Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

L2TP & IPSEC with Windows 10

Locked
 
Term
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Thu Jan 11, 2018 11:42 pm

L2TP & IPSEC with Windows 10

Thu May 31, 2018 9:54 pm

Hello,
have VPN in my mikrotik. Worked perfect. Some days ago my ISP changed ONT mode from bridge to Route mode so I enabled DMZ in ONT to my Mikrotik.
Problem is VPN doesn't work. If I'm connecting from apple devices (iPhone, iPad, MacBook Pro) it works fine but if I want to connect from Windows 10 laptop, it doesn't work. In that time windows got some bigger update, maybe this is a problem.

Any fix please?
ONT: 192.168.1.1
Mikrotik: 192.168.1.6
IP Pool in Mikrotik: 10.31.0.100-10.31.0.20

Followed this guide to create VPN: https://saputra.ch/setup-mikrotik-as-l2 ... pn-server/

Thank you so much.
Code: Select all
This is IPSEC log when I'm trying to connect from WIN10
# may/31/2018 20:50:20 by RouterOS 6.42.3
# software id = ZKE3-331Q
#
20:49:24 ipsec,debug,packet 931b5329 967accc7 9e2766b8 24ef9915 379af617 6399d08c a93dc4ad 81924b47 
20:49:24 ipsec,debug,packet c5e97e92 a3ffb800 458b7bdb 
20:49:24 ipsec,debug receive Information. 
20:49:24 ipsec,debug compute IV for phase2 
20:49:24 ipsec,debug phase1 last IV: 
20:49:24 ipsec,debug 79a632f9 2f84b13d b3445ad7 
20:49:24 ipsec,debug hash(sha1) 
20:49:24 ipsec,debug encryption(3des) 
20:49:24 ipsec,debug phase2 IV computed: 
20:49:24 ipsec,debug e373b736 2d49c57f 
20:49:24 ipsec,debug encryption(3des) 
20:49:24 ipsec,debug IV was saved for next processing: 
20:49:24 ipsec,debug a3ffb800 458b7bdb 
20:49:24 ipsec,debug encryption(3des) 
20:49:24 ipsec,debug with key: 
20:49:24 ipsec,debug 51f7282d 49196f28 3abba3b5 ad526b2c 542c9d04 520544cc 
20:49:24 ipsec,debug decrypted payload by IV: 
20:49:24 ipsec,debug e373b736 2d49c57f 
20:49:24 ipsec,debug decrypted payload, but not trimed. 
20:49:24 ipsec,debug 0c000018 f308ff80 c3fa9679 cb9c2012 a2754316 eb0bb8c0 00000010 00000001 
20:49:24 ipsec,debug 03040001 267422f2 00000000 00000000 
20:49:24 ipsec,debug padding len=1 
20:49:24 ipsec,debug skip to trim padding. 
20:49:24 ipsec,debug decrypted. 
20:49:24 ipsec,debug 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08100501 b3445ad7 0000004c 0c000018 
20:49:24 ipsec,debug f308ff80 c3fa9679 cb9c2012 a2754316 eb0bb8c0 00000010 00000001 03040001 
20:49:24 ipsec,debug 267422f2 00000000 00000000 
20:49:24 ipsec,debug HASH with: 
20:49:24 ipsec,debug b3445ad7 00000010 00000001 03040001 267422f2 
20:49:24 ipsec,debug hmac(hmac_sha1) 
20:49:24 ipsec,debug HASH computed: 
20:49:24 ipsec,debug f308ff80 c3fa9679 cb9c2012 a2754316 eb0bb8c0 
20:49:24 ipsec,debug hash validated. 
20:49:24 ipsec,debug begin. 
20:49:24 ipsec,debug seen nptype=8(hash) len=24 
20:49:24 ipsec,debug seen nptype=12(delete) len=16 
20:49:24 ipsec,debug succeed. 
20:49:24 ipsec,debug xxx.xxx.xxx.xxx delete payload for protocol ESP 
20:49:24 ipsec purged IPsec-SA proto_id=ESP spi=0x267422f2 
20:49:24 ipsec purged IPsec-SA proto_id=ESP spi=0x4a9aef2 
20:49:24 ipsec,debug an undead schedule has been deleted. 
20:49:24 ipsec,debug purged SAs. 
20:49:32 ipsec,debug ===== received 436 bytes from xxx.xxx.xxx.xxx[26225] to 192.168.1.6[4500] 
20:49:32 ipsec,debug,packet 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08102001 00000005 000001b4 6ede902f 
20:49:32 ipsec,debug,packet 66f0c502 91ced667 ece9ae32 e1fba2cf 00a98c28 e545c817 07760523 370e56dd 
20:49:32 ipsec,debug,packet 8fa11ecb 9f55961f e1de7c34 56df50b1 49f58322 c41bf791 e3e3b748 c20014c7 
20:49:32 ipsec,debug,packet c179913e 87b73165 545c19ea 3555c513 8e7f29c0 dfbbfe8e e1215ac4 10154e13 
20:49:32 ipsec,debug,packet 875b5930 a59afae3 d07eba1b 1a071eea b6daec43 ba9d5abe 963eea60 269b418e 
20:49:32 ipsec,debug,packet c136b6e3 21003396 bdf43836 f1a4d276 6c842b56 b57b868c 61c0d821 e1e37726 
20:49:32 ipsec,debug,packet 55375a7a a0de1729 4f87ae84 b7b4b438 a24db271 f48f6743 94e0a8f3 e15a8d34 
20:49:32 ipsec,debug,packet f9c88005 516ab80d 0771a1e0 5997e189 8d68a04d d8300ea9 7d07df87 db5949d9 
20:49:32 ipsec,debug,packet 6afb9ed3 7a78910d 9b2c2906 9a6f4207 e5d3ef0e 34f41299 10d107a7 b8aae26f 
20:49:32 ipsec,debug,packet 117f1fb7 45ffcdc3 30a192a9 77073112 5435d018 5c83957c 4eb4b0f2 f25e711e 
20:49:32 ipsec,debug,packet 164b0d8f 28c9fdb9 a4b8d334 6e89ff94 8b27b1e9 5c34b618 0581c15c bfb73726 
20:49:32 ipsec,debug,packet 31bda7fe 216f17c8 b338894e b5149f20 6febce87 d1126571 7b211610 b8aebf7c 
20:49:32 ipsec,debug,packet 054cc75f 2e7fb333 802eb220 3d994313 502f2f94 c7774968 d5f1cf8b 17dfb441 
20:49:32 ipsec,debug,packet 4cf30349 ceead674 4b9c955d 632f0316 6503078f 
20:49:32 ipsec,debug compute IV for phase2 
20:49:32 ipsec,debug phase1 last IV: 
20:49:32 ipsec,debug 79a632f9 2f84b13d 00000005 
20:49:32 ipsec,debug hash(sha1) 
20:49:32 ipsec,debug encryption(3des) 
20:49:32 ipsec,debug phase2 IV computed: 
20:49:32 ipsec,debug 7d4f6483 ab6f6b3d 
20:49:32 ipsec,debug === 
20:49:32 ipsec respond new phase 2 negotiation: 192.168.1.6[4500]<=>xxx.xxx.xxx.xxx[26225] 
20:49:32 ipsec,debug encryption(3des) 
20:49:32 ipsec,debug IV was saved for next processing: 
20:49:32 ipsec,debug 632f0316 6503078f 
20:49:32 ipsec,debug encryption(3des) 
20:49:32 ipsec,debug with key: 
20:49:32 ipsec,debug 51f7282d 49196f28 3abba3b5 ad526b2c 542c9d04 520544cc 
20:49:32 ipsec,debug decrypted payload by IV: 
20:49:32 ipsec,debug 7d4f6483 ab6f6b3d 
20:49:32 ipsec,debug decrypted payload, but not trimed. 
20:49:32 ipsec,debug 01000018 ef763500 15b74393 3c689a0b ae59cfb5 7d57c6fc 0a000118 00000001 
20:49:32 ipsec,debug 00000001 02000038 01030401 9ba10732 0000002c 010c0000 80040004 80060100 
20:49:32 ipsec,debug 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 02000038 
20:49:32 ipsec,debug 02030401 9ba10732 0000002c 010c0000 80040004 80060080 80050002 80010001 
20:49:32 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090 02000034 03030401 9ba10732 
20:49:32 ipsec,debug 00000028 01030000 80040004 80050002 80010001 00020004 00000e10 80010002 
20:49:32 ipsec,debug 00020004 0003d090 02000034 04030401 9ba10732 00000028 01020000 80040004 
20:49:32 ipsec,debug 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 00000034 
20:49:32 ipsec,debug 05030401 9ba10732 00000028 010b0000 80040004 80050002 80010001 00020004 
20:49:32 ipsec,debug 00000e10 80010002 00020004 0003d090 05000034 ef55b1a1 3e439de4 cff04bfe 
20:49:32 ipsec,debug ffd7c852 04ffdf65 6760daeb 37c9c8d3 dc5f88df c25b304a d9e50425 0ded45c8 
20:49:32 ipsec,debug e9df9512 0500000c 011106a5 ac140a02 1500000c 011106a5 5f673344 1500000c 
20:49:32 ipsec,debug 01000000 ac140a02 0000000c 01000000 5f673344 00000000 
20:49:32 ipsec,debug padding len=1 
20:49:32 ipsec,debug skip to trim padding. 
20:49:32 ipsec,debug decrypted. 
20:49:32 ipsec,debug 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08102001 00000005 000001b4 01000018 
20:49:32 ipsec,debug ef763500 15b74393 3c689a0b ae59cfb5 7d57c6fc 0a000118 00000001 00000001 
20:49:32 ipsec,debug 02000038 01030401 9ba10732 0000002c 010c0000 80040004 80060100 80050002 
20:49:32 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 02000038 02030401 
20:49:32 ipsec,debug 9ba10732 0000002c 010c0000 80040004 80060080 80050002 80010001 00020004 
20:49:32 ipsec,debug 00000e10 80010002 00020004 0003d090 02000034 03030401 9ba10732 00000028 
20:49:32 ipsec,debug 01030000 80040004 80050002 80010001 00020004 00000e10 80010002 00020004 
20:49:32 ipsec,debug 0003d090 02000034 04030401 9ba10732 00000028 01020000 80040004 80050002 
20:49:32 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 00000034 05030401 
20:49:32 ipsec,debug 9ba10732 00000028 010b0000 80040004 80050002 80010001 00020004 00000e10 
20:49:32 ipsec,debug 80010002 00020004 0003d090 05000034 ef55b1a1 3e439de4 cff04bfe ffd7c852 
20:49:32 ipsec,debug 04ffdf65 6760daeb 37c9c8d3 dc5f88df c25b304a d9e50425 0ded45c8 e9df9512 
20:49:32 ipsec,debug 0500000c 011106a5 ac140a02 1500000c 011106a5 5f673344 1500000c 01000000 
20:49:32 ipsec,debug ac140a02 0000000c 01000000 5f673344 00000000 
20:49:32 ipsec,debug begin. 
20:49:32 ipsec,debug seen nptype=8(hash) len=24 
20:49:32 ipsec,debug seen nptype=1(sa) len=280 
20:49:32 ipsec,debug seen nptype=10(nonce) len=52 
20:49:32 ipsec,debug seen nptype=5(id) len=12 
20:49:32 ipsec,debug seen nptype=5(id) len=12 
20:49:32 ipsec,debug seen nptype=21(nat-oa) len=12 
20:49:32 ipsec,debug seen nptype=21(nat-oa) len=12 
20:49:32 ipsec,debug succeed. 
20:49:32 ipsec,debug received IDci2: 
20:49:32 ipsec,debug 011106a5 ac140a02 
20:49:32 ipsec,debug received IDcr2: 
20:49:32 ipsec,debug 011106a5 5f673344 
20:49:32 ipsec,debug HASH(1) validate: 
20:49:32 ipsec,debug ef763500 15b74393 3c689a0b ae59cfb5 7d57c6fc 
20:49:32 ipsec,debug HASH with: 
20:49:32 ipsec,debug 00000005 0a000118 00000001 00000001 02000038 01030401 9ba10732 0000002c 
20:49:32 ipsec,debug 010c0000 80040004 80060100 80050002 80010001 00020004 00000e10 80010002 
20:49:32 ipsec,debug 00020004 0003d090 02000038 02030401 9ba10732 0000002c 010c0000 80040004 
20:49:32 ipsec,debug 80060080 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 
20:49:32 ipsec,debug 02000034 03030401 9ba10732 00000028 01030000 80040004 80050002 80010001 
20:49:32 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090 02000034 04030401 9ba10732 
20:49:32 ipsec,debug 00000028 01020000 80040004 80050002 80010001 00020004 00000e10 80010002 
20:49:32 ipsec,debug 00020004 0003d090 00000034 05030401 9ba10732 00000028 010b0000 80040004 
20:49:32 ipsec,debug 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 05000034 
20:49:32 ipsec,debug ef55b1a1 3e439de4 cff04bfe ffd7c852 04ffdf65 6760daeb 37c9c8d3 dc5f88df 
20:49:32 ipsec,debug c25b304a d9e50425 0ded45c8 e9df9512 0500000c 011106a5 ac140a02 1500000c 
20:49:32 ipsec,debug 011106a5 5f673344 1500000c 01000000 ac140a02 0000000c 01000000 5f673344 
20:49:32 ipsec,debug hmac(hmac_sha1) 
20:49:32 ipsec,debug HASH computed: 
20:49:32 ipsec,debug ef763500 15b74393 3c689a0b ae59cfb5 7d57c6fc 
20:49:32 ipsec,debug total SA len=276 
20:49:32 ipsec,debug 00000001 00000001 02000038 01030401 9ba10732 0000002c 010c0000 80040004 
20:49:32 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 
20:49:32 ipsec,debug 02000038 02030401 9ba10732 0000002c 010c0000 80040004 80060080 80050002 
20:49:32 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 02000034 03030401 
20:49:32 ipsec,debug 9ba10732 00000028 01030000 80040004 80050002 80010001 00020004 00000e10 
20:49:32 ipsec,debug 80010002 00020004 0003d090 02000034 04030401 9ba10732 00000028 01020000 
20:49:32 ipsec,debug 80040004 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 
20:49:32 ipsec,debug 00000034 05030401 9ba10732 00000028 010b0000 80040004 80050002 80010001 
20:49:32 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090 
20:49:32 ipsec,debug begin. 
20:49:32 ipsec,debug seen nptype=2(prop) len=56 
20:49:32 ipsec,debug seen nptype=2(prop) len=56 
20:49:32 ipsec,debug seen nptype=2(prop) len=52 
20:49:32 ipsec,debug seen nptype=2(prop) len=52 
20:49:32 ipsec,debug seen nptype=2(prop) len=52 
20:49:32 ipsec,debug succeed. 
20:49:32 ipsec,debug proposal #1 len=56 
20:49:32 ipsec,debug begin. 
20:49:32 ipsec,debug seen nptype=3(trns) len=44 
20:49:32 ipsec,debug succeed. 
20:49:32 ipsec,debug transform #1 len=44 
20:49:32 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:32 ipsec,debug UDP encapsulation requested 
20:49:32 ipsec,debug type=Key Length, flag=0x8000, lorv=256 
20:49:32 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug proposal #2 len=56 
20:49:32 ipsec,debug begin. 
20:49:32 ipsec,debug seen nptype=3(trns) len=44 
20:49:32 ipsec,debug succeed. 
20:49:32 ipsec,debug transform #1 len=44 
20:49:32 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:32 ipsec,debug UDP encapsulation requested 
20:49:32 ipsec,debug type=Key Length, flag=0x8000, lorv=128 
20:49:32 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug proposal #3 len=52 
20:49:32 ipsec,debug begin. 
20:49:32 ipsec,debug seen nptype=3(trns) len=40 
20:49:32 ipsec,debug succeed. 
20:49:32 ipsec,debug transform #1 len=40 
20:49:32 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:32 ipsec,debug UDP encapsulation requested 
20:49:32 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug proposal #4 len=52 
20:49:32 ipsec,debug begin. 
20:49:32 ipsec,debug seen nptype=3(trns) len=40 
20:49:32 ipsec,debug succeed. 
20:49:32 ipsec,debug transform #1 len=40 
20:49:32 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:32 ipsec,debug UDP encapsulation requested 
20:49:32 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug proposal #5 len=52 
20:49:32 ipsec,debug begin. 
20:49:32 ipsec,debug seen nptype=3(trns) len=40 
20:49:32 ipsec,debug succeed. 
20:49:32 ipsec,debug transform #1 len=40 
20:49:32 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:32 ipsec,debug UDP encapsulation requested 
20:49:32 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug pair 1: 
20:49:32 ipsec,debug  0x48e860: next=(nil) tnext=(nil) 
20:49:32 ipsec,debug proposal #1: 1 transform 
20:49:32 ipsec,debug pair 2: 
20:49:32 ipsec,debug  0x48dfa0: next=(nil) tnext=(nil) 
20:49:32 ipsec,debug proposal #2: 1 transform 
20:49:32 ipsec,debug pair 3: 
20:49:32 ipsec,debug  0x48b908: next=(nil) tnext=(nil) 
20:49:32 ipsec,debug proposal #3: 1 transform 
20:49:32 ipsec,debug pair 4: 
20:49:32 ipsec,debug  0x48eb28: next=(nil) tnext=(nil) 
20:49:32 ipsec,debug proposal #4: 1 transform 
20:49:32 ipsec,debug pair 5: 
20:49:32 ipsec,debug  0x48e878: next=(nil) tnext=(nil) 
20:49:32 ipsec,debug proposal #5: 1 transform 
20:49:32 ipsec,debug got the local address from ID payload xxx.xxx.xxx.xxx[1701] prefixlen=32 ul_proto=17 
20:49:32 ipsec,debug got the peer address from ID payload 172.20.10.2[1701] prefixlen=32 ul_proto=17 
20:49:32 ipsec,debug updating policy address because of NAT in transport mode 
20:49:32 ipsec,debug new local address 192.168.1.6[1701] 
20:49:32 ipsec,debug new peer address xxx.xxx.xxx.xxx[1701] 
20:49:32 ipsec searching for policy for selector: 192.168.1.6:1701 ip-proto:17 <=> xxx.xxx.xxx.xxx:1701 ip-proto:17 
20:49:32 ipsec recorded wild match: 192.168.1.6 <=> xxx.xxx.xxx.xxx ip-proto:17 
20:49:32 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=4:4) 
20:49:32 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1) 
20:49:32 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1) 
20:49:32 ipsec,debug begin compare proposals. 
20:49:32 ipsec,debug pair[1]: 0x48e860 
20:49:32 ipsec,debug  0x48e860: next=(nil) tnext=(nil) 
20:49:32 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC 
20:49:32 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:32 ipsec,debug type=Key Length, flag=0x8000, lorv=256 
20:49:32 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug peer's single bundle: 
20:49:32 ipsec,debug  (proto_id=ESP spisize=4 spi=9ba10732 spi_p=00000000 encmode=UDP-Transport reqid=0:0) 
20:49:32 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1) 
20:49:32 ipsec,debug my single bundle: 
20:49:32 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=4:4) 
20:49:32 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1) 
20:49:32 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1) 
20:49:32 ipsec Adjusting my encmode UDP-Transport->Transport 
20:49:32 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2) 
20:49:32 ipsec key length mismatched, mine:128 peer:256. 
20:49:32 ipsec trns_id mismatched: my:3DES peer:AES-CBC 
20:49:32 ipsec,debug not matched 
20:49:32 ipsec,debug pair[2]: 0x48dfa0 
20:49:32 ipsec,debug  0x48dfa0: next=(nil) tnext=(nil) 
20:49:32 ipsec,debug prop#=2 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC 
20:49:32 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:32 ipsec,debug type=Key Length, flag=0x8000, lorv=128 
20:49:32 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug peer's single bundle: 
20:49:32 ipsec,debug  (proto_id=ESP spisize=4 spi=9ba10732 spi_p=00000000 encmode=UDP-Transport reqid=0:0) 
20:49:32 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1) 
20:49:32 ipsec,debug my single bundle: 
20:49:32 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=4:4) 
20:49:32 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1) 
20:49:32 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1) 
20:49:32 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2) 
20:49:32 ipsec,debug matched 
20:49:32 ipsec,debug === 
20:49:32 ipsec,debug call pfkey_send_getspi 12 
20:49:32 ipsec,debug pfkey GETSPI sent: ESP/Transport xxx.xxx.xxx.xxx[26225]->192.168.1.6[4500]  
20:49:32 ipsec,debug pfkey getspi sent. 
20:49:32 ipsec,debug total SA len=64 
20:49:32 ipsec,debug 00000001 00000001 00000038 02030401 00000000 0000002c 010c0000 80040004 
20:49:32 ipsec,debug 80060080 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 
20:49:32 ipsec,debug begin. 
20:49:32 ipsec,debug seen nptype=2(prop) len=56 
20:49:32 ipsec,debug succeed. 
20:49:32 ipsec,debug proposal #2 len=56 
20:49:32 ipsec,debug begin. 
20:49:32 ipsec,debug seen nptype=3(trns) len=44 
20:49:32 ipsec,debug succeed. 
20:49:32 ipsec,debug transform #1 len=44 
20:49:32 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:32 ipsec,debug UDP encapsulation requested 
20:49:32 ipsec,debug type=Key Length, flag=0x8000, lorv=128 
20:49:32 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:32 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:32 ipsec,debug pair 2: 
20:49:32 ipsec,debug  0x48c560: next=(nil) tnext=(nil) 
20:49:32 ipsec,debug proposal #2: 1 transform 
20:49:32 ipsec,debug NAT-OAi: 
20:49:32 ipsec,debug 01006671 55edead3 
20:49:32 ipsec,debug NAT-OAr: 
20:49:32 ipsec,debug 01001194 c0a80106 
20:49:32 ipsec,debug add payload of len 64, next type 10 
20:49:32 ipsec,debug add payload of len 24, next type 5 
20:49:32 ipsec,debug add payload of len 8, next type 5 
20:49:32 ipsec,debug add payload of len 8, next type 21 
20:49:32 ipsec,debug add payload of len 8, next type 21 
20:49:32 ipsec,debug add payload of len 8, next type 0 
20:49:32 ipsec,debug HASH with: 
20:49:32 ipsec,debug 00000005 ef55b1a1 3e439de4 cff04bfe ffd7c852 04ffdf65 6760daeb 37c9c8d3 
20:49:32 ipsec,debug dc5f88df c25b304a d9e50425 0ded45c8 e9df9512 0a000044 00000001 00000001 
20:49:32 ipsec,debug 00000038 02030401 0afe5506 0000002c 010c0000 80040004 80060080 80050002 
20:49:32 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 0500001c 8b10d494 
20:49:32 ipsec,debug 74c99b4f e372de55 11a89e51 429488b0 37cbc736 0500000c 011106a5 ac140a02 
20:49:32 ipsec,debug 1500000c 011106a5 5f673344 1500000c 01006671 55edead3 0000000c 01001194 
20:49:32 ipsec,debug c0a80106 
20:49:32 ipsec,debug hmac(hmac_sha1) 
20:49:32 ipsec,debug HASH computed: 
20:49:32 ipsec,debug 9a791540 f834810d 03396ca7 47f7f480 eeae0f9e 
20:49:32 ipsec,debug add payload of len 20, next type 1 
20:49:32 ipsec,debug begin encryption. 
20:49:32 ipsec,debug encryption(3des) 
20:49:32 ipsec,debug pad length = 8 
20:49:32 ipsec,debug 01000018 9a791540 f834810d 03396ca7 47f7f480 eeae0f9e 0a000044 00000001 
20:49:32 ipsec,debug 00000001 00000038 02030401 0afe5506 0000002c 010c0000 80040004 80060080 
20:49:32 ipsec,debug 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 0500001c 
20:49:32 ipsec,debug 8b10d494 74c99b4f e372de55 11a89e51 429488b0 37cbc736 0500000c 011106a5 
20:49:32 ipsec,debug ac140a02 1500000c 011106a5 5f673344 1500000c 01006671 55edead3 0000000c 
20:49:32 ipsec,debug 01001194 c0a80106 a0400bcd cda73707 
20:49:32 ipsec,debug encryption(3des) 
20:49:32 ipsec,debug with key: 
20:49:32 ipsec,debug 51f7282d 49196f28 3abba3b5 ad526b2c 542c9d04 520544cc 
20:49:32 ipsec,debug encrypted payload by IV: 
20:49:32 ipsec,debug 632f0316 6503078f 
20:49:32 ipsec,debug save IV for next: 
20:49:32 ipsec,debug 0e358d1f 5b1bc8af 
20:49:32 ipsec,debug encrypted. 
20:49:32 ipsec,debug 204 bytes from 192.168.1.6[4500] to xxx.xxx.xxx.xxx[26225] 
20:49:32 ipsec,debug 1 times of 208 bytes message will be sent to xxx.xxx.xxx.xxx[26225] 
20:49:32 ipsec,debug,packet 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08102001 00000005 000000cc 421b904b 
20:49:32 ipsec,debug,packet b4f91758 baf08bce 8250d83f 720db4b0 fe695767 605dfd23 6616bedb 2e109415 
20:49:32 ipsec,debug,packet 7493811a 5826eb62 ce5fda91 32bacfef 281b6b7a bbdd9846 a1661373 9b7afb36 
20:49:32 ipsec,debug,packet b6539c52 18b77a47 fb5fa952 b4aecb19 f94382c5 e0c2d767 7e13fbe6 686425de 
20:49:32 ipsec,debug,packet de0986b0 16901e9c 2412051e e9cec04a c6e8d0d8 f7cadc17 7c8352a2 286fdcd9 
20:49:32 ipsec,debug,packet 507e0b47 d7e7b22b 4fa55440 cb6d388a 07cb6705 cc0a3c07 9bac3efb 43e7523d 
20:49:32 ipsec,debug,packet 978de7d7 0e358d1f 5b1bc8af 
20:49:32 ipsec sent phase2 packet 192.168.1.6[4500]<=>xxx.xxx.xxx.xxx[26225] 22d3caa2d3c1742c:871e0ec7f5ec59ad:00000005 
20:49:32 ipsec,debug ===== received 60 bytes from xxx.xxx.xxx.xxx[26225] to 192.168.1.6[4500] 
20:49:32 ipsec,debug,packet 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08102001 00000005 0000003c d9834654 
20:49:32 ipsec,debug,packet fb91c9f6 485ec59c f6c048bc e7fc0e01 5dce522c 62f9133a 5699dcc6 
20:49:32 ipsec,debug encryption(3des) 
20:49:32 ipsec,debug IV was saved for next processing: 
20:49:32 ipsec,debug 62f9133a 5699dcc6 
20:49:32 ipsec,debug encryption(3des) 
20:49:32 ipsec,debug with key: 
20:49:32 ipsec,debug 51f7282d 49196f28 3abba3b5 ad526b2c 542c9d04 520544cc 
20:49:32 ipsec,debug decrypted payload by IV: 
20:49:32 ipsec,debug 0e358d1f 5b1bc8af 
20:49:32 ipsec,debug decrypted payload, but not trimed. 
20:49:32 ipsec,debug 00000018 8affc7d9 113362d4 5b3a4cff 4c972753 ff793fc1 00000000 00000000 
20:49:32 ipsec,debug padding len=1 
20:49:32 ipsec,debug skip to trim padding. 
20:49:32 ipsec,debug decrypted. 
20:49:32 ipsec,debug 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08102001 00000005 0000003c 00000018 
20:49:32 ipsec,debug 8affc7d9 113362d4 5b3a4cff 4c972753 ff793fc1 00000000 00000000 
20:49:32 ipsec,debug begin. 
20:49:32 ipsec,debug seen nptype=8(hash) len=24 
20:49:32 ipsec,debug succeed. 
20:49:32 ipsec,debug HASH(3) validate: 
20:49:32 ipsec,debug 8affc7d9 113362d4 5b3a4cff 4c972753 ff793fc1 
20:49:32 ipsec,debug HASH with:  
20:49:32 ipsec,debug 00000000 05ef55b1 a13e439d e4cff04b feffd7c8 5204ffdf 656760da eb37c9c8 
20:49:32 ipsec,debug d3dc5f88 dfc25b30 4ad9e504 250ded45 c8e9df95 128b10d4 9474c99b 4fe372de 
20:49:32 ipsec,debug 5511a89e 51429488 b037cbc7 36 
20:49:32 ipsec,debug hmac(hmac_sha1) 
20:49:32 ipsec,debug HASH computed: 
20:49:32 ipsec,debug 8affc7d9 113362d4 5b3a4cff 4c972753 ff793fc1 
20:49:32 ipsec,debug === 
20:49:32 ipsec,debug KEYMAT compute with 
20:49:32 ipsec,debug 030afe55 06ef55b1 a13e439d e4cff04b feffd7c8 5204ffdf 656760da eb37c9c8 
20:49:32 ipsec,debug d3dc5f88 dfc25b30 4ad9e504 250ded45 c8e9df95 128b10d4 9474c99b 4fe372de 
20:49:32 ipsec,debug 5511a89e 51429488 b037cbc7 36 
20:49:32 ipsec,debug hmac(hmac_sha1) 
20:49:32 ipsec,debug encryption(aes-cbc) 
20:49:32 ipsec,debug hmac(sha1) 
20:49:32 ipsec,debug encklen=128 authklen=160 
20:49:32 ipsec,debug generating 480 bits of key (dupkeymat=3) 
20:49:32 ipsec,debug generating K1...K3 for KEYMAT. 
20:49:32 ipsec,debug hmac(hmac_sha1) 
20:49:32 ipsec,debug hmac(hmac_sha1) 
20:49:32 ipsec,debug a3636927 01023ae8 d657e812 03977bb2 b599b567 8827c050 25da05e8 1d56392b 
20:49:32 ipsec,debug 446d61fd b08f2977 4a90448b 4dca3648 b0783f42 0d5f5fe3 b9e1d1f9 
20:49:32 ipsec,debug KEYMAT compute with 
20:49:32 ipsec,debug 039ba107 32ef55b1 a13e439d e4cff04b feffd7c8 5204ffdf 656760da eb37c9c8 
20:49:32 ipsec,debug d3dc5f88 dfc25b30 4ad9e504 250ded45 c8e9df95 128b10d4 9474c99b 4fe372de 
20:49:32 ipsec,debug 5511a89e 51429488 b037cbc7 36 
20:49:32 ipsec,debug hmac(hmac_sha1) 
20:49:32 ipsec,debug encryption(aes-cbc) 
20:49:32 ipsec,debug hmac(sha1) 
20:49:32 ipsec,debug encklen=128 authklen=160 
20:49:32 ipsec,debug generating 480 bits of key (dupkeymat=3) 
20:49:32 ipsec,debug generating K1...K3 for KEYMAT. 
20:49:32 ipsec,debug hmac(hmac_sha1) 
20:49:32 ipsec,debug hmac(hmac_sha1) 
20:49:32 ipsec,debug c0f2a7e0 fcf40923 9ea8e666 934efca3 9c91ceef 943cc891 923a56f8 3e613fac 
20:49:32 ipsec,debug 50d7356b ae9c4513 c118ae01 f0f00c7b 4d23f17e a456e56a 63997fa5 
20:49:32 ipsec,debug KEYMAT computed. 
20:49:32 ipsec,debug call pk_sendupdate 
20:49:32 ipsec,debug encryption(aes-cbc) 
20:49:32 ipsec,debug hmac(sha1) 
20:49:32 ipsec,debug call pfkey_send_update_nat 
20:49:32 ipsec IPsec-SA established: ESP/Transport xxx.xxx.xxx.xxx[26225]->192.168.1.6[4500] spi=0xafe5506 
20:49:32 ipsec,debug pfkey update sent. 
20:49:32 ipsec,debug encryption(aes-cbc) 
20:49:32 ipsec,debug hmac(sha1) 
20:49:32 ipsec,debug call pfkey_send_add_nat 
20:49:32 ipsec IPsec-SA established: ESP/Transport 192.168.1.6[4500]->xxx.xxx.xxx.xxx[26225] spi=0x9ba10732 
20:49:32 ipsec,debug pfkey add sent. 
20:49:32 ipsec,debug ===== received 76 bytes from xxx.xxx.xxx.xxx[26225] to 192.168.1.6[4500] 
20:49:32 ipsec,debug,packet 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08100501 db4f5173 0000004c 2124f203 
20:49:32 ipsec,debug,packet a3160f3a 46c431d4 4ca2ea7a 19b35a93 50636cd5 32086c79 6d345e3f d0caed6b 
20:49:32 ipsec,debug,packet 879c5780 0b93539e 1e212cd2 
20:49:32 ipsec,debug receive Information. 
20:49:32 ipsec,debug compute IV for phase2 
20:49:32 ipsec,debug phase1 last IV: 
20:49:32 ipsec,debug 79a632f9 2f84b13d db4f5173 
20:49:32 ipsec,debug hash(sha1) 
20:49:32 ipsec,debug encryption(3des) 
20:49:32 ipsec,debug phase2 IV computed: 
20:49:32 ipsec,debug e69195a0 ec9ce4c4 
20:49:32 ipsec,debug encryption(3des) 
20:49:32 ipsec,debug IV was saved for next processing: 
20:49:32 ipsec,debug 0b93539e 1e212cd2 
20:49:32 ipsec,debug encryption(3des) 
20:49:32 ipsec,debug with key: 
20:49:32 ipsec,debug 51f7282d 49196f28 3abba3b5 ad526b2c 542c9d04 520544cc 
20:49:32 ipsec,debug decrypted payload by IV: 
20:49:32 ipsec,debug e69195a0 ec9ce4c4 
20:49:32 ipsec,debug decrypted payload, but not trimed. 
20:49:32 ipsec,debug 0c000018 acfc4d46 f20790b0 9c90c957 4b7fd572 19dc5154 00000010 00000001 
20:49:32 ipsec,debug 03040001 dcd5269a 00000000 00000000 
20:49:32 ipsec,debug padding len=1 
20:49:32 ipsec,debug skip to trim padding. 
20:49:32 ipsec,debug decrypted. 
20:49:32 ipsec,debug 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08100501 db4f5173 0000004c 0c000018 
20:49:32 ipsec,debug acfc4d46 f20790b0 9c90c957 4b7fd572 19dc5154 00000010 00000001 03040001 
20:49:32 ipsec,debug dcd5269a 00000000 00000000 
20:49:32 ipsec,debug HASH with: 
20:49:32 ipsec,debug db4f5173 00000010 00000001 03040001 dcd5269a 
20:49:32 ipsec,debug hmac(hmac_sha1) 
20:49:32 ipsec,debug HASH computed: 
20:49:32 ipsec,debug acfc4d46 f20790b0 9c90c957 4b7fd572 19dc5154 
20:49:32 ipsec,debug hash validated. 
20:49:32 ipsec,debug begin. 
20:49:32 ipsec,debug seen nptype=8(hash) len=24 
20:49:32 ipsec,debug seen nptype=12(delete) len=16 
20:49:32 ipsec,debug succeed. 
20:49:32 ipsec,debug xxx.xxx.xxx.xxx delete payload for protocol ESP 
20:49:32 ipsec purged IPsec-SA proto_id=ESP spi=0xdcd5269a 
20:49:32 ipsec purged IPsec-SA proto_id=ESP spi=0x1a3a350 
20:49:32 ipsec,debug an undead schedule has been deleted. 
20:49:32 ipsec,debug purged SAs. 
20:49:35 system,info,account user gh0st logged in from 10.31.0.100 via telnet 
20:49:40 ipsec,debug KA: 192.168.1.6[4500]->xxx.xxx.xxx.xxx[26225] 
20:49:40 ipsec,debug 1 times of 1 bytes message will be sent to xxx.xxx.xxx.xxx[26225] 
20:49:40 ipsec,debug,packet ff 
20:49:42 ipsec,debug ===== received 436 bytes from xxx.xxx.xxx.xxx[26225] to 192.168.1.6[4500] 
20:49:42 ipsec,debug,packet 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08102001 00000006 000001b4 ea491a0f 
20:49:42 ipsec,debug,packet 472dc2ae c0889418 c0b8bc50 a1454c5a e2dc41f4 60fbe31e 2aa5a669 cfeda119 
20:49:42 ipsec,debug,packet c66bb144 5794fcfa 95a124f5 1c9c6dc2 e47dd73c 5016593b 2add4494 acf6551e 
20:49:42 ipsec,debug,packet 3bddf2cb b14e89c1 c16b1be2 bf30c67b 3959c45d 1894ae8c 250c2874 d55d60c7 
20:49:42 ipsec,debug,packet 36370c2d f7786925 e2e785f8 27e410ed 8f9573a6 d9ad16ca 56c5ee8c 133f8f7a 
20:49:42 ipsec,debug,packet 654ad852 798ffc7f c449219b dbbb1f3a 682034b1 86e54e2c bfc6ee74 a4daf621 
20:49:42 ipsec,debug,packet ae16cdcc 0132395f 70b65923 436fc29c 76a29fb4 68790e6a 69cecfd1 9f2c013e 
20:49:42 ipsec,debug,packet be5b7f92 0d2671de ed08062d 8cffce13 e1b1a4c9 0a931e0a e4e0d559 334162aa 
20:49:42 ipsec,debug,packet 4006d8e9 5f05be5a 458c793e 1a703448 3d43826c fbadb655 e01802bd cb6537af 
20:49:42 ipsec,debug,packet 90ad44ab c4f1cf72 928454ad 204f2c19 78866398 b53568f1 f5eba0cc df64e84d 
20:49:42 ipsec,debug,packet 8cf31f5a 591b88c1 dddc21aa 91c14cf6 e37d281a 71ef1d93 55c6f819 9f0554a0 
20:49:42 ipsec,debug,packet d409d065 1cff9f60 704949f4 4562f63c 4f1d0de7 b3aaeaca 154a58c5 df0788df 
20:49:42 ipsec,debug,packet 0c3d77c1 94e87b5d ec73de34 2405d689 c9984237 a3831699 f254b8fb 49ca14f5 
20:49:42 ipsec,debug,packet 1597ba82 d9a61625 ddfdfcdc 84e93427 830fb696 
20:49:42 ipsec,debug compute IV for phase2 
20:49:42 ipsec,debug phase1 last IV: 
20:49:42 ipsec,debug 79a632f9 2f84b13d 00000006 
20:49:42 ipsec,debug hash(sha1) 
20:49:42 ipsec,debug encryption(3des) 
20:49:42 ipsec,debug phase2 IV computed: 
20:49:42 ipsec,debug 62e5f93c 5a7d0c7e 
20:49:42 ipsec,debug === 
20:49:42 ipsec respond new phase 2 negotiation: 192.168.1.6[4500]<=>xxx.xxx.xxx.xxx[26225] 
20:49:42 ipsec,debug encryption(3des) 
20:49:42 ipsec,debug IV was saved for next processing: 
20:49:42 ipsec,debug 84e93427 830fb696 
20:49:42 ipsec,debug encryption(3des) 
20:49:42 ipsec,debug with key: 
20:49:42 ipsec,debug 51f7282d 49196f28 3abba3b5 ad526b2c 542c9d04 520544cc 
20:49:42 ipsec,debug decrypted payload by IV: 
20:49:42 ipsec,debug 62e5f93c 5a7d0c7e 
20:49:42 ipsec,debug decrypted payload, but not trimed. 
20:49:42 ipsec,debug 01000018 9d45189d efba7910 821be58a 71088dc4 351ec702 0a000118 00000001 
20:49:42 ipsec,debug 00000001 02000038 01030401 b55236f4 0000002c 010c0000 80040004 80060100 
20:49:42 ipsec,debug 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 02000038 
20:49:42 ipsec,debug 02030401 b55236f4 0000002c 010c0000 80040004 80060080 80050002 80010001 
20:49:42 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090 02000034 03030401 b55236f4 
20:49:42 ipsec,debug 00000028 01030000 80040004 80050002 80010001 00020004 00000e10 80010002 
20:49:42 ipsec,debug 00020004 0003d090 02000034 04030401 b55236f4 00000028 01020000 80040004 
20:49:42 ipsec,debug 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 00000034 
20:49:42 ipsec,debug 05030401 b55236f4 00000028 010b0000 80040004 80050002 80010001 00020004 
20:49:42 ipsec,debug 00000e10 80010002 00020004 0003d090 05000034 cc4830ea 8159ed81 bd12acb5 
20:49:42 ipsec,debug 0194ea0c adce3c7e 75fcb5f1 810134de 0b759d69 c702ca3b 2e2d4023 5fb609af 
20:49:42 ipsec,debug 5ac631d9 0500000c 011106a5 ac140a02 1500000c 011106a5 5f673344 1500000c 
20:49:42 ipsec,debug 01000000 ac140a02 0000000c 01000000 5f673344 00000000 
20:49:42 ipsec,debug padding len=1 
20:49:42 ipsec,debug skip to trim padding. 
20:49:42 ipsec,debug decrypted. 
20:49:42 ipsec,debug 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08102001 00000006 000001b4 01000018 
20:49:42 ipsec,debug 9d45189d efba7910 821be58a 71088dc4 351ec702 0a000118 00000001 00000001 
20:49:42 ipsec,debug 02000038 01030401 b55236f4 0000002c 010c0000 80040004 80060100 80050002 
20:49:42 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 02000038 02030401 
20:49:42 ipsec,debug b55236f4 0000002c 010c0000 80040004 80060080 80050002 80010001 00020004 
20:49:42 ipsec,debug 00000e10 80010002 00020004 0003d090 02000034 03030401 b55236f4 00000028 
20:49:42 ipsec,debug 01030000 80040004 80050002 80010001 00020004 00000e10 80010002 00020004 
20:49:42 ipsec,debug 0003d090 02000034 04030401 b55236f4 00000028 01020000 80040004 80050002 
20:49:42 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 00000034 05030401 
20:49:42 ipsec,debug b55236f4 00000028 010b0000 80040004 80050002 80010001 00020004 00000e10 
20:49:42 ipsec,debug 80010002 00020004 0003d090 05000034 cc4830ea 8159ed81 bd12acb5 0194ea0c 
20:49:42 ipsec,debug adce3c7e 75fcb5f1 810134de 0b759d69 c702ca3b 2e2d4023 5fb609af 5ac631d9 
20:49:42 ipsec,debug 0500000c 011106a5 ac140a02 1500000c 011106a5 5f673344 1500000c 01000000 
20:49:42 ipsec,debug ac140a02 0000000c 01000000 5f673344 00000000 
20:49:42 ipsec,debug begin. 
20:49:42 ipsec,debug seen nptype=8(hash) len=24 
20:49:42 ipsec,debug seen nptype=1(sa) len=280 
20:49:42 ipsec,debug seen nptype=10(nonce) len=52 
20:49:42 ipsec,debug seen nptype=5(id) len=12 
20:49:42 ipsec,debug seen nptype=5(id) len=12 
20:49:42 ipsec,debug seen nptype=21(nat-oa) len=12 
20:49:42 ipsec,debug seen nptype=21(nat-oa) len=12 
20:49:42 ipsec,debug succeed. 
20:49:42 ipsec,debug received IDci2: 
20:49:42 ipsec,debug 011106a5 ac140a02 
20:49:42 ipsec,debug received IDcr2: 
20:49:42 ipsec,debug 011106a5 5f673344 
20:49:42 ipsec,debug HASH(1) validate: 
20:49:42 ipsec,debug 9d45189d efba7910 821be58a 71088dc4 351ec702 
20:49:42 ipsec,debug HASH with: 
20:49:42 ipsec,debug 00000006 0a000118 00000001 00000001 02000038 01030401 b55236f4 0000002c 
20:49:42 ipsec,debug 010c0000 80040004 80060100 80050002 80010001 00020004 00000e10 80010002 
20:49:42 ipsec,debug 00020004 0003d090 02000038 02030401 b55236f4 0000002c 010c0000 80040004 
20:49:42 ipsec,debug 80060080 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 
20:49:42 ipsec,debug 02000034 03030401 b55236f4 00000028 01030000 80040004 80050002 80010001 
20:49:42 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090 02000034 04030401 b55236f4 
20:49:42 ipsec,debug 00000028 01020000 80040004 80050002 80010001 00020004 00000e10 80010002 
20:49:42 ipsec,debug 00020004 0003d090 00000034 05030401 b55236f4 00000028 010b0000 80040004 
20:49:42 ipsec,debug 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 05000034 
20:49:42 ipsec,debug cc4830ea 8159ed81 bd12acb5 0194ea0c adce3c7e 75fcb5f1 810134de 0b759d69 
20:49:42 ipsec,debug c702ca3b 2e2d4023 5fb609af 5ac631d9 0500000c 011106a5 ac140a02 1500000c 
20:49:42 ipsec,debug 011106a5 5f673344 1500000c 01000000 ac140a02 0000000c 01000000 5f673344 
20:49:42 ipsec,debug hmac(hmac_sha1) 
20:49:42 ipsec,debug HASH computed: 
20:49:42 ipsec,debug 9d45189d efba7910 821be58a 71088dc4 351ec702 
20:49:42 ipsec,debug total SA len=276 
20:49:42 ipsec,debug 00000001 00000001 02000038 01030401 b55236f4 0000002c 010c0000 80040004 
20:49:42 ipsec,debug 80060100 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 
20:49:42 ipsec,debug 02000038 02030401 b55236f4 0000002c 010c0000 80040004 80060080 80050002 
20:49:42 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 02000034 03030401 
20:49:42 ipsec,debug b55236f4 00000028 01030000 80040004 80050002 80010001 00020004 00000e10 
20:49:42 ipsec,debug 80010002 00020004 0003d090 02000034 04030401 b55236f4 00000028 01020000 
20:49:42 ipsec,debug 80040004 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 
20:49:42 ipsec,debug 00000034 05030401 b55236f4 00000028 010b0000 80040004 80050002 80010001 
20:49:42 ipsec,debug 00020004 00000e10 80010002 00020004 0003d090 
20:49:42 ipsec,debug begin. 
20:49:42 ipsec,debug seen nptype=2(prop) len=56 
20:49:42 ipsec,debug seen nptype=2(prop) len=56 
20:49:42 ipsec,debug seen nptype=2(prop) len=52 
20:49:42 ipsec,debug seen nptype=2(prop) len=52 
20:49:42 ipsec,debug seen nptype=2(prop) len=52 
20:49:42 ipsec,debug succeed. 
20:49:42 ipsec,debug proposal #1 len=56 
20:49:42 ipsec,debug begin. 
20:49:42 ipsec,debug seen nptype=3(trns) len=44 
20:49:42 ipsec,debug succeed. 
20:49:42 ipsec,debug transform #1 len=44 
20:49:42 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:42 ipsec,debug UDP encapsulation requested 
20:49:42 ipsec,debug type=Key Length, flag=0x8000, lorv=256 
20:49:42 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug proposal #2 len=56 
20:49:42 ipsec,debug begin. 
20:49:42 ipsec,debug seen nptype=3(trns) len=44 
20:49:42 ipsec,debug succeed. 
20:49:42 ipsec,debug transform #1 len=44 
20:49:42 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:42 ipsec,debug UDP encapsulation requested 
20:49:42 ipsec,debug type=Key Length, flag=0x8000, lorv=128 
20:49:42 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug proposal #3 len=52 
20:49:42 ipsec,debug begin. 
20:49:42 ipsec,debug seen nptype=3(trns) len=40 
20:49:42 ipsec,debug succeed. 
20:49:42 ipsec,debug transform #1 len=40 
20:49:42 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:42 ipsec,debug UDP encapsulation requested 
20:49:42 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug proposal #4 len=52 
20:49:42 ipsec,debug begin. 
20:49:42 ipsec,debug seen nptype=3(trns) len=40 
20:49:42 ipsec,debug succeed. 
20:49:42 ipsec,debug transform #1 len=40 
20:49:42 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:42 ipsec,debug UDP encapsulation requested 
20:49:42 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug proposal #5 len=52 
20:49:42 ipsec,debug begin. 
20:49:42 ipsec,debug seen nptype=3(trns) len=40 
20:49:42 ipsec,debug succeed. 
20:49:42 ipsec,debug transform #1 len=40 
20:49:42 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:42 ipsec,debug UDP encapsulation requested 
20:49:42 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug pair 1: 
20:49:42 ipsec,debug  0x48e9a0: next=(nil) tnext=(nil) 
20:49:42 ipsec,debug proposal #1: 1 transform 
20:49:42 ipsec,debug pair 2: 
20:49:42 ipsec,debug  0x48caf8: next=(nil) tnext=(nil) 
20:49:42 ipsec,debug proposal #2: 1 transform 
20:49:42 ipsec,debug pair 3: 
20:49:42 ipsec,debug  0x48ccd0: next=(nil) tnext=(nil) 
20:49:42 ipsec,debug proposal #3: 1 transform 
20:49:42 ipsec,debug pair 4: 
20:49:42 ipsec,debug  0x48cce8: next=(nil) tnext=(nil) 
20:49:42 ipsec,debug proposal #4: 1 transform 
20:49:42 ipsec,debug pair 5: 
20:49:42 ipsec,debug  0x48e7a0: next=(nil) tnext=(nil) 
20:49:42 ipsec,debug proposal #5: 1 transform 
20:49:42 ipsec,debug got the local address from ID payload xxx.xxx.xxx.xxx[1701] prefixlen=32 ul_proto=17 
20:49:42 ipsec,debug got the peer address from ID payload 172.20.10.2[1701] prefixlen=32 ul_proto=17 
20:49:42 ipsec,debug updating policy address because of NAT in transport mode 
20:49:42 ipsec,debug new local address 192.168.1.6[1701] 
20:49:42 ipsec,debug new peer address xxx.xxx.xxx.xxx[1701] 
20:49:42 ipsec searching for policy for selector: 192.168.1.6:1701 ip-proto:17 <=> xxx.xxx.xxx.xxx:1701 ip-proto:17 
20:49:42 ipsec recorded wild match: 192.168.1.6 <=> xxx.xxx.xxx.xxx ip-proto:17 
20:49:42 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=4:4) 
20:49:42 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1) 
20:49:42 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1) 
20:49:42 ipsec,debug begin compare proposals. 
20:49:42 ipsec,debug pair[1]: 0x48e9a0 
20:49:42 ipsec,debug  0x48e9a0: next=(nil) tnext=(nil) 
20:49:42 ipsec,debug prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC 
20:49:42 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:42 ipsec,debug type=Key Length, flag=0x8000, lorv=256 
20:49:42 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug peer's single bundle: 
20:49:42 ipsec,debug  (proto_id=ESP spisize=4 spi=b55236f4 spi_p=00000000 encmode=UDP-Transport reqid=0:0) 
20:49:42 ipsec,debug   (trns_id=AES-CBC encklen=256 authtype=hmac-sha1) 
20:49:42 ipsec,debug my single bundle: 
20:49:42 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=UDP-Transport reqid=4:4) 
20:49:42 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1) 
20:49:42 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1) 
20:49:42 ipsec Adjusting my encmode UDP-Transport->Transport 
20:49:42 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2) 
20:49:42 ipsec key length mismatched, mine:128 peer:256. 
20:49:42 ipsec trns_id mismatched: my:3DES peer:AES-CBC 
20:49:42 ipsec,debug not matched 
20:49:42 ipsec,debug pair[2]: 0x48caf8 
20:49:42 ipsec,debug  0x48caf8: next=(nil) tnext=(nil) 
20:49:42 ipsec,debug prop#=2 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=AES-CBC 
20:49:42 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:42 ipsec,debug type=Key Length, flag=0x8000, lorv=128 
20:49:42 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug peer's single bundle: 
20:49:42 ipsec,debug  (proto_id=ESP spisize=4 spi=b55236f4 spi_p=00000000 encmode=UDP-Transport reqid=0:0) 
20:49:42 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1) 
20:49:42 ipsec,debug my single bundle: 
20:49:42 ipsec,debug  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=4:4) 
20:49:42 ipsec,debug   (trns_id=AES-CBC encklen=128 authtype=hmac-sha1) 
20:49:42 ipsec,debug   (trns_id=3DES encklen=0 authtype=hmac-sha1) 
20:49:42 ipsec Adjusting peer's encmode UDP-Transport(4)->Transport(2) 
20:49:42 ipsec,debug matched 
20:49:42 ipsec,debug === 
20:49:42 ipsec,debug call pfkey_send_getspi 13 
20:49:42 ipsec,debug pfkey GETSPI sent: ESP/Transport xxx.xxx.xxx.xxx[26225]->192.168.1.6[4500]  
20:49:42 ipsec,debug pfkey getspi sent. 
20:49:42 ipsec,debug total SA len=64 
20:49:42 ipsec,debug 00000001 00000001 00000038 02030401 00000000 0000002c 010c0000 80040004 
20:49:42 ipsec,debug 80060080 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 
20:49:42 ipsec,debug begin. 
20:49:42 ipsec,debug seen nptype=2(prop) len=56 
20:49:42 ipsec,debug succeed. 
20:49:42 ipsec,debug proposal #2 len=56 
20:49:42 ipsec,debug begin. 
20:49:42 ipsec,debug seen nptype=3(trns) len=44 
20:49:42 ipsec,debug succeed. 
20:49:42 ipsec,debug transform #1 len=44 
20:49:42 ipsec,debug type=Encryption Mode, flag=0x8000, lorv=UDP-Transport 
20:49:42 ipsec,debug UDP encapsulation requested 
20:49:42 ipsec,debug type=Key Length, flag=0x8000, lorv=128 
20:49:42 ipsec,debug type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha1 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=seconds 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug type=SA Life Type, flag=0x8000, lorv=kilobytes 
20:49:42 ipsec,debug type=SA Life Duration, flag=0x0000, lorv=4 
20:49:42 ipsec,debug pair 2: 
20:49:42 ipsec,debug  0x48e460: next=(nil) tnext=(nil) 
20:49:42 ipsec,debug proposal #2: 1 transform 
20:49:42 ipsec,debug NAT-OAi: 
20:49:42 ipsec,debug 01006671 55edead3 
20:49:42 ipsec,debug NAT-OAr: 
20:49:42 ipsec,debug 01001194 c0a80106 
20:49:42 ipsec,debug add payload of len 64, next type 10 
20:49:42 ipsec,debug add payload of len 24, next type 5 
20:49:42 ipsec,debug add payload of len 8, next type 5 
20:49:42 ipsec,debug add payload of len 8, next type 21 
20:49:42 ipsec,debug add payload of len 8, next type 21 
20:49:42 ipsec,debug add payload of len 8, next type 0 
20:49:42 ipsec,debug HASH with: 
20:49:42 ipsec,debug 00000006 cc4830ea 8159ed81 bd12acb5 0194ea0c adce3c7e 75fcb5f1 810134de 
20:49:42 ipsec,debug 0b759d69 c702ca3b 2e2d4023 5fb609af 5ac631d9 0a000044 00000001 00000001 
20:49:42 ipsec,debug 00000038 02030401 070cf5db 0000002c 010c0000 80040004 80060080 80050002 
20:49:42 ipsec,debug 80010001 00020004 00000e10 80010002 00020004 0003d090 0500001c a3ed7749 
20:49:42 ipsec,debug 4b652294 8ceb7686 9f6424d1 0064a385 e6bec47d 0500000c 011106a5 ac140a02 
20:49:42 ipsec,debug 1500000c 011106a5 5f673344 1500000c 01006671 55edead3 0000000c 01001194 
20:49:42 ipsec,debug c0a80106 
20:49:42 ipsec,debug hmac(hmac_sha1) 
20:49:42 ipsec,debug HASH computed: 
20:49:42 ipsec,debug 6430a6eb 1d4deeec 068f20f5 433f90bb aec59ce1 
20:49:42 ipsec,debug add payload of len 20, next type 1 
20:49:42 ipsec,debug begin encryption. 
20:49:42 ipsec,debug encryption(3des) 
20:49:42 ipsec,debug pad length = 8 
20:49:42 ipsec,debug 01000018 6430a6eb 1d4deeec 068f20f5 433f90bb aec59ce1 0a000044 00000001 
20:49:42 ipsec,debug 00000001 00000038 02030401 070cf5db 0000002c 010c0000 80040004 80060080 
20:49:42 ipsec,debug 80050002 80010001 00020004 00000e10 80010002 00020004 0003d090 0500001c 
20:49:42 ipsec,debug a3ed7749 4b652294 8ceb7686 9f6424d1 0064a385 e6bec47d 0500000c 011106a5 
20:49:42 ipsec,debug ac140a02 1500000c 011106a5 5f673344 1500000c 01006671 55edead3 0000000c 
20:49:42 ipsec,debug 01001194 c0a80106 fd567ce8 dcc3b207 
20:49:42 ipsec,debug encryption(3des) 
20:49:42 ipsec,debug with key: 
20:49:42 ipsec,debug 51f7282d 49196f28 3abba3b5 ad526b2c 542c9d04 520544cc 
20:49:42 ipsec,debug encrypted payload by IV: 
20:49:42 ipsec,debug 84e93427 830fb696 
20:49:42 ipsec,debug save IV for next: 
20:49:42 ipsec,debug 7b880374 5b5991d1 
20:49:42 ipsec,debug encrypted. 
20:49:42 ipsec,debug 204 bytes from 192.168.1.6[4500] to xxx.xxx.xxx.xxx[26225] 
20:49:42 ipsec,debug 1 times of 208 bytes message will be sent to xxx.xxx.xxx.xxx[26225] 
20:49:42 ipsec,debug,packet 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08102001 00000006 000000cc dfc77c89 
20:49:42 ipsec,debug,packet 28e9fa28 6a08a56e e5cc1e1d f2b4a9a7 345ab818 3ff77ba6 d1b0258f 1dfd8e95 
20:49:42 ipsec,debug,packet 40f646f1 c66bf4a5 c66bdb80 c5f3a91c 9635ed5d 8527defc 3d75a5b8 1ad8daee 
20:49:42 ipsec,debug,packet f16c4765 7c832fc4 475d307f c8bfbe1f 38401b12 87637f11 073a8af1 248b0b29 
20:49:42 ipsec,debug,packet f02c3573 58f2368a 47d4740a 64c138cd e2aa4af1 26c69a95 c1182596 700f8283 
20:49:42 ipsec,debug,packet 67757df4 f1b150b6 738c8a76 ecf66261 62d631e2 dc8331a3 1462d4a9 ed9f92b8 
20:49:42 ipsec,debug,packet 9ea23a7c 7b880374 5b5991d1 
20:49:42 ipsec sent phase2 packet 192.168.1.6[4500]<=>xxx.xxx.xxx.xxx[26225] 22d3caa2d3c1742c:871e0ec7f5ec59ad:00000006 
20:49:42 ipsec,debug ===== received 60 bytes from xxx.xxx.xxx.xxx[26225] to 192.168.1.6[4500] 
20:49:42 ipsec,debug,packet 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08102001 00000006 0000003c 528e34e9 
20:49:42 ipsec,debug,packet 1bfc88eb dd80d9a0 6b253207 01964611 5c743c0d 799f4143 07a937bb 
20:49:42 ipsec,debug encryption(3des) 
20:49:42 ipsec,debug IV was saved for next processing: 
20:49:42 ipsec,debug 799f4143 07a937bb 
20:49:42 ipsec,debug encryption(3des) 
20:49:42 ipsec,debug with key: 
20:49:42 ipsec,debug 51f7282d 49196f28 3abba3b5 ad526b2c 542c9d04 520544cc 
20:49:42 ipsec,debug decrypted payload by IV: 
20:49:42 ipsec,debug 7b880374 5b5991d1 
20:49:42 ipsec,debug decrypted payload, but not trimed. 
20:49:42 ipsec,debug 00000018 43f0d3e5 aea69728 4e67827e be4c861d 56643e5d 00000000 00000000 
20:49:42 ipsec,debug padding len=1 
20:49:42 ipsec,debug skip to trim padding. 
20:49:42 ipsec,debug decrypted. 
20:49:42 ipsec,debug 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08102001 00000006 0000003c 00000018 
20:49:42 ipsec,debug 43f0d3e5 aea69728 4e67827e be4c861d 56643e5d 00000000 00000000 
20:49:42 ipsec,debug begin. 
20:49:42 ipsec,debug seen nptype=8(hash) len=24 
20:49:42 ipsec,debug succeed. 
20:49:42 ipsec,debug HASH(3) validate: 
20:49:42 ipsec,debug 43f0d3e5 aea69728 4e67827e be4c861d 56643e5d 
20:49:42 ipsec,debug HASH with:  
20:49:42 ipsec,debug 00000000 06cc4830 ea8159ed 81bd12ac b50194ea 0cadce3c 7e75fcb5 f1810134 
20:49:42 ipsec,debug de0b759d 69c702ca 3b2e2d40 235fb609 af5ac631 d9a3ed77 494b6522 948ceb76 
20:49:42 ipsec,debug 869f6424 d10064a3 85e6bec4 7d 
20:49:42 ipsec,debug hmac(hmac_sha1) 
20:49:42 ipsec,debug HASH computed: 
20:49:42 ipsec,debug 43f0d3e5 aea69728 4e67827e be4c861d 56643e5d 
20:49:42 ipsec,debug === 
20:49:42 ipsec,debug KEYMAT compute with 
20:49:42 ipsec,debug 03070cf5 dbcc4830 ea8159ed 81bd12ac b50194ea 0cadce3c 7e75fcb5 f1810134 
20:49:42 ipsec,debug de0b759d 69c702ca 3b2e2d40 235fb609 af5ac631 d9a3ed77 494b6522 948ceb76 
20:49:42 ipsec,debug 869f6424 d10064a3 85e6bec4 7d 
20:49:42 ipsec,debug hmac(hmac_sha1) 
20:49:42 ipsec,debug encryption(aes-cbc) 
20:49:42 ipsec,debug hmac(sha1) 
20:49:42 ipsec,debug encklen=128 authklen=160 
20:49:42 ipsec,debug generating 480 bits of key (dupkeymat=3) 
20:49:42 ipsec,debug generating K1...K3 for KEYMAT. 
20:49:42 ipsec,debug hmac(hmac_sha1) 
20:49:42 ipsec,debug hmac(hmac_sha1) 
20:49:42 ipsec,debug b9656f0f 9e2916ba 6aa6694a e52bff15 37983356 81291f90 899b2a5b c103f884 
20:49:42 ipsec,debug 12b86ff1 4d38687d 3abd29e3 19e5f24a 83d4d343 079b4fdf 1601d4e0 
20:49:42 ipsec,debug KEYMAT compute with 
20:49:42 ipsec,debug 03b55236 f4cc4830 ea8159ed 81bd12ac b50194ea 0cadce3c 7e75fcb5 f1810134 
20:49:42 ipsec,debug de0b759d 69c702ca 3b2e2d40 235fb609 af5ac631 d9a3ed77 494b6522 948ceb76 
20:49:42 ipsec,debug 869f6424 d10064a3 85e6bec4 7d 
20:49:42 ipsec,debug hmac(hmac_sha1) 
20:49:42 ipsec,debug encryption(aes-cbc) 
20:49:42 ipsec,debug hmac(sha1) 
20:49:42 ipsec,debug encklen=128 authklen=160 
20:49:42 ipsec,debug generating 480 bits of key (dupkeymat=3) 
20:49:42 ipsec,debug generating K1...K3 for KEYMAT. 
20:49:42 ipsec,debug hmac(hmac_sha1) 
20:49:42 ipsec,debug hmac(hmac_sha1) 
20:49:42 ipsec,debug 5042fea4 4f4201df c2fbe628 8411c27d f38f4a32 57dde2d5 6bb695d8 e6e42163 
20:49:42 ipsec,debug 3c4cd906 ab94eef5 ded87d4d ebb2b05e 438ece93 421a2b99 1482f9c2 
20:49:42 ipsec,debug KEYMAT computed. 
20:49:42 ipsec,debug call pk_sendupdate 
20:49:42 ipsec,debug encryption(aes-cbc) 
20:49:42 ipsec,debug hmac(sha1) 
20:49:42 ipsec,debug call pfkey_send_update_nat 
20:49:42 ipsec IPsec-SA established: ESP/Transport xxx.xxx.xxx.xxx[26225]->192.168.1.6[4500] spi=0x70cf5db 
20:49:42 ipsec,debug pfkey update sent. 
20:49:42 ipsec,debug encryption(aes-cbc) 
20:49:42 ipsec,debug hmac(sha1) 
20:49:42 ipsec,debug call pfkey_send_add_nat 
20:49:42 ipsec IPsec-SA established: ESP/Transport 192.168.1.6[4500]->xxx.xxx.xxx.xxx[26225] spi=0xb55236f4 
20:49:42 ipsec,debug pfkey add sent. 
20:49:42 ipsec,debug ===== received 76 bytes from xxx.xxx.xxx.xxx[26225] to 192.168.1.6[4500] 
20:49:42 ipsec,debug,packet 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08100501 b0a94b5b 0000004c 2619d58c 
20:49:42 ipsec,debug,packet c8feffe8 f92807d9 6b33aa86 6bffe018 a82b4c66 1e98f232 1ac412e9 02669e24 
20:49:42 ipsec,debug,packet de9bff30 6ea592da beb090e5 
20:49:42 ipsec,debug receive Information. 
20:49:42 ipsec,debug compute IV for phase2 
20:49:42 ipsec,debug phase1 last IV: 
20:49:42 ipsec,debug 79a632f9 2f84b13d b0a94b5b 
20:49:42 ipsec,debug hash(sha1) 
20:49:42 ipsec,debug encryption(3des) 
20:49:42 ipsec,debug phase2 IV computed: 
20:49:42 ipsec,debug ea3c2e48 2f566661 
20:49:42 ipsec,debug encryption(3des) 
20:49:42 ipsec,debug IV was saved for next processing: 
20:49:42 ipsec,debug 6ea592da beb090e5 
20:49:42 ipsec,debug encryption(3des) 
20:49:42 ipsec,debug with key: 
20:49:42 ipsec,debug 51f7282d 49196f28 3abba3b5 ad526b2c 542c9d04 520544cc 
20:49:42 ipsec,debug decrypted payload by IV: 
20:49:42 ipsec,debug ea3c2e48 2f566661 
20:49:42 ipsec,debug decrypted payload, but not trimed. 
20:49:42 ipsec,debug 0c000018 7a410516 3127758d d5ccd9b3 f0634c28 68b38bf0 00000010 00000001 
20:49:42 ipsec,debug 03040001 9ba10732 00000000 00000000 
20:49:42 ipsec,debug padding len=1 
20:49:42 ipsec,debug skip to trim padding. 
20:49:42 ipsec,debug decrypted. 
20:49:42 ipsec,debug 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08100501 b0a94b5b 0000004c 0c000018 
20:49:42 ipsec,debug 7a410516 3127758d d5ccd9b3 f0634c28 68b38bf0 00000010 00000001 03040001 
20:49:42 ipsec,debug 9ba10732 00000000 00000000 
20:49:42 ipsec,debug HASH with: 
20:49:42 ipsec,debug b0a94b5b 00000010 00000001 03040001 9ba10732 
20:49:42 ipsec,debug hmac(hmac_sha1) 
20:49:42 ipsec,debug HASH computed: 
20:49:42 ipsec,debug 7a410516 3127758d d5ccd9b3 f0634c28 68b38bf0 
20:49:42 ipsec,debug hash validated. 
20:49:42 ipsec,debug begin. 
20:49:42 ipsec,debug seen nptype=8(hash) len=24 
20:49:42 ipsec,debug seen nptype=12(delete) len=16 
20:49:42 ipsec,debug succeed. 
20:49:42 ipsec,debug xxx.xxx.xxx.xxx delete payload for protocol ESP 
20:49:42 ipsec purged IPsec-SA proto_id=ESP spi=0x9ba10732 
20:49:42 ipsec purged IPsec-SA proto_id=ESP spi=0xafe5506 
20:49:42 ipsec,debug an undead schedule has been deleted. 
20:49:42 ipsec,debug purged SAs. 
20:49:52 ipsec,debug ===== received 76 bytes from xxx.xxx.xxx.xxx[26225] to 192.168.1.6[4500] 
20:49:52 ipsec,debug,packet 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08100501 b8335fae 0000004c 68d27ad9 
20:49:52 ipsec,debug,packet 0229160f 2310ed4e bc7f46ac 234fa2b6 61f3f246 8e259a31 1bccb0cc 18e2fae5 
20:49:52 ipsec,debug,packet 470ac105 da7e58ca dff0bba5 
20:49:52 ipsec,debug receive Information. 
20:49:52 ipsec,debug compute IV for phase2 
20:49:52 ipsec,debug phase1 last IV: 
20:49:52 ipsec,debug 79a632f9 2f84b13d b8335fae 
20:49:52 ipsec,debug hash(sha1) 
20:49:52 ipsec,debug encryption(3des) 
20:49:52 ipsec,debug phase2 IV computed: 
20:49:52 ipsec,debug 79afa594 090d6125 
20:49:52 ipsec,debug encryption(3des) 
20:49:52 ipsec,debug IV was saved for next processing: 
20:49:52 ipsec,debug da7e58ca dff0bba5 
20:49:52 ipsec,debug encryption(3des) 
20:49:52 ipsec,debug with key: 
20:49:52 ipsec,debug 51f7282d 49196f28 3abba3b5 ad526b2c 542c9d04 520544cc 
20:49:52 ipsec,debug decrypted payload by IV: 
20:49:52 ipsec,debug 79afa594 090d6125 
20:49:52 ipsec,debug decrypted payload, but not trimed. 
20:49:52 ipsec,debug 0c000018 7cee5cb0 fbae0408 238833a6 d84795da 1253d906 00000010 00000001 
20:49:52 ipsec,debug 03040001 b55236f4 00000000 00000000 
20:49:52 ipsec,debug padding len=1 
20:49:52 ipsec,debug skip to trim padding. 
20:49:52 ipsec,debug decrypted. 
20:49:52 ipsec,debug 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08100501 b8335fae 0000004c 0c000018 
20:49:52 ipsec,debug 7cee5cb0 fbae0408 238833a6 d84795da 1253d906 00000010 00000001 03040001 
20:49:52 ipsec,debug b55236f4 00000000 00000000 
20:49:52 ipsec,debug HASH with: 
20:49:52 ipsec,debug b8335fae 00000010 00000001 03040001 b55236f4 
20:49:52 ipsec,debug hmac(hmac_sha1) 
20:49:52 ipsec,debug HASH computed: 
20:49:52 ipsec,debug 7cee5cb0 fbae0408 238833a6 d84795da 1253d906 
20:49:52 ipsec,debug hash validated. 
20:49:52 ipsec,debug begin. 
20:49:52 ipsec,debug seen nptype=8(hash) len=24 
20:49:52 ipsec,debug seen nptype=12(delete) len=16 
20:49:52 ipsec,debug succeed. 
20:49:52 ipsec,debug xxx.xxx.xxx.xxx delete payload for protocol ESP 
20:49:52 ipsec purged IPsec-SA proto_id=ESP spi=0xb55236f4 
20:49:52 ipsec purged IPsec-SA proto_id=ESP spi=0x70cf5db 
20:49:52 ipsec,debug an undead schedule has been deleted. 
20:49:52 ipsec removing generated policy 
20:49:52 ipsec,debug purged SAs. 
20:49:52 ipsec,debug ===== received 84 bytes from xxx.xxx.xxx.xxx[26225] to 192.168.1.6[4500] 
20:49:52 ipsec,debug,packet 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08100501 f8b91e8e 00000054 ddfd40ca 
20:49:52 ipsec,debug,packet 681c4838 6c0fde27 aaf5064a b19d72ee 04468cc6 3a18b9e7 a1516ac0 27b8be12 
20:49:52 ipsec,debug,packet f8902aec 815487d4 fb4815eb 5a862626 a5c77296 
20:49:52 ipsec,debug receive Information. 
20:49:52 ipsec,debug compute IV for phase2 
20:49:52 ipsec,debug phase1 last IV: 
20:49:52 ipsec,debug 79a632f9 2f84b13d f8b91e8e 
20:49:52 ipsec,debug hash(sha1) 
20:49:52 ipsec,debug encryption(3des) 
20:49:52 ipsec,debug phase2 IV computed: 
20:49:52 ipsec,debug 234b73ac be9b0b4f 
20:49:52 ipsec,debug encryption(3des) 
20:49:52 ipsec,debug IV was saved for next processing: 
20:49:52 ipsec,debug 5a862626 a5c77296 
20:49:52 ipsec,debug encryption(3des) 
20:49:52 ipsec,debug with key: 
20:49:52 ipsec,debug 51f7282d 49196f28 3abba3b5 ad526b2c 542c9d04 520544cc 
20:49:52 ipsec,debug decrypted payload by IV: 
20:49:52 ipsec,debug 234b73ac be9b0b4f 
20:49:52 ipsec,debug decrypted payload, but not trimed. 
20:49:52 ipsec,debug 0c000018 1bc7bc7a 619112b7 d474a331 9d648e2e 19224b9a 0000001c 00000001 
20:49:52 ipsec,debug 01100001 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 00000000 
20:49:52 ipsec,debug padding len=1 
20:49:52 ipsec,debug skip to trim padding. 
20:49:52 ipsec,debug decrypted. 
20:49:52 ipsec,debug 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 08100501 f8b91e8e 00000054 0c000018 
20:49:52 ipsec,debug 1bc7bc7a 619112b7 d474a331 9d648e2e 19224b9a 0000001c 00000001 01100001 
20:49:52 ipsec,debug 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 00000000 
20:49:52 ipsec,debug HASH with: 
20:49:52 ipsec,debug f8b91e8e 0000001c 00000001 01100001 22d3caa2 d3c1742c 871e0ec7 f5ec59ad 
20:49:52 ipsec,debug hmac(hmac_sha1) 
20:49:52 ipsec,debug HASH computed: 
20:49:52 ipsec,debug 1bc7bc7a 619112b7 d474a331 9d648e2e 19224b9a 
20:49:52 ipsec,debug hash validated. 
20:49:52 ipsec,debug begin. 
20:49:52 ipsec,debug seen nptype=8(hash) len=24 
20:49:52 ipsec,debug seen nptype=12(delete) len=28 
20:49:52 ipsec,debug succeed. 
20:49:52 ipsec,debug xxx.xxx.xxx.xxx delete payload for protocol ISAKMP 
20:49:52 ipsec,info purging ISAKMP-SA 192.168.1.6[4500]<=>xxx.xxx.xxx.xxx[26225] spi=22d3caa2d3c1742c:871e0ec7f5ec59ad. 
20:49:52 ipsec purged ISAKMP-SA 192.168.1.6[4500]<=>xxx.xxx.xxx.xxx[26225] spi=22d3caa2d3c1742c:871e0ec7f5ec59ad. 
20:49:52 ipsec,debug purged SAs. 
20:49:52 ipsec,info ISAKMP-SA deleted 192.168.1.6[4500]-xxx.xxx.xxx.xxx[26225] spi:22d3caa2d3c1742c:871e0ec7f5ec59ad rekey:1 
20:49:52 ipsec KA remove: 192.168.1.6[4500]->xxx.xxx.xxx.xxx[26225] 
20:49:52 ipsec,debug KA tree dump: 192.168.1.6[4500]->xxx.xxx.xxx.xxx[26225] (in_use=1) 
20:49:52 ipsec,debug KA removing this one...
You do not have the required permissions to view the files attached to this post.
Top
 
Term
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Thu Jan 11, 2018 11:42 pm

Re: L2TP & IPSEC with Windows 10

Mon Jun 04, 2018 6:34 pm

bump
Top
 
User avatar
leoservices
Trainer
Trainer
Posts: 169
Joined: Fri Jan 13, 2012 2:20 am
Location: Belo Horizonte - MG - Brazil
Contact:
Contact leoservices

Re: L2TP & IPSEC with Windows 10

Tue Jun 05, 2018 1:15 am

I have seen in some cases be the equipment of the ISP, which is performing drop.
Top
 
Van9018
Long time Member
Long time Member
Posts: 558
Joined: Mon Jun 16, 2014 6:26 pm
Location: Canada - Abbotsford

Re: L2TP & IPSEC with Windows 10

Tue Jun 05, 2018 11:31 am

It's because your L2TP/IPSec server is behind a NAT. DMZ doesn't fix it. Registry key should. Life might be better if you change modem mode back to bridge mode.

For Windows Vista, 7, 8, 10, and 2008 Server:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
RegValue: AssumeUDPEncapsulationContextOnSendRule
Type: DWORD
Data Value: 2
Note that after creating this key you will need to reboot the machine
Top
 
Term
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Thu Jan 11, 2018 11:42 pm

Re: L2TP & IPSEC with Windows 10

Tue Jun 05, 2018 11:36 am

I already have it in regedit. Didn't help. Can't switch ONT to bridge mode because of slow speeds of PPPoE
Top
 
Term
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Thu Jan 11, 2018 11:42 pm

Re: L2TP & IPSEC with Windows 10

Fri Jun 08, 2018 6:44 pm

any other ideas please?
Top
 
raceboy
Frequent Visitor
Frequent Visitor
Posts: 50
Joined: Fri Mar 23, 2018 7:23 pm

Re: L2TP & IPSEC with Windows 10

Fri Jun 08, 2018 9:16 pm

i can't see picture.but. we have same situation. we have to remove modem and put mikrotik as first gateway to run l2tp ipswc.

Sent from my Moto G (5) Plus using Tapatalk

Top
 
Van9018
Long time Member
Long time Member
Posts: 558
Joined: Mon Jun 16, 2014 6:26 pm
Location: Canada - Abbotsford

Re: L2TP & IPSEC with Windows 10

Fri Jun 08, 2018 11:20 pm

Anybody want to run a packet capture on the Mikrotik? On the Wan interface. Post the results in this thread.

Would be helpful to see what Windows is sending.
Top
 
AndreasGR
newbie
Posts: 45
Joined: Mon May 14, 2018 5:27 pm

Re: L2TP & IPSEC with Windows 10

Sat Jun 09, 2018 7:39 am

Have you tried removing the mikrotik from the DMZ and then port forward UDP 500 and 4500 to the Mikrotik IP?
Top
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: L2TP & IPSEC with Windows 10

Sat Jun 09, 2018 9:36 am

What IP do you receive from ISP?
Top
 
Term
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 92
Joined: Thu Jan 11, 2018 11:42 pm

Re: L2TP & IPSEC with Windows 10

Sat Jun 16, 2018 11:04 am

Sorry, forget to answer.

- tried port forward (500, 4500) in Huawei ONT, didn't help
- can't switch ONT to bridge mode because of slow PPPoE speeds in Mikrotik
- have Telekom ISP
- as I wrote if I had ONT in bridge mode, VPN works perfect. Now it doesn't work in WIN10 only.
Top
 
bolean
just joined
Posts: 7
Joined: Fri Apr 13, 2018 2:45 pm

Re: L2TP & IPSEC with Windows 10

Sat Jun 16, 2018 6:10 pm

just reinstall WAN Miniport network drivers in Windows 10 > Right-click on Start and select Device Manager from the PowerUser menu > Expand the Network adapters section > Right-click on every individual WAN Miniport driver and uninstall - install it. this solve my problem.
Top
 
DummyPLUG
Frequent Visitor
Frequent Visitor
Posts: 79
Joined: Wed Jan 03, 2018 10:17 am

Re: L2TP & IPSEC with Windows 10

Sun Jun 17, 2018 7:39 pm

RAS key? I had something similar for win10 in the past which cause by the modem block fragmented IP packets, fixed by switch to other cert make the payload smaller and don't need fragmentation.
Top
Locked
  4. RouterOS
  5. Beginner Basics