Project

General

Profile

Issue #3256

Ios strong swan authentication failed checkout IKEv2 SA by message with SPIs

Added by Muhammad Tufail 7 days ago. Updated 7 days ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
configuration
Affected version:
5.8.1
Resolution:

Description

hello,
I am adding eap-radius in the strognswan Ikev2. first it show the error of no peer configuration found when i fix that issue then i think there is no error in the log but it show me

checkout IKEv2 SA by message with SPIs a249d8d84b32d2f1_i 0000000000000000_r

i don't know whats the problem
here are my config files

charon.log


Nov  8 12:04:27 02[ENC] <2> parsed IKE_SA_INIT request 0 [ SA KE No N(REDIR_SUP) N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) ]
Nov  8 12:04:27 02[CFG] <2> looking for an IKEv2 config for 108.62.122.16...182.185.148.8
Nov  8 12:04:27 02[CFG] <2>   candidate: %any...%any, prio 28
Nov  8 12:04:27 02[CFG] <2> found matching ike config: %any...%any with prio 28
Nov  8 12:04:27 02[IKE] <2> 182.185.148.8 is initiating an IKE_SA
Nov  8 12:04:27 02[IKE] <2> IKE_SA (unnamed)[2] state change: CREATED => CONNECTING
Nov  8 12:04:27 02[CFG] <2> selecting proposal:
Nov  8 12:04:27 02[CFG] <2>   proposal matches
Nov  8 12:04:27 02[CFG] <2> received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536, IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024, IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Nov  8 12:04:27 02[CFG] <2> configured proposals: IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/CAMELLIA_CTR_128/CAMELLIA_CTR_192/CAMELLIA_CTR_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/CHACHA20_POLY1305/CAMELLIA_CCM_16_128/CAMELLIA_CCM_16_192/CAMELLIA_CCM_16_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/CAMELLIA_CCM_8_128/CAMELLIA_CCM_8_192/CAMELLIA_CCM_8_256/CAMELLIA_CCM_12_128/CAMELLIA_CCM_12_192/CAMELLIA_CCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048
Nov  8 12:04:27 02[CFG] <2> selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
Nov  8 12:04:27 02[LIB] <2> size of DH secret exponent: 2047 bits
Nov  8 12:04:27 02[IKE] <2> remote host is behind NAT
Nov  8 12:04:27 02[ENC] <2> added payload of type SECURITY_ASSOCIATION to message
Nov  8 12:04:27 02[ENC] <2> added payload of type KEY_EXCHANGE to message
Nov  8 12:04:27 02[ENC] <2> added payload of type NONCE to message
Nov  8 12:04:27 02[ENC] <2> added payload of type NOTIFY to message
Nov  8 12:04:27 02[ENC] <2> added payload of type NOTIFY to message
Nov  8 12:04:27 02[ENC] <2> added payload of type NOTIFY to message
Nov  8 12:04:27 02[ENC] <2> added payload of type NOTIFY to message
Nov  8 12:04:27 02[ENC] <2> order payloads in message
Nov  8 12:04:27 02[ENC] <2> added payload of type SECURITY_ASSOCIATION to message
Nov  8 12:04:27 02[ENC] <2> added payload of type KEY_EXCHANGE to message
Nov  8 12:04:27 02[ENC] <2> added payload of type NONCE to message
Nov  8 12:04:27 02[ENC] <2> added payload of type NOTIFY to message
Nov  8 12:04:27 02[ENC] <2> added payload of type NOTIFY to message
Nov  8 12:04:27 02[ENC] <2> added payload of type NOTIFY to message
Nov  8 12:04:27 02[ENC] <2> added payload of type NOTIFY to message
Nov  8 12:04:27 02[ENC] <2> generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(MULT_AUTH) ]
Nov  8 12:04:27 02[ENC] <2> not encrypting payloads
Nov  8 12:04:27 02[ENC] <2> generating payload of type HEADER
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 IKE_SPI
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 IKE_SPI
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 U_INT_4
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 U_INT_4
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 8 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 9 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 10 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 11 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 12 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 13 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 14 U_INT_32
Nov  8 12:04:27 02[ENC] <2>   generating rule 15 HEADER_LENGTH
Nov  8 12:04:27 02[ENC] <2> generating HEADER payload finished
Nov  8 12:04:27 02[ENC] <2> generating payload of type SECURITY_ASSOCIATION
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 8 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 10 (1258)
Nov  8 12:04:27 02[ENC] <2> generating payload of type SECURITY_ASSOCIATION
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 RESERVED_BYTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 SPI_SIZE
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 7 SPI
Nov  8 12:04:27 02[ENC] <2>   generating rule 8 (1261)
Nov  8 12:04:27 02[ENC] <2> generating payload of type TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 RESERVED_BYTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 RESERVED_BYTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 U_INT_16
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 (1262)
Nov  8 12:04:27 02[ENC] <2> generating payload of type TRANSFORM_ATTRIBUTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 ATTRIBUTE_FORMAT
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 02[ENC] <2> generating TRANSFORM_ATTRIBUTE payload finished
Nov  8 12:04:27 02[ENC] <2> generating TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 02[ENC] <2> generating payload of type TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 RESERVED_BYTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 RESERVED_BYTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 U_INT_16
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 (1262)
Nov  8 12:04:27 02[ENC] <2> generating TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 02[ENC] <2> generating payload of type TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 RESERVED_BYTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 RESERVED_BYTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 U_INT_16
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 (1262)
Nov  8 12:04:27 02[ENC] <2> generating TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 02[ENC] <2> generating payload of type TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 RESERVED_BYTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 RESERVED_BYTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 U_INT_16
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 (1262)
Nov  8 12:04:27 02[ENC] <2> generating TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 02[ENC] <2> generating SECURITY_ASSOCIATION payload finished
Nov  8 12:04:27 02[ENC] <2> generating SECURITY_ASSOCIATION payload finished
Nov  8 12:04:27 02[ENC] <2> generating payload of type KEY_EXCHANGE
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 8 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 10 U_INT_16
Nov  8 12:04:27 02[ENC] <2>   generating rule 11 RESERVED_BYTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 12 RESERVED_BYTE
Nov  8 12:04:27 02[ENC] <2>   generating rule 13 CHUNK_DATA
Nov  8 12:04:27 02[ENC] <2> generating KEY_EXCHANGE payload finished
Nov  8 12:04:27 02[ENC] <2> generating payload of type NONCE
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 8 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 10 CHUNK_DATA
Nov  8 12:04:27 02[ENC] <2> generating NONCE payload finished
Nov  8 12:04:27 02[ENC] <2> generating payload of type NOTIFY
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 8 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 10 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 11 SPI_SIZE
Nov  8 12:04:27 02[ENC] <2>   generating rule 12 U_INT_16
Nov  8 12:04:27 02[ENC] <2>   generating rule 13 SPI
Nov  8 12:04:27 02[ENC] <2>   generating rule 14 CHUNK_DATA
Nov  8 12:04:27 02[ENC] <2> generating NOTIFY payload finished
Nov  8 12:04:27 02[ENC] <2> generating payload of type NOTIFY
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 8 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 10 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 11 SPI_SIZE
Nov  8 12:04:27 02[ENC] <2>   generating rule 12 U_INT_16
Nov  8 12:04:27 02[ENC] <2>   generating rule 13 SPI
Nov  8 12:04:27 02[ENC] <2>   generating rule 14 CHUNK_DATA
Nov  8 12:04:27 02[ENC] <2> generating NOTIFY payload finished
Nov  8 12:04:27 02[ENC] <2> generating payload of type NOTIFY
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 8 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 10 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 11 SPI_SIZE
Nov  8 12:04:27 02[ENC] <2>   generating rule 12 U_INT_16
Nov  8 12:04:27 02[ENC] <2>   generating rule 13 SPI
Nov  8 12:04:27 02[ENC] <2>   generating rule 14 CHUNK_DATA
Nov  8 12:04:27 02[ENC] <2> generating NOTIFY payload finished
Nov  8 12:04:27 02[ENC] <2> generating payload of type NOTIFY
Nov  8 12:04:27 02[ENC] <2>   generating rule 0 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 1 FLAG
Nov  8 12:04:27 02[ENC] <2>   generating rule 2 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 3 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 4 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 5 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 8 RESERVED_BIT
Nov  8 12:04:27 02[ENC] <2>   generating rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 02[ENC] <2>   generating rule 10 U_INT_8
Nov  8 12:04:27 02[ENC] <2>   generating rule 11 SPI_SIZE
Nov  8 12:04:27 02[ENC] <2>   generating rule 12 U_INT_16
Nov  8 12:04:27 02[ENC] <2>   generating rule 13 SPI
Nov  8 12:04:27 02[ENC] <2>   generating rule 14 CHUNK_DATA
Nov  8 12:04:27 02[ENC] <2> generating NOTIFY payload finished
Nov  8 12:04:27 02[NET] <2> sending packet: from 108.62.122.16[500] to 182.185.148.8[500] (448 bytes)
Nov  8 12:04:27 02[MGR] <2> checkin IKE_SA (unnamed)[2]
Nov  8 12:04:27 02[MGR] <2> checkin of IKE_SA successful
Nov  8 12:04:27 01[JOB] next event in 26s 707ms, waiting
Nov  8 12:04:27 07[NET] sending packet: from 108.62.122.16[500] to 182.185.148.8[500]
Nov  8 12:04:27 12[NET] received packet: from 182.185.148.8[4500] to 108.62.122.16[4500]
Nov  8 12:04:27 12[ENC] parsing header of message
Nov  8 12:04:27 12[ENC] parsing HEADER payload, 496 bytes left
Nov  8 12:04:27 12[ENC]   parsing rule 0 IKE_SPI
Nov  8 12:04:27 12[ENC]   parsing rule 1 IKE_SPI
Nov  8 12:04:27 12[ENC]   parsing rule 2 U_INT_8
Nov  8 12:04:27 12[ENC]   parsing rule 3 U_INT_4
Nov  8 12:04:27 12[ENC]   parsing rule 4 U_INT_4
Nov  8 12:04:27 12[ENC]   parsing rule 5 U_INT_8
Nov  8 12:04:27 12[ENC]   parsing rule 6 RESERVED_BIT
Nov  8 12:04:27 12[ENC]   parsing rule 7 RESERVED_BIT
Nov  8 12:04:27 12[ENC]   parsing rule 8 FLAG
Nov  8 12:04:27 12[ENC]   parsing rule 9 FLAG
Nov  8 12:04:27 12[ENC]   parsing rule 10 FLAG
Nov  8 12:04:27 12[ENC]   parsing rule 11 FLAG
Nov  8 12:04:27 12[ENC]   parsing rule 12 FLAG
Nov  8 12:04:27 12[ENC]   parsing rule 13 FLAG
Nov  8 12:04:27 12[ENC]   parsing rule 14 U_INT_32
Nov  8 12:04:27 12[ENC]   parsing rule 15 HEADER_LENGTH
Nov  8 12:04:27 12[ENC] parsing HEADER payload finished
Nov  8 12:04:27 12[ENC] parsed a IKE_AUTH request header
Nov  8 12:04:27 12[NET] waiting for data on sockets
Nov  8 12:04:27 08[MGR] checkout IKEv2 SA by message with SPIs 102b6352ed9d070b_i 8644dc6d8b1a6986_r
Nov  8 12:04:27 08[MGR] IKE_SA (unnamed)[2] successfully checked out
Nov  8 12:04:27 08[NET] <2> received packet: from 182.185.148.8[4500] to 108.62.122.16[4500] (496 bytes)
Nov  8 12:04:27 08[ENC] <2> parsing body of message, first payload is ENCRYPTED
Nov  8 12:04:27 08[ENC] <2> starting parsing a ENCRYPTED payload
Nov  8 12:04:27 08[ENC] <2> parsing ENCRYPTED payload, 468 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 CHUNK_DATA
Nov  8 12:04:27 08[ENC] <2> parsing ENCRYPTED payload finished
Nov  8 12:04:27 08[ENC] <2> verifying payload of type ENCRYPTED
Nov  8 12:04:27 08[ENC] <2> ENCRYPTED payload verified, adding to payload list
Nov  8 12:04:27 08[ENC] <2> ENCRYPTED payload found, stop parsing
Nov  8 12:04:27 08[ENC] <2> process payload of type ENCRYPTED
Nov  8 12:04:27 08[ENC] <2> found an encrypted payload
Nov  8 12:04:27 08[ENC] <2> parsing ID_INITIATOR payload, 426 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 FLAG
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 10 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 11 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 12 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 13 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 14 CHUNK_DATA
Nov  8 12:04:27 08[ENC] <2> parsing ID_INITIATOR payload finished
Nov  8 12:04:27 08[ENC] <2> parsing NOTIFY payload, 412 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 FLAG
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 10 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 11 SPI_SIZE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 12 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 13 SPI
Nov  8 12:04:27 08[ENC] <2>   parsing rule 14 CHUNK_DATA
Nov  8 12:04:27 08[ENC] <2> parsing NOTIFY payload finished
Nov  8 12:04:27 08[ENC] <2> parsing NOTIFY payload, 404 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 FLAG
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 10 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 11 SPI_SIZE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 12 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 13 SPI
Nov  8 12:04:27 08[ENC] <2>   parsing rule 14 CHUNK_DATA
Nov  8 12:04:27 08[ENC] <2> parsing NOTIFY payload finished
Nov  8 12:04:27 08[ENC] <2> parsing ID_RESPONDER payload, 396 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 FLAG
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 10 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 11 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 12 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 13 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 14 CHUNK_DATA
Nov  8 12:04:27 08[ENC] <2> parsing ID_RESPONDER payload finished
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION payload, 384 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 FLAG
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 10 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 11 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 12 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 13 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 14 (1265)
Nov  8 12:04:27 08[ENC] <2>   32 bytes left, parsing recursively CONFIGURATION_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload, 376 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2>   28 bytes left, parsing recursively CONFIGURATION_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload, 372 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2>   24 bytes left, parsing recursively CONFIGURATION_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload, 368 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2>   20 bytes left, parsing recursively CONFIGURATION_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload, 364 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2>   16 bytes left, parsing recursively CONFIGURATION_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload, 360 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2>   12 bytes left, parsing recursively CONFIGURATION_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload, 356 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2>   8 bytes left, parsing recursively CONFIGURATION_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload, 352 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2>   4 bytes left, parsing recursively CONFIGURATION_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload, 348 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing CONFIGURATION payload finished
Nov  8 12:04:27 08[ENC] <2> unknown attribute type (25)
Nov  8 12:04:27 08[ENC] <2> parsing NOTIFY payload, 344 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 FLAG
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 10 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 11 SPI_SIZE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 12 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 13 SPI
Nov  8 12:04:27 08[ENC] <2>   parsing rule 14 CHUNK_DATA
Nov  8 12:04:27 08[ENC] <2> parsing NOTIFY payload finished
Nov  8 12:04:27 08[ENC] <2> parsing NOTIFY payload, 336 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 FLAG
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 10 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 11 SPI_SIZE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 12 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 13 SPI
Nov  8 12:04:27 08[ENC] <2>   parsing rule 14 CHUNK_DATA
Nov  8 12:04:27 08[ENC] <2> parsing NOTIFY payload finished
Nov  8 12:04:27 08[ENC] <2> parsing SECURITY_ASSOCIATION payload, 328 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 FLAG
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 10 (1258)
Nov  8 12:04:27 08[ENC] <2>   196 bytes left, parsing recursively PROPOSAL_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing PROPOSAL_SUBSTRUCTURE payload, 324 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 SPI_SIZE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 SPI
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 (1260)
Nov  8 12:04:27 08[ENC] <2>   28 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 312 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2>   4 bytes left, parsing recursively TRANSFORM_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_ATTRIBUTE payload, 304 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 ATTRIBUTE_FORMAT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   16 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 300 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   8 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 292 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing PROPOSAL_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   156 bytes left, parsing recursively PROPOSAL_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing PROPOSAL_SUBSTRUCTURE payload, 284 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 SPI_SIZE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 SPI
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 (1260)
Nov  8 12:04:27 08[ENC] <2>   28 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 272 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2>   4 bytes left, parsing recursively TRANSFORM_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_ATTRIBUTE payload, 264 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 ATTRIBUTE_FORMAT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   16 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 260 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   8 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 252 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing PROPOSAL_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   116 bytes left, parsing recursively PROPOSAL_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing PROPOSAL_SUBSTRUCTURE payload, 244 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 SPI_SIZE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 SPI
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 (1260)
Nov  8 12:04:27 08[ENC] <2>   28 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 232 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2>   4 bytes left, parsing recursively TRANSFORM_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_ATTRIBUTE payload, 224 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 ATTRIBUTE_FORMAT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   16 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 220 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   8 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 212 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing PROPOSAL_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   76 bytes left, parsing recursively PROPOSAL_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing PROPOSAL_SUBSTRUCTURE payload, 204 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 SPI_SIZE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 SPI
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 (1260)
Nov  8 12:04:27 08[ENC] <2>   28 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 192 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2>   4 bytes left, parsing recursively TRANSFORM_ATTRIBUTE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_ATTRIBUTE payload, 184 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 ATTRIBUTE_FORMAT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 ATTRIBUTE_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 ATTRIBUTE_LENGTH_OR_VALUE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 ATTRIBUTE_VALUE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_ATTRIBUTE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   16 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 180 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   8 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 172 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing PROPOSAL_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   36 bytes left, parsing recursively PROPOSAL_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing PROPOSAL_SUBSTRUCTURE payload, 164 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 SPI_SIZE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 SPI
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 (1260)
Nov  8 12:04:27 08[ENC] <2>   24 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 152 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   16 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 144 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   8 bytes left, parsing recursively TRANSFORM_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload, 136 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 (1262)
Nov  8 12:04:27 08[ENC] <2> parsing TRANSFORM_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing PROPOSAL_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing SECURITY_ASSOCIATION payload finished
Nov  8 12:04:27 08[ENC] <2> parsing TS_INITIATOR payload, 128 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 FLAG
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 10 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 11 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 12 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 13 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 14 (1264)
Nov  8 12:04:27 08[ENC] <2>   56 bytes left, parsing recursively TRAFFIC_SELECTOR_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRAFFIC_SELECTOR_SUBSTRUCTURE payload, 120 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 TS_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 ADDRESS
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 ADDRESS
Nov  8 12:04:27 08[ENC] <2> parsing TRAFFIC_SELECTOR_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   40 bytes left, parsing recursively TRAFFIC_SELECTOR_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRAFFIC_SELECTOR_SUBSTRUCTURE payload, 104 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 TS_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 ADDRESS
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 ADDRESS
Nov  8 12:04:27 08[ENC] <2> parsing TRAFFIC_SELECTOR_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing TS_INITIATOR payload finished
Nov  8 12:04:27 08[ENC] <2> parsing TS_RESPONDER payload, 64 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 FLAG
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <2>   parsing rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 10 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 11 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 12 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 13 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 14 (1264)
Nov  8 12:04:27 08[ENC] <2>   56 bytes left, parsing recursively TRAFFIC_SELECTOR_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRAFFIC_SELECTOR_SUBSTRUCTURE payload, 56 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 TS_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 ADDRESS
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 ADDRESS
Nov  8 12:04:27 08[ENC] <2> parsing TRAFFIC_SELECTOR_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2>   40 bytes left, parsing recursively TRAFFIC_SELECTOR_SUBSTRUCTURE
Nov  8 12:04:27 08[ENC] <2> parsing TRAFFIC_SELECTOR_SUBSTRUCTURE payload, 40 bytes left
Nov  8 12:04:27 08[ENC] <2>   parsing rule 0 TS_TYPE
Nov  8 12:04:27 08[ENC] <2>   parsing rule 1 U_INT_8
Nov  8 12:04:27 08[ENC] <2>   parsing rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <2>   parsing rule 3 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 4 U_INT_16
Nov  8 12:04:27 08[ENC] <2>   parsing rule 5 ADDRESS
Nov  8 12:04:27 08[ENC] <2>   parsing rule 6 ADDRESS
Nov  8 12:04:27 08[ENC] <2> parsing TRAFFIC_SELECTOR_SUBSTRUCTURE payload finished
Nov  8 12:04:27 08[ENC] <2> parsing TS_RESPONDER payload finished
Nov  8 12:04:27 08[ENC] <2> parsed content of encrypted payload
Nov  8 12:04:27 08[ENC] <2> insert decrypted payload of type ID_INITIATOR at end of list
Nov  8 12:04:27 08[ENC] <2> insert decrypted payload of type NOTIFY at end of list
Nov  8 12:04:27 08[ENC] <2> insert decrypted payload of type NOTIFY at end of list
Nov  8 12:04:27 08[ENC] <2> insert decrypted payload of type ID_RESPONDER at end of list
Nov  8 12:04:27 08[ENC] <2> insert decrypted payload of type CONFIGURATION at end of list
Nov  8 12:04:27 08[ENC] <2> insert decrypted payload of type NOTIFY at end of list
Nov  8 12:04:27 08[ENC] <2> insert decrypted payload of type NOTIFY at end of list
Nov  8 12:04:27 08[ENC] <2> insert decrypted payload of type SECURITY_ASSOCIATION at end of list
Nov  8 12:04:27 08[ENC] <2> insert decrypted payload of type TS_INITIATOR at end of list
Nov  8 12:04:27 08[ENC] <2> insert decrypted payload of type TS_RESPONDER at end of list
Nov  8 12:04:27 08[ENC] <2> verifying message structure
Nov  8 12:04:27 08[ENC] <2> found payload of type NOTIFY
Nov  8 12:04:27 08[ENC] <2> found payload of type NOTIFY
Nov  8 12:04:27 08[ENC] <2> found payload of type NOTIFY
Nov  8 12:04:27 08[ENC] <2> found payload of type NOTIFY
Nov  8 12:04:27 08[ENC] <2> found payload of type ID_INITIATOR
Nov  8 12:04:27 08[ENC] <2> found payload of type ID_RESPONDER
Nov  8 12:04:27 08[ENC] <2> found payload of type SECURITY_ASSOCIATION
Nov  8 12:04:27 08[ENC] <2> found payload of type TS_INITIATOR
Nov  8 12:04:27 08[ENC] <2> found payload of type TS_RESPONDER
Nov  8 12:04:27 08[ENC] <2> found payload of type CONFIGURATION
Nov  8 12:04:27 08[ENC] <2> parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) N(MOBIKE_SUP) IDr CPRQ(ADDR DHCP DNS MASK ADDR6 DHCP6 DNS6 (25)) N(ESP_TFC_PAD_N) N(NON_FIRST_FRAG) SA TSi TSr ]
Nov  8 12:04:27 08[CFG] <2> looking for peer configs matching 108.62.122.16[108.62.122.16]...182.185.148.8[client]
Nov  8 12:04:27 08[CFG] <2>   candidate "IOS-IPSEC", match: 20/1/28 (me/other/ike)
Nov  8 12:04:27 08[CFG] <IOS-IPSEC|2> selected peer config 'IOS-IPSEC'
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> initiating EAP_IDENTITY method (id 0x00)
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> processing INTERNAL_IP4_ADDRESS attribute
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> processing INTERNAL_IP4_DHCP attribute
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> processing INTERNAL_IP4_DNS attribute
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> processing INTERNAL_IP4_NETMASK attribute
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> processing INTERNAL_IP6_ADDRESS attribute
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> processing INTERNAL_IP6_DHCP attribute
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> processing INTERNAL_IP6_DNS attribute
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> processing (25) attribute
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> received ESP_TFC_PADDING_NOT_SUPPORTED, not using ESPv3 TFC padding
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> peer supports MOBIKE
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> added payload of type ID_RESPONDER to message
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> added payload of type EAP to message
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> added payload of type AUTH to message
Nov  8 12:04:27 08[IKE] <IOS-IPSEC|2> authentication of '108.62.122.16' (myself) with RSA signature successful
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> order payloads in message
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> added payload of type ID_RESPONDER to message
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> added payload of type AUTH to message
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> added payload of type EAP to message
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generating IKE_AUTH response 1 [ IDr AUTH EAP/REQ/ID ]
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> insert payload ID_RESPONDER into encrypted payload
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> insert payload AUTH into encrypted payload
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> insert payload EAP into encrypted payload
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generating payload of type HEADER
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 0 IKE_SPI
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 1 IKE_SPI
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 2 U_INT_8
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 3 U_INT_4
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 4 U_INT_4
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 5 U_INT_8
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 8 FLAG
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 9 FLAG
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 10 FLAG
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 11 FLAG
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 12 FLAG
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 13 FLAG
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 14 U_INT_32
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 15 HEADER_LENGTH
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generating HEADER payload finished
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generating payload of type ID_RESPONDER
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 1 FLAG
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 10 U_INT_8
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 11 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 12 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 13 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 14 CHUNK_DATA
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generating ID_RESPONDER payload finished
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generating payload of type AUTH
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 1 FLAG
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 10 U_INT_8
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 11 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 12 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 13 RESERVED_BYTE
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 14 CHUNK_DATA
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> increasing gen buffer from 500 to 1000 byte
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generating AUTH payload finished
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generating payload of type EAP
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 1 FLAG
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 2 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 3 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 4 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 5 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 6 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 7 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 8 RESERVED_BIT
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 9 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 10 CHUNK_DATA
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generating EAP payload finished
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generated content in encrypted payload
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generating payload of type ENCRYPTED
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 0 U_INT_8
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 1 U_INT_8
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 2 PAYLOAD_LENGTH
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2>   generating rule 3 CHUNK_DATA
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> increasing gen buffer from 500 to 1000 byte
Nov  8 12:04:27 08[ENC] <IOS-IPSEC|2> generating ENCRYPTED payload finished
Nov  8 12:04:27 08[NET] <IOS-IPSEC|2> sending packet: from 108.62.122.16[4500] to 182.185.148.8[4500] (608 bytes)
Nov  8 12:04:27 08[MGR] <IOS-IPSEC|2> checkin IKE_SA IOS-IPSEC[2]
Nov  8 12:04:27 08[MGR] <IOS-IPSEC|2> checkin of IKE_SA successful
Nov  8 12:04:27 07[NET] sending packet: from 108.62.122.16[4500] to 182.185.148.8[4500]
Nov  8 12:04:30 15[JOB] watched FD 21 ready to read
Nov  8 12:04:30 15[JOB] watcher going to poll() 8 fds
Nov  8 12:04:30 14[CFG] vici client 1 connected
Nov  8 12:04:30 15[JOB] watcher got notification, rebuilding
Nov  8 12:04:30 15[JOB] watcher going to poll() 10 fds
Nov  8 12:04:30 15[JOB] watched FD 21 ready to read
Nov  8 12:04:30 15[JOB] watcher going to poll() 9 fds
Nov  8 12:04:30 04[CFG] vici client 2 connected
Nov  8 12:04:30 15[JOB] watcher got notification, rebuilding
Nov  8 12:04:30 15[JOB] watcher going to poll() 11 fds
Nov  8 12:04:30 15[JOB] watched FD 27 ready to read
Nov  8 12:04:30 15[JOB] watcher going to poll() 10 fds
Nov  8 12:04:30 15[JOB] watcher got notification, rebuilding
Nov  8 12:04:30 15[JOB] watcher going to poll() 11 fds
Nov  8 12:04:30 13[CFG] vici client 2 registered for: list-sa
Nov  8 12:04:30 15[JOB] watcher got notification, rebuilding
Nov  8 12:04:30 15[JOB] watcher going to poll() 11 fds
Nov  8 12:04:30 15[JOB] watched FD 27 ready to write
Nov  8 12:04:30 15[JOB] watcher going to poll() 10 fds
Nov  8 12:04:30 15[JOB] watcher got notification, rebuilding
Nov  8 12:04:30 15[JOB] watcher going to poll() 11 fds
Nov  8 12:04:30 15[JOB] watched FD 27 ready to read
Nov  8 12:04:30 15[JOB] watcher going to poll() 10 fds
Nov  8 12:04:30 05[CFG] vici client 2 requests: list-sas
Nov  8 12:04:30 15[JOB] watcher got notification, rebuilding
Nov  8 12:04:30 15[JOB] watcher going to poll() 11 fds
Nov  8 12:04:30 15[JOB] watcher got notification, rebuilding
Nov  8 12:04:30 15[JOB] watcher going to poll() 11 fds
Nov  8 12:04:30 15[JOB] watched FD 27 ready to write
Nov  8 12:04:30 15[JOB] watcher going to poll() 10 fds
Nov  8 12:04:30 15[JOB] watcher got notification, rebuilding
Nov  8 12:04:30 15[JOB] watcher going to poll() 11 fds
Nov  8 12:04:30 15[JOB] watched FD 27 ready to read
Nov  8 12:04:30 15[JOB] watcher going to poll() 10 fds
Nov  8 12:04:30 14[CFG] vici client 2 unregistered for: list-sa
Nov  8 12:04:30 15[JOB] watcher got notification, rebuilding
Nov  8 12:04:30 15[JOB] watcher going to poll() 11 fds
Nov  8 12:04:30 15[JOB] watched FD 27 ready to write
Nov  8 12:04:30 15[JOB] watcher going to poll() 10 fds
Nov  8 12:04:30 15[JOB] watcher got notification, rebuilding
Nov  8 12:04:30 15[JOB] watcher going to poll() 11 fds
Nov  8 12:04:30 15[JOB] watched FD 26 ready to read
Nov  8 12:04:30 15[JOB] watched FD 27 ready to read
Nov  8 12:04:30 15[JOB] watcher going to poll() 9 fds
Nov  8 12:04:30 15[JOB] watcher got notification, rebuilding
Nov  8 12:04:30 09[CFG] vici client 2 disconnected
Nov  8 12:04:30 06[CFG] vici client 1 disconnected
Nov  8 12:04:30 15[JOB] watcher going to poll() 9 fds
Nov  8 12:04:53 01[JOB] got event, queuing job for execution
Nov  8 12:04:53 01[JOB] next event in 3s 292ms, waiting
Nov  8 12:04:53 11[MGR] checkout IKEv2 SA with SPIs c87fd86e6ae14fe5_i 1ec86be23d065e6a_r
Nov  8 12:04:53 11[MGR] IKE_SA IOS-IPSEC[1] successfully checked out
Nov  8 12:04:53 11[JOB] <IOS-IPSEC|1> deleting half open IKE_SA with 182.185.148.8 after timeout
Nov  8 12:04:53 11[MGR] <IOS-IPSEC|1> checkin and destroy IKE_SA IOS-IPSEC[1]
Nov  8 12:04:53 11[IKE] <IOS-IPSEC|1> IKE_SA IOS-IPSEC[1] state change: CONNECTING => DESTROYING
Nov  8 12:04:53 11[MGR] checkin and destroy of IKE_SA successful
Nov  8 12:04:57 01[JOB] got event, queuing job for execution
Nov  8 12:04:57 01[JOB] no events, waiting
*Nov  8 12:04:57 02[MGR] checkout IKEv2 SA with SPIs 102b6352ed9d070b_i 8644dc6d8b1a6986_r
Nov  8 12:04:57 02[MGR] IKE_SA IOS-IPSEC[2] successfully checked out
Nov  8 12:04:57 02[JOB] <IOS-IPSEC|2> deleting half open IKE_SA with 182.185.148.8 after timeout
Nov  8 12:04:57 02[MGR] <IOS-IPSEC|2> checkin and destroy IKE_SA IOS-IPSEC[2]
Nov  8 12:04:57 02[IKE] <IOS-IPSEC|2> IKE_SA IOS-IPSEC[2] state change: CONNECTING => DESTROYING*
Nov  8 12:04:57 02[MGR] checkin and destroy of IKE_SA successful
Nov  8 12:05:01 15[JOB] watched FD 21 ready to read

ipsec.conf

config setup
    charondebug="ike 4, knl 2, cfg 3, chd 2, dmn 2, lib 2, net 2" 
    uniqueids=no

conn IOS-IPSEC
    keyexchange=ikev2
    rekey=no
    compress=no
    type=tunnel
    reauth=no
    aggressive=no
    fragmentation=yes
    auto=add
    leftfirewall=yes   
    leftauth=pubkey
    leftsendcert=never  
    leftcert=server-cert.pem
    left=%any
    leftid=108.62.122.16
    right=%any
    rightid=%any
    rightdns=8.8.8.8,8.8.4.4
    rightsourceip=10.24.24.0/24
    rightauth=eap-radius
    rightsendcert=never
    eap_identity=%identity


Related issues

Related to Issue #3261: Strongswan vpn not connecting in IosFeedback

History

#1 Updated by Tobias Brunner 7 days ago

  • Category set to configuration
  • Status changed from New to Feedback

Try configuring leftsendcert=always, the client won't trust the server without the certificate.

#2 Updated by Muhammad Tufail 7 days ago

same error in charon log

charon.log

Nov  8 13:19:39 02[JOB] got event, queuing job for execution
Nov  8 13:19:39 02[JOB] no events, waiting
Nov  8 13:19:39 15[MGR] checkout IKEv2 SA with SPIs 310f0069eaf6aa86_i db63e7560b2eb78a_r
Nov  8 13:19:39 15[MGR] IKE_SA IOS-IPSEC[1] successfully checked out
Nov  8 13:19:39 15[JOB] <IOS-IPSEC|1> deleting half open IKE_SA with 182.185.148.8 after timeout
Nov  8 13:19:39 15[MGR] <IOS-IPSEC|1> checkin and destroy IKE_SA IOS-IPSEC[1]
Nov  8 13:19:39 15[IKE] <IOS-IPSEC|1> IKE_SA IOS-IPSEC[1] state ch

#3 Updated by Tobias Brunner 7 days ago

The client might not like the returned certificate (check the log there).

#4 Updated by Muhammad Tufail 7 days ago

its important to install certificate on client side because i am connecting using username and password

#5 Updated by Muhammad Tufail 7 days ago

this is my Ipsecret.conf file i am connecting using these username and password

ipsec.conf

# ipsec.secret s - strongSwan IPsec secrets fil
 : PSK abc123
 : RSA "server-key.pem" 
PLVPN : EAP "abc123" 

#6 Updated by Muhammad Tufail 7 days ago

i have only charon.log file to check the error log..
client is Ios and it return User Authentication Failed.

can you please let me know is there any changes required in any other file to set up eap-radius ?

#7 Updated by Tobias Brunner 7 days ago

i have only charon.log file to check the error log..
client is Ios and it return User Authentication Failed.

There is a log on iOS, you just need Xcode on macOS to access it.

can you please let me know is there any changes required in any other file to set up eap-radius ?

You currently don't have a problem with EAP or RADIUS (also, the username/password in ipsec.secrets is obviously useless if you authenticate against a RADIUS server). The problem is that the client doesn't even start authenticating because it probably doesn't trust the certificate returned by the server. Make sure you have the appropriate CA certificate installed on the client and that the identity matches.

#8 Updated by Muhammad Tufail 7 days ago

i don't install any certificate on client side...can you please let me know which certificate i have to install on client side?
is there any way to connect the vpn using username and password?

#9 Updated by Tobias Brunner 7 days ago

The root certificate of the CA that issued the server certificate has to be installed on the client. If the server certificate was issued by a CA the client already trusts (e.g. Let's Encrypt or a commercial one) you don't have to install it manually. If you use your own CA and server certificates, you do.

#10 Updated by Muhammad Tufail 7 days ago

thanks for the explanation but i have create 4 certificates and i add that certificates in the three folder of ipsec.d from that certificate i use one certificate in the ipsec.secret and one in the ipsec.conf which is
leftcert=server-cert.pem

this is strongswan listcerts

List of X.509 End Entity Certificates

  subject:  "CN=108.62.122.16" 
  issuer:   "CN=VPN root CA" 
  validity:  not before Nov 07 15:07:08 2019, ok
             not after  Nov 05 15:07:08 2024, ok (expires in 1824 days)
  serial:    5e:71:5f:f6:a9:ea:db:77
  altNames:  108.62.122.16
  flags:     serverAuth ikeIntermediate 
  authkeyId: 03:ec:6e:4e:21:d7:4d:11:ce:4e:ed:ad:13:35:fd:b4:a3:0a:55:54
  subjkeyId: 50:9f:7f:93:0d:bc:3f:a3:85:ce:26:09:67:31:8e:31:e7:da:d8:6e
  pubkey:    RSA 4096 bits, has private key
  keyid:     24:06:a9:d3:f7:28:fe:4d:66:d8:a2:a4:cf:70:86:a5:71:b6:57:9b
  subjkey:   50:9f:7f:93:0d:bc:3f:a3:85:ce:26:09:67:31:8e:31:e7:da:d8:6e

is this certificate okay i don't know which is root certificate

#11 Updated by Tobias Brunner 7 days ago

but i have create 4 certificates

What exactly are those four certificates? A CA cert, a server cert, what else? Are you confusing private keys with certificates?

this is strongswan listcerts

To list CA certs, you have to use the listcacerts command.

is this certificate okay i don't know which is root certificate

If you copied the CA cert to ipsec.d/cacerts and it has the subject CN=VPN root CA it's that.

#12 Updated by Tobias Brunner 4 days ago

  • Related to Issue #3261: Strongswan vpn not connecting in Ios added

Also available in: Atom PDF