[Openswan Users] problem: cannot respond to IPsec SA request because no connection is known for

rodrigo nobrega nobregasz at yahoo.com.br
Wed Feb 9 17:12:57 CET 2005


Tks for helps.

sample lan:

10.10.1.141 ------ 10.10.1.231/192.168.0.1
    xp                 debian -openswan

log when i try ping 192.168.0.1 from 10.10.1.141


---------------auth.log

Feb  9 16:36:44 vpn pluto[2855]: packet from
10.10.1.141:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Feb  9 16:36:44 vpn pluto[2855]: packet from
10.10.1.141:500: ignoring Vendor ID payload
[FRAGMENTATION]
Feb  9 16:36:44 vpn pluto[2855]: packet from
10.10.1.141:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
Feb  9 16:36:44 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: responding to Main Mode from unknown
peer 10.10.1.141
Feb  9 16:36:44 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
Feb  9 16:36:44 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Feb  9 16:36:44 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: transition from state STATE_MAIN_R1 to
state STATE_MAIN_R2
Feb  9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Main mode peer ID is ID_DER_ASN1_DN:
'C=br, ST=paraiba, L=joao pessoa, O=sefin,
CN=teste.cliente, E=nobregasz at yahoo.com.br'
Feb  9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: I am sending my cert
Feb  9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: transition from state STATE_MAIN_R2 to
state STATE_MAIN_R3
Feb  9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sent MR3, ISAKMP SA established
Feb  9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: cannot respond to IPsec SA request
because no connection is known for
192.168.0.0/24===10.10.1.231[C=br, ST=paraiba, L=joao
pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br]...10.10.1.141[C=br,
ST=paraiba, L=joao pessoa, O=sefin, CN=teste.cliente,
E=nobregasz at yahoo.com.br]
Feb  9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_ID_INFORMATION to 10.10.1.141:500
Feb  9 16:36:49 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Quick Mode I1 message is unacceptable
because it uses a previously used Message ID
0x45f74098 (perhaps this is a duplicated packet)
Feb  9 16:36:49 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_MESSAGE_ID to 10.10.1.141:500
Feb  9 16:36:54 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Quick Mode I1 message is unacceptable
because it uses a previously used Message ID
0x45f74098 (perhaps this is a duplicated packet)
Feb  9 16:36:54 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_MESSAGE_ID to 10.10.1.141:500
Feb  9 16:37:01 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Quick Mode I1 message is unacceptable
because it uses a previously used Message ID
0x45f74098 (perhaps this is a duplicated packet)
Feb  9 16:37:01 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_MESSAGE_ID to 10.10.1.141:500
Feb  9 16:37:09 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Quick Mode I1 message is unacceptable
because it uses a previously used Message ID
0x45f74098 (perhaps this is a duplicated packet)
Feb  9 16:37:09 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_MESSAGE_ID to 10.10.1.141:500
Feb  9 16:37:25 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Quick Mode I1 message is unacceptable
because it uses a previously used Message ID
0x45f74098 (perhaps this is a duplicated packet)
Feb  9 16:37:25 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_MESSAGE_ID to 10.10.1.141:500
Feb  9 16:38:01 vpn PAM_unix[3347]: (cron) session
opened for user mail by (uid=0)
Feb  9 16:38:01 vpn PAM_unix[3347]: (cron) session
closed for user mail
Feb  9 16:42:30 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: received Delete SA payload: deleting
ISAKMP State #6
Feb  9 16:42:30 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141: deleting connection "roadwarrior-net"
instance with peer 10.10.1.141 {isakmp=#0/ipsec=#0}
Feb  9 16:42:30 vpn pluto[2855]: packet from
10.10.1.141:500: received and ignored informational
message
Feb  9 16:42:30 vpn pluto[2855]: packet from
10.10.1.141:500: Informational Exchange is for an
unknown (expired?) SA
Feb  9 16:42:50 vpn PAM_unix[3365]: check pass; user
unknown
Feb  9 16:42:50 vpn PAM_unix[3365]: authentication
failure; (uid=0) -> **unknown** for ftp service
Feb  9 16:43:36 vpn PAM_unix[3366]: (ftp) session
opened for user rodrigo by (uid=0)

-------------------- iptables

iptables -A INPUT -i eth0 -p 50 -j ACCEPT
iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
iptables -A INPUT -i eth0 -p 50 -j LOG
iptables -A OUTPUT -o eth0 -p 50 -j LOG
iptables -A INPUT -i eth0 -p 51 -j ACCEPT
iptables -A OUTPUT -o eth0 -p 51 -j ACCEPT
iptables -A INPUT -i eth0 -p 51 -j LOG
iptables -A OUTPUT -o eth0 -p 51 -j LOG
iptables -A INPUT -p udp --sport 500 --dport 500 -j
ACCEPT
iptables -A INPUT -p udp --sport 500 --dport 500 -j
LOG
iptables -A OUTPUT -p udp --sport 500 --dport 500 -j
ACCEPT
iptables -A OUTPUT -p udp --sport 500 --dport 500 -j
LOG
iptables -A INPUT -p udp --dport 4500 -j ACCEPT
iptables -A OUTPUT -p udp --dport 4500 -j ACCEPT
iptables -A INPUT -p udp --dport 4500 -j LOG
iptables -A OUTPUT -p udp --dport 4500 -j LOG

------------------------- ipsec.conf

# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.12 2004/01/20 19:37:13
sam Exp $

# This file: 
/usr/local/share/doc/freeswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5
#
# Help: 
#
http://www.freeswan.org/freeswan_trees/freeswan-2.1.6/doc/quickstart.html
#
http://www.freeswan.org/freeswan_trees/freeswan-2.1.6/doc/config.html
#
http://www.freeswan.org/freeswan_trees/freeswan-2.1.6/doc/adv_config.html
#
# Policy groups are enabled by default. See:
#
http://www.freeswan.org/freeswan_trees/freeswan-2.1.6/doc/policygroups.html
#
# Examples:
#
http://www.freeswan.org/freeswan_trees/freeswan-2.1.6/doc/examples
  


version	2.0	# conforms to second version of ipsec.conf
specification

# basic configuration
#config setup
	# Debug-logging controls:  "none" for (almost) none,
"all" for lots.
	# klipsdebug=all
	# plutodebug=dns

config setup
	interfaces=%defaultroute
	nat_traversal=yes

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:!192.168.0.0/16

conn %default
	keyingtries=1
	compress=yes
	disablearrivalcheck=no
	authby=rsasig
	leftrsasigkey=%cert
	rightrsasigkey=%cert

conn roadwarrior-net
	#leftsubnet=192.168.0.0/255.255.255.0	
	also=roadwarrior

conn roadwarrior
	left=%defaultroute
	leftcert=/etc/ipsec.d/certs/teste.vpn.pem
	#rightcert=vpn.sefin.pem	
	right=%any
	rightsubnet=vhost:%no,%priv
	auto=add
	pfs=yes


----------------- Oakley.log

 2-09: 16:43:36:680:670 entered kill_old_policy_sas 5
 2-09: 16:43:36:840:670 entered kill_old_policy_sas 5
 2-09: 16:43:58:671:5d8 Acquire from driver:
op=00000010 src=10.10.1.141.0 dst=192.168.0.1.0 proto
= 0, SrcMask=255.255.255.255, DstMask=255.255.255.0,
Tunnel 1, TunnelEndpt=10.10.1.231 Inbound
TunnelEndpt=10.10.1.141
 2-09: 16:43:58:732:670 Filter to match: Src
10.10.1.231 Dst 10.10.1.141
 2-09: 16:43:58:852:670 MM PolicyName: 2
 2-09: 16:43:58:852:670 MMPolicy dwFlags 2
SoftSAExpireTime 28800
 2-09: 16:43:58:852:670 MMOffer[0] LifetimeSec 28800
QMLimit 1 DHGroup 2
 2-09: 16:43:58:872:670 MMOffer[0] Encrypt: Triplo DES
CBC Hash: SHA
 2-09: 16:43:58:872:670 MMOffer[1] LifetimeSec 28800
QMLimit 1 DHGroup 2
 2-09: 16:43:58:872:670 MMOffer[1] Encrypt: Triplo DES
CBC Hash: MD5
 2-09: 16:43:58:872:670 MMOffer[2] LifetimeSec 28800
QMLimit 1 DHGroup 1
 2-09: 16:43:58:872:670 MMOffer[2] Encrypt: DES CBC
Hash: SHA
 2-09: 16:43:58:872:670 MMOffer[3] LifetimeSec 28800
QMLimit 1 DHGroup 1
 2-09: 16:43:58:872:670 MMOffer[3] Encrypt: DES CBC
Hash: MD5
 2-09: 16:43:58:952:670 Auth[0]:RSA Sig C=br,
S=paraiba, L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br AuthFlags 0
 2-09: 16:43:58:952:670 QM PolicyName:
Host-roadwarrior-net filter action dwFlags 1
 2-09: 16:43:58:952:670 QMOffer[0] LifetimeKBytes
50000 LifetimeSec 3600
 2-09: 16:43:58:952:670 QMOffer[0] dwFlags 0
dwPFSGroup -2147483648
 2-09: 16:43:58:952:670  Algo[0] Operation: ESP Algo:
Triplo DES CBC HMAC: MD5
 2-09: 16:43:58:952:670 Starting Negotiation: src =
10.10.1.141.0500, dst = 10.10.1.231.0500, proto = 00,
context = 00000010, ProxySrc = 10.10.1.141.0000,
ProxyDst = 192.168.0.0.0000 SrcMask = 255.255.255.255
DstMask = 255.255.255.0
 2-09: 16:43:58:952:670 constructing ISAKMP Header
 2-09: 16:43:58:952:670 constructing SA (ISAKMP)
 2-09: 16:43:58:952:670 Constructing Vendor MS NT5
ISAKMPOAKLEY
 2-09: 16:43:58:972:670 Constructing Vendor
FRAGMENTATION
 2-09: 16:43:58:972:670 Constructing Vendor
draft-ietf-ipsec-nat-t-ike-02
 2-09: 16:43:58:982:670 
 2-09: 16:43:58:982:670 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
 2-09: 16:43:58:982:670 ISAKMP Header: (V1.0), len =
256
 2-09: 16:43:58:982:670   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:43:58:982:670   R-COOKIE 0000000000000000
 2-09: 16:43:58:982:670   exchange: Oakley Main Mode
 2-09: 16:43:58:982:670   flags: 0
 2-09: 16:43:58:982:670   next payload: SA
 2-09: 16:43:58:982:670   message ID: 00000000
 2-09: 16:43:58:982:670 Ports S:f401 D:f401
 2-09: 16:43:58:982:670 
 2-09: 16:43:58:982:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
 2-09: 16:43:58:982:670 ISAKMP Header: (V1.0), len =
124
 2-09: 16:43:58:982:670   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:43:58:982:670   R-COOKIE 3d386c850a99e264
 2-09: 16:43:58:982:670   exchange: Oakley Main Mode
 2-09: 16:43:58:982:670   flags: 0
 2-09: 16:43:58:982:670   next payload: SA
 2-09: 16:43:58:982:670   message ID: 00000000
 2-09: 16:43:58:982:670 processing payload SA
 2-09: 16:43:58:982:670 Received Phase 1 Transform 1
 2-09: 16:43:58:982:670      Encryption Alg Triplo DES
CBC(5)
 2-09: 16:43:58:982:670      Hash Alg SHA(2)
 2-09: 16:43:58:982:670      Oakley Group 2
 2-09: 16:43:58:982:670      Auth Method Assinatura
RSA com Certificados (3)
 2-09: 16:43:58:982:670      Life type in Seconds
 2-09: 16:43:58:982:670      Life duration of 28800
 2-09: 16:43:58:982:670 Phase 1 SA accepted:
transform=1
 2-09: 16:43:58:982:670 SA - Oakley proposal accepted
 2-09: 16:43:58:982:670 processing payload VENDOR ID
 2-09: 16:43:58:992:670 processing payload VENDOR ID
 2-09: 16:43:58:992:670 Received VendorId
draft-ietf-ipsec-nat-t-ike-02
 2-09: 16:43:58:992:670 ClearFragList
 2-09: 16:43:58:992:670 constructing ISAKMP Header
 2-09: 16:43:59:72:670 constructing KE
 2-09: 16:43:59:72:670 constructing NONCE (ISAKMP)
 2-09: 16:43:59:72:670 Constructing NatDisc
 2-09: 16:43:59:72:670 
 2-09: 16:43:59:72:670 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
 2-09: 16:43:59:72:670 ISAKMP Header: (V1.0), len =
232
 2-09: 16:43:59:72:670   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:43:59:72:670   R-COOKIE 3d386c850a99e264
 2-09: 16:43:59:72:670   exchange: Oakley Main Mode
 2-09: 16:43:59:72:670   flags: 0
 2-09: 16:43:59:72:670   next payload: KE
 2-09: 16:43:59:72:670   message ID: 00000000
 2-09: 16:43:59:72:670 Ports S:f401 D:f401
 2-09: 16:43:59:92:670 
 2-09: 16:43:59:92:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
 2-09: 16:43:59:92:670 ISAKMP Header: (V1.0), len =
228
 2-09: 16:43:59:92:670   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:43:59:92:670   R-COOKIE 3d386c850a99e264
 2-09: 16:43:59:92:670   exchange: Oakley Main Mode
 2-09: 16:43:59:92:670   flags: 0
 2-09: 16:43:59:92:670   next payload: KE
 2-09: 16:43:59:92:670   message ID: 00000000
 2-09: 16:43:59:92:670 processing payload KE
 2-09: 16:43:59:122:670 processing payload NONCE
 2-09: 16:43:59:122:670 processing payload NATDISC
 2-09: 16:43:59:122:670 Processing NatHash
 2-09: 16:43:59:122:670 Nat hash
67ecfee8db90585ec9acd495c7df3de4
 2-09: 16:43:59:122:670 14b834f0
 2-09: 16:43:59:122:670 SA StateMask2 f
 2-09: 16:43:59:122:670 processing payload NATDISC
 2-09: 16:43:59:122:670 Processing NatHash
 2-09: 16:43:59:122:670 Nat hash
ceedc440e477626e1068d66451dfe855
 2-09: 16:43:59:122:670 201db022
 2-09: 16:43:59:122:670 SA StateMask2 8f
 2-09: 16:43:59:122:670 ClearFragList
 2-09: 16:43:59:132:670 constructing ISAKMP Header
 2-09: 16:43:59:132:670 constructing ID
 2-09: 16:43:59:142:670 Received no valid CRPs.  Using
all configured
 2-09: 16:43:59:142:670 Looking for IPSec only cert
 2-09: 16:43:59:152:670 Cert Trustes.  0 100
 2-09: 16:43:59:152:670 Cert SHA Thumbprint
2d16b509f9321a54e03090781b660713
 2-09: 16:43:59:152:670 fbeb65a0
 2-09: 16:43:59:152:670 CertFindExtenstion failed with
0
 2-09: 16:43:59:212:670 Entered CRL check
 2-09: 16:43:59:232:670 Left CRL check
 2-09: 16:43:59:232:670 Cert SHA Thumbprint
2d16b509f9321a54e03090781b660713
 2-09: 16:43:59:232:670 fbeb65a0
 2-09: 16:43:59:232:670 SubjectName: C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=teste.cliente,
E=nobregasz at yahoo.com.br
 2-09: 16:43:59:232:670 Cert Serialnumber 02
 2-09: 16:43:59:232:670 Cert SHA Thumbprint
2d16b509f9321a54e03090781b660713
 2-09: 16:43:59:232:670 fbeb65a0
 2-09: 16:43:59:232:670 SubjectName: C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br
 2-09: 16:43:59:232:670 Cert Serialnumber 00
 2-09: 16:43:59:232:670 Cert SHA Thumbprint
3b9b8df006afe6e1c52b6ae783d0776c
 2-09: 16:43:59:232:670 ece1fd71
 2-09: 16:43:59:232:670 Not storing My cert chain in
SA.
 2-09: 16:43:59:232:670 MM ID Type 9
 2-09: 16:43:59:232:670 MM ID
308184310b3009060355040613026272
 2-09: 16:43:59:232:670
3110300e060355040813077061726169
 2-09: 16:43:59:232:670
6261311430120603550407130b6a6f61
 2-09: 16:43:59:232:670
6f20706573736f61310e300c06035504
 2-09: 16:43:59:232:670
0a1305736566696e3116301406035504
 2-09: 16:43:59:232:670
03130d74657374652e636c69656e7465
 2-09: 16:43:59:242:670
3125302306092a864886f70d01090116
 2-09: 16:43:59:242:670
166e6f6272656761737a407961686f6f
 2-09: 16:43:59:242:670 2e636f6d2e6272
 2-09: 16:43:59:242:670 constructing CERT
 2-09: 16:43:59:242:670 Construct SIG
 2-09: 16:43:59:242:670 Constructing Cert Request
 2-09: 16:43:59:242:670 C=br, S=paraiba, L=joao
pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br
 2-09: 16:43:59:242:670 
 2-09: 16:43:59:242:670 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
 2-09: 16:43:59:242:670 ISAKMP Header: (V1.0), len =
1356
 2-09: 16:43:59:242:670   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:43:59:242:670   R-COOKIE 3d386c850a99e264
 2-09: 16:43:59:242:670   exchange: Oakley Main Mode
 2-09: 16:43:59:252:670   flags: 1 ( encrypted )
 2-09: 16:43:59:252:670   next payload: ID
 2-09: 16:43:59:252:670   message ID: 00000000
 2-09: 16:43:59:252:670 Ports S:f401 D:f401
 2-09: 16:43:59:262:670 
 2-09: 16:43:59:262:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
 2-09: 16:43:59:262:670 ISAKMP Header: (V1.0), len =
1212
 2-09: 16:43:59:262:670   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:43:59:262:670   R-COOKIE 3d386c850a99e264
 2-09: 16:43:59:262:670   exchange: Oakley Main Mode
 2-09: 16:43:59:262:670   flags: 1 ( encrypted )
 2-09: 16:43:59:262:670   next payload: ID
 2-09: 16:43:59:262:670   message ID: 00000000
 2-09: 16:43:59:262:670 processing payload ID
 2-09: 16:43:59:262:670 processing payload CERT
 2-09: 16:43:59:262:670 processing payload SIG
 2-09: 16:43:59:262:670 Verifying CertStore
 2-09: 16:43:59:262:670 SubjectName: C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br
 2-09: 16:43:59:262:670 Cert Serialnumber 01
 2-09: 16:43:59:262:670 Cert SHA Thumbprint
bbdf77a6d316596356df0bc8d21efbd7
 2-09: 16:43:59:262:670 1a86d3a3
 2-09: 16:43:59:262:670 Cert Trustes.  0 100
 2-09: 16:43:59:272:670 SubjectName: C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br
 2-09: 16:43:59:272:670 Cert Serialnumber 01
 2-09: 16:43:59:272:670 Cert SHA Thumbprint
bbdf77a6d316596356df0bc8d21efbd7
 2-09: 16:43:59:272:670 1a86d3a3
 2-09: 16:43:59:272:670 SubjectName: C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br
 2-09: 16:43:59:272:670 Cert Serialnumber 00
 2-09: 16:43:59:272:670 Cert SHA Thumbprint
3b9b8df006afe6e1c52b6ae783d0776c
 2-09: 16:43:59:272:670 ece1fd71
 2-09: 16:43:59:272:670 Not storing Peer's cert chain
in SA.
 2-09: 16:43:59:272:670 Cert SHA Thumbprint
bbdf77a6d316596356df0bc8d21efbd7
 2-09: 16:43:59:272:670 1a86d3a3
 2-09: 16:43:59:272:670 Entered CRL check
 2-09: 16:43:59:272:670 Left CRL check
 2-09: 16:43:59:272:670 CertFindExtenstion failed with
0
 2-09: 16:43:59:272:670 Signature validated
 2-09: 16:43:59:272:670 ClearFragList
 2-09: 16:43:59:272:670 MM established.  SA: 00106BE0
 2-09: 16:43:59:272:670 QM PolicyName:
Host-roadwarrior-net filter action dwFlags 1
 2-09: 16:43:59:272:670 QMOffer[0] LifetimeKBytes
50000 LifetimeSec 3600
 2-09: 16:43:59:272:670 QMOffer[0] dwFlags 0
dwPFSGroup -2147483648
 2-09: 16:43:59:272:670  Algo[0] Operation: ESP Algo:
Triplo DES CBC HMAC: MD5
 2-09: 16:43:59:272:670 GetSpi: src =
192.168.0.0.0000, dst = 10.10.1.141.0000, proto = 00,
context = 00000010, srcMask = 255.255.255.0, destMask
= 255.255.255.255, TunnelFilter 1
 2-09: 16:43:59:272:670 Setting SPI  101167492
 2-09: 16:43:59:272:670 constructing ISAKMP Header
 2-09: 16:43:59:272:670 constructing HASH (null)
 2-09: 16:43:59:272:670 constructing SA (IPSEC)
 2-09: 16:43:59:272:670 constructing QM KE
 2-09: 16:43:59:342:670 constructing NONCE (IPSEC)
 2-09: 16:43:59:342:670 constructing ID (proxy)
 2-09: 16:43:59:342:670 constructing ID (proxy)
 2-09: 16:43:59:342:670 constructing HASH (QM)
 2-09: 16:43:59:342:670 
 2-09: 16:43:59:342:670 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
 2-09: 16:43:59:342:670 ISAKMP Header: (V1.0), len =
308
 2-09: 16:43:59:342:670   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:43:59:342:670   R-COOKIE 3d386c850a99e264
 2-09: 16:43:59:342:670   exchange: Oakley Quick Mode
 2-09: 16:43:59:342:670   flags: 1 ( encrypted )
 2-09: 16:43:59:342:670   next payload: HASH
 2-09: 16:43:59:342:670   message ID: 9840f745
 2-09: 16:43:59:342:670 Ports S:f401 D:f401
 2-09: 16:43:59:352:670 
 2-09: 16:43:59:352:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
 2-09: 16:43:59:352:670 ISAKMP Header: (V1.0), len =
68
 2-09: 16:43:59:352:670   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:43:59:352:670   R-COOKIE 3d386c850a99e264
 2-09: 16:43:59:352:670   exchange: ISAKMP
Informational Exchange
 2-09: 16:43:59:352:670   flags: 1 ( encrypted )
 2-09: 16:43:59:352:670   next payload: HASH
 2-09: 16:43:59:352:670   message ID: dba2a3a5
 2-09: 16:43:59:352:670 processing HASH
(Notify/Delete)
 2-09: 16:43:59:352:670 processing payload NOTIFY
 2-09: 16:43:59:352:670 notify: INVALID-ID-INFORMATION
 2-09: 16:43:59:352:670 isadb_set_status sa:00106BE0
centry:00000000 status 3601
 2-09: 16:44:03:338:5e0 retransmit: sa = 00106BE0
centry 00143A48 , count = 1
 2-09: 16:44:03:338:5e0 
 2-09: 16:44:03:338:5e0 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
 2-09: 16:44:03:338:5e0 ISAKMP Header: (V1.0), len =
308
 2-09: 16:44:03:338:5e0   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:44:03:338:5e0   R-COOKIE 3d386c850a99e264
 2-09: 16:44:03:338:5e0   exchange: Oakley Quick Mode
 2-09: 16:44:03:338:5e0   flags: 1 ( encrypted )
 2-09: 16:44:03:338:5e0   next payload: HASH
 2-09: 16:44:03:338:5e0   message ID: 9840f745
 2-09: 16:44:03:338:5e0 Ports S:f401 D:f401
 2-09: 16:44:03:338:670 
 2-09: 16:44:03:338:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
 2-09: 16:44:03:338:670 ISAKMP Header: (V1.0), len =
68
 2-09: 16:44:03:338:670   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:44:03:338:670   R-COOKIE 3d386c850a99e264
 2-09: 16:44:03:338:670   exchange: ISAKMP
Informational Exchange
 2-09: 16:44:03:338:670   flags: 1 ( encrypted )
 2-09: 16:44:03:338:670   next payload: HASH
 2-09: 16:44:03:338:670   message ID: 3d1c9038
 2-09: 16:44:03:338:670 processing HASH
(Notify/Delete)
 2-09: 16:44:03:338:670 processing payload NOTIFY
 2-09: 16:44:03:338:670 notify: INVALID-MESSAGE-ID
 2-09: 16:44:03:338:670 Unknown Notify Message 9
 2-09: 16:44:08:345:5e0 retransmit: sa = 00106BE0
centry 00143A48 , count = 2
 2-09: 16:44:08:345:5e0 
 2-09: 16:44:08:345:5e0 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
 2-09: 16:44:08:345:5e0 ISAKMP Header: (V1.0), len =
308
 2-09: 16:44:08:345:5e0   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:44:08:345:5e0   R-COOKIE 3d386c850a99e264
 2-09: 16:44:08:345:5e0   exchange: Oakley Quick Mode
 2-09: 16:44:08:345:5e0   flags: 1 ( encrypted )
 2-09: 16:44:08:345:5e0   next payload: HASH
 2-09: 16:44:08:345:5e0   message ID: 9840f745
 2-09: 16:44:08:345:5e0 Ports S:f401 D:f401
 2-09: 16:44:08:345:670 
 2-09: 16:44:08:345:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
 2-09: 16:44:08:345:670 ISAKMP Header: (V1.0), len =
68
 2-09: 16:44:08:345:670   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:44:08:345:670   R-COOKIE 3d386c850a99e264
 2-09: 16:44:08:345:670   exchange: ISAKMP
Informational Exchange
 2-09: 16:44:08:345:670   flags: 1 ( encrypted )
 2-09: 16:44:08:345:670   next payload: HASH
 2-09: 16:44:08:345:670   message ID: 5992ea7b
 2-09: 16:44:08:345:670 processing HASH
(Notify/Delete)
 2-09: 16:44:08:345:670 processing payload NOTIFY
 2-09: 16:44:08:345:670 notify: INVALID-MESSAGE-ID
 2-09: 16:44:08:345:670 Unknown Notify Message 9
 2-09: 16:44:15:375:5e0 retransmit: sa = 00106BE0
centry 00143A48 , count = 3
 2-09: 16:44:15:375:5e0 
 2-09: 16:44:15:375:5e0 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
 2-09: 16:44:15:375:5e0 ISAKMP Header: (V1.0), len =
308
 2-09: 16:44:15:375:5e0   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:44:15:375:5e0   R-COOKIE 3d386c850a99e264
 2-09: 16:44:15:375:5e0   exchange: Oakley Quick Mode
 2-09: 16:44:15:375:5e0   flags: 1 ( encrypted )
 2-09: 16:44:15:375:5e0   next payload: HASH
 2-09: 16:44:15:375:5e0   message ID: 9840f745
 2-09: 16:44:15:375:5e0 Ports S:f401 D:f401
 2-09: 16:44:15:375:460 
 2-09: 16:44:15:375:460 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
 2-09: 16:44:15:375:460 ISAKMP Header: (V1.0), len =
68
 2-09: 16:44:15:375:460   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:44:15:375:460   R-COOKIE 3d386c850a99e264
 2-09: 16:44:15:375:460   exchange: ISAKMP
Informational Exchange
 2-09: 16:44:15:375:460   flags: 1 ( encrypted )
 2-09: 16:44:15:375:460   next payload: HASH
 2-09: 16:44:15:375:460   message ID: 31ee71d3
 2-09: 16:44:15:375:460 processing HASH
(Notify/Delete)
 2-09: 16:44:15:375:460 processing payload NOTIFY
 2-09: 16:44:15:375:460 notify: INVALID-MESSAGE-ID
 2-09: 16:44:15:375:460 Unknown Notify Message 9
 2-09: 16:44:23:467:5e0 retransmit: sa = 00106BE0
centry 00143A48 , count = 4
 2-09: 16:44:23:467:5e0 
 2-09: 16:44:23:467:5e0 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
 2-09: 16:44:23:467:5e0 ISAKMP Header: (V1.0), len =
308
 2-09: 16:44:23:467:5e0   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:44:23:467:5e0   R-COOKIE 3d386c850a99e264
 2-09: 16:44:23:467:5e0   exchange: Oakley Quick Mode
 2-09: 16:44:23:467:5e0   flags: 1 ( encrypted )
 2-09: 16:44:23:467:5e0   next payload: HASH
 2-09: 16:44:23:467:5e0   message ID: 9840f745
 2-09: 16:44:23:467:5e0 Ports S:f401 D:f401
 2-09: 16:44:23:467:460 
 2-09: 16:44:23:467:460 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
 2-09: 16:44:23:467:460 ISAKMP Header: (V1.0), len =
68
 2-09: 16:44:23:467:460   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:44:23:467:460   R-COOKIE 3d386c850a99e264
 2-09: 16:44:23:467:460   exchange: ISAKMP
Informational Exchange
 2-09: 16:44:23:467:460   flags: 1 ( encrypted )
 2-09: 16:44:23:467:460   next payload: HASH
 2-09: 16:44:23:467:460   message ID: c4e5da71
 2-09: 16:44:23:467:460 processing HASH
(Notify/Delete)
 2-09: 16:44:23:467:460 processing payload NOTIFY
 2-09: 16:44:23:467:460 notify: INVALID-MESSAGE-ID
 2-09: 16:44:23:467:460 Unknown Notify Message 9
 2-09: 16:44:39:490:5e0 retransmit: sa = 00106BE0
centry 00143A48 , count = 5
 2-09: 16:44:39:490:5e0 
 2-09: 16:44:39:490:5e0 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
 2-09: 16:44:39:490:5e0 ISAKMP Header: (V1.0), len =
308
 2-09: 16:44:39:490:5e0   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:44:39:490:5e0   R-COOKIE 3d386c850a99e264
 2-09: 16:44:39:490:5e0   exchange: Oakley Quick Mode
 2-09: 16:44:39:490:5e0   flags: 1 ( encrypted )
 2-09: 16:44:39:490:5e0   next payload: HASH
 2-09: 16:44:39:490:5e0   message ID: 9840f745
 2-09: 16:44:39:490:5e0 Ports S:f401 D:f401
 2-09: 16:44:39:490:460 
 2-09: 16:44:39:490:460 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
 2-09: 16:44:39:490:460 ISAKMP Header: (V1.0), len =
68
 2-09: 16:44:39:490:460   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:44:39:490:460   R-COOKIE 3d386c850a99e264
 2-09: 16:44:39:490:460   exchange: ISAKMP
Informational Exchange
 2-09: 16:44:39:490:460   flags: 1 ( encrypted )
 2-09: 16:44:39:490:460   next payload: HASH
 2-09: 16:44:39:490:460   message ID: 94892144
 2-09: 16:44:39:490:460 processing HASH
(Notify/Delete)
 2-09: 16:44:39:490:460 processing payload NOTIFY
 2-09: 16:44:39:490:460 notify: INVALID-MESSAGE-ID
 2-09: 16:44:39:490:460 Unknown Notify Message 9
 2-09: 16:45:11:486:460 
 2-09: 16:45:11:486:460 Receive: (get) SA = 0x0013a038
from 10.10.1.231.500
 2-09: 16:45:11:486:460 ISAKMP Header: (V1.0), len =
84
 2-09: 16:45:11:486:460   I-COOKIE 66d0bb343ddecafc
 2-09: 16:45:11:486:460   R-COOKIE d5fc7a23a36c7f94
 2-09: 16:45:11:486:460   exchange: ISAKMP
Informational Exchange
 2-09: 16:45:11:486:460   flags: 1 ( encrypted )
 2-09: 16:45:11:486:460   next payload: HASH
 2-09: 16:45:11:486:460   message ID: ff0bfe6b
 2-09: 16:45:11:486:460 processing HASH
(Notify/Delete)
 2-09: 16:45:11:486:460 processing payload DELETE
 2-09: 16:45:11:486:460 SA Dead. sa:0013A038
status:35ef
 2-09: 16:45:11:536:5e0 retransmit exhausted: sa =
00106BE0 centry 00143A48, count = 6
 2-09: 16:45:11:556:5e0 Modo de proteção de dados
(Modo rápido)
 2-09: 16:45:11:556:5e0 Endereço IP de origem
10.10.1.141  Máscara do endereço IP de origem
255.255.255.255  Endereço IP de destino 192.168.0.0 
Máscara do endereço IP de destino 255.255.255.0 
Protocolo 0  Porta de origem 0  Porta de destino 0 
End. local IKE 10.10.1.141  End. IKE de mesmo nível
10.10.1.231
 2-09: 16:45:11:556:5e0 Identidade baseada no
certificado.  Entidade de mesmo nível C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br  Impressão digital SHA de
mesmo nível bbdf77a6d316596356df0bc8d21efbd71a86d3a3 
Autoridade de certificação emitente C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br  Autoridade de certificação
raiz C=br, S=paraiba, L=joao pessoa, O=sefin,
CN=vpn.teste, E=nobregasz at yahoo.com.br  Minha entidade
C=br, S=paraiba, L=joao pessoa, O=sefin,
CN=teste.cliente, E=nobregasz at yahoo.com.br  Minha
impressão digital SHA
2d16b509f9321a54e03090781b660713fbeb65a0  Endereço IP
de mesmo nível: 10.10.1.231
 2-09: 16:45:11:556:5e0 Eu
 2-09: 16:45:11:556:5e0 Tempo limite da negociação
esgotado
 2-09: 16:45:11:556:5e0 0x0 0x0
 2-09: 16:45:11:556:5e0 isadb_set_status sa:00106BE0
centry:00143A48 status 35ed
 2-09: 16:45:44:544:460 ClearFragList
 2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
1e09933a-03d9-4a23-b85b7d20386feeb3 4
 2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
55d6b4be-0409-4ce5-8916b06c4d75bf14 4
 2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
40de55e7-6c33-447c-9e6dc782837aeca5 3
 2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
e8ef537a-71df-4139-923f6bf56a7c9702 3
 2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
70428329-49d7-49c0-9b270b0a256189b1 3
 2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
6e0603cb-ce98-428b-a73dd53e8b409350 3
 2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
bc6f873e-5af5-407c-8ab3515bf81b5a25 1
 2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
c70fc30b-144b-4ed8-b4d09cac0d7b7484 2
 2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
d817d4cd-6fdc-4f0c-a07e17dd526d1bc8 2
 2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
3d6c90ca-9738-4249-a3a2da0329dc932c 2
 2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
fab2a78b-e230-4f98-a1775a1d53f3fc12 2
 2-09: 16:49:44:549:460 entered kill_old_policy_sas 4
 2-09: 16:49:44:549:460 entered kill_old_policy_sas 4
 2-09: 16:49:44:549:460 SA Dead. sa:00106BE0
status:3619
 2-09: 16:49:44:549:460 constructing ISAKMP Header
 2-09: 16:49:44:549:460 constructing HASH (null)
 2-09: 16:49:44:549:460 constructing DELETE. MM
00106BE0
 2-09: 16:49:44:549:460 constructing HASH
(Notify/Delete)
 2-09: 16:49:44:549:460 Not setting retransmit to
downlevel client. SA 00106BE0 Centry 00000000
 2-09: 16:49:44:549:460 
 2-09: 16:49:44:549:460 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 1.500
 2-09: 16:49:44:549:460 ISAKMP Header: (V1.0), len =
84
 2-09: 16:49:44:549:460   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:49:44:549:460   R-COOKIE 3d386c850a99e264
 2-09: 16:49:44:549:460   exchange: ISAKMP
Informational Exchange
 2-09: 16:49:44:549:460   flags: 1 ( encrypted )
 2-09: 16:49:44:549:460   next payload: HASH
 2-09: 16:49:44:549:460   message ID: 0aa7e45b
 2-09: 16:49:44:549:460 Ports S:f401 D:f401
 2-09: 16:49:44:549:460 SA Dead. sa:0014A240
status:3619
 2-09: 16:49:44:549:460 constructing ISAKMP Header
 2-09: 16:49:44:549:460 constructing HASH (null)
 2-09: 16:49:44:549:460 constructing DELETE. MM
0014A240
 2-09: 16:49:44:549:460 constructing HASH
(Notify/Delete)
 2-09: 16:49:44:549:460 Not setting retransmit to
downlevel client. SA 0014A240 Centry 00000000
 2-09: 16:49:44:549:460 
 2-09: 16:49:44:549:460 Sending: SA = 0x0014A240 to
10.10.1.231:Type 1.500
 2-09: 16:49:44:549:460 ISAKMP Header: (V1.0), len =
84
 2-09: 16:49:44:549:460   I-COOKIE a5c0e956a2413d45
 2-09: 16:49:44:549:460   R-COOKIE 46fe05d96911ce6b
 2-09: 16:49:44:549:460   exchange: ISAKMP
Informational Exchange
 2-09: 16:49:44:549:460   flags: 1 ( encrypted )
 2-09: 16:49:44:549:460   next payload: HASH
 2-09: 16:49:44:549:460   message ID: b302ed2d
 2-09: 16:49:44:549:460 Ports S:f401 D:f401
 2-09: 16:49:44:549:460 entered kill_old_policy_sas 3
 2-09: 16:49:44:549:460 entered kill_old_policy_sas 3
 2-09: 16:49:44:549:460 entered kill_old_policy_sas 3
 2-09: 16:49:44:549:460 entered kill_old_policy_sas 3
 2-09: 16:49:44:549:460 entered kill_old_policy_sas 1
 2-09: 16:49:44:549:460 entered kill_old_policy_sas 2
 2-09: 16:49:44:549:460 entered kill_old_policy_sas 2
 2-09: 16:49:44:549:460 entered kill_old_policy_sas 2
 2-09: 16:49:44:549:460 entered kill_old_policy_sas 2
 2-09: 16:49:44:549:460 
 2-09: 16:49:44:549:460 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
 2-09: 16:49:44:549:460 ISAKMP Header: (V1.0), len =
84
 2-09: 16:49:44:549:460   I-COOKIE d8ccd6e05f81a0d2
 2-09: 16:49:44:549:460   R-COOKIE 3d386c850a99e264
 2-09: 16:49:44:549:460   exchange: ISAKMP
Informational Exchange
 2-09: 16:49:44:549:460   flags: 1 ( encrypted )
 2-09: 16:49:44:549:460   next payload: HASH
 2-09: 16:49:44:549:460   message ID: 63bcf19b
 2-09: 16:49:44:549:460 processing HASH
(Notify/Delete)
 2-09: 16:49:44:549:460 processing payload DELETE
 2-09: 16:50:14:582:724 ClearFragList
 2-09: 16:50:14:582:724 ClearFragList





	
	
		
_______________________________________________________ 
Yahoo! Acesso Grátis - Instale o discador do Yahoo! agora. http://br.acesso.yahoo.com/ - Internet rápida e grátis


More information about the Users mailing list