Hi, I need help/suggestion on the issue I am facing with StrongSwan attestation.
I am working on enabling StrongSwan to verify PCRS of TPM of a client machine. I followed instruction from StrongSwan wiki: https://wiki.strongswan.org/projects/strongswan/wiki/IMA I have a client with CENTOS 7 client with TPM Emulator and Trousers s/w running tpm_version version prints following tpm_version TPM 1.2 Version Info: Chip Version: 1.2.18.145 Spec Level: 2 Errata Revision: 3 TPM Vendor ID: IBM TPM Version: 01010000 Manufacturer Info: 49424d00 So all good here. Following the instructions, I installed strongTNC Manager also.. Looks like client is connecting to the server fine as can be seen from the log statements . I see the device id being generated also in logs but strongTNC manager does not show that device id. As per instruction , I suppose the devices will get added to the SqlLite db as soon they connect to the server and then they can be made to Trust by checking the box in the strongTNC UI. Here is the partial log from the server side (ss-moon). I see imv_attestation_agent :no workitems available - no evaluation possible (I added imv_attestation_agent to the src code to see from where the above message is coming) imcv.conf on serverside (moon) has following libimcv { plugins { imv-attestation { database = sqlite:///etc/pts/config.db hash_algorithm = sha1 } } } And /etc/tnc_config on server has IMV "Attestation" /usr/lib64/strongswan/imcvs/imv-attestation.so Please let me know if you any thing else . May 31 15:47:05 ss-moon charon: 07[ENC] parsed IKE_AUTH request 7 [ EAP/RES/TTLS ] May 31 15:47:05 ss-moon charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] May 31 15:47:05 ss-moon charon: 07[TNC] assigned TNCCS Connection ID 2 May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh May 31 15:47:05 ss-moon charon: 07[IMV] over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes May 31 15:47:05 ss-moon charon: 07[IMV] user AR identity 'ss-carol' of type username authenticated by certificate May 31 15:47:05 ss-moon charon: 07[IMV] machine AR identity ‘<IP>' of type IPv4 address authenticated by unknown method May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Handshake' May 31 15:47:05 ss-moon charon: 07[TNC] received TNCCS batch (360 bytes) May 31 15:47:05 ss-moon charon: 07[TNC] => 360 bytes @ 0x7fb8480018b6 May 31 15:47:05 ss-moon charon: 07[TNC] 0: 02 00 00 01 00 00 01 68 00 00 00 00 00 00 00 06 .......h........ May 31 15:47:05 ss-moon charon: 07[TNC] 16: 00 00 00 1F 41 63 63 65 70 74 2D 4C 61 6E 67 75 ....Accept-Langu May 31 15:47:05 ss-moon charon: 07[TNC] 32: 61 67 65 3A 20 65 6E 80 00 00 00 00 00 00 01 00 age: en......... May 31 15:47:05 ss-moon charon: 07[TNC] 48: 00 00 F1 00 00 00 00 00 00 00 01 00 01 FF FF 01 ................ May 31 15:47:05 ss-moon charon: 07[TNC] 64: 00 00 00 44 53 1E 5F 00 00 00 00 00 00 00 02 00 ...DS._......... May 31 15:47:05 ss-moon charon: 07[TNC] 80: 00 00 17 00 00 00 00 00 43 65 6E 74 4F 53 00 00 ........CentOS.. May 31 15:47:05 ss-moon charon: 07[TNC] 96: 00 00 00 00 00 04 00 00 00 26 17 37 2E 31 2E 31 .........&.7.1.1 May 31 15:47:05 ss-moon charon: 07[TNC] 112: 35 30 33 20 28 43 6F 72 65 29 20 20 78 38 36 5F 503 (Core) x86_ May 31 15:47:05 ss-moon charon: 07[TNC] 128: 36 34 00 00 00 00 00 00 00 00 00 03 00 00 00 1C 64.............. May 31 15:47:05 ss-moon charon: 07[TNC] 144: 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00 ................ May 31 15:47:05 ss-moon charon: 07[TNC] 160: 00 00 00 00 00 00 00 05 00 00 00 24 03 01 00 00 ...........$.... May 31 15:47:05 ss-moon charon: 07[TNC] 176: 32 30 31 36 2D 30 35 2D 32 39 54 31 36 3A 32 36 2016-05-29T16:26 May 31 15:47:05 ss-moon charon: 07[TNC] 192: 3A 30 32 5A 00 00 00 00 00 00 00 0B 00 00 00 10 :02Z............ May 31 15:47:05 ss-moon charon: 07[TNC] 208: 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 10 ................ May 31 15:47:05 ss-moon charon: 07[TNC] 224: 00 00 00 00 00 00 90 2A 00 00 00 08 00 00 00 34 .......*.......4 May 31 15:47:05 ss-moon charon: 07[TNC] 240: 33 38 65 30 33 33 30 37 32 36 38 31 30 39 35 63 38e033072681095c May 31 15:47:05 ss-moon charon: 07[TNC] 256: 31 31 66 35 62 36 35 30 66 65 31 36 61 38 65 37 11f5b650fe16a8e7 May 31 15:47:05 ss-moon charon: 07[TNC] 272: 63 62 62 30 38 37 39 32 80 00 00 00 00 00 00 01 cbb08792........ May 31 15:47:05 ss-moon charon: 07[TNC] 288: 00 00 00 50 00 00 00 00 00 00 00 07 00 02 FF FF ...P............ May 31 15:47:05 ss-moon charon: 07[TNC] 304: 01 00 00 00 97 8B C2 6F 80 00 00 00 00 00 00 06 .......o........ May 31 15:47:05 ss-moon charon: 07[TNC] 320: 00 00 00 30 00 06 47 05 00 06 00 16 00 11 01 F4 ...0..G......... May 31 15:47:05 ss-moon charon: 07[TNC] 336: 00 11 E1 00 00 11 00 44 00 11 11 94 00 11 A8 9F .......D........ May 31 15:47:05 ss-moon charon: 07[TNC] 352: 00 11 40 7A 00 11 F3 AB ..@z.... May 31 15:47:05 ss-moon charon: 07[TNC] TNC server is handling inbound connection May 31 15:47:05 ss-moon charon: 07[TNC] processing PB-TNC CDATA batch for Connection ID 2 May 31 15:47:05 ss-moon charon: 07[TNC] PB-TNC state transition from 'Init' to 'Server Working' May 31 15:47:05 ss-moon charon: 07[TNC] processing IETF/PB-Language-Preference message (31 bytes) May 31 15:47:05 ss-moon charon: 07[TNC] processing IETF/PB-PA message (241 bytes) May 31 15:47:05 ss-moon charon: 07[TNC] processing IETF/PB-PA message (80 bytes) May 31 15:47:05 ss-moon charon: 07[TNC] setting language preference to 'en' May 31 15:47:05 ss-moon charon: 07[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001 May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 1 May 31 15:47:05 ss-moon charon: 07[IMV] => 217 bytes @ 0x7fb848003770 May 31 15:47:05 ss-moon charon: 07[IMV] 0: 01 00 00 00 44 53 1E 5F 00 00 00 00 00 00 00 02 ....DS._........ May 31 15:47:05 ss-moon charon: 07[IMV] 16: 00 00 00 17 00 00 00 00 00 43 65 6E 74 4F 53 00 .........CentOS. May 31 15:47:05 ss-moon charon: 07[IMV] 32: 00 00 00 00 00 00 04 00 00 00 26 17 37 2E 31 2E ..........&.7.1. May 31 15:47:05 ss-moon charon: 07[IMV] 48: 31 35 30 33 20 28 43 6F 72 65 29 20 20 78 38 36 1503 (Core) x86 May 31 15:47:05 ss-moon charon: 07[IMV] 64: 5F 36 34 00 00 00 00 00 00 00 00 00 03 00 00 00 _64............. May 31 15:47:05 ss-moon charon: 07[IMV] 80: 1C 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 ................ May 31 15:47:05 ss-moon charon: 07[IMV] 96: 00 00 00 00 00 00 00 00 05 00 00 00 24 03 01 00 ............$... May 31 15:47:05 ss-moon charon: 07[IMV] 112: 00 32 30 31 36 2D 30 35 2D 32 39 54 31 36 3A 32 .2016-05-29T16:2 May 31 15:47:05 ss-moon charon: 07[IMV] 128: 36 3A 30 32 5A 00 00 00 00 00 00 00 0B 00 00 00 6:02Z........... May 31 15:47:05 ss-moon charon: 07[IMV] 144: 10 00 00 00 00 00 00 00 00 00 00 00 0C 00 00 00 ................ May 31 15:47:05 ss-moon charon: 07[IMV] 160: 10 00 00 00 00 00 00 90 2A 00 00 00 08 00 00 00 ........*....... May 31 15:47:05 ss-moon charon: 07[IMV] 176: 34 33 38 65 30 33 33 30 37 32 36 38 31 30 39 35 438e033072681095 May 31 15:47:05 ss-moon charon: 07[IMV] 192: 63 31 31 66 35 62 36 35 30 66 65 31 36 61 38 65 c11f5b650fe16a8e May 31 15:47:05 ss-moon charon: 07[IMV] 208: 37 63 62 62 30 38 37 39 32 7cbb08792 May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC message with ID 0x44531e5f May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002 May 31 15:47:05 ss-moon charon: 07[TNC] => 11 bytes @ 0x7fb848003784 May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 00 00 00 43 65 6E 74 4F 53 .....CentOS May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004 May 31 15:47:05 ss-moon charon: 07[TNC] => 26 bytes @ 0x7fb84800379b May 31 15:47:05 ss-moon charon: 07[TNC] 0: 17 37 2E 31 2E 31 35 30 33 20 28 43 6F 72 65 29 .7.1.1503 (Core) May 31 15:47:05 ss-moon charon: 07[TNC] 16: 20 20 78 38 36 5F 36 34 00 00 x86_64.. May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003 May 31 15:47:05 ss-moon charon: 07[TNC] => 16 bytes @ 0x7fb8480037c1 May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 00 ................ May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005 May 31 15:47:05 ss-moon charon: 07[TNC] => 24 bytes @ 0x7fb8480037dd May 31 15:47:05 ss-moon charon: 07[TNC] 0: 03 01 00 00 32 30 31 36 2D 30 35 2D 32 39 54 31 ....2016-05-29T1 May 31 15:47:05 ss-moon charon: 07[TNC] 16: 36 3A 32 36 3A 30 32 5A 6:26:02Z May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848003801 May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 00 00 .... May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848003811 May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 00 00 .... May 31 15:47:05 ss-moon charon: 07[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008 May 31 15:47:05 ss-moon charon: 07[TNC] => 40 bytes @ 0x7fb848003821 May 31 15:47:05 ss-moon charon: 07[TNC] 0: 33 38 65 30 33 33 30 37 32 36 38 31 30 39 35 63 38e033072681095c May 31 15:47:05 ss-moon charon: 07[TNC] 16: 31 31 66 35 62 36 35 30 66 65 31 36 61 38 65 37 11f5b650fe16a8e7 May 31 15:47:05 ss-moon charon: 07[TNC] 32: 63 62 62 30 38 37 39 32 cbb08792 May 31 15:47:05 ss-moon charon: 07[IMV] operating system name is 'CentOS' May 31 15:47:05 ss-moon charon: 07[IMV] operating system version is '7.1.1503 (Core) x86_64' May 31 15:47:05 ss-moon charon: 07[IMV] device ID is 38e033072681095c11f5b650fe16a8e7cbb08792 May 31 15:47:05 ss-moon charon: 07[TNC] handling PB-PA message type 'IETF/VPN' 0x000000/0x00000007 May 31 15:47:05 ss-moon charon: 07[TNC] message type 0x000000/0x00000007 not supported by any IMV May 31 15:47:05 ss-moon charon: 07[IMV] imv_id=1 May 31 15:47:05 ss-moon charon: 07[IMV] imv_attestation_agent May 31 15:47:05 ss-moon charon: 07[IMV] imv_attestation_agent :no workitems available - no evaluation possible May 31 15:47:05 ss-moon charon: 07[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001 May 31 15:47:05 ss-moon charon: 07[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC message with ID 0x65852610 May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021 May 31 15:47:05 ss-moon charon: 07[TNC] => 8 bytes @ 0x7fb848003780 May 31 15:47:05 ss-moon charon: 07[TNC] 0: 05 F5 E1 00 00 00 FF A6 ........ May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000 May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848002660 May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 00 0E .... May 31 15:47:05 ss-moon charon: 07[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000 May 31 15:47:05 ss-moon charon: 07[TNC] => 4 bytes @ 0x7fb848003da0 May 31 15:47:05 ss-moon charon: 07[TNC] 0: 00 00 80 00 .... May 31 15:47:05 ss-moon charon: 07[IMV] created PA-TNC message: => 60 bytes @ 0x7fb848003460 May 31 15:47:05 ss-moon charon: 07[IMV] 0: 01 00 00 00 65 85 26 10 00 00 55 97 00 00 00 21 ....e.&...U....! May 31 15:47:05 ss-moon charon: 07[IMV] 16: 00 00 00 14 05 F5 E1 00 00 00 FF A6 80 00 55 97 ..............U. May 31 15:47:05 ss-moon charon: 07[IMV] 32: 01 00 00 00 00 00 00 10 00 00 00 0E 80 00 55 97 ..............U. May 31 15:47:05 ss-moon charon: 07[IMV] 48: 06 00 00 00 00 00 00 10 00 00 80 00 ............ May 31 15:47:05 ss-moon charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 May 31 15:47:05 ss-moon charon: 07[TNC] TNC server is handling outbound connection May 31 15:47:05 ss-moon charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working' May 31 15:47:05 ss-moon charon: 07[TNC] creating PB-TNC SDATA batch May 31 15:47:05 ss-moon charon: 07[TNC] adding IETF/PB-PA message May 31 15:47:05 ss-moon charon: 07[TNC] sending PB-TNC SDATA batch (92 bytes) for Connection ID 2 May 31 15:47:05 ss-moon charon: 07[TNC] => 92 bytes @ 0x7fb848003ea0 May 31 15:47:05 ss-moon charon: 07[TNC] 0: 02 80 00 02 00 00 00 5C 80 00 00 00 00 00 00 01 .......\........ May 31 15:47:05 ss-moon charon: 07[TNC] 16: 00 00 00 54 00 00 55 97 00 00 00 01 FF FF 00 01 ...T..U......... May 31 15:47:05 ss-moon charon: 07[TNC] 32: 01 00 00 00 65 85 26 10 00 00 55 97 00 00 00 21 ....e.&...U....! May 31 15:47:05 ss-moon charon: 07[TNC] 48: 00 00 00 14 05 F5 E1 00 00 00 FF A6 80 00 55 97 ..............U. May 31 15:47:05 ss-moon charon: 07[TNC] 64: 01 00 00 00 00 00 00 10 00 00 00 0E 80 00 55 97 ..............U. May 31 15:47:05 ss-moon charon: 07[TNC] 80: 06 00 00 00 00 00 00 10 00 00 80 00 ............ May 31 15:47:05 ss-moon charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] May 31 15:47:05 ss-moon charon: 07[ENC] generating IKE_AUTH response 7 [ EAP/REQ/TTLS ] May 31 15:47:05 ss-moon charon: 07[NET] sending packet: from 172.28.128.4[4500] to 172.28.128.5[4500] (224 bytes) May 31 15:47:05 ss-moon charon: 02[NET] received packet: from 172.28.128.5[4500] to 172.28.128.4[4500] (224 bytes) May 31 15:47:05 ss-moon charon: 02[ENC] parsed IKE_AUTH request 8 [ EAP/RES/TTLS ] May 31 15:47:05 ss-moon charon: 02[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] May 31 15:47:05 ss-moon charon: 02[TNC] received TNCCS batch (92 bytes) May 31 15:47:05 ss-moon charon: 02[TNC] => 92 bytes @ 0x7fb8340008c6 May 31 15:47:05 ss-moon charon: 02[TNC] 0: 02 00 00 01 00 00 00 5C 80 00 00 00 00 00 00 01 .......\........ May 31 15:47:05 ss-moon charon: 02[TNC] 16: 00 00 00 54 80 00 55 97 00 00 00 01 00 03 00 01 ...T..U......... May 31 15:47:05 ss-moon charon: 02[TNC] 32: 01 00 00 00 B3 F1 23 9B 00 00 55 97 00 00 00 22 ......#...U...." May 31 15:47:05 ss-moon charon: 02[TNC] 48: 00 00 00 14 05 F5 E1 00 00 00 7F A6 00 00 55 97 ..............U. May 31 15:47:05 ss-moon charon: 02[TNC] 64: 02 00 00 00 00 00 00 10 00 00 00 0E 00 00 55 97 ..............U. May 31 15:47:05 ss-moon charon: 02[TNC] 80: 07 00 00 00 00 00 00 10 00 00 80 00 ............ May 31 15:47:05 ss-moon charon: 02[TNC] TNC server is handling inbound connection May 31 15:47:05 ss-moon charon: 02[TNC] processing PB-TNC CDATA batch for Connection ID 2 May 31 15:47:05 ss-moon charon: 02[TNC] PB-TNC state transition from 'Client Working' to 'Server Working' May 31 15:47:05 ss-moon charon: 02[TNC] processing IETF/PB-PA message (84 bytes) May 31 15:47:05 ss-moon charon: 02[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001 May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 3 to IMV 1 May 31 15:47:05 ss-moon charon: 02[IMV] => 60 bytes @ 0x7fb8340034e0 May 31 15:47:05 ss-moon charon: 02[IMV] 0: 01 00 00 00 B3 F1 23 9B 00 00 55 97 00 00 00 22 ......#...U...." May 31 15:47:05 ss-moon charon: 02[IMV] 16: 00 00 00 14 05 F5 E1 00 00 00 7F A6 00 00 55 97 ..............U. May 31 15:47:05 ss-moon charon: 02[IMV] 32: 02 00 00 00 00 00 00 10 00 00 00 0E 00 00 55 97 ..............U. May 31 15:47:05 ss-moon charon: 02[IMV] 48: 07 00 00 00 00 00 00 10 00 00 80 00 ............ May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC message with ID 0xb3f1239b May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022 May 31 15:47:05 ss-moon charon: 02[TNC] => 8 bytes @ 0x7fb8340034f4 May 31 15:47:05 ss-moon charon: 02[TNC] 0: 05 F5 E1 00 00 00 7F A6 ........ May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000 May 31 15:47:05 ss-moon charon: 02[TNC] => 4 bytes @ 0x7fb834003508 May 31 15:47:05 ss-moon charon: 02[TNC] 0: 00 00 00 0E .... May 31 15:47:05 ss-moon charon: 02[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000 May 31 15:47:05 ss-moon charon: 02[TNC] => 4 bytes @ 0x7fb834003518 May 31 15:47:05 ss-moon charon: 02[TNC] 0: 00 00 80 00 .... May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 received a segmentation contract response from IMC 3 for PA message type 'TCG/PTS' 0x005597/0x00000001 May 31 15:47:05 ss-moon charon: 02[IMV] maximum attribute size of 100000000 bytes with maximum segment size of 32678 bytes May 31 15:47:05 ss-moon charon: 02[PTS] supported PTS protocol capabilities: .VDT. May 31 15:47:05 ss-moon charon: 02[PTS] selected PTS measurement algorithm is HASH_SHA1 May 31 15:47:05 ss-moon charon: 02[IMV] imv_id=1 May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 has 1.2no workitems - no evaluation requested May 31 15:47:05 ss-moon charon: 02[TNC] creating PA-TNC message with ID 0x2c467f5a May 31 15:47:05 ss-moon charon: 02[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009 May 31 15:47:05 ss-moon charon: 02[TNC] => 4 bytes @ 0x7fb834000ee0 May 31 15:47:05 ss-moon charon: 02[TNC] 0: 00 00 00 04 .... May 31 15:47:05 ss-moon charon: 02[IMV] created PA-TNC message: => 24 bytes @ 0x7fb834002c30 May 31 15:47:05 ss-moon charon: 02[IMV] 0: 01 00 00 00 2C 46 7F 5A 00 00 00 00 00 00 00 09 ....,F.Z........ May 31 15:47:05 ss-moon charon: 02[IMV] 16: 00 00 00 10 00 00 00 04 ........ May 31 15:47:05 ss-moon charon: 02[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001 May 31 15:47:05 ss-moon charon: 02[TNC] IMV 1 provides recommendation 'allow' and evaluation 'don't know' May 31 15:47:05 ss-moon charon: 02[TNC] TNC server is handling outbound connection May 31 15:47:05 ss-moon charon: 02[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Allowed' May 31 15:47:05 ss-moon charon: 02[TNC] PB-TNC state transition from 'Server Working' to 'Decided' May 31 15:47:05 ss-moon charon: 02[TNC] creating PB-TNC RESULT batch May 31 15:47:05 ss-moon charon: 02[TNC] adding IETF/PB-PA message May 31 15:47:05 ss-moon charon: 02[TNC] adding IETF/PB-Assessment-Result message May 31 15:47:05 ss-moon charon: 02[TNC] adding IETF/PB-Access-Recommendation message May 31 15:47:05 ss-moon charon: 02[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 2 May 31 15:47:05 ss-moon charon: 02[TNC] => 88 bytes @ 0x7fb834005db0 May 31 15:47:05 ss-moon charon: 02[TNC] 0: 02 80 00 03 00 00 00 58 80 00 00 00 00 00 00 01 .......X........ May 31 15:47:05 ss-moon charon: 02[TNC] 16: 00 00 00 30 00 00 55 97 00 00 00 01 FF FF 00 01 ...0..U......... May 31 15:47:05 ss-moon charon: 02[TNC] 32: 01 00 00 00 2C 46 7F 5A 00 00 00 00 00 00 00 09 ....,F.Z........ May 31 15:47:05 ss-moon charon: 02[TNC] 48: 00 00 00 10 00 00 00 04 80 00 00 00 00 00 00 02 ................ May 31 15:47:05 ss-moon charon: 02[TNC] 64: 00 00 00 10 00 00 00 04 00 00 00 00 00 00 00 03 ................ May 31 15:47:05 ss-moon charon: 02[TNC] 80: 00 00 00 10 00 00 00 01 ........ May 31 15:47:05 ss-moon charon: 02[IKE] sending tunneled EAP-TTLS AVP [EAP/REQ/PT] May 31 15:47:05 ss-moon charon: 02[ENC] generating IKE_AUTH response 8 [ EAP/REQ/TTLS ] May 31 15:47:05 ss-moon charon: 02[NET] sending packet: from 172.28.128.4[4500] to 172.28.128.5[4500] (224 bytes) May 31 15:47:05 ss-moon charon: 03[NET] received packet: from 172.28.128.5[4500] to 172.28.128.4[4500] (144 bytes) May 31 15:47:05 ss-moon charon: 03[ENC] parsed IKE_AUTH request 9 [ EAP/RES/TTLS ] May 31 15:47:05 ss-moon charon: 03[IKE] received tunneled EAP-TTLS AVP [EAP/RES/PT] May 31 15:47:05 ss-moon charon: 03[TNC] received TNCCS batch (8 bytes) May 31 15:47:05 ss-moon charon: 03[TNC] => 8 bytes @ 0x7fb844000dc6 May 31 15:47:05 ss-moon charon: 03[TNC] 0: 02 00 00 06 00 00 00 08 ........ May 31 15:47:05 ss-moon charon: 03[TNC] TNC server is handling inbound connection May 31 15:47:05 ss-moon charon: 03[TNC] processing PB-TNC CLOSE batch for Connection ID 2 May 31 15:47:05 ss-moon charon: 03[TNC] PB-TNC state transition from 'Decided' to 'End' May 31 15:47:05 ss-moon charon: 03[TNC] final recommendation is 'allow' and evaluation is 'don't know' May 31 15:47:05 ss-moon charon: 03[TNC] policy enforced on peer 'ss-carol.cto.vrsn.com' is 'allow' May 31 15:47:05 ss-moon charon: 03[TNC] policy enforcement point added group membership 'allow' May 31 15:47:05 ss-moon charon: 03[IKE] EAP_TTLS phase2 authentication of 'ss-carol.cto.vrsn.com' with EAP_PT_EAP successful May 31 15:47:05 ss-moon charon: 03[IMV] IMV 1 "Attestation" deleted the state of Connection ID 2 May 31 15:47:05 ss-moon charon: 03[TNC] removed TNCCS Connection ID 2 May 31 15:47:05 ss-moon charon: 03[IKE] EAP method EAP_TTLS succeeded, MSK established May 31 15:47:05 ss-moon charon: 03[ENC] generating IKE_AUTH response 9 [ EAP/SUCC ] May 31 15:47:05 ss-moon charon: 03[NET] sending packet: from 172.28.128.4[4500] to 172.28.128.5[4500] (80 bytes) May 31 15:47:05 ss-moon charon: 04[NET] received packet: from 172.28.128.5[4500] to 172.28.128.4[4500] (112 bytes) May 31 15:47:05 ss-moon charon: 04[ENC] parsed IKE_AUTH request 10 [ AUTH ] May 31 15:47:05 ss-moon charon: 04[IKE] authentication of 'ss-carol.cto.vrsn.com' with EAP successful May 31 15:47:05 ss-moon charon: 04[IKE] authentication of 'ss-moon.cto.vrsn.com' (myself) with EAP May 31 15:47:05 ss-moon charon: 04[IKE] IKE_SA rw-allow[2] established between 172.28.128.4[ss-moon.cto.vrsn.com]...172.28.128.5[ss-carol.cto.vrsn.com] May 31 15:47:05 ss-moon charon: 04[IKE] scheduling reauthentication in 9885s May 31 15:47:05 ss-moon charon: 04[IKE] maximum IKE_SA lifetime 10425s May 31 15:47:05 ss-moon charon: 04[IKE] CHILD_SA rw-allow{2} established with SPIs cc670f0f_i c65af4da_o and TS 10.1.0.0/28 === 172.28.128.5/32 May 31 15:47:05 ss-moon vpn: + ss-carol.cto.vrsn.com 172.28.128.5 -- 172.28.128.4 == 10.1.0.0/28 May 31 15:47:05 ss-moon charon: 04[ENC] generating IKE_AUTH response 10 [ AUTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) ] May 31 15:47:05 ss-moon charon: 04[NET] sending packet: from 172.28.128.4[4500] to 172.28.128.5[4500] (224 bytes)
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
