Target : 6c:f3:7f:c1:e8:29 show vpn status profile name:default -------------------------------------------------- current using tunnel :unselected tunnel ipsec is preempt status :disable ipsec is fast failover status :disable ipsec hold on period :600 ipsec tunnel monitor frequency (seconds/packet) :5 ipsec tunnel monitor timeout by lost packet cnt :2 ipsec primary tunnel crypto type :Cert ipsec primary tunnel peer address :192.168.148.53 ipsec primary tunnel peer tunnel ip :0.0.0.0 ipsec primary tunnel ap tunnel ip :0.0.0.0 ipsec primary tunnel current sm status :Retrying ipsec primary tunnel tunnel status :Down ipsec primary tunnel tunnel retry times :11334 ipsec primary tunnel tunnel uptime :0 ipsec backup tunnel crypto type :Cert ipsec backup tunnel peer address :N/A ipsec backup tunnel peer tunnel ip :N/A ipsec backup tunnel ap tunnel ip :N/A ipsec backup tunnel current sm status :Init ipsec backup tunnel tunnel status :Down ipsec backup tunnel tunnel retry times :0 ipsec backup tunnel tunnel uptime :0 end of show vpn status ======================================================== show upgrade info Image Upgrade Progress ---------------------- Mac IP Address AP Class Status Image Info Error Detail --- ---------- -------- ------ ---------- ------------ 6c:f3:7f:c1:e8:29 192.168.148.21 Orion image-ok image file none Auto reboot :enable Use external URL :enable end of show upgrade info ======================================================== show log upgrade ----------Download log start---------- download log not available ----------Download log end------------ Download status: incomplete ----------Upgrade log start---------- upgrade log not available ----------Upgrade log end------------ Upgrade status: upgrade status not available end of show log upgrade ======================================================== show log rapper May 18, 13:17:35: send_sapd_error: error:45 debug_error:0 May 18, 13:17:35: rapper_log_error: buf = e1 27 21 b1 58 dc ae b5 2d May 18, 13:17:35: IKE_SAMPLE_ikeStatHdlr(SA): dwPeerAddr:c0a89435 index:0 mPeerType:0 May 18, 13:17:35: IKE_SA [v2 I] (id=0x8e0b527b) flags 0x41000015 failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 May 18, 13:17:35: IKE_SAMPLE_ikeStatHdlr(IST_FAIL): g_ikeversion:2 Timer ID: 1 Deleted rapperSendStatusCB EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! May 18, 13:17:54: main: ethmacstr = 6C:F3:7F:C1:E8:29 May 18, 13:17:54: main: ethmacstr = 6C:F3:7F:C1:E8:29 May 18, 13:17:54: main(): Entered, getpid()=26533 May 18, 13:17:54: get_ike_version: Use IKE Version 2 May 18, 13:17:54: papi_init papifd:8 ack:14 IKE_EXAMPLE: Starting up IKE server setup_tunnel May 18, 13:17:54: IKE_init: ethmacstr = 6C:F3:7F:C1:E8:29 Initialized Timers IKE_init: completed after (0.0)(pid:26533) time:2015-05-18 13:17:54 seconds. May 18, 13:17:54: RAP using default certificates May 18, 13:17:54: Before getting Certs May 18, 13:17:54: TPM enabled May 18, 13:17:54: get_usb_type: Unable to open /tmp/usb_type May 18, 13:17:54: CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0 May 18, 13:17:54: Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der May 18, 13:17:54: Reading DER Device Cert file /tmp/deviceCerts/certifiedKeyCert.der May 18, 13:17:54: DER Device Cert file len:1768 May 18, 13:17:54: Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der May 18, 13:17:54: Reading DER Intermediate Cert file May 18, 13:17:54: DER Intermediate Cert file len:1456 May 18, 13:17:54: Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der May 18, 13:17:54: Reading DER Intermediate Cert file May 18, 13:17:54: DER Intermediate Cert file len:1580 May 18, 13:17:54: Decode PEM Key length :0 May 18, 13:17:54: testHostKeys : status 0 May 18, 13:17:54: testHostKeys : free temp Certificate status 0 May 18, 13:17:54: CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1768 May 18, 13:17:54: CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der May 18, 13:17:54: Reading DER CA Cert file May 18, 13:17:54: DER CA Cert file len:1416 May 18, 13:17:54: CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der May 18, 13:17:54: Reading DER CA Cert file May 18, 13:17:54: DER CA Cert file len:1009 May 18, 13:17:54: Got 2 Trusted Certs May 18, 13:17:54: After getFieldTrustedCerts ret:0 May 18, 13:17:54: Field CA Cert index:0 is /tmp/fieldCerts/22/TrustAnchor May 18, 13:17:54: Reading DER CA Cert file May 18, 13:17:54: DER CA Cert file len:752 May 18, 13:17:54: Got 1 Field Trusted Certs May 18, 13:17:54: CSS CA Cert is /tmp/deviceCerts/CSS_CA_RootCert.der May 18, 13:17:54: Reading DER CA Cert file May 18, 13:17:54: Error in reading DER CA Cert:/tmp/deviceCerts/CSS_CA_RootCert.der, Ignore It May 18, 13:17:54: CA Cert status : 0 Before IKE_initServer May 18, 13:17:54: IKE_initServer: Cert length 1768 IKE_initServer: Host Certificate is set (RSA-SIG) {CN=BU0025668::6c:f3:7f:c1:e8:29} May 18, 13:17:54: IKE_EXAMPLE_addServer port:0 natt:0 May 18, 13:17:54: srcdev_name = br0 ip c0a89415 May 18, 13:17:54: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:0 IKE_EXAMPLE: Socket created on 192.168.148.21[6289] May 18, 13:17:54: IKE_EXAMPLE_addServer:1330 socket descriptor is 0 port number 6289 for server instance 0 at 0th index May 18, 13:17:54: srcdev_name = br0 ip c0a89415 May 18, 13:17:54: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:1 IKE_EXAMPLE: Socket created on 192.168.148.21[6290] May 18, 13:17:54: IKE_EXAMPLE_addServer:1377 socket descriptor is 1 port number 6290 for server instance 0 at 1st index May 18, 13:17:54: IKE_EXAMPLE_addDefaultServers status:0 (0.0)(pid:26533) time:2015-05-18 13:17:54 SA_INIT dest=192.168.148.53 May 18, 13:17:54: Initialize IKE SA May 18, 13:17:54: IKE_CUSTOM_getVersion(peerAddr:c0a89435): ikeVersion:2 Timer ID: 1 Initialized May 18, 13:17:54: IKE2_newSa(peerAddr:c0a89435): IKE_SA-lifetime:28000 I --> May 18, 13:17:54: OutSa(v2-peerAddr:0 pxSa->dwPeerAddr:c0a89435): Entered ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 NAT_D (us): 24 55 25 16 24 49 92 57 36 d4 b5 a4 30 22 fb c7 cc 9b 95 dd NAT_D (peer): 2b 03 06 12 b2 bd 42 7d fb 1d 4f d2 7a 63 cf da 38 e4 8e 85 May 18, 13:17:54: RAPPER_ERROR_FILE exists May 18, 13:17:54: AP err cookie retval 9 cookie:e12721b158dcaeb5 err 2d May 18, 13:17:54: RAPPER_ERROR_FILE exists May 18, 13:17:54: AP err cookie retval 9 cookie:e12721b158dcaeb5 err 2d May 18, 13:17:54: RAPPER_ERROR_FILE exists May 18, 13:17:54: AP err cookie retval 9 cookie:e12721b158dcaeb5 err 2d May 18, 13:17:54: RAPPER_ERROR_FILE exists May 18, 13:17:54: AP err cookie retval 9 cookie:e12721b158dcaeb5 err 2d May 18, 13:17:54: RAPPER_ERROR_FILE exists May 18, 13:17:54: AP err cookie retval 9 cookie:e12721b158dcaeb5 err 2d spi={3eb50a3cc3566173 0000000000000000} np=SA exchange=IKE_SA_INIT msgid=0 len=376 #SEND 380 bytes to 192.168.148.53[4500] (0.0)(pid:26533) time:2015-05-18 13:17:54 May 18, 13:17:54: IKE_SAMPLE_ikeXchgSend Successfully setsockopt UDP_ENCAP port 6290 IKE_EXAMPLE: IKE_keyConnect() started, id = 0xMay 18, 13:17:54: IKE_EXAMPLE: IKE_keyConnect() started, id = 0x on device br0 b444a411... May 18, 13:17:54: papi:15200 #RECV 60 bytes from 192.168.148.53[4500] (0.0)(pid:26533) time:2015-05-18 13:17:54 spi={3eb50a3cc3566173 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=56 I <-- Notify: COOKIE spi={3eb50a3cc3566173 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=404 #SEND 408 bytes to 192.168.148.53[4500] (0.0)(pid:26533) time:2015-05-18 13:17:54 #RECV 425 bytes from 192.168.148.53[4500] (0.0)(pid:26533) time:2015-05-18 13:17:54 spi={3eb50a3cc3566173 f4f07a42bf203784} np=SA exchange=IKE_SA_INIT msgid=0 len=421 I <-- Proposal #1: IKE[4] ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 Notify: NAT_DETECTION_SOURCE_IP Notify: NAT_DETECTION_DESTINATION_IP NAT_D (us/NAT): bb c1 14 dd b0 db 56 cf 1c 31 eb ab 14 80 b3 d0 8f 53 3a d5 VID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 May 18, 13:17:54: Fragmentation is enabled I --> Notify: INITIAL_CONTACT May 18, 13:17:54: OutCert: adding leaf Cert of Len:1768 May 18, 13:17:54: RAPPER priority old: -19, set to -20 (0.0)(pid:26533) time:2015-05-18 13:17:54 HASH_i 00 c3 e6 8a 61 2f 4a a5 85 c5 b2 97 f7 4c ef 27 b7 e9 c2 95 (3.0)(pid:26533) time:2015-05-18 13:17:56 May 18, 13:17:56: OutAuth TPM sign api passed (3.0)(pid:26533) time:2015-05-18 13:17:56 CFG_REQUEST IP4_ADDRESS IP4_NETMASK May 18, 13:17:56: OutSa(v2-peerAddr:c0a89435 pxSa->dwPeerAddr:c0a89435): Entered May 18, 13:17:56: OutTfm2(v2-peerAddr:c0a89435): oTfmId:0 wAuthAlgo:0 wEncrKeyLen:0 wAuthKeyLen:0 bNoEnumEncr:0 bNoEnumAuth:0 ENCR_AES 256-BITS ENCR_3DES AUTH_HMAC_SHA1_96 ESN_0 TSi: 0.0.0.0~255.255.255.255 TSr: 0.0.0.0~255.255.255.255 spi={3eb50a3cc3566173 f4f07a42bf203784} np=E{IDi} exchange=IKE_AUTH msgid=1 len=2300 #SEND 2304 bytes to 192.168.148.53[4500] (3.0)(pid:26533) time:2015-05-18 13:17:56 May 18, 13:17:56: Sending fragment, size = 530 May 18, 13:17:56: Sending fragment, size = 530 May 18, 13:17:56: Sending fragment, size = 530 May 18, 13:17:56: Sending fragment, size = 530 May 18, 13:17:56: Sending last fragment, size = 352 #RECV 80 bytes from 192.168.148.53[4500] (3.0)(pid:26533) time:2015-05-18 13:17:56 spi={3eb50a3cc3566173 f4f07a42bf203784} np=E{N} exchange=IKE_AUTH msgid=1 len=76 I <-- Notify: AUTHENTICATION_FAILED (ESP spi=11b8e700) May 18, 13:17:56: InNotify AP authentication failed ike2_state.c (7922): errorCode = ERR_IKE_NOTIFY_PAYLOAD May 18, 13:17:56: IKE_SAMPLE_ikeStatHdlr(CHILD_SA): dwPeerAddr:c0a89435 index:0 mPeerType:0 May 18, 13:17:56: IKE SA failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 ikeVer 2 May 18, 13:17:56: send_sapd_error: InnerIP:0 error:45 debug_error:0 May 18, 13:17:56: send_sapd_error: error:45 debug_error:0 May 18, 13:17:56: rapper_log_error: buf = 3e b5 0a 3c c3 56 61 73 2d May 18, 13:17:56: IKE_SAMPLE_ikeStatHdlr(SA): dwPeerAddr:c0a89435 index:0 mPeerType:0 May 18, 13:17:56: IKE_SA [v2 I] (id=0xb444a411) flags 0x41000015 failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 May 18, 13:17:56: IKE_SAMPLE_ikeStatHdlr(IST_FAIL): g_ikeversion:2 Timer ID: 1 Deleted rapperSendStatusCB EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! May 18, 13:18:15: main: ethmacstr = 6C:F3:7F:C1:E8:29 May 18, 13:18:15: main: ethmacstr = 6C:F3:7F:C1:E8:29 May 18, 13:18:15: main(): Entered, getpid()=26564 May 18, 13:18:15: get_ike_version: Use IKE Version 2 May 18, 13:18:15: papi_init papifd:8 ack:14 IKE_EXAMPLE: Starting up IKE server setup_tunnel May 18, 13:18:16: IKE_init: ethmacstr = 6C:F3:7F:C1:E8:29 Initialized Timers IKE_init: completed after (0.0)(pid:26564) time:2015-05-18 13:18:16 seconds. May 18, 13:18:16: RAP using default certificates May 18, 13:18:16: Before getting Certs May 18, 13:18:16: TPM enabled May 18, 13:18:16: get_usb_type: Unable to open /tmp/usb_type May 18, 13:18:16: CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0 May 18, 13:18:16: Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der May 18, 13:18:16: Reading DER Device Cert file /tmp/deviceCerts/certifiedKeyCert.der May 18, 13:18:16: DER Device Cert file len:1768 May 18, 13:18:16: Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der May 18, 13:18:16: Reading DER Intermediate Cert file May 18, 13:18:16: DER Intermediate Cert file len:1456 May 18, 13:18:16: Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der May 18, 13:18:16: Reading DER Intermediate Cert file May 18, 13:18:16: DER Intermediate Cert file len:1580 May 18, 13:18:16: Decode PEM Key length :0 May 18, 13:18:16: testHostKeys : status 0 May 18, 13:18:16: testHostKeys : free temp Certificate status 0 May 18, 13:18:16: CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1768 May 18, 13:18:16: CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der May 18, 13:18:16: Reading DER CA Cert file May 18, 13:18:16: DER CA Cert file len:1416 May 18, 13:18:16: CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der May 18, 13:18:16: Reading DER CA Cert file May 18, 13:18:16: DER CA Cert file len:1009 May 18, 13:18:16: Got 2 Trusted Certs May 18, 13:18:16: After getFieldTrustedCerts ret:0 May 18, 13:18:16: Field CA Cert index:0 is /tmp/fieldCerts/22/TrustAnchor May 18, 13:18:16: Reading DER CA Cert file May 18, 13:18:16: DER CA Cert file len:752 May 18, 13:18:16: Got 1 Field Trusted Certs May 18, 13:18:16: CSS CA Cert is /tmp/deviceCerts/CSS_CA_RootCert.der May 18, 13:18:16: Reading DER CA Cert file May 18, 13:18:16: Error in reading DER CA Cert:/tmp/deviceCerts/CSS_CA_RootCert.der, Ignore It May 18, 13:18:16: CA Cert status : 0 Before IKE_initServer May 18, 13:18:16: IKE_initServer: Cert length 1768 IKE_initServer: Host Certificate is set (RSA-SIG) {CN=BU0025668::6c:f3:7f:c1:e8:29} May 18, 13:18:16: IKE_EXAMPLE_addServer port:0 natt:0 May 18, 13:18:16: srcdev_name = br0 ip c0a89415 May 18, 13:18:16: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:0 IKE_EXAMPLE: Socket created on 192.168.148.21[6291] May 18, 13:18:16: IKE_EXAMPLE_addServer:1330 socket descriptor is 0 port number 6291 for server instance 0 at 0th index May 18, 13:18:16: srcdev_name = br0 ip c0a89415 May 18, 13:18:16: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:1 IKE_EXAMPLE: Socket created on 192.168.148.21[6292] May 18, 13:18:16: IKE_EXAMPLE_addServer:1377 socket descriptor is 1 port number 6292 for server instance 0 at 1st index May 18, 13:18:16: IKE_EXAMPLE_addDefaultServers status:0 (0.0)(pid:26564) time:2015-05-18 13:18:16 SA_INIT dest=192.168.148.53 May 18, 13:18:16: Initialize IKE SA May 18, 13:18:16: IKE_CUSTOM_getVersion(peerAddr:c0a89435): ikeVersion:2 Timer ID: 1 Initialized May 18, 13:18:16: IKE2_newSa(peerAddr:c0a89435): IKE_SA-lifetime:28000 I --> May 18, 13:18:16: OutSa(v2-peerAddr:0 pxSa->dwPeerAddr:c0a89435): Entered ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 NAT_D (us): 34 bb 2a 89 03 bb 1d ad 71 04 72 08 92 5f e2 53 16 53 83 ea NAT_D (peer): 4b 6f 09 d2 f6 05 45 60 6f 08 fd ed 91 8d 22 a0 ce 6c b7 fc May 18, 13:18:16: RAPPER_ERROR_FILE exists May 18, 13:18:16: AP err cookie retval 9 cookie:3eb50a3cc3566173 err 2d May 18, 13:18:16: RAPPER_ERROR_FILE exists May 18, 13:18:16: AP err cookie retval 9 cookie:3eb50a3cc3566173 err 2d May 18, 13:18:16: RAPPER_ERROR_FILE exists May 18, 13:18:16: AP err cookie retval 9 cookie:3eb50a3cc3566173 err 2d May 18, 13:18:16: RAPPER_ERROR_FILE exists May 18, 13:18:16: AP err cookie retval 9 cookie:3eb50a3cc3566173 err 2d May 18, 13:18:16: RAPPER_ERROR_FILE exists May 18, 13:18:16: AP err cookie retval 9 cookie:3eb50a3cc3566173 err 2d spi={fef48da8186b80a9 0000000000000000} np=SA exchange=IKE_SA_INIT msgid=0 len=376 #SEND 380 bytes to 192.168.148.53[4500] (0.0)(pid:26564) time:2015-05-18 13:18:16 May 18, 13:18:16: IKE_SAMPLE_ikeXchgSend Successfully setsockopt UDP_ENCAP port 6292 IKE_EXAMPLE: IKE_keyConnect() started, id = 0xMay 18, 13:18:16: IKE_EXAMPLE: IKE_keyConnect() started, id = 0x on device br0 a368321f... May 18, 13:18:16: papi:15200 #RECV 60 bytes from 192.168.148.53[4500] (0.0)(pid:26564) time:2015-05-18 13:18:16 spi={fef48da8186b80a9 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=56 I <-- Notify: COOKIE spi={fef48da8186b80a9 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=404 #SEND 408 bytes to 192.168.148.53[4500] (0.0)(pid:26564) time:2015-05-18 13:18:16 #RECV 425 bytes from 192.168.148.53[4500] (0.0)(pid:26564) time:2015-05-18 13:18:16 spi={fef48da8186b80a9 441f6c7c6bcc6041} np=SA exchange=IKE_SA_INIT msgid=0 len=421 I <-- Proposal #1: IKE[4] ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 Notify: NAT_DETECTION_SOURCE_IP Notify: NAT_DETECTION_DESTINATION_IP NAT_D (us/NAT): 08 49 76 1d 24 dd 3c d5 95 80 4b 02 ce e2 a1 5f 44 a6 c3 31 VID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 May 18, 13:18:16: Fragmentation is enabled I --> Notify: INITIAL_CONTACT May 18, 13:18:16: OutCert: adding leaf Cert of Len:1768 May 18, 13:18:16: RAPPER priority old: -19, set to -20 (0.0)(pid:26564) time:2015-05-18 13:18:16 HASH_i c6 2f bd 54 38 79 4b d5 d7 3b a6 df 53 fe 35 ef a0 7c ee fd (2.0)(pid:26564) time:2015-05-18 13:18:18 May 18, 13:18:18: OutAuth TPM sign api passed (2.0)(pid:26564) time:2015-05-18 13:18:18 CFG_REQUEST IP4_ADDRESS IP4_NETMASK May 18, 13:18:18: OutSa(v2-peerAddr:c0a89435 pxSa->dwPeerAddr:c0a89435): Entered May 18, 13:18:18: OutTfm2(v2-peerAddr:c0a89435): oTfmId:0 wAuthAlgo:0 wEncrKeyLen:0 wAuthKeyLen:0 bNoEnumEncr:0 bNoEnumAuth:0 ENCR_AES 256-BITS ENCR_3DES AUTH_HMAC_SHA1_96 ESN_0 TSi: 0.0.0.0~255.255.255.255 TSr: 0.0.0.0~255.255.255.255 spi={fef48da8186b80a9 441f6c7c6bcc6041} np=E{IDi} exchange=IKE_AUTH msgid=1 len=2300 #SEND 2304 bytes to 192.168.148.53[4500] (2.0)(pid:26564) time:2015-05-18 13:18:18 May 18, 13:18:18: Sending fragment, size = 530 May 18, 13:18:18: Sending fragment, size = 530 May 18, 13:18:18: Sending fragment, size = 530 May 18, 13:18:18: Sending fragment, size = 530 May 18, 13:18:18: Sending last fragment, size = 352 #RECV 80 bytes from 192.168.148.53[4500] (3.0)(pid:26564) time:2015-05-18 13:18:18 spi={fef48da8186b80a9 441f6c7c6bcc6041} np=E{N} exchange=IKE_AUTH msgid=1 len=76 I <-- Notify: AUTHENTICATION_FAILED (ESP spi=12cb2000) May 18, 13:18:18: InNotify AP authentication failed ike2_state.c (7922): errorCode = ERR_IKE_NOTIFY_PAYLOAD May 18, 13:18:18: IKE_SAMPLE_ikeStatHdlr(CHILD_SA): dwPeerAddr:c0a89435 index:0 mPeerType:0 May 18, 13:18:18: IKE SA failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 ikeVer 2 May 18, 13:18:18: send_sapd_error: InnerIP:0 error:45 debug_error:0 May 18, 13:18:18: send_sapd_error: error:45 debug_error:0 May 18, 13:18:18: rapper_log_error: buf = fe f4 8d a8 18 6b 80 a9 2d May 18, 13:18:18: IKE_SAMPLE_ikeStatHdlr(SA): dwPeerAddr:c0a89435 index:0 mPeerType:0 May 18, 13:18:18: IKE_SA [v2 I] (id=0xa368321f) flags 0x41000015 failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 May 18, 13:18:18: IKE_SAMPLE_ikeStatHdlr(IST_FAIL): g_ikeversion:2 Timer ID: 1 Deleted rapperSendStatusCB EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! May 18, 13:18:37: main: ethmacstr = 6C:F3:7F:C1:E8:29 May 18, 13:18:37: main: ethmacstr = 6C:F3:7F:C1:E8:29 May 18, 13:18:37: main(): Entered, getpid()=26615 May 18, 13:18:37: get_ike_version: Use IKE Version 2 May 18, 13:18:37: papi_init papifd:8 ack:14 IKE_EXAMPLE: Starting up IKE server setup_tunnel May 18, 13:18:37: IKE_init: ethmacstr = 6C:F3:7F:C1:E8:29 Initialized Timers IKE_init: completed after (0.0)(pid:26615) time:2015-05-18 13:18:37 seconds. May 18, 13:18:37: RAP using default certificates May 18, 13:18:37: Before getting Certs May 18, 13:18:37: TPM enabled May 18, 13:18:37: get_usb_type: Unable to open /tmp/usb_type May 18, 13:18:37: CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0 May 18, 13:18:37: Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der May 18, 13:18:37: Reading DER Device Cert file /tmp/deviceCerts/certifiedKeyCert.der May 18, 13:18:37: DER Device Cert file len:1768 May 18, 13:18:37: Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der May 18, 13:18:37: Reading DER Intermediate Cert file May 18, 13:18:37: DER Intermediate Cert file len:1456 May 18, 13:18:37: Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der May 18, 13:18:37: Reading DER Intermediate Cert file May 18, 13:18:37: DER Intermediate Cert file len:1580 May 18, 13:18:37: Decode PEM Key length :0 May 18, 13:18:37: testHostKeys : status 0 May 18, 13:18:37: testHostKeys : free temp Certificate status 0 May 18, 13:18:37: CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1768 May 18, 13:18:37: CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der May 18, 13:18:37: Reading DER CA Cert file May 18, 13:18:37: DER CA Cert file len:1416 May 18, 13:18:37: CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der May 18, 13:18:37: Reading DER CA Cert file May 18, 13:18:37: DER CA Cert file len:1009 May 18, 13:18:37: Got 2 Trusted Certs May 18, 13:18:37: After getFieldTrustedCerts ret:0 May 18, 13:18:37: Field CA Cert index:0 is /tmp/fieldCerts/22/TrustAnchor May 18, 13:18:37: Reading DER CA Cert file May 18, 13:18:37: DER CA Cert file len:752 May 18, 13:18:37: Got 1 Field Trusted Certs May 18, 13:18:37: CSS CA Cert is /tmp/deviceCerts/CSS_CA_RootCert.der May 18, 13:18:37: Reading DER CA Cert file May 18, 13:18:37: Error in reading DER CA Cert:/tmp/deviceCerts/CSS_CA_RootCert.der, Ignore It May 18, 13:18:37: CA Cert status : 0 Before IKE_initServer May 18, 13:18:37: IKE_initServer: Cert length 1768 IKE_initServer: Host Certificate is set (RSA-SIG) {CN=BU0025668::6c:f3:7f:c1:e8:29} May 18, 13:18:37: IKE_EXAMPLE_addServer port:0 natt:0 May 18, 13:18:37: srcdev_name = br0 ip c0a89415 May 18, 13:18:37: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:0 IKE_EXAMPLE: Socket created on 192.168.148.21[6293] May 18, 13:18:37: IKE_EXAMPLE_addServer:1330 socket descriptor is 0 port number 6293 for server instance 0 at 0th index May 18, 13:18:37: srcdev_name = br0 ip c0a89415 May 18, 13:18:37: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:1 IKE_EXAMPLE: Socket created on 192.168.148.21[6294] May 18, 13:18:37: IKE_EXAMPLE_addServer:1377 socket descriptor is 1 port number 6294 for server instance 0 at 1st index May 18, 13:18:37: IKE_EXAMPLE_addDefaultServers status:0 (0.0)(pid:26615) time:2015-05-18 13:18:37 SA_INIT dest=192.168.148.53 May 18, 13:18:37: Initialize IKE SA May 18, 13:18:37: IKE_CUSTOM_getVersion(peerAddr:c0a89435): ikeVersion:2 Timer ID: 1 Initialized May 18, 13:18:37: IKE2_newSa(peerAddr:c0a89435): IKE_SA-lifetime:28000 I --> May 18, 13:18:37: OutSa(v2-peerAddr:0 pxSa->dwPeerAddr:c0a89435): Entered ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 NAT_D (us): 42 bf 76 ad 67 a2 e5 35 17 55 86 83 00 be 95 8b 20 91 8d 3c NAT_D (peer): 72 51 79 e0 ac 89 8c 69 43 05 11 50 b1 8a 28 41 f2 03 81 0c May 18, 13:18:37: RAPPER_ERROR_FILE exists May 18, 13:18:37: AP err cookie retval 9 cookie:fef48da8186b80a9 err 2d May 18, 13:18:37: RAPPER_ERROR_FILE exists May 18, 13:18:37: AP err cookie retval 9 cookie:fef48da8186b80a9 err 2d May 18, 13:18:37: RAPPER_ERROR_FILE exists May 18, 13:18:37: AP err cookie retval 9 cookie:fef48da8186b80a9 err 2d May 18, 13:18:37: RAPPER_ERROR_FILE exists May 18, 13:18:37: AP err cookie retval 9 cookie:fef48da8186b80a9 err 2d May 18, 13:18:37: RAPPER_ERROR_FILE exists May 18, 13:18:37: AP err cookie retval 9 cookie:fef48da8186b80a9 err 2d spi={fc84a1839b89ef1d 0000000000000000} np=SA exchange=IKE_SA_INIT msgid=0 len=376 #SEND 380 bytes to 192.168.148.53[4500] (0.0)(pid:26615) time:2015-05-18 13:18:37 May 18, 13:18:37: IKE_SAMPLE_ikeXchgSend Successfully setsockopt UDP_ENCAP port 6294 IKE_EXAMPLE: IKE_keyConnect() started, id = 0xMay 18, 13:18:37: IKE_EXAMPLE: IKE_keyConnect() started, id = 0x on device br0 f04bae72... May 18, 13:18:37: papi:15200 #RECV 60 bytes from 192.168.148.53[4500] (0.0)(pid:26615) time:2015-05-18 13:18:37 spi={fc84a1839b89ef1d 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=56 I <-- Notify: COOKIE spi={fc84a1839b89ef1d 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=404 #SEND 408 bytes to 192.168.148.53[4500] (0.0)(pid:26615) time:2015-05-18 13:18:37 #RECV 425 bytes from 192.168.148.53[4500] (0.0)(pid:26615) time:2015-05-18 13:18:37 spi={fc84a1839b89ef1d 7cc2c243a8e1d84e} np=SA exchange=IKE_SA_INIT msgid=0 len=421 I <-- Proposal #1: IKE[4] ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 Notify: NAT_DETECTION_SOURCE_IP Notify: NAT_DETECTION_DESTINATION_IP NAT_D (us/NAT): e4 8a a2 86 66 bd 4d 1f 0c fb 83 da 42 d8 89 b7 cb 70 7d 6e VID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 May 18, 13:18:37: Fragmentation is enabled I --> Notify: INITIAL_CONTACT May 18, 13:18:37: OutCert: adding leaf Cert of Len:1768 May 18, 13:18:37: RAPPER priority old: -19, set to -20 (0.0)(pid:26615) time:2015-05-18 13:18:37 HASH_i 18 20 f5 62 46 40 8c 1d 6f 94 81 00 67 72 b1 5b ab 30 c6 6c (3.0)(pid:26615) time:2015-05-18 13:18:39 May 18, 13:18:39: OutAuth TPM sign api passed (3.0)(pid:26615) time:2015-05-18 13:18:39 CFG_REQUEST IP4_ADDRESS IP4_NETMASK May 18, 13:18:40: OutSa(v2-peerAddr:c0a89435 pxSa->dwPeerAddr:c0a89435): Entered May 18, 13:18:40: OutTfm2(v2-peerAddr:c0a89435): oTfmId:0 wAuthAlgo:0 wEncrKeyLen:0 wAuthKeyLen:0 bNoEnumEncr:0 bNoEnumAuth:0 ENCR_AES 256-BITS ENCR_3DES AUTH_HMAC_SHA1_96 ESN_0 TSi: 0.0.0.0~255.255.255.255 TSr: 0.0.0.0~255.255.255.255 spi={fc84a1839b89ef1d 7cc2c243a8e1d84e} np=E{IDi} exchange=IKE_AUTH msgid=1 len=2300 #SEND 2304 bytes to 192.168.148.53[4500] (3.0)(pid:26615) time:2015-05-18 13:18:40 May 18, 13:18:40: Sending fragment, size = 530 May 18, 13:18:40: Sending fragment, size = 530 May 18, 13:18:40: Sending fragment, size = 530 May 18, 13:18:40: Sending fragment, size = 530 May 18, 13:18:40: Sending last fragment, size = 352 #RECV 80 bytes from 192.168.148.53[4500] (3.0)(pid:26615) time:2015-05-18 13:18:40 spi={fc84a1839b89ef1d 7cc2c243a8e1d84e} np=E{N} exchange=IKE_AUTH msgid=1 len=76 I <-- Notify: AUTHENTICATION_FAILED (ESP spi=e9bae800) May 18, 13:18:40: InNotify AP authentication failed ike2_state.c (7922): errorCode = ERR_IKE_NOTIFY_PAYLOAD May 18, 13:18:40: IKE_SAMPLE_ikeStatHdlr(CHILD_SA): dwPeerAddr:c0a89435 index:0 mPeerType:0 May 18, 13:18:40: IKE SA failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 ikeVer 2 May 18, 13:18:40: send_sapd_error: InnerIP:0 error:45 debug_error:0 May 18, 13:18:40: send_sapd_error: error:45 debug_error:0 May 18, 13:18:40: rapper_log_error: buf = fc 84 a1 83 9b 89 ef 1d 2d May 18, 13:18:40: IKE_SAMPLE_ikeStatHdlr(SA): dwPeerAddr:c0a89435 index:0 mPeerType:0 May 18, 13:18:40: IKE_SA [v2 I] (id=0xf04bae72) flags 0x41000015 failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 May 18, 13:18:40: IKE_SAMPLE_ikeStatHdlr(IST_FAIL): g_ikeversion:2 Timer ID: 1 Deleted rapperSendStatusCB end of show log rapper ========================================================