[Openswan Users] Firewall rules --- Hers's the correct log..
ignore the previous log
Deepak Naidu
deepak_nai at yahoo.com
Tue May 10 06:36:54 CEST 2005
Hi Paul here the correct log, the previous log was without certificate...
Could u help me out ..
5-10: 09:33:41:154:50c Initialization OK
5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: eb100d73-fa1d-4c7d-ab389026b83dac6f 4
5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 82b823d7-89a4-45de-bd7c63dff1fc56f1 4
5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: a46f5645-eb3e-42fe-92784881ff2c35f6 3
5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 7bc8194e-a4b9-44ae-a6fa06ed88ed7d80 3
5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 4d95ad4d-b70a-4e18-929362eb9b65934d 1
5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 7988f29c-480b-4099-b6a1cad52d2d889f 2
5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 2dbafb3b-48ec-41ec-865cd8f9faf3b6d9 2
5-10: 10:00:50:777:1fc entered kill_old_policy_sas 4
5-10: 10:00:50:777:1fc entered kill_old_policy_sas 4
5-10: 10:00:50:777:1fc entered kill_old_policy_sas 3
5-10: 10:00:50:777:1fc entered kill_old_policy_sas 3
5-10: 10:00:50:777:1fc entered kill_old_policy_sas 1
5-10: 10:00:50:777:1fc entered kill_old_policy_sas 2
5-10: 10:00:50:777:1fc entered kill_old_policy_sas 2
5-10: 10:01:07:501:544 Acquire from driver: op=00000006 src=192.168.1.2.0 dst=192.168.2.234.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=202.149.x.x Inbound TunnelEndpt=192.168.1.2
5-10: 10:01:07:511:1fc Filter to match: Src 202.149.x.x Dst 192.168.1.2
5-10: 10:01:07:551:1fc MM PolicyName: 2
5-10: 10:01:07:551:1fc MMPolicy dwFlags 2 SoftSAExpireTime 28800
5-10: 10:01:07:551:1fc MMOffer[0] LifetimeSec 28800 QMLimit 1 DHGroup 2
5-10: 10:01:07:561:1fc MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
5-10: 10:01:07:561:1fc MMOffer[1] LifetimeSec 28800 QMLimit 1 DHGroup 2
5-10: 10:01:07:561:1fc MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
5-10: 10:01:07:561:1fc MMOffer[2] LifetimeSec 28800 QMLimit 1 DHGroup 1
5-10: 10:01:07:561:1fc MMOffer[2] Encrypt: DES CBC Hash: SHA
5-10: 10:01:07:561:1fc MMOffer[3] LifetimeSec 28800 QMLimit 1 DHGroup 1
5-10: 10:01:07:561:1fc MMOffer[3] Encrypt: DES CBC Hash: MD5
5-10: 10:01:07:571:1fc Auth[0]:RSA Sig C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in AuthFlags 0
5-10: 10:01:07:571:1fc QM PolicyName: Host-roadwarrior filter action dwFlags 1
5-10: 10:01:07:571:1fc QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
5-10: 10:01:07:571:1fc QMOffer[0] dwFlags 0 dwPFSGroup -2147483648
5-10: 10:01:07:571:1fc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
5-10: 10:01:07:571:1fc Starting Negotiation: src = 192.168.1.2.0500, dst = 202.149.x.x.0500, proto = 00, context = 00000006, ProxySrc = 192.168.1.2.0000, ProxyDst = 192.168.2.0.0000 SrcMask = 255.255.255.255 DstMask = 255.255.255.0
5-10: 10:01:07:571:1fc constructing ISAKMP Header
5-10: 10:01:07:571:1fc constructing SA (ISAKMP)
5-10: 10:01:07:571:1fc Constructing Vendor MS NT5 ISAKMPOAKLEY
5-10: 10:01:07:581:1fc Constructing Vendor FRAGMENTATION
5-10: 10:01:07:581:1fc Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
5-10: 10:01:07:581:1fc Constructing Vendor Vid-Initial-Contact
5-10: 10:01:07:581:1fc
5-10: 10:01:07:581:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.500
5-10: 10:01:07:581:1fc ISAKMP Header: (V1.0), len = 276
5-10: 10:01:07:581:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:07:581:1fc R-COOKIE 0000000000000000
5-10: 10:01:07:581:1fc exchange: Oakley Main Mode
5-10: 10:01:07:581:1fc flags: 0
5-10: 10:01:07:581:1fc next payload: SA
5-10: 10:01:07:581:1fc message ID: 00000000
5-10: 10:01:07:581:1fc Ports S:f401 D:f401
5-10: 10:01:07:651:1fc
5-10: 10:01:07:651:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.500
5-10: 10:01:07:651:1fc ISAKMP Header: (V1.0), len = 140
5-10: 10:01:07:651:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:07:651:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:07:651:1fc exchange: Oakley Main Mode
5-10: 10:01:07:651:1fc flags: 0
5-10: 10:01:07:651:1fc next payload: SA
5-10: 10:01:07:651:1fc message ID: 00000000
5-10: 10:01:07:651:1fc processing payload SA
5-10: 10:01:07:651:1fc Received Phase 1 Transform 1
5-10: 10:01:07:651:1fc Encryption Alg Triple DES CBC(5)
5-10: 10:01:07:651:1fc Hash Alg SHA(2)
5-10: 10:01:07:651:1fc Oakley Group 2
5-10: 10:01:07:651:1fc Auth Method RSA Signature with Certificates(3)
5-10: 10:01:07:651:1fc Life type in Seconds
5-10: 10:01:07:651:1fc Life duration of 28800
5-10: 10:01:07:651:1fc Phase 1 SA accepted: transform=1
5-10: 10:01:07:651:1fc SA - Oakley proposal accepted
5-10: 10:01:07:651:1fc processing payload VENDOR ID
5-10: 10:01:07:651:1fc processing payload VENDOR ID
5-10: 10:01:07:651:1fc processing payload VENDOR ID
5-10: 10:01:07:651:1fc Received VendorId draft-ietf-ipsec-nat-t-ike-02
5-10: 10:01:07:651:1fc ClearFragList
5-10: 10:01:07:651:1fc constructing ISAKMP Header
5-10: 10:01:07:722:1fc constructing KE
5-10: 10:01:07:722:1fc constructing NONCE (ISAKMP)
5-10: 10:01:07:722:1fc Constructing NatDisc
5-10: 10:01:07:722:1fc
5-10: 10:01:07:722:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.500
5-10: 10:01:07:722:1fc ISAKMP Header: (V1.0), len = 232
5-10: 10:01:07:722:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:07:722:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:07:722:1fc exchange: Oakley Main Mode
5-10: 10:01:07:722:1fc flags: 0
5-10: 10:01:07:722:1fc next payload: KE
5-10: 10:01:07:722:1fc message ID: 00000000
5-10: 10:01:07:722:1fc Ports S:f401 D:f401
5-10: 10:01:07:802:1fc
5-10: 10:01:07:802:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.500
5-10: 10:01:07:802:1fc ISAKMP Header: (V1.0), len = 228
5-10: 10:01:07:802:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:07:802:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:07:802:1fc exchange: Oakley Main Mode
5-10: 10:01:07:802:1fc flags: 0
5-10: 10:01:07:802:1fc next payload: KE
5-10: 10:01:07:802:1fc message ID: 00000000
5-10: 10:01:07:802:1fc processing payload KE
5-10: 10:01:07:822:1fc processing payload NONCE
5-10: 10:01:07:822:1fc processing payload NATDISC
5-10: 10:01:07:822:1fc Processing NatHash
5-10: 10:01:07:822:1fc Nat hash 564683fd234d3238ad2b3e6c2814c4c9
5-10: 10:01:07:822:1fc 83193bec
5-10: 10:01:07:822:1fc SA StateMask2 1f
5-10: 10:01:07:822:1fc processing payload NATDISC
5-10: 10:01:07:822:1fc Processing NatHash
5-10: 10:01:07:822:1fc Nat hash f0f0334fcc4e26cd19259ea4703e573c
5-10: 10:01:07:822:1fc 2eee1a02
5-10: 10:01:07:822:1fc SA StateMask2 5f
5-10: 10:01:07:822:1fc ClearFragList
5-10: 10:01:07:822:1fc Peer behind NAT
5-10: 10:01:07:822:1fc Floated Ports Orig Me:f401 Peer:f401
5-10: 10:01:07:822:1fc Floated Ports Me:9411 Peer:9411
5-10: 10:01:07:822:1fc constructing ISAKMP Header
5-10: 10:01:07:822:1fc constructing ID
5-10: 10:01:07:822:1fc Received no valid CRPs. Using all configured
5-10: 10:01:07:822:1fc Looking for IPSec only cert
5-10: 10:01:07:882:1fc Cert Trustes. 0 100
5-10: 10:01:07:882:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d
5-10: 10:01:07:882:1fc f0a8d89b
5-10: 10:01:07:882:1fc CertFindExtenstion failed with 0
5-10: 10:01:07:882:1fc Entered CRL check
5-10: 10:01:07:922:1fc Left CRL check
5-10: 10:01:07:922:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d
5-10: 10:01:07:922:1fc f0a8d89b
5-10: 10:01:07:922:1fc SubjectName: C=IN, S=Meghalay, L=Sikkim, O=Deepaks Legacy, OU=ME, CN=Legacy, E=deepakslegacy at legacy.com
5-10: 10:01:07:922:1fc Cert Serialnumber 03
5-10: 10:01:07:922:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d
5-10: 10:01:07:922:1fc f0a8d89b
5-10: 10:01:07:922:1fc SubjectName: C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in
5-10: 10:01:07:922:1fc Cert Serialnumber 00
5-10: 10:01:07:922:1fc Cert SHA Thumbprint f3f1c1a74b834a64ae9f25a3b255c772
5-10: 10:01:07:922:1fc 6ec58cb4
5-10: 10:01:07:922:1fc Not storing My cert chain in SA.
5-10: 10:01:07:932:1fc MM ID Type 9
5-10: 10:01:07:932:1fc MM ID 308191310b300906035504061302494e
5-10: 10:01:07:932:1fc 3111300f060355040813084d65676861
5-10: 10:01:07:932:1fc 6c6179310f300d060355040713065369
5-10: 10:01:07:932:1fc 6b6b696d31173015060355040a130e44
5-10: 10:01:07:932:1fc 656570616b73204c6567616379310b30
5-10: 10:01:07:932:1fc 09060355040b13024d45310f300d0603
5-10: 10:01:07:932:1fc 55040313064c65676163793127302506
5-10: 10:01:07:932:1fc 092a864886f70d010901161864656570
5-10: 10:01:07:932:1fc 616b736c6567616379406c6567616379
5-10: 10:01:07:932:1fc 2e636f6d
5-10: 10:01:07:932:1fc constructing CERT
5-10: 10:01:07:932:1fc Construct SIG
5-10: 10:01:07:942:1fc Constructing Cert Request
5-10: 10:01:07:942:1fc C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in
5-10: 10:01:07:942:1fc
5-10: 10:01:07:942:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.4500
5-10: 10:01:07:942:1fc ISAKMP Header: (V1.0), len = 1412
5-10: 10:01:07:942:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:07:942:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:07:942:1fc exchange: Oakley Main Mode
5-10: 10:01:07:942:1fc flags: 1 ( encrypted )
5-10: 10:01:07:942:1fc next payload: ID
5-10: 10:01:07:942:1fc message ID: 00000000
5-10: 10:01:07:942:1fc Ports S:9411 D:9411
5-10: 10:01:08:152:1fc
5-10: 10:01:08:152:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
5-10: 10:01:08:152:1fc ISAKMP Header: (V1.0), len = 1268
5-10: 10:01:08:152:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:08:152:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:08:152:1fc exchange: Oakley Main Mode
5-10: 10:01:08:152:1fc flags: 1 ( encrypted )
5-10: 10:01:08:152:1fc next payload: ID
5-10: 10:01:08:152:1fc message ID: 00000000
5-10: 10:01:08:152:1fc processing payload ID
5-10: 10:01:08:152:1fc processing payload CERT
5-10: 10:01:08:152:1fc processing payload SIG
5-10: 10:01:08:152:1fc Verifying CertStore
5-10: 10:01:08:152:1fc SubjectName: C=IN, S=Kashmir, L=Baltal, O=Mission Kashmir, OU=AR, CN=Indian, E=missionkashmir at kashmir.com
5-10: 10:01:08:152:1fc Cert Serialnumber 02
5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333
5-10: 10:01:08:152:1fc f8c38549
5-10: 10:01:08:152:1fc Cert Trustes. 0 100
5-10: 10:01:08:152:1fc SubjectName: C=IN, S=Kashmir, L=Baltal, O=Mission Kashmir, OU=AR, CN=Indian, E=missionkashmir at kashmir.com
5-10: 10:01:08:152:1fc Cert Serialnumber 02
5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333
5-10: 10:01:08:152:1fc f8c38549
5-10: 10:01:08:152:1fc SubjectName: C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in
5-10: 10:01:08:152:1fc Cert Serialnumber 00
5-10: 10:01:08:152:1fc Cert SHA Thumbprint f3f1c1a74b834a64ae9f25a3b255c772
5-10: 10:01:08:152:1fc 6ec58cb4
5-10: 10:01:08:152:1fc Not storing Peer's cert chain in SA.
5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333
5-10: 10:01:08:152:1fc f8c38549
5-10: 10:01:08:152:1fc Entered CRL check
5-10: 10:01:08:152:1fc Left CRL check
5-10: 10:01:08:152:1fc CertFindExtenstion failed with 0
5-10: 10:01:08:152:1fc Signature validated
5-10: 10:01:08:152:1fc ClearFragList
5-10: 10:01:08:152:1fc MM established. SA: 000E20C8
5-10: 10:01:08:192:1fc QM PolicyName: Host-roadwarrior filter action dwFlags 1
5-10: 10:01:08:192:1fc QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
5-10: 10:01:08:192:1fc QMOffer[0] dwFlags 0 dwPFSGroup -2147483648
5-10: 10:01:08:192:1fc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
5-10: 10:01:08:192:1fc GetSpi: src = 192.168.2.0.0000, dst = 192.168.1.2.0000, proto = 00, context = 00000006, srcMask = 255.255.255.0, destMask = 255.255.255.255, TunnelFilter 1
5-10: 10:01:08:192:1fc Setting SPI 187970139
5-10: 10:01:08:192:1fc constructing ISAKMP Header
5-10: 10:01:08:192:1fc constructing HASH (null)
5-10: 10:01:08:192:1fc constructing SA (IPSEC)
5-10: 10:01:08:192:1fc constructing QM KE
5-10: 10:01:08:262:1fc constructing NONCE (IPSEC)
5-10: 10:01:08:262:1fc constructing ID (proxy)
5-10: 10:01:08:262:1fc constructing ID (proxy)
5-10: 10:01:08:262:1fc constructing HASH (QM)
5-10: 10:01:08:262:1fc
5-10: 10:01:08:262:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.4500
5-10: 10:01:08:262:1fc ISAKMP Header: (V1.0), len = 308
5-10: 10:01:08:262:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:08:262:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:08:262:1fc exchange: Oakley Quick Mode
5-10: 10:01:08:262:1fc flags: 1 ( encrypted )
5-10: 10:01:08:262:1fc next payload: HASH
5-10: 10:01:08:262:1fc message ID: 3ac65429
5-10: 10:01:08:262:1fc Ports S:9411 D:9411
5-10: 10:01:08:473:1fc
5-10: 10:01:08:473:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
5-10: 10:01:08:473:1fc ISAKMP Header: (V1.0), len = 300
5-10: 10:01:08:473:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:08:473:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:08:473:1fc exchange: Oakley Quick Mode
5-10: 10:01:08:473:1fc flags: 1 ( encrypted )
5-10: 10:01:08:473:1fc next payload: HASH
5-10: 10:01:08:473:1fc message ID: 3ac65429
5-10: 10:01:08:473:1fc Received commit re-send
5-10: 10:01:08:473:1fc processing HASH (QM)
5-10: 10:01:08:473:1fc ClearFragList
5-10: 10:01:08:473:1fc processing payload NONCE
5-10: 10:01:08:473:1fc processing payload KE
5-10: 10:01:08:473:1fc Quick Mode KE processed; Saved KE data
5-10: 10:01:08:473:1fc processing payload ID
5-10: 10:01:08:473:1fc processing payload ID
5-10: 10:01:08:473:1fc processing payload SA
5-10: 10:01:08:473:1fc Negotiated Proxy ID: Src 192.168.1.2.0 Dst 192.168.2.0.0
5-10: 10:01:08:473:1fc Dst id for subnet. Mask 255.255.255.0
5-10: 10:01:08:473:1fc Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
5-10: 10:01:08:473:1fc Checking Transform # 1: ID=Triple DES CBC(3)
5-10: 10:01:08:473:1fc SA life type in seconds
5-10: 10:01:08:473:1fc SA life duration 00000e10
5-10: 10:01:08:473:1fc SA life type in kilobytes
5-10: 10:01:08:473:1fc SA life duration 0000c350
5-10: 10:01:08:473:1fc tunnel mode is 61443(61443)
5-10: 10:01:08:473:1fc HMAC algorithm is MD5(1)
5-10: 10:01:08:473:1fc group description for PFS is 2
5-10: 10:01:08:473:1fc Phase 2 SA accepted: proposal=1 transform=1
5-10: 10:01:08:503:1fc constructing ISAKMP Header
5-10: 10:01:08:503:1fc constructing HASH (QM)
5-10: 10:01:08:503:1fc Adding QMs: src = 192.168.1.2.0000, dst = 192.168.2.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.1.2, peer tunnel = 202.149.x.x, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 381 Direction 2 EncapType 3
5-10: 10:01:08:503:1fc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
5-10: 10:01:08:503:1fc Algo[0] MySpi: 187970139 PeerSpi: 2342575122
5-10: 10:01:08:503:1fc Encap Ports Src 4500 Dst 4500
5-10: 10:01:08:503:1fc Skipping Outbound SA add
5-10: 10:01:08:503:1fc Adding QMs: src = 192.168.1.2.0000, dst = 192.168.2.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.1.2, peer tunnel = 202.149.x.x, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 381 Direction 3 EncapType 3
5-10: 10:01:08:503:1fc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
5-10: 10:01:08:503:1fc Algo[0] MySpi: 187970139 PeerSpi: 2342575122
5-10: 10:01:08:503:1fc Encap Ports Src 4500 Dst 4500
5-10: 10:01:08:503:1fc Skipping Inbound SA add
5-10: 10:01:08:503:1fc Leaving adjust_peer_list entry 0012A418 MMCount 0 QMCount 1
5-10: 10:01:08:513:1fc isadb_set_status sa:000E20C8 centry:000E97E8 status 0
5-10: 10:01:08:513:1fc
5-10: 10:01:08:513:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500
5-10: 10:01:08:513:1fc ISAKMP Header: (V1.0), len = 52
5-10: 10:01:08:513:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:08:513:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:08:513:1fc exchange: Oakley Quick Mode
5-10: 10:01:08:513:1fc flags: 1 ( encrypted )
5-10: 10:01:08:513:1fc next payload: HASH
5-10: 10:01:08:513:1fc message ID: 3ac65429
5-10: 10:01:08:513:1fc Ports S:9411 D:9411
5-10: 10:01:18:627:1fc
5-10: 10:01:18:627:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
5-10: 10:01:18:627:1fc ISAKMP Header: (V1.0), len = 300
5-10: 10:01:18:627:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:18:627:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:18:627:1fc exchange: Oakley Quick Mode
5-10: 10:01:18:627:1fc flags: 1 ( encrypted )
5-10: 10:01:18:627:1fc next payload: HASH
5-10: 10:01:18:627:1fc message ID: 3ac65429
5-10: 10:01:18:627:1fc Received commit re-send
5-10: 10:01:18:627:1fc invalid payload received
5-10: 10:01:18:627:1fc Resending last payload
5-10: 10:01:18:627:1fc
5-10: 10:01:18:627:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500
5-10: 10:01:18:627:1fc ISAKMP Header: (V1.0), len = 52
5-10: 10:01:18:627:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:18:627:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:18:627:1fc exchange: Oakley Quick Mode
5-10: 10:01:18:627:1fc flags: 1 ( encrypted )
5-10: 10:01:18:627:1fc next payload: HASH
5-10: 10:01:18:627:1fc message ID: 3ac65429
5-10: 10:01:18:627:1fc Ports S:9411 D:9411
5-10: 10:01:18:627:1fc GetPacket failed 3613
5-10: 10:01:38:746:1fc
5-10: 10:01:38:746:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
5-10: 10:01:38:746:1fc ISAKMP Header: (V1.0), len = 300
5-10: 10:01:38:746:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:38:746:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:38:746:1fc exchange: Oakley Quick Mode
5-10: 10:01:38:746:1fc flags: 1 ( encrypted )
5-10: 10:01:38:746:1fc next payload: HASH
5-10: 10:01:38:746:1fc message ID: 3ac65429
5-10: 10:01:38:746:1fc Received commit re-send
5-10: 10:01:38:746:1fc invalid payload received
5-10: 10:01:38:746:1fc Resending last payload
5-10: 10:01:38:746:1fc
5-10: 10:01:38:746:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500
5-10: 10:01:38:746:1fc ISAKMP Header: (V1.0), len = 52
5-10: 10:01:38:746:1fc I-COOKIE bf4f1da6649c761f
5-10: 10:01:38:746:1fc R-COOKIE 6224079e5ef73641
5-10: 10:01:38:746:1fc exchange: Oakley Quick Mode
5-10: 10:01:38:746:1fc flags: 1 ( encrypted )
5-10: 10:01:38:746:1fc next payload: HASH
5-10: 10:01:38:746:1fc message ID: 3ac65429
5-10: 10:01:38:746:1fc Ports S:9411 D:9411
5-10: 10:01:38:746:1fc GetPacket failed 3613
Paul Wouters <paul at xelerance.com> wrote:On Mon, 9 May 2005, Deepak Naidu wrote:
> C:\ipsec>ping 192.168.2.234
> Pinging 192.168.2.234 with 32 bytes of data:
> Negotiating IP Security.
> Request timed out.
> Request timed out.
> Request timed out.
> Ping statistics for 192.168.2.234:
> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Check the oakley.log to see what Windows thinks is happening. And
check the openswan logs to see what it is saying. Though likely,
if this is a windows misconfiguration, openswan will just log
"no response to....." entries.
See the wiki on how to enable oakley.log on windows.
Paul
>
> Deepak Naidu wrote:
> Hi,
>
> I am using Openswan 2.3.1 VPN server on FC3
> 2.6.9smp kernel. It is behind a NAT and I have natted
> ports 4500, and 500. The issue is when using
> l2tpd+x509cert from Winxp with VPN dialer is working
> fine. But when using Mullers' ipsec.exe tool, with
> the below configs in the ipsec.conf of Winxp pc.... I
> am unable to ping my network.. It doesnt even give
> negotiating message, but host unreacheable....
>
> Should I have to write some more firewall rules to
> open the ports in my NAT.
>
> I have SP2 with support tools and ipseccmd.exe file..
>
> Winxp is a roadwarrior on dialup...
>
> Please advise me...
>
> Ipsec.conf on Winxp...
>
> conn roadwarrior
> pfs=yes
> left=%any
> right=202.x.x.x
> rightsubnet=192.168.2.0/24
> rightca="C=IN, S=state, L=location, O=company,
> OU=IT, CN=name, E=name at company.com"
> network=auto
> auto=start
>
>
> Regards,
> Deepak.
>
>
>
> ___________________________________________________________
> How much free photo storage do you get? Store your holiday
> snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
>
> ---------------------------------
> How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos
Linux your Life, Don't Window it [[]]
{ All for the best }
Send instant messages to your online friends http://uk.messenger.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050510/10555162/attachment-0001.htm
More information about the Users
mailing list