[Openswan Users] Modecfg push
Jiva DeVoe
jiva at ixiacom.com
Fri Jan 21 15:04:50 CET 2005
So I'm testing push modecfg with ipv4 subnets over ipv6 tunnels
and I see:
next payload type of ISAKMP Hash Payload has an unknown value: 180
on the initiator side when the modecfg SET is received from the responder.
In this case, my responder is my modecfg server, and my initiator is my
modecfg client. The number in the unknown value changes each time.
Any clues on where to look to fix this?
Here's a bit more detail from the log:
initiator:
| *received 92 bytes from fed1::1000:500 on ixint1
| 6e ff e8 cc 59 43 4d 0f 02 44 28 39 f8 ed dd 6c
| 08 10 06 01 1d e5 25 b9 00 00 00 5c d2 ee 77 82
| 3f 33 f4 6c c2 78 b6 39 ea c3 56 56 ca 9b 16 cf
| 57 ce 76 fe 02 03 37 5e 4e 13 db c0 c6 40 e6 85
| b9 9f c0 55 b0 cd d9 ce af 99 7f a2 7b 78 2e 1d
| 56 b1 23 5f 5d 0b da cf 93 1c 16 87
| **parse ISAKMP Message:
| initiator cookie:
| 6e ff e8 cc 59 43 4d 0f
| responder cookie:
| 02 44 28 39 f8 ed dd 6c
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0
| exchange type: ISAKMP_XCHG_MODE_CFG
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 1d e5 25 b9
| length: 92
| ICOOKIE: 6e ff e8 cc 59 43 4d 0f
| RCOOKIE: 02 44 28 39 f8 ed dd 6c
| peer: fe d1 00 00 00 00 00 00 00 00 00 00 00 00 10 00
| state hash entry 15
| peer and cookies match on #4, provided msgid 1de525b9 vs 00000000
| state object not found
| ICOOKIE: 6e ff e8 cc 59 43 4d 0f
| RCOOKIE: 02 44 28 39 f8 ed dd 6c
| peer: fe d1 00 00 00 00 00 00 00 00 00 00 00 00 10 00
| state hash entry 15
| peer and cookies match on #4, provided msgid 00000000 vs 00000000
| state object #4 found, in STATE_XAUTH_I1
"Connection0" #4: extra debugging enabled for connection: none
| last Phase 1 IV: 73 bc e5 eb 6e f6 1e a4
| last Phase 1 IV: 5a 74 be 8b ad 6c 62 4c
| computed Phase 2 IV:
| ca 90 37 80 e6 a3 6f 2f 25 16 35 c8 8d 32 16 5d
| received encrypted packet from fed1::1000:500
| decrypting 64 bytes using algorithm OAKLEY_3DES_CBC
| decrypted:
| 9e e4 89 1f 19 8e c2 17 58 b8 79 f4 71 8d c0 c7
| 2b 99 3a b9 00 00 00 2c 03 00 00 00 00 01 00 04
| 28 00 00 0a 00 03 00 00 00 03 00 00 00 04 00 00
| 00 04 00 00 00 0d 00 08 28 00 00 6e ff ff ff ff
| next IV: 5d 0b da cf 93 1c 16 87
"Connection0" #4: next payload type of ISAKMP Hash Payload has an unknown
value: 158
"Connection0" #4: malformed payload in packet
"Connection0" #4: sending notification PAYLOAD_MALFORMED to fed1::1000:500
And the responder:
"Connection0" #4: Sending MODE CONFIG set
| **emit ISAKMP Message:
| initiator cookie:
| 6e ff e8 cc 59 43 4d 0f
| responder cookie:
| 02 44 28 39 f8 ed dd 6c
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0
| exchange type: ISAKMP_XCHG_MODE_CFG
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 1d e5 25 b9
| ***emit ISAKMP Hash Payload:
| next payload type: ISAKMP_NEXT_MODECFG
| emitting 16 zero bytes of HASH into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 20
| ***emit ISAKMP Mode Attribute:
| next payload type: ISAKMP_NEXT_NONE
| Attr Msg Type: ISAKMP_CFG_SET
| Identifier: 0
| ****emit ISAKMP ModeCfg attribute:
| ModeCfg attr type: INTERNAL_IP4_ADDRESS
| emitting 4 raw bytes of IP4_addr into ISAKMP ModeCfg attribute
| IP4_addr 28 00 00 0a
| emitting length of ISAKMP ModeCfg attribute: 4
| ****emit ISAKMP ModeCfg attribute:
| ModeCfg attr type: INTERNAL_IP4_DNS
| emitting 0 raw bytes of IP4_dns into ISAKMP ModeCfg attribute
| IP4_dns
| emitting length of ISAKMP ModeCfg attribute: 0
| ****emit ISAKMP ModeCfg attribute:
| ModeCfg attr type: INTERNAL_IP4_DNS
| emitting 0 raw bytes of IP4_dns into ISAKMP ModeCfg attribute
| IP4_dns
| emitting length of ISAKMP ModeCfg attribute: 0
| ****emit ISAKMP ModeCfg attribute:
| ModeCfg attr type: INTERNAL_IP4_NBNS
| emitting 0 raw bytes of IP4_wins into ISAKMP ModeCfg attribute
| IP4_wins
| emitting length of ISAKMP ModeCfg attribute: 0
| ****emit ISAKMP ModeCfg attribute:
| ModeCfg attr type: INTERNAL_IP4_NBNS
| emitting 0 raw bytes of IP4_wins into ISAKMP ModeCfg attribute
| IP4_wins
| emitting length of ISAKMP ModeCfg attribute: 0
| ****emit ISAKMP ModeCfg attribute:
| ModeCfg attr type: INTERNAL_IP4_SUBNET
| emitting 4 raw bytes of IP4_subnet into ISAKMP ModeCfg attribute
| IP4_subnet 28 00 00 6e
| emitting 4 raw bytes of IP4_submsk into ISAKMP ModeCfg attribute
| IP4_submsk ff ff ff ff
| emitting length of ISAKMP ModeCfg attribute: 8
| emitting length of ISAKMP Mode Attribute: 44
| XAUTH: HASH computed:
| 52 41 cf 74 58 b8 79 f4 71 8d c0 c7 2b 99 3a b9
| emitting length of ISAKMP Message: 92
| encrypting:
| 0e 00 00 14 52 41 cf 74 58 b8 79 f4 71 8d c0 c7
| 2b 99 3a b9 00 00 00 2c 03 00 00 00 00 01 00 04
| 28 00 00 0a 00 03 00 00 00 03 00 00 00 04 00 00
| 00 04 00 00 00 0d 00 08 28 00 00 6e ff ff ff ff
| encrypting using OAKLEY_3DES_CBC
| next IV: 5d 0b da cf 93 1c 16 87
| emitting length of ISAKMP Message: 92
| sending 92 bytes for ModeCfg set through ixint1 to fed1::10:500:
| 6e ff e8 cc 59 43 4d 0f 02 44 28 39 f8 ed dd 6c
| 08 10 06 01 1d e5 25 b9 00 00 00 5c d2 ee 77 82
| 3f 33 f4 6c c2 78 b6 39 ea c3 56 56 ca 9b 16 cf
| 57 ce 76 fe 02 03 37 5e 4e 13 db c0 c6 40 e6 85
| b9 9f c0 55 b0 cd d9 ce af 99 7f a2 7b 78 2e 1d
| 56 b1 23 5f 5d 0b da cf 93 1c 16 87
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #4
| next event EVENT_RETRANSMIT in 10 seconds for #4
More information about the Users
mailing list