Menu
▾
▴
Re: [Ipsec-tools-devel] Newbie racoon problem
|
From: Eric W. B. <eri...@vi...> - 2006-03-23 18:29:26
|
Eric W. Bates wrote:
> I'm trying to link with a Juniper appliance and failing in phase 1.
>
> Ultimately the error is:
> Mar 21 13:57:35 <daemon.info> fw racoon: ERROR: ignore information
> because ISAKMP-SA has not been established yet.
>
> Up until that error, it all looks good (to my inexperienced eye).
I've been re-running this while watching with ethereal. Using the packet
analyzer, I can see and check the contents of all 6 packets of the main
mode negotiation. They all seem good. It is not until after the contents
of the 6th packet (the one the respondent sends back with the respondent
ID and respondent hash).
At that point all the protocol stuff seems clean; but racoon complains
that "ISAKMP-SA has not been established yet".
Does this just mean that I have my SAdb screwed up?
** root@fw ** /usr/local/etc/racoon ** Thu Mar 23 13:24:04
# setkey -DP
10.0.0.0/24[any] 192.168.10.0/24[any] any
in ipsec
esp/tunnel/1.2.3.4-4.3.2.1/require
ah/tunnel/1.2.3.4-4.3.2.1/require
created: Mar 22 13:58:18 2006 lastused: Mar 22 13:58:18 2006
lifetime: 0(s) validtime: 0(s)
spid=16664 seq=1 pid=99002
refcnt=1
192.168.10.0/24[any] 10.0.0.0/24[any] any
out ipsec
esp/tunnel/4.3.2.1-1.2.3.4/require
ah/tunnel/4.3.2.1-1.2.3.4/require
created: Mar 22 13:58:18 2006 lastused: Mar 23 13:24:14 2006
lifetime: 0(s) validtime: 0(s)
spid=16663 seq=0 pid=99002
refcnt=2
> Thanks for your time.
>
> racoon.conf:
>
> remote 1.2.3.4
> {
> # Phase 1 config for Alliance Core (Credit Services)
>
> #exchange_mode main,aggressive,base;
> #exchange_mode main,base;
> exchange_mode main;
>
> my_identifier fqdn 4.3.2.1;
>
> lifetime time 24 hour ; # sec,min,hour
>
> nonce_size 16;
> initial_contact on;
> # the configuration makes racoon (as a responder) to obey the
> # initiator's lifetime and PFS group proposal. this makes
> # testing so much easier.
> proposal_check obey;
>
> proposal {
> encryption_algorithm 3des;
> hash_algorithm sha1;
> authentication_method pre_shared_key ;
> dh_group 2 ;
> }
> }
>
> # phase 2 proposal (for IPsec SA).
> # actual phase 2 proposal will obey the following items:
> # - kernel IPsec policy configuration (like "esp/transport//use)
> # - permutation of the crypto/hash/compression algorithms presented below
> #sainfo address 1.2.3.4 any address 4.3.2.1 any
> sainfo anonymous
> {
> # Phase 2 config for Alliance Core (Credit Services)
>
> pfs_group 2;
> lifetime time 12 hour ;
> encryption_algorithm 3des;
> authentication_algorithm hmac_sha1, hmac_md5 ;
> compression_algorithm deflate ;
> }
>
>
> Debug log:
>
> Mar 21 13:57:28 <daemon.info> fw racoon: INFO: @(#)ipsec-tools 0.6.3
> (http://ipsec-tools.sourceforge.net)
> Mar 21 13:57:28 <daemon.info> fw racoon: INFO: @(#)This product linked
> OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
> Mar 21 13:57:28 <daemon.debug> fw racoon: DEBUG: compression algorithm
> can not be checked because sadb message doesn't support it.
> Mar 21 13:57:28 <daemon.info> fw racoon: INFO: 4.3.2.1[500] used as
> isakmp port (fd=6)
> Mar 21 13:57:28 <daemon.debug> fw racoon: DEBUG: get pfkey X_SPDDUMP message
> Mar 21 13:57:28 <daemon.debug> fw racoon: DEBUG: get pfkey X_SPDDUMP message
> Mar 21 13:57:28 <daemon.debug> fw racoon: DEBUG: sub:0xbfbfe440:
> 192.168.10.0/24[0] 10.0.0.0/24[0] proto=any dir=out
> Mar 21 13:57:28 <daemon.debug> fw racoon: DEBUG: db :0x80b0408:
> 10.0.0.0/24[0] 192.168.10.0/24[0] proto=any dir=in
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: get pfkey ACQUIRE message
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: suitable outbound SP
> found: 192.168.10.0/24[0] 10.0.0.0/24[0] proto=any dir=out.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: sub:0xbfbfe420:
> 10.0.0.0/24[0] 192.168.10.0/24[0] proto=any dir=in
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: db :0x80b0408:
> 10.0.0.0/24[0] 192.168.10.0/24[0] proto=any dir=in
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: suitable inbound SP
> found: 10.0.0.0/24[0] 192.168.10.0/24[0] proto=any dir=in.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: new acquire
> 192.168.10.0/24[0] 10.0.0.0/24[0] proto=any dir=out
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: anonymous sainfo selected.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: (proto_id=ESP
> spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: (trns_id=3DES
> encklen=0 authtype=hmac-sha)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: (trns_id=3DES
> encklen=0 authtype=hmac-md5)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: configuration found for
> 1.2.3.4.
> Mar 21 13:57:35 <daemon.info> fw racoon: INFO: IPsec-SA request for
> 1.2.3.4 queued due to no phase1 found.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: ===
> Mar 21 13:57:35 <daemon.info> fw racoon: INFO: initiate new phase 1
> negotiation: 4.3.2.1[500]<=>1.2.3.4[500]
> Mar 21 13:57:35 <daemon.info> fw racoon: INFO: begin Identity Protection
> mode.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: new cookie:
> 2ce928b9a3273043
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: add payload of len 52,
> next type 13
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: add payload of len 16,
> next type 0
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 104 bytes from
> 4.3.2.1[500] to 1.2.3.4[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: sockname 4.3.2.1[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: send packet from
> 4.3.2.1[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: send packet to 1.2.3.4[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 1 times of 104 bytes
> message will be sent to 1.2.3.4[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 00000000 00000000 01100200 00000000 00000068 0d000038 00000001 00000001
> 0000002c 01010001 00000024 01010000 800b0001 000c0004 00015180 80010005
> 80030001 80020002 80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: resend phase1 packet
> 2ce928b9a3273043:0000000000000000
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: ===
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 160 bytes message
> received from 1.2.3.4[500] to 4.3.2.1[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 01100200 00000000 000000a0 0d000038 00000001 00000001
> 0000002c 01010001 00000024 01010000 80010005 80020002 80040002 80030001
> 800b0001 000c0004 00015180 0d000020 958e6fa1 7f3c18a7 45a954ce 892b8760
> 81eab308 00000010 00000400 0d000014 4485152d 18b6bbcd 0be8a846 9579ddcc
> 00000018 48656172 74426561 745f4e6f 74696679 386b0100
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: begin.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: seen nptype=1(sa)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: seen nptype=13(vid)
> Mar 21 13:57:35 <daemon.debug> fw last message repeated 2 times
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: succeed.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: received unknown Vendor ID
> Mar 21 13:57:35 <daemon.info> fw racoon: INFO: received Vendor ID:
> draft-ietf-ipsec-nat-t-ike-00
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: received unknown Vendor ID
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: total SA len=52
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 00000001 00000001
> 0000002c 01010001 00000024 01010000 80010005 80020002 80040002 80030001
> 800b0001 000c0004 00015180
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: begin.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: seen nptype=2(prop)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: succeed.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: proposal #1 len=44
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: begin.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: seen nptype=3(trns)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: succeed.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: transform #1 len=36
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Encryption
> Algorithm, flag=0x8000, lorv=3DES-CBC
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: encryption(3des)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Hash Algorithm,
> flag=0x8000, lorv=SHA
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hash(sha1)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Group Description,
> flag=0x8000, lorv=1024-bit MODP group
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hmac(modp1024)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Authentication
> Method, flag=0x8000, lorv=pre-shared key
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Life Type,
> flag=0x8000, lorv=seconds
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Life Duration,
> flag=0x0000, lorv=4
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: pair 1:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 0x80b3f70: next=0x0
> tnext=0x0
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: proposal #1: 1 transform
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: prop#=1,
> prot-id=ISAKMP, spi-size=0, #trns=1
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: trns#=1, trns-id=IKE
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Encryption
> Algorithm, flag=0x8000, lorv=3DES-CBC
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Hash Algorithm,
> flag=0x8000, lorv=SHA
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Group Description,
> flag=0x8000, lorv=1024-bit MODP group
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Authentication
> Method, flag=0x8000, lorv=pre-shared key
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Life Type,
> flag=0x8000, lorv=seconds
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: type=Life Duration,
> flag=0x0000, lorv=4
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: Compared: DB:Peer
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: (lifetime = 86400:86400)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: (lifebyte = 0:0)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: enctype = 3DES-CBC:3DES-CBC
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: (encklen = 0:0)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hashtype = SHA:SHA
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: authmethod = pre-shared
> key:pre-shared key
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: dh_group = 1024-bit
> MODP group:1024-bit MODP group
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: an acceptable proposal
> found.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hmac(modp1024)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: ===
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: compute DH's private.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 6b9fc8e2 9aeb4e23
> 023cb578 cce31e46 4e5f532f f3e7cdfd 91adaa32 d805ae3b b5bde9f2 8a3893a8
> 0e525428 372c4771 acdd1caa 86bc789d 0cbca063 295f51f6 76089b3b 7a785e14
> d74259f2 d1b282e8 e5aa0c37 39612b40 5fe585cd f9b922aa 6a84e0db dc5dab53
> 6566f2f2 f70d1060 d942e7ce 15d271d1 007c4f4b 9942a6a1
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: compute DH's public.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: d35a1cc5 05a88513
> 74217cc0 76072048 782cebb5 7eb41fc8 178fdc22 06b2afb5 1fc49194 255e1896
> 9674fa70 47ce4572 3da8a5ee d328867c e4d3e033 84e11e66 e131ee23 53a45018
> a2e4bd04 94a032c8 e1a31c0c bb5b83ec 4d9adac5 a518cbae 048f7587 8b0c6e65
> 6605ed6b 1906b7f1 855496a4 2d036206 afb85bdf 2328a0ec
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: add payload of len 128,
> next type 10
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: add payload of len 16,
> next type 0
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 180 bytes from
> 4.3.2.1[500] to 1.2.3.4[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: sockname 4.3.2.1[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: send packet from
> 4.3.2.1[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: send packet to 1.2.3.4[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 1 times of 180 bytes
> message will be sent to 1.2.3.4[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 04100200 00000000 000000b4 0a000084 d35a1cc5 05a88513
> 74217cc0 76072048 782cebb5 7eb41fc8 178fdc22 06b2afb5 1fc49194 255e1896
> 9674fa70 47ce4572 3da8a5ee d328867c e4d3e033 84e11e66 e131ee23 53a45018
> a2e4bd04 94a032c8 e1a31c0c bb5b83ec 4d9adac5 a518cbae 048f7587 8b0c6e65
> 6605ed6b 1906b7f1 855496a4 2d036206 afb85bdf 2328a0ec 00000014 f6029f6e
> 2e5e2485 1b0a7eb3 60d1f03c
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: resend phase1 packet
> 2ce928b9a3273043:8b58180abfaa4b1e
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: ===
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 184 bytes message
> received from 1.2.3.4[500] to 4.3.2.1[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 04100200 00000000 000000b8 0a000084 61521182 587120fb
> 88f15dc9 5f431f58 d5a3e871 0a6500f5 607daf7f 8e4629fe f576379b ad9db799
> b4fa22a2 7fa20755 3ec97606 8814e434 dcf242c1 f1eb83eb 05ad6d73 316addb6
> 7e731c67 d5467aa5 56561e9b e5458d49 ed4d44d4 1c0defbd b33c1b79 122a9075
> a64fc133 e8240a1b 3a53f911 3f74654d ed0df5c1 20a2b17b 00000018 aa99fa0e
> a5766f01 bc6b0006 0fdefbd9 ccd2916c
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: begin.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: seen nptype=4(ke)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: seen nptype=10(nonce)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: succeed.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: ===
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: compute DH's shared.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: deb4b778 6be28d46
> 7722a7df 0e231116 11e0dbef a7304063 a4b6fbf4 0c146a9e 69c24b06 634c6eba
> 5bff3f3e 509cddcf ba5853ce e90cc56f b0412e0d 7f7da199 e0b3104f ba630e00
> 238f013d 6d92033c 7089b37c 19781fe1 a7d8714d c771be1b fd18e657 b38b373d
> f3bf7f15 3d9bb74d 553ca720 70fdf22f 8e99f386 71972b42
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: the psk found.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: nonce 1:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: f6029f6e 2e5e2485
> 1b0a7eb3 60d1f03c
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: nonce 2:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: aa99fa0e a5766f01
> bc6b0006 0fdefbd9 ccd2916c
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hmac(hmac_sha1)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: SKEYID computed:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 114a1552 42ac94de
> 9b20b81a f9b987dc 20d11a93
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hmac(hmac_sha1)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: SKEYID_d computed:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 26f381cf 5d4b6f0b
> afc361e5 d5955cf6 ed5304b9
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hmac(hmac_sha1)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: SKEYID_a computed:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: aa51e2c7 9b43ccb6
> 923e4c45 d03bd6cf c6e6dae7
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hmac(hmac_sha1)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: SKEYID_e computed:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: e5248de2 8747046b
> e370cfc9 3329d598 fd16f988
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: encryption(3des)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hash(sha1)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: len(SKEYID_e) < len(Ka)
> (20 < 24), generating long key (Ka = K1 | K2 | ...)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hmac(hmac_sha1)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: compute intermediate
> encryption key K1
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 00
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 3c7d8c73 b83442d7
> 51fd94a1 390e203c 5b4c5999
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hmac(hmac_sha1)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: compute intermediate
> encryption key K2
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 3c7d8c73 b83442d7
> 51fd94a1 390e203c 5b4c5999
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 9aa7a8c9 f3e363f2
> c130ace9 a16c0f6f cfcd7ab4
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: final encryption key
> computed:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 3c7d8c73 b83442d7
> 51fd94a1 390e203c 5b4c5999 9aa7a8c9
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hash(sha1)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: encryption(3des)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: IV computed:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: c9ee51ad 29e5abc0
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: use ID type of FQDN
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: HASH with:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: d35a1cc5 05a88513
> 74217cc0 76072048 782cebb5 7eb41fc8 178fdc22 06b2afb5 1fc49194 255e1896
> 9674fa70 47ce4572 3da8a5ee d328867c e4d3e033 84e11e66 e131ee23 53a45018
> a2e4bd04 94a032c8 e1a31c0c bb5b83ec 4d9adac5 a518cbae 048f7587 8b0c6e65
> 6605ed6b 1906b7f1 855496a4 2d036206 afb85bdf 2328a0ec 61521182 587120fb
> 88f15dc9 5f431f58 d5a3e871 0a6500f5 607daf7f 8e4629fe f576379b ad9db799
> b4fa22a2 7fa20755 3ec97606 8814e434 dcf242c1 f1eb83eb 05ad6d73 316addb6
> 7e731c67 d5467aa5 56561e9b e5458d49 ed4d44d4 1c0defbd b33c1b79 122a9075
> a64fc133 e8240a1b 3a53f911 3f74654d ed0df5c1 20a2b17b 2ce928b9 a3273043
> 8b58180a bfaa4b1e 00000001 00000001 0000002c 01010001 00000024 01010000
> 800b0001 000c0004 00015180 80010005 80030001 80020002 80040002 02000000
> 36362e31 30312e36 352e3232 36
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hmac(hmac_sha1)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: HASH computed:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: c6cdfd6d 42d30a6e
> 50d20794 46eafd5e bf0eff64
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: add payload of len 17,
> next type 8
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: add payload of len 20,
> next type 0
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: begin encryption.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: encryption(3des)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: pad length = 3
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 08000015 02000000
> 36362e31 30312e36 352e3232 36000000 18c6cdfd 6d42d30a 6e50d207 9446eafd
> 5ebf0eff 64000003
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: encryption(3des)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: with key:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 3c7d8c73 b83442d7
> 51fd94a1 390e203c 5b4c5999 9aa7a8c9
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: encrypted payload by IV:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: c9ee51ad 29e5abc0
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: save IV for next:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 0b98b2ec 1b07a0b9
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: encrypted.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 76 bytes from
> 4.3.2.1[500] to 1.2.3.4[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: sockname 4.3.2.1[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: send packet from
> 4.3.2.1[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: send packet to 1.2.3.4[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 1 times of 76 bytes
> message will be sent to 1.2.3.4[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 05100201 00000000 0000004c 55c0f51c 3aa36120 a017b67a
> b10814f9 062fb3ef 6d8768fd 11d1b198 da3f44f1 6027b609 caa0121f 0b98b2ec
> 1b07a0b9
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: resend phase1 packet
> 2ce928b9a3273043:8b58180abfaa4b1e
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: ===
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 92 bytes message
> received from 1.2.3.4[500] to 4.3.2.1[500]
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 08100501 33fc2922 0000005c 565bdc0e 355d6531 81aa6252
> ccdfcefe 54f7f19a 807cabf0 c47f4291 e8c2b2df 5312e167 ffcc6fcb 1b2edde0
> c31a2d26 5aaee7cd 11b26bc2 6c428a7b f08763fd
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: receive Information.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: compute IV for phase2
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: phase1 last IV:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 0b98b2ec 1b07a0b9 33fc2922
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: hash(sha1)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: encryption(3des)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: phase2 IV computed:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 3f57b460 12cc4fad
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: begin decryption.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: encryption(3des)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: IV was saved for next
> processing:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 6c428a7b f08763fd
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: encryption(3des)
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: with key:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 3c7d8c73 b83442d7
> 51fd94a1 390e203c 5b4c5999 9aa7a8c9
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: decrypted payload by IV:
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 3f57b460 12cc4fad
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: decrypted payload, but
> not trimed.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: e82ce17c 4e0f2eea
> 986521c1 4feaf24b 99154d2e 9998cb67 7dde9b52 2e0e7e06 3db30518 65b3e87e
> fcc3caf1 9c6f3354 2c16c21d 0ca9e443 12b2db74 0433c011
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: padding len=17
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: skip to trim padding.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: decrypted.
> Mar 21 13:57:35 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 08100501 33fc2922 0000005c e82ce17c 4e0f2eea 986521c1
> 4feaf24b 99154d2e 9998cb67 7dde9b52 2e0e7e06 3db30518 65b3e87e fcc3caf1
> 9c6f3354 2c16c21d 0ca9e443 12b2db74 0433c011
> Mar 21 13:57:35 <daemon.info> fw racoon: ERROR: ignore information
> because ISAKMP-SA has not been established yet.
> Mar 21 13:57:39 <daemon.debug> fw racoon: DEBUG: ===
> Mar 21 13:57:39 <daemon.debug> fw racoon: DEBUG: 184 bytes message
> received from 1.2.3.4[500] to 4.3.2.1[500]
> Mar 21 13:57:39 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 04100200 00000000 000000b8 0a000084 61521182 587120fb
> 88f15dc9 5f431f58 d5a3e871 0a6500f5 607daf7f 8e4629fe f576379b ad9db799
> b4fa22a2 7fa20755 3ec97606 8814e434 dcf242c1 f1eb83eb 05ad6d73 316addb6
> 7e731c67 d5467aa5 56561e9b e5458d49 ed4d44d4 1c0defbd b33c1b79 122a9075
> a64fc133 e8240a1b 3a53f911 3f74654d ed0df5c1 20a2b17b 00000018 aa99fa0e
> a5766f01 bc6b0006 0fdefbd9 ccd2916c
> Mar 21 13:57:39 <daemon.debug> fw racoon: DEBUG: sockname 4.3.2.1[500]
> Mar 21 13:57:39 <daemon.debug> fw racoon: DEBUG: send packet from
> 4.3.2.1[500]
> Mar 21 13:57:39 <daemon.debug> fw racoon: DEBUG: send packet to 1.2.3.4[500]
> Mar 21 13:57:39 <daemon.debug> fw racoon: DEBUG: 1 times of 76 bytes
> message will be sent to 1.2.3.4[500]
> Mar 21 13:57:39 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 05100201 00000000 0000004c 55c0f51c 3aa36120 a017b67a
> b10814f9 062fb3ef 6d8768fd 11d1b198 da3f44f1 6027b609 caa0121f 0b98b2ec
> 1b07a0b9
> Mar 21 13:57:39 <daemon.info> fw racoon: NOTIFY: the packet is
> retransmitted by 1.2.3.4[500].
> Mar 21 13:57:43 <daemon.debug> fw racoon: DEBUG: ===
> Mar 21 13:57:43 <daemon.debug> fw racoon: DEBUG: 184 bytes message
> received from 1.2.3.4[500] to 4.3.2.1[500]
> Mar 21 13:57:43 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 04100200 00000000 000000b8 0a000084 61521182 587120fb
> 88f15dc9 5f431f58 d5a3e871 0a6500f5 607daf7f 8e4629fe f576379b ad9db799
> b4fa22a2 7fa20755 3ec97606 8814e434 dcf242c1 f1eb83eb 05ad6d73 316addb6
> 7e731c67 d5467aa5 56561e9b e5458d49 ed4d44d4 1c0defbd b33c1b79 122a9075
> a64fc133 e8240a1b 3a53f911 3f74654d ed0df5c1 20a2b17b 00000018 aa99fa0e
> a5766f01 bc6b0006 0fdefbd9 ccd2916c
> Mar 21 13:57:43 <daemon.debug> fw racoon: DEBUG: sockname 4.3.2.1[500]
> Mar 21 13:57:43 <daemon.debug> fw racoon: DEBUG: send packet from
> 4.3.2.1[500]
> Mar 21 13:57:43 <daemon.debug> fw racoon: DEBUG: send packet to 1.2.3.4[500]
> Mar 21 13:57:43 <daemon.debug> fw racoon: DEBUG: 1 times of 76 bytes
> message will be sent to 1.2.3.4[500]
> Mar 21 13:57:43 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 05100201 00000000 0000004c 55c0f51c 3aa36120 a017b67a
> b10814f9 062fb3ef 6d8768fd 11d1b198 da3f44f1 6027b609 caa0121f 0b98b2ec
> 1b07a0b9
> Mar 21 13:57:43 <daemon.info> fw racoon: NOTIFY: the packet is
> retransmitted by 1.2.3.4[500].
> Mar 21 13:57:44 <daemon.debug> fw racoon: DEBUG: get pfkey ACQUIRE message
> Mar 21 13:57:44 <daemon.debug> fw racoon: DEBUG: ignore the acquire
> because ph2 found
> Mar 21 13:57:47 <daemon.debug> fw racoon: DEBUG: ===
> Mar 21 13:57:47 <daemon.debug> fw racoon: DEBUG: 184 bytes message
> received from 1.2.3.4[500] to 4.3.2.1[500]
> Mar 21 13:57:47 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 04100200 00000000 000000b8 0a000084 61521182 587120fb
> 88f15dc9 5f431f58 d5a3e871 0a6500f5 607daf7f 8e4629fe f576379b ad9db799
> b4fa22a2 7fa20755 3ec97606 8814e434 dcf242c1 f1eb83eb 05ad6d73 316addb6
> 7e731c67 d5467aa5 56561e9b e5458d49 ed4d44d4 1c0defbd b33c1b79 122a9075
> a64fc133 e8240a1b 3a53f911 3f74654d ed0df5c1 20a2b17b 00000018 aa99fa0e
> a5766f01 bc6b0006 0fdefbd9 ccd2916c
> Mar 21 13:57:47 <daemon.debug> fw racoon: DEBUG: sockname 4.3.2.1[500]
> Mar 21 13:57:47 <daemon.debug> fw racoon: DEBUG: send packet from
> 4.3.2.1[500]
> Mar 21 13:57:47 <daemon.debug> fw racoon: DEBUG: send packet to 1.2.3.4[500]
> Mar 21 13:57:47 <daemon.debug> fw racoon: DEBUG: 1 times of 76 bytes
> message will be sent to 1.2.3.4[500]
> Mar 21 13:57:47 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 05100201 00000000 0000004c 55c0f51c 3aa36120 a017b67a
> b10814f9 062fb3ef 6d8768fd 11d1b198 da3f44f1 6027b609 caa0121f 0b98b2ec
> 1b07a0b9
> Mar 21 13:57:47 <daemon.info> fw racoon: NOTIFY: the packet is
> retransmitted by 1.2.3.4[500].
> Mar 21 13:57:51 <daemon.debug> fw racoon: DEBUG: ===
> Mar 21 13:57:51 <daemon.debug> fw racoon: DEBUG: 184 bytes message
> received from 1.2.3.4[500] to 4.3.2.1[500]
> Mar 21 13:57:51 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 04100200 00000000 000000b8 0a000084 61521182 587120fb
> 88f15dc9 5f431f58 d5a3e871 0a6500f5 607daf7f 8e4629fe f576379b ad9db799
> b4fa22a2 7fa20755 3ec97606 8814e434 dcf242c1 f1eb83eb 05ad6d73 316addb6
> 7e731c67 d5467aa5 56561e9b e5458d49 ed4d44d4 1c0defbd b33c1b79 122a9075
> a64fc133 e8240a1b 3a53f911 3f74654d ed0df5c1 20a2b17b 00000018 aa99fa0e
> a5766f01 bc6b0006 0fdefbd9 ccd2916c
> Mar 21 13:57:51 <daemon.debug> fw racoon: DEBUG: sockname 4.3.2.1[500]
> Mar 21 13:57:51 <daemon.debug> fw racoon: DEBUG: send packet from
> 4.3.2.1[500]
> Mar 21 13:57:51 <daemon.debug> fw racoon: DEBUG: send packet to 1.2.3.4[500]
> Mar 21 13:57:51 <daemon.debug> fw racoon: DEBUG: 1 times of 76 bytes
> message will be sent to 1.2.3.4[500]
> Mar 21 13:57:51 <daemon.debug> fw racoon: DEBUG: 2ce928b9 a3273043
> 8b58180a bfaa4b1e 05100201 00000000 0000004c 55c0f51c 3aa36120 a017b67a
> b10814f9 062fb3ef 6d8768fd 11d1b198 da3f44f1 6027b609 caa0121f 0b98b2ec
> 1b07a0b9
> Mar 21 13:57:51 <daemon.info> fw racoon: NOTIFY: the packet is
> retransmitted by 1.2.3.4[500].
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting language
> that extends applications into web and mobile media. Attend the live webcast
> and join the prime developer group breaking into this new coding territory!
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Ipsec-tools-devel mailing list
> Ips...@li...
> https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel
>
>
|
