[Openswan Users] vista AuthIP
Marco Berizzi
pupilla at hotmail.com
Mon Sep 10 09:11:51 EDT 2007
Jacco de Leeuw wrote:
> Paul wrote:
>
> > Show us the logs on the openswan end.
> > And preferable the OAKLEY.LOG on the windows end.
Here is (thanks Jacco for the tips on your web page)
[0]0394.0FD0::01/01/1601-02:03:07.543 [ikeext]Creating V4 socket
directly on MS base provider. Bypassing LSPs
[0]0394.0FD0::01/01/1601-02:03:07.543 [ikeext]Creating V4 socket
directly on MS base provider. Bypassing LSPs
[0]0394.0FD0::01/01/1601-02:03:07.543 [ikeext]Creating V6 socket
directly on MS base provider. Bypassing LSPs
[1]0394.0FD0::01/01/1601-02:03:07.544 [user]WfpAuditOnAuditFlagsChange:
New flags = 0xFFFFFF80.
[0]0394.0FD0::01/01/1601-02:03:07.546 [ikeext]Setting threadpool max
thread limit to 10
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Subscribing as diagnostics
event provider
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Subscribing for MM V4
filter notifications
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Subscribing for MM V6
filter notifications
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Subscribing for QM V4
filter notifications
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Subscribing for QM V6
filter notifications
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Subscribing for IKE MM
policy notifications
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Subscribing for Authip MM
policy notifications
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Subscribing for IKE QM
transport policy notifications
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Subscribing for IKE QM
tunnel policy notifications
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Subscribing for Authip QM
transport policy notifications
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Subscribing for Authip QM
tunnel policy notifications
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Registering IKE keying
module
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Registering Authip keying
module
[1]0394.0FD0::01/01/1601-02:03:07.547 [ikeext]Starting the Receive
thread
[1]0394.0FD0::01/01/1601-02:03:07.548 [ikeext]RPC server has started
[1]0394.0FD0::01/01/1601-02:03:07.548 [ikeext]Product version
6.0.6000.16386 (vista_rtm.061101-2205)
[1]0394.0FD0::01/01/1601-02:03:07.548 [user]Event handled successfully.
[1]0394.0FD0::01/01/1601-02:03:07.548 [user]Changing state of IkeExt
service to RUNNING
[1]0394.0538::01/01/1601-02:03:07.549
[ikeext]IkeRegConfigChangeNotifyCallback invoked
[1]0394.0D30::01/01/1601-02:03:09.870 [ikeext]Received MM filter change
notification. Filter ID 65888
[1]0394.0D30::01/01/1601-02:03:09.870 [ikeext]Received MM filter change
notification. Filter ID 65911
[1]0394.0D30::01/01/1601-02:03:09.870 [ikeext]Received QM filter change
notification. Filter ID 65901
[1]0394.0D30::01/01/1601-02:03:09.870 [ikeext]Received QM filter change
notification. Filter ID 65912
[1]0394.0910::01/01/1601-02:03:09.870 [ikeext]Processing policy change,
type 1
[1]0394.0910::01/01/1601-02:03:09.871 [ikeext]Processing policy change,
type 1
[1]0394.0910::01/01/1601-02:03:09.871 [ikeext]Processing policy change,
type 3
[1]0394.0910::01/01/1601-02:03:09.871 [ikeext]Processing policy change,
type 3
[1]0394.0D30::01/01/1601-02:03:09.871 [ikeext]Received MM policy change
notification. Policy ID 17
[1]0394.0D30::01/01/1601-02:03:09.871 [ikeext]Received MM policy change
notification. Policy ID 19
[1]0394.0D30::01/01/1601-02:03:09.871 [ikeext]Received QM policy change
notification. Policy ID 16
[1]0394.0D30::01/01/1601-02:03:09.871 [ikeext]Received QM policy change
notification. Policy ID 18
[0]0394.09C8::01/01/1601-02:03:09.871 [ikeext]Processing policy change,
type 0
[1]0394.0910::01/01/1601-02:03:09.873 [ikeext]Processing policy change,
type 0
[1]0394.0910::01/01/1601-02:03:09.873 [ikeext]Processing policy change,
type 2
[1]0394.0910::01/01/1601-02:03:09.873 [ikeext]Processing policy change,
type 2
[0]0394.07BC::01/01/1601-02:03:10.824 [ikeext]
[0]0394.07BC::01/01/1601-02:03:10.824 [ikeext]Received IKE Acquire
Acquire context 4
Local address: 151.25.39.247
Remote address: openswan ip public address
Mode: Tunnel Mode
Filter ID: 0x8000000000000016
Remote Port: 0x0000
Flags: 0x00000000
[0]0394.07BC::01/01/1601-02:03:10.824 [ikeext]
[0]0394.07BC::01/01/1601-02:03:10.824 [ikeext]Received AUTHIP Acquire
Acquire context 4
Local address: 151.25.39.247
Remote address: openswan ip public address
Mode: Tunnel Mode
Filter ID: 0x8000000000000016
Remote Port: 0x0000
Flags: 0x00000000
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]Processing acquire with
ipsec context 4, keyMod 0
[0]0394.09C4::01/01/1601-02:03:10.824 [ikeext]Processing acquire with
ipsec context 4, keyMod 1
[0]0394.09C4::01/01/1601-02:03:10.824 [ikeext]QM localAddr:
151.25.39.247.0 Protocol 0
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]QM localAddr:
151.25.39.247.0 Protocol 0
[0]0394.09C4::01/01/1601-02:03:10.824 [ikeext]QM peerAddr: 172.16.0.0.0
Mask 255.255.254.0 Protocol 0
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]QM peerAddr: 172.16.0.0.0
Mask 255.255.254.0 Protocol 0
[0]0394.09C4::01/01/1601-02:03:10.824 [ikeext]Acquire flags 1
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]Acquire flags 1
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]Peer State 0
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]IkeBeginMMInitiator:
Setting acquire 03400C50 as prime acquire for MM SA 03400048
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]Looking up MM policy for
IKE
[1]0394.09C4::01/01/1601-02:03:10.824 [ikeext]Acquire not compatible.
Wrong key module, 03400048
[1]0394.09C4::01/01/1601-02:03:10.824 [ikeext]Acquire not compatible.
Wrong key module, 03400048
[1]0394.09C4::01/01/1601-02:03:10.824 [ikeext]Peer State 0
[1]0394.09C4::01/01/1601-02:03:10.824 [ikeext]Acquire not compatible.
Wrong key module, 03400048
[1]0394.09C4::01/01/1601-02:03:10.824 [ikeext]Acquire not compatible.
Wrong key module, 03400048
[1]0394.09C4::01/01/1601-02:03:10.824 [ikeext]IkeBeginMMInitiator:
Setting acquire 03400D20 as prime acquire for MM SA 034004E8
[1]0394.09C4::01/01/1601-02:03:10.824 [ikeext]Looking up MM policy for
AUTHIP
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]Policy
GUID: {c4b12f42-6802-4619-a203-932e5692741d}
LUID: 0x8000000000000015
Name: {FA34B1BD-0105-42F4-9C14-90E13CCF05F3}:osw
Description: (null)
Flags: 0x00000000
Provider: <unspecified>
Provider data:
Type: IKE Main Mode
Soft expiry: 0
InitiatorImpersonationType: None
Auth methods: 1
-- 0 --
Type: Certificate
Inbound config:
Type: Allow explicit trust list
Number of explicit roots: 1
Name: IT, Venezia, Marcon, company S.p.A., I & O, company,
postmaster at company.it
Flags: 0x00000000
Outbound config:
Type: Allow explicit trust list
Number of explicit roots: 1
Name: IT, Venezia, Marcon, company S.p.A., I & O, company,
postmaster at company.it
Flags: 0x00000000
Cert auth flags: 0x00000002
Disable CRL check
Proposals: 2
-- 0 --
Cipher algorithm:
Type: AES-128
Key length: 0
Rounds: 0
Integrity algorithm:
Type: SHA1
Max lifetime (sec): 28800
DH group: 2
QM limit: 0
-- 1 --
Cipher algorithm:
Type: 3DES
Key length: 0
Rounds: 0
Integrity algorithm:
Type: SHA1
Max lifetime (sec): 28800
DH group: 2
QM limit: 0
Flags: 0x00000000
MaxDynamicFilters: 0
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]Construct IKEHeader
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]Initializing Kerberos SSPI
[1]0394.09C8::01/01/1601-02:03:10.824 [user]IkeFindAuthConfig failed
with Windows error 87(ERROR_INVALID_PARAMETER)
[1]0394.09C8::01/01/1601-02:03:10.824 [user]IkeFindAuthConfig failed
with HRESULT 0x80070057(ERROR_INVALID_PARAMETER)
[1]0394.09C8::01/01/1601-02:03:10.824 [user]IkeDetermineSspiInfo failed
with HRESULT 0x80070057(ERROR_INVALID_PARAMETER)
[1]0394.09C8::01/01/1601-02:03:10.824 [user]IkeCreateSspiIke failed with
HRESULT 0x80070057(ERROR_INVALID_PARAMETER)
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]WFP free sspi 03400390
[1]0394.09C8::01/01/1601-02:03:10.824 [user]IkeGetSspiContext failed
with HRESULT 0x80070057(ERROR_INVALID_PARAMETER)
[1]0394.09C8::01/01/1601-02:03:10.824 [ikeext]Construct SA
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Policy
GUID: {9ac6eef6-484b-4b25-839f-906f4a76543b}
LUID: 0x8000000000000017
Name: {FA34B1BD-0105-42F4-9C14-90E13CCF05F3}:osw
Description: (null)
Flags: 0x00000000
Provider: <unspecified>
Provider data:
Type: AuthIP Main Mode
Soft expiry: 0
InitiatorImpersonationType: None
Auth methods: 1
-- 0 --
Type: SSL
Inbound config:
Type: Allow explicit trust list
Number of explicit roots: 1
Name: IT, Venezia, Marcon, company S.p.A., I & O, company,
postmaster at company.it
Flags: 0x00000000
Outbound config:
Type: Allow explicit trust list
Number of explicit roots: 1
Name: IT, Venezia, Marcon, company S.p.A., I & O, company,
postmaster at company.it
Flags: 0x00000000
Cert auth flags: 0x0000000a
Disable CRL check
Disable SSL cert validation
Proposals: 2
-- 0 --
Cipher algorithm:
Type: AES-128
Key length: 0
Rounds: 0
Integrity algorithm:
Type: SHA1
Max lifetime (sec): 28800
DH group: None
QM limit: 0
-- 1 --
Cipher algorithm:
Type: 3DES
Key length: 0
Rounds: 0
Integrity algorithm:
Type: SHA1
Max lifetime (sec): 28800
DH group: None
QM limit: 0
Flags: 0x00000000
MaxDynamicFilters: 0
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Initiator exchange type 6
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct IKEHeader
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct CRYPTO
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct SA
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct Auth
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct NONCE
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type MS
NT5 ISAKMPOAKLEY
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type RFC
3947
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type
FRAGMENTATION
[0]0394.09C8::01/01/1601-02:03:10.825 [ikeext]AUTHIP keying module is
enabled for traffic
[0]0394.09C8::01/01/1601-02:03:10.825 [ikeext]IKE sending co-existence
Vendor ID
[0]0394.09C8::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type
MS-MamieExists
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type
MS-Negotiation Discovery Capable
[0]0394.09C8::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type MS
NT5 ISAKMPOAKLEY
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type
Vid-Initial-Contact
[0]0394.09C8::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type RFC
3947
[0]0394.09C8::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type
draft-ietf-ipsec-nat-t-ike-02
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct NatDisc
[0]0394.09C8::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type
FRAGMENTATION
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Construct NatDisc
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]UpdateCumulativeHash
[0]0394.09C8::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type
MS-Negotiation Discovery Capable
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Sending Packet
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Exchange type: Authip Main
Mode Length 336 NextPayload CRYPTO Flags 0 Messid 0x00000000
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C4::01/01/1601-02:03:10.825 [ikeext]Global IF index epoch
( 1) higher than cache epoch ( 0). Obtaining
IF index from stack.
[0]0394.09C8::01/01/1601-02:03:10.825 [ikeext]Construct VENDOR type
Vid-Initial-Contact
[0]0394.09C8::01/01/1601-02:03:10.826 [ikeext]Construct VENDOR type IKE
CGA version 1
[0]0394.09C8::01/01/1601-02:03:10.826 [ikeext]
[0]0394.09C8::01/01/1601-02:03:10.826 [ikeext]Sending Packet
[0]0394.09C8::01/01/1601-02:03:10.826 [ikeext]iCookie 97e1f4f8816a65b0
rCookie 0000000000000000
[0]0394.09C8::01/01/1601-02:03:10.826 [ikeext]Exchange type: IKE Main
Mode Length 288 NextPayload SA Flags 0 Messid 0x00000000
[0]0394.09C8::01/01/1601-02:03:10.826 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[0]0394.09C8::01/01/1601-02:03:10.826 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[0]0394.09C8::01/01/1601-02:03:10.826 [ikeext]Global IF index epoch
( 1) higher than cache epoch ( 0). Obtaining
IF index from stack.
[1]0394.09C4::01/01/1601-02:03:10.826 [ikeext]Created new TimerContext
03400DF0, type 0
[0]0394.09C8::01/01/1601-02:03:10.826 [ikeext]Created new TimerContext
03400A18, type 0
[1]0394.09C8::01/01/1601-02:03:10.944 [ikeext]
[1]0394.09C8::01/01/1601-02:03:10.944 [ikeext]Received packet
[1]0394.09C8::01/01/1601-02:03:10.944 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:10.944 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:10.944 [ikeext]iCookie 97e1f4f8816a65b0
rCookie afdac4af47069611
[1]0394.09C8::01/01/1601-02:03:10.944 [ikeext]Exchange type: IKE Main
Mode Length 144 NextPayload SA Flags 0 Messid 0x00000000
[1]0394.09C8::01/01/1601-02:03:10.944 [ikeext]mmSa: 0x03400048
[1]0394.09C8::01/01/1601-02:03:10.944 [ikeext]Process Payload VENDOR ID,
SA 03400048
[1]0394.09C8::01/01/1601-02:03:10.944 [ikeext]Process Payload VENDOR ID,
SA 03400048
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]Process Payload VENDOR ID,
SA 03400048
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]Received Vendor ID type:
RFC 3947
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]Process Payload SA, SA
03400048
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]MM transform num: 1
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]OAK_ENCR_ALG: 7
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]OAK_KEY_LENGTH: 128
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]OAK_HASH_ALG: 2
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]OAK_GROUP_DESC: 2
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]OAK_AUTH_METHOD: 3
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]OAK_LIFE_TYPE: 1
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]OAK_LIFE_DUR: 28800
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]Accepted proposal. Trans:
1
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]Ignoring port float.
Incoming packet not on 4500
[1]0394.09C8::01/01/1601-02:03:10.945 [ikeext]Construct IKEHeader
[1]0394.09C8::01/01/1601-02:03:10.958 [ikeext]Construct KE
[1]0394.09C8::01/01/1601-02:03:10.958 [ikeext]Construct NONCE
[1]0394.09C8::01/01/1601-02:03:10.958 [ikeext]Construct NatDisc
[1]0394.09C8::01/01/1601-02:03:10.958 [ikeext]Construct NatDisc
[1]0394.09C8::01/01/1601-02:03:10.958 [ikeext]
[1]0394.09C8::01/01/1601-02:03:10.958 [ikeext]Sending Packet
[1]0394.09C8::01/01/1601-02:03:10.958 [ikeext]iCookie 97e1f4f8816a65b0
rCookie afdac4af47069611
[1]0394.09C8::01/01/1601-02:03:10.958 [ikeext]Exchange type: IKE Main
Mode Length 260 NextPayload KE Flags 0 Messid 0x00000000
[1]0394.09C8::01/01/1601-02:03:10.958 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:10.958 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:10.958 [ikeext]Updating TimerContext
03400A18
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]Received packet
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]iCookie 97e1f4f8816a65b0
rCookie afdac4af47069611
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]Exchange type: IKE Main
Mode Length 228 NextPayload KE Flags 0 Messid 0x00000000
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]mmSa: 0x03400048
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]Process Payload KE, SA
03400048
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]Process Payload NONCE, SA
03400048
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]Process Payload NATDISC,
SA 03400048
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]Process Payload NATDISC,
SA 03400048
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]Ignoring port float.
Incoming packet not on 4500
[1]0394.09C8::01/01/1601-02:03:11.067 [ikeext]Construct IKEHeader
[1]0394.09C8::01/01/1601-02:03:11.072 [ikeext]Constructing local cert
chain
[1]0394.09C8::01/01/1601-02:03:11.072 [ikeext]Trying WITHOUT taking into
account CRPs
[1]0394.09C8::01/01/1601-02:03:11.072 [ikeext]LOOKING FOR: a NAP cert
chain
[1]0394.09C8::01/01/1601-02:03:11.074 [ikeext]Dumping Chain:
[1]0394.09C8::01/01/1601-02:03:11.074 [ikeext]cert name: A L
[1]0394.09C8::01/01/1601-02:03:11.074 [ikeext]cert hash:
a5c2e52a7523dbc97a48c972715b0a8614931850
[1]0394.09C8::01/01/1601-02:03:11.074 [ikeext]cert name: Openswan
[1]0394.09C8::01/01/1601-02:03:11.074 [ikeext]cert hash:
1bbe3738c96b493d45345067d8ff2862c235d31e
[1]0394.09C8::01/01/1601-02:03:11.074 [ikeext]Cert chain didn't match
the CA names specified in the policy
[1]0394.09C8::01/01/1601-02:03:11.074 [user]IkeCompareChainWithTrustList
failed with Windows error WINERROR= 363F
[1]0394.09C8::01/01/1601-02:03:11.079 [ikeext]Dumping Chain:
[1]0394.09C8::01/01/1601-02:03:11.079 [ikeext]cert name: O C
[1]0394.09C8::01/01/1601-02:03:11.079 [ikeext]cert hash:
02b00932540552af00250fa683f5fa6281a4af9b
[1]0394.09C8::01/01/1601-02:03:11.079 [ikeext]cert name: company
[1]0394.09C8::01/01/1601-02:03:11.079 [ikeext]cert hash:
93f7a7186190d28b2b3a7107550e722fa1fca9ac
[1]0394.09C8::01/01/1601-02:03:11.079 [ikeext]Doing BASE CAPI
verification
[1]0394.09C8::01/01/1601-02:03:11.079 [ikeext]CertFindExtension failed
with 0. This is OK as it means all Key usages are valid
[1]0394.0D30::01/01/1601-02:03:11.182 [ikeext]retransmitting MM packet,
count 1: context 03400DF0
[1]0394.0D30::01/01/1601-02:03:11.182 [ikeext]
[1]0394.0D30::01/01/1601-02:03:11.182 [ikeext]Sending Packet
[1]0394.0D30::01/01/1601-02:03:11.182 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[1]0394.0D30::01/01/1601-02:03:11.182 [ikeext]Exchange type: Authip Main
Mode Length 336 NextPayload CRYPTO Flags 0 Messid 0x00000000
[1]0394.0D30::01/01/1601-02:03:11.182 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.0D30::01/01/1601-02:03:11.182 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[0]0394.09C4::01/01/1601-02:03:11.268 [ikeext]
[0]0394.09C4::01/01/1601-02:03:11.268 [ikeext]Received packet
[0]0394.09C4::01/01/1601-02:03:11.268 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[0]0394.09C4::01/01/1601-02:03:11.268 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[0]0394.09C4::01/01/1601-02:03:11.268 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[0]0394.09C4::01/01/1601-02:03:11.268 [ikeext]Exchange type: IKE
Informational Mode Length 40 NextPayload NOTIFY Flags 0 Messid
0x00000000
[0]0394.09C4::01/01/1601-02:03:11.268 [ikeext]mmSa: 0x034004E8
[0]0394.09C4::01/01/1601-02:03:11.268 [user]IkeVerifyExchTypeForMMSa
failed with Windows error 13824(ERROR_IPSEC_IKE_INVALID_HEADER)
[0]0394.09C4::01/01/1601-02:03:11.268 [user]IkeVerifyExchTypeForMMSa
failed with HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[0]0394.09C4::01/01/1601-02:03:11.268 [user]IkeProcessPacket failed with
HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[0]0394.09C8::01/01/1601-02:03:11.268 [ikeext]Policy for chain root
doesn't require NAP cert, rejecting chain
[0]0394.09C8::01/01/1601-02:03:11.268 [user]IkeFindLocalCertChainHelper
failed with Windows error 13806(ERROR_IPSEC_IKE_NO_CERT)
[0]0394.09C8::01/01/1601-02:03:11.268 [ikeext]LOOKING FOR: an IPsec EKU
cert chain
[0]0394.09C8::01/01/1601-02:03:11.269 [ikeext]Dumping Chain:
[0]0394.09C8::01/01/1601-02:03:11.269 [ikeext]cert name: A L
[0]0394.09C8::01/01/1601-02:03:11.269 [ikeext]cert hash:
a5c2e52a7523dbc97a48c972715b0a8614931850
[0]0394.09C8::01/01/1601-02:03:11.269 [ikeext]cert name: Openswan
[0]0394.09C8::01/01/1601-02:03:11.269 [ikeext]cert hash:
1bbe3738c96b493d45345067d8ff2862c235d31e
[0]0394.09C8::01/01/1601-02:03:11.269 [ikeext]Cert chain didn't match
the CA names specified in the policy
[0]0394.09C8::01/01/1601-02:03:11.269 [user]IkeCompareChainWithTrustList
failed with Windows error WINERROR= 363F
[0]0394.09C8::01/01/1601-02:03:11.270 [ikeext]Dumping Chain:
[0]0394.09C8::01/01/1601-02:03:11.270 [ikeext]cert name: O C
[0]0394.09C8::01/01/1601-02:03:11.270 [ikeext]cert hash:
02b00932540552af00250fa683f5fa6281a4af9b
[0]0394.09C8::01/01/1601-02:03:11.270 [ikeext]cert name: company
[0]0394.09C8::01/01/1601-02:03:11.270 [ikeext]cert hash:
93f7a7186190d28b2b3a7107550e722fa1fca9ac
[0]0394.09C8::01/01/1601-02:03:11.270 [ikeext]Doing BASE CAPI
verification
[0]0394.09C8::01/01/1601-02:03:11.270 [ikeext]CertFindExtension failed
with 0. This is OK as it means all Key usages are valid
[0]0394.09C8::01/01/1601-02:03:11.272 [ikeext]Local cert chain passed
validity checks
[0]0394.09C8::01/01/1601-02:03:11.274 [ikeext]Cert lifetime in seconds
low 42775913, high 0
[0]0394.09C8::01/01/1601-02:03:11.274 [ikeext]Construct MM ID
[0]0394.09C8::01/01/1601-02:03:11.274 [ikeext]Construct CERT
[0]0394.09C8::01/01/1601-02:03:11.292 [ikeext]Construct SIG
[0]0394.09C8::01/01/1601-02:03:11.292 [ikeext]Construct CERT REQUEST
[0]0394.09C8::01/01/1601-02:03:11.292 [ikeext]
[0]0394.09C8::01/01/1601-02:03:11.292 [ikeext]Sending Packet
[0]0394.09C8::01/01/1601-02:03:11.292 [ikeext]iCookie 97e1f4f8816a65b0
rCookie afdac4af47069611
[0]0394.09C8::01/01/1601-02:03:11.292 [ikeext]Exchange type: IKE Main
Mode Length 1948 NextPayload ID Flags 1 Messid 0x00000000
[0]0394.09C8::01/01/1601-02:03:11.292 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[0]0394.09C8::01/01/1601-02:03:11.292 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[0]0394.09C8::01/01/1601-02:03:11.292 [ikeext]Updating TimerContext
03400A18
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Received packet
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]iCookie 97e1f4f8816a65b0
rCookie afdac4af47069611
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Exchange type: IKE Main
Mode Length 1628 NextPayload ID Flags 1 Messid 0x00000000
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]mmSa: 0x03400048
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Process Payload MM ID, SA
03400048
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Process Payload CERT, SA
03400048
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Process Payload SIG, SA
03400048
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Verifying peer cert chain
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Dumping Chain:
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]cert name: FreeS/WAN
Venice Gateway
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]cert hash:
cc410457f3d8b06a9998c4063c9303b6f57ea60b
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]cert name: company
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]cert hash:
93f7a7186190d28b2b3a7107550e722fa1fca9ac
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Doing BASE CAPI
verification
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]CertFindExtension failed
with 0. This is OK as it means all Key usages are valid
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Peer cert chain passed
validity checks
[1]0394.09C8::01/01/1601-02:03:11.678 [ikeext]Cert lifetime in seconds
low 107465234, high 0
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Destroying TimerContext
03400A18, type 0
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]TimerContext 03400A18, Old
ref 2
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]TimerContext 03400A18, Old
ref 1
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Freeing TimerContext
03400A18
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Scheduling MM lifetime
expiry for SA 03400048, secs 28800
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Created new TimerContext
03400A08, type 3
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Ignoring port float.
Incoming packet not on 4500
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Construct IKEHeader
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Looking up QM policy for
IKE
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]QM localAddr:
151.25.39.247.0 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]QM peerAddr: 172.16.0.0.0
Mask 255.255.254.0 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Policy
GUID: {ca2be146-c167-4249-8202-0892f0ba448c}
LUID: 0x8000000000000014
Name: {FA34B1BD-0105-42F4-9C14-90E13CCF05F3}:osw
Description: (null)
Flags: 0x00000000
Provider: <unspecified>
Provider data:
Type: IKE Quick Mode Tunnel
Proposals: 1
-- 0 --
Lifetime:
Seconds: 3600
Kilobytes: 100000
Packets: 2147483647
PFS group: MM
SA transforms: 1
-- 0 --
Type: ESP-Auth & Cipher
Auth transform:
Type: MD5
Config: HMAC-MD5-96
Crypto module: <unspecified>
Cipher transform:
Type: 3DES
Config: CBC-3DES
Crypto module: <unspecified>
Flags: 0x00000000
Local tunnelEndpoint: 151.25.39.247
Remote tunnelEndpoint: openswan ip public address
Normal idle timeout (seconds): 300
Idle timeout in case of failover (seconds): 60
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Create QMSA: qmSA 03400FE8
messId 1
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]IkeBeginQMInitiator:
acquire 03400C50 being handed off to QM 03400FE8
[1]0394.09C8::01/01/1601-02:03:11.679 [ikeext]GetSpi
SA context 4
Local address: 151.25.39.247
Remote address: openswan ip public address
Mode: Tunnel Mode
Filter ID: 0x8000000000000014
Remote Port: 0x0000
[0]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Got SPI from BFE
1396661596
[0]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Local address:
151.25.39.247.0 Protocol 0
[0]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Peer address: 172.16.0.0.0
Mask 255.255.254.0 Protocol 0
[0]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Construct IKEHeader
[0]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Construct HASH
[0]0394.09C8::01/01/1601-02:03:11.679 [ikeext]Construct SA
[0]0394.09C8::01/01/1601-02:03:11.692 [ikeext]Construct KE
[0]0394.09C8::01/01/1601-02:03:11.692 [ikeext]Construct NONCE
[0]0394.09C8::01/01/1601-02:03:11.692 [ikeext]Construct ID
[0]0394.09C8::01/01/1601-02:03:11.692 [ikeext]Construct ID
[0]0394.09C8::01/01/1601-02:03:11.692 [ikeext]
[0]0394.09C8::01/01/1601-02:03:11.692 [ikeext]Sending Packet
[0]0394.09C8::01/01/1601-02:03:11.692 [ikeext]iCookie 97e1f4f8816a65b0
rCookie afdac4af47069611
[0]0394.09C8::01/01/1601-02:03:11.692 [ikeext]Exchange type: IKE Quick
Mode Length 348 NextPayload HASH Flags 1 Messid 0x00000001
[0]0394.09C8::01/01/1601-02:03:11.692 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[0]0394.09C8::01/01/1601-02:03:11.692 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[0]0394.09C8::01/01/1601-02:03:11.692 [ikeext]Created new TimerContext
034012B0, type 4
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Received packet
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]iCookie 97e1f4f8816a65b0
rCookie afdac4af47069611
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Exchange type: IKE Quick
Mode Length 300 NextPayload HASH Flags 1 Messid 0x00000001
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]mmSa: 0x03400048
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Processing QM. MM
03400048 QM 03400FE8
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Process Payload HASH, SA
03400048 QM 03400FE8
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Process Payload ID, SA
03400048 QM 03400FE8
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Process Payload ID, SA
03400048 QM 03400FE8
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Process Payload SA, SA
03400048 QM 03400FE8
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]QM propNum 1, transformNum
0, peerSpi 3614818537
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]QM transNum 1
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]PROTO: ESP Algo 3
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]IPSEC_ENCAPSULATION_MODE:
1
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]IPSEC_HMAC_ALG: 1
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]IPSEC_GROUP_DESC: 2
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]IPSEC_LIFE_TYPE: 1
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]IPSEC_LIFE_DUR: 3600
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]IPSEC_LIFE_TYPE: 2
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]IPSEC_LIFE_DUR: 100000
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Accepted proposal. Prop:
1 trans: 1
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Process Payload KE, SA
03400048, QM 03400FE8
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Process Payload NONCE, SA
03400048 QM 03400FE8
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Construct IKEHeader
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Construct HASH
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Adding inbound SA. mmSa
03400048 qmSa 03400FE8
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Local Address:
151.25.39.247.0 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.825 [ikeext]Peer Address: 172.16.0.0.0
Mask 255.255.254.0 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.829 [ikeext]PFS enabled for qmSa
03400FE8
[1]0394.09C8::01/01/1601-02:03:11.829 [ikeext]AddImpersonateHash
02A3E648 entryCount 1 isImpersonate 0
[1]0394.09C8::01/01/1601-02:03:11.829 [ikeext]SA context
4
[1]0394.09C8::01/01/1601-02:03:11.830 [ikeext]SA bundle
Flags: 0x00000280
Bypass explicit credential handle match
Allow null target name match
Lifetime:
Seconds: 3600
Kilobytes: 100000
Packets: 2147483647
Idle timeout (sec): 300
ND clear timeout (sec): 0
NAP context: 0
QM SA ID: 2830744647
SAs: 1
-- 0 --
SPI: 1396661596
Transform: ESP-Auth & Cipher
Auth information:
Type: MD5
Config: HMAC-MD5-96
Crypto module: <unspecified>
Cipher information:
Type: 3DES
Config: CBC-3DES
Crypto module: <unspecified>
Key module state:
GUID: {a9bbf787-82a8-45bb-a400-5d7e5952c7a9}
State:
00000000 01 00 00 00 02 00 01 f4-97 19 27 f7 00 00 00 00
.........'.....
00000010 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
...............
00000020 00 00 00 00 01 00 00 00-02 00 01 f4 50 cc eb fe
...........P...
00000030 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
...............
00000040 00 00 00 00 00 00 00 00-97 e1 f4 f8 81 6a 65 b0
............je.
00000050 af da c4 af 47 06 96 11-01 00 00 00
...G.......
Peer private adddress: 0.0.0.0
Main-mode SA LUID: 1
PFS Group: 2
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Adding outbound SA. mmSa
03400048 qmSa 03400FE8
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Local Address:
151.25.39.247.0 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Peer Address: 172.16.0.0.0
Mask 255.255.254.0 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]SA context
4
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]SA bundle
Flags: 0x00000280
Bypass explicit credential handle match
Allow null target name match
Lifetime:
Seconds: 3600
Kilobytes: 100000
Packets: 2147483647
Idle timeout (sec): 300
ND clear timeout (sec): 0
NAP context: 0
QM SA ID: 2830744647
SAs: 1
-- 0 --
SPI: 3614818537
Transform: ESP-Auth & Cipher
Auth information:
Type: MD5
Config: HMAC-MD5-96
Crypto module: <unspecified>
Cipher information:
Type: 3DES
Config: CBC-3DES
Crypto module: <unspecified>
Key module state:
GUID: {a9bbf787-82a8-45bb-a400-5d7e5952c7a9}
State:
00000000 01 00 00 00 02 00 01 f4-97 19 27 f7 00 00 00 00
.........'.....
00000010 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
...............
00000020 00 00 00 00 01 00 00 00-02 00 01 f4 50 cc eb fe
...........P...
00000030 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
...............
00000040 00 00 00 00 00 00 00 00-97 e1 f4 f8 81 6a 65 b0
............je.
00000050 af da c4 af 47 06 96 11-01 00 00 00
...G.......
Peer private adddress: 0.0.0.0
Main-mode SA LUID: 1
PFS Group: 2
[0]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Pruning the QM SA 03400FE8
[0]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Completing Acquire for
ipsec context 4
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Destroying TimerContext
034012B0, type 4
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]TimerContext 034012B0, Old
ref 2
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]TimerContext 034012B0, Old
ref 1
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Freeing TimerContext
034012B0
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Scheduling QM lifetime
expiry for QM SA 03400FE8, secs 3600
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Created new TimerContext
02A3E018, type 8
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Sending Packet
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]iCookie 97e1f4f8816a65b0
rCookie afdac4af47069611
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Exchange type: IKE Quick
Mode Length 60 NextPayload HASH Flags 1 Messid 0x00000001
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.831 [ikeext]Updating TimerContext
02A3E018
[0]0394.0D30::01/01/1601-02:03:11.898 [ikeext]retransmitting MM packet,
count 2: context 03400DF0
[0]0394.0D30::01/01/1601-02:03:11.898 [ikeext]
[0]0394.0D30::01/01/1601-02:03:11.898 [ikeext]Sending Packet: fragment
[0]0394.0D30::01/01/1601-02:03:11.898 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[0]0394.0D30::01/01/1601-02:03:11.898 [ikeext]Exchange type: Authip Main
Mode Length 336 NextPayload CRYPTO Flags 0 Messid 0x00000000
[0]0394.0D30::01/01/1601-02:03:11.898 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[0]0394.0D30::01/01/1601-02:03:11.898 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.997 [ikeext]
[1]0394.09C8::01/01/1601-02:03:11.997 [ikeext]Received packet
[1]0394.09C8::01/01/1601-02:03:11.997 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.997 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:11.997 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[1]0394.09C8::01/01/1601-02:03:11.997 [ikeext]Exchange type: IKE
Informational Mode Length 40 NextPayload NOTIFY Flags 0 Messid
0x00000000
[1]0394.09C8::01/01/1601-02:03:11.997 [ikeext]mmSa: 0x034004E8
[1]0394.09C8::01/01/1601-02:03:11.997 [user]IkeVerifyExchTypeForMMSa
failed with Windows error 13824(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.09C8::01/01/1601-02:03:11.997 [user]IkeVerifyExchTypeForMMSa
failed with HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.09C8::01/01/1601-02:03:11.997 [user]IkeProcessPacket failed with
HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.0D30::01/01/1601-02:03:13.330 [ikeext]retransmitting MM packet,
count 3: context 03400DF0
[1]0394.0D30::01/01/1601-02:03:13.330 [ikeext]
[1]0394.0D30::01/01/1601-02:03:13.330 [ikeext]Sending Packet: fragment
[1]0394.0D30::01/01/1601-02:03:13.330 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[1]0394.0D30::01/01/1601-02:03:13.330 [ikeext]Exchange type: Authip Main
Mode Length 336 NextPayload CRYPTO Flags 0 Messid 0x00000000
[1]0394.0D30::01/01/1601-02:03:13.330 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.0D30::01/01/1601-02:03:13.330 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:13.417 [ikeext]
[1]0394.09C8::01/01/1601-02:03:13.417 [ikeext]Received packet
[1]0394.09C8::01/01/1601-02:03:13.417 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:13.417 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:13.417 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[1]0394.09C8::01/01/1601-02:03:13.417 [ikeext]Exchange type: IKE
Informational Mode Length 40 NextPayload NOTIFY Flags 0 Messid
0x00000000
[1]0394.09C8::01/01/1601-02:03:13.417 [ikeext]mmSa: 0x034004E8
[1]0394.09C8::01/01/1601-02:03:13.417 [user]IkeVerifyExchTypeForMMSa
failed with Windows error 13824(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.09C8::01/01/1601-02:03:13.417 [user]IkeVerifyExchTypeForMMSa
failed with HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.09C8::01/01/1601-02:03:13.417 [user]IkeProcessPacket failed with
HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[0]0394.07BC::01/01/1601-02:03:16.193 [ikeext]retransmitting MM packet,
count 4: context 03400DF0
[0]0394.07BC::01/01/1601-02:03:16.193 [ikeext]
[0]0394.07BC::01/01/1601-02:03:16.193 [ikeext]Sending Packet: fragment
[0]0394.07BC::01/01/1601-02:03:16.193 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[0]0394.07BC::01/01/1601-02:03:16.193 [ikeext]Exchange type: Authip Main
Mode Length 336 NextPayload CRYPTO Flags 0 Messid 0x00000000
[0]0394.07BC::01/01/1601-02:03:16.193 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[0]0394.07BC::01/01/1601-02:03:16.193 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:16.296 [ikeext]
[1]0394.09C8::01/01/1601-02:03:16.296 [ikeext]Received packet
[1]0394.09C8::01/01/1601-02:03:16.296 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:16.296 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.09C8::01/01/1601-02:03:16.296 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[1]0394.09C8::01/01/1601-02:03:16.296 [ikeext]Exchange type: IKE
Informational Mode Length 40 NextPayload NOTIFY Flags 0 Messid
0x00000000
[1]0394.09C8::01/01/1601-02:03:16.296 [ikeext]mmSa: 0x034004E8
[1]0394.09C8::01/01/1601-02:03:16.296 [user]IkeVerifyExchTypeForMMSa
failed with Windows error 13824(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.09C8::01/01/1601-02:03:16.296 [user]IkeVerifyExchTypeForMMSa
failed with HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.09C8::01/01/1601-02:03:16.296 [user]IkeProcessPacket failed with
HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[0]0394.07BC::01/01/1601-02:03:21.921 [ikeext]retransmitting MM packet,
count 5: context 03400DF0
[0]0394.07BC::01/01/1601-02:03:21.921 [ikeext]
[0]0394.07BC::01/01/1601-02:03:21.921 [ikeext]Sending Packet: fragment
[0]0394.07BC::01/01/1601-02:03:21.921 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[0]0394.07BC::01/01/1601-02:03:21.921 [ikeext]Exchange type: Authip Main
Mode Length 336 NextPayload CRYPTO Flags 0 Messid 0x00000000
[0]0394.07BC::01/01/1601-02:03:21.921 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[0]0394.07BC::01/01/1601-02:03:21.921 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.0A40::01/01/1601-02:03:22.004 [ikeext]
[1]0394.0A40::01/01/1601-02:03:22.004 [ikeext]Received packet
[1]0394.0A40::01/01/1601-02:03:22.004 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.0A40::01/01/1601-02:03:22.004 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.0A40::01/01/1601-02:03:22.004 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[1]0394.0A40::01/01/1601-02:03:22.004 [ikeext]Exchange type: IKE
Informational Mode Length 40 NextPayload NOTIFY Flags 0 Messid
0x00000000
[1]0394.0A40::01/01/1601-02:03:22.004 [ikeext]mmSa: 0x034004E8
[1]0394.0A40::01/01/1601-02:03:22.004 [user]IkeVerifyExchTypeForMMSa
failed with Windows error 13824(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.0A40::01/01/1601-02:03:22.004 [user]IkeVerifyExchTypeForMMSa
failed with HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.0A40::01/01/1601-02:03:22.004 [user]IkeProcessPacket failed with
HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.0398::01/01/1601-02:03:25.340 [user]IkeExt service received STOP
control
[1]0394.0398::01/01/1601-02:03:25.340 [user]Changing state of IkeExt
service to STOP_PENDING
[1]0394.07BC::01/01/1601-02:03:25.340 [user]Dispatching STOP control
code to IkeHandler
[1]0394.07BC::01/01/1601-02:03:25.340 [ikeext]Stopping
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]RPC server has shutdown
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]queuing invalidation of MM
SA 034004E8
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]queuing invalidation of MM
SA 03400048
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Postponed entry 02A3DF38
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]IKE diagnostic event:
Event Header:
Timestamp: 1601-01-01T00:00:00.000Z
Flags: 0x00000106
Local address field set
Remote address field set
IP version field set
IP version: IPv4
IP protocol: 0
Local address: 151.25.39.247
Remote address: openswan ip public address
Local Port: 0
Remote Port: 0
Application ID:
User SID: <invalid>
Failure type: IKE/Authip Main Mode Failure
Type specific info:
Failure error code:0x00000281
The system is in the process of shutting down.
Failure point: Local
Flags: 0x00000000
Keying module type: Authip
MM State: First roundtrip packet sent
MM SA role: Initiator
MM auth method: Unknown
Cert hash:
0000000000000000000000000000000000000000
MM ID: 0x0000000000000002
MM Filter ID: 0x000000000001019f
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Cleaning up mmSa:
034004E8. Error WINERROR= 281
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Destroying TimerContext
03400DF0, type 0
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]TimerContext 03400DF0, Old
ref 2
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]TimerContext 03400DF0, Old
ref 1
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Freeing TimerContext
03400DF0
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]SendNotify: mmSa 034004E8
cookie 3136a775 state 1 messId 0
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Inactivating MM: 034004E8
[0]0394.07BC::01/01/1601-02:03:25.342 [user]CanDoNonEmbeddedQM failed
with Windows error 13804(ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR)
[0]0394.07BC::01/01/1601-02:03:25.342 [user]CanDoNonEmbeddedQM failed
with HRESULT 0x800735ec(ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR)
[0]0394.07BC::01/01/1601-02:03:25.342 [user]CanDoNonEmbeddedQM failed
with Windows error 13804(ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR)
[0]0394.07BC::01/01/1601-02:03:25.342 [user]CanDoNonEmbeddedQM failed
with HRESULT 0x800735ec(ERROR_IPSEC_IKE_GENERAL_PROCESSING_ERROR)
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Construct IKEHeader
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Construct CRYPTO
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Construct NOTIFY
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Sending Packet: fragment
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Exchange type: Authip
Informational Mode Length 52 NextPayload CRYPTO Flags 0 Messid
0x00000000
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Created new TimerContext
02A3EA88, type 1
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Postponed entry 034002F8
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Cleaning up mmSa:
03400048. Error WINERROR= 281
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]QM done. Cleaning up qmSa
03400FE8. Error WINERROR= 281
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Expiring ipsec context
4
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]IkeFreeAcquireContext:
Freeing acquire 03400C50
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Destroying TimerContext
02A3E018, type 8
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]TimerContext 02A3E018, Old
ref 2
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]TimerContext 02A3E018, Old
ref 1
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Freeing TimerContext
02A3E018
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]SendNotify: mmSa 03400048
cookie f8f4e197 state 6 messId 1
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Sending Oak Delete MMSA
03400048, QMSA 03400FE8
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Construct IKEHeader
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Construct HASH
[0]0394.07BC::01/01/1601-02:03:25.342 [ikeext]Construct DELETE
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Sending Packet
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]iCookie 97e1f4f8816a65b0
rCookie afdac4af47069611
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Exchange type: IKE
Informational Mode Length 76 NextPayload HASH Flags 1 Messid 0xb0628d9f
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Deleting QM. MM: 03400048
QM: 03400FE8
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]FreeImpersonateHash
02A3E648 entryCount 1 isImpersonate 0
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Destroying TimerContext
03400A08, type 3
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]TimerContext 03400A08, Old
ref 2
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]TimerContext 03400A08, Old
ref 1
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Freeing TimerContext
03400A08
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]SendNotify: mmSa 03400048
cookie f8f4e197 state 6 messId 0
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Sending Oak Delete MMSA
03400048, QMSA 00000000
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Construct IKEHeader
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Construct HASH
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Construct DELETE
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Sending Packet
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]iCookie 97e1f4f8816a65b0
rCookie afdac4af47069611
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Exchange type: IKE
Informational Mode Length 92 NextPayload HASH Flags 1 Messid 0x4e7988b2
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Inactivating MM: 03400048
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]mmSa 03400048
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Deleting MM from lists:
03400048
[0]0394.07BC::01/01/1601-02:03:25.343 [ikeext]Waiting for MMs to go. IKE
and Authip MM SAs 1
[0]0394.0D30::01/01/1601-02:03:25.696 [ikeext]retransmitting MM notify
packet, count 1: context 02A3EA88
[0]0394.0D30::01/01/1601-02:03:25.696 [ikeext]
[0]0394.0D30::01/01/1601-02:03:25.696 [ikeext]Sending Packet
[0]0394.0D30::01/01/1601-02:03:25.696 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[0]0394.0D30::01/01/1601-02:03:25.696 [ikeext]Exchange type: Authip
Informational Mode Length 52 NextPayload CRYPTO Flags 0 Messid
0x00000000
[0]0394.0D30::01/01/1601-02:03:25.696 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[0]0394.0D30::01/01/1601-02:03:25.696 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.0EBC::01/01/1601-02:03:26.308 [ikeext]
[1]0394.0EBC::01/01/1601-02:03:26.308 [ikeext]Received packet
[1]0394.0EBC::01/01/1601-02:03:26.308 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.0EBC::01/01/1601-02:03:26.308 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.0EBC::01/01/1601-02:03:26.308 [ikeext]iCookie 75a73631a3b6f003
rCookie 0000000000000000
[1]0394.0EBC::01/01/1601-02:03:26.308 [ikeext]Exchange type: IKE
Informational Mode Length 40 NextPayload NOTIFY Flags 0 Messid
0x00000000
[1]0394.0EBC::01/01/1601-02:03:26.308 [ikeext]mmSa: 0x034004E8
[1]0394.0EBC::01/01/1601-02:03:26.308 [user]IkeVerifyExchTypeForMMSa
failed with Windows error 13824(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.0EBC::01/01/1601-02:03:26.308 [user]IkeVerifyExchTypeForMMSa
failed with HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.0EBC::01/01/1601-02:03:26.308 [user]IkeProcessPacket failed with
HRESULT 0x80073600(ERROR_IPSEC_IKE_INVALID_HEADER)
[1]0394.0EBC::01/01/1601-02:03:26.327 [ikeext]
[1]0394.0EBC::01/01/1601-02:03:26.327 [ikeext]Received packet
[1]0394.0EBC::01/01/1601-02:03:26.327 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.0EBC::01/01/1601-02:03:26.327 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.0EBC::01/01/1601-02:03:26.343 [ikeext]
[1]0394.0EBC::01/01/1601-02:03:26.343 [ikeext]Received packet
[1]0394.0EBC::01/01/1601-02:03:26.343 [ikeext]Local Address:
151.25.39.247.500 Protocol 0
[1]0394.0EBC::01/01/1601-02:03:26.343 [ikeext]Peer Address: openswan ip
public address.500 Protocol 0
[1]0394.0D30::01/01/1601-02:03:26.412 [ikeext]MM notify retrans
exhausted: context 02A3EA88, mmSa 034004E8
[1]0394.0D30::01/01/1601-02:03:26.412 [ikeext]TimerContext 02A3EA88, Old
ref 2
[1]0394.0D30::01/01/1601-02:03:26.412 [ikeext]mmSa 034004E8
[1]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Deleting MM from lists:
034004E8
[1]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Completing Acquire for
ipsec context 4
[1]0394.07BC::01/01/1601-02:03:26.418
[ikeext]IPsecKeyModuleCompleteAcquire0 failed. Context 4,
error WINERROR=80320008
[1]0394.07BC::01/01/1601-02:03:26.418 [ikeext]IkeFreeAcquireContext:
Freeing acquire 03400D20
[1]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Destroying TimerContext
02A3EA88, type 1
[1]0394.07BC::01/01/1601-02:03:26.418 [ikeext]TimerContext 02A3EA88, Old
ref 1
[1]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Freeing TimerContext
02A3EA88
[1]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Stopping the Receive
thread
[0]0394.0FD8::01/01/1601-02:03:26.418 [ikeext]Receive thread breaking
because of shutdown
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Receive thread stopped
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Deregistering IKE keying
module
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Deregistering Authip
keying module
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Unsubscribing MM V4 filter
change notification
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Unsubscribing MM V6 filter
change notification
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Unsubscribing QM V4 filter
change notification
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Unsubscribing QM V6 filter
change notification
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Unsubscribing IKE MM
policy change notification
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Unsubscribing Authip MM
policy change notification
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Unsubscribing IKE QM Trans
policy change notification
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Unsubscribing IKE QM
Tunnel policy change notification
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Unsubscribing Authip QM
Trans policy change notification
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Unsubscribing Authip QM
Tunnel policy change notification
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Unsubscribing as
diagnostics event provider
[0]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Closing FWP engine handle
[1]0394.07BC::01/01/1601-02:03:26.418 [ikeext]Closing all the sockets
[0]0394.07BC::01/01/1601-02:03:26.419 [ikeext]Stopping IKE tracing
>
> I can mail/post these if you want (openswan-dev?).
>
> What I think happens is that Vista sends the payload type 133 and of
course
> Openswan responds with PAYLOAD_MALFORMED because 133 is a private
payload.
> Vista continues and ISAKMP SAs and IPsec SAs are established. But
Vista
> keeps on sending the payload 133's, possibly for Microsoft's second
> authentication (AuthIP). This fails and Vista sends a Delete SA.
>
> Note that this does not concern L2TP/IPsec, but IPsec VPNs configured
with
> the "Windows Firewall with Advanced Security" tool or "netsh
advfirewall".
>
> The Microsoft development team wrote:
>
> >>> The 133 payload is sent under exchange type 243. Looks like what
is
> >>> happening is that the linux implementation is accepting the
exchange
> >>> type 243 packet (it should drop it) and failing the negotiation
when it
> >>> finds a 133 payload in the packet.
>
> Openswan responds to the 133 payload with PAYLOAD_MALFORMED. It does
not
> even get to check the exchange type. Is Microsoft saying that
implementations
> should first check the exchange type and only then the payload type?
But
> RFC 2408 says:
>
> "When an ISAKMP message is received, the receiving entity MUST do
the
> following:
>
> 1. Verify the Initiator and Responder "cookies".
> 2. Check the Next Payload field
> 3. Check the Major and Minor Version fields
> 4. Check the Exchange Type field
> etc."
>
> (By the way, wireshark says they use exchange type 246, not 243).
>
> So, why does Vista start with sending private payloads/exchange types?
> Shouldn't it start with Vendor IDs first? If the receiving party does
> not respond with the correct Vendor IDs, Vista should not send those
> private payloads.
>
> If you use a PSK instead of certs, Vista connects fine. It will not
> do a second authentication (AuthIP) then.
>
> Jacco
> --
> Jacco de Leeuw mailto:jacco2 at dds.nl
> Zaandam, The Netherlands http://www.jacco2.dds.nl
>
>
More information about the Users
mailing list