af083 6cb36144 > e20cee0c 1f1e02f2 bb326941 d49bf0c6 00000000 00000000 00000000 00000000 > ikev2_msg_integr: integrity checksum length 16 > a3badec3 bc5bd2fc 67089d67 462ccf19 5ca2b136 3ddc5e52 104b9f65 29a739f6 > ikev2_pld_parse: header ispi 0x2cb46a467283eb2e rspi 0x137bbbbd92cea87c > nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 640 > response 1 > ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 612 > ikev2_msg_decrypt: IV length 16 > 85c15226 1ff9cd72 af54ba13 d83d2b57 > ikev2_msg_decrypt: encrypted payload length 576 > 5e0adab8 7b3d10d3 f197dda8 45c3719f a6b42345 0d8ffd4e e8aba2c5 7b3003f1 > a91bde6a b4d18b12 b4a56d11 b362386c b9957a18 51bd72bb c612baee 9613acd9 > 01747041 38ea3f0e e325aa1f ab8c9da6 f4585f8f eec07f8c e16d9d9e 7035685a > 1f62151d 498a163f bc176854 111c8d13 ff3130ed 739e18bb 0a071b93 f840a71e > 38be4753 d7276bc1 84e0172c 26031dfc 6e7b5695 7e623c8c 5433c51a 884cd418 > 2147dce2 e4dfd3ae ea485c35 351fd03f a416f2ad aa81f224 f3735b3d 5abae41c > caa86d6f 9c0b3e60 0a6bff83 09abeaa2 1af83329 2e0c6b4b 53c78d9e 8190ac83 > b49ebde1 1e499dfb 446b1518 9ae44ec5 4b0728be 70353f3f 848c3f0e 55219bf5 > 26566aa3 5c908a67 b179590f 02edd4a4 7949d29e 37d1f29a 2e792c8f 3987ba61 > da38d56d a7a92e00 988e6885 9d2c45ed dcfed8de afa48aed f8be37fd e8e0c344 > cf598aa4 a4667c70 0f093a3d e42e3926 81b65674 13944628 90d1787a 15ec6c1d > 25f96982 875e2258 fec7ec08 86083c4f 5d76e8c1 2ab11b20 9cfd4200 37cadebe > 464678b0 873603d8 519dc5fd c90913f9 b3bb987c facc2b9f 1eacf5dc 8279ecdf > dc4e70ea b57e41c1 f63c6c2e 81e16015 175bc715 3c4d0411 c68845bc b1335055 > fdf9382d 9ff158be 4a0300d9 a2c14f58 19ca000c 279ed955 7908bc6e 773d0a60 > 8d1fc74a 1dac4bc6 62bac0cb b0aef764 8a440d7f 43f88e2c 4a3c2fd2 34d1f1c3 > d0dc26cd e60976d4 624c9cc5 bf91bb53 39dcf14f fdca67e7 f005bb10 722a7f65 > 5446def7 2d5e005b 7f1af083 6cb36144 e20cee0c 1f1e02f2 bb326941 d49bf0c6 > ikev2_msg_decrypt: integrity checksum length 16 > a3badec3 bc5bd2fc 67089d67 462ccf19 > ikev2_msg_decrypt: integrity check succeeded > a3badec3 bc5bd2fc 67089d67 462ccf19 > ikev2_msg_decrypt: decrypted payload length 576/576 padding 0 > 2500001b 02000000 6c61782e 63617461 7374726f 7068652e 6e657427 0001130b > 3082010a 02820101 00c399db 355d8f29 015c1af3 1ac78343 2f2bab59 4fb72ea2 > d7e5dc06 127a589b f2322355 82c523ec 876573c6 08ef62f7 3f581ce8 e2cc7e3f > 34c5d1e0 efb8677c f0ff59d1 7d505c34 a733f600 1acb73f9 a8b5c572 eb9a8e92 > 5a6d91ed 3d162e0f 83b34866 179cf49a fa44f754 135c7745 29988e90 ac9697b8 > d49e027e 11e7defb fc49bbd7 d8aca879 668844dd cda40ac0 25aaada4 80164790 > 3737993a c6f20d18 a250e500 09684da6 fd6161ec cfc1d34a ed4fe025 feb743b6 > 8eda8f5d dc7f1310 11b0c81b 249a514d da1b269a 0f1b7922 cd141b67 5e38037a > ff1c49aa 7f0123f1 f435a919 51d7d2d9 4041ead4 bf5153af 42ff26b2 2c8ce716 > 6309a439 664b4749 a1020301 00013000 01080100 00002fb7 311a6a7b 623d8941 > 081e8bf5 030f4ee9 a7c9f18d c7c5df95 133691c5 bf93c265 56e5cf57 f26702d4 > 59be3837 f29d98a3 4fd806c9 9a20eba1 546cefb4 ae527b11 24cef99d c238981e > d098c6f2 01af46de 52c67863 b47c15cb fa4f7bee 4cbae348 2a1c39e4 713a6b9b > b46e89f5 17262966 2ebee2e6 308d9486 7debe2de 1cfe731b 3d65c300 61928c89 > 507eaa7a b91c0d9d 7e44513a 0bb02d18 cc4e4494 c0ab802a 7255a79a 84f60ed2 > 9b187714 c82a961b f2f5c8af 7f0c4dc2 91216be0 7b4441b3 828e4c3e a08df000 > d3f05e0d 1a080765 b95a9546 c80847f3 030e884c 415ad83e afb0b2d2 9762162a > 978aee7a 14486d8f 5409be1b 1abbcd07 0d4bea8c c7180000 00090100 00050100 > ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 > length 27 > ikev2_pld_id: id FQDN/vpn.company.com length 23 > ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00 > length 275 > ikev2_pld_cert: type RSA_KEY length 270 > 3082010a 02820101 00c399db 355d8f29 015c1af3 1ac78343 2f2bab59 4fb72ea2 > d7e5dc06 127a589b f2322355 82c523ec 876573c6 08ef62f7 3f581ce8 e2cc7e3f > 34c5d1e0 efb8677c f0ff59d1 7d505c34 a733f600 1acb73f9 a8b5c572 eb9a8e92 > 5a6d91ed 3d162e0f 83b34866 179cf49a fa44f754 135c7745 29988e90 ac9697b8 > d49e027e 11e7defb fc49bbd7 d8aca879 668844dd cda40ac0 25aaada4 80164790 > 3737993a c6f20d18 a250e500 09684da6 fd6161ec cfc1d34a ed4fe025 feb743b6 > 8eda8f5d dc7f1310 11b0c81b 249a514d da1b269a 0f1b7922 cd141b67 5e38037a > ff1c49aa 7f0123f1 f435a919 51d7d2d9 4041ead4 bf5153af 42ff26b2 2c8ce716 > 6309a439 664b4749 a1020301 0001 > ikev2_pld_payloads: decrypted payload AUTH nextpayload EAP critical 0x00 > length 264 > ikev2_pld_auth: method RSA_SIG length 256 > 2fb7311a 6a7b623d 8941081e 8bf5030f 4ee9a7c9 f18dc7c5 df951336 91c5bf93 > c26556e5 cf57f267 02d459be 3837f29d 98a34fd8 06c99a20 eba1546c efb4ae52 > 7b1124ce f99dc238 981ed098 c6f201af 46de52c6 7863b47c 15cbfa4f 7bee4cba > e3482a1c 39e4713a 6b9bb46e 89f51726 29662ebe e2e6308d 94867deb e2de1cfe > 731b3d65 c3006192 8c89507e aa7ab91c 0d9d7e44 513a0bb0 2d18cc4e 4494c0ab > 802a7255 a79a84f6 0ed29b18 7714c82a 961bf2f5 c8af7f0c 4dc29121 6be07b44 > 41b3828e 4c3ea08d f000d3f0 5e0d1a08 0765b95a 9546c808 47f3030e 884c415a > d83eafb0 b2d29762 162a978a ee7a1448 6d8f5409 be1b1abb cd070d4b ea8cc718 > ikev2_pld_payloads: decrypted payload EAP nextpayload NONE critical 0x00 > length 9 > spi=0x2cb46a467283eb2e: ikev2_pld_eap: REQUEST id 0 length 5 EAP-IDENTITY > spi=0x2cb46a467283eb2e: send IKE_AUTH res 1 peer 172.20.20.11:55618 local > 192.168.110.50:4500, 640 bytes, NAT-T > > ^Cconfig_doreset: flushing policies > config_doreset: flushing SAs > config_free_proposals: free 0x8f3b2d15580 > config_free_proposals: free 0x8f3b2d15700 > config_free_proposals: free 0x8f3b2d26d80 > config_free_proposals: free 0x8f3b2d2ca00 > config_free_proposals: free 0x8f3b2d26e00 > config_free_proposals: free 0x8f3b2d2c300 > config_free_flows: free 0x8f3b2d05400 > config_doreset: flushing users > ca exiting, pid 69111 > control exiting, pid 57526 > ikev2 exiting, pid 38703 > parent terminating > > Thanks for the help.
