Target : 9c:1c:12:c9:5e:95 show vpn status profile name:default -------------------------------------------------- current using tunnel :unselected tunnel ipsec is preempt status :disable ipsec is fast failover status :disable ipsec hold on period :600 ipsec tunnel monitor frequency (seconds/packet) :5 ipsec tunnel monitor timeout by lost packet cnt :2 ipsec primary tunnel crypto type :Cert ipsec primary tunnel peer address :78.11.254.84 ipsec primary tunnel peer tunnel ip :0.0.0.0 ipsec primary tunnel ap tunnel ip :0.0.0.0 ipsec primary tunnel current sm status :Retrying ipsec primary tunnel tunnel status :Down ipsec primary tunnel tunnel retry times :103 ipsec primary tunnel tunnel uptime :0 ipsec backup tunnel crypto type :Cert ipsec backup tunnel peer address :N/A ipsec backup tunnel peer tunnel ip :N/A ipsec backup tunnel ap tunnel ip :N/A ipsec backup tunnel current sm status :Init ipsec backup tunnel tunnel status :Down ipsec backup tunnel tunnel retry times :0 ipsec backup tunnel tunnel uptime :0 end of show vpn status ======================================================== show upgrade info Image Upgrade Progress ---------------------- Mac IP Address AP Class Status Image Info Error Detail --- ---------- -------- ------ ---------- ------------ 9c:1c:12:c9:5e:95 192.168.100.11 Orion image-ok image file none Auto reboot :enable Use external URL :enable end of show upgrade info ======================================================== show log upgrade ----------Download log start---------- download log not available ----------Download log end------------ Download status: incomplete ----------Upgrade log start---------- upgrade log not available ----------Upgrade log end------------ Upgrade status: upgrade status not available end of show log upgrade ======================================================== show log rapper Dec 06, 10:49:54: get_ike_version: Use IKE Version 2 Dec 06, 10:49:54: papi_init papifd:5 ack:11 IKE_EXAMPLE: Starting up IKE server setup_tunnel Dec 06, 10:49:54: IKE_init: ethmacstr = 9C:1C:12:C9:5E:95 Initialized Timers IKE_init: completed after (0.0)(pid:7321) time:2019-12-06 10:49:54 seconds. Dec 06, 10:49:54: RAP using default certificates Dec 06, 10:49:54: Before getting Certs Dec 06, 10:49:54: TPM enabled Dec 06, 10:49:54: CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0 Dec 06, 10:49:54: Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der Dec 06, 10:49:54: Reading DER Device Cert file /tmp/deviceCerts/certifiedKeyCert.der Dec 06, 10:49:54: DER Device Cert file len:1767 Dec 06, 10:49:54: Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der Dec 06, 10:49:54: Reading DER Intermediate Cert file Dec 06, 10:49:54: DER Intermediate Cert file len:1456 Dec 06, 10:49:54: Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der Dec 06, 10:49:54: Reading DER Intermediate Cert file Dec 06, 10:49:54: DER Intermediate Cert file len:1580 Dec 06, 10:49:54: Decode PEM Key length :0 Dec 06, 10:49:54: testHostKeys : status 0 Dec 06, 10:49:54: testHostKeys : free temp Certificate status 0 Dec 06, 10:49:54: CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1767 Dec 06, 10:49:54: CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der Dec 06, 10:49:54: Reading DER CA Cert file Dec 06, 10:49:54: DER CA Cert file len:1416 Dec 06, 10:49:54: CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der Dec 06, 10:49:54: Reading DER CA Cert file Dec 06, 10:49:54: DER CA Cert file len:1009 Dec 06, 10:49:54: Got 2 Trusted Certs Dec 06, 10:49:54: After getFieldTrustedCerts ret:-1 Dec 06, 10:49:54: Got 0 Field Trusted Certs Dec 06, 10:49:54: CSS CA Cert is /tmp/deviceCerts/CSS_CA_RootCert.der Dec 06, 10:49:54: Reading DER CA Cert file Dec 06, 10:49:54: Error in reading DER CA Cert:/tmp/deviceCerts/CSS_CA_RootCert.der, Ignore It Dec 06, 10:49:54: CA Cert status : 0 Before IKE_initServer Dec 06, 10:49:54: IKE_initServer: Cert length 1767 IKE_initServer: Host Certificate is set (RSA-SIG) {CN=BT0838766::9c:1c:12:c9:5e:95} Dec 06, 10:49:54: IKE_EXAMPLE_addServer port:0 natt:0 Dec 06, 10:49:54: srcdev_name = br0 ip c0a8640b Dec 06, 10:49:54: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:0 IKE_EXAMPLE: Socket created on 192.168.100.11[49520] Dec 06, 10:49:54: IKE_EXAMPLE_addServer:1443 socket descriptor is 0 port number 49520 for server instance 0 at 0th index Dec 06, 10:49:54: srcdev_name = br0 ip c0a8640b Dec 06, 10:49:54: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:1 IKE_EXAMPLE: Socket created on 192.168.100.11[49521] Dec 06, 10:49:54: IKE_EXAMPLE_addServer:1490 socket descriptor is 1 port number 49521 for server instance 0 at 1st index Dec 06, 10:49:54: IKE_EXAMPLE_addDefaultServers status:0 (0.0)(pid:7321) time:2019-12-06 10:49:54 SA_INIT dest=78.11.254.84 Dec 06, 10:49:54: Initialize IKE SA Dec 06, 10:49:54: IKE_CUSTOM_getVersion(peerAddr:4e0bfe54): ikeVersion:2 Timer ID: 1 Initialized Dec 06, 10:49:54: IKE2_newSa(peerAddr:4e0bfe54): IKE_SA-lifetime:28000 I --> Dec 06, 10:49:54: OutSa(v2-peerAddr:0 pxSa->dwPeerAddr:4e0bfe54): Entered Dec 06, 10:49:54: OutTfm_I(v2-peerAddr:4e0bfe54): Entered ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 NAT_D (us): 08 89 54 72 a5 bb 3a 4b 88 55 e9 db 1f c8 21 1a 2a 8c 09 01 NAT_D (peer): 34 97 a6 de b3 44 b9 d6 4f 96 4d 01 ae 37 85 c1 27 16 65 11 spi={eef051872163897b 0000000000000000} np=SA exchange=IKE_SA_INIT msgid=0 len=376 #SEND 380 bytes to 78.11.254.84[4500] (0.0)(pid:7321) time:2019-12-06 10:49:54 Dec 06, 10:49:54: IKE_SAMPLE_ikeXchgSend Successfully setsockopt UDP_ENCAP port 49521 IKE_EXAMPLE: IKE_keyConnect() started, id = 0xDec 06, 10:49:54: IKE_EXAMPLE: IKE_keyConnect() started, id = 0x on device br0 9dc5d523... Dec 06, 10:49:54: papi:15200 end of show log rapper ========================================================