[Openswan Users] WinXP Behind Nat to Openswan Server Behind NAT
Meron Lavie
lavie at netvision.net.il
Thu Aug 3 18:24:04 EDT 2006
Here is my client-side log. 111.111.111.111 is my server's external internet
address before natting. 192.168.1.22 is my client's NATed address:
==================================================
8-03: 23:16:51:843:408 Initialization OK
8-03: 23:17:04:359:ed8 Dropping incoming packet. Pkt Size too small
8-03: 23:17:04:359:ed8 Dropping incoming packet. Pkt Size too small
8-03: 23:17:04:359:ed8 Dropping incoming packet. Pkt Size too small
8-03: 23:17:08:515:3bc QM PolicyName: L2TP Require Encryption Quick Mode
Policy dwFlags 0
8-03: 23:17:08:515:3bc QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[0] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
8-03: 23:17:08:515:3bc QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[1] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
8-03: 23:17:08:515:3bc QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[2] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: AH Algo: SHA
8-03: 23:17:08:515:3bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
8-03: 23:17:08:515:3bc QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[3] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: AH Algo: MD5
8-03: 23:17:08:515:3bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
8-03: 23:17:08:515:3bc QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[4] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: AH Algo: SHA
8-03: 23:17:08:515:3bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
8-03: 23:17:08:515:3bc QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[5] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: AH Algo: MD5
8-03: 23:17:08:515:3bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
8-03: 23:17:08:515:3bc QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[6] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
8-03: 23:17:08:515:3bc QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[7] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
8-03: 23:17:08:515:3bc QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[8] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: AH Algo: SHA
8-03: 23:17:08:515:3bc Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
8-03: 23:17:08:515:3bc QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[9] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: AH Algo: MD5
8-03: 23:17:08:515:3bc Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
8-03: 23:17:08:515:3bc QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[10] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: AH Algo: SHA
8-03: 23:17:08:515:3bc Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
8-03: 23:17:08:515:3bc QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:3bc QMOffer[11] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:3bc Algo[0] Operation: AH Algo: MD5
8-03: 23:17:08:515:3bc Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
8-03: 23:17:08:515:3bc Internal Acquire: op=00000001 src=192.168.1.22.1701
dst=111.111.111.111.1701 proto = 17, SrcMask=255.255.255.255,
DstMask=255.255.255.255, Tunnel 0, TunnelEndpt=0.0.0.0 Inbound
TunnelEndpt=0.0.0.0, InitiateEvent=000002BC, IKE SrcPort=500 IKE DstPort=500
8-03: 23:17:08:515:8c0 Filter to match: Src 111.111.111.111 Dst
192.168.1.22
8-03: 23:17:08:515:8c0 MM PolicyName: L2TP Main Mode Policy
8-03: 23:17:08:515:8c0 MMPolicy dwFlags 8 SoftSAExpireTime 28800
8-03: 23:17:08:515:8c0 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup
268435457
8-03: 23:17:08:515:8c0 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
8-03: 23:17:08:515:8c0 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
8-03: 23:17:08:515:8c0 MMOffer[1] Encrypt: Triple DES CBC Hash: SHA
8-03: 23:17:08:515:8c0 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 2
8-03: 23:17:08:515:8c0 MMOffer[2] Encrypt: Triple DES CBC Hash: MD5
8-03: 23:17:08:515:8c0 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
8-03: 23:17:08:515:8c0 MMOffer[3] Encrypt: DES CBC Hash: SHA
8-03: 23:17:08:515:8c0 MMOffer[4] LifetimeSec 28800 QMLimit 0 DHGroup 1
8-03: 23:17:08:515:8c0 MMOffer[4] Encrypt: DES CBC Hash: MD5
8-03: 23:17:08:515:8c0 Auth[0]:PresharedKey KeyLen 42
8-03: 23:17:08:515:8c0 QM PolicyName: L2TP Require Encryption Quick Mode
Policy dwFlags 0
8-03: 23:17:08:515:8c0 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[0] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
8-03: 23:17:08:515:8c0 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[1] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
8-03: 23:17:08:515:8c0 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[2] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: AH Algo: SHA
8-03: 23:17:08:515:8c0 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
8-03: 23:17:08:515:8c0 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[3] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: AH Algo: MD5
8-03: 23:17:08:515:8c0 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
8-03: 23:17:08:515:8c0 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[4] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: AH Algo: SHA
8-03: 23:17:08:515:8c0 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
8-03: 23:17:08:515:8c0 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[5] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: AH Algo: MD5
8-03: 23:17:08:515:8c0 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
8-03: 23:17:08:515:8c0 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[6] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
8-03: 23:17:08:515:8c0 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[7] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
8-03: 23:17:08:515:8c0 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[8] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: AH Algo: SHA
8-03: 23:17:08:515:8c0 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
8-03: 23:17:08:515:8c0 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[9] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: AH Algo: MD5
8-03: 23:17:08:515:8c0 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
8-03: 23:17:08:515:8c0 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[10] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: AH Algo: SHA
8-03: 23:17:08:515:8c0 Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
8-03: 23:17:08:515:8c0 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:08:515:8c0 QMOffer[11] dwFlags 0 dwPFSGroup 0
8-03: 23:17:08:515:8c0 Algo[0] Operation: AH Algo: MD5
8-03: 23:17:08:515:8c0 Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
8-03: 23:17:08:515:8c0 Starting Negotiation: src = 192.168.1.22.0500, dst =
111.111.111.111.0500, proto = 17, context = 00000000, ProxySrc =
192.168.1.22.1701, ProxyDst = 111.111.111.111.1701 SrcMask = 0.0.0.0 DstMask
= 0.0.0.0
8-03: 23:17:08:515:8c0 constructing ISAKMP Header
8-03: 23:17:08:515:8c0 constructing SA (ISAKMP)
8-03: 23:17:08:515:8c0 Constructing Vendor MS NT5 ISAKMPOAKLEY
8-03: 23:17:08:515:8c0 Constructing Vendor FRAGMENTATION
8-03: 23:17:08:515:8c0 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
8-03: 23:17:08:515:8c0 Constructing Vendor Vid-Initial-Contact
8-03: 23:17:08:515:8c0
8-03: 23:17:08:515:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
2.500
8-03: 23:17:08:515:8c0 ISAKMP Header: (V1.0), len = 312
8-03: 23:17:08:515:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:08:515:8c0 R-COOKIE 0000000000000000
8-03: 23:17:08:515:8c0 exchange: Oakley Main Mode
8-03: 23:17:08:515:8c0 flags: 0
8-03: 23:17:08:515:8c0 next payload: SA
8-03: 23:17:08:515:8c0 message ID: 00000000
8-03: 23:17:08:515:8c0 Ports S:f401 D:f401
8-03: 23:17:08:515:8c0 Activating InitiateEvent 000002BC
8-03: 23:17:08:765:8c0
8-03: 23:17:08:765:8c0 Receive: (get) SA = 0x0011e920 from
111.111.111.111.500
8-03: 23:17:08:765:8c0 ISAKMP Header: (V1.0), len = 140
8-03: 23:17:08:765:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:08:765:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:08:765:8c0 exchange: Oakley Main Mode
8-03: 23:17:08:765:8c0 flags: 0
8-03: 23:17:08:765:8c0 next payload: SA
8-03: 23:17:08:765:8c0 message ID: 00000000
8-03: 23:17:08:765:8c0 processing payload SA
8-03: 23:17:08:765:8c0 Received Phase 1 Transform 1
8-03: 23:17:08:765:8c0 Encryption Alg Triple DES CBC(5)
8-03: 23:17:08:765:8c0 Hash Alg SHA(2)
8-03: 23:17:08:765:8c0 Oakley Group 14
8-03: 23:17:08:765:8c0 Auth Method Preshared Key(1)
8-03: 23:17:08:765:8c0 Life type in Seconds
8-03: 23:17:08:765:8c0 Life duration of 28800
8-03: 23:17:08:765:8c0 Phase 1 SA accepted: transform=1
8-03: 23:17:08:765:8c0 SA - Oakley proposal accepted
8-03: 23:17:08:765:8c0 processing payload VENDOR ID
8-03: 23:17:08:765:8c0 processing payload VENDOR ID
8-03: 23:17:08:765:8c0 processing payload VENDOR ID
8-03: 23:17:08:765:8c0 Received VendorId draft-ietf-ipsec-nat-t-ike-02
8-03: 23:17:08:765:8c0 ClearFragList
8-03: 23:17:08:765:8c0 constructing ISAKMP Header
8-03: 23:17:09:31:8c0 constructing KE
8-03: 23:17:09:31:8c0 constructing NONCE (ISAKMP)
8-03: 23:17:09:31:8c0 Constructing NatDisc
8-03: 23:17:09:31:8c0
8-03: 23:17:09:31:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
2.500
8-03: 23:17:09:31:8c0 ISAKMP Header: (V1.0), len = 360
8-03: 23:17:09:31:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:09:31:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:09:31:8c0 exchange: Oakley Main Mode
8-03: 23:17:09:31:8c0 flags: 0
8-03: 23:17:09:31:8c0 next payload: KE
8-03: 23:17:09:31:8c0 message ID: 00000000
8-03: 23:17:09:31:8c0 Ports S:f401 D:f401
8-03: 23:17:09:359:8c0
8-03: 23:17:09:359:8c0 Receive: (get) SA = 0x0011e920 from
111.111.111.111.500
8-03: 23:17:09:359:8c0 ISAKMP Header: (V1.0), len = 356
8-03: 23:17:09:359:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:09:359:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:09:359:8c0 exchange: Oakley Main Mode
8-03: 23:17:09:359:8c0 flags: 0
8-03: 23:17:09:359:8c0 next payload: KE
8-03: 23:17:09:359:8c0 message ID: 00000000
8-03: 23:17:09:359:8c0 processing payload KE
8-03: 23:17:09:406:8c0 processing payload NONCE
8-03: 23:17:09:406:8c0 processing payload NATDISC
8-03: 23:17:09:406:8c0 Processing NatHash
8-03: 23:17:09:406:8c0 Nat hash 01624b9f0bda85927822ebee758005e3
8-03: 23:17:09:406:8c0 0eaafccc
8-03: 23:17:09:406:8c0 SA StateMask2 1e
8-03: 23:17:09:406:8c0 processing payload NATDISC
8-03: 23:17:09:406:8c0 Processing NatHash
8-03: 23:17:09:406:8c0 Nat hash 224d9c53ad1ea3cd185a2eddd24c97fb
8-03: 23:17:09:406:8c0 09dffdb1
8-03: 23:17:09:406:8c0 SA StateMask2 5e
8-03: 23:17:09:406:8c0 ClearFragList
8-03: 23:17:09:406:8c0 Peer behind NAT
8-03: 23:17:09:406:8c0 Floated Ports Orig Me:f401 Peer:f401
8-03: 23:17:09:406:8c0 Floated Ports Me:9411 Peer:9411
8-03: 23:17:09:406:8c0 constructing ISAKMP Header
8-03: 23:17:09:406:8c0 constructing ID
8-03: 23:17:09:406:8c0 MM ID Type 2
8-03: 23:17:09:406:8c0 MM ID 4c41564945443631302e6368646f6d61
8-03: 23:17:09:406:8c0 696e2e6361726565726861726d6f6e79
8-03: 23:17:09:406:8c0 2e636f6d
8-03: 23:17:09:406:8c0 constructing HASH
8-03: 23:17:09:406:8c0
8-03: 23:17:09:406:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
2.4500
8-03: 23:17:09:406:8c0 ISAKMP Header: (V1.0), len = 100
8-03: 23:17:09:406:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:09:406:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:09:406:8c0 exchange: Oakley Main Mode
8-03: 23:17:09:406:8c0 flags: 1 ( encrypted )
8-03: 23:17:09:406:8c0 next payload: ID
8-03: 23:17:09:406:8c0 message ID: 00000000
8-03: 23:17:09:406:8c0 Ports S:9411 D:9411
8-03: 23:17:09:656:8c0
8-03: 23:17:09:656:8c0 Receive: (get) SA = 0x0011e920 from
111.111.111.111.4500
8-03: 23:17:09:656:8c0 ISAKMP Header: (V1.0), len = 68
8-03: 23:17:09:656:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:09:656:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:09:656:8c0 exchange: Oakley Main Mode
8-03: 23:17:09:656:8c0 flags: 1 ( encrypted )
8-03: 23:17:09:656:8c0 next payload: ID
8-03: 23:17:09:656:8c0 message ID: 00000000
8-03: 23:17:09:656:8c0 processing payload ID
8-03: 23:17:09:656:8c0 processing payload HASH
8-03: 23:17:09:656:8c0 AUTH: Phase I authentication accepted
8-03: 23:17:09:656:8c0 ClearFragList
8-03: 23:17:09:656:8c0 MM established. SA: 0011E920
8-03: 23:17:09:656:8c0 QM PolicyName: L2TP Require Encryption Quick Mode
Policy dwFlags 0
8-03: 23:17:09:656:8c0 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:09:656:8c0 QMOffer[0] dwFlags 0 dwPFSGroup 0
8-03: 23:17:09:656:8c0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
8-03: 23:17:09:656:8c0 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:09:656:8c0 QMOffer[1] dwFlags 0 dwPFSGroup 0
8-03: 23:17:09:656:8c0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
8-03: 23:17:09:656:8c0 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:09:656:8c0 QMOffer[2] dwFlags 0 dwPFSGroup 0
8-03: 23:17:09:656:8c0 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
8-03: 23:17:09:656:8c0 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
8-03: 23:17:09:656:8c0 QMOffer[3] dwFlags 0 dwPFSGroup 0
8-03: 23:17:09:656:8c0 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
8-03: 23:17:09:656:8c0 GetSpi: src = 111.111.111.111.1701, dst =
192.168.1.22.1701, proto = 17, context = 00000000, srcMask =
255.255.255.255, destMask = 255.255.255.255, TunnelFilter 0
8-03: 23:17:09:656:8c0 Setting SPI 2662854523
8-03: 23:17:09:656:8c0 constructing ISAKMP Header
8-03: 23:17:09:656:8c0 constructing HASH (null)
8-03: 23:17:09:656:8c0 constructing SA (IPSEC)
8-03: 23:17:09:656:8c0 constructing NONCE (IPSEC)
8-03: 23:17:09:656:8c0 constructing ID (proxy)
8-03: 23:17:09:656:8c0 FQDN ID 4c41564945443631302e6368646f6d61
8-03: 23:17:09:656:8c0 696e2e6361726565726861726d6f6e79
8-03: 23:17:09:656:8c0 2e636f6d
8-03: 23:17:09:656:8c0 constructing ID (proxy)
8-03: 23:17:09:656:8c0 Construct NATOA
8-03: 23:17:09:656:8c0 constructing HASH (QM)
8-03: 23:17:09:656:8c0
8-03: 23:17:09:656:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
2.4500
8-03: 23:17:09:656:8c0 ISAKMP Header: (V1.0), len = 332
8-03: 23:17:09:656:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:09:656:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:09:656:8c0 exchange: Oakley Quick Mode
8-03: 23:17:09:656:8c0 flags: 1 ( encrypted )
8-03: 23:17:09:656:8c0 next payload: HASH
8-03: 23:17:09:656:8c0 message ID: 8d2d8755
8-03: 23:17:09:656:8c0 Ports S:9411 D:9411
8-03: 23:17:09:906:8c0
8-03: 23:17:09:906:8c0 Receive: (get) SA = 0x0011e920 from
111.111.111.111.4500
8-03: 23:17:09:906:8c0 ISAKMP Header: (V1.0), len = 196
8-03: 23:17:09:906:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:09:906:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:09:906:8c0 exchange: Oakley Quick Mode
8-03: 23:17:09:906:8c0 flags: 1 ( encrypted )
8-03: 23:17:09:906:8c0 next payload: HASH
8-03: 23:17:09:906:8c0 message ID: 8d2d8755
8-03: 23:17:09:906:8c0 processing HASH (QM)
8-03: 23:17:09:906:8c0 ClearFragList
8-03: 23:17:09:906:8c0 processing payload NONCE
8-03: 23:17:09:906:8c0 processing payload ID
8-03: 23:17:09:906:8c0 processing payload ID
8-03: 23:17:09:906:8c0 processing payload SA
8-03: 23:17:09:906:8c0 Negotiated Proxy ID: Src 192.168.1.22.1701 Dst
111.111.111.111.1701
8-03: 23:17:09:906:8c0 Checking Proposal 1: Proto= ESP(3), num trans=1
Next=0
8-03: 23:17:09:906:8c0 Checking Transform # 1: ID=Triple DES CBC(3)
8-03: 23:17:09:906:8c0 SA life type in seconds
8-03: 23:17:09:906:8c0 SA life duration 00000e10
8-03: 23:17:09:906:8c0 SA life type in kilobytes
8-03: 23:17:09:906:8c0 SA life duration 0003d090
8-03: 23:17:09:906:8c0 tunnel mode is 61444(61444)
8-03: 23:17:09:906:8c0 HMAC algorithm is MD5(1)
8-03: 23:17:09:906:8c0 Phase 2 SA accepted: proposal=1 transform=1
8-03: 23:17:09:906:8c0 constructing ISAKMP Header
8-03: 23:17:09:906:8c0 constructing HASH (QM)
8-03: 23:17:09:906:8c0 Adding QMs: src = 192.168.1.22.1701, dst =
111.111.111.111.1701, proto = 17, context = 0000000A, my tunnel = 0.0.0.0,
peer tunnel = 0.0.0.0, SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600
LifetimeKBytes 250000 dwFlags 380 Direction 2 EncapType 3
8-03: 23:17:09:921:8c0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
8-03: 23:17:09:921:8c0 Algo[0] MySpi: 2662854523 PeerSpi: 2671731549
8-03: 23:17:09:921:8c0 Encap Ports Src 4500 Dst 4500
8-03: 23:17:09:921:8c0 Skipping Outbound SA add
8-03: 23:17:09:921:8c0 Adding QMs: src = 192.168.1.22.1701, dst =
111.111.111.111.1701, proto = 17, context = 0000000A, my tunnel = 0.0.0.0,
peer tunnel = 0.0.0.0, SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600
LifetimeKBytes 250000 dwFlags 380 Direction 3 EncapType 3
8-03: 23:17:09:921:8c0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
8-03: 23:17:09:921:8c0 Algo[0] MySpi: 2662854523 PeerSpi: 2671731549
8-03: 23:17:09:921:8c0 Encap Ports Src 4500 Dst 4500
8-03: 23:17:09:921:8c0 Skipping Inbound SA add
8-03: 23:17:09:921:8c0 Leaving adjust_peer_list entry 0011C678 MMCount 0
QMCount 1
8-03: 23:17:09:921:8c0 isadb_set_status sa:0011E920 centry:0011C420 status
0
8-03: 23:17:09:921:8c0 isadb_set_status InitiateEvent 000002BC: Setting
Status 0
8-03: 23:17:09:921:8c0 Clearing centry 0011C420 InitiateEvent 000002BC
8-03: 23:17:09:921:8c0
8-03: 23:17:09:921:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
4.4500
8-03: 23:17:09:921:8c0 ISAKMP Header: (V1.0), len = 52
8-03: 23:17:09:921:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:09:921:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:09:921:8c0 exchange: Oakley Quick Mode
8-03: 23:17:09:921:8c0 flags: 1 ( encrypted )
8-03: 23:17:09:921:8c0 next payload: HASH
8-03: 23:17:09:921:8c0 message ID: 8d2d8755
8-03: 23:17:09:921:8c0 Ports S:9411 D:9411
8-03: 23:17:09:921:590 CloseNegHandle 000002BC
8-03: 23:17:09:921:590 SE cookie cb52bf6e60974bee
8-03: 23:17:19:906:8c0
8-03: 23:17:19:906:8c0 Receive: (get) SA = 0x0011e920 from
111.111.111.111.4500
8-03: 23:17:19:906:8c0 ISAKMP Header: (V1.0), len = 196
8-03: 23:17:19:906:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:19:906:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:19:906:8c0 exchange: Oakley Quick Mode
8-03: 23:17:19:906:8c0 flags: 1 ( encrypted )
8-03: 23:17:19:906:8c0 next payload: HASH
8-03: 23:17:19:906:8c0 message ID: 8d2d8755
8-03: 23:17:19:906:8c0 invalid payload received
8-03: 23:17:19:906:8c0 Resending last payload
8-03: 23:17:19:906:8c0
8-03: 23:17:19:906:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
4.4500
8-03: 23:17:19:906:8c0 ISAKMP Header: (V1.0), len = 52
8-03: 23:17:19:906:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:19:906:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:19:906:8c0 exchange: Oakley Quick Mode
8-03: 23:17:19:906:8c0 flags: 1 ( encrypted )
8-03: 23:17:19:906:8c0 next payload: HASH
8-03: 23:17:19:906:8c0 message ID: 8d2d8755
8-03: 23:17:19:906:8c0 Ports S:9411 D:9411
8-03: 23:17:19:906:8c0 GetPacket failed 3613
8-03: 23:17:44:921:8c0 QM Deleted. Notify from driver: Src 192.168.1.22
Dest 111.111.111.111 InSPI 2662854523 OutSpi 2671731549 Tunnel 0
TunnelFilter 0
8-03: 23:17:44:921:8c0 Leaving adjust_peer_list entry 0011C678 MMCount 0
QMCount 0
8-03: 23:17:44:921:8c0 constructing ISAKMP Header
8-03: 23:17:44:921:8c0 constructing HASH (null)
8-03: 23:17:44:921:8c0 Construct QM Delete Spi 2662854523
8-03: 23:17:44:921:8c0 constructing HASH (Notify/Delete)
8-03: 23:17:44:921:8c0 Not setting retransmit to downlevel client. SA
0011E920 Centry 00000000
8-03: 23:17:44:921:8c0
8-03: 23:17:44:921:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
1.4500
8-03: 23:17:44:921:8c0 ISAKMP Header: (V1.0), len = 68
8-03: 23:17:44:921:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:44:921:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:44:921:8c0 exchange: ISAKMP Informational Exchange
8-03: 23:17:44:921:8c0 flags: 1 ( encrypted )
8-03: 23:17:44:921:8c0 next payload: HASH
8-03: 23:17:44:921:8c0 message ID: 714e4f75
8-03: 23:17:44:921:8c0 Ports S:9411 D:9411
8-03: 23:17:44:921:8c0 PrivatePeerAddr 0
8-03: 23:17:44:921:3bc isadb_schedule_kill_oldPolicy_sas:
536625eb-556f-447b-8db627579e8049d9 4
8-03: 23:17:44:921:b74 isadb_schedule_kill_oldPolicy_sas:
64fd5aed-2f16-4b3a-91bd795ecc321b18 3
8-03: 23:17:44:921:590 isadb_schedule_kill_oldPolicy_sas:
e5933d52-4114-4705-bd7c8ce1d6d56689 2
8-03: 23:17:44:921:3bc isadb_schedule_kill_oldPolicy_sas:
e6b22766-24f4-4290-afa62e7fe7250cb2 1
8-03: 23:17:44:937:8c0 entered kill_old_policy_sas 4
8-03: 23:17:44:937:8c0 SA Dead. sa:0011E920 status:3619
8-03: 23:17:44:937:8c0 isadb_set_status sa:0011E920 centry:00000000 status
3619
8-03: 23:17:44:937:8c0 constructing ISAKMP Header
8-03: 23:17:44:937:8c0 constructing HASH (null)
8-03: 23:17:44:937:8c0 constructing DELETE. MM 0011E920
8-03: 23:17:44:937:8c0 constructing HASH (Notify/Delete)
8-03: 23:17:44:937:8c0 Not setting retransmit to downlevel client. SA
0011E920 Centry 00000000
8-03: 23:17:44:937:8c0
8-03: 23:17:44:937:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
1.4500
8-03: 23:17:44:937:8c0 ISAKMP Header: (V1.0), len = 84
8-03: 23:17:44:937:8c0 I-COOKIE cb52bf6e60974bee
8-03: 23:17:44:937:8c0 R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:44:937:8c0 exchange: ISAKMP Informational Exchange
8-03: 23:17:44:937:8c0 flags: 1 ( encrypted )
8-03: 23:17:44:937:8c0 next payload: HASH
8-03: 23:17:44:937:8c0 message ID: e5ec4bcb
8-03: 23:17:44:937:8c0 Ports S:9411 D:9411
8-03: 23:17:44:937:8c0 entered kill_old_policy_sas 3
8-03: 23:17:44:937:8c0 entered kill_old_policy_sas 2
8-03: 23:17:44:937:8c0 entered kill_old_policy_sas 1
8-03: 23:17:45:156:14c
8-03: 23:17:45:156:14c Receive: (get) SA = 0x0011e920 from
111.111.111.111.4500
8-03: 23:17:45:156:14c ISAKMP Header: (V1.0), len = 68
8-03: 23:17:45:156:14c I-COOKIE cb52bf6e60974bee
8-03: 23:17:45:156:14c R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:45:156:14c exchange: ISAKMP Informational Exchange
8-03: 23:17:45:156:14c flags: 1 ( encrypted )
8-03: 23:17:45:156:14c next payload: HASH
8-03: 23:17:45:156:14c message ID: dddf6b3a
8-03: 23:17:45:156:14c processing HASH (Notify/Delete)
8-03: 23:17:45:156:14c processing payload DELETE
8-03: 23:17:45:156:14c Asked to delete phase2 SPI we don't own: 2671731549
proto=3
8-03: 23:17:45:265:14c
8-03: 23:17:45:265:14c Receive: (get) SA = 0x0011e920 from
111.111.111.111.4500
8-03: 23:17:45:265:14c ISAKMP Header: (V1.0), len = 84
8-03: 23:17:45:265:14c I-COOKIE cb52bf6e60974bee
8-03: 23:17:45:265:14c R-COOKIE 2b03ae1cc8c9f53e
8-03: 23:17:45:265:14c exchange: ISAKMP Informational Exchange
8-03: 23:17:45:265:14c flags: 1 ( encrypted )
8-03: 23:17:45:265:14c next payload: HASH
8-03: 23:17:45:265:14c message ID: 86ba56cf
8-03: 23:17:45:265:14c processing HASH (Notify/Delete)
8-03: 23:17:45:265:14c processing payload DELETE
==================================================
-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]
Sent: Thursday, August 03, 2006 10:07 PM
To: Meron Lavie
Cc: 'Andy Gay'; users at openswan.org
Subject: RE: [Openswan Users] WinXP Behind Nat to Openswan Server Behind NAT
On Thu, 3 Aug 2006, Meron Lavie wrote:
> I know this isn't a Windows forum, but: could you please tell me where/how
I
> would see this logged on WinXP/SP2?
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-
us/sag_ipsec_tools.mspx
Look at how to enable te OAKLEY.LOG
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list