[Openswan Users]
WinXP SP2: incomplete ISAKMP SA but certs are imported properly
Dennis Leist
dl at byteeffect.de
Tue Nov 23 21:46:09 CET 2004
Hi folks,
I hope, somebody may help.
Client: Win XP SP2 all known bugfixes installed.
Server: openswan 2.1.4
Perfectly running with serveral winxp and w2k clients. Therfore I blame
the client making troubles.
I have attached the oakley.log:
THX for any hints
Greets
11-23: 17:29:13:327:558 Initialization OK
11-23: 17:36:45:888:400 QM PolicyName: L2TP Require Encryption Quick
Mode Policy dwFlags 0
11-23: 17:36:45:908:400 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:45:918:400 QMOffer[0] dwFlags 0 dwPFSGroup 0
11-23: 17:36:45:948:400 Algo[0] Operation: ESP Algo: Dreifach-DES CBC
HMAC: MD5
11-23: 17:36:45:958:400 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:45:958:400 QMOffer[1] dwFlags 0 dwPFSGroup 0
11-23: 17:36:45:958:400 Algo[0] Operation: ESP Algo: Dreifach-DES CBC
HMAC: SHA
11-23: 17:36:45:958:400 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:45:958:400 QMOffer[2] dwFlags 0 dwPFSGroup 0
11-23: 17:36:45:958:400 Algo[0] Operation: AH Algo: SHA
11-23: 17:36:45:968:400 Algo[1] Operation: ESP Algo: Dreifach-DES CBC
HMAC: 0
11-23: 17:36:45:968:400 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:45:968:400 QMOffer[3] dwFlags 0 dwPFSGroup 0
11-23: 17:36:45:968:400 Algo[0] Operation: AH Algo: MD5
11-23: 17:36:45:978:400 Algo[1] Operation: ESP Algo: Dreifach-DES CBC
HMAC: 0
11-23: 17:36:45:978:400 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:45:978:400 QMOffer[4] dwFlags 0 dwPFSGroup 0
11-23: 17:36:45:978:400 Algo[0] Operation: AH Algo: SHA
11-23: 17:36:45:978:400 Algo[1] Operation: ESP Algo: Dreifach-DES CBC
HMAC: SHA
11-23: 17:36:45:978:400 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:45:978:400 QMOffer[5] dwFlags 0 dwPFSGroup 0
11-23: 17:36:45:978:400 Algo[0] Operation: AH Algo: MD5
11-23: 17:36:45:988:400 Algo[1] Operation: ESP Algo: Dreifach-DES CBC
HMAC: MD5
11-23: 17:36:45:988:400 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:45:988:400 QMOffer[6] dwFlags 0 dwPFSGroup 0
11-23: 17:36:45:988:400 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
11-23: 17:36:45:998:400 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:45:998:400 QMOffer[7] dwFlags 0 dwPFSGroup 0
11-23: 17:36:45:998:400 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
11-23: 17:36:45:998:400 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:45:998:400 QMOffer[8] dwFlags 0 dwPFSGroup 0
11-23: 17:36:45:998:400 Algo[0] Operation: AH Algo: SHA
11-23: 17:36:46:8:400 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
11-23: 17:36:46:8:400 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:8:400 QMOffer[9] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:8:400 Algo[0] Operation: AH Algo: MD5
11-23: 17:36:46:8:400 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
11-23: 17:36:46:8:400 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:8:400 QMOffer[10] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:18:400 Algo[0] Operation: AH Algo: SHA
11-23: 17:36:46:18:400 Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
11-23: 17:36:46:18:400 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:18:400 QMOffer[11] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:28:400 Algo[0] Operation: AH Algo: MD5
11-23: 17:36:46:28:400 Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
11-23: 17:36:46:49:400 Internal Acquire: op=00000001
src=192.168.131.65.1701 dst=10.10.10.1.1701 proto = 17,
SrcMask=255.255.255.255, DstMask=255.255.255.255, Tunnel 0,
TunnelEndpt=0.0.0.0 Inbound TunnelEndpt=0.0.0.0, InitiateEvent=000006FC,
IKE SrcPort=500 IKE DstPort=500
11-23: 17:36:46:79:238 Filter to match: Src 10.10.10.1 Dst 192.168.131.65
11-23: 17:36:46:99:238 MM PolicyName: L2TP Main Mode Policy
11-23: 17:36:46:109:238 MMPolicy dwFlags 8 SoftSAExpireTime 28800
11-23: 17:36:46:109:238 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup
268435457
11-23: 17:36:46:109:238 MMOffer[0] Encrypt: Dreifach-DES CBC Hash: SHA
11-23: 17:36:46:109:238 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
11-23: 17:36:46:109:238 MMOffer[1] Encrypt: Dreifach-DES CBC Hash: SHA
11-23: 17:36:46:119:238 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 2
11-23: 17:36:46:119:238 MMOffer[2] Encrypt: Dreifach-DES CBC Hash: MD5
11-23: 17:36:46:119:238 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
11-23: 17:36:46:119:238 MMOffer[3] Encrypt: DES CBC Hash: SHA
11-23: 17:36:46:119:238 MMOffer[4] LifetimeSec 28800 QMLimit 0 DHGroup 1
11-23: 17:36:46:119:238 MMOffer[4] Encrypt: DES CBC Hash: MD5
11-23: 17:36:46:229:238 Auth[0]:RSA Sig C=DE, S=MyCity, L=MyCity,
O=MyCompany, OU=Administration, CN=BOFH, E=admin at mycom.com AuthFlags 0
11-23: 17:36:46:239:238 QM PolicyName: L2TP Require Encryption Quick
Mode Policy dwFlags 0
11-23: 17:36:46:249:238 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:249:238 QMOffer[0] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:249:238 Algo[0] Operation: ESP Algo: Dreifach-DES CBC
HMAC: MD5
11-23: 17:36:46:249:238 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:249:238 QMOffer[1] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:249:238 Algo[0] Operation: ESP Algo: Dreifach-DES CBC
HMAC: SHA
11-23: 17:36:46:249:238 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:249:238 QMOffer[2] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:249:238 Algo[0] Operation: AH Algo: SHA
11-23: 17:36:46:259:238 Algo[1] Operation: ESP Algo: Dreifach-DES CBC
HMAC: 0
11-23: 17:36:46:259:238 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:259:238 QMOffer[3] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:259:238 Algo[0] Operation: AH Algo: MD5
11-23: 17:36:46:259:238 Algo[1] Operation: ESP Algo: Dreifach-DES CBC
HMAC: 0
11-23: 17:36:46:259:238 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:259:238 QMOffer[4] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:259:238 Algo[0] Operation: AH Algo: SHA
11-23: 17:36:46:259:238 Algo[1] Operation: ESP Algo: Dreifach-DES CBC
HMAC: SHA
11-23: 17:36:46:259:238 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:259:238 QMOffer[5] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:259:238 Algo[0] Operation: AH Algo: MD5
11-23: 17:36:46:259:238 Algo[1] Operation: ESP Algo: Dreifach-DES CBC
HMAC: MD5
11-23: 17:36:46:259:238 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:259:238 QMOffer[6] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:259:238 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
11-23: 17:36:46:259:238 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:259:238 QMOffer[7] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:259:238 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
11-23: 17:36:46:259:238 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:259:238 QMOffer[8] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:259:238 Algo[0] Operation: AH Algo: SHA
11-23: 17:36:46:259:238 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
11-23: 17:36:46:269:238 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:269:238 QMOffer[9] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:269:238 Algo[0] Operation: AH Algo: MD5
11-23: 17:36:46:269:238 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
11-23: 17:36:46:269:238 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:269:238 QMOffer[10] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:269:238 Algo[0] Operation: AH Algo: SHA
11-23: 17:36:46:269:238 Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
11-23: 17:36:46:269:238 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
11-23: 17:36:46:269:238 QMOffer[11] dwFlags 0 dwPFSGroup 0
11-23: 17:36:46:269:238 Algo[0] Operation: AH Algo: MD5
11-23: 17:36:46:269:238 Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
11-23: 17:36:46:269:238 Starting Negotiation: src = 192.168.131.65.0500,
dst = 10.10.10.1.0500, proto = 17, context = 00000000, ProxySrc =
192.168.131.65.1701, ProxyDst = 10.10.10.1.1701 SrcMask = 0.0.0.0
DstMask = 0.0.0.0
11-23: 17:36:46:269:238 constructing ISAKMP Header
11-23: 17:36:46:269:238 constructing SA (ISAKMP)
11-23: 17:36:46:279:238 Constructing Vendor MS NT5 ISAKMPOAKLEY
11-23: 17:36:46:309:238 Constructing Vendor FRAGMENTATION
11-23: 17:36:46:309:238 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
11-23: 17:36:46:309:238 Constructing Vendor Vid-Initial-Contact
11-23: 17:36:46:309:238
11-23: 17:36:46:309:238 Sending: SA = 0x000DF8C8 to 10.10.10.1:Type 2.500
11-23: 17:36:46:329:238 ISAKMP Header: (V1.0), len = 312
11-23: 17:36:46:329:238 I-COOKIE ca3f0eb9a4c79904
11-23: 17:36:46:329:238 R-COOKIE 0000000000000000
11-23: 17:36:46:329:238 exchange: Oakley Main Mode
11-23: 17:36:46:329:238 flags: 0
11-23: 17:36:46:329:238 next payload: SA
11-23: 17:36:46:329:238 message ID: 00000000
11-23: 17:36:46:329:238 Ports S:f401 D:f401
11-23: 17:36:46:359:238 Activating InitiateEvent 000006FC
11-23: 17:36:46:379:238
11-23: 17:36:46:379:238 Receive: (get) SA = 0x000df8c8 from 10.10.10.1.500
11-23: 17:36:46:379:238 ISAKMP Header: (V1.0), len = 104
11-23: 17:36:46:379:238 I-COOKIE ca3f0eb9a4c79904
11-23: 17:36:46:379:238 R-COOKIE b3ae72f9d8850a44
11-23: 17:36:46:379:238 exchange: Oakley Main Mode
11-23: 17:36:46:379:238 flags: 0
11-23: 17:36:46:379:238 next payload: SA
11-23: 17:36:46:379:238 message ID: 00000000
11-23: 17:36:46:379:238 processing payload SA
11-23: 17:36:46:379:238 Received Phase 1 Transform 2
11-23: 17:36:46:389:238 Encryption Alg Dreifach-DES CBC(5)
11-23: 17:36:46:389:238 Hash Alg SHA(2)
11-23: 17:36:46:389:238 Oakley Group 2
11-23: 17:36:46:389:238 Auth Method RSA-Signatur mit Zertifikaten(3)
11-23: 17:36:46:389:238 Life type in Seconds
11-23: 17:36:46:389:238 Life duration of 28800
11-23: 17:36:46:389:238 Phase 1 SA accepted: transform=1
11-23: 17:36:46:389:238 SA - Oakley proposal accepted
11-23: 17:36:46:389:238 processing payload VENDOR ID
11-23: 17:36:46:399:238 Received VendorId draft-ietf-ipsec-nat-t-ike-02
11-23: 17:36:46:399:238 ClearFragList
11-23: 17:36:46:399:238 constructing ISAKMP Header
11-23: 17:36:46:629:238 constructing KE
11-23: 17:36:46:629:238 constructing NONCE (ISAKMP)
11-23: 17:36:46:629:238 Constructing NatDisc
11-23: 17:36:46:649:238
11-23: 17:36:46:649:238 Sending: SA = 0x000DF8C8 to 10.10.10.1:Type 2.500
11-23: 17:36:46:649:238 ISAKMP Header: (V1.0), len = 232
11-23: 17:36:46:649:238 I-COOKIE ca3f0eb9a4c79904
11-23: 17:36:46:649:238 R-COOKIE b3ae72f9d8850a44
11-23: 17:36:46:649:238 exchange: Oakley Main Mode
11-23: 17:36:46:649:238 flags: 0
11-23: 17:36:46:649:238 next payload: KE
11-23: 17:36:46:649:238 message ID: 00000000
11-23: 17:36:46:649:238 Ports S:f401 D:f401
11-23: 17:36:46:699:238
11-23: 17:36:46:699:238 Receive: (get) SA = 0x000df8c8 from 10.10.10.1.500
11-23: 17:36:46:699:238 ISAKMP Header: (V1.0), len = 400
11-23: 17:36:46:699:238 I-COOKIE ca3f0eb9a4c79904
11-23: 17:36:46:699:238 R-COOKIE b3ae72f9d8850a44
11-23: 17:36:46:699:238 exchange: Oakley Main Mode
11-23: 17:36:46:699:238 flags: 0
11-23: 17:36:46:699:238 next payload: KE
11-23: 17:36:46:699:238 message ID: 00000000
11-23: 17:36:46:699:238 processing payload KE
11-23: 17:36:46:780:238 processing payload NONCE
11-23: 17:36:46:780:238 processing payload CRP
11-23: 17:36:46:790:238 C=DE, S=MyCity, L=MyCity, O=MyCompany,
OU=Administration, CN=BOFH, E=admin at mycom.com
11-23: 17:36:46:790:238 processing payload NATDISC
11-23: 17:36:46:790:238 Processing NatHash
11-23: 17:36:46:790:238 Nat hash 5ec2abedbd97e2bd5f040565af3787c4
11-23: 17:36:46:790:238 82aafb6a
11-23: 17:36:46:790:238 SA StateMask2 1e
11-23: 17:36:46:790:238 processing payload NATDISC
11-23: 17:36:46:790:238 Processing NatHash
11-23: 17:36:46:790:238 Nat hash ff19573e80b70b36b23c9a94115753ec
11-23: 17:36:46:790:238 cf84718d
11-23: 17:36:46:790:238 SA StateMask2 9e
11-23: 17:36:46:790:238 ClearFragList
11-23: 17:36:46:800:238 Floated Ports Orig Me:f401 Peer:f401
11-23: 17:36:46:800:238 Floated Ports Me:9411 Peer:9411
11-23: 17:36:46:800:238 constructing ISAKMP Header
11-23: 17:36:46:800:238 constructing ID
11-23: 17:36:46:810:238 Looking for IPSec only cert
11-23: 17:36:47:160:238 Cert Trustes. 0 100
11-23: 17:36:47:170:238 Cert SHA Thumbprint fab0a44927c0d105b8cb6b76a4f4012d
11-23: 17:36:47:170:238 18be7eba
11-23: 17:36:47:170:238 CertFindExtenstion failed with 0
11-23: 17:36:47:410:238 Cert SHA Thumbprint fab0a44927c0d105b8cb6b76a4f4012d
11-23: 17:36:47:410:238 18be7eba
11-23: 17:36:47:410:238 SubjectName: C=DE, S=MyCity, L=MC, O=MyCompany,
OU=VPN mobil, CN=ExternalWorker, E=ExternalWorker at mycom.com
11-23: 17:36:47:410:238 Cert Serialnumber 05
11-23: 17:36:47:420:238 Cert SHA Thumbprint fab0a44927c0d105b8cb6b76a4f4012d
11-23: 17:36:47:420:238 18be7eba
11-23: 17:36:47:420:238 SubjectName: C=DE, S=MyCity, L=MyCity,
O=MyCompany, OU=Administration, CN=BOFH, E=admin at mycom.com
11-23: 17:36:47:420:238 Cert Serialnumber 00
11-23: 17:36:47:420:238 Cert SHA Thumbprint bb515c9d63a15fdc1c33861659ec50ef
11-23: 17:36:47:420:238 2e58d95a
11-23: 17:36:47:420:238 Not storing My cert chain in SA.
11-23: 17:36:47:420:238 MM ID Type 9
11-23: 17:36:47:420:238 MM ID 3081ae310b3009060355040613024445
11-23: 17:36:47:420:238 3110300e0603550408130748616d6275
11-23: 17:36:47:420:238 7267310b300906035504071302484831
11-23: 17:36:47:420:238 1c301a060355040a13134d5047204d75
11-23: 17:36:47:420:238 73696320506f6f6c20476d6248311230
11-23: 17:36:47:420:238 10060355040b130956504e206d6f6269
11-23: 17:36:47:420:238 6c311f301d060355040313164f6c6976
11-23: 17:36:47:420:238 65722057696e64707265636874696e67
11-23: 17:36:47:420:238 6572312d302b06092a864886f70d0109
11-23: 17:36:47:420:238 01161e77696e64707265636874696e67
11-23: 17:36:47:420:238 6572406d757369632d706f6f6c2e636f
11-23: 17:36:47:420:238 6d
11-23: 17:36:47:420:238 constructing CERT
11-23: 17:36:47:420:238 Construct SIG
11-23: 17:36:47:531:238 Constructing Cert Request
11-23: 17:36:47:531:238 C=DE, S=MyCity, L=MyCity, O=MyCompany,
OU=Administration, CN=BOFH, E=admin at mycom.com
11-23: 17:36:47:551:238
11-23: 17:36:47:551:238 Sending: SA = 0x000DF8C8 to 10.10.10.1:Type 2.4500
11-23: 17:36:47:551:238 ISAKMP Header: (V1.0), len = 1548
11-23: 17:36:47:551:238 I-COOKIE ca3f0eb9a4c79904
11-23: 17:36:47:551:238 R-COOKIE b3ae72f9d8850a44
11-23: 17:36:47:551:238 exchange: Oakley Main Mode
11-23: 17:36:47:551:238 flags: 1 ( encrypted )
11-23: 17:36:47:551:238 next payload: ID
11-23: 17:36:47:551:238 message ID: 00000000
11-23: 17:36:47:551:238 Ports S:9411 D:9411
11-23: 17:36:47:571:5b0 retransmit: sa = 000DF8C8 centry 00000000 ,
count = 1
11-23: 17:36:47:571:5b0
11-23: 17:36:47:571:5b0 Sending: SA = 0x000DF8C8 to 10.10.10.1:Type 2.4500
11-23: 17:36:47:571:5b0 ISAKMP Header: (V1.0), len = 1548
11-23: 17:36:47:571:5b0 I-COOKIE ca3f0eb9a4c79904
11-23: 17:36:47:571:5b0 R-COOKIE b3ae72f9d8850a44
11-23: 17:36:47:571:5b0 exchange: Oakley Main Mode
11-23: 17:36:47:571:5b0 flags: 1 ( encrypted )
11-23: 17:36:47:581:5b0 next payload: ID
11-23: 17:36:47:581:5b0 message ID: 00000000
11-23: 17:36:47:581:5b0 Ports S:9411 D:9411
11-23: 17:36:49:514:5b0 retransmit: sa = 000DF8C8 centry 00000000 ,
count = 2
11-23: 17:36:49:534:5b0
11-23: 17:36:49:534:5b0 Sending: SA = 0x000DF8C8 to 10.10.10.1:Type 2.4500
11-23: 17:36:49:534:5b0 ISAKMP Header: (V1.0), len = 1548
11-23: 17:36:49:534:5b0 I-COOKIE ca3f0eb9a4c79904
11-23: 17:36:49:534:5b0 R-COOKIE b3ae72f9d8850a44
11-23: 17:36:49:534:5b0 exchange: Oakley Main Mode
11-23: 17:36:49:534:5b0 flags: 1 ( encrypted )
11-23: 17:36:49:534:5b0 next payload: ID
11-23: 17:36:49:534:5b0 message ID: 00000000
11-23: 17:36:49:534:5b0 Ports S:9411 D:9411
11-23: 17:36:53:519:5b0 retransmit: sa = 000DF8C8 centry 00000000 ,
count = 3
11-23: 17:36:53:529:5b0
11-23: 17:36:53:529:5b0 Sending: SA = 0x000DF8C8 to 10.10.10.1:Type 2.4500
11-23: 17:36:53:529:5b0 ISAKMP Header: (V1.0), len = 1548
11-23: 17:36:53:529:5b0 I-COOKIE ca3f0eb9a4c79904
11-23: 17:36:53:529:5b0 R-COOKIE b3ae72f9d8850a44
11-23: 17:36:53:529:5b0 exchange: Oakley Main Mode
11-23: 17:36:53:529:5b0 flags: 1 ( encrypted )
11-23: 17:36:53:529:5b0 next payload: ID
11-23: 17:36:53:529:5b0 message ID: 00000000
11-23: 17:36:53:529:5b0 Ports S:9411 D:9411
11-23: 17:36:56:464:238
11-23: 17:36:56:464:238 Receive: (get) SA = 0x000df8c8 from 10.10.10.1.500
11-23: 17:36:56:524:238 ISAKMP Header: (V1.0), len = 400
11-23: 17:36:56:524:238 I-COOKIE ca3f0eb9a4c79904
11-23: 17:36:56:524:238 R-COOKIE b3ae72f9d8850a44
11-23: 17:36:56:524:238 exchange: Oakley Main Mode
11-23: 17:36:56:524:238 flags: 0
11-23: 17:36:56:524:238 next payload: KE
11-23: 17:36:56:524:238 message ID: 00000000
11-23: 17:36:56:524:238 received an unencrypted packet when crypto active
11-23: 17:36:56:524:238 GetPacket failed 35ec
11-23: 17:37:01:551:5b0 retransmit: sa = 000DF8C8 centry 00000000 ,
count = 4
11-23: 17:37:01:551:5b0
11-23: 17:37:01:551:5b0 Sending: SA = 0x000DF8C8 to 10.10.10.1:Type 2.4500
11-23: 17:37:01:551:5b0 ISAKMP Header: (V1.0), len = 1548
11-23: 17:37:01:551:5b0 I-COOKIE ca3f0eb9a4c79904
11-23: 17:37:01:551:5b0 R-COOKIE b3ae72f9d8850a44
11-23: 17:37:01:551:5b0 exchange: Oakley Main Mode
11-23: 17:37:01:551:5b0 flags: 1 ( encrypted )
11-23: 17:37:01:551:5b0 next payload: ID
11-23: 17:37:01:551:5b0 message ID: 00000000
11-23: 17:37:01:551:5b0 Ports S:9411 D:9411
11-23: 17:37:16:332:238
11-23: 17:37:16:342:238 Receive: (get) SA = 0x000df8c8 from 10.10.10.1.500
11-23: 17:37:16:342:238 ISAKMP Header: (V1.0), len = 400
11-23: 17:37:16:342:238 I-COOKIE ca3f0eb9a4c79904
11-23: 17:37:16:342:238 R-COOKIE b3ae72f9d8850a44
11-23: 17:37:16:342:238 exchange: Oakley Main Mode
11-23: 17:37:16:342:238 flags: 0
11-23: 17:37:16:342:238 next payload: KE
11-23: 17:37:16:342:238 message ID: 00000000
11-23: 17:37:16:342:238 received an unencrypted packet when crypto active
11-23: 17:37:16:342:238 GetPacket failed 35ec
11-23: 17:37:17:574:5b0 retransmit: sa = 000DF8C8 centry 00000000 ,
count = 5
11-23: 17:37:17:574:5b0
11-23: 17:37:17:574:5b0 Sending: SA = 0x000DF8C8 to 10.10.10.1:Type 2.4500
11-23: 17:37:17:574:5b0 ISAKMP Header: (V1.0), len = 1548
11-23: 17:37:17:574:5b0 I-COOKIE ca3f0eb9a4c79904
11-23: 17:37:17:574:5b0 R-COOKIE b3ae72f9d8850a44
11-23: 17:37:17:574:5b0 exchange: Oakley Main Mode
11-23: 17:37:17:574:5b0 flags: 1 ( encrypted )
11-23: 17:37:17:574:5b0 next payload: ID
11-23: 17:37:17:574:5b0 message ID: 00000000
11-23: 17:37:17:574:5b0 Ports S:9411 D:9411
11-23: 17:37:49:650:5b0 retransmit exhausted: sa = 000DF8C8 centry
00000000, count = 6
11-23: 17:37:49:650:5b0 SA Dead. sa:000DF8C8 status:35ed
11-23: 17:37:49:650:5b0 isadb_set_status sa:000DF8C8 centry:00000000
status 35ed
11-23: 17:37:49:720:5b0 Schlüsselaustauschmodus (Hauptmodus)
11-23: 17:37:49:720:5b0 Quell-IP-Adresse 192.168.131.65
Quell-IP-Adressmaske 255.255.255.255 Ziel-IP-Adresse 10.10.10.1
Ziel-IP-Adressmaske 255.255.255.255 Protokoll 0 Quellport 0 Zielport
0 Lokale IKE-Adresse 192.168.131.65 Peer-IKE-Adresse 10.10.10.1
11-23: 17:37:49:720:5b0 Zertifikatsbasierte Identität.
Peerantragsteller Peer-SHA-Fingerabdruck
0000000000000000000000000000000000000000 Peer, der die
Zertifizierungsstelle ausstellt: Stammzertifizierungsstelle Eigener
Antragsteller C=DE, S=MyCity, L=MC, O=MyCompany, OU=VPN mobil,
CN=ExternalWorker, E=ExternalWorker at mycom.com Eigener SHA-Fingerabdruck
fab0a44927c0d105b8cb6b76a4f4012d18be7eba Peer-IP-Adresse: 10.10.10.1
11-23: 17:37:49:720:5b0 Benutzer
11-23: 17:37:49:720:5b0 Verhandlung hat Zeitlimit überschritten.
11-23: 17:37:49:720:5b0 0x0 0x0
11-23: 17:37:49:720:5b0 isadb_set_status InitiateEvent 000006FC: Setting
Status 35ed
11-23: 17:37:49:730:5b0 Clearing sa 000DF8C8 InitiateEvent 000006FC
11-23: 17:37:49:730:5b0 constructing ISAKMP Header
11-23: 17:37:49:730:5b0 constructing HASH (null)
11-23: 17:37:49:730:5b0 constructing DELETE. MM 000DF8C8
11-23: 17:37:49:730:5b0 constructing HASH (Notify/Delete)
11-23: 17:37:49:750:400 CloseNegHandle 000006FC
11-23: 17:37:49:750:400 SE cookie ca3f0eb9a4c79904
11-23: 17:37:49:760:5b0
11-23: 17:37:49:760:5b0 Sending: SA = 0x000DF8C8 to 10.10.10.1:Type 1.4500
11-23: 17:37:49:760:5b0 ISAKMP Header: (V1.0), len = 84
11-23: 17:37:49:760:5b0 I-COOKIE ca3f0eb9a4c79904
11-23: 17:37:49:760:5b0 R-COOKIE b3ae72f9d8850a44
11-23: 17:37:49:760:5b0 exchange: ISAKMP Informational Exchange
11-23: 17:37:49:760:5b0 flags: 1 ( encrypted )
11-23: 17:37:49:760:5b0 next payload: HASH
11-23: 17:37:49:760:5b0 message ID: cc070509
11-23: 17:37:49:760:5b0 Ports S:9411 D:9411
11-23: 17:37:50:121:400 isadb_schedule_kill_oldPolicy_sas:
d1c40da0-1215-4974-a98ba29ab5e6eeda 4
11-23: 17:37:50:131:238 entered kill_old_policy_sas 4
11-23: 17:37:50:151:290 isadb_schedule_kill_oldPolicy_sas:
09a21b99-4ce3-4c1c-8b03ba7f2b54878a 3
11-23: 17:37:50:161:268 isadb_schedule_kill_oldPolicy_sas:
6a656a5f-d64d-480a-b537eb3b54041ff7 2
11-23: 17:37:50:171:238 entered kill_old_policy_sas 3
11-23: 17:37:50:171:238 entered kill_old_policy_sas 2
11-23: 17:37:50:201:400 isadb_schedule_kill_oldPolicy_sas:
0566227c-8ed5-478f-87610e3035a726eb 1
11-23: 17:37:50:211:3b4 entered kill_old_policy_sas 1
11-23: 17:38:07:125:3b4 ClearFragList
Nov 23 17:35:53 kolab pluto[20677]: packet from 192.168.0.41:29481:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Nov 23 17:35:53 kolab pluto[20677]: packet from 192.168.0.41:29481:
ignoring Vendor ID payload [FRAGMENTATION]
Nov 23 17:35:53 kolab pluto[20677]: packet from 192.168.0.41:29481:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_
n]
Nov 23 17:35:53 kolab pluto[20677]: packet from 192.168.0.41:29481:
ignoring Vendor ID payload [26244d38eddb61b3...]
Nov 23 17:35:53 kolab pluto[20677]: "ExternalWorker"[14]
192.168.0.41:29481 #16: responding to Main Mode from unknown peer
192.168.0.4
1:29481
Nov 23 17:35:53 kolab pluto[20677]: "ExternalWorker"[14]
192.168.0.41:29481 #16: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536
supported. Attribute OAKLEY_GROUP_DESCRIPTION
Nov 23 17:35:53 kolab pluto[20677]: "ExternalWorker"[14]
192.168.0.41:29481 #16: transition from state (null) to state STATE_MAIN_R1
Nov 23 17:35:53 kolab pluto[20677]: "ExternalWorker"[14]
192.168.0.41:29481 #16: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ik
e-02/03: peer is NATed
Nov 23 17:35:53 kolab pluto[20677]: "ExternalWorker"[14]
192.168.0.41:29481 #16: transition from state STATE_MAIN_R1 to state
STATE_MA
IN_R2
Nov 23 17:36:57 kolab pluto[20677]: "ExternalWorker"[14]
192.168.0.41:29481 #16: encrypted Informational Exchange message is
invalid b
ecause it is for incomplete ISAKMP SA
Nov 23 17:37:03 kolab pluto[20677]: "ExternalWorker"[14]
192.168.0.41:29481 #16: max number of retransmissions (2) reached
STATE_MAIN_
R2
Nov 23 17:37:03 kolab pluto[20677]: "ExternalWorker"[14]
192.168.0.41:29481: deleting connection "ExternalWorker" instance with
peer 192.168.0
.41 {isakmp=#0/ipsec=#0}
More information about the Users
mailing list