Probleme IKVv2 VPN zu Android-Gerät

eagle1900 · Beitrag von **eagle1900** » 24 Mai 2025, 19:08

Guten Abend zusammen,

ich versuche gerade in einem Test-Aufbau ein Android-Gerät per VPN mit dem Lancom 2100EF FW 10.92 zu verbinden, leider ohne Erfolg und ich sehe vor lauter Bäumen den Wald nicht und finde keine Konfig die funktioniert. Den Fehler "Could not match any proposal. See VPN-Debug trace for more information" habe ich gesehen, aber habe ich vorher noch etwas übersehen ? VPN-Debug liefert auch nicht mehr entworten, für einen kleinen Schubser in die richtige Richtung wäre ich sehr dankbar,

danke,

schönes Wochenende,

Grüße

Code: Alles auswählen

 
[VPN-Debug] 2025/05/24 19:01:57,030  Devicetime: 2025/05/24 19:01:57,017
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 940 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:53276
SPIs: 0x91BFED4CD01206CB0000000000000000, Message-ID 0
Payloads: SA, NONCE, KE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
QUB-DATA: 192.168.178.125:500<---192.168.178.79:53276 rtg_tag 0 physical-channel WAN(1)
transport: [id: 1559, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 53276
+No IKE_SA found
Counting consumed licenses by active channels...
  Consumed connected licenses   : 0
  Negotiating connections       : 0
  IKE negotiations              : 0
  MPPE connections              : 0
  LTA licenses                  : 0
  Licenses in use               : 0 < 25
  +Passive connection request accepted (16 micro seconds)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x91BFED4CD01206CBEA4EA6F683B81FFE00000000, P1, RESPONDER): Setting Negotiation SA
  Referencing (IKE_SA, 0x91BFED4CD01206CBEA4EA6F683B81FFE00000000, responder): use_count 3
Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
  +Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
  +Computing SHA1(0x91BFED4CD01206CB0000000000000000|192.168.178.79:53276)
  +Computing SHA1(0x91BFED4CD01206CB0000000000000000C0A8B24FD01C)
  +Computed: 0xF930A90B7BA8BEDA730C0C2C9BF66421855AA4FF
  +Received: 0xF930A90B7BA8BEDA730C0C2C9BF66421855AA4FF
  +Equal => NAT-T is disabled
Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
  +Computing SHA1(0x91BFED4CD01206CB0000000000000000|192.168.178.125:500)
  +Computing SHA1(0x91BFED4CD01206CB0000000000000000C0A8B27D01F4)
  +Computed: 0x618095B7322811C1AD3CDE58710A4F17E30BDA05
  +Received: 0x618095B7322811C1AD3CDE58710A4F17E30BDA05
  +Equal => NAT-T is disabled
Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
Looking for payload IKE_SA (33)...Found 1 payload.
  +Config   ENCR  transform(s): AES-GCM-16-256 AES-CBC-256
  +Received ENCR  transform(s): AES-CBC-256 AES-CBC-192 AES-CBC-128
  +Best intersection: AES-CBC-256
  +Config   PRF   transform(s): PRF-HMAC-SHA-256
  +Received PRF   transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC
  -No intersection
  +Config   INTEG transform(s): HMAC-SHA-256
  +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96
  +Best intersection: HMAC-SHA-256
  +Config   DH    transform(s): 30 29 28 21 20 19 15 14 2
  +Received DH    transform(s): 16 15 14
  +Best intersection: 15
  -PRF transform is obligatory for IKE-Protocol
  -Skipping proposal 1
  +Config   ENCR  transform(s): AES-GCM-16-256 AES-CBC-256
  +Received ENCR  transform(s): AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
  +Best intersection: AES-GCM-16-256
  +Config   PRF   transform(s): PRF-HMAC-SHA-256
  +Received PRF   transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC
  -No intersection
  +Config   INTEG transform(s): HMAC-SHA-256
  +Received INTEG transform(s): 
  +Best intersection: ignored since ENCR-Transform is an authenticated cipher
  +Config   DH    transform(s): 30 29 28 21 20 19 15 14 2
  +Received DH    transform(s): 16 15 14
  +Best intersection: 15
  -PRF transform is obligatory for IKE-Protocol
  -Skipping proposal 2

[VPN-Status] 2025/05/24 19:01:57,033  Devicetime: 2025/05/24 19:01:57,017
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 940 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:53276
SPIs: 0x91BFED4CD01206CB0000000000000000, Message-ID 0
Peer identified: DEFAULT
IKE_SA ('', '' IPSEC_IKE SPIs 0x91BFED4CD01206CBEA4EA6F683B81FFE) entered to SADB
Received 4 notifications: 
  +NAT_DETECTION_SOURCE_IP(0xF930A90B7BA8BEDA730C0C2C9BF66421855AA4FF) (STATUS)
  +NAT_DETECTION_DESTINATION_IP(0x618095B7322811C1AD3CDE58710A4F17E30BDA05) (STATUS)
  +IKEV2_FRAGMENTATION_SUPPORTED (STATUS)
  +SIGNATURE_HASH_ALGORITHMS(0x0001000200030004) (STATUS)
Peer (initiator) is not behind a NAT. NAT-T is disabled
We (responder) are not behind a NAT. NAT-T is disabled
+IKE-SA:
  IKE-Proposal-1  (12 transforms)
    ENCR : AES-CBC-256 AES-CBC-192 AES-CBC-128
    PRF  : PRF-HMAC-SHA1 PRF-AES128-XCBC
    INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96
    DH   : 16 15 14
  IKE-Proposal-2  (14 transforms)
    ENCR : AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
    PRF  : PRF-HMAC-SHA1 PRF-AES128-XCBC
    DH   : 16 15 14
-Could not match any proposal. See VPN-Debug trace for more information

[VPN-IKE] 2025/05/24 19:01:57,033  Devicetime: 2025/05/24 19:01:57,017
[DEFAULT] Sending packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:53276
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 91 BF ED 4C D0 12 06 CB
| Responder cookie  : 00 00 00 00 00 00 00 00
| Next Payload      : NOTIFY
| Version           : 2.0
| Exchange type     : IKE_SA_INIT
| Flags             : 0x20 Response  
| Msg-ID            : 0
| Length            : 36 Bytes
NOTIFY Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : NO_PROPOSAL_CHOSEN

[VPN-Debug] 2025/05/24 19:01:57,092  Devicetime: 2025/05/24 19:01:57,017
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
+(request, response) pair inserted into retransmission map
Sending an IKE_SA_INIT-RESPONSE of 36 bytes (responder)
Gateways: 192.168.178.125:500-->192.168.178.79:53276, tag 0 (UDP)
SPIs: 0x91BFED4CD01206CB0000000000000000, Message-ID 0
Payloads: NOTIFY(NO_PROPOSAL_CHOSEN[IKE_SA])

[VPN-Status] 2025/05/24 19:01:57,092  Devicetime: 2025/05/24 19:01:57,017
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
NOTIFY(NO_PROPOSAL_CHOSEN)
Sending an IKE_SA_INIT-RESPONSE of 36 bytes (responder)
Gateways: 192.168.178.125:500-->192.168.178.79:53276, tag 0 (UDP)
SPIs: 0x91BFED4CD01206CB0000000000000000, Message-ID 0

[VPN-Debug] 2025/05/24 19:01:57,092  Devicetime: 2025/05/24 19:01:57,017
IKE-TRANSPORT freed

[VPN-Status] 2025/05/24 19:01:57,092  Devicetime: 2025/05/24 19:01:57,017
IKE_SA ('', '' IPSEC_IKE SPIs 0x91BFED4CD01206CB0000000000000000) removed from SADB
IKE_SA ('', '' IPSEC_IKE SPIs 0x91BFED4CD01206CB0000000000000000) freed

Frühstücksdirektor · Beitrag von **Frühstücksdirektor** » 24 Mai 2025, 19:14

+Config PRF transform(s): PRF-HMAC-SHA-256
+Received PRF transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC
-No intersection

Da möchte Android wohl SHA-1 machen => In der DEFAULT-Verschlüsselung überall SHA-1 aktivieren...

eagle1900 · Beitrag von **eagle1900** » 24 Mai 2025, 21:21

Hallo,

danke dafür - was ich nicht verstehe, wieso in der default-Konfig- wenn ich eigentlich eine eigene Verschlüsselung für die Gegenstelle eingerichtet und auch ausgewählt habe - nun kommt aber folgendes, nachdem ich SHA-1 mit reingenommen habe,

schönes Wochenende,

Grüße

Code: Alles auswählen

 
[VPN-IKE] 2025/05/24 21:14:26,116  Devicetime: 2025/05/24 21:14:24,806
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:42775
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 4E 3D 7B 70 05 E1 9C D4
| Responder cookie  : 00 00 00 00 00 00 00 00
| Next Payload      : SA
| Version           : 2.0
| Exchange type     : IKE_SA_INIT
| Flags             : 0x08   Initiator
| Msg-ID            : 0
| Length            : 940 Bytes
SA Payload
| Next Payload      : NONCE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 276 Bytes
| PROPOSAL Payload
| | Next Payload    : PROPOSAL
| | Reserved        : 0x00
| | Length          : 116 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 12
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-512 (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-384 (13)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-XCBC-96 (5)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 3072-BIT MODP (15)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 2048-BIT MODP (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-AES128-XCBC (4)
| | | Attributes    : NONE
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 156 Bytes
| | Proposal number : 2
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 14
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 3072-BIT MODP (15)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 2048-BIT MODP (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-AES128-XCBC (4)
| | | Attributes    : NONE
NONCE Payload
| Next Payload      : KE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 36 Bytes
| Nonce(256 bits)   : 32 0B B1 08 8A AE 3B CB 24 11 82 48 30 E3 FD 57
|                     9C AF 02 07 8B E1 7A 68 48 59 52 09 76 91 A3 27
KE Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 520 Bytes
| DH Group          : 16
| Reserved2         : 0x0000
| DH-Key(4096 bits) : 22 80 67 31 48 32 8B 3A B8 FE 00 89 FB AE C1 0A
|                     37 EF 1D 3C 77 61 17 57 D1 A3 54 AF 14 C1 25 ED
|                     B5 92 5A F1 C6 F9 82 14 4E 16 31 0E 74 00 96 42
|                     1C 2F 44 83 AB 93 88 7D 53 B0 87 0E 34 61 97 EB
|                     94 4F CA 8B 5F 88 C8 F5 87 32 07 24 F8 02 4A 96
|                     DF 37 B4 28 BB 15 E5 7C EF 66 7F 51 33 A2 70 05
|                     7E BF 98 0B EB 14 5B E6 A7 7E 1B 01 12 2F 42 36
|                     4A 9B 90 02 8B 5B 8C 3D 9F C2 2A 17 F8 CC 5A 06
|                     63 80 98 61 EE 60 5A 0F 85 33 BB A0 43 90 D8 71
|                     60 A1 4B A9 B7 A4 C0 A0 34 9E CD 07 C7 ED 9F 45
|                     DA 46 C4 8E B9 07 60 4E B3 7F 44 67 F0 5B 5E F3
|                     30 20 CA 8A 0E CB DA D5 30 E7 2A 05 1A 58 CE 08
|                     AE 58 23 25 9D 2F 11 B5 81 E1 09 D9 93 38 13 48
|                     3B 5F 57 E1 DB 84 89 CD 2F A4 75 84 5D 10 A1 78
|                     AC 78 6F 34 1D 89 FF 5F 19 B8 8F 1F 2D FA 63 B2
|                     7D C3 B4 16 20 91 3B 44 FB B5 DB 5A EE F5 A6 77
|                     A7 A4 97 4E 75 A5 A4 46 3C FF C5 B2 F8 BF 46 09
|                     53 52 CF F0 30 8C 4D 23 37 D7 3C 52 A9 D8 2C 7E
|                     36 8A 6B C5 24 4A 9C 70 73 67 2A 4E 1B C0 E6 5A
|                     DC B0 A6 B2 94 FB 37 02 2B B3 89 24 E1 E4 51 6D
|                     79 09 AD A5 26 1A 5A 59 3A 79 52 0D 64 84 62 FB
|                     1F 31 46 2D 44 54 22 05 DD 71 1A 31 CC 3A 6D 3D
|                     D5 73 BF 1D 05 60 B9 EF D2 E0 A7 15 88 7E FE B5
|                     2D C0 23 E2 DC 27 94 96 34 42 66 4B 21 96 35 EE
|                     C1 D7 82 40 E3 46 68 84 58 F4 E9 98 18 E2 9F 33
|                     46 19 4B B8 DC 53 6D D7 75 95 0B E4 98 B8 52 75
|                     27 C0 B5 8C 02 C1 32 D7 AF 0D 25 D9 DC B1 AD 32
|                     E9 19 57 88 81 77 93 D5 55 27 03 8F 56 F0 DF 77
|                     66 85 50 74 71 86 30 5C 9A 28 D2 BC EC 76 CE 37
|                     B7 DD 41 9D 48 B2 BA DB 65 B9 BA C2 A0 E1 57 22
|                     8A 17 96 B3 90 AD 79 4D 7F 4E 04 24 82 06 C4 25
|                     E5 6E 1A 9F 23 FF 15 6D E4 AC 62 38 59 C9 CC 1B
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data       : AE 40 D8 36 B9 3D F2 83 11 CC C5 9A 72 84 B2 13
|                     9A 31 94 44
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data       : D7 61 69 FA 4C 7B BA E7 5F F0 3B 79 BD 21 29 A3
|                     38 58 84 70
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 16 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs.  : SHA1, SHA-256, SHA-384, SHA-512

[VPN-Debug] 2025/05/24 21:14:26,132  Devicetime: 2025/05/24 21:14:24,807
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 940 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:42775
SPIs: 0x4E3D7B7005E19CD40000000000000000, Message-ID 0
Payloads: SA, NONCE, KE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
QUB-DATA: 192.168.178.125:500<---192.168.178.79:42775 rtg_tag 0 physical-channel WAN(1)
transport: [id: 597, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 42775
+No IKE_SA found
Counting consumed licenses by active channels...
  Consumed connected licenses   : 0
  Negotiating connections       : 0
  IKE negotiations              : 0
  MPPE connections              : 0
  LTA licenses                  : 0
  Licenses in use               : 0 < 25
  +Passive connection request accepted (17 micro seconds)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x4E3D7B7005E19CD46F34368206EB190C00000000, P1, RESPONDER): Setting Negotiation SA
  Referencing (IKE_SA, 0x4E3D7B7005E19CD46F34368206EB190C00000000, responder): use_count 3
Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
  +Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
  +Computing SHA1(0x4E3D7B7005E19CD40000000000000000|192.168.178.79:42775)
  +Computing SHA1(0x4E3D7B7005E19CD40000000000000000C0A8B24FA717)
  +Computed: 0xAE40D836B93DF28311CCC59A7284B2139A319444
  +Received: 0xAE40D836B93DF28311CCC59A7284B2139A319444
  +Equal => NAT-T is disabled
Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
  +Computing SHA1(0x4E3D7B7005E19CD40000000000000000|192.168.178.125:500)
  +Computing SHA1(0x4E3D7B7005E19CD40000000000000000C0A8B27D01F4)
  +Computed: 0xD76169FA4C7BBAE75FF03B79BD2129A338588470
  +Received: 0xD76169FA4C7BBAE75FF03B79BD2129A338588470
  +Equal => NAT-T is disabled
Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
Looking for payload IKE_SA (33)...Found 1 payload.
  +Config   ENCR  transform(s): AES-GCM-16-256 AES-CBC-256
  +Received ENCR  transform(s): AES-CBC-256 AES-CBC-192 AES-CBC-128
  +Best intersection: AES-CBC-256
  +Config   PRF   transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
  +Received PRF   transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC
  +Best intersection: PRF-HMAC-SHA1
  +Config   INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
  +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96
  +Best intersection: HMAC-SHA-256
  +Config   DH    transform(s): 30 29 28 21 20 16 19 15 14 2
  +Received DH    transform(s): 16 15 14
  +Best intersection: 16
Looking for payload NONCE (40)...Found 1 payload.
  +Nonce length=32 bytes
  +Nonce=0x320BB1088AAE3BCB2411824830E3FD579CAF02078BE17A68485952097691A327
  +SA-DATA-Ni=0x320BB1088AAE3BCB2411824830E3FD579CAF02078BE17A68485952097691A327

[VPN-Status] 2025/05/24 21:14:26,163  Devicetime: 2025/05/24 21:14:24,807
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 940 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:42775
SPIs: 0x4E3D7B7005E19CD40000000000000000, Message-ID 0
Peer identified: DEFAULT
IKE_SA ('', '' IPSEC_IKE SPIs 0x4E3D7B7005E19CD46F34368206EB190C) entered to SADB
Received 4 notifications: 
  +NAT_DETECTION_SOURCE_IP(0xAE40D836B93DF28311CCC59A7284B2139A319444) (STATUS)
  +NAT_DETECTION_DESTINATION_IP(0xD76169FA4C7BBAE75FF03B79BD2129A338588470) (STATUS)
  +IKEV2_FRAGMENTATION_SUPPORTED (STATUS)
  +SIGNATURE_HASH_ALGORITHMS(0x0001000200030004) (STATUS)
Peer (initiator) is not behind a NAT. NAT-T is disabled
We (responder) are not behind a NAT. NAT-T is disabled
+IKE-SA:
  IKE-Proposal-1  (12 transforms)
    ENCR : AES-CBC-256 AES-CBC-192 AES-CBC-128
    PRF  : PRF-HMAC-SHA1 PRF-AES128-XCBC
    INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96
    DH   : 16 15 14
  IKE-Proposal-2  (14 transforms)
    ENCR : AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
    PRF  : PRF-HMAC-SHA1 PRF-AES128-XCBC
    DH   : 16 15 14
+Received KE-DH-Group 16 (4096 bits)

[VPN-IKE] 2025/05/24 21:14:26,163  Devicetime: 2025/05/24 21:14:24,808
[DEFAULT] Sending packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:42775
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 4E 3D 7B 70 05 E1 9C D4
| Responder cookie  : 6F 34 36 82 06 EB 19 0C
| Next Payload      : SA
| Version           : 2.0
| Exchange type     : IKE_SA_INIT
| Flags             : 0x20 Response  
| Msg-ID            : 0
| Length            : 761 Bytes
SA Payload
| Next Payload      : KE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 48 Bytes
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 44 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 4
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
KE Payload
| Next Payload      : NONCE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 520 Bytes
| DH Group          : 16
| Reserved2         : 0x0000
| DH-Key(4096 bits) : F9 9E 17 6B 67 5B 76 04 3B 47 4A 1F EE D9 99 9B
|                     EB 1A 26 8B A3 A9 EE 71 F7 9F AA 77 67 B6 7A 6D
|                     7E 19 19 45 3C 71 56 1A 90 77 AE FE B0 2D E5 6B
|                     85 A6 1A 1E 6D 55 65 EA 4A 2F 73 F5 41 21 E2 8A
|                     DF 50 60 31 E3 22 43 28 A2 A5 C3 C8 B8 DF B5 DD
|                     5F 17 E3 9D 16 64 32 18 A0 5E F3 40 4F 4B BA CB
|                     C4 78 90 4D D2 9E F8 C2 17 AD 33 9E 8F 29 31 E3
|                     DD 46 BE 11 82 A3 A9 2C B4 09 ED EB 46 9D F2 50
|                     48 9F 08 B7 32 BA 32 73 C0 7A EF 3C 3A 6F 02 41
|                     76 66 B8 84 78 ED CE AB DF 70 5E 70 A8 15 31 61
|                     D0 E3 37 9F 91 39 25 CA C0 94 4F 20 75 CD B9 51
|                     DC 77 38 80 05 AC 04 8E 99 B6 6B E5 B8 21 72 3D
|                     D7 21 61 18 59 B7 CE F6 7D CF 44 7D 7F 15 9C 21
|                     ED 20 8F 7E 1F E0 55 DD 8B D8 47 D0 CB C0 9B 46
|                     52 7A DC 75 67 14 27 BA 14 3F 0B BA 76 FA 35 8F
|                     B1 80 A1 3A 20 C3 EF D4 AE FB 97 71 4D A8 A6 B1
|                     AA BC 64 41 EF 53 42 AA 11 C9 9B E4 96 F7 8D 6D
|                     8C AD AB 79 EE 7F 1B 66 55 8D EC 9B 9B 46 B0 A3
|                     B6 B8 F3 90 85 1A E2 AE 39 80 C6 02 AD 0C 05 D7
|                     8A 46 18 EE 41 4F C2 19 21 E6 C5 CE 82 FF 0D 09
|                     19 2B 6C 11 F3 C6 2C B9 85 44 65 00 55 3D 7A D1
|                     98 7A 4E 7A 7A D5 5D DC 94 99 A9 18 61 D9 E6 9B
|                     06 B3 99 BC B3 AE 30 4D CE DB C4 A1 ED 3D 48 61
|                     07 1C 91 64 97 47 93 13 7E 11 E4 B3 7E 25 6E 68
|                     F7 18 96 2D A2 9E 77 F4 22 C5 9E CF 70 6D 86 90
|                     B1 61 69 1B BE A0 4D 50 36 5E 6F 25 95 F4 7C 49
|                     AE DA 33 0D 25 8C E8 84 FC 3D 98 23 79 85 13 F3
|                     DE 64 04 65 E9 54 09 3E E1 80 AA B4 01 17 AC F0
|                     3A E3 E2 71 47 EA 88 66 1E F5 E3 49 07 BA 55 04
|                     4B 79 B9 27 22 D3 84 56 3C C7 11 51 12 00 E2 2B
|                     20 C6 82 38 35 C9 72 B1 A3 02 CD D2 A6 50 53 F2
|                     AA 5F 77 2D B8 84 B0 75 A6 F2 A1 2D 21 2F A8 A3
NONCE Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 36 Bytes
| Nonce(256 bits)   : 73 0F 44 80 64 ED FE F1 1C CE 26 A8 1B 78 31 08
|                     FD EE 22 2B 72 D0 AE F2 DE 67 F5 7B A7 40 5F C3
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data       : 7B 6B 91 C3 5A A4 BD 1D 05 02 7B 3E 33 7E 22 8E
|                     29 A9 E6 04
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data       : 83 27 8A 21 EF 79 BA 3F 39 44 33 C0 98 62 31 C2
|                     23 00 D7 8E
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 16 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs.  : SHA-256, SHA-384, SHA-512, IDENTITY
NOTIFY Payload
| Next Payload      : CERTREQ
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : IKEV2_FRAGMENTATION_SUPPORTED
CERTREQ Payload
| Next Payload      : VENDOR
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 25 Bytes
| Cert. Type        : X509_SIG
| Cert. Authority   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|                     00 00 00 00
VENDOR Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 24 Bytes
| Vendor ID         : 81 75 2E B5 91 4D 73 5C DF CD C8 58 C3 A8 ED 7C
|                     1C 66 D1 42

[VPN-Debug] 2025/05/24 21:14:26,226  Devicetime: 2025/05/24 21:14:24,940
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
Constructing payload NONCE (40):
  +Nonce length=32 bytes
  +Nonce=0x730F448064EDFEF11CCE26A81B783108FDEE222B72D0AEF2DE67F57BA7405FC3
  +SA-DATA-Nr=0x730F448064EDFEF11CCE26A81B783108FDEE222B72D0AEF2DE67F57BA7405FC3
Constructing payload NOTIFY(DETECTION_SOURCE_IP) (41):
  +Computing SHA1(0x4E3D7B7005E19CD46F34368206EB190C|192.168.178.125:500)
  +Computing SHA1(0x4E3D7B7005E19CD46F34368206EB190CC0A8B27D01F4)
  +0x7B6B91C35AA4BD1D05027B3E337E228E29A9E604
Constructing payload NOTIFY(DETECTION_DESTINATION_IP) (41):
  +Computing SHA1(0x4E3D7B7005E19CD46F34368206EB190C|192.168.178.79:42775)
  +Computing SHA1(0x4E3D7B7005E19CD46F34368206EB190CC0A8B24FA717)
  +0x83278A21EF79BA3F394433C0986231C22300D78E
Constructing payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41):
  +Signature hash algorithms: SHA-256,SHA-384,SHA-512,Identity
Constructing payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41):
Constructing payload NOTIFY(USE_PPK) (41):
  +Initiator does not support PPK
Constructing payload CERTREQ (38):
  +0x0000000000000000000000000000000000000000
Constructing payload VENDOR(FRAGMENTATION) (43):
Constructing payload VENDOR(FRAGMENTATION(C0000000)) (43):
Constructing payload VENDOR(ikev2 config payload: Do not narrow my traffic selector) (43):
Constructing payload VENDOR(activate lancom-systems notification private range) (43):
Constructing payload NOTIFY(DEVICE-ID) (41):
  +Peer does not support private notifications -> ignore
+Shared secret derived in 65991 micro seconds
IKE_SA(0x4E3D7B7005E19CD46F34368206EB190C).EXPECTED-MSG-ID raised to 1
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x4E3D7B7005E19CD46F34368206EB190C00000000, P1, RESPONDER): Resetting Negotiation SA
  (IKE_SA, 'DEFAULT', 'ISAKMP-PEER-DEFAULT', 0x4E3D7B7005E19CD46F34368206EB190C00000000, responder): use_count --5
+(request, response) pair inserted into retransmission map
Sending an IKE_SA_INIT-RESPONSE of 761 bytes (responder)
Gateways: 192.168.178.125:500-->192.168.178.79:42775, tag 0 (UDP)
SPIs: 0x4E3D7B7005E19CD46F34368206EB190C, Message-ID 0
Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(SIGNATURE_HASH_ALGORITHMS), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), CERTREQ, VENDOR(activate lancom-systems notification private range)

[VPN-Status] 2025/05/24 21:14:26,226  Devicetime: 2025/05/24 21:14:24,940
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
+IKE-SA:
  IKE-Proposal-1  (4 transforms)
    ENCR : AES-CBC-256
    PRF  : PRF-HMAC-SHA1
    INTEG: HMAC-SHA-256
    DH   : 16
+KE-DH-Group 16 (4096 bits)
IKE_SA_INIT [responder] for peer DEFAULT initiator id <no ipsec id>, responder id <no ipsec id>
initiator cookie: 0x4E3D7B7005E19CD4, responder cookie: 0x6F34368206EB190C
SA ISAKMP for peer DEFAULT
 Encryption                    : AES-CBC-256
 Integrity                     : AUTH-HMAC-SHA-256
 IKE-DH-Group                  : 16
 PRF                           : PRF-HMAC-SHA1
life time soft 05/25/2025 18:50:24 (in 77760 sec) / 0 kb
life time hard 05/25/2025 21:14:24 (in 86400 sec) / 0 kb
DPD: NONE
Negotiated: IKEV2_FRAGMENTATION

Sending an IKE_SA_INIT-RESPONSE of 761 bytes (responder)
Gateways: 192.168.178.125:500-->192.168.178.79:42775, tag 0 (UDP)
SPIs: 0x4E3D7B7005E19CD46F34368206EB190C, Message-ID 0

[VPN-IKE] 2025/05/24 21:14:26,228  Devicetime: 2025/05/24 21:14:24,940
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:42775
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 4E 3D 7B 70 05 E1 9C D4
| Responder cookie  : 6F 34 36 82 06 EB 19 0C
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x08   Initiator
| Msg-ID            : 1
| Length            : 496 Bytes
ENCR Payload
| Next Payload      : IDI
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 468 Bytes
| IV                : E0 83 DC 77 14 A1 28 95 81 6A 68 72 38 99 38 58
| Encrypted Data    : B5 0C 3D 0E 90 2E 82 B4 25 01 EC FB B2 DD D2 5A
|                     B2 95 41 D2 F4 BE 11 D7 36 AB 8C 1C AD 3F FF B4
|                     D1 F2 94 EE 17 E0 CB 6F B7 27 1F F8 E0 0A 37 91
|                     2B F3 98 9A EF 56 3C 21 14 6F 64 20 1F E4 AB 9B
|                     0B 12 BF 44 64 12 33 96 31 31 33 BF 27 F5 CD E5
|                     52 AD D6 08 F1 80 30 FE 6E 8D DA 76 42 B9 59 E4
|                     84 4F 40 15 1F 78 0B 46 5A 8B 91 92 D4 57 11 27
|                     6E 3F 2A AA 65 6A AB 6C A3 A9 99 BF 2C 43 F1 AA
|                     3B C1 50 F9 06 BE 04 BB 8B 88 21 E9 F3 02 35 00
|                     3D 5F 7C 1A 2C 12 F3 8C 35 97 F5 02 FA 8D DE 06
|                     41 33 6F 0D AB 2A C4 FF 35 85 3C 11 88 10 78 77
|                     68 E0 A7 1B 69 5C 85 2E 4E D2 A0 9A 1C F3 6B 69
|                     F7 31 97 BE 5D 23 C4 82 38 1F 40 66 25 C9 1D 8C
|                     77 1A FB A0 C3 E3 4A 16 39 4E 6F 28 D4 65 E9 13
|                     A1 36 A3 40 12 F1 81 13 88 0D 94 9A 38 0D 69 57
|                     99 0C 33 2D 66 FB 42 3E 0D 82 85 7E 74 D2 2D AF
|                     8A 9A AA D5 5B F9 BE 48 3B ED F0 F4 DB 34 C3 12
|                     A4 93 ED 29 BE B3 54 49 0D FA F6 97 6B B1 E9 C0
|                     89 B5 B8 06 7B B4 5A 75 AE BB 47 DD A5 65 DC 9A
|                     BA B0 61 84 03 11 12 F4 98 8E 13 C1 CB 29 F4 95
|                     4A 91 1E EA 87 B2 F6 C0 FF 91 AC 6C 78 25 37 93
|                     DC 3E 0E D9 BD E7 BE 87 79 9C 3E E4 83 B6 DB 86
|                     A3 F7 84 94 9A 39 70 78 67 44 88 93 04 57 53 33
|                     C2 D6 28 78 CE 65 D7 CB E1 4D 34 B2 6F 80 BF 14
|                     27 5D EB E4 BE A2 A8 A4 A5 E1 EF AC 8C 46 FF 8C
|                     A8 96 46 88 68 22 2A E0 A5 01 AA 93 74 FB 4E 7B
|                     8D 55 98 20 FA 9C 50 01 82 3F DE 2A 12 69 B4 3D
| ICV               : 6C 49 6B E2 55 8C AD FF B9 F8 B6 47 4A AF 57 58

[VPN-IKE] 2025/05/24 21:14:26,228  Devicetime: 2025/05/24 21:14:24,940
[DEFAULT] Received packet after decryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:42775
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 4E 3D 7B 70 05 E1 9C D4
| Responder cookie  : 6F 34 36 82 06 EB 19 0C
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x08   Initiator
| Msg-ID            : 1
| Length            : 496 Bytes
ENCR Payload
| Next Payload      : IDI
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 468 Bytes
| IV                : E0 83 DC 77 14 A1 28 95 81 6A 68 72 38 99 38 58
| ICV               : 6C 49 6B E2 55 8C AD FF B9 F8 B6 47 4A AF 57 58
IDI Payload
| Next Payload      : IDR
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 10 Bytes
| ID type           : FQDN
| Reserved          : 0x000000
| ID                : FH
IDR Payload
| Next Payload      : AUTH
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 12 Bytes
| ID type           : IPV4_ADDR
| Reserved          : 0x000000
| ID                : 192.168.178.125
AUTH Payload
| Next Payload      : SA
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Auth. Method      : PRESHARED_KEY
| Reserved          : 0x000000
| Auth. Data        : 2A 4A F5 55 8D 0A 03 16 B1 D5 57 AA 5E 79 16 89
|                     B8 C6 89 5A
SA Payload
| Next Payload      : TSi
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 212 Bytes
| PROPOSAL Payload
| | Next Payload    : PROPOSAL
| | Reserved        : 0x00
| | Length          : 80 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_ESP
| | SPI size        : 4
| | #Transforms     : 7
| | SPI             : 0B 3E 2A 0A
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-512 (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-384 (13)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2     : 0x00
| | | Transform ID  : NONE (0)
| | | Attributes    : NONE
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 128 Bytes
| | Proposal number : 2
| | Protocol ID     : IPSEC_ESP
| | SPI size        : 4
| | #Transforms     : 10
| | SPI             : 13 BB D6 72
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2     : 0x00
| | | Transform ID  : NONE (0)
| | | Attributes    : NONE
TSi Payload
| Next Payload      : TSr
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 64 Bytes
| Number of TSs     : 2
| Reserved          : 0x000000
| Traffic Selector 0
| | Type            : TS_IPV4_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 16
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : 0.0.0.0 - 255.255.255.255
| Traffic Selector 1
| | Type            : TS_IPV6_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 40
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
TSr Payload
| Next Payload      : CP
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 64 Bytes
| Number of TSs     : 2
| Reserved          : 0x000000
| Traffic Selector 0
| | Type            : TS_IPV4_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 16
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : 0.0.0.0 - 255.255.255.255
| Traffic Selector 1
| | Type            : TS_IPV6_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 40
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
CP Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 32 Bytes
| Type              : REQUEST
| Reserved2         : 0x000000
| Attribute 0
| | Type            : Variable, INTERNAL_IP4_ADDRESS
| | Length          : 0
| | Value           : 
| Attribute 1
| | Type            : Variable, INTERNAL_IP6_ADDRESS
| | Length          : 0
| | Value           : 
| Attribute 2
| | Type            : Variable, INTERNAL_IP4_DNS
| | Length          : 0
| | Value           : 
| Attribute 3
| | Type            : Variable, INTERNAL_IP6_DNS
| | Length          : 0
| | Value           : 
| Attribute 4
| | Type            : Variable, INTERNAL_IP4_NETMASK
| | Length          : 0
| | Value           : 
| Attribute 5
| | Type            : Variable, APPLICATION_VERSION
| | Length          : 0
| | Value           : 
Rest                : C8 5A 27 EB 3B 8E CB 7A 9E 09

[VPN-Debug] 2025/05/24 21:14:26,228  Devicetime: 2025/05/24 21:14:24,941
Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 496 bytes (encrypted)
Gateways: 192.168.178.125:500<--192.168.178.79:42775
SPIs: 0x4E3D7B7005E19CD46F34368206EB190C, Message-ID 1
Payloads: ENCR
QUB-DATA: 192.168.178.125:500<---192.168.178.79:42775 rtg_tag 0 physical-channel WAN(1)
transport: [id: 597, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 42775
+IKE_SA found and assigned
+Exchange created (flags: 0x00000000)
Message verified successfully
Message decrypted successfully
Payloads: ENCR, IDI, IDR, AUTH(PSK), SA, TSI, TSR, CP(REQUEST)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x4E3D7B7005E19CD46F34368206EB190C00000001, P2, RESPONDER): Setting Negotiation SA
  Referencing (CHILD_SA, 0x4E3D7B7005E19CD46F34368206EB190C0000000100, responder): use_count 3
Looking for payload IDI (35)...Found 1 payload.
  -Received-ID:AUTH FH:FQDN:PRESHARED_KEY != Expected-ID:AUTH ID_NONE:ID_NONE:DIGITAL SIGNATURE
  -Received-ID:AUTH FH:FQDN:PRESHARED_KEY != Expected-ID:AUTH ID_NONE:ID_NONE:DIGITAL SIGNATURE
  -Received-ID:AUTH FH:FQDN:PRESHARED_KEY != Expected-ID:AUTH ID_NONE:ID_NONE:DIGITAL SIGNATURE
  -Received-ID:AUTH FH:FQDN:PRESHARED_KEY != Expected-ID:AUTH ID_NONE:ID_NONE:DIGITAL SIGNATURE
  -Received-ID:AUTH FH:FQDN:PRESHARED_KEY != Expected-ID:AUTH ID_NONE:ID_NONE:DIGITAL SIGNATURE
  -Received-ID:AUTH FH:FQDN:PRESHARED_KEY != Expected-ID:AUTH ID_NONE:ID_NONE:DIGITAL SIGNATURE

[VPN-Status] 2025/05/24 21:14:26,228  Devicetime: 2025/05/24 21:14:24,941
Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 496 bytes (encrypted)
Gateways: 192.168.178.125:500<--192.168.178.79:42775
SPIs: 0x4E3D7B7005E19CD46F34368206EB190C, Message-ID 1
CHILD_SA ('', '' ) entered to SADB
  find: No remote IDs found for peer DEFAULT

[VPN-IKE] 2025/05/24 21:14:26,228  Devicetime: 2025/05/24 21:14:24,941
[DEFAULT] Sending packet before encryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:42775
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 4E 3D 7B 70 05 E1 9C D4
| Responder cookie  : 6F 34 36 82 06 EB 19 0C
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x20 Response  
| Msg-ID            : 1
| Length            : 80 Bytes
ENCR Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 52 Bytes
| IV                : 3F 1D 5A D8 7C 54 AF 77 AF 6C 72 22 88 3B 8C 75
| ICV               : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NOTIFY Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : IPSEC_IKE
| SPI size          : 0
| Message type      : AUTHENTICATION_FAILED
Rest                : 00 00 00 00 00 00 00 07

[VPN-IKE] 2025/05/24 21:14:26,228  Devicetime: 2025/05/24 21:14:24,941
[DEFAULT] Sending packet after encryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:42775
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 4E 3D 7B 70 05 E1 9C D4
| Responder cookie  : 6F 34 36 82 06 EB 19 0C
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x20 Response  
| Msg-ID            : 1
| Length            : 80 Bytes
ENCR Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 52 Bytes
| IV                : 3F 1D 5A D8 7C 54 AF 77 AF 6C 72 22 88 3B 8C 75
| Encrypted Data    : 97 14 D3 FA D3 89 7A C0 AE C7 E4 48 EE 00 4A 7A
| ICV               : A8 F5 1C 34 3C 09 74 84 8A AA 75 45 D1 AD A7 48

[VPN-Debug] 2025/05/24 21:14:26,229  Devicetime: 2025/05/24 21:14:24,941
Peer DEFAULT: Constructing an IKE_AUTH-RESPONSE for send
Message encrypted successfully
Message authenticated successfully
SA-FREE: No active SA found (not replaced, not finalized) (SA_FLAG_DONT_FREE_EXCHANGES)
+(request, response) pair inserted into retransmission map
Sending an IKE_AUTH-RESPONSE of 80 bytes (responder encrypted)
Gateways: 192.168.178.125:500-->192.168.178.79:42775, tag 0 (UDP)
SPIs: 0x4E3D7B7005E19CD46F34368206EB190C, Message-ID 1
Payloads: ENCR

[VPN-Status] 2025/05/24 21:14:26,229  Devicetime: 2025/05/24 21:14:24,941
Peer DEFAULT: Constructing an IKE_AUTH-RESPONSE for send
NOTIFY(AUTHENTICATION_FAILED)
IKE_SA ('DEFAULT', 'ISAKMP-PEER-DEFAULT' IPSEC_IKE SPIs 0x4E3D7B7005E19CD46F34368206EB190C) removed from SADB
Sending an IKE_AUTH-RESPONSE of 80 bytes (responder encrypted)
Gateways: 192.168.178.125:500-->192.168.178.79:42775, tag 0 (UDP)
SPIs: 0x4E3D7B7005E19CD46F34368206EB190C, Message-ID 1

[VPN-Status] 2025/05/24 21:14:26,229  Devicetime: 2025/05/24 21:14:24,941
IKE log: 211424.941599 Default IKE-DISCONNECT-RESPONSE: could not be sent for peer DEFAULT on message free (empty handle)

[VPN-Debug] 2025/05/24 21:14:26,229  Devicetime: 2025/05/24 21:14:24,941
LCVPEI: IKE-R-IKE-key-mismatch
IKE-TRANSPORT freed

[VPN-Status] 2025/05/24 21:14:26,229  Devicetime: 2025/05/24 21:14:24,941
CHILD_SA ('', '' ) removed from SADB
CHILD_SA ('', '' ) freed
IKE_SA ('DEFAULT', 'ISAKMP-PEER-DEFAULT' IPSEC_IKE SPIs 0x4E3D7B7005E19CD46F34368206EB190C) freed

[VPN-IKE] 2025/05/24 21:14:26,229  Devicetime: 2025/05/24 21:14:24,945
[<UNKNOWN>] Received packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:42775
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 4E 3D 7B 70 05 E1 9C D4
| Responder cookie  : 6F 34 36 82 06 EB 19 0C
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : INFORMATIONAL
| Flags             : 0x08   Initiator
| Msg-ID            : 2
| Length            : 80 Bytes
-No ENCR/INTEG algorithm(s) found in IKE_SA (No IKE_SA)
Rest                : 2A 00 00 34 C7 2F 20 F7 51 35 08 C7 7E A7 86 71
                      5D 82 D7 46 CF 1B FA 01 97 56 4B 25 B1 B1 D2 1F
                      B2 C2 EA 0B 5D 29 48 A4 F1 69 93 41 EC 01 8E 2A
                      4C 43 18 46

[VPN-IKE] 2025/05/24 21:14:26,229  Devicetime: 2025/05/24 21:14:24,945
[<UNKNOWN>] Sending packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:42775
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 4E 3D 7B 70 05 E1 9C D4
| Responder cookie  : 6F 34 36 82 06 EB 19 0C
| Next Payload      : NOTIFY
| Version           : 2.0
| Exchange type     : INFORMATIONAL
| Flags             : 0x20 Response  
| Msg-ID            : 2
| Length            : 36 Bytes
NOTIFY Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : INVALID_IKE_SPI

[VPN-Debug] 2025/05/24 21:14:26,285  Devicetime: 2025/05/24 21:14:24,945
Peer <UNKNOWN>: Received an INFORMATIONAL-REQUEST of 80 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:42775
SPIs: 0x4E3D7B7005E19CD46F34368206EB190C, Message-ID 2
Payloads: INVALID
QUB-DATA: 192.168.178.125:500<---192.168.178.79:42775 rtg_tag 0 physical-channel WAN(1)
transport: [id: 598, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 42775

Peer <UNKNOWN>: Constructing an INFORMATIONAL-RESPONSE for send
Sending an INFORMATIONAL-RESPONSE of 36 bytes
Gateways: 192.168.178.125:500-->192.168.178.79:42775, tag 0 (UDP)
SPIs: 0x4E3D7B7005E19CD46F34368206EB190C, Message-ID 2
Payloads: NOTIFY(INVALID_IKE_SPI)

[VPN-Status] 2025/05/24 21:14:26,285  Devicetime: 2025/05/24 21:14:24,945
Peer <UNKNOWN>: Received an INFORMATIONAL-REQUEST of 80 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:42775
SPIs: 0x4E3D7B7005E19CD46F34368206EB190C, Message-ID 2
-Could not find an IKE_SA for SPIs 0x4E3D7B7005E19CD46F34368206EB190C
-NOTIFY(INVALID_IKE_SPI)
-Could not index message correctly. payload_num=46, error code=4
-No ENCR/INTEG algorithm(s) found in IKE_SA (No IKE_SA)

Peer <UNKNOWN>: Constructing an INFORMATIONAL-RESPONSE for send
Sending an INFORMATIONAL-RESPONSE of 36 bytes
Gateways: 192.168.178.125:500-->192.168.178.79:42775, tag 0 (UDP)
SPIs: 0x4E3D7B7005E19CD46F34368206EB190C, Message-ID 2

[VPN-Debug] 2025/05/24 21:14:26,285  Devicetime: 2025/05/24 21:14:24,945
IKE-TRANSPORT freed


[TraceStopped] 2025/05/24 21:16:19,393

Dr.Einstein · Beitrag von **Dr.Einstein** » 24 Mai 2025, 22:22

Remote Type
FQDN

Remote ID
FH

ist eingestellt?

Code: Alles auswählen

| Next Payload : IDR
| CRITICAL : NO
| Reserved : 0x00
| Length : 10 Bytes
| ID type : FQDN
| Reserved : 0x000000
| ID : FH

eagle1900 · Beitrag von **eagle1900** » 24 Mai 2025, 23:07

Hallo Einstein,

danke für den Hinweis,

habe ich geändert, stand nicht auf dem Wert - nun kommt folgendes,

schönes Wochenende,

Grüße

Code: Alles auswählen

[VPN-IKE] 2025/05/24 23:01:31,147  Devicetime: 2025/05/24 23:01:30,984
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:34357
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 76 DA C4 90 CF 91 9F 41
| Responder cookie  : 00 00 00 00 00 00 00 00
| Next Payload      : SA
| Version           : 2.0
| Exchange type     : IKE_SA_INIT
| Flags             : 0x08   Initiator
| Msg-ID            : 0
| Length            : 940 Bytes
SA Payload
| Next Payload      : NONCE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 276 Bytes
| PROPOSAL Payload
| | Next Payload    : PROPOSAL
| | Reserved        : 0x00
| | Length          : 116 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 12
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-512 (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-384 (13)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-XCBC-96 (5)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 3072-BIT MODP (15)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 2048-BIT MODP (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-AES128-XCBC (4)
| | | Attributes    : NONE
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 156 Bytes
| | Proposal number : 2
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 14
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 3072-BIT MODP (15)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 2048-BIT MODP (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-AES128-XCBC (4)
| | | Attributes    : NONE
NONCE Payload
| Next Payload      : KE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 36 Bytes
| Nonce(256 bits)   : 06 DF 07 CB E3 06 E6 64 F2 FE B7 6D C8 7F 6D 07
|                     82 F4 6E 31 A0 29 C7 93 63 4E FB E8 1E 3D 7B 51
KE Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 520 Bytes
| DH Group          : 16
| Reserved2         : 0x0000
| DH-Key(4096 bits) : 82 67 D5 E4 E7 16 63 CB 5D 31 63 E9 97 B4 8D 31
|                     F2 AD EE 87 2E 14 CB 4A B6 24 1E 87 C8 97 CA 86
|                     EC 7A 45 51 AE CD 07 D9 FD 51 F6 BA 78 C8 4D E7
|                     E1 F2 03 7F 32 3D 66 44 86 68 FB F2 D0 2D B7 D8
|                     F9 F3 1D 7C 9C 88 C8 CD 92 AA 55 62 18 1A E4 FB
|                     7C 16 0A 55 53 94 F6 98 86 E4 BC 0C D5 DD 79 91
|                     AC 98 EC 69 54 39 12 51 63 3D 6B 5C 5D BB ED D7
|                     21 F6 C0 E9 31 D0 CA 81 3A 3F 2E 2B 00 72 41 C5
|                     8E B9 AB D6 2D 21 4B A6 2D 73 C7 05 C6 EF 4E 3B
|                     06 8E 6C E5 D9 0D 4E CD 40 45 CD 20 90 D8 6C 61
|                     AC C3 F6 E8 58 F8 82 F2 CC AC 8F D1 F6 8A C7 13
|                     3F 42 24 7C CF 25 83 C2 5A D2 F5 E8 D0 DC 22 13
|                     18 47 B6 E5 A5 B9 03 69 BB 91 4C 06 AC B1 D3 26
|                     B5 EE AD EB 84 1E 45 29 29 0B 76 A8 D3 10 BF 66
|                     C2 23 AA FE AE 46 CD 40 35 91 7B B4 4F A5 92 8E
|                     CE 46 21 1B AA 1F 5B 4A DF 7A 76 20 D9 05 EE 6E
|                     AC 84 47 93 09 AC 2C A8 E8 A3 AF 82 90 B8 33 75
|                     B2 18 F3 2B E7 6C A6 FA C1 6F F7 80 CB 43 97 98
|                     F0 FF C1 DE 2A A3 2A 0A 67 8D 0F 17 B5 63 63 0B
|                     8F 97 3F 44 00 56 0C 9F DC 11 FB 0F 2A F5 62 8C
|                     DB E6 32 1E 58 42 DC B6 C6 2A 29 C7 8A 53 DC 83
|                     BC 08 3D F1 04 EC F3 91 AB 6C 44 A7 37 05 36 42
|                     B6 9D 10 58 56 E5 76 E8 47 F0 18 18 F8 05 44 16
|                     07 1D DF DC 72 A4 59 72 CB 87 D7 FD C1 45 E1 7F
|                     C1 29 05 81 C8 F8 61 CB 17 E2 E6 BD 55 2E 45 E7
|                     CC 2F FE 96 9F 4B 41 83 07 3F 5B 60 BE B1 30 7A
|                     A6 B3 BB 02 A7 86 BA E4 BA 77 F5 71 B7 9A B6 EC
|                     F9 3E 03 19 BA 2D E5 25 22 10 67 1E C9 7F 8F 94
|                     D8 93 B5 A3 A3 51 2C CD CB 26 63 12 24 2E D9 19
|                     F2 87 1D 7C 45 C0 5B A5 BF 95 6F E0 29 FA A1 11
|                     54 93 2A F9 E0 18 AF EF FC BF 86 62 1C 72 C9 E1
|                     5A 4B D6 FA CD C5 78 88 4B 11 CC 51 2B 94 7D 26
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data       : 8B 61 FF 11 A4 07 28 25 0C 79 B4 75 B7 D7 1C 0D
|                     48 D0 D9 82
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data       : F6 09 16 2B B1 81 7B D0 8D 5F 8A 2B 25 1F E9 03
|                     7F F8 62 90
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 16 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs.  : SHA1, SHA-256, SHA-384, SHA-512

[VPN-Debug] 2025/05/24 23:01:31,164  Devicetime: 2025/05/24 23:01:30,985
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 940 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:34357
SPIs: 0x76DAC490CF919F410000000000000000, Message-ID 0
Payloads: SA, NONCE, KE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
QUB-DATA: 192.168.178.125:500<---192.168.178.79:34357 rtg_tag 0 physical-channel WAN(1)
transport: [id: 1570, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 34357
+No IKE_SA found
Counting consumed licenses by active channels...
  Consumed connected licenses   : 0
  Negotiating connections       : 0
  IKE negotiations              : 0
  MPPE connections              : 0
  LTA licenses                  : 0
  Licenses in use               : 0 < 25
  +Passive connection request accepted (17 micro seconds)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x76DAC490CF919F41CFFBD06BB8A6D39300000000, P1, RESPONDER): Setting Negotiation SA
  Referencing (IKE_SA, 0x76DAC490CF919F41CFFBD06BB8A6D39300000000, responder): use_count 3
Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
  +Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
  +Computing SHA1(0x76DAC490CF919F410000000000000000|192.168.178.79:34357)
  +Computing SHA1(0x76DAC490CF919F410000000000000000C0A8B24F8635)
  +Computed: 0x8B61FF11A40728250C79B475B7D71C0D48D0D982
  +Received: 0x8B61FF11A40728250C79B475B7D71C0D48D0D982
  +Equal => NAT-T is disabled
Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
  +Computing SHA1(0x76DAC490CF919F410000000000000000|192.168.178.125:500)
  +Computing SHA1(0x76DAC490CF919F410000000000000000C0A8B27D01F4)
  +Computed: 0xF609162BB1817BD08D5F8A2B251FE9037FF86290
  +Received: 0xF609162BB1817BD08D5F8A2B251FE9037FF86290
  +Equal => NAT-T is disabled
Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
Looking for payload IKE_SA (33)...Found 1 payload.
  +Config   ENCR  transform(s): AES-GCM-16-256 AES-CBC-256
  +Received ENCR  transform(s): AES-CBC-256 AES-CBC-192 AES-CBC-128
  +Best intersection: AES-CBC-256
  +Config   PRF   transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
  +Received PRF   transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC
  +Best intersection: PRF-HMAC-SHA1
  +Config   INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
  +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96
  +Best intersection: HMAC-SHA-256
  +Config   DH    transform(s): 30 29 28 21 20 16 19 15 14 2
  +Received DH    transform(s): 16 15 14
  +Best intersection: 16
Looking for payload NONCE (40)...Found 1 payload.
  +Nonce length=32 bytes
  +Nonce=0x06DF07CBE306E664F2FEB76DC87F6D0782F46E31A029C793634EFBE81E3D7B51
  +SA-DATA-Ni=0x06DF07CBE306E664F2FEB76DC87F6D0782F46E31A029C793634EFBE81E3D7B51

[VPN-Status] 2025/05/24 23:01:31,195  Devicetime: 2025/05/24 23:01:30,985
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 940 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:34357
SPIs: 0x76DAC490CF919F410000000000000000, Message-ID 0
Peer identified: DEFAULT
IKE_SA ('', '' IPSEC_IKE SPIs 0x76DAC490CF919F41CFFBD06BB8A6D393) entered to SADB
Received 4 notifications: 
  +NAT_DETECTION_SOURCE_IP(0x8B61FF11A40728250C79B475B7D71C0D48D0D982) (STATUS)
  +NAT_DETECTION_DESTINATION_IP(0xF609162BB1817BD08D5F8A2B251FE9037FF86290) (STATUS)
  +IKEV2_FRAGMENTATION_SUPPORTED (STATUS)
  +SIGNATURE_HASH_ALGORITHMS(0x0001000200030004) (STATUS)
Peer (initiator) is not behind a NAT. NAT-T is disabled
We (responder) are not behind a NAT. NAT-T is disabled
+IKE-SA:
  IKE-Proposal-1  (12 transforms)
    ENCR : AES-CBC-256 AES-CBC-192 AES-CBC-128
    PRF  : PRF-HMAC-SHA1 PRF-AES128-XCBC
    INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96
    DH   : 16 15 14
  IKE-Proposal-2  (14 transforms)
    ENCR : AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
    PRF  : PRF-HMAC-SHA1 PRF-AES128-XCBC
    DH   : 16 15 14
+Received KE-DH-Group 16 (4096 bits)

[VPN-IKE] 2025/05/24 23:01:31,195  Devicetime: 2025/05/24 23:01:30,986
[DEFAULT] Sending packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:34357
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 76 DA C4 90 CF 91 9F 41
| Responder cookie  : CF FB D0 6B B8 A6 D3 93
| Next Payload      : SA
| Version           : 2.0
| Exchange type     : IKE_SA_INIT
| Flags             : 0x20 Response  
| Msg-ID            : 0
| Length            : 761 Bytes
SA Payload
| Next Payload      : KE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 48 Bytes
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 44 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 4
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
KE Payload
| Next Payload      : NONCE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 520 Bytes
| DH Group          : 16
| Reserved2         : 0x0000
| DH-Key(4096 bits) : 77 BB D7 63 51 08 4A 08 E0 17 DE E0 4F D5 D0 F6
|                     60 55 5E F4 59 E6 1E C4 0F 67 D3 8A A1 28 59 8D
|                     48 EC 53 A3 B0 36 CD D2 8A 8A 4B 3A AA 77 31 DB
|                     B8 70 BD 5B 09 69 CC 8E 11 63 D6 D8 FA B5 89 E1
|                     FF 2E B9 59 8B B5 64 1A 55 F8 81 01 3C 69 78 BD
|                     9D D9 10 55 2E 98 CC 55 FA AB 7C 94 E1 F0 87 CE
|                     2E 67 EB D0 8F 63 E4 93 59 D5 1C 17 BE A1 7C 90
|                     9B 1F 22 C3 B0 1C A1 0D D1 40 BC EF 4F D9 2E 8B
|                     C9 F1 E7 C3 21 23 E3 0F 32 76 34 14 99 AA 38 D5
|                     44 39 5C 8B 73 3D 17 E2 E2 C6 27 54 2A 4D 0E D0
|                     93 21 2F EE FC 60 6D A4 54 19 59 00 BB 86 6E F0
|                     21 0E 6A 33 55 78 42 97 E5 01 FB 39 1A C0 98 A0
|                     83 4D 7D 45 B1 E0 41 34 2E 21 F0 C2 4E 3A 34 88
|                     0B 7C 79 9E F9 C9 19 04 33 F7 58 63 A1 45 AD 59
|                     80 A1 D6 CB C3 98 21 8F 59 64 EA 00 42 81 6B E1
|                     16 0F 0C 2A 2B 32 D0 91 76 2F 5E DA B8 ED 2E DE
|                     7F F8 61 AF 13 CE A4 20 79 D7 59 7C 01 A1 99 6B
|                     98 37 1C CF F2 8C D8 07 9D DD FC 38 77 6A 74 B5
|                     30 41 D9 D9 93 4A BC 9F 59 50 3B 1C 9B 8C 50 9C
|                     FF 8F DD 7F 66 B9 13 92 90 D1 62 BB 4D 46 C2 93
|                     F4 9A 9A F8 D5 B7 0D 53 9F BA 08 6D 1D 51 4A 1A
|                     BC F0 51 AC CF AB D0 9C 3B 8C 14 9D D0 64 E5 A6
|                     DA 2D 6F 7F 1B 40 50 83 52 93 5D 83 52 17 AC 5C
|                     FA EA E3 55 9B 3C 17 E5 64 30 56 3F 1F 4B 42 52
|                     13 06 9E 0D 9B DB 61 B8 77 FB 10 4C 0C E2 86 18
|                     97 3C C7 CD 15 33 BE 2C E0 C2 2C 79 87 17 48 1F
|                     77 C9 96 88 E9 4F 29 09 C1 BD ED C1 97 93 94 65
|                     41 28 B8 A2 BC 88 FF 7F CD CF EA 80 C7 AA 7E DF
|                     5B D6 B5 C2 AA 10 B6 2F B0 D0 44 04 DB 65 7E 6E
|                     EF D1 83 D2 C1 EF C2 1A 54 48 79 01 DE D1 C8 AE
|                     05 F6 AD C1 22 8C DD 9E 47 75 34 66 BC 82 12 59
|                     88 48 FA 8E 3D 0E 4D 13 16 95 2F 96 77 1A 44 CA
NONCE Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 36 Bytes
| Nonce(256 bits)   : 58 57 90 E7 67 63 AA BF 32 F0 BE B9 E7 B6 99 0E
|                     34 67 25 1E 9F 1D 6C 84 90 08 71 FB 5D 26 8B CC
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data       : D2 E7 11 3F 91 A2 75 82 93 72 ED FD 89 72 D6 E3
|                     20 D3 B2 66
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data       : 6A 0F 82 BA 2E E8 7E 22 75 51 99 77 0D BF 08 BB
|                     47 E6 8A 90
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 16 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs.  : SHA-256, SHA-384, SHA-512, IDENTITY
NOTIFY Payload
| Next Payload      : CERTREQ
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : IKEV2_FRAGMENTATION_SUPPORTED
CERTREQ Payload
| Next Payload      : VENDOR
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 25 Bytes
| Cert. Type        : X509_SIG
| Cert. Authority   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|                     00 00 00 00
VENDOR Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 24 Bytes
| Vendor ID         : 81 75 2E B5 91 4D 73 5C DF CD C8 58 C3 A8 ED 7C
|                     1C 66 D1 42

[VPN-Debug] 2025/05/24 23:01:31,256  Devicetime: 2025/05/24 23:01:31,117
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
Constructing payload NONCE (40):
  +Nonce length=32 bytes
  +Nonce=0x585790E76763AABF32F0BEB9E7B6990E3467251E9F1D6C84900871FB5D268BCC
  +SA-DATA-Nr=0x585790E76763AABF32F0BEB9E7B6990E3467251E9F1D6C84900871FB5D268BCC
Constructing payload NOTIFY(DETECTION_SOURCE_IP) (41):
  +Computing SHA1(0x76DAC490CF919F41CFFBD06BB8A6D393|192.168.178.125:500)
  +Computing SHA1(0x76DAC490CF919F41CFFBD06BB8A6D393C0A8B27D01F4)
  +0xD2E7113F91A275829372EDFD8972D6E320D3B266
Constructing payload NOTIFY(DETECTION_DESTINATION_IP) (41):
  +Computing SHA1(0x76DAC490CF919F41CFFBD06BB8A6D393|192.168.178.79:34357)
  +Computing SHA1(0x76DAC490CF919F41CFFBD06BB8A6D393C0A8B24F8635)
  +0x6A0F82BA2EE87E22755199770DBF08BB47E68A90
Constructing payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41):
  +Signature hash algorithms: SHA-256,SHA-384,SHA-512,Identity
Constructing payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41):
Constructing payload NOTIFY(USE_PPK) (41):
  +Initiator does not support PPK
Constructing payload CERTREQ (38):
  +0x0000000000000000000000000000000000000000
Constructing payload VENDOR(FRAGMENTATION) (43):
Constructing payload VENDOR(FRAGMENTATION(C0000000)) (43):
Constructing payload VENDOR(ikev2 config payload: Do not narrow my traffic selector) (43):
Constructing payload VENDOR(activate lancom-systems notification private range) (43):
Constructing payload NOTIFY(DEVICE-ID) (41):
  +Peer does not support private notifications -> ignore
+Shared secret derived in 66058 micro seconds
IKE_SA(0x76DAC490CF919F41CFFBD06BB8A6D393).EXPECTED-MSG-ID raised to 1
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x76DAC490CF919F41CFFBD06BB8A6D39300000000, P1, RESPONDER): Resetting Negotiation SA
  (IKE_SA, 'DEFAULT', 'ISAKMP-PEER-DEFAULT', 0x76DAC490CF919F41CFFBD06BB8A6D39300000000, responder): use_count --5
+(request, response) pair inserted into retransmission map
Sending an IKE_SA_INIT-RESPONSE of 761 bytes (responder)
Gateways: 192.168.178.125:500-->192.168.178.79:34357, tag 0 (UDP)
SPIs: 0x76DAC490CF919F41CFFBD06BB8A6D393, Message-ID 0
Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(SIGNATURE_HASH_ALGORITHMS), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), CERTREQ, VENDOR(activate lancom-systems notification private range)

[VPN-Status] 2025/05/24 23:01:31,256  Devicetime: 2025/05/24 23:01:31,117
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
+IKE-SA:
  IKE-Proposal-1  (4 transforms)
    ENCR : AES-CBC-256
    PRF  : PRF-HMAC-SHA1
    INTEG: HMAC-SHA-256
    DH   : 16
+KE-DH-Group 16 (4096 bits)
IKE_SA_INIT [responder] for peer DEFAULT initiator id <no ipsec id>, responder id <no ipsec id>
initiator cookie: 0x76DAC490CF919F41, responder cookie: 0xCFFBD06BB8A6D393
SA ISAKMP for peer DEFAULT
 Encryption                    : AES-CBC-256
 Integrity                     : AUTH-HMAC-SHA-256
 IKE-DH-Group                  : 16
 PRF                           : PRF-HMAC-SHA1
life time soft 05/25/2025 20:37:31 (in 77760 sec) / 0 kb
life time hard 05/25/2025 23:01:31 (in 86400 sec) / 0 kb
DPD: NONE
Negotiated: IKEV2_FRAGMENTATION

Sending an IKE_SA_INIT-RESPONSE of 761 bytes (responder)
Gateways: 192.168.178.125:500-->192.168.178.79:34357, tag 0 (UDP)
SPIs: 0x76DAC490CF919F41CFFBD06BB8A6D393, Message-ID 0

[VPN-IKE] 2025/05/24 23:01:31,258  Devicetime: 2025/05/24 23:01:31,118
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:34357
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 76 DA C4 90 CF 91 9F 41
| Responder cookie  : CF FB D0 6B B8 A6 D3 93
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x08   Initiator
| Msg-ID            : 1
| Length            : 496 Bytes
ENCR Payload
| Next Payload      : IDI
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 468 Bytes
| IV                : 58 5F BC 24 EB 18 D1 B8 E6 45 BB 86 25 49 1F 88
| Encrypted Data    : 9D 22 23 D4 2B B3 A6 2B 24 84 2D 3E CB BC 55 CE
|                     37 00 15 A5 A5 09 ED 29 D8 0F 7D 9A D9 54 E2 1A
|                     5D EE 80 CD 4D AA 58 DA F4 30 88 93 4A F2 46 86
|                     4B 41 BC 13 62 CA EA 36 88 50 67 08 00 4A 96 68
|                     E4 A9 5D 32 0D 9F F1 17 6B 5E 65 69 D6 3B 69 F6
|                     BE 5A D9 91 98 5C 1F 54 C6 E4 09 DA 97 0F 7A 0F
|                     34 7E 6F BD 12 81 CE 47 D8 59 91 62 FF BF 35 48
|                     14 77 12 3F 84 D8 23 69 CF D2 2A D1 5B 27 D9 72
|                     7B 8A C7 9E D3 DA 14 4E 95 61 C5 B5 E7 68 CF 68
|                     F2 C5 A4 F8 32 02 47 52 49 F0 72 DA 4C FA 8E 20
|                     A5 33 32 D5 E9 FE B7 A6 62 FD FA 6C 8D 31 A1 B7
|                     AE B9 06 15 23 49 C0 90 A2 EE 1C E7 02 28 C9 8D
|                     44 B4 A7 B1 1A 23 20 DB 58 75 81 FF 17 A7 9D 3C
|                     C2 E7 00 3C CD 72 9A FE CD E9 26 92 6D 6F 50 A6
|                     88 3C 11 7C B7 DF 7B 39 AE 54 68 B4 F9 44 5F DF
|                     0A 47 17 02 D5 A6 9D 47 E2 F7 1A 8C C8 8C 11 DB
|                     41 D8 B2 83 BA 4C A7 D5 2C DB 2F 55 65 8A 39 2A
|                     6A 16 F2 1F 53 BD 19 79 5C 3C 0F 75 B2 B5 5B 62
|                     97 5A 36 B2 FC 73 4B 1F E4 18 EB CD DA 5D 24 3B
|                     94 2D FF 1E 23 2B E0 E5 8B A5 F6 9A 4C 3A 8C 98
|                     F6 39 34 E7 5A 6A FE CC BC A3 C9 E7 57 AF C1 32
|                     4A FF C8 F7 4D A1 65 74 4F D6 6F 0C 9E 25 05 3A
|                     67 4B C0 B4 BE 08 47 76 6E 96 C1 2E 28 7F D7 26
|                     7B 71 1C 55 D4 C7 23 55 D4 7C F8 F6 74 B0 43 11
|                     EE 11 0E CE 30 78 33 A2 65 6E 92 21 A3 73 03 EB
|                     60 A1 F4 59 FF 7A EC 10 26 E7 78 ED 1F D6 29 16
|                     6F AB 7F AD 73 7E 1F 63 82 85 CF 1A 28 80 68 EA
| ICV               : 12 0A 70 5C 51 88 3F 54 DD 47 E7 7E 2A 4F D8 42

[VPN-IKE] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,118
[DEFAULT] Received packet after decryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:34357
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 76 DA C4 90 CF 91 9F 41
| Responder cookie  : CF FB D0 6B B8 A6 D3 93
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x08   Initiator
| Msg-ID            : 1
| Length            : 496 Bytes
ENCR Payload
| Next Payload      : IDI
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 468 Bytes
| IV                : 58 5F BC 24 EB 18 D1 B8 E6 45 BB 86 25 49 1F 88
| ICV               : 12 0A 70 5C 51 88 3F 54 DD 47 E7 7E 2A 4F D8 42
IDI Payload
| Next Payload      : IDR
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 10 Bytes
| ID type           : FQDN
| Reserved          : 0x000000
| ID                : FH
IDR Payload
| Next Payload      : AUTH
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 12 Bytes
| ID type           : IPV4_ADDR
| Reserved          : 0x000000
| ID                : 192.168.178.125
AUTH Payload
| Next Payload      : SA
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Auth. Method      : PRESHARED_KEY
| Reserved          : 0x000000
| Auth. Data        : 69 BA BD BE AC 54 52 49 95 66 38 F0 5F 1B 9F 51
|                     B2 86 DE 52
SA Payload
| Next Payload      : TSi
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 212 Bytes
| PROPOSAL Payload
| | Next Payload    : PROPOSAL
| | Reserved        : 0x00
| | Length          : 80 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_ESP
| | SPI size        : 4
| | #Transforms     : 7
| | SPI             : 61 C6 D2 CA
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-512 (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-384 (13)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2     : 0x00
| | | Transform ID  : NONE (0)
| | | Attributes    : NONE
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 128 Bytes
| | Proposal number : 2
| | Protocol ID     : IPSEC_ESP
| | SPI size        : 4
| | #Transforms     : 10
| | SPI             : 24 D0 CC D0
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2     : 0x00
| | | Transform ID  : NONE (0)
| | | Attributes    : NONE
TSi Payload
| Next Payload      : TSr
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 64 Bytes
| Number of TSs     : 2
| Reserved          : 0x000000
| Traffic Selector 0
| | Type            : TS_IPV4_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 16
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : 0.0.0.0 - 255.255.255.255
| Traffic Selector 1
| | Type            : TS_IPV6_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 40
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
TSr Payload
| Next Payload      : CP
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 64 Bytes
| Number of TSs     : 2
| Reserved          : 0x000000
| Traffic Selector 0
| | Type            : TS_IPV4_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 16
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : 0.0.0.0 - 255.255.255.255
| Traffic Selector 1
| | Type            : TS_IPV6_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 40
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
CP Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 32 Bytes
| Type              : REQUEST
| Reserved2         : 0x000000
| Attribute 0
| | Type            : Variable, INTERNAL_IP4_ADDRESS
| | Length          : 0
| | Value           : 
| Attribute 1
| | Type            : Variable, INTERNAL_IP6_ADDRESS
| | Length          : 0
| | Value           : 
| Attribute 2
| | Type            : Variable, INTERNAL_IP4_DNS
| | Length          : 0
| | Value           : 
| Attribute 3
| | Type            : Variable, INTERNAL_IP6_DNS
| | Length          : 0
| | Value           : 
| Attribute 4
| | Type            : Variable, INTERNAL_IP4_NETMASK
| | Length          : 0
| | Value           : 
| Attribute 5
| | Type            : Variable, APPLICATION_VERSION
| | Length          : 0
| | Value           : 
Rest                : 8F 68 52 1E E4 50 2A 50 2D 09

[VPN-Debug] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,118
Config parser update peer's FH remote gateway to 192.168.178.79 (old 0.0.0.0)

[VPN-Debug] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,118
Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 496 bytes (encrypted)
Gateways: 192.168.178.125:500<--192.168.178.79:34357
SPIs: 0x76DAC490CF919F41CFFBD06BB8A6D393, Message-ID 1
Payloads: ENCR
QUB-DATA: 192.168.178.125:500<---192.168.178.79:34357 rtg_tag 0 physical-channel WAN(1)
transport: [id: 1570, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 34357
+IKE_SA found and assigned
+Exchange created (flags: 0x00000000)
Message verified successfully
Message decrypted successfully
Payloads: ENCR, IDI, IDR, AUTH(PSK), SA, TSI, TSR, CP(REQUEST)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x76DAC490CF919F41CFFBD06BB8A6D39300000001, P2, RESPONDER): Setting Negotiation SA
  Referencing (CHILD_SA, 0x76DAC490CF919F41CFFBD06BB8A6D3930000000100, responder): use_count 3
Looking for payload IDI (35)...Found 1 payload.
  +Received-ID FH:FQDN matches the Expected-ID FH:FQDN
  +Config   ENCR  transform(s): AES-GCM-16-256
  +Received ENCR  transform(s): AES-CBC-256
  -No intersection
  +Config   PRF   transform(s): PRF-HMAC-SHA1
  +Received PRF   transform(s): PRF-HMAC-SHA1
  +Best intersection: PRF-HMAC-SHA1
  +Config   INTEG transform(s): 
  +Received INTEG transform(s): HMAC-SHA-256
  -No intersection
  +Config   DH    transform(s): 16 2
  +Received DH    transform(s): 16
  +Best intersection: 16

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,118
Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 496 bytes (encrypted)
Gateways: 192.168.178.125:500<--192.168.178.79:34357
SPIs: 0x76DAC490CF919F41CFFBD06BB8A6D393, Message-ID 1
CHILD_SA ('', '' ) entered to SADB
+Received-ID FH:FQDN matches the Expected-ID FH:FQDN
-Proposal in IKE_SA_INIT exchange (peer DEFAULT) is not supported by peer FH (after identification)

[VPN-IKE] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,119
[FH] Sending packet before encryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:34357
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 76 DA C4 90 CF 91 9F 41
| Responder cookie  : CF FB D0 6B B8 A6 D3 93
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x20 Response  
| Msg-ID            : 1
| Length            : 80 Bytes
ENCR Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 52 Bytes
| IV                : 55 74 F7 D7 8D A1 D3 29 82 3E 76 4D 45 45 52 7A
| ICV               : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NOTIFY Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : NO_PROPOSAL_CHOSEN
Rest                : 00 00 00 00 00 00 00 07

[VPN-IKE] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,119
[FH] Sending packet after encryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:34357
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 76 DA C4 90 CF 91 9F 41
| Responder cookie  : CF FB D0 6B B8 A6 D3 93
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x20 Response  
| Msg-ID            : 1
| Length            : 80 Bytes
ENCR Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 52 Bytes
| IV                : 55 74 F7 D7 8D A1 D3 29 82 3E 76 4D 45 45 52 7A
| Encrypted Data    : 6F 15 45 D7 C5 9E F4 D7 79 D7 5F 1E DD EE D6 15
| ICV               : 2A 4B B9 9A 32 BA AE 65 9F 61 BC 58 E5 DB F4 98

[VPN-Debug] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,119
Peer FH: Constructing an IKE_AUTH-RESPONSE for send
Message encrypted successfully
Message authenticated successfully
SA-FREE: No active SA found (not replaced, not finalized) (SA_FLAG_DONT_FREE_EXCHANGES)
+(request, response) pair inserted into retransmission map
Sending an IKE_AUTH-RESPONSE of 80 bytes (responder encrypted)
Gateways: 192.168.178.125:500-->192.168.178.79:34357, tag 0 (UDP)
SPIs: 0x76DAC490CF919F41CFFBD06BB8A6D393, Message-ID 1
Payloads: ENCR

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,119
Peer FH: Constructing an IKE_AUTH-RESPONSE for send
NOTIFY(NO_PROPOSAL_CHOSEN)
IKE_SA ('FH', 'ISAKMP-PEER-FH' IPSEC_IKE SPIs 0x76DAC490CF919F41CFFBD06BB8A6D393) removed from SADB
Sending an IKE_AUTH-RESPONSE of 80 bytes (responder encrypted)
Gateways: 192.168.178.125:500-->192.168.178.79:34357, tag 0 (UDP)
SPIs: 0x76DAC490CF919F41CFFBD06BB8A6D393, Message-ID 1

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,119
IKE log: 230131.119359 Default IKE-DISCONNECT-RESPONSE: comchannel 12 set for peer FH on message free

[VPN-Debug] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,119
LCVPEI: IKE-R-No-proposal-matched
DISCONNECT-RESPONSE sent for handle 12
IKE-TRANSPORT freed

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,119
CHILD_SA ('', '' ) removed from SADB
CHILD_SA ('', '' ) freed
IKE_SA ('FH', 'ISAKMP-PEER-FH' IPSEC_IKE SPIs 0x76DAC490CF919F41CFFBD06BB8A6D393) freed

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,119
FH: DISCONNECT-RESPONSE sent for handle 12

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,119
VPN: policy manager error indication: FH (192.168.178.79), cause: 8707

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,119
VPN: WAN state changed to WanCalled for FH (192.168.178.79 IKEv2)[BT] ffffffff82e753eb ffffffff82e84963 ffffffff82e9f379 ffffffff83cb21a9 ffffffff85f92456 ffffffff83cacdb9 ffffffff83cb5f30

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,120
VPN: Error: IKE-R-No-proposal-matched (0x2203) for FH (192.168.178.79 IKEv2)

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,121
VPN: FH (192.168.178.79)  disconnected

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,121
vpn-maps[12], remote: FH, idle, dns-name, static-name

[VPN-Debug] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,121 [Tunnel-Groups] Peer FH without group has disconnected, ignored

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,122
VPN: installing ruleset for FH (0.0.0.0 IKEv2)

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,122
VPN: WAN state changed to WanDisconnect for FH (0.0.0.0 IKEv2)[BT] ffffffff82e753eb ffffffff82e86971 ffffffff83cb21a9 ffffffff85f92456 ffffffff83cacdb9 ffffffff83cb5f30

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,122
Config parser: Start

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,123
Config parser: Finish
  Wall clock time: 0 ms
  CPU time: 0 ms

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,123
VPN: WAN state changed to WanIdle for FH (0.0.0.0 IKEv2)[BT] ffffffff82e753eb ffffffff82e84963 ffffffff8180418f ffffffff83cb21a9 ffffffff85f92456 ffffffff83cacdb9 ffffffff83cb5f30

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,123
vpn-maps[12], remote: FH, idle, dns-name, static-name

[VPN-Debug] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,123 [Tunnel-Groups] Peer FH without group has disconnected, ignored

[VPN-Status] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,124
FH (ikev2): Remote gateway has changed from 192.168.178.79 to 0.0.0.0 -> tearing down

[VPN-IKE] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,124
[<UNKNOWN>] Received packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:34357
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 76 DA C4 90 CF 91 9F 41
| Responder cookie  : CF FB D0 6B B8 A6 D3 93
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : INFORMATIONAL
| Flags             : 0x08   Initiator
| Msg-ID            : 2
| Length            : 80 Bytes
-No ENCR/INTEG algorithm(s) found in IKE_SA (No IKE_SA)
Rest                : 2A 00 00 34 72 0B A2 EC 81 BF 2E AE 18 51 2D D6
                      5D 5C 29 0E 91 48 F4 66 52 E4 B3 3E BE 44 27 17
                      BA 7A FA DA 61 BD 4E 1E 3A 3A D4 FD 63 70 C6 26
                      0A FC 8C DA

[VPN-IKE] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,124
[<UNKNOWN>] Sending packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:34357
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 76 DA C4 90 CF 91 9F 41
| Responder cookie  : CF FB D0 6B B8 A6 D3 93
| Next Payload      : NOTIFY
| Version           : 2.0
| Exchange type     : INFORMATIONAL
| Flags             : 0x20 Response  
| Msg-ID            : 2
| Length            : 36 Bytes
NOTIFY Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : INVALID_IKE_SPI

[VPN-Debug] 2025/05/24 23:01:31,260  Devicetime: 2025/05/24 23:01:31,125
Peer <UNKNOWN>: Received an INFORMATIONAL-REQUEST of 80 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:34357
SPIs: 0x76DAC490CF919F41CFFBD06BB8A6D393, Message-ID 2
Payloads: INVALID
QUB-DATA: 192.168.178.125:500<---192.168.178.79:34357 rtg_tag 0 physical-channel WAN(1)
transport: [id: 1571, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 34357

Peer <UNKNOWN>: Constructing an INFORMATIONAL-RESPONSE for send
Sending an INFORMATIONAL-RESPONSE of 36 bytes
Gateways: 192.168.178.125:500-->192.168.178.79:34357, tag 0 (UDP)
SPIs: 0x76DAC490CF919F41CFFBD06BB8A6D393, Message-ID 2
Payloads: NOTIFY(INVALID_IKE_SPI)

[VPN-Status] 2025/05/24 23:01:31,317  Devicetime: 2025/05/24 23:01:31,125
Peer <UNKNOWN>: Received an INFORMATIONAL-REQUEST of 80 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:34357
SPIs: 0x76DAC490CF919F41CFFBD06BB8A6D393, Message-ID 2
-Could not find an IKE_SA for SPIs 0x76DAC490CF919F41CFFBD06BB8A6D393
-NOTIFY(INVALID_IKE_SPI)
-Could not index message correctly. payload_num=46, error code=4
-No ENCR/INTEG algorithm(s) found in IKE_SA (No IKE_SA)

Peer <UNKNOWN>: Constructing an INFORMATIONAL-RESPONSE for send
Sending an INFORMATIONAL-RESPONSE of 36 bytes
Gateways: 192.168.178.125:500-->192.168.178.79:34357, tag 0 (UDP)
SPIs: 0x76DAC490CF919F41CFFBD06BB8A6D393, Message-ID 2

[VPN-Debug] 2025/05/24 23:01:31,317  Devicetime: 2025/05/24 23:01:31,125
IKE-TRANSPORT freed

[VPN-Status] 2025/05/24 23:01:31,317  Devicetime: 2025/05/24 23:01:31,125
VPN: rulesets installed


[TraceStopped] 2025/05/24 23:05:28,092

Dr.Einstein · Beitrag von **Dr.Einstein** » 24 Mai 2025, 23:27

Code: Alles auswählen

IDR Payload
| Next Payload      : AUTH
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 12 Bytes
| ID type           : IPV4_ADDR
| Reserved          : 0x000000
| ID                : 192.168.178.125

Hast du als Local ID Type
IPv4
und als Local ID
192.168.178.125

hinterlegt?

Code: Alles auswählen

  +Config   INTEG transform(s): 
  +Received INTEG transform(s): HMAC-SHA-256
  -No intersection
  
  +Config   ENCR  transform(s): AES-GCM-16-256
  +Received ENCR  transform(s): AES-CBC-256
  -No intersection

SHA-256 / AES-CBC-256 in Phase 2 fehlt. Wobei ich es komisch finde. Im ersten Vorschlag will das Android

Code: Alles auswählen

| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256

Muss aber dazu sagen, dass Lancom was VPN angeht sehr zickig ist. Du kannst PRF nicht von INTEG trennen, wenn PFS genutzt wird, darf es kein anderes Protokoll sein als in Phase 1, du kannst keine Proposal-Kombos zusammenstellen, sondern das Lancom bastelt sich aus den Häkchen Randommäßig (keine Doku dazu vorhanden...) etwas zusammen. Trotzdem habe ich bisher jede Hersteller Kombination auf IKEv2 Kombination zum Laufen bekommen, wenn auch nicht optimal.

eagle1900 · Beitrag von **eagle1900** » 25 Mai 2025, 11:56

Hallo Einstein,

Code: Alles auswählen

 
Hast du als Local ID Type
IPv4
und als Local ID
192.168.178.125

habe ich mal Testweise eingestellt, dann kommt folgendes Log

Code: Alles auswählen

 
 
[VPN-IKE] 2025/05/25 11:46:01,019  Devicetime: 2025/05/25 11:46:01,150
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:44973
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 65 6F 55 C8 E9 4D 93 04
| Responder cookie  : 00 00 00 00 00 00 00 00
| Next Payload      : SA
| Version           : 2.0
| Exchange type     : IKE_SA_INIT
| Flags             : 0x08   Initiator
| Msg-ID            : 0
| Length            : 940 Bytes
SA Payload
| Next Payload      : NONCE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 276 Bytes
| PROPOSAL Payload
| | Next Payload    : PROPOSAL
| | Reserved        : 0x00
| | Length          : 116 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 12
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-512 (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-384 (13)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-XCBC-96 (5)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 3072-BIT MODP (15)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 2048-BIT MODP (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-AES128-XCBC (4)
| | | Attributes    : NONE
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 156 Bytes
| | Proposal number : 2
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 14
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 3072-BIT MODP (15)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 2048-BIT MODP (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-AES128-XCBC (4)
| | | Attributes    : NONE
NONCE Payload
| Next Payload      : KE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 36 Bytes
| Nonce(256 bits)   : ED 92 D7 29 17 79 AC D9 18 C0 D5 E8 48 8A BF E6
|                     96 87 79 26 9A 08 1C 29 1C 8D E1 51 EC 1A 9C AB
KE Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 520 Bytes
| DH Group          : 16
| Reserved2         : 0x0000
| DH-Key(4096 bits) : 22 43 DE FE 20 5B 31 8B 3C F0 42 F9 C8 23 1B 0B
|                     B3 C9 81 81 8E 57 3D 68 40 E1 62 AE AC 48 E7 CB
|                     B9 02 1C 83 4E 92 B7 36 42 1B C4 34 1E 81 80 82
|                     5B 97 D7 11 92 C3 A9 84 CF 23 B6 92 A2 4D 8C 18
|                     BB 40 B8 B3 D3 2B 2E 87 1A C2 0C A8 FE 15 23 5A
|                     56 DF 1D 65 AD 78 8C 21 FA 33 02 44 98 78 6C DF
|                     48 06 0A CA 36 58 63 41 0F AF 70 2E E9 60 14 66
|                     79 1A 5C 14 A9 D6 60 92 F3 F7 EB F4 04 40 F7 ED
|                     9D F9 33 BE 67 D1 F8 F4 25 05 F3 A6 2C FE F3 F1
|                     2D 04 84 5E 6C 26 DC 77 08 BF 2C 68 F9 47 1E CD
|                     80 A7 4F 44 A2 12 C8 22 74 81 FB 13 E1 F1 F6 C7
|                     07 E6 36 03 21 A3 E5 2A 53 5E FF C5 85 A3 56 37
|                     81 12 4C B9 AD AB EB 50 EE 91 33 43 56 68 4B C3
|                     0C B7 EE 75 6E 7E 48 13 4B 56 F7 F1 E5 9C 7D CB
|                     F6 70 9D 0C 2E 44 3A 69 32 6E CC 13 35 7E 16 F8
|                     D2 14 5C F9 4E 0B DC CE 7E D8 D4 A9 ED 09 B1 DE
|                     01 32 28 1F DC D1 56 AB D0 92 3D 7B 5E F2 BF D3
|                     DA A7 90 F0 F6 C4 79 D1 60 A7 F7 1F C0 72 72 7E
|                     CC 9D BE 9A 95 FA BD 03 68 7F 97 5B 66 82 EC 77
|                     53 92 DB 46 C0 F1 BD E0 01 96 DE 87 3B D9 4F A4
|                     C9 11 69 29 7A 23 BA ED 14 F2 03 1D D5 38 BA 10
|                     13 B4 04 BF 75 19 A8 1B D3 C7 B8 8E CF 47 E1 01
|                     CA 43 3E 98 E6 5D 92 9B EA 0B E6 58 97 7F 55 1D
|                     9C DB D3 55 90 E0 EB 03 DC 8D 5E 70 C7 FB CC 92
|                     E5 9E 66 16 D4 71 BC 22 7F 4A 20 E2 45 4F 99 DD
|                     3E 07 57 C8 18 09 08 E1 7B 28 E5 AA 9D 2D 88 1A
|                     8D CE 2A 76 85 94 1D D0 06 D3 1C 31 7A C0 9A 9D
|                     C5 41 8C 13 31 C7 3E 57 E0 66 97 D3 AB 8F F6 37
|                     4C 21 D5 DC AE 70 AA AF 56 8E EA F8 B8 19 B0 57
|                     91 B5 6D 62 45 4D E6 DD DA 0E 69 E8 68 DF 91 75
|                     73 6B E0 2B EF 0C 2F FE B2 BF 1F 30 61 D1 2E 98
|                     43 B6 13 AB 9C 86 57 04 C0 CB F5 9C 24 AA F7 9F
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data       : 2F DF 01 D9 70 98 F6 78 66 74 06 FD F2 EB 9D EA
|                     A4 F3 29 37
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data       : A9 FD 8F 53 F7 20 C9 2F 48 B4 56 3D 79 32 8E BF
|                     FB 9D F2 14
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 16 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs.  : SHA1, SHA-256, SHA-384, SHA-512

[VPN-Debug] 2025/05/25 11:46:01,035  Devicetime: 2025/05/25 11:46:01,150
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 940 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:44973
SPIs: 0x656F55C8E94D93040000000000000000, Message-ID 0
Payloads: SA, NONCE, KE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
QUB-DATA: 192.168.178.125:500<---192.168.178.79:44973 rtg_tag 0 physical-channel WAN(1)
transport: [id: 312, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 44973
+No IKE_SA found
Counting consumed licenses by active channels...
  Consumed connected licenses   : 0
  Negotiating connections       : 0
  IKE negotiations              : 0
  MPPE connections              : 0
  LTA licenses                  : 0
  Licenses in use               : 0 < 25
  +Passive connection request accepted (17 micro seconds)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x656F55C8E94D93046D78BEFFA0D82A8D00000000, P1, RESPONDER): Setting Negotiation SA
  Referencing (IKE_SA, 0x656F55C8E94D93046D78BEFFA0D82A8D00000000, responder): use_count 3
Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
  +Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
  +Computing SHA1(0x656F55C8E94D93040000000000000000|192.168.178.79:44973)
  +Computing SHA1(0x656F55C8E94D93040000000000000000C0A8B24FAFAD)
  +Computed: 0x2FDF01D97098F678667406FDF2EB9DEAA4F32937
  +Received: 0x2FDF01D97098F678667406FDF2EB9DEAA4F32937
  +Equal => NAT-T is disabled
Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
  +Computing SHA1(0x656F55C8E94D93040000000000000000|192.168.178.125:500)
  +Computing SHA1(0x656F55C8E94D93040000000000000000C0A8B27D01F4)
  +Computed: 0xA9FD8F53F720C92F48B4563D79328EBFFB9DF214
  +Received: 0xA9FD8F53F720C92F48B4563D79328EBFFB9DF214
  +Equal => NAT-T is disabled
Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
Looking for payload IKE_SA (33)...Found 1 payload.
  +Config   ENCR  transform(s): AES-GCM-16-256 AES-CBC-256
  +Received ENCR  transform(s): AES-CBC-256 AES-CBC-192 AES-CBC-128
  +Best intersection: AES-CBC-256
  +Config   PRF   transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
  +Received PRF   transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC
  +Best intersection: PRF-HMAC-SHA1
  +Config   INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
  +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96
  +Best intersection: HMAC-SHA-256
  +Config   DH    transform(s): 30 29 28 21 20 16 19 15 14 2
  +Received DH    transform(s): 16 15 14
  +Best intersection: 16
Looking for payload NONCE (40)...Found 1 payload.
  +Nonce length=32 bytes
  +Nonce=0xED92D7291779ACD918C0D5E8488ABFE6968779269A081C291C8DE151EC1A9CAB
  +SA-DATA-Ni=0xED92D7291779ACD918C0D5E8488ABFE6968779269A081C291C8DE151EC1A9CAB

[VPN-Status] 2025/05/25 11:46:01,050  Devicetime: 2025/05/25 11:46:01,150
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 940 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:44973
SPIs: 0x656F55C8E94D93040000000000000000, Message-ID 0
Peer identified: DEFAULT
IKE_SA ('', '' IPSEC_IKE SPIs 0x656F55C8E94D93046D78BEFFA0D82A8D) entered to SADB
Received 4 notifications: 
  +NAT_DETECTION_SOURCE_IP(0x2FDF01D97098F678667406FDF2EB9DEAA4F32937) (STATUS)
  +NAT_DETECTION_DESTINATION_IP(0xA9FD8F53F720C92F48B4563D79328EBFFB9DF214) (STATUS)
  +IKEV2_FRAGMENTATION_SUPPORTED (STATUS)
  +SIGNATURE_HASH_ALGORITHMS(0x0001000200030004) (STATUS)
Peer (initiator) is not behind a NAT. NAT-T is disabled
We (responder) are not behind a NAT. NAT-T is disabled
+IKE-SA:
  IKE-Proposal-1  (12 transforms)
    ENCR : AES-CBC-256 AES-CBC-192 AES-CBC-128
    PRF  : PRF-HMAC-SHA1 PRF-AES128-XCBC
    INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96
    DH   : 16 15 14
  IKE-Proposal-2  (14 transforms)
    ENCR : AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
    PRF  : PRF-HMAC-SHA1 PRF-AES128-XCBC
    DH   : 16 15 14
+Received KE-DH-Group 16 (4096 bits)

[VPN-IKE] 2025/05/25 11:46:01,050  Devicetime: 2025/05/25 11:46:01,151
[DEFAULT] Sending packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:44973
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 65 6F 55 C8 E9 4D 93 04
| Responder cookie  : 6D 78 BE FF A0 D8 2A 8D
| Next Payload      : SA
| Version           : 2.0
| Exchange type     : IKE_SA_INIT
| Flags             : 0x20 Response  
| Msg-ID            : 0
| Length            : 761 Bytes
SA Payload
| Next Payload      : KE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 48 Bytes
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 44 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 4
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
KE Payload
| Next Payload      : NONCE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 520 Bytes
| DH Group          : 16
| Reserved2         : 0x0000
| DH-Key(4096 bits) : D6 97 78 5B 7B E0 7B 87 45 6E 2B 16 5D 98 4D C0
|                     A8 24 F5 3D 46 77 91 9C 4F F1 96 31 D0 3F D3 25
|                     27 15 37 A8 4E BF A5 D8 47 34 37 B7 70 44 11 7F
|                     85 31 14 D0 DA AC ED 22 9F 87 7A 55 BF B4 B6 31
|                     F1 F8 7E 2D E9 96 F0 7D BA 02 C3 D5 95 76 2F 83
|                     3A 06 D9 49 BD 98 27 A1 3A 6D EC FB 82 10 18 83
|                     D0 30 95 2F 53 23 EE 8D 7D 1C 9D 4F 64 91 42 25
|                     55 71 35 43 FF 63 2F 3F 07 49 1F C2 AF AD 21 AF
|                     E0 6B 66 87 91 7B 6E F6 C9 80 F3 35 B3 6B 82 B6
|                     EB 91 3D 39 4E 79 4C AB 07 0F B0 08 B4 DD 79 A2
|                     00 33 8B 6D 6F EA C1 E1 33 40 2A 2F A1 58 94 3E
|                     16 B9 B0 6B 53 0B 5C BD 5C 3A 1A 7B 54 FC 4F 1F
|                     9D A9 94 E4 C1 C1 8D 46 6C 83 D6 90 B2 3E 7C 53
|                     16 CA 51 07 23 CF 81 55 43 E5 64 A0 85 56 53 F9
|                     43 AB 32 E7 49 67 5D 84 4F 4B E4 2A E9 7B 04 1C
|                     62 1B AA 64 C6 78 B8 8A 03 2F D8 52 03 FC DC C9
|                     A4 91 CE 01 B2 C1 16 C3 4C 9B 9D CE AA 58 69 26
|                     D6 F2 91 10 A3 1B 0E 9D 3B A5 50 12 D2 14 27 E7
|                     A5 9B AD A3 A8 94 AA 46 A0 BF 2C 3C 6C 15 9E B3
|                     D4 C9 82 3A F8 47 9C F5 D7 88 B8 CF 02 CE 97 F2
|                     0B AC B3 AE 33 71 DE 57 DF A8 21 B1 D5 33 35 B2
|                     00 E4 55 A8 BB 2A B7 74 3B F4 6C E6 38 45 CB FB
|                     F5 83 71 BE E4 3A 90 77 48 13 6E 48 07 73 E3 F0
|                     88 C3 CC CD ED 79 71 A8 85 A5 79 00 8B 91 42 08
|                     D4 B5 36 BD 2D 41 E0 DB FE 40 CB 2B 3F 67 FD D6
|                     B4 98 27 F5 F7 92 BA 94 05 A0 C3 FA 89 27 D8 BC
|                     8D BB 8D 2D F2 B5 DE 72 25 1E 00 1C BD D3 5E 26
|                     38 C4 8B 30 38 C7 68 8D 12 9C B3 8D C3 9D 31 26
|                     73 36 93 C4 D7 03 16 F6 51 91 90 55 C3 5A 35 EF
|                     04 10 F3 AB 6D D2 F4 9C E7 B9 64 A6 CD 33 5F E9
|                     44 BA E9 5C 29 5F FC 02 F3 95 1C 5A 7A B1 4B 33
|                     7B 74 6B 3B A4 79 E2 F1 AE F3 AA E0 17 AA E2 26
NONCE Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 36 Bytes
| Nonce(256 bits)   : 56 9E FB 14 CC F7 15 11 70 28 A9 34 6A 08 09 26
|                     5B 39 9E A2 8C FE 87 25 11 62 71 EA BD 4B 06 20
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data       : 09 41 20 AA 4F A0 B2 EC 9A 6F 34 43 64 95 CC DA
|                     83 8B 45 96
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data       : 5F 2F 7F 85 6D 06 19 4F CB 73 3A 2E 2C 6C 32 36
|                     02 E9 15 B5
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 16 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs.  : SHA-256, SHA-384, SHA-512, IDENTITY
NOTIFY Payload
| Next Payload      : CERTREQ
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : IKEV2_FRAGMENTATION_SUPPORTED
CERTREQ Payload
| Next Payload      : VENDOR
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 25 Bytes
| Cert. Type        : X509_SIG
| Cert. Authority   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|                     00 00 00 00
VENDOR Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 24 Bytes
| Vendor ID         : 81 75 2E B5 91 4D 73 5C DF CD C8 58 C3 A8 ED 7C
|                     1C 66 D1 42

[VPN-Debug] 2025/05/25 11:46:01,143  Devicetime: 2025/05/25 11:46:01,283
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
Constructing payload NONCE (40):
  +Nonce length=32 bytes
  +Nonce=0x569EFB14CCF715117028A9346A0809265B399EA28CFE8725116271EABD4B0620
  +SA-DATA-Nr=0x569EFB14CCF715117028A9346A0809265B399EA28CFE8725116271EABD4B0620
Constructing payload NOTIFY(DETECTION_SOURCE_IP) (41):
  +Computing SHA1(0x656F55C8E94D93046D78BEFFA0D82A8D|192.168.178.125:500)
  +Computing SHA1(0x656F55C8E94D93046D78BEFFA0D82A8DC0A8B27D01F4)
  +0x094120AA4FA0B2EC9A6F34436495CCDA838B4596
Constructing payload NOTIFY(DETECTION_DESTINATION_IP) (41):
  +Computing SHA1(0x656F55C8E94D93046D78BEFFA0D82A8D|192.168.178.79:44973)
  +Computing SHA1(0x656F55C8E94D93046D78BEFFA0D82A8DC0A8B24FAFAD)
  +0x5F2F7F856D06194FCB733A2E2C6C323602E915B5
Constructing payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41):
  +Signature hash algorithms: SHA-256,SHA-384,SHA-512,Identity
Constructing payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41):
Constructing payload NOTIFY(USE_PPK) (41):
  +Initiator does not support PPK
Constructing payload CERTREQ (38):
  +0x0000000000000000000000000000000000000000
Constructing payload VENDOR(FRAGMENTATION) (43):
Constructing payload VENDOR(FRAGMENTATION(C0000000)) (43):
Constructing payload VENDOR(ikev2 config payload: Do not narrow my traffic selector) (43):
Constructing payload VENDOR(activate lancom-systems notification private range) (43):
Constructing payload NOTIFY(DEVICE-ID) (41):
  +Peer does not support private notifications -> ignore
+Shared secret derived in 66204 micro seconds
IKE_SA(0x656F55C8E94D93046D78BEFFA0D82A8D).EXPECTED-MSG-ID raised to 1
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x656F55C8E94D93046D78BEFFA0D82A8D00000000, P1, RESPONDER): Resetting Negotiation SA
  (IKE_SA, 'DEFAULT', 'ISAKMP-PEER-DEFAULT', 0x656F55C8E94D93046D78BEFFA0D82A8D00000000, responder): use_count --5
+(request, response) pair inserted into retransmission map
Sending an IKE_SA_INIT-RESPONSE of 761 bytes (responder)
Gateways: 192.168.178.125:500-->192.168.178.79:44973, tag 0 (UDP)
SPIs: 0x656F55C8E94D93046D78BEFFA0D82A8D, Message-ID 0
Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(SIGNATURE_HASH_ALGORITHMS), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), CERTREQ, VENDOR(activate lancom-systems notification private range)

[VPN-Status] 2025/05/25 11:46:01,143  Devicetime: 2025/05/25 11:46:01,283
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
+IKE-SA:
  IKE-Proposal-1  (4 transforms)
    ENCR : AES-CBC-256
    PRF  : PRF-HMAC-SHA1
    INTEG: HMAC-SHA-256
    DH   : 16
+KE-DH-Group 16 (4096 bits)
IKE_SA_INIT [responder] for peer DEFAULT initiator id <no ipsec id>, responder id <no ipsec id>
initiator cookie: 0x656F55C8E94D9304, responder cookie: 0x6D78BEFFA0D82A8D
SA ISAKMP for peer DEFAULT
 Encryption                    : AES-CBC-256
 Integrity                     : AUTH-HMAC-SHA-256
 IKE-DH-Group                  : 16
 PRF                           : PRF-HMAC-SHA1
life time soft 05/26/2025 09:22:01 (in 77760 sec) / 0 kb
life time hard 05/26/2025 11:46:01 (in 86400 sec) / 0 kb
DPD: NONE
Negotiated: IKEV2_FRAGMENTATION

Sending an IKE_SA_INIT-RESPONSE of 761 bytes (responder)
Gateways: 192.168.178.125:500-->192.168.178.79:44973, tag 0 (UDP)
SPIs: 0x656F55C8E94D93046D78BEFFA0D82A8D, Message-ID 0

[VPN-IKE] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,283
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:44973
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 65 6F 55 C8 E9 4D 93 04
| Responder cookie  : 6D 78 BE FF A0 D8 2A 8D
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x08   Initiator
| Msg-ID            : 1
| Length            : 496 Bytes
ENCR Payload
| Next Payload      : IDI
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 468 Bytes
| IV                : 49 66 21 9A 3D A2 5A 5F D6 A3 28 5E B3 13 6A BE
| Encrypted Data    : E2 48 92 AB E3 9D B9 0A 30 05 A1 A3 A3 A8 07 6B
|                     B8 32 D5 FA C4 0E D6 3D B9 89 3A 1F 22 E0 0C F5
|                     9C 8D E6 89 70 2F C2 A1 6B 50 DD 2C 1F 6B 8D 9C
|                     7C EF 78 68 A3 53 9E C0 5B D2 75 CC B2 A7 87 AD
|                     E5 16 47 DF 54 09 02 D2 10 EA 4D 93 FA A4 5A E8
|                     68 D5 40 7E F8 EF 75 7C 9E 28 26 3A 49 49 50 F8
|                     68 B4 14 BC 40 AA BB 33 55 57 D8 4B 87 2E DA AD
|                     DB 80 78 9A 43 4D EA AE 99 85 62 3D 7F 54 E7 7D
|                     2E 3D 2D F0 15 95 73 0C 1A 6F 14 9B 8D 0D 01 A9
|                     09 9C 11 67 1A 49 FA F6 E5 25 FA 36 89 D0 63 82
|                     52 C0 E9 68 FD 0D B5 FB BA 8C 3F 17 B8 D3 AD 1F
|                     E4 C1 5A 5A 55 4C D7 79 EC 91 0A AF 2B CC 72 6B
|                     1E 5E E3 D6 4A D7 6E 6F 59 A0 5A ED 1C 6A D8 68
|                     FB 59 EA B2 12 B8 B2 F6 91 38 71 9A 6B 5E 52 05
|                     77 B9 21 01 81 05 8A B6 6E 69 21 49 D1 1C 36 66
|                     F4 FE D6 9B 13 67 1C 8B AE 1B E7 64 ED B0 B7 50
|                     50 13 EB 03 1C 9F AA E7 CC 75 D2 CB 81 E8 ED 68
|                     EB D4 B8 23 00 26 BB 93 C8 08 71 BF 40 6C 02 0C
|                     1E 40 15 48 63 2C 41 D3 F3 FD 60 64 FC 4D 14 4C
|                     22 D9 F2 E3 77 3C 0C 9C 17 DE AA C2 16 78 3B FB
|                     68 EB 01 C3 A1 64 B7 80 84 5C 0E 1D B8 C3 61 06
|                     70 F7 B3 06 BC DD 8F 60 AC CA F7 6B 2E 3B 87 9A
|                     AE B9 52 6F 77 8E 35 CB 9A A5 4A 9C 58 EC 08 6B
|                     31 56 BF BB 61 14 67 07 3C C5 99 A9 95 B9 71 F5
|                     69 0F A0 A8 35 B0 11 DB 9E B1 01 80 57 28 3D B2
|                     8C C5 CF CF 64 FE A1 92 EC E4 8C CB C7 56 87 B2
|                     65 30 8D A1 0A 83 EC B0 C2 CC 3D AD 40 1C 47 2F
| ICV               : 56 D8 1A 71 A7 83 A3 D9 6C 87 68 40 5F 67 D7 35

[VPN-IKE] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,283
[DEFAULT] Received packet after decryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:44973
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 65 6F 55 C8 E9 4D 93 04
| Responder cookie  : 6D 78 BE FF A0 D8 2A 8D
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x08   Initiator
| Msg-ID            : 1
| Length            : 496 Bytes
ENCR Payload
| Next Payload      : IDI
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 468 Bytes
| IV                : 49 66 21 9A 3D A2 5A 5F D6 A3 28 5E B3 13 6A BE
| ICV               : 56 D8 1A 71 A7 83 A3 D9 6C 87 68 40 5F 67 D7 35
IDI Payload
| Next Payload      : IDR
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 10 Bytes
| ID type           : FQDN
| Reserved          : 0x000000
| ID                : FH
IDR Payload
| Next Payload      : AUTH
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 12 Bytes
| ID type           : IPV4_ADDR
| Reserved          : 0x000000
| ID                : 192.168.178.125
AUTH Payload
| Next Payload      : SA
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Auth. Method      : PRESHARED_KEY
| Reserved          : 0x000000
| Auth. Data        : B4 3A 49 5D 40 9C 40 FA 76 4C F3 55 A9 98 10 A0
|                     F1 00 5D E8
SA Payload
| Next Payload      : TSi
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 212 Bytes
| PROPOSAL Payload
| | Next Payload    : PROPOSAL
| | Reserved        : 0x00
| | Length          : 80 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_ESP
| | SPI size        : 4
| | #Transforms     : 7
| | SPI             : 57 65 AD B0
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-512 (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-384 (13)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2     : 0x00
| | | Transform ID  : NONE (0)
| | | Attributes    : NONE
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 128 Bytes
| | Proposal number : 2
| | Protocol ID     : IPSEC_ESP
| | SPI size        : 4
| | #Transforms     : 10
| | SPI             : 7A 26 5F C8
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2     : 0x00
| | | Transform ID  : NONE (0)
| | | Attributes    : NONE
TSi Payload
| Next Payload      : TSr
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 64 Bytes
| Number of TSs     : 2
| Reserved          : 0x000000
| Traffic Selector 0
| | Type            : TS_IPV4_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 16
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : 0.0.0.0 - 255.255.255.255
| Traffic Selector 1
| | Type            : TS_IPV6_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 40
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
TSr Payload
| Next Payload      : CP
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 64 Bytes
| Number of TSs     : 2
| Reserved          : 0x000000
| Traffic Selector 0
| | Type            : TS_IPV4_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 16
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : 0.0.0.0 - 255.255.255.255
| Traffic Selector 1
| | Type            : TS_IPV6_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 40
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
CP Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 32 Bytes
| Type              : REQUEST
| Reserved2         : 0x000000
| Attribute 0
| | Type            : Variable, INTERNAL_IP4_ADDRESS
| | Length          : 0
| | Value           : 
| Attribute 1
| | Type            : Variable, INTERNAL_IP6_ADDRESS
| | Length          : 0
| | Value           : 
| Attribute 2
| | Type            : Variable, INTERNAL_IP4_DNS
| | Length          : 0
| | Value           : 
| Attribute 3
| | Type            : Variable, INTERNAL_IP6_DNS
| | Length          : 0
| | Value           : 
| Attribute 4
| | Type            : Variable, INTERNAL_IP4_NETMASK
| | Length          : 0
| | Value           : 
| Attribute 5
| | Type            : Variable, APPLICATION_VERSION
| | Length          : 0
| | Value           : 
Rest                : A1 C1 D6 C7 67 9D F1 07 23 09

[VPN-Debug] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
Config parser update peer's FH remote gateway to 192.168.178.79 (old 0.0.0.0)

[VPN-Debug] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 496 bytes (encrypted)
Gateways: 192.168.178.125:500<--192.168.178.79:44973
SPIs: 0x656F55C8E94D93046D78BEFFA0D82A8D, Message-ID 1
Payloads: ENCR
QUB-DATA: 192.168.178.125:500<---192.168.178.79:44973 rtg_tag 0 physical-channel WAN(1)
transport: [id: 312, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 44973
+IKE_SA found and assigned
+Exchange created (flags: 0x00000000)
Message verified successfully
Message decrypted successfully
Payloads: ENCR, IDI, IDR, AUTH(PSK), SA, TSI, TSR, CP(REQUEST)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x656F55C8E94D93046D78BEFFA0D82A8D00000001, P2, RESPONDER): Setting Negotiation SA
  Referencing (CHILD_SA, 0x656F55C8E94D93046D78BEFFA0D82A8D0000000100, responder): use_count 3
Looking for payload IDI (35)...Found 1 payload.
  +Received-ID FH:FQDN matches the Expected-ID FH:FQDN
  +Config   ENCR  transform(s): AES-GCM-16-256
  +Received ENCR  transform(s): AES-CBC-256
  -No intersection
  +Config   PRF   transform(s): PRF-HMAC-SHA1
  +Received PRF   transform(s): PRF-HMAC-SHA1
  +Best intersection: PRF-HMAC-SHA1
  +Config   INTEG transform(s): 
  +Received INTEG transform(s): HMAC-SHA-256
  -No intersection
  +Config   DH    transform(s): 16 2
  +Received DH    transform(s): 16
  +Best intersection: 16

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 496 bytes (encrypted)
Gateways: 192.168.178.125:500<--192.168.178.79:44973
SPIs: 0x656F55C8E94D93046D78BEFFA0D82A8D, Message-ID 1
CHILD_SA ('', '' ) entered to SADB
+Received-ID FH:FQDN matches the Expected-ID FH:FQDN
-Proposal in IKE_SA_INIT exchange (peer DEFAULT) is not supported by peer FH (after identification)

[VPN-IKE] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
[FH] Sending packet before encryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:44973
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 65 6F 55 C8 E9 4D 93 04
| Responder cookie  : 6D 78 BE FF A0 D8 2A 8D
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x20 Response  
| Msg-ID            : 1
| Length            : 80 Bytes
ENCR Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 52 Bytes
| IV                : 82 ED 3F 8E 44 D5 8F B0 05 3A BB BB 1C F7 2D 5A
| ICV               : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
NOTIFY Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : NO_PROPOSAL_CHOSEN
Rest                : 00 00 00 00 00 00 00 07

[VPN-IKE] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
[FH] Sending packet after encryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:44973
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 65 6F 55 C8 E9 4D 93 04
| Responder cookie  : 6D 78 BE FF A0 D8 2A 8D
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x20 Response  
| Msg-ID            : 1
| Length            : 80 Bytes
ENCR Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 52 Bytes
| IV                : 82 ED 3F 8E 44 D5 8F B0 05 3A BB BB 1C F7 2D 5A
| Encrypted Data    : 72 CF 57 D8 8C D6 DC 06 A7 0C 73 67 5C 34 83 89
| ICV               : FE 51 A4 D1 23 03 8F 8F 9D 2C 8A A2 30 CE 3A A9

[VPN-Debug] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
Peer FH: Constructing an IKE_AUTH-RESPONSE for send
Message encrypted successfully
Message authenticated successfully
SA-FREE: No active SA found (not replaced, not finalized) (SA_FLAG_DONT_FREE_EXCHANGES)
+(request, response) pair inserted into retransmission map
Sending an IKE_AUTH-RESPONSE of 80 bytes (responder encrypted)
Gateways: 192.168.178.125:500-->192.168.178.79:44973, tag 0 (UDP)
SPIs: 0x656F55C8E94D93046D78BEFFA0D82A8D, Message-ID 1
Payloads: ENCR

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
Peer FH: Constructing an IKE_AUTH-RESPONSE for send
NOTIFY(NO_PROPOSAL_CHOSEN)
IKE_SA ('FH', 'ISAKMP-PEER-FH' IPSEC_IKE SPIs 0x656F55C8E94D93046D78BEFFA0D82A8D) removed from SADB
Sending an IKE_AUTH-RESPONSE of 80 bytes (responder encrypted)
Gateways: 192.168.178.125:500-->192.168.178.79:44973, tag 0 (UDP)
SPIs: 0x656F55C8E94D93046D78BEFFA0D82A8D, Message-ID 1

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
IKE log: 114601.284771 Default IKE-DISCONNECT-RESPONSE: comchannel 12 set for peer FH on message free

[VPN-Debug] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
LCVPEI: IKE-R-No-proposal-matched
DISCONNECT-RESPONSE sent for handle 12
IKE-TRANSPORT freed

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
CHILD_SA ('', '' ) removed from SADB
CHILD_SA ('', '' ) freed
IKE_SA ('FH', 'ISAKMP-PEER-FH' IPSEC_IKE SPIs 0x656F55C8E94D93046D78BEFFA0D82A8D) freed

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
FH: DISCONNECT-RESPONSE sent for handle 12

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
VPN: policy manager error indication: FH (192.168.178.79), cause: 8707

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
VPN: WAN state changed to WanCalled for FH (192.168.178.79 IKEv2)[BT] ffffffff82e753eb ffffffff82e84963 ffffffff82e9f379 ffffffff83cb21a9 ffffffff85f92456 ffffffff83cacdb9 ffffffff83cb5f30

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,284
VPN: Error: IKE-R-No-proposal-matched (0x2203) for FH (192.168.178.79 IKEv2)

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,285
VPN: FH (192.168.178.79)  disconnected

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,285
vpn-maps[12], remote: FH, idle, dns-name, static-name

[VPN-Debug] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,285 [Tunnel-Groups] Peer FH without group has disconnected, ignored

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,285
VPN: installing ruleset for FH (0.0.0.0 IKEv2)

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,285
VPN: WAN state changed to WanDisconnect for FH (0.0.0.0 IKEv2)[BT] ffffffff82e753eb ffffffff82e86971 ffffffff83cb21a9 ffffffff85f92456 ffffffff83cacdb9 ffffffff83cb5f30

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,285
Config parser: Start

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,285
Config parser: Finish
  Wall clock time: 0 ms
  CPU time: 0 ms

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,285
VPN: WAN state changed to WanIdle for FH (0.0.0.0 IKEv2)[BT] ffffffff82e753eb ffffffff82e84963 ffffffff8180418f ffffffff83cb21a9 ffffffff85f92456 ffffffff83cacdb9 ffffffff83cb5f30

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,286
vpn-maps[12], remote: FH, idle, dns-name, static-name

[VPN-Debug] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,286 [Tunnel-Groups] Peer FH without group has disconnected, ignored

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,287
FH (ikev2): Remote gateway has changed from 192.168.178.79 to 0.0.0.0 -> tearing down

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,287
VPN: rulesets installed

[VPN-IKE] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,298
[<UNKNOWN>] Received packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:44973
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 65 6F 55 C8 E9 4D 93 04
| Responder cookie  : 6D 78 BE FF A0 D8 2A 8D
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : INFORMATIONAL
| Flags             : 0x08   Initiator
| Msg-ID            : 2
| Length            : 80 Bytes
-No ENCR/INTEG algorithm(s) found in IKE_SA (No IKE_SA)
Rest                : 2A 00 00 34 C6 95 45 73 9F AE D7 F0 0A 96 DF 23
                      BD 73 D3 47 46 B3 E7 4E EF 6D 71 50 55 DE D1 7F
                      F2 93 C8 B5 D2 CA 06 24 7E F8 F5 B7 2C 4C 6E 1C
                      73 D2 38 9A

[VPN-IKE] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,298
[<UNKNOWN>] Sending packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:44973
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 65 6F 55 C8 E9 4D 93 04
| Responder cookie  : 6D 78 BE FF A0 D8 2A 8D
| Next Payload      : NOTIFY
| Version           : 2.0
| Exchange type     : INFORMATIONAL
| Flags             : 0x20 Response  
| Msg-ID            : 2
| Length            : 36 Bytes
NOTIFY Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : INVALID_IKE_SPI

[VPN-Debug] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,298
Peer <UNKNOWN>: Received an INFORMATIONAL-REQUEST of 80 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:44973
SPIs: 0x656F55C8E94D93046D78BEFFA0D82A8D, Message-ID 2
Payloads: INVALID
QUB-DATA: 192.168.178.125:500<---192.168.178.79:44973 rtg_tag 0 physical-channel WAN(1)
transport: [id: 313, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 44973

Peer <UNKNOWN>: Constructing an INFORMATIONAL-RESPONSE for send
Sending an INFORMATIONAL-RESPONSE of 36 bytes
Gateways: 192.168.178.125:500-->192.168.178.79:44973, tag 0 (UDP)
SPIs: 0x656F55C8E94D93046D78BEFFA0D82A8D, Message-ID 2
Payloads: NOTIFY(INVALID_IKE_SPI)

[VPN-Status] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,298
Peer <UNKNOWN>: Received an INFORMATIONAL-REQUEST of 80 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:44973
SPIs: 0x656F55C8E94D93046D78BEFFA0D82A8D, Message-ID 2
-Could not find an IKE_SA for SPIs 0x656F55C8E94D93046D78BEFFA0D82A8D
-NOTIFY(INVALID_IKE_SPI)
-Could not index message correctly. payload_num=46, error code=4
-No ENCR/INTEG algorithm(s) found in IKE_SA (No IKE_SA)

Peer <UNKNOWN>: Constructing an INFORMATIONAL-RESPONSE for send
Sending an INFORMATIONAL-RESPONSE of 36 bytes
Gateways: 192.168.178.125:500-->192.168.178.79:44973, tag 0 (UDP)
SPIs: 0x656F55C8E94D93046D78BEFFA0D82A8D, Message-ID 2

[VPN-Debug] 2025/05/25 11:46:01,144  Devicetime: 2025/05/25 11:46:01,298
IKE-TRANSPORT freed


[TraceStopped] 2025/05/25 11:47:18,316

Code: Alles auswählen

SHA-256 / AES-CBC-256 in Phase 2 fehlt. Wobei ich es komisch finde. Im ersten Vorschlag will das Android

Das ist das, was ich auch nicht verstehe, ich habe manchmal das Gefühl da wird gewürfelt was jetzt geht und was nicht. Ich habe das bei einem anderen Test auch gehabt - scheint mir alles leider ein wenig Glückssache zu sein, die richtigen Einstellungen zu finden. Ich bin kurz davor in die Tischplatte zu beißen

Danke für deine Mühe

Gräße

Dr.Einstein · Beitrag von **Dr.Einstein** » 26 Mai 2025, 09:17

Verschlüsselungen hast du aber wie von mir beschrieben ergänzt in der Häkchenliste (Default + Peer spezifische Verschlüsselung). Bist kurz vorm Ziel, noch nicht aufgeben.

eagle1900 · Beitrag von **eagle1900** » 26 Mai 2025, 23:05

Hallo,

schön das dich noch nicht der Mut verlassen hat

Ich sehe das Ziel noch nicht, nur den Wald davor. Ja habe ich, siehe Bilder,

Grüße

Dr.Einstein · Beitrag von **Dr.Einstein** » 27 Mai 2025, 09:02

Bei FH fehlen die Häkchen bei SHA-256 P1 + P2. Klappt das nicht, testweise die Häkchen bei allen AES-GCM Verfahren wegnehmen. Des Weiteren solltest du deine Tests über das WAN machen, nicht über das LAN/WLAN. Kommt nicht so gut, wenn man als Quell IP eine LAN IP hat, und via IKEv2 Configmode eine IP aus dem gleichen Netzwerk zugewiesen bekommen soll.

eagle1900 · Beitrag von **eagle1900** » 29 Mai 2025, 22:37

Hallo,

Haken bei SHA-256 drin, AES-GCM bei Default und FH rausgenommen. Ich mache das ganze über WAN - wobei mein WAN internes Netz ist, Aufbau sieht wie folgt aus

1936VAG-5G spielt den Router und spannt das 192.168.178.0/24 er Netz auf, da ist das Tablet per WLAN drin und der WAN-Anschluss vom 2100EF, das interne Netz vom 2100EF ist 192.168.99.0/24. Also von daher das sollte eigentlich kein Problem darstellen.

Ergebnis der Änderung sieht dann so aus

Code: Alles auswählen


[VPN-IKE] 2025/05/29 22:30:40,388  Devicetime: 2025/05/29 22:30:39,254
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:55605
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 13 73 E7 69 90 BC 9B B2
| Responder cookie  : 00 00 00 00 00 00 00 00
| Next Payload      : SA
| Version           : 2.0
| Exchange type     : IKE_SA_INIT
| Flags             : 0x08   Initiator
| Msg-ID            : 0
| Length            : 940 Bytes
SA Payload
| Next Payload      : NONCE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 276 Bytes
| PROPOSAL Payload
| | Next Payload    : PROPOSAL
| | Reserved        : 0x00
| | Length          : 116 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 12
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-512 (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-384 (13)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-XCBC-96 (5)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 3072-BIT MODP (15)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 2048-BIT MODP (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-AES128-XCBC (4)
| | | Attributes    : NONE
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 156 Bytes
| | Proposal number : 2
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 14
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 3072-BIT MODP (15)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 2048-BIT MODP (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-AES128-XCBC (4)
| | | Attributes    : NONE
NONCE Payload
| Next Payload      : KE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 36 Bytes
| Nonce(256 bits)   : 00 33 D7 54 EE 5F F4 9B 13 14 09 4C 20 8C FC F5
|                     56 7A 54 5D C2 1B 86 DB 51 B2 AE 20 CE FE 39 65
KE Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 520 Bytes
| DH Group          : 16
| Reserved2         : 0x0000
| DH-Key(4096 bits) : 85 2C 05 2E 6F E9 71 A7 4F D1 F3 39 5D 5E A2 F1
|                     AF 7A 53 54 E4 F9 4F D0 E6 64 DE 3E 58 42 BC 3C
|                     17 1F D3 71 9C CA 6F 96 8F 36 46 31 02 C5 B2 71
|                     A0 72 5B 5C 63 C4 92 52 F9 A1 9F 61 88 22 79 DE
|                     BD 7B A5 ED D3 F8 02 ED 6F 7D 17 52 0D 5A 15 06
|                     B3 95 B3 64 A8 6A C1 0A 6B 3B B7 F6 95 FE 54 A0
|                     C0 D4 E0 10 66 B6 4A 65 D1 4D 0C B4 DC 86 A7 C6
|                     47 D5 75 94 43 25 14 1B B1 73 B0 AA 1D 0D 0E 30
|                     8F 63 52 BC AA 76 8C 2C 88 8D 6D 41 71 6D 83 6F
|                     14 10 B9 F2 6C 0A EB 5F 29 69 0D 15 A0 8E F6 38
|                     2C CA 52 EF 9C E4 92 B1 35 29 CB C4 F1 2C 27 00
|                     14 B4 57 ED 35 97 34 9F F5 93 CE 77 0A C3 9F EC
|                     EF 0B 45 51 71 F6 29 C6 79 F2 D8 C0 90 17 02 C5
|                     09 6E 9D 55 89 7A 38 45 3C 4B AC E6 06 C3 24 8E
|                     2C 5C D5 BE DD FE 01 B3 68 EF 48 8C 1C 9F 8F B9
|                     22 6F D9 65 24 CD 70 72 92 68 BB 91 03 9F A7 4E
|                     C8 0D E6 BB EB 28 91 8E 14 15 90 2D B7 AE 27 6A
|                     1D 54 31 53 CA 4E 5E 41 3E 20 06 FD 7A 73 8B 04
|                     13 3F 76 13 91 B8 23 DA 15 10 67 02 FF 0F 4E EA
|                     34 2F 62 7C D1 BE 2A F9 D8 55 5D 4D AA 8C 66 51
|                     CB 24 8B 4F 12 6F 8F 75 5D 1B E7 80 F5 E4 58 37
|                     5B F7 E0 BF 75 5E BA 8F 32 53 44 00 92 DC 84 8A
|                     12 42 51 99 9F 86 5F AE 55 8E 73 8A D9 88 9E 36
|                     3D F9 31 59 35 A6 3C 71 5A 8D DA 07 78 3D 52 0F
|                     F7 FD 3C 9B D3 FA 00 42 D1 6E 34 D7 FE 88 9C 04
|                     A5 FC D9 A9 8B 45 B8 DA 47 DD 94 EE 42 2B 1C 8F
|                     46 8B 33 25 2D 78 6D BC 1C 5C DA CA 5A B8 34 1D
|                     B3 07 AA DD CC FD 16 93 80 91 EC 8D FB 26 BD CF
|                     AC 72 32 F3 BD 55 DE 79 D7 4F 6F 0E 25 B0 4B 88
|                     DF 9A 6F 08 C2 67 C0 D6 91 3B 49 57 27 D1 FF C8
|                     AE D5 3E 6F 95 5B A7 84 D1 18 12 41 9A D4 28 BC
|                     22 FF F5 C5 8F CF 7A E0 D6 9B 03 BB ED 3C FD 1A
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data       : 8F DA CE 46 53 AD 9D 58 A6 63 6E 2D D6 DA 6C 1D
|                     7A 02 D7 E6
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data       : 57 6F 2D 6B E1 10 E2 A6 10 93 D0 4E 81 A1 44 3C
|                     F5 26 7E 3D
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 16 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs.  : SHA1, SHA-256, SHA-384, SHA-512

[VPN-Debug] 2025/05/29 22:30:40,389  Devicetime: 2025/05/29 22:30:39,255
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 940 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:55605
SPIs: 0x1373E76990BC9BB20000000000000000, Message-ID 0
Payloads: SA, NONCE, KE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(SIGNATURE_HASH_ALGORITHMS)
QUB-DATA: 192.168.178.125:500<---192.168.178.79:55605 rtg_tag 0 physical-channel WAN(1)
transport: [id: 700, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 55605
+No IKE_SA found
Counting consumed licenses by active channels...
  Consumed connected licenses   : 0
  Negotiating connections       : 0
  IKE negotiations              : 0
  MPPE connections              : 0
  LTA licenses                  : 0
  Licenses in use               : 0 < 25
  +Passive connection request accepted (17 micro seconds)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x1373E76990BC9BB206D5DF200CB90E7A00000000, P1, RESPONDER): Setting Negotiation SA
  Referencing (IKE_SA, 0x1373E76990BC9BB206D5DF200CB90E7A00000000, responder): use_count 3
Looking for payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41)...Found 1 payload.
  +Received signature hash algorithms: SHA1, SHA-256, SHA-384, SHA-512
Looking for payload NOTIFY(DETECTION_SOURCE_IP) (41)...Found 1 payload.
  +Computing SHA1(0x1373E76990BC9BB20000000000000000|192.168.178.79:55605)
  +Computing SHA1(0x1373E76990BC9BB20000000000000000C0A8B24FD935)
  +Computed: 0x8FDACE4653AD9D58A6636E2DD6DA6C1D7A02D7E6
  +Received: 0x8FDACE4653AD9D58A6636E2DD6DA6C1D7A02D7E6
  +Equal => NAT-T is disabled
Looking for payload NOTIFY(DETECTION_DESTINATION_IP) (41)...Found 1 payload.
  +Computing SHA1(0x1373E76990BC9BB20000000000000000|192.168.178.125:500)
  +Computing SHA1(0x1373E76990BC9BB20000000000000000C0A8B27D01F4)
  +Computed: 0x576F2D6BE110E2A61093D04E81A1443CF5267E3D
  +Received: 0x576F2D6BE110E2A61093D04E81A1443CF5267E3D
  +Equal => NAT-T is disabled
Looking for payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41)...Found 1 payload.
Looking for payload IKE_SA (33)...Found 1 payload.
  +Config   ENCR  transform(s): AES-CBC-256
  +Received ENCR  transform(s): AES-CBC-256 AES-CBC-192 AES-CBC-128
  +Best intersection: AES-CBC-256
  +Config   PRF   transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
  +Received PRF   transform(s): PRF-HMAC-SHA1 PRF-AES128-XCBC
  +Best intersection: PRF-HMAC-SHA1
  +Config   INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
  +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96
  +Best intersection: HMAC-SHA-256
  +Config   DH    transform(s): 30 29 28 21 20 16 19 15 14 2
  +Received DH    transform(s): 16 15 14
  +Best intersection: 16
Looking for payload NONCE (40)...Found 1 payload.
  +Nonce length=32 bytes
  +Nonce=0x0033D754EE5FF49B1314094C208CFCF5567A545DC21B86DB51B2AE20CEFE3965
  +SA-DATA-Ni=0x0033D754EE5FF49B1314094C208CFCF5567A545DC21B86DB51B2AE20CEFE3965

[VPN-Status] 2025/05/29 22:30:40,420  Devicetime: 2025/05/29 22:30:39,255
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 940 bytes
Gateways: 192.168.178.125:500<--192.168.178.79:55605
SPIs: 0x1373E76990BC9BB20000000000000000, Message-ID 0
Peer identified: DEFAULT
IKE_SA ('', '' IPSEC_IKE SPIs 0x1373E76990BC9BB206D5DF200CB90E7A) entered to SADB
Received 4 notifications: 
  +NAT_DETECTION_SOURCE_IP(0x8FDACE4653AD9D58A6636E2DD6DA6C1D7A02D7E6) (STATUS)
  +NAT_DETECTION_DESTINATION_IP(0x576F2D6BE110E2A61093D04E81A1443CF5267E3D) (STATUS)
  +IKEV2_FRAGMENTATION_SUPPORTED (STATUS)
  +SIGNATURE_HASH_ALGORITHMS(0x0001000200030004) (STATUS)
Peer (initiator) is not behind a NAT. NAT-T is disabled
We (responder) are not behind a NAT. NAT-T is disabled
+IKE-SA:
  IKE-Proposal-1  (12 transforms)
    ENCR : AES-CBC-256 AES-CBC-192 AES-CBC-128
    PRF  : PRF-HMAC-SHA1 PRF-AES128-XCBC
    INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256 AES-XCBC-96
    DH   : 16 15 14
  IKE-Proposal-2  (14 transforms)
    ENCR : AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
    PRF  : PRF-HMAC-SHA1 PRF-AES128-XCBC
    DH   : 16 15 14
+Received KE-DH-Group 16 (4096 bits)

[VPN-IKE] 2025/05/29 22:30:40,420  Devicetime: 2025/05/29 22:30:39,256
[DEFAULT] Sending packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:55605
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 13 73 E7 69 90 BC 9B B2
| Responder cookie  : 06 D5 DF 20 0C B9 0E 7A
| Next Payload      : SA
| Version           : 2.0
| Exchange type     : IKE_SA_INIT
| Flags             : 0x20 Response  
| Msg-ID            : 0
| Length            : 761 Bytes
SA Payload
| Next Payload      : KE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 48 Bytes
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 44 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_IKE
| | SPI size        : 0
| | #Transforms     : 4
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2     : 0x00
| | | Transform ID  : PRF-HMAC-SHA1 (2)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2     : 0x00
| | | Transform ID  : 4096-BIT MODP (16)
| | | Attributes    : NONE
KE Payload
| Next Payload      : NONCE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 520 Bytes
| DH Group          : 16
| Reserved2         : 0x0000
| DH-Key(4096 bits) : 11 E0 D6 B4 78 C9 DE 0A 3B E6 3D F7 1B E5 09 46
|                     98 23 E8 75 CA F9 CD E4 C3 47 37 79 6A B6 AE 28
|                     F9 5D 82 CE B0 35 65 FA 70 7D 1E 82 43 63 86 31
|                     2D 90 FA 7A BE 72 DF 81 A2 B7 E6 3A D5 C6 80 CE
|                     3A B5 2C 93 D3 71 A5 2C 3A B2 EB 72 7E 71 58 0A
|                     43 A6 2E C4 A5 04 ED 3B A1 FC 93 89 E6 5A 48 5E
|                     C2 D5 E7 89 35 DB 8F EB 88 77 23 4B FD 26 97 26
|                     51 DF 61 3C A4 C1 85 04 81 64 C0 2C 39 2E 22 9D
|                     AD E4 90 D9 C9 7E C2 0F 56 B7 B9 53 C6 13 C7 7A
|                     38 DE 55 AD F9 FA ED 33 53 3D 15 81 13 2D 37 52
|                     7D 04 31 89 F5 ED F6 0E 11 3C F6 E7 69 A5 85 21
|                     AA 9A 66 AA 9E 40 68 BF B3 01 E9 CF B8 5F A2 C9
|                     AC E5 85 ED B9 88 E6 A1 DB E2 5D C1 BB D8 07 A4
|                     0B A9 61 A3 7A 85 80 FD DC D1 A7 8C 2A 01 43 72
|                     49 9C 02 C3 A9 2C F5 65 92 D3 74 F3 1F 05 73 15
|                     84 0A B1 B8 CA 76 1B 51 94 C5 43 94 85 C0 F6 2A
|                     55 D6 16 9D 32 21 99 E8 FE 92 3D E1 D7 FD 24 B1
|                     83 D7 DE 9A 8F 04 52 73 BF 6C F1 26 DD D2 00 73
|                     17 B8 02 C0 17 95 62 72 A2 07 68 FE F0 6B BE B7
|                     12 95 F7 AB 33 1E A1 B4 AD 30 A7 59 0B F2 61 BA
|                     44 95 A7 62 2C F1 55 B7 62 54 77 EE 1A E3 FD 06
|                     43 D0 08 0A 95 38 95 5E E7 C7 42 8F 2A 11 71 44
|                     24 24 3B 9C CB 50 5F 43 D5 78 82 87 8F BB 14 B3
|                     BC 92 87 9D BC 98 60 8B 3F 44 56 BB 83 4C BD 13
|                     76 49 91 83 07 8A A3 DD 4B 3E CB 3B 3C AA 1F F2
|                     85 8D 79 66 B2 05 FF 4B DD 9F D2 C7 65 FE A2 03
|                     14 D6 83 8A 59 D8 CC 6D 8E 1D 87 3A 23 BC AF 5E
|                     93 B3 A7 27 34 F9 09 AB 9E 15 8F 09 50 0B 01 B1
|                     19 93 CF A8 C8 B9 9B BF 51 60 5F 5A 7E 4D 7F B4
|                     7D F0 37 A5 46 15 63 3F 5B 06 BE 0D 99 3B 42 F9
|                     CF 77 6B 91 51 4C DD 41 10 E2 D9 A9 62 32 B8 FE
|                     68 88 96 BC 2E 52 7C B3 82 CD 93 36 1F 3D 1B 03
NONCE Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 36 Bytes
| Nonce(256 bits)   : 8F F7 C9 A0 78 FF 05 40 DF E7 EC 17 F3 67 79 66
|                     67 FD F2 EC 59 60 CD 5F C6 0B 35 B4 44 86 41 C7
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data       : 6E 61 81 84 8C 28 95 0A 7F C7 CE 80 C7 EC F8 5C
|                     10 29 E0 9B
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data       : 52 99 95 F1 33 6B 97 D3 FB F9 54 FA 9E CB 2E 8C
|                     72 53 DE DE
NOTIFY Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 16 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : SIGNATURE_HASH_ALGORITHMS
| Sign. Hash Algs.  : SHA-256, SHA-384, SHA-512, IDENTITY
NOTIFY Payload
| Next Payload      : CERTREQ
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : IKEV2_FRAGMENTATION_SUPPORTED
CERTREQ Payload
| Next Payload      : VENDOR
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 25 Bytes
| Cert. Type        : X509_SIG
| Cert. Authority   : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|                     00 00 00 00
VENDOR Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 24 Bytes
| Vendor ID         : 81 75 2E B5 91 4D 73 5C DF CD C8 58 C3 A8 ED 7C
|                     1C 66 D1 42

[VPN-Debug] 2025/05/29 22:30:40,498  Devicetime: 2025/05/29 22:30:39,387
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
Constructing payload NONCE (40):
  +Nonce length=32 bytes
  +Nonce=0x8FF7C9A078FF0540DFE7EC17F367796667FDF2EC5960CD5FC60B35B4448641C7
  +SA-DATA-Nr=0x8FF7C9A078FF0540DFE7EC17F367796667FDF2EC5960CD5FC60B35B4448641C7
Constructing payload NOTIFY(DETECTION_SOURCE_IP) (41):
  +Computing SHA1(0x1373E76990BC9BB206D5DF200CB90E7A|192.168.178.125:500)
  +Computing SHA1(0x1373E76990BC9BB206D5DF200CB90E7AC0A8B27D01F4)
  +0x6E6181848C28950A7FC7CE80C7ECF85C1029E09B
Constructing payload NOTIFY(DETECTION_DESTINATION_IP) (41):
  +Computing SHA1(0x1373E76990BC9BB206D5DF200CB90E7A|192.168.178.79:55605)
  +Computing SHA1(0x1373E76990BC9BB206D5DF200CB90E7AC0A8B24FD935)
  +0x529995F1336B97D3FBF954FA9ECB2E8C7253DEDE
Constructing payload NOTIFY(SIGNATURE_HASH_ALGORITHMS) (41):
  +Signature hash algorithms: SHA-256,SHA-384,SHA-512,Identity
Constructing payload NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED) (41):
Constructing payload NOTIFY(USE_PPK) (41):
  +Initiator does not support PPK
Constructing payload CERTREQ (38):
  +0x0000000000000000000000000000000000000000
Constructing payload VENDOR(FRAGMENTATION) (43):
Constructing payload VENDOR(FRAGMENTATION(C0000000)) (43):
Constructing payload VENDOR(ikev2 config payload: Do not narrow my traffic selector) (43):
Constructing payload VENDOR(activate lancom-systems notification private range) (43):
Constructing payload NOTIFY(DEVICE-ID) (41):
  +Peer does not support private notifications -> ignore
+Shared secret derived in 65986 micro seconds
IKE_SA(0x1373E76990BC9BB206D5DF200CB90E7A).EXPECTED-MSG-ID raised to 1
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x1373E76990BC9BB206D5DF200CB90E7A00000000, P1, RESPONDER): Resetting Negotiation SA
  (IKE_SA, 'DEFAULT', 'ISAKMP-PEER-DEFAULT', 0x1373E76990BC9BB206D5DF200CB90E7A00000000, responder): use_count --5
+(request, response) pair inserted into retransmission map
Sending an IKE_SA_INIT-RESPONSE of 761 bytes (responder)
Gateways: 192.168.178.125:500-->192.168.178.79:55605, tag 0 (UDP)
SPIs: 0x1373E76990BC9BB206D5DF200CB90E7A, Message-ID 0
Payloads: SA, KE, NONCE, NOTIFY(DETECTION_SOURCE_IP), NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(SIGNATURE_HASH_ALGORITHMS), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), CERTREQ, VENDOR(activate lancom-systems notification private range)

[VPN-Status] 2025/05/29 22:30:40,500  Devicetime: 2025/05/29 22:30:39,387
Peer DEFAULT: Constructing an IKE_SA_INIT-RESPONSE for send
+IKE-SA:
  IKE-Proposal-1  (4 transforms)
    ENCR : AES-CBC-256
    PRF  : PRF-HMAC-SHA1
    INTEG: HMAC-SHA-256
    DH   : 16
+KE-DH-Group 16 (4096 bits)
IKE_SA_INIT [responder] for peer DEFAULT initiator id <no ipsec id>, responder id <no ipsec id>
initiator cookie: 0x1373E76990BC9BB2, responder cookie: 0x06D5DF200CB90E7A
SA ISAKMP for peer DEFAULT
 Encryption                    : AES-CBC-256
 Integrity                     : AUTH-HMAC-SHA-256
 IKE-DH-Group                  : 16
 PRF                           : PRF-HMAC-SHA1
life time soft 05/30/2025 20:06:39 (in 77760 sec) / 0 kb
life time hard 05/30/2025 22:30:39 (in 86400 sec) / 0 kb
DPD: NONE
Negotiated: IKEV2_FRAGMENTATION

Sending an IKE_SA_INIT-RESPONSE of 761 bytes (responder)
Gateways: 192.168.178.125:500-->192.168.178.79:55605, tag 0 (UDP)
SPIs: 0x1373E76990BC9BB206D5DF200CB90E7A, Message-ID 0

[VPN-IKE] 2025/05/29 22:30:40,500  Devicetime: 2025/05/29 22:30:39,388
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:55605
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 13 73 E7 69 90 BC 9B B2
| Responder cookie  : 06 D5 DF 20 0C B9 0E 7A
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x08   Initiator
| Msg-ID            : 1
| Length            : 496 Bytes
ENCR Payload
| Next Payload      : IDI
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 468 Bytes
| IV                : 79 B0 54 F6 B5 29 60 60 B9 CD BA 42 66 24 E8 DA
| Encrypted Data    : 9A FC EE 7A 8B 50 6A 9C 4C 1E B7 33 0D 6C 10 46
|                     B7 B5 2F 18 D4 9D CB 72 63 47 F0 7A 94 51 9F 87
|                     EA 32 E5 47 46 42 43 FD A3 84 A3 70 D2 9D 5D 70
|                     C4 33 92 49 CB 35 28 1C 10 62 2C 2E BD 89 D8 11
|                     6E 86 34 AE 97 01 5D ED 34 55 FF CF 78 57 71 28
|                     A5 C6 C0 43 15 0D 9D CE DF 60 2D 0D 67 F9 37 C9
|                     62 EC 29 75 11 77 77 9B B9 E3 79 94 F7 1B 7D F6
|                     9E 45 9A BE 78 2F EF B6 52 74 72 E9 8B 9D 12 A9
|                     57 E2 92 07 B8 95 2E E3 FA 6C 4A 8F C4 33 2E 23
|                     A5 89 04 D1 58 C0 FC A5 B3 30 9D D8 9D C9 6F C0
|                     CC CD E1 5D D1 4D 86 4E 50 8E 56 E7 AE E1 08 77
|                     9A 3C 3C D5 A2 92 88 37 F1 D8 4E 09 13 C4 5F CD
|                     0A 3B A8 AB F1 93 9C 0A E5 0A 3B A5 20 B9 26 E7
|                     6E B1 6D F3 19 CD 98 36 C1 4B F8 03 75 AC 62 71
|                     32 68 4E BA 19 98 88 10 2B 38 B1 BD D2 88 2C 24
|                     8D 53 3A 5E A4 95 30 70 BF 5C BC 8A 3D 1F 00 21
|                     EB 48 9F 7E 92 A3 B4 A1 A0 B6 CD 78 82 32 63 9D
|                     B3 76 FE FA E4 D0 E6 71 8D 98 F7 DF 23 56 5F 04
|                     F7 A9 AA 4A 23 53 AF BC 05 28 02 55 6A 2E 22 5E
|                     F8 B1 D8 B5 E4 BE 42 C5 55 D2 A5 EF F9 E6 87 7A
|                     D6 D7 3B F7 36 36 F5 A8 56 FA BC 2D 86 B6 11 A9
|                     12 1D DC A6 E0 FC E6 D1 E2 66 B0 37 C6 6D DE 79
|                     22 B9 46 46 B2 52 00 A5 41 4B E9 79 BA EA E3 F5
|                     E5 39 B1 51 48 59 B0 14 90 F1 28 21 88 5E 73 FC
|                     9D 55 61 32 D2 D3 36 3B 93 0B 79 DA 4A E2 7A 85
|                     3F A2 8C DB 48 FE FB C6 FA AB F9 19 F0 D1 6B 3A
|                     4D 8B 95 38 48 F0 1D A9 67 3B ED F6 00 A9 4F 5B
| ICV               : 12 10 78 A1 4F DD 61 A3 ED 7E 2A 51 D6 C9 F5 74

[VPN-IKE] 2025/05/29 22:30:40,500  Devicetime: 2025/05/29 22:30:39,388
[DEFAULT] Received packet after decryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.79:55605
Destination/Port    : 192.168.178.125:500
Routing-tag         : 0
Com-channel         : 0
| Initiator cookie  : 13 73 E7 69 90 BC 9B B2
| Responder cookie  : 06 D5 DF 20 0C B9 0E 7A
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x08   Initiator
| Msg-ID            : 1
| Length            : 496 Bytes
ENCR Payload
| Next Payload      : IDI
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 468 Bytes
| IV                : 79 B0 54 F6 B5 29 60 60 B9 CD BA 42 66 24 E8 DA
| ICV               : 12 10 78 A1 4F DD 61 A3 ED 7E 2A 51 D6 C9 F5 74
IDI Payload
| Next Payload      : IDR
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 10 Bytes
| ID type           : FQDN
| Reserved          : 0x000000
| ID                : FH
IDR Payload
| Next Payload      : AUTH
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 12 Bytes
| ID type           : IPV4_ADDR
| Reserved          : 0x000000
| ID                : 192.168.178.125
AUTH Payload
| Next Payload      : SA
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Auth. Method      : PRESHARED_KEY
| Reserved          : 0x000000
| Auth. Data        : 8D 3C 97 E3 30 4F 7B BB 7E A5 2F 36 B1 8A 4C 1E
|                     48 10 80 FB
SA Payload
| Next Payload      : TSi
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 212 Bytes
| PROPOSAL Payload
| | Next Payload    : PROPOSAL
| | Reserved        : 0x00
| | Length          : 80 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_ESP
| | SPI size        : 4
| | #Transforms     : 7
| | SPI             : 54 F8 25 5C
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-512 (14)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-384 (13)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2     : 0x00
| | | Transform ID  : NONE (0)
| | | Attributes    : NONE
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 128 Bytes
| | Proposal number : 2
| | Protocol ID     : IPSEC_ESP
| | SPI size        : 4
| | #Transforms     : 10
| | SPI             : 5B 29 33 11
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 192
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-12 (19)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-GCM-8 (18)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 128
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2     : 0x00
| | | Transform ID  : NONE (0)
| | | Attributes    : NONE
TSi Payload
| Next Payload      : TSr
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 64 Bytes
| Number of TSs     : 2
| Reserved          : 0x000000
| Traffic Selector 0
| | Type            : TS_IPV4_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 16
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : 0.0.0.0 - 255.255.255.255
| Traffic Selector 1
| | Type            : TS_IPV6_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 40
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
TSr Payload
| Next Payload      : CP
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 64 Bytes
| Number of TSs     : 2
| Reserved          : 0x000000
| Traffic Selector 0
| | Type            : TS_IPV4_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 16
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : 0.0.0.0 - 255.255.255.255
| Traffic Selector 1
| | Type            : TS_IPV6_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 40
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : :: - ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
CP Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 32 Bytes
| Type              : REQUEST
| Reserved2         : 0x000000
| Attribute 0
| | Type            : Variable, INTERNAL_IP4_ADDRESS
| | Length          : 0
| | Value           : 
| Attribute 1
| | Type            : Variable, INTERNAL_IP6_ADDRESS
| | Length          : 0
| | Value           : 
| Attribute 2
| | Type            : Variable, INTERNAL_IP4_DNS
| | Length          : 0
| | Value           : 
| Attribute 3
| | Type            : Variable, INTERNAL_IP6_DNS
| | Length          : 0
| | Value           : 
| Attribute 4
| | Type            : Variable, INTERNAL_IP4_NETMASK
| | Length          : 0
| | Value           : 
| Attribute 5
| | Type            : Variable, APPLICATION_VERSION
| | Length          : 0
| | Value           : 
Rest                : E5 69 01 17 F2 77 B8 37 9C 09

[VPN-Debug] 2025/05/29 22:30:40,500  Devicetime: 2025/05/29 22:30:39,389
Config parser update peer's FH remote gateway to 192.168.178.79 (old 0.0.0.0)

[VPN-Debug] 2025/05/29 22:30:40,501  Devicetime: 2025/05/29 22:30:39,389
Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 496 bytes (encrypted)
Gateways: 192.168.178.125:500<--192.168.178.79:55605
SPIs: 0x1373E76990BC9BB206D5DF200CB90E7A, Message-ID 1
Payloads: ENCR
QUB-DATA: 192.168.178.125:500<---192.168.178.79:55605 rtg_tag 0 physical-channel WAN(1)
transport: [id: 700, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, DSCP: CS6, ECN: Not-ECT, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0], local port: 500, remote port: 55605
+IKE_SA found and assigned
+Exchange created (flags: 0x00000000)
Message verified successfully
Message decrypted successfully
Payloads: ENCR, IDI, IDR, AUTH(PSK), SA, TSI, TSR, CP(REQUEST)
(IKEv2-Exchange 'DEFAULT', 'ISAKMP-PEER-DEFAULT' 0x1373E76990BC9BB206D5DF200CB90E7A00000001, P2, RESPONDER): Setting Negotiation SA
  Referencing (CHILD_SA, 0x1373E76990BC9BB206D5DF200CB90E7A0000000100, responder): use_count 3
Looking for payload IDI (35)...Found 1 payload.
  +Received-ID FH:FQDN matches the Expected-ID FH:FQDN
  +Config   ENCR  transform(s): AES-CBC-256
  +Received ENCR  transform(s): AES-CBC-256
  +Best intersection: AES-CBC-256
  +Config   PRF   transform(s): PRF-HMAC-SHA-256 PRF-HMAC-SHA1
  +Received PRF   transform(s): PRF-HMAC-SHA1
  +Best intersection: PRF-HMAC-SHA1
  +Config   INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
  +Received INTEG transform(s): HMAC-SHA-256
  +Best intersection: HMAC-SHA-256
  +Config   DH    transform(s): 16 2
  +Received DH    transform(s): 16
  +Best intersection: 16
Looking for payload TSI (44)...Found 1 payload.
  Looking for a rule...
  Trying rule 0: IPSEC-0-FH-PR0-L0-R0
  Determining best intersection for TSi
  Expected TS :(  0,     0-65535,   235.2.143.209-235.2.143.209  )
  Received TS :(  0,     0-65535,         0.0.0.0-255.255.255.255)
  Intersection:(  0,     0-65535,   235.2.143.209-235.2.143.209  )
  Determining best intersection for TSi
  Expected TS :(  0,     0-65535,   235.2.143.209-235.2.143.209  )
  Received TS :(  0,     0-65535,                                      ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
  -No intersection
  Best        :(  0,     0-65535,   235.2.143.209-235.2.143.209  )
  Determining best intersection for TSr
  Expected TS :(  0,     0-65535,         0.0.0.0-255.255.255.255)
  Received TS :(  0,     0-65535,         0.0.0.0-255.255.255.255)
  Intersection:(  0,     0-65535,         0.0.0.0-255.255.255.255)
  Determining best intersection for TSr
  Expected TS :(  0,     0-65535,         0.0.0.0-255.255.255.255)
  Received TS :(  0,     0-65535,                                      ::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff)
  -No intersection
  Best        :(  0,     0-65535,         0.0.0.0-255.255.255.255)
  +Valid intersection found
  TSi: (  0,     0-65535,   235.2.143.209-235.2.143.209  )
  TSr: (  0,     0-65535,         0.0.0.0-255.255.255.255)
  +TSi OK.
Looking for payload TSR (45)...Found 1 payload.
  +TSr OK.
Looking for payload CHILD_SA (33)...Found 1 payload.
  +Config   ENCR  transform(s): AES-CBC-256
  +Received ENCR  transform(s): AES-CBC-256 AES-CBC-192 AES-CBC-128
  +Best intersection: AES-CBC-256
  +Config   INTEG transform(s): HMAC-SHA-256 HMAC-SHA1
  +Received INTEG transform(s): HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256
  +Best intersection: HMAC-SHA-256
  +Config   ESN   transform(s): NONE
  +Received ESN   transform(s): NONE
  +Best intersection: NONE

[VPN-Status] 2025/05/29 22:30:40,501  Devicetime: 2025/05/29 22:30:39,389
Peer DEFAULT [responder]: Received an IKE_AUTH-REQUEST of 496 bytes (encrypted)
Gateways: 192.168.178.125:500<--192.168.178.79:55605
SPIs: 0x1373E76990BC9BB206D5DF200CB90E7A, Message-ID 1
CHILD_SA ('', '' ) entered to SADB
+Received-ID FH:FQDN matches the Expected-ID FH:FQDN
+Peer identified: FH
+Peer uses AUTH(PSK)
+Authentication successful
Request attributes:
  INTERNAL_IP4_ADDRESS()
  INTERNAL_IP6_ADDRESS()
  INTERNAL_IP4_DNS()
  INTERNAL_IP6_DNS()
  INTERNAL_IP4_NETMASK()
  APPLICATION_VERSION()
Assigned IPv4 config parameters:
  IP:      235.2.143.209
  DNS:     192.168.99.1
Cannot assign IPv6 config parameters to non-existent interface FH
TSi: (  0,     0-65535,   235.2.143.209-235.2.143.209  )
TSr: (  0,     0-65535,         0.0.0.0-255.255.255.255)
+CHILD-SA:
  ESP-Proposal-1 Peer-SPI: 0x54F8255C (7 transforms)
    ENCR : AES-CBC-256 AES-CBC-192 AES-CBC-128
    INTEG: HMAC-SHA-512 HMAC-SHA-384 HMAC-SHA-256
    ESN  : NONE
  ESP-Proposal-2 Peer-SPI: 0x5B293311 (10 transforms)
    ENCR : AES-GCM-16-256 AES-GCM-12 AES-GCM-8 AES-GCM-16-192 AES-GCM-12 AES-GCM-8 AES-GCM-16-128 AES-GCM-12 AES-GCM-8
    ESN  : NONE

[VPN-IKE] 2025/05/29 22:30:40,501  Devicetime: 2025/05/29 22:30:39,390
[FH] Sending packet before encryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:55605
Routing-tag         : 0
Com-channel         : 12
| Initiator cookie  : 13 73 E7 69 90 BC 9B B2
| Responder cookie  : 06 D5 DF 20 0C B9 0E 7A
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x20 Response  
| Msg-ID            : 1
| Length            : 240 Bytes
ENCR Payload
| Next Payload      : IDR
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 212 Bytes
| IV                : C7 AA 0E 29 FA 0F 45 26 7B D3 97 BE 65 49 BA 20
| ICV               : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
IDR Payload
| Next Payload      : AUTH
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 12 Bytes
| ID type           : IPV4_ADDR
| Reserved          : 0x000000
| ID                : 192.168.178.125
AUTH Payload
| Next Payload      : CP
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 28 Bytes
| Auth. Method      : PRESHARED_KEY
| Reserved          : 0x000000
| Auth. Data        : 51 02 2C 06 5B 7F B7 70 D6 55 45 8A 14 84 8E 3A
|                     DF D0 E1 44
CP Payload
| Next Payload      : TSi
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 24 Bytes
| Type              : REPLY
| Reserved2         : 0x000000
| Attribute 0
| | Type            : Variable, INTERNAL_IP4_ADDRESS
| | Length          : 4
| | Value           : 235.2.143.209
| Attribute 1
| | Type            : Variable, INTERNAL_IP4_DNS
| | Length          : 4
| | Value           : 192.168.99.1
TSi Payload
| Next Payload      : TSr
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 24 Bytes
| Number of TSs     : 1
| Reserved          : 0x000000
| Traffic Selector 0
| | Type            : TS_IPV4_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 16
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : 235.2.143.209 - 235.2.143.209
TSr Payload
| Next Payload      : NOTIFY
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 24 Bytes
| Number of TSs     : 1
| Reserved          : 0x000000
| Traffic Selector 0
| | Type            : TS_IPV4_ADDR_RANGE
| | Protocol        : ANY
| | Length          : 16
| | Start Port      : 0
| | End   Port      : 65535
| | Address Range   : 0.0.0.0 - 255.255.255.255
NOTIFY Payload
| Next Payload      : SA
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 8 Bytes
| Protocol ID       : <Unknown 0>
| SPI size          : 0
| Message type      : STATUS_INITIAL_CONTACT
SA Payload
| Next Payload      : NONE
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 44 Bytes
| PROPOSAL Payload
| | Next Payload    : NONE
| | Reserved        : 0x00
| | Length          : 40 Bytes
| | Proposal number : 1
| | Protocol ID     : IPSEC_ESP
| | SPI size        : 4
| | #Transforms     : 3
| | SPI             : 91 11 BE 9C
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2     : 0x00
| | | Transform ID  : AES-CBC (12)
| | | Attribute 0
| | | | Type        : Basic, KEYLENGTH
| | | | Value       : 256
| | TRANSFORM Payload
| | | Next Payload  : TRANSFORM
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2     : 0x00
| | | Transform ID  : HMAC-SHA-256 (12)
| | | Attributes    : NONE
| | TRANSFORM Payload
| | | Next Payload  : NONE
| | | Reserved      : 0x00
| | | Length        : 8 Bytes
| | | Transform Type: ESN (5)
| | | Reserved2     : 0x00
| | | Transform ID  : NONE (0)
| | | Attributes    : NONE
Rest                : 00 00 00 00 00 00 00 00 00 00 00 0B

[VPN-IKE] 2025/05/29 22:30:40,501  Devicetime: 2025/05/29 22:30:39,390
[FH] Sending packet after encryption:
IKE 2.0 Header:
Source/Port         : 192.168.178.125:500
Destination/Port    : 192.168.178.79:55605
Routing-tag         : 0
Com-channel         : 12
| Initiator cookie  : 13 73 E7 69 90 BC 9B B2
| Responder cookie  : 06 D5 DF 20 0C B9 0E 7A
| Next Payload      : ENCR
| Version           : 2.0
| Exchange type     : IKE_AUTH
| Flags             : 0x20 Response  
| Msg-ID            : 1
| Length            : 240 Bytes
ENCR Payload
| Next Payload      : IDR
| CRITICAL          : NO
| Reserved          : 0x00
| Length            : 212 Bytes
| IV                : C7 AA 0E 29 FA 0F 45 26 7B D3 97 BE 65 49 BA 20
| Encrypted Data    : EE FB 55 B2 87 C6 EB 69 08 1A B2 A3 83 09 A6 65
|                     64 16 2F 89 5D 6B 38 D2 61 84 63 04 42 09 94 A7
|                     D4 C7 75 BD B5 3B 78 93 D8 49 20 1F A9 37 58 25
|                     50 6C 10 CD 95 DD 78 5E 96 75 E0 CB 4C C6 8D 13
|                     0A F3 B2 C6 95 B7 4A D1 46 60 1E BA C3 AA B1 E8
|                     C7 DD A9 6D 43 DD 66 64 DB 89 32 3B 45 63 E2 35
|                     0A C5 FF B8 C8 48 EF EE 3E 67 D4 40 5B 0F 56 63
|                     CF 81 50 81 D0 09 0A A6 E1 93 2B 4E 67 CB 7C 4F
|                     B7 AC 8A 9B 51 35 EF F4 D0 73 A2 4C 4C A7 AA 8A
|                     39 5E 97 2A 7E E2 89 90 39 29 E9 19 83 6A 37 BA
|                     31 F1 A8 94 D1 C8 7C 56 50 69 7A 1D 8D C9 E5 9A
| ICV               : 7D B9 15 3F BD D0 46 87 70 F8 7F 29 33 5D D0 50

[VPN-Debug] 2025/05/29 22:30:40,501  Devicetime: 2025/05/29 22:30:39,391
Peer FH: Constructing an IKE_AUTH-RESPONSE for send
Constructing payload NOTIFY(MOBIKE_SUPPORTED) (41):
  +Initiator does not support MOBIKE
Constructing payload NOTIFY(MANAGEMENT_IP4_ADDRESS) (41):
Constructing payload NOTIFY(MANAGEMENT_IP6_ADDRESS) (41):
Constructing payload CP(REPLY) (47):
  +INTERNAL_IP4_ADDRESS(235.2.143.209)
  +INTERNAL_IP4_DNS(192.168.99.1)
Constructing payload NOTIFY(INITIAL_CONTACT) (41):
Message encrypted successfully
Message authenticated successfully
IKE_SA(0x1373E76990BC9BB206D5DF200CB90E7A).EXPECTED-MSG-ID raised to 2
IPSEC overhead initialized to 34
(IKEv2-Exchange 'FH', 'IPSEC-0-FH-PR0-L0-R0' 0x1373E76990BC9BB206D5DF200CB90E7A00000001, P2, RESPONDER, comchannel 12): Resetting Negotiation SA
  (CHILD_SA, 'FH', 'IPSEC-0-FH-PR0-L0-R0', 0x1373E76990BC9BB206D5DF200CB90E7A0000000100, responder): use_count --2
+(request, response) pair inserted into retransmission map
Sending an IKE_AUTH-RESPONSE of 240 bytes (responder encrypted)
Gateways: 192.168.178.125:500-->192.168.178.79:55605, tag 0 (UDP)
SPIs: 0x1373E76990BC9BB206D5DF200CB90E7A, Message-ID 1
Payloads: ENCR

[VPN-Status] 2025/05/29 22:30:40,501  Devicetime: 2025/05/29 22:30:39,391
Peer FH: Constructing an IKE_AUTH-RESPONSE for send
+Local-ID  192.168.178.125:IPV4_ADDR
+I use AUTH(PSK)

IKE_SA_INIT [responder] for peer FH initiator id FH, responder id  192.168.178.125
initiator cookie: 0x1373E76990BC9BB2, responder cookie: 0x06D5DF200CB90E7A
SA ISAKMP for peer FH
 Encryption                    : AES-CBC-256
 Integrity                     : AUTH-HMAC-SHA-256
 IKE-DH-Group                  : 16
 PRF                           : PRF-HMAC-SHA1
life time soft 05/30/2025 20:06:39 (in 77760 sec) / 0 kb
life time hard 05/30/2025 22:30:39 (in 86400 sec) / 0 kb
DPD: 31 sec
Negotiated: IKEV2_FRAGMENTATION

Reply attributes:
  INTERNAL_IP4_ADDRESS(235.2.143.209)
  INTERNAL_IP4_DNS(192.168.99.1)
+TSi 0: (  0,     0-65535,   235.2.143.209-235.2.143.209  )
+TSr 0: (  0,     0-65535,         0.0.0.0-255.255.255.255)
+CHILD-SA:
  ESP-Proposal-1 My-SPI: 0x9111BE9C (3 transforms)
    ENCR : AES-CBC-256
    INTEG: HMAC-SHA-256
    ESN  : NONE

CHILD_SA [responder] done with 2 SAS for peer FH rule IPSEC-0-FH-PR0-L0-R0
192.168.178.125:500-->192.168.178.79:55605, Routing tag 0, Com-channel 12, IPsec-Offset 77
rule: ipsec 0.0.0.0/0 <-> 235.2.143.209/32
outgoing SA ESP [0x54F8255C]
  Encryption                    : AES-CBC-256
  Integrity                     : AUTH-HMAC-SHA-256
  PFS-DH-Group                  : None
  ESN                           : None
incoming SA ESP [0x9111BE9C]
  Encryption                    : AES-CBC-256
  Integrity                     : AUTH-HMAC-SHA-256
  PFS-DH-Group                  : None
  ESN                           : None
life time soft 05/30/2025 02:06:39 (in 12960 sec) / 1800000 kb
life time hard 05/30/2025 02:30:39 (in 14400 sec) / 2000000 kb
tunnel between src: 192.168.178.125 dst: 192.168.178.79

Sending an IKE_AUTH-RESPONSE of 240 bytes (responder encrypted)
Gateways: 192.168.178.125:500-->192.168.178.79:55605, tag 0 (UDP)
SPIs: 0x1373E76990BC9BB206D5DF200CB90E7A, Message-ID 1

[VPN-Debug] 2025/05/29 22:30:40,559  Devicetime: 2025/05/29 22:30:39,391
Peer FH: Trigger next pended request to establish an exchange
  Current request is none
  IKE_SA is not REPLACED
There are 0 pending requests

[VPN-Status] 2025/05/29 22:30:40,559  Devicetime: 2025/05/29 22:30:39,391
set_ip_transport for FH: [id: 701, UDP (17) {incoming unicast, fixed source address}, dst: 192.168.178.79, tag 0 (U), src: 192.168.178.125, hop limit: 64, pmtu: 1500, iface: INET_1 (3), mac address: b0:cf:cb:fa:3f:57, port 0] (vpn-mtu=1280 vpn-mtu-offset=77)

[VPN-Status] 2025/05/29 22:30:40,559  Devicetime: 2025/05/29 22:30:39,391
VPN: WAN state changed to WanCalled for FH (192.168.178.79 IKEv2)[BT] ffffffff82e753eb ffffffff82e84963 ffffffff82e5f3ed ffffffff83cb21a9 ffffffff85f92456 ffffffff83cacdb9 ffffffff83cb5f30

[VPN-Status] 2025/05/29 22:30:40,559  Devicetime: 2025/05/29 22:30:39,391
vpn-maps[12], remote: FH, nego, dns-name, static-name, connected-by-name

[VPN-Status] 2025/05/29 22:30:40,559  Devicetime: 2025/05/29 22:30:39,391
VPN: wait for IKE negotiation from FH (192.168.178.79 IKEv2)

[VPN-Status] 2025/05/29 22:30:40,559  Devicetime: 2025/05/29 22:30:39,391
VPN: WAN state changed to WanProtocol for FH (192.168.178.79 IKEv2)[BT] ffffffff82e753eb ffffffff82e84963 ffffffff82e5de4b ffffffff82e5f23c ffffffff83cb21a9 ffffffff85f92456 ffffffff83cacdb9 ffffffff83cb5f30

[VPN-Status] 2025/05/29 22:30:41,511  Devicetime: 2025/05/29 22:30:40,393
VPN: FH connected

[VPN-Debug] 2025/05/29 22:30:41,511  Devicetime: 2025/05/29 22:30:40,393 [Tunnel-Groups] Peer FH without group has connected to 192.168.178.79, ignored

[VPN-Status] 2025/05/29 22:30:41,511  Devicetime: 2025/05/29 22:30:40,393
VPN: WAN state changed to WanConnect for FH (192.168.178.79 IKEv2)[BT] ffffffff82e753eb ffffffff82e84963 ffffffff82e5cf0e ffffffff8189e6e5 ffffffff85f92456 ffffffff83cacdb9 ffffffff83cb5f30

[VPN-Status] 2025/05/29 22:30:41,511  Devicetime: 2025/05/29 22:30:40,393
vpn-maps[12], remote: FH, connected, dns-name, static-name, connected-by-name


[TraceStopped] 2025/05/29 22:30:57,233

Dr.Einstein · Beitrag von **Dr.Einstein** » 29 Mai 2025, 22:40

VPN: FH connected

Zufrieden?

eagle1900 · Beitrag von **eagle1900** » 29 Mai 2025, 22:43

Hallo,

nein, auf dem Android-Gerät steht immer noch, Verbindung wird hergestellt und kein Connected - der VPN geht aber auch nicht

Also wohl schon mal wieder ein Schritt weiter - aber noch kein funktionierender VPN

Nachtrag - ich glaube ich hab's - Android zeigt mir verbunden an, wenn ich folgendes einstelle

Regelerzeugung Manuell
IP-Router einen Routing-Eintrag für die Gegenstelle FH setzen - dann kann ich die interne IP des 2100EF erreichen.

Ich probiere das gleich mal auf dem 1936er aus ob es da nun auch klappt, weil eigentlich ist das mein VPN-Zielgerät

Nachtrag 2
Jetzt kommt der Teil den ich nicht verstehe, wenn ich in der default-Gegenstelle SHA 512 / SHA 384 rein nehme, geht der VPN nicht mehr, steht da nur SHA-1 und SHA-256 geht alles - warum er nicht die Einstellungen der FH-Gegenstelle verwendet, erschießt sich mir nicht so wirklich.

Grüße

Dr.Einstein · Beitrag von **Dr.Einstein** » 29 Mai 2025, 23:22

eagle1900 hat geschrieben: 29 Mai 2025, 22:43 Jetzt kommt der Teil den ich nicht verstehe, wenn ich in der default-Gegenstelle SHA 512 / SHA 384 rein nehme, geht der VPN nicht mehr, steht da nur SHA-1 und SHA-256 geht alles - warum er nicht die Einstellungen der FH-Gegenstelle verwendet, erschießt sich mir nicht so wirklich.

Die Default Gegenstelle greift immer für ankommende Verbindungen, die noch keinem Peer zugeordnet werden können, z.B. anhand der WAN-IP-Adresse. Ist völlig normal.

eagle1900 · Beitrag von **eagle1900** » 31 Mai 2025, 00:06

Hallo,

erstmal ein ganz großes !!DANKE!!, ich bin schon mal einen riesen Schritt weiter dank deiner Hilfe.

Ich habe die Konfig 1 zu 1 auf den 1936 übertragen und ein paar Anpassungen gemacht und es hat nicht funktioniert. Das Problem scheint bei dem Android-Gerät die "Lokale Identität" zu sein,

Dann habe ich ausprobiert was das Problem ist,

stelle ich auf IPv4-Adresse und trage im Android die IPv4-Adresse vom Router ein geht es
stelle ich auf FQDN und konnekte über die goip-Adresse (dyndns) geht es , über genau die eine Leitung, auf der anderen nicht
trage ich keine Identität ein - geht es nicht

die anderen habe ich auch nicht zum laufen bekommen - meinen hoffentlich letzte Frage - gibt es eine Möglichkeit das geschickter zu machen - weil der 1936 hat an einem Load-Balancer mehrere Leitungen - 1*Glasfaser und einmal VDSL - dyn. öffentliche IPv4 Adressen. Bisher war es möglich den VPN 2mal auf dem Android-Gerät einzurichten um einmal auf der einen und einmal auf der anderen Leitung reinzukommen - falls mal der eine oder andere Dyndns-Dienst oder Leitung nicht geht.

Bei dem anderen Android-Gerät was unproblematisch war, habe ich einfach lokal "Key-ID" und "Lancom" eingestellt und es funktioniert, egal von welcher Leitung ich reinkomme.

Mit dem Eintrag FQDN muss ich dann natürlich den VPN auch mehrfach auf dem Lancom einrichten, wenn ich über unterschiedliche Leitungen eingehende einen VPN aufbauen will.

Schönes Wochenende

LANCOM-Forum.de

Probleme IKVv2 VPN zu Android-Gerät

Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät

Re: Probleme IKVv2 VPN zu Android-Gerät