[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] Problem with Windows 10 machine certificate authorization.
From: "Alexander O." <900632 () gmail ! com>
Date: 2016-08-08 13:13:13
Message-ID: CADBY4XyYKYbodUV6Yow7uO0FN_v=tNRxZX+-KjRhPSBnwk8Juw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hello!
I have a fully working configuration on Debian 8 for Windows 7 IKEv2
clients (machine certificate authorization), but I ran into the problem
with Windows 10 clients (same on Windows 8.1)...
What I did step-by-step?
I have issued a set of keys and certificates by following this:
ipsec pki --gen > caKey.der
ipsec pki --self --in caKey.der --dn "C=RU, O=TestLab, CN=TestLab CA" --ca
> caCert.der
ipsec pki --gen > peerKey.der
ipsec pki --pub --in peerKey.der | ipsec pki --issue --flag serverAuth
--flag ikeIntermediate --san "vpn.local" --cacert caCert.der --cakey
caKey.der --dn "C=RU, O=TestLab, CN=vpn.local" > peerCert.der
openssl x509 -inform der -outform pem -in caCert.der -out caCert.pem
openssl x509 -inform der -outform pem -in peerCert.der -out peerCert.pem
openssl rsa -inform der -outform pem -in peerKey.der -out peerKey.pem
openssl pkcs12 -in peerCert.pem -inkey peerKey.pem -certfile caCert.pem
-export -out peer.p12
cp caCert.der /etc/ipsec.d/cacerts/caCert.der
cp peerCert.der /etc/ipsec.d/certs/peerCert.der
cp peerKey.der /etc/ipsec.d/private/peerKey.der
Set up the following configuration files:
/etc/ipsec.secrets
: RSA peerKey.der
/etc/ipsec.conf
config setup
charondebug="cfg 2, ike 4, net 2, esp 2"
uniqueids = no
conn %default
auto=add
left=%any
right=%any
rekey=no
ike=aes256-sha1-modp2048,aes256-sha1-modp1024,aes256-sha256-modp2048!
esp=aes256-sha1,aes128-sha1,aes256-sha256!
conn IKEV2-pubkey
keyexchange=ikev2
leftauth=pubkey
leftcert=peerCert.der
leftsendcert=always
leftsubnet=10.0.0.0/8
rightauth=pubkey
rightsourceip=192.168.3.0/27
rightdns=8.8.8.8
dpdaction=clear
dpddelay=35s
dpdtimeout=300s
Status of IPsec daemon:
root@vpn:~# ipsec statusall
Status of IKE charon daemon (strongSwan 5.2.1, Linux 3.16.0-4-amd64,
x86_64):
uptime: 26 minutes, since Aug 08 15:21:14 2016
malloc: sbrk 2445312, mmap 0, used 328096, free 2117216
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0,
scheduled: 0
loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation
constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl
fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default
stroke updown
Virtual IP pools (size/online/offline):
192.168.3.0/27: 30/0/1
Listening IP addresses:
192.168.1.24
Connections:
IKEV2-pubkey: %any...%any IKEv2, dpddelay=35s
IKEV2-pubkey: local: [C=RU, O=TestLab, CN=vpn.local] uses public key
authentication
IKEV2-pubkey: cert: "C=RU, O=TestLab, CN=vpn.local"
IKEV2-pubkey: remote: uses public key authentication
IKEV2-pubkey: child: 10.0.0.0/8 === dynamic TUNNEL, dpdaction=clear
Security Associations (0 up, 0 connecting):
none
I have installed peer.p12 on Windows 10 machine just like I did it on
Windows 7 machines (by following guides from this
https://wiki.strongswan.org/projects/strongswan/wiki/Windows7 page).
The problem is while Windows 7 successfully authenticates on VPN server,
Windows 10 or 8.1 returns error 13806...
Client and server on the same local network to exclude any possible
problems in the middle.
Syslog output:
Aug 8 15:45:30 vpn charon: 04[NET] received packet: from 192.168.1.10[500]
to 192.168.1.24[500]
Aug 8 15:45:30 vpn charon: 04[NET] waiting for data on sockets
Aug 8 15:45:30 vpn charon: 14[NET] received packet: from 192.168.1.10[500]
to 192.168.1.24[500] (616 bytes)
Aug 8 15:45:30 vpn charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Aug 8 15:45:30 vpn charon: 14[CFG] looking for an ike config for
192.168.1.24...192.168.1.10
Aug 8 15:45:30 vpn charon: 14[CFG] candidate: %any...%any, prio 28
Aug 8 15:45:30 vpn charon: 14[CFG] found matching ike config: %any...%any
with prio 28
Aug 8 15:45:30 vpn charon: 14[ENC] received unknown vendor ID:
1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:09
Aug 8 15:45:30 vpn charon: 14[ENC] received unknown vendor ID:
fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Aug 8 15:45:30 vpn charon: 14[ENC] received unknown vendor ID:
26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Aug 8 15:45:30 vpn charon: 14[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Aug 8 15:45:30 vpn charon: 14[IKE] 192.168.1.10 is initiating an IKE_SA
Aug 8 15:45:30 vpn charon: 14[IKE] IKE_SA (unnamed)[10] state change:
CREATED => CONNECTING
Aug 8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable ENCRYPTION_ALGORITHM
found
Aug 8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable DIFFIE_HELLMAN_GROUP
found
Aug 8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable ENCRYPTION_ALGORITHM
found
Aug 8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable PSEUDO_RANDOM_FUNCTION
found
Aug 8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable ENCRYPTION_ALGORITHM
found
Aug 8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable PSEUDO_RANDOM_FUNCTION
found
Aug 8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable ENCRYPTION_ALGORITHM
found
Aug 8 15:45:30 vpn charon: 14[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 14[CFG] proposal matches
Aug 8 15:45:30 vpn charon: 14[CFG] received proposals:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024,
IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024
Aug 8 15:45:30 vpn charon: 14[CFG] configured proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 8 15:45:30 vpn charon: 14[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug 8 15:45:30 vpn charon: 14[IKE] natd_chunk => 22 bytes @ 0x7fe288005fd0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: B6 1B 44 16 F0 04 F9 FD 00 00 00
00 00 00 00 00 ..D.............
Aug 8 15:45:30 vpn charon: 14[IKE] 16: C0 A8 01 18 01 F4
......
Aug 8 15:45:30 vpn charon: 14[IKE] natd_hash => 20 bytes @ 0x7fe288005200
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 4E 20 72 B9 60 F2 F7 08 CB EF 8D
2F 0F EE D0 9B N r.`....../....
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 85 B6 8B 9D
....
Aug 8 15:45:30 vpn charon: 14[IKE] natd_chunk => 22 bytes @ 0x7fe288005fd0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: B6 1B 44 16 F0 04 F9 FD 00 00 00
00 00 00 00 00 ..D.............
Aug 8 15:45:30 vpn charon: 14[IKE] 16: C0 A8 01 0A 01 F4
......
Aug 8 15:45:30 vpn charon: 14[IKE] natd_hash => 20 bytes @ 0x7fe288005370
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 65 C2 68 A4 3A C9 9C F4 09 BF A3
F1 01 1D CC 7D e.h.:..........}
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 83 9F 34 4C
..4L
Aug 8 15:45:30 vpn charon: 14[IKE] precalculated src_hash => 20 bytes @
0x7fe288005370
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 65 C2 68 A4 3A C9 9C F4 09 BF A3
F1 01 1D CC 7D e.h.:..........}
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 83 9F 34 4C
..4L
Aug 8 15:45:30 vpn charon: 14[IKE] precalculated dst_hash => 20 bytes @
0x7fe288005200
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 4E 20 72 B9 60 F2 F7 08 CB EF 8D
2F 0F EE D0 9B N r.`....../....
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 85 B6 8B 9D
....
Aug 8 15:45:30 vpn charon: 14[IKE] received src_hash => 20 bytes @
0x7fe288003cf0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 65 C2 68 A4 3A C9 9C F4 09 BF A3
F1 01 1D CC 7D e.h.:..........}
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 83 9F 34 4C
..4L
Aug 8 15:45:30 vpn charon: 14[IKE] received dst_hash => 20 bytes @
0x7fe288003e10
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 4E 20 72 B9 60 F2 F7 08 CB EF 8D
2F 0F EE D0 9B N r.`....../....
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 85 B6 8B 9D
....
Aug 8 15:45:30 vpn charon: 14[IKE] shared Diffie Hellman secret => 128
bytes @ 0x7fe288006de0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 04 82 FD 7D A7 94 F8 21 1F B7 BE
53 C7 8E EE C3 ...}...!...S....
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 2D 6F AB B3 91 7A 3A 4C 6A BF 93
F3 CB FA 89 62 -o...z:Lj......b
Aug 8 15:45:30 vpn charon: 14[IKE] 32: EE 1A B0 27 D2 2E 22 26 61 56 0E
03 6C BA 15 6B ...'.."&aV..l..k
Aug 8 15:45:30 vpn charon: 14[IKE] 48: E4 DF CF CB 51 27 A6 34 14 D8 AE
86 F7 A6 D6 F6 ....Q'.4........
Aug 8 15:45:30 vpn charon: 14[IKE] 64: BD 48 CB 7E 5D CE 4C BD 68 F7 06
42 DA C9 73 D9 .H.~].L.h..B..s.
Aug 8 15:45:30 vpn charon: 14[IKE] 80: 6E 54 AC 5E FB 62 BF 8C E9 3E C4
0D B0 1C 3D 92 nT.^.b...>....=.
Aug 8 15:45:30 vpn charon: 14[IKE] 96: 4F 80 7A CE 4D F6 96 D4 68 F3 95
72 56 BD B2 7E O.z.M...h..rV..~
Aug 8 15:45:30 vpn charon: 14[IKE] 112: E2 2B D2 FE 24 A9 A5 75 F8 15 4A
5F FE A2 C8 68 .+..$..u..J_...h
Aug 8 15:45:30 vpn charon: 14[IKE] SKEYSEED => 20 bytes @ 0x7fe288006ae0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: B2 85 01 F5 84 BA 5B F6 20 50 AD
8C B5 25 7E 6F ......[. P...%~o
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 3B F9 EC CF
;...
Aug 8 15:45:30 vpn charon: 14[IKE] Sk_d secret => 20 bytes @ 0x7fe288006ae0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 0C 15 F1 AB CF 7C FC 8F 8A 7B C9
D4 88 80 17 0B .....|...{......
Aug 8 15:45:30 vpn charon: 14[IKE] 16: D8 8E B0 E3
....
Aug 8 15:45:30 vpn charon: 14[IKE] Sk_ai secret => 20 bytes @
0x7fe288005200
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 1E F2 0B A2 FF 2A 63 1A 79 B0 6B
EF 50 56 4C 38 .....*c.y.k.PVL8
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 45 B9 EC 5F
E.._
Aug 8 15:45:30 vpn charon: 14[IKE] Sk_ar secret => 20 bytes @
0x7fe2880048d0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 58 49 F2 22 7F 2B D1 32 66 AA 68
45 33 8A 91 C3 XI.".+.2f.hE3...
Aug 8 15:45:30 vpn charon: 14[IKE] 16: B0 67 22 17
.g".
Aug 8 15:45:30 vpn charon: 14[IKE] Sk_ei secret => 32 bytes @
0x7fe2880048d0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 65 8C 10 7B 44 16 3D CE 29 F5 13
08 07 CB A2 2F e..{D.=.)....../
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 68 53 B9 63 AC BD D0 B4 67 7D 82
0F 7C A8 4F 97 hS.c....g}..|.O.
Aug 8 15:45:30 vpn charon: 14[IKE] Sk_er secret => 32 bytes @
0x7fe2880048d0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 66 FE C5 07 5D 14 1B 09 1C A6 FA
EA F4 39 20 A1 f...]........9 .
Aug 8 15:45:30 vpn charon: 14[IKE] 16: FF C2 73 43 0A E7 9A B2 B6 F7 AA
13 23 64 F1 11 ..sC........#d..
Aug 8 15:45:30 vpn charon: 14[IKE] Sk_pi secret => 20 bytes @
0x7fe288007d20
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 30 1C 85 04 75 84 B0 11 26 FD 58
43 F6 B2 24 29 0...u...&.XC..$)
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 7F 51 D4 14
.Q..
Aug 8 15:45:30 vpn charon: 14[IKE] Sk_pr secret => 20 bytes @
0x7fe2880048d0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: 6F DC 42 13 E2 FE DB 38 84 CC 59
F9 D2 BC B9 C4 o.B....8..Y.....
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 56 9E 99 A9
V...
Aug 8 15:45:30 vpn charon: 14[IKE] natd_chunk => 22 bytes @ 0x7fe288004900
Aug 8 15:45:30 vpn charon: 14[IKE] 0: B6 1B 44 16 F0 04 F9 FD 00 8D B6
83 BA 48 50 F3 ..D..........HP.
Aug 8 15:45:30 vpn charon: 14[IKE] 16: C0 A8 01 18 01 F4
......
Aug 8 15:45:30 vpn charon: 14[IKE] natd_hash => 20 bytes @ 0x7fe288005150
Aug 8 15:45:30 vpn charon: 14[IKE] 0: DF E6 CD 25 70 78 E7 70 64 E7 47
06 88 49 11 A7 ...%px.pd.G..I..
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 3F C4 71 79
?.qy
Aug 8 15:45:30 vpn charon: 14[IKE] natd_chunk => 22 bytes @ 0x7fe2880039d0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: B6 1B 44 16 F0 04 F9 FD 00 8D B6
83 BA 48 50 F3 ..D..........HP.
Aug 8 15:45:30 vpn charon: 14[IKE] 16: C0 A8 01 0A 01 F4
......
Aug 8 15:45:30 vpn charon: 14[IKE] natd_hash => 20 bytes @ 0x7fe2880053a0
Aug 8 15:45:30 vpn charon: 14[IKE] 0: A5 68 65 6B CF 6B 05 79 00 44 D3
15 01 91 6F D2 .hek.k.y.D....o.
Aug 8 15:45:30 vpn charon: 14[IKE] 16: 0C 15 9D 4B
...K
Aug 8 15:45:30 vpn charon: 14[IKE] sending cert request for "C=RU,
O=TestLab, CN=TestLab CA"
Aug 8 15:45:30 vpn charon: 14[ENC] generating IKE_SA_INIT response 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Aug 8 15:45:30 vpn charon: 14[NET] sending packet: from 192.168.1.24[500]
to 192.168.1.10[500] (337 bytes)
Aug 8 15:45:30 vpn charon: 09[NET] sending packet: from 192.168.1.24[500]
to 192.168.1.10[500]
Aug 8 15:45:30 vpn charon: 04[NET] received packet: from 192.168.1.10[500]
to 192.168.1.24[500]
Aug 8 15:45:30 vpn charon: 04[NET] waiting for data on sockets
Aug 8 15:45:30 vpn charon: 12[NET] received packet: from 192.168.1.10[500]
to 192.168.1.24[500] (616 bytes)
Aug 8 15:45:30 vpn charon: 12[ENC] parsed IKE_SA_INIT request 0 [ SA KE No
N(NATD_S_IP) N(NATD_D_IP) V V V V ]
Aug 8 15:45:30 vpn charon: 12[CFG] looking for an ike config for
192.168.1.24...192.168.1.10
Aug 8 15:45:30 vpn charon: 12[CFG] candidate: %any...%any, prio 28
Aug 8 15:45:30 vpn charon: 12[CFG] found matching ike config: %any...%any
with prio 28
Aug 8 15:45:30 vpn charon: 12[ENC] received unknown vendor ID:
1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:09
Aug 8 15:45:30 vpn charon: 12[ENC] received unknown vendor ID:
fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20
Aug 8 15:45:30 vpn charon: 12[ENC] received unknown vendor ID:
26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19
Aug 8 15:45:30 vpn charon: 12[ENC] received unknown vendor ID:
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02
Aug 8 15:45:30 vpn charon: 12[IKE] 192.168.1.10 is initiating an IKE_SA
Aug 8 15:45:30 vpn charon: 12[IKE] IKE_SA (unnamed)[11] state change:
CREATED => CONNECTING
Aug 8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM
found
Aug 8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 12[CFG] no acceptable DIFFIE_HELLMAN_GROUP
found
Aug 8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM
found
Aug 8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 12[CFG] no acceptable PSEUDO_RANDOM_FUNCTION
found
Aug 8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM
found
Aug 8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 12[CFG] no acceptable PSEUDO_RANDOM_FUNCTION
found
Aug 8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 12[CFG] no acceptable ENCRYPTION_ALGORITHM
found
Aug 8 15:45:30 vpn charon: 12[CFG] selecting proposal:
Aug 8 15:45:30 vpn charon: 12[CFG] proposal matches
Aug 8 15:45:30 vpn charon: 12[CFG] received proposals:
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024,
IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024
Aug 8 15:45:30 vpn charon: 12[CFG] configured proposals:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Aug 8 15:45:30 vpn charon: 12[CFG] selected proposal:
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Aug 8 15:45:30 vpn charon: 04[NET] received packet: from 192.168.1.10[500]
to 192.168.1.24[500]
Aug 8 15:45:30 vpn charon: 04[NET] waiting for data on sockets
Aug 8 15:45:30 vpn charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fe28c002e60
Aug 8 15:45:30 vpn charon: 12[IKE] 0: E5 31 E5 B5 46 09 82 85 00 00 00
00 00 00 00 00 .1..F...........
Aug 8 15:45:30 vpn charon: 12[IKE] 16: C0 A8 01 18 01 F4
......
Aug 8 15:45:30 vpn charon: 12[IKE] natd_hash => 20 bytes @ 0x7fe28c0027d0
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 2B A4 40 DB DB 5F CB A2 5A D4 57
BC 93 D9 6C E3 +.@.._..Z.W...l.
Aug 8 15:45:30 vpn charon: 12[IKE] 16: D0 71 3D 55
.q=U
Aug 8 15:45:30 vpn charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fe28c002e60
Aug 8 15:45:30 vpn charon: 12[IKE] 0: E5 31 E5 B5 46 09 82 85 00 00 00
00 00 00 00 00 .1..F...........
Aug 8 15:45:30 vpn charon: 12[IKE] 16: C0 A8 01 0A 01 F4
......
Aug 8 15:45:30 vpn charon: 12[IKE] natd_hash => 20 bytes @ 0x7fe28c006740
Aug 8 15:45:30 vpn charon: 12[IKE] 0: B2 AC 37 61 EA 9B 8C C4 FA F5 FD
05 58 0E B1 75 ..7a........X..u
Aug 8 15:45:30 vpn charon: 12[IKE] 16: 50 FE F4 77
P..w
Aug 8 15:45:30 vpn charon: 12[IKE] precalculated src_hash => 20 bytes @
0x7fe28c006740
Aug 8 15:45:30 vpn charon: 12[IKE] 0: B2 AC 37 61 EA 9B 8C C4 FA F5 FD
05 58 0E B1 75 ..7a........X..u
Aug 8 15:45:30 vpn charon: 12[IKE] 16: 50 FE F4 77
P..w
Aug 8 15:45:30 vpn charon: 12[IKE] precalculated dst_hash => 20 bytes @
0x7fe28c0027d0
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 2B A4 40 DB DB 5F CB A2 5A D4 57
BC 93 D9 6C E3 +.@.._..Z.W...l.
Aug 8 15:45:30 vpn charon: 12[IKE] 16: D0 71 3D 55
.q=U
Aug 8 15:45:30 vpn charon: 10[NET] received unencrypted informational:
from 192.168.1.10[500] to 192.168.1.24[500]
Aug 8 15:45:30 vpn charon: 10[ENC] payload type NOTIFY was not encrypted
Aug 8 15:45:30 vpn charon: 10[ENC] could not decrypt payloads
Aug 8 15:45:30 vpn charon: 10[IKE] INFORMATIONAL request with message ID 0
processing failed
Aug 8 15:45:30 vpn charon: 12[IKE] received src_hash => 20 bytes @
0x7fe28c001740
Aug 8 15:45:30 vpn charon: 12[IKE] 0: B2 AC 37 61 EA 9B 8C C4 FA F5 FD
05 58 0E B1 75 ..7a........X..u
Aug 8 15:45:30 vpn charon: 12[IKE] 16: 50 FE F4 77
P..w
Aug 8 15:45:30 vpn charon: 12[IKE] received dst_hash => 20 bytes @
0x7fe28c001860
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 2B A4 40 DB DB 5F CB A2 5A D4 57
BC 93 D9 6C E3 +.@.._..Z.W...l.
Aug 8 15:45:30 vpn charon: 12[IKE] 16: D0 71 3D 55
.q=U
Aug 8 15:45:30 vpn charon: 12[IKE] shared Diffie Hellman secret => 128
bytes @ 0x7fe28c003500
Aug 8 15:45:30 vpn charon: 12[IKE] 0: A5 7C 53 52 10 CC 8B 0D C9 BC 97
B8 1A 71 F5 08 .|SR.........q..
Aug 8 15:45:30 vpn charon: 12[IKE] 16: 21 FE BF 60 92 31 7A 27 3A 02 B0
BE 64 29 95 1A !..`.1z':...d)..
Aug 8 15:45:30 vpn charon: 12[IKE] 32: 00 5D 30 75 D6 69 69 12 43 D1 05
BA 73 9F B3 36 .]0u.ii.C...s..6
Aug 8 15:45:30 vpn charon: 12[IKE] 48: 8F 96 F1 B4 52 84 51 A9 FB BF 95
94 89 9D EF A7 ....R.Q.........
Aug 8 15:45:30 vpn charon: 12[IKE] 64: EB 00 75 C9 C3 E7 B9 91 D3 0F 52
AA 16 89 7E 01 ..u.......R...~.
Aug 8 15:45:30 vpn charon: 12[IKE] 80: 5D 42 48 47 CF 74 4F D2 A5 E3 16
4D 6B 77 B8 AB ]BHG.tO....Mkw..
Aug 8 15:45:30 vpn charon: 12[IKE] 96: 2C 92 48 91 4A 0A D8 0E 91 5E 97
28 FF 8E 6B 8C ,.H.J....^.(..k.
Aug 8 15:45:30 vpn charon: 12[IKE] 112: 4B 78 4E DB AF 82 BD A6 63 4B 44
86 75 3A 95 57 KxN.....cKD.u:.W
Aug 8 15:45:30 vpn charon: 12[IKE] SKEYSEED => 20 bytes @ 0x7fe28c0037f0
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 07 59 32 CD 65 F8 EA 59 6C 71 09
49 0A CB DF AF .Y2.e..Ylq.I....
Aug 8 15:45:30 vpn charon: 12[IKE] 16: 73 57 C7 F9
sW..
Aug 8 15:45:30 vpn charon: 12[IKE] Sk_d secret => 20 bytes @ 0x7fe28c0037f0
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 27 7A 69 38 3E 6B 9C AB 84 73 12
67 0B B6 A3 DD 'zi8>k...s.g....
Aug 8 15:45:30 vpn charon: 12[IKE] 16: DB 8A C1 CC
....
Aug 8 15:45:30 vpn charon: 12[IKE] Sk_ai secret => 20 bytes @
0x7fe28c002910
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 10 DA ED 55 8B 52 0D 72 99 9F 5E
24 EC 13 35 A9 ...U.R.r..^$..5.
Aug 8 15:45:30 vpn charon: 12[IKE] 16: D7 C4 78 C1
..x.
Aug 8 15:45:30 vpn charon: 12[IKE] Sk_ar secret => 20 bytes @
0x7fe28c002b10
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 28 F1 3F 83 EA 9F DB 58 82 F1 69
8A 5F 10 A9 CA (.?....X..i._...
Aug 8 15:45:30 vpn charon: 12[IKE] 16: 83 0A 52 4D
..RM
Aug 8 15:45:30 vpn charon: 12[IKE] Sk_ei secret => 32 bytes @
0x7fe28c002b10
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 7D E5 BE 51 EC 8B 38 2A AD 7C 05
ED 13 68 59 6F }..Q..8*.|...hYo
Aug 8 15:45:30 vpn charon: 12[IKE] 16: F6 2D 36 4B B4 C2 56 AA 24 35 2C
E4 CE 36 EE CC .-6K..V.$5,..6..
Aug 8 15:45:30 vpn charon: 12[IKE] Sk_er secret => 32 bytes @
0x7fe28c002b10
Aug 8 15:45:30 vpn charon: 12[IKE] 0: AD E9 3B B0 06 E1 D0 C5 CE 7D 11
6F 2D 2E 0A 53 ..;......}.o-..S
Aug 8 15:45:30 vpn charon: 12[IKE] 16: E9 F7 8D BA 9F 71 86 56 D7 41 A7
BD 87 CD CA 29 .....q.V.A.....)
Aug 8 15:45:30 vpn charon: 12[IKE] Sk_pi secret => 20 bytes @
0x7fe28c004070
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 35 61 FD 18 83 28 5A 7A 45 8A 13
20 53 77 F3 84 5a...(ZzE.. Sw..
Aug 8 15:45:30 vpn charon: 12[IKE] 16: 88 6D 7E 56
.m~V
Aug 8 15:45:30 vpn charon: 12[IKE] Sk_pr secret => 20 bytes @
0x7fe28c002910
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 28 30 A3 D6 46 14 D2 9D 80 6C 6B
A4 30 66 18 D7 (0..F....lk.0f..
Aug 8 15:45:30 vpn charon: 12[IKE] 16: 54 29 4A B5
T)J.
Aug 8 15:45:30 vpn charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fe28c006da0
Aug 8 15:45:30 vpn charon: 12[IKE] 0: E5 31 E5 B5 46 09 82 85 A2 D4 19
31 65 6E 42 E5 .1..F......1enB.
Aug 8 15:45:30 vpn charon: 12[IKE] 16: C0 A8 01 18 01 F4
......
Aug 8 15:45:30 vpn charon: 12[IKE] natd_hash => 20 bytes @ 0x7fe28c0029f0
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 19 92 F3 CE 5C A7 A9 55 BB CF CB
42 91 CD A9 C3 ....\..U...B....
Aug 8 15:45:30 vpn charon: 12[IKE] 16: A3 BF DB CC
....
Aug 8 15:45:30 vpn charon: 12[IKE] natd_chunk => 22 bytes @ 0x7fe28c002af0
Aug 8 15:45:30 vpn charon: 12[IKE] 0: E5 31 E5 B5 46 09 82 85 A2 D4 19
31 65 6E 42 E5 .1..F......1enB.
Aug 8 15:45:30 vpn charon: 12[IKE] 16: C0 A8 01 0A 01 F4
......
Aug 8 15:45:30 vpn charon: 12[IKE] natd_hash => 20 bytes @ 0x7fe28c0079d0
Aug 8 15:45:30 vpn charon: 12[IKE] 0: 54 F2 96 1C D1 9C 7C BC 6F 23 DA
92 67 34 C6 BF T.....|.o#..g4..
Aug 8 15:45:30 vpn charon: 12[IKE] 16: 62 95 74 1A
b.t.
Aug 8 15:45:30 vpn charon: 12[IKE] sending cert request for "C=RU,
O=TestLab, CN=TestLab CA"
Aug 8 15:45:30 vpn charon: 12[ENC] generating IKE_SA_INIT response 0 [ SA
KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ]
Aug 8 15:45:30 vpn charon: 12[NET] sending packet: from 192.168.1.24[500]
to 192.168.1.10[500] (337 bytes)
Aug 8 15:45:30 vpn charon: 09[NET] sending packet: from 192.168.1.24[500]
to 192.168.1.10[500]
What should I do?
Thanks!
[Attachment #5 (text/html)]
<div dir="ltr"><div>Hello!</div><div><br></div><div>I have a fully working \
configuration on Debian 8 for Windows 7 IKEv2 clients (machine certificate \
authorization), but I ran into the problem with Windows 10 clients (same on Windows \
8.1)...</div><div><br></div><div>What I did step-by-step?</div><div><br></div><div>I \
have issued a set of keys and certificates by following \
this:</div><div><br></div><div>ipsec pki --gen > caKey.der</div><div>ipsec pki \
--self --in caKey.der --dn "C=RU, O=TestLab, CN=TestLab CA" --ca > \
caCert.der</div><div>ipsec pki --gen > peerKey.der</div><div>ipsec pki --pub --in \
peerKey.der | ipsec pki --issue --flag serverAuth --flag ikeIntermediate --san \
"vpn.local" --cacert caCert.der --cakey caKey.der --dn "C=RU, \
O=TestLab, CN=vpn.local" > peerCert.der</div><div>openssl x509 -inform der \
-outform pem -in caCert.der -out caCert.pem</div><div>openssl x509 -inform der \
-outform pem -in peerCert.der -out peerCert.pem</div><div>openssl rsa -inform der \
-outform pem -in peerKey.der -out peerKey.pem</div><div>openssl pkcs12 -in \
peerCert.pem -inkey peerKey.pem -certfile caCert.pem -export -out \
peer.p12</div><div>cp caCert.der /etc/ipsec.d/cacerts/caCert.der</div><div>cp \
peerCert.der /etc/ipsec.d/certs/peerCert.der</div><div>cp peerKey.der \
/etc/ipsec.d/private/peerKey.der</div><div><br></div><div>Set up the following \
configuration files:</div><div><br></div><div>/etc/ipsec.secrets</div><div>: RSA \
peerKey.der</div><div><br></div><div><br></div><div>/etc/ipsec.conf</div><div>config \
setup</div><div> charondebug="cfg 2, ike 4, net 2, esp \
2"</div><div> uniqueids = no</div><div><br></div><div>conn \
%default</div><div> auto=add</div><div> left=%any</div><div> \
right=%any</div><div> rekey=no</div><div> \
ike=aes256-sha1-modp2048,aes256-sha1-modp1024,aes256-sha256-modp2048!</div><div> \
esp=aes256-sha1,aes128-sha1,aes256-sha256!</div><div><br></div><div>conn \
IKEV2-pubkey</div><div> keyexchange=ikev2</div><div> \
leftauth=pubkey</div><div> leftcert=peerCert.der</div><div> \
leftsendcert=always</div><div> leftsubnet=<a \
href="http://10.0.0.0/8">10.0.0.0/8</a></div><div> \
rightauth=pubkey</div><div> rightsourceip=<a \
href="http://192.168.3.0/27">192.168.3.0/27</a></div><div> \
rightdns=8.8.8.8</div><div> dpdaction=clear</div><div> \
dpddelay=35s</div><div> \
dpdtimeout=300s</div><div><br></div><div><br></div><div>Status of IPsec \
daemon:</div><div><br></div><div>root@vpn:~# ipsec statusall</div><div>Status of IKE \
charon daemon (strongSwan 5.2.1, Linux 3.16.0-4-amd64, x86_64):</div><div> uptime: \
26 minutes, since Aug 08 15:21:14 2016</div><div> malloc: sbrk 2445312, mmap 0, \
used 328096, free 2117216</div><div> worker threads: 11 of 16 idle, 5/0/0/0 \
working, job queue: 0/0/0/0, scheduled: 0</div><div> loaded plugins: charon aes rc2 \
sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 \
pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr \
kernel-netlink resolve socket-default stroke updown</div><div>Virtual IP pools \
(size/online/offline):</div><div> <a \
href="http://192.168.3.0/27">192.168.3.0/27</a>: 30/0/1</div><div>Listening IP \
addresses:</div><div> 192.168.1.24</div><div>Connections:</div><div>IKEV2-pubkey: \
%any...%any IKEv2, dpddelay=35s</div><div>IKEV2-pubkey: local: [C=RU, \
O=TestLab, CN=vpn.local] uses public key authentication</div><div>IKEV2-pubkey: \
cert: "C=RU, O=TestLab, CN=vpn.local"</div><div>IKEV2-pubkey: remote: \
uses public key authentication</div><div>IKEV2-pubkey: child: <a \
href="http://10.0.0.0/8">10.0.0.0/8</a> === dynamic TUNNEL, \
dpdaction=clear</div><div>Security Associations (0 up, 0 connecting):</div><div> \
none</div><div><br></div><div>I have installed peer.p12 on Windows 10 machine just \
like I did it on Windows 7 machines (by following guides from this <a \
href="https://wiki.strongswan.org/projects/strongswan/wiki/Windows7">https://wiki.strongswan.org/projects/strongswan/wiki/Windows7</a> \
page).</div><div>The problem is while Windows 7 successfully authenticates on VPN \
server, Windows 10 or 8.1 returns error 13806...</div><div><br></div><div>Client and \
server on the same local network to exclude any possible problems in the \
middle.</div><div><br></div><div>Syslog output:</div><div>Aug 8 15:45:30 vpn \
charon: 04[NET] received packet: from 192.168.1.10[500] to \
192.168.1.24[500]</div><div>Aug 8 15:45:30 vpn charon: 04[NET] waiting for data on \
sockets</div><div>Aug 8 15:45:30 vpn charon: 14[NET] received packet: from \
192.168.1.10[500] to 192.168.1.24[500] (616 bytes)</div><div>Aug 8 15:45:30 vpn \
charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) V V \
V V ]</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] looking for an ike config for \
192.168.1.24...192.168.1.10</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] \
candidate: %any...%any, prio 28</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] found \
matching ike config: %any...%any with prio 28</div><div>Aug 8 15:45:30 vpn charon: \
14[ENC] received unknown vendor ID: \
1e:2b:51:69:05:99:1c:7d:7c:96:fc:bf:b5:87:e4:61:00:00:00:09</div><div>Aug 8 \
15:45:30 vpn charon: 14[ENC] received unknown vendor ID: \
fb:1d:e3:cd:f3:41:b7:ea:16:b7:e5:be:08:55:f1:20</div><div>Aug 8 15:45:30 vpn \
charon: 14[ENC] received unknown vendor ID: \
26:24:4d:38:ed:db:61:b3:17:2a:36:e3:d0:cf:b8:19</div><div>Aug 8 15:45:30 vpn \
charon: 14[ENC] received unknown vendor ID: \
01:52:8b:bb:c0:06:96:12:18:49:ab:9a:1c:5b:2a:51:00:00:00:02</div><div>Aug 8 \
15:45:30 vpn charon: 14[IKE] 192.168.1.10 is initiating an IKE_SA</div><div>Aug 8 \
15:45:30 vpn charon: 14[IKE] IKE_SA (unnamed)[10] state change: CREATED => \
CONNECTING</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] selecting \
proposal:</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable \
ENCRYPTION_ALGORITHM found</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] selecting \
proposal:</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable \
DIFFIE_HELLMAN_GROUP found</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] selecting \
proposal:</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable \
ENCRYPTION_ALGORITHM found</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] selecting \
proposal:</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable \
PSEUDO_RANDOM_FUNCTION found</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] selecting \
proposal:</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable \
ENCRYPTION_ALGORITHM found</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] selecting \
proposal:</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable \
PSEUDO_RANDOM_FUNCTION found</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] selecting \
proposal:</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] no acceptable \
ENCRYPTION_ALGORITHM found</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] selecting \
proposal:</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] proposal \
matches</div><div>Aug 8 15:45:30 vpn charon: 14[CFG] received proposals: \
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, \
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, \
IKE:3DES_CBC/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, \
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1024, \
IKE:3DES_CBC/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024, \
IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_1024</div><div>Aug 8 \
15:45:30 vpn charon: 14[CFG] configured proposals: \
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048, \
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, \
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048</div><div>Aug 8 \
15:45:30 vpn charon: 14[CFG] selected proposal: \
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] natd_chunk => 22 bytes @ 0x7fe288005fd0</div><div>Aug 8 15:45:30 \
vpn charon: 14[IKE] 0: B6 1B 44 16 F0 04 F9 FD 00 00 00 00 00 00 00 00 \
..D.............</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 16: C0 A8 01 18 01 \
F4 ......</div><div>Aug 8 15:45:30 \
vpn charon: 14[IKE] natd_hash => 20 bytes @ 0x7fe288005200</div><div>Aug 8 \
15:45:30 vpn charon: 14[IKE] 0: 4E 20 72 B9 60 F2 F7 08 CB EF 8D 2F 0F EE D0 9B \
N r.`....../....</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 16: 85 B6 8B 9D \
....</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] natd_chunk => 22 bytes @ \
0x7fe288005fd0</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: B6 1B 44 16 F0 \
04 F9 FD 00 00 00 00 00 00 00 00 ..D.............</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: C0 A8 01 0A 01 F4 \
......</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] natd_hash => 20 bytes @ \
0x7fe288005370</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 65 C2 68 A4 3A \
C9 9C F4 09 BF A3 F1 01 1D CC 7D e.h.:..........}</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: 83 9F 34 4C \
..4L</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] precalculated src_hash => 20 \
bytes @ 0x7fe288005370</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 65 C2 \
68 A4 3A C9 9C F4 09 BF A3 F1 01 1D CC 7D e.h.:..........}</div><div>Aug 8 \
15:45:30 vpn charon: 14[IKE] 16: 83 9F 34 4C \
..4L</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] precalculated dst_hash => 20 \
bytes @ 0x7fe288005200</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 4E 20 \
72 B9 60 F2 F7 08 CB EF 8D 2F 0F EE D0 9B N r.`....../....</div><div>Aug 8 \
15:45:30 vpn charon: 14[IKE] 16: 85 B6 8B 9D \
....</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] received src_hash => 20 bytes \
@ 0x7fe288003cf0</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 65 C2 68 A4 \
3A C9 9C F4 09 BF A3 F1 01 1D CC 7D e.h.:..........}</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: 83 9F 34 4C \
..4L</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] received dst_hash => 20 bytes \
@ 0x7fe288003e10</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 4E 20 72 B9 \
60 F2 F7 08 CB EF 8D 2F 0F EE D0 9B N r.`....../....</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: 85 B6 8B 9D \
....</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] shared Diffie Hellman secret \
=> 128 bytes @ 0x7fe288006de0</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] \
0: 04 82 FD 7D A7 94 F8 21 1F B7 BE 53 C7 8E EE C3 ...}...!...S....</div><div>Aug \
8 15:45:30 vpn charon: 14[IKE] 16: 2D 6F AB B3 91 7A 3A 4C 6A BF 93 F3 CB FA 89 62 \
-o...z:Lj......b</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 32: EE 1A B0 27 D2 \
2E 22 26 61 56 0E 03 6C BA 15 6B ...'.."&aV..l..k</div><div>Aug 8 \
15:45:30 vpn charon: 14[IKE] 48: E4 DF CF CB 51 27 A6 34 14 D8 AE 86 F7 A6 D6 F6 \
....Q'.4........</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 64: BD 48 CB \
7E 5D CE 4C BD 68 F7 06 42 DA C9 73 D9 .H.~].L.h..B..s.</div><div>Aug 8 15:45:30 \
vpn charon: 14[IKE] 80: 6E 54 AC 5E FB 62 BF 8C E9 3E C4 0D B0 1C 3D 92 \
nT.^.b...>....=.</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 96: 4F 80 7A CE \
4D F6 96 D4 68 F3 95 72 56 BD B2 7E O.z.M...h..rV..~</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 112: E2 2B D2 FE 24 A9 A5 75 F8 15 4A 5F FE A2 C8 68 \
.+..$..u..J_...h</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] SKEYSEED => 20 \
bytes @ 0x7fe288006ae0</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: B2 85 \
01 F5 84 BA 5B F6 20 50 AD 8C B5 25 7E 6F ......[. P...%~o</div><div>Aug 8 \
15:45:30 vpn charon: 14[IKE] 16: 3B F9 EC CF \
;...</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] Sk_d secret => 20 bytes @ \
0x7fe288006ae0</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 0C 15 F1 AB CF \
7C FC 8F 8A 7B C9 D4 88 80 17 0B .....|...{......</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: D8 8E B0 E3 \
....</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] Sk_ai secret => 20 bytes @ \
0x7fe288005200</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 1E F2 0B A2 FF \
2A 63 1A 79 B0 6B EF 50 56 4C 38 .....*c.y.k.PVL8</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: 45 B9 EC 5F \
E.._</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] Sk_ar secret => 20 bytes @ \
0x7fe2880048d0</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 58 49 F2 22 7F \
2B D1 32 66 AA 68 45 33 8A 91 C3 XI.".+.2f.hE3...</div><div>Aug 8 15:45:30 \
vpn charon: 14[IKE] 16: B0 67 22 17 \
.g".</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] Sk_ei secret => 32 bytes \
@ 0x7fe2880048d0</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 65 8C 10 7B \
44 16 3D CE 29 F5 13 08 07 CB A2 2F e..{D.=.)....../</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: 68 53 B9 63 AC BD D0 B4 67 7D 82 0F 7C A8 4F 97 \
hS.c....g}..|.O.</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] Sk_er secret => 32 \
bytes @ 0x7fe2880048d0</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 66 FE \
C5 07 5D 14 1B 09 1C A6 FA EA F4 39 20 A1 f...]........9 .</div><div>Aug 8 \
15:45:30 vpn charon: 14[IKE] 16: FF C2 73 43 0A E7 9A B2 B6 F7 AA 13 23 64 F1 11 \
..sC........#d..</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] Sk_pi secret => 20 \
bytes @ 0x7fe288007d20</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 30 1C \
85 04 75 84 B0 11 26 FD 58 43 F6 B2 24 29 0...u...&.XC..$)</div><div>Aug 8 \
15:45:30 vpn charon: 14[IKE] 16: 7F 51 D4 14 \
.Q..</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] Sk_pr secret => 20 bytes @ \
0x7fe2880048d0</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: 6F DC 42 13 E2 \
FE DB 38 84 CC 59 F9 D2 BC B9 C4 o.B....8..Y.....</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: 56 9E 99 A9 \
V...</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] natd_chunk => 22 bytes @ \
0x7fe288004900</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: B6 1B 44 16 F0 \
04 F9 FD 00 8D B6 83 BA 48 50 F3 ..D..........HP.</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: C0 A8 01 18 01 F4 \
......</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] natd_hash => 20 bytes @ \
0x7fe288005150</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: DF E6 CD 25 70 \
78 E7 70 64 E7 47 06 88 49 11 A7 ...%px.pd.G..I..</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: 3F C4 71 79 \
?.qy</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] natd_chunk => 22 bytes @ \
0x7fe2880039d0</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: B6 1B 44 16 F0 \
04 F9 FD 00 8D B6 83 BA 48 50 F3 ..D..........HP.</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: C0 A8 01 0A 01 F4 \
......</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] natd_hash => 20 bytes @ \
0x7fe2880053a0</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] 0: A5 68 65 6B CF \
6B 05 79 00 44 D3 15 01 91 6F D2 .hek.k.y.D....o.</div><div>Aug 8 15:45:30 vpn \
charon: 14[IKE] 16: 0C 15 9D 4B \
...K</div><div>Aug 8 15:45:30 vpn charon: 14[IKE] sending cert request for \
"C=RU, O=TestLab, CN=TestLab CA"</div><div>Aug 8 15:45:30 vpn charon: \
14[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) \
[Attachment #6 (text/plain)]
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic