Community discussions

MikroTik App
 
presswu
just joined
Topic Author
Posts: 4
Joined: Wed Sep 14, 2016 9:35 am

PPTP iOS10

Wed Sep 14, 2016 9:55 am

Hi all,

unfortunately Apple has removed my beautiful PPTP connection from the VPN list on my iPhone :(

I configured L2TP and the server is working fine in my LAN but is not working from outside.

- my Mikrotik router is behind my provider router (which does not support my needs)
- all needed ports are forwarded
- I can see packets comming on my input firewall rule but the L2TP server is not responding
- tried to NAT the ports to the router IP - no success

Do you have any ideas?
:(
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26954
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Wed Sep 14, 2016 9:58 am

Yes, PPTP is not secure for a while now, so macOS, iOS and other operating systems are starting to remove it.

You can use L2TP or IPsec+L2TP, there are examples in our wiki.

Post your NAT and firewall config please.
 
presswu
just joined
Topic Author
Posts: 4
Joined: Wed Sep 14, 2016 9:35 am

Re: PPTP iOS10

Wed Sep 14, 2016 10:03 am

Thanks for your answer.

Unfortunately I have not access to my RB at the moment. I will post the config on Saturday.

L2TP only is working on iOS? The profile requires a shared secret from IPsec...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26954
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Wed Sep 14, 2016 11:35 am

 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Wed Sep 14, 2016 1:39 pm

Actually L2TP+IPsec configuration is not too difficult.

1) Enable L2TP server,
/interface l2tp-server server
set authentication=mschap2 enabled=yes
2) Configure PPP profile,
/ppp profile
add change-tcp-mss=yes local-address=192.168.17.1 name=ipsec+L2TP remote-address=ipsec-pool use-encryption=yes
/ip pool
add name=ipsec-pool ranges=192.168.17.2-192.168.17.254
3) Create PPP secret,
/ppp secret
add name=sergejs password="routeros" profile=ipsec+L2TP service=l2tp
4) Add static PPP interface to manage firewall easily.
/interface l2tp-server add name=l_sergejs user=sergejs
The same configuration you have used for PPTP previously. Additional configuration that is required.

Create IPSec configuration:
1) setup
/ip ipsec policy group
add name=ipsec+l2tp
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des
I configure ip ipsec peer, as default algorithms does not work too good with all OS (that you configure on L2TP server IPSec configuration).
/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=aes-256,aes-192,aes-128 generate-policy=\
    port-strict secret=MikroTiKRouterOS
/ip ipsec policy
add dst-address=0.0.0.0/0 protocol=udp src-address=0.0.0.0/0 template=yes
On MACOS I configure L2TPoverIPSec.
1) user authentication password is from /ppp secret
2) machine authentication shared secret is from /ip ipsec peer.

P.S. The particular configuration works for MAC OS Sierra/Captain, IOS 10, Windows 8 and 10.
 
presswu
just joined
Topic Author
Posts: 4
Joined: Wed Sep 14, 2016 9:35 am

Re: PPTP iOS10

Wed Sep 14, 2016 2:34 pm

Thanks for your post.

I configured L2TP+IPsec using your suggestions. It seems that the packtes are now delivered to the Mikrotik router.

Nevertheless I get no connection (Log):

l2tp info: First L2TP UDP packet received from 80.x.x.x
IPsec error: phase 1 negotiation failed due to time up

Is it possible that L2TP is not working because my crappy provider router is not able to forward ESP? I'm only able to forward TCP and UDP (500, 1701 and 4500)

Thanks
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Wed Sep 14, 2016 3:45 pm

presswu,

what OS do you use as client?
Do you have client or server behind ISP devices?
 
presswu
just joined
Topic Author
Posts: 4
Joined: Wed Sep 14, 2016 9:35 am

Re: PPTP iOS10

Wed Sep 14, 2016 3:59 pm

I tried to use iOS 10 and Windows 10 as a client.

My RB951G-2HnD (server) is behind a simple ISP VDSL router which is not able to operate in bridge mode.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Wed Sep 14, 2016 4:04 pm

For IPSec server located behind ISP router, you need to forward UDP 500, 4500 and ESP.
For phase1 issues, enabled "ipsec,debug" logs and post them here.
 
manbot
just joined
Posts: 24
Joined: Sun Mar 23, 2014 1:28 am
Location: Minsk, Belarus
Contact:

Re: PPTP iOS10

Wed Sep 14, 2016 9:28 pm

Hi!
What about more than one user in l2tp+ipsec config?
I have situation when 2nd l2tp+ipsec user dropping 1st user from MikroTik.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26954
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Thu Sep 15, 2016 9:04 am

Hi!
What about more than one user in l2tp+ipsec config?
I have situation when 2nd l2tp+ipsec user dropping 1st user from MikroTik.
If both of them are behind NAT, this will happen. You need to make the tunnel on the router, instead of the client, or wait for new Kernel in RouterOS v7
 
Steffen9000
just joined
Posts: 2
Joined: Wed Sep 07, 2016 12:37 am

Re: PPTP iOS10

Sun Sep 18, 2016 1:48 am

On MACOS I configure L2TPoverIPSec.
1) user authentication password is from /ppp secret
2) machine authentication shared secret is from /ip ipsec peer.

P.S. The particular configuration works for MAC OS Sierra/Captain, IOS 10, Windows 8 and 10.
I followed the tutorial closely, yet I still get this error in the log:

sep/18 00:49:07 ipsec,debug invalid length of payload
sep/18 00:49:07 ipsec,debug possible cause: wrong password

Although the password is definitely correct :(
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Mon Sep 19, 2016 9:22 am

One configuration step, that can be changed in your configuration.

Disable peer,
/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=aes-256,aes-192,aes-128 generate-policy=port-strict secret=MikroTiKRouterOS
and move this configuration to l2tp-server,
/interface l2tp-server server
set authentication=mschap2 enabled=yes ipsec-secret=RouterOS use-ipsec=yes
Steffen9000, please contact support (support@mikrotik.com) with radius,debug logs enabled, we will see what is wrong.
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Mon Sep 19, 2016 9:22 am

One configuration step, that can be changed in your configuration.

Disable peer,
/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=aes-256,aes-192,aes-128 generate-policy=port-strict secret=MikroTiKRouterOS
and move this configuration to l2tp-server,
/interface l2tp-server server
set authentication=mschap2 enabled=yes ipsec-secret=RouterOS use-ipsec=yes
Steffen9000, please contact support (support@mikrotik.com) with radius,debug logs enabled, we will see what is wrong.
 
malstro
just joined
Posts: 17
Joined: Fri Jun 24, 2016 11:31 am

Re: PPTP iOS10

Wed Sep 21, 2016 4:05 pm

sorry for re-raising this topic - but I still have a few questions about this.

Same scenario for myself:
I want to connect multiple! iOS/macOS/Android devices to my MikroTik router.

iOS >10 should support these protocols (all combined thankfully with IPsec encryption):
- L2TP/IPSec
- IKEv2/IPSec
- Cisco IPSec
- (my last resort would be a separate OpenVPN client app on each device, but i'd like it more to use an integrated OS solution)

1) Which VPN server setup do you recommend for mixed devices - "one-size-fits-all" ?

2) Did I get this right, that if my MikroTik router has a public IP address (no NAT/directly connected via PPPoE to a DSL modem), I can connect multiple devices with NAT e.g. via L2TP with IPsec? (instead of only 1 connection if both/server+client are NAT'd)

3) I had issues in the past, trying to configure L2TP+IPsec for any device (Mac, Windows or iOS), since there are various instructions out there, how to configure L2TP+IPsec - one tutorial says "check 'use IPsec' within the L2TP Server setup" .. another one says "this won't work - create your own policy include '3des'" - which won't work for iOS devices.
=> So is there any general instruction set for a viable L2TP+IPsec setup (e.g. for various devices like iOS, macOS, Windows, etc. aside) - or can I/do I have to configure multiple policies for all device sets?

Thanks for your help!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26954
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Wed Sep 21, 2016 4:09 pm

Most devices will support only "L2TP/IPSec"

The config example is above.

If the clients are all behind a MikroTik NAT, they will not be able to connect at the same time, to the same server.
 
malstro
just joined
Posts: 17
Joined: Fri Jun 24, 2016 11:31 am

Re: PPTP iOS10

Wed Sep 21, 2016 4:43 pm

If the clients are all behind a MikroTik NAT, they will not be able to connect at the same time, to the same server.
Sorry - I'm a little bit slow in understanding this one .. ;-)

- Let's assume all clients (personal devices) are behind some/whatever NAT, e.g. cell network/other personal Wi-Fi/.... (no MikroTik here).
- The MikroTik router (hosting the L2TP/IPsec VPN server) acts as gateway router (directly connecting to the public internet via a PPPoE client) so the eth1-WAN interface will have the public IP address.

=> In this scenario multiple clients will be able to connect to the MikroTik VPN?
 
miks
just joined
Posts: 3
Joined: Thu Sep 22, 2016 7:14 pm

Re: PPTP iOS10

Thu Sep 22, 2016 7:24 pm

One configuration step, that can be changed in your configuration.

Disable peer,
/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=aes-256,aes-192,aes-128 generate-policy=port-strict secret=MikroTiKRouterOS
and move this configuration to l2tp-server,
/interface l2tp-server server
set authentication=mschap2 enabled=yes ipsec-secret=RouterOS use-ipsec=yes
So, I actually need to skip "/ip ipsec peer" step at all?
Anyway, can't get this working.
On router (RouterOS v6.36.3, 1100AHx2) there are errors like this:
19:11:17 ipsec,debug,packet such policy does not already exist: xxx/32[38126] xxx/32[1701] proto=udp dir=in
19:11:17 ipsec,debug,packet such policy does not already exist: xxx/32[1701] xxx/32[38126] proto=udp dir=out
on client (macOS Sierra):
Thu Sep 22 19:11:17 2016 : L2TP sent SCCRQ
Thu Sep 22 19:11:37 2016 : L2TP cannot connect to the server
 
malstro
just joined
Posts: 17
Joined: Fri Jun 24, 2016 11:31 am

Re: PPTP iOS10

Sat Sep 24, 2016 12:43 am

Same problem here! @miks

MacOS El Capitan brings up the same error:
- L2TP sent SCCRQ
- L2TP cannot connect to the server

I tried both suggestions - 1) with a dedicated IPsec peer configuration for the secret .. and 2) using the integrated IPsec checkbox of the L2TP server with a secret.
Both ways don't work in my case (just to keep it in mind: I have both sides / RouterOS server+MacOS client NATed)
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6697
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Mon Sep 26, 2016 1:51 pm

miks,

if you put such configuration,
/interface l2tp-server server
set authentication=mschap2 enabled=yes ipsec-secret=RouterOS use-ipsec=yes

then /ip ipsec peer configuration is not required.

miks and malstro, please post "ipsec,debug" output here, when client tries to establish L2TP/IPsec session.
 
User avatar
MichelePietravalle
Trainer
Trainer
Posts: 100
Joined: Sun Apr 19, 2009 9:03 pm

Re: PPTP iOS10

Mon Sep 26, 2016 4:18 pm

hi, some problem.

working with iOS 10 connected to a wifi network, not working connected to mobile network!

thanks.
Sep/26/2016 15:15:29 ipsec,debug,packet ==========
Sep/26/2016 15:15:29 ipsec,debug,packet 788 bytes message received from 151.36.21.149[5355] to 89.x.x.x[500]
Sep/26/2016 15:15:29 ipsec,debug,packet 2bcef328 0e5035b0 00000000 00000000 01100200 00000000 00000314 0d000204
Sep/26/2016 15:15:29 ipsec,debug,packet 00000001 00000001 000001f8 0101000e 03000024 01010000 800b0001 800c0e10
Sep/26/2016 15:15:29 ipsec,debug,packet 80010007 800e0100 80030001 80020004 8004000e 03000024 02010000 800b0001
Sep/26/2016 15:15:29 ipsec,debug,packet 800c0e10 80010007 800e0100 80030001 80020002 8004000e 03000024 03010000
Sep/26/2016 15:15:29 ipsec,debug,packet 800b0001 800c0e10 80010007 800e0100 80030001 80020001 8004000e 03000024
Sep/26/2016 15:15:29 ipsec,debug,packet 04010000 800b0001 800c0e10 80010007 800e0100 80030001 80020006 8004000e
Sep/26/2016 15:15:29 ipsec,debug,packet 03000024 05010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
Sep/26/2016 15:15:29 ipsec,debug,packet 80040005 03000024 06010000 800b0001 800c0e10 80010007 800e0100 80030001
Sep/26/2016 15:15:29 ipsec,debug,packet 80020002 80040005 03000024 07010000 800b0001 800c0e10 80010007 800e0100
Sep/26/2016 15:15:29 ipsec,debug,packet 80030001 80020001 80040005 03000024 08010000 800b0001 800c0e10 80010007
Sep/26/2016 15:15:29 ipsec,debug,packet 800e0100 80030001 80020004 80040002 03000024 09010000 800b0001 800c0e10
Sep/26/2016 15:15:29 ipsec,debug,packet 80010007 800e0100 80030001 80020002 80040002 03000024 0a010000 800b0001
Sep/26/2016 15:15:29 ipsec,debug,packet 800c0e10 80010007 800e0100 80030001 80020001 80040002 03000024 0b010000
Sep/26/2016 15:15:29 ipsec,debug,packet 800b0001 800c0e10 80010007 800e0080 80030001 80020002 80040002 03000024
Sep/26/2016 15:15:29 ipsec,debug,packet 0c010000 800b0001 800c0e10 80010007 800e0080 80030001 80020001 80040002
Sep/26/2016 15:15:29 ipsec,debug,packet 03000020 0d010000 800b0001 800c0e10 80010005 80030001 80020002 80040002
Sep/26/2016 15:15:29 ipsec,debug,packet 00000020 0e010000 800b0001 800c0e10 80010005 80030001 80020001 80040002
Sep/26/2016 15:15:29 ipsec,debug,packet 0d000014 4a131c81 07035845 5c5728f2 0e95452f 0d000014 4df37928 e9fc4fd1
Sep/26/2016 15:15:29 ipsec,debug,packet b3262170 d515c662 0d000014 8f8d8382 6d246b6f c7a8a6a4 28c11de8 0d000014
Sep/26/2016 15:15:29 ipsec,debug,packet 439b59f8 ba676c4c 7737ae22 eab8f582 0d000014 4d1e0e13 6deafa34 c4f3ea9f
Sep/26/2016 15:15:29 ipsec,debug,packet 02ec7285 0d000014 80d0bb3d ef54565e e84645d4 c85ce3ee 0d000014 9909b64e
Sep/26/2016 15:15:29 ipsec,debug,packet ed937c65 73de52ac e952fa6b 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56
Sep/26/2016 15:15:29 ipsec,debug,packet 0d000014 cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091 3ebb696e
Sep/26/2016 15:15:29 ipsec,debug,packet 086381b5 ec427b1f 0d000018 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000
Sep/26/2016 15:15:29 ipsec,debug,packet 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Sep/26/2016 15:15:29 ipsec,debug,packet ===
Sep/26/2016 15:15:29 ipsec,debug,packet begin.
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=1(sa)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=13(vid)
Sep/26/2016 15:15:29 ipsec,debug,packet succeed.
Sep/26/2016 15:15:29 ipsec,debug received Vendor ID: RFC 3947
Sep/26/2016 15:15:29 ipsec,debug,packet received unknown Vendor ID
Sep/26/2016 15:15:29 ipsec,debug,packet 4df37928 e9fc4fd1 b3262170 d515c662
Sep/26/2016 15:15:29 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
Sep/26/2016 15:15:29 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
Sep/26/2016 15:15:29 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
Sep/26/2016 15:15:29 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
Sep/26/2016 15:15:29 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
Sep/26/2016 15:15:29 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Sep/26/2016 15:15:29 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Sep/26/2016 15:15:29 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Sep/26/2016 15:15:29 ipsec,debug 
Sep/26/2016 15:15:29 ipsec,debug received broken Microsoft ID: FRAGMENTATION
Sep/26/2016 15:15:29 ipsec,debug received Vendor ID: DPD
Sep/26/2016 15:15:29 ipsec,debug,packet remote supports DPD
Sep/26/2016 15:15:29 ipsec,debug Selected NAT-T version: RFC 3947
Sep/26/2016 15:15:29 ipsec,debug,packet total SA len=512
Sep/26/2016 15:15:29 ipsec,debug,packet 00000001 00000001 000001f8 0101000e 03000024 01010000 800b0001 800c0e10
Sep/26/2016 15:15:29 ipsec,debug,packet 80010007 800e0100 80030001 80020004 8004000e 03000024 02010000 800b0001
Sep/26/2016 15:15:29 ipsec,debug,packet 800c0e10 80010007 800e0100 80030001 80020002 8004000e 03000024 03010000
Sep/26/2016 15:15:29 ipsec,debug,packet 800b0001 800c0e10 80010007 800e0100 80030001 80020001 8004000e 03000024
Sep/26/2016 15:15:29 ipsec,debug,packet 04010000 800b0001 800c0e10 80010007 800e0100 80030001 80020006 8004000e
Sep/26/2016 15:15:29 ipsec,debug,packet 03000024 05010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
Sep/26/2016 15:15:29 ipsec,debug,packet 80040005 03000024 06010000 800b0001 800c0e10 80010007 800e0100 80030001
Sep/26/2016 15:15:29 ipsec,debug,packet 80020002 80040005 03000024 07010000 800b0001 800c0e10 80010007 800e0100
Sep/26/2016 15:15:29 ipsec,debug,packet 80030001 80020001 80040005 03000024 08010000 800b0001 800c0e10 80010007
Sep/26/2016 15:15:29 ipsec,debug,packet 800e0100 80030001 80020004 80040002 03000024 09010000 800b0001 800c0e10
Sep/26/2016 15:15:29 ipsec,debug,packet 80010007 800e0100 80030001 80020002 80040002 03000024 0a010000 800b0001
Sep/26/2016 15:15:29 ipsec,debug,packet 800c0e10 80010007 800e0100 80030001 80020001 80040002 03000024 0b010000
Sep/26/2016 15:15:29 ipsec,debug,packet 800b0001 800c0e10 80010007 800e0080 80030001 80020002 80040002 03000024
Sep/26/2016 15:15:29 ipsec,debug,packet 0c010000 800b0001 800c0e10 80010007 800e0080 80030001 80020001 80040002
Sep/26/2016 15:15:29 ipsec,debug,packet 03000020 0d010000 800b0001 800c0e10 80010005 80030001 80020002 80040002
Sep/26/2016 15:15:29 ipsec,debug,packet 00000020 0e010000 800b0001 800c0e10 80010005 80030001 80020001 80040002
Sep/26/2016 15:15:29 ipsec,debug,packet begin.
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=2(prop)
Sep/26/2016 15:15:29 ipsec,debug,packet succeed.
Sep/26/2016 15:15:29 ipsec,debug,packet proposal #1 len=504
Sep/26/2016 15:15:29 ipsec,debug,packet begin.
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:29 ipsec,debug,packet succeed.
Sep/26/2016 15:15:29 ipsec,debug,packet transform #1 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=4
Sep/26/2016 15:15:29 ipsec,debug,packet hash(sha2_256)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp2048)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #2 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
Sep/26/2016 15:15:29 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp2048)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #3 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
Sep/26/2016 15:15:29 ipsec,debug,packet hash(md5)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp2048)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #4 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=6
Sep/26/2016 15:15:29 ipsec,debug,packet hash(sha2_512)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp2048)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #5 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=4
Sep/26/2016 15:15:29 ipsec,debug,packet hash(sha2_256)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp1536)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #6 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
Sep/26/2016 15:15:29 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp1536)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #7 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
Sep/26/2016 15:15:29 ipsec,debug,packet hash(md5)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp1536)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #8 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=4
Sep/26/2016 15:15:29 ipsec,debug,packet hash(sha2_256)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp1024)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #9 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
Sep/26/2016 15:15:29 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp1024)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #10 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
Sep/26/2016 15:15:29 ipsec,debug,packet hash(md5)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp1024)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #11 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=128
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
Sep/26/2016 15:15:29 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp1024)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #12 len=36
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=128
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
Sep/26/2016 15:15:29 ipsec,debug,packet hash(md5)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp1024)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #13 len=32
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(3des)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
Sep/26/2016 15:15:29 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp1024)
Sep/26/2016 15:15:29 ipsec,debug,packet transform #14 len=32
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet encryption(3des)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
Sep/26/2016 15:15:29 ipsec,debug,packet hash(md5)
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp1024)
Sep/26/2016 15:15:29 ipsec,debug,packet pair 1:
Sep/26/2016 15:15:29 ipsec,debug,packet  0xc6ec8: next=(nil) tnext=0xddb80
Sep/26/2016 15:15:29 ipsec,debug,packet   0xddb80: next=(nil) tnext=0xc5a78
Sep/26/2016 15:15:29 ipsec,debug,packet    0xc5a78: next=(nil) tnext=0xe26a8
Sep/26/2016 15:15:29 ipsec,debug,packet     0xe26a8: next=(nil) tnext=0xc7ed0
Sep/26/2016 15:15:29 ipsec,debug,packet      0xc7ed0: next=(nil) tnext=0xca1a0
Sep/26/2016 15:15:29 ipsec,debug,packet       0xca1a0: next=(nil) tnext=0xd75a0
Sep/26/2016 15:15:29 ipsec,debug,packet        0xd75a0: next=(nil) tnext=0xc5b20
Sep/26/2016 15:15:29 ipsec,debug,packet         0xc5b20: next=(nil) tnext=0xc89a8
Sep/26/2016 15:15:29 ipsec,debug,packet          0xc89a8: next=(nil) tnext=0xc7c20
Sep/26/2016 15:15:29 ipsec,debug,packet           0xc7c20: next=(nil) tnext=0xc5938
Sep/26/2016 15:15:29 ipsec,debug,packet            0xc5938: next=(nil) tnext=0x103d68
Sep/26/2016 15:15:29 ipsec,debug,packet             0x103d68: next=(nil) tnext=0xe27e8
Sep/26/2016 15:15:29 ipsec,debug,packet              0xe27e8: next=(nil) tnext=0xc8f50
Sep/26/2016 15:15:29 ipsec,debug,packet               0xc8f50: next=(nil) tnext=(nil)
Sep/26/2016 15:15:29 ipsec,debug,packet proposal #1: 14 transform
Sep/26/2016 15:15:29 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
Sep/26/2016 15:15:29 ipsec,debug,packet trns#=1, trns-id=IKE
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=4
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 256:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 192:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 128:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = 3DES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 0:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
Sep/26/2016 15:15:29 ipsec,debug,packet trns#=2, trns-id=IKE
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 256:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:SHA
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 192:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:SHA
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 128:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:SHA
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = 3DES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 0:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:SHA
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
Sep/26/2016 15:15:29 ipsec,debug,packet trns#=3, trns-id=IKE
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 256:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:MD5
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 192:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:MD5
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 128:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:MD5
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = 3DES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 0:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:MD5
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
Sep/26/2016 15:15:29 ipsec,debug,packet trns#=4, trns-id=IKE
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=6
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 256:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:6
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 192:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:6
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 128:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:6
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = 3DES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 0:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:6
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:2048-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
Sep/26/2016 15:15:29 ipsec,debug,packet trns#=5, trns-id=IKE
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=4
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 256:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 192:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 128:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = 3DES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 0:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
Sep/26/2016 15:15:29 ipsec,debug,packet trns#=6, trns-id=IKE
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 256:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:SHA
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 192:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:SHA
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 128:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:SHA
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = 3DES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 0:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:SHA
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
Sep/26/2016 15:15:29 ipsec,debug,packet trns#=7, trns-id=IKE
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=MD5
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 256:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:MD5
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 192:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:MD5
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 128:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:MD5
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = 3DES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 0:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:MD5
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1536-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
Sep/26/2016 15:15:29 ipsec,debug,packet trns#=8, trns-id=IKE
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=4
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 256:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 192:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 128:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = 3DES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 0:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:4
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet prop#=1, prot-id=ISAKMP, spi-size=0, #trns=14
Sep/26/2016 15:15:29 ipsec,debug,packet trns#=9, trns-id=IKE
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:29 ipsec,debug,packet type=Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:29 ipsec,debug,packet type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:29 ipsec,debug,packet type=Authentication Method, flag=0x8000, lorv=pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet type=Hash Algorithm, flag=0x8000, lorv=SHA
Sep/26/2016 15:15:29 ipsec,debug,packet type=Group Description, flag=0x8000, lorv=1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet Compared: Local:Peer
Sep/26/2016 15:15:29 ipsec,debug,packet (lifetime = 86400:3600)
Sep/26/2016 15:15:29 ipsec,debug,packet (lifebyte = 0:0)
Sep/26/2016 15:15:29 ipsec,debug,packet enctype = AES-CBC:AES-CBC
Sep/26/2016 15:15:29 ipsec,debug,packet (encklen = 256:256)
Sep/26/2016 15:15:29 ipsec,debug,packet hashtype = SHA:SHA
Sep/26/2016 15:15:29 ipsec,debug,packet authmethod = pre-shared key:pre-shared key
Sep/26/2016 15:15:29 ipsec,debug,packet dh_group = 1024-bit MODP group:1024-bit MODP group
Sep/26/2016 15:15:29 ipsec,debug,packet an acceptable proposal found.
Sep/26/2016 15:15:29 ipsec,debug,packet dh(modp1024)
Sep/26/2016 15:15:29 ipsec,debug,packet agreed on pre-shared key auth.
Sep/26/2016 15:15:29 ipsec,debug,packet ===
Sep/26/2016 15:15:29 ipsec,debug,packet new cookie:
Sep/26/2016 15:15:29 ipsec,debug,packet 1ad5b691e9718365 
Sep/26/2016 15:15:29 ipsec,debug,packet add payload of len 52, next type 13
Sep/26/2016 15:15:29 ipsec,debug,packet add payload of len 16, next type 13
Sep/26/2016 15:15:29 ipsec,debug,packet add payload of len 16, next type 13
Sep/26/2016 15:15:29 ipsec,debug,packet add payload of len 20, next type 0
Sep/26/2016 15:15:29 ipsec,debug,packet 148 bytes from 89.x.x.x.x[500] to 151.36.21.149[5355]
Sep/26/2016 15:15:29 ipsec,debug,packet sockname 89.x.x.x.x[500]
Sep/26/2016 15:15:29 ipsec,debug,packet send packet from 89.x.x.x.x[500]
Sep/26/2016 15:15:29 ipsec,debug,packet send packet to 151.36.21.149[5355]
Sep/26/2016 15:15:29 ipsec,debug,packet src4 89.x.x.x.x[500]
Sep/26/2016 15:15:29 ipsec,debug,packet dst4 151.36.21.149[5355]
Sep/26/2016 15:15:29 ipsec,debug,packet 1 times of 148 bytes message will be sent to 151.36.21.149[5355]
Sep/26/2016 15:15:29 ipsec,debug,packet 2bcef328 0e5035b0 1ad5b691 e9718365 01100200 00000000 00000094 0d000038
Sep/26/2016 15:15:29 ipsec,debug,packet 00000001 00000001 0000002c 01010001 00000024 09010000 800b0001 800c0e10
Sep/26/2016 15:15:29 ipsec,debug,packet 80010007 800e0100 80030001 80020002 80040002 0d000014 4a131c81 07035845
Sep/26/2016 15:15:29 ipsec,debug,packet 5c5728f2 0e95452f 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 00000018
Sep/26/2016 15:15:29 ipsec,debug,packet 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000
Sep/26/2016 15:15:29 ipsec,debug sent phase1 packet 89.x.x.x.x[500]<=>151.36.21.149[5355] 2bcef3280e5035b0:1ad5b691e9718365
Sep/26/2016 15:15:30 ipsec,debug,packet ==========
Sep/26/2016 15:15:30 ipsec,debug,packet 228 bytes message received from 151.36.21.149[5355] to 89.x.x.x.x[500]
Sep/26/2016 15:15:30 ipsec,debug,packet 2bcef328 0e5035b0 1ad5b691 e9718365 04100200 00000000 000000e4 0a000084
Sep/26/2016 15:15:30 ipsec,debug,packet d4274bf6 14c45290 fc398c17 de5f5a52 03d66c39 ea440bd9 a76d3eb4 971a56da
Sep/26/2016 15:15:30 ipsec,debug,packet a83ecac4 b5ca4161 9e2900c1 a04f8490 539dd368 8b2ef5b0 828461fa 56e4961e
Sep/26/2016 15:15:30 ipsec,debug,packet fb5b367b a2bcb82f ef1a7362 20f4c880 5ecea904 43e8453f 6babdb4c 09c2cd54
Sep/26/2016 15:15:30 ipsec,debug,packet 30590041 04007fd0 3c9207fd 2c426b8b c24dfb2c 18d51204 f9aad744 2ee90134
Sep/26/2016 15:15:30 ipsec,debug,packet 14000014 2ea7b49c 92b61b90 d7890303 a6785397 14000018 420085b3 e8055df0
Sep/26/2016 15:15:30 ipsec,debug,packet 4bbce3db 7372e14d 9a8435ce 00000018 836ab20c e7b947ab 6f6829c8 b1b77a88
Sep/26/2016 15:15:30 ipsec,debug,packet 8702d06d
Sep/26/2016 15:15:30 ipsec,debug,packet begin.
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=4(ke)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=10(nonce)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=20(nat-d)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=20(nat-d)
Sep/26/2016 15:15:30 ipsec,debug,packet succeed.
Sep/26/2016 15:15:30 ipsec,debug Hashing 89.x.x.x.x[500] with algo #2 
Sep/26/2016 15:15:30 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:30 ipsec,debug NAT-D payload #0 verified
Sep/26/2016 15:15:30 ipsec,debug Hashing 151.36.21.149[5355] with algo #2 
Sep/26/2016 15:15:30 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:30 ipsec,debug NAT-D payload #1 doesn't match
Sep/26/2016 15:15:30 ipsec,debug NAT detected: PEER
Sep/26/2016 15:15:30 ipsec,debug,packet ===
Sep/26/2016 15:15:30 ipsec,debug,packet dh(modp1024)
Sep/26/2016 15:15:30 ipsec,debug,packet compute DH's private.
Sep/26/2016 15:15:30 ipsec,debug,packet 4c276792 434167fa 88e3b933 71fa05c5 2129315b e8108c2c 444c4236 a2f2f1ac
Sep/26/2016 15:15:30 ipsec,debug,packet 4dbc991b 7fe0a27a 583ee0df fe3f4b31 5deb7578 52068afc 19b6b1f8 a5c53e45
Sep/26/2016 15:15:30 ipsec,debug,packet a4394996 c59c2fb4 245f1315 a400b0ee a49b7d23 4d135d9c 6d1a6bb3 31d8024a
Sep/26/2016 15:15:30 ipsec,debug,packet 3e0df895 cf55dd59 22225cb4 410574dc 98f8d041 a479ba71 4aa87c25 202d5964
Sep/26/2016 15:15:30 ipsec,debug,packet compute DH's public.
Sep/26/2016 15:15:30 ipsec,debug,packet 7bf27ec0 7ed4b7c2 76cff306 56c529f9 87fa92c8 9586c66e 68347e89 6c96c6ed
Sep/26/2016 15:15:30 ipsec,debug,packet 8beaaa20 2259aaa0 0ccd5ad2 8dc424df e1083a96 75495943 eaaf760c 878344f8
Sep/26/2016 15:15:30 ipsec,debug,packet a3762f64 65e9c282 cc428107 a59b5891 ddf1d52b c5b036b4 75024b83 21aee35f
Sep/26/2016 15:15:30 ipsec,debug,packet c6436932 3b307b8d c168638c dfc6e45e c58b5635 7fa1b3f6 4066c5d9 a4049854
Sep/26/2016 15:15:30 ipsec,debug Hashing 151.36.21.149[5355] with algo #2 
Sep/26/2016 15:15:30 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:30 ipsec,debug Hashing 89.x.x.x.x[500] with algo #2 
Sep/26/2016 15:15:30 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:30 ipsec,debug Adding remote and local NAT-D payloads.
Sep/26/2016 15:15:30 ipsec,debug,packet add payload of len 128, next type 10
Sep/26/2016 15:15:30 ipsec,debug,packet add payload of len 24, next type 20
Sep/26/2016 15:15:30 ipsec,debug,packet add payload of len 20, next type 20
Sep/26/2016 15:15:30 ipsec,debug,packet add payload of len 20, next type 0
Sep/26/2016 15:15:30 ipsec,debug,packet 236 bytes from 89.x.x.x.x[500] to 151.36.21.149[5355]
Sep/26/2016 15:15:30 ipsec,debug,packet sockname 89.x.x.x.x[500]
Sep/26/2016 15:15:30 ipsec,debug,packet send packet from 89.x.x.x.x[500]
Sep/26/2016 15:15:30 ipsec,debug,packet send packet to 151.36.21.149[5355]
Sep/26/2016 15:15:30 ipsec,debug,packet src4 89.x.x.x.x[500]
Sep/26/2016 15:15:30 ipsec,debug,packet dst4 151.36.21.149[5355]
Sep/26/2016 15:15:30 ipsec,debug,packet 1 times of 236 bytes message will be sent to 151.36.21.149[5355]
Sep/26/2016 15:15:30 ipsec,debug,packet 2bcef328 0e5035b0 1ad5b691 e9718365 04100200 00000000 000000ec 0a000084
Sep/26/2016 15:15:30 ipsec,debug,packet 7bf27ec0 7ed4b7c2 76cff306 56c529f9 87fa92c8 9586c66e 68347e89 6c96c6ed
Sep/26/2016 15:15:30 ipsec,debug,packet 8beaaa20 2259aaa0 0ccd5ad2 8dc424df e1083a96 75495943 eaaf760c 878344f8
Sep/26/2016 15:15:30 ipsec,debug,packet a3762f64 65e9c282 cc428107 a59b5891 ddf1d52b c5b036b4 75024b83 21aee35f
Sep/26/2016 15:15:30 ipsec,debug,packet c6436932 3b307b8d c168638c dfc6e45e c58b5635 7fa1b3f6 4066c5d9 a4049854
Sep/26/2016 15:15:30 ipsec,debug,packet 1400001c eb440e6c 1274b0da cac1b417 dbc2a62d c5c7f310 f1d251f9 14000018
Sep/26/2016 15:15:30 ipsec,debug,packet 974fea6c 8a9c0ada 827c7cda a49d3f22 e5c2eea2 00000018 420085b3 e8055df0
Sep/26/2016 15:15:30 ipsec,debug,packet 4bbce3db 7372e14d 9a8435ce
Sep/26/2016 15:15:30 ipsec,debug sent phase1 packet 89.x.x.x.x[500]<=>151.36.21.149[5355] 2bcef3280e5035b0:1ad5b691e9718365
Sep/26/2016 15:15:30 ipsec,debug,packet dh(modp1024)
Sep/26/2016 15:15:30 ipsec,debug,packet compute DH's shared.
Sep/26/2016 15:15:30 ipsec,debug,packet 
Sep/26/2016 15:15:30 ipsec,debug,packet 9df0db2b a13170bd a5c44e93 c23b7511 e52ea75d e60a8ac1 d840e232 4e8b8a6d
Sep/26/2016 15:15:30 ipsec,debug,packet 24531fea d41c8c92 36c1a0f9 ea08eccf 32614c2a bf0b6dcb 6fa56e51 95e29f92
Sep/26/2016 15:15:30 ipsec,debug,packet 30148cad f8eceec1 311947c6 aaac2e07 79dcd935 71e3915a 8096a9fb 70292b6c
Sep/26/2016 15:15:30 ipsec,debug,packet 2985b165 a9c72d5b 8862bd27 9f03f43e 917be355 57203636 4c35021c ee0a6290
Sep/26/2016 15:15:30 ipsec,debug,packet the psk found.
Sep/26/2016 15:15:30 ipsec,debug,packet nonce 1: 
Sep/26/2016 15:15:30 ipsec,debug,packet 2ea7b49c 92b61b90 d7890303 a6785397
Sep/26/2016 15:15:30 ipsec,debug,packet nonce 2: 
Sep/26/2016 15:15:30 ipsec,debug,packet eb440e6c 1274b0da cac1b417 dbc2a62d c5c7f310 f1d251f9
Sep/26/2016 15:15:30 ipsec,debug,packet hmac(hmac_sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet SKEYID computed:
Sep/26/2016 15:15:30 ipsec,debug,packet 5ea6eaa9 cf6fbb10 1f792c27 9846e923 1ff5d6d9
Sep/26/2016 15:15:30 ipsec,debug,packet hmac(hmac_sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet SKEYID_d computed:
Sep/26/2016 15:15:30 ipsec,debug,packet 06200a83 4d4776ee 2dbd668d 44f39b4f 6180db8b
Sep/26/2016 15:15:30 ipsec,debug,packet hmac(hmac_sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet SKEYID_a computed:
Sep/26/2016 15:15:30 ipsec,debug,packet 89056f66 2ff07ad1 1205f29e fbf698ac 3ed535eb
Sep/26/2016 15:15:30 ipsec,debug,packet hmac(hmac_sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet SKEYID_e computed:
Sep/26/2016 15:15:30 ipsec,debug,packet 79bf3b18 d05246ae 97e7de55 a5f046bd 11244e49
Sep/26/2016 15:15:30 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:30 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet len(SKEYID_e) < len(Ka) (20 < 32), generating long key (Ka = K1 | K2 | ...)
Sep/26/2016 15:15:30 ipsec,debug,packet hmac(hmac_sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet compute intermediate encryption key K1
Sep/26/2016 15:15:30 ipsec,debug,packet 00
Sep/26/2016 15:15:30 ipsec,debug,packet f552ac05 44a4e296 88fb6112 eea9cabe ee16fca5
Sep/26/2016 15:15:30 ipsec,debug,packet hmac(hmac_sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet compute intermediate encryption key K2
Sep/26/2016 15:15:30 ipsec,debug,packet f552ac05 44a4e296 88fb6112 eea9cabe ee16fca5
Sep/26/2016 15:15:30 ipsec,debug,packet 35127d70 5cbd1560 18b94694 5633b3be adc16f48
Sep/26/2016 15:15:30 ipsec,debug,packet final encryption key computed:
Sep/26/2016 15:15:30 ipsec,debug,packet f552ac05 44a4e296 88fb6112 eea9cabe ee16fca5 35127d70 5cbd1560 18b94694
Sep/26/2016 15:15:30 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:30 ipsec,debug,packet IV computed:
Sep/26/2016 15:15:30 ipsec,debug,packet 1fccf93f b419f898 68456685 71505541
Sep/26/2016 15:15:30 ipsec,debug,packet ==========
Sep/26/2016 15:15:30 ipsec,debug,packet 108 bytes message received from 151.36.21.149[5360] to 89.x.x.x.x[4500]
Sep/26/2016 15:15:30 ipsec,debug,packet 2bcef328 0e5035b0 1ad5b691 e9718365 05100201 00000000 0000006c f7f13910
Sep/26/2016 15:15:30 ipsec,debug,packet 41e906b4 4fdfbc7a 1ab9ee2b 14128576 cd129df0 360865ae f9110aad 419e3ca0
Sep/26/2016 15:15:30 ipsec,debug,packet 69900746 3d4f39f3 b17d0634 11ba69d6 8b9aa4a9 d45526ca d87328e6 4e71715c
Sep/26/2016 15:15:30 ipsec,debug,packet 2d73026c 6388f188 81f09ad2
Sep/26/2016 15:15:30 ipsec,debug NAT-T: ports changed to: 151.36.21.149[5360]<=>89.x.x.x.x[4500]
Sep/26/2016 15:15:30 ipsec,debug KA list add: 89.x.x.x.x[4500]->151.36.21.149[5360]
Sep/26/2016 15:15:30 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:30 ipsec,debug,packet IV was saved for next processing:
Sep/26/2016 15:15:30 ipsec,debug,packet 4e71715c 2d73026c 6388f188 81f09ad2
Sep/26/2016 15:15:30 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:30 ipsec,debug,packet with key:
Sep/26/2016 15:15:30 ipsec,debug,packet f552ac05 44a4e296 88fb6112 eea9cabe ee16fca5 35127d70 5cbd1560 18b94694
Sep/26/2016 15:15:30 ipsec,debug,packet decrypted payload by IV:
Sep/26/2016 15:15:30 ipsec,debug,packet 1fccf93f b419f898 68456685 71505541
Sep/26/2016 15:15:30 ipsec,debug,packet decrypted payload, but not trimed.
Sep/26/2016 15:15:30 ipsec,debug,packet 0800000c 011101f4 0a044955 0b000018 e374353a 7448fd2f 0874fb2a d3fa72a8
Sep/26/2016 15:15:30 ipsec,debug,packet c4cd6f3e 0000001c 00000001 01106002 2bcef328 0e5035b0 1ad5b691 e9718365
Sep/26/2016 15:15:30 ipsec,debug,packet 00000000 00000000 00000000 00000010
Sep/26/2016 15:15:30 ipsec,debug,packet padding len=17
Sep/26/2016 15:15:30 ipsec,debug,packet skip to trim padding.
Sep/26/2016 15:15:30 ipsec,debug,packet decrypted.
Sep/26/2016 15:15:30 ipsec,debug,packet 2bcef328 0e5035b0 1ad5b691 e9718365 05100201 00000000 0000006c 0800000c
Sep/26/2016 15:15:30 ipsec,debug,packet 011101f4 0a044955 0b000018 e374353a 7448fd2f 0874fb2a d3fa72a8 c4cd6f3e
Sep/26/2016 15:15:30 ipsec,debug,packet 0000001c 00000001 01106002 2bcef328 0e5035b0 1ad5b691 e9718365 00000000
Sep/26/2016 15:15:30 ipsec,debug,packet 00000000 00000000 00000010
Sep/26/2016 15:15:30 ipsec,debug,packet begin.
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=5(id)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=8(hash)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=11(notify)
Sep/26/2016 15:15:30 ipsec,debug,packet succeed.
Sep/26/2016 15:15:30 ipsec,debug,packet Notify Message received
Sep/26/2016 15:15:30 ipsec,debug ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
Sep/26/2016 15:15:30 ipsec,debug,packet HASH received:
Sep/26/2016 15:15:30 ipsec,debug,packet e374353a 7448fd2f 0874fb2a d3fa72a8 c4cd6f3e
Sep/26/2016 15:15:30 ipsec,debug,packet HASH with:
Sep/26/2016 15:15:30 ipsec,debug,packet d4274bf6 14c45290 fc398c17 de5f5a52 03d66c39 ea440bd9 a76d3eb4 971a56da
Sep/26/2016 15:15:30 ipsec,debug,packet a83ecac4 b5ca4161 9e2900c1 a04f8490 539dd368 8b2ef5b0 828461fa 56e4961e
Sep/26/2016 15:15:30 ipsec,debug,packet fb5b367b a2bcb82f ef1a7362 20f4c880 5ecea904 43e8453f 6babdb4c 09c2cd54
Sep/26/2016 15:15:30 ipsec,debug,packet 30590041 04007fd0 3c9207fd 2c426b8b c24dfb2c 18d51204 f9aad744 2ee90134
Sep/26/2016 15:15:30 ipsec,debug,packet 7bf27ec0 7ed4b7c2 76cff306 56c529f9 87fa92c8 9586c66e 68347e89 6c96c6ed
Sep/26/2016 15:15:30 ipsec,debug,packet 8beaaa20 2259aaa0 0ccd5ad2 8dc424df e1083a96 75495943 eaaf760c 878344f8
Sep/26/2016 15:15:30 ipsec,debug,packet a3762f64 65e9c282 cc428107 a59b5891 ddf1d52b c5b036b4 75024b83 21aee35f
Sep/26/2016 15:15:30 ipsec,debug,packet c6436932 3b307b8d c168638c dfc6e45e c58b5635 7fa1b3f6 4066c5d9 a4049854
Sep/26/2016 15:15:30 ipsec,debug,packet 2bcef328 0e5035b0 1ad5b691 e9718365 00000001 00000001 000001f8 0101000e
Sep/26/2016 15:15:30 ipsec,debug,packet 03000024 01010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
Sep/26/2016 15:15:30 ipsec,debug,packet 8004000e 03000024 02010000 800b0001 800c0e10 80010007 800e0100 80030001
Sep/26/2016 15:15:30 ipsec,debug,packet 80020002 8004000e 03000024 03010000 800b0001 800c0e10 80010007 800e0100
Sep/26/2016 15:15:30 ipsec,debug,packet 80030001 80020001 8004000e 03000024 04010000 800b0001 800c0e10 80010007
Sep/26/2016 15:15:30 ipsec,debug,packet 800e0100 80030001 80020006 8004000e 03000024 05010000 800b0001 800c0e10
Sep/26/2016 15:15:30 ipsec,debug,packet 80010007 800e0100 80030001 80020004 80040005 03000024 06010000 800b0001
Sep/26/2016 15:15:30 ipsec,debug,packet 800c0e10 80010007 800e0100 80030001 80020002 80040005 03000024 07010000
Sep/26/2016 15:15:30 ipsec,debug,packet 800b0001 800c0e10 80010007 800e0100 80030001 80020001 80040005 03000024
Sep/26/2016 15:15:30 ipsec,debug,packet 08010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004 80040002
Sep/26/2016 15:15:30 ipsec,debug,packet 03000024 09010000 800b0001 800c0e10 80010007 800e0100 80030001 80020002
Sep/26/2016 15:15:30 ipsec,debug,packet 80040002 03000024 0a010000 800b0001 800c0e10 80010007 800e0100 80030001
Sep/26/2016 15:15:30 ipsec,debug,packet 80020001 80040002 03000024 0b010000 800b0001 800c0e10 80010007 800e0080
Sep/26/2016 15:15:30 ipsec,debug,packet 80030001 80020002 80040002 03000024 0c010000 800b0001 800c0e10 80010007
Sep/26/2016 15:15:30 ipsec,debug,packet 800e0080 80030001 80020001 80040002 03000020 0d010000 800b0001 800c0e10
Sep/26/2016 15:15:30 ipsec,debug,packet 80010005 80030001 80020002 80040002 00000020 0e010000 800b0001 800c0e10
Sep/26/2016 15:15:30 ipsec,debug,packet 80010005 80030001 80020001 80040002 011101f4 0a044955
Sep/26/2016 15:15:30 ipsec,debug,packet hmac(hmac_sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet HASH computed:
Sep/26/2016 15:15:30 ipsec,debug,packet e374353a 7448fd2f 0874fb2a d3fa72a8 c4cd6f3e
Sep/26/2016 15:15:30 ipsec,debug,packet HASH for PSK validated.
Sep/26/2016 15:15:30 ipsec,debug,packet peer's ID
Sep/26/2016 15:15:30 ipsec,debug,packet 011101f4 0a044955
Sep/26/2016 15:15:30 ipsec,debug,packet ===
Sep/26/2016 15:15:30 ipsec,debug,packet use ID type of IPv4_address
Sep/26/2016 15:15:30 ipsec,debug,packet generate HASH_R
Sep/26/2016 15:15:30 ipsec,debug,packet HASH with:
Sep/26/2016 15:15:30 ipsec,debug,packet 7bf27ec0 7ed4b7c2 76cff306 56c529f9 87fa92c8 9586c66e 68347e89 6c96c6ed
Sep/26/2016 15:15:30 ipsec,debug,packet 8beaaa20 2259aaa0 0ccd5ad2 8dc424df e1083a96 75495943 eaaf760c 878344f8
Sep/26/2016 15:15:30 ipsec,debug,packet a3762f64 65e9c282 cc428107 a59b5891 ddf1d52b c5b036b4 75024b83 21aee35f
Sep/26/2016 15:15:30 ipsec,debug,packet c6436932 3b307b8d c168638c dfc6e45e c58b5635 7fa1b3f6 4066c5d9 a4049854
Sep/26/2016 15:15:30 ipsec,debug,packet d4274bf6 14c45290 fc398c17 de5f5a52 03d66c39 ea440bd9 a76d3eb4 971a56da
Sep/26/2016 15:15:30 ipsec,debug,packet a83ecac4 b5ca4161 9e2900c1 a04f8490 539dd368 8b2ef5b0 828461fa 56e4961e
Sep/26/2016 15:15:30 ipsec,debug,packet fb5b367b a2bcb82f ef1a7362 20f4c880 5ecea904 43e8453f 6babdb4c 09c2cd54
Sep/26/2016 15:15:30 ipsec,debug,packet 30590041 04007fd0 3c9207fd 2c426b8b c24dfb2c 18d51204 f9aad744 2ee90134
Sep/26/2016 15:15:30 ipsec,debug,packet 1ad5b691 e9718365 2bcef328 0e5035b0 00000001 00000001 000001f8 0101000e
Sep/26/2016 15:15:30 ipsec,debug,packet 03000024 01010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004
Sep/26/2016 15:15:30 ipsec,debug,packet 8004000e 03000024 02010000 800b0001 800c0e10 80010007 800e0100 80030001
Sep/26/2016 15:15:30 ipsec,debug,packet 80020002 8004000e 03000024 03010000 800b0001 800c0e10 80010007 800e0100
Sep/26/2016 15:15:30 ipsec,debug,packet 80030001 80020001 8004000e 03000024 04010000 800b0001 800c0e10 80010007
Sep/26/2016 15:15:30 ipsec,debug,packet 800e0100 80030001 80020006 8004000e 03000024 05010000 800b0001 800c0e10
Sep/26/2016 15:15:30 ipsec,debug,packet 80010007 800e0100 80030001 80020004 80040005 03000024 06010000 800b0001
Sep/26/2016 15:15:30 ipsec,debug,packet 800c0e10 80010007 800e0100 80030001 80020002 80040005 03000024 07010000
Sep/26/2016 15:15:30 ipsec,debug,packet 800b0001 800c0e10 80010007 800e0100 80030001 80020001 80040005 03000024
Sep/26/2016 15:15:30 ipsec,debug,packet 08010000 800b0001 800c0e10 80010007 800e0100 80030001 80020004 80040002
Sep/26/2016 15:15:30 ipsec,debug,packet 03000024 09010000 800b0001 800c0e10 80010007 800e0100 80030001 80020002
Sep/26/2016 15:15:30 ipsec,debug,packet 80040002 03000024 0a010000 800b0001 800c0e10 80010007 800e0100 80030001
Sep/26/2016 15:15:30 ipsec,debug,packet 80020001 80040002 03000024 0b010000 800b0001 800c0e10 80010007 800e0080
Sep/26/2016 15:15:30 ipsec,debug,packet 80030001 80020002 80040002 03000024 0c010000 800b0001 800c0e10 80010007
Sep/26/2016 15:15:30 ipsec,debug,packet 800e0080 80030001 80020001 80040002 03000020 0d010000 800b0001 800c0e10
Sep/26/2016 15:15:30 ipsec,debug,packet 80010005 80030001 80020002 80040002 00000020 0e010000 800b0001 800c0e10
Sep/26/2016 15:15:30 ipsec,debug,packet 80010005 80030001 80020001 80040002 011101f4 59caaf26
Sep/26/2016 15:15:30 ipsec,debug,packet hmac(hmac_sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet HASH computed:
Sep/26/2016 15:15:30 ipsec,debug,packet b1cb2688 fafe63e2 66416c54 cbd53fc4 845072c4
Sep/26/2016 15:15:30 ipsec,debug,packet add payload of len 8, next type 8
Sep/26/2016 15:15:30 ipsec,debug,packet add payload of len 20, next type 0
Sep/26/2016 15:15:30 ipsec,debug,packet begin encryption.
Sep/26/2016 15:15:30 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:30 ipsec,debug,packet pad length = 12
Sep/26/2016 15:15:30 ipsec,debug,packet 0800000c 011101f4 59caaf26 00000018 b1cb2688 fafe63e2 66416c54 cbd53fc4
Sep/26/2016 15:15:30 ipsec,debug,packet 845072c4 88a78e83 9bbd9393 8bf4930b
Sep/26/2016 15:15:30 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:30 ipsec,debug,packet with key:
Sep/26/2016 15:15:30 ipsec,debug,packet f552ac05 44a4e296 88fb6112 eea9cabe ee16fca5 35127d70 5cbd1560 18b94694
Sep/26/2016 15:15:30 ipsec,debug,packet encrypted payload by IV:
Sep/26/2016 15:15:30 ipsec,debug,packet 4e71715c 2d73026c 6388f188 81f09ad2
Sep/26/2016 15:15:30 ipsec,debug,packet save IV for next:
Sep/26/2016 15:15:30 ipsec,debug,packet dbcf64a4 d91eec9c 2fc8f41f fe518031
Sep/26/2016 15:15:30 ipsec,debug,packet encrypted.
Sep/26/2016 15:15:30 ipsec,debug,packet Adding NON-ESP marker
Sep/26/2016 15:15:30 ipsec,debug,packet 80 bytes from 89.x.x.x.x[4500] to 151.36.21.149[5360]
Sep/26/2016 15:15:30 ipsec,debug,packet sockname 89.x.x.x.x[4500]
Sep/26/2016 15:15:30 ipsec,debug,packet send packet from 89.x.x.x.x[4500]
Sep/26/2016 15:15:30 ipsec,debug,packet send packet to 151.36.21.149[5360]
Sep/26/2016 15:15:30 ipsec,debug,packet src4 89.x.x.x.x[4500]
Sep/26/2016 15:15:30 ipsec,debug,packet dst4 151.36.21.149[5360]
Sep/26/2016 15:15:30 ipsec,debug,packet 1 times of 80 bytes message will be sent to 151.36.21.149[5360]
Sep/26/2016 15:15:30 ipsec,debug,packet 00000000 2bcef328 0e5035b0 1ad5b691 e9718365 05100201 00000000 0000004c
Sep/26/2016 15:15:30 ipsec,debug,packet 598050d7 20b7fbea 30c8bb04 1158a374 4e210c8d 99a80d88 b1739528 1f89d27c
Sep/26/2016 15:15:30 ipsec,debug,packet dbcf64a4 d91eec9c 2fc8f41f fe518031
Sep/26/2016 15:15:30 ipsec,debug ISAKMP-SA established 89.x.x.x.x[4500]-151.36.21.149[5360] spi:2bcef3280e5035b0:1ad5b691e9718365
Sep/26/2016 15:15:30 ipsec,debug,packet ===
Sep/26/2016 15:15:30 ipsec,debug,packet ==========
Sep/26/2016 15:15:30 ipsec,debug,packet 316 bytes message received from 151.36.21.149[5360] to 89.x.x.x.x[4500]
Sep/26/2016 15:15:30 ipsec,debug,packet 2bcef328 0e5035b0 1ad5b691 e9718365 08102001 a3200c41 0000013c 9c9660da
Sep/26/2016 15:15:30 ipsec,debug,packet 2a325484 1e2c7291 cd7b205f 53fc203d e94f9178 e31001af ee4e60e6 6e534252
Sep/26/2016 15:15:30 ipsec,debug,packet 3f8d79ab 17d1e879 b20ad574 12f32095 aba6980e 738aaad7 bae77c9f 1ba39ff5
Sep/26/2016 15:15:30 ipsec,debug,packet 89831e00 d2f56953 0bc6f1a3 b4b66b15 ec4a6453 8732596e 944d4089 d5c2176d
Sep/26/2016 15:15:30 ipsec,debug,packet 702c8bef 8e937d25 273ecba3 552fdca2 3912101e 38d0260a a93ceda1 d0a6583e
Sep/26/2016 15:15:30 ipsec,debug,packet a03c5842 f282da14 5b3f32bf 3f7bf5e7 7b97fde9 33bf2bd0 84e6399c 59faa5a1
Sep/26/2016 15:15:30 ipsec,debug,packet de7c6960 7ad38d9f f3c399fd b9f38655 1a1281fe 1261fd9a ee479c48 f48a6872
Sep/26/2016 15:15:30 ipsec,debug,packet 3426b872 6f943f06 c3e5e49a e2a060de 00e33f33 ffd1ca6a fcaffc46 959540d6
Sep/26/2016 15:15:30 ipsec,debug,packet e60521aa c6819643 469de1f2 f3b96e54 51bb86cc 38fb16bc f4fdd7f3 ac67fb08
Sep/26/2016 15:15:30 ipsec,debug,packet 0ec34143 5f07392f 08b89495 5bec0fdf cf814f6f 565431f6 f37dce2b
Sep/26/2016 15:15:30 ipsec,debug,packet compute IV for phase2
Sep/26/2016 15:15:30 ipsec,debug,packet phase1 last IV:
Sep/26/2016 15:15:30 ipsec,debug,packet dbcf64a4 d91eec9c 2fc8f41f fe518031 a3200c41
Sep/26/2016 15:15:30 ipsec,debug,packet hash(sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:30 ipsec,debug,packet phase2 IV computed:
Sep/26/2016 15:15:30 ipsec,debug,packet e50f1f47 27d80d54 29b74911 73cfde1c
Sep/26/2016 15:15:30 ipsec,debug,packet ===
Sep/26/2016 15:15:30 ipsec,debug respond new phase 2 negotiation: 89.x.x.x.x[4500]<=>151.36.21.149[5360]
Sep/26/2016 15:15:30 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:30 ipsec,debug,packet IV was saved for next processing:
Sep/26/2016 15:15:30 ipsec,debug,packet 5bec0fdf cf814f6f 565431f6 f37dce2b
Sep/26/2016 15:15:30 ipsec,debug,packet encryption(aes)
Sep/26/2016 15:15:30 ipsec,debug,packet with key:
Sep/26/2016 15:15:30 ipsec,debug,packet f552ac05 44a4e296 88fb6112 eea9cabe ee16fca5 35127d70 5cbd1560 18b94694
Sep/26/2016 15:15:30 ipsec,debug,packet decrypted payload by IV:
Sep/26/2016 15:15:30 ipsec,debug,packet e50f1f47 27d80d54 29b74911 73cfde1c
Sep/26/2016 15:15:30 ipsec,debug,packet decrypted payload, but not trimed.
Sep/26/2016 15:15:30 ipsec,debug,packet 01000018 5830f1be 20e1a9b1 ed972606 054be168 aaca8f3a 0a0000b8 00000001
Sep/26/2016 15:15:30 ipsec,debug,packet 00000001 000000ac 01030406 04b29fc1 0300001c 010c0000 80010001 80020e10
Sep/26/2016 15:15:30 ipsec,debug,packet 80040004 80060100 80050002 0300001c 020c0000 80010001 80020e10 80040004
Sep/26/2016 15:15:30 ipsec,debug,packet 80060100 80050001 0300001c 030c0000 80010001 80020e10 80040004 80060080
Sep/26/2016 15:15:30 ipsec,debug,packet 80050002 0300001c 040c0000 80010001 80020e10 80040004 80060080 80050001
Sep/26/2016 15:15:30 ipsec,debug,packet 03000018 05030000 80010001 80020e10 80040004 80050002 00000018 06030000
Sep/26/2016 15:15:30 ipsec,debug,packet 80010001 80020e10 80040004 80050001 05000014 0751505f 3de128a5 6db0c171
Sep/26/2016 15:15:30 ipsec,debug,packet 399eec9b 0500000c 0111c518 0a044955 1500000c 011106a5 59caaf26 1500000c
Sep/26/2016 15:15:30 ipsec,debug,packet 01000000 0a044955 0000000c 01000000 59caaf26 00000000 00000000 0000000c
Sep/26/2016 15:15:30 ipsec,debug,packet padding len=13
Sep/26/2016 15:15:30 ipsec,debug,packet skip to trim padding.
Sep/26/2016 15:15:30 ipsec,debug,packet decrypted.
Sep/26/2016 15:15:30 ipsec,debug,packet 2bcef328 0e5035b0 1ad5b691 e9718365 08102001 a3200c41 0000013c 01000018
Sep/26/2016 15:15:30 ipsec,debug,packet 5830f1be 20e1a9b1 ed972606 054be168 aaca8f3a 0a0000b8 00000001 00000001
Sep/26/2016 15:15:30 ipsec,debug,packet 000000ac 01030406 04b29fc1 0300001c 010c0000 80010001 80020e10 80040004
Sep/26/2016 15:15:30 ipsec,debug,packet 80060100 80050002 0300001c 020c0000 80010001 80020e10 80040004 80060100
Sep/26/2016 15:15:30 ipsec,debug,packet 80050001 0300001c 030c0000 80010001 80020e10 80040004 80060080 80050002
Sep/26/2016 15:15:30 ipsec,debug,packet 0300001c 040c0000 80010001 80020e10 80040004 80060080 80050001 03000018
Sep/26/2016 15:15:30 ipsec,debug,packet 05030000 80010001 80020e10 80040004 80050002 00000018 06030000 80010001
Sep/26/2016 15:15:30 ipsec,debug,packet 80020e10 80040004 80050001 05000014 0751505f 3de128a5 6db0c171 399eec9b
Sep/26/2016 15:15:30 ipsec,debug,packet 0500000c 0111c518 0a044955 1500000c 011106a5 59caaf26 1500000c 01000000
Sep/26/2016 15:15:30 ipsec,debug,packet 0a044955 0000000c 01000000 59caaf26 00000000 00000000 0000000c
Sep/26/2016 15:15:30 ipsec,debug,packet begin.
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=8(hash)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=1(sa)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=10(nonce)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=5(id)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=5(id)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=21(nat-oa)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=21(nat-oa)
Sep/26/2016 15:15:30 ipsec,debug,packet succeed.
Sep/26/2016 15:15:30 ipsec,debug,packet received IDci2:
Sep/26/2016 15:15:30 ipsec,debug,packet 0111c518 0a044955
Sep/26/2016 15:15:30 ipsec,debug,packet received IDcr2:
Sep/26/2016 15:15:30 ipsec,debug,packet 011106a5 59caaf26
Sep/26/2016 15:15:30 ipsec,debug,packet HASH(1) validate:
Sep/26/2016 15:15:30 ipsec,debug,packet 5830f1be 20e1a9b1 ed972606 054be168 aaca8f3a
Sep/26/2016 15:15:30 ipsec,debug,packet HASH with:
Sep/26/2016 15:15:30 ipsec,debug,packet a3200c41 0a0000b8 00000001 00000001 000000ac 01030406 04b29fc1 0300001c
Sep/26/2016 15:15:30 ipsec,debug,packet 010c0000 80010001 80020e10 80040004 80060100 80050002 0300001c 020c0000
Sep/26/2016 15:15:30 ipsec,debug,packet 80010001 80020e10 80040004 80060100 80050001 0300001c 030c0000 80010001
Sep/26/2016 15:15:30 ipsec,debug,packet 80020e10 80040004 80060080 80050002 0300001c 040c0000 80010001 80020e10
Sep/26/2016 15:15:30 ipsec,debug,packet 80040004 80060080 80050001 03000018 05030000 80010001 80020e10 80040004
Sep/26/2016 15:15:30 ipsec,debug,packet 80050002 00000018 06030000 80010001 80020e10 80040004 80050001 05000014
Sep/26/2016 15:15:30 ipsec,debug,packet 0751505f 3de128a5 6db0c171 399eec9b 0500000c 0111c518 0a044955 1500000c
Sep/26/2016 15:15:30 ipsec,debug,packet 011106a5 59caaf26 1500000c 01000000 0a044955 0000000c 01000000 59caaf26
Sep/26/2016 15:15:30 ipsec,debug,packet hmac(hmac_sha1)
Sep/26/2016 15:15:30 ipsec,debug,packet HASH computed:
Sep/26/2016 15:15:30 ipsec,debug,packet 5830f1be 20e1a9b1 ed972606 054be168 aaca8f3a
Sep/26/2016 15:15:30 ipsec,debug,packet get a src address from ID payload 10.4.73.85[50456] prefixlen=32 ul_proto=17
Sep/26/2016 15:15:30 ipsec,debug,packet get dst address from ID payload 89.x.x.x.x[1701] prefixlen=32 ul_proto=17
Sep/26/2016 15:15:30 ipsec,debug,packet 0x7fabf454 masked with /32: 10.4.73.85[50456]
Sep/26/2016 15:15:30 ipsec,debug,packet 0xc8ab8 masked with /32: 185.26.199.26[0]
Sep/26/2016 15:15:30 ipsec,debug,packet 0x7fabf454 masked with /32: 10.4.73.85[50456]
Sep/26/2016 15:15:30 ipsec,debug,packet 0xd75d0 masked with /32: 151.36.21.149[5356]
Sep/26/2016 15:15:30 ipsec,debug,packet 0x7fabf454 masked with /32: 10.4.73.85[50456]
Sep/26/2016 15:15:30 ipsec,debug,packet 0x118ae8 masked with /32: 151.36.21.149[5360]
Sep/26/2016 15:15:30 ipsec,debug no policy found, try to generate the policy : 10.4.73.85/32[50456] 89.x.x.x.x/32[1701] proto=udp dir=in port_override=0
Sep/26/2016 15:15:30 ipsec,debug,packet total SA len=180
Sep/26/2016 15:15:30 ipsec,debug,packet 00000001 00000001 000000ac 01030406 04b29fc1 0300001c 010c0000 80010001
Sep/26/2016 15:15:30 ipsec,debug,packet 80020e10 80040004 80060100 80050002 0300001c 020c0000 80010001 80020e10
Sep/26/2016 15:15:30 ipsec,debug,packet 80040004 80060100 80050001 0300001c 030c0000 80010001 80020e10 80040004
Sep/26/2016 15:15:30 ipsec,debug,packet 80060080 80050002 0300001c 040c0000 80010001 80020e10 80040004 80060080
Sep/26/2016 15:15:30 ipsec,debug,packet 80050001 03000018 05030000 80010001 80020e10 80040004 80050002 00000018
Sep/26/2016 15:15:30 ipsec,debug,packet 06030000 80010001 80020e10 80040004 80050001
Sep/26/2016 15:15:30 ipsec,debug,packet begin.
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=2(prop)
Sep/26/2016 15:15:30 ipsec,debug,packet succeed.
Sep/26/2016 15:15:30 ipsec,debug,packet proposal #1 len=172
Sep/26/2016 15:15:30 ipsec,debug,packet begin.
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:30 ipsec,debug,packet seen nptype=3(trns)
Sep/26/2016 15:15:30 ipsec,debug,packet succeed.
Sep/26/2016 15:15:30 ipsec,debug,packet transform #1 len=28
Sep/26/2016 15:15:30 ipsec,debug,packet type=SA Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:30 ipsec,debug,packet type=SA Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:30 ipsec,debug,packet life duration was in TLV.
Sep/26/2016 15:15:30 ipsec,debug,packet type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
Sep/26/2016 15:15:30 ipsec,debug,packet UDP encapsulation requested
Sep/26/2016 15:15:30 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:30 ipsec,debug,packet type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
Sep/26/2016 15:15:30 ipsec,debug,packet transform #2 len=28
Sep/26/2016 15:15:30 ipsec,debug,packet type=SA Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:30 ipsec,debug,packet type=SA Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:30 ipsec,debug,packet life duration was in TLV.
Sep/26/2016 15:15:30 ipsec,debug,packet type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
Sep/26/2016 15:15:30 ipsec,debug,packet UDP encapsulation requested
Sep/26/2016 15:15:30 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=256
Sep/26/2016 15:15:30 ipsec,debug,packet type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
Sep/26/2016 15:15:30 ipsec,debug,packet transform #3 len=28
Sep/26/2016 15:15:30 ipsec,debug,packet type=SA Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:30 ipsec,debug,packet type=SA Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:30 ipsec,debug,packet life duration was in TLV.
Sep/26/2016 15:15:30 ipsec,debug,packet type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
Sep/26/2016 15:15:30 ipsec,debug,packet UDP encapsulation requested
Sep/26/2016 15:15:30 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=128
Sep/26/2016 15:15:30 ipsec,debug,packet type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1
Sep/26/2016 15:15:30 ipsec,debug,packet transform #4 len=28
Sep/26/2016 15:15:30 ipsec,debug,packet type=SA Life Type, flag=0x8000, lorv=seconds
Sep/26/2016 15:15:30 ipsec,debug,packet type=SA Life Duration, flag=0x8000, lorv=3600
Sep/26/2016 15:15:30 ipsec,debug,packet life duration was in TLV.
Sep/26/2016 15:15:30 ipsec,debug,packet type=Encryption Mode, flag=0x8000, lorv=UDP-Transport
Sep/26/2016 15:15:30 ipsec,debug,packet UDP encapsulation requested
Sep/26/2016 15:15:30 ipsec,debug,packet type=Key Length, flag=0x8000, lorv=128
Sep/26/2016 15:15:30 ipsec,debug,packet type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7198
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: PPTP iOS10

Mon Sep 26, 2016 9:09 pm

please try v6.37, we ave fixed such problems with devices connecting from mobile networks.
 
Rapidos
just joined
Posts: 3
Joined: Tue Sep 27, 2016 6:29 pm

Re: PPTP iOS10

Tue Sep 27, 2016 6:49 pm

please try v6.37, we ave fixed such problems with devices connecting from mobile networks.
I'm trying to fw 6.37 + iOS10 iPhone6s+ Vodafone LTE, but unfortunately still does not work.
The VPN connection across the network via wifi works well. Connection via mobile network does not work.
To log lists only the "first L2TP UDP packet received from 31.30 ....." and will terminate on timeout.
 
miks
just joined
Posts: 3
Joined: Thu Sep 22, 2016 7:14 pm

Re: PPTP iOS10

Tue Sep 27, 2016 8:48 pm

please try v6.37, we ave fixed such problems with devices connecting from mobile networks.
Its working now (I don't have mikrotik router behind NAT). Looks like v6.36.3 was to blame.
 
akronis
just joined
Posts: 3
Joined: Fri Sep 07, 2012 7:19 pm

Re: PPTP iOS10

Sat Oct 01, 2016 6:00 pm

You can post your solution ?

Regards
 
smarty
just joined
Posts: 3
Joined: Sat Oct 01, 2016 9:44 pm

Re: PPTP iOS10

Sat Oct 01, 2016 9:50 pm

please try v6.37, we ave fixed such problems with devices connecting from mobile networks.
Thanks a lot. With v6.37 I can connect my apple devices on iOS 10 via L2TP to my network. I have troubles with previous 6.x versions.
 
Rapidos
just joined
Posts: 3
Joined: Tue Sep 27, 2016 6:29 pm

Re: PPTP iOS10

Sun Oct 02, 2016 3:06 pm

Thanks a lot. With v6.37 I can connect my apple devices on iOS 10 via L2TP to my network. I have troubles with previous 6.x versions.
And it works even with mobile network?
 
User avatar
MichelePietravalle
Trainer
Trainer
Posts: 100
Joined: Sun Apr 19, 2009 9:03 pm

Re: PPTP iOS10

Sun Oct 02, 2016 5:36 pm

yes, with 6.37 works fine! (for me)
 
smarty
just joined
Posts: 3
Joined: Sat Oct 01, 2016 9:44 pm

Re: PPTP iOS10

Sun Oct 02, 2016 9:13 pm

Thanks a lot. With v6.37 I can connect my apple devices on iOS 10 via L2TP to my network. I have troubles with previous 6.x versions.
And it works even with mobile network?
Yes, 6.37 is working with mobile connections. 6.x version was not. For me, it became working only after version upgrade.
 
Rapidos
just joined
Posts: 3
Joined: Tue Sep 27, 2016 6:29 pm

Re: PPTP iOS10

Mon Oct 03, 2016 9:38 am

Yes, 6.37 is working with mobile connections. 6.x version was not. For me, it became working only after version upgrade.
Please, publish configurations. Thank you.
 
ladmar
just joined
Posts: 6
Joined: Tue Feb 09, 2016 9:05 am

Re: PPTP iOS10

Mon Oct 03, 2016 9:55 am

Thx for this config, it works fine connecting through iOS 10 and mobile network.
I am using 6.37 OS.
But, I cannot send/access any data from my mobile device, the network can "ping" my mobile device.
I have tested several firewall rules but if its about firewall rules I dont seem to get it right.
Should I need to create any specifik rules for this?
I have added a static PPP interface, we can say it's called "l_user1"

Anyone with same problem, how did you solve this?

Cheers
 
craigreilly
newbie
Posts: 46
Joined: Mon Jan 26, 2015 7:04 pm

Re: PPTP iOS10

Mon Oct 03, 2016 9:07 pm

Are you saying Remote devices can not access network once connected to VPN?
Do you have the Chain rules for UDP 500,4500,1701?
Also - on the WAN and LAN interface = the ARP should be set to "PROXY-ARP"

However - I am still on 6.29.1 and plan to update to 6.37.1 tonight. I am having issues with multiple connections from same remote location.
 
ladmar
just joined
Posts: 6
Joined: Tue Feb 09, 2016 9:05 am

Re: PPTP iOS10

Mon Oct 03, 2016 10:54 pm

Are you saying Remote devices can not access network once connected to VPN?
Do you have the Chain rules for UDP 500,4500,1701?
Also - on the WAN and LAN interface = the ARP should be set to "PROXY-ARP"

However - I am still on 6.29.1 and plan to update to 6.37.1 tonight. I am having issues with multiple connections from same remote location.
Thx, thats was it, Proxy-arp at least on "bridge-local" did it. I will go over this tomorrow and find out where I really need it or not :-)

Upgrade the OS is smooth, I did not have any problems with 6.29.1 but there are some bugs fixed in 6.37 so why not?
You can not have multiple VPN Connections from same remote location if not using unique translated public IP adresses for each user/Connection.
 
malstro
just joined
Posts: 17
Joined: Fri Jun 24, 2016 11:31 am

Re: PPTP iOS10

Tue Oct 04, 2016 12:56 am

Hey there,

I'm trying to use L2TP with integrated IPsec with the v6.37.1. release.

Still no progress with L2TP+IPsec and iOS10/macOS Sierra. Same error (client gets stuck at "L2TP sent SCCRQ")
My RouterOS/Mikrotik is NOT NATed - directly attached to the public IP address via a PPPoE/VDSL.

ipsec,debug log:
.......
23:46:29 ipsec,debug,packet KEYMAT computed. 
23:46:29 ipsec,debug,packet call pk_sendupdate 
23:46:29 ipsec,debug,packet encryption(aes-cbc) 
23:46:29 ipsec,debug,packet hmac(sha1) 
23:46:29 ipsec,debug,packet call pfkey_send_update_nat 
23:46:29 ipsec,debug,packet pfkey update sent. 
23:46:29 ipsec,debug,packet encryption(aes-cbc) 
23:46:29 ipsec,debug,packet hmac(sha1) 
23:46:29 ipsec,debug,packet call pfkey_send_add_nat 
23:46:29 ipsec,debug,packet pfkey add sent. 
23:46:29 ipsec,debug,packet call pfkey_send_spdupdate2 
23:46:29 ipsec,debug,packet pfkey spdupdate2(inbound) sent. 
23:46:29 ipsec,debug,packet call pfkey_send_spdupdate2 
23:46:29 ipsec,debug,packet pfkey spdupdate2(outbound) sent. 
23:46:29 ipsec,debug,packet such policy does not already exist: **.**.**.0/32[
58098] ***.***.**.**/32[1701] proto=udp dir=in 
23:46:29 ipsec,debug,packet such policy does not already exist: ***.***.**.**/
32[1701] **.**.**.*/32[58098] proto=udp dir=out 
23:46:36 ipsec,debug,packet KA: ***.***.**.**[4500]->**.**.**.*[4500] 
23:46:36 ipsec,debug,packet sockname ***.***.**.**[4500] 
23:46:36 ipsec,debug,packet send packet from ***.***.**.**[4500] 
23:46:36 ipsec,debug,packet send packet to **.**.**.*[4500] 
23:46:36 ipsec,debug,packet src4 ***.***.**.**[4500] 
23:46:36 ipsec,debug,packet dst4 **.**.**.*[4500] 
23:46:36 ipsec,debug,packet 1 times of 1 bytes message will be sent to **.**.**.*[4500] 
23:46:36 ipsec,debug,packet ff 
23:46:49 ipsec,debug,packet ========== 
23:46:49 ipsec,debug,packet 76 bytes message received from **.**.**.*[4500] to
 ***.***.**.**[4500] 
23:46:49 ipsec,debug,packet ef122af8 0ec0c2d9 cb888639 ed4084be 08100501 ec5e1
b56 0000004c 42779360 
23:46:49 ipsec,debug,packet 25e83d37 0bf5ee54 7a1645ed 4e3d1b61 81b04d88 70cae
ff0 11f03b4d 31d417d6 
23:46:49 ipsec,debug,packet beee6fc6 583f362d db630556 
23:46:49 ipsec,debug,packet receive Information. 
23:46:49 ipsec,debug,packet compute IV for phase2 
23:46:49 ipsec,debug,packet phase1 last IV: 
23:46:49 ipsec,debug,packet 097201d3 188651a0 f79eff27 b4ba322b ec5e1b56 
23:46:49 ipsec,debug,packet hash(sha1) 
23:46:49 ipsec,debug,packet encryption(aes) 
23:46:49 ipsec,debug,packet phase2 IV computed: 
23:46:49 ipsec,debug,packet 711757cc 8834c07c 3eaf46b8 92ed58b7 
23:46:49 ipsec,debug,packet encryption(aes) 
23:46:49 ipsec,debug,packet IV was saved for next processing: 
23:46:49 ipsec,debug,packet 31d417d6 beee6fc6 583f362d db630556 
23:46:49 ipsec,debug,packet encryption(aes) 
23:46:49 ipsec,debug,packet with key: 
23:46:49 ipsec,debug,packet 7a885648 7225c7cd f8d52abe ead82e4d 7c2fa279 2e524
571 868c1423 809f84ae 
23:46:49 ipsec,debug,packet decrypted payload by IV: 
23:46:49 ipsec,debug,packet 711757cc 8834c07c 3eaf46b8 92ed58b7 
23:46:49 ipsec,debug,packet decrypted payload, but not trimed. 
23:46:49 ipsec,debug,packet 0c000018 f386b290 fbe874a5 ccbf3453 b9f1d489 dc0b1
66f 00000010 00000001 
23:46:49 ipsec,debug,packet 03040001 0d3720c9 00000000 00000008 
23:46:49 ipsec,debug,packet padding len=9 
23:46:49 ipsec,debug,packet skip to trim padding. 
23:46:49 ipsec,debug,packet decrypted. 
23:46:49 ipsec,debug,packet ef122af8 0ec0c2d9 cb888639 ed4084be 08100501 ec5e1
b56 0000004c 0c000018 
23:46:49 ipsec,debug,packet f386b290 fbe874a5 ccbf3453 b9f1d489 dc0b166f 00000
010 00000001 03040001 
23:46:49 ipsec,debug,packet 0d3720c9 00000000 00000008 
23:46:49 ipsec,debug,packet HASH with: 
23:46:49 ipsec,debug,packet ec5e1b56 00000010 00000001 03040001 0d3720c9 
23:46:49 ipsec,debug,packet hmac(hmac_sha1) 
23:46:49 ipsec,debug,packet HASH computed: 
23:46:49 ipsec,debug,packet f386b290 fbe874a5 ccbf3453 b9f1d489 dc0b166f 
23:46:49 ipsec,debug,packet hash validated. 
23:46:49 ipsec,debug,packet begin. 
23:46:49 ipsec,debug,packet seen nptype=8(hash) len=24 
23:46:49 ipsec,debug,packet seen nptype=12(delete) len=16 
23:46:49 ipsec,debug,packet succeed. 
23:46:49 ipsec,debug,packet **.**.**.* delete payload for protocol ESP 
23:46:49 ipsec,debug,packet purge_ipsec_spi: 
23:46:49 ipsec,debug,packet dst0: **.**.**.*[4500] 
23:46:49 ipsec,debug,packet SPI: 0D3720C9 
23:46:49 ipsec,debug,packet check spi(packet)=221716681 spi(db)=221716681. 
23:46:49 ipsec,debug generated (transport=1) policy, deleting it. 
23:46:49 ipsec,debug,packet get a source address of SP index from phase1 addre
ss because peer is behind NAT 
23:46:49 ipsec,debug policy src address **.**.**.*[58098] prefixlen=32 ul_prot
o=17 
23:46:49 ipsec,debug policy dst address ***.***.**.**[1701] prefixlen=32 ul_pr
oto=17 
23:46:49 ipsec,debug,packet call pfkey_send_spddelete 
23:46:49 ipsec,debug pfkey spddelete(inbound) sent. 
23:46:49 ipsec,debug,packet call pfkey_send_spddelete 
23:46:49 ipsec,debug pfkey spddelete(outbound) sent. 
23:46:49 ipsec,debug,packet an undead schedule has been deleted. 
23:46:49 ipsec,debug purged IPsec-SA proto_id=ESP spi=221716681. 
23:46:49 ipsec,debug,packet purged SAs. 
23:46:49 ipsec,debug pfkey DELETE received: ESP ***.***.**.**[4500]->**.**.**.*[4500] spi=221716681(0xd3720c9) 
23:46:49 ipsec,debug,packet ========== 
23:46:49 ipsec,debug,packet 92 bytes message received from **.**.**.*[4500] to
 ***.***.**.**[4500] 
23:46:49 ipsec,debug,packet ef122af8 0ec0c2d9 cb888639 ed4084be 08100501 a95fd
4c2 0000005c 0584d4da 
23:46:49 ipsec,debug,packet 90d6c6f1 a363eda1 39832314 44459334 8b6f5793 97ab0
559 ee5d8322 603883d1 
23:46:49 ipsec,debug,packet 2c048d97 810cd097 af1d400c 3627b845 c9bc6eff 653b0
d6d 946dadc1 
23:46:49 ipsec,debug,packet receive Information. 
23:46:49 ipsec,debug,packet compute IV for phase2 
23:46:49 ipsec,debug,packet phase1 last IV: 
23:46:49 ipsec,debug,packet 097201d3 188651a0 f79eff27 b4ba322b a95fd4c2 
23:46:49 ipsec,debug,packet hash(sha1) 
23:46:49 ipsec,debug,packet encryption(aes) 
23:46:49 ipsec,debug,packet phase2 IV computed: 
23:46:49 ipsec,debug,packet 96708556 a24580ad 03faac34 3b03ce3f 
23:46:49 ipsec,debug,packet encryption(aes) 
23:46:49 ipsec,debug,packet IV was saved for next processing: 
23:46:49 ipsec,debug,packet 3627b845 c9bc6eff 653b0d6d 946dadc1 
23:46:49 ipsec,debug,packet encryption(aes) 
23:46:49 ipsec,debug,packet with key: 
23:46:49 ipsec,debug,packet 7a885648 7225c7cd f8d52abe ead82e4d 7c2fa279 2e524
571 868c1423 809f84ae 
23:46:49 ipsec,debug,packet decrypted payload by IV: 
23:46:49 ipsec,debug,packet 96708556 a24580ad 03faac34 3b03ce3f 
23:46:49 ipsec,debug,packet decrypted payload, but not trimed. 
23:46:49 ipsec,debug,packet 0c000018 6a93ca6d cccf84e6 94c42e8c 98c20daa 6b3c1
fc6 0000001c 00000001 
23:46:49 ipsec,debug,packet 01100001 ef122af8 0ec0c2d9 cb888639 ed4084be 00000
000 00000000 0000000c 
23:46:49 ipsec,debug,packet padding len=13 
23:46:49 ipsec,debug,packet skip to trim padding. 
23:46:49 ipsec,debug,packet decrypted. 
23:46:49 ipsec,debug,packet ef122af8 0ec0c2d9 cb888639 ed4084be 08100501 a95fd
4c2 0000005c 0c000018 
23:46:49 ipsec,debug,packet 6a93ca6d cccf84e6 94c42e8c 98c20daa 6b3c1fc6 00000
01c 00000001 01100001 
23:46:49 ipsec,debug,packet ef122af8 0ec0c2d9 cb888639 ed4084be 00000000 00000
000 0000000c 
23:46:49 ipsec,debug,packet HASH with: 
23:46:49 ipsec,debug,packet a95fd4c2 0000001c 00000001 01100001 ef122af8 0ec0c
2d9 cb888639 ed4084be 
23:46:49 ipsec,debug,packet hmac(hmac_sha1) 
23:46:49 ipsec,debug,packet HASH computed: 
23:46:49 ipsec,debug,packet 6a93ca6d cccf84e6 94c42e8c 98c20daa 6b3c1fc6 
23:46:49 ipsec,debug,packet hash validated. 
23:46:49 ipsec,debug,packet begin. 
23:46:49 ipsec,debug,packet seen nptype=8(hash) len=24 
23:46:49 ipsec,debug,packet seen nptype=12(delete) len=28 
23:46:49 ipsec,debug,packet succeed. 
23:46:49 ipsec,debug,packet **.**.**.* delete payload for protocol ISAKMP 
23:46:49 ipsec,debug purging ISAKMP-SA ***.***.**.**[4500]<=>**.**.**.*[4500] 
spi=ef122af80ec0c2d9:cb888639ed4084be. 
23:46:49 ipsec,debug,packet purged SAs. 
23:46:49 ipsec,debug pfkey DELETE received: ESP **.**.**.*[4500]->***.***.**.**
6[4500] spi=63889591(0x3cee0b7) 
23:46:50 ipsec,debug ISAKMP-SA deleted ***.***.**.**[4500]-**.**.**.*[4500] sp
i:ef122af80ec0c2d9:cb888639ed4084be rekey:1 
23:46:50 ipsec,debug KA remove: ***.***.**.**[4500]->**.**.**.*[4500] 
23:46:50 ipsec,debug,packet KA tree dump: ***.***.**.**[4500]->**.**.**.*[4500
] (in_use=1) 
23:46:50 ipsec,debug,packet KA removing this one... 
23:46:50 ipsec,debug,packet an undead schedule has been deleted.
Any Help?! I don't know what to try next or different - no solution seems to work.
 
craigreilly
newbie
Posts: 46
Joined: Mon Jan 26, 2015 7:04 pm

Re: PPTP iOS10

Tue Oct 04, 2016 2:34 am

You can not have multiple VPN Connections from same remote location if not using unique translated public IP adresses for each user/Connection.
Then what is the point of having a VPN? I have a small office on the east - coast - just 4 people... no need for a Mikrotik for P2P VPN and also when my team travels and stay in hotels - they are there in teams of 2 or more. What other options do I have?
 
malstro
just joined
Posts: 17
Joined: Fri Jun 24, 2016 11:31 am

Re: PPTP iOS10

Tue Oct 04, 2016 4:15 pm

Then what is the point of having a VPN? ... What other options do I have?
Totally agree!
If it's not L2TP+IPsec for a common road warrior setup .. then which option is it ?

- IPsec+XAuth?
- SSL-VPN (OpenVPN) .. but this would require a complex configuration + client app

Thanks again.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26954
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Tue Oct 04, 2016 4:18 pm

The team of workers could bring a mAP lite with them, and make the tunnel from there + use it as an AP in the room. As a workaround. Because in this case you would only need on tunnel.
 
ladmar
just joined
Posts: 6
Joined: Tue Feb 09, 2016 9:05 am

Re: PPTP iOS10

Tue Oct 04, 2016 4:56 pm

You can not have multiple VPN Connections from same remote location if not using unique translated public IP adresses for each user/Connection.
Then what is the point of having a VPN? I have a small office on the east - coast - just 4 people... no need for a Mikrotik for P2P VPN and also when my team travels and stay in hotels - they are there in teams of 2 or more. What other options do I have?
Well , its just how IP and the protocol for esp works, its not unique for Mikrotik, its the same for all network gear regardless.
If the hotell och whatever NAT all user as the same IP adress this will be a problem if several users connecting to same IP peer.
I think Normis just provided one solution, or else SSL-VPN is another.
 
craigreilly
newbie
Posts: 46
Joined: Mon Jan 26, 2015 7:04 pm

Re: PPTP iOS10

Tue Oct 04, 2016 6:48 pm

The team of workers could bring a mAP lite with them, and make the tunnel from there + use it as an AP in the room. As a workaround. Because in this case you would only need on tunnel.
While this sounds like a good idea at $20 - I see a few issues:
1) Working in your guestroom - 10 different floors of a hotel. Can not always accomodate rooms side by side.
2) Do these allow me to piggy back off the hotel WiFi and then broadcast a WiFi signal - or does it accept an Ethernet Hardline for the circuit only?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26954
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: PPTP iOS10

Wed Oct 05, 2016 9:10 am

The team of workers could bring a mAP lite with them, and make the tunnel from there + use it as an AP in the room. As a workaround. Because in this case you would only need on tunnel.
While this sounds like a good idea at $20 - I see a few issues:
1) Working in your guestroom - 10 different floors of a hotel. Can not always accomodate rooms side by side.
2) Do these allow me to piggy back off the hotel WiFi and then broadcast a WiFi signal - or does it accept an Ethernet Hardline for the circuit only?
1) OK, fair point
2) Can do both, new RouterOS versions have repeater mode for any wireless product
 
craigreilly
newbie
Posts: 46
Joined: Mon Jan 26, 2015 7:04 pm

Re: PPTP iOS10

Wed Oct 05, 2016 5:36 pm

Still... sounds like v7 is the ultimate answer - just no timeline in sight.
 
malstro
just joined
Posts: 17
Joined: Fri Jun 24, 2016 11:31 am

Re: PPTP iOS10

Thu Oct 06, 2016 10:57 am

Still... sounds like v7 is the ultimate answer - just no timeline in sight.
Agree! We need v7 to fulfill basic networking tasks like multi-roadwarrior-client VPN.
(also have a look at this discussion http://forum.mikrotik.com/viewtopic.php?f=2&t=82980)
 
finalcutroot
newbie
Posts: 45
Joined: Sun Mar 09, 2014 9:36 pm

Re: PPTP iOS10

Sat Oct 15, 2016 5:58 pm

i have router with static ip and it has ipsec connections to another 7 routers with dynamic ip ( thats work fine)
i have created another l2tp/ipsec connection to support iPhone IOS 10 , the new peer has another preshared key , this work up to 10 hours then the cpu get 100%, also the cpu get 100% when i try clear the sa's , never work again until i reboot the router , please your help


0 ;;; Mik01
address=0.0.0.0/0 local-address=:: passive=no port=500
auth-method=pre-shared-key secret="*****"
generate-policy=port-strict policy-template-group=default
exchange-mode=main send-initial-contact=yes nat-traversal=yes
proposal-check=obey hash-algorithm=sha1 enc-algorithm=aes-128,3des
dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=2m
dpd-maximum-failures=5

1 X address=0.0.0.0/0 local-address=:: passive=no port=500
auth-method=pre-shared-key secret="**********"
generate-policy=port-override policy-template-group=default
exchange-mode=main-l2tp send-initial-contact=yes nat-traversal=no
hash-algorithm=sha1 enc-algorithm=aes-128,3des dh-group=modp1024
lifetime=1d dpd-interval=2m dpd-maximum-failures=5
 
negge
newbie
Posts: 43
Joined: Fri Jul 10, 2009 11:05 am

Re: PPTP iOS10

Tue Oct 18, 2016 9:22 pm

We've had loads of similar issues with our CCR1009 at the office. We have both PPTP and L2TP/IPsec available as VPN options for people who want to connect as road warriors. PPTP has always worked, but L2TP/IPsec only works for about a day after a router reboot, then it stops all of a sudden with "phase1 negotation failed due to time up". There is no setting that can be changed to make it work again, only a reboot will fix it.

The situation improved slightly when upgrading to 6.37.1 but the issue still remains.

Does anyone have any solution that doesn't require rebooting the router?

For the record, standard non-L2TP IPsec tunnels work just fine, even when L2TP/IPsec stops working.
 
negge
newbie
Posts: 43
Joined: Fri Jul 10, 2009 11:05 am

Re: PPTP iOS10

Wed Oct 19, 2016 9:14 am

I tried two things now and rebooted the router, we'll see if it makes any difference:

1) disabled AES-256 CBC in the proposal. Most clients seem to chose this over AES-128.

2) limited the policy to match UDP port 1701 only instead of all ports on all protocols. Existing examples on how to set up L2TP/IPsec are kind of ambigious on this.
 
manbot
just joined
Posts: 24
Joined: Sun Mar 23, 2014 1:28 am
Location: Minsk, Belarus
Contact:

Re: PPTP iOS10

Wed Oct 19, 2016 11:23 pm

If both of them are behind NAT, this will happen. You need to make the tunnel on the router, instead of the client, or wait for new Kernel in RouterOS v7
1. I have Static IP
2. What kind of tunnel your talk about?...
 
negge
newbie
Posts: 43
Joined: Fri Jul 10, 2009 11:05 am

Re: PPTP iOS10

Thu Oct 20, 2016 11:19 am

The VPN setup stopped working again about 36 hours after the last reboot. However, I found the problem, and it's absolutely ridiculous.

Some device on our guest wireless network had created a UPnP NAT forwarding rule for UDP port 4500. This meant that NAT-T failed miserably and phase 1 could never be established. Once I removed the NAT rule, all clients were able to connect again.

I have to say, I've debuged a lot of IPsec issues through the years, but this one was a tough one to figure out.
 
User avatar
enggheisar
Trainer
Trainer
Posts: 20
Joined: Sun Mar 29, 2015 10:12 am
Location: Austin, TX
Contact:

Re: PPTP iOS10

Sat Oct 29, 2016 7:38 am

I have gor problem with mikrotik ip sec for Apple ios
the log :
Failed to get valid proposal
Failed to pre process ph1 packet(side :1,status : 1)
phase1 negotioation failed

what shall i do ?
 
kosztyua
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Wed Jul 06, 2011 8:00 pm

Re: PPTP iOS10

Wed Nov 09, 2016 2:17 pm

Hi,

I have tried to tackle the L2TP setup for a while but still no luck. Tried multiple configs, including that in this post. Each time I try to connect with IOS10, the log shows "tunnel xx received bad auth, response, stopping". The same config works with Android and Windows.

Current setup:
PPP L2TP with IPsec unchecked, for manual IPsec settings (tried using the checked too, for auto-created peer)
/interface l2tp-server server
set authentication=mschap2 default-profile=L2TP-default enabled=yes ipsec-secret=xxx \
keepalive-timeout=35

L2TP secret set
/ppp l2tp-secret
add secret=xxx

PEER
/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=aes-256,aes-192,aes-128,3des exchange-mode=main-l2tp \
generate-policy=port-override secret=xxx send-initial-contact=no

PROPOSAL
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des

Please advise.
 
craigreilly
newbie
Posts: 46
Joined: Mon Jan 26, 2015 7:04 pm

Re: PPTP iOS10

Fri Nov 11, 2016 11:52 pm

I can confirm I can not use iPhone to tether for connections to L2TP with ipSEC.
Once I turned off ipSEC on the client - the tether connection allowed the VPN.

I can not say wether or not iOS 10 VPN has issues with L2TP with ipSEC or not.

Apple is aware of the first issue and working on it.
 
akbarshah
just joined
Posts: 10
Joined: Mon Nov 23, 2015 1:10 pm

Re: PPTP iOS10

Sun Nov 13, 2016 4:19 pm

I followed each and every step, I am able to reach my Mikrotik router from my iPhone but not able to establish a L2TP/IPSec VPN connection. I checked the logs it continuously shows me the message: "first L2TP UDP packed received from 37.X.X.X" but doesn't go any further. I even tried some firewall rules for input UDP ports (500,1701,4500) and IPSec ESP and IPSec AH ports but still no able to establish my connection. Can someone help?
 
carnevale
just joined
Posts: 13
Joined: Wed Nov 16, 2016 8:59 pm

Re: PPTP iOS10

Sat Nov 19, 2016 3:16 am

I had a similar problem, and in my case was double NAT.

Now I have PPPOE directly from Mikrotik, and VPN is working Perfect.
 
jusvir
just joined
Posts: 3
Joined: Fri Feb 24, 2012 12:27 pm

Re: PPTP iOS10

Fri Nov 25, 2016 6:24 pm

I followed each and every step, I am able to reach my Mikrotik router from my iPhone but not able to establish a L2TP/IPSec VPN connection. I checked the logs it continuously shows me the message: "first L2TP UDP packed received from 37.X.X.X" but doesn't go any further. I even tried some firewall rules for input UDP ports (500,1701,4500) and IPSec ESP and IPSec AH ports but still no able to establish my connection. Can someone help?
I managed it work with IOS version 10.1.1 and Ros 6.37.2.
After upgrading ROS from 6.36.3 phase1 started to work and after upgrading iOS ph2 as well :) Just using setup mentioned here: L2TP server MTU&MRU 1460, keepalive 30s, mschap2, IPsec on (and of course the secret). IPSec peer was made automatically from L2TP server settings. Ipsec proposal lifetime 8 hours, sha1, AES-128 cbc + AES-256 cbc.
 
dbld
just joined
Posts: 10
Joined: Tue Dec 18, 2012 1:30 pm

Re: PPTP iOS10

Thu Dec 29, 2016 11:58 am

Using routerOS 6.37.3
IOS 10.2
macOS 10.11.6

RouterOS Configuration:
[dbld@OmeTik_RB] > /interface l2tp-server server print
            enabled: yes
            max-mtu: 1450
            max-mru: 1450
               mrru: disabled
     authentication: mschap2
  keepalive-timeout: 30
       max-sessions: unlimited
    default-profile: profile1
          use-ipsec: yes
       ipsec-secret: littleSecret
    allow-fast-path: no
[dbld@OmeTik_RB] > /ppp l2tp-secret print
 # ADDRESS            SECRET
 0 0.0.0.0/0          littleSecret
[dbld@OmeTik_RB] > /ip ipsec peer print
Flags: X - disabled, D - dynamic
 0  D address=::/0 local-address=:: passive=yes port=500 auth-method=pre-shared-key secret="littleSecret" generate-policy=port-strict policy-template-group=default exchange-mode=main-l2tp
      send-initial-contact=yes nat-traversal=yes hash-algorithm=sha1 enc-algorithm=aes-256,aes-192,aes-128,3des dh-group=modp1024 lifetime=1d dpd-interval=2m dpd-maximum-failures=5
[dbld@OmeTik_RB] > /ip ipsec proposal print
Flags: X - disabled, * - default
 0  * name="default" auth-algorithms=sha1 enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=30m pfs-group=none
Connecting from iOS client:
11:56:35 ipsec,debug IPSEC: received Vendor ID: RFC 3947
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
11:56:35 ipsec,debug IPSEC:
11:56:35 ipsec,debug IPSEC: received long Microsoft ID: FRAGMENTATION
11:56:35 ipsec,debug IPSEC: Fragmentation enabled
11:56:35 ipsec,debug IPSEC: received Vendor ID: DPD
11:56:35 ipsec,debug IPSEC: 192.168.41.66 Selected NAT-T version: RFC 3947
11:56:35 ipsec,debug IPSEC: sent phase1 packet 197.245.116.244[500]<=>192.168.41.66[500] 5fe6def008212694:78079577581ea5eb
11:56:35 ipsec,debug IPSEC: 197.245.116.244 Hashing 197.245.116.244[500] with algo #2
11:56:35 ipsec,debug IPSEC: NAT-D payload #0 verified
11:56:35 ipsec,debug IPSEC: 192.168.41.66 Hashing 192.168.41.66[500] with algo #2
11:56:35 ipsec,debug IPSEC: NAT-D payload #1 verified
11:56:35 ipsec,debug IPSEC: NAT not detected
11:56:35 ipsec,debug IPSEC: 192.168.41.66 Hashing 192.168.41.66[500] with algo #2
11:56:35 ipsec,debug IPSEC: 197.245.116.244 Hashing 197.245.116.244[500] with algo #2
11:56:35 ipsec,debug IPSEC: Adding remote and local NAT-D payloads.
11:56:35 ipsec,debug IPSEC: sent phase1 packet 197.245.116.244[500]<=>192.168.41.66[500] 5fe6def008212694:78079577581ea5eb
11:56:35 ipsec,debug IPSEC: 192.168.41.66 ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
11:56:35 ipsec,debug IPSEC: ISAKMP-SA established 197.245.116.244[500]-192.168.41.66[500] spi:5fe6def008212694:78079577581ea5eb
11:56:36 ipsec,debug IPSEC: respond new phase 2 negotiation: 197.245.116.244[500]<=>192.168.41.66[500]
11:56:36 ipsec,debug IPSEC: no policy found, try to generate the policy : 192.168.41.66/32[49970] 197.245.116.244/32[1701] proto=udp dir=in port_override=0
11:56:36 ipsec,debug IPSEC: pfkey GETSPI succeeded: ESP/Transport 192.168.41.66[500]->197.245.116.244[500] spi=190573445(0xb5beb85)
11:56:36 ipsec,debug IPSEC: sent phase2 packet 197.245.116.244[500]<=>192.168.41.66[500] 5fe6def008212694:78079577581ea5eb:980ba074
11:56:36 l2tp,info first L2TP UDP packet received from 192.168.41.66
11:56:36 l2tp,debug IPSEC: tunnel 12 entering state: wait-ctl-conn
11:56:36 l2tp,debug IPSEC: tunnel 12 received bad auth. response, stopping
11:56:36 l2tp,debug IPSEC: tunnel 12 entering state: stopping
11:56:36 l2tp,debug IPSEC: tunnel 12 received message in stopping state, dropping
11:56:36 ipsec,debug IPSEC: generated (transport=1) policy, deleting it.
11:56:36 ipsec,debug IPSEC: policy src address 192.168.41.66[49970] prefixlen=32 ul_proto=17
11:56:36 ipsec,debug IPSEC: policy dst address 197.245.116.244[1701] prefixlen=32 ul_proto=17
11:56:36 ipsec,debug IPSEC: pfkey spddelete(inbound) sent.
11:56:36 ipsec,debug IPSEC: pfkey spddelete(outbound) sent.
11:56:36 ipsec,debug IPSEC: purged IPsec-SA proto_id=ESP spi=194530484.
11:56:36 ipsec,debug IPSEC: purging ISAKMP-SA 197.245.116.244[500]<=>192.168.41.66[500] spi=5fe6def008212694:78079577581ea5eb.
11:56:36 ipsec,debug IPSEC: pfkey DELETE received: ESP 197.245.116.244[500]->192.168.41.66[500] spi=194530484(0xb984cb4)
11:56:36 ipsec,debug IPSEC: pfkey DELETE received: ESP 192.168.41.66[500]->197.245.116.244[500] spi=190573445(0xb5beb85)
11:56:36 l2tp,debug IPSEC: tunnel 12 entering state: dead
11:56:37 ipsec,debug IPSEC: ISAKMP-SA deleted 197.245.116.244[500]-192.168.41.66[500] spi:5fe6def008212694:78079577581ea5eb rekey:1
Connecting From macOS client
11:46:44 ipsec,debug IPSEC: received Vendor ID: RFC 3947
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
11:46:44 ipsec,debug IPSEC:
11:46:44 ipsec,debug IPSEC: received long Microsoft ID: FRAGMENTATION
11:46:44 ipsec,debug IPSEC: Fragmentation enabled
11:46:44 ipsec,debug IPSEC: received Vendor ID: DPD
11:46:44 ipsec,debug IPSEC: 192.168.41.103 Selected NAT-T version: RFC 3947
11:46:44 ipsec,debug IPSEC: sent phase1 packet 197.245.116.244[500]<=>192.168.41.103[500] 4f5e054061adcdab:f78d88f1c0ee68a8
11:46:44 ipsec,debug IPSEC: 197.245.116.244 Hashing 197.245.116.244[500] with algo #2
11:46:44 ipsec,debug IPSEC: NAT-D payload #0 verified
11:46:44 ipsec,debug IPSEC: 192.168.41.103 Hashing 192.168.41.103[500] with algo #2
11:46:44 ipsec,debug IPSEC: NAT-D payload #1 verified
11:46:44 ipsec,debug IPSEC: NAT not detected
11:46:44 ipsec,debug IPSEC: 192.168.41.103 Hashing 192.168.41.103[500] with algo #2
11:46:44 ipsec,debug IPSEC: 197.245.116.244 Hashing 197.245.116.244[500] with algo #2
11:46:44 ipsec,debug IPSEC: Adding remote and local NAT-D payloads.
11:46:44 ipsec,debug IPSEC: sent phase1 packet 197.245.116.244[500]<=>192.168.41.103[500] 4f5e054061adcdab:f78d88f1c0ee68a8
11:46:45 ipsec,debug IPSEC: 192.168.41.103 ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
11:46:45 ipsec,debug IPSEC: ISAKMP-SA established 197.245.116.244[500]-192.168.41.103[500] spi:4f5e054061adcdab:f78d88f1c0ee68a8
11:46:45 ipsec,debug IPSEC: respond new phase 2 negotiation: 197.245.116.244[500]<=>192.168.41.103[500]
11:46:45 ipsec,debug IPSEC: no policy found, try to generate the policy : 192.168.41.103/32[59985] 197.245.116.244/32[1701] proto=udp dir=in port_override=0
11:46:45 ipsec,debug IPSEC: pfkey GETSPI succeeded: ESP/Transport 192.168.41.103[500]->197.245.116.244[500] spi=243435729(0xe8288d1)
11:46:45 ipsec,debug IPSEC: sent phase2 packet 197.245.116.244[500]<=>192.168.41.103[500] 4f5e054061adcdab:f78d88f1c0ee68a8:edd456ab
11:46:45 l2tp,info first L2TP UDP packet received from 192.168.41.103
11:46:45 l2tp,debug IPSEC: tunnel 11 entering state: wait-ctl-conn
11:46:45 l2tp,debug IPSEC: tunnel 11 received bad auth. response, stopping
11:46:45 l2tp,debug IPSEC: tunnel 11 entering state: stopping
11:46:45 l2tp,debug IPSEC: tunnel 11 received message in stopping state, dropping
11:46:45 ipsec,debug IPSEC: generated (transport=1) policy, deleting it.
11:46:45 ipsec,debug IPSEC: policy src address 192.168.41.103[59985] prefixlen=32 ul_proto=17
11:46:45 ipsec,debug IPSEC: policy dst address 197.245.116.244[1701] prefixlen=32 ul_proto=17
11:46:45 ipsec,debug IPSEC: pfkey spddelete(inbound) sent.
11:46:45 ipsec,debug IPSEC: pfkey spddelete(outbound) sent.
11:46:45 ipsec,debug IPSEC: purged IPsec-SA proto_id=ESP spi=197310192.
11:46:45 ipsec,debug IPSEC: purging ISAKMP-SA 197.245.116.244[500]<=>192.168.41.103[500] spi=4f5e054061adcdab:f78d88f1c0ee68a8.
11:46:45 ipsec,debug IPSEC: pfkey DELETE received: ESP 197.245.116.244[500]->192.168.41.103[500] spi=197310192(0xbc2b6f0)
11:46:45 ipsec,debug IPSEC: pfkey DELETE received: ESP 192.168.41.103[500]->197.245.116.244[500] spi=243435729(0xe8288d1)
11:46:46 l2tp,debug IPSEC: tunnel 11 entering state: dead
11:46:46 ipsec,debug IPSEC: ISAKMP-SA deleted 197.245.116.244[500]-192.168.41.103[500] spi:4f5e054061adcdab:f78d88f1c0ee68a8 rekey:1
 
dbld
just joined
Posts: 10
Joined: Tue Dec 18, 2012 1:30 pm

Re: PPTP iOS10

Thu Jan 19, 2017 2:03 pm

still not able to get this right.... anyone ideas ?
Using routerOS 6.37.3
IOS 10.2
macOS 10.11.6

RouterOS Configuration:
[dbld@OmeTik_RB] > /interface l2tp-server server print
            enabled: yes
            max-mtu: 1450
            max-mru: 1450
               mrru: disabled
     authentication: mschap2
  keepalive-timeout: 30
       max-sessions: unlimited
    default-profile: profile1
          use-ipsec: yes
       ipsec-secret: littleSecret
    allow-fast-path: no
[dbld@OmeTik_RB] > /ppp l2tp-secret print
 # ADDRESS            SECRET
 0 0.0.0.0/0          littleSecret
[dbld@OmeTik_RB] > /ip ipsec peer print
Flags: X - disabled, D - dynamic
 0  D address=::/0 local-address=:: passive=yes port=500 auth-method=pre-shared-key secret="littleSecret" generate-policy=port-strict policy-template-group=default exchange-mode=main-l2tp
      send-initial-contact=yes nat-traversal=yes hash-algorithm=sha1 enc-algorithm=aes-256,aes-192,aes-128,3des dh-group=modp1024 lifetime=1d dpd-interval=2m dpd-maximum-failures=5
[dbld@OmeTik_RB] > /ip ipsec proposal print
Flags: X - disabled, * - default
 0  * name="default" auth-algorithms=sha1 enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=30m pfs-group=none
Connecting from iOS client:
11:56:35 ipsec,debug IPSEC: received Vendor ID: RFC 3947
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
11:56:35 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
11:56:35 ipsec,debug IPSEC:
11:56:35 ipsec,debug IPSEC: received long Microsoft ID: FRAGMENTATION
11:56:35 ipsec,debug IPSEC: Fragmentation enabled
11:56:35 ipsec,debug IPSEC: received Vendor ID: DPD
11:56:35 ipsec,debug IPSEC: 192.168.41.66 Selected NAT-T version: RFC 3947
11:56:35 ipsec,debug IPSEC: sent phase1 packet 197.245.116.244[500]<=>192.168.41.66[500] 5fe6def008212694:78079577581ea5eb
11:56:35 ipsec,debug IPSEC: 197.245.116.244 Hashing 197.245.116.244[500] with algo #2
11:56:35 ipsec,debug IPSEC: NAT-D payload #0 verified
11:56:35 ipsec,debug IPSEC: 192.168.41.66 Hashing 192.168.41.66[500] with algo #2
11:56:35 ipsec,debug IPSEC: NAT-D payload #1 verified
11:56:35 ipsec,debug IPSEC: NAT not detected
11:56:35 ipsec,debug IPSEC: 192.168.41.66 Hashing 192.168.41.66[500] with algo #2
11:56:35 ipsec,debug IPSEC: 197.245.116.244 Hashing 197.245.116.244[500] with algo #2
11:56:35 ipsec,debug IPSEC: Adding remote and local NAT-D payloads.
11:56:35 ipsec,debug IPSEC: sent phase1 packet 197.245.116.244[500]<=>192.168.41.66[500] 5fe6def008212694:78079577581ea5eb
11:56:35 ipsec,debug IPSEC: 192.168.41.66 ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
11:56:35 ipsec,debug IPSEC: ISAKMP-SA established 197.245.116.244[500]-192.168.41.66[500] spi:5fe6def008212694:78079577581ea5eb
11:56:36 ipsec,debug IPSEC: respond new phase 2 negotiation: 197.245.116.244[500]<=>192.168.41.66[500]
11:56:36 ipsec,debug IPSEC: no policy found, try to generate the policy : 192.168.41.66/32[49970] 197.245.116.244/32[1701] proto=udp dir=in port_override=0
11:56:36 ipsec,debug IPSEC: pfkey GETSPI succeeded: ESP/Transport 192.168.41.66[500]->197.245.116.244[500] spi=190573445(0xb5beb85)
11:56:36 ipsec,debug IPSEC: sent phase2 packet 197.245.116.244[500]<=>192.168.41.66[500] 5fe6def008212694:78079577581ea5eb:980ba074
11:56:36 l2tp,info first L2TP UDP packet received from 192.168.41.66
11:56:36 l2tp,debug IPSEC: tunnel 12 entering state: wait-ctl-conn
11:56:36 l2tp,debug IPSEC: tunnel 12 received bad auth. response, stopping
11:56:36 l2tp,debug IPSEC: tunnel 12 entering state: stopping
11:56:36 l2tp,debug IPSEC: tunnel 12 received message in stopping state, dropping
11:56:36 ipsec,debug IPSEC: generated (transport=1) policy, deleting it.
11:56:36 ipsec,debug IPSEC: policy src address 192.168.41.66[49970] prefixlen=32 ul_proto=17
11:56:36 ipsec,debug IPSEC: policy dst address 197.245.116.244[1701] prefixlen=32 ul_proto=17
11:56:36 ipsec,debug IPSEC: pfkey spddelete(inbound) sent.
11:56:36 ipsec,debug IPSEC: pfkey spddelete(outbound) sent.
11:56:36 ipsec,debug IPSEC: purged IPsec-SA proto_id=ESP spi=194530484.
11:56:36 ipsec,debug IPSEC: purging ISAKMP-SA 197.245.116.244[500]<=>192.168.41.66[500] spi=5fe6def008212694:78079577581ea5eb.
11:56:36 ipsec,debug IPSEC: pfkey DELETE received: ESP 197.245.116.244[500]->192.168.41.66[500] spi=194530484(0xb984cb4)
11:56:36 ipsec,debug IPSEC: pfkey DELETE received: ESP 192.168.41.66[500]->197.245.116.244[500] spi=190573445(0xb5beb85)
11:56:36 l2tp,debug IPSEC: tunnel 12 entering state: dead
11:56:37 ipsec,debug IPSEC: ISAKMP-SA deleted 197.245.116.244[500]-192.168.41.66[500] spi:5fe6def008212694:78079577581ea5eb rekey:1
Connecting From macOS client
11:46:44 ipsec,debug IPSEC: received Vendor ID: RFC 3947
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-08
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-07
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-06
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-05
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-04
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
11:46:44 ipsec,debug IPSEC: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
11:46:44 ipsec,debug IPSEC:
11:46:44 ipsec,debug IPSEC: received long Microsoft ID: FRAGMENTATION
11:46:44 ipsec,debug IPSEC: Fragmentation enabled
11:46:44 ipsec,debug IPSEC: received Vendor ID: DPD
11:46:44 ipsec,debug IPSEC: 192.168.41.103 Selected NAT-T version: RFC 3947
11:46:44 ipsec,debug IPSEC: sent phase1 packet 197.245.116.244[500]<=>192.168.41.103[500] 4f5e054061adcdab:f78d88f1c0ee68a8
11:46:44 ipsec,debug IPSEC: 197.245.116.244 Hashing 197.245.116.244[500] with algo #2
11:46:44 ipsec,debug IPSEC: NAT-D payload #0 verified
11:46:44 ipsec,debug IPSEC: 192.168.41.103 Hashing 192.168.41.103[500] with algo #2
11:46:44 ipsec,debug IPSEC: NAT-D payload #1 verified
11:46:44 ipsec,debug IPSEC: NAT not detected
11:46:44 ipsec,debug IPSEC: 192.168.41.103 Hashing 192.168.41.103[500] with algo #2
11:46:44 ipsec,debug IPSEC: 197.245.116.244 Hashing 197.245.116.244[500] with algo #2
11:46:44 ipsec,debug IPSEC: Adding remote and local NAT-D payloads.
11:46:44 ipsec,debug IPSEC: sent phase1 packet 197.245.116.244[500]<=>192.168.41.103[500] 4f5e054061adcdab:f78d88f1c0ee68a8
11:46:45 ipsec,debug IPSEC: 192.168.41.103 ignore INITIAL-CONTACT notification, because it is only accepted after phase1.
11:46:45 ipsec,debug IPSEC: ISAKMP-SA established 197.245.116.244[500]-192.168.41.103[500] spi:4f5e054061adcdab:f78d88f1c0ee68a8
11:46:45 ipsec,debug IPSEC: respond new phase 2 negotiation: 197.245.116.244[500]<=>192.168.41.103[500]
11:46:45 ipsec,debug IPSEC: no policy found, try to generate the policy : 192.168.41.103/32[59985] 197.245.116.244/32[1701] proto=udp dir=in port_override=0
11:46:45 ipsec,debug IPSEC: pfkey GETSPI succeeded: ESP/Transport 192.168.41.103[500]->197.245.116.244[500] spi=243435729(0xe8288d1)
11:46:45 ipsec,debug IPSEC: sent phase2 packet 197.245.116.244[500]<=>192.168.41.103[500] 4f5e054061adcdab:f78d88f1c0ee68a8:edd456ab
11:46:45 l2tp,info first L2TP UDP packet received from 192.168.41.103
11:46:45 l2tp,debug IPSEC: tunnel 11 entering state: wait-ctl-conn
11:46:45 l2tp,debug IPSEC: tunnel 11 received bad auth. response, stopping
11:46:45 l2tp,debug IPSEC: tunnel 11 entering state: stopping
11:46:45 l2tp,debug IPSEC: tunnel 11 received message in stopping state, dropping
11:46:45 ipsec,debug IPSEC: generated (transport=1) policy, deleting it.
11:46:45 ipsec,debug IPSEC: policy src address 192.168.41.103[59985] prefixlen=32 ul_proto=17
11:46:45 ipsec,debug IPSEC: policy dst address 197.245.116.244[1701] prefixlen=32 ul_proto=17
11:46:45 ipsec,debug IPSEC: pfkey spddelete(inbound) sent.
11:46:45 ipsec,debug IPSEC: pfkey spddelete(outbound) sent.
11:46:45 ipsec,debug IPSEC: purged IPsec-SA proto_id=ESP spi=197310192.
11:46:45 ipsec,debug IPSEC: purging ISAKMP-SA 197.245.116.244[500]<=>192.168.41.103[500] spi=4f5e054061adcdab:f78d88f1c0ee68a8.
11:46:45 ipsec,debug IPSEC: pfkey DELETE received: ESP 197.245.116.244[500]->192.168.41.103[500] spi=197310192(0xbc2b6f0)
11:46:45 ipsec,debug IPSEC: pfkey DELETE received: ESP 192.168.41.103[500]->197.245.116.244[500] spi=243435729(0xe8288d1)
11:46:46 l2tp,debug IPSEC: tunnel 11 entering state: dead
11:46:46 ipsec,debug IPSEC: ISAKMP-SA deleted 197.245.116.244[500]-192.168.41.103[500] spi:4f5e054061adcdab:f78d88f1c0ee68a8 rekey:1
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7198
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: PPTP iOS10

Thu Jan 19, 2017 2:06 pm

Do not set this
[dbld@OmeTik_RB] > /ppp l2tp-secret print
# ADDRESS SECRET
0 0.0.0.0/0 littleSecret


This configuration part is not applicable to L2TP/Ipsec setups.
 
dbld
just joined
Posts: 10
Joined: Tue Dec 18, 2012 1:30 pm

Re: PPTP iOS10

Thu Jan 19, 2017 2:38 pm

thx for the response @mrz

removed, but still can't connect.

log:
Image
https://d.pr/ZYhJ
Do not set this
[dbld@OmeTik_RB] > /ppp l2tp-secret print
# ADDRESS SECRET
0 0.0.0.0/0 littleSecret


This configuration part is not applicable to L2TP/Ipsec setups.
Last edited by dbld on Thu Jan 19, 2017 2:44 pm, edited 1 time in total.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7198
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: PPTP iOS10

Thu Jan 19, 2017 2:43 pm

Probably you have also tried to use l2tp secret in ios configuration, or other ios misconfiguration.
 
dbld
just joined
Posts: 10
Joined: Tue Dec 18, 2012 1:30 pm

Re: PPTP iOS10

Thu Jan 19, 2017 3:06 pm

corrcted client configuraiton to use ppp secret in user authantication password

still same.
Probably you have also tried to use l2tp secret in ios configuration, or other ios misconfiguration.
 
simogere
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Fri May 24, 2013 11:54 am

Re: PPTP iOS10

Tue May 02, 2017 6:52 pm

Actually L2TP+IPsec configuration is not too difficult.

1) Enable L2TP server,
/interface l2tp-server server
set authentication=mschap2 enabled=yes
2) Configure PPP profile,
/ppp profile
add change-tcp-mss=yes local-address=192.168.17.1 name=ipsec+L2TP remote-address=ipsec-pool use-encryption=yes
/ip pool
add name=ipsec-pool ranges=192.168.17.2-192.168.17.254
3) Create PPP secret,
/ppp secret
add name=sergejs password="routeros" profile=ipsec+L2TP service=l2tp
4) Add static PPP interface to manage firewall easily.
/interface l2tp-server add name=l_sergejs user=sergejs
The same configuration you have used for PPTP previously. Additional configuration that is required.

Create IPSec configuration:
1) setup
/ip ipsec policy group
add name=ipsec+l2tp
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-128-cbc,3des
I configure ip ipsec peer, as default algorithms does not work too good with all OS (that you configure on L2TP server IPSec configuration).
/ip ipsec peer
add address=0.0.0.0/0 enc-algorithm=aes-256,aes-192,aes-128 generate-policy=\
    port-strict secret=MikroTiKRouterOS
/ip ipsec policy
add dst-address=0.0.0.0/0 protocol=udp src-address=0.0.0.0/0 template=yes
On MACOS I configure L2TPoverIPSec.
1) user authentication password is from /ppp secret
2) machine authentication shared secret is from /ip ipsec peer.

P.S. The particular configuration works for MAC OS Sierra/Captain, IOS 10, Windows 8 and 10.
Hi @sergejs, for Windows 10 it seems it doesn't works. I had to add 3des encryption algorithm in peer configuration.

Why did you set up the "ipsec+l2tp" group?

And it seems the policy doesn't match anyting: even if the vpn is up, the policy is never Active.

Thanks in advance, Simone.