[Openswan Users] Firewall rules --- Hers's the correct log.. ignore the previous log

Paul Wouters paul at xelerance.com
Tue May 10 17:41:30 CEST 2005 

On Tue, 10 May 2005, Deepak Naidu wrote:

> Hi Paul here the correct log, the previous log was without certificate...

It looks like it is resending its proposal. What does the openswan side log
now?

Paul

> Could u help me out ..
>
> 5-10: 09:33:41:154:50c Initialization OK
> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: eb100d73-fa1d-4c7d-ab389026b83dac6f 4
> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 82b823d7-89a4-45de-bd7c63dff1fc56f1 4
> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: a46f5645-eb3e-42fe-92784881ff2c35f6 3
> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 7bc8194e-a4b9-44ae-a6fa06ed88ed7d80 3
> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 4d95ad4d-b70a-4e18-929362eb9b65934d 1
> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 7988f29c-480b-4099-b6a1cad52d2d889f 2
> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 2dbafb3b-48ec-41ec-865cd8f9faf3b6d9 2
> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 4
> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 4
> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 3
> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 3
> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 1
> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 2
> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 2
> 5-10: 10:01:07:501:544 Acquire from driver: op=00000006 src=192.168.1.2.0 dst=192.168.2.234.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=202.149.x.x Inbound TunnelEndpt=192.168.1.2
> 5-10: 10:01:07:511:1fc Filter to match: Src 202.149.x.x Dst 192.168.1.2
> 5-10: 10:01:07:551:1fc MM PolicyName: 2
> 5-10: 10:01:07:551:1fc MMPolicy dwFlags 2 SoftSAExpireTime 28800
> 5-10: 10:01:07:551:1fc MMOffer[0] LifetimeSec 28800 QMLimit 1 DHGroup 2
> 5-10: 10:01:07:561:1fc MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
> 5-10: 10:01:07:561:1fc MMOffer[1] LifetimeSec 28800 QMLimit 1 DHGroup 2
> 5-10: 10:01:07:561:1fc MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
> 5-10: 10:01:07:561:1fc MMOffer[2] LifetimeSec 28800 QMLimit 1 DHGroup 1
> 5-10: 10:01:07:561:1fc MMOffer[2] Encrypt: DES CBC Hash: SHA
> 5-10: 10:01:07:561:1fc MMOffer[3] LifetimeSec 28800 QMLimit 1 DHGroup 1
> 5-10: 10:01:07:561:1fc MMOffer[3] Encrypt: DES CBC Hash: MD5
> 5-10: 10:01:07:571:1fc Auth[0]:RSA Sig C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in AuthFlags 0
> 5-10: 10:01:07:571:1fc QM PolicyName: Host-roadwarrior filter action dwFlags 1
> 5-10: 10:01:07:571:1fc QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
> 5-10: 10:01:07:571:1fc QMOffer[0] dwFlags 0 dwPFSGroup -2147483648
> 5-10: 10:01:07:571:1fc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
> 5-10: 10:01:07:571:1fc Starting Negotiation: src = 192.168.1.2.0500, dst = 202.149.x.x.0500, proto = 00, context = 00000006, ProxySrc = 192.168.1.2.0000, ProxyDst = 192.168.2.0.0000 SrcMask = 255.255.255.255 DstMask = 255.255.255.0
> 5-10: 10:01:07:571:1fc constructing ISAKMP Header
> 5-10: 10:01:07:571:1fc constructing SA (ISAKMP)
> 5-10: 10:01:07:571:1fc Constructing Vendor MS NT5 ISAKMPOAKLEY
> 5-10: 10:01:07:581:1fc Constructing Vendor FRAGMENTATION
> 5-10: 10:01:07:581:1fc Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
> 5-10: 10:01:07:581:1fc Constructing Vendor Vid-Initial-Contact
> 5-10: 10:01:07:581:1fc
> 5-10: 10:01:07:581:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.500
> 5-10: 10:01:07:581:1fc ISAKMP Header: (V1.0), len = 276
> 5-10: 10:01:07:581:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:07:581:1fc   R-COOKIE 0000000000000000
> 5-10: 10:01:07:581:1fc   exchange: Oakley Main Mode
> 5-10: 10:01:07:581:1fc   flags: 0
> 5-10: 10:01:07:581:1fc   next payload: SA
> 5-10: 10:01:07:581:1fc   message ID: 00000000
> 5-10: 10:01:07:581:1fc Ports S:f401 D:f401
> 5-10: 10:01:07:651:1fc
> 5-10: 10:01:07:651:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.500
> 5-10: 10:01:07:651:1fc ISAKMP Header: (V1.0), len = 140
> 5-10: 10:01:07:651:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:07:651:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:07:651:1fc   exchange: Oakley Main Mode
> 5-10: 10:01:07:651:1fc   flags: 0
> 5-10: 10:01:07:651:1fc   next payload: SA
> 5-10: 10:01:07:651:1fc   message ID: 00000000
> 5-10: 10:01:07:651:1fc processing payload SA
> 5-10: 10:01:07:651:1fc Received Phase 1 Transform 1
> 5-10: 10:01:07:651:1fc      Encryption Alg Triple DES CBC(5)
> 5-10: 10:01:07:651:1fc      Hash Alg SHA(2)
> 5-10: 10:01:07:651:1fc      Oakley Group 2
> 5-10: 10:01:07:651:1fc      Auth Method RSA Signature with Certificates(3)
> 5-10: 10:01:07:651:1fc      Life type in Seconds
> 5-10: 10:01:07:651:1fc      Life duration of 28800
> 5-10: 10:01:07:651:1fc Phase 1 SA accepted: transform=1
> 5-10: 10:01:07:651:1fc SA - Oakley proposal accepted
> 5-10: 10:01:07:651:1fc processing payload VENDOR ID
> 5-10: 10:01:07:651:1fc processing payload VENDOR ID
> 5-10: 10:01:07:651:1fc processing payload VENDOR ID
> 5-10: 10:01:07:651:1fc Received VendorId draft-ietf-ipsec-nat-t-ike-02
> 5-10: 10:01:07:651:1fc ClearFragList
> 5-10: 10:01:07:651:1fc constructing ISAKMP Header
> 5-10: 10:01:07:722:1fc constructing KE
> 5-10: 10:01:07:722:1fc constructing NONCE (ISAKMP)
> 5-10: 10:01:07:722:1fc Constructing NatDisc
> 5-10: 10:01:07:722:1fc
> 5-10: 10:01:07:722:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.500
> 5-10: 10:01:07:722:1fc ISAKMP Header: (V1.0), len = 232
> 5-10: 10:01:07:722:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:07:722:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:07:722:1fc   exchange: Oakley Main Mode
> 5-10: 10:01:07:722:1fc   flags: 0
> 5-10: 10:01:07:722:1fc   next payload: KE
> 5-10: 10:01:07:722:1fc   message ID: 00000000
> 5-10: 10:01:07:722:1fc Ports S:f401 D:f401
> 5-10: 10:01:07:802:1fc
> 5-10: 10:01:07:802:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.500
> 5-10: 10:01:07:802:1fc ISAKMP Header: (V1.0), len = 228
> 5-10: 10:01:07:802:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:07:802:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:07:802:1fc   exchange: Oakley Main Mode
> 5-10: 10:01:07:802:1fc   flags: 0
> 5-10: 10:01:07:802:1fc   next payload: KE
> 5-10: 10:01:07:802:1fc   message ID: 00000000
> 5-10: 10:01:07:802:1fc processing payload KE
> 5-10: 10:01:07:822:1fc processing payload NONCE
> 5-10: 10:01:07:822:1fc processing payload NATDISC
> 5-10: 10:01:07:822:1fc Processing NatHash
> 5-10: 10:01:07:822:1fc Nat hash 564683fd234d3238ad2b3e6c2814c4c9
> 5-10: 10:01:07:822:1fc 83193bec
> 5-10: 10:01:07:822:1fc SA StateMask2 1f
> 5-10: 10:01:07:822:1fc processing payload NATDISC
> 5-10: 10:01:07:822:1fc Processing NatHash
> 5-10: 10:01:07:822:1fc Nat hash f0f0334fcc4e26cd19259ea4703e573c
> 5-10: 10:01:07:822:1fc 2eee1a02
> 5-10: 10:01:07:822:1fc SA StateMask2 5f
> 5-10: 10:01:07:822:1fc ClearFragList
> 5-10: 10:01:07:822:1fc Peer behind NAT
> 5-10: 10:01:07:822:1fc Floated Ports Orig Me:f401 Peer:f401
> 5-10: 10:01:07:822:1fc Floated Ports Me:9411 Peer:9411
> 5-10: 10:01:07:822:1fc constructing ISAKMP Header
> 5-10: 10:01:07:822:1fc constructing ID
> 5-10: 10:01:07:822:1fc Received no valid CRPs.  Using all configured
> 5-10: 10:01:07:822:1fc Looking for IPSec only cert
> 5-10: 10:01:07:882:1fc Cert Trustes.  0 100
> 5-10: 10:01:07:882:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d
> 5-10: 10:01:07:882:1fc f0a8d89b
> 5-10: 10:01:07:882:1fc CertFindExtenstion failed with 0
> 5-10: 10:01:07:882:1fc Entered CRL check
> 5-10: 10:01:07:922:1fc Left CRL check
> 5-10: 10:01:07:922:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d
> 5-10: 10:01:07:922:1fc f0a8d89b
> 5-10: 10:01:07:922:1fc SubjectName: C=IN, S=Meghalay, L=Sikkim, O=Deepaks Legacy, OU=ME, CN=Legacy, E=deepakslegacy at legacy.com
> 5-10: 10:01:07:922:1fc Cert Serialnumber 03
> 5-10: 10:01:07:922:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d
> 5-10: 10:01:07:922:1fc f0a8d89b
> 5-10: 10:01:07:922:1fc SubjectName: C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in
> 5-10: 10:01:07:922:1fc Cert Serialnumber 00
> 5-10: 10:01:07:922:1fc Cert SHA Thumbprint f3f1c1a74b834a64ae9f25a3b255c772
> 5-10: 10:01:07:922:1fc 6ec58cb4
> 5-10: 10:01:07:922:1fc Not storing My cert chain in SA.
> 5-10: 10:01:07:932:1fc MM ID Type 9
> 5-10: 10:01:07:932:1fc MM ID 308191310b300906035504061302494e
> 5-10: 10:01:07:932:1fc 3111300f060355040813084d65676861
> 5-10: 10:01:07:932:1fc 6c6179310f300d060355040713065369
> 5-10: 10:01:07:932:1fc 6b6b696d31173015060355040a130e44
> 5-10: 10:01:07:932:1fc 656570616b73204c6567616379310b30
> 5-10: 10:01:07:932:1fc 09060355040b13024d45310f300d0603
> 5-10: 10:01:07:932:1fc 55040313064c65676163793127302506
> 5-10: 10:01:07:932:1fc 092a864886f70d010901161864656570
> 5-10: 10:01:07:932:1fc 616b736c6567616379406c6567616379
> 5-10: 10:01:07:932:1fc 2e636f6d
> 5-10: 10:01:07:932:1fc constructing CERT
> 5-10: 10:01:07:932:1fc Construct SIG
> 5-10: 10:01:07:942:1fc Constructing Cert Request
> 5-10: 10:01:07:942:1fc C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in
> 5-10: 10:01:07:942:1fc
> 5-10: 10:01:07:942:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.4500
> 5-10: 10:01:07:942:1fc ISAKMP Header: (V1.0), len = 1412
> 5-10: 10:01:07:942:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:07:942:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:07:942:1fc   exchange: Oakley Main Mode
> 5-10: 10:01:07:942:1fc   flags: 1 ( encrypted )
> 5-10: 10:01:07:942:1fc   next payload: ID
> 5-10: 10:01:07:942:1fc   message ID: 00000000
> 5-10: 10:01:07:942:1fc Ports S:9411 D:9411
> 5-10: 10:01:08:152:1fc
> 5-10: 10:01:08:152:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
> 5-10: 10:01:08:152:1fc ISAKMP Header: (V1.0), len = 1268
> 5-10: 10:01:08:152:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:08:152:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:08:152:1fc   exchange: Oakley Main Mode
> 5-10: 10:01:08:152:1fc   flags: 1 ( encrypted )
> 5-10: 10:01:08:152:1fc   next payload: ID
> 5-10: 10:01:08:152:1fc   message ID: 00000000
> 5-10: 10:01:08:152:1fc processing payload ID
> 5-10: 10:01:08:152:1fc processing payload CERT
> 5-10: 10:01:08:152:1fc processing payload SIG
> 5-10: 10:01:08:152:1fc Verifying CertStore
> 5-10: 10:01:08:152:1fc SubjectName: C=IN, S=Kashmir, L=Baltal, O=Mission Kashmir, OU=AR, CN=Indian, E=missionkashmir at kashmir.com
> 5-10: 10:01:08:152:1fc Cert Serialnumber 02
> 5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333
> 5-10: 10:01:08:152:1fc f8c38549
> 5-10: 10:01:08:152:1fc Cert Trustes.  0 100
> 5-10: 10:01:08:152:1fc SubjectName: C=IN, S=Kashmir, L=Baltal, O=Mission Kashmir, OU=AR, CN=Indian, E=missionkashmir at kashmir.com
> 5-10: 10:01:08:152:1fc Cert Serialnumber 02
> 5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333
> 5-10: 10:01:08:152:1fc f8c38549
> 5-10: 10:01:08:152:1fc SubjectName: C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, E=deepak at netcore.co.in
> 5-10: 10:01:08:152:1fc Cert Serialnumber 00
> 5-10: 10:01:08:152:1fc Cert SHA Thumbprint f3f1c1a74b834a64ae9f25a3b255c772
> 5-10: 10:01:08:152:1fc 6ec58cb4
> 5-10: 10:01:08:152:1fc Not storing Peer's cert chain in SA.
> 5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333
> 5-10: 10:01:08:152:1fc f8c38549
> 5-10: 10:01:08:152:1fc Entered CRL check
> 5-10: 10:01:08:152:1fc Left CRL check
> 5-10: 10:01:08:152:1fc CertFindExtenstion failed with 0
> 5-10: 10:01:08:152:1fc Signature validated
> 5-10: 10:01:08:152:1fc ClearFragList
> 5-10: 10:01:08:152:1fc MM established.  SA: 000E20C8
> 5-10: 10:01:08:192:1fc QM PolicyName: Host-roadwarrior filter action dwFlags 1
> 5-10: 10:01:08:192:1fc QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
> 5-10: 10:01:08:192:1fc QMOffer[0] dwFlags 0 dwPFSGroup -2147483648
> 5-10: 10:01:08:192:1fc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
> 5-10: 10:01:08:192:1fc GetSpi: src = 192.168.2.0.0000, dst = 192.168.1.2.0000, proto = 00, context = 00000006, srcMask = 255.255.255.0, destMask = 255.255.255.255, TunnelFilter 1
> 5-10: 10:01:08:192:1fc Setting SPI  187970139
> 5-10: 10:01:08:192:1fc constructing ISAKMP Header
> 5-10: 10:01:08:192:1fc constructing HASH (null)
> 5-10: 10:01:08:192:1fc constructing SA (IPSEC)
> 5-10: 10:01:08:192:1fc constructing QM KE
> 5-10: 10:01:08:262:1fc constructing NONCE (IPSEC)
> 5-10: 10:01:08:262:1fc constructing ID (proxy)
> 5-10: 10:01:08:262:1fc constructing ID (proxy)
> 5-10: 10:01:08:262:1fc constructing HASH (QM)
> 5-10: 10:01:08:262:1fc
> 5-10: 10:01:08:262:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.4500
> 5-10: 10:01:08:262:1fc ISAKMP Header: (V1.0), len = 308
> 5-10: 10:01:08:262:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:08:262:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:08:262:1fc   exchange: Oakley Quick Mode
> 5-10: 10:01:08:262:1fc   flags: 1 ( encrypted )
> 5-10: 10:01:08:262:1fc   next payload: HASH
> 5-10: 10:01:08:262:1fc   message ID: 3ac65429
> 5-10: 10:01:08:262:1fc Ports S:9411 D:9411
> 5-10: 10:01:08:473:1fc
> 5-10: 10:01:08:473:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
> 5-10: 10:01:08:473:1fc ISAKMP Header: (V1.0), len = 300
> 5-10: 10:01:08:473:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:08:473:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:08:473:1fc   exchange: Oakley Quick Mode
> 5-10: 10:01:08:473:1fc   flags: 1 ( encrypted )
> 5-10: 10:01:08:473:1fc   next payload: HASH
> 5-10: 10:01:08:473:1fc   message ID: 3ac65429
> 5-10: 10:01:08:473:1fc Received commit re-send
> 5-10: 10:01:08:473:1fc processing HASH (QM)
> 5-10: 10:01:08:473:1fc ClearFragList
> 5-10: 10:01:08:473:1fc processing payload NONCE
> 5-10: 10:01:08:473:1fc processing payload KE
> 5-10: 10:01:08:473:1fc Quick Mode KE processed; Saved KE data
> 5-10: 10:01:08:473:1fc processing payload ID
> 5-10: 10:01:08:473:1fc processing payload ID
> 5-10: 10:01:08:473:1fc processing payload SA
> 5-10: 10:01:08:473:1fc Negotiated Proxy ID: Src 192.168.1.2.0 Dst 192.168.2.0.0
> 5-10: 10:01:08:473:1fc Dst id for subnet.  Mask 255.255.255.0
> 5-10: 10:01:08:473:1fc Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0
> 5-10: 10:01:08:473:1fc Checking Transform # 1: ID=Triple DES CBC(3)
> 5-10: 10:01:08:473:1fc  SA life type in seconds
> 5-10: 10:01:08:473:1fc   SA life duration 00000e10
> 5-10: 10:01:08:473:1fc  SA life type in kilobytes
> 5-10: 10:01:08:473:1fc   SA life duration 0000c350
> 5-10: 10:01:08:473:1fc  tunnel mode is 61443(61443)
> 5-10: 10:01:08:473:1fc  HMAC algorithm is MD5(1)
> 5-10: 10:01:08:473:1fc  group description for PFS is 2
> 5-10: 10:01:08:473:1fc Phase 2 SA accepted: proposal=1 transform=1
> 5-10: 10:01:08:503:1fc constructing ISAKMP Header
> 5-10: 10:01:08:503:1fc constructing HASH (QM)
> 5-10: 10:01:08:503:1fc Adding QMs: src = 192.168.1.2.0000, dst = 192.168.2.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.1.2, peer tunnel = 202.149.x.x, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 381 Direction 2 EncapType 3
> 5-10: 10:01:08:503:1fc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
> 5-10: 10:01:08:503:1fc  Algo[0] MySpi: 187970139 PeerSpi: 2342575122
> 5-10: 10:01:08:503:1fc Encap Ports Src 4500 Dst 4500
> 5-10: 10:01:08:503:1fc Skipping Outbound SA add
> 5-10: 10:01:08:503:1fc Adding QMs: src = 192.168.1.2.0000, dst = 192.168.2.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.1.2, peer tunnel = 202.149.x.x, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 381 Direction 3 EncapType 3
> 5-10: 10:01:08:503:1fc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
> 5-10: 10:01:08:503:1fc  Algo[0] MySpi: 187970139 PeerSpi: 2342575122
> 5-10: 10:01:08:503:1fc Encap Ports Src 4500 Dst 4500
> 5-10: 10:01:08:503:1fc Skipping Inbound SA add
> 5-10: 10:01:08:503:1fc Leaving adjust_peer_list entry 0012A418 MMCount 0 QMCount 1
> 5-10: 10:01:08:513:1fc isadb_set_status sa:000E20C8 centry:000E97E8 status 0
> 5-10: 10:01:08:513:1fc
> 5-10: 10:01:08:513:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500
> 5-10: 10:01:08:513:1fc ISAKMP Header: (V1.0), len = 52
> 5-10: 10:01:08:513:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:08:513:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:08:513:1fc   exchange: Oakley Quick Mode
> 5-10: 10:01:08:513:1fc   flags: 1 ( encrypted )
> 5-10: 10:01:08:513:1fc   next payload: HASH
> 5-10: 10:01:08:513:1fc   message ID: 3ac65429
> 5-10: 10:01:08:513:1fc Ports S:9411 D:9411
> 5-10: 10:01:18:627:1fc
> 5-10: 10:01:18:627:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
> 5-10: 10:01:18:627:1fc ISAKMP Header: (V1.0), len = 300
> 5-10: 10:01:18:627:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:18:627:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:18:627:1fc   exchange: Oakley Quick Mode
> 5-10: 10:01:18:627:1fc   flags: 1 ( encrypted )
> 5-10: 10:01:18:627:1fc   next payload: HASH
> 5-10: 10:01:18:627:1fc   message ID: 3ac65429
> 5-10: 10:01:18:627:1fc Received commit re-send
> 5-10: 10:01:18:627:1fc invalid payload received
> 5-10: 10:01:18:627:1fc Resending last payload
> 5-10: 10:01:18:627:1fc
> 5-10: 10:01:18:627:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500
> 5-10: 10:01:18:627:1fc ISAKMP Header: (V1.0), len = 52
> 5-10: 10:01:18:627:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:18:627:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:18:627:1fc   exchange: Oakley Quick Mode
> 5-10: 10:01:18:627:1fc   flags: 1 ( encrypted )
> 5-10: 10:01:18:627:1fc   next payload: HASH
> 5-10: 10:01:18:627:1fc   message ID: 3ac65429
> 5-10: 10:01:18:627:1fc Ports S:9411 D:9411
> 5-10: 10:01:18:627:1fc GetPacket failed 3613
> 5-10: 10:01:38:746:1fc
> 5-10: 10:01:38:746:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500
> 5-10: 10:01:38:746:1fc ISAKMP Header: (V1.0), len = 300
> 5-10: 10:01:38:746:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:38:746:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:38:746:1fc   exchange: Oakley Quick Mode
> 5-10: 10:01:38:746:1fc   flags: 1 ( encrypted )
> 5-10: 10:01:38:746:1fc   next payload: HASH
> 5-10: 10:01:38:746:1fc   message ID: 3ac65429
> 5-10: 10:01:38:746:1fc Received commit re-send
> 5-10: 10:01:38:746:1fc invalid payload received
> 5-10: 10:01:38:746:1fc Resending last payload
> 5-10: 10:01:38:746:1fc
> 5-10: 10:01:38:746:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500
> 5-10: 10:01:38:746:1fc ISAKMP Header: (V1.0), len = 52
> 5-10: 10:01:38:746:1fc   I-COOKIE bf4f1da6649c761f
> 5-10: 10:01:38:746:1fc   R-COOKIE 6224079e5ef73641
> 5-10: 10:01:38:746:1fc   exchange: Oakley Quick Mode
> 5-10: 10:01:38:746:1fc   flags: 1 ( encrypted )
> 5-10: 10:01:38:746:1fc   next payload: HASH
> 5-10: 10:01:38:746:1fc   message ID: 3ac65429
> 5-10: 10:01:38:746:1fc Ports S:9411 D:9411
> 5-10: 10:01:38:746:1fc GetPacket failed 3613
>
>
> Paul Wouters <paul at xelerance.com> wrote:On Mon, 9 May 2005, Deepak Naidu wrote:
>
>> C:\ipsec>ping 192.168.2.234
>> Pinging 192.168.2.234 with 32 bytes of data:
>> Negotiating IP Security.
>> Request timed out.
>> Request timed out.
>> Request timed out.
>> Ping statistics for 192.168.2.234:
>> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
>
> Check the oakley.log to see what Windows thinks is happening. And
> check the openswan logs to see what it is saying. Though likely,
> if this is a windows misconfiguration, openswan will just log
> "no response to....." entries.
>
> See the wiki on how to enable oakley.log on windows.
>
> Paul
>
>>
>> Deepak Naidu wrote:
>> Hi,
>>
>> I am using Openswan 2.3.1 VPN server on FC3
>> 2.6.9smp kernel. It is behind a NAT and I have natted
>> ports 4500, and 500. The issue is when using
>> l2tpd+x509cert from Winxp with VPN dialer is working
>> fine. But when using Mullers' ipsec.exe tool, with
>> the below configs in the ipsec.conf of Winxp pc.... I
>> am unable to ping my network.. It doesnt even give
>> negotiating message, but host unreacheable....
>>
>> Should I have to write some more firewall rules to
>> open the ports in my NAT.
>>
>> I have SP2 with support tools and ipseccmd.exe file..
>>
>> Winxp is a roadwarrior on dialup...
>>
>> Please advise me...
>>
>> Ipsec.conf on Winxp...
>>
>> conn roadwarrior
>> pfs=yes
>> left=%any
>> right=202.x.x.x
>> rightsubnet=192.168.2.0/24
>> rightca="C=IN, S=state, L=location, O=company,
>> OU=IT, CN=name, E=name at company.com"
>> network=auto
>> auto=start
>>
>>
>> Regards,
>> Deepak.
>>
>>
>>
>> ___________________________________________________________
>> How much free photo storage do you get? Store your holiday
>> snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>
>>
>> ---------------------------------
>> How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos
>
>
>
>
> Linux your Life, Don't Window it [[]]
>
>               { All for the best }
>
>
>
> Send instant messages to your online friends http://uk.messenger.yahoo.com

More information about the Users mailing list