Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 946946 Details for
Bug 1152625
[TAHI][IKEv2] IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96 fail
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Test Log
37.html (text/html), 79.66 KB, created by
Hangbin Liu
on 2014-10-14 14:36:12 UTC
(
hide
)
Description:
Test Log
Filename:
MIME Type:
Creator:
Hangbin Liu
Created:
2014-10-14 14:36:12 UTC
Size:
79.66 KB
patch
obsolete
><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN""http://www.w3c.org/TR/REC-html40/strict.dtd"> ><HTML> ><HEAD> ><TITLE>IPv6 Conformance Test Report</TITLE> ><META NAME="GENERATOR" CONTENT="TAHI IPv6 Conformance Test Kit"> ><script type="text/javascript"> > >var packets = new Array(); > >var POP_ID_PREFIX = "pop"; >var PACKET_INFO_PREFIX = "koiPacketInfo"; > >var COLOR_BG = "#ffdddd"; > >var WINDOW_HEIGHT = 300; >var WINDOW_WIDTH = 300; >var OFFSET_HEIGHT = 5; >var OFFSET_WIDTH = 20; > >var IE = false; >var FF = false; >var NN4 = false; >if (document.all) { > IE = true; >} >else if (document.getElementById) { > FF = true; >} >else if (document.layers) { > NN4 = true; >} > >function popup(id, event) { > var header, footer, pos_x, pos_y, str; > > if (NN4) { > return; > } > > header = '<div style="'; > // header += 'width:' + WINDOW_WIDTH + ';'; > header += 'background-color:' + COLOR_BG + ';'; > header += 'border-width:3pt;'; > header += 'border-style:solid;'; > header += 'border-color:' + COLOR_BG + ';'; > //header += 'padding:0;' > //header += 'margin:0;'; > header += '">'; > > footer = '</div>'; > > str = header; > str += '<pre style="line-height:90%">'; > str += getPacket(id); > str += '</pre>'; > str += footer; > > key = POP_ID_PREFIX + id; > > if (IE) { > pos_x = document.body.scrollLeft+event.clientX; > pos_y = document.body.scrollTop+event.clientY; > document.all(key).style.pixelLeft = pos_x+OFFSET_WIDTH; > document.all(key).style.pixelTop = pos_y+OFFSET_HEIGHT; > document.all(key).innerHTML = str; > document.all(key).style.visibility = 'visible'; > } > else if (FF) { > pos_x = event.pageX; > pos_y = event.pageY; > document.getElementById(key).style.left = pos_x+OFFSET_WIDTH + 'px'; > document.getElementById(key).style.top = pos_y+OFFSET_HEIGHT + 'px'; > document.getElementById(key).innerHTML = str; > document.getElementById(key).style.visibility = 'visible'; > } > else if (NN4) { > pos_x = event.pageX; > pos_y = event.pageY; > document.layers[key].moveTo(pos_x+OFFSET_WIDTH, pos_y+OFFSET_HEIGHT); > document.layers[key].document.open(); > document.layers[key].document.write(str); > document.layers[key].document.close(); > document.layers[key].visibility = 'show'; > } >} > >function popdown(id) { > key = POP_ID_PREFIX + id; > if (IE) { > document.all(key).style.visibility = "hidden"; > } > else if (FF) { > document.getElementById(key).style.visibility = "hidden"; > } > else if (NN4) { > document.layers[key].visibility = "hidden"; > } >} > >function getPacket(id) { > if (packets[id]) { > return packets[id]; > } > > var str = getInnerHTML(PACKET_INFO_PREFIX + id); > str = trimTag(str, 'pre'); > packets[id] = str; > return str; >} > >function getInnerHTML(id) { > if (IE) { > return document.all(id).innerHTML; > } > else if (FF) { > return document.getElementById(id).innerHTML; > } >} > >function trimTag(str, tagName) { > var index = str.indexOf('<' + tagName); > index = str.indexOf('>', index + 1); > > var lastIndex = str.lastIndexOf('</' + tagName + '>'); > lastIndex = (lastIndex < 0) ? str.length : lastIndex; > > return str.substring(index + 1, lastIndex); >} > ></script> ></HEAD> > ><BODY BGCOLOR="#F0F0F0"> ><H1>Test Information</H1> ><TABLE BORDER=1> ><TR><TD>Title</TD><TD>Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96</TD></TR> ><TR><TD>CommandLine</TD><TD>./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq -pkt ./packets/EN-EN.def -v6eval -log 37.html -ti Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96</TD></TR> ><TR><TD>Script</TD><TD><A HREF="./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq">./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq</A></TD></TR> ><TR><TD>Packet</TD><TD><A HREF="./packets/EN-EN.def">./packets/EN-EN.def</A></TD></TR> ><TR><TD>TestVersion</TD><TD>REL_1_1_1</TD></TR> ><TR><TD>ToolVersion</TD><TD>REL_2_2_0</TD></TR> ><TR><TD>Start</TD><TD>2014/10/11 13:32:22</TD></TR> ><TR><TD>Tn</TD><TD>/usr/local/koi//etc//tn.def</TD></TR> ><TR><TD>Nu</TD><TD>/usr/local/koi//etc//nut.def</TD></TR> ></TABLE> > ><HR><H1>Test Sequence Execution Log</H1> ><TABLE BORDER=1> ><TR><TD>13:32:22</TD><TD>Start</TD></TR> ><TR><TD><br></TD><TD> ><FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST SETUP</B></U></FONT><tr VALIGN="top"> ><td></td> ><td width="100%">initializing IKEv2 module ...</td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%">configuring Common Topology for End-Node: End-Node to End-Node ...</td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%">parsing ./config.pl ...</td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><TABLE BORDER><TR><TH BGCOLOR="#a8b5d8">key</TH><TH BGCOLOR="#a8b5d8">value</TH></TR><TR><TD>Link A prefix</TD><TD>2001:0db8:0001:0001</TD></TR><TR><TD>Link X prefix</TD><TD>2001:0db8:000f:0001</TD></TR><TR><TD>Link A link-local address (TR1)</TD><TD>fe80::f</TD></TR><TR><TD>Link A global address (NUT)</TD><TD>2001:0db8:0001:0001::1234</TD></TR><TR><TD>pre-shared key (TN)</TD><TD>IKETEST12345678!</TD></TR><TR><TD>pre-shared key (NUT)</TD><TD>IKETEST12345678!</TD></TR><TR><TD>IKE_SA Lifetime</TD><TD>64</TD></TR><TR><TD>CHILD_SA Lifetime</TD><TD>128</TD></TR><TR><TD>IKE_SA_INIT Request RetransTimer</TD><TD>41</TD></TR><TR><TD>IKE_AUTH Request RetransTimer</TD><TD>16</TD></TR><TR><TD>CREATE_CHILD_SA Request RetransTimer</TD><TD>16</TD></TR><TR><TD>INFORMATIONAL Request RetransTimer</TD><TD>16</TD></TR><TR><TD>Liveness Check Timer</TD><TD>32</TD></TR><TR><TD># of Half-Open IKE_SAs to contain N(COOKIE)</TD><TD>32</TD></TR></TABLE></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%">setting up TN ...</td> ></tr> ><TR VALIGN="top"> ><TD>13:32:23</TD> ><TD width="100%"> >ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=1")<BR> ><PRE>net.inet6.ip6.forwarding: 0 -> 1 ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:23</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig -a")<BR> ><PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> > ether 00:23:ae:7a:6e:cc > inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 > inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:58:fa > inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 > inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa > inet6 3ffe:501:ffff:100::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:5d:d1 > inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb > inet6 3ffe:501:ffff:101::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:23</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:23</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:23</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 create")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:23</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 up")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:23</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:26</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig -a")<BR> ><PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> > ether 00:23:ae:7a:6e:cc > inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 > inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:58:fa > inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 > inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa > inet6 3ffe:501:ffff:100::20 prefixlen 64 > inet6 fe80::f%em1 prefixlen 64 scopeid 0xa > inet6 2001:db8:1:1::f prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:5d:d1 > inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb > inet6 3ffe:501:ffff:101::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> >lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet6 2001:db8:f:1::1 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:26</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -D")<BR> ><PRE>No SAD entries. ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:26</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -F")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:29</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -D")<BR> ><PRE>No SAD entries. ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:29</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -DP")<BR> ><PRE>No SPD entries. ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:29</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -FP")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:32:32</TD> ><TD width="100%"> >ikev2Local("/sbin/setkey -DP")<BR> ><PRE>No SPD entries. ></PRE></TD> ></TR><tr VALIGN="top"> ><td></td> ><td width="100%">setting up NUT ...</td> ></tr> ></TD> ></TR> ><TR VALIGN="TOP"><TD>13:32:32</TD> ><TD width="100%"> >kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip addr >1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever >2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 > link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff > inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 > valid_lft 76833sec preferred_lft 76833sec > inet6 fe80::222:19ff:fe30:20d5/64 scope link > valid_lft forever preferred_lft forever >3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 > valid_lft forever preferred_lft forever > inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c668/64 scope link > valid_lft forever preferred_lft forever >4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff > inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c669/64 scope link > valid_lft forever preferred_lft forever >5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN > link/ipip 0.0.0.0 brd 0.0.0.0 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -f inet6 addr add 2001:0db8:0001:0001::1234/64 dev p6p1 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip addr >1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever >2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 > link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff > inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 > valid_lft 76828sec preferred_lft 76828sec > inet6 fe80::222:19ff:fe30:20d5/64 scope link > valid_lft forever preferred_lft forever >3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 > valid_lft forever preferred_lft forever > inet6 2001:db8:1:1::1234/64 scope global > valid_lft forever preferred_lft forever > inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c668/64 scope link > valid_lft forever preferred_lft forever >4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff > inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c669/64 scope link > valid_lft forever preferred_lft forever >5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN > link/ipip 0.0.0.0 brd 0.0.0.0 >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>13:32:54</TD> ><TD width="100%"> >kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -6 route show >unreachable ::/96 dev lo metric 1024 error -101 >unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 >2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 >unreachable 2002:a00::/24 dev lo metric 1024 error -101 >unreachable 2002:7f00::/24 dev lo metric 1024 error -101 >unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 >unreachable 2002:ac10::/28 dev lo metric 1024 error -101 >unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 >unreachable 2002:e000::/19 dev lo metric 1024 error -101 >3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 >3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 >unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 >fe80::/64 dev p6p1 proto kernel metric 256 >fe80::/64 dev p6p2 proto kernel metric 256 >fe80::/64 dev p7p1 proto kernel metric 256 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6 p1 >[root@dhcp12-166 ~]# sendMessagesSync: never got ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6p1 >[root@dhcp12-166 ~]# ip -6 route show >unreachable ::/96 dev lo metric 1024 error -101 >unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 >2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 >2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024 >unreachable 2002:a00::/24 dev lo metric 1024 error -101 >unreachable 2002:7f00::/24 dev lo metric 1024 error -101 >unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 >unreachable 2002:ac10::/28 dev lo metric 1024 error -101 >unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 >unreachable 2002:e000::/19 dev lo metric 1024 error -101 >3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 >3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 >unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 >fe80::/64 dev p6p1 proto kernel metric 256 >fe80::/64 dev p6p2 proto kernel metric 256 >fe80::/64 dev p7p1 proto kernel metric 256 >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>13:33:20</TD> ><TD width="100%"> >kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm state list >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm policy list >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ipsec setup stop >Redirecting to: systemctl stop ipsec.service >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm state list >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm policy list >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>13:33:40</TD> ><TD width="100%"> >kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2 > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# rpm -q libreswan >libreswan-3.10-2.el7.x86_64 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# cat > /etc/ipsec.secrets << EOF >> %any %any : PSK 'IKETEST12345678!' >> EOF >[root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets > 1 %any %any : PSK 'IKETEST12345678!' >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets > 1 %any %any : PSK 'IKETEST12345678!' >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.secrets >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.secrets >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ls -l /etc/ipsec.secrets >-rw-------. 1 root wheel 35 Oct 11 21:22 /etc/ipsec.secrets >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# cat > /etc/ipsec.conf << EOF >> config setup >> protostack=netkey >> plutostderrlog="/tmp/pluto.log" >> klipsdebug=verbose >> conn ikev2 >> left=2001:0db8:0001:0001::1234 >> right=2001:0db8:000f:0001::1 >> leftid=2001:0db8:0001:0001::1234 >> rightid=2001:0db8:000f:0001::1 >> type=transport >> auto=start >> connaddrfamily=ipv6 >> authby=secret >> phase2=esp >> phase2alg=3des-sha1 >> ike=3des-sha1;modp1024 >> ikev2=insist >> EOF >[root@dhcp12-166 ~]# cat -n /etc/ipsec.conf > 1 config setup > 2 protostack=netkey > 3 plutostderrlog="/tmp/pluto.log" > 4 klipsdebug=verbose > 5 conn ikev2 > 6 left=2001:0db8:0001:0001::1234 > 7 right=2001:0db8:000f:0001::1 > 8 leftid=2001:0db8:0001:0001::1234 > 9 rightid=2001:0db8:000f:0001::1 > 10 type=transport > 11 auto=start > 12 connaddrfamily=ipv6 > 13 authby=secret > 14 phase2=esp > 15 phase2alg=3des-sha1 > 16 ike=3des-sha1;modp1024 > 17 ikev2=insist >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# echo > /tmp/pluto.log >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.conf >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.conf >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ls -l /etc/ipsec.conf >-rw-------. 1 root wheel 464 Oct 11 21:22 /etc/ipsec.conf >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ipsec setup start >Redirecting to: systemctl start ipsec.service >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm state list >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm policy list >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR><TD><br></TD><TD> ><FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST PROCEDURE</B></U></FONT><FONT COLOR="#000000" SIZE="+1"><U><B>Part D: Integrity Algorithm AUTH_AES_XCBC_96.</B></U></FONT><PRE> (I) (R) > NUT TN1 > | | > |-------------->| IKE_SA_INIT request (HDR, SAi1, KEi, Ni) > | | > V V</PRE><TR VALIGN="TOP"> ><TD>13:34:05</TD><TD> >Clear Buffer<BR> >done<BR> ></TD> ></TR> > ><TR VALIGN="TOP"><TD>13:34:05</TD> ><TD width="100%"> >kRemoteAsync(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate''<br> >kRemoteAsync()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate<br> > ><A NAME="kRemoteAsync4346"></A> ><A HREF="#kRemoteAsyncWait4346">Link to remote control log</A> ></TD> ></TR> > ><TR VALIGN="TOP"> ><TD>13:34:05</TD><TD> >Listen<br> SrcAddr:2001:0db8:000f:0001::1 SrcPort:500<br> >done<BR> > listening at SocketID:3<br> ></TD> ></TR> > ><TR VALIGN="TOP"> ><TD>13:34:05</TD><TD> >Receive<BR> > SrcAddr:2001:db8:1:1::1234 SrcPort:500<br> DstAddr:2001:db8:f:1::1 DstPort:500<br> >done<BR> > received from SocketID:4<br> ><A NAME="koiPacket1"></A> ><A HREF="#koiPacketDump1" onmouseover="popup(1,event);"onmouseout="popdown(1);">receive packet #1</A> ><div id="pop1" style="position:absolute; visibility:hidden;"></div> ><BR> ></TD> ></TR> > ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre>Compare the received packet with packets('common_remote_index')</pre></td> ></tr> ><TR VALIGN="top"> ><TD></TD><TD><B>Payload Order (HDR, SA(P(T, T, T, T)), KE, Ni, Nr, N, N)</B></TD></TR><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>IKE Header</b> ><b>OK</b> initSPI: (received: a0bcca2528dd9158, expected: 0000000000000000, comp: ne) ><b>OK</b> respSPI: (received: 0000000000000000, expected: 0000000000000000, comp: eq) ><b>OK</b> nexttype: (received: SA, expected: SA, comp: eq) ><b>OK</b> major: (received: 2, expected: 2, comp: eq) ><b>OK</b> minor: (received: 0, expected: 0, comp: eq) ><b>OK</b> exchType: (received: IKE_SA_INIT, expected: IKE_SA_INIT, comp: eq) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> initiator: (received: 1, expected: 1, comp: eq) ><b>OK</b> higher: (received: 0, expected: 0, comp: eq) ><b>OK</b> response: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> messID: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 284, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Security Association Payload</b> ><b>OK</b> nexttype: (received: KE, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 44, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>SA Proposal Comparison</b> ><b>OK</b> ENCR: (received:ENCR_3DES, expected:ENCR_3DES) ><b>OK</b> PRF: (received:PRF_HMAC_SHA1, expected:PRF_HMAC_SHA1) ><b>OK</b> INTEG: (received:INTEG_HMAC_SHA1_96, expected:INTEG_HMAC_SHA1_96) ><b>OK</b> D-H: (received:D-H_1024 MODP Group, expected:D-H_1024 MODP Group) ><b>OK</b> ESN: (received:, expected:) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Proposal Substructure</b> ><b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> proposalLen: (received: 40, expected: any, comp: already checked) ><b>OK</b> number: (received: 1, expected: 1, comp: eq) ><b>OK</b> id: (received: IKE, expected: IKE, comp: eq) ><b>OK</b> spiSize: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformCount: (received: 4, expected: 4, comp: eq) ><b>OK</b> spi: (received: , expected: , comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: ENCR, expected: ENCR, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: 3DES, expected: 3DES, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: PRF, expected: PRF, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: HMAC_SHA1, expected: HMAC_SHA1, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: INTEG, expected: INTEG, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: HMAC_SHA1_96, expected: HMAC_SHA1_96, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: D-H, expected: D-H, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: 1024 MODP Group, expected: 1024 MODP Group, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Key Exchange Payload</b> ><b>OK</b> nexttype: (received: Ni, Nr, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 136, expected: any, comp: already checked) ><b>OK</b> group: (received: 2, expected: 2, comp: eq) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> publicKey: (received: 48442990136236040419443674541332750551947726743426439022343477744166582052577501892602807134302894010164333660457870928822507975898099317000468828967833643210070120979804458437749121834851714072849186295926942716782059299010976356326694864502532479824474513717153152894396350409458178827038026398065063202889, expected: any, comp: any) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Nonce Payload</b> ><b>OK</b> nexttype: (received: N, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 20, expected: (20, 260), comp: range) ><b>OK</b> nonce: (received: 249393376645862146977564050628493303616, expected: any, comp: any) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><b>Match with packet('common_remote_index')</b></td> ></tr> ><TR><TD><br></TD><TD> ><PRE> (I) (R) > NUT TN1 > | | > |<--------------| IKE_SA_INIT response (HDR, SAr1, KEr, Nr) > | | > V V</PRE><TR VALIGN="TOP"> ><TD>13:34:06</TD><TD> >Clear Buffer<BR> >done<BR> ></TD> ></TR> > ><TR VALIGN="TOP"> ><TD>13:34:06</TD><TD> >Send<BR> >done<BR> > sent to SocketID:4<br> ><A NAME="koiPacket2"></A> ><A HREF="#koiPacketDump2" onmouseover="popup(2,event);"onmouseout="popdown(2);">send packet #2</A> ><div id="pop2" style="position:absolute; visibility:hidden;"></div> ><BR> ></TD> ></TR> > ><tr VALIGN="top"> ><td></td> ><td width="100%"><TABLE BORDER><TR><TH BGCOLOR="#a8b5d8">key</TH><TH BGCOLOR="#a8b5d8">value</TH></TR><TR><TD>g^i</TD><TD>44fc3006cd067dfab0a7ca04c95e7b0b1cc424ccc4a8139e9f67aa98275fc9a26c2d167be6aafffd98d16e88fd286b997c43728316ff7d5c28ddf497251dc89f46c900d857da3de18bf48f19693b4c8c96fdfa631f21e0cda98133164d63a6d5410256d4aa3305abba89fbbdf78e562b3466630d4e535913e39be2a4c4919049</TD></TR><TR><TD>g^r</TD><TD>d02835681069f07665e63fb8d7ff62adb352b43346af4d8e62701716682b9f41dce8c3e77191f2fb3202eed216a15ff33b2377876ba630007cc686d8a789090db03bdc7c8fe891801daf44f85e483f8cb97635af2c0a79fc93a0de11709fb1d9b60ebf16fb98f2dfe0a4a887dbf2bdbdfaf6cba82d141192fc0cd4aedf596e52</TD></TR><TR><TD>g^ir</TD><TD>881a793335d59b0cca607ab0941ad500f909282e81ced16a7ff4c7f38905e1963e70dc7012afbf5ed266db646a5c06d862711f604075c977412c45f673413eb429c35257fcb87d98e8789dfb2222f6e807a365b702ff67df133d9f379df9c82ec6e56ad7c7f25e0560fec05656205372aa67714a242ab3b7c487e05d0c0b12ac</TD></TR><TR><TD>Ni</TD><TD>bb9f6acdb630327cf73b521a5491df40</TD></TR><TR><TD>Nr</TD><TD>95708e5459bdf506bda6c9f3fde565a167289726dfbacfb29a9b8ed6bc2d5d7ccadefa5791371830c2f2d070748adbd90dd67ebd3a6c</TD></TR><TR><TD>SPIi</TD><TD>a0bcca2528dd9158</TD></TR><TR><TD>SPIr</TD><TD>b701582fadf119af</TD></TR><TR><TD>IKEv2 Transform Type 1 Algorithms</TD><TD>3DES</TD></TR><TR><TD>IKEv2 Transform Type 2 Algorithms</TD><TD>HMAC_SHA1</TD></TR><TR><TD>IKEv2 Transform Type 3 Algorithms</TD><TD>HMAC_SHA1_96</TD></TR></TABLE></td> ></tr> ><TR><TD><br></TD><TD> ><PRE> (I) (R) > NUT TN1 > | | > |-------------->| IKE_AUTH request (HDR, SK {IDi, AUTH, N(USE_TRANSPORT_MODE), SAi2, TSi, TSr}) > | | > V V</PRE><TR VALIGN="TOP"> ><TD>13:34:06</TD><TD> >Receive<BR> > SrcAddr:2001:db8:1:1::1234 SrcPort:500<br> DstAddr:2001:db8:f:1::1 DstPort:500<br> >done<BR> > received from SocketID:4<br> ><A NAME="koiPacket3"></A> ><A HREF="#koiPacketDump3" onmouseover="popup(3,event);"onmouseout="popdown(3);">receive packet #3</A> ><div id="pop3" style="position:absolute; visibility:hidden;"></div> ><BR> ></TD> ></TR> > ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre><b>Check Authentication: OK</b> >expected(458d703ffd438212918d2f198dc5c5dc8571ef68) >received(458d703ffd438212918d2f198dc5c5dc8571ef68)</pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%">Compare the received packet with packets('EN-I-1-1-6-2.D.1')</td> ></tr> ><TR VALIGN="top"> ><TD></TD><TD><B>Payload Order (HDR, E(IDi, AUTH, SA(P(T, T, T)), TSi(TS), TSr(TS), N))</B></TD></TR><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>IKE Header</b> ><b>OK</b> initSPI: (received: a0bcca2528dd9158, expected: a0bcca2528dd9158, comp: eq) ><b>OK</b> respSPI: (received: b701582fadf119af, expected: b701582fadf119af, comp: eq) ><b>OK</b> nexttype: (received: E, expected: E, comp: eq) ><b>OK</b> major: (received: 2, expected: 2, comp: eq) ><b>OK</b> minor: (received: 0, expected: 0, comp: eq) ><b>OK</b> exchType: (received: IKE_AUTH, expected: IKE_AUTH, comp: eq) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> initiator: (received: 1, expected: 1, comp: eq) ><b>OK</b> higher: (received: 0, expected: 0, comp: eq) ><b>OK</b> response: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> messID: (received: 1, expected: 1, comp: eq) ><b>OK</b> length: (received: 252, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Encrypted Payload</b> ><b>OK</b> innerType: (received: IDi, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 28, expected: any, comp: already checked) ><b>OK</b> iv: (received: C4457863 C9BE0E64, expected: any, comp: already checked) ><b>OK</b> checksum: (received: 8745110F B4A83A64 BE69B239, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Identification Payload - Initiator</b> ><b>OK</b> nexttype: (received: AUTH, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 24, expected: any, comp: already checked) ><b>OK</b> type: (received: IPV6_ADDR, expected: IPV6_ADDR, comp: eq) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> value: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Authentication Payload</b> ><b>OK</b> nexttype: (received: SA, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 28, expected: any, comp: already checked) ><b>OK</b> method: (received: SK_MIC, expected: SK_MIC, comp: eq) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> data: (received: 458d703ffd438212918d2f198dc5c5dc8571ef68, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Notify Payload</b> ><b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 8, expected: any, comp: already checked) ><b>OK</b> id: (received: 0, expected: 0, comp: eq) ><b>OK</b> spiSize: (received: 0, expected: 0, comp: eq) ><b>OK</b> type: (received: USE_TRANSPORT_MODE, expected: USE_TRANSPORT_MODE, comp: eq) ><b>OK</b> spi: (received: , expected: , comp: eq) ><b>OK</b> data: (received: , expected: , comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Security Association Payload</b> ><b>OK</b> nexttype: (received: TSi, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 40, expected: any, comp: already checked) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>SA Proposal Comparison</b> ><b>OK</b> ENCR: (received:ENCR_3DES, expected:ENCR_3DES) ><b>OK</b> PRF: (received:, expected:) ><font color='#ff0000'><b>NG</b></font> INTEG: (received:INTEG_HMAC_SHA1_96, expected:INTEG_AES_XCBC_96) ><b>OK</b> D-H: (received:, expected:) ><b>OK</b> ESN: (received:ESN_No ESN, expected:ESN_No ESN) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><font color='#ff0000'><b>NG</b></font> The number of matched SA Proposals is not enough. ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Proposal Substructure</b> ><b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> proposalLen: (received: 36, expected: any, comp: already checked) ><b>OK</b> number: (received: 1, expected: 1, comp: eq) ><b>OK</b> id: (received: ESP, expected: ESP, comp: eq) ><b>OK</b> spiSize: (received: 4, expected: 4, comp: eq) ><b>OK</b> transformCount: (received: 3, expected: 3, comp: eq) ><b>OK</b> spi: (received: 268a01bf, expected: any, comp: any) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: ENCR, expected: ENCR, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: 3DES, expected: 3DES, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Transform Substructure</b> ><b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ><b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) ><b>OK</b> type: (received: ESN, expected: ESN, comp: eq) ><b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) ><b>OK</b> id: (received: No ESN, expected: No ESN, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Traffic Selector Payload - Initiator</b> ><b>OK</b> nexttype: (received: TSr, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 48, expected: any, comp: already checked) ><b>OK</b> count: (received: 1, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Traffic Selector</b> ><b>OK</b> type: (received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq) ><b>OK</b> protocol: (received: 0, expected: 0, comp: eq) ><b>OK</b> selectorLen: (received: 40, expected: any, comp: already checked) ><b>OK</b> sport: (received: 0, expected: 0, comp: eq) ><b>OK</b> eport: (received: 65535, expected: 65535, comp: eq) ><b>OK</b> saddr: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) ><b>OK</b> eaddr: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Traffic Selector Payload - Responder</b> ><b>OK</b> nexttype: (received: N, expected: any, comp: already checked) ><b>OK</b> critical: (received: 0, expected: 0, comp: eq) ><b>OK</b> reserved: (received: 0, expected: 0, comp: eq) ><b>OK</b> length: (received: 48, expected: any, comp: already checked) ><b>OK</b> count: (received: 1, expected: any, comp: already checked) ><b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><pre> ><b>Traffic Selector</b> ><b>OK</b> type: (received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq) ><b>OK</b> protocol: (received: 0, expected: 0, comp: eq) ><b>OK</b> selectorLen: (received: 40, expected: any, comp: already checked) ><b>OK</b> sport: (received: 0, expected: 0, comp: eq) ><b>OK</b> eport: (received: 65535, expected: 65535, comp: eq) ><b>OK</b> saddr: (received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq) ><b>OK</b> eaddr: (received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq) ></pre></td> ></tr> ><tr VALIGN="top"> ><td></td> ><td width="100%"><b>Not match with packet('EN-I-1-1-6-2.D.1')</b></td> ></tr> ><TR><TD><br></TD><TD> ><FONT COLOR="#ff0000">Can't observe IKE_AUTH request.</FONT><tr VALIGN="top"> ><td></td> ><td width="100%"><FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST CLEANUP</B></U></FONT></td> ></tr> ></TD> ></TR> > ><TR VALIGN="TOP"><TD>13:34:06</TD> ><TD> >kRemoteAsyncWait() ><PRE><A NAME="kRemoteAsyncWait4346"></A> ><A HREF="#kRemoteAsync4346">Link to remote control start point</A> >DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ping6 -n -c 1 2001:0db8:000f:0001::1 >PING 2001:0db8:000f:0001::1(2001:db8:f:1::1) 56 data bytes >64 bytes from 2001:db8:f:1::1: icmp_seq=1 ttl=64 time=0.185 ms > >--- 2001:0db8:000f:0001::1 ping statistics --- >1 packets transmitted, 1 received, 0% packet loss, time 0ms >rtt min/avg/max/mdev = 0.185/0.185/0.185/0.000 ms >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><tr VALIGN="top"> ><td></td> ><td width="100%">cleaning up NUT ...</td> ></tr> ><TR VALIGN="TOP"><TD>13:34:25</TD> ><TD width="100%"> >kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm state list >src 2001:db8:f:1::1 dst 2001:db8:1:1::1234 > proto esp spi 0x268a01bf reqid 16385 mode tunnel > replay-window 0 > sel src 2001:db8:f:1::1/128 dst 2001:db8:1:1::1234/128 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm policy list >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src ::/0 dst ::/0 > socket out priority 0 ptype main >src ::/0 dst ::/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket out priority 0 ptype main >src 0.0.0.0/0 dst 0.0.0.0/0 > socket in priority 0 ptype main >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ipsec setup stop >Redirecting to: systemctl stop ipsec.service >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm state list >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip xfrm policy list >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>13:34:46</TD> ><TD width="100%"> >kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=cat_log''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=cat_log > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# cat /tmp/pluto.log >nss directory plutomain: /etc/ipsec.d >NSS Initialized >libcap-ng support [enabled] >FIPS HMAC integrity verification test passed >FIPS: pluto daemon NOT running in FIPS mode >Linux audit support [disabled] >Starting Pluto (Libreswan Version 3.10 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:21460 >core dump dir: /var/run/pluto >secrets file: /etc/ipsec.secrets >leak-detective disabled >SAref support [disabled]: Protocol not available >SAbind support [disabled]: Protocol not available >NSS crypto [enabled] >XAUTH PAM support [enabled] > NAT-Traversal support [enabled] >ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) >ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0) >ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) >starting up 3 crypto helpers >started thread for crypto helper 0 (master fd 7) >started thread for crypto helper 1 (master fd 9) >started thread for crypto helper 2 (master fd 11) >Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-175.el7.x86_64 >ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0) >Warning: failed to register algo_aes_ccm_8 for IKE >ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0) >Warning: failed to register algo_aes_ccm_12 for IKE >ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0) >Warning: failed to register algo_aes_ccm_16 for IKE >ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0) >Warning: failed to register algo_aes_gcm_8 for IKE >ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0) >Warning: failed to register algo_aes_gcm_12 for IKE >ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0) >Warning: failed to register algo_aes_gcm_16 for IKE > loading CA cert file 'cacert.pem' (956 bytes) > loading crl file 'crl.pem' (483 bytes) >| selinux support is enabled. >| entering aalg_getbyname_ike() >added connection description "ikev2" >listening for IKE messages >adding interface p6p1/p6p1 192.168.0.10:500 >adding interface p6p1/p6p1 192.168.0.10:4500 >adding interface p7p1/p7p1 10.66.13.22:500 >adding interface p7p1/p7p1 10.66.13.22:4500 >adding interface lo/lo 127.0.0.1:500 >adding interface lo/lo 127.0.0.1:4500 >adding interface p6p1/p6p1 2001:db8:1:1::1234:500 >adding interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500 >adding interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500 >adding interface lo/lo ::1:500 >loading secrets from "/etc/ipsec.secrets" >"ikev2" #1: initiating v2 parent SA >| natd_hash: Warning, rcookie is zero !! >| natd_hash: Warning, rcookie is zero !! >"ikev2" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 >"ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 >| V2 microcode entry (initiate IKE_SA_INIT) has unspecified timeout_event >| Initiator child policy is transport mode, sending v2N_USE_TRANSPORT_MODE >"ikev2" #2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 >"ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=oakley_3des_cbc_192 integ=sha1_96 prf=sha group=MODP1024} >| V2 microcode entry (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) has unspecified timeout_event >shutting down >forgetting secrets >"ikev2": deleting connection >"ikev2" #2: deleting state (STATE_PARENT_I2) >"ikev2" #1: deleting state (STATE_PARENT_I2) >shutting down interface lo/lo ::1:500 >shutting down interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500 >shutting down interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500 >shutting down interface p6p1/p6p1 2001:db8:1:1::1234:500 >shutting down interface lo/lo 127.0.0.1:4500 >shutting down interface lo/lo 127.0.0.1:500 >shutting down interface p7p1/p7p1 10.66.13.22:4500 >shutting down interface p7p1/p7p1 10.66.13.22:500 >shutting down interface p6p1/p6p1 192.168.0.10:4500 >shutting down interface p6p1/p6p1 192.168.0.10:500 >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>13:35:06</TD> ><TD width="100%"> >kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -6 route show >unreachable ::/96 dev lo metric 1024 error -101 >unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 >2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 >2001:db8:f:1::1 via fe80::f dev p6p1 metric 0 > cache >2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024 >unreachable 2002:a00::/24 dev lo metric 1024 error -101 >unreachable 2002:7f00::/24 dev lo metric 1024 error -101 >unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 >unreachable 2002:ac10::/28 dev lo metric 1024 error -101 >unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 >unreachable 2002:e000::/19 dev lo metric 1024 error -101 >3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 >3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 >unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 >fe80::/64 dev p6p1 proto kernel metric 256 >fe80::/64 dev p6p2 proto kernel metric 256 >fe80::/64 dev p7p1 proto kernel metric 256 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -6 route del 2001:0db8:000f:0001::/64 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -6 route show >unreachable ::/96 dev lo metric 1024 error -101 >unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 >2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 >unreachable 2002:a00::/24 dev lo metric 1024 error -101 >unreachable 2002:7f00::/24 dev lo metric 1024 error -101 >unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 >unreachable 2002:ac10::/28 dev lo metric 1024 error -101 >unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 >unreachable 2002:e000::/19 dev lo metric 1024 error -101 >3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 >3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 >unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 >fe80::/64 dev p6p1 proto kernel metric 256 >fe80::/64 dev p6p2 proto kernel metric 256 >fe80::/64 dev p7p1 proto kernel metric 256 >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><TR VALIGN="TOP"><TD>13:35:27</TD> ><TD width="100%"> >kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1''<br> >kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 > ><PRE>DEBUG : start kRemoteLogin >Connected > >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip addr >1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever >2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 > link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff > inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 > valid_lft 76657sec preferred_lft 76657sec > inet6 fe80::222:19ff:fe30:20d5/64 scope link > valid_lft forever preferred_lft forever >3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 > valid_lft forever preferred_lft forever > inet6 2001:db8:1:1::1234/64 scope global > valid_lft forever preferred_lft forever > inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c668/64 scope link > valid_lft forever preferred_lft forever >4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff > inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c669/64 scope link > valid_lft forever preferred_lft forever >5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN > link/ipip 0.0.0.0 brd 0.0.0.0 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip -f inet6 addr del 2001:0db8:0001:0001::1234/64 dev p6p1 >[root@dhcp12-166 ~]# >[root@dhcp12-166 ~]# ip addr >1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever >2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 > link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff > inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 > valid_lft 76652sec preferred_lft 76652sec > inet6 fe80::222:19ff:fe30:20d5/64 scope link > valid_lft forever preferred_lft forever >3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 > valid_lft forever preferred_lft forever > inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c668/64 scope link > valid_lft forever preferred_lft forever >4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 > link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff > inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::215:17ff:fe3c:c669/64 scope link > valid_lft forever preferred_lft forever >5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN > link/ipip 0.0.0.0 brd 0.0.0.0 >[root@dhcp12-166 ~]# ></PRE> ></TD></TR> > ><tr VALIGN="top"> ><td></td> ><td width="100%">cleaning up TN ...</td> ></tr> ><TR VALIGN="top"> ><TD>13:35:50</TD> ><TD width="100%"> >ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=0")<BR> ><PRE>net.inet6.ip6.forwarding: 1 -> 0 ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:35:50</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig -a")<BR> ><PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> > ether 00:23:ae:7a:6e:cc > inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 > inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:58:fa > inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 > inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa > inet6 3ffe:501:ffff:100::20 prefixlen 64 > inet6 fe80::f%em1 prefixlen 64 scopeid 0xa > inet6 2001:db8:1:1::f prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:5d:d1 > inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb > inet6 3ffe:501:ffff:101::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> >lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet6 2001:db8:f:1::1 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> ></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:35:50</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64 delete")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:35:50</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 down")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:35:50</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig lo1 destroy")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:35:50</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64 delete")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:35:50</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64 delete")<BR> ><PRE></PRE></TD> ></TR><TR VALIGN="top"> ><TD>13:35:53</TD> ><TD width="100%"> >ikev2Local("/sbin/ifconfig -a")<BR> ><PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> > ether 00:23:ae:7a:6e:cc > inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 > inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:58:fa > inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 > inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa > inet6 3ffe:501:ffff:100::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> > ether 00:1b:21:1c:5d:d1 > inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb > inet6 3ffe:501:ffff:101::20 prefixlen 64 > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active >plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 >lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=3<RXCSUM,TXCSUM> > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd > nd6 options=3<PERFORMNUD,ACCEPT_RTADV> ></PRE></TD> ></TR><tr VALIGN="top"> ><td></td> ><td width="100%"><FONT COLOR="#ff0000">FAIL</FONT></td> ></tr> ></TABLE> > ><HR><H1>Packet Reverse Log</H1> ><UL> ><A NAME="koiPacketDump1"></A><A HREF="#koiPacket1">packet #1 at 13:34:06</A> ><div id="koiPacketInfo1"> ><pre>IP Packet >| IP Header >| | Version = 6 >| | Source Address = 2001:db8:1:1::1234 >| | Destination Address = 2001:db8:f:1::1 >| UDP Header >| | Source Port = 500 >| | Destination Port = 500 >| Internet Security Association and Key Management Protocol Payload >| | IKE Header >| | | IKE_SA Initiator's SPI = a0bcca2528dd9158 >| | | IKE_SA Responder's SPI = 0000000000000000 >| | | Next Payload = 33 (SA) >| | | Major Version = 2 >| | | Minor Version = 0 >| | | Exchange Type = 34 (IKE_SA_INIT) >| | | Flags = 8 (0b00001000) >| | | | Reserved (XX000000) = 0 >| | | | Response (00R00000) = 0 >| | | | Version (000V0000) = 0 >| | | | Initiator (0000I000) = 1 >| | | | Reserved (00000XXX) = 0 >| | | Message ID = 0 (0x0) >| | | Length = 284 (0x11c) >| | | SA Payload >| | | | Next Payload = 34 (KE) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 44 (0x2c) >| | | | Proposal #1 >| | | | | Next Payload = 0 (last) >| | | | | RESERVED = 0 >| | | | | Proposal Length = 40 >| | | | | Proposal # = 1 >| | | | | Proposal ID = IKE >| | | | | SPI Size = 0 >| | | | | # of Transforms = 4 >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 1 (ENCR) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 3 (3DES) >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 3 (INTEG) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (HMAC_SHA1_96) >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 2 (PRF) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (HMAC_SHA1) >| | | | | Transfrom >| | | | | | Next Payload = 0 (last) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 4 (D-H) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (1024 MODP Group) >| | | KE Payload >| | | | Next Payload = 40 (Ni, Nr) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 136 (0x88) >| | | | DH Group # = 2 >| | | | RESERVED = 0 >| | | | Key Exchange Data = 0x44fc3006cd067dfab0a7ca04c95e7b0b1cc424ccc4a8139e9f67aa98275fc9a26c2d167be6aafffd98d16e88fd286b997c43728316ff7d5c28ddf497251dc89f46c900d857da3de18bf48f19693b4c8c96fdfa631f21e0cda98133164d63a6d5410256d4aa3305abba89fbbdf78e562b3466630d4e535913e39be2a4c4919049 >| | | Ni, Nr Payload >| | | | Next Payload = 41 (N) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 20 (0x14) >| | | | Nonce Data = bb9f6acdb630327cf73b521a5491df40 >| | | N Payload >| | | | Next Payload = 41 (N) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 28 (0x1c) >| | | | Protocol ID = 0 (no relation) >| | | | SPI Size = 0 >| | | | Notify Message Type = 16388 (NAT_DETECTION_SOURCE_IP) >| | | | Notification Data = 1d595e1f3bc371d059523dbee66a58479de33e6d,40 >| | | N Payload >| | | | Next Payload = 0 (0) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 28 (0x1c) >| | | | Protocol ID = 0 (no relation) >| | | | SPI Size = 0 >| | | | Notify Message Type = 16389 (NAT_DETECTION_DESTINATION_IP) >| | | | Notification Data = b0c836edf503b3365d650c9e34b51a52d71336c0,40 ></pre> ></div> ><hr> > ><A NAME="koiPacketDump2"></A><A HREF="#koiPacket2">packet #2 at 13:34:06</A> ><div id="koiPacketInfo2"> ><pre>IP Packet >| IP Header >| | Version = 6 >| | Source Address = 2001:db8:f:1::1 >| | Destination Address = 2001:db8:1:1::1234 >| UDP Header >| | Source Port = 500 >| | Destination Port = 500 >| Internet Security Association and Key Management Protocol Payload >| | IKE Header >| | | IKE_SA Initiator's SPI = a0bcca2528dd9158 >| | | IKE_SA Responder's SPI = b701582fadf119af >| | | Next Payload = 33 (SA) >| | | Major Version = 2 >| | | Minor Version = 0 >| | | Exchange Type = 34 (IKE_SA_INIT) >| | | Flags = 32 (0b00100000) >| | | | Reserved (XX000000) = 0 >| | | | Response (00R00000) = 1 >| | | | Version (000V0000) = 0 >| | | | Initiator (0000I000) = 0 >| | | | Reserved (00000XXX) = 0 >| | | Message ID = 0 (0x0) >| | | Length = 266 (0x10a) >| | | SA Payload >| | | | Next Payload = 34 (KE) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 44 (0x2c) >| | | | Proposal #1 >| | | | | Next Payload = 0 (last) >| | | | | RESERVED = 0 >| | | | | Proposal Length = 40 >| | | | | Proposal # = 1 >| | | | | Proposal ID = IKE >| | | | | SPI Size = 0 >| | | | | # of Transforms = 4 >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 1 (ENCR) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 3 (3DES) >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 2 (PRF) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (HMAC_SHA1) >| | | | | Transfrom >| | | | | | Next Payload = 3 (Transform) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 3 (INTEG) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (HMAC_SHA1_96) >| | | | | Transfrom >| | | | | | Next Payload = 0 (last) >| | | | | | RESERVED = 0 >| | | | | | Transform Length = 8 >| | | | | | Transform Type = 4 (D-H) >| | | | | | RESERVED = 0 >| | | | | | Transform ID = 2 (1024 MODP Group) >| | | KE Payload >| | | | Next Payload = 40 (Ni, Nr) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 136 (0x88) >| | | | DH Group # = 2 >| | | | RESERVED = 0 >| | | | Key Exchange Data = 0xd02835681069f07665e63fb8d7ff62adb352b43346af4d8e62701716682b9f41dce8c3e77191f2fb3202eed216a15ff33b2377876ba630007cc686d8a789090db03bdc7c8fe891801daf44f85e483f8cb97635af2c0a79fc93a0de11709fb1d9b60ebf16fb98f2dfe0a4a887dbf2bdbdfaf6cba82d141192fc0cd4aedf596e52 >| | | Ni, Nr Payload >| | | | Next Payload = 0 (0) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 58 (0x3a) >| | | | Nonce Data = 95708e5459bdf506bda6c9f3fde565a167289726dfbacfb29a9b8ed6bc2d5d7ccadefa5791371830c2f2d070748adbd90dd67ebd3a6c ></pre> ></div> ><hr> > ><A NAME="koiPacketDump3"></A><A HREF="#koiPacket3">packet #3 at 13:34:06</A> ><div id="koiPacketInfo3"> ><pre>IP Packet >| IP Header >| | Version = 6 >| | Source Address = 2001:db8:1:1::1234 >| | Destination Address = 2001:db8:f:1::1 >| UDP Header >| | Source Port = 500 >| | Destination Port = 500 >| Internet Security Association and Key Management Protocol Payload >| | IKE Header >| | | IKE_SA Initiator's SPI = a0bcca2528dd9158 >| | | IKE_SA Responder's SPI = b701582fadf119af >| | | Next Payload = 46 (E) >| | | Major Version = 2 >| | | Minor Version = 0 >| | | Exchange Type = 35 (IKE_AUTH) >| | | Flags = 8 (0b00001000) >| | | | Reserved (XX000000) = 0 >| | | | Response (00R00000) = 0 >| | | | Version (000V0000) = 0 >| | | | Initiator (0000I000) = 1 >| | | | Reserved (00000XXX) = 0 >| | | Message ID = 1 (0x1) >| | | Length = 252 (0xfc) >| | | E Payload >| | | | Next Payload = 35 (IDi) >| | | | Critical = 0 >| | | | Reserved = 0 >| | | | Payload Length = 224 (0xe0) >| | | | Initialization Vector = c4457863c9be0e64 >| | | | Encrypted IKE Payloads >| | | | | IDi Payload >| | | | | | Next Payload = 39 (AUTH) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 24 (0x18) >| | | | | | ID Type = 5 (IPV6_ADDR) >| | | | | | RESERVED = 0 >| | | | | | Identification Data = 20010db8000100010000000000001234 (2001:db8:1:1::1234) >| | | | | AUTH Payload >| | | | | | Next Payload = 33 (SA) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 28 (0x1c) >| | | | | | Auth Method = 2 (SK_MIC) >| | | | | | RESERVED = 0 >| | | | | | Authentication Data = 458d703ffd438212918d2f198dc5c5dc8571ef68 >| | | | | SA Payload >| | | | | | Next Payload = 44 (TSi) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 40 (0x28) >| | | | | | Proposal #1 >| | | | | | | Next Payload = 0 (last) >| | | | | | | RESERVED = 0 >| | | | | | | Proposal Length = 36 >| | | | | | | Proposal # = 1 >| | | | | | | Proposal ID = ESP >| | | | | | | SPI Size = 4 >| | | | | | | # of Transforms = 3 >| | | | | | | SPI = 268a01bf >| | | | | | | Transfrom >| | | | | | | | Next Payload = 3 (Transform) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform Length = 8 >| | | | | | | | Transform Type = 1 (ENCR) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform ID = 3 (3DES) >| | | | | | | Transfrom >| | | | | | | | Next Payload = 3 (Transform) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform Length = 8 >| | | | | | | | Transform Type = 3 (INTEG) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform ID = 2 (HMAC_SHA1_96) >| | | | | | | Transfrom >| | | | | | | | Next Payload = 0 (last) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform Length = 8 >| | | | | | | | Transform Type = 5 (ESN) >| | | | | | | | RESERVED = 0 >| | | | | | | | Transform ID = 0 (No ESN) >| | | | | TSi Payload >| | | | | | Next Payload = 45 (TSr) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 48 (0x30) >| | | | | | Number of TSs = 1 >| | | | | | RESERVED = 0 >| | | | | | Traffic Selector >| | | | | | | TS Type = 8 (IPV6_ADDR_RANGE) >| | | | | | | IP Protocol ID = 0 (any) >| | | | | | | Selector Length = 40 >| | | | | | | Start Port = 0 >| | | | | | | End Port = 65535 >| | | | | | | Starting Address = 20010db8000100010000000000001234 >| | | | | | | Ending Address = 20010db8000100010000000000001234 >| | | | | TSr Payload >| | | | | | Next Payload = 41 (N) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 48 (0x30) >| | | | | | Number of TSs = 1 >| | | | | | RESERVED = 0 >| | | | | | Traffic Selector >| | | | | | | TS Type = 8 (IPV6_ADDR_RANGE) >| | | | | | | IP Protocol ID = 0 (any) >| | | | | | | Selector Length = 40 >| | | | | | | Start Port = 0 >| | | | | | | End Port = 65535 >| | | | | | | Starting Address = 20010db8000f00010000000000000001 >| | | | | | | Ending Address = 20010db8000f00010000000000000001 >| | | | | N Payload >| | | | | | Next Payload = 0 (0) >| | | | | | Critical = 0 >| | | | | | Reserved = 0 >| | | | | | Payload Length = 8 (0x8) >| | | | | | Protocol ID = 0 (no relation) >| | | | | | SPI Size = 0 >| | | | | | Notify Message Type = 16391 (USE_TRANSPORT_MODE) >| | | | Integrity Checksum Data = 8745110fb4a83a64be69b239 ></pre> ></div> ><hr> > ></UL> > ></BODY> ></HTML> ><!-- 142ae69553b977bbcc14f928f642b1de --> ><!-- 79e661dc54221d1a8f0a5599aeed8f08 -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN""http://www.w3c.org/TR/REC-html40/strict.dtd"> <HTML> <HEAD> <TITLE>IPv6 Conformance Test Report</TITLE> <META NAME="GENERATOR" CONTENT="TAHI IPv6 Conformance Test Kit"> <script type="text/javascript"> var packets = new Array(); var POP_ID_PREFIX = "pop"; var PACKET_INFO_PREFIX = "koiPacketInfo"; var COLOR_BG = "#ffdddd"; var WINDOW_HEIGHT = 300; var WINDOW_WIDTH = 300; var OFFSET_HEIGHT = 5; var OFFSET_WIDTH = 20; var IE = false; var FF = false; var NN4 = false; if (document.all) { IE = true; } else if (document.getElementById) { FF = true; } else if (document.layers) { NN4 = true; } function popup(id, event) { var header, footer, pos_x, pos_y, str; if (NN4) { return; } header = '<div style="'; // header += 'width:' + WINDOW_WIDTH + ';'; header += 'background-color:' + COLOR_BG + ';'; header += 'border-width:3pt;'; header += 'border-style:solid;'; header += 'border-color:' + COLOR_BG + ';'; //header += 'padding:0;' //header += 'margin:0;'; header += '">'; footer = '</div>'; str = header; str += '<pre style="line-height:90%">'; str += getPacket(id); str += '</pre>'; str += footer; key = POP_ID_PREFIX + id; if (IE) { pos_x = document.body.scrollLeft+event.clientX; pos_y = document.body.scrollTop+event.clientY; document.all(key).style.pixelLeft = pos_x+OFFSET_WIDTH; document.all(key).style.pixelTop = pos_y+OFFSET_HEIGHT; document.all(key).innerHTML = str; document.all(key).style.visibility = 'visible'; } else if (FF) { pos_x = event.pageX; pos_y = event.pageY; document.getElementById(key).style.left = pos_x+OFFSET_WIDTH + 'px'; document.getElementById(key).style.top = pos_y+OFFSET_HEIGHT + 'px'; document.getElementById(key).innerHTML = str; document.getElementById(key).style.visibility = 'visible'; } else if (NN4) { pos_x = event.pageX; pos_y = event.pageY; document.layers[key].moveTo(pos_x+OFFSET_WIDTH, pos_y+OFFSET_HEIGHT); document.layers[key].document.open(); document.layers[key].document.write(str); document.layers[key].document.close(); document.layers[key].visibility = 'show'; } } function popdown(id) { key = POP_ID_PREFIX + id; if (IE) { document.all(key).style.visibility = "hidden"; } else if (FF) { document.getElementById(key).style.visibility = "hidden"; } else if (NN4) { document.layers[key].visibility = "hidden"; } } function getPacket(id) { if (packets[id]) { return packets[id]; } var str = getInnerHTML(PACKET_INFO_PREFIX + id); str = trimTag(str, 'pre'); packets[id] = str; return str; } function getInnerHTML(id) { if (IE) { return document.all(id).innerHTML; } else if (FF) { return document.getElementById(id).innerHTML; } } function trimTag(str, tagName) { var index = str.indexOf('<' + tagName); index = str.indexOf('>', index + 1); var lastIndex = str.lastIndexOf('</' + tagName + '>'); lastIndex = (lastIndex < 0) ? str.length : lastIndex; return str.substring(index + 1, lastIndex); } </script> </HEAD> <BODY BGCOLOR="#F0F0F0"> <H1>Test Information</H1> <TABLE BORDER=1> <TR><TD>Title</TD><TD>Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96</TD></TR> <TR><TD>CommandLine</TD><TD>./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq -pkt ./packets/EN-EN.def -v6eval -log 37.html -ti Test IKEv2.EN.I.1.1.6.2 Part D: Integrity Algorithm AUTH_AES_XCBC_96</TD></TR> <TR><TD>Script</TD><TD><A HREF="./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq">./1-EN-I/IKEv2-EN-I-1-1-6-2-D.seq</A></TD></TR> <TR><TD>Packet</TD><TD><A HREF="./packets/EN-EN.def">./packets/EN-EN.def</A></TD></TR> <TR><TD>TestVersion</TD><TD>REL_1_1_1</TD></TR> <TR><TD>ToolVersion</TD><TD>REL_2_2_0</TD></TR> <TR><TD>Start</TD><TD>2014/10/11 13:32:22</TD></TR> <TR><TD>Tn</TD><TD>/usr/local/koi//etc//tn.def</TD></TR> <TR><TD>Nu</TD><TD>/usr/local/koi//etc//nut.def</TD></TR> </TABLE> <HR><H1>Test Sequence Execution Log</H1> <TABLE BORDER=1> <TR><TD>13:32:22</TD><TD>Start</TD></TR> <TR><TD><br></TD><TD> <FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST SETUP</B></U></FONT><tr VALIGN="top"> <td></td> <td width="100%">initializing IKEv2 module ...</td> </tr> <tr VALIGN="top"> <td></td> <td width="100%">configuring Common Topology for End-Node: End-Node to End-Node ...</td> </tr> <tr VALIGN="top"> <td></td> <td width="100%">parsing ./config.pl ...</td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><TABLE BORDER><TR><TH BGCOLOR="#a8b5d8">key</TH><TH BGCOLOR="#a8b5d8">value</TH></TR><TR><TD>Link A prefix</TD><TD>2001:0db8:0001:0001</TD></TR><TR><TD>Link X prefix</TD><TD>2001:0db8:000f:0001</TD></TR><TR><TD>Link A link-local address (TR1)</TD><TD>fe80::f</TD></TR><TR><TD>Link A global address (NUT)</TD><TD>2001:0db8:0001:0001::1234</TD></TR><TR><TD>pre-shared key (TN)</TD><TD>IKETEST12345678!</TD></TR><TR><TD>pre-shared key (NUT)</TD><TD>IKETEST12345678!</TD></TR><TR><TD>IKE_SA Lifetime</TD><TD>64</TD></TR><TR><TD>CHILD_SA Lifetime</TD><TD>128</TD></TR><TR><TD>IKE_SA_INIT Request RetransTimer</TD><TD>41</TD></TR><TR><TD>IKE_AUTH Request RetransTimer</TD><TD>16</TD></TR><TR><TD>CREATE_CHILD_SA Request RetransTimer</TD><TD>16</TD></TR><TR><TD>INFORMATIONAL Request RetransTimer</TD><TD>16</TD></TR><TR><TD>Liveness Check Timer</TD><TD>32</TD></TR><TR><TD># of Half-Open IKE_SAs to contain N(COOKIE)</TD><TD>32</TD></TR></TABLE></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%">setting up TN ...</td> </tr> <TR VALIGN="top"> <TD>13:32:23</TD> <TD width="100%"> ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=1")<BR> <PRE>net.inet6.ip6.forwarding: 0 -> 1 </PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:23</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig -a")<BR> <PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> </PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:23</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:23</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:23</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 create")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:23</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 up")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:23</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:26</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig -a")<BR> <PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 inet6 fe80::f%em1 prefixlen 64 scopeid 0xa inet6 2001:db8:1:1::f prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 2001:db8:f:1::1 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> </PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:26</TD> <TD width="100%"> ikev2Local("/sbin/setkey -D")<BR> <PRE>No SAD entries. </PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:26</TD> <TD width="100%"> ikev2Local("/sbin/setkey -F")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:29</TD> <TD width="100%"> ikev2Local("/sbin/setkey -D")<BR> <PRE>No SAD entries. </PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:29</TD> <TD width="100%"> ikev2Local("/sbin/setkey -DP")<BR> <PRE>No SPD entries. </PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:29</TD> <TD width="100%"> ikev2Local("/sbin/setkey -FP")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:32:32</TD> <TD width="100%"> ikev2Local("/sbin/setkey -DP")<BR> <PRE>No SPD entries. </PRE></TD> </TR><tr VALIGN="top"> <td></td> <td width="100%">setting up NUT ...</td> </tr> </TD> </TR> <TR VALIGN="TOP"><TD>13:32:32</TD> <TD width="100%"> kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 valid_lft 76833sec preferred_lft 76833sec inet6 fe80::222:19ff:fe30:20d5/64 scope link valid_lft forever preferred_lft forever 3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 valid_lft forever preferred_lft forever inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c668/64 scope link valid_lft forever preferred_lft forever 4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c669/64 scope link valid_lft forever preferred_lft forever 5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN link/ipip 0.0.0.0 brd 0.0.0.0 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -f inet6 addr add 2001:0db8:0001:0001::1234/64 dev p6p1 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 valid_lft 76828sec preferred_lft 76828sec inet6 fe80::222:19ff:fe30:20d5/64 scope link valid_lft forever preferred_lft forever 3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 valid_lft forever preferred_lft forever inet6 2001:db8:1:1::1234/64 scope global valid_lft forever preferred_lft forever inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c668/64 scope link valid_lft forever preferred_lft forever 4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c669/64 scope link valid_lft forever preferred_lft forever 5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN link/ipip 0.0.0.0 brd 0.0.0.0 [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR VALIGN="TOP"><TD>13:32:54</TD> <TD width="100%"> kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p6p2 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6 p1 [root@dhcp12-166 ~]# sendMessagesSync: never got ip -6 route add 2001:0db8:000f:0001::/64 via fe80::f dev p6p1 [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p6p2 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR VALIGN="TOP"><TD>13:33:20</TD> <TD width="100%"> kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ipsec setup stop Redirecting to: systemctl stop ipsec.service [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR VALIGN="TOP"><TD>13:33:40</TD> <TD width="100%"> kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt ikev2.addresspool.0.eaddr= ikev2.addresspool.0.saddr= ikev2.addresspool.num=1 ikev2.interface.ike.0.address=2001:0db8:0001:0001::1234 ikev2.interface.ike.0.port=500 ikev2.interface.ike.num=1 ikev2.ipsec.0.ext_sequence=off ikev2.ipsec.0.ipsec_index=common_ipsec_index ikev2.ipsec.0.ipsec_sa_lifetime_time=128 ikev2.ipsec.0.sa_index.0=common_sa_index ikev2.ipsec.0.sa_index.num=1 ikev2.ipsec.num=1 ikev2.policy.0.ipsec_index.0=common_ipsec_index ikev2.policy.0.ipsec_index.num=1 ikev2.policy.0.ipsec_mode=transport ikev2.policy.0.policy_index=common_policy_index ikev2.policy.0.remote_index=common_remote_index ikev2.policy.num=1 ikev2.remote.0.ikev2.initial_contact.initial_contact=off ikev2.remote.0.ikev2.kmp_auth_method.0=psk ikev2.remote.0.ikev2.kmp_auth_method.num=1 ikev2.remote.0.ikev2.kmp_dh_group.0=modp1024 ikev2.remote.0.ikev2.kmp_dh_group.num=1 ikev2.remote.0.ikev2.kmp_enc_alg.0=3des_cbc ikev2.remote.0.ikev2.kmp_enc_alg.num=1 ikev2.remote.0.ikev2.kmp_hash_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_hash_alg.num=1 ikev2.remote.0.ikev2.kmp_prf_alg.0=hmac_sha1 ikev2.remote.0.ikev2.kmp_prf_alg.num=1 ikev2.remote.0.ikev2.kmp_sa_lifetime_time=64 ikev2.remote.0.ikev2.my_id.fqdn.num=0 ikev2.remote.0.ikev2.my_id.ipaddr.0=2001:0db8:0001:0001::1234 ikev2.remote.0.ikev2.my_id.ipaddr.num=1 ikev2.remote.0.ikev2.my_id.keyid.num=0 ikev2.remote.0.ikev2.my_id.rfc822addr.num=0 ikev2.remote.0.ikev2.need_pfs=off ikev2.remote.0.ikev2.peers_id.fqdn.num=0 ikev2.remote.0.ikev2.peers_id.ipaddr.0=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_id.ipaddr.num=1 ikev2.remote.0.ikev2.peers_id.keyid.num=0 ikev2.remote.0.ikev2.peers_id.rfc822addr.num=0 ikev2.remote.0.ikev2.peers_ipaddr.address=2001:0db8:000f:0001::1 ikev2.remote.0.ikev2.peers_ipaddr.port=500 ikev2.remote.0.ikev2.pre_shared_key.local=IKETEST12345678! ikev2.remote.0.ikev2.pre_shared_key.remote=IKETEST12345678! ikev2.remote.0.ikev2.send_cert_req.send_cert_req=on ikev2.remote.0.remote_index=common_remote_index ikev2.remote.num=1 ikev2.sa.0.esp_auth_alg.0=aes_xcbc ikev2.sa.0.esp_auth_alg.num=1 ikev2.sa.0.esp_enc_alg.0=3des_cbc ikev2.sa.0.esp_enc_alg.num=1 ikev2.sa.0.sa_index=common_sa_index ikev2.sa.0.sa_protocol=esp ikev2.sa.num=1 ikev2.selector.0.direction=outbound ikev2.selector.0.dst.address=2001:0db8:000f:0001::1 ikev2.selector.0.dst.address_family=inet6 ikev2.selector.0.policy_index=common_policy_index ikev2.selector.0.selector_index=common_selector_index_outbound ikev2.selector.0.src.address=2001:0db8:0001:0001::1234 ikev2.selector.0.src.address_family=inet6 ikev2.selector.0.upper_layer_protocol.protocol=any ikev2.selector.1.direction=inbound ikev2.selector.1.dst.address=2001:0db8:0001:0001::1234 ikev2.selector.1.dst.address_family=inet6 ikev2.selector.1.policy_index=common_policy_index ikev2.selector.1.selector_index=common_selector_index_inbound ikev2.selector.1.src.address=2001:0db8:000f:0001::1 ikev2.selector.1.src.address_family=inet6 ikev2.selector.1.upper_layer_protocol.protocol=any ikev2.selector.num=2 <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# rpm -q libreswan libreswan-3.10-2.el7.x86_64 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# cat > /etc/ipsec.secrets << EOF > %any %any : PSK 'IKETEST12345678!' > EOF [root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets 1 %any %any : PSK 'IKETEST12345678!' [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# cat -n /etc/ipsec.secrets 1 %any %any : PSK 'IKETEST12345678!' [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.secrets [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.secrets [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ls -l /etc/ipsec.secrets -rw-------. 1 root wheel 35 Oct 11 21:22 /etc/ipsec.secrets [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# cat > /etc/ipsec.conf << EOF > config setup > protostack=netkey > plutostderrlog="/tmp/pluto.log" > klipsdebug=verbose > conn ikev2 > left=2001:0db8:0001:0001::1234 > right=2001:0db8:000f:0001::1 > leftid=2001:0db8:0001:0001::1234 > rightid=2001:0db8:000f:0001::1 > type=transport > auto=start > connaddrfamily=ipv6 > authby=secret > phase2=esp > phase2alg=3des-sha1 > ike=3des-sha1;modp1024 > ikev2=insist > EOF [root@dhcp12-166 ~]# cat -n /etc/ipsec.conf 1 config setup 2 protostack=netkey 3 plutostderrlog="/tmp/pluto.log" 4 klipsdebug=verbose 5 conn ikev2 6 left=2001:0db8:0001:0001::1234 7 right=2001:0db8:000f:0001::1 8 leftid=2001:0db8:0001:0001::1234 9 rightid=2001:0db8:000f:0001::1 10 type=transport 11 auto=start 12 connaddrfamily=ipv6 13 authby=secret 14 phase2=esp 15 phase2alg=3des-sha1 16 ike=3des-sha1;modp1024 17 ikev2=insist [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# echo > /tmp/pluto.log [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# chown root:wheel /etc/ipsec.conf [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# chmod 0600 /etc/ipsec.conf [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ls -l /etc/ipsec.conf -rw-------. 1 root wheel 464 Oct 11 21:22 /etc/ipsec.conf [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ipsec setup start Redirecting to: systemctl start ipsec.service [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR><TD><br></TD><TD> <FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST PROCEDURE</B></U></FONT><FONT COLOR="#000000" SIZE="+1"><U><B>Part D: Integrity Algorithm AUTH_AES_XCBC_96.</B></U></FONT><PRE> (I) (R) NUT TN1 | | |-------------->| IKE_SA_INIT request (HDR, SAi1, KEi, Ni) | | V V</PRE><TR VALIGN="TOP"> <TD>13:34:05</TD><TD> Clear Buffer<BR> done<BR> </TD> </TR> <TR VALIGN="TOP"><TD>13:34:05</TD> <TD width="100%"> kRemoteAsync(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate''<br> kRemoteAsync()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt selector.direction=outbound selector.dst.address=2001:0db8:000f:0001::1 selector.dst.address_family=inet6 selector.policy_index=common_policy_index selector.selector_index=common_selector_index_outbound selector.src.address=2001:0db8:0001:0001::1234 selector.src.address_family=inet6 selector.upper_layer_protocol.protocol=any target=2001:0db8:000f:0001::1 operation=initiate<br> <A NAME="kRemoteAsync4346"></A> <A HREF="#kRemoteAsyncWait4346">Link to remote control log</A> </TD> </TR> <TR VALIGN="TOP"> <TD>13:34:05</TD><TD> Listen<br> SrcAddr:2001:0db8:000f:0001::1 SrcPort:500<br> done<BR> listening at SocketID:3<br> </TD> </TR> <TR VALIGN="TOP"> <TD>13:34:05</TD><TD> Receive<BR> SrcAddr:2001:db8:1:1::1234 SrcPort:500<br> DstAddr:2001:db8:f:1::1 DstPort:500<br> done<BR> received from SocketID:4<br> <A NAME="koiPacket1"></A> <A HREF="#koiPacketDump1" onmouseover="popup(1,event);"onmouseout="popdown(1);">receive packet #1</A> <div id="pop1" style="position:absolute; visibility:hidden;"></div> <BR> </TD> </TR> <tr VALIGN="top"> <td></td> <td width="100%"><pre>Compare the received packet with packets('common_remote_index')</pre></td> </tr> <TR VALIGN="top"> <TD></TD><TD><B>Payload Order (HDR, SA(P(T, T, T, T)), KE, Ni, Nr, N, N)</B></TD></TR><tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>IKE Header</b> <b>OK</b> initSPI: (received: a0bcca2528dd9158, expected: 0000000000000000, comp: ne) <b>OK</b> respSPI: (received: 0000000000000000, expected: 0000000000000000, comp: eq) <b>OK</b> nexttype: (received: SA, expected: SA, comp: eq) <b>OK</b> major: (received: 2, expected: 2, comp: eq) <b>OK</b> minor: (received: 0, expected: 0, comp: eq) <b>OK</b> exchType: (received: IKE_SA_INIT, expected: IKE_SA_INIT, comp: eq) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> initiator: (received: 1, expected: 1, comp: eq) <b>OK</b> higher: (received: 0, expected: 0, comp: eq) <b>OK</b> response: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> messID: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 284, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Security Association Payload</b> <b>OK</b> nexttype: (received: KE, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 44, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>SA Proposal Comparison</b> <b>OK</b> ENCR: (received:ENCR_3DES, expected:ENCR_3DES) <b>OK</b> PRF: (received:PRF_HMAC_SHA1, expected:PRF_HMAC_SHA1) <b>OK</b> INTEG: (received:INTEG_HMAC_SHA1_96, expected:INTEG_HMAC_SHA1_96) <b>OK</b> D-H: (received:D-H_1024 MODP Group, expected:D-H_1024 MODP Group) <b>OK</b> ESN: (received:, expected:) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Proposal Substructure</b> <b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> proposalLen: (received: 40, expected: any, comp: already checked) <b>OK</b> number: (received: 1, expected: 1, comp: eq) <b>OK</b> id: (received: IKE, expected: IKE, comp: eq) <b>OK</b> spiSize: (received: 0, expected: 0, comp: eq) <b>OK</b> transformCount: (received: 4, expected: 4, comp: eq) <b>OK</b> spi: (received: , expected: , comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: ENCR, expected: ENCR, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: 3DES, expected: 3DES, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: PRF, expected: PRF, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: HMAC_SHA1, expected: HMAC_SHA1, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: INTEG, expected: INTEG, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: HMAC_SHA1_96, expected: HMAC_SHA1_96, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: D-H, expected: D-H, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: 1024 MODP Group, expected: 1024 MODP Group, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Key Exchange Payload</b> <b>OK</b> nexttype: (received: Ni, Nr, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 136, expected: any, comp: already checked) <b>OK</b> group: (received: 2, expected: 2, comp: eq) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> publicKey: (received: 48442990136236040419443674541332750551947726743426439022343477744166582052577501892602807134302894010164333660457870928822507975898099317000468828967833643210070120979804458437749121834851714072849186295926942716782059299010976356326694864502532479824474513717153152894396350409458178827038026398065063202889, expected: any, comp: any) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Nonce Payload</b> <b>OK</b> nexttype: (received: N, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 20, expected: (20, 260), comp: range) <b>OK</b> nonce: (received: 249393376645862146977564050628493303616, expected: any, comp: any) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><b>Match with packet('common_remote_index')</b></td> </tr> <TR><TD><br></TD><TD> <PRE> (I) (R) NUT TN1 | | |<--------------| IKE_SA_INIT response (HDR, SAr1, KEr, Nr) | | V V</PRE><TR VALIGN="TOP"> <TD>13:34:06</TD><TD> Clear Buffer<BR> done<BR> </TD> </TR> <TR VALIGN="TOP"> <TD>13:34:06</TD><TD> Send<BR> done<BR> sent to SocketID:4<br> <A NAME="koiPacket2"></A> <A HREF="#koiPacketDump2" onmouseover="popup(2,event);"onmouseout="popdown(2);">send packet #2</A> <div id="pop2" style="position:absolute; visibility:hidden;"></div> <BR> </TD> </TR> <tr VALIGN="top"> <td></td> <td width="100%"><TABLE BORDER><TR><TH BGCOLOR="#a8b5d8">key</TH><TH BGCOLOR="#a8b5d8">value</TH></TR><TR><TD>g^i</TD><TD>44fc3006cd067dfab0a7ca04c95e7b0b1cc424ccc4a8139e9f67aa98275fc9a26c2d167be6aafffd98d16e88fd286b997c43728316ff7d5c28ddf497251dc89f46c900d857da3de18bf48f19693b4c8c96fdfa631f21e0cda98133164d63a6d5410256d4aa3305abba89fbbdf78e562b3466630d4e535913e39be2a4c4919049</TD></TR><TR><TD>g^r</TD><TD>d02835681069f07665e63fb8d7ff62adb352b43346af4d8e62701716682b9f41dce8c3e77191f2fb3202eed216a15ff33b2377876ba630007cc686d8a789090db03bdc7c8fe891801daf44f85e483f8cb97635af2c0a79fc93a0de11709fb1d9b60ebf16fb98f2dfe0a4a887dbf2bdbdfaf6cba82d141192fc0cd4aedf596e52</TD></TR><TR><TD>g^ir</TD><TD>881a793335d59b0cca607ab0941ad500f909282e81ced16a7ff4c7f38905e1963e70dc7012afbf5ed266db646a5c06d862711f604075c977412c45f673413eb429c35257fcb87d98e8789dfb2222f6e807a365b702ff67df133d9f379df9c82ec6e56ad7c7f25e0560fec05656205372aa67714a242ab3b7c487e05d0c0b12ac</TD></TR><TR><TD>Ni</TD><TD>bb9f6acdb630327cf73b521a5491df40</TD></TR><TR><TD>Nr</TD><TD>95708e5459bdf506bda6c9f3fde565a167289726dfbacfb29a9b8ed6bc2d5d7ccadefa5791371830c2f2d070748adbd90dd67ebd3a6c</TD></TR><TR><TD>SPIi</TD><TD>a0bcca2528dd9158</TD></TR><TR><TD>SPIr</TD><TD>b701582fadf119af</TD></TR><TR><TD>IKEv2 Transform Type 1 Algorithms</TD><TD>3DES</TD></TR><TR><TD>IKEv2 Transform Type 2 Algorithms</TD><TD>HMAC_SHA1</TD></TR><TR><TD>IKEv2 Transform Type 3 Algorithms</TD><TD>HMAC_SHA1_96</TD></TR></TABLE></td> </tr> <TR><TD><br></TD><TD> <PRE> (I) (R) NUT TN1 | | |-------------->| IKE_AUTH request (HDR, SK {IDi, AUTH, N(USE_TRANSPORT_MODE), SAi2, TSi, TSr}) | | V V</PRE><TR VALIGN="TOP"> <TD>13:34:06</TD><TD> Receive<BR> SrcAddr:2001:db8:1:1::1234 SrcPort:500<br> DstAddr:2001:db8:f:1::1 DstPort:500<br> done<BR> received from SocketID:4<br> <A NAME="koiPacket3"></A> <A HREF="#koiPacketDump3" onmouseover="popup(3,event);"onmouseout="popdown(3);">receive packet #3</A> <div id="pop3" style="position:absolute; visibility:hidden;"></div> <BR> </TD> </TR> <tr VALIGN="top"> <td></td> <td width="100%"><pre><b>Check Authentication: OK</b> expected(458d703ffd438212918d2f198dc5c5dc8571ef68) received(458d703ffd438212918d2f198dc5c5dc8571ef68)</pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%">Compare the received packet with packets('EN-I-1-1-6-2.D.1')</td> </tr> <TR VALIGN="top"> <TD></TD><TD><B>Payload Order (HDR, E(IDi, AUTH, SA(P(T, T, T)), TSi(TS), TSr(TS), N))</B></TD></TR><tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>IKE Header</b> <b>OK</b> initSPI: (received: a0bcca2528dd9158, expected: a0bcca2528dd9158, comp: eq) <b>OK</b> respSPI: (received: b701582fadf119af, expected: b701582fadf119af, comp: eq) <b>OK</b> nexttype: (received: E, expected: E, comp: eq) <b>OK</b> major: (received: 2, expected: 2, comp: eq) <b>OK</b> minor: (received: 0, expected: 0, comp: eq) <b>OK</b> exchType: (received: IKE_AUTH, expected: IKE_AUTH, comp: eq) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> initiator: (received: 1, expected: 1, comp: eq) <b>OK</b> higher: (received: 0, expected: 0, comp: eq) <b>OK</b> response: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> messID: (received: 1, expected: 1, comp: eq) <b>OK</b> length: (received: 252, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Encrypted Payload</b> <b>OK</b> innerType: (received: IDi, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 28, expected: any, comp: already checked) <b>OK</b> iv: (received: C4457863 C9BE0E64, expected: any, comp: already checked) <b>OK</b> checksum: (received: 8745110F B4A83A64 BE69B239, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Identification Payload - Initiator</b> <b>OK</b> nexttype: (received: AUTH, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 24, expected: any, comp: already checked) <b>OK</b> type: (received: IPV6_ADDR, expected: IPV6_ADDR, comp: eq) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> value: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Authentication Payload</b> <b>OK</b> nexttype: (received: SA, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 28, expected: any, comp: already checked) <b>OK</b> method: (received: SK_MIC, expected: SK_MIC, comp: eq) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> data: (received: 458d703ffd438212918d2f198dc5c5dc8571ef68, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Notify Payload</b> <b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 8, expected: any, comp: already checked) <b>OK</b> id: (received: 0, expected: 0, comp: eq) <b>OK</b> spiSize: (received: 0, expected: 0, comp: eq) <b>OK</b> type: (received: USE_TRANSPORT_MODE, expected: USE_TRANSPORT_MODE, comp: eq) <b>OK</b> spi: (received: , expected: , comp: eq) <b>OK</b> data: (received: , expected: , comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Security Association Payload</b> <b>OK</b> nexttype: (received: TSi, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 40, expected: any, comp: already checked) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>SA Proposal Comparison</b> <b>OK</b> ENCR: (received:ENCR_3DES, expected:ENCR_3DES) <b>OK</b> PRF: (received:, expected:) <font color='#ff0000'><b>NG</b></font> INTEG: (received:INTEG_HMAC_SHA1_96, expected:INTEG_AES_XCBC_96) <b>OK</b> D-H: (received:, expected:) <b>OK</b> ESN: (received:ESN_No ESN, expected:ESN_No ESN) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <font color='#ff0000'><b>NG</b></font> The number of matched SA Proposals is not enough. </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Proposal Substructure</b> <b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> proposalLen: (received: 36, expected: any, comp: already checked) <b>OK</b> number: (received: 1, expected: 1, comp: eq) <b>OK</b> id: (received: ESP, expected: ESP, comp: eq) <b>OK</b> spiSize: (received: 4, expected: 4, comp: eq) <b>OK</b> transformCount: (received: 3, expected: 3, comp: eq) <b>OK</b> spi: (received: 268a01bf, expected: any, comp: any) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 3, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: ENCR, expected: ENCR, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: 3DES, expected: 3DES, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Transform Substructure</b> <b>OK</b> nexttype: (received: 0, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) <b>OK</b> transformLen: (received: 8, expected: any, comp: already checked) <b>OK</b> type: (received: ESN, expected: ESN, comp: eq) <b>OK</b> reserved2: (received: 0, expected: 0, comp: eq) <b>OK</b> id: (received: No ESN, expected: No ESN, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Traffic Selector Payload - Initiator</b> <b>OK</b> nexttype: (received: TSr, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 48, expected: any, comp: already checked) <b>OK</b> count: (received: 1, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Traffic Selector</b> <b>OK</b> type: (received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq) <b>OK</b> protocol: (received: 0, expected: 0, comp: eq) <b>OK</b> selectorLen: (received: 40, expected: any, comp: already checked) <b>OK</b> sport: (received: 0, expected: 0, comp: eq) <b>OK</b> eport: (received: 65535, expected: 65535, comp: eq) <b>OK</b> saddr: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) <b>OK</b> eaddr: (received: 20010DB8 00010001 00000000 00001234, expected: 20010DB8 00010001 00000000 00001234, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Traffic Selector Payload - Responder</b> <b>OK</b> nexttype: (received: N, expected: any, comp: already checked) <b>OK</b> critical: (received: 0, expected: 0, comp: eq) <b>OK</b> reserved: (received: 0, expected: 0, comp: eq) <b>OK</b> length: (received: 48, expected: any, comp: already checked) <b>OK</b> count: (received: 1, expected: any, comp: already checked) <b>OK</b> reserved1: (received: 0, expected: 0, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><pre> <b>Traffic Selector</b> <b>OK</b> type: (received: IPV6_ADDR_RANGE, expected: IPV6_ADDR_RANGE, comp: eq) <b>OK</b> protocol: (received: 0, expected: 0, comp: eq) <b>OK</b> selectorLen: (received: 40, expected: any, comp: already checked) <b>OK</b> sport: (received: 0, expected: 0, comp: eq) <b>OK</b> eport: (received: 65535, expected: 65535, comp: eq) <b>OK</b> saddr: (received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq) <b>OK</b> eaddr: (received: 20010DB8 000F0001 00000000 00000001, expected: 20010DB8 000F0001 00000000 00000001, comp: eq) </pre></td> </tr> <tr VALIGN="top"> <td></td> <td width="100%"><b>Not match with packet('EN-I-1-1-6-2.D.1')</b></td> </tr> <TR><TD><br></TD><TD> <FONT COLOR="#ff0000">Can't observe IKE_AUTH request.</FONT><tr VALIGN="top"> <td></td> <td width="100%"><FONT COLOR="#FF0000" SIZE="+1"><U><B>TEST CLEANUP</B></U></FONT></td> </tr> </TD> </TR> <TR VALIGN="TOP"><TD>13:34:06</TD> <TD> kRemoteAsyncWait() <PRE><A NAME="kRemoteAsyncWait4346"></A> <A HREF="#kRemoteAsync4346">Link to remote control start point</A> DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ping6 -n -c 1 2001:0db8:000f:0001::1 PING 2001:0db8:000f:0001::1(2001:db8:f:1::1) 56 data bytes 64 bytes from 2001:db8:f:1::1: icmp_seq=1 ttl=64 time=0.185 ms --- 2001:0db8:000f:0001::1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.185/0.185/0.185/0.000 ms [root@dhcp12-166 ~]# </PRE> </TD></TR> <tr VALIGN="top"> <td></td> <td width="100%">cleaning up NUT ...</td> </tr> <TR VALIGN="TOP"><TD>13:34:25</TD> <TD width="100%"> kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=stop <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list src 2001:db8:f:1::1 dst 2001:db8:1:1::1234 proto esp spi 0x268a01bf reqid 16385 mode tunnel replay-window 0 sel src 2001:db8:f:1::1/128 dst 2001:db8:1:1::1234/128 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ipsec setup stop Redirecting to: systemctl stop ipsec.service [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm state list [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip xfrm policy list [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR VALIGN="TOP"><TD>13:34:46</TD> <TD width="100%"> kRemote(ikev2.rmt) ``/usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=cat_log''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ikev2.rmt operation=cat_log <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# cat /tmp/pluto.log nss directory plutomain: /etc/ipsec.d NSS Initialized libcap-ng support [enabled] FIPS HMAC integrity verification test passed FIPS: pluto daemon NOT running in FIPS mode Linux audit support [disabled] Starting Pluto (Libreswan Version 3.10 XFRM(netkey) KLIPS NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER KLIPS_MAST CURL(non-NSS) LDAP(non-NSS)) pid:21460 core dump dir: /var/run/pluto secrets file: /etc/ipsec.secrets leak-detective disabled SAref support [disabled]: Protocol not available SAbind support [disabled]: Protocol not available NSS crypto [enabled] XAUTH PAM support [enabled] NAT-Traversal support [enabled] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) ike_alg_register_hash(): Activating OAKLEY_SHA2_384: Ok (ret=0) ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) starting up 3 crypto helpers started thread for crypto helper 0 (master fd 7) started thread for crypto helper 1 (master fd 9) started thread for crypto helper 2 (master fd 11) Using Linux XFRM/NETKEY IPsec interface code on 3.10.0-175.el7.x86_64 ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0) Warning: failed to register algo_aes_ccm_8 for IKE ike_alg_register_enc(): Activating aes_ccm_12: Ok (ret=0) Warning: failed to register algo_aes_ccm_12 for IKE ike_alg_register_enc(): Activating aes_ccm_16: Ok (ret=0) Warning: failed to register algo_aes_ccm_16 for IKE ike_alg_register_enc(): Activating aes_gcm_8: Ok (ret=0) Warning: failed to register algo_aes_gcm_8 for IKE ike_alg_register_enc(): Activating aes_gcm_12: Ok (ret=0) Warning: failed to register algo_aes_gcm_12 for IKE ike_alg_register_enc(): Activating aes_gcm_16: Ok (ret=0) Warning: failed to register algo_aes_gcm_16 for IKE loading CA cert file 'cacert.pem' (956 bytes) loading crl file 'crl.pem' (483 bytes) | selinux support is enabled. | entering aalg_getbyname_ike() added connection description "ikev2" listening for IKE messages adding interface p6p1/p6p1 192.168.0.10:500 adding interface p6p1/p6p1 192.168.0.10:4500 adding interface p7p1/p7p1 10.66.13.22:500 adding interface p7p1/p7p1 10.66.13.22:4500 adding interface lo/lo 127.0.0.1:500 adding interface lo/lo 127.0.0.1:4500 adding interface p6p1/p6p1 2001:db8:1:1::1234:500 adding interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500 adding interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500 adding interface lo/lo ::1:500 loading secrets from "/etc/ipsec.secrets" "ikev2" #1: initiating v2 parent SA | natd_hash: Warning, rcookie is zero !! | natd_hash: Warning, rcookie is zero !! "ikev2" #1: transition from state STATE_IKEv2_START to state STATE_PARENT_I1 "ikev2" #1: STATE_PARENT_I1: sent v2I1, expected v2R1 | V2 microcode entry (initiate IKE_SA_INIT) has unspecified timeout_event | Initiator child policy is transport mode, sending v2N_USE_TRANSPORT_MODE "ikev2" #2: transition from state STATE_PARENT_I1 to state STATE_PARENT_I2 "ikev2" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=oakley_3des_cbc_192 integ=sha1_96 prf=sha group=MODP1024} | V2 microcode entry (Initiator: process IKE_SA_INIT reply, initiate IKE_AUTH) has unspecified timeout_event shutting down forgetting secrets "ikev2": deleting connection "ikev2" #2: deleting state (STATE_PARENT_I2) "ikev2" #1: deleting state (STATE_PARENT_I2) shutting down interface lo/lo ::1:500 shutting down interface p6p2/p6p2 3ffe:501:ffff:101:215:17ff:fe3c:c669:500 shutting down interface p6p1/p6p1 3ffe:501:ffff:100:215:17ff:fe3c:c668:500 shutting down interface p6p1/p6p1 2001:db8:1:1::1234:500 shutting down interface lo/lo 127.0.0.1:4500 shutting down interface lo/lo 127.0.0.1:500 shutting down interface p7p1/p7p1 10.66.13.22:4500 shutting down interface p7p1/p7p1 10.66.13.22:500 shutting down interface p6p1/p6p1 192.168.0.10:4500 shutting down interface p6p1/p6p1 192.168.0.10:500 [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR VALIGN="TOP"><TD>13:35:06</TD> <TD width="100%"> kRemote(route.rmt) ``/usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//route.rmt operation=delete route.0.address_family=inet6 route.0.gateway=fe80::f%p6p1 route.0.interface=p6p1 route.0.network=2001:0db8:000f:0001::/64 route.num=1 <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 2001:db8:f:1::1 via fe80::f dev p6p1 metric 0 cache 2001:db8:f:1::/64 via fe80::f dev p6p1 metric 1024 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p6p2 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route del 2001:0db8:000f:0001::/64 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -6 route show unreachable ::/96 dev lo metric 1024 error -101 unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101 2001:db8:1:1::/64 dev p6p1 proto kernel metric 256 unreachable 2002:a00::/24 dev lo metric 1024 error -101 unreachable 2002:7f00::/24 dev lo metric 1024 error -101 unreachable 2002:a9fe::/32 dev lo metric 1024 error -101 unreachable 2002:ac10::/28 dev lo metric 1024 error -101 unreachable 2002:c0a8::/32 dev lo metric 1024 error -101 unreachable 2002:e000::/19 dev lo metric 1024 error -101 3ffe:501:ffff:100::/64 dev p6p1 proto kernel metric 256 3ffe:501:ffff:101::/64 dev p6p2 proto kernel metric 256 unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101 fe80::/64 dev p6p1 proto kernel metric 256 fe80::/64 dev p6p2 proto kernel metric 256 fe80::/64 dev p7p1 proto kernel metric 256 [root@dhcp12-166 ~]# </PRE> </TD></TR> <TR VALIGN="TOP"><TD>13:35:27</TD> <TD width="100%"> kRemote(ifconfig.rmt) ``/usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1''<br> kRemote()... /usr/local/koi/bin/remotes/libreswan//ifconfig.rmt operation=delete ifconfig.address=2001:0db8:0001:0001::1234/64 ifconfig.address_family=inet6 ifconfig.interface=p6p1 <PRE>DEBUG : start kRemoteLogin Connected [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 valid_lft 76657sec preferred_lft 76657sec inet6 fe80::222:19ff:fe30:20d5/64 scope link valid_lft forever preferred_lft forever 3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 valid_lft forever preferred_lft forever inet6 2001:db8:1:1::1234/64 scope global valid_lft forever preferred_lft forever inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c668/64 scope link valid_lft forever preferred_lft forever 4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c669/64 scope link valid_lft forever preferred_lft forever 5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN link/ipip 0.0.0.0 brd 0.0.0.0 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip -f inet6 addr del 2001:0db8:0001:0001::1234/64 dev p6p1 [root@dhcp12-166 ~]# [root@dhcp12-166 ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: p7p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:22:19:30:20:d5 brd ff:ff:ff:ff:ff:ff inet 10.66.13.22/23 brd 10.66.13.255 scope global dynamic p7p1 valid_lft 76652sec preferred_lft 76652sec inet6 fe80::222:19ff:fe30:20d5/64 scope link valid_lft forever preferred_lft forever 3: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:68 brd ff:ff:ff:ff:ff:ff inet 192.168.0.10/24 brd 192.168.0.255 scope global p6p1 valid_lft forever preferred_lft forever inet6 3ffe:501:ffff:100:215:17ff:fe3c:c668/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c668/64 scope link valid_lft forever preferred_lft forever 4: p6p2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:15:17:3c:c6:69 brd ff:ff:ff:ff:ff:ff inet6 3ffe:501:ffff:101:215:17ff:fe3c:c669/64 scope global valid_lft forever preferred_lft forever inet6 fe80::215:17ff:fe3c:c669/64 scope link valid_lft forever preferred_lft forever 5: ip_vti0: <NOARP> mtu 1500 qdisc noop state DOWN link/ipip 0.0.0.0 brd 0.0.0.0 [root@dhcp12-166 ~]# </PRE> </TD></TR> <tr VALIGN="top"> <td></td> <td width="100%">cleaning up TN ...</td> </tr> <TR VALIGN="top"> <TD>13:35:50</TD> <TD width="100%"> ikev2Local("/sbin/sysctl -w net.inet6.ip6.forwarding=0")<BR> <PRE>net.inet6.ip6.forwarding: 1 -> 0 </PRE></TD> </TR><TR VALIGN="top"> <TD>13:35:50</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig -a")<BR> <PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 inet6 fe80::f%em1 prefixlen 64 scopeid 0xa inet6 2001:db8:1:1::f prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet6 2001:db8:f:1::1 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> </PRE></TD> </TR><TR VALIGN="top"> <TD>13:35:50</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 inet6 2001:0db8:000f:0001::1/64 delete")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:35:50</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 down")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:35:50</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig lo1 destroy")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:35:50</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig em1 inet6 2001:0db8:0001:0001::f/64 delete")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:35:50</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig em1 inet6 fe80::f%em1/64 delete")<BR> <PRE></PRE></TD> </TR><TR VALIGN="top"> <TD>13:35:53</TD> <TD width="100%"> ikev2Local("/sbin/ifconfig -a")<BR> <PRE>em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:23:ae:7a:6e:cc inet6 fe80::223:aeff:fe7a:6ecc%em0 prefixlen 64 scopeid 0x1 inet 10.66.13.78 netmask 0xfffffe00 broadcast 10.66.13.255 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:58:fa inet 192.168.0.20 netmask 0xffffff00 broadcast 192.168.0.255 inet6 fe80::21b:21ff:fe1c:58fa%em1 prefixlen 64 scopeid 0xa inet6 3ffe:501:ffff:100::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> ether 00:1b:21:1c:5d:d1 inet6 fe80::21b:21ff:fe1c:5dd1%em2 prefixlen 64 scopeid 0xb inet6 3ffe:501:ffff:101::20 prefixlen 64 nd6 options=3<PERFORMNUD,ACCEPT_RTADV> media: Ethernet autoselect (1000baseT <full-duplex>) status: active plip0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=3<RXCSUM,TXCSUM> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd nd6 options=3<PERFORMNUD,ACCEPT_RTADV> </PRE></TD> </TR><tr VALIGN="top"> <td></td> <td width="100%"><FONT COLOR="#ff0000">FAIL</FONT></td> </tr> </TABLE> <HR><H1>Packet Reverse Log</H1> <UL> <A NAME="koiPacketDump1"></A><A HREF="#koiPacket1">packet #1 at 13:34:06</A> <div id="koiPacketInfo1"> <pre>IP Packet | IP Header | | Version = 6 | | Source Address = 2001:db8:1:1::1234 | | Destination Address = 2001:db8:f:1::1 | UDP Header | | Source Port = 500 | | Destination Port = 500 | Internet Security Association and Key Management Protocol Payload | | IKE Header | | | IKE_SA Initiator's SPI = a0bcca2528dd9158 | | | IKE_SA Responder's SPI = 0000000000000000 | | | Next Payload = 33 (SA) | | | Major Version = 2 | | | Minor Version = 0 | | | Exchange Type = 34 (IKE_SA_INIT) | | | Flags = 8 (0b00001000) | | | | Reserved (XX000000) = 0 | | | | Response (00R00000) = 0 | | | | Version (000V0000) = 0 | | | | Initiator (0000I000) = 1 | | | | Reserved (00000XXX) = 0 | | | Message ID = 0 (0x0) | | | Length = 284 (0x11c) | | | SA Payload | | | | Next Payload = 34 (KE) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 44 (0x2c) | | | | Proposal #1 | | | | | Next Payload = 0 (last) | | | | | RESERVED = 0 | | | | | Proposal Length = 40 | | | | | Proposal # = 1 | | | | | Proposal ID = IKE | | | | | SPI Size = 0 | | | | | # of Transforms = 4 | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 1 (ENCR) | | | | | | RESERVED = 0 | | | | | | Transform ID = 3 (3DES) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 3 (INTEG) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1_96) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 2 (PRF) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1) | | | | | Transfrom | | | | | | Next Payload = 0 (last) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 4 (D-H) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (1024 MODP Group) | | | KE Payload | | | | Next Payload = 40 (Ni, Nr) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 136 (0x88) | | | | DH Group # = 2 | | | | RESERVED = 0 | | | | Key Exchange Data = 0x44fc3006cd067dfab0a7ca04c95e7b0b1cc424ccc4a8139e9f67aa98275fc9a26c2d167be6aafffd98d16e88fd286b997c43728316ff7d5c28ddf497251dc89f46c900d857da3de18bf48f19693b4c8c96fdfa631f21e0cda98133164d63a6d5410256d4aa3305abba89fbbdf78e562b3466630d4e535913e39be2a4c4919049 | | | Ni, Nr Payload | | | | Next Payload = 41 (N) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 20 (0x14) | | | | Nonce Data = bb9f6acdb630327cf73b521a5491df40 | | | N Payload | | | | Next Payload = 41 (N) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 28 (0x1c) | | | | Protocol ID = 0 (no relation) | | | | SPI Size = 0 | | | | Notify Message Type = 16388 (NAT_DETECTION_SOURCE_IP) | | | | Notification Data = 1d595e1f3bc371d059523dbee66a58479de33e6d,40 | | | N Payload | | | | Next Payload = 0 (0) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 28 (0x1c) | | | | Protocol ID = 0 (no relation) | | | | SPI Size = 0 | | | | Notify Message Type = 16389 (NAT_DETECTION_DESTINATION_IP) | | | | Notification Data = b0c836edf503b3365d650c9e34b51a52d71336c0,40 </pre> </div> <hr> <A NAME="koiPacketDump2"></A><A HREF="#koiPacket2">packet #2 at 13:34:06</A> <div id="koiPacketInfo2"> <pre>IP Packet | IP Header | | Version = 6 | | Source Address = 2001:db8:f:1::1 | | Destination Address = 2001:db8:1:1::1234 | UDP Header | | Source Port = 500 | | Destination Port = 500 | Internet Security Association and Key Management Protocol Payload | | IKE Header | | | IKE_SA Initiator's SPI = a0bcca2528dd9158 | | | IKE_SA Responder's SPI = b701582fadf119af | | | Next Payload = 33 (SA) | | | Major Version = 2 | | | Minor Version = 0 | | | Exchange Type = 34 (IKE_SA_INIT) | | | Flags = 32 (0b00100000) | | | | Reserved (XX000000) = 0 | | | | Response (00R00000) = 1 | | | | Version (000V0000) = 0 | | | | Initiator (0000I000) = 0 | | | | Reserved (00000XXX) = 0 | | | Message ID = 0 (0x0) | | | Length = 266 (0x10a) | | | SA Payload | | | | Next Payload = 34 (KE) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 44 (0x2c) | | | | Proposal #1 | | | | | Next Payload = 0 (last) | | | | | RESERVED = 0 | | | | | Proposal Length = 40 | | | | | Proposal # = 1 | | | | | Proposal ID = IKE | | | | | SPI Size = 0 | | | | | # of Transforms = 4 | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 1 (ENCR) | | | | | | RESERVED = 0 | | | | | | Transform ID = 3 (3DES) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 2 (PRF) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1) | | | | | Transfrom | | | | | | Next Payload = 3 (Transform) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 3 (INTEG) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (HMAC_SHA1_96) | | | | | Transfrom | | | | | | Next Payload = 0 (last) | | | | | | RESERVED = 0 | | | | | | Transform Length = 8 | | | | | | Transform Type = 4 (D-H) | | | | | | RESERVED = 0 | | | | | | Transform ID = 2 (1024 MODP Group) | | | KE Payload | | | | Next Payload = 40 (Ni, Nr) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 136 (0x88) | | | | DH Group # = 2 | | | | RESERVED = 0 | | | | Key Exchange Data = 0xd02835681069f07665e63fb8d7ff62adb352b43346af4d8e62701716682b9f41dce8c3e77191f2fb3202eed216a15ff33b2377876ba630007cc686d8a789090db03bdc7c8fe891801daf44f85e483f8cb97635af2c0a79fc93a0de11709fb1d9b60ebf16fb98f2dfe0a4a887dbf2bdbdfaf6cba82d141192fc0cd4aedf596e52 | | | Ni, Nr Payload | | | | Next Payload = 0 (0) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 58 (0x3a) | | | | Nonce Data = 95708e5459bdf506bda6c9f3fde565a167289726dfbacfb29a9b8ed6bc2d5d7ccadefa5791371830c2f2d070748adbd90dd67ebd3a6c </pre> </div> <hr> <A NAME="koiPacketDump3"></A><A HREF="#koiPacket3">packet #3 at 13:34:06</A> <div id="koiPacketInfo3"> <pre>IP Packet | IP Header | | Version = 6 | | Source Address = 2001:db8:1:1::1234 | | Destination Address = 2001:db8:f:1::1 | UDP Header | | Source Port = 500 | | Destination Port = 500 | Internet Security Association and Key Management Protocol Payload | | IKE Header | | | IKE_SA Initiator's SPI = a0bcca2528dd9158 | | | IKE_SA Responder's SPI = b701582fadf119af | | | Next Payload = 46 (E) | | | Major Version = 2 | | | Minor Version = 0 | | | Exchange Type = 35 (IKE_AUTH) | | | Flags = 8 (0b00001000) | | | | Reserved (XX000000) = 0 | | | | Response (00R00000) = 0 | | | | Version (000V0000) = 0 | | | | Initiator (0000I000) = 1 | | | | Reserved (00000XXX) = 0 | | | Message ID = 1 (0x1) | | | Length = 252 (0xfc) | | | E Payload | | | | Next Payload = 35 (IDi) | | | | Critical = 0 | | | | Reserved = 0 | | | | Payload Length = 224 (0xe0) | | | | Initialization Vector = c4457863c9be0e64 | | | | Encrypted IKE Payloads | | | | | IDi Payload | | | | | | Next Payload = 39 (AUTH) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 24 (0x18) | | | | | | ID Type = 5 (IPV6_ADDR) | | | | | | RESERVED = 0 | | | | | | Identification Data = 20010db8000100010000000000001234 (2001:db8:1:1::1234) | | | | | AUTH Payload | | | | | | Next Payload = 33 (SA) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 28 (0x1c) | | | | | | Auth Method = 2 (SK_MIC) | | | | | | RESERVED = 0 | | | | | | Authentication Data = 458d703ffd438212918d2f198dc5c5dc8571ef68 | | | | | SA Payload | | | | | | Next Payload = 44 (TSi) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 40 (0x28) | | | | | | Proposal #1 | | | | | | | Next Payload = 0 (last) | | | | | | | RESERVED = 0 | | | | | | | Proposal Length = 36 | | | | | | | Proposal # = 1 | | | | | | | Proposal ID = ESP | | | | | | | SPI Size = 4 | | | | | | | # of Transforms = 3 | | | | | | | SPI = 268a01bf | | | | | | | Transfrom | | | | | | | | Next Payload = 3 (Transform) | | | | | | | | RESERVED = 0 | | | | | | | | Transform Length = 8 | | | | | | | | Transform Type = 1 (ENCR) | | | | | | | | RESERVED = 0 | | | | | | | | Transform ID = 3 (3DES) | | | | | | | Transfrom | | | | | | | | Next Payload = 3 (Transform) | | | | | | | | RESERVED = 0 | | | | | | | | Transform Length = 8 | | | | | | | | Transform Type = 3 (INTEG) | | | | | | | | RESERVED = 0 | | | | | | | | Transform ID = 2 (HMAC_SHA1_96) | | | | | | | Transfrom | | | | | | | | Next Payload = 0 (last) | | | | | | | | RESERVED = 0 | | | | | | | | Transform Length = 8 | | | | | | | | Transform Type = 5 (ESN) | | | | | | | | RESERVED = 0 | | | | | | | | Transform ID = 0 (No ESN) | | | | | TSi Payload | | | | | | Next Payload = 45 (TSr) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 48 (0x30) | | | | | | Number of TSs = 1 | | | | | | RESERVED = 0 | | | | | | Traffic Selector | | | | | | | TS Type = 8 (IPV6_ADDR_RANGE) | | | | | | | IP Protocol ID = 0 (any) | | | | | | | Selector Length = 40 | | | | | | | Start Port = 0 | | | | | | | End Port = 65535 | | | | | | | Starting Address = 20010db8000100010000000000001234 | | | | | | | Ending Address = 20010db8000100010000000000001234 | | | | | TSr Payload | | | | | | Next Payload = 41 (N) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 48 (0x30) | | | | | | Number of TSs = 1 | | | | | | RESERVED = 0 | | | | | | Traffic Selector | | | | | | | TS Type = 8 (IPV6_ADDR_RANGE) | | | | | | | IP Protocol ID = 0 (any) | | | | | | | Selector Length = 40 | | | | | | | Start Port = 0 | | | | | | | End Port = 65535 | | | | | | | Starting Address = 20010db8000f00010000000000000001 | | | | | | | Ending Address = 20010db8000f00010000000000000001 | | | | | N Payload | | | | | | Next Payload = 0 (0) | | | | | | Critical = 0 | | | | | | Reserved = 0 | | | | | | Payload Length = 8 (0x8) | | | | | | Protocol ID = 0 (no relation) | | | | | | SPI Size = 0 | | | | | | Notify Message Type = 16391 (USE_TRANSPORT_MODE) | | | | Integrity Checksum Data = 8745110fb4a83a64be69b239 </pre> </div> <hr> </UL> </BODY> </HTML> <!-- 142ae69553b977bbcc14f928f642b1de --> <!-- 79e661dc54221d1a8f0a5599aeed8f08 -->
View Attachment As Raw
Actions:
View
Attachments on
bug 1152625
:
946946
|
946953