Danke.
Hab ich gemacht, nun gibt es zumindest keine Authentifizierungsfehler mehr. Aber Verbindung kommt leider trotzdem nicht zustande. Trace sieht so aus:
Code: Alles auswählen
> trace # vpn-ike vpn-debug
VPN-IKE ON
VPN-Debug ON
root@1900EF:/
>
[VPN-IKE] 2022/12/19 17:31:13,834
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port : <ANDROID-PUBLIC-IP>:31899
Destination/Port : <LANCOM-PUBLIC-IP>:500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : EB 26 37 83 DE EA 94 47
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x08 Initiator
| Msg-ID : 0
| Length : 1072 Bytes
SA Payload
| Next Payload : KE
| CRITICAL : NO
| Reserved : 0x00
| Length : 408 Bytes
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 200 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 21
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-512 (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-384 (13)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-XCBC-96 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CMAC-96 (8)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-CMAC (8)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 204 Bytes
| | Proposal number : 2
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 20
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : CURVE25519 (31)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 3072-BIT MODP (15)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-XCBC (4)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-384 (6)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-AES128-CMAC (8)
| | | Attributes : NONE
KE Payload
| Next Payload : NONCE
| CRITICAL : NO
| Reserved : 0x00
| Length : 520 Bytes
| DH Group : 16
| Reserved2 : 0x0000
| DH-Key(4096 bits) : 1C 7D 96 F5 02 D5 2F 04 47 BE 82 E9 29 0D C0 7F
| 35 1C C8 4F 85 0C D7 65 B5 08 23 32 C6 73 A3 5A
| 95 A2 08 0B A4 EC 20 CD FA 4B 74 AD 78 D7 3F 6C
| 52 1C 44 85 93 02 8E F0 A8 EC 15 3B D5 46 A6 41
| 40 FE E0 6B 75 B7 2F D3 CE 4C 3A 14 F4 8E 68 88
| 03 74 2C 8B 4A 02 49 8E AC C0 03 4B 0B 3E 40 B5
| E2 37 CF 8D 08 AD 2E 8F 46 17 AC 5B EE BE C6 D6
| 67 0B CA 0B FA 2B E2 4A 7F A0 06 CC 64 35 0B 7D
| F5 58 18 1C 71 74 23 05 4D CF DD 1B 5A 98 0E B1
| E9 8C 65 5C 5E 67 EC A8 57 25 DA 26 B1 D9 AD 93
| 21 DB 1E 0E 1B A9 8B 29 DF 0A 1C 4F 51 26 E3 A1
| 52 06 98 51 2B 2C A3 EE 22 86 7D 16 42 F8 A2 86
| 6C 8A CB 28 02 02 F4 B9 52 8C B2 35 0E 7D 7C 1F
| 5E FA 04 8F D7 F4 87 28 20 C7 F5 43 F8 B5 D4 84
| 24 B5 33 8F F8 45 78 CA 66 EF E5 E6 A3 37 74 21
| 8E 95 92 95 09 AB 87 DF 39 01 3C FD E0 98 D6 02
| A5 46 56 4B BA E8 D2 3F D0 85 AD FC DF 5C CA A2
| 58 20 D0 29 35 DB 8F A9 61 2F 8E 3A 4B 97 EF E0
| D8 25 64 30 D4 64 B5 CB 28 51 33 97 15 12 BF 57
| 32 CF FE 40 ED 83 57 6A 83 D5 F4 99 36 C8 1B 72
| 75 00 02 10 AF EA 14 91 F2 7F B6 3F 24 F9 78 3E
| 7C D1 9E 39 12 69 07 7F 5C 72 00 4C 70 84 B1 B0
| 69 75 74 1F 33 3C 4E 2F 65 08 9C 53 DB 2F E3 E2
| 86 8C CB 32 05 8C 74 85 93 10 4D 69 CB F9 40 1F
| A8 33 78 4E 80 9E 1B C8 72 75 54 49 7C C0 F8 E1
| 09 3D 8D 83 9A 16 5E 98 52 55 BC 3C 2A 03 2A 8C
| 79 B7 D8 75 8F 9F 79 B2 0E 6E 4D C4 CF BF F5 87
| 34 74 76 38 72 34 B2 9E 50 F3 D4 5A BD C5 77 7A
| 83 60 29 CC 20 98 56 10 8F 86 0C 48 C4 69 D5 4B
| 1E FC E9 03 4C 49 57 9B 0A 5E 93 6C F4 09 C2 06
| 72 99 70 87 76 D2 6C 7A 48 CA 26 4F F0 D1 3B D3
| 76 34 FD 70 1F F6 F2 A4 ED 9E 6C A7 0D AC 86 E9
NONCE Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 36 Bytes
| Nonce(256 bits) : 01 46 EB 2F F4 21 4C 2A 57 40 25 D3 22 12 B7 90
| 9A 67 73 32 09 ED B3 DC 59 CC 46 C3 0A C5 82 88
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data : 61 E4 FB AF 4B D3 4E CF 43 2C 74 B4 EB 0F 27 11
| 42 00 9E 8D
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data : 4A 12 E7 42 EA 29 2E AD 7C 04 7B 82 69 49 37 AC
| 3C 32 52 6C
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 16 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs. : SHA1, SHA-256, SHA-384, SHA-512
[VPN-Debug] 2022/12/19 17:31:13,841
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1072 bytes
Gateways: <LANCOM-PUBLIC-IP>:500<--<ANDROID-PUBLIC-IP>:31899
SPIs: 0xEB263783DEEA94470000000000000000, Message-ID 0
Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
QUB-DATA: <LANCOM-PUBLIC-IP>:500<---<ANDROID-PUBLIC-IP>:31899 rtg_tag 0 physical-channel WAN(1)
transport: [id: 14188898, UDP (17) {incoming unicast, fixed source address}, dst: <ANDROID-PUBLIC-IP>, tag 0 (U), src: <LANCOM-PUBLIC-IP>, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INTERNET (4), mac address: e4:8d:8c:0f:db:82, port 0], local port: 500, remote port: 31899
+No IKE_SA found
Counting consumed licenses by active channels...
1: (ANDERER-VPN-ZUGANG , <ANDROID-PUBLIC-IP> , ikev1) -> 1
Consumed connected licenses : 1
Negotiating connections : 0
IKE negotiations : 0
MPPE connections : 0
Licenses in use : 1 < 25
+Passive connection request accepted (32 micro seconds)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0xEB263783DEEA94473DAB40859566437200000000, P1, RESPONDER): Setting Negotiation SA
Referencing (IKE_SA, 0xEB263783DEEA94473DAB40859566437200000000, responder): use_count 3
Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
+Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
+Computing SHA1(0xEB263783DEEA94470000000000000000|<ANDROID-PUBLIC-IP>:31899)
+Computing SHA1(0xEB263783DEEA944700000000000000004E841EC47C9B)
+Computed: 0x29569F9B179E13D7EB72EBCEFE9E57C65E9CBF3A
+Received: 0x61E4FBAF4BD34ECF432C74B4EB0F271142009E8D
+Not equal => NAT-T enabled => switching on port 4500
Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
+Computing SHA1(0xEB263783DEEA94470000000000000000|<LANCOM-PUBLIC-IP>:500)
+Computing SHA1(0xEB263783DEEA944700000000000000003E44DDC201F4)
+Computed: 0x4A12E742EA292EAD7C047B82694937AC3C32526C
+Received: 0x4A12E742EA292EAD7C047B82694937AC3C32526C
+Equal => NAT-T is already enabled
Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
Looking for payload IKE_SA (33)...Found 1 payload.
+Config ENCR transform(s): AES-GCM-16-256 AES-GCM-16-128 ENCR-CHACHA20-POLY1305 AES-CBC-256 AES-CBC-128
+Received ENCR transform(s): AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
+Best intersection: AES-CBC-256
+Config PRF transform(s): PRF-HMAC-SHA-512 PRF-HMAC-SHA-384 PRF-HMAC-SHA-256 PRF-HMAC-SHA1 PRF-HMAC-MD5
+Received PRF transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC PRF-HMAC-SHA-256 PRF-HMAC-SHA-384 PRF-HMAC-SHA-512 PRF-AES128-CMAC
+Best intersection: PRF-HMAC-SHA-512
+Config INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 HMAC-SHA1 HMAC-MD5
+Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
+Best intersection: HMAC-SHA-512
+Config DH transform(s): 16 15 14 2
+Received DH transform(s): 16 31 15 14
+Best intersection: 16
Looking for payload NONCE (40)...Found 1 payload.
+Nonce length=32 bytes
+Nonce=0x0146EB2FF4214C2A574025D32212B7909A67733209EDB3DC59CC46C30AC58288
+SA-DATA-Ni=0x0146EB2FF4214C2A574025D32212B7909A67733209EDB3DC59CC46C30AC58288
[VPN-IKE] 2022/12/19 17:31:14,185
[DEFAULT] Sending packet:
IKE 2.0 Header:
Source/Port : <LANCOM-PUBLIC-IP>:500
Destination/Port : <ANDROID-PUBLIC-IP>:31899
Routing-tag : 0
Com-channel : 0
| Initiator cookie : EB 26 37 83 DE EA 94 47
| Responder cookie : 3D AB 40 85 95 66 43 72
| Next Payload : SA
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x20 Response
| Msg-ID : 0
| Length : 745 Bytes
SA Payload
| Next Payload : KE
| CRITICAL : NO
| Reserved : 0x00
| Length : 48 Bytes
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-512 (7)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-512 (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 4096-BIT MODP (16)
| | | Attributes : NONE
KE Payload
| Next Payload : NONCE
| CRITICAL : NO
| Reserved : 0x00
| Length : 520 Bytes
| DH Group : 16
| Reserved2 : 0x0000
| DH-Key(4096 bits) : 13 81 29 FF 20 54 91 49 C0 C5 F6 87 62 D2 06 82
| 67 E6 AD F9 7C 50 BE 3A AB B7 B6 41 AF F4 34 5F
| A0 EE 23 73 E4 CD 2B 00 A3 F2 8B B2 4C E4 38 46
| B9 87 8C B4 5D 8B 70 E3 03 AB 74 E0 48 AF 54 3C
| 58 41 31 90 F8 82 96 F6 13 23 49 F4 53 B1 F3 9A
| 06 75 A2 F5 5F 10 86 BC 8A C0 FB 1B 34 C1 57 F1
| 01 5E 42 61 A1 8E 36 D6 D4 5C A1 F4 BF 06 66 90
| D6 3A C3 63 75 94 A5 41 60 14 13 15 62 3B 4F 75
| 6D 82 BA 04 FD BD 8D 93 B5 C2 0E CF 03 FB 9D 0A
| 12 5E CD 9C 64 A5 DB 42 A4 D4 F2 FA 0B 74 2A 5A
| 61 AC A9 B7 54 8D FD C9 0D 53 38 4E D2 C7 86 53
| DF AE DC 05 4C B6 2E 6D 1D 12 A5 08 7F 50 84 C6
| CF D5 6D 94 57 AC DC A6 82 CC 93 FE 48 76 5B 7C
| 1B 14 87 AF E6 ED 8A 33 C1 4C 3E 4C 06 F8 E1 2A
| 6F 96 93 32 C7 41 D3 07 15 9C F3 5B 6C 9E 3A BA
| 0D A4 44 48 04 EE 7F 26 A4 EC E8 6D 0D 56 BB FE
| 6E 40 C8 02 B9 0D 69 C3 37 26 A3 AD 97 5E 21 93
| 0F 2B 40 84 6F A8 5A 53 F8 69 AB E3 65 FE D8 07
| D3 9B 97 CA 75 9B D7 03 9E 98 C0 F9 B4 D3 5D 21
| 17 7D C0 3D 77 41 30 B7 57 EA 5C 5E 26 2D 2E 04
| C0 41 9D D5 55 2B 41 7F 36 B9 4C F2 62 F8 50 C1
| 87 A2 20 4E 37 74 FD 8F 94 D5 2F B1 55 E0 FA 1B
| D0 88 06 AB 15 3B 5D 9D D2 C0 87 97 2D 85 47 CE
| 84 5A C4 A7 3A 0D 96 01 2A EB 81 F7 F6 AA 17 BF
| 91 51 51 45 D2 1A D3 F1 19 F5 8D 19 75 3B A9 A9
| 1B 27 B4 5B 98 74 1D 25 05 8F E1 FC B6 4E FC 8E
| FF C4 3A A0 97 91 C4 F7 09 FE 9E 1B F1 86 CF A4
| C4 7A 4E FD 3B 68 29 9D 09 F0 DE 3A DB 50 4B E2
| 83 5D A7 9B 79 08 3F 60 DD 89 EB EC AA B6 83 DA
| D0 09 9A E8 34 A7 84 E9 29 FD 09 DA AC C4 CB 63
| 75 75 B2 8F E8 13 1E A9 EC DA 1B DA 0A F2 8B AE
| F3 D5 05 FA 68 B6 20 02 82 20 A9 B4 1A 4D A1 C4
NONCE Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 36 Bytes
| Nonce(256 bits) : 0E 14 65 D0 4F C3 6A 2C 25 38 75 22 1B 91 AD 9F
| 5C B3 6E 23 D2 92 A4 E3 5A D4 E7 21 38 93 26 F2
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data : 7F 17 B7 97 67 52 98 09 28 FA 41 D4 6F 18 26 7B
| B0 5A C9 E7
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data : 66 B4 FA 9C 61 CA 7A BE 40 C1 BB E3 F1 52 27 A2
| A3 30 5B EC
NOTIFY Payload
| Next Payload : CERTREQ
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : IKEV2_FRAGMENTATION_SUPPORTED
CERTREQ Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 25 Bytes
| Cert. Type : X509_SIG
| Cert. Autherity : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
| 00 00 00 00
VENDOR Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 24 Bytes
| Vendor ID : 81 75 2E B5 91 4D 73 5C DF CD C8 58 C3 A8 ED 7C
| 1C 66 D1 42
[VPN-Debug] 2022/12/19 17:31:14,528
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
Constructing payload KE (34):
+Could not pop a DH-Group from DH-Group-Container => Generate a key-pair now
+DH key-pair successfully generated in 341991 micro seconds
Constructing payload NONCE (40):
+Nonce length=32 bytes
+Nonce=0x0E1465D04FC36A2C253875221B91AD9F5CB36E23D292A4E35AD4E721389326F2
+SA-DATA-Nr=0x0E1465D04FC36A2C253875221B91AD9F5CB36E23D292A4E35AD4E721389326F2
Constructing payload NOTIFY(DETECTION_SOURCE_IP) (41):
+Computing SHA1(0xEB263783DEEA94473DAB408595664372|<LANCOM-PUBLIC-IP>:500)
+Computing SHA1(0xEB263783DEEA94473DAB4085956643723E44DDC201F4)
+0x7F17B7976752980928FA41D46F18267BB05AC9E7
Constructing payload NOTIFY(DETECTION_DESTINATION_IP) (41):
+Computing SHA1(0xEB263783DEEA94473DAB408595664372|<ANDROID-PUBLIC-IP>:31899)
+Computing SHA1(0xEB263783DEEA94473DAB4085956643724E841EC47C9B)
+0x66B4FA9C61CA7ABE40C1BBE3F15227A2A3305BEC
Constructing payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41):
Constructing payload CERTREQ (38):
+0x0000000000000000000000000000000000000000
Constructing payload VENDOR(FRAGMENTATION) (43):
Constructing payload VENDOR(FRAGMENTATION(C0000000)) (43):
Constructing payload VENDOR(ikev2 config payload: Do not narrow my traffic selector) (43):
Constructing payload VENDOR(activate lancom-systems notification private range) (43):
Constructing payload NOTIFY(DEVICE-ID) (41):
+Peer does not support private notifications -> ignore
+Could not pop a DH-Group from DH-Group-Container => Generate a key-pair now
+DH key-pair successfully generated in 341991 micro seconds
+Shared secret derived in 341981 micro seconds
IKE_SA(0xEB263783DEEA94473DAB408595664372).EXPECTED-MSG-ID raised to 1
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0xEB263783DEEA94473DAB40859566437200000000, P1, RESPONDER): Resetting Negotiation SA
(IKE_SA, 'DEFAULT', 'ISAKMP-PEER-DEFAULT', 0xEB263783DEEA94473DAB40859566437200000000, responder): use_count --4
+(request, response) pair inserted into retransmission map
Sending an IKE_SA_INIT-RESPONSE of 745 bytes (responder)
Gateways: <LANCOM-PUBLIC-IP>:4500--><ANDROID-PUBLIC-IP>:4500, tag 0 (UDP)
SPIs: 0xEB263783DEEA94473DAB408595664372, Message-ID 0
Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), CERTREQ, VENDOR(activate lancom-systems notification private range)
[VPN-IKE] 2022/12/19 17:31:14,529
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port : <ANDROID-PUBLIC-IP>:47193
Destination/Port : <LANCOM-PUBLIC-IP>:4500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : EB 26 37 83 DE EA 94 47
| Responder cookie : 3D AB 40 85 95 66 43 72
| Next Payload : ENCR
| Version : 2.0
| Exchange type : IKE_AUTH
| Flags : 0x08 Initiator
| Msg-ID : 1
| Length : 624 Bytes
ENCR Payload
| Next Payload : IDI
| CRITICAL : NO
| Reserved : 0x00
| Length : 596 Bytes
| IV : EC 83 AC D5 D7 55 7D 68 99 B5 13 BA 29 7A 6B A2
| Encrypted Data : 25 23 C8 5B 7B 89 95 3B D6 5B F1 6E 83 5E C3 0D
| AB 58 7B 4E C8 B0 5C AF 33 89 71 60 2E BB C7 C1
| C7 5D D7 1B 65 51 41 48 1E 46 D8 27 D7 4C 65 4B
| 2B EF C4 B1 97 23 30 11 AE AF 6C AA 28 DB DE 90
| E7 CF 78 92 E1 4F 25 DC 1B B8 8E 2F C7 F0 BF DF
| 68 B5 B6 17 A2 B8 68 29 4B CD 16 AE 45 D2 BB 45
| 9D 6D DC BF 4C 51 BB FD 89 DE A6 A7 9E BD 5C AC
| E8 2C 15 B4 AE 60 D4 37 0A 66 2E 5F 51 D1 B5 E1
| 4D 53 78 7F C2 E4 F0 B8 31 04 F7 B1 4A FC FD 8D
| 02 A8 3A 99 F5 7A 6F B3 DB 22 9D CF CD 4B 82 E9
| F2 9C 20 30 AD 16 62 E2 9C 7B 97 9D 52 90 D9 7E
| 28 7A E6 D1 9E 80 25 CE 78 85 1C 30 99 A5 E5 84
| 8F 78 F5 BD 5A 23 05 87 D7 6D F4 1F 59 28 53 6C
| 29 AE BC BB C9 9C B7 80 9C A3 70 4E 17 B5 F2 EA
| 02 AD 30 A6 5B 12 96 75 98 D8 7A 0C B4 15 D2 E0
| 9E 21 D1 C3 38 AD D2 F2 20 0B F9 29 BB EA D1 B1
| 21 CC CC F6 10 78 06 79 5A 01 5C 1A 8D CF 15 94
| A4 39 F2 24 12 36 8F C6 9F C0 89 8E D2 92 A1 52
| 08 FA C2 F6 44 07 97 0D 9B E3 3A AB BD 04 EC 14
| BD 4C 80 82 87 28 84 66 04 F7 E1 6E 8A 1A D5 AE
| 8E 48 1E 0B 4B C5 33 F5 FB AE 9D ED 62 9A 05 C6
| BD 14 E3 36 B9 EA B2 FC 61 1D 38 70 92 5E E0 BB
| 4C 63 C6 09 20 31 A2 EE 8E 21 62 C8 4A 17 9C 92
| 29 F7 75 EF 94 A6 F4 DC 46 A0 D8 44 E1 92 45 AF
| D1 43 9C 6E 44 EC F9 78 32 0E B8 2F DC 1C E6 DA
| 34 5A C5 DA D6 42 EA 02 3F 4A 31 C9 A7 FD 27 32
| 5A 94 80 0A D7 D0 1A 88 5D 38 AB A8 63 73 7A 1F
| 6C AB 1E 19 FC E7 7A 0E 02 64 C0 7C BB F8 CE CA
| 99 73 14 B4 3E 81 14 95 8D 10 8C 9B 80 24 52 8E
| ED BD BD C5 BD 08 62 37 E6 0A 1F D6 47 9D A5 A6
| 3A 3D 9E 26 36 0D A9 0A A2 0C 5F 77 DF BB 94 73
| 3F 47 29 06 C8 CD 4C E7 0D AD 40 1E 29 07 B5 03
| 9A 95 55 04 6D 59 E9 B5 2F 13 68 DE 1B F1 A0 BB
| B7 90 F2 9D D8 0B D0 79 0F 23 6D F1 B1 CD F4 02
| ICV : 15 9E 25 B3 CB B0 0C 9F 52 52 B4 2F B7 3E 57 F7
| 51 B8 F0 E3 B9 E4 98 71 78 F8 2C 95 1F 0B F9 84
[VPN-IKE] 2022/12/19 17:31:14,537
[DEFAULT] Received packet after decryption:
IKE 2.0 Header:
Source/Port : <ANDROID-PUBLIC-IP>:47193
Destination/Port : <LANCOM-PUBLIC-IP>:4500
Routing-tag : 0
Com-channel : 0
| Initiator cookie : EB 26 37 83 DE EA 94 47
| Responder cookie : 3D AB 40 85 95 66 43 72
| Next Payload : ENCR
| Version : 2.0
| Exchange type : IKE_AUTH
| Flags : 0x08 Initiator
| Msg-ID : 1
| Length : 624 Bytes
ENCR Payload
| Next Payload : IDI
| CRITICAL : NO
| Reserved : 0x00
| Length : 596 Bytes
| IV : EC 83 AC D5 D7 55 7D 68 99 B5 13 BA 29 7A 6B A2
| ICV : 15 9E 25 B3 CB B0 0C 9F 52 52 B4 2F B7 3E 57 F7
| 51 B8 F0 E3 B9 E4 98 71 78 F8 2C 95 1F 0B F9 84
IDI Payload
| Next Payload : IDR
| CRITICAL : NO
| Reserved : 0x00
| Length : 16 Bytes
| ID type : FQDN
| Reserved : 0x000000
| ID : android3
IDR Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 12 Bytes
| ID type : IPV4_ADDR
| Reserved : 0x000000
| ID : <LANCOM-PUBLIC-IP>
NOTIFY Payload
| Next Payload : AUTH
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_MOBIKE_SUPPORTED
AUTH Payload
| Next Payload : SA
| CRITICAL : NO
| Reserved : 0x00
| Length : 72 Bytes
| Auth. Method : PRESHARED_KEY
| Reserved : 0x000000
| Auth. Data : 12 46 CE F1 02 3A 36 6C D7 CE C3 7B AC 05 97 77
| 0F 30 65 49 0A 0D 1A 0B 96 C4 B5 85 68 4A EF 00
| 96 05 25 85 35 2E 23 A2 BD 72 F0 C0 46 09 ED 93
| A1 48 F2 82 65 13 D7 7A 5B 98 FF 7F BA 64 58 42
SA Payload
| Next Payload : TSi
| CRITICAL : NO
| Reserved : 0x00
| Length : 272 Bytes
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 132 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_ESP
| | SPI size : 4
| | #Transforms : 12
| | SPI : 67 E4 A8 7F
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-512 (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-384 (13)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-XCBC-96 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CMAC-96 (8)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2 : 0x00
| | | Transform ID : NONE (0)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 136 Bytes
| | Proposal number : 2
| | Protocol ID : IPSEC_ESP
| | SPI size : 4
| | #Transforms : 11
| | SPI : 42 27 B0 86
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : ENCR-CHACHA20-POLY1305 (28)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2 : 0x00
| | | Transform ID : NONE (0)
| | | Attributes : NONE
TSi Payload
| Next Payload : TSr
| CRITICAL : NO
| Reserved : 0x00
| Length : 64 Bytes
| Number of TSs : 2
| Reserved : 0x000000
| Traffic Selector 0
| | Type : TS_IPV4_ADDR_RANGE
| | Protocol : ANY
| | Length : 16
| | Start Port : 0
| | End Port : 65535
| | Address Range : 0.0.0.0 - 255.255.255.255
| Traffic Selector 1
| | Type : TS_IPV6_ADDR_RANGE
| | Protocol : ANY
| | Length : 40
| | Start Port : 0
| | End Port : 65535
| | Address Range : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
TSr Payload
| Next Payload : CP
| CRITICAL : NO
| Reserved : 0x00
| Length : 64 Bytes
| Number of TSs : 2
| Reserved : 0x000000
| Traffic Selector 0
| | Type : TS_IPV4_ADDR_RANGE
| | Protocol : ANY
| | Length : 16
| | Start Port : 0
| | End Port : 65535
| | Address Range : 0.0.0.0 - 255.255.255.255
| Traffic Selector 1
| | Type : TS_IPV6_ADDR_RANGE
| | Protocol : ANY
| | Length : 40
| | Start Port : 0
| | End Port : 65535
| | Address Range : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
CP Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 32 Bytes
| Type : REQUEST
| Reserved2 : 0x000000
| Attribute 0
| | Type : Variable, INTERNAL_IP4_ADDRESS
| | Length : 0
| | Value :
| Attribute 1
| | Type : Variable, INTERNAL_IP6_ADDRESS
| | Length : 0
| | Value :
| Attribute 2
| | Type : Variable, INTERNAL_IP4_DNS
| | Length : 0
| | Value :
| Attribute 3
| | Type : Variable, INTERNAL_IP6_DNS
| | Length : 0
| | Value :
| Attribute 4
| | Type : Variable, INTERNAL_IP4_NETMASK
| | Length : 0
| | Value :
| Attribute 5
| | Type : Variable, APPLICATION_VERSION
| | Length : 0
| | Value :
Rest : 90 30 47 03
[VPN-Debug] 2022/12/19 17:31:14,538
Config parser update peer's ANDROID3 remote gateway to <ANDROID-PUBLIC-IP> (old 0.0.0.0)
[VPN-Debug] 2022/12/19 17:31:14,543
Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 624 bytes (encrypted)
Gateways: <LANCOM-PUBLIC-IP>:4500<--<ANDROID-PUBLIC-IP>:4500
SPIs: 0xEB263783DEEA94473DAB408595664372, Message-ID 1
Payloads: ENCR
QUB-DATA: <LANCOM-PUBLIC-IP>:4500<---<ANDROID-PUBLIC-IP>:47193 rtg_tag 0 physical-channel WAN(1)
transport: [id: 14188898, UDP (17) {incoming unicast, fixed source address}, dst: <ANDROID-PUBLIC-IP>, tag 0 (U), src: <LANCOM-PUBLIC-IP>, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INTERNET (4), mac address: e4:8d:8c:0f:db:82, port 0], local port: 4500, remote port: 4500, flags: UDP_ENCAPSULATION
+IKE_SA found and assigned
+Exchange created (flags: 0x00000054)
Message verified successfully
Message decrypted successfully
Payloads: ENCR, IDI, IDR, NOTIFY(MOBIKE_SUPPORTED), AUTH(PSK), SA, TSI, TSR, CP(REQUEST)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0xEB263783DEEA94473DAB40859566437200000001, P2, RESPONDER): Setting Negotiation SA
Referencing (CHILD_SA, 0xEB263783DEEA94473DAB4085956643720000000100, responder): use_count 3
Looking for payload IDI (35)...Found 1 payload.
+Received-ID android3:FQDN matches the Expected-ID android3:FQDN
+Config ENCR transform(s): AES-GCM-16-256 AES-GCM-16-128 ENCR-CHACHA20-POLY1305 AES-CBC-256 AES-CBC-128
+Received ENCR transform(s): AES-CBC-256
+Best intersection: AES-CBC-256
+Config PRF transform(s): PRF-HMAC-SHA-512 PRF-HMAC-SHA-384 PRF-HMAC-SHA-256 PRF-HMAC-SHA1 PRF-HMAC-MD5
+Received PRF transform(s): PRF-HMAC-SHA-512
+Best intersection: PRF-HMAC-SHA-512
+Config INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 HMAC-SHA1 HMAC-MD5
+Received INTEG transform(s): HMAC-SHA-512
+Best intersection: HMAC-SHA-512
+Config DH transform(s): 16 15 14 2
+Received DH transform(s): 16
+Best intersection: 16
Looking for payload TSI (44)...Found 1 payload.
Looking for a rule...
Trying rule 0: IPSEC-0-ANDROID3-PR0-L0-R0
Determining best intersection for TSi
Expected TS :( 0, 0-65535, 10.121.14.237-10.121.14.237 )
Received TS :( 0, 0-65535, 0.0.0.0-255.255.255.255)
Intersection:( 0, 0-65535, 10.121.14.237-10.121.14.237 )
Determining best intersection for TSi
Expected TS :( 0, 0-65535, 10.121.14.237-10.121.14.237 )
Received TS :( 0, 0-65535, ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
-No intersection
Best :( 0, 0-65535, 10.121.14.237-10.121.14.237 )
Determining best intersection for TSr
Expected TS :( 0, 0-65535, 10.121.14.0-10.121.14.255 )
Received TS :( 0, 0-65535, 0.0.0.0-255.255.255.255)
Intersection:( 0, 0-65535, 10.121.14.0-10.121.14.255 )
Determining best intersection for TSr
Expected TS :( 0, 0-65535, 10.121.14.0-10.121.14.255 )
Received TS :( 0, 0-65535, ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
-No intersection
Best :( 0, 0-65535, 10.121.14.0-10.121.14.255 )
+Valid intersection found
TSi: ( 0, 0-65535, 10.121.14.237-10.121.14.237 )
TSr: ( 0, 0-65535, 10.121.14.0-10.121.14.255 )
+TSi OK.
Looking for payload TSR (45)...Found 1 payload.
+TSr OK.
Looking for payload CHILD_SA (33)...Found 1 payload.
+Config ENCR transform(s): AES-GCM-16-256 AES-GCM-16-128 AES-CBC-256 AES-CBC-192 AES-CBC-128
+Received ENCR transform(s): AES-128-CTR AES-CBC-256 AES-128-CTR AES-CBC-192 AES-128-CTR AES-CBC-128
+Best intersection: AES-CBC-256
+Config INTEG transform(s): HMAC-SHA-512 HMAC-SHA-256 HMAC-SHA1 HMAC-MD5
+Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96 AES-CMAC-96
+Best intersection: HMAC-SHA-512
+Config ESN transform(s): NONE
+Received ESN transform(s): NONE
+Best intersection: NONE
[VPN-IKE] 2022/12/19 17:31:14,548
[ANDROID3] Sending packet before encryption:
IKE 2.0 Header:
Source/Port : <LANCOM-PUBLIC-IP>:4500
Destination/Port : <ANDROID-PUBLIC-IP>:47193
Routing-tag : 0
Com-channel : 13
| Initiator cookie : EB 26 37 83 DE EA 94 47
| Responder cookie : 3D AB 40 85 95 66 43 72
| Next Payload : ENCR
| Version : 2.0
| Exchange type : IKE_AUTH
| Flags : 0x20 Response
| Msg-ID : 1
| Length : 304 Bytes
ENCR Payload
| Next Payload : IDR
| CRITICAL : NO
| Reserved : 0x00
| Length : 276 Bytes
| IV : 8F 48 60 F2 DB CA 42 02 CC 91 63 1B C2 4A 1C 5F
| ICV : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
IDR Payload
| Next Payload : AUTH
| CRITICAL : NO
| Reserved : 0x00
| Length : 16 Bytes
| ID type : FQDN
| Reserved : 0x000000
| ID : android3
AUTH Payload
| Next Payload : CP
| CRITICAL : NO
| Reserved : 0x00
| Length : 72 Bytes
| Auth. Method : PRESHARED_KEY
| Reserved : 0x000000
| Auth. Data : 01 58 11 8A 77 37 9D AE 40 23 F9 02 7F 1C 20 93
| 33 7B D8 48 A7 BF 03 6C E3 A9 AB 9D 02 F9 54 37
| C0 53 C7 A4 69 1C 4D B1 79 0C 41 91 7C 24 D2 7A
| BE EB 21 11 51 30 B6 8F 2E 63 07 DA 49 D4 F9 F3
CP Payload
| Next Payload : TSi
| CRITICAL : NO
| Reserved : 0x00
| Length : 32 Bytes
| Type : REPLY
| Reserved2 : 0x000000
| Attribute 0
| | Type : Variable, INTERNAL_IP4_ADDRESS
| | Length : 4
| | Value : 10.121.14.237
| Attribute 1
| | Type : Variable, INTERNAL_IP4_DNS
| | Length : 4
| | Value : 10.121.14.1
| Attribute 2
| | Type : Variable, INTERNAL_IP4_DNS
| | Length : 4
| | Value : 10.121.14.1
TSi Payload
| Next Payload : TSr
| CRITICAL : NO
| Reserved : 0x00
| Length : 24 Bytes
| Number of TSs : 1
| Reserved : 0x000000
| Traffic Selector 0
| | Type : TS_IPV4_ADDR_RANGE
| | Protocol : ANY
| | Length : 16
| | Start Port : 0
| | End Port : 65535
| | Address Range : 10.121.14.237 - 10.121.14.237
TSr Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 24 Bytes
| Number of TSs : 1
| Reserved : 0x000000
| Traffic Selector 0
| | Type : TS_IPV4_ADDR_RANGE
| | Protocol : ANY
| | Length : 16
| | Start Port : 0
| | End Port : 65535
| | Address Range : 10.121.14.0 - 10.121.14.255
NOTIFY Payload
| Next Payload : SA
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : STATUS_INITIAL_CONTACT
SA Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 44 Bytes
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 40 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_ESP
| | SPI size : 4
| | #Transforms : 3
| | SPI : 6B B6 16 88
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-512 (14)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2 : 0x00
| | | Transform ID : NONE (0)
| | | Attributes : NONE
Rest : 00 00 00 03
[VPN-IKE] 2022/12/19 17:31:14,550
[ANDROID3] Sending packet after encryption:
IKE 2.0 Header:
Source/Port : <LANCOM-PUBLIC-IP>:4500
Destination/Port : <ANDROID-PUBLIC-IP>:47193
Routing-tag : 0
Com-channel : 13
| Initiator cookie : EB 26 37 83 DE EA 94 47
| Responder cookie : 3D AB 40 85 95 66 43 72
| Next Payload : ENCR
| Version : 2.0
| Exchange type : IKE_AUTH
| Flags : 0x20 Response
| Msg-ID : 1
| Length : 304 Bytes
ENCR Payload
| Next Payload : IDR
| CRITICAL : NO
| Reserved : 0x00
| Length : 276 Bytes
| IV : 8F 48 60 F2 DB CA 42 02 CC 91 63 1B C2 4A 1C 5F
| Encrypted Data : 1B 47 A1 3B 73 31 CC 5B 2B 86 93 18 6B 9D 32 3E
| 72 9F 3F E9 53 5D 48 C8 F9 42 62 8F 93 2B 40 31
| 95 CE 48 84 0B 04 5C 87 A8 96 F8 C3 AB 44 3E E1
| F2 05 EF 1A 2D 63 D7 BC 08 2D A4 C5 6C A1 96 BB
| A8 92 BB F6 BA D0 68 E1 7B CA DC DF 3D F3 D9 07
| 6A 47 16 3C 22 C5 04 EF 57 8B 39 FB F3 B4 F5 B1
| 3F AD 0A 73 6A FE 2C 5B 94 63 04 E3 74 D7 91 83
| A7 0D 8B 90 07 CD FA 48 C9 B5 18 36 35 A8 04 63
| 74 C9 6B 62 DB E9 70 9B D3 4E 41 8A 13 B0 F5 23
| EE BC 2B 9D 38 36 76 DC 8A 63 7F EF 92 56 67 03
| B3 56 9F 5A F2 C8 06 F4 E6 D1 CF BF 17 00 8B 00
| 2C 4F 1A 75 B3 4D A4 08 BE 16 9A 2C 95 87 8F 4D
| 13 EB 39 35 BC 8E 5D 98 CC E4 C2 F5 EF 47 B6 1B
| C0 83 B4 7D 29 72 A5 09 C7 13 BA D3 A5 26 A1 BE
| ICV : 9F AA 9B 5D A1 F1 AE 35 32 D5 71 58 9B 4E AA 4E
| AE 90 E8 3F 15 1F 0A 15 72 A9 3D FA F6 06 61 B4
[VPN-Debug] 2022/12/19 17:31:14,552
CRYPTACCESS: Registering combined id: 52
[VPN-Debug] 2022/12/19 17:31:14,552
CRYPTACCESS: Registering combined id: 18
[VPN-Debug] 2022/12/19 17:31:14,552
Peer ANDROID3: Constructing an IKE_AUTH-RESPONSE for send
Constructing payload NOTIFY(MANAGEMENT_IP4_ADDRESS) (41):
Constructing payload NOTIFY(MANAGEMENT_IP6_ADDRESS) (41):
Constructing payload CP(REPLY) (47):
+INTERNAL_IP4_ADDRESS(10.121.14.237)
+INTERNAL_IP4_DNS(10.121.14.1)
+INTERNAL_IP4_DNS(10.121.14.1)
Constructing payload NOTIFY(INITIAL_CONTACT) (41):
Message encrypted successfully
Message authenticated successfully
Non-ESP-Marker Prepended
IKE_SA(0xEB263783DEEA94473DAB408595664372).EXPECTED-MSG-ID raised to 2
IPSEC overhead initialized to 42
IPSEC transport created in hardware context
(IKEv2-Exchange 'ANDROID3', 'IPSEC-0-ANDROID3-PR0-L0-R0' 0xEB263783DEEA94473DAB40859566437200000001, P2, RESPONDER, comchannel 13): Resetting Negotiation SA
(CHILD_SA, 'ANDROID3', 'IPSEC-0-ANDROID3-PR0-L0-R0', 0xEB263783DEEA94473DAB4085956643720000000100, responder): use_count --2
+(request, response) pair inserted into retransmission map
Sending an IKE_AUTH-RESPONSE of 304 bytes (responder encrypted)
Gateways: <LANCOM-PUBLIC-IP>:4500--><ANDROID-PUBLIC-IP>:47193, tag 0 (UDP)
SPIs: 0xEB263783DEEA94473DAB408595664372, Message-ID 1
Payloads: ENCR
[VPN-Debug] 2022/12/19 17:31:14,552
Peer ANDROID3: Trigger next pended request to establish an exchange
Current request is none
IKE_SA is not REPLACED
There are 0 pending requests
[VPN-IKE] 2022/12/19 17:31:14,640
[ANDROID3] Received packet:
IKE 2.0 Header:
Source/Port : <ANDROID-PUBLIC-IP>:47193
Destination/Port : <LANCOM-PUBLIC-IP>:4500
Routing-tag : 0
Com-channel : 13
| Initiator cookie : EB 26 37 83 DE EA 94 47
| Responder cookie : 3D AB 40 85 95 66 43 72
| Next Payload : ENCR
| Version : 2.0
| Exchange type : INFORMATIONAL
| Flags : 0x08 Initiator
| Msg-ID : 2
| Length : 96 Bytes
ENCR Payload
| Next Payload : DELETE
| CRITICAL : NO
| Reserved : 0x00
| Length : 68 Bytes
| IV : 5E D4 F5 3F 68 35 7D 1C 4C 89 E5 23 50 EC A9 72
| Encrypted Data : E2 93 B3 6B 18 22 9F 52 44 27 8C 81 72 79 E5 88
| ICV : 68 99 96 0E 73 B5 03 32 BE E2 2B C9 E0 55 90 3C
| 32 41 AB 84 25 08 A0 C3 7D 43 96 50 3C 2D 50 A1
[VPN-IKE] 2022/12/19 17:31:14,641
[ANDROID3] Received packet after decryption:
IKE 2.0 Header:
Source/Port : <ANDROID-PUBLIC-IP>:47193
Destination/Port : <LANCOM-PUBLIC-IP>:4500
Routing-tag : 0
Com-channel : 13
| Initiator cookie : EB 26 37 83 DE EA 94 47
| Responder cookie : 3D AB 40 85 95 66 43 72
| Next Payload : ENCR
| Version : 2.0
| Exchange type : INFORMATIONAL
| Flags : 0x08 Initiator
| Msg-ID : 2
| Length : 96 Bytes
ENCR Payload
| Next Payload : DELETE
| CRITICAL : NO
| Reserved : 0x00
| Length : 68 Bytes
| IV : 5E D4 F5 3F 68 35 7D 1C 4C 89 E5 23 50 EC A9 72
| ICV : 68 99 96 0E 73 B5 03 32 BE E2 2B C9 E0 55 90 3C
| 32 41 AB 84 25 08 A0 C3 7D 43 96 50 3C 2D 50 A1
DELETE Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : IPSEC_IKE
| SPI size : 0
| #SPIs : 0
Rest : 27 09 5F 9C BC FE 48 07
[VPN-Debug] 2022/12/19 17:31:14,641
Peer ANDROID3 [responder]: Received an INFORMATIONAL-REQUEST of 96 bytes (encrypted)
Gateways: <LANCOM-PUBLIC-IP>:4500<--<ANDROID-PUBLIC-IP>:47193
SPIs: 0xEB263783DEEA94473DAB408595664372, Message-ID 2
Payloads: ENCR
QUB-DATA: <LANCOM-PUBLIC-IP>:4500<---<ANDROID-PUBLIC-IP>:47193 rtg_tag 0 physical-channel WAN(1) vpn-channel 13
transport: [id: 14188898, UDP (17) {incoming unicast, fixed source address}, dst: <ANDROID-PUBLIC-IP>, tag 0 (U), src: <LANCOM-PUBLIC-IP>, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INTERNET (4), mac address: e4:8d:8c:0f:db:82, port 0], local port: 4500, remote port: 47193, flags: UDP_ENCAPSULATION
+IKE_SA found and assigned
+Exchange created (flags: 0x00000054)
Message verified successfully
Message decrypted successfully
Payloads: ENCR, DELETE
[VPN-IKE] 2022/12/19 17:31:14,642
[ANDROID3] Sending packet before encryption:
IKE 2.0 Header:
Source/Port : <LANCOM-PUBLIC-IP>:4500
Destination/Port : <ANDROID-PUBLIC-IP>:47193
Routing-tag : 0
Com-channel : 13
| Initiator cookie : EB 26 37 83 DE EA 94 47
| Responder cookie : 3D AB 40 85 95 66 43 72
| Next Payload : ENCR
| Version : 2.0
| Exchange type : INFORMATIONAL
| Flags : 0x20 Response
| Msg-ID : 2
| Length : 112 Bytes
ENCR Payload
| Next Payload : DELETE
| CRITICAL : NO
| Reserved : 0x00
| Length : 84 Bytes
| IV : B8 A6 44 CF E6 47 83 0E 9D 78 CC 5B 66 FC 93 0B
| ICV : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
| 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
DELETE Payload
| Next Payload : DELETE
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : IPSEC_IKE
| SPI size : 0
| #SPIs : 0
DELETE Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 12 Bytes
| Protocol ID : IPSEC_ESP
| SPI size : 4
| #SPIs : 1
| SPI 000 : 6B B6 16 88
Rest : 00 00 00 00 00 00 00 00 00 00 00 0B
[VPN-Debug] 2022/12/19 17:31:14,642
CRYPTACCESS: Unregistering combined id: 18
[VPN-Debug] 2022/12/19 17:31:14,643
CRYPTACCESS: Unregistering combined id: 52
[VPN-IKE] 2022/12/19 17:31:14,644
[ANDROID3] Sending packet after encryption:
IKE 2.0 Header:
Source/Port : <LANCOM-PUBLIC-IP>:4500
Destination/Port : <ANDROID-PUBLIC-IP>:47193
Routing-tag : 0
Com-channel : 13
| Initiator cookie : EB 26 37 83 DE EA 94 47
| Responder cookie : 3D AB 40 85 95 66 43 72
| Next Payload : ENCR
| Version : 2.0
| Exchange type : INFORMATIONAL
| Flags : 0x20 Response
| Msg-ID : 2
| Length : 112 Bytes
ENCR Payload
| Next Payload : DELETE
| CRITICAL : NO
| Reserved : 0x00
| Length : 84 Bytes
| IV : B8 A6 44 CF E6 47 83 0E 9D 78 CC 5B 66 FC 93 0B
| Encrypted Data : DE 38 87 6B 6B 46 AF 71 A3 3D 23 0F 00 E0 8A 3F
| 55 D9 6F 57 2D 60 73 79 E5 DC 5B ED A9 13 29 0F
| ICV : 0A 45 74 66 F8 25 00 21 82 69 A6 7C 7E A0 DD 09
| 61 6E 9A 07 4B 80 AC 4A 47 97 05 6B 9B B4 9C 6D
[VPN-Debug] 2022/12/19 17:31:14,644
Peer ANDROID3: Constructing an INFORMATIONAL-RESPONSE for send
Message encrypted successfully
Message authenticated successfully
Non-ESP-Marker Prepended
IKE_SA(0xEB263783DEEA94473DAB408595664372).EXPECTED-MSG-ID raised to 3
+(request, response) pair inserted into retransmission map
Sending an INFORMATIONAL-RESPONSE of 112 bytes (responder encrypted)
Gateways: <LANCOM-PUBLIC-IP>:4500--><ANDROID-PUBLIC-IP>:47193, tag 0 (UDP)
SPIs: 0xEB263783DEEA94473DAB408595664372, Message-ID 2
Payloads: ENCR