The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

форумы  помощь  поиск  регистрация  майллист  вход/выход  слежка  RSS
"ipsec freebsd racoon"
Вариант для распечатки  
Пред. тема | След. тема 
Форумы OpenNET: Виртуальная конференция (Public)
Изначальное сообщение [ Отслеживать ]

"ipsec freebsd racoon"  
Сообщение от kirk (??) on 26-Авг-08, 16:52 
hi all!
необходимо установить IPSEC соединение между моим сервером на freebsd 7.0 и сервером, стоящим за IPSEC шлюзом провайдера, какое именно железо там стоит мне не сообщают.

проблема в том, что я не могу достучаться до сервера, хотя с сервера до меня соединение устанавливается нормально.
когда с сервера на мой lo2 отправляют пинги я tcpdump`ом вижу входящие и исходящие ESP пакеты.
а когда я отправляю пинги на сервер, то вижу тока исходящие ESP пакеты.

конфиги такие

ifconfig lo2
lo2: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet 1.1.1.1 netmask 0xffffffff
ifconfig gif0
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        tunnel inet a.a.a.a --> b.b.b.b
        inet 1.1.1.1 --> 2.2.2.2 netmask 0xffffffff


### ipsec.conf
flush;
spdflush;

spdadd 1.1.1.1/32 2.2.2.2/32 any -P out ipsec esp/tunnel/a.a.a.a-b.b.b.b/require;
spdadd 2.2.2.2/32 1.1.1.1/32 any -P in ipsec esp/tunnel/b.b.b.b-a.a.a.a/require;


##### racoon.conf
path include "/usr/local/etc/racoon";
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
log debug2;
padding
{
        maximum_length 20; # maximum padding length.
        randomize off; # enable randomize length.
        strict_check off; # enable strict check.
        exclusive_tail off; # extract last one octet.
}
remote anonymous
{
        exchange_mode main,base,aggressive;
        doi ipsec_doi;
#situation identity_only;
        my_identifier address a.a.a.a;
        nonce_size 16;
        lifetime time 6000 sec; # sec,min,hour
        initial_contact on;
        support_proxy on;
        proposal_check obey; # obey, strict or claim

        proposal {
        encryption_algorithm 3des;
        hash_algorithm md5;
        authentication_method pre_shared_key;
        dh_group 2 ;
                }
}

sainfo anonymous
{
        pfs_group 2;
        lifetime time 6000 sec;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}

Высказать мнение | Ответить | Правка | Cообщить модератору

 Оглавление

Сообщения по теме [Сортировка по времени | RSS]


1. "ipsec freebsd racoon"  
Сообщение от kirk (??) on 26-Авг-08, 16:57 
tcpdump выглядит так (мой IP - a.a.a.a)
17:52:18.854869 IP a.a.a.a.500 > b.b.b.b.500: isakmp: phase 1 I ident
17:52:18.874671 IP b.b.b.b.500 > a.a.a.a.500: isakmp: phase 1 R ident
17:52:18.893986 IP a.a.a.a.500 > b.b.b.b.500: isakmp: phase 1 I ident
17:52:19.211245 IP b.b.b.b.500 > a.a.a.a.500: isakmp: phase 1 R ident
17:52:19.229840 IP a.a.a.a.500 > b.b.b.b.500: isakmp: phase 1 I ident[E]
17:52:19.257498 IP b.b.b.b.500 > a.a.a.a.500: isakmp: phase 1 R ident[E]
17:52:19.261438 IP a.a.a.a.500 > b.b.b.b.500: isakmp: phase 2/others I inf[E]
17:52:20.281247 IP a.a.a.a.500 > b.b.b.b.500: isakmp: phase 2/others I oakley-quick[E]
17:52:20.518747 IP b.b.b.b.500 > a.a.a.a.500: isakmp: phase 2/others R oakley-quick[E]
17:52:20.525854 IP a.a.a.a.500 > b.b.b.b.500: isakmp: phase 2/others I oakley-quick[E]
17:52:20.852811 IP a.a.a.a > b.b.b.b: ESP(spi=0xb61d8e62,seq=0x1), length 116
17:52:21.853762 IP a.a.a.a > b.b.b.b: ESP(spi=0xb61d8e62,seq=0x2), length 116
17:52:22.854873 IP a.a.a.a > b.b.b.b: ESP(spi=0xb61d8e62,seq=0x3), length 116
17:52:23.855775 IP a.a.a.a > b.b.b.b: ESP(spi=0xb61d8e62,seq=0x4), length 116
Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "ipsec freebsd racoon"  
Сообщение от kirk (??) on 26-Авг-08, 17:09 
вот дебаг, очень большой )

2008-08-26 18:00:56: INFO: a.a.a.a[500] used as isakmp port (fd=34)
2008-08-26 18:00:56: DEBUG: pk_recv: retry[0] recv()
2008-08-26 18:00:56: DEBUG: get pfkey X_SPDDUMP message
2008-08-26 18:00:56: DEBUG: pk_recv: retry[0] recv()
2008-08-26 18:00:56: DEBUG: get pfkey X_SPDDUMP message
2008-08-26 18:00:56: DEBUG: sub:0xbfbfe60c: 1.1.1.1/32[0] 2.2.2.2/32[0] proto=any dir=out
2008-08-26 18:00:56: DEBUG: db :0x77f3d078: 2.2.2.2/32[0] 1.1.1.1/32[0] proto=any dir=in
2008-08-26 18:01:04: DEBUG: pk_recv: retry[0] recv()
2008-08-26 18:01:04: DEBUG: get pfkey ACQUIRE message
2008-08-26 18:01:04: DEBUG: suitable outbound SP found: 1.1.1.1/32[0] 2.2.2.2/32[0] proto=any dir=out.
2008-08-26 18:01:04: DEBUG: sub:0xbfbfe5e0: 2.2.2.2/32[0] 1.1.1.1/32[0] proto=any dir=in
2008-08-26 18:01:04: DEBUG: db :0x77f3d078: 2.2.2.2/32[0] 1.1.1.1/32[0] proto=any dir=in
2008-08-26 18:01:04: DEBUG: suitable inbound SP found: 2.2.2.2/32[0] 1.1.1.1/32[0] proto=any dir=in.
2008-08-26 18:01:04: DEBUG: new acquire 1.1.1.1/32[0] 2.2.2.2/32[0] proto=any dir=out
2008-08-26 18:01:04: DEBUG: anonymous configuration selected for b.b.b.b.
2008-08-26 18:01:04: DEBUG: getsainfo params: loc='1.1.1.1', rmt='2.2.2.2', peer='NULL', id=0
2008-08-26 18:01:04: DEBUG: getsainfo pass #2
2008-08-26 18:01:04: DEBUG: evaluating sainfo: loc='ANONYMOUS', rmt='ANONYMOUS', peer='ANY', id=0
2008-08-26 18:01:04: DEBUG: selected sainfo: loc='ANONYMOUS', rmt='ANONYMOUS', peer='ANY', id=0
2008-08-26 18:01:04: DEBUG:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2008-08-26 18:01:04: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-md5)
2008-08-26 18:01:04: DEBUG: in post_acquire
2008-08-26 18:01:04: DEBUG: anonymous configuration selected for b.b.b.b.
2008-08-26 18:01:04: INFO: IPsec-SA request for b.b.b.b queued due to no phase1 found.
2008-08-26 18:01:04: DEBUG: ===
2008-08-26 18:01:04: INFO: initiate new phase 1 negotiation: a.a.a.a[500]<=>b.b.b.b[500]
2008-08-26 18:01:04: INFO: begin Identity Protection mode.
2008-08-26 18:01:04: DEBUG: new cookie:
612a102023534df5
2008-08-26 18:01:04: DEBUG: add payload of len 48, next type 13
2008-08-26 18:01:04: DEBUG: add payload of len 16, next type 0
2008-08-26 18:01:04: DEBUG: 100 bytes from a.a.a.a[500] to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG: sockname a.a.a.a[500]
2008-08-26 18:01:04: DEBUG: send packet from a.a.a.a[500]
2008-08-26 18:01:04: DEBUG: send packet to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG: 1 times of 100 bytes message will be sent to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG:
612a1020 23534df5 00000000 00000000 01100200 00000000 00000064 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c1770
80010005 80030001 80020001 80040002 00000014 afcad713 68a1f1c9 6b8696fc
77570100
2008-08-26 18:01:04: DEBUG: resend phase1 packet 612a102023534df5:0000000000000000
2008-08-26 18:01:04: DEBUG: ===
2008-08-26 18:01:04: DEBUG: 220 bytes message received from b.b.b.b[500] to a.a.a.a[500]
2008-08-26 18:01:04: DEBUG:
612a1020 23534df5 64062356 84642d23 01100200 00000000 000000dc 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c1770
80010005 80030001 80020001 80040002 0d000014 afcad713 68a1f1c9 6b8696fc
77570100 0d000014 27bab5dc 01ea0760 ea4e3190 ac27c0d0 0d000014 6105c422
e76847e4 3f968480 1292aecd 0d000014 4485152d 18b6bbcd 0be8a846 9579ddcc
0d000014 cd604643 35df21f8 7cfdb2fc 68b6a448 0d000014 90cb8091 3ebb696e
086381b5 ec427b1f 00000014 7d9419a6 5310ca6f 2c179d92 15529d56
2008-08-26 18:01:04: DEBUG: begin.
2008-08-26 18:01:04: DEBUG: seen nptype=1(sa)
2008-08-26 18:01:04: DEBUG: seen nptype=13(vid)
2008-08-26 18:01:04: DEBUG: seen nptype=13(vid)
2008-08-26 18:01:04: DEBUG: seen nptype=13(vid)
2008-08-26 18:01:04: DEBUG: seen nptype=13(vid)
2008-08-26 18:01:04: DEBUG: seen nptype=13(vid)
2008-08-26 18:01:04: DEBUG: seen nptype=13(vid)
2008-08-26 18:01:04: DEBUG: seen nptype=13(vid)
2008-08-26 18:01:04: DEBUG: succeed.
2008-08-26 18:01:04: INFO: received Vendor ID: DPD
2008-08-26 18:01:04: DEBUG: received unknown Vendor ID
2008-08-26 18:01:04: DEBUG:
27bab5dc 01ea0760 ea4e3190 ac27c0d0
2008-08-26 18:01:04: DEBUG: received unknown Vendor ID
2008-08-26 18:01:04: DEBUG:
6105c422 e76847e4 3f968480 1292aecd
2008-08-26 18:01:04: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
2008-08-26 18:01:04: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2008-08-26 18:01:04: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2008-08-26 18:01:04: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
2008-08-26 18:01:04: DEBUG: total SA len=48
2008-08-26 18:01:04: DEBUG:
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c1770
80010005 80030001 80020001 80040002
2008-08-26 18:01:04: DEBUG: begin.
2008-08-26 18:01:04: DEBUG: seen nptype=2(prop)
2008-08-26 18:01:04: DEBUG: succeed.
2008-08-26 18:01:04: DEBUG: proposal #1 len=40
2008-08-26 18:01:04: DEBUG: begin.
2008-08-26 18:01:04: DEBUG: seen nptype=3(trns)
2008-08-26 18:01:04: DEBUG: succeed.
2008-08-26 18:01:04: DEBUG: transform #1 len=32
2008-08-26 18:01:04: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2008-08-26 18:01:04: DEBUG: type=Life Duration, flag=0x8000, lorv=6000
2008-08-26 18:01:04: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2008-08-26 18:01:04: DEBUG: encryption(3des)
2008-08-26 18:01:04: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2008-08-26 18:01:04: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2008-08-26 18:01:04: DEBUG: hash(md5)
2008-08-26 18:01:04: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2008-08-26 18:01:04: DEBUG: hmac(modp1024)
2008-08-26 18:01:04: DEBUG: pair 1:
2008-08-26 18:01:04: DEBUG:  0x77f3a2c0: next=0x0 tnext=0x0
2008-08-26 18:01:04: DEBUG: proposal #1: 1 transform
2008-08-26 18:01:04: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
2008-08-26 18:01:04: DEBUG: trns#=1, trns-id=IKE
2008-08-26 18:01:04: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2008-08-26 18:01:04: DEBUG: type=Life Duration, flag=0x8000, lorv=6000
2008-08-26 18:01:04: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2008-08-26 18:01:04: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2008-08-26 18:01:04: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2008-08-26 18:01:04: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2008-08-26 18:01:04: DEBUG: Compared: DB:Peer
2008-08-26 18:01:04: DEBUG: (lifetime = 6000:6000)
2008-08-26 18:01:04: DEBUG: (lifebyte = 0:0)
2008-08-26 18:01:04: DEBUG: enctype = 3DES-CBC:3DES-CBC
2008-08-26 18:01:04: DEBUG: (encklen = 0:0)
2008-08-26 18:01:04: DEBUG: hashtype = MD5:MD5
2008-08-26 18:01:04: DEBUG: authmethod = pre-shared key:pre-shared key
2008-08-26 18:01:04: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group
2008-08-26 18:01:04: DEBUG: an acceptable proposal found.
2008-08-26 18:01:04: DEBUG: hmac(modp1024)
2008-08-26 18:01:04: DEBUG: agreed on pre-shared key auth.
2008-08-26 18:01:04: DEBUG: ===
2008-08-26 18:01:04: DEBUG: compute DH's private.
2008-08-26 18:01:04: DEBUG:
74690c0e ea3737b3 2fdb6da4 54dc7825 d7ae6711 e1774803 7e689380 fb53e076
d8847ea6 33d44601 777f5ca8 471c17f2 c16bdf76 aeb552ec 9e6b9455 297328cb
6182426d 0692064b a56b28f5 5f95384d 937549a5 025e4b3e 7ef37c7c 5672f94d
64eb6542 3dcb096e 5b714f45 3b536778 cb8f79a6 687289f5 fa5262d8 b878325d
2008-08-26 18:01:04: DEBUG: compute DH's public.
2008-08-26 18:01:04: DEBUG:
eb4e4e55 354216f4 279e7efc 819fc05c 6f778c59 d6263f68 11736cba cc21e0e0
c8502284 b8afbed1 93197309 a480bab4 e5231c80 cd26eca4 957a4dc0 c90e7c59
9c44c6b9 e30efc29 c89bc9f6 baa854c3 f110b7fc 4f4441c9 f30a1755 c2272e1a
4783e932 46b01fda 6a9dde8a 658497b5 f51b43c6 b6262e00 2ba48376 51c7c834
2008-08-26 18:01:04: DEBUG: add payload of len 128, next type 10
2008-08-26 18:01:04: DEBUG: add payload of len 16, next type 0
2008-08-26 18:01:04: DEBUG: 180 bytes from a.a.a.a[500] to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG: sockname a.a.a.a[500]
2008-08-26 18:01:04: DEBUG: send packet from a.a.a.a[500]
2008-08-26 18:01:04: DEBUG: send packet to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG: 1 times of 180 bytes message will be sent to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG:
612a1020 23534df5 64062356 84642d23 04100200 00000000 000000b4 0a000084
eb4e4e55 354216f4 279e7efc 819fc05c 6f778c59 d6263f68 11736cba cc21e0e0
c8502284 b8afbed1 93197309 a480bab4 e5231c80 cd26eca4 957a4dc0 c90e7c59
9c44c6b9 e30efc29 c89bc9f6 baa854c3 f110b7fc 4f4441c9 f30a1755 c2272e1a
4783e932 46b01fda 6a9dde8a 658497b5 f51b43c6 b6262e00 2ba48376 51c7c834
00000014 bb1b48d4 18e51f00 04705b64 cca45941
2008-08-26 18:01:04: DEBUG: resend phase1 packet 612a102023534df5:6406235684642d23
2008-08-26 18:01:04: DEBUG: ===
2008-08-26 18:01:04: DEBUG: 180 bytes message received from b.b.b.b[500] to a.a.a.a[500]
2008-08-26 18:01:04: DEBUG:
612a1020 23534df5 64062356 84642d23 04100200 00000000 000000b4 0a000084
98028c02 4c8bd499 120cd3fe c423640f ab667039 acec704b 315b143e c795006e
e30f57ec 5243f9d0 af2086b4 5509c715 de2b0e43 1c628c2f 59f969a2 fa14164e
1d16ff59 05c5afcc 916abb04 9cd95b53 7b7c1901 d08fea18 3bf2bb0b 01ad778f
230a303f 899f3ed9 9c7f27e7 aad40b06 1019697d 14b41568 7296853e 604e4761
00000014 f3a6aa88 6fd2ff35 f418cf85 633e308f
2008-08-26 18:01:04: DEBUG: begin.
2008-08-26 18:01:04: DEBUG: seen nptype=4(ke)
2008-08-26 18:01:04: DEBUG: seen nptype=10(nonce)
2008-08-26 18:01:04: DEBUG: succeed.
2008-08-26 18:01:04: DEBUG: ===
2008-08-26 18:01:04: DEBUG: compute DH's shared.
2008-08-26 18:01:04: DEBUG:
2b697e95 71aa453b 05e480f3 3a8cb5f4 61960abc dd6d5799 295c915b f9fdacb5
6ef9447b 712d55e0 5457562f 1cfcf1f6 a11dedcf 93002042 15ab0ed2 e9f0bb83
32a2a739 d9694f89 f64d04dc ec79db48 9a9be0f9 de281bf9 419fcde1 4700a893
17d433c2 c75ef4cc e56cf598 a0245f40 45686e03 44bdfb49 e6b2e8af b20fcaac
2008-08-26 18:01:04: DEBUG: the psk found.
2008-08-26 18:01:04: DEBUG: nonce 1: 2008-08-26 18:01:04: DEBUG:
bb1b48d4 18e51f00 04705b64 cca45941
2008-08-26 18:01:04: DEBUG: nonce 2: 2008-08-26 18:01:04: DEBUG:
f3a6aa88 6fd2ff35 f418cf85 633e308f
2008-08-26 18:01:04: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:04: DEBUG: SKEYID computed:
2008-08-26 18:01:04: DEBUG:
25c36917 55bfc90a fdf3f8ef 9a6c98ed
2008-08-26 18:01:04: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:04: DEBUG: SKEYID_d computed:
2008-08-26 18:01:04: DEBUG:
5409ae21 0e09f944 26ef3b1b 7513f5cf
2008-08-26 18:01:04: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:04: DEBUG: SKEYID_a computed:
2008-08-26 18:01:04: DEBUG:
15588b3c 90132e03 e3c4aceb b409c4b7
2008-08-26 18:01:04: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:04: DEBUG: SKEYID_e computed:
2008-08-26 18:01:04: DEBUG:
4061ebf6 472ff497 052d5736 9c88d6b9
2008-08-26 18:01:04: DEBUG: encryption(3des)
2008-08-26 18:01:04: DEBUG: hash(md5)
2008-08-26 18:01:04: DEBUG: len(SKEYID_e) < len(Ka) (16 < 24), generating long key (Ka = K1 | K2 | ...)
2008-08-26 18:01:04: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:04: DEBUG: compute intermediate encryption key K1
2008-08-26 18:01:04: DEBUG:
00
2008-08-26 18:01:04: DEBUG:
ab51afb0 1f69050e ef587a2a 2e36602f
2008-08-26 18:01:04: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:04: DEBUG: compute intermediate encryption key K2
2008-08-26 18:01:04: DEBUG:
ab51afb0 1f69050e ef587a2a 2e36602f
2008-08-26 18:01:04: DEBUG:
d76398a1 df79e528 63cd8639 f20e867c
2008-08-26 18:01:04: DEBUG: final encryption key computed:
2008-08-26 18:01:04: DEBUG:
ab51afb0 1f69050e ef587a2a 2e36602f d76398a1 df79e528
2008-08-26 18:01:04: DEBUG: hash(md5)
2008-08-26 18:01:04: DEBUG: encryption(3des)
2008-08-26 18:01:04: DEBUG: IV computed:
2008-08-26 18:01:04: DEBUG:
8130a242 816afb35
2008-08-26 18:01:04: DEBUG: use ID type of IPv4_address
2008-08-26 18:01:04: DEBUG: HASH with:
2008-08-26 18:01:04: DEBUG:
eb4e4e55 354216f4 279e7efc 819fc05c 6f778c59 d6263f68 11736cba cc21e0e0
c8502284 b8afbed1 93197309 a480bab4 e5231c80 cd26eca4 957a4dc0 c90e7c59
9c44c6b9 e30efc29 c89bc9f6 baa854c3 f110b7fc 4f4441c9 f30a1755 c2272e1a
4783e932 46b01fda 6a9dde8a 658497b5 f51b43c6 b6262e00 2ba48376 51c7c834
98028c02 4c8bd499 120cd3fe c423640f ab667039 acec704b 315b143e c795006e
e30f57ec 5243f9d0 af2086b4 5509c715 de2b0e43 1c628c2f 59f969a2 fa14164e
1d16ff59 05c5afcc 916abb04 9cd95b53 7b7c1901 d08fea18 3bf2bb0b 01ad778f
230a303f 899f3ed9 9c7f27e7 aad40b06 1019697d 14b41568 7296853e 604e4761
612a1020 23534df5 64062356 84642d23 00000001 00000001 00000028 01010001
00000020 01010000 800b0001 800c1770 80010005 80030001 80020001 80040002
011101f4 d5e64026
2008-08-26 18:01:04: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:04: DEBUG: HASH (init) computed:
2008-08-26 18:01:04: DEBUG:
7291fad0 9b57f1e0 0c85c185 075d31b5
2008-08-26 18:01:04: DEBUG: add payload of len 8, next type 8
2008-08-26 18:01:04: DEBUG: add payload of len 16, next type 0
2008-08-26 18:01:04: DEBUG: begin encryption.
2008-08-26 18:01:04: DEBUG: encryption(3des)
2008-08-26 18:01:04: DEBUG: pad length = 8
2008-08-26 18:01:04: DEBUG:
0800000c 011101f4 d5e64026 00000014 7291fad0 9b57f1e0 0c85c185 075d31b5
00000000 00000008
2008-08-26 18:01:04: DEBUG: encryption(3des)
2008-08-26 18:01:04: DEBUG: with key:
2008-08-26 18:01:04: DEBUG:
ab51afb0 1f69050e ef587a2a 2e36602f d76398a1 df79e528
2008-08-26 18:01:04: DEBUG: encrypted payload by IV:
2008-08-26 18:01:04: DEBUG:
8130a242 816afb35
2008-08-26 18:01:04: DEBUG: save IV for next:
2008-08-26 18:01:04: DEBUG:
fa882797 263c57f6
2008-08-26 18:01:04: DEBUG: encrypted.
2008-08-26 18:01:04: DEBUG: 68 bytes from a.a.a.a[500] to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG: sockname a.a.a.a[500]
2008-08-26 18:01:04: DEBUG: send packet from a.a.a.a[500]
2008-08-26 18:01:04: DEBUG: send packet to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG: 1 times of 68 bytes message will be sent to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG:
612a1020 23534df5 64062356 84642d23 05100201 00000000 00000044 37f503a5
4a0564f2 26172b96 ef644920 11053ebd 0833475f dd75d242 8a904528 fa882797
263c57f6
2008-08-26 18:01:04: DEBUG: resend phase1 packet 612a102023534df5:6406235684642d23
2008-08-26 18:01:04: DEBUG: ===
2008-08-26 18:01:04: DEBUG: 60 bytes message received from b.b.b.b[500] to a.a.a.a[500]
2008-08-26 18:01:04: DEBUG:
612a1020 23534df5 64062356 84642d23 05100201 00000000 0000003c ce8ba80a
66fd0e5a 9c43df45 b28f59b8 7145f5be 3875e71e 0b0e6a7a ad6db080
2008-08-26 18:01:04: DEBUG: begin decryption.
2008-08-26 18:01:04: DEBUG: encryption(3des)
2008-08-26 18:01:04: DEBUG: IV was saved for next processing:
2008-08-26 18:01:04: DEBUG:
0b0e6a7a ad6db080
2008-08-26 18:01:04: DEBUG: encryption(3des)
2008-08-26 18:01:04: DEBUG: with key:
2008-08-26 18:01:04: DEBUG:
ab51afb0 1f69050e ef587a2a 2e36602f d76398a1 df79e528
2008-08-26 18:01:04: DEBUG: decrypted payload by IV:
2008-08-26 18:01:04: DEBUG:
fa882797 263c57f6
2008-08-26 18:01:04: DEBUG: decrypted payload, but not trimed.
2008-08-26 18:01:04: DEBUG:
0800000c 011101f4 d5ce20dc 00000014 5f2f6f7f 9486ec75 2c80faea a32adfa3
2008-08-26 18:01:04: DEBUG: padding len=163
2008-08-26 18:01:04: DEBUG: skip to trim padding.
2008-08-26 18:01:04: DEBUG: decrypted.
2008-08-26 18:01:04: DEBUG:
612a1020 23534df5 64062356 84642d23 05100201 00000000 0000003c 0800000c
011101f4 d5ce20dc 00000014 5f2f6f7f 9486ec75 2c80faea a32adfa3
2008-08-26 18:01:04: DEBUG: begin.
2008-08-26 18:01:04: DEBUG: seen nptype=5(id)
2008-08-26 18:01:04: DEBUG: seen nptype=8(hash)
2008-08-26 18:01:04: DEBUG: succeed.
2008-08-26 18:01:04: DEBUG: HASH received:
2008-08-26 18:01:04: DEBUG:
5f2f6f7f 9486ec75 2c80faea a32adfa3
2008-08-26 18:01:04: DEBUG: HASH with:
2008-08-26 18:01:04: DEBUG:
98028c02 4c8bd499 120cd3fe c423640f ab667039 acec704b 315b143e c795006e
e30f57ec 5243f9d0 af2086b4 5509c715 de2b0e43 1c628c2f 59f969a2 fa14164e
1d16ff59 05c5afcc 916abb04 9cd95b53 7b7c1901 d08fea18 3bf2bb0b 01ad778f
230a303f 899f3ed9 9c7f27e7 aad40b06 1019697d 14b41568 7296853e 604e4761
eb4e4e55 354216f4 279e7efc 819fc05c 6f778c59 d6263f68 11736cba cc21e0e0
c8502284 b8afbed1 93197309 a480bab4 e5231c80 cd26eca4 957a4dc0 c90e7c59
9c44c6b9 e30efc29 c89bc9f6 baa854c3 f110b7fc 4f4441c9 f30a1755 c2272e1a
4783e932 46b01fda 6a9dde8a 658497b5 f51b43c6 b6262e00 2ba48376 51c7c834
64062356 84642d23 612a1020 23534df5 00000001 00000001 00000028 01010001
00000020 01010000 800b0001 800c1770 80010005 80030001 80020001 80040002
011101f4 d5ce20dc
2008-08-26 18:01:04: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:04: DEBUG: HASH (init) computed:
2008-08-26 18:01:04: DEBUG:
5f2f6f7f 9486ec75 2c80faea a32adfa3
2008-08-26 18:01:04: DEBUG: HASH for PSK validated.
2008-08-26 18:01:04: DEBUG: peer's ID:2008-08-26 18:01:04: DEBUG:
011101f4 d5ce20dc
2008-08-26 18:01:04: DEBUG: ===
2008-08-26 18:01:04: DEBUG: compute IV for phase2
2008-08-26 18:01:04: DEBUG: phase1 last IV:
2008-08-26 18:01:04: DEBUG:
0b0e6a7a ad6db080 cd5cb1f4
2008-08-26 18:01:04: DEBUG: hash(md5)
2008-08-26 18:01:04: DEBUG: encryption(3des)
2008-08-26 18:01:04: DEBUG: phase2 IV computed:
2008-08-26 18:01:04: DEBUG:
4b8549f1 50153eef
2008-08-26 18:01:04: DEBUG: HASH with:
2008-08-26 18:01:04: DEBUG:
cd5cb1f4 0000001c 00000001 01106002 612a1020 23534df5 64062356 84642d23
2008-08-26 18:01:04: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:04: DEBUG: HASH computed:
2008-08-26 18:01:04: DEBUG:
b44b59f5 d6c3df31 98b8f821 4960d57c
2008-08-26 18:01:04: DEBUG: begin encryption.
2008-08-26 18:01:04: DEBUG: encryption(3des)
2008-08-26 18:01:04: DEBUG: pad length = 8
2008-08-26 18:01:04: DEBUG:
0b000014 b44b59f5 d6c3df31 98b8f821 4960d57c 0000001c 00000001 01106002
612a1020 23534df5 64062356 84642d23 00000000 00000008
2008-08-26 18:01:04: DEBUG: encryption(3des)
2008-08-26 18:01:04: DEBUG: with key:
2008-08-26 18:01:04: DEBUG:
ab51afb0 1f69050e ef587a2a 2e36602f d76398a1 df79e528
2008-08-26 18:01:04: DEBUG: encrypted payload by IV:
2008-08-26 18:01:04: DEBUG:
4b8549f1 50153eef
2008-08-26 18:01:04: DEBUG: save IV for next:
2008-08-26 18:01:04: DEBUG:
eb97ac3d 8611bdcb
2008-08-26 18:01:04: DEBUG: encrypted.
2008-08-26 18:01:04: DEBUG: 84 bytes from a.a.a.a[500] to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG: sockname a.a.a.a[500]
2008-08-26 18:01:04: DEBUG: send packet from a.a.a.a[500]
2008-08-26 18:01:04: DEBUG: send packet to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG: 1 times of 84 bytes message will be sent to b.b.b.b[500]
2008-08-26 18:01:04: DEBUG:
612a1020 23534df5 64062356 84642d23 08100501 cd5cb1f4 00000054 49651d84
26db2ac6 fbe8aabb 7f9b97b9 ac160dd8 3ad3280e cba9808d 85329854 274f782b
146864ce 80641da1 f3b8d78f eb97ac3d 8611bdcb
2008-08-26 18:01:04: DEBUG: sendto Information notify.
2008-08-26 18:01:04: DEBUG: IV freed
2008-08-26 18:01:04: INFO: ISAKMP-SA established a.a.a.a[500]-b.b.b.b[500] spi:612a102023534df5:6406235684642d23
2008-08-26 18:01:04: DEBUG: ===
2008-08-26 18:01:05: DEBUG: ===
2008-08-26 18:01:05: DEBUG: begin QUICK mode.
2008-08-26 18:01:05: INFO: initiate new phase 2 negotiation: a.a.a.a[500]<=>b.b.b.b[500]
2008-08-26 18:01:05: DEBUG: compute IV for phase2
2008-08-26 18:01:05: DEBUG: phase1 last IV:
2008-08-26 18:01:05: DEBUG:
0b0e6a7a ad6db080 f50b0bec
2008-08-26 18:01:05: DEBUG: hash(md5)
2008-08-26 18:01:05: DEBUG: encryption(3des)
2008-08-26 18:01:05: DEBUG: phase2 IV computed:
2008-08-26 18:01:05: DEBUG:
8e10532e e31694fa
2008-08-26 18:01:05: DEBUG: call pfkey_send_getspi
2008-08-26 18:01:05: DEBUG: pfkey GETSPI sent: ESP/Tunnel b.b.b.b[500]->a.a.a.a[500]
2008-08-26 18:01:05: DEBUG: pfkey getspi sent.
2008-08-26 18:01:05: DEBUG: pk_recv: retry[0] recv()
2008-08-26 18:01:05: DEBUG: get pfkey GETSPI message
2008-08-26 18:01:05: DEBUG: pfkey GETSPI succeeded: ESP/Tunnel b.b.b.b[500]->a.a.a.a[500] spi=235214389(0xe051635)
2008-08-26 18:01:05: DEBUG: hmac(modp1024)
2008-08-26 18:01:05: DEBUG: hmac(modp1024)
2008-08-26 18:01:05: DEBUG: hmac(modp1024)
2008-08-26 18:01:05: DEBUG: compute DH's private.
2008-08-26 18:01:05: DEBUG:
69b64b96 03a7f920 1d9621be 86898b6b 343feeaa 1d7650ec c9f90b17 411cf2e8
f1cbe3cb 882bb375 08beebc9 d7bcc641 8bc05ccb c688b62d c94a2f9b 1e7165a5
fbcdac75 a1179848 a35e7472 8bb45365 bcb25937 442dc2cd 468f6876 165f2b94
187bcd9f 21d71a95 d99750eb 84ac7e53 aa7078f9 a0199f6c 054cffa1 fd150386
2008-08-26 18:01:05: DEBUG: compute DH's public.
2008-08-26 18:01:05: DEBUG:
e48fa70c f9c4bbc9 5e7bcf65 2deef4c0 a4648b86 910e1240 d133a6c5 3be9554e
117ca386 681f7fc4 71cfb9cc b1f8d9cc 83d57b2b 70a88619 55a510dd 85201e58
66129960 f2b3dc6f d14cdaab 3d52e628 aa7b39f8 3c667fb1 6f4d2235 b4adcc32
300721a6 40b80bad 7beefd84 59ff5dd4 6c498273 e1b7c9f3 4ce0b25a c0cb7e0d
2008-08-26 18:01:05: DEBUG: use local ID type IPv4_address
2008-08-26 18:01:05: DEBUG: use remote ID type IPv4_address
2008-08-26 18:01:05: DEBUG: IDci:
2008-08-26 18:01:05: DEBUG:
01000000 0affffff
2008-08-26 18:01:05: DEBUG: IDcr:
2008-08-26 18:01:05: DEBUG:
01000000 ac1101cd
2008-08-26 18:01:05: DEBUG: add payload of len 48, next type 10
2008-08-26 18:01:05: DEBUG: add payload of len 16, next type 4
2008-08-26 18:01:05: DEBUG: add payload of len 128, next type 5
2008-08-26 18:01:05: DEBUG: add payload of len 8, next type 5
2008-08-26 18:01:05: DEBUG: add payload of len 8, next type 0
2008-08-26 18:01:05: DEBUG: HASH with:
2008-08-26 18:01:05: DEBUG:
f50b0bec 0a000034 00000001 00000001 00000028 01030401 0e051635 0000001c
01030000 80010001 80021770 80040001 80050001 80030002 04000014 9c7b0410
193fb04a 94bf2173 f09ce5db 05000084 e48fa70c f9c4bbc9 5e7bcf65 2deef4c0
a4648b86 910e1240 d133a6c5 3be9554e 117ca386 681f7fc4 71cfb9cc b1f8d9cc
83d57b2b 70a88619 55a510dd 85201e58 66129960 f2b3dc6f d14cdaab 3d52e628
aa7b39f8 3c667fb1 6f4d2235 b4adcc32 300721a6 40b80bad 7beefd84 59ff5dd4
6c498273 e1b7c9f3 4ce0b25a c0cb7e0d 0500000c 01000000 0affffff 0000000c
01000000 ac1101cd
2008-08-26 18:01:05: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:05: DEBUG: HASH computed:
2008-08-26 18:01:05: DEBUG:
1f13ff31 463bdbda 21460302 f2ab86b5
2008-08-26 18:01:05: DEBUG: add payload of len 16, next type 1
2008-08-26 18:01:05: DEBUG: begin encryption.
2008-08-26 18:01:05: DEBUG: encryption(3des)
2008-08-26 18:01:05: DEBUG: pad length = 8
2008-08-26 18:01:05: DEBUG:
01000014 1f13ff31 463bdbda 21460302 f2ab86b5 0a000034 00000001 00000001
00000028 01030401 0e051635 0000001c 01030000 80010001 80021770 80040001
80050001 80030002 04000014 9c7b0410 193fb04a 94bf2173 f09ce5db 05000084
e48fa70c f9c4bbc9 5e7bcf65 2deef4c0 a4648b86 910e1240 d133a6c5 3be9554e
117ca386 681f7fc4 71cfb9cc b1f8d9cc 83d57b2b 70a88619 55a510dd 85201e58
66129960 f2b3dc6f d14cdaab 3d52e628 aa7b39f8 3c667fb1 6f4d2235 b4adcc32
300721a6 40b80bad 7beefd84 59ff5dd4 6c498273 e1b7c9f3 4ce0b25a c0cb7e0d
0500000c 01000000 0affffff 0000000c 01000000 ac1101cd 00000000 00000008
2008-08-26 18:01:05: DEBUG: encryption(3des)
2008-08-26 18:01:05: DEBUG: with key:
2008-08-26 18:01:05: DEBUG:
ab51afb0 1f69050e ef587a2a 2e36602f d76398a1 df79e528
2008-08-26 18:01:05: DEBUG: encrypted payload by IV:
2008-08-26 18:01:05: DEBUG:
8e10532e e31694fa
2008-08-26 18:01:05: DEBUG: save IV for next:
2008-08-26 18:01:05: DEBUG:
29928ddc 8958b752
2008-08-26 18:01:05: DEBUG: encrypted.
2008-08-26 18:01:05: DEBUG: 284 bytes from a.a.a.a[500] to b.b.b.b[500]
2008-08-26 18:01:05: DEBUG: sockname a.a.a.a[500]
2008-08-26 18:01:05: DEBUG: send packet from a.a.a.a[500]
2008-08-26 18:01:05: DEBUG: send packet to b.b.b.b[500]
2008-08-26 18:01:05: DEBUG: 1 times of 284 bytes message will be sent to b.b.b.b[500]
2008-08-26 18:01:05: DEBUG:
612a1020 23534df5 64062356 84642d23 08102001 f50b0bec 0000011c be6380e5
17b5b526 2e39f8b8 a4034214 2dda4757 33144ccc b99d20b3 f1e0c40f 58ceceea
f0534ce2 f8b439b1 b16ef33b cf3278e7 c9cebc4f ba2099fb df5069c9 d02ad453
890bc6b2 80144468 3a84be96 b2481c4c 5675854e b9f1c9f3 fa91f5fc 1d70e390
cacf998c 1c6398dc 8862a7be 5f97854a 2168d9a7 28a40cc3 928c6a6c 3a8c93d9
29499100 b61ac521 01555ab1 63a1332c 6ddfe269 bec27a23 e4c8b118 b5e324ab
50d9b83f 40d4ce10 092b3247 a6455c92 79889ea0 cc9d06dc 77814c46 f128f401
687d215b 04816585 a3b5e0aa b3525ae7 73da8079 d4b3a4c2 8ae8f390 369935c6
a013211b 7dba07a1 9b00b9e1 21ef987c 99e608c7 29928ddc 8958b752
2008-08-26 18:01:05: DEBUG: resend phase2 packet 612a102023534df5:6406235684642d23:0000f50b
2008-08-26 18:01:06: DEBUG: ===
2008-08-26 18:01:06: DEBUG: 308 bytes message received from b.b.b.b[500] to a.a.a.a[500]
2008-08-26 18:01:06: DEBUG:
612a1020 23534df5 64062356 84642d23 08102001 f50b0bec 00000134 6f7c3938
905e55ea 263cb9a1 89ae9346 4ef53679 797f4930 82c0e892 208bfc63 522b0d0c
bb10d4db 2b76b9ec aeb35fe3 3069bb80 2ee5d81f 31b0ae66 6561e12f 1bf85b33
f566b498 fd5b51a7 d953dbac 4fc1cefe 902004c3 207ed70a 145b9847 6b9f822d
9dad820e cc32779b 3299064d f0f6660b 1bd9e421 340cab3a e137a225 1133befb
ad858f4e 2406ac9d 0c507cf3 00d2ca3b 6fb26fec 6a89ab85 a80dea99 cffb0f67
8f6b15ff 71bcc26a dede13ea dcb2a94e 9d308df6 2edf16d6 5fa16b33 ffefb964
d2ef73b9 0ae334a7 9ad70829 38b03f5d a4ba6e60 bae9d3a1 106d504d 71e85642
2315a533 4aedbc02 961d7d83 93f1a8e3 52ce9b65 afd25fca ad11fb26 44691733
f08c3338 517cf073 e8b5b5c5 77e4d352 14781d9a
2008-08-26 18:01:06: DEBUG: begin decryption.
2008-08-26 18:01:06: DEBUG: encryption(3des)
2008-08-26 18:01:06: DEBUG: IV was saved for next processing:
2008-08-26 18:01:06: DEBUG:
77e4d352 14781d9a
2008-08-26 18:01:06: DEBUG: encryption(3des)
2008-08-26 18:01:06: DEBUG: with key:
2008-08-26 18:01:06: DEBUG:
ab51afb0 1f69050e ef587a2a 2e36602f d76398a1 df79e528
2008-08-26 18:01:06: DEBUG: decrypted payload by IV:
2008-08-26 18:01:06: DEBUG:
29928ddc 8958b752
2008-08-26 18:01:06: DEBUG: decrypted payload, but not trimed.
2008-08-26 18:01:06: DEBUG:
01000014 afb07533 5f1b86ae 03c52f75 30be1deb 0a000034 00000001 00000001
00000028 01030401 cb47582b 0000001c 01030000 80010001 80021770 80040001
80050001 80030002 04000014 061ebabe 3b0a9d11 201d1f0f f95b5f64 05000084
49014140 3bd687ae 62d451d3 0078c81c 66eb8b66 5cef6993 1f0ec576 58585160
9fab22a0 5e2d1603 1b86603b 79506568 5f474ada b2a1fc91 dea392f6 3325657b
b4a7cc23 01ae70f6 c6a7a844 2ab6d4d3 b0317562 99d735e7 010a809a 653d810c
10fa4434 52e848ef e0fa0b5c add726d5 16c11934 86d6a276 b14c02c2 ebba1a4c
0500000c 01000000 0affffff 0b00000c 01000000 ac1101cd 0000001c 00000001
03046000 cb47582b 80010001 00020004 00000e10 00000000
2008-08-26 18:01:06: DEBUG: padding len=0
2008-08-26 18:01:06: DEBUG: skip to trim padding.
2008-08-26 18:01:06: DEBUG: decrypted.
2008-08-26 18:01:06: DEBUG:
612a1020 23534df5 64062356 84642d23 08102001 f50b0bec 00000134 01000014
afb07533 5f1b86ae 03c52f75 30be1deb 0a000034 00000001 00000001 00000028
01030401 cb47582b 0000001c 01030000 80010001 80021770 80040001 80050001
80030002 04000014 061ebabe 3b0a9d11 201d1f0f f95b5f64 05000084 49014140
3bd687ae 62d451d3 0078c81c 66eb8b66 5cef6993 1f0ec576 58585160 9fab22a0
5e2d1603 1b86603b 79506568 5f474ada b2a1fc91 dea392f6 3325657b b4a7cc23
01ae70f6 c6a7a844 2ab6d4d3 b0317562 99d735e7 010a809a 653d810c 10fa4434
52e848ef e0fa0b5c add726d5 16c11934 86d6a276 b14c02c2 ebba1a4c 0500000c
01000000 0affffff 0b00000c 01000000 ac1101cd 0000001c 00000001 03046000
cb47582b 80010001 00020004 00000e10 00000000
2008-08-26 18:01:06: DEBUG: begin.
2008-08-26 18:01:06: DEBUG: seen nptype=8(hash)
2008-08-26 18:01:06: DEBUG: seen nptype=1(sa)
2008-08-26 18:01:06: DEBUG: seen nptype=10(nonce)
2008-08-26 18:01:06: DEBUG: seen nptype=4(ke)
2008-08-26 18:01:06: DEBUG: seen nptype=5(id)
2008-08-26 18:01:06: DEBUG: seen nptype=5(id)
2008-08-26 18:01:06: DEBUG: seen nptype=11(notify)
2008-08-26 18:01:06: DEBUG: succeed.
2008-08-26 18:01:06: DEBUG: Notify Message received
2008-08-26 18:01:06: WARNING: ignore RESPONDER-LIFETIME notification.
2008-08-26 18:01:06: DEBUG: HASH allocated:hbuf->l=296 actual:tlen=272
2008-08-26 18:01:06: DEBUG: HASH(2) received:2008-08-26 18:01:06: DEBUG:
afb07533 5f1b86ae 03c52f75 30be1deb
2008-08-26 18:01:06: DEBUG: HASH with:
2008-08-26 18:01:06: DEBUG:
f50b0bec 9c7b0410 193fb04a 94bf2173 f09ce5db 0a000034 00000001 00000001
00000028 01030401 cb47582b 0000001c 01030000 80010001 80021770 80040001
80050001 80030002 04000014 061ebabe 3b0a9d11 201d1f0f f95b5f64 05000084
49014140 3bd687ae 62d451d3 0078c81c 66eb8b66 5cef6993 1f0ec576 58585160
9fab22a0 5e2d1603 1b86603b 79506568 5f474ada b2a1fc91 dea392f6 3325657b
b4a7cc23 01ae70f6 c6a7a844 2ab6d4d3 b0317562 99d735e7 010a809a 653d810c
10fa4434 52e848ef e0fa0b5c add726d5 16c11934 86d6a276 b14c02c2 ebba1a4c
0500000c 01000000 0affffff 0b00000c 01000000 ac1101cd 0000001c 00000001
03046000 cb47582b 80010001 00020004 00000e10
2008-08-26 18:01:06: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:06: DEBUG: HASH computed:
2008-08-26 18:01:06: DEBUG:
afb07533 5f1b86ae 03c52f75 30be1deb
2008-08-26 18:01:06: DEBUG: total SA len=48
2008-08-26 18:01:06: DEBUG:
00000001 00000001 00000028 01030401 0e051635 0000001c 01030000 80010001
80021770 80040001 80050001 80030002
2008-08-26 18:01:06: DEBUG: begin.
2008-08-26 18:01:06: DEBUG: seen nptype=2(prop)
2008-08-26 18:01:06: DEBUG: succeed.
2008-08-26 18:01:06: DEBUG: proposal #1 len=40
2008-08-26 18:01:06: DEBUG: begin.
2008-08-26 18:01:06: DEBUG: seen nptype=3(trns)
2008-08-26 18:01:06: DEBUG: succeed.
2008-08-26 18:01:06: DEBUG: transform #1 len=28
2008-08-26 18:01:06: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2008-08-26 18:01:06: DEBUG: type=SA Life Duration, flag=0x8000, lorv=6000
2008-08-26 18:01:06: DEBUG: life duration was in TLV.
2008-08-26 18:01:06: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2008-08-26 18:01:06: DEBUG: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2008-08-26 18:01:06: DEBUG: type=Group Description, flag=0x8000, lorv=2
2008-08-26 18:01:06: DEBUG: hmac(modp1024)
2008-08-26 18:01:06: DEBUG: pair 1:
2008-08-26 18:01:06: DEBUG:  0x77f3a420: next=0x0 tnext=0x0
2008-08-26 18:01:06: DEBUG: proposal #1: 1 transform
2008-08-26 18:01:06: DEBUG: total SA len=48
2008-08-26 18:01:06: DEBUG:
00000001 00000001 00000028 01030401 cb47582b 0000001c 01030000 80010001
80021770 80040001 80050001 80030002
2008-08-26 18:01:06: DEBUG: begin.
2008-08-26 18:01:06: DEBUG: seen nptype=2(prop)
2008-08-26 18:01:06: DEBUG: succeed.
2008-08-26 18:01:06: DEBUG: proposal #1 len=40
2008-08-26 18:01:06: DEBUG: begin.
2008-08-26 18:01:06: DEBUG: seen nptype=3(trns)
2008-08-26 18:01:06: DEBUG: succeed.
2008-08-26 18:01:06: DEBUG: transform #1 len=28
2008-08-26 18:01:06: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2008-08-26 18:01:06: DEBUG: type=SA Life Duration, flag=0x8000, lorv=6000
2008-08-26 18:01:06: DEBUG: life duration was in TLV.
2008-08-26 18:01:06: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2008-08-26 18:01:06: DEBUG: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2008-08-26 18:01:06: DEBUG: type=Group Description, flag=0x8000, lorv=2
2008-08-26 18:01:06: DEBUG: hmac(modp1024)
2008-08-26 18:01:06: DEBUG: pair 1:
2008-08-26 18:01:06: DEBUG:  0x77f3a430: next=0x0 tnext=0x0
2008-08-26 18:01:06: DEBUG: proposal #1: 1 transform
2008-08-26 18:01:06: DEBUG: begin compare proposals.
2008-08-26 18:01:06: DEBUG: pair[1]: 0x77f3a430
2008-08-26 18:01:06: DEBUG:  0x77f3a430: next=0x0 tnext=0x0
2008-08-26 18:01:06: DEBUG: prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=3DES
2008-08-26 18:01:06: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2008-08-26 18:01:06: DEBUG: type=SA Life Duration, flag=0x8000, lorv=6000
2008-08-26 18:01:06: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2008-08-26 18:01:06: DEBUG: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2008-08-26 18:01:06: DEBUG: type=Group Description, flag=0x8000, lorv=2
2008-08-26 18:01:06: DEBUG: peer's single bundle:
2008-08-26 18:01:06: DEBUG:  (proto_id=ESP spisize=4 spi=cb47582b spi_p=00000000 encmode=Tunnel reqid=0:0)
2008-08-26 18:01:06: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-md5)
2008-08-26 18:01:06: DEBUG: my single bundle:
2008-08-26 18:01:06: DEBUG:  (proto_id=ESP spisize=4 spi=0e051635 spi_p=00000000 encmode=Tunnel reqid=0:0)
2008-08-26 18:01:06: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-md5)
2008-08-26 18:01:06: DEBUG: matched
2008-08-26 18:01:06: DEBUG: ===
2008-08-26 18:01:06: DEBUG: HASH(3) generate
2008-08-26 18:01:06: DEBUG: HASH with:
2008-08-26 18:01:06: DEBUG:
00f50b0b ec9c7b04 10193fb0 4a94bf21 73f09ce5 db061eba be3b0a9d 11201d1f
0ff95b5f 64
2008-08-26 18:01:06: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:06: DEBUG: HASH computed:
2008-08-26 18:01:06: DEBUG:
ca2ddee3 aa06ba54 c2f2d496 df548151
2008-08-26 18:01:06: DEBUG: add payload of len 16, next type 0
2008-08-26 18:01:06: DEBUG: begin encryption.
2008-08-26 18:01:06: DEBUG: encryption(3des)
2008-08-26 18:01:06: DEBUG: pad length = 4
2008-08-26 18:01:06: DEBUG:
00000014 ca2ddee3 aa06ba54 c2f2d496 df548151 00000004
2008-08-26 18:01:06: DEBUG: encryption(3des)
2008-08-26 18:01:06: DEBUG: with key:
2008-08-26 18:01:06: DEBUG:
ab51afb0 1f69050e ef587a2a 2e36602f d76398a1 df79e528
2008-08-26 18:01:06: DEBUG: encrypted payload by IV:
2008-08-26 18:01:06: DEBUG:
77e4d352 14781d9a
2008-08-26 18:01:06: DEBUG: save IV for next:
2008-08-26 18:01:06: DEBUG:
e6987cff 3c820347
2008-08-26 18:01:06: DEBUG: encrypted.
2008-08-26 18:01:06: DEBUG: 52 bytes from a.a.a.a[500] to b.b.b.b[500]
2008-08-26 18:01:06: DEBUG: sockname a.a.a.a[500]
2008-08-26 18:01:06: DEBUG: send packet from a.a.a.a[500]
2008-08-26 18:01:06: DEBUG: send packet to b.b.b.b[500]
2008-08-26 18:01:06: DEBUG: 1 times of 52 bytes message will be sent to b.b.b.b[500]
2008-08-26 18:01:06: DEBUG:
612a1020 23534df5 64062356 84642d23 08102001 f50b0bec 00000034 8ed8ec9e
5455f099 fdf94fc9 199c5eb4 e6987cff 3c820347
2008-08-26 18:01:06: DEBUG: compute DH's shared.
2008-08-26 18:01:06: DEBUG:
c88c8f92 457c8403 8f491d62 7341d392 cafac836 4529c1a3 6a626870 b8b6d829
ecb0ac20 00817184 49568147 054d4c75 7d9097f6 a2fca88d 6f520329 f007b3aa
d6f37daa 93b4a770 2c0e6d62 517ced06 46518068 10ca2816 c237d27b b169e907
03a0aa7f f9e5688c b77ff5b6 87660a44 e7fb36e1 846863f9 013ef9a8 9478e0bd
2008-08-26 18:01:06: DEBUG: KEYMAT compute with
2008-08-26 18:01:06: DEBUG:
c88c8f92 457c8403 8f491d62 7341d392 cafac836 4529c1a3 6a626870 b8b6d829
ecb0ac20 00817184 49568147 054d4c75 7d9097f6 a2fca88d 6f520329 f007b3aa
d6f37daa 93b4a770 2c0e6d62 517ced06 46518068 10ca2816 c237d27b b169e907
03a0aa7f f9e5688c b77ff5b6 87660a44 e7fb36e1 846863f9 013ef9a8 9478e0bd
030e0516 359c7b04 10193fb0 4a94bf21 73f09ce5 db061eba be3b0a9d 11201d1f
0ff95b5f 64
2008-08-26 18:01:06: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:06: DEBUG: encryption(3des)
2008-08-26 18:01:06: DEBUG: hmac(md5)
2008-08-26 18:01:06: DEBUG: encklen=192 authklen=128
2008-08-26 18:01:06: DEBUG: generating 512 bits of key (dupkeymat=4)
2008-08-26 18:01:06: DEBUG: generating K1...K4 for KEYMAT.
2008-08-26 18:01:06: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:06: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:06: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:06: DEBUG:
838a1ddc 229f8d3f f41954ab 235141d1 a51a8108 42d25c89 a08e6d22 af73ff4d
eb527a8a 4efedc1b c5fa0af6 7ab95dce 7c2df8a8 ae725c8d 63711ee9 978e0b91
2008-08-26 18:01:06: DEBUG: KEYMAT compute with
2008-08-26 18:01:06: DEBUG:
c88c8f92 457c8403 8f491d62 7341d392 cafac836 4529c1a3 6a626870 b8b6d829
ecb0ac20 00817184 49568147 054d4c75 7d9097f6 a2fca88d 6f520329 f007b3aa
d6f37daa 93b4a770 2c0e6d62 517ced06 46518068 10ca2816 c237d27b b169e907
03a0aa7f f9e5688c b77ff5b6 87660a44 e7fb36e1 846863f9 013ef9a8 9478e0bd
03cb4758 2b9c7b04 10193fb0 4a94bf21 73f09ce5 db061eba be3b0a9d 11201d1f
0ff95b5f 64
2008-08-26 18:01:06: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:06: DEBUG: encryption(3des)
2008-08-26 18:01:06: DEBUG: hmac(md5)
2008-08-26 18:01:06: DEBUG: encklen=192 authklen=128
2008-08-26 18:01:06: DEBUG: generating 512 bits of key (dupkeymat=4)
2008-08-26 18:01:06: DEBUG: generating K1...K4 for KEYMAT.
2008-08-26 18:01:06: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:06: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:06: DEBUG: hmac(hmac_md5)
2008-08-26 18:01:06: DEBUG:
239fe172 dcad14c9 556e3d8c e9ecb3c7 3de937ba a0f9ab49 0f093bfc 783dcd20
79bc8233 fdedf5f2 0d33af6d ff2d61d8 4f1272c4 5e2ea275 fd0c6ab8 21cef4ea
2008-08-26 18:01:06: DEBUG: KEYMAT computed.
2008-08-26 18:01:06: DEBUG: call pk_sendupdate
2008-08-26 18:01:06: DEBUG: encryption(3des)
2008-08-26 18:01:06: DEBUG: hmac(md5)
2008-08-26 18:01:06: DEBUG: call pfkey_send_update2
2008-08-26 18:01:06: DEBUG: pfkey update sent.
2008-08-26 18:01:06: DEBUG: encryption(3des)
2008-08-26 18:01:06: DEBUG: hmac(md5)
2008-08-26 18:01:06: DEBUG: call pfkey_send_add2
2008-08-26 18:01:06: DEBUG: pfkey add sent.
2008-08-26 18:01:06: DEBUG: pk_recv: retry[0] recv()
2008-08-26 18:01:06: DEBUG: get pfkey UPDATE message
2008-08-26 18:01:06: DEBUG: pfkey UPDATE succeeded: ESP/Tunnel b.b.b.b[0]->a.a.a.a[0] spi=235214389(0xe051635)
2008-08-26 18:01:06: INFO: IPsec-SA established: ESP/Tunnel b.b.b.b[0]->a.a.a.a[0] spi=235214389(0xe051635)
2008-08-26 18:01:06: DEBUG: ===
2008-08-26 18:01:06: DEBUG: pk_recv: retry[0] recv()
2008-08-26 18:01:06: DEBUG: get pfkey ADD message
2008-08-26 18:01:06: INFO: IPsec-SA established: ESP/Tunnel a.a.a.a[0]->b.b.b.b[0] spi=3410450475(0xcb47582b)
2008-08-26 18:01:06: DEBUG: ===


Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

3. "ipsec freebsd racoon"  
Сообщение от pavel_simple (??) on 26-Авг-08, 17:30 
этот debug говорит о том -- что туннель устанавливается нормально
если пакеты не ходят -- значит косяки в маршрутизации и/или МЭС
Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

4. "ipsec freebsd racoon"  
Сообщение от kirk (??) on 26-Авг-08, 18:32 
я тоже так думаю )
но если с сервера до меня все работает нормально, то марш-я не причем, остается мсэ

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

5. "ipsec freebsd racoon"  
Сообщение от pavel_simple (??) on 26-Авг-08, 20:43 
>я тоже так думаю )
>но если с сервера до меня все работает нормально, то марш-я не
>причем

именно маршрутизация скорее всего причём
>, остается мсэ

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

6. "ipsec freebsd racoon"  
Сообщение от kirk (??) on 26-Авг-08, 22:02 
>>я тоже так думаю )
>>но если с сервера до меня все работает нормально, то марш-я не
>>причем
>
>именно маршрутизация скорее всего причём
>>, остается мсэ

поясните, плз, свою мысль

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]




Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру