Target : 00:0b:86:8f:4f:30 show vpn status profile name:default -------------------------------------------------- current using tunnel :unselected tunnel ipsec is preempt status :disable ipsec is fast failover status :disable ipsec hold on period :600 ipsec tunnel monitor frequency (seconds/packet) :5 ipsec tunnel monitor timeout by lost packet cnt :2 ipsec primary tunnel crypto type :Cert ipsec primary tunnel peer address :149.3.135.125 ipsec primary tunnel peer tunnel ip :0.0.0.0 ipsec primary tunnel ap tunnel ip :0.0.0.0 ipsec primary tunnel current sm status :Retrying ipsec primary tunnel tunnel status :Down ipsec primary tunnel tunnel retry times :4 ipsec primary tunnel tunnel uptime :0 ipsec backup tunnel crypto type :Cert ipsec backup tunnel peer address :N/A ipsec backup tunnel peer tunnel ip :N/A ipsec backup tunnel ap tunnel ip :N/A ipsec backup tunnel current sm status :Init ipsec backup tunnel tunnel status :Down ipsec backup tunnel tunnel retry times :0 ipsec backup tunnel tunnel uptime :0 end of show vpn status ======================================================== show upgrade info Image Upgrade Progress ---------------------- Mac IP Address AP Class Status Image Info Error Detail --- ---------- -------- ------ ---------- ------------ 00:0b:86:8f:4f:30 192.168.1.33 Aries image-ok image file none Auto reboot :enable Use external URL :enable end of show upgrade info ======================================================== show log upgrade ----------Download log start---------- download log not available ----------Download log end------------ Download status: incomplete ----------Upgrade log start---------- upgrade log not available ----------Upgrade log end------------ Upgrade status: upgrade status not available end of show log upgrade ======================================================== show log rapper Sep 10, 11:20:30: get_ike_version: Use IKE Version 2 Sep 10, 11:20:30: papi_init papifd:5 ack:11 IKE_EXAMPLE: Starting up IKE server setup_tunnel Sep 10, 11:20:30: IKE_init: ethmacstr = 00:0B:86:8F:4F:30 Initialized Timers IKE_init: completed after (0.0)(pid:4244) time:2014-09-10 11:20:30 seconds. Sep 10, 11:20:30: RAP using default certificates Sep 10, 11:20:30: Before getting Certs Sep 10, 11:20:30: TPM enabled Sep 10, 11:20:30: CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0 Sep 10, 11:20:30: Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der Sep 10, 11:20:30: Reading DER Device Cert file /tmp/deviceCerts/certifiedKeyCert.der Sep 10, 11:20:30: DER Device Cert file len:1767 Sep 10, 11:20:30: Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der Sep 10, 11:20:30: Reading DER Intermediate Cert file Sep 10, 11:20:30: DER Intermediate Cert file len:1456 Sep 10, 11:20:30: Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der Sep 10, 11:20:30: Reading DER Intermediate Cert file Sep 10, 11:20:30: DER Intermediate Cert file len:1580 Sep 10, 11:20:30: Decode PEM Key length :0 Sep 10, 11:20:30: testHostKeys : status 0 Sep 10, 11:20:30: testHostKeys : free temp Certificate status 0 Sep 10, 11:20:30: CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1767 Sep 10, 11:20:30: CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der Sep 10, 11:20:30: Reading DER CA Cert file Sep 10, 11:20:30: DER CA Cert file len:1416 Sep 10, 11:20:30: CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der Sep 10, 11:20:30: Reading DER CA Cert file Sep 10, 11:20:30: DER CA Cert file len:1009 Sep 10, 11:20:30: Got 2 Trusted Certs Sep 10, 11:20:30: After getFieldTrustedCerts ret:-1 Sep 10, 11:20:30: Got 0 Field Trusted Certs Sep 10, 11:20:30: CSS CA Cert is /tmp/deviceCerts/CSS_CA_RootCert.der Sep 10, 11:20:30: Reading DER CA Cert file Sep 10, 11:20:30: Error in reading DER CA Cert:/tmp/deviceCerts/CSS_CA_RootCert.der, Ignore It Sep 10, 11:20:30: CA Cert status : 0 Before IKE_initServer Sep 10, 11:20:30: IKE_initServer: Cert length 1767 IKE_initServer: Host Certificate is set (RSA-SIG) {CN=CC0002119::00:0b:86:8f:4f:30} Sep 10, 11:20:30: IKE_EXAMPLE_addServer port:0 natt:0 Sep 10, 11:20:30: srcdev_name = br0 ip c0a80121 Sep 10, 11:20:30: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:0 IKE_EXAMPLE: Socket created on 192.168.1.33[64734] Sep 10, 11:20:30: IKE_EXAMPLE_addServer:1443 socket descriptor is 0 port number 64734 for server instance 0 at 0th index Sep 10, 11:20:30: srcdev_name = br0 ip c0a80121 Sep 10, 11:20:30: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:1 IKE_EXAMPLE: Socket created on 192.168.1.33[64735] Sep 10, 11:20:30: IKE_EXAMPLE_addServer:1490 socket descriptor is 1 port number 64735 for server instance 0 at 1st index Sep 10, 11:20:30: IKE_EXAMPLE_addDefaultServers status:0 (0.0)(pid:4244) time:2014-09-10 11:20:30 SA_INIT dest=149.3.135.125 Sep 10, 11:20:30: Initialize IKE SA Sep 10, 11:20:30: IKE_CUSTOM_getVersion(peerAddr:9503877d): ikeVersion:2 Timer ID: 1 Initialized Sep 10, 11:20:30: IKE2_newSa(peerAddr:9503877d): IKE_SA-lifetime:28000 I --> Sep 10, 11:20:30: OutSa(v2-peerAddr:0 pxSa->dwPeerAddr:9503877d): Entered Sep 10, 11:20:30: OutTfm_I(v2-peerAddr:9503877d): Entered ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 NAT_D (us): b4 e0 3d fa 3c dc ba 65 81 6e aa e5 78 43 0c 81 77 b8 d2 c4 NAT_D (peer): 11 27 59 dc f2 00 da d5 61 39 6b 63 cb 9d af 3a 1d 3c 39 34 spi={1294bed19d919850 0000000000000000} np=SA exchange=IKE_SA_INIT msgid=0 len=376 #SEND 380 bytes to 149.3.135.125[4500] (0.0)(pid:4244) time:2014-09-10 11:20:30 Sep 10, 11:20:30: IKE_SAMPLE_ikeXchgSend Successfully setsockopt UDP_ENCAP port 64735 IKE_EXAMPLE: IKE_keyConnect() started, id = 0xSep 10, 11:20:30: IKE_EXAMPLE: IKE_keyConnect() started, id = 0x on device br0 eb8295e2... Sep 10, 11:20:30: papi:15200 #RECV 60 bytes from 149.3.135.125[4500] (0.0)(pid:4244) time:2014-09-10 11:20:30 spi={1294bed19d919850 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=56 I <-- Notify: COOKIE spi={1294bed19d919850 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=404 #SEND 408 bytes to 149.3.135.125[4500] (0.0)(pid:4244) time:2014-09-10 11:20:30 #RECV 417 bytes from 149.3.135.125[4500] (0.0)(pid:4244) time:2014-09-10 11:20:30 spi={1294bed19d919850 2b2a84ce1bc73acf} np=SA exchange=IKE_SA_INIT msgid=0 len=413 I <-- Proposal #1: IKE[4] ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 Notify: NAT_DETECTION_SOURCE_IP Notify: NAT_DETECTION_DESTINATION_IP NAT_D (us/NAT): ff 96 e4 8c a2 44 eb 77 05 d4 77 0f 64 fb 58 06 19 63 87 1e VID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Sep 10, 11:20:31: Fragmentation is enabled I --> Notify: INITIAL_CONTACT Sep 10, 11:20:31: OutCert: adding leaf Cert of Len:1767 Sep 10, 11:20:31: RAPPER priority old: -19, set to -20 (1.0)(pid:4244) time:2014-09-10 11:20:31 HASH_i c5 b8 55 11 2b a6 89 45 2b 95 47 17 9b 96 68 49 e4 26 42 bd (3.0)(pid:4244) time:2014-09-10 11:20:33 Sep 10, 11:20:33: OutAuth TPM sign api passed (3.0)(pid:4244) time:2014-09-10 11:20:33 CFG_REQUEST IP4_ADDRESS IP4_NETMASK Sep 10, 11:20:33: OutSa(v2-peerAddr:9503877d pxSa->dwPeerAddr:9503877d): Entered Sep 10, 11:20:33: OutTfm2(v2-peerAddr:9503877d): oTfmId:0 wAuthAlgo:0 wEncrKeyLen:0 wAuthKeyLen:0 bNoEnumEncr:0 bNoEnumAuth:0 ENCR_AES 256-BITS ENCR_3DES AUTH_HMAC_SHA1_96 ESN_0 TSi: 0.0.0.0~255.255.255.255 TSr: 0.0.0.0~255.255.255.255 spi={1294bed19d919850 2b2a84ce1bc73acf} np=E{IDi} exchange=IKE_AUTH msgid=1 len=2300 #SEND 2304 bytes to 149.3.135.125[4500] (3.0)(pid:4244) time:2014-09-10 11:20:33 Sep 10, 11:20:33: Sending fragment, size = 530 Sep 10, 11:20:33: Sending fragment, size = 530 Sep 10, 11:20:33: Sending fragment, size = 530 Sep 10, 11:20:33: Sending fragment, size = 530 Sep 10, 11:20:33: Sending last fragment, size = 352 #RECV 80 bytes from 149.3.135.125[4500] (3.0)(pid:4244) time:2014-09-10 11:20:33 spi={1294bed19d919850 2b2a84ce1bc73acf} np=E{N} exchange=IKE_AUTH msgid=1 len=76 I <-- Notify: AUTHENTICATION_FAILED (ESP spi=d1849b00) Sep 10, 11:20:33: InNotify AP authentication failed ike2_state.c (7882): errorCode = ERR_IKE_NOTIFY_PAYLOAD Sep 10, 11:20:33: IKE_SAMPLE_ikeStatHdlr(CHILD_SA): dwPeerAddr:9503877d index:0 mPeerType:0 Sep 10, 11:20:33: IKE SA failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 ikeVer 2 Sep 10, 11:20:33: send_sapd_error: InnerIP:0 error:45 debug_error:0 Sep 10, 11:20:33: send_sapd_error: error:45 debug_error:0 Sep 10, 11:20:33: IKE_SAMPLE_ikeStatHdlr(SA): dwPeerAddr:9503877d index:0 mPeerType:0 Sep 10, 11:20:33: IKE_SA [v2 I] (id=0xeb8295e2) flags 0x41000015 failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 Sep 10, 11:20:33: IKE_SAMPLE_ikeStatHdlr(IST_FAIL): g_ikeversion:2 Timer ID: 1 Deleted rapperSendStatusCB end of show log rapper ========================================================