Hello , I'm trying to set up an ipsec connection from my Blackberry Z30 to Openbsd 5.6. I'm new to openbsd ipsec. When setting up the connection I do see my requests go to the server,but the vpn tunnel is not established. Any help would be greatly appreciated !
ikev2 "bb10" esp \ from 192.168.0.0/24 to any \ local em0 peer any \ ikesa enc aes-128 auth hmac-sha1 group modp1024 \ childsa enc aes-128 auth hmac-sha1 \ srcid IPV4 dstid IPV4 \ ikelifetime 86400 \ lifetime 10800 \ eap "mschap-v2" \ tag "$name-$id" ikev2_recv: IKE_SA_INIT request from initiator 79.xxx.xxx.xxx:500 to 81.xxx.xxx.xxx:500 policy 'bb10' id 0, 400 bytes ikev2_recv: ispi 0xe1625a1286b597d8 rspi 0x0000000000000000 ikev2_policy2id: srcid FQDN/IPV4 length 8 ikev2_pld_parse: header ispi 0xe1625a1286b597d8 rspi 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 400 response 0 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 112 ikev2_pld_sa: more 0 reserved 0 length 108 proposal #1 protoid IKE spisize 0 xforms 11 spi 0 ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_1024 ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_768 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_MD5 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id DES ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 0 reserved 0 length 8 type INTEGR id HMAC_MD5_96 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136 ikev2_pld_ke: dh group MODP_1024 reserved 0 ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 68 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid IKE spisize 0 type NAT_DETECTION_SOURCE_IP ikev2_nat_detection: peer source 0xe1625a1286b597d8 0x0000000000000000 79.xxx.xxx.xxx:500 ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP encapsulation ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 28 ikev2_pld_notify: protoid IKE spisize 0 type NAT_DETECTION_DESTINATION_IP ikev2_nat_detection: peer destination 0xe1625a1286b597d8 0x0000000000000000 81.xxx.xxx.xxx:500 sa_state: INIT -> SA_INIT ikev2_sa_negotiate: score 5 sa_stateok: SA_INIT flags 0x00, require 0x00 sa_stateflags: 0x00 -> 0x10 sa (required 0x00 ) ikev2_sa_keys: SKEYSEED with 20 bytes ikev2_sa_keys: S with 112 bytes ikev2_prfplus: T1 with 20 bytes ikev2_prfplus: T2 with 20 bytes ikev2_prfplus: T3 with 20 bytes ikev2_prfplus: T4 with 20 bytes ikev2_prfplus: T5 with 20 bytes ikev2_prfplus: T6 with 20 bytes ikev2_prfplus: T7 with 20 bytes ikev2_prfplus: Tn with 140 bytes ikev2_sa_keys: SK_d with 20 bytes ikev2_sa_keys: SK_ai with 20 bytes ikev2_sa_keys: SK_ar with 20 bytes ikev2_sa_keys: SK_ei with 16 bytes ikev2_sa_keys: SK_er with 16 bytes ikev2_sa_keys: SK_pi with 20 bytes ikev2_sa_keys: SK_pr with 20 bytes ikev2_add_proposals: length 44 ikev2_next_payload: length 48 nextpayload KE ikev2_next_payload: length 136 nextpayload NONCE ikev2_next_payload: length 36 nextpayload NOTIFY ikev2_nat_detection: local source 0xe1625a1286b597d8 0xb144236f4734436b 81.x.x.x:500 ikev2_next_payload: length 28 nextpayload NOTIFY ikev2_nat_detection: local destination 0xe1625a1286b597d8 0xb144236f4734436b 79.x.x.x.:500 ikev2_next_payload: length 28 nextpayload CERTREQ ikev2_add_certreq: type X509_CERT length 21 ikev2_next_payload: length 25 nextpayload NONE ikev2_pld_parse: header ispi 0xe1625a1286b597d8 rspi 0xb144236f4734436b nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 329 response 1 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136 ikev2_pld_ke: dh group MODP_1024 reserved 0 ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 25 ikev2_pld_certreq: type X509_CERT length 20 ikev2_msg_send: IKE_SA_INIT response from 81.x.x.x:500 to 79.x.x.x:500 msgid 0, 329 bytes config_free_proposals: free 0x7d745700 ikev2_recv: IKE_SA_INIT request from initiator 79.x.x.x:500 to 81.x.x.x.x:500 policy 'bb10' id 0, 400 bytes ikev2_recv: ispi 0xe1625a1286b597d8 rspi 0x0000000000000000 ikev2_recv: updated SA to peer 79.x.x.x:500 local 81.x.x.x:500 ikev2_resp_recv: SA already exists ikev2_recv: IKE_SA_INIT request from initiator 79.x.x.x:500 to 81.x.x.x:500 policy 'bb10' id 0, 400 bytes ikev2_recv: ispi 0x2bc9a5cc2fc02c52 rspi 0x0000000000000000