Community discussions

MikroTik App
  4. RouterOS
  5. General

Cert cannot be imported on IOS13

Post Reply
 
xiaotuzi
just joined
Topic Author
Posts: 21
Joined: Sat Jun 22, 2019 3:34 pm

Cert cannot be imported on IOS13

Wed Jun 24, 2020 9:45 am

Hi,

I had a IKEv2 Roadwarrior setup running, but due to various reasons including change of IP. I had to start from scratch.

I used the same guide as before but now my CA cert is not able to be imported on any IOS/MAC OS device.
Every time I try to import - it says it is not able to import the certificate due to an error.

The guide used is: https://mum.mikrotik.com/presentations/ ... 420263.pdf

I use below code and after signing I import and export as PEM
Code: Select all
/certificate add name=CA.rasmus.Kviknet2 country=DK common-name=my public IP subject-alt-nam
e=IP:my public IP key-size=2048 days-valid=799 trusted=yes key-usage=digital-signature,key-encipherment,data-encipherment
,key-cert-sign,crl-sign
What is wrong with this ?
Top
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19363
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:
Contact anav

Re: Cert cannot be imported on IOS13

Wed Jun 24, 2020 2:32 pm

Probably ran into the same issue I did, in that IOS changed some behaviour.
viewtopic.php?f=2&t=160987&p=793010&hil ... te#p793010
Top
 
xiaotuzi
just joined
Topic Author
Posts: 21
Joined: Sat Jun 22, 2019 3:34 pm

Re: Cert cannot be imported on IOS13

Wed Jun 24, 2020 9:09 pm

Probably ran into the same issue I did, in that IOS changed some behaviour.
viewtopic.php?f=2&t=160987&p=793010&hil ... te#p793010
I tried Step 1 and 2 and then tried to import that -crt file generated - still not possible :(
Top
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1345
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Cert cannot be imported on IOS13

Thu Jun 25, 2020 6:54 pm

Things have changed with iOS 13 and macOS 10.15. Study the link. You can use a tool like CertManEX to create these new types or openssl.
Top
 
xiaotuzi
just joined
Topic Author
Posts: 21
Joined: Sat Jun 22, 2019 3:34 pm

Re: Cert cannot be imported on IOS13

Sat Jul 11, 2020 9:35 am

Well finally found the program XCA for Mac that allowed me to create CA and certificates that could be imported.

Now I think I am almost there, but I get a user Authentication error, however I cannot see what the error actually is. It seems like certificates are OK - also If I try to exchange the client certificate with another one, I get a different error.

Any clues ?
Code: Select all
18:19:57 ipsec,debug ===== received 604 bytes from 10.10.10.121[500] to 123.456.789.10[500] 
18:19:57 ipsec -> ike2 request, exchange: SA_INIT:0 10.10.10.121[500] 688383669b21e7d0:0000000000000000 
18:19:57 ipsec ike2 respond 
18:19:57 ipsec payload seen: SA (220 bytes) 
18:19:57 ipsec payload seen: KE (264 bytes) 
18:19:57 ipsec payload seen: NONCE (20 bytes) 
18:19:57 ipsec payload seen: NOTIFY (8 bytes) 
18:19:57 ipsec payload seen: NOTIFY (28 bytes) 
18:19:57 ipsec payload seen: NOTIFY (28 bytes) 
18:19:57 ipsec payload seen: NOTIFY (8 bytes) 
18:19:57 ipsec processing payload: NONCE 
18:19:57 ipsec processing payload: SA 
18:19:57 ipsec IKE Protocol: IKE 
18:19:57 ipsec  proposal #1 
18:19:57 ipsec   enc: aes256-cbc 
18:19:57 ipsec   prf: hmac-sha256 
18:19:57 ipsec   auth: sha256 
18:19:57 ipsec   dh: modp2048 
18:19:57 ipsec  proposal #2 
18:19:57 ipsec   enc: aes256-cbc 
18:19:57 ipsec   prf: hmac-sha256 
18:19:57 ipsec   auth: sha256 
18:19:57 ipsec   dh: ecp256 
18:19:57 ipsec  proposal #3 
18:19:57 ipsec   enc: aes256-cbc 
18:19:57 ipsec   prf: hmac-sha256 
18:19:57 ipsec   auth: sha256 
18:19:57 ipsec   dh: modp1536 
18:19:57 ipsec  proposal #4 
18:19:57 ipsec   enc: aes128-cbc 
18:19:57 ipsec   prf: hmac-sha1 
18:19:57 ipsec   auth: sha1 
18:19:57 ipsec   dh: modp1024 
18:19:57 ipsec  proposal #5 
18:19:57 ipsec   enc: 3des-cbc 
18:19:57 ipsec   prf: hmac-sha1 
18:19:57 ipsec   auth: sha1 
18:19:57 ipsec   dh: modp1024 
18:19:57 ipsec matched proposal: 
18:19:57 ipsec  proposal #1 
18:19:57 ipsec   enc: aes256-cbc 
18:19:57 ipsec   prf: hmac-sha256 
18:19:57 ipsec   auth: sha256 
18:19:57 ipsec   dh: modp2048 
18:19:57 ipsec processing payload: KE 
18:19:58 ipsec,debug => shared secret (size 0x100) 
18:19:58 ipsec,debug 9a5f3f97 adcf2174 d18a05db 15355e9c 6d8c5334 16d2422e 736d1ba8 9d11d61a 
18:19:58 ipsec,debug 70c8b481 806c1025 015a0625 c77a60e0 dca712bf f7fba405 8ea40603 e4088414 
18:19:58 ipsec,debug dd99bcab a029df9f 2cb9cf55 6245b495 9247c27a 38534d72 ce489933 50975cf0 
18:19:58 ipsec,debug cd656f9d b3c1cd64 66af84ed a5a518c1 03b6a9f1 99eba689 3f68beb9 f900afb0 
18:19:58 ipsec,debug 129a2b6c 2dcdf24e 538b5e92 823c0a60 1276614e 32d139e2 bf9d7300 51a9ffec 
18:19:58 ipsec,debug 1b27775e 68a1a9b4 e8ba05d9 fa4b4318 3462889a b58cf96a 8551155a 2c21c5cf 
18:19:58 ipsec,debug e25e6990 10788175 994709a1 d7b5daa6 54f5c7b8 b27f14f9 410a2f0b c408c138 
18:19:58 ipsec,debug 953224fa 3dcb3a31 5f2c9140 4e976e36 ba1c7bfa b416a710 e4f868cf 229834ac 
18:19:58 ipsec adding payload: SA 
18:19:58 ipsec,debug => (size 0x30) 
18:19:58 ipsec,debug 00000030 0000002c 01010004 0300000c 0100000c 800e0100 03000008 02000005 
18:19:58 ipsec,debug 03000008 0300000c 00000008 0400000e 
18:19:58 ipsec adding payload: KE 
18:19:58 ipsec,debug => (first 0x100 of 0x108) 
18:19:58 ipsec,debug 00000108 000e0000 fb6d8e2e e0ffc0cb b79fa87f 321fe417 14c339ac 6ce6e1ab 
18:19:58 ipsec,debug 8d16aa25 f55f83f6 359a2a7f 5c402dcf b8e3b6d3 eff6b5b0 a196fa38 edb17e95 
18:19:58 ipsec,debug 4acf6e96 835175ae 6aec4533 de64fe78 2ffac57a 19491c22 f342f2e4 a28fc9fa 
18:19:58 ipsec,debug 9e967646 8543268b 568e9df0 d250c282 1b1f4da5 d0fc957b ca4b62be 0b4c47cb 
18:19:58 ipsec,debug 10bf02b5 9bb13389 57af1526 7d45dd70 729d0080 f5d7a5f6 cf695541 35111386 
18:19:58 ipsec,debug ac9a93de 24d5b4d8 11158322 4285fa76 c16b2573 374e1f67 44762ab0 4bcf41bf 
18:19:58 ipsec,debug 1c0a72b5 6e0a3b82 26a5dbf4 32bd9367 465070e4 8e19a872 5bc1fd6a cad34e79 
18:19:58 ipsec,debug 96aeb363 25a9ccf7 7dfebbe8 09228715 eb3627f2 7d443038 9659d8c5 10b1eb7d 
18:19:58 ipsec adding payload: NONCE 
18:19:58 ipsec,debug => (size 0x1c) 
18:19:58 ipsec,debug 0000001c 2040efec 558951ab 79b3059d 0a36b107 cf584a7e 8ad38c33 
18:19:58 ipsec adding notify: NAT_DETECTION_SOURCE_IP 
18:19:58 ipsec,debug => (size 0x1c) 
18:19:58 ipsec,debug 0000001c 00004004 dd613f6f bb053f98 8436395d c42d9347 1ed7dec5 
18:19:58 ipsec adding notify: NAT_DETECTION_DESTINATION_IP 
18:19:58 ipsec,debug => (size 0x1c) 
18:19:58 ipsec,debug 0000001c 00004005 9501d0f7 99ded462 11ca77ed e7150aa2 adf2da7e 
18:19:58 ipsec adding payload: CERTREQ 
18:19:58 ipsec,debug => (size 0x5) 
18:19:58 ipsec,debug 00000005 04 
18:19:58 ipsec <- ike2 reply, exchange: SA_INIT:0 10.10.10.121[500] 688383669b21e7d0:7aec38c2af1184e6 
18:19:58 ipsec,debug ===== sending 429 bytes from 123.456.789.10[500] to 10.10.10.121[500] 
18:19:58 ipsec,debug 1 times of 429 bytes message will be sent to 10.10.10.121[500] 
18:19:58 ipsec,debug => skeyseed (size 0x20) 
18:19:58 ipsec,debug bdd0f547 f92d686d 877bfe5e 2bf34199 2b000118 83de3b76 f1fe0f78 7a6113cc 
18:19:58 ipsec,debug => keymat (size 0x20) 
18:19:58 ipsec,debug 705cd243 113e3fbb fd8f1666 337aa650 9d0b87ba 09686908 b7ad8bc2 64b1a424 
18:19:58 ipsec,debug => SK_ai (size 0x20) 
18:19:58 ipsec,debug 3ad94323 fa7e3e67 73bb7bfb 6bae2f8e e3d008eb b9e3c63f 2eee36b6 29626454 
18:19:58 ipsec,debug => SK_ar (size 0x20) 
18:19:58 ipsec,debug e0236317 24f3a860 75e4a494 e7971811 3db25bf4 165e1814 f52a08f0 6bfb5e5a 
18:19:58 ipsec,debug => SK_ei (size 0x20) 
18:19:58 ipsec,debug 5b3744cb 08efa478 756ef3e5 1dcc0ea6 749b6ba3 4c6683a3 0c527280 22af9c45 
18:19:58 ipsec,debug => SK_er (size 0x20) 
18:19:58 ipsec,debug 68f71a93 f800e7b7 727eafca 2aa13e77 c344898a 663d8231 ab36c9fe 8f6cfedb 
18:19:58 ipsec,debug => SK_pi (size 0x20) 
18:19:58 ipsec,debug 011fe445 b49b226f 6b32aee7 939f2c3d 6029388a bee539c2 a7077499 dd0ec6fb 
18:19:58 ipsec,debug => SK_pr (size 0x20) 
18:19:58 ipsec,debug e580b5e2 8c7775e1 813a691b 693ef4df 2b3ba505 2aa46403 30acd220 b592eb43 
18:19:58 ipsec,info new ike2 SA (R): 123.456.789.10[500]-10.10.10.121[500] spi:7aec38c2af1184e6:688383669b21e7d0 
18:19:58 ipsec processing payloads: VID (none found) 
18:19:58 ipsec processing payloads: NOTIFY 
18:19:58 ipsec   notify: REDIRECT_SUPPORTED 
18:19:58 ipsec   notify: NAT_DETECTION_SOURCE_IP 
18:19:58 ipsec   notify: NAT_DETECTION_DESTINATION_IP 
18:19:58 ipsec   notify: IKEV2_FRAGMENTATION_SUPPORTED 
18:19:58 ipsec,debug ===== received 1648 bytes from 10.10.10.121[4500] to 212.237.183.55[4500] 
18:19:58 ipsec -> ike2 request, exchange: AUTH:1 10.10.10.121[4500] 688383669b21e7d0:7aec38c2af1184e6 
18:19:58 ipsec peer ports changed: 500 -> 4500 
18:19:58 ipsec payload seen: ENC (1620 bytes) 
18:19:58 ipsec processing payload: ENC 
18:19:58 ipsec,debug => iv (size 0x10) 
18:19:58 ipsec,debug 6de98fef 6ba17f20 b8f89af9 5a323164 
18:19:58 ipsec,debug => plain payload (trimmed) (first 0x100 of 0x62a) 
18:19:58 ipsec,debug 25000015 02000000 6d796970 61642e63 6c69656e 74290003 71043082 03683082 
18:19:58 ipsec,debug 0250a003 02010202 087d5194 d120e820 0a300d06 092a8648 86f70d01 010b0500 
18:19:58 ipsec,debug 3075310b 30090603 55040613 02444b31 0b300906 03550408 1302444b 310e300c 
18:19:58 ipsec,debug 06035504 07130556 656a656e 310f300d 06035504 0a130642 6f6a7365 6e311730 
18:19:58 ipsec,debug 15060355 0403130e 3231322e 3233372e 3138332e 3535311f 301d0609 2a864886 
18:19:58 ipsec,debug f70d0109 01161072 61736d75 7340626f 6a73656e 2e636e30 1e170d32 30303633 
18:19:58 ipsec,debug 30313631 3430305a 170d3232 30363235 31363134 30305a30 40310b30 09060355 
18:19:58 ipsec,debug 04061302 444b310b 30090603 55040813 02444b31 0e300c06 03550407 13055665 
18:19:58 ipsec,debug decrypted 
18:19:58 ipsec payload seen: ID_I (21 bytes) 
18:19:58 ipsec payload seen: CERT (881 bytes) 
18:19:58 ipsec payload seen: NOTIFY (8 bytes) 
18:19:58 ipsec payload seen: ID_R (12 bytes) 
18:19:58 ipsec payload seen: AUTH (264 bytes) 
18:19:58 ipsec payload seen: CONFIG (40 bytes) 
18:19:58 ipsec payload seen: NOTIFY (8 bytes) 
18:19:58 ipsec payload seen: NOTIFY (8 bytes) 
18:19:58 ipsec payload seen: SA (200 bytes) 
18:19:58 ipsec payload seen: TS_I (64 bytes) 
18:19:58 ipsec payload seen: TS_R (64 bytes) 
18:19:58 ipsec payload seen: NOTIFY (8 bytes) 
18:19:58 ipsec processing payloads: NOTIFY 
18:19:58 ipsec   notify: INITIAL_CONTACT 
18:19:58 ipsec   notify: ESP_TFC_PADDING_NOT_SUPPORTED 
18:19:58 ipsec   notify: NON_FIRST_FRAGMENTS_ALSO 
18:19:58 ipsec   notify: MOBIKE_SUPPORTED 
18:19:58 ipsec ike auth: respond 
18:19:58 ipsec processing payload: ID_I 
18:19:58 ipsec ID_I (FQDN): myipad.client 
18:19:58 ipsec processing payload: ID_R 
18:19:58 ipsec ID_R (ADDR4): 123.456.789.10 
18:19:58 ipsec processing payload: AUTH 
18:19:58 ipsec processing payload: CERT 
18:19:58 ipsec got CERT: CN=ipad.client,C=DK,ST=DK,L=Vejen,O=,OU=,SN= 
18:19:58 ipsec,debug => (size 0x36c) 
18:19:58 ipsec,debug 30820368 30820250 a0030201 0202087d 5194d120 e8200a30 0d06092a 864886f7 
18:19:58 ipsec,debug 0d01010b 05003075 310b3009 06035504 06130244 4b310b30 09060355 04081302 
18:19:58 ipsec,debug 444b310e 300c0603 55040713 0556656a 656e310f 300d0603 55040a13 06426f6a 
18:19:58 ipsec,debug 73656e31 17301506 03550403 130e3231 322e3233 372e3138 332e3535 311f301d 
18:19:58 ipsec,debug 06092a86 4886f70d 01090116 10726173 6d757340 626f6a73 656e2e63 6e301e17 
18:19:58 ipsec,debug 0d323030 36333031 36313430 305a170d 32323036 32353136 31343030 5a304031 
18:19:58 ipsec,debug 0b300906 03550406 1302444b 310b3009 06035504 08130244 4b310e30 0c060355 
18:19:58 ipsec,debug 04071305 56656a65 6e311430 12060355 0403130b 69706164 2e636c69 656e7430 
18:19:58 ipsec,debug 
18:19:58 ipsec,debug 82012230 0d06092a 864886f7 0d010101 05000382 010f0030 82010a02 82010100 
18:19:58 ipsec,debug a75431b1 6ac012f3 5df8429e 1d2b60f4 36963fff 21f49ba0 93463aa7 4d6d4bbe 
18:19:58 ipsec,debug c4746fc9 45c1cb05 5baf815b 72fa924a 8841f97f ba146eb2 e7969502 7c35d0ae 
18:19:58 ipsec,debug 1951a8d6 cf7889e1 4b5bb06a 25fa2fa0 7bc46d75 0571f77b deb513ef 76f0c8e5 
18:19:58 ipsec,debug e8d480c9 07f54d57 3908b73d 4000ccbf cb398c93 ba1c3dc7 983e3e3e c29ee824 
18:19:58 ipsec,debug edd7b7f5 96def9a6 54124aa0 fbd676c5 606095ef 3492c85e 35de7b64 4e16de3a 
18:19:58 ipsec,debug 375f82c1 10c788f4 3a9c5556 472d8d44 f95accd7 babc0529 80cdc160 5acccf83 
18:19:58 ipsec,debug eb792321 64d602aa c83edaf5 7c524f24 ce3c548f 3eb1ce13 a55c52c5 6e4b55df 
18:19:58 ipsec,debug 
18:19:58 ipsec,debug 54413948 391e7314 b7415b3e c3993378 244242e2 a306d77c 990f714a 8b92872f 
18:19:58 ipsec,debug 02030100 01a33130 2f301306 03551d25 040c300a 06082b06 01050507 03023018 
18:19:58 ipsec,debug 0603551d 11041130 0f820d6d 79697061 642e636c 69656e74 300d0609 2a864886 
18:19:58 ipsec,debug f70d0101 0b050003 82010100 657ec6c8 676f8776 fb9ee1b3 d0f0a5c0 652523da 
18:19:58 ipsec,debug 2c14e880 4542c898 d7dac36d 3e6bf6f2 4b26c313 6fdbec2c be86fee6 92a65aef 
18:19:58 ipsec,debug d7899376 e94e502f 65c0cd1f 4a63bd60 91118fa9 66972f2c ad036112 543d7d82 
18:19:58 ipsec,debug c650dfd5 3724ceef 071cfc1d 9eae492b 0bb60353 88df36dd 16ba8efd aa8a8e1b 
18:19:58 ipsec,debug abc6bd8b 67ed6a93 28755080 185754bd dc6ed566 2f983b8d ccda6288 534fb915 
18:19:58 ipsec,debug 
18:19:58 ipsec,debug 7bf66b90 fd85a789 be969143 26ea7c39 5af7a65c 1b9a7414 bf198c4a dd5d9ea7 
18:19:58 ipsec,debug 3da5997c b06de0fc 4eb1daf2 58123e69 430be24a ef4188e9 6214f02d a3829836 
18:19:58 ipsec,debug 513d6234 47362122 a6ee461d 4c82d4b2 862cadeb 16a4b660 439b4469 a814e42a 
18:19:58 ipsec,debug 93ec1b43 a0be1f78 96fa8bac 
18:19:58 ipsec processing payloads: NOTIFY 
18:19:58 ipsec   notify: INITIAL_CONTACT 
18:19:58 ipsec   notify: ESP_TFC_PADDING_NOT_SUPPORTED 
18:19:58 ipsec   notify: NON_FIRST_FRAGMENTS_ALSO 
18:19:58 ipsec   notify: MOBIKE_SUPPORTED 
18:19:58 ipsec processing payload: AUTH 
18:19:58 ipsec requested auth method: RSA 
18:19:58 ipsec,debug => peer's auth (size 0x100) 
18:19:58 ipsec,debug 9bbdbd55 0773e6c6 6bf7abd1 b138a8a3 aa99d52a 85be6ad7 5830fe03 8d81076e 
18:19:58 ipsec,debug ba813826 97d1e5dd 1c81ef79 58686c56 53577994 1b69b14b c5460067 2b8887fb 
18:19:58 ipsec,debug a98badcc fdf5d128 adb925e3 6ea71aad d6bbb352 82a04a81 8fbc6ee4 eb504600 
18:19:58 ipsec,debug a0719671 12cfa3b6 daf7685f f1d170b4 7726ad23 cd724fce 904357ab 7d7d5414 
18:19:58 ipsec,debug 5ed156cd 8da547e0 1d62abc4 277e60eb bd50b48b e63bc2c1 61d5c8b8 60f89207 
18:19:58 ipsec,debug fd56f95c ef6f58bc b56a357e fcd143e3 6bfefc7d 8e9418fc f5976019 4fe95209 
18:19:58 ipsec,debug bbf55b03 36803cf9 efb14b71 1fec05bb 4f139472 78185df1 53614771 459ae997 
18:19:58 ipsec,debug 027c8ad2 38fc72ac 61f69ed8 492cd095 a48a7b05 90356ef7 2005e752 b8f0d362 
18:19:58 ipsec,debug checking SAN: myipad.client 
18:19:58 ipsec,debug => auth nonce (size 0x18) 
18:19:58 ipsec,debug 2040efec 558951ab 79b3059d 0a36b107 cf584a7e 8ad38c33 
18:19:58 ipsec,debug => SK_p (size 0x20) 
18:19:58 ipsec,debug 011fe445 b49b226f 6b32aee7 939f2c3d 6029388a bee539c2 a7077499 dd0ec6fb 
18:19:58 ipsec,debug => idhash (size 0x20) 
18:19:58 ipsec,debug 6ba3ad43 c6cd18b5 9ec3081f 7f23ed4e 8ed5652c 8edd5585 967f70b3 9580a283 
18:19:58 ipsec,info,account peer authorized: 123.456.789.10[4500]-10.10.10.121[4500] spi:7aec38c2af1184e6:688383669b21e7d0 
18:19:58 ipsec initial contact 
18:19:58 ipsec processing payloads: NOTIFY 
18:19:58 ipsec   notify: INITIAL_CONTACT 
18:19:58 ipsec   notify: ESP_TFC_PADDING_NOT_SUPPORTED 
18:19:58 ipsec   notify: NON_FIRST_FRAGMENTS_ALSO 
18:19:58 ipsec   notify: MOBIKE_SUPPORTED 
18:19:58 ipsec peer wants tunnel mode 
18:19:58 ipsec processing payload: CONFIG 
18:19:58 ipsec   attribute: internal IPv4 address 
18:19:58 ipsec   attribute: internal IPv4 netmask 
18:19:58 ipsec   attribute: internal IPv4 DHCP 
18:19:58 ipsec   attribute: internal IPv4 DNS 
18:19:58 ipsec   attribute: internal IPv6 address 
18:19:58 ipsec   attribute: internal IPv6 DHCP 
18:19:58 ipsec   attribute: internal IPv6 DNS 
18:19:58 ipsec   attribute: internal DNS domain 
18:19:58 ipsec,info acquired 10.10.12.25 address for 10.10.10.121, myipad.client 
18:19:58 ipsec processing payload: TS_I 
18:19:58 ipsec 0.0.0.0/0 
18:19:58 ipsec [::/0] 
18:19:58 ipsec processing payload: TS_R 
18:19:58 ipsec 0.0.0.0/0 
18:19:58 ipsec [::/0] 
18:19:58 ipsec TSi in tunnel mode replaced with config address: 10.10.12.25 
18:19:58 ipsec TSr in tunnel mode replaced with split subnet: 0.0.0.0/0 
18:19:58 ipsec canditate selectors: 0.0.0.0/0 <=> 10.10.12.25 
18:19:58 ipsec canditate selectors: [::/0] <=> [::/0] 
18:19:58 ipsec processing payload: SA 
18:19:58 ipsec IKE Protocol: ESP 
18:19:58 ipsec  proposal #1 
18:19:58 ipsec   enc: aes256-cbc 
18:19:58 ipsec   auth: sha256 
18:19:58 ipsec  proposal #2 
18:19:58 ipsec   enc: aes256-cbc 
18:19:58 ipsec   auth: sha256 
18:19:58 ipsec  proposal #3 
18:19:58 ipsec   enc: aes256-cbc 
18:19:58 ipsec   auth: sha256 
18:19:58 ipsec  proposal #4 
18:19:58 ipsec   enc: aes128-cbc 
18:19:58 ipsec   auth: sha1 
18:19:58 ipsec  proposal #5 
18:19:58 ipsec   enc: 3des-cbc 
18:19:58 ipsec   auth: sha1 
18:19:58 ipsec searching for policy for selector: 0.0.0.0/0 <=> 10.10.12.25 
18:19:58 ipsec generating policy 
18:19:58 ipsec matched proposal: 
18:19:58 ipsec  proposal #1 
18:19:58 ipsec   enc: aes256-cbc 
18:19:58 ipsec   auth: sha256 
18:19:58 ipsec ike auth: finish 
18:19:58 ipsec ID_R (FQDN): mymikrotik.server 
18:19:58 ipsec processing payload: NONCE 
18:19:58 ipsec,debug => auth nonce (size 0x10) 
18:19:58 ipsec,debug d153912e dc22b4e0 38168c8b 0347c54c 
18:19:58 ipsec,debug => SK_p (size 0x20) 
18:19:58 ipsec,debug e580b5e2 8c7775e1 813a691b 693ef4df 2b3ba505 2aa46403 30acd220 b592eb43 
18:19:58 ipsec,debug => idhash (size 0x20) 
18:19:58 ipsec,debug 44752e2a 719328af 00c52b8b 79ccfe25 a3f2380f 7089d81a fc30c5b2 26aa9cc6 
18:19:58 ipsec,debug => my auth (size 0x100) 
18:19:58 ipsec,debug 8b027bfa b291ed57 fe081d2d 2199676c f107e4a5 3661f23e d30e83d9 2023ccb7 
18:19:58 ipsec,debug f9ed28dd e8fe3606 c65d844c 3277ac36 fcafe51b 56a28b05 ab536d03 e1737866 
18:19:58 ipsec,debug 1efaff11 4e4c074c 9c0e0bf5 3aabdd4c 136ae226 f3272631 a87350fc 2a73353f 
18:19:58 ipsec,debug 1f9a6378 b60c13ff e8bd73ce 86cff818 e4e8e758 0437d9cd f6c567bf a4f81e48 
18:19:58 ipsec,debug 0b671b5c f21f9de3 d13f7f23 07bd46ee f9028284 a808cf13 02d646da 5cbeecc3 
18:19:58 ipsec,debug a17d05db 19a9802b 1d12597c c46be14f 7ed51019 035b721c 3e83a90e f0d28286 
18:19:58 ipsec,debug 51ca82ea 0f4cc984 f59126e7 befb5adb 75417493 9f05b617 d7c22fdc 001daa51 
18:19:58 ipsec,debug 135e3302 b9b27501 73e38e0e fc3622e9 31b72ce8 724ffdee 9d04ba7b a30e4466 
18:19:58 ipsec cert: CN=mikrotik.vpn.server,C=DK,ST=DK,L=Vejen,O=,OU=,SN= 
18:19:58 ipsec adding payload: CERT 
18:19:58 ipsec,debug => (first 0x100 of 0x39d) 
18:19:58 ipsec,debug 0000039d 04308203 94308202 7ca00302 01020208 7d626975 55727615 300d0609 
18:19:58 ipsec,debug 2a864886 f70d0101 0b050030 75310b30 09060355 04061302 444b310b 30090603 
18:19:58 ipsec,debug 55040813 02444b31 0e300c06 03550407 13055665 6a656e31 0f300d06 0355040a 
18:19:58 ipsec,debug 1306426f 6a73656e 31173015 06035504 03130e32 31322e32 33372e31 38332e35 
18:19:58 ipsec,debug 35311f30 1d06092a 864886f7 0d010901 16107261 736d7573 40626f6a 73656e2e 
18:19:58 ipsec,debug 636e301e 170d3230 30363330 31363135 30305a17 0d323230 36323931 36313530 
18:19:58 ipsec,debug 305a3048 310b3009 06035504 06130244 4b310b30 09060355 04081302 444b310e 
18:19:58 ipsec,debug 300c0603 55040713 0556656a 656e311c 301a0603 55040313 136d696b 726f7469 
18:19:58 ipsec adding payload: ID_R 
18:19:58 ipsec,debug => (size 0x19) 
18:19:58 ipsec,debug 00000019 02000000 6d796d69 6b726f74 696b2e73 65727665 72 
18:19:58 ipsec adding payload: AUTH 
18:19:58 ipsec,debug => (first 0x100 of 0x108) 
18:19:58 ipsec,debug 00000108 01000000 8b027bfa b291ed57 fe081d2d 2199676c f107e4a5 3661f23e 
18:19:58 ipsec,debug d30e83d9 2023ccb7 f9ed28dd e8fe3606 c65d844c 3277ac36 fcafe51b 56a28b05 
18:19:58 ipsec,debug ab536d03 e1737866 1efaff11 4e4c074c 9c0e0bf5 3aabdd4c 136ae226 f3272631 
18:19:58 ipsec,debug a87350fc 2a73353f 1f9a6378 b60c13ff e8bd73ce 86cff818 e4e8e758 0437d9cd 
18:19:58 ipsec,debug f6c567bf a4f81e48 0b671b5c f21f9de3 d13f7f23 07bd46ee f9028284 a808cf13 
18:19:58 ipsec,debug 02d646da 5cbeecc3 a17d05db 19a9802b 1d12597c c46be14f 7ed51019 035b721c 
18:19:58 ipsec,debug 3e83a90e f0d28286 51ca82ea 0f4cc984 f59126e7 befb5adb 75417493 9f05b617 
18:19:58 ipsec,debug d7c22fdc 001daa51 135e3302 b9b27501 73e38e0e fc3622e9 31b72ce8 724ffdee 
18:19:58 ipsec preparing internal IPv4 address 
18:19:58 ipsec preparing internal IPv4 netmask 
18:19:58 ipsec preparing internal IPv6 subnet 
18:19:58 ipsec preparing internal IPv4 DNS 
18:19:58 ipsec adding payload: CONFIG 
18:19:58 ipsec,debug => (size 0x2c) 
18:19:58 ipsec,debug 0000002c 02000000 00010004 0a0a0c19 00020004 ffffffff 000d0008 00000000 
18:19:58 ipsec,debug 00000000 00030004 0a0a0a1d 
18:19:58 ipsec initiator selector: 10.10.12.25 
18:19:58 ipsec adding payload: TS_I 
18:19:58 ipsec,debug => (size 0x18) 
18:19:58 ipsec,debug 00000018 01000000 07000010 0000ffff 0a0a0c19 0a0a0c19 
18:19:58 ipsec responder selector: 0.0.0.0/0 
18:19:58 ipsec adding payload: TS_R 
18:19:58 ipsec,debug => (size 0x18) 
18:19:58 ipsec,debug 00000018 01000000 07000010 0000ffff 00000000 ffffffff 
18:19:58 ipsec adding payload: SA 
18:19:58 ipsec,debug => (size 0x2c) 
18:19:58 ipsec,debug 0000002c 00000028 01030403 0ca3a8b2 0300000c 0100000c 800e0100 03000008 
18:19:58 ipsec,debug 0300000c 00000008 05000000 
18:19:58 ipsec <- ike2 reply, exchange: AUTH:1 10.10.10.121[4500] 688383669b21e7d0:7aec38c2af1184e6 
18:19:58 ipsec,debug ===== sending 1472 bytes from 123.456.789.10[4500] to 10.10.10.121[4500] 
18:19:58 ipsec,debug 1 times of 1476 bytes message will be sent to 10.10.10.121[4500] 
18:19:58 ipsec,debug => child keymat (size 0x80) 
18:19:58 ipsec,debug 7840a0fe dcca8e0f e239c305 e73c8064 85c71f2c 6a323097 b8fc5f08 ba895ad7 
18:19:58 ipsec,debug b69faaf3 3dd2fc2b 195359f1 925d7ab9 6fb32917 656e386a cfa70e01 648dd5ec 
18:19:58 ipsec,debug 0e548f5e a4d6613d 785f5d98 e58697f6 faa2dbf8 d1ff843e 6970841b 062375c5 
18:19:58 ipsec,debug efa516ca f057d655 3e3f2eb2 e5b92c81 6966935a 8eb628fe 77e7d9fc fe369470 
18:19:58 ipsec IPsec-SA established: 10.10.10.121[4500]->212.237.183.55[4500] spi=0xca3a8b2 
18:19:58 ipsec IPsec-SA established: 123.456.789.10[4500]->10.10.10.121[4500] spi=0x2783a0 
18:20:04 ipsec,debug ===== received 76 bytes from 84.17.36.150[4500] to 212.237.183.55[4500] 
18:20:04 ipsec -> ike2 request, exchange: INFORMATIONAL:164 84.17.36.150[4500] f6931d7e9a5afab5:ea92a01fceb55d3c 
18:20:04 ipsec payload seen: ENC (48 bytes) 
18:20:04 ipsec processing payload: ENC 
18:20:04 ipsec,debug => iv (size 0x10) 
18:20:04 ipsec,debug 57f7341e 8b84953e a4922a92 bb535c1d 
18:20:04 ipsec,debug => plain payload (trimmed) (size 0x0) 
18:20:04 ipsec,debug decrypted 
18:20:04 ipsec respond: info 
18:20:04 ipsec,debug sending empty reply 
18:20:04 ipsec <- ike2 reply, exchange: INFORMATIONAL:164 84.17.36.150[4500] f6931d7e9a5afab5:ea92a01fceb55d3c 
18:20:04 ipsec,debug ===== sending 124 bytes from 123.456.789.10[4500] to 84.17.36.150[4500] 
18:20:04 ipsec,debug 1 times of 128 bytes message will be sent to 84.17.36.150[4500]
Top
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 74 guests
  4. RouterOS
  5. General