[Openswan Users] Simple question: What are possible values for
esp= in ipsec.conf?
Tibor Incze
tibor.incze at eservglobal.com
Thu Jun 9 09:14:21 CEST 2005
What does this mean?
failed to build notification for spisize=0
Also here's some pluto debug from /var/log/secure:
================Seems to be OK here(see below for
problem=========================="esg_rwvpn" #1: sent AI2, ISAKMP SA established
Jun 8 10:42:42 gitz pluto[7536]: | XAUTH client is not yet authenticated
Jun 8 10:42:42 gitz pluto[7536]: | next event EVENT_NAT_T_KEEPALIVE in 19
secondsJun 8 10:42:42 gitz pluto[7536]: |
Jun 8 10:42:42 gitz pluto[7536]: | *received 76 bytes from
203.118.128.130:500 on ath0 (port=500)Jun 8 10:42:42 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50 d2 96 ec
f4 47 a9 e3 39Jun 8 10:42:42 gitz pluto[7536]: | 08 10 06 01 f7 c1 a8 56 00 00 00
4c 81 7a 26 2cJun 8 10:42:42 gitz pluto[7536]: | f5 09 9c 95 81 a1 df ec 59 81 3d
b9 bc 1e 6d ceJun 8 10:42:42 gitz pluto[7536]: | 58 69 7c e3 27 8a 6e bd ce 9d 9e
f9 0a 70 89 89Jun 8 10:42:42 gitz pluto[7536]: | 48 ab 33 75 9e 25 76 1b b0 7e 11 c5
Jun 8 10:42:42 gitz pluto[7536]: | **parse ISAKMP Message:
Jun 8 10:42:42 gitz pluto[7536]: | initiator cookie:
Jun 8 10:42:42 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:42 gitz pluto[7536]: | responder cookie:
Jun 8 10:42:42 gitz pluto[7536]: | d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:42 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_HASH
Jun 8 10:42:42 gitz pluto[7536]: | ISAKMP version: ISAKMP Version 1.0
Jun 8 10:42:42 gitz pluto[7536]: | exchange type: ISAKMP_XCHG_MODE_CFG
Jun 8 10:42:42 gitz pluto[7536]: | flags: ISAKMP_FLAG_ENCRYPTION
Jun 8 10:42:42 gitz pluto[7536]: | message ID: f7 c1 a8 56
Jun 8 10:42:42 gitz pluto[7536]: | length: 76
Jun 8 10:42:42 gitz pluto[7536]: | ICOOKIE: 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:42 gitz pluto[7536]: | RCOOKIE: d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:42 gitz pluto[7536]: | peer: cb 76 80 82
Jun 8 10:42:42 gitz pluto[7536]: | state hash entry 25
Jun 8 10:42:42 gitz pluto[7536]: | peer and cookies match on #1, provided
msgid f7c1a856 vs 00000000/00000000Jun 8 10:42:42 gitz pluto[7536]: | p15 state object not found
Jun 8 10:42:42 gitz pluto[7536]: | ICOOKIE: 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:42 gitz pluto[7536]: | RCOOKIE: d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:42 gitz pluto[7536]: | peer: cb 76 80 82
Jun 8 10:42:42 gitz pluto[7536]: | state hash entry 25
Jun 8 10:42:42 gitz pluto[7536]: | peer and cookies match on #1, provided
msgid 00000000 vs 00000000Jun 8 10:42:42 gitz pluto[7536]: | state object #1 found, in STATE_AGGR_I2
Jun 8 10:42:43 gitz pluto[7536]: | processing connection esg_rwvpn
Jun 8 10:42:43 gitz pluto[7536]: | last Phase 1 IV: 75 6f 50 be 45 49
40 b0Jun 8 10:42:43 gitz pluto[7536]: | current Phase 1 IV: 75 6f 50 be 45
49 40 b0Jun 8 10:42:43 gitz pluto[7536]: | computed Phase 2 IV:
Jun 8 10:42:43 gitz pluto[7536]: | 2f 94 82 0c 1d 96 09 06 b8 70 9e
e6 97 d3 18 74Jun 8 10:42:43 gitz pluto[7536]: | 4e 34 0d 94
Jun 8 10:42:43 gitz pluto[7536]: | received encrypted packet from
203.118.128.130:500Jun 8 10:42:43 gitz pluto[7536]: | decrypting 48 bytes using algorithm
OAKLEY_3DES_CBCJun 8 10:42:43 gitz pluto[7536]: | decrypted:
Jun 8 10:42:43 gitz pluto[7536]: | 0e 00 00 18 91 b9 4c 72 1d e2 3f
92 ca b8 e0 07Jun 8 10:42:43 gitz pluto[7536]: | d4 8a e1 5a 02 19 9d f4 00 00 00
14 01 00 00 6fJun 8 10:42:43 gitz pluto[7536]: | c0 88 00 00 40 89 00 00 40 8a 00
00 00 00 00 00Jun 8 10:42:43 gitz pluto[7536]: | next IV: 9e 25 76 1b b0 7e 11 c5
Jun 8 10:42:43 gitz pluto[7536]: | ***parse ISAKMP Hash Payload:
Jun 8 10:42:43 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_MODECFG
Jun 8 10:42:43 gitz pluto[7536]: | length: 24
Jun 8 10:42:43 gitz pluto[7536]: | ***parse ISAKMP Mode Attribute:
Jun 8 10:42:43 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_NONE
Jun 8 10:42:43 gitz pluto[7536]: | length: 20
Jun 8 10:42:43 gitz pluto[7536]: | Attr Msg Type: ISAKMP_CFG_REQUEST
Jun 8 10:42:43 gitz pluto[7536]: | Identifier: 111
Jun 8 10:42:43 gitz pluto[7536]: | removing 4 bytes of padding
Jun 8 10:42:43 gitz pluto[7536]: | **emit ISAKMP Message:
Jun 8 10:42:43 gitz pluto[7536]: | initiator cookie:
Jun 8 10:42:43 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:43 gitz pluto[7536]: | responder cookie:
Jun 8 10:42:43 gitz pluto[7536]: | d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:43 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_HASH
Jun 8 10:42:43 gitz pluto[7536]: | ISAKMP version: ISAKMP Version 1.0
Jun 8 10:42:43 gitz pluto[7536]: | exchange type: ISAKMP_XCHG_MODE_CFG
Jun 8 10:42:43 gitz pluto[7536]: | flags: ISAKMP_FLAG_ENCRYPTION
Jun 8 10:42:43 gitz pluto[7536]: | message ID: f7 c1 a8 56
Jun 8 10:42:43 gitz pluto[7536]: | arrived in xauth_inI0
Jun 8 10:42:43 gitz pluto[7536]: | XAUTH: HASH computed:
Jun 8 10:42:43 gitz pluto[7536]: | 91 b9 4c 72 1d e2 3f 92 ca b8 e0
07 d4 8a e1 5aJun 8 10:42:43 gitz pluto[7536]: | 02 19 9d f4
Jun 8 10:42:43 gitz pluto[7536]: | ****parse ISAKMP ModeCfg attribute:
Jun 8 10:42:43 gitz pluto[7536]: | ModeCfg attr type: XAUTH-TYPE
Jun 8 10:42:43 gitz pluto[7536]: | length/value: 0
Jun 8 10:42:43 gitz pluto[7536]: | ****parse ISAKMP ModeCfg attribute:
Jun 8 10:42:43 gitz pluto[7536]: | ModeCfg attr type: XAUTH-USER-NAME
Jun 8 10:42:43 gitz pluto[7536]: | length/value: 0
Jun 8 10:42:43 gitz pluto[7536]: | ****parse ISAKMP ModeCfg attribute:
Jun 8 10:42:43 gitz pluto[7536]: | ModeCfg attr type: XAUTH-USER-PASSWORD
Jun 8 10:42:43 gitz pluto[7536]: | length/value: 0
Jun 8 10:42:43 gitz pluto[7536]: | XAUTH: Username/password request received
Jun 8 10:42:43 gitz pluto[7536]: | ***emit ISAKMP Hash Payload:
Jun 8 10:42:43 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_MODECFG
Jun 8 10:42:43 gitz pluto[7536]: | emitting 20 zero bytes of HASH into
ISAKMP Hash PayloadJun 8 10:42:43 gitz pluto[7536]: | emitting length of ISAKMP Hash
Payload: 24Jun 8 10:42:43 gitz pluto[7536]: | ***emit ISAKMP Mode Attribute:
Jun 8 10:42:43 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_NONE
Jun 8 10:42:43 gitz pluto[7536]: | Attr Msg Type: ISAKMP_CFG_REPLY
Jun 8 10:42:43 gitz pluto[7536]: | Identifier: 111
Jun 8 10:42:43 gitz pluto[7536]: | ****emit ISAKMP ModeCfg attribute:
Jun 8 10:42:43 gitz pluto[7536]: | ModeCfg attr type: XAUTH-TYPE
Jun 8 10:42:43 gitz pluto[7536]: | length/value: 0
Jun 8 10:42:43 gitz pluto[7536]: | ****emit ISAKMP ModeCfg attribute:
Jun 8 10:42:43 gitz pluto[7536]: | ModeCfg attr type: XAUTH-USER-NAME
Jun 8 10:42:43 gitz pluto[7536]: | prompting for Username:
Jun 8 10:42:45 gitz pluto[7536]: | emitting 6 raw bytes of XAUTH username
into ISAKMP ModeCfg attributeJun 8 10:42:45 gitz pluto[7536]: | XAUTH username 74 69 6e 63 7a 65
Jun 8 10:42:45 gitz pluto[7536]: | emitting length of ISAKMP ModeCfg
attribute: 6Jun 8 10:42:45 gitz pluto[7536]: | ****emit ISAKMP ModeCfg attribute:
Jun 8 10:42:45 gitz pluto[7536]: | ModeCfg attr type: XAUTH-USER-PASSWORD
Jun 8 10:42:45 gitz pluto[7536]: | prompting for Password:
Jun 8 10:42:48 gitz pluto[7536]: | emitting 8 raw bytes of XAUTH password
into ISAKMP ModeCfg attributeJun 8 10:42:48 gitz pluto[7536]: | XAUTH password <removed>
Jun 8 10:42:48 gitz pluto[7536]: | emitting length of ISAKMP ModeCfg
attribute: 8Jun 8 10:42:48 gitz pluto[7536]: | emitting length of ISAKMP Mode
Attribute: 34Jun 8 10:42:48 gitz pluto[7536]: "esg_rwvpn" #1: XAUTH: Answering XAUTH
challenge with user='username'Jun 8 10:42:48 gitz pluto[7536]: | XAUTH: HASH computed:
Jun 8 10:42:48 gitz pluto[7536]: | d7 0b 2d f1 b9 be 8d 4d c7 fe cc
e6 44 84 9d 41Jun 8 10:42:48 gitz pluto[7536]: | 7e d8 32 fe
Jun 8 10:42:48 gitz pluto[7536]: | emitting 2 zero bytes of message
padding into ISAKMP MessageJun 8 10:42:48 gitz pluto[7536]: | emitting length of ISAKMP Message: 88
Jun 8 10:42:48 gitz pluto[7536]: | encrypting:
Jun 8 10:42:48 gitz pluto[7536]: | 0e 00 00 18 d7 0b 2d f1 b9 be 8d
4d c7 fe cc e6Jun 8 10:42:48 gitz pluto[7536]: | 44 84 9d 41 7e d8 32 fe 00 00 00
22 02 00 00 6fJun 8 10:42:48 gitz pluto[7536]: | c0 88 00 00 40 89 00 06 74 69 6e
63 7a 65 40 8aJun 8 10:42:48 gitz pluto[7536]: | 00 08 73 7a 31 6b 6c 40 6b 21 00 00
Jun 8 10:42:48 gitz pluto[7536]: | IV:
Jun 8 10:42:48 gitz pluto[7536]: | 9e 25 76 1b b0 7e 11 c5
Jun 8 10:42:48 gitz pluto[7536]: | emitting 4 zero bytes of encryption
padding into ISAKMP MessageJun 8 10:42:48 gitz pluto[7536]: | encrypting using OAKLEY_3DES_CBC
Jun 8 10:42:48 gitz pluto[7536]: | next IV: 4f 14 88 b8 3a 8a a9 39
Jun 8 10:42:48 gitz pluto[7536]: | emitting length of ISAKMP Message: 92
Jun 8 10:42:48 gitz pluto[7536]: | xauth_inI0(STF_OK)
Jun 8 10:42:48 gitz pluto[7536]: | complete state transition with STF_OK
Jun 8 10:42:48 gitz pluto[7536]: "esg_rwvpn" #1: transition from state
STATE_XAUTH_I0 to state STATE_XAUTH_I1Jun 8 10:42:48 gitz pluto[7536]: | sending reply packet to
203.118.128.130:500 (from port=500)Jun 8 10:42:48 gitz pluto[7536]: | sending 92 bytes for STATE_XAUTH_I0
through ath0:500 to 203.118.128.130:500:Jun 8 10:42:48 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50 d2 96 ec
f4 47 a9 e3 39Jun 8 10:42:48 gitz pluto[7536]: | 08 10 06 01 f7 c1 a8 56 00 00 00
5c a0 54 10 61Jun 8 10:42:48 gitz pluto[7536]: | 27 fb 4f 12 2f 2b 4d 35 2b 43 1d
df 9e 9a ba edJun 8 10:42:48 gitz pluto[7536]: | dc e6 ab 61 fb f7 42 59 91 33 5b
1e ea 76 78 20Jun 8 10:42:48 gitz pluto[7536]: | f9 3f c3 84 7a 65 c7 21 e0 0c c7
69 3a c2 60 90Jun 8 10:42:48 gitz pluto[7536]: | 9f de fb 4d 4f 14 88 b8 3a 8a a9 39
Jun 8 10:42:48 gitz pluto[7536]: | inserting event EVENT_SA_REPLACE,
timeout in 28530 seconds for #1Jun 8 10:42:48 gitz pluto[7536]: "esg_rwvpn" #1: XAUTH client - awaiting
CFG_setJun 8 10:42:48 gitz pluto[7536]: | XAUTH client is not yet authenticated
Jun 8 10:42:48 gitz pluto[7536]: | next event EVENT_NAT_T_KEEPALIVE in 13
secondsJun 8 10:42:48 gitz pluto[7536]: |
Jun 8 10:42:48 gitz pluto[7536]: | *received 108 bytes from
203.118.128.130:500 on ath0 (port=500)Jun 8 10:42:48 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50 d2 96 ec
f4 47 a9 e3 39Jun 8 10:42:48 gitz pluto[7536]: | 08 10 06 01 3f a6 04 62 00 00 00
6c c8 1a ed 93Jun 8 10:42:48 gitz pluto[7536]: | 4b 76 4a bb 84 6d 1b 1f 96 81 4b
f9 3e d4 aa 5fJun 8 10:42:48 gitz pluto[7536]: | f0 72 11 5f d5 cd 18 f2 75 6c 2a
04 ba f0 1d 19Jun 8 10:42:48 gitz pluto[7536]: | 24 8e a4 94 e0 50 f5 e0 1c 63 08
02 db 0e 25 5cJun 8 10:42:48 gitz pluto[7536]: | 5c 75 4b ed 93 f5 06 9f 69 3d 61
15 d2 3a 9a 6eJun 8 10:42:48 gitz pluto[7536]: | b8 4c 45 7e 4a 92 73 e0 78 22 de e9
Jun 8 10:42:48 gitz pluto[7536]: | **parse ISAKMP Message:
Jun 8 10:42:48 gitz pluto[7536]: | initiator cookie:
Jun 8 10:42:48 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:48 gitz pluto[7536]: | responder cookie:
Jun 8 10:42:48 gitz pluto[7536]: | d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:48 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_HASH
Jun 8 10:42:48 gitz pluto[7536]: | ISAKMP version: ISAKMP Version 1.0
Jun 8 10:42:48 gitz pluto[7536]: | exchange type: ISAKMP_XCHG_MODE_CFG
Jun 8 10:42:48 gitz pluto[7536]: | flags: ISAKMP_FLAG_ENCRYPTION
Jun 8 10:42:48 gitz pluto[7536]: | message ID: 3f a6 04 62
Jun 8 10:42:48 gitz pluto[7536]: | length: 108
Jun 8 10:42:48 gitz pluto[7536]: | ICOOKIE: 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:48 gitz pluto[7536]: | RCOOKIE: d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:48 gitz pluto[7536]: | peer: cb 76 80 82
Jun 8 10:42:48 gitz pluto[7536]: | state hash entry 25
Jun 8 10:42:48 gitz pluto[7536]: | peer and cookies match on #1, provided
msgid 3fa60462 vs 00000000/00000000Jun 8 10:42:48 gitz pluto[7536]: | p15 state object not found
Jun 8 10:42:48 gitz pluto[7536]: | ICOOKIE: 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:48 gitz pluto[7536]: | RCOOKIE: d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:48 gitz pluto[7536]: | peer: cb 76 80 82
Jun 8 10:42:48 gitz pluto[7536]: | state hash entry 25
Jun 8 10:42:48 gitz pluto[7536]: | peer and cookies match on #1, provided
msgid 00000000 vs 00000000Jun 8 10:42:48 gitz pluto[7536]: | state object #1 found, in STATE_XAUTH_I1
Jun 8 10:42:48 gitz pluto[7536]: | processing connection esg_rwvpn
Jun 8 10:42:48 gitz pluto[7536]: | last Phase 1 IV: 75 6f 50 be 45 49
40 b0Jun 8 10:42:48 gitz pluto[7536]: | current Phase 1 IV: 4f 14 88 b8 3a
8a a9 39Jun 8 10:42:48 gitz pluto[7536]: | computed Phase 2 IV:
Jun 8 10:42:48 gitz pluto[7536]: | 24 6e bd 7b c9 64 66 87 a2 22 63
c9 7f 74 43 53Jun 8 10:42:48 gitz pluto[7536]: | 72 73 e1 b0
Jun 8 10:42:48 gitz pluto[7536]: | received encrypted packet from
203.118.128.130:500Jun 8 10:42:48 gitz pluto[7536]: | decrypting 80 bytes using algorithm
OAKLEY_3DES_CBCJun 8 10:42:48 gitz pluto[7536]: | decrypted:
Jun 8 10:42:48 gitz pluto[7536]: | 0e 00 00 18 78 67 d9 d5 82 a5 19
d7 0d 8d ff 6fJun 8 10:42:48 gitz pluto[7536]: | 79 01 72 b3 92 ca dc 4b 00 00 00
30 03 00 03 e7Jun 8 10:42:48 gitz pluto[7536]: | 00 01 00 04 c0 a8 4f 02 00 02 00
04 ff ff ff ffJun 8 10:42:48 gitz pluto[7536]: | 00 03 00 04 c0 a8 00 01 00 03 00
04 c0 a8 00 0cJun 8 10:42:48 gitz pluto[7536]: | 00 04 00 04 c0 a8 00 0c 00 00 00
00 00 00 00 00Jun 8 10:42:48 gitz pluto[7536]: | next IV: 4a 92 73 e0 78 22 de e9
Jun 8 10:42:48 gitz pluto[7536]: | ***parse ISAKMP Hash Payload:
Jun 8 10:42:48 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_MODECFG
Jun 8 10:42:48 gitz pluto[7536]: | length: 24
Jun 8 10:42:48 gitz pluto[7536]: | ***parse ISAKMP Mode Attribute:
Jun 8 10:42:48 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_NONE
Jun 8 10:42:49 gitz pluto[7536]: | length: 48
Jun 8 10:42:49 gitz pluto[7536]: | Attr Msg Type: ISAKMP_CFG_SET
Jun 8 10:42:49 gitz pluto[7536]: | Identifier: 999
Jun 8 10:42:49 gitz pluto[7536]: | removing 8 bytes of padding
Jun 8 10:42:49 gitz pluto[7536]: | **emit ISAKMP Message:
Jun 8 10:42:49 gitz pluto[7536]: | initiator cookie:
Jun 8 10:42:49 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:49 gitz pluto[7536]: | responder cookie:
Jun 8 10:42:49 gitz pluto[7536]: | d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:49 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_HASH
Jun 8 10:42:49 gitz pluto[7536]: | ISAKMP version: ISAKMP Version 1.0
Jun 8 10:42:49 gitz pluto[7536]: | exchange type: ISAKMP_XCHG_MODE_CFG
Jun 8 10:42:49 gitz pluto[7536]: | flags: ISAKMP_FLAG_ENCRYPTION
Jun 8 10:42:49 gitz pluto[7536]: | message ID: 3f a6 04 62
Jun 8 10:42:49 gitz pluto[7536]: | arrived in xauth_inI0
Jun 8 10:42:49 gitz pluto[7536]: | XAUTH: HASH computed:
Jun 8 10:42:49 gitz pluto[7536]: | 78 67 d9 d5 82 a5 19 d7 0d 8d ff
6f 79 01 72 b3Jun 8 10:42:49 gitz pluto[7536]: | 92 ca dc 4b
Jun 8 10:42:49 gitz pluto[7536]: | ****parse ISAKMP ModeCfg attribute:
Jun 8 10:42:49 gitz pluto[7536]: | ModeCfg attr type:
INTERNAL_IP4_ADDRESSJun 8 10:42:49 gitz pluto[7536]: | length/value: 4
Jun 8 10:42:49 gitz pluto[7536]: | ****parse ISAKMP ModeCfg attribute:
Jun 8 10:42:49 gitz pluto[7536]: | ModeCfg attr type:
INTERNAL_IP4_NETMASKJun 8 10:42:49 gitz pluto[7536]: | length/value: 4
Jun 8 10:42:49 gitz pluto[7536]: | ****parse ISAKMP ModeCfg attribute:
Jun 8 10:42:49 gitz pluto[7536]: | ModeCfg attr type: INTERNAL_IP4_DNS
Jun 8 10:42:49 gitz pluto[7536]: | length/value: 4
Jun 8 10:42:49 gitz pluto[7536]: | ****parse ISAKMP ModeCfg attribute:
Jun 8 10:42:49 gitz pluto[7536]: | ModeCfg attr type: INTERNAL_IP4_DNS
Jun 8 10:42:49 gitz pluto[7536]: | length/value: 4
Jun 8 10:42:49 gitz pluto[7536]: | ****parse ISAKMP ModeCfg attribute:
Jun 8 10:42:49 gitz pluto[7536]: | ModeCfg attr type: INTERNAL_IP4_NBNS
Jun 8 10:42:49 gitz pluto[7536]: | length/value: 4
Jun 8 10:42:49 gitz pluto[7536]: | complete state transition with (null)
Jun 8 10:42:49 gitz pluto[7536]: "esg_rwvpn" #1: sending encrypted
notification CERTIFICATE_UNAVAILABLE to 203.118.128.130:500Jun 8 10:42:49 gitz pluto[7536]: | **emit ISAKMP Message:
Jun 8 10:42:49 gitz pluto[7536]: | initiator cookie:
Jun 8 10:42:49 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:49 gitz pluto[7536]: | responder cookie:
Jun 8 10:42:49 gitz pluto[7536]: | d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:49 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_HASH
Jun 8 10:42:49 gitz pluto[7536]: | ISAKMP version: ISAKMP Version 1.0
Jun 8 10:42:49 gitz pluto[7536]: | exchange type: ISAKMP_XCHG_INFO
Jun 8 10:42:49 gitz pluto[7536]: | flags: ISAKMP_FLAG_ENCRYPTION
Jun 8 10:42:49 gitz pluto[7536]: | message ID: cd 96 7d a3
Jun 8 10:42:49 gitz pluto[7536]: | ***emit ISAKMP Hash Payload:
Jun 8 10:42:49 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_N
Jun 8 10:42:49 gitz pluto[7536]: | emitting 20 zero bytes of HASH(1) into
ISAKMP Hash PayloadJun 8 10:42:49 gitz pluto[7536]: | emitting length of ISAKMP Hash
Payload: 24Jun 8 10:42:49 gitz pluto[7536]: | ***emit ISAKMP Notification Payload:
Jun 8 10:42:49 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_NONE
Jun 8 10:42:49 gitz pluto[7536]: | DOI: ISAKMP_DOI_IPSEC
Jun 8 10:42:49 gitz pluto[7536]: | protocol ID: 1
Jun 8 10:42:49 gitz pluto[7536]: | SPI size: 0
Jun 8 10:42:49 gitz pluto[7536]: | Notify Message Type:
CERTIFICATE_UNAVAILABLEJun 8 10:42:49 gitz pluto[7536]: | emitting 0 raw bytes of spi into
ISAKMP Notification PayloadJun 8 10:42:49 gitz pluto[7536]: | spi
Jun 8 10:42:49 gitz pluto[7536]: "esg_rwvpn" #1: failed to build
notification for spisize=0Jun 8 10:42:49 gitz pluto[7536]: | state transition function for
STATE_XAUTH_I0 failed: CERTIFICATE_UNAVAILABLE
=======I think this is OK, cause we're not using certs====================
Jun 8 10:42:49 gitz pluto[7536]: | next event EVENT_NAT_T_KEEPALIVE in 12
secondsJun 8 10:42:54 gitz pluto[7536]: |
Jun 8 10:42:54 gitz pluto[7536]: | *received 108 bytes from
203.118.128.130:500 on ath0 (port=500)Jun 8 10:42:54 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50 d2 96 ec
f4 47 a9 e3 39Jun 8 10:42:54 gitz pluto[7536]: | 08 10 06 01 3f a6 04 62 00 00 00
6c c8 1a ed 93Jun 8 10:42:54 gitz pluto[7536]: | 4b 76 4a bb 84 6d 1b 1f 96 81 4b
f9 3e d4 aa 5fJun 8 10:42:54 gitz pluto[7536]: | f0 72 11 5f d5 cd 18 f2 75 6c 2a
04 ba f0 1d 19Jun 8 10:42:54 gitz pluto[7536]: | 24 8e a4 94 e0 50 f5 e0 1c 63 08
02 db 0e 25 5cJun 8 10:42:54 gitz pluto[7536]: | 5c 75 4b ed 93 f5 06 9f 69 3d 61
15 d2 3a 9a 6eJun 8 10:42:54 gitz pluto[7536]: | b8 4c 45 7e 4a 92 73 e0 78 22 de e9
Jun 8 10:42:54 gitz pluto[7536]: | **parse ISAKMP Message:
Jun 8 10:42:54 gitz pluto[7536]: | initiator cookie:
Jun 8 10:42:54 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:54 gitz pluto[7536]: | responder cookie:
Jun 8 10:42:54 gitz pluto[7536]: | d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:54 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_HASH
Jun 8 10:42:54 gitz pluto[7536]: | ISAKMP version: ISAKMP Version 1.0
Jun 8 10:42:54 gitz pluto[7536]: | exchange type: ISAKMP_XCHG_MODE_CFG
Jun 8 10:42:54 gitz pluto[7536]: | flags: ISAKMP_FLAG_ENCRYPTION
Jun 8 10:42:54 gitz pluto[7536]: | message ID: 3f a6 04 62
Jun 8 10:42:54 gitz pluto[7536]: | length: 108
Jun 8 10:42:54 gitz pluto[7536]: | ICOOKIE: 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:54 gitz pluto[7536]: | RCOOKIE: d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:54 gitz pluto[7536]: | peer: cb 76 80 82
Jun 8 10:42:54 gitz pluto[7536]: | state hash entry 25
Jun 8 10:42:54 gitz pluto[7536]: | peer and cookies match on #1, provided
msgid 3fa60462 vs 00000000/3fa60462Jun 8 10:42:54 gitz pluto[7536]: | p15 state object #1 found, in
STATE_XAUTH_I1Jun 8 10:42:54 gitz pluto[7536]: | processing connection esg_rwvpn
Jun 8 10:42:54 gitz pluto[7536]: | received encrypted packet from
203.118.128.130:500Jun 8 10:42:54 gitz pluto[7536]: | decrypting 80 bytes using algorithm
OAKLEY_3DES_CBCJun 8 10:42:54 gitz pluto[7536]: | decrypted:
Jun 8 10:42:54 gitz pluto[7536]: | 65 7a 35 db 8b 89 16 6b 82 a5 19
d7 0d 8d ff 6fJun 8 10:42:54 gitz pluto[7536]: | 79 01 72 b3 92 ca dc 4b 00 00 00
30 03 00 03 e7Jun 8 10:42:54 gitz pluto[7536]: | 00 01 00 04 c0 a8 4f 02 00 02 00
04 ff ff ff ffJun 8 10:42:54 gitz pluto[7536]: | 00 03 00 04 c0 a8 00 01 00 03 00
04 c0 a8 00 0cJun 8 10:42:54 gitz pluto[7536]: | 00 04 00 04 c0 a8 00 0c 00 00 00
00 00 00 00 00Jun 8 10:42:54 gitz pluto[7536]: | next IV: 4a 92 73 e0 78 22 de e9
================And the problem starts here=============================
Jun 8 10:42:54 gitz pluto[7536]: "esg_rwvpn" #1: next payload type of
ISAKMP Hash Payload has an unknown value: 101Jun 8 10:42:54 gitz pluto[7536]: "esg_rwvpn" #1: malformed payload in packet
Jun 8 10:42:54 gitz pluto[7536]: "esg_rwvpn" #1: sending notification
PAYLOAD_MALFORMED to 203.118.128.130:500Jun 8 10:42:54 gitz pluto[7536]: | **emit ISAKMP Message:
Jun 8 10:42:54 gitz pluto[7536]: | initiator cookie:
Jun 8 10:42:54 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50
Jun 8 10:42:54 gitz pluto[7536]: | responder cookie:
Jun 8 10:42:54 gitz pluto[7536]: | d2 96 ec f4 47 a9 e3 39
Jun 8 10:42:54 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_N
Jun 8 10:42:54 gitz pluto[7536]: | ISAKMP version: ISAKMP Version 1.0
Jun 8 10:42:54 gitz pluto[7536]: | exchange type: ISAKMP_XCHG_INFO
Jun 8 10:42:54 gitz pluto[7536]: | flags: none
Jun 8 10:42:54 gitz pluto[7536]: | message ID: 9a 08 84 a0
Jun 8 10:42:54 gitz pluto[7536]: | ***emit ISAKMP Notification Payload:
Jun 8 10:42:54 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_NONE
Jun 8 10:42:54 gitz pluto[7536]: | DOI: ISAKMP_DOI_IPSEC
Jun 8 10:42:54 gitz pluto[7536]: | protocol ID: 1
Jun 8 10:42:54 gitz pluto[7536]: | SPI size: 0
Jun 8 10:42:54 gitz pluto[7536]: | Notify Message Type: PAYLOAD_MALFORMED
Jun 8 10:42:54 gitz pluto[7536]: | emitting 0 raw bytes of spi into
ISAKMP Notification PayloadJun 8 10:42:54 gitz pluto[7536]: | spi
Jun 8 10:42:54 gitz pluto[7536]: "esg_rwvpn" #1: failed to build
notification for spisize=0Jun 8 10:42:54 gitz pluto[7536]: | next event EVENT_NAT_T_KEEPALIVE in 7
secondsJun 8 10:43:00 gitz pluto[7536]: |
Jun 8 10:43:00 gitz pluto[7536]: | *received 108 bytes from
203.118.128.130:500 on ath0 (port=500)Jun 8 10:43:00 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50 d2 96 ec
f4 47 a9 e3 39Jun 8 10:43:00 gitz pluto[7536]: | 08 10 06 01 3f a6 04 62 00 00 00
6c c8 1a ed 93Jun 8 10:43:00 gitz pluto[7536]: | 4b 76 4a bb 84 6d 1b 1f 96 81 4b
f9 3e d4 aa 5fJun 8 10:43:00 gitz pluto[7536]: | f0 72 11 5f d5 cd 18 f2 75 6c 2a
04 ba f0 1d 19Jun 8 10:43:00 gitz pluto[7536]: | 24 8e a4 94 e0 50 f5 e0 1c 63 08
02 db 0e 25 5cJun 8 10:43:00 gitz pluto[7536]: | 5c 75 4b ed 93 f5 06 9f 69 3d 61
15 d2 3a 9a 6eJun 8 10:43:00 gitz pluto[7536]: | b8 4c 45 7e 4a 92 73 e0 78 22 de e9
Jun 8 10:43:00 gitz pluto[7536]: | **parse ISAKMP Message:
Jun 8 10:43:00 gitz pluto[7536]: | initiator cookie:
Jun 8 10:43:00 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50
Jun 8 10:43:00 gitz pluto[7536]: | responder cookie:
Jun 8 10:43:00 gitz pluto[7536]: | d2 96 ec f4 47 a9 e3 39
Jun 8 10:43:00 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_HASH
Jun 8 10:43:00 gitz pluto[7536]: | ISAKMP version: ISAKMP Version 1.0
Jun 8 10:43:00 gitz pluto[7536]: | exchange type: ISAKMP_XCHG_MODE_CFG
Jun 8 10:43:00 gitz pluto[7536]: | flags: ISAKMP_FLAG_ENCRYPTION
Jun 8 10:43:00 gitz pluto[7536]: | message ID: 3f a6 04 62
Jun 8 10:43:00 gitz pluto[7536]: | length: 108
Jun 8 10:43:00 gitz pluto[7536]: | ICOOKIE: 4e d4 95 5b 12 3e c2 50
Jun 8 10:43:00 gitz pluto[7536]: | RCOOKIE: d2 96 ec f4 47 a9 e3 39
Jun 8 10:43:00 gitz pluto[7536]: | peer: cb 76 80 82
Jun 8 10:43:00 gitz pluto[7536]: | state hash entry 25
Jun 8 10:43:00 gitz pluto[7536]: | peer and cookies match on #1, provided
msgid 3fa60462 vs 00000000/3fa60462Jun 8 10:43:00 gitz pluto[7536]: | p15 state object #1 found, in
STATE_XAUTH_I1Jun 8 10:43:00 gitz pluto[7536]: | processing connection esg_rwvpn
Jun 8 10:43:00 gitz pluto[7536]: | received encrypted packet from
203.118.128.130:500Jun 8 10:43:00 gitz pluto[7536]: | decrypting 80 bytes using algorithm
OAKLEY_3DES_CBCJun 8 10:43:00 gitz pluto[7536]: | decrypted:
Jun 8 10:43:00 gitz pluto[7536]: | 65 7a 35 db 8b 89 16 6b 82 a5 19
d7 0d 8d ff 6fJun 8 10:43:00 gitz pluto[7536]: | 79 01 72 b3 92 ca dc 4b 00 00 00
30 03 00 03 e7Jun 8 10:43:00 gitz pluto[7536]: | 00 01 00 04 c0 a8 4f 02 00 02 00
04 ff ff ff ffJun 8 10:43:00 gitz pluto[7536]: | 00 03 00 04 c0 a8 00 01 00 03 00
04 c0 a8 00 0cJun 8 10:43:00 gitz pluto[7536]: | 00 04 00 04 c0 a8 00 0c 00 00 00
00 00 00 00 00Jun 8 10:43:00 gitz pluto[7536]: | next IV: 4a 92 73 e0 78 22 de e9
Jun 8 10:43:00 gitz pluto[7536]: "esg_rwvpn" #1: next payload type of
ISAKMP Hash Payload has an unknown value: 101Jun 8 10:43:00 gitz pluto[7536]: "esg_rwvpn" #1: malformed payload in packet
Jun 8 10:43:00 gitz pluto[7536]: "esg_rwvpn" #1: sending notification
PAYLOAD_MALFORMED to 203.118.128.130:500Jun 8 10:43:00 gitz pluto[7536]: | **emit ISAKMP Message:
Jun 8 10:43:00 gitz pluto[7536]: | initiator cookie:
Jun 8 10:43:00 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50
Jun 8 10:43:00 gitz pluto[7536]: | responder cookie:
Jun 8 10:43:00 gitz pluto[7536]: | d2 96 ec f4 47 a9 e3 39
Jun 8 10:43:00 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_N
Jun 8 10:43:00 gitz pluto[7536]: | ISAKMP version: ISAKMP Version 1.0
Jun 8 10:43:00 gitz pluto[7536]: | exchange type: ISAKMP_XCHG_INFO
Jun 8 10:43:00 gitz pluto[7536]: | flags: none
Jun 8 10:43:00 gitz pluto[7536]: | message ID: b9 38 7a e6
Jun 8 10:43:00 gitz pluto[7536]: | ***emit ISAKMP Notification Payload:
Jun 8 10:43:00 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_NONE
Jun 8 10:43:00 gitz pluto[7536]: | DOI: ISAKMP_DOI_IPSEC
Jun 8 10:43:00 gitz pluto[7536]: | protocol ID: 1
Jun 8 10:43:00 gitz pluto[7536]: | SPI size: 0
Jun 8 10:43:00 gitz pluto[7536]: | Notify Message Type: PAYLOAD_MALFORMED
Jun 8 10:43:00 gitz pluto[7536]: | emitting 0 raw bytes of spi into
ISAKMP Notification PayloadJun 8 10:43:00 gitz pluto[7536]: | spi
Jun 8 10:43:00 gitz pluto[7536]: "esg_rwvpn" #1: failed to build
notification for spisize=0Jun 8 10:43:00 gitz pluto[7536]: | next event EVENT_NAT_T_KEEPALIVE in 1
secondsJun 8 10:43:01 gitz pluto[7536]: |
Jun 8 10:43:01 gitz pluto[7536]: | *time to handle event
Jun 8 10:43:01 gitz pluto[7536]: | handling event EVENT_NAT_T_KEEPALIVE
Jun 8 10:43:01 gitz pluto[7536]: | event after this is
EVENT_PENDING_PHASE2 in 89 secondsJun 8 10:43:01 gitz pluto[7536]: | processing connection esg_rwvpn
Jun 8 10:43:01 gitz pluto[7536]: | next event EVENT_PENDING_PHASE2 in 89
secondsJun 8 10:43:06 gitz pluto[7536]: |
Jun 8 10:43:06 gitz pluto[7536]: | *received 108 bytes from
203.118.128.130:500 on ath0 (port=500)Jun 8 10:43:06 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50 d2 96 ec
f4 47 a9 e3 39Jun 8 10:43:06 gitz pluto[7536]: | 08 10 06 01 3f a6 04 62 00 00 00
6c c8 1a ed 93Jun 8 10:43:06 gitz pluto[7536]: | 4b 76 4a bb 84 6d 1b 1f 96 81 4b
f9 3e d4 aa 5fJun 8 10:43:06 gitz pluto[7536]: | f0 72 11 5f d5 cd 18 f2 75 6c 2a
04 ba f0 1d 19Jun 8 10:43:06 gitz pluto[7536]: | 24 8e a4 94 e0 50 f5 e0 1c 63 08
02 db 0e 25 5cJun 8 10:43:06 gitz pluto[7536]: | 5c 75 4b ed 93 f5 06 9f 69 3d 61
15 d2 3a 9a 6eJun 8 10:43:06 gitz pluto[7536]: | b8 4c 45 7e 4a 92 73 e0 78 22 de e9
Jun 8 10:43:06 gitz pluto[7536]: | **parse ISAKMP Message:
Jun 8 10:43:06 gitz pluto[7536]: | initiator cookie:
Jun 8 10:43:06 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50
Jun 8 10:43:06 gitz pluto[7536]: | responder cookie:
Jun 8 10:43:06 gitz pluto[7536]: | d2 96 ec f4 47 a9 e3 39
Jun 8 10:43:06 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_HASH
Jun 8 10:43:06 gitz pluto[7536]: | ISAKMP version: ISAKMP Version 1.0
Jun 8 10:43:06 gitz pluto[7536]: | exchange type: ISAKMP_XCHG_MODE_CFG
Jun 8 10:43:06 gitz pluto[7536]: | flags: ISAKMP_FLAG_ENCRYPTION
Jun 8 10:43:06 gitz pluto[7536]: | message ID: 3f a6 04 62
Jun 8 10:43:06 gitz pluto[7536]: | length: 108
Jun 8 10:43:06 gitz pluto[7536]: | ICOOKIE: 4e d4 95 5b 12 3e c2 50
Jun 8 10:43:06 gitz pluto[7536]: | RCOOKIE: d2 96 ec f4 47 a9 e3 39
Jun 8 10:43:06 gitz pluto[7536]: | peer: cb 76 80 82
Jun 8 10:43:06 gitz pluto[7536]: | state hash entry 25
Jun 8 10:43:06 gitz pluto[7536]: | peer and cookies match on #1, provided
msgid 3fa60462 vs 00000000/3fa60462Jun 8 10:43:06 gitz pluto[7536]: | p15 state object #1 found, in
STATE_XAUTH_I1Jun 8 10:43:06 gitz pluto[7536]: | processing connection esg_rwvpn
Jun 8 10:43:06 gitz pluto[7536]: | received encrypted packet from
203.118.128.130:500Jun 8 10:43:06 gitz pluto[7536]: | decrypting 80 bytes using algorithm
OAKLEY_3DES_CBCJun 8 10:43:06 gitz pluto[7536]: | decrypted:
Jun 8 10:43:06 gitz pluto[7536]: | 65 7a 35 db 8b 89 16 6b 82 a5 19
d7 0d 8d ff 6fJun 8 10:43:06 gitz pluto[7536]: | 79 01 72 b3 92 ca dc 4b 00 00 00
30 03 00 03 e7Jun 8 10:43:06 gitz pluto[7536]: | 00 01 00 04 c0 a8 4f 02 00 02 00
04 ff ff ff ffJun 8 10:43:06 gitz pluto[7536]: | 00 03 00 04 c0 a8 00 01 00 03 00
04 c0 a8 00 0cJun 8 10:43:06 gitz pluto[7536]: | 00 04 00 04 c0 a8 00 0c 00 00 00
00 00 00 00 00Jun 8 10:43:06 gitz pluto[7536]: | next IV: 4a 92 73 e0 78 22 de e9
Jun 8 10:43:06 gitz pluto[7536]: "esg_rwvpn" #1: next payload type of
ISAKMP Hash Payload has an unknown value: 101Jun 8 10:43:06 gitz pluto[7536]: "esg_rwvpn" #1: malformed payload in packet
Jun 8 10:43:06 gitz pluto[7536]: "esg_rwvpn" #1: sending notification
PAYLOAD_MALFORMED to 203.118.128.130:500Jun 8 10:43:06 gitz pluto[7536]: | **emit ISAKMP Message:
Jun 8 10:43:06 gitz pluto[7536]: | initiator cookie:
Jun 8 10:43:06 gitz pluto[7536]: | 4e d4 95 5b 12 3e c2 50
Jun 8 10:43:06 gitz pluto[7536]: | responder cookie:
Jun 8 10:43:06 gitz pluto[7536]: | d2 96 ec f4 47 a9 e3 39
Jun 8 10:43:06 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_N
Jun 8 10:43:06 gitz pluto[7536]: | ISAKMP version: ISAKMP Version 1.0
Jun 8 10:43:06 gitz pluto[7536]: | exchange type: ISAKMP_XCHG_INFO
Jun 8 10:43:06 gitz pluto[7536]: | flags: none
Jun 8 10:43:06 gitz pluto[7536]: | message ID: c2 d5 67 90
Jun 8 10:43:06 gitz pluto[7536]: | ***emit ISAKMP Notification Payload:
Jun 8 10:43:06 gitz pluto[7536]: | next payload type: ISAKMP_NEXT_NONE
Jun 8 10:43:06 gitz pluto[7536]: | DOI: ISAKMP_DOI_IPSEC
Jun 8 10:43:06 gitz pluto[7536]: | protocol ID: 1
Jun 8 10:43:06 gitz pluto[7536]: | SPI size: 0
Jun 8 10:43:06 gitz pluto[7536]: | Notify Message Type: PAYLOAD_MALFORMED
Jun 8 10:43:06 gitz pluto[7536]: | emitting 0 raw bytes of spi into
ISAKMP Notification PayloadJun 8 10:43:06 gitz pluto[7536]: | spi
Jun 8 10:43:06 gitz pluto[7536]: "esg_rwvpn" #1: failed to build
notification for spisize=0Jun 8 10:43:06 gitz pluto[7536]: | next event EVENT_PENDING_PHASE2 in 84
seconds---------------------------------------------------------
This continues this way from this point on, so it's either xauth not being
understood, or it doesn't like the phase2(esp) parameter. Please help! :)--Tibor
> On Wed, 8 Jun 2005, Tibor Incze wrote:
>
>> the phase2 proposal side of things. Netscreen supports are sorts of
>> algorithms, but I've chosen to go with 3Des-Sha. I've specified this
>> in openswan client as:esp=3des-sha1
>
> Did you also specify ike= ?
> And aggrmode=yes?
>
>> Also tried:
>> esp=3des-sha1-96. No matter which I put in it's the same as leaving
>> this option out. I get nondescriptive errors:malformed payload in
>> packet 003 "esg_rwvpn" #1: next payload type of ISAKMP Hash Payload
>> has an unknown value:<random number here>
>
> can you try either 2.3.1 or 2.2.0, if this is a 2.3.0?
>
>> BTW, I'm using PFS and DH group2. Does openswan support both of those?
>
> Yes, use pfs=yes and pfsgroup=modp1024
>
> Remember, wit haggressive mode, you have to specify *exactly* what you
> need. It does not allow for various proposals to be decided upon. If
> possible, change aggressive mode to main mode on the netscreen to make
> life a lot easier.
>
> Paul
More information about the Users
mailing list