dear sindy, the configs that i posted in the previous reply are exactly the configs at the time of ping fail. therefore, looking at the last posted configs, if and only if i halt ipsec on booth ends (ex. by disabling peers) pings will come back. i guess this is a sign for a working gre tunnel between the two as if i see counting packets in mikrotik gre interface hile pinging. am right?
about the gre types ... yes i am exactly trying "encrypted gre" which i guess is known as "gre over ipsec". i think the other method where the gre is in transport mode is called "ipsec over gre". anyway, i loved your explanations, i highly appreciate the distinction you made; great for a beginner like me
about the inconsistence of logs, yes you're right. so i tried to re-enable logging at the time when ping fails that is, when ipsec is applied to gre tunnel. here is the content of "ipsec-start.txt" file:
# jan/ 2/1970 0:16:11 by RouterOS 6.49.6
# software id = 0G7Y-54W3
#
00:17:01 ipsec,debug 192.168.222.2 DPD monitoring....
00:17:01 ipsec,debug hash(sha1)
00:17:01 ipsec,debug 92 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:01 ipsec,debug 1 times of 92 bytes message will be sent to 192.168.222.2[500]
00:17:01 ipsec,debug sendto Information notify.
00:17:01 ipsec,debug 192.168.222.2 DPD R-U-There sent (0)
00:17:01 ipsec,debug 192.168.222.2 rescheduling send_r_u (5).
00:17:01 ipsec,debug ===== received 92 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:01 ipsec,debug receive Information.
00:17:01 ipsec,debug hash(sha1)
00:17:01 ipsec,debug hash validated.
00:17:01 ipsec,debug begin.
00:17:01 ipsec,debug seen nptype=8(hash) len=24
00:17:01 ipsec,debug seen nptype=11(notify) len=32
00:17:01 ipsec,debug succeed.
00:17:01 ipsec,debug 192.168.222.2 notify: R_U_THERE_ACK
00:17:01 ipsec,debug 192.168.222.2 DPD R-U-There-Ack received
00:17:01 ipsec,debug received an R-U-THERE-ACK
00:17:07 ipsec,debug ===== received 316 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:07 ipsec,debug hash(sha1)
00:17:07 ipsec,debug ===
00:17:07 ipsec respond new phase 2 negotiation: 192.168.222.5[500]<=>192.168.222.2[500]
00:17:07 ipsec,debug begin.
00:17:07 ipsec,debug seen nptype=8(hash) len=24
00:17:07 ipsec,debug seen nptype=1(sa) len=68
00:17:07 ipsec,debug seen nptype=10(nonce) len=24
00:17:07 ipsec,debug seen nptype=4(ke) len=132
00:17:07 ipsec,debug seen nptype=5(id) len=16
00:17:07 ipsec,debug seen nptype=5(id) len=16
00:17:07 ipsec,debug succeed.
00:17:07 ipsec,debug received IDci2:
00:17:07 ipsec,debug 042f0000 00000000 00000000
00:17:07 ipsec,debug received IDcr2:
00:17:07 ipsec,debug 042f0000 00000000 00000000
00:17:07 ipsec,debug HASH(1) validate:
00:17:07 ipsec,debug 3c3cdbdf c0ad8564 8da891a6 1b66b3af b1c01759
00:17:07 ipsec,debug total SA len=64
00:17:07 ipsec,debug 00000001 00000001 00000038 01030401 a8a09e6d 0000002c 010c0000 80040001
00:17:07 ipsec,debug 80010001 80020e10 80010002 00020004 00465000 80050002 80060080 80030002
00:17:07 ipsec,debug begin.
00:17:07 ipsec,debug seen nptype=2(prop) len=56
00:17:07 ipsec,debug succeed.
00:17:07 ipsec,debug proposal #1 len=56
00:17:07 ipsec,debug begin.
00:17:07 ipsec,debug seen nptype=3(trns) len=44
00:17:07 ipsec,debug succeed.
00:17:07 ipsec,debug transform #1 len=44
00:17:07 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Tunnel
00:17:07 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
00:17:07 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
00:17:07 ipsec,debug life duration was in TLV.
00:17:07 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
00:17:07 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
00:17:07 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
00:17:07 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:07 ipsec,debug type=Group Description, flag=0x8000, lorv=2
00:17:07 ipsec,debug dh(modp1024)
00:17:07 ipsec,debug pair 1:
00:17:07 ipsec,debug 0x4a3808: next=(nil) tnext=(nil)
00:17:07 ipsec,debug proposal #1: 1 transform
00:17:07 ipsec,debug got the local address from ID payload 0.0.0.0[0] prefixlen=0 ul_proto=47
00:17:07 ipsec,debug got the peer address from ID payload 0.0.0.0[0] prefixlen=0 ul_proto=47
00:17:07 ipsec searching for policy for selector: 0.0.0.0/0 ip-proto:47 <=> 0.0.0.0/0 ip-proto:47
00:17:07 ipsec policy not found
00:17:07 ipsec failed to get proposal for responder.
00:17:07 ipsec,error 192.168.222.2 failed to pre-process ph2 packet.
00:17:07 ipsec,debug hash(sha1)
00:17:07 ipsec,debug 76 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:07 ipsec,debug 1 times of 76 bytes message will be sent to 192.168.222.2[500]
00:17:07 ipsec,debug sendto Information notify.
00:17:07 ipsec,debug ===== received 92 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:07 ipsec,debug receive Information.
00:17:07 ipsec,debug hash(sha1)
00:17:07 ipsec,debug hash validated.
00:17:07 ipsec,debug begin.
00:17:07 ipsec,debug seen nptype=8(hash) len=24
00:17:07 ipsec,debug seen nptype=12(delete) len=28
00:17:07 ipsec,debug succeed.
00:17:07 ipsec,debug 192.168.222.2 delete payload for protocol ISAKMP
00:17:07 ipsec,info purging ISAKMP-SA 192.168.222.5[500]<=>192.168.222.2[500] spi=9d29a0e1abfb7d44:3fc807dfdf888ad4.
00:17:07 ipsec purged IPsec-SA proto_id=ESP spi=0xfc67a2c2
00:17:07 ipsec purged IPsec-SA proto_id=ESP spi=0x13b403c
00:17:07 ipsec purged ISAKMP-SA 192.168.222.5[500]<=>192.168.222.2[500] spi=9d29a0e1abfb7d44:3fc807dfdf888ad4.
00:17:07 ipsec,debug purged SAs.
00:17:07 ipsec,info ISAKMP-SA deleted 192.168.222.5[500]-192.168.222.2[500] spi:9d29a0e1abfb7d44:3fc807dfdf888ad4 rekey:1
00:17:11 ipsec,debug ===
00:17:11 ipsec,info initiate new phase 1 (Identity Protection): 192.168.222.5[500]<=>192.168.222.2[500]
00:17:11 ipsec,debug new cookie:
00:17:11 ipsec,debug 71ffcbce1a50cb0e
00:17:11 ipsec,debug add payload of len 56, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 13
00:17:11 ipsec,debug add payload of len 16, next type 0
00:17:11 ipsec,debug 348 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:11 ipsec,debug 1 times of 348 bytes message will be sent to 192.168.222.2[500]
00:17:11 ipsec sent phase1 packet 192.168.222.5[500]<=>192.168.222.2[500] 71ffcbce1a50cb0e:0000000000000000
00:17:11 ipsec,debug ===== received 108 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:11 ipsec,debug begin.
00:17:11 ipsec,debug seen nptype=1(sa) len=60
00:17:11 ipsec,debug seen nptype=13(vid) len=20
00:17:11 ipsec,debug succeed.
00:17:11 ipsec received Vendor ID: RFC 3947
00:17:11 ipsec 192.168.222.2 Selected NAT-T version: RFC 3947
00:17:11 ipsec,debug total SA len=56
00:17:11 ipsec,debug 00000001 00000001 00000030 01010001 00000028 01010000 80010007 800e0080
00:17:11 ipsec,debug 80020002 80040002 80030001 800b0001 000c0004 00015180
00:17:11 ipsec,debug begin.
00:17:11 ipsec,debug seen nptype=2(prop) len=48
00:17:11 ipsec,debug succeed.
00:17:11 ipsec,debug proposal #1 len=48
00:17:11 ipsec,debug begin.
00:17:11 ipsec,debug seen nptype=3(trns) len=40
00:17:11 ipsec,debug succeed.
00:17:11 ipsec,debug transform #1 len=40
00:17:11 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
00:17:11 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:11 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
00:17:11 ipsec,debug hash(sha1)
00:17:11 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
00:17:11 ipsec,debug dh(modp1024)
00:17:11 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
00:17:11 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
00:17:11 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
00:17:11 ipsec,debug pair 1:
00:17:11 ipsec,debug 0x4a9908: next=(nil) tnext=(nil)
00:17:11 ipsec,debug proposal #1: 1 transform
00:17:11 ipsec,debug -checking with pre-shared key auth-
00:17:11 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
00:17:11 ipsec,debug trns#=1, trns-id=IKE
00:17:11 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
00:17:11 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:11 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
00:17:11 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
00:17:11 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
00:17:11 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
00:17:11 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
00:17:11 ipsec,debug -compare proposal #1: Local:Peer
00:17:11 ipsec,debug (lifetime = 86400:86400)
00:17:11 ipsec,debug (lifebyte = 0:0)
00:17:11 ipsec,debug enctype = AES-CBC:AES-CBC
00:17:11 ipsec,debug (encklen = 128:128)
00:17:11 ipsec,debug hashtype = SHA:SHA
00:17:11 ipsec,debug authmethod = pre-shared key:pre-shared key
00:17:11 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
00:17:11 ipsec,debug -an acceptable proposal found-
00:17:11 ipsec,debug dh(modp1024)
00:17:11 ipsec,debug -agreed on pre-shared key auth-
00:17:11 ipsec,debug ===
00:17:11 ipsec,debug dh(modp1024)
00:17:11 ipsec,debug 192.168.222.2 Hashing 192.168.222.2[500] with algo #2
00:17:11 ipsec,debug hash(sha1)
00:17:11 ipsec,debug 192.168.222.5 Hashing 192.168.222.5[500] with algo #2
00:17:11 ipsec,debug hash(sha1)
00:17:11 ipsec Adding remote and local NAT-D payloads.
00:17:11 ipsec,debug add payload of len 128, next type 10
00:17:11 ipsec,debug add payload of len 24, next type 20
00:17:11 ipsec,debug add payload of len 20, next type 20
00:17:11 ipsec,debug add payload of len 20, next type 0
00:17:11 ipsec,debug 236 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:11 ipsec,debug 1 times of 236 bytes message will be sent to 192.168.222.2[500]
00:17:11 ipsec sent phase1 packet 192.168.222.5[500]<=>192.168.222.2[500] 71ffcbce1a50cb0e:3fc807df1dc73e73
00:17:11 ipsec,debug ===== received 304 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:11 ipsec,debug begin.
00:17:11 ipsec,debug seen nptype=4(ke) len=132
00:17:11 ipsec,debug seen nptype=10(nonce) len=24
00:17:11 ipsec,debug seen nptype=13(vid) len=20
00:17:11 ipsec,debug seen nptype=13(vid) len=20
00:17:11 ipsec,debug seen nptype=13(vid) len=20
00:17:11 ipsec,debug seen nptype=13(vid) len=12
00:17:11 ipsec,debug seen nptype=20(nat-d) len=24
00:17:11 ipsec,debug seen nptype=20(nat-d) len=24
00:17:11 ipsec,debug succeed.
00:17:11 ipsec received Vendor ID: CISCO-UNITY
00:17:11 ipsec received Vendor ID: DPD
00:17:11 ipsec,debug remote supports DPD
00:17:11 ipsec,debug received unknown Vendor ID
00:17:11 ipsec,debug ca0fa0c2 1dc63e73 78abcb9a f94a523b
00:17:11 ipsec received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
00:17:11 ipsec,debug 192.168.222.5 Hashing 192.168.222.5[500] with algo #2
00:17:11 ipsec,debug hash(sha1)
00:17:11 ipsec,debug NAT-D payload #0 verified
00:17:11 ipsec,debug 192.168.222.2 Hashing 192.168.222.2[500] with algo #2
00:17:11 ipsec,debug hash(sha1)
00:17:11 ipsec,debug NAT-D payload #1 verified
00:17:11 ipsec NAT not detected
00:17:11 ipsec,debug ===
00:17:11 ipsec,debug dh(modp1024)
00:17:11 ipsec,debug nonce 1:
00:17:11 ipsec,debug 9daa4075 f5892b90 99e02a51 7fd37b46 19722727 5c81e14c
00:17:11 ipsec,debug nonce 2:
00:17:11 ipsec,debug 666bc150 1bb004a6 9f5795b4 f919cf63 5684108e
00:17:11 ipsec,debug SKEYID computed:
00:17:11 ipsec,debug 8d80fc4c 87d45b59 f8279d33 4c37100f b491e060
00:17:11 ipsec,debug SKEYID_d computed:
00:17:11 ipsec,debug 5c929e91 ca102cc2 b59a2b0b ea16e0ad 8cb06001
00:17:11 ipsec,debug SKEYID_a computed:
00:17:11 ipsec,debug bda8c1d3 2d599ed9 d98317c6 362a55a1 c39eea7b
00:17:11 ipsec,debug SKEYID_e computed:
00:17:11 ipsec,debug b7b0fd46 13f18fcb bd614fea 29b30877 e105d7ff
00:17:11 ipsec,debug hash(sha1)
00:17:11 ipsec,debug final encryption key computed:
00:17:11 ipsec,debug b7b0fd46 13f18fcb bd614fea 29b30877
00:17:11 ipsec,debug hash(sha1)
00:17:11 ipsec,debug IV computed:
00:17:11 ipsec,debug aa4ef65c 0ed7ab01 55a9d3d2 7707dacd
00:17:11 ipsec,debug use ID type of IPv4_address
00:17:11 ipsec,debug add payload of len 8, next type 8
00:17:11 ipsec,debug add payload of len 20, next type 0
00:17:11 ipsec,debug 76 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:11 ipsec,debug 1 times of 76 bytes message will be sent to 192.168.222.2[500]
00:17:11 ipsec sent phase1 packet 192.168.222.5[500]<=>192.168.222.2[500] 71ffcbce1a50cb0e:3fc807df1dc73e73
00:17:11 ipsec,debug ===== received 76 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:11 ipsec,debug begin.
00:17:11 ipsec,debug seen nptype=5(id) len=12
00:17:11 ipsec,debug seen nptype=8(hash) len=24
00:17:11 ipsec,debug succeed.
00:17:11 ipsec,debug HASH received:
00:17:11 ipsec,debug d20117da e9dc5bcb fd5bfe45 869a2978 10063dec
00:17:11 ipsec,debug HASH for PSK validated.
00:17:11 ipsec,debug 192.168.222.2 peer's ID:
00:17:11 ipsec,debug 011101f4 c0a8de02
00:17:11 ipsec,debug ===
00:17:11 ipsec ph2 possible after ph1 creation
00:17:11 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
00:17:11 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
00:17:11 ipsec,debug begin QUICK mode.
00:17:11 ipsec,debug ===
00:17:11 ipsec,debug begin QUICK mode.
00:17:11 ipsec initiate new phase 2 negotiation: 192.168.222.5[500]<=>192.168.222.2[500]
00:17:11 ipsec,debug hash(sha1)
00:17:11 ipsec,debug call pfkey_send_getspi 6
00:17:11 ipsec,debug pfkey GETSPI sent: ESP/Tunnel 192.168.222.2[500]->192.168.222.5[500]
00:17:11 ipsec,debug pfkey getspi sent.
00:17:11 ipsec,info ISAKMP-SA established 192.168.222.5[500]-192.168.222.2[500] spi:71ffcbce1a50cb0e:3fc807df1dc73e73
00:17:11 ipsec,debug ===
00:17:11 ipsec,debug ===== received 108 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:11 ipsec,debug receive Information.
00:17:11 ipsec,debug hash(sha1)
00:17:11 ipsec,debug hash validated.
00:17:11 ipsec,debug begin.
00:17:11 ipsec,debug seen nptype=8(hash) len=24
00:17:11 ipsec,debug seen nptype=11(notify) len=40
00:17:11 ipsec,debug succeed.
00:17:11 ipsec,debug 192.168.222.2 notify: RESPONDER-LIFETIME
00:17:11 ipsec,debug 192.168.222.2 notification message 24576:RESPONDER-LIFETIME, doi=1 proto_id=1 spi=71ffcbce1a50cb0e3fc807df1dc73e73(size=16).
00:17:11 ipsec,debug dh(modp1024)
00:17:11 ipsec,debug dh(modp1024)
00:17:11 ipsec,debug dh(modp1024)
00:17:11 ipsec,debug use local ID type IPv4_subnet
00:17:11 ipsec,debug use remote ID type IPv4_subnet
00:17:11 ipsec,debug IDci:
00:17:11 ipsec,debug 042f0000 ac100200 ffffff00
00:17:11 ipsec,debug IDcr:
00:17:11 ipsec,debug 042f0000 01010100 ffffff00
00:17:11 ipsec,debug add payload of len 56, next type 10
00:17:11 ipsec,debug add payload of len 24, next type 4
00:17:11 ipsec,debug add payload of len 128, next type 5
00:17:11 ipsec,debug add payload of len 12, next type 5
00:17:11 ipsec,debug add payload of len 12, next type 0
00:17:11 ipsec,debug add payload of len 20, next type 1
00:17:11 ipsec,debug 316 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:11 ipsec,debug 1 times of 316 bytes message will be sent to 192.168.222.2[500]
00:17:11 ipsec sent phase2 packet 192.168.222.5[500]<=>192.168.222.2[500] 71ffcbce1a50cb0e:3fc807df1dc73e73:b2a57df5
00:17:11 ipsec,debug ===== received 348 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:11 ipsec,debug begin.
00:17:11 ipsec,debug seen nptype=8(hash) len=24
00:17:11 ipsec,debug seen nptype=1(sa) len=60
00:17:11 ipsec,debug seen nptype=10(nonce) len=24
00:17:11 ipsec,debug seen nptype=4(ke) len=132
00:17:11 ipsec,debug seen nptype=5(id) len=16
00:17:11 ipsec,debug seen nptype=5(id) len=16
00:17:11 ipsec,debug seen nptype=11(notify) len=40
00:17:11 ipsec,debug succeed.
00:17:11 ipsec,debug 192.168.222.2 Notify Message received
00:17:11 ipsec 192.168.222.2 ignore RESPONDER-LIFETIME notification.
00:17:11 ipsec,debug IDci matches proposal.
00:17:11 ipsec,debug IDcr matches proposal.
00:17:11 ipsec,debug HASH allocated:hbuf->l=344 actual:tlen=312
00:17:11 ipsec,debug HASH(2) received:
00:17:11 ipsec,debug 8d0ecf44 0a115c6a 57b520a4 195c8409 c9928c46
00:17:11 ipsec,debug total SA len=56
00:17:11 ipsec,debug 00000001 00000001 00000030 01030401 0d41992d 00000024 010c0000 80010001
00:17:11 ipsec,debug 00020004 00015180 80040001 80060080 80050002 80030002
00:17:11 ipsec,debug begin.
00:17:11 ipsec,debug seen nptype=2(prop) len=48
00:17:11 ipsec,debug succeed.
00:17:11 ipsec,debug proposal #1 len=48
00:17:11 ipsec,debug begin.
00:17:11 ipsec,debug seen nptype=3(trns) len=36
00:17:11 ipsec,debug succeed.
00:17:11 ipsec,debug transform #1 len=36
00:17:11 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
00:17:11 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
00:17:11 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Tunnel
00:17:11 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:11 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
00:17:11 ipsec,debug type=Group Description, flag=0x8000, lorv=2
00:17:11 ipsec,debug dh(modp1024)
00:17:11 ipsec,debug pair 1:
00:17:11 ipsec,debug 0x4aa290: next=(nil) tnext=(nil)
00:17:11 ipsec,debug proposal #1: 1 transform
00:17:11 ipsec,debug total SA len=56
00:17:11 ipsec,debug 00000001 00000001 00000030 01030401 16e169e8 00000024 010c0000 80040001
00:17:11 ipsec,debug 80010001 00020004 00015180 80050002 80060080 80030002
00:17:11 ipsec,debug begin.
00:17:11 ipsec,debug seen nptype=2(prop) len=48
00:17:11 ipsec,debug succeed.
00:17:11 ipsec,debug proposal #1 len=48
00:17:11 ipsec,debug begin.
00:17:11 ipsec,debug seen nptype=3(trns) len=36
00:17:11 ipsec,debug succeed.
00:17:11 ipsec,debug transform #1 len=36
00:17:11 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Tunnel
00:17:11 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
00:17:11 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
00:17:11 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
00:17:11 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:11 ipsec,debug type=Group Description, flag=0x8000, lorv=2
00:17:11 ipsec,debug dh(modp1024)
00:17:11 ipsec,debug pair 1:
00:17:11 ipsec,debug 0x4aa4b8: next=(nil) tnext=(nil)
00:17:11 ipsec,debug proposal #1: 1 transform
00:17:11 ipsec attribute has been modified.
00:17:11 ipsec,debug begin compare proposals.
00:17:11 ipsec,debug pair[1]: 0x4aa4b8
00:17:11 ipsec,debug 0x4aa4b8: next=(nil) tnext=(nil)
00:17:11 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC
00:17:11 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Tunnel
00:17:11 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
00:17:11 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
00:17:11 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
00:17:11 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:11 ipsec,debug type=Group Description, flag=0x8000, lorv=2
00:17:11 ipsec,debug peer's single bundle:
00:17:11 ipsec,debug (proto_id=ESP spisize=4 spi=16e169e8 spi_p=00000000 encmode=Tunnel reqid=0:0)
00:17:11 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
00:17:11 ipsec,debug my single bundle:
00:17:11 ipsec,debug (proto_id=ESP spisize=4 spi=0d41992d spi_p=00000000 encmode=Tunnel reqid=0:0)
00:17:11 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
00:17:11 ipsec,debug matched
00:17:11 ipsec,debug ===
00:17:11 ipsec,debug HASH(3) generate
00:17:11 ipsec,debug add payload of len 20, next type 0
00:17:11 ipsec,debug 60 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:11 ipsec,debug 1 times of 60 bytes message will be sent to 192.168.222.2[500]
00:17:11 ipsec,debug dh(modp1024)
00:17:11 ipsec,debug encryption(aes-cbc)
00:17:11 ipsec,debug hmac(sha1)
00:17:11 ipsec,debug encklen=128 authklen=160
00:17:11 ipsec,debug generating 480 bits of key (dupkeymat=3)
00:17:11 ipsec,debug generating K1...K3 for KEYMAT.
00:17:11 ipsec,debug 9f14e177 32f04649 cb7fd47a 10723391 d8bea395 3ccc465c cef04c88 7122db55
00:17:11 ipsec,debug 192a0736 0cac4512 5257853d 5890b327 4dbb74ba 3a9a2cc3 ad38954e
00:17:11 ipsec,debug encryption(aes-cbc)
00:17:11 ipsec,debug hmac(sha1)
00:17:11 ipsec,debug encklen=128 authklen=160
00:17:11 ipsec,debug generating 480 bits of key (dupkeymat=3)
00:17:11 ipsec,debug generating K1...K3 for KEYMAT.
00:17:11 ipsec,debug 51b1da8f 4bc1ced0 6f3256e5 adb8dab4 f43b40ae 212cb2eb 2f1c4080 71a7244d
00:17:11 ipsec,debug 931476a6 f36af815 25fddfba 743e4454 02a2ba1c f42f4ec2 de1446ee
00:17:11 ipsec,debug KEYMAT computed.
00:17:11 ipsec,debug call pk_sendupdate
00:17:11 ipsec,debug encryption(aes-cbc)
00:17:11 ipsec,debug hmac(sha1)
00:17:11 ipsec,debug call pfkey_send_update_nat
00:17:11 ipsec IPsec-SA established: ESP/Tunnel 192.168.222.2[500]->192.168.222.5[500] spi=0xd41992d
00:17:11 ipsec,debug pfkey update sent.
00:17:11 ipsec,debug encryption(aes-cbc)
00:17:11 ipsec,debug hmac(sha1)
00:17:11 ipsec,debug call pfkey_send_add_nat
00:17:11 ipsec IPsec-SA established: ESP/Tunnel 192.168.222.5[500]->192.168.222.2[500] spi=0x16e169e8
00:17:11 ipsec,debug pfkey add sent.
00:17:37 ipsec,debug ===== received 316 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:37 ipsec,debug hash(sha1)
00:17:37 ipsec,debug ===
00:17:37 ipsec respond new phase 2 negotiation: 192.168.222.5[500]<=>192.168.222.2[500]
00:17:37 ipsec,debug begin.
00:17:37 ipsec,debug seen nptype=8(hash) len=24
00:17:37 ipsec,debug seen nptype=1(sa) len=68
00:17:37 ipsec,debug seen nptype=10(nonce) len=24
00:17:37 ipsec,debug seen nptype=4(ke) len=132
00:17:37 ipsec,debug seen nptype=5(id) len=16
00:17:37 ipsec,debug seen nptype=5(id) len=16
00:17:37 ipsec,debug succeed.
00:17:37 ipsec,debug received IDci2:
00:17:37 ipsec,debug 042f0000 00000000 00000000
00:17:37 ipsec,debug received IDcr2:
00:17:37 ipsec,debug 042f0000 00000000 00000000
00:17:37 ipsec,debug HASH(1) validate:
00:17:37 ipsec,debug 1e86a402 22ffbd5c 8036935d 402734be 5063aa8a
00:17:37 ipsec,debug total SA len=64
00:17:37 ipsec,debug 00000001 00000001 00000038 01030401 ef8079ea 0000002c 010c0000 80040001
00:17:37 ipsec,debug 80010001 80020e10 80010002 00020004 00465000 80050002 80060080 80030002
00:17:37 ipsec,debug begin.
00:17:37 ipsec,debug seen nptype=2(prop) len=56
00:17:37 ipsec,debug succeed.
00:17:37 ipsec,debug proposal #1 len=56
00:17:37 ipsec,debug begin.
00:17:37 ipsec,debug seen nptype=3(trns) len=44
00:17:37 ipsec,debug succeed.
00:17:37 ipsec,debug transform #1 len=44
00:17:37 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Tunnel
00:17:37 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
00:17:37 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
00:17:37 ipsec,debug life duration was in TLV.
00:17:37 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
00:17:37 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
00:17:37 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
00:17:37 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:37 ipsec,debug type=Group Description, flag=0x8000, lorv=2
00:17:37 ipsec,debug dh(modp1024)
00:17:37 ipsec,debug pair 1:
00:17:37 ipsec,debug 0x4aab08: next=(nil) tnext=(nil)
00:17:37 ipsec,debug proposal #1: 1 transform
00:17:37 ipsec,debug got the local address from ID payload 0.0.0.0[0] prefixlen=0 ul_proto=47
00:17:37 ipsec,debug got the peer address from ID payload 0.0.0.0[0] prefixlen=0 ul_proto=47
00:17:37 ipsec searching for policy for selector: 0.0.0.0/0 ip-proto:47 <=> 0.0.0.0/0 ip-proto:47
00:17:37 ipsec policy not found
00:17:37 ipsec failed to get proposal for responder.
00:17:37 ipsec,error 192.168.222.2 failed to pre-process ph2 packet.
00:17:37 ipsec,debug hash(sha1)
00:17:37 ipsec,debug 76 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:37 ipsec,debug 1 times of 76 bytes message will be sent to 192.168.222.2[500]
00:17:37 ipsec,debug sendto Information notify.
00:17:37 ipsec,debug ===== received 92 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:37 ipsec,debug receive Information.
00:17:37 ipsec,debug hash(sha1)
00:17:37 ipsec,debug hash validated.
00:17:37 ipsec,debug begin.
00:17:37 ipsec,debug seen nptype=8(hash) len=24
00:17:37 ipsec,debug seen nptype=12(delete) len=28
00:17:37 ipsec,debug succeed.
00:17:37 ipsec,debug 192.168.222.2 delete payload for protocol ISAKMP
00:17:37 ipsec,info purging ISAKMP-SA 192.168.222.5[500]<=>192.168.222.2[500] spi=71ffcbce1a50cb0e:3fc807df1dc73e73.
00:17:37 ipsec purged IPsec-SA proto_id=ESP spi=0x16e169e8
00:17:37 ipsec purged IPsec-SA proto_id=ESP spi=0xd41992d
00:17:37 ipsec purged ISAKMP-SA 192.168.222.5[500]<=>192.168.222.2[500] spi=71ffcbce1a50cb0e:3fc807df1dc73e73.
00:17:37 ipsec,debug purged SAs.
00:17:37 ipsec,info ISAKMP-SA deleted 192.168.222.5[500]-192.168.222.2[500] spi:71ffcbce1a50cb0e:3fc807df1dc73e73 rekey:1
00:17:41 ipsec,debug ===
00:17:41 ipsec,info initiate new phase 1 (Identity Protection): 192.168.222.5[500]<=>192.168.222.2[500]
00:17:41 ipsec,debug new cookie:
00:17:41 ipsec,debug 0e8ff9c25a73fec3
00:17:41 ipsec,debug add payload of len 56, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 13
00:17:41 ipsec,debug add payload of len 16, next type 0
00:17:41 ipsec,debug 348 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:41 ipsec,debug 1 times of 348 bytes message will be sent to 192.168.222.2[500]
00:17:41 ipsec sent phase1 packet 192.168.222.5[500]<=>192.168.222.2[500] 0e8ff9c25a73fec3:0000000000000000
00:17:41 ipsec,debug ===== received 108 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:41 ipsec,debug begin.
00:17:41 ipsec,debug seen nptype=1(sa) len=60
00:17:41 ipsec,debug seen nptype=13(vid) len=20
00:17:41 ipsec,debug succeed.
00:17:41 ipsec received Vendor ID: RFC 3947
00:17:41 ipsec 192.168.222.2 Selected NAT-T version: RFC 3947
00:17:41 ipsec,debug total SA len=56
00:17:41 ipsec,debug 00000001 00000001 00000030 01010001 00000028 01010000 80010007 800e0080
00:17:41 ipsec,debug 80020002 80040002 80030001 800b0001 000c0004 00015180
00:17:41 ipsec,debug begin.
00:17:41 ipsec,debug seen nptype=2(prop) len=48
00:17:41 ipsec,debug succeed.
00:17:41 ipsec,debug proposal #1 len=48
00:17:41 ipsec,debug begin.
00:17:41 ipsec,debug seen nptype=3(trns) len=40
00:17:41 ipsec,debug succeed.
00:17:41 ipsec,debug transform #1 len=40
00:17:41 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
00:17:41 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:41 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
00:17:41 ipsec,debug hash(sha1)
00:17:41 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
00:17:41 ipsec,debug dh(modp1024)
00:17:41 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
00:17:41 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
00:17:41 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
00:17:41 ipsec,debug pair 1:
00:17:41 ipsec,debug 0x4a4188: next=(nil) tnext=(nil)
00:17:41 ipsec,debug proposal #1: 1 transform
00:17:41 ipsec,debug -checking with pre-shared key auth-
00:17:41 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
00:17:41 ipsec,debug trns#=1, trns-id=IKE
00:17:41 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
00:17:41 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:41 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA
00:17:41 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group
00:17:41 ipsec,debug type=Authentication Method, flag=0x8000, lorv=pre-shared key
00:17:41 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds
00:17:41 ipsec,debug type=Life Duration, flag=0x0000, lorv=4
00:17:41 ipsec,debug -compare proposal #1: Local:Peer
00:17:41 ipsec,debug (lifetime = 86400:86400)
00:17:41 ipsec,debug (lifebyte = 0:0)
00:17:41 ipsec,debug enctype = AES-CBC:AES-CBC
00:17:41 ipsec,debug (encklen = 128:128)
00:17:41 ipsec,debug hashtype = SHA:SHA
00:17:41 ipsec,debug authmethod = pre-shared key:pre-shared key
00:17:41 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group
00:17:41 ipsec,debug -an acceptable proposal found-
00:17:41 ipsec,debug dh(modp1024)
00:17:41 ipsec,debug -agreed on pre-shared key auth-
00:17:41 ipsec,debug ===
00:17:41 ipsec,debug dh(modp1024)
00:17:41 ipsec,debug 192.168.222.2 Hashing 192.168.222.2[500] with algo #2
00:17:41 ipsec,debug hash(sha1)
00:17:41 ipsec,debug 192.168.222.5 Hashing 192.168.222.5[500] with algo #2
00:17:41 ipsec,debug hash(sha1)
00:17:41 ipsec Adding remote and local NAT-D payloads.
00:17:41 ipsec,debug add payload of len 128, next type 10
00:17:41 ipsec,debug add payload of len 24, next type 20
00:17:41 ipsec,debug add payload of len 20, next type 20
00:17:41 ipsec,debug add payload of len 20, next type 0
00:17:41 ipsec,debug 236 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:41 ipsec,debug 1 times of 236 bytes message will be sent to 192.168.222.2[500]
00:17:41 ipsec sent phase1 packet 192.168.222.5[500]<=>192.168.222.2[500] 0e8ff9c25a73fec3:3fc807dfe1cb3d86
00:17:41 ipsec,debug ===== received 304 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:41 ipsec,debug begin.
00:17:41 ipsec,debug seen nptype=4(ke) len=132
00:17:41 ipsec,debug seen nptype=10(nonce) len=24
00:17:41 ipsec,debug seen nptype=13(vid) len=20
00:17:41 ipsec,debug seen nptype=13(vid) len=20
00:17:41 ipsec,debug seen nptype=13(vid) len=20
00:17:41 ipsec,debug seen nptype=13(vid) len=12
00:17:41 ipsec,debug seen nptype=20(nat-d) len=24
00:17:41 ipsec,debug seen nptype=20(nat-d) len=24
00:17:41 ipsec,debug succeed.
00:17:41 ipsec received Vendor ID: CISCO-UNITY
00:17:41 ipsec received Vendor ID: DPD
00:17:41 ipsec,debug remote supports DPD
00:17:41 ipsec,debug received unknown Vendor ID
00:17:41 ipsec,debug ca0fa0c2 e1ca3d86 47ec367c 0004b25d
00:17:41 ipsec received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
00:17:41 ipsec,debug 192.168.222.5 Hashing 192.168.222.5[500] with algo #2
00:17:41 ipsec,debug hash(sha1)
00:17:41 ipsec,debug NAT-D payload #0 verified
00:17:41 ipsec,debug 192.168.222.2 Hashing 192.168.222.2[500] with algo #2
00:17:41 ipsec,debug hash(sha1)
00:17:41 ipsec,debug NAT-D payload #1 verified
00:17:41 ipsec NAT not detected
00:17:41 ipsec,debug ===
00:17:41 ipsec,debug dh(modp1024)
00:17:41 ipsec,debug nonce 1:
00:17:41 ipsec,debug a4a83f35 bff57990 18a9563c c623a779 da3d10b7 138b49b7
00:17:41 ipsec,debug nonce 2:
00:17:41 ipsec,debug bd64b1ef b16656df c0a53228 a176986e 1d3b302a
00:17:41 ipsec,debug SKEYID computed:
00:17:41 ipsec,debug 6a78919f a968d9d0 822d8cdc b9791b94 66b45345
00:17:41 ipsec,debug SKEYID_d computed:
00:17:41 ipsec,debug f55fe712 4c677562 485a55d2 d92a599e 0f4b9576
00:17:41 ipsec,debug SKEYID_a computed:
00:17:41 ipsec,debug 57f6c670 f2d49fc7 1451ed00 c0feac9f af10a06f
00:17:41 ipsec,debug SKEYID_e computed:
00:17:41 ipsec,debug 94d6e246 493672e5 69286eef 59fdc3b9 ac8ee21f
00:17:41 ipsec,debug hash(sha1)
00:17:41 ipsec,debug final encryption key computed:
00:17:41 ipsec,debug 94d6e246 493672e5 69286eef 59fdc3b9
00:17:41 ipsec,debug hash(sha1)
00:17:41 ipsec,debug IV computed:
00:17:41 ipsec,debug a7c3b93f f16e6177 2831fae1 7489ab4f
00:17:41 ipsec,debug use ID type of IPv4_address
00:17:41 ipsec,debug add payload of len 8, next type 8
00:17:41 ipsec,debug add payload of len 20, next type 0
00:17:41 ipsec,debug 76 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:41 ipsec,debug 1 times of 76 bytes message will be sent to 192.168.222.2[500]
00:17:41 ipsec sent phase1 packet 192.168.222.5[500]<=>192.168.222.2[500] 0e8ff9c25a73fec3:3fc807dfe1cb3d86
00:17:41 ipsec,debug ===== received 76 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:41 ipsec,debug begin.
00:17:41 ipsec,debug seen nptype=5(id) len=12
00:17:41 ipsec,debug seen nptype=8(hash) len=24
00:17:41 ipsec,debug succeed.
00:17:41 ipsec,debug HASH received:
00:17:41 ipsec,debug dfc5e2b3 5495722f c3d2e6de d23af136 05cdb95e
00:17:41 ipsec,debug HASH for PSK validated.
00:17:41 ipsec,debug 192.168.222.2 peer's ID:
00:17:41 ipsec,debug 011101f4 c0a8de02
00:17:41 ipsec,debug ===
00:17:41 ipsec ph2 possible after ph1 creation
00:17:41 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
00:17:41 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
00:17:41 ipsec,debug begin QUICK mode.
00:17:41 ipsec,debug ===
00:17:41 ipsec,debug begin QUICK mode.
00:17:41 ipsec initiate new phase 2 negotiation: 192.168.222.5[500]<=>192.168.222.2[500]
00:17:41 ipsec,debug hash(sha1)
00:17:41 ipsec,debug call pfkey_send_getspi 9
00:17:41 ipsec,debug pfkey GETSPI sent: ESP/Tunnel 192.168.222.2[500]->192.168.222.5[500]
00:17:41 ipsec,debug pfkey getspi sent.
00:17:41 ipsec,info ISAKMP-SA established 192.168.222.5[500]-192.168.222.2[500] spi:0e8ff9c25a73fec3:3fc807dfe1cb3d86
00:17:41 ipsec,debug ===
00:17:41 ipsec,debug ===== received 108 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:41 ipsec,debug receive Information.
00:17:41 ipsec,debug hash(sha1)
00:17:41 ipsec,debug hash validated.
00:17:41 ipsec,debug begin.
00:17:41 ipsec,debug seen nptype=8(hash) len=24
00:17:41 ipsec,debug seen nptype=11(notify) len=40
00:17:41 ipsec,debug succeed.
00:17:41 ipsec,debug 192.168.222.2 notify: RESPONDER-LIFETIME
00:17:41 ipsec,debug 192.168.222.2 notification message 24576:RESPONDER-LIFETIME, doi=1 proto_id=1 spi=0e8ff9c25a73fec33fc807dfe1cb3d86(size=16).
00:17:41 ipsec,debug dh(modp1024)
00:17:41 ipsec,debug dh(modp1024)
00:17:41 ipsec,debug dh(modp1024)
00:17:41 ipsec,debug use local ID type IPv4_subnet
00:17:41 ipsec,debug use remote ID type IPv4_subnet
00:17:41 ipsec,debug IDci:
00:17:41 ipsec,debug 042f0000 ac100200 ffffff00
00:17:41 ipsec,debug IDcr:
00:17:41 ipsec,debug 042f0000 01010100 ffffff00
00:17:41 ipsec,debug add payload of len 56, next type 10
00:17:41 ipsec,debug add payload of len 24, next type 4
00:17:41 ipsec,debug add payload of len 128, next type 5
00:17:41 ipsec,debug add payload of len 12, next type 5
00:17:41 ipsec,debug add payload of len 12, next type 0
00:17:41 ipsec,debug add payload of len 20, next type 1
00:17:41 ipsec,debug 316 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:41 ipsec,debug 1 times of 316 bytes message will be sent to 192.168.222.2[500]
00:17:41 ipsec sent phase2 packet 192.168.222.5[500]<=>192.168.222.2[500] 0e8ff9c25a73fec3:3fc807dfe1cb3d86:bb09d946
00:17:41 ipsec,debug ===== received 348 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:17:41 ipsec,debug begin.
00:17:41 ipsec,debug seen nptype=8(hash) len=24
00:17:41 ipsec,debug seen nptype=1(sa) len=60
00:17:41 ipsec,debug seen nptype=10(nonce) len=24
00:17:41 ipsec,debug seen nptype=4(ke) len=132
00:17:41 ipsec,debug seen nptype=5(id) len=16
00:17:41 ipsec,debug seen nptype=5(id) len=16
00:17:41 ipsec,debug seen nptype=11(notify) len=40
00:17:41 ipsec,debug succeed.
00:17:41 ipsec,debug 192.168.222.2 Notify Message received
00:17:41 ipsec 192.168.222.2 ignore RESPONDER-LIFETIME notification.
00:17:41 ipsec,debug IDci matches proposal.
00:17:41 ipsec,debug IDcr matches proposal.
00:17:41 ipsec,debug HASH allocated:hbuf->l=344 actual:tlen=312
00:17:41 ipsec,debug HASH(2) received:
00:17:41 ipsec,debug cd647641 bd1a5995 6c331634 502fe38c b59fa1c8
00:17:41 ipsec,debug total SA len=56
00:17:41 ipsec,debug 00000001 00000001 00000030 01030401 04022cc5 00000024 010c0000 80010001
00:17:41 ipsec,debug 00020004 00015180 80040001 80060080 80050002 80030002
00:17:41 ipsec,debug begin.
00:17:41 ipsec,debug seen nptype=2(prop) len=48
00:17:41 ipsec,debug succeed.
00:17:41 ipsec,debug proposal #1 len=48
00:17:41 ipsec,debug begin.
00:17:41 ipsec,debug seen nptype=3(trns) len=36
00:17:41 ipsec,debug succeed.
00:17:41 ipsec,debug transform #1 len=36
00:17:41 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
00:17:41 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
00:17:41 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Tunnel
00:17:41 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:41 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
00:17:41 ipsec,debug type=Group Description, flag=0x8000, lorv=2
00:17:41 ipsec,debug dh(modp1024)
00:17:41 ipsec,debug pair 1:
00:17:41 ipsec,debug 0x4a9a10: next=(nil) tnext=(nil)
00:17:41 ipsec,debug proposal #1: 1 transform
00:17:41 ipsec,debug total SA len=56
00:17:41 ipsec,debug 00000001 00000001 00000030 01030401 50fc8dd1 00000024 010c0000 80040001
00:17:41 ipsec,debug 80010001 00020004 00015180 80050002 80060080 80030002
00:17:41 ipsec,debug begin.
00:17:41 ipsec,debug seen nptype=2(prop) len=48
00:17:41 ipsec,debug succeed.
00:17:41 ipsec,debug proposal #1 len=48
00:17:41 ipsec,debug begin.
00:17:41 ipsec,debug seen nptype=3(trns) len=36
00:17:41 ipsec,debug succeed.
00:17:41 ipsec,debug transform #1 len=36
00:17:41 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Tunnel
00:17:41 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
00:17:41 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
00:17:41 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
00:17:41 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:41 ipsec,debug type=Group Description, flag=0x8000, lorv=2
00:17:41 ipsec,debug dh(modp1024)
00:17:41 ipsec,debug pair 1:
00:17:41 ipsec,debug 0x4aae88: next=(nil) tnext=(nil)
00:17:41 ipsec,debug proposal #1: 1 transform
00:17:41 ipsec attribute has been modified.
00:17:41 ipsec,debug begin compare proposals.
00:17:41 ipsec,debug pair[1]: 0x4aae88
00:17:41 ipsec,debug 0x4aae88: next=(nil) tnext=(nil)
00:17:41 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC
00:17:41 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Tunnel
00:17:41 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
00:17:41 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
00:17:41 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
00:17:41 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:17:41 ipsec,debug type=Group Description, flag=0x8000, lorv=2
00:17:41 ipsec,debug peer's single bundle:
00:17:41 ipsec,debug (proto_id=ESP spisize=4 spi=50fc8dd1 spi_p=00000000 encmode=Tunnel reqid=0:0)
00:17:41 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
00:17:41 ipsec,debug my single bundle:
00:17:41 ipsec,debug (proto_id=ESP spisize=4 spi=04022cc5 spi_p=00000000 encmode=Tunnel reqid=0:0)
00:17:41 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
00:17:41 ipsec,debug matched
00:17:41 ipsec,debug ===
00:17:41 ipsec,debug HASH(3) generate
00:17:41 ipsec,debug add payload of len 20, next type 0
00:17:41 ipsec,debug 60 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:17:41 ipsec,debug 1 times of 60 bytes message will be sent to 192.168.222.2[500]
00:17:41 ipsec,debug dh(modp1024)
00:17:41 ipsec,debug encryption(aes-cbc)
00:17:41 ipsec,debug hmac(sha1)
00:17:41 ipsec,debug encklen=128 authklen=160
00:17:41 ipsec,debug generating 480 bits of key (dupkeymat=3)
00:17:41 ipsec,debug generating K1...K3 for KEYMAT.
00:17:41 ipsec,debug feea0b12 f2ec21d0 59028591 0a17a902 62bf1099 f25b4723 cd84a39c 809f495a
00:17:41 ipsec,debug b773dc67 2b79f19d 2e2c9477 eb615496 0f86d989 37581cd5 ed37ceef
00:17:41 ipsec,debug encryption(aes-cbc)
00:17:41 ipsec,debug hmac(sha1)
00:17:41 ipsec,debug encklen=128 authklen=160
00:17:41 ipsec,debug generating 480 bits of key (dupkeymat=3)
00:17:41 ipsec,debug generating K1...K3 for KEYMAT.
00:17:41 ipsec,debug fe719e9d cbe9e275 c1679ba4 8708e008 7eefb819 d8f755c6 1748b7b7 eeba0945
00:17:41 ipsec,debug 301d9e1e 426b509b 6ca47e22 7ad1c123 c4ab805c 64b28270 9d9d770a
00:17:41 ipsec,debug KEYMAT computed.
00:17:41 ipsec,debug call pk_sendupdate
00:17:41 ipsec,debug encryption(aes-cbc)
00:17:41 ipsec,debug hmac(sha1)
00:17:41 ipsec,debug call pfkey_send_update_nat
00:17:41 ipsec IPsec-SA established: ESP/Tunnel 192.168.222.2[500]->192.168.222.5[500] spi=0x4022cc5
00:17:41 ipsec,debug pfkey update sent.
00:17:41 ipsec,debug encryption(aes-cbc)
00:17:41 ipsec,debug hmac(sha1)
00:17:41 ipsec,debug call pfkey_send_add_nat
00:17:41 ipsec IPsec-SA established: ESP/Tunnel 192.168.222.5[500]->192.168.222.2[500] spi=0x50fc8dd1
00:17:41 ipsec,debug pfkey add sent.
00:18:06 ipsec,debug ===== received 76 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:18:06 ipsec,debug receive Information.
00:18:06 ipsec,debug hash(sha1)
00:18:06 ipsec,debug hash validated.
00:18:06 ipsec,debug begin.
00:18:06 ipsec,debug seen nptype=8(hash) len=24
00:18:06 ipsec,debug seen nptype=12(delete) len=16
00:18:06 ipsec,debug succeed.
00:18:06 ipsec,debug 192.168.222.2 delete payload for protocol ESP
00:18:06 ipsec,debug purged SAs.
00:18:06 ipsec,debug ===== received 76 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:18:06 ipsec,debug receive Information.
00:18:06 ipsec,debug hash(sha1)
00:18:06 ipsec,debug hash validated.
00:18:06 ipsec,debug begin.
00:18:06 ipsec,debug seen nptype=8(hash) len=24
00:18:06 ipsec,debug seen nptype=12(delete) len=16
00:18:06 ipsec,debug succeed.
00:18:06 ipsec,debug 192.168.222.2 delete payload for protocol ESP
00:18:06 ipsec,debug purged SAs.
00:18:11 ipsec,debug ===== received 316 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:18:11 ipsec,debug hash(sha1)
00:18:11 ipsec,debug ===
00:18:11 ipsec respond new phase 2 negotiation: 192.168.222.5[500]<=>192.168.222.2[500]
00:18:11 ipsec,debug begin.
00:18:11 ipsec,debug seen nptype=8(hash) len=24
00:18:11 ipsec,debug seen nptype=1(sa) len=68
00:18:11 ipsec,debug seen nptype=10(nonce) len=24
00:18:11 ipsec,debug seen nptype=4(ke) len=132
00:18:11 ipsec,debug seen nptype=5(id) len=16
00:18:11 ipsec,debug seen nptype=5(id) len=16
00:18:11 ipsec,debug succeed.
00:18:11 ipsec,debug received IDci2:
00:18:11 ipsec,debug 042f0000 01010100 ffffff00
00:18:11 ipsec,debug received IDcr2:
00:18:11 ipsec,debug 042f0000 ac100200 ffffff00
00:18:11 ipsec,debug HASH(1) validate:
00:18:11 ipsec,debug 2f4b408c 00cce621 8c00155c 3d04680d 0d8e1063
00:18:11 ipsec,debug total SA len=64
00:18:11 ipsec,debug 00000001 00000001 00000038 01030401 07ff298f 0000002c 010c0000 80040001
00:18:11 ipsec,debug 80010001 80020e10 80010002 00020004 00465000 80050002 80060080 80030002
00:18:11 ipsec,debug begin.
00:18:11 ipsec,debug seen nptype=2(prop) len=56
00:18:11 ipsec,debug succeed.
00:18:11 ipsec,debug proposal #1 len=56
00:18:11 ipsec,debug begin.
00:18:11 ipsec,debug seen nptype=3(trns) len=44
00:18:11 ipsec,debug succeed.
00:18:11 ipsec,debug transform #1 len=44
00:18:11 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Tunnel
00:18:11 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
00:18:11 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
00:18:11 ipsec,debug life duration was in TLV.
00:18:11 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
00:18:11 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
00:18:11 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
00:18:11 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:18:11 ipsec,debug type=Group Description, flag=0x8000, lorv=2
00:18:11 ipsec,debug dh(modp1024)
00:18:11 ipsec,debug pair 1:
00:18:11 ipsec,debug 0x4ab7d8: next=(nil) tnext=(nil)
00:18:11 ipsec,debug proposal #1: 1 transform
00:18:11 ipsec,debug got the local address from ID payload 172.16.2.0[0] prefixlen=24 ul_proto=47
00:18:11 ipsec,debug got the peer address from ID payload 1.1.1.0[0] prefixlen=24 ul_proto=47
00:18:11 ipsec searching for policy for selector: 172.16.2.0/24 ip-proto:47 <=> 1.1.1.0/24 ip-proto:47
00:18:11 ipsec using strict match: 172.16.2.0/24 <=> 1.1.1.0/24 ip-proto:47
00:18:11 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
00:18:11 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
00:18:11 ipsec,debug begin compare proposals.
00:18:11 ipsec,debug pair[1]: 0x4ab7d8
00:18:11 ipsec,debug 0x4ab7d8: next=(nil) tnext=(nil)
00:18:11 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC
00:18:11 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Tunnel
00:18:11 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
00:18:11 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
00:18:11 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
00:18:11 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
00:18:11 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
00:18:11 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:18:11 ipsec,debug type=Group Description, flag=0x8000, lorv=2
00:18:11 ipsec,debug peer's single bundle:
00:18:11 ipsec,debug (proto_id=ESP spisize=4 spi=07ff298f spi_p=00000000 encmode=Tunnel reqid=0:0)
00:18:11 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
00:18:11 ipsec,debug my single bundle:
00:18:11 ipsec,debug (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
00:18:11 ipsec,debug (trns_id=AES-CBC encklen=128 authtype=hmac-sha1)
00:18:11 ipsec,debug matched
00:18:11 ipsec,debug ===
00:18:11 ipsec,debug call pfkey_send_getspi a
00:18:11 ipsec,debug pfkey GETSPI sent: ESP/Tunnel 192.168.222.2[500]->192.168.222.5[500]
00:18:11 ipsec,debug pfkey getspi sent.
00:18:11 ipsec,debug ===== received 76 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:18:11 ipsec,debug receive Information.
00:18:11 ipsec,debug hash(sha1)
00:18:11 ipsec,debug hash validated.
00:18:11 ipsec,debug begin.
00:18:11 ipsec,debug seen nptype=8(hash) len=24
00:18:11 ipsec,debug seen nptype=12(delete) len=16
00:18:11 ipsec,debug succeed.
00:18:11 ipsec,debug 192.168.222.2 delete payload for protocol ESP
00:18:11 ipsec,debug purged SAs.
00:18:11 ipsec,debug total SA len=64
00:18:11 ipsec,debug 00000001 00000001 00000038 01030401 00000000 0000002c 010c0000 80040001
00:18:11 ipsec,debug 80010001 80020e10 80010002 00020004 00465000 80050002 80060080 80030002
00:18:11 ipsec,debug begin.
00:18:11 ipsec,debug seen nptype=2(prop) len=56
00:18:11 ipsec,debug succeed.
00:18:11 ipsec,debug proposal #1 len=56
00:18:11 ipsec,debug begin.
00:18:11 ipsec,debug seen nptype=3(trns) len=44
00:18:11 ipsec,debug succeed.
00:18:11 ipsec,debug transform #1 len=44
00:18:11 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=Tunnel
00:18:11 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds
00:18:11 ipsec,debug type=SA Life Duration, flag=0x8000, lorv=3600
00:18:11 ipsec,debug life duration was in TLV.
00:18:11 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes
00:18:11 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4
00:18:11 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
00:18:11 ipsec,debug type=Key Length, flag=0x8000, lorv=128
00:18:11 ipsec,debug type=Group Description, flag=0x8000, lorv=2
00:18:11 ipsec,debug dh(modp1024)
00:18:11 ipsec,debug pair 1:
00:18:11 ipsec,debug 0x4ab808: next=(nil) tnext=(nil)
00:18:11 ipsec,debug proposal #1: 1 transform
00:18:11 ipsec,debug dh(modp1024)
00:18:11 ipsec,debug add payload of len 64, next type 10
00:18:11 ipsec,debug add payload of len 24, next type 4
00:18:11 ipsec,debug add payload of len 128, next type 5
00:18:11 ipsec,debug add payload of len 12, next type 5
00:18:11 ipsec,debug add payload of len 12, next type 0
00:18:11 ipsec,debug add payload of len 20, next type 1
00:18:11 ipsec,debug 316 bytes from 192.168.222.5[500] to 192.168.222.2[500]
00:18:11 ipsec,debug 1 times of 316 bytes message will be sent to 192.168.222.2[500]
00:18:11 ipsec sent phase2 packet 192.168.222.5[500]<=>192.168.222.2[500] 0e8ff9c25a73fec3:3fc807dfe1cb3d86:606f293d
00:18:11 ipsec,debug ===== received 76 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:18:11 ipsec,debug receive Information.
00:18:11 ipsec,debug hash(sha1)
00:18:11 ipsec,debug hash validated.
00:18:11 ipsec,debug begin.
00:18:11 ipsec,debug seen nptype=8(hash) len=24
00:18:11 ipsec,debug seen nptype=12(delete) len=16
00:18:11 ipsec,debug succeed.
00:18:11 ipsec,debug 192.168.222.2 delete payload for protocol ESP
00:18:11 ipsec purged IPsec-SA proto_id=ESP spi=0x50fc8dd1
00:18:11 ipsec purged IPsec-SA proto_id=ESP spi=0x4022cc5
00:18:11 ipsec,debug purged SAs.
00:18:11 ipsec,debug ===== received 60 bytes from 192.168.222.2[500] to 192.168.222.5[500]
00:18:11 ipsec,debug begin.
00:18:11 ipsec,debug seen nptype=8(hash) len=24
00:18:11 ipsec,debug succeed.
00:18:11 ipsec,debug HASH(3) validate:
00:18:11 ipsec,debug a0cf7e31 11a4a211 aa4b3876 d4382240 f0e601d7
00:18:11 ipsec,debug ===
00:18:11 ipsec,debug dh(modp1024)
00:18:12 ipsec,debug encryption(aes-cbc)
00:18:12 ipsec,debug hmac(sha1)
00:18:12 ipsec,debug encklen=128 authklen=160
00:18:12 ipsec,debug generating 480 bits of key (dupkeymat=3)
00:18:12 ipsec,debug generating K1...K3 for KEYMAT.
00:18:12 ipsec,debug d5e37685 5851e424 db1d218d 39b67298 630880af 83b64055 3b592daf cbcc28be
00:18:12 ipsec,debug d046c5c0 0106ef44 f04625d8 47209c43 5420cbf2 6bfacd2c 7302f32a
00:18:12 ipsec,debug encryption(aes-cbc)
00:18:12 ipsec,debug hmac(sha1)
00:18:12 ipsec,debug encklen=128 authklen=160
00:18:12 ipsec,debug generating 480 bits of key (dupkeymat=3)
00:18:12 ipsec,debug generating K1...K3 for KEYMAT.
00:18:12 ipsec,debug 986d244e 11974aac 6ddc1217 6a980409 329f6f2c b953f9a0 9ca3a045 461b9c25
00:18:12 ipsec,debug 367ca0fa be92017f db3eec22 e3375b62 aaca1161 c7c31376 7b632dac
00:18:12 ipsec,debug KEYMAT computed.
00:18:12 ipsec,debug call pk_sendupdate
00:18:12 ipsec,debug encryption(aes-cbc)
00:18:12 ipsec,debug hmac(sha1)
00:18:12 ipsec,debug call pfkey_send_update_nat
00:18:12 ipsec IPsec-SA established: ESP/Tunnel 192.168.222.2[500]->192.168.222.5[500] spi=0x889d24a
00:18:12 ipsec,debug pfkey update sent.
00:18:12 ipsec,debug encryption(aes-cbc)
00:18:12 ipsec,debug hmac(sha1)
00:18:12 ipsec,debug call pfkey_send_add_nat
00:18:12 ipsec IPsec-SA established: ESP/Tunnel 192.168.222.5[500]->192.168.222.2[500] spi=0x7ff298f
00:18:12 ipsec,debug pfkey add sent.
please let me know if there still exists any ambiguity or inconsisence.