>Synopsis: iked sends KE payload not matching the proposal on IKE rekey
>Category: system
>Environment:
System : OpenBSD 6.0
Details : OpenBSD 6.0-current (LOCAL) #0: Mon Oct 24 10:01:22 CEST
2016
[email protected]:/usr/src/sys/arch/amd64/compile/LOCAL
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
This is a two part bug:
1. When requesting IKE rekey iked sends a KE payload not matching the
proposal.
2. When the peer rejects this (INVALID_KE_PAYLOAD notification), iked
does not repeat the request with the right DH group.
If iked is configured to rekey the IKE SA (ikelifetime option), the SA
payload of the CREATE_CHILD_SA message for rekeying contains only one
proposal matching the currently used cipher suites. Log excerpt (full
log below):
ikev2_pld_payloads: decrypted payload SA nextpayload NONCE critical 0x00 length
56
ikev2_pld_sa: more 0 reserved 0 length 52 proposal #1 protoid IKE spisize 8
xforms 4 spi 0x51ba8d449f91ff4a
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
Note that the DH transform is MODP_2048 as negotiated during the
initial handshake. However, the KE payload sent in the same message
does not match the proposal:
ikev2_pld_payloads: decrypted payload KE nextpayload NONE critical 0x00 length
264
ikev2_pld_ke: dh group MODP_2048_256 reserved 0
The KE data is for MODP_2048_256, even though MODP_2048_256 is not
proposed as the DH transform. The peer predictably rejects this with an
INVALID_KE_PAYLOAD error notification requesting the use of MODP_2048
instead. This group would be acceptable according to the
configuration, but instead of repeating the request with the suggested
group, iked deletes the IKE SA.
>How-To-Repeat:
1. Configure iked as a responder with ikelifetime > 0. The very short
time in the example iked.conf below (10 seconds) is chosen to make
reproduction fast. Any value that causes iked to initiate IKE rekeying
before the peer does should work.
2. Start iked with this configuration. The log below was created using
"iked -dvv".
3. Initiate an IKE SA from a suitable peer that is configured to not
allow MODP_2048_256 as the DH transform of the IKE SA and wait for
rekeying to happen.
>Fix:
I can work around the problem by explicitly setting the right DH group
in iked.conf, but that is not a feasible solution if I want to allow
clients to use different DH groups. Presumably KE payload generation
must be changed to consider the transmitted proposal(s).
iked.conf:
ikev2 "test" passive ipcomp esp from 172.25.128.5/32 to 172.24.2.42/32 \
peer any \
srcid "/CN=ike-test.example.com/C=DE" \
ikelifetime 10
iked.log:
ca_privkey_serialize: type RSA_KEY length 1192
ca_pubkey_serialize: type RSA_KEY length 270
ikev2 "test" passive esp from 172.25.128.5/32 to 172.24.2.42/32 local any peer
any ikesa enc aes-256,aes-192,aes-128,3des prf hmac-sha2-256,hmac-sha1 auth
hmac-sha2-256,hmac-sha1 group modp2048-256,modp2048,modp1536,modp1024 childsa
enc aes-256,aes-192,aes-128 auth hmac-sha2-256,hmac-sha1 srcid
/CN=ike-test.example.com/C=DE ikelifetime 10 lifetime 10800 bytes 536870912 rsa
iked.conf: loaded 1 configuration rules
config_getpolicy: received policy
ca_reload: loaded ca file x509.pem
config_getpfkey: received pfkey fd 3
config_getcompile: compilation done
config_getsocket: received socket fd 4
config_getsocket: received socket fd 5
ca_reload: /CN=Testing Authority
ca_reload: loaded 1 ca certificate
config_getsocket: received socket fd 6
config_getsocket: received socket fd 7
ca_reload: loaded cert file ike-test.pem
ca_validate_cert: /CN=ike-test.example.com/C=DE ok
ca_reload: local cert type X509_CERT
config_getocsp: ocsp_url none
ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 20
ikev2_recv: IKE_SA_INIT request from initiator 172.24.2.42:500 to
172.25.128.5:500 policy 'test' id 0, 544 bytes
ikev2_recv: ispi 0x27f2f333153d6637 rspi 0x0000000000000000
ca_x509_name_parse: setting 'CN' to 'ike-test.example.com'
ca_x509_name_parse: setting 'C' to 'DE'
ikev2_policy2id: srcid ASN1_DN//CN=ike-test.example.com/C=DE length 50
ikev2_pld_parse: header ispi 0x27f2f333153d6637 rspi 0x0000000000000000
nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 544
response 0
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 136
ikev2_pld_sa: more than one proposal specified
ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE spisize 0
xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_nat_detection: peer source 0x27f2f333153d6637 0x0000000000000000
172.24.2.42:500
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_nat_detection: peer destination 0x27f2f333153d6637 0x0000000000000000
172.25.128.5:500
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 16
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
ikev2_pld_notify: signature hash SHA1 (1)
ikev2_pld_notify: signature hash SHA2_256 (2)
ikev2_pld_notify: signature hash SHA2_384 (3)
ikev2_pld_notify: signature hash SHA2_512 (4)
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8
ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED
sa_state: INIT -> SA_INIT
ikev2_sa_negotiate: score 6
sa_stateok: SA_INIT flags 0x0000, require 0x0000
sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 )
ikev2_sa_keys: SKEYSEED with 32 bytes
ikev2_sa_keys: S with 80 bytes
ikev2_prfplus: T1 with 32 bytes
ikev2_prfplus: T2 with 32 bytes
ikev2_prfplus: T3 with 32 bytes
ikev2_prfplus: T4 with 32 bytes
ikev2_prfplus: T5 with 32 bytes
ikev2_prfplus: T6 with 32 bytes
ikev2_prfplus: T7 with 32 bytes
ikev2_prfplus: Tn with 224 bytes
ikev2_sa_keys: SK_d with 32 bytes
ikev2_sa_keys: SK_ai with 32 bytes
ikev2_sa_keys: SK_ar with 32 bytes
ikev2_sa_keys: SK_ei with 32 bytes
ikev2_sa_keys: SK_er with 32 bytes
ikev2_sa_keys: SK_pi with 32 bytes
ikev2_sa_keys: SK_pr with 32 bytes
ikev2_add_proposals: length 44
ikev2_next_payload: length 48 nextpayload KE
ikev2_next_payload: length 264 nextpayload NONCE
ikev2_next_payload: length 36 nextpayload NOTIFY
ikev2_nat_detection: local source 0x27f2f333153d6637 0xbcde677e61984d2c
172.25.128.5:500
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_nat_detection: local destination 0x27f2f333153d6637 0xbcde677e61984d2c
172.24.2.42:500
ikev2_next_payload: length 28 nextpayload CERTREQ
ikev2_add_certreq: type X509_CERT length 21
ikev2_next_payload: length 25 nextpayload NOTIFY
ikev2_next_payload: length 14 nextpayload NONE
ikev2_pld_parse: header ispi 0x27f2f333153d6637 rspi 0xbcde677e61984d2c
nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 471
response 1
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0
xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264
ikev2_pld_ke: dh group MODP_2048 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_pld_payloads: payload CERTREQ nextpayload NOTIFY critical 0x00 length 25
ikev2_pld_certreq: type X509_CERT length 20
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 14
ikev2_pld_notify: protoid NONE spisize 0 type SIGNATURE_HASH_ALGORITHMS
ikev2_msg_send: IKE_SA_INIT response from 172.25.128.5:500 to 172.24.2.42:500
msgid 0, 471 bytes
config_free_proposals: free 0x1685cd6d7380
ikev2_recv: IKE_AUTH request from initiator 172.24.2.42:500 to 172.25.128.5:500
policy 'test' id 1, 1728 bytes
ikev2_recv: ispi 0x27f2f333153d6637 rspi 0xbcde677e61984d2c
ikev2_recv: updated SA to peer 172.24.2.42:500 local 172.25.128.5:500
ikev2_pld_parse: header ispi 0x27f2f333153d6637 rspi 0xbcde677e61984d2c
nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 1728
response 0
ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 1700
ikev2_msg_decrypt: IV length 16
ikev2_msg_decrypt: encrypted payload length 1664
ikev2_msg_decrypt: integrity checksum length 16
ikev2_msg_decrypt: integrity check succeeded
ikev2_msg_decrypt: decrypted payload length 1664/1664 padding 1
ikev2_pld_payloads: decrypted payload IDi nextpayload CERT critical 0x00 length
55
ikev2_pld_id: id ASN1_DN//CN=ike-test2.example.com/C=DE length 51
ikev2_pld_payloads: decrypted payload CERT nextpayload CERTREQ critical 0x00
length 1028
ikev2_pld_cert: type X509_CERT length 1023
ikev2_pld_payloads: decrypted payload CERTREQ nextpayload IDr critical 0x00
length 25
ikev2_pld_certreq: type X509_CERT length 20
ca_x509_name_parse: setting 'CN' to 'ike-test.example.com'
ca_x509_name_parse: setting 'C' to 'DE'
ikev2_policy2id: srcid ASN1_DN//CN=ike-test.example.com/C=DE length 50
sa_stateflags: 0x0020 -> 0x0024 certreq,sa (required 0x0000 )
ikev2_pld_payloads: decrypted payload IDr nextpayload AUTH critical 0x00 length
54
ikev2_pld_id: id ASN1_DN//CN=ike-test.example.com/C=DE length 50
ikev2_pld_id: unexpected id payload
ikev2_pld_payloads: decrypted payload AUTH nextpayload SA critical 0x00 length
280
ikev2_pld_auth: method SIG length 272
sa_state: SA_INIT -> AUTH_REQUEST
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length
164
ikev2_pld_sa: more than one proposal specified
ikev2_pld_sa: more 2 reserved 0 length 40 proposal #1 protoid ESP spisize 4
xforms 3 spi 0xccfffe9b
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length
24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535
ikev2_pld_ts: start 172.24.2.42 end 172.24.2.42
ikev2_pld_payloads: decrypted payload TSr nextpayload NOTIFY critical 0x00
length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535
ikev2_pld_ts: start 172.25.128.5 end 172.25.128.5
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00
length 8
ikev2_pld_notify: protoid NONE spisize 0 type EAP_ONLY_AUTHENTICATION
sa_stateok: SA_INIT flags 0x0000, require 0x0000
policy_lookup: peerid '/CN=ike-test2.example.com/C=DE'
ikev2_msg_auth: responder auth data length 535
ca_setauth: switching from RSA_SIG to SIG
ca_setauth: auth length 535
ikev2_msg_auth: initiator auth data length 608
ikev2_msg_authverify: method SIG keylen 1023 type X509_CERT
_dsa_verify_init: signature scheme 0 selected
ikev2_msg_authverify: authentication successful
sa_state: AUTH_REQUEST -> AUTH_SUCCESS
sa_stateflags: 0x0024 -> 0x0034 certreq,authvalid,sa (required 0x003b
cert,certvalid,auth,authvalid,sa)
ikev2_sa_negotiate: score 7
sa_stateflags: 0x0034 -> 0x0034 certreq,authvalid,sa (required 0x003b
cert,certvalid,auth,authvalid,sa)
sa_stateok: VALID flags 0x0030, require 0x003b cert,certvalid,auth,authvalid,sa
sa_state: cannot switch: AUTH_SUCCESS -> VALID
config_free_proposals: free 0x1685bd815900
ca_getreq: found CA /CN=Testing Authority
ca_getreq: found local certificate /CN=ike-test.example.com/C=DE
ca_setauth: auth length 272
ca_validate_cert: /CN=ike-test2.example.com/C=DE ok
ikev2_getimsgdata: imsg 18 rspi 0xbcde677e61984d2c ispi 0x27f2f333153d6637
initiator 0 sa valid type 4 data length 1020
ikev2_dispatch_cert: cert type X509_CERT length 1020, ok
sa_stateflags: 0x0034 -> 0x0035 cert,certreq,authvalid,sa (required 0x003b
cert,certvalid,auth,authvalid,sa)
sa_stateok: VALID flags 0x0031, require 0x003b cert,certvalid,auth,authvalid,sa
sa_state: cannot switch: AUTH_SUCCESS -> VALID
ikev2_getimsgdata: imsg 23 rspi 0xbcde677e61984d2c ispi 0x27f2f333153d6637
initiator 0 sa valid type 14 data length 272
ikev2_dispatch_cert: AUTH type 14 len 272
sa_stateflags: 0x0035 -> 0x003d cert,certreq,auth,authvalid,sa (required 0x003b
cert,certvalid,auth,authvalid,sa)
sa_stateok: VALID flags 0x0039, require 0x003b cert,certvalid,auth,authvalid,sa
sa_state: cannot switch: AUTH_SUCCESS -> VALID
ikev2_dispatch_cert: peer certificate is valid
sa_stateflags: 0x003d -> 0x003f cert,certvalid,certreq,auth,authvalid,sa
(required 0x003b cert,certvalid,auth,authvalid,sa)
sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
sa_state: AUTH_SUCCESS -> VALID
sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
ikev2_sa_tag: (0)
ikev2_childsa_negotiate: proposal 1
ikev2_childsa_negotiate: key material length 104
ikev2_prfplus: T1 with 32 bytes
ikev2_prfplus: T2 with 32 bytes
ikev2_prfplus: T3 with 32 bytes
ikev2_prfplus: T4 with 32 bytes
ikev2_prfplus: Tn with 128 bytes
pfkey_sa_getspi: spi 0x0be7e90b
pfkey_sa_init: new spi 0x0be7e90b
sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
ikev2_next_payload: length 54 nextpayload CERT
ikev2_next_payload: length 1025 nextpayload AUTH
ikev2_next_payload: length 280 nextpayload SA
ikev2_add_proposals: length 40
ikev2_next_payload: length 44 nextpayload TSi
ikev2_next_payload: length 24 nextpayload TSr
ikev2_next_payload: length 24 nextpayload NONE
ikev2_msg_encrypt: decrypted length 1451
ikev2_msg_encrypt: padded length 1456
ikev2_msg_encrypt: length 1452, padding 4, output length 1488
ikev2_next_payload: length 1492 nextpayload IDr
ikev2_msg_integr: message length 1520
ikev2_msg_integr: integrity checksum length 16
ikev2_pld_parse: header ispi 0x27f2f333153d6637 rspi 0xbcde677e61984d2c
nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 1520
response 1
ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 1492
ikev2_msg_decrypt: IV length 16
ikev2_msg_decrypt: encrypted payload length 1456
ikev2_msg_decrypt: integrity checksum length 16
ikev2_msg_decrypt: integrity check succeeded
ikev2_msg_decrypt: decrypted payload length 1456/1456 padding 4
ikev2_pld_payloads: decrypted payload IDr nextpayload CERT critical 0x00 length
54
ikev2_pld_id: id ASN1_DN//CN=ike-test.example.com/C=DE length 50
ikev2_pld_payloads: decrypted payload CERT nextpayload AUTH critical 0x00
length 1025
ikev2_pld_cert: type X509_CERT length 1020
ikev2_pld_payloads: decrypted payload AUTH nextpayload SA critical 0x00 length
280
ikev2_pld_auth: method SIG length 272
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 44
ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4
xforms 3 spi 0x0be7e90b
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length
24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535
ikev2_pld_ts: start 172.24.2.42 end 172.24.2.42
ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length
24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535
ikev2_pld_ts: start 172.25.128.5 end 172.25.128.5
ikev2_msg_send: IKE_AUTH response from 172.25.128.5:500 to 172.24.2.42:500
msgid 1, 1520 bytes
pfkey_sa_add: update spi 0x0be7e90b
ikev2_childsa_enable: loaded CHILD SA spi 0x0be7e90b
pfkey_sa_add: add spi 0xccfffe9b
ikev2_childsa_enable: loaded CHILD SA spi 0xccfffe9b
ikev2_childsa_enable: loaded flow 0x1685ac340000
ikev2_childsa_enable: loaded flow 0x1685ac33dc00
sa_state: VALID -> ESTABLISHED from 172.24.2.42:500 to 172.25.128.5:500 policy
'test'
ikev2_ike_sa_rekey: called for IKE SA 0x1685c0711000
ca_x509_name_parse: setting 'CN' to 'ike-test.example.com'
ca_x509_name_parse: setting 'C' to 'DE'
ikev2_policy2id: srcid ASN1_DN//CN=ike-test.example.com/C=DE length 50
sa_state: INIT -> AUTH_SUCCESS
ikev2_add_proposals: length 52
ikev2_next_payload: length 56 nextpayload NONCE
ikev2_next_payload: length 36 nextpayload KE
ikev2_next_payload: length 264 nextpayload NONE
ikev2_msg_encrypt: decrypted length 356
ikev2_msg_encrypt: padded length 368
ikev2_msg_encrypt: length 357, padding 11, output length 400
ikev2_next_payload: length 404 nextpayload SA
ikev2_msg_integr: message length 432
ikev2_msg_integr: integrity checksum length 16
ikev2_pld_parse: header ispi 0x27f2f333153d6637 rspi 0xbcde677e61984d2c
nextpayload SK version 0x20 exchange CREATE_CHILD_SA flags 0x00 msgid 0 length
432 response 0
ikev2_pld_payloads: payload SK nextpayload SA critical 0x00 length 404
ikev2_msg_decrypt: IV length 16
ikev2_msg_decrypt: encrypted payload length 368
ikev2_msg_decrypt: integrity checksum length 16
ikev2_msg_decrypt: integrity check succeeded
ikev2_msg_decrypt: decrypted payload length 368/368 padding 11
ikev2_pld_payloads: decrypted payload SA nextpayload NONCE critical 0x00 length
56
ikev2_pld_sa: more 0 reserved 0 length 52 proposal #1 protoid IKE spisize 8
xforms 4 spi 0x51ba8d449f91ff4a
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048
ikev2_pld_payloads: decrypted payload NONCE nextpayload KE critical 0x00 length
36
ikev2_pld_payloads: decrypted payload KE nextpayload NONE critical 0x00 length
264
ikev2_pld_ke: dh group MODP_2048_256 reserved 0
ikev2_msg_send: CREATE_CHILD_SA request from 172.25.128.5:500 to
172.24.2.42:500 msgid 0, 432 bytes
ikev2_ike_sa_rekey: create child SA sent
ikev2_recv: CREATE_CHILD_SA response from initiator 172.24.2.42:500 to
172.25.128.5:500 policy 'test' id 0, 80 bytes
ikev2_recv: ispi 0x27f2f333153d6637 rspi 0xbcde677e61984d2c
ikev2_recv: updated SA to peer 172.24.2.42:500 local 172.25.128.5:500
ikev2_pld_parse: header ispi 0x27f2f333153d6637 rspi 0xbcde677e61984d2c
nextpayload SK version 0x20 exchange CREATE_CHILD_SA flags 0x28 msgid 0 length
80 response 1
ikev2_pld_payloads: payload SK nextpayload NOTIFY critical 0x00 length 52
ikev2_msg_decrypt: IV length 16
ikev2_msg_decrypt: encrypted payload length 16
ikev2_msg_decrypt: integrity checksum length 16
ikev2_msg_decrypt: integrity check succeeded
ikev2_msg_decrypt: decrypted payload length 16/16 padding 5
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00
length 10
ikev2_pld_notify: protoid NONE spisize 0 type INVALID_KE_PAYLOAD
sa_stateok: VALID flags 0x003b, require 0x003b cert,certvalid,auth,authvalid,sa
ikev2_pld_notify: not an initiator
sa_state: ESTABLISHED -> CLOSED from 172.24.2.42:500 to 172.25.128.5:500 policy
'test'
ikev2_init_create_child_sa: no proposal specified
ikev2_recv: closing SA
sa_free: ispi 0x27f2f333153d6637 rspi 0xbcde677e61984d2c
config_free_proposals: free 0x1685cd6d7000
config_free_proposals: free 0x1685ac33c200
config_free_childsas: free 0x16852e207500
config_free_childsas: free 0x1685d6ba2c00
sa_free_flows: free 0x1685ac340000
sa_free_flows: free 0x1685ac33dc00
--
Dipl.-Ing. Thomas Klute
achelos GmbH
Vattmannstraße 1
33100 Paderborn / Germany
Geschäftsführung: Kathrin Asmuth, Frank Stehling
Registergericht: Paderborn, HRB 8817, USt-IdNr.: DE260414872
