VPN Pathfinder (HTTPS) und NCP VPN Premium Client

Forum zum Thema allgemeinen Fragen zu VPN

Moderator: Lancom-Systems Moderatoren

Antworten
jb2002kbg
Beiträge: 3
Registriert: 30 Aug 2020, 15:50

VPN Pathfinder (HTTPS) und NCP VPN Premium Client

Beitrag von jb2002kbg »

Hallo,
ich bin neu im Forum und benötige Eure Hilfe :M

Zu meinem Setup:

* LANCOM 1783 VA mit LCOS 10.40RU1
* VPN IKEv2 (NAT-T und IKE über HTTPS sind aktiviert)
* Client: Android / NCP Client Premium

Ich habe mir vor einiger Zeit den NCP VPN Premium Client aus dem Google App Store gekauft, um die volle VPN Funktionalität meines LANCOM Clients zu nutzen. NCP wirbt damit, zu LANCOM kompatibel zu sein. Auch LANCOM verwendet die NCP Pathfinder Technologie in den Betriebssystemen

Die VPN Einwahl mit Zertifikat funktioniert auch bestens, wenn die Ports 500 und 4500 geöffnet sind (Einwahl über LTE)
In einem Netz, wo diese Ports gesperrt sind schaltet der Client automatisch auf einen Verbindungsversuch zum Port 443 um.

DIese Anfrage erreicht auch meinen Router.

Allerdings erscheint dann folgende Fehlermeldung im VPN Trace Log:

Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1044 bytes
Gateways: 87.175.109.29:443<--10.10.123.114:9500
SPIs: 0x2BB65D7C5B747E650000000000000000, Message-ID 1
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1044 bytes
Gateways: 87.175.109.29:443<--10.10.123.114:9500
SPIs: 0x2BB65D7C5B747E650000000000000000, Message-ID 1
Peer identified: DEFAULT
-Received an IKE_SA_INIT-REQUEST with non zero MSG-ID
Peer identified: DEFAULT
-Received an IKE_SA_INIT-REQUEST with non zero MSG-ID

[TraceStopped] 2020/08/30 16:24:52,337
Used config:
# Trace config
trace + Status
trace + Error
trace + ICMP
trace + VPN-Status

# Show commands
show bootlog
show vpn

Ich habe mich auch mit dem Support von NCP in Verbindung gesetzt, leider erfolglos.

Kennt jemand diesen Effekt und hat ggf. einen Tipp für mich, was ich dort noch machen kann?

Vielen lieben Dank und viele Grüße :-)
Nach oben
GrandDixence
Beiträge: 1061
Registriert: 19 Aug 2014, 22:41

Re: VPN Pathfinder (HTTPS) und NCP VPN Premium Client

Beitrag von GrandDixence »

Falls hier effiziente Hilfestellung erwünscht ist, muss aus dem entsprechenden VPN-Trace ersichtlich sein:

a) In welchem IKE-Telegramm der Verbindungsaufbau abbricht => Erstes, zweites, drittes oder viertes IKE-Telegramm? Siehe:
fragen-zum-thema-vpn-f14/vpntunnel-von- ... ml#p103979

b) Den Grund weshalb der VPN-Server oder der VPN-Client den Aufbau des VPN-Tunnels abbricht => Trace-Ausgaben von VPN-IKE, VPN-Status, VPN-Debug zur Fehlersuche einsetzen.

Alles andere ist Kaffeesatzlesen...

=> Das "non zero MSG-ID" im 1. IKE-Telegramm (IKE_SA_INIT_REQUEST) wird sehr wahrscheinlich nicht der Abbruchgrund sein!
Nach oben
jb2002kbg
Beiträge: 3
Registriert: 30 Aug 2020, 15:50

Re: VPN Pathfinder (HTTPS) und NCP VPN Premium Client

Beitrag von jb2002kbg »

Hallo, vielen Dank für den Hinweis

ich habe jetzt im LANCOM LOG die Optionen (VPN Debug, VPN IKE, VPN Packet, VPN Status aktiviert)
Ich habe nach einem neuen Versuch folgende Daten erhalten

[Sysinfo] 2020/08/30 17:30:28,872
Result of command: "sysinfo"

DEVICE: LANCOM 1783VA (over ISDN)
HW-RELEASE: A
SERIAL-NUMBER: 4004319518100225
MAC-ADDRESS: 00a0572e95f3
IP-ADDRESS: 10.10.11.11
IP-NETMASK: 255.255.255.224
INTRANET-ADDRESS: 0.0.0.0
INTRANETMASK: 0.0.0.0
VERSION: 10.40.0291RU1 / 24.08.2020
VERSION-GIT: 82ae6ffc526100fbc5407870900ff37a459297c2
NAME: 1783VA
CONFIG-STATUS: 17440;0;e5ca031abb18a76750cbf51af842a4c434168505.15281330082020.2615
FIRMWARE-STATUS: 0;0.27;0.4;10.40.0291RU1.24082020.27;10.32.0183RU10.10062020.26
LOADER: 4.16.0003Rel
HW-MASK: 00000000000000000000000011100011
FEATUREWORD: 00000100001000000000000100011100
REGISTERED-WORD: 00000100001000000000000100011100
FEATURE-LIST: 02/F
FEATURE-LIST: 03/F
FEATURE-LIST: 04/F
FEATURE-LIST: 08/F
FEATURE-LIST: 15/F
FEATURE-LIST: 1a/F
FEATURE-LIST: 2b/F
TIME: 17302830082020
HTTP-PORT: 80
HTTPS-PORT: 443
TELNET-PORT: 23
TELNET-SSL-PORT: 992
SSH-PORT: 22
SNMP-PORT: 161
TFTP-PORT: 69
Production-Date: 2017-01-19
MOD-Level: A3
LOCATION:
COUNTRY-CODE: 0/0 (NA)
COMMENT:
MYVPN: 0
MYVPN-HOSTNAME:
EXTENDED-NAME: LANCOM 1783VA (over ISDN)
WePaper AP-ID: 00000000
ESL-TX-POWER: 0,0,0,0,0,0,0,0,0,0,0
SNMP-PASSWORD-REQ: 0
OEM:
VENDOR: LANCOM Systems
OEMFILE: 1.06;"LANCOM Systems";"LANCOM 1783VA_(over_[POTS;ISDN])"
PROJECT: vera lc1783va
OpenSSL: OpenSSL 1.1.1d 10 Sep 2019
HW-ID: VERA

[VPN-IKE] 2020/08/30 17:30:37,835 Devicetime: 2020/08/30 17:30:37,988
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port : 80.187.116.202:19963
Destination/Port : 87.175.109.29:443
Routing-tag : 0
Com-channel : 0
| Initiator cookie : C3 66 CE E6 2D 3A C6 58
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x08 Initiator
| Msg-ID : 1
| Length : 560 Bytes
SA Payload
| Next Payload : KE
| CRITICAL : NO
| Reserved : 0x00
| Length : 48 Bytes
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
KE Payload
| Next Payload : NONCE
| CRITICAL : NO
| Reserved : 0x00
| Length : 264 Bytes
| DH Group : 14
| Reserved2 : 0x0000
| DH-Key(2048 bits) : 6B 36 A4 F8 0D ED 69 80 58 1C E1 BE 00 26 C7 56
| 8C B8 D1 CC 3B C8 CD B2 AE 61 EC 71 D0 F6 9B 52
| C7 4C E4 17 ED B3 8D B6 84 E2 E0 99 DB E5 9E F6
| F5 05 B5 4C 2D E3 00 D0 30 B0 DA 75 A3 B4 23 0A
| 11 D8 FB E1 6A DA 1E 06 10 75 24 45 45 6F 7A B3
| D5 EC AD 10 94 12 3B 15 A8 A2 3E 4C 7A AF 24 2F
| F5 0B 7C EF 5F 12 91 C8 7B F1 F8 44 FD 80 CA 3C
| 77 DF E1 3E 54 76 4C C1 F2 81 94 7E AF 2E 91 3A
| 85 59 B2 74 9B 71 F8 6B 37 F1 26 EB 2A 06 27 64
| F2 93 75 60 E4 E8 63 69 5D DD E8 C3 D0 DA D0 18
| 15 0A EE FA 90 9B F1 DD 8F 39 9C D6 B4 3D FF FD
| 60 5F AD 0E AF 43 B1 6B 4E CB 3F 87 AF 6B E5 CD
| ED CE 85 2C AE 9E FC F8 7E 3B D0 07 2E 48 8B 25
| 41 62 AE E7 1D 0B 5C 2B B7 FA C2 A7 7E 25 4D BB
| 53 01 AD DF 73 DE A7 29 98 6C 7D 5F 91 8D 46 46
| D7 E0 DB C0 65 CE 13 8E 6F 71 7F B5 AE 1D 6A F0
NONCE Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 44 Bytes
| Nonce(320 bits) : EB 72 8A 52 31 D8 88 AF 0D 1D 31 43 1C CB 79 B5
| 37 34 F0 98 0A 86 D8 FC B4 26 A7 8B A9 09 32 CB
| FC 7C D7 80 94 7D 80 D3
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : IPSEC_IKE
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data : 88 27 D2 1D 90 9B 03 24 83 F0 2F 01 11 CD BE F0
| 1B B7 A9 BC
NOTIFY Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : IPSEC_IKE
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data : 05 62 62 91 43 45 55 F6 52 40 CA E7 2C A4 DD 63
| 91 C0 14 23
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : EB 4C 1B 78 8A FD 4A 9C B7 73 0A 68 D5 6D 08 8B
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : C6 1B AC A1 F1 A6 0C C1 08 00 00 00 00 00 00 00
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : CB E7 94 44 A0 87 0D E4 22 4A 2C 15 1F BF E0 99
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 24 Bytes
| Vendor ID : 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3
| C0 00 00 00
VENDOR Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : REDIRECT_SUPPORTED

[VPN-Debug] 2020/08/30 17:30:54,925 Devicetime: 2020/08/30 17:30:53,992
IKE-TRANSPORT freed

[VPN-Debug] 2020/08/30 17:30:54,925 Devicetime: 2020/08/30 17:30:53,992
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 560 bytes
Gateways: 87.175.109.29:443<--80.187.116.202:19963
SPIs: 0xC366CEE62D3AC6580000000000000000, Message-ID 1
Payloads: SA, KE, NONCE, NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(DETECTION_SOURCE_IP), VENDOR, VENDOR, VENDOR, VENDOR(FRAGMENTATION(C0000000)), VENDOR(FRAGMENTATION), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(REDIRECT_SUPPORTED)
QUB-DATA: 87.175.109.29:443<---80.187.116.202:19963 rtg_tag 0 physical-channel WAN(1)
transport: [id: 32352, TCP (6) {incoming unicast, fixed source address}, dst: 80.187.116.202, tag 0 (U), src: 87.175.109.29, hop limit: 64, pmtu: 1492, (R) iface: INTERNET (6)], local port: 443, remote port: 19963

Vielen Dank für Eure Unterstützung
Nach oben
GrandDixence
Beiträge: 1061
Registriert: 19 Aug 2014, 22:41

Re: VPN Pathfinder (HTTPS) und NCP VPN Premium Client

Beitrag von GrandDixence »

Bitte mit dem "Stable Release" testen:
https://www.lancom-systems.de/produkte/ ... ebersicht/
Nach oben
Benutzeravatar
Jirka
Beiträge: 5225
Registriert: 03 Jan 2005, 13:39
Wohnort: Ex-OPAL-Gebiet
Kontaktdaten:
Kontaktdaten von Jirka

Re: VPN Pathfinder (HTTPS) und NCP VPN Premium Client

Beitrag von Jirka »

Die 10.32.0183-RU10 ist jetzt aber nicht unstable, nur weil LANCOM vor kurzem die LCOS-Versionübersicht aktualisiert hat. :?
Nach oben
jb2002kbg
Beiträge: 3
Registriert: 30 Aug 2020, 15:50

Re: VPN Pathfinder (HTTPS) und NCP VPN Premium Client

Beitrag von jb2002kbg »

Hallo,
ich habe jetzt meinen LANCOM auf das aktuelle Release LCOS 10.34 RU1 gebracht.

LCOS 10.34 RU1 aktiv Stable Release Empfohlenes Stable Release für den Projekteinsatz

Leider hat das nichts gebracht. Hier ist das aktuelle LOG

Der Verbindungsaufbau wird über HTTPS versucht. Das bedeutet, dass der VPN Client erkennt, dass der PATHFINDER verwendet werden soll
Aber der LANCOM scheint keine Antwort an den VPN CLient zu senden.


[Sysinfo] 2020/08/31 20:37:39,958
Result of command: "sysinfo"

DEVICE: LANCOM 1783VA (over ISDN)
HW-RELEASE: A
SERIAL-NUMBER: 4004319518100225
MAC-ADDRESS: 00a0572e95f3
IP-ADDRESS: 10.10.11.11
IP-NETMASK: 255.255.255.224
INTRANET-ADDRESS: 0.0.0.0
INTRANETMASK: 0.0.0.0
VERSION: 10.34.0162RU1 / 07.08.2020
VERSION-GIT: 73aee5d6b83981ff369dba447e45bac0e4d609a7
NAME: 1783VA
CONFIG-STATUS: 17440;0;846c43f795dc5a098d56873eb9abdca66475ff17.18364631082020.2626
FIRMWARE-STATUS: 0;0.28;0.7;10.34.0162RU1.07082020.28;10.32.0183RU10.10062020.26
LOADER: 4.16.0003Rel
HW-MASK: 00000000000000000000000011100011
FEATUREWORD: 00000100001000000000000100011100
REGISTERED-WORD: 00000100001000000000000100011100
FEATURE-LIST: 02/F
FEATURE-LIST: 03/F
FEATURE-LIST: 04/F
FEATURE-LIST: 08/F
FEATURE-LIST: 15/F
FEATURE-LIST: 1a/F
FEATURE-LIST: 2b/F
TIME: 20374031082020
HTTP-PORT: 80
HTTPS-PORT: 443
TELNET-PORT: 23
TELNET-SSL-PORT: 992
SSH-PORT: 22
SNMP-PORT: 161
TFTP-PORT: 69
Production-Date: 2017-01-19
MOD-Level: A3
LOCATION:
COUNTRY-CODE: 0/0 (NA)
COMMENT:
MYVPN: 0
MYVPN-HOSTNAME:
EXTENDED-NAME: LANCOM 1783VA (over ISDN)
WePaper AP-ID: 00000000
ESL-TX-POWER: 0,0,0,0,0,0,0,0,0,0,0
SNMP-PASSWORD-REQ: 0
OEM:
VENDOR: LANCOM Systems
OEMFILE: 1.06;"LANCOM Systems";"LANCOM 1783VA_(over_[POTS;ISDN])"
PROJECT: vera lc1783va
OpenSSL: OpenSSL 1.0.2r 26 Feb 2019
HW-ID: VERA

[VPN-IKE] 2020/08/31 20:37:49,518 Devicetime: 2020/08/31 20:37:49,940
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port : 80.187.118.146:32053
Destination/Port : 87.175.106.139:443
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 84 48 C4 3A 0B 01 44 8C
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x08 Initiator
| Msg-ID : 1
| Length : 1044 Bytes
SA Payload
| Next Payload : KE
| CRITICAL : NO
| Reserved : 0x00
| Length : 532 Bytes
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : NONE (0)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 2
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 3
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 4
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 5
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 6
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 7
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 8
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 9
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : NONE (0)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 10
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 11
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 12
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
KE Payload
| Next Payload : NONCE
| CRITICAL : NO
| Reserved : 0x00
| Length : 264 Bytes
| DH Group : 14
| Reserved2 : 0x0000
| DH-Key(2048 bits) : 45 D1 DC 9F D4 E6 B6 A2 30 4C 36 73 5C 13 F7 91
| 03 53 41 DB 3A FD 8D D1 27 CE 13 66 23 FF E9 16
| 80 C2 AC 9E E0 73 18 3B 11 FA 53 0C 9D 14 30 D7
| 82 EC E7 5F 5C 91 B5 14 79 17 43 F6 DD 3E B8 D1
| 75 BA 03 6F CE 6B 02 B2 38 34 C6 20 28 B2 B9 9F
| BC 3C F2 DF 22 E8 88 26 F7 76 76 46 FF 04 98 FA
| F1 C2 E2 94 39 72 33 98 4B D4 51 1C 5E E5 79 58
| A2 28 82 E9 E3 C3 89 01 01 2D C8 21 5D 43 3E B9
| 8D 1B 7C A1 48 7D AB 2A 85 AB A4 BD 78 17 B2 75
| D7 FF 3F 9D A2 CA B7 A0 18 91 BD 3A 15 53 32 13
| DA 83 01 F3 08 0B 1F 41 BB 96 1A 51 0F 8F 62 08
| 5B 32 76 D9 1B AD A9 1B 70 9E 39 A4 6B FD 14 07
| 25 D7 CC 21 BD F6 AC 1C A5 E6 FD 11 BD D6 C3 53
| 14 4D 5F 38 1E 41 D8 56 CD 63 4A 9F BA 2C 7F 31
| 64 C4 67 54 0E E3 79 69 B3 31 5F 23 1B 76 0B 6E
| 0E 46 8F 97 A5 EC 95 90 DE 64 0A D2 B2 13 A9 78
NONCE Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 44 Bytes
| Nonce(320 bits) : 55 FB 38 62 B1 71 E0 69 32 94 3E 3B 5C 57 3D 4E
| F6 D1 3F D2 A4 90 60 D8 46 2E 6D CA E1 09 A9 46
| 2C 17 D3 01 F4 4F 10 90
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : IPSEC_IKE
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data : 97 FD DA 58 A8 C8 7A EB 2A B0 6E 87 36 2B E1 16
| FE F6 4E F8
NOTIFY Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : IPSEC_IKE
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data : 6C F6 97 A3 95 F2 DF 24 AE 64 DB 34 D9 56 63 35
| DA 9B A8 F9
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : EB 4C 1B 78 8A FD 4A 9C B7 73 0A 68 D5 6D 08 8B
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : C6 1B AC A1 F1 A6 0C C1 08 00 00 00 00 00 00 00
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : CB E7 94 44 A0 87 0D E4 22 4A 2C 15 1F BF E0 99
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 24 Bytes
| Vendor ID : 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3
| C0 00 00 00
VENDOR Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : REDIRECT_SUPPORTED

[VPN-Debug] 2020/08/31 20:37:51,630 Devicetime: 2020/08/31 20:37:52,008
IKE-TRANSPORT freed

[VPN-Debug] 2020/08/31 20:37:51,634 Devicetime: 2020/08/31 20:37:52,008
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1044 bytes
Gateways: 87.175.106.139:443<--80.187.118.146:32053
SPIs: 0x8448C43A0B01448C0000000000000000, Message-ID 1
Payloads: SA, KE, NONCE, NOTIFY(DETECTION_DESTINATION_IP), NOTIFY(DETECTION_SOURCE_IP), VENDOR, VENDOR, VENDOR, VENDOR(FRAGMENTATION(C0000000)), VENDOR(FRAGMENTATION), NOTIFY(IKEV2_FRAGMENTATION_SUPPORTED), NOTIFY(REDIRECT_SUPPORTED)
QUB-DATA: 87.175.106.139:443<---80.187.118.146:32053 rtg_tag 0 physical-channel WAN(1)
transport: [id: 28566, TCP (6) {incoming unicast, fixed source address}, dst: 80.187.118.146, tag 0 (U), src: 87.175.106.139, hop limit: 64, pmtu: 1492, (R) iface: INTERNET (6)], local port: 443, remote port: 32053

[VPN-Status] 2020/08/31 20:37:51,634 Devicetime: 2020/08/31 20:37:52,008
Peer DEFAULT: Received an IKE_SA_INIT-REQUEST of 1044 bytes
Gateways: 87.175.106.139:443<--80.187.118.146:32053
SPIs: 0x8448C43A0B01448C0000000000000000, Message-ID 1
Peer identified: DEFAULT
-Received an IKE_SA_INIT-REQUEST with non zero MSG-ID

[VPN-IKE] 2020/08/31 20:37:51,719 Devicetime: 2020/08/31 20:37:52,200
[DEFAULT] Received packet:
IKE 2.0 Header:
Source/Port : 80.187.118.146:32094
Destination/Port : 87.175.106.139:443
Routing-tag : 0
Com-channel : 0
| Initiator cookie : 84 48 C4 3A 0B 01 44 8C
| Responder cookie : 00 00 00 00 00 00 00 00
| Next Payload : SA
| Version : 2.0
| Exchange type : IKE_SA_INIT
| Flags : 0x08 Initiator
| Msg-ID : 1
| Length : 1044 Bytes
SA Payload
| Next Payload : KE
| CRITICAL : NO
| Reserved : 0x00
| Length : 532 Bytes
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 1
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : NONE (0)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 2
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 3
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 4
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 256
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 5
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 6
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 7
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 8
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 192
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 9
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-GCM-16 (20)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : NONE (0)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 10
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-128-CTR (13)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : PROPOSAL
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 11
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA-256 (5)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA-256 (12)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
| PROPOSAL Payload
| | Next Payload : NONE
| | Reserved : 0x00
| | Length : 44 Bytes
| | Proposal number : 12
| | Protocol ID : IPSEC_IKE
| | SPI size : 0
| | #Transforms : 4
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 12 Bytes
| | | Transform Type: ENCR (1)
| | | Reserved2 : 0x00
| | | Transform ID : AES-CBC (12)
| | | Attribute 0
| | | | Type : Basic, KEYLENGTH
| | | | Value : 128
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: PRF (2)
| | | Reserved2 : 0x00
| | | Transform ID : PRF-HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : TRANSFORM
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: INTEG (3)
| | | Reserved2 : 0x00
| | | Transform ID : HMAC-SHA1 (2)
| | | Attributes : NONE
| | TRANSFORM Payload
| | | Next Payload : NONE
| | | Reserved : 0x00
| | | Length : 8 Bytes
| | | Transform Type: DH (4)
| | | Reserved2 : 0x00
| | | Transform ID : 2048-BIT MODP (14)
| | | Attributes : NONE
KE Payload
| Next Payload : NONCE
| CRITICAL : NO
| Reserved : 0x00
| Length : 264 Bytes
| DH Group : 14
| Reserved2 : 0x0000
| DH-Key(2048 bits) : 45 D1 DC 9F D4 E6 B6 A2 30 4C 36 73 5C 13 F7 91
| 03 53 41 DB 3A FD 8D D1 27 CE 13 66 23 FF E9 16
| 80 C2 AC 9E E0 73 18 3B 11 FA 53 0C 9D 14 30 D7
| 82 EC E7 5F 5C 91 B5 14 79 17 43 F6 DD 3E B8 D1
| 75 BA 03 6F CE 6B 02 B2 38 34 C6 20 28 B2 B9 9F
| BC 3C F2 DF 22 E8 88 26 F7 76 76 46 FF 04 98 FA
| F1 C2 E2 94 39 72 33 98 4B D4 51 1C 5E E5 79 58
| A2 28 82 E9 E3 C3 89 01 01 2D C8 21 5D 43 3E B9
| 8D 1B 7C A1 48 7D AB 2A 85 AB A4 BD 78 17 B2 75
| D7 FF 3F 9D A2 CA B7 A0 18 91 BD 3A 15 53 32 13
| DA 83 01 F3 08 0B 1F 41 BB 96 1A 51 0F 8F 62 08
| 5B 32 76 D9 1B AD A9 1B 70 9E 39 A4 6B FD 14 07
| 25 D7 CC 21 BD F6 AC 1C A5 E6 FD 11 BD D6 C3 53
| 14 4D 5F 38 1E 41 D8 56 CD 63 4A 9F BA 2C 7F 31
| 64 C4 67 54 0E E3 79 69 B3 31 5F 23 1B 76 0B 6E
| 0E 46 8F 97 A5 EC 95 90 DE 64 0A D2 B2 13 A9 78
NONCE Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 44 Bytes
| Nonce(320 bits) : 55 FB 38 62 B1 71 E0 69 32 94 3E 3B 5C 57 3D 4E
| F6 D1 3F D2 A4 90 60 D8 46 2E 6D CA E1 09 A9 46
| 2C 17 D3 01 F4 4F 10 90
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : IPSEC_IKE
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_DESTINATION_IP
| Notif. data : 97 FD DA 58 A8 C8 7A EB 2A B0 6E 87 36 2B E1 16
| FE F6 4E F8
NOTIFY Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 28 Bytes
| Protocol ID : IPSEC_IKE
| SPI size : 0
| Message type : STATUS_NAT_DETECTION_SOURCE_IP
| Notif. data : 6C F6 97 A3 95 F2 DF 24 AE 64 DB 34 D9 56 63 35
| DA 9B A8 F9
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : EB 4C 1B 78 8A FD 4A 9C B7 73 0A 68 D5 6D 08 8B
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : C6 1B AC A1 F1 A6 0C C1 08 00 00 00 00 00 00 00
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : CB E7 94 44 A0 87 0D E4 22 4A 2C 15 1F BF E0 99
VENDOR Payload
| Next Payload : VENDOR
| CRITICAL : NO
| Reserved : 0x00
| Length : 24 Bytes
| Vendor ID : 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3
| C0 00 00 00
VENDOR Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 20 Bytes
| Vendor ID : 40 48 B7 D5 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3
NOTIFY Payload
| Next Payload : NOTIFY
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : IKEV2_FRAGMENTATION_SUPPORTED
NOTIFY Payload
| Next Payload : NONE
| CRITICAL : NO
| Reserved : 0x00
| Length : 8 Bytes
| Protocol ID : <Unknown 0>
| SPI size : 0
| Message type : REDIRECT_SUPPORTED

Es ist echt zum verzweifeln. :G)

Vielen Dank für Eure Unterstützung

Viele Grüße
Jörg
Nach oben
Antworten

Zurück zu „Fragen zum Thema VPN“