Community discussions

MikroTik App
 
cais
just joined
Topic Author
Posts: 2
Joined: Mon Jun 22, 2020 4:22 pm

IKEV2 - problem to connect - identity not found for peer

Mon Jun 22, 2020 4:34 pm

Hello,

i have problem to estabilish connection between computer (mac) and mikrotik RB2011
at log i have error Identity not found for peer:FQDN: client.vpn.ikev2

can you help me to fix issue? Thank you.

# jun/22/2020 15:30:07 by RouterOS 6.46.4
# software id = 8DG7-UNSH
#
# model = 2011UiAS
# serial number = B9180AC59CAC
/ip ipsec mode-config
add address-pool=VPN-IKEv2-POOL address-prefix-length=32 name="VPN IKEv2" \
split-include=0.0.0.0/0 static-dns=x.x.x.x,8.8.8.8 system-dns=no
/ip ipsec policy group
add name="IKEv2 Group policy"
/ip ipsec profile
add dh-group=modp2048,modp1536,modp1024 enc-algorithm=aes-256,aes-192,aes-128 \
hash-algorithm=sha256 name="IKEv2 Profile"
/ip ipsec peer
add exchange-mode=ike2 local-address=x.x.x.x name=IKEv2 passive=yes \
profile="IKEv2 Profile"
/ip ipsec proposal
add auth-algorithms=sha512,sha256,sha1 enc-algorithms="aes-256-cbc,aes-256-ctr,a\
es-256-gcm,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm" \
lifetime=8h name=ikev2-proposal pfs-group=none
/ip ipsec identity
add auth-method=digital-signature certificate=vpn.ikev2 generate-policy=\
port-strict match-by=certificate mode-config="VPN IKEv2" my-id=\
address:x.x.x.x peer=IKEv2 policy-template-group="IKEv2 Group policy" \
remote-certificate=client.vpn.ikev2 remote-id=user-fqdn:client.vpn.ikev2
/ip ipsec policy
add dst-address=192.168.100.0/24 group="IKEv2 Group policy" proposal=\
ikev2-proposal src-address=0.0.0.0/0 template=yes
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEV2 - problem to connect - identity not found for peer

Sat Jun 27, 2020 4:40 pm

It seems that the MacOS client provides another ID than user-fqdn. Only a detailed log can show you what comes from there and how to match the identity.
Switch logging of IPsec details on:
/system logging add topics=ipsec,!packet
then, run
/log print follow-only file=ipsec-start where topics~"ipsec", let the client attempt to connect, and when the connection attempt fails, stop the /log print ... and read the file.
 
stavrossp7
just joined
Posts: 7
Joined: Sat Jan 08, 2022 7:30 pm

Re: IKEV2 - problem to connect - identity not found for peer

Fri Jul 22, 2022 4:16 pm

Hi guys,

Currently I have the same problem and I need your help about this.

First of all, I need to say that I had set my TIK as an IPsec server, creating some identities for different users, wanting to use IKEv2 PSK.
I mean, I only wanted to use username/password, without any certificates.
Please check the attached picture of a user configuration.
Capture.JPG
I can assure you that this was working pretty fine.
Suddenly, without any possible reason, my Android phone cannot get connected.

I'm getting this as a Debug Output on the router
15:58:03 ipsec requested server id: d1530......c.sn.mynetname.net
15:58:03 ipsec,error identity not found for server:d1530......c.sn.mynetname.net peer: FQDN: User3
15:58:03 ipsec reply notify: AUTHENTICATION_FAILED
15:58:03 ipsec adding notify: AUTHENTICATION_FAILED

What I can only assume is that recently my phone got a firmware update, but I cannot be sure if this caused the problem.
Because my phone cannot get connected by the same way on another router where it was also used to get connected, while on this specific one, my client's devices (don't know if they are Android or iOS), still get connected without any problem.




Any suggestion?

Kind regards
Stavros
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEV2 - problem to connect - identity not found for peer

Sat Jul 23, 2022 8:56 am

Not sure what has caused it, but in the Mikrotik configuration, the remote ID type is key-id, whereas the type of the ID provided by the Android is fqdn. So if this is not configurable at the Android end, you'll have to adjust the remote ID type accordingly at the Mikrotik side. But that remote ID type (fqdn) has to formally conform the FQDN format. i.e. there must be at least one dot in it, and Mikrotik checks that and throws an error if it doesn't. So if you cannot set the ID type (back?) to key-id at the Android end, you'll have to change the ID to user3.gr or something alike.
 
stavrossp7
just joined
Posts: 7
Joined: Sat Jan 08, 2022 7:30 pm

Re: IKEV2 - problem to connect - identity not found for peer

Mon Jul 25, 2022 11:40 pm

Hi Sindy,

Thank you for your answer!

Well, I made a change, changed the Remote ID Type from key id to fqdn, while also changed the name from user3 to user3.gr

The new output is the following acquired 192.168.43.149 address for 46.......168, user3.gr
killing ike2 SA: peer-IKEv2 2......151[4500]-46.......168[39394] spi:a6cca106a6494fae:dec301935bc9b9b5
new ike2 SA (R): peer-IKEv2 2......151[500]-46.......168[43061] spi:a6cca106a6494fae:dec301935bc9b9b5
peer authorized: peer-IKEv2 2......151[4500]-46.......168[39394] spi:a6cca106a6494fae:dec301935bc9b9b5
releasing address 192.168.43.149

But the outcome is the same.
On my phone I'm getting "Unsuccessful, Not secure".
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEV2 - problem to connect - identity not found for peer

Tue Jul 26, 2022 6:54 am

So now RouterOS is happy but the Android client is not. Time to post the output of /ip ipsec export hide-sensitive (if you are running RouterOS 7, without the hide-sensitive) and of screenshots of the IPsec configuration on the phone. Before posting, obfuscate the serial number of the Mikrotik and any public IP addresses that might identify you.
 
stavrossp7
just joined
Posts: 7
Joined: Sat Jan 08, 2022 7:30 pm

Re: IKEV2 - problem to connect - identity not found for peer

Tue Jul 26, 2022 4:39 pm

Hi Sindy,

Here is the ipsec output and the Android config you asked about.

/ip ipsec mode-config
add address-pool=pool-IKEv2 address-prefix-length=32 name=cfg-IKEv2 \
split-include=0.0.0.0/0 static-dns=8.8.8.8,8.8.4.4 system-dns=no
/ip ipsec policy group
add name=group-IKEv2
/ip ipsec profile
set [ find default=yes ] hash-algorithm=sha256
add dh-group=modp2048,modp1536,modp1024 enc-algorithm=aes-256,aes-192,aes-128 \
hash-algorithm=sha256 name=profile-IKEv2
/ip ipsec peer
add exchange-mode=ike2 name=peer-IKEv2 passive=yes profile=profile-IKEv2
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256 pfs-group=modp2048
add auth-algorithms=sha256,sha1 enc-algorithms="aes-256-cbc,aes-256-ctr,aes-256-\
gcm,aes-192-cbc,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm" \
lifetime=8h name=proposal-IKEv2 pfs-group=none
/ip ipsec identity
add generate-policy=port-override mode-config=cfg-IKEv2 peer=peer-IKEv2 \
policy-template-group=group-IKEv2 remote-id=fqdn:tablet.gr
add generate-policy=port-override mode-config=cfg-IKEv2 peer=peer-IKEv2 \
policy-template-group=group-IKEv2 remote-id=key-id:User1
add generate-policy=port-override mode-config=cfg-IKEv2 peer=peer-IKEv2 \
policy-template-group=group-IKEv2 remote-id=key-id:User2
add generate-policy=port-override mode-config=cfg-IKEv2 peer=peer-IKEv2 \
policy-template-group=group-IKEv2 remote-id=key-id:User3
add generate-policy=port-override mode-config=cfg-IKEv2 peer=peer-IKEv2 \
policy-template-group=group-IKEv2 remote-id=key-id:User4
/ip ipsec policy
set 0 dst-address=0.0.0.0/0 group=group-IKEv2 proposal=proposal-IKEv2 \
src-address=0.0.0.0/0
[Support@Sifnos] >


Thank you
Stavros
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEV2 - problem to connect - identity not found for peer

Tue Jul 26, 2022 5:37 pm

Not much to see in the Android configuration. So as the first step, I would set my-id=fqdn:xxxxxxxx.sn.mynetname.net on the /ip ipsec identity row for that Android client, so that the IPsec ID would match the way how the responder address is configured at the Android.
 
stavrossp7
just joined
Posts: 7
Joined: Sat Jan 08, 2022 7:30 pm

Re: IKEV2 - problem to connect - identity not found for peer

Wed Jul 27, 2022 6:12 pm

Sindy,

What can I say?
It totally worked!!

You are a genius!

So, since this happened just after my phone upgrade, it's totally its fault right?
Not the mikrotik's?


Thank you very much!
Stavros
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEV2 - problem to connect - identity not found for peer

Wed Jul 27, 2022 11:10 pm

So, since this happened just after my phone upgrade, it's totally its fault right?
Not the mikrotik's?
Sounds like that. Except that it may not be a "fault" but an "improvement" :)
 
stavrossp7
just joined
Posts: 7
Joined: Sat Jan 08, 2022 7:30 pm

Re: IKEV2 - problem to connect - identity not found for peer

Wed Aug 24, 2022 10:44 am

Hi Sindy,

Thank you very much again and sorry for the delayed answer, but we were on summer vacation here in Greece.

Well, as I told you, the Android connection error seems fixed!

But, we are facing the same problem with manager's iPhone device.
I don't know if you could give us a hint as well.

In the attached picture you can see a typical iPhone interface.

Server - VPN Server Address
Remote ID - VPN Server Address (must be a domain name)
Local ID - leave it blank
Account - VPN username
Password - VPN password

Is the above configuration right? I mean, Server and Remote ID needs the mynetname domain?

Do you have any idea?

Kind regards
Stavros
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEV2 - problem to connect - identity not found for peer

Wed Aug 24, 2022 11:46 am

we are facing the same problem with manager's iPhone device.
First, is it indeed the same problem, i.e. do you again get an "Identity not found for peer" error?

If so, search the topics here regarding IPsec logging into a file (search phrase for uncle Google: site:forum.mikrotik.com /log print follow-only where topics~"ipsec" novels) and post the log collected when the iPhone attempts to connect.

The thing is that the iOS may not support pre-shared key with IKEv2 but require a certificate at least at responder (Mikrotik side) and the username and password may be used for EAP authentication, so you would need a RADIUS server. Plus iOS has quite strict requirements on certificate properties (relatively short validity, maybe some minimum key strength).

The log should reveal how the iOS is trying to authenticate; logging with different settings at the iPhone (what are the alternative choices for User Authentication?) into separate files should show the easiest way to use.
 
stavrossp7
just joined
Posts: 7
Joined: Sat Jan 08, 2022 7:30 pm

Re: IKEV2 - problem to connect - identity not found for peer

Thu Aug 25, 2022 11:22 am

Hi Sindy,

Here is the ipsec log you asked for.

There are two attempts in it, first one with User1 as username, and the second with tablet.gr as username (this as domain worked for me in the Android case).

I believe you can see the difference of the attempts due to the different timestamps.


Thank you
Stavros
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEV2 - problem to connect - identity not found for peer

Thu Aug 25, 2022 2:00 pm

It is a misunderstanding. I did not ask you to try with multiple different username values but to try with other choices of user authentication type - on the screenshot, autentication type "username" is shown, but there are other options too - in my case, these are "none" and "certificate" (for VPN type "IKEv2").

Your logs show that when "username" is chosen, and since you haven't filled anything as "local ID", iOS sends its current IP address as the initiator (i.e. "local") ID; as this own IP address will be different each time the iPhone connects to another WiFi, and probably also for each new 3G/LTE/5G connection, it makes no sense to let an /ip ipsec identity row match on that address.

So try to fill some string like afentiko@here.gr into the Local ID field, add an /ip ipsec identity row with remote-id=user-fqdn:afentiko@here.gr, and take another log so that we could get further, but there is no guarantee of success.

You can also choose a certificate authentication that is known to work and there is a topic on that here on the forum, except that iOS has quite strict requirements to the properties of all certificates involved, and they may have become even more strict since somenone has updated that topic last time.
 
Viktor1
just joined
Posts: 3
Joined: Tue Sep 13, 2022 12:47 am

Re: IKEV2 - problem to connect - identity not found for peer

Tue Sep 13, 2022 1:05 am

Please, help me fix issue with IKEv2 and mac OS, i`m stuck and have no idea what to do.
I have Mikrotik hex with IKEv2 server and issued CA, server and user cert. It`s works pretty good with windows, but not with mac.
I import CA and user cert to system, but it falls with identity not found for server:server.pp.ua peer: RFC822: viktor@server.pp.ua
sep/13 00:59:01 ipsec payload seen: ID_I (29 bytes) 
sep/13 00:59:01 ipsec payload seen: NOTIFY (8 bytes) 
sep/13 00:59:01 ipsec payload seen: ID_R (22 bytes) 
sep/13 00:59:01 ipsec payload seen: CONFIG (40 bytes) 
sep/13 00:59:01 ipsec payload seen: NOTIFY (8 bytes) 
sep/13 00:59:01 ipsec payload seen: NOTIFY (8 bytes) 
sep/13 00:59:01 ipsec payload seen: SA (200 bytes) 
sep/13 00:59:01 ipsec payload seen: TS_I (64 bytes) 
sep/13 00:59:01 ipsec payload seen: TS_R (64 bytes) 
sep/13 00:59:01 ipsec payload seen: NOTIFY (8 bytes) 
sep/13 00:59:01 ipsec processing payloads: NOTIFY 
sep/13 00:59:01 ipsec   notify: INITIAL_CONTACT 
sep/13 00:59:01 ipsec   notify: ESP_TFC_PADDING_NOT_SUPPORTED 
sep/13 00:59:01 ipsec   notify: NON_FIRST_FRAGMENTS_ALSO 
sep/13 00:59:01 ipsec   notify: MOBIKE_SUPPORTED 
sep/13 00:59:01 ipsec ike auth: respond 
sep/13 00:59:01 ipsec processing payload: ID_I 
sep/13 00:59:01 ipsec ID_I (RFC822): viktor@server.pp.ua 
sep/13 00:59:01 ipsec processing payload: ID_R 
sep/13 00:59:01 ipsec ID_R (FQDN): server.pp.ua 
sep/13 00:59:01 ipsec processing payload: AUTH (not found) 
sep/13 00:59:01 ipsec requested server id: server.pp.ua 
sep/13 00:59:01 ipsec,error identity not found for server:server.pp.ua peer: RFC822: viktor@1server.pp.ua 
sep/13 00:59:01 ipsec reply notify: AUTHENTICATION_FAILED 
sep/13 00:59:01 ipsec adding notify: AUTHENTICATION_FAILED 
sep/13 00:59:01 ipsec,debug => (size 0x8) 
sep/13 00:59:01 ipsec,debug 00000008 00000018 
sep/13 00:59:01 ipsec <- ike2 reply, exchange: AUTH:1 78.137.26.65[4500] 26465e59937c5d41:6f0d3a7298069761 
sep/13 00:59:01 ipsec,debug,packet => outgoing plain packet (size 0x24) 
sep/13 00:59:01 ipsec,debug,packet 26465e59 937c5d41 6f0d3a72 98069761 29202320 00000001 00000024 00000008 
sep/13 00:59:01 ipsec,debug,packet 00000018 
sep/13 00:59:01 ipsec adding payload: ENC 
sep/13 00:59:01 ipsec,debug => (size 0xd0[code]
 
Fesiitis
newbie
Posts: 45
Joined: Tue Sep 13, 2016 10:24 am
Location: Latvia, Riga

Re: IKEV2 - problem to connect - identity not found for peer

Tue Sep 13, 2022 9:08 pm

Maybe the method I use for iOS will be useful for someone.

Create certificates:
/certificate
add common-name=XX.XX.XX.XX name=XX.XX.XX.XX
sign "XX.XX.XX.XX" ca-crl-host=<router local IP>

add common-name=XX.XX.XX.XX subject-alt-name=IP:XX.XX.XX.XX key-usage=tls-server name="IKE2 RSA server"
sign "IKE2 RSA server" ca=XX.XX.XX.XX

add common-name=Client name=Client key-usage=tls-client
sign Client ca=XX.XX.XX.XX

export-certificate Client export-passphrase=SuperStrongPass123 type=pkcs12

Before signing the client certificate, fill in a few more fields in it:
clientcertificate.PNG

Other configuration related to IKE2:
/ip ipsec policy group
add name="IKE2 RSA"

/ip ipsec profile
add enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=8h name="IKE2 RSA"

/ip ipsec peer
add exchange-mode=ike2 local-address=xx.xx.xx.xx name="IKE2 RSA" passive=\
    yes profile="IKE2 RSA"

/ip ipsec proposal
add enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=1h name="IKE2 RSA" \
    pfs-group=none

/ip pool
add name="IKE2 RSA" ranges=xx.xx.xx.xx-xx.xx.xx.xx

/ip ipsec mode-config
add address-pool="IKE2 RSA" address-prefix-length=32 name="IKE2 RSA" \
    static-dns=xx.xx.xx.xx system-dns=no

/certificate settings
set crl-use=yes

/ip firewall filter
add action=accept chain=input comment="IKE2 RSA access to router" \
    dst-address=xx.xx.xx.xx in-interface-list=WAN ipsec-policy=in,ipsec \
    src-address=xx.xx.xx.xx/28
add action=accept chain=input comment="Allow IPsec ISAKMP and NAT-T" \
    dst-port=500,4500 in-interface-list=WAN protocol=udp
add action=accept chain=input comment="Allow IPsec ESP" in-interface-list=WAN \
    protocol=ipsec-esp

/ip ipsec identity
add auth-method=digital-signature certificate="IKE2 RSA server" \
    generate-policy=port-strict match-by=certificate mode-config="IKE2 RSA" \
    peer="IKE2 RSA" policy-template-group="IKE2 RSA" remote-certificate=\
    "Client"

/ip ipsec policy
add dst-address=xx.xx.xx.xx/28 group="IKE2 RSA" proposal="IKE2 RSA" \
    src-address=0.0.0.0/0 template=yes

Export the CA certificate in PEM format:
export-certificate XX.XX.XX.XX type=pem

Import CA and client certificates, then trust them, example here - https://www.theictguy.co.uk/adding-trus ... -to-ios14/

Create a new IKE2 VPN on iOS 14+:
macosvpnsettings.PNG

I used this method a couple of days ago on iOS 15, it worked
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEV2 - problem to connect - identity not found for peer

Tue Sep 13, 2022 10:59 pm

Please, help me fix issue with IKEv2 and mac OS, i`m stuck and have no idea what to do.
I have Mikrotik hex with IKEv2 server and issued CA, server and user cert. It`s works pretty good with windows, but not with mac.
I import CA and user cert to system, but it falls with identity not found for server:server.pp.ua peer: RFC822: viktor@server.pp.ua
You have shown the log but not the configuration, namely, how does the /ip ipsec identity row for the macOS device look like. The macOS sends the "e-mail address" as the identity, so the remote-id field of the identity must be set to user-fqdn:viktor@server.pp.ua and the match-by field must be set to remote-id in order that the identity row could be found for that type and value of ID-I. But that doesn't mean that it will work afterwards. What @Fesiitis has posted shows match-by=certificate on the identity row at the Mikrotik side but at the same time the local ID is in the user-fqdn format at the iOS 15 side, so it seems strange to me. But I'd have to see what the iOS with those settings actually sends in the initial IKEv2 packet.

Also Apple has some requirements on maximum certificate validity period and maybe minimum algorithm strength, so it may behave different with a certificate it likes (and thus uses) and with a ertificate that doesn't meet its security requirements.
 
Viktor1
just joined
Posts: 3
Joined: Tue Sep 13, 2022 12:47 am

Re: IKEV2 - problem to connect - identity not found for peer

Mon Sep 19, 2022 10:52 am

I try different combinations in identity parameters, try to set match-by=certificate and match-by=remote id, but it doesn't work. I will attach screenshots from mac and full log from mikrotik.
You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEV2 - problem to connect - identity not found for peer

Mon Sep 19, 2022 1:41 pm

With nothing set as Local ID in the Apple settings, the Apple device uses its current IP address as an initiator ID. That address will change depending on where and when you connect the Apple thing to internet. So please configure it in such a way that the local-id on the /ip ipsec identity row matches the Remote ID value in the Apple client settings, and the remote-id matches the Local ID value on Apple, and set match-by=remote-id on the identity row.

Also, better to post the log as plain text than a .docx - less place for malware to hide in.
 
Viktor1
just joined
Posts: 3
Joined: Tue Sep 13, 2022 12:47 am

Re: IKEV2 - problem to connect - identity not found for peer

Mon Sep 19, 2022 7:43 pm

I did what you say, and it didn't help. I try to set ip address and domain name in My ID
19:39:47 ipsec,debug ===== received 604 bytes from 78.137.26.65[500] to 195.95.232.177[500] 
19:39:47 ipsec,debug,packet b5701327 5c7a71a3 00000000 00000000 21202208 00000000 0000025c 220000dc 
19:39:47 ipsec,debug,packet 0200002c 01010004 0300000c 0100000c 800e0100 03000008 02000005 03000008 
19:39:47 ipsec,debug,packet 0300000c 00000008 0400000e 0200002c 02010004 0300000c 0100000c 800e0100 
19:39:47 ipsec,debug,packet 03000008 02000005 03000008 0300000c 00000008 04000013 0200002c 03010004 
19:39:47 ipsec,debug,packet 0300000c 0100000c 800e0100 03000008 02000005 03000008 0300000c 00000008 
19:39:47 ipsec,debug,packet 04000005 0200002c 04010004 0300000c 0100000c 800e0080 03000008 02000002 
19:39:47 ipsec,debug,packet 03000008 03000002 00000008 04000002 00000028 05010004 03000008 01000003 
19:39:47 ipsec,debug,packet 03000008 02000002 03000008 03000002 00000008 04000002 28000108 000e0000 
19:39:47 ipsec,debug,packet 14207dac 2e985278 6dbd24f3 fc0b92bb 43265794 e8932082 73ba7b1f bf2c6850 
19:39:47 ipsec,debug,packet d18ceabd 80f85047 a171d18b b90c3b07 fddab663 949a02eb 9f04b638 5a46f8f1 
19:39:47 ipsec,debug,packet 40262165 cc0f39fb 97b35c14 aac722ea e2fbd09d 1dec5b67 aad8be8f 9da31a79 
19:39:47 ipsec,debug,packet b33c9381 39ce2d0e 6a0596c9 2aa7aa15 0425a4b9 52b190dc e351bd8b 8a41637d 
19:39:47 ipsec,debug,packet dee4179c 3161b08e 3a8571a8 1249af94 18220afd a371a96b 1587b474 059cebce 
19:39:47 ipsec,debug,packet e395e57e 9a7bc8f1 cd530d77 3f482ca9 96d724aa aa652965 005c60a9 30d8097b 
19:39:47 ipsec,debug,packet 0cfa1b67 05364d15 8915b959 c0b57feb b449556a f58b2cc6 11741aa1 c9321dc0 
19:39:47 ipsec,debug,packet 47b92588 3e35d715 8725f74f f8a67589 c41ccfc9 ea9c0247 49943b75 8592f6a8 
19:39:47 ipsec,debug,packet 29000014 163384c7 a230db27 489e8236 d6411709 29000008 00004016 2900001c 
19:39:47 ipsec,debug,packet 00004004 973ae4f7 9d835952 153667ca ea75e3a9 5dfc4c81 2900001c 00004005 
19:39:47 ipsec,debug,packet adca4bbf 146bc03f ddf6ed0b af7719c3 e3a68c52 00000008 0000402e 
19:39:47 ipsec -> ike2 request, exchange: SA_INIT:0 78.137.26.65[500] b57013275c7a71a3:0000000000000000 
19:39:47 ipsec ike2 respond 
19:39:47 ipsec payload seen: SA (220 bytes) 
19:39:47 ipsec payload seen: KE (264 bytes) 
19:39:47 ipsec payload seen: NONCE (20 bytes) 
19:39:47 ipsec payload seen: NOTIFY (8 bytes) 
19:39:47 ipsec payload seen: NOTIFY (28 bytes) 
19:39:47 ipsec payload seen: NOTIFY (28 bytes) 
19:39:47 ipsec payload seen: NOTIFY (8 bytes) 
19:39:47 ipsec processing payload: SA 
19:39:47 ipsec IKE Protocol: IKE 
19:39:47 ipsec  proposal #1 
19:39:47 ipsec   enc: aes256-cbc 
19:39:47 ipsec   prf: hmac-sha256 
19:39:47 ipsec   auth: sha256 
19:39:47 ipsec   dh: modp2048 
19:39:47 ipsec  proposal #2 
19:39:47 ipsec   enc: aes256-cbc 
19:39:47 ipsec   prf: hmac-sha256 
19:39:47 ipsec   auth: sha256 
19:39:47 ipsec   dh: ecp256 
19:39:47 ipsec  proposal #3 
19:39:47 ipsec   enc: aes256-cbc 
19:39:47 ipsec   prf: hmac-sha256 
19:39:47 ipsec   auth: sha256 
19:39:47 ipsec   dh: modp1536 
19:39:47 ipsec  proposal #4 
19:39:47 ipsec   enc: aes128-cbc 
19:39:47 ipsec   prf: hmac-sha1 
19:39:47 ipsec   auth: sha1 
19:39:47 ipsec   dh: modp1024 
19:39:47 ipsec  proposal #5 
19:39:47 ipsec   enc: 3des-cbc 
19:39:47 ipsec   prf: hmac-sha1 
19:39:47 ipsec   auth: sha1 
19:39:47 ipsec   dh: modp1024 
19:39:47 ipsec matched proposal: 
19:39:47 ipsec  proposal #4 
19:39:47 ipsec   enc: aes128-cbc 
19:39:47 ipsec   prf: hmac-sha1 
19:39:47 ipsec   auth: sha1 
19:39:47 ipsec   dh: modp1024 
19:39:47 ipsec processing payload: KE 
19:39:47 ipsec DH group number mismatch: 2 != 14 
19:39:47 ipsec adding notify: INVALID_KE_PAYLOAD 
19:39:47 ipsec,debug => (size 0xa) 
19:39:47 ipsec,debug 0000000a 00000011 0002 
19:39:47 ipsec,debug ===== sending 38 bytes from 195.95.232.177[500] to 78.137.26.65[500] 
19:39:47 ipsec,debug 1 times of 38 bytes message will be sent to 78.137.26.65[500] 
19:39:47 ipsec,debug,packet b5701327 5c7a71a3 00000000 00000000 29202220 00000000 00000026 0000000a 
19:39:47 ipsec,debug,packet 00000011 0002 
19:39:47 ipsec,debug ===== received 476 bytes from 78.137.26.65[500] to 195.95.232.177[500] 
19:39:47 ipsec,debug,packet b5701327 5c7a71a3 00000000 00000000 21202208 00000000 000001dc 220000dc 
19:39:47 ipsec,debug,packet 0200002c 01010004 0300000c 0100000c 800e0100 03000008 02000005 03000008 
19:39:47 ipsec,debug,packet 0300000c 00000008 0400000e 0200002c 02010004 0300000c 0100000c 800e0100 
19:39:47 ipsec,debug,packet 03000008 02000005 03000008 0300000c 00000008 04000013 0200002c 03010004 
19:39:47 ipsec,debug,packet 0300000c 0100000c 800e0100 03000008 02000005 03000008 0300000c 00000008 
19:39:47 ipsec,debug,packet 04000005 0200002c 04010004 0300000c 0100000c 800e0080 03000008 02000002 
19:39:47 ipsec,debug,packet 03000008 03000002 00000008 04000002 00000028 05010004 03000008 01000003 
19:39:47 ipsec,debug,packet 03000008 02000002 03000008 03000002 00000008 04000002 28000088 00020000 
19:39:47 ipsec,debug,packet 5b1d15de 6cb7797f 122a0657 75efa315 39f549c1 856a2edf 99a403e6 109ad3d7 
19:39:47 ipsec,debug,packet 4993641b 6e2f6666 5260af05 71a81244 f97a3849 5c1efdc9 6d374989 b60be40f 
19:39:47 ipsec,debug,packet c71bb674 9aea7680 630d1c65 a63db5b6 96311aae e8fc7465 05c8d9e8 c2088863 
19:39:47 ipsec,debug,packet 1af47829 dbdbd225 9b734fa7 82b014e8 25a34a96 c349b4f4 c3779571 1933831e 
19:39:47 ipsec,debug,packet 29000014 58354650 68b208ff c6f0364e 00001606 29000008 00004016 2900001c 
19:39:47 ipsec,debug,packet 00004004 973ae4f7 9d835952 153667ca ea75e3a9 5dfc4c81 2900001c 00004005 
19:39:47 ipsec,debug,packet adca4bbf 146bc03f ddf6ed0b af7719c3 e3a68c52 00000008 0000402e 
19:39:47 ipsec -> ike2 request, exchange: SA_INIT:0 78.137.26.65[500] b57013275c7a71a3:0000000000000000 
19:39:47 ipsec ike2 respond 
19:39:47 ipsec payload seen: SA (220 bytes) 
19:39:47 ipsec payload seen: KE (136 bytes) 
19:39:47 ipsec payload seen: NONCE (20 bytes) 
19:39:47 ipsec payload seen: NOTIFY (8 bytes) 
19:39:47 ipsec payload seen: NOTIFY (28 bytes) 
19:39:47 ipsec payload seen: NOTIFY (28 bytes) 
19:39:47 ipsec payload seen: NOTIFY (8 bytes) 
19:39:47 ipsec processing payload: SA 
19:39:47 ipsec IKE Protocol: IKE 
19:39:47 ipsec  proposal #1 
19:39:47 ipsec   enc: aes256-cbc 
19:39:47 ipsec   prf: hmac-sha256 
19:39:47 ipsec   auth: sha256 
19:39:47 ipsec   dh: modp2048 
19:39:47 ipsec  proposal #2 
19:39:47 ipsec   enc: aes256-cbc 
19:39:47 ipsec   prf: hmac-sha256 
19:39:47 ipsec   auth: sha256 
19:39:47 ipsec   dh: ecp256 
19:39:47 ipsec  proposal #3 
19:39:47 ipsec   enc: aes256-cbc 
19:39:47 ipsec   prf: hmac-sha256 
19:39:47 ipsec   auth: sha256 
19:39:47 ipsec   dh: modp1536 
19:39:47 ipsec  proposal #4 
19:39:47 ipsec   enc: aes128-cbc 
19:39:47 ipsec   prf: hmac-sha1 
19:39:47 ipsec   auth: sha1 
19:39:47 ipsec   dh: modp1024 
19:39:47 ipsec  proposal #5 
19:39:47 ipsec   enc: 3des-cbc 
19:39:47 ipsec   prf: hmac-sha1 
19:39:47 ipsec   auth: sha1 
19:39:47 ipsec   dh: modp1024 
19:39:47 ipsec matched proposal: 
19:39:47 ipsec  proposal #4 
19:39:47 ipsec   enc: aes128-cbc 
19:39:47 ipsec   prf: hmac-sha1 
19:39:47 ipsec   auth: sha1 
19:39:47 ipsec   dh: modp1024 
19:39:47 ipsec processing payload: KE 
19:39:48 ipsec,debug => shared secret (size 0x80) 
19:39:48 ipsec,debug a86d030e 3e387d19 9e329241 bcba3766 51be061b 7ebbd637 bf55a0b4 e1481e70 
19:39:48 ipsec,debug 79411450 edaadd5e 7baffdc4 34857a1b ca574d03 a3b27c27 eef5ca77 f4aa6326 
19:39:48 ipsec,debug fbeddb87 bb35560e 4dd165e7 12610666 f0098862 2a483093 1bd7891f 710e3221 
19:39:48 ipsec,debug 9b4d096b eebdd127 f3d01947 74e40f60 4cddab38 080c70ea 33b1180f 34aa94a1 
19:39:48 ipsec ike2 respond finish: request, exchange: SA_INIT:0 78.137.26.65[500] b57013275c7a71a3:000000000
0000000 
19:39:48 ipsec processing payload: NONCE 
19:39:48 ipsec adding payload: SA 
19:39:48 ipsec,debug => (size 0x30) 
19:39:48 ipsec,debug 00000030 0000002c 04010004 0300000c 0100000c 800e0080 03000008 02000002 
19:39:48 ipsec,debug 03000008 03000002 00000008 04000002 
19:39:48 ipsec adding payload: KE 
19:39:48 ipsec,debug => (size 0x88) 
19:39:48 ipsec,debug 00000088 00020000 1156f29d c719486e 61766a41 a8d5860a 68c1912a c9224641 
19:39:48 ipsec,debug e9b1a0bf 4cdb9396 91f1b0b7 208ec7b3 ee3d685c 80c7057e 30f3d554 feace7ee 
19:39:48 ipsec,debug 90de879a 87675c0d 04ec0905 9a91e933 821bd12a af373a3b 30de4bc2 56749017 
19:39:48 ipsec,debug a99381f6 f7f67e3e 822e255a 022fbd3f e44bd9c4 d653c0cb 646824ca ad3c7c84 
19:39:48 ipsec,debug 655175f8 a375bb70 
19:39:48 ipsec adding payload: NONCE 
19:39:48 ipsec,debug => (size 0x1c) 
19:39:48 ipsec,debug 0000001c 767b9db2 e231d721 87f63bc6 0fb21b5b 74d19c85 46f0d473 
19:39:48 ipsec adding notify: NAT_DETECTION_SOURCE_IP 
19:39:48 ipsec,debug => (size 0x1c) 
19:39:48 ipsec,debug 0000001c 00004004 beb2a7c3 b9f98315 4e46102d ea0181f4 605546a4 
19:39:48 ipsec adding notify: NAT_DETECTION_DESTINATION_IP 
19:39:48 ipsec,debug => (size 0x1c) 
19:39:48 ipsec,debug 0000001c 00004005 5e65486e 3b0251a4 28b6dba3 ef08127b 90f0acf0 
19:39:48 ipsec adding notify: IKEV2_FRAGMENTATION_SUPPORTED 
19:39:48 ipsec,debug => (size 0x8) 
19:39:48 ipsec,debug 00000008 0000402e 
19:39:48 ipsec adding payload: CERTREQ 
19:39:48 ipsec,debug => (size 0x5) 
19:39:48 ipsec,debug 00000005 04 
19:39:48 ipsec <- ike2 reply, exchange: SA_INIT:0 78.137.26.65[500] b57013275c7a71a3:2df1158582d54d1f 
19:39:48 ipsec,debug ===== sending 309 bytes from 195.95.232.177[500] to 78.137.26.65[500] 
19:39:48 ipsec,debug 1 times of 309 bytes message will be sent to 78.137.26.65[500] 
19:39:48 ipsec,debug,packet b5701327 5c7a71a3 2df11585 82d54d1f 21202220 00000000 00000135 22000030 
19:39:48 ipsec,debug,packet 0000002c 04010004 0300000c 0100000c 800e0080 03000008 02000002 03000008 
19:39:48 ipsec,debug,packet 03000002 00000008 04000002 28000088 00020000 1156f29d c719486e 61766a41 
19:39:48 ipsec,debug,packet a8d5860a 68c1912a c9224641 e9b1a0bf 4cdb9396 91f1b0b7 208ec7b3 ee3d685c 
19:39:48 ipsec,debug,packet 80c7057e 30f3d554 feace7ee 90de879a 87675c0d 04ec0905 9a91e933 821bd12a 
19:39:48 ipsec,debug,packet af373a3b 30de4bc2 56749017 a99381f6 f7f67e3e 822e255a 022fbd3f e44bd9c4 
19:39:48 ipsec,debug,packet d653c0cb 646824ca ad3c7c84 655175f8 a375bb70 2900001c 767b9db2 e231d721 
19:39:48 ipsec,debug,packet 87f63bc6 0fb21b5b 74d19c85 46f0d473 2900001c 00004004 beb2a7c3 b9f98315 
19:39:48 ipsec,debug,packet 4e46102d ea0181f4 605546a4 2900001c 00004005 5e65486e 3b0251a4 28b6dba3 
19:39:48 ipsec,debug,packet ef08127b 90f0acf0 26000008 0000402e 00000005 04 
19:39:48 ipsec,debug => skeyseed (size 0x14) 
19:39:48 ipsec,debug dd76f259 16e1d53c cf1d9249 fe76f2b2 7bbec8e9 
19:39:48 ipsec,debug => keymat (size 0x14) 
19:39:48 ipsec,debug 37685d7e 6a49c939 c156de8d a09e91ce 34e46618 
19:39:48 ipsec,debug => SK_ai (size 0x14) 
19:39:48 ipsec,debug cd544b0a 4ce0357e 1b9d0c3c 5bcf7e64 a0800395 
19:39:48 ipsec,debug => SK_ar (size 0x14) 
19:39:48 ipsec,debug 1cf6a52e e8fa831e c39a4b8c 41ca3043 9598d132 
19:39:48 ipsec,debug => SK_ei (size 0x10) 
19:39:48 ipsec,debug 2368a498 16c619d4 424b9bae 3f3c9fc5 
19:39:48 ipsec,debug => SK_er (size 0x10) 
19:39:48 ipsec,debug d9ff181c 880e6136 6342ab31 2ea7b5cc 
19:39:48 ipsec,debug => SK_pi (size 0x14) 
19:39:48 ipsec,debug 77806d5a cac80e61 b69ca537 7f1ee5a8 dbc52597 
19:39:48 ipsec,debug => SK_pr (size 0x14) 
19:39:48 ipsec,debug 6aaa4db1 35fc0d23 972817e5 a1a8bf28 18d74ea8 
19:39:48 ipsec,info new ike2 SA (R): IKEv2-Server 195.95.232.177[500]-78.137.26.65[500] spi:2df1158582d54d1f:
b57013275c7a71a3 
19:39:48 ipsec processing payloads: VID (none found) 
19:39:48 ipsec processing payloads: NOTIFY 
19:39:48 ipsec   notify: REDIRECT_SUPPORTED 
19:39:48 ipsec   notify: NAT_DETECTION_SOURCE_IP 
19:39:48 ipsec   notify: NAT_DETECTION_DESTINATION_IP 
19:39:48 ipsec   notify: IKEV2_FRAGMENTATION_SUPPORTED 
19:39:48 ipsec (NAT-T) REMOTE  
19:39:48 ipsec KA list add: 195.95.232.177[4500]->78.137.26.65[4500] 
19:39:48 ipsec fragmentation negotiated 
19:39:48 ipsec,debug ===== received 524 bytes from 78.137.26.65[4500] to 195.95.232.177[4500] 
19:39:48 ipsec,debug,packet b5701327 5c7a71a3 2df11585 82d54d1f 2e202308 00000001 0000020c 230001f0 
19:39:48 ipsec,debug,packet f9b3088c 47fb754e 29d38862 9e7d0171 f2b68e4c e7c95133 d07d418c 0376e9c2 
19:39:48 ipsec,debug,packet b96d772d 23a4096d 072942b3 d85ec64c 00bb533a 97eca6d6 4911217f d0df591e 
19:39:48 ipsec,debug,packet edd832ae 13fe2a53 1e4bbef8 b97c4b14 13da4bee ec0bbe19 25ac407f 862c4a13 
19:39:48 ipsec,debug,packet d7a81f82 47fc23e9 089676b0 830b9de3 590ade60 2f20db35 a20c0517 36361470 
19:39:48 ipsec,debug,packet be81ce86 2fda9a50 123a39fc 746aabeb d4d90ea5 014d82bf f0b9c0a4 95ecef54 
19:39:48 ipsec,debug,packet 750a4e5d 85662882 13a32eeb 3074be12 320a58e1 02a71788 420b1864 9c652887 
19:39:48 ipsec,debug,packet e4f807cb 80d60d24 08410d10 ae7d8153 8621f99e 7485a10a cf3e7ca4 8fffa183 
19:39:48 ipsec,debug,packet 71b918e6 7181a8ff fe9060d2 f7d8152d 0b318f3a 487e6ea1 2c748124 3b2fed25 
19:39:48 ipsec,debug,packet cf0662fe 07422efd 0c33876e c0012dfb 2644ca7b ac188dfe 691d93cb b684d79f 
19:39:48 ipsec,debug,packet 7122fa1d 165f647b 4f28bd24 d22cc63c 65876fb0 e800f267 8e26b871 2d857828 
19:39:48 ipsec,debug,packet c81f2e43 30041bac 890fd95f d086a4ee cccaf360 424305dc a337810b aa28f77f 
19:39:48 ipsec,debug,packet 1a8c7ddd 3db5def0 6158956d 95912f57 96e338a4 3fdbf3fe 7eecfca8 b6f586f7 
19:39:48 ipsec,debug,packet 8fbadb2b 3c74351e 337777a9 df799630 37453b7a 2ed90796 743a424e ad05f55d 
19:39:48 ipsec,debug,packet 8efaeeca 4b2c0a44 51841720 049b4418 0d180b6f 84c2fd95 58b25285 ab7698e3 
19:39:48 ipsec,debug,packet 8e977987 3e537cc1 3f94b10d a09caebe 1b38f1f0 10e14c6f d89ca9e9 af1489d8 
19:39:48 ipsec,debug,packet b7c37bb2 4eca85d3 692aa0c7 
19:39:48 ipsec -> ike2 request, exchange: AUTH:1 78.137.26.65[4500] b57013275c7a71a3:2df1158582d54d1f 
19:39:48 ipsec payload seen: ENC (496 bytes) 
19:39:48 ipsec processing payload: ENC 
19:39:48 ipsec,debug => iv (size 0x10) 
19:39:48 ipsec,debug f9b3088c 47fb754e 29d38862 9e7d0171 
19:39:48 ipsec,debug decrypted packet 
19:39:48 ipsec,debug,packet => decrypted packet (size 0x1df) 
19:39:48 ipsec,debug,packet b5701327 5c7a71a3 2df11585 82d54d1f 23202308 00000001 000001df 2900001d 
19:39:48 ipsec,debug,packet 03000000 76696b74 6f724031 3030646f 6f72732e 70702e75 61240000 08000040 
19:39:48 ipsec,debug,packet 002f0000 16020000 00313030 646f6f72 732e7070 2e756129 00002801 00000000 
19:39:48 ipsec,debug,packet 01000000 02000000 06000000 03000000 08000000 0c000000 0a000000 19000029 
19:39:48 ipsec,debug,packet 00000800 00400a21 00000800 00400b2c 0000c802 00002801 03040300 66702e03 
19:39:48 ipsec,debug,packet 00000c01 00000c80 0e010003 00000803 00000c00 00000805 00000002 00002802 
19:39:48 ipsec,debug,packet 03040305 f1e44203 00000c01 00000c80 0e010003 00000803 00000c00 00000805 
19:39:48 ipsec,debug,packet 00000002 00002803 03040308 3d1d2703 00000c01 00000c80 0e010003 00000803 
19:39:48 ipsec,debug,packet 
19:39:48 ipsec,debug,packet 00000c00 00000805 00000002 00002804 03040302 e4237f03 00000c01 00000c80 
19:39:48 ipsec,debug,packet 0e008003 00000803 00000200 00000805 00000000 00002405 0304030e e5ffb303 
19:39:48 ipsec,debug,packet 00000801 00000303 00000803 00000200 00000805 0000002d 00004002 00000007 
19:39:48 ipsec,debug,packet 00001000 00ffff00 000000ff ffffff08 00002800 00ffff00 00000000 00000000 
19:39:48 ipsec,debug,packet 00000000 000000ff ffffffff ffffffff ffffffff ffffff29 00004002 00000007 
19:39:48 ipsec,debug,packet 00001000 00ffff00 000000ff ffffff08 00002800 00ffff00 00000000 00000000 
19:39:48 ipsec,debug,packet 00000000 000000ff ffffffff ffffffff ffffffff ffffff00 00000800 00400c 
19:39:48 ipsec payload seen: ID_I (29 bytes) 
19:39:48 ipsec payload seen: NOTIFY (8 bytes) 
19:39:48 ipsec payload seen: ID_R (22 bytes) 
19:39:48 ipsec payload seen: CONFIG (40 bytes) 
19:39:48 ipsec payload seen: NOTIFY (8 bytes) 
19:39:48 ipsec payload seen: NOTIFY (8 bytes) 
19:39:48 ipsec payload seen: SA (200 bytes) 
19:39:48 ipsec payload seen: TS_I (64 bytes) 
19:39:48 ipsec payload seen: TS_R (64 bytes) 
19:39:48 ipsec payload seen: NOTIFY (8 bytes) 
19:39:48 ipsec processing payloads: NOTIFY 
19:39:48 ipsec   notify: INITIAL_CONTACT 
19:39:48 ipsec   notify: ESP_TFC_PADDING_NOT_SUPPORTED 
19:39:48 ipsec   notify: NON_FIRST_FRAGMENTS_ALSO 
19:39:48 ipsec   notify: MOBIKE_SUPPORTED 
19:39:48 ipsec ike auth: respond 
19:39:48 ipsec processing payload: ID_I 
19:39:48 ipsec ID_I (RFC822): viktor@100doors.pp.ua 
19:39:48 ipsec processing payload: ID_R 
19:39:48 ipsec ID_R (FQDN): 100doors.pp.ua 
19:39:48 ipsec processing payload: AUTH (not found) 
19:39:48 ipsec requested server id: 100doors.pp.ua 
19:39:48 ipsec,error identity not found for server:100doors.pp.ua peer: RFC822: viktor@100doors.pp.ua 
19:39:48 ipsec reply notify: AUTHENTICATION_FAILED 
19:39:48 ipsec adding notify: AUTHENTICATION_FAILED 
19:39:48 ipsec,debug => (size 0x8) 
19:39:48 ipsec,debug 00000008 00000018 
19:39:48 ipsec <- ike2 reply, exchange: AUTH:1 78.137.26.65[4500] b57013275c7a71a3:2df1158582d54d1f 
19:39:48 ipsec,debug,packet => outgoing plain packet (size 0x24) 
19:39:48 ipsec,debug,packet b5701327 5c7a71a3 2df11585 82d54d1f 29202320 00000001 00000024 00000008 
19:39:48 ipsec,debug,packet 00000018 
19:39:48 ipsec adding payload: ENC 
19:39:48 ipsec,debug => (size 0xe0) 
19:39:48 ipsec,debug 290000e0 e9af1489 d8b7c37b b24eca85 d3692aa0 a6d37b85 747aebe8 c7e87644 
19:39:48 ipsec,debug 643f1bbf d6d08255 330b3976 0cb21c07 4f05cbac b83f7e1b 27f9b594 673b86e0 
19:39:48 ipsec,debug 905243a4 00bafcd6 9f6691fd 431b63f9 744b1ea7 b45ef072 3e178126 88cf7e5f 
19:39:48 ipsec,debug 814ece4d 5985f064 aad7a647 dcd1398a 87adac00 d3b863f0 d6c3ea50 a3fb43e6 
19:39:48 ipsec,debug b4ebde2c 07ad8f5a 1c3332e9 f0bcbb2d 14422dbb cbc638cd 5c1cc1fe 50b5bade 
19:39:48 ipsec,debug 664ad382 8f4f94a5 5c76f090 0ecee9a7 dd9747a9 12d8c2bc 5c0b8bc9 0e4983dc 
19:39:48 ipsec,debug f3bd80a8 631368b3 de425baf 2380099a 2118b9c8 31000000 20a8ff77 28ef4a00 
19:39:48 ipsec,debug ===== sending 252 bytes from 195.95.232.177[4500] to 78.137.26.65[4500] 
19:39:48 ipsec,debug 1 times of 256 bytes message will be sent to 78.137.26.65[4500] 
19:39:48 ipsec,debug,packet b5701327 5c7a71a3 2df11585 82d54d1f 2e202320 00000001 000000fc 290000e0 
19:39:48 ipsec,debug,packet e9af1489 d8b7c37b b24eca85 d3692aa0 a6d37b85 747aebe8 c7e87644 643f1bbf 
19:39:48 ipsec,debug,packet d6d08255 330b3976 0cb21c07 4f05cbac b83f7e1b 27f9b594 673b86e0 905243a4 
19:39:48 ipsec,debug,packet 00bafcd6 9f6691fd 431b63f9 744b1ea7 b45ef072 3e178126 88cf7e5f 814ece4d 
19:39:48 ipsec,debug,packet 5985f064 aad7a647 dcd1398a 87adac00 d3b863f0 d6c3ea50 a3fb43e6 b4ebde2c 
19:39:48 ipsec,debug,packet 07ad8f5a 1c3332e9 f0bcbb2d 14422dbb cbc638cd 5c1cc1fe 50b5bade 664ad382 
19:39:48 ipsec,debug,packet 8f4f94a5 5c76f090 0ecee9a7 dd9747a9 12d8c2bc 5c0b8bc9 0e4983dc f3bd80a8 
19:39:48 ipsec,debug,packet 631368b3 de425baf 2380099a 2118b9c8 daa8e7c4 970428c9 1a8b6e67 
19:39:48 ipsec,info killing ike2 SA: IKEv2-Server 195.95.232.177[4500]-78.137.26.65[4500] spi:2df1158582d54d1
f:b57013275c7a71a3 
19:39:48 ipsec KA remove: 195.95.232.177[4500]->78.137.26.65[4500] 
19:39:48 ipsec,debug KA tree dump: 195.95.232.177[4500]->78.137.26.65[4500] (in_use=1) 
19:39:48 ipsec,debug KA removing this one... 
-- Ctrl-C to quit. Space prints separator. New entries will appear at bottom.

You do not have the required permissions to view the files attached to this post.
 
sindy
Forum Guru
Forum Guru
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: IKEV2 - problem to connect - identity not found for peer

Mon Sep 19, 2022 8:02 pm

What are the properties of the certificate you have installed at the Apple device? Key type, key size, usage list, validity in days? Because Mikrotik asks for a certificate and doesn't get one back, so I still assume the Apple device doesn't consider its certificate good enough for the purpose.

Who is online

Users browsing this forum: artone, benshirazi, Bing [Bot], Jörg and 91 guests