Target : 00:0b:86:82:63:c4 show vpn status profile name:default -------------------------------------------------- current using tunnel :unselected tunnel ipsec is preempt status :disable ipsec is fast failover status :disable ipsec hold on period :600 ipsec tunnel monitor frequency (seconds/packet) :10 ipsec tunnel monitor timeout by lost packet cnt :2 ipsec primary tunnel crypto type :Cert ipsec primary tunnel peer address :172.16.120.15 ipsec primary tunnel peer tunnel ip :0.0.0.0 ipsec primary tunnel ap tunnel ip :0.0.0.0 ipsec primary tunnel current sm status :Retrying ipsec primary tunnel tunnel status :Down ipsec primary tunnel tunnel retry times :2 ipsec primary tunnel tunnel uptime :0 ipsec backup tunnel crypto type :Cert ipsec backup tunnel peer address :N/A ipsec backup tunnel peer tunnel ip :N/A ipsec backup tunnel ap tunnel ip :N/A ipsec backup tunnel current sm status :Init ipsec backup tunnel tunnel status :Down ipsec backup tunnel tunnel retry times :0 ipsec backup tunnel tunnel uptime :0 end of show vpn status ======================================================== show upgrade info Image Upgrade Progress ---------------------- Mac IP Adress AP Class Status Image Info Error Detail --- --------- -------- ------ ---------- ------------ 00:0b:86:82:63:c4 172.16.120.73 Orion image-ok image file none end of show upgrade info ======================================================== show log upgrade ----------Download log start---------- download log not available ----------Download log end------------ Download status: incomplete ----------Upgrade log start---------- upgrade log not available ----------Upgrade log end------------ Upgrade status: upgrade status not available end of show log upgrade ======================================================== show log rapper Jan 01, 00:04:02: get_ike_version: Use IKE Version 2 Jan 01, 00:04:02: papi_init papifd:9 ack:10 IKE_EXAMPLE: Starting up IKE server setup_tunnel Jan 01, 00:04:02: IKE_init: ethmacstr = 00:0B:86:82:63:C4 Initialized Timers IKE_init: completed after (0.0)(pid:1926) time:2000-01-01 00:04:02 seconds. Jan 01, 00:04:02: RAP using default certificates Jan 01, 00:04:02: Before getting Certs Jan 01, 00:04:02: TPM enabled Jan 01, 00:04:02: CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0 Jan 01, 00:04:02: Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der Jan 01, 00:04:02: Reading DER Device Cert file /tmp/deviceCerts/certifiedKeyCert.der Jan 01, 00:04:02: DER Device Cert file len:1767 Jan 01, 00:04:02: Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der Jan 01, 00:04:02: Reading DER Intermediate Cert file Jan 01, 00:04:02: DER Intermediate Cert file len:1456 Jan 01, 00:04:02: Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der Jan 01, 00:04:02: Reading DER Intermediate Cert file Jan 01, 00:04:02: DER Intermediate Cert file len:1580 Jan 01, 00:04:02: Decode PEM Key length :0 Jan 01, 00:04:02: testHostKeys : status 0 Jan 01, 00:04:02: testHostKeys : free temp Certificate status 0 Jan 01, 00:04:02: CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1767 Jan 01, 00:04:02: CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der Jan 01, 00:04:02: Reading DER CA Cert file Jan 01, 00:04:02: DER CA Cert file len:1416 Jan 01, 00:04:02: CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der Jan 01, 00:04:02: Reading DER CA Cert file Jan 01, 00:04:02: DER CA Cert file len:1009 Jan 01, 00:04:02: Got 2 Trusted Certs Jan 01, 00:04:02: After getFieldTrustedCerts ret:-1 Jan 01, 00:04:02: Got 0 Field Trusted Certs Jan 01, 00:04:02: CSS CA Cert is /tmp/deviceCerts/CSS_CA_RootCert.der Jan 01, 00:04:02: Reading DER CA Cert file Jan 01, 00:04:02: Error in reading DER CA Cert:/tmp/deviceCerts/CSS_CA_RootCert.der, Ignore It Jan 01, 00:04:02: CA Cert status : 0 Before IKE_initServer Jan 01, 00:04:02: IKE_initServer: Cert length 1767 IKE_initServer: Host Certificate is set (RSA-SIG) {CN=BF0007768::00:0b:86:82:63:c4} Jan 01, 00:04:02: IKE_EXAMPLE_addServer port:0 natt:0 Jan 01, 00:04:02: srcdev_name = br0 ip ac107849 Jan 01, 00:04:02: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:0 IKE_EXAMPLE: Socket created on 172.16.120.73[49157] Jan 01, 00:04:02: IKE_EXAMPLE_addServer:1413 socket descriptor is 0 port number 49157 for server instance 0 at 0th index Jan 01, 00:04:02: srcdev_name = br0 ip ac107849 Jan 01, 00:04:02: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:1 IKE_EXAMPLE: Socket created on 172.16.120.73[49158] Jan 01, 00:04:02: IKE_EXAMPLE_addServer:1460 socket descriptor is 1 port number 49158 for server instance 0 at 1st index Jan 01, 00:04:02: IKE_EXAMPLE_addDefaultServers status:0 (0.0)(pid:1926) time:2000-01-01 00:04:02 SA_INIT dest=172.16.120.15 Jan 01, 00:04:02: Initialize IKE SA Jan 01, 00:04:02: IKE_CUSTOM_getVersion(peerAddr:ac10780f): ikeVersion:2 Timer ID: 1 Initialized Jan 01, 00:04:02: IKE2_newSa(peerAddr:ac10780f): IKE_SA-lifetime:28000 I --> Jan 01, 00:04:02: OutSa(v2-peerAddr:0 pxSa->dwPeerAddr:ac10780f): Entered Jan 01, 00:04:02: OutTfm_I(v2-peerAddr:ac10780f): Entered ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 NAT_D (us): d4 68 a8 7f 36 59 dc b2 b1 3a 8e 65 3b 97 55 64 c1 7c c5 dc NAT_D (peer): 81 8c cd 4c e6 ef 7e be 02 13 9d c9 67 be 20 15 ed 80 a7 bf spi={1d9cdddfd2e24a2e 0000000000000000} np=SA exchange=IKE_SA_INIT msgid=0 len=376 #SEND 380 bytes to 172.16.120.15[4500] (0.0)(pid:1926) time:2000-01-01 00:04:02 Jan 01, 00:04:02: IKE_SAMPLE_ikeXchgSend Successfully setsockopt UDP_ENCAP port 49158 IKE_EXAMPLE: IKE_keyConnect() started, id = 0xJan 01, 00:04:02: IKE_EXAMPLE: IKE_keyConnect() started, id = 0x on device br0 deadaad7... Jan 01, 00:04:02: papi:15200 end of show log rapper ========================================================