<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:#606420;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=DE link=blue vlink="#606420">
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hello,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>we try to establish 2 concurrent connections from windows clients
behind a nat to our vpn-server.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>All goes well… the tunnel gets established, some l2tp
packets are arriving over the tunnel and the l2tpd answers.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>But the answer from the l2tpd goes unencryted over the network
interface and NOT over the ipsec0 interface.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>What are we do wrong?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks for your help…<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Daniel Ritter<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>OS: Centos 5.1 with kernel 2.6.18 (self compiled, including
NAT-T patch)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Openswan 2.5.17<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>[root@BG00-VPN03 src]# ipsec verify<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Checking your system to see if IPsec got installed and
started correctly:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Version check and ipsec
on-path [OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Linux Openswan 2.5.17 (klips)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Checking for IPsec support in
kernel [OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>KLIPS detected, checking for NAT Traversal
support [OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Checking for RSA private key
(/etc/ipsec.secrets) [OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Checking that pluto is running [OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Two or more interfaces found, checking IP
forwarding [OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Checking NAT and MASQUERADEing<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Checking tun0x1001@213.144.XXX.XXX from 10.10.0.48/29 to
172.27.65.57/32Checking for 'ip'
command [OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Checking for 'iptables'
command [OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Opportunistic Encryption DNS checks:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> Looking for TXT in forward dns zone:
BG00-VPN03 [MISSING]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> Does the machine have at least one non-private
address? [OK]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> Looking for TXT in reverse dns zone: XXX.XXX.159.193.in-addr.arpa.
[MISSING]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>***********************************************************<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>This is our ipsec.conf:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>***********************************************************<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># /etc/ipsec.conf - Openswan IPsec configuration file<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># Manual: ipsec.conf.5<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>#<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># Please place your own config files in /etc/ipsec.d/ ending
in .conf<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>version 2.0 # conforms to second version of ipsec.conf
specification<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'># basic configuration<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>config setup<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> interfaces="ipsec0=eth1"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> nat_traversal=yes<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!10.40.0.0/24<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> OE=off<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> protostack=klips<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>conn client-xp<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> left= 193.159.XXX.YYY<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> leftprotoport= 17/1701<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> right= %any<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> rightsubnet= vhost:%no,%priv<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> rightprotoport= 17/1701<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> pfs= no<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> auto= route<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> authby= secret<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> type= transport<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>***********************************************************<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Connection log<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>***********************************************************<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]: packet from 84.142.YYY.ZZZ:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]: packet from 84.142.YYY.ZZZ:500:
ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]: packet from 84.142.YYY.ZZZ:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]: packet from 84.142.YYY.ZZZ:500:
ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[1] 84.142.YYY.ZZZ #4: responding to Main Mode from
unknown peer 84.142.YYY.ZZZ<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[1] 84.142.YYY.ZZZ #4: transition from state STATE_MAIN_R0
to state STATE_MAIN_R1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[1] 84.142.YYY.ZZZ #4: STATE_MAIN_R1: sent MR1, expecting
MI2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[1] 84.142.YYY.ZZZ #4: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[1] 84.142.YYY.ZZZ #4: transition from state STATE_MAIN_R1
to state STATE_MAIN_R2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[1] 84.142.YYY.ZZZ #4: STATE_MAIN_R2: sent MR2, expecting
MI3<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[1] 84.142.YYY.ZZZ #4: Main mode peer ID is ID_FQDN:
'@wks-se-test01.BLOCK-Gruppe.de'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[1] 84.142.YYY.ZZZ #4: switched from "client-xp"
to "client-xp"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #4: deleting connection
"client-xp" instance with peer 84.142.YYY.ZZZ {isakmp=#0/ipsec=#0}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #4: transition from state STATE_MAIN_R2
to state STATE_MAIN_R3<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"servit-seeburger1" #1: new NAT mapping for #1, was 213.144.25.3:500,
now 84.142.YYY.ZZZ:4500<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #4: new NAT mapping for #4, was 84.142.YYY.ZZZ:500,
now 84.142.YYY.ZZZ:4500<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #4: STATE_MAIN_R3: sent MR3, ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_sha group=modp2048}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #4: peer client type is FQDN<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #4: Applying workaround for MS-818043
NAT-T bug<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #4: IDci was FQDN: \301\237\257\270,
using NAT_OA=192.168.1.219/32 as IDci<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #4: the peer proposed: 193.159.XXX.YYY/32:17/1701
-> 192.168.1.219/32:17/1701<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #5: responding to Quick Mode
{msgid:64249f6c}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #5: transition from state STATE_QUICK_R0
to state STATE_QUICK_R1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:09 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #5: STATE_QUICK_R1: sent QR1, inbound
IPsec SA installed, expecting QI2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:10 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #5: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>May 26 08:49:10 BG00-VPN03 pluto[4720]:
"client-xp"[2] 84.142.YYY.ZZZ #5: STATE_QUICK_R2: IPsec SA
established transport mode {ESP=>0x53711541 <0x78b20028
xfrm=3DES_0-HMAC_MD5 NATD=84.142.YYY.ZZZ:4500 DPD=none}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>***********************************************************<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>tcpdump of ipsec0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>***********************************************************<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>[root@BG00-VPN03 src]# tcpdump -nn -i ipsec0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>tcpdump: verbose output suppressed, use -v or -vv for full
protocol decode<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>listening on ipsec0, link-type EN10MB (Ethernet), capture
size 96 bytes<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:50:57.473608 IP 84.142.YYY.ZZZ.1701 > 193.159.XXX.YYY.1701:
l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S)
*BEARER_CAP() |...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:50:58.448842 IP 84.142.YYY.ZZZ.1701 > 193.159.XXX.YYY.1701:
l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S)
*BEARER_CAP() |...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:51:00.438896 IP 84.142.YYY.ZZZ.1701 > 193.159.XXX.YYY.1701:
l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S)
*BEARER_CAP() |...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>***********************************************************<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>tcpdump of eth1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>***********************************************************<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:25.250723 IP 84.142.YYY.ZZZ.500 > 193.159.XXX.YYY.500:
isakmp: phase 1 I ident<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:25.252348 IP 193.159.XXX.YYY.500 > 84.142.YYY.ZZZ.500:
isakmp: phase 1 R ident<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:25.669288 IP 84.142.YYY.ZZZ.500 > 193.159.XXX.YYY.500:
isakmp: phase 1 I ident<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:25.683199 IP 193.159.XXX.YYY.500 > 84.142.YYY.ZZZ.500:
isakmp: phase 1 R ident<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:25.847035 IP 84.142.YYY.ZZZ.4500 > 193.159.XXX.YYY.4500:
NONESP-encap: isakmp: phase 1 I ident[E]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:25.848270 IP 193.159.XXX.YYY.4500 > 84.142.YYY.ZZZ.4500:
NONESP-encap: isakmp: phase 1 R ident[E]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:25.930708 IP 84.142.YYY.ZZZ.4500 > 193.159.XXX.YYY.4500:
NONESP-encap: isakmp: phase 2/others I oakley-quick[E]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:25.933527 IP 193.159.XXX.YYY.4500 > 84.142.YYY.ZZZ.4500:
NONESP-encap: isakmp: phase 2/others R oakley-quick[E]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:25.995459 IP 84.142.YYY.ZZZ.4500 > 193.159.XXX.YYY.4500:
NONESP-encap: isakmp: phase 2/others I oakley-quick[E]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:26.009172 IP 84.142.YYY.ZZZ.4500 > 193.159.XXX.YYY.4500:
UDP-encap: ESP(spi=0x78b2002a,seq=0x1), length 164<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:26.019773 IP 193.159.XXX.YYY.1701 > 84.142.YYY.ZZZ.1701:
l2tp:[TLS](27/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:26.088270 IP 84.142.YYY.ZZZ > 193.159.XXX.YYY: ICMP
84.142.YYY.ZZZ udp port 1701 unreachable, length 135<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:27.000766 IP 84.142.YYY.ZZZ.4500 > 193.159.XXX.YYY.4500:
UDP-encap: ESP(spi=0x78b2002a,seq=0x2), length 164<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:27.003163 IP 193.159.XXX.YYY.1701 > 84.142.YYY.ZZZ.1701:
l2tp:[TLS](27/0)Ns=0,Nr=1 ZLB<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:27.039011 IP 193.159.XXX.YYY.1701 > 84.142.YYY.ZZZ.1701:
l2tp:[TLS](27/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:27.098226 IP 84.142.YYY.ZZZ > 193.159.XXX.YYY: ICMP
84.142.YYY.ZZZ udp port 1701 unreachable, length 48<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:27.215606 IP 84.142.YYY.ZZZ > 193.159.XXX.YYY: ICMP
84.142.YYY.ZZZ udp port 1701 unreachable, length 135<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:28.050686 IP 193.159.XXX.YYY.1701 > 84.142.YYY.ZZZ.1701:
l2tp:[TLS](27/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:28.154976 IP 84.142.YYY.ZZZ > 193.159.XXX.YYY: ICMP
84.142.YYY.ZZZ udp port 1701 unreachable, length 135<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:29.054503 IP 84.142.YYY.ZZZ.4500 > 193.159.XXX.YYY.4500:
UDP-encap: ESP(spi=0x78b2002a,seq=0x3), length 164<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:29.056787 IP 193.159.XXX.YYY.1701 > 84.142.YYY.ZZZ.1701:
l2tp:[TLS](27/0)Ns=0,Nr=1 ZLB<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:29.056966 IP 193.159.XXX.YYY.1701 > 84.142.YYY.ZZZ.1701:
l2tp:[TLS](27/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:29.218165 IP 84.142.YYY.ZZZ > 193.159.XXX.YYY: ICMP
84.142.YYY.ZZZ udp port 1701 unreachable, length 48<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:29.218311 IP 84.142.YYY.ZZZ > 193.159.XXX.YYY: ICMP
84.142.YYY.ZZZ udp port 1701 unreachable, length 135<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:30.073553 IP 193.159.XXX.YYY.1701 > 84.142.YYY.ZZZ.1701:
l2tp:[TLS](27/0)Ns=0,Nr=1 *MSGTYPE(SCCRP) *PROTO_VER(1.0) *FRAMING_CAP(AS)
*BEARER_CAP() |...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>08:52:30.246431 IP 84.142.YYY.ZZZ > 193.159.XXX.YYY: ICMP
84.142.YYY.ZZZ udp port 1701 unreachable, length 135<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'> </span><o:p></o:p></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>