Date: Wed, 31 Jul 2002 08:33:20 +0200 From: "Cezary Nolewajka" <cno@m2mob.com> To: <freebsd-questions@freebsd.org> Subject: FreeBSD and CISCO Pix IPSec VPN - problem (long) Message-ID: <003301c2385c$29d1fed0$6500000a@getin.corp>
next in thread | raw e-mail | index | archive | help
Hello everybody,
I have a general problem setting up a IPSec VPN connection between freebsd
and a cisco router/pix.
I got to the stage where both machines can see each other, start the
negotiation phase 1 that succeeds and fail at the stage 2. The racoon -F
info says that get_ph2approvalx(): not matched and therefore no policy is
found.
It seems that I have a problem with my or Pixes configuration. I browsed all
the net
archives and pages I could have found on the VPN/IPSec freebsd installation
and configuration and failed to find a solution.
If there is anything that you could suggest or even solved such a problem, I
would be grateful for any kind of help or support.
Below I attached some of the configuration and debugging information
concerning the IPSec setup.
Regards,
Cezary Nolewajka
mailto:czarek@homemail.com
IFCONFIG:
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
inet6 fe80::2c0:dfff:fe13:c4b2%rl0 prefixlen 64 scopeid 0x1
ether 00:c0:df:13:c4:b2
media: Ethernet autoselect (100baseTX)
status: active
rl1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
inet xxx.xxx.xxx.70 netmask 0xffffff00 broadcast xxx.xxx.xxx.255
inet6 fe80::220:edff:fe32:2c79%rl1 prefixlen 64 scopeid 0x2
ether 00:20:ed:32:2c:79
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet xxx.xxx.xxx.70 --> yyy.yyy.yyy.62
inet6 fe80::2c0:dfff:fe13:c4b2%gif0 prefixlen 64 scopeid 0x8
inet 10.0.0.1 --> 192.168.5.55 netmask 0xffffff00
-------------------------------------------------------------------
SETKEY -PD
192.168.5.55[any] 10.0.0.1[any] any
in ipsec
esp/tunnel/yyy.yyy.yyy.62-xxx.xxx.xxx.70/require
spid=4 seq=1 pid=244
refcnt=1
10.0.0.1[any] 192.168.5.55[any] any
out ipsec
esp/tunnel/xxx.xxx.xxx.70-yyy.yyy.yyy.62/require
spid=3 seq=0 pid=244
refcnt=1
--------------------------------------------------------------------
GIFCONFIG:
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
inet6 fe80::2c0:dfff:fe13:c4b2%gif0 prefixlen 64
inet 10.0.0.1 --> 192.168.5.55 netmask 0xffffff00
physical address inet xxx.xxx.xxx.70 --> yyy.yyy.yyy.62
--------------------------------------------------------------------
RACOON.CONF:
# $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $
# "path" must be placed before it should be used.
# You can overwrite which you defined, but it should not use due to
confusing.
path include "/usr/local/etc/racoon" ;
#include "remote.conf" ;
# search this file for pre_shared_key with various ID key.
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
# racoon will look for certificate file in the directory,
# if the certificate/certificate request payload is received.
path certificate "/usr/local/etc/cert" ;
# "log" specifies logging level. It is followed by either "notify", "debug"
# or "debug2".
#log debug;
# "padding" defines some parameter of padding. You should not touch these.
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
# if no listen directive is specified, racoon will listen to all
# available interface addresses.
listen
{
isakmp xxx.xxx.xxx.70 [500];
#isakmp ::1 [7000];
#isakmp 202.249.11.124 [500];
#admin [7002]; # administrative's port by kmpstat.
#strict_address; # required all addresses must be bound.
}
# Specification of default various timer.
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.
# timer for waiting to complete each phase.
phase1 30 sec;
phase2 15 sec;
}
remote yyy.yyy.yyy.62 [500]
{
#exchange_mode aggressive,main;
exchange_mode main,aggressive;
doi ipsec_doi;
situation identity_only;
my_identifier address 10.0.0.1;
peers_identifier address 192.168.5.55;
nonce_size 16;
lifetime time 1 min; # sec,min,hour
#lifetime byte 5000 kb; # B,KB,GB
initial_contact on;
support_mip6 on;
proposal_check obey; # obey, strict or claim
proposal {
lifetime time 3600 sec;
encryption_algorithm des;
hash_algorithm md5;
authentication_method pre_shared_key ;
dh_group 1;
}
}
sainfo address xxx.xxx.xxx.70 any address yyy.yyy.yyy.62 any
{
pfs_group 1;
lifetime time 3600 sec;
#lifetime byte 50 MB;
encryption_algorithm des;
authentication_algorithm hmac_md5;
#authentication_algorithm non_auth;
compression_algorithm deflate;
}
remote anonymous
{
#exchange_mode main,aggressive;
exchange_mode aggressive,main;
doi ipsec_doi;
situation identity_only;
#my_identifier address;
my_identifier user_fqdn "sakane@kame.net";
peers_identifier user_fqdn "sakane@kame.net";
#certificate_type x509 "mycert" "mypriv";
nonce_size 16;
lifetime time 1 min; # sec,min,hour
initial_contact on;
support_mip6 on;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm des;
hash_algorithm md5;
authentication_method pre_shared_key ;
dh_group 1;
}
}
remote ::1 [8000]
{
#exchange_mode main,aggressive;
exchange_mode aggressive,main;
doi ipsec_doi;
situation identity_only;
my_identifier user_fqdn "sakane@kame.net";
peers_identifier user_fqdn "sakane@kame.net";
#certificate_type x509 "mycert" "mypriv";
nonce_size 16;
lifetime time 1 min; # sec,min,hour
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 1;
lifetime time 30 sec;
encryption_algorithm des ;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
sainfo address 203.178.141.209 any address 203.178.141.218 any
{
pfs_group 1;
lifetime time 30 sec;
encryption_algorithm des ;
authentication_algorithm hmac_md5;
compression_algorithm deflate ;
}
sainfo address ::1 icmp6 address ::1 icmp6
{
pfs_group 1;
lifetime time 60 sec;
encryption_algorithm 3des, cast128, blowfish 448, des ;
authentication_algorithm hmac_sha1, hmac_md5 ;
compression_algorithm deflate ;
}
--------------------------------------------------------------------------
NETSTAT -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default xxx.xxx.xxx.254 UGSc 3 179667 rl1
10/24 link#1 UC 2 0 rl0
10.0.0.100 00:c0:df:13:25:3b UHLW 0 8042 rl0 1187
10.0.0.101 00:c0:df:13:25:39 UHLW 4 39888 rl0 898
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.5.55 10.0.0.1 UH 0 392 gif0
212.244.99 link#2 UC 1 0 rl1
xxx.xxx.xxx.254 00:50:73:09:f0:81 UHLW 2 0 rl1 1194
Internet6:
Destination Gateway Flags
Netif Expire
::1 ::1 UH
lo0
fe80::%rl0/64 link#1 UC
rl0
fe80::2c0:dfff:fe13:c4b2%rl0 00:c0:df:13:c4:b2 UHL
lo0
fe80::%rl1/64 link#2 UC
rl1
fe80::220:edff:fe32:2c79%rl1 00:20:ed:32:2c:79 UHL
lo0
fe80::%lo0/64 fe80::1%lo0 Uc
lo0
fe80::1%lo0 link#4 UHL
lo0
fe80::%gif0/64 link#8 UC
gif0
fe80::2c0:dfff:fe13:c4b2%gif0 link#8 UHL
lo0
ff01::/32 ::1 U
lo0
ff02::%rl0/32 link#1 UC
rl0
ff02::%rl1/32 link#2 UC
rl1
ff02::%lo0/32 ::1 UC
lo0
ff02::%gif0/32 link#8 UC
gif0
--------------------------------------------------------------------------
RACOON -F:
Foreground mode.
2002-07-30 09:04:08: INFO: main.c:168:main(): @(#)package version
freebsd-20020507a
2002-07-30 09:04:08: INFO: main.c:170:main(): @(#)internal version 20001216
sakane@kame.net
2002-07-30 09:04:08: INFO: main.c:171:main(): @(#)This product linked
OpenSSL 0.9.6a 5 Apr 2001 (http://www.openssl.org/)
2002-07-30 09:04:08: INFO: isakmp.c:1357:isakmp_open(): xxx.xxx.xxx.70[500]
used as isakmp port (fd=6)
2002-07-30 09:04:15: INFO: isakmp.c:891:isakmp_ph1begin_r(): respond new
phase 1 negotiation: xxx.xxx.xxx.70[500]<=>yyy.yyy.yyy.62[500]
2002-07-30 09:04:15: INFO: isakmp.c:896:isakmp_ph1begin_r(): begin Identity
Protection mode.
2002-07-30 09:04:15: WARNING: ipsec_doi.c:3059:ipsecdoi_checkid1(): ID value
mismatched.
2002-07-30 09:04:15: INFO: isakmp.c:2409:log_ph1established(): ISAKMP-SA
established xxx.xxx.xxx.70[500]-yyy.yyy.yyy.62[500]
spi:ac807c45add71aa6:fbc011c457a61849
2002-07-30 09:04:15: INFO: isakmp.c:1046:isakmp_ph2begin_r(): respond new
phase 2 negotiation: xxx.xxx.xxx.70[0]<=>yyy.yyy.yyy.62[0]
2002-07-30 09:04:15: ERROR: ipsec_doi.c:1001:get_ph2approvalx(): not matched
2002-07-30 09:04:15: ERROR: ipsec_doi.c:966:get_ph2approval(): no suitable
policy found.
2002-07-30 09:04:15: ERROR: isakmp.c:1060:isakmp_ph2begin_r(): failed to
pre-process packet.
2002-07-30 09:04:18: INFO: session.c:281:check_sigreq(): caught signal 2
2002-07-30 09:04:19: INFO: session.c:180:close_session(): racoon shutdown
-------------------------------------------------------------------
RACOON -Fdd:
Foreground mode.
2002-07-30 09:07:43: INFO: main.c:168:main(): @(#)package version
freebsd-20020507a
2002-07-30 09:07:43: INFO: main.c:170:main(): @(#)internal version 20001216
sakane@kame.net
2002-07-30 09:07:43: INFO: main.c:171:main(): @(#)This product linked
OpenSSL 0.9.6a 5 Apr 2001 (http://www.openssl.org/)
2002-07-30 09:07:43: DEBUG: pfkey.c:368:pfkey_init(): call
pfkey_send_register for AH
2002-07-30 09:07:43: DEBUG: pfkey.c:368:pfkey_init(): call
pfkey_send_register for ESP
2002-07-30 09:07:43: DEBUG: pfkey.c:368:pfkey_init(): call
pfkey_send_register for IPCOMP
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:111:yylex(): begin <5>path
2002-07-30 09:07:43: DEBUG2: cftoken.l:112:yylex(): <5>
2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <5>
2002-07-30 09:07:43: DEBUG2: cftoken.l:120:yylex(): begin <3>;
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:111:yylex(): begin <5>path
2002-07-30 09:07:43: DEBUG2: cftoken.l:114:yylex(): <5>
2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <5>
2002-07-30 09:07:43: DEBUG2: cftoken.l:120:yylex(): begin <3>;
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:111:yylex(): begin <5>path
2002-07-30 09:07:43: DEBUG2: cftoken.l:116:yylex(): <5>
2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <5>
2002-07-30 09:07:43: DEBUG2: cftoken.l:120:yylex(): begin <3>;
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:143:yylex(): begin <11>padding
2002-07-30 09:07:43: DEBUG2: cftoken.l:147:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:145:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:248:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:148:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:248:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:149:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:248:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <11>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:153:yylex(): begin <13>listen
2002-07-30 09:07:43: DEBUG2: cftoken.l:155:yylex(): <13>
2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <13>
2002-07-30 09:07:43: DEBUG2: cftoken.l:261:yylex(): <13>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <13>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <13>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <13>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <13>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <3>
2002-07-30 09:07:43: DEBUG2: cftoken.l:161:yylex(): begin <15>timer
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:163:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:164:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:165:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:166:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:167:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <15>
2002-07-30 09:07:43: DEBUG2: cftoken.l:191:yylex(): begin <25>remote
2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <25>
2002-07-30 09:07:43: DEBUG2: cftoken.l:261:yylex(): <25>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:196:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:199:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:197:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:200:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:201:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:202:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:203:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:204:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:208:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:209:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:219:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:230:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:231:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:342:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:222:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:247:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:221:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:247:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:223:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:224:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:234:yylex(): begin <29>proposal
2002-07-30 09:07:43: DEBUG2: cftoken.l:237:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:238:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:240:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:242:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:301:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:241:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:320:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:243:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cfparse.y:1172:set_isakmp_proposal(): lifetime
= 3600
2002-07-30 09:07:43: DEBUG2: cfparse.y:1175:set_isakmp_proposal(): lifebyte
= 0
2002-07-30 09:07:43: DEBUG2: cfparse.y:1178:set_isakmp_proposal(): encklen=0
2002-07-30 09:07:43: DEBUG2: cfparse.y:1241:expand_isakmpspec(): p:1 t:1
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): DES-CBC(1)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): MD5(1)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 768-bit
MODP group(1)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): pre-shared
key(1)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1252:expand_isakmpspec():
2002-07-30 09:07:43: DEBUG: algorithm.c:610:alg_oakley_dhdef():
hmac(modp768)
2002-07-30 09:07:43: DEBUG2: cftoken.l:171:yylex(): begin <21>sainfo
2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:174:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:174:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:179:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:182:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:183:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:185:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:186:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:294:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:187:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:308:yylex(): <23>
2002-07-30 09:07:43: DEBUG: pfkey.c:2240:pk_checkalg(): compression
algorithm can not be checked because sadb message doesn't support it.
2002-07-30 09:07:43: DEBUG2: cftoken.l:191:yylex(): begin <25>remote
2002-07-30 09:07:43: DEBUG2: cftoken.l:192:yylex(): <25>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:196:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:200:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:197:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:199:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:201:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:202:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:203:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:204:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:208:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:329:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:209:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:329:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:219:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:230:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:231:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:342:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:222:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:247:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:221:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:247:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:223:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:224:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:234:yylex(): begin <29>proposal
2002-07-30 09:07:43: DEBUG2: cftoken.l:240:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:242:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:301:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:241:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:320:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:243:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cfparse.y:1172:set_isakmp_proposal(): lifetime
= 60
2002-07-30 09:07:43: DEBUG2: cfparse.y:1175:set_isakmp_proposal(): lifebyte
= 0
2002-07-30 09:07:43: DEBUG2: cfparse.y:1178:set_isakmp_proposal(): encklen=0
2002-07-30 09:07:43: DEBUG2: cfparse.y:1241:expand_isakmpspec(): p:1 t:1
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): DES-CBC(1)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): MD5(1)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 768-bit
MODP group(1)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): pre-shared
key(1)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1252:expand_isakmpspec():
2002-07-30 09:07:43: DEBUG: algorithm.c:610:alg_oakley_dhdef():
hmac(modp768)
2002-07-30 09:07:43: DEBUG2: cftoken.l:191:yylex(): begin <25>remote
2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <25>
2002-07-30 09:07:43: DEBUG2: cftoken.l:261:yylex(): <25>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:196:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:200:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:197:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:199:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:201:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:202:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:203:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:204:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:208:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:329:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:209:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:329:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:382:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:219:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:230:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:231:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:342:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:421:yylex(): <27>
2002-07-30 09:07:43: DEBUG2: cftoken.l:234:yylex(): begin <29>proposal
2002-07-30 09:07:43: DEBUG2: cftoken.l:240:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:281:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:242:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:302:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:241:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:320:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:243:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <29>
2002-07-30 09:07:43: DEBUG2: cfparse.y:1172:set_isakmp_proposal(): lifetime
= 60
2002-07-30 09:07:43: DEBUG2: cfparse.y:1175:set_isakmp_proposal(): lifebyte
= 0
2002-07-30 09:07:43: DEBUG2: cfparse.y:1178:set_isakmp_proposal(): encklen=0
2002-07-30 09:07:43: DEBUG2: cfparse.y:1241:expand_isakmpspec(): p:1 t:1
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 3DES-CBC(5)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): SHA(2)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): 1024-bit
MODP group(2)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1245:expand_isakmpspec(): pre-shared
key(1)
2002-07-30 09:07:43: DEBUG2: cfparse.y:1252:expand_isakmpspec():
2002-07-30 09:07:43: DEBUG: algorithm.c:610:alg_oakley_dhdef():
hmac(modp1024)
2002-07-30 09:07:43: DEBUG2: cftoken.l:171:yylex(): begin <21>sainfo
2002-07-30 09:07:43: DEBUG2: cftoken.l:172:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:179:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:182:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:183:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:185:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:186:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:294:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:187:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:308:yylex(): <23>
2002-07-30 09:07:43: DEBUG: pfkey.c:2240:pk_checkalg(): compression
algorithm can not be checked because sadb message doesn't support it.
2002-07-30 09:07:43: DEBUG2: cftoken.l:171:yylex(): begin <21>sainfo
2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:174:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:174:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:179:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:182:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:183:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:185:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:186:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:294:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:187:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:308:yylex(): <23>
2002-07-30 09:07:43: DEBUG: pfkey.c:2240:pk_checkalg(): compression
algorithm can not be checked because sadb message doesn't support it.
2002-07-30 09:07:43: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo
selected.
2002-07-30 09:07:43: DEBUG2: cftoken.l:171:yylex(): begin <21>sainfo
2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:274:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:332:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:397:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:274:yylex(): <21>
2002-07-30 09:07:43: DEBUG2: cftoken.l:179:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:182:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:183:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:341:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:185:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:281:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:188:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:284:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:188:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:285:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:352:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:188:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:280:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:186:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:295:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:188:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:294:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:187:yylex(): <23>
2002-07-30 09:07:43: DEBUG2: cftoken.l:308:yylex(): <23>
2002-07-30 09:07:43: DEBUG: pfkey.c:2240:pk_checkalg(): compression
algorithm can not be checked because sadb message doesn't support it.
2002-07-30 09:07:43: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo
selected.
2002-07-30 09:07:43: DEBUG2: cfparse.y:1354:cfparse(): parse successed.
2002-07-30 09:07:43: INFO: isakmp.c:1357:isakmp_open(): xxx.xxx.xxx.70[500]
used as isakmp port (fd=6)
2002-07-30 09:07:43: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey X_SPDDUMP
message
2002-07-30 09:07:43: DEBUG2: plog.c:193:plogdump():
02120000 0f000100 01000000 01010000 03000500 ff200000 10020000 c0a80537
00000000 00000000 03000600 ff200000 10020000 0a000001 00000000 00000000
07001200 02000100 04000000 00000000 28003200 02020000 10020000 3ee99b3e
00000000 00000000 10020000 d4f46346 00000000 00000000
2002-07-30 09:07:43: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey X_SPDDUMP
message
2002-07-30 09:07:43: DEBUG2: plog.c:193:plogdump():
02120000 0f000100 00000000 01010000 03000500 ff200000 10020000 0a000001
00000000 00000000 03000600 ff200000 10020000 c0a80537 00000000 00000000
07001200 02000200 03000000 00000000 28003200 02020000 10020000 d4f46346
00000000 00000000 10020000 3ee99b3e 00000000 00000000
2002-07-30 09:07:43: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbfbff980:
10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out
2002-07-30 09:07:43: DEBUG: policy.c:185:cmpspidxstrict(): db :0x80a3c08:
192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in
2002-07-30 09:07:46: DEBUG: isakmp.c:218:isakmp_handler(): ===
2002-07-30 09:07:46: DEBUG: isakmp.c:219:isakmp_handler(): 116 bytes message
received from yyy.yyy.yyy.62[500]
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 00000000 00000000 01100200 00000000 00000074 00000058
00000001 00000001 0000004c 01010002 03000020 01010000 80010001 80020001
80040001 80030001 800b0001 800c03e8 00000024 02010000 80010001 80020001
80040002 80030001 800b0001 000c0004 00015180
2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
07:46.220551 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid
00000000: phase 1 I ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=2
(t: #1 id=ike (type=enc value=1des)(type=hash
value=md5)(type=group desc value=modp768)(type=auth
value=preshared)(type=lifetype value=sec)(type=lifeduration value=03e8))
(t: #2 id=ike (type=enc value=1des)(type=hash
value=md5)(type=group desc value=modp1024)(type=auth
value=preshared)(type=lifetype value=sec)(type=lifeduration len=4
value=00015180))))
2002-07-30 09:07:46: DEBUG: remoteconf.c:118:getrmconf(): configuration
found for yyy.yyy.yyy.62[500].
2002-07-30 09:07:46: DEBUG: isakmp.c:886:isakmp_ph1begin_r(): ===
2002-07-30 09:07:46: INFO: isakmp.c:891:isakmp_ph1begin_r(): respond new
phase 1 negotiation: xxx.xxx.xxx.70[500]<=>yyy.yyy.yyy.62[500]
2002-07-30 09:07:46: INFO: isakmp.c:896:isakmp_ph1begin_r(): begin Identity
Protection mode.
2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=1(sa)
2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1117:get_proppair(): total SA len=84
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
00000001 00000001 0000004c 01010002 03000020 01010000 80010001 80020001
80040001 80030001 800b0001 800c03e8 00000024 02010000 80010001 80020001
80040002 80030001 800b0001 000c0004 00015180
2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=2(prop)
2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1
len=76
2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=3(trns)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=3(trns)
2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1
len=32
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Hash
Algorithm, flag=0x8000, lorv=MD5
2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Group
Description, flag=0x8000, lorv=768-bit MODP group
2002-07-30 09:07:46: DEBUG: algorithm.c:610:alg_oakley_dhdef():
hmac(modp768)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
type=Authentication Method, flag=0x8000, lorv=pre-shared key
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Life
Type, flag=0x8000, lorv=seconds
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Life
Duration, flag=0x8000, lorv=1000
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1311:get_transform(): transform #2
len=36
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Hash
Algorithm, flag=0x8000, lorv=MD5
2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Group
Description, flag=0x8000, lorv=1024-bit MODP group
2002-07-30 09:07:46: DEBUG: algorithm.c:610:alg_oakley_dhdef():
hmac(modp1024)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp():
type=Authentication Method, flag=0x8000, lorv=pre-shared key
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Life
Type, flag=0x8000, lorv=seconds
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1870:check_attr_isakmp(): type=Life
Duration, flag=0x0000, lorv=4
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1213:get_proppair(): pair 1:
2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a96f0:
next=0x0 tnext=0x80a9700
2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a9700:
next=0x0 tnext=0x0
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1248:get_proppair(): proposal #1: 2
transform
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:322:get_ph1approvalx(): prop#=1,
prot-id=ISAKMP, spi-size=0, #trns=2
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:327:get_ph1approvalx(): trns#=1,
trns-id=IKE
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Encryption
Algorithm, flag=0x8000, lorv=DES-CBC
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Hash
Algorithm, flag=0x8000, lorv=MD5
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Group
Description, flag=0x8000, lorv=768-bit MODP group
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa():
type=Authentication Method, flag=0x8000, lorv=pre-shared key
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Life Type,
flag=0x8000, lorv=seconds
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:491:t2isakmpsa(): type=Life
Duration, flag=0x8000, lorv=1000
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:338:get_ph1approvalx(): Compared:
DB:Peer
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:339:get_ph1approvalx(): (lifetime =
3600:1000)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:341:get_ph1approvalx(): (lifebyte =
0:0)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:343:get_ph1approvalx(): enctype =
DES-CBC:DES-CBC
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:348:get_ph1approvalx(): (encklen =
0:0)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:350:get_ph1approvalx(): hashtype =
MD5:MD5
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:355:get_ph1approvalx(): authmethod =
pre-shared key:pre-shared key
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:360:get_ph1approvalx(): dh_group =
768-bit MODP group:768-bit MODP group
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:248:get_ph1approval(): an acceptable
proposal found.
2002-07-30 09:07:46: DEBUG: algorithm.c:610:alg_oakley_dhdef():
hmac(modp768)
2002-07-30 09:07:46: DEBUG: isakmp.c:1993:isakmp_newcookie(): new cookie:
1cbebccdd7441a4e
2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload
of len 48, next type 13
2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload
of len 16, next type 0
2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
07:46.226428 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid
00000000: phase 1 ? ident:
(sa: doi=ipsec situation=identity
(p: #1 protoid=isakmp transform=1
(t: #1 id=ike (type=enc value=1des)(type=hash
value=md5)(type=group desc value=modp768)(type=auth
value=preshared)(type=lifetype value=sec)(type=lifeduration value=03e8))))
(vid: len=16)
2002-07-30 09:07:46: DEBUG: sockmisc.c:421:sendfromto(): sockname
xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:423:sendfromto(): send packet from
xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:425:sendfromto(): send packet to
yyy.yyy.yyy.62[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 100
bytes message will be sent to xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 01100200 00000000 00000064 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 80010001 80020001
80040001 80030001 800b0001 800c03e8 00000014 7003cbc1 097dbe9c 2600ba69
83bc8b35
2002-07-30 09:07:46: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1
packet ac807c45f47b274e:1cbebccdd7441a4e
2002-07-30 09:07:46: DEBUG: isakmp.c:218:isakmp_handler(): ===
2002-07-30 09:07:46: DEBUG: isakmp.c:219:isakmp_handler(): 212 bytes message
received from yyy.yyy.yyy.62[500]
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 04100200 00000000 000000d4 0a000064
486715dc 44d25140 6ca35a57 df22dc3a b9837719 379befd2 cc9d9c8c af993d73
132264a0 e4ab1996 befda8ef 2d247d0e 7244599c 8ef6745d f1d7ed1b 63ff914f
00811077 2aa9271c dc31ef48 3cc4ca0f 71c5e3ec 5bad14d1 07c15935 5cf94e16
0d000018 a9094684 20cd129a 17c060a0 34b7dcce 84b8a709 0d000014 12f5f28c
457168a9 702d9fe2 74cc0100 0d000014 afcad713 68a1f1c9 6b8696fc 77570100
00000014 5947db58 f47a274e 2def7ef9 16043e84
2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
07:46.399235 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid
00000000: phase 1 ? ident:
(ke: key len=96)
(nonce: n len=20)
(vid: len=16)
(vid: len=16)
(vid: len=16)
2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=4(ke)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=10(nonce)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=13(vid)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=13(vid)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=13(vid)
2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:07:46: DEBUG: vendorid.c:137:check_vendorid(): received
unknown Vendor ID
2002-07-30 09:07:46: DEBUG: vendorid.c:137:check_vendorid(): received
unknown Vendor ID
2002-07-30 09:07:46: DEBUG: vendorid.c:137:check_vendorid(): received
unknown Vendor ID
2002-07-30 09:07:46: DEBUG: isakmp.c:619:ph1_main(): ===
2002-07-30 09:07:46: DEBUG: oakley.c:253:oakley_dh_generate(): compute DH's
private.
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
908b98ff 05c1efee 7298107e ed9fd8fb 85cdff0b 6ac35727 d8e62fb3 0b3c26c1
a5183e1d 572da52b 45e72727 8fa588bd 358a86a3 bde77383 2fd9f399 584f91fe
d1d425f5 01462d6d 029568c2 3ff3a938 4b3e862c 25f8a891 0cef1fad 63739fd9
2002-07-30 09:07:46: DEBUG: oakley.c:255:oakley_dh_generate(): compute DH's
public.
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
b1c97422 df5cfce0 b2840737 44b3b39d 9bc2c97a 8100c4d7 24232cf8 cdf2cef5
7edfa229 460b9ae0 6389f27c a6d5e85a 7610edf5 82407c42 6378a620 4be786a9
e583b90e fa304d0a 745fdf5c 29311d37 7fe468f9 1a7ef909 ffe66326 06089be2
2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload
of len 96, next type 10
2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload
of len 16, next type 13
2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload
of len 16, next type 0
2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
07:46.410241 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid
00000000: phase 1 ? ident:
(ke: key len=96)
(nonce: n len=16)
(vid: len=16)
2002-07-30 09:07:46: DEBUG: sockmisc.c:421:sendfromto(): sockname
xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:423:sendfromto(): send packet from
xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:425:sendfromto(): send packet to
yyy.yyy.yyy.62[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 168
bytes message will be sent to xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 04100200 00000000 000000a8 0a000064
b1c97422 df5cfce0 b2840737 44b3b39d 9bc2c97a 8100c4d7 24232cf8 cdf2cef5
7edfa229 460b9ae0 6389f27c a6d5e85a 7610edf5 82407c42 6378a620 4be786a9
e583b90e fa304d0a 745fdf5c 29311d37 7fe468f9 1a7ef909 ffe66326 06089be2
0d000014 b4ed1e16 d9d6141e f80a2221 cfe7eed7 00000014 7003cbc1 097dbe9c
2600ba69 83bc8b35
2002-07-30 09:07:46: DEBUG: isakmp.c:1446:isakmp_ph1resend(): resend phase1
packet ac807c45f47b274e:1cbebccdd7441a4e
2002-07-30 09:07:46: DEBUG: oakley.c:207:oakley_dh_compute(): compute DH's
shared.
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
4926bc0c adffe6c5 6ddb32b1 6f38ccfe cd084394 fca9cd1d 32e5b380 70e3e9f9
3afd38e8 2a7c1719 c7e3b2cd 32d69873 6da5ec51 7faf449d 8fcbb7ff 820dc82a
86f443d5 493e35b6 c413fb29 414af10d 9994783f f7bbf37c 49ea69bc 580229ca
2002-07-30 09:07:46: DEBUG: oakley.c:2057:oakley_skeyid(): the psk found.
2002-07-30 09:07:46: DEBUG2: oakley.c:2059:oakley_skeyid(): psk: 2002-07-30
09:07:46: DEBUG2: plog.c:193:plogdump():
6c61637a 65476574 696e
2002-07-30 09:07:46: DEBUG: oakley.c:2072:oakley_skeyid(): nonce 1:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
a9094684 20cd129a 17c060a0 34b7dcce 84b8a709
2002-07-30 09:07:46: DEBUG: oakley.c:2078:oakley_skeyid(): nonce 2:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
b4ed1e16 d9d6141e f80a2221 cfe7eed7
2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:07:46: DEBUG: oakley.c:2131:oakley_skeyid(): SKEYID computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
7507b71b fd1332ac ca68d489 c3229244
2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:07:46: DEBUG: oakley.c:2188:oakley_skeyid_dae(): SKEYID_d
computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
cf8be12f 8dd5d3a5 8f8b1308 db0202c4
2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:07:46: DEBUG: oakley.c:2217:oakley_skeyid_dae(): SKEYID_a
computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
c72e1994 2d3299fa f631fa5c 27686996
2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:07:46: DEBUG: oakley.c:2246:oakley_skeyid_dae(): SKEYID_e
computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
b5a9e14b 687a9d70 42cf9cf2 b1de0b80
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2002-07-30 09:07:46: DEBUG: oakley.c:2388:oakley_compute_enckey(): final
encryption key computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
b5a9e14b 687a9d70
2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2499:oakley_newiv(): IV computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
a08856be 34147be4
2002-07-30 09:07:46: DEBUG: isakmp.c:218:isakmp_handler(): ===
2002-07-30 09:07:46: DEBUG: isakmp.c:219:isakmp_handler(): 68 bytes message
received from yyy.yyy.yyy.62[500]
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 05100201 00000000 00000044 f7875931
69c9fd66 45c227c0 ae1cce73 3e4f1904 91c81b43 34373f77 19056fa5 a7eeef5c
6570a19e
2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
07:46.552469 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid
00000000: phase 1 ? ident[E]: [|id]
2002-07-30 09:07:46: DEBUG: oakley.c:2619:oakley_do_decrypt(): begin
decryption.
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2633:oakley_do_decrypt(): IV was saved
for next processing:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
a7eeef5c 6570a19e
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2658:oakley_do_decrypt(): with key:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
b5a9e14b 687a9d70
2002-07-30 09:07:46: DEBUG: oakley.c:2666:oakley_do_decrypt(): decrypted
payload by IV:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
a08856be 34147be4
2002-07-30 09:07:46: DEBUG: oakley.c:2669:oakley_do_decrypt(): decrypted
payload, but not trimed.
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
0800000c 011101f4 3ee99b3e 00000014 cdc1e40e d2fc0913 b6ef2a19 8c713253
00000000 00000000
2002-07-30 09:07:46: DEBUG: oakley.c:2678:oakley_do_decrypt(): padding len=0
2002-07-30 09:07:46: DEBUG: oakley.c:2692:oakley_do_decrypt(): skip to trim
padding.
2002-07-30 09:07:46: DEBUG: oakley.c:2707:oakley_do_decrypt(): decrypted.
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 05100201 00000000 00000044 0800000c
011101f4 3ee99b3e 00000014 cdc1e40e d2fc0913 b6ef2a19 8c713253 00000000
00000000
2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
07:46.554039 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid
00000000: phase 1 ? ident:
(id: idtype=IPv4 protoid=udp port=500 len=4 yyy.yyy.yyy.62)
(hash: len=16)
2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=5(id)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=8(hash)
2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:07:46: WARNING: ipsec_doi.c:3059:ipsecdoi_checkid1(): ID value
mismatched.
2002-07-30 09:07:46: DEBUG: oakley.c:1159:oakley_validate_auth(): HASH
received:2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
cdc1e40e d2fc0913 b6ef2a19 8c713253
2002-07-30 09:07:46: DEBUG: oakley.c:864:oakley_ph1hash_common(): HASH with:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
486715dc 44d25140 6ca35a57 df22dc3a b9837719 379befd2 cc9d9c8c af993d73
132264a0 e4ab1996 befda8ef 2d247d0e 7244599c 8ef6745d f1d7ed1b 63ff914f
00811077 2aa9271c dc31ef48 3cc4ca0f 71c5e3ec 5bad14d1 07c15935 5cf94e16
b1c97422 df5cfce0 b2840737 44b3b39d 9bc2c97a 8100c4d7 24232cf8 cdf2cef5
7edfa229 460b9ae0 6389f27c a6d5e85a 7610edf5 82407c42 6378a620 4be786a9
e583b90e fa304d0a 745fdf5c 29311d37 7fe468f9 1a7ef909 ffe66326 06089be2
ac807c45 f47b274e 1cbebccd d7441a4e 00000001 00000001 0000004c 01010002
03000020 01010000 80010001 80020001 80040001 80030001 800b0001 800c03e8
00000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004
00015180 011101f4 3ee99b3e
2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:07:46: DEBUG: oakley.c:874:oakley_ph1hash_common(): HASH
computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
cdc1e40e d2fc0913 b6ef2a19 8c713253
2002-07-30 09:07:46: DEBUG: oakley.c:1190:oakley_validate_auth(): HASH for
PSK validated.
2002-07-30 09:07:46: DEBUG: isakmp_ident.c:1250:ident_r3recv(): peer's ID
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
011101f4 3ee99b3e
2002-07-30 09:07:46: DEBUG: isakmp.c:619:ph1_main(): ===
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3185:ipsecdoi_setid1(): use ID type
of IPv4_address
2002-07-30 09:07:46: DEBUG: isakmp_ident.c:1327:ident_r3send(): generate
HASH_R
2002-07-30 09:07:46: DEBUG: oakley.c:864:oakley_ph1hash_common(): HASH with:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
b1c97422 df5cfce0 b2840737 44b3b39d 9bc2c97a 8100c4d7 24232cf8 cdf2cef5
7edfa229 460b9ae0 6389f27c a6d5e85a 7610edf5 82407c42 6378a620 4be786a9
e583b90e fa304d0a 745fdf5c 29311d37 7fe468f9 1a7ef909 ffe66326 06089be2
486715dc 44d25140 6ca35a57 df22dc3a b9837719 379befd2 cc9d9c8c af993d73
132264a0 e4ab1996 befda8ef 2d247d0e 7244599c 8ef6745d f1d7ed1b 63ff914f
00811077 2aa9271c dc31ef48 3cc4ca0f 71c5e3ec 5bad14d1 07c15935 5cf94e16
1cbebccd d7441a4e ac807c45 f47b274e 00000001 00000001 0000004c 01010002
03000020 01010000 80010001 80020001 80040001 80030001 800b0001 800c03e8
00000024 02010000 80010001 80020001 80040002 80030001 800b0001 000c0004
00015180 011101f4 0a000001
2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:07:46: DEBUG: oakley.c:874:oakley_ph1hash_common(): HASH
computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
97cbfa45 9d6136c9 c059094f 3046ca17
2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload
of len 8, next type 8
2002-07-30 09:07:46: DEBUG: isakmp.c:2110:set_isakmp_payload(): add payload
of len 16, next type 0
2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
07:46.556746 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid
00000000: phase 1 ? ident:
(id: idtype=IPv4 protoid=udp port=500 len=4 10.0.0.1)
(hash: len=16)
2002-07-30 09:07:46: DEBUG: oakley.c:2742:oakley_do_encrypt(): begin
encryption.
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2758:oakley_do_encrypt(): pad length =
8
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
0800000c 011101f4 0a000001 00000014 97cbfa45 9d6136c9 c059094f 3046ca17
00000000 00000008
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2793:oakley_do_encrypt(): with key:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
b5a9e14b 687a9d70
2002-07-30 09:07:46: DEBUG: oakley.c:2801:oakley_do_encrypt(): encrypted
payload by IV:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
a7eeef5c 6570a19e
2002-07-30 09:07:46: DEBUG: oakley.c:2808:oakley_do_encrypt(): save IV for
next:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
5dd5e325 f1e6fcf2
2002-07-30 09:07:46: DEBUG: oakley.c:2825:oakley_do_encrypt(): encrypted.
2002-07-30 09:07:46: DEBUG: sockmisc.c:421:sendfromto(): sockname
xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:423:sendfromto(): send packet from
xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:425:sendfromto(): send packet to
yyy.yyy.yyy.62[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 68 bytes
message will be sent to xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 05100201 00000000 00000044 5c23fae9
69caff06 e00b5a07 459c99d4 d41a4ef7 f4e9a8d2 cc28bebf 6fd25ff8 5dd5e325
f1e6fcf2
2002-07-30 09:07:46: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for
phase2
2002-07-30 09:07:46: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
5dd5e325 f1e6fcf2 f589c125
2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV
computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
28555ac9 47919cd4
2002-07-30 09:07:46: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
f589c125 0000001c 00000001 01106002 ac807c45 f47b274e 1cbebccd d7441a4e
2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:07:46: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH
computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
4ebb3dd5 a02f5972 274fb122 3ea58c9e
2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
07:46.559544 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid
f589c125: phase 2/others ? inf:
(hash: len=16)
(n: doi=ipsec proto=isakmp type=INITIAL-CONTACT
spi=ac807c45f47b274e1cbebccdd7441a4e)
2002-07-30 09:07:46: DEBUG: oakley.c:2742:oakley_do_encrypt(): begin
encryption.
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2758:oakley_do_encrypt(): pad length =
8
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
0b000014 4ebb3dd5 a02f5972 274fb122 3ea58c9e 0000001c 00000001 01106002
ac807c45 f47b274e 1cbebccd d7441a4e 00000000 00000008
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2793:oakley_do_encrypt(): with key:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
b5a9e14b 687a9d70
2002-07-30 09:07:46: DEBUG: oakley.c:2801:oakley_do_encrypt(): encrypted
payload by IV:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
28555ac9 47919cd4
2002-07-30 09:07:46: DEBUG: oakley.c:2808:oakley_do_encrypt(): save IV for
next:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
756eb00a 0162c137
2002-07-30 09:07:46: DEBUG: oakley.c:2825:oakley_do_encrypt(): encrypted.
2002-07-30 09:07:46: DEBUG: sockmisc.c:421:sendfromto(): sockname
xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:423:sendfromto(): send packet from
xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:425:sendfromto(): send packet to
yyy.yyy.yyy.62[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 84 bytes
message will be sent to xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 08100501 f589c125 00000054 9efb20ea
b4964749 9fed8b66 b3d52a48 27f8be3f 9340c545 19c2bd9f 3a727d40 1e39992e
7797e0fd 7ec27388 fab9f2e3 756eb00a 0162c137
2002-07-30 09:07:46: DEBUG: isakmp_inf.c:634:isakmp_info_send_common():
sendto Information notify.
2002-07-30 09:07:46: INFO: isakmp.c:2409:log_ph1established(): ISAKMP-SA
established xxx.xxx.xxx.70[500]-yyy.yyy.yyy.62[500]
spi:ac807c45f47b274e:1cbebccdd7441a4e
2002-07-30 09:07:46: DEBUG: isakmp.c:666:ph1_main(): ===
2002-07-30 09:07:46: DEBUG: isakmp.c:218:isakmp_handler(): ===
2002-07-30 09:07:46: DEBUG: isakmp.c:219:isakmp_handler(): 316 bytes message
received from yyy.yyy.yyy.62[500]
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 08102001 fe990af1 0000013c 76f9b209
919ce0a2 de383664 35b616c1 726a7c94 32d7a814 500abea9 50824e57 457dbee0
1f5de584 dfbca6c1 ab8eab18 94426b19 c6a5b814 f71c7093 7f3e9d6f 797ec813
0fb3f604 b507f03a d0b992c8 d655654c a0badc5d 56c90f82 21f019bb 1c1861a5
44ea240f 5d465476 409fde28 2f0d9e9e 507c1588 f43a6bdc 48d64e90 af79c269
c45d3273 e4929e86 a6ae982d 2e99d9f8 20723048 6ee0022e e21886ee 55f2f730
0b07ed0f 4f34a001 11bf3119 dbc883df 95dd7b83 be475fa0 cba7e6c5 cc8ab740
a80149e1 8ac96d1d 9d4a6f54 24f510e9 500d51f4 c66b71a9 d68757f9 65cdced2
7c7e5f45 78af9dc6 834882f8 6081a76a fb50acbc a245800e 1b6051f6 9620e8cd
1bb2a20b ce850e0b 7b71cddc 4bc8e714 d3f8e787 ab2b314c cb749e52
2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
07:46.727837 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid
fe990af1: phase 2/others ? oakley-quick[E]: [|hash]
2002-07-30 09:07:46: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for
phase2
2002-07-30 09:07:46: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
5dd5e325 f1e6fcf2 fe990af1
2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV
computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
54bd5a4e 41e2d3b7
2002-07-30 09:07:46: DEBUG: isakmp.c:1041:isakmp_ph2begin_r(): ===
2002-07-30 09:07:46: INFO: isakmp.c:1046:isakmp_ph2begin_r(): respond new
phase 2 negotiation: xxx.xxx.xxx.70[0]<=>yyy.yyy.yyy.62[0]
2002-07-30 09:07:46: DEBUG: oakley.c:2619:oakley_do_decrypt(): begin
decryption.
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2633:oakley_do_decrypt(): IV was saved
for next processing:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ab2b314c cb749e52
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2658:oakley_do_decrypt(): with key:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
b5a9e14b 687a9d70
2002-07-30 09:07:46: DEBUG: oakley.c:2666:oakley_do_decrypt(): decrypted
payload by IV:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
54bd5a4e 41e2d3b7
2002-07-30 09:07:46: DEBUG: oakley.c:2669:oakley_do_decrypt(): decrypted
payload, but not trimed.
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
01000014 f97e334c 259db005 0b2ca0b0 8eb56996 0a000074 00000001 00000001
02000034 01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080
80010002 00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8
00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000
80050001 80030001 04000018 68cd589f b6f640a9 ab51388e 739d559a d3debeed
05000064 5667f1b3 a1acea95 9fc21866 16b09c60 b6fb5011 69293d7e 5529ca69
3343df02 1857d238 eb743bc6 22525df7 56704e9b 212ff9b7 67ccfa06 f5fd33bf
3f0e51cf e3792910 bd2f905d 931c3ad4 10f8b30e a7e40354 1a2694a2 7dee64f1
a3766e7d 0500000c 01000000 c0a80537 0000000c 01000000 0a000001 00000000
2002-07-30 09:07:46: DEBUG: oakley.c:2678:oakley_do_decrypt(): padding len=0
2002-07-30 09:07:46: DEBUG: oakley.c:2692:oakley_do_decrypt(): skip to trim
padding.
2002-07-30 09:07:46: DEBUG: oakley.c:2707:oakley_do_decrypt(): decrypted.
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 08102001 fe990af1 0000013c 01000014
f97e334c 259db005 0b2ca0b0 8eb56996 0a000074 00000001 00000001 02000034
01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080 80010002
00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8 00000028
01020000 80040001 80010001 80027080 80010002 00020004 00465000 80050001
80030001 04000018 68cd589f b6f640a9 ab51388e 739d559a d3debeed 05000064
5667f1b3 a1acea95 9fc21866 16b09c60 b6fb5011 69293d7e 5529ca69 3343df02
1857d238 eb743bc6 22525df7 56704e9b 212ff9b7 67ccfa06 f5fd33bf 3f0e51cf
e3792910 bd2f905d 931c3ad4 10f8b30e a7e40354 1a2694a2 7dee64f1 a3766e7d
0500000c 01000000 c0a80537 0000000c 01000000 0a000001 00000000
2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
07:46.730198 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid
fe990af1: phase 2/others ? oakley-quick:
(hash: len=16)
(sa: doi=ipsec situation=identity
(p: #1 protoid=ipsec-ah transform=1 spi=f17d1bfa
(t: #1 id=md5 (type=enc mode value=tunnel)(type=lifetype
value=sec)(type=life value=7080)(type=lifetype value=kb)(type=life len=4
value=00465000)(type=group desc value=modp768)(type=auth value=hmac-md5)))
(p: #1 protoid=ipsec-esp transform=1 spi=028a2fa8
(t: #1 id=1des (type=enc mode value=tunnel)(type=lifetype
value=sec)(type=life value=7080)(type=lifetype value=kb)(type=life len=4
value=00465000)(type=auth value=hmac-md5)(type=group desc value=modp768))))
(nonce: n len=20)
(ke: key len=96)
(id: idtype=IPv4 protoid=0 port=0 len=4 192.168.5.55)
(id: idtype=IPv4 protoid=0 port=0 len=4 10.0.0.1)
2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=8(hash)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=1(sa)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=10(nonce)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=4(ke)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=5(id)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=5(id)
2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1004:quick_r1recv(): received
IDci2:2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
01000000 c0a80537
2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1008:quick_r1recv(): received
IDcr2:2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
01000000 0a000001
2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1023:quick_r1recv(): HASH(1)
validate:2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
f97e334c 259db005 0b2ca0b0 8eb56996
2002-07-30 09:07:46: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
fe990af1 0a000074 00000001 00000001 02000034 01020401 f17d1bfa 00000028
01020000 80040001 80010001 80027080 80010002 00020004 00465000 80030001
80050001 00000034 01030401 028a2fa8 00000028 01020000 80040001 80010001
80027080 80010002 00020004 00465000 80050001 80030001 04000018 68cd589f
b6f640a9 ab51388e 739d559a d3debeed 05000064 5667f1b3 a1acea95 9fc21866
16b09c60 b6fb5011 69293d7e 5529ca69 3343df02 1857d238 eb743bc6 22525df7
56704e9b 212ff9b7 67ccfa06 f5fd33bf 3f0e51cf e3792910 bd2f905d 931c3ad4
10f8b30e a7e40354 1a2694a2 7dee64f1 a3766e7d 0500000c 01000000 c0a80537
0000000c 01000000 0a000001
2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:07:46: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH
computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
f97e334c 259db005 0b2ca0b0 8eb56996
2002-07-30 09:07:46: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo
selected.
2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1815:get_sainfo_r(): get sa info:
anonymous
2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1993:get_proposal_r(): get a src
address from ID payload 192.168.5.55[0] prefixlen=32 ul_proto=255
2002-07-30 09:07:46: DEBUG: isakmp_quick.c:1998:get_proposal_r(): get dst
address from ID payload 10.0.0.1[0] prefixlen=32 ul_proto=255
2002-07-30 09:07:46: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0:
192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in
2002-07-30 09:07:46: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3c08:
192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in
2002-07-30 09:07:46: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff7b0 masked
with /32: 192.168.5.55[0]
2002-07-30 09:07:46: DEBUG: policy.c:246:cmpspidxwild(): 0x80a3c08 masked
with /32: 192.168.5.55[0]
2002-07-30 09:07:46: DEBUG: policy.c:260:cmpspidxwild(): 0xbfbff7b0 masked
with /32: 10.0.0.1[0]
2002-07-30 09:07:46: DEBUG: policy.c:262:cmpspidxwild(): 0x80a3c08 masked
with /32: 10.0.0.1[0]
2002-07-30 09:07:46: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0:
10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out
2002-07-30 09:07:46: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3c08:
192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in
2002-07-30 09:07:46: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0:
10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out
2002-07-30 09:07:46: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80b6008:
10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out
2002-07-30 09:07:46: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff7b0 masked
with /32: 10.0.0.1[0]
2002-07-30 09:07:46: DEBUG: policy.c:246:cmpspidxwild(): 0x80b6008 masked
with /32: 10.0.0.1[0]
2002-07-30 09:07:46: DEBUG: policy.c:260:cmpspidxwild(): 0xbfbff7b0 masked
with /32: 192.168.5.55[0]
2002-07-30 09:07:46: DEBUG: policy.c:262:cmpspidxwild(): 0x80b6008 masked
with /32: 192.168.5.55[0]
2002-07-30 09:07:46: DEBUG: isakmp_quick.c:2054:get_proposal_r(): suitable
SP found:10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out
2002-07-30 09:07:46: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP
spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2002-07-30 09:07:46: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES
encklen=0 authtype=1)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1117:get_proppair(): total SA
len=112
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
00000001 00000001 02000034 01020401 f17d1bfa 00000028 01020000 80040001
80010001 80027080 80010002 00020004 00465000 80030001 80050001 00000034
01030401 028a2fa8 00000028 01020000 80040001 80010001 80027080 80010002
00020004 00465000 80050001 80030001
2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=2(prop)
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=2(prop)
2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1
len=52
2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=3(trns)
2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1
len=40
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec():
type=Encription Mode, flag=0x8000, lorv=Tunnel
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Type, flag=0x8000, lorv=seconds
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Duration, flag=0x8000, lorv=28800
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2155:check_attr_ipsec(): life
duration was in TLV.
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Type, flag=0x8000, lorv=kilobytes
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Duration, flag=0x0000, lorv=4
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Group
Description, flag=0x8000, lorv=1
2002-07-30 09:07:46: DEBUG: algorithm.c:610:alg_oakley_dhdef():
hmac(modp768)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec():
type=Authentication Algorithm, flag=0x8000, lorv=1
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1
len=52
2002-07-30 09:07:46: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:07:46: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=3(trns)
2002-07-30 09:07:46: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1
len=40
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec():
type=Encription Mode, flag=0x8000, lorv=Tunnel
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Type, flag=0x8000, lorv=seconds
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Duration, flag=0x8000, lorv=28800
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2155:check_attr_ipsec(): life
duration was in TLV.
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Type, flag=0x8000, lorv=kilobytes
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Duration, flag=0x0000, lorv=4
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec():
type=Authentication Algorithm, flag=0x8000, lorv=1
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Group
Description, flag=0x8000, lorv=1
2002-07-30 09:07:46: DEBUG: algorithm.c:610:alg_oakley_dhdef():
hmac(modp768)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1213:get_proppair(): pair 1:
2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b30:
next=0x80a9b40 tnext=0x0
2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b40:
next=0x0 tnext=0x0
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:1248:get_proppair(): proposal #1: 2
transform
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:948:get_ph2approval(): begin compare
proposals.
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:954:get_ph2approval(): pair[1]:
0x80a9b30
2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b30:
next=0x80a9b40 tnext=0x0
2002-07-30 09:07:46: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b40:
next=0x0 tnext=0x0
2002-07-30 09:07:46: DEBUG: proposal.c:681:aproppair2saprop(): prop#=1
prot-id=AH spi-size=4 #trns=1 trns#=1 trns-id=MD5
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns():
type=Encription Mode, flag=0x8000, lorv=Tunnel
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Type, flag=0x8000, lorv=seconds
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Duration, flag=0x8000, lorv=28800
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Type, flag=0x8000, lorv=kilobytes
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Duration, flag=0x0000, lorv=4
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Group
Description, flag=0x8000, lorv=1
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns():
type=Authentication Algorithm, flag=0x8000, lorv=1
2002-07-30 09:07:46: DEBUG: proposal.c:681:aproppair2saprop(): prop#=1
prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=DES
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns():
type=Encription Mode, flag=0x8000, lorv=Tunnel
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Type, flag=0x8000, lorv=seconds
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Duration, flag=0x8000, lorv=28800
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Type, flag=0x8000, lorv=kilobytes
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Duration, flag=0x0000, lorv=4
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns():
type=Authentication Algorithm, flag=0x8000, lorv=1
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Group
Description, flag=0x8000, lorv=1
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:990:get_ph2approvalx(): peer's
single bundle:
2002-07-30 09:07:46: DEBUG: proposal.c:825:printsaproto(): (proto_id=AH
spisize=4 spi=f17d1bfa spi_p=00000000 encmode=Tunnel reqid=0:0)
2002-07-30 09:07:46: DEBUG: proposal.c:853:printsatrns(): (trns_id=MD5
authtype=1)
2002-07-30 09:07:46: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP
spisize=4 spi=028a2fa8 spi_p=00000000 encmode=Tunnel reqid=0:0)
2002-07-30 09:07:46: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES
encklen=0 authtype=1)
2002-07-30 09:07:46: DEBUG: ipsec_doi.c:993:get_ph2approvalx(): my single
bundle:
2002-07-30 09:07:46: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP
spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2002-07-30 09:07:46: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES
encklen=0 authtype=1)
2002-07-30 09:07:46: ERROR: ipsec_doi.c:1001:get_ph2approvalx(): not matched
2002-07-30 09:07:46: ERROR: ipsec_doi.c:966:get_ph2approval(): no suitable
policy found.
2002-07-30 09:07:46: ERROR: isakmp.c:1060:isakmp_ph2begin_r(): failed to
pre-process packet.
2002-07-30 09:07:46: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for
phase2
2002-07-30 09:07:46: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
5dd5e325 f1e6fcf2 edfe6e03
2002-07-30 09:07:46: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV
computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
09aa6ed9 c269e7f0
2002-07-30 09:07:46: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
edfe6e03 0000000c 00000001 0100000e
2002-07-30 09:07:46: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:07:46: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH
computed:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
d2819e13 837cf329 1739a7e9 72cd5bc6
2002-07-30 09:07:46: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
07:46.739906 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid
edfe6e03: phase 2/others ? inf:
(hash: len=16)
(n: doi=ipsec proto=isakmp type=NO-PROPOSAL-CHOSEN)
2002-07-30 09:07:46: DEBUG: oakley.c:2742:oakley_do_encrypt(): begin
encryption.
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2758:oakley_do_encrypt(): pad length =
8
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
0b000014 d2819e13 837cf329 1739a7e9 72cd5bc6 0000000c 00000001 0100000e
00000000 00000008
2002-07-30 09:07:46: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:07:46: DEBUG: oakley.c:2793:oakley_do_encrypt(): with key:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
b5a9e14b 687a9d70
2002-07-30 09:07:46: DEBUG: oakley.c:2801:oakley_do_encrypt(): encrypted
payload by IV:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
09aa6ed9 c269e7f0
2002-07-30 09:07:46: DEBUG: oakley.c:2808:oakley_do_encrypt(): save IV for
next:
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
43a22c70 16c217ae
2002-07-30 09:07:46: DEBUG: oakley.c:2825:oakley_do_encrypt(): encrypted.
2002-07-30 09:07:46: DEBUG: sockmisc.c:421:sendfromto(): sockname
xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:423:sendfromto(): send packet from
xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:425:sendfromto(): send packet to
yyy.yyy.yyy.62[500]
2002-07-30 09:07:46: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 68 bytes
message will be sent to xxx.xxx.xxx.70[500]
2002-07-30 09:07:46: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 08100501 edfe6e03 00000044 db426b51
13f99b7e 787698aa 4d1a5d7f 9e078d8b fa5bc9a1 a37f6102 063f2487 43a22c70
16c217ae
2002-07-30 09:07:46: DEBUG: isakmp_inf.c:634:isakmp_info_send_common():
sendto Information notify.
2002-07-30 09:08:01: DEBUG: isakmp.c:218:isakmp_handler(): ===
2002-07-30 09:08:01: DEBUG: isakmp.c:219:isakmp_handler(): 316 bytes message
received from yyy.yyy.yyy.62[500]
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 08102001 fe990af1 0000013c 76f9b209
919ce0a2 de383664 35b616c1 726a7c94 32d7a814 500abea9 50824e57 457dbee0
1f5de584 dfbca6c1 ab8eab18 94426b19 c6a5b814 f71c7093 7f3e9d6f 797ec813
0fb3f604 b507f03a d0b992c8 d655654c a0badc5d 56c90f82 21f019bb 1c1861a5
44ea240f 5d465476 409fde28 2f0d9e9e 507c1588 f43a6bdc 48d64e90 af79c269
c45d3273 e4929e86 a6ae982d 2e99d9f8 20723048 6ee0022e e21886ee 55f2f730
0b07ed0f 4f34a001 11bf3119 dbc883df 95dd7b83 be475fa0 cba7e6c5 cc8ab740
a80149e1 8ac96d1d 9d4a6f54 24f510e9 500d51f4 c66b71a9 d68757f9 65cdced2
7c7e5f45 78af9dc6 834882f8 6081a76a fb50acbc a245800e 1b6051f6 9620e8cd
1bb2a20b ce850e0b 7b71cddc 4bc8e714 d3f8e787 ab2b314c cb749e52
2002-07-30 09:08:01: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
08:01.715502 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid
fe990af1: phase 2/others ? oakley-quick[E]: [|hash]
2002-07-30 09:08:01: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for
phase2
2002-07-30 09:08:01: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
5dd5e325 f1e6fcf2 fe990af1
2002-07-30 09:08:01: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:08:01: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV
computed:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
54bd5a4e 41e2d3b7
2002-07-30 09:08:01: DEBUG: isakmp.c:1041:isakmp_ph2begin_r(): ===
2002-07-30 09:08:01: INFO: isakmp.c:1046:isakmp_ph2begin_r(): respond new
phase 2 negotiation: xxx.xxx.xxx.70[0]<=>yyy.yyy.yyy.62[0]
2002-07-30 09:08:01: DEBUG: oakley.c:2619:oakley_do_decrypt(): begin
decryption.
2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:08:01: DEBUG: oakley.c:2633:oakley_do_decrypt(): IV was saved
for next processing:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
ab2b314c cb749e52
2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:08:01: DEBUG: oakley.c:2658:oakley_do_decrypt(): with key:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
b5a9e14b 687a9d70
2002-07-30 09:08:01: DEBUG: oakley.c:2666:oakley_do_decrypt(): decrypted
payload by IV:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
54bd5a4e 41e2d3b7
2002-07-30 09:08:01: DEBUG: oakley.c:2669:oakley_do_decrypt(): decrypted
payload, but not trimed.
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
01000014 f97e334c 259db005 0b2ca0b0 8eb56996 0a000074 00000001 00000001
02000034 01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080
80010002 00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8
00000028 01020000 80040001 80010001 80027080 80010002 00020004 00465000
80050001 80030001 04000018 68cd589f b6f640a9 ab51388e 739d559a d3debeed
05000064 5667f1b3 a1acea95 9fc21866 16b09c60 b6fb5011 69293d7e 5529ca69
3343df02 1857d238 eb743bc6 22525df7 56704e9b 212ff9b7 67ccfa06 f5fd33bf
3f0e51cf e3792910 bd2f905d 931c3ad4 10f8b30e a7e40354 1a2694a2 7dee64f1
a3766e7d 0500000c 01000000 c0a80537 0000000c 01000000 0a000001 00000000
2002-07-30 09:08:01: DEBUG: oakley.c:2678:oakley_do_decrypt(): padding len=0
2002-07-30 09:08:01: DEBUG: oakley.c:2692:oakley_do_decrypt(): skip to trim
padding.
2002-07-30 09:08:01: DEBUG: oakley.c:2707:oakley_do_decrypt(): decrypted.
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 08102001 fe990af1 0000013c 01000014
f97e334c 259db005 0b2ca0b0 8eb56996 0a000074 00000001 00000001 02000034
01020401 f17d1bfa 00000028 01020000 80040001 80010001 80027080 80010002
00020004 00465000 80030001 80050001 00000034 01030401 028a2fa8 00000028
01020000 80040001 80010001 80027080 80010002 00020004 00465000 80050001
80030001 04000018 68cd589f b6f640a9 ab51388e 739d559a d3debeed 05000064
5667f1b3 a1acea95 9fc21866 16b09c60 b6fb5011 69293d7e 5529ca69 3343df02
1857d238 eb743bc6 22525df7 56704e9b 212ff9b7 67ccfa06 f5fd33bf 3f0e51cf
e3792910 bd2f905d 931c3ad4 10f8b30e a7e40354 1a2694a2 7dee64f1 a3766e7d
0500000c 01000000 c0a80537 0000000c 01000000 0a000001 00000000
2002-07-30 09:08:01: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
08:01.718093 yyy.yyy.yyy.62:500 -> xxx.xxx.xxx.70:500: isakmp 1.0 msgid
fe990af1: phase 2/others ? oakley-quick:
(hash: len=16)
(sa: doi=ipsec situation=identity
(p: #1 protoid=ipsec-ah transform=1 spi=f17d1bfa
(t: #1 id=md5 (type=enc mode value=tunnel)(type=lifetype
value=sec)(type=life value=7080)(type=lifetype value=kb)(type=life len=4
value=00465000)(type=group desc value=modp768)(type=auth value=hmac-md5)))
(p: #1 protoid=ipsec-esp transform=1 spi=028a2fa8
(t: #1 id=1des (type=enc mode value=tunnel)(type=lifetype
value=sec)(type=life value=7080)(type=lifetype value=kb)(type=life len=4
value=00465000)(type=auth value=hmac-md5)(type=group desc value=modp768))))
(nonce: n len=20)
(ke: key len=96)
(id: idtype=IPv4 protoid=0 port=0 len=4 192.168.5.55)
(id: idtype=IPv4 protoid=0 port=0 len=4 10.0.0.1)
2002-07-30 09:08:01: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=8(hash)
2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=1(sa)
2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=10(nonce)
2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=4(ke)
2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=5(id)
2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=5(id)
2002-07-30 09:08:01: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1004:quick_r1recv(): received
IDci2:2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
01000000 c0a80537
2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1008:quick_r1recv(): received
IDcr2:2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
01000000 0a000001
2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1023:quick_r1recv(): HASH(1)
validate:2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
f97e334c 259db005 0b2ca0b0 8eb56996
2002-07-30 09:08:01: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
fe990af1 0a000074 00000001 00000001 02000034 01020401 f17d1bfa 00000028
01020000 80040001 80010001 80027080 80010002 00020004 00465000 80030001
80050001 00000034 01030401 028a2fa8 00000028 01020000 80040001 80010001
80027080 80010002 00020004 00465000 80050001 80030001 04000018 68cd589f
b6f640a9 ab51388e 739d559a d3debeed 05000064 5667f1b3 a1acea95 9fc21866
16b09c60 b6fb5011 69293d7e 5529ca69 3343df02 1857d238 eb743bc6 22525df7
56704e9b 212ff9b7 67ccfa06 f5fd33bf 3f0e51cf e3792910 bd2f905d 931c3ad4
10f8b30e a7e40354 1a2694a2 7dee64f1 a3766e7d 0500000c 01000000 c0a80537
0000000c 01000000 0a000001
2002-07-30 09:08:01: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:08:01: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH
computed:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
f97e334c 259db005 0b2ca0b0 8eb56996
2002-07-30 09:08:01: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo
selected.
2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1815:get_sainfo_r(): get sa info:
anonymous
2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1993:get_proposal_r(): get a src
address from ID payload 192.168.5.55[0] prefixlen=32 ul_proto=255
2002-07-30 09:08:01: DEBUG: isakmp_quick.c:1998:get_proposal_r(): get dst
address from ID payload 10.0.0.1[0] prefixlen=32 ul_proto=255
2002-07-30 09:08:01: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0:
192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in
2002-07-30 09:08:01: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3c08:
192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in
2002-07-30 09:08:01: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff7b0 masked
with /32: 192.168.5.55[0]
2002-07-30 09:08:01: DEBUG: policy.c:246:cmpspidxwild(): 0x80a3c08 masked
with /32: 192.168.5.55[0]
2002-07-30 09:08:01: DEBUG: policy.c:260:cmpspidxwild(): 0xbfbff7b0 masked
with /32: 10.0.0.1[0]
2002-07-30 09:08:01: DEBUG: policy.c:262:cmpspidxwild(): 0x80a3c08 masked
with /32: 10.0.0.1[0]
2002-07-30 09:08:01: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0:
10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out
2002-07-30 09:08:01: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3c08:
192.168.5.55/32[0] 10.0.0.1/32[0] proto=any dir=in
2002-07-30 09:08:01: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff7b0:
10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out
2002-07-30 09:08:01: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80b6008:
10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out
2002-07-30 09:08:01: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff7b0 masked
with /32: 10.0.0.1[0]
2002-07-30 09:08:01: DEBUG: policy.c:246:cmpspidxwild(): 0x80b6008 masked
with /32: 10.0.0.1[0]
2002-07-30 09:08:01: DEBUG: policy.c:260:cmpspidxwild(): 0xbfbff7b0 masked
with /32: 192.168.5.55[0]
2002-07-30 09:08:01: DEBUG: policy.c:262:cmpspidxwild(): 0x80b6008 masked
with /32: 192.168.5.55[0]
2002-07-30 09:08:01: DEBUG: isakmp_quick.c:2054:get_proposal_r(): suitable
SP found:10.0.0.1/32[0] 192.168.5.55/32[0] proto=any dir=out
2002-07-30 09:08:01: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP
spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2002-07-30 09:08:01: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES
encklen=0 authtype=1)
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1117:get_proppair(): total SA
len=112
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
00000001 00000001 02000034 01020401 f17d1bfa 00000028 01020000 80040001
80010001 80027080 80010002 00020004 00465000 80030001 80050001 00000034
01030401 028a2fa8 00000028 01020000 80040001 80010001 80027080 80010002
00020004 00465000 80050001 80030001
2002-07-30 09:08:01: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=2(prop)
2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=2(prop)
2002-07-30 09:08:01: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1
len=52
2002-07-30 09:08:01: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=3(trns)
2002-07-30 09:08:01: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1
len=40
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec():
type=Encription Mode, flag=0x8000, lorv=Tunnel
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Type, flag=0x8000, lorv=seconds
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Duration, flag=0x8000, lorv=28800
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2155:check_attr_ipsec(): life
duration was in TLV.
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Type, flag=0x8000, lorv=kilobytes
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Duration, flag=0x0000, lorv=4
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Group
Description, flag=0x8000, lorv=1
2002-07-30 09:08:01: DEBUG: algorithm.c:610:alg_oakley_dhdef():
hmac(modp768)
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec():
type=Authentication Algorithm, flag=0x8000, lorv=1
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1170:get_proppair(): proposal #1
len=52
2002-07-30 09:08:01: DEBUG: isakmp.c:1109:isakmp_parsewoh(): begin.
2002-07-30 09:08:01: DEBUG: isakmp.c:1136:isakmp_parsewoh(): seen
nptype=3(trns)
2002-07-30 09:08:01: DEBUG: isakmp.c:1175:isakmp_parsewoh(): succeed.
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1311:get_transform(): transform #1
len=40
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec():
type=Encription Mode, flag=0x8000, lorv=Tunnel
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Type, flag=0x8000, lorv=seconds
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Duration, flag=0x8000, lorv=28800
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2155:check_attr_ipsec(): life
duration was in TLV.
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Type, flag=0x8000, lorv=kilobytes
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=SA
Life Duration, flag=0x0000, lorv=4
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec():
type=Authentication Algorithm, flag=0x8000, lorv=1
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:2067:check_attr_ipsec(): type=Group
Description, flag=0x8000, lorv=1
2002-07-30 09:08:01: DEBUG: algorithm.c:610:alg_oakley_dhdef():
hmac(modp768)
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1213:get_proppair(): pair 1:
2002-07-30 09:08:01: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b30:
next=0x80a9b40 tnext=0x0
2002-07-30 09:08:01: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b40:
next=0x0 tnext=0x0
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:1248:get_proppair(): proposal #1: 2
transform
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:948:get_ph2approval(): begin compare
proposals.
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:954:get_ph2approval(): pair[1]:
0x80a9b30
2002-07-30 09:08:01: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b30:
next=0x80a9b40 tnext=0x0
2002-07-30 09:08:01: DEBUG: proposal.c:892:print_proppair0(): 0x80a9b40:
next=0x0 tnext=0x0
2002-07-30 09:08:01: DEBUG: proposal.c:681:aproppair2saprop(): prop#=1
prot-id=AH spi-size=4 #trns=1 trns#=1 trns-id=MD5
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns():
type=Encription Mode, flag=0x8000, lorv=Tunnel
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Type, flag=0x8000, lorv=seconds
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Duration, flag=0x8000, lorv=28800
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Type, flag=0x8000, lorv=kilobytes
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Duration, flag=0x0000, lorv=4
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Group
Description, flag=0x8000, lorv=1
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns():
type=Authentication Algorithm, flag=0x8000, lorv=1
2002-07-30 09:08:01: DEBUG: proposal.c:681:aproppair2saprop(): prop#=1
prot-id=ESP spi-size=4 #trns=1 trns#=1 trns-id=DES
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns():
type=Encription Mode, flag=0x8000, lorv=Tunnel
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Type, flag=0x8000, lorv=seconds
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Duration, flag=0x8000, lorv=28800
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Type, flag=0x8000, lorv=kilobytes
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=SA
Life Duration, flag=0x0000, lorv=4
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns():
type=Authentication Algorithm, flag=0x8000, lorv=1
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:3638:ipsecdoi_t2satrns(): type=Group
Description, flag=0x8000, lorv=1
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:990:get_ph2approvalx(): peer's
single bundle:
2002-07-30 09:08:01: DEBUG: proposal.c:825:printsaproto(): (proto_id=AH
spisize=4 spi=f17d1bfa spi_p=00000000 encmode=Tunnel reqid=0:0)
2002-07-30 09:08:01: DEBUG: proposal.c:853:printsatrns(): (trns_id=MD5
authtype=1)
2002-07-30 09:08:01: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP
spisize=4 spi=028a2fa8 spi_p=00000000 encmode=Tunnel reqid=0:0)
2002-07-30 09:08:01: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES
encklen=0 authtype=1)
2002-07-30 09:08:01: DEBUG: ipsec_doi.c:993:get_ph2approvalx(): my single
bundle:
2002-07-30 09:08:01: DEBUG: proposal.c:825:printsaproto(): (proto_id=ESP
spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2002-07-30 09:08:01: DEBUG: proposal.c:859:printsatrns(): (trns_id=DES
encklen=0 authtype=1)
2002-07-30 09:08:01: ERROR: ipsec_doi.c:1001:get_ph2approvalx(): not matched
2002-07-30 09:08:01: ERROR: ipsec_doi.c:966:get_ph2approval(): no suitable
policy found.
2002-07-30 09:08:01: ERROR: isakmp.c:1060:isakmp_ph2begin_r(): failed to
pre-process packet.
2002-07-30 09:08:01: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for
phase2
2002-07-30 09:08:01: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
5dd5e325 f1e6fcf2 fe88f928
2002-07-30 09:08:01: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:08:01: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV
computed:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
a8ef309d 3aa70d75
2002-07-30 09:08:01: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
fe88f928 0000000c 00000001 0100000e
2002-07-30 09:08:01: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:08:01: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH
computed:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
8e3f9f22 96d018e5 69c2ac66 84f4d026
2002-07-30 09:08:01: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
08:01.727704 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid
fe88f928: phase 2/others ? inf:
(hash: len=16)
(n: doi=ipsec proto=isakmp type=NO-PROPOSAL-CHOSEN)
2002-07-30 09:08:01: DEBUG: oakley.c:2742:oakley_do_encrypt(): begin
encryption.
2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:08:01: DEBUG: oakley.c:2758:oakley_do_encrypt(): pad length =
8
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
0b000014 8e3f9f22 96d018e5 69c2ac66 84f4d026 0000000c 00000001 0100000e
00000000 00000008
2002-07-30 09:08:01: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:08:01: DEBUG: oakley.c:2793:oakley_do_encrypt(): with key:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
b5a9e14b 687a9d70
2002-07-30 09:08:01: DEBUG: oakley.c:2801:oakley_do_encrypt(): encrypted
payload by IV:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
a8ef309d 3aa70d75
2002-07-30 09:08:01: DEBUG: oakley.c:2808:oakley_do_encrypt(): save IV for
next:
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
c407bc2f 6c231b6b
2002-07-30 09:08:01: DEBUG: oakley.c:2825:oakley_do_encrypt(): encrypted.
2002-07-30 09:08:01: DEBUG: sockmisc.c:421:sendfromto(): sockname
xxx.xxx.xxx.70[500]
2002-07-30 09:08:01: DEBUG: sockmisc.c:423:sendfromto(): send packet from
xxx.xxx.xxx.70[500]
2002-07-30 09:08:01: DEBUG: sockmisc.c:425:sendfromto(): send packet to
yyy.yyy.yyy.62[500]
2002-07-30 09:08:01: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 68 bytes
message will be sent to xxx.xxx.xxx.70[500]
2002-07-30 09:08:01: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 08100501 fe88f928 00000044 1c53b0b5
597ca4cc 411b3a2f f39a081f 1f161c55 c2c4449c 9f3873e9 dbcf1f7b c407bc2f
6c231b6b
2002-07-30 09:08:01: DEBUG: isakmp_inf.c:634:isakmp_info_send_common():
sendto Information notify.
2002-07-30 09:08:10: INFO: session.c:281:check_sigreq(): caught signal 2
2002-07-30 09:08:10: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey FLUSH
message
2002-07-30 09:08:10: DEBUG2: plog.c:193:plogdump():
02090000 02000000 00000000 01010000
2002-07-30 09:08:11: DEBUG: pfkey.c:268:pfkey_dump_sadb(): call
pfkey_send_dump
2002-07-30 09:08:11: DEBUG: oakley.c:2543:oakley_newiv2(): compute IV for
phase2
2002-07-30 09:08:11: DEBUG: oakley.c:2544:oakley_newiv2(): phase1 last IV:
2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump():
5dd5e325 f1e6fcf2 c3d96108
2002-07-30 09:08:11: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2002-07-30 09:08:11: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:08:11: DEBUG: oakley.c:2576:oakley_newiv2(): phase2 IV
computed:
2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump():
92b0eb86 e2060e32
2002-07-30 09:08:11: DEBUG: oakley.c:745:oakley_compute_hash1(): HASH with:
2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump():
c3d96108 0000001c 00000001 01100001 ac807c45 f47b274e 1cbebccd d7441a4e
2002-07-30 09:08:11: DEBUG: algorithm.c:322:alg_oakley_hmacdef():
hmac(hmac_md5)
2002-07-30 09:08:11: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH
computed:
2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump():
dc40a4c5 f5323909 97dd81ab 780cd676
2002-07-30 09:08:11: DEBUG: isakmp.c:2245:isakmp_printpacket(): begin.
08:11.063983 xxx.xxx.xxx.70:500 -> yyy.yyy.yyy.62:500: isakmp 1.0 msgid
c3d96108: phase 2/others ? inf:
(hash: len=16)
(d: doi=ipsec proto=isakmp spilen=16 nspi=1
spi=ac807c45f47b274e1cbebccdd7441a4e)
2002-07-30 09:08:11: DEBUG: oakley.c:2742:oakley_do_encrypt(): begin
encryption.
2002-07-30 09:08:11: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:08:11: DEBUG: oakley.c:2758:oakley_do_encrypt(): pad length =
8
2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump():
0c000014 dc40a4c5 f5323909 97dd81ab 780cd676 0000001c 00000001 01100001
ac807c45 f47b274e 1cbebccd d7441a4e 00000000 00000008
2002-07-30 09:08:11: DEBUG: algorithm.c:382:alg_oakley_encdef():
encription(des)
2002-07-30 09:08:11: DEBUG: oakley.c:2793:oakley_do_encrypt(): with key:
2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump():
b5a9e14b 687a9d70
2002-07-30 09:08:11: DEBUG: oakley.c:2801:oakley_do_encrypt(): encrypted
payload by IV:
2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump():
92b0eb86 e2060e32
2002-07-30 09:08:11: DEBUG: oakley.c:2808:oakley_do_encrypt(): save IV for
next:
2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump():
230758d9 5343051e
2002-07-30 09:08:11: DEBUG: oakley.c:2825:oakley_do_encrypt(): encrypted.
2002-07-30 09:08:11: DEBUG: sockmisc.c:421:sendfromto(): sockname
xxx.xxx.xxx.70[500]
2002-07-30 09:08:11: DEBUG: sockmisc.c:423:sendfromto(): send packet from
xxx.xxx.xxx.70[500]
2002-07-30 09:08:11: DEBUG: sockmisc.c:425:sendfromto(): send packet to
yyy.yyy.yyy.62[500]
2002-07-30 09:08:11: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 84 bytes
message will be sent to xxx.xxx.xxx.70[500]
2002-07-30 09:08:11: DEBUG: plog.c:193:plogdump():
ac807c45 f47b274e 1cbebccd d7441a4e 08100501 c3d96108 00000054 96f0e479
86e3c443 aa804a3f 6f1d09f0 6dd251a8 492399a3 add964f2 563e5540 20dbd12a
17b65148 38b552ce 4504d7f2 230758d9 5343051e
2002-07-30 09:08:11: DEBUG: isakmp_inf.c:634:isakmp_info_send_common():
sendto Information delete.
2002-07-30 09:08:11: DEBUG: schedule.c:210:sched_scrub_param(): an undead
schedule has been deleted.
2002-07-30 09:08:11: INFO: session.c:180:close_session(): racoon shutdown
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003301c2385c$29d1fed0$6500000a>