Hello community!!
I have routeros 7.16 configured with L2tp with pre-shared key.
The configuration is simple and I have no problem connecting with another mikrotik from another location.

The problem has been recent with Windows 11, for 1 month I don’t know what has happened but it doesn’t connect and I can’t find out what has happened, my windows vpn connection is configured the same as others I have for other Mikrotik routers from other locations (all with routeros 6).
I think the problem is in version 7.16 but I can’t find the problem.

Do you know if there is a bug in windows or something similar?

Thanks for the answers.

Debugging is the only way to find out.
On the Mikrotik, do the following:
/system logging add topics=ipsec,!packet
/system logging ad topics=l2tp
/log print follow-only file=l2tp-ipsec-start where topics~“ipsec|l2tp”
Next, make a connection attempt from the Windows, wait until it fails, and then stop the /log print … command by pressing Ctrl-C.
Download the file l2tp-ipsec-start.txt and open it using a text editor. If you can’t see what’s wrong, and if you are concerned about revealing your public addresses, replace them sytematically in the log using the find&replace feature of the editor by something like ip.of.the.router and ip.of.the.pc, and post the modified file here as an attachment or inside the post between [code] and [/code] tags. And post also the export of the configuration, also properly obfuscated - same substitution for the public IP address, removal of any credentials to external services, serial numbers etc.
Does the Mikrotik have a public address on itself or is it behind another router with NAT and port forwarding?

Hi,
this is the debug I got after following your instructions, I hope you can help me with this information.

--------------------------- file debug----------------

Client Window - (ip changed) 22.22.22.22
Server Mikrotik – ip changed) 77.77.77.77

21:45:57 ipsec,debug ===== received 408 bytes from 22.22.22.22[500] to 192.168.1.2[500]
21:45:57 ipsec,debug ===
21:45:57 ipsec,info respond new phase 1 (Identity Protection): 192.168.1.2[500]<=>22.22.22.22[500]
21:45:57 ipsec,debug begin.
21:45:57 ipsec,debug seen nptype=1(sa) len=212
21:45:57 ipsec,debug seen nptype=13(vid) len=24
21:45:57 ipsec,debug seen nptype=13(vid) len=24
21:45:57 ipsec,debug seen nptype=13(vid) len=20
21:45:57 ipsec,debug seen nptype=13(vid) len=20
21:45:57 ipsec,debug seen nptype=13(vid) len=20
21:45:57 ipsec,debug seen nptype=13(vid) len=20
21:45:57 ipsec,debug seen nptype=13(vid) len=20
21:45:57 ipsec,debug seen nptype=13(vid) len=20
21:45:57 ipsec,debug succeed.
21:45:57 ipsec,debug received unknown Vendor ID
21:45:57 ipsec,debug 01528bbb c0069612 1849ab9a 1c5b2a51 00000001
21:45:57 ipsec received MS NT5 ISAKMPOAKLEY ID version: 9
21:45:57 ipsec,debug allow ph1 rekey as a responder
21:45:57 ipsec received Vendor ID: RFC 3947
21:45:57 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02\n
21:45:57 ipsec received Vendor ID: FRAGMENTATION
21:45:57 ipsec Fragmentation enabled
21:45:57 ipsec,debug received unknown Vendor ID
21:45:57 ipsec,debug fb1de3cd f341b7ea 16b7e5be 0855f120
21:45:57 ipsec,debug received unknown Vendor ID
21:45:57 ipsec,debug 26244d38 eddb61b3 172a36e3 d0cfb819
21:45:57 ipsec,debug received unknown Vendor ID
21:45:57 ipsec,debug e3a5966a 76379fe7 07228231 e5ce8652
21:45:57 ipsec 22.22.22.22 Selected NAT-T version: RFC 3947
21:45:57 ipsec,debug total SA len=208
21:45:57 ipsec,debug 00000001 00000001 000000c8 01010005 03000028 01010000 80010007 800e0100
21:45:57 ipsec,debug 80020002 80040014 80030001 800b0001 000c0004 00007080 03000028 02010000
21:45:57 ipsec,debug 80010007 800e0080 80020002 80040013 80030001 800b0001 000c0004 00007080
21:45:57 ipsec,debug 03000028 03010000 80010007 800e0100 80020002 8004000e 80030001 800b0001
21:45:57 ipsec,debug 000c0004 00007080 03000024 04010000 80010005 80020002 8004000e 80030001
21:45:57 ipsec,debug 800b0001 000c0004 00007080 00000024 05010000 80010005 80020002 80040002
21:45:57 ipsec,debug 80030001 800b0001 000c0004 00007080
21:45:57 ipsec,debug begin.
21:45:57 ipsec,debug seen nptype=2(prop) len=200
21:45:57 ipsec,debug succeed.
21:45:57 ipsec,debug proposal #1 len=200
21:45:57 ipsec,debug begin.
21:45:57 ipsec,debug seen nptype=3(trns) len=40
21:45:57 ipsec,debug seen nptype=3(trns) len=40
21:45:57 ipsec,debug seen nptype=3(trns) len=40
21:45:57 ipsec,debug seen nptype=3(trns) len=36
21:45:57 ipsec,debug seen nptype=3(trns) len=36
21:45:57 ipsec,debug succeed.
21:45:57 ipsec,debug transform #1 len=40
21:45:57 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
21:45:57 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:45:57 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
21:45:57 ipsec,debug hash(sha1)
21:45:57 ipsec,debug type=Group Description, flag=0x8000, lorv=384-bit random ECP group
21:45:57 ipsec,debug dh(ecp384)
21:45:57 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
21:45:57 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
21:45:57 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
21:45:57 ipsec,debug transform #2 len=40
21:45:57 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
21:45:57 ipsec,debug type=Key Length, flag=0x8000, lorv=128
21:45:57 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
21:45:57 ipsec,debug hash(sha1)
21:45:57 ipsec,debug type=Group Description, flag=0x8000, lorv=256-bit random ECP group
21:45:57 ipsec,debug dh(ecp256)
21:45:57 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
21:45:57 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
21:45:57 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
21:45:57 ipsec,debug transform #3 len=40
21:45:57 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
21:45:57 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:45:57 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
21:45:57 ipsec,debug hash(sha1)
21:45:57 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
21:45:57 ipsec,debug dh(modp2048)
21:45:57 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
21:45:57 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
21:45:57 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
21:45:57 ipsec,debug transform #4 len=36
21:45:57 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
21:45:57 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
21:45:57 ipsec,debug hash(sha1)
21:45:57 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
21:45:57 ipsec,debug dh(modp2048)
21:45:57 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
21:45:57 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
21:45:57 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
21:45:57 ipsec,debug transform #5 len=36
21:45:57 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
21:45:57 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
21:45:57 ipsec,debug hash(sha1)
21:45:57 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
21:45:57 ipsec,debug dh(modp1024)
21:45:57 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
21:45:57 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
21:45:57 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
21:45:57 ipsec,debug pair 1:
21:45:57 ipsec,debug 0x9bd00: next=0 tnext=0xaf210
21:45:57 ipsec,debug 0xaf210: next=0 tnext=0x9d2a0
21:45:57 ipsec,debug 0x9d2a0: next=0 tnext=0x9d2c0
21:45:57 ipsec,debug 0x9d2c0: next=0 tnext=0x9a170
21:45:57 ipsec,debug 0x9a170: next=0 tnext=0
21:45:57 ipsec,debug proposal #1: 5 transform
21:45:57 ipsec,debug -checking with pre-shared key auth-
21:45:57 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=5
21:45:57 ipsec,debug trns#=1, trns-id=IKE
21:45:57 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
21:45:57 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:45:57 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
21:45:57 ipsec,debug type=Group Description, flag=0x8000, lorv=384-bit random ECP group
21:45:57 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
21:45:57 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
21:45:57 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
21:45:57 ipsec,debug -compare proposal #1: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = AES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 128:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 2048-bit MODP group:384-bit random ECP group
21:45:57 ipsec,debug -compare proposal #2: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = AES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 128:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 1024-bit MODP group:384-bit random ECP group
21:45:57 ipsec,debug -compare proposal #3: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = 3DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 2048-bit MODP group:384-bit random ECP group
21:45:57 ipsec,debug -compare proposal #4: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = 3DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 1024-bit MODP group:384-bit random ECP group
21:45:57 ipsec,debug -compare proposal #5: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 2048-bit MODP group:384-bit random ECP group
21:45:57 ipsec,debug -compare proposal #6: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 1024-bit MODP group:384-bit random ECP group
21:45:57 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=5
21:45:57 ipsec,debug trns#=2, trns-id=IKE
21:45:57 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
21:45:57 ipsec,debug type=Key Length, flag=0x8000, lorv=128
21:45:57 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
21:45:57 ipsec,debug type=Group Description, flag=0x8000, lorv=256-bit random ECP group
21:45:57 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
21:45:57 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
21:45:57 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
21:45:57 ipsec,debug -compare proposal #1: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = AES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 128:128)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 2048-bit MODP group:256-bit random ECP group
21:45:57 ipsec,debug -compare proposal #2: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = AES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 128:128)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 1024-bit MODP group:256-bit random ECP group
21:45:57 ipsec,debug -compare proposal #3: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = 3DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:128)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 2048-bit MODP group:256-bit random ECP group
21:45:57 ipsec,debug -compare proposal #4: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = 3DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:128)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 1024-bit MODP group:256-bit random ECP group
21:45:57 ipsec,debug -compare proposal #5: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:128)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 2048-bit MODP group:256-bit random ECP group
21:45:57 ipsec,debug -compare proposal #6: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:128)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 1024-bit MODP group:256-bit random ECP group
21:45:57 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=5
21:45:57 ipsec,debug trns#=3, trns-id=IKE
21:45:57 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
21:45:57 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:45:57 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
21:45:57 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
21:45:57 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
21:45:57 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
21:45:57 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
21:45:57 ipsec,debug -compare proposal #1: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = AES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 128:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 2048-bit MODP group:2048-bit MODP group
21:45:57 ipsec,debug -compare proposal #2: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = AES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 128:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
21:45:57 ipsec,debug -compare proposal #3: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = 3DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 2048-bit MODP group:2048-bit MODP group
21:45:57 ipsec,debug -compare proposal #4: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = 3DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
21:45:57 ipsec,debug -compare proposal #5: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 2048-bit MODP group:2048-bit MODP group
21:45:57 ipsec,debug -compare proposal #6: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = DES-CBC:AES-CBC
21:45:57 ipsec,debug (encklen = 0:256)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
21:45:57 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=5
21:45:57 ipsec,debug trns#=4, trns-id=IKE
21:45:57 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
21:45:57 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
21:45:57 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
21:45:57 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
21:45:57 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
21:45:57 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
21:45:57 ipsec,debug -compare proposal #1: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = AES-CBC:3DES-CBC
21:45:57 ipsec,debug (encklen = 128:0)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 2048-bit MODP group:2048-bit MODP group
21:45:57 ipsec,debug -compare proposal #2: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = AES-CBC:3DES-CBC
21:45:57 ipsec,debug (encklen = 128:0)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
21:45:57 ipsec,debug -compare proposal #3: Local:Peer
21:45:57 ipsec,debug (lifetime = 86400:28800)
21:45:57 ipsec,debug (lifebyte = 0:0)
21:45:57 ipsec,debug enctype = 3DES-CBC:3DES-CBC
21:45:57 ipsec,debug (encklen = 0:0)
21:45:57 ipsec,debug hashtype = SHA:SHA
21:45:57 ipsec,debug authmethod = pre-shared key:pre-shared key
21:45:57 ipsec,debug dh_group = 2048-bit MODP group:2048-bit MODP group
21:45:57 ipsec,debug -an acceptable proposal found-
21:45:57 ipsec,debug -agreed on pre-shared key auth-
21:45:57 ipsec,debug ===
21:45:57 ipsec,debug new cookie:
21:45:57 ipsec,debug 1586750070ab08b6
21:45:57 ipsec,debug add payload of len 52, next type 13
21:45:57 ipsec,debug add payload of len 16, next type 13
21:45:57 ipsec,debug add payload of len 16, next type 13
21:45:57 ipsec,debug add payload of len 20, next type 0
21:45:57 ipsec,debug 148 bytes from 192.168.1.2[500] to 22.22.22.22[500]
21:45:57 ipsec,debug 1 times of 148 bytes message will be sent to 22.22.22.22[500]
21:45:57 ipsec sent phase1 packet 192.168.1.2[500]<=>22.22.22.22[500] beacc1c439e4b8bc:1586750070ab08b6
21:45:58 ipsec,debug ===== received 388 bytes from 22.22.22.22[500] to 192.168.1.2[500]
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=4(ke) len=260
21:45:58 ipsec,debug seen nptype=10(nonce) len=52
21:45:58 ipsec,debug seen nptype=20(nat-d) len=24
21:45:58 ipsec,debug seen nptype=20(nat-d) len=24
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug 192.168.1.2 Hashing 192.168.1.2[500] with algo #2
21:45:58 ipsec,debug hash(sha1)
21:45:58 ipsec,debug NAT-D payload #0 doesn't match
21:45:58 ipsec,debug 22.22.22.22 Hashing 22.22.22.22[500] with algo #2
21:45:58 ipsec,debug hash(sha1)
21:45:58 ipsec,debug NAT-D payload #1 doesn't match
21:45:58 ipsec NAT detected: ME PEER
21:45:58 ipsec,debug ===
21:45:58 ipsec,debug 22.22.22.22 Hashing 22.22.22.22[500] with algo #2
21:45:58 ipsec,debug hash(sha1)
21:45:58 ipsec,debug 192.168.1.2 Hashing 192.168.1.2[500] with algo #2
21:45:58 ipsec,debug hash(sha1)
21:45:58 ipsec Adding remote and local NAT-D payloads.
21:45:58 ipsec,debug add payload of len 256, next type 10
21:45:58 ipsec,debug add payload of len 24, next type 20
21:45:58 ipsec,debug add payload of len 20, next type 20
21:45:58 ipsec,debug add payload of len 20, next type 0
21:45:58 ipsec,debug 364 bytes from 192.168.1.2[500] to 22.22.22.22[500]
21:45:58 ipsec,debug 1 times of 364 bytes message will be sent to 22.22.22.22[500]
21:45:58 ipsec sent phase1 packet 192.168.1.2[500]<=>22.22.22.22[500] beacc1c439e4b8bc:1586750070ab08b6
21:45:58 ipsec,debug => shared secret (size 0x100)
21:45:58 ipsec,debug 288bfaa9 097641bc 8717d33c 153a2907 b7b17698 848352c7 23b1b336 c004e3c0
21:45:58 ipsec,debug 38d48867 c6cbfe11 f432fc86 95a02dcc ac6664cc f5daf246 6f79c02a 3ce3b0f3
21:45:58 ipsec,debug 48e78dcf ef1a0390 d6570f8f b042d86f bd04c265 7e30e70a e904c606 13836ff0
21:45:58 ipsec,debug 6674f692 0f302535 12754180 2bccb4cd 197c7233 32cc6c7e e23618e0 5f578447
21:45:58 ipsec,debug 861620db e1460fe9 dcd45a92 235215e9 84d4139b 7035fe8c 4184c4f3 156cfb53
21:45:58 ipsec,debug 17740bde d0a9b7ea 2d12bac5 10c83d37 1766312a 426295ee f077bd75 75c0735b
21:45:58 ipsec,debug 7188bcc4 ddc8e196 b93485fb 1df500e9 ea224e63 f22df257 fd0e5994 9900f93f
21:45:58 ipsec,debug 336494ae be87b544 4a067dae 307db65e 12bb84ce 5657f769 6009d5cf 1ad96e10
21:45:58 ipsec,debug nonce 1:
21:45:58 ipsec,debug 43d155ce c9f71915 4843674d 86c00875 6b56f0b4 74f4d012 6810690a bd7b0755
21:45:58 ipsec,debug 55d33e42 3ab53419 f167b1f4 0665b15e
21:45:58 ipsec,debug nonce 2:
21:45:58 ipsec,debug c15ed9aa d5b50193 bb65f207 0a9eca96 663eab18 c5c54bfd
21:45:58 ipsec,debug SKEYID computed:
21:45:58 ipsec,debug 2dc3ad9f d0af1b87 f0770fc5 02dd2193 2d096897
21:45:58 ipsec,debug SKEYID_d computed:
21:45:58 ipsec,debug 3226e6be 4dd40834 a19e84d3 cb7e7e87 379dc142
21:45:58 ipsec,debug SKEYID_a computed:
21:45:58 ipsec,debug ac98ac17 5a1e0e54 ef9a9802 258d060b f0dcf1c3
21:45:58 ipsec,debug SKEYID_e computed:
21:45:58 ipsec,debug 68f23e5a 18b37155 173e3706 8b98e14f 48853fca
21:45:58 ipsec,debug hash(sha1)
21:45:58 ipsec,debug len(SKEYID_e) < len(Ka) (20 < 24), generating long key (Ka = K1 | K2 | ...)
21:45:58 ipsec,debug compute intermediate encryption key K1
21:45:58 ipsec,debug 00
21:45:58 ipsec,debug ba001da2 320b764c 43596816 1a0cfc38 2dcdaf3e
21:45:58 ipsec,debug compute intermediate encryption key K2
21:45:58 ipsec,debug ba001da2 320b764c 43596816 1a0cfc38 2dcdaf3e
21:45:58 ipsec,debug 1dbff078 79ec27e7 ef1277a8 68565d9f 4a01ed81
21:45:58 ipsec,debug final encryption key computed:
21:45:58 ipsec,debug ba001da2 320b764c 43596816 1a0cfc38 2dcdaf3e 1dbff078
21:45:58 ipsec,debug hash(sha1)
21:45:58 ipsec,debug IV computed:
21:45:58 ipsec,debug 80a77ffd a1c0ff2d
21:45:58 ipsec,debug ===== received 68 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:45:58 ipsec NAT-T: ports changed to: 22.22.22.22[4500]<=>192.168.1.2[4500]
21:45:58 ipsec KA list add: 192.168.1.2[4500]->22.22.22.22[4500]
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=5(id) len=12
21:45:58 ipsec,debug seen nptype=8(hash) len=24
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug HASH received:
21:45:58 ipsec,debug 2eeb28cb 95d54e4a 0c5acc1b 683048dd 1de7ddb4
21:45:58 ipsec,debug HASH for PSK validated.
21:45:58 ipsec,debug 22.22.22.22 peer's ID
21:45:58 ipsec,debug 01000000 c0a80022
21:45:58 ipsec,debug ===
21:45:58 ipsec,debug use ID type of IPv4_address
21:45:58 ipsec,debug generate HASH_R
21:45:58 ipsec,debug add payload of len 8, next type 8
21:45:58 ipsec,debug add payload of len 20, next type 0
21:45:58 ipsec,debug 68 bytes from 192.168.1.2[4500] to 22.22.22.22[4500]
21:45:58 ipsec,debug 1 times of 72 bytes message will be sent to 22.22.22.22[4500]
21:45:58 ipsec,info ISAKMP-SA established 192.168.1.2[4500]-22.22.22.22[4500] spi:beacc1c439e4b8bc:1586750070ab08b6
21:45:58 ipsec,debug ===
21:45:58 ipsec,debug ===== received 436 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:45:58 ipsec,debug hash(sha1)
21:45:58 ipsec,debug ===
21:45:58 ipsec respond new phase 2 negotiation: 192.168.1.2[4500]<=>22.22.22.22[4500]
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=8(hash) len=24
21:45:58 ipsec,debug seen nptype=1(sa) len=280
21:45:58 ipsec,debug seen nptype=10(nonce) len=52
21:45:58 ipsec,debug seen nptype=5(id) len=12
21:45:58 ipsec,debug seen nptype=5(id) len=12
21:45:58 ipsec,debug seen nptype=21(nat-oa) len=12
21:45:58 ipsec,debug seen nptype=21(nat-oa) len=12
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug received IDci2:
21:45:58 ipsec,debug 011106a5 c0a80022
21:45:58 ipsec,debug received IDcr2:
21:45:58 ipsec,debug 011106a5 02885697
21:45:58 ipsec,debug HASH(1) validate:
21:45:58 ipsec,debug 0cddb039 d853894c 2db9fac7 ffeea86c d73c044d
21:45:58 ipsec,debug total SA len=276
21:45:58 ipsec,debug 00000001 00000001 02000038 01030401 7be06a5e 0000002c 010c0000 80040004
21:45:58 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:45:58 ipsec,debug 02000038 02030401 7be06a5e 0000002c 010c0000 80040004 80060080 80050002
21:45:58 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 02000034 03030401
21:45:58 ipsec,debug 7be06a5e 00000028 01030000 80040004 80050002 80010001 00020004 00000e10
21:45:58 ipsec,debug 80010002 00020004 0003d090 02000034 04030401 7be06a5e 00000028 01020000
21:45:58 ipsec,debug 80040004 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:45:58 ipsec,debug 00000034 05030401 7be06a5e 00000028 010b0000 80040004 80050002 80010001
21:45:58 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=2(prop) len=56
21:45:58 ipsec,debug seen nptype=2(prop) len=56
21:45:58 ipsec,debug seen nptype=2(prop) len=52
21:45:58 ipsec,debug seen nptype=2(prop) len=52
21:45:58 ipsec,debug seen nptype=2(prop) len=52
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug proposal #1 len=56
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=44
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=44
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug proposal #2 len=56
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=44
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=44
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Key Length, flag=0x8000, lorv=128
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug proposal #3 len=52
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=40
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=40
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug proposal #4 len=52
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=40
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=40
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug proposal #5 len=52
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=40
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=40
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug pair 1:
21:45:58 ipsec,debug 0xdced0: next=0 tnext=0
21:45:58 ipsec,debug proposal #1: 1 transform
21:45:58 ipsec,debug pair 2:
21:45:58 ipsec,debug 0xab9e0: next=0 tnext=0
21:45:58 ipsec,debug proposal #2: 1 transform
21:45:58 ipsec,debug pair 3:
21:45:58 ipsec,debug 0xaba00: next=0 tnext=0
21:45:58 ipsec,debug proposal #3: 1 transform
21:45:58 ipsec,debug pair 4:
21:45:58 ipsec,debug 0xdc0b0: next=0 tnext=0
21:45:58 ipsec,debug proposal #4: 1 transform
21:45:58 ipsec,debug pair 5:
21:45:58 ipsec,debug 0xdc0d0: next=0 tnext=0
21:45:58 ipsec,debug proposal #5: 1 transform
21:45:58 ipsec,debug got the local address from ID payload 77.77.77.77[1701] prefixlen=32 ul_proto=17
21:45:58 ipsec,debug got the peer address from ID payload 192.168.0.34[1701] prefixlen=32 ul_proto=17
21:45:58 ipsec,debug updating policy address because of NAT in transport mode
21:45:58 ipsec,debug new local address 192.168.1.2[1701]
21:45:58 ipsec,debug new peer address 22.22.22.22[1701]
21:45:58 ipsec searching for policy for selector: 192.168.1.2:1701 ip-proto:17 <=> 22.22.22.22:1701 ip-proto:17
21:45:58 ipsec generating policy
21:45:58 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:45:58 ipsec,debug begin compare proposals.
21:45:58 ipsec,debug pair[1]: 0xdced0
21:45:58 ipsec,debug 0xdced0: next=0 tnext=0
21:45:58 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug peer's single bundle:
21:45:58 ipsec,debug (proto_id=ESP spisize=4 spi=7be06a5e spi_p=00000000 encmode=UDP-Transport reqid=0:0)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:45:58 ipsec,debug my single bundle:
21:45:58 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:45:58 ipsec Adjusting my encmode UDP-Transport->Transport
21:45:58 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
21:45:58 ipsec,debug matched
21:45:58 ipsec,debug ===
21:45:58 ipsec,debug call pfkey_send_getspi a4
21:45:58 ipsec,debug pfkey GETSPI sent: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500]
21:45:58 ipsec,debug pfkey getspi sent.
21:45:58 ipsec,debug total SA len=64
21:45:58 ipsec,debug 00000001 00000001 00000038 01030401 00000000 0000002c 010c0000 80040004
21:45:58 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=2(prop) len=56
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug proposal #1 len=56
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=44
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=44
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug pair 1:
21:45:58 ipsec,debug 0xd3de0: next=0 tnext=0
21:45:58 ipsec,debug proposal #1: 1 transform
21:45:58 ipsec,debug NAT-OAi:
21:45:58 ipsec,debug 01000000 4de7998d
21:45:58 ipsec,debug NAT-OAr:
21:45:58 ipsec,debug 01000000 c0a80102
21:45:58 ipsec,debug add payload of len 64, next type 10
21:45:58 ipsec,debug add payload of len 24, next type 5
21:45:58 ipsec,debug add payload of len 8, next type 5
21:45:58 ipsec,debug add payload of len 8, next type 21
21:45:58 ipsec,debug add payload of len 8, next type 21
21:45:58 ipsec,debug add payload of len 8, next type 0
21:45:58 ipsec,debug add payload of len 20, next type 1
21:45:58 ipsec,debug 204 bytes from 192.168.1.2[4500] to 22.22.22.22[4500]
21:45:58 ipsec,debug 1 times of 208 bytes message will be sent to 22.22.22.22[4500]
21:45:58 ipsec sent phase2 packet 192.168.1.2[4500]<=>22.22.22.22[4500] beacc1c439e4b8bc:1586750070ab08b6:00000000
21:45:58 ipsec,debug ===== received 60 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=8(hash) len=24
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug HASH(3) validate:
21:45:58 ipsec,debug 8ccdc12e 0056787e 3728777c f322d5b8 45954e8a
21:45:58 ipsec,debug ===
21:45:58 ipsec,debug encryption(aes-cbc)
21:45:58 ipsec,debug hmac(sha1)
21:45:58 ipsec,debug encklen=256 authklen=160
21:45:58 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:45:58 ipsec,debug generating K1...K4 for KEYMAT.
21:45:58 ipsec,debug fbbeb87f 1e3a7602 b5341bc9 a56d2e83 c5d19819 a8c5e1fb 90237604 cb418082
21:45:58 ipsec,debug d669bb56 1e44fc7a ff59c995 0cd5414b 4d7cf331 8dcca859 68539a94 b847e0ed
21:45:58 ipsec,debug 6a52267d 907f075a 31ba4b80 188f2062
21:45:58 ipsec,debug encryption(aes-cbc)
21:45:58 ipsec,debug hmac(sha1)
21:45:58 ipsec,debug encklen=256 authklen=160
21:45:58 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:45:58 ipsec,debug generating K1...K4 for KEYMAT.
21:45:58 ipsec,debug 0e8f3e4a 61db5ae5 0cd13b9f affbec9c a109baeb dabddb75 d67ae108 6a733d45
21:45:58 ipsec,debug 72f1d6d1 b3427c6d 735f005a 2a66a82e 08149654 58cc01cf 2a2b85d7 b0091406
21:45:58 ipsec,debug 9dbfd394 5edcaef1 efabb0fd 114d02de
21:45:58 ipsec,debug KEYMAT computed.
21:45:58 ipsec,debug call pk_sendupdate
21:45:58 ipsec,debug encryption(aes-cbc)
21:45:58 ipsec,debug hmac(sha1)
21:45:58 ipsec,debug call pfkey_send_update_nat
21:45:58 ipsec IPsec-SA established: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500] spi=0x7a241e9
21:45:58 ipsec,debug pfkey update sent.
21:45:58 ipsec,debug encryption(aes-cbc)
21:45:58 ipsec,debug hmac(sha1)
21:45:58 ipsec,debug call pfkey_send_add_nat
21:45:58 ipsec IPsec-SA established: ESP/Transport 192.168.1.2[4500]->22.22.22.22[4500] spi=0x7be06a5e
21:45:58 ipsec,debug pfkey add sent.
21:45:58 ipsec,debug ===== received 436 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:45:58 ipsec,debug hash(sha1)
21:45:58 ipsec,debug ===
21:45:58 ipsec respond new phase 2 negotiation: 192.168.1.2[4500]<=>22.22.22.22[4500]
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=8(hash) len=24
21:45:58 ipsec,debug seen nptype=1(sa) len=280
21:45:58 ipsec,debug seen nptype=10(nonce) len=52
21:45:58 ipsec,debug seen nptype=5(id) len=12
21:45:58 ipsec,debug seen nptype=5(id) len=12
21:45:58 ipsec,debug seen nptype=21(nat-oa) len=12
21:45:58 ipsec,debug seen nptype=21(nat-oa) len=12
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug received IDci2:
21:45:58 ipsec,debug 011106a5 c0a80022
21:45:58 ipsec,debug received IDcr2:
21:45:58 ipsec,debug 011106a5 02885697
21:45:58 ipsec,debug HASH(1) validate:
21:45:58 ipsec,debug 153264af 3bf30315 ef9bb5f3 4bb43e5d e0550fd3
21:45:58 ipsec,debug total SA len=276
21:45:58 ipsec,debug 00000001 00000001 02000038 01030401 f8db8f0c 0000002c 010c0000 80040004
21:45:58 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:45:58 ipsec,debug 02000038 02030401 f8db8f0c 0000002c 010c0000 80040004 80060080 80050002
21:45:58 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 02000034 03030401
21:45:58 ipsec,debug f8db8f0c 00000028 01030000 80040004 80050002 80010001 00020004 00000e10
21:45:58 ipsec,debug 80010002 00020004 0003d090 02000034 04030401 f8db8f0c 00000028 01020000
21:45:58 ipsec,debug 80040004 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:45:58 ipsec,debug 00000034 05030401 f8db8f0c 00000028 010b0000 80040004 80050002 80010001
21:45:58 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=2(prop) len=56
21:45:58 ipsec,debug seen nptype=2(prop) len=56
21:45:58 ipsec,debug seen nptype=2(prop) len=52
21:45:58 ipsec,debug seen nptype=2(prop) len=52
21:45:58 ipsec,debug seen nptype=2(prop) len=52
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug proposal #1 len=56
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=44
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=44
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug proposal #2 len=56
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=44
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=44
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Key Length, flag=0x8000, lorv=128
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug proposal #3 len=52
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=40
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=40
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug proposal #4 len=52
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=40
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=40
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug proposal #5 len=52
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=40
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=40
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug pair 1:
21:45:58 ipsec,debug 0xacfe0: next=0 tnext=0
21:45:58 ipsec,debug proposal #1: 1 transform
21:45:58 ipsec,debug pair 2:
21:45:58 ipsec,debug 0xad000: next=0 tnext=0
21:45:58 ipsec,debug proposal #2: 1 transform
21:45:58 ipsec,debug pair 3:
21:45:58 ipsec,debug 0xe4390: next=0 tnext=0
21:45:58 ipsec,debug proposal #3: 1 transform
21:45:58 ipsec,debug pair 4:
21:45:58 ipsec,debug 0x9e2d0: next=0 tnext=0
21:45:58 ipsec,debug proposal #4: 1 transform
21:45:58 ipsec,debug pair 5:
21:45:58 ipsec,debug 0x9e2f0: next=0 tnext=0
21:45:58 ipsec,debug proposal #5: 1 transform
21:45:58 ipsec,debug got the local address from ID payload 77.77.77.77[1701] prefixlen=32 ul_proto=17
21:45:58 ipsec,debug got the peer address from ID payload 192.168.0.34[1701] prefixlen=32 ul_proto=17
21:45:58 ipsec,debug updating policy address because of NAT in transport mode
21:45:58 ipsec,debug new local address 192.168.1.2[1701]
21:45:58 ipsec,debug new peer address 22.22.22.22[1701]
21:45:58 ipsec searching for policy for selector: 192.168.1.2:1701 ip-proto:17 <=> 22.22.22.22:1701 ip-proto:17
21:45:58 ipsec using strict match: 192.168.1.2:1701 <=> 22.22.22.22:1701 ip-proto:17
21:45:58 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:45:58 ipsec,debug begin compare proposals.
21:45:58 ipsec,debug pair[1]: 0xacfe0
21:45:58 ipsec,debug 0xacfe0: next=0 tnext=0
21:45:58 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug peer's single bundle:
21:45:58 ipsec,debug (proto_id=ESP spisize=4 spi=f8db8f0c spi_p=00000000 encmode=UDP-Transport reqid=0:0)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:45:58 ipsec,debug my single bundle:
21:45:58 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:45:58 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:45:58 ipsec Adjusting my encmode UDP-Transport->Transport
21:45:58 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
21:45:58 ipsec,debug matched
21:45:58 ipsec,debug ===
21:45:58 ipsec,debug call pfkey_send_getspi a6
21:45:58 ipsec,debug pfkey GETSPI sent: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500]
21:45:58 ipsec,debug pfkey getspi sent.
21:45:58 ipsec,debug total SA len=64
21:45:58 ipsec,debug 00000001 00000001 00000038 01030401 00000000 0000002c 010c0000 80040004
21:45:58 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=2(prop) len=56
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug proposal #1 len=56
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=3(trns) len=44
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug transform #1 len=44
21:45:58 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:45:58 ipsec,debug UDP encapsulation requested
21:45:58 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:45:58 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:45:58 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:45:58 ipsec,debug pair 1:
21:45:58 ipsec,debug 0xdcdf0: next=0 tnext=0
21:45:58 ipsec,debug proposal #1: 1 transform
21:45:58 ipsec,debug NAT-OAi:
21:45:58 ipsec,debug 01000000 4de7998d
21:45:58 ipsec,debug NAT-OAr:
21:45:58 ipsec,debug 01000000 c0a80102
21:45:58 ipsec,debug add payload of len 64, next type 10
21:45:58 ipsec,debug add payload of len 24, next type 5
21:45:58 ipsec,debug add payload of len 8, next type 5
21:45:58 ipsec,debug add payload of len 8, next type 21
21:45:58 ipsec,debug add payload of len 8, next type 21
21:45:58 ipsec,debug add payload of len 8, next type 0
21:45:58 ipsec,debug add payload of len 20, next type 1
21:45:58 ipsec,debug 204 bytes from 192.168.1.2[4500] to 22.22.22.22[4500]
21:45:58 ipsec,debug 1 times of 208 bytes message will be sent to 22.22.22.22[4500]
21:45:58 ipsec sent phase2 packet 192.168.1.2[4500]<=>22.22.22.22[4500] beacc1c439e4b8bc:1586750070ab08b6:00000000
21:45:58 ipsec,debug ===== received 60 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=8(hash) len=24
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug HASH(3) validate:
21:45:58 ipsec,debug 5367d7d5 8ba4b0d8 b17a2483 6f0ad64f 8800c293
21:45:58 ipsec,debug ===
21:45:58 ipsec,debug encryption(aes-cbc)
21:45:58 ipsec,debug hmac(sha1)
21:45:58 ipsec,debug encklen=256 authklen=160
21:45:58 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:45:58 ipsec,debug generating K1...K4 for KEYMAT.
21:45:58 ipsec,debug 8a6b5af6 8c4cb7a6 34754a93 84495750 b3bde499 592fc23b 535cf87d cbae7c07
21:45:58 ipsec,debug 1dc1df0c 676868ff 1e78f594 c61b1fae 7dee1825 ff0ba158 963a76bb baccbf8f
21:45:58 ipsec,debug 68413861 74558485 ad3e3b55 424edad0
21:45:58 ipsec,debug encryption(aes-cbc)
21:45:58 ipsec,debug hmac(sha1)
21:45:58 ipsec,debug encklen=256 authklen=160
21:45:58 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:45:58 ipsec,debug generating K1...K4 for KEYMAT.
21:45:58 ipsec,debug 29a2c980 8e580f0a e7d6bd37 e2696348 c25b17fb 77015b6c 29214e28 71b7685e
21:45:58 ipsec,debug 93361b6e 88a97621 ef68af29 3924f134 b7821847 fe749959 0ac45463 5cb7c5ee
21:45:58 ipsec,debug 183df853 d360c18d 154331db 449bf4ba
21:45:58 ipsec,debug KEYMAT computed.
21:45:58 ipsec,debug call pk_sendupdate
21:45:58 ipsec,debug encryption(aes-cbc)
21:45:58 ipsec,debug hmac(sha1)
21:45:58 ipsec,debug call pfkey_send_update_nat
21:45:58 ipsec IPsec-SA established: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500] spi=0xb63a000
21:45:58 ipsec,debug pfkey update sent.
21:45:58 ipsec,debug encryption(aes-cbc)
21:45:58 ipsec,debug hmac(sha1)
21:45:58 ipsec,debug call pfkey_send_add_nat
21:45:58 ipsec IPsec-SA established: ESP/Transport 192.168.1.2[4500]->22.22.22.22[4500] spi=0xf8db8f0c
21:45:58 ipsec,debug pfkey add sent.
21:45:58 ipsec,debug ===== received 76 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:45:58 ipsec,debug receive Information.
21:45:58 ipsec,debug hash(sha1)
21:45:58 ipsec,debug hash validated.
21:45:58 ipsec,debug begin.
21:45:58 ipsec,debug seen nptype=8(hash) len=24
21:45:58 ipsec,debug seen nptype=12(delete) len=16
21:45:58 ipsec,debug succeed.
21:45:58 ipsec,debug 22.22.22.22 delete payload for protocol ESP
21:45:58 ipsec purged IPsec-SA proto_id=ESP spi=0x7be06a5e
21:45:58 ipsec purged IPsec-SA proto_id=ESP spi=0x7a241e9
21:45:58 ipsec,debug purged SAs.
21:46:00 ipsec,debug KA: 192.168.1.2[4500]->22.22.22.22[4500]
21:46:00 ipsec,debug 1 times of 1 bytes message will be sent to 22.22.22.22[4500]
21:46:01 ipsec,debug ===== received 436 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:01 ipsec,debug hash(sha1)
21:46:01 ipsec,debug ===
21:46:01 ipsec respond new phase 2 negotiation: 192.168.1.2[4500]<=>22.22.22.22[4500]
21:46:01 ipsec,debug begin.
21:46:01 ipsec,debug seen nptype=8(hash) len=24
21:46:01 ipsec,debug seen nptype=1(sa) len=280
21:46:01 ipsec,debug seen nptype=10(nonce) len=52
21:46:01 ipsec,debug seen nptype=5(id) len=12
21:46:01 ipsec,debug seen nptype=5(id) len=12
21:46:01 ipsec,debug seen nptype=21(nat-oa) len=12
21:46:01 ipsec,debug seen nptype=21(nat-oa) len=12
21:46:01 ipsec,debug succeed.
21:46:01 ipsec,debug received IDci2:
21:46:01 ipsec,debug 011106a5 c0a80022
21:46:01 ipsec,debug received IDcr2:
21:46:01 ipsec,debug 011106a5 02885697
21:46:01 ipsec,debug HASH(1) validate:
21:46:01 ipsec,debug d40348f2 bf3480d2 15e0b422 02f8db29 1235dc59
21:46:01 ipsec,debug total SA len=276
21:46:01 ipsec,debug 00000001 00000001 02000038 01030401 c9571872 0000002c 010c0000 80040004
21:46:01 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:01 ipsec,debug 02000038 02030401 c9571872 0000002c 010c0000 80040004 80060080 80050002
21:46:01 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 02000034 03030401
21:46:01 ipsec,debug c9571872 00000028 01030000 80040004 80050002 80010001 00020004 00000e10
21:46:01 ipsec,debug 80010002 00020004 0003d090 02000034 04030401 c9571872 00000028 01020000
21:46:01 ipsec,debug 80040004 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:01 ipsec,debug 00000034 05030401 c9571872 00000028 010b0000 80040004 80050002 80010001
21:46:01 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090
21:46:01 ipsec,debug begin.
21:46:01 ipsec,debug seen nptype=2(prop) len=56
21:46:01 ipsec,debug seen nptype=2(prop) len=56
21:46:01 ipsec,debug seen nptype=2(prop) len=52
21:46:01 ipsec,debug seen nptype=2(prop) len=52
21:46:01 ipsec,debug seen nptype=2(prop) len=52
21:46:01 ipsec,debug succeed.
21:46:01 ipsec,debug proposal #1 len=56
21:46:01 ipsec,debug begin.
21:46:01 ipsec,debug seen nptype=3(trns) len=44
21:46:01 ipsec,debug succeed.
21:46:01 ipsec,debug transform #1 len=44
21:46:01 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:01 ipsec,debug UDP encapsulation requested
21:46:01 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:01 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug proposal #2 len=56
21:46:01 ipsec,debug begin.
21:46:01 ipsec,debug seen nptype=3(trns) len=44
21:46:01 ipsec,debug succeed.
21:46:01 ipsec,debug transform #1 len=44
21:46:01 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:01 ipsec,debug UDP encapsulation requested
21:46:01 ipsec,debug type=Key Length, flag=0x8000, lorv=128
21:46:01 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug proposal #3 len=52
21:46:01 ipsec,debug begin.
21:46:01 ipsec,debug seen nptype=3(trns) len=40
21:46:01 ipsec,debug succeed.
21:46:01 ipsec,debug transform #1 len=40
21:46:01 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:01 ipsec,debug UDP encapsulation requested
21:46:01 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug proposal #4 len=52
21:46:01 ipsec,debug begin.
21:46:01 ipsec,debug seen nptype=3(trns) len=40
21:46:01 ipsec,debug succeed.
21:46:01 ipsec,debug transform #1 len=40
21:46:01 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:01 ipsec,debug UDP encapsulation requested
21:46:01 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug proposal #5 len=52
21:46:01 ipsec,debug begin.
21:46:01 ipsec,debug seen nptype=3(trns) len=40
21:46:01 ipsec,debug succeed.
21:46:01 ipsec,debug transform #1 len=40
21:46:01 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:01 ipsec,debug UDP encapsulation requested
21:46:01 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug pair 1:
21:46:01 ipsec,debug 0x9e6b0: next=0 tnext=0
21:46:01 ipsec,debug proposal #1: 1 transform
21:46:01 ipsec,debug pair 2:
21:46:01 ipsec,debug 0xd1610: next=0 tnext=0
21:46:01 ipsec,debug proposal #2: 1 transform
21:46:01 ipsec,debug pair 3:
21:46:01 ipsec,debug 0xd1630: next=0 tnext=0
21:46:01 ipsec,debug proposal #3: 1 transform
21:46:01 ipsec,debug pair 4:
21:46:01 ipsec,debug 0xd84a0: next=0 tnext=0
21:46:01 ipsec,debug proposal #4: 1 transform
21:46:01 ipsec,debug pair 5:
21:46:01 ipsec,debug 0xdc640: next=0 tnext=0
21:46:01 ipsec,debug proposal #5: 1 transform
21:46:01 ipsec,debug got the local address from ID payload 77.77.77.77[1701] prefixlen=32 ul_proto=17
21:46:01 ipsec,debug got the peer address from ID payload 192.168.0.34[1701] prefixlen=32 ul_proto=17
21:46:01 ipsec,debug updating policy address because of NAT in transport mode
21:46:01 ipsec,debug new local address 192.168.1.2[1701]
21:46:01 ipsec,debug new peer address 22.22.22.22[1701]
21:46:01 ipsec searching for policy for selector: 192.168.1.2:1701 ip-proto:17 <=> 22.22.22.22:1701 ip-proto:17
21:46:01 ipsec using strict match: 192.168.1.2:1701 <=> 22.22.22.22:1701 ip-proto:17
21:46:01 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:46:01 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:01 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:46:01 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:46:01 ipsec,debug begin compare proposals.
21:46:01 ipsec,debug pair[1]: 0x9e6b0
21:46:01 ipsec,debug 0x9e6b0: next=0 tnext=0
21:46:01 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC
21:46:01 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:01 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:01 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug peer's single bundle:
21:46:01 ipsec,debug (proto_id=ESP spisize=4 spi=c9571872 spi_p=00000000 encmode=UDP-Transport reqid=0:0)
21:46:01 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:01 ipsec,debug my single bundle:
21:46:01 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:46:01 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:01 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:46:01 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:46:01 ipsec Adjusting my encmode UDP-Transport->Transport
21:46:01 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
21:46:01 ipsec,debug matched
21:46:01 ipsec,debug ===
21:46:01 ipsec,debug call pfkey_send_getspi a7
21:46:01 ipsec,debug pfkey GETSPI sent: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500]
21:46:01 ipsec,debug pfkey getspi sent.
21:46:01 ipsec,debug total SA len=64
21:46:01 ipsec,debug 00000001 00000001 00000038 01030401 00000000 0000002c 010c0000 80040004
21:46:01 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:01 ipsec,debug begin.
21:46:01 ipsec,debug seen nptype=2(prop) len=56
21:46:01 ipsec,debug succeed.
21:46:01 ipsec,debug proposal #1 len=56
21:46:01 ipsec,debug begin.
21:46:01 ipsec,debug seen nptype=3(trns) len=44
21:46:01 ipsec,debug succeed.
21:46:01 ipsec,debug transform #1 len=44
21:46:01 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:01 ipsec,debug UDP encapsulation requested
21:46:01 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:01 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:01 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:01 ipsec,debug pair 1:
21:46:01 ipsec,debug 0xd5a50: next=0 tnext=0
21:46:01 ipsec,debug proposal #1: 1 transform
21:46:01 ipsec,debug NAT-OAi:
21:46:01 ipsec,debug 01000000 4de7998d
21:46:01 ipsec,debug NAT-OAr:
21:46:01 ipsec,debug 01000000 c0a80102
21:46:01 ipsec,debug add payload of len 64, next type 10
21:46:01 ipsec,debug add payload of len 24, next type 5
21:46:01 ipsec,debug add payload of len 8, next type 5
21:46:01 ipsec,debug add payload of len 8, next type 21
21:46:01 ipsec,debug add payload of len 8, next type 21
21:46:01 ipsec,debug add payload of len 8, next type 0
21:46:01 ipsec,debug add payload of len 20, next type 1
21:46:01 ipsec,debug 204 bytes from 192.168.1.2[4500] to 22.22.22.22[4500]
21:46:01 ipsec,debug 1 times of 208 bytes message will be sent to 22.22.22.22[4500]
21:46:01 ipsec sent phase2 packet 192.168.1.2[4500]<=>22.22.22.22[4500] beacc1c439e4b8bc:1586750070ab08b6:00000000
21:46:01 ipsec,debug ===== received 60 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:01 ipsec,debug begin.
21:46:01 ipsec,debug seen nptype=8(hash) len=24
21:46:01 ipsec,debug succeed.
21:46:01 ipsec,debug HASH(3) validate:
21:46:01 ipsec,debug 129b574d 5bcee3df c199908a 496d51ff 523356f9
21:46:01 ipsec,debug ===
21:46:01 ipsec,debug encryption(aes-cbc)
21:46:01 ipsec,debug hmac(sha1)
21:46:01 ipsec,debug encklen=256 authklen=160
21:46:01 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:46:01 ipsec,debug generating K1...K4 for KEYMAT.
21:46:01 ipsec,debug 66a8765b a6d4157e 8c423fc8 a46dec5b aa76c254 aff5eb56 8fdc60b9 9053ea10
21:46:01 ipsec,debug d1af46c0 b7bacd5a d0077730 57b94f74 cc5d0c1b d52bec5d 74127912 e9912399
21:46:01 ipsec,debug 7019bfc9 100a090f 81ba6e67 9a81cf1a
21:46:01 ipsec,debug encryption(aes-cbc)
21:46:01 ipsec,debug hmac(sha1)
21:46:01 ipsec,debug encklen=256 authklen=160
21:46:01 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:46:01 ipsec,debug generating K1...K4 for KEYMAT.
21:46:01 ipsec,debug 6c28c9d3 1d7ee49f 36acde1e b18ad82c e586d842 5e56f5dc 00c23d45 f8378683
21:46:01 ipsec,debug 18096e58 7fbdaae1 608649d5 0fbb94fd 5d717df9 64e8615e cb293f76 dfb6e929
21:46:01 ipsec,debug cdd90be2 84022bd5 9a4200dd 5460ad1a
21:46:01 ipsec,debug KEYMAT computed.
21:46:01 ipsec,debug call pk_sendupdate
21:46:01 ipsec,debug encryption(aes-cbc)
21:46:01 ipsec,debug hmac(sha1)
21:46:01 ipsec,debug call pfkey_send_update_nat
21:46:01 ipsec IPsec-SA established: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500] spi=0x990261a
21:46:01 ipsec,debug pfkey update sent.
21:46:01 ipsec,debug encryption(aes-cbc)
21:46:01 ipsec,debug hmac(sha1)
21:46:01 ipsec,debug call pfkey_send_add_nat
21:46:01 ipsec IPsec-SA established: ESP/Transport 192.168.1.2[4500]->22.22.22.22[4500] spi=0xc9571872
21:46:01 ipsec,debug pfkey add sent.
21:46:01 ipsec,debug ===== received 76 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:01 ipsec,debug receive Information.
21:46:01 ipsec,debug hash(sha1)
21:46:01 ipsec,debug hash validated.
21:46:01 ipsec,debug begin.
21:46:01 ipsec,debug seen nptype=8(hash) len=24
21:46:01 ipsec,debug seen nptype=12(delete) len=16
21:46:01 ipsec,debug succeed.
21:46:01 ipsec,debug 22.22.22.22 delete payload for protocol ESP
21:46:01 ipsec purged IPsec-SA proto_id=ESP spi=0xf8db8f0c
21:46:01 ipsec purged IPsec-SA proto_id=ESP spi=0xb63a000
21:46:01 ipsec,debug purged SAs.
21:46:02 l2tp,debug,packet sent control message to 2.136.230.221:1701 from 192.168.1.2:1701
21:46:02 l2tp,debug,packet proto version 2, tunnel-id=42, session-id=0, ns=2989, nr=2991
21:46:02 l2tp,debug,packet (M) Message-Type=HELLO
21:46:02 l2tp,debug,packet rcvd control message from 2.136.230.221:1701 to 192.168.1.2:1701
21:46:02 l2tp,debug,packet proto version 2, tunnel-id=1, session-id=0, ns=2991, nr=2989
21:46:02 l2tp,debug,packet (M) Message-Type=HELLO
21:46:02 l2tp,debug,packet sent control message (ack) to 2.136.230.221:1701 from 192.168.1.2:1701
21:46:02 l2tp,debug,packet proto version 2, tunnel-id=42, session-id=0, ns=2990, nr=2992
21:46:02 l2tp,debug,packet rcvd control message (ack) from 2.136.230.221:1701 to 192.168.1.2:1701
21:46:02 l2tp,debug,packet proto version 2, tunnel-id=1, session-id=0, ns=2992, nr=2990
21:46:02 ipsec,debug 2.136.230.221 DPD monitoring....
21:46:02 ipsec,debug hash(sha1)
21:46:02 ipsec,debug 92 bytes from 192.168.1.2[4500] to 2.136.230.221[4500]
21:46:02 ipsec,debug 1 times of 96 bytes message will be sent to 2.136.230.221[4500]
21:46:02 ipsec,debug sendto Information notify.
21:46:02 ipsec,debug 2.136.230.221 DPD R-U-There sent (0)
21:46:02 ipsec,debug 2.136.230.221 rescheduling send_r_u (5).
21:46:02 ipsec,debug ===== received 92 bytes from 2.136.230.221[4500] to 192.168.1.2[4500]
21:46:02 ipsec,debug receive Information.
21:46:02 ipsec,debug hash(sha1)
21:46:02 ipsec,debug hash validated.
21:46:02 ipsec,debug begin.
21:46:02 ipsec,debug seen nptype=8(hash) len=24
21:46:02 ipsec,debug seen nptype=11(notify) len=32
21:46:02 ipsec,debug succeed.
21:46:02 ipsec,debug 2.136.230.221 notify: R_U_THERE_ACK
21:46:02 ipsec,debug 2.136.230.221 DPD R-U-There-Ack received
21:46:02 ipsec,debug received an R-U-THERE-ACK
21:46:02 ipsec,debug ===== received 92 bytes from 2.136.230.221[4500] to 192.168.1.2[4500]
21:46:02 ipsec,debug receive Information.
21:46:02 ipsec,debug hash(sha1)
21:46:02 ipsec,debug hash validated.
21:46:02 ipsec,debug begin.
21:46:02 ipsec,debug seen nptype=8(hash) len=24
21:46:02 ipsec,debug seen nptype=11(notify) len=32
21:46:02 ipsec,debug succeed.
21:46:02 ipsec,debug 2.136.230.221 notify: R_U_THERE
21:46:02 ipsec,debug 2.136.230.221 DPD R-U-There received
21:46:02 ipsec,debug hash(sha1)
21:46:02 ipsec,debug 92 bytes from 192.168.1.2[4500] to 2.136.230.221[4500]
21:46:02 ipsec,debug 1 times of 96 bytes message will be sent to 2.136.230.221[4500]
21:46:02 ipsec,debug sendto Information notify.
21:46:02 ipsec,debug received a valid R-U-THERE, ACK sent
21:46:05 ipsec,debug ===== received 436 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:05 ipsec,debug hash(sha1)
21:46:05 ipsec,debug ===
21:46:05 ipsec respond new phase 2 negotiation: 192.168.1.2[4500]<=>22.22.22.22[4500]
21:46:05 ipsec,debug begin.
21:46:05 ipsec,debug seen nptype=8(hash) len=24
21:46:05 ipsec,debug seen nptype=1(sa) len=280
21:46:05 ipsec,debug seen nptype=10(nonce) len=52
21:46:05 ipsec,debug seen nptype=5(id) len=12
21:46:05 ipsec,debug seen nptype=5(id) len=12
21:46:05 ipsec,debug seen nptype=21(nat-oa) len=12
21:46:05 ipsec,debug seen nptype=21(nat-oa) len=12
21:46:05 ipsec,debug succeed.
21:46:05 ipsec,debug received IDci2:
21:46:05 ipsec,debug 011106a5 c0a80022
21:46:05 ipsec,debug received IDcr2:
21:46:05 ipsec,debug 011106a5 02885697
21:46:05 ipsec,debug HASH(1) validate:
21:46:05 ipsec,debug df1a2269 6e8823ad c44c2480 2441e1c3 d5e2a82b
21:46:05 ipsec,debug total SA len=276
21:46:05 ipsec,debug 00000001 00000001 02000038 01030401 473d8b10 0000002c 010c0000 80040004
21:46:05 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:05 ipsec,debug 02000038 02030401 473d8b10 0000002c 010c0000 80040004 80060080 80050002
21:46:05 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 02000034 03030401
21:46:05 ipsec,debug 473d8b10 00000028 01030000 80040004 80050002 80010001 00020004 00000e10
21:46:05 ipsec,debug 80010002 00020004 0003d090 02000034 04030401 473d8b10 00000028 01020000
21:46:05 ipsec,debug 80040004 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:05 ipsec,debug 00000034 05030401 473d8b10 00000028 010b0000 80040004 80050002 80010001
21:46:05 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090
21:46:05 ipsec,debug begin.
21:46:05 ipsec,debug seen nptype=2(prop) len=56
21:46:05 ipsec,debug seen nptype=2(prop) len=56
21:46:05 ipsec,debug seen nptype=2(prop) len=52
21:46:05 ipsec,debug seen nptype=2(prop) len=52
21:46:05 ipsec,debug seen nptype=2(prop) len=52
21:46:05 ipsec,debug succeed.
21:46:05 ipsec,debug proposal #1 len=56
21:46:05 ipsec,debug begin.
21:46:05 ipsec,debug seen nptype=3(trns) len=44
21:46:05 ipsec,debug succeed.
21:46:05 ipsec,debug transform #1 len=44
21:46:05 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:05 ipsec,debug UDP encapsulation requested
21:46:05 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:05 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug proposal #2 len=56
21:46:05 ipsec,debug begin.
21:46:05 ipsec,debug seen nptype=3(trns) len=44
21:46:05 ipsec,debug succeed.
21:46:05 ipsec,debug transform #1 len=44
21:46:05 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:05 ipsec,debug UDP encapsulation requested
21:46:05 ipsec,debug type=Key Length, flag=0x8000, lorv=128
21:46:05 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug proposal #3 len=52
21:46:05 ipsec,debug begin.
21:46:05 ipsec,debug seen nptype=3(trns) len=40
21:46:05 ipsec,debug succeed.
21:46:05 ipsec,debug transform #1 len=40
21:46:05 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:05 ipsec,debug UDP encapsulation requested
21:46:05 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug proposal #4 len=52
21:46:05 ipsec,debug begin.
21:46:05 ipsec,debug seen nptype=3(trns) len=40
21:46:05 ipsec,debug succeed.
21:46:05 ipsec,debug transform #1 len=40
21:46:05 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:05 ipsec,debug UDP encapsulation requested
21:46:05 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug proposal #5 len=52
21:46:05 ipsec,debug begin.
21:46:05 ipsec,debug seen nptype=3(trns) len=40
21:46:05 ipsec,debug succeed.
21:46:05 ipsec,debug transform #1 len=40
21:46:05 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:05 ipsec,debug UDP encapsulation requested
21:46:05 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug pair 1:
21:46:05 ipsec,debug 0xdff40: next=0 tnext=0
21:46:05 ipsec,debug proposal #1: 1 transform
21:46:05 ipsec,debug pair 2:
21:46:05 ipsec,debug 0xd85d0: next=0 tnext=0
21:46:05 ipsec,debug proposal #2: 1 transform
21:46:05 ipsec,debug pair 3:
21:46:05 ipsec,debug 0xd85f0: next=0 tnext=0
21:46:05 ipsec,debug proposal #3: 1 transform
21:46:05 ipsec,debug pair 4:
21:46:05 ipsec,debug 0xd8610: next=0 tnext=0
21:46:05 ipsec,debug proposal #4: 1 transform
21:46:05 ipsec,debug pair 5:
21:46:05 ipsec,debug 0xd5b60: next=0 tnext=0
21:46:05 ipsec,debug proposal #5: 1 transform
21:46:05 ipsec,debug got the local address from ID payload 77.77.77.77[1701] prefixlen=32 ul_proto=17
21:46:05 ipsec,debug got the peer address from ID payload 192.168.0.34[1701] prefixlen=32 ul_proto=17
21:46:05 ipsec,debug updating policy address because of NAT in transport mode
21:46:05 ipsec,debug new local address 192.168.1.2[1701]
21:46:05 ipsec,debug new peer address 22.22.22.22[1701]
21:46:05 ipsec searching for policy for selector: 192.168.1.2:1701 ip-proto:17 <=> 22.22.22.22:1701 ip-proto:17
21:46:05 ipsec using strict match: 192.168.1.2:1701 <=> 22.22.22.22:1701 ip-proto:17
21:46:05 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:46:05 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:05 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:46:05 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:46:05 ipsec,debug begin compare proposals.
21:46:05 ipsec,debug pair[1]: 0xdff40
21:46:05 ipsec,debug 0xdff40: next=0 tnext=0
21:46:05 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC
21:46:05 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:05 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:05 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug peer's single bundle:
21:46:05 ipsec,debug (proto_id=ESP spisize=4 spi=473d8b10 spi_p=00000000 encmode=UDP-Transport reqid=0:0)
21:46:05 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:05 ipsec,debug my single bundle:
21:46:05 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:46:05 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:05 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:46:05 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:46:05 ipsec Adjusting my encmode UDP-Transport->Transport
21:46:05 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
21:46:05 ipsec,debug matched
21:46:05 ipsec,debug ===
21:46:05 ipsec,debug call pfkey_send_getspi a8
21:46:05 ipsec,debug pfkey GETSPI sent: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500]
21:46:05 ipsec,debug pfkey getspi sent.
21:46:05 ipsec,debug total SA len=64
21:46:05 ipsec,debug 00000001 00000001 00000038 01030401 00000000 0000002c 010c0000 80040004
21:46:05 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:05 ipsec,debug begin.
21:46:05 ipsec,debug seen nptype=2(prop) len=56
21:46:05 ipsec,debug succeed.
21:46:05 ipsec,debug proposal #1 len=56
21:46:05 ipsec,debug begin.
21:46:05 ipsec,debug seen nptype=3(trns) len=44
21:46:05 ipsec,debug succeed.
21:46:05 ipsec,debug transform #1 len=44
21:46:05 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:05 ipsec,debug UDP encapsulation requested
21:46:05 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:05 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:05 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:05 ipsec,debug pair 1:
21:46:05 ipsec,debug 0xd85f0: next=0 tnext=0
21:46:05 ipsec,debug proposal #1: 1 transform
21:46:05 ipsec,debug NAT-OAi:
21:46:05 ipsec,debug 01000000 4de7998d
21:46:05 ipsec,debug NAT-OAr:
21:46:05 ipsec,debug 01000000 c0a80102
21:46:05 ipsec,debug add payload of len 64, next type 10
21:46:05 ipsec,debug add payload of len 24, next type 5
21:46:05 ipsec,debug add payload of len 8, next type 5
21:46:05 ipsec,debug add payload of len 8, next type 21
21:46:05 ipsec,debug add payload of len 8, next type 21
21:46:05 ipsec,debug add payload of len 8, next type 0
21:46:05 ipsec,debug add payload of len 20, next type 1
21:46:05 ipsec,debug 204 bytes from 192.168.1.2[4500] to 22.22.22.22[4500]
21:46:05 ipsec,debug 1 times of 208 bytes message will be sent to 22.22.22.22[4500]
21:46:05 ipsec sent phase2 packet 192.168.1.2[4500]<=>22.22.22.22[4500] beacc1c439e4b8bc:1586750070ab08b6:00000000
21:46:05 ipsec,debug ===== received 60 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:05 ipsec,debug begin.
21:46:05 ipsec,debug seen nptype=8(hash) len=24
21:46:05 ipsec,debug succeed.
21:46:05 ipsec,debug HASH(3) validate:
21:46:05 ipsec,debug 96d540a0 bb0630f8 1e65998f 11e79286 41436a90
21:46:05 ipsec,debug ===
21:46:05 ipsec,debug encryption(aes-cbc)
21:46:05 ipsec,debug hmac(sha1)
21:46:05 ipsec,debug encklen=256 authklen=160
21:46:05 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:46:05 ipsec,debug generating K1...K4 for KEYMAT.
21:46:05 ipsec,debug 0b8a158f dde23d93 5a2e5c9e 768a93bc 4b9cf905 3eed61ce cdc631e5 db28eaff
21:46:05 ipsec,debug 29911761 3605c2f8 c6b8033e bf54a73f efe75a98 652760b5 65020671 a2742aca
21:46:05 ipsec,debug 0ca37764 1ca83619 a0b4f9af 3299079f
21:46:05 ipsec,debug encryption(aes-cbc)
21:46:05 ipsec,debug hmac(sha1)
21:46:05 ipsec,debug encklen=256 authklen=160
21:46:05 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:46:05 ipsec,debug generating K1...K4 for KEYMAT.
21:46:05 ipsec,debug 48470be7 b4da303f 64902274 b5219973 35f97165 4a2fa7e8 d94dc3a1 e602868e
21:46:05 ipsec,debug 9796756f 522ba5d6 c9b472c3 91cd9330 c1b19899 3a728679 16cd6824 d912b937
21:46:05 ipsec,debug 84d395ee 3152c872 9d5a6323 0e129478
21:46:05 ipsec,debug KEYMAT computed.
21:46:05 ipsec,debug call pk_sendupdate
21:46:05 ipsec,debug encryption(aes-cbc)
21:46:05 ipsec,debug hmac(sha1)
21:46:05 ipsec,debug call pfkey_send_update_nat
21:46:05 ipsec IPsec-SA established: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500] spi=0xc181f65
21:46:05 ipsec,debug pfkey update sent.
21:46:05 ipsec,debug encryption(aes-cbc)
21:46:05 ipsec,debug hmac(sha1)
21:46:05 ipsec,debug call pfkey_send_add_nat
21:46:05 ipsec IPsec-SA established: ESP/Transport 192.168.1.2[4500]->22.22.22.22[4500] spi=0x473d8b10
21:46:05 ipsec,debug pfkey add sent.
21:46:05 ipsec,debug ===== received 76 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:05 ipsec,debug receive Information.
21:46:05 ipsec,debug hash(sha1)
21:46:05 ipsec,debug hash validated.
21:46:05 ipsec,debug begin.
21:46:05 ipsec,debug seen nptype=8(hash) len=24
21:46:05 ipsec,debug seen nptype=12(delete) len=16
21:46:05 ipsec,debug succeed.
21:46:05 ipsec,debug 22.22.22.22 delete payload for protocol ESP
21:46:05 ipsec purged IPsec-SA proto_id=ESP spi=0xc9571872
21:46:05 ipsec purged IPsec-SA proto_id=ESP spi=0x990261a
21:46:05 ipsec,debug purged SAs.
21:46:13 ipsec,debug ===== received 436 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:13 ipsec,debug hash(sha1)
21:46:13 ipsec,debug ===
21:46:13 ipsec respond new phase 2 negotiation: 192.168.1.2[4500]<=>22.22.22.22[4500]
21:46:13 ipsec,debug begin.
21:46:13 ipsec,debug seen nptype=8(hash) len=24
21:46:13 ipsec,debug seen nptype=1(sa) len=280
21:46:13 ipsec,debug seen nptype=10(nonce) len=52
21:46:13 ipsec,debug seen nptype=5(id) len=12
21:46:13 ipsec,debug seen nptype=5(id) len=12
21:46:13 ipsec,debug seen nptype=21(nat-oa) len=12
21:46:13 ipsec,debug seen nptype=21(nat-oa) len=12
21:46:13 ipsec,debug succeed.
21:46:13 ipsec,debug received IDci2:
21:46:13 ipsec,debug 011106a5 c0a80022
21:46:13 ipsec,debug received IDcr2:
21:46:13 ipsec,debug 011106a5 02885697
21:46:13 ipsec,debug HASH(1) validate:
21:46:13 ipsec,debug a96f6dc8 293ac6ee 05ab1dc2 121fa6bd e5634b08
21:46:13 ipsec,debug total SA len=276
21:46:13 ipsec,debug 00000001 00000001 02000038 01030401 533d033a 0000002c 010c0000 80040004
21:46:13 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:13 ipsec,debug 02000038 02030401 533d033a 0000002c 010c0000 80040004 80060080 80050002
21:46:13 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 02000034 03030401
21:46:13 ipsec,debug 533d033a 00000028 01030000 80040004 80050002 80010001 00020004 00000e10
21:46:13 ipsec,debug 80010002 00020004 0003d090 02000034 04030401 533d033a 00000028 01020000
21:46:13 ipsec,debug 80040004 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:13 ipsec,debug 00000034 05030401 533d033a 00000028 010b0000 80040004 80050002 80010001
21:46:13 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090
21:46:13 ipsec,debug begin.
21:46:13 ipsec,debug seen nptype=2(prop) len=56
21:46:13 ipsec,debug seen nptype=2(prop) len=56
21:46:13 ipsec,debug seen nptype=2(prop) len=52
21:46:13 ipsec,debug seen nptype=2(prop) len=52
21:46:13 ipsec,debug seen nptype=2(prop) len=52
21:46:13 ipsec,debug succeed.
21:46:13 ipsec,debug proposal #1 len=56
21:46:13 ipsec,debug begin.
21:46:13 ipsec,debug seen nptype=3(trns) len=44
21:46:13 ipsec,debug succeed.
21:46:13 ipsec,debug transform #1 len=44
21:46:13 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:13 ipsec,debug UDP encapsulation requested
21:46:13 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:13 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug proposal #2 len=56
21:46:13 ipsec,debug begin.
21:46:13 ipsec,debug seen nptype=3(trns) len=44
21:46:13 ipsec,debug succeed.
21:46:13 ipsec,debug transform #1 len=44
21:46:13 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:13 ipsec,debug UDP encapsulation requested
21:46:13 ipsec,debug type=Key Length, flag=0x8000, lorv=128
21:46:13 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug proposal #3 len=52
21:46:13 ipsec,debug begin.
21:46:13 ipsec,debug seen nptype=3(trns) len=40
21:46:13 ipsec,debug succeed.
21:46:13 ipsec,debug transform #1 len=40
21:46:13 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:13 ipsec,debug UDP encapsulation requested
21:46:13 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug proposal #4 len=52
21:46:13 ipsec,debug begin.
21:46:13 ipsec,debug seen nptype=3(trns) len=40
21:46:13 ipsec,debug succeed.
21:46:13 ipsec,debug transform #1 len=40
21:46:13 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:13 ipsec,debug UDP encapsulation requested
21:46:13 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug proposal #5 len=52
21:46:13 ipsec,debug begin.
21:46:13 ipsec,debug seen nptype=3(trns) len=40
21:46:13 ipsec,debug succeed.
21:46:13 ipsec,debug transform #1 len=40
21:46:13 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:13 ipsec,debug UDP encapsulation requested
21:46:13 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug pair 1:
21:46:13 ipsec,debug 0x9e6b0: next=0 tnext=0
21:46:13 ipsec,debug proposal #1: 1 transform
21:46:13 ipsec,debug pair 2:
21:46:13 ipsec,debug 0xe4300: next=0 tnext=0
21:46:13 ipsec,debug proposal #2: 1 transform
21:46:13 ipsec,debug pair 3:
21:46:13 ipsec,debug 0xe4320: next=0 tnext=0
21:46:13 ipsec,debug proposal #3: 1 transform
21:46:13 ipsec,debug pair 4:
21:46:13 ipsec,debug 0xab980: next=0 tnext=0
21:46:13 ipsec,debug proposal #4: 1 transform
21:46:13 ipsec,debug pair 5:
21:46:13 ipsec,debug 0xab9a0: next=0 tnext=0
21:46:13 ipsec,debug proposal #5: 1 transform
21:46:13 ipsec,debug got the local address from ID payload 77.77.77.77[1701] prefixlen=32 ul_proto=17
21:46:13 ipsec,debug got the peer address from ID payload 192.168.0.34[1701] prefixlen=32 ul_proto=17
21:46:13 ipsec,debug updating policy address because of NAT in transport mode
21:46:13 ipsec,debug new local address 192.168.1.2[1701]
21:46:13 ipsec,debug new peer address 22.22.22.22[1701]
21:46:13 ipsec searching for policy for selector: 192.168.1.2:1701 ip-proto:17 <=> 22.22.22.22:1701 ip-proto:17
21:46:13 ipsec using strict match: 192.168.1.2:1701 <=> 22.22.22.22:1701 ip-proto:17
21:46:13 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:46:13 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:13 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:46:13 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:46:13 ipsec,debug begin compare proposals.
21:46:13 ipsec,debug pair[1]: 0x9e6b0
21:46:13 ipsec,debug 0x9e6b0: next=0 tnext=0
21:46:13 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC
21:46:13 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:13 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:13 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug peer's single bundle:
21:46:13 ipsec,debug (proto_id=ESP spisize=4 spi=533d033a spi_p=00000000 encmode=UDP-Transport reqid=0:0)
21:46:13 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:13 ipsec,debug my single bundle:
21:46:13 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:46:13 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:13 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:46:13 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:46:13 ipsec Adjusting my encmode UDP-Transport->Transport
21:46:13 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
21:46:13 ipsec,debug matched
21:46:13 ipsec,debug ===
21:46:13 ipsec,debug call pfkey_send_getspi a9
21:46:13 ipsec,debug pfkey GETSPI sent: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500]
21:46:13 ipsec,debug pfkey getspi sent.
21:46:13 ipsec,debug total SA len=64
21:46:13 ipsec,debug 00000001 00000001 00000038 01030401 00000000 0000002c 010c0000 80040004
21:46:13 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:13 ipsec,debug begin.
21:46:13 ipsec,debug seen nptype=2(prop) len=56
21:46:13 ipsec,debug succeed.
21:46:13 ipsec,debug proposal #1 len=56
21:46:13 ipsec,debug begin.
21:46:13 ipsec,debug seen nptype=3(trns) len=44
21:46:13 ipsec,debug succeed.
21:46:13 ipsec,debug transform #1 len=44
21:46:13 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:13 ipsec,debug UDP encapsulation requested
21:46:13 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:13 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:13 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:13 ipsec,debug pair 1:
21:46:13 ipsec,debug 0x97c90: next=0 tnext=0
21:46:13 ipsec,debug proposal #1: 1 transform
21:46:13 ipsec,debug NAT-OAi:
21:46:13 ipsec,debug 01000000 4de7998d
21:46:13 ipsec,debug NAT-OAr:
21:46:13 ipsec,debug 01000000 c0a80102
21:46:13 ipsec,debug add payload of len 64, next type 10
21:46:13 ipsec,debug add payload of len 24, next type 5
21:46:13 ipsec,debug add payload of len 8, next type 5
21:46:13 ipsec,debug add payload of len 8, next type 21
21:46:13 ipsec,debug add payload of len 8, next type 21
21:46:13 ipsec,debug add payload of len 8, next type 0
21:46:13 ipsec,debug add payload of len 20, next type 1
21:46:13 ipsec,debug 204 bytes from 192.168.1.2[4500] to 22.22.22.22[4500]
21:46:13 ipsec,debug 1 times of 208 bytes message will be sent to 22.22.22.22[4500]
21:46:13 ipsec sent phase2 packet 192.168.1.2[4500]<=>22.22.22.22[4500] beacc1c439e4b8bc:1586750070ab08b6:00000000
21:46:13 ipsec,debug ===== received 60 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:13 ipsec,debug begin.
21:46:13 ipsec,debug seen nptype=8(hash) len=24
21:46:13 ipsec,debug succeed.
21:46:13 ipsec,debug HASH(3) validate:
21:46:13 ipsec,debug 5352c13a b4c868e0 a154007b 41e38379 e85d027f
21:46:13 ipsec,debug ===
21:46:13 ipsec,debug encryption(aes-cbc)
21:46:13 ipsec,debug hmac(sha1)
21:46:13 ipsec,debug encklen=256 authklen=160
21:46:13 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:46:13 ipsec,debug generating K1...K4 for KEYMAT.
21:46:13 ipsec,debug 4403f825 3cf8e6e8 9c0b01d7 cc1652db 217a7723 658e7331 fbd0469f e211a77c
21:46:13 ipsec,debug 700d53b7 d0706358 7c37182b 45e6a144 d084c36b 1430478a f8c7c782 4acb2c1f
21:46:13 ipsec,debug 65333539 b2bc3109 75bb778e d3ec443e
21:46:13 ipsec,debug encryption(aes-cbc)
21:46:13 ipsec,debug hmac(sha1)
21:46:13 ipsec,debug encklen=256 authklen=160
21:46:13 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:46:13 ipsec,debug generating K1...K4 for KEYMAT.
21:46:13 ipsec,debug 2ddd75ef 80eb2c97 bb8cfbc5 bde1f4d1 a97ae837 148445b1 a0f15443 c6cfa6a2
21:46:13 ipsec,debug 360ee890 3f2ba9b5 4165b4d2 7cc01e34 5f242994 9d751078 b8729eba 7e18edc9
21:46:13 ipsec,debug 9eb37260 b697b0c9 50545362 a28d0cac
21:46:13 ipsec,debug KEYMAT computed.
21:46:13 ipsec,debug call pk_sendupdate
21:46:13 ipsec,debug encryption(aes-cbc)
21:46:13 ipsec,debug hmac(sha1)
21:46:13 ipsec,debug call pfkey_send_update_nat
21:46:13 ipsec IPsec-SA established: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500] spi=0x29cec4f
21:46:13 ipsec,debug pfkey update sent.
21:46:13 ipsec,debug encryption(aes-cbc)
21:46:13 ipsec,debug hmac(sha1)
21:46:13 ipsec,debug call pfkey_send_add_nat
21:46:13 ipsec IPsec-SA established: ESP/Transport 192.168.1.2[4500]->22.22.22.22[4500] spi=0x533d033a
21:46:13 ipsec,debug pfkey add sent.
21:46:13 ipsec,debug ===== received 76 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:13 ipsec,debug receive Information.
21:46:13 ipsec,debug hash(sha1)
21:46:13 ipsec,debug hash validated.
21:46:13 ipsec,debug begin.
21:46:13 ipsec,debug seen nptype=8(hash) len=24
21:46:13 ipsec,debug seen nptype=12(delete) len=16
21:46:13 ipsec,debug succeed.
21:46:13 ipsec,debug 22.22.22.22 delete payload for protocol ESP
21:46:13 ipsec purged IPsec-SA proto_id=ESP spi=0x473d8b10
21:46:13 ipsec purged IPsec-SA proto_id=ESP spi=0xc181f65
21:46:13 ipsec,debug purged SAs.
21:46:20 ipsec,debug KA: 192.168.1.2[4500]->22.22.22.22[4500]
21:46:20 ipsec,debug 1 times of 1 bytes message will be sent to 22.22.22.22[4500]
21:46:23 ipsec,debug ===== received 436 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:23 ipsec,debug hash(sha1)
21:46:23 ipsec,debug ===
21:46:23 ipsec respond new phase 2 negotiation: 192.168.1.2[4500]<=>22.22.22.22[4500]
21:46:23 ipsec,debug begin.
21:46:23 ipsec,debug seen nptype=8(hash) len=24
21:46:23 ipsec,debug seen nptype=1(sa) len=280
21:46:23 ipsec,debug seen nptype=10(nonce) len=52
21:46:23 ipsec,debug seen nptype=5(id) len=12
21:46:23 ipsec,debug seen nptype=5(id) len=12
21:46:23 ipsec,debug seen nptype=21(nat-oa) len=12
21:46:23 ipsec,debug seen nptype=21(nat-oa) len=12
21:46:23 ipsec,debug succeed.
21:46:23 ipsec,debug received IDci2:
21:46:23 ipsec,debug 011106a5 c0a80022
21:46:23 ipsec,debug received IDcr2:
21:46:23 ipsec,debug 011106a5 02885697
21:46:23 ipsec,debug HASH(1) validate:
21:46:23 ipsec,debug 96897cc7 8d9d3525 2e936d38 9bcca8d2 27ebe726
21:46:23 ipsec,debug total SA len=276
21:46:23 ipsec,debug 00000001 00000001 02000038 01030401 8ef9cd52 0000002c 010c0000 80040004
21:46:23 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:23 ipsec,debug 02000038 02030401 8ef9cd52 0000002c 010c0000 80040004 80060080 80050002
21:46:23 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 02000034 03030401
21:46:23 ipsec,debug 8ef9cd52 00000028 01030000 80040004 80050002 80010001 00020004 00000e10
21:46:23 ipsec,debug 80010002 00020004 0003d090 02000034 04030401 8ef9cd52 00000028 01020000
21:46:23 ipsec,debug 80040004 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:23 ipsec,debug 00000034 05030401 8ef9cd52 00000028 010b0000 80040004 80050002 80010001
21:46:23 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090
21:46:23 ipsec,debug begin.
21:46:23 ipsec,debug seen nptype=2(prop) len=56
21:46:23 ipsec,debug seen nptype=2(prop) len=56
21:46:23 ipsec,debug seen nptype=2(prop) len=52
21:46:23 ipsec,debug seen nptype=2(prop) len=52
21:46:23 ipsec,debug seen nptype=2(prop) len=52
21:46:23 ipsec,debug succeed.
21:46:23 ipsec,debug proposal #1 len=56
21:46:23 ipsec,debug begin.
21:46:23 ipsec,debug seen nptype=3(trns) len=44
21:46:23 ipsec,debug succeed.
21:46:23 ipsec,debug transform #1 len=44
21:46:23 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:23 ipsec,debug UDP encapsulation requested
21:46:23 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:23 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug proposal #2 len=56
21:46:23 ipsec,debug begin.
21:46:23 ipsec,debug seen nptype=3(trns) len=44
21:46:23 ipsec,debug succeed.
21:46:23 ipsec,debug transform #1 len=44
21:46:23 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:23 ipsec,debug UDP encapsulation requested
21:46:23 ipsec,debug type=Key Length, flag=0x8000, lorv=128
21:46:23 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug proposal #3 len=52
21:46:23 ipsec,debug begin.
21:46:23 ipsec,debug seen nptype=3(trns) len=40
21:46:23 ipsec,debug succeed.
21:46:23 ipsec,debug transform #1 len=40
21:46:23 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:23 ipsec,debug UDP encapsulation requested
21:46:23 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug proposal #4 len=52
21:46:23 ipsec,debug begin.
21:46:23 ipsec,debug seen nptype=3(trns) len=40
21:46:23 ipsec,debug succeed.
21:46:23 ipsec,debug transform #1 len=40
21:46:23 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:23 ipsec,debug UDP encapsulation requested
21:46:23 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug proposal #5 len=52
21:46:23 ipsec,debug begin.
21:46:23 ipsec,debug seen nptype=3(trns) len=40
21:46:23 ipsec,debug succeed.
21:46:23 ipsec,debug transform #1 len=40
21:46:23 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:23 ipsec,debug UDP encapsulation requested
21:46:23 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug pair 1:
21:46:23 ipsec,debug 0xab4f0: next=0 tnext=0
21:46:23 ipsec,debug proposal #1: 1 transform
21:46:23 ipsec,debug pair 2:
21:46:23 ipsec,debug 0xab510: next=0 tnext=0
21:46:23 ipsec,debug proposal #2: 1 transform
21:46:23 ipsec,debug pair 3:
21:46:23 ipsec,debug 0xdc6c0: next=0 tnext=0
21:46:23 ipsec,debug proposal #3: 1 transform
21:46:23 ipsec,debug pair 4:
21:46:23 ipsec,debug 0xd1610: next=0 tnext=0
21:46:23 ipsec,debug proposal #4: 1 transform
21:46:23 ipsec,debug pair 5:
21:46:23 ipsec,debug 0xd1630: next=0 tnext=0
21:46:23 ipsec,debug proposal #5: 1 transform
21:46:23 ipsec,debug got the local address from ID payload 77.77.77.77[1701] prefixlen=32 ul_proto=17
21:46:23 ipsec,debug got the peer address from ID payload 192.168.0.34[1701] prefixlen=32 ul_proto=17
21:46:23 ipsec,debug updating policy address because of NAT in transport mode
21:46:23 ipsec,debug new local address 192.168.1.2[1701]
21:46:23 ipsec,debug new peer address 22.22.22.22[1701]
21:46:23 ipsec searching for policy for selector: 192.168.1.2:1701 ip-proto:17 <=> 22.22.22.22:1701 ip-proto:17
21:46:23 ipsec using strict match: 192.168.1.2:1701 <=> 22.22.22.22:1701 ip-proto:17
21:46:23 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:46:23 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:23 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:46:23 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:46:23 ipsec,debug begin compare proposals.
21:46:23 ipsec,debug pair[1]: 0xab4f0
21:46:23 ipsec,debug 0xab4f0: next=0 tnext=0
21:46:23 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC
21:46:23 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:23 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:23 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug peer's single bundle:
21:46:23 ipsec,debug (proto_id=ESP spisize=4 spi=8ef9cd52 spi_p=00000000 encmode=UDP-Transport reqid=0:0)
21:46:23 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:23 ipsec,debug my single bundle:
21:46:23 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=8:8)
21:46:23 ipsec,debug (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
21:46:23 ipsec,debug (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
21:46:23 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
21:46:23 ipsec Adjusting my encmode UDP-Transport->Transport
21:46:23 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2)
21:46:23 ipsec,debug matched
21:46:23 ipsec,debug ===
21:46:23 ipsec,debug call pfkey_send_getspi aa
21:46:23 ipsec,debug pfkey GETSPI sent: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500]
21:46:23 ipsec,debug pfkey getspi sent.
21:46:23 ipsec,debug total SA len=64
21:46:23 ipsec,debug 00000001 00000001 00000038 01030401 00000000 0000002c 010c0000 80040004
21:46:23 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090
21:46:23 ipsec,debug begin.
21:46:23 ipsec,debug seen nptype=2(prop) len=56
21:46:23 ipsec,debug succeed.
21:46:23 ipsec,debug proposal #1 len=56
21:46:23 ipsec,debug begin.
21:46:23 ipsec,debug seen nptype=3(trns) len=44
21:46:23 ipsec,debug succeed.
21:46:23 ipsec,debug transform #1 len=44
21:46:23 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
21:46:23 ipsec,debug UDP encapsulation requested
21:46:23 ipsec,debug type=Key Length, flag=0x8000, lorv=256
21:46:23 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
21:46:23 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
21:46:23 ipsec,debug pair 1:
21:46:23 ipsec,debug 0xd5bb0: next=0 tnext=0
21:46:23 ipsec,debug proposal #1: 1 transform
21:46:23 ipsec,debug NAT-OAi:
21:46:23 ipsec,debug 01000000 4de7998d
21:46:23 ipsec,debug NAT-OAr:
21:46:23 ipsec,debug 01000000 c0a80102
21:46:23 ipsec,debug add payload of len 64, next type 10
21:46:23 ipsec,debug add payload of len 24, next type 5
21:46:23 ipsec,debug add payload of len 8, next type 5
21:46:23 ipsec,debug add payload of len 8, next type 21
21:46:23 ipsec,debug add payload of len 8, next type 21
21:46:23 ipsec,debug add payload of len 8, next type 0
21:46:23 ipsec,debug add payload of len 20, next type 1
21:46:23 ipsec,debug 204 bytes from 192.168.1.2[4500] to 22.22.22.22[4500]
21:46:23 ipsec,debug 1 times of 208 bytes message will be sent to 22.22.22.22[4500]
21:46:23 ipsec sent phase2 packet 192.168.1.2[4500]<=>22.22.22.22[4500] beacc1c439e4b8bc:1586750070ab08b6:00000000
21:46:23 ipsec,debug ===== received 60 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:23 ipsec,debug begin.
21:46:23 ipsec,debug seen nptype=8(hash) len=24
21:46:23 ipsec,debug succeed.
21:46:23 ipsec,debug HASH(3) validate:
21:46:23 ipsec,debug cd84f505 840c631c 33307682 95969c1d 3cf4394f
21:46:23 ipsec,debug ===
21:46:23 ipsec,debug encryption(aes-cbc)
21:46:23 ipsec,debug hmac(sha1)
21:46:23 ipsec,debug encklen=256 authklen=160
21:46:23 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:46:23 ipsec,debug generating K1...K4 for KEYMAT.
21:46:23 ipsec,debug 19e2e9c1 f1aceb00 f90c2b13 fb37592c 4a6d26f0 41079320 c41f67e1 d4e8abc8
21:46:23 ipsec,debug d2605ed0 d98bab30 a141134e 7c81d27d 3831df58 448ea739 3d042640 eb852080
21:46:23 ipsec,debug 260bac2d c7dd6475 0ab099a5 964a1e57
21:46:23 ipsec,debug encryption(aes-cbc)
21:46:23 ipsec,debug hmac(sha1)
21:46:23 ipsec,debug encklen=256 authklen=160
21:46:23 ipsec,debug generating 640 bits of key (dupkeymat=4)
21:46:23 ipsec,debug generating K1...K4 for KEYMAT.
21:46:23 ipsec,debug 0e21776f 59e6e9b7 8d1ccf16 b6aa1463 dbdd93c9 499bea75 0f9c935f 07830895
21:46:23 ipsec,debug 8b1c2cb7 088a9be2 cbdd4e3c 62aeb6bb 301c25db 1883605d 278f0c71 88c4a136
21:46:23 ipsec,debug abe17057 6cdcbaeb db35929b 1aee83ea
21:46:23 ipsec,debug KEYMAT computed.
21:46:23 ipsec,debug call pk_sendupdate
21:46:23 ipsec,debug encryption(aes-cbc)
21:46:23 ipsec,debug hmac(sha1)
21:46:23 ipsec,debug call pfkey_send_update_nat
21:46:23 ipsec IPsec-SA established: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500] spi=0xc20ff1
21:46:23 ipsec,debug pfkey update sent.
21:46:23 ipsec,debug encryption(aes-cbc)
21:46:23 ipsec,debug hmac(sha1)
21:46:23 ipsec,debug call pfkey_send_add_nat
21:46:23 ipsec IPsec-SA established: ESP/Transport 192.168.1.2[4500]->22.22.22.22[4500] spi=0x8ef9cd52
21:46:23 ipsec,debug pfkey add sent.
21:46:23 ipsec,debug ===== received 76 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:23 ipsec,debug receive Information.
21:46:23 ipsec,debug hash(sha1)
21:46:23 ipsec,debug hash validated.
21:46:23 ipsec,debug begin.
21:46:23 ipsec,debug seen nptype=8(hash) len=24
21:46:23 ipsec,debug seen nptype=12(delete) len=16
21:46:23 ipsec,debug succeed.
21:46:23 ipsec,debug 22.22.22.22 delete payload for protocol ESP
21:46:23 ipsec purged IPsec-SA proto_id=ESP spi=0x533d033a
21:46:23 ipsec purged IPsec-SA proto_id=ESP spi=0x29cec4f
21:46:23 ipsec,debug purged SAs.
21:46:33 ipsec,debug ===== received 76 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:33 ipsec,debug receive Information.
21:46:33 ipsec,debug hash(sha1)
21:46:33 ipsec,debug hash validated.
21:46:33 ipsec,debug begin.
21:46:33 ipsec,debug seen nptype=8(hash) len=24
21:46:33 ipsec,debug seen nptype=12(delete) len=16
21:46:33 ipsec,debug succeed.
21:46:33 ipsec,debug 22.22.22.22 delete payload for protocol ESP
21:46:33 ipsec purged IPsec-SA proto_id=ESP spi=0x8ef9cd52
21:46:33 ipsec purged IPsec-SA proto_id=ESP spi=0xc20ff1
21:46:33 ipsec removing generated policy
21:46:33 ipsec,debug purged SAs.
21:46:33 ipsec,debug ===== received 84 bytes from 22.22.22.22[4500] to 192.168.1.2[4500]
21:46:33 ipsec,debug receive Information.
21:46:33 ipsec,debug hash(sha1)
21:46:33 ipsec,debug hash validated.
21:46:33 ipsec,debug begin.
21:46:33 ipsec,debug seen nptype=8(hash) len=24
21:46:33 ipsec,debug seen nptype=12(delete) len=28
21:46:33 ipsec,debug succeed.
21:46:33 ipsec,debug 22.22.22.22 delete payload for protocol ISAKMP
21:46:33 ipsec,info purging ISAKMP-SA 192.168.1.2[4500]<=>22.22.22.22[4500] spi=beacc1c439e4b8bc:1586750070ab08b6.
21:46:33 ipsec purged ISAKMP-SA 192.168.1.2[4500]<=>22.22.22.22[4500] spi=beacc1c439e4b8bc:1586750070ab08b6.
21:46:33 ipsec,debug purged SAs.
21:46:33 ipsec,info ISAKMP-SA deleted 192.168.1.2[4500]-22.22.22.22[4500] spi:beacc1c439e4b8bc:1586750070ab08b6 rekey:1
21:46:33 ipsec KA remove: 192.168.1.2[4500]->22.22.22.22[4500]
21:46:33 ipsec,debug KA tree dump: 192.168.1.2[4500]->22.22.22.22[4500] (in_use=1)
21:46:33 ipsec,debug KA removing this one...

I personally don’t see any errors in the log so the most likely culprit is the Windows 11 machine

what are you getting at , /ip/ ipsec/installed-sa , while the connection is trying to establish?

according to the log: ESP/Transport 22.22.22.22[4500]->192.168.1.2[4500] , i think that the MT is behind NAT

@sindy will add more

Indeed, already the very first row of the log reveals that:
21:45:57 ipsec,debug ===== received 408 bytes from 22.22.22.22[500] to 192.168.1.2[500]

The “more” @nichky has promised in my name is that by default, the Windows client does not tolerate the responder/server to run on a private address behind a NAT. To resolve this, you have two possibilities:

• change the corresponding setting in Windows registry, which is an approach that you can afford if you either have a very small number of clients of if you can manage the client settings centrally using a domain server,
• configure the Mikrotik in a special way, but the drawback is that it only works if the client is behind a NAT.

Which way makes more sense to you?

(there is also the other, unrelated, issue - if you want more than one Windows L2TP/IPsec client to connect from behind the same public address, you need an even more complicated setup on the Mikrotik).

Hi, this has been the solution to my problem.

https://support.vyprvpn.com/hc/es/articles/360058445431--Qué-es-el-error-809