[Openswan Users] Firewall rules --- Hers's the correct log.. ignore the previous log

Deepak Naidu deepak_nai at yahoo.com
Tue May 10 06:36:54 CEST 2005


Hi Paul here the correct log, the previous log was without certificate...
 
Could u help me out ..
 
 5-10: 09:33:41:154:50c Initialization OK
 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: eb100d73-fa1d-4c7d-ab389026b83dac6f 4
 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 82b823d7-89a4-45de-bd7c63dff1fc56f1 4
 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: a46f5645-eb3e-42fe-92784881ff2c35f6 3
 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 7bc8194e-a4b9-44ae-a6fa06ed88ed7d80 3
 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 4d95ad4d-b70a-4e18-929362eb9b65934d 1
 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 7988f29c-480b-4099-b6a1cad52d2d889f 2
 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 2dbafb3b-48ec-41ec-865cd8f9faf3b6d9 2
 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 4
 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 4
 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 3
 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 3
 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 1
 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 2
 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 2
 5-10: 10:01:07:501:544 Acquire from driver: op=00000006 src=192.168.1.2.0 dst=192.168.2.234.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=202.149.x.x Inbound TunnelEndpt=192.168.1.2
 5-10: 10:01:07:511:1fc Filter to match: Src 202.149.x.x Dst 192.168.1.2
 5-10: 10:01:07:551:1fc MM PolicyName: 2
 5-10: 10:01:07:551:1fc MMPolicy dwFlags 2 SoftSAExpireTime 28800
 5-10: 10:01:07:551:1fc MMOffer[0] LifetimeSec 28800 QMLimit 1 DHGroup 2
 5-10: 10:01:07:561:1fc MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
 5-10: 10:01:07:561:1fc MMOffer[1] LifetimeSec 28800 QMLimit 1 DHGroup 2
 5-10: 10:01:07:561:1fc MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
 5-10: 10:01:07:561:1fc MMOffer[2] LifetimeSec 28800 QMLimit 1 DHGroup 1
 5-10: 10:01:07:561:1fc MMOffer[2] Encrypt: DES CBC Hash: SHA
 5-10: 10:01:07:561:1fc MMOffer[3] LifetimeSec 28800 QMLimit 1 DHGroup 1
 5-10: 10:01:07:561:1fc MMOffer[3] Encrypt: DES CBC Hash: MD5
 5-10: 10:01:07:571:1fc Auth[0]:RSA Sig C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in AuthFlags 0
 5-10: 10:01:07:571:1fc QM PolicyName: Host-roadwarrior filter action dwFlags 1
 5-10: 10:01:07:571:1fc QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
 5-10: 10:01:07:571:1fc QMOffer[0] dwFlags 0 dwPFSGroup -2147483648
 5-10: 10:01:07:571:1fc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
 5-10: 10:01:07:571:1fc Starting Negotiation: src = 192.168.1.2.0500, dst = 202.149.x.x.0500, proto = 00, context = 00000006, ProxySrc = 192.168.1.2.0000, ProxyDst = 192.168.2.0.0000 SrcMask = 255.255.255.255 DstMask = 255.255.255.0
 5-10: 10:01:07:571:1fc constructing ISAKMP Header
 5-10: 10:01:07:571:1fc constructing SA (ISAKMP)
 5-10: 10:01:07:571:1fc Constructing Vendor MS NT5 ISAKMPOAKLEY
 5-10: 10:01:07:581:1fc Constructing Vendor FRAGMENTATION
 5-10: 10:01:07:581:1fc Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
 5-10: 10:01:07:581:1fc Constructing Vendor Vid-Initial-Contact
 5-10: 10:01:07:581:1fc 
 5-10: 10:01:07:581:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.500
 5-10: 10:01:07:581:1fc ISAKMP Header: (V1.0), len = 276
 5-10: 10:01:07:581:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:07:581:1fc   R-COOKIE 0000000000000000
 5-10: 10:01:07:581:1fc   exchange: Oakley Main Mode
 5-10: 10:01:07:581:1fc   flags: 0
 5-10: 10:01:07:581:1fc   next payload: SA
 5-10: 10:01:07:581:1fc   message ID: 00000000
 5-10: 10:01:07:581:1fc Ports S:f401 D:f401
 5-10: 10:01:07:651:1fc 
 5-10: 10:01:07:651:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.500
 5-10: 10:01:07:651:1fc ISAKMP Header: (V1.0), len = 140
 5-10: 10:01:07:651:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:07:651:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:07:651:1fc   exchange: Oakley Main Mode
 5-10: 10:01:07:651:1fc   flags: 0
 5-10: 10:01:07:651:1fc   next payload: SA
 5-10: 10:01:07:651:1fc   message ID: 00000000
 5-10: 10:01:07:651:1fc processing payload SA
 5-10: 10:01:07:651:1fc Received Phase 1 Transform 1
 5-10: 10:01:07:651:1fc      Encryption Alg Triple DES CBC(5)
 5-10: 10:01:07:651:1fc      Hash Alg SHA(2)
 5-10: 10:01:07:651:1fc      Oakley Group 2
 5-10: 10:01:07:651:1fc      Auth Method RSA Signature with Certificates(3)
 5-10: 10:01:07:651:1fc      Life type in Seconds
 5-10: 10:01:07:651:1fc      Life duration of 28800
 5-10: 10:01:07:651:1fc Phase 1 SA accepted: transform=1
 5-10: 10:01:07:651:1fc SA - Oakley proposal accepted
 5-10: 10:01:07:651:1fc processing payload VENDOR ID
 5-10: 10:01:07:651:1fc processing payload VENDOR ID
 5-10: 10:01:07:651:1fc processing payload VENDOR ID
 5-10: 10:01:07:651:1fc Received VendorId draft-ietf-ipsec-nat-t-ike-02
 5-10: 10:01:07:651:1fc ClearFragList
 5-10: 10:01:07:651:1fc constructing ISAKMP Header
 5-10: 10:01:07:722:1fc constructing KE
 5-10: 10:01:07:722:1fc constructing NONCE (ISAKMP)
 5-10: 10:01:07:722:1fc Constructing NatDisc
 5-10: 10:01:07:722:1fc 
 5-10: 10:01:07:722:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.500
 5-10: 10:01:07:722:1fc ISAKMP Header: (V1.0), len = 232
 5-10: 10:01:07:722:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:07:722:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:07:722:1fc   exchange: Oakley Main Mode
 5-10: 10:01:07:722:1fc   flags: 0
 5-10: 10:01:07:722:1fc   next payload: KE
 5-10: 10:01:07:722:1fc   message ID: 00000000
 5-10: 10:01:07:722:1fc Ports S:f401 D:f401
 5-10: 10:01:07:802:1fc 
 5-10: 10:01:07:802:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.500
 5-10: 10:01:07:802:1fc ISAKMP Header: (V1.0), len = 228
 5-10: 10:01:07:802:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:07:802:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:07:802:1fc   exchange: Oakley Main Mode
 5-10: 10:01:07:802:1fc   flags: 0
 5-10: 10:01:07:802:1fc   next payload: KE
 5-10: 10:01:07:802:1fc   message ID: 00000000
 5-10: 10:01:07:802:1fc processing payload KE
 5-10: 10:01:07:822:1fc processing payload NONCE
 5-10: 10:01:07:822:1fc processing payload NATDISC
 5-10: 10:01:07:822:1fc Processing NatHash
 5-10: 10:01:07:822:1fc Nat hash 564683fd234d3238ad2b3e6c2814c4c9
 5-10: 10:01:07:822:1fc 83193bec
 5-10: 10:01:07:822:1fc SA StateMask2 1f
 5-10: 10:01:07:822:1fc processing payload NATDISC
 5-10: 10:01:07:822:1fc Processing NatHash
 5-10: 10:01:07:822:1fc Nat hash f0f0334fcc4e26cd19259ea4703e573c
 5-10: 10:01:07:822:1fc 2eee1a02
 5-10: 10:01:07:822:1fc SA StateMask2 5f
 5-10: 10:01:07:822:1fc ClearFragList
 5-10: 10:01:07:822:1fc Peer behind NAT
 5-10: 10:01:07:822:1fc Floated Ports Orig Me:f401 Peer:f401
 5-10: 10:01:07:822:1fc Floated Ports Me:9411 Peer:9411
 5-10: 10:01:07:822:1fc constructing ISAKMP Header
 5-10: 10:01:07:822:1fc constructing ID
 5-10: 10:01:07:822:1fc Received no valid CRPs.  Using all configured
 5-10: 10:01:07:822:1fc Looking for IPSec only cert
 5-10: 10:01:07:882:1fc Cert Trustes.  0 100
 5-10: 10:01:07:882:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d
 5-10: 10:01:07:882:1fc f0a8d89b
 5-10: 10:01:07:882:1fc CertFindExtenstion failed with 0
 5-10: 10:01:07:882:1fc Entered CRL check
 5-10: 10:01:07:922:1fc Left CRL check
 5-10: 10:01:07:922:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d
 5-10: 10:01:07:922:1fc f0a8d89b
 5-10: 10:01:07:922:1fc SubjectName: C=IN, S=Meghalay, L=Sikkim, O=Deepaks Legacy, OU=ME, CN=Legacy, E=deepakslegacy at legacy.com
 5-10: 10:01:07:922:1fc Cert Serialnumber 03
 5-10: 10:01:07:922:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d
 5-10: 10:01:07:922:1fc f0a8d89b
 5-10: 10:01:07:922:1fc SubjectName: C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in
 5-10: 10:01:07:922:1fc Cert Serialnumber 00
 5-10: 10:01:07:922:1fc Cert SHA Thumbprint f3f1c1a74b834a64ae9f25a3b255c772
 5-10: 10:01:07:922:1fc 6ec58cb4
 5-10: 10:01:07:922:1fc Not storing My cert chain in SA.
 5-10: 10:01:07:932:1fc MM ID Type 9
 5-10: 10:01:07:932:1fc MM ID 308191310b300906035504061302494e
 5-10: 10:01:07:932:1fc 3111300f060355040813084d65676861
 5-10: 10:01:07:932:1fc 6c6179310f300d060355040713065369
 5-10: 10:01:07:932:1fc 6b6b696d31173015060355040a130e44
 5-10: 10:01:07:932:1fc 656570616b73204c6567616379310b30
 5-10: 10:01:07:932:1fc 09060355040b13024d45310f300d0603
 5-10: 10:01:07:932:1fc 55040313064c65676163793127302506
 5-10: 10:01:07:932:1fc 092a864886f70d010901161864656570
 5-10: 10:01:07:932:1fc 616b736c6567616379406c6567616379
 5-10: 10:01:07:932:1fc 2e636f6d
 5-10: 10:01:07:932:1fc constructing CERT
 5-10: 10:01:07:932:1fc Construct SIG
 5-10: 10:01:07:942:1fc Constructing Cert Request
 5-10: 10:01:07:942:1fc C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in
 5-10: 10:01:07:942:1fc 
 5-10: 10:01:07:942:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.4500
 5-10: 10:01:07:942:1fc ISAKMP Header: (V1.0), len = 1412
 5-10: 10:01:07:942:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:07:942:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:07:942:1fc   exchange: Oakley Main Mode
 5-10: 10:01:07:942:1fc   flags: 1 ( encrypted )
 5-10: 10:01:07:942:1fc   next payload: ID
 5-10: 10:01:07:942:1fc   message ID: 00000000
 5-10: 10:01:07:942:1fc Ports S:9411 D:9411
 5-10: 10:01:08:152:1fc 
 5-10: 10:01:08:152:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
 5-10: 10:01:08:152:1fc ISAKMP Header: (V1.0), len = 1268
 5-10: 10:01:08:152:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:08:152:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:08:152:1fc   exchange: Oakley Main Mode
 5-10: 10:01:08:152:1fc   flags: 1 ( encrypted )
 5-10: 10:01:08:152:1fc   next payload: ID
 5-10: 10:01:08:152:1fc   message ID: 00000000
 5-10: 10:01:08:152:1fc processing payload ID
 5-10: 10:01:08:152:1fc processing payload CERT
 5-10: 10:01:08:152:1fc processing payload SIG
 5-10: 10:01:08:152:1fc Verifying CertStore
 5-10: 10:01:08:152:1fc SubjectName: C=IN, S=Kashmir, L=Baltal, O=Mission Kashmir, OU=AR, CN=Indian, E=missionkashmir at kashmir.com
 5-10: 10:01:08:152:1fc Cert Serialnumber 02
 5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333
 5-10: 10:01:08:152:1fc f8c38549
 5-10: 10:01:08:152:1fc Cert Trustes.  0 100
 5-10: 10:01:08:152:1fc SubjectName: C=IN, S=Kashmir, L=Baltal, O=Mission Kashmir, OU=AR, CN=Indian, E=missionkashmir at kashmir.com
 5-10: 10:01:08:152:1fc Cert Serialnumber 02
 5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333
 5-10: 10:01:08:152:1fc f8c38549
 5-10: 10:01:08:152:1fc SubjectName: C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in
 5-10: 10:01:08:152:1fc Cert Serialnumber 00
 5-10: 10:01:08:152:1fc Cert SHA Thumbprint f3f1c1a74b834a64ae9f25a3b255c772
 5-10: 10:01:08:152:1fc 6ec58cb4
 5-10: 10:01:08:152:1fc Not storing Peer's cert chain in SA.
 5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333
 5-10: 10:01:08:152:1fc f8c38549
 5-10: 10:01:08:152:1fc Entered CRL check
 5-10: 10:01:08:152:1fc Left CRL check
 5-10: 10:01:08:152:1fc CertFindExtenstion failed with 0
 5-10: 10:01:08:152:1fc Signature validated
 5-10: 10:01:08:152:1fc ClearFragList
 5-10: 10:01:08:152:1fc MM established.  SA: 000E20C8
 5-10: 10:01:08:192:1fc QM PolicyName: Host-roadwarrior filter action dwFlags 1
 5-10: 10:01:08:192:1fc QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
 5-10: 10:01:08:192:1fc QMOffer[0] dwFlags 0 dwPFSGroup -2147483648
 5-10: 10:01:08:192:1fc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
 5-10: 10:01:08:192:1fc GetSpi: src = 192.168.2.0.0000, dst = 192.168.1.2.0000, proto = 00, context = 00000006, srcMask = 255.255.255.0, destMask = 255.255.255.255, TunnelFilter 1
 5-10: 10:01:08:192:1fc Setting SPI  187970139
 5-10: 10:01:08:192:1fc constructing ISAKMP Header
 5-10: 10:01:08:192:1fc constructing HASH (null)
 5-10: 10:01:08:192:1fc constructing SA (IPSEC)
 5-10: 10:01:08:192:1fc constructing QM KE
 5-10: 10:01:08:262:1fc constructing NONCE (IPSEC)
 5-10: 10:01:08:262:1fc constructing ID (proxy)
 5-10: 10:01:08:262:1fc constructing ID (proxy)
 5-10: 10:01:08:262:1fc constructing HASH (QM)
 5-10: 10:01:08:262:1fc 
 5-10: 10:01:08:262:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.4500
 5-10: 10:01:08:262:1fc ISAKMP Header: (V1.0), len = 308
 5-10: 10:01:08:262:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:08:262:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:08:262:1fc   exchange: Oakley Quick Mode
 5-10: 10:01:08:262:1fc   flags: 1 ( encrypted )
 5-10: 10:01:08:262:1fc   next payload: HASH
 5-10: 10:01:08:262:1fc   message ID: 3ac65429
 5-10: 10:01:08:262:1fc Ports S:9411 D:9411
 5-10: 10:01:08:473:1fc 
 5-10: 10:01:08:473:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
 5-10: 10:01:08:473:1fc ISAKMP Header: (V1.0), len = 300
 5-10: 10:01:08:473:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:08:473:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:08:473:1fc   exchange: Oakley Quick Mode
 5-10: 10:01:08:473:1fc   flags: 1 ( encrypted )
 5-10: 10:01:08:473:1fc   next payload: HASH
 5-10: 10:01:08:473:1fc   message ID: 3ac65429
 5-10: 10:01:08:473:1fc Received commit re-send
 5-10: 10:01:08:473:1fc processing HASH (QM)
 5-10: 10:01:08:473:1fc ClearFragList
 5-10: 10:01:08:473:1fc processing payload NONCE
 5-10: 10:01:08:473:1fc processing payload KE
 5-10: 10:01:08:473:1fc Quick Mode KE processed; Saved KE data
 5-10: 10:01:08:473:1fc processing payload ID
 5-10: 10:01:08:473:1fc processing payload ID
 5-10: 10:01:08:473:1fc processing payload SA
 5-10: 10:01:08:473:1fc Negotiated Proxy ID: Src 192.168.1.2.0 Dst 192.168.2.0.0
 5-10: 10:01:08:473:1fc Dst id for subnet.  Mask 255.255.255.0
 5-10: 10:01:08:473:1fc Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
 5-10: 10:01:08:473:1fc Checking Transform # 1: ID=Triple DES CBC(3)
 5-10: 10:01:08:473:1fc  SA life type in seconds
 5-10: 10:01:08:473:1fc   SA life duration 00000e10
 5-10: 10:01:08:473:1fc  SA life type in kilobytes
 5-10: 10:01:08:473:1fc   SA life duration 0000c350
 5-10: 10:01:08:473:1fc  tunnel mode is 61443(61443)
 5-10: 10:01:08:473:1fc  HMAC algorithm is MD5(1)
 5-10: 10:01:08:473:1fc  group description for PFS is 2
 5-10: 10:01:08:473:1fc Phase 2 SA accepted: proposal=1 transform=1
 5-10: 10:01:08:503:1fc constructing ISAKMP Header
 5-10: 10:01:08:503:1fc constructing HASH (QM)
 5-10: 10:01:08:503:1fc Adding QMs: src = 192.168.1.2.0000, dst = 192.168.2.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.1.2, peer tunnel = 202.149.x.x, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 381 Direction 2 EncapType 3
 5-10: 10:01:08:503:1fc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
 5-10: 10:01:08:503:1fc  Algo[0] MySpi: 187970139 PeerSpi: 2342575122
 5-10: 10:01:08:503:1fc Encap Ports Src 4500 Dst 4500
 5-10: 10:01:08:503:1fc Skipping Outbound SA add
 5-10: 10:01:08:503:1fc Adding QMs: src = 192.168.1.2.0000, dst = 192.168.2.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.1.2, peer tunnel = 202.149.x.x, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 381 Direction 3 EncapType 3
 5-10: 10:01:08:503:1fc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
 5-10: 10:01:08:503:1fc  Algo[0] MySpi: 187970139 PeerSpi: 2342575122
 5-10: 10:01:08:503:1fc Encap Ports Src 4500 Dst 4500
 5-10: 10:01:08:503:1fc Skipping Inbound SA add
 5-10: 10:01:08:503:1fc Leaving adjust_peer_list entry 0012A418 MMCount 0 QMCount 1
 5-10: 10:01:08:513:1fc isadb_set_status sa:000E20C8 centry:000E97E8 status 0
 5-10: 10:01:08:513:1fc 
 5-10: 10:01:08:513:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500
 5-10: 10:01:08:513:1fc ISAKMP Header: (V1.0), len = 52
 5-10: 10:01:08:513:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:08:513:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:08:513:1fc   exchange: Oakley Quick Mode
 5-10: 10:01:08:513:1fc   flags: 1 ( encrypted )
 5-10: 10:01:08:513:1fc   next payload: HASH
 5-10: 10:01:08:513:1fc   message ID: 3ac65429
 5-10: 10:01:08:513:1fc Ports S:9411 D:9411
 5-10: 10:01:18:627:1fc 
 5-10: 10:01:18:627:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
 5-10: 10:01:18:627:1fc ISAKMP Header: (V1.0), len = 300
 5-10: 10:01:18:627:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:18:627:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:18:627:1fc   exchange: Oakley Quick Mode
 5-10: 10:01:18:627:1fc   flags: 1 ( encrypted )
 5-10: 10:01:18:627:1fc   next payload: HASH
 5-10: 10:01:18:627:1fc   message ID: 3ac65429
 5-10: 10:01:18:627:1fc Received commit re-send
 5-10: 10:01:18:627:1fc invalid payload received
 5-10: 10:01:18:627:1fc Resending last payload
 5-10: 10:01:18:627:1fc 
 5-10: 10:01:18:627:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500
 5-10: 10:01:18:627:1fc ISAKMP Header: (V1.0), len = 52
 5-10: 10:01:18:627:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:18:627:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:18:627:1fc   exchange: Oakley Quick Mode
 5-10: 10:01:18:627:1fc   flags: 1 ( encrypted )
 5-10: 10:01:18:627:1fc   next payload: HASH
 5-10: 10:01:18:627:1fc   message ID: 3ac65429
 5-10: 10:01:18:627:1fc Ports S:9411 D:9411
 5-10: 10:01:18:627:1fc GetPacket failed 3613
 5-10: 10:01:38:746:1fc 
 5-10: 10:01:38:746:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
 5-10: 10:01:38:746:1fc ISAKMP Header: (V1.0), len = 300
 5-10: 10:01:38:746:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:38:746:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:38:746:1fc   exchange: Oakley Quick Mode
 5-10: 10:01:38:746:1fc   flags: 1 ( encrypted )
 5-10: 10:01:38:746:1fc   next payload: HASH
 5-10: 10:01:38:746:1fc   message ID: 3ac65429
 5-10: 10:01:38:746:1fc Received commit re-send
 5-10: 10:01:38:746:1fc invalid payload received
 5-10: 10:01:38:746:1fc Resending last payload
 5-10: 10:01:38:746:1fc 
 5-10: 10:01:38:746:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500
 5-10: 10:01:38:746:1fc ISAKMP Header: (V1.0), len = 52
 5-10: 10:01:38:746:1fc   I-COOKIE bf4f1da6649c761f
 5-10: 10:01:38:746:1fc   R-COOKIE 6224079e5ef73641
 5-10: 10:01:38:746:1fc   exchange: Oakley Quick Mode
 5-10: 10:01:38:746:1fc   flags: 1 ( encrypted )
 5-10: 10:01:38:746:1fc   next payload: HASH
 5-10: 10:01:38:746:1fc   message ID: 3ac65429
 5-10: 10:01:38:746:1fc Ports S:9411 D:9411
 5-10: 10:01:38:746:1fc GetPacket failed 3613


Paul Wouters <paul at xelerance.com> wrote:On Mon, 9 May 2005, Deepak Naidu wrote:

> C:\ipsec>ping 192.168.2.234
> Pinging 192.168.2.234 with 32 bytes of data:
> Negotiating IP Security.
> Request timed out.
> Request timed out.
> Request timed out.
> Ping statistics for 192.168.2.234:
> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Check the oakley.log to see what Windows thinks is happening. And
check the openswan logs to see what it is saying. Though likely,
if this is a windows misconfiguration, openswan will just log
"no response to....." entries.

See the wiki on how to enable oakley.log on windows.

Paul

>
> Deepak Naidu wrote:
> Hi,
>
> I am using Openswan 2.3.1 VPN server on FC3
> 2.6.9smp kernel. It is behind a NAT and I have natted
> ports 4500, and 500. The issue is when using
> l2tpd+x509cert from Winxp with VPN dialer is working
> fine. But when using Mullers' ipsec.exe tool, with
> the below configs in the ipsec.conf of Winxp pc.... I
> am unable to ping my network.. It doesnt even give
> negotiating message, but host unreacheable....
>
> Should I have to write some more firewall rules to
> open the ports in my NAT.
>
> I have SP2 with support tools and ipseccmd.exe file..
>
> Winxp is a roadwarrior on dialup...
>
> Please advise me...
>
> Ipsec.conf on Winxp...
>
> conn roadwarrior
> pfs=yes
> left=%any
> right=202.x.x.x
> rightsubnet=192.168.2.0/24
> rightca="C=IN, S=state, L=location, O=company,
> OU=IT, CN=name, E=name at company.com"
> network=auto
> auto=start
>
>
> Regards,
> Deepak.
>
>
>
> ___________________________________________________________
> How much free photo storage do you get? Store your holiday
> snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
>
> ---------------------------------
> How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos




Linux your Life, Don't Window it [[]] 

               { All for the best }



Send instant messages to your online friends http://uk.messenger.yahoo.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050510/10555162/attachment-0001.htm


More information about the Users mailing list