L2TP IPSec + Windows/iPhone issue

Hi,
I have a problem with setting L2TP IPSec. I searched all the threads on the forum and no luck..
I have OVPN setting for site-2-site connection (this one works). I want to connect my windows machine as well as iphone via L2TP IPSec. Unfortunatelly I failed so far.

Here is my config.

[admin@MikroTik] > /export hide-sensitive
# apr/22/2018 08:37:08 by RouterOS 6.38.7
# software id = M7Y4-4C74
#
/interface ethernet
set [ find default-name=ether1 ] name=Internet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface pppoe-client
add add-default-route=yes disabled=no interface=Internet name=pppoe-out1 use-peer-dns=yes user=xxxx
/ip neighbor discovery
set Internet discover=no
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des lifetime=1d pfs-group=none
/ip pool
add name=dhcp ranges=192.168.200.180-192.168.200.200
add name=vpn-pool ranges=192.168.220.50-192.168.220.100
add name=static-pool ranges=192.168.200.2-192.168.200.30
add name=ovpn-pool ranges=192.168.211.2-192.168.211.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether2-master lease-time=20h10m name=defconf
/ppp profile
add local-address=192.168.211.1 name=ovpn-profile remote-address=ovpn-pool use-encryption=required
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=192.168.220.1 name=vpn-pool remote-address=vpn-pool session-timeout=0s use-encryption=yes
/interface l2tp-server server
set authentication=chap,mschap2 default-profile=vpn-pool enabled=yes
/interface ovpn-server server
set certificate=ca default-profile=ovpn-profile enabled=yes require-client-certificate=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.200.1/24 interface=ether2-master network=192.168.200.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=Internet
/ip dhcp-server lease
add address=192.168.200.200 client-id=1:b8:27:eb:b:85:a4 mac-address=B8:27:EB:0B:85:A4 server=defconf
/ip dhcp-server network
add address=192.168.200.0/24 comment=defconf gateway=192.168.200.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.200.1 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=accept chain=input comment=OpenVPN dst-port=1194 protocol=tcp
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add chain=input port=1701,500,4500 protocol=udp
add chain=input protocol=ipsec-esp
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=Internet
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input disabled=yes in-interface=pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.220.0/24
/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=aes-256,aes-192,aes-128,3des exchange-mode=main-l2tp generate-policy=port-override passive=yes
/ip route
add comment=Wan distance=1 dst-address=192.168.180.0/24 gateway=192.168.211.2
/ip service
set telnet disabled=yes
set ftp address=192.168.200.1/32
/ppp l2tp-secret
add comment=iphone and windows clients
/ppp secret
add local-address=192.168.211.1 name=proxmox profile=ovpn-profile remote-address=192.168.211.2 service=ovpn
add name=pawel profile=vpn-pool service=l2tp
/system clock
set time-zone-name=Europe/Warsaw
/system logging
add topics=ipsec,debug
add topics=l2tp,ppp,info
add topics=l2tp,info
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master

Here is the log when I try to connect my iPhone. I try to connect from my local network via router public interface (xxx.xxx.xxx.xxx)

[admin@MikroTik] /log> print
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 192:256)
08:46:17 ipsec,debug hashtype = SHA:4
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 128:256)
08:46:17 ipsec,debug hashtype = SHA:4
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = 3DES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 0:256)
08:46:17 ipsec,debug hashtype = SHA:4
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
08:46:17 ipsec,debug trns#=2, trns-id=IKE
08:46:17 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
08:46:17 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
08:46:17 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
08:46:17 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:17 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
08:46:17 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
08:46:17 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 256:256)
08:46:17 ipsec,debug hashtype = SHA:SHA
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 192:256)
08:46:17 ipsec,debug hashtype = SHA:SHA
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 128:256)
08:46:17 ipsec,debug hashtype = SHA:SHA
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = 3DES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 0:256)
08:46:17 ipsec,debug hashtype = SHA:SHA
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
08:46:17 ipsec,debug trns#=3, trns-id=IKE
08:46:17 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
08:46:17 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
08:46:17 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
08:46:17 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:17 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
08:46:17 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5
08:46:17 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 256:256)
08:46:17 ipsec,debug hashtype = SHA:MD5
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 192:256)
08:46:17 ipsec,debug hashtype = SHA:MD5
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 128:256)
08:46:17 ipsec,debug hashtype = SHA:MD5
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = 3DES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 0:256)
08:46:17 ipsec,debug hashtype = SHA:MD5
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
08:46:17 ipsec,debug trns#=4, trns-id=IKE
08:46:17 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
08:46:17 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
08:46:17 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
08:46:17 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:17 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
08:46:17 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=6
08:46:17 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 256:256)
08:46:17 ipsec,debug hashtype = SHA:6
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 192:256)
08:46:17 ipsec,debug hashtype = SHA:6
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 128:256)
08:46:17 ipsec,debug hashtype = SHA:6
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = 3DES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 0:256)
08:46:17 ipsec,debug hashtype = SHA:6
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
08:46:17 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
08:46:17 ipsec,debug trns#=5, trns-id=IKE
08:46:17 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
08:46:17 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
08:46:17 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
08:46:17 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:17 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
08:46:17 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4
08:46:17 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 256:256)
08:46:17 ipsec,debug hashtype = SHA:4
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 192:256)
08:46:17 ipsec,debug hashtype = SHA:4
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 128:256)
08:46:17 ipsec,debug hashtype = SHA:4
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = 3DES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 0:256)
08:46:17 ipsec,debug hashtype = SHA:4
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
08:46:17 ipsec,debug trns#=6, trns-id=IKE
08:46:17 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
08:46:17 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
08:46:17 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
08:46:17 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:17 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
08:46:17 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
08:46:17 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 256:256)
08:46:17 ipsec,debug hashtype = SHA:SHA
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 192:256)
08:46:17 ipsec,debug hashtype = SHA:SHA
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 128:256)
08:46:17 ipsec,debug hashtype = SHA:SHA
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = 3DES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 0:256)
08:46:17 ipsec,debug hashtype = SHA:SHA
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
08:46:17 ipsec,debug trns#=7, trns-id=IKE
08:46:17 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
08:46:17 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
08:46:17 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
08:46:17 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:17 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
08:46:17 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5
08:46:17 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 256:256)
08:46:17 ipsec,debug hashtype = SHA:MD5
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 192:256)
08:46:17 ipsec,debug hashtype = SHA:MD5
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 128:256)
08:46:17 ipsec,debug hashtype = SHA:MD5
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = 3DES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 0:256)
08:46:17 ipsec,debug hashtype = SHA:MD5
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
08:46:17 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
08:46:17 ipsec,debug trns#=8, trns-id=IKE
08:46:17 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
08:46:17 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
08:46:17 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
08:46:17 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:17 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
08:46:17 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4
08:46:17 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 256:256)
08:46:17 ipsec,debug hashtype = SHA:4
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 192:256)
08:46:17 ipsec,debug hashtype = SHA:4
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 128:256)
08:46:17 ipsec,debug hashtype = SHA:4
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = 3DES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 0:256)
08:46:17 ipsec,debug hashtype = SHA:4
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
08:46:17 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
08:46:17 ipsec,debug trns#=9, trns-id=IKE
08:46:17 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
08:46:17 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
08:46:17 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
08:46:17 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:17 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
08:46:17 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
08:46:17 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
08:46:17 ipsec,debug Compared: Local:Peer
08:46:17 ipsec,debug (lifetime = 86400:3600)
08:46:17 ipsec,debug (lifebyte = 0:0)
08:46:17 ipsec,debug enctype = AES-CBC:AES-CBC
08:46:17 ipsec,debug (encklen = 256:256)
08:46:17 ipsec,debug hashtype = SHA:SHA
08:46:17 ipsec,debug authmethod = pre-shared key:pre-shared key
08:46:17 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
08:46:17 ipsec,debug an acceptable proposal found.
08:46:17 ipsec,debug dh(modp1024)
08:46:17 ipsec,debug agreed on pre-shared key auth.
08:46:17 ipsec,debug ===
08:46:17 ipsec,debug new cookie:
08:46:17 ipsec,debug af3d6cdf95017316
08:46:17 ipsec,debug add payload of len 52, next type 13
08:46:17 ipsec,debug add payload of len 16, next type 13
08:46:17 ipsec,debug add payload of len 16, next type 13
08:46:17 ipsec,debug add payload of len 20, next type 0
08:46:17 ipsec,debug 148 bytes from xxx.xxx.xxx.xxx[500] to 192.168.200.196[500]
08:46:17 ipsec,debug 1 times of 148 bytes message will be sent to 192.168.200.196[500]
08:46:17 ipsec,debug,packet f18810a0 f309cd13 af3d6cdf 95017316 01100200 00000000 00000094 0d000038
08:46:17 ipsec,debug,packet 00000001 00000001 0000002c 01010001 00000024 09010000 800b0001 800c0e10
08:46:17 ipsec,debug,packet 80010007 800e0100 80030001 80020002 80040002 0d000014 4a131c81 07035845
08:46:17 ipsec,debug,packet 5c5728f2 0e95452f 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 00000018
08:46:17 ipsec,debug,packet 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000
08:46:17 ipsec,debug ===== received 228 bytes from 192.168.200.196[500] to xxx.xxx.xxx.xxx[500]
08:46:17 ipsec,debug,packet f18810a0 f309cd13 af3d6cdf 95017316 04100200 00000000 000000e4 0a000084
08:46:17 ipsec,debug,packet 166674e0 80ba64f2 94e55b51 0abad9d4 f07950c1 6b03f1e0 d1a03ac4 9f63d08f
08:46:17 ipsec,debug,packet 3d581a27 e867555a 23deac2e fe264568 69f67afa b82eb4bc a3efcf24 f0436f29
08:46:17 ipsec,debug,packet b7d39dc2 7e18b2cf 1385df19 9dc56f88 1d4a889a 8490bb07 4f6e3fa4 66414539
08:46:17 ipsec,debug,packet a2c46c06 183ae0ca 2e205cc4 35739ffd 6d3b6721 cf1c385b 0d5a9911 c1424d96
08:46:17 ipsec,debug,packet 14000014 731289bb a987fac4 efdf81c5 c5905f1f 14000018 e60037a1 5d9ff803
08:46:17 ipsec,debug,packet 8490ce56 31d87be9 94943473 00000018 6249b62a 8ba64a20 3b2844d5 693b575c
08:46:17 ipsec,debug,packet 35517453
08:46:17 ipsec,debug begin.
08:46:17 ipsec,debug seen nptype=4(ke) len=132
08:46:17 ipsec,debug seen nptype=10(nonce) len=20
08:46:17 ipsec,debug seen nptype=20(nat-d) len=24
08:46:17 ipsec,debug seen nptype=20(nat-d) len=24
08:46:17 ipsec,debug succeed.
08:46:17 ipsec,debug hash(sha1)
08:46:17 ipsec,debug hash(sha1)
08:46:17 ipsec,debug ===
08:46:17 ipsec,debug dh(modp1024)
08:46:17 ipsec,debug compute DH's private.
08:46:17 ipsec,debug 42434d35 863b11e2 a1780e40 1581b1ed 970a9100 0de1286b 7b66e0d1 9a41797a
08:46:17 ipsec,debug b261f9ce ef3ed9c8 a7f011d1 a28d1a74 bffe1181 858709a6 a66bcde9 2f7237ce
08:46:17 ipsec,debug e91e91e4 5e15528d 16422805 cb123689 820bae56 d7c9aa8c 35ca317b 0a9b3f5a
08:46:17 ipsec,debug 714efd07 11d5bd65 0d405fc7 ea65ac86 a8abbc0a bd040f7d a3887a33 59d22e73
08:46:17 ipsec,debug compute DH's public.
08:46:17 ipsec,debug 2f3ef62a 05341a9d 0721b9a5 024f5fb1 287fe0a0 bfe2101e 6c0b984f 0205047b
08:46:17 ipsec,debug 29a9da9c bd822b56 f9525289 06d9d19d 371b8182 f2423440 0bb9b069 b57cbaf7
08:46:17 ipsec,debug 0938b132 8e63d4be db8f7ef1 a1c15271 e2d99b02 736e60d1 8209b5ab 927366d3
08:46:17 ipsec,debug ee388759 37d1b374 36439a34 59cdf18c cf64bfc2 edc3944a 578200b7 e05af836
08:46:17 ipsec,debug hash(sha1)
08:46:17 ipsec,debug hash(sha1)
08:46:17 ipsec,debug add payload of len 128, next type 10
08:46:17 ipsec,debug add payload of len 24, next type 20
08:46:17 ipsec,debug add payload of len 20, next type 20
08:46:17 ipsec,debug add payload of len 20, next type 0
08:46:17 ipsec,debug 236 bytes from xxx.xxx.xxx.xxx[500] to 192.168.200.196[500]
08:46:17 ipsec,debug 1 times of 236 bytes message will be sent to 192.168.200.196[500]
08:46:17 ipsec,debug,packet f18810a0 f309cd13 af3d6cdf 95017316 04100200 00000000 000000ec 0a000084
08:46:17 ipsec,debug,packet 2f3ef62a 05341a9d 0721b9a5 024f5fb1 287fe0a0 bfe2101e 6c0b984f 0205047b
08:46:17 ipsec,debug,packet 29a9da9c bd822b56 f9525289 06d9d19d 371b8182 f2423440 0bb9b069 b57cbaf7
08:46:17 ipsec,debug,packet 0938b132 8e63d4be db8f7ef1 a1c15271 e2d99b02 736e60d1 8209b5ab 927366d3
08:46:17 ipsec,debug,packet ee388759 37d1b374 36439a34 59cdf18c cf64bfc2 edc3944a 578200b7 e05af836
08:46:17 ipsec,debug,packet 1400001c 8e6b9057 800e76e6 26b79a83 70e5e3b6 3d3900ca e64295c2 14000018
08:46:17 ipsec,debug,packet 6249b62a 8ba64a20 3b2844d5 693b575c 35517453 00000018 e60037a1 5d9ff803
08:46:17 ipsec,debug,packet 8490ce56 31d87be9 94943473
08:46:17 ipsec,debug dh(modp1024)
08:46:17 ipsec,debug compute DH's shared.
08:46:17 ipsec,debug
08:46:17 ipsec,debug 2696cfba 5fbdd665 76ba2b48 30489814 1821f6a0 387134f7 1e1ba58d 6733464a
08:46:17 ipsec,debug 0e507c5e a888317d bce66fac ce27a1d2 0da1653b 6026604f d72f6a75 a0be90bd
08:46:17 ipsec,debug 9f03ca18 b8c00f5b ea660b34 2d6b099f dde3769d 1238c5fd f1ef65c0 d443bd62
08:46:17 ipsec,debug 721accd3 2de6ad3a 09ee62ce 8da90bd9 3327cbf3 8c480a59 db570611 f7941692
08:46:17 ipsec,debug nonce 1:
08:46:17 ipsec,debug 731289bb a987fac4 efdf81c5 c5905f1f
08:46:17 ipsec,debug nonce 2:
08:46:17 ipsec,debug 8e6b9057 800e76e6 26b79a83 70e5e3b6 3d3900ca e64295c2
08:46:17 ipsec,debug hmac(hmac_sha1)
08:46:17 ipsec,debug SKEYID computed:
08:46:17 ipsec,debug 99a14e8e 2df693ba 4147f056 b7b3dbfd fc357ae5
08:46:17 ipsec,debug hmac(hmac_sha1)
08:46:17 ipsec,debug SKEYID_d computed:
08:46:17 ipsec,debug 23dfaabb e6c986ff 04c8e3ed 18851ee4 fb3284d1
08:46:17 ipsec,debug hmac(hmac_sha1)
08:46:17 ipsec,debug SKEYID_a computed:
08:46:17 ipsec,debug 6f45247d 6b82b439 182249ce c6798f1f e72f6d03
08:46:17 ipsec,debug hmac(hmac_sha1)
08:46:17 ipsec,debug SKEYID_e computed:
08:46:17 ipsec,debug f4606787 b6890f95 d6d2f181 04be72a9 142adcb4
08:46:17 ipsec,debug encryption(aes)
08:46:17 ipsec,debug hash(sha1)
08:46:17 ipsec,debug len(SKEYID_e) < len(Ka) (20 < 32), generating long key (Ka = K1 | K2 | ...)
08:46:17 ipsec,debug hmac(hmac_sha1)
08:46:17 ipsec,debug compute intermediate encryption key K1
08:46:17 ipsec,debug 00
08:46:17 ipsec,debug 96d039ce 77d263f8 d0224452 6581387d 4a8eddb7
08:46:17 ipsec,debug hmac(hmac_sha1)
08:46:17 ipsec,debug compute intermediate encryption key K2
08:46:17 ipsec,debug 96d039ce 77d263f8 d0224452 6581387d 4a8eddb7
08:46:17 ipsec,debug 937d52cd ad49e01f 9673741c dc07d509 db3cd34f
08:46:17 ipsec,debug final encryption key computed:
08:46:17 ipsec,debug 96d039ce 77d263f8 d0224452 6581387d 4a8eddb7 937d52cd ad49e01f 9673741c
08:46:17 ipsec,debug hash(sha1)
08:46:17 ipsec,debug encryption(aes)
08:46:17 ipsec,debug IV computed:
08:46:17 ipsec,debug c830f7cd c18f8895 461de6e1 5f9e8bb6
08:46:17 ipsec,debug ===== received 108 bytes from 192.168.200.196[500] to xxx.xxx.xxx.xxx[500]
08:46:17 ipsec,debug,packet f18810a0 f309cd13 af3d6cdf 95017316 05100201 00000000 0000006c a0be30c0
08:46:17 ipsec,debug,packet a2e83de1 0e2eeab1 2e0c30a2 54aa02aa fb8d476b c9646594 a861606e 2de79992
08:46:17 ipsec,debug,packet fa72b001 2a0f8d59 beb2af4f 3cea9e33 6c0704da 3f290a4a 2b0e9cf4 f3410fe3
08:46:17 ipsec,debug,packet 0dac0a93 30abf4b5 c1a6c1ce
08:46:17 ipsec,debug encryption(aes)
08:46:17 ipsec,debug IV was saved for next processing:
08:46:17 ipsec,debug f3410fe3 0dac0a93 30abf4b5 c1a6c1ce
08:46:17 ipsec,debug encryption(aes)
08:46:17 ipsec,debug with key:
08:46:17 ipsec,debug 96d039ce 77d263f8 d0224452 6581387d 4a8eddb7 937d52cd ad49e01f 9673741c
08:46:17 ipsec,debug decrypted payload by IV:
08:46:17 ipsec,debug c830f7cd c18f8895 461de6e1 5f9e8bb6
08:46:17 ipsec,debug decrypted payload, but not trimed.
08:46:17 ipsec,debug 0800000c 011101f4 c0a8c8c4 0b000018 2b3dbceb 67a685db 34b4b511 91e7c813
08:46:17 ipsec,debug c4ee55d2 0000001c 00000001 01106002 f18810a0 f309cd13 af3d6cdf 95017316
08:46:17 ipsec,debug 00000000 00000000 00000000 00000010
08:46:17 ipsec,debug padding len=17
08:46:17 ipsec,debug skip to trim padding.
08:46:17 ipsec,debug decrypted.
08:46:17 ipsec,debug f18810a0 f309cd13 af3d6cdf 95017316 05100201 00000000 0000006c 0800000c
08:46:17 ipsec,debug 011101f4 c0a8c8c4 0b000018 2b3dbceb 67a685db 34b4b511 91e7c813 c4ee55d2
08:46:17 ipsec,debug 0000001c 00000001 01106002 f18810a0 f309cd13 af3d6cdf 95017316 00000000
08:46:17 ipsec,debug 00000000 00000000 00000010
08:46:17 ipsec,debug begin.
08:46:17 ipsec,debug seen nptype=5(id) len=12
08:46:17 ipsec,debug seen nptype=8(hash) len=24
08:46:17 ipsec,debug seen nptype=11(notify) len=28
08:46:17 ipsec,debug succeed.
08:46:17 ipsec,debug 192.168.200.196 Notify Message received
08:46:17 ipsec,debug HASH received:
08:46:17 ipsec,debug 2b3dbceb 67a685db 34b4b511 91e7c813 c4ee55d2
08:46:17 ipsec,debug HASH with:
08:46:17 ipsec,debug 166674e0 80ba64f2 94e55b51 0abad9d4 f07950c1 6b03f1e0 d1a03ac4 9f63d08f
08:46:17 ipsec,debug 3d581a27 e867555a 23deac2e fe264568 69f67afa b82eb4bc a3efcf24 f0436f29
08:46:17 ipsec,debug b7d39dc2 7e18b2cf 1385df19 9dc56f88 1d4a889a 8490bb07 4f6e3fa4 66414539
08:46:17 ipsec,debug a2c46c06 183ae0ca 2e205cc4 35739ffd 6d3b6721 cf1c385b 0d5a9911 c1424d96
08:46:17 ipsec,debug 2f3ef62a 05341a9d 0721b9a5 024f5fb1 287fe0a0 bfe2101e 6c0b984f 0205047b
08:46:17 ipsec,debug 29a9da9c bd822b56 f9525289 06d9d19d 371b8182 f2423440 0bb9b069 b57cbaf7
08:46:17 ipsec,debug 0938b132 8e63d4be db8f7ef1 a1c15271 e2d99b02 736e60d1 8209b5ab 927366d3
08:46:17 ipsec,debug ee388759 37d1b374 36439a34 59cdf18c cf64bfc2 edc3944a 578200b7 e05af836
08:46:17 ipsec,debug f18810a0 f309cd13 af3d6cdf 95017316 00000001 00000001 000001f8 0101000e
08:46:17 ipsec,debug 03000024 01010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
08:46:17 ipsec,debug 8004000e 03000024 02010000 800b0001 800c0e10 80010007 800e0100 80030001
08:46:17 ipsec,debug 80020002 8004000e 03000024 03010000 800b0001 800c0e10 80010007 800e0100
08:46:17 ipsec,debug 80030001 80020001 8004000e 03000024 04010000 800b0001 800c0e10 80010007
08:46:17 ipsec,debug 800e0100 80030001 80020006 8004000e 03000024 05010000 800b0001 800c0e10
08:46:17 ipsec,debug 80010007 800e0100 80030001 80020004 80040005 03000024 06010000 800b0001
08:46:17 ipsec,debug 800c0e10 80010007 800e0100 80030001 80020002 80040005 03000024 07010000
08:46:17 ipsec,debug 800b0001 800c0e10 80010007 800e0100 80030001 80020001 80040005 03000024
08:46:17 ipsec,debug 08010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004 80040002
08:46:17 ipsec,debug 03000024 09010000 800b0001 800c0e10 80010007 800e0100 80030001 80020002
08:46:17 ipsec,debug 80040002 03000024 0a010000 800b0001 800c0e10 80010007 800e0100 80030001
08:46:17 ipsec,debug 80020001 80040002 03000024 0b010000 800b0001 800c0e10 80010007 800e0080
08:46:17 ipsec,debug 80030001 80020002 80040002 03000024 0c010000 800b0001 800c0e10 80010007
08:46:17 ipsec,debug 800e0080 80030001 80020001 80040002 03000020 0d010000 800b0001 800c0e10
08:46:17 ipsec,debug 80010005 80030001 80020002 80040002 00000020 0e010000 800b0001 800c0e10
08:46:17 ipsec,debug 80010005 80030001 80020001 80040002 011101f4 c0a8c8c4
08:46:17 ipsec,debug hmac(hmac_sha1)
08:46:17 ipsec,debug HASH computed:
08:46:17 ipsec,debug 2b3dbceb 67a685db 34b4b511 91e7c813 c4ee55d2
08:46:17 ipsec,debug HASH for PSK validated.
08:46:17 ipsec,debug 192.168.200.196 peer's ID
08:46:17 ipsec,debug 011101f4 c0a8c8c4
08:46:17 ipsec,debug ===
08:46:17 ipsec,debug use ID type of IPv4_address
08:46:17 ipsec,debug generate HASH_R
08:46:17 ipsec,debug HASH with:
08:46:17 ipsec,debug 2f3ef62a 05341a9d 0721b9a5 024f5fb1 287fe0a0 bfe2101e 6c0b984f 0205047b
08:46:17 ipsec,debug 29a9da9c bd822b56 f9525289 06d9d19d 371b8182 f2423440 0bb9b069 b57cbaf7
08:46:17 ipsec,debug 0938b132 8e63d4be db8f7ef1 a1c15271 e2d99b02 736e60d1 8209b5ab 927366d3
08:46:17 ipsec,debug ee388759 37d1b374 36439a34 59cdf18c cf64bfc2 edc3944a 578200b7 e05af836
08:46:17 ipsec,debug 166674e0 80ba64f2 94e55b51 0abad9d4 f07950c1 6b03f1e0 d1a03ac4 9f63d08f
08:46:17 ipsec,debug 3d581a27 e867555a 23deac2e fe264568 69f67afa b82eb4bc a3efcf24 f0436f29
08:46:17 ipsec,debug b7d39dc2 7e18b2cf 1385df19 9dc56f88 1d4a889a 8490bb07 4f6e3fa4 66414539
08:46:17 ipsec,debug a2c46c06 183ae0ca 2e205cc4 35739ffd 6d3b6721 cf1c385b 0d5a9911 c1424d96
08:46:17 ipsec,debug af3d6cdf 95017316 f18810a0 f309cd13 00000001 00000001 000001f8 0101000e
08:46:17 ipsec,debug 03000024 01010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
08:46:17 ipsec,debug 8004000e 03000024 02010000 800b0001 800c0e10 80010007 800e0100 80030001
08:46:17 ipsec,debug 80020002 8004000e 03000024 03010000 800b0001 800c0e10 80010007 800e0100
08:46:17 ipsec,debug 80030001 80020001 8004000e 03000024 04010000 800b0001 800c0e10 80010007
08:46:17 ipsec,debug 800e0100 80030001 80020006 8004000e 03000024 05010000 800b0001 800c0e10
08:46:17 ipsec,debug 80010007 800e0100 80030001 80020004 80040005 03000024 06010000 800b0001
08:46:17 ipsec,debug 800c0e10 80010007 800e0100 80030001 80020002 80040005 03000024 07010000
08:46:17 ipsec,debug 800b0001 800c0e10 80010007 800e0100 80030001 80020001 80040005 03000024
08:46:17 ipsec,debug 08010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004 80040002
08:46:17 ipsec,debug 03000024 09010000 800b0001 800c0e10 80010007 800e0100 80030001 80020002
08:46:17 ipsec,debug 80040002 03000024 0a010000 800b0001 800c0e10 80010007 800e0100 80030001
08:46:17 ipsec,debug 80020001 80040002 03000024 0b010000 800b0001 800c0e10 80010007 800e0080
08:46:17 ipsec,debug 80030001 80020002 80040002 03000024 0c010000 800b0001 800c0e10 80010007
08:46:17 ipsec,debug 800e0080 80030001 80020001 80040002 03000020 0d010000 800b0001 800c0e10
08:46:17 ipsec,debug 80010005 80030001 80020002 80040002 00000020 0e010000 800b0001 800c0e10
08:46:17 ipsec,debug 80010005 80030001 80020001 80040002 011101f4 bc7a0020
08:46:17 ipsec,debug hmac(hmac_sha1)
08:46:17 ipsec,debug HASH computed:
08:46:17 ipsec,debug 38bd21e2 f73113a0 f02d0dc1 ed961a3d 085b4d1d
08:46:17 ipsec,debug add payload of len 8, next type 8
08:46:17 ipsec,debug add payload of len 20, next type 0
08:46:17 ipsec,debug begin encryption.
08:46:17 ipsec,debug encryption(aes)
08:46:17 ipsec,debug pad length = 12
08:46:17 ipsec,debug 0800000c 011101f4 bc7a0020 00000018 38bd21e2 f73113a0 f02d0dc1 ed961a3d
08:46:17 ipsec,debug 085b4d1d 809da9a6 d8f7a7bf cada890b
08:46:17 ipsec,debug encryption(aes)
08:46:17 ipsec,debug with key:
08:46:17 ipsec,debug 96d039ce 77d263f8 d0224452 6581387d 4a8eddb7 937d52cd ad49e01f 9673741c
08:46:17 ipsec,debug encrypted payload by IV:
08:46:17 ipsec,debug f3410fe3 0dac0a93 30abf4b5 c1a6c1ce
08:46:17 ipsec,debug save IV for next:
08:46:17 ipsec,debug 063dd527 5467bd5e ed21b483 27b26b85
08:46:17 ipsec,debug encrypted.
08:46:17 ipsec,debug 76 bytes from xxx.xxx.xxx.xxx[500] to 192.168.200.196[500]
08:46:17 ipsec,debug 1 times of 76 bytes message will be sent to 192.168.200.196[500]
08:46:17 ipsec,debug,packet f18810a0 f309cd13 af3d6cdf 95017316 05100201 00000000 0000004c f6e1589e
08:46:17 ipsec,debug,packet 7b2b5172 07def8ae 98822a51 8bcc72a2 ba023bc7 391bd147 6f295952 063dd527
08:46:17 ipsec,debug,packet 5467bd5e ed21b483 27b26b85
08:46:17 ipsec,debug compute IV for phase2
08:46:17 ipsec,debug phase1 last IV:
08:46:17 ipsec,debug 063dd527 5467bd5e ed21b483 27b26b85 8b05ab73
08:46:17 ipsec,debug hash(sha1)
08:46:17 ipsec,debug encryption(aes)
08:46:17 ipsec,debug phase2 IV computed:
08:46:17 ipsec,debug 300f18a7 762ed298 1e2d038b 0fa71d88
08:46:17 ipsec,debug HASH with:
08:46:17 ipsec,debug 8b05ab73 0000001c 00000001 01106002 f18810a0 f309cd13 af3d6cdf 95017316
08:46:17 ipsec,debug hmac(hmac_sha1)
08:46:17 ipsec,debug HASH computed:
08:46:17 ipsec,debug 1b48cb6d eb990141 473681f3 b507b678 0ff50321
08:46:17 ipsec,debug begin encryption.
08:46:17 ipsec,debug encryption(aes)
08:46:17 ipsec,debug pad length = 12
08:46:17 ipsec,debug 0b000018 1b48cb6d eb990141 473681f3 b507b678 0ff50321 0000001c 00000001
08:46:17 ipsec,debug 01106002 f18810a0 f309cd13 af3d6cdf 95017316 e69d9ee6 bbdeebe0 8fa59c0b
08:46:17 ipsec,debug encryption(aes)
08:46:17 ipsec,debug with key:
08:46:17 ipsec,debug 96d039ce 77d263f8 d0224452 6581387d 4a8eddb7 937d52cd ad49e01f 9673741c
08:46:17 ipsec,debug encrypted payload by IV:
08:46:17 ipsec,debug 300f18a7 762ed298 1e2d038b 0fa71d88
08:46:17 ipsec,debug save IV for next:
08:46:17 ipsec,debug ab95a12a 42d0b2ea 878f8e21 ac4573f8
08:46:17 ipsec,debug encrypted.
08:46:17 ipsec,debug 92 bytes from xxx.xxx.xxx.xxx[500] to 192.168.200.196[500]
08:46:17 ipsec,debug 1 times of 92 bytes message will be sent to 192.168.200.196[500]
08:46:17 ipsec,debug,packet f18810a0 f309cd13 af3d6cdf 95017316 08100501 8b05ab73 0000005c 8dbda405
08:46:17 ipsec,debug,packet df0973cf 84f844b3 06cf45d9 594bb9a0 ccd2d851 bc12fd0a 8d4fbab5 79c3bd8d
08:46:17 ipsec,debug,packet aa274acc 69efea29 68ef1e1c ab95a12a 42d0b2ea 878f8e21 ac4573f8
08:46:17 ipsec,info ISAKMP-SA established xxx.xxx.xxx.xxx[500]-192.168.200.196[500] spi:f18810a0f309cd13:af3d6cdf95017316
08:46:17 ipsec,debug ===
08:46:18 ipsec,debug ===== received 284 bytes from 192.168.200.196[500] to xxx.xxx.xxx.xxx[500]
08:46:18 ipsec,debug,packet f18810a0 f309cd13 af3d6cdf 95017316 08102001 4131eefe 0000011c 7727a3e1
08:46:18 ipsec,debug,packet 327457fe 061638bd a6125f5a b9d039f8 e84c1bc6 73bbce07 415de0c5 2fc5a82b
08:46:18 ipsec,debug,packet 0282fc81 4e33b064 46bbe805 2dee14f0 5a3db770 c4d44755 734dc471 11ee6ca9
08:46:18 ipsec,debug,packet 5e76e063 e6832f5c 18f98141 a7a703ff 3141850f 5ac48101 5ef39f1b 4e3a0b66
08:46:18 ipsec,debug,packet 72ef95ce 2a077421 4ab2a75c 3068269c b01b5b16 8fedcf89 2110cce8 28757fb8
08:46:18 ipsec,debug,packet 6320ccb7 3c3fe3d9 85d5f4a3 7f6e0076 e9583676 6b8bfff1 556bdf09 b36d5f4f
08:46:18 ipsec,debug,packet 0b3c5c08 03ea3acb 530cf108 6d71a865 7343f32c c5ca3e4b 7d5832ad 2cdd74d2
08:46:18 ipsec,debug,packet d0ee311c 174ce523 c5e09531 edfd7bb6 297ff02a d05d972d 7c9720b3 6909e064
08:46:18 ipsec,debug,packet bde1c37a b1ed1159 0ca8164c 9c16e331 76403fa2 71992dbd f5879c87
08:46:18 ipsec,debug compute IV for phase2
08:46:18 ipsec,debug phase1 last IV:
08:46:18 ipsec,debug 063dd527 5467bd5e ed21b483 27b26b85 4131eefe
08:46:18 ipsec,debug hash(sha1)
08:46:18 ipsec,debug encryption(aes)
08:46:18 ipsec,debug phase2 IV computed:
08:46:18 ipsec,debug 312f1fdd cc48652b a34124e3 cc641b36
08:46:18 ipsec,debug ===
08:46:18 ipsec,debug encryption(aes)
08:46:18 ipsec,debug IV was saved for next processing:
08:46:18 ipsec,debug 9c16e331 76403fa2 71992dbd f5879c87
08:46:18 ipsec,debug encryption(aes)
08:46:18 ipsec,debug with key:
08:46:18 ipsec,debug 96d039ce 77d263f8 d0224452 6581387d 4a8eddb7 937d52cd ad49e01f 9673741c
08:46:18 ipsec,debug decrypted payload by IV:
08:46:18 ipsec,debug 312f1fdd cc48652b a34124e3 cc641b36
08:46:18 ipsec,debug decrypted payload, but not trimed.
08:46:18 ipsec,debug 01000018 6661e034 e6cf338f 66815976 28127895 956d8d97 0a0000b8 00000001
08:46:18 ipsec,debug 00000001 000000ac 01030406 07ab7c59 0300001c 010c0000 80010001 80020e10
08:46:18 ipsec,debug 80040002 80060100 80050002 0300001c 020c0000 80010001 80020e10 80040002
08:46:18 ipsec,debug 80060100 80050001 0300001c 030c0000 80010001 80020e10 80040002 80060080
08:46:18 ipsec,debug 80050002 0300001c 040c0000 80010001 80020e10 80040002 80060080 80050001
08:46:18 ipsec,debug 03000018 05030000 80010001 80020e10 80040002 80050002 00000018 06030000
08:46:18 ipsec,debug 80010001 80020e10 80040002 80050001 05000014 5cea8380 ed0b5cf8 e0b3fbec
08:46:18 ipsec,debug b3200405 0500000c 0111d879 c0a8c8c4 0000000c 011106a5 bc7a0020 00000004
08:46:18 ipsec,debug padding len=5
08:46:18 ipsec,debug skip to trim padding.
08:46:18 ipsec,debug decrypted.
08:46:18 ipsec,debug f18810a0 f309cd13 af3d6cdf 95017316 08102001 4131eefe 0000011c 01000018
08:46:18 ipsec,debug 6661e034 e6cf338f 66815976 28127895 956d8d97 0a0000b8 00000001 00000001
08:46:18 ipsec,debug 000000ac 01030406 07ab7c59 0300001c 010c0000 80010001 80020e10 80040002
08:46:18 ipsec,debug 80060100 80050002 0300001c 020c0000 80010001 80020e10 80040002 80060100
08:46:18 ipsec,debug 80050001 0300001c 030c0000 80010001 80020e10 80040002 80060080 80050002
08:46:18 ipsec,debug 0300001c 040c0000 80010001 80020e10 80040002 80060080 80050001 03000018
08:46:18 ipsec,debug 05030000 80010001 80020e10 80040002 80050002 00000018 06030000 80010001
08:46:18 ipsec,debug 80020e10 80040002 80050001 05000014 5cea8380 ed0b5cf8 e0b3fbec b3200405
08:46:18 ipsec,debug 0500000c 0111d879 c0a8c8c4 0000000c 011106a5 bc7a0020 00000004
08:46:18 ipsec,debug begin.
08:46:18 ipsec,debug seen nptype=8(hash) len=24
08:46:18 ipsec,debug seen nptype=1(sa) len=184
08:46:18 ipsec,debug seen nptype=10(nonce) len=20
08:46:18 ipsec,debug seen nptype=5(id) len=12
08:46:18 ipsec,debug seen nptype=5(id) len=12
08:46:18 ipsec,debug succeed.
08:46:18 ipsec,debug received IDci2:
08:46:18 ipsec,debug 0111d879 c0a8c8c4
08:46:18 ipsec,debug received IDcr2:
08:46:18 ipsec,debug 011106a5 bc7a0020
08:46:18 ipsec,debug HASH(1) validate:
08:46:18 ipsec,debug 6661e034 e6cf338f 66815976 28127895 956d8d97
08:46:18 ipsec,debug HASH with:
08:46:18 ipsec,debug 4131eefe 0a0000b8 00000001 00000001 000000ac 01030406 07ab7c59 0300001c
08:46:18 ipsec,debug 010c0000 80010001 80020e10 80040002 80060100 80050002 0300001c 020c0000
08:46:18 ipsec,debug 80010001 80020e10 80040002 80060100 80050001 0300001c 030c0000 80010001
08:46:18 ipsec,debug 80020e10 80040002 80060080 80050002 0300001c 040c0000 80010001 80020e10
08:46:18 ipsec,debug 80040002 80060080 80050001 03000018 05030000 80010001 80020e10 80040002
08:46:18 ipsec,debug 80050002 00000018 06030000 80010001 80020e10 80040002 80050001 05000014
08:46:18 ipsec,debug 5cea8380 ed0b5cf8 e0b3fbec b3200405 0500000c 0111d879 c0a8c8c4 0000000c
08:46:18 ipsec,debug 011106a5 bc7a0020
08:46:18 ipsec,debug hmac(hmac_sha1)
08:46:18 ipsec,debug HASH computed:
08:46:18 ipsec,debug 6661e034 e6cf338f 66815976 28127895 956d8d97
08:46:18 ipsec,debug total SA len=180
08:46:18 ipsec,debug 00000001 00000001 000000ac 01030406 07ab7c59 0300001c 010c0000 80010001
08:46:18 ipsec,debug 80020e10 80040002 80060100 80050002 0300001c 020c0000 80010001 80020e10
08:46:18 ipsec,debug 80040002 80060100 80050001 0300001c 030c0000 80010001 80020e10 80040002
08:46:18 ipsec,debug 80060080 80050002 0300001c 040c0000 80010001 80020e10 80040002 80060080
08:46:18 ipsec,debug 80050001 03000018 05030000 80010001 80020e10 80040002 80050002 00000018
08:46:18 ipsec,debug 06030000 80010001 80020e10 80040002 80050001
08:46:18 ipsec,debug begin.
08:46:18 ipsec,debug seen nptype=2(prop) len=172
08:46:18 ipsec,debug succeed.
08:46:18 ipsec,debug proposal #1 len=172
08:46:18 ipsec,debug begin.
08:46:18 ipsec,debug seen nptype=3(trns) len=28
08:46:18 ipsec,debug seen nptype=3(trns) len=28
08:46:18 ipsec,debug seen nptype=3(trns) len=28
08:46:18 ipsec,debug seen nptype=3(trns) len=28
08:46:18 ipsec,debug seen nptype=3(trns) len=24
08:46:18 ipsec,debug seen nptype=3(trns) len=24
08:46:18 ipsec,debug succeed.
08:46:18 ipsec,debug transform #1 len=28
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug life duration was in TLV.
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
08:46:18 ipsec,debug transform #2 len=28
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug life duration was in TLV.
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
08:46:18 ipsec,debug transform #3 len=28
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug life duration was in TLV.
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Key Length, flag=0x8000, lorv=128
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
08:46:18 ipsec,debug transform #4 len=28
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug life duration was in TLV.
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Key Length, flag=0x8000, lorv=128
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
08:46:18 ipsec,debug transform #5 len=24
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug life duration was in TLV.
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
08:46:18 ipsec,debug transform #6 len=24
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug life duration was in TLV.
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
08:46:18 ipsec,debug pair 1:
08:46:18 ipsec,debug  0x48a3a8: next=(nil) tnext=0x48a5c8
08:46:18 ipsec,debug   0x48a5c8: next=(nil) tnext=0x48a5e0
08:46:18 ipsec,debug    0x48a5e0: next=(nil) tnext=0x48a5f8
08:46:18 ipsec,debug     0x48a5f8: next=(nil) tnext=0x48a9b8
08:46:18 ipsec,debug      0x48a9b8: next=(nil) tnext=0x48a9d0
08:46:18 ipsec,debug       0x48a9d0: next=(nil) tnext=(nil)
08:46:18 ipsec,debug proposal #1: 6 transform
08:46:18 ipsec,debug got the peer address from ID payload anonymous prefixlen=0 ul_proto=17
08:46:18 ipsec,debug got the local address from ID payload xxx.xxx.xxx.xxx[1701] prefixlen=32 ul_proto=17
08:46:18 ipsec,debug updating policy address because of NAT in transport mode
08:46:18 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=5:5)
08:46:18 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
08:46:18 ipsec,debug   (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
08:46:18 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
08:46:18 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
08:46:18 ipsec,debug begin compare proposals.
08:46:18 ipsec,debug pair[1]: 0x48a3a8
08:46:18 ipsec,debug  0x48a3a8: next=(nil) tnext=0x48a5c8
08:46:18 ipsec,debug   0x48a5c8: next=(nil) tnext=0x48a5e0
08:46:18 ipsec,debug    0x48a5e0: next=(nil) tnext=0x48a5f8
08:46:18 ipsec,debug     0x48a5f8: next=(nil) tnext=0x48a9b8
08:46:18 ipsec,debug      0x48a9b8: next=(nil) tnext=0x48a9d0
08:46:18 ipsec,debug       0x48a9d0: next=(nil) tnext=(nil)
08:46:18 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=1 trns-id=AES-CBC
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
08:46:18 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=2 trns-id=AES-CBC
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
08:46:18 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=3 trns-id=AES-CBC
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Key Length, flag=0x8000, lorv=128
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
08:46:18 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=4 trns-id=AES-CBC
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Key Length, flag=0x8000, lorv=128
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
08:46:18 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=5 trns-id=3DES
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
08:46:18 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=6 trns-id=3DES
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
08:46:18 ipsec,debug peer's single bundle:
08:46:18 ipsec,debug  (proto_id=ESP spisize=4 spi=07ab7c59 spi_p=00000000 encmode=Transport reqid=0:0)
08:46:18 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
08:46:18 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-md5)
08:46:18 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
08:46:18 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-md5)
08:46:18 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
08:46:18 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-md5)
08:46:18 ipsec,debug my single bundle:
08:46:18 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=5:5)
08:46:18 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
08:46:18 ipsec,debug   (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
08:46:18 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
08:46:18 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
08:46:18 ipsec,debug matched
08:46:18 ipsec,debug ===
08:46:18 ipsec,debug call pfkey_send_getspi 17d965e3
08:46:18 ipsec,debug pfkey GETSPI sent: ESP/Transport 192.168.200.196[500]->xxx.xxx.xxx.xxx[500]
08:46:18 ipsec,debug pfkey getspi sent.
08:46:18 ipsec,debug total SA len=48
08:46:18 ipsec,debug 00000001 00000001 00000028 01030401 00000000 0000001c 010c0000 80010001
08:46:18 ipsec,debug 80020e10 80040002 80060100 80050002
08:46:18 ipsec,debug begin.
08:46:18 ipsec,debug seen nptype=2(prop) len=40
08:46:18 ipsec,debug succeed.
08:46:18 ipsec,debug proposal #1 len=40
08:46:18 ipsec,debug begin.
08:46:18 ipsec,debug seen nptype=3(trns) len=28
08:46:18 ipsec,debug succeed.
08:46:18 ipsec,debug transform #1 len=28
08:46:18 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
08:46:18 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
08:46:18 ipsec,debug life duration was in TLV.
08:46:18 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
08:46:18 ipsec,debug type=Key Length, flag=0x8000, lorv=256
08:46:18 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
08:46:18 ipsec,debug pair 1:
08:46:18 ipsec,debug  0x489eb8: next=(nil) tnext=(nil)
08:46:18 ipsec,debug proposal #1: 1 transform
08:46:18 ipsec,debug add payload of len 48, next type 10
08:46:18 ipsec,debug add payload of len 24, next type 5
08:46:18 ipsec,debug add payload of len 8, next type 5
08:46:18 ipsec,debug add payload of len 8, next type 0
08:46:18 ipsec,debug HASH with:
08:46:18 ipsec,debug 4131eefe 5cea8380 ed0b5cf8 e0b3fbec b3200405 0a000034 00000001 00000001
08:46:18 ipsec,debug 00000028 01030401 01936c2e 0000001c 010c0000 80010001 80020e10 80040002
08:46:18 ipsec,debug 80060100 80050002 0500001c a2cc8300 35dde691 63dbfbd5 23f03cd3 9de0024a
08:46:18 ipsec,debug ea10d79b 0500000c 0111d879 c0a8c8c4 0000000c 011106a5 bc7a0020
08:46:18 ipsec,debug hmac(hmac_sha1)
08:46:18 ipsec,debug HASH computed:
08:46:18 ipsec,debug 022563da f9dfb7f1 60f76946 9314488a f3c96807
08:46:18 ipsec,debug add payload of len 20, next type 1
08:46:18 ipsec,debug begin encryption.
08:46:18 ipsec,debug encryption(aes)
08:46:18 ipsec,debug pad length = 16
08:46:18 ipsec,debug 01000018 022563da f9dfb7f1 60f76946 9314488a f3c96807 0a000034 00000001
08:46:18 ipsec,debug 00000001 00000028 01030401 01936c2e 0000001c 010c0000 80010001 80020e10
08:46:18 ipsec,debug 80040002 80060100 80050002 0500001c a2cc8300 35dde691 63dbfbd5 23f03cd3
08:46:18 ipsec,debug 9de0024a ea10d79b 0500000c 0111d879 c0a8c8c4 0000000c 011106a5 bc7a0020
08:46:18 ipsec,debug bdf9cbd5 c8b48aa0 a3a5a7d1 e982d40f
08:46:18 ipsec,debug encryption(aes)
08:46:18 ipsec,debug with key:
08:46:18 ipsec,debug 96d039ce 77d263f8 d0224452 6581387d 4a8eddb7 937d52cd ad49e01f 9673741c
08:46:18 ipsec,debug encrypted payload by IV:
08:46:18 ipsec,debug 9c16e331 76403fa2 71992dbd f5879c87
08:46:18 ipsec,debug save IV for next:
08:46:18 ipsec,debug 1c7c44ee 14b4b00b 7aa9afe2 9cbfe3ed
08:46:18 ipsec,debug encrypted.
08:46:18 ipsec,debug 172 bytes from xxx.xxx.xxx.xxx[500] to 192.168.200.196[500]
08:46:18 ipsec,debug 1 times of 172 bytes message will be sent to 192.168.200.196[500]
08:46:18 ipsec,debug,packet f18810a0 f309cd13 af3d6cdf 95017316 08102001 4131eefe 000000ac addc6080
08:46:18 ipsec,debug,packet d3ced678 773c87c4 132981b5 8b097091 6f2d65f0 ad7e59d4 36c5ab3d 1d199fa6
08:46:18 ipsec,debug,packet f8fde333 1649cf9d b7b3bae9 6c43c46b 07d80849 8ce32285 d9633ebc d511f3ac
08:46:18 ipsec,debug,packet 9d24458d de8009b9 ba6932d5 bfbffe5f b0f4e4b8 8ba0675d 664a4dea 09898c91
08:46:18 ipsec,debug,packet 80c2342e 54ef4645 f74c366b aae0914f c6a463e2 da758035 93b71bfd 1c7c44ee
08:46:18 ipsec,debug,packet 14b4b00b 7aa9afe2 9cbfe3ed
08:46:18 ipsec,debug ===== received 60 bytes from 192.168.200.196[500] to xxx.xxx.xxx.xxx[500]
08:46:18 ipsec,debug,packet f18810a0 f309cd13 af3d6cdf 95017316 08102001 4131eefe 0000003c 0f6873c0
08:46:18 ipsec,debug,packet 4cf3e0e0 1ef6ec03 2cfa6d15 14eca9b3 18fe545b 6f3cad94 65f64562
08:46:18 ipsec,debug encryption(aes)
08:46:18 ipsec,debug IV was saved for next processing:
08:46:18 ipsec,debug 14eca9b3 18fe545b 6f3cad94 65f64562
08:46:18 ipsec,debug encryption(aes)
08:46:18 ipsec,debug with key:
08:46:18 ipsec,debug 96d039ce 77d263f8 d0224452 6581387d 4a8eddb7 937d52cd ad49e01f 9673741c
08:46:18 ipsec,debug decrypted payload by IV:
08:46:18 ipsec,debug 1c7c44ee 14b4b00b 7aa9afe2 9cbfe3ed
08:46:18 ipsec,debug decrypted payload, but not trimed.
08:46:18 ipsec,debug 00000018 64c82c9a efa254ff 0e26f362 9234632d 6e273da7 00000000 00000008
08:46:18 ipsec,debug padding len=9
08:46:18 ipsec,debug skip to trim padding.
08:46:18 ipsec,debug decrypted.
08:46:18 ipsec,debug f18810a0 f309cd13 af3d6cdf 95017316 08102001 4131eefe 0000003c 00000018
08:46:18 ipsec,debug 64c82c9a efa254ff 0e26f362 9234632d 6e273da7 00000000 00000008
08:46:18 ipsec,debug begin.
08:46:18 ipsec,debug seen nptype=8(hash) len=24
08:46:18 ipsec,debug succeed.
08:46:18 ipsec,debug HASH(3) validate:
08:46:18 ipsec,debug 64c82c9a efa254ff 0e26f362 9234632d 6e273da7
08:46:18 ipsec,debug HASH with:
08:46:18 ipsec,debug 004131ee fe5cea83 80ed0b5c f8e0b3fb ecb32004 05a2cc83 0035dde6 9163dbfb
08:46:18 ipsec,debug d523f03c d39de002 4aea10d7 9b
08:46:18 ipsec,debug hmac(hmac_sha1)
08:46:18 ipsec,debug HASH computed:
08:46:18 ipsec,debug 64c82c9a efa254ff 0e26f362 9234632d 6e273da7
08:46:18 ipsec,debug ===
08:46:18 ipsec,debug KEYMAT compute with
08:46:18 ipsec,debug 0301936c 2e5cea83 80ed0b5c f8e0b3fb ecb32004 05a2cc83 0035dde6 9163dbfb
08:46:18 ipsec,debug d523f03c d39de002 4aea10d7 9b
08:46:18 ipsec,debug hmac(hmac_sha1)
08:46:18 ipsec,debug encryption(aes-cbc)
08:46:18 ipsec,debug hmac(sha1)
08:46:18 ipsec,debug encklen=256 authklen=160
08:46:18 ipsec,debug generating 640 bits of key (dupkeymat=4)
08:46:18 ipsec,debug generating K1...K4 for KEYMAT.
08:46:18 ipsec,debug hmac(hmac_sha1)
08:46:18 ipsec,debug hmac(hmac_sha1)
08:46:18 ipsec,debug hmac(hmac_sha1)
08:46:18 ipsec,debug e4c3a890 6a1e892a 82fddcb6 6712445f 57e5f044 ca3a0c71 1280c1e9 947bdb2c
08:46:18 ipsec,debug dc9c7760 abc738c3 6e15a74f c3842abf 1f18c270 03e16ebb 27978866 773eb890
08:46:18 ipsec,debug 4e00e916 9f83be5f c573fa63 8716f39f
08:46:18 ipsec,debug KEYMAT compute with
08:46:18 ipsec,debug 0307ab7c 595cea83 80ed0b5c f8e0b3fb ecb32004 05a2cc83 0035dde6 9163dbfb
08:46:18 ipsec,debug d523f03c d39de002 4aea10d7 9b
08:46:18 ipsec,debug hmac(hmac_sha1)
08:46:18 ipsec,debug encryption(aes-cbc)
08:46:18 ipsec,debug hmac(sha1)
08:46:18 ipsec,debug encklen=256 authklen=160
08:46:18 ipsec,debug generating 640 bits of key (dupkeymat=4)
08:46:18 ipsec,debug generating K1...K4 for KEYMAT.
08:46:18 ipsec,debug hmac(hmac_sha1)
08:46:18 ipsec,debug hmac(hmac_sha1)
08:46:18 ipsec,debug hmac(hmac_sha1)
08:46:18 ipsec,debug 1114ff76 8a6bd136 3dc31096 f9635534 287cfd84 27a00ca5 9688202c 18cf51e9
08:46:18 ipsec,debug 4830a7f7 1d32f853 0b714f06 d2e84f88 ca2489d4 285fbad8 0be9f16e f10d9ff4
08:46:18 ipsec,debug af4d33c2 cb3c3250 92aae138 7f49d994
08:46:18 ipsec,debug KEYMAT computed.
08:46:18 ipsec,debug call pk_sendupdate
08:46:18 ipsec,debug encryption(aes-cbc)
08:46:18 ipsec,debug hmac(sha1)
08:46:18 ipsec,debug call pfkey_send_update_nat
08:46:18 ipsec,debug pfkey update sent.
08:46:18 ipsec,debug encryption(aes-cbc)
08:46:18 ipsec,debug hmac(sha1)
08:46:18 ipsec,debug call pfkey_send_add_nat
08:46:18 ipsec,debug pfkey add sent.
08:46:19 l2tp,info first L2TP UDP packet received from 192.168.200.196
08:46:19 ipsec,debug ===== received 76 bytes from 192.168.200.196[500] to xxx.xxx.xxx.xxx[500]
08:46:19 ipsec,debug,packet f18810a0 f309cd13 af3d6cdf 95017316 08100501 a44e5466 0000004c f7f5bde5
08:46:19 ipsec,debug,packet 20c2afbd a779cf52 096d0907 0044ad10 b1c3d4d4 458f8eaf 5867951b c80f661a
08:46:19 ipsec,debug,packet 167187cd d0d17eca 031b4685
08:46:19 ipsec,debug compute IV for phase2
08:46:19 ipsec,debug phase1 last IV:
08:46:19 ipsec,debug 063dd527 5467bd5e ed21b483 27b26b85 a44e5466
08:46:19 ipsec,debug hash(sha1)
08:46:19 ipsec,debug encryption(aes)
08:46:19 ipsec,debug phase2 IV computed:
08:46:19 ipsec,debug 4406a30f f73eaf8f 45f810d2 42a95946
08:46:19 ipsec,debug encryption(aes)
08:46:19 ipsec,debug IV was saved for next processing:
08:46:19 ipsec,debug c80f661a 167187cd d0d17eca 031b4685
08:46:19 ipsec,debug encryption(aes)
08:46:19 ipsec,debug with key:
08:46:19 ipsec,debug 96d039ce 77d263f8 d0224452 6581387d 4a8eddb7 937d52cd ad49e01f 9673741c
08:46:19 ipsec,debug decrypted payload by IV:
08:46:19 ipsec,debug 4406a30f f73eaf8f 45f810d2 42a95946
08:46:19 ipsec,debug decrypted payload, but not trimed.
08:46:19 ipsec,debug 0c000018 8bc5c323 3c95de0d 5ec133c5 05106193 33ce8134 00000010 00000001
08:46:19 ipsec,debug 03040001 07ab7c59 00000000 00000008
08:46:19 ipsec,debug padding len=9
08:46:19 ipsec,debug skip to trim padding.
08:46:19 ipsec,debug decrypted.
08:46:19 ipsec,debug f18810a0 f309cd13 af3d6cdf 95017316 08100501 a44e5466 0000004c 0c000018
08:46:19 ipsec,debug 8bc5c323 3c95de0d 5ec133c5 05106193 33ce8134 00000010 00000001 03040001
08:46:19 ipsec,debug 07ab7c59 00000000 00000008
08:46:19 ipsec,debug HASH with:
08:46:19 ipsec,debug a44e5466 00000010 00000001 03040001 07ab7c59
08:46:19 ipsec,debug hmac(hmac_sha1)
08:46:19 ipsec,debug HASH computed:
08:46:19 ipsec,debug 8bc5c323 3c95de0d 5ec133c5 05106193 33ce8134
08:46:19 ipsec,debug hash validated.
08:46:19 ipsec,debug begin.
08:46:19 ipsec,debug seen nptype=8(hash) len=24
08:46:19 ipsec,debug seen nptype=12(delete) len=16
08:46:19 ipsec,debug succeed.
08:46:19 ipsec,debug 192.168.200.196 delete payload for protocol ESP
08:46:19 ipsec,debug an undead schedule has been deleted.
08:46:19 ipsec,debug purged SAs.
08:46:19 ipsec,debug ===== received 92 bytes from 192.168.200.196[500] to xxx.xxx.xxx.xxx[500]
08:46:19 ipsec,debug,packet f18810a0 f309cd13 af3d6cdf 95017316 08100501 fc570182 0000005c c0c96279
08:46:19 ipsec,debug,packet f6fe9773 e9337be4 200869c1 060d0a0e 18a6db24 e2700289 41a098c0 b2595442
08:46:19 ipsec,debug,packet 1d13f098 939dbcc5 a778e8c6 9456461b c8e21fe7 0a4ae25e 66b7fbd9
08:46:19 ipsec,debug compute IV for phase2
08:46:19 ipsec,debug phase1 last IV:
08:46:19 ipsec,debug 063dd527 5467bd5e ed21b483 27b26b85 fc570182
08:46:19 ipsec,debug hash(sha1)
08:46:19 ipsec,debug encryption(aes)
08:46:19 ipsec,debug phase2 IV computed:
08:46:19 ipsec,debug e3442be5 1659f527 5e65e71c e2de92d8
08:46:19 ipsec,debug encryption(aes)
08:46:19 ipsec,debug IV was saved for next processing:
08:46:19 ipsec,debug 9456461b c8e21fe7 0a4ae25e 66b7fbd9
08:46:19 ipsec,debug encryption(aes)
08:46:19 ipsec,debug with key:
08:46:19 ipsec,debug 96d039ce 77d263f8 d0224452 6581387d 4a8eddb7 937d52cd ad49e01f 9673741c
08:46:19 ipsec,debug decrypted payload by IV:
08:46:19 ipsec,debug e3442be5 1659f527 5e65e71c e2de92d8
08:46:19 ipsec,debug decrypted payload, but not trimed.
08:46:19 ipsec,debug 0c000018 6149822f 5824e347 34d67871 0ae077f6 6d32b063 0000001c 00000001
08:46:19 ipsec,debug 01100001 f18810a0 f309cd13 af3d6cdf 95017316 00000000 00000000 0000000c
08:46:19 ipsec,debug padding len=13
08:46:19 ipsec,debug skip to trim padding.
08:46:19 ipsec,debug decrypted.
08:46:19 ipsec,debug f18810a0 f309cd13 af3d6cdf 95017316 08100501 fc570182 0000005c 0c000018
08:46:19 ipsec,debug 6149822f 5824e347 34d67871 0ae077f6 6d32b063 0000001c 00000001 01100001
08:46:19 ipsec,debug f18810a0 f309cd13 af3d6cdf 95017316 00000000 00000000 0000000c
08:46:19 ipsec,debug HASH with:
08:46:19 ipsec,debug fc570182 0000001c 00000001 01100001 f18810a0 f309cd13 af3d6cdf 95017316
08:46:19 ipsec,debug hmac(hmac_sha1)
08:46:19 ipsec,debug HASH computed:
08:46:19 ipsec,debug 6149822f 5824e347 34d67871 0ae077f6 6d32b063
08:46:19 ipsec,debug hash validated.
08:46:19 ipsec,debug begin.
08:46:19 ipsec,debug seen nptype=8(hash) len=24
08:46:19 ipsec,debug seen nptype=12(delete) len=28
08:46:19 ipsec,debug succeed.
08:46:19 ipsec,debug 192.168.200.196 delete payload for protocol ISAKMP
08:46:19 ipsec,info purging ISAKMP-SA xxx.xxx.xxx.xxx[500]<=>192.168.200.196[500] spi=f18810a0f309cd13:af3d6cdf95017316.
08:46:19 ipsec,debug purged SAs.
08:46:20 ipsec,info ISAKMP-SA deleted xxx.xxx.xxx.xxx[[500]-192.168.200.196[500] spi:f18810a0f309cd13:af3d6cdf95017316 rekey:1
08:46:20 ipsec,debug an undead schedule has been deleted.
[admin@MikroTik] /log>

After 2 days I run out of options…

Please give me some advice.

try wish sha1

I’m afraid that the issue is not a mismatch of the authentication and encryption alghoritms configured but your unusual test setup.

You’ve connected your iPhone to Mikrotik’s LAN and configured the L2TP/IPsec to contact the public IP of the Mikrotik. This means that the Mikrotik accepts the UDP connection and assumes the public address to be used for the IPsec security association, but it sends the response packets with its LAN address as source, so the client detects a NAT based on the difference between the actual source address and the peer address inside them:

08:46:18 ipsec,debug updating policy address because of NAT in transport mode

However, your peer configuration lacks the ****

nat-traversal

setting and the default value is

no

, so the process fails at this stage.

So first configure both your test clients to connect to ****

192.168.200.1

instead of

xxx.xxx.xxx.xxx

and try again. If it doesn’t work anyway, post a log again.

If it works, you can configure the clients back to ****

xxx.xxx.xxx.xxx

and add the

nat-traversal=yes

to

/ip ipsec peer

configuration, you’ll most likely need it anyway for practical deployment. In theory, the iPhone client should work this way but the Windows one will fail (with an error message which doesn’t give you the smallest clue what is the reason). This is because NAT-T supports NAT on either end of the connection (or even both) in general, but the Micorsoft implementation of the client has a mental problem with NAT at peer side. There are workarounds for this but you should not need them as normally the clients will be connecting to your Mikrotik from outside.

Also be aware that if you plan to connect more than a single L2TP/IPsec client from behind the same remote public address, you’ll need a workaround described here.

from my perspective filter and nat rules are incorrect, have a look in MT wiki

For L2TP/IPsec, the default masquerade rule is harmless:

• only forwarded connections are src-nat’ed while the L2TP connection originates from a local address so it is handled by firewall chain ****

output

, not

forward

, so no src-nat rule can fire

• unlike connections handled directly by an IPsec policy, connections forwarded through L2TP/IPsec don’t have ****

pppoe-out1

as

out-interface

but

<l2tp-username>

, therefore the NAT rule doesn’t match on them

As for the filter part, all UDP ports required for L2TP/IPsec operation are permitted in chain input regardless the ****

in-interface

, so from the point of view of the L2TP/IPsec, it is fine as well. But from the point of view of security, it is not perfect because the rule “drop anything not dst-nat’ed” only works for packets coming in via interface internet (ether1), but there are no such packets - from the perspective of the IP firewall, they actually come in via

pppoe-out1

. So the rule never fires.

Thanks for reply Sindy,

Unfortunately no success. What i tried is connecting to 192.160.200.1 (Mikrotik local IP). What I noticed is that for VPN I’ve set the gateway to 192.168.220.1 (deliberately), but changing that to .200.1 didn’t help. I still get same error (

updating policy address because of NAT in transport mode

). I’ve also noticed this in logs (

07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
07:08:32 ipsec,debug an acceptable proposal found

) but I guess that client and server try to negociate the connection, and some of the settings do not match (but finally the find a suitable setting).


here is the config:

[admin@MikroTik] /log> /export hide-sensitive
# apr/23/2018 07:11:46 by RouterOS 6.38.7
# software id = M7Y4-4C74
#
/interface ethernet
set [ find default-name=ether1 ] name=Internet
set [ find default-name=ether2 ] name=ether2-master
set [ find default-name=ether3 ] master-port=ether2-master
set [ find default-name=ether4 ] master-port=ether2-master
set [ find default-name=ether5 ] master-port=ether2-master
/interface pppoe-client
add add-default-route=yes disabled=no interface=Internet name=pppoe-out1 use-peer-dns=yes user=FMPPP_0000830@finemedia.pl
/ip neighbor discovery
set Internet discover=no
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des lifetime=1d pfs-group=none
/ip pool
add name=dhcp ranges=192.168.200.180-192.168.200.200
add name=vpn-pool ranges=192.168.220.50-192.168.220.100
add name=static-pool ranges=192.168.200.2-192.168.200.30
add name=ovpn-pool ranges=192.168.211.2-192.168.211.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=ether2-master lease-time=20h10m name=defconf
/ppp profile
add local-address=192.168.211.1 name=ovpn-profile remote-address=ovpn-pool use-encryption=required
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=192.168.220.1 name=vpn-pool remote-address=vpn-pool session-timeout=0s use-encryption=yes
/interface l2tp-server server
set authentication=chap,mschap2 default-profile=vpn-pool enabled=yes
/interface ovpn-server server
set certificate=ca default-profile=ovpn-profile enabled=yes require-client-certificate=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.200.1/24 interface=ether2-master network=192.168.200.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=Internet
/ip dhcp-server lease
add address=192.168.200.200 client-id=1:b8:27:eb:b:85:a4 mac-address=B8:27:EB:0B:85:A4 server=defconf
/ip dhcp-server network
add address=192.168.200.0/24 comment=defconf gateway=192.168.200.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.200.1 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=accept chain=input comment=OpenVPN dst-port=1194 protocol=tcp
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add chain=input port=1701,500,4500 protocol=udp
add chain=input protocol=ipsec-esp
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=Internet
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input in-interface=pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.220.0/24
/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=aes-256,aes-192,aes-128,3des exchange-mode=main-l2tp generate-policy=port-override nat-traversal=no passive=yes
/ip route
add comment=Wan distance=1 dst-address=192.168.180.0/24 gateway=192.168.211.2
/ip service
set telnet disabled=yes
set ftp address=192.168.200.1/32
/ppp l2tp-secret
add comment=gemotialnet
/ppp secret
add local-address=192.168.211.1 name=proxmox profile=ovpn-profile remote-address=192.168.211.2 service=ovpn
add name=pawel profile=vpn-pool service=l2tp
/system clock
set time-zone-name=Europe/Warsaw
/system logging
add topics=ipsec,debug
add topics=l2tp,ppp,info
add topics=l2tp,info
add topics=firewall,info
add topics=firewall,error
add topics=ipsec,error
add topics=ipsec,warning
/tool mac-server
set [ find default=yes ] disabled=yes
add interface=ether2-master
/tool mac-server mac-winbox
set [ find default=yes ] disabled=yes
add interface=ether2-master

and a log where I try to connect iPhone via local interface (192.168.200.1)

[admin@MikroTik] /log> print
07:08:32 ipsec,debug  0x486cf0: next=(nil) tnext=0x489488
07:08:32 ipsec,debug   0x489488: next=(nil) tnext=0x48b680
07:08:32 ipsec,debug    0x48b680: next=(nil) tnext=0x48a7c8
07:08:32 ipsec,debug     0x48a7c8: next=(nil) tnext=0x48a938
07:08:32 ipsec,debug      0x48a938: next=(nil) tnext=0x481408
07:08:32 ipsec,debug       0x481408: next=(nil) tnext=0x489e58
07:08:32 ipsec,debug        0x489e58: next=(nil) tnext=0x48a908
07:08:32 ipsec,debug         0x48a908: next=(nil) tnext=0x48a210
07:08:32 ipsec,debug          0x48a210: next=(nil) tnext=0x4891b8
07:08:32 ipsec,debug           0x4891b8: next=(nil) tnext=0x48b2b8
07:08:32 ipsec,debug            0x48b2b8: next=(nil) tnext=0x486b20
07:08:32 ipsec,debug             0x486b20: next=(nil) tnext=0x489ea0
07:08:32 ipsec,debug              0x489ea0: next=(nil) tnext=0x48a700
07:08:32 ipsec,debug               0x48a700: next=(nil) tnext=(nil)
07:08:32 ipsec,debug proposal #1: 14 transform
07:08:32 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
07:08:32 ipsec,debug trns#=1, trns-id=IKE
07:08:32 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
07:08:32 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
07:08:32 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
07:08:32 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:32 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
07:08:32 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4
07:08:32 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 256:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 192:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 128:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = 3DES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 0:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
07:08:32 ipsec,debug trns#=2, trns-id=IKE
07:08:32 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
07:08:32 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
07:08:32 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
07:08:32 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:32 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
07:08:32 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
07:08:32 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 256:256)
07:08:32 ipsec,debug hashtype = SHA:SHA
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 192:256)
07:08:32 ipsec,debug hashtype = SHA:SHA
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 128:256)
07:08:32 ipsec,debug hashtype = SHA:SHA
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = 3DES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 0:256)
07:08:32 ipsec,debug hashtype = SHA:SHA
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
07:08:32 ipsec,debug trns#=3, trns-id=IKE
07:08:32 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
07:08:32 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
07:08:32 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
07:08:32 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:32 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
07:08:32 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5
07:08:32 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 256:256)
07:08:32 ipsec,debug hashtype = SHA:MD5
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 192:256)
07:08:32 ipsec,debug hashtype = SHA:MD5
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 128:256)
07:08:32 ipsec,debug hashtype = SHA:MD5
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = 3DES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 0:256)
07:08:32 ipsec,debug hashtype = SHA:MD5
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
07:08:32 ipsec,debug trns#=4, trns-id=IKE
07:08:32 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
07:08:32 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
07:08:32 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
07:08:32 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:32 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
07:08:32 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=6
07:08:32 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 256:256)
07:08:32 ipsec,debug hashtype = SHA:6
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 192:256)
07:08:32 ipsec,debug hashtype = SHA:6
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 128:256)
07:08:32 ipsec,debug hashtype = SHA:6
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = 3DES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 0:256)
07:08:32 ipsec,debug hashtype = SHA:6
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
07:08:32 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
07:08:32 ipsec,debug trns#=5, trns-id=IKE
07:08:32 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
07:08:32 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
07:08:32 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
07:08:32 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:32 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
07:08:32 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4
07:08:32 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 256:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 192:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 128:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = 3DES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 0:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
07:08:32 ipsec,debug trns#=6, trns-id=IKE
07:08:32 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
07:08:32 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
07:08:32 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
07:08:32 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:32 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
07:08:32 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
07:08:32 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 256:256)
07:08:32 ipsec,debug hashtype = SHA:SHA
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 192:256)
07:08:32 ipsec,debug hashtype = SHA:SHA
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 128:256)
07:08:32 ipsec,debug hashtype = SHA:SHA
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = 3DES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 0:256)
07:08:32 ipsec,debug hashtype = SHA:SHA
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
07:08:32 ipsec,debug trns#=7, trns-id=IKE
07:08:32 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
07:08:32 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
07:08:32 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
07:08:32 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:32 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
07:08:32 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5
07:08:32 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 256:256)
07:08:32 ipsec,debug hashtype = SHA:MD5
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 192:256)
07:08:32 ipsec,debug hashtype = SHA:MD5
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 128:256)
07:08:32 ipsec,debug hashtype = SHA:MD5
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = 3DES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 0:256)
07:08:32 ipsec,debug hashtype = SHA:MD5
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
07:08:32 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
07:08:32 ipsec,debug trns#=8, trns-id=IKE
07:08:32 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
07:08:32 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
07:08:32 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
07:08:32 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:32 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
07:08:32 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4
07:08:32 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 256:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 192:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 128:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = 3DES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 0:256)
07:08:32 ipsec,debug hashtype = SHA:4
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
07:08:32 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
07:08:32 ipsec,debug trns#=9, trns-id=IKE
07:08:32 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
07:08:32 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
07:08:32 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
07:08:32 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:32 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
07:08:32 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
07:08:32 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
07:08:32 ipsec,debug Compared: Local:Peer
07:08:32 ipsec,debug (lifetime = 86400:3600)
07:08:32 ipsec,debug (lifebyte = 0:0)
07:08:32 ipsec,debug enctype = AES-CBC:AES-CBC
07:08:32 ipsec,debug (encklen = 256:256)
07:08:32 ipsec,debug hashtype = SHA:SHA
07:08:32 ipsec,debug authmethod = pre-shared key:pre-shared key
07:08:32 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
07:08:32 ipsec,debug an acceptable proposal found.
07:08:32 ipsec,debug dh(modp1024)
07:08:32 ipsec,debug agreed on pre-shared key auth.
07:08:32 ipsec,debug ===
07:08:32 ipsec,debug new cookie:
07:08:32 ipsec,debug ef8d02e8edd28a5f
07:08:32 ipsec,debug add payload of len 52, next type 13
07:08:32 ipsec,debug add payload of len 16, next type 13
07:08:32 ipsec,debug add payload of len 16, next type 13
07:08:32 ipsec,debug add payload of len 20, next type 0
07:08:32 ipsec,debug 148 bytes from 192.168.200.1[500] to 192.168.200.196[500]
07:08:32 ipsec,debug 1 times of 148 bytes message will be sent to 192.168.200.196[500]
07:08:32 ipsec,debug,packet a3ef03db 17959cda ef8d02e8 edd28a5f 01100200 00000000 00000094 0d000038
07:08:32 ipsec,debug,packet 00000001 00000001 0000002c 01010001 00000024 09010000 800b0001 800c0e10
07:08:32 ipsec,debug,packet 80010007 800e0100 80030001 80020002 80040002 0d000014 4a131c81 07035845
07:08:32 ipsec,debug,packet 5c5728f2 0e95452f 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 00000018
07:08:32 ipsec,debug,packet 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000
07:08:32 ipsec,debug ===== received 228 bytes from 192.168.200.196[500] to 192.168.200.1[500]
07:08:32 ipsec,debug,packet a3ef03db 17959cda ef8d02e8 edd28a5f 04100200 00000000 000000e4 0a000084
07:08:32 ipsec,debug,packet 2a2d081e acf3eb50 166d7002 8da66834 0e3f5076 e826e7cf 9610fdc7 dc6cac0d
07:08:32 ipsec,debug,packet ce8a7af0 6d3e78d4 3e4ec88d d7ba481f 97ba6ea3 742f2bf8 6e41fee4 263fcfea
07:08:32 ipsec,debug,packet e03ff3df 0ad9090a 3e6545b5 1acb2dfe 9a33ee11 fe30bcb9 d62870be 9c994f80
07:08:32 ipsec,debug,packet f4c761cb 97c696a9 0f4bfb18 d5946703 0f71a74c f888865d b8f7c147 e099bec5
07:08:32 ipsec,debug,packet 14000014 b3ef5213 600e0bb4 c3c7ab3b f65897d3 14000018 d235ff79 f3c8d47e
07:08:32 ipsec,debug,packet 459d2870 22809bd3 c18f40d7 00000018 00576989 359ed4ec fec92bf0 65e3ecad
07:08:32 ipsec,debug,packet 81203cd8
07:08:32 ipsec,debug begin.
07:08:32 ipsec,debug seen nptype=4(ke) len=132
07:08:32 ipsec,debug seen nptype=10(nonce) len=20
07:08:32 ipsec,debug seen nptype=20(nat-d) len=24
07:08:32 ipsec,debug seen nptype=20(nat-d) len=24
07:08:32 ipsec,debug succeed.
07:08:32 ipsec,debug hash(sha1)
07:08:32 ipsec,debug hash(sha1)
07:08:32 ipsec,debug ===
07:08:32 ipsec,debug dh(modp1024)
07:08:32 ipsec,debug compute DH's private.
07:08:32 ipsec,debug 5b26556a 128336a0 1ab876a4 11a83ca1 2aeb9711 b3b32a5f 81f5f4f1 c3781102
07:08:32 ipsec,debug 020cb52e 89ce0a42 3bc9d512 2e7a4fbe dc49f8a2 a6df751a 1d3db39b c89c5848
07:08:32 ipsec,debug 9e9dc879 52c6f75a d10c6863 5cb00e2b 081c5d63 a62aa72a bc2ea092 b9b3df21
07:08:32 ipsec,debug aca6722e 00eb8e4d d86a3044 a80ee675 3e761450 4dbd770b b1276295 6e398f55
07:08:32 ipsec,debug compute DH's public.
07:08:32 ipsec,debug 4b9923ac 72b6aeb1 e242f2a3 48625c02 13f737b8 0b1dc072 77f7694e 821a0f6b
07:08:32 ipsec,debug bea5d81d 2269ca0e 7ec23f25 a91c453b 3cb19d3b b55b56a9 51e92a41 ce43cb7b
07:08:32 ipsec,debug f51c5e6b cb2aba98 dd4a119f ec0538bc e2727e0d 893b505d fcd8c83e ff8f476d
07:08:32 ipsec,debug c97cd96e 2740962b 548d8427 f02a80a9 19971e9d 5c7e349d 5dc8afaf 4a40e7d4
07:08:32 ipsec,debug hash(sha1)
07:08:32 ipsec,debug hash(sha1)
07:08:32 ipsec,debug add payload of len 128, next type 10
07:08:32 ipsec,debug add payload of len 24, next type 20
07:08:32 ipsec,debug add payload of len 20, next type 20
07:08:32 ipsec,debug add payload of len 20, next type 0
07:08:32 ipsec,debug 236 bytes from 192.168.200.1[500] to 192.168.200.196[500]
07:08:32 ipsec,debug 1 times of 236 bytes message will be sent to 192.168.200.196[500]
07:08:32 ipsec,debug,packet a3ef03db 17959cda ef8d02e8 edd28a5f 04100200 00000000 000000ec 0a000084
07:08:32 ipsec,debug,packet 4b9923ac 72b6aeb1 e242f2a3 48625c02 13f737b8 0b1dc072 77f7694e 821a0f6b
07:08:32 ipsec,debug,packet bea5d81d 2269ca0e 7ec23f25 a91c453b 3cb19d3b b55b56a9 51e92a41 ce43cb7b
07:08:32 ipsec,debug,packet f51c5e6b cb2aba98 dd4a119f ec0538bc e2727e0d 893b505d fcd8c83e ff8f476d
07:08:32 ipsec,debug,packet c97cd96e 2740962b 548d8427 f02a80a9 19971e9d 5c7e349d 5dc8afaf 4a40e7d4
07:08:32 ipsec,debug,packet 1400001c c0359ead 7cdda701 015c830c 869c1d14 6363f2e7 6060f376 14000018
07:08:32 ipsec,debug,packet 00576989 359ed4ec fec92bf0 65e3ecad 81203cd8 00000018 d235ff79 f3c8d47e
07:08:32 ipsec,debug,packet 459d2870 22809bd3 c18f40d7
07:08:32 ipsec,debug dh(modp1024)
07:08:32 ipsec,debug compute DH's shared.
07:08:32 ipsec,debug
07:08:32 ipsec,debug 8f8afbb6 70412ed9 87df8eca 1eb0fe73 6d581776 1e9a09a5 216558e4 b7ef97c9
07:08:32 ipsec,debug c02bfb5b a8f0eb37 9fcbb41d 8506a290 583bf4d6 9c399d56 ce4927eb e3ed5c53
07:08:32 ipsec,debug a33e56e9 f8a78395 00eadc55 62c28295 d52e3d67 bb693d8d f12c069d 51b33d02
07:08:32 ipsec,debug 3d924001 e4c89809 6213d967 c4b8b02f b8e1b3f4 0dda0d11 4c2b2178 59aa1606
07:08:32 ipsec,debug nonce 1:
07:08:32 ipsec,debug b3ef5213 600e0bb4 c3c7ab3b f65897d3
07:08:32 ipsec,debug nonce 2:
07:08:32 ipsec,debug c0359ead 7cdda701 015c830c 869c1d14 6363f2e7 6060f376
07:08:32 ipsec,debug hmac(hmac_sha1)
07:08:32 ipsec,debug SKEYID computed:
07:08:32 ipsec,debug cbb23312 c3f37733 7c4a9734 4d0ee530 ad73e50e
07:08:32 ipsec,debug hmac(hmac_sha1)
07:08:32 ipsec,debug SKEYID_d computed:
07:08:32 ipsec,debug 514709b0 58840272 cb8ed9b7 b5e8180d 0e139507
07:08:32 ipsec,debug hmac(hmac_sha1)
07:08:32 ipsec,debug SKEYID_a computed:
07:08:32 ipsec,debug 4fb64aab aaf53fb1 98bf76e5 7799de52 efed1690
07:08:32 ipsec,debug hmac(hmac_sha1)
07:08:32 ipsec,debug SKEYID_e computed:
07:08:32 ipsec,debug d549f21c 64ef1dea 1e8880aa cbb7f7bc 79e8efc9
07:08:32 ipsec,debug encryption(aes)
07:08:32 ipsec,debug hash(sha1)
07:08:32 ipsec,debug len(SKEYID_e) < len(Ka) (20 < 32), generating long key (Ka = K1 | K2 | ...)
07:08:32 ipsec,debug hmac(hmac_sha1)
07:08:32 ipsec,debug compute intermediate encryption key K1
07:08:32 ipsec,debug 00
07:08:32 ipsec,debug 57d38692 81d472e6 7bba112c b9672e58 a565ca9a
07:08:32 ipsec,debug hmac(hmac_sha1)
07:08:32 ipsec,debug compute intermediate encryption key K2
07:08:32 ipsec,debug 57d38692 81d472e6 7bba112c b9672e58 a565ca9a
07:08:32 ipsec,debug 576aacd0 0023791d bf838e9d e8f41c7e a9e1fde1
07:08:32 ipsec,debug final encryption key computed:
07:08:32 ipsec,debug 57d38692 81d472e6 7bba112c b9672e58 a565ca9a 576aacd0 0023791d bf838e9d
07:08:32 ipsec,debug hash(sha1)
07:08:32 ipsec,debug encryption(aes)
07:08:32 ipsec,debug IV computed:
07:08:32 ipsec,debug 30ab756d ec86b964 f59efd28 f74efe29
07:08:32 ipsec,debug ===== received 108 bytes from 192.168.200.196[500] to 192.168.200.1[500]
07:08:32 ipsec,debug,packet a3ef03db 17959cda ef8d02e8 edd28a5f 05100201 00000000 0000006c b78c1055
07:08:32 ipsec,debug,packet 18e558b2 c3f97184 f77a375d 299ba19e de6b33ac 2da480e2 0d2b27f7 fbb5e9c5
07:08:32 ipsec,debug,packet 661e89a6 20bdc361 79df0486 7ab9b383 e98e96e2 d85da6b6 ff979b03 9d3a92f6
07:08:32 ipsec,debug,packet 395aaa15 aa462e35 5091351e
07:08:32 ipsec,debug encryption(aes)
07:08:32 ipsec,debug IV was saved for next processing:
07:08:32 ipsec,debug 9d3a92f6 395aaa15 aa462e35 5091351e
07:08:32 ipsec,debug encryption(aes)
07:08:32 ipsec,debug with key:
07:08:32 ipsec,debug 57d38692 81d472e6 7bba112c b9672e58 a565ca9a 576aacd0 0023791d bf838e9d
07:08:32 ipsec,debug decrypted payload by IV:
07:08:32 ipsec,debug 30ab756d ec86b964 f59efd28 f74efe29
07:08:32 ipsec,debug decrypted payload, but not trimed.
07:08:32 ipsec,debug 0800000c 011101f4 c0a8c8c4 0b000018 93ac1ea1 5977d329 4e89739a 5a5a3550
07:08:32 ipsec,debug 919d9019 0000001c 00000001 01106002 a3ef03db 17959cda ef8d02e8 edd28a5f
07:08:32 ipsec,debug 00000000 00000000 00000000 00000010
07:08:32 ipsec,debug padding len=17
07:08:32 ipsec,debug skip to trim padding.
07:08:32 ipsec,debug decrypted.
07:08:32 ipsec,debug a3ef03db 17959cda ef8d02e8 edd28a5f 05100201 00000000 0000006c 0800000c
07:08:32 ipsec,debug 011101f4 c0a8c8c4 0b000018 93ac1ea1 5977d329 4e89739a 5a5a3550 919d9019
07:08:32 ipsec,debug 0000001c 00000001 01106002 a3ef03db 17959cda ef8d02e8 edd28a5f 00000000
07:08:32 ipsec,debug 00000000 00000000 00000010
07:08:32 ipsec,debug begin.
07:08:32 ipsec,debug seen nptype=5(id) len=12
07:08:32 ipsec,debug seen nptype=8(hash) len=24
07:08:32 ipsec,debug seen nptype=11(notify) len=28
07:08:32 ipsec,debug succeed.
07:08:32 ipsec,debug 192.168.200.196 Notify Message received
07:08:32 ipsec,debug HASH received:
07:08:32 ipsec,debug 93ac1ea1 5977d329 4e89739a 5a5a3550 919d9019
07:08:32 ipsec,debug HASH with:
07:08:32 ipsec,debug 2a2d081e acf3eb50 166d7002 8da66834 0e3f5076 e826e7cf 9610fdc7 dc6cac0d
07:08:32 ipsec,debug ce8a7af0 6d3e78d4 3e4ec88d d7ba481f 97ba6ea3 742f2bf8 6e41fee4 263fcfea
07:08:32 ipsec,debug e03ff3df 0ad9090a 3e6545b5 1acb2dfe 9a33ee11 fe30bcb9 d62870be 9c994f80
07:08:32 ipsec,debug f4c761cb 97c696a9 0f4bfb18 d5946703 0f71a74c f888865d b8f7c147 e099bec5
07:08:32 ipsec,debug 4b9923ac 72b6aeb1 e242f2a3 48625c02 13f737b8 0b1dc072 77f7694e 821a0f6b
07:08:32 ipsec,debug bea5d81d 2269ca0e 7ec23f25 a91c453b 3cb19d3b b55b56a9 51e92a41 ce43cb7b
07:08:32 ipsec,debug f51c5e6b cb2aba98 dd4a119f ec0538bc e2727e0d 893b505d fcd8c83e ff8f476d
07:08:32 ipsec,debug c97cd96e 2740962b 548d8427 f02a80a9 19971e9d 5c7e349d 5dc8afaf 4a40e7d4
07:08:32 ipsec,debug a3ef03db 17959cda ef8d02e8 edd28a5f 00000001 00000001 000001f8 0101000e
07:08:32 ipsec,debug 03000024 01010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
07:08:32 ipsec,debug 8004000e 03000024 02010000 800b0001 800c0e10 80010007 800e0100 80030001
07:08:32 ipsec,debug 80020002 8004000e 03000024 03010000 800b0001 800c0e10 80010007 800e0100
07:08:32 ipsec,debug 80030001 80020001 8004000e 03000024 04010000 800b0001 800c0e10 80010007
07:08:32 ipsec,debug 800e0100 80030001 80020006 8004000e 03000024 05010000 800b0001 800c0e10
07:08:32 ipsec,debug 80010007 800e0100 80030001 80020004 80040005 03000024 06010000 800b0001
07:08:32 ipsec,debug 800c0e10 80010007 800e0100 80030001 80020002 80040005 03000024 07010000
07:08:32 ipsec,debug 800b0001 800c0e10 80010007 800e0100 80030001 80020001 80040005 03000024
07:08:32 ipsec,debug 08010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004 80040002
07:08:32 ipsec,debug 03000024 09010000 800b0001 800c0e10 80010007 800e0100 80030001 80020002
07:08:32 ipsec,debug 80040002 03000024 0a010000 800b0001 800c0e10 80010007 800e0100 80030001
07:08:32 ipsec,debug 80020001 80040002 03000024 0b010000 800b0001 800c0e10 80010007 800e0080
07:08:32 ipsec,debug 80030001 80020002 80040002 03000024 0c010000 800b0001 800c0e10 80010007
07:08:32 ipsec,debug 800e0080 80030001 80020001 80040002 03000020 0d010000 800b0001 800c0e10
07:08:32 ipsec,debug 80010005 80030001 80020002 80040002 00000020 0e010000 800b0001 800c0e10
07:08:32 ipsec,debug 80010005 80030001 80020001 80040002 011101f4 c0a8c8c4
07:08:32 ipsec,debug hmac(hmac_sha1)
07:08:32 ipsec,debug HASH computed:
07:08:32 ipsec,debug 93ac1ea1 5977d329 4e89739a 5a5a3550 919d9019
07:08:32 ipsec,debug HASH for PSK validated.
07:08:32 ipsec,debug 192.168.200.196 peer's ID
07:08:32 ipsec,debug 011101f4 c0a8c8c4
07:08:32 ipsec,debug ===
07:08:32 ipsec,debug use ID type of IPv4_address
07:08:32 ipsec,debug generate HASH_R
07:08:32 ipsec,debug HASH with:
07:08:32 ipsec,debug 4b9923ac 72b6aeb1 e242f2a3 48625c02 13f737b8 0b1dc072 77f7694e 821a0f6b
07:08:32 ipsec,debug bea5d81d 2269ca0e 7ec23f25 a91c453b 3cb19d3b b55b56a9 51e92a41 ce43cb7b
07:08:32 ipsec,debug f51c5e6b cb2aba98 dd4a119f ec0538bc e2727e0d 893b505d fcd8c83e ff8f476d
07:08:32 ipsec,debug c97cd96e 2740962b 548d8427 f02a80a9 19971e9d 5c7e349d 5dc8afaf 4a40e7d4
07:08:32 ipsec,debug 2a2d081e acf3eb50 166d7002 8da66834 0e3f5076 e826e7cf 9610fdc7 dc6cac0d
07:08:32 ipsec,debug ce8a7af0 6d3e78d4 3e4ec88d d7ba481f 97ba6ea3 742f2bf8 6e41fee4 263fcfea
07:08:32 ipsec,debug e03ff3df 0ad9090a 3e6545b5 1acb2dfe 9a33ee11 fe30bcb9 d62870be 9c994f80
07:08:32 ipsec,debug f4c761cb 97c696a9 0f4bfb18 d5946703 0f71a74c f888865d b8f7c147 e099bec5
07:08:32 ipsec,debug ef8d02e8 edd28a5f a3ef03db 17959cda 00000001 00000001 000001f8 0101000e
07:08:32 ipsec,debug 03000024 01010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
07:08:32 ipsec,debug 8004000e 03000024 02010000 800b0001 800c0e10 80010007 800e0100 80030001
07:08:32 ipsec,debug 80020002 8004000e 03000024 03010000 800b0001 800c0e10 80010007 800e0100
07:08:32 ipsec,debug 80030001 80020001 8004000e 03000024 04010000 800b0001 800c0e10 80010007
07:08:32 ipsec,debug 800e0100 80030001 80020006 8004000e 03000024 05010000 800b0001 800c0e10
07:08:32 ipsec,debug 80010007 800e0100 80030001 80020004 80040005 03000024 06010000 800b0001
07:08:32 ipsec,debug 800c0e10 80010007 800e0100 80030001 80020002 80040005 03000024 07010000
07:08:32 ipsec,debug 800b0001 800c0e10 80010007 800e0100 80030001 80020001 80040005 03000024
07:08:32 ipsec,debug 08010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004 80040002
07:08:32 ipsec,debug 03000024 09010000 800b0001 800c0e10 80010007 800e0100 80030001 80020002
07:08:32 ipsec,debug 80040002 03000024 0a010000 800b0001 800c0e10 80010007 800e0100 80030001
07:08:32 ipsec,debug 80020001 80040002 03000024 0b010000 800b0001 800c0e10 80010007 800e0080
07:08:32 ipsec,debug 80030001 80020002 80040002 03000024 0c010000 800b0001 800c0e10 80010007
07:08:32 ipsec,debug 800e0080 80030001 80020001 80040002 03000020 0d010000 800b0001 800c0e10
07:08:32 ipsec,debug 80010005 80030001 80020002 80040002 00000020 0e010000 800b0001 800c0e10
07:08:32 ipsec,debug 80010005 80030001 80020001 80040002 011101f4 c0a8c801
07:08:32 ipsec,debug hmac(hmac_sha1)
07:08:32 ipsec,debug HASH computed:
07:08:32 ipsec,debug 1863d4e0 137bef42 a5f3f7fb a07b7e04 1c9f4f19
07:08:32 ipsec,debug add payload of len 8, next type 8
07:08:32 ipsec,debug add payload of len 20, next type 0
07:08:32 ipsec,debug begin encryption.
07:08:32 ipsec,debug encryption(aes)
07:08:32 ipsec,debug pad length = 12
07:08:32 ipsec,debug 0800000c 011101f4 c0a8c801 00000018 1863d4e0 137bef42 a5f3f7fb a07b7e04
07:08:32 ipsec,debug 1c9f4f19 c7f1ffe7 9a86f697 d084880b
07:08:32 ipsec,debug encryption(aes)
07:08:32 ipsec,debug with key:
07:08:32 ipsec,debug 57d38692 81d472e6 7bba112c b9672e58 a565ca9a 576aacd0 0023791d bf838e9d
07:08:32 ipsec,debug encrypted payload by IV:
07:08:32 ipsec,debug 9d3a92f6 395aaa15 aa462e35 5091351e
07:08:32 ipsec,debug save IV for next:
07:08:32 ipsec,debug c93c1b8e bbe4107f 63e8e877 2800dd9c
07:08:32 ipsec,debug encrypted.
07:08:32 ipsec,debug 76 bytes from 192.168.200.1[500] to 192.168.200.196[500]
07:08:32 ipsec,debug 1 times of 76 bytes message will be sent to 192.168.200.196[500]
07:08:32 ipsec,debug,packet a3ef03db 17959cda ef8d02e8 edd28a5f 05100201 00000000 0000004c 50e73902
07:08:32 ipsec,debug,packet 4aa06334 3909385d 081f61d4 2887732a e95cdf56 ca0a83d5 4b81a061 c93c1b8e
07:08:32 ipsec,debug,packet bbe4107f 63e8e877 2800dd9c
07:08:32 ipsec,info ISAKMP-SA established 192.168.200.1[500]-192.168.200.196[500] spi:a3ef03db17959cda:ef8d02e8edd28a5f
07:08:32 ipsec,debug ===
07:08:33 ipsec,debug ===== received 284 bytes from 192.168.200.196[500] to 192.168.200.1[500]
07:08:33 ipsec,debug,packet a3ef03db 17959cda ef8d02e8 edd28a5f 08102001 3a1cbf01 0000011c 0d8d4d6c
07:08:33 ipsec,debug,packet fabfdfb0 6549a324 1b82ccb3 26ffb202 9672d17e 1da88109 0cb4f9f3 51c4b45b
07:08:33 ipsec,debug,packet 073bf46c 235529c0 2fd3c563 50de38db 356b9faa 5bedce53 89f0e1c1 b54f7af8
07:08:33 ipsec,debug,packet be511651 c9edf2e2 67b8f317 7bad6287 a7089d7f 01b28e37 c16be063 d9cf5dbd
07:08:33 ipsec,debug,packet d6a54d66 cb00efff 5d11ee6e 317dd34a 0cbf3dc9 4d2f9911 185b5c6e 2498d203
07:08:33 ipsec,debug,packet 7d0b38aa 3066b7f9 27206952 7405f1f3 4867e184 a04a15df 34fabb9f 0cad89fc
07:08:33 ipsec,debug,packet 6e111124 2e2d965d cf489868 1f64825d 69c825e9 1272140f f6dacb50 f3c1fcb0
07:08:33 ipsec,debug,packet 710cd012 4471bf87 8b572a78 c5ef7b17 4ea87fad c55f4e8e 6c1359b0 170e8fae
07:08:33 ipsec,debug,packet a8f33d71 9c74deb5 762f54ba 1903ae08 56c56bdf 8d11c6c5 d4d09725
07:08:33 ipsec,debug compute IV for phase2
07:08:33 ipsec,debug phase1 last IV:
07:08:33 ipsec,debug c93c1b8e bbe4107f 63e8e877 2800dd9c 3a1cbf01
07:08:33 ipsec,debug hash(sha1)
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug phase2 IV computed:
07:08:33 ipsec,debug ca08b3c3 4b11c832 60af11a2 6868e457
07:08:33 ipsec,debug ===
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug IV was saved for next processing:
07:08:33 ipsec,debug 1903ae08 56c56bdf 8d11c6c5 d4d09725
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug with key:
07:08:33 ipsec,debug 57d38692 81d472e6 7bba112c b9672e58 a565ca9a 576aacd0 0023791d bf838e9d
07:08:33 ipsec,debug decrypted payload by IV:
07:08:33 ipsec,debug ca08b3c3 4b11c832 60af11a2 6868e457
07:08:33 ipsec,debug decrypted payload, but not trimed.
07:08:33 ipsec,debug 01000018 682924d5 a4decd76 df0b7acf 93440bae 8a8cfeb6 0a0000b8 00000001
07:08:33 ipsec,debug 00000001 000000ac 01030406 00cbcf24 0300001c 010c0000 80010001 80020e10
07:08:33 ipsec,debug 80040002 80060100 80050002 0300001c 020c0000 80010001 80020e10 80040002
07:08:33 ipsec,debug 80060100 80050001 0300001c 030c0000 80010001 80020e10 80040002 80060080
07:08:33 ipsec,debug 80050002 0300001c 040c0000 80010001 80020e10 80040002 80060080 80050001
07:08:33 ipsec,debug 03000018 05030000 80010001 80020e10 80040002 80050002 00000018 06030000
07:08:33 ipsec,debug 80010001 80020e10 80040002 80050001 05000014 2e64467d 301d3d34 ac112458
07:08:33 ipsec,debug ef259c59 0500000c 0111d46a c0a8c8c4 0000000c 011106a5 c0a8c801 00000004
07:08:33 ipsec,debug padding len=5
07:08:33 ipsec,debug skip to trim padding.
07:08:33 ipsec,debug decrypted.
07:08:33 ipsec,debug a3ef03db 17959cda ef8d02e8 edd28a5f 08102001 3a1cbf01 0000011c 01000018
07:08:33 ipsec,debug 682924d5 a4decd76 df0b7acf 93440bae 8a8cfeb6 0a0000b8 00000001 00000001
07:08:33 ipsec,debug 000000ac 01030406 00cbcf24 0300001c 010c0000 80010001 80020e10 80040002
07:08:33 ipsec,debug 80060100 80050002 0300001c 020c0000 80010001 80020e10 80040002 80060100
07:08:33 ipsec,debug 80050001 0300001c 030c0000 80010001 80020e10 80040002 80060080 80050002
07:08:33 ipsec,debug 0300001c 040c0000 80010001 80020e10 80040002 80060080 80050001 03000018
07:08:33 ipsec,debug 05030000 80010001 80020e10 80040002 80050002 00000018 06030000 80010001
07:08:33 ipsec,debug 80020e10 80040002 80050001 05000014 2e64467d 301d3d34 ac112458 ef259c59
07:08:33 ipsec,debug 0500000c 0111d46a c0a8c8c4 0000000c 011106a5 c0a8c801 00000004
07:08:33 ipsec,debug begin.
07:08:33 ipsec,debug seen nptype=8(hash) len=24
07:08:33 ipsec,debug seen nptype=1(sa) len=184
07:08:33 ipsec,debug seen nptype=10(nonce) len=20
07:08:33 ipsec,debug seen nptype=5(id) len=12
07:08:33 ipsec,debug seen nptype=5(id) len=12
07:08:33 ipsec,debug succeed.
07:08:33 ipsec,debug received IDci2:
07:08:33 ipsec,debug 0111d46a c0a8c8c4
07:08:33 ipsec,debug received IDcr2:
07:08:33 ipsec,debug 011106a5 c0a8c801
07:08:33 ipsec,debug HASH(1) validate:
07:08:33 ipsec,debug 682924d5 a4decd76 df0b7acf 93440bae 8a8cfeb6
07:08:33 ipsec,debug HASH with:
07:08:33 ipsec,debug 3a1cbf01 0a0000b8 00000001 00000001 000000ac 01030406 00cbcf24 0300001c
07:08:33 ipsec,debug 010c0000 80010001 80020e10 80040002 80060100 80050002 0300001c 020c0000
07:08:33 ipsec,debug 80010001 80020e10 80040002 80060100 80050001 0300001c 030c0000 80010001
07:08:33 ipsec,debug 80020e10 80040002 80060080 80050002 0300001c 040c0000 80010001 80020e10
07:08:33 ipsec,debug 80040002 80060080 80050001 03000018 05030000 80010001 80020e10 80040002
07:08:33 ipsec,debug 80050002 00000018 06030000 80010001 80020e10 80040002 80050001 05000014
07:08:33 ipsec,debug 2e64467d 301d3d34 ac112458 ef259c59 0500000c 0111d46a c0a8c8c4 0000000c
07:08:33 ipsec,debug 011106a5 c0a8c801
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug HASH computed:
07:08:33 ipsec,debug 682924d5 a4decd76 df0b7acf 93440bae 8a8cfeb6
07:08:33 ipsec,debug total SA len=180
07:08:33 ipsec,debug 00000001 00000001 000000ac 01030406 00cbcf24 0300001c 010c0000 80010001
07:08:33 ipsec,debug 80020e10 80040002 80060100 80050002 0300001c 020c0000 80010001 80020e10
07:08:33 ipsec,debug 80040002 80060100 80050001 0300001c 030c0000 80010001 80020e10 80040002
07:08:33 ipsec,debug 80060080 80050002 0300001c 040c0000 80010001 80020e10 80040002 80060080
07:08:33 ipsec,debug 80050001 03000018 05030000 80010001 80020e10 80040002 80050002 00000018
07:08:33 ipsec,debug 06030000 80010001 80020e10 80040002 80050001
07:08:33 ipsec,debug begin.
07:08:33 ipsec,debug seen nptype=2(prop) len=172
07:08:33 ipsec,debug succeed.
07:08:33 ipsec,debug proposal #1 len=172
07:08:33 ipsec,debug begin.
07:08:33 ipsec,debug seen nptype=3(trns) len=28
07:08:33 ipsec,debug seen nptype=3(trns) len=28
07:08:33 ipsec,debug seen nptype=3(trns) len=28
07:08:33 ipsec,debug seen nptype=3(trns) len=28
07:08:33 ipsec,debug seen nptype=3(trns) len=24
07:08:33 ipsec,debug seen nptype=3(trns) len=24
07:08:33 ipsec,debug succeed.
07:08:33 ipsec,debug transform #1 len=28
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug life duration was in TLV.
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
07:08:33 ipsec,debug transform #2 len=28
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug life duration was in TLV.
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
07:08:33 ipsec,debug transform #3 len=28
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug life duration was in TLV.
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Key Length, flag=0x8000, lorv=128
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
07:08:33 ipsec,debug transform #4 len=28
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug life duration was in TLV.
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Key Length, flag=0x8000, lorv=128
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
07:08:33 ipsec,debug transform #5 len=24
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug life duration was in TLV.
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
07:08:33 ipsec,debug transform #6 len=24
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug life duration was in TLV.
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
07:08:33 ipsec,debug pair 1:
07:08:33 ipsec,debug  0x488cd0: next=(nil) tnext=0x48c060
07:08:33 ipsec,debug   0x48c060: next=(nil) tnext=0x48b6c0
07:08:33 ipsec,debug    0x48b6c0: next=(nil) tnext=0x48b5a0
07:08:33 ipsec,debug     0x48b5a0: next=(nil) tnext=0x48c2c0
07:08:33 ipsec,debug      0x48c2c0: next=(nil) tnext=0x487a00
07:08:33 ipsec,debug       0x487a00: next=(nil) tnext=(nil)
07:08:33 ipsec,debug proposal #1: 6 transform
07:08:33 ipsec,debug got the peer address from ID payload anonymous prefixlen=0 ul_proto=17
07:08:33 ipsec,debug got the local address from ID payload 192.168.200.1[1701] prefixlen=32 ul_proto=17
07:08:33 ipsec,debug updating policy address because of NAT in transport mode
07:08:33 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=13:13)
07:08:33 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
07:08:33 ipsec,debug   (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
07:08:33 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
07:08:33 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
07:08:33 ipsec,debug begin compare proposals.
07:08:33 ipsec,debug pair[1]: 0x488cd0
07:08:33 ipsec,debug  0x488cd0: next=(nil) tnext=0x48c060
07:08:33 ipsec,debug   0x48c060: next=(nil) tnext=0x48b6c0
07:08:33 ipsec,debug    0x48b6c0: next=(nil) tnext=0x48b5a0
07:08:33 ipsec,debug     0x48b5a0: next=(nil) tnext=0x48c2c0
07:08:33 ipsec,debug      0x48c2c0: next=(nil) tnext=0x487a00
07:08:33 ipsec,debug       0x487a00: next=(nil) tnext=(nil)
07:08:33 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=1 trns-id=AES-CBC
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
07:08:33 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=2 trns-id=AES-CBC
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
07:08:33 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=3 trns-id=AES-CBC
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Key Length, flag=0x8000, lorv=128
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
07:08:33 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=4 trns-id=AES-CBC
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Key Length, flag=0x8000, lorv=128
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
07:08:33 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=5 trns-id=3DES
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
07:08:33 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=6 trns-id=3DES
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
07:08:33 ipsec,debug peer's single bundle:
07:08:33 ipsec,debug  (proto_id=ESP spisize=4 spi=00cbcf24 spi_p=00000000 encmode=Transport reqid=0:0)
07:08:33 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
07:08:33 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-md5)
07:08:33 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
07:08:33 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-md5)
07:08:33 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
07:08:33 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-md5)
07:08:33 ipsec,debug my single bundle:
07:08:33 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=13:13)
07:08:33 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
07:08:33 ipsec,debug   (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
07:08:33 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
07:08:33 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
07:08:33 ipsec,debug matched
07:08:33 ipsec,debug ===
07:08:33 ipsec,debug call pfkey_send_getspi b59902e5
07:08:33 ipsec,debug pfkey GETSPI sent: ESP/Transport 192.168.200.196[500]->192.168.200.1[500]
07:08:33 ipsec,debug pfkey getspi sent.
07:08:33 ipsec,debug total SA len=48
07:08:33 ipsec,debug 00000001 00000001 00000028 01030401 00000000 0000001c 010c0000 80010001
07:08:33 ipsec,debug 80020e10 80040002 80060100 80050002
07:08:33 ipsec,debug begin.
07:08:33 ipsec,debug seen nptype=2(prop) len=40
07:08:33 ipsec,debug succeed.
07:08:33 ipsec,debug proposal #1 len=40
07:08:33 ipsec,debug begin.
07:08:33 ipsec,debug seen nptype=3(trns) len=28
07:08:33 ipsec,debug succeed.
07:08:33 ipsec,debug transform #1 len=28
07:08:33 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
07:08:33 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
07:08:33 ipsec,debug life duration was in TLV.
07:08:33 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
07:08:33 ipsec,debug type=Key Length, flag=0x8000, lorv=256
07:08:33 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
07:08:33 ipsec,debug pair 1:
07:08:33 ipsec,debug  0x48b6c0: next=(nil) tnext=(nil)
07:08:33 ipsec,debug proposal #1: 1 transform
07:08:33 ipsec,debug add payload of len 48, next type 10
07:08:33 ipsec,debug add payload of len 24, next type 5
07:08:33 ipsec,debug add payload of len 8, next type 5
07:08:33 ipsec,debug add payload of len 8, next type 0
07:08:33 ipsec,debug HASH with:
07:08:33 ipsec,debug 3a1cbf01 2e64467d 301d3d34 ac112458 ef259c59 0a000034 00000001 00000001
07:08:33 ipsec,debug 00000028 01030401 06f5e3b7 0000001c 010c0000 80010001 80020e10 80040002
07:08:33 ipsec,debug 80060100 80050002 0500001c ce810bf2 8ba4e6c1 d97f89a2 47ec3b07 7e6d6266
07:08:33 ipsec,debug a82b7b5d 0500000c 0111d46a c0a8c8c4 0000000c 011106a5 c0a8c801
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug HASH computed:
07:08:33 ipsec,debug c37eaf71 f6c5c488 57bc42f9 94b8fc6f 19b66d82
07:08:33 ipsec,debug add payload of len 20, next type 1
07:08:33 ipsec,debug begin encryption.
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug pad length = 16
07:08:33 ipsec,debug 01000018 c37eaf71 f6c5c488 57bc42f9 94b8fc6f 19b66d82 0a000034 00000001
07:08:33 ipsec,debug 00000001 00000028 01030401 06f5e3b7 0000001c 010c0000 80010001 80020e10
07:08:33 ipsec,debug 80040002 80060100 80050002 0500001c ce810bf2 8ba4e6c1 d97f89a2 47ec3b07
07:08:33 ipsec,debug 7e6d6266 a82b7b5d 0500000c 0111d46a c0a8c8c4 0000000c 011106a5 c0a8c801
07:08:33 ipsec,debug f8bdd6fd ff93e1e7 faa6cbe9 d4ede10f
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug with key:
07:08:33 ipsec,debug 57d38692 81d472e6 7bba112c b9672e58 a565ca9a 576aacd0 0023791d bf838e9d
07:08:33 ipsec,debug encrypted payload by IV:
07:08:33 ipsec,debug 1903ae08 56c56bdf 8d11c6c5 d4d09725
07:08:33 ipsec,debug save IV for next:
07:08:33 ipsec,debug 4e0fd5ca aab16255 1ddde4a2 0f2f4a6f
07:08:33 ipsec,debug encrypted.
07:08:33 ipsec,debug 172 bytes from 192.168.200.1[500] to 192.168.200.196[500]
07:08:33 ipsec,debug 1 times of 172 bytes message will be sent to 192.168.200.196[500]
07:08:33 ipsec,debug,packet a3ef03db 17959cda ef8d02e8 edd28a5f 08102001 3a1cbf01 000000ac ac8bd527
07:08:33 ipsec,debug,packet c6f6d950 674b989f 42700436 9335fa66 60e32a5b dbac6af5 0410cab0 52911164
07:08:33 ipsec,debug,packet 41a91a83 c450c9ae bc494532 ba9b8d15 6ea7508d 14417130 62424494 c1492cb9
07:08:33 ipsec,debug,packet 25b8f88b a9c54564 f16d51dc 4c3eaabc adfd6e4e 9e6a5ae1 ec18d25a 87d68234
07:08:33 ipsec,debug,packet 01c00765 19691ab1 75e4208d a6af2627 a9d55332 ae2a7784 19a9ccf3 4e0fd5ca
07:08:33 ipsec,debug,packet aab16255 1ddde4a2 0f2f4a6f
07:08:33 ipsec,debug ===== received 60 bytes from 192.168.200.196[500] to 192.168.200.1[500]
07:08:33 ipsec,debug,packet a3ef03db 17959cda ef8d02e8 edd28a5f 08102001 3a1cbf01 0000003c 37813c6d
07:08:33 ipsec,debug,packet 40ed9399 1443dd22 afb7a090 2d318a15 3824db26 a5bb7370 8b9b204b
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug IV was saved for next processing:
07:08:33 ipsec,debug 2d318a15 3824db26 a5bb7370 8b9b204b
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug with key:
07:08:33 ipsec,debug 57d38692 81d472e6 7bba112c b9672e58 a565ca9a 576aacd0 0023791d bf838e9d
07:08:33 ipsec,debug decrypted payload by IV:
07:08:33 ipsec,debug 4e0fd5ca aab16255 1ddde4a2 0f2f4a6f
07:08:33 ipsec,debug decrypted payload, but not trimed.
07:08:33 ipsec,debug 00000018 0d5c6060 d53d92ea e3a499da c4741320 945b065d 00000000 00000008
07:08:33 ipsec,debug padding len=9
07:08:33 ipsec,debug skip to trim padding.
07:08:33 ipsec,debug decrypted.
07:08:33 ipsec,debug a3ef03db 17959cda ef8d02e8 edd28a5f 08102001 3a1cbf01 0000003c 00000018
07:08:33 ipsec,debug 0d5c6060 d53d92ea e3a499da c4741320 945b065d 00000000 00000008
07:08:33 ipsec,debug begin.
07:08:33 ipsec,debug seen nptype=8(hash) len=24
07:08:33 ipsec,debug succeed.
07:08:33 ipsec,debug HASH(3) validate:
07:08:33 ipsec,debug 0d5c6060 d53d92ea e3a499da c4741320 945b065d
07:08:33 ipsec,debug HASH with:
07:08:33 ipsec,debug 003a1cbf 012e6446 7d301d3d 34ac1124 58ef259c 59ce810b f28ba4e6 c1d97f89
07:08:33 ipsec,debug a247ec3b 077e6d62 66a82b7b 5d
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug HASH computed:
07:08:33 ipsec,debug 0d5c6060 d53d92ea e3a499da c4741320 945b065d
07:08:33 ipsec,debug ===
07:08:33 ipsec,debug KEYMAT compute with
07:08:33 ipsec,debug 0306f5e3 b72e6446 7d301d3d 34ac1124 58ef259c 59ce810b f28ba4e6 c1d97f89
07:08:33 ipsec,debug a247ec3b 077e6d62 66a82b7b 5d
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug encryption(aes-cbc)
07:08:33 ipsec,debug hmac(sha1)
07:08:33 ipsec,debug encklen=256 authklen=160
07:08:33 ipsec,debug generating 640 bits of key (dupkeymat=4)
07:08:33 ipsec,debug generating K1...K4 for KEYMAT.
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug 5791bc54 3765d518 506d6989 f96e7664 c1897f59 3c66fb49 43302fef d6f69e17
07:08:33 ipsec,debug b6e8e106 9f91c460 2b4d645f 71329bf3 906c2ba7 fa0141ed d4027e77 f6166050
07:08:33 ipsec,debug 84f2c66c bc3678ff 2f6b2f2e ca9ee524
07:08:33 ipsec,debug KEYMAT compute with
07:08:33 ipsec,debug 0300cbcf 242e6446 7d301d3d 34ac1124 58ef259c 59ce810b f28ba4e6 c1d97f89
07:08:33 ipsec,debug a247ec3b 077e6d62 66a82b7b 5d
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug encryption(aes-cbc)
07:08:33 ipsec,debug hmac(sha1)
07:08:33 ipsec,debug encklen=256 authklen=160
07:08:33 ipsec,debug generating 640 bits of key (dupkeymat=4)
07:08:33 ipsec,debug generating K1...K4 for KEYMAT.
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug e2a7b247 3be46385 84e95fe5 f530d201 cd7873cb 47dd8487 79283460 25f79f97
07:08:33 ipsec,debug cfbf4ae0 1c8b8f93 e0aa1735 f27ffa36 ec3afe77 470818b4 c1a8fe93 06493e65
07:08:33 ipsec,debug 61c27006 a0397a25 d857e589 d760bd88
07:08:33 ipsec,debug KEYMAT computed.
07:08:33 ipsec,debug call pk_sendupdate
07:08:33 ipsec,debug encryption(aes-cbc)
07:08:33 ipsec,debug hmac(sha1)
07:08:33 ipsec,debug call pfkey_send_update_nat
07:08:33 ipsec,debug pfkey update sent.
07:08:33 ipsec,debug encryption(aes-cbc)
07:08:33 ipsec,debug hmac(sha1)
07:08:33 ipsec,debug call pfkey_send_add_nat
07:08:33 ipsec,debug pfkey add sent.
07:08:33 l2tp,info first L2TP UDP packet received from 192.168.200.196
07:08:33 ipsec,debug ===== received 76 bytes from 192.168.200.196[500] to 192.168.200.1[500]
07:08:33 ipsec,debug,packet a3ef03db 17959cda ef8d02e8 edd28a5f 08100501 107ba95f 0000004c 0a10bb9b
07:08:33 ipsec,debug,packet 9972612b 42d3cc56 6e8028c5 62ba2947 ce031000 fbe407fb bbc011b5 943a0b96
07:08:33 ipsec,debug,packet 08b64e22 a35d8f00 7ceb871c
07:08:33 ipsec,debug compute IV for phase2
07:08:33 ipsec,debug phase1 last IV:
07:08:33 ipsec,debug c93c1b8e bbe4107f 63e8e877 2800dd9c 107ba95f
07:08:33 ipsec,debug hash(sha1)
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug phase2 IV computed:
07:08:33 ipsec,debug 447d2d93 3372befb df6370d9 dc293d2c
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug IV was saved for next processing:
07:08:33 ipsec,debug 943a0b96 08b64e22 a35d8f00 7ceb871c
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug with key:
07:08:33 ipsec,debug 57d38692 81d472e6 7bba112c b9672e58 a565ca9a 576aacd0 0023791d bf838e9d
07:08:33 ipsec,debug decrypted payload by IV:
07:08:33 ipsec,debug 447d2d93 3372befb df6370d9 dc293d2c
07:08:33 ipsec,debug decrypted payload, but not trimed.
07:08:33 ipsec,debug 0c000018 98bda612 41b1b15d e7c2cbc0 61d89c8f 23527770 00000010 00000001
07:08:33 ipsec,debug 03040001 00cbcf24 00000000 00000008
07:08:33 ipsec,debug padding len=9
07:08:33 ipsec,debug skip to trim padding.
07:08:33 ipsec,debug decrypted.
07:08:33 ipsec,debug a3ef03db 17959cda ef8d02e8 edd28a5f 08100501 107ba95f 0000004c 0c000018
07:08:33 ipsec,debug 98bda612 41b1b15d e7c2cbc0 61d89c8f 23527770 00000010 00000001 03040001
07:08:33 ipsec,debug 00cbcf24 00000000 00000008
07:08:33 ipsec,debug HASH with:
07:08:33 ipsec,debug 107ba95f 00000010 00000001 03040001 00cbcf24
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug HASH computed:
07:08:33 ipsec,debug 98bda612 41b1b15d e7c2cbc0 61d89c8f 23527770
07:08:33 ipsec,debug hash validated.
07:08:33 ipsec,debug begin.
07:08:33 ipsec,debug seen nptype=8(hash) len=24
07:08:33 ipsec,debug seen nptype=12(delete) len=16
07:08:33 ipsec,debug succeed.
07:08:33 ipsec,debug 192.168.200.196 delete payload for protocol ESP
07:08:33 ipsec,debug an undead schedule has been deleted.
07:08:33 ipsec,debug purged SAs.
07:08:33 ipsec,debug ===== received 92 bytes from 192.168.200.196[500] to 192.168.200.1[500]
07:08:33 ipsec,debug,packet a3ef03db 17959cda ef8d02e8 edd28a5f 08100501 c1fe1424 0000005c 43f5e6a6
07:08:33 ipsec,debug,packet ca6abe3f 0b975232 be388659 3221b270 84a5fe5c 2d0c2655 1b7638d1 48152e74
07:08:33 ipsec,debug,packet 664066e6 345ca1c3 639539c0 1b0c130e ebdd8c37 9b8b5d34 be7c6cd0
07:08:33 ipsec,debug compute IV for phase2
07:08:33 ipsec,debug phase1 last IV:
07:08:33 ipsec,debug c93c1b8e bbe4107f 63e8e877 2800dd9c c1fe1424
07:08:33 ipsec,debug hash(sha1)
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug phase2 IV computed:
07:08:33 ipsec,debug a39ee4ae f46b2341 616f3854 da206ced
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug IV was saved for next processing:
07:08:33 ipsec,debug 1b0c130e ebdd8c37 9b8b5d34 be7c6cd0
07:08:33 ipsec,debug encryption(aes)
07:08:33 ipsec,debug with key:
07:08:33 ipsec,debug 57d38692 81d472e6 7bba112c b9672e58 a565ca9a 576aacd0 0023791d bf838e9d
07:08:33 ipsec,debug decrypted payload by IV:
07:08:33 ipsec,debug a39ee4ae f46b2341 616f3854 da206ced
07:08:33 ipsec,debug decrypted payload, but not trimed.
07:08:33 ipsec,debug 0c000018 0efff602 16d132d9 908b62c1 49ba0acd 7af8172f 0000001c 00000001
07:08:33 ipsec,debug 01100001 a3ef03db 17959cda ef8d02e8 edd28a5f 00000000 00000000 0000000c
07:08:33 ipsec,debug padding len=13
07:08:33 ipsec,debug skip to trim padding.
07:08:33 ipsec,debug decrypted.
07:08:33 ipsec,debug a3ef03db 17959cda ef8d02e8 edd28a5f 08100501 c1fe1424 0000005c 0c000018
07:08:33 ipsec,debug 0efff602 16d132d9 908b62c1 49ba0acd 7af8172f 0000001c 00000001 01100001
07:08:33 ipsec,debug a3ef03db 17959cda ef8d02e8 edd28a5f 00000000 00000000 0000000c
07:08:33 ipsec,debug HASH with:
07:08:33 ipsec,debug c1fe1424 0000001c 00000001 01100001 a3ef03db 17959cda ef8d02e8 edd28a5f
07:08:33 ipsec,debug hmac(hmac_sha1)
07:08:33 ipsec,debug HASH computed:
07:08:33 ipsec,debug 0efff602 16d132d9 908b62c1 49ba0acd 7af8172f
07:08:33 ipsec,debug hash validated.
07:08:33 ipsec,debug begin.
07:08:33 ipsec,debug seen nptype=8(hash) len=24
07:08:33 ipsec,debug seen nptype=12(delete) len=28
07:08:33 ipsec,debug succeed.
07:08:33 ipsec,debug 192.168.200.196 delete payload for protocol ISAKMP
07:08:33 ipsec,info purging ISAKMP-SA 192.168.200.1[500]<=>192.168.200.196[500] spi=a3ef03db17959cda:ef8d02e8edd28a5f.
07:08:33 ipsec,debug purged SAs.
07:08:34 ipsec,info ISAKMP-SA deleted 192.168.200.1[500]-192.168.200.196[500] spi:a3ef03db17959cda:ef8d02e8edd28a5f rekey:1
07:08:34 ipsec,debug an undead schedule has been deleted.

Please add l2tp to logging and try again. It seems to me that IPsec establishment goes smoothly and as the first l2tp packet arrives, the IPsec gets broken from outside:

07:08:33 l2tp,info first L2TP UDP packet received from 192.168.200.196

• this means that the IPsec transport has been established and a received packet decrypted.

Processing of the next received transport packet ends with

07:08:33 ipsec,debug 192.168.200.196 delete payload for protocol ESP
07:08:33 ipsec,debug an undead schedule has been deleted.
07:08:33 ipsec,debug purged SAs.

I assume this means that either the client has sent a packet asking to delete the security association, or the L2TP layer has deleted the dynamic policy.

Another question related to the assumption above, are both the Mikrotik and the client synchronized to any real time reference (ntp server)?

I enabled NTP synchornization both on Mikrotik and iPhone now. Same results.
Here is the log with l2tp,info/debug logs

[admin@MikroTik] /log> print
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = 3DES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 0:256)
10:11:45 ipsec,debug hashtype = SHA:4
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
10:11:45 ipsec,debug trns#=2, trns-id=IKE
10:11:45 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
10:11:45 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
10:11:45 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:11:45 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:45 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:11:45 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
10:11:45 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 256:256)
10:11:45 ipsec,debug hashtype = SHA:SHA
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 192:256)
10:11:45 ipsec,debug hashtype = SHA:SHA
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 128:256)
10:11:45 ipsec,debug hashtype = SHA:SHA
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = 3DES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 0:256)
10:11:45 ipsec,debug hashtype = SHA:SHA
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
10:11:45 ipsec,debug trns#=3, trns-id=IKE
10:11:45 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
10:11:45 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
10:11:45 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:11:45 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:45 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:11:45 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5
10:11:45 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 256:256)
10:11:45 ipsec,debug hashtype = SHA:MD5
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 192:256)
10:11:45 ipsec,debug hashtype = SHA:MD5
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 128:256)
10:11:45 ipsec,debug hashtype = SHA:MD5
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = 3DES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 0:256)
10:11:45 ipsec,debug hashtype = SHA:MD5
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
10:11:45 ipsec,debug trns#=4, trns-id=IKE
10:11:45 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
10:11:45 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
10:11:45 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:11:45 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:45 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:11:45 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=6
10:11:45 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 256:256)
10:11:45 ipsec,debug hashtype = SHA:6
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 192:256)
10:11:45 ipsec,debug hashtype = SHA:6
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 128:256)
10:11:45 ipsec,debug hashtype = SHA:6
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = 3DES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 0:256)
10:11:45 ipsec,debug hashtype = SHA:6
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
10:11:45 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
10:11:45 ipsec,debug trns#=5, trns-id=IKE
10:11:45 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
10:11:45 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
10:11:45 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:11:45 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:45 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:11:45 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4
10:11:45 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 256:256)
10:11:45 ipsec,debug hashtype = SHA:4
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 192:256)
10:11:45 ipsec,debug hashtype = SHA:4
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 128:256)
10:11:45 ipsec,debug hashtype = SHA:4
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = 3DES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 0:256)
10:11:45 ipsec,debug hashtype = SHA:4
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
10:11:45 ipsec,debug trns#=6, trns-id=IKE
10:11:45 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
10:11:45 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
10:11:45 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:11:45 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:45 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:11:45 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
10:11:45 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 256:256)
10:11:45 ipsec,debug hashtype = SHA:SHA
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 192:256)
10:11:45 ipsec,debug hashtype = SHA:SHA
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 128:256)
10:11:45 ipsec,debug hashtype = SHA:SHA
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = 3DES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 0:256)
10:11:45 ipsec,debug hashtype = SHA:SHA
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
10:11:45 ipsec,debug trns#=7, trns-id=IKE
10:11:45 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
10:11:45 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
10:11:45 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:11:45 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:45 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:11:45 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5
10:11:45 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 256:256)
10:11:45 ipsec,debug hashtype = SHA:MD5
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 192:256)
10:11:45 ipsec,debug hashtype = SHA:MD5
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 128:256)
10:11:45 ipsec,debug hashtype = SHA:MD5
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = 3DES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 0:256)
10:11:45 ipsec,debug hashtype = SHA:MD5
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
10:11:45 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
10:11:45 ipsec,debug trns#=8, trns-id=IKE
10:11:45 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
10:11:45 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
10:11:45 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:11:45 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:45 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:11:45 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4
10:11:45 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 256:256)
10:11:45 ipsec,debug hashtype = SHA:4
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 192:256)
10:11:45 ipsec,debug hashtype = SHA:4
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 128:256)
10:11:45 ipsec,debug hashtype = SHA:4
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = 3DES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 0:256)
10:11:45 ipsec,debug hashtype = SHA:4
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
10:11:45 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
10:11:45 ipsec,debug trns#=9, trns-id=IKE
10:11:45 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
10:11:45 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
10:11:45 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:11:45 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:45 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
10:11:45 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
10:11:45 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
10:11:45 ipsec,debug Compared: Local:Peer
10:11:45 ipsec,debug (lifetime = 86400:3600)
10:11:45 ipsec,debug (lifebyte = 0:0)
10:11:45 ipsec,debug enctype = AES-CBC:AES-CBC
10:11:45 ipsec,debug (encklen = 256:256)
10:11:45 ipsec,debug hashtype = SHA:SHA
10:11:45 ipsec,debug authmethod = pre-shared key:pre-shared key
10:11:45 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
10:11:45 ipsec,debug an acceptable proposal found.
10:11:45 ipsec,debug dh(modp1024)
10:11:45 ipsec,debug agreed on pre-shared key auth.
10:11:45 ipsec,debug ===
10:11:45 ipsec,debug new cookie:
10:11:45 ipsec,debug 58aa9b18d3d27048
10:11:45 ipsec,debug add payload of len 52, next type 13
10:11:45 ipsec,debug add payload of len 16, next type 13
10:11:45 ipsec,debug add payload of len 16, next type 13
10:11:45 ipsec,debug add payload of len 20, next type 0
10:11:45 ipsec,debug 148 bytes from 192.168.200.1[500] to 192.168.200.196[500]
10:11:45 ipsec,debug 1 times of 148 bytes message will be sent to 192.168.200.196[500]
10:11:45 ipsec,debug,packet e1d9d224 95a2e581 58aa9b18 d3d27048 01100200 00000000 00000094 0d000038
10:11:45 ipsec,debug,packet 00000001 00000001 0000002c 01010001 00000024 09010000 800b0001 800c0e10
10:11:45 ipsec,debug,packet 80010007 800e0100 80030001 80020002 80040002 0d000014 4a131c81 07035845
10:11:45 ipsec,debug,packet 5c5728f2 0e95452f 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 00000018
10:11:45 ipsec,debug,packet 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000
10:11:45 ipsec,debug ===== received 228 bytes from 192.168.200.196[500] to 192.168.200.1[500]
10:11:45 ipsec,debug,packet e1d9d224 95a2e581 58aa9b18 d3d27048 04100200 00000000 000000e4 0a000084
10:11:45 ipsec,debug,packet 23d2da96 dd4e06f8 e0ae56ef cecc541a fbea67c7 4f28804f b9f7094e 71750624
10:11:45 ipsec,debug,packet 5bd64d2d 267507c1 6047f0e3 1d858fb0 9fdd3d69 d2e6d952 496f829f dee5b1a7
10:11:45 ipsec,debug,packet db96e1d9 592dafa1 cadd1642 7b23053a d720f5a6 612fb802 74260509 5d91693a
10:11:45 ipsec,debug,packet d8a313ec 13beebf3 fb94edde c40b6873 810c64ef 4605e0ae c526c94d 7188313b
10:11:45 ipsec,debug,packet 14000014 30504323 480ef432 a3c962e4 a7c02ef3 14000018 b36ccad4 31d8ef9a
10:11:45 ipsec,debug,packet 6810355d 1776d19b e02f99d6 00000018 7e25c3da 38382f81 e42d1ec5 3d19b3b9
10:11:45 ipsec,debug,packet 65fed4c6
10:11:45 ipsec,debug begin.
10:11:45 ipsec,debug seen nptype=4(ke) len=132
10:11:45 ipsec,debug seen nptype=10(nonce) len=20
10:11:45 ipsec,debug seen nptype=20(nat-d) len=24
10:11:45 ipsec,debug seen nptype=20(nat-d) len=24
10:11:45 ipsec,debug succeed.
10:11:45 ipsec,debug hash(sha1)
10:11:45 ipsec,debug hash(sha1)
10:11:45 ipsec,debug ===
10:11:45 ipsec,debug dh(modp1024)
10:11:45 ipsec,debug compute DH's private.
10:11:45 ipsec,debug 4be3e89d 2d83b616 0443d6e5 7d8c8ade 9361ad89 b3c15837 1d574dfc d3fd812a
10:11:45 ipsec,debug c1205f90 b2437378 bd5eb3e4 2413be92 6748169c 17d0cbe8 35ca4348 c8e2c320
10:11:45 ipsec,debug 9d18ef81 1db9b92b dc0cf037 827cab48 ae746be6 f86aa024 5a33dd21 234c49cc
10:11:45 ipsec,debug 3ecc8490 16bd01a1 f1f118c9 1b102d71 6e07fc30 b8708626 42ff7ac0 36978f97
10:11:45 ipsec,debug compute DH's public.
10:11:45 ipsec,debug cb0a9c62 9a793928 7a7b01f7 ade4d607 82336bf7 4bb5cdb7 46c43473 ed9d0656
10:11:45 ipsec,debug 5d167bc1 1ccfb7d1 9747ce99 995abe9b 926e4c2e 73ceb5b2 651ecd51 cc2e9613
10:11:45 ipsec,debug 8c9c053a 0103fd75 fbbe9f53 7c9e4c5a e9c592d2 a2c0d089 427a9371 b7746e15
10:11:45 ipsec,debug a62d022f b9f4a7d9 5197f253 e8641f14 7eb275ff cf3b4108 a8c673aa d2b48fa1
10:11:45 ipsec,debug hash(sha1)
10:11:45 ipsec,debug hash(sha1)
10:11:45 ipsec,debug add payload of len 128, next type 10
10:11:45 ipsec,debug add payload of len 24, next type 20
10:11:45 ipsec,debug add payload of len 20, next type 20
10:11:45 ipsec,debug add payload of len 20, next type 0
10:11:45 ipsec,debug 236 bytes from 192.168.200.1[500] to 192.168.200.196[500]
10:11:45 ipsec,debug 1 times of 236 bytes message will be sent to 192.168.200.196[500]
10:11:45 ipsec,debug,packet e1d9d224 95a2e581 58aa9b18 d3d27048 04100200 00000000 000000ec 0a000084
10:11:45 ipsec,debug,packet cb0a9c62 9a793928 7a7b01f7 ade4d607 82336bf7 4bb5cdb7 46c43473 ed9d0656
10:11:45 ipsec,debug,packet 5d167bc1 1ccfb7d1 9747ce99 995abe9b 926e4c2e 73ceb5b2 651ecd51 cc2e9613
10:11:45 ipsec,debug,packet 8c9c053a 0103fd75 fbbe9f53 7c9e4c5a e9c592d2 a2c0d089 427a9371 b7746e15
10:11:45 ipsec,debug,packet a62d022f b9f4a7d9 5197f253 e8641f14 7eb275ff cf3b4108 a8c673aa d2b48fa1
10:11:45 ipsec,debug,packet 1400001c f468ec6c 6f213f20 1fd01b16 33cf3770 2c4cdf4b 8acbfcad 14000018
10:11:45 ipsec,debug,packet 7e25c3da 38382f81 e42d1ec5 3d19b3b9 65fed4c6 00000018 b36ccad4 31d8ef9a
10:11:45 ipsec,debug,packet 6810355d 1776d19b e02f99d6
10:11:45 ipsec,debug dh(modp1024)
10:11:45 ipsec,debug compute DH's shared.
10:11:45 ipsec,debug
10:11:45 ipsec,debug 40d3de43 96ce1bce dfffe74f b2066337 73b54be4 96e78e6b dc7137bf 47953f0a
10:11:45 ipsec,debug 7c2b83b5 a548c61d 08cf4118 8fdc94b7 252261ee cad84709 bc691a37 40142f01
10:11:45 ipsec,debug 2e9ed235 3428eb50 55ee6acb 55bbd209 b8cfcfd7 8a8b134b e9853d9e 9fe54253
10:11:45 ipsec,debug c865838f db06627a 5df74d76 770e1ee3 005692b4 72c0a93e d0144fea 6c4781cb
10:11:45 ipsec,debug nonce 1:
10:11:45 ipsec,debug 30504323 480ef432 a3c962e4 a7c02ef3
10:11:45 ipsec,debug nonce 2:
10:11:45 ipsec,debug f468ec6c 6f213f20 1fd01b16 33cf3770 2c4cdf4b 8acbfcad
10:11:45 ipsec,debug hmac(hmac_sha1)
10:11:45 ipsec,debug SKEYID computed:
10:11:45 ipsec,debug d7e144aa a46400d5 5b5a30ab 4176420c c2d6dcd7
10:11:45 ipsec,debug hmac(hmac_sha1)
10:11:45 ipsec,debug SKEYID_d computed:
10:11:45 ipsec,debug fcedb66b 0bb22da1 4149f1c9 3cb34e2f d53bb661
10:11:45 ipsec,debug hmac(hmac_sha1)
10:11:45 ipsec,debug SKEYID_a computed:
10:11:45 ipsec,debug f0ee0d9e 448b490e b6d336d2 62309336 657277b8
10:11:45 ipsec,debug hmac(hmac_sha1)
10:11:45 ipsec,debug SKEYID_e computed:
10:11:45 ipsec,debug 0d6e8533 1f4b5054 3059c175 08360a44 016dabf3
10:11:45 ipsec,debug encryption(aes)
10:11:45 ipsec,debug hash(sha1)
10:11:45 ipsec,debug len(SKEYID_e) < len(Ka) (20 < 32), generating long key (Ka = K1 | K2 | ...)
10:11:45 ipsec,debug hmac(hmac_sha1)
10:11:45 ipsec,debug compute intermediate encryption key K1
10:11:45 ipsec,debug 00
10:11:45 ipsec,debug 20e0884a 1de98248 8117fd0d 399a9e4d ba0dc327
10:11:45 ipsec,debug hmac(hmac_sha1)
10:11:45 ipsec,debug compute intermediate encryption key K2
10:11:45 ipsec,debug 20e0884a 1de98248 8117fd0d 399a9e4d ba0dc327
10:11:45 ipsec,debug a7f06b5f 7902978a 9ea95494 7c0e7440 09ab7817
10:11:45 ipsec,debug final encryption key computed:
10:11:45 ipsec,debug 20e0884a 1de98248 8117fd0d 399a9e4d ba0dc327 a7f06b5f 7902978a 9ea95494
10:11:45 ipsec,debug hash(sha1)
10:11:45 ipsec,debug encryption(aes)
10:11:45 ipsec,debug IV computed:
10:11:45 ipsec,debug 4cd4470f 483355d6 e317081c 3e9d50d8
10:11:45 ipsec,debug ===== received 108 bytes from 192.168.200.196[500] to 192.168.200.1[500]
10:11:45 ipsec,debug,packet e1d9d224 95a2e581 58aa9b18 d3d27048 05100201 00000000 0000006c 2855053b
10:11:45 ipsec,debug,packet 13015dd9 e45d6018 97a2d40a 5f0e13a0 7f984857 a03d29ac 56f51a43 f2d9fa75
10:11:45 ipsec,debug,packet a741ecd6 fa14625e 83296ce4 708aaf4a cfe3f534 5e082dfe 83046613 ccad6811
10:11:45 ipsec,debug,packet 2bce78af cf7f9eef b4ae75e2
10:11:45 ipsec,debug encryption(aes)
10:11:45 ipsec,debug IV was saved for next processing:
10:11:45 ipsec,debug ccad6811 2bce78af cf7f9eef b4ae75e2
10:11:45 ipsec,debug encryption(aes)
10:11:45 ipsec,debug with key:
10:11:45 ipsec,debug 20e0884a 1de98248 8117fd0d 399a9e4d ba0dc327 a7f06b5f 7902978a 9ea95494
10:11:45 ipsec,debug decrypted payload by IV:
10:11:45 ipsec,debug 4cd4470f 483355d6 e317081c 3e9d50d8
10:11:45 ipsec,debug decrypted payload, but not trimed.
10:11:45 ipsec,debug 0800000c 011101f4 c0a8c8c4 0b000018 af602a81 a464e96d 7bdb9cd1 9baac8ea
10:11:45 ipsec,debug c0bb5907 0000001c 00000001 01106002 e1d9d224 95a2e581 58aa9b18 d3d27048
10:11:45 ipsec,debug 00000000 00000000 00000000 00000010
10:11:45 ipsec,debug padding len=17
10:11:45 ipsec,debug skip to trim padding.
10:11:45 ipsec,debug decrypted.
10:11:45 ipsec,debug e1d9d224 95a2e581 58aa9b18 d3d27048 05100201 00000000 0000006c 0800000c
10:11:45 ipsec,debug 011101f4 c0a8c8c4 0b000018 af602a81 a464e96d 7bdb9cd1 9baac8ea c0bb5907
10:11:45 ipsec,debug 0000001c 00000001 01106002 e1d9d224 95a2e581 58aa9b18 d3d27048 00000000
10:11:45 ipsec,debug 00000000 00000000 00000010
10:11:45 ipsec,debug begin.
10:11:45 ipsec,debug seen nptype=5(id) len=12
10:11:45 ipsec,debug seen nptype=8(hash) len=24
10:11:45 ipsec,debug seen nptype=11(notify) len=28
10:11:45 ipsec,debug succeed.
10:11:45 ipsec,debug 192.168.200.196 Notify Message received
10:11:45 ipsec,debug HASH received:
10:11:45 ipsec,debug af602a81 a464e96d 7bdb9cd1 9baac8ea c0bb5907
10:11:45 ipsec,debug HASH with:
10:11:45 ipsec,debug 23d2da96 dd4e06f8 e0ae56ef cecc541a fbea67c7 4f28804f b9f7094e 71750624
10:11:45 ipsec,debug 5bd64d2d 267507c1 6047f0e3 1d858fb0 9fdd3d69 d2e6d952 496f829f dee5b1a7
10:11:45 ipsec,debug db96e1d9 592dafa1 cadd1642 7b23053a d720f5a6 612fb802 74260509 5d91693a
10:11:45 ipsec,debug d8a313ec 13beebf3 fb94edde c40b6873 810c64ef 4605e0ae c526c94d 7188313b
10:11:45 ipsec,debug cb0a9c62 9a793928 7a7b01f7 ade4d607 82336bf7 4bb5cdb7 46c43473 ed9d0656
10:11:45 ipsec,debug 5d167bc1 1ccfb7d1 9747ce99 995abe9b 926e4c2e 73ceb5b2 651ecd51 cc2e9613
10:11:45 ipsec,debug 8c9c053a 0103fd75 fbbe9f53 7c9e4c5a e9c592d2 a2c0d089 427a9371 b7746e15
10:11:45 ipsec,debug a62d022f b9f4a7d9 5197f253 e8641f14 7eb275ff cf3b4108 a8c673aa d2b48fa1
10:11:45 ipsec,debug e1d9d224 95a2e581 58aa9b18 d3d27048 00000001 00000001 000001f8 0101000e
10:11:45 ipsec,debug 03000024 01010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
10:11:45 ipsec,debug 8004000e 03000024 02010000 800b0001 800c0e10 80010007 800e0100 80030001
10:11:45 ipsec,debug 80020002 8004000e 03000024 03010000 800b0001 800c0e10 80010007 800e0100
10:11:45 ipsec,debug 80030001 80020001 8004000e 03000024 04010000 800b0001 800c0e10 80010007
10:11:45 ipsec,debug 800e0100 80030001 80020006 8004000e 03000024 05010000 800b0001 800c0e10
10:11:45 ipsec,debug 80010007 800e0100 80030001 80020004 80040005 03000024 06010000 800b0001
10:11:45 ipsec,debug 800c0e10 80010007 800e0100 80030001 80020002 80040005 03000024 07010000
10:11:45 ipsec,debug 800b0001 800c0e10 80010007 800e0100 80030001 80020001 80040005 03000024
10:11:45 ipsec,debug 08010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004 80040002
10:11:45 ipsec,debug 03000024 09010000 800b0001 800c0e10 80010007 800e0100 80030001 80020002
10:11:45 ipsec,debug 80040002 03000024 0a010000 800b0001 800c0e10 80010007 800e0100 80030001
10:11:45 ipsec,debug 80020001 80040002 03000024 0b010000 800b0001 800c0e10 80010007 800e0080
10:11:45 ipsec,debug 80030001 80020002 80040002 03000024 0c010000 800b0001 800c0e10 80010007
10:11:45 ipsec,debug 800e0080 80030001 80020001 80040002 03000020 0d010000 800b0001 800c0e10
10:11:45 ipsec,debug 80010005 80030001 80020002 80040002 00000020 0e010000 800b0001 800c0e10
10:11:45 ipsec,debug 80010005 80030001 80020001 80040002 011101f4 c0a8c8c4
10:11:45 ipsec,debug hmac(hmac_sha1)
10:11:45 ipsec,debug HASH computed:
10:11:45 ipsec,debug af602a81 a464e96d 7bdb9cd1 9baac8ea c0bb5907
10:11:45 ipsec,debug HASH for PSK validated.
10:11:45 ipsec,debug 192.168.200.196 peer's ID
10:11:45 ipsec,debug 011101f4 c0a8c8c4
10:11:45 ipsec,debug ===
10:11:45 ipsec,debug use ID type of IPv4_address
10:11:45 ipsec,debug generate HASH_R
10:11:45 ipsec,debug HASH with:
10:11:45 ipsec,debug cb0a9c62 9a793928 7a7b01f7 ade4d607 82336bf7 4bb5cdb7 46c43473 ed9d0656
10:11:45 ipsec,debug 5d167bc1 1ccfb7d1 9747ce99 995abe9b 926e4c2e 73ceb5b2 651ecd51 cc2e9613
10:11:45 ipsec,debug 8c9c053a 0103fd75 fbbe9f53 7c9e4c5a e9c592d2 a2c0d089 427a9371 b7746e15
10:11:45 ipsec,debug a62d022f b9f4a7d9 5197f253 e8641f14 7eb275ff cf3b4108 a8c673aa d2b48fa1
10:11:45 ipsec,debug 23d2da96 dd4e06f8 e0ae56ef cecc541a fbea67c7 4f28804f b9f7094e 71750624
10:11:45 ipsec,debug 5bd64d2d 267507c1 6047f0e3 1d858fb0 9fdd3d69 d2e6d952 496f829f dee5b1a7
10:11:45 ipsec,debug db96e1d9 592dafa1 cadd1642 7b23053a d720f5a6 612fb802 74260509 5d91693a
10:11:45 ipsec,debug d8a313ec 13beebf3 fb94edde c40b6873 810c64ef 4605e0ae c526c94d 7188313b
10:11:45 ipsec,debug 58aa9b18 d3d27048 e1d9d224 95a2e581 00000001 00000001 000001f8 0101000e
10:11:45 ipsec,debug 03000024 01010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
10:11:45 ipsec,debug 8004000e 03000024 02010000 800b0001 800c0e10 80010007 800e0100 80030001
10:11:45 ipsec,debug 80020002 8004000e 03000024 03010000 800b0001 800c0e10 80010007 800e0100
10:11:45 ipsec,debug 80030001 80020001 8004000e 03000024 04010000 800b0001 800c0e10 80010007
10:11:45 ipsec,debug 800e0100 80030001 80020006 8004000e 03000024 05010000 800b0001 800c0e10
10:11:45 ipsec,debug 80010007 800e0100 80030001 80020004 80040005 03000024 06010000 800b0001
10:11:45 ipsec,debug 800c0e10 80010007 800e0100 80030001 80020002 80040005 03000024 07010000
10:11:45 ipsec,debug 800b0001 800c0e10 80010007 800e0100 80030001 80020001 80040005 03000024
10:11:45 ipsec,debug 08010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004 80040002
10:11:45 ipsec,debug 03000024 09010000 800b0001 800c0e10 80010007 800e0100 80030001 80020002
10:11:45 ipsec,debug 80040002 03000024 0a010000 800b0001 800c0e10 80010007 800e0100 80030001
10:11:45 ipsec,debug 80020001 80040002 03000024 0b010000 800b0001 800c0e10 80010007 800e0080
10:11:45 ipsec,debug 80030001 80020002 80040002 03000024 0c010000 800b0001 800c0e10 80010007
10:11:45 ipsec,debug 800e0080 80030001 80020001 80040002 03000020 0d010000 800b0001 800c0e10
10:11:45 ipsec,debug 80010005 80030001 80020002 80040002 00000020 0e010000 800b0001 800c0e10
10:11:45 ipsec,debug 80010005 80030001 80020001 80040002 011101f4 c0a8c801
10:11:45 ipsec,debug hmac(hmac_sha1)
10:11:45 ipsec,debug HASH computed:
10:11:45 ipsec,debug 3cf81321 c3e0963e f152ec75 fb6393f8 28e9312b
10:11:45 ipsec,debug add payload of len 8, next type 8
10:11:45 ipsec,debug add payload of len 20, next type 0
10:11:45 ipsec,debug begin encryption.
10:11:45 ipsec,debug encryption(aes)
10:11:45 ipsec,debug pad length = 12
10:11:45 ipsec,debug 0800000c 011101f4 c0a8c801 00000018 3cf81321 c3e0963e f152ec75 fb6393f8
10:11:45 ipsec,debug 28e9312b fccbfcda abb6d7bf bae9fb0b
10:11:45 ipsec,debug encryption(aes)
10:11:45 ipsec,debug with key:
10:11:45 ipsec,debug 20e0884a 1de98248 8117fd0d 399a9e4d ba0dc327 a7f06b5f 7902978a 9ea95494
10:11:45 ipsec,debug encrypted payload by IV:
10:11:45 ipsec,debug ccad6811 2bce78af cf7f9eef b4ae75e2
10:11:45 ipsec,debug save IV for next:
10:11:45 ipsec,debug 18a5b569 8dabddff 7167ffa4 69e8dbb3
10:11:45 ipsec,debug encrypted.
10:11:45 ipsec,debug 76 bytes from 192.168.200.1[500] to 192.168.200.196[500]
10:11:45 ipsec,debug 1 times of 76 bytes message will be sent to 192.168.200.196[500]
10:11:45 ipsec,debug,packet e1d9d224 95a2e581 58aa9b18 d3d27048 05100201 00000000 0000004c 627fce86
10:11:45 ipsec,debug,packet 59cd84b6 85b59e64 a0139fb5 96e46004 d11e0b60 8115f53e aaec1c0a 18a5b569
10:11:45 ipsec,debug,packet 8dabddff 7167ffa4 69e8dbb3
10:11:45 ipsec,info ISAKMP-SA established 192.168.200.1[500]-192.168.200.196[500] spi:e1d9d22495a2e581:58aa9b18d3d27048
10:11:45 ipsec,debug ===
10:11:46 ipsec,debug ===== received 284 bytes from 192.168.200.196[500] to 192.168.200.1[500]
10:11:46 ipsec,debug,packet e1d9d224 95a2e581 58aa9b18 d3d27048 08102001 c03f33e7 0000011c 6c40897e
10:11:46 ipsec,debug,packet 2771ff68 eb232ef5 be9870df 5f36ccdd 31dfc0a0 71d200a3 e993f9b0 2ec82921
10:11:46 ipsec,debug,packet 0e1e9316 5f998a41 a654b41d a4233f40 b926ead1 50dabe56 c2782df8 c280b380
10:11:46 ipsec,debug,packet 2c4dff1a 38307d34 236292f4 71576379 8451fab3 d412ff6e a0bcf0f5 01f5126b
10:11:46 ipsec,debug,packet 5edf27d6 9317311a f29ae90a 03eac059 713a7417 7e40aa42 6a69022f e1339e44
10:11:46 ipsec,debug,packet bc878fbc 313cb8e9 9da72ebe 2d4ebaa9 da3ff32e 7e4771f8 3e7892b4 bc068ffd
10:11:46 ipsec,debug,packet 1ae1a23c beb197b0 26373dff 3952a013 a37cf83b ec414c3c ee0851e0 a23f3602
10:11:46 ipsec,debug,packet 4465de92 ef86ca62 08139093 e9423820 6014ed14 1fe4001d 63f78125 ce2b02a9
10:11:46 ipsec,debug,packet 9b8f5ce4 bc54c5f7 3980c2ad eb011f76 4197a416 1a636e59 026ef0c4
10:11:46 ipsec,debug compute IV for phase2
10:11:46 ipsec,debug phase1 last IV:
10:11:46 ipsec,debug 18a5b569 8dabddff 7167ffa4 69e8dbb3 c03f33e7
10:11:46 ipsec,debug hash(sha1)
10:11:46 ipsec,debug encryption(aes)
10:11:46 ipsec,debug phase2 IV computed:
10:11:46 ipsec,debug 5d151ec6 a812689b 6abe1a4c 80ccb096
10:11:46 ipsec,debug ===
10:11:46 ipsec,debug encryption(aes)
10:11:46 ipsec,debug IV was saved for next processing:
10:11:46 ipsec,debug eb011f76 4197a416 1a636e59 026ef0c4
10:11:46 ipsec,debug encryption(aes)
10:11:46 ipsec,debug with key:
10:11:46 ipsec,debug 20e0884a 1de98248 8117fd0d 399a9e4d ba0dc327 a7f06b5f 7902978a 9ea95494
10:11:46 ipsec,debug decrypted payload by IV:
10:11:46 ipsec,debug 5d151ec6 a812689b 6abe1a4c 80ccb096
10:11:46 ipsec,debug decrypted payload, but not trimed.
10:11:46 ipsec,debug 01000018 38c86e04 2649a605 c5646a67 6f58f750 f86a79af 0a0000b8 00000001
10:11:46 ipsec,debug 00000001 000000ac 01030406 0580f195 0300001c 010c0000 80010001 80020e10
10:11:46 ipsec,debug 80040002 80060100 80050002 0300001c 020c0000 80010001 80020e10 80040002
10:11:46 ipsec,debug 80060100 80050001 0300001c 030c0000 80010001 80020e10 80040002 80060080
10:11:46 ipsec,debug 80050002 0300001c 040c0000 80010001 80020e10 80040002 80060080 80050001
10:11:46 ipsec,debug 03000018 05030000 80010001 80020e10 80040002 80050002 00000018 06030000
10:11:46 ipsec,debug 80010001 80020e10 80040002 80050001 05000014 1d7c3305 be8084ae 44f014a7
10:11:46 ipsec,debug 8f395f05 0500000c 0111f5f4 c0a8c8c4 0000000c 011106a5 c0a8c801 00000004
10:11:46 ipsec,debug padding len=5
10:11:46 ipsec,debug skip to trim padding.
10:11:46 ipsec,debug decrypted.
10:11:46 ipsec,debug e1d9d224 95a2e581 58aa9b18 d3d27048 08102001 c03f33e7 0000011c 01000018
10:11:46 ipsec,debug 38c86e04 2649a605 c5646a67 6f58f750 f86a79af 0a0000b8 00000001 00000001
10:11:46 ipsec,debug 000000ac 01030406 0580f195 0300001c 010c0000 80010001 80020e10 80040002
10:11:46 ipsec,debug 80060100 80050002 0300001c 020c0000 80010001 80020e10 80040002 80060100
10:11:46 ipsec,debug 80050001 0300001c 030c0000 80010001 80020e10 80040002 80060080 80050002
10:11:46 ipsec,debug 0300001c 040c0000 80010001 80020e10 80040002 80060080 80050001 03000018
10:11:46 ipsec,debug 05030000 80010001 80020e10 80040002 80050002 00000018 06030000 80010001
10:11:46 ipsec,debug 80020e10 80040002 80050001 05000014 1d7c3305 be8084ae 44f014a7 8f395f05
10:11:46 ipsec,debug 0500000c 0111f5f4 c0a8c8c4 0000000c 011106a5 c0a8c801 00000004
10:11:46 ipsec,debug begin.
10:11:46 ipsec,debug seen nptype=8(hash) len=24
10:11:46 ipsec,debug seen nptype=1(sa) len=184
10:11:46 ipsec,debug seen nptype=10(nonce) len=20
10:11:46 ipsec,debug seen nptype=5(id) len=12
10:11:46 ipsec,debug seen nptype=5(id) len=12
10:11:46 ipsec,debug succeed.
10:11:46 ipsec,debug received IDci2:
10:11:46 ipsec,debug 0111f5f4 c0a8c8c4
10:11:46 ipsec,debug received IDcr2:
10:11:46 ipsec,debug 011106a5 c0a8c801
10:11:46 ipsec,debug HASH(1) validate:
10:11:46 ipsec,debug 38c86e04 2649a605 c5646a67 6f58f750 f86a79af
10:11:46 ipsec,debug HASH with:
10:11:46 ipsec,debug c03f33e7 0a0000b8 00000001 00000001 000000ac 01030406 0580f195 0300001c
10:11:46 ipsec,debug 010c0000 80010001 80020e10 80040002 80060100 80050002 0300001c 020c0000
10:11:46 ipsec,debug 80010001 80020e10 80040002 80060100 80050001 0300001c 030c0000 80010001
10:11:46 ipsec,debug 80020e10 80040002 80060080 80050002 0300001c 040c0000 80010001 80020e10
10:11:46 ipsec,debug 80040002 80060080 80050001 03000018 05030000 80010001 80020e10 80040002
10:11:46 ipsec,debug 80050002 00000018 06030000 80010001 80020e10 80040002 80050001 05000014
10:11:46 ipsec,debug 1d7c3305 be8084ae 44f014a7 8f395f05 0500000c 0111f5f4 c0a8c8c4 0000000c
10:11:46 ipsec,debug 011106a5 c0a8c801
10:11:46 ipsec,debug hmac(hmac_sha1)
10:11:46 ipsec,debug HASH computed:
10:11:46 ipsec,debug 38c86e04 2649a605 c5646a67 6f58f750 f86a79af
10:11:46 ipsec,debug total SA len=180
10:11:46 ipsec,debug 00000001 00000001 000000ac 01030406 0580f195 0300001c 010c0000 80010001
10:11:46 ipsec,debug 80020e10 80040002 80060100 80050002 0300001c 020c0000 80010001 80020e10
10:11:46 ipsec,debug 80040002 80060100 80050001 0300001c 030c0000 80010001 80020e10 80040002
10:11:46 ipsec,debug 80060080 80050002 0300001c 040c0000 80010001 80020e10 80040002 80060080
10:11:46 ipsec,debug 80050001 03000018 05030000 80010001 80020e10 80040002 80050002 00000018
10:11:46 ipsec,debug 06030000 80010001 80020e10 80040002 80050001
10:11:46 ipsec,debug begin.
10:11:46 ipsec,debug seen nptype=2(prop) len=172
10:11:46 ipsec,debug succeed.
10:11:46 ipsec,debug proposal #1 len=172
10:11:46 ipsec,debug begin.
10:11:46 ipsec,debug seen nptype=3(trns) len=28
10:11:46 ipsec,debug seen nptype=3(trns) len=28
10:11:46 ipsec,debug seen nptype=3(trns) len=28
10:11:46 ipsec,debug seen nptype=3(trns) len=28
10:11:46 ipsec,debug seen nptype=3(trns) len=24
10:11:46 ipsec,debug seen nptype=3(trns) len=24
10:11:46 ipsec,debug succeed.
10:11:46 ipsec,debug transform #1 len=28
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug life duration was in TLV.
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
10:11:46 ipsec,debug transform #2 len=28
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug life duration was in TLV.
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
10:11:46 ipsec,debug transform #3 len=28
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug life duration was in TLV.
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Key Length, flag=0x8000, lorv=128
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
10:11:46 ipsec,debug transform #4 len=28
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug life duration was in TLV.
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Key Length, flag=0x8000, lorv=128
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
10:11:46 ipsec,debug transform #5 len=24
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug life duration was in TLV.
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
10:11:46 ipsec,debug transform #6 len=24
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug life duration was in TLV.
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
10:11:46 ipsec,debug pair 1:
10:11:46 ipsec,debug  0x48d120: next=(nil) tnext=0x488d70
10:11:46 ipsec,debug   0x488d70: next=(nil) tnext=0x48c828
10:11:46 ipsec,debug    0x48c828: next=(nil) tnext=0x48b8d8
10:11:46 ipsec,debug     0x48b8d8: next=(nil) tnext=0x48b8f0
10:11:46 ipsec,debug      0x48b8f0: next=(nil) tnext=0x48ac48
10:11:46 ipsec,debug       0x48ac48: next=(nil) tnext=(nil)
10:11:46 ipsec,debug proposal #1: 6 transform
10:11:46 ipsec,debug got the peer address from ID payload anonymous prefixlen=0 ul_proto=17
10:11:46 ipsec,debug got the local address from ID payload 192.168.200.1[1701] prefixlen=32 ul_proto=17
10:11:46 ipsec,debug updating policy address because of NAT in transport mode
10:11:46 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=17:17)
10:11:46 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
10:11:46 ipsec,debug   (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
10:11:46 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
10:11:46 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
10:11:46 ipsec,debug begin compare proposals.
10:11:46 ipsec,debug pair[1]: 0x48d120
10:11:46 ipsec,debug  0x48d120: next=(nil) tnext=0x488d70
10:11:46 ipsec,debug   0x488d70: next=(nil) tnext=0x48c828
10:11:46 ipsec,debug    0x48c828: next=(nil) tnext=0x48b8d8
10:11:46 ipsec,debug     0x48b8d8: next=(nil) tnext=0x48b8f0
10:11:46 ipsec,debug      0x48b8f0: next=(nil) tnext=0x48ac48
10:11:46 ipsec,debug       0x48ac48: next=(nil) tnext=(nil)
10:11:46 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=1 trns-id=AES-CBC
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
10:11:46 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=2 trns-id=AES-CBC
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
10:11:46 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=3 trns-id=AES-CBC
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Key Length, flag=0x8000, lorv=128
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
10:11:46 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=4 trns-id=AES-CBC
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Key Length, flag=0x8000, lorv=128
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
10:11:46 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=5 trns-id=3DES
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
10:11:46 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=6 trns-id=3DES
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
10:11:46 ipsec,debug peer's single bundle:
10:11:46 ipsec,debug  (proto_id=ESP spisize=4 spi=0580f195 spi_p=00000000 encmode=Transport reqid=0:0)
10:11:46 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
10:11:46 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-md5)
10:11:46 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
10:11:46 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-md5)
10:11:46 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
10:11:46 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-md5)
10:11:46 ipsec,debug my single bundle:
10:11:46 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=17:17)
10:11:46 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
10:11:46 ipsec,debug   (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
10:11:46 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
10:11:46 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
10:11:46 ipsec,debug matched
10:11:46 ipsec,debug ===
10:11:46 ipsec,debug call pfkey_send_getspi 5d451fbe
10:11:46 ipsec,debug pfkey GETSPI sent: ESP/Transport 192.168.200.196[500]->192.168.200.1[500]
10:11:46 ipsec,debug pfkey getspi sent.
10:11:46 ipsec,debug total SA len=48
10:11:46 ipsec,debug 00000001 00000001 00000028 01030401 00000000 0000001c 010c0000 80010001
10:11:46 ipsec,debug 80020e10 80040002 80060100 80050002
10:11:46 ipsec,debug begin.
10:11:46 ipsec,debug seen nptype=2(prop) len=40
10:11:46 ipsec,debug succeed.
10:11:46 ipsec,debug proposal #1 len=40
10:11:46 ipsec,debug begin.
10:11:46 ipsec,debug seen nptype=3(trns) len=28
10:11:46 ipsec,debug succeed.
10:11:46 ipsec,debug transform #1 len=28
10:11:46 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
10:11:46 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
10:11:46 ipsec,debug life duration was in TLV.
10:11:46 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
10:11:46 ipsec,debug type=Key Length, flag=0x8000, lorv=256
10:11:46 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
10:11:46 ipsec,debug pair 1:
10:11:46 ipsec,debug  0x48d120: next=(nil) tnext=(nil)
10:11:46 ipsec,debug proposal #1: 1 transform
10:11:46 ipsec,debug add payload of len 48, next type 10
10:11:46 ipsec,debug add payload of len 24, next type 5
10:11:46 ipsec,debug add payload of len 8, next type 5
10:11:46 ipsec,debug add payload of len 8, next type 0
10:11:46 ipsec,debug HASH with:
10:11:46 ipsec,debug c03f33e7 1d7c3305 be8084ae 44f014a7 8f395f05 0a000034 00000001 00000001
10:11:46 ipsec,debug 00000028 01030401 08a053e4 0000001c 010c0000 80010001 80020e10 80040002
10:11:46 ipsec,debug 80060100 80050002 0500001c 912d7411 a66de0a6 e4ef803c 1065daab e7f94ca7
10:11:46 ipsec,debug 2b085ee7 0500000c 0111f5f4 c0a8c8c4 0000000c 011106a5 c0a8c801
10:11:46 ipsec,debug hmac(hmac_sha1)
10:11:46 ipsec,debug HASH computed:
10:11:46 ipsec,debug a59b427a fe72d914 d5524a53 54b526aa e5203637
10:11:46 ipsec,debug add payload of len 20, next type 1
10:11:46 ipsec,debug begin encryption.
10:11:46 ipsec,debug encryption(aes)
10:11:46 ipsec,debug pad length = 16
10:11:46 ipsec,debug 01000018 a59b427a fe72d914 d5524a53 54b526aa e5203637 0a000034 00000001
10:11:46 ipsec,debug 00000001 00000028 01030401 08a053e4 0000001c 010c0000 80010001 80020e10
10:11:46 ipsec,debug 80040002 80060100 80050002 0500001c 912d7411 a66de0a6 e4ef803c 1065daab
10:11:46 ipsec,debug e7f94ca7 2b085ee7 0500000c 0111f5f4 c0a8c8c4 0000000c 011106a5 c0a8c801
10:11:46 ipsec,debug a5d2e1b7 9a8cc1a9 beffa5ea ddbadb0f
10:11:46 ipsec,debug encryption(aes)
10:11:46 ipsec,debug with key:
10:11:46 ipsec,debug 20e0884a 1de98248 8117fd0d 399a9e4d ba0dc327 a7f06b5f 7902978a 9ea95494
10:11:46 ipsec,debug encrypted payload by IV:
10:11:46 ipsec,debug eb011f76 4197a416 1a636e59 026ef0c4
10:11:46 ipsec,debug save IV for next:
10:11:46 ipsec,debug 987251c5 e39cf6a4 919fa7e8 4a8b9d8d
10:11:46 ipsec,debug encrypted.
10:11:46 ipsec,debug 172 bytes from 192.168.200.1[500] to 192.168.200.196[500]
10:11:46 ipsec,debug 1 times of 172 bytes message will be sent to 192.168.200.196[500]
10:11:46 ipsec,debug,packet e1d9d224 95a2e581 58aa9b18 d3d27048 08102001 c03f33e7 000000ac 624042c4
10:11:46 ipsec,debug,packet 9d12095e dc722abc d0ff7dbd e2bd6d64 57380ccc 37fb4a53 c93a164e 50313de9
10:11:46 ipsec,debug,packet 1c39310c c136c0e9 6d45ab52 b8682ef9 fc00aca1 3b35d267 352610d2 21ab9714
10:11:46 ipsec,debug,packet 1b6e1781 9d02256e b12fcfcd d07005f7 2967ebd9 f2e97d81 f2463e91 66500536
10:11:46 ipsec,debug,packet 2be93cd4 9550b3a1 8a3af7b5 937faddf d3518f12 9fc93e63 f47ef5e6 987251c5
10:11:46 ipsec,debug,packet e39cf6a4 919fa7e8 4a8b9d8d
10:11:46 ipsec,debug ===== received 60 bytes from 192.168.200.196[500] to 192.168.200.1[500]
10:11:46 ipsec,debug,packet e1d9d224 95a2e581 58aa9b18 d3d27048 08102001 c03f33e7 0000003c 1426d287
10:11:46 ipsec,debug,packet 20182a73 d328b65a 20fab054 d8c80187 372b5833 097ef9c0 a07b07ff
10:11:46 ipsec,debug encryption(aes)
10:11:46 ipsec,debug IV was saved for next processing:
10:11:46 ipsec,debug d8c80187 372b5833 097ef9c0 a07b07ff
10:11:46 ipsec,debug encryption(aes)
10:11:46 ipsec,debug with key:
10:11:46 ipsec,debug 20e0884a 1de98248 8117fd0d 399a9e4d ba0dc327 a7f06b5f 7902978a 9ea95494
10:11:46 ipsec,debug decrypted payload by IV:
10:11:46 ipsec,debug 987251c5 e39cf6a4 919fa7e8 4a8b9d8d
10:11:46 ipsec,debug decrypted payload, but not trimed.
10:11:46 ipsec,debug 00000018 97a7cedb d9216d03 1c2d1284 78dbadf8 d4fde447 00000000 00000008
10:11:46 ipsec,debug padding len=9
10:11:46 ipsec,debug skip to trim padding.
10:11:46 ipsec,debug decrypted.
10:11:46 ipsec,debug e1d9d224 95a2e581 58aa9b18 d3d27048 08102001 c03f33e7 0000003c 00000018
10:11:46 ipsec,debug 97a7cedb d9216d03 1c2d1284 78dbadf8 d4fde447 00000000 00000008
10:11:46 ipsec,debug begin.
10:11:46 ipsec,debug seen nptype=8(hash) len=24
10:11:46 ipsec,debug succeed.
10:11:46 ipsec,debug HASH(3) validate:
10:11:46 ipsec,debug 97a7cedb d9216d03 1c2d1284 78dbadf8 d4fde447
10:11:46 ipsec,debug HASH with:
10:11:46 ipsec,debug 00c03f33 e71d7c33 05be8084 ae44f014 a78f395f 05912d74 11a66de0 a6e4ef80
10:11:46 ipsec,debug 3c1065da abe7f94c a72b085e e7
10:11:46 ipsec,debug hmac(hmac_sha1)
10:11:46 ipsec,debug HASH computed:
10:11:46 ipsec,debug 97a7cedb d9216d03 1c2d1284 78dbadf8 d4fde447
10:11:46 ipsec,debug ===
10:11:46 ipsec,debug KEYMAT compute with
10:11:46 ipsec,debug 0308a053 e41d7c33 05be8084 ae44f014 a78f395f 05912d74 11a66de0 a6e4ef80
10:11:46 ipsec,debug 3c1065da abe7f94c a72b085e e7
10:11:46 ipsec,debug hmac(hmac_sha1)
10:11:46 ipsec,debug encryption(aes-cbc)
10:11:46 ipsec,debug hmac(sha1)
10:11:46 ipsec,debug encklen=256 authklen=160
10:11:46 ipsec,debug generating 640 bits of key (dupkeymat=4)
10:11:46 ipsec,debug generating K1...K4 for KEYMAT.
10:11:46 ipsec,debug hmac(hmac_sha1)
10:11:46 ipsec,debug hmac(hmac_sha1)
10:11:46 ipsec,debug hmac(hmac_sha1)
10:11:46 ipsec,debug 3fb0f507 db9fe066 d4f559f7 21aa4224 bd802e26 40dc6340 fc291c8d d49228bc
10:11:46 ipsec,debug 45b0b9ce e3f30389 4b0995f6 0d381855 8ece0f99 f4064a90 66b624bc 03bf322c
10:11:46 ipsec,debug 1b6931ab 510c1bfa 52a292ac c2c9545b
10:11:46 ipsec,debug KEYMAT compute with
10:11:46 ipsec,debug 030580f1 951d7c33 05be8084 ae44f014 a78f395f 05912d74 11a66de0 a6e4ef80
10:11:46 ipsec,debug 3c1065da abe7f94c a72b085e e7
10:11:46 ipsec,debug hmac(hmac_sha1)
10:11:46 ipsec,debug encryption(aes-cbc)
10:11:46 ipsec,debug hmac(sha1)
10:11:46 ipsec,debug encklen=256 authklen=160
10:11:46 ipsec,debug generating 640 bits of key (dupkeymat=4)
10:11:46 ipsec,debug generating K1...K4 for KEYMAT.
10:11:46 ipsec,debug hmac(hmac_sha1)
10:11:46 ipsec,debug hmac(hmac_sha1)
10:11:46 ipsec,debug hmac(hmac_sha1)
10:11:46 ipsec,debug a99dd08b 562eed73 a93765e5 edf8d93b 6fd7de52 f0728f03 5e65e141 f6bc402a
10:11:46 ipsec,debug 8376ada7 f272e24b f05d8141 42c9a484 9dc35432 a14ca9eb ff6ea6f2 bb25ae61
10:11:46 ipsec,debug 4a610fe0 63b06db1 13053228 c66a2649
10:11:46 ipsec,debug KEYMAT computed.
10:11:46 ipsec,debug call pk_sendupdate
10:11:46 ipsec,debug encryption(aes-cbc)
10:11:46 ipsec,debug hmac(sha1)
10:11:46 ipsec,debug call pfkey_send_update_nat
10:11:46 ipsec,debug pfkey update sent.
10:11:46 ipsec,debug encryption(aes-cbc)
10:11:46 ipsec,debug hmac(sha1)
10:11:46 ipsec,debug call pfkey_send_add_nat
10:11:46 ipsec,debug pfkey add sent.
10:11:47 l2tp,debug,packet rcvd control message from 192.168.200.196:62964 to 192.168.200.1:1701
10:11:47 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
10:11:47 l2tp,debug,packet     (M) Message-Type=SCCRQ
10:11:47 l2tp,debug,packet     (M) Protocol-Version=0x01:00
10:11:47 l2tp,debug,packet     (M) Framing-Capabilities=0x3
10:11:47 l2tp,debug,packet     (M) Host-Name=0x47:4f:53:54:59:00
10:11:47 l2tp,debug,packet     (M) Assigned-Tunnel-ID=103
10:11:47 l2tp,debug,packet     (M) Receive-Window-Size=4
10:11:47 l2tp,info first L2TP UDP packet received from 192.168.200.196
10:11:47 l2tp,debug tunnel 37 entering state: wait-ctl-conn
10:11:47 l2tp,debug,packet sent control message to 192.168.200.196:62964 from 192.168.200.1:1701
10:11:47 l2tp,debug,packet     tunnel-id=103, session-id=0, ns=0, nr=1
10:11:47 l2tp,debug,packet     (M) Message-Type=SCCRP
10:11:47 l2tp,debug,packet     (M) Protocol-Version=0x01:00
10:11:47 l2tp,debug,packet     (M) Framing-Capabilities=0x1
10:11:47 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
10:11:47 l2tp,debug,packet     Firmware-Revision=0x1
10:11:47 l2tp,debug,packet     (M) Host-Name="MikroTik"
10:11:47 l2tp,debug,packet     Vendor-Name="MikroTik"
10:11:47 l2tp,debug,packet     (M) Assigned-Tunnel-ID=37
10:11:47 l2tp,debug,packet     (M) Receive-Window-Size=4
10:11:47 l2tp,debug,packet     (M) Challenge=0xc6:91:5a:51:82:dd:df:fe:14:0c:9b:31:20:9e:0a:55
10:11:47 l2tp,debug,packet rcvd control message from 192.168.200.196:62964 to 192.168.200.1:1701
10:11:47 l2tp,debug,packet     tunnel-id=37, session-id=0, ns=1, nr=1
10:11:47 l2tp,debug,packet     (M) Message-Type=SCCCN
10:11:47 l2tp,debug tunnel 37 received bad auth. response, stopping
10:11:47 l2tp,debug,packet sent control message to 192.168.200.196:62964 from 192.168.200.1:1701
10:11:47 l2tp,debug,packet     tunnel-id=103, session-id=0, ns=1, nr=2
10:11:47 l2tp,debug,packet     (M) Message-Type=StopCCN
10:11:47 l2tp,debug,packet     (M) Result-Code=1
10:11:47 l2tp,debug,packet     (M) Assigned-Tunnel-ID=37
10:11:47 l2tp,debug tunnel 37 entering state: stopping
10:11:47 l2tp,debug,packet rcvd control message from 192.168.200.196:62964 to 192.168.200.1:1701
10:11:47 l2tp,debug,packet     tunnel-id=37, session-id=0, ns=2, nr=1
10:11:47 l2tp,debug,packet     (M) Message-Type=ICRQ
10:11:47 l2tp,debug,packet     (M) Assigned-Session-ID=5227
10:11:47 l2tp,debug,packet     (M) Call-Serial-Number=1
10:11:47 l2tp,debug tunnel 37 received message in stopping state, dropping
10:11:47 ipsec,debug ===== received 76 bytes from 192.168.200.196[500] to 192.168.200.1[500]
10:11:47 ipsec,debug,packet e1d9d224 95a2e581 58aa9b18 d3d27048 08100501 03a2fda6 0000004c da09a88b
10:11:47 ipsec,debug,packet d4c2d6bb b25a8e9f e4dba356 0ec9b5f3 38a70c5b f6010cf5 514f49cc 7aeccfcb
10:11:47 ipsec,debug,packet f6aae8f5 a4a15733 b4ea4a5d
10:11:47 ipsec,debug compute IV for phase2
10:11:47 ipsec,debug phase1 last IV:
10:11:47 ipsec,debug 18a5b569 8dabddff 7167ffa4 69e8dbb3 03a2fda6
10:11:47 ipsec,debug hash(sha1)
10:11:47 ipsec,debug encryption(aes)
10:11:47 ipsec,debug phase2 IV computed:
10:11:47 ipsec,debug 113e15fb f9a82715 03a54532 3fdcad47
10:11:47 ipsec,debug encryption(aes)
10:11:47 ipsec,debug IV was saved for next processing:
10:11:47 ipsec,debug 7aeccfcb f6aae8f5 a4a15733 b4ea4a5d
10:11:47 ipsec,debug encryption(aes)
10:11:47 ipsec,debug with key:
10:11:47 ipsec,debug 20e0884a 1de98248 8117fd0d 399a9e4d ba0dc327 a7f06b5f 7902978a 9ea95494
10:11:47 ipsec,debug decrypted payload by IV:
10:11:47 ipsec,debug 113e15fb f9a82715 03a54532 3fdcad47
10:11:47 ipsec,debug decrypted payload, but not trimed.
10:11:47 ipsec,debug 0c000018 da510ba3 b6b3bc78 83949a8f 937afe35 16fc5b0b 00000010 00000001
10:11:47 ipsec,debug 03040001 0580f195 00000000 00000008
10:11:47 ipsec,debug padding len=9
10:11:47 ipsec,debug skip to trim padding.
10:11:47 ipsec,debug decrypted.
10:11:47 ipsec,debug e1d9d224 95a2e581 58aa9b18 d3d27048 08100501 03a2fda6 0000004c 0c000018
10:11:47 ipsec,debug da510ba3 b6b3bc78 83949a8f 937afe35 16fc5b0b 00000010 00000001 03040001
10:11:47 ipsec,debug 0580f195 00000000 00000008
10:11:47 ipsec,debug HASH with:
10:11:47 ipsec,debug 03a2fda6 00000010 00000001 03040001 0580f195
10:11:47 ipsec,debug hmac(hmac_sha1)
10:11:47 ipsec,debug HASH computed:
10:11:47 ipsec,debug da510ba3 b6b3bc78 83949a8f 937afe35 16fc5b0b
10:11:47 ipsec,debug hash validated.
10:11:47 ipsec,debug begin.
10:11:47 ipsec,debug seen nptype=8(hash) len=24
10:11:47 ipsec,debug seen nptype=12(delete) len=16
10:11:47 ipsec,debug succeed.
10:11:47 ipsec,debug 192.168.200.196 delete payload for protocol ESP
10:11:47 ipsec,debug an undead schedule has been deleted.
10:11:47 ipsec,debug purged SAs.
10:11:47 ipsec,debug ===== received 92 bytes from 192.168.200.196[500] to 192.168.200.1[500]
10:11:47 ipsec,debug,packet e1d9d224 95a2e581 58aa9b18 d3d27048 08100501 55d8a13e 0000005c 1fa0f2a5
10:11:47 ipsec,debug,packet e7f53744 fc5a5eb7 c45e8dd5 321b38dc b0a21dab 66765e36 c531c585 bf7e830b
10:11:47 ipsec,debug,packet a127515a c4a76f78 089c988e 0ed7f468 a224d0a1 e05e8fdb 730ff089
10:11:47 ipsec,debug compute IV for phase2
10:11:47 ipsec,debug phase1 last IV:
10:11:47 ipsec,debug 18a5b569 8dabddff 7167ffa4 69e8dbb3 55d8a13e
10:11:47 ipsec,debug hash(sha1)
10:11:47 ipsec,debug encryption(aes)
10:11:47 ipsec,debug phase2 IV computed:
10:11:47 ipsec,debug a7b4a94b 360526a9 209fa7c3 37cb8651
10:11:47 ipsec,debug encryption(aes)
10:11:47 ipsec,debug IV was saved for next processing:
10:11:47 ipsec,debug 0ed7f468 a224d0a1 e05e8fdb 730ff089
10:11:47 ipsec,debug encryption(aes)
10:11:47 ipsec,debug with key:
10:11:47 ipsec,debug 20e0884a 1de98248 8117fd0d 399a9e4d ba0dc327 a7f06b5f 7902978a 9ea95494
10:11:47 ipsec,debug decrypted payload by IV:
10:11:47 ipsec,debug a7b4a94b 360526a9 209fa7c3 37cb8651
10:11:47 ipsec,debug decrypted payload, but not trimed.
10:11:47 ipsec,debug 0c000018 195cdce0 e7b0d058 61d082e1 aa631b5f 189f074a 0000001c 00000001
10:11:47 ipsec,debug 01100001 e1d9d224 95a2e581 58aa9b18 d3d27048 00000000 00000000 0000000c
10:11:47 ipsec,debug padding len=13
10:11:47 ipsec,debug skip to trim padding.
10:11:47 ipsec,debug decrypted.
10:11:47 ipsec,debug e1d9d224 95a2e581 58aa9b18 d3d27048 08100501 55d8a13e 0000005c 0c000018
10:11:47 ipsec,debug 195cdce0 e7b0d058 61d082e1 aa631b5f 189f074a 0000001c 00000001 01100001
10:11:47 ipsec,debug e1d9d224 95a2e581 58aa9b18 d3d27048 00000000 00000000 0000000c
10:11:47 ipsec,debug HASH with:
10:11:47 ipsec,debug 55d8a13e 0000001c 00000001 01100001 e1d9d224 95a2e581 58aa9b18 d3d27048
10:11:47 ipsec,debug hmac(hmac_sha1)
10:11:47 ipsec,debug HASH computed:
10:11:47 ipsec,debug 195cdce0 e7b0d058 61d082e1 aa631b5f 189f074a
10:11:47 ipsec,debug hash validated.
10:11:47 ipsec,debug begin.
10:11:47 ipsec,debug seen nptype=8(hash) len=24
10:11:47 ipsec,debug seen nptype=12(delete) len=28
10:11:47 ipsec,debug succeed.
10:11:47 ipsec,debug 192.168.200.196 delete payload for protocol ISAKMP
10:11:47 ipsec,info purging ISAKMP-SA 192.168.200.1[500]<=>192.168.200.196[500] spi=e1d9d22495a2e581:58aa9b18d3d27048.
10:11:47 ipsec,debug purged SAs.
10:11:47 l2tp,debug,packet rcvd control message (ack) from 192.168.200.196:62964 to 192.168.200.1:1701
10:11:47 l2tp,debug,packet     tunnel-id=37, session-id=0, ns=3, nr=2
10:11:47 l2tp,debug tunnel 37 entering state: dead
10:11:48 l2tp,debug,packet rcvd control message from 192.168.200.196:62964 to 192.168.200.1:1701
10:11:48 l2tp,debug,packet     tunnel-id=37, session-id=0, ns=2, nr=2
10:11:48 l2tp,debug,packet     (M) Message-Type=ICRQ
10:11:48 l2tp,debug,packet     (M) Assigned-Session-ID=5227
10:11:48 l2tp,debug,packet     (M) Call-Serial-Number=1
10:11:48 ipsec,info ISAKMP-SA deleted 192.168.200.1[500]-192.168.200.196[500] spi:e1d9d22495a2e581:58aa9b18d3d27048 rekey:1
10:11:48 ipsec,debug an undead schedule has been deleted.
10:11:50 l2tp,debug,packet rcvd control message from 192.168.200.196:62964 to 192.168.200.1:1701
10:11:50 l2tp,debug,packet     tunnel-id=37, session-id=0, ns=2, nr=2
10:11:50 l2tp,debug,packet     (M) Message-Type=ICRQ
10:11:50 l2tp,debug,packet     (M) Assigned-Session-ID=5227
10:11:50 l2tp,debug,packet     (M) Call-Serial-Number=1

[admin@MikroTik] /log>

The strange thing is that it happens both for iPhone and Windows machine (win 10)

10:11:47 l2tp,info first L2TP UDP packet received from 192.168.200.196
10:11:47 l2tp,debug tunnel 37 entering state: wait-ctl-conn
10:11:47 l2tp,debug,packet sent control message to 192.168.200.196:62964 from 192.168.200.1:1701
10:11:47 l2tp,debug,packet     tunnel-id=103, session-id=0, ns=0, nr=1
10:11:47 l2tp,debug,packet     (M) Message-Type=SCCRP
10:11:47 l2tp,debug,packet     (M) Protocol-Version=0x01:00
10:11:47 l2tp,debug,packet     (M) Framing-Capabilities=0x1
10:11:47 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
10:11:47 l2tp,debug,packet     Firmware-Revision=0x1
10:11:47 l2tp,debug,packet     (M) Host-Name="MikroTik"
10:11:47 l2tp,debug,packet     Vendor-Name="MikroTik"
10:11:47 l2tp,debug,packet     (M) Assigned-Tunnel-ID=37
10:11:47 l2tp,debug,packet     (M) Receive-Window-Size=4
10:11:47 l2tp,debug,packet     (M) Challenge=0xc6:91:5a:51:82:dd:df:fe:14:0c:9b:31:20:9e:0a:55
10:11:47 l2tp,debug,packet rcvd control message from 192.168.200.196:62964 to 192.168.200.1:1701
10:11:47 l2tp,debug,packet     tunnel-id=37, session-id=0, ns=1, nr=1
10:11:47 l2tp,debug,packet     (M) Message-Type=SCCCN
10:11:47 l2tp,debug tunnel 37 received bad auth. response, stopping

So it is as I’ve expected, the issue is not IPsec but the L2TP, in parcticular the authentication. Check the user name and password, and if they are 200% correct at both ends, post the output of ****

/interface l2tp-server export hide-sensitive

and

/ppp export hide-sensitive

.

Passwords are the same (user password and shared password)

/interface l2tp-server export hide-sensitive

[admin@MikroTik] /log> /interface l2tp-server export hide-sensitive
# apr/23/2018 11:42:28 by RouterOS 6.38.7
# software id = M7Y4-4C74
#
/interface l2tp-server server
set authentication=chap,mschap2 default-profile=vpn-pool enabled=yes

/ppp export hide-sensitive

[admin@MikroTik] /log> /ppp export hide-sensitive
# apr/23/2018 11:42:51 by RouterOS 6.38.7
# software id = M7Y4-4C74
#
/ppp profile
add local-address=192.168.211.1 name=ovpn-profile remote-address=ovpn-pool use-encryption=required
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=192.168.220.1 name=vpn-pool remote-address=vpn-pool session-timeout=0s use-encryption=yes
/ppp l2tp-secret
add comment=mySharedPass
/ppp secret
add local-address=192.168.211.1 name=proxmox profile=ovpn-profile remote-address=192.168.211.2 service=ovpn
add name=pawel profile=vpn-pool service=l2tp
[admin@MikroTik] /log>

maybe the problem is that I want the VPN connected clients to be in separate net (.220.0/24) ?

Shared password must have been the same, otherwise IPsec wouldn’t have come up. The username and password for l2tp were what I wanted to double-check.

Can you, for a test, permit all 4 authentication methods in l2tp-server, not just chap and mschap2?

username/password fo rl2tp is the same…
tried with all 4 auth methods… same error.

[admin@MikroTik] /log> print
16:07:03 ipsec,debug (encklen = 128:256)
16:07:03 ipsec,debug hashtype = SHA:SHA
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = 3DES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 0:256)
16:07:03 ipsec,debug hashtype = SHA:SHA
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
16:07:03 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
16:07:03 ipsec,debug trns#=3, trns-id=IKE
16:07:03 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
16:07:03 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
16:07:03 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
16:07:03 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:03 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
16:07:03 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5
16:07:03 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 256:256)
16:07:03 ipsec,debug hashtype = SHA:MD5
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 192:256)
16:07:03 ipsec,debug hashtype = SHA:MD5
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 128:256)
16:07:03 ipsec,debug hashtype = SHA:MD5
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = 3DES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 0:256)
16:07:03 ipsec,debug hashtype = SHA:MD5
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
16:07:03 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
16:07:03 ipsec,debug trns#=4, trns-id=IKE
16:07:03 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
16:07:03 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
16:07:03 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
16:07:03 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:03 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
16:07:03 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=6
16:07:03 ipsec,debug type=Group Description, flag=0x8000, lorv=2048-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 256:256)
16:07:03 ipsec,debug hashtype = SHA:6
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 192:256)
16:07:03 ipsec,debug hashtype = SHA:6
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 128:256)
16:07:03 ipsec,debug hashtype = SHA:6
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = 3DES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 0:256)
16:07:03 ipsec,debug hashtype = SHA:6
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:2048-bit MODP group
16:07:03 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
16:07:03 ipsec,debug trns#=5, trns-id=IKE
16:07:03 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
16:07:03 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
16:07:03 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
16:07:03 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:03 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
16:07:03 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4
16:07:03 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 256:256)
16:07:03 ipsec,debug hashtype = SHA:4
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 192:256)
16:07:03 ipsec,debug hashtype = SHA:4
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 128:256)
16:07:03 ipsec,debug hashtype = SHA:4
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = 3DES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 0:256)
16:07:03 ipsec,debug hashtype = SHA:4
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
16:07:03 ipsec,debug trns#=6, trns-id=IKE
16:07:03 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
16:07:03 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
16:07:03 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
16:07:03 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:03 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
16:07:03 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
16:07:03 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 256:256)
16:07:03 ipsec,debug hashtype = SHA:SHA
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 192:256)
16:07:03 ipsec,debug hashtype = SHA:SHA
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 128:256)
16:07:03 ipsec,debug hashtype = SHA:SHA
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = 3DES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 0:256)
16:07:03 ipsec,debug hashtype = SHA:SHA
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
16:07:03 ipsec,debug trns#=7, trns-id=IKE
16:07:03 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
16:07:03 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
16:07:03 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
16:07:03 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:03 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
16:07:03 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5
16:07:03 ipsec,debug type=Group Description, flag=0x8000, lorv=1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 256:256)
16:07:03 ipsec,debug hashtype = SHA:MD5
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 192:256)
16:07:03 ipsec,debug hashtype = SHA:MD5
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 128:256)
16:07:03 ipsec,debug hashtype = SHA:MD5
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = 3DES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 0:256)
16:07:03 ipsec,debug hashtype = SHA:MD5
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1536-bit MODP group
16:07:03 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
16:07:03 ipsec,debug trns#=8, trns-id=IKE
16:07:03 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
16:07:03 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
16:07:03 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
16:07:03 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:03 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
16:07:03 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4
16:07:03 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 256:256)
16:07:03 ipsec,debug hashtype = SHA:4
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 192:256)
16:07:03 ipsec,debug hashtype = SHA:4
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 128:256)
16:07:03 ipsec,debug hashtype = SHA:4
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = 3DES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 0:256)
16:07:03 ipsec,debug hashtype = SHA:4
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
16:07:03 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
16:07:03 ipsec,debug trns#=9, trns-id=IKE
16:07:03 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
16:07:03 ipsec,debug type=Life Duration, flag=0x8000, lorv=3600
16:07:03 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
16:07:03 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:03 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
16:07:03 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
16:07:03 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
16:07:03 ipsec,debug Compared: Local:Peer
16:07:03 ipsec,debug (lifetime = 86400:3600)
16:07:03 ipsec,debug (lifebyte = 0:0)
16:07:03 ipsec,debug enctype = AES-CBC:AES-CBC
16:07:03 ipsec,debug (encklen = 256:256)
16:07:03 ipsec,debug hashtype = SHA:SHA
16:07:03 ipsec,debug authmethod = pre-shared key:pre-shared key
16:07:03 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
16:07:03 ipsec,debug an acceptable proposal found.
16:07:03 ipsec,debug dh(modp1024)
16:07:03 ipsec,debug agreed on pre-shared key auth.
16:07:03 ipsec,debug ===
16:07:03 ipsec,debug new cookie:
16:07:03 ipsec,debug 3394f0066caf12da
16:07:03 ipsec,debug add payload of len 52, next type 13
16:07:03 ipsec,debug add payload of len 16, next type 13
16:07:03 ipsec,debug add payload of len 16, next type 13
16:07:03 ipsec,debug add payload of len 20, next type 0
16:07:03 ipsec,debug 148 bytes from 192.168.200.1[500] to 192.168.200.196[500]
16:07:03 ipsec,debug 1 times of 148 bytes message will be sent to 192.168.200.196[500]
16:07:03 ipsec,debug,packet c2956eb4 66fb8fb4 3394f006 6caf12da 01100200 00000000 00000094 0d000038
16:07:03 ipsec,debug,packet 00000001 00000001 0000002c 01010001 00000024 09010000 800b0001 800c0e10
16:07:03 ipsec,debug,packet 80010007 800e0100 80030001 80020002 80040002 0d000014 4a131c81 07035845
16:07:03 ipsec,debug,packet 5c5728f2 0e95452f 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 00000018
16:07:03 ipsec,debug,packet 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000
16:07:03 ipsec,debug ===== received 228 bytes from 192.168.200.196[500] to 192.168.200.1[500]
16:07:03 ipsec,debug,packet c2956eb4 66fb8fb4 3394f006 6caf12da 04100200 00000000 000000e4 0a000084
16:07:03 ipsec,debug,packet cb889dcd 1a29bbb4 5543237f d384c81c 349445b0 46a3bcfd 36299a6f 8d25ef98
16:07:03 ipsec,debug,packet 4526416e 2d7a271f 4bf74d61 c66ba204 b0002fc0 b9f6a8bf 86757096 dffdb0b8
16:07:03 ipsec,debug,packet ba26c5b4 cbddb46b 2ac5631b da315fff 89c7ab65 87f1de47 42d39add 0f1efaae
16:07:03 ipsec,debug,packet 91551ae4 ea5c6013 b0cd9998 24f9ee14 511e4125 18cdfed4 0af5f9ef c6c023f3
16:07:03 ipsec,debug,packet 14000014 c433e100 f897bc7c a3cd32d0 276d73e7 14000018 d8f502f8 2803247a
16:07:03 ipsec,debug,packet 7cf4ed6f 4702f814 0df74c75 00000018 6d264aab 34c06148 756d0d7b 737c85fd
16:07:03 ipsec,debug,packet f428bd89
16:07:03 ipsec,debug begin.
16:07:03 ipsec,debug seen nptype=4(ke) len=132
16:07:03 ipsec,debug seen nptype=10(nonce) len=20
16:07:03 ipsec,debug seen nptype=20(nat-d) len=24
16:07:03 ipsec,debug seen nptype=20(nat-d) len=24
16:07:03 ipsec,debug succeed.
16:07:03 ipsec,debug hash(sha1)
16:07:03 ipsec,debug hash(sha1)
16:07:03 ipsec,debug ===
16:07:03 ipsec,debug dh(modp1024)
16:07:03 ipsec,debug compute DH's private.
16:07:03 ipsec,debug 4d255a19 6f6c5abf f836f4c9 48db185b f280cee6 92f01285 5ffbac0a 957264b7
16:07:03 ipsec,debug 3f001cae d37ab7c0 993a5ff1 2488679b bd0c69c7 89180ae9 604aa61a 0eb5cd07
16:07:03 ipsec,debug ffe6a66b 74b62dd7 8c5e2e5b 37f2e273 875dfd77 b5e9f4d2 11eee973 104739c6
16:07:03 ipsec,debug b0a5ee3d fcb323ae 7e404db5 4b718c61 597dc2be 1589687f 1e40acf7 e48ee89b
16:07:03 ipsec,debug compute DH's public.
16:07:03 ipsec,debug 26dd3308 6bf1569d 78713f34 4b3352f3 0e7bf111 09775b66 40b1312d 6f3f343f
16:07:03 ipsec,debug 8b29d252 5cf54f45 b4989456 6ee786e8 16bd0eb7 39a05892 d42585f9 14265859
16:07:03 ipsec,debug f2c822eb e41390c9 758968c1 7eac6720 c3eed698 33d9c5a1 95feb9e2 c8d98245
16:07:03 ipsec,debug f5ef13eb 7f987d00 c03679e7 c15cdb08 0c3604d3 15bd2bc3 77b49f57 aab51e50
16:07:03 ipsec,debug hash(sha1)
16:07:03 ipsec,debug hash(sha1)
16:07:03 ipsec,debug add payload of len 128, next type 10
16:07:03 ipsec,debug add payload of len 24, next type 20
16:07:03 ipsec,debug add payload of len 20, next type 20
16:07:03 ipsec,debug add payload of len 20, next type 0
16:07:03 ipsec,debug 236 bytes from 192.168.200.1[500] to 192.168.200.196[500]
16:07:03 ipsec,debug 1 times of 236 bytes message will be sent to 192.168.200.196[500]
16:07:03 ipsec,debug,packet c2956eb4 66fb8fb4 3394f006 6caf12da 04100200 00000000 000000ec 0a000084
16:07:03 ipsec,debug,packet 26dd3308 6bf1569d 78713f34 4b3352f3 0e7bf111 09775b66 40b1312d 6f3f343f
16:07:03 ipsec,debug,packet 8b29d252 5cf54f45 b4989456 6ee786e8 16bd0eb7 39a05892 d42585f9 14265859
16:07:03 ipsec,debug,packet f2c822eb e41390c9 758968c1 7eac6720 c3eed698 33d9c5a1 95feb9e2 c8d98245
16:07:03 ipsec,debug,packet f5ef13eb 7f987d00 c03679e7 c15cdb08 0c3604d3 15bd2bc3 77b49f57 aab51e50
16:07:03 ipsec,debug,packet 1400001c a51404e9 d4d0fc3d fe1ae7b2 4d33631c 741b7cf3 bda40438 14000018
16:07:03 ipsec,debug,packet 6d264aab 34c06148 756d0d7b 737c85fd f428bd89 00000018 d8f502f8 2803247a
16:07:03 ipsec,debug,packet 7cf4ed6f 4702f814 0df74c75
16:07:03 ipsec,debug dh(modp1024)
16:07:03 ipsec,debug compute DH's shared.
16:07:03 ipsec,debug
16:07:03 ipsec,debug de1e6268 2d5e9359 c0b2e3d8 02f98c1f c1c5c715 ac69960d 81621f40 515302c0
16:07:03 ipsec,debug d5c144ee 0d1d67a0 98c46bd8 c6745930 a88adb78 9de70918 f9ac24cf dd8fb396
16:07:03 ipsec,debug 972f9a1d 01ed7361 f21ab742 73b98fd0 65c0fe6b ace71fcb 059368fd 91e5879b
16:07:03 ipsec,debug 88412c91 fad928b2 b749dcda fcf59b5a 9bebd54e de02314d 6290dbcc 22116b14
16:07:03 ipsec,debug nonce 1:
16:07:03 ipsec,debug c433e100 f897bc7c a3cd32d0 276d73e7
16:07:03 ipsec,debug nonce 2:
16:07:03 ipsec,debug a51404e9 d4d0fc3d fe1ae7b2 4d33631c 741b7cf3 bda40438
16:07:03 ipsec,debug hmac(hmac_sha1)
16:07:03 ipsec,debug SKEYID computed:
16:07:03 ipsec,debug 7896e716 2d2db761 f28ff257 a188c4d6 830ef745
16:07:03 ipsec,debug hmac(hmac_sha1)
16:07:03 ipsec,debug SKEYID_d computed:
16:07:03 ipsec,debug 3c4a9e42 d77b987a c6af89fa cc2fb9dc 5c6f9f14
16:07:03 ipsec,debug hmac(hmac_sha1)
16:07:03 ipsec,debug SKEYID_a computed:
16:07:03 ipsec,debug a7f6bbf4 776ef26a ce49d989 7a3fbc18 d2530aa7
16:07:03 ipsec,debug hmac(hmac_sha1)
16:07:03 ipsec,debug SKEYID_e computed:
16:07:03 ipsec,debug 58ecf90b 27a9bb2a f32672df f7918a78 56c0db31
16:07:03 ipsec,debug encryption(aes)
16:07:03 ipsec,debug hash(sha1)
16:07:03 ipsec,debug len(SKEYID_e) < len(Ka) (20 < 32), generating long key (Ka = K1 | K2 | ...)
16:07:03 ipsec,debug hmac(hmac_sha1)
16:07:03 ipsec,debug compute intermediate encryption key K1
16:07:03 ipsec,debug 00
16:07:03 ipsec,debug e20b5cd5 6870b351 7a64810c 6551899f 78c15f7f
16:07:03 ipsec,debug hmac(hmac_sha1)
16:07:03 ipsec,debug compute intermediate encryption key K2
16:07:03 ipsec,debug e20b5cd5 6870b351 7a64810c 6551899f 78c15f7f
16:07:03 ipsec,debug 063f512f 60d7e58d 05274d03 00ba41db 3c3da80d
16:07:03 ipsec,debug final encryption key computed:
16:07:03 ipsec,debug e20b5cd5 6870b351 7a64810c 6551899f 78c15f7f 063f512f 60d7e58d 05274d03
16:07:03 ipsec,debug hash(sha1)
16:07:03 ipsec,debug encryption(aes)
16:07:03 ipsec,debug IV computed:
16:07:03 ipsec,debug f2b91c93 c283f564 39592af6 4cd0a2f4
16:07:03 ipsec,debug ===== received 108 bytes from 192.168.200.196[500] to 192.168.200.1[500]
16:07:03 ipsec,debug,packet c2956eb4 66fb8fb4 3394f006 6caf12da 05100201 00000000 0000006c 0f3cdb80
16:07:03 ipsec,debug,packet 5ed81680 7bc11245 ed20733a 621e339c d94309cd 79067b34 5ea7388d c3c8255a
16:07:03 ipsec,debug,packet fe783603 dc69a40b 8e87d995 a448a8bc 0587bccf 9dab581d b7b684c3 20a025e4
16:07:03 ipsec,debug,packet 309010fa 3c50d1c9 623e93bd
16:07:03 ipsec,debug encryption(aes)
16:07:03 ipsec,debug IV was saved for next processing:
16:07:03 ipsec,debug 20a025e4 309010fa 3c50d1c9 623e93bd
16:07:03 ipsec,debug encryption(aes)
16:07:03 ipsec,debug with key:
16:07:03 ipsec,debug e20b5cd5 6870b351 7a64810c 6551899f 78c15f7f 063f512f 60d7e58d 05274d03
16:07:03 ipsec,debug decrypted payload by IV:
16:07:03 ipsec,debug f2b91c93 c283f564 39592af6 4cd0a2f4
16:07:03 ipsec,debug decrypted payload, but not trimed.
16:07:03 ipsec,debug 0800000c 011101f4 c0a8c8c4 0b000018 70f9c53f a6413287 d87296db be896f4d
16:07:03 ipsec,debug 06000f39 0000001c 00000001 01106002 c2956eb4 66fb8fb4 3394f006 6caf12da
16:07:03 ipsec,debug 00000000 00000000 00000000 00000010
16:07:03 ipsec,debug padding len=17
16:07:03 ipsec,debug skip to trim padding.
16:07:03 ipsec,debug decrypted.
16:07:03 ipsec,debug c2956eb4 66fb8fb4 3394f006 6caf12da 05100201 00000000 0000006c 0800000c
16:07:03 ipsec,debug 011101f4 c0a8c8c4 0b000018 70f9c53f a6413287 d87296db be896f4d 06000f39
16:07:03 ipsec,debug 0000001c 00000001 01106002 c2956eb4 66fb8fb4 3394f006 6caf12da 00000000
16:07:03 ipsec,debug 00000000 00000000 00000010
16:07:03 ipsec,debug begin.
16:07:03 ipsec,debug seen nptype=5(id) len=12
16:07:03 ipsec,debug seen nptype=8(hash) len=24
16:07:03 ipsec,debug seen nptype=11(notify) len=28
16:07:03 ipsec,debug succeed.
16:07:03 ipsec,debug 192.168.200.196 Notify Message received
16:07:03 ipsec,debug HASH received:
16:07:03 ipsec,debug 70f9c53f a6413287 d87296db be896f4d 06000f39
16:07:03 ipsec,debug HASH with:
16:07:03 ipsec,debug cb889dcd 1a29bbb4 5543237f d384c81c 349445b0 46a3bcfd 36299a6f 8d25ef98
16:07:03 ipsec,debug 4526416e 2d7a271f 4bf74d61 c66ba204 b0002fc0 b9f6a8bf 86757096 dffdb0b8
16:07:03 ipsec,debug ba26c5b4 cbddb46b 2ac5631b da315fff 89c7ab65 87f1de47 42d39add 0f1efaae
16:07:03 ipsec,debug 91551ae4 ea5c6013 b0cd9998 24f9ee14 511e4125 18cdfed4 0af5f9ef c6c023f3
16:07:03 ipsec,debug 26dd3308 6bf1569d 78713f34 4b3352f3 0e7bf111 09775b66 40b1312d 6f3f343f
16:07:03 ipsec,debug 8b29d252 5cf54f45 b4989456 6ee786e8 16bd0eb7 39a05892 d42585f9 14265859
16:07:03 ipsec,debug f2c822eb e41390c9 758968c1 7eac6720 c3eed698 33d9c5a1 95feb9e2 c8d98245
16:07:03 ipsec,debug f5ef13eb 7f987d00 c03679e7 c15cdb08 0c3604d3 15bd2bc3 77b49f57 aab51e50
16:07:03 ipsec,debug c2956eb4 66fb8fb4 3394f006 6caf12da 00000001 00000001 000001f8 0101000e
16:07:03 ipsec,debug 03000024 01010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
16:07:03 ipsec,debug 8004000e 03000024 02010000 800b0001 800c0e10 80010007 800e0100 80030001
16:07:03 ipsec,debug 80020002 8004000e 03000024 03010000 800b0001 800c0e10 80010007 800e0100
16:07:03 ipsec,debug 80030001 80020001 8004000e 03000024 04010000 800b0001 800c0e10 80010007
16:07:03 ipsec,debug 800e0100 80030001 80020006 8004000e 03000024 05010000 800b0001 800c0e10
16:07:03 ipsec,debug 80010007 800e0100 80030001 80020004 80040005 03000024 06010000 800b0001
16:07:03 ipsec,debug 800c0e10 80010007 800e0100 80030001 80020002 80040005 03000024 07010000
16:07:03 ipsec,debug 800b0001 800c0e10 80010007 800e0100 80030001 80020001 80040005 03000024
16:07:03 ipsec,debug 08010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004 80040002
16:07:03 ipsec,debug 03000024 09010000 800b0001 800c0e10 80010007 800e0100 80030001 80020002
16:07:03 ipsec,debug 80040002 03000024 0a010000 800b0001 800c0e10 80010007 800e0100 80030001
16:07:03 ipsec,debug 80020001 80040002 03000024 0b010000 800b0001 800c0e10 80010007 800e0080
16:07:03 ipsec,debug 80030001 80020002 80040002 03000024 0c010000 800b0001 800c0e10 80010007
16:07:03 ipsec,debug 800e0080 80030001 80020001 80040002 03000020 0d010000 800b0001 800c0e10
16:07:03 ipsec,debug 80010005 80030001 80020002 80040002 00000020 0e010000 800b0001 800c0e10
16:07:03 ipsec,debug 80010005 80030001 80020001 80040002 011101f4 c0a8c8c4
16:07:03 ipsec,debug hmac(hmac_sha1)
16:07:03 ipsec,debug HASH computed:
16:07:03 ipsec,debug 70f9c53f a6413287 d87296db be896f4d 06000f39
16:07:03 ipsec,debug HASH for PSK validated.
16:07:03 ipsec,debug 192.168.200.196 peer's ID
16:07:03 ipsec,debug 011101f4 c0a8c8c4
16:07:03 ipsec,debug ===
16:07:03 ipsec,debug use ID type of IPv4_address
16:07:03 ipsec,debug generate HASH_R
16:07:03 ipsec,debug HASH with:
16:07:03 ipsec,debug 26dd3308 6bf1569d 78713f34 4b3352f3 0e7bf111 09775b66 40b1312d 6f3f343f
16:07:03 ipsec,debug 8b29d252 5cf54f45 b4989456 6ee786e8 16bd0eb7 39a05892 d42585f9 14265859
16:07:03 ipsec,debug f2c822eb e41390c9 758968c1 7eac6720 c3eed698 33d9c5a1 95feb9e2 c8d98245
16:07:03 ipsec,debug f5ef13eb 7f987d00 c03679e7 c15cdb08 0c3604d3 15bd2bc3 77b49f57 aab51e50
16:07:03 ipsec,debug cb889dcd 1a29bbb4 5543237f d384c81c 349445b0 46a3bcfd 36299a6f 8d25ef98
16:07:03 ipsec,debug 4526416e 2d7a271f 4bf74d61 c66ba204 b0002fc0 b9f6a8bf 86757096 dffdb0b8
16:07:03 ipsec,debug ba26c5b4 cbddb46b 2ac5631b da315fff 89c7ab65 87f1de47 42d39add 0f1efaae
16:07:03 ipsec,debug 91551ae4 ea5c6013 b0cd9998 24f9ee14 511e4125 18cdfed4 0af5f9ef c6c023f3
16:07:03 ipsec,debug 3394f006 6caf12da c2956eb4 66fb8fb4 00000001 00000001 000001f8 0101000e
16:07:03 ipsec,debug 03000024 01010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
16:07:03 ipsec,debug 8004000e 03000024 02010000 800b0001 800c0e10 80010007 800e0100 80030001
16:07:03 ipsec,debug 80020002 8004000e 03000024 03010000 800b0001 800c0e10 80010007 800e0100
16:07:03 ipsec,debug 80030001 80020001 8004000e 03000024 04010000 800b0001 800c0e10 80010007
16:07:03 ipsec,debug 800e0100 80030001 80020006 8004000e 03000024 05010000 800b0001 800c0e10
16:07:03 ipsec,debug 80010007 800e0100 80030001 80020004 80040005 03000024 06010000 800b0001
16:07:03 ipsec,debug 800c0e10 80010007 800e0100 80030001 80020002 80040005 03000024 07010000
16:07:03 ipsec,debug 800b0001 800c0e10 80010007 800e0100 80030001 80020001 80040005 03000024
16:07:03 ipsec,debug 08010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004 80040002
16:07:03 ipsec,debug 03000024 09010000 800b0001 800c0e10 80010007 800e0100 80030001 80020002
16:07:03 ipsec,debug 80040002 03000024 0a010000 800b0001 800c0e10 80010007 800e0100 80030001
16:07:03 ipsec,debug 80020001 80040002 03000024 0b010000 800b0001 800c0e10 80010007 800e0080
16:07:03 ipsec,debug 80030001 80020002 80040002 03000024 0c010000 800b0001 800c0e10 80010007
16:07:03 ipsec,debug 800e0080 80030001 80020001 80040002 03000020 0d010000 800b0001 800c0e10
16:07:03 ipsec,debug 80010005 80030001 80020002 80040002 00000020 0e010000 800b0001 800c0e10
16:07:03 ipsec,debug 80010005 80030001 80020001 80040002 011101f4 c0a8c801
16:07:03 ipsec,debug hmac(hmac_sha1)
16:07:03 ipsec,debug HASH computed:
16:07:03 ipsec,debug 56941cd5 65fce2ff dcdf9430 9628b96e 5cb9c4e0
16:07:03 ipsec,debug add payload of len 8, next type 8
16:07:03 ipsec,debug add payload of len 20, next type 0
16:07:03 ipsec,debug begin encryption.
16:07:03 ipsec,debug encryption(aes)
16:07:03 ipsec,debug pad length = 12
16:07:03 ipsec,debug 0800000c 011101f4 c0a8c801 00000018 56941cd5 65fce2ff dcdf9430 9628b96e
16:07:03 ipsec,debug 5cb9c4e0 bd8dd4d2 b5bcebed 90d4b00b
16:07:03 ipsec,debug encryption(aes)
16:07:03 ipsec,debug with key:
16:07:03 ipsec,debug e20b5cd5 6870b351 7a64810c 6551899f 78c15f7f 063f512f 60d7e58d 05274d03
16:07:03 ipsec,debug encrypted payload by IV:
16:07:03 ipsec,debug 20a025e4 309010fa 3c50d1c9 623e93bd
16:07:03 ipsec,debug save IV for next:
16:07:03 ipsec,debug 4a8f2de7 fa280e8f 60760d0c a3690cf7
16:07:03 ipsec,debug encrypted.
16:07:03 ipsec,debug 76 bytes from 192.168.200.1[500] to 192.168.200.196[500]
16:07:03 ipsec,debug 1 times of 76 bytes message will be sent to 192.168.200.196[500]
16:07:03 ipsec,debug,packet c2956eb4 66fb8fb4 3394f006 6caf12da 05100201 00000000 0000004c 4d3b9a96
16:07:03 ipsec,debug,packet 6be8295b cbe26789 41a8e216 e7c25220 dc881763 f002ae4f 26916e16 4a8f2de7
16:07:03 ipsec,debug,packet fa280e8f 60760d0c a3690cf7
16:07:03 ipsec,debug compute IV for phase2
16:07:03 ipsec,debug phase1 last IV:
16:07:03 ipsec,debug 4a8f2de7 fa280e8f 60760d0c a3690cf7 e28dcb6a
16:07:03 ipsec,debug hash(sha1)
16:07:03 ipsec,debug encryption(aes)
16:07:03 ipsec,debug phase2 IV computed:
16:07:03 ipsec,debug aa554fbe 6feb9c2c 8bf2531b 39306451
16:07:03 ipsec,debug HASH with:
16:07:03 ipsec,debug e28dcb6a 0000001c 00000001 01106002 c2956eb4 66fb8fb4 3394f006 6caf12da
16:07:03 ipsec,debug hmac(hmac_sha1)
16:07:03 ipsec,debug HASH computed:
16:07:03 ipsec,debug a3396156 ee75fb25 0465c59b b77fbd18 779d78d8
16:07:03 ipsec,debug begin encryption.
16:07:03 ipsec,debug encryption(aes)
16:07:03 ipsec,debug pad length = 12
16:07:03 ipsec,debug 0b000018 a3396156 ee75fb25 0465c59b b77fbd18 779d78d8 0000001c 00000001
16:07:03 ipsec,debug 01106002 c2956eb4 66fb8fb4 3394f006 6caf12da ebd8f5a9 b6d2c7dd a9bd870b
16:07:03 ipsec,debug encryption(aes)
16:07:03 ipsec,debug with key:
16:07:03 ipsec,debug e20b5cd5 6870b351 7a64810c 6551899f 78c15f7f 063f512f 60d7e58d 05274d03
16:07:03 ipsec,debug encrypted payload by IV:
16:07:03 ipsec,debug aa554fbe 6feb9c2c 8bf2531b 39306451
16:07:03 ipsec,debug save IV for next:
16:07:03 ipsec,debug 9fc009b5 e3e42b01 b338a40f 05a139e2
16:07:03 ipsec,debug encrypted.
16:07:03 ipsec,debug 92 bytes from 192.168.200.1[500] to 192.168.200.196[500]
16:07:03 ipsec,debug 1 times of 92 bytes message will be sent to 192.168.200.196[500]
16:07:03 ipsec,debug,packet c2956eb4 66fb8fb4 3394f006 6caf12da 08100501 e28dcb6a 0000005c fd9979ed
16:07:03 ipsec,debug,packet fbb70dd3 22634916 4b7bc2db 81a826be d73f0daf d5dad06a f99431bc 7eacf549
16:07:03 ipsec,debug,packet 30795c1a efd7286e 19a57dd5 9fc009b5 e3e42b01 b338a40f 05a139e2
16:07:03 ipsec,info ISAKMP-SA established 192.168.200.1[500]-192.168.200.196[500] spi:c2956eb466fb8fb4:3394f0066caf12da
16:07:03 ipsec,debug ===
16:07:04 ipsec,debug ===== received 284 bytes from 192.168.200.196[500] to 192.168.200.1[500]
16:07:04 ipsec,debug,packet c2956eb4 66fb8fb4 3394f006 6caf12da 08102001 55790aac 0000011c 5923e0be
16:07:04 ipsec,debug,packet 4f07266d e57fcc34 2b739864 d988a1c1 ce65d96a 5b69f702 cccea70e b8a4a542
16:07:04 ipsec,debug,packet 384ed3b1 15fc3ffc 2d64ea8e f8ccb26f 0fbc0b82 c1a36cfe c3f1547f ee214eb3
16:07:04 ipsec,debug,packet 3995f6d3 dc9796c2 eacc321c ffbb371f f629276f ef99bfff d0b1addc bee23214
16:07:04 ipsec,debug,packet e66bd465 703e1167 77981581 e161ce48 f796518f a2808c7b c595840a 12b6aad9
16:07:04 ipsec,debug,packet e578e82c da71a04a cb815049 f9c3c054 c3e34bc9 fa2f6ec6 1911d3ad 6ae3229f
16:07:04 ipsec,debug,packet 9a5f8734 f323d63b 40a5da82 d6823a5d ad490704 436cdec6 c88706d1 d6482184
16:07:04 ipsec,debug,packet ac7da446 607a08f7 29967f47 2e90c136 d8868811 ee42ef8d aab1b98e 43afd056
16:07:04 ipsec,debug,packet 786b3680 aaed2dbe d3df8ab9 7d1ed6f6 c2f3944b 73bb2411 4458cad5
16:07:04 ipsec,debug compute IV for phase2
16:07:04 ipsec,debug phase1 last IV:
16:07:04 ipsec,debug 4a8f2de7 fa280e8f 60760d0c a3690cf7 55790aac
16:07:04 ipsec,debug hash(sha1)
16:07:04 ipsec,debug encryption(aes)
16:07:04 ipsec,debug phase2 IV computed:
16:07:04 ipsec,debug 090f59c5 80cc79a8 7193fe52 6db4aed7
16:07:04 ipsec,debug ===
16:07:04 ipsec,debug encryption(aes)
16:07:04 ipsec,debug IV was saved for next processing:
16:07:04 ipsec,debug 7d1ed6f6 c2f3944b 73bb2411 4458cad5
16:07:04 ipsec,debug encryption(aes)
16:07:04 ipsec,debug with key:
16:07:04 ipsec,debug e20b5cd5 6870b351 7a64810c 6551899f 78c15f7f 063f512f 60d7e58d 05274d03
16:07:04 ipsec,debug decrypted payload by IV:
16:07:04 ipsec,debug 090f59c5 80cc79a8 7193fe52 6db4aed7
16:07:04 ipsec,debug decrypted payload, but not trimed.
16:07:04 ipsec,debug 01000018 528a3a88 c70b3b7f 4667ddc9 da845a8d b8d9be17 0a0000b8 00000001
16:07:04 ipsec,debug 00000001 000000ac 01030406 01a4c768 0300001c 010c0000 80010001 80020e10
16:07:04 ipsec,debug 80040002 80060100 80050002 0300001c 020c0000 80010001 80020e10 80040002
16:07:04 ipsec,debug 80060100 80050001 0300001c 030c0000 80010001 80020e10 80040002 80060080
16:07:04 ipsec,debug 80050002 0300001c 040c0000 80010001 80020e10 80040002 80060080 80050001
16:07:04 ipsec,debug 03000018 05030000 80010001 80020e10 80040002 80050002 00000018 06030000
16:07:04 ipsec,debug 80010001 80020e10 80040002 80050001 05000014 192d11f4 7f2e16c7 62a645f0
16:07:04 ipsec,debug 8a7ae85b 0500000c 0111d347 c0a8c8c4 0000000c 011106a5 c0a8c801 00000004
16:07:04 ipsec,debug padding len=5
16:07:04 ipsec,debug skip to trim padding.
16:07:04 ipsec,debug decrypted.
16:07:04 ipsec,debug c2956eb4 66fb8fb4 3394f006 6caf12da 08102001 55790aac 0000011c 01000018
16:07:04 ipsec,debug 528a3a88 c70b3b7f 4667ddc9 da845a8d b8d9be17 0a0000b8 00000001 00000001
16:07:04 ipsec,debug 000000ac 01030406 01a4c768 0300001c 010c0000 80010001 80020e10 80040002
16:07:04 ipsec,debug 80060100 80050002 0300001c 020c0000 80010001 80020e10 80040002 80060100
16:07:04 ipsec,debug 80050001 0300001c 030c0000 80010001 80020e10 80040002 80060080 80050002
16:07:04 ipsec,debug 0300001c 040c0000 80010001 80020e10 80040002 80060080 80050001 03000018
16:07:04 ipsec,debug 05030000 80010001 80020e10 80040002 80050002 00000018 06030000 80010001
16:07:04 ipsec,debug 80020e10 80040002 80050001 05000014 192d11f4 7f2e16c7 62a645f0 8a7ae85b
16:07:04 ipsec,debug 0500000c 0111d347 c0a8c8c4 0000000c 011106a5 c0a8c801 00000004
16:07:04 ipsec,debug begin.
16:07:04 ipsec,debug seen nptype=8(hash) len=24
16:07:04 ipsec,debug seen nptype=1(sa) len=184
16:07:04 ipsec,debug seen nptype=10(nonce) len=20
16:07:04 ipsec,debug seen nptype=5(id) len=12
16:07:04 ipsec,debug seen nptype=5(id) len=12
16:07:04 ipsec,debug succeed.
16:07:04 ipsec,debug received IDci2:
16:07:04 ipsec,debug 0111d347 c0a8c8c4
16:07:04 ipsec,debug received IDcr2:
16:07:04 ipsec,debug 011106a5 c0a8c801
16:07:04 ipsec,debug HASH(1) validate:
16:07:04 ipsec,debug 528a3a88 c70b3b7f 4667ddc9 da845a8d b8d9be17
16:07:04 ipsec,debug HASH with:
16:07:04 ipsec,debug 55790aac 0a0000b8 00000001 00000001 000000ac 01030406 01a4c768 0300001c
16:07:04 ipsec,debug 010c0000 80010001 80020e10 80040002 80060100 80050002 0300001c 020c0000
16:07:04 ipsec,debug 80010001 80020e10 80040002 80060100 80050001 0300001c 030c0000 80010001
16:07:04 ipsec,debug 80020e10 80040002 80060080 80050002 0300001c 040c0000 80010001 80020e10
16:07:04 ipsec,debug 80040002 80060080 80050001 03000018 05030000 80010001 80020e10 80040002
16:07:04 ipsec,debug 80050002 00000018 06030000 80010001 80020e10 80040002 80050001 05000014
16:07:04 ipsec,debug 192d11f4 7f2e16c7 62a645f0 8a7ae85b 0500000c 0111d347 c0a8c8c4 0000000c
16:07:04 ipsec,debug 011106a5 c0a8c801
16:07:04 ipsec,debug hmac(hmac_sha1)
16:07:04 ipsec,debug HASH computed:
16:07:04 ipsec,debug 528a3a88 c70b3b7f 4667ddc9 da845a8d b8d9be17
16:07:04 ipsec,debug total SA len=180
16:07:04 ipsec,debug 00000001 00000001 000000ac 01030406 01a4c768 0300001c 010c0000 80010001
16:07:04 ipsec,debug 80020e10 80040002 80060100 80050002 0300001c 020c0000 80010001 80020e10
16:07:04 ipsec,debug 80040002 80060100 80050001 0300001c 030c0000 80010001 80020e10 80040002
16:07:04 ipsec,debug 80060080 80050002 0300001c 040c0000 80010001 80020e10 80040002 80060080
16:07:04 ipsec,debug 80050001 03000018 05030000 80010001 80020e10 80040002 80050002 00000018
16:07:04 ipsec,debug 06030000 80010001 80020e10 80040002 80050001
16:07:04 ipsec,debug begin.
16:07:04 ipsec,debug seen nptype=2(prop) len=172
16:07:04 ipsec,debug succeed.
16:07:04 ipsec,debug proposal #1 len=172
16:07:04 ipsec,debug begin.
16:07:04 ipsec,debug seen nptype=3(trns) len=28
16:07:04 ipsec,debug seen nptype=3(trns) len=28
16:07:04 ipsec,debug seen nptype=3(trns) len=28
16:07:04 ipsec,debug seen nptype=3(trns) len=28
16:07:04 ipsec,debug seen nptype=3(trns) len=24
16:07:04 ipsec,debug seen nptype=3(trns) len=24
16:07:04 ipsec,debug succeed.
16:07:04 ipsec,debug transform #1 len=28
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug life duration was in TLV.
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
16:07:04 ipsec,debug transform #2 len=28
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug life duration was in TLV.
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
16:07:04 ipsec,debug transform #3 len=28
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug life duration was in TLV.
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Key Length, flag=0x8000, lorv=128
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
16:07:04 ipsec,debug transform #4 len=28
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug life duration was in TLV.
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Key Length, flag=0x8000, lorv=128
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
16:07:04 ipsec,debug transform #5 len=24
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug life duration was in TLV.
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
16:07:04 ipsec,debug transform #6 len=24
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug life duration was in TLV.
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
16:07:04 ipsec,debug pair 1:
16:07:04 ipsec,debug  0x48a5e0: next=(nil) tnext=0x48a5f8
16:07:04 ipsec,debug   0x48a5f8: next=(nil) tnext=0x48a278
16:07:04 ipsec,debug    0x48a278: next=(nil) tnext=0x48a290
16:07:04 ipsec,debug     0x48a290: next=(nil) tnext=0x48a2a8
16:07:04 ipsec,debug      0x48a2a8: next=(nil) tnext=0x48a2c0
16:07:04 ipsec,debug       0x48a2c0: next=(nil) tnext=(nil)
16:07:04 ipsec,debug proposal #1: 6 transform
16:07:04 ipsec,debug got the peer address from ID payload anonymous prefixlen=0 ul_proto=17
16:07:04 ipsec,debug got the local address from ID payload 192.168.200.1[1701] prefixlen=32 ul_proto=17
16:07:04 ipsec,debug updating policy address because of NAT in transport mode
16:07:04 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=1:1)
16:07:04 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
16:07:04 ipsec,debug   (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
16:07:04 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
16:07:04 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
16:07:04 ipsec,debug begin compare proposals.
16:07:04 ipsec,debug pair[1]: 0x48a5e0
16:07:04 ipsec,debug  0x48a5e0: next=(nil) tnext=0x48a5f8
16:07:04 ipsec,debug   0x48a5f8: next=(nil) tnext=0x48a278
16:07:04 ipsec,debug    0x48a278: next=(nil) tnext=0x48a290
16:07:04 ipsec,debug     0x48a290: next=(nil) tnext=0x48a2a8
16:07:04 ipsec,debug      0x48a2a8: next=(nil) tnext=0x48a2c0
16:07:04 ipsec,debug       0x48a2c0: next=(nil) tnext=(nil)
16:07:04 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=1 trns-id=AES-CBC
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
16:07:04 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=2 trns-id=AES-CBC
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
16:07:04 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=3 trns-id=AES-CBC
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Key Length, flag=0x8000, lorv=128
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
16:07:04 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=4 trns-id=AES-CBC
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Key Length, flag=0x8000, lorv=128
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
16:07:04 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=5 trns-id=3DES
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
16:07:04 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=6 trns#=6 trns-id=3DES
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
16:07:04 ipsec,debug peer's single bundle:
16:07:04 ipsec,debug  (proto_id=ESP spisize=4 spi=01a4c768 spi_p=00000000 encmode=Transport reqid=0:0)
16:07:04 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
16:07:04 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-md5)
16:07:04 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
16:07:04 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-md5)
16:07:04 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
16:07:04 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-md5)
16:07:04 ipsec,debug my single bundle:
16:07:04 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=1:1)
16:07:04 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1)
16:07:04 ipsec,debug   (trns_id=AES-CBC encklen=192 authtype=hmac-sha1)
16:07:04 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
16:07:04 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1)
16:07:04 ipsec,debug matched
16:07:04 ipsec,debug ===
16:07:04 ipsec,debug call pfkey_send_getspi 13d334f9
16:07:04 ipsec,debug pfkey GETSPI sent: ESP/Transport 192.168.200.196[500]->192.168.200.1[500]
16:07:04 ipsec,debug pfkey getspi sent.
16:07:04 ipsec,debug total SA len=48
16:07:04 ipsec,debug 00000001 00000001 00000028 01030401 00000000 0000001c 010c0000 80010001
16:07:04 ipsec,debug 80020e10 80040002 80060100 80050002
16:07:04 ipsec,debug begin.
16:07:04 ipsec,debug seen nptype=2(prop) len=40
16:07:04 ipsec,debug succeed.
16:07:04 ipsec,debug proposal #1 len=40
16:07:04 ipsec,debug begin.
16:07:04 ipsec,debug seen nptype=3(trns) len=28
16:07:04 ipsec,debug succeed.
16:07:04 ipsec,debug transform #1 len=28
16:07:04 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
16:07:04 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
16:07:04 ipsec,debug life duration was in TLV.
16:07:04 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Transport
16:07:04 ipsec,debug type=Key Length, flag=0x8000, lorv=256
16:07:04 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
16:07:04 ipsec,debug pair 1:
16:07:04 ipsec,debug  0x48ad18: next=(nil) tnext=(nil)
16:07:04 ipsec,debug proposal #1: 1 transform
16:07:04 ipsec,debug add payload of len 48, next type 10
16:07:04 ipsec,debug add payload of len 24, next type 5
16:07:04 ipsec,debug add payload of len 8, next type 5
16:07:04 ipsec,debug add payload of len 8, next type 0
16:07:04 ipsec,debug HASH with:
16:07:04 ipsec,debug 55790aac 192d11f4 7f2e16c7 62a645f0 8a7ae85b 0a000034 00000001 00000001
16:07:04 ipsec,debug 00000028 01030401 0e5fd6ee 0000001c 010c0000 80010001 80020e10 80040002
16:07:04 ipsec,debug 80060100 80050002 0500001c 9d806451 8cc927ef d0a9edc7 740961fe 03839e95
16:07:04 ipsec,debug 8ce2d520 0500000c 0111d347 c0a8c8c4 0000000c 011106a5 c0a8c801
16:07:04 ipsec,debug hmac(hmac_sha1)
16:07:04 ipsec,debug HASH computed:
16:07:04 ipsec,debug ac77fa22 ba6caea2 69636620 d7bc9b41 02ea33ce
16:07:04 ipsec,debug add payload of len 20, next type 1
16:07:04 ipsec,debug begin encryption.
16:07:04 ipsec,debug encryption(aes)
16:07:04 ipsec,debug pad length = 16
16:07:04 ipsec,debug 01000018 ac77fa22 ba6caea2 69636620 d7bc9b41 02ea33ce 0a000034 00000001
16:07:04 ipsec,debug 00000001 00000028 01030401 0e5fd6ee 0000001c 010c0000 80010001 80020e10
16:07:04 ipsec,debug 80040002 80060100 80050002 0500001c 9d806451 8cc927ef d0a9edc7 740961fe
16:07:04 ipsec,debug 03839e95 8ce2d520 0500000c 0111d347 c0a8c8c4 0000000c 011106a5 c0a8c801
16:07:04 ipsec,debug f6c3afb0 89f2a1f5 9ce3c896 dedbbd0f
16:07:04 ipsec,debug encryption(aes)
16:07:04 ipsec,debug with key:
16:07:04 ipsec,debug e20b5cd5 6870b351 7a64810c 6551899f 78c15f7f 063f512f 60d7e58d 05274d03
16:07:04 ipsec,debug encrypted payload by IV:
16:07:04 ipsec,debug 7d1ed6f6 c2f3944b 73bb2411 4458cad5
16:07:04 ipsec,debug save IV for next:
16:07:04 ipsec,debug 4e385892 08860b84 bc959f04 4b4224d9
16:07:04 ipsec,debug encrypted.
16:07:04 ipsec,debug 172 bytes from 192.168.200.1[500] to 192.168.200.196[500]
16:07:04 ipsec,debug 1 times of 172 bytes message will be sent to 192.168.200.196[500]
16:07:04 ipsec,debug,packet c2956eb4 66fb8fb4 3394f006 6caf12da 08102001 55790aac 000000ac b2f767c6
16:07:04 ipsec,debug,packet f49d9160 cee1ff65 75fd6421 69a169ec ae55fdea 2e3e20d1 78096f7c 48124624
16:07:04 ipsec,debug,packet 1435f29f 2417841a fa6d82b3 d8eb101e 63fbd18c a03aeee0 806da8cb 740f1002
16:07:04 ipsec,debug,packet 35247765 020503cb 3bf8f176 d618a36f 940042b3 7a201ae5 9f11f1f5 739ff06e
16:07:04 ipsec,debug,packet 36f1afcf 8c5c78a6 b89f43c8 d6b0b360 aa7a08db 00c072c2 b705b9c1 4e385892
16:07:04 ipsec,debug,packet 08860b84 bc959f04 4b4224d9
16:07:04 ipsec,debug ===== received 60 bytes from 192.168.200.196[500] to 192.168.200.1[500]
16:07:04 ipsec,debug,packet c2956eb4 66fb8fb4 3394f006 6caf12da 08102001 55790aac 0000003c 057ab4f2
16:07:04 ipsec,debug,packet 10c66c7c 93aaa529 38c0d595 8aaaaa25 198fa614 78dec142 f509026a
16:07:04 ipsec,debug encryption(aes)
16:07:04 ipsec,debug IV was saved for next processing:
16:07:04 ipsec,debug 8aaaaa25 198fa614 78dec142 f509026a
16:07:04 ipsec,debug encryption(aes)
16:07:04 ipsec,debug with key:
16:07:04 ipsec,debug e20b5cd5 6870b351 7a64810c 6551899f 78c15f7f 063f512f 60d7e58d 05274d03
16:07:04 ipsec,debug decrypted payload by IV:
16:07:04 ipsec,debug 4e385892 08860b84 bc959f04 4b4224d9
16:07:04 ipsec,debug decrypted payload, but not trimed.
16:07:04 ipsec,debug 00000018 334111be 676acc89 8a389815 c204784e 04f8a533 00000000 00000008
16:07:04 ipsec,debug padding len=9
16:07:04 ipsec,debug skip to trim padding.
16:07:04 ipsec,debug decrypted.
16:07:04 ipsec,debug c2956eb4 66fb8fb4 3394f006 6caf12da 08102001 55790aac 0000003c 00000018
16:07:04 ipsec,debug 334111be 676acc89 8a389815 c204784e 04f8a533 00000000 00000008
16:07:04 ipsec,debug begin.
16:07:04 ipsec,debug seen nptype=8(hash) len=24
16:07:04 ipsec,debug succeed.
16:07:04 ipsec,debug HASH(3) validate:
16:07:04 ipsec,debug 334111be 676acc89 8a389815 c204784e 04f8a533
16:07:04 ipsec,debug HASH with:
16:07:04 ipsec,debug 0055790a ac192d11 f47f2e16 c762a645 f08a7ae8 5b9d8064 518cc927 efd0a9ed
16:07:04 ipsec,debug c7740961 fe03839e 958ce2d5 20
16:07:04 ipsec,debug hmac(hmac_sha1)
16:07:04 ipsec,debug HASH computed:
16:07:04 ipsec,debug 334111be 676acc89 8a389815 c204784e 04f8a533
16:07:04 ipsec,debug ===
16:07:04 ipsec,debug KEYMAT compute with
16:07:04 ipsec,debug 030e5fd6 ee192d11 f47f2e16 c762a645 f08a7ae8 5b9d8064 518cc927 efd0a9ed
16:07:04 ipsec,debug c7740961 fe03839e 958ce2d5 20
16:07:04 ipsec,debug hmac(hmac_sha1)
16:07:04 ipsec,debug encryption(aes-cbc)
16:07:04 ipsec,debug hmac(sha1)
16:07:04 ipsec,debug encklen=256 authklen=160
16:07:04 ipsec,debug generating 640 bits of key (dupkeymat=4)
16:07:04 ipsec,debug generating K1...K4 for KEYMAT.
16:07:04 ipsec,debug hmac(hmac_sha1)
16:07:04 ipsec,debug hmac(hmac_sha1)
16:07:04 ipsec,debug hmac(hmac_sha1)
16:07:04 ipsec,debug 5cbf053c 64bfbc25 40036b23 3e37d859 8b8d8748 bc327180 dad3b629 24212019
16:07:04 ipsec,debug 25a25c29 3d078c29 eec1c509 c1221bb3 f786f58e c295f662 eff49714 5d1cb6c6
16:07:04 ipsec,debug 742848a3 10be092a b9062133 213d4d92
16:07:04 ipsec,debug KEYMAT compute with
16:07:04 ipsec,debug 0301a4c7 68192d11 f47f2e16 c762a645 f08a7ae8 5b9d8064 518cc927 efd0a9ed
16:07:04 ipsec,debug c7740961 fe03839e 958ce2d5 20
16:07:04 ipsec,debug hmac(hmac_sha1)
16:07:04 ipsec,debug encryption(aes-cbc)
16:07:04 ipsec,debug hmac(sha1)
16:07:04 ipsec,debug encklen=256 authklen=160
16:07:04 ipsec,debug generating 640 bits of key (dupkeymat=4)
16:07:04 ipsec,debug generating K1...K4 for KEYMAT.
16:07:04 ipsec,debug hmac(hmac_sha1)
16:07:04 ipsec,debug hmac(hmac_sha1)
16:07:04 ipsec,debug hmac(hmac_sha1)
16:07:04 ipsec,debug f95c64de 231df6ff f7d28e01 d41ddcdc 1f386905 5cb6de30 6446248a 66cab9e7
16:07:04 ipsec,debug 005bf1d2 ffe88567 c57b9384 186f059c c991bc73 d326b40a 3d35ee3e ba57b024
16:07:04 ipsec,debug b66fa860 73437628 8fd5c8e4 22f9fd27
16:07:04 ipsec,debug KEYMAT computed.
16:07:04 ipsec,debug call pk_sendupdate
16:07:04 ipsec,debug encryption(aes-cbc)
16:07:04 ipsec,debug hmac(sha1)
16:07:04 ipsec,debug call pfkey_send_update_nat
16:07:04 ipsec,debug pfkey update sent.
16:07:04 ipsec,debug encryption(aes-cbc)
16:07:04 ipsec,debug hmac(sha1)
16:07:04 ipsec,debug call pfkey_send_add_nat
16:07:04 ipsec,debug pfkey add sent.
16:07:05 l2tp,debug,packet rcvd control message from 192.168.200.196:54087 to 192.168.200.1:1701
16:07:05 l2tp,debug,packet     tunnel-id=0, session-id=0, ns=0, nr=0
16:07:05 l2tp,debug,packet     (M) Message-Type=SCCRQ
16:07:05 l2tp,debug,packet     (M) Protocol-Version=0x01:00
16:07:05 l2tp,debug,packet     (M) Framing-Capabilities=0x3
16:07:05 l2tp,debug,packet     (M) Host-Name=0x47:4f:53:54:59:00
16:07:05 l2tp,debug,packet     (M) Assigned-Tunnel-ID=116
16:07:05 l2tp,debug,packet     (M) Receive-Window-Size=4
16:07:05 l2tp,info first L2TP UDP packet received from 192.168.200.196
16:07:05 l2tp,debug tunnel 1 entering state: wait-ctl-conn
16:07:05 l2tp,debug,packet sent control message to 192.168.200.196:54087 from 192.168.200.1:1701
16:07:05 l2tp,debug,packet     tunnel-id=116, session-id=0, ns=0, nr=1
16:07:05 l2tp,debug,packet     (M) Message-Type=SCCRP
16:07:05 l2tp,debug,packet     (M) Protocol-Version=0x01:00
16:07:05 l2tp,debug,packet     (M) Framing-Capabilities=0x1
16:07:05 l2tp,debug,packet     (M) Bearer-Capabilities=0x0
16:07:05 l2tp,debug,packet     Firmware-Revision=0x1
16:07:05 l2tp,debug,packet     (M) Host-Name="MikroTik"
16:07:05 l2tp,debug,packet     Vendor-Name="MikroTik"
16:07:05 l2tp,debug,packet     (M) Assigned-Tunnel-ID=1
16:07:05 l2tp,debug,packet     (M) Receive-Window-Size=4
16:07:05 l2tp,debug,packet     (M) Challenge=0xed:df:8a:b4:c7:af:a5:7d:dc:e9:02:d2:f4:01:a6:b9
16:07:05 l2tp,debug,packet rcvd control message from 192.168.200.196:54087 to 192.168.200.1:1701
16:07:05 l2tp,debug,packet     tunnel-id=1, session-id=0, ns=1, nr=1
16:07:05 l2tp,debug,packet     (M) Message-Type=SCCCN
16:07:05 l2tp,debug tunnel 1 received bad auth. response, stopping
16:07:05 l2tp,debug,packet sent control message to 192.168.200.196:54087 from 192.168.200.1:1701
16:07:05 l2tp,debug,packet     tunnel-id=116, session-id=0, ns=1, nr=2
16:07:05 l2tp,debug,packet     (M) Message-Type=StopCCN
16:07:05 l2tp,debug,packet     (M) Result-Code=1
16:07:05 l2tp,debug,packet     (M) Assigned-Tunnel-ID=1
16:07:05 l2tp,debug tunnel 1 entering state: stopping
16:07:05 l2tp,debug,packet rcvd control message from 192.168.200.196:54087 to 192.168.200.1:1701
16:07:05 l2tp,debug,packet     tunnel-id=1, session-id=0, ns=2, nr=1
16:07:05 l2tp,debug,packet     (M) Message-Type=ICRQ
16:07:05 l2tp,debug,packet     (M) Assigned-Session-ID=5325
16:07:05 l2tp,debug,packet     (M) Call-Serial-Number=1
16:07:05 l2tp,debug tunnel 1 received message in stopping state, dropping
16:07:05 ipsec,debug ===== received 76 bytes from 192.168.200.196[500] to 192.168.200.1[500]
16:07:05 ipsec,debug,packet c2956eb4 66fb8fb4 3394f006 6caf12da 08100501 14afd0f3 0000004c e6fba0a9
16:07:05 ipsec,debug,packet 720106c0 cae9b6a9 659bffa0 4453d093 0096c028 cb2c079d 694a85be 7b0519f1
16:07:05 ipsec,debug,packet 13374960 e3adcd88 0d6c0455
16:07:05 ipsec,debug compute IV for phase2
16:07:05 ipsec,debug phase1 last IV:
16:07:05 ipsec,debug 4a8f2de7 fa280e8f 60760d0c a3690cf7 14afd0f3
16:07:05 ipsec,debug hash(sha1)
16:07:05 ipsec,debug encryption(aes)
16:07:05 ipsec,debug phase2 IV computed:
16:07:05 ipsec,debug 18739de7 7542d121 f1677dcd 177a34ef
16:07:05 ipsec,debug encryption(aes)
16:07:05 ipsec,debug IV was saved for next processing:
16:07:05 ipsec,debug 7b0519f1 13374960 e3adcd88 0d6c0455
16:07:05 ipsec,debug encryption(aes)
16:07:05 ipsec,debug with key:
16:07:05 ipsec,debug e20b5cd5 6870b351 7a64810c 6551899f 78c15f7f 063f512f 60d7e58d 05274d03
16:07:05 ipsec,debug decrypted payload by IV:
16:07:05 ipsec,debug 18739de7 7542d121 f1677dcd 177a34ef
16:07:05 ipsec,debug decrypted payload, but not trimed.
16:07:05 ipsec,debug 0c000018 f9f70620 34aa2285 e5c10df1 34b06eae 3862f847 00000010 00000001
16:07:05 ipsec,debug 03040001 01a4c768 00000000 00000008
16:07:05 ipsec,debug padding len=9
16:07:05 ipsec,debug skip to trim padding.
16:07:05 ipsec,debug decrypted.
16:07:05 ipsec,debug c2956eb4 66fb8fb4 3394f006 6caf12da 08100501 14afd0f3 0000004c 0c000018
16:07:05 ipsec,debug f9f70620 34aa2285 e5c10df1 34b06eae 3862f847 00000010 00000001 03040001
16:07:05 ipsec,debug 01a4c768 00000000 00000008
16:07:05 ipsec,debug HASH with:
16:07:05 ipsec,debug 14afd0f3 00000010 00000001 03040001 01a4c768
16:07:05 ipsec,debug hmac(hmac_sha1)
16:07:05 ipsec,debug HASH computed:
16:07:05 ipsec,debug f9f70620 34aa2285 e5c10df1 34b06eae 3862f847
16:07:05 ipsec,debug hash validated.
16:07:05 ipsec,debug begin.
16:07:05 ipsec,debug seen nptype=8(hash) len=24
16:07:05 ipsec,debug seen nptype=12(delete) len=16
16:07:05 ipsec,debug succeed.
16:07:05 ipsec,debug 192.168.200.196 delete payload for protocol ESP
16:07:05 ipsec,debug an undead schedule has been deleted.
16:07:05 ipsec,debug purged SAs.
16:07:05 ipsec,debug ===== received 92 bytes from 192.168.200.196[500] to 192.168.200.1[500]
16:07:05 ipsec,debug,packet c2956eb4 66fb8fb4 3394f006 6caf12da 08100501 38601ca2 0000005c 7674fa35
16:07:05 ipsec,debug,packet a9c9573c ea0c8b81 109bd4f6 ce04b629 eade322c b9463666 666aa618 cc120f97
16:07:05 ipsec,debug,packet 2f6e78e3 7e643e60 e6663c0e 2d4779e8 8163d67d ec42452b 385a77d4
16:07:05 ipsec,debug compute IV for phase2
16:07:05 ipsec,debug phase1 last IV:
16:07:05 ipsec,debug 4a8f2de7 fa280e8f 60760d0c a3690cf7 38601ca2
16:07:05 ipsec,debug hash(sha1)
16:07:05 ipsec,debug encryption(aes)
16:07:05 ipsec,debug phase2 IV computed:
16:07:05 ipsec,debug bab6be21 6a183208 579bf58a 227b295c
16:07:05 ipsec,debug encryption(aes)
16:07:05 ipsec,debug IV was saved for next processing:
16:07:05 ipsec,debug 2d4779e8 8163d67d ec42452b 385a77d4
16:07:05 ipsec,debug encryption(aes)
16:07:05 ipsec,debug with key:
16:07:05 ipsec,debug e20b5cd5 6870b351 7a64810c 6551899f 78c15f7f 063f512f 60d7e58d 05274d03
16:07:05 ipsec,debug decrypted payload by IV:
16:07:05 ipsec,debug bab6be21 6a183208 579bf58a 227b295c
16:07:05 ipsec,debug decrypted payload, but not trimed.
16:07:05 ipsec,debug 0c000018 3402853b 280db08e 81ea1040 570d2438 81d6e7aa 0000001c 00000001
16:07:05 ipsec,debug 01100001 c2956eb4 66fb8fb4 3394f006 6caf12da 00000000 00000000 0000000c
16:07:05 ipsec,debug padding len=13
16:07:05 ipsec,debug skip to trim padding.
16:07:05 ipsec,debug decrypted.
16:07:05 ipsec,debug c2956eb4 66fb8fb4 3394f006 6caf12da 08100501 38601ca2 0000005c 0c000018
16:07:05 ipsec,debug 3402853b 280db08e 81ea1040 570d2438 81d6e7aa 0000001c 00000001 01100001
16:07:05 ipsec,debug c2956eb4 66fb8fb4 3394f006 6caf12da 00000000 00000000 0000000c
16:07:05 ipsec,debug HASH with:
16:07:05 ipsec,debug 38601ca2 0000001c 00000001 01100001 c2956eb4 66fb8fb4 3394f006 6caf12da
16:07:05 ipsec,debug hmac(hmac_sha1)
16:07:05 ipsec,debug HASH computed:
16:07:05 ipsec,debug 3402853b 280db08e 81ea1040 570d2438 81d6e7aa
16:07:05 ipsec,debug hash validated.
16:07:05 ipsec,debug begin.
16:07:05 ipsec,debug seen nptype=8(hash) len=24
16:07:05 ipsec,debug seen nptype=12(delete) len=28
16:07:05 ipsec,debug succeed.
16:07:05 ipsec,debug 192.168.200.196 delete payload for protocol ISAKMP
16:07:05 ipsec,info purging ISAKMP-SA 192.168.200.1[500]<=>192.168.200.196[500] spi=c2956eb466fb8fb4:3394f0066caf12da.
16:07:05 ipsec,debug purged SAs.
16:07:06 l2tp,debug,packet rcvd control message (ack) from 192.168.200.196:54087 to 192.168.200.1:1701
16:07:06 l2tp,debug,packet     tunnel-id=1, session-id=0, ns=3, nr=2
16:07:06 l2tp,debug tunnel 1 entering state: dead
16:07:06 l2tp,debug,packet rcvd control message from 192.168.200.196:54087 to 192.168.200.1:1701
16:07:06 l2tp,debug,packet     tunnel-id=1, session-id=0, ns=2, nr=2
16:07:06 l2tp,debug,packet     (M) Message-Type=ICRQ
16:07:06 l2tp,debug,packet     (M) Assigned-Session-ID=5325
16:07:06 l2tp,debug,packet     (M) Call-Serial-Number=1
16:07:06 ipsec,info ISAKMP-SA deleted 192.168.200.1[500]-192.168.200.196[500] spi:c2956eb466fb8fb4:3394f0066caf12da rekey:1
16:07:06 ipsec,debug an undead schedule has been deleted.
16:07:08 l2tp,debug,packet rcvd control message from 192.168.200.196:54087 to 192.168.200.1:1701
16:07:08 l2tp,debug,packet     tunnel-id=1, session-id=0, ns=2, nr=2
16:07:08 l2tp,debug,packet     (M) Message-Type=ICRQ
16:07:08 l2tp,debug,packet     (M) Assigned-Session-ID=5325
16:07:08 l2tp,debug,packet     (M) Call-Serial-Number=1
16:07:12 l2tp,debug,packet rcvd control message from 192.168.200.196:54087 to 192.168.200.1:1701
16:07:12 l2tp,debug,packet     tunnel-id=1, session-id=0, ns=2, nr=2
16:07:12 l2tp,debug,packet     (M) Message-Type=ICRQ
16:07:12 l2tp,debug,packet     (M) Assigned-Session-ID=5325
16:07:12 l2tp,debug,packet     (M) Call-Serial-Number=1

[admin@MikroTik] /log>

So now disable the two methods which were permitted before. The background assumption is that one of those two is chosen first and has a bug in that RouterOS version. If this does not help, try to upgrade your Mikrotik. (unless you wrote paweł by inertia at the Windows end )

User is pawel not “paweł” checked that 100 times

Unfortunately OS update didn’t help.

Could it be that the problem is in local-address assigned on Mikrotik only for VPN (192.168.220.1) ? the vpn-pool is ofc. in 220.50-220.100 address space.

/ppp profile
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=192.168.220.1 name=vpn-pool remote-address=vpn-pool session-timeout=0s use-encryption=yes

Ping to 192.168.211.1 (which is a OVPN local IP) works. Ping to .220.1 does not.

Config here.

[
[admin@MikroTik] /system license> /export hide-sensitive
# apr/24/2018 07:43:12 by RouterOS 6.42.1
# software id = M7Y4-4C74
#
# model = RouterBOARD 750G r3
# serial number = 6F380846B3A7
/interface bridge
add admin-mac=CC:2D:E0:38:FB:0D auto-mac=no comment="created from master port" name=bridge1 protocol-mode=none
/interface ethernet
set [ find default-name=ether1 ] name=Internet
set [ find default-name=ether2 ] name=ether2-master
/interface pppoe-client
add add-default-route=yes default-route-distance=0 disabled=no interface=Internet keepalive-timeout=60 name=pppoe-out1 use-peer-dns=yes user=xxxxxxxxxxxxxxxx
/interface list
add exclude=dynamic name=discover
add name=mactel
add name=mac-winbox
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des lifetime=1d pfs-group=none
/ip pool
add name=dhcp ranges=192.168.200.180-192.168.200.200
add name=vpn-pool ranges=192.168.220.50-192.168.220.100
add name=static-pool ranges=192.168.200.2-192.168.200.30
add name=ovpn-pool ranges=192.168.211.2-192.168.211.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=bridge1 lease-time=20h10m name=defconf
/ppp profile
add local-address=192.168.211.1 name=ovpn-profile remote-address=ovpn-pool use-encryption=required
add change-tcp-mss=yes dns-server=8.8.8.8 local-address=192.168.220.1 name=vpn-pool remote-address=vpn-pool session-timeout=0s use-encryption=yes
/snmp community
set [ find default=yes ] addresses=0.0.0.0/0
/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether2-master
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set authentication=chap,mschap2 default-profile=vpn-pool enabled=yes max-mru=1460 max-mtu=1460
/interface list member
add interface=bridge1 list=discover
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=pppoe-out1 list=discover
add interface=bridge1 list=mactel
add interface=bridge1 list=mac-winbox
/interface ovpn-server server
set certificate=ca default-profile=ovpn-profile enabled=yes require-client-certificate=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption enabled=yes
/ip address
add address=192.168.200.1/24 interface=bridge1 network=192.168.200.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-client
add comment=defconf dhcp-options=hostname,clientid interface=Internet
/ip dhcp-server lease
add address=192.168.200.200 client-id=1:b8:27:eb:b:85:a4 mac-address=B8:27:EB:0B:85:A4 server=defconf
add address=192.168.200.180 mac-address=90:2B:34:51:D3:6A
/ip dhcp-server network
add address=192.168.200.0/24 comment=defconf gateway=192.168.200.1 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.200.1 name=router
/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=accept chain=input comment=OpenVPN dst-port=1194 protocol=tcp
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add chain=input port=1701,500,4500 protocol=udp
add chain=input protocol=ipsec-esp
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=Internet
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=input in-interface=pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.220.0/24
/ip ipsec peer
add address=0.0.0.0/0 dh-group=modp1024 enc-algorithm=aes-256,aes-192,aes-128,3des exchange-mode=main-l2tp generate-policy=port-override nat-traversal=no passive=yes
/ip route
add comment=Wan distance=1 dst-address=192.168.180.0/24 gateway=192.168.211.2
/ip service
set telnet disabled=yes
set ftp address=192.168.200.1/32
/ppp l2tp-secret
add comment=gemotialnet
/ppp secret
add local-address=192.168.211.1 name=proxmox profile=ovpn-profile remote-address=192.168.211.2 service=ovpn
add name=pawel profile=vpn-pool service=l2tp
/system clock
set time-zone-name=Europe/Warsaw
/system logging
add topics=ipsec,debug
add topics=l2tp,ppp,info
add topics=l2tp,info
add topics=firewall,info
add topics=firewall,error
add topics=ipsec,error
add topics=ipsec,warning
add topics=l2tp,debug
/system ntp client
set enabled=yes primary-ntp=194.177.4.1
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=mactel
/tool mac-server mac-winbox
set allowed-interface-list=mac-winbox
[admin@MikroTik] /system license>

If I remember correctly, the IP address 192.168.220.1 is created dynamically as soon as the first client successfully logs in if it does not exist before. I could imagine some firewall rules to cause problems later on when the L2TP tunnel comes up, but not that a wrong choice of IP address would break it so early. In fact, the tunnel comes up even if the addresses are in complete mess, it just doesn’t transport data due to that.

Are there any special characters (other than [0-9A-Za-z]) in the password? I have read somewhere here that a $ sign in password has broken interworking with some Microsoft AD (LDAP) or RADIUS, so maybe it is something similar here.

Other than that (and I do realize it contradicts what I think, i.e. that the problem is in the L2TP part), can you disable (not remove) the manually generated IPsec peer, do ****

/interface l2tp-server server set use-ipsec=required ipsec-secret=your_shared_key

at and try again?

Password has only alphanumeric characters.

I tried using dynamic ipsec config from L2TP server… same issue.

Any other options? Maybe I should reset whole configuration etc?

I don’t see how resetting configuration should help as you have upgraded the machine recently and nothing in the configuration seems strange to me.

I do have issues with Windows 10 L2TP/IPsec client if I use another IPsec based service on the same PC before attempting the L2TP/IPsec connection, but I’ve attributed them so far to the IPsec layer, maybe I should dive into Mikrotik log analysis when this happens. I have no iSomething so I cannot test how the iOS behaves, and Android just works.

So if you use Cisco VPN client or Shrewsoft VPN client, maybe reboot the PC and try the L2TP/IPsec as the first VPN after reboot.

Thanks,
I wil update this thread if I find a solution.

Sindy,
could it be that I miss some firewall rules?

/ip firewall filter
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=input comment=OpenVPN dst-port=1194 protocol=tcp
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add chain=input port=1701,500,4500 protocol=udp
add chain=input protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface=Internet
add action=drop chain=input in-interface=pppoe-out1
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface=pppoe-out1
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.220.0/24

No. In the excerpt from your rules below (I’ve added the numbers just for easier reference here, always use ****

something print

before any operation using item numbers to reference items to be removed/moved/modified), rules 3 and 4 cover everything necessary for L2TP over IPsec with or without NAT-T. ****

action=accept

is a default action, UDP port 500 is for IPsec IKE(v2) communication, UDP port 4500 is for ESP encapsulated into UDP if NAT-T needs to be active, and port 1701 is for L2TP itself. It is safer to use an individual rule for UDP port 1701 with an additional match condition ****

ipsec-policy=in,ipsec

, but that’s not your problem right now.
Also just for tidying up in future, you can change rule 1’s ****

connection-state

to

established,related

(like in rule 5) and remove rule 2, thus saving a couple of machine cycles.

/ip firewall filter
1 add action=accept chain=input connection-state=established
2 add action=accept chain=input connection-state=related
3 add chain=input port=1701,500,4500 protocol=udp
4 add chain=input protocol=ipsec-esp
5 add action=accept chain=forward comment="defconf: accept established,related" connection-state=established,related

I still wonder what can be wrong. Can you post the output of the following commands, after eventually replacing public addresses by some strings, while the connection attempt is ongoing?

/ip route print
/ip ipsec peer print
/ip ipsec remote-peer print
/ip ipsec policy print

And can you change the ppp password to any other one just to check whether its particular value is not an issue?