[Openswan Users] WinXP Behind Nat to Openswan Server Behind NAT

Meron Lavie lavie at netvision.net.il
Thu Aug 3 18:24:04 EDT 2006


Here is my client-side log. 111.111.111.111 is my server's external internet
address before natting. 192.168.1.22 is my client's NATed address:

==================================================
8-03: 23:16:51:843:408 Initialization OK
 8-03: 23:17:04:359:ed8 Dropping incoming packet. Pkt Size too small
 8-03: 23:17:04:359:ed8 Dropping incoming packet. Pkt Size too small
 8-03: 23:17:04:359:ed8 Dropping incoming packet. Pkt Size too small
 8-03: 23:17:08:515:3bc QM PolicyName: L2TP Require Encryption Quick Mode
Policy dwFlags 0
 8-03: 23:17:08:515:3bc QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[0] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
 8-03: 23:17:08:515:3bc QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[1] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
 8-03: 23:17:08:515:3bc QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[2] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: AH Algo: SHA
 8-03: 23:17:08:515:3bc  Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
 8-03: 23:17:08:515:3bc QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[3] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: AH Algo: MD5
 8-03: 23:17:08:515:3bc  Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
 8-03: 23:17:08:515:3bc QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[4] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: AH Algo: SHA
 8-03: 23:17:08:515:3bc  Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
 8-03: 23:17:08:515:3bc QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[5] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: AH Algo: MD5
 8-03: 23:17:08:515:3bc  Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
 8-03: 23:17:08:515:3bc QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[6] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
 8-03: 23:17:08:515:3bc QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[7] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
 8-03: 23:17:08:515:3bc QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[8] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: AH Algo: SHA
 8-03: 23:17:08:515:3bc  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
 8-03: 23:17:08:515:3bc QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[9] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: AH Algo: MD5
 8-03: 23:17:08:515:3bc  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
 8-03: 23:17:08:515:3bc QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[10] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: AH Algo: SHA
 8-03: 23:17:08:515:3bc  Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
 8-03: 23:17:08:515:3bc QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:3bc QMOffer[11] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:3bc  Algo[0] Operation: AH Algo: MD5
 8-03: 23:17:08:515:3bc  Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
 8-03: 23:17:08:515:3bc Internal Acquire: op=00000001 src=192.168.1.22.1701
dst=111.111.111.111.1701 proto = 17, SrcMask=255.255.255.255,
DstMask=255.255.255.255, Tunnel 0, TunnelEndpt=0.0.0.0 Inbound
TunnelEndpt=0.0.0.0, InitiateEvent=000002BC, IKE SrcPort=500 IKE DstPort=500
 8-03: 23:17:08:515:8c0 Filter to match: Src 111.111.111.111 Dst
192.168.1.22
 8-03: 23:17:08:515:8c0 MM PolicyName: L2TP Main Mode Policy
 8-03: 23:17:08:515:8c0 MMPolicy dwFlags 8 SoftSAExpireTime 28800
 8-03: 23:17:08:515:8c0 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup
268435457
 8-03: 23:17:08:515:8c0 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
 8-03: 23:17:08:515:8c0 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
 8-03: 23:17:08:515:8c0 MMOffer[1] Encrypt: Triple DES CBC Hash: SHA
 8-03: 23:17:08:515:8c0 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 2
 8-03: 23:17:08:515:8c0 MMOffer[2] Encrypt: Triple DES CBC Hash: MD5
 8-03: 23:17:08:515:8c0 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
 8-03: 23:17:08:515:8c0 MMOffer[3] Encrypt: DES CBC Hash: SHA
 8-03: 23:17:08:515:8c0 MMOffer[4] LifetimeSec 28800 QMLimit 0 DHGroup 1
 8-03: 23:17:08:515:8c0 MMOffer[4] Encrypt: DES CBC Hash: MD5
 8-03: 23:17:08:515:8c0 Auth[0]:PresharedKey KeyLen 42
 8-03: 23:17:08:515:8c0 QM PolicyName: L2TP Require Encryption Quick Mode
Policy dwFlags 0
 8-03: 23:17:08:515:8c0 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[0] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
 8-03: 23:17:08:515:8c0 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[1] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
 8-03: 23:17:08:515:8c0 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[2] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: AH Algo: SHA
 8-03: 23:17:08:515:8c0  Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
 8-03: 23:17:08:515:8c0 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[3] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: AH Algo: MD5
 8-03: 23:17:08:515:8c0  Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
 8-03: 23:17:08:515:8c0 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[4] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: AH Algo: SHA
 8-03: 23:17:08:515:8c0  Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
 8-03: 23:17:08:515:8c0 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[5] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: AH Algo: MD5
 8-03: 23:17:08:515:8c0  Algo[1] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
 8-03: 23:17:08:515:8c0 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[6] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
 8-03: 23:17:08:515:8c0 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[7] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
 8-03: 23:17:08:515:8c0 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[8] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: AH Algo: SHA
 8-03: 23:17:08:515:8c0  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
 8-03: 23:17:08:515:8c0 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[9] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: AH Algo: MD5
 8-03: 23:17:08:515:8c0  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
 8-03: 23:17:08:515:8c0 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[10] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: AH Algo: SHA
 8-03: 23:17:08:515:8c0  Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
 8-03: 23:17:08:515:8c0 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:08:515:8c0 QMOffer[11] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:08:515:8c0  Algo[0] Operation: AH Algo: MD5
 8-03: 23:17:08:515:8c0  Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
 8-03: 23:17:08:515:8c0 Starting Negotiation: src = 192.168.1.22.0500, dst =
111.111.111.111.0500, proto = 17, context = 00000000, ProxySrc =
192.168.1.22.1701, ProxyDst = 111.111.111.111.1701 SrcMask = 0.0.0.0 DstMask
= 0.0.0.0
 8-03: 23:17:08:515:8c0 constructing ISAKMP Header
 8-03: 23:17:08:515:8c0 constructing SA (ISAKMP)
 8-03: 23:17:08:515:8c0 Constructing Vendor MS NT5 ISAKMPOAKLEY
 8-03: 23:17:08:515:8c0 Constructing Vendor FRAGMENTATION
 8-03: 23:17:08:515:8c0 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
 8-03: 23:17:08:515:8c0 Constructing Vendor Vid-Initial-Contact
 8-03: 23:17:08:515:8c0 
 8-03: 23:17:08:515:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
2.500
 8-03: 23:17:08:515:8c0 ISAKMP Header: (V1.0), len = 312
 8-03: 23:17:08:515:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:08:515:8c0   R-COOKIE 0000000000000000
 8-03: 23:17:08:515:8c0   exchange: Oakley Main Mode
 8-03: 23:17:08:515:8c0   flags: 0
 8-03: 23:17:08:515:8c0   next payload: SA
 8-03: 23:17:08:515:8c0   message ID: 00000000
 8-03: 23:17:08:515:8c0 Ports S:f401 D:f401
 8-03: 23:17:08:515:8c0 Activating InitiateEvent 000002BC
 8-03: 23:17:08:765:8c0 
 8-03: 23:17:08:765:8c0 Receive: (get) SA = 0x0011e920 from
111.111.111.111.500
 8-03: 23:17:08:765:8c0 ISAKMP Header: (V1.0), len = 140
 8-03: 23:17:08:765:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:08:765:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:08:765:8c0   exchange: Oakley Main Mode
 8-03: 23:17:08:765:8c0   flags: 0
 8-03: 23:17:08:765:8c0   next payload: SA
 8-03: 23:17:08:765:8c0   message ID: 00000000
 8-03: 23:17:08:765:8c0 processing payload SA
 8-03: 23:17:08:765:8c0 Received Phase 1 Transform 1
 8-03: 23:17:08:765:8c0      Encryption Alg Triple DES CBC(5)
 8-03: 23:17:08:765:8c0      Hash Alg SHA(2)
 8-03: 23:17:08:765:8c0      Oakley Group 14
 8-03: 23:17:08:765:8c0      Auth Method Preshared Key(1)
 8-03: 23:17:08:765:8c0      Life type in Seconds
 8-03: 23:17:08:765:8c0      Life duration of 28800
 8-03: 23:17:08:765:8c0 Phase 1 SA accepted: transform=1
 8-03: 23:17:08:765:8c0 SA - Oakley proposal accepted
 8-03: 23:17:08:765:8c0 processing payload VENDOR ID
 8-03: 23:17:08:765:8c0 processing payload VENDOR ID
 8-03: 23:17:08:765:8c0 processing payload VENDOR ID
 8-03: 23:17:08:765:8c0 Received VendorId draft-ietf-ipsec-nat-t-ike-02
 8-03: 23:17:08:765:8c0 ClearFragList
 8-03: 23:17:08:765:8c0 constructing ISAKMP Header
 8-03: 23:17:09:31:8c0 constructing KE
 8-03: 23:17:09:31:8c0 constructing NONCE (ISAKMP)
 8-03: 23:17:09:31:8c0 Constructing NatDisc
 8-03: 23:17:09:31:8c0 
 8-03: 23:17:09:31:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
2.500
 8-03: 23:17:09:31:8c0 ISAKMP Header: (V1.0), len = 360
 8-03: 23:17:09:31:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:09:31:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:09:31:8c0   exchange: Oakley Main Mode
 8-03: 23:17:09:31:8c0   flags: 0
 8-03: 23:17:09:31:8c0   next payload: KE
 8-03: 23:17:09:31:8c0   message ID: 00000000
 8-03: 23:17:09:31:8c0 Ports S:f401 D:f401
 8-03: 23:17:09:359:8c0 
 8-03: 23:17:09:359:8c0 Receive: (get) SA = 0x0011e920 from
111.111.111.111.500
 8-03: 23:17:09:359:8c0 ISAKMP Header: (V1.0), len = 356
 8-03: 23:17:09:359:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:09:359:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:09:359:8c0   exchange: Oakley Main Mode
 8-03: 23:17:09:359:8c0   flags: 0
 8-03: 23:17:09:359:8c0   next payload: KE
 8-03: 23:17:09:359:8c0   message ID: 00000000
 8-03: 23:17:09:359:8c0 processing payload KE
 8-03: 23:17:09:406:8c0 processing payload NONCE
 8-03: 23:17:09:406:8c0 processing payload NATDISC
 8-03: 23:17:09:406:8c0 Processing NatHash
 8-03: 23:17:09:406:8c0 Nat hash 01624b9f0bda85927822ebee758005e3
 8-03: 23:17:09:406:8c0 0eaafccc
 8-03: 23:17:09:406:8c0 SA StateMask2 1e
 8-03: 23:17:09:406:8c0 processing payload NATDISC
 8-03: 23:17:09:406:8c0 Processing NatHash
 8-03: 23:17:09:406:8c0 Nat hash 224d9c53ad1ea3cd185a2eddd24c97fb
 8-03: 23:17:09:406:8c0 09dffdb1
 8-03: 23:17:09:406:8c0 SA StateMask2 5e
 8-03: 23:17:09:406:8c0 ClearFragList
 8-03: 23:17:09:406:8c0 Peer behind NAT
 8-03: 23:17:09:406:8c0 Floated Ports Orig Me:f401 Peer:f401
 8-03: 23:17:09:406:8c0 Floated Ports Me:9411 Peer:9411
 8-03: 23:17:09:406:8c0 constructing ISAKMP Header
 8-03: 23:17:09:406:8c0 constructing ID
 8-03: 23:17:09:406:8c0 MM ID Type 2
 8-03: 23:17:09:406:8c0 MM ID 4c41564945443631302e6368646f6d61
 8-03: 23:17:09:406:8c0 696e2e6361726565726861726d6f6e79
 8-03: 23:17:09:406:8c0 2e636f6d
 8-03: 23:17:09:406:8c0 constructing HASH
 8-03: 23:17:09:406:8c0 
 8-03: 23:17:09:406:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
2.4500
 8-03: 23:17:09:406:8c0 ISAKMP Header: (V1.0), len = 100
 8-03: 23:17:09:406:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:09:406:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:09:406:8c0   exchange: Oakley Main Mode
 8-03: 23:17:09:406:8c0   flags: 1 ( encrypted )
 8-03: 23:17:09:406:8c0   next payload: ID
 8-03: 23:17:09:406:8c0   message ID: 00000000
 8-03: 23:17:09:406:8c0 Ports S:9411 D:9411
 8-03: 23:17:09:656:8c0 
 8-03: 23:17:09:656:8c0 Receive: (get) SA = 0x0011e920 from
111.111.111.111.4500
 8-03: 23:17:09:656:8c0 ISAKMP Header: (V1.0), len = 68
 8-03: 23:17:09:656:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:09:656:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:09:656:8c0   exchange: Oakley Main Mode
 8-03: 23:17:09:656:8c0   flags: 1 ( encrypted )
 8-03: 23:17:09:656:8c0   next payload: ID
 8-03: 23:17:09:656:8c0   message ID: 00000000
 8-03: 23:17:09:656:8c0 processing payload ID
 8-03: 23:17:09:656:8c0 processing payload HASH
 8-03: 23:17:09:656:8c0 AUTH: Phase I authentication accepted
 8-03: 23:17:09:656:8c0 ClearFragList
 8-03: 23:17:09:656:8c0 MM established.  SA: 0011E920
 8-03: 23:17:09:656:8c0 QM PolicyName: L2TP Require Encryption Quick Mode
Policy dwFlags 0
 8-03: 23:17:09:656:8c0 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:09:656:8c0 QMOffer[0] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:09:656:8c0  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
 8-03: 23:17:09:656:8c0 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:09:656:8c0 QMOffer[1] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:09:656:8c0  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
 8-03: 23:17:09:656:8c0 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:09:656:8c0 QMOffer[2] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:09:656:8c0  Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
 8-03: 23:17:09:656:8c0 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
 8-03: 23:17:09:656:8c0 QMOffer[3] dwFlags 0 dwPFSGroup 0
 8-03: 23:17:09:656:8c0  Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
 8-03: 23:17:09:656:8c0 GetSpi: src = 111.111.111.111.1701, dst =
192.168.1.22.1701, proto = 17, context = 00000000, srcMask =
255.255.255.255, destMask = 255.255.255.255, TunnelFilter 0
 8-03: 23:17:09:656:8c0 Setting SPI  2662854523
 8-03: 23:17:09:656:8c0 constructing ISAKMP Header
 8-03: 23:17:09:656:8c0 constructing HASH (null)
 8-03: 23:17:09:656:8c0 constructing SA (IPSEC)
 8-03: 23:17:09:656:8c0 constructing NONCE (IPSEC)
 8-03: 23:17:09:656:8c0 constructing ID (proxy)
 8-03: 23:17:09:656:8c0 FQDN ID 4c41564945443631302e6368646f6d61
 8-03: 23:17:09:656:8c0 696e2e6361726565726861726d6f6e79
 8-03: 23:17:09:656:8c0 2e636f6d
 8-03: 23:17:09:656:8c0 constructing ID (proxy)
 8-03: 23:17:09:656:8c0 Construct NATOA
 8-03: 23:17:09:656:8c0 constructing HASH (QM)
 8-03: 23:17:09:656:8c0 
 8-03: 23:17:09:656:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
2.4500
 8-03: 23:17:09:656:8c0 ISAKMP Header: (V1.0), len = 332
 8-03: 23:17:09:656:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:09:656:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:09:656:8c0   exchange: Oakley Quick Mode
 8-03: 23:17:09:656:8c0   flags: 1 ( encrypted )
 8-03: 23:17:09:656:8c0   next payload: HASH
 8-03: 23:17:09:656:8c0   message ID: 8d2d8755
 8-03: 23:17:09:656:8c0 Ports S:9411 D:9411
 8-03: 23:17:09:906:8c0 
 8-03: 23:17:09:906:8c0 Receive: (get) SA = 0x0011e920 from
111.111.111.111.4500
 8-03: 23:17:09:906:8c0 ISAKMP Header: (V1.0), len = 196
 8-03: 23:17:09:906:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:09:906:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:09:906:8c0   exchange: Oakley Quick Mode
 8-03: 23:17:09:906:8c0   flags: 1 ( encrypted )
 8-03: 23:17:09:906:8c0   next payload: HASH
 8-03: 23:17:09:906:8c0   message ID: 8d2d8755
 8-03: 23:17:09:906:8c0 processing HASH (QM)
 8-03: 23:17:09:906:8c0 ClearFragList
 8-03: 23:17:09:906:8c0 processing payload NONCE
 8-03: 23:17:09:906:8c0 processing payload ID
 8-03: 23:17:09:906:8c0 processing payload ID
 8-03: 23:17:09:906:8c0 processing payload SA
 8-03: 23:17:09:906:8c0 Negotiated Proxy ID: Src 192.168.1.22.1701 Dst
111.111.111.111.1701
 8-03: 23:17:09:906:8c0 Checking Proposal 1: Proto= ESP(3), num trans=1
Next=0
 8-03: 23:17:09:906:8c0 Checking Transform # 1: ID=Triple DES CBC(3)
 8-03: 23:17:09:906:8c0  SA life type in seconds
 8-03: 23:17:09:906:8c0   SA life duration 00000e10
 8-03: 23:17:09:906:8c0  SA life type in kilobytes
 8-03: 23:17:09:906:8c0   SA life duration 0003d090
 8-03: 23:17:09:906:8c0  tunnel mode is 61444(61444)
 8-03: 23:17:09:906:8c0  HMAC algorithm is MD5(1)
 8-03: 23:17:09:906:8c0 Phase 2 SA accepted: proposal=1 transform=1
 8-03: 23:17:09:906:8c0 constructing ISAKMP Header
 8-03: 23:17:09:906:8c0 constructing HASH (QM)
 8-03: 23:17:09:906:8c0 Adding QMs: src = 192.168.1.22.1701, dst =
111.111.111.111.1701, proto = 17, context = 0000000A, my tunnel = 0.0.0.0,
peer tunnel = 0.0.0.0, SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600
LifetimeKBytes 250000 dwFlags 380 Direction 2 EncapType 3
 8-03: 23:17:09:921:8c0  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
 8-03: 23:17:09:921:8c0  Algo[0] MySpi: 2662854523 PeerSpi: 2671731549
 8-03: 23:17:09:921:8c0 Encap Ports Src 4500 Dst 4500
 8-03: 23:17:09:921:8c0 Skipping Outbound SA add
 8-03: 23:17:09:921:8c0 Adding QMs: src = 192.168.1.22.1701, dst =
111.111.111.111.1701, proto = 17, context = 0000000A, my tunnel = 0.0.0.0,
peer tunnel = 0.0.0.0, SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600
LifetimeKBytes 250000 dwFlags 380 Direction 3 EncapType 3
 8-03: 23:17:09:921:8c0  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
 8-03: 23:17:09:921:8c0  Algo[0] MySpi: 2662854523 PeerSpi: 2671731549
 8-03: 23:17:09:921:8c0 Encap Ports Src 4500 Dst 4500
 8-03: 23:17:09:921:8c0 Skipping Inbound SA add
 8-03: 23:17:09:921:8c0 Leaving adjust_peer_list entry 0011C678 MMCount 0
QMCount 1
 8-03: 23:17:09:921:8c0 isadb_set_status sa:0011E920 centry:0011C420 status
0
 8-03: 23:17:09:921:8c0 isadb_set_status InitiateEvent 000002BC: Setting
Status 0
 8-03: 23:17:09:921:8c0 Clearing centry 0011C420 InitiateEvent 000002BC
 8-03: 23:17:09:921:8c0 
 8-03: 23:17:09:921:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
4.4500
 8-03: 23:17:09:921:8c0 ISAKMP Header: (V1.0), len = 52
 8-03: 23:17:09:921:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:09:921:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:09:921:8c0   exchange: Oakley Quick Mode
 8-03: 23:17:09:921:8c0   flags: 1 ( encrypted )
 8-03: 23:17:09:921:8c0   next payload: HASH
 8-03: 23:17:09:921:8c0   message ID: 8d2d8755
 8-03: 23:17:09:921:8c0 Ports S:9411 D:9411
 8-03: 23:17:09:921:590 CloseNegHandle 000002BC
 8-03: 23:17:09:921:590 SE cookie cb52bf6e60974bee
 8-03: 23:17:19:906:8c0 
 8-03: 23:17:19:906:8c0 Receive: (get) SA = 0x0011e920 from
111.111.111.111.4500
 8-03: 23:17:19:906:8c0 ISAKMP Header: (V1.0), len = 196
 8-03: 23:17:19:906:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:19:906:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:19:906:8c0   exchange: Oakley Quick Mode
 8-03: 23:17:19:906:8c0   flags: 1 ( encrypted )
 8-03: 23:17:19:906:8c0   next payload: HASH
 8-03: 23:17:19:906:8c0   message ID: 8d2d8755
 8-03: 23:17:19:906:8c0 invalid payload received
 8-03: 23:17:19:906:8c0 Resending last payload
 8-03: 23:17:19:906:8c0 
 8-03: 23:17:19:906:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
4.4500
 8-03: 23:17:19:906:8c0 ISAKMP Header: (V1.0), len = 52
 8-03: 23:17:19:906:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:19:906:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:19:906:8c0   exchange: Oakley Quick Mode
 8-03: 23:17:19:906:8c0   flags: 1 ( encrypted )
 8-03: 23:17:19:906:8c0   next payload: HASH
 8-03: 23:17:19:906:8c0   message ID: 8d2d8755
 8-03: 23:17:19:906:8c0 Ports S:9411 D:9411
 8-03: 23:17:19:906:8c0 GetPacket failed 3613
 8-03: 23:17:44:921:8c0 QM Deleted. Notify from driver: Src 192.168.1.22
Dest 111.111.111.111 InSPI 2662854523 OutSpi 2671731549  Tunnel 0
TunnelFilter 0
 8-03: 23:17:44:921:8c0 Leaving adjust_peer_list entry 0011C678 MMCount 0
QMCount 0
 8-03: 23:17:44:921:8c0 constructing ISAKMP Header
 8-03: 23:17:44:921:8c0 constructing HASH (null)
 8-03: 23:17:44:921:8c0 Construct QM Delete Spi 2662854523
 8-03: 23:17:44:921:8c0 constructing HASH (Notify/Delete)
 8-03: 23:17:44:921:8c0 Not setting retransmit to downlevel client. SA
0011E920 Centry 00000000
 8-03: 23:17:44:921:8c0 
 8-03: 23:17:44:921:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
1.4500
 8-03: 23:17:44:921:8c0 ISAKMP Header: (V1.0), len = 68
 8-03: 23:17:44:921:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:44:921:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:44:921:8c0   exchange: ISAKMP Informational Exchange
 8-03: 23:17:44:921:8c0   flags: 1 ( encrypted )
 8-03: 23:17:44:921:8c0   next payload: HASH
 8-03: 23:17:44:921:8c0   message ID: 714e4f75
 8-03: 23:17:44:921:8c0 Ports S:9411 D:9411
 8-03: 23:17:44:921:8c0 PrivatePeerAddr 0
 8-03: 23:17:44:921:3bc isadb_schedule_kill_oldPolicy_sas:
536625eb-556f-447b-8db627579e8049d9 4
 8-03: 23:17:44:921:b74 isadb_schedule_kill_oldPolicy_sas:
64fd5aed-2f16-4b3a-91bd795ecc321b18 3
 8-03: 23:17:44:921:590 isadb_schedule_kill_oldPolicy_sas:
e5933d52-4114-4705-bd7c8ce1d6d56689 2
 8-03: 23:17:44:921:3bc isadb_schedule_kill_oldPolicy_sas:
e6b22766-24f4-4290-afa62e7fe7250cb2 1
 8-03: 23:17:44:937:8c0 entered kill_old_policy_sas 4
 8-03: 23:17:44:937:8c0 SA Dead. sa:0011E920 status:3619
 8-03: 23:17:44:937:8c0 isadb_set_status sa:0011E920 centry:00000000 status
3619
 8-03: 23:17:44:937:8c0 constructing ISAKMP Header
 8-03: 23:17:44:937:8c0 constructing HASH (null)
 8-03: 23:17:44:937:8c0 constructing DELETE. MM 0011E920
 8-03: 23:17:44:937:8c0 constructing HASH (Notify/Delete)
 8-03: 23:17:44:937:8c0 Not setting retransmit to downlevel client. SA
0011E920 Centry 00000000
 8-03: 23:17:44:937:8c0 
 8-03: 23:17:44:937:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
1.4500
 8-03: 23:17:44:937:8c0 ISAKMP Header: (V1.0), len = 84
 8-03: 23:17:44:937:8c0   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:44:937:8c0   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:44:937:8c0   exchange: ISAKMP Informational Exchange
 8-03: 23:17:44:937:8c0   flags: 1 ( encrypted )
 8-03: 23:17:44:937:8c0   next payload: HASH
 8-03: 23:17:44:937:8c0   message ID: e5ec4bcb
 8-03: 23:17:44:937:8c0 Ports S:9411 D:9411
 8-03: 23:17:44:937:8c0 entered kill_old_policy_sas 3
 8-03: 23:17:44:937:8c0 entered kill_old_policy_sas 2
 8-03: 23:17:44:937:8c0 entered kill_old_policy_sas 1
 8-03: 23:17:45:156:14c 
 8-03: 23:17:45:156:14c Receive: (get) SA = 0x0011e920 from
111.111.111.111.4500
 8-03: 23:17:45:156:14c ISAKMP Header: (V1.0), len = 68
 8-03: 23:17:45:156:14c   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:45:156:14c   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:45:156:14c   exchange: ISAKMP Informational Exchange
 8-03: 23:17:45:156:14c   flags: 1 ( encrypted )
 8-03: 23:17:45:156:14c   next payload: HASH
 8-03: 23:17:45:156:14c   message ID: dddf6b3a
 8-03: 23:17:45:156:14c processing HASH (Notify/Delete)
 8-03: 23:17:45:156:14c processing payload DELETE
 8-03: 23:17:45:156:14c Asked to delete phase2 SPI we don't own: 2671731549
proto=3
 8-03: 23:17:45:265:14c 
 8-03: 23:17:45:265:14c Receive: (get) SA = 0x0011e920 from
111.111.111.111.4500
 8-03: 23:17:45:265:14c ISAKMP Header: (V1.0), len = 84
 8-03: 23:17:45:265:14c   I-COOKIE cb52bf6e60974bee
 8-03: 23:17:45:265:14c   R-COOKIE 2b03ae1cc8c9f53e
 8-03: 23:17:45:265:14c   exchange: ISAKMP Informational Exchange
 8-03: 23:17:45:265:14c   flags: 1 ( encrypted )
 8-03: 23:17:45:265:14c   next payload: HASH
 8-03: 23:17:45:265:14c   message ID: 86ba56cf
 8-03: 23:17:45:265:14c processing HASH (Notify/Delete)
 8-03: 23:17:45:265:14c processing payload DELETE
==================================================

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Thursday, August 03, 2006 10:07 PM
To: Meron Lavie
Cc: 'Andy Gay'; users at openswan.org
Subject: RE: [Openswan Users] WinXP Behind Nat to Openswan Server Behind NAT

On Thu, 3 Aug 2006, Meron Lavie wrote:

> I know this isn't a Windows forum, but: could you please tell me where/how
I
> would see this logged on WinXP/SP2?

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-
us/sag_ipsec_tools.mspx

Look at how to enable te OAKLEY.LOG

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155




More information about the Users mailing list