Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 23 Mar 2001 23:51:38 -0500
From:      "Jeremy Karteczka" <jerkart@mw.mediaone.net>
To:        <freebsd-security@freebsd.org>
Subject:   Trying to set up an IKE vpn between FreeBSD and Checkpoint FW-1
Message-ID:  <05ae01c0b41e$1f82ac90$0200a8c0@jose>

next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.

------=_NextPart_000_05AB_01C0B3F4.339FD9C0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Greetings,
I am trying to get an IKE vpn going between a 4.2-RELEASE machine (using racoon
for key exchange) and a Checkpoint firewall (v4.1 SP3).  I have tried both sha1
and md5.  Every time I try to establish a connection phase 1 negotiation
succeeds and phase 2 says it succeeds in the racoon log file, but then I get
this message at the bottom of /var/log/messages:

When using md5:
key_mature: invalid AH key length 128 (160-160 allowed)

with sha1:
key_mature: invalid AH key length 160 (128-128 allowed)

I was able to speak with Checkpoint Tech support on this and they did confirm
that Firewall-1 uses a 128-bit key for md5 and a 160-bit key for sha1.

I have looked for RFCs to find out which is the accepted standard but could not
find one that specifically states how long the key should be for each hash
method.

Can anyone point me to the proper RFCs and/or tell me if there is a way I can
reverse the expected key lenght on the FreeBSD side?  The Checkpoint tech I
spoke with stated that Firewall-1 is compliant with RFCs 2408 and 2409 but I see
no mention of AH key length for hash methods.

I have attached a copy of the racoon log (the external IPs have been cleansed)
and the conf used for an attempt to connect while using sha1.

Thanks in advance,
Jeremy


------=_NextPart_000_05AB_01C0B3F4.339FD9C0
Content-Type: application/octet-stream;
	name="racoon.conf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename="racoon.conf"

# "log" specifies logging level.  It is followed by either "notify", "debug"
# or "debug2".
log debug2;
#log notify;

remote anonymous
{
        exchange_mode aggressive,main,base;

        lifetime time 10080 min ;       # sec,min,hour

        # phase 1 proposal (for ISAKMP SA)
        proposal {
                encryption_algorithm 3des;
                hash_algorithm sha1;
                authentication_method pre_shared_key ;
                dh_group 2 ;
        }

        # the configuration makes racoon (as a responder) to obey the
        # initiator's lifetime and PFS group proposal.
        # this makes testing so much easier.
        proposal_check obey;
}

# phase 2 proposal (for IPsec SA).
# actual phase 2 proposal will obey the following items:
# - kernel IPsec policy configuration (like "esp/transport//use)
# - permutation of the crypto/hash/compression algorithms presented below
sainfo anonymous
{
        pfs_group 2;
        lifetime time 1 hour ;
        encryption_algorithm 3des ;
        authentication_algorithm hmac_sha1 ;
        compression_algorithm deflate ;
}
------=_NextPart_000_05AB_01C0B3F4.339FD9C0
Content-Type: application/octet-stream;
	name="racoon.log"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="racoon.log"

2001-03-22 23:25:08: INFO: main.c:146:main(): @(#)racoon 20001216 =
sakane@ydc.co.jp
2001-03-22 23:25:08: INFO: main.c:147:main(): @(#)This product linked =
software developed by the OpenSSL Project for use in the OpenSSL =
Toolkit. (http://www.openssl.org/)
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <3>#log notify;
2001-03-22 23:25:08: DEBUG2: cftoken.l:258:yylex(): begin <33>remote
2001-03-22 23:25:08: DEBUG2: cftoken.l:259:yylex(): <33>anonymous
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35>#exchange_mode =
main,aggressive,base;
2001-03-22 23:25:08: DEBUG2: cftoken.l:263:yylex(): <35>exchange_mode
2001-03-22 23:25:08: DEBUG2: cftoken.l:267:yylex(): <35>aggressive
2001-03-22 23:25:08: DEBUG2: cftoken.l:264:yylex(): <35>,
2001-03-22 23:25:08: DEBUG2: cftoken.l:266:yylex(): <35>main
2001-03-22 23:25:08: DEBUG2: cftoken.l:264:yylex(): <35>,
2001-03-22 23:25:08: DEBUG2: cftoken.l:265:yylex(): <35>base
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35>#my_identifier =
fqdn "server.kame.net";
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): =
<35>#certificate_type x509 "foo@kame.net.cert" "foo@kame.net.priv" ;
2001-03-22 23:25:08: DEBUG2: cftoken.l:294:yylex(): <35>lifetime
2001-03-22 23:25:08: DEBUG2: cftoken.l:295:yylex(): <35>time
2001-03-22 23:25:08: DEBUG2: cftoken.l:408:yylex(): <35>10080
2001-03-22 23:25:08: DEBUG2: cftoken.l:398:yylex(): <35>min
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35># sec,min,hour
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35>#initial_contact =
off
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35># phase 1 =
proposal (for ISAKMP SA)
2001-03-22 23:25:08: DEBUG2: cftoken.l:298:yylex(): begin <37>proposal
2001-03-22 23:25:08: DEBUG2: cftoken.l:308:yylex(): =
<37>encryption_algorithm
2001-03-22 23:25:08: DEBUG2: cftoken.l:349:yylex(): <37>3des
2001-03-22 23:25:08: DEBUG2: cftoken.l:310:yylex(): <37>hash_algorithm
2001-03-22 23:25:08: DEBUG2: cftoken.l:366:yylex(): <37>sha1
2001-03-22 23:25:08: DEBUG2: cftoken.l:309:yylex(): =
<37>authentication_method
2001-03-22 23:25:08: DEBUG2: cftoken.l:376:yylex(): <37>pre_shared_key
2001-03-22 23:25:08: DEBUG2: cftoken.l:311:yylex(): <37>dh_group
2001-03-22 23:25:08: DEBUG2: cftoken.l:408:yylex(): <37>2
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35># the =
configuration makes racoon (as a responder) to obey the
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35># initiator's =
lifetime and PFS group proposal.
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35># this makes =
testing so much easier.
2001-03-22 23:25:08: DEBUG2: cftoken.l:288:yylex(): <35>proposal_check
2001-03-22 23:25:08: DEBUG2: cftoken.l:289:yylex(): <35>obey
2001-03-22 23:25:08: DEBUG2: cfparse.y:1414:set_isakmp_proposal(): =
lifetime =3D 604800
2001-03-22 23:25:08: DEBUG2: cfparse.y:1417:set_isakmp_proposal(): =
lifebyte =3D 0
2001-03-22 23:25:08: DEBUG2: cfparse.y:1420:set_isakmp_proposal(): =
strength=3Dextra high
2001-03-22 23:25:08: DEBUG2: cfparse.y:1422:set_isakmp_proposal(): =
encklen=3D0
2001-03-22 23:25:08: DEBUG2: cfparse.y:1483:expand_isakmpspec(): p:1 t:1 =

2001-03-22 23:25:08: DEBUG2: cfparse.y:1487:expand_isakmpspec(): =
3DES-CBC(5) 2001-03-22 23:25:08: DEBUG2: =
cfparse.y:1487:expand_isakmpspec(): SHA(2)=20
2001-03-22 23:25:08: DEBUG2: cfparse.y:1487:expand_isakmpspec(): =
1024-bit MODP group(2) 2001-03-22 23:25:08: DEBUG2: =
cfparse.y:1487:expand_isakmpspec(): pre-shared key(1)=20
2001-03-22 23:25:08: DEBUG2: cfparse.y:1494:expand_isakmpspec():=20
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <3># phase 2 =
proposal (for IPsec SA).
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <3># actual phase 2 =
proposal will obey the following items:
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <3># - kernel IPsec =
policy configuration (like "esp/transport//use)
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <3># - permutation =
of the crypto/hash/compression algorithms presented below
2001-03-22 23:25:08: DEBUG2: cftoken.l:238:yylex(): begin <29>sainfo
2001-03-22 23:25:08: DEBUG2: cftoken.l:239:yylex(): <29>anonymous
2001-03-22 23:25:08: DEBUG2: cftoken.l:246:yylex(): <31>pfs_group
2001-03-22 23:25:08: DEBUG2: cftoken.l:408:yylex(): <31>2
2001-03-22 23:25:08: DEBUG2: cftoken.l:249:yylex(): <31>lifetime
2001-03-22 23:25:08: DEBUG2: cftoken.l:250:yylex(): <31>time
2001-03-22 23:25:08: DEBUG2: cftoken.l:408:yylex(): <31>1
2001-03-22 23:25:08: DEBUG2: cftoken.l:399:yylex(): <31>hour
2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <31>#       lifetime =
byte 50 MB ;
2001-03-22 23:25:08: DEBUG2: cftoken.l:252:yylex(): =
<31>encryption_algorithm
2001-03-22 23:25:08: DEBUG2: cftoken.l:349:yylex(): <31>3des
2001-03-22 23:25:08: DEBUG2: cftoken.l:253:yylex(): =
<31>authentication_algorithm
2001-03-22 23:25:08: DEBUG2: cftoken.l:362:yylex(): <31>hmac_sha1
2001-03-22 23:25:08: DEBUG2: cftoken.l:254:yylex(): =
<31>compression_algorithm
2001-03-22 23:25:08: DEBUG2: cftoken.l:369:yylex(): <31>deflate
2001-03-22 23:25:08: WARNING: pfkey.c:1942:pk_checkalg(): compression =
algorithm can not be checked.
2001-03-22 23:25:08: DEBUG2: cfparse.y:1576:cfparse(): parse successed.
2001-03-22 23:25:08: DEBUG: grabmyaddr.c:324:grab_myaddrs(): my =
interface: <FreeBSD_side> (fxp0)
2001-03-22 23:25:08: DEBUG: grabmyaddr.c:324:grab_myaddrs(): my =
interface: 192.168.0.1 (xl0)
2001-03-22 23:25:08: DEBUG: grabmyaddr.c:324:grab_myaddrs(): my =
interface: 192.168.0.1 (gif0)
2001-03-22 23:25:08: DEBUG: grabmyaddr.c:324:grab_myaddrs(): my =
interface: 127.0.0.1 (lo0)
2001-03-22 23:25:08: DEBUG: grabmyaddr.c:476:autoconf_myaddrsport(): =
configuring default isakmp port.
2001-03-22 23:25:08: DEBUG: grabmyaddr.c:498:autoconf_myaddrsport(): 4 =
addrs are configured successfully
2001-03-22 23:25:08: INFO: isakmp.c:1266:isakmp_open(): 127.0.0.1[500] =
used as isakmp port (fd=3D6)
2001-03-22 23:25:08: INFO: isakmp.c:1266:isakmp_open(): 192.168.0.1[500] =
used as isakmp port (fd=3D7)
2001-03-22 23:25:08: ERROR: isakmp.c:1258:isakmp_open(): failed to bind =
(Address already in use).
2001-03-22 23:25:08: INFO: isakmp.c:1266:isakmp_open(): =
<FreeBSD_side>[500] used as isakmp port (fd=3D8)
2001-03-22 23:25:08: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey =
X_SPDDUMP message
2001-03-22 23:25:08: DEBUG: plog.c:204:plogdump():=20
02120000 0f000100 01000000 0e430000 03000500 ff180000 10020000 c0a86400
00000000 00000000 03000600 ff180000 10020000 c0a80000 00000000 00000000
07001200 02000100 02000000 00000000 28003200 02020000 10020000 cfe7963e
00000000 00000000 10020000 18835818 00000000 00000000
2001-03-22 23:25:08: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey =
X_SPDDUMP message
2001-03-22 23:25:08: DEBUG: plog.c:204:plogdump():=20
02120000 0f000100 00000000 0e430000 03000500 ff180000 10020000 c0a80000
00000000 00000000 03000600 ff180000 10020000 c0a86400 00000000 00000000
07001200 02000200 01000000 00000000 28003200 02020000 10020000 18835818
00000000 00000000 10020000 cfe7963e 00000000 00000000
2001-03-22 23:25:08: DEBUG: policy.c:182:cmpspidx(): sub:0xbfbff978: =
192.168.0.0/24[0] 192.168.100.0/24[0] proto=3Dany dir=3Dout
2001-03-22 23:25:08: DEBUG: policy.c:183:cmpspidx(): db :0x80a7208: =
192.168.100.0/24[0] 192.168.0.0/24[0] proto=3Dany dir=3Din
2001-03-22 23:25:27: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey =
ACQUIRE message
2001-03-22 23:25:27: DEBUG: plog.c:204:plogdump():=20
02060003 26000000 79000000 00000000 03000500 ff800000 10020000 18835818
00000000 00000000 03000600 ff800000 10020000 cfe7963e 00000000 00000000
02001200 02000200 01000000 00000000 1c000d00 20000000 00030000 00000000
00010008 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00040000 00000000 0001c001 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00060000 00000000 0001f807 00000000 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000
2001-03-22 23:25:27: DEBUG: policy.c:212:cmpspidx_wild(): =
sub:0xbfbff964: 192.168.100.0/24[0] 192.168.0.0/24[0] proto=3Dany =
dir=3Din
2001-03-22 23:25:27: DEBUG: policy.c:213:cmpspidx_wild(): db: 0x80a7208: =
192.168.100.0/24[0] 192.168.0.0/24[0] proto=3Dany dir=3Din
2001-03-22 23:25:27: DEBUG: policy.c:240:cmpspidx_wild(): 0xbfbff964 =
masked with /24: 192.168.100.0[0]
2001-03-22 23:25:27: DEBUG: policy.c:242:cmpspidx_wild(): 0x80a7208 =
masked with /24: 192.168.100.0[0]
2001-03-22 23:25:27: DEBUG: policy.c:256:cmpspidx_wild(): 0xbfbff964 =
masked with /24: 192.168.0.0[0]
2001-03-22 23:25:27: DEBUG: policy.c:258:cmpspidx_wild(): 0x80a7208 =
masked with /24: 192.168.0.0[0]
2001-03-22 23:25:27: DEBUG: pfkey.c:1526:pk_recvacquire(): suitable SP =
found: 192.168.0.0/24[0] 192.168.100.0/24[0] proto=3Dany dir=3Dout.
2001-03-22 23:25:27: DEBUG: pfkey.c:1558:pk_recvacquire(): new acquire =
192.168.0.0/24[0] 192.168.100.0/24[0] proto=3Dany dir=3Dout
2001-03-22 23:25:27: DEBUG: sainfo.c:98:getsainfo(): anonymous sainfo =
selected.
2001-03-22 23:25:27: DEBUG: remoteconf.c:127:getrmconf(): anonymous =
configuration selected for <Firewall-1_side>.
2001-03-22 23:25:27: INFO: isakmp.c:1596:isakmp_post_acquire(): IPsec-SA =
request for <Firewall-1_side> queued due to no phase1 found.
2001-03-22 23:25:27: DEBUG: isakmp.c:766:isakmp_ph1begin_i(): =3D=3D=3D
2001-03-22 23:25:27: INFO: isakmp.c:771:isakmp_ph1begin_i(): initiate =
new phase 1 negotiation: <FreeBSD_side>[500]<=3D><Firewall-1_side>[500]
2001-03-22 23:25:27: INFO: isakmp.c:776:isakmp_ph1begin_i(): begin =
Aggressive mode.
2001-03-22 23:25:27: DEBUG: isakmp.c:1899:isakmp_newcookie(): new =
cookie:
22995282a09bc7c6=20
2001-03-22 23:25:27: DEBUG: ipsec_doi.c:3161:ipsecdoi_setid1(): use ID =
type of IPv4_address
2001-03-22 23:25:27: DEBUG: oakley.c:228:oakley_dh_generate(): compute =
DH's private.
2001-03-22 23:25:27: DEBUG: plog.c:204:plogdump():=20
7f3549bd 32563f03 36806a8f 36b5ffb6 1d899b33 c89ff9f6 319a9bf8 a785d30f
0c6bc5b1 321b073b 5931f0cb e8bb5dae 71fc815c 7a2fa1b3 5510e0ec 37346562
6951c3fa 52dd69e3 a4433dab 0a18f0c9 2d9e6ac5 47445b22 7ad78ac2 6ffc5311
b92d67f0 383f8ef7 4e9db949 e6563b1c 7038834a b5687e23 2e29bba1 94b56007
2001-03-22 23:25:27: DEBUG: oakley.c:230:oakley_dh_generate(): compute =
DH's public.
2001-03-22 23:25:27: DEBUG: plog.c:204:plogdump():=20
3abbb763 ed32b193 3641ee47 4fa1a2cd 8268de70 ed189da4 0fa51954 8943222c
11ecff2d 7e4daa36 c0fb7cab 6cb1534f 5147c51b c058a93c 0d03a7c5 f51baf2f
e00b73e0 8426c854 fed128f9 cfdce559 b45bf58a c9f197ed a6c939e0 754ed305
1361a1c6 930b7ce1 355463a8 3205c538 f936eb02 8336fa11 0d2f00aa 2a0e6f33
2001-03-22 23:25:27: DEBUG: isakmp_agg.c:157:agg_i1send(): authmethod is =
pre-shared key
2001-03-22 23:25:27: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 52, next type 4
2001-03-22 23:25:27: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 128, next type 10
2001-03-22 23:25:27: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 16, next type 5
2001-03-22 23:25:27: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 8, next type 0
2001-03-22 23:25:27: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin.
25:27.740849 <FreeBSD_side>:500 -> <Firewall-1_side>:500: isakmp 1.0 =
msgid 00000000: phase 1 I agg:
    (sa: doi=3Dipsec situation=3Didentity
        (p: #1 protoid=3Disakmp transform=3D1
            (t: #1 id=3Dike (type=3Dlifetype =
value=3Dsec)(type=3Dlifeduration len=3D4 value=3D00093a80)(type=3Denc =
value=3D3des)(type=3Dauth value=3Dpreshared)(type=3Dhash =
value=3Dsha1)(type=3Dgroup desc value=3Dmodp1024))))
    (ke: key len=3D128)
    (nonce: n len=3D16)
    (id: idtype=3DIPv4 protoid=3Dudp port=3D500 len=3D4 <FreeBSD_side>)
2001-03-22 23:25:27: DEBUG: sockmisc.c:357:sendfromto(): sockname =
<FreeBSD_side>[500]
2001-03-22 23:25:27: DEBUG: sockmisc.c:359:sendfromto(): send packet =
from <FreeBSD_side>[500]
2001-03-22 23:25:27: DEBUG: sockmisc.c:361:sendfromto(): send packet to =
<Firewall-1_side>[500]
2001-03-22 23:25:27: DEBUG: isakmp.c:1349:isakmp_send(): 1 times of 248 =
bytes message will be sent.
2001-03-22 23:25:27: DEBUG: plog.c:204:plogdump():=20
22995282 a09bc7c6 00000000 00000000 01100400 00000000 000000f8 04000038
00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004
00093a80 80010005 80030001 80020002 80040002 0a000084 3abbb763 ed32b193
3641ee47 4fa1a2cd 8268de70 ed189da4 0fa51954 8943222c 11ecff2d 7e4daa36
c0fb7cab 6cb1534f 5147c51b c058a93c 0d03a7c5 f51baf2f e00b73e0 8426c854
fed128f9 cfdce559 b45bf58a c9f197ed a6c939e0 754ed305 1361a1c6 930b7ce1
355463a8 3205c538 f936eb02 8336fa11 0d2f00aa 2a0e6f33 05000014 b2dc8303
fd56bcea b3692603 e97bbc67 0000000c 011101f4 18835818
2001-03-22 23:25:30: DEBUG: isakmp.c:232:isakmp_handler(): =3D=3D=3D
2001-03-22 23:25:30: DEBUG: isakmp.c:233:isakmp_handler(): 276 bytes =
message received from <Firewall-1_side>[500]
2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20
22995282 a09bc7c6 16db15fd 70dfe9a6 01100400 00000000 00000114 04000038
00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004
00093a80 80010005 80030001 80020002 80040002 0a000084 dcdf9439 0bfec643
be14eb51 7e18935e 3d98aed4 9065d511 4c09d332 279fbcbd 7cd528ae 39a5dc54
968386d4 f4e53aa0 646af999 345a7d64 79f4ceea e4b33d72 69f610a9 8cab284f
a88415cf d0264063 130bf429 eced13ff 8b757247 d83e293a 6f91d177 295a96e7
d81079d0 054a1c18 4c51d75c 962ac9d6 ed3f0fbf b643912e 05000018 f1333b59
71a73bcd 0713c4c3 9c95a95b b620874b 0800000c 01000000 cfe7963e 00000018
10e89a7f 3b87ade3 09940bdf 75e18f13 85fc9844
2001-03-22 23:25:30: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin.
25:30.717998 <Firewall-1_side>:500 -> <FreeBSD_side>:500: isakmp 1.0 =
msgid 00000000: phase 1 ? agg:
    (sa: doi=3Dipsec situation=3Didentity
        (p: #1 protoid=3Disakmp transform=3D1
            (t: #1 id=3Dike (type=3Dlifetype =
value=3Dsec)(type=3Dlifeduration len=3D4 value=3D00093a80)(type=3Denc =
value=3D3des)(type=3Dauth value=3Dpreshared)(type=3Dhash =
value=3Dsha1)(type=3Dgroup desc value=3Dmodp1024))))
    (ke: key len=3D128)
    (nonce: n len=3D20)
    (id: idtype=3DIPv4 protoid=3D0 port=3D0 len=3D4 <Firewall-1_side>)
    (hash: len=3D20)
2001-03-22 23:25:30: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin.
2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D1(sa)
2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D4(ke)
2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D10(nonce)
2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D5(id)
2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D8(hash)
2001-03-22 23:25:30: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed.
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1055:get_proppair(): total SA =
len=3D52
2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20
00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004
00093a80 80010005 80030001 80020002 80040002
2001-03-22 23:25:30: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin.
2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D2(prop)
2001-03-22 23:25:30: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed.
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1108:get_proppair(): proposal #1 =
len=3D44
2001-03-22 23:25:30: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin.
2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D3(trns)
2001-03-22 23:25:30: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed.
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1249:get_transform(): transform =
#1 len=3D36
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): =
type=3DLife Type, flag=3D0x8000, lorv=3Dseconds
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): =
type=3DLife Duration, flag=3D0x0000, lorv=3D4
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): =
type=3DEncryption Algorithm, flag=3D0x8000, lorv=3D3DES-CBC
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): =
type=3DAuthentication Method, flag=3D0x8000, lorv=3Dpre-shared key
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): =
type=3DHash Algorithm, flag=3D0x8000, lorv=3DSHA
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): =
type=3DGroup Description, flag=3D0x8000, lorv=3D1024-bit MODP group
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1151:get_proppair(): pair 1:
2001-03-22 23:25:30: DEBUG: proposal.c:880:print_proppair0():  =
0x80ae110: next=3D0x0 tnext=3D0x0
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1186:get_proppair(): proposal =
#1: 1 transform
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:319:get_ph1approvalx(): =
prop#=3D1, prot-id=3DISAKMP, spi-size=3D0, #trns=3D1
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:324:get_ph1approvalx(): =
trns#=3D1, trns-id=3DIKE
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): type=3DLife =
Type, flag=3D0x8000, lorv=3Dseconds
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): type=3DLife =
Duration, flag=3D0x0000, lorv=3D4
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): =
type=3DEncryption Algorithm, flag=3D0x8000, lorv=3D3DES-CBC
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): =
type=3DAuthentication Method, flag=3D0x8000, lorv=3Dpre-shared key
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): type=3DHash =
Algorithm, flag=3D0x8000, lorv=3DSHA
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): type=3DGroup =
Description, flag=3D0x8000, lorv=3D1024-bit MODP group
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:335:get_ph1approvalx(): =
Compared: DB:Peer
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:336:get_ph1approvalx(): =
(lifetime =3D 604800:604800)
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:338:get_ph1approvalx(): =
(lifebyte =3D 0:0)
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:340:get_ph1approvalx(): enctype =
=3D 3DES-CBC:3DES-CBC
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:345:get_ph1approvalx(): (encklen =
=3D 0:0)
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:347:get_ph1approvalx(): hashtype =
=3D SHA:SHA
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:352:get_ph1approvalx(): =
authmethod =3D pre-shared key:pre-shared key
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:357:get_ph1approvalx(): dh_group =
=3D 1024-bit MODP group:1024-bit MODP group
2001-03-22 23:25:30: DEBUG: ipsec_doi.c:379:get_ph1approvalx(): =
acceptable proposal found.
2001-03-22 23:25:30: DEBUG: oakley.c:192:oakley_dh_compute(): compute =
DH's shared.
2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20
a3ed27db 664a97c2 4fe1e42c 8d46e151 2c629ea3 121b9dcb cace5615 1ce0dd14
075a855c 59c8a7fa 318d617b f882df30 e116d1a4 764fa1b1 1f24db67 d4e584e0
6a81a240 6d0aad0a 717b85ae 5c4b745a 2e253dcb fca49331 32ca2875 8ddd89a0
eb9e3a6f c8a2621e 8b83e280 9dfc5fb6 b59dd78c 53c60f31 246c0028 22bd196e
2001-03-22 23:25:30: DEBUG: oakley.c:1924:oakley_skeyid(): psk found:=20
2001-03-22 23:25:30: DEBUG2: plog.c:204:plogdump():=20
70307440 374f7c74 75386f52
2001-03-22 23:25:30: DEBUG: oakley.c:1938:oakley_skeyid(): nonce 1:=20
2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20
b2dc8303 fd56bcea b3692603 e97bbc67
2001-03-22 23:25:30: DEBUG: oakley.c:1944:oakley_skeyid(): nonce 2:=20
2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20
f1333b59 71a73bcd 0713c4c3 9c95a95b b620874b
2001-03-22 23:25:30: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:30: DEBUG: oakley.c:1997:oakley_skeyid(): SKEYID =
computed:=20
2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20
8c4c8cbd fe2ec58a bf00691d 12ac2d46 fe17ad23
2001-03-22 23:25:30: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:30: DEBUG: oakley.c:2054:oakley_skeyid_dae(): SKEYID_d =
computed:=20
2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20
9972de5d fc10dfcf 84b67d32 4317dfea c097ae10
2001-03-22 23:25:30: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:30: DEBUG: oakley.c:2083:oakley_skeyid_dae(): SKEYID_a =
computed:=20
2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20
57ecffd6 3ecec4ee a1f677a5 359ae4cb db1820ff
2001-03-22 23:25:30: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:30: DEBUG: oakley.c:2112:oakley_skeyid_dae(): SKEYID_e =
computed:=20
2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20
3c8c8641 5b5c74eb e7b4bb2f a0181c38 86fb2b41
2001-03-22 23:25:30: DEBUG: oakley.c:2207:oakley_compute_enckey(): =
len(SKEYID_e) < len(Ka) (20 < 24), generating long key (Ka =3D K1 | K2 | =
...)
2001-03-22 23:25:30: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:30: DEBUG: oakley.c:2232:oakley_compute_enckey(): =
compute intermediate cipher key K1
2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20
00
2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20
1b149c9f 84d998f6 a7804081 8edd7279 8a581069
2001-03-22 23:25:31: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:31: DEBUG: oakley.c:2232:oakley_compute_enckey(): =
compute intermediate cipher key K2
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
1b149c9f 84d998f6 a7804081 8edd7279 8a581069
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
80f0c89d bbc320e0 c38a45b9 f86dbb66 f9f4dc66
2001-03-22 23:25:31: DEBUG: oakley.c:2276:oakley_compute_enckey(): final =
cipher key computed:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
1b149c9f 84d998f6 a7804081 8edd7279 8a581069 80f0c89d
2001-03-22 23:25:31: DEBUG: oakley.c:353:oakley_hash(): use sha1 to =
calculate phase 1.
2001-03-22 23:25:31: DEBUG: oakley.c:2379:oakley_newiv(): IV computed:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
8745548b 6f31648e
2001-03-22 23:25:31: DEBUG: oakley.c:1123:oakley_validate_auth(): HASH =
received:
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
10e89a7f 3b87ade3 09940bdf 75e18f13 85fc9844
2001-03-22 23:25:31: DEBUG: oakley.c:834:oakley_ph1hash_common(): HASH =
with:
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
dcdf9439 0bfec643 be14eb51 7e18935e 3d98aed4 9065d511 4c09d332 279fbcbd
7cd528ae 39a5dc54 968386d4 f4e53aa0 646af999 345a7d64 79f4ceea e4b33d72
69f610a9 8cab284f a88415cf d0264063 130bf429 eced13ff 8b757247 d83e293a
6f91d177 295a96e7 d81079d0 054a1c18 4c51d75c 962ac9d6 ed3f0fbf b643912e
3abbb763 ed32b193 3641ee47 4fa1a2cd 8268de70 ed189da4 0fa51954 8943222c
11ecff2d 7e4daa36 c0fb7cab 6cb1534f 5147c51b c058a93c 0d03a7c5 f51baf2f
e00b73e0 8426c854 fed128f9 cfdce559 b45bf58a c9f197ed a6c939e0 754ed305
1361a1c6 930b7ce1 355463a8 3205c538 f936eb02 8336fa11 0d2f00aa 2a0e6f33
16db15fd 70dfe9a6 22995282 a09bc7c6 00000001 00000001 0000002c 01010001
00000024 01010000 800b0001 000c0004 00093a80 80010005 80030001 80020002
80040002 01000000 cfe7963e
2001-03-22 23:25:31: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:31: DEBUG: oakley.c:844:oakley_ph1hash_common(): HASH =
computed:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
10e89a7f 3b87ade3 09940bdf 75e18f13 85fc9844
2001-03-22 23:25:31: DEBUG: oakley.c:1154:oakley_validate_auth(): HASH =
for PSK validated.
2001-03-22 23:25:31: DEBUG: isakmp.c:610:ph1_main(): =3D=3D=3D
2001-03-22 23:25:31: DEBUG: isakmp_agg.c:467:agg_i2send(): generate =
HASH_I
2001-03-22 23:25:31: DEBUG: oakley.c:834:oakley_ph1hash_common(): HASH =
with:
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
3abbb763 ed32b193 3641ee47 4fa1a2cd 8268de70 ed189da4 0fa51954 8943222c
11ecff2d 7e4daa36 c0fb7cab 6cb1534f 5147c51b c058a93c 0d03a7c5 f51baf2f
e00b73e0 8426c854 fed128f9 cfdce559 b45bf58a c9f197ed a6c939e0 754ed305
1361a1c6 930b7ce1 355463a8 3205c538 f936eb02 8336fa11 0d2f00aa 2a0e6f33
dcdf9439 0bfec643 be14eb51 7e18935e 3d98aed4 9065d511 4c09d332 279fbcbd
7cd528ae 39a5dc54 968386d4 f4e53aa0 646af999 345a7d64 79f4ceea e4b33d72
69f610a9 8cab284f a88415cf d0264063 130bf429 eced13ff 8b757247 d83e293a
6f91d177 295a96e7 d81079d0 054a1c18 4c51d75c 962ac9d6 ed3f0fbf b643912e
22995282 a09bc7c6 16db15fd 70dfe9a6 00000001 00000001 0000002c 01010001
00000024 01010000 800b0001 000c0004 00093a80 80010005 80030001 80020002
80040002 011101f4 18835818
2001-03-22 23:25:31: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:31: DEBUG: oakley.c:844:oakley_ph1hash_common(): HASH =
computed:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
0d3d1c79 11cb21d2 fca99343 f20f5d60 e69c3cbf
2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 20, next type 0
2001-03-22 23:25:31: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin.
25:31.122695 <FreeBSD_side>:500 -> <Firewall-1_side>:500: isakmp 1.0 =
msgid 00000000: phase 1 ? agg:
    (hash: len=3D20)
2001-03-22 23:25:31: DEBUG: sockmisc.c:357:sendfromto(): sockname =
<FreeBSD_side>[500]
2001-03-22 23:25:31: DEBUG: sockmisc.c:359:sendfromto(): send packet =
from <FreeBSD_side>[500]
2001-03-22 23:25:31: DEBUG: sockmisc.c:361:sendfromto(): send packet to =
<Firewall-1_side>[500]
2001-03-22 23:25:31: DEBUG: isakmp.c:1349:isakmp_send(): 1 times of 52 =
bytes message will be sent.
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
22995282 a09bc7c6 16db15fd 70dfe9a6 08100400 00000000 00000034 00000018
0d3d1c79 11cb21d2 fca99343 f20f5d60 e69c3cbf
2001-03-22 23:25:31: DEBUG: oakley.c:2423:oakley_newiv2(): compute IV =
for phase2
2001-03-22 23:25:31: DEBUG: oakley.c:2424:oakley_newiv2(): phase1 last =
IV:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
8745548b 6f31648e eb02331e
2001-03-22 23:25:31: DEBUG: oakley.c:353:oakley_hash(): use sha1 to =
calculate phase 1.
2001-03-22 23:25:31: DEBUG: oakley.c:2450:oakley_newiv2(): phase2 IV =
computed:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
badfd429 5d0808ce
2001-03-22 23:25:31: DEBUG: oakley.c:715:oakley_compute_hash1(): HASH =
with:
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
eb02331e 0000001c 00000001 01106002 22995282 a09bc7c6 16db15fd 70dfe9a6
2001-03-22 23:25:31: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:31: DEBUG: oakley.c:725:oakley_compute_hash1(): HASH =
computed:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
9b7f9c68 25c93432 2d58d3d8 2d1727d1 9a096ca1
2001-03-22 23:25:31: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin.
25:31.259879 <FreeBSD_side>:500 -> <Firewall-1_side>:500: isakmp 1.0 =
msgid eb02331e: phase 2/others ? inf:
    (hash: len=3D20)
    (n: doi=3Dipsec proto=3Disakmp type=3DINITIAL-CONTACT =
spi=3D22995282a09bc7c616db15fd70dfe9a6)
2001-03-22 23:25:31: DEBUG: oakley.c:2610:oakley_do_encrypt(): begin =
encryption.
2001-03-22 23:25:31: DEBUG: oakley.c:2617:oakley_do_encrypt(): pad =
length =3D 4
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
0b000018 9b7f9c68 25c93432 2d58d3d8 2d1727d1 9a096ca1 0000001c 00000001
01106002 22995282 a09bc7c6 16db15fd 70dfe9a6 fb143203
2001-03-22 23:25:31: DEBUG: oakley.c:2652:oakley_do_encrypt(): =
encrypt(3des).
2001-03-22 23:25:31: DEBUG: oakley.c:2655:oakley_do_encrypt(): with key: =

2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
1b149c9f 84d998f6 a7804081 8edd7279 8a581069 80f0c89d
2001-03-22 23:25:31: DEBUG: oakley.c:2664:oakley_do_encrypt(): encrypted =
payload by IV:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
d8afd2bf ea5e28f8
2001-03-22 23:25:31: DEBUG: oakley.c:2671:oakley_do_encrypt(): save IV =
for next:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
d8afd2bf ea5e28f8
2001-03-22 23:25:31: DEBUG: oakley.c:2688:oakley_do_encrypt(): =
encrypted.
2001-03-22 23:25:31: DEBUG: sockmisc.c:357:sendfromto(): sockname =
<FreeBSD_side>[500]
2001-03-22 23:25:31: DEBUG: sockmisc.c:359:sendfromto(): send packet =
from <FreeBSD_side>[500]
2001-03-22 23:25:31: DEBUG: sockmisc.c:361:sendfromto(): send packet to =
<Firewall-1_side>[500]
2001-03-22 23:25:31: DEBUG: isakmp.c:1349:isakmp_send(): 1 times of 84 =
bytes message will be sent.
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
22995282 a09bc7c6 16db15fd 70dfe9a6 08100501 eb02331e 00000054 9baebe0d
2ef3fb58 ed6da934 a3a038fc 05d5e7e1 c0f94ca6 a7cc5bba 42823420 37fddb70
e481f024 54e8316e 4b90ed6c d8afd2bf ea5e28f8
2001-03-22 23:25:31: DEBUG: isakmp_inf.c:633:isakmp_info_send_common(): =
sendto Information notify.
2001-03-22 23:25:31: INFO: isakmp.c:2310:log_ph1established(): ISAKMP-SA =
established <FreeBSD_side>[500]-<Firewall-1_side>[500] =
spi:22995282a09bc7c6:16db15fd70dfe9a6
2001-03-22 23:25:31: DEBUG: isakmp.c:650:ph1_main(): =3D=3D=3D
2001-03-22 23:25:31: DEBUG: oakley.c:2423:oakley_newiv2(): compute IV =
for phase2
2001-03-22 23:25:31: DEBUG: oakley.c:2424:oakley_newiv2(): phase1 last =
IV:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
8745548b 6f31648e fedc407e
2001-03-22 23:25:31: DEBUG: oakley.c:353:oakley_hash(): use sha1 to =
calculate phase 1.
2001-03-22 23:25:31: DEBUG: oakley.c:2450:oakley_newiv2(): phase2 IV =
computed:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
88674500 12e13a95
2001-03-22 23:25:31: DEBUG: pfkey.c:827:pk_sendgetspi(): call =
pfkey_send_getspi
2001-03-22 23:25:31: DEBUG: pfkey.c:840:pk_sendgetspi(): pfkey GETSPI =
sent: ESP/Tunnel <Firewall-1_side>-><FreeBSD_side>=20
2001-03-22 23:25:31: DEBUG: isakmp_quick.c:128:quick_i1prep(): pfkey =
getspi sent.
2001-03-22 23:25:31: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey =
GETSPI message
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
02010003 0a000000 79000000 0e430000 02000100 01db2bb7 900081ab 02731b56
03000500 ff200000 10020000 cfe7963e 00000000 00000000 03000600 ff200000
10020000 18835818 00000000 00000000
2001-03-22 23:25:31: DEBUG: pfkey.c:901:pk_recvgetspi(): pfkey GETSPI =
succeeded: ESP/Tunnel <Firewall-1_side>-><FreeBSD_side> =
spi=3D31140791(0x1db2bb7)
2001-03-22 23:25:31: DEBUG: oakley.c:228:oakley_dh_generate(): compute =
DH's private.
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
504fcfee cbf60ec7 09d50e9c f2baa268 d5de357b 07a6a461 3ecfc49e 85ae42b2
fc9e94a1 fee24bd6 bedd03b9 a73997ed 0ee23ce5 82f27a3f e4dd5da1 b70008b5
e23031c8 fb1a84be 765016cb 2e45046f 8703081e c2f8ee08 2ccc18d0 36bbb39b
6c3a6897 36e82141 ec17b148 fff83c31 32cd5cbc 9079cdfc 70e1aff5 4daefd0e
2001-03-22 23:25:31: DEBUG: oakley.c:230:oakley_dh_generate(): compute =
DH's public.
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
16bf44b3 aae8dc27 b062499f 1052bb77 d2054d7f 9a527119 34a41236 94dc4360
293cafd4 99e9ea2c 37a31d61 72a85dbb a58240fb 79f6bfa0 39d0186e fc7b6f04
0671a96b 5f57714b afc5d99d 9f5d5d45 7d714b35 13401d6d c9233199 7c76fc40
721b4387 ab7af135 447f6168 ff36968c 58a0b654 f27f9ece a3f4106b e2aecbdf
2001-03-22 23:25:31: DEBUG: ipsec_doi.c:3280:ipsecdoi_setid2(): use =
local ID type IPv4_subnet
2001-03-22 23:25:31: DEBUG: ipsec_doi.c:3320:ipsecdoi_setid2(): use =
remote ID type IPv4_subnet
2001-03-22 23:25:31: DEBUG: isakmp_quick.c:199:quick_i1send(): IDci:
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
04000000 c0a80000 ffffff00
2001-03-22 23:25:31: DEBUG: isakmp_quick.c:201:quick_i1send(): IDcr:
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
04000000 c0a86400 ffffff00
2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 48, next type 10
2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 16, next type 4
2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 128, next type 5
2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 12, next type 5
2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 12, next type 0
2001-03-22 23:25:31: DEBUG: oakley.c:715:oakley_compute_hash1(): HASH =
with:
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
fedc407e 0a000034 00000001 00000001 00000028 01030401 01db2bb7 0000001c
01030000 80010001 80020e10 80040001 80050002 80030002 04000014 e378c4ee
60866d1e b6b2a637 df2a76c1 05000084 16bf44b3 aae8dc27 b062499f 1052bb77
d2054d7f 9a527119 34a41236 94dc4360 293cafd4 99e9ea2c 37a31d61 72a85dbb
a58240fb 79f6bfa0 39d0186e fc7b6f04 0671a96b 5f57714b afc5d99d 9f5d5d45
7d714b35 13401d6d c9233199 7c76fc40 721b4387 ab7af135 447f6168 ff36968c
58a0b654 f27f9ece a3f4106b e2aecbdf 05000010 04000000 c0a80000 ffffff00
00000010 04000000 c0a86400 ffffff00
2001-03-22 23:25:31: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:31: DEBUG: oakley.c:725:oakley_compute_hash1(): HASH =
computed:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
10e3078a d3d3f443 791fbe65 a5869b2a 74dbcc6e
2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 20, next type 1
2001-03-22 23:25:31: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin.
25:31.946708 <FreeBSD_side>:500 -> <Firewall-1_side>:500: isakmp 1.0 =
msgid fedc407e: phase 2/others ? oakley-quick:
    (hash: len=3D20)
    (sa: doi=3Dipsec situation=3Didentity
        (p: #1 protoid=3Dipsec-esp transform=3D1 spi=3D01db2bb7
            (t: #1 id=3D3des (type=3Dlifetype value=3Dsec)(type=3Dlife =
value=3D0e10)(type=3Denc mode value=3Dtunnel)(type=3Dauth =
value=3Dhmac-sha1)(type=3Dgroup desc value=3Dmodp1024))))
    (nonce: n len=3D16)
    (ke: key len=3D128)
    (id: idtype=3DIPv4net protoid=3D0 port=3D0 len=3D8 =
192.168.0.0/255.255.255.0)
    (id: idtype=3DIPv4net protoid=3D0 port=3D0 len=3D8 =
192.168.100.0/255.255.255.0)
2001-03-22 23:25:31: DEBUG: oakley.c:2610:oakley_do_encrypt(): begin =
encryption.
2001-03-22 23:25:31: DEBUG: oakley.c:2617:oakley_do_encrypt(): pad =
length =3D 4
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
01000018 10e3078a d3d3f443 791fbe65 a5869b2a 74dbcc6e 0a000034 00000001
00000001 00000028 01030401 01db2bb7 0000001c 01030000 80010001 80020e10
80040001 80050002 80030002 04000014 e378c4ee 60866d1e b6b2a637 df2a76c1
05000084 16bf44b3 aae8dc27 b062499f 1052bb77 d2054d7f 9a527119 34a41236
94dc4360 293cafd4 99e9ea2c 37a31d61 72a85dbb a58240fb 79f6bfa0 39d0186e
fc7b6f04 0671a96b 5f57714b afc5d99d 9f5d5d45 7d714b35 13401d6d c9233199
7c76fc40 721b4387 ab7af135 447f6168 ff36968c 58a0b654 f27f9ece a3f4106b
e2aecbdf 05000010 04000000 c0a80000 ffffff00 00000010 04000000 c0a86400
ffffff00 62938003
2001-03-22 23:25:31: DEBUG: oakley.c:2652:oakley_do_encrypt(): =
encrypt(3des).
2001-03-22 23:25:31: DEBUG: oakley.c:2655:oakley_do_encrypt(): with key: =

2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
1b149c9f 84d998f6 a7804081 8edd7279 8a581069 80f0c89d
2001-03-22 23:25:31: DEBUG: oakley.c:2664:oakley_do_encrypt(): encrypted =
payload by IV:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
18c09f52 7ef0ab45
2001-03-22 23:25:31: DEBUG: oakley.c:2671:oakley_do_encrypt(): save IV =
for next:=20
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
18c09f52 7ef0ab45
2001-03-22 23:25:31: DEBUG: oakley.c:2688:oakley_do_encrypt(): =
encrypted.
2001-03-22 23:25:31: DEBUG: sockmisc.c:357:sendfromto(): sockname =
<FreeBSD_side>[500]
2001-03-22 23:25:31: DEBUG: sockmisc.c:359:sendfromto(): send packet =
from <FreeBSD_side>[500]
2001-03-22 23:25:31: DEBUG: sockmisc.c:361:sendfromto(): send packet to =
<Firewall-1_side>[500]
2001-03-22 23:25:31: DEBUG: isakmp.c:1349:isakmp_send(): 1 times of 292 =
bytes message will be sent.
2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20
22995282 a09bc7c6 16db15fd 70dfe9a6 08102001 fedc407e 00000124 e153dae5
17d72111 7f83c519 dd8dc039 7dc3dd4f 6387456f 301d5f81 fb3c6a98 2cd470cb
a128f947 c949b45d aa239f91 91ecc2b6 811b84db 907d926d bdc03341 a3b06710
3a6cdef4 67291e88 9bc5f8e4 b88785b9 b3b7c599 c1758a06 9fc43839 d1a42a3f
f50d24ab 5d8e343a d77f2fe5 080e4892 59461cab 3d832fb1 617c1dcc 680dd502
fa5377b4 a53f66e7 fc886f77 81ed931f 4102f9dc 5c670d94 b6231cfb 630373ea
0db84013 383987b7 454836cf 8b17c68d c4961631 0179a378 0318a084 9c03510f
b8697a3f fde03c7e ee10355c 6a2864bf 21de233a 3836b94c 012a253e e6c2356b
31831e73 7730fb43 d84cf64e 1b4b5bf5 72c233ed 16d1fbf3 2aab5134 18c09f52
7ef0ab45
2001-03-22 23:25:32: DEBUG: isakmp.c:232:isakmp_handler(): =3D=3D=3D
2001-03-22 23:25:32: DEBUG: isakmp.c:233:isakmp_handler(): 300 bytes =
message received from <Firewall-1_side>[500]
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
22995282 a09bc7c6 16db15fd 70dfe9a6 08102001 fedc407e 0000012c 6a63ccf0
ee8fbf2a 90f95160 27feb56c 0fa41090 3d10c638 4c7433ff d9782e85 a6efcab5
3468be11 122980c4 a3bc077d 977db81c 8347d6ff 1bc1f32d f6c02a05 78b58152
b65fbdb3 ea659151 f83c348e 0d116a6d 8425a261 b27722fe 064e0593 1b367fe4
5d2bc330 53bd2869 e6124233 f8fe89f0 172d5e36 67eaa05a c803e619 17546e25
7b9cdc98 f7cda610 bccae8ef fb906ed6 551c989c 4339cdee d8d77ea6 b8cf979e
4aab2d18 60151ce4 867e43d8 f2e01f09 777ec7b9 79cd129e e480a849 487ccb9a
a80efd09 860deb9a 6769057f 20e1b24f 7384e5c0 3b16b5a2 eafc0833 e447ccab
940a6703 8e189c26 69cfb093 91eaf531 66dd0992 2950098f a5056185 1e0be3e0
b9aa96ed 32bb3fa1 c745c399
2001-03-22 23:25:32: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin.
25:32.198778 <Firewall-1_side>:500 -> <FreeBSD_side>:500: isakmp 1.0 =
msgid fedc407e: phase 2/others ? oakley-quick[E]: [|hash]
2001-03-22 23:25:32: DEBUG: oakley.c:2492:oakley_do_decrypt(): begin =
decryption.
2001-03-22 23:25:32: DEBUG: oakley.c:2498:oakley_do_decrypt(): IV was =
saved for next processing:=20
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
32bb3fa1 c745c399
2001-03-22 23:25:32: DEBUG: oakley.c:2523:oakley_do_decrypt(): =
decrypt(3des)
2001-03-22 23:25:32: DEBUG: oakley.c:2526:oakley_do_decrypt(): with key: =

2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
1b149c9f 84d998f6 a7804081 8edd7279 8a581069 80f0c89d
2001-03-22 23:25:32: DEBUG: oakley.c:2535:oakley_do_decrypt(): decrypted =
payload by IV:=20
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
32bb3fa1 c745c399
2001-03-22 23:25:32: DEBUG: oakley.c:2538:oakley_do_decrypt(): decrypted =
payload, but not trimed.
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
01000018 b1cee678 6746eb92 b0336373 ab764011 c79eb892 0a000034 00000001
00000001 00000028 01030401 59135eab 0000001c 01030000 80010001 80020e10
80040001 80050002 80030002 04000018 f74c1189 a7ebf39f 8bd6a8a0 5e553ec4
ef686e05 05000084 89a4d7a3 bb18aa20 453f8924 4e704558 aa4253f2 8f063030
985850c1 cce74341 d3b26267 6dcdb66b a5ce4a2c 36e6586c 361b97cc 3be4c9a2
9db494ee 350438d6 f5d5d44c e846f26b 7018b5a7 d51f6a7c 4eb9aee2 0dbd9620
ed42c65f c02a1f7e 1069c0aa be92cbff d780312e f540f265 0d1346a0 b461c6d2
ca8d2086 6411fbb6 05000010 04000000 c0a80000 ffffff00 00000010 04000000
c0a86400 ffffff00 00000000 00000007
2001-03-22 23:25:32: DEBUG: oakley.c:2547:oakley_do_decrypt(): padding =
len=3D8
2001-03-22 23:25:32: DEBUG: oakley.c:2561:oakley_do_decrypt(): skip to =
trim padding.
2001-03-22 23:25:32: DEBUG: oakley.c:2576:oakley_do_decrypt(): =
decrypted.
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
22995282 a09bc7c6 16db15fd 70dfe9a6 08102001 fedc407e 0000012c 01000018
b1cee678 6746eb92 b0336373 ab764011 c79eb892 0a000034 00000001 00000001
00000028 01030401 59135eab 0000001c 01030000 80010001 80020e10 80040001
80050002 80030002 04000018 f74c1189 a7ebf39f 8bd6a8a0 5e553ec4 ef686e05
05000084 89a4d7a3 bb18aa20 453f8924 4e704558 aa4253f2 8f063030 985850c1
cce74341 d3b26267 6dcdb66b a5ce4a2c 36e6586c 361b97cc 3be4c9a2 9db494ee
350438d6 f5d5d44c e846f26b 7018b5a7 d51f6a7c 4eb9aee2 0dbd9620 ed42c65f
c02a1f7e 1069c0aa be92cbff d780312e f540f265 0d1346a0 b461c6d2 ca8d2086
6411fbb6 05000010 04000000 c0a80000 ffffff00 00000010 04000000 c0a86400
ffffff00 00000000 00000007
2001-03-22 23:25:32: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin.
25:32.213763 <Firewall-1_side>:500 -> <FreeBSD_side>:500: isakmp 1.0 =
msgid fedc407e: phase 2/others ? oakley-quick:
    (hash: len=3D20)
    (sa: doi=3Dipsec situation=3Didentity
        (p: #1 protoid=3Dipsec-esp transform=3D1 spi=3D59135eab
            (t: #1 id=3D3des (type=3Dlifetype value=3Dsec)(type=3Dlife =
value=3D0e10)(type=3Denc mode value=3Dtunnel)(type=3Dauth =
value=3Dhmac-sha1)(type=3Dgroup desc value=3Dmodp1024))))
    (nonce: n len=3D20)
    (ke: key len=3D128)
    (id: idtype=3DIPv4net protoid=3D0 port=3D0 len=3D8 =
192.168.0.0/255.255.255.0)
    (id: idtype=3DIPv4net protoid=3D0 port=3D0 len=3D8 =
192.168.100.0/255.255.255.0)
2001-03-22 23:25:32: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin.
2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D8(hash)
2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D1(sa)
2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D10(nonce)
2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D4(ke)
2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D5(id)
2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D5(id)
2001-03-22 23:25:32: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed.
2001-03-22 23:25:32: DEBUG: isakmp_quick.c:464:quick_i2recv(): HASH =
allocated:hbuf->l=3D288 actual:tlen=3D256
2001-03-22 23:25:32: DEBUG: isakmp_quick.c:478:quick_i2recv(): HASH(2) =
received:
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
b1cee678 6746eb92 b0336373 ab764011 c79eb892
2001-03-22 23:25:32: DEBUG: oakley.c:715:oakley_compute_hash1(): HASH =
with:
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
fedc407e e378c4ee 60866d1e b6b2a637 df2a76c1 0a000034 00000001 00000001
00000028 01030401 59135eab 0000001c 01030000 80010001 80020e10 80040001
80050002 80030002 04000018 f74c1189 a7ebf39f 8bd6a8a0 5e553ec4 ef686e05
05000084 89a4d7a3 bb18aa20 453f8924 4e704558 aa4253f2 8f063030 985850c1
cce74341 d3b26267 6dcdb66b a5ce4a2c 36e6586c 361b97cc 3be4c9a2 9db494ee
350438d6 f5d5d44c e846f26b 7018b5a7 d51f6a7c 4eb9aee2 0dbd9620 ed42c65f
c02a1f7e 1069c0aa be92cbff d780312e f540f265 0d1346a0 b461c6d2 ca8d2086
6411fbb6 05000010 04000000 c0a80000 ffffff00 00000010 04000000 c0a86400
ffffff00
2001-03-22 23:25:32: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:32: DEBUG: oakley.c:725:oakley_compute_hash1(): HASH =
computed:=20
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
b1cee678 6746eb92 b0336373 ab764011 c79eb892
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1055:get_proppair(): total SA =
len=3D48
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
00000001 00000001 00000028 01030401 01db2bb7 0000001c 01030000 80010001
80020e10 80040001 80050002 80030002
2001-03-22 23:25:32: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin.
2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D2(prop)
2001-03-22 23:25:32: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed.
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1108:get_proppair(): proposal #1 =
len=3D40
2001-03-22 23:25:32: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin.
2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D3(trns)
2001-03-22 23:25:32: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed.
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1249:get_transform(): transform =
#1 len=3D28
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): =
type=3DSA Life Type, flag=3D0x8000, lorv=3Dseconds
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): =
type=3DSA Life Duration, flag=3D0x8000, lorv=3D3600
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2128:check_attr_ipsec(): life =
duration was in TLV.
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): =
type=3DEncription Mode, flag=3D0x8000, lorv=3DTunnel
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): =
type=3DAuthentication Algorithm, flag=3D0x8000, lorv=3D2
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): =
type=3DGroup Description, flag=3D0x8000, lorv=3D2
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1151:get_proppair(): pair 1:
2001-03-22 23:25:32: DEBUG: proposal.c:880:print_proppair0():  =
0x80ae3e0: next=3D0x0 tnext=3D0x0
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1186:get_proppair(): proposal =
#1: 1 transform
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1055:get_proppair(): total SA =
len=3D48
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
00000001 00000001 00000028 01030401 59135eab 0000001c 01030000 80010001
80020e10 80040001 80050002 80030002
2001-03-22 23:25:32: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin.
2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D2(prop)
2001-03-22 23:25:32: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed.
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1108:get_proppair(): proposal #1 =
len=3D40
2001-03-22 23:25:32: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin.
2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen =
nptype=3D3(trns)
2001-03-22 23:25:32: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed.
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1249:get_transform(): transform =
#1 len=3D28
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): =
type=3DSA Life Type, flag=3D0x8000, lorv=3Dseconds
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): =
type=3DSA Life Duration, flag=3D0x8000, lorv=3D3600
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2128:check_attr_ipsec(): life =
duration was in TLV.
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): =
type=3DEncription Mode, flag=3D0x8000, lorv=3DTunnel
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): =
type=3DAuthentication Algorithm, flag=3D0x8000, lorv=3D2
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): =
type=3DGroup Description, flag=3D0x8000, lorv=3D2
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1151:get_proppair(): pair 1:
2001-03-22 23:25:32: DEBUG: proposal.c:880:print_proppair0():  =
0x80ae3f0: next=3D0x0 tnext=3D0x0
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1186:get_proppair(): proposal =
#1: 1 transform
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:890:get_ph2approval(): begin =
compare proposals.
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:896:get_ph2approval(): pair[1]: =
0x80ae3f0
2001-03-22 23:25:32: DEBUG: proposal.c:880:print_proppair0():  =
0x80ae3f0: next=3D0x0 tnext=3D0x0
2001-03-22 23:25:32: DEBUG: proposal.c:681:aproppair2saprop(): prop#=3D1 =
prot-id=3DESP spi-size=3D4 #trns=3D1 trns#=3D1 trns-id=3D3DES
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:3597:ipsecdoi_t2satrns(): =
type=3DSA Life Type, flag=3D0x8000, lorv=3Dseconds
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:3597:ipsecdoi_t2satrns(): =
type=3DSA Life Duration, flag=3D0x8000, lorv=3D3600
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:3597:ipsecdoi_t2satrns(): =
type=3DEncription Mode, flag=3D0x8000, lorv=3DTunnel
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:3597:ipsecdoi_t2satrns(): =
type=3DAuthentication Algorithm, flag=3D0x8000, lorv=3D2
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:3597:ipsecdoi_t2satrns(): =
type=3DGroup Description, flag=3D0x8000, lorv=3D2
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:932:get_ph2approvalx(): peer's =
single bundle:
2001-03-22 23:25:32: DEBUG: proposal.c:813:printsaproto():  =
(proto_id=3DESP spisize=3D4 spi=3D59135eab spi_p=3D00000000 =
encmode=3DTunnel reqid=3D0:0)
2001-03-22 23:25:32: DEBUG: proposal.c:847:printsatrns():   =
(trns_id=3D3DES encklen=3D0 authtype=3D2)
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:935:get_ph2approvalx(): my =
single bundle:
2001-03-22 23:25:32: DEBUG: proposal.c:813:printsaproto():  =
(proto_id=3DESP spisize=3D4 spi=3D01db2bb7 spi_p=3D00000000 =
encmode=3DTunnel reqid=3D0:0)
2001-03-22 23:25:32: DEBUG: proposal.c:847:printsatrns():   =
(trns_id=3D3DES encklen=3D0 authtype=3D2)
2001-03-22 23:25:32: DEBUG: ipsec_doi.c:953:get_ph2approvalx(): matched
2001-03-22 23:25:32: DEBUG: isakmp.c:714:quick_main(): =3D=3D=3D
2001-03-22 23:25:32: DEBUG: isakmp_quick.c:552:quick_i2send(): HASH(3) =
generate
2001-03-22 23:25:32: DEBUG: oakley.c:659:oakley_compute_hash3(): HASH =
with:=20
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
00fedc40 7ee378c4 ee60866d 1eb6b2a6 37df2a76 c1f74c11 89a7ebf3 9f8bd6a8
a05e553e c4ef686e 05
2001-03-22 23:25:32: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:32: DEBUG: oakley.c:669:oakley_compute_hash3(): HASH =
computed:=20
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
a85f03ba 9e9bc01f a08e71bb 016e8682 703985cb
2001-03-22 23:25:32: DEBUG: isakmp.c:2012:set_isakmp_payload(): add =
payload of len 20, next type 0
2001-03-22 23:25:32: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin.
25:32.940767 <FreeBSD_side>:500 -> <Firewall-1_side>:500: isakmp 1.0 =
msgid fedc407e: phase 2/others ? oakley-quick:
    (hash: len=3D20)
2001-03-22 23:25:32: DEBUG: oakley.c:2610:oakley_do_encrypt(): begin =
encryption.
2001-03-22 23:25:32: DEBUG: oakley.c:2617:oakley_do_encrypt(): pad =
length =3D 8
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
00000018 a85f03ba 9e9bc01f a08e71bb 016e8682 703985cb 8ab45b6c 21b95207
2001-03-22 23:25:32: DEBUG: oakley.c:2652:oakley_do_encrypt(): =
encrypt(3des).
2001-03-22 23:25:32: DEBUG: oakley.c:2655:oakley_do_encrypt(): with key: =

2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
1b149c9f 84d998f6 a7804081 8edd7279 8a581069 80f0c89d
2001-03-22 23:25:32: DEBUG: oakley.c:2664:oakley_do_encrypt(): encrypted =
payload by IV:=20
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
e0d1b6a9 1989a7fc
2001-03-22 23:25:32: DEBUG: oakley.c:2671:oakley_do_encrypt(): save IV =
for next:=20
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
e0d1b6a9 1989a7fc
2001-03-22 23:25:32: DEBUG: oakley.c:2688:oakley_do_encrypt(): =
encrypted.
2001-03-22 23:25:32: DEBUG: sockmisc.c:357:sendfromto(): sockname =
<FreeBSD_side>[500]
2001-03-22 23:25:32: DEBUG: sockmisc.c:359:sendfromto(): send packet =
from <FreeBSD_side>[500]
2001-03-22 23:25:32: DEBUG: sockmisc.c:361:sendfromto(): send packet to =
<Firewall-1_side>[500]
2001-03-22 23:25:32: DEBUG: isakmp.c:1349:isakmp_send(): 1 times of 60 =
bytes message will be sent.
2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20
22995282 a09bc7c6 16db15fd 70dfe9a6 08102001 fedc407e 0000003c 29daac41
47d1c791 d2eabf71 2af93469 c54ce561 cf852e78 e0d1b6a9 1989a7fc
2001-03-22 23:25:33: DEBUG: oakley.c:192:oakley_dh_compute(): compute =
DH's shared.
2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20
1cbbadae ac593cb5 86648589 9b444988 7ad70df1 b667ef98 7173e6ec f93d7204
3bcb4598 5d8a6a9f ded51437 5803801f 85b6ca63 590d3625 4239f2ac c9685215
6adebf24 39685dc2 9dc98f4d fa897f10 7d394e6d 9cfc9ced ba9c3d91 ff818be1
66612eb5 6ef3f008 bd5009b0 8e80bc1a 5918b8a6 63155c9a 656bfc12 e7eab712
2001-03-22 23:25:33: DEBUG: oakley.c:462:oakley_compute_keymat_x(): =
KEYMAT compute with
2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20
1cbbadae ac593cb5 86648589 9b444988 7ad70df1 b667ef98 7173e6ec f93d7204
3bcb4598 5d8a6a9f ded51437 5803801f 85b6ca63 590d3625 4239f2ac c9685215
6adebf24 39685dc2 9dc98f4d fa897f10 7d394e6d 9cfc9ced ba9c3d91 ff818be1
66612eb5 6ef3f008 bd5009b0 8e80bc1a 5918b8a6 63155c9a 656bfc12 e7eab712
0301db2b b7e378c4 ee60866d 1eb6b2a6 37df2a76 c1f74c11 89a7ebf3 9f8bd6a8
a05e553e c4ef686e 05
2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:33: DEBUG: oakley.c:475:oakley_compute_keymat_x(): =
dupkeymat=3D3
2001-03-22 23:25:33: DEBUG: oakley.c:491:oakley_compute_keymat_x(): =
generating K1...K3 for KEYMAT.
2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20
8b715bc0 e0fb5459 d0a64fb1 96913db4 e05741ef f406193f 91ae0f13 d8fab440
359b661a e2cf4a33 80228851 62922c67 5c3318cc 5e91ef88 54fab45d
2001-03-22 23:25:33: DEBUG: oakley.c:462:oakley_compute_keymat_x(): =
KEYMAT compute with
2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20
1cbbadae ac593cb5 86648589 9b444988 7ad70df1 b667ef98 7173e6ec f93d7204
3bcb4598 5d8a6a9f ded51437 5803801f 85b6ca63 590d3625 4239f2ac c9685215
6adebf24 39685dc2 9dc98f4d fa897f10 7d394e6d 9cfc9ced ba9c3d91 ff818be1
66612eb5 6ef3f008 bd5009b0 8e80bc1a 5918b8a6 63155c9a 656bfc12 e7eab712
0359135e abe378c4 ee60866d 1eb6b2a6 37df2a76 c1f74c11 89a7ebf3 9f8bd6a8
a05e553e c4ef686e 05
2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:33: DEBUG: oakley.c:475:oakley_compute_keymat_x(): =
dupkeymat=3D3
2001-03-22 23:25:33: DEBUG: oakley.c:491:oakley_compute_keymat_x(): =
generating K1...K3 for KEYMAT.
2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used.
2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20
b5d31f90 38a5c659 02fc7ada c18e3a2e dc37dc29 5c7d32e7 0cef6657 47dee168
cec75ffc c69b4d24 35011e73 e91d6506 683e35e0 198070c2 5debff94
2001-03-22 23:25:33: DEBUG: oakley.c:392:oakley_compute_keymat(): KEYMAT =
computed.
2001-03-22 23:25:33: DEBUG: isakmp_quick.c:623:quick_i2send(): call =
pk_sendupdate
2001-03-22 23:25:33: DEBUG: pfkey.c:988:pk_sendupdate(): call =
pfkey_send_update
2001-03-22 23:25:33: DEBUG: isakmp_quick.c:628:quick_i2send(): pfkey =
update sent.
2001-03-22 23:25:33: DEBUG: pfkey.c:1203:pk_sendadd(): call =
pfkey_send_add
2001-03-22 23:25:33: DEBUG: isakmp_quick.c:635:quick_i2send(): pfkey add =
sent.
2001-03-22 23:25:33: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey =
UPDATE message
2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20
02020003 1c000000 79000000 0e430000 02000100 01db2bb7 04000303 00000000
02001300 02000000 00000000 00000000 03000500 ff200000 10020000 cfe7963e
00000000 00000000 03000600 ff200000 10020000 18835818 00000000 00000000
04000900 c0000000 8b715bc0 e0fb5459 d0a64fb1 96913db4 e05741ef f406193f
04000800 a0000000 91ae0f13 d8fab440 359b661a e2cf4a33 80228851 00000000
04000300 00000000 00000000 00000000 100e0000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 400b0000 00000000 00000000 00000000
2001-03-22 23:25:33: DEBUG: pfkey.c:1108:pk_recvupdate(): pfkey UPDATE =
succeeded: ESP/Tunnel <Firewall-1_side>-><FreeBSD_side> =
spi=3D31140791(0x1db2bb7)
2001-03-22 23:25:33: INFO: pfkey.c:1115:pk_recvupdate(): IPsec-SA =
established: ESP/Tunnel <Firewall-1_side>-><FreeBSD_side> =
spi=3D31140791(0x1db2bb7)
2001-03-22 23:25:33: DEBUG: pfkey.c:1147:pk_recvupdate(): =3D=3D=3D
2001-03-22 23:25:33: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey ADD =
message
2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20
02031603 1c000000 79000000 0e430000 02000100 59135eab 04000303 00000000
02001300 02000000 00000000 00000000 03000500 ff200000 10020000 18835818
00000000 00000000 03000600 ff200000 10020000 cfe7963e 00000000 00000000
04000900 c0000000 b5d31f90 38a5c659 02fc7ada c18e3a2e dc37dc29 5c7d32e7
04000800 a0000000 0cef6657 47dee168 cec75ffc c69b4d24 35011e73 00000000
04000300 00000000 00000000 00000000 100e0000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 400b0000 00000000 00000000 00000000
2001-03-22 23:25:33: ERROR: pfkey.c:207:pfkey_handler(): pfkey ADD =
failed Invalid argument
------=_NextPart_000_05AB_01C0B3F4.339FD9C0--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?05ae01c0b41e$1f82ac90$0200a8c0>