[TraceStarted] 2022/01/18 12:01:21,100Used config:# Trace configtrace + VP

1. [TraceStarted] 2022/01/18 12:01:21,100
2. Used config:
3. # Trace config
4. trace + VPN
5. trace + VPN-Debug
6. trace + VPN-IKE
7. trace + VPN-Packet
8. trace + VPN-Status
9.  
10. # Show commands
11. show bootlog
12. show locked-jobs
13. [ShowCmd] 2022/01/18 12:01:22,434
14. Result of command: "show locked-jobs "
15. No list was dumped to the flash yet.
16.  
17.  
18.  
19. [VPN-IKE] 2022/01/18 12:01:24,901 Devicetime: 2022/01/18 12:01:33,078
20. [DEFAULT] Received packet:
21. IKE 2.0 Header:
22. Source/Port : smartphoneIP:44427
23. Destination/Port : öffentlicheIP:500
24. Routing-tag : 0
25. Com-channel : 0
26. | Initiator cookie : 7C 7B 91 FC DB 12 81 9A
27. | Responder cookie : 00 00 00 00 00 00 00 00
28. | Next Payload : SA
29. | Version : 2.0
30. | Exchange type : IKE_SA_INIT
31. | Flags : 0x08 Initiator
32. | Msg-ID : 0
33. | Length : 1072 Bytes
34. SA Payload
35. | Next Payload : KE
36. | CRITICAL : NO
37. | Reserved : 0x00
38. | Length : 408 Bytes
39. | PROPOSAL Payload
40. | | Next Payload : PROPOSAL
41. | | Reserved : 0x00
42. | | Length : 200 Bytes
43. | | Proposal number : 1
44. | | Protocol ID : IPSEC_IKE
45. | | SPI size : 0
46. | | #Transforms : 21
47. | | TRANSFORM Payload
48. | | | Next Payload : TRANSFORM
49. | | | Reserved : 0x00
50. | | | Length : 12 Bytes
51. | | | Transform Type: ENCR (1)
52. | | | Reserved2 : 0x00
53. | | | Transform ID : AES-128-CTR (13)
54. | | | Attribute 0
55. | | | | Type : Basic, KEYLENGTH
56. | | | | Value : 256
57. | | TRANSFORM Payload
58. | | | Next Payload : TRANSFORM
59. | | | Reserved : 0x00
60. | | | Length : 12 Bytes
61. | | | Transform Type: ENCR (1)
62. | | | Reserved2 : 0x00
63. | | | Transform ID : AES-CBC (12)
64. | | | Attribute 0
65. | | | | Type : Basic, KEYLENGTH
66. | | | | Value : 256
67. | | TRANSFORM Payload
68. | | | Next Payload : TRANSFORM
69. | | | Reserved : 0x00
70. | | | Length : 12 Bytes
71. | | | Transform Type: ENCR (1)
72. | | | Reserved2 : 0x00
73. | | | Transform ID : AES-128-CTR (13)
74. | | | Attribute 0
75. | | | | Type : Basic, KEYLENGTH
76. | | | | Value : 192
77. | | TRANSFORM Payload
78. | | | Next Payload : TRANSFORM
79. | | | Reserved : 0x00
80. | | | Length : 12 Bytes
81. | | | Transform Type: ENCR (1)
82. | | | Reserved2 : 0x00
83. | | | Transform ID : AES-CBC (12)
84. | | | Attribute 0
85. | | | | Type : Basic, KEYLENGTH
86. | | | | Value : 192
87. | | TRANSFORM Payload
88. | | | Next Payload : TRANSFORM
89. | | | Reserved : 0x00
90. | | | Length : 12 Bytes
91. | | | Transform Type: ENCR (1)
92. | | | Reserved2 : 0x00
93. | | | Transform ID : AES-128-CTR (13)
94. | | | Attribute 0
95. | | | | Type : Basic, KEYLENGTH
96. | | | | Value : 128
97. | | TRANSFORM Payload
98. | | | Next Payload : TRANSFORM
99. | | | Reserved : 0x00
100. | | | Length : 12 Bytes
101. | | | Transform Type: ENCR (1)
102. | | | Reserved2 : 0x00
103. | | | Transform ID : AES-CBC (12)
104. | | | Attribute 0
105. | | | | Type : Basic, KEYLENGTH
106. | | | | Value : 128
107. | | TRANSFORM Payload
108. | | | Next Payload : TRANSFORM
109. | | | Reserved : 0x00
110. | | | Length : 8 Bytes
111. | | | Transform Type: INTEG (3)
112. | | | Reserved2 : 0x00
113. | | | Transform ID : HMAC-SHA-512 (14)
114. | | | Attributes : NONE
115. | | TRANSFORM Payload
116. | | | Next Payload : TRANSFORM
117. | | | Reserved : 0x00
118. | | | Length : 8 Bytes
119. | | | Transform Type: INTEG (3)
120. | | | Reserved2 : 0x00
121. | | | Transform ID : HMAC-SHA-384 (13)
122. | | | Attributes : NONE
123. | | TRANSFORM Payload
124. | | | Next Payload : TRANSFORM
125. | | | Reserved : 0x00
126. | | | Length : 8 Bytes
127. | | | Transform Type: INTEG (3)
128. | | | Reserved2 : 0x00
129. | | | Transform ID : HMAC-SHA-256 (12)
130. | | | Attributes : NONE
131. | | TRANSFORM Payload
132. | | | Next Payload : TRANSFORM
133. | | | Reserved : 0x00
134. | | | Length : 8 Bytes
135. | | | Transform Type: INTEG (3)
136. | | | Reserved2 : 0x00
137. | | | Transform ID : AES-XCBC-96 (5)
138. | | | Attributes : NONE
139. | | TRANSFORM Payload
140. | | | Next Payload : TRANSFORM
141. | | | Reserved : 0x00
142. | | | Length : 8 Bytes
143. | | | Transform Type: INTEG (3)
144. | | | Reserved2 : 0x00
145. | | | Transform ID : AES-CMAC-96 (8)
146. | | | Attributes : NONE
147. | | TRANSFORM Payload
148. | | | Next Payload : TRANSFORM
149. | | | Reserved : 0x00
150. | | | Length : 8 Bytes
151. | | | Transform Type: DH (4)
152. | | | Reserved2 : 0x00
153. | | | Transform ID : 4096-BIT MODP (16)
154. | | | Attributes : NONE
155. | | TRANSFORM Payload
156. | | | Next Payload : TRANSFORM
157. | | | Reserved : 0x00
158. | | | Length : 8 Bytes
159. | | | Transform Type: DH (4)
160. | | | Reserved2 : 0x00
161. | | | Transform ID : CURVE25519 (31)
162. | | | Attributes : NONE
163. | | TRANSFORM Payload
164. | | | Next Payload : TRANSFORM
165. | | | Reserved : 0x00
166. | | | Length : 8 Bytes
167. | | | Transform Type: DH (4)
168. | | | Reserved2 : 0x00
169. | | | Transform ID : 3072-BIT MODP (15)
170. | | | Attributes : NONE
171. | | TRANSFORM Payload
172. | | | Next Payload : TRANSFORM
173. | | | Reserved : 0x00
174. | | | Length : 8 Bytes
175. | | | Transform Type: DH (4)
176. | | | Reserved2 : 0x00
177. | | | Transform ID : 2048-BIT MODP (14)
178. | | | Attributes : NONE
179. | | TRANSFORM Payload
180. | | | Next Payload : TRANSFORM
181. | | | Reserved : 0x00
182. | | | Length : 8 Bytes
183. | | | Transform Type: PRF (2)
184. | | | Reserved2 : 0x00
185. | | | Transform ID : PRF-HMAC-SHA1 (2)
186. | | | Attributes : NONE
187. | | TRANSFORM Payload
188. | | | Next Payload : TRANSFORM
189. | | | Reserved : 0x00
190. | | | Length : 8 Bytes
191. | | | Transform Type: PRF (2)
192. | | | Reserved2 : 0x00
193. | | | Transform ID : PRF-AES128-XCBC (4)
194. | | | Attributes : NONE
195. | | TRANSFORM Payload
196. | | | Next Payload : TRANSFORM
197. | | | Reserved : 0x00
198. | | | Length : 8 Bytes
199. | | | Transform Type: PRF (2)
200. | | | Reserved2 : 0x00
201. | | | Transform ID : PRF-HMAC-SHA-256 (5)
202. | | | Attributes : NONE
203. | | TRANSFORM Payload
204. | | | Next Payload : TRANSFORM
205. | | | Reserved : 0x00
206. | | | Length : 8 Bytes
207. | | | Transform Type: PRF (2)
208. | | | Reserved2 : 0x00
209. | | | Transform ID : PRF-HMAC-SHA-384 (6)
210. | | | Attributes : NONE
211. | | TRANSFORM Payload
212. | | | Next Payload : TRANSFORM
213. | | | Reserved : 0x00
214. | | | Length : 8 Bytes
215. | | | Transform Type: PRF (2)
216. | | | Reserved2 : 0x00
217. | | | Transform ID : PRF-HMAC-SHA-512 (7)
218. | | | Attributes : NONE
219. | | TRANSFORM Payload
220. | | | Next Payload : NONE
221. | | | Reserved : 0x00
222. | | | Length : 8 Bytes
223. | | | Transform Type: PRF (2)
224. | | | Reserved2 : 0x00
225. | | | Transform ID : PRF-AES128-CMAC (8)
226. | | | Attributes : NONE
227. | PROPOSAL Payload
228. | | Next Payload : NONE
229. | | Reserved : 0x00
230. | | Length : 204 Bytes
231. | | Proposal number : 2
232. | | Protocol ID : IPSEC_IKE
233. | | SPI size : 0
234. | | #Transforms : 20
235. | | TRANSFORM Payload
236. | | | Next Payload : TRANSFORM
237. | | | Reserved : 0x00
238. | | | Length : 8 Bytes
239. | | | Transform Type: ENCR (1)
240. | | | Reserved2 : 0x00
241. | | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
242. | | | Attributes : NONE
243. | | TRANSFORM Payload
244. | | | Next Payload : TRANSFORM
245. | | | Reserved : 0x00
246. | | | Length : 12 Bytes
247. | | | Transform Type: ENCR (1)
248. | | | Reserved2 : 0x00
249. | | | Transform ID : AES-GCM-16 (20)
250. | | | Attribute 0
251. | | | | Type : Basic, KEYLENGTH
252. | | | | Value : 256
253. | | TRANSFORM Payload
254. | | | Next Payload : TRANSFORM
255. | | | Reserved : 0x00
256. | | | Length : 12 Bytes
257. | | | Transform Type: ENCR (1)
258. | | | Reserved2 : 0x00
259. | | | Transform ID : AES-GCM-12 (19)
260. | | | Attribute 0
261. | | | | Type : Basic, KEYLENGTH
262. | | | | Value : 256
263. | | TRANSFORM Payload
264. | | | Next Payload : TRANSFORM
265. | | | Reserved : 0x00
266. | | | Length : 12 Bytes
267. | | | Transform Type: ENCR (1)
268. | | | Reserved2 : 0x00
269. | | | Transform ID : AES-GCM-8 (18)
270. | | | Attribute 0
271. | | | | Type : Basic, KEYLENGTH
272. | | | | Value : 256
273. | | TRANSFORM Payload
274. | | | Next Payload : TRANSFORM
275. | | | Reserved : 0x00
276. | | | Length : 12 Bytes
277. | | | Transform Type: ENCR (1)
278. | | | Reserved2 : 0x00
279. | | | Transform ID : AES-GCM-16 (20)
280. | | | Attribute 0
281. | | | | Type : Basic, KEYLENGTH
282. | | | | Value : 192
283. | | TRANSFORM Payload
284. | | | Next Payload : TRANSFORM
285. | | | Reserved : 0x00
286. | | | Length : 12 Bytes
287. | | | Transform Type: ENCR (1)
288. | | | Reserved2 : 0x00
289. | | | Transform ID : AES-GCM-12 (19)
290. | | | Attribute 0
291. | | | | Type : Basic, KEYLENGTH
292. | | | | Value : 192
293. | | TRANSFORM Payload
294. | | | Next Payload : TRANSFORM
295. | | | Reserved : 0x00
296. | | | Length : 12 Bytes
297. | | | Transform Type: ENCR (1)
298. | | | Reserved2 : 0x00
299. | | | Transform ID : AES-GCM-8 (18)
300. | | | Attribute 0
301. | | | | Type : Basic, KEYLENGTH
302. | | | | Value : 192
303. | | TRANSFORM Payload
304. | | | Next Payload : TRANSFORM
305. | | | Reserved : 0x00
306. | | | Length : 12 Bytes
307. | | | Transform Type: ENCR (1)
308. | | | Reserved2 : 0x00
309. | | | Transform ID : AES-GCM-16 (20)
310. | | | Attribute 0
311. | | | | Type : Basic, KEYLENGTH
312. | | | | Value : 128
313. | | TRANSFORM Payload
314. | | | Next Payload : TRANSFORM
315. | | | Reserved : 0x00
316. | | | Length : 12 Bytes
317. | | | Transform Type: ENCR (1)
318. | | | Reserved2 : 0x00
319. | | | Transform ID : AES-GCM-12 (19)
320. | | | Attribute 0
321. | | | | Type : Basic, KEYLENGTH
322. | | | | Value : 128
323. | | TRANSFORM Payload
324. | | | Next Payload : TRANSFORM
325. | | | Reserved : 0x00
326. | | | Length : 12 Bytes
327. | | | Transform Type: ENCR (1)
328. | | | Reserved2 : 0x00
329. | | | Transform ID : AES-GCM-8 (18)
330. | | | Attribute 0
331. | | | | Type : Basic, KEYLENGTH
332. | | | | Value : 128
333. | | TRANSFORM Payload
334. | | | Next Payload : TRANSFORM
335. | | | Reserved : 0x00
336. | | | Length : 8 Bytes
337. | | | Transform Type: DH (4)
338. | | | Reserved2 : 0x00
339. | | | Transform ID : 4096-BIT MODP (16)
340. | | | Attributes : NONE
341. | | TRANSFORM Payload
342. | | | Next Payload : TRANSFORM
343. | | | Reserved : 0x00
344. | | | Length : 8 Bytes
345. | | | Transform Type: DH (4)
346. | | | Reserved2 : 0x00
347. | | | Transform ID : CURVE25519 (31)
348. | | | Attributes : NONE
349. | | TRANSFORM Payload
350. | | | Next Payload : TRANSFORM
351. | | | Reserved : 0x00
352. | | | Length : 8 Bytes
353. | | | Transform Type: DH (4)
354. | | | Reserved2 : 0x00
355. | | | Transform ID : 3072-BIT MODP (15)
356. | | | Attributes : NONE
357. | | TRANSFORM Payload
358. | | | Next Payload : TRANSFORM
359. | | | Reserved : 0x00
360. | | | Length : 8 Bytes
361. | | | Transform Type: DH (4)
362. | | | Reserved2 : 0x00
363. | | | Transform ID : 2048-BIT MODP (14)
364. | | | Attributes : NONE
365. | | TRANSFORM Payload
366. | | | Next Payload : TRANSFORM
367. | | | Reserved : 0x00
368. | | | Length : 8 Bytes
369. | | | Transform Type: PRF (2)
370. | | | Reserved2 : 0x00
371. | | | Transform ID : PRF-HMAC-SHA1 (2)
372. | | | Attributes : NONE
373. | | TRANSFORM Payload
374. | | | Next Payload : TRANSFORM
375. | | | Reserved : 0x00
376. | | | Length : 8 Bytes
377. | | | Transform Type: PRF (2)
378. | | | Reserved2 : 0x00
379. | | | Transform ID : PRF-AES128-XCBC (4)
380. | | | Attributes : NONE
381. | | TRANSFORM Payload
382. | | | Next Payload : TRANSFORM
383. | | | Reserved : 0x00
384. | | | Length : 8 Bytes
385. | | | Transform Type: PRF (2)
386. | | | Reserved2 : 0x00
387. | | | Transform ID : PRF-HMAC-SHA-256 (5)
388. | | | Attributes : NONE
389. | | TRANSFORM Payload
390. | | | Next Payload : TRANSFORM
391. | | | Reserved : 0x00
392. | | | Length : 8 Bytes
393. | | | Transform Type: PRF (2)
394. | | | Reserved2 : 0x00
395. | | | Transform ID : PRF-HMAC-SHA-384 (6)
396. | | | Attributes : NONE
397. | | TRANSFORM Payload
398. | | | Next Payload : TRANSFORM
399. | | | Reserved : 0x00
400. | | | Length : 8 Bytes
401. | | | Transform Type: PRF (2)
402. | | | Reserved2 : 0x00
403. | | | Transform ID : PRF-HMAC-SHA-512 (7)
404. | | | Attributes : NONE
405. | | TRANSFORM Payload
406. | | | Next Payload : NONE
407. | | | Reserved : 0x00
408. | | | Length : 8 Bytes
409. | | | Transform Type: PRF (2)
410. | | | Reserved2 : 0x00
411. | | | Transform ID : PRF-AES128-CMAC (8)
412. | | | Attributes : NONE
413. KE Payload
414. | Next Payload : NONCE
415. | CRITICAL : NO
416. | Reserved : 0x00
417. | Length : 520 Bytes
418. | DH Group : 16
419. | Reserved2 : 0x0000
420. | DH-Key(4096 bits) : EB 4E 29 03 00 CD 90 78 9B 8B EA 47 5C F1 67 8C
421. | BA B3 BC 02 53 28 69 45 E4 77 9C E5 0C E6 76 5C
422. | D5 C9 AF 15 EC AD F5 EC 18 65 EB E2 7C 4A E4 14
423. | 0D 72 00 3D 70 87 38 F3 E0 34 48 ED 2C 86 AA C6
424. | 9B 4C C2 9A 2C 39 E8 C2 F2 B5 EB EC 2B E8 CC A7
425. | E2 B1 0C FF 32 3F 3C FE 47 A9 2E 1A 44 0D 07 DC
426. | 98 27 1E D2 9C FB 23 D2 11 A1 AF 8D 29 3E A6 30
427. | C8 BB 74 A9 B3 6A 11 B7 6E 39 0C 41 32 EE EC 12
428. | CA AE AA 31 44 47 8C 2F 31 66 0A DD D4 2B 98 B1
429. | 28 F1 3A 50 78 60 1D 0D B9 1A CD CE 55 BF 6A E8
430. | C3 C9 1B BC E2 D9 2D 40 5B B5 26 21 46 04 EF F4
431. | 8C 76 2C D0 13 39 69 5A 67 6A 16 7F 6A 77 C1 6A
432. | 3F 7D 4E 21 03 4B 38 17 7D BE 55 0F 88 CC FA E9
433. | 43 CD EB 79 AD 9B C4 7E 0B 16 84 B3 6E 8D 78 66
434. | CA 50 60 19 D2 30 88 44 55 E6 20 67 B0 0C 0F 99
435. | 1A 81 68 4D 39 BD 38 C2 EE 43 FA 7C A9 49 D7 66
436. | 71 33 9A 00 B1 C8 4C 1B 97 9E 3B FB 58 12 79 23
437. | C2 98 6A 5E 7D 31 0F B7 68 0F E7 01 59 B2 2A 53
438. | 42 48 68 17 98 F0 53 AE 31 0D 52 68 7A 1C C2 13
439. | 7B E3 FD 0D F9 90 53 3D B3 DD 57 B2 0F E0 3E 48
440. | FC B4 60 65 05 8E A2 AF 81 29 6D 24 2C 02 2B BE
441. | E8 8D BA AE 15 DF AD FD BF 16 9A 8A B7 FA 1E F7
442. | 57 E0 75 3C 73 D6 59 5B 8A 67 C7 E3 58 3F FA A3
443. | 27 2B DD 88 6B 2B 34 31 4B FB 68 03 D1 D7 93 E4
444. | 40 DA C7 F4 68 3E 4F 19 EA 71 9B FF 93 AE 8B F9
445. | 05 2A 2D BA 5C 1E FB FA BF EB 22 05 18 2E 77 A4
446. | CD DD BA E5 04 D9 37 A4 99 B1 2F 59 4F FB B1 DA
447. | BA F4 48 89 B1 D8 31 8D 29 89 15 66 CE 32 A5 52
448. | E2 E9 DF 70 B3 40 6C EC 80 BD E4 D4 2B 61 54 13
449. | 8F 68 2F D3 CF A9 44 93 B3 F2 C4 BB 1A DE 5F B7
450. | CF C9 72 BF FD FD AD E9 3A B6 8A 45 7B EB 82 B2
451. | A0 5D 0F F1 80 1E D6 7B 2B 38 9A 06 29 E5 57 0C
452. NONCE Payload
453. | Next Payload : NOTIFY
454. | CRITICAL : NO
455. | Reserved : 0x00
456. | Length : 36 Bytes
457. | Nonce(256 bits) : 62 E7 00 B6 B2 FD 20 EC 16 BB DE 7E 34 12 BB 99
458. | F9 6B 58 1F 86 28 61 F2 43 56 72 9F 37 A7 9C E7
459. NOTIFY Payload
460. | Next Payload : NOTIFY
461. | CRITICAL : NO
462. | Reserved : 0x00
463. | Length : 28 Bytes
464. | Protocol ID : <Unknown 0>
465. | SPI size : 0
466. | Message type : STATUS_NAT_DETECTION_SOURCE_IP
467. | Notif. data : 1D 63 05 67 F9 18 F0 E5 96 CF 4C D3 53 F2 BC CD
468. | 54 D8 81 08
469. NOTIFY Payload
470. | Next Payload : NOTIFY
471. | CRITICAL : NO
472. | Reserved : 0x00
473. | Length : 28 Bytes
474. | Protocol ID : <Unknown 0>
475. | SPI size : 0
476. | Message type : STATUS_NAT_DETECTION_DESTINATION_IP
477. | Notif. data : 07 99 7E 3C 05 D1 AA A6 A5 C2 11 E8 FB 86 FC B3
478. | A3 5B 70 83
479. NOTIFY Payload
480. | Next Payload : NOTIFY
481. | CRITICAL : NO
482. | Reserved : 0x00
483. | Length : 8 Bytes
484. | Protocol ID : <Unknown 0>
485. | SPI size : 0
486. | Message type : IKEV2_FRAGMENTATION_SUPPORTED
487. NOTIFY Payload
488. | Next Payload : NONE
489. | CRITICAL : NO
490. | Reserved : 0x00
491. | Length : 16 Bytes
492. | Protocol ID : <Unknown 0>
493. | SPI size : 0
494. | Message type : SIGNATURE_HASH_ALGORITHMS
495. | Sign. Hash Algs. : SHA1, SHA-256, SHA-384, SHA-512
496.  
497. [VPN-Debug] 2022/01/18 12:01:24,902 Devicetime: 2022/01/18 12:01:33,088
498. Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1072 bytes
499. Gateways: öffentlicheIP:500<--smartphoneIP:44427
500. SPIs: 0x7C7B91FCDB12819A0000000000000000, Message-ID 0
501. Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
502. QUB-DATA: öffentlicheIP:500<---smartphoneIP:44427 rtg_tag 0 physical-channel WAN(1)
503. transport: [id: 2440863, UDP (17) {incoming unicast, fixed source address}, dst: smartphoneIP, tag 0 (U), src: öffentlicheIP, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (5), mac address: ff:ff:ff:ff:ff:ff, port 0], local port: 500, remote port: 44427
504. +No IKE_SA found
505. Counting consumed licenses by active channels...
506. Consumed connected licenses : 0
507. Negotiating connections : 0
508. IKE negotiations : 0
509. MPPE connections : 0
510. Licenses in use : 0 < 5
511. +Passive connection request accepted (83 micro seconds)
512. Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
513. +Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
514. Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
515. +Computing SHA1(0x7C7B91FCDB12819A0000000000000000|smartphoneIP:44427)
516. +Computing SHA1(0x7C7B91FCDB12819A0000000000000000B218FAC2AD8B)
517. +Computed: 0x5F41F0962916DB436D0E7777E1E5DF5001089C22
518. +Received: 0x1D630567F918F0E596CF4CD353F2BCCD54D88108
519. +Not equal => NAT-T enabled => switching on port 4500
520. Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
521. +Computing SHA1(0x7C7B91FCDB12819A0000000000000000|öffentlicheIP:500)
522. +Computing SHA1(0x7C7B91FCDB12819A0000000000000000509922F001F4)
523. +Computed: 0x07997E3C05D1AAA6A5C211E8FB86FCB3A35B7083
524. +Received: 0x07997E3C05D1AAA6A5C211E8FB86FCB3A35B7083
525. +Equal => NAT-T is already enabled
526. Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
527. Looking for payload IKE_SA (33)...Found 1 payload.
528. +Config ENCR transform(s): AES-CBC-256
529. +Received ENCR transform(s): AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
530. +Best intersection: AES-CBC-256
531. +Config PRF transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
532. +Received PRF transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
533. +Best intersection: PRF-HMAC-SHA-256
534. +Config INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
535. +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
536. +Best intersection: HMAC-SHA-256
537. +Config DH transform(s): 14
538. +Received DH transform(s): 16 31 15 14
539. +Best intersection: 14
540.  
541. [VPN-Status] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,088
542. Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1072 bytes
543. Gateways: öffentlicheIP:500<--smartphoneIP:44427
544. SPIs: 0x7C7B91FCDB12819A0000000000000000, Message-ID 0
545. Peer identified: DEFAULT
546. IKE_SA ('', '' IPSEC_IKE SPIs 0x7C7B91FCDB12819A715EA1E74F1D7DF9) entered to SADB
547. Received 4 notifications:
548. +NAT_DETECTION_SOURCE_IP(0x1D630567F918F0E596CF4CD353F2BCCD54D88108) (STATUS)
549. +NAT_DETECTION_DESTINATION_IP(0x07997E3C05D1AAA6A5C211E8FB86FCB3A35B7083) (STATUS)
550. +IKEV2_FRAGMENTATION_SUPPORTED (STATUS)
551. +SIGNATURE_HASH_ALGORITHMS(0x0001000200030004) (STATUS)
552. Peer (initiator) is behind a NAT
553. NAT-T enabled => switching on port 4500
554. We (responder) are not behind a NAT. NAT-T is already enabled
555. +IKE-SA:
556. IKE-Proposal-1 (21 transforms)
557. ENCR : AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
558. PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
559. INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
560. DH : 16 31 15 14
561. IKE-Proposal-2 (20 transforms)
562. ENCR : ENCR-CHACHA20-POLY1305 AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
563. PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
564. DH : 16 31 15 14
565. -Agreed on DH-Group 14 but received KE-DH-Group 16 => responding with INVALID_KE_PAYLOAD(14)
566.  
567. [VPN-IKE] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,089
568. [DEFAULT] Sending packet:
569. IKE 2.0 Header:
570. Source/Port : öffentlicheIP:500
571. Destination/Port : smartphoneIP:44427
572. Routing-tag : 0
573. Com-channel : 0
574. | Initiator cookie : 7C 7B 91 FC DB 12 81 9A
575. | Responder cookie : 00 00 00 00 00 00 00 00
576. | Next Payload : NOTIFY
577. | Version : 2.0
578. | Exchange type : IKE_SA_INIT
579. | Flags : 0x20 Response
580. | Msg-ID : 0
581. | Length : 38 Bytes
582. NOTIFY Payload
583. | Next Payload : NONE
584. | CRITICAL : NO
585. | Reserved : 0x00
586. | Length : 10 Bytes
587. | Protocol ID : <Unknown 0>
588. | SPI size : 0
589. | Message type : INVALID_KE_PAYLOAD
590. | Notif. data : 00 0E
591.  
592. [VPN-Debug] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,089
593. Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
594. +(request, response) pair inserted into retransmission map
595. Sending an IKE_SA_INIT-RESPONSE of 38 bytes (responder)
596. Gateways: öffentlicheIP:500-->smartphoneIP:44427, tag 0 (UDP)
597. SPIs: 0x7C7B91FCDB12819A0000000000000000, Message-ID 0
598. Payloads: NOTIFY(INVALID_KE_PAYLOAD[0x000E])
599.  
600. [VPN-Status] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,089
601. Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
602. NOTIFY(INVALID_KE_PAYLOAD[14])
603. Sending an IKE_SA_INIT-RESPONSE of 38 bytes (responder)
604. Gateways: öffentlicheIP:500-->smartphoneIP:44427, tag 0 (UDP)
605. SPIs: 0x7C7B91FCDB12819A0000000000000000, Message-ID 0
606.  
607. [VPN-Debug] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,090
608. IKE-TRANSPORT freed
609.  
610. [VPN-Status] 2022/01/18 12:01:24,904 Devicetime: 2022/01/18 12:01:33,090
611. IKE_SA ('', '' IPSEC_IKE SPIs 0x7C7B91FCDB12819A0000000000000000) removed from SADB
612. IKE_SA ('', '' IPSEC_IKE SPIs 0x7C7B91FCDB12819A0000000000000000) freed
613.  
614. [VPN-IKE] 2022/01/18 12:01:25,055 Devicetime: 2022/01/18 12:01:33,190
615. [DEFAULT] Received packet:
616. IKE 2.0 Header:
617. Source/Port : smartphoneIP:44427
618. Destination/Port : öffentlicheIP:500
619. Routing-tag : 0
620. Com-channel : 0
621. | Initiator cookie : 5A 1C 35 41 86 81 74 0B
622. | Responder cookie : 00 00 00 00 00 00 00 00
623. | Next Payload : SA
624. | Version : 2.0
625. | Exchange type : IKE_SA_INIT
626. | Flags : 0x08 Initiator
627. | Msg-ID : 0
628. | Length : 816 Bytes
629. SA Payload
630. | Next Payload : KE
631. | CRITICAL : NO
632. | Reserved : 0x00
633. | Length : 408 Bytes
634. | PROPOSAL Payload
635. | | Next Payload : PROPOSAL
636. | | Reserved : 0x00
637. | | Length : 200 Bytes
638. | | Proposal number : 1
639. | | Protocol ID : IPSEC_IKE
640. | | SPI size : 0
641. | | #Transforms : 21
642. | | TRANSFORM Payload
643. | | | Next Payload : TRANSFORM
644. | | | Reserved : 0x00
645. | | | Length : 12 Bytes
646. | | | Transform Type: ENCR (1)
647. | | | Reserved2 : 0x00
648. | | | Transform ID : AES-128-CTR (13)
649. | | | Attribute 0
650. | | | | Type : Basic, KEYLENGTH
651. | | | | Value : 256
652. | | TRANSFORM Payload
653. | | | Next Payload : TRANSFORM
654. | | | Reserved : 0x00
655. | | | Length : 12 Bytes
656. | | | Transform Type: ENCR (1)
657. | | | Reserved2 : 0x00
658. | | | Transform ID : AES-CBC (12)
659. | | | Attribute 0
660. | | | | Type : Basic, KEYLENGTH
661. | | | | Value : 256
662. | | TRANSFORM Payload
663. | | | Next Payload : TRANSFORM
664. | | | Reserved : 0x00
665. | | | Length : 12 Bytes
666. | | | Transform Type: ENCR (1)
667. | | | Reserved2 : 0x00
668. | | | Transform ID : AES-128-CTR (13)
669. | | | Attribute 0
670. | | | | Type : Basic, KEYLENGTH
671. | | | | Value : 192
672. | | TRANSFORM Payload
673. | | | Next Payload : TRANSFORM
674. | | | Reserved : 0x00
675. | | | Length : 12 Bytes
676. | | | Transform Type: ENCR (1)
677. | | | Reserved2 : 0x00
678. | | | Transform ID : AES-CBC (12)
679. | | | Attribute 0
680. | | | | Type : Basic, KEYLENGTH
681. | | | | Value : 192
682. | | TRANSFORM Payload
683. | | | Next Payload : TRANSFORM
684. | | | Reserved : 0x00
685. | | | Length : 12 Bytes
686. | | | Transform Type: ENCR (1)
687. | | | Reserved2 : 0x00
688. | | | Transform ID : AES-128-CTR (13)
689. | | | Attribute 0
690. | | | | Type : Basic, KEYLENGTH
691. | | | | Value : 128
692. | | TRANSFORM Payload
693. | | | Next Payload : TRANSFORM
694. | | | Reserved : 0x00
695. | | | Length : 12 Bytes
696. | | | Transform Type: ENCR (1)
697. | | | Reserved2 : 0x00
698. | | | Transform ID : AES-CBC (12)
699. | | | Attribute 0
700. | | | | Type : Basic, KEYLENGTH
701. | | | | Value : 128
702. | | TRANSFORM Payload
703. | | | Next Payload : TRANSFORM
704. | | | Reserved : 0x00
705. | | | Length : 8 Bytes
706. | | | Transform Type: INTEG (3)
707. | | | Reserved2 : 0x00
708. | | | Transform ID : HMAC-SHA-512 (14)
709. | | | Attributes : NONE
710. | | TRANSFORM Payload
711. | | | Next Payload : TRANSFORM
712. | | | Reserved : 0x00
713. | | | Length : 8 Bytes
714. | | | Transform Type: INTEG (3)
715. | | | Reserved2 : 0x00
716. | | | Transform ID : HMAC-SHA-384 (13)
717. | | | Attributes : NONE
718. | | TRANSFORM Payload
719. | | | Next Payload : TRANSFORM
720. | | | Reserved : 0x00
721. | | | Length : 8 Bytes
722. | | | Transform Type: INTEG (3)
723. | | | Reserved2 : 0x00
724. | | | Transform ID : HMAC-SHA-256 (12)
725. | | | Attributes : NONE
726. | | TRANSFORM Payload
727. | | | Next Payload : TRANSFORM
728. | | | Reserved : 0x00
729. | | | Length : 8 Bytes
730. | | | Transform Type: INTEG (3)
731. | | | Reserved2 : 0x00
732. | | | Transform ID : AES-XCBC-96 (5)
733. | | | Attributes : NONE
734. | | TRANSFORM Payload
735. | | | Next Payload : TRANSFORM
736. | | | Reserved : 0x00
737. | | | Length : 8 Bytes
738. | | | Transform Type: INTEG (3)
739. | | | Reserved2 : 0x00
740. | | | Transform ID : AES-CMAC-96 (8)
741. | | | Attributes : NONE
742. | | TRANSFORM Payload
743. | | | Next Payload : TRANSFORM
744. | | | Reserved : 0x00
745. | | | Length : 8 Bytes
746. | | | Transform Type: DH (4)
747. | | | Reserved2 : 0x00
748. | | | Transform ID : 4096-BIT MODP (16)
749. | | | Attributes : NONE
750. | | TRANSFORM Payload
751. | | | Next Payload : TRANSFORM
752. | | | Reserved : 0x00
753. | | | Length : 8 Bytes
754. | | | Transform Type: DH (4)
755. | | | Reserved2 : 0x00
756. | | | Transform ID : CURVE25519 (31)
757. | | | Attributes : NONE
758. | | TRANSFORM Payload
759. | | | Next Payload : TRANSFORM
760. | | | Reserved : 0x00
761. | | | Length : 8 Bytes
762. | | | Transform Type: DH (4)
763. | | | Reserved2 : 0x00
764. | | | Transform ID : 3072-BIT MODP (15)
765. | | | Attributes : NONE
766. | | TRANSFORM Payload
767. | | | Next Payload : TRANSFORM
768. | | | Reserved : 0x00
769. | | | Length : 8 Bytes
770. | | | Transform Type: DH (4)
771. | | | Reserved2 : 0x00
772. | | | Transform ID : 2048-BIT MODP (14)
773. | | | Attributes : NONE
774. | | TRANSFORM Payload
775. | | | Next Payload : TRANSFORM
776. | | | Reserved : 0x00
777. | | | Length : 8 Bytes
778. | | | Transform Type: PRF (2)
779. | | | Reserved2 : 0x00
780. | | | Transform ID : PRF-HMAC-SHA1 (2)
781. | | | Attributes : NONE
782. | | TRANSFORM Payload
783. | | | Next Payload : TRANSFORM
784. | | | Reserved : 0x00
785. | | | Length : 8 Bytes
786. | | | Transform Type: PRF (2)
787. | | | Reserved2 : 0x00
788. | | | Transform ID : PRF-AES128-XCBC (4)
789. | | | Attributes : NONE
790. | | TRANSFORM Payload
791. | | | Next Payload : TRANSFORM
792. | | | Reserved : 0x00
793. | | | Length : 8 Bytes
794. | | | Transform Type: PRF (2)
795. | | | Reserved2 : 0x00
796. | | | Transform ID : PRF-HMAC-SHA-256 (5)
797. | | | Attributes : NONE
798. | | TRANSFORM Payload
799. | | | Next Payload : TRANSFORM
800. | | | Reserved : 0x00
801. | | | Length : 8 Bytes
802. | | | Transform Type: PRF (2)
803. | | | Reserved2 : 0x00
804. | | | Transform ID : PRF-HMAC-SHA-384 (6)
805. | | | Attributes : NONE
806. | | TRANSFORM Payload
807. | | | Next Payload : TRANSFORM
808. | | | Reserved : 0x00
809. | | | Length : 8 Bytes
810. | | | Transform Type: PRF (2)
811. | | | Reserved2 : 0x00
812. | | | Transform ID : PRF-HMAC-SHA-512 (7)
813. | | | Attributes : NONE
814. | | TRANSFORM Payload
815. | | | Next Payload : NONE
816. | | | Reserved : 0x00
817. | | | Length : 8 Bytes
818. | | | Transform Type: PRF (2)
819. | | | Reserved2 : 0x00
820. | | | Transform ID : PRF-AES128-CMAC (8)
821. | | | Attributes : NONE
822. | PROPOSAL Payload
823. | | Next Payload : NONE
824. | | Reserved : 0x00
825. | | Length : 204 Bytes
826. | | Proposal number : 2
827. | | Protocol ID : IPSEC_IKE
828. | | SPI size : 0
829. | | #Transforms : 20
830. | | TRANSFORM Payload
831. | | | Next Payload : TRANSFORM
832. | | | Reserved : 0x00
833. | | | Length : 8 Bytes
834. | | | Transform Type: ENCR (1)
835. | | | Reserved2 : 0x00
836. | | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
837. | | | Attributes : NONE
838. | | TRANSFORM Payload
839. | | | Next Payload : TRANSFORM
840. | | | Reserved : 0x00
841. | | | Length : 12 Bytes
842. | | | Transform Type: ENCR (1)
843. | | | Reserved2 : 0x00
844. | | | Transform ID : AES-GCM-16 (20)
845. | | | Attribute 0
846. | | | | Type : Basic, KEYLENGTH
847. | | | | Value : 256
848. | | TRANSFORM Payload
849. | | | Next Payload : TRANSFORM
850. | | | Reserved : 0x00
851. | | | Length : 12 Bytes
852. | | | Transform Type: ENCR (1)
853. | | | Reserved2 : 0x00
854. | | | Transform ID : AES-GCM-12 (19)
855. | | | Attribute 0
856. | | | | Type : Basic, KEYLENGTH
857. | | | | Value : 256
858. | | TRANSFORM Payload
859. | | | Next Payload : TRANSFORM
860. | | | Reserved : 0x00
861. | | | Length : 12 Bytes
862. | | | Transform Type: ENCR (1)
863. | | | Reserved2 : 0x00
864. | | | Transform ID : AES-GCM-8 (18)
865. | | | Attribute 0
866. | | | | Type : Basic, KEYLENGTH
867. | | | | Value : 256
868. | | TRANSFORM Payload
869. | | | Next Payload : TRANSFORM
870. | | | Reserved : 0x00
871. | | | Length : 12 Bytes
872. | | | Transform Type: ENCR (1)
873. | | | Reserved2 : 0x00
874. | | | Transform ID : AES-GCM-16 (20)
875. | | | Attribute 0
876. | | | | Type : Basic, KEYLENGTH
877. | | | | Value : 192
878. | | TRANSFORM Payload
879. | | | Next Payload : TRANSFORM
880. | | | Reserved : 0x00
881. | | | Length : 12 Bytes
882. | | | Transform Type: ENCR (1)
883. | | | Reserved2 : 0x00
884. | | | Transform ID : AES-GCM-12 (19)
885. | | | Attribute 0
886. | | | | Type : Basic, KEYLENGTH
887. | | | | Value : 192
888. | | TRANSFORM Payload
889. | | | Next Payload : TRANSFORM
890. | | | Reserved : 0x00
891. | | | Length : 12 Bytes
892. | | | Transform Type: ENCR (1)
893. | | | Reserved2 : 0x00
894. | | | Transform ID : AES-GCM-8 (18)
895. | | | Attribute 0
896. | | | | Type : Basic, KEYLENGTH
897. | | | | Value : 192
898. | | TRANSFORM Payload
899. | | | Next Payload : TRANSFORM
900. | | | Reserved : 0x00
901. | | | Length : 12 Bytes
902. | | | Transform Type: ENCR (1)
903. | | | Reserved2 : 0x00
904. | | | Transform ID : AES-GCM-16 (20)
905. | | | Attribute 0
906. | | | | Type : Basic, KEYLENGTH
907. | | | | Value : 128
908. | | TRANSFORM Payload
909. | | | Next Payload : TRANSFORM
910. | | | Reserved : 0x00
911. | | | Length : 12 Bytes
912. | | | Transform Type: ENCR (1)
913. | | | Reserved2 : 0x00
914. | | | Transform ID : AES-GCM-12 (19)
915. | | | Attribute 0
916. | | | | Type : Basic, KEYLENGTH
917. | | | | Value : 128
918. | | TRANSFORM Payload
919. | | | Next Payload : TRANSFORM
920. | | | Reserved : 0x00
921. | | | Length : 12 Bytes
922. | | | Transform Type: ENCR (1)
923. | | | Reserved2 : 0x00
924. | | | Transform ID : AES-GCM-8 (18)
925. | | | Attribute 0
926. | | | | Type : Basic, KEYLENGTH
927. | | | | Value : 128
928. | | TRANSFORM Payload
929. | | | Next Payload : TRANSFORM
930. | | | Reserved : 0x00
931. | | | Length : 8 Bytes
932. | | | Transform Type: DH (4)
933. | | | Reserved2 : 0x00
934. | | | Transform ID : 4096-BIT MODP (16)
935. | | | Attributes : NONE
936. | | TRANSFORM Payload
937. | | | Next Payload : TRANSFORM
938. | | | Reserved : 0x00
939. | | | Length : 8 Bytes
940. | | | Transform Type: DH (4)
941. | | | Reserved2 : 0x00
942. | | | Transform ID : CURVE25519 (31)
943. | | | Attributes : NONE
944. | | TRANSFORM Payload
945. | | | Next Payload : TRANSFORM
946. | | | Reserved : 0x00
947. | | | Length : 8 Bytes
948. | | | Transform Type: DH (4)
949. | | | Reserved2 : 0x00
950. | | | Transform ID : 3072-BIT MODP (15)
951. | | | Attributes : NONE
952. | | TRANSFORM Payload
953. | | | Next Payload : TRANSFORM
954. | | | Reserved : 0x00
955. | | | Length : 8 Bytes
956. | | | Transform Type: DH (4)
957. | | | Reserved2 : 0x00
958. | | | Transform ID : 2048-BIT MODP (14)
959. | | | Attributes : NONE
960. | | TRANSFORM Payload
961. | | | Next Payload : TRANSFORM
962. | | | Reserved : 0x00
963. | | | Length : 8 Bytes
964. | | | Transform Type: PRF (2)
965. | | | Reserved2 : 0x00
966. | | | Transform ID : PRF-HMAC-SHA1 (2)
967. | | | Attributes : NONE
968. | | TRANSFORM Payload
969. | | | Next Payload : TRANSFORM
970. | | | Reserved : 0x00
971. | | | Length : 8 Bytes
972. | | | Transform Type: PRF (2)
973. | | | Reserved2 : 0x00
974. | | | Transform ID : PRF-AES128-XCBC (4)
975. | | | Attributes : NONE
976. | | TRANSFORM Payload
977. | | | Next Payload : TRANSFORM
978. | | | Reserved : 0x00
979. | | | Length : 8 Bytes
980. | | | Transform Type: PRF (2)
981. | | | Reserved2 : 0x00
982. | | | Transform ID : PRF-HMAC-SHA-256 (5)
983. | | | Attributes : NONE
984. | | TRANSFORM Payload
985. | | | Next Payload : TRANSFORM
986. | | | Reserved : 0x00
987. | | | Length : 8 Bytes
988. | | | Transform Type: PRF (2)
989. | | | Reserved2 : 0x00
990. | | | Transform ID : PRF-HMAC-SHA-384 (6)
991. | | | Attributes : NONE
992. | | TRANSFORM Payload
993. | | | Next Payload : TRANSFORM
994. | | | Reserved : 0x00
995. | | | Length : 8 Bytes
996. | | | Transform Type: PRF (2)
997. | | | Reserved2 : 0x00
998. | | | Transform ID : PRF-HMAC-SHA-512 (7)
999. | | | Attributes : NONE
1000. | | TRANSFORM Payload
1001. | | | Next Payload : NONE
1002. | | | Reserved : 0x00
1003. | | | Length : 8 Bytes
1004. | | | Transform Type: PRF (2)
1005. | | | Reserved2 : 0x00
1006. | | | Transform ID : PRF-AES128-CMAC (8)
1007. | | | Attributes : NONE
1008. KE Payload
1009. | Next Payload : NONCE
1010. | CRITICAL : NO
1011. | Reserved : 0x00
1012. | Length : 264 Bytes
1013. | DH Group : 14
1014. | Reserved2 : 0x0000
1015. | DH-Key(2048 bits) : 8F D0 51 A1 48 B7 1B B4 52 2B 82 C0 80 CE 51 18
1016. | 1E 7F 06 A5 4F 40 62 9D 36 A1 34 FD FB 5C C3 79
1017. | 11 D4 C5 DB 9E B7 23 37 A9 FE 4D CD D9 59 0B 5C
1018. | 32 E8 E8 5E 82 50 FB EF D3 2F 28 B3 F2 27 11 A1
1019. | 4A 62 D4 BD 1C A0 08 0C 45 1F F3 FB E8 AE AF 0B
1020. | 11 5F A7 41 B8 F5 88 D5 B9 05 56 97 40 92 11 B2
1021. | F0 E2 D8 5C A0 E0 51 DC F0 F0 90 6E EF 29 CA 92
1022. | E1 17 6A B8 BD F5 D1 7D AB 8F FB 68 45 8D 6E A5
1023. | 4E FC 6D C0 75 13 29 2A BD F9 82 08 9A 80 3C 74
1024. | 3A BE 08 19 86 F4 D6 01 E7 8A 4B 28 2E 9C C5 F6
1025. | C6 70 42 EA 8A F3 60 8F B9 57 47 EF 11 85 39 11
1026. | C4 BD BB 77 E4 A3 E1 20 62 03 75 7C B2 0C 2C 7F
1027. | 3F 56 7B 56 15 16 7B 80 F9 92 56 EF 1F E9 18 A0
1028. | 1B B9 83 C3 D1 C1 BE 90 10 F7 0F 6D E3 F5 70 96
1029. | E5 EA C3 CD 27 EC 31 4B 59 F9 C1 7A 4D 45 F9 C2
1030. | 6F 8E 21 22 9F 60 CD 38 F0 67 62 04 85 35 9D F2
1031. NONCE Payload
1032. | Next Payload : NOTIFY
1033. | CRITICAL : NO
1034. | Reserved : 0x00
1035. | Length : 36 Bytes
1036. | Nonce(256 bits) : 8F C7 71 AD 1A 54 D7 69 D8 87 8B 3D 90 0E 86 DB
1037. | D7 63 BA 14 8A 9A 10 EE D1 CB 24 25 21 2C 73 56
1038. NOTIFY Payload
1039. | Next Payload : NOTIFY
1040. | CRITICAL : NO
1041. | Reserved : 0x00
1042. | Length : 28 Bytes
1043. | Protocol ID : <Unknown 0>
1044. | SPI size : 0
1045. | Message type : STATUS_NAT_DETECTION_SOURCE_IP
1046. | Notif. data : 98 06 86 6A 84 09 ED D1 2D 55 01 EE 64 C2 EA 14
1047. | 92 99 7D 03
1048. NOTIFY Payload
1049. | Next Payload : NOTIFY
1050. | CRITICAL : NO
1051. | Reserved : 0x00
1052. | Length : 28 Bytes
1053. | Protocol ID : <Unknown 0>
1054. | SPI size : 0
1055. | Message type : STATUS_NAT_DETECTION_DESTINATION_IP
1056. | Notif. data : DE 3D 76 CF B7 94 BF 30 0E 49 7C A5 66 BF 89 30
1057. | 65 CF EF A2
1058. NOTIFY Payload
1059. | Next Payload : NOTIFY
1060. | CRITICAL : NO
1061. | Reserved : 0x00
1062. | Length : 8 Bytes
1063. | Protocol ID : <Unknown 0>
1064. | SPI size : 0
1065. | Message type : IKEV2_FRAGMENTATION_SUPPORTED
1066. NOTIFY Payload
1067. | Next Payload : NONE
1068. | CRITICAL : NO
1069. | Reserved : 0x00
1070. | Length : 16 Bytes
1071. | Protocol ID : <Unknown 0>
1072. | SPI size : 0
1073. | Message type : SIGNATURE_HASH_ALGORITHMS
1074. | Sign. Hash Algs. : SHA1, SHA-256, SHA-384, SHA-512
1075.  
1076. [VPN-Debug] 2022/01/18 12:01:25,071 Devicetime: 2022/01/18 12:01:33,200
1077. Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 816 bytes
1078. Gateways: öffentlicheIP:500<--smartphoneIP:44427
1079. SPIs: 0x5A1C35418681740B0000000000000000, Message-ID 0
1080. Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
1081. QUB-DATA: öffentlicheIP:500<---smartphoneIP:44427 rtg_tag 0 physical-channel WAN(1)
1082. transport: [id: 2440864, UDP (17) {incoming unicast, fixed source address}, dst: smartphoneIP, tag 0 (U), src: öffentlicheIP, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (5), mac address: ff:ff:ff:ff:ff:ff, port 0], local port: 500, remote port: 44427
1083. +No IKE_SA found
1084. Counting consumed licenses by active channels...
1085. Consumed connected licenses : 0
1086. Negotiating connections : 0
1087. IKE negotiations : 0
1088. MPPE connections : 0
1089. Licenses in use : 0 < 5
1090. +Passive connection request accepted (82 micro seconds)
1091. Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
1092. +Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
1093. Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
1094. +Computing SHA1(0x5A1C35418681740B0000000000000000|smartphoneIP:44427)
1095. +Computing SHA1(0x5A1C35418681740B0000000000000000B218FAC2AD8B)
1096. +Computed: 0x33DE868DAEEEA5DE1EF4260E73C3048AF55A936D
1097. +Received: 0x9806866A8409EDD12D5501EE64C2EA1492997D03
1098. +Not equal => NAT-T enabled => switching on port 4500
1099. Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
1100. +Computing SHA1(0x5A1C35418681740B0000000000000000|öffentlicheIP:500)
1101. +Computing SHA1(0x5A1C35418681740B0000000000000000509922F001F4)
1102. +Computed: 0xDE3D76CFB794BF300E497CA566BF893065CFEFA2
1103. +Received: 0xDE3D76CFB794BF300E497CA566BF893065CFEFA2
1104. +Equal => NAT-T is already enabled
1105. Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
1106. Looking for payload IKE_SA (33)...Found 1 payload.
1107. +Config ENCR transform(s): AES-CBC-256
1108. +Received ENCR transform(s): AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
1109. +Best intersection: AES-CBC-256
1110. +Config PRF transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
1111. +Received PRF transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
1112. +Best intersection: PRF-HMAC-SHA-256
1113. +Config INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
1114. +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
1115. +Best intersection: HMAC-SHA-256
1116. +Config DH transform(s): 14
1117. +Received DH transform(s): 16 31 15 14
1118. +Best intersection: 14
1119. Looking for payload NONCE (40)...Found 1 payload.
1120. +Nonce length=32 bytes
1121. +Nonce=0x8FC771AD1A54D769D8878B3D900E86DBD763BA148A9A10EED1CB2425212C7356
1122. +SA-DATA-Ni=0x8FC771AD1A54D769D8878B3D900E86DBD763BA148A9A10EED1CB2425212C7356
1123.  
1124. [VPN-Status] 2022/01/18 12:01:25,073 Devicetime: 2022/01/18 12:01:33,200
1125. Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 816 bytes
1126. Gateways: öffentlicheIP:500<--smartphoneIP:44427
1127. SPIs: 0x5A1C35418681740B0000000000000000, Message-ID 0
1128. Peer identified: DEFAULT
1129. IKE_SA ('', '' IPSEC_IKE SPIs 0x5A1C35418681740B13FB7B459F87A40E) entered to SADB
1130. Received 4 notifications:
1131. +NAT_DETECTION_SOURCE_IP(0x9806866A8409EDD12D5501EE64C2EA1492997D03) (STATUS)
1132. +NAT_DETECTION_DESTINATION_IP(0xDE3D76CFB794BF300E497CA566BF893065CFEFA2) (STATUS)
1133. +IKEV2_FRAGMENTATION_SUPPORTED (STATUS)
1134. +SIGNATURE_HASH_ALGORITHMS(0x0001000200030004) (STATUS)
1135. Peer (initiator) is behind a NAT
1136. NAT-T enabled => switching on port 4500
1137. We (responder) are not behind a NAT. NAT-T is already enabled
1138. +IKE-SA:
1139. IKE-Proposal-1 (21 transforms)
1140. ENCR : AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
1141. PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
1142. INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
1143. DH : 16 31 15 14
1144. IKE-Proposal-2 (20 transforms)
1145. ENCR : ENCR-CHACHA20-POLY1305 AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
1146. PRF : PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
1147. DH : 16 31 15 14
1148. +Received KE-DH-Group 14 (2048 bits)
1149.  
1150. [VPN-IKE] 2022/01/18 12:01:25,073 Devicetime: 2022/01/18 12:01:33,206
1151. [DEFAULT] Sending packet:
1152. IKE 2.0 Header:
1153. Source/Port : öffentlicheIP:500
1154. Destination/Port : smartphoneIP:44427
1155. Routing-tag : 0
1156. Com-channel : 0
1157. | Initiator cookie : 5A 1C 35 41 86 81 74 0B
1158. | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
1159. | Next Payload : SA
1160. | Version : 2.0
1161. | Exchange type : IKE_SA_INIT
1162. | Flags : 0x20 Response
1163. | Msg-ID : 0
1164. | Length : 503 Bytes
1165. SA Payload
1166. | Next Payload : KE
1167. | CRITICAL : NO
1168. | Reserved : 0x00
1169. | Length : 48 Bytes
1170. | PROPOSAL Payload
1171. | | Next Payload : NONE
1172. | | Reserved : 0x00
1173. | | Length : 44 Bytes
1174. | | Proposal number : 1
1175. | | Protocol ID : IPSEC_IKE
1176. | | SPI size : 0
1177. | | #Transforms : 4
1178. | | TRANSFORM Payload
1179. | | | Next Payload : TRANSFORM
1180. | | | Reserved : 0x00
1181. | | | Length : 12 Bytes
1182. | | | Transform Type: ENCR (1)
1183. | | | Reserved2 : 0x00
1184. | | | Transform ID : AES-CBC (12)
1185. | | | Attribute 0
1186. | | | | Type : Basic, KEYLENGTH
1187. | | | | Value : 256
1188. | | TRANSFORM Payload
1189. | | | Next Payload : TRANSFORM
1190. | | | Reserved : 0x00
1191. | | | Length : 8 Bytes
1192. | | | Transform Type: PRF (2)
1193. | | | Reserved2 : 0x00
1194. | | | Transform ID : PRF-HMAC-SHA-256 (5)
1195. | | | Attributes : NONE
1196. | | TRANSFORM Payload
1197. | | | Next Payload : TRANSFORM
1198. | | | Reserved : 0x00
1199. | | | Length : 8 Bytes
1200. | | | Transform Type: INTEG (3)
1201. | | | Reserved2 : 0x00
1202. | | | Transform ID : HMAC-SHA-256 (12)
1203. | | | Attributes : NONE
1204. | | TRANSFORM Payload
1205. | | | Next Payload : NONE
1206. | | | Reserved : 0x00
1207. | | | Length : 8 Bytes
1208. | | | Transform Type: DH (4)
1209. | | | Reserved2 : 0x00
1210. | | | Transform ID : 2048-BIT MODP (14)
1211. | | | Attributes : NONE
1212. KE Payload
1213. | Next Payload : NONCE
1214. | CRITICAL : NO
1215. | Reserved : 0x00
1216. | Length : 264 Bytes
1217. | DH Group : 14
1218. | Reserved2 : 0x0000
1219. | DH-Key(2048 bits) : FB 2B 90 02 F7 49 A3 D3 D8 DC 16 C6 70 75 68 C0
1220. | 48 E5 3D 3B A3 48 DC 74 62 F6 62 9F F4 B5 D4 BF
1221. | 9E 04 B2 DE FF 9C F9 26 2C C8 17 27 C8 72 C1 FC
1222. | BB 2A 51 CD AF 36 41 78 7C 51 03 BB 43 66 0D 15
1223. | 76 4C 68 33 EE 76 FD 32 E7 73 25 55 82 9F E5 EE
1224. | EF 11 6E 91 F3 4B 0B B8 65 CA DC 78 B0 05 4B E0
1225. | 82 8A 2E 8B CE C4 6C 42 78 53 FF 01 D4 C0 8A 52
1226. | 16 46 ED 94 80 2C 2C E3 48 44 C2 46 58 44 E9 5C
1227. | E5 E0 7E 34 24 63 AF AC 70 26 72 A2 0B E5 34 FE
1228. | F2 BA C2 58 E7 49 6B 07 90 E8 81 E4 EE A9 A7 FD
1229. | C3 04 6E AD EF DF DC 76 03 B9 C7 19 8C 62 82 ED
1230. | E1 D6 5E CD 45 62 37 16 DE F7 FE BB 3D 07 5E FA
1231. | 4E 6D 5D B6 08 70 3D F9 61 49 0B 75 9A CE D9 FB
1232. | C0 D9 F7 8C E9 B6 E2 BA 80 D0 47 5E 6D FB 0D 50
1233. | D2 97 B6 64 D5 C7 81 6C 34 AD 8E E9 BC 75 DD 71
1234. | 95 36 65 06 79 D4 9F DB 7F 48 25 A1 35 D6 F5 5A
1235. NONCE Payload
1236. | Next Payload : NOTIFY
1237. | CRITICAL : NO
1238. | Reserved : 0x00
1239. | Length : 36 Bytes
1240. | Nonce(256 bits) : D6 AB C2 38 18 5A E0 6E DF 94 37 65 6E 04 D7 03
1241. | 2F 2D CF C2 37 84 F9 21 A7 3E B6 9C E1 57 20 0A
1242. NOTIFY Payload
1243. | Next Payload : NOTIFY
1244. | CRITICAL : NO
1245. | Reserved : 0x00
1246. | Length : 28 Bytes
1247. | Protocol ID : <Unknown 0>
1248. | SPI size : 0
1249. | Message type : STATUS_NAT_DETECTION_SOURCE_IP
1250. | Notif. data : 4F 52 22 25 1A 84 8F C2 C3 34 D3 68 3A 3C 45 D5
1251. | CD 25 BE 68
1252. NOTIFY Payload
1253. | Next Payload : NOTIFY
1254. | CRITICAL : NO
1255. | Reserved : 0x00
1256. | Length : 28 Bytes
1257. | Protocol ID : <Unknown 0>
1258. | SPI size : 0
1259. | Message type : STATUS_NAT_DETECTION_DESTINATION_IP
1260. | Notif. data : 87 D1 99 37 32 15 D6 9E 46 76 96 F8 EC 3A 2C 3C
1261. | FD 63 0F 2D
1262. NOTIFY Payload
1263. | Next Payload : NOTIFY
1264. | CRITICAL : NO
1265. | Reserved : 0x00
1266. | Length : 14 Bytes
1267. | Protocol ID : <Unknown 0>
1268. | SPI size : 0
1269. | Message type : SIGNATURE_HASH_ALGORITHMS
1270. | Sign. Hash Algs. : SHA-256, SHA-384, SHA-512
1271. NOTIFY Payload
1272. | Next Payload : CERTREQ
1273. | CRITICAL : NO
1274. | Reserved : 0x00
1275. | Length : 8 Bytes
1276. | Protocol ID : <Unknown 0>
1277. | SPI size : 0
1278. | Message type : IKEV2_FRAGMENTATION_SUPPORTED
1279. CERTREQ Payload
1280. | Next Payload : VENDOR
1281. | CRITICAL : NO
1282. | Reserved : 0x00
1283. | Length : 25 Bytes
1284. | Cert. Type : X509_SIG
1285. | Cert. Autherity : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1286. | 00 00 00 00
1287. VENDOR Payload
1288. | Next Payload : NONE
1289. | CRITICAL : NO
1290. | Reserved : 0x00
1291. | Length : 24 Bytes
1292. | Vendor ID : 81 75 2E B5 91 4D 73 5C DF CD C8 58 C3 A8 ED 7C
1293. | 1C 66 D1 42
1294.  
1295. [VPN-Debug] 2022/01/18 12:01:25,073 Devicetime: 2022/01/18 12:01:33,257
1296. Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
1297. Constructing payload NONCE (40):
1298. +Nonce length=32 bytes
1299. +Nonce=0xD6ABC238185AE06EDF9437656E04D7032F2DCFC23784F921A73EB69CE157200A
1300. +SA-DATA-Nr=0xD6ABC238185AE06EDF9437656E04D7032F2DCFC23784F921A73EB69CE157200A
1301. Constructing payload NOTIFY(DETECTION_SOURCE_IP) (41):
1302. +Computing SHA1(0x5A1C35418681740B13FB7B459F87A40E|öffentlicheIP:500)
1303. +Computing SHA1(0x5A1C35418681740B13FB7B459F87A40E509922F001F4)
1304. +0x4F5222251A848FC2C334D3683A3C45D5CD25BE68
1305. Constructing payload NOTIFY(DETECTION_DESTINATION_IP) (41):
1306. +Computing SHA1(0x5A1C35418681740B13FB7B459F87A40E|smartphoneIP:44427)
1307. +Computing SHA1(0x5A1C35418681740B13FB7B459F87A40EB218FAC2AD8B)
1308. +0x87D199373215D69E467696F8EC3A2C3CFD630F2D
1309. Constructing payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41):
1310. +Signature hash algorithms: SHA-256,SHA-384,SHA-512
1311. Constructing payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41):
1312. Constructing payload CERTREQ (38):
1313. +0x0000000000000000000000000000000000000000
1314. Constructing payload VENDOR(FRAGMENTATION) (43):
1315. Constructing payload VENDOR(FRAGMENTATION(C0000000)) (43):
1316. Constructing payload VENDOR(ikev2 config payload: Do not narrow my traffic selector) (43):
1317. Constructing payload VENDOR(activate lancom-systems notification private range) (43):
1318. Constructing payload NOTIFY(DEVICE-ID) (41):
1319. +Peer does not support private notifications -> ignore
1320. +Shared secret derived in 46846 micro seconds
1321. IKE_SA(0x5A1C35418681740B13FB7B459F87A40E).EXPECTED-MSG-ID raised to 1
1322. +(request, response) pair inserted into retransmission map
1323. Sending an IKE_SA_INIT-RESPONSE of 503 bytes (responder)
1324. Gateways: öffentlicheIP:4500-->smartphoneIP:4500, tag 0 (UDP)
1325. SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 0
1326. Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(SIGNATURE_HASH_ALGORITHMS), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), CERTREQ, VENDOR(activate lancom-systems notification private range)
1327.  
1328. [VPN-Status] 2022/01/18 12:01:25,116 Devicetime: 2022/01/18 12:01:33,257
1329. Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
1330. +IKE-SA:
1331. IKE-Proposal-1 (4 transforms)
1332. ENCR : AES-CBC-256
1333. PRF : PRF-HMAC-SHA-256
1334. INTEG: HMAC-SHA-256
1335. DH : 14
1336. +KE-DH-Group 14 (2048 bits)
1337. Switching to port pair 4500 ( NAT-T keep-alive is off)
1338. IKE_SA_INIT [responder] for peer DEFAULT initiator id <no ipsec id>, responder id <no ipsec id>
1339. initiator cookie: 0x5A1C35418681740B, responder cookie: 0x13FB7B459F87A40E
1340. NAT-T enabled. We are not behind a nat, the remote side is behind a nat
1341. SA ISAKMP for peer DEFAULT Encryption AES-CBC-256 Integrity AUTH-HMAC-SHA-256 IKE-DH-Group 14 PRF-HMAC-SHA-256
1342. life time soft 01/19/2022 15:01:33 (in 97200 sec) / 0 kb
1343. life time hard 01/19/2022 18:01:33 (in 108000 sec) / 0 kb
1344. DPD: NONE
1345. Negotiated: IKEV2_FRAGMENTATION
1346.  
1347. Sending an IKE_SA_INIT-RESPONSE of 503 bytes (responder)
1348. Gateways: öffentlicheIP:4500-->smartphoneIP:4500, tag 0 (UDP)
1349. SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 0
1350.  
1351. [VPN-IKE] 2022/01/18 12:01:25,132 Devicetime: 2022/01/18 12:01:33,307
1352. [DEFAULT] Received packet:
1353. IKE 2.0 Header:
1354. Source/Port : smartphoneIP:44439
1355. Destination/Port : öffentlicheIP:4500
1356. Routing-tag : 0
1357. Com-channel : 0
1358. | Initiator cookie : 5A 1C 35 41 86 81 74 0B
1359. | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
1360. | Next Payload : ENCR
1361. | Version : 2.0
1362. | Exchange type : IKE_AUTH
1363. | Flags : 0x08 Initiator
1364. | Msg-ID : 1
1365. | Length : 576 Bytes
1366. ENCR Payload
1367. | Next Payload : IDI
1368. | CRITICAL : NO
1369. | Reserved : 0x00
1370. | Length : 548 Bytes
1371. | IV : CE CA B1 82 21 7D 69 85 03 21 16 A3 35 A1 3E 56
1372. | Encrypted Data : 66 05 38 F6 D9 2C 3A 4F F7 FB 57 51 CD 36 F9 C9
1373. | D8 7E 01 3E 6A CF 8B 47 77 08 0B 95 72 4D A7 1A
1374. | 78 3A 4F F7 C3 F3 40 05 B2 B4 CF EE B2 6F 7B 90
1375. | 27 38 50 77 3C 70 6B 06 9B CA 4B 79 E4 D0 24 91
1376. | B3 45 C4 EC AC 28 F2 0D 17 75 E1 4E 44 75 B5 21
1377. | BE 55 22 C5 7D 90 72 5A 42 EB 8B BD CA 17 DE CD
1378. | 90 4E BC 22 7F 3F 54 9D 50 D4 06 8B 45 CC 82 EE
1379. | C6 88 7B A8 8B 0F 78 13 B9 7B 7C D0 8C A9 08 E4
1380. | 4C CE B9 19 25 4F 54 27 59 10 C8 66 68 00 26 F1
1381. | F1 02 E8 70 8A AB 13 74 CA C4 AF 1B 8C 60 BB 48
1382. | F0 A7 10 BD B5 FF 16 11 9C AF DA 42 85 6F 25 CA
1383. | F7 EF CE CC B6 43 DA AD EC 0B 21 64 C4 C4 8E 55
1384. | 23 16 A5 8B E6 DE 17 A6 9F 69 C1 98 85 4E E5 31
1385. | B5 6B BE E7 01 F6 FE 04 E9 52 6C 38 23 81 36 A4
1386. | 1A 7B 1C EB C9 B1 14 54 68 4E 69 59 B7 FA 4F 51
1387. | A9 AF 73 3B AC 55 7B 11 8C 0B A1 50 4A AF F7 3C
1388. | 67 89 EF E4 05 2C CF D1 6D 69 79 73 FB 63 94 7A
1389. | 48 F3 C5 6B 00 F0 14 41 A7 3B EF 42 7C B9 88 6C
1390. | F1 BF 7D E9 1B 4D 4E 9A C0 BC A1 07 45 61 93 65
1391. | 66 A1 5B 41 97 8C FF CD 23 E4 2F 32 FE 0A 99 8F
1392. | 0B 78 9A 70 3E 36 FE 96 5B 0D 2F EC 11 8A 47 42
1393. | E8 51 78 23 7D 4A 95 0A E8 96 98 84 8C 00 2A AB
1394. | B0 33 99 64 EA 25 01 60 12 F2 2C 5B 43 25 AC 30
1395. | 98 B5 50 69 41 17 44 55 95 C5 F6 75 1F 48 CB 5E
1396. | 1F D2 7F 90 05 92 B7 8E 21 85 14 D4 7F 27 74 0B
1397. | 4E D0 CB 0A 7F D2 FC 7F 36 CD 9B 0A F3 B3 C6 59
1398. | 4D 33 FD 4E FE C0 16 95 92 D4 4D 96 3B B2 22 B8
1399. | DA D1 A6 FD 6D 5E B8 3B 19 FE 1C D3 82 AE 36 ED
1400. | B5 40 73 22 2D FF B4 19 B7 7F DC E2 6F F3 82 8F
1401. | C7 C2 46 99 F1 0E 25 DC 0D 54 3B 8B 6B 12 D2 CF
1402. | 2E E4 DF C7 67 66 72 7C E4 FE E5 81 BC FC 99 DA
1403. | 7C F1 46 32 23 E5 FD 8F F3 90 EB EC EA 57 20 B2
1404. | ICV : E9 E6 7F DD DB 4F 1E 1D 31 B8 B8 19 53 F8 FC A2
1405.  
1406. [VPN-IKE] 2022/01/18 12:01:25,132 Devicetime: 2022/01/18 12:01:33,312
1407. [DEFAULT] Received packet after decryption:
1408. IKE 2.0 Header:
1409. Source/Port : smartphoneIP:44439
1410. Destination/Port : öffentlicheIP:4500
1411. Routing-tag : 0
1412. Com-channel : 0
1413. | Initiator cookie : 5A 1C 35 41 86 81 74 0B
1414. | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
1415. | Next Payload : ENCR
1416. | Version : 2.0
1417. | Exchange type : IKE_AUTH
1418. | Flags : 0x08 Initiator
1419. | Msg-ID : 1
1420. | Length : 576 Bytes
1421. ENCR Payload
1422. | Next Payload : IDI
1423. | CRITICAL : NO
1424. | Reserved : 0x00
1425. | Length : 548 Bytes
1426. | IV : CE CA B1 82 21 7D 69 85 03 21 16 A3 35 A1 3E 56
1427. | ICV : E9 E6 7F DD DB 4F 1E 1D 31 B8 B8 19 53 F8 FC A2
1428. IDI Payload
1429. | Next Payload : IDR
1430. | CRITICAL : NO
1431. | Reserved : 0x00
1432. | Length : 25 Bytes
1433. | ID type : FQDN
1434. | Reserved : 0x000000
1435. | ID : android.lancom.de
1436. IDR Payload
1437. | Next Payload : AUTH
1438. | CRITICAL : NO
1439. | Reserved : 0x00
1440. | Length : 12 Bytes
1441. | ID type : IPV4_ADDR
1442. | Reserved : 0x000000
1443. | ID : öffentlicheIP
1444. AUTH Payload
1445. | Next Payload : SA
1446. | CRITICAL : NO
1447. | Reserved : 0x00
1448. | Length : 40 Bytes
1449. | Auth. Method : PRESHARED_KEY
1450. | Reserved : 0x000000
1451. | Auth. Data : CF AB 23 20 85 E4 0E DF 39 7B E0 E1 85 02 64 AE
1452. | CD E4 0F 8C B0 A3 61 70 EA 7D C6 01 CD 9A F4 CF
1453. SA Payload
1454. | Next Payload : TSi
1455. | CRITICAL : NO
1456. | Reserved : 0x00
1457. | Length : 272 Bytes
1458. | PROPOSAL Payload
1459. | | Next Payload : PROPOSAL
1460. | | Reserved : 0x00
1461. | | Length : 132 Bytes
1462. | | Proposal number : 1
1463. | | Protocol ID : IPSEC_ESP
1464. | | SPI size : 4
1465. | | #Transforms : 12
1466. | | SPI : 52 CD FE AE
1467. | | TRANSFORM Payload
1468. | | | Next Payload : TRANSFORM
1469. | | | Reserved : 0x00
1470. | | | Length : 12 Bytes
1471. | | | Transform Type: ENCR (1)
1472. | | | Reserved2 : 0x00
1473. | | | Transform ID : AES-128-CTR (13)
1474. | | | Attribute 0
1475. | | | | Type : Basic, KEYLENGTH
1476. | | | | Value : 256
1477. | | TRANSFORM Payload
1478. | | | Next Payload : TRANSFORM
1479. | | | Reserved : 0x00
1480. | | | Length : 12 Bytes
1481. | | | Transform Type: ENCR (1)
1482. | | | Reserved2 : 0x00
1483. | | | Transform ID : AES-CBC (12)
1484. | | | Attribute 0
1485. | | | | Type : Basic, KEYLENGTH
1486. | | | | Value : 256
1487. | | TRANSFORM Payload
1488. | | | Next Payload : TRANSFORM
1489. | | | Reserved : 0x00
1490. | | | Length : 12 Bytes
1491. | | | Transform Type: ENCR (1)
1492. | | | Reserved2 : 0x00
1493. | | | Transform ID : AES-128-CTR (13)
1494. | | | Attribute 0
1495. | | | | Type : Basic, KEYLENGTH
1496. | | | | Value : 192
1497. | | TRANSFORM Payload
1498. | | | Next Payload : TRANSFORM
1499. | | | Reserved : 0x00
1500. | | | Length : 12 Bytes
1501. | | | Transform Type: ENCR (1)
1502. | | | Reserved2 : 0x00
1503. | | | Transform ID : AES-CBC (12)
1504. | | | Attribute 0
1505. | | | | Type : Basic, KEYLENGTH
1506. | | | | Value : 192
1507. | | TRANSFORM Payload
1508. | | | Next Payload : TRANSFORM
1509. | | | Reserved : 0x00
1510. | | | Length : 12 Bytes
1511. | | | Transform Type: ENCR (1)
1512. | | | Reserved2 : 0x00
1513. | | | Transform ID : AES-128-CTR (13)
1514. | | | Attribute 0
1515. | | | | Type : Basic, KEYLENGTH
1516. | | | | Value : 128
1517. | | TRANSFORM Payload
1518. | | | Next Payload : TRANSFORM
1519. | | | Reserved : 0x00
1520. | | | Length : 12 Bytes
1521. | | | Transform Type: ENCR (1)
1522. | | | Reserved2 : 0x00
1523. | | | Transform ID : AES-CBC (12)
1524. | | | Attribute 0
1525. | | | | Type : Basic, KEYLENGTH
1526. | | | | Value : 128
1527. | | TRANSFORM Payload
1528. | | | Next Payload : TRANSFORM
1529. | | | Reserved : 0x00
1530. | | | Length : 8 Bytes
1531. | | | Transform Type: INTEG (3)
1532. | | | Reserved2 : 0x00
1533. | | | Transform ID : HMAC-SHA-512 (14)
1534. | | | Attributes : NONE
1535. | | TRANSFORM Payload
1536. | | | Next Payload : TRANSFORM
1537. | | | Reserved : 0x00
1538. | | | Length : 8 Bytes
1539. | | | Transform Type: INTEG (3)
1540. | | | Reserved2 : 0x00
1541. | | | Transform ID : HMAC-SHA-384 (13)
1542. | | | Attributes : NONE
1543. | | TRANSFORM Payload
1544. | | | Next Payload : TRANSFORM
1545. | | | Reserved : 0x00
1546. | | | Length : 8 Bytes
1547. | | | Transform Type: INTEG (3)
1548. | | | Reserved2 : 0x00
1549. | | | Transform ID : HMAC-SHA-256 (12)
1550. | | | Attributes : NONE
1551. | | TRANSFORM Payload
1552. | | | Next Payload : TRANSFORM
1553. | | | Reserved : 0x00
1554. | | | Length : 8 Bytes
1555. | | | Transform Type: INTEG (3)
1556. | | | Reserved2 : 0x00
1557. | | | Transform ID : AES-XCBC-96 (5)
1558. | | | Attributes : NONE
1559. | | TRANSFORM Payload
1560. | | | Next Payload : TRANSFORM
1561. | | | Reserved : 0x00
1562. | | | Length : 8 Bytes
1563. | | | Transform Type: INTEG (3)
1564. | | | Reserved2 : 0x00
1565. | | | Transform ID : AES-CMAC-96 (8)
1566. | | | Attributes : NONE
1567. | | TRANSFORM Payload
1568. | | | Next Payload : NONE
1569. | | | Reserved : 0x00
1570. | | | Length : 8 Bytes
1571. | | | Transform Type: ESN (5)
1572. | | | Reserved2 : 0x00
1573. | | | Transform ID : NONE (0)
1574. | | | Attributes : NONE
1575. | PROPOSAL Payload
1576. | | Next Payload : NONE
1577. | | Reserved : 0x00
1578. | | Length : 136 Bytes
1579. | | Proposal number : 2
1580. | | Protocol ID : IPSEC_ESP
1581. | | SPI size : 4
1582. | | #Transforms : 11
1583. | | SPI : 1A 3B 71 8F
1584. | | TRANSFORM Payload
1585. | | | Next Payload : TRANSFORM
1586. | | | Reserved : 0x00
1587. | | | Length : 8 Bytes
1588. | | | Transform Type: ENCR (1)
1589. | | | Reserved2 : 0x00
1590. | | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
1591. | | | Attributes : NONE
1592. | | TRANSFORM Payload
1593. | | | Next Payload : TRANSFORM
1594. | | | Reserved : 0x00
1595. | | | Length : 12 Bytes
1596. | | | Transform Type: ENCR (1)
1597. | | | Reserved2 : 0x00
1598. | | | Transform ID : AES-GCM-16 (20)
1599. | | | Attribute 0
1600. | | | | Type : Basic, KEYLENGTH
1601. | | | | Value : 256
1602. | | TRANSFORM Payload
1603. | | | Next Payload : TRANSFORM
1604. | | | Reserved : 0x00
1605. | | | Length : 12 Bytes
1606. | | | Transform Type: ENCR (1)
1607. | | | Reserved2 : 0x00
1608. | | | Transform ID : AES-GCM-12 (19)
1609. | | | Attribute 0
1610. | | | | Type : Basic, KEYLENGTH
1611. | | | | Value : 256
1612. | | TRANSFORM Payload
1613. | | | Next Payload : TRANSFORM
1614. | | | Reserved : 0x00
1615. | | | Length : 12 Bytes
1616. | | | Transform Type: ENCR (1)
1617. | | | Reserved2 : 0x00
1618. | | | Transform ID : AES-GCM-8 (18)
1619. | | | Attribute 0
1620. | | | | Type : Basic, KEYLENGTH
1621. | | | | Value : 256
1622. | | TRANSFORM Payload
1623. | | | Next Payload : TRANSFORM
1624. | | | Reserved : 0x00
1625. | | | Length : 12 Bytes
1626. | | | Transform Type: ENCR (1)
1627. | | | Reserved2 : 0x00
1628. | | | Transform ID : AES-GCM-16 (20)
1629. | | | Attribute 0
1630. | | | | Type : Basic, KEYLENGTH
1631. | | | | Value : 192
1632. | | TRANSFORM Payload
1633. | | | Next Payload : TRANSFORM
1634. | | | Reserved : 0x00
1635. | | | Length : 12 Bytes
1636. | | | Transform Type: ENCR (1)
1637. | | | Reserved2 : 0x00
1638. | | | Transform ID : AES-GCM-12 (19)
1639. | | | Attribute 0
1640. | | | | Type : Basic, KEYLENGTH
1641. | | | | Value : 192
1642. | | TRANSFORM Payload
1643. | | | Next Payload : TRANSFORM
1644. | | | Reserved : 0x00
1645. | | | Length : 12 Bytes
1646. | | | Transform Type: ENCR (1)
1647. | | | Reserved2 : 0x00
1648. | | | Transform ID : AES-GCM-8 (18)
1649. | | | Attribute 0
1650. | | | | Type : Basic, KEYLENGTH
1651. | | | | Value : 192
1652. | | TRANSFORM Payload
1653. | | | Next Payload : TRANSFORM
1654. | | | Reserved : 0x00
1655. | | | Length : 12 Bytes
1656. | | | Transform Type: ENCR (1)
1657. | | | Reserved2 : 0x00
1658. | | | Transform ID : AES-GCM-16 (20)
1659. | | | Attribute 0
1660. | | | | Type : Basic, KEYLENGTH
1661. | | | | Value : 128
1662. | | TRANSFORM Payload
1663. | | | Next Payload : TRANSFORM
1664. | | | Reserved : 0x00
1665. | | | Length : 12 Bytes
1666. | | | Transform Type: ENCR (1)
1667. | | | Reserved2 : 0x00
1668. | | | Transform ID : AES-GCM-12 (19)
1669. | | | Attribute 0
1670. | | | | Type : Basic, KEYLENGTH
1671. | | | | Value : 128
1672. | | TRANSFORM Payload
1673. | | | Next Payload : TRANSFORM
1674. | | | Reserved : 0x00
1675. | | | Length : 12 Bytes
1676. | | | Transform Type: ENCR (1)
1677. | | | Reserved2 : 0x00
1678. | | | Transform ID : AES-GCM-8 (18)
1679. | | | Attribute 0
1680. | | | | Type : Basic, KEYLENGTH
1681. | | | | Value : 128
1682. | | TRANSFORM Payload
1683. | | | Next Payload : NONE
1684. | | | Reserved : 0x00
1685. | | | Length : 8 Bytes
1686. | | | Transform Type: ESN (5)
1687. | | | Reserved2 : 0x00
1688. | | | Transform ID : NONE (0)
1689. | | | Attributes : NONE
1690. TSi Payload
1691. | Next Payload : TSr
1692. | CRITICAL : NO
1693. | Reserved : 0x00
1694. | Length : 64 Bytes
1695. | Number of TSs : 2
1696. | Reserved : 0x000000
1697. | Traffic Selector 0
1698. | | Type : TS_IPV4_ADDR_RANGE
1699. | | Protocol : ANY
1700. | | Length : 16
1701. | | Start Port : 0
1702. | | End Port : 65535
1703. | | Address Range : 0.0.0.0 - 255.255.255.255
1704. | Traffic Selector 1
1705. | | Type : TS_IPV6_ADDR_RANGE
1706. | | Protocol : ANY
1707. | | Length : 40
1708. | | Start Port : 0
1709. | | End Port : 65535
1710. | | Address Range : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
1711. TSr Payload
1712. | Next Payload : CP
1713. | CRITICAL : NO
1714. | Reserved : 0x00
1715. | Length : 64 Bytes
1716. | Number of TSs : 2
1717. | Reserved : 0x000000
1718. | Traffic Selector 0
1719. | | Type : TS_IPV4_ADDR_RANGE
1720. | | Protocol : ANY
1721. | | Length : 16
1722. | | Start Port : 0
1723. | | End Port : 65535
1724. | | Address Range : 0.0.0.0 - 255.255.255.255
1725. | Traffic Selector 1
1726. | | Type : TS_IPV6_ADDR_RANGE
1727. | | Protocol : ANY
1728. | | Length : 40
1729. | | Start Port : 0
1730. | | End Port : 65535
1731. | | Address Range : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
1732. CP Payload
1733. | Next Payload : NONE
1734. | CRITICAL : NO
1735. | Reserved : 0x00
1736. | Length : 32 Bytes
1737. | Type : REQUEST
1738. | Reserved2 : 0x000000
1739. | Attribute 0
1740. | | Type : Variable, INTERNAL_IP4_ADDRESS
1741. | | Length : 0
1742. | | Value :
1743. | Attribute 1
1744. | | Type : Variable, INTERNAL_IP6_ADDRESS
1745. | | Length : 0
1746. | | Value :
1747. | Attribute 2
1748. | | Type : Variable, INTERNAL_IP4_DNS
1749. | | Length : 0
1750. | | Value :
1751. | Attribute 3
1752. | | Type : Variable, INTERNAL_IP6_DNS
1753. | | Length : 0
1754. | | Value :
1755. | Attribute 4
1756. | | Type : Variable, INTERNAL_IP4_NETMASK
1757. | | Length : 0
1758. | | Value :
1759. | Attribute 5
1760. | | Type : Variable, APPLICATION_VERSION
1761. | | Length : 0
1762. | | Value :
1763. Rest : 8C DC 02
1764.  
1765. [VPN-Debug] 2022/01/18 12:01:25,133 Devicetime: 2022/01/18 12:01:33,314
1766. Config parser update peer's SMARTPHONE remote gateway to smartphoneIP (old 0.0.0.0)
1767.  
1768. [VPN-Debug] 2022/01/18 12:01:25,133 Devicetime: 2022/01/18 12:01:33,322
1769. Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 576 bytes (encrypted)
1770. Gateways: öffentlicheIP:4500<--smartphoneIP:4500
1771. SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 1
1772. Payloads: ENCR
1773. QUB-DATA: öffentlicheIP:4500<---smartphoneIP:44439 rtg_tag 0 physical-channel WAN(1)
1774. transport: [id: 2440864, UDP (17) {incoming unicast, fixed source address}, dst: smartphoneIP, tag 0 (U), src: öffentlicheIP, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (5), mac address: ff:ff:ff:ff:ff:ff, port 0], local port: 4500, remote port: 4500, flags: UDP_ENCAPSULATION
1775. +IKE_SA found and assigned
1776. +Exchange created (flags: 0x00000050)
1777. Message verified successfully
1778. Message decrypted successfully
1779. Payloads: ENCR, IDI, IDR, AUTH(PSK), SA, TSI, TSR, CP(REQUEST)
1780. Looking for payload IDI (35)...Found 1 payload.
1781. +Received-ID android.lancom.de:FQDN matches the Expected-ID android.lancom.de:FQDN
1782. +Config ENCR transform(s): AES-CBC-256
1783. +Received ENCR transform(s): AES-CBC-256
1784. +Best intersection: AES-CBC-256
1785. +Config PRF transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
1786. +Received PRF transform(s): PRF-HMAC-SHA-256
1787. +Best intersection: PRF-HMAC-SHA-256
1788. +Config INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
1789. +Received INTEG transform(s): HMAC-SHA-256
1790. +Best intersection: HMAC-SHA-256
1791. +Config DH transform(s): 14
1792. +Received DH transform(s): 14
1793. +Best intersection: 14
1794. SMARTPHONE: DELETE MODE(7) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---öffentlicheIP===smartphoneIP---0.0.0.0/32 port(0) protocol(0)
1795. SMARTPHONE: DELETE MODE(7) INBOUND ESP 0.0.0.0/32 port(0) protocol(0)---smartphoneIP===öffentlicheIP---0.0.0.0/0 port(0) protocol(0)
1796. SMARTPHONE: ADD MODE(7) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---öffentlicheIP===smartphoneIP---172.20.0.22/32 port(0) protocol(0)
1797. SMARTPHONE: ADD MODE(7) INBOUND ESP 172.20.0.22/32 port(0) protocol(0)---smartphoneIP===öffentlicheIP---0.0.0.0/0 port(0) protocol(0)
1798. Looking for payload TSI (44)...Found 1 payload.
1799. Looking for a rule...
1800. Trying rule 0: IPSEC-0-SMARTPHONE-PR0-L0-R0
1801. Determining best intersection for TSi
1802. Expected TS :( 0, 0-65535, 172.20.0.22-172.20.0.22 )
1803. Received TS :( 0, 0-65535, 0.0.0.0-255.255.255.255)
1804. Intersection:( 0, 0-65535, 172.20.0.22-172.20.0.22 )
1805. Determining best intersection for TSi
1806. Expected TS :( 0, 0-65535, 172.20.0.22-172.20.0.22 )
1807. Received TS :( 0, 0-65535, ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
1808. -No intersection
1809. Best :( 0, 0-65535, 172.20.0.22-172.20.0.22 )
1810. Determining best intersection for TSr
1811. Expected TS :( 0, 0-65535, 0.0.0.0-255.255.255.255)
1812. Received TS :( 0, 0-65535, 0.0.0.0-255.255.255.255)
1813. Intersection:( 0, 0-65535, 0.0.0.0-255.255.255.255)
1814. Determining best intersection for TSr
1815. Expected TS :( 0, 0-65535, 0.0.0.0-255.255.255.255)
1816. Received TS :( 0, 0-65535, ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
1817. -No intersection
1818. Best :( 0, 0-65535, 0.0.0.0-255.255.255.255)
1819. +Valid intersection found
1820. TSi: ( 0, 0-65535, 172.20.0.22-172.20.0.22 )
1821. TSr: ( 0, 0-65535, 0.0.0.0-255.255.255.255)
1822. +TSi OK.
1823. Looking for payload TSR (45)...Found 1 payload.
1824. +TSr OK.
1825. Looking for payload CHILD_SA (33)...Found 1 payload.
1826. +Config ENCR transform(s): AES-CBC-256
1827. +Received ENCR transform(s): AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
1828. +Best intersection: AES-CBC-256
1829. +Config INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
1830. +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
1831. +Best intersection: HMAC-SHA-256
1832. +Config ESN transform(s): NONE
1833. +Received ESN transform(s): NONE
1834. +Best intersection: NONE
1835.  
1836. [VPN-Status] 2022/01/18 12:01:25,133 Devicetime: 2022/01/18 12:01:33,322
1837. Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 576 bytes (encrypted)
1838. Gateways: öffentlicheIP:4500<--smartphoneIP:4500
1839. SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 1
1840. CHILD_SA ('', '' ) entered to SADB
1841. Updating remote port to 44439
1842. +Received-ID android.lancom.de:FQDN matches the Expected-ID android.lancom.de:FQDN
1843. +Peer identified: SMARTPHONE
1844. +Peer uses AUTH(PSK)
1845. +Authentication successful
1846. Request attributes:
1847. INTERNAL_IP4_ADDRESS()
1848. INTERNAL_IP6_ADDRESS()
1849. INTERNAL_IP4_DNS()
1850. INTERNAL_IP6_DNS()
1851. INTERNAL_IP4NETMASK()
1852. APPLICATION_VERSION()
1853. Assigned IPv4 config parameters:
1854. IP: 172.20.0.22
1855. DNS: 172.20.0.110, 8.8.8.8
1856. TSi: ( 0, 0-65535, 172.20.0.22-172.20.0.22 )
1857. TSr: ( 0, 0-65535, 0.0.0.0-255.255.255.255)
1858. +CHILD-SA:
1859. ESP-Proposal-1 Peer-SPI: 0x52CDFEAE (12 transforms)
1860. ENCR : AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
1861. INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
1862. ESN : NONE
1863. ESP-Proposal-2 Peer-SPI: 0x1A3B718F (11 transforms)
1864. ENCR : ENCR-CHACHA20-POLY1305 AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
1865. ESN : NONE
1866.  
1867. [VPN-IKE] 2022/01/18 12:01:25,148 Devicetime: 2022/01/18 12:01:33,330
1868. [SMARTPHONE] Sending packet before encryption:
1869. IKE 2.0 Header:
1870. Source/Port : öffentlicheIP:4500
1871. Destination/Port : smartphoneIP:44439
1872. Routing-tag : 0
1873. Com-channel : 23
1874. | Initiator cookie : 5A 1C 35 41 86 81 74 0B
1875. | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
1876. | Next Payload : ENCR
1877. | Version : 2.0
1878. | Exchange type : IKE_AUTH
1879. | Flags : 0x20 Response
1880. | Msg-ID : 1
1881. | Length : 272 Bytes
1882. ENCR Payload
1883. | Next Payload : IDR
1884. | CRITICAL : NO
1885. | Reserved : 0x00
1886. | Length : 244 Bytes
1887. | IV : BA 66 1E 00 AA 44 75 5C 44 E4 FB 4F 7F 2C 06 D4
1888. | ICV : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1889. IDR Payload
1890. | Next Payload : AUTH
1891. | CRITICAL : NO
1892. | Reserved : 0x00
1893. | Length : 25 Bytes
1894. | ID type : FQDN
1895. | Reserved : 0x000000
1896. | ID : android.lancom.de
1897. AUTH Payload
1898. | Next Payload : CP
1899. | CRITICAL : NO
1900. | Reserved : 0x00
1901. | Length : 40 Bytes
1902. | Auth. Method : PRESHARED_KEY
1903. | Reserved : 0x000000
1904. | Auth. Data : 5F 21 3E 9B 56 06 F5 DE BE 65 F0 87 82 81 F3 EC
1905. | 4C 5C 13 6B ED 89 C3 49 38 4A D3 7B 5D AA 90 CF
1906. CP Payload
1907. | Next Payload : TSi
1908. | CRITICAL : NO
1909. | Reserved : 0x00
1910. | Length : 32 Bytes
1911. | Type : REPLY
1912. | Reserved2 : 0x000000
1913. | Attribute 0
1914. | | Type : Variable, INTERNAL_IP4_ADDRESS
1915. | | Length : 4
1916. | | Value : 172.20.0.22
1917. | Attribute 1
1918. | | Type : Variable, INTERNAL_IP4_DNS
1919. | | Length : 4
1920. | | Value : 172.20.0.110
1921. | Attribute 2
1922. | | Type : Variable, INTERNAL_IP4_DNS
1923. | | Length : 4
1924. | | Value : 8.8.8.8
1925. TSi Payload
1926. | Next Payload : TSr
1927. | CRITICAL : NO
1928. | Reserved : 0x00
1929. | Length : 24 Bytes
1930. | Number of TSs : 1
1931. | Reserved : 0x000000
1932. | Traffic Selector 0
1933. | | Type : TS_IPV4_ADDR_RANGE
1934. | | Protocol : ANY
1935. | | Length : 16
1936. | | Start Port : 0
1937. | | End Port : 65535
1938. | | Address Range : 172.20.0.22 - 172.20.0.22
1939. TSr Payload
1940. | Next Payload : NOTIFY
1941. | CRITICAL : NO
1942. | Reserved : 0x00
1943. | Length : 24 Bytes
1944. | Number of TSs : 1
1945. | Reserved : 0x000000
1946. | Traffic Selector 0
1947. | | Type : TS_IPV4_ADDR_RANGE
1948. | | Protocol : ANY
1949. | | Length : 16
1950. | | Start Port : 0
1951. | | End Port : 65535
1952. | | Address Range : 0.0.0.0 - 255.255.255.255
1953. NOTIFY Payload
1954. | Next Payload : SA
1955. | CRITICAL : NO
1956. | Reserved : 0x00
1957. | Length : 8 Bytes
1958. | Protocol ID : <Unknown 0>
1959. | SPI size : 0
1960. | Message type : STATUS_INITIAL_CONTACT
1961. SA Payload
1962. | Next Payload : NONE
1963. | CRITICAL : NO
1964. | Reserved : 0x00
1965. | Length : 44 Bytes
1966. | PROPOSAL Payload
1967. | | Next Payload : NONE
1968. | | Reserved : 0x00
1969. | | Length : 40 Bytes
1970. | | Proposal number : 1
1971. | | Protocol ID : IPSEC_ESP
1972. | | SPI size : 4
1973. | | #Transforms : 3
1974. | | SPI : 53 B6 DE 80
1975. | | TRANSFORM Payload
1976. | | | Next Payload : TRANSFORM
1977. | | | Reserved : 0x00
1978. | | | Length : 12 Bytes
1979. | | | Transform Type: ENCR (1)
1980. | | | Reserved2 : 0x00
1981. | | | Transform ID : AES-CBC (12)
1982. | | | Attribute 0
1983. | | | | Type : Basic, KEYLENGTH
1984. | | | | Value : 256
1985. | | TRANSFORM Payload
1986. | | | Next Payload : TRANSFORM
1987. | | | Reserved : 0x00
1988. | | | Length : 8 Bytes
1989. | | | Transform Type: INTEG (3)
1990. | | | Reserved2 : 0x00
1991. | | | Transform ID : HMAC-SHA-256 (12)
1992. | | | Attributes : NONE
1993. | | TRANSFORM Payload
1994. | | | Next Payload : NONE
1995. | | | Reserved : 0x00
1996. | | | Length : 8 Bytes
1997. | | | Transform Type: ESN (5)
1998. | | | Reserved2 : 0x00
1999. | | | Transform ID : NONE (0)
2000. | | | Attributes : NONE
2001. Rest : 00 00 00 00 00 00 00 00 00 00 0A
2002.  
2003. [VPN-IKE] 2022/01/18 12:01:25,148 Devicetime: 2022/01/18 12:01:33,334
2004. [SMARTPHONE] Sending packet after encryption:
2005. IKE 2.0 Header:
2006. Source/Port : öffentlicheIP:4500
2007. Destination/Port : smartphoneIP:44439
2008. Routing-tag : 0
2009. Com-channel : 23
2010. | Initiator cookie : 5A 1C 35 41 86 81 74 0B
2011. | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
2012. | Next Payload : ENCR
2013. | Version : 2.0
2014. | Exchange type : IKE_AUTH
2015. | Flags : 0x20 Response
2016. | Msg-ID : 1
2017. | Length : 272 Bytes
2018. ENCR Payload
2019. | Next Payload : IDR
2020. | CRITICAL : NO
2021. | Reserved : 0x00
2022. | Length : 244 Bytes
2023. | IV : BA 66 1E 00 AA 44 75 5C 44 E4 FB 4F 7F 2C 06 D4
2024. | Encrypted Data : 8F B1 AA 9E 63 83 02 60 08 48 F3 D4 FB C3 2B 23
2025. | B1 60 61 BD D9 AA 5B 52 D2 F6 42 B5 0B D8 98 5F
2026. | CC 19 72 E8 C9 7E 2C 77 91 73 3A 94 0A 00 83 E3
2027. | 20 54 63 BB 15 CA 9B 28 43 DD 20 02 85 FC 77 D5
2028. | 11 DA E2 62 67 18 2C 98 82 22 03 FE 80 08 40 6E
2029. | 31 ED 91 AD 6F 4C AD 9C 84 52 BD AF 22 0B 25 14
2030. | 3D E3 9D AD FA 33 07 1D 94 FE A1 80 C4 A2 B3 C4
2031. | 78 69 4C 7B 02 3C 01 2D EA 94 09 21 AB DB 6D FE
2032. | 27 81 D9 13 0B 24 E6 C6 1F 1C 68 C4 1F CF 37 3F
2033. | 60 7D 29 7B 86 4C F4 AD 68 FD 50 54 17 77 A9 33
2034. | C6 3F D2 1A 3F 5F 63 D4 78 8A 4B AB 64 F8 23 CC
2035. | F1 25 FD B7 CB C5 91 32 FE 99 F9 CB C4 7E 7C 32
2036. | 8B A2 B8 90 69 EC 4B E0 F3 51 4A 63 DF 88 31 6F
2037. | ICV : 7F 4D D6 C2 9C 39 17 EA 72 32 86 E3 35 7F 55 C1
2038.  
2039. [VPN-Debug] 2022/01/18 12:01:25,163 Devicetime: 2022/01/18 12:01:33,337
2040. CRYPTACCESS: Registering combined id: 13
2041.  
2042. [VPN-Debug] 2022/01/18 12:01:25,163 Devicetime: 2022/01/18 12:01:33,337
2043. CRYPTACCESS: Registering combined id: 19
2044.  
2045. [VPN-Debug] 2022/01/18 12:01:25,163 Devicetime: 2022/01/18 12:01:33,338
2046. Peer SMARTPHONE: Constructing an IKE_AUTH-RESPONSE for send
2047. Constructing payload NOTIFY(MANAGEMENT_IP4_ADDRESS) (41):
2048. Constructing payload NOTIFY(MANAGEMENT_IP6_ADDRESS) (41):
2049. Constructing payload CP(REPLY) (47):
2050. +INTERNAL_IP4_ADDRESS(172.20.0.22)
2051. +INTERNAL_IP4_DNS(172.20.0.110)
2052. +INTERNAL_IP4_DNS(8.8.8.8)
2053. Constructing payload NOTIFY(STATUS_INITIAL_CONTACT) (41):
2054. KEY-PARSE: Received SADB_GETSPI/SADB_SATYPE_ESP
2055. KEY-GETSPI: Peer SMARTPHONE SPI 0x53B6DE80
2056. KEY-NEWSA: SA successfully created and inserted into SADB:
2057. State LARVAL Protocol ESP PID 0 refcnt 2 Hard-Timeout in 30 sec (larval_timeout)
2058. IPSEC-SEND-UP
2059. Message encrypted successfully
2060. Message authenticated successfully
2061. Non-ESP-Marker Prepended
2062. IKE_SA(0x5A1C35418681740B13FB7B459F87A40E).EXPECTED-MSG-ID raised to 2
2063. IPSEC transports created
2064. KEY-PARSE: Received SADB_ADD/SADB_SATYPE_ESP
2065. KEY-NEWSA: SA successfully created and inserted into SADB:
2066. State LARVAL Protocol ESP PID 0 refcnt 1 Hard-Timeout in 28800 sec (key_hard_event) Soft-Timeout in 25920 sec
2067. KEY-SA-STATE-CHANGE: LARVAL->MATURE
2068. KEY-ADD: Peer SMARTPHONE handle 23 outgoing UDP-SPI 0x52CDFEAE NAT-T 0.0.0.0/0---öffentlicheIP:4500===smartphoneIP:44439---172.20.0.22/32 Hard-Timeout in 28800 sec (key_hard_event) Soft-Timeout in 25920 sec
2069. IPSEC-SEND-UP
2070. KEY-PARSE: Received SADB_UPDATE/SADB_SATYPE_ESP
2071. KEY-SA-STATE-CHANGE: LARVAL->MATURE
2072. SA-STORE: refcnt 3
2073. KEY-UPDATE: Peer SMARTPHONE handle 23 incoming UDP-SPI 0x53B6DE80 NAT-T 172.20.0.22/32---smartphoneIP:44439===öffentlicheIP:4500---0.0.0.0/0 Hard-Timeout in 28800 sec (key_hard_event) Soft-Timeout in 25920 sec
2074. IPSEC-SEND-UP
2075. SMARTPHONE: UPDATE MODE(1) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---öffentlicheIP===smartphoneIP---172.20.0.22/32 port(0) protocol(0)
2076. KEY-PARSE: Received SADB_X_SPDUPDATE/SADB_SATYPE_UNSPEC
2077. KEY-SPDUPDATE: SMARTPHONE OUTBOUND PROTOCOL_ANY 0.0.0.0/0<->172.20.0.22/32
2078. IPSEC-SEND-UP
2079. SMARTPHONE: UPDATE MODE(1) INBOUND ESP 172.20.0.22/32 port(0) protocol(0)---smartphoneIP===öffentlicheIP---0.0.0.0/0 port(0) protocol(0)
2080. KEY-PARSE: Received SADB_X_SPDUPDATE/SADB_SATYPE_UNSPEC
2081. KEY-SPDUPDATE: SMARTPHONE INBOUND PROTOCOL_ANY 172.20.0.22/32<->0.0.0.0/0
2082. IPSEC-SEND-UP
2083. +(request, response) pair inserted into retransmission map
2084. Sending an IKE_AUTH-RESPONSE of 272 bytes (responder encrypted)
2085. Gateways: öffentlicheIP:4500-->smartphoneIP:44439, tag 0 (UDP)
2086. SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 1
2087. Payloads: ENCR
2088.  
2089. [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,338
2090. Peer SMARTPHONE: Constructing an IKE_AUTH-RESPONSE for send
2091. +Local-ID android.lancom.de:FQDN
2092. +I use AUTH(PSK)
2093.  
2094. IKE_SA_INIT [responder] for peer SMARTPHONE initiator id android.lancom.de, responder id android.lancom.de
2095. initiator cookie: 0x5A1C35418681740B, responder cookie: 0x13FB7B459F87A40E
2096. NAT-T enabled. We are not behind a nat, the remote side is behind a nat
2097. SA ISAKMP for peer SMARTPHONE Encryption AES-CBC-256 Integrity AUTH-HMAC-SHA-256 IKE-DH-Group 14 PRF-HMAC-SHA-256
2098. life time soft 01/19/2022 15:01:33 (in 97200 sec) / 0 kb
2099. life time hard 01/19/2022 18:01:33 (in 108000 sec) / 0 kb
2100. DPD: 30 sec
2101. Negotiated: IKEV2_FRAGMENTATION
2102.  
2103. Reply attributes:
2104. INTERNAL_IP4_ADDRESS(172.20.0.22)
2105. INTERNAL_IP4_DNS(172.20.0.110)
2106. INTERNAL_IP4_DNS(8.8.8.8)
2107. +TSi 0: ( 0, 0-65535, 172.20.0.22-172.20.0.22 )
2108. +TSr 0: ( 0, 0-65535, 0.0.0.0-255.255.255.255)
2109. +CHILD-SA:
2110. ESP-Proposal-1 My-SPI: 0x53B6DE80 (3 transforms)
2111. ENCR : AES-CBC-256
2112. INTEG: HMAC-SHA-256
2113. ESN : NONE
2114.  
2115. CHILD_SA [responder] done with 2 SAS for peer SMARTPHONE rule IPSEC-0-SMARTPHONE-PR0-L0-R0
2116. öffentlicheIP:4500-->smartphoneIP:44439, Routing tag 0, Com-channel 23
2117. rule:' ipsec 0.0.0.0/0 <-> 172.20.0.22/32
2118. outgoing SA ESP [0x52CDFEAE] Encryption AES-CBC-256 Integrity AUTH-HMAC-SHA-256 PFS-DH-Group None ESN None
2119. incoming SA ESP [0x53B6DE80] Encryption AES-CBC-256 Integrity AUTH-HMAC-SHA-256 PFS-DH-Group None ESN None
2120. life time soft 01/18/2022 19:13:33 (in 25920 sec) / 1800000 kb
2121. life time hard 01/18/2022 20:01:33 (in 28800 sec) / 2000000 kb
2122. tunnel between src: öffentlicheIP dst: smartphoneIP
2123.  
2124. Sending an IKE_AUTH-RESPONSE of 272 bytes (responder encrypted)
2125. Gateways: öffentlicheIP:4500-->smartphoneIP:44439, tag 0 (UDP)
2126. SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 1
2127.  
2128. [VPN-Debug] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
2129. Peer SMARTPHONE: Trigger next pended request to establish an exchange
2130. Current request is none
2131. IKE_SA is not REPLACED
2132. There are 0 pending requests
2133.  
2134. [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
2135. set_ip_transport for SMARTPHONE: [id: 2440867, UDP (17) {incoming unicast, fixed source address}, dst: smartphoneIP, tag 0 (U), src: öffentlicheIP, hop limit: 64, pmtu: 1492, iface: INTERNET (5), mac address: ff:ff:ff:ff:ff:ff, port 0]
2136.  
2137. [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
2138. VPN: WAN state changed to WanCalled for SMARTPHONE (smartphoneIP), called by: 01d13d38
2139.  
2140. [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
2141. vpn-maps[23], remote: SMARTPHONE, nego, dns-name, static-name, connected-by-name
2142.  
2143. [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
2144. VPN: wait for IKE negotiation from SMARTPHONE (smartphoneIP)
2145.  
2146. [VPN-Status] 2022/01/18 12:01:25,164 Devicetime: 2022/01/18 12:01:33,339
2147. VPN: WAN state changed to WanProtocol for SMARTPHONE (smartphoneIP), called by: 01d13d38
2148.  
2149. [VPN-IKE] 2022/01/18 12:01:25,224 Devicetime: 2022/01/18 12:01:33,404
2150. [SMARTPHONE] Received packet:
2151. IKE 2.0 Header:
2152. Source/Port : smartphoneIP:44439
2153. Destination/Port : öffentlicheIP:4500
2154. Routing-tag : 0
2155. Com-channel : 23
2156. | Initiator cookie : 5A 1C 35 41 86 81 74 0B
2157. | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
2158. | Next Payload : ENCR
2159. | Version : 2.0
2160. | Exchange type : INFORMATIONAL
2161. | Flags : 0x08 Initiator
2162. | Msg-ID : 2
2163. | Length : 80 Bytes
2164. ENCR Payload
2165. | Next Payload : DELETE
2166. | CRITICAL : NO
2167. | Reserved : 0x00
2168. | Length : 52 Bytes
2169. | IV : 1A EB 06 D0 16 19 90 0D 1E A2 C4 47 B6 F4 20 D9
2170. | Encrypted Data : DB 74 4B DF 7B 94 2E 2E CA 37 0B BD 70 2E 85 C5
2171. | ICV : ED 32 E9 DE F8 0D 42 36 59 A4 88 DA E2 53 6E 08
2172.  
2173. [VPN-IKE] 2022/01/18 12:01:25,224 Devicetime: 2022/01/18 12:01:33,405
2174. [SMARTPHONE] Received packet after decryption:
2175. IKE 2.0 Header:
2176. Source/Port : smartphoneIP:44439
2177. Destination/Port : öffentlicheIP:4500
2178. Routing-tag : 0
2179. Com-channel : 23
2180. | Initiator cookie : 5A 1C 35 41 86 81 74 0B
2181. | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
2182. | Next Payload : ENCR
2183. | Version : 2.0
2184. | Exchange type : INFORMATIONAL
2185. | Flags : 0x08 Initiator
2186. | Msg-ID : 2
2187. | Length : 80 Bytes
2188. ENCR Payload
2189. | Next Payload : DELETE
2190. | CRITICAL : NO
2191. | Reserved : 0x00
2192. | Length : 52 Bytes
2193. | IV : 1A EB 06 D0 16 19 90 0D 1E A2 C4 47 B6 F4 20 D9
2194. | ICV : ED 32 E9 DE F8 0D 42 36 59 A4 88 DA E2 53 6E 08
2195. DELETE Payload
2196. | Next Payload : NONE
2197. | CRITICAL : NO
2198. | Reserved : 0x00
2199. | Length : 8 Bytes
2200. | Protocol ID : IPSEC_IKE
2201. | SPI size : 0
2202. | #SPIs : 0
2203. Rest : 71 74 03 2B 13 C8 9F 07
2204.  
2205. [VPN-Debug] 2022/01/18 12:01:25,224 Devicetime: 2022/01/18 12:01:33,405
2206. Peer SMARTPHONE [responder]: Received an INFORMATIONAL-REQUEST of 80 bytes (encrypted)
2207. Gateways: öffentlicheIP:4500<--smartphoneIP:44439
2208. SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 2
2209. Payloads: ENCR
2210. QUB-DATA: öffentlicheIP:4500<---smartphoneIP:44439 rtg_tag 0 physical-channel WAN(1) vpn-channel 23
2211. transport: [id: 2440864, UDP (17) {incoming unicast, fixed source address}, dst: smartphoneIP, tag 0 (U), src: öffentlicheIP, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1492, iface: INTERNET (5), mac address: ff:ff:ff:ff:ff:ff, port 0], local port: 4500, remote port: 44439, flags: UDP_ENCAPSULATION
2212. +IKE_SA found and assigned
2213. +Exchange created (flags: 0x00000050)
2214. Message verified successfully
2215. Message decrypted successfully
2216. Payloads: ENCR, DELETE
2217.  
2218. [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,405
2219. Peer SMARTPHONE [responder]: Received an INFORMATIONAL-REQUEST of 80 bytes (encrypted)
2220. Gateways: öffentlicheIP:4500<--smartphoneIP:44439
2221. SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 2
2222.  
2223. [VPN-Debug] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,406
2224. CRYPTACCESS: Unregistering combined id: 13
2225.  
2226. [VPN-Debug] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,406
2227. CRYPTACCESS: Unregistering combined id: 19
2228.  
2229. [VPN-IKE] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,407
2230. [SMARTPHONE] Sending packet before encryption:
2231. IKE 2.0 Header:
2232. Source/Port : öffentlicheIP:4500
2233. Destination/Port : smartphoneIP:44439
2234. Routing-tag : 0
2235. Com-channel : 23
2236. | Initiator cookie : 5A 1C 35 41 86 81 74 0B
2237. | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
2238. | Next Payload : ENCR
2239. | Version : 2.0
2240. | Exchange type : INFORMATIONAL
2241. | Flags : 0x20 Response
2242. | Msg-ID : 2
2243. | Length : 96 Bytes
2244. ENCR Payload
2245. | Next Payload : DELETE
2246. | CRITICAL : NO
2247. | Reserved : 0x00
2248. | Length : 68 Bytes
2249. | IV : CC A9 8E 2D 77 1D 60 A4 F4 76 51 5F 70 EA E5 E8
2250. | ICV : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
2251. DELETE Payload
2252. | Next Payload : DELETE
2253. | CRITICAL : NO
2254. | Reserved : 0x00
2255. | Length : 8 Bytes
2256. | Protocol ID : IPSEC_IKE
2257. | SPI size : 0
2258. | #SPIs : 0
2259. DELETE Payload
2260. | Next Payload : NONE
2261. | CRITICAL : NO
2262. | Reserved : 0x00
2263. | Length : 12 Bytes
2264. | Protocol ID : IPSEC_ESP
2265. | SPI size : 4
2266. | #SPIs : 1
2267. | SPI 000 : 53 B6 DE 80
2268. Rest : 00 00 00 00 00 00 00 00 00 00 00 0B
2269.  
2270. [VPN-IKE] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,410
2271. [SMARTPHONE] Sending packet after encryption:
2272. IKE 2.0 Header:
2273. Source/Port : öffentlicheIP:4500
2274. Destination/Port : smartphoneIP:44439
2275. Routing-tag : 0
2276. Com-channel : 23
2277. | Initiator cookie : 5A 1C 35 41 86 81 74 0B
2278. | Responder cookie : 13 FB 7B 45 9F 87 A4 0E
2279. | Next Payload : ENCR
2280. | Version : 2.0
2281. | Exchange type : INFORMATIONAL
2282. | Flags : 0x20 Response
2283. | Msg-ID : 2
2284. | Length : 96 Bytes
2285. ENCR Payload
2286. | Next Payload : DELETE
2287. | CRITICAL : NO
2288. | Reserved : 0x00
2289. | Length : 68 Bytes
2290. | IV : CC A9 8E 2D 77 1D 60 A4 F4 76 51 5F 70 EA E5 E8
2291. | Encrypted Data : 59 BD F8 55 EC A5 5D 71 B5 BF 0B 7E E9 62 6C BB
2292. | 31 33 68 59 A5 A1 5C 49 2A DF ED 37 7F FC EF 28
2293. | ICV : 93 FD F7 33 71 D3 80 D1 29 79 FB 64 19 5B F7 29
2294.  
2295. [VPN-Debug] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,410
2296. Peer SMARTPHONE: Constructing an INFORMATIONAL-RESPONSE for send
2297. SMARTPHONE: Trying to disable an outgoing flow
2298. SMARTPHONE: DELETE MODE(0) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---smartphoneIP===öffentlicheIP---172.20.0.22/32 port(0) protocol(0)
2299. KEY-PARSE: Received SADB_X_SPDDELETE/SADB_SATYPE_UNSPEC
2300. KEY-SPDDELETE: SMARTPHONE OUTBOUND PROTOCOL_ANY 0.0.0.0/0<->172.20.0.22/32
2301. IPSEC-SEND-UP
2302. SMARTPHONE: Constructing SADB_MSG(SADB_DELETE ESP) outgoing
2303. EXT_SA: SPI 0x52CDFEAE (0x0004000152CDFEAE000000000000000000000000000000000000000000000000)
2304. EXT_SA2: (0x00020013000000000000000000000000)
2305. EXT_ADDRESS_SRC: öffentlicheIP:4500 port 0 (0x000300050000000000020000509922F00000000000000000)
2306. EXT_ADDRESS_DST: smartphoneIP:44439 port 0 (0x000300060000000000020000B218FAC20000000000000000)
2307. X_EXT_NAME: SMARTPHONE (0x0004001A534D41525450484F4E45000000000000000000000000000000000000)
2308. KEY-PARSE: Received SADB_DELETE/SADB_SATYPE_ESP
2309. KEY-SA-STATE-CHANGE: MATURE->DEAD
2310. IPSEC-SEND-UP
2311. SMARTPHONE: Trying to disable an incoming flow
2312. SMARTPHONE: DELETE MODE(0) INBOUND ESP 172.20.0.22/32 port(0) protocol(0)---smartphoneIP===öffentlicheIP---0.0.0.0/0 port(0) protocol(0)
2313. KEY-PARSE: Received SADB_X_SPDDELETE/SADB_SATYPE_UNSPEC
2314. KEY-SPDDELETE: SMARTPHONE INBOUND PROTOCOL_ANY 172.20.0.22/32<->0.0.0.0/0
2315. IPSEC-SEND-UP
2316. SMARTPHONE: Constructing SADB_MSG(SADB_DELETE ESP) incoming
2317. EXT_SA: SPI 0x53B6DE80 (0x0004000153B6DE80000000000000000000000000000000000000000000000000)
2318. EXT_SA2: (0x00020013000000000000000000000000)
2319. EXT_ADDRESS_SRC: smartphoneIP:44439 port 0 (0x000300050000000000020000B218FAC20000000000000000)
2320. EXT_ADDRESS_DST: öffentlicheIP:4500 port 0 (0x000300060000000000020000509922F00000000000000000)
2321. X_EXT_NAME: SMARTPHONE (0x0004001A534D41525450484F4E45000000000000000000000000000000000000)
2322. KEY-PARSE: Received SADB_DELETE/SADB_SATYPE_ESP
2323. KEY-SA-STATE-CHANGE: MATURE->DEAD
2324. SA-RELEASE: refcnt 1
2325. IPSEC-SEND-UP
2326. Message encrypted successfully
2327. Message authenticated successfully
2328. Non-ESP-Marker Prepended
2329. IKE_SA(0x5A1C35418681740B13FB7B459F87A40E).EXPECTED-MSG-ID raised to 3
2330. +(request, response) pair inserted into retransmission map
2331. Sending an INFORMATIONAL-RESPONSE of 96 bytes (responder encrypted)
2332. Gateways: öffentlicheIP:4500-->smartphoneIP:44439, tag 0 (UDP)
2333. SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 2
2334. Payloads: ENCR
2335.  
2336. [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,410
2337. Peer SMARTPHONE: Constructing an INFORMATIONAL-RESPONSE for send
2338. IKE_SA ('SMARTPHONE', 'ISAKMP-PEER-SMARTPHONE' IPSEC_IKE SPIs 0x5A1C35418681740B13FB7B459F87A40E) removed from SADB
2339. CHILD_SA ('SMARTPHONE', 'IPSEC-0-SMARTPHONE-PR0-L0-R0' IPSEC_ESP Outbound-SPI 0x52CDFEAE Inbound-SPI 0x53B6DE80) removed from SADB
2340. CHILD_SA ('SMARTPHONE', 'IPSEC-0-SMARTPHONE-PR0-L0-R0' IPSEC_ESP Outbound-SPI 0x52CDFEAE Inbound-SPI 0x53B6DE80) freed
2341. Sending an INFORMATIONAL-RESPONSE of 96 bytes (responder encrypted)
2342. Gateways: öffentlicheIP:4500-->smartphoneIP:44439, tag 0 (UDP)
2343. SPIs: 0x5A1C35418681740B13FB7B459F87A40E, Message-ID 2
2344.  
2345. [VPN-Debug] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,411
2346. SMARTPHONE: DELETE MODE(7) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---::===::---172.20.0.22/32 port(0) protocol(0)
2347. SMARTPHONE: DELETE MODE(7) INBOUND ESP 172.20.0.22/32 port(0) protocol(0)---::===::---0.0.0.0/0 port(0) protocol(0)
2348. SMARTPHONE: ADD MODE(7) OUTBOUND ESP 0.0.0.0/0 port(0) protocol(0)---::===::---0.0.0.0/32 port(0) protocol(0)
2349. SMARTPHONE: ADD MODE(7) INBOUND ESP 0.0.0.0/32 port(0) protocol(0)---::===::---0.0.0.0/0 port(0) protocol(0)
2350. DISCONNECT-RESPONSE sent for handle 23
2351. IKE-TRANSPORT freed
2352.  
2353. [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,411
2354. IKE_SA ('SMARTPHONE', 'ISAKMP-PEER-SMARTPHONE' IPSEC_IKE SPIs 0x5A1C35418681740B13FB7B459F87A40E) freed
2355.  
2356. [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,413
2357. vpn-maps[23], remote: SMARTPHONE, idle, dns-name, static-name
2358.  
2359. [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,421
2360. VPN: installing ruleset for SMARTPHONE (0.0.0.0)
2361.  
2362. [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,421
2363. VPN: WAN state changed to WanDisconnect for SMARTPHONE (0.0.0.0), called by: 01d13d38
2364.  
2365. [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,422
2366. Config parser: Start
2367.  
2368. [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,422
2369. Config parser: Finish
2370. Wall clock time: 0 ms
2371. CPU time: 0 ms
2372.  
2373. [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,422
2374. VPN: WAN state changed to WanIdle for SMARTPHONE (0.0.0.0), called by: 01d13d38
2375.  
2376. [VPN-Status] 2022/01/18 12:01:25,225 Devicetime: 2022/01/18 12:01:33,423
2377. DISCONNECT-RESPONSE sent for handle 23
2378.  
2379. SMARTPHONE (ikev2): Remote gateway has changed from smartphoneIP to 0.0.0.0 -> tearing down
2380.  
2381. [VPN-Status] 2022/01/18 12:01:25,285 Devicetime: 2022/01/18 12:01:33,424
2382. VPN: rulesets installed
2383.  
2384.  
2385. [TraceStopped] 2022/01/18 12:01:33,132
2386. Used config:
2387. # Trace config
2388. trace + VPN
2389. trace + VPN-Debug
2390. trace + VPN-IKE
2391. trace + VPN-Packet
2392. trace + VPN-Status
2393.  
2394. # Show commands
2395. show bootlog
2396. show locked-jobs
2397. [Legend] 2009/07/09 00:00:00,000
2398. VPN-Status, TraceStarted, TraceStopped, Sysinfo, ShowCmd, VPN-Debug, VPN-IKE
2399. [Index] 2009/07/09 00:00:00,000
2400. 1,212,12;4,1746,20;4,2243,96;3,1969,53;6,15927,478;5,2846,44;0,1532,26;6,796,25;5,421,8;0,348,7;5,97,3;0,235,4;6,14790,462;5,3081,48;0,1475,26;6,5243,145;
2401. 5,2098,33;0,1064,23;6,3076,55;6,10892,359;5,163,3;5,4056,68;0,1322,31;6,4198,136;6,1746,36;5,118,3;5,118,3;5,2582,44;0,1911,39;5,230,6;0,316,3;0,167,3;0,159,3;
2402. 0,141,3;0,169,3;6,885,24;6,1090,32;5,852,13;0,274,5;5,120,3;5,120,3;6,1351,41;6,971,25;5,2473,41;0,703,9;5,593,8;0,182,3;0,140,3;0,127,3;0,164,3;0,99,3;
2403. 0,143,5;0,158,3;0,214,5;0,103,4;2,212,12;
2404.