| Title | Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96 |
| CommandLine | ./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq -pkt ./packets/EN-EN.def -v6eval -log 37.html -ti Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96 |
| Script | ./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq |
| Packet | ./packets/EN-EN.def |
| TestVersion | REL_1_1_1 |
| ToolVersion | REL_2_2_0 |
| Start | 2014/10/11 13:32:22 |
| Tn | /usr/local/koi//etc//tn.def |
| Nu | /usr/local/koi//etc//nut.def |
| 13:32:22 | Start | ||||||||||||||||||||||||||||||
| TEST SETUP | |||||||||||||||||||||||||||||||
| initializing IKEv2 module ... | |||||||||||||||||||||||||||||||
| configuring Common Topology for End-Node: End-Node to End-Node ... | |||||||||||||||||||||||||||||||
| parsing ./config.pl ... | |||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
| setting up TN ... | |||||||||||||||||||||||||||||||
| 13:32:23 |
ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=1")net.inet6.ip6.forwarding: 0 -> 1 |
||||||||||||||||||||||||||||||
| 13:32:23 |
ikev2Local("/sbin/ifconfig -a")em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> |
||||||||||||||||||||||||||||||
| 13:32:23 |
ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64") |
||||||||||||||||||||||||||||||
| 13:32:23 |
ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64") |
||||||||||||||||||||||||||||||
| 13:32:23 |
ikev2Local("/sbin/ifconfig lo1 create") |
||||||||||||||||||||||||||||||
| 13:32:23 |
ikev2Local("/sbin/ifconfig lo1 up") |
||||||||||||||||||||||||||||||
| 13:32:23 |
ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64") |
||||||||||||||||||||||||||||||
| 13:32:26 |
ikev2Local("/sbin/ifconfig -a")em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 inet6 fe80::f%em1 prefixlen 64 scopeid 0xa inet6 2001:db8:1:1::f prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 2001:db8:f:1::1 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> |
||||||||||||||||||||||||||||||
| 13:32:26 |
ikev2Local("/sbin/setkey -D")No SAD entries. |
||||||||||||||||||||||||||||||
| 13:32:26 |
ikev2Local("/sbin/setkey -F") |
||||||||||||||||||||||||||||||
| 13:32:29 |
ikev2Local("/sbin/setkey -D")No SAD entries. |
||||||||||||||||||||||||||||||
| 13:32:29 |
ikev2Local("/sbin/setkey -DP")No SPD entries. |
||||||||||||||||||||||||||||||
| 13:32:29 |
ikev2Local("/sbin/setkey -FP") |
||||||||||||||||||||||||||||||
| 13:32:32 |
ikev2Local("/sbin/setkey -DP")No SPD entries. |
||||||||||||||||||||||||||||||
| setting up NUT ... | |||||||||||||||||||||||||||||||
| 13:32:32 |
kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1'' kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 DEBUG : start kRemoteLogin
Connected
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1
valid_lft 76833sec preferred_lft 76833sec
inet6 fe80::222:19ff:fe30:20d5/64 scope link
valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
valid_lft forever preferred_lft forever
inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c668/64 scope link
valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c669/64 scope link
valid_lft forever preferred_lft forever
5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN
link/ipip 0.0.0.0 brd 0.0.0.0
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip -f inet6 addr add 2001:0db8:0001:0001::1234/64 dev p6p1
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1
valid_lft 76828sec preferred_lft 76828sec
inet6 fe80::222:19ff:fe30:20d5/64 scope link
valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
valid_lft forever preferred_lft forever
inet6 2001:db8:1:1::1234/64 scope global
valid_lft forever preferred_lft forever
inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c668/64 scope link
valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c669/64 scope link
valid_lft forever preferred_lft forever
5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN
link/ipip 0.0.0.0 brd 0.0.0.0
[root@dhcp12-166 ~]#
| ||||||||||||||||||||||||||||||
| 13:32:54 |
kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1'' kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p6p2 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6 p1 [root@dhcp12-166 ~]# sendMessagesSync: never got ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6p1 [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p6p2 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# | ||||||||||||||||||||||||||||||
| 13:33:20 |
kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop'' kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ipsec setup stop Redirecting to: systemctl stop ipsec.service [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list [root@dhcp12-166 ~]# | ||||||||||||||||||||||||||||||
| 13:33:40 |
kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2'' kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2 DEBUG : start kRemoteLogin
Connected
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# rpm -q libreswan
libreswan-3.10-2.el7.x86_64
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# cat > /etc/ipsec.secrets << EOF
> %any %any : PSK 'IKETEST12345678!'
> EOF
[root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets
1 %any %any : PSK 'IKETEST12345678!'
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets
1 %any %any : PSK 'IKETEST12345678!'
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.secrets
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.secrets
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ls -l /etc/ipsec.secrets
-rw-------. 1 root wheel 35 Oct 11 21:22 /etc/ipsec.secrets
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# cat > /etc/ipsec.conf << EOF
> config setup
> protostack=netkey
> plutostderrlog="/tmp/pluto.log"
> klipsdebug=verbose
> conn ikev2
> left=2001:0db8:0001:0001::1234
> right=2001:0db8:000f:0001::1
> leftid=2001:0db8:0001:0001::1234
> rightid=2001:0db8:000f:0001::1
> type=transport
> auto=start
> connaddrfamily=ipv6
> authby=secret
> phase2=esp
> phase2alg=3des-sha1
> ike=3des-sha1;modp1024
> ikev2=insist
> EOF
[root@dhcp12-166 ~]# cat -n /etc/ipsec.conf
1 config setup
2 protostack=netkey
3 plutostderrlog="/tmp/pluto.log"
4 klipsdebug=verbose
5 conn ikev2
6 left=2001:0db8:0001:0001::1234
7 right=2001:0db8:000f:0001::1
8 leftid=2001:0db8:0001:0001::1234
9 rightid=2001:0db8:000f:0001::1
10 type=transport
11 auto=start
12 connaddrfamily=ipv6
13 authby=secret
14 phase2=esp
15 phase2alg=3des-sha1
16 ike=3des-sha1;modp1024
17 ikev2=insist
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# echo > /tmp/pluto.log
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.conf
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.conf
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ls -l /etc/ipsec.conf
-rw-------. 1 root wheel 464 Oct 11 21:22 /etc/ipsec.conf
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ipsec setup start
Redirecting to: systemctl start ipsec.service
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip xfrm state list
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip xfrm policy list
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
[root@dhcp12-166 ~]#
| ||||||||||||||||||||||||||||||
TEST PROCEDUREPart D: Integrity Algorithm AUTH_AES_XCBC_96. (I) (R)
NUT TN1
| |
|-------------->| IKE_SA_INIT request (HDR, SAi1, KEi, Ni)
| |
V V | |||||||||||||||||||||||||||||||
| 13:34:05 |
Clear Buffer done |
||||||||||||||||||||||||||||||
| 13:34:05 |
kRemoteAsync(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate'' kRemoteAsync()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate Link to remote control log |
||||||||||||||||||||||||||||||
| 13:34:05 |
Listen SrcAddr:2001:0db8:000f:0001::1 SrcPort:500 done listening at SocketID:3 |
||||||||||||||||||||||||||||||
| 13:34:05 |
Receive SrcAddr:2001:db8:1:1::1234 SrcPort:500 DstAddr:2001:db8:f:1::1 DstPort:500 done received from SocketID:4 receive packet #1 |
||||||||||||||||||||||||||||||
Compare the received packet with packets('common_remote_index') |
|||||||||||||||||||||||||||||||
| Payload Order (HDR, SA(P(T, T, T, T)), KE, Ni, Nr, N, N) | |||||||||||||||||||||||||||||||
IKE Header OK initSPI: (received: a0bcca2528dd9158, expected: 0000000000000000, comp: ne) OK respSPI: (received: 0000000000000000, expected: 0000000000000000, comp: eq) OK nexttype: (received: SA, expected: SA, comp: eq) OK major: (received: 2, expected: 2, comp: eq) OK minor: (received: 0, expected: 0, comp: eq) OK exchType: (received: IKE_SA_INIT, expected: IKE_SA_INIT, comp: eq) OK reserved1: (received: 0, expected: 0, comp: eq) OK initiator: (received: 1, expected: 1, comp: eq) OK higher: (received: 0, expected: 0, comp: eq) OK response: (received: 0, expected: 0, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK messID: (received: 0, expected: 0, comp: eq) OK length: (received: 284, expected: any, comp: already checked) |
|||||||||||||||||||||||||||||||
Security Association Payload OK nexttype: (received: KE, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 44, expected: any, comp: already checked) |
|||||||||||||||||||||||||||||||
SA Proposal Comparison OK ENCR: (received:ENCR_3DES, expected:ENCR_3DES) OK PRF: (received:PRF_HMAC_SHA1, expected:PRF_HMAC_SHA1) OK INTEG: (received:INTEG_HMAC_SHA1_96, expected:INTEG_HMAC_SHA1_96) OK D-H: (received:D-H_1024 MODP Group, expected:D-H_1024 MODP Group) OK ESN: (received:, expected:) |
|||||||||||||||||||||||||||||||
Proposal Substructure OK nexttype: (received: 0, expected: any, comp: already checked) OK reserved: (received: 0, expected: 0, comp: eq) OK proposalLen: (received: 40, expected: any, comp: already checked) OK number: (received: 1, expected: 1, comp: eq) OK id: (received: IKE, expected: IKE, comp: eq) OK spiSize: (received: 0, expected: 0, comp: eq) OK transformCount: (received: 4, expected: 4, comp: eq) OK spi: (received: , expected: , comp: eq) |
|||||||||||||||||||||||||||||||
Transform Substructure OK nexttype: (received: 3, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) OK transformLen: (received: 8, expected: any, comp: already checked) OK type: (received: ENCR, expected: ENCR, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK id: (received: 3DES, expected: 3DES, comp: eq) |
|||||||||||||||||||||||||||||||
Transform Substructure OK nexttype: (received: 3, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) OK transformLen: (received: 8, expected: any, comp: already checked) OK type: (received: PRF, expected: PRF, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK id: (received: HMAC_SHA1, expected: HMAC_SHA1, comp: eq) |
|||||||||||||||||||||||||||||||
Transform Substructure OK nexttype: (received: 3, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) OK transformLen: (received: 8, expected: any, comp: already checked) OK type: (received: INTEG, expected: INTEG, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK id: (received: HMAC_SHA1_96, expected: HMAC_SHA1_96, comp: eq) |
|||||||||||||||||||||||||||||||
Transform Substructure OK nexttype: (received: 0, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) OK transformLen: (received: 8, expected: any, comp: already checked) OK type: (received: D-H, expected: D-H, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK id: (received: 1024 MODP Group, expected: 1024 MODP Group, comp: eq) |
|||||||||||||||||||||||||||||||
Key Exchange Payload OK nexttype: (received: Ni, Nr, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 136, expected: any, comp: already checked) OK group: (received: 2, expected: 2, comp: eq) OK reserved1: (received: 0, expected: 0, comp: eq) OK publicKey: (received: 48442990136236040419443674541332750551947726743426439022343477744166582052577501892602807134302894010164333660457870928822507975898099317000468828967833643210070120979804458437749121834851714072849186295926942716782059299010976356326694864502532479824474513717153152894396350409458178827038026398065063202889, expected: any, comp: any) |
|||||||||||||||||||||||||||||||
Nonce Payload OK nexttype: (received: N, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 20, expected: (20, 260), comp: range) OK nonce: (received: 249393376645862146977564050628493303616, expected: any, comp: any) |
|||||||||||||||||||||||||||||||
| Match with packet('common_remote_index') | |||||||||||||||||||||||||||||||
(I) (R)
NUT TN1
| |
|<--------------| IKE_SA_INIT response (HDR, SAr1, KEr, Nr)
| |
V V | |||||||||||||||||||||||||||||||
| 13:34:06 |
Clear Buffer done |
||||||||||||||||||||||||||||||
| 13:34:06 |
Send done sent to SocketID:4 send packet #2 |
||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||
(I) (R)
NUT TN1
| |
|-------------->| IKE_AUTH request (HDR, SK {IDi, AUTH, N(USE_TRANSPORT_MODE), SAi2, TSi, TSr})
| |
V V | |||||||||||||||||||||||||||||||
| 13:34:06 |
Receive SrcAddr:2001:db8:1:1::1234 SrcPort:500 DstAddr:2001:db8:f:1::1 DstPort:500 done received from SocketID:4 receive packet #3 |
||||||||||||||||||||||||||||||
Check Authentication: OK expected(458d703ffd438212918d2f198dc5c5dc8571ef68) received(458d703ffd438212918d2f198dc5c5dc8571ef68) |
|||||||||||||||||||||||||||||||
| Compare the received packet with packets('EN-I-1-1-6-2.D.1') | |||||||||||||||||||||||||||||||
| Payload Order (HDR, E(IDi, AUTH, SA(P(T, T, T)), TSi(TS), TSr(TS), N)) | |||||||||||||||||||||||||||||||
IKE Header OK initSPI: (received: a0bcca2528dd9158, expected: a0bcca2528dd9158, comp: eq) OK respSPI: (received: b701582fadf119af, expected: b701582fadf119af, comp: eq) OK nexttype: (received: E, expected: E, comp: eq) OK major: (received: 2, expected: 2, comp: eq) OK minor: (received: 0, expected: 0, comp: eq) OK exchType: (received: IKE_AUTH, expected: IKE_AUTH, comp: eq) OK reserved1: (received: 0, expected: 0, comp: eq) OK initiator: (received: 1, expected: 1, comp: eq) OK higher: (received: 0, expected: 0, comp: eq) OK response: (received: 0, expected: 0, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK messID: (received: 1, expected: 1, comp: eq) OK length: (received: 252, expected: any, comp: already checked) |
|||||||||||||||||||||||||||||||
Encrypted Payload OK innerType: (received: IDi, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 28, expected: any, comp: already checked) OK iv: (received: C4457863 C9BE0E64, expected: any, comp: already checked) OK checksum: (received: 8745110F B4A83A64 BE69B239, expected: any, comp: already checked) |
|||||||||||||||||||||||||||||||
Identification Payload - Initiator OK nexttype: (received: AUTH, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 24, expected: any, comp: already checked) OK type: (received: IPV6_ADDR, expected: IPV6_ADDR, comp: eq) OK reserved1: (received: 0, expected: 0, comp: eq) OK value: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) |
|||||||||||||||||||||||||||||||
Authentication Payload OK nexttype: (received: SA, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 28, expected: any, comp: already checked) OK method: (received: SK_MIC, expected: SK_MIC, comp: eq) OK reserved1: (received: 0, expected: 0, comp: eq) OK data: (received: 458d703ffd438212918d2f198dc5c5dc8571ef68, expected: any, comp: already checked) |
|||||||||||||||||||||||||||||||
Notify Payload OK nexttype: (received: 0, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 8, expected: any, comp: already checked) OK id: (received: 0, expected: 0, comp: eq) OK spiSize: (received: 0, expected: 0, comp: eq) OK type: (received: USE_TRANSPORT_MODE, expected: USE_TRANSPORT_MODE, comp: eq) OK spi: (received: , expected: , comp: eq) OK data: (received: , expected: , comp: eq) |
|||||||||||||||||||||||||||||||
Security Association Payload OK nexttype: (received: TSi, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 40, expected: any, comp: already checked) |
|||||||||||||||||||||||||||||||
SA Proposal Comparison OK ENCR: (received:ENCR_3DES, expected:ENCR_3DES) OK PRF: (received:, expected:) NG INTEG: (received:INTEG_HMAC_SHA1_96, expected:INTEG_AES_XCBC_96) OK D-H: (received:, expected:) OK ESN: (received:ESN_No ESN, expected:ESN_No ESN) |
|||||||||||||||||||||||||||||||
NG The number of matched SA Proposals is not enough. |
|||||||||||||||||||||||||||||||
Proposal Substructure OK nexttype: (received: 0, expected: any, comp: already checked) OK reserved: (received: 0, expected: 0, comp: eq) OK proposalLen: (received: 36, expected: any, comp: already checked) OK number: (received: 1, expected: 1, comp: eq) OK id: (received: ESP, expected: ESP, comp: eq) OK spiSize: (received: 4, expected: 4, comp: eq) OK transformCount: (received: 3, expected: 3, comp: eq) OK spi: (received: 268a01bf, expected: any, comp: any) |
|||||||||||||||||||||||||||||||
Transform Substructure OK nexttype: (received: 3, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) OK transformLen: (received: 8, expected: any, comp: already checked) OK type: (received: ENCR, expected: ENCR, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK id: (received: 3DES, expected: 3DES, comp: eq) |
|||||||||||||||||||||||||||||||
Transform Substructure OK nexttype: (received: 0, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) OK transformLen: (received: 8, expected: any, comp: already checked) OK type: (received: ESN, expected: ESN, comp: eq) OK reserved2: (received: 0, expected: 0, comp: eq) OK id: (received: No ESN, expected: No ESN, comp: eq) |
|||||||||||||||||||||||||||||||
Traffic Selector Payload - Initiator OK nexttype: (received: TSr, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 48, expected: any, comp: already checked) OK count: (received: 1, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) |
|||||||||||||||||||||||||||||||
Traffic Selector OK type: (received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq) OK protocol: (received: 0, expected: 0, comp: eq) OK selectorLen: (received: 40, expected: any, comp: already checked) OK sport: (received: 0, expected: 0, comp: eq) OK eport: (received: 65535, expected: 65535, comp: eq) OK saddr: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) OK eaddr: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) |
|||||||||||||||||||||||||||||||
Traffic Selector Payload - Responder OK nexttype: (received: N, expected: any, comp: already checked) OK critical: (received: 0, expected: 0, comp: eq) OK reserved: (received: 0, expected: 0, comp: eq) OK length: (received: 48, expected: any, comp: already checked) OK count: (received: 1, expected: any, comp: already checked) OK reserved1: (received: 0, expected: 0, comp: eq) |
|||||||||||||||||||||||||||||||
Traffic Selector OK type: (received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq) OK protocol: (received: 0, expected: 0, comp: eq) OK selectorLen: (received: 40, expected: any, comp: already checked) OK sport: (received: 0, expected: 0, comp: eq) OK eport: (received: 65535, expected: 65535, comp: eq) OK saddr: (received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq) OK eaddr: (received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq) |
|||||||||||||||||||||||||||||||
| Not match with packet('EN-I-1-1-6-2.D.1') | |||||||||||||||||||||||||||||||
| Can't observe IKE_AUTH request. | |||||||||||||||||||||||||||||||
| TEST CLEANUP | |||||||||||||||||||||||||||||||
| 13:34:06 |
kRemoteAsyncWait()
Link to remote control start point DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ping6 -n -c 1 2001:0db8:000f:0001::1 PING 2001:0db8:000f:0001::1(2001:db8:f:1::1) 56 data bytes 64 bytes from 2001:db8:f:1::1: icmp_seq=1 ttl=64 time=0.185 ms --- 2001:0db8:000f:0001::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.185/0.185/0.185/0.000 ms [root@dhcp12-166 ~]# | ||||||||||||||||||||||||||||||
| cleaning up NUT ... | |||||||||||||||||||||||||||||||
| 13:34:25 |
kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop'' kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list src 2001:db8:f:1::1 dst 2001:db8:1:1::1234 proto esp spi 0x268a01bf reqid 16385 mode tunnel replay-window 0 sel src 2001:db8:f:1::1/128 dst 2001:db8:1:1::1234/128 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ipsec setup stop Redirecting to: systemctl stop ipsec.service [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list [root@dhcp12-166 ~]# | ||||||||||||||||||||||||||||||
| 13:34:46 |
kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=cat_log'' kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=cat_log DEBUG : start kRemoteLogin
Connected
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# cat /tmp/pluto.log
nss directory plutomain: /etc/ipsec.d
NSS Initialized
libcap-ng support [enabled]
FIPS HMAC integrity verification test passed
FIPS: pluto daemon NOT running in FIPS mode
Linux audit support [disabled]
Starting Pluto (Libreswan Version 3.10 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:21460
core dump dir: /var/run/pluto
secrets file: /etc/ipsec.secrets
leak-detective disabled
SAref support [disabled]: Protocol not available
SAbind support [disabled]: Protocol not available
NSS crypto [enabled]
XAUTH PAM support [enabled]
NAT-Traversal support [enabled]
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
starting up 3 crypto helpers
started thread for crypto helper 0 (master fd 7)
started thread for crypto helper 1 (master fd 9)
started thread for crypto helper 2 (master fd 11)
Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-175.el7.x86_64
ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
Warning: failed to register algo_aes_ccm_8 for IKE
ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0)
Warning: failed to register algo_aes_ccm_12 for IKE
ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0)
Warning: failed to register algo_aes_ccm_16 for IKE
ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0)
Warning: failed to register algo_aes_gcm_8 for IKE
ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0)
Warning: failed to register algo_aes_gcm_12 for IKE
ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0)
Warning: failed to register algo_aes_gcm_16 for IKE
loading CA cert file 'cacert.pem' (956 bytes)
loading crl file 'crl.pem' (483 bytes)
| selinux support is enabled.
| entering aalg_getbyname_ike()
added connection description "ikev2"
listening for IKE messages
adding interface p6p1/p6p1 192.168.0.10:500
adding interface p6p1/p6p1 192.168.0.10:4500
adding interface p7p1/p7p1 10.66.13.22:500
adding interface p7p1/p7p1 10.66.13.22:4500
adding interface lo/lo 127.0.0.1:500
adding interface lo/lo 127.0.0.1:4500
adding interface p6p1/p6p1 2001:db8:1:1::1234:500
adding interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500
adding interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500
adding interface lo/lo ::1:500
loading secrets from "/etc/ipsec.secrets"
"ikev2" #1: initiating v2 parent SA
| natd_hash: Warning, rcookie is zero !!
| natd_hash: Warning, rcookie is zero !!
"ikev2" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1
"ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
| V2 microcode entry (initiate IKE_SA_INIT) has unspecified timeout_event
| Initiator child policy is transport mode, sending v2N_USE_TRANSPORT_MODE
"ikev2" #2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2
"ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=oakley_3des_cbc_192 integ=sha1_96 prf=sha group=MODP1024}
| V2 microcode entry (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) has unspecified timeout_event
shutting down
forgetting secrets
"ikev2": deleting connection
"ikev2" #2: deleting state (STATE_PARENT_I2)
"ikev2" #1: deleting state (STATE_PARENT_I2)
shutting down interface lo/lo ::1:500
shutting down interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500
shutting down interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500
shutting down interface p6p1/p6p1 2001:db8:1:1::1234:500
shutting down interface lo/lo 127.0.0.1:4500
shutting down interface lo/lo 127.0.0.1:500
shutting down interface p7p1/p7p1 10.66.13.22:4500
shutting down interface p7p1/p7p1 10.66.13.22:500
shutting down interface p6p1/p6p1 192.168.0.10:4500
shutting down interface p6p1/p6p1 192.168.0.10:500
[root@dhcp12-166 ~]#
| ||||||||||||||||||||||||||||||
| 13:35:06 |
kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1'' kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 DEBUG : start kRemoteLogin
Connected
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip -6 route show
unreachable ::/96 dev lo metric 1024 error -101
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101
2001:db8:1:1::/64 dev p6p1 proto kernel metric 256
2001:db8:f:1::1 via fe80::f dev p6p1 metric 0
cache
2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024
unreachable 2002:a00::/24 dev lo metric 1024 error -101
unreachable 2002:7f00::/24 dev lo metric 1024 error -101
unreachable 2002:a9fe::/32 dev lo metric 1024 error -101
unreachable 2002:ac10::/28 dev lo metric 1024 error -101
unreachable 2002:c0a8::/32 dev lo metric 1024 error -101
unreachable 2002:e000::/19 dev lo metric 1024 error -101
3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256
3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101
fe80::/64 dev p6p1 proto kernel metric 256
fe80::/64 dev p6p2 proto kernel metric 256
fe80::/64 dev p7p1 proto kernel metric 256
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip -6 route del 2001:0db8:000f:0001::/64
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip -6 route show
unreachable ::/96 dev lo metric 1024 error -101
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101
2001:db8:1:1::/64 dev p6p1 proto kernel metric 256
unreachable 2002:a00::/24 dev lo metric 1024 error -101
unreachable 2002:7f00::/24 dev lo metric 1024 error -101
unreachable 2002:a9fe::/32 dev lo metric 1024 error -101
unreachable 2002:ac10::/28 dev lo metric 1024 error -101
unreachable 2002:c0a8::/32 dev lo metric 1024 error -101
unreachable 2002:e000::/19 dev lo metric 1024 error -101
3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256
3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256
unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101
fe80::/64 dev p6p1 proto kernel metric 256
fe80::/64 dev p6p2 proto kernel metric 256
fe80::/64 dev p7p1 proto kernel metric 256
[root@dhcp12-166 ~]#
| ||||||||||||||||||||||||||||||
| 13:35:27 |
kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1'' kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 DEBUG : start kRemoteLogin
Connected
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1
valid_lft 76657sec preferred_lft 76657sec
inet6 fe80::222:19ff:fe30:20d5/64 scope link
valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
valid_lft forever preferred_lft forever
inet6 2001:db8:1:1::1234/64 scope global
valid_lft forever preferred_lft forever
inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c668/64 scope link
valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c669/64 scope link
valid_lft forever preferred_lft forever
5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN
link/ipip 0.0.0.0 brd 0.0.0.0
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip -f inet6 addr del 2001:0db8:0001:0001::1234/64 dev p6p1
[root@dhcp12-166 ~]#
[root@dhcp12-166 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff
inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1
valid_lft 76652sec preferred_lft 76652sec
inet6 fe80::222:19ff:fe30:20d5/64 scope link
valid_lft forever preferred_lft forever
3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1
valid_lft forever preferred_lft forever
inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c668/64 scope link
valid_lft forever preferred_lft forever
4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff
inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::215:17ff:fe3c:c669/64 scope link
valid_lft forever preferred_lft forever
5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN
link/ipip 0.0.0.0 brd 0.0.0.0
[root@dhcp12-166 ~]#
| ||||||||||||||||||||||||||||||
| cleaning up TN ... | |||||||||||||||||||||||||||||||
| 13:35:50 |
ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=0")net.inet6.ip6.forwarding: 1 -> 0 |
||||||||||||||||||||||||||||||
| 13:35:50 |
ikev2Local("/sbin/ifconfig -a")em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 inet6 fe80::f%em1 prefixlen 64 scopeid 0xa inet6 2001:db8:1:1::f prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 2001:db8:f:1::1 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> |
||||||||||||||||||||||||||||||
| 13:35:50 |
ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64 delete") |
||||||||||||||||||||||||||||||
| 13:35:50 |
ikev2Local("/sbin/ifconfig lo1 down") |
||||||||||||||||||||||||||||||
| 13:35:50 |
ikev2Local("/sbin/ifconfig lo1 destroy") |
||||||||||||||||||||||||||||||
| 13:35:50 |
ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64 delete") |
||||||||||||||||||||||||||||||
| 13:35:50 |
ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64 delete") |
||||||||||||||||||||||||||||||
| 13:35:53 |
ikev2Local("/sbin/ifconfig -a")em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> |
||||||||||||||||||||||||||||||
| FAIL |
IP Packet | IP Header | | Version = 6 | | Source Address = 2001:db8:1:1::1234 | | Destination Address = 2001:db8:f:1::1 | UDP Header | | Source Port = 500 | | Destination Port = 500 | Internet Security Association and Key Management Protocol Payload | | IKE Header | | | IKE_SA Initiator's SPI = a0bcca2528dd9158 | | | IKE_SA Responder's SPI = 0000000000000000 | | | Next Payload = 33 (SA) | | | Major Version = 2 | | | Minor Version = 0 | | | Exchange Type = 34 (IKE_SA_INIT) | | | Flags = 8 (0b00001000) | | | | Reserved (XX000000) = 0 | | | | Response (00R00000) = 0 | | | | Version (000V0000) = 0 | | | | Initiator (0000I000) = 1 | | | | Reserved (00000XXX) = 0 | | | Message ID = 0 (0x0) | | | Length = 284 (0x11c) | | | SA Payload | | | | Next Payload = 34 (KE) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 44 (0x2c) | | | | Proposal #1 | | | | | Next Payload = 0 (last) | | | | | RESERVED = 0 | | | | | Proposal Length = 40 | | | | | Proposal # = 1 | | | | | Proposal ID = IKE | | | | | SPI Size = 0 | | | | | # of Transforms = 4 | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 1 (ENCR) | | | | | | RESERVED = 0 | | | | | | Transform ID = 3 (3DES) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 3 (INTEG) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1_96) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 2 (PRF) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1) | | | | | Transfrom | | | | | | Next Payload = 0 (last) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 4 (D-H) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (1024 MODP Group) | | | KE Payload | | | | Next Payload = 40 (Ni, Nr) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 136 (0x88) | | | | DH Group # = 2 | | | | RESERVED = 0 | | | | Key Exchange Data = 0x44fc3006cd067dfab0a7ca04c95e7b0b1cc424ccc4a8139e9f67aa98275fc9a26c2d167be6aafffd98d16e88fd286b997c43728316ff7d5c28ddf497251dc89f46c900d857da3de18bf48f19693b4c8c96fdfa631f21e0cda98133164d63a6d5410256d4aa3305abba89fbbdf78e562b3466630d4e535913e39be2a4c4919049 | | | Ni, Nr Payload | | | | Next Payload = 41 (N) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 20 (0x14) | | | | Nonce Data = bb9f6acdb630327cf73b521a5491df40 | | | N Payload | | | | Next Payload = 41 (N) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 28 (0x1c) | | | | Protocol ID = 0 (no relation) | | | | SPI Size = 0 | | | | Notify Message Type = 16388 (NAT_DETECTION_SOURCE_IP) | | | | Notification Data = 1d595e1f3bc371d059523dbee66a58479de33e6d,40 | | | N Payload | | | | Next Payload = 0 (0) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 28 (0x1c) | | | | Protocol ID = 0 (no relation) | | | | SPI Size = 0 | | | | Notify Message Type = 16389 (NAT_DETECTION_DESTINATION_IP) | | | | Notification Data = b0c836edf503b3365d650c9e34b51a52d71336c0,40
IP Packet | IP Header | | Version = 6 | | Source Address = 2001:db8:f:1::1 | | Destination Address = 2001:db8:1:1::1234 | UDP Header | | Source Port = 500 | | Destination Port = 500 | Internet Security Association and Key Management Protocol Payload | | IKE Header | | | IKE_SA Initiator's SPI = a0bcca2528dd9158 | | | IKE_SA Responder's SPI = b701582fadf119af | | | Next Payload = 33 (SA) | | | Major Version = 2 | | | Minor Version = 0 | | | Exchange Type = 34 (IKE_SA_INIT) | | | Flags = 32 (0b00100000) | | | | Reserved (XX000000) = 0 | | | | Response (00R00000) = 1 | | | | Version (000V0000) = 0 | | | | Initiator (0000I000) = 0 | | | | Reserved (00000XXX) = 0 | | | Message ID = 0 (0x0) | | | Length = 266 (0x10a) | | | SA Payload | | | | Next Payload = 34 (KE) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 44 (0x2c) | | | | Proposal #1 | | | | | Next Payload = 0 (last) | | | | | RESERVED = 0 | | | | | Proposal Length = 40 | | | | | Proposal # = 1 | | | | | Proposal ID = IKE | | | | | SPI Size = 0 | | | | | # of Transforms = 4 | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 1 (ENCR) | | | | | | RESERVED = 0 | | | | | | Transform ID = 3 (3DES) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 2 (PRF) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 3 (INTEG) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1_96) | | | | | Transfrom | | | | | | Next Payload = 0 (last) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 4 (D-H) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (1024 MODP Group) | | | KE Payload | | | | Next Payload = 40 (Ni, Nr) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 136 (0x88) | | | | DH Group # = 2 | | | | RESERVED = 0 | | | | Key Exchange Data = 0xd02835681069f07665e63fb8d7ff62adb352b43346af4d8e62701716682b9f41dce8c3e77191f2fb3202eed216a15ff33b2377876ba630007cc686d8a789090db03bdc7c8fe891801daf44f85e483f8cb97635af2c0a79fc93a0de11709fb1d9b60ebf16fb98f2dfe0a4a887dbf2bdbdfaf6cba82d141192fc0cd4aedf596e52 | | | Ni, Nr Payload | | | | Next Payload = 0 (0) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 58 (0x3a) | | | | Nonce Data = 95708e5459bdf506bda6c9f3fde565a167289726dfbacfb29a9b8ed6bc2d5d7ccadefa5791371830c2f2d070748adbd90dd67ebd3a6c
IP Packet | IP Header | | Version = 6 | | Source Address = 2001:db8:1:1::1234 | | Destination Address = 2001:db8:f:1::1 | UDP Header | | Source Port = 500 | | Destination Port = 500 | Internet Security Association and Key Management Protocol Payload | | IKE Header | | | IKE_SA Initiator's SPI = a0bcca2528dd9158 | | | IKE_SA Responder's SPI = b701582fadf119af | | | Next Payload = 46 (E) | | | Major Version = 2 | | | Minor Version = 0 | | | Exchange Type = 35 (IKE_AUTH) | | | Flags = 8 (0b00001000) | | | | Reserved (XX000000) = 0 | | | | Response (00R00000) = 0 | | | | Version (000V0000) = 0 | | | | Initiator (0000I000) = 1 | | | | Reserved (00000XXX) = 0 | | | Message ID = 1 (0x1) | | | Length = 252 (0xfc) | | | E Payload | | | | Next Payload = 35 (IDi) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 224 (0xe0) | | | | Initialization Vector = c4457863c9be0e64 | | | | Encrypted IKE Payloads | | | | | IDi Payload | | | | | | Next Payload = 39 (AUTH) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 24 (0x18) | | | | | | ID Type = 5 (IPV6_ADDR) | | | | | | RESERVED = 0 | | | | | | Identification Data = 20010db8000100010000000000001234 (2001:db8:1:1::1234) | | | | | AUTH Payload | | | | | | Next Payload = 33 (SA) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 28 (0x1c) | | | | | | Auth Method = 2 (SK_MIC) | | | | | | RESERVED = 0 | | | | | | Authentication Data = 458d703ffd438212918d2f198dc5c5dc8571ef68 | | | | | SA Payload | | | | | | Next Payload = 44 (TSi) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 40 (0x28) | | | | | | Proposal #1 | | | | | | | Next Payload = 0 (last) | | | | | | | RESERVED = 0 | | | | | | | Proposal Length = 36 | | | | | | | Proposal # = 1 | | | | | | | Proposal ID = ESP | | | | | | | SPI Size = 4 | | | | | | | # of Transforms = 3 | | | | | | | SPI = 268a01bf | | | | | | | Transfrom | | | | | | | | Next Payload = 3 (Transform) | | | | | | | | RESERVED = 0 | | | | | | | | Transform Length = 8 | | | | | | | | Transform Type = 1 (ENCR) | | | | | | | | RESERVED = 0 | | | | | | | | Transform ID = 3 (3DES) | | | | | | | Transfrom | | | | | | | | Next Payload = 3 (Transform) | | | | | | | | RESERVED = 0 | | | | | | | | Transform Length = 8 | | | | | | | | Transform Type = 3 (INTEG) | | | | | | | | RESERVED = 0 | | | | | | | | Transform ID = 2 (HMAC_SHA1_96) | | | | | | | Transfrom | | | | | | | | Next Payload = 0 (last) | | | | | | | | RESERVED = 0 | | | | | | | | Transform Length = 8 | | | | | | | | Transform Type = 5 (ESN) | | | | | | | | RESERVED = 0 | | | | | | | | Transform ID = 0 (No ESN) | | | | | TSi Payload | | | | | | Next Payload = 45 (TSr) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 48 (0x30) | | | | | | Number of TSs = 1 | | | | | | RESERVED = 0 | | | | | | Traffic Selector | | | | | | | TS Type = 8 (IPV6_ADDR_RANGE) | | | | | | | IP Protocol ID = 0 (any) | | | | | | | Selector Length = 40 | | | | | | | Start Port = 0 | | | | | | | End Port = 65535 | | | | | | | Starting Address = 20010db8000100010000000000001234 | | | | | | | Ending Address = 20010db8000100010000000000001234 | | | | | TSr Payload | | | | | | Next Payload = 41 (N) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 48 (0x30) | | | | | | Number of TSs = 1 | | | | | | RESERVED = 0 | | | | | | Traffic Selector | | | | | | | TS Type = 8 (IPV6_ADDR_RANGE) | | | | | | | IP Protocol ID = 0 (any) | | | | | | | Selector Length = 40 | | | | | | | Start Port = 0 | | | | | | | End Port = 65535 | | | | | | | Starting Address = 20010db8000f00010000000000000001 | | | | | | | Ending Address = 20010db8000f00010000000000000001 | | | | | N Payload | | | | | | Next Payload = 0 (0) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 8 (0x8) | | | | | | Protocol ID = 0 (no relation) | | | | | | SPI Size = 0 | | | | | | Notify Message Type = 16391 (USE_TRANSPORT_MODE) | | | | Integrity Checksum Data = 8745110fb4a83a64be69b239