I'm trying to establish IPSEC tunnel (for future usage with npppd
L2TP) between -snapshot and OS X El Captain 10.11.5 and have issues
when establishing phase1.
I searched in archives and suggestions doesn't work for me. I tried
main/quick combinations from dumps (below), which make sense.
Current config is:
ipsec.conf
ike passive esp proto from x.x.x.x to any port 1701 \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc 3des \
psk "XXX"
x.x.x.x - openbsd server IP
y.y.y.y - client IP
When connecting in daemon logs:
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_2048, expected MODP_3072
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA2_256, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA2_256, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA, expected SHA2_256
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_2048, expected MODP_3072
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_2048, expected MODP_1024
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got MD5, expected SHA2_256
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got MD5, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got MD5, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA2_512, expected SHA2_256
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA2_512, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA2_512, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_1536, expected MODP_3072
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA2_256, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA2_256, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA, expected SHA2_256
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_1536, expected MODP_3072
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_1536, expected MODP_1024
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got MD5, expected SHA2_256
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got MD5, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got MD5, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_1024, expected MODP_3072
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA2_256, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA2_256, expected SHA
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
HASH_ALGORITHM: got SHA, expected SHA2_256
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
GROUP_DESCRIPTION: got MODP_1024, expected MODP_3072
Jul 9 17:25:43 vpn isakmpd[88568]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC
Jul 9 17:25:43 vpn isakmpd[88568]: message_parse_payloads: reserved
field non-zero: 8a
Jul 9 17:25:43 vpn isakmpd[88568]: dropped message from y.y.y.y port
36990 due to notification type PAYLOAD_MALFORMED
Jul 9 17:25:46 vpn isakmpd[88568]: message_parse_payloads: reserved
field non-zero: 8a
Jul 9 17:25:46 vpn isakmpd[88568]: dropped message from y.y.y.y port
36990 due to notification type PAYLOAD_MALFORMED
Jul 9 17:25:49 vpn isakmpd[88568]: message_parse_payloads: reserved
field non-zero: 8a
Jul 9 17:25:49 vpn isakmpd[88568]: dropped message from y.y.y.y port
36990 due to notification type PAYLOAD_MALFORMED
Jul 9 17:25:53 vpn isakmpd[88568]: message_parse_payloads: reserved
field non-zero: 8a
Jul 9 17:25:53 vpn isakmpd[88568]: dropped message from y.y.y.y port
36990 due to notification type PAYLOAD_MALFORMED
I did traffic capture for isakmp traffic and I see these proposals
sent from OS X client to server:
Internet Security Association and Key Management Protocol
Initiator SPI: 07fbd2b3a059ff70
Responder SPI: 0000000000000000
Next payload: Security Association (1)
Version: 1.0
Exchange type: Identity Protection (Main Mode) (2)
Flags: 0x00
Message ID: 0x00000000
Length: 788
Type Payload: Security Association (1)
Next payload: Vendor ID (13)
Payload length: 516
Domain of interpretation: IPSEC (1)
Situation: 00000001
Type Payload: Proposal (2) # 1
Next payload: NONE / No Next Payload (0)
Payload length: 504
Proposal number: 1
Protocol ID: ISAKMP (1)
SPI Size: 0
Proposal transforms: 14
Type Payload: Transform (3) # 1
Next payload: Transform (3)
Payload length: 36
Transform number: 1
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA2-256
Transform IKE Attribute Type (t=4,l=2)
Group-Description : 2048 bit MODP group
Type Payload: Transform (3) # 2
Next payload: Transform (3)
Payload length: 36
Transform number: 2
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
Transform IKE Attribute Type (t=4,l=2)
Group-Description : 2048 bit MODP group
Type Payload: Transform (3) # 3
Next payload: Transform (3)
Payload length: 36
Transform number: 3
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : MD5
Transform IKE Attribute Type (t=4,l=2)
Group-Description : 2048 bit MODP group
Type Payload: Transform (3) # 4
Next payload: Transform (3)
Payload length: 36
Transform number: 4
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA2-512
Transform IKE Attribute Type (t=4,l=2)
Group-Description : 2048 bit MODP group
Type Payload: Transform (3) # 5
Next payload: Transform (3)
Payload length: 36
Transform number: 5
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA2-256
Transform IKE Attribute Type (t=4,l=2)
Group-Description : 1536 bit MODP group
Type Payload: Transform (3) # 6
Next payload: Transform (3)
Payload length: 36
Transform number: 6
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
Transform IKE Attribute Type (t=4,l=2)
Group-Description : 1536 bit MODP group
Type Payload: Transform (3) # 7
Next payload: Transform (3)
Payload length: 36
Transform number: 7
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : MD5
Transform IKE Attribute Type (t=4,l=2)
Group-Description : 1536 bit MODP group
Type Payload: Transform (3) # 8
Next payload: Transform (3)
Payload length: 36
Transform number: 8
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA2-256
Transform IKE Attribute Type (t=4,l=2)
Group-Description : Alternate 1024-bit MODP group
Type Payload: Transform (3) # 9
Next payload: Transform (3)
Payload length: 36
Transform number: 9
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
Transform IKE Attribute Type (t=4,l=2)
Group-Description : Alternate 1024-bit MODP group
Type Payload: Transform (3) # 10
Next payload: Transform (3)
Payload length: 36
Transform number: 10
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : MD5
Transform IKE Attribute Type (t=4,l=2)
Group-Description : Alternate 1024-bit MODP group
Type Payload: Transform (3) # 11
Next payload: Transform (3)
Payload length: 36
Transform number: 11
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 128
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
Transform IKE Attribute Type (t=4,l=2)
Group-Description : Alternate 1024-bit MODP group
Type Payload: Transform (3) # 12
Next payload: Transform (3)
Payload length: 36
Transform number: 12
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 128
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : MD5
Transform IKE Attribute Type (t=4,l=2)
Group-Description : Alternate 1024-bit MODP group
Type Payload: Transform (3) # 13
Next payload: Transform (3)
Payload length: 32
Transform number: 13
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : 3DES-CBC
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
Transform IKE Attribute Type (t=4,l=2)
Group-Description : Alternate 1024-bit MODP group
Type Payload: Transform (3) # 14
Next payload: NONE / No Next Payload (0)
Payload length: 32
Transform number: 14
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : 3DES-CBC
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : MD5
Transform IKE Attribute Type (t=4,l=2)
Group-Description : Alternate 1024-bit MODP group
Type Payload: Vendor ID (13) : RFC 3947 Negotiation of
NAT-Traversal in the IKE
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 4a131c81070358455c5728f20e95452f
Vendor ID: RFC 3947 Negotiation of NAT-Traversal in the IKE
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 4df37928e9fc4fd1b3262170d515c662
Vendor ID: draft-ietf-ipsec-nat-t-ike
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-08
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 8f8d83826d246b6fc7a8a6a428c11de8
Vendor ID: draft-ietf-ipsec-nat-t-ike-08
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-07
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 439b59f8ba676c4c7737ae22eab8f582
Vendor ID: draft-ietf-ipsec-nat-t-ike-07
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-06
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 4d1e0e136deafa34c4f3ea9f02ec7285
Vendor ID: draft-ietf-ipsec-nat-t-ike-06
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-05
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 80d0bb3def54565ee84645d4c85ce3ee
Vendor ID: draft-ietf-ipsec-nat-t-ike-05
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-04
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 9909b64eed937c6573de52ace952fa6b
Vendor ID: draft-ietf-ipsec-nat-t-ike-04
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-03
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 7d9419a65310ca6f2c179d9215529d56
Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-02
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: cd60464335df21f87cfdb2fc68b6a448
Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-02\n
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 90cb80913ebb696e086381b5ec427b1f
Vendor ID: draft-ietf-ipsec-nat-t-ike-02\n
Type Payload: Vendor ID (13) : Microsoft L2TP/IPSec VPN Client
Next payload: Vendor ID (13)
Payload length: 24
Vendor ID: 4048b7d56ebce88525e7de7f00d6c2d380000000
Vendor ID: Microsoft L2TP/IPSec VPN Client
Type Payload: Vendor ID (13) : RFC 3706 DPD (Dead Peer Detection)
Next payload: NONE / No Next Payload (0)
Payload length: 20
Vendor ID: afcad71368a1f1c96b8696fc77570100
Vendor ID: RFC 3706 DPD (Dead Peer Detection)
And response from server to OS X client:
Internet Security Association and Key Management Protocol
Initiator SPI: 07fbd2b3a059ff70
Responder SPI: f16491404417b09a
Next payload: Security Association (1)
Version: 1.0
Exchange type: Identity Protection (Main Mode) (2)
Flags: 0x00
Message ID: 0x00000000
Length: 184
Type Payload: Security Association (1)
Next payload: Vendor ID (13)
Payload length: 56
Domain of interpretation: IPSEC (1)
Situation: 00000001
Type Payload: Proposal (2) # 1
Next payload: NONE / No Next Payload (0)
Payload length: 44
Proposal number: 1
Protocol ID: ISAKMP (1)
SPI Size: 0
Proposal transforms: 1
Type Payload: Transform (3) # 9
Next payload: NONE / No Next Payload (0)
Payload length: 36
Transform number: 9
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
Transform IKE Attribute Type (t=4,l=2)
Group-Description : Alternate 1024-bit MODP group
Type Payload: Vendor ID (13) : Unknown Vendor ID
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: b8f26eaa4cbf1b9a150a3f12dd64d183
Vendor ID: Unknown Vendor ID
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-02\n
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 90cb80913ebb696e086381b5ec427b1f
Vendor ID: draft-ietf-ipsec-nat-t-ike-02\n
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-03
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 7d9419a65310ca6f2c179d9215529d56
Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Type Payload: Vendor ID (13) : RFC 3947 Negotiation of
NAT-Traversal in the IKE
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 4a131c81070358455c5728f20e95452f
Vendor ID: RFC 3947 Negotiation of NAT-Traversal in the IKE
Type Payload: Vendor ID (13) : RFC 3706 DPD (Dead Peer Detection)
Next payload: NONE / No Next Payload (0)
Payload length: 20
Vendor ID: afcad71368a1f1c96b8696fc77570100
Vendor ID: RFC 3706 DPD (Dead Peer Detection)
I tried all proposals from dump I got from both client packets and
server site with no luck.
Anybody have success with OS X client and isakmpd? It will be nice to
see working main and quick config parts.
--
--
With regards,
Evgeniy Sudyr
