IPSEC / Xauth on Mikrotik problem

jamesw · Mon Jul 22, 2019 2:32 pm

RouterOS 6.45.2

I'm having trouble getting macOS and Android devices to connect to our VPN server hosted by the Mikrotik 110AHx2 in our office.

It works fine for Windows and Ubuntu using the Shrew VPN software.

The same appears in te logs for both Android and macOS clients (using their built-in VPN clients).

Config:

Code: Select all


/ip ipsec mode-config

add address-pool=pool-vpn address-prefix-length=32 name=all-users split-include="172.16.31.0/24"



/ip ipsec policy group

add name=myvpn



/ip ipsec profile

add dh-group=modp1024 dpd-interval=10s enc-algorithm=aes-128 lifetime=8h name=myvpn



/ip ipsec peer

add name=remote_vpn_for_staff passive=yes profile=myvpn send-initial-contact=no



/ip ipsec proposal

add enc-algorithms=aes-128-cbc lifetime=8h name=myvpn pfs-group=none



/ip ipsec identity

add auth-method=pre-shared-key-xauth generate-policy=port-strict mode-config=all-users peer=remote_vpn_for_staff policy-template-group=myvpn username=my.username



/ip ipsec policy

add disabled=yes dst-address=192.168.100.0/24 group=purple proposal=myvpn src-address=0.0.0.0/0 template=yes

Log from Mikrotik:

Code: Select all


Jul 22 10:52:07 172.16.31.254 ipsec,debug ===== received 756 bytes from 82.29.xx.xx8[500] to 62.252.xx.xx[500]

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet de18d2e3 7e2e9e47 00000000 00000000 01100200 00000000 000002f4 0d00023c

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 00000001 00000001 00000230 01010010 03000024 01010000 800b0001 800c7080

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 80010007 800e0100 8003fde9 80020005 80040002 03000024 02010000 800b0001

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 800c7080 80010007 800e0100 8003fde9 80020004 80040002 03000024 03010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 800b0001 800c7080 80010007 800e0100 8003fde9 80020006 80040002 03000024

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 04010000 800b0001 800c7080 80010007 800e0100 8003fde9 80020002 80040002

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 03000024 05010000 800b0001 800c7080 80010007 800e0100 8003fde9 80020001

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 80040002 03000024 06010000 800b0001 800c7080 80010007 800e0080 8003fde9

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 80020006 80040002 03000024 07010000 800b0001 800c7080 80010007 800e0080

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 8003fde9 80020005 80040002 03000024 08010000 800b0001 800c7080 80010007

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 800e0080 8003fde9 80020004 80040002 03000024 09010000 800b0001 800c7080

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 80010007 800e0080 8003fde9 80020002 80040002 03000024 0a010000 800b0001

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 800c7080 80010007 800e0080 8003fde9 80020001 80040002 03000020 0b010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 800b0001 800c7080 80010005 8003fde9 80020004 80040002 03000020 0c010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 800b0001 800c7080 80010005 8003fde9 80020002 80040002 03000020 0d010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 800b0001 800c7080 80010005 8003fde9 80020001 80040002 03000020 0e010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 800b0001 800c7080 80010001 8003fde9 80020004 80040002 03000020 0f010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 800b0001 800c7080 80010001 8003fde9 80020002 80040002 00000020 10010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 800b0001 800c7080 80010001 8003fde9 80020001 80040002 0d000014 4a131c81

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 07035845 5c5728f2 0e95452f 0d000014 cd604643 35df21f8 7cfdb2fc 68b6a448

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 4485152d 18b6bbcd

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 0be8a846 9579ddcc 0d00000c 09002689 dfd6b712 0d000014 12f5f28c 457168a9

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 702d9fe2 74cc0100 0d000018 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 00000014 afcad713 68a1f1c9 6b8696fc 77570100

Jul 22 10:52:07 172.16.31.254 ipsec,debug ===

Jul 22 10:52:07 172.16.31.254 ipsec,info respond new phase 1 (Identity Protection): 62.252.xx.xx[500]<=>82.29.xx.xx8[500]

Jul 22 10:52:07 172.16.31.254 ipsec,debug begin.

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=1(sa) len=572

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=13(vid) len=20

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=13(vid) len=20

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=13(vid) len=20

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=13(vid) len=20

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=13(vid) len=12

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=13(vid) len=20

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=13(vid) len=24

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=13(vid) len=20

Jul 22 10:52:07 172.16.31.254 ipsec,debug succeed.

Jul 22 10:52:07 172.16.31.254 ipsec received Vendor ID: RFC 3947

Jul 22 10:52:07 172.16.31.254 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

Jul 22 10:52:07 172.16.31.254 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-02\n

Jul 22 10:52:07 172.16.31.254 ipsec received Vendor ID: draft-ietf-ipsec-nat-t-ike-00

Jul 22 10:52:07 172.16.31.254 ipsec received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt

Jul 22 10:52:07 172.16.31.254 ipsec received Vendor ID: CISCO-UNITY

Jul 22 10:52:07 172.16.31.254 ipsec received long Microsoft ID: FRAGMENTATION

Jul 22 10:52:07 172.16.31.254 ipsec Fragmentation enabled

Jul 22 10:52:07 172.16.31.254 ipsec received Vendor ID: DPD

Jul 22 10:52:07 172.16.31.254 ipsec,debug remote supports DPD

Jul 22 10:52:07 172.16.31.254 ipsec 82.29.xx.xx8 Selected NAT-T version: RFC 3947

Jul 22 10:52:07 172.16.31.254 ipsec,debug total SA len=568

Jul 22 10:52:07 172.16.31.254 ipsec,debug 00000001 00000001 00000230 01010010 03000024 01010000 800b0001 800c7080

Jul 22 10:52:07 172.16.31.254 ipsec,debug 80010007 800e0100 8003fde9 80020005 80040002 03000024 02010000 800b0001

Jul 22 10:52:07 172.16.31.254 ipsec,debug 800c7080 80010007 800e0100 8003fde9 80020004 80040002 03000024 03010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug 800b0001 800c7080 80010007 800e0100 8003fde9 80020006 80040002 03000024

Jul 22 10:52:07 172.16.31.254 ipsec,debug 04010000 800b0001 800c7080 80010007 800e0100 8003fde9 80020002 80040002

Jul 22 10:52:07 172.16.31.254 ipsec,debug 03000024 05010000 800b0001 800c7080 80010007 800e0100 8003fde9 80020001

Jul 22 10:52:07 172.16.31.254 ipsec,debug 80040002 03000024 06010000 800b0001 800c7080 80010007 800e0080 8003fde9

Jul 22 10:52:07 172.16.31.254 ipsec,debug 80020006 80040002 03000024 07010000 800b0001 800c7080 80010007 800e0080

Jul 22 10:52:07 172.16.31.254 ipsec,debug 8003fde9 80020005 80040002 03000024 08010000 800b0001 800c7080 80010007

Jul 22 10:52:07 172.16.31.254 ipsec,debug 800e0080 8003fde9 80020004 80040002 03000024 09010000 800b0001 800c7080

Jul 22 10:52:07 172.16.31.254 ipsec,debug 80010007 800e0080 8003fde9 80020002 80040002 03000024 0a010000 800b0001

Jul 22 10:52:07 172.16.31.254 ipsec,debug 800c7080 80010007 800e0080 8003fde9 80020001 80040002 03000020 0b010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug 800b0001 800c7080 80010005 8003fde9 80020004 80040002 03000020 0c010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug 800b0001 800c7080 80010005 8003fde9 80020002 80040002 03000020 0d010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug 800b0001 800c7080 80010005 8003fde9 80020001 80040002 03000020 0e010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug 800b0001 800c7080 80010001 8003fde9 80020004 80040002 03000020 0f010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug 800b0001 800c7080 80010001 8003fde9 80020002 80040002 00000020 10010000

Jul 22 10:52:07 172.16.31.254 ipsec,debug 800b0001 800c7080 80010001 8003fde9 80020001 80040002

Jul 22 10:52:07 172.16.31.254 ipsec,debug begin.

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=2(prop) len=560

Jul 22 10:52:07 172.16.31.254 ipsec,debug succeed.

Jul 22 10:52:07 172.16.31.254 ipsec,debug proposal #1 len=560

Jul 22 10:52:07 172.16.31.254 ipsec,debug begin.

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=3(trns) len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug succeed.

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #1 len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=256

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=5

Jul 22 10:52:07 172.16.31.254 ipsec invalied hash algorithm=5.

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #2 len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=256

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha2_256)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #3 len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=256

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=6

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha2_512)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #4 len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=256

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #5 len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=256

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(md5)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #6 len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=128

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=6

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha2_512)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #7 len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=128

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=5

Jul 22 10:52:07 172.16.31.254 ipsec invalied hash algorithm=5.

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #8 len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=128

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha2_256)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #9 len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=128

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #10 len=36

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=128

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(md5)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #11 len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(3des)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha2_256)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #12 len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(3des)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #13 len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(3des)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(md5)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #14 len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(des)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha2_256)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #15 len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(des)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug transform #16 len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(des)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(md5)

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug pair 1:

Jul 22 10:52:07 172.16.31.254 ipsec,debug  0x100df510: next=(nil) tnext=0x100ef5e0

Jul 22 10:52:07 172.16.31.254 ipsec,debug   0x100ef5e0: next=(nil) tnext=0x100ed418

Jul 22 10:52:07 172.16.31.254 ipsec,debug    0x100ed418: next=(nil) tnext=0x100ea9f8

Jul 22 10:52:07 172.16.31.254 ipsec,debug     0x100ea9f8: next=(nil) tnext=0x10128a48

Jul 22 10:52:07 172.16.31.254 ipsec,debug      0x10128a48: next=(nil) tnext=0x10116058

Jul 22 10:52:07 172.16.31.254 ipsec,debug       0x10116058: next=(nil) tnext=0x1012b320

Jul 22 10:52:07 172.16.31.254 ipsec,debug        0x1012b320: next=(nil) tnext=0x10125000

Jul 22 10:52:07 172.16.31.254 ipsec,debug         0x10125000: next=(nil) tnext=0x10106f40

Jul 22 10:52:07 172.16.31.254 ipsec,debug          0x10106f40: next=(nil) tnext=0x100fe648

Jul 22 10:52:07 172.16.31.254 ipsec,debug           0x100fe648: next=(nil) tnext=0x1011bee0

Jul 22 10:52:07 172.16.31.254 ipsec,debug            0x1011bee0: next=(nil) tnext=0x1010eb00

Jul 22 10:52:07 172.16.31.254 ipsec,debug             0x1010eb00: next=(nil) tnext=0x1018db78

Jul 22 10:52:07 172.16.31.254 ipsec,debug              0x1018db78: next=(nil) tnext=0x100b9930

Jul 22 10:52:07 172.16.31.254 ipsec,debug               0x100b9930: next=(nil) tnext=(nil)

Jul 22 10:52:07 172.16.31.254 ipsec,debug proposal #1: 14 transform

Jul 22 10:52:07 172.16.31.254 ipsec,debug -checking with XAuth pskey server auth-

Jul 22 10:52:07 172.16.31.254 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=16

Jul 22 10:52:07 172.16.31.254 ipsec,debug trns#=2, trns-id=IKE

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=256

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug -compare proposal #1: Local:Peer

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifetime = 28800:28800)

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifebyte = 0:0)

Jul 22 10:52:07 172.16.31.254 ipsec,debug enctype = AES-CBC:AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug (encklen = 128:256)

Jul 22 10:52:07 172.16.31.254 ipsec,debug hashtype = SHA:4

Jul 22 10:52:07 172.16.31.254 ipsec,debug authmethod = XAuth pskey client:XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=16

Jul 22 10:52:07 172.16.31.254 ipsec,debug trns#=3, trns-id=IKE

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=256

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=6

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug -compare proposal #1: Local:Peer

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifetime = 28800:28800)

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifebyte = 0:0)

Jul 22 10:52:07 172.16.31.254 ipsec,debug enctype = AES-CBC:AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug (encklen = 128:256)

Jul 22 10:52:07 172.16.31.254 ipsec,debug hashtype = SHA:6

Jul 22 10:52:07 172.16.31.254 ipsec,debug authmethod = XAuth pskey client:XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=16

Jul 22 10:52:07 172.16.31.254 ipsec,debug trns#=4, trns-id=IKE

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=256

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug -compare proposal #1: Local:Peer

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifetime = 28800:28800)

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifebyte = 0:0)

Jul 22 10:52:07 172.16.31.254 ipsec,debug enctype = AES-CBC:AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug (encklen = 128:256)

Jul 22 10:52:07 172.16.31.254 ipsec,debug hashtype = SHA:SHA

Jul 22 10:52:07 172.16.31.254 ipsec,debug authmethod = XAuth pskey client:XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=16

Jul 22 10:52:07 172.16.31.254 ipsec,debug trns#=5, trns-id=IKE

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=256

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=MD5

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug -compare proposal #1: Local:Peer

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifetime = 28800:28800)

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifebyte = 0:0)

Jul 22 10:52:07 172.16.31.254 ipsec,debug enctype = AES-CBC:AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug (encklen = 128:256)

Jul 22 10:52:07 172.16.31.254 ipsec,debug hashtype = SHA:MD5

Jul 22 10:52:07 172.16.31.254 ipsec,debug authmethod = XAuth pskey client:XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=16

Jul 22 10:52:07 172.16.31.254 ipsec,debug trns#=6, trns-id=IKE

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=128

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=6

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug -compare proposal #1: Local:Peer

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifetime = 28800:28800)

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifebyte = 0:0)

Jul 22 10:52:07 172.16.31.254 ipsec,debug enctype = AES-CBC:AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug (encklen = 128:128)

Jul 22 10:52:07 172.16.31.254 ipsec,debug hashtype = SHA:6

Jul 22 10:52:07 172.16.31.254 ipsec,debug authmethod = XAuth pskey client:XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=16

Jul 22 10:52:07 172.16.31.254 ipsec,debug trns#=8, trns-id=IKE

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=128

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=4

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug -compare proposal #1: Local:Peer

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifetime = 28800:28800)

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifebyte = 0:0)

Jul 22 10:52:07 172.16.31.254 ipsec,debug enctype = AES-CBC:AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug (encklen = 128:128)

Jul 22 10:52:07 172.16.31.254 ipsec,debug hashtype = SHA:4

Jul 22 10:52:07 172.16.31.254 ipsec,debug authmethod = XAuth pskey client:XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug prop#=1, prot-id=ISAKMP, spi-size=0, #trns=16

Jul 22 10:52:07 172.16.31.254 ipsec,debug trns#=9, trns-id=IKE

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Type, flag=0x8000, lorv=seconds

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Life Duration, flag=0x8000, lorv=28800

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=128

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug -compare proposal #1: Local:Peer

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifetime = 28800:28800)

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifebyte = 0:0)

Jul 22 10:52:07 172.16.31.254 ipsec,debug enctype = AES-CBC:AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug (encklen = 128:128)

Jul 22 10:52:07 172.16.31.254 ipsec,debug hashtype = SHA:SHA

Jul 22 10:52:07 172.16.31.254 ipsec,debug authmethod = XAuth pskey client:XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug -an acceptable proposal found-

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug -agreed on XAuth pskey server auth-

Jul 22 10:52:07 172.16.31.254 ipsec,debug ===

Jul 22 10:52:07 172.16.31.254 ipsec,debug new cookie:

Jul 22 10:52:07 172.16.31.254 ipsec,debug 5555db96f4d7a961

Jul 22 10:52:07 172.16.31.254 ipsec Adding xauth VID payload.

Jul 22 10:52:07 172.16.31.254 ipsec,debug add payload of len 52, next type 13

Jul 22 10:52:07 172.16.31.254 ipsec,debug add payload of len 16, next type 13

Jul 22 10:52:07 172.16.31.254 ipsec,debug add payload of len 8, next type 13

Jul 22 10:52:07 172.16.31.254 ipsec,debug add payload of len 16, next type 13

Jul 22 10:52:07 172.16.31.254 ipsec,debug add payload of len 16, next type 13

Jul 22 10:52:07 172.16.31.254 ipsec,debug add payload of len 20, next type 0

Jul 22 10:52:07 172.16.31.254 ipsec,debug 180 bytes from 62.252.xx.xx[500] to 82.29.xx.xx8[500]

Jul 22 10:52:07 172.16.31.254 ipsec,debug 1 times of 180 bytes message will be sent to 82.29.xx.xx8[500]

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet de18d2e3 7e2e9e47 5555db96 f4d7a961 01100200 00000000 000000b4 0d000038

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 00000001 00000001 0000002c 01010001 00000024 09010000 800b0001 800c7080

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 80010007 800e0080 8003fde9 80020002 80040002 0d000014 4a131c81 07035845

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 5c5728f2 0e95452f 0d00000c 09002689 dfd6b712 0d000014 12f5f28c 457168a9

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 702d9fe2 74cc0100 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 00000018

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000

Jul 22 10:52:07 172.16.31.254 ipsec sent phase1 packet 62.252.xx.xx[500]<=>82.29.xx.xx8[500] de18d2e37e2e9e47:5555db96f4d7a961

Jul 22 10:52:07 172.16.31.254 ipsec,debug ===== received 92 bytes from 5.68.107.208[4500] to 62.252.xx.xx[4500]

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 619352c8 6caae9a2 18fe58dd d861b45d 08100501 9dcf238e 0000005c 4af24e9e

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 21ddfaa4 d5cc5fc6 45a76e47 1da019cf cf552428 54067b57 b4e828bd 23857989

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 2a1269a9 9d3dc258 ac3c1f1f 3e75bf65 e6c9ce0a 55b3eb09 f82ee2f4

Jul 22 10:52:07 172.16.31.254 ipsec,debug receive Information.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet compute IV for phase2

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet phase1 last IV:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 09efd0cf 8490b22d 16a37d3d 0e076f2d 9dcf238e

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet phase2 IV computed:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet e25f6e79 7609de86 2428dc41 d753a7cd

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet IV was saved for next processing:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 3e75bf65 e6c9ce0a 55b3eb09 f82ee2f4

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet with key:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet a2447fe2 061752b5 7a7d0580 eede7ef1

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet decrypted payload by IV:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet e25f6e79 7609de86 2428dc41 d753a7cd

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet decrypted payload, but not trimed.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 0b000018 22e78d79 b3b7ebff 63edf03d 5eda03ca 6266d9a7 00000020 00000001

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 01108d29 619352c8 6caae9a2 18fe58dd d861b45d 00001107 00000000 00000000

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet padding len=1

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet skip to trim padding.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet decrypted.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 619352c8 6caae9a2 18fe58dd d861b45d 08100501 9dcf238e 0000005c 0b000018

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 22e78d79 b3b7ebff 63edf03d 5eda03ca 6266d9a7 00000020 00000001 01108d29

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 619352c8 6caae9a2 18fe58dd d861b45d 00001107 00000000 00000000

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet HASH with:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 9dcf238e 00000020 00000001 01108d29 619352c8 6caae9a2 18fe58dd d861b45d

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 00001107

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet hmac(hmac_sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet HASH computed:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 22e78d79 b3b7ebff 63edf03d 5eda03ca 6266d9a7

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash validated.

Jul 22 10:52:07 172.16.31.254 ipsec,debug begin.

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=8(hash) len=24

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=11(notify) len=32

Jul 22 10:52:07 172.16.31.254 ipsec,debug succeed.

Jul 22 10:52:07 172.16.31.254 ipsec,debug ===== received 228 bytes from 82.29.xx.xx8[500] to 62.252.xx.xx[500]

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet de18d2e3 7e2e9e47 5555db96 f4d7a961 04100200 00000000 000000e4 0a000084

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet ed2aaa64 dd829023 84e6cee5 17db312a 7fb534ca 99a9171a db47a809 31c3db12

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 22cab686 48c17472 3c0bae04 0ac4a293 2af78481 b2e18c0e 99829f8c ec3811e2

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 7932d9b4 021bad06 b44115b1 c67ca580 dcb6ddfd af81b99a 6aa76fda 5083a3a1

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet ab41e4f9 76a01a2b 9a18581a 44c2b5b6 5d36fb35 585d7491 81b8932b 14abdc81

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 14000014 e8130068 3bf9937e bcccb3d4 dbebda6b 14000018 400cc902 df6d40df

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 0fbad950 afe0a2a4 4edc16b5 00000018 be6ad9b1 e452b3cb 405dd9b9 8ba6c8b3

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet e8134c85

Jul 22 10:52:07 172.16.31.254 ipsec,debug begin.

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=4(ke) len=132

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=10(nonce) len=20

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=20(nat-d) len=24

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=20(nat-d) len=24

Jul 22 10:52:07 172.16.31.254 ipsec,debug succeed.

Jul 22 10:52:07 172.16.31.254 ipsec 62.252.xx.xx Hashing 62.252.xx.xx[500] with algo #2 

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec NAT-D payload #0 verified

Jul 22 10:52:07 172.16.31.254 ipsec 82.29.xx.xx8 Hashing 82.29.xx.xx8[500] with algo #2 

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec NAT-D payload #1 doesn't match

Jul 22 10:52:07 172.16.31.254 ipsec NAT detected: PEER

Jul 22 10:52:07 172.16.31.254 ipsec,debug ===

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet compute DH's private.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 6c2b00df e46eb596 1355c9d1 f9edbe7d 17ce1e13 955651ce bc2be321 cef93e04

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet e21f459e 02685f24 ba6be837 e257899d 75abb30b 6aefc738 ab3296d0 f4b025dd

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 7398aa73 8df24bdf a805fdd6 7b755032 98ffb369 c3276f0a f4f8f914 b008c4b6

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet a42c0f3a f6cb9942 d43e032c 44e0e1c0 531ec9e2 b280f54e e4234143 f6f49dc3

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet compute DH's public.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet d9ff5b0e a812c0c5 471d193e f563ae63 d4c92032 378a5408 0a8c959e fff258b1

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 1da02d13 3028b3fb 15cb880a 940ea166 a6341d2e ee807fca 0c46e597 4dc5dac3

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet fa05347f 935953b3 3a22b1d2 66b9882f 805eeae2 2c3e6fca f8c4039c 2880e452

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet dcfb5250 d9a2393e b68468bc 97e71690 f472e546 c879d612 21c3fce6 3021d163

Jul 22 10:52:07 172.16.31.254 ipsec 82.29.xx.xx8 Hashing 82.29.xx.xx8[500] with algo #2 

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec 62.252.xx.xx Hashing 62.252.xx.xx[500] with algo #2 

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec Adding remote and local NAT-D payloads.

Jul 22 10:52:07 172.16.31.254 ipsec,debug add payload of len 128, next type 10

Jul 22 10:52:07 172.16.31.254 ipsec,debug add payload of len 24, next type 20

Jul 22 10:52:07 172.16.31.254 ipsec,debug add payload of len 20, next type 20

Jul 22 10:52:07 172.16.31.254 ipsec,debug add payload of len 20, next type 0

Jul 22 10:52:07 172.16.31.254 ipsec,debug 236 bytes from 62.252.xx.xx[500] to 82.29.xx.xx8[500]

Jul 22 10:52:07 172.16.31.254 ipsec,debug 1 times of 236 bytes message will be sent to 82.29.xx.xx8[500]

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet de18d2e3 7e2e9e47 5555db96 f4d7a961 04100200 00000000 000000ec 0a000084

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet d9ff5b0e a812c0c5 471d193e f563ae63 d4c92032 378a5408 0a8c959e fff258b1

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 1da02d13 3028b3fb 15cb880a 940ea166 a6341d2e ee807fca 0c46e597 4dc5dac3

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet fa05347f 935953b3 3a22b1d2 66b9882f 805eeae2 2c3e6fca f8c4039c 2880e452

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet dcfb5250 d9a2393e b68468bc 97e71690 f472e546 c879d612 21c3fce6 3021d163

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 1400001c c6c118d2 48d6ce5b e83059a1 08904ba4 9524ce8e e9d3f71b 14000018

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 3f91790c 36f807ad d85dfc0b 17a24408 f10f3eda 00000018 400cc902 df6d40df

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 0fbad950 afe0a2a4 4edc16b5

Jul 22 10:52:07 172.16.31.254 ipsec sent phase1 packet 62.252.xx.xx[500]<=>82.29.xx.xx8[500] de18d2e37e2e9e47:5555db96f4d7a961

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet compute DH's shared.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet b14867d4 53583ecb d5eba692 0743a9d0 537a3fb5 673a6e15 d544528a f836484e

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet e335b907 03ddc4da 1f541a82 40c74f82 217aed23 c906cf9b b0bc6594 e940859c

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet e1924c94 fbcb87d7 71be374f d23be8ef b77fa0ae 8d5336f1 728c4352 b16c8b79

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 03edd58a c6429182 93b858ed 9d0f702f 3f09d3a1 31846fe0 d11ccc08 7773995a

Jul 22 10:52:07 172.16.31.254 ipsec,debug nonce 1: 

Jul 22 10:52:07 172.16.31.254 ipsec,debug e8130068 3bf9937e bcccb3d4 dbebda6b

Jul 22 10:52:07 172.16.31.254 ipsec,debug nonce 2: 

Jul 22 10:52:07 172.16.31.254 ipsec,debug c6c118d2 48d6ce5b e83059a1 08904ba4 9524ce8e e9d3f71b

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet hmac(hmac_sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug SKEYID computed:

Jul 22 10:52:07 172.16.31.254 ipsec,debug 4ef47c1e 16da4aeb bc8f2420 2861508a 46fa9a7b

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet hmac(hmac_sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug SKEYID_d computed:

Jul 22 10:52:07 172.16.31.254 ipsec,debug dcd935f5 7e953d06 5f927008 ae29b79a 8120e235

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet hmac(hmac_sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug SKEYID_a computed:

Jul 22 10:52:07 172.16.31.254 ipsec,debug a951c8d3 4e42158a 3c542e95 6e1900c3 851a5d54

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet hmac(hmac_sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug SKEYID_e computed:

Jul 22 10:52:07 172.16.31.254 ipsec,debug d645f766 8ecb5e1c b8332042 815588d4 ea407729

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug final encryption key computed:

Jul 22 10:52:07 172.16.31.254 ipsec,debug d645f766 8ecb5e1c b8332042 815588d4

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug IV computed:

Jul 22 10:52:07 172.16.31.254 ipsec,debug 3f9ca522 54eb6be2 69d0c726 9568f56f

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet compute IV for phase2

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet phase1 last IV:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 7aec0cc9 eb1bd143 cfd9281e f39d3126 fb8af8db

Jul 22 10:52:07 172.16.31.254 ipsec,debug hash(sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet phase2 IV computed:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 3e43cd84 0026eaa0 409ca19c 03bd3989

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet HASH with:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet fb8af8db 00000020 00000001 01108d28 730714b3 b5828122 375db4b2 d7062b3f

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 00000cf3

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet hmac(hmac_sha1)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet HASH computed:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 0b3e17aa 69c21127 7792a841 da9b0c62 6c3f92c6

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet begin encryption.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet pad length = 8

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 0b000018 0b3e17aa 69c21127 7792a841 da9b0c62 6c3f92c6 00000020 00000001

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 01108d28 730714b3 b5828122 375db4b2 d7062b3f 00000cf3 a9c271d4 1462f707

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet with key:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 7f89a3cf 0061a85c d6e719ee 9a4a984d

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encrypted payload by IV:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 3e43cd84 0026eaa0 409ca19c 03bd3989

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet save IV for next:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 0428a88b 36e66dfe db148bfb 7bd332cc

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encrypted.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 730714b3 b5828122 375db4b2 d7062b3f 08100501 fb8af8db 0000005c 88c9ff0e

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet cce52c78 90320a58 e8c6183e e371eb01 2666fcfa 9ca37288 fbbe23fc b8ef517a

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 28f15c0d bef8192a 2d36b47c 0428a88b 36e66dfe db148bfb 7bd332cc

Jul 22 10:52:07 172.16.31.254 ipsec,debug ===== received 92 bytes from 82.29.xx.xx8[4500] to 62.252.xx.xx[4500]

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet de18d2e3 7e2e9e47 5555db96 f4d7a961 05100201 00000000 0000005c 532bc652

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet e663f12e a05658f9 ce1d3d88 843afb53 e4d289de dfb19ef3 3cc1d11e b4fc5291

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 7b7618e6 9fac0224 3d3bbd5e e93a1fe4 0e7c9f86 807b19bb d1fdd70f

Jul 22 10:52:07 172.16.31.254 ipsec NAT-T: ports changed to: 82.29.xx.xx8[4500]<=>62.252.xx.xx[4500]

Jul 22 10:52:07 172.16.31.254 ipsec KA list add: 62.252.xx.xx[4500]->82.29.xx.xx8[4500]

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet IV was saved for next processing:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet e93a1fe4 0e7c9f86 807b19bb d1fdd70f

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet encryption(aes)

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet with key:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet d645f766 8ecb5e1c b8332042 815588d4

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet decrypted payload by IV:

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 3f9ca522 54eb6be2 69d0c726 9568f56f

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet decrypted payload, but not trimed.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet ebcd54fb b9d5f250 6c168c35 7fad7022 0fc482bd a03addb8 e5019353 17b91134

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 048be4f2 838e697e f5d881fd 7b72df21 7f47a068 0d3b8b32 563b982d bb842e11

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet padding len=18

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet skip to trim padding.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet decrypted.

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet de18d2e3 7e2e9e47 5555db96 f4d7a961 05100201 00000000 0000005c ebcd54fb

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet b9d5f250 6c168c35 7fad7022 0fc482bd a03addb8 e5019353 17b91134 048be4f2

Jul 22 10:52:07 172.16.31.254 ipsec,debug,packet 838e697e f5d881fd 7b72df21 7f47a068 0d3b8b32 563b982d bb842e11

Jul 22 10:52:07 172.16.31.254 ipsec,debug begin.

Jul 22 10:52:07 172.16.31.254 ipsec,debug seen nptype=5(id) len=21755

Jul 22 10:52:07 172.16.31.254 ipsec invalid length of payload

Jul 22 10:52:07 172.16.31.254 ipsec,error 82.29.xx.xx8 parsing packet failed, possible cause: wrong password

So from that log it looks like it agreed on the proposal:

Code: Select all


Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Key Length, flag=0x8000, lorv=128

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Authentication Method, flag=0x8000, lorv=XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Hash Algorithm, flag=0x8000, lorv=SHA

Jul 22 10:52:07 172.16.31.254 ipsec,debug type=Group Description, flag=0x8000, lorv=1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug -compare proposal #1: Local:Peer

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifetime = 28800:28800)

Jul 22 10:52:07 172.16.31.254 ipsec,debug (lifebyte = 0:0)

Jul 22 10:52:07 172.16.31.254 ipsec,debug enctype = AES-CBC:AES-CBC

Jul 22 10:52:07 172.16.31.254 ipsec,debug (encklen = 128:128)

Jul 22 10:52:07 172.16.31.254 ipsec,debug hashtype = SHA:SHA

Jul 22 10:52:07 172.16.31.254 ipsec,debug authmethod = XAuth pskey client:XAuth pskey client

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh_group = 1024-bit MODP group:1024-bit MODP group

Jul 22 10:52:07 172.16.31.254 ipsec,debug -an acceptable proposal found-

Jul 22 10:52:07 172.16.31.254 ipsec,debug dh(modp1024)

Jul 22 10:52:07 172.16.31.254 ipsec,debug -agreed on XAuth pskey server auth-

But then we see:

Code: Select all


Jul 22 10:52:07 172.16.31.254 ipsec NAT-D payload #1 doesn't match

Jul 22 10:52:07 172.16.31.254 ipsec invalid length of payload

Jul 22 10:52:07 172.16.31.254 ipsec,error 82.29.xx.xx8 parsing packet failed, possible cause: wrong password

Any thoughts?

Thanks,

J

jamesw · Tue Jul 23, 2019 1:47 pm

Would any additional logs help? Just tying to make some progress on this

Thanks in advance

J

jamesw · Wed Jul 24, 2019 11:12 am

Anyone able to help or give me a steer?

Thanks!

sindy · Sat Jul 27, 2019 12:08 am

I hazily remember reading something about "dangerous" characters in the password which cause trouble. So as the first step, try a "less secure" xauth password with no special characters in it (only upper and lower case letters and digits) to exclude this.

jamesw · Sun Jul 28, 2019 3:42 pm

Actually, turns out I was using the wrong PSK! Doh!

Argosy · Fri Aug 02, 2019 1:36 pm

James could you post your config? I get the connection but then it seams my client is missing a route....how did you configure routing/firewall?

IPSEC / Xauth on Mikrotik problem

IPSEC / Xauth on Mikrotik problem

Re: IPSEC / Xauth on Mikrotik problem

Re: IPSEC / Xauth on Mikrotik problem

Re: IPSEC / Xauth on Mikrotik problem

Re: IPSEC / Xauth on Mikrotik problem

Re: IPSEC / Xauth on Mikrotik problem

Who is online