Hi, I'm trying to set up a ipsec vpn for my iPhone. I tried with both iked and ipsec/isakmpd + npppd. They both work for 10/15 minutes then it dies. This mail is only about the iked problem (at least for now).
The server runs 6.1 -stable and isn't behind any nat. Client runs ios 10.3.1 and use the included ipsec client (and is behind nat). The iked.conf file I use is ikev2 "ios10" passive esp from 0.0.0.0/0 to 192.168.222.0/24 \ local egress peer any \ ikesa enc aes-256 auth hmac-sha2-256 group modp2048 \ childsa enc aes-256 auth hmac-sha2-256 group modp2048 \ psk "whatever" config address 192.168.222.0/24 \ config name-server 192.168.222.254 config access-server 192.168.222.1 I run iked -dvvv (full log attached) it seems to close nicely: ikev2_msg_send: INFORMATIONAL response from 159.100.249.61:4500 to 198.48.213.186:58457 msgid 1, 80 bytes, NAT-T sa_state: ESTABLISHED -> CLOSED from 198.48.213.186:58457 to 159.100.249.61:4500 policy 'ios10' and I'm not sure why. Any idea? Cheers, Daniel OpenBSD 6.1 (GENERIC) #6: Sat May 6 09:33:26 CEST 2017 rob...@syspatch-61-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 519962624 (495MB) avail mem = 499658752 (476MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf63a0 (9 entries) bios0: vendor SeaBIOS version "Ubuntu-1.8.2-1ubuntu1~precise0+exo1" date 04/01/2014 bios0: QEMU Standard PC (i440FX + PIIX, 1996) acpi0 at bios0: rev 0 acpi0: sleep states S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC HPET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Xeon E312xx (Sandy Bridge), 2594.10 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,VMX,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,HV,NXE,RDTSCP,LONG,LAHF cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins acpihpet0 at acpi0: 100000000 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) "ACPI0006" at acpi0 not configured "PNP0303" at acpi0 not configured "PNP0F13" at acpi0 not configured "PNP0700" at acpi0 not configured "PNP0501" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.3.> ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 iic0 at piixpm0 vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio0: address 06:eb:fa:00:01:45 virtio0: msix shared virtio1 at pci0 dev 4 function 0 "Qumranet Virtio Storage" rev 0x00 vioblk0 at virtio1 scsibus2 at vioblk0: 2 targets sd0 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct fixed sd0: 51200MB, 512 bytes/sector, 104857600 sectors virtio1: msix shared isa0 at pcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 1: density unknown com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 vmm0 at mainbus0: VMX/EPT uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet" rev 2.00/0.00 addr 2 uhidev0: iclass 3/0 ums0 at uhidev0: 3 buttons, Z dir wsmouse1 at ums0 mux 0 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets root on sd0a (bfd80eba6139c686.a) swap on sd0b dump on sd0b
ikev2 "ios10" passive esp inet from 0.0.0.0/0 to 192.168.222.0/24 local 159.100.249.61 peer any ikesa enc aes-256 prf hmac-sha2-256,hmac-sha1 auth hmac-sha2-256 group modp2048 childsa enc aes-256 auth hmac-sha2-256 group modp2048 lifetime 10800 bytes 536870912 psk whatever config address 192.168.222.0 config name-server 192.168.222.254 config access-server 192.168.222.1 /etc/iked.conf: loaded 1 configuration rules ca_privkey_serialize: type RSA_KEY length 1192 ca_pubkey_serialize: type RSA_KEY length 270 ca_privkey_to_method: type RSA_KEY method RSA_SIG ca_getkey: received private key type RSA_KEY length 1192 ca_getkey: received public key type RSA_KEY length 270 ca_dispatch_parent: config reset ca_reload: local cert type RSA_KEY config_getocsp: ocsp_url none ikev2_dispatch_cert: updated local CERTREQ type RSA_KEY length 0 config_getpolicy: received policy config_getpfkey: received pfkey fd 3 config_getcompile: compilation done config_getsocket: received socket fd 4 config_getsocket: received socket fd 5 config_getsocket: received socket fd 6 config_getsocket: received socket fd 7 ikev2_recv: IKE_SA_INIT request from initiator 198.48.213.186:55500 to 159.100.249.61:500 policy 'ios10' id 0, 604 bytes ikev2_recv: ispi 0x1e6e9d8c7451ec2f rspi 0x0000000000000000 ikev2_policy2id: srcid FQDN/novosibirsk.chown.me length 24 ikev2_pld_parse: header ispi 0x1e6e9d8c7451ec2f rspi 0x0000000000000000 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 604 response 0 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 220 ikev2_pld_sa: more than one proposal specified ikev2_pld_sa: more 2 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 ikev2_pld_ke: dh group MODP_2048 reserved 0 9324a4ea d62c8bae 72bc59a3 3783eb3c 1d54790d e427dacc 1deeaf30 b482f3d4 d62224a1 2c8addd9 a366fb9f 7eec4f75 c302def3 61950fd5 f24e8ec4 e8e6c5a2 59c47387 650f8654 37cb5563 d40a0327 3d92c7a8 a8d71cba 3e9aef82 52dffae4 208dc052 19948076 e7cddaae 84ffa6d2 dd8098fb 81d21305 185fa9d0 b1086982 99ad2166 31c6d6ff 2213fbdc 1e1a39dc e266cac0 04762576 961de4b9 af5b9b29 640058ed e764327b 2658f912 30a5b12a 56006ac0 9c314eda e4ce3d47 9a8d24b6 6db2dab2 208617ec f9ece928 cde08b9b 0c8754bd a6c5f3ce 739bfaf1 9dd80abc 9e2867b0 79063905 f584649c 86f5635c 8f0edb1e 4b4273fc 8256b9ca ca7fc9a6 ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 20 12d19591 f37b97cd 70cc3812 61b28263 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type REDIRECT_SUPPORTED ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP bf5cf840 b039a732 a82852f3 b697b7ea 955c7086 ikev2_nat_detection: peer source 0x1e6e9d8c7451ec2f 0x0000000000000000 198.48.213.186:55500 ikev2_pld_notify: NAT_DETECTION_SOURCE_IP detected NAT, enabling UDP encapsulation 5fb48d4d 73da34bf 8361ab29 1aa44330 0b9bdda0 ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP a135e68a 11f85ce4 d2f773d9 42781465 f4677d95 ikev2_nat_detection: peer destination 0x1e6e9d8c7451ec2f 0x0000000000000000 159.100.249.61:500 a135e68a 11f85ce4 d2f773d9 42781465 f4677d95 ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type FRAGMENTATION_SUPPORTED sa_state: INIT -> SA_INIT ikev2_match_proposals: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256) 256 ikev2_match_proposals: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) ikev2_match_proposals: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 256) ikev2_match_proposals: xform 1 <-> 1 (1): DH MODP_2048 (keylength 0 <-> 0) ikev2_sa_negotiate: score 4 ikev2_sa_negotiate: score 1: ENCR AES_CBC 256 ikev2_sa_negotiate: score 1: PRF HMAC_SHA2_256 ikev2_sa_negotiate: score 1: INTEGR HMAC_SHA2_256_128 ikev2_sa_negotiate: score 1: DH MODP_2048 sa_stateok: SA_INIT flags 0x0000, require 0x0000 sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) ikev2_sa_keys: SKEYSEED with 32 bytes 4948281b 4bfcbb7e 0c79575f 1d94696c 31648b67 7bfa72ec 86de473e e58a740d ikev2_sa_keys: S with 64 bytes 12d19591 f37b97cd 70cc3812 61b28263 24a6e80f f65b1302 5e2e5a5b ab21b302 1db48169 2f26ed34 aac8b966 f329cf1e 1e6e9d8c 7451ec2f cd9fff65 dfabfff9 ikev2_prfplus: T1 with 32 bytes e74d7baa 9b92b3b0 69d1303a 99efd1be 808e282d bbd17d32 afce5af0 1c497086 ikev2_prfplus: T2 with 32 bytes c73a6666 0ec6477b 72c88357 02063c71 5ad3aa0b 091022ca 6087863b 41440219 ikev2_prfplus: T3 with 32 bytes 1ff212fc 444ae415 c6f39eef ef645360 1da8075a 67f7fd0e 2f5573c5 ab65bbb9 ikev2_prfplus: T4 with 32 bytes 9c0e7a57 a9777b6c e752dc4a 38a8cb5f d4646982 47d88e5c 63c57e99 50b99fde ikev2_prfplus: T5 with 32 bytes d2149fb3 37df5de0 5bc6ede8 4ab01b4a 9c9a2691 86d8fe44 59b1ebf6 3ebf982f ikev2_prfplus: T6 with 32 bytes ca435471 d34772da be407f4b eb1e07e6 ab1edafd 98273980 c1867faf d2a91030 ikev2_prfplus: T7 with 32 bytes 9d7cc394 9bdd8951 efb06965 2908b21b 645a1c8f e6093143 af140727 f58d94a4 ikev2_prfplus: Tn with 224 bytes e74d7baa 9b92b3b0 69d1303a 99efd1be 808e282d bbd17d32 afce5af0 1c497086 c73a6666 0ec6477b 72c88357 02063c71 5ad3aa0b 091022ca 6087863b 41440219 1ff212fc 444ae415 c6f39eef ef645360 1da8075a 67f7fd0e 2f5573c5 ab65bbb9 9c0e7a57 a9777b6c e752dc4a 38a8cb5f d4646982 47d88e5c 63c57e99 50b99fde d2149fb3 37df5de0 5bc6ede8 4ab01b4a 9c9a2691 86d8fe44 59b1ebf6 3ebf982f ca435471 d34772da be407f4b eb1e07e6 ab1edafd 98273980 c1867faf d2a91030 9d7cc394 9bdd8951 efb06965 2908b21b 645a1c8f e6093143 af140727 f58d94a4 ikev2_sa_keys: SK_d with 32 bytes e74d7baa 9b92b3b0 69d1303a 99efd1be 808e282d bbd17d32 afce5af0 1c497086 ikev2_sa_keys: SK_ai with 32 bytes c73a6666 0ec6477b 72c88357 02063c71 5ad3aa0b 091022ca 6087863b 41440219 ikev2_sa_keys: SK_ar with 32 bytes 1ff212fc 444ae415 c6f39eef ef645360 1da8075a 67f7fd0e 2f5573c5 ab65bbb9 ikev2_sa_keys: SK_ei with 32 bytes 9c0e7a57 a9777b6c e752dc4a 38a8cb5f d4646982 47d88e5c 63c57e99 50b99fde ikev2_sa_keys: SK_er with 32 bytes d2149fb3 37df5de0 5bc6ede8 4ab01b4a 9c9a2691 86d8fe44 59b1ebf6 3ebf982f ikev2_sa_keys: SK_pi with 32 bytes ca435471 d34772da be407f4b eb1e07e6 ab1edafd 98273980 c1867faf d2a91030 ikev2_sa_keys: SK_pr with 32 bytes 9d7cc394 9bdd8951 efb06965 2908b21b 645a1c8f e6093143 af140727 f58d94a4 ikev2_add_proposals: length 44 ikev2_next_payload: length 48 nextpayload KE ikev2_next_payload: length 264 nextpayload NONCE ikev2_next_payload: length 36 nextpayload NOTIFY ikev2_nat_detection: local source 0x1e6e9d8c7451ec2f 0xcd9fff65dfabfff9 159.100.249.61:500 ikev2_next_payload: length 28 nextpayload NOTIFY ikev2_nat_detection: local destination 0x1e6e9d8c7451ec2f 0xcd9fff65dfabfff9 198.48.213.186:55500 ikev2_next_payload: length 28 nextpayload NONE ikev2_pld_parse: header ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x20 msgid 0 length 432 response 1 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 264 ikev2_pld_ke: dh group MODP_2048 reserved 0 70c7ab25 4d8dea82 45a998a1 4430d06c 7beb5cc6 4cb7589b b32a3d20 691b1b55 80f3331b f9264255 ddf9857e f03a35f0 e94bed7b 82a51e2b 01cf1c36 00e5faff ee2d706c dc67a32a 5dc6cfb8 d4610e9f 1837d6f5 cf4772af f1e84166 6167220d c990bce4 5dfac16f ab79ccee 1b864167 66058901 b61141b7 fc476208 4527bf5a ac2e1cc3 bc04ed31 42589d53 635d6a47 266fb24e 4e87c48e 042c6f52 d8224c2f 52b87d1c c906d61f aa9b021e 950adce5 40c627bd 4090f2a2 c564374c 5b0ce0c2 5e088a19 70224b16 f9fcd79d 3b2f9e8f 960b71b8 bb085d3a 5c0acd3c 0cad46d8 0adc4df2 59161920 3b0e8ed5 1f9a0304 f118318d a2f7570c 08f8924a 2b2ce441 ikev2_pld_payloads: payload NONCE nextpayload NOTIFY critical 0x00 length 36 24a6e80f f65b1302 5e2e5a5b ab21b302 1db48169 2f26ed34 aac8b966 f329cf1e ikev2_pld_payloads: payload NOTIFY nextpayload NOTIFY critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_SOURCE_IP 9be25123 e94c2601 79a7408c fa5f5df1 4be62d53 ikev2_pld_payloads: payload NOTIFY nextpayload NONE critical 0x00 length 28 ikev2_pld_notify: protoid NONE spisize 0 type NAT_DETECTION_DESTINATION_IP 11c68cad c25bffa9 fa6d2594 dc9c341a e7835703 ikev2_msg_send: IKE_SA_INIT response from 159.100.249.61:500 to 198.48.213.186:55500 msgid 0, 432 bytes config_free_proposals: free 0x1c31e3715e80 ikev2_recv: IKE_AUTH request from initiator 198.48.213.186:58457 to 159.100.249.61:4500 policy 'ios10' id 1, 544 bytes ikev2_recv: ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 ikev2_recv: updated SA to peer 198.48.213.186:58457 local 159.100.249.61:4500 ikev2_pld_parse: header ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 nextpayload SK version 0x20 exchange IKE_AUTH flags 0x08 msgid 1 length 544 response 0 ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 516 ikev2_msg_decrypt: IV length 16 813793cc 27cf51ae 6eb48956 eb9d37c2 ikev2_msg_decrypt: encrypted payload length 480 18651a50 1c627df9 04aa8194 7e8bf8d4 b056bca2 53b9950d ee467687 33dd7037 3cebdace 34cba7a7 5401bda7 d9a8c552 ab158713 70e683d4 e7e1cb33 ee009d0e 47a16ba1 50ad78e5 6f31b697 009bc6f9 98845526 daa4d3d0 5fdeb209 5b700c8f d6d72810 63cb1269 adbd54be 35432f5e 868b075a 293bbeee 286942c9 e75b4cda 90273bd5 d0a0c989 98ea1a7f f2895dba ec8a9736 6f88e187 08596bf1 9b187eaa 03078c2a 1f275268 99ff46cf 79bc73dc de1b004a 012ce83f 9224869e 6264bdd3 c47c10f0 12f0c1b7 662aa5d0 f29a3704 2fe3f5c7 0d26b4a3 ccd2c482 07a24f80 fe8ce2e6 29454b59 5af882ec e603067f 49731404 8bff9457 dc03541a c7bb14b3 1dceba11 f8236432 e06b3456 d265f48c dbf11914 32124291 5f83fa51 55447aaa cfccb58b ad4e6e82 7e6332a7 82768a2e 6a1dd4c3 f21648f2 86489c73 fc57a9ba 9ee56e25 479d6a03 869bd0de 1d43c259 d3493b91 49f7a25c f4a8d067 f22af584 f8d7d77a 4fc9b65d bb4932f6 8581ac1d 6c8c49fc f033c98c 0bc339e4 27d04d1a a7d03307 f62b9d4f b5de4530 86c278c9 d1cc1870 c8af9d94 baa9d3fb 72010701 2e98e3fc c32245c0 3f44ee32 1cfa091b ad3733e4 d35bab86 661c2bfe 796084b1 293a1598 e5009426 f7c561bc 5bb370e2 60c6d50e 818b92cb 724aa829 389028fc ikev2_msg_decrypt: integrity checksum length 16 87588186 f37a23f8 598784d6 814b5b19 ikev2_msg_decrypt: integrity check succeeded 87588186 f37a23f8 598784d6 814b5b19 ikev2_msg_decrypt: decrypted payload length 480/480 padding 14 2900000c 01000000 0a0a0ae1 29000008 00004000 24000008 0000400c 2700000d 02000000 696f7331 302f0000 28020000 0029508c 998d30fd f8814690 e6e5ed04 4d8afa2a 0e00db05 754dbb19 c3525089 a0290000 28010000 00000100 00000600 00000300 00000200 00000800 00000c00 00000a00 00001900 00290000 08000040 0a210000 08000040 0b2c0000 c8020000 28010304 030ec819 0f030000 0c010000 0c800e01 00030000 08030000 0c000000 08050000 00020000 28020304 030dcd28 9f030000 0c010000 0c800e01 00030000 08030000 0c000000 08050000 00020000 28030304 0307699c 3f030000 0c010000 0c800e01 00030000 08030000 0c000000 08050000 00020000 28040304 030161da 11030000 0c010000 0c800e00 80030000 08030000 02000000 08050000 00000000 24050304 03092f0d dc030000 08010000 03030000 08030000 02000000 08050000 002d0000 40020000 00070000 100000ff ff000000 00ffffff ff080000 280000ff ff000000 00000000 00000000 00000000 00ffffff ffffffff ffffffff ffffffff ff000000 40020000 00070000 100000ff ff000000 00ffffff ff080000 280000ff ff000000 00000000 00000000 00000000 00ffffff ffffffff ffffffff ffffffff ff3b560a 37ce01b4 01aeca66 babd730e ikev2_pld_payloads: decrypted payload IDi nextpayload NOTIFY critical 0x00 length 12 ikev2_pld_id: id IPV4/10.10.10.225 length 8 ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type INITIAL_CONTACT ikev2_pld_payloads: decrypted payload NOTIFY nextpayload IDr critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type MOBIKE_SUPPORTED ikev2_pld_payloads: decrypted payload IDr nextpayload AUTH critical 0x00 length 13 ikev2_pld_id: id FQDN/ios10 length 9 ikev2_pld_id: unexpected id payload ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 length 40 ikev2_pld_auth: method SHARED_KEY_MIC length 32 29508c99 8d30fdf8 814690e6 e5ed044d 8afa2a0e 00db0575 4dbb19c3 525089a0 sa_state: SA_INIT -> AUTH_REQUEST ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical 0x00 length 40 ikev2_pld_cp: type REQUEST length 32 00010000 00060000 00030000 00020000 00080000 000c0000 000a0000 00190000 ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0 ikev2_pld_cp: INTERNAL_IP4_DHCP 0x0006 length 0 ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0 ikev2_pld_cp: INTERNAL_IP4_NETMASK 0x0002 length 0 ikev2_pld_cp: INTERNAL_IP6_ADDRESS 0x0008 length 0 ikev2_pld_cp: INTERNAL_IP6_DHCP 0x000c length 0 ikev2_pld_cp: INTERNAL_IP6_DNS 0x000a length 0 ikev2_pld_cp: <UNKNOWN:25> 0x0019 length 0 ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type ESP_TFC_PADDING_NOT_SUPPORTED ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type NON_FIRST_FRAGMENTS_ALSO ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 200 ikev2_pld_sa: more than one proposal specified ikev2_pld_sa: more 2 reserved 0 length 40 proposal #1 protoid ESP spisize 4 xforms 3 spi 0x0ec8190f ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 64 ikev2_pld_ts: count 2 length 56 ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535 ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255 ikev2_pld_ts: type IPV6_ADDR_RANGE protoid 0 length 40 startport 0 endport 65535 ikev2_pld_ts: start :: end ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 64 ikev2_pld_ts: count 2 length 56 ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535 ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255 ikev2_pld_ts: type IPV6_ADDR_RANGE protoid 0 length 40 startport 0 endport 65535 ikev2_pld_ts: start :: end ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ikev2_resp_recv: NAT-T message received, updated SA sa_stateok: SA_INIT flags 0x0000, require 0x0000 policy_lookup: peerid '10.10.10.225' ikev2_msg_auth: responder auth data length 480 1e6e9d8c 7451ec2f cd9fff65 dfabfff9 21202220 00000000 000001b0 22000030 0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005 03000008 0300000c 00000008 0400000e 28000108 000e0000 70c7ab25 4d8dea82 45a998a1 4430d06c 7beb5cc6 4cb7589b b32a3d20 691b1b55 80f3331b f9264255 ddf9857e f03a35f0 e94bed7b 82a51e2b 01cf1c36 00e5faff ee2d706c dc67a32a 5dc6cfb8 d4610e9f 1837d6f5 cf4772af f1e84166 6167220d c990bce4 5dfac16f ab79ccee 1b864167 66058901 b61141b7 fc476208 4527bf5a ac2e1cc3 bc04ed31 42589d53 635d6a47 266fb24e 4e87c48e 042c6f52 d8224c2f 52b87d1c c906d61f aa9b021e 950adce5 40c627bd 4090f2a2 c564374c 5b0ce0c2 5e088a19 70224b16 f9fcd79d 3b2f9e8f 960b71b8 bb085d3a 5c0acd3c 0cad46d8 0adc4df2 59161920 3b0e8ed5 1f9a0304 f118318d a2f7570c 08f8924a 2b2ce441 29000024 24a6e80f f65b1302 5e2e5a5b ab21b302 1db48169 2f26ed34 aac8b966 f329cf1e 2900001c 00004004 9be25123 e94c2601 79a7408c fa5f5df1 4be62d53 0000001c 00004005 11c68cad c25bffa9 fa6d2594 dc9c341a e7835703 12d19591 f37b97cd 70cc3812 61b28263 c3c5221e c8ea9920 db72d65b c6b1c352 fcdc8111 5b20e2b8 de0686db 76d030cb ikev2_msg_auth: initiator auth data length 668 1e6e9d8c 7451ec2f 00000000 00000000 21202208 00000000 0000025c 220000dc 0200002c 01010004 0300000c 0100000c 800e0100 03000008 02000005 03000008 0300000c 00000008 0400000e 0200002c 02010004 0300000c 0100000c 800e0100 03000008 02000005 03000008 0300000c 00000008 04000013 0200002c 03010004 0300000c 0100000c 800e0100 03000008 02000005 03000008 0300000c 00000008 04000005 0200002c 04010004 0300000c 0100000c 800e0080 03000008 02000002 03000008 03000002 00000008 04000002 00000028 05010004 03000008 01000003 03000008 02000002 03000008 03000002 00000008 04000002 28000108 000e0000 9324a4ea d62c8bae 72bc59a3 3783eb3c 1d54790d e427dacc 1deeaf30 b482f3d4 d62224a1 2c8addd9 a366fb9f 7eec4f75 c302def3 61950fd5 f24e8ec4 e8e6c5a2 59c47387 650f8654 37cb5563 d40a0327 3d92c7a8 a8d71cba 3e9aef82 52dffae4 208dc052 19948076 e7cddaae 84ffa6d2 dd8098fb 81d21305 185fa9d0 b1086982 99ad2166 31c6d6ff 2213fbdc 1e1a39dc e266cac0 04762576 961de4b9 af5b9b29 640058ed e764327b 2658f912 30a5b12a 56006ac0 9c314eda e4ce3d47 9a8d24b6 6db2dab2 208617ec f9ece928 cde08b9b 0c8754bd a6c5f3ce 739bfaf1 9dd80abc 9e2867b0 79063905 f584649c 86f5635c 8f0edb1e 4b4273fc 8256b9ca ca7fc9a6 29000014 12d19591 f37b97cd 70cc3812 61b28263 29000008 00004016 2900001c 00004004 bf5cf840 b039a732 a82852f3 b697b7ea 955c7086 2900001c 00004005 a135e68a 11f85ce4 d2f773d9 42781465 f4677d95 00000008 0000402e 24a6e80f f65b1302 5e2e5a5b ab21b302 1db48169 2f26ed34 aac8b966 f329cf1e c6ad8d76 76b9d383 1c79edc7 bf85a0c1 e8c0540a 2b533d2a 89188a52 f7cf8c83 ikev2_msg_authverify: method SHARED_KEY_MIC keylen 32 type NONE ikev2_msg_authverify: authentication successful sa_state: AUTH_REQUEST -> AUTH_SUCCESS sa_stateflags: 0x0028 -> 0x0038 auth,authvalid,sa (required 0x0038 auth,authvalid,sa) ikev2_match_proposals: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 256) 256 ikev2_match_proposals: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 256) ikev2_match_proposals: xform 1 <-> 2 (2): ESN NONE (keylength 0 <-> 0) ikev2_sa_negotiate: score 4 ikev2_sa_negotiate: score 1: ENCR AES_CBC 256 ikev2_sa_negotiate: score 1: INTEGR HMAC_SHA2_256_128 ikev2_sa_negotiate: score 2: ESN NONE sa_stateflags: 0x0038 -> 0x0038 auth,authvalid,sa (required 0x0038 auth,authvalid,sa) sa_stateok: VALID flags 0x0038, require 0x0038 auth,authvalid,sa sa_state: AUTH_SUCCESS -> VALID sa_stateok: VALID flags 0x0038, require 0x0038 auth,authvalid,sa ikev2_cp_setaddr: mask ffffff start a6 lower 1 host a6 upper ff sa_stateok: VALID flags 0x0038, require 0x0038 auth,authvalid,sa ikev2_sa_tag: (0) ikev2_childsa_negotiate: proposal 1 ikev2_childsa_negotiate: key material length 128 ikev2_prfplus: T1 with 32 bytes 14ff9adc f2da33d2 8ba8d513 272fd0d9 3c09b571 4730a86c 3ef317e4 87098e3f ikev2_prfplus: T2 with 32 bytes b5b99f19 71f790cd 22c3a56f 87ea754e a2a5eb1c 3b23bd16 b35f5b2f c98a8c8e ikev2_prfplus: T3 with 32 bytes a731e950 5738bda2 d2e83184 25ecdcaf 71351e4a 8274cd64 529e965d eda4e813 ikev2_prfplus: T4 with 32 bytes ecc38abb 4dbc50a3 c46e14b5 f50dbd2b 06379e5e bc9a6dd1 f936b557 5e3cc481 ikev2_prfplus: Tn with 128 bytes 14ff9adc f2da33d2 8ba8d513 272fd0d9 3c09b571 4730a86c 3ef317e4 87098e3f b5b99f19 71f790cd 22c3a56f 87ea754e a2a5eb1c 3b23bd16 b35f5b2f c98a8c8e a731e950 5738bda2 d2e83184 25ecdcaf 71351e4a 8274cd64 529e965d eda4e813 ecc38abb 4dbc50a3 c46e14b5 f50dbd2b 06379e5e bc9a6dd1 f936b557 5e3cc481 pfkey_sa_getspi: spi 0x2e3fef46 pfkey_sa_init: new spi 0x2e3fef46 ikev2_next_payload: length 28 nextpayload AUTH ikev2_next_payload: length 40 nextpayload CP ikev2_next_payload: length 32 nextpayload SA ikev2_add_proposals: length 40 ikev2_next_payload: length 44 nextpayload TSi ikev2_next_payload: length 24 nextpayload TSr ikev2_next_payload: length 24 nextpayload NONE ikev2_msg_encrypt: decrypted length 192 2700001c 02000000 6e6f766f 73696269 72736b2e 63686f77 6e2e6d65 2f000028 02000000 f8d66fcc b5374867 22fa5500 51455693 14de1381 1bad1f60 a562c816 be11dd2b 21000020 02000000 00010004 c0a8dea6 00030004 c0a8defe 5ba00004 c0a8de01 2c00002c 00000028 01030403 2e3fef46 0300000c 0100000c 800e0100 03000008 0300000c 00000008 05000000 2d000018 01000000 07000010 0000ffff c0a8de00 c0a8deff 00000018 01000000 07000010 0000ffff 00000000 ffffffff ikev2_msg_encrypt: padded length 208 2700001c 02000000 6e6f766f 73696269 72736b2e 63686f77 6e2e6d65 2f000028 02000000 f8d66fcc b5374867 22fa5500 51455693 14de1381 1bad1f60 a562c816 be11dd2b 21000020 02000000 00010004 c0a8dea6 00030004 c0a8defe 5ba00004 c0a8de01 2c00002c 00000028 01030403 2e3fef46 0300000c 0100000c 800e0100 03000008 0300000c 00000008 05000000 2d000018 01000000 07000010 0000ffff c0a8de00 c0a8deff 00000018 01000000 07000010 0000ffff 00000000 ffffffff 9dcd13ed b2eabc91 88c5b3bc 1f2ff40f ikev2_msg_encrypt: length 193, padding 15, output length 240 3904ea2f a505662a 1ec1f7f6 e6bff7b9 4d0309f5 b7fb240a ca1014d2 ec370aa0 595a5adb 6c2abd1b 78702cbf 493a65f0 767edfb4 37016c74 52d89eba 657a18b4 3844fc41 d5dfdbd7 3afef041 4d60e886 251baf6e bc7a31fb 1c5affde 81a093ff 2c9d76a9 e93143a9 7d814499 3dcae677 329c4a4e 08726b8b 08ef9470 40e840be 1137842d 80070b0a eca3ba13 0b1645bf 3b177ba0 11ae4fae 67fcb890 02fa5f40 80a2fe47 63d7ac3f b469b973 79889138 245138f0 1d63e6ec b6b81148 eab87c08 c4fa2e86 1297e6eb 431b3b3f 4be7446d 5eb9e520 c7dcac5d d32b7fa1 76f91757 00000000 00000000 00000000 00000000 ikev2_next_payload: length 244 nextpayload IDr ikev2_msg_integr: message length 272 1e6e9d8c 7451ec2f cd9fff65 dfabfff9 2e202320 00000001 00000110 240000f4 3904ea2f a505662a 1ec1f7f6 e6bff7b9 4d0309f5 b7fb240a ca1014d2 ec370aa0 595a5adb 6c2abd1b 78702cbf 493a65f0 767edfb4 37016c74 52d89eba 657a18b4 3844fc41 d5dfdbd7 3afef041 4d60e886 251baf6e bc7a31fb 1c5affde 81a093ff 2c9d76a9 e93143a9 7d814499 3dcae677 329c4a4e 08726b8b 08ef9470 40e840be 1137842d 80070b0a eca3ba13 0b1645bf 3b177ba0 11ae4fae 67fcb890 02fa5f40 80a2fe47 63d7ac3f b469b973 79889138 245138f0 1d63e6ec b6b81148 eab87c08 c4fa2e86 1297e6eb 431b3b3f 4be7446d 5eb9e520 c7dcac5d d32b7fa1 76f91757 00000000 00000000 00000000 00000000 ikev2_msg_integr: integrity checksum length 16 5687a4f1 812285f0 219c4ddf 6d5fc36a 48d1d0a4 35a0fa78 230054e3 7a9a4d74 ikev2_pld_parse: header ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 nextpayload SK version 0x20 exchange IKE_AUTH flags 0x20 msgid 1 length 272 response 1 ikev2_pld_payloads: payload SK nextpayload IDr critical 0x00 length 244 ikev2_msg_decrypt: IV length 16 3904ea2f a505662a 1ec1f7f6 e6bff7b9 ikev2_msg_decrypt: encrypted payload length 208 4d0309f5 b7fb240a ca1014d2 ec370aa0 595a5adb 6c2abd1b 78702cbf 493a65f0 767edfb4 37016c74 52d89eba 657a18b4 3844fc41 d5dfdbd7 3afef041 4d60e886 251baf6e bc7a31fb 1c5affde 81a093ff 2c9d76a9 e93143a9 7d814499 3dcae677 329c4a4e 08726b8b 08ef9470 40e840be 1137842d 80070b0a eca3ba13 0b1645bf 3b177ba0 11ae4fae 67fcb890 02fa5f40 80a2fe47 63d7ac3f b469b973 79889138 245138f0 1d63e6ec b6b81148 eab87c08 c4fa2e86 1297e6eb 431b3b3f 4be7446d 5eb9e520 c7dcac5d d32b7fa1 76f91757 ikev2_msg_decrypt: integrity checksum length 16 5687a4f1 812285f0 219c4ddf 6d5fc36a ikev2_msg_decrypt: integrity check succeeded 5687a4f1 812285f0 219c4ddf 6d5fc36a ikev2_msg_decrypt: decrypted payload length 208/208 padding 15 2700001c 02000000 6e6f766f 73696269 72736b2e 63686f77 6e2e6d65 2f000028 02000000 f8d66fcc b5374867 22fa5500 51455693 14de1381 1bad1f60 a562c816 be11dd2b 21000020 02000000 00010004 c0a8dea6 00030004 c0a8defe 5ba00004 c0a8de01 2c00002c 00000028 01030403 2e3fef46 0300000c 0100000c 800e0100 03000008 0300000c 00000008 05000000 2d000018 01000000 07000010 0000ffff c0a8de00 c0a8deff 00000018 01000000 07000010 0000ffff 00000000 ffffffff 9dcd13ed b2eabc91 88c5b3bc 1f2ff40f ikev2_pld_payloads: decrypted payload IDr nextpayload AUTH critical 0x00 length 28 ikev2_pld_id: id FQDN/novosibirsk.chown.me length 24 ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00 length 40 ikev2_pld_auth: method SHARED_KEY_MIC length 32 f8d66fcc b5374867 22fa5500 51455693 14de1381 1bad1f60 a562c816 be11dd2b ikev2_pld_payloads: decrypted payload CP nextpayload SA critical 0x00 length 32 ikev2_pld_cp: type REPLY length 24 00010004 c0a8dea6 00030004 c0a8defe 5ba00004 c0a8de01 ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 4 ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 4 ikev2_pld_cp: INTERNAL_IP4_SERVER 0x5ba0 length 4 ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00 length 44 ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 xforms 3 spi 0x2e3fef46 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24 ikev2_pld_ts: count 1 length 16 ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535 ikev2_pld_ts: start 192.168.222.0 end 192.168.222.255 ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 24 ikev2_pld_ts: count 1 length 16 ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535 ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255 ikev2_msg_send: IKE_AUTH response from 159.100.249.61:4500 to 198.48.213.186:58457 msgid 1, 272 bytes, NAT-T pfkey_sa_add: update spi 0x2e3fef46 pfkey_sa: udpencap port 58457 ikev2_childsa_enable: loaded CHILD SA spi 0x2e3fef46 pfkey_sa_add: add spi 0x0ec8190f pfkey_sa: udpencap port 58457 ikev2_childsa_enable: loaded CHILD SA spi 0x0ec8190f ikev2_childsa_enable: loaded flow 0x1c315193ac00 ikev2_childsa_enable: loaded flow 0x1c315193a400 sa_state: VALID -> ESTABLISHED from 198.48.213.186:58457 to 159.100.249.61:4500 policy 'ios10' config_free_proposals: free 0x1c31e3715880 pfkey_sa_last_used: last_used 1494195465 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2e3fef46 last used 0 second(s) ago pfkey_sa_last_used: last_used 1494195518 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2e3fef46 last used 7 second(s) ago pfkey_sa_last_used: last_used 1494195580 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2e3fef46 last used 5 second(s) ago pfkey_sa_last_used: last_used 1494195642 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2e3fef46 last used 3 second(s) ago pfkey_sa_last_used: last_used 1494195705 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2e3fef46 last used 0 second(s) ago pfkey_sa_last_used: last_used 1494195760 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2e3fef46 last used 5 second(s) ago pfkey_sa_last_used: last_used 1494195820 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2e3fef46 last used 5 second(s) ago pfkey_sa_last_used: last_used 1494195883 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2e3fef46 last used 2 second(s) ago ikev2_recv: CREATE_CHILD_SA request from initiator 198.48.213.186:58457 to 159.100.249.61:4500 policy 'ios10' id 2, 416 bytes ikev2_recv: ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 ikev2_recv: updated SA to peer 198.48.213.186:58457 local 159.100.249.61:4500 ikev2_pld_parse: header ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 nextpayload SK version 0x20 exchange CREATE_CHILD_SA flags 0x08 msgid 2 length 416 response 0 ikev2_pld_payloads: payload SK nextpayload SA critical 0x00 length 388 ikev2_msg_decrypt: IV length 16 f0f63ac3 118cb336 f1bbd248 b8ff4f32 ikev2_msg_decrypt: encrypted payload length 352 69ae6724 335d5765 74b9ab0c 410a002e 55dd85f4 b869f85e baece9d7 bd89fa1b 2d9199b1 af910e2b 56361709 161dfbdd fb19fc1e 5d2ac7ea e75b6aeb 10c65fd1 a3a868ff f7188bb2 1e77045e 0d12efda 6340da35 eb64de25 1614c086 79f97ed4 7c73d773 7cc4bf9d 642701ec 0fff4183 622dcb1b 3267ad24 51e61c02 0e24c46f 821fd202 b081ee29 965fc0f4 3de4ff6b b107a11c 157fd445 f10dce3a 5699a96a 17f05d0d 92adf7e7 1e6f693f 876ba162 616c3e2d 748d6a8c dd113f7e eb362a11 c9ed66f9 cac2b05a 718f0d5a 7a9476da 10125cba 70daa7ef c52b778f b5ddb688 3bec8377 fbd2f35c 933a25b6 6cc8cffd a9cb12f1 ae921f5a 9580caad 0654e61a fa92932b 64e3ec37 8273280a a030aeab 8c765019 1458679b 26a538f6 f8599b14 62ff5381 84101c29 b953f674 a4e1f13b 158c8ef1 b4267b0d 80f0a1a3 ddf3a1d1 65210175 de28875b 9a3ace64 497f1a8a 5e153794 3b33124a 28e0ce41 59646418 ikev2_msg_decrypt: integrity checksum length 16 6e4207c9 b55aabc1 ee6ee0ed 48baa0ed ikev2_msg_decrypt: integrity check succeeded 6e4207c9 b55aabc1 ee6ee0ed 48baa0ed ikev2_msg_decrypt: decrypted payload length 352/352 padding 11 28000038 00000034 01010804 e920cdaf 57b6d060 0300000c 0100000c 800e0100 03000008 02000005 03000008 0300000c 00000008 0400000e 22000014 d81a218b e19562d2 f0147c46 d68dfbe2 00000108 000e0000 d3ddc4ca 7733dcb8 af7ddb6b 225dc9e2 5667f4f5 d479e0c8 a9094b64 0daf7121 abaea201 bb88ce36 d80cec1a 391f107b 99bb170f 19670e98 fd15d6ae 84261fdc e235029b 59d93d69 25323612 6d64e9aa 639f3ed9 0485a9e3 226091d4 f0b75060 95eae79b 4b7a34fc ddcaedd6 c2d0cd90 19c4ba46 45236e36 9b381ea1 5914005c 36f667a9 203ccaca 51a70e9e 17c6208b a039d698 dc068623 a0385e4d d4dfb621 00d0cb63 3fc8180a e9d91a47 691c4470 6becc0ce b55a801f cc48ef8f 6ec599b6 659e42f6 19b5c4ed 1522eb3e 3b113f57 2582e874 9ac0c3de 3ae6e005 42691237 44ababbf 36a82769 8f367c2f d5df7eff 3b756045 9b53ee18 eacb8e13 c164f428 ba74c014 1a032316 0943870b ikev2_pld_payloads: decrypted payload SA nextpayload NONCE critical 0x00 length 56 ikev2_pld_sa: more 0 reserved 0 length 52 proposal #1 protoid IKE spisize 8 xforms 4 spi 0xe920cdaf57b6d060 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_payloads: decrypted payload NONCE nextpayload KE critical 0x00 length 20 d81a218b e19562d2 f0147c46 d68dfbe2 ikev2_pld_payloads: decrypted payload KE nextpayload NONE critical 0x00 length 264 ikev2_pld_ke: dh group MODP_2048 reserved 0 d3ddc4ca 7733dcb8 af7ddb6b 225dc9e2 5667f4f5 d479e0c8 a9094b64 0daf7121 abaea201 bb88ce36 d80cec1a 391f107b 99bb170f 19670e98 fd15d6ae 84261fdc e235029b 59d93d69 25323612 6d64e9aa 639f3ed9 0485a9e3 226091d4 f0b75060 95eae79b 4b7a34fc ddcaedd6 c2d0cd90 19c4ba46 45236e36 9b381ea1 5914005c 36f667a9 203ccaca 51a70e9e 17c6208b a039d698 dc068623 a0385e4d d4dfb621 00d0cb63 3fc8180a e9d91a47 691c4470 6becc0ce b55a801f cc48ef8f 6ec599b6 659e42f6 19b5c4ed 1522eb3e 3b113f57 2582e874 9ac0c3de 3ae6e005 42691237 44ababbf 36a82769 8f367c2f d5df7eff 3b756045 9b53ee18 eacb8e13 c164f428 ikev2_resp_create_child_sa: rekey IKE spi 0x1e6e9d8c7451ec2f ikev2_policy2id: srcid FQDN/novosibirsk.chown.me length 24 sa_state: INIT -> SA_INIT ikev2_match_proposals: xform 1 <-> 1 (1): ENCR AES_CBC (keylength 256 <-> 256) 256 ikev2_match_proposals: xform 1 <-> 1 (1): PRF HMAC_SHA2_256 (keylength 0 <-> 0) ikev2_match_proposals: xform 1 <-> 1 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 256) ikev2_match_proposals: xform 1 <-> 1 (1): DH MODP_2048 (keylength 0 <-> 0) ikev2_sa_negotiate: score 4 ikev2_sa_negotiate: score 1: ENCR AES_CBC 256 ikev2_sa_negotiate: score 1: PRF HMAC_SHA2_256 ikev2_sa_negotiate: score 1: INTEGR HMAC_SHA2_256_128 ikev2_sa_negotiate: score 1: DH MODP_2048 sa_stateok: SA_INIT flags 0x0000, require 0x0000 sa_stateflags: 0x0000 -> 0x0020 sa (required 0x0000 ) ikev2_sa_keys: SKEYSEED with 32 bytes 7e1e14c1 7a4dfa8e 584ef4af d7398bed cbc60f00 61796fd5 98d76c35 a814920f ikev2_sa_keys: S with 64 bytes d81a218b e19562d2 f0147c46 d68dfbe2 27c7e0af 29215581 40d824d0 3deda679 106fd0a4 e39a333a 584d66c7 295d4ea3 e920cdaf 57b6d060 2be28168 4e985433 ikev2_prfplus: T1 with 32 bytes 3088f0e8 2c3060d2 e886cbae de98b23a e04bbd63 c640b236 4196fc2c ed1099d2 ikev2_prfplus: T2 with 32 bytes 61d241db 012d21f4 720f5b91 67241a77 2f74795b b19799d7 94666ea1 31f75e07 ikev2_prfplus: T3 with 32 bytes 969d679c 9e51e2ee 631769f5 b101d60d 67392afe 31927e05 f29b4ba1 71cf4bb7 ikev2_prfplus: T4 with 32 bytes 81b4f6d7 1b97f82b 10ed3b89 528c1bf7 7dcf6bf4 1b3fec37 37d39923 ce97a2f5 ikev2_prfplus: T5 with 32 bytes 57c279f6 0b7df2f2 74411c61 fea6b30f a1833f24 8bebd011 6a9e9586 67ff556d ikev2_prfplus: T6 with 32 bytes 829b2f56 179c950e 1fc58346 c6db37cf f3db7410 a740ed8e 45829f19 010ca1c6 ikev2_prfplus: T7 with 32 bytes 89a2a091 7db1b26d 0b010698 39e4bf58 a7ef007f 3b860de4 5712ece7 4755ba70 ikev2_prfplus: Tn with 224 bytes 3088f0e8 2c3060d2 e886cbae de98b23a e04bbd63 c640b236 4196fc2c ed1099d2 61d241db 012d21f4 720f5b91 67241a77 2f74795b b19799d7 94666ea1 31f75e07 969d679c 9e51e2ee 631769f5 b101d60d 67392afe 31927e05 f29b4ba1 71cf4bb7 81b4f6d7 1b97f82b 10ed3b89 528c1bf7 7dcf6bf4 1b3fec37 37d39923 ce97a2f5 57c279f6 0b7df2f2 74411c61 fea6b30f a1833f24 8bebd011 6a9e9586 67ff556d 829b2f56 179c950e 1fc58346 c6db37cf f3db7410 a740ed8e 45829f19 010ca1c6 89a2a091 7db1b26d 0b010698 39e4bf58 a7ef007f 3b860de4 5712ece7 4755ba70 ikev2_sa_keys: SK_d with 32 bytes 3088f0e8 2c3060d2 e886cbae de98b23a e04bbd63 c640b236 4196fc2c ed1099d2 ikev2_sa_keys: SK_ai with 32 bytes 61d241db 012d21f4 720f5b91 67241a77 2f74795b b19799d7 94666ea1 31f75e07 ikev2_sa_keys: SK_ar with 32 bytes 969d679c 9e51e2ee 631769f5 b101d60d 67392afe 31927e05 f29b4ba1 71cf4bb7 ikev2_sa_keys: SK_ei with 32 bytes 81b4f6d7 1b97f82b 10ed3b89 528c1bf7 7dcf6bf4 1b3fec37 37d39923 ce97a2f5 ikev2_sa_keys: SK_er with 32 bytes 57c279f6 0b7df2f2 74411c61 fea6b30f a1833f24 8bebd011 6a9e9586 67ff556d ikev2_sa_keys: SK_pi with 32 bytes 829b2f56 179c950e 1fc58346 c6db37cf f3db7410 a740ed8e 45829f19 010ca1c6 ikev2_sa_keys: SK_pr with 32 bytes 89a2a091 7db1b26d 0b010698 39e4bf58 a7ef007f 3b860de4 5712ece7 4755ba70 sa_state: SA_INIT -> AUTH_SUCCESS ikev2_add_proposals: length 52 ikev2_next_payload: length 56 nextpayload NONCE ikev2_next_payload: length 36 nextpayload KE ikev2_next_payload: length 264 nextpayload NONE ikev2_msg_encrypt: decrypted length 356 28000038 00000034 01010804 2be28168 4e985433 0300000c 0100000c 800e0100 03000008 02000005 03000008 0300000c 00000008 0400000e 22000024 27c7e0af 29215581 40d824d0 3deda679 106fd0a4 e39a333a 584d66c7 295d4ea3 00000108 000e0000 55370b4a 8a1bc757 a236a48d ac2625fd 0dc6f66a 3116e043 ddeb8dd9 70c81998 4919165b 5cad6cbe 57c689f7 96845e7d 10eb3152 061ff371 c6fc3092 abe4744e 255f6e01 29f2b1e9 50045ba2 46c2bdf6 caf9a237 2f0c998d 13828ff7 e02d9297 be5e83de 1a530721 6e2ac1cb a54dc8fe 1f022e06 a0b8aaf2 3014b755 e7573faf ff18f403 30cfa6cb 94ceb155 7f3d515d e2f2c2de 8ccf9398 d69c72e2 be2d45ee 7e78f2e4 ae494ecb 7d34fb17 3a86036e 77c207ca 3c9d9977 d014f3f0 8c89319d 960b1924 aef2836d ba663260 645f6c22 cff71343 63454ef7 758d00f8 6ce36235 1ddc3074 39c96d91 63afda8b 57dd7f93 b95c1ce5 063754ae 24e8b9c6 98abb73c ikev2_msg_encrypt: padded length 368 28000038 00000034 01010804 2be28168 4e985433 0300000c 0100000c 800e0100 03000008 02000005 03000008 0300000c 00000008 0400000e 22000024 27c7e0af 29215581 40d824d0 3deda679 106fd0a4 e39a333a 584d66c7 295d4ea3 00000108 000e0000 55370b4a 8a1bc757 a236a48d ac2625fd 0dc6f66a 3116e043 ddeb8dd9 70c81998 4919165b 5cad6cbe 57c689f7 96845e7d 10eb3152 061ff371 c6fc3092 abe4744e 255f6e01 29f2b1e9 50045ba2 46c2bdf6 caf9a237 2f0c998d 13828ff7 e02d9297 be5e83de 1a530721 6e2ac1cb a54dc8fe 1f022e06 a0b8aaf2 3014b755 e7573faf ff18f403 30cfa6cb 94ceb155 7f3d515d e2f2c2de 8ccf9398 d69c72e2 be2d45ee 7e78f2e4 ae494ecb 7d34fb17 3a86036e 77c207ca 3c9d9977 d014f3f0 8c89319d 960b1924 aef2836d ba663260 645f6c22 cff71343 63454ef7 758d00f8 6ce36235 1ddc3074 39c96d91 63afda8b 57dd7f93 b95c1ce5 063754ae 24e8b9c6 98abb73c dd9bb856 8ea463b7 7c450d0b ikev2_msg_encrypt: length 357, padding 11, output length 400 d07e1a96 f5a34890 4fc71686 3e9e2476 f3c45ef0 773cda21 f9bb496d 5e0fa716 fb1286e7 9af8e613 f9a7ca76 bb5c89af b87ba0a3 06d29905 09aabf03 60a3a9bc d119a323 cffecd4d 46b9c645 d6588731 43f4de15 ddd17f16 d31dbf21 1fd63e49 e5cf5fc9 4a3af32c 001a9efa 10eb812c e4e5fcc9 64ba2c05 3f0b46a9 4364084d cf59fea7 a955678e fe1c9276 df9fe4b7 c8c2085a 329d66a7 a310ccf9 d8cee169 82b16eaf 1829e24f b6bde8e8 5b9ff626 767d37f6 60800f98 d1a4737d fe5078e9 bbf7f66c b92a9234 a4d7cd93 af5a080b e0d4084d 05683e08 8631d81b 884563ca 8719a2ce c507e5a1 99aec81b 7f5a5e2b 6a4ee84b 972e777d dea9ac76 f94197ec bb534174 65a488d9 b35f5141 72ceea49 c46146ee 4bf84211 3dd78216 8ef79f3d b382b8a7 918786db 7c9179c1 3b456a55 9f2492bd 3fefaa2f 496b36a5 27f61f54 2912ebe1 214b0ec4 eabafe0f 638ec92a 67be78ff 94f56153 1d62cc20 22f8e718 3c6e9214 81b412b5 381aab77 193cfef6 12ca9e39 ca9be282 a0f817a0 4294a2bb 00000000 00000000 00000000 00000000 ikev2_next_payload: length 404 nextpayload SA ikev2_msg_integr: message length 432 1e6e9d8c 7451ec2f cd9fff65 dfabfff9 2e202420 00000002 000001b0 21000194 d07e1a96 f5a34890 4fc71686 3e9e2476 f3c45ef0 773cda21 f9bb496d 5e0fa716 fb1286e7 9af8e613 f9a7ca76 bb5c89af b87ba0a3 06d29905 09aabf03 60a3a9bc d119a323 cffecd4d 46b9c645 d6588731 43f4de15 ddd17f16 d31dbf21 1fd63e49 e5cf5fc9 4a3af32c 001a9efa 10eb812c e4e5fcc9 64ba2c05 3f0b46a9 4364084d cf59fea7 a955678e fe1c9276 df9fe4b7 c8c2085a 329d66a7 a310ccf9 d8cee169 82b16eaf 1829e24f b6bde8e8 5b9ff626 767d37f6 60800f98 d1a4737d fe5078e9 bbf7f66c b92a9234 a4d7cd93 af5a080b e0d4084d 05683e08 8631d81b 884563ca 8719a2ce c507e5a1 99aec81b 7f5a5e2b 6a4ee84b 972e777d dea9ac76 f94197ec bb534174 65a488d9 b35f5141 72ceea49 c46146ee 4bf84211 3dd78216 8ef79f3d b382b8a7 918786db 7c9179c1 3b456a55 9f2492bd 3fefaa2f 496b36a5 27f61f54 2912ebe1 214b0ec4 eabafe0f 638ec92a 67be78ff 94f56153 1d62cc20 22f8e718 3c6e9214 81b412b5 381aab77 193cfef6 12ca9e39 ca9be282 a0f817a0 4294a2bb 00000000 00000000 00000000 00000000 ikev2_msg_integr: integrity checksum length 16 83b51d9c 39629279 fd255697 1696c3a1 6784862a caf9ac70 e0e4e80c 4834884c ikev2_pld_parse: header ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 nextpayload SK version 0x20 exchange CREATE_CHILD_SA flags 0x20 msgid 2 length 432 response 1 ikev2_pld_payloads: payload SK nextpayload SA critical 0x00 length 404 ikev2_msg_decrypt: IV length 16 d07e1a96 f5a34890 4fc71686 3e9e2476 ikev2_msg_decrypt: encrypted payload length 368 f3c45ef0 773cda21 f9bb496d 5e0fa716 fb1286e7 9af8e613 f9a7ca76 bb5c89af b87ba0a3 06d29905 09aabf03 60a3a9bc d119a323 cffecd4d 46b9c645 d6588731 43f4de15 ddd17f16 d31dbf21 1fd63e49 e5cf5fc9 4a3af32c 001a9efa 10eb812c e4e5fcc9 64ba2c05 3f0b46a9 4364084d cf59fea7 a955678e fe1c9276 df9fe4b7 c8c2085a 329d66a7 a310ccf9 d8cee169 82b16eaf 1829e24f b6bde8e8 5b9ff626 767d37f6 60800f98 d1a4737d fe5078e9 bbf7f66c b92a9234 a4d7cd93 af5a080b e0d4084d 05683e08 8631d81b 884563ca 8719a2ce c507e5a1 99aec81b 7f5a5e2b 6a4ee84b 972e777d dea9ac76 f94197ec bb534174 65a488d9 b35f5141 72ceea49 c46146ee 4bf84211 3dd78216 8ef79f3d b382b8a7 918786db 7c9179c1 3b456a55 9f2492bd 3fefaa2f 496b36a5 27f61f54 2912ebe1 214b0ec4 eabafe0f 638ec92a 67be78ff 94f56153 1d62cc20 22f8e718 3c6e9214 81b412b5 381aab77 193cfef6 12ca9e39 ca9be282 a0f817a0 4294a2bb ikev2_msg_decrypt: integrity checksum length 16 83b51d9c 39629279 fd255697 1696c3a1 ikev2_msg_decrypt: integrity check succeeded 83b51d9c 39629279 fd255697 1696c3a1 ikev2_msg_decrypt: decrypted payload length 368/368 padding 11 28000038 00000034 01010804 2be28168 4e985433 0300000c 0100000c 800e0100 03000008 02000005 03000008 0300000c 00000008 0400000e 22000024 27c7e0af 29215581 40d824d0 3deda679 106fd0a4 e39a333a 584d66c7 295d4ea3 00000108 000e0000 55370b4a 8a1bc757 a236a48d ac2625fd 0dc6f66a 3116e043 ddeb8dd9 70c81998 4919165b 5cad6cbe 57c689f7 96845e7d 10eb3152 061ff371 c6fc3092 abe4744e 255f6e01 29f2b1e9 50045ba2 46c2bdf6 caf9a237 2f0c998d 13828ff7 e02d9297 be5e83de 1a530721 6e2ac1cb a54dc8fe 1f022e06 a0b8aaf2 3014b755 e7573faf ff18f403 30cfa6cb 94ceb155 7f3d515d e2f2c2de 8ccf9398 d69c72e2 be2d45ee 7e78f2e4 ae494ecb 7d34fb17 3a86036e 77c207ca 3c9d9977 d014f3f0 8c89319d 960b1924 aef2836d ba663260 645f6c22 cff71343 63454ef7 758d00f8 6ce36235 1ddc3074 39c96d91 63afda8b 57dd7f93 b95c1ce5 063754ae 24e8b9c6 98abb73c dd9bb856 8ea463b7 7c450d0b ikev2_pld_payloads: decrypted payload SA nextpayload NONCE critical 0x00 length 56 ikev2_pld_sa: more 0 reserved 0 length 52 proposal #1 protoid IKE spisize 8 xforms 4 spi 0x2be281684e985433 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type PRF id HMAC_SHA2_256 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type DH id MODP_2048 ikev2_pld_payloads: decrypted payload NONCE nextpayload KE critical 0x00 length 36 27c7e0af 29215581 40d824d0 3deda679 106fd0a4 e39a333a 584d66c7 295d4ea3 ikev2_pld_payloads: decrypted payload KE nextpayload NONE critical 0x00 length 264 ikev2_pld_ke: dh group MODP_2048 reserved 0 55370b4a 8a1bc757 a236a48d ac2625fd 0dc6f66a 3116e043 ddeb8dd9 70c81998 4919165b 5cad6cbe 57c689f7 96845e7d 10eb3152 061ff371 c6fc3092 abe4744e 255f6e01 29f2b1e9 50045ba2 46c2bdf6 caf9a237 2f0c998d 13828ff7 e02d9297 be5e83de 1a530721 6e2ac1cb a54dc8fe 1f022e06 a0b8aaf2 3014b755 e7573faf ff18f403 30cfa6cb 94ceb155 7f3d515d e2f2c2de 8ccf9398 d69c72e2 be2d45ee 7e78f2e4 ae494ecb 7d34fb17 3a86036e 77c207ca 3c9d9977 d014f3f0 8c89319d 960b1924 aef2836d ba663260 645f6c22 cff71343 63454ef7 758d00f8 6ce36235 1ddc3074 39c96d91 63afda8b 57dd7f93 b95c1ce5 063754ae 24e8b9c6 98abb73c ikev2_msg_send: CREATE_CHILD_SA response from 159.100.249.61:4500 to 198.48.213.186:58457 msgid 2, 432 bytes, NAT-T ikev2_ikesa_enable: IKE SA 0x1c322380a000 ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 replaced by SA 0x1c31e3719800 ispi 0xe920cdaf57b6d060 rspi 0x2be281684e985433 ikev2_ikesa_enable: activating new IKE SA sa_state: AUTH_SUCCESS -> ESTABLISHED from 198.48.213.186:58457 to 159.100.249.61:4500 policy 'ios10' sa_state: ESTABLISHED -> CLOSING config_free_proposals: free 0x1c31ca837300 ikev2_recv: INFORMATIONAL request from initiator 198.48.213.186:58457 to 159.100.249.61:4500 policy 'ios10' id 3, 80 bytes ikev2_recv: ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 ikev2_recv: updated SA to peer 198.48.213.186:58457 local 159.100.249.61:4500 ikev2_pld_parse: header ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x08 msgid 3 length 80 response 0 ikev2_pld_payloads: payload SK nextpayload DELETE critical 0x00 length 52 ikev2_msg_decrypt: IV length 16 a7ded7f9 e4064467 8b285ddf af0aa502 ikev2_msg_decrypt: encrypted payload length 16 6605e6b6 deb816c6 02c21e3f ac9fb84f ikev2_msg_decrypt: integrity checksum length 16 249f3d29 1556a4d1 e5c65000 f0d561d9 ikev2_msg_decrypt: integrity check succeeded 249f3d29 1556a4d1 e5c65000 f0d561d9 ikev2_msg_decrypt: decrypted payload length 16/16 padding 7 00000008 01000000 21c2a906 f349f807 ikev2_pld_payloads: decrypted payload DELETE nextpayload NONE critical 0x00 length 8 ikev2_pld_delete: proto IKE spisize 0 nspi 0 ikev2_next_payload: length 4 nextpayload NONE ikev2_msg_encrypt: decrypted length 4 00000004 ikev2_msg_encrypt: padded length 16 00000004 98b521d9 cb46dc71 4c1d790b ikev2_msg_encrypt: length 5, padding 11, output length 48 d154ea38 285862f4 e0e24bbc 1fc3438b c615c60e 4150cfaf 458ea08a 0cbed4f8 00000000 00000000 00000000 00000000 ikev2_next_payload: length 52 nextpayload NONE ikev2_msg_integr: message length 80 1e6e9d8c 7451ec2f cd9fff65 dfabfff9 2e202520 00000003 00000050 00000034 d154ea38 285862f4 e0e24bbc 1fc3438b c615c60e 4150cfaf 458ea08a 0cbed4f8 00000000 00000000 00000000 00000000 ikev2_msg_integr: integrity checksum length 16 579a43b3 e809fb09 6aefebc8 95f60981 0a98dd34 4eb33f5c 3bdf24f7 98bc648a ikev2_pld_parse: header ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x20 msgid 3 length 80 response 1 ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 ikev2_msg_decrypt: IV length 16 d154ea38 285862f4 e0e24bbc 1fc3438b ikev2_msg_decrypt: encrypted payload length 16 c615c60e 4150cfaf 458ea08a 0cbed4f8 ikev2_msg_decrypt: integrity checksum length 16 579a43b3 e809fb09 6aefebc8 95f60981 ikev2_msg_decrypt: integrity check succeeded 579a43b3 e809fb09 6aefebc8 95f60981 ikev2_msg_decrypt: decrypted payload length 16/16 padding 11 00000004 98b521d9 cb46dc71 4c1d790b ikev2_msg_send: INFORMATIONAL response from 159.100.249.61:4500 to 198.48.213.186:58457 msgid 3, 80 bytes, NAT-T sa_state: CLOSING -> CLOSED from 198.48.213.186:58457 to 159.100.249.61:4500 policy 'ios10' ikev2_recv: closing SA sa_free: ispi 0x1e6e9d8c7451ec2f rspi 0xcd9fff65dfabfff9 config_free_proposals: free 0x1c31d8d49c80 ikev2_recv: CREATE_CHILD_SA request from initiator 198.48.213.186:58457 to 159.100.249.61:4500 policy 'ios10' id 0, 192 bytes ikev2_recv: ispi 0xe920cdaf57b6d060 rspi 0x2be281684e985433 ikev2_recv: updated SA to peer 198.48.213.186:58457 local 159.100.249.61:4500 ikev2_pld_parse: header ispi 0xe920cdaf57b6d060 rspi 0x2be281684e985433 nextpayload SK version 0x20 exchange CREATE_CHILD_SA flags 0x08 msgid 0 length 192 response 0 ikev2_pld_payloads: payload SK nextpayload NOTIFY critical 0x00 length 164 ikev2_msg_decrypt: IV length 16 e6cd4f76 a0f1603b 48105534 6ba2d250 ikev2_msg_decrypt: encrypted payload length 128 dd5c61a4 ed71a531 943e10e4 9fa2f0a0 22351d7b e46b45d5 a8f9878d d5b357f2 973b5dbf bdf79617 70647936 8c13e7fb ebc2e23f 41a919a3 fa72921f 831d5f88 ee357888 4b36d9ef 828138a9 15e51fcc 445bb0eb b02fda44 754dc34f b2e8a3b9 50359b35 35cceaf0 deaa4263 94bdf719 7ee32b51 a849f6b3 282c572b 4289c0a7 ikev2_msg_decrypt: integrity checksum length 16 8a0ae341 990753a0 1e1b7360 e90affb6 ikev2_msg_decrypt: integrity check succeeded 8a0ae341 990753a0 1e1b7360 e90affb6 ikev2_msg_decrypt: decrypted payload length 128/128 padding 3 2100000c 03044009 0ec8190f 2800002c 00000028 01030403 08a266cb 0300000c 0100000c 800e0100 03000008 0300000c 00000008 05000000 2c000014 a5d4efe8 7cd6a2d9 2981b5cd 44463667 2d000018 01000000 07000010 0000ffff c0a8de00 c0a8deff 00000018 01000000 07000010 0000ffff 00000000 ffffffff 66753503 ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical 0x00 length 12 ikev2_pld_notify: protoid ESP spisize 4 type REKEY_SA 0ec8190f ikev2_pld_notify: rekey ESP spi 0x0ec8190f ikev2_pld_payloads: decrypted payload SA nextpayload NONCE critical 0x00 length 44 ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP spisize 4 xforms 3 spi 0x08a266cb ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA2_256_128 ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE ikev2_pld_payloads: decrypted payload NONCE nextpayload TSi critical 0x00 length 20 a5d4efe8 7cd6a2d9 2981b5cd 44463667 ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00 length 24 ikev2_pld_ts: count 1 length 16 ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535 ikev2_pld_ts: start 192.168.222.0 end 192.168.222.255 ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length 24 ikev2_pld_ts: count 1 length 16 ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535 ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255 ikev2_resp_create_child_sa: rekey ESP spi 0x0ec8190f ikev2_match_proposals: xform 1 <-> 2 (1): ENCR AES_CBC (keylength 256 <-> 256) 256 ikev2_match_proposals: xform 1 <-> 2 (1): INTEGR HMAC_SHA2_256_128 (keylength 0 <-> 256) ikev2_match_proposals: xform 1 <-> 2 (2): ESN NONE (keylength 0 <-> 0) ikev2_sa_negotiate: score 0 ikev2_resp_create_child_sa: no proposal chosen ikev2_next_payload: length 8 nextpayload NONE ikev2_msg_encrypt: decrypted length 8 00000008 0000000e ikev2_msg_encrypt: padded length 16 00000008 0000000e acfa3803 83f6d807 ikev2_msg_encrypt: length 9, padding 7, output length 48 18fa987b 483ba69b 6c33a939 898e1e1b 0090edde e1b5579f 46f0a67d 07b93553 00000000 00000000 00000000 00000000 ikev2_next_payload: length 52 nextpayload NOTIFY ikev2_msg_integr: message length 80 e920cdaf 57b6d060 2be28168 4e985433 2e202420 00000000 00000050 29000034 18fa987b 483ba69b 6c33a939 898e1e1b 0090edde e1b5579f 46f0a67d 07b93553 00000000 00000000 00000000 00000000 ikev2_msg_integr: integrity checksum length 16 793dcba5 cc2d01e9 e9170a93 31a5392e 864a66f3 fab3de8d ff43f1b1 69093ab8 ikev2_pld_parse: header ispi 0xe920cdaf57b6d060 rspi 0x2be281684e985433 nextpayload SK version 0x20 exchange CREATE_CHILD_SA flags 0x20 msgid 0 length 80 response 1 ikev2_pld_payloads: payload SK nextpayload NOTIFY critical 0x00 length 52 ikev2_msg_decrypt: IV length 16 18fa987b 483ba69b 6c33a939 898e1e1b ikev2_msg_decrypt: encrypted payload length 16 0090edde e1b5579f 46f0a67d 07b93553 ikev2_msg_decrypt: integrity checksum length 16 793dcba5 cc2d01e9 e9170a93 31a5392e ikev2_msg_decrypt: integrity check succeeded 793dcba5 cc2d01e9 e9170a93 31a5392e ikev2_msg_decrypt: decrypted payload length 16/16 padding 7 00000008 0000000e acfa3803 83f6d807 ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 length 8 ikev2_pld_notify: protoid NONE spisize 0 type NO_PROPOSAL_CHOSEN ikev2_msg_send: CREATE_CHILD_SA response from 159.100.249.61:4500 to 198.48.213.186:58457 msgid 0, 80 bytes, NAT-T config_free_proposals: free 0x1c31e3715e80 ikev2_recv: INFORMATIONAL request from initiator 198.48.213.186:58457 to 159.100.249.61:4500 policy 'ios10' id 1, 80 bytes ikev2_recv: ispi 0xe920cdaf57b6d060 rspi 0x2be281684e985433 ikev2_recv: updated SA to peer 198.48.213.186:58457 local 159.100.249.61:4500 ikev2_pld_parse: header ispi 0xe920cdaf57b6d060 rspi 0x2be281684e985433 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x08 msgid 1 length 80 response 0 ikev2_pld_payloads: payload SK nextpayload DELETE critical 0x00 length 52 ikev2_msg_decrypt: IV length 16 f49ac0cc 2c4c98b2 27bb18fa f6212760 ikev2_msg_decrypt: encrypted payload length 16 3572e6fe 325e6a64 7578fbcb 4f8479f5 ikev2_msg_decrypt: integrity checksum length 16 f0de7293 f7e85bbd 94e78a30 2673da41 ikev2_msg_decrypt: integrity check succeeded f0de7293 f7e85bbd 94e78a30 2673da41 ikev2_msg_decrypt: decrypted payload length 16/16 padding 7 00000008 01000000 be0cea22 b6717a07 ikev2_pld_payloads: decrypted payload DELETE nextpayload NONE critical 0x00 length 8 ikev2_pld_delete: proto IKE spisize 0 nspi 0 ikev2_next_payload: length 4 nextpayload NONE ikev2_msg_encrypt: decrypted length 4 00000004 ikev2_msg_encrypt: padded length 16 00000004 536364e7 29fcedd7 266ed20b ikev2_msg_encrypt: length 5, padding 11, output length 48 f8233df0 c5e3905a a6080877 dd506fee 55f8aff2 7fe47eb9 14439557 774b89ba 00000000 00000000 00000000 00000000 ikev2_next_payload: length 52 nextpayload NONE ikev2_msg_integr: message length 80 e920cdaf 57b6d060 2be28168 4e985433 2e202520 00000001 00000050 00000034 f8233df0 c5e3905a a6080877 dd506fee 55f8aff2 7fe47eb9 14439557 774b89ba 00000000 00000000 00000000 00000000 ikev2_msg_integr: integrity checksum length 16 b326a1d9 aebfbcad 5e24471b 9861b2a7 07e97269 81a02230 0215cd56 e6bbeb3d ikev2_pld_parse: header ispi 0xe920cdaf57b6d060 rspi 0x2be281684e985433 nextpayload SK version 0x20 exchange INFORMATIONAL flags 0x20 msgid 1 length 80 response 1 ikev2_pld_payloads: payload SK nextpayload NONE critical 0x00 length 52 ikev2_msg_decrypt: IV length 16 f8233df0 c5e3905a a6080877 dd506fee ikev2_msg_decrypt: encrypted payload length 16 55f8aff2 7fe47eb9 14439557 774b89ba ikev2_msg_decrypt: integrity checksum length 16 b326a1d9 aebfbcad 5e24471b 9861b2a7 ikev2_msg_decrypt: integrity check succeeded b326a1d9 aebfbcad 5e24471b 9861b2a7 ikev2_msg_decrypt: decrypted payload length 16/16 padding 11 00000004 536364e7 29fcedd7 266ed20b ikev2_msg_send: INFORMATIONAL response from 159.100.249.61:4500 to 198.48.213.186:58457 msgid 1, 80 bytes, NAT-T sa_state: ESTABLISHED -> CLOSED from 198.48.213.186:58457 to 159.100.249.61:4500 policy 'ios10' ikev2_recv: closing SA sa_free: ispi 0xe920cdaf57b6d060 rspi 0x2be281684e985433 config_free_proposals: free 0x1c31ef8b7300 config_free_proposals: free 0x1c31e3715f00 config_free_childsas: free 0x1c31e3716500 config_free_childsas: free 0x1c3236fdbe00 sa_free_flows: free 0x1c315193ac00 sa_free_flows: free 0x1c315193a400 control exiting, pid 41841 ikev2 exiting, pid 20443 ca exiting, pid 46977 parent terminating