Hi Experts,
I am looking for Crypto keys in IPSEC SA to use in Wireshark to decrypt ESP packets. I've got an L2TP over IPSEC setup and it is working just fine but I need some more information than logged in VPN file. Below session logs have very few details about IPSEC SA. Where are the session keys?
2020-07-01 21:57:00.708 IPsec IKE Session (IKE SA) 35 (Client: 37) (x.x.x.x:48063 -> x.x.x.x:4500): This IKE SA is established between the server and the client.
2020-07-01 21:57:01.098 IPsec IKE Session (IKE SA) 35 (Client: 37) (x.x.x.x:48063 -> x.x.x.x:4500): The client initiates a QuickMode negotiation.
2020-07-01 21:57:01.098 IPsec ESP Session (IPsec SA) 31 (Client: 37) (x.x.x.x:48063 -> x.x.x.x:4500): A new IPsec SA (Direction: Client -> Server) is created. SPI: 0x7583AF9F, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2020-07-01 21:57:01.098 IPsec ESP Session (IPsec SA) 31 (Client: 37) (x.x.x.x:48063 -> x.x.x.x:4500): A new IPsec SA (Direction: Server -> Client) is created. SPI: 0x7EB558E, DH Group: (null), Hash Algorithm: SHA-1, Cipher Algorithm: AES-CBC, Cipher Key Size: 256 bits, Lifetime: 4294967295 Kbytes or 3600 seconds
2020-07-01 21:57:01.180 IPsec ESP Session (IPsec SA) 31 (Client: 37) (x.x.x.x:48063 -> x.x.x.x:4500): This IPsec SA is established between the server and the client.
Thanks,
Session keys to be used in Wireshark to decrypt ESP payload
-
onurkoc83
- Posts: 1
- Joined: Wed Jul 01, 2020 12:31 pm