Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [TraceStarted] 2022/01/18 12:01:21,100
- Used config:
- # Trace config
- trace + VPN
- trace + VPN-Debug
- trace + VPN-IKE
- trace + VPN-Packet
- trace + VPN-Status
- # Show commands
- show bootlog
- show locked-jobs
- [ShowCmd] 2022/01/18 12:01:22,434
- Result of command: "show locked-jobs "
- No list was dumped to the flash yet.
- [VPN-IKE] 2022/01/18 12:01:24,901 Devicetime: 2022/01/18 12:01:33,078
- [DEFAULT] Received packet:
- IKE 2.0 Header:
- Source/Port : smartphoneIP:44427
- Destination/Port : öffentlicheIP:500
- Routing-tag : 0
- Com-channel : 0
- | Initiator cookie : 7C 7B 91 FC DB 12 81 9A
- | Responder cookie : 00 00 00 00 00 00 00 00
- | Next Payload : SA
- | Version : 2.0
- | Exchange type : IKE_SA_INIT
- | Flags : 0x08 Initiator
- | Msg-ID : 0
- | Length : 1072 Bytes
- SA Payload
- | Next Payload : KE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 408 Bytes
- | PROPOSAL Payload
- | | Next Payload : PROPOSAL
- | | Reserved : 0x00
- | | Length : 200 Bytes
- | | Proposal number : 1
- | | Protocol ID : IPSEC_IKE
- | | SPI size : 0
- | | #Transforms : 21
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-128-CTR (13)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CBC (12)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-128-CTR (13)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CBC (12)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-128-CTR (13)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CBC (12)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : HMAC-SHA-512 (14)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : HMAC-SHA-384 (13)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : HMAC-SHA-256 (12)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-XCBC-96 (5)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CMAC-96 (8)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 4096-BIT MODP (16)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : CURVE25519 (31)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 3072-BIT MODP (15)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 2048-BIT MODP (14)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA1 (2)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-AES128-XCBC (4)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-256 (5)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-384 (6)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-512 (7)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : NONE
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-AES128-CMAC (8)
- | | | Attributes : NONE
- | PROPOSAL Payload
- | | Next Payload : NONE
- | | Reserved : 0x00
- | | Length : 204 Bytes
- | | Proposal number : 2
- | | Protocol ID : IPSEC_IKE
- | | SPI size : 0
- | | #Transforms : 20
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-16 (20)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-12 (19)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-8 (18)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-16 (20)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-12 (19)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-8 (18)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-16 (20)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-12 (19)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-8 (18)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 4096-BIT MODP (16)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : CURVE25519 (31)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 3072-BIT MODP (15)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 2048-BIT MODP (14)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA1 (2)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-AES128-XCBC (4)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-256 (5)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-384 (6)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-512 (7)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : NONE
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-AES128-CMAC (8)
- | | | Attributes : NONE
- KE Payload
- | Next Payload : NONCE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 520 Bytes
- | DH Group : 16
- | Reserved2 : 0x0000
- | DH-Key(4096 bits) : EB 4E 29 03 00 CD 90 78 9B 8B EA 47 5C F1 67 8C
- | BA B3 BC 02 53 28 69 45 E4 77 9C E5 0C E6 76 5C
- | D5 C9 AF 15 EC AD F5 EC 18 65 EB E2 7C 4A E4 14
- | 0D 72 00 3D 70 87 38 F3 E0 34 48 ED 2C 86 AA C6
- | 9B 4C C2 9A 2C 39 E8 C2 F2 B5 EB EC 2B E8 CC A7
- | E2 B1 0C FF 32 3F 3C FE 47 A9 2E 1A 44 0D 07 DC
- | 98 27 1E D2 9C FB 23 D2 11 A1 AF 8D 29 3E A6 30
- | C8 BB 74 A9 B3 6A 11 B7 6E 39 0C 41 32 EE EC 12
- | CA AE AA 31 44 47 8C 2F 31 66 0A DD D4 2B 98 B1
- | 28 F1 3A 50 78 60 1D 0D B9 1A CD CE 55 BF 6A E8
- | C3 C9 1B BC E2 D9 2D 40 5B B5 26 21 46 04 EF F4
- | 8C 76 2C D0 13 39 69 5A 67 6A 16 7F 6A 77 C1 6A
- | 3F 7D 4E 21 03 4B 38 17 7D BE 55 0F 88 CC FA E9
- | 43 CD EB 79 AD 9B C4 7E 0B 16 84 B3 6E 8D 78 66
- | CA 50 60 19 D2 30 88 44 55 E6 20 67 B0 0C 0F 99
- | 1A 81 68 4D 39 BD 38 C2 EE 43 FA 7C A9 49 D7 66
- | 71 33 9A 00 B1 C8 4C 1B 97 9E 3B FB 58 12 79 23
- | C2 98 6A 5E 7D 31 0F B7 68 0F E7 01 59 B2 2A 53
- | 42 48 68 17 98 F0 53 AE 31 0D 52 68 7A 1C C2 13
- | 7B E3 FD 0D F9 90 53 3D B3 DD 57 B2 0F E0 3E 48
- | FC B4 60 65 05 8E A2 AF 81 29 6D 24 2C 02 2B BE
- | E8 8D BA AE 15 DF AD FD BF 16 9A 8A B7 FA 1E F7
- | 57 E0 75 3C 73 D6 59 5B 8A 67 C7 E3 58 3F FA A3
- | 27 2B DD 88 6B 2B 34 31 4B FB 68 03 D1 D7 93 E4
- | 40 DA C7 F4 68 3E 4F 19 EA 71 9B FF 93 AE 8B F9
- | 05 2A 2D BA 5C 1E FB FA BF EB 22 05 18 2E 77 A4
- | CD DD BA E5 04 D9 37 A4 99 B1 2F 59 4F FB B1 DA
- | BA F4 48 89 B1 D8 31 8D 29 89 15 66 CE 32 A5 52
- | E2 E9 DF 70 B3 40 6C EC 80 BD E4 D4 2B 61 54 13
- | 8F 68 2F D3 CF A9 44 93 B3 F2 C4 BB 1A DE 5F B7
- | CF C9 72 BF FD FD AD E9 3A B6 8A 45 7B EB 82 B2
- | A0 5D 0F F1 80 1E D6 7B 2B 38 9A 06 29 E5 57 0C
- NONCE Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 36 Bytes
- | Nonce(256 bits) : 62 E7 00 B6 B2 FD 20 EC 16 BB DE 7E 34 12 BB 99
- | F9 6B 58 1F 86 28 61 F2 43 56 72 9F 37 A7 9C E7
- NOTIFY Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 28 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : STATUS_NAT_DETECTION_SOURCE_IP
- | Notif. data : 1D 63 05 67 F9 18 F0 E5 96 CF 4C D3 53 F2 BC CD
- | 54 D8 81 08
- NOTIFY Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 28 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : STATUS_NAT_DETECTION_DESTINATION_IP
- | Notif. data : 07 99 7E 3C 05 D1 AA A6 A5 C2 11 E8 FB 86 FC B3
- | A3 5B 70 83
- NOTIFY Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 8 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : IKEV2_FRAGMENTATION_SUPPORTED
- NOTIFY Payload
- | Next Payload : NONE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 16 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : SIGNATURE_HASH_ALGORITHMS
- | Sign. Hash Algs. : SHA1, SHA-256, SHA-384, SHA-512
- [VPN-Debug] 2022/01/18 12:01:24,902 Devicetime: 2022/01/18 12:01:33,088
- Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1072 bytes
- Gateways: öffentlicheIP:500<--smartphoneIP:44427
- SPIs: 0x7C7B91FCDB12819A0000000000000000, Message-ID 0
- Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
- QUB-DATA: öffentlicheIP:500<---smartphoneIP:44427 rtg_tag 0 physical-channel WAN(1)
- transport: [id: 2440863, UDP (17) {incoming unicast, fixed source address}, dst: smartphoneIP, tag 0 (U), src: öffentlicheIP, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (5), mac address: ff:ff:ff:ff:ff:ff, port 0], local port: 500, remote port: 44427
- +No IKE_SA found
- Counting consumed licenses by active channels...
- Consumed connected licenses : 0
- Negotiating connections : 0
- IKE negotiations : 0
- MPPE connections : 0
- Licenses in use : 0 < 5
- +Passive connection request accepted (83 micro seconds)
- Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
- +Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
- Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
- +Computing SHA1(0x7C7B91FCDB12819A0000000000000000|smartphoneIP:44427)
- +Computing SHA1(0x7C7B91FCDB12819A0000000000000000B218FAC2AD8B)
- +Computed: 0x5F41F0962916DB436D0E7777E1E5DF5001089C22
- +Received: 0x1D630567F918F0E596CF4CD353F2BCCD54D88108
- +Not equal => NAT-T enabled => switching on port 4500
- Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
- +Computing SHA1(0x7C7B91FCDB12819A0000000000000000|öffentlicheIP:500)
- +Computing SHA1(0x7C7B91FCDB12819A0000000000000000509922F001F4)
- +Computed: 0x07997E3C05D1AAA6A5C211E8FB86FCB3A35B7083
- +Received: 0x07997E3C05D1AAA6A5C211E8FB86FCB3A35B7083
- +Equal => NAT-T is already enabled
- Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
- Looking for payload IKE_SA (33)...Found 1 payload.
- +Config ENCR transform(s): AES-CBC-256
- +Received ENCR transform(s): AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
- +Best intersection: AES-CBC-256
- +Config PRF transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
- +Received PRF transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
- +Best intersection: PRF-HMAC-SHA-256
- +Config INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
- +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
- +Best intersection: HMAC-SHA-256
- +Config DH transform(s): 14
- +Received DH transform(s): 16 31 15 14
- +Best intersection: 14
- [VPN-Status] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,088
- Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1072 bytes
- Gateways: öffentlicheIP:500<--smartphoneIP:44427
- SPIs: 0x7C7B91FCDB12819A0000000000000000, Message-ID 0
- Peer identified: DEFAULT
- IKE_SA ('', '' IPSEC_IKE SPIs 0x7C7B91FCDB12819A715EA1E74F1D7DF9) entered to SADB
- Received 4 notifications:
- +NAT_DETECTION_SOURCE_IP(0x1D630567F918F0E596CF4CD353F2BCCD54D88108) (STATUS)
- +NAT_DETECTION_DESTINATION_IP(0x07997E3C05D1AAA6A5C211E8FB86FCB3A35B7083) (STATUS)
- +IKEV2_FRAGMENTATION_SUPPORTED (STATUS)
- +SIGNATURE_HASH_ALGORITHMS(0x0001000200030004) (STATUS)
- Peer (initiator) is behind a NAT
- NAT-T enabled => switching on port 4500
- We (responder) are not behind a NAT. NAT-T is already enabled
- +IKE-SA:
- IKE-Proposal-1 (21 transforms)
- ENCR : AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
- PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
- INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
- DH : 16 31 15 14
- IKE-Proposal-2 (20 transforms)
- ENCR : ENCR-CHACHA20-POLY1305 AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
- PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
- DH : 16 31 15 14
- -Agreed on DH-Group 14 but received KE-DH-Group 16 => responding with INVALID_KE_PAYLOAD(14)
- [VPN-IKE] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,089
- [DEFAULT] Sending packet:
- IKE 2.0 Header:
- Source/Port : öffentlicheIP:500
- Destination/Port : smartphoneIP:44427
- Routing-tag : 0
- Com-channel : 0
- | Initiator cookie : 7C 7B 91 FC DB 12 81 9A
- | Responder cookie : 00 00 00 00 00 00 00 00
- | Next Payload : NOTIFY
- | Version : 2.0
- | Exchange type : IKE_SA_INIT
- | Flags : 0x20 Response
- | Msg-ID : 0
- | Length : 38 Bytes
- NOTIFY Payload
- | Next Payload : NONE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 10 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : INVALID_KE_PAYLOAD
- | Notif. data : 00 0E
- [VPN-Debug] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,089
- Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
- +(request, response) pair inserted into retransmission map
- Sending an IKE_SA_INIT-RESPONSE of 38 bytes (responder)
- Gateways: öffentlicheIP:500-->smartphoneIP:44427, tag 0 (UDP)
- SPIs: 0x7C7B91FCDB12819A0000000000000000, Message-ID 0
- Payloads: NOTIFY(INVALID_KE_PAYLOAD[0x000E])
- [VPN-Status] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,089
- Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
- NOTIFY(INVALID_KE_PAYLOAD[14])
- Sending an IKE_SA_INIT-RESPONSE of 38 bytes (responder)
- Gateways: öffentlicheIP:500-->smartphoneIP:44427, tag 0 (UDP)
- SPIs: 0x7C7B91FCDB12819A0000000000000000, Message-ID 0
- [VPN-Debug] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,090
- IKE-TRANSPORT freed
- [VPN-Status] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,090
- IKE_SA ('', '' IPSEC_IKE SPIs 0x7C7B91FCDB12819A0000000000000000) removed from SADB
- IKE_SA ('', '' IPSEC_IKE SPIs 0x7C7B91FCDB12819A0000000000000000) freed
- [VPN-IKE] 2022/01/18 12:01:25,055 Devicetime: 2022/01/18 12:01:33,190
- [DEFAULT] Received packet:
- IKE 2.0 Header:
- Source/Port : smartphoneIP:44427
- Destination/Port : öffentlicheIP:500
- Routing-tag : 0
- Com-channel : 0
- | Initiator cookie : 5A 1C 35 41 86 81 74 0B
- | Responder cookie : 00 00 00 00 00 00 00 00
- | Next Payload : SA
- | Version : 2.0
- | Exchange type : IKE_SA_INIT
- | Flags : 0x08 Initiator
- | Msg-ID : 0
- | Length : 816 Bytes
- SA Payload
- | Next Payload : KE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 408 Bytes
- | PROPOSAL Payload
- | | Next Payload : PROPOSAL
- | | Reserved : 0x00
- | | Length : 200 Bytes
- | | Proposal number : 1
- | | Protocol ID : IPSEC_IKE
- | | SPI size : 0
- | | #Transforms : 21
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-128-CTR (13)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CBC (12)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-128-CTR (13)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CBC (12)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-128-CTR (13)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CBC (12)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : HMAC-SHA-512 (14)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : HMAC-SHA-384 (13)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : HMAC-SHA-256 (12)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-XCBC-96 (5)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CMAC-96 (8)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 4096-BIT MODP (16)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : CURVE25519 (31)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 3072-BIT MODP (15)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 2048-BIT MODP (14)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA1 (2)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-AES128-XCBC (4)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-256 (5)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-384 (6)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-512 (7)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : NONE
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-AES128-CMAC (8)
- | | | Attributes : NONE
- | PROPOSAL Payload
- | | Next Payload : NONE
- | | Reserved : 0x00
- | | Length : 204 Bytes
- | | Proposal number : 2
- | | Protocol ID : IPSEC_IKE
- | | SPI size : 0
- | | #Transforms : 20
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-16 (20)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-12 (19)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-8 (18)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-16 (20)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-12 (19)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-8 (18)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-16 (20)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-12 (19)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-8 (18)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 4096-BIT MODP (16)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : CURVE25519 (31)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 3072-BIT MODP (15)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 2048-BIT MODP (14)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA1 (2)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-AES128-XCBC (4)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-256 (5)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-384 (6)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-512 (7)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : NONE
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-AES128-CMAC (8)
- | | | Attributes : NONE
- KE Payload
- | Next Payload : NONCE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 264 Bytes
- | DH Group : 14
- | Reserved2 : 0x0000
- | DH-Key(2048 bits) : 8F D0 51 A1 48 B7 1B B4 52 2B 82 C0 80 CE 51 18
- | 1E 7F 06 A5 4F 40 62 9D 36 A1 34 FD FB 5C C3 79
- | 11 D4 C5 DB 9E B7 23 37 A9 FE 4D CD D9 59 0B 5C
- | 32 E8 E8 5E 82 50 FB EF D3 2F 28 B3 F2 27 11 A1
- | 4A 62 D4 BD 1C A0 08 0C 45 1F F3 FB E8 AE AF 0B
- | 11 5F A7 41 B8 F5 88 D5 B9 05 56 97 40 92 11 B2
- | F0 E2 D8 5C A0 E0 51 DC F0 F0 90 6E EF 29 CA 92
- | E1 17 6A B8 BD F5 D1 7D AB 8F FB 68 45 8D 6E A5
- | 4E FC 6D C0 75 13 29 2A BD F9 82 08 9A 80 3C 74
- | 3A BE 08 19 86 F4 D6 01 E7 8A 4B 28 2E 9C C5 F6
- | C6 70 42 EA 8A F3 60 8F B9 57 47 EF 11 85 39 11
- | C4 BD BB 77 E4 A3 E1 20 62 03 75 7C B2 0C 2C 7F
- | 3F 56 7B 56 15 16 7B 80 F9 92 56 EF 1F E9 18 A0
- | 1B B9 83 C3 D1 C1 BE 90 10 F7 0F 6D E3 F5 70 96
- | E5 EA C3 CD 27 EC 31 4B 59 F9 C1 7A 4D 45 F9 C2
- | 6F 8E 21 22 9F 60 CD 38 F0 67 62 04 85 35 9D F2
- NONCE Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 36 Bytes
- | Nonce(256 bits) : 8F C7 71 AD 1A 54 D7 69 D8 87 8B 3D 90 0E 86 DB
- | D7 63 BA 14 8A 9A 10 EE D1 CB 24 25 21 2C 73 56
- NOTIFY Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 28 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : STATUS_NAT_DETECTION_SOURCE_IP
- | Notif. data : 98 06 86 6A 84 09 ED D1 2D 55 01 EE 64 C2 EA 14
- | 92 99 7D 03
- NOTIFY Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 28 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : STATUS_NAT_DETECTION_DESTINATION_IP
- | Notif. data : DE 3D 76 CF B7 94 BF 30 0E 49 7C A5 66 BF 89 30
- | 65 CF EF A2
- NOTIFY Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 8 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : IKEV2_FRAGMENTATION_SUPPORTED
- NOTIFY Payload
- | Next Payload : NONE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 16 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : SIGNATURE_HASH_ALGORITHMS
- | Sign. Hash Algs. : SHA1, SHA-256, SHA-384, SHA-512
- [VPN-Debug] 2022/01/18 12:01:25,071 Devicetime: 2022/01/18 12:01:33,200
- Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 816 bytes
- Gateways: öffentlicheIP:500<--smartphoneIP:44427
- SPIs: 0x5A1C35418681740B0000000000000000, Message-ID 0
- Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
- QUB-DATA: öffentlicheIP:500<---smartphoneIP:44427 rtg_tag 0 physical-channel WAN(1)
- transport: [id: 2440864, UDP (17) {incoming unicast, fixed source address}, dst: smartphoneIP, tag 0 (U), src: öffentlicheIP, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (5), mac address: ff:ff:ff:ff:ff:ff, port 0], local port: 500, remote port: 44427
- +No IKE_SA found
- Counting consumed licenses by active channels...
- Consumed connected licenses : 0
- Negotiating connections : 0
- IKE negotiations : 0
- MPPE connections : 0
- Licenses in use : 0 < 5
- +Passive connection request accepted (82 micro seconds)
- Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
- +Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
- Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
- +Computing SHA1(0x5A1C35418681740B0000000000000000|smartphoneIP:44427)
- +Computing SHA1(0x5A1C35418681740B0000000000000000B218FAC2AD8B)
- +Computed: 0x33DE868DAEEEA5DE1EF4260E73C3048AF55A936D
- +Received: 0x9806866A8409EDD12D5501EE64C2EA1492997D03
- +Not equal => NAT-T enabled => switching on port 4500
- Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
- +Computing SHA1(0x5A1C35418681740B0000000000000000|öffentlicheIP:500)
- +Computing SHA1(0x5A1C35418681740B0000000000000000509922F001F4)
- +Computed: 0xDE3D76CFB794BF300E497CA566BF893065CFEFA2
- +Received: 0xDE3D76CFB794BF300E497CA566BF893065CFEFA2
- +Equal => NAT-T is already enabled
- Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
- Looking for payload IKE_SA (33)...Found 1 payload.
- +Config ENCR transform(s): AES-CBC-256
- +Received ENCR transform(s): AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
- +Best intersection: AES-CBC-256
- +Config PRF transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
- +Received PRF transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
- +Best intersection: PRF-HMAC-SHA-256
- +Config INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
- +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
- +Best intersection: HMAC-SHA-256
- +Config DH transform(s): 14
- +Received DH transform(s): 16 31 15 14
- +Best intersection: 14
- Looking for payload NONCE (40)...Found 1 payload.
- +Nonce length=32 bytes
- +Nonce=0x8FC771AD1A54D769D8878B3D900E86DBD763BA148A9A10EED1CB2425212C7356
- +SA-DATA-Ni=0x8FC771AD1A54D769D8878B3D900E86DBD763BA148A9A10EED1CB2425212C7356
- [VPN-Status] 2022/01/18 12:01:25,073 Devicetime: 2022/01/18 12:01:33,200
- Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 816 bytes
- Gateways: öffentlicheIP:500<--smartphoneIP:44427
- SPIs: 0x5A1C35418681740B0000000000000000, Message-ID 0
- Peer identified: DEFAULT
- IKE_SA ('', '' IPSEC_IKE SPIs 0x5A1C35418681740B13FB7B459F87A40E) entered to SADB
- Received 4 notifications:
- +NAT_DETECTION_SOURCE_IP(0x9806866A8409EDD12D5501EE64C2EA1492997D03) (STATUS)
- +NAT_DETECTION_DESTINATION_IP(0xDE3D76CFB794BF300E497CA566BF893065CFEFA2) (STATUS)
- +IKEV2_FRAGMENTATION_SUPPORTED (STATUS)
- +SIGNATURE_HASH_ALGORITHMS(0x0001000200030004) (STATUS)
- Peer (initiator) is behind a NAT
- NAT-T enabled => switching on port 4500
- We (responder) are not behind a NAT. NAT-T is already enabled
- +IKE-SA:
- IKE-Proposal-1 (21 transforms)
- ENCR : AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
- PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
- INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
- DH : 16 31 15 14
- IKE-Proposal-2 (20 transforms)
- ENCR : ENCR-CHACHA20-POLY1305 AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
- PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
- DH : 16 31 15 14
- +Received KE-DH-Group 14 (2048 bits)
- [VPN-IKE] 2022/01/18 12:01:25,073 Devicetime: 2022/01/18 12:01:33,206
- [DEFAULT] Sending packet:
- IKE 2.0 Header:
- Source/Port : öffentlicheIP:500
- Destination/Port : smartphoneIP:44427
- Routing-tag : 0
- Com-channel : 0
- | Initiator cookie : 5A 1C 35 41 86 81 74 0B
- | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
- | Next Payload : SA
- | Version : 2.0
- | Exchange type : IKE_SA_INIT
- | Flags : 0x20 Response
- | Msg-ID : 0
- | Length : 503 Bytes
- SA Payload
- | Next Payload : KE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 48 Bytes
- | PROPOSAL Payload
- | | Next Payload : NONE
- | | Reserved : 0x00
- | | Length : 44 Bytes
- | | Proposal number : 1
- | | Protocol ID : IPSEC_IKE
- | | SPI size : 0
- | | #Transforms : 4
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CBC (12)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: PRF (2)
- | | | Reserved2 : 0x00
- | | | Transform ID : PRF-HMAC-SHA-256 (5)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : HMAC-SHA-256 (12)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : NONE
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: DH (4)
- | | | Reserved2 : 0x00
- | | | Transform ID : 2048-BIT MODP (14)
- | | | Attributes : NONE
- KE Payload
- | Next Payload : NONCE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 264 Bytes
- | DH Group : 14
- | Reserved2 : 0x0000
- | DH-Key(2048 bits) : FB 2B 90 02 F7 49 A3 D3 D8 DC 16 C6 70 75 68 C0
- | 48 E5 3D 3B A3 48 DC 74 62 F6 62 9F F4 B5 D4 BF
- | 9E 04 B2 DE FF 9C F9 26 2C C8 17 27 C8 72 C1 FC
- | BB 2A 51 CD AF 36 41 78 7C 51 03 BB 43 66 0D 15
- | 76 4C 68 33 EE 76 FD 32 E7 73 25 55 82 9F E5 EE
- | EF 11 6E 91 F3 4B 0B B8 65 CA DC 78 B0 05 4B E0
- | 82 8A 2E 8B CE C4 6C 42 78 53 FF 01 D4 C0 8A 52
- | 16 46 ED 94 80 2C 2C E3 48 44 C2 46 58 44 E9 5C
- | E5 E0 7E 34 24 63 AF AC 70 26 72 A2 0B E5 34 FE
- | F2 BA C2 58 E7 49 6B 07 90 E8 81 E4 EE A9 A7 FD
- | C3 04 6E AD EF DF DC 76 03 B9 C7 19 8C 62 82 ED
- | E1 D6 5E CD 45 62 37 16 DE F7 FE BB 3D 07 5E FA
- | 4E 6D 5D B6 08 70 3D F9 61 49 0B 75 9A CE D9 FB
- | C0 D9 F7 8C E9 B6 E2 BA 80 D0 47 5E 6D FB 0D 50
- | D2 97 B6 64 D5 C7 81 6C 34 AD 8E E9 BC 75 DD 71
- | 95 36 65 06 79 D4 9F DB 7F 48 25 A1 35 D6 F5 5A
- NONCE Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 36 Bytes
- | Nonce(256 bits) : D6 AB C2 38 18 5A E0 6E DF 94 37 65 6E 04 D7 03
- | 2F 2D CF C2 37 84 F9 21 A7 3E B6 9C E1 57 20 0A
- NOTIFY Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 28 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : STATUS_NAT_DETECTION_SOURCE_IP
- | Notif. data : 4F 52 22 25 1A 84 8F C2 C3 34 D3 68 3A 3C 45 D5
- | CD 25 BE 68
- NOTIFY Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 28 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : STATUS_NAT_DETECTION_DESTINATION_IP
- | Notif. data : 87 D1 99 37 32 15 D6 9E 46 76 96 F8 EC 3A 2C 3C
- | FD 63 0F 2D
- NOTIFY Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 14 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : SIGNATURE_HASH_ALGORITHMS
- | Sign. Hash Algs. : SHA-256, SHA-384, SHA-512
- NOTIFY Payload
- | Next Payload : CERTREQ
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 8 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : IKEV2_FRAGMENTATION_SUPPORTED
- CERTREQ Payload
- | Next Payload : VENDOR
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 25 Bytes
- | Cert. Type : X509_SIG
- | Cert. Autherity : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- | 00 00 00 00
- VENDOR Payload
- | Next Payload : NONE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 24 Bytes
- | Vendor ID : 81 75 2E B5 91 4D 73 5C DF CD C8 58 C3 A8 ED 7C
- | 1C 66 D1 42
- [VPN-Debug] 2022/01/18 12:01:25,073 Devicetime: 2022/01/18 12:01:33,257
- Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
- Constructing payload NONCE (40):
- +Nonce length=32 bytes
- +Nonce=0xD6ABC238185AE06EDF9437656E04D7032F2DCFC23784F921A73EB69CE157200A
- +SA-DATA-Nr=0xD6ABC238185AE06EDF9437656E04D7032F2DCFC23784F921A73EB69CE157200A
- Constructing payload NOTIFY(DETECTION_SOURCE_IP) (41):
- +Computing SHA1(0x5A1C35418681740B13FB7B459F87A40E|öffentlicheIP:500)
- +Computing SHA1(0x5A1C35418681740B13FB7B459F87A40E509922F001F4)
- +0x4F5222251A848FC2C334D3683A3C45D5CD25BE68
- Constructing payload NOTIFY(DETECTION_DESTINATION_IP) (41):
- +Computing SHA1(0x5A1C35418681740B13FB7B459F87A40E|smartphoneIP:44427)
- +Computing SHA1(0x5A1C35418681740B13FB7B459F87A40EB218FAC2AD8B)
- +0x87D199373215D69E467696F8EC3A2C3CFD630F2D
- Constructing payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41):
- +Signature hash algorithms: SHA-256,SHA-384,SHA-512
- Constructing payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41):
- Constructing payload CERTREQ (38):
- +0x0000000000000000000000000000000000000000
- Constructing payload VENDOR(FRAGMENTATION) (43):
- Constructing payload VENDOR(FRAGMENTATION(C0000000)) (43):
- Constructing payload VENDOR(ikev2 config payload: Do not narrow my traffic selector) (43):
- Constructing payload VENDOR(activate lancom-systems notification private range) (43):
- Constructing payload NOTIFY(DEVICE-ID) (41):
- +Peer does not support private notifications -> ignore
- +Shared secret derived in 46846 micro seconds
- IKE_SA(0x5A1C35418681740B13FB7B459F87A40E).EXPECTED-MSG-ID raised to 1
- +(request, response) pair inserted into retransmission map
- Sending an IKE_SA_INIT-RESPONSE of 503 bytes (responder)
- Gateways: öffentlicheIP:4500-->smartphoneIP:4500, tag 0 (UDP)
- SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 0
- Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(SIGNATURE_HASH_ALGORITHMS), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), CERTREQ, VENDOR(activate lancom-systems notification private range)
- [VPN-Status] 2022/01/18 12:01:25,116 Devicetime: 2022/01/18 12:01:33,257
- Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
- +IKE-SA:
- IKE-Proposal-1 (4 transforms)
- ENCR : AES-CBC-256
- PRF : PRF-HMAC-SHA-256
- INTEG: HMAC-SHA-256
- DH : 14
- +KE-DH-Group 14 (2048 bits)
- Switching to port pair 4500 ( NAT-T keep-alive is off)
- IKE_SA_INIT [responder] for peer DEFAULT initiator id <no ipsec id>, responder id <no ipsec id>
- initiator cookie: 0x5A1C35418681740B, responder cookie: 0x13FB7B459F87A40E
- NAT-T enabled. We are not behind a nat, the remote side is behind a nat
- SA ISAKMP for peer DEFAULT Encryption AES-CBC-256 Integrity AUTH-HMAC-SHA-256 IKE-DH-Group 14 PRF-HMAC-SHA-256
- life time soft 01/19/2022 15:01:33 (in 97200 sec) / 0 kb
- life time hard 01/19/2022 18:01:33 (in 108000 sec) / 0 kb
- DPD: NONE
- Negotiated: IKEV2_FRAGMENTATION
- Sending an IKE_SA_INIT-RESPONSE of 503 bytes (responder)
- Gateways: öffentlicheIP:4500-->smartphoneIP:4500, tag 0 (UDP)
- SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 0
- [VPN-IKE] 2022/01/18 12:01:25,132 Devicetime: 2022/01/18 12:01:33,307
- [DEFAULT] Received packet:
- IKE 2.0 Header:
- Source/Port : smartphoneIP:44439
- Destination/Port : öffentlicheIP:4500
- Routing-tag : 0
- Com-channel : 0
- | Initiator cookie : 5A 1C 35 41 86 81 74 0B
- | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
- | Next Payload : ENCR
- | Version : 2.0
- | Exchange type : IKE_AUTH
- | Flags : 0x08 Initiator
- | Msg-ID : 1
- | Length : 576 Bytes
- ENCR Payload
- | Next Payload : IDI
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 548 Bytes
- | IV : CE CA B1 82 21 7D 69 85 03 21 16 A3 35 A1 3E 56
- | Encrypted Data : 66 05 38 F6 D9 2C 3A 4F F7 FB 57 51 CD 36 F9 C9
- | D8 7E 01 3E 6A CF 8B 47 77 08 0B 95 72 4D A7 1A
- | 78 3A 4F F7 C3 F3 40 05 B2 B4 CF EE B2 6F 7B 90
- | 27 38 50 77 3C 70 6B 06 9B CA 4B 79 E4 D0 24 91
- | B3 45 C4 EC AC 28 F2 0D 17 75 E1 4E 44 75 B5 21
- | BE 55 22 C5 7D 90 72 5A 42 EB 8B BD CA 17 DE CD
- | 90 4E BC 22 7F 3F 54 9D 50 D4 06 8B 45 CC 82 EE
- | C6 88 7B A8 8B 0F 78 13 B9 7B 7C D0 8C A9 08 E4
- | 4C CE B9 19 25 4F 54 27 59 10 C8 66 68 00 26 F1
- | F1 02 E8 70 8A AB 13 74 CA C4 AF 1B 8C 60 BB 48
- | F0 A7 10 BD B5 FF 16 11 9C AF DA 42 85 6F 25 CA
- | F7 EF CE CC B6 43 DA AD EC 0B 21 64 C4 C4 8E 55
- | 23 16 A5 8B E6 DE 17 A6 9F 69 C1 98 85 4E E5 31
- | B5 6B BE E7 01 F6 FE 04 E9 52 6C 38 23 81 36 A4
- | 1A 7B 1C EB C9 B1 14 54 68 4E 69 59 B7 FA 4F 51
- | A9 AF 73 3B AC 55 7B 11 8C 0B A1 50 4A AF F7 3C
- | 67 89 EF E4 05 2C CF D1 6D 69 79 73 FB 63 94 7A
- | 48 F3 C5 6B 00 F0 14 41 A7 3B EF 42 7C B9 88 6C
- | F1 BF 7D E9 1B 4D 4E 9A C0 BC A1 07 45 61 93 65
- | 66 A1 5B 41 97 8C FF CD 23 E4 2F 32 FE 0A 99 8F
- | 0B 78 9A 70 3E 36 FE 96 5B 0D 2F EC 11 8A 47 42
- | E8 51 78 23 7D 4A 95 0A E8 96 98 84 8C 00 2A AB
- | B0 33 99 64 EA 25 01 60 12 F2 2C 5B 43 25 AC 30
- | 98 B5 50 69 41 17 44 55 95 C5 F6 75 1F 48 CB 5E
- | 1F D2 7F 90 05 92 B7 8E 21 85 14 D4 7F 27 74 0B
- | 4E D0 CB 0A 7F D2 FC 7F 36 CD 9B 0A F3 B3 C6 59
- | 4D 33 FD 4E FE C0 16 95 92 D4 4D 96 3B B2 22 B8
- | DA D1 A6 FD 6D 5E B8 3B 19 FE 1C D3 82 AE 36 ED
- | B5 40 73 22 2D FF B4 19 B7 7F DC E2 6F F3 82 8F
- | C7 C2 46 99 F1 0E 25 DC 0D 54 3B 8B 6B 12 D2 CF
- | 2E E4 DF C7 67 66 72 7C E4 FE E5 81 BC FC 99 DA
- | 7C F1 46 32 23 E5 FD 8F F3 90 EB EC EA 57 20 B2
- | ICV : E9 E6 7F DD DB 4F 1E 1D 31 B8 B8 19 53 F8 FC A2
- [VPN-IKE] 2022/01/18 12:01:25,132 Devicetime: 2022/01/18 12:01:33,312
- [DEFAULT] Received packet after decryption:
- IKE 2.0 Header:
- Source/Port : smartphoneIP:44439
- Destination/Port : öffentlicheIP:4500
- Routing-tag : 0
- Com-channel : 0
- | Initiator cookie : 5A 1C 35 41 86 81 74 0B
- | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
- | Next Payload : ENCR
- | Version : 2.0
- | Exchange type : IKE_AUTH
- | Flags : 0x08 Initiator
- | Msg-ID : 1
- | Length : 576 Bytes
- ENCR Payload
- | Next Payload : IDI
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 548 Bytes
- | IV : CE CA B1 82 21 7D 69 85 03 21 16 A3 35 A1 3E 56
- | ICV : E9 E6 7F DD DB 4F 1E 1D 31 B8 B8 19 53 F8 FC A2
- IDI Payload
- | Next Payload : IDR
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 25 Bytes
- | ID type : FQDN
- | Reserved : 0x000000
- | ID : android.lancom.de
- IDR Payload
- | Next Payload : AUTH
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 12 Bytes
- | ID type : IPV4_ADDR
- | Reserved : 0x000000
- | ID : öffentlicheIP
- AUTH Payload
- | Next Payload : SA
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 40 Bytes
- | Auth. Method : PRESHARED_KEY
- | Reserved : 0x000000
- | Auth. Data : CF AB 23 20 85 E4 0E DF 39 7B E0 E1 85 02 64 AE
- | CD E4 0F 8C B0 A3 61 70 EA 7D C6 01 CD 9A F4 CF
- SA Payload
- | Next Payload : TSi
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 272 Bytes
- | PROPOSAL Payload
- | | Next Payload : PROPOSAL
- | | Reserved : 0x00
- | | Length : 132 Bytes
- | | Proposal number : 1
- | | Protocol ID : IPSEC_ESP
- | | SPI size : 4
- | | #Transforms : 12
- | | SPI : 52 CD FE AE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-128-CTR (13)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CBC (12)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-128-CTR (13)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CBC (12)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-128-CTR (13)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CBC (12)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : HMAC-SHA-512 (14)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : HMAC-SHA-384 (13)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : HMAC-SHA-256 (12)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-XCBC-96 (5)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CMAC-96 (8)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : NONE
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: ESN (5)
- | | | Reserved2 : 0x00
- | | | Transform ID : NONE (0)
- | | | Attributes : NONE
- | PROPOSAL Payload
- | | Next Payload : NONE
- | | Reserved : 0x00
- | | Length : 136 Bytes
- | | Proposal number : 2
- | | Protocol ID : IPSEC_ESP
- | | SPI size : 4
- | | #Transforms : 11
- | | SPI : 1A 3B 71 8F
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-16 (20)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-12 (19)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-8 (18)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-16 (20)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-12 (19)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-8 (18)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 192
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-16 (20)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-12 (19)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-GCM-8 (18)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 128
- | | TRANSFORM Payload
- | | | Next Payload : NONE
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: ESN (5)
- | | | Reserved2 : 0x00
- | | | Transform ID : NONE (0)
- | | | Attributes : NONE
- TSi Payload
- | Next Payload : TSr
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 64 Bytes
- | Number of TSs : 2
- | Reserved : 0x000000
- | Traffic Selector 0
- | | Type : TS_IPV4_ADDR_RANGE
- | | Protocol : ANY
- | | Length : 16
- | | Start Port : 0
- | | End Port : 65535
- | | Address Range : 0.0.0.0 - 255.255.255.255
- | Traffic Selector 1
- | | Type : TS_IPV6_ADDR_RANGE
- | | Protocol : ANY
- | | Length : 40
- | | Start Port : 0
- | | End Port : 65535
- | | Address Range : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
- TSr Payload
- | Next Payload : CP
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 64 Bytes
- | Number of TSs : 2
- | Reserved : 0x000000
- | Traffic Selector 0
- | | Type : TS_IPV4_ADDR_RANGE
- | | Protocol : ANY
- | | Length : 16
- | | Start Port : 0
- | | End Port : 65535
- | | Address Range : 0.0.0.0 - 255.255.255.255
- | Traffic Selector 1
- | | Type : TS_IPV6_ADDR_RANGE
- | | Protocol : ANY
- | | Length : 40
- | | Start Port : 0
- | | End Port : 65535
- | | Address Range : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
- CP Payload
- | Next Payload : NONE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 32 Bytes
- | Type : REQUEST
- | Reserved2 : 0x000000
- | Attribute 0
- | | Type : Variable, INTERNAL_IP4_ADDRESS
- | | Length : 0
- | | Value :
- | Attribute 1
- | | Type : Variable, INTERNAL_IP6_ADDRESS
- | | Length : 0
- | | Value :
- | Attribute 2
- | | Type : Variable, INTERNAL_IP4_DNS
- | | Length : 0
- | | Value :
- | Attribute 3
- | | Type : Variable, INTERNAL_IP6_DNS
- | | Length : 0
- | | Value :
- | Attribute 4
- | | Type : Variable, INTERNAL_IP4_NETMASK
- | | Length : 0
- | | Value :
- | Attribute 5
- | | Type : Variable, APPLICATION_VERSION
- | | Length : 0
- | | Value :
- Rest : 8C DC 02
- [VPN-Debug] 2022/01/18 12:01:25,133 Devicetime: 2022/01/18 12:01:33,314
- Config parser update peer's SMARTPHONE remote gateway to smartphoneIP (old 0.0.0.0)
- [VPN-Debug] 2022/01/18 12:01:25,133 Devicetime: 2022/01/18 12:01:33,322
- Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 576 bytes (encrypted)
- Gateways: öffentlicheIP:4500<--smartphoneIP:4500
- SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 1
- Payloads: ENCR
- QUB-DATA: öffentlicheIP:4500<---smartphoneIP:44439 rtg_tag 0 physical-channel WAN(1)
- transport: [id: 2440864, UDP (17) {incoming unicast, fixed source address}, dst: smartphoneIP, tag 0 (U), src: öffentlicheIP, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (5), mac address: ff:ff:ff:ff:ff:ff, port 0], local port: 4500, remote port: 4500, flags: UDP_ENCAPSULATION
- +IKE_SA found and assigned
- +Exchange created (flags: 0x00000050)
- Message verified successfully
- Message decrypted successfully
- Payloads: ENCR, IDI, IDR, AUTH(PSK), SA, TSI, TSR, CP(REQUEST)
- Looking for payload IDI (35)...Found 1 payload.
- +Received-ID android.lancom.de:FQDN matches the Expected-ID android.lancom.de:FQDN
- +Config ENCR transform(s): AES-CBC-256
- +Received ENCR transform(s): AES-CBC-256
- +Best intersection: AES-CBC-256
- +Config PRF transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
- +Received PRF transform(s): PRF-HMAC-SHA-256
- +Best intersection: PRF-HMAC-SHA-256
- +Config INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
- +Received INTEG transform(s): HMAC-SHA-256
- +Best intersection: HMAC-SHA-256
- +Config DH transform(s): 14
- +Received DH transform(s): 14
- +Best intersection: 14
- SMARTPHONE: DELETE MODE(7) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---öffentlicheIP===smartphoneIP---0.0.0.0/32 port(0) protocol(0)
- SMARTPHONE: DELETE MODE(7) INBOUND ESP 0.0.0.0/32 port(0) protocol(0)---smartphoneIP===öffentlicheIP---0.0.0.0/0 port(0) protocol(0)
- SMARTPHONE: ADD MODE(7) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---öffentlicheIP===smartphoneIP---172.20.0.22/32 port(0) protocol(0)
- SMARTPHONE: ADD MODE(7) INBOUND ESP 172.20.0.22/32 port(0) protocol(0)---smartphoneIP===öffentlicheIP---0.0.0.0/0 port(0) protocol(0)
- Looking for payload TSI (44)...Found 1 payload.
- Looking for a rule...
- Trying rule 0: IPSEC-0-SMARTPHONE-PR0-L0-R0
- Determining best intersection for TSi
- Expected TS :( 0, 0-65535, 172.20.0.22-172.20.0.22 )
- Received TS :( 0, 0-65535, 0.0.0.0-255.255.255.255)
- Intersection:( 0, 0-65535, 172.20.0.22-172.20.0.22 )
- Determining best intersection for TSi
- Expected TS :( 0, 0-65535, 172.20.0.22-172.20.0.22 )
- Received TS :( 0, 0-65535, ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
- -No intersection
- Best :( 0, 0-65535, 172.20.0.22-172.20.0.22 )
- Determining best intersection for TSr
- Expected TS :( 0, 0-65535, 0.0.0.0-255.255.255.255)
- Received TS :( 0, 0-65535, 0.0.0.0-255.255.255.255)
- Intersection:( 0, 0-65535, 0.0.0.0-255.255.255.255)
- Determining best intersection for TSr
- Expected TS :( 0, 0-65535, 0.0.0.0-255.255.255.255)
- Received TS :( 0, 0-65535, ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
- -No intersection
- Best :( 0, 0-65535, 0.0.0.0-255.255.255.255)
- +Valid intersection found
- TSi: ( 0, 0-65535, 172.20.0.22-172.20.0.22 )
- TSr: ( 0, 0-65535, 0.0.0.0-255.255.255.255)
- +TSi OK.
- Looking for payload TSR (45)...Found 1 payload.
- +TSr OK.
- Looking for payload CHILD_SA (33)...Found 1 payload.
- +Config ENCR transform(s): AES-CBC-256
- +Received ENCR transform(s): AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
- +Best intersection: AES-CBC-256
- +Config INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
- +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
- +Best intersection: HMAC-SHA-256
- +Config ESN transform(s): NONE
- +Received ESN transform(s): NONE
- +Best intersection: NONE
- [VPN-Status] 2022/01/18 12:01:25,133 Devicetime: 2022/01/18 12:01:33,322
- Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 576 bytes (encrypted)
- Gateways: öffentlicheIP:4500<--smartphoneIP:4500
- SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 1
- CHILD_SA ('', '' ) entered to SADB
- Updating remote port to 44439
- +Received-ID android.lancom.de:FQDN matches the Expected-ID android.lancom.de:FQDN
- +Peer identified: SMARTPHONE
- +Peer uses AUTH(PSK)
- +Authentication successful
- Request attributes:
- INTERNAL_IP4_ADDRESS()
- INTERNAL_IP6_ADDRESS()
- INTERNAL_IP4_DNS()
- INTERNAL_IP6_DNS()
- INTERNAL_IP4NETMASK()
- APPLICATION_VERSION()
- Assigned IPv4 config parameters:
- IP: 172.20.0.22
- DNS: 172.20.0.110, 8.8.8.8
- TSi: ( 0, 0-65535, 172.20.0.22-172.20.0.22 )
- TSr: ( 0, 0-65535, 0.0.0.0-255.255.255.255)
- +CHILD-SA:
- ESP-Proposal-1 Peer-SPI: 0x52CDFEAE (12 transforms)
- ENCR : AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
- INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
- ESN : NONE
- ESP-Proposal-2 Peer-SPI: 0x1A3B718F (11 transforms)
- ENCR : ENCR-CHACHA20-POLY1305 AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
- ESN : NONE
- [VPN-IKE] 2022/01/18 12:01:25,148 Devicetime: 2022/01/18 12:01:33,330
- [SMARTPHONE] Sending packet before encryption:
- IKE 2.0 Header:
- Source/Port : öffentlicheIP:4500
- Destination/Port : smartphoneIP:44439
- Routing-tag : 0
- Com-channel : 23
- | Initiator cookie : 5A 1C 35 41 86 81 74 0B
- | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
- | Next Payload : ENCR
- | Version : 2.0
- | Exchange type : IKE_AUTH
- | Flags : 0x20 Response
- | Msg-ID : 1
- | Length : 272 Bytes
- ENCR Payload
- | Next Payload : IDR
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 244 Bytes
- | IV : BA 66 1E 00 AA 44 75 5C 44 E4 FB 4F 7F 2C 06 D4
- | ICV : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- IDR Payload
- | Next Payload : AUTH
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 25 Bytes
- | ID type : FQDN
- | Reserved : 0x000000
- | ID : android.lancom.de
- AUTH Payload
- | Next Payload : CP
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 40 Bytes
- | Auth. Method : PRESHARED_KEY
- | Reserved : 0x000000
- | Auth. Data : 5F 21 3E 9B 56 06 F5 DE BE 65 F0 87 82 81 F3 EC
- | 4C 5C 13 6B ED 89 C3 49 38 4A D3 7B 5D AA 90 CF
- CP Payload
- | Next Payload : TSi
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 32 Bytes
- | Type : REPLY
- | Reserved2 : 0x000000
- | Attribute 0
- | | Type : Variable, INTERNAL_IP4_ADDRESS
- | | Length : 4
- | | Value : 172.20.0.22
- | Attribute 1
- | | Type : Variable, INTERNAL_IP4_DNS
- | | Length : 4
- | | Value : 172.20.0.110
- | Attribute 2
- | | Type : Variable, INTERNAL_IP4_DNS
- | | Length : 4
- | | Value : 8.8.8.8
- TSi Payload
- | Next Payload : TSr
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 24 Bytes
- | Number of TSs : 1
- | Reserved : 0x000000
- | Traffic Selector 0
- | | Type : TS_IPV4_ADDR_RANGE
- | | Protocol : ANY
- | | Length : 16
- | | Start Port : 0
- | | End Port : 65535
- | | Address Range : 172.20.0.22 - 172.20.0.22
- TSr Payload
- | Next Payload : NOTIFY
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 24 Bytes
- | Number of TSs : 1
- | Reserved : 0x000000
- | Traffic Selector 0
- | | Type : TS_IPV4_ADDR_RANGE
- | | Protocol : ANY
- | | Length : 16
- | | Start Port : 0
- | | End Port : 65535
- | | Address Range : 0.0.0.0 - 255.255.255.255
- NOTIFY Payload
- | Next Payload : SA
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 8 Bytes
- | Protocol ID : <Unknown 0>
- | SPI size : 0
- | Message type : STATUS_INITIAL_CONTACT
- SA Payload
- | Next Payload : NONE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 44 Bytes
- | PROPOSAL Payload
- | | Next Payload : NONE
- | | Reserved : 0x00
- | | Length : 40 Bytes
- | | Proposal number : 1
- | | Protocol ID : IPSEC_ESP
- | | SPI size : 4
- | | #Transforms : 3
- | | SPI : 53 B6 DE 80
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 12 Bytes
- | | | Transform Type: ENCR (1)
- | | | Reserved2 : 0x00
- | | | Transform ID : AES-CBC (12)
- | | | Attribute 0
- | | | | Type : Basic, KEYLENGTH
- | | | | Value : 256
- | | TRANSFORM Payload
- | | | Next Payload : TRANSFORM
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: INTEG (3)
- | | | Reserved2 : 0x00
- | | | Transform ID : HMAC-SHA-256 (12)
- | | | Attributes : NONE
- | | TRANSFORM Payload
- | | | Next Payload : NONE
- | | | Reserved : 0x00
- | | | Length : 8 Bytes
- | | | Transform Type: ESN (5)
- | | | Reserved2 : 0x00
- | | | Transform ID : NONE (0)
- | | | Attributes : NONE
- Rest : 00 00 00 00 00 00 00 00 00 00 0A
- [VPN-IKE] 2022/01/18 12:01:25,148 Devicetime: 2022/01/18 12:01:33,334
- [SMARTPHONE] Sending packet after encryption:
- IKE 2.0 Header:
- Source/Port : öffentlicheIP:4500
- Destination/Port : smartphoneIP:44439
- Routing-tag : 0
- Com-channel : 23
- | Initiator cookie : 5A 1C 35 41 86 81 74 0B
- | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
- | Next Payload : ENCR
- | Version : 2.0
- | Exchange type : IKE_AUTH
- | Flags : 0x20 Response
- | Msg-ID : 1
- | Length : 272 Bytes
- ENCR Payload
- | Next Payload : IDR
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 244 Bytes
- | IV : BA 66 1E 00 AA 44 75 5C 44 E4 FB 4F 7F 2C 06 D4
- | Encrypted Data : 8F B1 AA 9E 63 83 02 60 08 48 F3 D4 FB C3 2B 23
- | B1 60 61 BD D9 AA 5B 52 D2 F6 42 B5 0B D8 98 5F
- | CC 19 72 E8 C9 7E 2C 77 91 73 3A 94 0A 00 83 E3
- | 20 54 63 BB 15 CA 9B 28 43 DD 20 02 85 FC 77 D5
- | 11 DA E2 62 67 18 2C 98 82 22 03 FE 80 08 40 6E
- | 31 ED 91 AD 6F 4C AD 9C 84 52 BD AF 22 0B 25 14
- | 3D E3 9D AD FA 33 07 1D 94 FE A1 80 C4 A2 B3 C4
- | 78 69 4C 7B 02 3C 01 2D EA 94 09 21 AB DB 6D FE
- | 27 81 D9 13 0B 24 E6 C6 1F 1C 68 C4 1F CF 37 3F
- | 60 7D 29 7B 86 4C F4 AD 68 FD 50 54 17 77 A9 33
- | C6 3F D2 1A 3F 5F 63 D4 78 8A 4B AB 64 F8 23 CC
- | F1 25 FD B7 CB C5 91 32 FE 99 F9 CB C4 7E 7C 32
- | 8B A2 B8 90 69 EC 4B E0 F3 51 4A 63 DF 88 31 6F
- | ICV : 7F 4D D6 C2 9C 39 17 EA 72 32 86 E3 35 7F 55 C1
- [VPN-Debug] 2022/01/18 12:01:25,163 Devicetime: 2022/01/18 12:01:33,337
- CRYPTACCESS: Registering combined id: 13
- [VPN-Debug] 2022/01/18 12:01:25,163 Devicetime: 2022/01/18 12:01:33,337
- CRYPTACCESS: Registering combined id: 19
- [VPN-Debug] 2022/01/18 12:01:25,163 Devicetime: 2022/01/18 12:01:33,338
- Peer SMARTPHONE: Constructing an IKE_AUTH-RESPONSE for send
- Constructing payload NOTIFY(MANAGEMENT_IP4_ADDRESS) (41):
- Constructing payload NOTIFY(MANAGEMENT_IP6_ADDRESS) (41):
- Constructing payload CP(REPLY) (47):
- +INTERNAL_IP4_ADDRESS(172.20.0.22)
- +INTERNAL_IP4_DNS(172.20.0.110)
- +INTERNAL_IP4_DNS(8.8.8.8)
- Constructing payload NOTIFY(STATUS_INITIAL_CONTACT) (41):
- KEY-PARSE: Received SADB_GETSPI/SADB_SATYPE_ESP
- KEY-GETSPI: Peer SMARTPHONE SPI 0x53B6DE80
- KEY-NEWSA: SA successfully created and inserted into SADB:
- State LARVAL Protocol ESP PID 0 refcnt 2 Hard-Timeout in 30 sec (larval_timeout)
- IPSEC-SEND-UP
- Message encrypted successfully
- Message authenticated successfully
- Non-ESP-Marker Prepended
- IKE_SA(0x5A1C35418681740B13FB7B459F87A40E).EXPECTED-MSG-ID raised to 2
- IPSEC transports created
- KEY-PARSE: Received SADB_ADD/SADB_SATYPE_ESP
- KEY-NEWSA: SA successfully created and inserted into SADB:
- State LARVAL Protocol ESP PID 0 refcnt 1 Hard-Timeout in 28800 sec (key_hard_event) Soft-Timeout in 25920 sec
- KEY-SA-STATE-CHANGE: LARVAL->MATURE
- KEY-ADD: Peer SMARTPHONE handle 23 outgoing UDP-SPI 0x52CDFEAE NAT-T 0.0.0.0/0---öffentlicheIP:4500===smartphoneIP:44439---172.20.0.22/32 Hard-Timeout in 28800 sec (key_hard_event) Soft-Timeout in 25920 sec
- IPSEC-SEND-UP
- KEY-PARSE: Received SADB_UPDATE/SADB_SATYPE_ESP
- KEY-SA-STATE-CHANGE: LARVAL->MATURE
- SA-STORE: refcnt 3
- KEY-UPDATE: Peer SMARTPHONE handle 23 incoming UDP-SPI 0x53B6DE80 NAT-T 172.20.0.22/32---smartphoneIP:44439===öffentlicheIP:4500---0.0.0.0/0 Hard-Timeout in 28800 sec (key_hard_event) Soft-Timeout in 25920 sec
- IPSEC-SEND-UP
- SMARTPHONE: UPDATE MODE(1) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---öffentlicheIP===smartphoneIP---172.20.0.22/32 port(0) protocol(0)
- KEY-PARSE: Received SADB_X_SPDUPDATE/SADB_SATYPE_UNSPEC
- KEY-SPDUPDATE: SMARTPHONE OUTBOUND PROTOCOL_ANY 0.0.0.0/0<->172.20.0.22/32
- IPSEC-SEND-UP
- SMARTPHONE: UPDATE MODE(1) INBOUND ESP 172.20.0.22/32 port(0) protocol(0)---smartphoneIP===öffentlicheIP---0.0.0.0/0 port(0) protocol(0)
- KEY-PARSE: Received SADB_X_SPDUPDATE/SADB_SATYPE_UNSPEC
- KEY-SPDUPDATE: SMARTPHONE INBOUND PROTOCOL_ANY 172.20.0.22/32<->0.0.0.0/0
- IPSEC-SEND-UP
- +(request, response) pair inserted into retransmission map
- Sending an IKE_AUTH-RESPONSE of 272 bytes (responder encrypted)
- Gateways: öffentlicheIP:4500-->smartphoneIP:44439, tag 0 (UDP)
- SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 1
- Payloads: ENCR
- [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,338
- Peer SMARTPHONE: Constructing an IKE_AUTH-RESPONSE for send
- +Local-ID android.lancom.de:FQDN
- +I use AUTH(PSK)
- IKE_SA_INIT [responder] for peer SMARTPHONE initiator id android.lancom.de, responder id android.lancom.de
- initiator cookie: 0x5A1C35418681740B, responder cookie: 0x13FB7B459F87A40E
- NAT-T enabled. We are not behind a nat, the remote side is behind a nat
- SA ISAKMP for peer SMARTPHONE Encryption AES-CBC-256 Integrity AUTH-HMAC-SHA-256 IKE-DH-Group 14 PRF-HMAC-SHA-256
- life time soft 01/19/2022 15:01:33 (in 97200 sec) / 0 kb
- life time hard 01/19/2022 18:01:33 (in 108000 sec) / 0 kb
- DPD: 30 sec
- Negotiated: IKEV2_FRAGMENTATION
- Reply attributes:
- INTERNAL_IP4_ADDRESS(172.20.0.22)
- INTERNAL_IP4_DNS(172.20.0.110)
- INTERNAL_IP4_DNS(8.8.8.8)
- +TSi 0: ( 0, 0-65535, 172.20.0.22-172.20.0.22 )
- +TSr 0: ( 0, 0-65535, 0.0.0.0-255.255.255.255)
- +CHILD-SA:
- ESP-Proposal-1 My-SPI: 0x53B6DE80 (3 transforms)
- ENCR : AES-CBC-256
- INTEG: HMAC-SHA-256
- ESN : NONE
- CHILD_SA [responder] done with 2 SAS for peer SMARTPHONE rule IPSEC-0-SMARTPHONE-PR0-L0-R0
- öffentlicheIP:4500-->smartphoneIP:44439, Routing tag 0, Com-channel 23
- rule:' ipsec 0.0.0.0/0 <-> 172.20.0.22/32
- outgoing SA ESP [0x52CDFEAE] Encryption AES-CBC-256 Integrity AUTH-HMAC-SHA-256 PFS-DH-Group None ESN None
- incoming SA ESP [0x53B6DE80] Encryption AES-CBC-256 Integrity AUTH-HMAC-SHA-256 PFS-DH-Group None ESN None
- life time soft 01/18/2022 19:13:33 (in 25920 sec) / 1800000 kb
- life time hard 01/18/2022 20:01:33 (in 28800 sec) / 2000000 kb
- tunnel between src: öffentlicheIP dst: smartphoneIP
- Sending an IKE_AUTH-RESPONSE of 272 bytes (responder encrypted)
- Gateways: öffentlicheIP:4500-->smartphoneIP:44439, tag 0 (UDP)
- SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 1
- [VPN-Debug] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
- Peer SMARTPHONE: Trigger next pended request to establish an exchange
- Current request is none
- IKE_SA is not REPLACED
- There are 0 pending requests
- [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
- set_ip_transport for SMARTPHONE: [id: 2440867, UDP (17) {incoming unicast, fixed source address}, dst: smartphoneIP, tag 0 (U), src: öffentlicheIP, hop limit: 64, pmtu: 1492, iface: INTERNET (5), mac address: ff:ff:ff:ff:ff:ff, port 0]
- [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
- VPN: WAN state changed to WanCalled for SMARTPHONE (smartphoneIP), called by: 01d13d38
- [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
- vpn-maps[23], remote: SMARTPHONE, nego, dns-name, static-name, connected-by-name
- [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
- VPN: wait for IKE negotiation from SMARTPHONE (smartphoneIP)
- [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
- VPN: WAN state changed to WanProtocol for SMARTPHONE (smartphoneIP), called by: 01d13d38
- [VPN-IKE] 2022/01/18 12:01:25,224 Devicetime: 2022/01/18 12:01:33,404
- [SMARTPHONE] Received packet:
- IKE 2.0 Header:
- Source/Port : smartphoneIP:44439
- Destination/Port : öffentlicheIP:4500
- Routing-tag : 0
- Com-channel : 23
- | Initiator cookie : 5A 1C 35 41 86 81 74 0B
- | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
- | Next Payload : ENCR
- | Version : 2.0
- | Exchange type : INFORMATIONAL
- | Flags : 0x08 Initiator
- | Msg-ID : 2
- | Length : 80 Bytes
- ENCR Payload
- | Next Payload : DELETE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 52 Bytes
- | IV : 1A EB 06 D0 16 19 90 0D 1E A2 C4 47 B6 F4 20 D9
- | Encrypted Data : DB 74 4B DF 7B 94 2E 2E CA 37 0B BD 70 2E 85 C5
- | ICV : ED 32 E9 DE F8 0D 42 36 59 A4 88 DA E2 53 6E 08
- [VPN-IKE] 2022/01/18 12:01:25,224 Devicetime: 2022/01/18 12:01:33,405
- [SMARTPHONE] Received packet after decryption:
- IKE 2.0 Header:
- Source/Port : smartphoneIP:44439
- Destination/Port : öffentlicheIP:4500
- Routing-tag : 0
- Com-channel : 23
- | Initiator cookie : 5A 1C 35 41 86 81 74 0B
- | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
- | Next Payload : ENCR
- | Version : 2.0
- | Exchange type : INFORMATIONAL
- | Flags : 0x08 Initiator
- | Msg-ID : 2
- | Length : 80 Bytes
- ENCR Payload
- | Next Payload : DELETE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 52 Bytes
- | IV : 1A EB 06 D0 16 19 90 0D 1E A2 C4 47 B6 F4 20 D9
- | ICV : ED 32 E9 DE F8 0D 42 36 59 A4 88 DA E2 53 6E 08
- DELETE Payload
- | Next Payload : NONE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 8 Bytes
- | Protocol ID : IPSEC_IKE
- | SPI size : 0
- | #SPIs : 0
- Rest : 71 74 03 2B 13 C8 9F 07
- [VPN-Debug] 2022/01/18 12:01:25,224 Devicetime: 2022/01/18 12:01:33,405
- Peer SMARTPHONE [responder]: Received an INFORMATIONAL-REQUEST of 80 bytes (encrypted)
- Gateways: öffentlicheIP:4500<--smartphoneIP:44439
- SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 2
- Payloads: ENCR
- QUB-DATA: öffentlicheIP:4500<---smartphoneIP:44439 rtg_tag 0 physical-channel WAN(1) vpn-channel 23
- transport: [id: 2440864, UDP (17) {incoming unicast, fixed source address}, dst: smartphoneIP, tag 0 (U), src: öffentlicheIP, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (5), mac address: ff:ff:ff:ff:ff:ff, port 0], local port: 4500, remote port: 44439, flags: UDP_ENCAPSULATION
- +IKE_SA found and assigned
- +Exchange created (flags: 0x00000050)
- Message verified successfully
- Message decrypted successfully
- Payloads: ENCR, DELETE
- [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,405
- Peer SMARTPHONE [responder]: Received an INFORMATIONAL-REQUEST of 80 bytes (encrypted)
- Gateways: öffentlicheIP:4500<--smartphoneIP:44439
- SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 2
- [VPN-Debug] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,406
- CRYPTACCESS: Unregistering combined id: 13
- [VPN-Debug] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,406
- CRYPTACCESS: Unregistering combined id: 19
- [VPN-IKE] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,407
- [SMARTPHONE] Sending packet before encryption:
- IKE 2.0 Header:
- Source/Port : öffentlicheIP:4500
- Destination/Port : smartphoneIP:44439
- Routing-tag : 0
- Com-channel : 23
- | Initiator cookie : 5A 1C 35 41 86 81 74 0B
- | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
- | Next Payload : ENCR
- | Version : 2.0
- | Exchange type : INFORMATIONAL
- | Flags : 0x20 Response
- | Msg-ID : 2
- | Length : 96 Bytes
- ENCR Payload
- | Next Payload : DELETE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 68 Bytes
- | IV : CC A9 8E 2D 77 1D 60 A4 F4 76 51 5F 70 EA E5 E8
- | ICV : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
- DELETE Payload
- | Next Payload : DELETE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 8 Bytes
- | Protocol ID : IPSEC_IKE
- | SPI size : 0
- | #SPIs : 0
- DELETE Payload
- | Next Payload : NONE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 12 Bytes
- | Protocol ID : IPSEC_ESP
- | SPI size : 4
- | #SPIs : 1
- | SPI 000 : 53 B6 DE 80
- Rest : 00 00 00 00 00 00 00 00 00 00 00 0B
- [VPN-IKE] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,410
- [SMARTPHONE] Sending packet after encryption:
- IKE 2.0 Header:
- Source/Port : öffentlicheIP:4500
- Destination/Port : smartphoneIP:44439
- Routing-tag : 0
- Com-channel : 23
- | Initiator cookie : 5A 1C 35 41 86 81 74 0B
- | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
- | Next Payload : ENCR
- | Version : 2.0
- | Exchange type : INFORMATIONAL
- | Flags : 0x20 Response
- | Msg-ID : 2
- | Length : 96 Bytes
- ENCR Payload
- | Next Payload : DELETE
- | CRITICAL : NO
- | Reserved : 0x00
- | Length : 68 Bytes
- | IV : CC A9 8E 2D 77 1D 60 A4 F4 76 51 5F 70 EA E5 E8
- | Encrypted Data : 59 BD F8 55 EC A5 5D 71 B5 BF 0B 7E E9 62 6C BB
- | 31 33 68 59 A5 A1 5C 49 2A DF ED 37 7F FC EF 28
- | ICV : 93 FD F7 33 71 D3 80 D1 29 79 FB 64 19 5B F7 29
- [VPN-Debug] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,410
- Peer SMARTPHONE: Constructing an INFORMATIONAL-RESPONSE for send
- SMARTPHONE: Trying to disable an outgoing flow
- SMARTPHONE: DELETE MODE(0) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---smartphoneIP===öffentlicheIP---172.20.0.22/32 port(0) protocol(0)
- KEY-PARSE: Received SADB_X_SPDDELETE/SADB_SATYPE_UNSPEC
- KEY-SPDDELETE: SMARTPHONE OUTBOUND PROTOCOL_ANY 0.0.0.0/0<->172.20.0.22/32
- IPSEC-SEND-UP
- SMARTPHONE: Constructing SADB_MSG(SADB_DELETE ESP) outgoing
- EXT_SA: SPI 0x52CDFEAE (0x0004000152CDFEAE000000000000000000000000000000000000000000000000)
- EXT_SA2: (0x00020013000000000000000000000000)
- EXT_ADDRESS_SRC: öffentlicheIP:4500 port 0 (0x000300050000000000020000509922F00000000000000000)
- EXT_ADDRESS_DST: smartphoneIP:44439 port 0 (0x000300060000000000020000B218FAC20000000000000000)
- X_EXT_NAME: SMARTPHONE (0x0004001A534D41525450484F4E45000000000000000000000000000000000000)
- KEY-PARSE: Received SADB_DELETE/SADB_SATYPE_ESP
- KEY-SA-STATE-CHANGE: MATURE->DEAD
- IPSEC-SEND-UP
- SMARTPHONE: Trying to disable an incoming flow
- SMARTPHONE: DELETE MODE(0) INBOUND ESP 172.20.0.22/32 port(0) protocol(0)---smartphoneIP===öffentlicheIP---0.0.0.0/0 port(0) protocol(0)
- KEY-PARSE: Received SADB_X_SPDDELETE/SADB_SATYPE_UNSPEC
- KEY-SPDDELETE: SMARTPHONE INBOUND PROTOCOL_ANY 172.20.0.22/32<->0.0.0.0/0
- IPSEC-SEND-UP
- SMARTPHONE: Constructing SADB_MSG(SADB_DELETE ESP) incoming
- EXT_SA: SPI 0x53B6DE80 (0x0004000153B6DE80000000000000000000000000000000000000000000000000)
- EXT_SA2: (0x00020013000000000000000000000000)
- EXT_ADDRESS_SRC: smartphoneIP:44439 port 0 (0x000300050000000000020000B218FAC20000000000000000)
- EXT_ADDRESS_DST: öffentlicheIP:4500 port 0 (0x000300060000000000020000509922F00000000000000000)
- X_EXT_NAME: SMARTPHONE (0x0004001A534D41525450484F4E45000000000000000000000000000000000000)
- KEY-PARSE: Received SADB_DELETE/SADB_SATYPE_ESP
- KEY-SA-STATE-CHANGE: MATURE->DEAD
- SA-RELEASE: refcnt 1
- IPSEC-SEND-UP
- Message encrypted successfully
- Message authenticated successfully
- Non-ESP-Marker Prepended
- IKE_SA(0x5A1C35418681740B13FB7B459F87A40E).EXPECTED-MSG-ID raised to 3
- +(request, response) pair inserted into retransmission map
- Sending an INFORMATIONAL-RESPONSE of 96 bytes (responder encrypted)
- Gateways: öffentlicheIP:4500-->smartphoneIP:44439, tag 0 (UDP)
- SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 2
- Payloads: ENCR
- [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,410
- Peer SMARTPHONE: Constructing an INFORMATIONAL-RESPONSE for send
- IKE_SA ('SMARTPHONE', 'ISAKMP-PEER-SMARTPHONE' IPSEC_IKE SPIs 0x5A1C35418681740B13FB7B459F87A40E) removed from SADB
- CHILD_SA ('SMARTPHONE', 'IPSEC-0-SMARTPHONE-PR0-L0-R0' IPSEC_ESP Outbound-SPI 0x52CDFEAE Inbound-SPI 0x53B6DE80) removed from SADB
- CHILD_SA ('SMARTPHONE', 'IPSEC-0-SMARTPHONE-PR0-L0-R0' IPSEC_ESP Outbound-SPI 0x52CDFEAE Inbound-SPI 0x53B6DE80) freed
- Sending an INFORMATIONAL-RESPONSE of 96 bytes (responder encrypted)
- Gateways: öffentlicheIP:4500-->smartphoneIP:44439, tag 0 (UDP)
- SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 2
- [VPN-Debug] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,411
- SMARTPHONE: DELETE MODE(7) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---::===::---172.20.0.22/32 port(0) protocol(0)
- SMARTPHONE: DELETE MODE(7) INBOUND ESP 172.20.0.22/32 port(0) protocol(0)---::===::---0.0.0.0/0 port(0) protocol(0)
- SMARTPHONE: ADD MODE(7) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---::===::---0.0.0.0/32 port(0) protocol(0)
- SMARTPHONE: ADD MODE(7) INBOUND ESP 0.0.0.0/32 port(0) protocol(0)---::===::---0.0.0.0/0 port(0) protocol(0)
- DISCONNECT-RESPONSE sent for handle 23
- IKE-TRANSPORT freed
- [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,411
- IKE_SA ('SMARTPHONE', 'ISAKMP-PEER-SMARTPHONE' IPSEC_IKE SPIs 0x5A1C35418681740B13FB7B459F87A40E) freed
- [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,413
- vpn-maps[23], remote: SMARTPHONE, idle, dns-name, static-name
- [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,421
- VPN: installing ruleset for SMARTPHONE (0.0.0.0)
- [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,421
- VPN: WAN state changed to WanDisconnect for SMARTPHONE (0.0.0.0), called by: 01d13d38
- [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,422
- Config parser: Start
- [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,422
- Config parser: Finish
- Wall clock time: 0 ms
- CPU time: 0 ms
- [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,422
- VPN: WAN state changed to WanIdle for SMARTPHONE (0.0.0.0), called by: 01d13d38
- [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,423
- DISCONNECT-RESPONSE sent for handle 23
- SMARTPHONE (ikev2): Remote gateway has changed from smartphoneIP to 0.0.0.0 -> tearing down
- [VPN-Status] 2022/01/18 12:01:25,285 Devicetime: 2022/01/18 12:01:33,424
- VPN: rulesets installed
- [TraceStopped] 2022/01/18 12:01:33,132
- Used config:
- # Trace config
- trace + VPN
- trace + VPN-Debug
- trace + VPN-IKE
- trace + VPN-Packet
- trace + VPN-Status
- # Show commands
- show bootlog
- show locked-jobs
- [Legend] 2009/07/09 00:00:00,000
- VPN-Status, TraceStarted, TraceStopped, Sysinfo, ShowCmd, VPN-Debug, VPN-IKE
- [Index] 2009/07/09 00:00:00,000
- 1,212,12;4,1746,20;4,2243,96;3,1969,53;6,15927,478;5,2846,44;0,1532,26;6,796,25;5,421,8;0,348,7;5,97,3;0,235,4;6,14790,462;5,3081,48;0,1475,26;6,5243,145;
- 5,2098,33;0,1064,23;6,3076,55;6,10892,359;5,163,3;5,4056,68;0,1322,31;6,4198,136;6,1746,36;5,118,3;5,118,3;5,2582,44;0,1911,39;5,230,6;0,316,3;0,167,3;0,159,3;
- 0,141,3;0,169,3;6,885,24;6,1090,32;5,852,13;0,274,5;5,120,3;5,120,3;6,1351,41;6,971,25;5,2473,41;0,703,9;5,593,8;0,182,3;0,140,3;0,127,3;0,164,3;0,99,3;
- 0,143,5;0,158,3;0,214,5;0,103,4;2,212,12;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement