Date: Wed, 31 Jul 2002 08:33:20 +0200 From: "Cezary Nolewajka" <cno@m2mob.com> To: <freebsd-questions@freebsd.org> Subject: FreeBSD and CISCO Pix IPSec VPN - problem (long) Message-ID: <003301c2385c$29d1fed0$6500000a@getin.corp>
next in thread | raw e-mail | index | archive | help
Hello everybody, I have a general problem setting up a IPSec VPN connection between freebsd and a cisco router/pix. I got to the stage where both machines can see each other, start the negotiation phase 1 that succeeds and fail at the stage 2. The racoon -F info says that get_ph2approvalx(): not matched and therefore no policy is found. It seems that I have a problem with my or Pixes configuration. I browsed all the net archives and pages I could have found on the VPN/IPSec freebsd installation and configuration and failed to find a solution. If there is anything that you could suggest or even solved such a problem, I would be grateful for any kind of help or support. Below I attached some of the configuration and debugging information concerning the IPSec setup. Regards, Cezary Nolewajka mailto:czarek@homemail.com IFCONFIG: rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::2c0:dfff:fe13:c4b2%rl0 prefixlen 64 scopeid 0x1 ether 00:c0:df:13:c4:b2 media: Ethernet autoselect (100baseTX) status: active rl1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500 inet xxx.xxx.xxx.70 netmask 0xffffff00 broadcast xxx.xxx.xxx.255 inet6 fe80::220:edff:fe32:2c79%rl1 prefixlen 64 scopeid 0x2 ether 00:20:ed:32:2c:79 media: Ethernet autoselect (100baseTX <full-duplex>) status: active lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 tunnel inet xxx.xxx.xxx.70 --> yyy.yyy.yyy.62 inet6 fe80::2c0:dfff:fe13:c4b2%gif0 prefixlen 64 scopeid 0x8 inet 10.0.0.1 --> 192.168.5.55 netmask 0xffffff00 ------------------------------------------------------------------- SETKEY -PD 192.168.5.55[any] 10.0.0.1[any] any in ipsec esp/tunnel/yyy.yyy.yyy.62-xxx.xxx.xxx.70/require spid=4 seq=1 pid=244 refcnt=1 10.0.0.1[any] 192.168.5.55[any] any out ipsec esp/tunnel/xxx.xxx.xxx.70-yyy.yyy.yyy.62/require spid=3 seq=0 pid=244 refcnt=1 -------------------------------------------------------------------- GIFCONFIG: gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 inet6 fe80::2c0:dfff:fe13:c4b2%gif0 prefixlen 64 inet 10.0.0.1 --> 192.168.5.55 netmask 0xffffff00 physical address inet xxx.xxx.xxx.70 --> yyy.yyy.yyy.62 -------------------------------------------------------------------- RACOON.CONF: # $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $ # "path" must be placed before it should be used. # You can overwrite which you defined, but it should not use due to confusing. path include "/usr/local/etc/racoon" ; #include "remote.conf" ; # search this file for pre_shared_key with various ID key. path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; # racoon will look for certificate file in the directory, # if the certificate/certificate request payload is received. path certificate "/usr/local/etc/cert" ; # "log" specifies logging level. It is followed by either "notify", "debug" # or "debug2". #log debug; # "padding" defines some parameter of padding. You should not touch these. padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } # if no listen directive is specified, racoon will listen to all # available interface addresses. listen { isakmp xxx.xxx.xxx.70 [500]; #isakmp ::1 [7000]; #isakmp 202.249.11.124 [500]; #admin [7002]; # administrative's port by kmpstat. #strict_address; # required all addresses must be bound. } # Specification of default various timer. timer { # These value can be changed per remote node. counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per a send. # timer for waiting to complete each phase. phase1 30 sec; phase2 15 sec; } remote yyy.yyy.yyy.62 [500] { #exchange_mode aggressive,main; exchange_mode main,aggressive; doi ipsec_doi; situation identity_only; my_identifier address 10.0.0.1; peers_identifier address 192.168.5.55; nonce_size 16; lifetime time 1 min; # sec,min,hour #lifetime byte 5000 kb; # B,KB,GB initial_contact on; support_mip6 on; proposal_check obey; # obey, strict or claim proposal { lifetime time 3600 sec; encryption_algorithm des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 1; } } sainfo address xxx.xxx.xxx.70 any address yyy.yyy.yyy.62 any { pfs_group 1; lifetime time 3600 sec; #lifetime byte 50 MB; encryption_algorithm des; authentication_algorithm hmac_md5; #authentication_algorithm non_auth; compression_algorithm deflate; } remote anonymous { #exchange_mode main,aggressive; exchange_mode aggressive,main; doi ipsec_doi; situation identity_only; #my_identifier address; my_identifier user_fqdn "sakane@kame.net"; peers_identifier user_fqdn "sakane@kame.net"; #certificate_type x509 "mycert" "mypriv"; nonce_size 16; lifetime time 1 min; # sec,min,hour initial_contact on; support_mip6 on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 1; } } remote ::1 [8000] { #exchange_mode main,aggressive; exchange_mode aggressive,main; doi ipsec_doi; situation identity_only; my_identifier user_fqdn "sakane@kame.net"; peers_identifier user_fqdn "sakane@kame.net"; #certificate_type x509 "mycert" "mypriv"; nonce_size 16; lifetime time 1 min; # sec,min,hour proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 30 sec; encryption_algorithm des ; authentication_algorithm hmac_md5; compression_algorithm deflate; } sainfo address 203.178.141.209 any address 203.178.141.218 any { pfs_group 1; lifetime time 30 sec; encryption_algorithm des ; authentication_algorithm hmac_md5; compression_algorithm deflate ; } sainfo address ::1 icmp6 address ::1 icmp6 { pfs_group 1; lifetime time 60 sec; encryption_algorithm 3des, cast128, blowfish 448, des ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } -------------------------------------------------------------------------- NETSTAT -nr Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default xxx.xxx.xxx.254 UGSc 3 179667 rl1 10/24 link#1 UC 2 0 rl0 10.0.0.100 00:c0:df:13:25:3b UHLW 0 8042 rl0 1187 10.0.0.101 00:c0:df:13:25:39 UHLW 4 39888 rl0 898 127.0.0.1 127.0.0.1 UH 0 0 lo0 192.168.5.55 10.0.0.1 UH 0 392 gif0 212.244.99 link#2 UC 1 0 rl1 xxx.xxx.xxx.254 00:50:73:09:f0:81 UHLW 2 0 rl1 1194 Internet6: Destination Gateway Flags Netif Expire ::1 ::1 UH lo0 fe80::%rl0/64 link#1 UC rl0 fe80::2c0:dfff:fe13:c4b2%rl0 00:c0:df:13:c4:b2 UHL lo0 fe80::%rl1/64 link#2 UC rl1 fe80::220:edff:fe32:2c79%rl1 00:20:ed:32:2c:79 UHL lo0 fe80::%lo0/64 fe80::1%lo0 Uc lo0 fe80::1%lo0 link#4 UHL lo0 fe80::%gif0/64 link#8 UC gif0 fe80::2c0:dfff:fe13:c4b2%gif0 link#8 UHL lo0 ff01::/32 ::1 U lo0 ff02::%rl0/32 link#1 UC rl0 ff02::%rl1/32 link#2 UC rl1 ff02::%lo0/32 ::1 UC lo0 ff02::%gif0/32 link#8 UC gif0 -------------------------------------------------------------------------- RACOON -F: Foreground mode. 2002-07-30 09:04:08: INFO: main.c:168:main(): @(#)package version freebsd-20020507a 2002-07-30 09:04:08: INFO: main.c:170:main(): @(#)internal version 20001216 sakane@kame.net 2002-07-30 09:04:08: INFO: main.c:171:main(): @(#)This product linked OpenSSL 0.9.6a 5 Apr 2001 (http://www.openssl.org/) 2002-07-30 09:04:08: INFO: isakmp.c:1357:isakmp_open(): xxx.xxx.xxx.70[500] used as isakmp port (fd=6) 2002-07-30 09:04:15: INFO: isakmp.c:891:isakmp_ph1begin_r(): respond new phase 1 negotiation: xxx.xxx.xxx.70[500]<=>yyy.yyy.yyy.62[500] 2002-07-30 09:04:15: INFO: isakmp.c:896:isakmp_ph1begin_r(): begin Identity Protection mode. 2002-07-30 09:04:15: WARNING: ipsec_doi.c:3059:ipsecdoi_checkid1(): ID value mismatched. 2002-07-30 09:04:15: INFO: isakmp.c:2409:log_ph1established(): ISAKMP-SA established xxx.xxx.xxx.70[500]-yyy.yyy.yyy.62[500] spi:ac807c45add71aa6:fbc011c457a61849 2002-07-30 09:04:15: INFO: isakmp.c:1046:isakmp_ph2begin_r(): respond new phase 2 negotiation: xxx.xxx.xxx.70[0]<=>yyy.yyy.yyy.62[0] 2002-07-30 09:04:15: ERROR: ipsec_doi.c:1001:get_ph2approvalx(): not matched 2002-07-30 09:04:15: ERROR: ipsec_doi.c:966:get_ph2approval(): no suitable policy found. 2002-07-30 09:04:15: ERROR: isakmp.c:1060:isakmp_ph2begin_r(): failed to pre-process packet. 2002-07-30 09:04:18: INFO: session.c:281:check_sigreq(): caught signal 2 2002-07-30 09:04:19: INFO: session.c:180:close_session(): racoon shutdown ------------------------------------------------------------------- RACOON -Fdd: Foreground mode. 2002-07-30 09:07:43: INFO: main.c:168:main(): @(#)package version freebsd-20020507a 2002-07-30 09:07:43: INFO: main.c:170:main(): @(#)internal version 20001216 sakane@kame.net 2002-07-30 09:07:43: INFO: main.c:171:main(): @(#)This product linked OpenSSL 0.9.6a 5 Apr 2001 (http://www.openssl.org/) 2002-07-30 09:07:43: DEBUG: pfkey.c:368:pfkey_init(): call pfkey_send_register for AH 2002-07-30 09:07:43: DEBUG: pfkey.c:368:pfkey_init(): call pfkey_send_register for ESP 2002-07-30 09:07:43: DEBUG: pfkey.c:368:pfkey_init(): call pfkey_send_register for IPCOMP 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:111:yylex(): begin <5>path 2002-07-30 09:07:43: DEBUG2: cftoken.l:112:yylex(): <5> 2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <5> 2002-07-30 09:07:43: DEBUG2: cftoken.l:120:yylex(): begin <3>; 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:111:yylex(): begin <5>path 2002-07-30 09:07:43: DEBUG2: cftoken.l:114:yylex(): <5> 2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <5> 2002-07-30 09:07:43: DEBUG2: cftoken.l:120:yylex(): begin <3>; 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:111:yylex(): begin <5>path 2002-07-30 09:07:43: DEBUG2: cftoken.l:116:yylex(): <5> 2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <5> 2002-07-30 09:07:43: DEBUG2: cftoken.l:120:yylex(): begin <3>; 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:143:yylex(): begin <11>padding 2002-07-30 09:07:43: DEBUG2: cftoken.l:147:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:145:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:248:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:148:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:248:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:149:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:248:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <11> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:153:yylex(): begin <13>listen 2002-07-30 09:07:43: DEBUG2: cftoken.l:155:yylex(): <13> 2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <13> 2002-07-30 09:07:43: DEBUG2: cftoken.l:261:yylex(): <13> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <13> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <13> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <13> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <13> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3> 2002-07-30 09:07:43: DEBUG2: cftoken.l:161:yylex(): begin <15>timer 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:163:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:164:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:165:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:166:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:167:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <15> 2002-07-30 09:07:43: DEBUG2: cftoken.l:191:yylex(): begin <25>remote 2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <25> 2002-07-30 09:07:43: DEBUG2: cftoken.l:261:yylex(): <25> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:196:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:199:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:197:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:200:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:201:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:202:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:203:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:204:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:208:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:209:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:219:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:230:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:231:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:342:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:222:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:247:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:221:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:247:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:223:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:224:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:234:yylex(): begin <29>proposal 2002-07-30 09:07:43: DEBUG2: cftoken.l:237:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:238:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:240:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:242:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:301:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:241:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:320:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:243:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cfparse.y:1172:set_isakmp_proposal(): lifetime = 3600 2002-07-30 09:07:43: DEBUG2: cfparse.y:1175:set_isakmp_proposal(): lifebyte = 0 2002-07-30 09:07:43: DEBUG2: cfparse.y:1178:set_isakmp_proposal(): encklen=0 2002-07-30 09:07:43: DEBUG2: cfparse.y:1241:expand_isakmpspec(): p:1 t:1 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): DES-CBC(1) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): MD5(1) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 768-bit MODP group(1) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): pre-shared key(1) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1252:expand_isakmpspec(): 2002-07-30 09:07:43: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp768) 2002-07-30 09:07:43: DEBUG2: cftoken.l:171:yylex(): begin <21>sainfo 2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:174:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:174:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:179:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:182:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:183:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:185:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:186:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:294:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:187:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:308:yylex(): <23> 2002-07-30 09:07:43: DEBUG: pfkey.c:2240:pk_checkalg(): compression algorithm can not be checked because sadb message doesn't support it. 2002-07-30 09:07:43: DEBUG2: cftoken.l:191:yylex(): begin <25>remote 2002-07-30 09:07:43: DEBUG2: cftoken.l:192:yylex(): <25> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:196:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:200:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:197:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:199:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:201:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:202:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:203:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:204:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:208:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:329:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:209:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:329:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:219:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:230:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:231:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:342:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:222:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:247:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:221:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:247:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:223:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:224:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:234:yylex(): begin <29>proposal 2002-07-30 09:07:43: DEBUG2: cftoken.l:240:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:242:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:301:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:241:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:320:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:243:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cfparse.y:1172:set_isakmp_proposal(): lifetime = 60 2002-07-30 09:07:43: DEBUG2: cfparse.y:1175:set_isakmp_proposal(): lifebyte = 0 2002-07-30 09:07:43: DEBUG2: cfparse.y:1178:set_isakmp_proposal(): encklen=0 2002-07-30 09:07:43: DEBUG2: cfparse.y:1241:expand_isakmpspec(): p:1 t:1 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): DES-CBC(1) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): MD5(1) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 768-bit MODP group(1) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): pre-shared key(1) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1252:expand_isakmpspec(): 2002-07-30 09:07:43: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp768) 2002-07-30 09:07:43: DEBUG2: cftoken.l:191:yylex(): begin <25>remote 2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <25> 2002-07-30 09:07:43: DEBUG2: cftoken.l:261:yylex(): <25> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:196:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:200:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:197:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:199:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:201:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:202:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:203:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:204:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:208:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:329:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:209:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:329:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:219:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:230:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:231:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:342:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27> 2002-07-30 09:07:43: DEBUG2: cftoken.l:234:yylex(): begin <29>proposal 2002-07-30 09:07:43: DEBUG2: cftoken.l:240:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:281:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:242:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:302:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:241:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:320:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:243:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <29> 2002-07-30 09:07:43: DEBUG2: cfparse.y:1172:set_isakmp_proposal(): lifetime = 60 2002-07-30 09:07:43: DEBUG2: cfparse.y:1175:set_isakmp_proposal(): lifebyte = 0 2002-07-30 09:07:43: DEBUG2: cfparse.y:1178:set_isakmp_proposal(): encklen=0 2002-07-30 09:07:43: DEBUG2: cfparse.y:1241:expand_isakmpspec(): p:1 t:1 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 3DES-CBC(5) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): SHA(2) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 1024-bit MODP group(2) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): pre-shared key(1) 2002-07-30 09:07:43: DEBUG2: cfparse.y:1252:expand_isakmpspec(): 2002-07-30 09:07:43: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp1024) 2002-07-30 09:07:43: DEBUG2: cftoken.l:171:yylex(): begin <21>sainfo 2002-07-30 09:07:43: DEBUG2: cftoken.l:172:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:179:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:182:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:183:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:185:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:186:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:294:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:187:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:308:yylex(): <23> 2002-07-30 09:07:43: DEBUG: pfkey.c:2240:pk_checkalg(): compression algorithm can not be checked because sadb message doesn't support it. 2002-07-30 09:07:43: DEBUG2: cftoken.l:171:yylex(): begin <21>sainfo 2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:174:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:174:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:179:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:182:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:183:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:185:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:186:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:294:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:187:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:308:yylex(): <23> 2002-07-30 09:07:43: DEBUG: pfkey.c:2240:pk_checkalg(): compression algorithm can not be checked because sadb message doesn't support it. 2002-07-30 09:07:43: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo selected. 2002-07-30 09:07:43: DEBUG2: cftoken.l:171:yylex(): begin <21>sainfo 2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:274:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:274:yylex(): <21> 2002-07-30 09:07:43: DEBUG2: cftoken.l:179:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:182:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:183:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:185:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:281:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:188:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:284:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:188:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:285:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:188:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:186:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:295:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:188:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:294:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:187:yylex(): <23> 2002-07-30 09:07:43: DEBUG2: cftoken.l:308:yylex(): <23> 2002-07-30 09:07:43: DEBUG: pfkey.c:2240:pk_checkalg(): compression algorithm can not be checked because sadb message doesn't support it. 2002-07-30 09:07:43: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo selected. 2002-07-30 09:07:43: DEBUG2: cfparse.y:1354:cfparse(): parse successed. 2002-07-30 09:07:43: INFO: isakmp.c:1357:isakmp_open(): xxx.xxx.xxx.70[500] used as isakmp port (fd=6) 2002-07-30 09:07:43: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey X_SPDDUMP message 2002-07-30 09:07:43: DEBUG2: plog.c:193:plogdump(): 02120000 0f000100 01000000 01010000 03000500 ff200000 10020000 c0a80537 00000000 00000000 03000600 ff200000 10020000 0a000001 00000000 00000000 07001200 02000100 04000000 00000000 28003200 02020000 10020000 3ee99b3e 00000000 00000000 10020000 d4f46346 00000000 00000000 2002-07-30 09:07:43: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey X_SPDDUMP message 2002-07-30 09:07:43: DEBUG2: plog.c:193:plogdump(): 02120000 0f000100 00000000 01010000 03000500 ff200000 10020000 0a000001 00000000 00000000 03000600 ff200000 10020000 c0a80537 00000000 00000000 07001200 02000200 03000000 00000000 28003200 02020000 10020000 d4f46346 00000000 00000000 10020000 3ee99b3e 00000000 00000000 2002-07-30 09:07:43: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbfbff980: 10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out 2002-07-30 09:07:43: DEBUG: policy.c:185:cmpspidxstrict(): db :0x80a3c08: 192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in 2002-07-30 09:07:46: DEBUG: isakmp.c:218:isakmp_handler(): === 2002-07-30 09:07:46: DEBUG: isakmp.c:219:isakmp_handler(): 116 bytes message received from yyy.yyy.yyy.62[500] 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 00000000 00000000 01100200 00000000 00000074 00000058 00000001 00000001 0000004c 01010002 03000020 01010000 80010001 80020001 80040001 80030001 800b0001 800c03e8 00000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00015180 2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 07:46.220551 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid 00000000: phase 1 I ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=2 (t: #1 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration value=03e8)) (t: #2 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00015180)))) 2002-07-30 09:07:46: DEBUG: remoteconf.c:118:getrmconf(): configuration found for yyy.yyy.yyy.62[500]. 2002-07-30 09:07:46: DEBUG: isakmp.c:886:isakmp_ph1begin_r(): === 2002-07-30 09:07:46: INFO: isakmp.c:891:isakmp_ph1begin_r(): respond new phase 1 negotiation: xxx.xxx.xxx.70[500]<=>yyy.yyy.yyy.62[500] 2002-07-30 09:07:46: INFO: isakmp.c:896:isakmp_ph1begin_r(): begin Identity Protection mode. 2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=1(sa) 2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1117:get_proppair(): total SA len=84 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 00000001 00000001 0000004c 01010002 03000020 01010000 80010001 80020001 80040001 80030001 800b0001 800c03e8 00000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00015180 2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=2(prop) 2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1 len=76 2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=3(trns) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=3(trns) 2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1 len=32 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2002-07-30 09:07:46: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp768) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Life Duration, flag=0x8000, lorv=1000 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1311:get_transform(): transform #2 len=36 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2002-07-30 09:07:46: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp1024) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1213:get_proppair(): pair 1: 2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a96f0: next=0x0 tnext=0x80a9700 2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a9700: next=0x0 tnext=0x0 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1248:get_proppair(): proposal #1: 2 transform 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:322:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=2 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:327:get_ph1approvalx(): trns#=1, trns-id=IKE 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Life Duration, flag=0x8000, lorv=1000 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:338:get_ph1approvalx(): Compared: DB:Peer 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:339:get_ph1approvalx(): (lifetime = 3600:1000) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:341:get_ph1approvalx(): (lifebyte = 0:0) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:343:get_ph1approvalx(): enctype = DES-CBC:DES-CBC 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:348:get_ph1approvalx(): (encklen = 0:0) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:350:get_ph1approvalx(): hashtype = MD5:MD5 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:355:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:360:get_ph1approvalx(): dh_group = 768-bit MODP group:768-bit MODP group 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:248:get_ph1approval(): an acceptable proposal found. 2002-07-30 09:07:46: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp768) 2002-07-30 09:07:46: DEBUG: isakmp.c:1993:isakmp_newcookie(): new cookie: 1cbebccdd7441a4e 2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload of len 48, next type 13 2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload of len 16, next type 0 2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 07:46.226428 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid 00000000: phase 1 ? ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=1 (t: #1 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration value=03e8)))) (vid: len=16) 2002-07-30 09:07:46: DEBUG: sockmisc.c:421:sendfromto(): sockname xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:423:sendfromto(): send packet from xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:425:sendfromto(): send packet to yyy.yyy.yyy.62[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 100 bytes message will be sent to xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 01100200 00000000 00000064 0d000034 00000001 00000001 00000028 01010001 00000020 01010000 80010001 80020001 80040001 80030001 800b0001 800c03e8 00000014 7003cbc1 097dbe9c 2600ba69 83bc8b35 2002-07-30 09:07:46: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet ac807c45f47b274e:1cbebccdd7441a4e 2002-07-30 09:07:46: DEBUG: isakmp.c:218:isakmp_handler(): === 2002-07-30 09:07:46: DEBUG: isakmp.c:219:isakmp_handler(): 212 bytes message received from yyy.yyy.yyy.62[500] 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 04100200 00000000 000000d4 0a000064 486715dc 44d25140 6ca35a57 df22dc3a b9837719 379befd2 cc9d9c8c af993d73 132264a0 e4ab1996 befda8ef 2d247d0e 7244599c 8ef6745d f1d7ed1b 63ff914f 00811077 2aa9271c dc31ef48 3cc4ca0f 71c5e3ec 5bad14d1 07c15935 5cf94e16 0d000018 a9094684 20cd129a 17c060a0 34b7dcce 84b8a709 0d000014 12f5f28c 457168a9 702d9fe2 74cc0100 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 00000014 5947db58 f47a274e 2def7ef9 16043e84 2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 07:46.399235 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid 00000000: phase 1 ? ident: (ke: key len=96) (nonce: n len=20) (vid: len=16) (vid: len=16) (vid: len=16) 2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=4(ke) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=10(nonce) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=13(vid) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=13(vid) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=13(vid) 2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:07:46: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID 2002-07-30 09:07:46: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID 2002-07-30 09:07:46: DEBUG: vendorid.c:137:check_vendorid(): received unknown Vendor ID 2002-07-30 09:07:46: DEBUG: isakmp.c:619:ph1_main(): === 2002-07-30 09:07:46: DEBUG: oakley.c:253:oakley_dh_generate(): compute DH's private. 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 908b98ff 05c1efee 7298107e ed9fd8fb 85cdff0b 6ac35727 d8e62fb3 0b3c26c1 a5183e1d 572da52b 45e72727 8fa588bd 358a86a3 bde77383 2fd9f399 584f91fe d1d425f5 01462d6d 029568c2 3ff3a938 4b3e862c 25f8a891 0cef1fad 63739fd9 2002-07-30 09:07:46: DEBUG: oakley.c:255:oakley_dh_generate(): compute DH's public. 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): b1c97422 df5cfce0 b2840737 44b3b39d 9bc2c97a 8100c4d7 24232cf8 cdf2cef5 7edfa229 460b9ae0 6389f27c a6d5e85a 7610edf5 82407c42 6378a620 4be786a9 e583b90e fa304d0a 745fdf5c 29311d37 7fe468f9 1a7ef909 ffe66326 06089be2 2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload of len 96, next type 10 2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload of len 16, next type 13 2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload of len 16, next type 0 2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 07:46.410241 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid 00000000: phase 1 ? ident: (ke: key len=96) (nonce: n len=16) (vid: len=16) 2002-07-30 09:07:46: DEBUG: sockmisc.c:421:sendfromto(): sockname xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:423:sendfromto(): send packet from xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:425:sendfromto(): send packet to yyy.yyy.yyy.62[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 168 bytes message will be sent to xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 04100200 00000000 000000a8 0a000064 b1c97422 df5cfce0 b2840737 44b3b39d 9bc2c97a 8100c4d7 24232cf8 cdf2cef5 7edfa229 460b9ae0 6389f27c a6d5e85a 7610edf5 82407c42 6378a620 4be786a9 e583b90e fa304d0a 745fdf5c 29311d37 7fe468f9 1a7ef909 ffe66326 06089be2 0d000014 b4ed1e16 d9d6141e f80a2221 cfe7eed7 00000014 7003cbc1 097dbe9c 2600ba69 83bc8b35 2002-07-30 09:07:46: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1 packet ac807c45f47b274e:1cbebccdd7441a4e 2002-07-30 09:07:46: DEBUG: oakley.c:207:oakley_dh_compute(): compute DH's shared. 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 4926bc0c adffe6c5 6ddb32b1 6f38ccfe cd084394 fca9cd1d 32e5b380 70e3e9f9 3afd38e8 2a7c1719 c7e3b2cd 32d69873 6da5ec51 7faf449d 8fcbb7ff 820dc82a 86f443d5 493e35b6 c413fb29 414af10d 9994783f f7bbf37c 49ea69bc 580229ca 2002-07-30 09:07:46: DEBUG: oakley.c:2057:oakley_skeyid(): the psk found. 2002-07-30 09:07:46: DEBUG2: oakley.c:2059:oakley_skeyid(): psk: 2002-07-30 09:07:46: DEBUG2: plog.c:193:plogdump(): 6c61637a 65476574 696e 2002-07-30 09:07:46: DEBUG: oakley.c:2072:oakley_skeyid(): nonce 1: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): a9094684 20cd129a 17c060a0 34b7dcce 84b8a709 2002-07-30 09:07:46: DEBUG: oakley.c:2078:oakley_skeyid(): nonce 2: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): b4ed1e16 d9d6141e f80a2221 cfe7eed7 2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:07:46: DEBUG: oakley.c:2131:oakley_skeyid(): SKEYID computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 7507b71b fd1332ac ca68d489 c3229244 2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:07:46: DEBUG: oakley.c:2188:oakley_skeyid_dae(): SKEYID_d computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): cf8be12f 8dd5d3a5 8f8b1308 db0202c4 2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:07:46: DEBUG: oakley.c:2217:oakley_skeyid_dae(): SKEYID_a computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): c72e1994 2d3299fa f631fa5c 27686996 2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:07:46: DEBUG: oakley.c:2246:oakley_skeyid_dae(): SKEYID_e computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): b5a9e14b 687a9d70 42cf9cf2 b1de0b80 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5) 2002-07-30 09:07:46: DEBUG: oakley.c:2388:oakley_compute_enckey(): final encryption key computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): b5a9e14b 687a9d70 2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5) 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2499:oakley_newiv(): IV computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): a08856be 34147be4 2002-07-30 09:07:46: DEBUG: isakmp.c:218:isakmp_handler(): === 2002-07-30 09:07:46: DEBUG: isakmp.c:219:isakmp_handler(): 68 bytes message received from yyy.yyy.yyy.62[500] 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 05100201 00000000 00000044 f7875931 69c9fd66 45c227c0 ae1cce73 3e4f1904 91c81b43 34373f77 19056fa5 a7eeef5c 6570a19e 2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 07:46.552469 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid 00000000: phase 1 ? ident[E]: [|id] 2002-07-30 09:07:46: DEBUG: oakley.c:2619:oakley_do_decrypt(): begin decryption. 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2633:oakley_do_decrypt(): IV was saved for next processing: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): a7eeef5c 6570a19e 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2658:oakley_do_decrypt(): with key: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): b5a9e14b 687a9d70 2002-07-30 09:07:46: DEBUG: oakley.c:2666:oakley_do_decrypt(): decrypted payload by IV: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): a08856be 34147be4 2002-07-30 09:07:46: DEBUG: oakley.c:2669:oakley_do_decrypt(): decrypted payload, but not trimed. 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 0800000c 011101f4 3ee99b3e 00000014 cdc1e40e d2fc0913 b6ef2a19 8c713253 00000000 00000000 2002-07-30 09:07:46: DEBUG: oakley.c:2678:oakley_do_decrypt(): padding len=0 2002-07-30 09:07:46: DEBUG: oakley.c:2692:oakley_do_decrypt(): skip to trim padding. 2002-07-30 09:07:46: DEBUG: oakley.c:2707:oakley_do_decrypt(): decrypted. 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 05100201 00000000 00000044 0800000c 011101f4 3ee99b3e 00000014 cdc1e40e d2fc0913 b6ef2a19 8c713253 00000000 00000000 2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 07:46.554039 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid 00000000: phase 1 ? ident: (id: idtype=IPv4 protoid=udp port=500 len=4 yyy.yyy.yyy.62) (hash: len=16) 2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=5(id) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=8(hash) 2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:07:46: WARNING: ipsec_doi.c:3059:ipsecdoi_checkid1(): ID value mismatched. 2002-07-30 09:07:46: DEBUG: oakley.c:1159:oakley_validate_auth(): HASH received:2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): cdc1e40e d2fc0913 b6ef2a19 8c713253 2002-07-30 09:07:46: DEBUG: oakley.c:864:oakley_ph1hash_common(): HASH with: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 486715dc 44d25140 6ca35a57 df22dc3a b9837719 379befd2 cc9d9c8c af993d73 132264a0 e4ab1996 befda8ef 2d247d0e 7244599c 8ef6745d f1d7ed1b 63ff914f 00811077 2aa9271c dc31ef48 3cc4ca0f 71c5e3ec 5bad14d1 07c15935 5cf94e16 b1c97422 df5cfce0 b2840737 44b3b39d 9bc2c97a 8100c4d7 24232cf8 cdf2cef5 7edfa229 460b9ae0 6389f27c a6d5e85a 7610edf5 82407c42 6378a620 4be786a9 e583b90e fa304d0a 745fdf5c 29311d37 7fe468f9 1a7ef909 ffe66326 06089be2 ac807c45 f47b274e 1cbebccd d7441a4e 00000001 00000001 0000004c 01010002 03000020 01010000 80010001 80020001 80040001 80030001 800b0001 800c03e8 00000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00015180 011101f4 3ee99b3e 2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:07:46: DEBUG: oakley.c:874:oakley_ph1hash_common(): HASH computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): cdc1e40e d2fc0913 b6ef2a19 8c713253 2002-07-30 09:07:46: DEBUG: oakley.c:1190:oakley_validate_auth(): HASH for PSK validated. 2002-07-30 09:07:46: DEBUG: isakmp_ident.c:1250:ident_r3recv(): peer's ID 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 011101f4 3ee99b3e 2002-07-30 09:07:46: DEBUG: isakmp.c:619:ph1_main(): === 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3185:ipsecdoi_setid1(): use ID type of IPv4_address 2002-07-30 09:07:46: DEBUG: isakmp_ident.c:1327:ident_r3send(): generate HASH_R 2002-07-30 09:07:46: DEBUG: oakley.c:864:oakley_ph1hash_common(): HASH with: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): b1c97422 df5cfce0 b2840737 44b3b39d 9bc2c97a 8100c4d7 24232cf8 cdf2cef5 7edfa229 460b9ae0 6389f27c a6d5e85a 7610edf5 82407c42 6378a620 4be786a9 e583b90e fa304d0a 745fdf5c 29311d37 7fe468f9 1a7ef909 ffe66326 06089be2 486715dc 44d25140 6ca35a57 df22dc3a b9837719 379befd2 cc9d9c8c af993d73 132264a0 e4ab1996 befda8ef 2d247d0e 7244599c 8ef6745d f1d7ed1b 63ff914f 00811077 2aa9271c dc31ef48 3cc4ca0f 71c5e3ec 5bad14d1 07c15935 5cf94e16 1cbebccd d7441a4e ac807c45 f47b274e 00000001 00000001 0000004c 01010002 03000020 01010000 80010001 80020001 80040001 80030001 800b0001 800c03e8 00000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00015180 011101f4 0a000001 2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:07:46: DEBUG: oakley.c:874:oakley_ph1hash_common(): HASH computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 97cbfa45 9d6136c9 c059094f 3046ca17 2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload of len 8, next type 8 2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload of len 16, next type 0 2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 07:46.556746 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid 00000000: phase 1 ? ident: (id: idtype=IPv4 protoid=udp port=500 len=4 10.0.0.1) (hash: len=16) 2002-07-30 09:07:46: DEBUG: oakley.c:2742:oakley_do_encrypt(): begin encryption. 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2758:oakley_do_encrypt(): pad length = 8 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 0800000c 011101f4 0a000001 00000014 97cbfa45 9d6136c9 c059094f 3046ca17 00000000 00000008 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2793:oakley_do_encrypt(): with key: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): b5a9e14b 687a9d70 2002-07-30 09:07:46: DEBUG: oakley.c:2801:oakley_do_encrypt(): encrypted payload by IV: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): a7eeef5c 6570a19e 2002-07-30 09:07:46: DEBUG: oakley.c:2808:oakley_do_encrypt(): save IV for next: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 5dd5e325 f1e6fcf2 2002-07-30 09:07:46: DEBUG: oakley.c:2825:oakley_do_encrypt(): encrypted. 2002-07-30 09:07:46: DEBUG: sockmisc.c:421:sendfromto(): sockname xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:423:sendfromto(): send packet from xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:425:sendfromto(): send packet to yyy.yyy.yyy.62[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 68 bytes message will be sent to xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 05100201 00000000 00000044 5c23fae9 69caff06 e00b5a07 459c99d4 d41a4ef7 f4e9a8d2 cc28bebf 6fd25ff8 5dd5e325 f1e6fcf2 2002-07-30 09:07:46: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for phase2 2002-07-30 09:07:46: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 5dd5e325 f1e6fcf2 f589c125 2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5) 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 28555ac9 47919cd4 2002-07-30 09:07:46: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): f589c125 0000001c 00000001 01106002 ac807c45 f47b274e 1cbebccd d7441a4e 2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:07:46: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 4ebb3dd5 a02f5972 274fb122 3ea58c9e 2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 07:46.559544 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid f589c125: phase 2/others ? inf: (hash: len=16) (n: doi=ipsec proto=isakmp type=INITIAL-CONTACT spi=ac807c45f47b274e1cbebccdd7441a4e) 2002-07-30 09:07:46: DEBUG: oakley.c:2742:oakley_do_encrypt(): begin encryption. 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2758:oakley_do_encrypt(): pad length = 8 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 0b000014 4ebb3dd5 a02f5972 274fb122 3ea58c9e 0000001c 00000001 01106002 ac807c45 f47b274e 1cbebccd d7441a4e 00000000 00000008 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2793:oakley_do_encrypt(): with key: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): b5a9e14b 687a9d70 2002-07-30 09:07:46: DEBUG: oakley.c:2801:oakley_do_encrypt(): encrypted payload by IV: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 28555ac9 47919cd4 2002-07-30 09:07:46: DEBUG: oakley.c:2808:oakley_do_encrypt(): save IV for next: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 756eb00a 0162c137 2002-07-30 09:07:46: DEBUG: oakley.c:2825:oakley_do_encrypt(): encrypted. 2002-07-30 09:07:46: DEBUG: sockmisc.c:421:sendfromto(): sockname xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:423:sendfromto(): send packet from xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:425:sendfromto(): send packet to yyy.yyy.yyy.62[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 84 bytes message will be sent to xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 08100501 f589c125 00000054 9efb20ea b4964749 9fed8b66 b3d52a48 27f8be3f 9340c545 19c2bd9f 3a727d40 1e39992e 7797e0fd 7ec27388 fab9f2e3 756eb00a 0162c137 2002-07-30 09:07:46: DEBUG: isakmp_inf.c:634:isakmp_info_send_common(): sendto Information notify. 2002-07-30 09:07:46: INFO: isakmp.c:2409:log_ph1established(): ISAKMP-SA established xxx.xxx.xxx.70[500]-yyy.yyy.yyy.62[500] spi:ac807c45f47b274e:1cbebccdd7441a4e 2002-07-30 09:07:46: DEBUG: isakmp.c:666:ph1_main(): === 2002-07-30 09:07:46: DEBUG: isakmp.c:218:isakmp_handler(): === 2002-07-30 09:07:46: DEBUG: isakmp.c:219:isakmp_handler(): 316 bytes message received from yyy.yyy.yyy.62[500] 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 08102001 fe990af1 0000013c 76f9b209 919ce0a2 de383664 35b616c1 726a7c94 32d7a814 500abea9 50824e57 457dbee0 1f5de584 dfbca6c1 ab8eab18 94426b19 c6a5b814 f71c7093 7f3e9d6f 797ec813 0fb3f604 b507f03a d0b992c8 d655654c a0badc5d 56c90f82 21f019bb 1c1861a5 44ea240f 5d465476 409fde28 2f0d9e9e 507c1588 f43a6bdc 48d64e90 af79c269 c45d3273 e4929e86 a6ae982d 2e99d9f8 20723048 6ee0022e e21886ee 55f2f730 0b07ed0f 4f34a001 11bf3119 dbc883df 95dd7b83 be475fa0 cba7e6c5 cc8ab740 a80149e1 8ac96d1d 9d4a6f54 24f510e9 500d51f4 c66b71a9 d68757f9 65cdced2 7c7e5f45 78af9dc6 834882f8 6081a76a fb50acbc a245800e 1b6051f6 9620e8cd 1bb2a20b ce850e0b 7b71cddc 4bc8e714 d3f8e787 ab2b314c cb749e52 2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 07:46.727837 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid fe990af1: phase 2/others ? oakley-quick[E]: [|hash] 2002-07-30 09:07:46: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for phase2 2002-07-30 09:07:46: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 5dd5e325 f1e6fcf2 fe990af1 2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5) 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 54bd5a4e 41e2d3b7 2002-07-30 09:07:46: DEBUG: isakmp.c:1041:isakmp_ph2begin_r(): === 2002-07-30 09:07:46: INFO: isakmp.c:1046:isakmp_ph2begin_r(): respond new phase 2 negotiation: xxx.xxx.xxx.70[0]<=>yyy.yyy.yyy.62[0] 2002-07-30 09:07:46: DEBUG: oakley.c:2619:oakley_do_decrypt(): begin decryption. 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2633:oakley_do_decrypt(): IV was saved for next processing: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ab2b314c cb749e52 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2658:oakley_do_decrypt(): with key: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): b5a9e14b 687a9d70 2002-07-30 09:07:46: DEBUG: oakley.c:2666:oakley_do_decrypt(): decrypted payload by IV: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 54bd5a4e 41e2d3b7 2002-07-30 09:07:46: DEBUG: oakley.c:2669:oakley_do_decrypt(): decrypted payload, but not trimed. 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 01000014 f97e334c 259db005 0b2ca0b0 8eb56996 0a000074 00000001 00000001 02000034 01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80050001 80030001 04000018 68cd589f b6f640a9 ab51388e 739d559a d3debeed 05000064 5667f1b3 a1acea95 9fc21866 16b09c60 b6fb5011 69293d7e 5529ca69 3343df02 1857d238 eb743bc6 22525df7 56704e9b 212ff9b7 67ccfa06 f5fd33bf 3f0e51cf e3792910 bd2f905d 931c3ad4 10f8b30e a7e40354 1a2694a2 7dee64f1 a3766e7d 0500000c 01000000 c0a80537 0000000c 01000000 0a000001 00000000 2002-07-30 09:07:46: DEBUG: oakley.c:2678:oakley_do_decrypt(): padding len=0 2002-07-30 09:07:46: DEBUG: oakley.c:2692:oakley_do_decrypt(): skip to trim padding. 2002-07-30 09:07:46: DEBUG: oakley.c:2707:oakley_do_decrypt(): decrypted. 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 08102001 fe990af1 0000013c 01000014 f97e334c 259db005 0b2ca0b0 8eb56996 0a000074 00000001 00000001 02000034 01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80050001 80030001 04000018 68cd589f b6f640a9 ab51388e 739d559a d3debeed 05000064 5667f1b3 a1acea95 9fc21866 16b09c60 b6fb5011 69293d7e 5529ca69 3343df02 1857d238 eb743bc6 22525df7 56704e9b 212ff9b7 67ccfa06 f5fd33bf 3f0e51cf e3792910 bd2f905d 931c3ad4 10f8b30e a7e40354 1a2694a2 7dee64f1 a3766e7d 0500000c 01000000 c0a80537 0000000c 01000000 0a000001 00000000 2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 07:46.730198 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid fe990af1: phase 2/others ? oakley-quick: (hash: len=16) (sa: doi=ipsec situation=identity (p: #1 protoid=ipsec-ah transform=1 spi=f17d1bfa (t: #1 id=md5 (type=enc mode value=tunnel)(type=lifetype value=sec)(type=life value=7080)(type=lifetype value=kb)(type=life len=4 value=00465000)(type=group desc value=modp768)(type=auth value=hmac-md5))) (p: #1 protoid=ipsec-esp transform=1 spi=028a2fa8 (t: #1 id=1des (type=enc mode value=tunnel)(type=lifetype value=sec)(type=life value=7080)(type=lifetype value=kb)(type=life len=4 value=00465000)(type=auth value=hmac-md5)(type=group desc value=modp768)))) (nonce: n len=20) (ke: key len=96) (id: idtype=IPv4 protoid=0 port=0 len=4 192.168.5.55) (id: idtype=IPv4 protoid=0 port=0 len=4 10.0.0.1) 2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=8(hash) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=1(sa) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=10(nonce) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=4(ke) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=5(id) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=5(id) 2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1004:quick_r1recv(): received IDci2:2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 01000000 c0a80537 2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1008:quick_r1recv(): received IDcr2:2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 01000000 0a000001 2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1023:quick_r1recv(): HASH(1) validate:2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): f97e334c 259db005 0b2ca0b0 8eb56996 2002-07-30 09:07:46: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): fe990af1 0a000074 00000001 00000001 02000034 01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80050001 80030001 04000018 68cd589f b6f640a9 ab51388e 739d559a d3debeed 05000064 5667f1b3 a1acea95 9fc21866 16b09c60 b6fb5011 69293d7e 5529ca69 3343df02 1857d238 eb743bc6 22525df7 56704e9b 212ff9b7 67ccfa06 f5fd33bf 3f0e51cf e3792910 bd2f905d 931c3ad4 10f8b30e a7e40354 1a2694a2 7dee64f1 a3766e7d 0500000c 01000000 c0a80537 0000000c 01000000 0a000001 2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:07:46: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): f97e334c 259db005 0b2ca0b0 8eb56996 2002-07-30 09:07:46: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo selected. 2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1815:get_sainfo_r(): get sa info: anonymous 2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1993:get_proposal_r(): get a src address from ID payload 192.168.5.55[0] prefixlen=32 ul_proto=255 2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1998:get_proposal_r(): get dst address from ID payload 10.0.0.1[0] prefixlen=32 ul_proto=255 2002-07-30 09:07:46: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0: 192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in 2002-07-30 09:07:46: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3c08: 192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in 2002-07-30 09:07:46: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff7b0 masked with /32: 192.168.5.55[0] 2002-07-30 09:07:46: DEBUG: policy.c:246:cmpspidxwild(): 0x80a3c08 masked with /32: 192.168.5.55[0] 2002-07-30 09:07:46: DEBUG: policy.c:260:cmpspidxwild(): 0xbfbff7b0 masked with /32: 10.0.0.1[0] 2002-07-30 09:07:46: DEBUG: policy.c:262:cmpspidxwild(): 0x80a3c08 masked with /32: 10.0.0.1[0] 2002-07-30 09:07:46: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0: 10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out 2002-07-30 09:07:46: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3c08: 192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in 2002-07-30 09:07:46: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0: 10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out 2002-07-30 09:07:46: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80b6008: 10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out 2002-07-30 09:07:46: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff7b0 masked with /32: 10.0.0.1[0] 2002-07-30 09:07:46: DEBUG: policy.c:246:cmpspidxwild(): 0x80b6008 masked with /32: 10.0.0.1[0] 2002-07-30 09:07:46: DEBUG: policy.c:260:cmpspidxwild(): 0xbfbff7b0 masked with /32: 192.168.5.55[0] 2002-07-30 09:07:46: DEBUG: policy.c:262:cmpspidxwild(): 0x80b6008 masked with /32: 192.168.5.55[0] 2002-07-30 09:07:46: DEBUG: isakmp_quick.c:2054:get_proposal_r(): suitable SP found:10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out 2002-07-30 09:07:46: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0) 2002-07-30 09:07:46: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES encklen=0 authtype=1) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1117:get_proppair(): total SA len=112 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 00000001 00000001 02000034 01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80050001 80030001 2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=2(prop) 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=2(prop) 2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1 len=52 2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=3(trns) 2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1 len=40 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Encription Mode, flag=0x8000, lorv=Tunnel 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=seconds 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Duration, flag=0x8000, lorv=28800 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2155:check_attr_ipsec(): life duration was in TLV. 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=kilobytes 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Duration, flag=0x0000, lorv=4 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Group Description, flag=0x8000, lorv=1 2002-07-30 09:07:46: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp768) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Authentication Algorithm, flag=0x8000, lorv=1 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1 len=52 2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=3(trns) 2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1 len=40 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Encription Mode, flag=0x8000, lorv=Tunnel 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=seconds 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Duration, flag=0x8000, lorv=28800 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2155:check_attr_ipsec(): life duration was in TLV. 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=kilobytes 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Duration, flag=0x0000, lorv=4 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Authentication Algorithm, flag=0x8000, lorv=1 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Group Description, flag=0x8000, lorv=1 2002-07-30 09:07:46: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp768) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1213:get_proppair(): pair 1: 2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b30: next=0x80a9b40 tnext=0x0 2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b40: next=0x0 tnext=0x0 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1248:get_proppair(): proposal #1: 2 transform 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:948:get_ph2approval(): begin compare proposals. 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:954:get_ph2approval(): pair[1]: 0x80a9b30 2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b30: next=0x80a9b40 tnext=0x0 2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b40: next=0x0 tnext=0x0 2002-07-30 09:07:46: DEBUG: proposal.c:681:aproppair2saprop(): prop#=1 prot-id=AH spi-size=4 #trns=1 trns#=1 trns-id=MD5 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Encription Mode, flag=0x8000, lorv=Tunnel 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Type, flag=0x8000, lorv=seconds 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Duration, flag=0x8000, lorv=28800 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Type, flag=0x8000, lorv=kilobytes 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Duration, flag=0x0000, lorv=4 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Group Description, flag=0x8000, lorv=1 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Authentication Algorithm, flag=0x8000, lorv=1 2002-07-30 09:07:46: DEBUG: proposal.c:681:aproppair2saprop(): prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=DES 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Encription Mode, flag=0x8000, lorv=Tunnel 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Type, flag=0x8000, lorv=seconds 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Duration, flag=0x8000, lorv=28800 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Type, flag=0x8000, lorv=kilobytes 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Duration, flag=0x0000, lorv=4 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Authentication Algorithm, flag=0x8000, lorv=1 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Group Description, flag=0x8000, lorv=1 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:990:get_ph2approvalx(): peer's single bundle: 2002-07-30 09:07:46: DEBUG: proposal.c:825:printsaproto(): (proto_id=AH spisize=4 spi=f17d1bfa spi_p=00000000 encmode=Tunnel reqid=0:0) 2002-07-30 09:07:46: DEBUG: proposal.c:853:printsatrns(): (trns_id=MD5 authtype=1) 2002-07-30 09:07:46: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP spisize=4 spi=028a2fa8 spi_p=00000000 encmode=Tunnel reqid=0:0) 2002-07-30 09:07:46: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES encklen=0 authtype=1) 2002-07-30 09:07:46: DEBUG: ipsec_doi.c:993:get_ph2approvalx(): my single bundle: 2002-07-30 09:07:46: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0) 2002-07-30 09:07:46: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES encklen=0 authtype=1) 2002-07-30 09:07:46: ERROR: ipsec_doi.c:1001:get_ph2approvalx(): not matched 2002-07-30 09:07:46: ERROR: ipsec_doi.c:966:get_ph2approval(): no suitable policy found. 2002-07-30 09:07:46: ERROR: isakmp.c:1060:isakmp_ph2begin_r(): failed to pre-process packet. 2002-07-30 09:07:46: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for phase2 2002-07-30 09:07:46: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 5dd5e325 f1e6fcf2 edfe6e03 2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5) 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 09aa6ed9 c269e7f0 2002-07-30 09:07:46: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): edfe6e03 0000000c 00000001 0100000e 2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:07:46: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH computed: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): d2819e13 837cf329 1739a7e9 72cd5bc6 2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 07:46.739906 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid edfe6e03: phase 2/others ? inf: (hash: len=16) (n: doi=ipsec proto=isakmp type=NO-PROPOSAL-CHOSEN) 2002-07-30 09:07:46: DEBUG: oakley.c:2742:oakley_do_encrypt(): begin encryption. 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2758:oakley_do_encrypt(): pad length = 8 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 0b000014 d2819e13 837cf329 1739a7e9 72cd5bc6 0000000c 00000001 0100000e 00000000 00000008 2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:07:46: DEBUG: oakley.c:2793:oakley_do_encrypt(): with key: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): b5a9e14b 687a9d70 2002-07-30 09:07:46: DEBUG: oakley.c:2801:oakley_do_encrypt(): encrypted payload by IV: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 09aa6ed9 c269e7f0 2002-07-30 09:07:46: DEBUG: oakley.c:2808:oakley_do_encrypt(): save IV for next: 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): 43a22c70 16c217ae 2002-07-30 09:07:46: DEBUG: oakley.c:2825:oakley_do_encrypt(): encrypted. 2002-07-30 09:07:46: DEBUG: sockmisc.c:421:sendfromto(): sockname xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:423:sendfromto(): send packet from xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:425:sendfromto(): send packet to yyy.yyy.yyy.62[500] 2002-07-30 09:07:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 68 bytes message will be sent to xxx.xxx.xxx.70[500] 2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 08100501 edfe6e03 00000044 db426b51 13f99b7e 787698aa 4d1a5d7f 9e078d8b fa5bc9a1 a37f6102 063f2487 43a22c70 16c217ae 2002-07-30 09:07:46: DEBUG: isakmp_inf.c:634:isakmp_info_send_common(): sendto Information notify. 2002-07-30 09:08:01: DEBUG: isakmp.c:218:isakmp_handler(): === 2002-07-30 09:08:01: DEBUG: isakmp.c:219:isakmp_handler(): 316 bytes message received from yyy.yyy.yyy.62[500] 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 08102001 fe990af1 0000013c 76f9b209 919ce0a2 de383664 35b616c1 726a7c94 32d7a814 500abea9 50824e57 457dbee0 1f5de584 dfbca6c1 ab8eab18 94426b19 c6a5b814 f71c7093 7f3e9d6f 797ec813 0fb3f604 b507f03a d0b992c8 d655654c a0badc5d 56c90f82 21f019bb 1c1861a5 44ea240f 5d465476 409fde28 2f0d9e9e 507c1588 f43a6bdc 48d64e90 af79c269 c45d3273 e4929e86 a6ae982d 2e99d9f8 20723048 6ee0022e e21886ee 55f2f730 0b07ed0f 4f34a001 11bf3119 dbc883df 95dd7b83 be475fa0 cba7e6c5 cc8ab740 a80149e1 8ac96d1d 9d4a6f54 24f510e9 500d51f4 c66b71a9 d68757f9 65cdced2 7c7e5f45 78af9dc6 834882f8 6081a76a fb50acbc a245800e 1b6051f6 9620e8cd 1bb2a20b ce850e0b 7b71cddc 4bc8e714 d3f8e787 ab2b314c cb749e52 2002-07-30 09:08:01: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 08:01.715502 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid fe990af1: phase 2/others ? oakley-quick[E]: [|hash] 2002-07-30 09:08:01: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for phase2 2002-07-30 09:08:01: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): 5dd5e325 f1e6fcf2 fe990af1 2002-07-30 09:08:01: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5) 2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:08:01: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV computed: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): 54bd5a4e 41e2d3b7 2002-07-30 09:08:01: DEBUG: isakmp.c:1041:isakmp_ph2begin_r(): === 2002-07-30 09:08:01: INFO: isakmp.c:1046:isakmp_ph2begin_r(): respond new phase 2 negotiation: xxx.xxx.xxx.70[0]<=>yyy.yyy.yyy.62[0] 2002-07-30 09:08:01: DEBUG: oakley.c:2619:oakley_do_decrypt(): begin decryption. 2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:08:01: DEBUG: oakley.c:2633:oakley_do_decrypt(): IV was saved for next processing: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): ab2b314c cb749e52 2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:08:01: DEBUG: oakley.c:2658:oakley_do_decrypt(): with key: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): b5a9e14b 687a9d70 2002-07-30 09:08:01: DEBUG: oakley.c:2666:oakley_do_decrypt(): decrypted payload by IV: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): 54bd5a4e 41e2d3b7 2002-07-30 09:08:01: DEBUG: oakley.c:2669:oakley_do_decrypt(): decrypted payload, but not trimed. 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): 01000014 f97e334c 259db005 0b2ca0b0 8eb56996 0a000074 00000001 00000001 02000034 01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80050001 80030001 04000018 68cd589f b6f640a9 ab51388e 739d559a d3debeed 05000064 5667f1b3 a1acea95 9fc21866 16b09c60 b6fb5011 69293d7e 5529ca69 3343df02 1857d238 eb743bc6 22525df7 56704e9b 212ff9b7 67ccfa06 f5fd33bf 3f0e51cf e3792910 bd2f905d 931c3ad4 10f8b30e a7e40354 1a2694a2 7dee64f1 a3766e7d 0500000c 01000000 c0a80537 0000000c 01000000 0a000001 00000000 2002-07-30 09:08:01: DEBUG: oakley.c:2678:oakley_do_decrypt(): padding len=0 2002-07-30 09:08:01: DEBUG: oakley.c:2692:oakley_do_decrypt(): skip to trim padding. 2002-07-30 09:08:01: DEBUG: oakley.c:2707:oakley_do_decrypt(): decrypted. 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 08102001 fe990af1 0000013c 01000014 f97e334c 259db005 0b2ca0b0 8eb56996 0a000074 00000001 00000001 02000034 01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80050001 80030001 04000018 68cd589f b6f640a9 ab51388e 739d559a d3debeed 05000064 5667f1b3 a1acea95 9fc21866 16b09c60 b6fb5011 69293d7e 5529ca69 3343df02 1857d238 eb743bc6 22525df7 56704e9b 212ff9b7 67ccfa06 f5fd33bf 3f0e51cf e3792910 bd2f905d 931c3ad4 10f8b30e a7e40354 1a2694a2 7dee64f1 a3766e7d 0500000c 01000000 c0a80537 0000000c 01000000 0a000001 00000000 2002-07-30 09:08:01: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 08:01.718093 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid fe990af1: phase 2/others ? oakley-quick: (hash: len=16) (sa: doi=ipsec situation=identity (p: #1 protoid=ipsec-ah transform=1 spi=f17d1bfa (t: #1 id=md5 (type=enc mode value=tunnel)(type=lifetype value=sec)(type=life value=7080)(type=lifetype value=kb)(type=life len=4 value=00465000)(type=group desc value=modp768)(type=auth value=hmac-md5))) (p: #1 protoid=ipsec-esp transform=1 spi=028a2fa8 (t: #1 id=1des (type=enc mode value=tunnel)(type=lifetype value=sec)(type=life value=7080)(type=lifetype value=kb)(type=life len=4 value=00465000)(type=auth value=hmac-md5)(type=group desc value=modp768)))) (nonce: n len=20) (ke: key len=96) (id: idtype=IPv4 protoid=0 port=0 len=4 192.168.5.55) (id: idtype=IPv4 protoid=0 port=0 len=4 10.0.0.1) 2002-07-30 09:08:01: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=8(hash) 2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=1(sa) 2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=10(nonce) 2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=4(ke) 2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=5(id) 2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=5(id) 2002-07-30 09:08:01: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1004:quick_r1recv(): received IDci2:2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): 01000000 c0a80537 2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1008:quick_r1recv(): received IDcr2:2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): 01000000 0a000001 2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1023:quick_r1recv(): HASH(1) validate:2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): f97e334c 259db005 0b2ca0b0 8eb56996 2002-07-30 09:08:01: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): fe990af1 0a000074 00000001 00000001 02000034 01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80050001 80030001 04000018 68cd589f b6f640a9 ab51388e 739d559a d3debeed 05000064 5667f1b3 a1acea95 9fc21866 16b09c60 b6fb5011 69293d7e 5529ca69 3343df02 1857d238 eb743bc6 22525df7 56704e9b 212ff9b7 67ccfa06 f5fd33bf 3f0e51cf e3792910 bd2f905d 931c3ad4 10f8b30e a7e40354 1a2694a2 7dee64f1 a3766e7d 0500000c 01000000 c0a80537 0000000c 01000000 0a000001 2002-07-30 09:08:01: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:08:01: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH computed: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): f97e334c 259db005 0b2ca0b0 8eb56996 2002-07-30 09:08:01: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo selected. 2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1815:get_sainfo_r(): get sa info: anonymous 2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1993:get_proposal_r(): get a src address from ID payload 192.168.5.55[0] prefixlen=32 ul_proto=255 2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1998:get_proposal_r(): get dst address from ID payload 10.0.0.1[0] prefixlen=32 ul_proto=255 2002-07-30 09:08:01: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0: 192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in 2002-07-30 09:08:01: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3c08: 192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in 2002-07-30 09:08:01: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff7b0 masked with /32: 192.168.5.55[0] 2002-07-30 09:08:01: DEBUG: policy.c:246:cmpspidxwild(): 0x80a3c08 masked with /32: 192.168.5.55[0] 2002-07-30 09:08:01: DEBUG: policy.c:260:cmpspidxwild(): 0xbfbff7b0 masked with /32: 10.0.0.1[0] 2002-07-30 09:08:01: DEBUG: policy.c:262:cmpspidxwild(): 0x80a3c08 masked with /32: 10.0.0.1[0] 2002-07-30 09:08:01: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0: 10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out 2002-07-30 09:08:01: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3c08: 192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in 2002-07-30 09:08:01: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0: 10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out 2002-07-30 09:08:01: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80b6008: 10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out 2002-07-30 09:08:01: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff7b0 masked with /32: 10.0.0.1[0] 2002-07-30 09:08:01: DEBUG: policy.c:246:cmpspidxwild(): 0x80b6008 masked with /32: 10.0.0.1[0] 2002-07-30 09:08:01: DEBUG: policy.c:260:cmpspidxwild(): 0xbfbff7b0 masked with /32: 192.168.5.55[0] 2002-07-30 09:08:01: DEBUG: policy.c:262:cmpspidxwild(): 0x80b6008 masked with /32: 192.168.5.55[0] 2002-07-30 09:08:01: DEBUG: isakmp_quick.c:2054:get_proposal_r(): suitable SP found:10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out 2002-07-30 09:08:01: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0) 2002-07-30 09:08:01: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES encklen=0 authtype=1) 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1117:get_proppair(): total SA len=112 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): 00000001 00000001 02000034 01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8 00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000 80050001 80030001 2002-07-30 09:08:01: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=2(prop) 2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=2(prop) 2002-07-30 09:08:01: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1 len=52 2002-07-30 09:08:01: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=3(trns) 2002-07-30 09:08:01: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1 len=40 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Encription Mode, flag=0x8000, lorv=Tunnel 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=seconds 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Duration, flag=0x8000, lorv=28800 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2155:check_attr_ipsec(): life duration was in TLV. 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=kilobytes 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Duration, flag=0x0000, lorv=4 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Group Description, flag=0x8000, lorv=1 2002-07-30 09:08:01: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp768) 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Authentication Algorithm, flag=0x8000, lorv=1 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1 len=52 2002-07-30 09:08:01: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin. 2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen nptype=3(trns) 2002-07-30 09:08:01: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed. 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1 len=40 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Encription Mode, flag=0x8000, lorv=Tunnel 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=seconds 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Duration, flag=0x8000, lorv=28800 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2155:check_attr_ipsec(): life duration was in TLV. 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Type, flag=0x8000, lorv=kilobytes 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA Life Duration, flag=0x0000, lorv=4 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Authentication Algorithm, flag=0x8000, lorv=1 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Group Description, flag=0x8000, lorv=1 2002-07-30 09:08:01: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp768) 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1213:get_proppair(): pair 1: 2002-07-30 09:08:01: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b30: next=0x80a9b40 tnext=0x0 2002-07-30 09:08:01: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b40: next=0x0 tnext=0x0 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1248:get_proppair(): proposal #1: 2 transform 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:948:get_ph2approval(): begin compare proposals. 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:954:get_ph2approval(): pair[1]: 0x80a9b30 2002-07-30 09:08:01: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b30: next=0x80a9b40 tnext=0x0 2002-07-30 09:08:01: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b40: next=0x0 tnext=0x0 2002-07-30 09:08:01: DEBUG: proposal.c:681:aproppair2saprop(): prop#=1 prot-id=AH spi-size=4 #trns=1 trns#=1 trns-id=MD5 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Encription Mode, flag=0x8000, lorv=Tunnel 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Type, flag=0x8000, lorv=seconds 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Duration, flag=0x8000, lorv=28800 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Type, flag=0x8000, lorv=kilobytes 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Duration, flag=0x0000, lorv=4 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Group Description, flag=0x8000, lorv=1 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Authentication Algorithm, flag=0x8000, lorv=1 2002-07-30 09:08:01: DEBUG: proposal.c:681:aproppair2saprop(): prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=DES 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Encription Mode, flag=0x8000, lorv=Tunnel 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Type, flag=0x8000, lorv=seconds 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Duration, flag=0x8000, lorv=28800 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Type, flag=0x8000, lorv=kilobytes 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA Life Duration, flag=0x0000, lorv=4 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Authentication Algorithm, flag=0x8000, lorv=1 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Group Description, flag=0x8000, lorv=1 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:990:get_ph2approvalx(): peer's single bundle: 2002-07-30 09:08:01: DEBUG: proposal.c:825:printsaproto(): (proto_id=AH spisize=4 spi=f17d1bfa spi_p=00000000 encmode=Tunnel reqid=0:0) 2002-07-30 09:08:01: DEBUG: proposal.c:853:printsatrns(): (trns_id=MD5 authtype=1) 2002-07-30 09:08:01: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP spisize=4 spi=028a2fa8 spi_p=00000000 encmode=Tunnel reqid=0:0) 2002-07-30 09:08:01: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES encklen=0 authtype=1) 2002-07-30 09:08:01: DEBUG: ipsec_doi.c:993:get_ph2approvalx(): my single bundle: 2002-07-30 09:08:01: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0) 2002-07-30 09:08:01: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES encklen=0 authtype=1) 2002-07-30 09:08:01: ERROR: ipsec_doi.c:1001:get_ph2approvalx(): not matched 2002-07-30 09:08:01: ERROR: ipsec_doi.c:966:get_ph2approval(): no suitable policy found. 2002-07-30 09:08:01: ERROR: isakmp.c:1060:isakmp_ph2begin_r(): failed to pre-process packet. 2002-07-30 09:08:01: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for phase2 2002-07-30 09:08:01: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): 5dd5e325 f1e6fcf2 fe88f928 2002-07-30 09:08:01: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5) 2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:08:01: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV computed: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): a8ef309d 3aa70d75 2002-07-30 09:08:01: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): fe88f928 0000000c 00000001 0100000e 2002-07-30 09:08:01: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:08:01: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH computed: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): 8e3f9f22 96d018e5 69c2ac66 84f4d026 2002-07-30 09:08:01: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 08:01.727704 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid fe88f928: phase 2/others ? inf: (hash: len=16) (n: doi=ipsec proto=isakmp type=NO-PROPOSAL-CHOSEN) 2002-07-30 09:08:01: DEBUG: oakley.c:2742:oakley_do_encrypt(): begin encryption. 2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:08:01: DEBUG: oakley.c:2758:oakley_do_encrypt(): pad length = 8 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): 0b000014 8e3f9f22 96d018e5 69c2ac66 84f4d026 0000000c 00000001 0100000e 00000000 00000008 2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:08:01: DEBUG: oakley.c:2793:oakley_do_encrypt(): with key: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): b5a9e14b 687a9d70 2002-07-30 09:08:01: DEBUG: oakley.c:2801:oakley_do_encrypt(): encrypted payload by IV: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): a8ef309d 3aa70d75 2002-07-30 09:08:01: DEBUG: oakley.c:2808:oakley_do_encrypt(): save IV for next: 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): c407bc2f 6c231b6b 2002-07-30 09:08:01: DEBUG: oakley.c:2825:oakley_do_encrypt(): encrypted. 2002-07-30 09:08:01: DEBUG: sockmisc.c:421:sendfromto(): sockname xxx.xxx.xxx.70[500] 2002-07-30 09:08:01: DEBUG: sockmisc.c:423:sendfromto(): send packet from xxx.xxx.xxx.70[500] 2002-07-30 09:08:01: DEBUG: sockmisc.c:425:sendfromto(): send packet to yyy.yyy.yyy.62[500] 2002-07-30 09:08:01: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 68 bytes message will be sent to xxx.xxx.xxx.70[500] 2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 08100501 fe88f928 00000044 1c53b0b5 597ca4cc 411b3a2f f39a081f 1f161c55 c2c4449c 9f3873e9 dbcf1f7b c407bc2f 6c231b6b 2002-07-30 09:08:01: DEBUG: isakmp_inf.c:634:isakmp_info_send_common(): sendto Information notify. 2002-07-30 09:08:10: INFO: session.c:281:check_sigreq(): caught signal 2 2002-07-30 09:08:10: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey FLUSH message 2002-07-30 09:08:10: DEBUG2: plog.c:193:plogdump(): 02090000 02000000 00000000 01010000 2002-07-30 09:08:11: DEBUG: pfkey.c:268:pfkey_dump_sadb(): call pfkey_send_dump 2002-07-30 09:08:11: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for phase2 2002-07-30 09:08:11: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV: 2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump(): 5dd5e325 f1e6fcf2 c3d96108 2002-07-30 09:08:11: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5) 2002-07-30 09:08:11: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:08:11: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV computed: 2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump(): 92b0eb86 e2060e32 2002-07-30 09:08:11: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with: 2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump(): c3d96108 0000001c 00000001 01100001 ac807c45 f47b274e 1cbebccd d7441a4e 2002-07-30 09:08:11: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5) 2002-07-30 09:08:11: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH computed: 2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump(): dc40a4c5 f5323909 97dd81ab 780cd676 2002-07-30 09:08:11: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin. 08:11.063983 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid c3d96108: phase 2/others ? inf: (hash: len=16) (d: doi=ipsec proto=isakmp spilen=16 nspi=1 spi=ac807c45f47b274e1cbebccdd7441a4e) 2002-07-30 09:08:11: DEBUG: oakley.c:2742:oakley_do_encrypt(): begin encryption. 2002-07-30 09:08:11: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:08:11: DEBUG: oakley.c:2758:oakley_do_encrypt(): pad length = 8 2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump(): 0c000014 dc40a4c5 f5323909 97dd81ab 780cd676 0000001c 00000001 01100001 ac807c45 f47b274e 1cbebccd d7441a4e 00000000 00000008 2002-07-30 09:08:11: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(des) 2002-07-30 09:08:11: DEBUG: oakley.c:2793:oakley_do_encrypt(): with key: 2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump(): b5a9e14b 687a9d70 2002-07-30 09:08:11: DEBUG: oakley.c:2801:oakley_do_encrypt(): encrypted payload by IV: 2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump(): 92b0eb86 e2060e32 2002-07-30 09:08:11: DEBUG: oakley.c:2808:oakley_do_encrypt(): save IV for next: 2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump(): 230758d9 5343051e 2002-07-30 09:08:11: DEBUG: oakley.c:2825:oakley_do_encrypt(): encrypted. 2002-07-30 09:08:11: DEBUG: sockmisc.c:421:sendfromto(): sockname xxx.xxx.xxx.70[500] 2002-07-30 09:08:11: DEBUG: sockmisc.c:423:sendfromto(): send packet from xxx.xxx.xxx.70[500] 2002-07-30 09:08:11: DEBUG: sockmisc.c:425:sendfromto(): send packet to yyy.yyy.yyy.62[500] 2002-07-30 09:08:11: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 84 bytes message will be sent to xxx.xxx.xxx.70[500] 2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump(): ac807c45 f47b274e 1cbebccd d7441a4e 08100501 c3d96108 00000054 96f0e479 86e3c443 aa804a3f 6f1d09f0 6dd251a8 492399a3 add964f2 563e5540 20dbd12a 17b65148 38b552ce 4504d7f2 230758d9 5343051e 2002-07-30 09:08:11: DEBUG: isakmp_inf.c:634:isakmp_info_send_common(): sendto Information delete. 2002-07-30 09:08:11: DEBUG: schedule.c:210:sched_scrub_param(): an undead schedule has been deleted. 2002-07-30 09:08:11: INFO: session.c:180:close_session(): racoon shutdown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003301c2385c$29d1fed0$6500000a>