Version 4 - History - TNC Client with PTS-IMC - strongSwan

TNC Client with PTS-IMC » History » Version 4

Andreas Steffen, 29.11.2011 10:20
update PTS-IMC pages

-Andreas Steffen
+h1. Platform Trust Service Integrity Measurement Collector (PTS-IMC)
 Andreas Steffen
-Andreas Steffen
+The connection between IPsec client *carol* and IPsec gateway *moon* is defined in the /etc/ipsec.conf file:
-Andreas Steffen
+<pre>
-Andreas Steffen
+# ipsec.conf - strongSwan IPsec configuration file
 Andreas Steffen
-Andreas Steffen
+config setup
-Andreas Steffen
+     plutostart=no
-Andreas Steffen
+     charonstart=yes
-Andreas Steffen
+     charondebug="tnc 3, imc 3, pts 3"
 Andreas Steffen
-Andreas Steffen
+conn home
-Andreas Steffen
+     left=%any
-Andreas Steffen
+     leftid=carol@strongswan.org
-Andreas Steffen
+     leftauth=eap
-Andreas Steffen
+     right=192.168.0.1
-Andreas Steffen
+     rightid=@moon.strongswan.org
-Andreas Steffen
+     rightsendcert=never
-Andreas Steffen
+     rightsubnet=10.1.0.0/16
-Andreas Steffen
+     auto=start
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The debug levels for the TNC, IMC, and PTS components are increased to 3, so that HEX dumps of messages and attributes will be included in the log file.
 Andreas Steffen
-Andreas Steffen
+The IKEv2 client *carol* is going to use EAP-based authentication with the user credentials being stored in the /etc/ipsec.secrets file:
-Andreas Steffen
+<pre>
-Andreas Steffen
+# /etc/ipsec.secrets - strongSwan IPsec secrets file
 Andreas Steffen
-Andreas Steffen
+carol@strongswan.org : EAP "Ar3etTnp"
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+With the command
-Andreas Steffen
+<pre>
-Andreas Steffen
+ipsec start
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+the TNC-enabled IPsec client is started:
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.6.2dr1)
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[KNL] listening on interfaces:
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[KNL]   wlan0
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[KNL]     10.35.167.97
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[KNL]     fe80::221:6aff:fe06:cf4c
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[KNL]   umlbr0
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[KNL]     192.168.0.254
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[KNL]     fe80::103c:e8ff:fec0:db34
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The file /etc/tnc_config
-Andreas Steffen
+<pre>
-Andreas Steffen
+IMC configuration file for strongSwan client
 Andreas Steffen
-Andreas Steffen
+IMC "Attestation" /usr/lib/ipsec/imcvs/imc-attestation.so
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+defines which IMCs are loaded by the TNC client:
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[TNC] loading IMCs from '/etc/tnc_config'
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA1[sha1] available
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS measurement algorithm HASH_SHA256[openssl] available
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS measurement algorithm HASH_SHA384[openssl] available
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_2048[gmp] available
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_1536[gmp] available
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group MODP_1024[gmp] available
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS]   mandatory PTS DH group ECP_256[openssl] available
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS]   optional  PTS DH group ECP_384[openssl] available
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[TNC] added IETF attributes
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[TNC] added ITA-HSR attributes
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[LIB] libimcv initialized
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[IMC] IMC 1 "Attestation" initialized
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[TNC] added TCG attributes
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS] added TCG functional component namespace
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component namespace
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Trusted GRUB Boot Loader'
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Trusted Boot'
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[PTS] added ITA-HSR functional component 'Linux IMA'
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[LIB] libpts initialized
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[IMC] IMC 1 "Attestation" provided with bind function
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[TNC] IMC 1 supports 1 message type: 0x00559701
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[TNC] IMC 1 "Attestation" loaded from '/usr/lib/ipsec/imcvs/imc-attestation.so'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Next the IKEv2 credentials and all necessary plugins are loaded
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[CFG]   loaded ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA" from '/etc/ipsec.d/cacerts/strongswanCert.pem'
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[CFG]   loaded EAP secret for carol@strongswan.org
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[DMN] loaded plugins: sha1 random gmp pkcs1 pem x509 pubkey openssl hmac revocation curl kernel-netlink socket-default eap-mschapv2 eap-md5 eap-tls eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 eap-identity resolve stroke
-Andreas Steffen
+Nov 29 07:39:21 merthyr charon: 00[JOB] spawning 16 worker threads
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Now the IKEv2 negotiation automatically starts with the IKE_SA_INIT exchange
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 04[CFG] received stroke: add connection 'home'
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 04[CFG] left nor right host is our side, assuming left=local
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 04[CFG] added configuration 'home'
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 04[CFG] received stroke: initiate 'home'
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 04[IKE] initiating IKE_SA home[1] to 192.168.0.1
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 04[ENC] generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 04[NET] sending packet: from 192.168.0.254[500] to 192.168.0.1[500]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 06[NET] received packet: from 192.168.0.1[500] to 192.168.0.254[500]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 06[ENC] parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+followed by the IKE_AUTH exchange where the IKEv2 gateway proposes a mutual EAP-TTLS only authentication:
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 06[IKE] establishing CHILD_SA home
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 06[ENC] generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_4_ADDR) N(EAP_ONLY) ]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 06[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 10[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 10[ENC] parsed IKE_AUTH response 1 [ IDr EAP/REQ/TTLS ]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 10[IKE] server requested EAP_TTLS authentication (id 0xA8)
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 10[TLS] EAP_TTLS version is v0
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 10[IKE] allow mutual EAP-only authentication
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+The IKEv2 EAP-TLS tunnel is set up with certificate-based server authentication
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 10[ENC] generating IKE_AUTH request 2 [ EAP/RES/TTLS ]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 10[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 05[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 05[ENC] parsed IKE_AUTH response 2 [ EAP/REQ/TTLS ]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 05[ENC] generating IKE_AUTH request 3 [ EAP/RES/TTLS ]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 05[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[ENC] parsed IKE_AUTH response 3 [ EAP/REQ/TTLS ]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[TLS] negotiated TLS version TLS 1.2 with suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[TLS] received TLS server certificate 'C=CH, O=Linux strongSwan, CN=moon.strongswan.org'
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[CFG]   using certificate "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[CFG]   using trusted ca certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[CFG] checking certificate status of "C=CH, O=Linux strongSwan, CN=moon.strongswan.org"
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[CFG]   fetching crl from 'http://crl.strongswan.org/strongswan.crl' ...
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[CFG]   using trusted certificate "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[CFG]   crl correctly signed by "C=CH, O=Linux strongSwan, CN=strongSwan Root CA"
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[CFG]   crl is valid: until Dec 02 09:19:24 2011
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[CFG] certificate status is good
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[CFG]   reached self-signed root ca with a path length of 0
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[ENC] generating IKE_AUTH request 4 [ EAP/RES/TTLS ]
-Andreas Steffen
+Nov 29 07:39:22 merthyr charon: 15[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Via the IKEv2 EAP-TTLS tunnel the server requests the EAP client identity
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 14[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 14[ENC] parsed IKE_AUTH response 4 [ EAP/REQ/TTLS ]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 14[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/ID]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 14[IKE] server requested EAP_IDENTITY authentication (id 0x00)
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 14[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/ID]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 14[ENC] generating IKE_AUTH request 5 [ EAP/RES/TTLS ]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 14[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+followed by an EAP-MD5 client authentication
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 03[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 03[ENC] parsed IKE_AUTH response 5 [ EAP/REQ/TTLS ]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 03[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/MD5]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 03[IKE] server requested EAP_MD5 authentication (id 0x36)
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 03[IKE] sending tunneled EAP-TTLS AVP [EAP/RES/MD5]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 03[ENC] generating IKE_AUTH request 6 [ EAP/RES/TTLS ]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 03[NET] sending packet: from 192.168.0.254[4500] to 192.168.0.1[4500]
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Now the EAP-TNC transport protocol connecting the TNC client with the TNC server is started:
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[NET] received packet: from 192.168.0.1[4500] to 192.168.0.254[4500]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[ENC] parsed IKE_AUTH response 6 [ EAP/REQ/TTLS ]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[IKE] received tunneled EAP-TTLS AVP [EAP/REQ/TNC]
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[IKE] server requested EAP_TNC authentication (id 0x84)
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[TLS] EAP_TNC version is v1
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[TNC] assigned TNCCS Connection ID 1
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+A first PB-TNC CDATA (IF-TNCCS 2.0 ClientData) batch is prepared
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[TNC] creating PB-TNC CDATA batch
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[TNC] adding PB-Language-Preference message
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+An instance of the Attestation PTS-IMC is created which in a first step determines the client operating systen
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS] platform is 'Ubuntu 11.10 i686'
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+and then loads the private AIK key in the form of a TPM-encrypted binary blob
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS] loaded AIK certificate from '/home/andi/privacyca/AIK_3_Cert.der'
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS] loaded AIK Blob from '/home/andi/privacyca/AIK_3_Blob.bin'
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS] AIK Blob: => 559 bytes @ 0x8266b24
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]    0: 01 01 00 00 00 12 00 00 00 04 00 00 00 00 01 00  ................
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]   16: 01 00 02 00 00 00 0C 00 00 08 00 00 00 00 02 00  ................
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]   32: 00 00 00 00 00 00 00 00 00 01 00 E9 1C 5F 57 5B  ............._W[
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]   48: 73 5F 35 15 BD AF 29 89 13 F1 F9 8D 83 62 6C 73  s_5...)......bls
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]   64: C0 5F 8B 90 5A B8 1A 72 B9 D2 51 F8 DC 24 CF 0D  ._..Z..r..Q..$..
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]   80: 9E E2 0B F8 8D 11 CD B2 E5 6B CB C2 AB FA BD F4  .........k......
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]   96: 74 D2 25 B3 AE CE 47 66 58 A6 65 A4 CA 36 24 1E  t.%...GfX.e..6$.
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  112: 6E 22 A4 9F 88 C5 63 78 AD 53 33 90 22 91 6F 83  n"....cx.S3.".o.
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  128: 8F 2A A8 98 0C 15 3E 89 19 48 63 BE 4C 35 02 F4  .*....>..Hc.L5..
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  144: 03 7E 10 8E 4D DB 5A D1 63 9A 3C D9 63 F5 7B C6  .~..M.Z.c.<.c.{.
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  160: 73 0F 23 05 B6 00 30 3B 34 6C 3C 10 A9 A5 4A 79  s.#...0;4l<...Jy
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  176: 2E 62 88 E3 CC 7F 7B A7 5A E3 6F 13 7A BD BF 86  .b....{.Z.o.z...
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  192: 1D 3C E3 12 3A 8C 0E 7D 47 55 C6 76 A9 D3 61 16  .<..:..}GU.v..a.
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  208: 22 8A 32 C5 E7 CD 17 DB 5F A1 67 CC 1D F5 D9 25  ".2....._.g....%
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  224: 51 01 33 1E 05 45 85 53 2E 2C 2B 1D 59 E5 FE C2  Q.3..E.S.,+.Y...
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  240: 61 26 36 12 05 F2 5C 95 F8 70 E6 6A DB BF 30 1E  a&6...\..p.j..0.
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  256: 46 05 E6 0E 94 3C 0C C6 1C 96 B4 59 AC 5C 63 15  F....<.....Y.\c.
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  272: 8C 77 E8 45 91 6B 8B B1 0D DB 26 3C E5 34 1C E8  .w.E.k....&<.4..
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  288: B9 B5 6E 7F 9B 6E 7D 24 82 6E 2B 00 00 01 00 22  ..n..n}$.n+...."
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  304: 35 22 CB 61 E6 28 B9 53 4A EB 52 10 A9 CD 5A 2A  5".a.(.SJ.R...Z*
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  320: 23 3A DD 32 77 53 44 8D 94 40 7E 6A 28 83 9D 9D  #:.2wSD..@~j(...
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  336: 1E 1B CE 7C CE D2 8A C9 04 BE 66 A5 A1 CA E3 03  ...|......f.....
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  352: 7F 33 97 AD EF A8 E8 83 C9 65 CA 38 27 22 8A 26  .3.......e.8'".&
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  368: 90 B1 1E B0 AE F6 B3 77 5E E3 C8 C2 C6 49 DC 74  .......w^....I.t
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  384: EF 6E A4 31 DF 13 12 F0 4B 53 3D 85 5C 4F 98 C3  .n.1....KS=.\O..
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  400: 32 7D 05 EB C1 D6 2A AC 6A 38 B8 C4 D4 B7 FE B7  2}....*.j8......
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  416: 11 39 AD 14 39 EE C2 38 4D 31 86 D9 6F 10 85 90  .9..9..8M1..o...
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  432: 07 43 AA DF AA 25 84 79 5D 01 7B 2B B1 DB 3D CA  .C...%.y].{+..=.
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  448: 34 A5 94 B6 35 3B 87 EC 77 56 8E B4 13 DD 3F 25  4...5;..wV....?%
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  464: 12 F9 97 CB 23 CF B8 AB D5 1C 2A D6 2D 13 85 3B  ....#.....*.-..;
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  480: D3 77 48 B8 A4 C0 31 C6 68 C0 92 33 7C 5B AA 8E  .wH...1.h..3|[..
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  496: A5 86 05 EF 99 0D CA 02 5F 96 9A 68 C3 DA A2 A8  ........_..h....
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  512: B7 4C C6 EC 09 98 45 E7 E6 E5 DC A6 E3 B3 54 2A  .L....E.......T*
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  528: F5 5A 94 78 3C 26 5B FD D0 01 4B A4 5D B2 C2 EC  .Z.x<&[...K.]...
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[PTS]  544: B6 56 A0 DB EC C8 BA 0D E9 56 EC F0 77 7A AB     .V.......V..wz.
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[IMC] IMC 1 "Attestation" created a state for Connection ID 1
-Andreas Steffen
+</pre>
 Andreas Steffen
-Andreas Steffen
+Via the IF-IMC interface the PTS-IMC receives a 'Handshake' state change from the TNC client
-Andreas Steffen
+<pre>
-Andreas Steffen
+Nov 29 07:39:23 merthyr charon: 02[IMC] IMC 1 "Attestation" changed state of Connection ID 1 to 'Handshake'
-Andreas Steffen
+</pre>

Project

General

Profile

strongSwan

TNC Client with PTS-IMC » History » Version 4