[Openswan Users]
problem: cannot respond to IPsec SA request because no connection
is known for
rodrigo nobrega
nobregasz at yahoo.com.br
Wed Feb 9 17:12:57 CET 2005
Tks for helps.
sample lan:
10.10.1.141 ------ 10.10.1.231/192.168.0.1
xp debian -openswan
log when i try ping 192.168.0.1 from 10.10.1.141
---------------auth.log
Feb 9 16:36:44 vpn pluto[2855]: packet from
10.10.1.141:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Feb 9 16:36:44 vpn pluto[2855]: packet from
10.10.1.141:500: ignoring Vendor ID payload
[FRAGMENTATION]
Feb 9 16:36:44 vpn pluto[2855]: packet from
10.10.1.141:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Feb 9 16:36:44 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: responding to Main Mode from unknown
peer 10.10.1.141
Feb 9 16:36:44 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
Feb 9 16:36:44 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Feb 9 16:36:44 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: transition from state STATE_MAIN_R1 to
state STATE_MAIN_R2
Feb 9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Main mode peer ID is ID_DER_ASN1_DN:
'C=br, ST=paraiba, L=joao pessoa, O=sefin,
CN=teste.cliente, E=nobregasz at yahoo.com.br'
Feb 9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: I am sending my cert
Feb 9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: transition from state STATE_MAIN_R2 to
state STATE_MAIN_R3
Feb 9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sent MR3, ISAKMP SA established
Feb 9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: cannot respond to IPsec SA request
because no connection is known for
192.168.0.0/24===10.10.1.231[C=br, ST=paraiba, L=joao
pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br]...10.10.1.141[C=br,
ST=paraiba, L=joao pessoa, O=sefin, CN=teste.cliente,
E=nobregasz at yahoo.com.br]
Feb 9 16:36:45 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_ID_INFORMATION to 10.10.1.141:500
Feb 9 16:36:49 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Quick Mode I1 message is unacceptable
because it uses a previously used Message ID
0x45f74098 (perhaps this is a duplicated packet)
Feb 9 16:36:49 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_MESSAGE_ID to 10.10.1.141:500
Feb 9 16:36:54 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Quick Mode I1 message is unacceptable
because it uses a previously used Message ID
0x45f74098 (perhaps this is a duplicated packet)
Feb 9 16:36:54 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_MESSAGE_ID to 10.10.1.141:500
Feb 9 16:37:01 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Quick Mode I1 message is unacceptable
because it uses a previously used Message ID
0x45f74098 (perhaps this is a duplicated packet)
Feb 9 16:37:01 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_MESSAGE_ID to 10.10.1.141:500
Feb 9 16:37:09 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Quick Mode I1 message is unacceptable
because it uses a previously used Message ID
0x45f74098 (perhaps this is a duplicated packet)
Feb 9 16:37:09 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_MESSAGE_ID to 10.10.1.141:500
Feb 9 16:37:25 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: Quick Mode I1 message is unacceptable
because it uses a previously used Message ID
0x45f74098 (perhaps this is a duplicated packet)
Feb 9 16:37:25 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: sending encrypted notification
INVALID_MESSAGE_ID to 10.10.1.141:500
Feb 9 16:38:01 vpn PAM_unix[3347]: (cron) session
opened for user mail by (uid=0)
Feb 9 16:38:01 vpn PAM_unix[3347]: (cron) session
closed for user mail
Feb 9 16:42:30 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141 #6: received Delete SA payload: deleting
ISAKMP State #6
Feb 9 16:42:30 vpn pluto[2855]: "roadwarrior-net"[2]
10.10.1.141: deleting connection "roadwarrior-net"
instance with peer 10.10.1.141 {isakmp=#0/ipsec=#0}
Feb 9 16:42:30 vpn pluto[2855]: packet from
10.10.1.141:500: received and ignored informational
message
Feb 9 16:42:30 vpn pluto[2855]: packet from
10.10.1.141:500: Informational Exchange is for an
unknown (expired?) SA
Feb 9 16:42:50 vpn PAM_unix[3365]: check pass; user
unknown
Feb 9 16:42:50 vpn PAM_unix[3365]: authentication
failure; (uid=0) -> **unknown** for ftp service
Feb 9 16:43:36 vpn PAM_unix[3366]: (ftp) session
opened for user rodrigo by (uid=0)
-------------------- iptables
iptables -A INPUT -i eth0 -p 50 -j ACCEPT
iptables -A OUTPUT -o eth0 -p 50 -j ACCEPT
iptables -A INPUT -i eth0 -p 50 -j LOG
iptables -A OUTPUT -o eth0 -p 50 -j LOG
iptables -A INPUT -i eth0 -p 51 -j ACCEPT
iptables -A OUTPUT -o eth0 -p 51 -j ACCEPT
iptables -A INPUT -i eth0 -p 51 -j LOG
iptables -A OUTPUT -o eth0 -p 51 -j LOG
iptables -A INPUT -p udp --sport 500 --dport 500 -j
ACCEPT
iptables -A INPUT -p udp --sport 500 --dport 500 -j
LOG
iptables -A OUTPUT -p udp --sport 500 --dport 500 -j
ACCEPT
iptables -A OUTPUT -p udp --sport 500 --dport 500 -j
LOG
iptables -A INPUT -p udp --dport 4500 -j ACCEPT
iptables -A OUTPUT -p udp --dport 4500 -j ACCEPT
iptables -A INPUT -p udp --dport 4500 -j LOG
iptables -A OUTPUT -p udp --dport 4500 -j LOG
------------------------- ipsec.conf
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.12 2004/01/20 19:37:13
sam Exp $
# This file:
/usr/local/share/doc/freeswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
#
# Help:
#
http://www.freeswan.org/freeswan_trees/freeswan-2.1.6/doc/quickstart.html
#
http://www.freeswan.org/freeswan_trees/freeswan-2.1.6/doc/config.html
#
http://www.freeswan.org/freeswan_trees/freeswan-2.1.6/doc/adv_config.html
#
# Policy groups are enabled by default. See:
#
http://www.freeswan.org/freeswan_trees/freeswan-2.1.6/doc/policygroups.html
#
# Examples:
#
http://www.freeswan.org/freeswan_trees/freeswan-2.1.6/doc/examples
version 2.0 # conforms to second version of ipsec.conf
specification
# basic configuration
#config setup
# Debug-logging controls: "none" for (almost) none,
"all" for lots.
# klipsdebug=all
# plutodebug=dns
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:!192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
#leftsubnet=192.168.0.0/255.255.255.0
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=/etc/ipsec.d/certs/teste.vpn.pem
#rightcert=vpn.sefin.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
----------------- Oakley.log
2-09: 16:43:36:680:670 entered kill_old_policy_sas 5
2-09: 16:43:36:840:670 entered kill_old_policy_sas 5
2-09: 16:43:58:671:5d8 Acquire from driver:
op=00000010 src=10.10.1.141.0 dst=192.168.0.1.0 proto
= 0, SrcMask=255.255.255.255, DstMask=255.255.255.0,
Tunnel 1, TunnelEndpt=10.10.1.231 Inbound
TunnelEndpt=10.10.1.141
2-09: 16:43:58:732:670 Filter to match: Src
10.10.1.231 Dst 10.10.1.141
2-09: 16:43:58:852:670 MM PolicyName: 2
2-09: 16:43:58:852:670 MMPolicy dwFlags 2
SoftSAExpireTime 28800
2-09: 16:43:58:852:670 MMOffer[0] LifetimeSec 28800
QMLimit 1 DHGroup 2
2-09: 16:43:58:872:670 MMOffer[0] Encrypt: Triplo DES
CBC Hash: SHA
2-09: 16:43:58:872:670 MMOffer[1] LifetimeSec 28800
QMLimit 1 DHGroup 2
2-09: 16:43:58:872:670 MMOffer[1] Encrypt: Triplo DES
CBC Hash: MD5
2-09: 16:43:58:872:670 MMOffer[2] LifetimeSec 28800
QMLimit 1 DHGroup 1
2-09: 16:43:58:872:670 MMOffer[2] Encrypt: DES CBC
Hash: SHA
2-09: 16:43:58:872:670 MMOffer[3] LifetimeSec 28800
QMLimit 1 DHGroup 1
2-09: 16:43:58:872:670 MMOffer[3] Encrypt: DES CBC
Hash: MD5
2-09: 16:43:58:952:670 Auth[0]:RSA Sig C=br,
S=paraiba, L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br AuthFlags 0
2-09: 16:43:58:952:670 QM PolicyName:
Host-roadwarrior-net filter action dwFlags 1
2-09: 16:43:58:952:670 QMOffer[0] LifetimeKBytes
50000 LifetimeSec 3600
2-09: 16:43:58:952:670 QMOffer[0] dwFlags 0
dwPFSGroup -2147483648
2-09: 16:43:58:952:670 Algo[0] Operation: ESP Algo:
Triplo DES CBC HMAC: MD5
2-09: 16:43:58:952:670 Starting Negotiation: src =
10.10.1.141.0500, dst = 10.10.1.231.0500, proto = 00,
context = 00000010, ProxySrc = 10.10.1.141.0000,
ProxyDst = 192.168.0.0.0000 SrcMask = 255.255.255.255
DstMask = 255.255.255.0
2-09: 16:43:58:952:670 constructing ISAKMP Header
2-09: 16:43:58:952:670 constructing SA (ISAKMP)
2-09: 16:43:58:952:670 Constructing Vendor MS NT5
ISAKMPOAKLEY
2-09: 16:43:58:972:670 Constructing Vendor
FRAGMENTATION
2-09: 16:43:58:972:670 Constructing Vendor
draft-ietf-ipsec-nat-t-ike-02
2-09: 16:43:58:982:670
2-09: 16:43:58:982:670 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
2-09: 16:43:58:982:670 ISAKMP Header: (V1.0), len =
256
2-09: 16:43:58:982:670 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:43:58:982:670 R-COOKIE 0000000000000000
2-09: 16:43:58:982:670 exchange: Oakley Main Mode
2-09: 16:43:58:982:670 flags: 0
2-09: 16:43:58:982:670 next payload: SA
2-09: 16:43:58:982:670 message ID: 00000000
2-09: 16:43:58:982:670 Ports S:f401 D:f401
2-09: 16:43:58:982:670
2-09: 16:43:58:982:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
2-09: 16:43:58:982:670 ISAKMP Header: (V1.0), len =
124
2-09: 16:43:58:982:670 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:43:58:982:670 R-COOKIE 3d386c850a99e264
2-09: 16:43:58:982:670 exchange: Oakley Main Mode
2-09: 16:43:58:982:670 flags: 0
2-09: 16:43:58:982:670 next payload: SA
2-09: 16:43:58:982:670 message ID: 00000000
2-09: 16:43:58:982:670 processing payload SA
2-09: 16:43:58:982:670 Received Phase 1 Transform 1
2-09: 16:43:58:982:670 Encryption Alg Triplo DES
CBC(5)
2-09: 16:43:58:982:670 Hash Alg SHA(2)
2-09: 16:43:58:982:670 Oakley Group 2
2-09: 16:43:58:982:670 Auth Method Assinatura
RSA com Certificados (3)
2-09: 16:43:58:982:670 Life type in Seconds
2-09: 16:43:58:982:670 Life duration of 28800
2-09: 16:43:58:982:670 Phase 1 SA accepted:
transform=1
2-09: 16:43:58:982:670 SA - Oakley proposal accepted
2-09: 16:43:58:982:670 processing payload VENDOR ID
2-09: 16:43:58:992:670 processing payload VENDOR ID
2-09: 16:43:58:992:670 Received VendorId
draft-ietf-ipsec-nat-t-ike-02
2-09: 16:43:58:992:670 ClearFragList
2-09: 16:43:58:992:670 constructing ISAKMP Header
2-09: 16:43:59:72:670 constructing KE
2-09: 16:43:59:72:670 constructing NONCE (ISAKMP)
2-09: 16:43:59:72:670 Constructing NatDisc
2-09: 16:43:59:72:670
2-09: 16:43:59:72:670 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
2-09: 16:43:59:72:670 ISAKMP Header: (V1.0), len =
232
2-09: 16:43:59:72:670 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:43:59:72:670 R-COOKIE 3d386c850a99e264
2-09: 16:43:59:72:670 exchange: Oakley Main Mode
2-09: 16:43:59:72:670 flags: 0
2-09: 16:43:59:72:670 next payload: KE
2-09: 16:43:59:72:670 message ID: 00000000
2-09: 16:43:59:72:670 Ports S:f401 D:f401
2-09: 16:43:59:92:670
2-09: 16:43:59:92:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
2-09: 16:43:59:92:670 ISAKMP Header: (V1.0), len =
228
2-09: 16:43:59:92:670 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:43:59:92:670 R-COOKIE 3d386c850a99e264
2-09: 16:43:59:92:670 exchange: Oakley Main Mode
2-09: 16:43:59:92:670 flags: 0
2-09: 16:43:59:92:670 next payload: KE
2-09: 16:43:59:92:670 message ID: 00000000
2-09: 16:43:59:92:670 processing payload KE
2-09: 16:43:59:122:670 processing payload NONCE
2-09: 16:43:59:122:670 processing payload NATDISC
2-09: 16:43:59:122:670 Processing NatHash
2-09: 16:43:59:122:670 Nat hash
67ecfee8db90585ec9acd495c7df3de4
2-09: 16:43:59:122:670 14b834f0
2-09: 16:43:59:122:670 SA StateMask2 f
2-09: 16:43:59:122:670 processing payload NATDISC
2-09: 16:43:59:122:670 Processing NatHash
2-09: 16:43:59:122:670 Nat hash
ceedc440e477626e1068d66451dfe855
2-09: 16:43:59:122:670 201db022
2-09: 16:43:59:122:670 SA StateMask2 8f
2-09: 16:43:59:122:670 ClearFragList
2-09: 16:43:59:132:670 constructing ISAKMP Header
2-09: 16:43:59:132:670 constructing ID
2-09: 16:43:59:142:670 Received no valid CRPs. Using
all configured
2-09: 16:43:59:142:670 Looking for IPSec only cert
2-09: 16:43:59:152:670 Cert Trustes. 0 100
2-09: 16:43:59:152:670 Cert SHA Thumbprint
2d16b509f9321a54e03090781b660713
2-09: 16:43:59:152:670 fbeb65a0
2-09: 16:43:59:152:670 CertFindExtenstion failed with
0
2-09: 16:43:59:212:670 Entered CRL check
2-09: 16:43:59:232:670 Left CRL check
2-09: 16:43:59:232:670 Cert SHA Thumbprint
2d16b509f9321a54e03090781b660713
2-09: 16:43:59:232:670 fbeb65a0
2-09: 16:43:59:232:670 SubjectName: C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=teste.cliente,
E=nobregasz at yahoo.com.br
2-09: 16:43:59:232:670 Cert Serialnumber 02
2-09: 16:43:59:232:670 Cert SHA Thumbprint
2d16b509f9321a54e03090781b660713
2-09: 16:43:59:232:670 fbeb65a0
2-09: 16:43:59:232:670 SubjectName: C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br
2-09: 16:43:59:232:670 Cert Serialnumber 00
2-09: 16:43:59:232:670 Cert SHA Thumbprint
3b9b8df006afe6e1c52b6ae783d0776c
2-09: 16:43:59:232:670 ece1fd71
2-09: 16:43:59:232:670 Not storing My cert chain in
SA.
2-09: 16:43:59:232:670 MM ID Type 9
2-09: 16:43:59:232:670 MM ID
308184310b3009060355040613026272
2-09: 16:43:59:232:670
3110300e060355040813077061726169
2-09: 16:43:59:232:670
6261311430120603550407130b6a6f61
2-09: 16:43:59:232:670
6f20706573736f61310e300c06035504
2-09: 16:43:59:232:670
0a1305736566696e3116301406035504
2-09: 16:43:59:232:670
03130d74657374652e636c69656e7465
2-09: 16:43:59:242:670
3125302306092a864886f70d01090116
2-09: 16:43:59:242:670
166e6f6272656761737a407961686f6f
2-09: 16:43:59:242:670 2e636f6d2e6272
2-09: 16:43:59:242:670 constructing CERT
2-09: 16:43:59:242:670 Construct SIG
2-09: 16:43:59:242:670 Constructing Cert Request
2-09: 16:43:59:242:670 C=br, S=paraiba, L=joao
pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br
2-09: 16:43:59:242:670
2-09: 16:43:59:242:670 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
2-09: 16:43:59:242:670 ISAKMP Header: (V1.0), len =
1356
2-09: 16:43:59:242:670 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:43:59:242:670 R-COOKIE 3d386c850a99e264
2-09: 16:43:59:242:670 exchange: Oakley Main Mode
2-09: 16:43:59:252:670 flags: 1 ( encrypted )
2-09: 16:43:59:252:670 next payload: ID
2-09: 16:43:59:252:670 message ID: 00000000
2-09: 16:43:59:252:670 Ports S:f401 D:f401
2-09: 16:43:59:262:670
2-09: 16:43:59:262:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
2-09: 16:43:59:262:670 ISAKMP Header: (V1.0), len =
1212
2-09: 16:43:59:262:670 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:43:59:262:670 R-COOKIE 3d386c850a99e264
2-09: 16:43:59:262:670 exchange: Oakley Main Mode
2-09: 16:43:59:262:670 flags: 1 ( encrypted )
2-09: 16:43:59:262:670 next payload: ID
2-09: 16:43:59:262:670 message ID: 00000000
2-09: 16:43:59:262:670 processing payload ID
2-09: 16:43:59:262:670 processing payload CERT
2-09: 16:43:59:262:670 processing payload SIG
2-09: 16:43:59:262:670 Verifying CertStore
2-09: 16:43:59:262:670 SubjectName: C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br
2-09: 16:43:59:262:670 Cert Serialnumber 01
2-09: 16:43:59:262:670 Cert SHA Thumbprint
bbdf77a6d316596356df0bc8d21efbd7
2-09: 16:43:59:262:670 1a86d3a3
2-09: 16:43:59:262:670 Cert Trustes. 0 100
2-09: 16:43:59:272:670 SubjectName: C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br
2-09: 16:43:59:272:670 Cert Serialnumber 01
2-09: 16:43:59:272:670 Cert SHA Thumbprint
bbdf77a6d316596356df0bc8d21efbd7
2-09: 16:43:59:272:670 1a86d3a3
2-09: 16:43:59:272:670 SubjectName: C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br
2-09: 16:43:59:272:670 Cert Serialnumber 00
2-09: 16:43:59:272:670 Cert SHA Thumbprint
3b9b8df006afe6e1c52b6ae783d0776c
2-09: 16:43:59:272:670 ece1fd71
2-09: 16:43:59:272:670 Not storing Peer's cert chain
in SA.
2-09: 16:43:59:272:670 Cert SHA Thumbprint
bbdf77a6d316596356df0bc8d21efbd7
2-09: 16:43:59:272:670 1a86d3a3
2-09: 16:43:59:272:670 Entered CRL check
2-09: 16:43:59:272:670 Left CRL check
2-09: 16:43:59:272:670 CertFindExtenstion failed with
0
2-09: 16:43:59:272:670 Signature validated
2-09: 16:43:59:272:670 ClearFragList
2-09: 16:43:59:272:670 MM established. SA: 00106BE0
2-09: 16:43:59:272:670 QM PolicyName:
Host-roadwarrior-net filter action dwFlags 1
2-09: 16:43:59:272:670 QMOffer[0] LifetimeKBytes
50000 LifetimeSec 3600
2-09: 16:43:59:272:670 QMOffer[0] dwFlags 0
dwPFSGroup -2147483648
2-09: 16:43:59:272:670 Algo[0] Operation: ESP Algo:
Triplo DES CBC HMAC: MD5
2-09: 16:43:59:272:670 GetSpi: src =
192.168.0.0.0000, dst = 10.10.1.141.0000, proto = 00,
context = 00000010, srcMask = 255.255.255.0, destMask
= 255.255.255.255, TunnelFilter 1
2-09: 16:43:59:272:670 Setting SPI 101167492
2-09: 16:43:59:272:670 constructing ISAKMP Header
2-09: 16:43:59:272:670 constructing HASH (null)
2-09: 16:43:59:272:670 constructing SA (IPSEC)
2-09: 16:43:59:272:670 constructing QM KE
2-09: 16:43:59:342:670 constructing NONCE (IPSEC)
2-09: 16:43:59:342:670 constructing ID (proxy)
2-09: 16:43:59:342:670 constructing ID (proxy)
2-09: 16:43:59:342:670 constructing HASH (QM)
2-09: 16:43:59:342:670
2-09: 16:43:59:342:670 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
2-09: 16:43:59:342:670 ISAKMP Header: (V1.0), len =
308
2-09: 16:43:59:342:670 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:43:59:342:670 R-COOKIE 3d386c850a99e264
2-09: 16:43:59:342:670 exchange: Oakley Quick Mode
2-09: 16:43:59:342:670 flags: 1 ( encrypted )
2-09: 16:43:59:342:670 next payload: HASH
2-09: 16:43:59:342:670 message ID: 9840f745
2-09: 16:43:59:342:670 Ports S:f401 D:f401
2-09: 16:43:59:352:670
2-09: 16:43:59:352:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
2-09: 16:43:59:352:670 ISAKMP Header: (V1.0), len =
68
2-09: 16:43:59:352:670 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:43:59:352:670 R-COOKIE 3d386c850a99e264
2-09: 16:43:59:352:670 exchange: ISAKMP
Informational Exchange
2-09: 16:43:59:352:670 flags: 1 ( encrypted )
2-09: 16:43:59:352:670 next payload: HASH
2-09: 16:43:59:352:670 message ID: dba2a3a5
2-09: 16:43:59:352:670 processing HASH
(Notify/Delete)
2-09: 16:43:59:352:670 processing payload NOTIFY
2-09: 16:43:59:352:670 notify: INVALID-ID-INFORMATION
2-09: 16:43:59:352:670 isadb_set_status sa:00106BE0
centry:00000000 status 3601
2-09: 16:44:03:338:5e0 retransmit: sa = 00106BE0
centry 00143A48 , count = 1
2-09: 16:44:03:338:5e0
2-09: 16:44:03:338:5e0 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
2-09: 16:44:03:338:5e0 ISAKMP Header: (V1.0), len =
308
2-09: 16:44:03:338:5e0 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:44:03:338:5e0 R-COOKIE 3d386c850a99e264
2-09: 16:44:03:338:5e0 exchange: Oakley Quick Mode
2-09: 16:44:03:338:5e0 flags: 1 ( encrypted )
2-09: 16:44:03:338:5e0 next payload: HASH
2-09: 16:44:03:338:5e0 message ID: 9840f745
2-09: 16:44:03:338:5e0 Ports S:f401 D:f401
2-09: 16:44:03:338:670
2-09: 16:44:03:338:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
2-09: 16:44:03:338:670 ISAKMP Header: (V1.0), len =
68
2-09: 16:44:03:338:670 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:44:03:338:670 R-COOKIE 3d386c850a99e264
2-09: 16:44:03:338:670 exchange: ISAKMP
Informational Exchange
2-09: 16:44:03:338:670 flags: 1 ( encrypted )
2-09: 16:44:03:338:670 next payload: HASH
2-09: 16:44:03:338:670 message ID: 3d1c9038
2-09: 16:44:03:338:670 processing HASH
(Notify/Delete)
2-09: 16:44:03:338:670 processing payload NOTIFY
2-09: 16:44:03:338:670 notify: INVALID-MESSAGE-ID
2-09: 16:44:03:338:670 Unknown Notify Message 9
2-09: 16:44:08:345:5e0 retransmit: sa = 00106BE0
centry 00143A48 , count = 2
2-09: 16:44:08:345:5e0
2-09: 16:44:08:345:5e0 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
2-09: 16:44:08:345:5e0 ISAKMP Header: (V1.0), len =
308
2-09: 16:44:08:345:5e0 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:44:08:345:5e0 R-COOKIE 3d386c850a99e264
2-09: 16:44:08:345:5e0 exchange: Oakley Quick Mode
2-09: 16:44:08:345:5e0 flags: 1 ( encrypted )
2-09: 16:44:08:345:5e0 next payload: HASH
2-09: 16:44:08:345:5e0 message ID: 9840f745
2-09: 16:44:08:345:5e0 Ports S:f401 D:f401
2-09: 16:44:08:345:670
2-09: 16:44:08:345:670 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
2-09: 16:44:08:345:670 ISAKMP Header: (V1.0), len =
68
2-09: 16:44:08:345:670 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:44:08:345:670 R-COOKIE 3d386c850a99e264
2-09: 16:44:08:345:670 exchange: ISAKMP
Informational Exchange
2-09: 16:44:08:345:670 flags: 1 ( encrypted )
2-09: 16:44:08:345:670 next payload: HASH
2-09: 16:44:08:345:670 message ID: 5992ea7b
2-09: 16:44:08:345:670 processing HASH
(Notify/Delete)
2-09: 16:44:08:345:670 processing payload NOTIFY
2-09: 16:44:08:345:670 notify: INVALID-MESSAGE-ID
2-09: 16:44:08:345:670 Unknown Notify Message 9
2-09: 16:44:15:375:5e0 retransmit: sa = 00106BE0
centry 00143A48 , count = 3
2-09: 16:44:15:375:5e0
2-09: 16:44:15:375:5e0 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
2-09: 16:44:15:375:5e0 ISAKMP Header: (V1.0), len =
308
2-09: 16:44:15:375:5e0 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:44:15:375:5e0 R-COOKIE 3d386c850a99e264
2-09: 16:44:15:375:5e0 exchange: Oakley Quick Mode
2-09: 16:44:15:375:5e0 flags: 1 ( encrypted )
2-09: 16:44:15:375:5e0 next payload: HASH
2-09: 16:44:15:375:5e0 message ID: 9840f745
2-09: 16:44:15:375:5e0 Ports S:f401 D:f401
2-09: 16:44:15:375:460
2-09: 16:44:15:375:460 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
2-09: 16:44:15:375:460 ISAKMP Header: (V1.0), len =
68
2-09: 16:44:15:375:460 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:44:15:375:460 R-COOKIE 3d386c850a99e264
2-09: 16:44:15:375:460 exchange: ISAKMP
Informational Exchange
2-09: 16:44:15:375:460 flags: 1 ( encrypted )
2-09: 16:44:15:375:460 next payload: HASH
2-09: 16:44:15:375:460 message ID: 31ee71d3
2-09: 16:44:15:375:460 processing HASH
(Notify/Delete)
2-09: 16:44:15:375:460 processing payload NOTIFY
2-09: 16:44:15:375:460 notify: INVALID-MESSAGE-ID
2-09: 16:44:15:375:460 Unknown Notify Message 9
2-09: 16:44:23:467:5e0 retransmit: sa = 00106BE0
centry 00143A48 , count = 4
2-09: 16:44:23:467:5e0
2-09: 16:44:23:467:5e0 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
2-09: 16:44:23:467:5e0 ISAKMP Header: (V1.0), len =
308
2-09: 16:44:23:467:5e0 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:44:23:467:5e0 R-COOKIE 3d386c850a99e264
2-09: 16:44:23:467:5e0 exchange: Oakley Quick Mode
2-09: 16:44:23:467:5e0 flags: 1 ( encrypted )
2-09: 16:44:23:467:5e0 next payload: HASH
2-09: 16:44:23:467:5e0 message ID: 9840f745
2-09: 16:44:23:467:5e0 Ports S:f401 D:f401
2-09: 16:44:23:467:460
2-09: 16:44:23:467:460 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
2-09: 16:44:23:467:460 ISAKMP Header: (V1.0), len =
68
2-09: 16:44:23:467:460 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:44:23:467:460 R-COOKIE 3d386c850a99e264
2-09: 16:44:23:467:460 exchange: ISAKMP
Informational Exchange
2-09: 16:44:23:467:460 flags: 1 ( encrypted )
2-09: 16:44:23:467:460 next payload: HASH
2-09: 16:44:23:467:460 message ID: c4e5da71
2-09: 16:44:23:467:460 processing HASH
(Notify/Delete)
2-09: 16:44:23:467:460 processing payload NOTIFY
2-09: 16:44:23:467:460 notify: INVALID-MESSAGE-ID
2-09: 16:44:23:467:460 Unknown Notify Message 9
2-09: 16:44:39:490:5e0 retransmit: sa = 00106BE0
centry 00143A48 , count = 5
2-09: 16:44:39:490:5e0
2-09: 16:44:39:490:5e0 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 2.500
2-09: 16:44:39:490:5e0 ISAKMP Header: (V1.0), len =
308
2-09: 16:44:39:490:5e0 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:44:39:490:5e0 R-COOKIE 3d386c850a99e264
2-09: 16:44:39:490:5e0 exchange: Oakley Quick Mode
2-09: 16:44:39:490:5e0 flags: 1 ( encrypted )
2-09: 16:44:39:490:5e0 next payload: HASH
2-09: 16:44:39:490:5e0 message ID: 9840f745
2-09: 16:44:39:490:5e0 Ports S:f401 D:f401
2-09: 16:44:39:490:460
2-09: 16:44:39:490:460 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
2-09: 16:44:39:490:460 ISAKMP Header: (V1.0), len =
68
2-09: 16:44:39:490:460 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:44:39:490:460 R-COOKIE 3d386c850a99e264
2-09: 16:44:39:490:460 exchange: ISAKMP
Informational Exchange
2-09: 16:44:39:490:460 flags: 1 ( encrypted )
2-09: 16:44:39:490:460 next payload: HASH
2-09: 16:44:39:490:460 message ID: 94892144
2-09: 16:44:39:490:460 processing HASH
(Notify/Delete)
2-09: 16:44:39:490:460 processing payload NOTIFY
2-09: 16:44:39:490:460 notify: INVALID-MESSAGE-ID
2-09: 16:44:39:490:460 Unknown Notify Message 9
2-09: 16:45:11:486:460
2-09: 16:45:11:486:460 Receive: (get) SA = 0x0013a038
from 10.10.1.231.500
2-09: 16:45:11:486:460 ISAKMP Header: (V1.0), len =
84
2-09: 16:45:11:486:460 I-COOKIE 66d0bb343ddecafc
2-09: 16:45:11:486:460 R-COOKIE d5fc7a23a36c7f94
2-09: 16:45:11:486:460 exchange: ISAKMP
Informational Exchange
2-09: 16:45:11:486:460 flags: 1 ( encrypted )
2-09: 16:45:11:486:460 next payload: HASH
2-09: 16:45:11:486:460 message ID: ff0bfe6b
2-09: 16:45:11:486:460 processing HASH
(Notify/Delete)
2-09: 16:45:11:486:460 processing payload DELETE
2-09: 16:45:11:486:460 SA Dead. sa:0013A038
status:35ef
2-09: 16:45:11:536:5e0 retransmit exhausted: sa =
00106BE0 centry 00143A48, count = 6
2-09: 16:45:11:556:5e0 Modo de proteção de dados
(Modo rápido)
2-09: 16:45:11:556:5e0 Endereço IP de origem
10.10.1.141 Máscara do endereço IP de origem
255.255.255.255 Endereço IP de destino 192.168.0.0
Máscara do endereço IP de destino 255.255.255.0
Protocolo 0 Porta de origem 0 Porta de destino 0
End. local IKE 10.10.1.141 End. IKE de mesmo nível
10.10.1.231
2-09: 16:45:11:556:5e0 Identidade baseada no
certificado. Entidade de mesmo nível C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br Impressão digital SHA de
mesmo nível bbdf77a6d316596356df0bc8d21efbd71a86d3a3
Autoridade de certificação emitente C=br, S=paraiba,
L=joao pessoa, O=sefin, CN=vpn.teste,
E=nobregasz at yahoo.com.br Autoridade de certificação
raiz C=br, S=paraiba, L=joao pessoa, O=sefin,
CN=vpn.teste, E=nobregasz at yahoo.com.br Minha entidade
C=br, S=paraiba, L=joao pessoa, O=sefin,
CN=teste.cliente, E=nobregasz at yahoo.com.br Minha
impressão digital SHA
2d16b509f9321a54e03090781b660713fbeb65a0 Endereço IP
de mesmo nível: 10.10.1.231
2-09: 16:45:11:556:5e0 Eu
2-09: 16:45:11:556:5e0 Tempo limite da negociação
esgotado
2-09: 16:45:11:556:5e0 0x0 0x0
2-09: 16:45:11:556:5e0 isadb_set_status sa:00106BE0
centry:00143A48 status 35ed
2-09: 16:45:44:544:460 ClearFragList
2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
1e09933a-03d9-4a23-b85b7d20386feeb3 4
2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
55d6b4be-0409-4ce5-8916b06c4d75bf14 4
2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
40de55e7-6c33-447c-9e6dc782837aeca5 3
2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
e8ef537a-71df-4139-923f6bf56a7c9702 3
2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
70428329-49d7-49c0-9b270b0a256189b1 3
2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
6e0603cb-ce98-428b-a73dd53e8b409350 3
2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
bc6f873e-5af5-407c-8ab3515bf81b5a25 1
2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
c70fc30b-144b-4ed8-b4d09cac0d7b7484 2
2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
d817d4cd-6fdc-4f0c-a07e17dd526d1bc8 2
2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
3d6c90ca-9738-4249-a3a2da0329dc932c 2
2-09: 16:49:44:539:588
isadb_schedule_kill_oldPolicy_sas:
fab2a78b-e230-4f98-a1775a1d53f3fc12 2
2-09: 16:49:44:549:460 entered kill_old_policy_sas 4
2-09: 16:49:44:549:460 entered kill_old_policy_sas 4
2-09: 16:49:44:549:460 SA Dead. sa:00106BE0
status:3619
2-09: 16:49:44:549:460 constructing ISAKMP Header
2-09: 16:49:44:549:460 constructing HASH (null)
2-09: 16:49:44:549:460 constructing DELETE. MM
00106BE0
2-09: 16:49:44:549:460 constructing HASH
(Notify/Delete)
2-09: 16:49:44:549:460 Not setting retransmit to
downlevel client. SA 00106BE0 Centry 00000000
2-09: 16:49:44:549:460
2-09: 16:49:44:549:460 Sending: SA = 0x00106BE0 to
10.10.1.231:Type 1.500
2-09: 16:49:44:549:460 ISAKMP Header: (V1.0), len =
84
2-09: 16:49:44:549:460 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:49:44:549:460 R-COOKIE 3d386c850a99e264
2-09: 16:49:44:549:460 exchange: ISAKMP
Informational Exchange
2-09: 16:49:44:549:460 flags: 1 ( encrypted )
2-09: 16:49:44:549:460 next payload: HASH
2-09: 16:49:44:549:460 message ID: 0aa7e45b
2-09: 16:49:44:549:460 Ports S:f401 D:f401
2-09: 16:49:44:549:460 SA Dead. sa:0014A240
status:3619
2-09: 16:49:44:549:460 constructing ISAKMP Header
2-09: 16:49:44:549:460 constructing HASH (null)
2-09: 16:49:44:549:460 constructing DELETE. MM
0014A240
2-09: 16:49:44:549:460 constructing HASH
(Notify/Delete)
2-09: 16:49:44:549:460 Not setting retransmit to
downlevel client. SA 0014A240 Centry 00000000
2-09: 16:49:44:549:460
2-09: 16:49:44:549:460 Sending: SA = 0x0014A240 to
10.10.1.231:Type 1.500
2-09: 16:49:44:549:460 ISAKMP Header: (V1.0), len =
84
2-09: 16:49:44:549:460 I-COOKIE a5c0e956a2413d45
2-09: 16:49:44:549:460 R-COOKIE 46fe05d96911ce6b
2-09: 16:49:44:549:460 exchange: ISAKMP
Informational Exchange
2-09: 16:49:44:549:460 flags: 1 ( encrypted )
2-09: 16:49:44:549:460 next payload: HASH
2-09: 16:49:44:549:460 message ID: b302ed2d
2-09: 16:49:44:549:460 Ports S:f401 D:f401
2-09: 16:49:44:549:460 entered kill_old_policy_sas 3
2-09: 16:49:44:549:460 entered kill_old_policy_sas 3
2-09: 16:49:44:549:460 entered kill_old_policy_sas 3
2-09: 16:49:44:549:460 entered kill_old_policy_sas 3
2-09: 16:49:44:549:460 entered kill_old_policy_sas 1
2-09: 16:49:44:549:460 entered kill_old_policy_sas 2
2-09: 16:49:44:549:460 entered kill_old_policy_sas 2
2-09: 16:49:44:549:460 entered kill_old_policy_sas 2
2-09: 16:49:44:549:460 entered kill_old_policy_sas 2
2-09: 16:49:44:549:460
2-09: 16:49:44:549:460 Receive: (get) SA = 0x00106be0
from 10.10.1.231.500
2-09: 16:49:44:549:460 ISAKMP Header: (V1.0), len =
84
2-09: 16:49:44:549:460 I-COOKIE d8ccd6e05f81a0d2
2-09: 16:49:44:549:460 R-COOKIE 3d386c850a99e264
2-09: 16:49:44:549:460 exchange: ISAKMP
Informational Exchange
2-09: 16:49:44:549:460 flags: 1 ( encrypted )
2-09: 16:49:44:549:460 next payload: HASH
2-09: 16:49:44:549:460 message ID: 63bcf19b
2-09: 16:49:44:549:460 processing HASH
(Notify/Delete)
2-09: 16:49:44:549:460 processing payload DELETE
2-09: 16:50:14:582:724 ClearFragList
2-09: 16:50:14:582:724 ClearFragList
_______________________________________________________
Yahoo! Acesso Grátis - Instale o discador do Yahoo! agora. http://br.acesso.yahoo.com/ - Internet rápida e grátis
More information about the Users
mailing list