From owner-freebsd-security@FreeBSD.ORG Tue Apr 27 18:13:36 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7651016A4CE for ; Tue, 27 Apr 2004 18:13:36 -0700 (PDT) Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A27443D5A for ; Tue, 27 Apr 2004 18:13:35 -0700 (PDT) (envelope-from dan@langille.org) Received: from wocker (wocker.unixathome.org [192.168.0.99]) by bast.unixathome.org (Postfix) with ESMTP id 279133D3D for ; Tue, 27 Apr 2004 21:13:31 -0400 (EDT) From: "Dan Langille" To: freebsd-security@FreeBSD.org Date: Tue, 27 Apr 2004 21:13:31 -0400 MIME-Version: 1.0 Message-ID: <408ECCFB.2846.3587C13A@localhost> Priority: normal X-mailer: Pegasus Mail for Windows (v4.02a) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Subject: IPsec works, but racoon/IKE does not X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Apr 2004 01:13:36 -0000 I have no idea whatsoever as to why racoon/IKE does not work here. I've tried various how-to documents but found nothing that works for me. Gateway (10.0.0.1) running 4.9-stable. Laptop (10.0.0.10) running 5.2.1-release. Both running racoon-20040408a On the gateway 10.0.0.1 # cat /etc/ipsec.conf add 10.0.0.1 10.0.0.10 esp 691 -E rijndael-cbc "1234567890123456" -A hmac-sha1 "12345678901234567890"; add 10.0.0.10 10.0.0.1 esp 693 -E rijndael-cbc "1234567890123456" -A hmac-sha1 "12345678901234567890"; spdadd 10.0.0.0/24 0.0.0.0/0 any -P in ipsec esp/tunnel/10.0.0.10- 10.0.0.1/require; spdadd 0.0.0.0/0 10.0.0.0/24 any -P out ipsec esp/tunnel/10.0.0.1- 10.0.0.10/require; On the laptop (10.0.0.10): add 10.0.0.1 10.0.0.10 esp 691 -E rijndael-cbc "1234567890123456" -A hmac-sha1 "12345678901234567890"; add 10.0.0.10 10.0.0.1 esp 693 -E rijndael-cbc "1234567890123456" -A hmac-sha1 "12345678901234567890"; spdadd 10.0.0.0/24 0.0.0.0/0 any -P out ipsec esp/tunnel/10.0.0.10- 10.0.0.1/require; spdadd 0.0.0.0/0 10.0.0.0/24 any -P in ipsec esp/tunnel/10.0.0.1- 10.0.0.10/require; With this setup, IPsec works just fine between the two boxes. If comment out the two "add" lines in each /etc/ipsec.conf, and keep the "spdadd" lines, and do this on both machines: setkey -F setkey -FP setkey -f /etc/ipsec.conf /usr/local/sbin/racoon -F -v I see this on the gateway. Does this mean anything to anyone? Thanks. Foreground mode. 2004-04-27 20:52:14: INFO: main.c:172:main(): @(#)package version freebsd-20040408a 2004-04-27 20:52:14: INFO: main.c:174:main(): @(#)internal version 20001216 sakane@kame.net 2004-04-27 20:52:14: INFO: main.c:175:main(): @(#)This product linked OpenSSL 0.9.7c-p1 30 Sep 2003 (http://www.openssl.org/) 2004-04-27 20:52:14: DEBUG: algorithm.c:614:alg_oakley_dhdef(): hmac(modp1024) 2004-04-27 20:52:14: DEBUG: pfkey.c:2379:pk_checkalg(): compression algorithm can not be checked because sadb message doesn't suppo rt it. 2004-04-27 20:52:14: INFO: isakmp.c:1368:isakmp_open(): 10.0.0.1[500] used as isakmp port (fd=5) 2004-04-27 20:52:14: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey X_SPDDUMP message 2004-04-27 20:52:14: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey X_SPDDUMP message 2004-04-27 20:52:14: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbfbff958: 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=out 2004-04-27 20:52:14: DEBUG: policy.c:185:cmpspidxstrict(): db :0x80a1c08: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in 2004-04-27 20:52:18: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:52:18: DEBUG: pfkey.c:1620:pk_recvacquire(): suitable outbound SP found: 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=ou t. 2004-04-27 20:52:18: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbfbff944: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in 2004-04-27 20:52:18: DEBUG: policy.c:185:cmpspidxstrict(): db :0x80a1c08: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in 2004-04-27 20:52:18: DEBUG: pfkey.c:1636:pk_recvacquire(): suitable inbound SP found: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in. 2004-04-27 20:52:18: DEBUG: pfkey.c:1675:pk_recvacquire(): new acquire 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=out 2004-04-27 20:52:18: DEBUG: sainfo.c:112:getsainfo(): anonymous sainfo selected. 2004-04-27 20:52:18: DEBUG: proposal.c:828:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqi d=0:0) 2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns(): (trns_id=3DES encklen=0 authtype=hmac-sha) 2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns(): (trns_id=3DES encklen=0 authtype=hmac-md5) 2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns(): (trns_id=BLOWFISH encklen=448 authtype=hmac-sha) 2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns(): (trns_id=BLOWFISH encklen=448 authtype=hmac-md5) 2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns(): (trns_id=RIJNDAEL encklen=128 authtype=hmac-sha) 2004-04-27 20:52:18: DEBUG: proposal.c:862:printsatrns(): (trns_id=RIJNDAEL encklen=128 authtype=hmac-md5) 2004-04-27 20:52:18: DEBUG: remoteconf.c:129:getrmconf(): anonymous configuration selected for 10.0.0.10. 2004-04-27 20:52:18: INFO: isakmp.c:1694:isakmp_post_acquire(): IPsec- SA request for 10.0.0.10 queued due to no phase1 found. 2004-04-27 20:52:18: DEBUG: isakmp.c:803:isakmp_ph1begin_i(): === 2004-04-27 20:52:18: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 10.0.0.1[500]<=>10.0.0.10[500] 2004-04-27 20:52:18: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin Aggressive mode. 2004-04-27 20:52:18: DEBUG: isakmp.c:2006:isakmp_newcookie(): new cookie: 055c6e2d1a6f5cf0 2004-04-27 20:52:18: DEBUG: ipsec_doi.c:3238:ipsecdoi_setid1(): use ID type of IPv4_address 2004-04-27 20:52:19: DEBUG: oakley.c:300:oakley_dh_generate(): compute DH's private. 2004-04-27 20:52:19: DEBUG: plog.c:193:plogdump(): 6e308efc dd12bb8c 43b3870d 470f6826 b75dcfed 51e9a827 7bfc9fb6 104e5038 ad255135 511f1047 029ebff4 059f5a66 3950f8df 1cf256d9 cae1b8a3 b72834de 8e0e440e aa85a078 70a283ba ea50c4c4 91004723 05892a7a 39694b9f 289e24e9 8931c02e 42830d85 91393b1d e67c6654 6a07a1ea 14929170 5c670bdd 3314cfea 2004-04-27 20:52:19: DEBUG: oakley.c:302:oakley_dh_generate(): compute DH's public. 2004-04-27 20:52:19: DEBUG: plog.c:193:plogdump(): 740d9432 471292e7 904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 5f33aee7 8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 1e3cbdf7 34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd a6656857 a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 2004-04-27 20:52:19: DEBUG: isakmp_agg.c:161:agg_i1send(): authmethod is pre-shared key 2004-04-27 20:52:19: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add payload of len 52, next type 1 2004-04-27 20:52:19: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add payload of len 128, next type 4 2004-04-27 20:52:19: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add payload of len 16, next type 10 2004-04-27 20:52:19: DEBUG: isakmp.c:2130:set_isakmp_payload_c(): add payload of len 8, next type 5 2004-04-27 20:52:19: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 52:19.544602 10.0.0.1:500 -> 10.0.0.10:500: isakmp 1.0 msgid 00000000 cookie 055c6e2d1a6f5cf0->0000000000000000: phase 1 I agg: (sa: doi=ipsec situation=identity (p: #1 protoid=isakmp transform=1 (t: #1 id=ike (type=lifetype value=sec)(type=lifeduration len=4 value=00015180)(type=enc value=3des)(type=auth value=pr eshared)(type=hash value=sha1)(type=group desc value=modp1024)))) (ke: key len=128) (nonce: n len=16) (id: idtype=IPv4 protoid=udp port=500 len=4 10.0.0.1) 2004-04-27 20:52:19: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.0.0.1[500] 2004-04-27 20:52:19: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.0.0.1[500] 2004-04-27 20:52:19: DEBUG: sockmisc.c:425:sendfromto(): send packet to 10.0.0.10[500] 2004-04-27 20:52:19: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 248 bytes message will be sent to 10.0.0.10[500] 2004-04-27 20:52:19: DEBUG: plog.c:193:plogdump(): 055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 04000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 471292e7 904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 5f33aee7 8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 1e3cbdf7 34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd a6656857 a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 bf9a051a 8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001 2004-04-27 20:52:19: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 055c6e2d1a6f5cf0:0000000000000000 2004-04-27 20:52:29: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:52:29: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the acquire because ph2 found 2004-04-27 20:52:37: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:52:37: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the acquire because ph2 found 2004-04-27 20:52:40: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:52:40: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the acquire because ph2 found 2004-04-27 20:52:40: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.0.0.1[500] 2004-04-27 20:52:40: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.0.0.1[500] 2004-04-27 20:52:40: DEBUG: sockmisc.c:425:sendfromto(): send packet to 10.0.0.10[500] 2004-04-27 20:52:40: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 248 bytes message will be sent to 10.0.0.10[500] 2004-04-27 20:52:40: DEBUG: plog.c:193:plogdump(): 055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 04000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 471292e7 904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 5f33aee7 8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 1e3cbdf7 34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd a6656857 a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 bf9a051a 8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001 2004-04-27 20:52:43: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 055c6e2d1a6f5cf0:0000000000000000 2004-04-27 20:52:50: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:52:50: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the acquire because ph2 found 2004-04-27 20:52:53: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2 negotiation failed due to time up waiting for phase1. ESP 10 .0.0.10->10.0.0.1 2004-04-27 20:52:53: INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler. 2004-04-27 20:53:00: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:53:00: DEBUG: pfkey.c:1620:pk_recvacquire(): suitable outbound SP found: 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=ou t. 2004-04-27 20:53:00: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbfbff944: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in 2004-04-27 20:53:00: DEBUG: policy.c:185:cmpspidxstrict(): db :0x80a1c08: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in 2004-04-27 20:53:00: DEBUG: pfkey.c:1636:pk_recvacquire(): suitable inbound SP found: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in. 2004-04-27 20:53:00: DEBUG: pfkey.c:1675:pk_recvacquire(): new acquire 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=out 2004-04-27 20:53:00: DEBUG: sainfo.c:112:getsainfo(): anonymous sainfo selected. 2004-04-27 20:53:00: DEBUG: proposal.c:828:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqi d=0:0) 2004-04-27 20:53:00: DEBUG: proposal.c:862:printsatrns(): (trns_id=3DES encklen=0 authtype=hmac-sha) 2004-04-27 20:53:00: DEBUG: proposal.c:862:printsatrns(): (trns_id=3DES encklen=0 authtype=hmac-md5) 2004-04-27 20:53:00: DEBUG: proposal.c:862:printsatrns(): (trns_id=BLOWFISH encklen=448 authtype=hmac-sha) 2004-04-27 20:53:00: DEBUG: proposal.c:862:printsatrns(): (trns_id=BLOWFISH encklen=448 authtype=hmac-md5) 2004-04-27 20:53:06: DEBUG: proposal.c:862:printsatrns(): (trns_id=RIJNDAEL encklen=128 authtype=hmac-sha) 2004-04-27 20:53:06: DEBUG: proposal.c:862:printsatrns(): (trns_id=RIJNDAEL encklen=128 authtype=hmac-md5) 2004-04-27 20:53:06: DEBUG: remoteconf.c:129:getrmconf(): anonymous configuration selected for 10.0.0.10. 2004-04-27 20:53:06: INFO: isakmp.c:1713:isakmp_post_acquire(): request for establishing IPsec-SA was queued due to no phase1 found . 2004-04-27 20:53:06: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.0.0.1[500] 2004-04-27 20:53:06: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.0.0.1[500] 2004-04-27 20:53:06: DEBUG: sockmisc.c:425:sendfromto(): send packet to 10.0.0.10[500] 2004-04-27 20:53:06: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 248 bytes message will be sent to 10.0.0.10[500] 2004-04-27 20:53:06: DEBUG: plog.c:193:plogdump(): 055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 04000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 471292e7 904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 5f33aee7 8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 1e3cbdf7 34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd a6656857 a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 bf9a051a 8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001 2004-04-27 20:53:06: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 055c6e2d1a6f5cf0:0000000000000000 2004-04-27 20:53:06: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:53:06: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the acquire because ph2 found 2004-04-27 20:53:13: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:53:13: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the acquire because ph2 found 2004-04-27 20:53:24: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:53:24: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the acquire because ph2 found 2004-04-27 20:53:26: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.0.0.1[500] 2004-04-27 20:53:26: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.0.0.1[500] 2004-04-27 20:53:26: DEBUG: sockmisc.c:425:sendfromto(): send packet to 10.0.0.10[500] 2004-04-27 20:53:26: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 248 bytes message will be sent to 10.0.0.10[500] 2004-04-27 20:53:26: DEBUG: plog.c:193:plogdump(): 055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 04000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 471292e7 904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 5f33aee7 8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 1e3cbdf7 34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd a6656857 a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 bf9a051a 8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001 2004-04-27 20:53:26: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 055c6e2d1a6f5cf0:0000000000000000 2004-04-27 20:53:34: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:53:34: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the acquire because ph2 found 2004-04-27 20:53:37: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2 negotiation failed due to time up waiting for phase1. ESP 10 .0.0.10->10.0.0.1 2004-04-27 20:53:37: INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler. 2004-04-27 20:53:45: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:53:45: DEBUG: pfkey.c:1620:pk_recvacquire(): suitable outbound SP found: 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=ou t. 2004-04-27 20:53:45: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbfbff944: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in 2004-04-27 20:53:45: DEBUG: policy.c:185:cmpspidxstrict(): db :0x80a1c08: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in 2004-04-27 20:53:45: DEBUG: pfkey.c:1636:pk_recvacquire(): suitable inbound SP found: 10.0.0.0/24[0] 0.0.0.0/0[0] proto=any dir=in. 2004-04-27 20:53:45: DEBUG: pfkey.c:1675:pk_recvacquire(): new acquire 0.0.0.0/0[0] 10.0.0.0/24[0] proto=any dir=out 2004-04-27 20:53:45: DEBUG: sainfo.c:112:getsainfo(): anonymous sainfo selected. 2004-04-27 20:53:45: DEBUG: proposal.c:828:printsaproto(): (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqi d=0:0) 2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns(): (trns_id=3DES encklen=0 authtype=hmac-sha) 2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns(): (trns_id=3DES encklen=0 authtype=hmac-md5) 2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns(): (trns_id=BLOWFISH encklen=448 authtype=hmac-sha) 2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns(): (trns_id=BLOWFISH encklen=448 authtype=hmac-md5) 2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns(): (trns_id=RIJNDAEL encklen=128 authtype=hmac-sha) 2004-04-27 20:53:45: DEBUG: proposal.c:862:printsatrns(): (trns_id=RIJNDAEL encklen=128 authtype=hmac-md5) 2004-04-27 20:53:45: DEBUG: remoteconf.c:129:getrmconf(): anonymous configuration selected for 10.0.0.10. 2004-04-27 20:53:45: INFO: isakmp.c:1713:isakmp_post_acquire(): request for establishing IPsec-SA was queued due to no phase1 found . 2004-04-27 20:53:46: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:53:46: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the acquire because ph2 found 2004-04-27 20:53:46: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.0.0.1[500] 2004-04-27 20:53:46: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.0.0.1[500] 2004-04-27 20:53:46: DEBUG: sockmisc.c:425:sendfromto(): send packet to 10.0.0.10[500] 2004-04-27 20:53:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 248 bytes message will be sent to 10.0.0.10[500] 2004-04-27 20:53:46: DEBUG: plog.c:193:plogdump(): 055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 04000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 471292e7 904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 5f33aee7 8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 1e3cbdf7 34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd a6656857 a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 bf9a051a 8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001 2004-04-27 20:53:46: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 055c6e2d1a6f5cf0:0000000000000000 2004-04-27 20:53:57: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:53:57: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the acquire because ph2 found 2004-04-27 20:54:06: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.0.0.1[500] 2004-04-27 20:54:06: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.0.0.1[500] 2004-04-27 20:54:06: DEBUG: sockmisc.c:425:sendfromto(): send packet to 10.0.0.10[500] 2004-04-27 20:54:06: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 248 bytes message will be sent to 10.0.0.10[500] 2004-04-27 20:54:06: DEBUG: plog.c:193:plogdump(): 055c6e2d 1a6f5cf0 00000000 00000000 01100400 00000000 000000f8 04000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00015180 80010005 80030001 80020002 80040002 0a000084 740d9432 471292e7 904d632f 29a2f3a5 aebdac90 1890488c ed630ccc a630afea 2c12c7c7 5f33aee7 8cab687d e03c0f84 28267175 3674acaf 3105339b 0796e4df 737fcac3 1e3cbdf7 34d1fe6d 0d65c16c 7f0125e6 7a71e10d 55473f4f 6ec53f95 b4d786bd a6656857 a377e251 bedcea49 05cd8477 ff460c16 fbfcd342 aea5ac79 05000014 bf9a051a 8cbfbef6 30991dd7 190ff373 0000000c 011101f4 0a000001 2004-04-27 20:54:06: DEBUG: isakmp.c:1459:isakmp_ph1resend(): resend phase1 packet 055c6e2d1a6f5cf0:0000000000000000 2004-04-27 20:54:07: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey ACQUIRE message 2004-04-27 20:54:07: DEBUG: pfkey.c:1604:pk_recvacquire(): ignore the acquire because ph2 found ^C2004-04-27 20:54:10: INFO: session.c:299:check_sigreq(): caught signal 2 2004-04-27 20:54:10: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey FLUSH message 2004-04-27 20:54:10: DEBUG: schedule.c:210:sched_scrub_param(): an undead schedule has been deleted. 2004-04-27 20:54:11: DEBUG: pfkey.c:333:pfkey_dump_sadb(): call pfkey_send_dump 2004-04-27 20:54:11: DEBUG: schedule.c:210:sched_scrub_param(): an undead schedule has been deleted. 2004-04-27 20:54:11: INFO: session.c:180:close_session(): racoon shutdown -- Dan Langille : http://www.langille.org/ BSDCan - http://www.bsdcan.org/