Target : ac:a3:1e:ce:16:14 show vpn status profile name:default -------------------------------------------------- current using tunnel :unselected tunnel ipsec is preempt status :disable ipsec is fast failover status :disable ipsec hold on period :600 ipsec tunnel monitor frequency (seconds/packet) :5 ipsec tunnel monitor timeout by lost packet cnt :2 ipsec primary tunnel crypto type :Cert ipsec primary tunnel peer address :216.***.***.*** ipsec primary tunnel peer tunnel ip :0.0.0.0 ipsec primary tunnel ap tunnel ip :0.0.0.0 ipsec primary tunnel current sm status :Retrying ipsec primary tunnel tunnel status :Down ipsec primary tunnel tunnel retry times :4 ipsec primary tunnel tunnel uptime :0 ipsec backup tunnel crypto type :Cert ipsec backup tunnel peer address :N/A ipsec backup tunnel peer tunnel ip :N/A ipsec backup tunnel ap tunnel ip :N/A ipsec backup tunnel current sm status :Init ipsec backup tunnel tunnel status :Down ipsec backup tunnel tunnel retry times :0 ipsec backup tunnel tunnel uptime :0 end of show vpn status ======================================================== show upgrade info Image Upgrade Progress ---------------------- Mac IP Address AP Class Status Image Info Error Detail --- ---------- -------- ------ ---------- ------------ ac:a3:1e:ce:16:14 192.168.2.100 Pegasus image-ok image file none Auto reboot :enable Use external URL :enable end of show upgrade info ======================================================== show log upgrade ----------Download log start---------- download log not available ----------Download log end------------ Download status: incomplete ----------Upgrade log start---------- upgrade log not available ----------Upgrade log end------------ Upgrade status: upgrade status not available end of show log upgrade ======================================================== show log rapper May 23, 12:19:13: get_ike_version: Use IKE Version 2 May 23, 12:19:13: papi_init papifd:5 ack:11 IKE_EXAMPLE: Starting up IKE server setup_tunnel May 23, 12:19:13: IKE_init: ethmacstr = AC:A3:1E:CE:16:14 Initialized Timers IKE_init: completed after (0.0)(pid:9714) time:2015-05-23 12:19:13 seconds. May 23, 12:19:13: RAP using default certificates May 23, 12:19:13: Before getting Certs May 23, 12:19:13: TPM enabled May 23, 12:19:13: CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0 May 23, 12:19:13: Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der May 23, 12:19:13: Reading DER Device Cert file /tmp/deviceCerts/certifiedKeyCert.der May 23, 12:19:13: DER Device Cert file len:1618 May 23, 12:19:13: Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der May 23, 12:19:13: Reading DER Intermediate Cert file May 23, 12:19:13: DER Intermediate Cert file len:1467 May 23, 12:19:13: Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der May 23, 12:19:13: Reading DER Intermediate Cert file May 23, 12:19:13: DER Intermediate Cert file len:1580 May 23, 12:19:13: Decode PEM Key length :0 May 23, 12:19:13: testHostKeys : status 0 May 23, 12:19:13: testHostKeys : free temp Certificate status 0 May 23, 12:19:13: CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1618 May 23, 12:19:13: CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der May 23, 12:19:13: Reading DER CA Cert file May 23, 12:19:13: DER CA Cert file len:1416 May 23, 12:19:13: CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der May 23, 12:19:13: Reading DER CA Cert file May 23, 12:19:13: DER CA Cert file len:1009 May 23, 12:19:13: Got 2 Trusted Certs May 23, 12:19:13: After getFieldTrustedCerts ret:-1 May 23, 12:19:13: Got 0 Field Trusted Certs May 23, 12:19:13: CSS CA Cert is /tmp/deviceCerts/CSS_CA_RootCert.der May 23, 12:19:13: Reading DER CA Cert file May 23, 12:19:13: Error in reading DER CA Cert:/tmp/deviceCerts/CSS_CA_RootCert.der, Ignore It May 23, 12:19:13: CA Cert status : 0 Before IKE_initServer May 23, 12:19:13: IKE_initServer: Cert length 1618 IKE_initServer: Host Certificate is set (RSA-SIG) {CN=DA0020350::ac:a3:1e:ce:16:14} May 23, 12:19:13: IKE_EXAMPLE_addServer port:0 natt:0 May 23, 12:19:13: srcdev_name = br0 ip c0a80264 May 23, 12:19:13: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:0 IKE_EXAMPLE: Socket created on 192.168.2.100[51438] May 23, 12:19:13: IKE_EXAMPLE_addServer:1443 socket descriptor is 0 port number 51438 for server instance 0 at 0th index May 23, 12:19:13: srcdev_name = br0 ip c0a80264 May 23, 12:19:13: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:1 IKE_EXAMPLE: Socket created on 192.168.2.100[51439] May 23, 12:19:13: IKE_EXAMPLE_addServer:1490 socket descriptor is 1 port number 51439 for server instance 0 at 1st index May 23, 12:19:13: IKE_EXAMPLE_addDefaultServers status:0 (0.0)(pid:9714) time:2015-05-23 12:19:13 SA_INIT dest=216.***.***.*** May 23, 12:19:13: Initialize IKE SA May 23, 12:19:13: IKE_CUSTOM_getVersion(peerAddr:d8890e43): ikeVersion:2 Timer ID: 1 Initialized May 23, 12:19:13: IKE2_newSa(peerAddr:d8890e43): IKE_SA-lifetime:28000 I --> May 23, 12:19:13: OutSa(v2-peerAddr:0 pxSa->dwPeerAddr:d8890e43): Entered May 23, 12:19:13: OutTfm_I(v2-peerAddr:d8890e43): Entered ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 NAT_D (us): b3 bb 60 c1 2d 30 90 c3 08 c8 98 fe c9 57 14 ac ce 6a d7 6d NAT_D (peer): 99 8e c0 38 07 55 86 70 7e 72 04 86 0b f2 4d 1c 29 94 ca 4c spi={f911433f3de4dc44 0000000000000000} np=SA exchange=IKE_SA_INIT msgid=0 len=376 #SEND 380 bytes to 216.***.***.***[4500] (0.0)(pid:9714) time:2015-05-23 12:19:13 May 23, 12:19:13: IKE_SAMPLE_ikeXchgSend Successfully setsockopt UDP_ENCAP port 51439 IKE_EXAMPLE: IKE_keyConnect() started, id = 0xMay 23, 12:19:13: IKE_EXAMPLE: IKE_keyConnect() started, id = 0x on device br0 d6d38218... May 23, 12:19:13: papi:15200 #RECV 60 bytes from 216.***.***.***[4500] (1.0)(pid:9714) time:2015-05-23 12:19:13 spi={f911433f3de4dc44 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=56 I <-- Notify: COOKIE spi={f911433f3de4dc44 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=404 #SEND 408 bytes to 216.***.***.***[4500] (1.0)(pid:9714) time:2015-05-23 12:19:13 #RECV 417 bytes from 216.***.***.***[4500] (1.0)(pid:9714) time:2015-05-23 12:19:13 spi={f911433f3de4dc44 3be19997812ad75c} np=SA exchange=IKE_SA_INIT msgid=0 len=413 I <-- Proposal #1: IKE[4] ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 Notify: NAT_DETECTION_SOURCE_IP NAT_D (peer/NAT): be b6 4c 19 4d 73 cc d4 a6 7f 17 61 30 12 6d d6 ee c9 f9 0f Notify: NAT_DETECTION_DESTINATION_IP NAT_D (us/NAT): 65 d1 91 46 1b 6f 7e 24 cd 7f 7e 7e ea 5a ed 29 c0 dc b9 69 VID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 May 23, 12:19:13: Fragmentation is enabled I --> Notify: INITIAL_CONTACT May 23, 12:19:13: OutCert: adding leaf Cert of Len:1618 May 23, 12:19:13: RAPPER priority old: -19, set to -20 (1.0)(pid:9714) time:2015-05-23 12:19:13 HASH_i 09 73 4b 6a 40 4d 09 e1 67 79 8f 53 02 8a 30 63 fc 9e 42 1f (3.0)(pid:9714) time:2015-05-23 12:19:16 May 23, 12:19:16: OutAuth TPM sign api passed (3.0)(pid:9714) time:2015-05-23 12:19:16 CFG_REQUEST IP4_ADDRESS IP4_NETMASK May 23, 12:19:16: OutSa(v2-peerAddr:d8890e43 pxSa->dwPeerAddr:d8890e43): Entered May 23, 12:19:16: OutTfm2(v2-peerAddr:d8890e43): oTfmId:0 wAuthAlgo:0 wEncrKeyLen:0 wAuthKeyLen:0 bNoEnumEncr:0 bNoEnumAuth:0 ENCR_AES 256-BITS ENCR_3DES AUTH_HMAC_SHA1_96 ESN_0 TSi: 0.0.0.0~255.255.255.255 TSr: 0.0.0.0~255.255.255.255 spi={f911433f3de4dc44 3be19997812ad75c} np=E{IDi} exchange=IKE_AUTH msgid=1 len=2156 #SEND 2160 bytes to 216.***.***.***[4500] (3.0)(pid:9714) time:2015-05-23 12:19:16 May 23, 12:19:16: Sending fragment, size = 530 May 23, 12:19:16: Sending fragment, size = 530 May 23, 12:19:16: Sending fragment, size = 530 May 23, 12:19:16: Sending fragment, size = 530 May 23, 12:19:16: Sending last fragment, size = 208 #RECV 80 bytes from 216.***.***.***[4500] (3.0)(pid:9714) time:2015-05-23 12:19:16 spi={f911433f3de4dc44 3be19997812ad75c} np=E{N} exchange=IKE_AUTH msgid=1 len=76 I <-- Notify: AUTHENTICATION_FAILED (ESP spi=93163f00) May 23, 12:19:16: InNotify AP authentication failed ike2_state.c (7882): errorCode = ERR_IKE_NOTIFY_PAYLOAD May 23, 12:19:16: IKE_SAMPLE_ikeStatHdlr(CHILD_SA): dwPeerAddr:d8890e43 index:0 mPeerType:0 May 23, 12:19:16: IKE SA failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 ikeVer 2 May 23, 12:19:16: send_sapd_error: InnerIP:0 error:45 debug_error:0 May 23, 12:19:16: send_sapd_error: error:45 debug_error:0 May 23, 12:19:16: IKE_SAMPLE_ikeStatHdlr(SA): dwPeerAddr:d8890e43 index:0 mPeerType:0 May 23, 12:19:16: IKE_SA [v2 I] (id=0xd6d38218) flags 0x41000015 failed reason = ERR_IKE_XAUTH_FAILED, errorcode = -8952 May 23, 12:19:16: IKE_SAMPLE_ikeStatHdlr(IST_FAIL): g_ikeversion:2 Timer ID: 1 Deleted rapperSendStatusCB end of show log rapper ========================================================