[Openswan Users] IPSec Connection: Quick Mode fails
Ladi
mafja at yahoo.com
Fri Jan 26 04:36:20 EST 2007
Greetings all,
It has been few days that i'm trying to initiate an IPSec connection between Fedora Core 5 and Win 2k3 server.
The first phase is fine () but it will fail at phase two. I will really appreciate if someone can give me any hint on solving this problem.
The following are some information regarding the setup:
The windows settings are as follow:
- Key exchange settings:
-------------------------------------
- PFS: NO
- Security methods:
- Type: IKE
- Encryption: 3DES
- Integrity: SHA1
- Diffie-Hellman Group: Medium(2)
- Filter Actions
-----------------------
Data and address integrity without encryption (AH) - CHECKED
Integrity Algorithm: MD5
The following is my ipsec.conf
--------------------------------------------
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
plutodebug="all"
nat_traversal=yes
nhelpers=0
# Add connections here
conn rdp_sec
keyexchange=ike
ike=3des-sha1-modp1024
auth=ah
ah=hmac-md5
authby=rsasig
pfs=no
rekey=no
keyingtries=3
type=transport
#
left=%defaultroute
leftcert=/etc/ipsec.d/usercrt.pem
leftrsasigkey=%cert
leftprotoport=6/3389
#
right=192.168.0.116
rightid="CN=Win2K3RC2Srv, E=ladi at hatc.com"
#rightcert=/etc/ipsec.d/certs/CA_Cert.pem
rightrsasigkey=%cert
rightca=%same
rightprotoport=6/3389
auto=add #ignore
When trying to establish the connection:
-----------------------------------------------------------
[root at fedora5 ~]# ipsec auto --verbose --up rdp_sec
002 "rdp_sec" #4: initiating Main Mode
104 "rdp_sec" #4: STATE_MAIN_I1: initiate
003 "rdp_sec" #4: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
003 "rdp_sec" #4: ignoring Vendor ID payload [FRAGMENTATION]
003 "rdp_sec" #4: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
002 "rdp_sec" #4: enabling possible NAT-traversal with method draft-ietf-ipsec-nat-t-ike-02/03
002 "rdp_sec" #4: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
106 "rdp_sec" #4: STATE_MAIN_I2: sent MI2, expecting MR2
003 "rdp_sec" #4: discarding duplicate packet; already STATE_MAIN_I2
003 "rdp_sec" #4: discarding duplicate packet; already STATE_MAIN_I2
003 "rdp_sec" #4: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
002 "rdp_sec" #4: I am sending my cert
002 "rdp_sec" #4: I am sending a certificate request
002 "rdp_sec" #4: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
108 "rdp_sec" #4: STATE_MAIN_I3: sent MI3, expecting MR3
003 "rdp_sec" #4: discarding duplicate packet; already STATE_MAIN_I3
003 "rdp_sec" #4: discarding duplicate packet; already STATE_MAIN_I3
003 "rdp_sec" #4: discarding duplicate packet; already STATE_MAIN_I3
002 "rdp_sec" #4: Main mode peer ID is ID_DER_ASN1_DN: 'CN=Win2K3RC2Srv, E=ladi at hatc.com'
002 "rdp_sec" #4: no crl from issuer "CN=CA" found (strict=no)
002 "rdp_sec" #4: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
004 "rdp_sec" #4: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
002 "rdp_sec" #5: initiating Quick Mode
RSASIG+ENCRYPT+AUTHENTICATE+DONTREKEY+UP {using isakmp#4}117 "rdp_sec"
#5: STATE_QUICK_I1: initiate
002 "rdp_sec" #5: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
003 "rdp_sec" #5: no acceptable Proposal in IPsec SA
214 "rdp_sec" #5: STATE_QUICK_I1: NO_PROPOSAL_CHOSEN
002 "rdp_sec" #5: sending encrypted notification NO_PROPOSAL_CHOSEN to 192.168.0.116:500
From windows side:
C:\>netsh ipsec dynamic show all
Source Machine : Local Computer GPO for <WIN2K3SRV>
GPO Name : Local Computer Policy
Local IPSec Policy Name : RDP Security
Local IPSec Policy DN : SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Loca
l\ipsecPolicy{5742612a-78a5-4f86-9f66-3780a84862af}
AD IPSec Policy Name : NONE
IPSec Policy Assigned : YES
IKE MM Policy Name : 1
IKE Soft SA Lifetime : 28800 secs
Encryption Integrity DH Lifetime (Kb:secs) QM Limit Per MM
---------- --------- ---- ------------------ ---------------
3DES SHA1 2 0:28800 0
3DES MD5 2 0:28800 0
DES SHA1 1 0:28800 0
DES MD5 1 0:28800 0
QM Negotiation Policy Name : Require RDP Security
Security Methods Lifetime (Kb:secs) PFS DH Group
------------------------- --------------------- ------------
AH[MD5] 0:0 <Unassigned>
Main Mode Filters: Generic
-------------------------------------------------------------------------------
Filter name : 1
Connection Type : ALL
Source Address : <My IP Address> (255.255.255.255)
Destination Address : <Any IP Address> (0.0.0.0 )
Authentication Methods :
Root CA : CN=CA
Exclude CA name : NO
Security Methods : 4
3DES/SHA1/DH2/28800/QMlimit=0
3DES/MD5/DH2/28800/QMlimit=0
DES/SHA1/DH1/28800/QMlimit=0
DES/MD5/DH1/28800/QMlimit=0
1 Generic Filter(s)
Main Mode Filters: Specific Outbound
-------------------------------------------------------------------------------
Filter name : 1
Weight : 34603008
Connection Type : ALL
Source Address : 192.168.0.116 (255.255.255.255)
Destination Address : <Any IP Address> (0.0.0.0 )
Authentication Methods :
Root CA : CN=CA
Exclude CA name : NO
Security Methods : 4
3DES/SHA1/DH2/28800/QMlimit=0
3DES/MD5/DH2/28800/QMlimit=0
DES/SHA1/DH1/28800/QMlimit=0
DES/MD5/DH1/28800/QMlimit=0
1 Specific Outbound Filter(s)
Main Mode Filters: Specific Inbound
-------------------------------------------------------------------------------
Filter name : 1
Weight : 34603009
Connection Type : ALL
Source Address : <Any IP Address> (0.0.0.0 )
Destination Address : 192.168.0.116 (255.255.255.255)
Authentication Methods :
Root CA : CN=CA
Exclude CA name : NO
Security Methods : 4
3DES/SHA1/DH2/28800/QMlimit=0
3DES/MD5/DH2/28800/QMlimit=0
DES/SHA1/DH1/28800/QMlimit=0
DES/MD5/DH1/28800/QMlimit=0
1 Specific Inbound Filter(s)
Quick Mode Filters(Transport): Generic
-------------------------------------------------------------------------------
Filter name : 1
Connection Type : ALL
Source Address : 192.168.0.109 (255.255.255.255)
Destination Address : 192.168.0.116 (255.255.255.255)
Protocol : TCP Src Port: 3389 Dest Port: 3389
Mirrored : yes
Quick Mode Policy : Require RDP Security
Inbound Action : Negotiate
Outbound Action : Negotiate
-------------------------------------------------------------------------------
Filter name : 1
Connection Type : ALL
Source Address : <My IP Address> (255.255.255.255)
Destination Address : <Any IP Address> (0.0.0.0 )
Protocol : TCP Src Port: 3389 Dest Port: 0
Mirrored : yes
Quick Mode Policy : Require RDP Security
Inbound Action : Negotiate
Outbound Action : Negotiate
2 Generic Filter(s)
Quick Mode Filters(Transport): Specific Outbound
-------------------------------------------------------------------------------
Filter name : 1
Connection Type : ALL
Weight : 69206279
Source Address : 192.168.0.116 (255.255.255.255)
Destination Address : 192.168.0.109 (255.255.255.255)
Protocol : TCP Src Port: 3389 Dest Port: 3389
Mirrored : no
Quick Mode Policy : Require RDP Security
Outbound Action : Negotiate
-------------------------------------------------------------------------------
Filter name : 1
Connection Type : ALL
Weight : 34603266
Source Address : 192.168.0.116 (255.255.255.255)
Destination Address : <Any IP Address> (0.0.0.0 )
Protocol : TCP Src Port: 3389 Dest Port: 0
Mirrored : no
Quick Mode Policy : Require RDP Security
Outbound Action : Negotiate
2 Specific Outbound Filter(s)
Quick Mode Filters(Transport): Specific Inbound
-------------------------------------------------------------------------------
Filter name : 1
Connection Type : ALL
Weight : 69206279
Source Address : 192.168.0.109 (255.255.255.255)
Destination Address : 192.168.0.116 (255.255.255.255)
Protocol : TCP Src Port: 3389 Dest Port: 3389
Mirrored : no
Quick Mode Policy : Require RDP Security
Inbound Action : Negotiate
-------------------------------------------------------------------------------
Filter name : 1
Connection Type : ALL
Weight : 34603269
Source Address : <Any IP Address> (0.0.0.0 )
Destination Address : 192.168.0.116 (255.255.255.255)
Protocol : TCP Src Port: 0 Dest Port: 3389
Mirrored : no
Quick Mode Policy : Require RDP Security
Inbound Action : Negotiate
2 Specific Inbound Filter(s)
IKE Main Mode SAs at 1/26/2007 5:33:25 PM
-------------------------------------------------------------------------------
Cookie Pair : b06d27f6f5046b6d:00fce1d18e1179a3
Sec Methods : 3DES/SHA1/2/3600
Auth Mode : RSA Signature
Source : 192.168.0.116 , port 500
ID : CN=Win2K3RC2Srv, E=ladi at hatc.com
Destination : 192.168.0.109 , port 500
ID : CN=Fedora5, E=ladi at hatc.com
ERR IPSec[06138] : IPSec QuickMode Security Associations not available.
IPSec Configuration Parameters
------------------------------
IPSecDiagnostics : 7
IKElogging : 1
StrongCRLCheck : 1
IPSecloginterval : 3600
IPSecexempt : 3
Boot Mode : Stateful
Boot Mode Exemptions :
Protocol Src Port Dst Port Direction
--------- --------- --------- ---------
UDP 0 68 Inbound
IKE Statistics
--------------
Main Modes : 26
Quick Modes : 0
Soft SAs : 0
Authentication Failures : 0
Active Acquire : 1
Active Receive : 0
Acquire fail : 0
Receive fail : 6
Send fail : 0
Acquire Heap size : 2
Receive Heap size : 2
Negotiation Failures : 43
Invalid Cookies Rcvd : 0
Total Acquire : 0
TotalGetSpi : 37
TotalKeyAdd : 0
TotalKeyUpdate : 0
GetSpiFail : 1
KeyAddFail : 0
KeyUpdateFail : 0
IsadbListSize : 1
ConnListSize : 1
Invalid Packets Rcvd : 2
The result of the oakley.log:
----------------------------------------
1-26: 17:30:08:78:3f4 Receive: (get) SA = 0x00000000 from 192.168.0.109.500
1-26: 17:30:08:78:3f4 ISAKMP Header: (V1.0), len = 312
1-26: 17:30:08:78:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:08:78:3f4 R-COOKIE 0000000000000000
1-26: 17:30:08:78:3f4 exchange: Oakley Main Mode
1-26: 17:30:08:78:3f4 flags: 0
1-26: 17:30:08:78:3f4 next payload: SA
1-26: 17:30:08:78:3f4 message ID: 00000000
1-26: 17:30:08:78:3f4 Filter to match: Src 192.168.0.109 Dst 192.168.0.116
1-26: 17:30:08:78:3f4 MM PolicyName: 1
1-26: 17:30:08:78:3f4 MMPolicy dwFlags 2 SoftSAExpireTime 28800
1-26: 17:30:08:78:3f4 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
1-26: 17:30:08:78:3f4 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
1-26: 17:30:08:78:3f4 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
1-26: 17:30:08:78:3f4 MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
1-26: 17:30:08:78:3f4 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 1
1-26: 17:30:08:78:3f4 MMOffer[2] Encrypt: DES CBC Hash: SHA
1-26: 17:30:08:78:3f4 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
1-26: 17:30:08:78:3f4 MMOffer[3] Encrypt: DES CBC Hash: MD5
1-26: 17:30:08:78:3f4 Auth[0]:RSA Sig CN=CA AuthFlags 0
1-26: 17:30:08:78:3f4 Responding with new SA 141050
1-26: 17:30:08:78:3f4 processing payload SA
1-26: 17:30:08:78:3f4 Received Phase 1 Transform 0
1-26: 17:30:08:78:3f4 Life type in Seconds
1-26: 17:30:08:78:3f4 Life duration of 3600
1-26: 17:30:08:78:3f4 Encryption Alg Triple DES CBC(5)
1-26: 17:30:08:78:3f4 Hash Alg MD5(1)
1-26: 17:30:08:78:3f4 Auth Method RSA Signature with Certificates(3)
1-26: 17:30:08:78:3f4 Oakley Group 5
1-26: 17:30:08:78:3f4 Received Phase 1 Transform 1
1-26: 17:30:08:78:3f4 Life type in Seconds
1-26: 17:30:08:78:3f4 Life duration of 3600
1-26: 17:30:08:78:3f4 Encryption Alg Triple DES CBC(5)
1-26: 17:30:08:78:3f4 Hash Alg SHA(2)
1-26: 17:30:08:78:3f4 Auth Method RSA Signature with Certificates(3)
1-26: 17:30:08:78:3f4 Oakley Group 5
1-26: 17:30:08:78:3f4 Received Phase 1 Transform 2
1-26: 17:30:08:78:3f4 Life type in Seconds
1-26: 17:30:08:78:3f4 Life duration of 3600
1-26: 17:30:08:78:3f4 Encryption Alg Triple DES CBC(5)
1-26: 17:30:08:78:3f4 Hash Alg SHA(2)
1-26: 17:30:08:78:3f4 Auth Method RSA Signature with Certificates(3)
1-26: 17:30:08:78:3f4 Oakley Group 2
1-26: 17:30:08:78:3f4 Received Phase 1 Transform 3
1-26: 17:30:08:78:3f4 Life type in Seconds
1-26: 17:30:08:78:3f4 Life duration of 3600
1-26: 17:30:08:78:3f4 Encryption Alg Triple DES CBC(5)
1-26: 17:30:08:78:3f4 Hash Alg MD5(1)
1-26: 17:30:08:78:3f4 Auth Method RSA Signature with Certificates(3)
1-26: 17:30:08:78:3f4 Oakley Group 2
1-26: 17:30:08:78:3f4 Phase 1 SA accepted: transform=3
1-26: 17:30:08:78:3f4 SA - Oakley proposal accepted
1-26: 17:30:08:78:3f4 processing payload VENDOR ID
1-26: 17:30:08:78:3f4 processing payload VENDOR ID
1-26: 17:30:08:78:3f4 processing payload VENDOR ID
1-26: 17:30:08:78:3f4 processing payload VENDOR ID
1-26: 17:30:08:78:3f4 processing payload VENDOR ID
1-26: 17:30:08:78:3f4 processing payload VENDOR ID
1-26: 17:30:08:78:3f4 Received VendorId draft-ietf-ipsec-nat-t-ike-02
1-26: 17:30:08:78:3f4 processing payload VENDOR ID
1-26: 17:30:08:78:3f4 ClearFragList
1-26: 17:30:08:78:3f4 constructing ISAKMP Header
1-26: 17:30:08:78:3f4 constructing SA (ISAKMP)
1-26: 17:30:08:78:3f4 Constructing Vendor MS NT5 ISAKMPOAKLEY
1-26: 17:30:08:78:3f4 Constructing Vendor FRAGMENTATION
1-26: 17:30:08:78:3f4 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
1-26: 17:30:08:78:3f4
1-26: 17:30:08:78:3f4 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:08:78:3f4 ISAKMP Header: (V1.0), len = 148
1-26: 17:30:08:78:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:08:78:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:08:78:3f4 exchange: Oakley Main Mode
1-26: 17:30:08:78:3f4 flags: 0
1-26: 17:30:08:78:3f4 next payload: SA
1-26: 17:30:08:78:3f4 message ID: 00000000
1-26: 17:30:08:78:3f4 Ports S:f401 D:f401
1-26: 17:30:08:578:3f4 ClearFragList
1-26: 17:30:09:46:b54 retransmit: sa = 00141050 centry 00000000 , count = 1
1-26: 17:30:09:46:b54
1-26: 17:30:09:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:09:46:b54 ISAKMP Header: (V1.0), len = 148
1-26: 17:30:09:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:09:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:09:46:b54 exchange: Oakley Main Mode
1-26: 17:30:09:46:b54 flags: 0
1-26: 17:30:09:46:b54 next payload: SA
1-26: 17:30:09:46:b54 message ID: 00000000
1-26: 17:30:09:46:b54 Ports S:f401 D:f401
1-26: 17:30:11:46:b54 retransmit: sa = 00141050 centry 00000000 , count = 2
1-26: 17:30:11:46:b54
1-26: 17:30:11:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:11:46:b54 ISAKMP Header: (V1.0), len = 148
1-26: 17:30:11:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:11:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:11:46:b54 exchange: Oakley Main Mode
1-26: 17:30:11:46:b54 flags: 0
1-26: 17:30:11:46:b54 next payload: SA
1-26: 17:30:11:46:b54 message ID: 00000000
1-26: 17:30:11:46:b54 Ports S:f401 D:f401
1-26: 17:30:11:78:3f4
1-26: 17:30:11:78:3f4 Receive: (get) SA = 0x00141050 from 192.168.0.109.500
1-26: 17:30:11:78:3f4 ISAKMP Header: (V1.0), len = 228
1-26: 17:30:11:78:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:11:78:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:11:78:3f4 exchange: Oakley Main Mode
1-26: 17:30:11:78:3f4 flags: 0
1-26: 17:30:11:78:3f4 next payload: KE
1-26: 17:30:11:78:3f4 message ID: 00000000
1-26: 17:30:11:78:3f4 processing payload KE
1-26: 17:30:11:171:3f4 processing payload NONCE
1-26: 17:30:11:171:3f4 processing payload NATDISC
1-26: 17:30:11:171:3f4 Processing NatHash
1-26: 17:30:11:171:3f4 Nat hash 6b0a5726fc761fbb0fc38417d8daf362
1-26: 17:30:11:171:3f4 ac721b74
1-26: 17:30:11:171:3f4 SA StateMask2 e
1-26: 17:30:11:171:3f4 processing payload NATDISC
1-26: 17:30:11:171:3f4 Processing NatHash
1-26: 17:30:11:171:3f4 Nat hash 93aef6f297ac52493b4aae7eb9c96c75
1-26: 17:30:11:171:3f4 d2dbaae6
1-26: 17:30:11:171:3f4 SA StateMask2 8e
1-26: 17:30:11:171:3f4 ClearFragList
1-26: 17:30:11:171:3f4 constructing ISAKMP Header
1-26: 17:30:11:171:3f4 constructing KE
1-26: 17:30:11:171:3f4 constructing NONCE (ISAKMP)
1-26: 17:30:11:171:3f4 Constructing Cert Request
1-26: 17:30:11:171:3f4 CN=CA
1-26: 17:30:11:171:3f4 Constructing NatDisc
1-26: 17:30:11:171:3f4
1-26: 17:30:11:171:3f4 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:11:171:3f4 ISAKMP Header: (V1.0), len = 252
1-26: 17:30:11:171:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:11:171:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:11:171:3f4 exchange: Oakley Main Mode
1-26: 17:30:11:171:3f4 flags: 0
1-26: 17:30:11:171:3f4 next payload: KE
1-26: 17:30:11:171:3f4 message ID: 00000000
1-26: 17:30:11:171:3f4 Ports S:f401 D:f401
1-26: 17:30:12:46:b54 retransmit: sa = 00141050 centry 00000000 , count = 1
1-26: 17:30:12:46:b54
1-26: 17:30:12:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:12:46:b54 ISAKMP Header: (V1.0), len = 252
1-26: 17:30:12:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:12:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:12:46:b54 exchange: Oakley Main Mode
1-26: 17:30:12:46:b54 flags: 0
1-26: 17:30:12:46:b54 next payload: KE
1-26: 17:30:12:46:b54 message ID: 00000000
1-26: 17:30:12:46:b54 Ports S:f401 D:f401
1-26: 17:30:14:46:b54 retransmit: sa = 00141050 centry 00000000 , count = 2
1-26: 17:30:14:46:b54
1-26: 17:30:14:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:14:46:b54 ISAKMP Header: (V1.0), len = 252
1-26: 17:30:14:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:14:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:14:46:b54 exchange: Oakley Main Mode
1-26: 17:30:14:46:b54 flags: 0
1-26: 17:30:14:46:b54 next payload: KE
1-26: 17:30:14:46:b54 message ID: 00000000
1-26: 17:30:14:46:b54 Ports S:f401 D:f401
1-26: 17:30:18:46:b54 retransmit: sa = 00141050 centry 00000000 , count = 3
1-26: 17:30:18:46:b54
1-26: 17:30:18:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:18:46:b54 ISAKMP Header: (V1.0), len = 252
1-26: 17:30:18:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:18:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:18:46:b54 exchange: Oakley Main Mode
1-26: 17:30:18:46:b54 flags: 0
1-26: 17:30:18:46:b54 next payload: KE
1-26: 17:30:18:46:b54 message ID: 00000000
1-26: 17:30:18:46:b54 Ports S:f401 D:f401
1-26: 17:30:20:437:3f4
1-26: 17:30:20:437:3f4 Receive: (get) SA = 0x00141050 from 192.168.0.109.500
1-26: 17:30:20:437:3f4 ISAKMP Header: (V1.0), len = 1204
1-26: 17:30:20:437:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:20:437:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:20:437:3f4 exchange: Oakley Main Mode
1-26: 17:30:20:437:3f4 flags: 1 ( encrypted )
1-26: 17:30:20:437:3f4 next payload: ID
1-26: 17:30:20:437:3f4 message ID: 00000000
1-26: 17:30:20:437:3f4 processing payload ID
1-26: 17:30:20:437:3f4 processing payload CERT
1-26: 17:30:20:437:3f4 processing payload CRP
1-26: 17:30:20:437:3f4 CN=CA
1-26: 17:30:20:437:3f4 processing payload SIG
1-26: 17:30:20:437:3f4 Verifying CertStore
1-26: 17:30:20:437:3f4 SubjectName: CN=Fedora5, E=ladi at hatc.com
1-26: 17:30:20:437:3f4 Cert Serialnumber 090000000000f8248b61
1-26: 17:30:20:437:3f4 Cert SHA Thumbprint a7faed5bcf3ff9c88d09092e2cea76e9
1-26: 17:30:20:437:3f4 44140d34
1-26: 17:30:20:437:3f4 Cert Trustes. 0 100
1-26: 17:30:20:437:3f4 SubjectName: CN=Fedora5, E=ladi at hatc.com
1-26: 17:30:20:437:3f4 Cert Serialnumber 090000000000f8248b61
1-26: 17:30:20:437:3f4 Cert SHA Thumbprint a7faed5bcf3ff9c88d09092e2cea76e9
1-26: 17:30:20:437:3f4 44140d34
1-26: 17:30:20:437:3f4 SubjectName: CN=CA
1-26: 17:30:20:437:3f4 Cert Serialnumber cd1cc8453c44f84ebb5c750ed2101c37
1-26: 17:30:20:437:3f4
1-26: 17:30:20:437:3f4 Cert SHA Thumbprint 0edfdebb4e0de67ef04f2296c22d0a15
1-26: 17:30:20:437:3f4 a9d4b71f
1-26: 17:30:20:437:3f4 Not storing Peer's cert chain in SA.
1-26: 17:30:20:437:3f4 Cert SHA Thumbprint a7faed5bcf3ff9c88d09092e2cea76e9
1-26: 17:30:20:437:3f4 44140d34
1-26: 17:30:20:437:3f4 Entered CRL check
1-26: 17:30:20:468:3f4 Left CRL check
1-26: 17:30:20:468:3f4 Signature validated
1-26: 17:30:20:468:3f4 ClearFragList
1-26: 17:30:20:468:3f4 constructing ISAKMP Header
1-26: 17:30:20:468:3f4 constructing ID
1-26: 17:30:20:468:3f4 Looking for IPSec only cert
1-26: 17:30:20:468:3f4 Cert Trustes. 0 100
1-26: 17:30:20:468:3f4 Cert SHA Thumbprint b8e24951f3490e6e11a0f1c181606438
1-26: 17:30:20:468:3f4 91f0c987
1-26: 17:30:20:484:3f4 Entered CRL check
1-26: 17:30:20:500:3f4 Left CRL check
1-26: 17:30:20:500:3f4 Cert SHA Thumbprint b8e24951f3490e6e11a0f1c181606438
1-26: 17:30:20:500:3f4 91f0c987
1-26: 17:30:20:500:3f4 SubjectName: CN=Win2K3RC2Srv, E=ladi at hatc.com
1-26: 17:30:20:500:3f4 Cert Serialnumber 060000000000a24e2361
1-26: 17:30:20:500:3f4 Cert SHA Thumbprint b8e24951f3490e6e11a0f1c181606438
1-26: 17:30:20:500:3f4 91f0c987
1-26: 17:30:20:500:3f4 SubjectName: CN=CA
1-26: 17:30:20:500:3f4 Cert Serialnumber cd1cc8453c44f84ebb5c750ed2101c37
1-26: 17:30:20:500:3f4
1-26: 17:30:20:500:3f4 Cert SHA Thumbprint 0edfdebb4e0de67ef04f2296c22d0a15
1-26: 17:30:20:500:3f4 a9d4b71f
1-26: 17:30:20:500:3f4 Not storing My cert chain in SA.
1-26: 17:30:20:500:3f4 MM ID Type 9
1-26: 17:30:20:500:3f4 MM ID 3035311530130603550403130c57696e
1-26: 17:30:20:500:3f4 324b33524332537276311c301a06092a
1-26: 17:30:20:500:3f4 864886f70d010901160d6c6164694068
1-26: 17:30:20:500:3f4 6174632e636f6d
1-26: 17:30:20:500:3f4 constructing CERT
1-26: 17:30:20:500:3f4 Construct SIG
1-26: 17:30:20:500:3f4 MM established. SA: 00141050
1-26: 17:30:20:500:3f4
1-26: 17:30:20:500:3f4 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:20:500:3f4 ISAKMP Header: (V1.0), len = 1196
1-26: 17:30:20:500:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:20:500:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:20:500:3f4 exchange: Oakley Main Mode
1-26: 17:30:20:500:3f4 flags: 1 ( encrypted )
1-26: 17:30:20:500:3f4 next payload: ID
1-26: 17:30:20:500:3f4 message ID: 00000000
1-26: 17:30:20:500:3f4 Ports S:f401 D:f401
1-26: 17:30:21:46:b54 retransmit: sa = 00141050 centry 00000000 , count = 1
1-26: 17:30:21:46:b54
1-26: 17:30:21:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:21:46:b54 ISAKMP Header: (V1.0), len = 1196
1-26: 17:30:21:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:21:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:21:46:b54 exchange: Oakley Main Mode
1-26: 17:30:21:46:b54 flags: 1 ( encrypted )
1-26: 17:30:21:46:b54 next payload: ID
1-26: 17:30:21:46:b54 message ID: 00000000
1-26: 17:30:21:46:b54 Ports S:f401 D:f401
1-26: 17:30:23:46:b54 retransmit: sa = 00141050 centry 00000000 , count = 2
1-26: 17:30:23:46:b54
1-26: 17:30:23:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:23:46:b54 ISAKMP Header: (V1.0), len = 1196
1-26: 17:30:23:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:23:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:23:46:b54 exchange: Oakley Main Mode
1-26: 17:30:23:46:b54 flags: 1 ( encrypted )
1-26: 17:30:23:46:b54 next payload: ID
1-26: 17:30:23:46:b54 message ID: 00000000
1-26: 17:30:23:46:b54 Ports S:f401 D:f401
1-26: 17:30:27:46:b54 retransmit: sa = 00141050 centry 00000000 , count = 3
1-26: 17:30:27:46:b54
1-26: 17:30:27:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:27:46:b54 ISAKMP Header: (V1.0), len = 1196
1-26: 17:30:27:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:27:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:27:46:b54 exchange: Oakley Main Mode
1-26: 17:30:27:46:b54 flags: 1 ( encrypted )
1-26: 17:30:27:46:b54 next payload: ID
1-26: 17:30:27:46:b54 message ID: 00000000
1-26: 17:30:27:46:b54 Ports S:f401 D:f401
1-26: 17:30:35:46:b54 retransmit: sa = 00141050 centry 00000000 , count = 4
1-26: 17:30:35:46:b54
1-26: 17:30:35:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:35:46:b54 ISAKMP Header: (V1.0), len = 1196
1-26: 17:30:35:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:35:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:35:46:b54 exchange: Oakley Main Mode
1-26: 17:30:35:46:b54 flags: 1 ( encrypted )
1-26: 17:30:35:46:b54 next payload: ID
1-26: 17:30:35:46:b54 message ID: 00000000
1-26: 17:30:35:46:b54 Ports S:f401 D:f401
1-26: 17:30:40:281:3f4
1-26: 17:30:40:281:3f4 Receive: (get) SA = 0x00141050 from 192.168.0.109.500
1-26: 17:30:40:281:3f4 ISAKMP Header: (V1.0), len = 204
1-26: 17:30:40:281:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:40:281:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:40:281:3f4 exchange: Oakley Quick Mode
1-26: 17:30:40:281:3f4 flags: 1 ( encrypted )
1-26: 17:30:40:281:3f4 next payload: HASH
1-26: 17:30:40:281:3f4 message ID: be50330b
1-26: 17:30:40:281:3f4 processing HASH (QM)
1-26: 17:30:40:281:3f4 ClearFragList
1-26: 17:30:40:281:3f4 processing payload NONCE
1-26: 17:30:40:281:3f4 processing payload ID
1-26: 17:30:40:281:3f4 processing payload ID
1-26: 17:30:40:281:3f4 processing payload SA
1-26: 17:30:40:281:3f4 Negotiated Proxy ID: Src 192.168.0.109.3389 Dst 192.168.0.116.3389
1-26: 17:30:40:281:3f4 Checking Proposal 0: Proto= AH(2), num trans=2 Next=2
1-26: 17:30:40:281:3f4 Checking Transform # 0: ID=SHA(3)
1-26: 17:30:40:281:3f4 tunnel mode is Transport Mode(2)
1-26: 17:30:40:281:3f4 SA life type in seconds
1-26: 17:30:40:281:3f4 SA life duration 28800
1-26: 17:30:40:281:3f4 HMAC algorithm is SHA(2)
1-26: 17:30:40:281:3f4 Checking Transform # 1: ID=MD5(2)
1-26: 17:30:40:281:3f4 tunnel mode is Transport Mode(2)
1-26: 17:30:40:281:3f4 SA life type in seconds
1-26: 17:30:40:281:3f4 SA life duration 28800
1-26: 17:30:40:281:3f4 HMAC algorithm is MD5(1)
1-26: 17:30:40:281:3f4 Checking Proposal 0: Proto= ESP(3), num trans=1 Next=0
1-26: 17:30:40:281:3f4 Checking Transform # 0: ID=Triple DES CBC(3)
1-26: 17:30:40:281:3f4 tunnel mode is Transport Mode(2)
1-26: 17:30:40:281:3f4 SA life type in seconds
1-26: 17:30:40:281:3f4 SA life duration 28800
1-26: 17:30:40:281:3f4 Finding Responder Policy for SRC=192.168.0.109.3389 DST=192.168.0.116.3389, SRCMask=255.255.255.255, DSTMask=255.255.255.255, Prot=6 InTunnelEndpt 0 OutTunnelEndpt 0
1-26: 17:30:40:281:3f4 QM PolicyName: Require RDP Security dwFlags 0
1-26: 17:30:40:281:3f4 QMOffer[0] LifetimeKBytes 0 LifetimeSec 0
1-26: 17:30:40:281:3f4 QMOffer[0] dwFlags 0 dwPFSGroup 0
1-26: 17:30:40:281:3f4 Algo[0] Operation: AH Algo: MD5
1-26: 17:30:40:281:3f4 Phase 2 SA accepted: proposal=0 transform=1
1-26: 17:30:40:281:3f4 GetSpi: src = 192.168.0.109.3389, dst = 192.168.0.116.3389, proto = 06, context = 00000000, srcMask = 255.255.255.255, destMask = 255.255.255.255, TunnelFilter 0
1-26: 17:30:40:281:3f4 Setting SPI 3969546505
1-26: 17:30:40:281:3f4 constructing ISAKMP Header
1-26: 17:30:40:281:3f4 constructing HASH (null)
1-26: 17:30:40:281:3f4 constructing SA (IPSEC)
1-26: 17:30:40:281:3f4 constructing NONCE (IPSEC)
1-26: 17:30:40:281:3f4 constructing ID (proxy)
1-26: 17:30:40:281:3f4 constructing ID (proxy)
1-26: 17:30:40:281:3f4 constructing HASH (QM)
1-26: 17:30:40:281:3f4
1-26: 17:30:40:281:3f4 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:40:281:3f4 ISAKMP Header: (V1.0), len = 156
1-26: 17:30:40:281:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:40:281:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:40:281:3f4 exchange: Oakley Quick Mode
1-26: 17:30:40:281:3f4 flags: 3 ( encrypted commit )
1-26: 17:30:40:281:3f4 next payload: HASH
1-26: 17:30:40:281:3f4 message ID: be50330b
1-26: 17:30:40:281:3f4 Ports S:f401 D:f401
1-26: 17:30:41:46:b54 retransmit: sa = 00141050 centry 000DDE00 , count = 1
1-26: 17:30:41:46:b54
1-26: 17:30:41:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:41:46:b54 ISAKMP Header: (V1.0), len = 156
1-26: 17:30:41:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:41:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:41:46:b54 exchange: Oakley Quick Mode
1-26: 17:30:41:46:b54 flags: 3 ( encrypted commit )
1-26: 17:30:41:46:b54 next payload: HASH
1-26: 17:30:41:46:b54 message ID: be50330b
1-26: 17:30:41:46:b54 Ports S:f401 D:f401
1-26: 17:30:43:46:b54 retransmit: sa = 00141050 centry 000DDE00 , count = 2
1-26: 17:30:43:46:b54
1-26: 17:30:43:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:43:46:b54 ISAKMP Header: (V1.0), len = 156
1-26: 17:30:43:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:43:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:43:46:b54 exchange: Oakley Quick Mode
1-26: 17:30:43:46:b54 flags: 3 ( encrypted commit )
1-26: 17:30:43:46:b54 next payload: HASH
1-26: 17:30:43:46:b54 message ID: be50330b
1-26: 17:30:43:46:b54 Ports S:f401 D:f401
1-26: 17:30:47:46:b54 retransmit: sa = 00141050 centry 000DDE00 , count = 3
1-26: 17:30:47:46:b54
1-26: 17:30:47:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:47:46:b54 ISAKMP Header: (V1.0), len = 156
1-26: 17:30:47:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:47:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:47:46:b54 exchange: Oakley Quick Mode
1-26: 17:30:47:46:b54 flags: 3 ( encrypted commit )
1-26: 17:30:47:46:b54 next payload: HASH
1-26: 17:30:47:46:b54 message ID: be50330b
1-26: 17:30:47:46:b54 Ports S:f401 D:f401
1-26: 17:30:50:765:3f4
1-26: 17:30:50:765:3f4 Receive: (get) SA = 0x00141050 from 192.168.0.109.500
1-26: 17:30:50:765:3f4 ISAKMP Header: (V1.0), len = 68
1-26: 17:30:50:765:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:50:765:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:50:765:3f4 exchange: ISAKMP Informational Exchange
1-26: 17:30:50:765:3f4 flags: 1 ( encrypted )
1-26: 17:30:50:765:3f4 next payload: HASH
1-26: 17:30:50:765:3f4 message ID: 5686d8be
1-26: 17:30:50:765:3f4 processing HASH (Notify/Delete)
1-26: 17:30:50:765:3f4 processing payload NOTIFY
1-26: 17:30:50:765:3f4 notify: NO-PROPOSAL-CHOSEN
1-26: 17:30:50:765:3f4 isadb_set_status sa:00141050 centry:00000000 status 35ea
1-26: 17:30:52:531:3f4
1-26: 17:30:52:531:3f4 Receive: (get) SA = 0x00141050 from 192.168.0.109.500
1-26: 17:30:52:531:3f4 ISAKMP Header: (V1.0), len = 68
1-26: 17:30:52:531:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:52:531:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:52:531:3f4 exchange: ISAKMP Informational Exchange
1-26: 17:30:52:531:3f4 flags: 1 ( encrypted )
1-26: 17:30:52:531:3f4 next payload: HASH
1-26: 17:30:52:531:3f4 message ID: 2259731c
1-26: 17:30:52:531:3f4 processing HASH (Notify/Delete)
1-26: 17:30:52:531:3f4 processing payload NOTIFY
1-26: 17:30:52:531:3f4 notify: INVALID-MESSAGE-ID
1-26: 17:30:52:531:3f4 Unknown Notify Message 9
1-26: 17:30:53:890:3f4
1-26: 17:30:53:890:3f4 Receive: (get) SA = 0x00141050 from 192.168.0.109.500
1-26: 17:30:53:890:3f4 ISAKMP Header: (V1.0), len = 68
1-26: 17:30:53:890:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:53:890:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:53:890:3f4 exchange: ISAKMP Informational Exchange
1-26: 17:30:53:890:3f4 flags: 1 ( encrypted )
1-26: 17:30:53:890:3f4 next payload: HASH
1-26: 17:30:53:890:3f4 message ID: af487c55
1-26: 17:30:53:890:3f4 processing HASH (Notify/Delete)
1-26: 17:30:53:906:3f4 processing payload NOTIFY
1-26: 17:30:53:906:3f4 notify: INVALID-MESSAGE-ID
1-26: 17:30:53:906:3f4 Unknown Notify Message 9
1-26: 17:30:55:46:b54 retransmit: sa = 00141050 centry 000DDE00 , count = 4
1-26: 17:30:55:46:b54
1-26: 17:30:55:46:b54 Sending: SA = 0x00141050 to 192.168.0.109:Type 2.500
1-26: 17:30:55:46:b54 ISAKMP Header: (V1.0), len = 156
1-26: 17:30:55:46:b54 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:55:46:b54 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:55:46:b54 exchange: Oakley Quick Mode
1-26: 17:30:55:46:b54 flags: 3 ( encrypted commit )
1-26: 17:30:55:46:b54 next payload: HASH
1-26: 17:30:55:46:b54 message ID: be50330b
1-26: 17:30:55:46:b54 Ports S:f401 D:f401
1-26: 17:30:55:187:3f4
1-26: 17:30:55:187:3f4 Receive: (get) SA = 0x00141050 from 192.168.0.109.500
1-26: 17:30:55:187:3f4 ISAKMP Header: (V1.0), len = 68
1-26: 17:30:55:187:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:55:187:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:55:187:3f4 exchange: ISAKMP Informational Exchange
1-26: 17:30:55:187:3f4 flags: 1 ( encrypted )
1-26: 17:30:55:187:3f4 next payload: HASH
1-26: 17:30:55:187:3f4 message ID: d6a21d58
1-26: 17:30:55:187:3f4 processing HASH (Notify/Delete)
1-26: 17:30:55:187:3f4 processing payload NOTIFY
1-26: 17:30:55:187:3f4 notify: INVALID-MESSAGE-ID
1-26: 17:30:55:187:3f4 Unknown Notify Message 9
1-26: 17:30:56:437:3f4
1-26: 17:30:56:437:3f4 Receive: (get) SA = 0x00141050 from 192.168.0.109.500
1-26: 17:30:56:437:3f4 ISAKMP Header: (V1.0), len = 68
1-26: 17:30:56:437:3f4 I-COOKIE b06d27f6f5046b6d
1-26: 17:30:56:437:3f4 R-COOKIE 00fce1d18e1179a3
1-26: 17:30:56:437:3f4 exchange: ISAKMP Informational Exchange
1-26: 17:30:56:437:3f4 flags: 1 ( encrypted )
1-26: 17:30:56:437:3f4 next payload: HASH
1-26: 17:30:56:437:3f4 message ID: 89afb6e3
1-26: 17:30:56:437:3f4 processing HASH (Notify/Delete)
1-26: 17:30:56:437:3f4 processing payload NOTIFY
1-26: 17:30:56:437:3f4 notify: INVALID-MESSAGE-ID
1-26: 17:30:56:437:3f4 Unknown Notify Message 9
Thanks in advance,
Vladimir
====================
If you can't be a highway, be a trail. If you can't be the sun, be a star. It is not by size, that you win or fail. Be the best of what you are!
____________________________________________________________________________________
It's here! Your new message!
Get new email alerts with the free Yahoo! Toolbar.
http://tools.search.yahoo.com/toolbar/features/mail/
More information about the Users
mailing list