Project

General

Profile

Raspi 3 - Initiating IoT Device

Configuration Files

strongSwan IPsec configuration file /etc/ipsec.conf

config setup
     charondebug="tnc 2, imc 2, imv 2, pts 3" 

conn %default
     ike=aes128-sha256-ecp256!
     esp=aes128-sha256-ecp256!
     keyexchange=ikev2

conn peer
     left=10.10.1.39
     leftauth=eap-ttls
     leftcert=raspi3Cert.pem
     leftid=raspi3.example.com
     leftfirewall=yes
     right=10.10.1.40
     rightauth=eap-ttls
     rightid=raspi4.example.com
     type=transport
     auto=add

strongSwan IPsec secrets file /etc/ipsec.secrets

: RSA raspi3Key.pem

strongSwan configuration file /etc/strongswan.conf

# strongswan.conf - strongSwan configuration file

charon {
  load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke

  half_open_timeout = 90

  plugins {
    eap-ttls
    {
      max_message_count = 0
      request_peer_auth = yes
      phase2_piggyback = yes
      phase2_tnc = yes
    }
    eap-tnc {
      max_message_count = 0
    }
    tnccs-20 {
      mutual = yes
    }
  }
}

libimcv {
  database = sqlite:///etc/pts/config.db
  policy_script = ipsec imv_policy_manager

  plugins {
    imc-os {
      device_pubkey = /etc/pts/aik3Pub.der
    }
    imc-attestation {
      aik_blob = /etc/pts/aik3Blob.bin
      aik_cert = /etc/pts/aik3Cert.der
    }
    imv-attestation {
      cadir = /etc/pts/cacerts
      hash_algorithm = sha1
    }
  }
}

libtls {
  suites = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
}

pt-tls-client {
  load = random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 curl 
}

attest {
  database=sqlite:///etc/pts/config.db
}

In order to do mutual attestation, both IMCs and IMVs are loaded via /etc/tnc_config.

IMC "OS"                /usr/lib/ipsec/imcvs/imc-os.so
IMC "Attestation"       /usr/lib/ipsec/imcvs/imc-attestation.so
IMV "Attestation"       /usr/lib/ipsec/imcvs/imv-attestation.so

Starting the IKEv2 Daemon

First the IKEv2 charon daemon is started in the background

raspi3# ipsec start

Aug 15 14:45:55 raspi3 charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l)
Aug 15 14:45:55 raspi3 charon: 00[TNC] TNC recommendation policy is 'default'
Aug 15 14:45:55 raspi3 charon: 00[TNC] loading IMVs from '/etc/tnc_config'
Aug 15 14:45:55 raspi3 charon: 00[TNC] added IETF attributes
Aug 15 14:45:55 raspi3 charon: 00[TNC] added ITA-HSR attributes
Aug 15 14:45:55 raspi3 charon: 00[TNC] added TCG attributes
Aug 15 14:45:55 raspi3 charon: 00[PTS] added TCG functional component namespace
Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component namespace
Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'
Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'
Aug 15 14:45:55 raspi3 charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'
Aug 15 14:45:55 raspi3 charon: 00[LIB] libimcv initialized

Loading Attestation IMV

Aug 15 14:45:55 raspi3 charon: 00[IMV] IMV 1 "Attestation" initialized
Aug 15 14:45:55 raspi3 charon: 00[PTS] loading PTS ca certificates from '/etc/pts/cacerts'
Aug 15 14:45:55 raspi3 charon: 00[PTS]   loaded ca certificate "C=US, O=TNC Demo, CN=AIK CA" from '/etc/pts/cacerts/aikCaCert.pem'
Aug 15 14:45:55 raspi3 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   optional  PTS DH group MODP_2048[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   optional  PTS DH group MODP_1536[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   optional  PTS DH group MODP_1024[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[TNC] IMV 1 supports 2 message types: 'TCG/PTS' 0x005597/0x00000001 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:45:55 raspi3 charon: 00[TNC] IMV 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imv-attestation.so'

Loading OS IMC

Aug 15 14:45:55 raspi3 charon: 00[TNC] loading IMCs from '/etc/tnc_config'
Aug 15 14:45:55 raspi3 charon: 00[IMC] IMC 1 "OS" initialized
Aug 15 14:45:55 raspi3 charon: 00[IMC] processing "/etc/debian_version" file
Aug 15 14:45:55 raspi3 charon: 00[IMC] operating system name is 'Debian'
Aug 15 14:45:55 raspi3 charon: 00[IMC] operating system version is '7.8 armv7l'
Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 1 supports 1 message type: 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 1 "OS" loaded from '/usr/lib/ipsec/imcvs/imc-os.so'

Loading Attestation IMC

Aug 15 14:45:55 raspi3 charon: 00[IMC] IMC 2 "Attestation" initialized
Aug 15 14:45:55 raspi3 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   optional  PTS DH group MODP_2048[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   optional  PTS DH group MODP_1536[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   optional  PTS DH group MODP_1024[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available
Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 2 supports 1 message type: 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:45:55 raspi3 charon: 00[TNC] IMC 2 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'

Initializing IKE daemon

Aug 15 14:45:55 raspi3 charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
Aug 15 14:45:55 raspi3 charon: 00[CFG]   loaded ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" from '/etc/ipsec.d/cacerts/demoCaCert.pem'
Aug 15 14:45:55 raspi3 charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
Aug 15 14:45:55 raspi3 charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
Aug 15 14:45:55 raspi3 charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
Aug 15 14:45:55 raspi3 charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
Aug 15 14:45:55 raspi3 charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
Aug 15 14:45:55 raspi3 charon: 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/raspi3Key.pem'
Aug 15 14:45:55 raspi3 charon: 00[LIB] loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
Aug 15 14:45:55 raspi3 charon: 00[JOB] spawning 16 worker threads

Loading peer IPsec connection

Aug 15 14:45:55 raspi3 charon: 06[CFG] received stroke: add connection 'peer'
Aug 15 14:45:55 raspi3 charon: 06[CFG]   loaded certificate "C=US, O=TNC Demo, CN=raspi3.example.com" from 'raspi3Cert.pem'
Aug 15 14:45:55 raspi3 charon: 06[CFG] added configuration 'peer'

Initiating IPsec Connection Setup

The peer IPsec connection to the IoT device raspi4 is initiated using the IKEv2 key exchange protocol

raspi3# ipsec up peer

Aug 15 14:46:05 raspi3 charon: 10[CFG] received stroke: initiate 'peer'
Aug 15 14:46:05 raspi3 charon: 11[IKE] initiating IKE_SA peer[1] to 10.10.1.40
Aug 15 14:46:05 raspi3 charon: 11[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(HASH_ALG) ]
Aug 15 14:46:05 raspi3 charon: 11[NET] sending packet: from 10.10.1.39[500] to 10.10.1.40[500] (256 bytes)
Aug 15 14:46:05 raspi3 charon: 12[NET] received packet: from 10.10.1.40[500] to 10.10.1.39[500] (309 bytes)
Aug 15 14:46:05 raspi3 charon: 12[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ N(HASH_ALG) N(MULT_AUTH) ]
Aug 15 14:46:05 raspi3 charon: 12[IKE] received cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" 
Aug 15 14:46:05 raspi3 charon: 12[IKE] sending cert request for "C=US, O=TNC Demo, CN=TNC Demo CA" 
Aug 15 14:46:05 raspi3 charon: 12[IKE] establishing CHILD_SA peer
Aug 15 14:46:05 raspi3 charon: 12[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) CERTREQ IDr N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
Aug 15 14:46:05 raspi3 charon: 12[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (304 bytes)
Aug 15 14:46:05 raspi3 charon: 13[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (112 bytes)
Aug 15 14:46:05 raspi3 charon: 13[ENC] parsed IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi3 charon: 13[IKE] server requested EAP_TTLS authentication (id 0xDB)
Aug 15 14:46:05 raspi3 charon: 13[TLS] EAP_TTLS version is v0
Aug 15 14:46:05 raspi3 charon: 13[IKE] allow mutual EAP-only authentication
Aug 15 14:46:05 raspi3 charon: 13[ENC] generating IKE_AUTH request 2 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (208 bytes)
Aug 15 14:46:05 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:05 raspi3 charon: 14[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi3 charon: 14[ENC] generating IKE_AUTH request 3 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi3 charon: 14[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:05 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (480 bytes)
Aug 15 14:46:05 raspi3 charon: 15[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi3 charon: 15[TLS] negotiated TLS 1.2 using suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Aug 15 14:46:05 raspi3 charon: 15[TLS] received TLS server certificate 'C=US, O=TNC Demo, CN=raspi4.example.com'
Aug 15 14:46:05 raspi3 charon: 15[CFG]   using certificate "C=US, O=TNC Demo, CN=raspi4.example.com" 
Aug 15 14:46:05 raspi3 charon: 15[CFG]   using trusted ca certificate "C=US, O=TNC Demo, CN=TNC Demo CA" 
Aug 15 14:46:05 raspi3 charon: 15[CFG] checking certificate status of "C=US, O=TNC Demo, CN=raspi4.example.com" 
Aug 15 14:46:05 raspi3 charon: 15[CFG] certificate status is not available
Aug 15 14:46:05 raspi3 charon: 15[CFG]   reached self-signed root ca with a path length of 0
Aug 15 14:46:05 raspi3 charon: 15[TLS] received TLS cert request for 'C=US, O=TNC Demo, CN=TNC Demo CA
Aug 15 14:46:05 raspi3 charon: 15[TLS] sending TLS peer certificate 'C=US, O=TNC Demo, CN=raspi3.example.com'
Aug 15 14:46:05 raspi3 charon: 15[ENC] generating IKE_AUTH request 4 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:05 raspi3 charon: 16[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:05 raspi3 charon: 16[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi3 charon: 16[ENC] generating IKE_AUTH request 5 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi3 charon: 16[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (352 bytes)
Aug 15 14:46:05 raspi3 charon: 09[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:05 raspi3 charon: 09[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi3 charon: 09[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/ID]
Aug 15 14:46:05 raspi3 charon: 09[IKE] server requested EAP_IDENTITY authentication (id 0x00)
Aug 15 14:46:05 raspi3 charon: 09[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/ID]
Aug 15 14:46:05 raspi3 charon: 09[ENC] generating IKE_AUTH request 6 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi3 charon: 09[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (192 bytes)
Aug 15 14:46:05 raspi3 charon: 08[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes)
Aug 15 14:46:05 raspi3 charon: 08[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TTLS ]
Aug 15 14:46:05 raspi3 charon: 08[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:05 raspi3 charon: 08[IKE] server requested EAP_PT_EAP authentication (id 0xB8)
Aug 15 14:46:05 raspi3 charon: 08[TLS] EAP_PT_EAP version is v1

Start of Mutual Attestation

Aug 15 14:46:05 raspi3 charon: 08[TNC] TNC client is handling outbound connection
Aug 15 14:46:05 raspi3 charon: 08[TNC] assigned TNCCS Connection ID 1
Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 1 "OS" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
Aug 15 14:46:05 raspi3 charon: 08[IMC]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:05 raspi3 charon: 08[PTS] loaded AIK certificate from '/etc/pts/aik3Cert.der'
Aug 15 14:46:05 raspi3 charon: 08[PTS] loaded AIK Blob from '/etc/pts/aik3Blob.bin'
Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 2 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 1: +long +excl -soh
Aug 15 14:46:05 raspi3 charon: 08[IMC]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 1 "OS" changed state of Connection ID 1 to 'Handshake'
Aug 15 14:46:05 raspi3 charon: 08[IMC] IMC 2 "Attestation" changed state of Connection ID 1 to 'Handshake'
Aug 15 14:46:05 raspi3 charon: 08[TNC] proposing PB-TNC mutual half duplex protocol

Sending OS Information

Aug 15 14:46:05 raspi3 charon: 08[IMC] operating system numeric version is 7.8
Aug 15 14:46:05 raspi3 charon: 08[IMC] last boot: Aug 15 07:56:52 UTC 2015, 17353 s ago
Aug 15 14:46:05 raspi3 charon: 08[IMC] IPv4 forwarding is disabled
Aug 15 14:46:05 raspi3 charon: 08[IMC] factory default password is disabled
Aug 15 14:46:05 raspi3 charon: 08[IMC] loaded device public key from '/etc/pts/aik3Pub.der'
Aug 15 14:46:05 raspi3 charon: 08[IMC] device ID is 565feb9e8462870dba884ce540a0768d68829873
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC message with ID 0x83cf019d
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:46:05 raspi3 charon: 08[TNC] PB-TNC state transition from 'Init' to 'Server Working'
Aug 15 14:46:05 raspi3 charon: 08[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:05 raspi3 charon: 08[TNC] adding ITA-HSR/PB-Mutual-Capability message
Aug 15 14:46:05 raspi3 charon: 08[TNC] adding IETF/PB-Language-Preference message
Aug 15 14:46:05 raspi3 charon: 08[TNC] adding IETF/PB-PA message
Aug 15 14:46:05 raspi3 charon: 08[TNC] sending PB-TNC CDATA batch (283 bytes) for Connection ID 1
Aug 15 14:46:05 raspi3 charon: 08[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:05 raspi3 charon: 08[ENC] generating IKE_AUTH request 7 [ EAP/RES/TTLS ]
Aug 15 14:46:05 raspi3 charon: 08[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (448 bytes)
Aug 15 14:46:08 raspi3 charon: 07[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (272 bytes)
Aug 15 14:46:08 raspi3 charon: 07[ENC] parsed IKE_AUTH response 7 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi3 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi3 charon: 07[TNC] received TNCCS batch (108 bytes)
Aug 15 14:46:08 raspi3 charon: 07[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PB-TNC SDATA batch for Connection ID 1
Aug 15 14:46:08 raspi3 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi3 charon: 07[TNC] processing ITA-HSR/PB-Mutual-Capability message (16 bytes)
Aug 15 14:46:08 raspi3 charon: 07[TNC] processing IETF/PB-PA message (84 bytes)
Aug 15 14:46:08 raspi3 charon: 07[TNC] activating mutual PB-TNC half duplex protocol
Aug 15 14:46:08 raspi3 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 07[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1
Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC message with ID 0x42501f74
Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
Aug 15 14:46:08 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
Aug 15 14:46:08 raspi3 charon: 07[IMC] IMC 2 received a segmentation contract request from IMV 1 for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 07[IMC]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes

Sending PTS Protocol Capabilites

Aug 15 14:46:08 raspi3 charon: 07[PTS] supported PTS protocol capabilities: .VDT.
Aug 15 14:46:08 raspi3 charon: 07[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC message with ID 0x1d5fa63a
Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 07[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi3 charon: 07[TNC] assigned TNCCS Connection ID 2
Aug 15 14:46:08 raspi3 charon: 07[IMV] IMV 1 "Attestation" created a state for IF-TNCCS 2.0 Connection ID 2: +long +excl -soh
Aug 15 14:46:08 raspi3 charon: 07[IMV]   over IF-T for Tunneled EAP 2.0 with maximum PA-TNC message size of 65490 bytes
Aug 15 14:46:08 raspi3 charon: 07[IMV]   user AR identity 'raspi4.example.com' of type username authenticated by certificate
Aug 15 14:46:08 raspi3 charon: 07[IMV]   machine AR identity '10.10.1.40' of type IPv4 address authenticated by unknown method
Aug 15 14:46:08 raspi3 charon: 07[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Handshake'
Aug 15 14:46:08 raspi3 charon: 07[TNC] PB-TNC state transition from 'Init' to 'Client Working'
Aug 15 14:46:08 raspi3 charon: 07[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi3 charon: 07[TNC] sending PB-TNC SDATA batch (8 bytes) for Connection ID 2
Aug 15 14:46:08 raspi3 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi3 charon: 07[ENC] generating IKE_AUTH request 8 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi3 charon: 07[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
Aug 15 14:46:08 raspi3 charon: 06[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (432 bytes)
Aug 15 14:46:08 raspi3 charon: 06[ENC] parsed IKE_AUTH response 8 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi3 charon: 06[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi3 charon: 06[TNC] received TNCCS batch (267 bytes)
Aug 15 14:46:08 raspi3 charon: 06[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PB-TNC CDATA batch for Connection ID 2
Aug 15 14:46:08 raspi3 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi3 charon: 06[TNC] processing IETF/PB-Language-Preference message (31 bytes)
Aug 15 14:46:08 raspi3 charon: 06[TNC] processing IETF/PB-PA message (228 bytes)
Aug 15 14:46:08 raspi3 charon: 06[TNC] setting language preference to 'en'
Aug 15 14:46:08 raspi3 charon: 06[TNC] handling PB-PA message type 'IETF/Operating System' 0x000000/0x00000001
Aug 15 14:46:08 raspi3 charon: 06[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 1
Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC message with ID 0x366c28ea
Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Product Information' 0x000000/0x00000002
Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/String Version' 0x000000/0x00000004
Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Numeric Version' 0x000000/0x00000003
Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Operational Status' 0x000000/0x00000005
Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Forwarding Enabled' 0x000000/0x0000000b
Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'IETF/Factory Default Password Enabled' 0x000000/0x0000000c
Aug 15 14:46:08 raspi3 charon: 06[TNC] processing PA-TNC attribute type 'ITA-HSR/Device ID' 0x00902a/0x00000008

Receiving OS Information

Aug 15 14:46:08 raspi3 charon: 06[IMV] operating system name is 'Debian' from vendor Debian Project
Aug 15 14:46:08 raspi3 charon: 06[IMV] operating system version is '7.8 armv7l'
Aug 15 14:46:08 raspi3 charon: 06[IMV] device ID is 762872c90011671ef219b6a2a0c3c7dda875b43c

Starting Session with Policy Manager

Aug 15 14:46:08 raspi3 charon: 06[IMV] assigned session ID 3 to Connection ID 2
Aug 15 14:46:08 raspi3 charon: 06[IMV] policy: imv_policy_manager start successful
Aug 15 14:46:08 raspi3 charon: 06[IMV] policy: skipping enforcment 6
Aug 15 14:46:08 raspi3 charon: 06[IMV] FWDEN workitem 13
Aug 15 14:46:08 raspi3 charon: 06[IMV] FMETA workitem 14
Aug 15 14:46:08 raspi3 charon: 06[IMV] PCKGS workitem 15
Aug 15 14:46:08 raspi3 charon: 06[IMV] TCPOP workitem 16
Aug 15 14:46:08 raspi3 charon: 06[IMV] UDPOP workitem 17
Aug 15 14:46:08 raspi3 charon: 06[IMV] TPMRA workitem 18
Aug 15 14:46:08 raspi3 charon: 06[IMV] IMV 1 requests a segmentation contract for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 06[IMV]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes
Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC message with ID 0x918da8fe
Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Max Attribute Size Request' 0x005597/0x00000021
Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC attribute type 'TCG/Request PTS Protocol Capabilities' 0x005597/0x01000000
Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PA-TNC attribute type 'TCG/PTS Measurement Algorithm Request' 0x005597/0x06000000
Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 06[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi3 charon: 06[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi3 charon: 06[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi3 charon: 06[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi3 charon: 06[TNC] sending PB-TNC CDATA batch (92 bytes) for Connection ID 1
Aug 15 14:46:08 raspi3 charon: 06[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi3 charon: 06[ENC] generating IKE_AUTH request 9 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi3 charon: 06[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 05[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 05[ENC] parsed IKE_AUTH response 9 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi3 charon: 05[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi3 charon: 05[TNC] received TNCCS batch (87 bytes)
Aug 15 14:46:08 raspi3 charon: 05[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PB-TNC SDATA batch for Connection ID 1
Aug 15 14:46:08 raspi3 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi3 charon: 05[TNC] processing IETF/PB-PA message (79 bytes)
Aug 15 14:46:08 raspi3 charon: 05[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 05[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1
Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PA-TNC message with ID 0xaff3c130
Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
Aug 15 14:46:08 raspi3 charon: 05[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
Aug 15 14:46:08 raspi3 charon: 05[IMC] metadata request for file '/etc/tnc_config'
Aug 15 14:46:08 raspi3 charon: 05[PTS] selected PTS DH group is ECP_256
Aug 15 14:46:08 raspi3 charon: 05[PTS] nonce length is 20
Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PA-TNC message with ID 0x5e3ee705
Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 05[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi3 charon: 05[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi3 charon: 05[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi3 charon: 05[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi3 charon: 05[TNC] sending PB-TNC SDATA batch (92 bytes) for Connection ID 2
Aug 15 14:46:08 raspi3 charon: 05[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi3 charon: 05[ENC] generating IKE_AUTH request 10 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi3 charon: 05[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 11[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 11[ENC] parsed IKE_AUTH response 10 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi3 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi3 charon: 11[TNC] received TNCCS batch (92 bytes)
Aug 15 14:46:08 raspi3 charon: 11[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PB-TNC CDATA batch for Connection ID 2
Aug 15 14:46:08 raspi3 charon: 11[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi3 charon: 11[TNC] processing IETF/PB-PA message (84 bytes)
Aug 15 14:46:08 raspi3 charon: 11[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1
Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC message with ID 0xf94741eb
Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC attribute type 'TCG/Max Attribute Size Response' 0x005597/0x00000022
Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC attribute type 'TCG/PTS Protocol Capabilities' 0x005597/0x02000000
Aug 15 14:46:08 raspi3 charon: 11[TNC] processing PA-TNC attribute type 'TCG/PTS Measurement Algorithm' 0x005597/0x07000000
Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 received a segmentation contract response from IMC 2 for PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 11[IMV]   maximum attribute size of 100000000 bytes with maximum segment size of 65446 bytes

Receiving PTS Protocol Capabilities

Aug 15 14:46:08 raspi3 charon: 11[PTS] supported PTS protocol capabilities: .VDT.
Aug 15 14:46:08 raspi3 charon: 11[PTS] selected PTS measurement algorithm is HASH_SHA1
Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 handles FMETA workitem 14
Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 requests metadata for file '/etc/tnc_config'
Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 handled FMETA workitem 14: allow - file metadata requested
Aug 15 14:46:08 raspi3 charon: 11[IMV] IMV 1 handles TPMRA workitem 18
Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PA-TNC message with ID 0xda2a70e9
Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PA-TNC attribute type 'TCG/Request File Metadata' 0x005597/0x00700000
Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Parameters Request' 0x005597/0x03000000
Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 11[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi3 charon: 11[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi3 charon: 11[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi3 charon: 11[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi3 charon: 11[TNC] sending PB-TNC CDATA batch (226 bytes) for Connection ID 1
Aug 15 14:46:08 raspi3 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi3 charon: 11[ENC] generating IKE_AUTH request 11 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi3 charon: 11[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (400 bytes)
Aug 15 14:46:08 raspi3 charon: 12[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (336 bytes)
Aug 15 14:46:08 raspi3 charon: 12[ENC] parsed IKE_AUTH response 11 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi3 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi3 charon: 12[TNC] received TNCCS batch (172 bytes)
Aug 15 14:46:08 raspi3 charon: 12[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PB-TNC SDATA batch for Connection ID 1
Aug 15 14:46:08 raspi3 charon: 12[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi3 charon: 12[TNC] processing IETF/PB-PA message (164 bytes)
Aug 15 14:46:08 raspi3 charon: 12[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 12[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1
Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC message with ID 0xd27d5b33
Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Aug 15 14:46:08 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:08 raspi3 charon: 12[PTS] selected DH hash algorithm is HASH_SHA1
Aug 15 14:46:08 raspi3 charon: 12[PTS] initiator nonce: => 20 bytes @ 0x11d940
Aug 15 14:46:08 raspi3 charon: 12[PTS]    0: 01 97 8C C2 90 09 6D 02 F0 0A 40 E1 8C 90 5F 15  ......m...@..._.
Aug 15 14:46:08 raspi3 charon: 12[PTS]   16: FB 4E 28 AD                                      .N(.
Aug 15 14:46:08 raspi3 charon: 12[PTS] responder nonce: => 20 bytes @ 0x11d410
Aug 15 14:46:08 raspi3 charon: 12[PTS]    0: 3D D0 72 39 3A E1 A0 E2 0B 30 B4 D4 D9 22 9F E0  =.r9:....0..."..
Aug 15 14:46:08 raspi3 charon: 12[PTS]   16: B6 D1 2A 01                                      ..*.
Aug 15 14:46:08 raspi3 charon: 12[PTS] shared DH secret: => 32 bytes @ 0x11e038
Aug 15 14:46:08 raspi3 charon: 12[PTS]    0: 5F 0F D8 1E B5 39 B4 E2 86 BF 0C 92 9E E3 3A EA  _....9........:.
Aug 15 14:46:08 raspi3 charon: 12[PTS]   16: D7 23 93 EB C2 85 F5 09 EC DB C0 B1 E5 51 50 DE  .#...........QP.
Aug 15 14:46:08 raspi3 charon: 12[PTS] secret assessment value: => 20 bytes @ 0x11c5e0
Aug 15 14:46:08 raspi3 charon: 12[PTS]    0: D8 9D 1E 70 CE 78 C3 13 F2 79 BA 5D 7C E5 05 7C  ...p.x...y.]|..|
Aug 15 14:46:08 raspi3 charon: 12[PTS]   16: E0 E0 83 77                                      ...w

Sending TPM Version Information

Aug 15 14:46:08 raspi3 charon: 12[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PA-TNC message with ID 0x641bcea1
Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000
Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 12[TNC] TNC server is handling outbound connection
Aug 15 14:46:08 raspi3 charon: 12[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi3 charon: 12[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:08 raspi3 charon: 12[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi3 charon: 12[TNC] sending PB-TNC SDATA batch (87 bytes) for Connection ID 2
Aug 15 14:46:08 raspi3 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi3 charon: 12[ENC] generating IKE_AUTH request 12 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi3 charon: 12[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 13[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (400 bytes)
Aug 15 14:46:08 raspi3 charon: 13[ENC] parsed IKE_AUTH response 12 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi3 charon: 13[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi3 charon: 13[TNC] received TNCCS batch (226 bytes)
Aug 15 14:46:08 raspi3 charon: 13[TNC] TNC server is handling inbound connection
Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PB-TNC CDATA batch for Connection ID 2
Aug 15 14:46:08 raspi3 charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi3 charon: 13[TNC] processing IETF/PB-PA message (218 bytes)
Aug 15 14:46:08 raspi3 charon: 13[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 13[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1
Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PA-TNC message with ID 0x676268aa
Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PA-TNC attribute type 'TCG/Unix-Style File Metadata' 0x005597/0x00900000
Aug 15 14:46:08 raspi3 charon: 13[TNC] processing PA-TNC attribute type 'TCG/DH Nonce Parameters Response' 0x005597/0x04000000
Aug 15 14:46:08 raspi3 charon: 13[IMV] metadata request returned 1 file:
Aug 15 14:46:08 raspi3 charon: 13[IMV]  'tnc_config' (177 bytes) owner 0, group 0, type Regular
Aug 15 14:46:08 raspi3 charon: 13[IMV]     created Jun 16 20:09:17 2015, modified Jun 16 20:09:17 2015, accessed Jun 16 20:09:17 2015
Aug 15 14:46:08 raspi3 charon: 13[PTS] selected DH hash algorithm is HASH_SHA1
Aug 15 14:46:08 raspi3 charon: 13[PTS] selected PTS DH group is ECP_256
Aug 15 14:46:08 raspi3 charon: 13[PTS] nonce length is 20
Aug 15 14:46:08 raspi3 charon: 13[PTS] initiator nonce: => 20 bytes @ 0x11d890
Aug 15 14:46:08 raspi3 charon: 13[PTS]    0: 27 B7 51 A0 C8 66 92 54 F0 57 C1 49 9D 2A 7D 3A  '.Q..f.T.W.I.*}:
Aug 15 14:46:08 raspi3 charon: 13[PTS]   16: F1 38 81 26                                      .8.&
Aug 15 14:46:08 raspi3 charon: 13[PTS] responder nonce: => 20 bytes @ 0x11e418
Aug 15 14:46:08 raspi3 charon: 13[PTS]    0: 96 48 1F 52 8C A6 D5 6E 5F A4 17 2B AF BE 26 71  .H.R...n_..+..&q
Aug 15 14:46:08 raspi3 charon: 13[PTS]   16: 49 73 01 42                                      Is.B
Aug 15 14:46:08 raspi3 charon: 13[PTS] shared DH secret: => 32 bytes @ 0x127170
Aug 15 14:46:08 raspi3 charon: 13[PTS]    0: AA FE 9F 01 D7 CC 22 17 FF 35 CF 9C 70 41 7B 11  ......"..5..pA{.
Aug 15 14:46:08 raspi3 charon: 13[PTS]   16: D0 3C B6 32 BF 3D 80 BF 73 32 1E 95 F3 20 9E D1  .<.2.=..s2... ..
Aug 15 14:46:08 raspi3 charon: 13[PTS] secret assessment value: => 20 bytes @ 0x11e9f0
Aug 15 14:46:08 raspi3 charon: 13[PTS]    0: B2 E0 AB DF 89 C5 1D B2 A3 51 FD A9 C8 3B F8 7F  .........Q...;..
Aug 15 14:46:08 raspi3 charon: 13[PTS]   16: 68 50 6C DE                                      hPl.
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC message with ID 0xe1b84e91
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC attribute type 'TCG/DH Nonce Finish' 0x005597/0x05000000
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC attribute type 'TCG/Get TPM Version Information' 0x005597/0x08000000
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PA-TNC attribute type 'TCG/Get Attestation Identity Key' 0x005597/0x0d000000
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 13[TNC] TNC client is handling outbound connection
Aug 15 14:46:08 raspi3 charon: 13[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:08 raspi3 charon: 13[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:08 raspi3 charon: 13[TNC] adding IETF/PB-PA message
Aug 15 14:46:08 raspi3 charon: 13[TNC] sending PB-TNC CDATA batch (902 bytes) for Connection ID 1
Aug 15 14:46:08 raspi3 charon: 13[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:08 raspi3 charon: 13[ENC] generating IKE_AUTH request 13 [ EAP/RES/TTLS ]
Aug 15 14:46:08 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1072 bytes)
Aug 15 14:46:08 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:08 raspi3 charon: 14[ENC] parsed IKE_AUTH response 13 [ EAP/REQ/TTLS ]
Aug 15 14:46:08 raspi3 charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:08 raspi3 charon: 14[TNC] received TNCCS batch (80 bytes)
Aug 15 14:46:08 raspi3 charon: 14[TNC] TNC client is handling inbound connection
Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PB-TNC SDATA batch for Connection ID 1
Aug 15 14:46:08 raspi3 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:08 raspi3 charon: 14[TNC] processing IETF/PB-PA message (72 bytes)
Aug 15 14:46:08 raspi3 charon: 14[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:08 raspi3 charon: 14[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1
Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PA-TNC message with ID 0xed256fac
Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
Aug 15 14:46:08 raspi3 charon: 14[TNC] processing PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
Aug 15 14:46:08 raspi3 charon: 14[IMC] evidence requested for 1 functional components
Aug 15 14:46:08 raspi3 charon: 14[PTS] * ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'

Initiator Attestation Measurements

Aug 15 14:46:08 raspi3 charon: 14[PTS] loaded ima measurements '/sys/kernel/security/ima/binary_runtime_measurements' (434 entries)
Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b
Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:boot_aggregate'
Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82
Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/init'
Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29
Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/bin/sh'
Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e
Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so'
Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82
Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/bin/mkdir'
...
Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: 1a:71:6c:9c:9f:6d:4f:2e:4a:88:42:49:b0:00:8d:5e:ec:05:7e:eb
Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/usr/sbin/service'
Aug 15 14:46:08 raspi3 charon: 14[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:08 raspi3 charon: 14[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:08 raspi3 charon: 14[PTS] PCR 10 extended with: e8:f5:f2:02:d4:c1:18:d5:f7:55:5c:2d:4a:a0:d3:12:d4:13:06:ce
Aug 15 14:46:08 raspi3 charon: 14[PTS] 'sha1:/bin/cp'

Generating Initiator TPM Quote Signature

Aug 15 14:46:09 raspi3 charon: 14[PTS] Hash of PCR Composite: 58:f2:83:91:d6:a8:df:3d:3e:c6:33:c7:24:93:9f:9c:22:a2:01:20
Aug 15 14:46:09 raspi3 charon: 14[PTS] TPM Quote Info: => 52 bytes @ 0x135360
Aug 15 14:46:09 raspi3 charon: 14[PTS]    0: 00 36 51 55 54 32 D8 9D 1E 70 CE 78 C3 13 F2 79  .6QUT2...p.x...y
Aug 15 14:46:09 raspi3 charon: 14[PTS]   16: BA 5D 7C E5 05 7C E0 E0 83 77 00 03 00 04 00 01  .]|..|...w......
Aug 15 14:46:09 raspi3 charon: 14[PTS]   32: 58 F2 83 91 D6 A8 DF 3D 3E C6 33 C7 24 93 9F 9C  X......=>.3.$...
Aug 15 14:46:09 raspi3 charon: 14[PTS]   48: 22 A2 01 20                                      ".. 
Aug 15 14:46:09 raspi3 charon: 14[PTS] TPM Quote Signature: => 256 bytes @ 0x14b5d0
Aug 15 14:46:09 raspi3 charon: 14[PTS]    0: 88 6E 6B 2E 33 AC AD 94 E6 A1 38 3E CD EC 9F E9  .nk.3.....8>....
Aug 15 14:46:09 raspi3 charon: 14[PTS]   16: F0 92 E9 E4 4A 66 05 50 0B 30 F2 DF 50 DC 80 4E  ....Jf.P.0..P..N
Aug 15 14:46:09 raspi3 charon: 14[PTS]   32: F1 AC BE 93 99 06 DF 41 AD 49 F9 DE 09 F1 18 15  .......A.I......
Aug 15 14:46:09 raspi3 charon: 14[PTS]   48: 2B B9 97 D9 DD A9 E9 7F 3D ED B8 BF EB FF 7E C6  +.......=.....~.
Aug 15 14:46:09 raspi3 charon: 14[PTS]   64: A1 1A 77 87 67 9B 24 78 46 AC C0 AA 25 FA 87 5F  ..w.g.$xF...%.._
Aug 15 14:46:09 raspi3 charon: 14[PTS]   80: E3 F4 F8 33 35 30 C3 31 BE DE 77 A5 2E 4F 8D 3B  ...350.1..w..O.;
Aug 15 14:46:09 raspi3 charon: 14[PTS]   96: F5 52 36 F4 8E C4 FA D4 A1 61 1C 4B 71 A2 52 8B  .R6......a.Kq.R.
Aug 15 14:46:09 raspi3 charon: 14[PTS]  112: 80 AD A6 DD 8D E5 D8 47 4F 2B 9C 17 CF BF AC 10  .......GO+......
Aug 15 14:46:09 raspi3 charon: 14[PTS]  128: C6 31 4B 01 C3 59 C3 FD F7 D2 65 C1 F0 32 12 8B  .1K..Y....e..2..
Aug 15 14:46:09 raspi3 charon: 14[PTS]  144: 8F 54 49 A7 40 F9 BD 43 86 79 A1 FD 51 05 DB 65  .TI.@..C.y..Q..e
Aug 15 14:46:09 raspi3 charon: 14[PTS]  160: C8 A4 C1 67 44 96 89 4D F4 E7 DB D5 AE 67 35 17  ...gD..M.....g5.
Aug 15 14:46:09 raspi3 charon: 14[PTS]  176: D7 D3 68 23 E9 1F 98 9E E6 7C 86 89 EE A4 31 68  ..h#.....|....1h
Aug 15 14:46:09 raspi3 charon: 14[PTS]  192: 15 B6 F6 E3 10 86 F0 FE C3 9B C2 7D 5B FB 33 BA  ...........}[.3.
Aug 15 14:46:09 raspi3 charon: 14[PTS]  208: 88 BE 5C D9 71 54 7F BF 72 31 5F 8E 58 4A E9 A4  ..\.qT..r1_.XJ..
Aug 15 14:46:09 raspi3 charon: 14[PTS]  224: B0 8E 3B 55 03 90 AD E1 C8 A0 C7 9C 83 13 DE 0F  ..;U............
Aug 15 14:46:09 raspi3 charon: 14[PTS]  240: 60 D8 A4 E2 4C CD E4 E2 A4 BA 11 BE 3D D4 A5 A7  `...L.......=...
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC message with ID 0x2d059578
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
...
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi3 charon: 14[TNC] TNC server is handling outbound connection
Aug 15 14:46:09 raspi3 charon: 14[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:09 raspi3 charon: 14[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:09 raspi3 charon: 14[TNC] adding IETF/PB-PA message
Aug 15 14:46:09 raspi3 charon: 14[TNC] sending PB-TNC SDATA batch (172 bytes) for Connection ID 2
Aug 15 14:46:09 raspi3 charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:09 raspi3 charon: 14[ENC] generating IKE_AUTH request 14 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi3 charon: 14[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (336 bytes)
Aug 15 14:46:09 raspi3 charon: 12[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1072 bytes)
Aug 15 14:46:09 raspi3 charon: 12[ENC] parsed IKE_AUTH response 14 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi3 charon: 12[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:09 raspi3 charon: 12[TNC] received TNCCS batch (902 bytes)
Aug 15 14:46:09 raspi3 charon: 12[TNC] TNC server is handling inbound connection
Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PB-TNC CDATA batch for Connection ID 2
Aug 15 14:46:09 raspi3 charon: 12[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:09 raspi3 charon: 12[TNC] processing IETF/PB-PA message (894 bytes)
Aug 15 14:46:09 raspi3 charon: 12[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi3 charon: 12[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1
Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PA-TNC message with ID 0x951e0284
Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/TPM Version Information' 0x005597/0x09000000
Aug 15 14:46:09 raspi3 charon: 12[TNC] processing PA-TNC attribute type 'TCG/Attestation Identity Key' 0x005597/0x0e000000

Receiving TPM Version Information

Aug 15 14:46:09 raspi3 charon: 12[PTS] TPM Version Info: Chip Version: 1.2.133.32, Spec Level: 2, Errata Rev: 3, Vendor ID: IFX
Aug 15 14:46:09 raspi3 charon: 12[IMV] verifying AIK with keyid 76:28:72:c9:00:11:67:1e:f2:19:b6:a2:a0:c3:c7:dd:a8:75:b4:3c
Aug 15 14:46:09 raspi3 charon: 12[IMV] AIK public key is trusted
Aug 15 14:46:09 raspi3 charon: 12[CFG]   using trusted certificate "C=US, O=TNC Demo, CN=AIK CA" 
Aug 15 14:46:09 raspi3 charon: 12[IMV] AIK certificate is trusted
Aug 15 14:46:09 raspi3 charon: 12[IMV] evidence request by
Aug 15 14:46:09 raspi3 charon: 12[PTS]   ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PA-TNC message with ID 0xc8f4500b
Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/Request Functional Component Evidence' 0x005597/0x00100000
Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PA-TNC attribute type 'TCG/Generate Attestation Evidence' 0x005597/0x00200000
Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:09 raspi3 charon: 12[TNC] TNC client is handling outbound connection
Aug 15 14:46:09 raspi3 charon: 12[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:09 raspi3 charon: 12[TNC] creating PB-TNC CDATA batch
Aug 15 14:46:09 raspi3 charon: 12[TNC] adding IETF/PB-PA message
Aug 15 14:46:09 raspi3 charon: 12[TNC] sending PB-TNC CDATA batch (47615 bytes) for Connection ID 1
Aug 15 14:46:09 raspi3 charon: 12[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:09 raspi3 charon: 12[ENC] generating IKE_AUTH request 15 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi3 charon: 12[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi3 charon: 13[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi3 charon: 13[ENC] parsed IKE_AUTH response 15 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi3 charon: 13[ENC] generating IKE_AUTH request 16 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi3 charon: 15[ENC] parsed IKE_AUTH response 16 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi3 charon: 15[ENC] generating IKE_AUTH request 17 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi3 charon: 16[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi3 charon: 16[ENC] parsed IKE_AUTH response 17 [ EAP/REQ/TTLS ]
Aug 15 14:46:09 raspi3 charon: 16[ENC] generating IKE_AUTH request 18 [ EAP/RES/TTLS ]
Aug 15 14:46:09 raspi3 charon: 16[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:09 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:09 raspi3 charon: 14[ENC] parsed IKE_AUTH response 18 [ EAP/REQ/TTLS ]
...
Aug 15 14:46:10 raspi3 charon: 13[ENC] generating IKE_AUTH request 60 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:10 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:10 raspi3 charon: 15[ENC] parsed IKE_AUTH response 60 [ EAP/REQ/TTLS ]
Aug 15 14:46:10 raspi3 charon: 15[ENC] generating IKE_AUTH request 61 [ EAP/RES/TTLS ]
Aug 15 14:46:10 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:14 raspi3 charon: 13[IKE] retransmit 1 of request with message ID 61
Aug 15 14:46:14 raspi3 charon: 13[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (1104 bytes)
Aug 15 14:46:16 raspi3 charon: 15[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (256 bytes)
Aug 15 14:46:16 raspi3 charon: 15[ENC] parsed IKE_AUTH response 61 [ EAP/REQ/TTLS ]
Aug 15 14:46:16 raspi3 charon: 15[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:16 raspi3 charon: 15[TNC] received TNCCS batch (88 bytes)
Aug 15 14:46:16 raspi3 charon: 15[TNC] TNC client is handling inbound connection
Aug 15 14:46:16 raspi3 charon: 15[TNC] processing PB-TNC RESULT batch for Connection ID 1
Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
Aug 15 14:46:16 raspi3 charon: 15[TNC] processing IETF/PB-PA message (48 bytes)
Aug 15 14:46:16 raspi3 charon: 15[TNC] processing IETF/PB-Assessment-Result message (16 bytes)
Aug 15 14:46:16 raspi3 charon: 15[TNC] processing IETF/PB-Access-Recommendation message (16 bytes)
Aug 15 14:46:16 raspi3 charon: 15[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:16 raspi3 charon: 15[IMC] IMC 2 "Attestation" received message for Connection ID 1 from IMV 1
Aug 15 14:46:16 raspi3 charon: 15[TNC] processing PA-TNC message with ID 0x57254d62
Aug 15 14:46:16 raspi3 charon: 15[TNC] processing PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009

Receiving Assessment Result

Aug 15 14:46:16 raspi3 charon: 15[IMC] ***** assessment of IMC 2 "Attestation" from IMV 1 *****
Aug 15 14:46:16 raspi3 charon: 15[IMC] assessment result is 'compliant'
Aug 15 14:46:16 raspi3 charon: 15[IMC] ***** end of assessment *****
Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC assessment result is 'compliant'
Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC access recommendation is 'Access Allowed'
Aug 15 14:46:16 raspi3 charon: 15[IMC] IMC 1 "OS" changed state of Connection ID 1 to 'Allowed'
Aug 15 14:46:16 raspi3 charon: 15[IMC] IMC 2 "Attestation" changed state of Connection ID 1 to 'Allowed'
Aug 15 14:46:16 raspi3 charon: 15[TNC] TNC server is handling outbound connection
Aug 15 14:46:16 raspi3 charon: 15[TNC] PB-TNC state transition from 'Server Working' to 'Client Working'
Aug 15 14:46:16 raspi3 charon: 15[TNC] creating PB-TNC SDATA batch
Aug 15 14:46:16 raspi3 charon: 15[TNC] adding IETF/PB-PA message
Aug 15 14:46:16 raspi3 charon: 15[TNC] sending PB-TNC SDATA batch (80 bytes) for Connection ID 2
Aug 15 14:46:16 raspi3 charon: 15[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:16 raspi3 charon: 15[ENC] generating IKE_AUTH request 62 [ EAP/RES/TTLS ]
Aug 15 14:46:16 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:17 raspi3 charon: 16[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:17 raspi3 charon: 16[ENC] parsed IKE_AUTH response 62 [ EAP/REQ/TTLS ]
Aug 15 14:46:17 raspi3 charon: 16[ENC] generating IKE_AUTH request 63 [ EAP/RES/TTLS ]
Aug 15 14:46:17 raspi3 charon: 16[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:17 raspi3 charon: 14[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:17 raspi3 charon: 14[ENC] parsed IKE_AUTH response 63 [ EAP/REQ/TTLS ]
Aug 15 14:46:17 raspi3 charon: 14[ENC] generating IKE_AUTH request 64 [ EAP/RES/TTLS ]
Aug 15 14:46:17 raspi3 charon: 14[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:17 raspi3 charon: 09[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:17 raspi3 charon: 09[ENC] parsed IKE_AUTH response 64 [ EAP/REQ/TTLS ]
Aug 15 14:46:17 raspi3 charon: 09[ENC] generating IKE_AUTH request 65 [ EAP/RES/TTLS ]
Aug 15 14:46:17 raspi3 charon: 09[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
...
Aug 15 14:46:18 raspi3 charon: 08[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1104 bytes)
Aug 15 14:46:18 raspi3 charon: 08[ENC] parsed IKE_AUTH response 109 [ EAP/REQ/TTLS ]
Aug 15 14:46:18 raspi3 charon: 08[ENC] generating IKE_AUTH request 110 [ EAP/RES/TTLS ]
Aug 15 14:46:18 raspi3 charon: 08[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:46:18 raspi3 charon: 07[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (1040 bytes)
Aug 15 14:46:18 raspi3 charon: 07[ENC] parsed IKE_AUTH response 110 [ EAP/REQ/TTLS ]
Aug 15 14:46:18 raspi3 charon: 07[IKE] need more AVP data
Aug 15 14:46:18 raspi3 charon: 07[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:18 raspi3 charon: 07[TNC] received TNCCS batch (49524 bytes)
Aug 15 14:46:18 raspi3 charon: 07[TNC] TNC server is handling inbound connection
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PB-TNC CDATA batch for Connection ID 2
Aug 15 14:46:18 raspi3 charon: 07[TNC] PB-TNC state transition from 'Client Working' to 'Server Working'
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing IETF/PB-PA message (49516 bytes)
Aug 15 14:46:18 raspi3 charon: 07[TNC] handling PB-PA message type 'TCG/PTS' 0x005597/0x00000001
Aug 15 14:46:18 raspi3 charon: 07[IMV] IMV 1 "Attestation" received message for Connection ID 2 from IMC 2 to IMV 1
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC message with ID 0xed64f7ab

Responder Attestation Measurements

Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: dd:ee:60:04:dc:3b:d4:ee:30:04:06:cd:93:18:1c:5a:21:87:b5:9b
Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:boot_aggregate'
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82
Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/init'
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29
Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/bin/sh'
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e
Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so'
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82
Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/bin/mkdir'
...
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2
Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/usr/bin/clear_console'
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Component Evidence' 0x005597/0x00300000
Aug 15 14:46:18 raspi3 charon: 07[PTS] ITA-HSR functional component 'Linux IMA' [K.] 'Operating System'
Aug 15 14:46:18 raspi3 charon: 07[PTS] measurement time: Jan 01 01:00:04 1970
Aug 15 14:46:18 raspi3 charon: 07[PTS] PCR 10 extended with: 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33
Aug 15 14:46:18 raspi3 charon: 07[PTS] 'sha1:/usr/libexec/ipsec/stroke'
Aug 15 14:46:18 raspi3 charon: 07[TNC] processing PA-TNC attribute type 'TCG/Simple Evidence Final' 0x005597/0x00400000
Aug 15 14:46:18 raspi3 charon: 07[PTS] checking boot aggregate evidence measurement

Verifying Responder Attestation Measurements

Aug 15 14:46:18 raspi3 charon: 07[PTS] 65:ee:0c:a2:cd:ac:0d:67:f8:1a:fd:53:7b:96:75:6f:3b:b8:0f:82 for '/init' not found
Aug 15 14:46:18 raspi3 charon: 07[PTS] 6b:a1:a0:58:89:a8:f2:57:53:42:b5:dc:5f:3e:de:54:89:8a:ee:29 for '/bin/sh' is ok
Aug 15 14:46:18 raspi3 charon: 07[PTS] 85:e6:6e:7a:96:98:8b:0a:af:c8:88:46:5d:7a:fe:b5:e9:d3:c2:3e for '/lib/klibc-sO6SifHCdmbehHGtm0y1yHu6vb0.so' is ok
Aug 15 14:46:18 raspi3 charon: 07[PTS] 68:4a:c3:8d:48:55:be:e0:21:93:4f:52:a0:d2:3d:66:86:0c:b2:82 for '/bin/mkdir' is ok
...
Aug 15 14:46:25 raspi3 charon: 07[PTS] 55:f4:cd:fd:82:d2:99:e1:33:b6:82:67:95:e6:5d:03:5c:bb:d2:c2 for '/usr/bin/clear_console' is ok
Aug 15 14:46:25 raspi3 charon: 07[PTS] 7a:fc:49:eb:8f:e6:74:3f:ac:91:41:a2:c0:ac:92:28:33:fd:7b:33 for '/usr/libexec/ipsec/stroke' is ok

Verfiying Responder TPM Quote Signature

Aug 15 14:46:25 raspi3 charon: 07[PTS] constructed PCR Composite: => 29 bytes @ 0x125488
Aug 15 14:46:25 raspi3 charon: 07[PTS]    0: 00 03 00 04 00 00 00 00 14 7D C1 1B 87 CF 2E B8  .........}......
Aug 15 14:46:25 raspi3 charon: 07[PTS]   16: 5C 1B 52 99 B8 BD 11 D9 B9 8A 31 8E 61           \.R.......1.a
Aug 15 14:46:25 raspi3 charon: 07[PTS] constructed PCR Composite hash: c4:6a:f4:fa:82:39:a6:7a:80:fe:4e:d2:7e:a5:05:b3:1e:60:4f:ff
Aug 15 14:46:25 raspi3 charon: 07[PTS] constructed TPM Quote Info: => 52 bytes @ 0x1954c8
Aug 15 14:46:25 raspi3 charon: 07[PTS]    0: 00 36 51 55 54 32 B2 E0 AB DF 89 C5 1D B2 A3 51  .6QUT2.........Q
Aug 15 14:46:25 raspi3 charon: 07[PTS]   16: FD A9 C8 3B F8 7F 68 50 6C DE 00 03 00 04 00 01  ...;..hPl.......
Aug 15 14:46:25 raspi3 charon: 07[PTS]   32: C4 6A F4 FA 82 39 A6 7A 80 FE 4E D2 7E A5 05 B3  .j...9.z..N.~...
Aug 15 14:46:25 raspi3 charon: 07[PTS]   48: 1E 60 4F FF                                      .`O.
Aug 15 14:46:25 raspi3 charon: 07[IMV] received PCR Composite matches constructed one
Aug 15 14:46:25 raspi3 charon: 07[IMV] TPM Quote Info signature verification successful
Aug 15 14:46:25 raspi3 charon: 07[PTS] processed 450 IMA file evidence measurements: 385 ok, 65 unknown, 0 differ, 0 failed
Aug 15 14:46:25 raspi3 charon: 07[IMV] IMV 1 handled TPMRA workitem 18: allow - processed 450 IMA file evidence measurements: 385 ok, 65 unknown, 0 differ, 0 failed
Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PA-TNC message with ID 0x4077e3ed
Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PA-TNC attribute type 'IETF/Assessment Result' 0x000000/0x00000009
Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PB-PA message type 'TCG/PTS' 0x005597/0x00000001

Sending Assessment Result

Aug 15 14:46:25 raspi3 charon: 07[TNC] IMV 1 provides recommendation 'allow' and evaluation 'compliant'
Aug 15 14:46:25 raspi3 charon: 07[TNC] TNC server is handling outbound connection
Aug 15 14:46:25 raspi3 charon: 07[IMV] policy: recommendation for access requestor 10.10.1.40 is allow
Aug 15 14:46:25 raspi3 charon: 07[IMV] policy: imv_policy_manager stop successful
Aug 15 14:46:25 raspi3 charon: 07[IMV] IMV 1 "Attestation" changed state of Connection ID 2 to 'Allowed'
Aug 15 14:46:25 raspi3 charon: 07[TNC] PB-TNC state transition from 'Server Working' to 'Decided'
Aug 15 14:46:25 raspi3 charon: 07[TNC] creating PB-TNC RESULT batch
Aug 15 14:46:25 raspi3 charon: 07[TNC] adding IETF/PB-PA message
Aug 15 14:46:25 raspi3 charon: 07[TNC] adding IETF/PB-Assessment-Result message
Aug 15 14:46:25 raspi3 charon: 07[TNC] adding IETF/PB-Access-Recommendation message
Aug 15 14:46:25 raspi3 charon: 07[TNC] sending PB-TNC RESULT batch (88 bytes) for Connection ID 2
Aug 15 14:46:25 raspi3 charon: 07[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:25 raspi3 charon: 07[ENC] generating IKE_AUTH request 111 [ EAP/RES/TTLS ]
Aug 15 14:46:25 raspi3 charon: 07[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (256 bytes)
Aug 15 14:46:25 raspi3 charon: 11[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (176 bytes)
Aug 15 14:46:25 raspi3 charon: 11[ENC] parsed IKE_AUTH response 111 [ EAP/REQ/TTLS ]
Aug 15 14:46:25 raspi3 charon: 11[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/PT]
Aug 15 14:46:25 raspi3 charon: 11[TNC] received TNCCS batch (8 bytes)
Aug 15 14:46:25 raspi3 charon: 11[TNC] TNC server is handling inbound connection
Aug 15 14:46:25 raspi3 charon: 11[TNC] processing PB-TNC CLOSE batch for Connection ID 2
Aug 15 14:46:25 raspi3 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End'
Aug 15 14:46:25 raspi3 charon: 11[TNC] TNC client is handling outbound connection
Aug 15 14:46:25 raspi3 charon: 11[TNC] PB-TNC state transition from 'Decided' to 'End'
Aug 15 14:46:25 raspi3 charon: 11[TNC] creating PB-TNC CLOSE batch
Aug 15 14:46:25 raspi3 charon: 11[TNC] sending PB-TNC CLOSE batch (8 bytes) for Connection ID 1
Aug 15 14:46:25 raspi3 charon: 11[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/PT]
Aug 15 14:46:25 raspi3 charon: 11[ENC] generating IKE_AUTH request 112 [ EAP/RES/TTLS ]
Aug 15 14:46:25 raspi3 charon: 11[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (176 bytes)
Aug 15 14:46:25 raspi3 charon: 05[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:46:25 raspi3 charon: 05[ENC] parsed IKE_AUTH response 112 [ EAP/SUCC ]
Aug 15 14:46:25 raspi3 charon: 05[IKE] EAP method EAP_TTLS succeeded, MSK established
Aug 15 14:46:25 raspi3 charon: 05[IKE] authentication of 'raspi3.example.com' (myself) with EAP
Aug 15 14:46:25 raspi3 charon: 05[ENC] generating IKE_AUTH request 113 [ AUTH ]
Aug 15 14:46:25 raspi3 charon: 05[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (112 bytes)
Aug 15 14:46:25 raspi3 charon: 12[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (240 bytes)
Aug 15 14:46:25 raspi3 charon: 12[ENC] parsed IKE_AUTH response 113 [ AUTH N(USE_TRANSP) SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
Aug 15 14:46:25 raspi3 charon: 12[IKE] authentication of 'raspi4.example.com' with EAP successful
Aug 15 14:46:25 raspi3 charon: 12[IMV] IMV 1 "Attestation" deleted the state of Connection ID 2
Aug 15 14:46:25 raspi3 charon: 12[TNC] removed TNCCS Connection ID 2
Aug 15 14:46:25 raspi3 charon: 12[IMC] IMC 1 "OS" deleted the state of Connection ID 1
Aug 15 14:46:25 raspi3 charon: 12[IMC] IMC 2 "Attestation" deleted the state of Connection ID 1
Aug 15 14:46:25 raspi3 charon: 12[TNC] removed TNCCS Connection ID 1
Aug 15 14:46:25 raspi3 charon: 12[IKE] IKE_SA peer[1] established between 10.10.1.39[raspi3.example.com]...10.10.1.40[raspi4.example.com]
Aug 15 14:46:25 raspi3 charon: 12[IKE] scheduling reauthentication in 10132s
Aug 15 14:46:25 raspi3 charon: 12[IKE] maximum IKE_SA lifetime 10672s
Aug 15 14:46:25 raspi3 charon: 12[IKE] CHILD_SA peer{1} established with SPIs c12c1aae_i ce21eedf_o and TS 10.10.1.39/32 === 10.10.1.40/32 
Aug 15 14:46:25 raspi3 charon: 12[IKE] received AUTH_LIFETIME of 10143s, scheduling reauthentication in 9603s
Aug 15 14:46:25 raspi3 charon: 12[IKE] peer supports MOBIKE

strongTNC Policy Manager

strongTNC policy manager

This screenshot of the strongTNC policy manager running on raspi3 shows that the attestation of raspi4 has been successful.

IPsec Connection established

The command

raspi3# ipsec statusall

shows that the IPsec transport connection between raspi3 and raspi4 has been successfully established.

Status of IKE charon daemon (strongSwan 5.3.1, Linux 3.18.13-v7+, armv7l):
  uptime: 2 minutes, since Aug 15 14:45:56 2015
  malloc: sbrk 1961984, mmap 0, used 1441224, free 520760
  worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 3
  loaded plugins: charon random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl pubkey tnc-imc tnc-imv tnc-tnccs tnccs-20 eap-identity eap-ttls eap-tnc sqlite curl kernel-netlink socket-default updown stroke
Listening IP addresses:
  10.10.1.39
Connections:
        peer:  10.10.1.39...10.10.1.40  IKEv2
        peer:   local:  [raspi3.example.com] uses EAP_TTLS authentication
        peer:    cert:  "C=US, O=TNC Demo, CN=raspi3.example.com" 
        peer:   remote: [raspi4.example.com] uses EAP_TTLS authentication
        peer:   child:  dynamic === dynamic TRANSPORT
Security Associations (1 up, 0 connecting):
        peer[1]: ESTABLISHED 2 minutes ago, 10.10.1.39[raspi3.example.com]...10.10.1.40[raspi4.example.com]
        peer[1]: IKEv2 SPIs: 168d780b16692776_i* 24a43cb75417ebe5_r, EAP reauthentication in 2 hours
        peer[1]: IKE proposal: AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256
        peer{1}:  INSTALLED, TRANSPORT, reqid 1, ESP SPIs: c12c1aae_i ce21eedf_o
        peer{1}:  AES_CBC_128/HMAC_SHA2_256_128, 640 bytes_i (10 pkts, 36s ago), 640 bytes_o (10 pkts, 36s ago), rekeying in 43 minutes
        peer{1}:   10.10.1.39/32 === 10.10.1.40/32 

Terminating the IPsec Connection

Aug 15 14:49:04 raspi3 charon: 13[CFG] received stroke: terminate 'peer'
Aug 15 14:49:04 raspi3 charon: 15[IKE] deleting IKE_SA peer[1] between 10.10.1.39[raspi3.example.com]...10.10.1.40[raspi4.example.com]
Aug 15 14:49:04 raspi3 charon: 15[IKE] sending DELETE for IKE_SA peer[1]
Aug 15 14:49:04 raspi3 charon: 15[ENC] generating INFORMATIONAL request 114 [ D ]
Aug 15 14:49:04 raspi3 charon: 15[NET] sending packet: from 10.10.1.39[4500] to 10.10.1.40[4500] (80 bytes)
Aug 15 14:49:05 raspi3 charon: 09[NET] received packet: from 10.10.1.40[4500] to 10.10.1.39[4500] (80 bytes)
Aug 15 14:49:05 raspi3 charon: 09[ENC] parsed INFORMATIONAL response 114 [ ]
Aug 15 14:49:05 raspi3 charon: 09[IKE] IKE_SA deleted

Stopping the IKEv2 Daemon

Aug 15 14:49:08 raspi3 charon: 00[DMN] signal of type SIGINT received. Shutting down
Aug 15 14:49:08 raspi3 charon: 00[IMC] IMC 2 "Attestation" terminated
Aug 15 14:49:08 raspi3 charon: 00[IMC] IMC 1 "OS" terminated
Aug 15 14:49:08 raspi3 charon: 00[IMV] IMV 1 "Attestation" terminated
Aug 15 14:49:08 raspi3 charon: 00[PTS] removed TCG functional component namespace
Aug 15 14:49:08 raspi3 charon: 00[PTS] removed ITA-HSR functional component namespace
Aug 15 14:49:08 raspi3 charon: 00[TNC] removed IETF attributes
Aug 15 14:49:08 raspi3 charon: 00[TNC] removed ITA-HSR attributes
Aug 15 14:49:08 raspi3 charon: 00[TNC] removed TCG attributes
Aug 15 14:49:08 raspi3 charon: 00[LIB] libimcv terminated

tnc3.png View - strongTNC policy manager (104 KB) Andreas Steffen, 16.08.2015 10:00