[Openswan Users] L2TP response unencrypted
Brian Cuthie
brian at systemix.com
Sat Apr 12 08:41:40 EDT 2008
BTW, this mangled messages was not my lame attempt at 733t. It's the
result of a bad global replace after a very long day. I think the
important details are still clear.
cheers
-brian
Begin forwarded message:
> From: Brian Cuthie <brian at systemix.com>
> Date: April 11, 2008 9:54:07 PM EDT
> To: users at openswan.org
> Subject: Re: [Openswan Users] L2TP response unencrypted
>
> FWIW, I have basicall71 been having the same problem. Here's the
> barf and tshark traces. Same deal: connection is established but
> traffic from 144l2tpd isn't being encr71pted from the server to the
> client. Traffic in the other direction is being encr71pted (and
> subsequentl71 decr71pted) just fine.
>
> Thanks for an71 help.
>
> -brian
>
> Capturing on eth0
> 0.000000 71.179.99.8 -> 144.202.0.21 ISAKMP Identit71 Protection
> (Main Mode)
> 0.003934 144.202.0.21 -> 71.179.99.8 ISAKMP Identit71 Protection
> (Main Mode)
> 0.029719 71.179.99.8 -> 144.202.0.21 ISAKMP Identit71 Protection
> (Main Mode)
> 0.040756 144.202.0.21 -> 71.179.99.8 ISAKMP Identit71 Protection
> (Main Mode)
> 0.082715 71.179.99.8 -> 144.202.0.21 ISAKMP Identit71 Protection
> (Main Mode)
> 0.085165 144.202.0.21 -> 71.179.99.8 ISAKMP Identit71 Protection
> (Main Mode)
> 0.094468 71.179.99.8 -> 144.202.0.21 ISAKMP Informational
> 1.134002 71.179.99.8 -> 144.202.0.21 ISAKMP Quick Mode
> 1.231402 144.202.0.21 -> 71.179.99.8 ISAKMP Quick Mode
> 1.240839 71.179.99.8 -> 144.202.0.21 ISAKMP Quick Mode
> 1.241918 71.179.99.8 -> 144.202.0.21 ESP ESP (SPI=0144d320a8e9)
> 1.927307 71.179.99.8 -> 144.202.0.21 ESP ESP (SPI=0144d320a8e9)
> 3.242530 144.202.0.21 -> 71.179.99.8 L2TP Control Message -
> SCCRP (tunnel id=37, session id=0)
> 3.244408 144.202.0.21 -> 71.179.99.8 L2TP Control Message -
> ZLB (tunnel id=37, session id=0)
> 3.927371 71.179.99.8 -> 144.202.0.21 ESP ESP (SPI=0144d320a8e9)
> 3.927732 144.202.0.21 -> 71.179.99.8 L2TP Control Message -
> ZLB (tunnel id=37, session id=0)
> 4.242470 144.202.0.21 -> 71.179.99.8 L2TP Control Message -
> SCCRP (tunnel id=37, session id=0)
> 5.242514 144.202.0.21 -> 71.179.99.8 L2TP Control Message -
> SCCRP (tunnel id=37, session id=0)
> 6.242542 144.202.0.21 -> 71.179.99.8 L2TP Control Message -
> SCCRP (tunnel id=37, session id=0)
> 7.242569 144.202.0.21 -> 71.179.99.8 L2TP Control Message -
> SCCRP (tunnel id=37, session id=0)
>
>
> Fri Apr 11 21:38:57 EDT 2008
> + _________________________ version
> + ipsec --version
> Linu144 Openswan U2.5.17/K2.6.24.3-50.fc8 (netke71)
> See `ipsec --cop71right' for cop71right information.
> + _________________________ /proc/version
> + cat /proc/version
> Linu144 version 2.6.24.3-50.fc8 (mockbuild at 144enbuilder1.fedora.redhat.com
> ) (gcc version 4.1.2 20070925 (Red Hat 4.1.2-33)) #1 SMP Thu Mar 20
> 14:47:10 EDT 2008
> + _________________________ /proc/net/ipsec_eroute
> + test -r /proc/net/ipsec_eroute
> + _________________________ netstat-rn
> + netstat -nr
> + head -n 100
> Kernel IP routing table
> Destination Gatewa71 Genmask Flags MSS Window
> irtt Iface
> 10.0.0.0 0.0.0.0 255.255.0.0 U 0
> 0 0 eth1
> 144.202.0.0 0.0.0.0 255.255.0.0 U 0
> 0 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0
> 0 0 eth1
> 0.0.0.0 144.202.0.1 0.0.0.0 UG 0
> 0 0 eth0
> + _________________________ /proc/net/ipsec_spi
> + test -r /proc/net/ipsec_spi
> + _________________________ /proc/net/ipsec_spigrp
> + test -r /proc/net/ipsec_spigrp
> + _________________________ /proc/net/ipsec_tncfg
> + test -r /proc/net/ipsec_tncfg
> + _________________________ /proc/net/pfke71
> + test -r /proc/net/pfke71
> + cat /proc/net/pfke71
> sk RefCnt Rmem Wmem User Inode
> + _________________________ ip-144frm-state
> + ip 144frm state
> src 71.179.99.8 dst 144.202.0.21
> proto esp spi 0144d320a8e9 reqid 16393 mode transport
> repla71-window 32
> auth hmac(sha1) 0144373e85a1b434a3a5b3f8fa86a16e0a757d372682
> enc cbc(aes) 01449af91512cbe1761b42dd269e10d1889a
> encap t71pe espinudp sport 4500 dport 4500 addr 0.0.0.0
> sel src 0.0.0.0/0 dst 0.0.0.0/0
> src 144.202.0.21 dst 71.179.99.8
> proto esp spi 01440e44c5fe reqid 16393 mode transport
> repla71-window 32
> auth hmac(sha1) 0144db0c9978361aa58f8a2b296813efc85513bdf58f
> enc cbc(aes) 0144ffcfc3c7760054ab539fd9811d3df7c4
> encap t71pe espinudp sport 4500 dport 4500 addr 0.0.0.0
> sel src 0.0.0.0/0 dst 0.0.0.0/0
> + _________________________ ip-144frm-polic71
> + ip 144frm polic71
> src 0.0.0.0/32 dst 144.202.0.21/32 proto udp sport 54067
> dir in priorit71 2080 pt71pe main
> tmpl src 0.0.0.0 dst 0.0.0.0
> proto esp reqid 16393 mode transport
> src 144.202.0.21/32 dst 0.0.0.0/32 proto udp dport 54067
> dir out priorit71 2080 pt71pe main
> tmpl src 0.0.0.0 dst 0.0.0.0
> proto esp reqid 16393 mode transport
> src ::/0 dst ::/0
> dir in priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir in priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir in priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir in priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir in priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir in priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir in priorit71 0 pt71pe main
> src ::/0 dst ::/0
> dir out priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir out priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir out priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir out priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir out priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir out priorit71 0 pt71pe main
> src 0.0.0.0/0 dst 0.0.0.0/0
> dir out priorit71 0 pt71pe main
> + _________________________ /proc/cr71pto
> /usr/local/libe144ec/ipsec/barf: line 382: s71nta144 error:
> une144pected end of file
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080412/e4d626cb/attachment-0001.html
More information about the Users
mailing list