[Openswan Users] windows client behind nat (was: nat problem)
Nicolelli Federico
nico at tcpsas.com
Tue Oct 24 11:42:57 EDT 2006
Hi all,
i have a big problem with a windows natted client and a linux openswan
server (2.4.7rc2 with 2.6.17.3 kernel) :
this is my situation:
winz client ----> 192.168.0.1
|
|
|
firewall ------> X.X.X.X
|
|
|
vpn terminator ---------> 62.X.X.X
this is my ipsec.conf file:
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
nat_traversal=yes
#virtual_private=%v4:10.0.0.0/16,%v4:192.168.0.0/24
virtual_private=%v4:192.168.0.0/24,%v4:10.0.0.0/8
interfaces="ipsec0=eth1"
#plutodebug="control parsing"
conn nico
authby=rsasig
pfs=no
type=transport
#
left=62.X.X.X
leftnexthop=62.X.X.X
leftrsasigkey=%cert
leftcert=/etc/ipsec.d/certs/omnia.nicolan.com.pem
leftsendcert=yes
leftprotoport=17/1701
leftca=/etc/ipsec.d/cacerts/cacert.pem
#
# The remote user.
#
right=%any
rightrsasigkey=%cert
rightsubnet=vhost:%no,%priv
rightcert=/etc/ipsec.d/certs/mrcyano.graphimedia.it.pem
rightprotoport=17/1701
rightsendcert=yes
#
#
auto=start
keyingtries=3
and these are my server and my client logs:
server:
Oct 24 17:30:31 omnia pluto[5977]: packet from 85.18.80.194:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct 24 17:30:31 omnia pluto[5977]: packet from 85.18.80.194:500:
ignoring Vendor ID payload [FRAGMENTATION]
Oct 24 17:30:31 omnia pluto[5977]: packet from 85.18.80.194:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106
Oct 24 17:30:31 omnia pluto[5977]: packet from 85.18.80.194:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Oct 24 17:30:31 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: responding
to Main Mode from unknown peer 85.18.80.194
Oct 24 17:30:31 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: transition
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 24 17:30:31 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3:
STATE_MAIN_R1: sent MR1, expecting MI2
Oct 24 17:30:31 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Oct 24 17:30:31 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 24 17:30:31 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3:
STATE_MAIN_R2: sent MR2, expecting MI3
Oct 24 17:30:31 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: Main mode
peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:31 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: no
suitable connection for peer 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:31 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: sending
encrypted notification INVALID_ID_INFORMATION to 85.18.80.194:500
Oct 24 17:30:32 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: Main mode
peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:32 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: no
suitable connection for peer 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:32 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: sending
encrypted notification INVALID_ID_INFORMATION to 85.18.80.194:500
Oct 24 17:30:34 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: Main mode
peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:34 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: no
suitable connection for peer 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:34 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: sending
encrypted notification INVALID_ID_INFORMATION to 85.18.80.194:500
Oct 24 17:30:38 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: Main mode
peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:31 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: no
suitable connection for peer 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:31 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: sending
encrypted notification INVALID_ID_INFORMATION to 85.18.80.194:500
Oct 24 17:30:32 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: Main mode
peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:32 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: no
suitable connection for peer 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:32 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: sending
encrypted notification INVALID_ID_INFORMATION to 85.18.80.194:500
Oct 24 17:30:34 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: Main mode
peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:34 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: no
suitable connection for peer 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:34 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: sending
encrypted notification INVALID_ID_INFORMATION to 85.18.80.194:500
Oct 24 17:30:38 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: Main mode
peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:38 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: no
suitable connection for peer 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:38 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: sending
encrypted notification INVALID_ID_INFORMATION to 85.18.80.194:500
Oct 24 17:30:46 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: Main mode
peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:46 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: no
suitable connection for peer 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:30:46 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: sending
encrypted notification INVALID_ID_INFORMATION to 85.18.80.194:500
Oct 24 17:31:02 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: Main mode
peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:31:02 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: no
suitable connection for peer 'C=IT, ST=Torino, L=Montanaro, O=nicolan,
CN=mrcyano.graphimedia.it'
Oct 24 17:31:02 omnia pluto[5977]: "nico"[3] 85.18.80.194 #3: sending
encrypted notification INVALID_ID_INFORMATION to 85.18.80.194:500
client (oakley.log):
10-24: 17:30:23:437:bec ClearFragList
10-24: 17:30:28:343:7bc QM PolicyName: L2TP Optional Encryption Quick
Mode Policy dwFlags 0
10-24: 17:30:28:343:7bc QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:343:7bc QMOffer[0] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:343:7bc Algo[0] Operation: ESP Algo: Triple DES CBC
HMAC: MD5
10-24: 17:30:28:343:7bc QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:343:7bc QMOffer[1] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:343:7bc Algo[0] Operation: ESP Algo: Triple DES CBC
HMAC: SHA
10-24: 17:30:28:343:7bc QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:343:7bc QMOffer[2] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:343:7bc Algo[0] Operation: AH Algo: SHA
10-24: 17:30:28:359:7bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
10-24: 17:30:28:359:7bc QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[3] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: AH Algo: MD5
10-24: 17:30:28:359:7bc Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
10-24: 17:30:28:359:7bc QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[4] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: AH Algo: SHA
10-24: 17:30:28:359:7bc Algo[1] Operation: ESP Algo: Triple DES CBC
HMAC: SHA
10-24: 17:30:28:359:7bc QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[5] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: AH Algo: MD5
10-24: 17:30:28:359:7bc Algo[1] Operation: ESP Algo: Triple DES CBC
HMAC: MD5
10-24: 17:30:28:359:7bc QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[6] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
10-24: 17:30:28:359:7bc QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[7] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
10-24: 17:30:28:359:7bc QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[8] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: AH Algo: SHA
10-24: 17:30:28:359:7bc Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
10-24: 17:30:28:359:7bc QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[9] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: AH Algo: MD5
10-24: 17:30:28:359:7bc Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
10-24: 17:30:28:359:7bc QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[10] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: AH Algo: SHA
10-24: 17:30:28:359:7bc Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
10-24: 17:30:28:359:7bc QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[11] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: AH Algo: MD5
10-24: 17:30:28:359:7bc Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
10-24: 17:30:28:359:7bc QMOffer[12] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[12] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
10-24: 17:30:28:359:7bc QMOffer[13] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[13] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
10-24: 17:30:28:359:7bc QMOffer[14] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[14] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: AH Algo: SHA
10-24: 17:30:28:359:7bc QMOffer[15] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:7bc QMOffer[15] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:7bc Algo[0] Operation: AH Algo: MD5
10-24: 17:30:28:359:7bc Internal Acquire: op=00000001
src=192.168.0.162.1701 dst=62.123.146.14.1701 proto = 17,
SrcMask=255.255.255.255, DstMask=255.255.255.255, Tunnel 0,
TunnelEndpt=0.0.0.0 Inbound TunnelEndpt=0.0.0.0, InitiateEvent=000007F8,
IKE SrcPort=500 IKE DstPort=500
10-24: 17:30:28:359:bec Filter to match: Src 62.123.146.14 Dst 192.168.0.162
10-24: 17:30:28:359:bec MM PolicyName: 2
10-24: 17:30:28:359:bec MMPolicy dwFlags 2 SoftSAExpireTime 28800
10-24: 17:30:28:359:bec MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
10-24: 17:30:28:359:bec MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
10-24: 17:30:28:359:bec MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
10-24: 17:30:28:359:bec MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
10-24: 17:30:28:359:bec MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 1
10-24: 17:30:28:359:bec MMOffer[2] Encrypt: DES CBC Hash: SHA
10-24: 17:30:28:359:bec MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
10-24: 17:30:28:359:bec MMOffer[3] Encrypt: DES CBC Hash: MD5
10-24: 17:30:28:359:bec Auth[0]:RSA Sig C=IT, S=Torino, L=Montanaro,
O=nicolan, CN=nicolan AuthFlags 0
10-24: 17:30:28:359:bec QM PolicyName: L2TP Optional Encryption Quick
Mode Policy dwFlags 0
10-24: 17:30:28:359:bec QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[0] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: ESP Algo: Triple DES CBC
HMAC: MD5
10-24: 17:30:28:359:bec QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[1] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: ESP Algo: Triple DES CBC
HMAC: SHA
10-24: 17:30:28:359:bec QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[2] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: AH Algo: SHA
10-24: 17:30:28:359:bec Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
10-24: 17:30:28:359:bec QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[3] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: AH Algo: MD5
10-24: 17:30:28:359:bec Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
10-24: 17:30:28:359:bec QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[4] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: AH Algo: SHA
10-24: 17:30:28:359:bec Algo[1] Operation: ESP Algo: Triple DES CBC
HMAC: SHA
10-24: 17:30:28:359:bec QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[5] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: AH Algo: MD5
10-24: 17:30:28:359:bec Algo[1] Operation: ESP Algo: Triple DES CBC
HMAC: MD5
10-24: 17:30:28:359:bec QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[6] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
10-24: 17:30:28:359:bec QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[7] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
10-24: 17:30:28:359:bec QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[8] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: AH Algo: SHA
10-24: 17:30:28:359:bec Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
10-24: 17:30:28:359:bec QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[9] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: AH Algo: MD5
10-24: 17:30:28:359:bec Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
10-24: 17:30:28:359:bec QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[10] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: AH Algo: SHA
10-24: 17:30:28:359:bec Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
10-24: 17:30:28:359:bec QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[11] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: AH Algo: MD5
10-24: 17:30:28:359:bec Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
10-24: 17:30:28:359:bec QMOffer[12] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[12] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
10-24: 17:30:28:359:bec QMOffer[13] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[13] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
10-24: 17:30:28:359:bec QMOffer[14] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[14] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: AH Algo: SHA
10-24: 17:30:28:359:bec QMOffer[15] LifetimeKBytes 250000 LifetimeSec 3600
10-24: 17:30:28:359:bec QMOffer[15] dwFlags 0 dwPFSGroup 0
10-24: 17:30:28:359:bec Algo[0] Operation: AH Algo: MD5
10-24: 17:30:28:359:bec Starting Negotiation: src = 192.168.0.162.0500,
dst = 62.123.146.14.0500, proto = 17, context = 00000000, ProxySrc =
192.168.0.162.1701, ProxyDst = 62.123.146.14.1701 SrcMask = 0.0.0.0
DstMask = 0.0.0.0
10-24: 17:30:28:359:bec constructing ISAKMP Header
10-24: 17:30:28:359:bec constructing SA (ISAKMP)
10-24: 17:30:28:359:bec Constructing Vendor MS NT5 ISAKMPOAKLEY
10-24: 17:30:28:359:bec Constructing Vendor FRAGMENTATION
10-24: 17:30:28:359:bec Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
10-24: 17:30:28:359:bec Constructing Vendor Vid-Initial-Contact
10-24: 17:30:28:359:bec
10-24: 17:30:28:359:bec Sending: SA = 0x000EDC30 to 62.123.146.14:Type 2.500
10-24: 17:30:28:359:bec ISAKMP Header: (V1.0), len = 276
10-24: 17:30:28:359:bec I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:28:359:bec R-COOKIE 0000000000000000
10-24: 17:30:28:359:bec exchange: Oakley Main Mode
10-24: 17:30:28:359:bec flags: 0
10-24: 17:30:28:359:bec next payload: SA
10-24: 17:30:28:359:bec message ID: 00000000
10-24: 17:30:28:359:bec Ports S:f401 D:f401
10-24: 17:30:28:359:bec Activating InitiateEvent 000007F8
10-24: 17:30:28:421:bec
10-24: 17:30:28:421:bec Receive: (get) SA = 0x000edc30 from
62.123.146.14.500
10-24: 17:30:28:421:bec ISAKMP Header: (V1.0), len = 140
10-24: 17:30:28:421:bec I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:28:421:bec R-COOKIE bb310e0fcb97223c
10-24: 17:30:28:421:bec exchange: Oakley Main Mode
10-24: 17:30:28:421:bec flags: 0
10-24: 17:30:28:421:bec next payload: SA
10-24: 17:30:28:421:bec message ID: 00000000
10-24: 17:30:28:421:bec processing payload SA
10-24: 17:30:28:421:bec Received Phase 1 Transform 1
10-24: 17:30:28:437:bec Encryption Alg Triple DES CBC(5)
10-24: 17:30:28:437:bec Hash Alg SHA(2)
10-24: 17:30:28:437:bec Oakley Group 2
10-24: 17:30:28:437:bec Auth Method Firma RSA con certificati(3)
10-24: 17:30:28:437:bec Life type in Seconds
10-24: 17:30:28:437:bec Life duration of 28800
10-24: 17:30:28:437:bec Phase 1 SA accepted: transform=1
10-24: 17:30:28:437:bec SA - Oakley proposal accepted
10-24: 17:30:28:437:bec processing payload VENDOR ID
10-24: 17:30:28:437:bec processing payload VENDOR ID
10-24: 17:30:28:437:bec processing payload VENDOR ID
10-24: 17:30:28:437:bec Received VendorId draft-ietf-ipsec-nat-t-ike-02
10-24: 17:30:28:437:bec ClearFragList
10-24: 17:30:28:437:bec constructing ISAKMP Header
10-24: 17:30:28:484:bec constructing KE
10-24: 17:30:28:484:bec constructing NONCE (ISAKMP)
10-24: 17:30:28:484:bec Constructing NatDisc
10-24: 17:30:28:484:bec
10-24: 17:30:28:484:bec Sending: SA = 0x000EDC30 to 62.123.146.14:Type 2.500
10-24: 17:30:28:484:bec ISAKMP Header: (V1.0), len = 232
10-24: 17:30:28:484:bec I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:28:484:bec R-COOKIE bb310e0fcb97223c
10-24: 17:30:28:484:bec exchange: Oakley Main Mode
10-24: 17:30:28:484:bec flags: 0
10-24: 17:30:28:484:bec next payload: KE
10-24: 17:30:28:484:bec message ID: 00000000
10-24: 17:30:28:484:bec Ports S:f401 D:f401
10-24: 17:30:28:546:bec
10-24: 17:30:28:546:bec Receive: (get) SA = 0x000edc30 from
62.123.146.14.500
10-24: 17:30:28:546:bec ISAKMP Header: (V1.0), len = 324
10-24: 17:30:28:546:bec I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:28:546:bec R-COOKIE bb310e0fcb97223c
10-24: 17:30:28:546:bec exchange: Oakley Main Mode
10-24: 17:30:28:546:bec flags: 0
10-24: 17:30:28:546:bec next payload: KE
10-24: 17:30:28:546:bec message ID: 00000000
10-24: 17:30:28:546:bec processing payload KE
10-24: 17:30:28:562:bec processing payload NONCE
10-24: 17:30:28:562:bec processing payload CRP
10-24: 17:30:28:562:bec C=IT, S=Torino, L=Montanaro, O=nicolan, CN=nicolan
10-24: 17:30:28:562:bec processing payload NATDISC
10-24: 17:30:28:562:bec Processing NatHash
10-24: 17:30:28:562:bec Nat hash 642895adef0ecaa5715ebd0e604270a8
10-24: 17:30:28:562:bec 17871cc8
10-24: 17:30:28:562:bec SA StateMask2 1e
10-24: 17:30:28:562:bec processing payload NATDISC
10-24: 17:30:28:562:bec Processing NatHash
10-24: 17:30:28:562:bec Nat hash 823d7040d6e0e119de735f8870c603c5
10-24: 17:30:28:562:bec d7bb5250
10-24: 17:30:28:562:bec SA StateMask2 9e
10-24: 17:30:28:562:bec ClearFragList
10-24: 17:30:28:562:bec Floated Ports Orig Me:f401 Peer:f401
10-24: 17:30:28:562:bec Floated Ports Me:9411 Peer:9411
10-24: 17:30:28:562:bec constructing ISAKMP Header
10-24: 17:30:28:562:bec constructing ID
10-24: 17:30:28:562:bec Looking for IPSec only cert
10-24: 17:30:28:562:bec Cert Trustes. 0 100
10-24: 17:30:28:562:bec Cert SHA Thumbprint 4e559539a3d8c69a5d227f5149bbaf27
10-24: 17:30:28:562:bec f37f4f43
10-24: 17:30:28:562:bec Entered CRL check
10-24: 17:30:28:562:bec Left CRL check
10-24: 17:30:28:562:bec Cert SHA Thumbprint 4e559539a3d8c69a5d227f5149bbaf27
10-24: 17:30:28:562:bec f37f4f43
10-24: 17:30:28:562:bec SubjectName: C=IT, S=Torino, L=Montanaro,
O=nicolan, CN=mrcyano.graphimedia.it
10-24: 17:30:28:562:bec Cert Serialnumber 03
10-24: 17:30:28:562:bec Cert SHA Thumbprint 4e559539a3d8c69a5d227f5149bbaf27
10-24: 17:30:28:562:bec f37f4f43
10-24: 17:30:28:562:bec SubjectName: C=IT, S=Torino, L=Montanaro,
O=nicolan, CN=nicolan
10-24: 17:30:28:562:bec Cert Serialnumber adf89688613c35e500
10-24: 17:30:28:562:bec Cert SHA Thumbprint f7fdfa2f07121d0f47d0afddff501e80
10-24: 17:30:28:562:bec 1d8c1879
10-24: 17:30:28:562:bec Not storing My cert chain in SA.
10-24: 17:30:28:562:bec MM ID Type 9
10-24: 17:30:28:562:bec MM ID 3065310b300906035504061302495431
10-24: 17:30:28:562:bec 0f300d06035504081306546f72696e6f
10-24: 17:30:28:562:bec 31123010060355040713094d6f6e7461
10-24: 17:30:28:562:bec 6e61726f3110300e060355040a13076e
10-24: 17:30:28:562:bec 69636f6c616e311f301d060355040313
10-24: 17:30:28:562:bec 166d726379616e6f2e6772617068696d
10-24: 17:30:28:562:bec 656469612e6974
10-24: 17:30:28:562:bec constructing CERT
10-24: 17:30:28:562:bec Construct SIG
10-24: 17:30:28:578:bec Constructing Cert Request
10-24: 17:30:28:578:bec C=IT, S=Torino, L=Montanaro, O=nicolan, CN=nicolan
10-24: 17:30:28:578:bec
10-24: 17:30:28:578:bec Sending: SA = 0x000EDC30 to 62.123.146.14:Type
2.4500
10-24: 17:30:28:578:bec ISAKMP Header: (V1.0), len = 1212
10-24: 17:30:28:578:bec I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:28:578:bec R-COOKIE bb310e0fcb97223c
10-24: 17:30:28:578:bec exchange: Oakley Main Mode
10-24: 17:30:28:578:bec flags: 1 ( encrypted )
10-24: 17:30:28:578:bec next payload: ID
10-24: 17:30:28:578:bec message ID: 00000000
10-24: 17:30:28:578:bec Ports S:9411 D:9411
10-24: 17:30:28:640:bec
10-24: 17:30:28:640:bec Receive: (get) SA = 0x000edc30 from
62.123.146.14.500
10-24: 17:30:28:640:bec ISAKMP Header: (V1.0), len = 68
10-24: 17:30:28:640:bec I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:28:640:bec R-COOKIE bb310e0fcb97223c
10-24: 17:30:28:640:bec exchange: ISAKMP Informational Exchange
10-24: 17:30:28:640:bec flags: 1 ( encrypted )
10-24: 17:30:28:640:bec next payload: HASH
10-24: 17:30:28:640:bec message ID: e4f8639d
10-24: 17:30:28:640:bec invalid payload received
10-24: 17:30:28:640:bec GetPacket failed 3613
10-24: 17:30:29:484:78c retransmit: sa = 000EDC30 centry 00000000 ,
count = 1
10-24: 17:30:29:484:78c
10-24: 17:30:29:484:78c Sending: SA = 0x000EDC30 to 62.123.146.14:Type
2.4500
10-24: 17:30:29:484:78c ISAKMP Header: (V1.0), len = 1212
10-24: 17:30:29:484:78c I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:29:484:78c R-COOKIE bb310e0fcb97223c
10-24: 17:30:29:484:78c exchange: Oakley Main Mode
10-24: 17:30:29:484:78c flags: 1 ( encrypted )
10-24: 17:30:29:484:78c next payload: ID
10-24: 17:30:29:484:78c message ID: 00000000
10-24: 17:30:29:484:78c Ports S:9411 D:9411
10-24: 17:30:29:546:bec
10-24: 17:30:29:546:bec Receive: (get) SA = 0x000edc30 from
62.123.146.14.500
10-24: 17:30:29:546:bec ISAKMP Header: (V1.0), len = 68
10-24: 17:30:29:546:bec I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:29:546:bec R-COOKIE bb310e0fcb97223c
10-24: 17:30:29:546:bec exchange: ISAKMP Informational Exchange
10-24: 17:30:29:546:bec flags: 1 ( encrypted )
10-24: 17:30:29:546:bec next payload: HASH
10-24: 17:30:29:546:bec message ID: ef9d87e4
10-24: 17:30:29:546:bec invalid payload received
10-24: 17:30:29:546:bec GetPacket failed 3613
10-24: 17:30:31:484:78c retransmit: sa = 000EDC30 centry 00000000 ,
count = 2
10-24: 17:30:31:484:78c
10-24: 17:30:31:484:78c Sending: SA = 0x000EDC30 to 62.123.146.14:Type
2.4500
10-24: 17:30:31:484:78c ISAKMP Header: (V1.0), len = 1212
10-24: 17:30:31:484:78c I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:31:484:78c R-COOKIE bb310e0fcb97223c
10-24: 17:30:31:484:78c exchange: Oakley Main Mode
10-24: 17:30:31:484:78c flags: 1 ( encrypted )
10-24: 17:30:31:484:78c next payload: ID
10-24: 17:30:31:484:78c message ID: 00000000
10-24: 17:30:31:484:78c Ports S:9411 D:9411
10-24: 17:30:31:546:bec
10-24: 17:30:31:546:bec Receive: (get) SA = 0x000edc30 from
62.123.146.14.500
10-24: 17:30:31:546:bec ISAKMP Header: (V1.0), len = 68
10-24: 17:30:31:546:bec I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:31:546:bec R-COOKIE bb310e0fcb97223c
10-24: 17:30:31:546:bec exchange: ISAKMP Informational Exchange
10-24: 17:30:31:546:bec flags: 1 ( encrypted )
10-24: 17:30:31:546:bec next payload: HASH
10-24: 17:30:31:546:bec message ID: 49189218
10-24: 17:30:31:546:bec invalid payload received
10-24: 17:30:31:546:bec GetPacket failed 3613
10-24: 17:30:35:484:78c retransmit: sa = 000EDC30 centry 00000000 ,
count = 3
10-24: 17:30:35:484:78c
10-24: 17:30:35:484:78c Sending: SA = 0x000EDC30 to 62.123.146.14:Type
2.4500
10-24: 17:30:35:484:78c ISAKMP Header: (V1.0), len = 1212
10-24: 17:30:35:484:78c I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:35:484:78c R-COOKIE bb310e0fcb97223c
10-24: 17:30:35:484:78c exchange: Oakley Main Mode
10-24: 17:30:35:484:78c flags: 1 ( encrypted )
10-24: 17:30:35:484:78c next payload: ID
10-24: 17:30:35:484:78c message ID: 00000000
10-24: 17:30:35:484:78c Ports S:9411 D:9411
10-24: 17:30:35:546:bec
10-24: 17:30:35:546:bec Receive: (get) SA = 0x000edc30 from
62.123.146.14.500
10-24: 17:30:35:546:bec ISAKMP Header: (V1.0), len = 68
10-24: 17:30:35:546:bec I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:35:546:bec R-COOKIE bb310e0fcb97223c
10-24: 17:30:35:546:bec exchange: ISAKMP Informational Exchange
10-24: 17:30:35:546:bec flags: 1 ( encrypted )
10-24: 17:30:35:546:bec next payload: HASH
10-24: 17:30:35:546:bec message ID: 7caa0fd8
10-24: 17:30:35:546:bec invalid payload received
10-24: 17:30:35:546:bec GetPacket failed 3613
10-24: 17:30:38:546:bec
10-24: 17:30:38:546:bec Receive: (get) SA = 0x000edc30 from
62.123.146.14.500
10-24: 17:30:38:546:bec ISAKMP Header: (V1.0), len = 324
10-24: 17:30:38:546:bec I-COOKIE 5caa8ca62c4b8240
10-24: 17:30:38:546:bec R-COOKIE bb310e0fcb97223c
10-24: 17:30:38:546:bec exchange: Oakley Main Mode
10-24: 17:30:38:546:bec flags: 0
10-24: 17:30:38:546:bec next payload: KE
10-24: 17:30:38:546:bec message ID: 00000000
10-24: 17:30:38:546:bec received an unencrypted packet when crypto active
10-24: 17:30:38:546:bec GetPacket failed 35ec
....i am going insane with this problem.... :)
More information about the Users
mailing list