Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    win10 ipsec/ikev2 smartcard to pfsense fails - EAP method EAP_TLS failed for peer

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 438 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      siegmarb
      last edited by

      Hi,

      i try to connect a windows 10 with virtual smartcard to PFSENSE with ipsec.

      It all works if i use the plain p12-certificate from the windows internal cert store (User Certs...)

      It fails, if i try to load the cert from a virtual smartcard (off the TPM2.0 module) with following error:

      Any ideas?

      
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> added payload of type EAP to message
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> order payloads in message
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> added payload of type EAP to message
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating IKE_AUTH response 4 [ EAP/REQ/TLS ]
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> insert payload EAP into encrypted payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating payload of type HEADER
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 0 IKE_SPI
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 1 IKE_SPI
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 2 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 3 U_INT_4
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 4 U_INT_4
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 5 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 6 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 7 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 8 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 9 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 10 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 11 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 12 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 13 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 14 U_INT_32
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 15 HEADER_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating HEADER payload finished
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating payload of type EAP
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 0 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 1 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 2 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 3 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 4 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 5 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 6 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 7 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 8 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 9 PAYLOAD_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 10 CHUNK_DATA
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> increasing gen buffer from 500 to 1000 byte
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> increasing gen buffer from 1000 to 1500 byte
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating EAP payload finished
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generated content in encrypted payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating payload of type ENCRYPTED
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 0 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 1 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 2 PAYLOAD_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 3 CHUNK_DATA
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> increasing gen buffer from 500 to 1000 byte
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> increasing gen buffer from 1000 to 1500 byte
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating ENCRYPTED payload finished
Sep 28 14:50:59 	charon 	61573 	14[NET] <con-mobile|163> sending packet: from 10.8.0.2[4500] to 95.91.204.27[3828] (1104 bytes)
Sep 28 14:50:59 	charon 	61573 	14[MGR] <con-mobile|163> checkin IKE_SA con-mobile[163]
Sep 28 14:50:59 	charon 	61573 	14[MGR] <con-mobile|163> checkin of IKE_SA successful
Sep 28 14:50:59 	charon 	61573 	05[NET] sending packet: from 10.8.0.2[4500] to 95.91.204.27[3828]
Sep 28 14:50:59 	charon 	61573 	04[NET] received packet: from 95.91.204.27[3828] to 10.8.0.2[4500]
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing header of message
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing HEADER payload, 80 bytes left
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 0 IKE_SPI
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 1 IKE_SPI
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 2 U_INT_8
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 3 U_INT_4
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 4 U_INT_4
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 5 U_INT_8
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 6 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 7 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 8 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 9 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 10 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 11 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 12 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 13 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 14 U_INT_32
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 15 HEADER_LENGTH
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing HEADER payload finished
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsed a IKE_AUTH request header
Sep 28 14:50:59 	charon 	61573 	04[NET] waiting for data on sockets
Sep 28 14:50:59 	charon 	61573 	14[MGR] checkout IKEv2 SA by message with SPIs 60d44c2e09fbb8e5_i 88c2b6d86b36c317_r
Sep 28 14:50:59 	charon 	61573 	14[MGR] IKE_SA con-mobile[163] successfully checked out
Sep 28 14:50:59 	charon 	61573 	14[NET] <con-mobile|163> received packet: from 95.91.204.27[3828] to 10.8.0.2[4500] (80 bytes)
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing body of message, first payload is ENCRYPTED
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> starting parsing a ENCRYPTED payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing ENCRYPTED payload, 52 bytes left
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 0 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 1 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 2 PAYLOAD_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 3 CHUNK_DATA
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing ENCRYPTED payload finished
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> verifying payload of type ENCRYPTED
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> ENCRYPTED payload verified, adding to payload list
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> ENCRYPTED payload found, stop parsing
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> process payload of type ENCRYPTED
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> found an encrypted payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing EAP payload, 10 bytes left
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 0 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 1 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 2 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 3 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 4 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 5 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 6 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 7 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 8 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 9 PAYLOAD_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 10 CHUNK_DATA
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing EAP payload finished
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsed content of encrypted payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> insert decrypted payload of type EAP at end of list
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> verifying message structure
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> found payload of type EAP
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsed IKE_AUTH request 5 [ EAP/RES/TLS ]
Sep 28 14:50:59 	charon 	61573 	14[TLS] <con-mobile|163> EAP_TLS payload => 6 bytes @ 0x80472b080
Sep 28 14:50:59 	charon 	61573 	14[TLS] <con-mobile|163> 0: 02 5F 00 06 0D 00 ._....
Sep 28 14:50:59 	charon 	61573 	14[TLS] <con-mobile|163> received EAP_TLS acknowledgement packet
Sep 28 14:50:59 	charon 	61573 	14[TLS] <con-mobile|163> sending EAP_TLS final fragment (201 bytes)
SOME LINES REMOVED FOR PRIVACY
Sep 28 14:50:59 	charon 	61573 	14[TLS] <con-mobile|163> 192: 70 6E 2D 63 61 0E 00 00 00 pn-ca....
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> added payload of type EAP to message
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> order payloads in message
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> added payload of type EAP to message
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating IKE_AUTH response 5 [ EAP/REQ/TLS ]
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> insert payload EAP into encrypted payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating payload of type HEADER
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 0 IKE_SPI
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 1 IKE_SPI
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 2 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 3 U_INT_4
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 4 U_INT_4
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 5 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 6 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 7 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 8 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 9 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 10 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 11 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 12 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 13 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 14 U_INT_32
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 15 HEADER_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating HEADER payload finished
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating payload of type EAP
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 0 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 1 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 2 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 3 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 4 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 5 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 6 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 7 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 8 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 9 PAYLOAD_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 10 CHUNK_DATA
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating EAP payload finished
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generated content in encrypted payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating payload of type ENCRYPTED
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 0 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 1 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 2 PAYLOAD_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 3 CHUNK_DATA
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating ENCRYPTED payload finished
Sep 28 14:50:59 	charon 	61573 	14[NET] <con-mobile|163> sending packet: from 10.8.0.2[4500] to 95.91.204.27[3828] (272 bytes)
Sep 28 14:50:59 	charon 	61573 	14[MGR] <con-mobile|163> checkin IKE_SA con-mobile[163]
Sep 28 14:50:59 	charon 	61573 	14[MGR] <con-mobile|163> checkin of IKE_SA successful
Sep 28 14:50:59 	charon 	61573 	05[NET] sending packet: from 10.8.0.2[4500] to 95.91.204.27[3828]
Sep 28 14:50:59 	charon 	61573 	04[NET] received packet: from 95.91.204.27[3828] to 10.8.0.2[4500]
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing header of message
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing HEADER payload, 80 bytes left
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 0 IKE_SPI
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 1 IKE_SPI
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 2 U_INT_8
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 3 U_INT_4
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 4 U_INT_4
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 5 U_INT_8
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 6 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 7 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 8 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 9 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 10 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 11 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 12 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 13 FLAG
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 14 U_INT_32
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing rule 15 HEADER_LENGTH
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsing HEADER payload finished
Sep 28 14:50:59 	charon 	61573 	04[ENC] parsed a IKE_AUTH request header
Sep 28 14:50:59 	charon 	61573 	04[NET] waiting for data on sockets
Sep 28 14:50:59 	charon 	61573 	14[MGR] checkout IKEv2 SA by message with SPIs 60d44c2e09fbb8e5_i 88c2b6d86b36c317_r
Sep 28 14:50:59 	charon 	61573 	14[MGR] IKE_SA con-mobile[163] successfully checked out
Sep 28 14:50:59 	charon 	61573 	14[NET] <con-mobile|163> received packet: from 95.91.204.27[3828] to 10.8.0.2[4500] (80 bytes)
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing body of message, first payload is ENCRYPTED
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> starting parsing a ENCRYPTED payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing ENCRYPTED payload, 52 bytes left
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 0 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 1 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 2 PAYLOAD_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 3 CHUNK_DATA
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing ENCRYPTED payload finished
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> verifying payload of type ENCRYPTED
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> ENCRYPTED payload verified, adding to payload list
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> ENCRYPTED payload found, stop parsing
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> process payload of type ENCRYPTED
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> found an encrypted payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing EAP payload, 10 bytes left
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 0 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 1 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 2 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 3 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 4 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 5 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 6 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 7 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 8 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 9 PAYLOAD_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing rule 10 CHUNK_DATA
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsing EAP payload finished
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsed content of encrypted payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> insert decrypted payload of type EAP at end of list
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> verifying message structure
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> found payload of type EAP
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> parsed IKE_AUTH request 6 [ EAP/RES/TLS ]
Sep 28 14:50:59 	charon 	61573 	14[TLS] <con-mobile|163> EAP_TLS payload => 6 bytes @ 0x80472b080
Sep 28 14:50:59 	charon 	61573 	14[TLS] <con-mobile|163> 0: 02 60 00 06 0D 00 .`....
Sep 28 14:50:59 	charon 	61573 	14[TLS] <con-mobile|163> received EAP_TLS acknowledgement packet
Sep 28 14:50:59 	charon 	61573 	14[IKE] <con-mobile|163> EAP method EAP_TLS failed for peer 192.168.179.20
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> added payload of type EAP to message
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> order payloads in message
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> added payload of type EAP to message
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating IKE_AUTH response 6 [ EAP/FAIL ]
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> insert payload EAP into encrypted payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating payload of type HEADER
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 0 IKE_SPI
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 1 IKE_SPI
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 2 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 3 U_INT_4
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 4 U_INT_4
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 5 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 6 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 7 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 8 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 9 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 10 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 11 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 12 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 13 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 14 U_INT_32
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 15 HEADER_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating HEADER payload finished
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating payload of type EAP
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 0 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 1 FLAG
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 2 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 3 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 4 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 5 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 6 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 7 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 8 RESERVED_BIT
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 9 PAYLOAD_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 10 CHUNK_DATA
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating EAP payload finished
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generated content in encrypted payload
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating payload of type ENCRYPTED
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 0 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 1 U_INT_8
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 2 PAYLOAD_LENGTH
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating rule 3 CHUNK_DATA
Sep 28 14:50:59 	charon 	61573 	14[ENC] <con-mobile|163> generating ENCRYPTED payload finished
Sep 28 14:50:59 	charon 	61573 	14[NET] <con-mobile|163> sending packet: from 10.8.0.2[4500] to 95.91.204.27[3828] (80 bytes)
Sep 28 14:50:59 	charon 	61573 	14[MGR] <con-mobile|163> checkin and destroy IKE_SA con-mobile[163]
Sep 28 14:50:59 	charon 	61573 	05[NET] sending packet: from 10.8.0.2[4500] to 95.91.204.27[3828]
Sep 28 14:50:59 	charon 	61573 	14[IKE] <con-mobile|163> IKE_SA con-mobile[163] state change: CONNECTING => DESTROYING
Sep 28 14:50:59 	charon 	61573 	14[MGR] checkin and destroy of IKE_SA successful
Sep 28 14:51:00 	newsyslog 	97738 	logfile turned over due to size>500K
Sep 28 14:51:00 	newsyslog 	97738 	logfile turned over due to size>500K
Sep 28 14:51:01 	charon 	61573 	02[JOB] watched FD 21 ready to read
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher going to poll() 5 fds
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher got notification, rebuilding
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher going to poll() 6 fds
Sep 28 14:51:01 	charon 	61573 	02[JOB] watched FD 21 ready to read
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher going to poll() 5 fds
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher got notification, rebuilding
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher going to poll() 6 fds
Sep 28 14:51:01 	charon 	61573 	02[JOB] watched FD 21 ready to read
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher going to poll() 5 fds
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher got notification, rebuilding
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher going to poll() 6 fds
Sep 28 14:51:01 	charon 	61573 	02[JOB] watched FD 21 ready to read
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher going to poll() 5 fds
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher got notification, rebuilding
Sep 28 14:51:01 	charon 	61573 	02[JOB] watcher going to poll() 6 fds
      S 1 Reply Last reply Reply Quote 0
      • S
        siegmarb @siegmarb
        last edited by

        Just for the record. Just loaded the cert onto a Yubikey 5 hardware smartcard. Same error/result.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.