Community discussions

MikroTik App
 
rsck
just joined
Topic Author
Posts: 4
Joined: Thu Apr 23, 2015 10:47 am

VPN (IPSec, L2TP) - error 810 when using certificates

Thu Apr 23, 2015 11:11 am

Hi all

I'm trying to setup a simple test VPN connection between my PC and a MikroTik router using certificates. I keep getting a 810 error while trying to connect, though. So here's the full story:

First I created VPN using IPSec + L2TP + PSK. Everything went smoothly and in 10 minutes it was working. I used this manual: http://blog.f1mikrotik.com/2014/08/18/l2tp-ipsec-vpn/

Then I created certificates (CA + user certificate) for myself using this manual: http://wiki.mikrotik.com/wiki/Manual:Cr ... n_RouterOS I exported them, installed on my computer. Then I changed VPN settings (both on Windows and router sides) to use certificates rather than PSK. I tried to connect, all I got was a 766 error. So I went into windows MMC as an admin, reinstalled certificates on local computer rathen than local user account - now when trying to connect, I keep getting 810 error.

I tried to solve this by recreating certificates on Debian (https://wiki.debian.org/Self-Signed_Certificate), but no change.

Here are my logs:
10:02:17 ipsec,debug,packet IPSEC ---: 384 bytes message received from 192.168.88.11[500] to 192.168.88.1[500]
10:02:17 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 00000000 00000000 01100200 00000000 00000180 0d0000d4
10:02:17 ipsec,debug,packet IPSEC ---: 00000001 00000001 000000c8 01010005 03000028 01010000 80010007 800e0100
10:02:17 ipsec,debug,packet IPSEC ---: 80020002 80040014 80030003 800b0001 000c0004 00007080 03000028 02010000
10:02:17 ipsec,debug,packet IPSEC ---: 80010007 800e0080 80020002 80040013 80030003 800b0001 000c0004 00007080
10:02:17 ipsec,debug,packet IPSEC ---: 03000028 03010000 80010007 800e0100 80020002 8004000e 80030003 800b0001
10:02:17 ipsec,debug,packet IPSEC ---: 000c0004 00007080 03000024 04010000 80010005 80020002 8004000e 80030003
10:02:17 ipsec,debug,packet IPSEC ---: 800b0001 000c0004 00007080 00000024 05010000 80010005 80020002 80040002
10:02:17 ipsec,debug,packet IPSEC ---: 80030003 800b0001 000c0004 00007080 0d000018 1e2b5169 05991c7d 7c96fcbf
10:02:17 ipsec,debug,packet IPSEC ---: b587e461 00000008 0d000014 4a131c81 07035845 5c5728f2 0e95452f 0d000014
10:02:17 ipsec,debug,packet IPSEC ---: 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 4048b7d5 6ebce885 25e7de7f
10:02:17 ipsec,debug,packet IPSEC ---: 00d6c2d3 0d000014 fb1de3cd f341b7ea 16b7e5be 0855f120 0d000014 26244d38
10:02:17 ipsec,debug,packet IPSEC ---: eddb61b3 172a36e3 d0cfb819 00000014 e3a5966a 76379fe7 07228231 e5ce8652
10:02:17 ipsec,debug,packet IPSEC ---: ===
10:02:17 ipsec IPSEC ---: respond new phase 1 negotiation: 192.168.88.1[500]<=>192.168.88.11[500]
10:02:17 ipsec IPSEC ---: begin Identity Protection mode.
10:02:17 ipsec,debug,packet IPSEC ---: begin.
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=1(sa)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=13(vid)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=13(vid)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=13(vid)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=13(vid)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=13(vid)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=13(vid)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=13(vid)
10:02:17 ipsec,debug,packet IPSEC ---: succeed.
10:02:17 ipsec,debug IPSEC ---: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
10:02:17 ipsec,debug IPSEC ---: received Vendor ID: RFC 3947
10:02:17 ipsec,debug IPSEC ---: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
10:02:17 ipsec,debug IPSEC ---:
10:02:17 ipsec,debug IPSEC ---: received Vendor ID: FRAGMENTATION
10:02:17 ipsec,debug,packet IPSEC ---: received unknown Vendor ID
10:02:17 ipsec,debug,packet IPSEC ---: received unknown Vendor ID
10:02:17 ipsec,debug,packet IPSEC ---: received unknown Vendor ID
10:02:17 ipsec,debug IPSEC ---: Selected NAT-T version: RFC 3947
10:02:17 ipsec,debug,packet IPSEC ---: total SA len=208
10:02:17 ipsec,debug,packet IPSEC ---: 00000001 00000001 000000c8 01010005 03000028 01010000 80010007 800e0100
10:02:17 ipsec,debug,packet IPSEC ---: 80020002 80040014 80030003 800b0001 000c0004 00007080 03000028 02010000
10:02:17 ipsec,debug,packet IPSEC ---: 80010007 800e0080 80020002 80040013 80030003 800b0001 000c0004 00007080
10:02:17 ipsec,debug,packet IPSEC ---: 03000028 03010000 80010007 800e0100 80020002 8004000e 80030003 800b0001
10:02:17 ipsec,debug,packet IPSEC ---: 000c0004 00007080 03000024 04010000 80010005 80020002 8004000e 80030003
10:02:17 ipsec,debug,packet IPSEC ---: 800b0001 000c0004 00007080 00000024 05010000 80010005 80020002 80040002
10:02:17 ipsec,debug,packet IPSEC ---: 80030003 800b0001 000c0004 00007080
10:02:17 ipsec,debug,packet IPSEC ---: begin.
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=2(prop)
10:02:17 ipsec,debug,packet IPSEC ---: succeed.
10:02:17 ipsec,debug,packet IPSEC ---: proposal #1 len=200
10:02:17 ipsec,debug,packet IPSEC ---: begin.
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=3(trns)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=3(trns)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=3(trns)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=3(trns)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=3(trns)
10:02:17 ipsec,debug,packet IPSEC ---: succeed.
10:02:17 ipsec,debug,packet IPSEC ---: transform #1 len=40
10:02:17 ipsec,debug,packet IPSEC ---: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:02:17 ipsec,debug,packet IPSEC ---: encryption(aes)
10:02:17 ipsec,debug,packet IPSEC ---: type=Key Length, flag=0x8000, lorv=256
10:02:17 ipsec,debug,packet IPSEC ---: type=Hash Algorithm, flag=0x8000, lorv=SHA
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug,packet IPSEC ---: type=Group Description, flag=0x8000, lorv=20
10:02:17 ipsec,debug IPSEC ---: invalid DH group 20.
10:02:17 ipsec,debug,packet IPSEC ---: transform #2 len=40
10:02:17 ipsec,debug,packet IPSEC ---: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:02:17 ipsec,debug,packet IPSEC ---: encryption(aes)
10:02:17 ipsec,debug,packet IPSEC ---: type=Key Length, flag=0x8000, lorv=128
10:02:17 ipsec,debug,packet IPSEC ---: type=Hash Algorithm, flag=0x8000, lorv=SHA
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug,packet IPSEC ---: type=Group Description, flag=0x8000, lorv=19
10:02:17 ipsec,debug IPSEC ---: invalid DH group 19.
10:02:17 ipsec,debug,packet IPSEC ---: transform #3 len=40
10:02:17 ipsec,debug,packet IPSEC ---: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:02:17 ipsec,debug,packet IPSEC ---: encryption(aes)
10:02:17 ipsec,debug,packet IPSEC ---: type=Key Length, flag=0x8000, lorv=256
10:02:17 ipsec,debug,packet IPSEC ---: type=Hash Algorithm, flag=0x8000, lorv=SHA
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug,packet IPSEC ---: type=Group Description, flag=0x8000, lorv=2048-bit MODP group
10:02:17 ipsec,debug,packet IPSEC ---: dh(modp2048)
10:02:17 ipsec,debug,packet IPSEC ---: type=Authentication Method, flag=0x8000, lorv=RSA signatures
10:02:17 ipsec,debug,packet IPSEC ---: type=Life Type, flag=0x8000, lorv=seconds
10:02:17 ipsec,debug,packet IPSEC ---: type=Life Duration, flag=0x0000, lorv=4
10:02:17 ipsec,debug,packet IPSEC ---: transform #4 len=36
10:02:17 ipsec,debug,packet IPSEC ---: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
10:02:17 ipsec,debug,packet IPSEC ---: encryption(3des)
10:02:17 ipsec,debug,packet IPSEC ---: type=Hash Algorithm, flag=0x8000, lorv=SHA
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug,packet IPSEC ---: type=Group Description, flag=0x8000, lorv=2048-bit MODP group
10:02:17 ipsec,debug,packet IPSEC ---: dh(modp2048)
10:02:17 ipsec,debug,packet IPSEC ---: type=Authentication Method, flag=0x8000, lorv=RSA signatures
10:02:17 ipsec,debug,packet IPSEC ---: type=Life Type, flag=0x8000, lorv=seconds
10:02:17 ipsec,debug,packet IPSEC ---: type=Life Duration, flag=0x0000, lorv=4
10:02:17 ipsec,debug,packet IPSEC ---: transform #5 len=36
10:02:17 ipsec,debug,packet IPSEC ---: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
10:02:17 ipsec,debug,packet IPSEC ---: encryption(3des)
10:02:17 ipsec,debug,packet IPSEC ---: type=Hash Algorithm, flag=0x8000, lorv=SHA
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug,packet IPSEC ---: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
10:02:17 ipsec,debug,packet IPSEC ---: dh(modp1024)
10:02:17 ipsec,debug,packet IPSEC ---: type=Authentication Method, flag=0x8000, lorv=RSA signatures
10:02:17 ipsec,debug,packet IPSEC ---: type=Life Type, flag=0x8000, lorv=seconds
10:02:17 ipsec,debug,packet IPSEC ---: type=Life Duration, flag=0x0000, lorv=4
10:02:17 ipsec,debug,packet IPSEC ---: pair 1:
10:02:17 ipsec,debug,packet IPSEC ---: 0xc9db8: next=(nil) tnext=0xc8c90
10:02:17 ipsec,debug,packet IPSEC ---: 0xc8c90: next=(nil) tnext=0xc8500
10:02:17 ipsec,debug,packet IPSEC ---: 0xc8500: next=(nil) tnext=(nil)
10:02:17 ipsec,debug,packet IPSEC ---: proposal #1: 3 transform
10:02:17 ipsec,debug,packet IPSEC ---: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=5
10:02:17 ipsec,debug,packet IPSEC ---: trns#=3, trns-id=IKE
10:02:17 ipsec,debug,packet IPSEC ---: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
10:02:17 ipsec,debug,packet IPSEC ---: type=Key Length, flag=0x8000, lorv=256
10:02:17 ipsec,debug,packet IPSEC ---: type=Hash Algorithm, flag=0x8000, lorv=SHA
10:02:17 ipsec,debug,packet IPSEC ---: type=Group Description, flag=0x8000, lorv=2048-bit MODP group
10:02:17 ipsec,debug,packet IPSEC ---: type=Authentication Method, flag=0x8000, lorv=RSA signatures
10:02:17 ipsec,debug,packet IPSEC ---: type=Life Type, flag=0x8000, lorv=seconds
10:02:17 ipsec,debug,packet IPSEC ---: type=Life Duration, flag=0x0000, lorv=4
10:02:17 ipsec,debug,packet IPSEC ---: Compared: Local:Peer
10:02:17 ipsec,debug,packet IPSEC ---: (lifetime = 86400:28800)
10:02:17 ipsec,debug,packet IPSEC ---: (lifebyte = 0:0)
10:02:17 ipsec,debug,packet IPSEC ---: enctype = AES-CBC:AES-CBC
10:02:17 ipsec,debug,packet IPSEC ---: (encklen = 256:256)
10:02:17 ipsec,debug,packet IPSEC ---: hashtype = SHA:SHA
10:02:17 ipsec,debug,packet IPSEC ---: authmethod = RSA signatures:RSA signatures
10:02:17 ipsec,debug,packet IPSEC ---: dh_group = 2048-bit MODP group:2048-bit MODP group
10:02:17 ipsec,debug,packet IPSEC ---: an acceptable proposal found.
10:02:17 ipsec,debug,packet IPSEC ---: dh(modp2048)
10:02:17 ipsec,debug,packet IPSEC ---: agreed on RSA signatures auth.
10:02:17 ipsec,debug,packet IPSEC ---: ===
10:02:17 ipsec,debug,packet IPSEC ---: new cookie:
10:02:17 ipsec,debug,packet IPSEC ---: 0c158f41f8f78948
10:02:17 ipsec,debug,packet IPSEC ---: add payload of len 56, next type 13
10:02:17 ipsec,debug,packet IPSEC ---: add payload of len 16, next type 13
10:02:17 ipsec,debug,packet IPSEC ---: add payload of len 16, next type 0
10:02:17 ipsec,debug,packet IPSEC ---: 128 bytes from 192.168.88.1[500] to 192.168.88.11[500]
10:02:17 ipsec,debug,packet IPSEC ---: sockname 192.168.88.1[500]
10:02:17 ipsec,debug,packet IPSEC ---: send packet from 192.168.88.1[500]
10:02:17 ipsec,debug,packet IPSEC ---: send packet to 192.168.88.11[500]
10:02:17 ipsec,debug,packet IPSEC ---: src4 192.168.88.1[500]
10:02:17 ipsec,debug,packet IPSEC ---: dst4 192.168.88.11[500]
10:02:17 ipsec,debug,packet IPSEC ---: 1 times of 128 bytes message will be sent to 192.168.88.11[500]
10:02:17 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 0c158f41 f8f78948 01100200 00000000 00000080 0d00003c
10:02:17 ipsec,debug,packet IPSEC ---: 00000001 00000001 00000030 01010001 00000028 03010000 80010007 800e0100
10:02:17 ipsec,debug,packet IPSEC ---: 80020002 8004000e 80030003 800b0001 000c0004 00007080 0d000014 4a131c81
10:02:17 ipsec,debug,packet IPSEC ---: 07035845 5c5728f2 0e95452f 00000014 afcad713 68a1f1c9 6b8696fc 77570100
10:02:17 ipsec,debug IPSEC ---: sent phase1 packet 192.168.88.1[500]<=>192.168.88.11[500] fd1dbe6c1442d417:0c158f41f8f78948
10:02:17 ipsec,debug,packet IPSEC ---: ==========
10:02:17 ipsec,debug,packet IPSEC ---: 388 bytes message received from 192.168.88.11[500] to 192.168.88.1[500]
10:02:17 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 0c158f41 f8f78948 04100200 00000000 00000184 0a000104
10:02:17 ipsec,debug,packet IPSEC ---: e4602368 5f93cb8e c21830e5 d2e9727a db1986c1 f93176c1 4a3301b3 39be4f10
10:02:17 ipsec,debug,packet IPSEC ---: 730a7189 d9271e7c 026d4eef 3a48fec8 cb95f274 d76e5fb4 4757f725 4442b99f
10:02:17 ipsec,debug,packet IPSEC ---: 86cf2f60 d88076f0 617b0aee d1eaf434 76a821bf 65278e9a a2633e44 f6888c92
10:02:17 ipsec,debug,packet IPSEC ---: 5a49cdc9 a7aa36dd e8b7ad77 04e7a65f 5dae9515 e8b6a7fb 89a70ff8 75258af3
10:02:17 ipsec,debug,packet IPSEC ---: ef91a3a8 22c6d64b 016f8433 95f1ed91 3b5bc49b 49eeffcc 62b5a222 e9ea55b9
10:02:17 ipsec,debug,packet IPSEC ---: 9eaac165 224f95b9 987eaabf 0a7b4f15 be33eaac 7d1c5109 24ebdb88 39489f31
10:02:17 ipsec,debug,packet IPSEC ---: 78dd2541 b95a94bb 7b0c3a57 ff480648 dd9f37b5 aa1967fa efc04879 a2bdf752
10:02:17 ipsec,debug,packet IPSEC ---: 181983b9 d6c17614 e5541491 946b6eb8 6fed7dee f1a76a44 63748fa5 0912e74d
10:02:17 ipsec,debug,packet IPSEC ---: 14000034 fa96906f 8eba715f 59c78906 c307d07d b5617348 a7b6196d 6a9ce2ee
10:02:17 ipsec,debug,packet IPSEC ---: f1c0799a 73036953 d27f0c77 c8588d96 8ae729c6 14000018 83fcb61e 2935d358
10:02:17 ipsec,debug,packet IPSEC ---: dc265083 033225e5 c50060f6 00000018 974a887b 9c8cdba1 3fb65b56 2c3d36b6
10:02:17 ipsec,debug,packet IPSEC ---: 69ae02ff
10:02:17 ipsec,debug,packet IPSEC ---: begin.
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=4(ke)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=10(nonce)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=20(nat-d)
10:02:17 ipsec,debug,packet IPSEC ---: seen nptype=20(nat-d)
10:02:17 ipsec,debug,packet IPSEC ---: succeed.
10:02:17 ipsec,debug IPSEC ---: Hashing 192.168.88.1[500] with algo #2
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug IPSEC ---: NAT-D payload #0 verified
10:02:17 ipsec,debug IPSEC ---: Hashing 192.168.88.11[500] with algo #2
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug IPSEC ---: NAT-D payload #1 verified
10:02:17 ipsec,debug IPSEC ---: NAT not detected
10:02:17 ipsec,debug,packet IPSEC ---: ===
10:02:17 ipsec,debug,packet IPSEC ---: compute DH's private.
10:02:17 ipsec,debug,packet IPSEC ---: 4b15e7eb 479626bd 5e557b8f d17ab28d def23e8f bb93f345 3dcb14c9 523b4a56
10:02:17 ipsec,debug,packet IPSEC ---: 4f4896ce c4259f79 1215fcf3 4dbc84b1 1f79b344 f203e1d9 96543580 39707a3b
10:02:17 ipsec,debug,packet IPSEC ---: af3eac1c 4e52d746 35660133 67011ec3 1f3b4382 dfbeace1 a6a95cca f323a407
10:02:17 ipsec,debug,packet IPSEC ---: 6132b087 a9cf33b4 7bb08013 1db8d204 71f3d204 79426779 6cf04949 a1890533
10:02:17 ipsec,debug,packet IPSEC ---: 2535a139 9c113548 f9518b16 f13422c4 01337903 851f4adf e559c134 fe9beefb
10:02:17 ipsec,debug,packet IPSEC ---: f38c703b 525f8081 b1cdcf81 b0baaa90 be891102 a85a364c 3a225752 58881c8a
10:02:17 ipsec,debug,packet IPSEC ---: 3af69551 7553e79f e6f24961 d2996953 b70c8999 5583ce6d b99285ac c33355bd
10:02:17 ipsec,debug,packet IPSEC ---: c04262b6 d3d0a4e8 6ffa9ad9 31cebc51 e8d83387 987596bc 091131ba faf71967
10:02:17 ipsec,debug,packet IPSEC ---: compute DH's public.
10:02:17 ipsec,debug,packet IPSEC ---: e0e85766 4af05131 3cedf761 1f5341b8 025dd075 64f26dc7 11d8c0a1 7312c953
10:02:17 ipsec,debug,packet IPSEC ---: 67a2da6e 9abbcc69 26e56f02 86813d6f 0e44a64c 51e1715c 3ff3cdfe 79a0897a
10:02:17 ipsec,debug,packet IPSEC ---: bac65eaf 85ea8358 2f7e651c 76e731c7 122fcf25 08892326 d08c1bc4 b20fc19d
10:02:17 ipsec,debug,packet IPSEC ---: f357e210 76f08d30 d651c912 f965f1a7 480f230d 95e4ee44 16c61efa 8c422a3a
10:02:17 ipsec,debug,packet IPSEC ---: e654b56e 965663f6 66415d68 360ea1a0 8174e1a5 100141fd caa4f099 84e4a11b
10:02:17 ipsec,debug,packet IPSEC ---: 97a28575 4c9564bd d8393234 df0a6c13 4a3feab4 fa854c21 5e7a90b2 dbf91b90
10:02:17 ipsec,debug,packet IPSEC ---: 709a96ee 43169ce2 86a524e8 70a6e563 3d5ce922 6700aac5 cf5e910f 8ada48b0
10:02:17 ipsec,debug,packet IPSEC ---: cd4cc5ad ae5af630 6d065141 9758a1bc 2525534f eb752d1f 41da52ce 8d5bd30b
10:02:17 ipsec,debug IPSEC ---: Hashing 192.168.88.11[500] with algo #2
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug IPSEC ---: Hashing 192.168.88.1[500] with algo #2
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug IPSEC ---: Adding remote and local NAT-D payloads.
10:02:17 ipsec,debug,packet IPSEC ---: add payload of len 256, next type 10
10:02:17 ipsec,debug,packet IPSEC ---: add payload of len 24, next type 20
10:02:17 ipsec,debug,packet IPSEC ---: add payload of len 20, next type 20
10:02:17 ipsec,debug,packet IPSEC ---: add payload of len 20, next type 0
10:02:17 ipsec,debug,packet IPSEC ---: 364 bytes from 192.168.88.1[500] to 192.168.88.11[500]
10:02:17 ipsec,debug,packet IPSEC ---: sockname 192.168.88.1[500]
10:02:17 ipsec,debug,packet IPSEC ---: send packet from 192.168.88.1[500]
10:02:17 ipsec,debug,packet IPSEC ---: send packet to 192.168.88.11[500]
10:02:17 ipsec,debug,packet IPSEC ---: src4 192.168.88.1[500]
10:02:17 ipsec,debug,packet IPSEC ---: dst4 192.168.88.11[500]
10:02:17 ipsec,debug,packet IPSEC ---: 1 times of 364 bytes message will be sent to 192.168.88.11[500]
10:02:17 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 0c158f41 f8f78948 04100200 00000000 0000016c 0a000104
10:02:17 ipsec,debug,packet IPSEC ---: e0e85766 4af05131 3cedf761 1f5341b8 025dd075 64f26dc7 11d8c0a1 7312c953
10:02:17 ipsec,debug,packet IPSEC ---: 67a2da6e 9abbcc69 26e56f02 86813d6f 0e44a64c 51e1715c 3ff3cdfe 79a0897a
10:02:17 ipsec,debug,packet IPSEC ---: bac65eaf 85ea8358 2f7e651c 76e731c7 122fcf25 08892326 d08c1bc4 b20fc19d
10:02:17 ipsec,debug,packet IPSEC ---: f357e210 76f08d30 d651c912 f965f1a7 480f230d 95e4ee44 16c61efa 8c422a3a
10:02:17 ipsec,debug,packet IPSEC ---: e654b56e 965663f6 66415d68 360ea1a0 8174e1a5 100141fd caa4f099 84e4a11b
10:02:17 ipsec,debug,packet IPSEC ---: 97a28575 4c9564bd d8393234 df0a6c13 4a3feab4 fa854c21 5e7a90b2 dbf91b90
10:02:17 ipsec,debug,packet IPSEC ---: 709a96ee 43169ce2 86a524e8 70a6e563 3d5ce922 6700aac5 cf5e910f 8ada48b0
10:02:17 ipsec,debug,packet IPSEC ---: cd4cc5ad ae5af630 6d065141 9758a1bc 2525534f eb752d1f 41da52ce 8d5bd30b
10:02:17 ipsec,debug,packet IPSEC ---: 1400001c 8a7811f8 f5b1b9ec bc8d3e4b cfb925f4 6afcb91a 0f164e77 14000018
10:02:17 ipsec,debug,packet IPSEC ---: 974a887b 9c8cdba1 3fb65b56 2c3d36b6 69ae02ff 00000018 83fcb61e 2935d358
10:02:17 ipsec,debug,packet IPSEC ---: dc265083 033225e5 c50060f6
10:02:17 ipsec,debug IPSEC ---: sent phase1 packet 192.168.88.1[500]<=>192.168.88.11[500] fd1dbe6c1442d417:0c158f41f8f78948
10:02:17 ipsec,debug,packet IPSEC ---: compute DH's shared.
10:02:17 ipsec,debug,packet IPSEC ---:
10:02:17 ipsec,debug,packet IPSEC ---: b08b276c a1a40762 09083b32 20941c20 1e9400a9 2fdf50ee 8feb0740 142012a6
10:02:17 ipsec,debug,packet IPSEC ---: eddae410 5c4f4191 b55fb8fd 2c375b47 13aae5ff af0da056 af358c2e dc915435
10:02:17 ipsec,debug,packet IPSEC ---: dcfcbda9 a93b8e80 a6d1d558 48be8737 741638da 1dafba40 fe0c5d0a ccd9eae4
10:02:17 ipsec,debug,packet IPSEC ---: ce160cce 28aed042 8b01af97 4a9ace6f 9d4a7bf7 5485f5e0 4736c283 5e9d6130
10:02:17 ipsec,debug,packet IPSEC ---: 0f9e0a6a 1c69beef 83f2094a 067fb2ec 66e805c0 4b7698d8 467831ba 51064ec7
10:02:17 ipsec,debug,packet IPSEC ---: 536d4a96 a10c97bf b2b35aa0 15c91a15 71e39225 fd7bb172 f6627782 5cb8f38c
10:02:17 ipsec,debug,packet IPSEC ---: da22148a d666ecac 5b86705f 7d63e9a1 eb80775e 08d78557 e79fb731 292981d7
10:02:17 ipsec,debug,packet IPSEC ---: 089af13f 08dcc51f 399a1695 ea2831db 72a93215 e6714970 ae986d61 f3f3f61c
10:02:17 ipsec,debug,packet IPSEC ---: nonce1:
10:02:17 ipsec,debug,packet IPSEC ---: fa96906f 8eba715f 59c78906 c307d07d b5617348 a7b6196d 6a9ce2ee f1c0799a
10:02:17 ipsec,debug,packet IPSEC ---: 73036953 d27f0c77 c8588d96 8ae729c6
10:02:17 ipsec,debug,packet IPSEC ---: nonce2:
10:02:17 ipsec,debug,packet IPSEC ---: 8a7811f8 f5b1b9ec bc8d3e4b cfb925f4 6afcb91a 0f164e77
10:02:17 ipsec,debug,packet IPSEC ---: hmac(hmac_sha1)
10:02:17 ipsec,debug,packet IPSEC ---: SKEYID computed:
10:02:17 ipsec,debug,packet IPSEC ---: 10842cd1 e1834384 48a9217c 24c704c2 71ee53c7
10:02:17 ipsec,debug,packet IPSEC ---: hmac(hmac_sha1)
10:02:17 ipsec,debug,packet IPSEC ---: SKEYID_d computed:
10:02:17 ipsec,debug,packet IPSEC ---: 6a423ca4 4f720f71 7b14ac10 bdd4fda9 12d427d8
10:02:17 ipsec,debug,packet IPSEC ---: hmac(hmac_sha1)
10:02:17 ipsec,debug,packet IPSEC ---: SKEYID_a computed:
10:02:17 ipsec,debug,packet IPSEC ---: 55d39617 7086b81b b86a6944 c63084e3 5af595f7
10:02:17 ipsec,debug,packet IPSEC ---: hmac(hmac_sha1)
10:02:17 ipsec,debug,packet IPSEC ---: SKEYID_e computed:
10:02:17 ipsec,debug,packet IPSEC ---: f4b8c3a4 495c47fe cc6f1800 80b8b43d efb150af
10:02:17 ipsec,debug,packet IPSEC ---: encryption(aes)
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug,packet IPSEC ---: len(SKEYID_e) < len(Ka) (20 < 32), generating long key (Ka = K1 | K2 | ...)
10:02:17 ipsec,debug,packet IPSEC ---: hmac(hmac_sha1)
10:02:17 ipsec,debug,packet IPSEC ---: compute intermediate encryption key K1
10:02:17 ipsec,debug,packet IPSEC ---: 00
10:02:17 ipsec,debug,packet IPSEC ---: f17d3dba c043d9b1 2369502d c562a57e c6eddaa4
10:02:17 ipsec,debug,packet IPSEC ---: hmac(hmac_sha1)
10:02:17 ipsec,debug,packet IPSEC ---: compute intermediate encryption key K2
10:02:17 ipsec,debug,packet IPSEC ---: f17d3dba c043d9b1 2369502d c562a57e c6eddaa4
10:02:17 ipsec,debug,packet IPSEC ---: 34548bc0 c2951924 d071988e 57caee07 6c5dec44
10:02:17 ipsec,debug,packet IPSEC ---: final encryption key computed:
10:02:17 ipsec,debug,packet IPSEC ---: f17d3dba c043d9b1 2369502d c562a57e c6eddaa4 34548bc0 c2951924 d071988e
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug,packet IPSEC ---: encryption(aes)
10:02:17 ipsec,debug,packet IPSEC ---: IV computed:
10:02:17 ipsec,debug,packet IPSEC ---: 6bae100c cc15adaa 272e2a57 9ff6ded7
10:02:17 ipsec,debug,packet IPSEC ---: ==========
10:02:17 ipsec,debug,packet IPSEC ---: 92 bytes message received from 192.168.88.11[500] to 192.168.88.1[500]
10:02:17 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 0c158f41 f8f78948 08100501 804c18a4 0000005c e1694dbe
10:02:17 ipsec,debug,packet IPSEC ---: ef39c231 746047be 0ec6558a 537904c3 bce015a8 470f8996 b66a40cb 57f400f7
10:02:17 ipsec,debug,packet IPSEC ---: 199b2d48 7245aeeb b9132d38 a8837934 841c94a6 fd543489 43386ce5
10:02:17 ipsec,debug,packet IPSEC ---: receive Information.
10:02:17 ipsec,debug,packet IPSEC ---: compute IV for phase2
10:02:17 ipsec,debug,packet IPSEC ---: phase1 last IV:
10:02:17 ipsec,debug,packet IPSEC ---: 6bae100c cc15adaa 272e2a57 9ff6ded7 804c18a4
10:02:17 ipsec,debug,packet IPSEC ---: hash(sha1)
10:02:17 ipsec,debug,packet IPSEC ---: encryption(aes)
10:02:17 ipsec,debug,packet IPSEC ---: phase2 IV computed:
10:02:17 ipsec,debug,packet IPSEC ---: c2c6a0c4 8499a236 8d8a6c1d 948a5524
10:02:17 ipsec,debug,packet IPSEC ---: encryption(aes)
10:02:17 ipsec,debug,packet IPSEC ---: IV was saved for next processing:
10:02:17 ipsec,debug,packet IPSEC ---: a8837934 841c94a6 fd543489 43386ce5
10:02:17 ipsec,debug,packet IPSEC ---: encryption(aes)
10:02:17 ipsec,debug,packet IPSEC ---: with key:
10:02:17 ipsec,debug,packet IPSEC ---: f17d3dba c043d9b1 2369502d c562a57e c6eddaa4 34548bc0 c2951924 d071988e
10:02:17 ipsec,debug,packet IPSEC ---: decrypted payload by IV:
10:02:17 ipsec,debug,packet IPSEC ---: c2c6a0c4 8499a236 8d8a6c1d 948a5524
10:02:17 ipsec,debug,packet IPSEC ---: decrypted payload, but not trimed.
10:02:17 ipsec,debug,packet IPSEC ---: 0b000018 1b7228e7 9375861f f8c09c45 8ad20c62 f25424ff 0000001c 00000001
10:02:17 ipsec,debug,packet IPSEC ---: 0110001c fd1dbe6c 1442d417 0c158f41 f8f78948 00000000 00000000 00000000
10:02:17 ipsec,debug,packet IPSEC ---: padding len=1
10:02:17 ipsec,debug,packet IPSEC ---: skip to trim padding.
10:02:17 ipsec,debug,packet IPSEC ---: decrypted.
10:02:17 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 0c158f41 f8f78948 08100501 804c18a4 0000005c 0b000018
10:02:17 ipsec,debug,packet IPSEC ---: 1b7228e7 9375861f f8c09c45 8ad20c62 f25424ff 0000001c 00000001 0110001c
10:02:17 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 0c158f41 f8f78948 00000000 00000000 00000000
10:02:17 ipsec,debug IPSEC ---: ignore information because ISAKMP-SA has not been established yet.
10:02:24 system,info,account user admin logged in from 192.168.88.11 via telnet
10:02:27 ipsec,debug,packet IPSEC ---: 364 bytes from 192.168.88.1[500] to 192.168.88.11[500]
10:02:27 ipsec,debug,packet IPSEC ---: sockname 192.168.88.1[500]
10:02:27 ipsec,debug,packet IPSEC ---: send packet from 192.168.88.1[500]
10:02:27 ipsec,debug,packet IPSEC ---: send packet to 192.168.88.11[500]
10:02:27 ipsec,debug,packet IPSEC ---: src4 192.168.88.1[500]
10:02:27 ipsec,debug,packet IPSEC ---: dst4 192.168.88.11[500]
10:02:27 ipsec,debug,packet IPSEC ---: 1 times of 364 bytes message will be sent to 192.168.88.11[500]
10:02:27 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 0c158f41 f8f78948 04100200 00000000 0000016c 0a000104
10:02:27 ipsec,debug,packet IPSEC ---: e0e85766 4af05131 3cedf761 1f5341b8 025dd075 64f26dc7 11d8c0a1 7312c953
10:02:27 ipsec,debug,packet IPSEC ---: 67a2da6e 9abbcc69 26e56f02 86813d6f 0e44a64c 51e1715c 3ff3cdfe 79a0897a
10:02:27 ipsec,debug,packet IPSEC ---: bac65eaf 85ea8358 2f7e651c 76e731c7 122fcf25 08892326 d08c1bc4 b20fc19d
10:02:27 ipsec,debug,packet IPSEC ---: f357e210 76f08d30 d651c912 f965f1a7 480f230d 95e4ee44 16c61efa 8c422a3a
10:02:27 ipsec,debug,packet IPSEC ---: e654b56e 965663f6 66415d68 360ea1a0 8174e1a5 100141fd caa4f099 84e4a11b
10:02:27 ipsec,debug,packet IPSEC ---: 97a28575 4c9564bd d8393234 df0a6c13 4a3feab4 fa854c21 5e7a90b2 dbf91b90
10:02:27 ipsec,debug,packet IPSEC ---: 709a96ee 43169ce2 86a524e8 70a6e563 3d5ce922 6700aac5 cf5e910f 8ada48b0
10:02:27 ipsec,debug,packet IPSEC ---: cd4cc5ad ae5af630 6d065141 9758a1bc 2525534f eb752d1f 41da52ce 8d5bd30b
10:02:27 ipsec,debug,packet IPSEC ---: 1400001c 8a7811f8 f5b1b9ec bc8d3e4b cfb925f4 6afcb91a 0f164e77 14000018
10:02:27 ipsec,debug,packet IPSEC ---: 974a887b 9c8cdba1 3fb65b56 2c3d36b6 69ae02ff 00000018 83fcb61e 2935d358
10:02:27 ipsec,debug,packet IPSEC ---: dc265083 033225e5 c50060f6
10:02:27 ipsec,debug IPSEC ---: resent phase1 packet 192.168.88.1[500]<=>192.168.88.11[500] fd1dbe6c1442d417:0c158f41f8f78948
10:02:37 ipsec,debug,packet IPSEC ---: 364 bytes from 192.168.88.1[500] to 192.168.88.11[500]
10:02:37 ipsec,debug,packet IPSEC ---: sockname 192.168.88.1[500]
10:02:37 ipsec,debug,packet IPSEC ---: send packet from 192.168.88.1[500]
10:02:37 ipsec,debug,packet IPSEC ---: send packet to 192.168.88.11[500]
10:02:37 ipsec,debug,packet IPSEC ---: src4 192.168.88.1[500]
10:02:37 ipsec,debug,packet IPSEC ---: dst4 192.168.88.11[500]
10:02:37 ipsec,debug,packet IPSEC ---: 1 times of 364 bytes message will be sent to 192.168.88.11[500]
10:02:37 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 0c158f41 f8f78948 04100200 00000000 0000016c 0a000104
10:02:37 ipsec,debug,packet IPSEC ---: e0e85766 4af05131 3cedf761 1f5341b8 025dd075 64f26dc7 11d8c0a1 7312c953
10:02:37 ipsec,debug,packet IPSEC ---: 67a2da6e 9abbcc69 26e56f02 86813d6f 0e44a64c 51e1715c 3ff3cdfe 79a0897a
10:02:37 ipsec,debug,packet IPSEC ---: bac65eaf 85ea8358 2f7e651c 76e731c7 122fcf25 08892326 d08c1bc4 b20fc19d
10:02:37 ipsec,debug,packet IPSEC ---: f357e210 76f08d30 d651c912 f965f1a7 480f230d 95e4ee44 16c61efa 8c422a3a
10:02:37 ipsec,debug,packet IPSEC ---: e654b56e 965663f6 66415d68 360ea1a0 8174e1a5 100141fd caa4f099 84e4a11b
10:02:37 ipsec,debug,packet IPSEC ---: 97a28575 4c9564bd d8393234 df0a6c13 4a3feab4 fa854c21 5e7a90b2 dbf91b90
10:02:37 ipsec,debug,packet IPSEC ---: 709a96ee 43169ce2 86a524e8 70a6e563 3d5ce922 6700aac5 cf5e910f 8ada48b0
10:02:37 ipsec,debug,packet IPSEC ---: cd4cc5ad ae5af630 6d065141 9758a1bc 2525534f eb752d1f 41da52ce 8d5bd30b
10:02:37 ipsec,debug,packet IPSEC ---: 1400001c 8a7811f8 f5b1b9ec bc8d3e4b cfb925f4 6afcb91a 0f164e77 14000018
10:02:37 ipsec,debug,packet IPSEC ---: 974a887b 9c8cdba1 3fb65b56 2c3d36b6 69ae02ff 00000018 83fcb61e 2935d358
10:02:37 ipsec,debug,packet IPSEC ---: dc265083 033225e5 c50060f6
10:02:37 ipsec,debug IPSEC ---: resent phase1 packet 192.168.88.1[500]<=>192.168.88.11[500] fd1dbe6c1442d417:0c158f41f8f78948
10:02:47 ipsec,debug,packet IPSEC ---: 364 bytes from 192.168.88.1[500] to 192.168.88.11[500]
10:02:47 ipsec,debug,packet IPSEC ---: sockname 192.168.88.1[500]
10:02:47 ipsec,debug,packet IPSEC ---: send packet from 192.168.88.1[500]
10:02:47 ipsec,debug,packet IPSEC ---: send packet to 192.168.88.11[500]
10:02:47 ipsec,debug,packet IPSEC ---: src4 192.168.88.1[500]
10:02:47 ipsec,debug,packet IPSEC ---: dst4 192.168.88.11[500]
10:02:47 ipsec,debug,packet IPSEC ---: 1 times of 364 bytes message will be sent to 192.168.88.11[500]
10:02:47 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 0c158f41 f8f78948 04100200 00000000 0000016c 0a000104
10:02:47 ipsec,debug,packet IPSEC ---: e0e85766 4af05131 3cedf761 1f5341b8 025dd075 64f26dc7 11d8c0a1 7312c953
10:02:47 ipsec,debug,packet IPSEC ---: 67a2da6e 9abbcc69 26e56f02 86813d6f 0e44a64c 51e1715c 3ff3cdfe 79a0897a
10:02:47 ipsec,debug,packet IPSEC ---: bac65eaf 85ea8358 2f7e651c 76e731c7 122fcf25 08892326 d08c1bc4 b20fc19d
10:02:47 ipsec,debug,packet IPSEC ---: f357e210 76f08d30 d651c912 f965f1a7 480f230d 95e4ee44 16c61efa 8c422a3a
10:02:47 ipsec,debug,packet IPSEC ---: e654b56e 965663f6 66415d68 360ea1a0 8174e1a5 100141fd caa4f099 84e4a11b
10:02:47 ipsec,debug,packet IPSEC ---: 97a28575 4c9564bd d8393234 df0a6c13 4a3feab4 fa854c21 5e7a90b2 dbf91b90
10:02:47 ipsec,debug,packet IPSEC ---: 709a96ee 43169ce2 86a524e8 70a6e563 3d5ce922 6700aac5 cf5e910f 8ada48b0
10:02:47 ipsec,debug,packet IPSEC ---: cd4cc5ad ae5af630 6d065141 9758a1bc 2525534f eb752d1f 41da52ce 8d5bd30b
10:02:47 ipsec,debug,packet IPSEC ---: 1400001c 8a7811f8 f5b1b9ec bc8d3e4b cfb925f4 6afcb91a 0f164e77 14000018
10:02:47 ipsec,debug,packet IPSEC ---: 974a887b 9c8cdba1 3fb65b56 2c3d36b6 69ae02ff 00000018 83fcb61e 2935d358
10:02:47 ipsec,debug,packet IPSEC ---: dc265083 033225e5 c50060f6
10:02:47 ipsec,debug IPSEC ---: resent phase1 packet 192.168.88.1[500]<=>192.168.88.11[500] fd1dbe6c1442d417:0c158f41f8f78948
10:02:57 ipsec,debug,packet IPSEC ---: 364 bytes from 192.168.88.1[500] to 192.168.88.11[500]
10:02:57 ipsec,debug,packet IPSEC ---: sockname 192.168.88.1[500]
10:02:57 ipsec,debug,packet IPSEC ---: send packet from 192.168.88.1[500]
10:02:57 ipsec,debug,packet IPSEC ---: send packet to 192.168.88.11[500]
10:02:57 ipsec,debug,packet IPSEC ---: src4 192.168.88.1[500]
10:02:57 ipsec,debug,packet IPSEC ---: dst4 192.168.88.11[500]
10:02:57 ipsec,debug,packet IPSEC ---: 1 times of 364 bytes message will be sent to 192.168.88.11[500]
10:02:57 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 0c158f41 f8f78948 04100200 00000000 0000016c 0a000104
10:02:57 ipsec,debug,packet IPSEC ---: e0e85766 4af05131 3cedf761 1f5341b8 025dd075 64f26dc7 11d8c0a1 7312c953
10:02:57 ipsec,debug,packet IPSEC ---: 67a2da6e 9abbcc69 26e56f02 86813d6f 0e44a64c 51e1715c 3ff3cdfe 79a0897a
10:02:57 ipsec,debug,packet IPSEC ---: bac65eaf 85ea8358 2f7e651c 76e731c7 122fcf25 08892326 d08c1bc4 b20fc19d
10:02:57 ipsec,debug,packet IPSEC ---: f357e210 76f08d30 d651c912 f965f1a7 480f230d 95e4ee44 16c61efa 8c422a3a
10:02:57 ipsec,debug,packet IPSEC ---: e654b56e 965663f6 66415d68 360ea1a0 8174e1a5 100141fd caa4f099 84e4a11b
10:02:57 ipsec,debug,packet IPSEC ---: 97a28575 4c9564bd d8393234 df0a6c13 4a3feab4 fa854c21 5e7a90b2 dbf91b90
10:02:57 ipsec,debug,packet IPSEC ---: 709a96ee 43169ce2 86a524e8 70a6e563 3d5ce922 6700aac5 cf5e910f 8ada48b0
10:02:57 ipsec,debug,packet IPSEC ---: cd4cc5ad ae5af630 6d065141 9758a1bc 2525534f eb752d1f 41da52ce 8d5bd30b
10:02:57 ipsec,debug,packet IPSEC ---: 1400001c 8a7811f8 f5b1b9ec bc8d3e4b cfb925f4 6afcb91a 0f164e77 14000018
10:02:57 ipsec,debug,packet IPSEC ---: 974a887b 9c8cdba1 3fb65b56 2c3d36b6 69ae02ff 00000018 83fcb61e 2935d358
10:02:57 ipsec,debug,packet IPSEC ---: dc265083 033225e5 c50060f6
10:02:57 ipsec,debug IPSEC ---: resent phase1 packet 192.168.88.1[500]<=>192.168.88.11[500] fd1dbe6c1442d417:0c158f41f8f78948
10:03:07 ipsec,debug,packet IPSEC ---: 364 bytes from 192.168.88.1[500] to 192.168.88.11[500]
10:03:07 ipsec,debug,packet IPSEC ---: sockname 192.168.88.1[500]
10:03:07 ipsec,debug,packet IPSEC ---: send packet from 192.168.88.1[500]
10:03:07 ipsec,debug,packet IPSEC ---: send packet to 192.168.88.11[500]
10:03:07 ipsec,debug,packet IPSEC ---: src4 192.168.88.1[500]
10:03:07 ipsec,debug,packet IPSEC ---: dst4 192.168.88.11[500]
10:03:07 ipsec,debug,packet IPSEC ---: 1 times of 364 bytes message will be sent to 192.168.88.11[500]
10:03:07 ipsec,debug,packet IPSEC ---: fd1dbe6c 1442d417 0c158f41 f8f78948 04100200 00000000 0000016c 0a000104
10:03:07 ipsec,debug,packet IPSEC ---: e0e85766 4af05131 3cedf761 1f5341b8 025dd075 64f26dc7 11d8c0a1 7312c953
10:03:07 ipsec,debug,packet IPSEC ---: 67a2da6e 9abbcc69 26e56f02 86813d6f 0e44a64c 51e1715c 3ff3cdfe 79a0897a
10:03:07 ipsec,debug,packet IPSEC ---: bac65eaf 85ea8358 2f7e651c 76e731c7 122fcf25 08892326 d08c1bc4 b20fc19d
10:03:07 ipsec,debug,packet IPSEC ---: f357e210 76f08d30 d651c912 f965f1a7 480f230d 95e4ee44 16c61efa 8c422a3a
10:03:07 ipsec,debug,packet IPSEC ---: e654b56e 965663f6 66415d68 360ea1a0 8174e1a5 100141fd caa4f099 84e4a11b
10:03:07 ipsec,debug,packet IPSEC ---: 97a28575 4c9564bd d8393234 df0a6c13 4a3feab4 fa854c21 5e7a90b2 dbf91b90
10:03:07 ipsec,debug,packet IPSEC ---: 709a96ee 43169ce2 86a524e8 70a6e563 3d5ce922 6700aac5 cf5e910f 8ada48b0
10:03:07 ipsec,debug,packet IPSEC ---: cd4cc5ad ae5af630 6d065141 9758a1bc 2525534f eb752d1f 41da52ce 8d5bd30b
10:03:07 ipsec,debug,packet IPSEC ---: 1400001c 8a7811f8 f5b1b9ec bc8d3e4b cfb925f4 6afcb91a 0f164e77 14000018
10:03:07 ipsec,debug,packet IPSEC ---: 974a887b 9c8cdba1 3fb65b56 2c3d36b6 69ae02ff 00000018 83fcb61e 2935d358
10:03:07 ipsec,debug,packet IPSEC ---: dc265083 033225e5 c50060f6
10:03:07 ipsec,debug IPSEC ---: resent phase1 packet 192.168.88.1[500]<=>192.168.88.11[500] fd1dbe6c1442d417:0c158f41f8f78948
10:03:17 ipsec,error phase1 negotiation failed due to time up 192.168.88.1[500]<=>192.168.88.11[500] fd1dbe6c1442d417:0c158f41f8f78948
10:03:17 ipsec,error IPSEC ---: phase1 negotiation failed due to time up 192.168.88.1[500]<=>192.168.88.11[500] fd1dbe6c1442d417:0c158f41f8f78948
10:04:05 system,info,account user admin logged out from 192.168.88.11 via telnet
10:04:25 system,info,account user admin logged in from 192.168.88.11 via telnet
Will post additional screenshots / logs if needed.

Do any of you know what I could be doing wrong? I think it's something trivial, but so far it's been two days and I can't find it. It surely has to be related to certificates, because when using the exactly same config, only going back to PSK (VPN settings in Windows + IPSec / Peers / Authentication Method in Mikrotik), VPN works perfectly.

Anyway, many thanks in advance! :)
 
cwade
just joined
Posts: 18
Joined: Sat Mar 20, 2010 4:12 pm
Location: Massachusetts, USA

Re: VPN (IPSec, L2TP) - error 810 when using certificates

Sun Apr 26, 2015 4:02 pm

I am confirming that I’ve seen a very similar problem to what you described, and I even went through many of the steps you outlined. Everything works fine with PSK for the IPsec tunnel, but I cannot find any way to get IPsec working with certificates with L2TP/IPsec clients. Note, I’ve successfully created IPsec tunnels using certificates in the past, but without L2TP.

I believe that a part of the problem is just incomplete documentation. The L2TP setup only supports an IPsec peer setting using PSK. There is probably a way to override this IPsec peer configuration, but I have not found the trick, yet. I ran out of time to work on this, but I hope to get back to investigating this soon.

If anyone has an example of L2TP/IPsec working with certificates and widely-supported client implementations, please share.
 
rsck
just joined
Topic Author
Posts: 4
Joined: Thu Apr 23, 2015 10:47 am

Re: VPN (IPSec, L2TP) - error 810 when using certificates

Tue Apr 28, 2015 12:39 pm

Thanks for your input, Cwade. Yesterday I talked to a colleague of mine, who claims to have succesfully set-up IPSec / L2TP VPN in the past. So it seems to be possible. Question remains: how? Mentioned coworker do not remembers set-up steps.
 
jaytcsd
Member Candidate
Member Candidate
Posts: 293
Joined: Wed Dec 29, 2004 9:50 am
Location: Pittsboro IN
Contact:

Re: VPN (IPSec, L2TP) - error 810 when using certificates

Thu Apr 30, 2015 6:14 am

Maybe Mikrotik can start a separate forum category for VPN stuff, lots of posts with unanswered questions.
 
rsck
just joined
Topic Author
Posts: 4
Joined: Thu Apr 23, 2015 10:47 am

Re: VPN (IPSec, L2TP) - error 810 when using certificates

Fri May 15, 2015 10:52 am

Still trying to run certificates. Recently I've been trying to follow a different procedure. There's an unexpected obstacle, however.

I am trying to run this command:
/certificate sign template=self-signed-certificate ca-crl-host=192.168.0.101 name=common-name ca-on-smart-card=no;
But it seems there is even no such option on my router (it's running RouterOS 6.28, so it's up to date):
[admin@MikroTik] > /certificate sign template=self-signed-certificate ca-crl-host=192.168.0.101 name=common-name ca-on-smart-card=no;
expected end of command (line 1 column 27)
[admin@MikroTik] > /certificate sign 

<numbers> -- List of item numbers
ca -- issuer CA
ca-crl-host -- adds CRL URL to issued CA
ca-on-smart-card -- stores CA's private key on smart card
name -- 
I was following these two manuals / topics:
http://wiki.mikrotik.com/wiki/Manual:Cr ... rtificates
http://forum.mikrotik.com/viewtopic.php?t=86082
Do you know what's wrong?

Who is online

Users browsing this forum: No registered users and 110 guests