From owner-freebsd-net Tue Nov 21 15:52:18 2000 Delivered-To: freebsd-net@freebsd.org Received: from post.webmailer.de (natmail2.webmailer.de [192.67.198.65]) by hub.freebsd.org (Postfix) with ESMTP id 4643A37B4D7 for ; Tue, 21 Nov 2000 15:51:41 -0800 (PST) Received: from localhost.localdom (p3E9E1511.dip.t-dialin.net [62.158.21.17]) by post.webmailer.de (8.9.3/8.8.7) with ESMTP id AAA10079; Wed, 22 Nov 2000 00:51:22 +0100 (MET) Received: from masterpc (master [192.168.0.1]) by localhost.localdom (8.11.1/8.11.1) with ESMTP id eAM25B202433; Wed, 22 Nov 2000 03:05:11 +0100 (CET) Date: Wed, 22 Nov 2000 00:50:41 -0800 From: Boris X-Mailer: The Bat! (v1.46d) Personal Reply-To: Boris X-Priority: 3 (Normal) Message-ID: <1563982125.20001122005041@x-itec.de> To: Josh Tiefenbach Cc: freebsd-net@FreeBSD.ORG Subject: Re[2]: IPSEC Win2k In-reply-To: <20001121124847.F37765@zipperup.org> References: <838997467.20001121113524@x-itec.de> <20001121124847.F37765@zipperup.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Josh, Tuesday, November 21, 2000, 9:48:48 AM, you wrote: >> I try to setup a connection between my FreeBSD Server >> and my Win2k server box. two machines, nothing special. JT> By sheer coincidence, I did this just the other day. cool -) Now i have understand something more, but i have a problem, again no connection available, details coming now. JT> Plus, you dont say which version of FreeBSD you are using. IIRC, only FreeBSD JT> 4.x-STABLE supports IKE (using racoon). FreeBSD 4.1.1 and latest version of racoon JT> Here is a small writeup that I did for someone else on how to have BSD JT> and Win2k talk to each other using IPsec. JT> 2. On the FreeBSD machine, do the following (presuming that the FreeBSD JT> machine is 1.2.3.4 and the win2k machine is 5.6.7.8) JT> setkey -FP # Note. This and the next line will delete all previous SPD JT> setkey -F # entries. JT> setkey -c << EOF JT> spdadd 1.2.3.4/32 5.6.7.8/32 any -P out ipsec JT> esp/transport/1.2.3.4-5.6.7.8/require; JT> spdadd 5.6.7.8/32 1.2.3.4/32 any -P in ipsec JT> esp/transport/5.6.7.8-1.2.3.4/require; ok, i have used this: #! /bin/sh # setkey -FP # Note. This and the next line will delete all previous SPD setkey -F # entries. setkey -c << EOF spdadd 192.168.0.99/32 192.168.0.1 any -P out ipsec esp/transport/192.168.0.99-192.168.0.1/require; spdadd 192.168.0.1/32 192.168.0.99/32 any -P in ipsec esp/transport/192.168.0.1-192.168.0.99/require; .99 is the bsd box, .1 is the win2k box. JT> 3. Configure psk.txt and racoon.conf. You shouldnt really need to make any ... JT> In the psk.txt file, add the following entry: JT> 5.6.7.8 somelongstringasasharedsecret i have put something like 192.168.0.1 password... JT> Make sure that psk.txt is mode 600, owned by root. Start up racoon. JT> 4. On the Win2k machine, fire up a command window, and launch 'mmc'. Go to Console->>Add/Remove Snap in. Add the IP Security Policy Management snap-in. .... ok .... But racoon gives me a lot of error messages, i have added the messages here. I really do not know what to do now -(((((((((( Snapshot: 2000-11-22 02:53:09: isakmp_ident.c:700:ident_r1recv(): 192.168.0.1[500] peer transmitted Vendor ID. 2000-11-22 02:53:09: vendorid.c:97:check_vendorid(): Vendor ID mismatch. 2000-11-22 02:52:57: pfkey.c:1966:pk_checkalg(): WARNING: compression algorithm can not be checked. 2000-11-22 02:53:05: isakmp_ident.c:721:ident_r1recv(): 192.168.0.1[500] failed to get valid proposal. 2000-11-22 02:53:05: isakmp.c:874:isakmp_ph1begin_r(): 192.168.0.1[500] failed to process packet. Complete protocol: Foreground mode. 2000-11-22 02:52:57: @(#)racoon 20001111 sakane@ydc.co.jp 2000-11-22 02:52:57: @(#)This product linked software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/) <3># "padding" defines some parameter of padding. You should not touch these. begin <11>padding <11>maximum_length <11>20 <11># maximum padding length. <11>randomize <11>off <11># enable randomize length. <11>strict_check <11>off <11># enable strict check. <11>exclusive_tail <11>off <11># extract last one octet. <3># if no listen directive is specified, racoon will listen to all <3># available interface addresses. begin <13>listen <13>#isakmp ::1 [7000]; <13>#isakmp 202.249.11.124 [500]; <13>#admin [7002]; # administrative's port by kmpstat. <13>#strict_address; # required all addresses must be bound. <3># Specification of default various timer. begin <15>timer <15># These value can be changed per remote node. <15>counter <15>5 <15># maximum trying count to send. <15>interval <15>20 <15>sec <15># maximum interval to resend. <15>persend <15>1 <15># the number of packets per a send. <15># timer for waiting to complete each phase. <15>phase1 <15>30 <15>sec <15>phase2 <15>15 <15>sec begin <33>remote <33>anonymous <35>#exchange_mode main,aggressive; <35>exchange_mode <35>aggressive <35>, <35>main <35>doi <35>ipsec_doi <35>situation <35>identity_only <35>#my_identifier address; <35>my_identifier <35>user_fqdn <35>"sakane@kame.net" <35>peers_identifier <35>user_fqdn <35>"sakane@kame.net" <35>#certificate_type x509 "mycert" "mypriv"; <35>nonce_size <35>16 <35>lifetime <35>time <35>1 <35>min <35># sec,min,hour <35>lifetime <35>byte <35>5 <35>MB <35># B,KB,GB <35>initial_contact <35>on <35>support_mip6 <35>on <35>proposal_check <35>obey <35># obey, strict or claim begin <37>proposal <37>encryption_algorithm <37>3des <37>hash_algorithm <37>sha1 <37>authentication_method <37>pre_shared_key <37>dh_group <37>2 lifetime = 60 lifebyte = 5120 strength=extra high encklen=0 isakmp enc= 00000000000000000000000000010000 isakmp hash= 00000000000000000000000000000010 isakmp dh= 00000000000000000000000000000010 isakmp auth method= 00000000000000000000000000000001 p:1 t:1 0 0 0 3DES-CBC(5) SHA(2) 1024-bit MODP group(2) pre-shared key(1) begin <33>remote <33>::1 <33>[8000] <35>#exchange_mode main,aggressive; <35>exchange_mode <35>aggressive <35>, <35>main <35>doi <35>ipsec_doi <35>situation <35>identity_only <35>my_identifier <35>user_fqdn <35>"sakane@kame.net" <35>peers_identifier <35>user_fqdn <35>"sakane@kame.net" <35>#certificate_type x509 "mycert" "mypriv"; <35>nonce_size <35>16 <35>lifetime <35>time <35>1 <35>min <35># sec,min,hour <35>lifetime <35>byte <35>5 <35>MB <35># B,KB,GB begin <37>proposal <37>encryption_algorithm <37>3des <37>hash_algorithm <37>sha1 <37>authentication_method <37>pre_shared_key <37>dh_group <37>2 lifetime = 60 lifebyte = 5120 strength=extra high encklen=0 isakmp enc= 00000000000000000000000000010000 isakmp hash= 00000000000000000000000000000010 isakmp dh= 00000000000000000000000000000010 isakmp auth method= 00000000000000000000000000000001 p:1 t:1 0 0 0 3DES-CBC(5) SHA(2) 1024-bit MODP group(2) pre-shared key(1) begin <29>sainfo <29>anonymous <31>pfs_group <31>1 <31>lifetime <31>time <31>30 <31>sec <31>lifetime <31>byte <31>5000 <31>KB <31>encryption_algorithm <31>3des <31>authentication_algorithm <31>hmac_sha1 <31>compression_algorithm <31>deflate 2000-11-22 02:52:57: pfkey.c:1966:pk_checkalg(): WARNING: compression algorithm can not be checked. begin <29>sainfo <29>address <29>203.178.141.209 <29>any <29>address <29>203.178.141.218 <29>any <31>pfs_group <31>1 <31>lifetime <31>time <31>30 <31>sec <31>lifetime <31>byte <31>5000 <31>KB <31>encryption_algorithm <31>des <31>authentication_algorithm <31>hmac_md5 <31>compression_algorithm <31>deflate 2000-11-22 02:52:57: pfkey.c:1966:pk_checkalg(): WARNING: compression algorithm can not be checked. 2000-11-22 02:52:57: sainfo.c:101:getsainfo(): anonymous sainfo selected. begin <29>sainfo <29>address <29>::1 <29>icmp6 <29>address <29>::1 <29>icmp6 <31>pfs_group <31>1 <31>lifetime <31>time <31>60 <31>sec <31>lifetime <31>byte <31>5000 <31>KB <31>encryption_algorithm <31>3des <31>, <31>cast128 <31>, <31>blowfish <31>, <31>des <31>authentication_algorithm <31>hmac_sha1 <31>, <31>hmac_md5 <31>compression_algorithm <31>deflate 2000-11-22 02:52:57: pfkey.c:1966:pk_checkalg(): WARNING: compression algorithm can not be checked. 2000-11-22 02:52:57: sainfo.c:101:getsainfo(): anonymous sainfo selected. parse successed. Foreground mode. 2000-11-22 02:52:57: grabmyaddr.c:213:grab_myaddrs(): my interface: 192.168.0.99 (ed1) 2000-11-22 02:52:57: grabmyaddr.c:213:grab_myaddrs(): my interface: fe80::220:18ff:fe64:f25f%ed1 (ed1) 2000-11-22 02:52:57: grabmyaddr.c:213:grab_myaddrs(): my interface: fe80::1%lo0 (lo0) 2000-11-22 02:52:57: grabmyaddr.c:213:grab_myaddrs(): my interface: ::1 (lo0) 2000-11-22 02:52:57: grabmyaddr.c:213:grab_myaddrs(): my interface: 127.0.0.1 (lo0) 2000-11-22 02:52:57: grabmyaddr.c:213:grab_myaddrs(): my interface: 62.158.21.17 (isp0) 2000-11-22 02:52:57: grabmyaddr.c:213:grab_myaddrs(): my interface: fe80::220:18ff:fe64:f25f%isp0 (isp0) 2000-11-22 02:52:57: grabmyaddr.c:479:autoconf_myaddrsport(): configuring default isakmp port. 2000-11-22 02:52:57: grabmyaddr.c:503:autoconf_myaddrsport(): isakmp_autoconf success, 7 addrs 2000-11-22 02:52:57: isakmp.c:1288:isakmp_open(): fe80::220:18ff:fe64:f25f%isp0[500] used as isakmp port (fd=9). 2000-11-22 02:52:57: isakmp.c:1288:isakmp_open(): 62.158.21.17[500] used as isakmp port (fd=10). 2000-11-22 02:52:57: isakmp.c:1288:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=11). 2000-11-22 02:52:57: isakmp.c:1288:isakmp_open(): ::1[500] used as isakmp port (fd=12). 2000-11-22 02:52:57: isakmp.c:1288:isakmp_open(): fe80::1%lo0[500] used as isakmp port (fd=13). 2000-11-22 02:52:57: isakmp.c:1288:isakmp_open(): fe80::220:18ff:fe64:f25f%ed1[500] used as isakmp port (fd=14). 2000-11-22 02:52:57: isakmp.c:1288:isakmp_open(): 192.168.0.99[500] used as isakmp port (fd=15). 2000-11-22 02:52:57: pfkey.c:192:pfkey_handler(): get pfkey X_SPDDUMP message sadb_msg{ version=2 type=18 errno=0 satype=0 len=15 reserved=1 seq=1 pid=2357 sadb_ext{ len=3 type=5 } sadb_address{ proto=255 prefixlen=32 reserved=0x0000 } sockaddr{ len=16 family=2 port=0 c0a80001 } sadb_ext{ len=3 type=6 } sadb_address{ proto=255 prefixlen=32 reserved=0x0000 } sockaddr{ len=16 family=2 port=0 c0a80063 } sadb_ext{ len=7 type=18 } sadb_x_policy{ type=2 dir=1 id=2 } { len=40 proto=50 mode=1 level=2 reqid=0 sockaddr{ len=16 family=2 port=0 c0a80001 } sockaddr{ len=16 family=2 port=0 c0a80063 } } 2000-11-22 02:52:57: pfkey.c:192:pfkey_handler(): get pfkey X_SPDDUMP message sadb_msg{ version=2 type=18 errno=0 satype=0 len=15 reserved=1 seq=0 pid=2357 sadb_ext{ len=3 type=5 } sadb_address{ proto=255 prefixlen=32 reserved=0x0000 } sockaddr{ len=16 family=2 port=0 c0a80063 } sadb_ext{ len=3 type=6 } sadb_address{ proto=255 prefixlen=32 reserved=0x0000 } sockaddr{ len=16 family=2 port=0 c0a80001 } sadb_ext{ len=7 type=18 } sadb_x_policy{ type=2 dir=2 id=1 } { len=40 proto=50 mode=1 level=2 reqid=0 sockaddr{ len=16 family=2 port=0 c0a80063 } sockaddr{ len=16 family=2 port=0 c0a80001 } } 2000-11-22 02:52:57: policy.c:189:cmpspidx(): sub:0xbfbff9c8: 192.168.0.99/32[0] 192.168.0.1/32[0] proto=255 dir=2 2000-11-22 02:52:57: policy.c:189:cmpspidx(): db :0x80a2208: 192.168.0.1/32[0] 192.168.0.99/32[0] proto=255 dir=1 2000-11-22 02:53:02: isakmp.c:207:isakmp_handler(): === 2000-11-22 02:53:02: isakmp.c:211:isakmp_handler(): 192.168.0.99[500] 216 bytes message received from 192.168.0.1[500] fe6e2baf 61660328 00000000 00000000 01100200 00000000 000000d8 0d0000a4 00000001 00000001 00000098 01010004 03000024 01010000 80010001 80020002 80040002 80030001 800b0001 000c0004 00007080 03000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030001 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030001 800b0001 000c0004 00007080 00000018 1e2b5169 05991c7d 7c96fcbf b587e461 00000002 2000-11-22 02:53:02: isakmp.c:2152:isakmp_printpacket(): begin. 53:02.374683 192.168.0.1:500 -> 192.168.0.99:500: isakmp 1.0 msgid 00000000 cookie fe6e2baf61660328->0000000000000000: phase 1 I ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=4 (t: #1 id=ike (type=enc value=1des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #2 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #3 id=ike (type=enc value=1des)(type=hash value=sha1)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #4 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)))) (vid: len=20 1e2b516905991c7d7c96fcbfb587e46100000002) 2000-11-22 02:53:02: remoteconf.c:131:getrmconf(): anonymous configuration selected for 192.168.0.1[500]. 2000-11-22 02:53:02: isakmp.c:856:isakmp_ph1begin_r(): new responder iph1 0x8099400: local 192.168.0.99 500 remote 192.168.0.1 500 2000-11-22 02:53:02: isakmp.c:860:isakmp_ph1begin_r(): === 2000-11-22 02:53:02: isakmp.c:863:isakmp_ph1begin_r(): begin Identity Protection mode. 2000-11-22 02:53:02: isakmp_ident.c:662:ident_r1recv(): begin. 2000-11-22 02:53:02: isakmp.c:1123:isakmp_parse(): begin. 2000-11-22 02:53:02: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:02: isakmp.c:1066:isakmp_parsewoh(): seen nptype=1(sa) 2000-11-22 02:53:02: isakmp.c:1066:isakmp_parsewoh(): seen nptype=13(vid) 2000-11-22 02:53:02: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:02: isakmp.c:1131:isakmp_parse(): end. 2000-11-22 02:53:02: isakmp_ident.c:700:ident_r1recv(): 192.168.0.1[500] peer transmitted Vendor ID. 2000-11-22 02:53:02: vendorid.c:97:check_vendorid(): Vendor ID mismatch. 2000-11-22 02:53:02: ipsec_doi.c:1021:get_proppair(): total SA len=160 00000001 00000001 00000098 01010004 03000024 01010000 80010001 80020002 80040002 80030001 800b0001 000c0004 00007080 03000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030001 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030001 800b0001 000c0004 00007080 2000-11-22 02:53:02: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:02: isakmp.c:1066:isakmp_parsewoh(): seen nptype=2(prop) 2000-11-22 02:53:02: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:02: ipsec_doi.c:1076:get_proppair(): proposal #1 len=152 2000-11-22 02:53:02: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:02: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:02: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:02: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:02: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:02: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:02: ipsec_doi.c:1220:get_transform(): transform #1 len=36 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:02: ipsec_doi.c:1220:get_transform(): transform #2 len=36 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:02: ipsec_doi.c:1220:get_transform(): transform #3 len=36 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:02: ipsec_doi.c:1220:get_transform(): transform #4 len=36 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:02: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 pair 1: 2000-11-22 02:53:02: proposal.c:877:print_proppair0(): 0x80aa2d0: next=0x0 tnext=0x80aa2e0 2000-11-22 02:53:02: proposal.c:877:print_proppair0(): 0x80aa2e0: next=0x0 tnext=0x80aa2f0 2000-11-22 02:53:02: proposal.c:877:print_proppair0(): 0x80aa2f0: next=0x0 tnext=0x80aa300 2000-11-22 02:53:02: proposal.c:877:print_proppair0(): 0x80aa300: next=0x0 tnext=0x0 2000-11-22 02:53:02: ipsec_doi.c:1157:get_proppair(): proposal #1: 4 transform 2000-11-22 02:53:02: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:02: ipsec_doi.c:289:get_ph1approvalx(): trns#=1, trns-id=IKE 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): E(]F@KgCO>N/ lorv=4 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:SHA 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:1024-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:02: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:02: ipsec_doi.c:289:get_ph1approvalx(): trns#=2, trns-id=IKE 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:MD5 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:1024-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:02: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:02: ipsec_doi.c:289:get_ph1approvalx(): trns#=3, trns-id=IKE 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:SHA 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:768-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:02: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:02: ipsec_doi.c:289:get_ph1approvalx(): trns#=4, trns-id=IKE 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:02: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:MD5 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:02: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:768-bit MODP group 2000-11-22 02:53:02: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:02: isakmp_ident.c:721:ident_r1recv(): 192.168.0.1[500] failed to get valid proposal. 2000-11-22 02:53:02: isakmp.c:874:isakmp_ph1begin_r(): 192.168.0.1[500] failed to process packet. 2000-11-22 02:53:03: isakmp.c:207:isakmp_handler(): === 2000-11-22 02:53:03: isakmp.c:211:isakmp_handler(): 192.168.0.99[500] 216 bytes message received from 192.168.Eg@CO>ndN>NoP"80 00000000 01100200 00000000 000000d8 0d0000a4 00000001 00000001 00000098 01010004 03000024 01010000 80010001 80020002 80040002 80030001 800b0001 000c0004 00007080 03000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030001 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030001 800b0001 000c0004 00007080 00000018 1e2b5169 05991c7d 7c96fcbf b587e461 00000002 2000-11-22 02:53:03: isakmp.c:2152:isakmp_printpacket(): begin. 53:03.364853 192.168.0.1:500 -> 192.168.0.99:500: isakmp 1.0 msgid 00000000 cookie fe6e2baf61660328->0000000000000000: phase 1 I ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=4 (t: #1 id=ike (type=enc value=1des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #2 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #3 id=ike (type=enc value=1des)(type=hash value=sha1)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #4 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)))) (vid: len=20 1e2b516905991c7d7c96fcbfb587e46100000002) 2000-11-22 02:53:03: remoteconf.c:131:getrmconf(): anonymous configuration selected for 192.168.0.1[500]. 2000-11-22 02:53:03: isakmp.c:856:isakmp_ph1begin_r(): new responder iph1 0x8099500: local 192.168.0.99 500 remote 192.168.0.1 500 2000-11-22 02:53:03: isakmp.c:860:isakmp_ph1begin_r(): === 2000-11-22 02:53:03: isakmp.c:863:isakmp_ph1begin_r(): begin Identity Protection mode. 2000-11-22 02:53:03: isakmp_ident.c:662:ident_r1recv(): begin. 2000-11-22 02:53:03: isakmp.c:1123:isakmp_parse(): begin. 2000-11-22 02:53:03: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:03: isakmp.c:1066:isakmp_parsewoh(): seen nptype=1(sa) 2000-11-22 02:53:03: isakmp.c:1066:isakmp_parsewoh(): seen nptype=13(vid) 2000-11-22 02:53:03: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:03: isakmp.c:1131:isakmp_parse(): end. 2000-11-22 02:53:03: isakmp_ident.c:700:ident_r1recv(): 192.168.0.1[500] peer transmitted Vendor ID. 2000-11-22 02:53:03: vendorid.c:97:check_vendorid(): Vendor ID mismatch. 2000-11-22 02:53:03: ipsec_doi.c:1021:get_proppair(): total SA len=160 00000001 00000001 00000098 01010004 03000024 01010000 80010001 80020002 80040002 80030001 800b0001 000c0004 00007080 03000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030001 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030001 800b0001 000c0004 00007080 2000-11-22 02:53:03: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:03: isakmp.c:1066:isakmp_parsewoh(): seen nptype=2(prop) 2000-11-22 02:53:03: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:03: ipsec_doi.c:1076:get_proppair(): proposal #1 len=152 2000-11-22 02:53:03: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:03: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:03: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:03: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:03: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:03: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:03: ipsec_doi.c:1220:get_transform(): transform #1 len=36 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:03: ipsec_doi.c:1220:get_transform(): transform #2 len=36 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:03: ipsec_doi.c:1220:get_transform(): transform #3 len=36 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:03: ipsec_doi.c:1220:get_transform(): transform #4 len=36 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:03: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 pair 1: 2000-11-22 02:53:03: proposal.c:877:print_proppair0(): 0x80aa310: next=0x0 tnext=0x80aa320 2000-11-22 02:53:03: proposal.c:877:print_proppair0(): 0x80aa320: next=0x0 tnext=0x80aa330 2000-11-22 02:53:03: proposal.c:877:print_proppair0(): 0x80aa330: next=0x0 tnext=0x80aa340 2000-11-22 02:53:03: proposal.c:877:print_proppair0(): 0x80aa340: next=0x0 tnext=0x0 2000-11-22 02:53:03: ipsec_doi.c:1157:get_proppair(): proposal #1: 4 transform 2000-11-22 02:53:03: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:03: ipsec_doi.c:289:get_ph1approvalx(): trns#=1, trns-id=IKE 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:SHA 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:1024-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:03: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:03: ipsec_doi.c:289:get_ph1approvalx(): trns#=2, trns-id=IKE 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:MD5 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:1024-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:03: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:03: ipsec_doi.c:289:get_ph1approvalx(): trns#=3, trns-id=IKE 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:SHA 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:768-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:03: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:03: ipsec_doi.c:289:get_ph1approvalx(): trns#=4, trns-id=IKE 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:03: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:MD5 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:03: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:768-bit MODP group 2000-11-22 02:53:03: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:03: isakmp_ident.c:721:ident_r1recv(): 192.168.0.1[500] failed to get valid proposal. 2000-11-22 02:53:03: isakmp.c:874:isakmp_ph1begin_r(): 192.168.0.1[500] failed to process packet. 2000-11-22 02:53:05: isakmp.c:207:isakmp_handler(): === 2000-11-22 02:53:05: isakmp.c:211:isakmp_handler(): 192.168.0.99[500] 216 bytes message received from 192.168.0.1[500] fe6e2baf 61660328 00000000 00000000 01100200 00000000 000000d8 0d0000a4 00000001 00000001 00000098 01010004 03000024 01010000 80010001 80020002 80040002 80030001 800b0001 000c0004 00007080 03000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030001 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030001 800b0001 000c0004 00007080 00000018 1e2b5169 05991c7d 7c96fcbf b587e461 00000002 2000-11-22 02:53:05: isakmp.c:2152:isakmp_printpacket(): begin. 53:05.394810 192.168.0.1:500 -> 192.168.0.99:500: isakmp 1.0 msgid 00000000 cookie fe6e2baf61660328->0000000000000000: phase 1 I ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=4 (t: #1 id=ike (type=enc value=1des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #2 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #3 id=ike (type=enc value=1des)(type=hash value=sha1)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #4 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)))) (vid: len=20 1e2b516905991c7d7c96fcbfb587e46100000002) 2000-11-22 02:53:05: remoteconf.c:131:getrmconf(): anonymous configuration selected for 192.168.0.1[500]. 2000-11-22 02:53:05: isakmp.c:856:isakmp_ph1begin_r(): new responder iph1 0x8099600: local 192.168.0.99 500 remote 192.168.0.1 500 2000-11-22 02:53:05: isakmp.c:860:isakmp_ph1begin_r(): === 2000-11-22 02:53:05: isakmp.c:863:isakmp_ph1begin_r(): begin Identity Protection mode. 2000-11-22 02:53:05: isakmp_ident.c:662:ident_r1recv(): begin. 2000-11-22 02:53:05: isakmp.c:1123:isakmp_parse(): begin. 2000-11-22 02:53:05: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:05: isakmp.c:1066:isakmp_parsewoh(): seen nptype=1(sa) 2000-11-22 02:53:05: isakmp.c:1066:isakmp_parsewoh(): seen nptype=13(vid) 2000-11-22 02:53:05: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:05: isakmp.c:1131:isakmp_parse(): end. 2000-11-22 02:53:05: isakmp_ident.c:700:ident_r1recv(): 192.168.0.1[500] peer transmitted Vendor ID. 2000-11-22 02:53:05: vendorid.c:97:check_vendorid(): Vendor ID mismatch. 2000-11-22 02:53:05: ipsec_doi.c:1021:get_proppair(): total SA len=160 00000001 00000001 00000098 01010004 03000024 01010000 80010001 80020002 80040002 80030001 800b0001 000c0004 00007080 03000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030001 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030001 800b0001 000c0004 00007080 2000-11-22 02:53:05: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:05: isakmp.c:1066:isakmp_parsewoh(): seen nptype=2(prop) 2000-11-22 02:53:05: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:05: ipsec_doi.c:1076:get_proppair(): proposal #1 len=152 2000-11-22 02:53:05: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:05: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:05: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:05: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:05: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:05: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:05: ipsec_doi.c:1220:get_transform(): transform #1 len=36 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:05: ipsec_doi.c:1220:get_transform(): transform #2 len=36 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:05: ipsec_doi.c:1220:get_transform(): transform #3 len=36 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:05: ipsec_doi.c:1220:get_transform(): transform #4 len=36 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:05: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 pair 1: 2000-11-22 02:53:05: proposal.c:877:print_proppair0(): 0x80aa350: next=0x0 tnext=0x80aa360 2000-11-22 02:53:05: proposal.c:877:print_proppair0(): 0x80aa360: next=0x0 tnext=0x80aa370 2000-11-22 02:53:05: proposal.c:877:print_proppair0(): 0x80aa370: next=0x0 tnext=0x80aa380 2000-11-22 02:53:05: proposal.c:877:print_proppair0(): 0x80aa380: next=0x0 tnext=0x0 2000-11-22 02:53:05: ipsec_doi.c:1157:get_proppair(): proposal #1: 4 transform 2000-11-22 02:53:05: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:05: ipsec_doi.c:289:get_ph1approvalx(): trns#=1, trns-id=IKE 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:SHA 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:1024-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:05: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:05: ipsec_doi.c:289:get_ph1approvalx(): trns#=2, trns-id=IKE 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:MD5 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:1024-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:05: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:05: ipsec_doi.c:289:get_ph1approvalx(): trns#=3, trns-id=IKE 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:SHA 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:768-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:05: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:05: ipsec_doi.c:289:get_ph1approvalx(): trns#=4, trns-id=IKE 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:05: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:MD5 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:05: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:768-bit MODP group 2000-11-22 02:53:05: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:05: isakmp_ident.c:721:ident_r1recv(): 192.168.0.1[500] failed to get valid proposal. 2000-11-22 02:53:05: isakmp.c:874:isakmp_ph1begin_r(): 192.168.0.1[500] failed to process packet. 2000-11-22 02:53:09: isakmp.c:207:isakmp_handler(): === 2000-11-22 02:53:09: isakmp.c:211:isakmp_handler(): 192.168.0.99[500] 216 bytes message received from 192.168.0.1[500] fe6e2baf 61660328 00000000 00000000 01100200 00000000 000000d8 0d0000a4 00000001 00000001 00000098 01010004 03000024 01010000 80010001 80020002 80040002 80030001 800b0001 000c0004 00007080 03000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030001 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030001 800b0001 000c0004 00007080 00000018 1e2b5169 05991c7d 7c96fcbf b587e461 00000002 2000-11-22 02:53:09: isakmp.c:2152:isakmp_printpacket(): begin. 53:09.396907 192.168.0.1:500 -> 192.168.0.99:500: isakmp 1.0 msgid 00000000 cookie fe6e2baf61660328->0000000000000000: phase 1 I ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=4 (t: #1 id=ike (type=enc value=1des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #2 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #3 id=ike (type=enc value=1des)(type=hash value=sha1)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #4 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)))) (vid: len=20 1e2b516905991c7d7c96fcbfb587e46100000002) 2000-11-22 02:53:09: remoteconf.c:131:getrmconf(): anonymous configuration selected for 192.168.0.1[500]. 2000-11-22 02:53:09: isakmp.c:856:isakmp_ph1begin_r(): new responder iph1 0x8099700: local 192.168.0.99 500 remote 192.168.0.1 500 2000-11-22 02:53:09: isakmp.c:860:isakmp_ph1begin_r(): === 2000-11-22 02:53:09: isakmp.c:863:isakmp_ph1begin_r(): begin Identity Protection mode. 2000-11-22 02:53:09: isakmp_ident.c:662:ident_r1recv(): begin. 2000-11-22 02:53:09: isakmp.c:1123:isakmp_parse(): begin. 2000-11-22 02:53:09: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:09: isakmp.c:1066:isakmp_parsewoh(): seen nptype=1(sa) 2000-11-22 02:53:09: isakmp.c:1066:isakmp_parsewoh(): seen nptype=13(vid) 2000-11-22 02:53:09: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:09: isakmp.c:1131:isakmp_parse(): end. 2000-11-22 02:53:09: isakmp_ident.c:700:ident_r1recv(): 192.168.0.1[500] peer transmitted Vendor ID. 2000-11-22 02:53:09: vendorid.c:97:check_vendorid(): Vendor ID mismatch. 2000-11-22 02:53:09: ipsec_doi.c:1021:get_proppair(): total SA len=160 00000001 00000001 00000098 01010004 03000024 01010000 80010001 80020002 80040002 80030001 800b0001 000c0004 00007080 03000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030001 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030001 800b0001 000c0004 00007080 2000-11-22 02:53:09: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:09: isakmp.c:1066:isakmp_parsewoh(): seen nptype=2(prop) 2000-11-22 02:53:09: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:09: ipsec_doi.c:1076:get_proppair(): proposal #1 len=152 2000-11-22 02:53:09: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:09: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:09: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:09: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:09: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:09: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:09: ipsec_doi.c:1220:get_transform(): transform #1 len=36 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:09: ipsec_doi.c:1220:get_transform(): transform #2 len=36 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:09: ipsec_doi.c:1220:get_transform(): transform #3 len=36 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:09: ipsec_doi.c:1220:get_transform(): transform #4 len=36 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:09: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 pair 1: 2000-11-22 02:53:09: proposal.c:877:print_proppair0(): 0x80aa390: next=0x0 tnext=0x80aa3a0 2000-11-22 02:53:09: proposal.c:877:print_proppair0(): 0x80aa3a0: next=0x0 tnext=0x80aa3b0 2000-11-22 02:53:09: proposal.c:877:print_proppair0(): 0x80aa3b0: next=0x0 tnext=0x80aa3c0 2000-11-22 02:53:09: proposal.c:877:print_proppair0(): 0x80aa3c0: next=0x0 tnext=0x0 2000-11-22 02:53:09: ipsec_doi.c:1157:get_proppair(): proposal #1: 4 transform 2000-11-22 02:53:09: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:09: ipsec_doi.c:289:get_ph1approvalx(): trns#=1, trns-id=IKE 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Encryption AlgE(]i@KDCO>NC 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:SHA 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:1024-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:09: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:09: ipsec_doi.c:289:get_ph1approvalx(): trns#=2, trns-id=IKE 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:MD5 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:1024-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:09: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:09: ipsec_doi.c:289:get_ph1approvalx(): trns#=3, trns-id=IKE 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:SHA 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:768-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:09: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:09: ipsec_doi.c:289:get_ph1approvalx(): trns#=4, trns-id=IKE 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:09: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:MD5 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:09: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:768-bit MODP group 2000-11-22 02:53:09: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:09: isakmp_ident.c:721:ident_r1recv(): 192.168.0.1[500] failed to get valid proposal. 2000-11-22 02:53:09: isakmp.c:874:isakmp_ph1begin_r(): 192.168.0.1[500] failed to process packet. 2000-11-22 02:53:17: isakmp.c:207:isakmp_handler(): === 2000-11-22 02:53:17: isakmp.c:211:isakmp_handler(): 192.168.0.99[500] 216 bytes message received from 192.168.0.1[500] fe6e2baf 61660328 00000000 00000000 01100200 00000000 000000d8 0d0000a4 00000001 00000001 00000098 01010004 03000024 01010000 80010001 80020002 80040002 80030001 800b0001 000c0004 00007080 03000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030001 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030001 800b0001 000c0004 00007080 00000018 1e2b5169 05991c7d 7c96fcbf b587e461 00000002 2000-11-22 02:53:17: isakmp.c:2152:isakmp_printpacket(): begin. 53:17.389391 192.168.0.1:500 -> 192.168.0.99:500: isakmp 1.0 msgid 00000000 cookie fe6e2baf61660328->0000000000000000: phase 1 I ident: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=4 (t: #1 id=ike (type=enc value=1des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #2 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #3 id=ike (type=enc value=1des)(type=hash value=sha1)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)) (t: #4 id=ike (type=enc value=1des)(type=hash value=md5)(type=group desc value=modp768)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)))) (vid: len=20 1e2b516905991c7d7c96fcbfb587e46100000002) 2000-11-22 02:53:17: remoteconf.c:131:getrmconf(): anonymous configuration selected for 192.168.0.1[500]. 2000-11-22 02:53:17: isakmp.c:856:isakmp_ph1begin_r(): new responder iph1 0x8099800: local 192.168.0.99 500 remote 192.168.0.1 500 2000-11-22 02:53:17: isakmp.c:860:isakmp_ph1begin_r(): === 2000-11-22 02:53:17: isakmp.c:863:isakmp_ph1begin_r(): begin Identity Protection mode. 2000-11-22 02:53:17: isakmp_ident.c:662:ident_r1recv(): begin. 2000-11-22 02:53:17: isakmp.c:1123:isakmp_parse(): begin. 2000-11-22 02:53:17: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:17: isakmp.c:1066:isakmp_parsewoh(): seen nptype=1(sa) 2000-11-22 02:53:17: isakmp.c:1066:isakmp_parsewoh(): seen nptype=13(vid) 2000-11-22 02:53:17: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:17: isakmp.c:1131:isakmp_parse(): end. 2000-11-22 02:53:17: isakmp_ident.c:700:ident_r1recv(): 192.168.0.1[500] peer transmitted Vendor ID. 2000-11-22 02:53:17: vendorid.c:97:check_vendorid(): Vendor ID mismatch. 2000-11-22 02:53:17: ipsec_doi.c:1021:get_proppair(): total SA len=160 00000001 00000001 00000098 01010004 03000024 01010000 80010001 80020002 80040002 80030001 800b0001 000c0004 00007080 03000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030001 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030001 800b0001 000c0004 00007080 2000-11-22 02:53:17: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:17: isakmp.c:1066:isakmp_parsewoh(): seen nptype=2(prop) 2000-11-22 02:53:17: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:17: ipsec_doi.c:1076:get_proppair(): proposal #1 len=152 2000-11-22 02:53:17: isakmp.c:1035:isakmp_parsewoh(): begin. 2000-11-22 02:53:17: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:17: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:17: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:17: isakmp.c:1066:isakmp_parsewoh(): seen nptype=3(trns) 2000-11-22 02:53:17: isakmp.c:1104:isakmp_parsewoh(): succeed. 2000-11-22 02:53:17: ipsec_doi.c:1220:get_transform(): transform #1 len=36 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:17: ipsec_doi.c:1220:get_transform(): transform #2 len=36 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:17: ipsec_doi.c:1220:get_transform(): transform #3 len=36 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:17: ipsec_doi.c:1220:get_transform(): transform #4 len=36 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:17: ipsec_doi.c:1781:check_attr_isakmp(): type=Life Duration, flag=0x0000, lorv=4 pair 1: 2000-11-22 02:53:17: proposal.c:877:print_proppair0(): 0x80aa3d0: next=0x0 tnext=0x80aa3e0 2000-11-22 02:53:17: proposal.c:877:print_proppair0(): 0x80aa3e0: next=0x0 tnext=0x80aa3f0 2000-11-22 02:53:17: proposal.c:877:print_proppair0(): 0x80aa3f0: next=0x0 tnext=0x80aa400 2000-11-22 02:53:17: proposal.c:877:print_proppair0(): 0x80aa400: next=0x0 tnext=0x0 2000-11-22 02:53:17: ipsec_doi.c:1157:get_proppair(): proposal #1: 4 transform 2000-11-22 02:53:17: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:17: ipsec_doi.c:289:get_ph1approvalx(): trns#=1, trns-id=IKE 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:SHA 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:1024-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:17: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:17: ipsec_doi.c:289:get_ph1approvalx(): trns#=2, trns-id=IKE 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:MD5 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:1024-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:17: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:17: ipsec_doi.c:289:get_ph1approvalx(): trns#=3, trns-id=IKE 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=SHA 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:SHA 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:768-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:17: ipsec_doi.c:283:get_ph1approvalx(): prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2000-11-22 02:53:17: ipsec_doi.c:289:get_ph1approvalx(): trns#=4, trns-id=IKE 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Hash Algorithm, flag=0x8000, lorv=MD5 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Group Description, flag=0x8000, lorv=768-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Authentication Method, flag=0x8000, lorv=pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Life Type, flag=0x8000, lorv=seconds 2000-11-22 02:53:17: ipsec_doi.c:389:t2isakmpsa(): type=Life Duration, flag=0x0000, lorv=4 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): Compared: DB:Peer 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (lifetime = 60:28800) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (lifebyte = 5120:0) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): enctype = 3DES-CBC:DES-CBC 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): (encklen = 0:0) 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): hashtype = SHA:MD5 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): authmethod = pre-shared key:pre-shared key 2000-11-22 02:53:17: ipsec_doi.c:323:get_ph1approvalx(): dh_group = 1024-bit MODP group:768-bit MODP group 2000-11-22 02:53:17: ipsec_doi.c:344:get_ph1approvalx(): unacceptable proposal. 2000-11-22 02:53:17: isakmp_ident.c:721:ident_r1recv(): 192.168.0.1[500] failed to get valid proposal. 2000-11-22 02:53:17: isakmp.c:874:isakmp_ph1begin_r(): 192.168.0.1[500] failed to process packet. 2000-11-22 02:53:27: session.c:262:check_sigreq(): caught signal 2 2000-11-22 02:53:27: pfkey.c:192:pfkey_handler(): get pfkey FLUSH message sadb_msg{ version=2 type=9 errno=0 satype=0 len=2 reserved=0 seq=0 pid=2357 2000-11-22 02:53:28: pfkey.c:270:pfkey_dump_sadb(): call pfkey_send_dump JT> josh Please help me i have no idea what to do next -((( The passwords are all the same on both machines. -- Best regards, Boris mailto:koester@x-itec.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message