| Title | Test IKEv2.EN.R.1.1.11.4: Response bit is set |
| CommandLine | ./2-EN-R/IKEv2-EN-R-1-1-11-4-A.seq -log 70.html -ti Test IKEv2.EN.R.1.1.11.4: Response bit is set |
| Script | ./2-EN-R/IKEv2-EN-R-1-1-11-4-A.seq |
| TestVersion | REL_1_1_1 |
| ToolVersion | REL_2_2_0 |
| Start | 2014/01/10 16:37:02 |
| Tn | /usr/local/koi//etc//tn.def |
| Nu | /usr/local/koi//etc//nut.def |
| 16:37:02 | Start | ||||||||||||||||||||||||||||||
| TEST SETUP | |||||||||||||||||||||||||||||||
| initializing IKEv2 module ... | |||||||||||||||||||||||||||||||
| configuring Common Topology for End-Node: End-Node to End-Node ... | |||||||||||||||||||||||||||||||
| parsing ./config.pl ... | |||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
| setting up TN ... | |||||||||||||||||||||||||||||||
| 16:37:03 |
ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=1")net.inet6.ip6.forwarding: 0 -> 1 |
||||||||||||||||||||||||||||||
| 16:37:03 |
ikev2Local("/sbin/ifconfig -a")em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect status: no carrier plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> |
||||||||||||||||||||||||||||||
| 16:37:03 |
ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64") |
||||||||||||||||||||||||||||||
| 16:37:03 |
ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64") |
||||||||||||||||||||||||||||||
| 16:37:03 |
ikev2Local("/sbin/ifconfig lo1 create") |
||||||||||||||||||||||||||||||
| 16:37:03 |
ikev2Local("/sbin/ifconfig lo1 up") |
||||||||||||||||||||||||||||||
| 16:37:03 |
ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64") |
||||||||||||||||||||||||||||||
| 16:37:06 |
ikev2Local("/sbin/ifconfig -a")em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 inet6 fe80::f%em1 prefixlen 64 scopeid 0xa inet6 2001:db8:1:1::f prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect status: no carrier plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 2001:db8:f:1::1 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> |
||||||||||||||||||||||||||||||
| 16:37:06 |
ikev2Local("/sbin/setkey -D")No SAD entries. |
||||||||||||||||||||||||||||||
| 16:37:06 |
ikev2Local("/sbin/setkey -F") |
||||||||||||||||||||||||||||||
| 16:37:09 |
ikev2Local("/sbin/setkey -D")No SAD entries. |
||||||||||||||||||||||||||||||
| 16:37:09 |
ikev2Local("/sbin/setkey -DP")No SPD entries. |
||||||||||||||||||||||||||||||
| 16:37:09 |
ikev2Local("/sbin/setkey -FP") |
||||||||||||||||||||||||||||||
| 16:37:12 |
ikev2Local("/sbin/setkey -DP")No SPD entries. |
||||||||||||||||||||||||||||||
| setting up NUT ... | |||||||||||||||||||||||||||||||
| 16:37:12 |
kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1'' kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 DEBUG : start kRemoteLogin
Connected
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
inet 10.66.12.166/23 brd 10.66.13.255 scope global dynamic p7p1
valid_lft 61311sec preferred_lft 61311sec
inet6 fe80::222:19ff:fe30:20d5/64 scope link
valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc netem state UP qlen 1000
link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
valid_lft forever preferred_lft forever
inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c668/64 scope link
valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip -f inet6 addr add 2001:0db8:0001:0001::1234/64 dev p6p1
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
inet 10.66.12.166/23 brd 10.66.13.255 scope global dynamic p7p1
valid_lft 61307sec preferred_lft 61307sec
inet6 fe80::222:19ff:fe30:20d5/64 scope link
valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc netem state UP qlen 1000
link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
valid_lft forever preferred_lft forever
inet6 2001:db8:1:1::1234/64 scope global tentative
valid_lft forever preferred_lft forever
inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c668/64 scope link
valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
[root@dhcp12-166 ~]#
| ||||||||||||||||||||||||||||||
| 16:37:34 |
kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1'' kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6 p1 [root@dhcp12-166 ~]# sendMessagesSync: never got ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6p1 [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# | ||||||||||||||||||||||||||||||
| 16:37:58 |
kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop'' kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ipsec setup stop Redirecting to: systemctl stop ipsec.service [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list [root@dhcp12-166 ~]# | ||||||||||||||||||||||||||||||
| 16:38:18 |
kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=hmac_sha1 ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2'' kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=hmac_sha1 ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2 DEBUG : start kRemoteLogin
Connected
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# cat > /etc/ipsec.secrets << EOF
> 2001:0db8:000f:0001::1 2001:0db8:0001:0001::1234 : PSK 'IKETEST12345678!'
> EOF
[root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets
1 2001:0db8:000f:0001::1 2001:0db8:0001:0001::1234 : PSK 'IKETEST12345678!'
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets
1 2001:0db8:000f:0001::1 2001:0db8:0001:0001::1234 : PSK 'IKETEST12345678!'
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.secrets
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.secrets
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ls -l /etc/ipsec.secrets
-rw------- 1 root wheel 74 Jan 11 00:26 /etc/ipsec.secrets
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# cat > /etc/ipsec.conf << EOF
> config setup
> protostack=netkey
> nat_traversal=yes
> plutostderrlog="/tmp/pluto.log"
> conn ikev2
> left=2001:0db8:0001:0001::1234
> right=2001:0db8:000f:0001::1
> leftid=2001:0db8:0001:0001::1234
> rightid=2001:0db8:000f:0001::1
> type=transport
> auto=start
> connaddrfamily=ipv6
> authby=secret
> phase2=esp
> ike=3des-sha1;modp1024
> ikev2=insist
> EOF
[root@dhcp12-166 ~]# cat -n /etc/ipsec.conf
1 config setup
2 protostack=netkey
3 nat_traversal=yes
4 plutostderrlog="/tmp/pluto.log"
5 conn ikev2
6 left=2001:0db8:0001:0001::1234
7 right=2001:0db8:000f:0001::1
8 leftid=2001:0db8:0001:0001::1234
9 rightid=2001:0db8:000f:0001::1
10 type=transport
11 auto=start
12 connaddrfamily=ipv6
13 authby=secret
14 phase2=esp
15 ike=3des-sha1;modp1024
16 ikev2=insist
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.conf
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.conf
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ls -l /etc/ipsec.conf
-rw------- 1 root wheel 435 Jan 11 00:26 /etc/ipsec.conf
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ipsec setup start
Redirecting to: systemctl start ipsec.service
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip xfrm state list
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip xfrm policy list
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
[root@dhcp12-166 ~]#
| ||||||||||||||||||||||||||||||
TEST PROCEDURE (R) (I)
NUT TN1
| |
|<--------------| IKE_SA_INIT request (HDR, SAi1, KEi, Ni)
| |
V V | |||||||||||||||||||||||||||||||
| 16:38:42 |
Clear Buffer done |
||||||||||||||||||||||||||||||
| 16:38:42 |
Connect SrcAddr:2001:0db8:000f:0001::1 SrcPort:500 DstAddr:2001:0db8:0001:0001::1234 DstPort:500 done connected to SocketID:3 sent to SocketID:3 send packet #1 |
||||||||||||||||||||||||||||||
(R) (I)
NUT TN1
| |
|-------------->| IKE_SA_INIT response (HDR, SAr1, KEr, Nr)
| |
V V | |||||||||||||||||||||||||||||||
| 16:38:42 |
Receive SrcAddr:2001:db8:1:1::1234 SrcPort:500 DstAddr:2001:db8:f:1::1 DstPort:500 done received from SocketID:3 receive packet #2 |
||||||||||||||||||||||||||||||
| Compare the received packet with packets('common_remote_index') | |||||||||||||||||||||||||||||||
| Payload Order (HDR, SA(P(T, T, T, T)), KE, Ni, Nr) | |||||||||||||||||||||||||||||||
IKE Header NG initSPI: (received: 90c39f02b80d9ab0, expected: 0000000000000000, comp: eq) OK respSPI: (received: 4521278d22418e5e, expected: 0000000000000000, comp: ne) OK nexttype: (received: SA, expected: SA, comp: eq) OK major: (received: 2, expected: 2, comp: eq) OK minor: (received: 0, expected: 0, comp: eq) OK exchType: (received: IKE_SA_INIT, expected: IKE_SA_INIT, comp: eq) OK reserved1: (received: 0, expected: 0, comp: eq) OK initiator: (received: 0, expected: 0, comp: eq) OK higher: (received: 0, expected: 0, comp: eq) OK response: (received: 1, expected: 1, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK messID: (received: 0, expected: 0, comp: eq) OK length: (received: 228, expected: any, comp: already checked) |
|||||||||||||||||||||||||||||||
Security Association Payload OK nexttype: (received: KE, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 44, expected: any, comp: already checked) |
|||||||||||||||||||||||||||||||
SA Proposal Comparison OK ENCR: (received:ENCR_3DES, expected:ENCR_3DES) OK PRF: (received:PRF_HMAC_SHA1, expected:PRF_HMAC_SHA1) OK INTEG: (received:INTEG_HMAC_SHA1_96, expected:INTEG_HMAC_SHA1_96) OK D-H: (received:D-H_1024 MODP Group, expected:D-H_1024 MODP Group) OK ESN: (received:, expected:) |
|||||||||||||||||||||||||||||||
Proposal Substructure OK nexttype: (received: 0, expected: any, comp: already checked) OK reserved: (received: 0, expected: 0, comp: eq) OK proposalLen: (received: 40, expected: any, comp: already checked) OK number: (received: 1, expected: 1, comp: eq) OK id: (received: IKE, expected: IKE, comp: eq) OK spiSize: (received: 0, expected: 0, comp: eq) OK transformCount: (received: 4, expected: 4, comp: eq) OK spi: (received: , expected: , comp: eq) |
|||||||||||||||||||||||||||||||
Transform Substructure OK nexttype: (received: 3, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) OK transformLen: (received: 8, expected: any, comp: already checked) OK type: (received: ENCR, expected: ENCR, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK id: (received: 3DES, expected: 3DES, comp: eq) |
|||||||||||||||||||||||||||||||
Transform Substructure OK nexttype: (received: 3, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) OK transformLen: (received: 8, expected: any, comp: already checked) OK type: (received: PRF, expected: PRF, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK id: (received: HMAC_SHA1, expected: HMAC_SHA1, comp: eq) |
|||||||||||||||||||||||||||||||
Transform Substructure OK nexttype: (received: 3, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) OK transformLen: (received: 8, expected: any, comp: already checked) OK type: (received: INTEG, expected: INTEG, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK id: (received: HMAC_SHA1_96, expected: HMAC_SHA1_96, comp: eq) |
|||||||||||||||||||||||||||||||
Transform Substructure OK nexttype: (received: 0, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) OK transformLen: (received: 8, expected: any, comp: already checked) OK type: (received: D-H, expected: D-H, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK id: (received: 1024 MODP Group, expected: 1024 MODP Group, comp: eq) |
|||||||||||||||||||||||||||||||
Key Exchange Payload OK nexttype: (received: Ni, Nr, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 136, expected: any, comp: already checked) OK group: (received: 2, expected: 2, comp: eq) OK reserved1: (received: 0, expected: 0, comp: eq) OK publicKey: (received: 130072364162185196983434191432924059246078481237816125383063116748728378821455661384145605321581415676508963722131996327742215909472796316744785727115058275676451593067721502883658727817804140584847962784655261110101341924542583392451553196596614910823109820451042671870888513856439057253451198987731894027330, expected: any, comp: any) |
|||||||||||||||||||||||||||||||
Nonce Payload OK nexttype: (received: 0, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 20, expected: (20, 260), comp: range) OK nonce: (received: 109598838473527759926000755568031469911, expected: any, comp: any) |
|||||||||||||||||||||||||||||||
| Not match with packet('common_remote_index') | |||||||||||||||||||||||||||||||
| TEST CLEANUP | |||||||||||||||||||||||||||||||
| cleaning up NUT ... | |||||||||||||||||||||||||||||||
| 16:38:42 |
kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop'' kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ipsec setup stop Redirecting to: systemctl stop ipsec.service [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list [root@dhcp12-166 ~]# | ||||||||||||||||||||||||||||||
| 16:39:02 |
kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1'' kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 DEBUG : start kRemoteLogin
Connected
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip -6 route show
unreachable ::/96 dev lo metric 1024 error -101
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101
2001:db8:1:1::/64 dev p6p1 proto kernel metric 256
2001:db8:f:1::1 via fe80::f dev p6p1 metric 0
cache
2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024
unreachable 2002:a00::/24 dev lo metric 1024 error -101
unreachable 2002:7f00::/24 dev lo metric 1024 error -101
unreachable 2002:a9fe::/32 dev lo metric 1024 error -101
unreachable 2002:ac10::/28 dev lo metric 1024 error -101
unreachable 2002:c0a8::/32 dev lo metric 1024 error -101
unreachable 2002:e000::/19 dev lo metric 1024 error -101
3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101
fe80::/64 dev p6p1 proto kernel metric 256
fe80::/64 dev p7p1 proto kernel metric 256
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip -6 route del 2001:0db8:000f:0001::/64
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip -6 route show
unreachable ::/96 dev lo metric 1024 error -101
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101
2001:db8:1:1::/64 dev p6p1 proto kernel metric 256
unreachable 2002:a00::/24 dev lo metric 1024 error -101
unreachable 2002:7f00::/24 dev lo metric 1024 error -101
unreachable 2002:a9fe::/32 dev lo metric 1024 error -101
unreachable 2002:ac10::/28 dev lo metric 1024 error -101
unreachable 2002:c0a8::/32 dev lo metric 1024 error -101
unreachable 2002:e000::/19 dev lo metric 1024 error -101
3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101
fe80::/64 dev p6p1 proto kernel metric 256
fe80::/64 dev p7p1 proto kernel metric 256
[root@dhcp12-166 ~]#
| ||||||||||||||||||||||||||||||
| 16:39:23 |
kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1'' kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 DEBUG : start kRemoteLogin
Connected
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
inet 10.66.12.166/23 brd 10.66.13.255 scope global dynamic p7p1
valid_lft 61180sec preferred_lft 61180sec
inet6 fe80::222:19ff:fe30:20d5/64 scope link
valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc netem state UP qlen 1000
link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
valid_lft forever preferred_lft forever
inet6 2001:db8:1:1::1234/64 scope global
valid_lft forever preferred_lft forever
inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c668/64 scope link
valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip -f inet6 addr del 2001:0db8:0001:0001::1234/64 dev p6p1
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
inet 10.66.12.166/23 brd 10.66.13.255 scope global dynamic p7p1
valid_lft 61175sec preferred_lft 61175sec
inet6 fe80::222:19ff:fe30:20d5/64 scope link
valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc netem state UP qlen 1000
link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
valid_lft forever preferred_lft forever
inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c668/64 scope link
valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
[root@dhcp12-166 ~]#
| ||||||||||||||||||||||||||||||
| cleaning up TN ... | |||||||||||||||||||||||||||||||
| 16:39:45 |
ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=0")net.inet6.ip6.forwarding: 1 -> 0 |
||||||||||||||||||||||||||||||
| 16:39:45 |
ikev2Local("/sbin/ifconfig -a")em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 inet6 fe80::f%em1 prefixlen 64 scopeid 0xa inet6 2001:db8:1:1::f prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect status: no carrier plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 2001:db8:f:1::1 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> |
||||||||||||||||||||||||||||||
| 16:39:45 |
ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64 delete") |
||||||||||||||||||||||||||||||
| 16:39:45 |
ikev2Local("/sbin/ifconfig lo1 down") |
||||||||||||||||||||||||||||||
| 16:39:45 |
ikev2Local("/sbin/ifconfig lo1 destroy") |
||||||||||||||||||||||||||||||
| 16:39:45 |
ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64 delete") |
||||||||||||||||||||||||||||||
| 16:39:45 |
ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64 delete") |
||||||||||||||||||||||||||||||
| 16:39:48 |
ikev2Local("/sbin/ifconfig -a")em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect status: no carrier plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> |
||||||||||||||||||||||||||||||
| PASS |
IP Packet | IP Header | | Version = 6 | | Source Address = 2001:db8:f:1::1 | | Destination Address = 2001:db8:1:1::1234 | UDP Header | | Source Port = 500 | | Destination Port = 500 | Internet Security Association and Key Management Protocol Payload | | IKE Header | | | IKE_SA Initiator's SPI = 90c39f02b80d9ab0 | | | IKE_SA Responder's SPI = 0000000000000000 | | | Next Payload = 33 (SA) | | | Major Version = 2 | | | Minor Version = 0 | | | Exchange Type = 34 (IKE_SA_INIT) | | | Flags = 40 (0b00101000) | | | | Reserved (XX000000) = 0 | | | | Response (00R00000) = 1 | | | | Version (000V0000) = 0 | | | | Initiator (0000I000) = 1 | | | | Reserved (00000XXX) = 0 | | | Message ID = 0 (0x0) | | | Length = 312 (0x138) | | | SA Payload | | | | Next Payload = 34 (KE) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 44 (0x2c) | | | | Proposal #1 | | | | | Next Payload = 0 (last) | | | | | RESERVED = 0 | | | | | Proposal Length = 40 | | | | | Proposal # = 1 | | | | | Proposal ID = IKE | | | | | SPI Size = 0 | | | | | # of Transforms = 4 | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 1 (ENCR) | | | | | | RESERVED = 0 | | | | | | Transform ID = 3 (3DES) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 2 (PRF) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 3 (INTEG) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1_96) | | | | | Transfrom | | | | | | Next Payload = 0 (last) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 4 (D-H) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (1024 MODP Group) | | | KE Payload | | | | Next Payload = 40 (Ni, Nr) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 136 (0x88) | | | | DH Group # = 2 | | | | RESERVED = 0 | | | | Key Exchange Data = 0xd33a287ea3dfe4480a4f19bd83cc3077ed70f520468c9029621ef8f9d7f2a760a51fd3fd1fd74d916549260784a48bd02ca9800ab25363d49326514c67f05b54152d680785182ca7e49a265c06b530902df378326987d5ac15ec5734f143a778c040e688453ff2c32854c6afd4fd0a5dc5e8f5cb2abbc528fbd9f574a67e07bd | | | Ni, Nr Payload | | | | Next Payload = 0 (0) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 104 (0x68) | | | | Nonce Data = aaccf2e0d5ce2621aa356f02dbe6c10e41004ca586109d010abd446cbe96ba3250144aac50fe8ee84b570bce0ae03bd87aa0e3db2ce028e0456616e8eb5ed3a9a010133312c66232057008ae3b45e62e002ef9676728a1fcc19ed4f771359479a633d855
IP Packet | IP Header | | Version = 6 | | Source Address = 2001:db8:1:1::1234 | | Destination Address = 2001:db8:f:1::1 | UDP Header | | Source Port = 500 | | Destination Port = 500 | Internet Security Association and Key Management Protocol Payload | | IKE Header | | | IKE_SA Initiator's SPI = 90c39f02b80d9ab0 | | | IKE_SA Responder's SPI = 4521278d22418e5e | | | Next Payload = 33 (SA) | | | Major Version = 2 | | | Minor Version = 0 | | | Exchange Type = 34 (IKE_SA_INIT) | | | Flags = 32 (0b00100000) | | | | Reserved (XX000000) = 0 | | | | Response (00R00000) = 1 | | | | Version (000V0000) = 0 | | | | Initiator (0000I000) = 0 | | | | Reserved (00000XXX) = 0 | | | Message ID = 0 (0x0) | | | Length = 228 (0xe4) | | | SA Payload | | | | Next Payload = 34 (KE) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 44 (0x2c) | | | | Proposal #1 | | | | | Next Payload = 0 (last) | | | | | RESERVED = 0 | | | | | Proposal Length = 40 | | | | | Proposal # = 1 | | | | | Proposal ID = IKE | | | | | SPI Size = 0 | | | | | # of Transforms = 4 | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 1 (ENCR) | | | | | | RESERVED = 0 | | | | | | Transform ID = 3 (3DES) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 3 (INTEG) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1_96) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 2 (PRF) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1) | | | | | Transfrom | | | | | | Next Payload = 0 (last) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 4 (D-H) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (1024 MODP Group) | | | KE Payload | | | | Next Payload = 40 (Ni, Nr) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 136 (0x88) | | | | DH Group # = 2 | | | | RESERVED = 0 | | | | Key Exchange Data = 0xb93aac864765b623ec4e4f77a45f6b2f36bd8549f6e6b5e52b1e634a372239d9a3bd6514fe31440e28610c3e9bed5d9b9b4c3f3855097ccf485c9cc56b61cb8c2941a1bc77791a19f325a2cbdaf082c280fee27d36e4e14e96609637735907d138e257788b6006770022b77c71b630c5bd0a5b05f4042acb02619f814c804442 | | | Ni, Nr Payload | | | | Next Payload = 0 (0) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 20 (0x14) | | | | Nonce Data = 5273f7eeded10770c05ec05e83369157