IPsec certification/authentication problem

drcyberg · April 10, 2025, 11:41am

Hi Masters!

I have successfully created a certificate-based Strongswan server that works on both Windows and Linux, and the VPN connection (IKEv2) is established properly.
But unfortunately it does not work on a Mikrotik router (hAP ax^2), and it produces the following error, even though I have successfully imported the PKCS12 certificate and key.

It is set up as follows: [Mikrotik V7.18.2 (stable) (Client)] <—> [Strongswan (Server) V5.9.13]

I see that it does not matter what I set from the Mikrotik page, it prints an error during identification (highlighted in bold).

Has anyone encountered such an error?

Thank you!

Regards!

2025-04-10T11:20:12.036264+00:00 protection1 ipsec[356662]: 07[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
2025-04-10T11:20:12.036487+00:00 protection1 ipsec[356662]: 07[IKE] CHILD_SA ikev2-vpn-rsa-cp-1{6} established with SPIs cd12eb9e_i 041782b1_o and TS 10.10.10.1/32 === 10.10.10.2/32
2025-04-10T11:20:12.036708+00:00 protection1 ipsec[356662]: 07[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(AUTH_LFT) ]
2025-04-10T11:20:12.036982+00:00 protection1 ipsec[356662]: 07[ENC] splitting IKE message (1664 bytes) into 2 fragments
2025-04-10T11:20:12.037210+00:00 protection1 ipsec[356662]: 07[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
2025-04-10T11:20:12.037473+00:00 protection1 ipsec[356662]: 07[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
2025-04-10T11:20:12.037657+00:00 protection1 ipsec[356662]: 07[NET] sending packet: from 193.188.xxx.xxx[4500] to 79.122.83.224[4500] (1236 bytes)
2025-04-10T11:20:12.037824+00:00 protection1 ipsec[356662]: 07[NET] sending packet: from 193.188.xxx.xxx[4500] to 79.122.83.224[4500] (500 bytes)
2025-04-10T11:20:12.038019+00:00 protection1 ipsec[356662]: 11[NET] received packet: from 79.122.83.224[4500] to 193.188.xxx.xxx[4500] (240 bytes)
2025-04-10T11:20:12.038211+00:00 protection1 ipsec[356662]: 11[ENC] > parsed INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
2025-04-10T11:20:12.038309+00:00 protection1 ipsec[356662]: 11[IKE] received DELETE for IKE_SA ikev2-vpn-rsa-cp-1[10]
2025-04-10T11:20:12.038661+00:00 protection1 charon: 11[IKE] unable to reestablish IKE_SA due to asymmetric setup
2025-04-10T11:20:12.038921+00:00 protection1 charon: 11[IKE] IKE_SA deleted
2025-04-10T11:20:12.057744+00:00 protection1 vpn: - C=HU, O=Cybxxx, CN=> puffymikrotik@cybxxx.net > 10.10.10.2/32 == 79.122.83.224 – 193.188.xxx.xxx == 10.10.10.1/32
2025-04-10T11:20:12.058153+00:00 protection1 charon: 11[ENC] generating INFORMATIONAL response 2
2025-04-10T11:20:12.058221+00:00 protection1 charon: 11[NET] sending packet: from 193.188.xxx.xxx[4500] to 79.122.83.224[4500] (80 bytes)
2025-04-10T11:20:12.058704+00:00 protection1 charon: 11[CFG] lease 10.10.10.2 by 'C=HU, O=Cybxxx, CN=> puffymikrotik@xxx.net> ’ went offline

sindy · April 10, 2025, 1:05pm

Since the Mikrotik side has rejected the connection, the log on Mikrotik side should be more helpful.

On Mikrotik, disable the peer or identity, and enable IPsec logging using /system logging add topics=ipsec,!packet
Next, start writing ipsec log into a file:
/log print follow-only file=ipsec-start where topics~“ipsec”
Then enable the peer or identity you have previously disabled, wait until Strongswan gets the DELETE, then Ctrl-C the /log print…, download the file ipsec-start.txt and see what it tells you.

drcyberg · April 14, 2025, 2:10pm

Hi Sindy!
I get the following error message:

 2025-04-14 15:46:41 ipsec ipsec: payload seen: ENC (52 bytes)
 2025-04-14 15:46:41 ipsec ipsec: processing payload: ENC
 2025-04-14 15:46:41 ipsec,debug ipsec: => iv (size 0x10)
 2025-04-14 15:46:41 ipsec,debug ipsec: 3c124c79 e6ba1ec7 69bca54b 4e7e9112
 2025-04-14 15:46:41 ipsec,debug ipsec: decrypted packet
 2025-04-14 15:46:41 ipsec,debug,packet ipsec: => decrypted packet (size 0x24)
 2025-04-14 15:46:41 ipsec,debug,packet ipsec: 2ccfc1af ae6a164d 44245a34 0b7ca26f 29202320 00000001 00000024 00000008
 2025-04-14 15:46:41 ipsec,debug,packet ipsec: 00000018
 2025-04-14 15:46:42 ipsec ipsec: payload seen: NOTIFY (8 bytes)
 2025-04-14 15:46:42 ipsec ipsec: processing payloads: NOTIFY
 2025-04-14 15:46:42 ipsec ipsec:   notify: AUTHENTICATION_FAILED
 2025-04-14 15:46:42 ipsec,error got fatal error: AUTHENTICATION_FAILED
 2025-04-14 15:46:42 ipsec,error ipsec: got fatal error: AUTHENTICATION_FAILED

I tried importing the certificates in a different way (server ca .pem, user ca .pem, user key .pem instead of .pkcs12), which was also successful, but unfortunately the phenomenon is the same. Of course, it works on Linux and Windows, but it doesn’t want to work on Mikrotik.

What do you think, where do you think the mistake could be?

Thank you!

Regards: DrCyberg

sindy · April 15, 2025, 11:38am

The log from the Mikrotik shows a different scenario than the one from Charon (the Notify: Auth failure has been received from the remote). Please send logs from the same single connection attempt from both devices. If both peers are on a public address and both are actively attempting to initiate the connection, make one of them a mere responder, as otherwise we’d have problems to relate the individual events to the two connection attempts taking place in opposite directions.

drcyberg · April 16, 2025, 8:56am

The VPN server is set up in passive mode (Public IP address), meaning it is the receiver, while the Mikrotik router is the initiator (Dynamic IP address).
The IKEv2 IPsec connection works perfectly with the pre-shared key, but it won’t work with the certificate-only solution.
I hope this information helps, because unfortunately I have no more ideas what the problem could be:

Mikrotik IPsec config:

2025-04-16 13:20:02 by RouterOS 7.18.2

software id = 4ACF-V43M

model = C52iG-5HaxD2HaxD

serial number = HFK0905GMZT

/ip ipsec mode-config
add connection-mark=Logging-Server name=Logging-Server responder=no src-address-list=Networks
/ip ipsec policy group
add name=group14
/ip ipsec profile
set [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=1h name=Logging-Server
/ip ipsec peer
add address=193.188.192.110/32 comment=Cyberpointer disabled=yes exchange-mode=ike2 local-address=192.168.0.15 name=Logging-Server port=500 profile=Logging-Server
/ip ipsec proposal
set [ find default=yes ] disabled=yes
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=20m name=Logging-Server pfs-group=none
/ip ipsec identity
add auth-method=digital-signature certificate=PuffyMikrotikCert.pem match-by=certificate mode-config=Logging-Server notrack-chain=output peer=Logging-Server remote-certificate=strongswanCert.pem
/ip ipsec policy
set 0 disabled=yes
add comment=CyberPointer dst-address=10.10.10.1/32 peer=Logging-Server proposal=Logging-Server src-address=10.10.10.2/32 tunnel=yes

The Strongswan log file:

2025-04-16T13:14:19.177184+02:00 cyberpointer charon: 06[NET] received packet: from 79.122.83.224[500] to 193.188.192.110[500] (432 bytes)
2025-04-16T13:14:19.177355+02:00 cyberpointer charon: 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
2025-04-16T13:14:19.177431+02:00 cyberpointer charon: 06[IKE] 79.122.83.224 is initiating an IKE_SA
2025-04-16T13:14:19.177573+02:00 cyberpointer charon: 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
2025-04-16T13:14:19.177739+02:00 cyberpointer charon: 06[IKE] remote host is behind NAT
2025-04-16T13:14:19.177843+02:00 cyberpointer charon: 06[IKE] sending cert request for “C=HU, O=CyberPointer, CN=CyberPointer Root CA”
2025-04-16T13:14:19.178101+02:00 cyberpointer charon: 06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
2025-04-16T13:14:19.178202+02:00 cyberpointer charon: 06[NET] sending packet: from 193.188.192.110[500] to 79.122.83.224[500] (481 bytes)
2025-04-16T13:14:19.620828+02:00 cyberpointer charon: 12[NET] received packet: from 79.122.83.224[4500] to 193.188.192.110[4500] (1236 bytes)
2025-04-16T13:14:19.626349+02:00 cyberpointer charon: 12[ENC] parsed IKE_AUTH request 1 [ EF(1/2) ]
2025-04-16T13:14:19.626619+02:00 cyberpointer charon: 12[ENC] received fragment #1 of 2, waiting for complete IKE message
2025-04-16T13:14:19.626855+02:00 cyberpointer charon: 08[NET] received packet: from 79.122.83.224[4500] to 193.188.192.110[4500] (804 bytes)
2025-04-16T13:14:19.627228+02:00 cyberpointer charon: 08[ENC] parsed IKE_AUTH request 1 [ EF(2/2) ]
2025-04-16T13:14:19.627624+02:00 cyberpointer charon: 08[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1696 bytes)
2025-04-16T13:14:19.627931+02:00 cyberpointer charon: 08[ENC] unknown attribute type INTERNAL_DNS_DOMAIN
2025-04-16T13:14:19.628208+02:00 cyberpointer charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi AUTH CERT N(INIT_CONTACT) SA TSi TSr CPRQ(ADDR MASK SUBNET DNS DOMAIN) ]
2025-04-16T13:14:19.628289+02:00 cyberpointer charon: 08[IKE] received end entity cert "C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> "
2025-04-16T13:14:19.628396+02:00 cyberpointer charon: 08[CFG] looking for peer configs matching 193.188.192.110[%any]…79.122.83.224[C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-16T13:14:19.628511+02:00 cyberpointer charon: 08[CFG] selected peer config ‘ikev2-vpn-rsa-cp-1’
2025-04-16T13:14:19.629240+02:00 cyberpointer charon: 08[CFG] using trusted certificate "C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> "
2025-04-16T13:14:19.629358+02:00 cyberpointer charon: 08[CFG] using trusted ca certificate “C=HU, O=CyberPointer, CN=CyberPointer Root CA”
2025-04-16T13:14:19.629448+02:00 cyberpointer charon: 08[CFG] reached self-signed root ca with a path length of 0
2025-04-16T13:14:19.629570+02:00 cyberpointer charon: 08[CFG] checking certificate status of "C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> "
2025-04-16T13:14:19.629656+02:00 cyberpointer charon: 08[CFG] certificate status is not available
2025-04-16T13:14:19.629771+02:00 cyberpointer ipsec[4857]: 16[IKE] IKE_SA ikev2-vpn-rsa-cp-1[80] established between 193.188.192.110[protection1.cyberpointer.net]…79.122.83.224[C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-16T13:14:19.629820+02:00 cyberpointer ipsec[4857]: 16[IKE] scheduling reauthentication in 9771s
2025-04-16T13:14:19.629846+02:00 cyberpointer ipsec[4857]: 16[IKE] maximum IKE_SA lifetime 10311s
2025-04-16T13:14:19.629906+02:00 cyberpointer ipsec[4857]: 16[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
2025-04-16T13:14:19.629944+02:00 cyberpointer ipsec[4857]: 16[IKE] CHILD_SA ikev2-vpn-rsa-cp-1{4} established with SPIs c93110a1_i 07efdba6_o and TS 10.10.10.1/32 === 10.10.10.2/32
2025-04-16T13:14:19.629969+02:00 cyberpointer ipsec[4857]: 16[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(AUTH_LFT) ]
2025-04-16T13:14:19.629993+02:00 cyberpointer ipsec[4857]: 16[ENC] splitting IKE message (1664 bytes) into 2 fragments
2025-04-16T13:14:19.630017+02:00 cyberpointer ipsec[4857]: 16[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
2025-04-16T13:14:19.630451+02:00 cyberpointer ipsec[4857]: 16[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
2025-04-16T13:14:19.630608+02:00 cyberpointer ipsec[4857]: 16[NET] sending packet: from 193.188.192.110[4500] to 79.122.83.224[4500] (1236 bytes)
2025-04-16T13:14:19.630791+02:00 cyberpointer ipsec[4857]: 16[NET] sending packet: from 193.188.192.110[4500] to 79.122.83.224[4500] (500 bytes)
2025-04-16T13:14:19.630872+02:00 cyberpointer ipsec[4857]: 15[NET] received packet: from 79.122.83.224[4500] to 193.188.192.110[4500] (240 bytes)
2025-04-16T13:14:19.631058+02:00 cyberpointer ipsec[4857]: 15[ENC] parsed INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
2025-04-16T13:14:19.631246+02:00 cyberpointer ipsec[4857]: 15[IKE] received DELETE for IKE_SA ikev2-vpn-rsa-cp-1[80]
2025-04-16T13:14:19.631404+02:00 cyberpointer ipsec[4857]: 15[IKE] deleting IKE_SA ikev2-vpn-rsa-cp-1[80] between 193.188.192.110[protection1.cyberpointer.net]…79.122.83.224[C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-16T13:14:19.631545+02:00 cyberpointer ipsec[4857]: 15[IKE] IKE_SA deleted
2025-04-16T13:14:19.631691+02:00 cyberpointer ipsec[4857]: 15[ENC] generating INFORMATIONAL response 2
2025-04-16T13:14:19.631837+02:00 cyberpointer ipsec[4857]: 15[NET] sending packet: from 193.188.192.110[4500] to 79.122.83.224[4500] (80 bytes)
2025-04-16T13:14:19.631992+02:00 cyberpointer ipsec[4857]: 15[CFG] lease 10.10.10.2 by 'C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ’ went offline
2025-04-16T13:14:19.632159+02:00 cyberpointer ipsec[4857]: 06[NET] received packet: from 79.122.83.224[500] to 193.188.192.110[500] (432 bytes)
2025-04-16T13:14:19.632331+02:00 cyberpointer ipsec[4857]: 06[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
2025-04-16T13:14:19.632482+02:00 cyberpointer ipsec[4857]: 06[IKE] 79.122.83.224 is initiating an IKE_SA
2025-04-16T13:14:19.632700+02:00 cyberpointer ipsec[4857]: 06[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
2025-04-16T13:14:19.633355+02:00 cyberpointer ipsec[4857]: 06[IKE] remote host is behind NAT
2025-04-16T13:14:19.633559+02:00 cyberpointer ipsec[4857]: 06[IKE] sending cert request for “C=HU, O=CyberPointer, CN=CyberPointer Root CA”
2025-04-16T13:14:19.633604+02:00 cyberpointer charon: 08[IKE] authentication of 'C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ’ with RSA signature successful
2025-04-16T13:14:19.633674+02:00 cyberpointer ipsec[4857]: 06[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(FRAG_SUP) N(CHDLESS_SUP) N(MULT_AUTH) ]
2025-04-16T13:14:19.633701+02:00 cyberpointer ipsec[4857]: 06[NET] sending packet: from 193.188.192.110[500] to 79.122.83.224[500] (481 bytes)
2025-04-16T13:14:19.633728+02:00 cyberpointer ipsec[4857]: 12[NET] received packet: from 79.122.83.224[4500] to 193.188.192.110[4500] (1236 bytes)
2025-04-16T13:14:19.633752+02:00 cyberpointer ipsec[4857]: 12[ENC] parsed IKE_AUTH request 1 [ EF(1/2) ]
2025-04-16T13:14:19.633775+02:00 cyberpointer ipsec[4857]: 12[ENC] received fragment #1 of 2, waiting for complete IKE message
2025-04-16T13:14:19.633798+02:00 cyberpointer ipsec[4857]: 08[NET] received packet: from 79.122.83.224[4500] to 193.188.192.110[4500] (804 bytes)
2025-04-16T13:14:19.633820+02:00 cyberpointer ipsec[4857]: 08[ENC] parsed IKE_AUTH request 1 [ EF(2/2) ]
2025-04-16T13:14:19.633853+02:00 cyberpointer ipsec[4857]: 08[ENC] received fragment #2 of 2, reassembled fragmented IKE message (1696 bytes)
2025-04-16T13:14:19.633900+02:00 cyberpointer ipsec[4857]: 08[ENC] unknown attribute type INTERNAL_DNS_DOMAIN
2025-04-16T13:14:19.633925+02:00 cyberpointer ipsec[4857]: 08[ENC] parsed IKE_AUTH request 1 [ IDi AUTH CERT N(INIT_CONTACT) SA TSi TSr CPRQ(ADDR MASK SUBNET DNS DOMAIN) ]
2025-04-16T13:14:19.633956+02:00 cyberpointer ipsec[4857]: 08[IKE] received end entity cert "C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> "
2025-04-16T13:14:19.633984+02:00 cyberpointer ipsec[4857]: 08[CFG] looking for peer configs matching 193.188.192.110[%any]…79.122.83.224[C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-16T13:14:19.634007+02:00 cyberpointer ipsec[4857]: 08[CFG] selected peer config ‘ikev2-vpn-rsa-cp-1’
2025-04-16T13:14:19.634447+02:00 cyberpointer ipsec[4857]: 08[CFG] using trusted certificate "C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> "
2025-04-16T13:14:19.634783+02:00 cyberpointer ipsec[4857]: 08[CFG] using trusted ca certificate “C=HU, O=CyberPointer, CN=CyberPointer Root CA”
2025-04-16T13:14:19.634964+02:00 cyberpointer ipsec[4857]: 08[CFG] reached self-signed root ca with a path length of 0
2025-04-16T13:14:19.635070+02:00 cyberpointer ipsec[4857]: 08[CFG] checking certificate status of "C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> "
2025-04-16T13:14:19.635234+02:00 cyberpointer ipsec[4857]: 08[CFG] certificate status is not available
2025-04-16T13:14:19.635344+02:00 cyberpointer ipsec[4857]: 08[IKE] authentication of 'C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ’ with RSA signature successful
2025-04-16T13:14:19.635455+02:00 cyberpointer ipsec[4857]: 08[IKE] authentication of ‘protection1.cyberpointer.net’ (myself) with RSA signature successful
2025-04-16T13:14:19.635483+02:00 cyberpointer ipsec[4857]: 08[IKE] sending end entity cert “C=HU, O=CyberPointer, CN=193.188.192.110”
2025-04-16T13:14:19.635518+02:00 cyberpointer ipsec[4857]: 08[IKE] peer requested virtual IP %any
2025-04-16T13:14:19.635551+02:00 cyberpointer ipsec[4857]: 08[CFG] reassigning offline lease to 'C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-16T13:14:19.635629+02:00 cyberpointer ipsec[4857]: 08[IKE] assigning virtual IP 10.10.10.2 to peer 'C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-16T13:14:19.635705+02:00 cyberpointer charon: 08[IKE] authentication of ‘protection1.cyberpointer.net’ (myself) with RSA signature successful
2025-04-16T13:14:19.635811+02:00 cyberpointer ipsec[4857]: 08[IKE] IKE_SA ikev2-vpn-rsa-cp-1[81] established between 193.188.192.110[protection1.cyberpointer.net]…79.122.83.224[C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-16T13:14:19.635885+02:00 cyberpointer ipsec[4857]: 08[IKE] scheduling reauthentication in 10094s
2025-04-16T13:14:19.635960+02:00 cyberpointer ipsec[4857]: 08[IKE] maximum IKE_SA lifetime 10634s
2025-04-16T13:14:19.636009+02:00 cyberpointer charon: 08[IKE] sending end entity cert “C=HU, O=CyberPointer, CN=193.188.192.110”
2025-04-16T13:14:19.636082+02:00 cyberpointer charon: 08[IKE] peer requested virtual IP %any
2025-04-16T13:14:19.636164+02:00 cyberpointer charon: 08[CFG] reassigning offline lease to 'C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-16T13:14:19.636705+02:00 cyberpointer charon: 08[IKE] assigning virtual IP 10.10.10.2 to peer 'C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-16T13:14:19.636930+02:00 cyberpointer charon: 08[IKE] IKE_SA ikev2-vpn-rsa-cp-1[81] established between 193.188.192.110[protection1.cyberpointer.net]…79.122.83.224[C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-16T13:14:19.637240+02:00 cyberpointer charon: 08[IKE] scheduling reauthentication in 10094s
2025-04-16T13:14:19.637468+02:00 cyberpointer charon: 08[IKE] maximum IKE_SA lifetime 10634s
2025-04-16T13:14:19.637670+02:00 cyberpointer charon: 08[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
2025-04-16T13:14:19.637943+02:00 cyberpointer charon: 08[IKE] CHILD_SA ikev2-vpn-rsa-cp-1{5} established with SPIs c51d1ab8_i 0f10bf53_o and TS 10.10.10.1/32 === 10.10.10.2/32
2025-04-16T13:14:19.645751+02:00 cyberpointer vpn: + C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net > 10.10.10.2/32 == 79.122.83.224 – 193.188.192.110 == 10.10.10.1/32
2025-04-16T13:14:19.646124+02:00 cyberpointer charon: 08[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(AUTH_LFT) ]
2025-04-16T13:14:19.646481+02:00 cyberpointer charon: 08[ENC] splitting IKE message (1664 bytes) into 2 fragments
2025-04-16T13:14:19.646671+02:00 cyberpointer charon: 08[ENC] generating IKE_AUTH response 1 [ EF(1/2) ]
2025-04-16T13:14:19.647199+02:00 cyberpointer charon: 08[ENC] generating IKE_AUTH response 1 [ EF(2/2) ]
2025-04-16T13:14:19.647288+02:00 cyberpointer charon: 08[NET] sending packet: from 193.188.192.110[4500] to 79.122.83.224[4500] (1236 bytes)
2025-04-16T13:14:19.647369+02:00 cyberpointer charon: 08[NET] sending packet: from 193.188.192.110[4500] to 79.122.83.224[4500] (500 bytes)
2025-04-16T13:14:19.676706+02:00 cyberpointer charon: 14[NET] received packet: from 79.122.83.224[4500] to 193.188.192.110[4500] (256 bytes)
2025-04-16T13:14:19.676803+02:00 cyberpointer charon: 14[ENC] parsed INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
2025-04-16T13:14:19.676894+02:00 cyberpointer charon: 14[IKE] received DELETE for IKE_SA ikev2-vpn-rsa-cp-1[81]
2025-04-16T13:14:19.676966+02:00 cyberpointer charon: 14[IKE] deleting IKE_SA ikev2-vpn-rsa-cp-1[81] between 193.188.192.110[protection1.cyberpointer.net]…79.122.83.224[C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-16T13:14:19.677122+02:00 cyberpointer charon: 14[IKE] IKE_SA deleted
2025-04-16T13:14:19.701715+02:00 cyberpointer vpn: - C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net > 10.10.10.2/32 == 79.122.83.224 – 193.188.192.110 == 10.10.10.1/32
2025-04-16T13:14:19.702698+02:00 cyberpointer charon: 14[ENC] generating INFORMATIONAL response 2
2025-04-16T13:14:19.702866+02:00 cyberpointer charon: 14[NET] sending packet: from 193.188.192.110[4500] to 79.122.83.224[4500] (80 bytes)
2025-04-16T13:14:19.702985+02:00 cyberpointer charon: 14[CFG] lease 10.10.10.2 by 'C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> ’ went offline

The Mikrotik log file:

2025-04-16 14:57:43 ipsec ipsec: ike2 starting for: 193.188.192.110
2025-04-16 14:57:43 ipsec ipsec: adding payload: SA
2025-04-16 14:57:43 ipsec,debug ipsec: => (size 0x30)
2025-04-16 14:57:43 ipsec,debug ipsec: 00000030 0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005
2025-04-16 14:57:43 ipsec,debug ipsec: 03000008 0300000c 00000008 0400000e
2025-04-16 14:57:43 ipsec ipsec: adding payload: KE
2025-04-16 14:57:43 ipsec,debug ipsec: => (first 0x100 of 0x108)
2025-04-16 14:57:43 ipsec,debug ipsec: 00000108 000e0000 8c627904 17e18e20 73b43982 a35aeed8 0f9f35ce 470c3c8b
2025-04-16 14:57:43 ipsec,debug ipsec: c556876b 23e17510 a9f4065b 3555a01b 118df19c 65d45cce 7f8d426a a7a5850b
2025-04-16 14:57:43 ipsec,debug ipsec: 93e5f2cc bf921765 b03fe0a0 c3083484 1e859835 bf192877 a5a13db1 5496d1fc
2025-04-16 14:57:43 ipsec,debug ipsec: 5dc577b5 9c4d88bb 4f4178d5 63888741 23287413 3d3fb68c 00bf910e 3dcaa472
2025-04-16 14:57:43 ipsec,debug ipsec: ecd6c172 4e808f2b 48046df9 24c27faa 490cc27f ead87c55 996b09ec 523d7643
2025-04-16 14:57:43 ipsec,debug ipsec: 9d63d2be 73d7805b 40663aa7 1d53115d 4052cb0d c88fdaf2 4b38b673 7bb121d8
2025-04-16 14:57:43 ipsec,debug ipsec: 4b776e22 7be1af0e 748f0ca0 e793362c f510c7c6 f3942a7f f0c10608 f12f0232
2025-04-16 14:57:43 ipsec,debug ipsec: f39c02a0 4e901546 05f52909 05c3a61a fa7a664b 00b84838 1aa8e038 e5a2a5a2
2025-04-16 14:57:43 ipsec ipsec: adding payload: NONCE
2025-04-16 14:57:43 ipsec,debug ipsec: => (size 0x1c)
2025-04-16 14:57:43 ipsec,debug ipsec: 0000001c 6e59f9bf bb23bf8d 9067ec54 ff0141ee 56154184 bdb62aff
2025-04-16 14:57:43 ipsec ipsec: adding notify: NAT_DETECTION_SOURCE_IP
2025-04-16 14:57:43 ipsec,debug ipsec: => (size 0x1c)
2025-04-16 14:57:43 ipsec,debug ipsec: 0000001c 00004004 e62f4f99 1b5ad306 51740679 4b81abcd e03bf219
2025-04-16 14:57:43 ipsec ipsec: adding notify: NAT_DETECTION_DESTINATION_IP
2025-04-16 14:57:43 ipsec,debug ipsec: => (size 0x1c)
2025-04-16 14:57:43 ipsec,debug ipsec: 0000001c 00004005 0ca4e2d2 113b5f5c 345cda24 6f1ff90f 021236fa
2025-04-16 14:57:43 ipsec ipsec: adding notify: IKEV2_FRAGMENTATION_SUPPORTED
2025-04-16 14:57:43 ipsec,debug ipsec: => (size 0x8)
2025-04-16 14:57:43 ipsec,debug ipsec: 00000008 0000402e
2025-04-16 14:57:43 ipsec ipsec: ← ike2 request, exchange: SA_INIT:0 193.188.192.110[500] e2476fd42469eb65:0000000000000000
2025-04-16 14:57:43 ipsec,debug ipsec: ===== sending 432 bytes from 192.168.0.15[500] to 193.188.192.110[500]
2025-04-16 14:57:43 ipsec,debug ipsec: 1 times of 432 bytes message will be sent to 193.188.192.110[500]
2025-04-16 14:57:43 ipsec,debug,packet ipsec: e2476fd4 2469eb65 00000000 00000000 21202208 00000000 000001b0 22000030
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005 03000008
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 0300000c 00000008 0400000e 28000108 000e0000 8c627904 17e18e20 73b43982
2025-04-16 14:57:43 ipsec,debug,packet ipsec: a35aeed8 0f9f35ce 470c3c8b c556876b 23e17510 a9f4065b 3555a01b 118df19c
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 65d45cce 7f8d426a a7a5850b 93e5f2cc bf921765 b03fe0a0 c3083484 1e859835
2025-04-16 14:57:43 ipsec,debug,packet ipsec: bf192877 a5a13db1 5496d1fc 5dc577b5 9c4d88bb 4f4178d5 63888741 23287413
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 3d3fb68c 00bf910e 3dcaa472 ecd6c172 4e808f2b 48046df9 24c27faa 490cc27f
2025-04-16 14:57:43 ipsec,debug,packet ipsec: ead87c55 996b09ec 523d7643 9d63d2be 73d7805b 40663aa7 1d53115d 4052cb0d
2025-04-16 14:57:43 ipsec,debug,packet ipsec: c88fdaf2 4b38b673 7bb121d8 4b776e22 7be1af0e 748f0ca0 e793362c f510c7c6
2025-04-16 14:57:43 ipsec,debug,packet ipsec: f3942a7f f0c10608 f12f0232 f39c02a0 4e901546 05f52909 05c3a61a fa7a664b
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 00b84838 1aa8e038 e5a2a5a2 24f1b3fe a6ba900f 2900001c 6e59f9bf bb23bf8d
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 9067ec54 ff0141ee 56154184 bdb62aff 2900001c 00004004 e62f4f99 1b5ad306
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 51740679 4b81abcd e03bf219 2900001c 00004005 0ca4e2d2 113b5f5c 345cda24
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 6f1ff90f 021236fa 00000008 0000402e
2025-04-16 14:57:43 ipsec,debug ipsec: ===== received 481 bytes from 193.188.192.110[500] to 192.168.0.15[500]
2025-04-16 14:57:43 ipsec,debug,packet ipsec: e2476fd4 2469eb65 48233e31 f71d985d 21202220 00000000 000001e1 22000030
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 0000002c 01010004 0300000c 0100000c 800e0100 03000008 0300000c 03000008
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 02000005 00000008 0400000e 28000108 000e0000 daa23e93 5317f2b7 7601cc86
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 8345fa2f 7b4a9d2d 6964463e 417054af 91fccf77 be32ab34 9172b125 7eb803a1
2025-04-16 14:57:43 ipsec,debug,packet ipsec: a23de86b 10e5d8d4 d1ba3c06 e49783ab 3b9b20a4 f0339cf5 8995cb8d d44189b6
2025-04-16 14:57:43 ipsec,debug,packet ipsec: e6b6f964 9e608833 179601f3 6ace181e 8879edd0 46965853 2286a18f 161f549e
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 2881fc7c b1d66f17 fdfc2a8e e6173f20 9c396669 2525ccde 41ba63b3 2761b3f5
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 81492af6 a1d60a14 141d0292 1b46c76e 6dc0dd42 d7710931 cd2d66eb 7369befc
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 8e20e8d6 7e6d52fa 22426ce0 84126d2c 72bf005a ff711c76 b1f2ca8c 9f4653b9
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 7e7e9785 d1a7d9b3 6d5b165f ecbc687e fc46a0db e2c62bec b8918487 86c13465
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 7fb8a8a5 0589d150 011b76ba ac492f33 f4a13735 29000024 30f03801 24f3c929
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 10bffd82 f1459e23 371bdc0a a105059b 2935cb20 3d6ac104 2900001c 00004004
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 49c10d52 f88b190e 4d45bf32 779e6faf dfcb0cd9 2600001c 00004005 909bae08
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 67a82724 e8dc9249 392149de ef1c7e2f 29000019 04fbb4a1 7fc63d12 17aa1685
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 380d8a5b c6f16477 a6290000 08000040 2e290000 08000040 22000000 08000040
2025-04-16 14:57:43 ipsec,debug,packet ipsec: 14
2025-04-16 14:57:43 ipsec ipsec: → ike2 reply, exchange: SA_INIT:0 193.188.192.110[500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:43 ipsec ipsec: ike2 initialize recv
2025-04-16 14:57:43 ipsec ipsec: payload seen: SA (48 bytes)
2025-04-16 14:57:43 ipsec ipsec: payload seen: KE (264 bytes)
2025-04-16 14:57:43 ipsec ipsec: payload seen: NONCE (36 bytes)
2025-04-16 14:57:43 ipsec ipsec: payload seen: NOTIFY (28 bytes)
2025-04-16 14:57:43 ipsec ipsec: payload seen: NOTIFY (28 bytes)
2025-04-16 14:57:43 ipsec ipsec: payload seen: CERTREQ (25 bytes)
2025-04-16 14:57:43 ipsec ipsec: payload seen: NOTIFY (8 bytes)
2025-04-16 14:57:43 ipsec ipsec: payload seen: NOTIFY (8 bytes)
2025-04-16 14:57:43 ipsec ipsec: payload seen: NOTIFY (8 bytes)
2025-04-16 14:57:43 ipsec ipsec: processing payload: SA
2025-04-16 14:57:43 ipsec ipsec: IKE Protocol: IKE
2025-04-16 14:57:43 ipsec ipsec: proposal #1
2025-04-16 14:57:43 ipsec ipsec: enc: aes256-cbc
2025-04-16 14:57:43 ipsec ipsec: prf: hmac-sha256
2025-04-16 14:57:43 ipsec ipsec: auth: sha256
2025-04-16 14:57:43 ipsec ipsec: dh: modp2048
2025-04-16 14:57:43 ipsec ipsec: matched proposal:
2025-04-16 14:57:43 ipsec ipsec: proposal #1
2025-04-16 14:57:43 ipsec ipsec: enc: aes256-cbc
2025-04-16 14:57:43 ipsec ipsec: prf: hmac-sha256
2025-04-16 14:57:43 ipsec ipsec: auth: sha256
2025-04-16 14:57:43 ipsec ipsec: dh: modp2048
2025-04-16 14:57:43 ipsec ipsec: processing payload: KE
2025-04-16 14:57:44 ipsec,debug ipsec: => shared secret (size 0x100)
2025-04-16 14:57:44 ipsec,debug ipsec: 552f3679 67b36995 1e4f74ea e10b924f 91a73d29 18d69d88 8717183c 6446a590
2025-04-16 14:57:44 ipsec,debug ipsec: a5ee5d5d a43f91d3 3c1fa12c f483a8e6 052cedce e85dd543 af48bf6d 6cdd2a74
2025-04-16 14:57:44 ipsec,debug ipsec: b6222c95 27f33b2c 59510d97 32074a35 997563a4 30632ab2 7c85897a 6d854eff
2025-04-16 14:57:44 ipsec,debug ipsec: 9bb6c500 7ad01702 fc56f403 87edf01c 8c55feff 0cf81d2a 16079bf0 e1f2951e
2025-04-16 14:57:44 ipsec,debug ipsec: a170868f 79e4d4f9 620cb16a 05d5db42 ca9de717 5bcb554b 6d978bed 15f0a3a3
2025-04-16 14:57:44 ipsec,debug ipsec: 2387ea3f cae9d127 ee02e1fb 806b3391 834d5a5c 9aa41f1d fc650ab7 aa39e3bb
2025-04-16 14:57:44 ipsec,debug ipsec: 9b8889c6 84320035 8edbd884 e27f4a25 ae99c20b 18f8a980 d50337bf d869cc16
2025-04-16 14:57:44 ipsec,debug ipsec: 4e320165 c7a544c3 d917023d 68a1735d 0db5359e bbf96fd4 067367de 20a3b719
2025-04-16 14:57:44 ipsec ipsec: processing payload: NONCE
2025-04-16 14:57:44 ipsec,debug ipsec: => skeyseed (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: 76e1b4bc 2b2950b2 30ef5e3b 2025fc9a 0576c962 83a7ecf9 d4fa84c2 2e5e1ba2
2025-04-16 14:57:44 ipsec,debug ipsec: => keymat (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: 2d5c522d 48dbce2b 862c6c70 b9292b34 25a89603 26bf51ab 06bfffe8 3da78304
2025-04-16 14:57:44 ipsec,debug ipsec: => SK_ai (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: 4980aae4 57fa193e 7e19186e b5798add c7484393 f43c9a06 087dc3e0 fb000567
2025-04-16 14:57:44 ipsec,debug ipsec: => SK_ar (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: 6cd50ff0 3e638547 351872a6 b22d322e 26ebdca9 80f4c97e 2ae50d90 2957b37b
2025-04-16 14:57:44 ipsec,debug ipsec: => SK_ei (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: 3727d371 70ad61b2 c17c63c0 e7c97f0f fd318c33 33894252 b328cd24 41c57c8b
2025-04-16 14:57:44 ipsec,debug ipsec: => SK_er (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: b862a07d eda071f6 df1cfbf2 31cf6cf9 a89ca743 7e92f554 2333209e d99e366f
2025-04-16 14:57:44 ipsec,debug ipsec: => SK_pi (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: 0940326d abeefb3a d7e74603 9b734859 8b2b4275 8b27a233 206798da 8cb216dd
2025-04-16 14:57:44 ipsec,debug ipsec: => SK_pr (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: 98be83ae 1f882204 81015113 9b9580fe 0f615c67 72cb1c3f 80d732ef 4e705cf3
2025-04-16 14:57:44 ipsec,info new ike2 SA (I): Logging-Server 192.168.0.15[500]-193.188.192.110[500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec,info ipsec: new ike2 SA (I): Logging-Server 192.168.0.15[500]-193.188.192.110[500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec ipsec: processing payloads: NOTIFY
2025-04-16 14:57:44 ipsec ipsec: notify: NAT_DETECTION_SOURCE_IP
2025-04-16 14:57:44 ipsec ipsec: notify: NAT_DETECTION_DESTINATION_IP
2025-04-16 14:57:44 ipsec ipsec: notify: IKEV2_FRAGMENTATION_SUPPORTED
2025-04-16 14:57:44 ipsec ipsec: notify: CHILDLESS_IKEV2_SUPPORTED
2025-04-16 14:57:44 ipsec ipsec: notify: MULTIPLE_AUTH_SUPPORTED
2025-04-16 14:57:44 ipsec ipsec: (NAT-T) REMOTE LOCAL
2025-04-16 14:57:44 ipsec ipsec: KA list add: 192.168.0.15[4500]->193.188.192.110[4500]
2025-04-16 14:57:44 ipsec ipsec: fragmentation negotiated
2025-04-16 14:57:44 ipsec ipsec: init child for policy: 10.10.10.2 <=> 10.10.10.1
2025-04-16 14:57:44 ipsec ipsec: acquired spi 0x98baa3a: Logging-Server 192.168.0.15[4500]-193.188.192.110[4500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec ipsec: init child continue
2025-04-16 14:57:44 ipsec ipsec: offering proto: ESP
2025-04-16 14:57:44 ipsec ipsec: proposal #1
2025-04-16 14:57:44 ipsec ipsec: enc: aes256-cbc
2025-04-16 14:57:44 ipsec ipsec: auth: sha256
2025-04-16 14:57:44 ipsec,debug ipsec: ignoring unterminated SAN: rfc822: > puffymikrotik@cyberpointer.net
2025-04-16 14:57:44 ipsec ipsec: ID_I (DER DN): C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net
2025-04-16 14:57:44 ipsec ipsec: adding payload: ID_I
2025-04-16 14:57:44 ipsec,debug ipsec: => (size 0x57)
2025-04-16 14:57:44 ipsec,debug ipsec: 00000057 09000000 304d310b 30090603 55040613 02485531 15301306 0355040a
2025-04-16 14:57:44 ipsec,debug ipsec: 130c4379 62657250 6f696e74 65723127 30250603 5504030c 1e707566 66796d69
2025-04-16 14:57:44 ipsec,debug ipsec: 6b726f74 696b4063 79626572 706f696e 7465722e 6e6574
2025-04-16 14:57:44 ipsec,debug ipsec: => auth nonce (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: 30f03801 24f3c929 10bffd82 f1459e23 371bdc0a a105059b 2935cb20 3d6ac104
2025-04-16 14:57:44 ipsec,debug ipsec: => SK_p (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: 0940326d abeefb3a d7e74603 9b734859 8b2b4275 8b27a233 206798da 8cb216dd
2025-04-16 14:57:44 ipsec,debug ipsec: => idhash (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: a0af87c8 8afd2c98 397e9cba 065e013a a5a88fd5 e268fe80 4d108a84 3424703e
2025-04-16 14:57:44 ipsec,debug ipsec: => my auth (size 0x100)
2025-04-16 14:57:44 ipsec,debug ipsec: 46c322a9 cd89ee4a f8b0e19b 856e266d 2078e9aa 1536c41a 662fb613 92114c01
2025-04-16 14:57:44 ipsec,debug ipsec: 65d947a9 af74c3f9 9a92f9f6 8a9d8442 d4062aed 62d82c50 ff996246 e7da8b95
2025-04-16 14:57:44 ipsec,debug ipsec: aa624e29 706eba7e acfd8ad3 5877b0da 8cbbe54e 94ca1a30 9db75204 815fa379
2025-04-16 14:57:44 ipsec,debug ipsec: a5759bbd 2a2bc3e5 4baa30e2 323fc9c6 789ec904 37e57769 548479e5 28e15eb8
2025-04-16 14:57:44 ipsec,debug ipsec: 3480c4e8 f819a7bb f417e23e a3d33ee4 3eb399ab dd584caf 6772f330 6051abdb
2025-04-16 14:57:44 ipsec,debug ipsec: 9bb8172b 95973244 f14b54e7 5d4601c1 8fe91e40 ff4af99d 2380c21e e4aacc21
2025-04-16 14:57:44 ipsec,debug ipsec: 2afca84f 2f97df1c 16f5bc22 913d56aa b4f39bfb 0d8ff05f c6ee5326 0ce0d890
2025-04-16 14:57:44 ipsec,debug ipsec: 5806cce0 b1faf15c ceaecfb2 6a790bdf 187b6a17 712956ad 89822017 77be58a7
2025-04-16 14:57:44 ipsec ipsec: adding payload: AUTH
2025-04-16 14:57:44 ipsec,debug ipsec: => (first 0x100 of 0x108)
2025-04-16 14:57:44 ipsec,debug ipsec: 00000108 01000000 46c322a9 cd89ee4a f8b0e19b 856e266d 2078e9aa 1536c41a
2025-04-16 14:57:44 ipsec,debug ipsec: 662fb613 92114c01 65d947a9 af74c3f9 9a92f9f6 8a9d8442 d4062aed 62d82c50
2025-04-16 14:57:44 ipsec,debug ipsec: ff996246 e7da8b95 aa624e29 706eba7e acfd8ad3 5877b0da 8cbbe54e 94ca1a30
2025-04-16 14:57:44 ipsec,debug ipsec: 9db75204 815fa379 a5759bbd 2a2bc3e5 4baa30e2 323fc9c6 789ec904 37e57769
2025-04-16 14:57:44 ipsec,debug ipsec: 548479e5 28e15eb8 3480c4e8 f819a7bb f417e23e a3d33ee4 3eb399ab dd584caf
2025-04-16 14:57:44 ipsec,debug ipsec: 6772f330 6051abdb 9bb8172b 95973244 f14b54e7 5d4601c1 8fe91e40 ff4af99d
2025-04-16 14:57:44 ipsec,debug ipsec: 2380c21e e4aacc21 2afca84f 2f97df1c 16f5bc22 913d56aa b4f39bfb 0d8ff05f
2025-04-16 14:57:44 ipsec,debug ipsec: c6ee5326 0ce0d890 5806cce0 b1faf15c ceaecfb2 6a790bdf 187b6a17 712956ad
2025-04-16 14:57:44 ipsec ipsec: Certificate:
2025-04-16 14:57:44 ipsec ipsec: serialNr: 4f:a2:fb:d9:96:f4:9b:c6
2025-04-16 14:57:44 ipsec ipsec: issuer: <C=HU, O=CyberPointer, CN=CyberPointer Root CA>
2025-04-16 14:57:44 ipsec ipsec: subject: <C=HU, O=CyberPointer, CN=> puffymikrotik@cyberpointer.net> >
2025-04-16 14:57:44 ipsec ipsec: notBefore: Mon Apr 14 13:04:20 2025
2025-04-16 14:57:44 ipsec ipsec: notAfter: Wed Apr 14 13:04:20 2027
2025-04-16 14:57:44 ipsec ipsec: selfSigned:0
2025-04-16 14:57:44 ipsec ipsec: extensions:
2025-04-16 14:57:44 ipsec ipsec: authority key id:2e:0b:a7:a1:cb:90:46:72:14:9b:16:e6:d9:9a:94:f4:9a:ef:43:21
2025-04-16 14:57:44 ipsec ipsec: subject alternative name:
2025-04-16 14:57:44 ipsec ipsec: rfc822: > puffymikrotik@cyberpointer.net
2025-04-16 14:57:44 ipsec ipsec: signed with: SHA384+RSA
2025-04-16 14:57:44 ipsec ipsec: [RSA-PUBLIC]
2025-04-16 14:57:44 ipsec ipsec: modulus: b76f342cd497d2de746383b28f190ef0592c593b4cd4a4ae71d70dc27e0fa7e96daac3b1afe99ed7b7ffbda04750182dfd2a68b9b2c477fa955c76e428a3d762fa33acaed5a358b46af229f8311f90faca51bb0c634902b4ec19b884c22ac2e7c99ad2ed799f3cc64c898f80c458336f61c1ffe82d6502a7bb4517d79710128b9f333176a55566e1ca8ce34c6cec01c051268bec91ae063279b111d31dc4a6fe86ae64d80be58743019a6ef23e880976671ad97fd4b7ab7294f1936db4ddd5bfed134fc6be17f8a387139fadb00d05101bfbeae7e0186ebcb370c815af374dca1c2710e06c2f71422eb2a3be0d6f52bc524714dd43558d271c0a13d3003fd845
2025-04-16 14:57:44 ipsec ipsec: publicExponent: 10001
2025-04-16 14:57:44 ipsec ipsec: adding payload: CERT
2025-04-16 14:57:44 ipsec,debug ipsec: => (first 0x100 of 0x469)
2025-04-16 14:57:44 ipsec,debug ipsec: 00000469 04308204 60308202 48a00302 01020208 4fa2fbd9 96f49bc6 300d0609
2025-04-16 14:57:44 ipsec,debug ipsec: 2a864886 f70d0101 0c050030 43310b30 09060355 04061302 48553115 30130603
2025-04-16 14:57:44 ipsec,debug ipsec: 55040a13 0c437962 6572506f 696e7465 72311d30 1b060355 04031314 43796265
2025-04-16 14:57:44 ipsec,debug ipsec: 72506f69 6e746572 20526f6f 74204341 301e170d 32353034 31343133 30343230
2025-04-16 14:57:44 ipsec,debug ipsec: 5a170d32 37303431 34313330 3432305a 304d310b 30090603 55040613 02485531
2025-04-16 14:57:44 ipsec,debug ipsec: 15301306 0355040a 130c4379 62657250 6f696e74 65723127 30250603 5504030c
2025-04-16 14:57:44 ipsec,debug ipsec: 1e707566 66796d69 6b726f74 696b4063 79626572 706f696e 7465722e 6e657430
2025-04-16 14:57:44 ipsec,debug ipsec: 82012230 0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100
2025-04-16 14:57:44 ipsec ipsec: adding notify: INITIAL_CONTACT
2025-04-16 14:57:44 ipsec,debug ipsec: => (size 0x8)
2025-04-16 14:57:44 ipsec,debug ipsec: 00000008 00004000
2025-04-16 14:57:44 ipsec ipsec: adding payload: SA
2025-04-16 14:57:44 ipsec,debug ipsec: => (size 0x2c)
2025-04-16 14:57:44 ipsec,debug ipsec: 0000002c 00000028 01030403 098baa3a 0300000c 0100000c 800e0100 03000008
2025-04-16 14:57:44 ipsec,debug ipsec: 0300000c 00000008 05000000
2025-04-16 14:57:44 ipsec ipsec: initiator selector: 10.10.10.2
2025-04-16 14:57:44 ipsec ipsec: adding payload: TS_I
2025-04-16 14:57:44 ipsec,debug ipsec: => (size 0x18)
2025-04-16 14:57:44 ipsec,debug ipsec: 00000018 01000000 07000010 0000ffff 0a0a0a02 0a0a0a02
2025-04-16 14:57:44 ipsec ipsec: responder selector: 10.10.10.1
2025-04-16 14:57:44 ipsec ipsec: adding payload: TS_R
2025-04-16 14:57:44 ipsec,debug ipsec: => (size 0x18)
2025-04-16 14:57:44 ipsec,debug ipsec: 00000018 01000000 07000010 0000ffff 0a0a0a01 0a0a0a01
2025-04-16 14:57:44 ipsec ipsec: preparing internal IPv4 address
2025-04-16 14:57:44 ipsec ipsec: preparing internal IPv4 netmask
2025-04-16 14:57:44 ipsec ipsec: preparing internal IPv6 subnet
2025-04-16 14:57:44 ipsec ipsec: preparing internal IPv4 DNS
2025-04-16 14:57:44 ipsec ipsec: preparing internal DNS domain
2025-04-16 14:57:44 ipsec ipsec: adding payload: CONFIG
2025-04-16 14:57:44 ipsec,debug ipsec: => (size 0x30)
2025-04-16 14:57:44 ipsec,debug ipsec: 00000030 01000000 00010004 00000000 00020004 00000000 000d0008 00000000
2025-04-16 14:57:44 ipsec,debug ipsec: 00000000 00030004 00000000 00190000
2025-04-16 14:57:44 ipsec ipsec: ← ike2 request, exchange: AUTH:1 193.188.192.110[4500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: => outgoing plain packet (size 0x678)
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e2476fd4 2469eb65 48233e31 f71d985d 23202308 00000001 00000678 27000057
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 09000000 304d310b 30090603 55040613 02485531 15301306 0355040a 130c4379
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 62657250 6f696e74 65723127 30250603 5504030c 1e707566 66796d69 6b726f74
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 696b4063 79626572 706f696e 7465722e 6e657425 00010801 00000046 c322a9cd
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 89ee4af8 b0e19b85 6e266d20 78e9aa15 36c41a66 2fb61392 114c0165 d947a9af
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 74c3f99a 92f9f68a 9d8442d4 062aed62 d82c50ff 996246e7 da8b95aa 624e2970
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 6eba7eac fd8ad358 77b0da8c bbe54e94 ca1a309d b7520481 5fa379a5 759bbd2a
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 2bc3e54b aa30e232 3fc9c678 9ec90437 e5776954 8479e528 e15eb834 80c4e8f8
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 19a7bbf4 17e23ea3 d33ee43e b399abdd 584caf67 72f33060 51abdb9b b8172b95
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 973244f1 4b54e75d 4601c18f e91e40ff 4af99d23 80c21ee4 aacc212a fca84f2f
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 97df1c16 f5bc2291 3d56aab4 f39bfb0d 8ff05fc6 ee53260c e0d89058 06cce0b1
2025-04-16 14:57:44 ipsec,debug,packet ipsec: faf15cce aecfb26a 790bdf18 7b6a1771 2956ad89 82201777 be58a729 00046904
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 30820460 30820248 a0030201 0202084f a2fbd996 f49bc630 0d06092a 864886f7
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 0d01010c 05003043 310b3009 06035504 06130248 55311530 13060355 040a130c
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 43796265 72506f69 6e746572 311d301b 06035504 03131443 79626572 506f696e
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 74657220 526f6f74 20434130 1e170d32 35303431 34313330 3432305a 170d3237
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 30343134 31333034 32305a30 4d310b30 09060355 04061302 48553115 30130603
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 55040a13 0c437962 6572506f 696e7465 72312730 25060355 04030c1e 70756666
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 796d696b 726f7469 6b406379 62657270 6f696e74 65722e6e 65743082 0122300d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100b7 6f342cd4
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 97d2de74 6383b28f 190ef059 2c593b4c d4a4ae71 d70dc27e 0fa7e96d aac3b1af
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e99ed7b7 ffbda047 50182dfd 2a68b9b2 c477fa95 5c76e428 a3d762fa 33acaed5
2025-04-16 14:57:44 ipsec,debug,packet ipsec: a358b46a f229f831 1f90faca 51bb0c63 4902b4ec 19b884c2 2ac2e7c9 9ad2ed79
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 9f3cc64c 898f80c4 58336f61 c1ffe82d 6502a7bb 4517d797 10128b9f 333176a5
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 5566e1ca 8ce34c6c ec01c051 268bec91 ae063279 b111d31d c4a6fe86 ae64d80b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e5874301 9a6ef23e 88097667 1ad97fd4 b7ab7294 f1936db4 ddd5bfed 134fc6be
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 17f8a387 139fadb0 0d05101b fbeae7e0 186ebcb3 70c815af 374dca1c 2710e06c
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 2f71422e b2a3be0d 6f52bc52 4714dd43 558d271c 0a13d300 3fd84502 03010001
2025-04-16 14:57:44 ipsec,debug,packet ipsec: a34e304c 301f0603 551d2304 18301680 142e0ba7 a1cb9046 72149b16 e6d99a94
2025-04-16 14:57:44 ipsec,debug,packet ipsec: f49aef43 21302906 03551d11 04223020 811e7075 6666796d 696b726f 74696b40
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 63796265 72706f69 6e746572 2e6e6574 300d0609 2a864886 f70d0101 0c050003
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 82020100 94507888 854548bd 79f24541 512bcf6a 1a6ca883 ad0852e4 6bbbd0ec
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: ddcdd246 a4f27758 94e2597a c69deb12 aa11a697 a8e0a85f 5d4935ff 43d3e66d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 8b47dad7 dc870ee6 fe9bc779 abf775a5 a744e559 071e6693 d008c800 4420b226
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 8a20c7d8 0210cf3b e882313b 07388e9b 6e252324 cea41b60 468b0967 832c816b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 9b9c908c c17f9401 2a6d67af 758e7242 baf07210 f2f7c727 bfa67bbc 8e5cdab2
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 530c67bb d499c862 091fe7bf 55a191d5 1c838caa 7e473b70 31cbdd5d 12044583
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 03ee161b 57303535 957c1424 1647a6e1 82f63ace 79c075aa 93b26796 cb4737f6
2025-04-16 14:57:44 ipsec,debug,packet ipsec: ab2a4662 c629f299 0c2ac261 7b4781a4 01061be7 3ac452ee 50cf9aff cce8c89a
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 234cadce 5da01c50 9e889f3f c60c96db 74179438 685632ca 09718d5b 537d21e3
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: c1df20db 8d179e0e 417fd6c6 f25ecfe9 487cbac1 328af714 f3239af5 4ef630d7
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7aa3a264 5160c615 6cc2115a db39dd33 670c17f2 e96db93c 4e5733ae cf196e81
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 50f621ff 00950b7d c8d10897 56441db3 6b6e7abb f9850f1a 2ebc59e0 c5321c3d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7d089147 6df9a816 77b444fc 5b393451 8b44a553 afe67a67 1b705a59 4a979059
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 4c81598b a805b789 85d5b3c4 8cb15289 1cad906e 982d5236 b1619aaa 68d8a211
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 5d82336a a9002563 9f2e9dca 99beae34 3074dee2 73bf040c 22048e06 7b2670bc
2025-04-16 14:57:44 ipsec,debug,packet ipsec: d3f4d0ec e0b1a161 b0759a8e 9da13296 00952e74 931bf6cb 3d0ed169 29195519
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 0790d828 21000008 00004000 2c00002c 00000028 01030403 098baa3a 0300000c
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 0100000c 800e0100 03000008 0300000c 00000008 05000000 2d000018 01000000
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 07000010 0000ffff 0a0a0a02 0a0a0a02 2f000018 01000000 07000010 0000ffff
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 0a0a0a01 0a0a0a01 00000030 01000000 00010004 00000000 00020004 00000000
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 000d0008 00000000 00000000 00030004 00000000 00190000
2025-04-16 14:57:44 ipsec ipsec: fragmenting into 2 chunks
2025-04-16 14:57:44 ipsec ipsec: adding payload: SKF
2025-04-16 14:57:44 ipsec,debug ipsec: => (first 0x100 of 0x488)
2025-04-16 14:57:44 ipsec,debug ipsec: 23000488 00010002 91c256f9 f7783e4e a42590a2 7592807f 40905022 086bfc0d
2025-04-16 14:57:44 ipsec,debug ipsec: b7d28254 b497dbbc e28d1368 de786304 29431d8c 3bfe7e43 bd2491be 9de8d7b8
2025-04-16 14:57:44 ipsec,debug ipsec: f09ea0c0 331426b3 f02ca408 3ebf453e ebcd01cb f95f7e07 90ba23cd d0b0f138
2025-04-16 14:57:44 ipsec,debug ipsec: faa973b7 d6870386 fef75e49 44edff65 fb76549f 6f6937d0 b5a001f7 5bd4e443
2025-04-16 14:57:44 ipsec,debug ipsec: 8ac7ca76 7c78d238 efd5ce4f ee41bf12 554b9943 e7941c9d 5753aace b31fdfbd
2025-04-16 14:57:44 ipsec,debug ipsec: 3d46d995 c046a1c7 dc268fd9 ee90fdd7 7e14373f c63d9583 28b106da ff259047
2025-04-16 14:57:44 ipsec,debug ipsec: 16ba39bb b72d9283 47e785c9 814053b7 6dc34cf7 82ee8b12 9dc569cd 4cc664de
2025-04-16 14:57:44 ipsec,debug ipsec: c99692fd 0257968b e13b4cf6 8b61b3fd 55dc4f37 b56b9a25 26147fb9 827a016b
2025-04-16 14:57:44 ipsec ipsec: adding payload: SKF
2025-04-16 14:57:44 ipsec,debug ipsec: => (first 0x100 of 0x2e8)
2025-04-16 14:57:44 ipsec,debug ipsec: 000002e8 00020002 91c256f9 f7783e4e a42590a2 7592807f 49394fbc c2cc7719
2025-04-16 14:57:44 ipsec,debug ipsec: cc44cb6f 5089f1c1 73a4b9b3 db659bff c34893ac 1d568e52 d3fd74b9 2d00c33e
2025-04-16 14:57:44 ipsec,debug ipsec: 1e46ee6d bbd8ccbd b4e6371e 101cf8b3 e65063fd 957989cc 8bd9bdff 8df1620d
2025-04-16 14:57:44 ipsec,debug ipsec: a01bd039 0e50bac2 3bde193c d641d29d 083973bc cb562312 6d236e2d 811b165f
2025-04-16 14:57:44 ipsec,debug ipsec: c0820ed8 207b8205 369bfa72 7fff8dea 3e59c0bc a3c84722 017dd87b dc8934d0
2025-04-16 14:57:44 ipsec,debug ipsec: 5b986706 c92c88ec 627b808f 57c93a58 b14b9050 341f3fcc 8193a08d a3856663
2025-04-16 14:57:44 ipsec,debug ipsec: c5560403 7269f19e 076d5102 d7d034f2 9b0f0496 1e4175d1 011aa2da eea58d6a
2025-04-16 14:57:44 ipsec,debug ipsec: 8b6d4992 13e2a42a 1f280134 fb509999 0543f303 50c47209 939525d4 fb9796eb
2025-04-16 14:57:44 ipsec,debug ipsec: ===== sending 1188 bytes from 192.168.0.15[4500] to 193.188.192.110[4500]
2025-04-16 14:57:44 ipsec,debug ipsec: 1 times of 1192 bytes message will be sent to 193.188.192.110[4500]
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e2476fd4 2469eb65 48233e31 f71d985d 35202308 00000001 000004a4 23000488
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 00010002 91c256f9 f7783e4e a42590a2 7592807f 40905022 086bfc0d b7d28254
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b497dbbc e28d1368 de786304 29431d8c 3bfe7e43 bd2491be 9de8d7b8 f09ea0c0
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 331426b3 f02ca408 3ebf453e ebcd01cb f95f7e07 90ba23cd d0b0f138 faa973b7
2025-04-16 14:57:44 ipsec,debug,packet ipsec: d6870386 fef75e49 44edff65 fb76549f 6f6937d0 b5a001f7 5bd4e443 8ac7ca76
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7c78d238 efd5ce4f ee41bf12 554b9943 e7941c9d 5753aace b31fdfbd 3d46d995
2025-04-16 14:57:44 ipsec,debug,packet ipsec: c046a1c7 dc268fd9 ee90fdd7 7e14373f c63d9583 28b106da ff259047 16ba39bb
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b72d9283 47e785c9 814053b7 6dc34cf7 82ee8b12 9dc569cd 4cc664de c99692fd
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 0257968b e13b4cf6 8b61b3fd 55dc4f37 b56b9a25 26147fb9 827a016b 5c3156ec
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 16bfbd2c 1043f7b1 d7247949 5dad686f 5be4ec29 b95ee08a 799faa6c 1c67812b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e5a7085d f9c9adb4 7b897724 f1e5c113 ce9f7a01 830258d8 41fb6d68 563d65bd
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 3cda2c5e 74ed3549 22ba08ab ed733079 ad6f9b79 7dac8b3e b4746741 8c4e2540
2025-04-16 14:57:44 ipsec,debug,packet ipsec: dc5d1968 9e59c76c 1d2da38d 0e24cc9a 23f9e702 a7c21677 9b10fe61 602f8354
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 1d6b9731 b9ab613e baf1e1fc 7e55a363 a9c6791c f5276c42 16bb8baa 8d4c2292
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e1a8f932 1321b881 345d0a08 8cfcaa8b 1c446803 38a8a4d6 79899024 484bb958
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 07089628 be21d3af c94ba9e2 86bbd73a 8a2e5859 c32276c2 42c276f2 c972b8d6
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 1e75c24c 5b2df85d ecb5924b af5c0d99 ee7984a2 420496b3 0bd4bcab c0b56efe
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b69809df e5716aa1 f2a92565 d58ec713 3e58e052 3c12a731 74208e37 9996ebfc
2025-04-16 14:57:44 ipsec,debug,packet ipsec: d3a8e2f2 6aacb423 3e5e2c7a e3d4b9d6 c1d6d58f ae6c7c98 10331354 81b809a2
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 4b85e17d f06619d9 a0a7d3b5 8f617c0f 51f0b380 c4641023 215639e9 29d4bc5b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 4880a518 35c8d769 a8fdbecc 2372a24d 18286c3c e3910935 2412fab8 439872a1
2025-04-16 14:57:44 ipsec,debug,packet ipsec: cb03a7e6 75d98384 fa96df8e 51830476 c626b148 2b720b1c e8529838 6560a120
2025-04-16 14:57:44 ipsec,debug,packet ipsec: def2e43d 1139c5ae d334628e 4c9d1e4a bd8c93b0 d4bea55d 1dce6137 3e7b7cba
2025-04-16 14:57:44 ipsec,debug,packet ipsec: ea74f094 b7e54d47 21bfb820 3a3131f4 e1389938 a5a5adb3 c2b4f023 00ce2b47
2025-04-16 14:57:44 ipsec,debug,packet ipsec: a8b8e67e 37560511 f7b70171 573a6e6d 92bc4fea 997b1694 eb668329 35bbecad
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 239af7df fcb70d6a 19632456 5748f3d0 c6d77176 3908e6da c61764b2 3a31b06d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: df480cf9 56ca3f0b d60189e6 a1f943dc 43e4cc31 130752a4 a917289f 055c61f4
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 6606c7d1 028ad21e 13db6862 bc07c160 d29f5d26 c4a362ff 00810f13 422d2e15
2025-04-16 14:57:44 ipsec,debug,packet ipsec: f47a4986 68ceb621 2a23c3eb 1839eb44 fccab59f e7957a38 a4b191ba 21be79e3
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 6fcad448 8cd46bf7 18606022 70f856f7 2701dee5 a778414b 6b41fd72 f24647d9
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 5f5a712d 30bf3c83 f6bb3739 31b36987 57e03e43 a7475235 e862b40f 6e8d3f4c
2025-04-16 14:57:44 ipsec,debug,packet ipsec: c7c8a76e 4e02c455 0741a661 52b77825 c74ebccd b20099c0 589dedb4 4ea5524e
2025-04-16 14:57:44 ipsec,debug,packet ipsec: a4c19fc1 3b31bc9a 9f188374 b89936ab a5b7c4eb 4910c6ea 84a8a4f2 fa7a5479
2025-04-16 14:57:44 ipsec,debug,packet ipsec: dd4bf931 67740d2b 9a3a9c48 de268e9d 6e357b00 42832ae4 311863c9 84e842d7
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 748b8d5d c70e2f5e f396d7f8 d103c795 9fa76700 7412bdb4 8d13d3eb 1a4b31f8
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e4ec443a cbaafa0f 635df86b 44cfaa11 9c0d17c9 387d5f3e c7f045d6 2d3f7b62
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 9ebb851a 5d689cc8 0712eea8 7e40556f 64c460d2 e8eac3a8 55e8497c 34414bab
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 994e331e
2025-04-16 14:57:44 ipsec,debug ipsec: ===== sending 772 bytes from 192.168.0.15[4500] to 193.188.192.110[4500]
2025-04-16 14:57:44 ipsec,debug ipsec: 1 times of 776 bytes message will be sent to 193.188.192.110[4500]
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e2476fd4 2469eb65 48233e31 f71d985d 35202308 00000001 00000304 000002e8
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 00020002 91c256f9 f7783e4e a42590a2 7592807f 49394fbc c2cc7719 cc44cb6f
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 5089f1c1 73a4b9b3 db659bff c34893ac 1d568e52 d3fd74b9 2d00c33e 1e46ee6d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: bbd8ccbd b4e6371e 101cf8b3 e65063fd 957989cc 8bd9bdff 8df1620d a01bd039
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 0e50bac2 3bde193c d641d29d 083973bc cb562312 6d236e2d 811b165f c0820ed8
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 207b8205 369bfa72 7fff8dea 3e59c0bc a3c84722 017dd87b dc8934d0 5b986706
2025-04-16 14:57:44 ipsec,debug,packet ipsec: c92c88ec 627b808f 57c93a58 b14b9050 341f3fcc 8193a08d a3856663 c5560403
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7269f19e 076d5102 d7d034f2 9b0f0496 1e4175d1 011aa2da eea58d6a 8b6d4992
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 13e2a42a 1f280134 fb509999 0543f303 50c47209 939525d4 fb9796eb 5a9f45e4
2025-04-16 14:57:44 ipsec,debug,packet ipsec: f8b0db4e fbf0bd47 0e8f500d 08e8e50c 7ae7c7bf c60a13fe f828ae08 40dc4f1a
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 022b69f1 5f4a80cf f7fbf03d ca4bbb97 221d18f7 039fcc4c 407ee08f 00e7eda4
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 279aad19 08f3f7c8 ffc87388 47fecc81 fc0e5aa2 4c09b1ea 7747e1b2 b1ed023d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b7c22a76 d6cc8c67 bd0db132 d1d85847 f426accd 2ca57d56 9a18fc73 79c8f62c
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b049401b 4afecaf6 180f61ce dbd87832 d65b048b 2051d209 c2284e40 d6244933
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 64e2d9c0 b4d03ae2 8219be13 f0107936 6b8dc1a7 d21f665d 3e6126cf a5b85b8f
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7a742447 c8ccaad5 af2bcfeb 4583195a eb505a9a 698897f5 3e6608b0 c143ea57
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7ba21b54 49c5c8aa f132e473 368422b6 be4dc977 4b537d4d 7d2c562e 2df72401
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 84c1980d 62d1973d d1c084a8 e3ec1832 b1cdc358 d66a246b 83a53095 ae131e0b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 74d17142 14cac0fb 26930b9c adaf4bf1 3741ec90 dfbd7c97 32e5aa23 91cf0f81
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 3bc55b2e 45812907 e95a62f6 a7527291 5f851a32 a3bbd846 e727b287 42cee266
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 362e2c54 a527d294 1837595f 64c208f7 b41821c0 c81a68a1 0ead043e 070c80a9
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 9d329e3b 011e8cac aa481612 d1bed494 46252944 30cfee08 1368963f 10bb1100
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 4cce3161 d337d447 ce3350ae 917b9f0b 09a2e337 09e75f6f d3afcd07 ecbccb14
2025-04-16 14:57:44 ipsec,debug,packet ipsec: f0af64b1 ccce0ad1 03d4c6aa 6574e7a7 6e4e8e07 03b79111 bb09f884 03906d11
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 61e89553
2025-04-16 14:57:44 ipsec,debug ipsec: ===== received 1236 bytes from 193.188.192.110[4500] to 192.168.0.15[4500]
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e2476fd4 2469eb65 48233e31 f71d985d 35202320 00000001 000004d4 240004b8
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 00010002 e9361323 ebfaaa6c 95fb8259 9ec390d8 1dbb939d fc3433f4 847d284a
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 62ce9552 dea22767 8737b12f 932b47f3 855f1002 4fd310f4 e4724471 750e45ea
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 5c814450 68bdba84 a63d6a47 8d8b02e6 94634f0f 74e16d69 e008fc97 5b9ffdeb
2025-04-16 14:57:44 ipsec,debug,packet ipsec: c2d877b7 fb7a419e e25d51a4 162910cc e5bb4839 0651e191 51681c70 4646552c
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b0069091 4e607c12 2f2e21ca c9ccbbc8 5d554e21 c3bfb171 eb088c63 362432d5
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 8a933b72 fc054a84 cf1f21de 4e0470a5 2851a8c5 3bcff2cc c4bdbc5d 932148aa
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 5911289a 7867b0a8 ab617f3e bc8e3f9d 80972420 6b4aed5b 2eeb0c58 93888905
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 114429df da52b6e7 db7a4dd0 572dfdcc feab227d 5d6ed5f7 7d5f7d18 bfb3e411
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 5a29c8eb 51fe308a 6f0a0037 0200f4d2 5fccfa40 aab0c546 21ddbfc7 cb6d7d8b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7f8936f5 7139e1bf 70529b25 e119ac66 77d49914 2e52af08 9c9ff327 358475f9
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 986dacab ec75a900 52950d92 f5ad4b68 7d8c26fb fd3c3aec d8934df6 87ae77d2
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 385de397 57154f11 7947e6e1 66bb0ad2 92cf64e4 c31df781 2ed32e6c 7936c310
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 6f0cf01a 593eb0e0 d7767771 cb0facb1 fcff9453 eec11b9a 76d330c2 50f1bac2
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 70a22f9c 7fbf6e24 c87d6bf3 38517aec 1b0c1fbe 2907f39a b7377124 725a4b9f
2025-04-16 14:57:44 ipsec,debug,packet ipsec: f30fb437 e3dae7d9 65d00356 f8fd0b5b cfdfc10f 988cc5e3 f2fc6901 59d3c00d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 582c3e93 40349947 87f48179 0e78eff6 9770e1e4 3b37819f 57c3514a 213fa2d4
2025-04-16 14:57:44 ipsec,debug,packet ipsec: dec9e142 a89941d7 54188264 72f91450 4bffbb8d 6255e85c 32dbfa54 25851062
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e43e1821 13f45657 4ec9fc3a 1ed8ae04 d111823c 077fc7cc 1ba8880e ed02dae1
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 0a874080 5a29d68f 97a4efbe 01da95ab 6c05584f d775f83a 7cacd16b 4abf7a25
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 628b4d79 9af0cd38 c02c89ba 355f0b4a 55675330 7db0041f 6fee99ec e816f94d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 1cdd7113 a8842c9b c655ce98 3d192133 6daa8182 d03c1c17 cb8c6539 d31c50e7
2025-04-16 14:57:44 ipsec,debug,packet ipsec: d3eb6fa1 6b969847 6f43b797 dbe23083 b8a336b4 ef6884e7 b88b020a 1def6e41
2025-04-16 14:57:44 ipsec,debug,packet ipsec: cda06bda 5f147011 370ff927 a62fe5d4 26ff4abd 2bb2afe9 7c99e2fe a99a6364
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 75618944 269b63f1 3665d56e 90de1603 424eea88 95b39288 0dff9704 e00672cb
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7e1a258e 12abc942 83cbd788 7eae9486 e1dd686a e32d3420 2481f746 873b5eb9
2025-04-16 14:57:44 ipsec,debug,packet ipsec: ca68edb2 d03e94e6 bf045e39 8251a0f6 27c2cc9f 3885caae b0813cb4 c466c237
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 36d7192c c8b431e4 9b50fd90 bed77c34 e865e6f5 db00f8bb 85481416 18d1b498
2025-04-16 14:57:44 ipsec,debug,packet ipsec: bcee1155 5313df98 7056c4e1 35001974 71cbe707 31a576fd 45645197 b6f76df6
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 611fbea4 1e3c4955 e8ba4818 1111a4c6 0b865e58 3935bb9b 56940791 493d28cd
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 5f79ba65 03db7654 74f452d5 d03f65c1 8cda2329 176124ac 5652832b f4855ac5
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 3a9aa6c5 7cd5db98 79114d04 cde9afec 0819b639 ba43a56b b38d17b7 c42a5194
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 721368b0 5929eefe 1ee01127 91c965e3 778081a4 a4109df2 23730737 b9f9d50b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 233bfc31 b85a29ad f86a18e8 1d315e1b 63011b44 09054a93 5aa67b27 6eec8071
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 22d201ae ac549902 39592bf1 fe71fecc 2e8d1913 9a0125d1 96d3c602 058878a2
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 67fd4ca5 5ea7270a a5d61135 9183cfb0 3a392004 80afdfd6 3b66ae09 6025a66d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 000e895c 89597516 cbd1075f eabfbd57 f8d37d7c 1f1a5947 65407420 3f4f1d27
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7041fbc4 5ae5fd09 6412d911 41a5e9ca 9ae606b8 d2434fb1 f747946c 8e22c9b3
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 1249e45b 937bf453 ca32b2d6 0b50070e c37d5dc9
2025-04-16 14:57:44 ipsec ipsec: → ike2 reply, exchange: AUTH:1 193.188.192.110[4500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec ipsec: payload seen: SKF (1208 bytes)
2025-04-16 14:57:44 ipsec ipsec: processing payload: ENC (not found)
2025-04-16 14:57:44 ipsec ipsec: processing payload: SKF
2025-04-16 14:57:44 ipsec,debug ipsec: => iv (size 0x10)
2025-04-16 14:57:44 ipsec,debug ipsec: e9361323 ebfaaa6c 95fb8259 9ec390d8
2025-04-16 14:57:44 ipsec,debug ipsec: decrypted fragment 1 out of 2
2025-04-16 14:57:44 ipsec,debug,packet ipsec: => plain fragment (size 0x48f)
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 25000024 02000000 70726f74 65637469 6f6e312e 63796265 72706f69 6e746572
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 2e6e6574 2700047d 04308204 74308202 5ca00302 01020208 5a4050ad d82e4d88
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 300d0609 2a864886 f70d0101 0c050030 43310b30 09060355 04061302 48553115
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 30130603 55040a13 0c437962 6572506f 696e7465 72311d30 1b060355 04031314
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 43796265 72506f69 6e746572 20526f6f 74204341 301e170d 32353034 31343133
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 30303531 5a170d32 37303431 34313330 3035315a 303e310b 30090603 55040613
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 02485531 15301306 0355040a 130c4379 62657250 6f696e74 65723118 30160603
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 55040313 0f313933 2e313838 2e313932 2e313130 30820122 300d0609 2a864886
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: f70d0101 01050003 82010f00 3082010a 02820101 00d050b8 8ce49eb3 dcc65ba7
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7908d491 e6b790a4 00939e9e 208732bf 3728fad2 97e99d24 27223a16 b25e495f
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 40e7f60a 75bfc839 fec5c1a1 94214485 b7e2bb6b 31af6081 08f2094f 4a25de96
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 26d89820 b97ea5e7 0578a9c4 45380574 5c8b35bc 1412da32 9de14b31 d0206909
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 9f08bb46 48844a37 bcb70965 231a95e0 fceaf1f3 4690539e 9fe7851d b724a0df
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 44c2a6ec c1593300 dba281d2 7ae6f5bd 68ab9387 c5383a98 d9263946 3a960cbc
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b5563e8d 47bc1579 211946ff 72ed2746 a3047b90 c0ad3e9f 5a030e4b a8065958
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e79f3898 d3fb86e5 578ed0b9 14cad9ae 30c2acfa 3c702ad2 638e52ee 5dc69268
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 1ad5a994 eccebce2 e5521373 3cdb3c9e 073d4e87 d1020301 0001a371 306f301f
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 0603551d 23041830 1680142e 0ba7a1cb 90467214 9b16e6d9 9a94f49a ef432130
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 2d060355 1d110426 30248704 c1bcc06e 821c7072 6f746563 74696f6e 312e6379
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 62657270 6f696e74 65722e6e 6574301d 0603551d 25041630 1406082b 06010505
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 07030106 082b0601 05050802 02300d06 092a8648 86f70d01 010c0500 03820201
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 00830b9b ed40a9f9 434c0295 ae4f2ca5 27a817bc 25598be3 5fae6306 799efe5d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b2f7348f 9e80e52f 660d5fdd e2d1dd2c d10c7f26 03cd665b 1b92d3df b7599700
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 30110cb3 accd224c c8e7ad7f 7134367d 67b18c93 4a055bce e0d29ab7 39900542
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 09555e9b 392fc29b c06bf341 6e19a4f4 96a8d9b0 0d8514d4 88c158f5 f9f5d783
2025-04-16 14:57:44 ipsec,debug,packet ipsec: f825734b 60f1e17b dbd8d551 da1edabd 9d1ac3c1 90dbf30f d88bd4df 37c2075f
2025-04-16 14:57:44 ipsec,debug,packet ipsec: c338bb9b 064e76c6 8216c152 37d43d7c 1ce9b6e4 099ccc39 d7513933 e2eb87c6
2025-04-16 14:57:44 ipsec,debug,packet ipsec: afa16b71 5d19c12f a56c8aa5 b042b211 a0e2459c 94057ca7 cf9bcfdc c4879100
2025-04-16 14:57:44 ipsec,debug,packet ipsec: da723d08 396a8b55 18f46bae 74734375 757e5452 132d9fb3 65955fb5 87b5c4bf
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 2c0d95e9 903aee2e 9190a7a7 1b935369 812e0510 10e01063 e3f2aee5 48fe15ca
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 799e39bf aacccd47 07d09374 2f0a8f3d c78dd9cf e3cb94c8 197986d1 6dbc1c09
2025-04-16 14:57:44 ipsec,debug,packet ipsec: c8202186 108cada9 33a52a0b 6a65c568 6c459f65 6415fc34 da6b3f8e 17229176
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: a656ab79 ff4dd586 f70ef67d d585defd 2efe553c f5686e08 1ddd760e 3fbb398b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 34f5c9b5 17128771 eb43796e b30eea3c 6bdd04bf b83ffb77 0e9e5876 c1629b72
2025-04-16 14:57:44 ipsec,debug,packet ipsec: dd46a60f bc94d9b9 b91e2e9f eb0f0c00 31d22ad5 1c7f6184 d61e9d0f dcc90f0f
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b71694da b470f824 c6978233 26b92e17 cf3342c4 f791ed55 52a9f36d c656b1f0
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b967b8d1 35b69975 50f5ced9 946104
2025-04-16 14:57:44 ipsec,debug ipsec: need more fragments
2025-04-16 14:57:44 ipsec,debug ipsec: ===== received 500 bytes from 193.188.192.110[4500] to 192.168.0.15[4500]
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e2476fd4 2469eb65 48233e31 f71d985d 35202320 00000001 000001f4 000001d8
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 00020002 b1bd8a24 3bc91cd8 f017ec92 5a43ac16 a6967bfe f521114a 2d921b22
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 382acd81 84391b13 fca3d09c 9d628629 220925bb e6f392e9 d00ae2ff 42fe832d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: db52f78b 8e49ef88 f718da6d 180a1f7c 069dc15c 9422aca2 b4b27406 5319a399
2025-04-16 14:57:44 ipsec,debug,packet ipsec: c5c3c259 076c734b 87a3fd16 e6d1416c 26a10074 deed2f42 ba03b49a ffe4e876
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 554eb363 6e4a936a d9ad9768 21df0e19 2654de52 c2268880 c5dff201 186761df
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 16a1a6ae 76096555 d0c3cb38 68f6afd3 da7b9c72 1dd0b5d7 2ffd892e 3aeee9e2
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 1d234fdc 09221b8b 8c02f82f da7db05a ae6b04bd 0f22d5c1 729c7ab4 9de1c2f2
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 81a7e2ba 9bd86066 f390f507 59fd14f4 239f9c6f e29da96f 1667717a 94b1f57f
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 626e00ee 7228ae32 70427bab d84e69e7 fca8f793 f21e91c4 4cb3d2ba 1aadbed1
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 587b2c20 7f232f9c a67bb570 419e80a8 6d17e17d 99946892 2d6a35d1 e0302f9b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 70f9cbc4 b3e2eea1 b39649d4 fd926fd4 f4faee2d 7283ffdb 8d40d102 ad4f57b2
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 717be790 3d12fec4 8db5b72f de05a3ee cd0733dc e9d48632 04baa1a9 fb984460
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 9b3b6ef2 1a390933 9bd61511 dd0c43b6 ef95ba91 ea2ebbfc 69b50ed5 9ab4b5f8
2025-04-16 14:57:44 ipsec,debug,packet ipsec: fa346717 0dc3fc18 2872ba32 274fbb44 11f0d282 193b7f41 539c3ef9 556b7f72
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 9aebc9e5 c78242b9 6e03f562 b48f435a d88b90e8
2025-04-16 14:57:44 ipsec ipsec: → ike2 reply, exchange: AUTH:1 193.188.192.110[4500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec ipsec: payload seen: SKF (472 bytes)
2025-04-16 14:57:44 ipsec ipsec: processing payload: ENC (not found)
2025-04-16 14:57:44 ipsec ipsec: processing payload: SKF
2025-04-16 14:57:44 ipsec,debug ipsec: => iv (size 0x10)
2025-04-16 14:57:44 ipsec,debug ipsec: b1bd8a24 3bc91cd8 f017ec92 5a43ac16
2025-04-16 14:57:44 ipsec,debug ipsec: decrypted fragment 2 out of 2
2025-04-16 14:57:44 ipsec,debug,packet ipsec: => plain fragment (size 0x1a2)
2025-04-16 14:57:44 ipsec,debug,packet ipsec: a94131af 74fd02d4 f55656b0 e1a995d4 62372f00 01080100 0000328e 1842ea20
2025-04-16 14:57:44 ipsec,debug,packet ipsec: da452066 c8823035 6d3ea9b8 519386ba 5d0f3bad 698e88a3 8c0711a5 e638d9fe
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 0fd47aeb 16a42209 231732da 7a17652b 948cbf2c 4a9c7d76 23cece0a 9f9f3a55
2025-04-16 14:57:44 ipsec,debug,packet ipsec: cbe5f854 78bed18a 83ec4498 79ac662a 82969be4 46dfa7cc 7e7d988f 2224ac27
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 6e630069 921ecba7 fcb17ffc a3856662 8937f2c8 b6e6e0a4 7f8a5bd0 086465ca
2025-04-16 14:57:44 ipsec,debug,packet ipsec: f6142707 54061a69 c7f6d5f0 7feafe06 1154bee8 17dbc81b f5e4a589 2c3bd323
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 2831cfa0 abf5cb36 6f430be6 e664493b 254c989a 53b3f4db e2e0bb88 6346e3e7
2025-04-16 14:57:44 ipsec,debug,packet ipsec: de876525 9d09e472 d127fe69 0a0f9896 0b86fef8 497eabb4 35d07e74 03c4491e
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b149cece 9775a47d 242e74e9 d808f311 ceb4f6ff 65082406 23b32100 00200200
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 00000001 00040a0a 0a020003 00040101 01010003 00040100 00012c00 002c0000
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 00280103 0403c991 70aa0300 000c0100 000c800e 01000300 00080300 000c0000
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 00080500 00002d00 00180100 00000700 00100000 ffff0a0a 0a020a0a 0a022900
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 00180100 00000700 00100000 ffff0a0a 0a010a0a 0a010000 000c0000 40130000
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 26c9
2025-04-16 14:57:44 ipsec,debug ipsec: reassembling fragments
2025-04-16 14:57:44 ipsec,debug,packet ipsec: => decrypted packet (size 0x64d)
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e2476fd4 2469eb65 48233e31 f71d985d 24202320 00000001 0000064d 25000024
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 02000000 70726f74 65637469 6f6e312e 63796265 72706f69 6e746572 2e6e6574
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 2700047d 04308204 74308202 5ca00302 01020208 5a4050ad d82e4d88 300d0609
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 2a864886 f70d0101 0c050030 43310b30 09060355 04061302 48553115 30130603
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 55040a13 0c437962 6572506f 696e7465 72311d30 1b060355 04031314 43796265
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 72506f69 6e746572 20526f6f 74204341 301e170d 32353034 31343133 30303531
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 5a170d32 37303431 34313330 3035315a 303e310b 30090603 55040613 02485531
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 15301306 0355040a 130c4379 62657250 6f696e74 65723118 30160603 55040313
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 0f313933 2e313838 2e313932 2e313130 30820122 300d0609 2a864886 f70d0101
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 01050003 82010f00 3082010a 02820101 00d050b8 8ce49eb3 dcc65ba7 7908d491
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e6b790a4 00939e9e 208732bf 3728fad2 97e99d24 27223a16 b25e495f 40e7f60a
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 75bfc839 fec5c1a1 94214485 b7e2bb6b 31af6081 08f2094f 4a25de96 26d89820
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b97ea5e7 0578a9c4 45380574 5c8b35bc 1412da32 9de14b31 d0206909 9f08bb46
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 48844a37 bcb70965 231a95e0 fceaf1f3 4690539e 9fe7851d b724a0df 44c2a6ec
2025-04-16 14:57:44 ipsec,debug,packet ipsec: c1593300 dba281d2 7ae6f5bd 68ab9387 c5383a98 d9263946 3a960cbc b5563e8d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 47bc1579 211946ff 72ed2746 a3047b90 c0ad3e9f 5a030e4b a8065958 e79f3898
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: d3fb86e5 578ed0b9 14cad9ae 30c2acfa 3c702ad2 638e52ee 5dc69268 1ad5a994
2025-04-16 14:57:44 ipsec,debug,packet ipsec: eccebce2 e5521373 3cdb3c9e 073d4e87 d1020301 0001a371 306f301f 0603551d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 23041830 1680142e 0ba7a1cb 90467214 9b16e6d9 9a94f49a ef432130 2d060355
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 1d110426 30248704 c1bcc06e 821c7072 6f746563 74696f6e 312e6379 62657270
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 6f696e74 65722e6e 6574301d 0603551d 25041630 1406082b 06010505 07030106
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 082b0601 05050802 02300d06 092a8648 86f70d01 010c0500 03820201 00830b9b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: ed40a9f9 434c0295 ae4f2ca5 27a817bc 25598be3 5fae6306 799efe5d b2f7348f
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 9e80e52f 660d5fdd e2d1dd2c d10c7f26 03cd665b 1b92d3df b7599700 30110cb3
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: accd224c c8e7ad7f 7134367d 67b18c93 4a055bce e0d29ab7 39900542 09555e9b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 392fc29b c06bf341 6e19a4f4 96a8d9b0 0d8514d4 88c158f5 f9f5d783 f825734b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 60f1e17b dbd8d551 da1edabd 9d1ac3c1 90dbf30f d88bd4df 37c2075f c338bb9b
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 064e76c6 8216c152 37d43d7c 1ce9b6e4 099ccc39 d7513933 e2eb87c6 afa16b71
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 5d19c12f a56c8aa5 b042b211 a0e2459c 94057ca7 cf9bcfdc c4879100 da723d08
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 396a8b55 18f46bae 74734375 757e5452 132d9fb3 65955fb5 87b5c4bf 2c0d95e9
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 903aee2e 9190a7a7 1b935369 812e0510 10e01063 e3f2aee5 48fe15ca 799e39bf
2025-04-16 14:57:44 ipsec,debug,packet ipsec: aacccd47 07d09374 2f0a8f3d c78dd9cf e3cb94c8 197986d1 6dbc1c09 c8202186
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 108cada9 33a52a0b 6a65c568 6c459f65 6415fc34 da6b3f8e 17229176 a656ab79
2025-04-16 14:57:44 ipsec,debug,packet ipsec: ff4dd586 f70ef67d d585defd 2efe553c f5686e08 1ddd760e 3fbb398b 34f5c9b5
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 17128771 eb43796e b30eea3c 6bdd04bf b83ffb77 0e9e5876 c1629b72 dd46a60f
2025-04-16 14:57:44 ipsec,debug,packet ipsec: bc94d9b9 b91e2e9f eb0f0c00 31d22ad5 1c7f6184 d61e9d0f dcc90f0f b71694da
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b470f824 c6978233 26b92e17 cf3342c4 f791ed55 52a9f36d c656b1f0 b967b8d1
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 35b69975 50f5ced9 946104a9 4131af74 fd02d4f5 5656b0e1 a995d462 372f0001
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 08010000 00328e18 42ea20da 452066c8 8230356d 3ea9b851 9386ba5d 0f3bad69
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 8e88a38c 0711a5e6 38d9fe0f d47aeb16 a4220923 1732da7a 17652b94 8cbf2c4a
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 9c7d7623 cece0a9f 9f3a55cb e5f85478 bed18a83 ec449879 ac662a82 969be446
2025-04-16 14:57:44 ipsec,debug,packet ipsec: dfa7cc7e 7d988f22 24ac276e 63006992 1ecba7fc b17ffca3 85666289 37f2c8b6
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e6e0a47f 8a5bd008 6465caf6 14270754 061a69c7 f6d5f07f eafe0611 54bee817
2025-04-16 14:57:44 ipsec,debug,packet ipsec: dbc81bf5 e4a5892c 3bd32328 31cfa0ab f5cb366f 430be6e6 64493b25 4c989a53
2025-04-16 14:57:44 ipsec,debug,packet ipsec: b3f4dbe2 e0bb8863 46e3e7de 8765259d 09e472d1 27fe690a 0f98960b 86fef849
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7eabb435 d07e7403 c4491eb1 49cece97 75a47d24 2e74e9d8 08f311ce b4f6ff65
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 08240623 b3210000 20020000 00000100 040a0a0a 02000300 04010101 01000300
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 04010000 012c0000 2c000000 28010304 03c99170 aa030000 0c010000 0c800e01
2025-04-16 14:57:44 ipsec,debug,packet ipsec:
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 00030000 08030000 0c000000 08050000 002d0000 18010000 00070000 100000ff
2025-04-16 14:57:44 ipsec,debug,packet ipsec: ff0a0a0a 020a0a0a 02290000 18010000 00070000 100000ff ff0a0a0a 010a0a0a
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 01000000 0c000040 13000026 c9
2025-04-16 14:57:44 ipsec ipsec: payload seen: ID_R (36 bytes)
2025-04-16 14:57:44 ipsec ipsec: payload seen: CERT (1149 bytes)
2025-04-16 14:57:44 ipsec ipsec: payload seen: AUTH (264 bytes)
2025-04-16 14:57:44 ipsec ipsec: payload seen: CONFIG (32 bytes)
2025-04-16 14:57:44 ipsec ipsec: payload seen: SA (44 bytes)
2025-04-16 14:57:44 ipsec ipsec: payload seen: TS_I (24 bytes)
2025-04-16 14:57:44 ipsec ipsec: payload seen: TS_R (24 bytes)
2025-04-16 14:57:44 ipsec ipsec: payload seen: NOTIFY (12 bytes)
2025-04-16 14:57:44 ipsec ipsec: processing payloads: NOTIFY
2025-04-16 14:57:44 ipsec ipsec: notify: unknown 0x4013
2025-04-16 14:57:44 ipsec,debug ipsec: 000026c9
2025-04-16 14:57:44 ipsec ipsec: ike auth: initiator finish
2025-04-16 14:57:44 ipsec ipsec: processing payload: ID_R
2025-04-16 14:57:44 ipsec ipsec: ID_R (FQDN): protection1.cyberpointer.net
2025-04-16 14:57:44 ipsec ipsec: processing payload: AUTH
2025-04-16 14:57:44 ipsec ipsec: requested auth method: RSA
2025-04-16 14:57:44 ipsec,debug ipsec: => peer’s auth (size 0x100)
2025-04-16 14:57:44 ipsec,debug ipsec: 328e1842 ea20da45 2066c882 30356d3e a9b85193 86ba5d0f 3bad698e 88a38c07
2025-04-16 14:57:44 ipsec,debug ipsec: 11a5e638 d9fe0fd4 7aeb16a4 22092317 32da7a17 652b948c bf2c4a9c 7d7623ce
2025-04-16 14:57:44 ipsec,debug ipsec: ce0a9f9f 3a55cbe5 f85478be d18a83ec 449879ac 662a8296 9be446df a7cc7e7d
2025-04-16 14:57:44 ipsec,debug ipsec: 988f2224 ac276e63 0069921e cba7fcb1 7ffca385 66628937 f2c8b6e6 e0a47f8a
2025-04-16 14:57:44 ipsec,debug ipsec: 5bd00864 65caf614 27075406 1a69c7f6 d5f07fea fe061154 bee817db c81bf5e4
2025-04-16 14:57:44 ipsec,debug ipsec: a5892c3b d3232831 cfa0abf5 cb366f43 0be6e664 493b254c 989a53b3 f4dbe2e0
2025-04-16 14:57:44 ipsec,debug ipsec: bb886346 e3e7de87 65259d09 e472d127 fe690a0f 98960b86 fef8497e abb435d0
2025-04-16 14:57:44 ipsec,debug ipsec: 7e7403c4 491eb149 cece9775 a47d242e 74e9d808 f311ceb4 f6ff6508 240623b3
2025-04-16 14:57:44 ipsec ipsec: using certificate from identity config
2025-04-16 14:57:44 ipsec ipsec: Certificate:
2025-04-16 14:57:44 ipsec ipsec: serialNr: 5c:8f:15:52:08:66:24:cb
2025-04-16 14:57:44 ipsec ipsec: issuer: <C=HU, O=CyberPointer, CN=CyberPointer Root CA>
2025-04-16 14:57:44 ipsec ipsec: subject: <C=HU, O=CyberPointer, CN=CyberPointer Root CA>
2025-04-16 14:57:44 ipsec ipsec: notBefore: Mon Apr 14 12:57:04 2025
2025-04-16 14:57:44 ipsec ipsec: notAfter: Thu Apr 12 12:57:04 2035
2025-04-16 14:57:44 ipsec ipsec: selfSigned:1
2025-04-16 14:57:44 ipsec ipsec: extensions:
2025-04-16 14:57:44 ipsec ipsec: key usage: key-cert-sign, crl-sign
2025-04-16 14:57:44 ipsec ipsec: basic constraints: isCa: TRUE
2025-04-16 14:57:44 ipsec ipsec: subject key id: 2e:0b:a7:a1:cb:90:46:72:14:9b:16:e6:d9:9a:94:f4:9a:ef:43:21
2025-04-16 14:57:44 ipsec ipsec: signed with: SHA384+RSA
2025-04-16 14:57:44 ipsec ipsec: [RSA-PUBLIC]
2025-04-16 14:57:44 ipsec ipsec: modulus: b11b92590a7bf1d9905bffa99a66859a05fa6ae0c269ce004300a328a7214f75f0783dcec9d3079a86435362c3b618390c7a9e7a5cb429976db0cbf73a8ec6d6ed342c38ac31aab5cba831d5b00ef13cf761753e98ff472196154da388d5a004b2d2a69672e3f56a4891a8c18b790a1ae32703577ff4090f2af9b7465498336cb4f2c73ab26bc6a27fdceb6c23168aa7d74e04c7793689b89c601a74de35b9888558be9f39138b3a3d4ccdf5166647189e6178f88a60e7e57728828a4799645b04d7a3778915a79b4364b1d9c22de7b667be58aa2dd5e25e623ad0be2f1593ef56209638adf199dfd00142430ae5ddcde150c74568f7200260c8e1bed8ccd2aca4e68bd12ed5e09a62d4da84f87c517f36be8caf2a7638d5dd15707c6c3190ea0eb8429daa949e6cc076372d7e8af76110aca92c9e686680e2d45f9af61b2176a86f8317df6603ebf47dce28a27a84edec67577bb4c47e6c63828fe2c2de3d5c8c36a7f6345832d18b81d20586f83a43ca1dff368136773dde4ec6d4a16fb9b3e431cab05f02c9aa0f43f0fd1566a379886337e38a26a2582af00be317bf7cdd9cbda4795f7ca437f7af338461626d59c2a4519daa4b52b78c89ab8170efaebb9264e10b84af4354886bc1f30eabbb93e0db11109f5cca4855dc65c38485869acad3b909094ab4571a21f23575c91ac6dc85cda8e41
2025-04-16 14:57:44 ipsec ipsec: 88b39aaff36d8c3230d17
2025-04-16 14:57:44 ipsec ipsec: publicExponent: 10001
2025-04-16 14:57:44 ipsec ipsec: trust chain:
2025-04-16 14:57:44 ipsec ipsec: 0: SKID: 2e:0b:a7:a1:cb:90:46:72:14:9b:16:e6:d9:9a:94:f4:9a:ef:43:21
2025-04-16 14:57:44 ipsec,debug ipsec: => auth nonce (size 0x18)
2025-04-16 14:57:44 ipsec,debug ipsec: 6e59f9bf bb23bf8d 9067ec54 ff0141ee 56154184 bdb62aff
2025-04-16 14:57:44 ipsec,debug ipsec: => SK_p (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: 98be83ae 1f882204 81015113 9b9580fe 0f615c67 72cb1c3f 80d732ef 4e705cf3
2025-04-16 14:57:44 ipsec,debug ipsec: => idhash (size 0x20)
2025-04-16 14:57:44 ipsec,debug ipsec: 90940f10 451b8b0a 51955d34 aa0102f1 4c703cde 5d679fb3 c76c2b57 de5f2a1a
2025-04-16 14:57:44 ipsec,debug ipsec: retrying with hash function form certificate: SHA384
2025-04-16 14:57:44 ipsec,error digital signature verification failed
2025-04-16 14:57:44 ipsec,error ipsec: digital signature verification failed
2025-04-16 14:57:44 ipsec,info,account peer failed to authorize: Logging-Server 192.168.0.15[4500]-193.188.192.110[4500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec,info,account ipsec: peer failed to authorize: Logging-Server 192.168.0.15[4500]-193.188.192.110[4500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec ipsec: send notify: AUTHENTICATION_FAILED
2025-04-16 14:57:44 ipsec ipsec: adding notify: AUTHENTICATION_FAILED
2025-04-16 14:57:44 ipsec,debug ipsec: => (size 0x8)
2025-04-16 14:57:44 ipsec,debug ipsec: 00000008 00000018
2025-04-16 14:57:44 ipsec ipsec: ← ike2 request, exchange: INFORMATIONAL:2 193.188.192.110[4500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec,debug,packet ipsec: => outgoing plain packet (size 0x24)
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e2476fd4 2469eb65 48233e31 f71d985d 29202508 00000002 00000024 00000008
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 00000018
2025-04-16 14:57:44 ipsec ipsec: adding payload: ENC
2025-04-16 14:57:44 ipsec,debug ipsec: => (first 0x100 of 0x104)
2025-04-16 14:57:44 ipsec,debug ipsec: 29000104 e5c78242 b96e03f5 62b48f43 5ad88b90 feacc4d2 2973ee5c 036438ed
2025-04-16 14:57:44 ipsec,debug ipsec: 6e283e35 2ea67c1c bb0ba5a9 675c4c7d fd7fb438 d0249056 ff759db8 884f315f
2025-04-16 14:57:44 ipsec,debug ipsec: 3145d23e 7dbefd24 d9a19f0c ee55b76f 89a7b786 12620b3a 014215f1 c19e8682
2025-04-16 14:57:44 ipsec,debug ipsec: f2288dfe 298186cf 915c3568 7f6e03e0 d7f3abd4 923bd52d 1fb56e16 912a74ca
2025-04-16 14:57:44 ipsec,debug ipsec: 1461bdda dec6d0ad f379b6c2 ee8b8cb8 f526dd91 eb136402 b23b6f93 b25e1735
2025-04-16 14:57:44 ipsec,debug ipsec: edf16cfa bc908600 dc73ea2d 925ca4f5 3b9a65fb 40dbcfb5 b01ba91b 4fb4e4b7
2025-04-16 14:57:44 ipsec,debug ipsec: 6f0f6003 29668a6d 9ea7f4d9 bfe6696a e8a52df9 d8f76614 af80dda2 e02dd7fd
2025-04-16 14:57:44 ipsec,debug ipsec: 27175178 919e6093 4bb04d7a 6672c864 a0ee87d4 00000000 00000000 00000000
2025-04-16 14:57:44 ipsec,debug ipsec: ===== sending 288 bytes from 192.168.0.15[4500] to 193.188.192.110[4500]
2025-04-16 14:57:44 ipsec,debug ipsec: 1 times of 292 bytes message will be sent to 193.188.192.110[4500]
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e2476fd4 2469eb65 48233e31 f71d985d 2e202508 00000002 00000120 29000104
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e5c78242 b96e03f5 62b48f43 5ad88b90 feacc4d2 2973ee5c 036438ed 6e283e35
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 2ea67c1c bb0ba5a9 675c4c7d fd7fb438 d0249056 ff759db8 884f315f 3145d23e
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7dbefd24 d9a19f0c ee55b76f 89a7b786 12620b3a 014215f1 c19e8682 f2288dfe
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 298186cf 915c3568 7f6e03e0 d7f3abd4 923bd52d 1fb56e16 912a74ca 1461bdda
2025-04-16 14:57:44 ipsec,debug,packet ipsec: dec6d0ad f379b6c2 ee8b8cb8 f526dd91 eb136402 b23b6f93 b25e1735 edf16cfa
2025-04-16 14:57:44 ipsec,debug,packet ipsec: bc908600 dc73ea2d 925ca4f5 3b9a65fb 40dbcfb5 b01ba91b 4fb4e4b7 6f0f6003
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 29668a6d 9ea7f4d9 bfe6696a e8a52df9 d8f76614 af80dda2 e02dd7fd 27175178
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 919e6093 4bb04d7a 6672c864 a0ee87d4 8f0eb0d5 98e4a482 b79d0653 d759b8b5
2025-04-16 14:57:44 ipsec,info killing ike2 SA: Logging-Server 192.168.0.15[4500]-193.188.192.110[4500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec,info ipsec: killing ike2 SA: Logging-Server 192.168.0.15[4500]-193.188.192.110[4500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec ipsec: KA remove: 192.168.0.15[4500]->193.188.192.110[4500]
2025-04-16 14:57:44 ipsec,debug ipsec: KA tree dump: 192.168.0.15[4500]->193.188.192.110[4500] (in_use=1)
2025-04-16 14:57:44 ipsec,debug ipsec: KA removing this one…
2025-04-16 14:57:44 ipsec,debug ipsec: ===== received 80 bytes from 193.188.192.110[4500] to 192.168.0.15[4500]
2025-04-16 14:57:44 ipsec,debug,packet ipsec: e2476fd4 2469eb65 48233e31 f71d985d 2e202520 00000002 00000050 00000034
2025-04-16 14:57:44 ipsec,debug,packet ipsec: 7a53d219 de3f33bf f1dd3263 07fab917 f7934f81 35b264f5 4920cd9b 09e86a96
2025-04-16 14:57:44 ipsec,debug,packet ipsec: ab259397 6c481e65 b7253e99 32e1babd
2025-04-16 14:57:44 ipsec ipsec: → ike2 reply, exchange: INFORMATIONAL:2 193.188.192.110[4500] e2476fd42469eb65:48233e31f71d985d
2025-04-16 14:57:44 ipsec ipsec: SPI e2476fd42469eb65 not registered for 193.188.192.110[4500]

Thank you!

Regards: DrCyberg

sindy · April 17, 2025, 6:16am

Hello,

it seems to me that the Mikrotik side does not like some aspects of the certificate the Strongswan side presents, plust there is possibly a slight misconfiguration.

2025-04-16 14:57:44 ipsec ipsec: ID_R (FQDN): protection1.cyberpointer.net
2025-04-16 14:57:44 ipsec ipsec: processing payload: AUTH
2025-04-16 14:57:44 ipsec ipsec: requested auth method: RSA
…
2025-04-16 14:57:44 ipsec ipsec: using certificate from identity config
2025-04-16 14:57:44 ipsec ipsec: Certificate:
2025-04-16 14:57:44 ipsec ipsec: serialNr: 5c:8f:15:52:08:66:24:cb
2025-04-16 14:57:44 ipsec ipsec: issuer: <C=HU, O=CyberPointer, CN=CyberPointer Root CA>
2025-04-16 14:57:44 ipsec ipsec: subject: <C=HU, O=CyberPointer, CN=CyberPointer Root CA>
2025-04-16 14:57:44 ipsec ipsec: notBefore: Mon Apr 14 12:57:04 2025
2025-04-16 14:57:44 ipsec ipsec: notAfter: Thu Apr 12 12:57:04 2035
2025-04-16 14:57:44 ipsec ipsec: **selfSigned:**1
2025-04-16 14:57:44 ipsec ipsec: extensions:
2025-04-16 14:57:44 ipsec ipsec: key usage: key-cert-sign, crl-sign
2025-04-16 14:57:44 ipsec ipsec: basic constraints: isCa: TRUE
2025-04-16 14:57:44 ipsec ipsec: subject key id: 2e:0b:a7:a1:cb:90:46:72:14:9b:16:e6:d9:9a:94:f4:9a:ef:43:21
2025-04-16 14:57:44 ipsec ipsec: signed with: SHA384+RSA
…
2025-04-16 14:57:44 ipsec,debug ipsec: retrying with hash function form certificate: SHA384
2025-04-16 14:57:44 ipsec,error digital signature verification failed
2025-04-16 14:57:44 ipsec,error ipsec: digital signature verification failed

Namely:

the Strongswan certificate is self signed - I don’t think it is the reason per se, but some stacks do not like this
the “key usage” list of the Strongswan certificate does not contain a tls-server item; I’m not sure about ROS 7, but in ROS 6, the certificate of an IPsec responder had to have tls-server on the key usage list, and the certificate of an IPsec initiator had to have tls-client there
there is only a CN (common name) field in the certificate; Strongswan itself (and other software too) ignores the CN field and needs the subject of the certificate to be present in the Subject-Alt-Name list. Mikrotik may have an issue with this too.
the identity row is configured with match-by=certificate but the Strongswan presents another ID, fqdn:protection1.cyberpointer.net. This is not an issue of the certificate itself but may be relevant - so if fixing the potential issues of the certificate does not help, try changing match-by to remote-id and set remote-id to fqdn:protection1.cyberpointer.net.

drcyberg · April 18, 2025, 12:29pm

Hello,

it seems to me that the Mikrotik side does not like some aspects of the certificate the Strongswan side presents, plust there is possibly a slight misconfiguration.

2025-04-16 14:57:44 ipsec ipsec: ID_R (FQDN): protection1.cyberpointer.net
2025-04-16 14:57:44 ipsec ipsec: processing payload: AUTH
2025-04-16 14:57:44 ipsec ipsec: requested auth method: RSA
…
2025-04-16 14:57:44 ipsec ipsec: using certificate from identity config
2025-04-16 14:57:44 ipsec ipsec: Certificate:
2025-04-16 14:57:44 ipsec ipsec: serialNr: 5c:8f:15:52:08:66:24:cb
2025-04-16 14:57:44 ipsec ipsec: issuer: <C=HU, O=CyberPointer, CN=CyberPointer Root CA>
2025-04-16 14:57:44 ipsec ipsec: subject: <C=HU, O=CyberPointer, CN=CyberPointer Root CA>
2025-04-16 14:57:44 ipsec ipsec: notBefore: Mon Apr 14 12:57:04 2025
2025-04-16 14:57:44 ipsec ipsec: notAfter: Thu Apr 12 12:57:04 2035
2025-04-16 14:57:44 ipsec ipsec: **selfSigned:**1
2025-04-16 14:57:44 ipsec ipsec: extensions:
2025-04-16 14:57:44 ipsec ipsec: key usage: key-cert-sign, crl-sign
2025-04-16 14:57:44 ipsec ipsec: basic constraints: isCa: TRUE
2025-04-16 14:57:44 ipsec ipsec: subject key id: 2e:0b:a7:a1:cb:90:46:72:14:9b:16:e6:d9:9a:94:f4:9a:ef:43:21
2025-04-16 14:57:44 ipsec ipsec: signed with: SHA384+RSA
…
2025-04-16 14:57:44 ipsec,debug ipsec: retrying with hash function form certificate: SHA384
2025-04-16 14:57:44 ipsec,error digital signature verification failed
2025-04-16 14:57:44 ipsec,error ipsec: digital signature verification failed

Namely:

the Strongswan certificate is self signed - I don’t think it is the reason per se, but some stacks do not like this

the “key usage” list of the Strongswan certificate does not contain a tls-server item; I’m not sure about ROS 7, but in ROS 6, the certificate of an IPsec responder had to have tls-server on the key usage list, and the certificate of an IPsec initiator had to have tls-client there

there is only a CN (common name) field in the certificate; Strongswan itself (and other software too) ignores the CN field and needs the subject of the certificate to be present in the Subject-Alt-Name list. Mikrotik may have an issue with this too.

the identity row is configured with match-by=certificate but the Strongswan presents another ID, fqdn:protection1.cyberpointer.net. This is not an issue of the certificate itself but may be relevant - so if fixing the potential issues of the certificate does not help, try changing match-by to remote-id and set remote-id to fqdn:protection1.cyberpointer.net.

Hi!

I started creating the certificate from scratch using the Mikrotik factory solution, thinking that it would be the solution, but unfortunately it wasn’t.
I followed these examples:

Mikrotik forum: IPSEC/IKE2 (with certificates) VPN server guide for remote access
strongSwan: Certificates Quickstart :: strongSwan Documentation
GitHub: GitHub - GLlgGL/OpenVPNonMikrotik: Configure openvpn on mikrotik(Site-to-client)

I tried all the options in the identity menu but unfortunately I always got the same result: … parsed INFORMATIONAL request 2 [ N(AUTH_FAILED) ] …

Of course, it works perfectly under Linux and Windows, which I generated the certificate with Mikrotik. So I don’t understand what else you expect from me to make it work?

Of course, thank you for the suggestions!

Thank you!

Regards: DrCyberg

sindy · April 18, 2025, 12:54pm

So how does the certificate the Strongswan presents to the Mikrotik look like now?

openssl x509 -in -noout -text -purpose

The thing is that I do use a Strongswan responder authenticafing itself to Mikrotik initiators using a certificate (plus many Mikrotik peers authenticating themselves to each other using certificates) routinely and it “just works”. But the certificate used by Strongswan is not self-signed, it has the domain name it authenticates in SAN, and does have the tls-client and tls-server usages set. And the Mikrotik initiator has the certificate of the signing CA of the Strongswan in its certificate store. Maybe you just have to manually mark the self-signed certificate of the Strongswan responder as trusted in the Mikrotik certifcate store? When you import a CA certificate, this is automatic, but maybe for self-signed certificates it is not?

drcyberg · April 22, 2025, 5:42am

So how does the certificate the Strongswan presents to the Mikrotik look like now?

openssl x509 -in -noout -text -purpose

The thing is that I do use a Strongswan responder authenticafing itself to Mikrotik initiators using a certificate (plus many Mikrotik peers authenticating themselves to each other using certificates) routinely and it “just works”. But the certificate used by Strongswan is not self-signed, it has the domain name it authenticates in SAN, and does have the tls-client and tls-server usages set. And the Mikrotik initiator has the certificate of the signing CA of the Strongswan in its certificate store. Maybe you just have to manually mark the self-signed certificate of the Strongswan responder as trusted in the Mikrotik certifcate store? When you import a CA certificate, this is automatic, but maybe for self-signed certificates it is not?

If a certificate-based VPN connection is specifically specified for operation, I don’t understand what kind of identification it expects within it?
First I created the certificates with openssl on Linux, then on Mikrotik, but it doesn’t want to work at all, but it worked in both cases under Linux and Windows.

VPN CA cert:

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3222286872953726184 (0x2cb7dcd6aacfa4e8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = HU, ST = Budapest, L = Budapest, O = CyberPointer, OU = CP-P1, CN = CyberPointer Root CA
Validity
Not Before: Apr 18 08:26:19 2025 GMT
Not After : Apr 16 08:26:19 2035 GMT
Subject: C = HU, ST = Budapest, L = Budapest, O = CyberPointer, OU = CP-P1, CN = CyberPointer Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:b7:dc:eb:b8:6c:58:a9:f8:9c:3c:1d:a1:78:48:
ab:84:5a:6b:8f:61:7b:25:7b:99:b1:d3:7d> > c9:
b3:e7:a6:f0:69:9d:d4:ac:9c:34:07:bd:e1:6b>
89:86:fe:3c:b7:07:71:24:23:f1:6c:50:9a:13:f9:
ec:8b:8c:72:af:28:00:4f:42:2f:5a:5e:fb:67:81:
af:a3:a9:4d:d9:7b:4f:28:b6:7a:75:93:53:d3:f8:
c1:31:32:06:d9> > 8a:e5:37:86:ae:22:46:44:a2:
0b:ea:5d:1d:ea:3e:55:28:d5:fd:b9:fa:d5:94:d6:
ec:34:67:95:6b:7c:84:86:9e:63:56:bb:e8:24:ad:
ac:f8:6d:b2:f6:3a:4e:dd:33:70:9c:3e:11:bf:06:
8b:89:e8:b3:e0:61:0d:fb:80:ed:0e:38:72:15:1b:
0f:7b:64:7f:03:7d:bf:2d:ad:4f:8e:77:4d:9f:03:
81:1e:28:3f:c4:23:5b:18:4d:63:07:52:3d:d8:07:
46:eb:73:f4:02:53:3c:5f:9e:9c:62:e2:b0:a9:e6:
b0:81:00:be:57:c9:af:fb:e2:3c:8e:88:81:6e:84:
b5:6d:62:85:f3:2e:fb:48:4c:3a:3a:bf:a2:51:60:
40:9f> > 59:d1:61:70:6a:21:a1:60:34:59:20:0b:
27:56:b3:92:2b:da:e1:e1:46:5e:59:09:67:83:2a:
e7:c6:01:6a:3b:e0:11:b5:5f:49:57:43:ae:ae:8f:
d0:fc:67:89:60:c4:10:9d:92:55:1e:6d:69:e1:9c:
61:98:12:7f:f2:b4:39:40:4f:3d:f9:02:4e:27:14:
ee:56:25:8a:80:2e:f5:51:d2:01:8a:b8:71:55:b6:
a7:13:4a:27:7d:4b:c9:4f:75:88:21:d7:33:f5:3d:
f8:da:fb:94:a9> > cf:38:03:cf:e1:9a:df:17:6b:
cd:d3:76:e2:ae:2f:d9:a8:f2:b8:bb:fc:a7:ad:07:
55:52:d9:2f:9d:88:06:ec:52:b5:08:94:90:89:33:
a9:f0:ad:2f:90:39:5d:8a:48:9f> > 3d:39:d1:89:
da:9e:d9:e7:b6:10:a3:7c:a2:16:2c:44:d0:7f:e3:
a0:55:f6:bf:ae:0b:5d:19:b6:8b:d5:c9:03:57:f6:
ab:eb:4c:f0:29> > 63:4f:b0:1f:8b:80:f4:d8:cf:
ef:fe:4f:b7:96:38:1d:a5:2f:12:6f:e1:31:ea:29:
f6:08:a8:06:2c:97:58:cb:b2:ca:3e:5c:d2:e2:2f:
72:09:2b:45:ac:9e:31:dd:74:98:a7:0c:48:83:99:
52:9e:0b:dd:5d:d9:eb:51:68:80:30:c2:1a:d1:99:
72:da:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
4D:02:13:12:B6:97:0F:33:04:37:BC:59:51:D5:B4:5A:AF:A7:C3:B6
X509v3 CRL Distribution Points:
Full Name:
URI:> http://193.188.192.110/crl/196.crl
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
a0:a5:18:20:59:c1:7c:10:a7:98> > 9a:d3:e0:e8:78:dc:ff:
99:a4:e5:7e:3e:71:8e:81:dd:e8:76:6a:f3:e5:bf:1f:89:8f:
b0:1c:12:d9:0c:c8:8c:7d:f4:2a:1e:75:8a:b5:67:0e:ce:c3:
91:d9:e6:54:37:a7:eb:3b:17:ae:b1:a4:bf:e2:b7:bc:62:dc:
27:8f:8b:4c:b1:b4:3d:5c:e8:f7:29:3d:01:1d:df:55:3a:28:
7e:e5:06:d8:78:7f:70:90:1b:06:0b:57:7b:39:da:5e:bd:89:
2d:4f:ed:9e:dc:da:fa:9b:1b:3d:87:1b:14:74:71:1d:b3:b0:
e7:dd:ef:58:c6:79:cf:51:66:c0:0a:31:8f:e2:36:3a:0f:76:
e2:81:79:72:26:e0:10:6d:26:00:42:ba:bc:1c:32:af:5e:2b:
f4:9f:8f:c9:46:55:68:34:ac:40:50:dc:66:15:02:df:ac:2d:
06> > bf:aa:e9:b2:40:c6:f6:31:78:48:f1:5f:3c:e9:c8:82:
b5:d4:05:74:9b:bd:0d:f1:cc:b4:3a:5d:e8:8c:c1:f2:a0:ce:
54:b7:8e:a7:df:9b:74:62:2f:9e:79:4a:67:fc:0d:aa:2c:97:
f9:af:45:29:e4:f2:b7:19:be:d2:b7:ec:3d:11:7e:ae:dc:59:
e0:7c:40:f9:fc:4e:65:58:ef:43:a6:83:68:10:1a:6c:66:ef:
28:a1:a6:e8:0f:81:69:2e:1b:1b:90:8d:c5:18:a3:6b:a1:5e:
8c:bb:cb:d6:c7:c6:d0:43:0e:ad:54:09:60:c5:c1:00:68:6a:
69:e4:af:f1:15:bc:58:04:ff:a4:1d:37:36:a7:fc:77:41:8c:
d2:cc:11:86:0c:b0:74:96:8e:cc:90:5f:13:91:3c:45:3a:7d:
f9:a6:d5:e9:a1:cc:6e:d5:eb:94:62:b6:6a:9a:99:d7:97:9c:
e4:07:b8:02:91:b4:b4:8b:97:99:57:3d:70:06:0a:02:62:e3:
13:72:b6:d3> > d5:93:47:a3:0e:9b:9f:36:7e:da:84:6e:fc:
94:55:e1:a7:ee:3d:81:8e:ae:64:bd:94:f8:50:8d:3d:1b:4f:
97:0e:7b:c4:ff:a0:98:59:09:81:c0:e3:c2:c5:70:72:be:c6:
7c:72:4e:77:d5:be:42:2d:1a:2f:9e:36:40:df:8f:92:10:fe:
1d:5d:a2:cf:b7:98:6c:07:ae:9f:c2:0b:95:cf:e3:1c:2b:8e:
4a:23:f5:0d:99:51:e0:25:af:69:64:0b:e3:b1:96:4e> > e6:
f4:ea:81:52:b1:1b:9d:21:f6:1c:a4:a1:36:65:71:cf:1a:e4:
c1:f0:88:dd:2d:cc:79:df
Certificate purposes:
SSL client : No
SSL client CA : Yes
SSL server : No
SSL server CA : Yes
Netscape SSL server : No
Netscape SSL server CA : Yes
S/MIME signing : No
S/MIME signing CA : Yes
S/MIME encryption : No
S/MIME encryption CA : Yes
CRL signing : Yes
CRL signing CA : Yes
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : Yes
Time Stamp signing : No
Time Stamp signing CA : Yes

VPN Host Cert:

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4889229180211302949 (0x43da0808fff81225)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = HU, ST = Budapest, L = Budapest, O = CyberPointer, OU = CP-P1, CN = CyberPointer Root CA
Validity
Not Before: Apr 18 08:33:05 2025 GMT
Not After : Apr 18 08:33:05 2027 GMT
Subject: C = HU, ST = Budapest, L = Budapest, O = CyberPointer, OU = CP-P1, CN = 193.188.192.110
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b9:7a:a1:41:3e:8b:34:d1:ec:bc:43:3e:20:e9:
43:e2:53:6b:9a:1e:2d:e4:b7:0e:4e:7d:b6:2a:49:
be:37:ef:60:60:b7:27:61:66:dc:cc:40:33:3f:53:
2b:3b:73:ff:37:cc:e0:9f:28:61:8a:f6:4a:ea:c5:
ba:24:35:72:76:5d:5a:26:3e:e3:2d:39:cf:47:bc:
a3:46:96:61:f3:16:19:4e:1e:6f:f2:e6:59:9b:d3:
63:6c:83:28:a6:58:c2:2e:98:d4:8f:a1:26:82:00:
13:d6:6d:75:ba:b8:84:bc:04:d9:ac:6b:41:57:77:
71:2e:28:8b:22:15:11:c3:04:7c:42:c1:d6:db:0a:
7c:75:b9:45:80:f8:eb:48:09:52:8a:ff:09:fc:07:
67:2c:d2:d7:5b:1b:d4:ea:17:08:3f:d5:ce:1a:d2:
74:41:6a:39:8d:9e:40:3e:14:45:04:d0:05:80:00:
52:b8:f7:df:ff:7c:2f:ef:b3:5c:e5:82:ce:50:7f:
53:01:c8:5b:af:cc:0e:1f:c9:0c:43:a1:e3:20:d6:
a4:b6:f6:a6:bf:6f:1a:c0:b5:a7:a2:29:13:90:3e:
72:25:48:44:2a:79:0a:1e:4f:b4:98:e2:7a:ed:0d:
20:a6:88:51:6c:0d:04:58:0f:01:22:0a:da:d9:3f:
83:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Key Identifier:
7F:AA:B2:CF:F8:2D:AA:9D:85:F7:18:CE:84:13:C3:FA:08:85:EA:5C
X509v3 Authority Key Identifier:
4D:02:13:12:B6:97:0F:33:04:37:BC:59:51:D5:B4:5A:AF:A7:C3:B6
X509v3 Subject Alternative Name:
IP Address:193.188.192.110, DNS:protection1.cyberpointer.net
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
7a:9b:ef> > 44:ad:94:3b:d7:b5:68:9e:f7:1d:2f:b8:89:35:
a2:23:38:fc:a2:7f:a4:51:a1:a5:c3:9b:2c:87:2d:8c:0d:8b:
4d:33:f0:54:41:d3:ba:cc:fc:66:84:1c:09:10:cb:41:f1:9a:
3a:ce:0e:35:b0:47:6a:a5:0e:41:6e:bf:0d:ca:7f:c7:58:a9:
c1:fa:8d:d9:c0:18:e4:6d:0e:d3:88> > 3f:24:a0:39:4d:df:
7a:48:68:22:e6:29:5c:74:27:41:c9:60:8b:24:ee:aa:1f:d8:
37:01:47:66:23:a3:3c:ed:c0:8b:96:b9:c3:d2:ae:46:e6:45:
7c:cf:c1:30:67:5a:04:8d:fe:c5:19:72:32:e5:e2:0c:9a:6c:
67:36:5e:0d:72:75:b1:70> > 39:80:e9:8c:fb:0e:89:c4:db:
5a:18:37:50:ec:7b:3c:b6:34:05:cb:79:01:ec:3d:36:08:0e:
0a:d6:0b:b8:1c:c9:4f:b3:66:61:f0:2d:1d:0b:17:f9:eb:40:
5c:68:6b:ed:a0:9f:f0:52:1f:c5:5e:10:9e:e7:28:6a:d6:ec:
ab:3c:e1:fd:54:bb:4e:7f:2c:bc:8c:9c:b5:d8:41:7b:0e:fa:
4a:f9:a6:91:4a:91:b9:60:a5:12:f7:42:75:df:ac:3b:28:ec:
8a:64:f4:26:67:3f:a8:9a:70:28:0c:29:27:bb:4f:98:58:70:
2d:11:f3:00:2f:5c:2d:a9:3b:c1:28:7d:3b:1d:a6:67:2e:ae:
f0:82:98:2f:e9:1f:8c:ed:44:ce:db:cf:45:2b:00:41:10:d7:
e7:c5:3c> > 64:4d:68:bb:f8:24:2a:59:06:07:dc:df:2e:ae:
57:cb:c6:8c:8f:d3:4d:c8:d5:f1:8b:92:ca:34:3b:db:90:86:
bd:bd:30:a0:c1:fa:c8:8b:96:4d:20:8e:51:d4:39:49:2e:bd:
6c:ea:24:72:e4:79:1e:1a:7a:aa:2c:40:ef:b4:be:10:33:ea:
5f:db:63:28:e8:d6:43:49:93:52:07:0f:42:a6:0d:73:31:77:
9b:35:be:e8:b3:b0:e5:a5:d9:e3:7e:37:7a:77:d2:c0:0f:67:
a6:9f:4e:56:33:8c:b1:e3:ea:bc:14:46:0b:fb:2f:b9:08:70:
77:06:f7:c3:6b:82:a8:ac:28:00:59:07:60:4a:9b:70:2a:73:
1e:4a:7b:a4:f6:fd:4a:62:f6:18:b8:b3:a9:39:40:06:f0:df:
0f:49:ae:d0:4e:6e:70:a9:85:f1:39:77:df:67:53:b5:24:90:
7b:dc:c9:30:f7:00:b3:09:b7:67:4c:82:07:e7:f1:82:34:4c:
f9:f1:9e:46:db:da:e3:b2
Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : No
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
Time Stamp signing : No
Time Stamp signing CA : No

VPN Client Cert:

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5295604347751810097 (0x497dc418d2c2c431)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = HU, ST = Budapest, L = Budapest, O = CyberPointer, OU = CP-P1, CN = CyberPointer Root CA
Validity
Not Before: Apr 18 08:37:26 2025 GMT
Not After : Apr 18 08:37:26 2027 GMT
Subject: C = HU, ST = Budapest, L = Budapest, O = CyberPointer, OU = CP-P1, CN = > puffymikrotik@cyberpointer.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ad:ac:ec:07:16:66:c9> > 62:99:c7:7d:4f:02:
cd:34:dc:cf:80:4f:aa:6d:1d:8d:02:a1:2f:51:e5:
d0:18:dd:05:da:80:a9:2b:3c:ad:4e:9e:ba:64:3b:
58:0a:9c:dd:cb:26:69:6b:80:1f:29:44:9b:ba:a4:
5f:18:8a:89:0c:9f:d9:fe:d2:57:e4:bb:c0:2d:7e:
5c:46:6c:b3:23:8e:04:34:b1:8d:ac:4a:e2:81:5d:
c8:8b:0b:77:d3:3a:e8:71:0e:2b:8d:27:ef:ec:0e:
25:18:23:d3:5a:50:63:8b:53:f8:46:98:b4:e9:df:
55:6f:31:a5:06:b6:ca:8e:ce:a4:2e:db:59:5e:dd:
3e:0a:b5:37:d1:df:47:08:5a:15:71:98:5b:f0:f1:
98:83:b7:ea:dd:30:a6:ee:64:0b:8b:98:b3:7c:9b:
78:88:4e:40:80:ad:b5:d6:be:ec:c7:4e:72:92:3a:
65:be:0b:69:63:ee:69:c9:d0:68:bc:03:3e:9c:23:
3d:aa:95:16:2d:6c:c7:eb:6b:4b:c4:a0:10:c9:7c:
cf:a5:56:97:1e:98:4c:70:65:76:d1:95:4d:79:48:
1f:8a:0e:6d:d7:8a:b4:4e:fd:68:33:7f:c5:3e:1a:
a5:a4:87:76:44:24:c3:2e:74:ca:0a:f5:1e:28:6b:
a2:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Subject Key Identifier:
96:B5:D0:9C:CF:58:3D:82:FA:9E:91:2C:E8:C0:98:99:52:79:1E:08
X509v3 Authority Key Identifier:
4D:02:13:12:B6:97:0F:33:04:37:BC:59:51:D5:B4:5A:AF:A7:C3:B6
X509v3 Subject Alternative Name:
email:> puffymikrotik@cyberpointer.net
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
83:3c:3d:fb:4b:a5:bd:88:58:d8:58:be:57:bf:84:4e:d1:53:
9d:c5:d7:e5:e4:01:d6:66:94:a5:bc:b2:2d:8b:56:c1:27:1f:
1d:57:be:00:2c:b0:8e:46:87:e5:bf:4e:e4:3a:11:3b:56:6b:
53:c7:48:82:59:aa:8e:55:c3:9b:4d:7b:a3:f0:18:4e:09:87:
44:52:ae:a6:d5:b5:ce:c9:7c:67:ba:74:b8:d5:cb:88:ee:ec:
3f:d2:3a:06:12:14:48:8a:f3:f8:b0:56:26:c3:e0:a8:a0:c3:
f2:7e:bf:7c:5a:54:d6:d3:f5:29:c1:ef:cb:db:9c:11:e7:be:
09:76:19:d3:3c:6a:e3:69:b6:a5:bd:16:34:4c:d9:20:cb:fb:
01:ac:44:7d:7a:35:5e:9a:be:65:10:ff:44:7d:2c:a2:30:b9:
b9:93:ba:2a:d9:1f:fb:93:15:fe:04:fe:74:d2:04:fa:6a:28:
52:60:a5:65:82:0f:9f:f9:c4:fb:c4:b4:a5:52:83:24:16:7f:
a9:c0:cb:a7:49:7b:43:cf:c3:1c:7f:1f:7f> > 5a:38:a1:62:
ee:2b:ae:e5:8a:b7:c4:dc:df:01:11:2d:e0:c2:d5:5a:0c:9f:
89:6c:ae:26:03:bc:7d:8b:a7:3e:51:0f:20:7c:9a:a1:46:0f:
9d:8b:f2:58:90:7c:a8:6f:9d:ef:89:48:89:8b:df:90:ed:f6:
d2:91:fe:d0:21:b2:58:7f:31:62:da:5f:70:36:99:c3:e6:7e:
5a:9e:7f:75:05:34:19:f1:ca:8e:d8:b2:a5:65:50:db:30:97:
df:9e:b1:ef:d0:7b:fa:5a:87:c3:a3:4c:e3:e0:0c:86:9c:03:
fe:62:5d:f7:69:70:75:9d:ca:6e:57:80:65:8e:c4:eb:57:17:
4d:11:64:fb:ae:26:6a:12:56:58:06:7f:b4:69:5f:1f:6b:e7:
09:9c:9d:31:e2:fb:f9:44:95:eb:04:48:ba:76:92:6b:c4:cf:
bb:13:5c:5f:66:2a:b1:cb:50:b1:ef:a1:c4:33:89:60:8f:1d:
ee:73:fe:bd:3a:89:67:a5:a2:15:48:ca:53:0b:0e:f0:19:4c:
21:7d:c3:63:71:14:58:00:f1:5a:30:1e> > 67:50:93:fb:4c:
d5:54:53:fd:f2:93:52:df:af:04:88:18:5a:bc:85:c6:06:02:
00:f5:ca:37:8f:05:ad:78:42:78:6b:79:76:74:be:21:98:53:
6d:97:21:85:4d:04:15:94:26:35:eb:bd:ae:5a:0e> > 32:40:
2f:86:34:62:26:48:72:40:45:62:da:1b:0e:a0:71:ba:87:bd:
59:3b:a0:0d:96:58:d5:8e
Certificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : No
SSL server CA : No
Netscape SSL server : No
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : Yes
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
Time Stamp signing : No
Time Stamp signing CA : No

Certificates imported into Mikrotik:

154 KL A T name=“strongswanCert” digest-algorithm=sha256 key-type=rsa country=“HU” state=“Budapest” locality=“Budapest” organization=“CyberPointer” unit=“CP-P1” common-name=“CyberPointer Root CA” key-size=4096 subject-alt-name=“” days-valid=3650 trusted=yes
key-usage=key-cert-sign,crl-sign ca-crl-host=“193.188.192.110” serial-number=“2CB7DCD6AACFA4E8” fingerprint=“0765213eec812ad2dba4f7e0677d276f50eba3595b2420daa92d29b8759df054” akid=“” skid=4d021312b6970f330437bc5951d5b45aafa7c3b6
invalid-before=2025-04-18 10:26:19 invalid-after=2035-04-16 10:26:19 expires-after=520w6d2h53m58s

155 K I name=“vpnHostCert” digest-algorithm=sha256 key-type=rsa country=“HU” state=“Budapest” locality=“Budapest” organization=“CyberPointer” unit=“CP-P1” common-name=“193.188.192.110” key-size=2048
subject-alt-name=IP:193.188.192.110,DNS:protection1.cyberpointer.net days-valid=730 trusted=no key-usage=digital-signature,key-encipherment,tls-server ca=strongswanCert serial-number=“43DA0808FFF81225”
fingerprint=“fed4ca7da29eb1f1d40b88a336ad776305c7b3fb86b345668ac34072a5c346a2” akid=4d021312b6970f330437bc5951d5b45aafa7c3b6 skid=7faab2cff82daa9d85f718ce8413c3fa0885ea5c invalid-before=2025-04-18 10:33:05 invalid-after=2027-04-18 10:33:05
expires-after=103w5d3h44s

156 K I name=“PuffyMikrotikCert” digest-algorithm=sha256 key-type=rsa country=“HU” state=“Budapest” locality=“Budapest” organization=“CyberPointer” unit=“CP-P1” common-name="> puffymikrotik@cyberpointer.net> " key-size=2048
subject-alt-name=email:> puffymikrotik@cyberpointer.net > days-valid=730 trusted=no key-usage=tls-client ca=strongswanCert serial-number=“497DC418D2C2C431” fingerprint=“562b998aa5c17d26dd3ac9017d0e9f329d7c5ed2682d15360164e701cbfe32a3”
akid=4d021312b6970f330437bc5951d5b45aafa7c3b6 skid=96b5d09ccf583d82fa9e912ce8c0989952791e08 invalid-before=2025-04-18 10:37:26 invalid-after=2027-04-18 10:37:26 expires-after=103w5d3h5m5s

Thank you!

Regards: DrCyberg

sindy · April 22, 2025, 6:11am

Everything looks OK to me. Do the logs from both the Strongswan and the Mikrotik look the same with this set of certificates? What RouterOS version are you testing that with?

Just a security related remark, there is no reason why the Mikrotik should have the private key for any other certificate than its own one. The private key is only necessary to present the own certificate to other entities, not to verify a certificate presented by another entity.

drcyberg · April 23, 2025, 6:02am

My Mikrotik router:
Board name: hAP ax^2
Version: 7.18.2 (stable)

Linux Strongswan client config:

Works by linux:

2025-04-23T07:31:45.940976+02:00 cyberpointer charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
2025-04-23T07:31:45.941067+02:00 cyberpointer charon: 00[JOB] spawning 16 worker threads
2025-04-23T07:31:45.957201+02:00 cyberpointer ipsec[67122]: charon (67128) started after 80 ms
2025-04-23T07:31:45.957567+02:00 cyberpointer charon: 10[CFG] received stroke: add connection ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:31:45.957708+02:00 cyberpointer charon: 10[CFG] adding virtual IP address pool 10.0.1.1/32
2025-04-23T07:31:45.957844+02:00 cyberpointer charon: 10[CFG] ‘ikev2-vpn-rsa-cp-1’ has both left- and rightsourceip, but IKE can negotiate one virtual IP only, ignoring local virtual IP
2025-04-23T07:31:45.957984+02:00 cyberpointer charon: 10[CFG] loaded certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=193.188.192.110” from ‘vpnHostCert.pem’
2025-04-23T07:31:45.958231+02:00 cyberpointer charon: 10[CFG] loaded certificate "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> " from ‘PuffyMikrotikCert.pem’
2025-04-23T07:31:45.958346+02:00 cyberpointer charon: 10[CFG] id ‘%any’ not confirmed by certificate, defaulting to 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:31:45.958476+02:00 cyberpointer charon: 10[CFG] added configuration ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:31:54.104507+02:00 cyberpointer charon: 14[NET] received packet: from 185.27.62.231[46645] to 193.188.192.110[500] (1096 bytes)
2025-04-23T07:31:54.104715+02:00 cyberpointer charon: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
2025-04-23T07:31:54.104778+02:00 cyberpointer charon: 14[IKE] 185.27.62.231 is initiating an IKE_SA
2025-04-23T07:31:54.104908+02:00 cyberpointer charon: 14[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
2025-04-23T07:31:54.104991+02:00 cyberpointer charon: 14[IKE] remote host is behind NAT
2025-04-23T07:31:54.105063+02:00 cyberpointer charon: 14[IKE] DH group CURVE_25519 unacceptable, requesting MODP_2048
2025-04-23T07:31:54.105124+02:00 cyberpointer charon: 14[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
2025-04-23T07:31:54.105189+02:00 cyberpointer charon: 14[NET] sending packet: from 193.188.192.110[500] to 185.27.62.231[46645] (38 bytes)
2025-04-23T07:31:54.248181+02:00 cyberpointer charon: 11[NET] received packet: from 185.27.62.231[46645] to 193.188.192.110[500] (1320 bytes)
2025-04-23T07:31:54.248404+02:00 cyberpointer charon: 11[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
2025-04-23T07:31:54.248490+02:00 cyberpointer charon: 11[IKE] 185.27.62.231 is initiating an IKE_SA
2025-04-23T07:31:54.248699+02:00 cyberpointer charon: 11[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
2025-04-23T07:31:54.250853+02:00 cyberpointer charon: 11[IKE] remote host is behind NAT
2025-04-23T07:31:54.252119+02:00 cyberpointer charon: 11[IKE] sending cert request for “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:31:54.252207+02:00 cyberpointer charon: 11[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
2025-04-23T07:31:54.252360+02:00 cyberpointer charon: 11[NET] sending packet: from 193.188.192.110[500] to 185.27.62.231[46645] (489 bytes)
2025-04-23T07:31:54.262097+02:00 cyberpointer charon: 12[NET] received packet: from 185.27.62.231[37494] to 193.188.192.110[4500] (2172 bytes)
2025-04-23T07:31:54.267681+02:00 cyberpointer charon: 12[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS NBNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
2025-04-23T07:31:54.269172+02:00 cyberpointer ipsec[67128]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.13, Linux 6.8.0-58-generic, x86_64)
2025-04-23T07:31:54.269260+02:00 cyberpointer ipsec[67128]: 00[CFG] PKCS11 module ‘’ lacks library path
2025-04-23T07:31:54.269388+02:00 cyberpointer ipsec[67128]: 00[LIB] providers loaded by OpenSSL: legacy default
2025-04-23T07:31:54.269428+02:00 cyberpointer ipsec[67128]: 00[CFG] using ‘/sbin/resolvconf’ to install DNS servers
2025-04-23T07:31:54.269460+02:00 cyberpointer ipsec[67128]: 00[NET] using forecast interface eth0
2025-04-23T07:31:54.269506+02:00 cyberpointer ipsec[67128]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
2025-04-23T07:31:54.269558+02:00 cyberpointer ipsec[67128]: 00[CFG] loading ca certificates from ‘/etc/ipsec.d/cacerts’
2025-04-23T07:31:54.269625+02:00 cyberpointer ipsec[67128]: 00[CFG] loaded ca certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA” from ‘/etc/ipsec.d/cacerts/strongswanCert.pem’
2025-04-23T07:31:54.269657+02:00 cyberpointer ipsec[67128]: 00[CFG] loading aa certificates from ‘/etc/ipsec.d/aacerts’
2025-04-23T07:31:54.269681+02:00 cyberpointer ipsec[67128]: 00[CFG] loading ocsp signer certificates from ‘/etc/ipsec.d/ocspcerts’
2025-04-23T07:31:54.269737+02:00 cyberpointer ipsec[67128]: 00[CFG] loading attribute certificates from ‘/etc/ipsec.d/acerts’
2025-04-23T07:31:54.269763+02:00 cyberpointer ipsec[67128]: 00[CFG] loading crls from ‘/etc/ipsec.d/crls’
2025-04-23T07:31:54.269786+02:00 cyberpointer ipsec[67128]: 00[CFG] loading secrets from ‘/etc/ipsec.secrets’
2025-04-23T07:31:54.269810+02:00 cyberpointer ipsec[67128]: 00[CFG] loaded RSA private key from ‘/etc/ipsec.d/private/vpnHostKey.pem’
2025-04-23T07:31:54.269845+02:00 cyberpointer ipsec[67128]: 00[CFG] loaded 0 RADIUS server configurations
2025-04-23T07:31:54.269878+02:00 cyberpointer ipsec[67128]: 00[CFG] HA config misses local/remote address
2025-04-23T07:31:54.269923+02:00 cyberpointer ipsec[67128]: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm ntru drbg curl attr kernel-netlink resolve socket-default connmark forecast farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters
2025-04-23T07:31:54.270259+02:00 cyberpointer ipsec[67128]: 00[LIB] dropped capabilities, running as uid 0, gid 0
2025-04-23T07:31:54.270286+02:00 cyberpointer ipsec[67128]: 00[JOB] spawning 16 worker threads
2025-04-23T07:31:54.270309+02:00 cyberpointer ipsec[67128]: 10[CFG] received stroke: add connection ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:31:54.270332+02:00 cyberpointer ipsec[67128]: 10[CFG] adding virtual IP address pool 10.0.1.1/32
2025-04-23T07:31:54.270355+02:00 cyberpointer ipsec[67128]: 10[CFG] ‘ikev2-vpn-rsa-cp-1’ has both left- and rightsourceip, but IKE can negotiate one virtual IP only, ignoring local virtual IP
2025-04-23T07:31:54.270393+02:00 cyberpointer charon: 12[IKE] received cert request for “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:31:54.270447+02:00 cyberpointer ipsec[67128]: 10[CFG] loaded certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=193.188.192.110” from ‘vpnHostCert.pem’
2025-04-23T07:31:54.270479+02:00 cyberpointer ipsec[67128]: 10[CFG] loaded certificate "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> " from ‘PuffyMikrotikCert.pem’
2025-04-23T07:31:54.270505+02:00 cyberpointer ipsec[67128]: 10[CFG] id ‘%any’ not confirmed by certificate, defaulting to 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:31:54.270528+02:00 cyberpointer ipsec[67128]: 10[CFG] added configuration ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:31:54.270551+02:00 cyberpointer ipsec[67128]: 14[NET] received packet: from 185.27.62.231[46645] to 193.188.192.110[500] (1096 bytes)
2025-04-23T07:31:54.270574+02:00 cyberpointer ipsec[67128]: 14[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
2025-04-23T07:31:54.270621+02:00 cyberpointer ipsec[67128]: 14[IKE] 185.27.62.231 is initiating an IKE_SA
2025-04-23T07:31:54.270662+02:00 cyberpointer ipsec[67128]: 14[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
2025-04-23T07:31:54.270705+02:00 cyberpointer ipsec[67128]: 14[IKE] remote host is behind NAT
2025-04-23T07:31:54.270745+02:00 cyberpointer ipsec[67128]: 14[IKE] DH group CURVE_25519 unacceptable, requesting MODP_2048
2025-04-23T07:31:54.270814+02:00 cyberpointer ipsec[67128]: 14[ENC] generating IKE_SA_INIT response 0 [ N(INVAL_KE) ]
2025-04-23T07:31:54.270867+02:00 cyberpointer ipsec[67128]: 14[NET] sending packet: from 193.188.192.110[500] to 185.27.62.231[46645] (38 bytes)
2025-04-23T07:31:54.271894+02:00 cyberpointer ipsec[67128]: 11[NET] received packet: from 185.27.62.231[46645] to 193.188.192.110[500] (1320 bytes)
2025-04-23T07:31:54.272111+02:00 cyberpointer ipsec[67128]: 11[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
2025-04-23T07:31:54.272285+02:00 cyberpointer ipsec[67128]: 11[IKE] 185.27.62.231 is initiating an IKE_SA
2025-04-23T07:31:54.272430+02:00 cyberpointer ipsec[67128]: 11[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
2025-04-23T07:31:54.272572+02:00 cyberpointer ipsec[67128]: 11[IKE] remote host is behind NAT
2025-04-23T07:31:54.272712+02:00 cyberpointer ipsec[67128]: 11[IKE] sending cert request for “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:31:54.272852+02:00 cyberpointer ipsec[67128]: 11[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(CHDLESS_SUP) N(MULT_AUTH) ]
2025-04-23T07:31:54.273009+02:00 cyberpointer ipsec[67128]: 11[NET] sending packet: from 193.188.192.110[500] to 185.27.62.231[46645] (489 bytes)
2025-04-23T07:31:54.273168+02:00 cyberpointer ipsec[67128]: 12[NET] received packet: from 185.27.62.231[37494] to 193.188.192.110[4500] (2172 bytes)
2025-04-23T07:31:54.273305+02:00 cyberpointer ipsec[67128]: 12[ENC] parsed IKE_AUTH request 1 [ IDi CERT N(INIT_CONTACT) CERTREQ AUTH CPRQ(ADDR ADDR6 DNS NBNS DNS6) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
2025-04-23T07:31:54.273454+02:00 cyberpointer charon: 12[IKE] received end entity cert "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:31:54.273729+02:00 cyberpointer charon: 12[CFG] looking for peer configs matching 193.188.192.110[%any]…185.27.62.231[C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-23T07:31:54.273940+02:00 cyberpointer charon: 12[CFG] selected peer config ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:31:54.274119+02:00 cyberpointer charon: 12[CFG] using trusted certificate "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:31:54.274292+02:00 cyberpointer charon: 12[CFG] using trusted ca certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:31:54.274398+02:00 cyberpointer charon: 12[CFG] reached self-signed root ca with a path length of 0
2025-04-23T07:31:54.274687+02:00 cyberpointer charon: 12[CFG] checking certificate status of "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:31:54.274945+02:00 cyberpointer charon: 12[CFG] certificate status is not available
2025-04-23T07:31:54.275055+02:00 cyberpointer charon: 12[IKE] authentication of 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’ with RSA_EMSA_PKCS1_SHA2_256 successful
2025-04-23T07:31:54.275135+02:00 cyberpointer charon: 12[IKE] peer supports MOBIKE
2025-04-23T07:31:54.275188+02:00 cyberpointer charon: 12[IKE] authentication of ‘193.188.192.110’ (myself) with RSA_EMSA_PKCS1_SHA2_256 successful
2025-04-23T07:31:54.275236+02:00 cyberpointer charon: 12[IKE] sending end entity cert “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=193.188.192.110”
2025-04-23T07:31:54.275284+02:00 cyberpointer charon: 12[IKE] peer requested virtual IP %any
2025-04-23T07:31:54.275325+02:00 cyberpointer charon: 12[CFG] assigning new lease to 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:31:54.275372+02:00 cyberpointer charon: 12[IKE] assigning virtual IP 10.0.1.1 to peer 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:31:54.275429+02:00 cyberpointer charon: 12[IKE] peer requested virtual IP %any6
2025-04-23T07:31:54.276075+02:00 cyberpointer charon: 12[IKE] no virtual IP found for %any6 requested by 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:31:54.276260+02:00 cyberpointer charon: 12[IKE] IKE_SA ikev2-vpn-rsa-cp-1[2] established between 193.188.192.110[193.188.192.110]…185.27.62.231[C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-23T07:31:54.276516+02:00 cyberpointer charon: 12[IKE] scheduling reauthentication in 3402s
2025-04-23T07:31:54.276609+02:00 cyberpointer charon: 12[IKE] maximum IKE_SA lifetime 3582s
2025-04-23T07:31:54.277075+02:00 cyberpointer charon: 12[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQ
2025-04-23T07:31:54.277202+02:00 cyberpointer charon: 12[IKE] CHILD_SA ikev2-vpn-rsa-cp-1{1} established with SPIs c233e792_i c0da0d5e_o and TS 0.0.0.0/0 === 10.0.1.0/24
2025-04-23T07:31:54.288714+02:00 cyberpointer vpn: + C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net > 10.0.1.0/24 == 185.27.62.231 – 193.188.192.110 == 0.0.0.0/0
2025-04-23T07:31:54.289366+02:00 cyberpointer charon: 12[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) ]
2025-04-23T07:31:54.289521+02:00 cyberpointer charon: 12[NET] sending packet: from 193.188.192.110[4500] to 185.27.62.231[37494] (1836 bytes)
2025-04-23T07:31:54.400524+02:00 cyberpointer charon: 15[NET] received packet: from 185.27.62.231[37494] to 193.188.192.110[4500] (108 bytes)
2025-04-23T07:31:54.400639+02:00 cyberpointer charon: 15[ENC] parsed INFORMATIONAL request 2 [ N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) ]
2025-04-23T07:31:54.400703+02:00 cyberpointer charon: 15[ENC] generating INFORMATIONAL response 2
2025-04-23T07:31:54.400811+02:00 cyberpointer charon: 15[NET] sending packet: from 193.188.192.110[4500] to 185.27.62.231[37494] (76 bytes)
2025-04-23T07:31:57.332797+02:00 cyberpointer charon: 04[NET] received packet: from 185.27.62.231[37494] to 193.188.192.110[4500] (76 bytes)
2025-04-23T07:31:57.333112+02:00 cyberpointer charon: 04[ENC] parsed INFORMATIONAL request 3 [ D ]
2025-04-23T07:31:57.333203+02:00 cyberpointer charon: 04[IKE] received DELETE for IKE_SA ikev2-vpn-rsa-cp-1[2]
2025-04-23T07:31:57.333318+02:00 cyberpointer charon: 04[IKE] deleting IKE_SA ikev2-vpn-rsa-cp-1[2] between 193.188.192.110[193.188.192.110]…185.27.62.231[C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-23T07:31:57.333467+02:00 cyberpointer charon: 04[IKE] unable to reestablish IKE_SA due to asymmetric setup
2025-04-23T07:31:57.333517+02:00 cyberpointer charon: 04[IKE] IKE_SA deleted
2025-04-23T07:31:57.359791+02:00 cyberpointer vpn: - C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net > 10.0.1.0/24 == 185.27.62.231 – 193.188.192.110 == 0.0.0.0/0
2025-04-23T07:31:57.360268+02:00 cyberpointer charon: 04[ENC] generating INFORMATIONAL response 3
2025-04-23T07:31:57.360392+02:00 cyberpointer charon: 04[NET] sending packet: from 193.188.192.110[4500] to 185.27.62.231[37494] (76 bytes)
2025-04-23T07:31:57.361020+02:00 cyberpointer charon: 04[CFG] lease 10.0.1.1 by 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’ went offline

Works by Windows:

2025-04-23T07:45:16.620153+02:00 cyberpointer charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
2025-04-23T07:45:16.620231+02:00 cyberpointer charon: 00[JOB] spawning 16 worker threads
2025-04-23T07:45:16.637365+02:00 cyberpointer ipsec[67341]: charon (67347) started after 60 ms
2025-04-23T07:45:16.637707+02:00 cyberpointer charon: 15[CFG] received stroke: add connection ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:45:16.637819+02:00 cyberpointer charon: 15[CFG] adding virtual IP address pool 10.0.1.1/32
2025-04-23T07:45:16.637964+02:00 cyberpointer charon: 15[CFG] ‘ikev2-vpn-rsa-cp-1’ has both left- and rightsourceip, but IKE can negotiate one virtual IP only, ignoring local virtual IP
2025-04-23T07:45:16.638115+02:00 cyberpointer charon: 15[CFG] loaded certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=193.188.192.110” from ‘vpnHostCert.pem’
2025-04-23T07:45:16.638275+02:00 cyberpointer charon: 15[CFG] loaded certificate "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> " from ‘PuffyMikrotikCert.pem’
2025-04-23T07:45:16.638411+02:00 cyberpointer charon: 15[CFG] id ‘%any’ not confirmed by certificate, defaulting to 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:45:16.638540+02:00 cyberpointer charon: 15[CFG] added configuration ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:45:23.302309+02:00 cyberpointer charon: 08[NET] received packet: from 185.27.62.231[500] to 193.188.192.110[500] (632 bytes)
2025-04-23T07:45:23.302473+02:00 cyberpointer charon: 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
2025-04-23T07:45:23.302567+02:00 cyberpointer charon: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
2025-04-23T07:45:23.302641+02:00 cyberpointer charon: 08[IKE] received MS-Negotiation Discovery Capable vendor ID
2025-04-23T07:45:23.302717+02:00 cyberpointer charon: 08[IKE] received Vid-Initial-Contact vendor ID
2025-04-23T07:45:23.302792+02:00 cyberpointer charon: 08[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49> > 9a:1c:5b:2a:51:00:00:00:02
2025-04-23T07:45:23.302875+02:00 cyberpointer charon: 08[IKE] 185.27.62.231 is initiating an IKE_SA
2025-04-23T07:45:23.303011+02:00 cyberpointer charon: 08[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
2025-04-23T07:45:23.304778+02:00 cyberpointer charon: 08[IKE] remote host is behind NAT
2025-04-23T07:45:23.305814+02:00 cyberpointer charon: 08[IKE] sending cert request for “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:45:23.305908+02:00 cyberpointer charon: 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(CHDLESS_SUP) N(MULT_AUTH) ]
2025-04-23T07:45:23.305997+02:00 cyberpointer charon: 08[NET] sending packet: from 193.188.192.110[500] to 185.27.62.231[500] (473 bytes)
2025-04-23T07:45:23.324291+02:00 cyberpointer charon: 08[NET] received packet: from 185.27.62.231[4500] to 193.188.192.110[4500] (3308 bytes)
2025-04-23T07:45:23.329118+02:00 cyberpointer charon: 08[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
2025-04-23T07:45:23.330506+02:00 cyberpointer charon: 08[IKE] received cert request for “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:45:23.336723+02:00 cyberpointer charon: 08[IKE] received 63 cert requests for an unknown ca
2025-04-23T07:45:23.336792+02:00 cyberpointer charon: 08[IKE] received end entity cert "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:45:23.336874+02:00 cyberpointer charon: 08[CFG] looking for peer configs matching 193.188.192.110[%any]…185.27.62.231[C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-23T07:45:23.336963+02:00 cyberpointer ipsec[67347]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.13, Linux 6.8.0-58-generic, x86_64)
2025-04-23T07:45:23.336993+02:00 cyberpointer ipsec[67347]: 00[CFG] PKCS11 module ‘’ lacks library path
2025-04-23T07:45:23.337017+02:00 cyberpointer ipsec[67347]: 00[LIB] providers loaded by OpenSSL: legacy default
2025-04-23T07:45:23.337041+02:00 cyberpointer ipsec[67347]: 00[CFG] using ‘/sbin/resolvconf’ to install DNS servers
2025-04-23T07:45:23.337064+02:00 cyberpointer ipsec[67347]: 00[NET] using forecast interface eth0
2025-04-23T07:45:23.337086+02:00 cyberpointer ipsec[67347]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
2025-04-23T07:45:23.337108+02:00 cyberpointer ipsec[67347]: 00[CFG] loading ca certificates from ‘/etc/ipsec.d/cacerts’
2025-04-23T07:45:23.337173+02:00 cyberpointer ipsec[67347]: 00[CFG] loaded ca certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA” from ‘/etc/ipsec.d/cacerts/strongswanCert.pem’
2025-04-23T07:45:23.337223+02:00 cyberpointer ipsec[67347]: 00[CFG] loading aa certificates from ‘/etc/ipsec.d/aacerts’
2025-04-23T07:45:23.337251+02:00 cyberpointer ipsec[67347]: 00[CFG] loading ocsp signer certificates from ‘/etc/ipsec.d/ocspcerts’
2025-04-23T07:45:23.337274+02:00 cyberpointer ipsec[67347]: 00[CFG] loading attribute certificates from ‘/etc/ipsec.d/acerts’
2025-04-23T07:45:23.337297+02:00 cyberpointer ipsec[67347]: 00[CFG] loading crls from ‘/etc/ipsec.d/crls’
2025-04-23T07:45:23.337319+02:00 cyberpointer ipsec[67347]: 00[CFG] loading secrets from ‘/etc/ipsec.secrets’
2025-04-23T07:45:23.337355+02:00 cyberpointer ipsec[67347]: 00[CFG] loaded RSA private key from ‘/etc/ipsec.d/private/vpnHostKey.pem’
2025-04-23T07:45:23.337379+02:00 cyberpointer ipsec[67347]: 00[CFG] loaded 0 RADIUS server configurations
2025-04-23T07:45:23.337402+02:00 cyberpointer ipsec[67347]: 00[CFG] HA config misses local/remote address
2025-04-23T07:45:23.337428+02:00 cyberpointer ipsec[67347]: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm ntru drbg curl attr kernel-netlink resolve socket-default connmark forecast farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters
2025-04-23T07:45:23.337480+02:00 cyberpointer ipsec[67347]: 00[LIB] dropped capabilities, running as uid 0, gid 0
2025-04-23T07:45:23.337505+02:00 cyberpointer ipsec[67347]: 00[JOB] spawning 16 worker threads
2025-04-23T07:45:23.337528+02:00 cyberpointer ipsec[67347]: 15[CFG] received stroke: add connection ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:45:23.337551+02:00 cyberpointer ipsec[67347]: 15[CFG] adding virtual IP address pool 10.0.1.1/32
2025-04-23T07:45:23.337574+02:00 cyberpointer ipsec[67347]: 15[CFG] ‘ikev2-vpn-rsa-cp-1’ has both left- and rightsourceip, but IKE can negotiate one virtual IP only, ignoring local virtual IP
2025-04-23T07:45:23.337644+02:00 cyberpointer charon: 08[CFG] selected peer config ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:45:23.337721+02:00 cyberpointer ipsec[67347]: 15[CFG] loaded certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=193.188.192.110” from ‘vpnHostCert.pem’
2025-04-23T07:45:23.337748+02:00 cyberpointer ipsec[67347]: 15[CFG] loaded certificate "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> " from ‘PuffyMikrotikCert.pem’
2025-04-23T07:45:23.337775+02:00 cyberpointer ipsec[67347]: 15[CFG] id ‘%any’ not confirmed by certificate, defaulting to 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:45:23.337798+02:00 cyberpointer ipsec[67347]: 15[CFG] added configuration ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:45:23.337821+02:00 cyberpointer ipsec[67347]: 08[NET] received packet: from 185.27.62.231[500] to 193.188.192.110[500] (632 bytes)
2025-04-23T07:45:23.337843+02:00 cyberpointer ipsec[67347]: 08[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(FRAG_SUP) N(NATD_S_IP) N(NATD_D_IP) V V V V ]
2025-04-23T07:45:23.337865+02:00 cyberpointer ipsec[67347]: 08[IKE] received MS NT5 ISAKMPOAKLEY v9 vendor ID
2025-04-23T07:45:23.337886+02:00 cyberpointer ipsec[67347]: 08[IKE] received MS-Negotiation Discovery Capable vendor ID
2025-04-23T07:45:23.337923+02:00 cyberpointer ipsec[67347]: 08[IKE] received Vid-Initial-Contact vendor ID
2025-04-23T07:45:23.337948+02:00 cyberpointer ipsec[67347]: 08[ENC] received unknown vendor ID: 01:52:8b:bb:c0:06:96:12:18:49> > 9a:1c:5b:2a:51:00:00:00:02
2025-04-23T07:45:23.337970+02:00 cyberpointer ipsec[67347]: 08[IKE] 185.27.62.231 is initiating an IKE_SA
2025-04-23T07:45:23.337991+02:00 cyberpointer ipsec[67347]: 08[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
2025-04-23T07:45:23.338022+02:00 cyberpointer ipsec[67347]: 08[IKE] remote host is behind NAT
2025-04-23T07:45:23.338048+02:00 cyberpointer ipsec[67347]: 08[IKE] sending cert request for “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:45:23.338071+02:00 cyberpointer ipsec[67347]: 08[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(CHDLESS_SUP) N(MULT_AUTH) ]
2025-04-23T07:45:23.338099+02:00 cyberpointer ipsec[67347]: 08[NET] sending packet: from 193.188.192.110[500] to 185.27.62.231[500] (473 bytes)
2025-04-23T07:45:23.338124+02:00 cyberpointer ipsec[67347]: 08[NET] received packet: from 185.27.62.231[4500] to 193.188.192.110[4500] (3308 bytes)
2025-04-23T07:45:23.338146+02:00 cyberpointer ipsec[67347]: 08[ENC] parsed IKE_AUTH request 1 [ IDi CERT CERTREQ AUTH N(MOBIKE_SUP) CPRQ(ADDR DNS NBNS SRV ADDR6 DNS6 SRV6) SA TSi TSr ]
2025-04-23T07:45:23.338172+02:00 cyberpointer ipsec[67347]: 08[IKE] received cert request for “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:45:23.338194+02:00 cyberpointer ipsec[67347]: 08[IKE] received 63 cert requests for an unknown ca
2025-04-23T07:45:23.338241+02:00 cyberpointer ipsec[67347]: 08[IKE] received end entity cert "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:45:23.338280+02:00 cyberpointer charon: 08[CFG] using trusted certificate "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:45:23.338330+02:00 cyberpointer ipsec[67347]: 08[CFG] looking for peer configs matching 193.188.192.110[%any]…185.27.62.231[C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-23T07:45:23.338378+02:00 cyberpointer charon: 08[CFG] using trusted ca certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:45:23.338421+02:00 cyberpointer charon: 08[CFG] reached self-signed root ca with a path length of 0
2025-04-23T07:45:23.338498+02:00 cyberpointer charon: 08[CFG] checking certificate status of "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:45:23.338544+02:00 cyberpointer charon: 08[CFG] certificate status is not available
2025-04-23T07:45:23.338579+02:00 cyberpointer charon: 08[IKE] authentication of 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’ with RSA signature successful
2025-04-23T07:45:23.338642+02:00 cyberpointer charon: 08[IKE] peer supports MOBIKE
2025-04-23T07:45:23.340858+02:00 cyberpointer charon: 08[IKE] authentication of ‘193.188.192.110’ (myself) with RSA signature successful
2025-04-23T07:45:23.340989+02:00 cyberpointer charon: 08[IKE] sending end entity cert “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=193.188.192.110”
2025-04-23T07:45:23.341054+02:00 cyberpointer charon: 08[IKE] peer requested virtual IP %any
2025-04-23T07:45:23.341123+02:00 cyberpointer charon: 08[CFG] assigning new lease to 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:45:23.341174+02:00 cyberpointer charon: 08[IKE] assigning virtual IP 10.0.1.1 to peer 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:45:23.341234+02:00 cyberpointer charon: 08[IKE] peer requested virtual IP %any6
2025-04-23T07:45:23.341287+02:00 cyberpointer charon: 08[IKE] no virtual IP found for %any6 requested by 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:45:23.341337+02:00 cyberpointer charon: 08[IKE] IKE_SA ikev2-vpn-rsa-cp-1[1] established between 193.188.192.110[193.188.192.110]…185.27.62.231[C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-23T07:45:23.341540+02:00 cyberpointer charon: 08[IKE] scheduling reauthentication in 3280s
2025-04-23T07:45:23.341605+02:00 cyberpointer charon: 08[IKE] maximum IKE_SA lifetime 3460s
2025-04-23T07:45:23.341656+02:00 cyberpointer charon: 08[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
2025-04-23T07:45:23.341704+02:00 cyberpointer charon: 08[IKE] CHILD_SA ikev2-vpn-rsa-cp-1{1} established with SPIs c7f8d895_i 4d42edb8_o and TS 0.0.0.0/0 === 10.0.1.0/24
2025-04-23T07:45:23.354831+02:00 cyberpointer vpn: + C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net > 10.0.1.0/24 == 185.27.62.231 – 193.188.192.110 == 0.0.0.0/0
2025-04-23T07:45:23.355149+02:00 cyberpointer charon: 08[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_6_ADDR) ]
2025-04-23T07:45:23.355315+02:00 cyberpointer charon: 08[NET] sending packet: from 193.188.192.110[4500] to 185.27.62.231[4500] (1820 bytes)
2025-04-23T07:45:27.112500+02:00 cyberpointer charon: 07[NET] received packet: from 185.27.62.231[4500] to 193.188.192.110[4500] (76 bytes)
2025-04-23T07:45:27.112807+02:00 cyberpointer charon: 07[ENC] parsed INFORMATIONAL request 2 [ D ]
2025-04-23T07:45:27.112876+02:00 cyberpointer charon: 07[IKE] received DELETE for ESP CHILD_SA with SPI 4d42edb8
2025-04-23T07:45:27.112920+02:00 cyberpointer charon: 07[IKE] closing CHILD_SA ikev2-vpn-rsa-cp-1{1} with SPIs c7f8d895_i (26580 bytes) 4d42edb8_o (16906 bytes) and TS 0.0.0.0/0 === 10.0.1.0/24
2025-04-23T07:45:27.113041+02:00 cyberpointer charon: 07[IKE] sending DELETE for ESP CHILD_SA with SPI c7f8d895
2025-04-23T07:45:27.113093+02:00 cyberpointer charon: 07[IKE] CHILD_SA closed
2025-04-23T07:45:27.135018+02:00 cyberpointer vpn: - C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net > 10.0.1.0/24 == 185.27.62.231 – 193.188.192.110 == 0.0.0.0/0
2025-04-23T07:45:27.135935+02:00 cyberpointer charon: 07[IKE] establishing CHILD_SA ikev2-vpn-rsa-cp-1{2} reqid 1
2025-04-23T07:45:27.136960+02:00 cyberpointer charon: 07[ENC] generating CREATE_CHILD_SA request 0 [ SA No KE TSi TSr ]
2025-04-23T07:45:27.137083+02:00 cyberpointer charon: 07[NET] sending packet: from 193.188.192.110[4500] to 185.27.62.231[4500] (732 bytes)
2025-04-23T07:45:27.137790+02:00 cyberpointer charon: 07[ENC] generating INFORMATIONAL response 2 [ D ]
2025-04-23T07:45:27.137858+02:00 cyberpointer charon: 07[NET] sending packet: from 193.188.192.110[4500] to 185.27.62.231[4500] (76 bytes)
2025-04-23T07:45:27.149926+02:00 cyberpointer charon: 06[NET] received packet: from 185.27.62.231[4500] to 193.188.192.110[4500] (76 bytes)
2025-04-23T07:45:27.150083+02:00 cyberpointer charon: 06[ENC] parsed INFORMATIONAL request 3 [ D ]
2025-04-23T07:45:27.150152+02:00 cyberpointer charon: 06[IKE] received DELETE for IKE_SA ikev2-vpn-rsa-cp-1[1]
2025-04-23T07:45:27.150215+02:00 cyberpointer charon: 06[IKE] deleting IKE_SA ikev2-vpn-rsa-cp-1[1] between 193.188.192.110[193.188.192.110]…185.27.62.231[C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-23T07:45:27.150332+02:00 cyberpointer charon: 06[IKE] unable to reestablish IKE_SA due to asymmetric setup
2025-04-23T07:45:27.150406+02:00 cyberpointer charon: 06[IKE] IKE_SA deleted
2025-04-23T07:45:27.150576+02:00 cyberpointer charon: 06[ENC] generating INFORMATIONAL response 3
2025-04-23T07:45:27.150645+02:00 cyberpointer charon: 06[NET] sending packet: from 193.188.192.110[4500] to 185.27.62.231[4500] (76 bytes)
2025-04-23T07:45:27.150702+02:00 cyberpointer charon: 06[CFG] lease 10.0.1.1 by 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’ went offline

Does not works by Mikrotik:

2025-04-23T07:32:50.624553+02:00 cyberpointer charon: 00[JOB] spawning 16 worker threads
2025-04-23T07:32:50.635745+02:00 cyberpointer ipsec[67189]: charon (67194) started after 60 ms
2025-04-23T07:32:50.635950+02:00 cyberpointer charon: 07[CFG] received stroke: add connection ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:32:50.636711+02:00 cyberpointer charon: 07[CFG] adding virtual IP address pool 10.0.1.1/32
2025-04-23T07:32:50.636818+02:00 cyberpointer charon: 07[CFG] ‘ikev2-vpn-rsa-cp-1’ has both left- and rightsourceip, but IKE can negotiate one virtual IP only, ignoring local virtual IP
2025-04-23T07:32:50.636968+02:00 cyberpointer charon: 07[CFG] loaded certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=193.188.192.110” from ‘vpnHostCert.pem’
2025-04-23T07:32:50.637162+02:00 cyberpointer charon: 07[CFG] loaded certificate "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> " from ‘PuffyMikrotikCert.pem’
2025-04-23T07:32:50.638346+02:00 cyberpointer charon: 07[CFG] id ‘%any’ not confirmed by certificate, defaulting to 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:32:50.638404+02:00 cyberpointer charon: 07[CFG] added configuration ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:32:50.640777+02:00 cyberpointer systemd[66927]: launchpadlib-cache-clean.service - Clean up old files in the Launchpadlib cache was skipped because of an unmet condition check (ConditionPathExists=/root/.launchpadlib/api.launchpad.net/cache).
2025-04-23T07:33:23.076048+02:00 cyberpointer charon: 10[NET] received packet: from 79.122.83.224[500] to 193.188.192.110[500] (432 bytes)
2025-04-23T07:33:23.077352+02:00 cyberpointer charon: 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
2025-04-23T07:33:23.077469+02:00 cyberpointer charon: 10[IKE] 79.122.83.224 is initiating an IKE_SA
2025-04-23T07:33:23.077627+02:00 cyberpointer charon: 10[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
2025-04-23T07:33:23.078276+02:00 cyberpointer charon: 10[IKE] remote host is behind NAT
2025-04-23T07:33:23.079429+02:00 cyberpointer charon: 10[IKE] sending cert request for “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:33:23.079507+02:00 cyberpointer charon: 10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(CHDLESS_SUP) N(MULT_AUTH) ]
2025-04-23T07:33:23.079589+02:00 cyberpointer charon: 10[NET] sending packet: from 193.188.192.110[500] to 79.122.83.224[500] (473 bytes)
2025-04-23T07:33:23.543566+02:00 cyberpointer charon: 06[NET] received packet: from 79.122.83.224[4500] to 193.188.192.110[4500] (2000 bytes)
2025-04-23T07:33:23.548271+02:00 cyberpointer charon: 06[ENC] unknown attribute type INTERNAL_DNS_DOMAIN
2025-04-23T07:33:23.548347+02:00 cyberpointer charon: 06[ENC] parsed IKE_AUTH request 1 [ IDi AUTH CERT N(INIT_CONTACT) SA TSi TSr CPRQ(ADDR MASK SUBNET DNS DOMAIN) ]
2025-04-23T07:33:23.548400+02:00 cyberpointer charon: 06[IKE] received end entity cert "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:33:23.548452+02:00 cyberpointer charon: 06[CFG] looking for peer configs matching 193.188.192.110[%any]…79.122.83.224[C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-23T07:33:23.548513+02:00 cyberpointer charon: 06[CFG] selected peer config ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:33:23.549242+02:00 cyberpointer charon: 06[CFG] using trusted certificate "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:33:23.550460+02:00 cyberpointer charon: 06[CFG] using trusted ca certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:33:23.550526+02:00 cyberpointer charon: 06[CFG] reached self-signed root ca with a path length of 0
2025-04-23T07:33:23.550593+02:00 cyberpointer ipsec[67194]: 00[DMN] Starting IKE charon daemon (strongSwan 5.9.13, Linux 6.8.0-58-generic, x86_64)
2025-04-23T07:33:23.550642+02:00 cyberpointer ipsec[67194]: 00[CFG] PKCS11 module ‘’ lacks library path
2025-04-23T07:33:23.550668+02:00 cyberpointer ipsec[67194]: 00[LIB] providers loaded by OpenSSL: legacy default
2025-04-23T07:33:23.550691+02:00 cyberpointer ipsec[67194]: 00[CFG] using ‘/sbin/resolvconf’ to install DNS servers
2025-04-23T07:33:23.550714+02:00 cyberpointer ipsec[67194]: 00[NET] using forecast interface eth0
2025-04-23T07:33:23.550757+02:00 cyberpointer ipsec[67194]: 00[CFG] joining forecast multicast groups: 224.0.0.1,224.0.0.22,224.0.0.251,224.0.0.252,239.255.255.250
2025-04-23T07:33:23.550796+02:00 cyberpointer ipsec[67194]: 00[CFG] loading ca certificates from ‘/etc/ipsec.d/cacerts’
2025-04-23T07:33:23.550829+02:00 cyberpointer ipsec[67194]: 00[CFG] loaded ca certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA” from ‘/etc/ipsec.d/cacerts/strongswanCert.pem’
2025-04-23T07:33:23.550867+02:00 cyberpointer ipsec[67194]: 00[CFG] loading aa certificates from ‘/etc/ipsec.d/aacerts’
2025-04-23T07:33:23.550891+02:00 cyberpointer ipsec[67194]: 00[CFG] loading ocsp signer certificates from ‘/etc/ipsec.d/ocspcerts’
2025-04-23T07:33:23.550940+02:00 cyberpointer ipsec[67194]: 00[CFG] loading attribute certificates from ‘/etc/ipsec.d/acerts’
2025-04-23T07:33:23.550965+02:00 cyberpointer ipsec[67194]: 00[CFG] loading crls from ‘/etc/ipsec.d/crls’
2025-04-23T07:33:23.551009+02:00 cyberpointer ipsec[67194]: 00[CFG] loading secrets from ‘/etc/ipsec.secrets’
2025-04-23T07:33:23.551033+02:00 cyberpointer ipsec[67194]: 00[CFG] loaded RSA private key from ‘/etc/ipsec.d/private/vpnHostKey.pem’
2025-04-23T07:33:23.551063+02:00 cyberpointer ipsec[67194]: 00[CFG] loaded 0 RADIUS server configurations
2025-04-23T07:33:23.551085+02:00 cyberpointer ipsec[67194]: 00[CFG] HA config misses local/remote address
2025-04-23T07:33:23.551118+02:00 cyberpointer ipsec[67194]: 00[LIB] loaded plugins: charon test-vectors ldap pkcs11 tpm aesni aes rc2 sha2 sha1 md5 mgf1 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem openssl gcrypt pkcs8 af-alg fips-prf gmp curve25519 agent chapoly xcbc cmac hmac kdf ctr ccm gcm ntru drbg curl attr kernel-netlink resolve socket-default connmark forecast farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity counters
2025-04-23T07:33:23.551187+02:00 cyberpointer ipsec[67194]: 00[LIB] dropped capabilities, running as uid 0, gid 0
2025-04-23T07:33:23.551217+02:00 cyberpointer ipsec[67194]: 00[JOB] spawning 16 worker threads
2025-04-23T07:33:23.551240+02:00 cyberpointer ipsec[67194]: 07[CFG] received stroke: add connection ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:33:23.551263+02:00 cyberpointer ipsec[67194]: 07[CFG] adding virtual IP address pool 10.0.1.1/32
2025-04-23T07:33:23.551286+02:00 cyberpointer ipsec[67194]: 07[CFG] ‘ikev2-vpn-rsa-cp-1’ has both left- and rightsourceip, but IKE can negotiate one virtual IP only, ignoring local virtual IP
2025-04-23T07:33:23.551362+02:00 cyberpointer charon: 06[CFG] checking certificate status of "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:33:23.551493+02:00 cyberpointer ipsec[67194]: 07[CFG] loaded certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=193.188.192.110” from ‘vpnHostCert.pem’
2025-04-23T07:33:23.551524+02:00 cyberpointer ipsec[67194]: 07[CFG] loaded certificate "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> " from ‘PuffyMikrotikCert.pem’
2025-04-23T07:33:23.551565+02:00 cyberpointer ipsec[67194]: 07[CFG] id ‘%any’ not confirmed by certificate, defaulting to 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:33:23.551605+02:00 cyberpointer ipsec[67194]: 07[CFG] added configuration ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:33:23.551630+02:00 cyberpointer ipsec[67194]: 10[NET] received packet: from 79.122.83.224[500] to 193.188.192.110[500] (432 bytes)
2025-04-23T07:33:23.551679+02:00 cyberpointer ipsec[67194]: 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
2025-04-23T07:33:23.551768+02:00 cyberpointer ipsec[67194]: 10[IKE] 79.122.83.224 is initiating an IKE_SA
2025-04-23T07:33:23.551808+02:00 cyberpointer ipsec[67194]: 10[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
2025-04-23T07:33:23.551865+02:00 cyberpointer ipsec[67194]: 10[IKE] remote host is behind NAT
2025-04-23T07:33:23.551891+02:00 cyberpointer ipsec[67194]: 10[IKE] sending cert request for “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:33:23.551930+02:00 cyberpointer ipsec[67194]: 10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(CHDLESS_SUP) N(MULT_AUTH) ]
2025-04-23T07:33:23.551955+02:00 cyberpointer ipsec[67194]: 10[NET] sending packet: from 193.188.192.110[500] to 79.122.83.224[500] (473 bytes)
2025-04-23T07:33:23.551978+02:00 cyberpointer ipsec[67194]: 06[NET] received packet: from 79.122.83.224[4500] to 193.188.192.110[4500] (2000 bytes)
2025-04-23T07:33:23.552001+02:00 cyberpointer ipsec[67194]: 06[ENC] unknown attribute type INTERNAL_DNS_DOMAIN
2025-04-23T07:33:23.552026+02:00 cyberpointer ipsec[67194]: 06[ENC] parsed IKE_AUTH request 1 [ IDi AUTH CERT N(INIT_CONTACT) SA TSi TSr CPRQ(ADDR MASK SUBNET DNS DOMAIN) ]
2025-04-23T07:33:23.552049+02:00 cyberpointer ipsec[67194]: 06[IKE] received end entity cert "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:33:23.552081+02:00 cyberpointer ipsec[67194]: 06[CFG] looking for peer configs matching 193.188.192.110[%any]…79.122.83.224[C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-23T07:33:23.552121+02:00 cyberpointer ipsec[67194]: 06[CFG] selected peer config ‘ikev2-vpn-rsa-cp-1’
2025-04-23T07:33:23.552147+02:00 cyberpointer ipsec[67194]: 06[CFG] using trusted certificate "C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> "
2025-04-23T07:33:23.552170+02:00 cyberpointer ipsec[67194]: 06[CFG] using trusted ca certificate “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA”
2025-04-23T07:33:23.552221+02:00 cyberpointer charon: 06[CFG] certificate status is not available
2025-04-23T07:33:23.552275+02:00 cyberpointer ipsec[67194]: 06[CFG] reached self-signed root ca with a path length of 0
2025-04-23T07:33:23.552324+02:00 cyberpointer charon: 06[IKE] authentication of 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’ with RSA signature successful
2025-04-23T07:33:23.553241+02:00 cyberpointer charon: 06[IKE] authentication of ‘193.188.192.110’ (myself) with RSA signature successful
2025-04-23T07:33:23.553338+02:00 cyberpointer charon: 06[IKE] sending end entity cert “C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=193.188.192.110”
2025-04-23T07:33:23.553499+02:00 cyberpointer charon: 06[IKE] peer requested virtual IP %any
2025-04-23T07:33:23.553561+02:00 cyberpointer charon: 06[CFG] assigning new lease to 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:33:23.553622+02:00 cyberpointer charon: 06[IKE] assigning virtual IP 10.0.1.1 to peer 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’
2025-04-23T07:33:23.553742+02:00 cyberpointer charon: 06[IKE] IKE_SA ikev2-vpn-rsa-cp-1[1] established between 193.188.192.110[193.188.192.110]…79.122.83.224[C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-23T07:33:23.553885+02:00 cyberpointer charon: 06[IKE] scheduling reauthentication in 3358s
2025-04-23T07:33:23.554427+02:00 cyberpointer charon: 06[IKE] maximum IKE_SA lifetime 3538s
2025-04-23T07:33:23.554655+02:00 cyberpointer charon: 06[CFG] selected proposal: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ
2025-04-23T07:33:23.554775+02:00 cyberpointer charon: 06[IKE] CHILD_SA ikev2-vpn-rsa-cp-1{1} established with SPIs c47642a7_i 07ae7808_o and TS 10.0.0.0/24 === 10.0.1.0/24
2025-04-23T07:33:23.567581+02:00 cyberpointer vpn: + C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net > 10.0.1.0/24 == 79.122.83.224 – 193.188.192.110 == 10.0.0.0/24
2025-04-23T07:33:23.567878+02:00 cyberpointer charon: 06[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH CPRP(ADDR DNS DNS) SA TSi TSr N(AUTH_LFT) ]
2025-04-23T07:33:23.568088+02:00 cyberpointer charon: 06[NET] sending packet: from 193.188.192.110[4500] to 79.122.83.224[4500] (1776 bytes)
2025-04-23T07:33:23.642077+02:00 cyberpointer charon: 09[NET] received packet: from 79.122.83.224[4500] to 193.188.192.110[4500] (240 bytes)
2025-04-23T07:33:23.642242+02:00 cyberpointer charon: 09[ENC] parsed INFORMATIONAL request 2 [ N(AUTH_FAILED) ]
2025-04-23T07:33:23.642294+02:00 cyberpointer charon: 09[IKE] received DELETE for IKE_SA ikev2-vpn-rsa-cp-1[1]
2025-04-23T07:33:23.642351+02:00 cyberpointer charon: 09[IKE] deleting IKE_SA ikev2-vpn-rsa-cp-1[1] between 193.188.192.110[193.188.192.110]…79.122.83.224[C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ]
2025-04-23T07:33:23.642487+02:00 cyberpointer charon: 09[IKE] unable to reestablish IKE_SA due to asymmetric setup
2025-04-23T07:33:23.642551+02:00 cyberpointer charon: 09[IKE] IKE_SA deleted
2025-04-23T07:33:23.662501+02:00 cyberpointer vpn: - C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net > 10.0.1.0/24 == 79.122.83.224 – 193.188.192.110 == 10.0.0.0/24
2025-04-23T07:33:23.662795+02:00 cyberpointer charon: 09[ENC] generating INFORMATIONAL response 2
2025-04-23T07:33:23.663106+02:00 cyberpointer charon: 09[NET] sending packet: from 193.188.192.110[4500] to 79.122.83.224[4500] (80 bytes)
2025-04-23T07:33:23.663323+02:00 cyberpointer charon: 09[CFG] lease 10.0.1.1 by 'C=HU, ST=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> ’ went offline

Mikrotik log:

2025-04-23 07:35:08 by 2025-04-23 07:33:22 ipsec ipsec: ike2 starting for: 193.188.192.110
2025-04-23 07:33:23 ipsec ipsec: adding payload: SA
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x30)
2025-04-23 07:33:23 ipsec,debug ipsec: 00000030 0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005
2025-04-23 07:33:23 ipsec,debug ipsec: 03000008 0300000c 00000008 0400000e
2025-04-23 07:33:23 ipsec ipsec: adding payload: KE
2025-04-23 07:33:23 ipsec,debug ipsec: => (first 0x100 of 0x108)
2025-04-23 07:33:23 ipsec,debug ipsec: 00000108 000e0000 d4b1e6a8 0f309247 6b3529d4 96f9b6e3 2eee8389 35306921
2025-04-23 07:33:23 ipsec,debug ipsec: 827a5f08 ffee8f4b 3e450c3a 7a1d8f1b 4e94dfd5 7853ad2f b962ddbc 077db555
2025-04-23 07:33:23 ipsec,debug ipsec: 428e2a85 939a384f 48676456 035884d0 068f041f 664ae3d2 57793129 a4fbc990
2025-04-23 07:33:23 ipsec,debug ipsec: 086f44b6 49ce911d 69d88a21 2e1b354d 311c59d1 8adcc25c b71306d8 529e315e
2025-04-23 07:33:23 ipsec,debug ipsec: e2799c22 5603ce44 aafa69a1 9ce13933 06debd8e b43c7e57 9e3bf9d4 e94473a9
2025-04-23 07:33:23 ipsec,debug ipsec: 9e83df24 f80e4349 ccf23163 96637762 e87a00aa 2e1d42bd 0b807e7c ad3a26a8
2025-04-23 07:33:23 ipsec,debug ipsec: d4702c1a baa47e91 17f14c69 866fce25 4bbd3c95 17bdc18f b6df4ec4 cd2efdbc
2025-04-23 07:33:23 ipsec,debug ipsec: 65a8c788 41ea6428 09936ec0 de6f5815 0a822681 20655426 5e0239b1 4839c057
2025-04-23 07:33:23 ipsec ipsec: adding payload: NONCE
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x1c)
2025-04-23 07:33:23 ipsec,debug ipsec: 0000001c 685bb565 7db4dd2e b4d3af10 da699952 f243dea4 d92460da
2025-04-23 07:33:23 ipsec ipsec: adding notify: NAT_DETECTION_SOURCE_IP
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x1c)
2025-04-23 07:33:23 ipsec,debug ipsec: 0000001c 00004004 587c8c29 f8f2a37a 9aad928e 09f698e0 e78d29f3
2025-04-23 07:33:23 ipsec ipsec: adding notify: NAT_DETECTION_DESTINATION_IP
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x1c)
2025-04-23 07:33:23 ipsec,debug ipsec: 0000001c 00004005 bff3f215 eba240fe 9acd606a 28cd2d56 013ed264
2025-04-23 07:33:23 ipsec ipsec: adding notify: IKEV2_FRAGMENTATION_SUPPORTED
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x8)
2025-04-23 07:33:23 ipsec,debug ipsec: 00000008 0000402e
2025-04-23 07:33:23 ipsec ipsec: ← ike2 request, exchange: SA_INIT:0 193.188.192.110[500] 6d26da3286370563:0000000000000000
2025-04-23 07:33:23 ipsec,debug ipsec: ===== sending 432 bytes from 192.168.0.15[500] to 193.188.192.110[500]
2025-04-23 07:33:23 ipsec,debug ipsec: 1 times of 432 bytes message will be sent to 193.188.192.110[500]
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6d26da32 86370563 00000000 00000000 21202208 00000000 000001b0 22000030
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005 03000008
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0300000c 00000008 0400000e 28000108 000e0000 d4b1e6a8 0f309247 6b3529d4
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 96f9b6e3 2eee8389 35306921 827a5f08 ffee8f4b 3e450c3a 7a1d8f1b 4e94dfd5
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 7853ad2f b962ddbc 077db555 428e2a85 939a384f 48676456 035884d0 068f041f
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 664ae3d2 57793129 a4fbc990 086f44b6 49ce911d 69d88a21 2e1b354d 311c59d1
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8adcc25c b71306d8 529e315e e2799c22 5603ce44 aafa69a1 9ce13933 06debd8e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b43c7e57 9e3bf9d4 e94473a9 9e83df24 f80e4349 ccf23163 96637762 e87a00aa
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 2e1d42bd 0b807e7c ad3a26a8 d4702c1a baa47e91 17f14c69 866fce25 4bbd3c95
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 17bdc18f b6df4ec4 cd2efdbc 65a8c788 41ea6428 09936ec0 de6f5815 0a822681
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 20655426 5e0239b1 4839c057 1f2c3857 05cf0970 2900001c 685bb565 7db4dd2e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b4d3af10 da699952 f243dea4 d92460da 2900001c 00004004 587c8c29 f8f2a37a
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 9aad928e 09f698e0 e78d29f3 2900001c 00004005 bff3f215 eba240fe 9acd606a
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 28cd2d56 013ed264 00000008 0000402e
2025-04-23 07:33:23 ipsec,debug ipsec: ===== received 473 bytes from 193.188.192.110[500] to 192.168.0.15[500]
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6d26da32 86370563 82d44383 e60b845e 21202220 00000000 000001d9 22000030
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0000002c 01010004 0300000c 0100000c 800e0100 03000008 0300000c 03000008
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 02000005 00000008 0400000e 28000108 000e0000 c5af46c3 294ac343 d9a6bb11
2025-04-23 07:33:23 ipsec,debug,packet ipsec: e7841cc8 81de4ff3 5a62f05a f53acc9f 83c526b8 3f326f81 6cac85e0 de6713d0
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 4d24fccd 27e8581a d7ae1569 c8dfaf7c c54b91b4 48f68bf5 afe70ddd 3e2f1bed
2025-04-23 07:33:23 ipsec,debug,packet ipsec: ec72c8c6 7ece4c93 9b83ec2b 2c35821f 21d3aceb fa780954 4d16f049 6ce0edb4
2025-04-23 07:33:23 ipsec,debug,packet ipsec: bc6d37e0 c57a29f4 6bd06388 3ad10fb1 f690f260 6dc5347d e3c7c63d d03a209a
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8b83bbef 4241ee0e 7655a987 285da5a1 cc670af5 3131147b 03d20a2c d76308fe
2025-04-23 07:33:23 ipsec,debug,packet ipsec: daeacc9f f1e0a125 7da7dd60 46d899cd 79fe2d89 875501b9 e2a494b2 069f75c8
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 7071cc36 35ffe56e 22813c40 9f2f73aa 5a3ada14 eb084ba3 2c5d6138 b202c79d
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 19fcc2a5 4d685a0f f9f2b8af c7f567ec 306dd832 29000024 42dd42b2 8a33249a
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 880f020c 1a59ebee f77bc962 6a5c96e7 7ffd851c a3b67416 2900001c 00004004
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 484d1194 cd0b3ab4 079fb561 22bab2c6 14815c92 2600001c 00004005 9393f3ef
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8381b8b0 a86bcdf6 e1a31e29 5065fe09 29000019 04304b6b 82fd0d14 ef37af48
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8a20848f 70c4e182 ab290000 08000040 22000000 08000040 14
2025-04-23 07:33:23 ipsec ipsec: → ike2 reply, exchange: SA_INIT:0 193.188.192.110[500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec ipsec: ike2 initialize recv
2025-04-23 07:33:23 ipsec ipsec: payload seen: SA (48 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: KE (264 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: NONCE (36 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: NOTIFY (28 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: NOTIFY (28 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: CERTREQ (25 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: NOTIFY (8 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: NOTIFY (8 bytes)
2025-04-23 07:33:23 ipsec ipsec: processing payload: SA
2025-04-23 07:33:23 ipsec ipsec: IKE Protocol: IKE
2025-04-23 07:33:23 ipsec ipsec: proposal #1
2025-04-23 07:33:23 ipsec ipsec: enc: aes256-cbc
2025-04-23 07:33:23 ipsec ipsec: prf: hmac-sha256
2025-04-23 07:33:23 ipsec ipsec: auth: sha256
2025-04-23 07:33:23 ipsec ipsec: dh: modp2048
2025-04-23 07:33:23 ipsec ipsec: matched proposal:
2025-04-23 07:33:23 ipsec ipsec: proposal #1
2025-04-23 07:33:23 ipsec ipsec: enc: aes256-cbc
2025-04-23 07:33:23 ipsec ipsec: prf: hmac-sha256
2025-04-23 07:33:23 ipsec ipsec: auth: sha256
2025-04-23 07:33:23 ipsec ipsec: dh: modp2048
2025-04-23 07:33:23 ipsec ipsec: processing payload: KE
2025-04-23 07:33:23 ipsec,debug ipsec: => shared secret (size 0x100)
2025-04-23 07:33:23 ipsec,debug ipsec: ed53df0b 02ea818e 50e44d8a becac388 10b14b0b 86c87f81 b5f9da75 8d827145
2025-04-23 07:33:23 ipsec,debug ipsec: 1146c488 168d08ee 68db9a00 9659e840 cbc668f9 ddae41c9 fb6c0ea6 f847c8a3
2025-04-23 07:33:23 ipsec,debug ipsec: 5794fba9 81af5ae0 8105cc47 423dda90 6b16799f 05a6c067 5624a644 1c0e7c3d
2025-04-23 07:33:23 ipsec,debug ipsec: 04b9cbae 61ec40da dd3506ed afe9f81b 0481a8a0 2e700139 ff2aa82f e282a47e
2025-04-23 07:33:23 ipsec,debug ipsec: 50cba2a4 ade2a438 2aa5675b 6ebec9af 8926e891 2920a8be c7ebd429 5f72ce16
2025-04-23 07:33:23 ipsec,debug ipsec: cd5e89c8 18a74f9a b5351b6e 58b03bcf e89788d0 aed34c94 5b2019ad a6e37e4f
2025-04-23 07:33:23 ipsec,debug ipsec: 2987e740 d2c07db0 a225e8ee cf03bc4d 7062cf42 9ddd63a9 9c3a45f5 0283f5ca
2025-04-23 07:33:23 ipsec,debug ipsec: d51da35d d73b6a20 42074d6b 948d8684 b09d1d5a 33fb9bf1 fa445401 aea200aa
2025-04-23 07:33:23 ipsec ipsec: processing payload: NONCE
2025-04-23 07:33:23 ipsec,debug ipsec: => skeyseed (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: 52a28977 cf6c223b ee137bea 5f30d619 e0f8754c 26cf65eb 0cb67044 042b4929
2025-04-23 07:33:23 ipsec,debug ipsec: => keymat (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: 611879d3 4134557c a019cf31 a64a8519 7d430cd3 f9bdf165 9db0c9f1 163ebbf8
2025-04-23 07:33:23 ipsec,debug ipsec: => SK_ai (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: a9c90560 a1e38ca2 2e868428 61a29036 5f2ac279 87fb5287 b1aaf05f 2fcd9beb
2025-04-23 07:33:23 ipsec,debug ipsec: => SK_ar (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: 1b879a39 83aaba56 12d48dae 128cfcfd 8ff99589 ed00c26f f82ebbff 374bd390
2025-04-23 07:33:23 ipsec,debug ipsec: => SK_ei (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: 9909fe19 35c11732 1959536d 04579a42 35c4949c aa69a638 9410caa4 4cd2dede
2025-04-23 07:33:23 ipsec,debug ipsec: => SK_er (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: 3f37d96c c3175b1e a56b6200 8ff7dcac 78d6adda 8b65bbcd b76fa729 8ea69c79
2025-04-23 07:33:23 ipsec,debug ipsec: => SK_pi (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: ac615b74 75bfd86b 6f647076 5bfffbfb fb584233 00fb7977 e472ead8 b31dd1b5
2025-04-23 07:33:23 ipsec,debug ipsec: => SK_pr (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: 11d3cc5e a7434e88 acb0335a 0ee14976 d8bbc4b8 4e0444ed 675dd691 6bc9b9db
2025-04-23 07:33:23 ipsec,info new ike2 SA (I): Logging-Server 192.168.0.15[500]-193.188.192.110[500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec,info ipsec: new ike2 SA (I): Logging-Server 192.168.0.15[500]-193.188.192.110[500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec ipsec: processing payloads: NOTIFY
2025-04-23 07:33:23 ipsec ipsec: notify: NAT_DETECTION_SOURCE_IP
2025-04-23 07:33:23 ipsec ipsec: notify: NAT_DETECTION_DESTINATION_IP
2025-04-23 07:33:23 ipsec ipsec: notify: CHILDLESS_IKEV2_SUPPORTED
2025-04-23 07:33:23 ipsec ipsec: notify: MULTIPLE_AUTH_SUPPORTED
2025-04-23 07:33:23 ipsec ipsec: (NAT-T) REMOTE LOCAL
2025-04-23 07:33:23 ipsec ipsec: KA list add: 192.168.0.15[4500]->193.188.192.110[4500]
2025-04-23 07:33:23 ipsec ipsec: init child for policy: 10.0.1.0/24 <=> 10.0.0.0/24
2025-04-23 07:33:23 ipsec ipsec: acquired spi 0x7ae7808: Logging-Server 192.168.0.15[4500]-193.188.192.110[4500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec ipsec: init child continue
2025-04-23 07:33:23 ipsec ipsec: offering proto: ESP
2025-04-23 07:33:23 ipsec ipsec: proposal #1
2025-04-23 07:33:23 ipsec ipsec: enc: aes256-cbc
2025-04-23 07:33:23 ipsec ipsec: auth: sha256
2025-04-23 07:33:23 ipsec,debug ipsec: ignoring unterminated SAN: rfc822: > puffymikrotik@cyberpointer.net
2025-04-23 07:33:23 ipsec ipsec: ID_I (DER DN): C=HU, S=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net
2025-04-23 07:33:23 ipsec ipsec: adding payload: ID_I
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x8e)
2025-04-23 07:33:23 ipsec,debug ipsec: 0000008e 09000000 30818331 0b300906 03550406 13024855 3111300f 06035504
2025-04-23 07:33:23 ipsec,debug ipsec: 080c0842 75646170 65737431 11300f06 03550407 0c084275 64617065 73743115
2025-04-23 07:33:23 ipsec,debug ipsec: 30130603 55040a0c 0c437962 6572506f 696e7465 72310e30 0c060355 040b0c05
2025-04-23 07:33:23 ipsec,debug ipsec: 43502d50 31312730 25060355 04030c1e 70756666 796d696b 726f7469 6b406379
2025-04-23 07:33:23 ipsec,debug ipsec: 62657270 6f696e74 65722e6e 6574
2025-04-23 07:33:23 ipsec,debug ipsec: => auth nonce (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: 42dd42b2 8a33249a 880f020c 1a59ebee f77bc962 6a5c96e7 7ffd851c a3b67416
2025-04-23 07:33:23 ipsec,debug ipsec: => SK_p (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: ac615b74 75bfd86b 6f647076 5bfffbfb fb584233 00fb7977 e472ead8 b31dd1b5
2025-04-23 07:33:23 ipsec,debug ipsec: => idhash (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: 9bd54e74 561b2697 1c58e993 117f521c 753a26ce bbdda908 d13f06f3 15bc2fe3
2025-04-23 07:33:23 ipsec,debug ipsec: => my auth (size 0x100)
2025-04-23 07:33:23 ipsec,debug ipsec: 5bf597e6 33faa187 c27e2355 171611e9 ec3bb513 63a7ceba 1ed58442 d023d75c
2025-04-23 07:33:23 ipsec,debug ipsec: f913b692 61d216d7 dc06f255 89a316bd d0c2310b 28cca4d8 08179fa0 5b4abf0a
2025-04-23 07:33:23 ipsec,debug ipsec: 45774dd3 dcfab017 ceec3394 17e45080 447a5ade 81b060dd 9544336b fd523209
2025-04-23 07:33:23 ipsec,debug ipsec: 1255b3f2 db0fba46 ab32fc98 15528a03 be15723e 4d43c32f 91c7d1e0 1fb0ab33
2025-04-23 07:33:23 ipsec,debug ipsec: 0507a3fb 15c6f2ba 00c59ca0 417223d2 d5e06598 1dbf818c 7d4e6f63 89e72cee
2025-04-23 07:33:23 ipsec,debug ipsec: f19f7e9b 519b0e9e 1d6f2af0 010d5bcd d05db83a 02f960c1 cefa08ed 37edf8b9
2025-04-23 07:33:23 ipsec,debug ipsec: 05592097 cc7ea8b0 037b8ce0 4ffb5fbf ad8d4081 a9c8d458 ae3bdc6c e98435d9
2025-04-23 07:33:23 ipsec,debug ipsec: 47c175e2 0e4139dc ad62f181 62cdf73d 83dfc031 67c6b3bc 2a93b186 d6da7024
2025-04-23 07:33:23 ipsec ipsec: adding payload: AUTH
2025-04-23 07:33:23 ipsec,debug ipsec: => (first 0x100 of 0x108)
2025-04-23 07:33:23 ipsec,debug ipsec: 00000108 01000000 5bf597e6 33faa187 c27e2355 171611e9 ec3bb513 63a7ceba
2025-04-23 07:33:23 ipsec,debug ipsec: 1ed58442 d023d75c f913b692 61d216d7 dc06f255 89a316bd d0c2310b 28cca4d8
2025-04-23 07:33:23 ipsec,debug ipsec: 08179fa0 5b4abf0a 45774dd3 dcfab017 ceec3394 17e45080 447a5ade 81b060dd
2025-04-23 07:33:23 ipsec,debug ipsec: 9544336b fd523209 1255b3f2 db0fba46 ab32fc98 15528a03 be15723e 4d43c32f
2025-04-23 07:33:23 ipsec,debug ipsec: 91c7d1e0 1fb0ab33 0507a3fb 15c6f2ba 00c59ca0 417223d2 d5e06598 1dbf818c
2025-04-23 07:33:23 ipsec,debug ipsec: 7d4e6f63 89e72cee f19f7e9b 519b0e9e 1d6f2af0 010d5bcd d05db83a 02f960c1
2025-04-23 07:33:23 ipsec,debug ipsec: cefa08ed 37edf8b9 05592097 cc7ea8b0 037b8ce0 4ffb5fbf ad8d4081 a9c8d458
2025-04-23 07:33:23 ipsec,debug ipsec: ae3bdc6c e98435d9 47c175e2 0e4139dc ad62f181 62cdf73d 83dfc031 67c6b3bc
2025-04-23 07:33:23 ipsec ipsec: Certificate:
2025-04-23 07:33:23 ipsec ipsec: serialNr: 49:7d:c4:18:d2:c2:c4:31
2025-04-23 07:33:23 ipsec ipsec: issuer: <C=HU, S=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA>
2025-04-23 07:33:23 ipsec ipsec: subject: <C=HU, S=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=> puffymikrotik@cyberpointer.net> >
2025-04-23 07:33:23 ipsec ipsec: notBefore: Fri Apr 18 08:37:26 2025
2025-04-23 07:33:23 ipsec ipsec: notAfter: Sun Apr 18 08:37:26 2027
2025-04-23 07:33:23 ipsec ipsec: selfSigned:0
2025-04-23 07:33:23 ipsec ipsec: extensions:
2025-04-23 07:33:23 ipsec ipsec: key usage:
2025-04-23 07:33:23 ipsec ipsec: extended key usage: tls-client
2025-04-23 07:33:23 ipsec ipsec: subject key id: 96:b5:d0:9c:cf:58:3d:82:fa:9e:91:2c:e8:c0:98:99:52:79:1e:08
2025-04-23 07:33:23 ipsec ipsec: authority key id:4d:02:13:12:b6:97:0f:33:04:37:bc:59:51:d5:b4:5a:af:a7:c3:b6
2025-04-23 07:33:23 ipsec ipsec: subject alternative name:
2025-04-23 07:33:23 ipsec ipsec: rfc822: > puffymikrotik@cyberpointer.net
2025-04-23 07:33:23 ipsec ipsec: signed with: SHA256+RSA
2025-04-23 07:33:23 ipsec ipsec: [RSA-PUBLIC]
2025-04-23 07:33:23 ipsec ipsec: modulus: adacec071666c9cd6299c77d4f02cd34dccf804faa6d1d8d02a12f51e5d018dd05da80a92b3cad4e9eba643b580a9cddcb26696b801f29449bbaa45f188a890c9fd9fed257e4bbc02d7e5c466cb3238e0434b18dac4ae2815dc88b0b77d33ae8710e2b8d27efec0e251823d35a50638b53f84698b4e9df556f31a506b6ca8ecea42edb595edd3e0ab537d1df47085a1571985bf0f19883b7eadd30a6ee640b8b98b37c9b78884e4080adb5d6beecc74e72923a65be0b6963ee69c9d068bc033e9c233daa95162d6cc7eb6b4bc4a010c97ccfa556971e984c706576d1954d79481f8a0e6dd78ab44efd68337fc53e1aa5a487764424c32e74ca0af51e286ba2d7
2025-04-23 07:33:23 ipsec ipsec: publicExponent: 10001
2025-04-23 07:33:23 ipsec ipsec: adding payload: CERT
2025-04-23 07:33:23 ipsec,debug ipsec: => (first 0x100 of 0x50c)
2025-04-23 07:33:23 ipsec,debug ipsec: 0000050c 04308205 03308202 eba00302 01020208 497dc418 d2c2c431 300d0609
2025-04-23 07:33:23 ipsec,debug ipsec: 2a864886 f70d0101 0b050030 79310b30 09060355 04061302 48553111 300f0603
2025-04-23 07:33:23 ipsec,debug ipsec: 5504080c 08427564 61706573 74311130 0f060355 04070c08 42756461 70657374
2025-04-23 07:33:23 ipsec,debug ipsec: 31153013 06035504 0a0c0c43 79626572 506f696e 74657231 0e300c06 0355040b
2025-04-23 07:33:23 ipsec,debug ipsec: 0c054350 2d503131 1d301b06 03550403 0c144379 62657250 6f696e74 65722052
2025-04-23 07:33:23 ipsec,debug ipsec: 6f6f7420 4341301e 170d3235 30343138 30383337 32365a17 0d323730 34313830
2025-04-23 07:33:23 ipsec,debug ipsec: 38333732 365a3081 83310b30 09060355 04061302 48553111 300f0603 5504080c
2025-04-23 07:33:23 ipsec,debug ipsec: 08427564 61706573 74311130 0f060355 04070c08 42756461 70657374 31153013
2025-04-23 07:33:23 ipsec ipsec: adding notify: INITIAL_CONTACT
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x8)
2025-04-23 07:33:23 ipsec,debug ipsec: 00000008 00004000
2025-04-23 07:33:23 ipsec ipsec: adding payload: SA
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x2c)
2025-04-23 07:33:23 ipsec,debug ipsec: 0000002c 00000028 01030403 07ae7808 0300000c 0100000c 800e0100 03000008
2025-04-23 07:33:23 ipsec,debug ipsec: 0300000c 00000008 05000000
2025-04-23 07:33:23 ipsec ipsec: initiator selector: 10.0.1.0/24
2025-04-23 07:33:23 ipsec ipsec: adding payload: TS_I
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x18)
2025-04-23 07:33:23 ipsec,debug ipsec: 00000018 01000000 07000010 0000ffff 0a000100 0a0001ff
2025-04-23 07:33:23 ipsec ipsec: responder selector: 10.0.0.0/24
2025-04-23 07:33:23 ipsec ipsec: adding payload: TS_R
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x18)
2025-04-23 07:33:23 ipsec,debug ipsec: 00000018 01000000 07000010 0000ffff 0a000000 0a0000ff
2025-04-23 07:33:23 ipsec ipsec: preparing internal IPv4 address
2025-04-23 07:33:23 ipsec ipsec: preparing internal IPv4 netmask
2025-04-23 07:33:23 ipsec ipsec: preparing internal IPv6 subnet
2025-04-23 07:33:23 ipsec ipsec: preparing internal IPv4 DNS
2025-04-23 07:33:23 ipsec ipsec: preparing internal DNS domain
2025-04-23 07:33:23 ipsec ipsec: adding payload: CONFIG
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x30)
2025-04-23 07:33:23 ipsec,debug ipsec: 00000030 01000000 00010004 00000000 00020004 00000000 000d0008 00000000
2025-04-23 07:33:23 ipsec,debug ipsec: 00000000 00030004 00000000 00190000
2025-04-23 07:33:23 ipsec ipsec: ← ike2 request, exchange: AUTH:1 193.188.192.110[4500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: => outgoing plain packet (size 0x752)
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6d26da32 86370563 82d44383 e60b845e 23202308 00000001 00000752 2700008e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 09000000 30818331 0b300906 03550406 13024855 3111300f 06035504 080c0842
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 75646170 65737431 11300f06 03550407 0c084275 64617065 73743115 30130603
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 55040a0c 0c437962 6572506f 696e7465 72310e30 0c060355 040b0c05 43502d50
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 31312730 25060355 04030c1e 70756666 796d696b 726f7469 6b406379 62657270
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6f696e74 65722e6e 65742500 01080100 00005bf5 97e633fa a187c27e 23551716
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 11e9ec3b b51363a7 ceba1ed5 8442d023 d75cf913 b69261d2 16d7dc06 f25589a3
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 16bdd0c2 310b28cc a4d80817 9fa05b4a bf0a4577 4dd3dcfa b017ceec 339417e4
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 5080447a 5ade81b0 60dd9544 336bfd52 32091255 b3f2db0f ba46ab32 fc981552
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8a03be15 723e4d43 c32f91c7 d1e01fb0 ab330507 a3fb15c6 f2ba00c5 9ca04172
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 23d2d5e0 65981dbf 818c7d4e 6f6389e7 2ceef19f 7e9b519b 0e9e1d6f 2af0010d
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 5bcdd05d b83a02f9 60c1cefa 08ed37ed f8b90559 2097cc7e a8b0037b 8ce04ffb
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 5fbfad8d 4081a9c8 d458ae3b dc6ce984 35d947c1 75e20e41 39dcad62 f18162cd
2025-04-23 07:33:23 ipsec,debug,packet ipsec: f73d83df c03167c6 b3bc2a93 b186d6da 70242900 050c0430 82050330 8202eba0
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 03020102 0208497d c418d2c2 c431300d 06092a86 4886f70d 01010b05 00307931
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0b300906 03550406 13024855 3111300f 06035504 080c0842 75646170 65737431
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 11300f06 03550407 0c084275 64617065 73743115 30130603 55040a0c 0c437962
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6572506f 696e7465 72310e30 0c060355 040b0c05 43502d50 31311d30 1b060355
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 04030c14 43796265 72506f69 6e746572 20526f6f 74204341 301e170d 32353034
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 31383038 33373236 5a170d32 37303431 38303833 3732365a 30818331 0b300906
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 03550406 13024855 3111300f 06035504 080c0842 75646170 65737431 11300f06
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 03550407 0c084275 64617065 73743115 30130603 55040a0c 0c437962 6572506f
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 696e7465 72310e30 0c060355 040b0c05 43502d50 31312730 25060355 04030c1e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 70756666 796d696b 726f7469 6b406379 62657270 6f696e74 65722e6e 65743082
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100ad
2025-04-23 07:33:23 ipsec,debug,packet ipsec: acec0716 66c9cd62 99c77d4f 02cd34dc cf804faa 6d1d8d02 a12f51e5 d018dd05
2025-04-23 07:33:23 ipsec,debug,packet ipsec: da80a92b 3cad4e9e ba643b58 0a9cddcb 26696b80 1f29449b baa45f18 8a890c9f
2025-04-23 07:33:23 ipsec,debug,packet ipsec: d9fed257 e4bbc02d 7e5c466c b3238e04 34b18dac 4ae2815d c88b0b77 d33ae871
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0e2b8d27 efec0e25 1823d35a 50638b53 f84698b4 e9df556f 31a506b6 ca8ecea4
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 2edb595e dd3e0ab5 37d1df47 085a1571 985bf0f1 9883b7ea dd30a6ee 640b8b98
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b37c9b78 884e4080 adb5d6be ecc74e72 923a65be 0b6963ee 69c9d068 bc033e9c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 233daa95 162d6cc7 eb6b4bc4 a010c97c cfa55697 1e984c70 6576d195 4d79481f
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8a0e6dd7 8ab44efd 68337fc5 3e1aa5a4 87764424 c32e74ca 0af51e28 6ba2d702
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 03010001 a3818330 81803013 0603551d 25040c30 0a06082b 06010505 07030230
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 1d060355 1d0e0416 041496b5 d09ccf58 3d82fa9e 912ce8c0 98995279 1e08301f
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0603551d 23041830 1680144d 021312b6 970f3304 37bc5951 d5b45aaf a7c3b630
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 29060355 1d110422 3020811e 70756666 796d696b 726f7469 6b406379 62657270
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6f696e74 65722e6e 6574300d 06092a86 4886f70d 01010b05 00038202 0100833c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 3dfb4ba5 bd8858d8 58be57bf 844ed153 9dc5d7e5 e401d666 94a5bcb2 2d8b56c1
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 271f1d57 be002cb0 8e4687e5 bf4ee43a 113b566b 53c74882 59aa8e55 c39b4d7b
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: a3f0184e 09874452 aea6d5b5 cec97c67 ba74b8d5 cb88eeec 3fd23a06 1214488a
2025-04-23 07:33:23 ipsec,debug,packet ipsec: f3f8b056 26c3e0a8 a0c3f27e bf7c5a54 d6d3f529 c1efcbdb 9c11e7be 097619d3
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 3c6ae369 b6a5bd16 344cd920 cbfb01ac 447d7a35 5e9abe65 10ff447d 2ca230b9
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b993ba2a d91ffb93 15fe04fe 74d204fa 6a285260 a565820f 9ff9c4fb c4b4a552
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8324167f a9c0cba7 497b43cf c31c7f1f 7fab5a38 a162ee2b aee58ab7 c4dcdf01
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 112de0c2 d55a0c9f 896cae26 03bc7d8b a73e510f 207c9aa1 460f9d8b f258907c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: a86f9def 8948898b df90edf6 d291fed0 21b2587f 3162da5f 703699c3 e67e5a9e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 7f750534 19f1ca8e d8b2a565 50db3097 df9eb1ef d07bfa5a 87c3a34c e3e00c86
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 9c03fe62 5df76970 759dca6e 5780658e c4eb5717 4d1164fb ae266a12 5658067f
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b4695f1f 6be7099c 9d31e2fb f94495eb 0448ba76 926bc4cf bb135c5f 662ab1cb
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 50b1efa1 c4338960 8f1dee73 febd3a89 67a5a215 48ca530b 0ef0194c 217dc363
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 71145800 f15a301e cd675093 fb4cd554 53fdf293 52dfaf04 88185abc 85c60602
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 00f5ca37 8f05ad78 42786b79 7674be21 98536d97 21854d04 15942635 ebbdae5a
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0eab3240 2f863462 26487240 4562da1b 0ea071ba 87bd593b a00d9658 d58e2100
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 00080000 40002c00 002c0000 00280103 040307ae 78080300 000c0100 000c800e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 01000300 00080300 000c0000 00080500 00002d00 00180100 00000700 00100000
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: ffff0a00 01000a00 01ff2f00 00180100 00000700 00100000 ffff0a00 00000a00
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 00ff0000 00300100 00000001 00040000 00000002 00040000 0000000d 00080000
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 00000000 00000003 00040000 00000019 0000
2025-04-23 07:33:23 ipsec ipsec: adding payload: ENC
2025-04-23 07:33:23 ipsec,debug ipsec: => (first 0x100 of 0x7b4)
2025-04-23 07:33:23 ipsec,debug ipsec: 230007b4 1810d56a 9017a337 15bb31e6 6f9863dc dd03e934 26a02351 29f7c133
2025-04-23 07:33:23 ipsec,debug ipsec: d85ed0fc f3829109 79a5f569 a20cd975 5b85d6b4 365628ad 17d82e12 462c30d7
2025-04-23 07:33:23 ipsec,debug ipsec: 6be83901 5c77e26a 1bda9506 28a6c135 bcca8977 e3e5689e a0100a03 de099c09
2025-04-23 07:33:23 ipsec,debug ipsec: 49b92a93 2c0535b0 e3c4a428 930770de e2849e71 817119af 42d36065 c87d2c5d
2025-04-23 07:33:23 ipsec,debug ipsec: c12a9237 f068bf5e 67329dec aef9d45b 2917d679 52fa8c92 b4c938ac d2781235
2025-04-23 07:33:23 ipsec,debug ipsec: 1a710668 b9a7421d 0466951c e73e61f8 89be1829 703b2a20 c3b78625 a5ac8ddd
2025-04-23 07:33:23 ipsec,debug ipsec: ec8e143d ea40bd30 132a6ecc e3b59ed1 e960dbf7 c67befcc cab52ddf 81d8745d
2025-04-23 07:33:23 ipsec,debug ipsec: 4ed209bb 18d6d91c d0f45192 06ea751f 1e196866 e6628a44 ccb10ca7 fbd2aa70
2025-04-23 07:33:23 ipsec,debug ipsec: ===== sending 2000 bytes from 192.168.0.15[4500] to 193.188.192.110[4500]
2025-04-23 07:33:23 ipsec,debug ipsec: 1 times of 2004 bytes message will be sent to 193.188.192.110[4500]
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6d26da32 86370563 82d44383 e60b845e 2e202308 00000001 000007d0 230007b4
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 1810d56a 9017a337 15bb31e6 6f9863dc dd03e934 26a02351 29f7c133 d85ed0fc
2025-04-23 07:33:23 ipsec,debug,packet ipsec: f3829109 79a5f569 a20cd975 5b85d6b4 365628ad 17d82e12 462c30d7 6be83901
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 5c77e26a 1bda9506 28a6c135 bcca8977 e3e5689e a0100a03 de099c09 49b92a93
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 2c0535b0 e3c4a428 930770de e2849e71 817119af 42d36065 c87d2c5d c12a9237
2025-04-23 07:33:23 ipsec,debug,packet ipsec: f068bf5e 67329dec aef9d45b 2917d679 52fa8c92 b4c938ac d2781235 1a710668
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b9a7421d 0466951c e73e61f8 89be1829 703b2a20 c3b78625 a5ac8ddd ec8e143d
2025-04-23 07:33:23 ipsec,debug,packet ipsec: ea40bd30 132a6ecc e3b59ed1 e960dbf7 c67befcc cab52ddf 81d8745d 4ed209bb
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 18d6d91c d0f45192 06ea751f 1e196866 e6628a44 ccb10ca7 fbd2aa70 1961aa55
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8a7d4860 2b133ae2 29c77ac4 f72fc245 cb361ab2 a8957f36 8d7b106e a21746f9
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 72a1a40c f148a1a9 8c7ad417 923be14d bba49e79 073958cd 44bf5e68 2a697e6f
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 5ef15296 873fa563 6abb7c4d 76077c8a d9c148fe 5d9ecb98 d8a0093c 9d7d78d6
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 1ce3bcbc 5dfcebbc e6e44019 9a3a3048 83d84d66 52caa310 74992e65 81248b20
2025-04-23 07:33:23 ipsec,debug,packet ipsec: dd29ffab f10b479b bb0b814c 63a09731 f89170e4 d1fb8901 5b368b8c 86d05e62
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c57c8830 9219dcac bcbefe2d 875cfd4d 1e5f9b3d 7aff3594 07d568c2 6875bfd8
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 7d8c49f4 575cc3f7 35c51a76 6473b10c 0c871590 a7582a82 d9ca7d2e d3aef799
2025-04-23 07:33:23 ipsec,debug,packet ipsec: e39d4660 a415aa83 8687fb2b 27a91c9b 5f2b759c b1fab693 d478d148 0680455b
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 32c9a5ae e257706e f9a0bcce 046da46e 9a73ccec e77450f9 f2013be5 5cd70fc6
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 2fcf13c1 51de6eb2 addeb1a6 725a0865 2fc27e70 caa6d655 e03994a8 236398f7
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 7f3a1880 018160da 35a7ffad c108ce1c 6ee73eef 61220e07 92ae5306 be9398aa
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b974711c b3afe88c 7737c936 40362d9d b1c3efde 3e30d6aa cefeeeca 00d855ca
2025-04-23 07:33:23 ipsec,debug,packet ipsec: fe662da7 9b8a0965 d93f3459 3a109604 8260cd53 c2b4dea0 c78dc14a bb3b055e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6622ca5a 4221b197 6256d340 a9a7206e f791873e 2afd4646 1cf01003 a02e6ce3
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c9b4d5d4 a88a1ade 773be176 8ac26ef7 9099f821 f8bde056 842cd763 e3f87bd3
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 294b39bf 4457bfc0 e2fa24ff ea0f877c abe7ca2e faa08e58 54a9fe11 ec23c115
2025-04-23 07:33:23 ipsec,debug,packet ipsec: bf457144 4806c753 57e9b4d7 a7c65840 82319711 05329ce7 33005082 f9feaeec
2025-04-23 07:33:23 ipsec,debug,packet ipsec: d8af9485 adf07b44 bf5dfe1c b2c55f84 3da793a3 203d8f04 aa929b5d 3b66ae70
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 31783e6d 7cf02c38 202e53f4 ba523ed9 e0f6e1fb 650d2f8d db4a8ef6 f8a6a7c7
2025-04-23 07:33:23 ipsec,debug,packet ipsec: a661a1ff 24878852 1c262c9a c9e616af 2fd29784 cdc79e0f 4f01380b 7ad6550d
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 7b08b94a b0159270 d2faf146 9abc0819 fbdeed2c 673c3430 bb424ff8 fd920e99
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b5834f2b eb5c664d 837cd7cc 1087ac5e 2f86a3f1 6fc1b7ed 461612fa b7939311
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 64fe3bb8 3952d58f 445b2877 cbe7d967 be3a401b f38ac63a 387efb11 bd452088
2025-04-23 07:33:23 ipsec,debug,packet ipsec: f7dfd5bf d61044d2 8fa108fa 21855c77 c8110d34 46337afe c63deadf ab5ebcc0
2025-04-23 07:33:23 ipsec,debug,packet ipsec: a1af7e76 1b50ddc4 acc87da6 00ccb3ff 4d26c1d1 004f2695 5f65cf6a 315ea512
2025-04-23 07:33:23 ipsec,debug,packet ipsec: e0f31b15 6b625c54 f8fc70a3 f6620840 2cb79069 bd5731ea d97c6568 61a86044
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 131f01cf 2cd5d8c4 4f959591 7a15251b 3059f208 9b273a2e 0a11e50a 1f475b84
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 55f9e4cf 13b884cc 68cd3002 d883261a 1313a2f7 a73196b6 a664718e e5755cec
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0d8aab25 0cc993ab 21cfa54c 1550a000 fec8ade7 9edf4cc4 349408e9 e37524be
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8f5f6638 f1b6ea98 0a0df4fa b968d54c c6c48ac2 f7826c6f 478ef519 e7248626
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 381303b6 87746f44 3feae092 494bd184 54a5ea5a 87ad45b3 39bf066f cfade6c2
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b971a735 fd3c2178 28eacc8b c74bb09c 2d184d23 b8b02441 2fed669c 8c993807
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 12e69d14 4e4711ad 11c77fc8 aa19fbd0 de41923e eae8e289 9a09996f 5a254abd
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 61b63765 f3ede682 00fb888c 70506b85 e323da37 557a9b94 0682f87e 839f23e7
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 35c4659d 9d985a27 7736c84a d36971f8 ff5cd421 18f460d5 2d562096 bc9dc165
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 37847f3e 96015e31 63d23a18 dbd7ffb4 bb78b54c b7d32419 f3da65da 8cc353e2
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c8e2c676 0217edc0 2f8e5782 63dd8743 fabcf633 0b291273 c012e0fb 2f27eb8a
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b7093f27 29d670fb 2d9e6bc1 3c96f9c7 e2a908da d08d3276 a2e3e889 b7c7b062
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 4547b968 2c292760 d836008b b2a9f183 0bf48e35 d95aabc3 cdd13f12 e2ed9ef0
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b8e74863 95753987 dc82e6d5 95e99c9e c166f6b0 281377e8 e8e9917d b43cf54d
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 22685f0b 4bfa7d09 5130a49a d34fea3e e8e91298 2aa86771 f9f0d0ab 5abd73ae
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 07764aa0 95e655e8 24814ec6 d75d2635 a784e0f4 2bacbbbb e7c80852 53124f21
2025-04-23 07:33:23 ipsec,debug,packet ipsec: ff066a00 16ef4011 f43730d8 a63fba15 86a27c72 c98c713d 58617863 50e01e88
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 039b6393 03586c8f 2036fb64 8a4b436f 1754f4a0 1af6bc96 0fd8cc31 752754f7
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b2f4cf3f 6ae6210c 5119a1e5 21e94717 64a972b2 f433b73c c0e87a8d 66ad1907
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 60e79a30 9829ba8f a23efb0b d96dd3da d8314e36 f8441d34 ce834498 694030f3
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 4214ec6e ebdad3ab 67f6424d 85c8e115 621b9047 7c145181 5218d3f0 520d7b70
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 3f3ada95 44a82765 f5c3a1e2 fb6317ce c2226248 5228dfce fa5c0f79 67f75ba7
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 2d97efc8 b81d4e58 6aeb16a2 989d6cfa 1e61361e d8407e97 2774ff53 43defcdf
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 7bd64a32 508dbfd6 b3eda9b6 90b742b7 e69148bb 99d43246 f6f03917 fd647320
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 183e0a1e df487668 394af1b2 eb98b67e e1b97a4f 22ceeca9 c7f7fa8c 7d7f10b9
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 37e4b62d d05bb861 2955f864 6f3a4932 e036ccc4 dd0d70b0 768d8464 fce116ce
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 9a12e9d2 6a41901e e3a4343d 2814aa08 13a2bf59 ad172360 8375b5ac b9696527
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 60bff97d f5354d0c 86fe4dfb dc0937f0
2025-04-23 07:33:23 ipsec,debug ipsec: ===== received 1776 bytes from 193.188.192.110[4500] to 192.168.0.15[4500]
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6d26da32 86370563 82d44383 e60b845e 2e202320 00000001 000006f0 240006d4
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 9db0cb29 44ee9a01 a10466c4 18eed55f 3a4b50b2 739061d5 83f75685 c43e1c02
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0ccf836b bc2c4a12 3ace60c6 8223cc96 9294da39 96e35f75 981460af 9766c571
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 90b3534b 0cdc6389 0a10467b 02b476f7 ea21585b e9f726ca 4885cfe0 a7dceb92
2025-04-23 07:33:23 ipsec,debug,packet ipsec: cae34018 f6b1ce7d 50c9b216 9bfe5451 6253dfe2 1b6a48a6 c88bacc4 cb3cb2ae
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 14cb6903 a39c24f1 b72b328b 0ed93b1e 857dcc52 661e39e1 9b4c0375 8110c6f3
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 81b3b3c8 7f5c87ae bd0fa149 95f152ec 261b8ca3 4cc88263 a13ffc73 78b94f15
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 061668ea 856b8586 f3e7af0d 403f346b 102ebf6d fbb366ef 8c131ba2 eb97e751
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c14b9bd4 df010d73 b83a8a87 bc3523fd fb273be2 3f50308f ab564b37 09a037e1
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 2413f341 efecdfb1 3aa8ba86 872c9d59 6b5e395e 167f13b9 4bf9e6c8 7a1b625c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: bc82b59c 090dae50 8df67e33 53d8270d 7189b02f 4bf3ac6a cc78f4fd 36fff76e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 358ae317 2721166c b1dcaff0 554141eb f8f249d9 24544692 b1599744 e81e7490
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 59c28587 f4260cfb 943c0942 a226b50e 0bae1d77 06ade14d 92ef9757 c8de8165
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c7989cf2 dc5756f8 8bcf7828 64711bfe 458bd399 f6683514 32850ecc ab53505a
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 220fc697 17cebfd3 00648c55 02292d11 e0398dea 9c233d5a e7782904 bf8c14a2
2025-04-23 07:33:23 ipsec,debug,packet ipsec: f1855616 8d94cfca d2a4b3ed c7eaa3a6 aa0aa0d5 dc351ab7 4567427e 0aa798b7
2025-04-23 07:33:23 ipsec,debug,packet ipsec: bf148e10 eee977de 3063852e c2da45e0 42626737 4c6ab023 87c669b6 fd598882
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 59a57ee0 63d7177d a32d5f05 525ee63a 6d240179 a4852aee 663e02b6 ef640001
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 9f8bfd71 a0fd3230 ccf46276 cc416c32 4975d3d4 39c2be0f 219f0727 ef445270
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6c3431fa 53684113 31f884fd 679555c8 ff16f088 534dc7ba dd802b31 2992abf0
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c632bfad 4f404369 cfb8e923 f62c3f2e 1b5c72fc 0f272814 e714f631 604a80e9
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6ba2366e 3bd50482 d938fe9e 6b45a8cc befde685 e1d4a787 20b93437 3362fff5
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 13964a8c b864b814 fc516103 0c503679 afd9b311 4e423977 c065a528 f5c3850c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 715566fb 79a0f0dc 7934a405 a516224e f26692ad 4b34e943 cc56ab01 c53275cb
2025-04-23 07:33:23 ipsec,debug,packet ipsec: cfb1a77c 8abb27a5 1862338e 4e9e3ef2 bd9f2c25 520b7fd9 50963379 adcb69a0
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c2505970 b8ff078e 09f68bcb b24e1715 abae6788 e84b0694 a809bb9a cd55eed8
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 870c7e5f 885982dd 23f8092f 52c6f2c8 32948c71 06c3b509 29b22938 8d1b12d0
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 7697b828 c97a8203 4d8e437a 396b096b 38678f55 287e2f8b 40f7d141 9d77b0d8
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 202815f0 b6b20aae a5909fdf af1dc7f9 4d6bb257 b43e9107 b103dec1 408a1019
2025-04-23 07:33:23 ipsec,debug,packet ipsec: bb80ef01 1db37301 7dd25ecc 63181a15 3d29b943 9028fb19 ef962d93 06df70d8
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 3a545ae8 97932e6c b635e758 63512839 1cff863c 3c11afb1 26ae96e4 a27633cd
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 166299e0 60a5161a ac65560a ac114822 4d7893dc 67432c69 bcb44e53 72025210
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 3d1147fa 65f76e18 000dbc83 5622afb2 ef4e5bd2 8e60e858 be6a3904 16aa5e0b
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 4ca6132b 17e4fb74 a80b099d 2ee2dbda cf3a201e 61589fb5 3dad3618 c23933d8
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c78f5708 79953be6 22fae8fb 47dfde72 7e0be901 3d91a537 2b6f1d32 c008278c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: e921de49 f8688b5c dc85ffb1 2f7bff3c 1f320536 9da258ca 001b21cb f21ceaee
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 82f87e6c 256ae3bc 138e64e8 5a7af11e 5dfeec47 8d645dd2 38892143 5e2110ba
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8c7ccb6f a6d467fc 44461f16 adc73dbc 637557b3 cf0f84b3 40ac2de8 18539d80
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 566b6a2f 527335f6 81d64935 79b8e00d 9ecd253d da19a1a2 272aebd0 89e47a45
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 38ff1833 5c2458db 2676b9ee 9a4cb2a7 0a959bfc 45af10a6 8f7cedfb 008dd2c8
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0f01bcc4 d084bafc 1991be66 198eb14a 760572a9 d3cff5cd dcc974eb b711135a
2025-04-23 07:33:23 ipsec,debug,packet ipsec: d85e2464 c1049e83 2ddb1734 e12b2880 21ea09f7 305f1b26 e876dc27 04e90d29
2025-04-23 07:33:23 ipsec,debug,packet ipsec: e5551492 ab156b8c 53785d8a 131eaaee fb915e34 941d68b9 d21cd18b c90767cb
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 252b8d37 8b66cd1a 782e365f d416694c b8af8c8d 80a0a0f1 f3e9c8dd 019783ff
2025-04-23 07:33:23 ipsec,debug,packet ipsec: e7c8ff49 4a7f8fe8 086651ee f8b7de5b e1a62aae 4ed4c753 41f246be 66eb731f
2025-04-23 07:33:23 ipsec,debug,packet ipsec: ad628d1e 3ea0ee29 da28f89c d6202a79 84e69482 f4f21ba5 6076fb2c aeaa1f01
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 29ade080 29b8fb87 c7e725a6 74a8976f f27fd436 25750eac fe272b05 44033dc2
2025-04-23 07:33:23 ipsec,debug,packet ipsec: aec71bcf a23beed8 46a6dcdd be51d760 add180c9 4c75e3b9 b58e19ef 4c56bb9e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 97d6cf8b 1788c427 40964e92 081d8987 45481327 a1ff65af 2db91d30 086abbe4
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 394f59f0 cde72e39 f490f495 160dd431 38404db9 6e0618ac 078452e1 dfa8c425
2025-04-23 07:33:23 ipsec,debug,packet ipsec: d21bc465 0be40d33 abdcf8b3 7f0a5250 c8aa6d4c 698c696d 277e379b 46de8f76
2025-04-23 07:33:23 ipsec,debug,packet ipsec: de2fdcbc 5e0cd526 82c84c75 d8ec8b46 1a73a4d8 9c7a6a46 cb8ffd2a 971c896f
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 710f99e2 40d29131 9dee29fc 777dc4ec 9aa40ecf b6dc1817 d53c3d38 30abbc97
2025-04-23 07:33:23 ipsec,debug,packet ipsec: cd0689d5 0856a227 c22e2b99 54c7887c 9371161c d5a3e1fc 31d5e719 63d34122
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 4eb5e9cf 5e26180c 5d981e79 979f74b2 66598fa4 8cb2d66f 8945a108 774f604c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: a5f68be4 51459320 664993b8 b464ebac
2025-04-23 07:33:23 ipsec ipsec: → ike2 reply, exchange: AUTH:1 193.188.192.110[4500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec ipsec: payload seen: ENC (1748 bytes)
2025-04-23 07:33:23 ipsec ipsec: processing payload: ENC
2025-04-23 07:33:23 ipsec,debug ipsec: => iv (size 0x10)
2025-04-23 07:33:23 ipsec,debug ipsec: 9db0cb29 44ee9a01 a10466c4 18eed55f
2025-04-23 07:33:23 ipsec,debug ipsec: decrypted packet
2025-04-23 07:33:23 ipsec,debug,packet ipsec: => decrypted packet (size 0x6c8)
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6d26da32 86370563 82d44383 e60b845e 24202320 00000001 000006c8 2500000c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 01000000 c1bcc06e 27000510 04308205 07308202 efa00302 01020208 43da0808
2025-04-23 07:33:23 ipsec,debug,packet ipsec: fff81225 300d0609 2a864886 f70d0101 0b050030 79310b30 09060355 04061302
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 48553111 300f0603 5504080c 08427564 61706573 74311130 0f060355 04070c08
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 42756461 70657374 31153013 06035504 0a0c0c43 79626572 506f696e 74657231
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0e300c06 0355040b 0c054350 2d503131 1d301b06 03550403 0c144379 62657250
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6f696e74 65722052 6f6f7420 4341301e 170d3235 30343138 30383333 30355a17
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0d323730 34313830 38333330 355a3074 310b3009 06035504 06130248 55311130
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0f060355 04080c08 42756461 70657374 3111300f 06035504 070c0842 75646170
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 65737431 15301306 0355040a 0c0c4379 62657250 6f696e74 6572310e 300c0603
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 55040b0c 0543502d 50313118 30160603 5504030c 0f313933 2e313838 2e313932
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 2e313130 30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 02820101 00b97aa1 413e8b34 d1ecbc43 3e20e943 e2536b9a 1e2de4b7 0e4e7db6
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 2a49be37 ef6060b7 276166dc cc40333f 532b3b73 ff37cce0 9f28618a f64aeac5
2025-04-23 07:33:23 ipsec,debug,packet ipsec: ba243572 765d5a26 3ee32d39 cf47bca3 469661f3 16194e1e 6ff2e659 9bd3636c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8328a658 c22e98d4 8fa12682 0013d66d 75bab884 bc04d9ac 6b415777 712e288b
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 221511c3 047c42c1 d6db0a7c 75b94580 f8eb4809 528aff09 fc07672c d2d75b1b
2025-04-23 07:33:23 ipsec,debug,packet ipsec: d4ea1708 3fd5ce1a d274416a 398d9e40 3e144504 d0058000 52b8f7df ff7c2fef
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b35ce582 ce507f53 01c85baf cc0e1fc9 0c43a1e3 20d6a4b6 f6a6bf6f 1ac0b5a7
2025-04-23 07:33:23 ipsec,debug,packet ipsec: a2291390 3e722548 442a790a 1e4fb498 e27aed0d 20a68851 6c0d0458 0f01220a
2025-04-23 07:33:23 ipsec,debug,packet ipsec: dad93f83 f7020301 0001a381 97308194 300e0603 551d0f01 01ff0404 030205a0
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 30130603 551d2504 0c300a06 082b0601 05050703 01301d06 03551d0e 04160414
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 7faab2cf f82daa9d 85f718ce 8413c3fa 0885ea5c 301f0603 551d2304 18301680
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 144d0213 12b6970f 330437bc 5951d5b4 5aafa7c3 b6302d06 03551d11 04263024
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8704c1bc c06e821c 70726f74 65637469 6f6e312e 63796265 72706f69 6e746572
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 2e6e6574 300d0609 2a864886 f70d0101 0b050003 82020100 7a9befcd 44ad943b
2025-04-23 07:33:23 ipsec,debug,packet ipsec: d7b5689e f71d2fb8 8935a223 38fca27f a451a1a5 c39b2c87 2d8c0d8b 4d33f054
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 41d3bacc fc66841c 0910cb41 f19a3ace 0e35b047 6aa50e41 6ebf0dca 7fc758a9
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c1fa8dd9 c018e46d 0ed388cd 3f24a039 4ddf7a48 6822e629 5c742741 c9608b24
2025-04-23 07:33:23 ipsec,debug,packet ipsec: eeaa1fd8 37014766 23a33ced c08b96b9 c3d2ae46 e6457ccf c130675a 048dfec5
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 197232e5 e20c9a6c 67365e0d 7275b170 de3980e9 8cfb0e89 c4db5a18 3750ec7b
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 3cb63405 cb7901ec 3d36080e 0ad60bb8 1cc94fb3 6661f02d 1d0b17f9 eb405c68
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6beda09f f0521fc5 5e109ee7 286ad6ec ab3ce1fd 54bb4e7f 2cbc8c9c b5d8417b
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0efa4af9 a6914a91 b960a512 f74275df ac3b28ec 8a64f426 673fa89a 70280c29
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 27bb4f98 58702d11 f3002f5c 2da93bc1 287d3b1d a6672eae f082982f e91f8ced
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 44cedbcf 452b0041 10d7e7c5 3ccd644d 68bbf824 2a590607 dcdf2eae 57cbc68c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8fd34dc8 d5f18b92 ca343bdb 9086bdbd 30a0c1fa c88b964d 208e51d4 39492ebd
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6cea2472 e4791e1a 7aaa2c40 efb4be10 33ea5fdb 6328e8d6 43499352 070f42a6
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0d733177 9b35bee8 b3b0e5a5 d9e37e37 7a77d2c0 0f67a69f 4e56338c b1e3eabc
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 14460bfb 2fb90870 7706f7c3 6b82a8ac 28005907 604a9b70 2a731e4a 7ba4f6fd
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 4a62f618 b8b3a939 4006f0df 0f49aed0 4e6e70a9 85f13977 df6753b5 24907bdc
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c930f700 b309b767 4c8207e7 f182344c f9f19e46 dbdae3b2 2f000108 01000000
2025-04-23 07:33:23 ipsec,debug,packet ipsec: a0256297 a081fb8b fd57da5a 09422842 78816a12 4fb73b49 64074b5c 523cf09e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: e6e306a6 1aa181e5 3c76f04a e53be550 4cf3d9b2 5a8e5dd0 0387ff0f 7418853b
2025-04-23 07:33:23 ipsec,debug,packet ipsec: e70cfc98 1005d010 700a07b0 ddf7f163 41dbda38 a36e0289 4e1a06fa 285d6f28
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 8bf507bc 95d9d594 3e1f79db b3d98b44 67067ca1 c76e08af 191de4ae 03c7df82
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 9bfbb488 09f91e8f 744c0599 db10cf1c 4191cd5c d1456766 11412aa4 9bf0351d
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 2d104402 625d4a23 2073ae21 62bc9340 74091721 0e3646a6 145c715e 9ab1c94b
2025-04-23 07:33:23 ipsec,debug,packet ipsec:
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c73a7b65 9af143b1 9f0441ab b5a41650 d7cbc97e 302727b3 f5adfb10 f6eabf13
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 961efdc8 a11c540b c12f697c 3406db02 fc9b9f22 5dae3eda 7e3ccbdc 3953d3bd
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 21000020 02000000 00010004 0a000101 00030004 01010101 00030004 01000001
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 2c00002c 00000028 01030403 c47642a7 0300000c 0100000c 800e0100 03000008
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0300000c 00000008 05000000 2d000018 01000000 07000010 0000ffff 0a000100
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0a0001ff 29000018 01000000 07000010 0000ffff 0a000000 0a0000ff 0000000c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 00004013 00000d1e
2025-04-23 07:33:23 ipsec ipsec: payload seen: ID_R (12 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: CERT (1296 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: AUTH (264 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: CONFIG (32 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: SA (44 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: TS_I (24 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: TS_R (24 bytes)
2025-04-23 07:33:23 ipsec ipsec: payload seen: NOTIFY (12 bytes)
2025-04-23 07:33:23 ipsec ipsec: processing payloads: NOTIFY
2025-04-23 07:33:23 ipsec ipsec: notify: unknown 0x4013
2025-04-23 07:33:23 ipsec,debug ipsec: 00000d1e
2025-04-23 07:33:23 ipsec ipsec: ike auth: initiator finish
2025-04-23 07:33:23 ipsec ipsec: processing payload: ID_R
2025-04-23 07:33:23 ipsec ipsec: ID_R (ADDR4): 193.188.192.110
2025-04-23 07:33:23 ipsec ipsec: processing payload: AUTH
2025-04-23 07:33:23 ipsec ipsec: requested auth method: RSA
2025-04-23 07:33:23 ipsec,debug ipsec: => peer’s auth (size 0x100)
2025-04-23 07:33:23 ipsec,debug ipsec: a0256297 a081fb8b fd57da5a 09422842 78816a12 4fb73b49 64074b5c 523cf09e
2025-04-23 07:33:23 ipsec,debug ipsec: e6e306a6 1aa181e5 3c76f04a e53be550 4cf3d9b2 5a8e5dd0 0387ff0f 7418853b
2025-04-23 07:33:23 ipsec,debug ipsec: e70cfc98 1005d010 700a07b0 ddf7f163 41dbda38 a36e0289 4e1a06fa 285d6f28
2025-04-23 07:33:23 ipsec,debug ipsec: 8bf507bc 95d9d594 3e1f79db b3d98b44 67067ca1 c76e08af 191de4ae 03c7df82
2025-04-23 07:33:23 ipsec,debug ipsec: 9bfbb488 09f91e8f 744c0599 db10cf1c 4191cd5c d1456766 11412aa4 9bf0351d
2025-04-23 07:33:23 ipsec,debug ipsec: 2d104402 625d4a23 2073ae21 62bc9340 74091721 0e3646a6 145c715e 9ab1c94b
2025-04-23 07:33:23 ipsec,debug ipsec: c73a7b65 9af143b1 9f0441ab b5a41650 d7cbc97e 302727b3 f5adfb10 f6eabf13
2025-04-23 07:33:23 ipsec,debug ipsec: 961efdc8 a11c540b c12f697c 3406db02 fc9b9f22 5dae3eda 7e3ccbdc 3953d3bd
2025-04-23 07:33:23 ipsec ipsec: using certificate from identity config
2025-04-23 07:33:23 ipsec ipsec: Certificate:
2025-04-23 07:33:23 ipsec ipsec: serialNr: 2c:b7:dc:d6:aa:cf:a4:e8
2025-04-23 07:33:23 ipsec ipsec: issuer: <C=HU, S=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA>
2025-04-23 07:33:23 ipsec ipsec: subject: <C=HU, S=Budapest, L=Budapest, O=CyberPointer, OU=CP-P1, CN=CyberPointer Root CA>
2025-04-23 07:33:23 ipsec ipsec: notBefore: Fri Apr 18 08:26:19 2025
2025-04-23 07:33:23 ipsec ipsec: notAfter: Mon Apr 16 08:26:19 2035
2025-04-23 07:33:23 ipsec ipsec: selfSigned:1
2025-04-23 07:33:23 ipsec ipsec: extensions:
2025-04-23 07:33:23 ipsec ipsec: key usage: key-cert-sign, crl-sign
2025-04-23 07:33:23 ipsec ipsec: basic constraints: isCa: TRUE
2025-04-23 07:33:23 ipsec ipsec: subject key id: 4d:02:13:12:b6:97:0f:33:04:37:bc:59:51:d5:b4:5a:af:a7:c3:b6
2025-04-23 07:33:23 ipsec ipsec: CRL distribution points:
2025-04-23 07:33:23 ipsec ipsec: URI: > http://193.188.192.110/crl/196.crl
2025-04-23 07:33:23 ipsec ipsec: signed with: SHA256+RSA
2025-04-23 07:33:23 ipsec ipsec: [RSA-PUBLIC]
2025-04-23 07:33:23 ipsec ipsec: modulus: b7dcebb86c58a9f89c3c1da17848ab845a6b8f617b257b99b1d37dcdc9b3e7a6f0699dd4ac9c3407bde16bcd8986fe3cb707712423f16c509a13f9ec8b8c72af28004f422f5a5efb6781afa3a94dd97b4f28b67a759353d3f8c1313206d9ab8ae53786ae224644a20bea5d1dea3e5528d5fdb9fad594d6ec3467956b7c84869e6356bbe824adacf86db2f63a4edd33709c3e11bf068b89e8b3e0610dfb80ed0e3872151b0f7b647f037dbf2dad4f8e774d9f03811e283fc4235b184d6307523dd80746eb73f402533c5f9e9c62e2b0a9e6b08100be57c9affbe23c8e88816e84b56d6285f32efb484c3a3abfa25160409fab59d161706a21a1603459200b2756b3922bdae1e1465e590967832ae7c6016a3be011b55f495743aeae8fd0fc678960c4109d92551e6d69e19c6198127ff2b439404f3df9024e2714ee56258a802ef551d2018ab87155b6a7134a277d4bc94f758821d733f53df8dafb94a9decf3803cfe19adf176bcdd376e2ae2fd9a8f2b8bbfca7ad075552d92f9d8806ec52b50894908933a9f0ad2f90395d8a489fab3d39d189da9ed9e7b610a37ca2162c44d07fe3a055f6bfae0b5d19b68bd5c90357f6abeb4cf029cd634fb01f8b80f4d8cfeffe4fb796381da52f126fe131ea29f608a8062c9758cbb2ca3e5cd2e22f72092b45ac9e31dd7498a70c488399529e0bdd5dd9eb5
2025-04-23 07:33:23 ipsec ipsec: 1688030c21ad19972da65
2025-04-23 07:33:23 ipsec ipsec: publicExponent: 10001
2025-04-23 07:33:23 ipsec ipsec: trust chain:
2025-04-23 07:33:23 ipsec ipsec: 0: SKID: 4d:02:13:12:b6:97:0f:33:04:37:bc:59:51:d5:b4:5a:af:a7:c3:b6
2025-04-23 07:33:23 ipsec,debug ipsec: => auth nonce (size 0x18)
2025-04-23 07:33:23 ipsec,debug ipsec: 685bb565 7db4dd2e b4d3af10 da699952 f243dea4 d92460da
2025-04-23 07:33:23 ipsec,debug ipsec: => SK_p (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: 11d3cc5e a7434e88 acb0335a 0ee14976 d8bbc4b8 4e0444ed 675dd691 6bc9b9db
2025-04-23 07:33:23 ipsec,debug ipsec: => idhash (size 0x20)
2025-04-23 07:33:23 ipsec,debug ipsec: 5b38b1f5 66a5d575 21ff5bff 5acdf806 42570e3a 71a35807 f8494d43 d30c1394
2025-04-23 07:33:23 ipsec,debug ipsec: retrying with hash function form certificate: SHA256
2025-04-23 07:33:23 ipsec,error digital signature verification failed
2025-04-23 07:33:23 ipsec,error ipsec: digital signature verification failed
2025-04-23 07:33:23 ipsec,info,account peer failed to authorize: Logging-Server 192.168.0.15[4500]-193.188.192.110[4500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec,info,account ipsec: peer failed to authorize: Logging-Server 192.168.0.15[4500]-193.188.192.110[4500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec ipsec: send notify: AUTHENTICATION_FAILED
2025-04-23 07:33:23 ipsec ipsec: adding notify: AUTHENTICATION_FAILED
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0x8)
2025-04-23 07:33:23 ipsec,debug ipsec: 00000008 00000018
2025-04-23 07:33:23 ipsec ipsec: ← ike2 request, exchange: INFORMATIONAL:2 193.188.192.110[4500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec,debug,packet ipsec: => outgoing plain packet (size 0x24)
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6d26da32 86370563 82d44383 e60b845e 29202508 00000002 00000024 00000008
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 00000018
2025-04-23 07:33:23 ipsec ipsec: adding payload: ENC
2025-04-23 07:33:23 ipsec,debug ipsec: => (size 0xd4)
2025-04-23 07:33:23 ipsec,debug ipsec: 290000d4 4ca5f68b e4514593 20664993 b8b464eb fb370228 9c2628ae 7ce9180f
2025-04-23 07:33:23 ipsec,debug ipsec: 46c5c142 6d0ae807 38ec5dad d1dadee0 933b5967 86b88b5a 0082718a efbd9ac8
2025-04-23 07:33:23 ipsec,debug ipsec: d9438d5c ae5977e2 0a90f49b ecbc2a9c 66c374b1 210a54fe 64c6db84 aca0902f
2025-04-23 07:33:23 ipsec,debug ipsec: e1528393 9ae88af2 21502758 c8eb6003 a6222c8d 5baef718 5087589c fd26ada7
2025-04-23 07:33:23 ipsec,debug ipsec: 0b557d26 1bce5a2d 4430f3aa 0def8dc4 5165204f 55c7c691 dbe161bb 840c8025
2025-04-23 07:33:23 ipsec,debug ipsec: 0c9dfaa8 c6538083 aec04809 014a64b2 c2f94834 45d94e0a f8ca78d6 5e289fbd
2025-04-23 07:33:23 ipsec,debug ipsec: c2a63f63 00000000 00000000 00000000 00000000
2025-04-23 07:33:23 ipsec,debug ipsec: ===== sending 240 bytes from 192.168.0.15[4500] to 193.188.192.110[4500]
2025-04-23 07:33:23 ipsec,debug ipsec: 1 times of 244 bytes message will be sent to 193.188.192.110[4500]
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6d26da32 86370563 82d44383 e60b845e 2e202508 00000002 000000f0 290000d4
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 4ca5f68b e4514593 20664993 b8b464eb fb370228 9c2628ae 7ce9180f 46c5c142
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6d0ae807 38ec5dad d1dadee0 933b5967 86b88b5a 0082718a efbd9ac8 d9438d5c
2025-04-23 07:33:23 ipsec,debug,packet ipsec: ae5977e2 0a90f49b ecbc2a9c 66c374b1 210a54fe 64c6db84 aca0902f e1528393
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 9ae88af2 21502758 c8eb6003 a6222c8d 5baef718 5087589c fd26ada7 0b557d26
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 1bce5a2d 4430f3aa 0def8dc4 5165204f 55c7c691 dbe161bb 840c8025 0c9dfaa8
2025-04-23 07:33:23 ipsec,debug,packet ipsec: c6538083 aec04809 014a64b2 c2f94834 45d94e0a f8ca78d6 5e289fbd c2a63f63
2025-04-23 07:33:23 ipsec,debug,packet ipsec: a8295022 a2db2df5 eafa6531 ef0b7194
2025-04-23 07:33:23 ipsec,info killing ike2 SA: Logging-Server 192.168.0.15[4500]-193.188.192.110[4500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec,info ipsec: killing ike2 SA: Logging-Server 192.168.0.15[4500]-193.188.192.110[4500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec ipsec: KA remove: 192.168.0.15[4500]->193.188.192.110[4500]
2025-04-23 07:33:23 ipsec,debug ipsec: KA tree dump: 192.168.0.15[4500]->193.188.192.110[4500] (in_use=1)
2025-04-23 07:33:23 ipsec,debug ipsec: KA removing this one…
2025-04-23 07:33:23 ipsec,debug ipsec: ===== received 80 bytes from 193.188.192.110[4500] to 192.168.0.15[4500]
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 6d26da32 86370563 82d44383 e60b845e 2e202520 00000002 00000050 00000034
2025-04-23 07:33:23 ipsec,debug,packet ipsec: b58bc975 a52e3d71 2469c573 7a1dce4f 8e7b4d6b 2df99487 84261a3f 28a4a0f8
2025-04-23 07:33:23 ipsec,debug,packet ipsec: 0bef72cc 758a1741 1ab1cd59 9dd3c3f4
2025-04-23 07:33:23 ipsec ipsec: → ike2 reply, exchange: INFORMATIONAL:2 193.188.192.110[4500] 6d26da3286370563:82d44383e60b845e
2025-04-23 07:33:23 ipsec ipsec: SPI 6d26da3286370563 not registered for 193.188.192.110[4500]

Thank you for your help and advice, I’ve tried everything on the Mikrotik side in my distress but it won’t give up.
May I ask if you, as an operator, also use this method to create and configure certificates?
I am starting to give up on this method because I simply cannot figure out what else is waiting, what I need to specify to make it work.

Regards: DrCyberg

drcyberg · April 23, 2025, 6:45am

I finally managed to get it working. The error was a problem with the certificate settings. However, I don’t understand why the remote certificate option on Mikrotik shouldn’t be the server’s certificate (Server Root CA)? Why should the remote certificate be ignored in this case?
Thank you!
Regards: DrCyberg

sindy · April 23, 2025, 10:14am

The last RouterOS log you’ve posted shows that you have set the CA certificate as the remote-certificate on the /ip ipsec identity row, which of course cannot work.

The IPsec stack can be set to accept any peer certificate signed by any CA it trusts as a proof that the peer can be trusted too, which is what you have configured now. But you can also set it to check the individual identity of the peer by comparing the subject of the certificate presented by the peer with the subject of the certificate you have configured as remote-certificate for the identity. But in that case, this parameter must refer to the actual certificate of the server, not the CA one like it seems you have configured it.

2025-04-23 07:33:23 ipsec ipsec: using certificate from identity config
…
2025-04-23 07:33:23 ipsec ipsec: selfSigned:1

drcyberg · April 25, 2025, 11:00am

The last RouterOS log you’ve posted shows that you have set the CA certificate as the remote-certificate on the /ip ipsec identity row, which of course cannot work.

The IPsec stack can be set to accept any peer certificate signed by any CA it trusts as a proof that the peer can be trusted too, which is what you have configured now. But you can also set it to check the individual identity of the peer by comparing the subject of the certificate presented by the peer with the subject of the certificate you have configured as remote-certificate for the identity. But in that case, this parameter must refer to the actual certificate of the server, not the CA one like it seems you have configured it.

2025-04-23 07:33:23 ipsec ipsec: using certificate from identity config
…
2025-04-23 07:33:23 ipsec ipsec: selfSigned:1

Thank you for the suggestions and useful information, I will act accordingly and try it out, because I am finally on the right track.

Regards: DrCyberg