[Openswan Users] Problem with Openswan and netgear fvs318v3
Daniela Gradim
daniela.gradim at mobila-kontoret.se
Fri Apr 21 17:19:41 CEST 2006
Hi !!!
I got a problem when I'm trying to connect with Openswan from a netgear
FVS318v3 router.
This is the scenario :
gw openswan ========== gw fvs318 -------- gwfvs318 ----- subnet client
| |
|----------------------------------------|
Fedora Core 3 2.6.11-1.35_FC3smp and OpenSwan 2.4.0dr9
I want to make a tunnel between the second router with the openswan but
I need to open the ipsec passtrough in the first router. Isn't is that?
The ports UDP 500 and 4500 are open and protocol 50 to ESP
I can get the communication but the SA is deleted everytime.and i get
Apr 20 16:10:59 gw3 pluto[22052]: packet from x.x.x.x:500: ignoring
Delete SA payload: not encrypted
Apr 20 16:10:59 gw3 pluto[22052]: | del: 36 f2 cd 56 73 95 08 39 00
00 00 00 00 00 00 00
Apr 20 16:10:59 gw3 pluto[22052]: packet from x.x.x.x:500: received and
ignored informational message
Apr 20 16:10:59 gw3 pluto[22052]: | complete state transition with STF_IGNORE
[root at gw3 ~]# /usr/sbin/ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.0dr9/K2.6.11-1.35_FC3smp (netkey)
Checking for IPsec support in kernel [OK]
Checking for RSA private key (/etc/ipsec.secrets) [FAILED]
ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [N/A]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Checking for 'setkey' command for NETKEY IPsec stack support [OK]
Opportunistic Encryption Support [DISABLED]
Cannot execute command "which setkey": No such file or director
Here is the log !!!
Apr 20 16:10:49 gw3 pluto[22052]: |
Apr 20 16:10:49 gw3 pluto[22052]: | *received 84 bytes from x.x.x.x:500
on eth0 (port=500)
Apr 20 16:10:49 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39 00 00
00 00 00 00 00 00
Apr 20 16:10:49 gw3 pluto[22052]: | 01 10 02 00 00 00 00 00 00 00
00 54 00 00 00 38
Apr 20 16:10:49 gw3 pluto[22052]: | 00 00 00 01 00 00 00 01 00 00
00 2c 01 01 00 01
Apr 20 16:10:49 gw3 pluto[22052]: | 00 00 00 24 01 01 00 00 80 04
00 02 80 03 00 01
Apr 20 16:10:49 gw3 pluto[22052]: | 80 01 00 05 80 02 00 01 80 0b
00 01 00 0c 00 04
Apr 20 16:10:49 gw3 pluto[22052]: | 00 01 51 80
Apr 20 16:10:49 gw3 pluto[22052]: | **parse ISAKMP Message:
Apr 20 16:10:49 gw3 pluto[22052]: | initiator cookie:
Apr 20 16:10:49 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39
Apr 20 16:10:49 gw3 pluto[22052]: | responder cookie:
Apr 20 16:10:49 gw3 pluto[22052]: | 00 00 00 00 00 00 00 00
Apr 20 16:10:49 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_SA
Apr 20 16:10:49 gw3 pluto[22052]: | ISAKMP version: ISAKMP Version 1.0
Apr 20 16:10:49 gw3 pluto[22052]: | exchange type: ISAKMP_XCHG_IDPROT
Apr 20 16:10:49 gw3 pluto[22052]: | flags: none
Apr 20 16:10:49 gw3 pluto[22052]: | message ID: 00 00 00 00
Apr 20 16:10:49 gw3 pluto[22052]: | length: 84
Apr 20 16:10:49 gw3 pluto[22052]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Apr 20 16:10:49 gw3 pluto[22052]: | ***parse ISAKMP Security
Association Payload:
Apr 20 16:10:49 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:49 gw3 pluto[22052]: | length: 56
Apr 20 16:10:49 gw3 pluto[22052]: | DOI: ISAKMP_DOI_IPSEC
Apr 20 16:10:49 gw3 pluto[22052]: | find_host_connection called from
main_inI1_outR1
Apr 20 16:10:49 gw3 pluto[22052]: | find_host_pair: comparing to
x.x.x.x:500 x.x.x.x:500
Apr 20 16:10:49 gw3 pluto[22052]: | find_host_pair_conn
(find_host_connection2): x.x.x.x:500 x.x.x.x:500 -> hp:omx-kse
Apr 20 16:10:49 gw3 pluto[22052]: | creating state object #96 at 0x918a1b0
Apr 20 16:10:49 gw3 pluto[22052]: | processing connection omx-kse
Apr 20 16:10:49 gw3 pluto[22052]: | ICOOKIE: 36 f2 cd 56 73 95 08 39
Apr 20 16:10:49 gw3 pluto[22052]: | RCOOKIE: f0 9b 48 3d 16 52 49 bd
Apr 20 16:10:49 gw3 pluto[22052]: | peer: d5 41 b6 40
Apr 20 16:10:49 gw3 pluto[22052]: | state hash entry 24
Apr 20 16:10:49 gw3 pluto[22052]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #96
Apr 20 16:10:49 gw3 pluto[22052]: "omx-kse" #96: responding to Main Mode
Apr 20 16:10:49 gw3 pluto[22052]: | **emit ISAKMP Message:
Apr 20 16:10:49 gw3 pluto[22052]: | initiator cookie:
Apr 20 16:10:49 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39
Apr 20 16:10:49 gw3 pluto[22052]: | responder cookie:
Apr 20 16:10:49 gw3 pluto[22052]: | f0 9b 48 3d 16 52 49 bd
Apr 20 16:10:49 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_SA
Apr 20 16:10:49 gw3 pluto[22052]: | ISAKMP version: ISAKMP Version 1.0
Apr 20 16:10:50 gw3 pluto[22052]: | exchange type: ISAKMP_XCHG_IDPROT
Apr 20 16:10:50 gw3 pluto[22052]: | flags: none
Apr 20 16:10:50 gw3 pluto[22052]: | message ID: 00 00 00 00
Apr 20 16:10:50 gw3 pluto[22052]: | ***emit ISAKMP Security Association
Payload:
Apr 20 16:10:50 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_VID
Apr 20 16:10:50 gw3 pluto[22052]: | DOI: ISAKMP_DOI_IPSEC
Apr 20 16:10:50 gw3 pluto[22052]: | ****parse IPsec DOI SIT:
Apr 20 16:10:50 gw3 pluto[22052]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Apr 20 16:10:50 gw3 pluto[22052]: | ****parse ISAKMP Proposal Payload:
Apr 20 16:10:50 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:50 gw3 pluto[22052]: | length: 44
Apr 20 16:10:50 gw3 pluto[22052]: | proposal number: 1
Apr 20 16:10:50 gw3 pluto[22052]: | protocol ID: PROTO_ISAKMP
Apr 20 16:10:50 gw3 pluto[22052]: | SPI size: 0
Apr 20 16:10:50 gw3 pluto[22052]: | number of transforms: 1
Apr 20 16:10:50 gw3 pluto[22052]: | *****parse ISAKMP Transform Payload
(ISAKMP):
Apr 20 16:10:50 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:50 gw3 pluto[22052]: | length: 36
Apr 20 16:10:50 gw3 pluto[22052]: | transform number: 1
Apr 20 16:10:50 gw3 pluto[22052]: | transform ID: KEY_IKE
Apr 20 16:10:50 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:50 gw3 pluto[22052]: | af+type: OAKLEY_GROUP_DESCRIPTION
Apr 20 16:10:50 gw3 pluto[22052]: | length/value: 2
Apr 20 16:10:50 gw3 pluto[22052]: | [2 is OAKLEY_GROUP_MODP1024]
Apr 20 16:10:50 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:50 gw3 pluto[22052]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Apr 20 16:10:50 gw3 pluto[22052]: | length/value: 1
Apr 20 16:10:50 gw3 pluto[22052]: | [1 is OAKLEY_PRESHARED_KEY]
Apr 20 16:10:50 gw3 pluto[22052]: | started looking for secret for
x.x.x.x->192.168.1.200 of kind PPK_PSK
Apr 20 16:10:50 gw3 pluto[22052]: | actually looking for secret for
x.x.x.x->192.168.1.200 of kind PPK_PSK
Apr 20 16:10:50 gw3 pluto[22052]: | 1: compared PSK 192.168.1.200 to
x.x.x.x / 192.168.1.200 -> 2
Apr 20 16:10:50 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 6
Apr 20 16:10:50 gw3 pluto[22052]: | best_match 0>6 best=0x9183190 (line=33)
Apr 20 16:10:50 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:50 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:50 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:50 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:50 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:50 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:50 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:50 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:50 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:50 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:50 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:50 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:50 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:50 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:50 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:50 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:50 gw3 pluto[22052]: | concluding with best_match=6
best=0x9183190 (lineno=33)
Apr 20 16:10:50 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:50 gw3 pluto[22052]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Apr 20 16:10:50 gw3 pluto[22052]: | length/value: 5
Apr 20 16:10:50 gw3 pluto[22052]: | [5 is OAKLEY_3DES_CBC]
Apr 20 16:10:50 gw3 pluto[22052]: | ike_alg_enc_ok(ealg=5,key_len=0):
blocksize=8, keyminlen=192, keydeflen=192, keymaxlen=192, ret=1
Apr 20 16:10:50 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:50 gw3 pluto[22052]: | af+type: OAKLEY_HASH_ALGORITHM
Apr 20 16:10:50 gw3 pluto[22052]: | length/value: 1
Apr 20 16:10:50 gw3 pluto[22052]: | [1 is OAKLEY_MD5]
Apr 20 16:10:50 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:50 gw3 pluto[22052]: | af+type: OAKLEY_LIFE_TYPE
Apr 20 16:10:50 gw3 pluto[22052]: | length/value: 1
Apr 20 16:10:50 gw3 pluto[22052]: | [1 is OAKLEY_LIFE_SECONDS]
Apr 20 16:10:50 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:50 gw3 pluto[22052]: | af+type: OAKLEY_LIFE_DURATION
(variable length)
Apr 20 16:10:50 gw3 pluto[22052]: | length/value: 4
Apr 20 16:10:50 gw3 pluto[22052]: | long duration: 86400
Apr 20 16:10:50 gw3 pluto[22052]: | Oakley Transform 1 accepted
Apr 20 16:10:50 gw3 pluto[22052]: | ****emit IPsec DOI SIT:
Apr 20 16:10:50 gw3 pluto[22052]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Apr 20 16:10:50 gw3 pluto[22052]: | ****emit ISAKMP Proposal Payload:
Apr 20 16:10:50 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:50 gw3 pluto[22052]: | proposal number: 1
Apr 20 16:10:50 gw3 pluto[22052]: | protocol ID: PROTO_ISAKMP
Apr 20 16:10:50 gw3 pluto[22052]: | SPI size: 0
Apr 20 16:10:50 gw3 pluto[22052]: | number of transforms: 1
Apr 20 16:10:50 gw3 pluto[22052]: | *****emit ISAKMP Transform Payload
(ISAKMP):
Apr 20 16:10:50 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:50 gw3 pluto[22052]: | transform number: 1
Apr 20 16:10:50 gw3 pluto[22052]: | transform ID: KEY_IKE
Apr 20 16:10:50 gw3 pluto[22052]: | emitting 28 raw bytes of attributes
into ISAKMP Transform Payload (ISAKMP)
Apr 20 16:10:50 gw3 pluto[22052]: | attributes 80 04 00 02 80 03 00
01 80 01 00 05 80 02 00 01
Apr 20 16:10:50 gw3 pluto[22052]: | 80 0b 00 01 00 0c 00 04 00 01 51 80
Apr 20 16:10:50 gw3 pluto[22052]: | emitting length of ISAKMP Transform
Payload (ISAKMP): 36
Apr 20 16:10:50 gw3 pluto[22052]: | emitting length of ISAKMP Proposal
Payload: 44
Apr 20 16:10:50 gw3 pluto[22052]: | emitting length of ISAKMP Security
Association Payload: 56
Apr 20 16:10:50 gw3 pluto[22052]: | ***emit ISAKMP Vendor ID Payload:
Apr 20 16:10:50 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_VID
Apr 20 16:10:50 gw3 pluto[22052]: | emitting 12 raw bytes of Vendor ID
into ISAKMP Vendor ID Payload
Apr 20 16:10:50 gw3 pluto[22052]: | Vendor ID 4f 45 7a 7d 46 46 46 66
67 72 5f 65
Apr 20 16:10:50 gw3 pluto[22052]: | emitting length of ISAKMP Vendor ID
Payload: 16
Apr 20 16:10:50 gw3 pluto[22052]: | ***emit ISAKMP Vendor ID Payload:
Apr 20 16:10:50 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:50 gw3 pluto[22052]: | emitting 16 raw bytes of DPP Vendor
ID into ISAKMP Vendor ID Payload
Apr 20 16:10:50 gw3 pluto[22052]: | DPP Vendor ID af ca d7 13 68 a1
f1 c9 6b 86 96 fc 77 57 01 00
Apr 20 16:10:50 gw3 pluto[22052]: | emitting length of ISAKMP Vendor ID
Payload: 20
Apr 20 16:10:50 gw3 pluto[22052]: | sender checking NAT-t: 1 and 0
Apr 20 16:10:50 gw3 pluto[22052]: | emitting length of ISAKMP Message: 120
Apr 20 16:10:50 gw3 pluto[22052]: | complete state transition with STF_OK
Apr 20 16:10:50 gw3 pluto[22052]: "omx-kse" #96: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 20 16:10:50 gw3 pluto[22052]: | sending reply packet to x.x.x.x:500
(from port=500)
Apr 20 16:10:50 gw3 pluto[22052]: | sending 120 bytes for STATE_MAIN_R0
through eth0:500 to x.x.x.x:500:
Apr 20 16:10:50 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39 f0 9b
48 3d 16 52 49 bd
Apr 20 16:10:50 gw3 pluto[22052]: | 01 10 02 00 00 00 00 00 00 00
00 78 0d 00 00 38
Apr 20 16:10:50 gw3 pluto[22052]: | 00 00 00 01 00 00 00 01 00 00
00 2c 01 01 00 01
Apr 20 16:10:50 gw3 pluto[22052]: | 00 00 00 24 01 01 00 00 80 04
00 02 80 03 00 01
Apr 20 16:10:50 gw3 pluto[22052]: | 80 01 00 05 80 02 00 01 80 0b
00 01 00 0c 00 04
Apr 20 16:10:50 gw3 pluto[22052]: | 00 01 51 80 0d 00 00 10 4f 45
7a 7d 46 46 46 66
Apr 20 16:10:50 gw3 pluto[22052]: | 67 72 5f 65 00 00 00 14 af ca
d7 13 68 a1 f1 c9
Apr 20 16:10:50 gw3 pluto[22052]: | 6b 86 96 fc 77 57 01 00
Apr 20 16:10:50 gw3 pluto[22052]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #96
Apr 20 16:10:50 gw3 pluto[22052]: "omx-kse" #96: STATE_MAIN_R1: sent
MR1, expecting MI2
Apr 20 16:10:50 gw3 pluto[22052]: | modecfg pull: noquirk policy:push
not-client
Apr 20 16:10:50 gw3 pluto[22052]: | phase 1 is done, looking for phase
1 to unpend
Apr 20 16:10:50 gw3 pluto[22052]: | next event EVENT_RETRANSMIT in 0
seconds for #94
Apr 20 16:10:50 gw3 pluto[22052]: |
Apr 20 16:10:50 gw3 pluto[22052]: | *time to handle event
Apr 20 16:10:50 gw3 pluto[22052]: | handling event EVENT_RETRANSMIT
Apr 20 16:10:50 gw3 pluto[22052]: | event after this is
EVENT_RETRANSMIT in 5 seconds
Apr 20 16:10:50 gw3 pluto[22052]: | processing connection omx-kse
Apr 20 16:10:50 gw3 pluto[22052]: | handling event EVENT_RETRANSMIT for
x.x.x.x "omx-kse" #94
Apr 20 16:10:50 gw3 pluto[22052]: | sending 120 bytes for
EVENT_RETRANSMIT through eth0:500 to x.x.x.x:500:
Apr 20 16:10:50 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39 9b 0a
b4 a6 69 b0 7f a1
Apr 20 16:10:50 gw3 pluto[22052]: | 01 10 02 00 00 00 00 00 00 00
00 78 0d 00 00 38
Apr 20 16:10:50 gw3 pluto[22052]: | 00 00 00 01 00 00 00 01 00 00
00 2c 01 01 00 01
Apr 20 16:10:50 gw3 pluto[22052]: | 00 00 00 24 01 01 00 00 80 04
00 02 80 03 00 01
Apr 20 16:10:50 gw3 pluto[22052]: | 80 01 00 05 80 02 00 01 80 0b
00 01 00 0c 00 04
Apr 20 16:10:50 gw3 pluto[22052]: | 00 01 51 80 0d 00 00 10 4f 45
7a 7d 46 46 46 66
Apr 20 16:10:50 gw3 pluto[22052]: | 67 72 5f 65 00 00 00 14 af ca
d7 13 68 a1 f1 c9
Apr 20 16:10:50 gw3 pluto[22052]: | 6b 86 96 fc 77 57 01 00
Apr 20 16:10:50 gw3 pluto[22052]: | inserting event EVENT_RETRANSMIT,
timeout in 20 seconds for #94
Apr 20 16:10:50 gw3 pluto[22052]: | next event EVENT_RETRANSMIT in 5
seconds for #95
Apr 20 16:10:54 gw3 pluto[22052]: |
Apr 20 16:10:54 gw3 pluto[22052]: | *received 84 bytes from x.x.x.x:500
on eth0 (port=500)
Apr 20 16:10:54 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39 00 00
00 00 00 00 00 00
Apr 20 16:10:54 gw3 pluto[22052]: | 01 10 02 00 00 00 00 00 00 00
00 54 00 00 00 38
Apr 20 16:10:54 gw3 pluto[22052]: | 00 00 00 01 00 00 00 01 00 00
00 2c 01 01 00 01
Apr 20 16:10:54 gw3 pluto[22052]: | 00 00 00 24 01 01 00 00 80 04
00 02 80 03 00 01
Apr 20 16:10:54 gw3 pluto[22052]: | 80 01 00 05 80 02 00 01 80 0b
00 01 00 0c 00 04
Apr 20 16:10:54 gw3 pluto[22052]: | 00 01 51 80
Apr 20 16:10:54 gw3 pluto[22052]: | **parse ISAKMP Message:
Apr 20 16:10:54 gw3 pluto[22052]: | initiator cookie:
Apr 20 16:10:54 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39
Apr 20 16:10:54 gw3 pluto[22052]: | responder cookie:
Apr 20 16:10:54 gw3 pluto[22052]: | 00 00 00 00 00 00 00 00
Apr 20 16:10:54 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_SA
Apr 20 16:10:54 gw3 pluto[22052]: | ISAKMP version: ISAKMP Version 1.0
Apr 20 16:10:54 gw3 pluto[22052]: | exchange type: ISAKMP_XCHG_IDPROT
Apr 20 16:10:54 gw3 pluto[22052]: | flags: none
Apr 20 16:10:54 gw3 pluto[22052]: | message ID: 00 00 00 00
Apr 20 16:10:54 gw3 pluto[22052]: | length: 84
Apr 20 16:10:54 gw3 pluto[22052]: | processing packet with exchange
type=ISAKMP_XCHG_IDPROT (2)
Apr 20 16:10:54 gw3 pluto[22052]: | ***parse ISAKMP Security
Association Payload:
Apr 20 16:10:54 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:54 gw3 pluto[22052]: | length: 56
Apr 20 16:10:54 gw3 pluto[22052]: | DOI: ISAKMP_DOI_IPSEC
Apr 20 16:10:54 gw3 pluto[22052]: | find_host_connection called from
main_inI1_outR1
Apr 20 16:10:54 gw3 pluto[22052]: | find_host_pair: comparing to
x.x.x.x:500 x.x.x.x:500
Apr 20 16:10:54 gw3 pluto[22052]: | find_host_pair_conn
(find_host_connection2): x.x.x.x:500 x.x.x.x:500 -> hp:omx-kse
Apr 20 16:10:54 gw3 pluto[22052]: | creating state object #97 at 0x918a550
Apr 20 16:10:54 gw3 pluto[22052]: | processing connection omx-kse
Apr 20 16:10:54 gw3 pluto[22052]: | ICOOKIE: 36 f2 cd 56 73 95 08 39
Apr 20 16:10:54 gw3 pluto[22052]: | RCOOKIE: 69 c0 c6 ca b2 8d 3d b9
Apr 20 16:10:54 gw3 pluto[22052]: | peer: d5 41 b6 40
Apr 20 16:10:54 gw3 pluto[22052]: | state hash entry 18
Apr 20 16:10:54 gw3 pluto[22052]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #97
Apr 20 16:10:54 gw3 pluto[22052]: "omx-kse" #97: responding to Main Mode
Apr 20 16:10:54 gw3 pluto[22052]: | **emit ISAKMP Message:
Apr 20 16:10:54 gw3 pluto[22052]: | initiator cookie:
Apr 20 16:10:54 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39
Apr 20 16:10:54 gw3 pluto[22052]: | responder cookie:
Apr 20 16:10:54 gw3 pluto[22052]: | 69 c0 c6 ca b2 8d 3d b9
Apr 20 16:10:54 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_SA
Apr 20 16:10:54 gw3 pluto[22052]: | ISAKMP version: ISAKMP Version 1.0
Apr 20 16:10:54 gw3 pluto[22052]: | exchange type: ISAKMP_XCHG_IDPROT
Apr 20 16:10:54 gw3 pluto[22052]: | flags: none
Apr 20 16:10:54 gw3 pluto[22052]: | message ID: 00 00 00 00
Apr 20 16:10:54 gw3 pluto[22052]: | ***emit ISAKMP Security Association
Payload:
Apr 20 16:10:54 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_VID
Apr 20 16:10:54 gw3 pluto[22052]: | DOI: ISAKMP_DOI_IPSEC
Apr 20 16:10:54 gw3 pluto[22052]: | ****parse IPsec DOI SIT:
Apr 20 16:10:54 gw3 pluto[22052]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Apr 20 16:10:54 gw3 pluto[22052]: | ****parse ISAKMP Proposal Payload:
Apr 20 16:10:55 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:55 gw3 pluto[22052]: | length: 44
Apr 20 16:10:55 gw3 pluto[22052]: | proposal number: 1
Apr 20 16:10:55 gw3 pluto[22052]: | protocol ID: PROTO_ISAKMP
Apr 20 16:10:55 gw3 pluto[22052]: | SPI size: 0
Apr 20 16:10:55 gw3 pluto[22052]: | number of transforms: 1
Apr 20 16:10:55 gw3 pluto[22052]: | *****parse ISAKMP Transform Payload
(ISAKMP):
Apr 20 16:10:55 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:55 gw3 pluto[22052]: | length: 36
Apr 20 16:10:55 gw3 pluto[22052]: | transform number: 1
Apr 20 16:10:55 gw3 pluto[22052]: | transform ID: KEY_IKE
Apr 20 16:10:55 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:55 gw3 pluto[22052]: | af+type: OAKLEY_GROUP_DESCRIPTION
Apr 20 16:10:55 gw3 pluto[22052]: | length/value: 2
Apr 20 16:10:55 gw3 pluto[22052]: | [2 is OAKLEY_GROUP_MODP1024]
Apr 20 16:10:55 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:55 gw3 pluto[22052]: | af+type: OAKLEY_AUTHENTICATION_METHOD
Apr 20 16:10:55 gw3 pluto[22052]: | length/value: 1
Apr 20 16:10:55 gw3 pluto[22052]: | [1 is OAKLEY_PRESHARED_KEY]
Apr 20 16:10:55 gw3 pluto[22052]: | started looking for secret for
x.x.x.x->192.168.1.200 of kind PPK_PSK
Apr 20 16:10:55 gw3 pluto[22052]: | actually looking for secret for
x.x.x.x->192.168.1.200 of kind PPK_PSK
Apr 20 16:10:55 gw3 pluto[22052]: | 1: compared PSK 192.168.1.200 to
x.x.x.x / 192.168.1.200 -> 2
Apr 20 16:10:55 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 6
Apr 20 16:10:55 gw3 pluto[22052]: | best_match 0>6 best=0x9183190 (line=33)
Apr 20 16:10:55 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:55 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:55 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:55 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:55 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:55 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:55 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:55 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:55 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:55 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:55 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:55 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:55 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:55 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:55 gw3 pluto[22052]: | 1: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 0
Apr 20 16:10:55 gw3 pluto[22052]: | 2: compared PSK x.x.x.x to x.x.x.x
/ 192.168.1.200 -> 4
Apr 20 16:10:55 gw3 pluto[22052]: | concluding with best_match=6
best=0x9183190 (lineno=33)
Apr 20 16:10:55 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:55 gw3 pluto[22052]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM
Apr 20 16:10:55 gw3 pluto[22052]: | length/value: 5
Apr 20 16:10:55 gw3 pluto[22052]: | [5 is OAKLEY_3DES_CBC]
Apr 20 16:10:55 gw3 pluto[22052]: | ike_alg_enc_ok(ealg=5,key_len=0):
blocksize=8, keyminlen=192, keydeflen=192, keymaxlen=192, ret=1
Apr 20 16:10:55 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:55 gw3 pluto[22052]: | af+type: OAKLEY_HASH_ALGORITHM
Apr 20 16:10:55 gw3 pluto[22052]: | length/value: 1
Apr 20 16:10:55 gw3 pluto[22052]: | [1 is OAKLEY_MD5]
Apr 20 16:10:55 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:55 gw3 pluto[22052]: | af+type: OAKLEY_LIFE_TYPE
Apr 20 16:10:55 gw3 pluto[22052]: | length/value: 1
Apr 20 16:10:55 gw3 pluto[22052]: | [1 is OAKLEY_LIFE_SECONDS]
Apr 20 16:10:55 gw3 pluto[22052]: | ******parse ISAKMP Oakley attribute:
Apr 20 16:10:55 gw3 pluto[22052]: | af+type: OAKLEY_LIFE_DURATION
(variable length)
Apr 20 16:10:55 gw3 pluto[22052]: | length/value: 4
Apr 20 16:10:55 gw3 pluto[22052]: | long duration: 86400
Apr 20 16:10:55 gw3 pluto[22052]: | Oakley Transform 1 accepted
Apr 20 16:10:55 gw3 pluto[22052]: | ****emit IPsec DOI SIT:
Apr 20 16:10:55 gw3 pluto[22052]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Apr 20 16:10:55 gw3 pluto[22052]: | ****emit ISAKMP Proposal Payload:
Apr 20 16:10:55 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:55 gw3 pluto[22052]: | proposal number: 1
Apr 20 16:10:55 gw3 pluto[22052]: | protocol ID: PROTO_ISAKMP
Apr 20 16:10:55 gw3 pluto[22052]: | SPI size: 0
Apr 20 16:10:55 gw3 pluto[22052]: | number of transforms: 1
Apr 20 16:10:55 gw3 pluto[22052]: | *****emit ISAKMP Transform Payload
(ISAKMP):
Apr 20 16:10:55 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:55 gw3 pluto[22052]: | transform number: 1
Apr 20 16:10:55 gw3 pluto[22052]: | transform ID: KEY_IKE
Apr 20 16:10:55 gw3 pluto[22052]: | emitting 28 raw bytes of attributes
into ISAKMP Transform Payload (ISAKMP)
Apr 20 16:10:55 gw3 pluto[22052]: | attributes 80 04 00 02 80 03 00
01 80 01 00 05 80 02 00 01
Apr 20 16:10:55 gw3 pluto[22052]: | 80 0b 00 01 00 0c 00 04 00 01 51 80
Apr 20 16:10:55 gw3 pluto[22052]: | emitting length of ISAKMP Transform
Payload (ISAKMP): 36
Apr 20 16:10:55 gw3 pluto[22052]: | emitting length of ISAKMP Proposal
Payload: 44
Apr 20 16:10:55 gw3 pluto[22052]: | emitting length of ISAKMP Security
Association Payload: 56
Apr 20 16:10:55 gw3 pluto[22052]: | ***emit ISAKMP Vendor ID Payload:
Apr 20 16:10:55 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_VID
Apr 20 16:10:55 gw3 pluto[22052]: | emitting 12 raw bytes of Vendor ID
into ISAKMP Vendor ID Payload
Apr 20 16:10:55 gw3 pluto[22052]: | Vendor ID 4f 45 7a 7d 46 46 46 66
67 72 5f 65
Apr 20 16:10:55 gw3 pluto[22052]: | emitting length of ISAKMP Vendor ID
Payload: 16
Apr 20 16:10:55 gw3 pluto[22052]: | ***emit ISAKMP Vendor ID Payload:
Apr 20 16:10:55 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:55 gw3 pluto[22052]: | emitting 16 raw bytes of DPP Vendor
ID into ISAKMP Vendor ID Payload
Apr 20 16:10:55 gw3 pluto[22052]: | DPP Vendor ID af ca d7 13 68 a1
f1 c9 6b 86 96 fc 77 57 01 00
Apr 20 16:10:55 gw3 pluto[22052]: | emitting length of ISAKMP Vendor ID
Payload: 20
Apr 20 16:10:55 gw3 pluto[22052]: | sender checking NAT-t: 1 and 0
Apr 20 16:10:55 gw3 pluto[22052]: | emitting length of ISAKMP Message: 120
Apr 20 16:10:55 gw3 pluto[22052]: | complete state transition with STF_OK
Apr 20 16:10:55 gw3 pluto[22052]: "omx-kse" #97: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 20 16:10:55 gw3 pluto[22052]: | sending reply packet to x.x.x.x:500
(from port=500)
Apr 20 16:10:55 gw3 pluto[22052]: | sending 120 bytes for STATE_MAIN_R0
through eth0:500 to x.x.x.x:500:
Apr 20 16:10:55 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39 69 c0
c6 ca b2 8d 3d b9
Apr 20 16:10:55 gw3 pluto[22052]: | 01 10 02 00 00 00 00 00 00 00
00 78 0d 00 00 38
Apr 20 16:10:55 gw3 pluto[22052]: | 00 00 00 01 00 00 00 01 00 00
00 2c 01 01 00 01
Apr 20 16:10:55 gw3 pluto[22052]: | 00 00 00 24 01 01 00 00 80 04
00 02 80 03 00 01
Apr 20 16:10:55 gw3 pluto[22052]: | 80 01 00 05 80 02 00 01 80 0b
00 01 00 0c 00 04
Apr 20 16:10:55 gw3 pluto[22052]: | 00 01 51 80 0d 00 00 10 4f 45
7a 7d 46 46 46 66
Apr 20 16:10:55 gw3 pluto[22052]: | 67 72 5f 65 00 00 00 14 af ca
d7 13 68 a1 f1 c9
Apr 20 16:10:55 gw3 pluto[22052]: | 6b 86 96 fc 77 57 01 00
Apr 20 16:10:55 gw3 pluto[22052]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #97
Apr 20 16:10:55 gw3 pluto[22052]: "omx-kse" #97: STATE_MAIN_R1: sent
MR1, expecting MI2
Apr 20 16:10:55 gw3 pluto[22052]: | modecfg pull: noquirk policy:push
not-client
Apr 20 16:10:55 gw3 pluto[22052]: | phase 1 is done, looking for phase
1 to unpend
Apr 20 16:10:55 gw3 pluto[22052]: | next event EVENT_RETRANSMIT in 0
seconds for #95
Apr 20 16:10:55 gw3 pluto[22052]: |
Apr 20 16:10:55 gw3 pluto[22052]: | *time to handle event
Apr 20 16:10:55 gw3 pluto[22052]: | handling event EVENT_RETRANSMIT
Apr 20 16:10:55 gw3 pluto[22052]: | event after this is
EVENT_RETRANSMIT in 5 seconds
Apr 20 16:10:55 gw3 pluto[22052]: | processing connection omx-kse
Apr 20 16:10:55 gw3 pluto[22052]: | handling event EVENT_RETRANSMIT for
x.x.x.x "omx-kse" #95
Apr 20 16:10:55 gw3 pluto[22052]: | sending 120 bytes for
EVENT_RETRANSMIT through eth0:500 to x.x.x.x:500:
Apr 20 16:10:55 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39 4c 16
71 98 5f 9b 0d f3
Apr 20 16:10:55 gw3 pluto[22052]: | 01 10 02 00 00 00 00 00 00 00
00 78 0d 00 00 38
Apr 20 16:10:55 gw3 pluto[22052]: | 00 00 00 01 00 00 00 01 00 00
00 2c 01 01 00 01
Apr 20 16:10:55 gw3 pluto[22052]: | 00 00 00 24 01 01 00 00 80 04
00 02 80 03 00 01
Apr 20 16:10:55 gw3 pluto[22052]: | 80 01 00 05 80 02 00 01 80 0b
00 01 00 0c 00 04
Apr 20 16:10:55 gw3 pluto[22052]: | 00 01 51 80 0d 00 00 10 4f 45
7a 7d 46 46 46 66
Apr 20 16:10:55 gw3 pluto[22052]: | 67 72 5f 65 00 00 00 14 af ca
d7 13 68 a1 f1 c9
Apr 20 16:10:55 gw3 pluto[22052]: | 6b 86 96 fc 77 57 01 00
Apr 20 16:10:55 gw3 pluto[22052]: | inserting event EVENT_RETRANSMIT,
timeout in 20 seconds for #95
Apr 20 16:10:55 gw3 pluto[22052]: | next event EVENT_RETRANSMIT in 5
seconds for #96
Apr 20 16:10:59 gw3 pluto[22052]: |
Apr 20 16:10:59 gw3 pluto[22052]: | *received 56 bytes from x.x.x.x:500
on eth0 (port=500)
Apr 20 16:10:59 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39 00 00
00 00 00 00 00 00
Apr 20 16:10:59 gw3 pluto[22052]: | 0c 10 05 00 00 00 00 00 00 00
00 38 00 00 00 1c
Apr 20 16:10:59 gw3 pluto[22052]: | 00 00 00 01 01 10 00 01 36 f2
cd 56 73 95 08 39
Apr 20 16:10:59 gw3 pluto[22052]: | 00 00 00 00 00 00 00 00
Apr 20 16:10:59 gw3 pluto[22052]: | **parse ISAKMP Message:
Apr 20 16:10:59 gw3 pluto[22052]: | initiator cookie:
Apr 20 16:10:59 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39
Apr 20 16:10:59 gw3 pluto[22052]: | responder cookie:
Apr 20 16:10:59 gw3 pluto[22052]: | 00 00 00 00 00 00 00 00
Apr 20 16:10:59 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_D
Apr 20 16:10:59 gw3 pluto[22052]: | ISAKMP version: ISAKMP Version 1.0
Apr 20 16:10:59 gw3 pluto[22052]: | exchange type: ISAKMP_XCHG_INFO
Apr 20 16:10:59 gw3 pluto[22052]: | flags: none
Apr 20 16:10:59 gw3 pluto[22052]: | message ID: 00 00 00 00
Apr 20 16:10:59 gw3 pluto[22052]: | length: 56
Apr 20 16:10:59 gw3 pluto[22052]: | processing packet with exchange
type=ISAKMP_XCHG_INFO (5)
Apr 20 16:10:59 gw3 pluto[22052]: | ICOOKIE: 36 f2 cd 56 73 95 08 39
Apr 20 16:10:59 gw3 pluto[22052]: | RCOOKIE: 00 00 00 00 00 00 00 00
Apr 20 16:10:59 gw3 pluto[22052]: | peer: d5 41 b6 40
Apr 20 16:10:59 gw3 pluto[22052]: | state hash entry 16
Apr 20 16:10:59 gw3 pluto[22052]: | p15 state object not found
Apr 20 16:10:59 gw3 pluto[22052]: | ***parse ISAKMP Delete Payload:
Apr 20 16:10:59 gw3 pluto[22052]: | next payload type: ISAKMP_NEXT_NONE
Apr 20 16:10:59 gw3 pluto[22052]: | length: 28
Apr 20 16:10:59 gw3 pluto[22052]: | DOI: ISAKMP_DOI_IPSEC
Apr 20 16:10:59 gw3 pluto[22052]: | protocol ID: 1
Apr 20 16:10:59 gw3 pluto[22052]: | SPI size: 16
Apr 20 16:10:59 gw3 pluto[22052]: | number of SPIs: 1
Apr 20 16:10:59 gw3 pluto[22052]: packet from x.x.x.x:500: ignoring
Delete SA payload: not encrypted
Apr 20 16:10:59 gw3 pluto[22052]: | del: 36 f2 cd 56 73 95 08 39 00
00 00 00 00 00 00 00
Apr 20 16:10:59 gw3 pluto[22052]: packet from x.x.x.x:500: received and
ignored informational message
Apr 20 16:10:59 gw3 pluto[22052]: | complete state transition with STF_IGNORE
Apr 20 16:10:59 gw3 pluto[22052]: | next event EVENT_RETRANSMIT in 1
seconds for #96
Apr 20 16:11:00 gw3 pluto[22052]: |
Apr 20 16:11:00 gw3 pluto[22052]: | *time to handle event
Apr 20 16:11:00 gw3 pluto[22052]: | handling event EVENT_RETRANSMIT
Apr 20 16:11:00 gw3 pluto[22052]: | event after this is
EVENT_RETRANSMIT in 5 seconds
Apr 20 16:11:00 gw3 pluto[22052]: | processing connection omx-kse
Apr 20 16:11:00 gw3 pluto[22052]: | handling event EVENT_RETRANSMIT for
x.x.x.x "omx-kse" #96
Apr 20 16:11:00 gw3 pluto[22052]: | sending 120 bytes for
EVENT_RETRANSMIT through eth0:500 to x.x.x.x:500:
Apr 20 16:11:00 gw3 pluto[22052]: | 36 f2 cd 56 73 95 08 39 f0 9b
48 3d 16 52 49 bd
Apr 20 16:11:00 gw3 pluto[22052]: | 01 10 02 00 00 00 00 00 00 00
00 78 0d 00 00 38
Apr 20 16:11:00 gw3 pluto[22052]: | 00 00 00 01 00 00 00 01 00 00
00 2c 01 01 00 01
Apr 20 16:11:00 gw3 pluto[22052]: | 00 00 00 24 01 01 00 00 80 04
00 02 80 03 00 01
Apr 20 16:11:00 gw3 pluto[22052]: | 80 01 00 05 80 02 00 01 80 0b
00 01 00 0c 00 04
Apr 20 16:11:00 gw3 pluto[22052]: | 00 01 51 80 0d 00 00 10 4f 45
7a 7d 46 46 46 66
Apr 20 16:11:00 gw3 pluto[22052]: | 67 72 5f 65 00 00 00 14 af ca
d7 13 68 a1 f1 c9
Apr 20 16:11:00 gw3 pluto[22052]: | 6b 86 96 fc 77 57 01 00
Apr 20 16:11:00 gw3 pluto[22052]: | inserting event EVENT_RETRANSMIT,
timeout in 20 seconds for #96
Apr 20 16:11:00 gw3 pluto[22052]: | next event EVENT_RETRANSMIT in 5
seconds for #97
Does anyone can help me ???
Best Regards
More information about the Users
mailing list