Unfortunately, I did not know about these Win 7 cert requirements. It helped me a lot! Thanks! Now the authentication process almost finihes but at the end I get a strange kind of error by strongSwan:
09[IKE] peer requested virtual IP %any 09[CFG] assigning new lease to '192.168.10.12' 09[IKE] assigning virtual IP 10.10.3.1 to peer 09[IKE] allocating SPI failed 09[ENC] generating IKE_AUTH response 5 [ AUTH CP N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(NO_PROP) ] 09[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500] Why does the allocation of the SPI fail? With the same machines (Win 7 and openSuse 10.2 + strongSwan 4.3.2) I was able to authenticate a user by MSCHAPv2 using machine certificates (no username and no password required). And, as far as I know, there have been SPIs successfully allocated. Can this be a configuration issue, too? I have no clue about this error... For completeness here´s my complete strongSwan log: 01[DMN] Starting IKEv2 charon daemon (strongSwan 4.3.2) 01[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' 01[LIB] userx encoded => 101 bytes @ 0x809016f 01[LIB] 0: 30 63 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 0c1.0...U....Sie 01[LIB] 16: 6D 65 6E 73 31 0C 30 0A 06 03 55 04 0B 13 03 41 mens1.0...U....A 01[LIB] 32: 54 53 31 12 30 10 06 03 55 04 07 13 09 4E 75 72 TS1.0...U....Nur 01[LIB] 48: 65 6D 62 65 72 67 31 10 30 0E 06 03 55 04 08 13 emberg1.0...U... 01[LIB] 64: 07 42 61 76 61 72 69 61 31 0B 30 09 06 03 55 04 .Bavaria1.0...U. 01[LIB] 80: 06 13 02 44 45 31 0E 30 0C 06 03 55 04 03 13 05 ...DE1.0...U.... 01[LIB] 96: 69 6B 65 63 61 ikeca 01[LIB] userx encoded => 101 bytes @ 0x80901f4 01[LIB] 0: 30 63 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 0c1.0...U....Sie 01[LIB] 16: 6D 65 6E 73 31 0C 30 0A 06 03 55 04 0B 13 03 41 mens1.0...U....A 01[LIB] 32: 54 53 31 12 30 10 06 03 55 04 07 13 09 4E 75 72 TS1.0...U....Nur 01[LIB] 48: 65 6D 62 65 72 67 31 10 30 0E 06 03 55 04 08 13 emberg1.0...U... 01[LIB] 64: 07 42 61 76 61 72 69 61 31 0B 30 09 06 03 55 04 .Bavaria1.0...U. 01[LIB] 80: 06 13 02 44 45 31 0E 30 0C 06 03 55 04 03 13 05 ...DE1.0...U.... 01[LIB] 96: 69 6B 65 63 61 ikeca 01[LIB] hash input userx => 140 bytes @ 0x8090b78 01[LIB] 0: 30 81 89 02 81 81 00 9C 2F 95 20 6B 1B 11 0D 7A 0......./. k...z 01[LIB] 16: 1D C3 E4 A8 2D CE D5 6D E3 07 8B E8 5C 5D 1A 07 ....-..m....\].. 01[LIB] 32: A1 D2 3C EA B1 5F AE 4C 98 F4 C9 5E E5 DF 25 A7 ..<.._.L...^..%. 01[LIB] 48: 99 2B C8 05 7C 04 F6 ED B0 C2 FA 25 84 EB B7 30 .+..|......%...0 01[LIB] 64: 1E 0A AC 47 C9 A2 B3 84 45 05 FE 17 EA 04 08 E8 ...G....E....... 01[LIB] 80: 02 7F 6F 9B 4F 37 AC B9 65 E8 65 D7 23 99 E1 92 ..o.O7..e.e.#... 01[LIB] 96: 3D 0C D6 5B 9D A1 B1 9B 50 D3 0E 96 F7 E1 47 9F =..[....P.....G. 01[LIB] 112: C6 30 23 C8 F8 85 0E 04 DF AB 83 B4 A4 52 C1 0B .0#..........R.. 01[LIB] 128: 8F 35 38 51 0B 2D 75 02 03 01 00 01 .58Q.-u..... 01[LIB] hash output userx => 20 bytes @ 0x8090c08 01[LIB] 0: 55 CD D8 E4 3C C4 BE 01 12 25 09 ED AB 68 1A AC U...<....%...h.. 01[LIB] 16: 1E B0 C0 A1 .... 01[LIB] userx encoded => 20 bytes @ 0x8090c08 01[LIB] 0: 55 CD D8 E4 3C C4 BE 01 12 25 09 ED AB 68 1A AC U...<....%...h.. 01[LIB] 16: 1E B0 C0 A1 .... 01[LIB] hash input userx => 162 bytes @ 0x8090d70 01[LIB] 0: 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 0..0...*.H...... 01[LIB] 16: 05 00 03 81 8D 00 30 81 89 02 81 81 00 9C 2F 95 ......0......./. 01[LIB] 32: 20 6B 1B 11 0D 7A 1D C3 E4 A8 2D CE D5 6D E3 07 k...z....-..m.. 01[LIB] 48: 8B E8 5C 5D 1A 07 A1 D2 3C EA B1 5F AE 4C 98 F4 ..\]....<.._.L.. 01[LIB] 64: C9 5E E5 DF 25 A7 99 2B C8 05 7C 04 F6 ED B0 C2 .^..%..+..|..... 01[LIB] 80: FA 25 84 EB B7 30 1E 0A AC 47 C9 A2 B3 84 45 05 .%...0...G....E. 01[LIB] 96: FE 17 EA 04 08 E8 02 7F 6F 9B 4F 37 AC B9 65 E8 ........o.O7..e. 01[LIB] 112: 65 D7 23 99 E1 92 3D 0C D6 5B 9D A1 B1 9B 50 D3 e.#...=..[....P. 01[LIB] 128: 0E 96 F7 E1 47 9F C6 30 23 C8 F8 85 0E 04 DF AB ....G..0#....... 01[LIB] 144: 83 B4 A4 52 C1 0B 8F 35 38 51 0B 2D 75 02 03 01 ...R...58Q.-u... 01[LIB] 160: 00 01 .. 01[LIB] hash output userx => 20 bytes @ 0x8090cd8 01[LIB] 0: 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 45 ......j<.9EWx.AE 01[LIB] 16: 12 B0 33 6F ..3o 01[LIB] userx encoded => 20 bytes @ 0x8090cd8 01[LIB] 0: 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 45 ......j<.9EWx.AE 01[LIB] 16: 12 B0 33 6F ..3o 01[LIB] userx encoded => 20 bytes @ 0x809033e 01[LIB] 0: 55 CD D8 E4 3C C4 BE 01 12 25 09 ED AB 68 1A AC U...<....%...h.. 01[LIB] 16: 1E B0 C0 A1 .... 01[LIB] hash input userx => 785 bytes @ 0x8090148 01[LIB] 0: 30 82 03 0D 30 82 02 76 A0 03 02 01 02 02 09 00 0...0..v........ 01[LIB] 16: B4 9F 78 3E 3E 76 A5 42 30 0D 06 09 2A 86 48 86 ..x>>v.B0...*.H. 01[LIB] 32: F7 0D 01 01 04 05 00 30 63 31 10 30 0E 06 03 55 .......0c1.0...U 01[LIB] 48: 04 0A 13 07 53 69 65 6D 65 6E 73 31 0C 30 0A 06 ....Siemens1.0.. 01[LIB] 64: 03 55 04 0B 13 03 41 54 53 31 12 30 10 06 03 55 .U....ATS1.0...U 01[LIB] 80: 04 07 13 09 4E 75 72 65 6D 62 65 72 67 31 10 30 ....Nuremberg1.0 01[LIB] 96: 0E 06 03 55 04 08 13 07 42 61 76 61 72 69 61 31 ...U....Bavaria1 01[LIB] 112: 0B 30 09 06 03 55 04 06 13 02 44 45 31 0E 30 0C .0...U....DE1.0. 01[LIB] 128: 06 03 55 04 03 13 05 69 6B 65 63 61 30 1E 17 0D ..U....ikeca0... 01[LIB] 144: 30 39 31 32 31 38 31 34 30 32 31 34 5A 17 0D 31 091218140214Z..1 01[LIB] 160: 31 31 32 31 38 31 34 30 32 31 34 5A 30 63 31 10 11218140214Z0c1. 01[LIB] 176: 30 0E 06 03 55 04 0A 13 07 53 69 65 6D 65 6E 73 0...U....Siemens 01[LIB] 192: 31 0C 30 0A 06 03 55 04 0B 13 03 41 54 53 31 12 1.0...U....ATS1. 01[LIB] 208: 30 10 06 03 55 04 07 13 09 4E 75 72 65 6D 62 65 0...U....Nurembe 01[LIB] 224: 72 67 31 10 30 0E 06 03 55 04 08 13 07 42 61 76 rg1.0...U....Bav 01[LIB] 240: 61 72 69 61 31 0B 30 09 06 03 55 04 06 13 02 44 aria1.0...U....D 01[LIB] 256: 45 31 0E 30 0C 06 03 55 04 03 13 05 69 6B 65 63 E1.0...U....ikec 01[LIB] 272: 61 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 a0..0...*.H..... 01[LIB] 288: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 9C 2F .......0......./ 01[LIB] 304: 95 20 6B 1B 11 0D 7A 1D C3 E4 A8 2D CE D5 6D E3 . k...z....-..m. 01[LIB] 320: 07 8B E8 5C 5D 1A 07 A1 D2 3C EA B1 5F AE 4C 98 ...\]....<.._.L. 01[LIB] 336: F4 C9 5E E5 DF 25 A7 99 2B C8 05 7C 04 F6 ED B0 ..^..%..+..|.... 01[LIB] 352: C2 FA 25 84 EB B7 30 1E 0A AC 47 C9 A2 B3 84 45 ..%...0...G....E 01[LIB] 368: 05 FE 17 EA 04 08 E8 02 7F 6F 9B 4F 37 AC B9 65 .........o.O7..e 01[LIB] 384: E8 65 D7 23 99 E1 92 3D 0C D6 5B 9D A1 B1 9B 50 .e.#...=..[....P 01[LIB] 400: D3 0E 96 F7 E1 47 9F C6 30 23 C8 F8 85 0E 04 DF .....G..0#...... 01[LIB] 416: AB 83 B4 A4 52 C1 0B 8F 35 38 51 0B 2D 75 02 03 ....R...58Q.-u.. 01[LIB] 432: 01 00 01 A3 81 C8 30 81 C5 30 0C 06 03 55 1D 13 ......0..0...U.. 01[LIB] 448: 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 ..0....0...U.... 01[LIB] 464: 04 14 55 CD D8 E4 3C C4 BE 01 12 25 09 ED AB 68 ..U...<....%...h 01[LIB] 480: 1A AC 1E B0 C0 A1 30 81 95 06 03 55 1D 23 04 81 ......0....U.#.. 01[LIB] 496: 8D 30 81 8A 80 14 55 CD D8 E4 3C C4 BE 01 12 25 .0....U...<....% 01[LIB] 512: 09 ED AB 68 1A AC 1E B0 C0 A1 A1 67 A4 65 30 63 ...h.......g.e0c 01[LIB] 528: 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 6D 65 1.0...U....Sieme 01[LIB] 544: 6E 73 31 0C 30 0A 06 03 55 04 0B 13 03 41 54 53 ns1.0...U....ATS 01[LIB] 560: 31 12 30 10 06 03 55 04 07 13 09 4E 75 72 65 6D 1.0...U....Nurem 01[LIB] 576: 62 65 72 67 31 10 30 0E 06 03 55 04 08 13 07 42 berg1.0...U....B 01[LIB] 592: 61 76 61 72 69 61 31 0B 30 09 06 03 55 04 06 13 avaria1.0...U... 01[LIB] 608: 02 44 45 31 0E 30 0C 06 03 55 04 03 13 05 69 6B .DE1.0...U....ik 01[LIB] 624: 65 63 61 82 09 00 B4 9F 78 3E 3E 76 A5 42 30 0D eca.....x>>v.B0. 01[LIB] 640: 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 ..*.H........... 01[LIB] 656: 00 8A C7 24 FC 4C AE F7 CF FA CF 3B 5D 98 57 B1 ...$.L.....;].W. 01[LIB] 672: 94 81 5B 3C B5 83 FC BC FC 17 9F FE 1F C0 E6 8A ..[<............ 01[LIB] 688: C0 CB 2A 8D A5 1F E6 53 9E 77 3C 91 79 1C 02 FB ..*....S.w<.y... 01[LIB] 704: D6 27 D2 DC D7 2E D1 30 48 0C 98 D5 72 C5 26 A2 .'.....0H...r.&. 01[LIB] 720: 0B DA F4 85 5C 12 79 F8 59 67 07 C6 C0 0A C6 34 ....\.y.Yg.....4 01[LIB] 736: 35 4F 6A 01 4F 12 68 57 D5 C6 C2 07 A2 BD 5C 52 5Oj.O.hW......\R 01[LIB] 752: 01 E2 A3 8A CB 31 71 DE 9C 23 F9 A6 EE 49 75 38 .....1q..#...Iu8 01[LIB] 768: 94 2B 75 54 EA FA E2 5D 5C D5 62 9D 91 7D 5F 4C .+uT...]\.b..}_L 01[LIB] 784: 22 " 01[LIB] hash output userx => 20 bytes @ 0x8090130 01[LIB] 0: 1D 63 B8 CD F2 BA 81 4F F1 58 25 B2 1B DF 70 2A .c.....O.X%...p* 01[LIB] 16: 00 95 B5 73 ...s 01[LIB] loaded certificate file '/usr/local/etc/ipsec.d/cacerts/cacert.pem' 01[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' 01[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' 01[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' 01[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' 01[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' 01[LIB] hash input userx => 140 bytes @ 0x808e628 01[LIB] 0: 30 81 89 02 81 81 00 AA 3C 16 C2 3D FA 4A FC D7 0.......<..=.J.. 01[LIB] 16: 08 17 9C 54 F2 D5 35 71 AB 22 6C F8 90 40 B6 D0 ...T..5q."l...@.. 01[LIB] 32: EE B0 C3 EF 73 46 DD 9E CA EB DD EE 08 2E 77 66 ....sF........wf 01[LIB] 48: C9 63 99 5A 69 BF 03 E9 B7 C0 5B E2 D5 95 4E DD .c.Zi.....[...N. 01[LIB] 64: 28 F4 50 8B 2B 05 B6 20 85 65 A2 E8 11 98 74 67 (.P.+.. .e....tg 01[LIB] 80: FF 9D C1 38 14 5F 75 72 41 84 54 45 E8 F0 F7 48 ...8._urA.TE...H 01[LIB] 96: 0F EF 25 EB 2F A7 4C 38 20 03 C1 E8 EF F0 75 85 ..%./.L8 .....u. 01[LIB] 112: F8 72 FC B8 19 81 43 63 70 5C 75 AC 5C 3B 7C 44 .r....Ccp\u.\;|D 01[LIB] 128: E6 1A 7E 39 56 2A 23 02 03 01 00 01 ..~9V*#..... 01[LIB] hash output userx => 20 bytes @ 0x8090a50 01[LIB] 0: E5 C7 4A 32 CF 5A A1 C1 D5 83 B5 2D 7F 85 F0 4B ..J2.Z.....-...K 01[LIB] 16: 90 C0 AD 0F .... 01[LIB] userx encoded => 20 bytes @ 0x8090a50 01[LIB] 0: E5 C7 4A 32 CF 5A A1 C1 D5 83 B5 2D 7F 85 F0 4B ..J2.Z.....-...K 01[LIB] 16: 90 C0 AD 0F .... 01[LIB] hash input userx => 162 bytes @ 0x808e518 01[LIB] 0: 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 0..0...*.H...... 01[LIB] 16: 05 00 03 81 8D 00 30 81 89 02 81 81 00 AA 3C 16 ......0.......<. 01[LIB] 32: C2 3D FA 4A FC D7 08 17 9C 54 F2 D5 35 71 AB 22 .=.J.....T..5q." 01[LIB] 48: 6C F8 90 40 B6 D0 EE B0 C3 EF 73 46 DD 9E CA EB [email protected].... 01[LIB] 64: DD EE 08 2E 77 66 C9 63 99 5A 69 BF 03 E9 B7 C0 ....wf.c.Zi..... 01[LIB] 80: 5B E2 D5 95 4E DD 28 F4 50 8B 2B 05 B6 20 85 65 [...N.(.P.+.. .e 01[LIB] 96: A2 E8 11 98 74 67 FF 9D C1 38 14 5F 75 72 41 84 ....tg...8._urA. 01[LIB] 112: 54 45 E8 F0 F7 48 0F EF 25 EB 2F A7 4C 38 20 03 TE...H..%./.L8 . 01[LIB] 128: C1 E8 EF F0 75 85 F8 72 FC B8 19 81 43 63 70 5C ....u..r....Ccp\ 01[LIB] 144: 75 AC 5C 3B 7C 44 E6 1A 7E 39 56 2A 23 02 03 01 u.\;|D..~9V*#... 01[LIB] 160: 00 01 .. 01[LIB] hash output userx => 20 bytes @ 0x8090a50 01[LIB] 0: 55 7C FE B0 AE 3F 9C 76 39 EB 7D FC 46 09 7C 2D U|...?.v9.}.F.|- 01[LIB] 16: 59 D9 7A 64 Y.zd 01[LIB] userx encoded => 20 bytes @ 0x8090a50 01[LIB] 0: 55 7C FE B0 AE 3F 9C 76 39 EB 7D FC 46 09 7C 2D U|...?.v9.}.F.|- 01[LIB] 16: 59 D9 7A 64 Y.zd 01[CFG] loaded private key file '/usr/local/etc/ipsec.d/private/clientkey.pem' 01[CFG] loaded EAP secret for test 01[DMN] loaded plugins: aes des sha1 sha2 md4 md5 fips-prf random x509 pubkey xcbc hmac gmp stroke eap-identity eap-mschapv2 01[JOB] spawning 16 worker threads 15[CFG] received stroke: add connection 'host-host' 15[CFG] left nor right host is our side, assuming left=local 15[LIB] userx encoded => 101 bytes @ 0x80917c7 15[LIB] 0: 30 63 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 0c1.0...U....Sie 15[LIB] 16: 6D 65 6E 73 31 0C 30 0A 06 03 55 04 0B 13 03 41 mens1.0...U....A 15[LIB] 32: 54 53 31 12 30 10 06 03 55 04 07 13 09 4E 75 72 TS1.0...U....Nur 15[LIB] 48: 65 6D 62 65 72 67 31 10 30 0E 06 03 55 04 08 13 emberg1.0...U... 15[LIB] 64: 07 42 61 76 61 72 69 61 31 0B 30 09 06 03 55 04 .Bavaria1.0...U. 15[LIB] 80: 06 13 02 44 45 31 0E 30 0C 06 03 55 04 03 13 05 ...DE1.0...U.... 15[LIB] 96: 69 6B 65 63 61 ikeca 15[LIB] userx encoded => 88 bytes @ 0x809184c 15[LIB] 0: 30 56 31 0B 30 09 06 03 55 04 06 13 02 44 45 31 0V1.0...U....DE1 15[LIB] 16: 10 30 0E 06 03 55 04 08 13 07 42 61 76 61 72 69 .0...U....Bavari 15[LIB] 32: 61 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 6D a1.0...U....Siem 15[LIB] 48: 65 6E 73 31 0F 30 0D 06 03 55 04 0B 13 06 61 6E ens1.0...U....an 15[LIB] 64: 64 65 72 65 31 12 30 10 06 03 55 04 03 13 09 69 dere1.0...U....i 15[LIB] 80: 6B 65 63 6C 69 65 6E 74 keclient 15[LIB] hash input userx => 140 bytes @ 0x8092870 15[LIB] 0: 30 81 89 02 81 81 00 AA 3C 16 C2 3D FA 4A FC D7 0.......<..=.J.. 15[LIB] 16: 08 17 9C 54 F2 D5 35 71 AB 22 6C F8 90 40 B6 D0 ...T..5q."l...@.. 15[LIB] 32: EE B0 C3 EF 73 46 DD 9E CA EB DD EE 08 2E 77 66 ....sF........wf 15[LIB] 48: C9 63 99 5A 69 BF 03 E9 B7 C0 5B E2 D5 95 4E DD .c.Zi.....[...N. 15[LIB] 64: 28 F4 50 8B 2B 05 B6 20 85 65 A2 E8 11 98 74 67 (.P.+.. .e....tg 15[LIB] 80: FF 9D C1 38 14 5F 75 72 41 84 54 45 E8 F0 F7 48 ...8._urA.TE...H 15[LIB] 96: 0F EF 25 EB 2F A7 4C 38 20 03 C1 E8 EF F0 75 85 ..%./.L8 .....u. 15[LIB] 112: F8 72 FC B8 19 81 43 63 70 5C 75 AC 5C 3B 7C 44 .r....Ccp\u.\;|D 15[LIB] 128: E6 1A 7E 39 56 2A 23 02 03 01 00 01 ..~9V*#..... 15[LIB] hash output userx => 20 bytes @ 0x8092900 15[LIB] 0: E5 C7 4A 32 CF 5A A1 C1 D5 83 B5 2D 7F 85 F0 4B ..J2.Z.....-...K 15[LIB] 16: 90 C0 AD 0F .... 15[LIB] userx encoded => 20 bytes @ 0x8092900 15[LIB] 0: E5 C7 4A 32 CF 5A A1 C1 D5 83 B5 2D 7F 85 F0 4B ..J2.Z.....-...K 15[LIB] 16: 90 C0 AD 0F .... 15[LIB] hash input userx => 162 bytes @ 0x8092a68 15[LIB] 0: 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 0..0...*.H...... 15[LIB] 16: 05 00 03 81 8D 00 30 81 89 02 81 81 00 AA 3C 16 ......0.......<. 15[LIB] 32: C2 3D FA 4A FC D7 08 17 9C 54 F2 D5 35 71 AB 22 .=.J.....T..5q." 15[LIB] 48: 6C F8 90 40 B6 D0 EE B0 C3 EF 73 46 DD 9E CA EB [email protected].... 15[LIB] 64: DD EE 08 2E 77 66 C9 63 99 5A 69 BF 03 E9 B7 C0 ....wf.c.Zi..... 15[LIB] 80: 5B E2 D5 95 4E DD 28 F4 50 8B 2B 05 B6 20 85 65 [...N.(.P.+.. .e 15[LIB] 96: A2 E8 11 98 74 67 FF 9D C1 38 14 5F 75 72 41 84 ....tg...8._urA. 15[LIB] 112: 54 45 E8 F0 F7 48 0F EF 25 EB 2F A7 4C 38 20 03 TE...H..%./.L8 . 15[LIB] 128: C1 E8 EF F0 75 85 F8 72 FC B8 19 81 43 63 70 5C ....u..r....Ccp\ 15[LIB] 144: 75 AC 5C 3B 7C 44 E6 1A 7E 39 56 2A 23 02 03 01 u.\;|D..~9V*#... 15[LIB] 160: 00 01 .. 15[LIB] hash output userx => 20 bytes @ 0x80929d0 15[LIB] 0: 55 7C FE B0 AE 3F 9C 76 39 EB 7D FC 46 09 7C 2D U|...?.v9.}.F.|- 15[LIB] 16: 59 D9 7A 64 Y.zd 15[LIB] userx encoded => 20 bytes @ 0x80929d0 15[LIB] 0: 55 7C FE B0 AE 3F 9C 76 39 EB 7D FC 46 09 7C 2D U|...?.v9.}.F.|- 15[LIB] 16: 59 D9 7A 64 Y.zd 15[LIB] userx encoded => 9 bytes @ 0x8091979 15[LIB] 0: 69 6B 65 63 6C 69 65 6E 74 ikeclient 15[LIB] hash input userx => 632 bytes @ 0x80917a8 15[LIB] 0: 30 82 02 74 30 82 01 DD A0 03 02 01 02 02 01 02 0..t0........... 15[LIB] 16: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 05 00 30 0...*.H........0 15[LIB] 32: 63 31 10 30 0E 06 03 55 04 0A 13 07 53 69 65 6D c1.0...U....Siem 15[LIB] 48: 65 6E 73 31 0C 30 0A 06 03 55 04 0B 13 03 41 54 ens1.0...U....AT 15[LIB] 64: 53 31 12 30 10 06 03 55 04 07 13 09 4E 75 72 65 S1.0...U....Nure 15[LIB] 80: 6D 62 65 72 67 31 10 30 0E 06 03 55 04 08 13 07 mberg1.0...U.... 15[LIB] 96: 42 61 76 61 72 69 61 31 0B 30 09 06 03 55 04 06 Bavaria1.0...U.. 15[LIB] 112: 13 02 44 45 31 0E 30 0C 06 03 55 04 03 13 05 69 ..DE1.0...U....i 15[LIB] 128: 6B 65 63 61 30 1E 17 0D 30 39 31 32 31 38 31 34 keca0...09121814 15[LIB] 144: 30 33 30 36 5A 17 0D 31 31 31 32 31 38 31 34 30 0306Z..111218140 15[LIB] 160: 33 30 36 5A 30 56 31 0B 30 09 06 03 55 04 06 13 306Z0V1.0...U... 15[LIB] 176: 02 44 45 31 10 30 0E 06 03 55 04 08 13 07 42 61 .DE1.0...U....Ba 15[LIB] 192: 76 61 72 69 61 31 10 30 0E 06 03 55 04 0A 13 07 varia1.0...U.... 15[LIB] 208: 53 69 65 6D 65 6E 73 31 0F 30 0D 06 03 55 04 0B Siemens1.0...U.. 15[LIB] 224: 13 06 61 6E 64 65 72 65 31 12 30 10 06 03 55 04 ..andere1.0...U. 15[LIB] 240: 03 13 09 69 6B 65 63 6C 69 65 6E 74 30 81 9F 30 ...ikeclient0..0 15[LIB] 256: 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 ...*.H.......... 15[LIB] 272: 8D 00 30 81 89 02 81 81 00 AA 3C 16 C2 3D FA 4A ..0.......<..=.J 15[LIB] 288: FC D7 08 17 9C 54 F2 D5 35 71 AB 22 6C F8 90 40 .....T..5q."l..@ 15[LIB] 304: B6 D0 EE B0 C3 EF 73 46 DD 9E CA EB DD EE 08 2E ......sF........ 15[LIB] 320: 77 66 C9 63 99 5A 69 BF 03 E9 B7 C0 5B E2 D5 95 wf.c.Zi.....[... 15[LIB] 336: 4E DD 28 F4 50 8B 2B 05 B6 20 85 65 A2 E8 11 98 N.(.P.+.. .e.... 15[LIB] 352: 74 67 FF 9D C1 38 14 5F 75 72 41 84 54 45 E8 F0 tg...8._urA.TE.. 15[LIB] 368: F7 48 0F EF 25 EB 2F A7 4C 38 20 03 C1 E8 EF F0 .H..%./.L8 ..... 15[LIB] 384: 75 85 F8 72 FC B8 19 81 43 63 70 5C 75 AC 5C 3B u..r....Ccp\u.\; 15[LIB] 400: 7C 44 E6 1A 7E 39 56 2A 23 02 03 01 00 01 A3 45 |D..~9V*#......E 15[LIB] 416: 30 43 30 0B 06 03 55 1D 0F 04 04 03 02 05 A0 30 0C0...U........0 15[LIB] 432: 13 06 03 55 1D 25 04 0C 30 0A 06 08 2B 06 01 05 ...U.%..0...+... 15[LIB] 448: 05 07 03 02 30 14 06 03 55 1D 11 04 0D 30 0B 82 ....0...U....0.. 15[LIB] 464: 09 69 6B 65 63 6C 69 65 6E 74 30 09 06 03 55 1D .ikeclient0...U. 15[LIB] 480: 13 04 02 30 00 30 0D 06 09 2A 86 48 86 F7 0D 01 ...0.0...*.H.... 15[LIB] 496: 01 04 05 00 03 81 81 00 76 19 D1 31 DC 9E 5B 61 ........v..1..[a 15[LIB] 512: AD 7F 96 59 7E 53 3C 71 99 D2 5D 25 90 F8 57 2B ...Y~S<q..]%..W+ 15[LIB] 528: 63 0C A1 15 C1 3E 32 89 C1 FB 7C CE 8D 3B 01 CD c....>2...|..;.. 15[LIB] 544: 17 45 5D 1E 02 50 97 74 35 1F 42 35 C6 0A CA 21 .E]..P.t5.B5...! 15[LIB] 560: 27 38 39 6C AE D8 5C 0E 32 62 E8 FF 2D AC 18 28 '89l..\.2b..-..( 15[LIB] 576: 76 76 5A 7C 07 D1 F2 24 90 0C 5E EE E4 7E 84 EA vvZ|...$..^..~.. 15[LIB] 592: DE BA FE 94 7A 85 72 61 0A 9C EF 6A 8D 6C 54 A4 ....z.ra...j.lT. 15[LIB] 608: 7E 5C 5F 90 1F 2C F8 08 30 25 91 F7 59 60 58 D7 ~\_..,..0%..Y`X. 15[LIB] 624: 2E 6F 9D CD E2 18 C1 AF .o...... 15[LIB] hash output userx => 20 bytes @ 0x8091790 15[LIB] 0: A1 EA 8C 1C E0 6C 07 03 2F BD F5 8B 2F 3B 7D 2D .....l../.../;}- 15[LIB] 16: 8F D1 BA 87 .... 15[LIB] loaded certificate file '/usr/local/etc/ipsec.d/certs/clientcert.pem' 15[CFG] peerid %any not confirmed by certificate, defaulting to subject DN: C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient 15[CFG] added configuration 'host-host' 15[CFG] adding virtual IP address pool 'host-host': 10.10.3.0/24 04[LIB] hash input userx => 528 bytes @ 0x8093788 04[LIB] 0: E0 C2 AB 38 7D 4B 37 54 00 00 00 00 00 00 00 00 ...8}K7T........ 04[LIB] 16: 21 20 22 08 00 00 00 00 00 00 02 10 22 00 01 00 ! "........."... 04[LIB] 32: 02 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............ 04[LIB] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................ 04[LIB] 64: 00 00 00 08 04 00 00 02 02 00 00 2C 02 01 00 04 ...........,.... 04[LIB] 80: 03 00 00 0C 01 00 00 0C 80 0E 01 00 03 00 00 08 ................ 04[LIB] 96: 03 00 00 02 03 00 00 08 02 00 00 02 00 00 00 08 ................ 04[LIB] 112: 04 00 00 02 02 00 00 28 03 01 00 04 03 00 00 08 .......(........ 04[LIB] 128: 01 00 00 03 03 00 00 08 03 00 00 0C 03 00 00 08 ................ 04[LIB] 144: 02 00 00 05 00 00 00 08 04 00 00 02 02 00 00 2C ..............., 04[LIB] 160: 04 01 00 04 03 00 00 0C 01 00 00 0C 80 0E 01 00 ................ 04[LIB] 176: 03 00 00 08 03 00 00 0C 03 00 00 08 02 00 00 05 ................ 04[LIB] 192: 00 00 00 08 04 00 00 02 02 00 00 28 05 01 00 04 ...........(.... 04[LIB] 208: 03 00 00 08 01 00 00 03 03 00 00 08 03 00 00 0D ................ 04[LIB] 224: 03 00 00 08 02 00 00 06 00 00 00 08 04 00 00 02 ................ 04[LIB] 240: 00 00 00 2C 06 01 00 04 03 00 00 0C 01 00 00 0C ...,............ 04[LIB] 256: 80 0E 01 00 03 00 00 08 03 00 00 0D 03 00 00 08 ................ 04[LIB] 272: 02 00 00 06 00 00 00 08 04 00 00 02 28 00 00 88 ............(... 04[LIB] 288: 00 02 00 00 CB 6B 7A 3D EC 3F E7 CB EF 4A 84 56 .....kz=.?...J.V 04[LIB] 304: 13 12 13 8C 83 C2 77 39 32 9B 99 2C BC 6E D7 D6 ......w92..,.n.. 04[LIB] 320: 0A 3A CE 66 3F 69 9B 79 39 6B AD 9A A9 9B E9 86 .:.f?i.y9k...... 04[LIB] 336: E1 66 EC 15 53 DD 0C 60 EE 40 6C AF FA F1 CA CA .f..s....@l..... 04[LIB] 352: AC AF 6B 6D 44 C8 4B 37 5E 75 FE DC CB 19 BF 47 ..kmD.K7^u.....G 04[LIB] 368: 61 8A D2 D0 80 B1 C4 28 DB 3D 5F C4 E4 74 9E 6A a......(.=_..t.j 04[LIB] 384: A3 E1 B2 2D BC EB DB 2C 25 54 7D 32 CF BC 4A 28 ...-...,%T}2..J( 04[LIB] 400: 82 34 14 4C 30 6F 8A 49 B1 38 BD 7D 3B 57 2F FA .4.L0o.I.8.};W/. 04[LIB] 416: FF 73 1E 9E 29 00 00 34 AA 04 4B 22 1E 13 B9 71 .s..)..4..K"...q 04[LIB] 432: 00 4D 84 A4 D5 91 70 A5 7D B9 7B 75 A2 32 86 14 .M....p.}.{u.2.. 04[LIB] 448: 38 1A DB E0 CB 95 9B E6 13 79 00 E8 79 75 D9 32 8........y..yu.2 04[LIB] 464: 52 6E 2F 33 6F 70 94 FA 29 00 00 1C 00 00 40 04 Rn/3op..).....@. 04[LIB] 480: 76 2B 00 04 4A 79 19 9B 13 EF B8 D6 61 63 5E 80 v+..Jy......ac^. 04[LIB] 496: E8 24 7F B2 00 00 00 1C 00 00 40 05 1B 23 74 7B .$........@..#t{ 04[LIB] 512: F9 4C 1D D8 11 24 AF E6 09 FF E8 F6 44 CF AE 1C .L...$......D... 04[LIB] hash output userx => 20 bytes @ 0x808fac8 04[LIB] 0: 4C 3B FA EF 7C 3B 5B A7 5D 29 D4 17 D5 E3 D4 50 L;..|;[.]).....P 04[LIB] 16: AF 1B F8 29 ...) 04[LIB] userx encoded => 0 bytes @ (nil) 04[LIB] userx encoded => 0 bytes @ (nil) 04[NET] received packet: from 192.168.10.12[500] to 192.168.10.90[500] 04[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ] 04[IKE] 192.168.10.12 is initiating an IKE_SA 04[LIB] hash input userx => 22 bytes @ 0x8097590 04[LIB] 0: E0 C2 AB 38 7D 4B 37 54 00 00 00 00 00 00 00 00 ...8}K7T........ 04[LIB] 16: C0 A8 0A 5A 01 F4 ...Z.. 04[LIB] hash output userx => 20 bytes @ 0x80966f0 04[LIB] 0: 1B 23 74 7B F9 4C 1D D8 11 24 AF E6 09 FF E8 F6 .#t{.L...$...... 04[LIB] 16: 44 CF AE 1C D... 04[LIB] hash input userx => 22 bytes @ 0x8097590 04[LIB] 0: E0 C2 AB 38 7D 4B 37 54 00 00 00 00 00 00 00 00 ...8}K7T........ 04[LIB] 16: C0 A8 0A 0C 01 F4 ...... 04[LIB] hash output userx => 20 bytes @ 0x8095a30 04[LIB] 0: 76 2B 00 04 4A 79 19 9B 13 EF B8 D6 61 63 5E 80 v+..Jy......ac^. 04[LIB] 16: E8 24 7F B2 .$.. 04[LIB] hash input userx => 22 bytes @ 0x8096f28 04[LIB] 0: E0 C2 AB 38 7D 4B 37 54 36 AD A0 1C B1 F5 48 5C ...8}K7T6.....H\ 04[LIB] 16: C0 A8 0A 5A 01 F4 ...Z.. 04[LIB] hash output userx => 20 bytes @ 0x8095a30 04[LIB] 0: D7 DB 7C 57 50 1E D4 27 40 F0 80 8D 22 F5 CA AA ..|WP..'@..."... 04[LIB] 16: 49 F2 57 81 I.W. 04[LIB] hash input userx => 22 bytes @ 0x8096f28 04[LIB] 0: E0 C2 AB 38 7D 4B 37 54 36 AD A0 1C B1 F5 48 5C ...8}K7T6.....H\ 04[LIB] 16: C0 A8 0A 0C 01 F4 ...... 04[LIB] hash output userx => 20 bytes @ 0x8095a30 04[LIB] 0: 33 75 16 0A ED E8 6A 44 55 4F 33 7C BA E0 BA 76 3u....jDUO3|...v 04[LIB] 16: D7 1E 7E 90 ..~. 04[IKE] sending cert request for "O=Siemens, OU=ATS, L=Nuremberg, ST=Bavaria, C=DE, CN=ikeca" 04[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(MULT_AUTH) ] 04[NET] sending packet: from 192.168.10.90[500] to 192.168.10.12[500] 05[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500] 05[ENC] data before decryption => 200 bytes @ 0x8097e98 05[ENC] 0: B2 6A 45 EE 7A 61 93 15 7B EA 8A D4 33 0A D6 FC .jE.za..{...3... 05[ENC] 16: 4E 15 43 08 AF 64 46 80 37 16 CB 8C AD 7B 66 D2 N.C..dF.7....{f. 05[ENC] 32: ED A0 1B 67 D3 3E 3D A5 EB D1 C7 33 48 24 71 61 ...g.>=....3H$qa 05[ENC] 48: A0 F4 A1 3F 12 0A 4D DC 67 38 2E 7F 4D 28 D9 F4 ...?..M.g8..M(.. 05[ENC] 64: A9 C0 9A CF F5 16 ED F0 84 11 3F DE 2F 02 EC D7 ..........?./... 05[ENC] 80: 83 AE F9 CC 1B A3 91 E4 02 F5 E4 7D 36 36 0C 62 ...........}66.b 05[ENC] 96: 06 AD 6E A9 FE 6E 4A F2 84 5D CC 52 87 7E AF FC ..n..nJ..].R.~.. 05[ENC] 112: 46 5F 9D 18 4C 2E C6 C2 D6 A3 5A BF A6 5B 2C 97 F_..L.....Z..[,. 05[ENC] 128: 6D A0 13 0A FB 04 44 1A 57 A8 5B 34 98 69 D6 78 m.....D.W.[4.i.x 05[ENC] 144: E5 1F AB 1B B7 FC 52 05 4C A5 97 A7 8A 7E ED B7 ......R.L....~.. 05[ENC] 160: 29 14 9F A7 BB 81 BA DC B1 79 25 4E 3F 22 57 AB )........y%N?"W. 05[ENC] 176: F5 F4 BC 7C F2 BB 53 7E 45 C9 DA 6B D0 3B 84 84 ...|..S~E..k.;.. 05[ENC] 192: 97 3B DD 84 4E 73 E2 57 .;..Ns.W 05[ENC] data after decryption with padding => 200 bytes @ 0x8095c48 05[ENC] 0: 26 00 00 0C 01 00 00 00 C0 A8 0A 0C 29 00 00 19 &...........)... 05[ENC] 16: 04 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 .......j<.9EWx.A 05[ENC] 32: 45 12 B0 33 6F 2F 00 00 08 00 00 40 0C 21 00 00 E..3o/.....@.!.. 05[ENC] 48: 18 01 00 00 00 00 01 00 00 00 03 00 00 00 04 00 ................ 05[ENC] 64: 00 5B A0 00 00 2C 00 00 50 02 00 00 28 01 03 04 .[...,..P...(... 05[ENC] 80: 03 12 F7 46 A9 03 00 00 0C 01 00 00 0C 80 0E 01 ...F............ 05[ENC] 96: 00 03 00 00 08 03 00 00 02 00 00 00 08 05 00 00 ................ 05[ENC] 112: 00 00 00 00 24 02 03 04 03 12 F7 46 A9 03 00 00 ....$......F.... 05[ENC] 128: 08 01 00 00 03 03 00 00 08 03 00 00 02 00 00 00 ................ 05[ENC] 144: 08 05 00 00 00 2D 00 00 18 01 00 00 00 07 00 00 .....-.......... 05[ENC] 160: 10 00 00 FF FF 00 00 00 00 FF FF FF FF 00 00 00 ................ 05[ENC] 176: 18 01 00 00 00 07 00 00 10 00 00 FF FF 00 00 00 ................ 05[ENC] 192: 00 FF FF FF FF 00 00 02 ........ 05[ENC] unknown attribute type INTERNAL_IP4_SERVER 05[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ N(MOBIKE_SUP) CP SA TSi TSr ] 05[LIB] userx encoded => 20 bytes @ 0x8097578 05[LIB] 0: 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 45 ......j<.9EWx.AE 05[LIB] 16: 12 B0 33 6F ..3o 05[IKE] received cert request for "O=Siemens, OU=ATS, L=Nuremberg, ST=Bavaria, C=DE, CN=ikeca" 05[LIB] userx encoded => 0 bytes @ (nil) 05[LIB] userx encoded => 4 bytes @ 0x8095e78 05[LIB] 0: C0 A8 0A 0C .... 05[CFG] looking for peer configs matching 192.168.10.90[%any]...192.168.10.12[192.168.10.12] 05[CFG] selected peer config 'host-host' 05[IKE] initiating EAP-Identity request 05[IKE] peer supports MOBIKE 05[IKE] IDx' => 92 bytes @ 0xb6597100 05[IKE] 0: 09 00 00 00 30 56 31 0B 30 09 06 03 55 04 06 13 ....0V1.0...U... 05[IKE] 16: 02 44 45 31 10 30 0E 06 03 55 04 08 13 07 42 61 .DE1.0...U....Ba 05[IKE] 32: 76 61 72 69 61 31 10 30 0E 06 03 55 04 0A 13 07 varia1.0...U.... 05[IKE] 48: 53 69 65 6D 65 6E 73 31 0F 30 0D 06 03 55 04 0B Siemens1.0...U.. 05[IKE] 64: 13 06 61 6E 64 65 72 65 31 12 30 10 06 03 55 04 ..andere1.0...U. 05[IKE] 80: 03 13 09 69 6B 65 63 6C 69 65 6E 74 ...ikeclient 05[IKE] skp' => 20 bytes @ 0x8097210 05[IKE] 0: 3D 75 98 E0 6D F6 75 5D 1A 5A 41 C6 D1 A9 FB 04 =u..m.u].ZA..... 05[IKE] 16: 64 6F 46 E7 doF. 05[IKE] octets = message + nonce + prf(Sk_px, IDx') => 401 bytes @ 0x8094f30 05[IKE] 0: E0 C2 AB 38 7D 4B 37 54 36 AD A0 1C B1 F5 48 5C ...8}K7T6.....H\ 05[IKE] 16: 21 20 22 20 00 00 00 00 00 00 01 4D 22 00 00 2C ! " .......M".., 05[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............ 05[IKE] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................ 05[IKE] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(....... 05[IKE] 80: 55 4F 27 67 EF 8D 2B F5 E2 B2 72 45 1A D3 72 41 UO'g..+...rE..rA 05[IKE] 96: FE 04 12 09 D7 B0 DD 7E 2B 77 6B DA CB AF 0B 71 .......~+wk....q 05[IKE] 112: EF BA CB 44 28 0E AF 8E 5B 44 0B 50 E9 EF C1 7F ...D(...[D.P.... 05[IKE] 128: CC EC 22 76 8D F9 C0 08 77 8D C8 1A C4 79 49 03 .."v....w....yI. 05[IKE] 144: 00 1C F0 C7 60 E0 58 29 A4 D4 8E AD 5D 87 4D B0 ....`.X)....].M. 05[IKE] 160: 87 A5 6C 11 48 2C 36 20 FB E2 71 5F B8 16 6D B6 ..l.H,6 ..q_..m. 05[IKE] 176: 33 7D 30 A8 77 65 0F 51 64 9E 54 02 B3 9B F4 CA 3}0.we.Qd.T..... 05[IKE] 192: 15 E4 D6 E5 F0 7D 27 35 F2 27 A0 DB 57 B6 B8 CC .....}'5.'..W... 05[IKE] 208: 29 00 00 24 D7 BB 21 6C FF 32 4C 79 2E C5 BD 41 )..$..!l.2Ly...A 05[IKE] 224: DF 90 28 C3 B1 B9 90 46 16 70 21 BE 0D E5 5D E4 ..(....F.p!...]. 05[IKE] 240: 23 05 71 6A 29 00 00 1C 00 00 40 04 D7 DB 7C 57 #.qj).....@...|W 05[IKE] 256: 50 1E D4 27 40 F0 80 8D 22 F5 CA AA 49 F2 57 81 P..'@..."...I.W. 05[IKE] 272: 26 00 00 1C 00 00 40 05 33 75 16 0A ED E8 6A 44 &[email protected] 05[IKE] 288: 55 4F 33 7C BA E0 BA 76 D7 1E 7E 90 29 00 00 19 UO3|...v..~.)... 05[IKE] 304: 04 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 .......j<.9EWx.A 05[IKE] 320: 45 12 B0 33 6F 00 00 00 08 00 00 40 14 AA 04 4B [email protected] 05[IKE] 336: 22 1E 13 B9 71 00 4D 84 A4 D5 91 70 A5 7D B9 7B "...q.M....p.}.{ 05[IKE] 352: 75 A2 32 86 14 38 1A DB E0 CB 95 9B E6 13 79 00 u.2..8........y. 05[IKE] 368: E8 79 75 D9 32 52 6E 2F 33 6F 70 94 FA 17 AF 31 .yu.2Rn/3op....1 05[IKE] 384: 63 95 65 44 19 1E DF 46 0A A1 45 A5 08 68 EA 43 c.eD...F..E..h.C 05[IKE] 400: B9 . 05[LIB] hash input userx => 401 bytes @ 0x8094f30 05[LIB] 0: E0 C2 AB 38 7D 4B 37 54 36 AD A0 1C B1 F5 48 5C ...8}K7T6.....H\ 05[LIB] 16: 21 20 22 20 00 00 00 00 00 00 01 4D 22 00 00 2C ! " .......M".., 05[LIB] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............ 05[LIB] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................ 05[LIB] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(....... 05[LIB] 80: 55 4F 27 67 EF 8D 2B F5 E2 B2 72 45 1A D3 72 41 UO'g..+...rE..rA 05[LIB] 96: FE 04 12 09 D7 B0 DD 7E 2B 77 6B DA CB AF 0B 71 .......~+wk....q 05[LIB] 112: EF BA CB 44 28 0E AF 8E 5B 44 0B 50 E9 EF C1 7F ...D(...[D.P.... 05[LIB] 128: CC EC 22 76 8D F9 C0 08 77 8D C8 1A C4 79 49 03 .."v....w....yI. 05[LIB] 144: 00 1C F0 C7 60 E0 58 29 A4 D4 8E AD 5D 87 4D B0 ....`.X)....].M. 05[LIB] 160: 87 A5 6C 11 48 2C 36 20 FB E2 71 5F B8 16 6D B6 ..l.H,6 ..q_..m. 05[LIB] 176: 33 7D 30 A8 77 65 0F 51 64 9E 54 02 B3 9B F4 CA 3}0.we.Qd.T..... 05[LIB] 192: 15 E4 D6 E5 F0 7D 27 35 F2 27 A0 DB 57 B6 B8 CC .....}'5.'..W... 05[LIB] 208: 29 00 00 24 D7 BB 21 6C FF 32 4C 79 2E C5 BD 41 )..$..!l.2Ly...A 05[LIB] 224: DF 90 28 C3 B1 B9 90 46 16 70 21 BE 0D E5 5D E4 ..(....F.p!...]. 05[LIB] 240: 23 05 71 6A 29 00 00 1C 00 00 40 04 D7 DB 7C 57 #.qj).....@...|W 05[LIB] 256: 50 1E D4 27 40 F0 80 8D 22 F5 CA AA 49 F2 57 81 P..'@..."...I.W. 05[LIB] 272: 26 00 00 1C 00 00 40 05 33 75 16 0A ED E8 6A 44 &[email protected] 05[LIB] 288: 55 4F 33 7C BA E0 BA 76 D7 1E 7E 90 29 00 00 19 UO3|...v..~.)... 05[LIB] 304: 04 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 .......j<.9EWx.A 05[LIB] 320: 45 12 B0 33 6F 00 00 00 08 00 00 40 14 AA 04 4B [email protected] 05[LIB] 336: 22 1E 13 B9 71 00 4D 84 A4 D5 91 70 A5 7D B9 7B "...q.M....p.}.{ 05[LIB] 352: 75 A2 32 86 14 38 1A DB E0 CB 95 9B E6 13 79 00 u.2..8........y. 05[LIB] 368: E8 79 75 D9 32 52 6E 2F 33 6F 70 94 FA 17 AF 31 .yu.2Rn/3op....1 05[LIB] 384: 63 95 65 44 19 1E DF 46 0A A1 45 A5 08 68 EA 43 c.eD...F..E..h.C 05[LIB] 400: B9 . 05[LIB] hash output userx => 20 bytes @ 0x8095bd0 05[LIB] 0: 27 EB BA 3F 79 C8 12 1C 63 0E CC B1 BF 75 4E 96 '..?y...c....uN. 05[LIB] 16: 96 C6 EB 85 .... 05[IKE] authentication of 'C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient' (myself) with RSA signature successful 05[IKE] sending end entity cert "C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient" 05[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH EAP ] 05[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500] 06[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500] 06[ENC] data before decryption => 16 bytes @ 0x8096258 06[ENC] 0: E9 1C F7 22 C3 55 47 5D BA 2E 2F A2 05 29 F4 B5 ...".UG]../..).. 06[ENC] data after decryption with padding => 16 bytes @ 0x8096338 06[ENC] 0: 00 00 00 0D 02 00 00 09 01 74 65 73 74 00 00 02 .........test... 06[ENC] parsed IKE_AUTH request 2 [ EAP ] 06[IKE] received EAP identity 'test' 06[IKE] initiating EAP_MSCHAPV2 06[ENC] generating IKE_AUTH response 2 [ EAP ] 06[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500] 07[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500] 07[ENC] data before decryption => 72 bytes @ 0x8094e60 07[ENC] 0: F8 CE B5 A5 4C E5 01 C7 90 1E 08 35 35 ED 3E 8B ....L......55.>. 07[ENC] 16: BA C2 C4 94 05 52 7C 04 10 7B C8 6D D9 35 12 05 .....R|..{.m.5.. 07[ENC] 32: A2 64 A3 B7 3C 70 B5 98 FF 8D 9E 4D D0 A8 70 65 .d..<p.....M..pe 07[ENC] 48: 8D 8F 93 F0 1F D6 AC 2A 76 36 F6 02 30 7E A6 0A .......*v6..0~.. 07[ENC] 64: 83 10 E7 1A 55 A6 FF 57 ....U..W 07[ENC] data after decryption with padding => 72 bytes @ 0x8093730 07[ENC] 0: 00 00 00 43 02 AD 00 3F 1A 02 AD 00 3A 31 DA 81 ...C...?....:1.. 07[ENC] 16: 3E 87 D4 BA 59 EF DE 07 EC F1 5B 22 39 86 00 00 >...Y.....["9... 07[ENC] 32: 00 00 00 00 00 00 D4 BF D8 C3 0B A8 76 75 29 DA ............vu). 07[ENC] 48: 3C 06 41 B3 B4 42 88 E0 4B 51 1F 7A AB 16 00 74 <.A..B..KQ.z...t 07[ENC] 64: 65 73 74 00 00 00 00 04 est..... 07[ENC] parsed IKE_AUTH request 3 [ EAP ] 07[LIB] hash input userx => 36 bytes @ 0xb5594e20 07[LIB] 0: DA 81 3E 87 D4 BA 59 EF DE 07 EC F1 5B 22 39 86 ..>...Y.....["9. 07[LIB] 16: D9 DE BA 7A 29 E2 4E 05 B6 56 1F 74 FD 2A AF 17 ...z).N..V.t.*.. 07[LIB] 32: 74 65 73 74 test 07[LIB] hash output userx => 20 bytes @ 0x8096f28 07[LIB] 0: 38 B8 A7 13 0C 34 52 66 1B 76 07 C7 8C 35 79 FA 8....4Rf.v...5y. 07[LIB] 16: AD DB A6 C9 .... 07[LIB] hash input userx => 79 bytes @ 0xb5594e00 07[LIB] 0: 20 66 65 6E 05 C2 2F 3A 99 5A D9 EC FE D9 13 D6 fen../:.Z...... 07[LIB] 16: D4 BF D8 C3 0B A8 76 75 29 DA 3C 06 41 B3 B4 42 ......vu).<.A..B 07[LIB] 32: 88 E0 4B 51 1F 7A AB 16 4D 61 67 69 63 20 73 65 ..KQ.z..Magic se 07[LIB] 48: 72 76 65 72 20 74 6F 20 63 6C 69 65 6E 74 20 73 rver to client s 07[LIB] 64: 69 67 6E 69 6E 67 20 63 6F 6E 73 74 61 6E 74 igning constant 07[LIB] hash output userx => 20 bytes @ 0x8094a10 07[LIB] 0: EE 8D 11 5B 10 B1 74 10 49 30 EE 6B 46 C8 26 5F ...[..t.I0.kF.&_ 07[LIB] 16: C8 FE 5A 93 ..Z. 07[LIB] hash input userx => 69 bytes @ 0xb5594da0 07[LIB] 0: EE 8D 11 5B 10 B1 74 10 49 30 EE 6B 46 C8 26 5F ...[..t.I0.kF.&_ 07[LIB] 16: C8 FE 5A 93 38 B8 A7 13 0C 34 52 66 50 61 64 20 ..Z.8....4RfPad 07[LIB] 32: 74 6F 20 6D 61 6B 65 20 69 74 20 64 6F 20 6D 6F to make it do mo 07[LIB] 48: 72 65 20 74 68 61 6E 20 6F 6E 65 20 69 74 65 72 re than one iter 07[LIB] 64: 61 74 69 6F 6E ation 07[LIB] hash output userx => 20 bytes @ 0x80971b0 07[LIB] 0: 39 D4 99 D3 92 A9 43 33 BD 73 8F 0C 15 9E 26 4B 9.....C3.s....&K 07[LIB] 16: 22 F8 3D 2C ".=, 07[LIB] hash input userx => 67 bytes @ 0xb5594dd0 07[LIB] 0: 20 66 65 6E 05 C2 2F 3A 99 5A D9 EC FE D9 13 D6 fen../:.Z...... 07[LIB] 16: D4 BF D8 C3 0B A8 76 75 29 DA 3C 06 41 B3 B4 42 ......vu).<.A..B 07[LIB] 32: 88 E0 4B 51 1F 7A AB 16 54 68 69 73 20 69 73 20 ..KQ.z..This is 07[LIB] 48: 74 68 65 20 4D 50 50 45 20 4D 61 73 74 65 72 20 the MPPE Master 07[LIB] 64: 4B 65 79 Key 07[LIB] hash output userx => 20 bytes @ 0x80971c8 07[LIB] 0: C1 B1 CC F2 9A D8 84 9D D6 C3 9A 22 63 7F EC D4 ..........."c... 07[LIB] 16: B1 AB FC 52 ...R 07[LIB] hash input userx => 180 bytes @ 0xb5594d00 07[LIB] 0: C1 B1 CC F2 9A D8 84 9D D6 C3 9A 22 63 7F EC D4 ..........."c... 07[LIB] 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 07[LIB] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 07[LIB] 48: 00 00 00 00 00 00 00 00 4F 6E 20 74 68 65 20 63 ........On the c 07[LIB] 64: 6C 69 65 6E 74 20 73 69 64 65 2C 20 74 68 69 73 lient side, this 07[LIB] 80: 20 69 73 20 74 68 65 20 73 65 6E 64 20 6B 65 79 is the send key 07[LIB] 96: 3B 20 6F 6E 20 74 68 65 20 73 65 72 76 65 72 20 ; on the server 07[LIB] 112: 73 69 64 65 2C 20 69 74 20 69 73 20 74 68 65 20 side, it is the 07[LIB] 128: 72 65 63 65 69 76 65 20 6B 65 79 2E F2 F2 F2 F2 receive key..... 07[LIB] 144: F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 ................ 07[LIB] 160: F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 ................ 07[LIB] 176: F2 F2 F2 F2 .... 07[LIB] hash output userx => 20 bytes @ 0x8094a10 07[LIB] 0: FE AE 67 1B 8E FC CF 6E A2 3E E6 E2 BC A2 10 F9 ..g....n.>...... 07[LIB] 16: 05 B0 35 38 ..58 07[LIB] hash input userx => 180 bytes @ 0xb5594c30 07[LIB] 0: C1 B1 CC F2 9A D8 84 9D D6 C3 9A 22 63 7F EC D4 ..........."c... 07[LIB] 16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 07[LIB] 32: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 07[LIB] 48: 00 00 00 00 00 00 00 00 4F 6E 20 74 68 65 20 63 ........On the c 07[LIB] 64: 6C 69 65 6E 74 20 73 69 64 65 2C 20 74 68 69 73 lient side, this 07[LIB] 80: 20 69 73 20 74 68 65 20 72 65 63 65 69 76 65 20 is the receive 07[LIB] 96: 6B 65 79 3B 20 6F 6E 20 74 68 65 20 73 65 72 76 key; on the serv 07[LIB] 112: 65 72 20 73 69 64 65 2C 20 69 74 20 69 73 20 74 er side, it is t 07[LIB] 128: 68 65 20 73 65 6E 64 20 6B 65 79 2E F2 F2 F2 F2 he send key..... 07[LIB] 144: F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 ................ 07[LIB] 160: F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 ................ 07[LIB] 176: F2 F2 F2 F2 .... 07[LIB] hash output userx => 20 bytes @ 0x8093730 07[LIB] 0: E5 A5 23 DC 08 A9 09 1D C4 45 06 AF 60 6E AB 42 ..#......E..`n.B 07[LIB] 16: C6 33 40 53 ....@s 07[ENC] generating IKE_AUTH response 3 [ EAP ] 07[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500] 08[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500] 08[ENC] data before decryption => 16 bytes @ 0x8094e88 08[ENC] 0: 3C A5 14 27 CA E1 A0 41 F4 DE 3F 19 30 C1 8E 03 <..'...A..?.0... 08[ENC] data after decryption with padding => 16 bytes @ 0x8097578 08[ENC] 0: 00 00 00 0A 02 AE 00 06 1A 03 00 00 00 00 00 05 ................ 08[ENC] parsed IKE_AUTH request 4 [ EAP ] 08[IKE] EAP method EAP_MSCHAPV2 succeeded, MSK established 08[ENC] generating IKE_AUTH response 4 [ EAP ] 08[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500] 09[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500] 09[ENC] data before decryption => 32 bytes @ 0x8094d00 09[ENC] 0: DC D0 71 31 6C 67 AF B2 7A 51 94 1E 8F A3 4B D6 ..q1lg..zQ....K. 09[ENC] 16: 37 D3 18 FC 68 81 10 D6 D1 92 DB B7 37 ED A0 AF 7...h.......7... 09[ENC] data after decryption with padding => 32 bytes @ 0x8094d30 09[ENC] 0: 00 00 00 1C 02 00 00 00 ED 6B 09 2E 9B B6 9E 9A .........k...... 09[ENC] 16: D3 21 08 AA C2 88 8B 93 20 01 9F BD 00 00 00 03 .!...... ....... 09[ENC] parsed IKE_AUTH request 5 [ AUTH ] 09[IKE] IDx' => 8 bytes @ 0xb45930d0 09[IKE] 0: 01 00 00 00 C0 A8 0A 0C ........ 09[IKE] skp' => 20 bytes @ 0x80961b8 09[IKE] 0: 3B 5F B7 0B E0 3B AE 9A 17 CF 55 C6 E3 2F 0D 2A ;_...;....U../.* 09[IKE] 16: 2A 20 3F A6 * ?. 09[IKE] octets = message + nonce + prf(Sk_px, IDx') => 580 bytes @ 0x8094950 09[IKE] 0: E0 C2 AB 38 7D 4B 37 54 00 00 00 00 00 00 00 00 ...8}K7T........ 09[IKE] 16: 21 20 22 08 00 00 00 00 00 00 02 10 22 00 01 00 ! "........."... 09[IKE] 32: 02 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............ 09[IKE] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................ 09[IKE] 64: 00 00 00 08 04 00 00 02 02 00 00 2C 02 01 00 04 ...........,.... 09[IKE] 80: 03 00 00 0C 01 00 00 0C 80 0E 01 00 03 00 00 08 ................ 09[IKE] 96: 03 00 00 02 03 00 00 08 02 00 00 02 00 00 00 08 ................ 09[IKE] 112: 04 00 00 02 02 00 00 28 03 01 00 04 03 00 00 08 .......(........ 09[IKE] 128: 01 00 00 03 03 00 00 08 03 00 00 0C 03 00 00 08 ................ 09[IKE] 144: 02 00 00 05 00 00 00 08 04 00 00 02 02 00 00 2C ..............., 09[IKE] 160: 04 01 00 04 03 00 00 0C 01 00 00 0C 80 0E 01 00 ................ 09[IKE] 176: 03 00 00 08 03 00 00 0C 03 00 00 08 02 00 00 05 ................ 09[IKE] 192: 00 00 00 08 04 00 00 02 02 00 00 28 05 01 00 04 ...........(.... 09[IKE] 208: 03 00 00 08 01 00 00 03 03 00 00 08 03 00 00 0D ................ 09[IKE] 224: 03 00 00 08 02 00 00 06 00 00 00 08 04 00 00 02 ................ 09[IKE] 240: 00 00 00 2C 06 01 00 04 03 00 00 0C 01 00 00 0C ...,............ 09[IKE] 256: 80 0E 01 00 03 00 00 08 03 00 00 0D 03 00 00 08 ................ 09[IKE] 272: 02 00 00 06 00 00 00 08 04 00 00 02 28 00 00 88 ............(... 09[IKE] 288: 00 02 00 00 CB 6B 7A 3D EC 3F E7 CB EF 4A 84 56 .....kz=.?...J.V 09[IKE] 304: 13 12 13 8C 83 C2 77 39 32 9B 99 2C BC 6E D7 D6 ......w92..,.n.. 09[IKE] 320: 0A 3A CE 66 3F 69 9B 79 39 6B AD 9A A9 9B E9 86 .:.f?i.y9k...... 09[IKE] 336: E1 66 EC 15 53 DD 0C 60 EE 40 6C AF FA F1 CA CA .f..s....@l..... 09[IKE] 352: AC AF 6B 6D 44 C8 4B 37 5E 75 FE DC CB 19 BF 47 ..kmD.K7^u.....G 09[IKE] 368: 61 8A D2 D0 80 B1 C4 28 DB 3D 5F C4 E4 74 9E 6A a......(.=_..t.j 09[IKE] 384: A3 E1 B2 2D BC EB DB 2C 25 54 7D 32 CF BC 4A 28 ...-...,%T}2..J( 09[IKE] 400: 82 34 14 4C 30 6F 8A 49 B1 38 BD 7D 3B 57 2F FA .4.L0o.I.8.};W/. 09[IKE] 416: FF 73 1E 9E 29 00 00 34 AA 04 4B 22 1E 13 B9 71 .s..)..4..K"...q 09[IKE] 432: 00 4D 84 A4 D5 91 70 A5 7D B9 7B 75 A2 32 86 14 .M....p.}.{u.2.. 09[IKE] 448: 38 1A DB E0 CB 95 9B E6 13 79 00 E8 79 75 D9 32 8........y..yu.2 09[IKE] 464: 52 6E 2F 33 6F 70 94 FA 29 00 00 1C 00 00 40 04 Rn/3op..).....@. 09[IKE] 480: 76 2B 00 04 4A 79 19 9B 13 EF B8 D6 61 63 5E 80 v+..Jy......ac^. 09[IKE] 496: E8 24 7F B2 00 00 00 1C 00 00 40 05 1B 23 74 7B .$........@..#t{ 09[IKE] 512: F9 4C 1D D8 11 24 AF E6 09 FF E8 F6 44 CF AE 1C .L...$......D... 09[IKE] 528: D7 BB 21 6C FF 32 4C 79 2E C5 BD 41 DF 90 28 C3 ..!l.2Ly...A..(. 09[IKE] 544: B1 B9 90 46 16 70 21 BE 0D E5 5D E4 23 05 71 6A ...F.p!...].#.qj 09[IKE] 560: C2 DB E6 88 68 A3 17 66 4B 9A CA 0A F3 54 E0 B2 ....h..fK....T.. 09[IKE] 576: 81 C9 15 F9 .... 09[IKE] authentication of '192.168.10.12' with EAP successful 09[IKE] authentication of 'C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient' (myself) with EAP 09[IKE] IDx' => 92 bytes @ 0xb4593080 09[IKE] 0: 09 00 00 00 30 56 31 0B 30 09 06 03 55 04 06 13 ....0V1.0...U... 09[IKE] 16: 02 44 45 31 10 30 0E 06 03 55 04 08 13 07 42 61 .DE1.0...U....Ba 09[IKE] 32: 76 61 72 69 61 31 10 30 0E 06 03 55 04 0A 13 07 varia1.0...U.... 09[IKE] 48: 53 69 65 6D 65 6E 73 31 0F 30 0D 06 03 55 04 0B Siemens1.0...U.. 09[IKE] 64: 13 06 61 6E 64 65 72 65 31 12 30 10 06 03 55 04 ..andere1.0...U. 09[IKE] 80: 03 13 09 69 6B 65 63 6C 69 65 6E 74 ...ikeclient 09[IKE] skp' => 20 bytes @ 0x8097210 09[IKE] 0: 3D 75 98 E0 6D F6 75 5D 1A 5A 41 C6 D1 A9 FB 04 =u..m.u].ZA..... 09[IKE] 16: 64 6F 46 E7 doF. 09[IKE] octets = message + nonce + prf(Sk_px, IDx') => 401 bytes @ 0x8094950 09[IKE] 0: E0 C2 AB 38 7D 4B 37 54 36 AD A0 1C B1 F5 48 5C ...8}K7T6.....H\ 09[IKE] 16: 21 20 22 20 00 00 00 00 00 00 01 4D 22 00 00 2C ! " .......M".., 09[IKE] 32: 00 00 00 28 01 01 00 04 03 00 00 08 01 00 00 03 ...(............ 09[IKE] 48: 03 00 00 08 03 00 00 02 03 00 00 08 02 00 00 02 ................ 09[IKE] 64: 00 00 00 08 04 00 00 02 28 00 00 88 00 02 00 00 ........(....... 09[IKE] 80: 55 4F 27 67 EF 8D 2B F5 E2 B2 72 45 1A D3 72 41 UO'g..+...rE..rA 09[IKE] 96: FE 04 12 09 D7 B0 DD 7E 2B 77 6B DA CB AF 0B 71 .......~+wk....q 09[IKE] 112: EF BA CB 44 28 0E AF 8E 5B 44 0B 50 E9 EF C1 7F ...D(...[D.P.... 09[IKE] 128: CC EC 22 76 8D F9 C0 08 77 8D C8 1A C4 79 49 03 .."v....w....yI. 09[IKE] 144: 00 1C F0 C7 60 E0 58 29 A4 D4 8E AD 5D 87 4D B0 ....`.X)....].M. 09[IKE] 160: 87 A5 6C 11 48 2C 36 20 FB E2 71 5F B8 16 6D B6 ..l.H,6 ..q_..m. 09[IKE] 176: 33 7D 30 A8 77 65 0F 51 64 9E 54 02 B3 9B F4 CA 3}0.we.Qd.T..... 09[IKE] 192: 15 E4 D6 E5 F0 7D 27 35 F2 27 A0 DB 57 B6 B8 CC .....}'5.'..W... 09[IKE] 208: 29 00 00 24 D7 BB 21 6C FF 32 4C 79 2E C5 BD 41 )..$..!l.2Ly...A 09[IKE] 224: DF 90 28 C3 B1 B9 90 46 16 70 21 BE 0D E5 5D E4 ..(....F.p!...]. 09[IKE] 240: 23 05 71 6A 29 00 00 1C 00 00 40 04 D7 DB 7C 57 #.qj).....@...|W 09[IKE] 256: 50 1E D4 27 40 F0 80 8D 22 F5 CA AA 49 F2 57 81 P..'@..."...I.W. 09[IKE] 272: 26 00 00 1C 00 00 40 05 33 75 16 0A ED E8 6A 44 &[email protected] 09[IKE] 288: 55 4F 33 7C BA E0 BA 76 D7 1E 7E 90 29 00 00 19 UO3|...v..~.)... 09[IKE] 304: 04 95 E0 B8 F0 CF DF 6A 3C 9B 39 45 57 78 1C 41 .......j<.9EWx.A 09[IKE] 320: 45 12 B0 33 6F 00 00 00 08 00 00 40 14 AA 04 4B [email protected] 09[IKE] 336: 22 1E 13 B9 71 00 4D 84 A4 D5 91 70 A5 7D B9 7B "...q.M....p.}.{ 09[IKE] 352: 75 A2 32 86 14 38 1A DB E0 CB 95 9B E6 13 79 00 u.2..8........y. 09[IKE] 368: E8 79 75 D9 32 52 6E 2F 33 6F 70 94 FA 17 AF 31 .yu.2Rn/3op....1 09[IKE] 384: 63 95 65 44 19 1E DF 46 0A A1 45 A5 08 68 EA 43 c.eD...F..E..h.C 09[IKE] 400: B9 . 09[IKE] scheduling reauthentication in 9797s 09[IKE] maximum IKE_SA lifetime 10337s 09[IKE] IKE_SA host-host[1] established between 192.168.10.90[C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient]...192.168.10.12[192.168.10.12] 09[IKE] peer requested virtual IP %any 09[CFG] assigning new lease to '192.168.10.12' 09[IKE] assigning virtual IP 10.10.3.1 to peer 09[IKE] allocating SPI failed 09[ENC] generating IKE_AUTH response 5 [ AUTH CP N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) N(NO_PROP) ] 09[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500] 10[NET] received packet: from 192.168.10.12[4500] to 192.168.10.90[4500] 10[ENC] data before decryption => 16 bytes @ 0x8094d60 10[ENC] 0: 45 FC C3 F7 62 B6 E0 BC 02 D3 AE AB 94 F4 0F 1A E...b........... 10[ENC] data after decryption with padding => 16 bytes @ 0x80974f8 10[ENC] 0: 00 00 00 08 01 00 00 00 00 00 00 00 00 00 00 07 ................ 10[ENC] parsed INFORMATIONAL request 6 [ D ] 10[IKE] received DELETE for IKE_SA host-host[1] 10[IKE] deleting IKE_SA host-host[1] between 192.168.10.90[C=DE, ST=Bavaria, O=Siemens, OU=andere, CN=ikeclient]...192.168.10.12[192.168.10.12] 10[IKE] IKE_SA deleted 10[ENC] generating INFORMATIONAL response 6 [ ] 10[NET] sending packet: from 192.168.10.90[4500] to 192.168.10.12[4500] 10[CFG] lease 10.10.3.1 by '192.168.10.12' went offline 01[DMN] signal of type SIGINT received. Shutting down Mit freundlichem Gruß / Best regards Sven Kerschbaum Siemens AG Industry Sector Industry Automation Division mailto:[email protected] http://www.siemens.com/automation Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme Managing Board: Peter Loescher, Chairman, President and Chief Executive Officer; Wolfgang Dehen, Heinrich Hiesinger, Joe Kaeser, Barbara Kux, Hermann Requardt, Siegfried Russwurm, Peter Y. Solmssen Registered offices: Berlin and Munich; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684 WEEE-Reg.-No. DE 23691322 -----Ursprüngliche Nachricht----- Von: Andreas Steffen [mailto:[email protected]] Gesendet: Freitag, 7. Mai 2010 15:01 An: Kerschbaum, Sven; Martin Willi Cc: [email protected] Betreff: Aw: Re: [strongSwan] strongSwan + Windows 7 + IKEv2 + MSCHAPv2 (Username and password) Did you read the certificate constraints defined in http://wiki.strongswan.org/projects/strongswan/wiki/Win7cCertReq - gateway name contained either in CN or subjectAltName. - serverAuth Extended Key Usage flag andreas ----- Ursprüngliche Mitteilung ----- > Yeah, right. I already changed the ipsec.conf to: > > leftsendcert=always > > strongSwan generates now the IKE AUTH response IKE AUTH [Idr AUTH CERT EAP]. > > Now it's a step further but Win 7 still complains with the following message: > > "Error 13801: IKE authentication credentials are unacceptable" > > In Win 7 I installed CA certificate used by the strongSwan server as a trusted > root certificate. I also made an entry to the Win 7 - host file mapping cert > details to the IP address of the strongSwan server. > > 192.168.10.90 ikeclient > > Hmm... Thanks for your assistance and great help! > > Mit freundlichem Gruß / Best regards > > Sven Kerschbaum > > Siemens AG > Industry Sector Industry Automation Division, I IA&DT ATS 12 > mailto:[email protected] > http://www.siemens.com/automation > > Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme > Managing Board: Peter Loescher, Chairman, President and Chief Executive > Officer; > Wolfgang Dehen, Heinrich Hiesinger, Joe Kaeser, Barbara Kux, Hermann Requardt, > Siegfried Russwurm, Peter Y. Solmssen > Registered offices: Berlin and Munich; > Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684 > WEEE-Reg.-No. DE 23691322 > > > > -----Ursprüngliche Nachricht----- > Von: Martin Willi [mailto:[email protected]] > Gesendet: Freitag, 7. Mai 2010 13:44 > An: Kerschbaum, Sven > Cc: [email protected] > Betreff: Re: AW: [strongSwan] strongSwan + Windows 7 + IKEv2 + MSCHAPv2 > (Username and password) > > Hi again, > > > the response is just a little bit below: > > A yes, haven't seen the first authentication round in the log. > > > Why does strongSwan not reply with IKE AUTH [Idr AUTH CERT EAP REQ/ID] > > > leftsendcert=never > > Looks suspicious ;-). The example configuration uses > rightsendcert=never, which actually says to not request a certificate > from the client. leftsendcert=never will not include our own > certificate, for example if a client already has the peer certificate of > the gateway. But Windows 7 always expects a certificate payload to > authenticate the gateway. > > Regards > Martin > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
