Ipsec Blackberry OS 10

[Ionel Coman]

Hello ,

I'm  trying to set up an ipsec connection from my Blackberry Z30  to
Openbsd 5.6.
I'm new to openbsd ipsec.
When setting up the connection I do see my requests go to the server,but the
vpn tunnel is
not established.
Any help would be greatly appreciated !

ikev2 "bb10" esp \
        from 192.168.0.0/24 to any \
        local em0 peer any \
        ikesa enc aes-128 auth hmac-sha1 group modp1024 \
        childsa enc aes-128 auth hmac-sha1 \
        srcid IPV4 dstid IPV4 \
        ikelifetime 86400 \
        lifetime 10800 \
        eap "mschap-v2" \
        tag "$name-$id"

ikev2_recv: IKE_SA_INIT request from initiator 79.xxx.xxx.xxx:500 to
81.xxx.xxx.xxx:500 policy 'bb10' id 0, 400 bytes
ikev2_recv: ispi 0xe1625a1286b597d8 rspi 0x0000000000000000
ikev2_policy2id: srcid FQDN/IPV4 length 8
ikev2_pld_parse: header ispi 0xe1625a1286b597d8 rspi 0x0000000000000000
nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 400
response 0
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 112
ikev2_pld_sa: more 0 reserved 0 length 108 proposal #1 protoid IKE spisize 0
xforms 11 spi 0
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_1024
ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_768
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_MD5
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id DES
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 0 reserved 0 length 8 type INTEGR id HMAC_MD5_96
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136
ikev2_pld_ke: dh group MODP_1024 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 68
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid IKE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_nat_detection: peer source 0xe1625a1286b597d8 0x0000000000000000
79.xxx.xxx.xxx:500
ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP
encapsulation
ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 28
ikev2_pld_notify: protoid IKE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_nat_detection: peer destination 0xe1625a1286b597d8 0x0000000000000000
81.xxx.xxx.xxx:500
sa_state: INIT -> SA_INIT
ikev2_sa_negotiate: score 5
sa_stateok: SA_INIT flags 0x00, require 0x00
sa_stateflags: 0x00 -> 0x10 sa (required 0x00 )
ikev2_sa_keys: SKEYSEED with 20 bytes
ikev2_sa_keys: S with 112 bytes
ikev2_prfplus: T1 with 20 bytes
ikev2_prfplus: T2 with 20 bytes
ikev2_prfplus: T3 with 20 bytes
ikev2_prfplus: T4 with 20 bytes
ikev2_prfplus: T5 with 20 bytes
ikev2_prfplus: T6 with 20 bytes
ikev2_prfplus: T7 with 20 bytes
ikev2_prfplus: Tn with 140 bytes
ikev2_sa_keys: SK_d with 20 bytes
ikev2_sa_keys: SK_ai with 20 bytes
ikev2_sa_keys: SK_ar with 20 bytes
ikev2_sa_keys: SK_ei with 16 bytes
ikev2_sa_keys: SK_er with 16 bytes
ikev2_sa_keys: SK_pi with 20 bytes
ikev2_sa_keys: SK_pr with 20 bytes
ikev2_add_proposals: length 44
ikev2_next_payload: length 48 nextpayload KE
ikev2_next_payload: length 136 nextpayload NONCE
ikev2_next_payload: length 36 nextpayload NOTIFY
ikev2_nat_detection: local source 0xe1625a1286b597d8 0xb144236f4734436b
81.x.x.x:500
ikev2_next_payload: length 28 nextpayload NOTIFY
ikev2_nat_detection: local destination 0xe1625a1286b597d8 0xb144236f4734436b
79.x.x.x.:500
ikev2_next_payload: length 28 nextpayload CERTREQ
ikev2_add_certreq: type X509_CERT length 21
ikev2_next_payload: length 25 nextpayload NONE
ikev2_pld_parse: header ispi 0xe1625a1286b597d8 rspi 0xb144236f4734436b
nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 329
response 1
ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48
ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0
xforms 4 spi 0
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA1
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_1024
ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 136
ikev2_pld_ke: dh group MODP_1024 reserved 0
ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36
ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP
ikev2_pld_payloads: payload NOTIFY nextpayload CERTREQ critical 0x00 length
28
ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP
ikev2_pld_payloads: payload CERTREQ nextpayload NONE critical 0x00 length 25
ikev2_pld_certreq: type X509_CERT length 20
ikev2_msg_send: IKE_SA_INIT response from 81.x.x.x:500 to 79.x.x.x:500 msgid
0, 329 bytes
config_free_proposals: free 0x7d745700
ikev2_recv: IKE_SA_INIT request from initiator 79.x.x.x:500 to 81.x.x.x.x:500
policy 'bb10' id 0, 400 bytes
ikev2_recv: ispi 0xe1625a1286b597d8 rspi 0x0000000000000000
ikev2_recv: updated SA to peer 79.x.x.x:500 local 81.x.x.x:500
ikev2_resp_recv: SA already exists
ikev2_recv: IKE_SA_INIT request from initiator 79.x.x.x:500 to 81.x.x.x:500
policy 'bb10' id 0, 400 bytes
ikev2_recv: ispi 0x2bc9a5cc2fc02c52 rspi 0x0000000000000000