Target : 24:de:c6:c0:76:25

show vpn status

vpn primary external ip            :10.5.11.201
vpn primary tunnel ip              :10.5.11.201
vpn backup  external ip            :0.0.0.0
vpn backup  tunnel ip              :0.0.0.0
vpn current used external ip       :10.5.11.201
vpn current remote tunnel ip       :10.5.11.201
vpn current ap's tunnel ip         :10.10.60.24
vpn is preempt status              :False
vpn hold down period               :600
vpn status                         :up

vpn primary external ip            :10.5.11.201
vpn primary tunnel ip              :10.5.11.201
vpn backup  external ip            :0.0.0.0
vpn backup  tunnel ip              :0.0.0.0
vpn current used external ip       :10.5.11.201
vpn current remote tunnel ip       :10.5.11.201
vpn current ap's tunnel ip         :10.10.60.24
vpn is preempt status              :False
vpn hold down period               :600
vpn status                         :up
end of show vpn status
========================================================

show upgrade info

Image Upgrade Progress
----------------------
Mac                IP Adress     AP Class  Status       Image Info  Error Detail
---                ---------     --------  ------       ----------  ------------
24:de:c6:c0:76:25  10.60.73.228  Orion     downloading  image file  Retrieve image fail
end of show upgrade info
========================================================

show log upgrade
----------Download log start----------

Executing '/aruba/bin/download_image_swarm ac-ftp://10.5.11.201/mips32.ari'
fetching ('/usr/sbin/wget -T 120 -t 3 ftp://sap:x@10.5.11.201/mips32.ari')
Error: failed to retrieve image
cleaning up
done

----------Download log end------------
Download status: Retrieve image fail
----------Upgrade log start----------
upgrade log not available
----------Upgrade log end------------
Upgrade status: upgrade status not available
end of show log upgrade
========================================================

show log rapper

Switching output streamget_ike_version: Use IKE Version 2

papi_init papifd:12  ack:24

IKE_EXAMPLE: Starting up IKE server
setup_tunnel
Initialized Timers
IKE_init: completed after (0.0)
(pid:1181)  time:2000-01-01 00:02:01
 seconds.
Before getting Certs
TPM enabled
CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0
Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der
Reading DER Device Cert file
DER Device Cert file len:1767
Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der
Reading DER Intermediate Cert file
DER Intermediate Cert file len:1456
Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der
Reading DER Intermediate Cert file
DER Intermediate Cert file len:1580
Decode PEM Key length :0
testHostKeys : status 0

testHostKeys : free temp Certificate status 0

CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1767
CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der
Reading DER CA Cert file
DER CA Cert file len:1416
CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der
Reading DER CA Cert file
DER CA Cert file len:1009
Got 2 Trusted Certs
After getFieldTrustedCerts ret:-1
Got 0 Field Trusted Certs
CA Cert status : 0

Before IKE_initServer
IKE_initServer: Cert length 1767
IKE_initServer: Host Certificate is set
  {CN=BU0066045::24:de:c6:c0:76:25}
IKE_EXAMPLE_addServer port:0 natt:4500

srcdev_name = br0 ip a3c49e4
IKE_EXAMPLE: Socket created on 10.60.73.228[4500]
IKE_EXAMPLE_addDefaultServers Instances:0 status:0

 (0.0)
(pid:1181)  time:2000-01-01 00:02:01
 SA_INIT dest=10.5.11.201
 Initialize IKE SA
Timer ID: 1 Initialized 
  I -->
   NAT_D (us): 42 52 9a 9d ed 14 89 b3 b5 16 bf ca 77 84 b8 83 
04 f4 ed 20 
   NAT_D (peer): 95 cc 2a 71 10 18 43 45 0c 3a 41 cc dc cf 42 77 
0a f2 94 72 
 spi={110a065d92e66674 0000000000000000} np=SA
 exchange=IKE_SA_INIT msgid=0 len=376
#SEND 380 bytes to 10.5.11.201[4500] (0.0)
(pid:1181)  time:2000-01-01 00:02:01

Successfully setsockopt UDP_ENCAP port 4500

IKE_EXAMPLE: IKE_keyConnect() started, id = 0xcfe55c57...
papi:8423

#RECV 60 bytes from 10.5.11.201[4500] (0.0)
(pid:1181)  time:2000-01-01 00:02:01

 spi={110a065d92e66674 0000000000000000} np=N
 exchange=IKE_SA_INIT msgid=0 len=56
  I <--
   Notify: COOKIE
 spi={110a065d92e66674 0000000000000000} np=N
 exchange=IKE_SA_INIT msgid=0 len=404
#SEND 408 bytes to 10.5.11.201[4500] (0.0)
(pid:1181)  time:2000-01-01 00:02:01


#RECV 425 bytes from 10.5.11.201[4500] (0.0)
(pid:1181)  time:2000-01-01 00:02:01

 spi={110a065d92e66674 96d09549d942916e} np=SA
 exchange=IKE_SA_INIT msgid=0 len=421
  I <--
    Proposal #1: IKE[4]
     ENCR_AES 256-BITS
     PRF_HMAC_SHA1
     AUTH_HMAC_SHA1_96
     DH_2
   Notify: NAT_DETECTION_SOURCE_IP
   Notify: NAT_DETECTION_DESTINATION_IP
   VID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 
Fragmentation is enabled
  I -->
   Notify: INITIAL_CONTACT
OutCert: adding leaf Cert of Len:1767
OutCert: adding Cert of Len:1456
OutCert: adding Cert of Len:1580
   HASH_i 3a 9b cf ae a1 d2 c7 e7 c4 e6 7b 52 53 f1 9b 62 
ec 8c ff d0 
OutAuth TPM sign api passed
   CFG_REQUEST
    IP4_ADDRESS
    IP4_NETMASK
   TSi: 0.0.0.0~255.255.255.255
   TSr: 0.0.0.0~255.255.255.255
 spi={110a065d92e66674 96d09549d942916e} np=E{IDi}
 exchange=IKE_AUTH msgid=1 len=5340
#SEND 5344 bytes to 10.5.11.201[4500] (3.0)
(pid:1181)  time:2000-01-01 00:02:04

Sending last fragment, size = 432


#RECV 900 bytes from 10.5.11.201[4500] (3.0)
(pid:1181)  time:2000-01-01 00:02:04

 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896
ike2.c (637): errorCode = ERR_FRAGMENTATION_REQUIRED
 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896
Insert Timer  type 1 Sec 70 uSec 0 

#RECV 900 bytes from 10.5.11.201[4500] (3.0)
(pid:1181)  time:2000-01-01 00:02:04

 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896
ike2.c (637): errorCode = ERR_FRAGMENTATION_REQUIRED
 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896

#RECV 900 bytes from 10.5.11.201[4500] (3.0)
(pid:1181)  time:2000-01-01 00:02:04

 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896
ike2.c (637): errorCode = ERR_FRAGMENTATION_REQUIRED
 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896

#RECV 900 bytes from 10.5.11.201[4500] (3.0)
(pid:1181)  time:2000-01-01 00:02:04

 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896
ike2.c (637): errorCode = ERR_FRAGMENTATION_REQUIRED
 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896

#RECV 900 bytes from 10.5.11.201[4500] (3.0)
(pid:1181)  time:2000-01-01 00:02:04

 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896
ike2.c (637): errorCode = ERR_FRAGMENTATION_REQUIRED
 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896

#RECV 900 bytes from 10.5.11.201[4500] (3.0)
(pid:1181)  time:2000-01-01 00:02:04

 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896
ike2.c (637): errorCode = ERR_FRAGMENTATION_REQUIRED
 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896

#RECV 900 bytes from 10.5.11.201[4500] (3.0)
(pid:1181)  time:2000-01-01 00:02:04

 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896
ike2.c (637): errorCode = ERR_FRAGMENTATION_REQUIRED
 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=896

#RECV 116 bytes from 10.5.11.201[4500] (3.0)
(pid:1181)  time:2000-01-01 00:02:04

 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=112
ike2.c (637): errorCode = ERR_FRAGMENTATION_REQUIRED
 spi={110a065d92e66674 96d09549d942916e} np=FGMT
 exchange=IKE_AUTH msgid=1 len=112
IKE2_fragRecv Rcvd all 8 fragments

Delete Timer Type 1 

#RECV 6128 bytes from 10.5.11.201[4500] (3.0)
(pid:1181)  time:2000-01-01 00:02:04

 spi={110a065d92e66674 96d09549d942916e} np=E{IDr}
 exchange=IKE_AUTH msgid=1 len=6124
  I <--
CERT_ComputeCertificateHash: status :0
CERT_VerifyCertificatePolicies: CN is BG0021469::00:0b:86:6d:b6:14
ismacaddress string 00:0b:86:6d:b6:14  len:17
CERT_verifyRSACertSignature: comparison result 0
CERT_ComputeCertificateHash: status :0
CERT_verifyRSACertSignature: comparison result 0
CERT_ComputeCertificateHash: status :0
CERT_verifyRSACertSignature: comparison result 0
IKE_certGetKey Cert trying Trusted CA Cert 0
IKE_certGetKey verify the validity 
IKE_certGetKey Cert trying Trusted CA Cert 1
IKE_certGetKey verify the validity 
CERT_ComputeCertificateHash: status :0
CERT_verifyRSACertSignature: comparison result 0
IKE_certGetKey iset the key value 0x4f1864

   HASH_r f5 3c 66 4a aa 76 38 06 a5 93 da 2a fa 41 d3 1b 
ee b5 50 92 
   CFG_REPLY
    IP4_ADDRESS(10.10.60.24)
    PASSCODE(****)
    MESSAGE("APG-EDUCACION-CP (Aruba 4)")
    CHALLENGE(32 34 3a 64 65 3a 63 36 3a 63 30 3a 37 36 3a 32 35)
    IP4_ADDRESS(10.10.60.24)
  RespCfg IKE_CFG_ATTR_T:1 Internal IPv4 Address:a0a3c18
    PASSCODE(****)
  RespCfg IKE_CFG_ATTR_T:16 Internal IPv4 LMS Address:a050bc9
    MESSAGE("APG-EDUCACION-CP (Aruba 4)")
  RespCfg IKE_CFG_ATTR_T:17 Internal AP Group :APG-EDUCACION-CP (Aruba 4), len=26
    CHALLENGE(32 34 3a 64 65 3a 63 36 3a 63 30 3a 37 36 3a 32 35)
  RespCfg IKE_CFG_ATTR_T:18 Internal AP Name :24:de:c6:c0:76:25, len=17
10.10.60.24IKE_startIPSEC: starting IPSEC SA
   InnerIP:a0a3c18, mTransportMode=0
IPSec_ConfAdd called
IPSec_newSp returned 0
IPSec_newSp returned 0
10.10.60.24    Proposal #1: ESP[3] spi=36b46000
     ENCR_AES 256-BITS
     AUTH_HMAC_SHA1_96
     ESN_0
  IKE_SA [v2 I] (id=0xcfe55c57) (flags:0x4100001d) (state:5) mode:Tunnel created.

 (3.0)
(pid:1181)  time:2000-01-01 00:02:04

 IKE_addIPsecKey(ike=cfe55c57)
 Add new key to the driver for ipsec 
IPSecSetKeys src: 10. 60. 73.228:4500 dst: 10.  5. 11.201:4500 lifetime 7200  Rekey-interval 6048

  ESP spi=36b46000 10.5.11.201 << 10.60.73.228
  spd=0[0] exp=7200 secs
  auth=sha1
  encr=aes

 Add new key to the driver for ipsec 
IPSecSetKeys src: 10. 60. 73.228:4500 dst: 10.  5. 11.201:4500 lifetime 7200  Rekey-interval 6048

  ESP spi=60671e00 10.60.73.228 << 10.5.11.201
  spd=0[0] exp=7200 secs
  auth=sha1
  encr=aes

10.10.60.24config_tunnel ret:0  ifconfig tun0 10.10.60.24 pointopoint 10.10.60.24 netmask 255.255.255.255 mtu 1300 up
config_tunnel ret:0 tun0 a0a3c18
check_tun_device returned addr from ioctl : a0a3c18
check_tun_device IF is UP from ioctl
send_sapd_tunup: PAPI_Send RC_OPCODE_PPP_UP ip:a0a3c18  apgroup:APG-EDUCACION-CP (Aruba 4) apname:24:de:c6:c0:76:25
IKE_SAMPLE_ikeStatHdlr: enabling Single-Encryption For AP by default
enablesinglecrypt val:1 papi:8423  ret:0  err:0

 (3.0)
(pid:1181)  time:2000-01-01 00:02:04

rapperSendStatusCB

end of show log rapper
========================================================