Date: Fri, 23 Mar 2001 23:51:38 -0500 From: "Jeremy Karteczka" <jerkart@mw.mediaone.net> To: <freebsd-security@freebsd.org> Subject: Trying to set up an IKE vpn between FreeBSD and Checkpoint FW-1 Message-ID: <05ae01c0b41e$1f82ac90$0200a8c0@jose>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_05AB_01C0B3F4.339FD9C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Greetings, I am trying to get an IKE vpn going between a 4.2-RELEASE machine (using racoon for key exchange) and a Checkpoint firewall (v4.1 SP3). I have tried both sha1 and md5. Every time I try to establish a connection phase 1 negotiation succeeds and phase 2 says it succeeds in the racoon log file, but then I get this message at the bottom of /var/log/messages: When using md5: key_mature: invalid AH key length 128 (160-160 allowed) with sha1: key_mature: invalid AH key length 160 (128-128 allowed) I was able to speak with Checkpoint Tech support on this and they did confirm that Firewall-1 uses a 128-bit key for md5 and a 160-bit key for sha1. I have looked for RFCs to find out which is the accepted standard but could not find one that specifically states how long the key should be for each hash method. Can anyone point me to the proper RFCs and/or tell me if there is a way I can reverse the expected key lenght on the FreeBSD side? The Checkpoint tech I spoke with stated that Firewall-1 is compliant with RFCs 2408 and 2409 but I see no mention of AH key length for hash methods. I have attached a copy of the racoon log (the external IPs have been cleansed) and the conf used for an attempt to connect while using sha1. Thanks in advance, Jeremy ------=_NextPart_000_05AB_01C0B3F4.339FD9C0 Content-Type: application/octet-stream; name="racoon.conf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="racoon.conf" # "log" specifies logging level. It is followed by either "notify", "debug" # or "debug2". log debug2; #log notify; remote anonymous { exchange_mode aggressive,main,base; lifetime time 10080 min ; # sec,min,hour # phase 1 proposal (for ISAKMP SA) proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } # the configuration makes racoon (as a responder) to obey the # initiator's lifetime and PFS group proposal. # this makes testing so much easier. proposal_check obey; } # phase 2 proposal (for IPsec SA). # actual phase 2 proposal will obey the following items: # - kernel IPsec policy configuration (like "esp/transport//use) # - permutation of the crypto/hash/compression algorithms presented below sainfo anonymous { pfs_group 2; lifetime time 1 hour ; encryption_algorithm 3des ; authentication_algorithm hmac_sha1 ; compression_algorithm deflate ; } ------=_NextPart_000_05AB_01C0B3F4.339FD9C0 Content-Type: application/octet-stream; name="racoon.log" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="racoon.log" 2001-03-22 23:25:08: INFO: main.c:146:main(): @(#)racoon 20001216 = sakane@ydc.co.jp 2001-03-22 23:25:08: INFO: main.c:147:main(): @(#)This product linked = software developed by the OpenSSL Project for use in the OpenSSL = Toolkit. (http://www.openssl.org/) 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <3>#log notify; 2001-03-22 23:25:08: DEBUG2: cftoken.l:258:yylex(): begin <33>remote 2001-03-22 23:25:08: DEBUG2: cftoken.l:259:yylex(): <33>anonymous 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35>#exchange_mode = main,aggressive,base; 2001-03-22 23:25:08: DEBUG2: cftoken.l:263:yylex(): <35>exchange_mode 2001-03-22 23:25:08: DEBUG2: cftoken.l:267:yylex(): <35>aggressive 2001-03-22 23:25:08: DEBUG2: cftoken.l:264:yylex(): <35>, 2001-03-22 23:25:08: DEBUG2: cftoken.l:266:yylex(): <35>main 2001-03-22 23:25:08: DEBUG2: cftoken.l:264:yylex(): <35>, 2001-03-22 23:25:08: DEBUG2: cftoken.l:265:yylex(): <35>base 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35>#my_identifier = fqdn "server.kame.net"; 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): = <35>#certificate_type x509 "foo@kame.net.cert" "foo@kame.net.priv" ; 2001-03-22 23:25:08: DEBUG2: cftoken.l:294:yylex(): <35>lifetime 2001-03-22 23:25:08: DEBUG2: cftoken.l:295:yylex(): <35>time 2001-03-22 23:25:08: DEBUG2: cftoken.l:408:yylex(): <35>10080 2001-03-22 23:25:08: DEBUG2: cftoken.l:398:yylex(): <35>min 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35># sec,min,hour 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35>#initial_contact = off 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35># phase 1 = proposal (for ISAKMP SA) 2001-03-22 23:25:08: DEBUG2: cftoken.l:298:yylex(): begin <37>proposal 2001-03-22 23:25:08: DEBUG2: cftoken.l:308:yylex(): = <37>encryption_algorithm 2001-03-22 23:25:08: DEBUG2: cftoken.l:349:yylex(): <37>3des 2001-03-22 23:25:08: DEBUG2: cftoken.l:310:yylex(): <37>hash_algorithm 2001-03-22 23:25:08: DEBUG2: cftoken.l:366:yylex(): <37>sha1 2001-03-22 23:25:08: DEBUG2: cftoken.l:309:yylex(): = <37>authentication_method 2001-03-22 23:25:08: DEBUG2: cftoken.l:376:yylex(): <37>pre_shared_key 2001-03-22 23:25:08: DEBUG2: cftoken.l:311:yylex(): <37>dh_group 2001-03-22 23:25:08: DEBUG2: cftoken.l:408:yylex(): <37>2 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35># the = configuration makes racoon (as a responder) to obey the 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35># initiator's = lifetime and PFS group proposal. 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <35># this makes = testing so much easier. 2001-03-22 23:25:08: DEBUG2: cftoken.l:288:yylex(): <35>proposal_check 2001-03-22 23:25:08: DEBUG2: cftoken.l:289:yylex(): <35>obey 2001-03-22 23:25:08: DEBUG2: cfparse.y:1414:set_isakmp_proposal(): = lifetime =3D 604800 2001-03-22 23:25:08: DEBUG2: cfparse.y:1417:set_isakmp_proposal(): = lifebyte =3D 0 2001-03-22 23:25:08: DEBUG2: cfparse.y:1420:set_isakmp_proposal(): = strength=3Dextra high 2001-03-22 23:25:08: DEBUG2: cfparse.y:1422:set_isakmp_proposal(): = encklen=3D0 2001-03-22 23:25:08: DEBUG2: cfparse.y:1483:expand_isakmpspec(): p:1 t:1 = 2001-03-22 23:25:08: DEBUG2: cfparse.y:1487:expand_isakmpspec(): = 3DES-CBC(5) 2001-03-22 23:25:08: DEBUG2: = cfparse.y:1487:expand_isakmpspec(): SHA(2)=20 2001-03-22 23:25:08: DEBUG2: cfparse.y:1487:expand_isakmpspec(): = 1024-bit MODP group(2) 2001-03-22 23:25:08: DEBUG2: = cfparse.y:1487:expand_isakmpspec(): pre-shared key(1)=20 2001-03-22 23:25:08: DEBUG2: cfparse.y:1494:expand_isakmpspec():=20 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <3># phase 2 = proposal (for IPsec SA). 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <3># actual phase 2 = proposal will obey the following items: 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <3># - kernel IPsec = policy configuration (like "esp/transport//use) 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <3># - permutation = of the crypto/hash/compression algorithms presented below 2001-03-22 23:25:08: DEBUG2: cftoken.l:238:yylex(): begin <29>sainfo 2001-03-22 23:25:08: DEBUG2: cftoken.l:239:yylex(): <29>anonymous 2001-03-22 23:25:08: DEBUG2: cftoken.l:246:yylex(): <31>pfs_group 2001-03-22 23:25:08: DEBUG2: cftoken.l:408:yylex(): <31>2 2001-03-22 23:25:08: DEBUG2: cftoken.l:249:yylex(): <31>lifetime 2001-03-22 23:25:08: DEBUG2: cftoken.l:250:yylex(): <31>time 2001-03-22 23:25:08: DEBUG2: cftoken.l:408:yylex(): <31>1 2001-03-22 23:25:08: DEBUG2: cftoken.l:399:yylex(): <31>hour 2001-03-22 23:25:08: DEBUG2: cftoken.l:477:yylex(): <31># lifetime = byte 50 MB ; 2001-03-22 23:25:08: DEBUG2: cftoken.l:252:yylex(): = <31>encryption_algorithm 2001-03-22 23:25:08: DEBUG2: cftoken.l:349:yylex(): <31>3des 2001-03-22 23:25:08: DEBUG2: cftoken.l:253:yylex(): = <31>authentication_algorithm 2001-03-22 23:25:08: DEBUG2: cftoken.l:362:yylex(): <31>hmac_sha1 2001-03-22 23:25:08: DEBUG2: cftoken.l:254:yylex(): = <31>compression_algorithm 2001-03-22 23:25:08: DEBUG2: cftoken.l:369:yylex(): <31>deflate 2001-03-22 23:25:08: WARNING: pfkey.c:1942:pk_checkalg(): compression = algorithm can not be checked. 2001-03-22 23:25:08: DEBUG2: cfparse.y:1576:cfparse(): parse successed. 2001-03-22 23:25:08: DEBUG: grabmyaddr.c:324:grab_myaddrs(): my = interface: <FreeBSD_side> (fxp0) 2001-03-22 23:25:08: DEBUG: grabmyaddr.c:324:grab_myaddrs(): my = interface: 192.168.0.1 (xl0) 2001-03-22 23:25:08: DEBUG: grabmyaddr.c:324:grab_myaddrs(): my = interface: 192.168.0.1 (gif0) 2001-03-22 23:25:08: DEBUG: grabmyaddr.c:324:grab_myaddrs(): my = interface: 127.0.0.1 (lo0) 2001-03-22 23:25:08: DEBUG: grabmyaddr.c:476:autoconf_myaddrsport(): = configuring default isakmp port. 2001-03-22 23:25:08: DEBUG: grabmyaddr.c:498:autoconf_myaddrsport(): 4 = addrs are configured successfully 2001-03-22 23:25:08: INFO: isakmp.c:1266:isakmp_open(): 127.0.0.1[500] = used as isakmp port (fd=3D6) 2001-03-22 23:25:08: INFO: isakmp.c:1266:isakmp_open(): 192.168.0.1[500] = used as isakmp port (fd=3D7) 2001-03-22 23:25:08: ERROR: isakmp.c:1258:isakmp_open(): failed to bind = (Address already in use). 2001-03-22 23:25:08: INFO: isakmp.c:1266:isakmp_open(): = <FreeBSD_side>[500] used as isakmp port (fd=3D8) 2001-03-22 23:25:08: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey = X_SPDDUMP message 2001-03-22 23:25:08: DEBUG: plog.c:204:plogdump():=20 02120000 0f000100 01000000 0e430000 03000500 ff180000 10020000 c0a86400 00000000 00000000 03000600 ff180000 10020000 c0a80000 00000000 00000000 07001200 02000100 02000000 00000000 28003200 02020000 10020000 cfe7963e 00000000 00000000 10020000 18835818 00000000 00000000 2001-03-22 23:25:08: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey = X_SPDDUMP message 2001-03-22 23:25:08: DEBUG: plog.c:204:plogdump():=20 02120000 0f000100 00000000 0e430000 03000500 ff180000 10020000 c0a80000 00000000 00000000 03000600 ff180000 10020000 c0a86400 00000000 00000000 07001200 02000200 01000000 00000000 28003200 02020000 10020000 18835818 00000000 00000000 10020000 cfe7963e 00000000 00000000 2001-03-22 23:25:08: DEBUG: policy.c:182:cmpspidx(): sub:0xbfbff978: = 192.168.0.0/24[0] 192.168.100.0/24[0] proto=3Dany dir=3Dout 2001-03-22 23:25:08: DEBUG: policy.c:183:cmpspidx(): db :0x80a7208: = 192.168.100.0/24[0] 192.168.0.0/24[0] proto=3Dany dir=3Din 2001-03-22 23:25:27: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey = ACQUIRE message 2001-03-22 23:25:27: DEBUG: plog.c:204:plogdump():=20 02060003 26000000 79000000 00000000 03000500 ff800000 10020000 18835818 00000000 00000000 03000600 ff800000 10020000 cfe7963e 00000000 00000000 02001200 02000200 01000000 00000000 1c000d00 20000000 00030000 00000000 00010008 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00040000 00000000 0001c001 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00060000 00000000 0001f807 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 2001-03-22 23:25:27: DEBUG: policy.c:212:cmpspidx_wild(): = sub:0xbfbff964: 192.168.100.0/24[0] 192.168.0.0/24[0] proto=3Dany = dir=3Din 2001-03-22 23:25:27: DEBUG: policy.c:213:cmpspidx_wild(): db: 0x80a7208: = 192.168.100.0/24[0] 192.168.0.0/24[0] proto=3Dany dir=3Din 2001-03-22 23:25:27: DEBUG: policy.c:240:cmpspidx_wild(): 0xbfbff964 = masked with /24: 192.168.100.0[0] 2001-03-22 23:25:27: DEBUG: policy.c:242:cmpspidx_wild(): 0x80a7208 = masked with /24: 192.168.100.0[0] 2001-03-22 23:25:27: DEBUG: policy.c:256:cmpspidx_wild(): 0xbfbff964 = masked with /24: 192.168.0.0[0] 2001-03-22 23:25:27: DEBUG: policy.c:258:cmpspidx_wild(): 0x80a7208 = masked with /24: 192.168.0.0[0] 2001-03-22 23:25:27: DEBUG: pfkey.c:1526:pk_recvacquire(): suitable SP = found: 192.168.0.0/24[0] 192.168.100.0/24[0] proto=3Dany dir=3Dout. 2001-03-22 23:25:27: DEBUG: pfkey.c:1558:pk_recvacquire(): new acquire = 192.168.0.0/24[0] 192.168.100.0/24[0] proto=3Dany dir=3Dout 2001-03-22 23:25:27: DEBUG: sainfo.c:98:getsainfo(): anonymous sainfo = selected. 2001-03-22 23:25:27: DEBUG: remoteconf.c:127:getrmconf(): anonymous = configuration selected for <Firewall-1_side>. 2001-03-22 23:25:27: INFO: isakmp.c:1596:isakmp_post_acquire(): IPsec-SA = request for <Firewall-1_side> queued due to no phase1 found. 2001-03-22 23:25:27: DEBUG: isakmp.c:766:isakmp_ph1begin_i(): =3D=3D=3D 2001-03-22 23:25:27: INFO: isakmp.c:771:isakmp_ph1begin_i(): initiate = new phase 1 negotiation: <FreeBSD_side>[500]<=3D><Firewall-1_side>[500] 2001-03-22 23:25:27: INFO: isakmp.c:776:isakmp_ph1begin_i(): begin = Aggressive mode. 2001-03-22 23:25:27: DEBUG: isakmp.c:1899:isakmp_newcookie(): new = cookie: 22995282a09bc7c6=20 2001-03-22 23:25:27: DEBUG: ipsec_doi.c:3161:ipsecdoi_setid1(): use ID = type of IPv4_address 2001-03-22 23:25:27: DEBUG: oakley.c:228:oakley_dh_generate(): compute = DH's private. 2001-03-22 23:25:27: DEBUG: plog.c:204:plogdump():=20 7f3549bd 32563f03 36806a8f 36b5ffb6 1d899b33 c89ff9f6 319a9bf8 a785d30f 0c6bc5b1 321b073b 5931f0cb e8bb5dae 71fc815c 7a2fa1b3 5510e0ec 37346562 6951c3fa 52dd69e3 a4433dab 0a18f0c9 2d9e6ac5 47445b22 7ad78ac2 6ffc5311 b92d67f0 383f8ef7 4e9db949 e6563b1c 7038834a b5687e23 2e29bba1 94b56007 2001-03-22 23:25:27: DEBUG: oakley.c:230:oakley_dh_generate(): compute = DH's public. 2001-03-22 23:25:27: DEBUG: plog.c:204:plogdump():=20 3abbb763 ed32b193 3641ee47 4fa1a2cd 8268de70 ed189da4 0fa51954 8943222c 11ecff2d 7e4daa36 c0fb7cab 6cb1534f 5147c51b c058a93c 0d03a7c5 f51baf2f e00b73e0 8426c854 fed128f9 cfdce559 b45bf58a c9f197ed a6c939e0 754ed305 1361a1c6 930b7ce1 355463a8 3205c538 f936eb02 8336fa11 0d2f00aa 2a0e6f33 2001-03-22 23:25:27: DEBUG: isakmp_agg.c:157:agg_i1send(): authmethod is = pre-shared key 2001-03-22 23:25:27: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 52, next type 4 2001-03-22 23:25:27: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 128, next type 10 2001-03-22 23:25:27: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 16, next type 5 2001-03-22 23:25:27: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 8, next type 0 2001-03-22 23:25:27: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin. 25:27.740849 <FreeBSD_side>:500 -> <Firewall-1_side>:500: isakmp 1.0 = msgid 00000000: phase 1 I agg: (sa: doi=3Dipsec situation=3Didentity (p: #1 protoid=3Disakmp transform=3D1 (t: #1 id=3Dike (type=3Dlifetype = value=3Dsec)(type=3Dlifeduration len=3D4 value=3D00093a80)(type=3Denc = value=3D3des)(type=3Dauth value=3Dpreshared)(type=3Dhash = value=3Dsha1)(type=3Dgroup desc value=3Dmodp1024)))) (ke: key len=3D128) (nonce: n len=3D16) (id: idtype=3DIPv4 protoid=3Dudp port=3D500 len=3D4 <FreeBSD_side>) 2001-03-22 23:25:27: DEBUG: sockmisc.c:357:sendfromto(): sockname = <FreeBSD_side>[500] 2001-03-22 23:25:27: DEBUG: sockmisc.c:359:sendfromto(): send packet = from <FreeBSD_side>[500] 2001-03-22 23:25:27: DEBUG: sockmisc.c:361:sendfromto(): send packet to = <Firewall-1_side>[500] 2001-03-22 23:25:27: DEBUG: isakmp.c:1349:isakmp_send(): 1 times of 248 = bytes message will be sent. 2001-03-22 23:25:27: DEBUG: plog.c:204:plogdump():=20 22995282 a09bc7c6 00000000 00000000 01100400 00000000 000000f8 04000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00093a80 80010005 80030001 80020002 80040002 0a000084 3abbb763 ed32b193 3641ee47 4fa1a2cd 8268de70 ed189da4 0fa51954 8943222c 11ecff2d 7e4daa36 c0fb7cab 6cb1534f 5147c51b c058a93c 0d03a7c5 f51baf2f e00b73e0 8426c854 fed128f9 cfdce559 b45bf58a c9f197ed a6c939e0 754ed305 1361a1c6 930b7ce1 355463a8 3205c538 f936eb02 8336fa11 0d2f00aa 2a0e6f33 05000014 b2dc8303 fd56bcea b3692603 e97bbc67 0000000c 011101f4 18835818 2001-03-22 23:25:30: DEBUG: isakmp.c:232:isakmp_handler(): =3D=3D=3D 2001-03-22 23:25:30: DEBUG: isakmp.c:233:isakmp_handler(): 276 bytes = message received from <Firewall-1_side>[500] 2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20 22995282 a09bc7c6 16db15fd 70dfe9a6 01100400 00000000 00000114 04000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00093a80 80010005 80030001 80020002 80040002 0a000084 dcdf9439 0bfec643 be14eb51 7e18935e 3d98aed4 9065d511 4c09d332 279fbcbd 7cd528ae 39a5dc54 968386d4 f4e53aa0 646af999 345a7d64 79f4ceea e4b33d72 69f610a9 8cab284f a88415cf d0264063 130bf429 eced13ff 8b757247 d83e293a 6f91d177 295a96e7 d81079d0 054a1c18 4c51d75c 962ac9d6 ed3f0fbf b643912e 05000018 f1333b59 71a73bcd 0713c4c3 9c95a95b b620874b 0800000c 01000000 cfe7963e 00000018 10e89a7f 3b87ade3 09940bdf 75e18f13 85fc9844 2001-03-22 23:25:30: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin. 25:30.717998 <Firewall-1_side>:500 -> <FreeBSD_side>:500: isakmp 1.0 = msgid 00000000: phase 1 ? agg: (sa: doi=3Dipsec situation=3Didentity (p: #1 protoid=3Disakmp transform=3D1 (t: #1 id=3Dike (type=3Dlifetype = value=3Dsec)(type=3Dlifeduration len=3D4 value=3D00093a80)(type=3Denc = value=3D3des)(type=3Dauth value=3Dpreshared)(type=3Dhash = value=3Dsha1)(type=3Dgroup desc value=3Dmodp1024)))) (ke: key len=3D128) (nonce: n len=3D20) (id: idtype=3DIPv4 protoid=3D0 port=3D0 len=3D4 <Firewall-1_side>) (hash: len=3D20) 2001-03-22 23:25:30: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin. 2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D1(sa) 2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D4(ke) 2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D10(nonce) 2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D5(id) 2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D8(hash) 2001-03-22 23:25:30: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed. 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1055:get_proppair(): total SA = len=3D52 2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00093a80 80010005 80030001 80020002 80040002 2001-03-22 23:25:30: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin. 2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D2(prop) 2001-03-22 23:25:30: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed. 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1108:get_proppair(): proposal #1 = len=3D44 2001-03-22 23:25:30: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin. 2001-03-22 23:25:30: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D3(trns) 2001-03-22 23:25:30: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed. 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1249:get_transform(): transform = #1 len=3D36 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): = type=3DLife Type, flag=3D0x8000, lorv=3Dseconds 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): = type=3DLife Duration, flag=3D0x0000, lorv=3D4 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): = type=3DEncryption Algorithm, flag=3D0x8000, lorv=3D3DES-CBC 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): = type=3DAuthentication Method, flag=3D0x8000, lorv=3Dpre-shared key 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): = type=3DHash Algorithm, flag=3D0x8000, lorv=3DSHA 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1808:check_attr_isakmp(): = type=3DGroup Description, flag=3D0x8000, lorv=3D1024-bit MODP group 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1151:get_proppair(): pair 1: 2001-03-22 23:25:30: DEBUG: proposal.c:880:print_proppair0(): = 0x80ae110: next=3D0x0 tnext=3D0x0 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:1186:get_proppair(): proposal = #1: 1 transform 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:319:get_ph1approvalx(): = prop#=3D1, prot-id=3DISAKMP, spi-size=3D0, #trns=3D1 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:324:get_ph1approvalx(): = trns#=3D1, trns-id=3DIKE 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): type=3DLife = Type, flag=3D0x8000, lorv=3Dseconds 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): type=3DLife = Duration, flag=3D0x0000, lorv=3D4 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): = type=3DEncryption Algorithm, flag=3D0x8000, lorv=3D3DES-CBC 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): = type=3DAuthentication Method, flag=3D0x8000, lorv=3Dpre-shared key 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): type=3DHash = Algorithm, flag=3D0x8000, lorv=3DSHA 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:422:t2isakmpsa(): type=3DGroup = Description, flag=3D0x8000, lorv=3D1024-bit MODP group 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:335:get_ph1approvalx(): = Compared: DB:Peer 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:336:get_ph1approvalx(): = (lifetime =3D 604800:604800) 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:338:get_ph1approvalx(): = (lifebyte =3D 0:0) 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:340:get_ph1approvalx(): enctype = =3D 3DES-CBC:3DES-CBC 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:345:get_ph1approvalx(): (encklen = =3D 0:0) 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:347:get_ph1approvalx(): hashtype = =3D SHA:SHA 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:352:get_ph1approvalx(): = authmethod =3D pre-shared key:pre-shared key 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:357:get_ph1approvalx(): dh_group = =3D 1024-bit MODP group:1024-bit MODP group 2001-03-22 23:25:30: DEBUG: ipsec_doi.c:379:get_ph1approvalx(): = acceptable proposal found. 2001-03-22 23:25:30: DEBUG: oakley.c:192:oakley_dh_compute(): compute = DH's shared. 2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20 a3ed27db 664a97c2 4fe1e42c 8d46e151 2c629ea3 121b9dcb cace5615 1ce0dd14 075a855c 59c8a7fa 318d617b f882df30 e116d1a4 764fa1b1 1f24db67 d4e584e0 6a81a240 6d0aad0a 717b85ae 5c4b745a 2e253dcb fca49331 32ca2875 8ddd89a0 eb9e3a6f c8a2621e 8b83e280 9dfc5fb6 b59dd78c 53c60f31 246c0028 22bd196e 2001-03-22 23:25:30: DEBUG: oakley.c:1924:oakley_skeyid(): psk found:=20 2001-03-22 23:25:30: DEBUG2: plog.c:204:plogdump():=20 70307440 374f7c74 75386f52 2001-03-22 23:25:30: DEBUG: oakley.c:1938:oakley_skeyid(): nonce 1:=20 2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20 b2dc8303 fd56bcea b3692603 e97bbc67 2001-03-22 23:25:30: DEBUG: oakley.c:1944:oakley_skeyid(): nonce 2:=20 2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20 f1333b59 71a73bcd 0713c4c3 9c95a95b b620874b 2001-03-22 23:25:30: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:30: DEBUG: oakley.c:1997:oakley_skeyid(): SKEYID = computed:=20 2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20 8c4c8cbd fe2ec58a bf00691d 12ac2d46 fe17ad23 2001-03-22 23:25:30: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:30: DEBUG: oakley.c:2054:oakley_skeyid_dae(): SKEYID_d = computed:=20 2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20 9972de5d fc10dfcf 84b67d32 4317dfea c097ae10 2001-03-22 23:25:30: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:30: DEBUG: oakley.c:2083:oakley_skeyid_dae(): SKEYID_a = computed:=20 2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20 57ecffd6 3ecec4ee a1f677a5 359ae4cb db1820ff 2001-03-22 23:25:30: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:30: DEBUG: oakley.c:2112:oakley_skeyid_dae(): SKEYID_e = computed:=20 2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20 3c8c8641 5b5c74eb e7b4bb2f a0181c38 86fb2b41 2001-03-22 23:25:30: DEBUG: oakley.c:2207:oakley_compute_enckey(): = len(SKEYID_e) < len(Ka) (20 < 24), generating long key (Ka =3D K1 | K2 | = ...) 2001-03-22 23:25:30: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:30: DEBUG: oakley.c:2232:oakley_compute_enckey(): = compute intermediate cipher key K1 2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20 00 2001-03-22 23:25:30: DEBUG: plog.c:204:plogdump():=20 1b149c9f 84d998f6 a7804081 8edd7279 8a581069 2001-03-22 23:25:31: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:31: DEBUG: oakley.c:2232:oakley_compute_enckey(): = compute intermediate cipher key K2 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 1b149c9f 84d998f6 a7804081 8edd7279 8a581069 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 80f0c89d bbc320e0 c38a45b9 f86dbb66 f9f4dc66 2001-03-22 23:25:31: DEBUG: oakley.c:2276:oakley_compute_enckey(): final = cipher key computed:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 1b149c9f 84d998f6 a7804081 8edd7279 8a581069 80f0c89d 2001-03-22 23:25:31: DEBUG: oakley.c:353:oakley_hash(): use sha1 to = calculate phase 1. 2001-03-22 23:25:31: DEBUG: oakley.c:2379:oakley_newiv(): IV computed:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 8745548b 6f31648e 2001-03-22 23:25:31: DEBUG: oakley.c:1123:oakley_validate_auth(): HASH = received: 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 10e89a7f 3b87ade3 09940bdf 75e18f13 85fc9844 2001-03-22 23:25:31: DEBUG: oakley.c:834:oakley_ph1hash_common(): HASH = with: 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 dcdf9439 0bfec643 be14eb51 7e18935e 3d98aed4 9065d511 4c09d332 279fbcbd 7cd528ae 39a5dc54 968386d4 f4e53aa0 646af999 345a7d64 79f4ceea e4b33d72 69f610a9 8cab284f a88415cf d0264063 130bf429 eced13ff 8b757247 d83e293a 6f91d177 295a96e7 d81079d0 054a1c18 4c51d75c 962ac9d6 ed3f0fbf b643912e 3abbb763 ed32b193 3641ee47 4fa1a2cd 8268de70 ed189da4 0fa51954 8943222c 11ecff2d 7e4daa36 c0fb7cab 6cb1534f 5147c51b c058a93c 0d03a7c5 f51baf2f e00b73e0 8426c854 fed128f9 cfdce559 b45bf58a c9f197ed a6c939e0 754ed305 1361a1c6 930b7ce1 355463a8 3205c538 f936eb02 8336fa11 0d2f00aa 2a0e6f33 16db15fd 70dfe9a6 22995282 a09bc7c6 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00093a80 80010005 80030001 80020002 80040002 01000000 cfe7963e 2001-03-22 23:25:31: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:31: DEBUG: oakley.c:844:oakley_ph1hash_common(): HASH = computed:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 10e89a7f 3b87ade3 09940bdf 75e18f13 85fc9844 2001-03-22 23:25:31: DEBUG: oakley.c:1154:oakley_validate_auth(): HASH = for PSK validated. 2001-03-22 23:25:31: DEBUG: isakmp.c:610:ph1_main(): =3D=3D=3D 2001-03-22 23:25:31: DEBUG: isakmp_agg.c:467:agg_i2send(): generate = HASH_I 2001-03-22 23:25:31: DEBUG: oakley.c:834:oakley_ph1hash_common(): HASH = with: 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 3abbb763 ed32b193 3641ee47 4fa1a2cd 8268de70 ed189da4 0fa51954 8943222c 11ecff2d 7e4daa36 c0fb7cab 6cb1534f 5147c51b c058a93c 0d03a7c5 f51baf2f e00b73e0 8426c854 fed128f9 cfdce559 b45bf58a c9f197ed a6c939e0 754ed305 1361a1c6 930b7ce1 355463a8 3205c538 f936eb02 8336fa11 0d2f00aa 2a0e6f33 dcdf9439 0bfec643 be14eb51 7e18935e 3d98aed4 9065d511 4c09d332 279fbcbd 7cd528ae 39a5dc54 968386d4 f4e53aa0 646af999 345a7d64 79f4ceea e4b33d72 69f610a9 8cab284f a88415cf d0264063 130bf429 eced13ff 8b757247 d83e293a 6f91d177 295a96e7 d81079d0 054a1c18 4c51d75c 962ac9d6 ed3f0fbf b643912e 22995282 a09bc7c6 16db15fd 70dfe9a6 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004 00093a80 80010005 80030001 80020002 80040002 011101f4 18835818 2001-03-22 23:25:31: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:31: DEBUG: oakley.c:844:oakley_ph1hash_common(): HASH = computed:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 0d3d1c79 11cb21d2 fca99343 f20f5d60 e69c3cbf 2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 20, next type 0 2001-03-22 23:25:31: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin. 25:31.122695 <FreeBSD_side>:500 -> <Firewall-1_side>:500: isakmp 1.0 = msgid 00000000: phase 1 ? agg: (hash: len=3D20) 2001-03-22 23:25:31: DEBUG: sockmisc.c:357:sendfromto(): sockname = <FreeBSD_side>[500] 2001-03-22 23:25:31: DEBUG: sockmisc.c:359:sendfromto(): send packet = from <FreeBSD_side>[500] 2001-03-22 23:25:31: DEBUG: sockmisc.c:361:sendfromto(): send packet to = <Firewall-1_side>[500] 2001-03-22 23:25:31: DEBUG: isakmp.c:1349:isakmp_send(): 1 times of 52 = bytes message will be sent. 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 22995282 a09bc7c6 16db15fd 70dfe9a6 08100400 00000000 00000034 00000018 0d3d1c79 11cb21d2 fca99343 f20f5d60 e69c3cbf 2001-03-22 23:25:31: DEBUG: oakley.c:2423:oakley_newiv2(): compute IV = for phase2 2001-03-22 23:25:31: DEBUG: oakley.c:2424:oakley_newiv2(): phase1 last = IV:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 8745548b 6f31648e eb02331e 2001-03-22 23:25:31: DEBUG: oakley.c:353:oakley_hash(): use sha1 to = calculate phase 1. 2001-03-22 23:25:31: DEBUG: oakley.c:2450:oakley_newiv2(): phase2 IV = computed:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 badfd429 5d0808ce 2001-03-22 23:25:31: DEBUG: oakley.c:715:oakley_compute_hash1(): HASH = with: 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 eb02331e 0000001c 00000001 01106002 22995282 a09bc7c6 16db15fd 70dfe9a6 2001-03-22 23:25:31: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:31: DEBUG: oakley.c:725:oakley_compute_hash1(): HASH = computed:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 9b7f9c68 25c93432 2d58d3d8 2d1727d1 9a096ca1 2001-03-22 23:25:31: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin. 25:31.259879 <FreeBSD_side>:500 -> <Firewall-1_side>:500: isakmp 1.0 = msgid eb02331e: phase 2/others ? inf: (hash: len=3D20) (n: doi=3Dipsec proto=3Disakmp type=3DINITIAL-CONTACT = spi=3D22995282a09bc7c616db15fd70dfe9a6) 2001-03-22 23:25:31: DEBUG: oakley.c:2610:oakley_do_encrypt(): begin = encryption. 2001-03-22 23:25:31: DEBUG: oakley.c:2617:oakley_do_encrypt(): pad = length =3D 4 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 0b000018 9b7f9c68 25c93432 2d58d3d8 2d1727d1 9a096ca1 0000001c 00000001 01106002 22995282 a09bc7c6 16db15fd 70dfe9a6 fb143203 2001-03-22 23:25:31: DEBUG: oakley.c:2652:oakley_do_encrypt(): = encrypt(3des). 2001-03-22 23:25:31: DEBUG: oakley.c:2655:oakley_do_encrypt(): with key: = 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 1b149c9f 84d998f6 a7804081 8edd7279 8a581069 80f0c89d 2001-03-22 23:25:31: DEBUG: oakley.c:2664:oakley_do_encrypt(): encrypted = payload by IV:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 d8afd2bf ea5e28f8 2001-03-22 23:25:31: DEBUG: oakley.c:2671:oakley_do_encrypt(): save IV = for next:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 d8afd2bf ea5e28f8 2001-03-22 23:25:31: DEBUG: oakley.c:2688:oakley_do_encrypt(): = encrypted. 2001-03-22 23:25:31: DEBUG: sockmisc.c:357:sendfromto(): sockname = <FreeBSD_side>[500] 2001-03-22 23:25:31: DEBUG: sockmisc.c:359:sendfromto(): send packet = from <FreeBSD_side>[500] 2001-03-22 23:25:31: DEBUG: sockmisc.c:361:sendfromto(): send packet to = <Firewall-1_side>[500] 2001-03-22 23:25:31: DEBUG: isakmp.c:1349:isakmp_send(): 1 times of 84 = bytes message will be sent. 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 22995282 a09bc7c6 16db15fd 70dfe9a6 08100501 eb02331e 00000054 9baebe0d 2ef3fb58 ed6da934 a3a038fc 05d5e7e1 c0f94ca6 a7cc5bba 42823420 37fddb70 e481f024 54e8316e 4b90ed6c d8afd2bf ea5e28f8 2001-03-22 23:25:31: DEBUG: isakmp_inf.c:633:isakmp_info_send_common(): = sendto Information notify. 2001-03-22 23:25:31: INFO: isakmp.c:2310:log_ph1established(): ISAKMP-SA = established <FreeBSD_side>[500]-<Firewall-1_side>[500] = spi:22995282a09bc7c6:16db15fd70dfe9a6 2001-03-22 23:25:31: DEBUG: isakmp.c:650:ph1_main(): =3D=3D=3D 2001-03-22 23:25:31: DEBUG: oakley.c:2423:oakley_newiv2(): compute IV = for phase2 2001-03-22 23:25:31: DEBUG: oakley.c:2424:oakley_newiv2(): phase1 last = IV:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 8745548b 6f31648e fedc407e 2001-03-22 23:25:31: DEBUG: oakley.c:353:oakley_hash(): use sha1 to = calculate phase 1. 2001-03-22 23:25:31: DEBUG: oakley.c:2450:oakley_newiv2(): phase2 IV = computed:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 88674500 12e13a95 2001-03-22 23:25:31: DEBUG: pfkey.c:827:pk_sendgetspi(): call = pfkey_send_getspi 2001-03-22 23:25:31: DEBUG: pfkey.c:840:pk_sendgetspi(): pfkey GETSPI = sent: ESP/Tunnel <Firewall-1_side>-><FreeBSD_side>=20 2001-03-22 23:25:31: DEBUG: isakmp_quick.c:128:quick_i1prep(): pfkey = getspi sent. 2001-03-22 23:25:31: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey = GETSPI message 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 02010003 0a000000 79000000 0e430000 02000100 01db2bb7 900081ab 02731b56 03000500 ff200000 10020000 cfe7963e 00000000 00000000 03000600 ff200000 10020000 18835818 00000000 00000000 2001-03-22 23:25:31: DEBUG: pfkey.c:901:pk_recvgetspi(): pfkey GETSPI = succeeded: ESP/Tunnel <Firewall-1_side>-><FreeBSD_side> = spi=3D31140791(0x1db2bb7) 2001-03-22 23:25:31: DEBUG: oakley.c:228:oakley_dh_generate(): compute = DH's private. 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 504fcfee cbf60ec7 09d50e9c f2baa268 d5de357b 07a6a461 3ecfc49e 85ae42b2 fc9e94a1 fee24bd6 bedd03b9 a73997ed 0ee23ce5 82f27a3f e4dd5da1 b70008b5 e23031c8 fb1a84be 765016cb 2e45046f 8703081e c2f8ee08 2ccc18d0 36bbb39b 6c3a6897 36e82141 ec17b148 fff83c31 32cd5cbc 9079cdfc 70e1aff5 4daefd0e 2001-03-22 23:25:31: DEBUG: oakley.c:230:oakley_dh_generate(): compute = DH's public. 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 16bf44b3 aae8dc27 b062499f 1052bb77 d2054d7f 9a527119 34a41236 94dc4360 293cafd4 99e9ea2c 37a31d61 72a85dbb a58240fb 79f6bfa0 39d0186e fc7b6f04 0671a96b 5f57714b afc5d99d 9f5d5d45 7d714b35 13401d6d c9233199 7c76fc40 721b4387 ab7af135 447f6168 ff36968c 58a0b654 f27f9ece a3f4106b e2aecbdf 2001-03-22 23:25:31: DEBUG: ipsec_doi.c:3280:ipsecdoi_setid2(): use = local ID type IPv4_subnet 2001-03-22 23:25:31: DEBUG: ipsec_doi.c:3320:ipsecdoi_setid2(): use = remote ID type IPv4_subnet 2001-03-22 23:25:31: DEBUG: isakmp_quick.c:199:quick_i1send(): IDci: 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 04000000 c0a80000 ffffff00 2001-03-22 23:25:31: DEBUG: isakmp_quick.c:201:quick_i1send(): IDcr: 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 04000000 c0a86400 ffffff00 2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 48, next type 10 2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 16, next type 4 2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 128, next type 5 2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 12, next type 5 2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 12, next type 0 2001-03-22 23:25:31: DEBUG: oakley.c:715:oakley_compute_hash1(): HASH = with: 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 fedc407e 0a000034 00000001 00000001 00000028 01030401 01db2bb7 0000001c 01030000 80010001 80020e10 80040001 80050002 80030002 04000014 e378c4ee 60866d1e b6b2a637 df2a76c1 05000084 16bf44b3 aae8dc27 b062499f 1052bb77 d2054d7f 9a527119 34a41236 94dc4360 293cafd4 99e9ea2c 37a31d61 72a85dbb a58240fb 79f6bfa0 39d0186e fc7b6f04 0671a96b 5f57714b afc5d99d 9f5d5d45 7d714b35 13401d6d c9233199 7c76fc40 721b4387 ab7af135 447f6168 ff36968c 58a0b654 f27f9ece a3f4106b e2aecbdf 05000010 04000000 c0a80000 ffffff00 00000010 04000000 c0a86400 ffffff00 2001-03-22 23:25:31: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:31: DEBUG: oakley.c:725:oakley_compute_hash1(): HASH = computed:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 10e3078a d3d3f443 791fbe65 a5869b2a 74dbcc6e 2001-03-22 23:25:31: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 20, next type 1 2001-03-22 23:25:31: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin. 25:31.946708 <FreeBSD_side>:500 -> <Firewall-1_side>:500: isakmp 1.0 = msgid fedc407e: phase 2/others ? oakley-quick: (hash: len=3D20) (sa: doi=3Dipsec situation=3Didentity (p: #1 protoid=3Dipsec-esp transform=3D1 spi=3D01db2bb7 (t: #1 id=3D3des (type=3Dlifetype value=3Dsec)(type=3Dlife = value=3D0e10)(type=3Denc mode value=3Dtunnel)(type=3Dauth = value=3Dhmac-sha1)(type=3Dgroup desc value=3Dmodp1024)))) (nonce: n len=3D16) (ke: key len=3D128) (id: idtype=3DIPv4net protoid=3D0 port=3D0 len=3D8 = 192.168.0.0/255.255.255.0) (id: idtype=3DIPv4net protoid=3D0 port=3D0 len=3D8 = 192.168.100.0/255.255.255.0) 2001-03-22 23:25:31: DEBUG: oakley.c:2610:oakley_do_encrypt(): begin = encryption. 2001-03-22 23:25:31: DEBUG: oakley.c:2617:oakley_do_encrypt(): pad = length =3D 4 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 01000018 10e3078a d3d3f443 791fbe65 a5869b2a 74dbcc6e 0a000034 00000001 00000001 00000028 01030401 01db2bb7 0000001c 01030000 80010001 80020e10 80040001 80050002 80030002 04000014 e378c4ee 60866d1e b6b2a637 df2a76c1 05000084 16bf44b3 aae8dc27 b062499f 1052bb77 d2054d7f 9a527119 34a41236 94dc4360 293cafd4 99e9ea2c 37a31d61 72a85dbb a58240fb 79f6bfa0 39d0186e fc7b6f04 0671a96b 5f57714b afc5d99d 9f5d5d45 7d714b35 13401d6d c9233199 7c76fc40 721b4387 ab7af135 447f6168 ff36968c 58a0b654 f27f9ece a3f4106b e2aecbdf 05000010 04000000 c0a80000 ffffff00 00000010 04000000 c0a86400 ffffff00 62938003 2001-03-22 23:25:31: DEBUG: oakley.c:2652:oakley_do_encrypt(): = encrypt(3des). 2001-03-22 23:25:31: DEBUG: oakley.c:2655:oakley_do_encrypt(): with key: = 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 1b149c9f 84d998f6 a7804081 8edd7279 8a581069 80f0c89d 2001-03-22 23:25:31: DEBUG: oakley.c:2664:oakley_do_encrypt(): encrypted = payload by IV:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 18c09f52 7ef0ab45 2001-03-22 23:25:31: DEBUG: oakley.c:2671:oakley_do_encrypt(): save IV = for next:=20 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 18c09f52 7ef0ab45 2001-03-22 23:25:31: DEBUG: oakley.c:2688:oakley_do_encrypt(): = encrypted. 2001-03-22 23:25:31: DEBUG: sockmisc.c:357:sendfromto(): sockname = <FreeBSD_side>[500] 2001-03-22 23:25:31: DEBUG: sockmisc.c:359:sendfromto(): send packet = from <FreeBSD_side>[500] 2001-03-22 23:25:31: DEBUG: sockmisc.c:361:sendfromto(): send packet to = <Firewall-1_side>[500] 2001-03-22 23:25:31: DEBUG: isakmp.c:1349:isakmp_send(): 1 times of 292 = bytes message will be sent. 2001-03-22 23:25:31: DEBUG: plog.c:204:plogdump():=20 22995282 a09bc7c6 16db15fd 70dfe9a6 08102001 fedc407e 00000124 e153dae5 17d72111 7f83c519 dd8dc039 7dc3dd4f 6387456f 301d5f81 fb3c6a98 2cd470cb a128f947 c949b45d aa239f91 91ecc2b6 811b84db 907d926d bdc03341 a3b06710 3a6cdef4 67291e88 9bc5f8e4 b88785b9 b3b7c599 c1758a06 9fc43839 d1a42a3f f50d24ab 5d8e343a d77f2fe5 080e4892 59461cab 3d832fb1 617c1dcc 680dd502 fa5377b4 a53f66e7 fc886f77 81ed931f 4102f9dc 5c670d94 b6231cfb 630373ea 0db84013 383987b7 454836cf 8b17c68d c4961631 0179a378 0318a084 9c03510f b8697a3f fde03c7e ee10355c 6a2864bf 21de233a 3836b94c 012a253e e6c2356b 31831e73 7730fb43 d84cf64e 1b4b5bf5 72c233ed 16d1fbf3 2aab5134 18c09f52 7ef0ab45 2001-03-22 23:25:32: DEBUG: isakmp.c:232:isakmp_handler(): =3D=3D=3D 2001-03-22 23:25:32: DEBUG: isakmp.c:233:isakmp_handler(): 300 bytes = message received from <Firewall-1_side>[500] 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 22995282 a09bc7c6 16db15fd 70dfe9a6 08102001 fedc407e 0000012c 6a63ccf0 ee8fbf2a 90f95160 27feb56c 0fa41090 3d10c638 4c7433ff d9782e85 a6efcab5 3468be11 122980c4 a3bc077d 977db81c 8347d6ff 1bc1f32d f6c02a05 78b58152 b65fbdb3 ea659151 f83c348e 0d116a6d 8425a261 b27722fe 064e0593 1b367fe4 5d2bc330 53bd2869 e6124233 f8fe89f0 172d5e36 67eaa05a c803e619 17546e25 7b9cdc98 f7cda610 bccae8ef fb906ed6 551c989c 4339cdee d8d77ea6 b8cf979e 4aab2d18 60151ce4 867e43d8 f2e01f09 777ec7b9 79cd129e e480a849 487ccb9a a80efd09 860deb9a 6769057f 20e1b24f 7384e5c0 3b16b5a2 eafc0833 e447ccab 940a6703 8e189c26 69cfb093 91eaf531 66dd0992 2950098f a5056185 1e0be3e0 b9aa96ed 32bb3fa1 c745c399 2001-03-22 23:25:32: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin. 25:32.198778 <Firewall-1_side>:500 -> <FreeBSD_side>:500: isakmp 1.0 = msgid fedc407e: phase 2/others ? oakley-quick[E]: [|hash] 2001-03-22 23:25:32: DEBUG: oakley.c:2492:oakley_do_decrypt(): begin = decryption. 2001-03-22 23:25:32: DEBUG: oakley.c:2498:oakley_do_decrypt(): IV was = saved for next processing:=20 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 32bb3fa1 c745c399 2001-03-22 23:25:32: DEBUG: oakley.c:2523:oakley_do_decrypt(): = decrypt(3des) 2001-03-22 23:25:32: DEBUG: oakley.c:2526:oakley_do_decrypt(): with key: = 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 1b149c9f 84d998f6 a7804081 8edd7279 8a581069 80f0c89d 2001-03-22 23:25:32: DEBUG: oakley.c:2535:oakley_do_decrypt(): decrypted = payload by IV:=20 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 32bb3fa1 c745c399 2001-03-22 23:25:32: DEBUG: oakley.c:2538:oakley_do_decrypt(): decrypted = payload, but not trimed. 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 01000018 b1cee678 6746eb92 b0336373 ab764011 c79eb892 0a000034 00000001 00000001 00000028 01030401 59135eab 0000001c 01030000 80010001 80020e10 80040001 80050002 80030002 04000018 f74c1189 a7ebf39f 8bd6a8a0 5e553ec4 ef686e05 05000084 89a4d7a3 bb18aa20 453f8924 4e704558 aa4253f2 8f063030 985850c1 cce74341 d3b26267 6dcdb66b a5ce4a2c 36e6586c 361b97cc 3be4c9a2 9db494ee 350438d6 f5d5d44c e846f26b 7018b5a7 d51f6a7c 4eb9aee2 0dbd9620 ed42c65f c02a1f7e 1069c0aa be92cbff d780312e f540f265 0d1346a0 b461c6d2 ca8d2086 6411fbb6 05000010 04000000 c0a80000 ffffff00 00000010 04000000 c0a86400 ffffff00 00000000 00000007 2001-03-22 23:25:32: DEBUG: oakley.c:2547:oakley_do_decrypt(): padding = len=3D8 2001-03-22 23:25:32: DEBUG: oakley.c:2561:oakley_do_decrypt(): skip to = trim padding. 2001-03-22 23:25:32: DEBUG: oakley.c:2576:oakley_do_decrypt(): = decrypted. 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 22995282 a09bc7c6 16db15fd 70dfe9a6 08102001 fedc407e 0000012c 01000018 b1cee678 6746eb92 b0336373 ab764011 c79eb892 0a000034 00000001 00000001 00000028 01030401 59135eab 0000001c 01030000 80010001 80020e10 80040001 80050002 80030002 04000018 f74c1189 a7ebf39f 8bd6a8a0 5e553ec4 ef686e05 05000084 89a4d7a3 bb18aa20 453f8924 4e704558 aa4253f2 8f063030 985850c1 cce74341 d3b26267 6dcdb66b a5ce4a2c 36e6586c 361b97cc 3be4c9a2 9db494ee 350438d6 f5d5d44c e846f26b 7018b5a7 d51f6a7c 4eb9aee2 0dbd9620 ed42c65f c02a1f7e 1069c0aa be92cbff d780312e f540f265 0d1346a0 b461c6d2 ca8d2086 6411fbb6 05000010 04000000 c0a80000 ffffff00 00000010 04000000 c0a86400 ffffff00 00000000 00000007 2001-03-22 23:25:32: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin. 25:32.213763 <Firewall-1_side>:500 -> <FreeBSD_side>:500: isakmp 1.0 = msgid fedc407e: phase 2/others ? oakley-quick: (hash: len=3D20) (sa: doi=3Dipsec situation=3Didentity (p: #1 protoid=3Dipsec-esp transform=3D1 spi=3D59135eab (t: #1 id=3D3des (type=3Dlifetype value=3Dsec)(type=3Dlife = value=3D0e10)(type=3Denc mode value=3Dtunnel)(type=3Dauth = value=3Dhmac-sha1)(type=3Dgroup desc value=3Dmodp1024)))) (nonce: n len=3D20) (ke: key len=3D128) (id: idtype=3DIPv4net protoid=3D0 port=3D0 len=3D8 = 192.168.0.0/255.255.255.0) (id: idtype=3DIPv4net protoid=3D0 port=3D0 len=3D8 = 192.168.100.0/255.255.255.0) 2001-03-22 23:25:32: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin. 2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D8(hash) 2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D1(sa) 2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D10(nonce) 2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D4(ke) 2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D5(id) 2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D5(id) 2001-03-22 23:25:32: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed. 2001-03-22 23:25:32: DEBUG: isakmp_quick.c:464:quick_i2recv(): HASH = allocated:hbuf->l=3D288 actual:tlen=3D256 2001-03-22 23:25:32: DEBUG: isakmp_quick.c:478:quick_i2recv(): HASH(2) = received: 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 b1cee678 6746eb92 b0336373 ab764011 c79eb892 2001-03-22 23:25:32: DEBUG: oakley.c:715:oakley_compute_hash1(): HASH = with: 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 fedc407e e378c4ee 60866d1e b6b2a637 df2a76c1 0a000034 00000001 00000001 00000028 01030401 59135eab 0000001c 01030000 80010001 80020e10 80040001 80050002 80030002 04000018 f74c1189 a7ebf39f 8bd6a8a0 5e553ec4 ef686e05 05000084 89a4d7a3 bb18aa20 453f8924 4e704558 aa4253f2 8f063030 985850c1 cce74341 d3b26267 6dcdb66b a5ce4a2c 36e6586c 361b97cc 3be4c9a2 9db494ee 350438d6 f5d5d44c e846f26b 7018b5a7 d51f6a7c 4eb9aee2 0dbd9620 ed42c65f c02a1f7e 1069c0aa be92cbff d780312e f540f265 0d1346a0 b461c6d2 ca8d2086 6411fbb6 05000010 04000000 c0a80000 ffffff00 00000010 04000000 c0a86400 ffffff00 2001-03-22 23:25:32: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:32: DEBUG: oakley.c:725:oakley_compute_hash1(): HASH = computed:=20 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 b1cee678 6746eb92 b0336373 ab764011 c79eb892 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1055:get_proppair(): total SA = len=3D48 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 00000001 00000001 00000028 01030401 01db2bb7 0000001c 01030000 80010001 80020e10 80040001 80050002 80030002 2001-03-22 23:25:32: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin. 2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D2(prop) 2001-03-22 23:25:32: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed. 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1108:get_proppair(): proposal #1 = len=3D40 2001-03-22 23:25:32: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin. 2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D3(trns) 2001-03-22 23:25:32: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed. 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1249:get_transform(): transform = #1 len=3D28 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): = type=3DSA Life Type, flag=3D0x8000, lorv=3Dseconds 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): = type=3DSA Life Duration, flag=3D0x8000, lorv=3D3600 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2128:check_attr_ipsec(): life = duration was in TLV. 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): = type=3DEncription Mode, flag=3D0x8000, lorv=3DTunnel 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): = type=3DAuthentication Algorithm, flag=3D0x8000, lorv=3D2 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): = type=3DGroup Description, flag=3D0x8000, lorv=3D2 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1151:get_proppair(): pair 1: 2001-03-22 23:25:32: DEBUG: proposal.c:880:print_proppair0(): = 0x80ae3e0: next=3D0x0 tnext=3D0x0 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1186:get_proppair(): proposal = #1: 1 transform 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1055:get_proppair(): total SA = len=3D48 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 00000001 00000001 00000028 01030401 59135eab 0000001c 01030000 80010001 80020e10 80040001 80050002 80030002 2001-03-22 23:25:32: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin. 2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D2(prop) 2001-03-22 23:25:32: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed. 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1108:get_proppair(): proposal #1 = len=3D40 2001-03-22 23:25:32: DEBUG: isakmp.c:1023:isakmp_parsewoh(): begin. 2001-03-22 23:25:32: DEBUG: isakmp.c:1050:isakmp_parsewoh(): seen = nptype=3D3(trns) 2001-03-22 23:25:32: DEBUG: isakmp.c:1088:isakmp_parsewoh(): succeed. 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1249:get_transform(): transform = #1 len=3D28 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): = type=3DSA Life Type, flag=3D0x8000, lorv=3Dseconds 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): = type=3DSA Life Duration, flag=3D0x8000, lorv=3D3600 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2128:check_attr_ipsec(): life = duration was in TLV. 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): = type=3DEncription Mode, flag=3D0x8000, lorv=3DTunnel 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): = type=3DAuthentication Algorithm, flag=3D0x8000, lorv=3D2 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:2040:check_attr_ipsec(): = type=3DGroup Description, flag=3D0x8000, lorv=3D2 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1151:get_proppair(): pair 1: 2001-03-22 23:25:32: DEBUG: proposal.c:880:print_proppair0(): = 0x80ae3f0: next=3D0x0 tnext=3D0x0 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:1186:get_proppair(): proposal = #1: 1 transform 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:890:get_ph2approval(): begin = compare proposals. 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:896:get_ph2approval(): pair[1]: = 0x80ae3f0 2001-03-22 23:25:32: DEBUG: proposal.c:880:print_proppair0(): = 0x80ae3f0: next=3D0x0 tnext=3D0x0 2001-03-22 23:25:32: DEBUG: proposal.c:681:aproppair2saprop(): prop#=3D1 = prot-id=3DESP spi-size=3D4 #trns=3D1 trns#=3D1 trns-id=3D3DES 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:3597:ipsecdoi_t2satrns(): = type=3DSA Life Type, flag=3D0x8000, lorv=3Dseconds 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:3597:ipsecdoi_t2satrns(): = type=3DSA Life Duration, flag=3D0x8000, lorv=3D3600 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:3597:ipsecdoi_t2satrns(): = type=3DEncription Mode, flag=3D0x8000, lorv=3DTunnel 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:3597:ipsecdoi_t2satrns(): = type=3DAuthentication Algorithm, flag=3D0x8000, lorv=3D2 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:3597:ipsecdoi_t2satrns(): = type=3DGroup Description, flag=3D0x8000, lorv=3D2 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:932:get_ph2approvalx(): peer's = single bundle: 2001-03-22 23:25:32: DEBUG: proposal.c:813:printsaproto(): = (proto_id=3DESP spisize=3D4 spi=3D59135eab spi_p=3D00000000 = encmode=3DTunnel reqid=3D0:0) 2001-03-22 23:25:32: DEBUG: proposal.c:847:printsatrns(): = (trns_id=3D3DES encklen=3D0 authtype=3D2) 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:935:get_ph2approvalx(): my = single bundle: 2001-03-22 23:25:32: DEBUG: proposal.c:813:printsaproto(): = (proto_id=3DESP spisize=3D4 spi=3D01db2bb7 spi_p=3D00000000 = encmode=3DTunnel reqid=3D0:0) 2001-03-22 23:25:32: DEBUG: proposal.c:847:printsatrns(): = (trns_id=3D3DES encklen=3D0 authtype=3D2) 2001-03-22 23:25:32: DEBUG: ipsec_doi.c:953:get_ph2approvalx(): matched 2001-03-22 23:25:32: DEBUG: isakmp.c:714:quick_main(): =3D=3D=3D 2001-03-22 23:25:32: DEBUG: isakmp_quick.c:552:quick_i2send(): HASH(3) = generate 2001-03-22 23:25:32: DEBUG: oakley.c:659:oakley_compute_hash3(): HASH = with:=20 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 00fedc40 7ee378c4 ee60866d 1eb6b2a6 37df2a76 c1f74c11 89a7ebf3 9f8bd6a8 a05e553e c4ef686e 05 2001-03-22 23:25:32: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:32: DEBUG: oakley.c:669:oakley_compute_hash3(): HASH = computed:=20 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 a85f03ba 9e9bc01f a08e71bb 016e8682 703985cb 2001-03-22 23:25:32: DEBUG: isakmp.c:2012:set_isakmp_payload(): add = payload of len 20, next type 0 2001-03-22 23:25:32: DEBUG: isakmp.c:2147:isakmp_printpacket(): begin. 25:32.940767 <FreeBSD_side>:500 -> <Firewall-1_side>:500: isakmp 1.0 = msgid fedc407e: phase 2/others ? oakley-quick: (hash: len=3D20) 2001-03-22 23:25:32: DEBUG: oakley.c:2610:oakley_do_encrypt(): begin = encryption. 2001-03-22 23:25:32: DEBUG: oakley.c:2617:oakley_do_encrypt(): pad = length =3D 8 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 00000018 a85f03ba 9e9bc01f a08e71bb 016e8682 703985cb 8ab45b6c 21b95207 2001-03-22 23:25:32: DEBUG: oakley.c:2652:oakley_do_encrypt(): = encrypt(3des). 2001-03-22 23:25:32: DEBUG: oakley.c:2655:oakley_do_encrypt(): with key: = 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 1b149c9f 84d998f6 a7804081 8edd7279 8a581069 80f0c89d 2001-03-22 23:25:32: DEBUG: oakley.c:2664:oakley_do_encrypt(): encrypted = payload by IV:=20 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 e0d1b6a9 1989a7fc 2001-03-22 23:25:32: DEBUG: oakley.c:2671:oakley_do_encrypt(): save IV = for next:=20 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 e0d1b6a9 1989a7fc 2001-03-22 23:25:32: DEBUG: oakley.c:2688:oakley_do_encrypt(): = encrypted. 2001-03-22 23:25:32: DEBUG: sockmisc.c:357:sendfromto(): sockname = <FreeBSD_side>[500] 2001-03-22 23:25:32: DEBUG: sockmisc.c:359:sendfromto(): send packet = from <FreeBSD_side>[500] 2001-03-22 23:25:32: DEBUG: sockmisc.c:361:sendfromto(): send packet to = <Firewall-1_side>[500] 2001-03-22 23:25:32: DEBUG: isakmp.c:1349:isakmp_send(): 1 times of 60 = bytes message will be sent. 2001-03-22 23:25:32: DEBUG: plog.c:204:plogdump():=20 22995282 a09bc7c6 16db15fd 70dfe9a6 08102001 fedc407e 0000003c 29daac41 47d1c791 d2eabf71 2af93469 c54ce561 cf852e78 e0d1b6a9 1989a7fc 2001-03-22 23:25:33: DEBUG: oakley.c:192:oakley_dh_compute(): compute = DH's shared. 2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20 1cbbadae ac593cb5 86648589 9b444988 7ad70df1 b667ef98 7173e6ec f93d7204 3bcb4598 5d8a6a9f ded51437 5803801f 85b6ca63 590d3625 4239f2ac c9685215 6adebf24 39685dc2 9dc98f4d fa897f10 7d394e6d 9cfc9ced ba9c3d91 ff818be1 66612eb5 6ef3f008 bd5009b0 8e80bc1a 5918b8a6 63155c9a 656bfc12 e7eab712 2001-03-22 23:25:33: DEBUG: oakley.c:462:oakley_compute_keymat_x(): = KEYMAT compute with 2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20 1cbbadae ac593cb5 86648589 9b444988 7ad70df1 b667ef98 7173e6ec f93d7204 3bcb4598 5d8a6a9f ded51437 5803801f 85b6ca63 590d3625 4239f2ac c9685215 6adebf24 39685dc2 9dc98f4d fa897f10 7d394e6d 9cfc9ced ba9c3d91 ff818be1 66612eb5 6ef3f008 bd5009b0 8e80bc1a 5918b8a6 63155c9a 656bfc12 e7eab712 0301db2b b7e378c4 ee60866d 1eb6b2a6 37df2a76 c1f74c11 89a7ebf3 9f8bd6a8 a05e553e c4ef686e 05 2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:33: DEBUG: oakley.c:475:oakley_compute_keymat_x(): = dupkeymat=3D3 2001-03-22 23:25:33: DEBUG: oakley.c:491:oakley_compute_keymat_x(): = generating K1...K3 for KEYMAT. 2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20 8b715bc0 e0fb5459 d0a64fb1 96913db4 e05741ef f406193f 91ae0f13 d8fab440 359b661a e2cf4a33 80228851 62922c67 5c3318cc 5e91ef88 54fab45d 2001-03-22 23:25:33: DEBUG: oakley.c:462:oakley_compute_keymat_x(): = KEYMAT compute with 2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20 1cbbadae ac593cb5 86648589 9b444988 7ad70df1 b667ef98 7173e6ec f93d7204 3bcb4598 5d8a6a9f ded51437 5803801f 85b6ca63 590d3625 4239f2ac c9685215 6adebf24 39685dc2 9dc98f4d fa897f10 7d394e6d 9cfc9ced ba9c3d91 ff818be1 66612eb5 6ef3f008 bd5009b0 8e80bc1a 5918b8a6 63155c9a 656bfc12 e7eab712 0359135e abe378c4 ee60866d 1eb6b2a6 37df2a76 c1f74c11 89a7ebf3 9f8bd6a8 a05e553e c4ef686e 05 2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:33: DEBUG: oakley.c:475:oakley_compute_keymat_x(): = dupkeymat=3D3 2001-03-22 23:25:33: DEBUG: oakley.c:491:oakley_compute_keymat_x(): = generating K1...K3 for KEYMAT. 2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:33: DEBUG: oakley.c:310:oakley_prf(): hmac-sha1 used. 2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20 b5d31f90 38a5c659 02fc7ada c18e3a2e dc37dc29 5c7d32e7 0cef6657 47dee168 cec75ffc c69b4d24 35011e73 e91d6506 683e35e0 198070c2 5debff94 2001-03-22 23:25:33: DEBUG: oakley.c:392:oakley_compute_keymat(): KEYMAT = computed. 2001-03-22 23:25:33: DEBUG: isakmp_quick.c:623:quick_i2send(): call = pk_sendupdate 2001-03-22 23:25:33: DEBUG: pfkey.c:988:pk_sendupdate(): call = pfkey_send_update 2001-03-22 23:25:33: DEBUG: isakmp_quick.c:628:quick_i2send(): pfkey = update sent. 2001-03-22 23:25:33: DEBUG: pfkey.c:1203:pk_sendadd(): call = pfkey_send_add 2001-03-22 23:25:33: DEBUG: isakmp_quick.c:635:quick_i2send(): pfkey add = sent. 2001-03-22 23:25:33: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey = UPDATE message 2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20 02020003 1c000000 79000000 0e430000 02000100 01db2bb7 04000303 00000000 02001300 02000000 00000000 00000000 03000500 ff200000 10020000 cfe7963e 00000000 00000000 03000600 ff200000 10020000 18835818 00000000 00000000 04000900 c0000000 8b715bc0 e0fb5459 d0a64fb1 96913db4 e05741ef f406193f 04000800 a0000000 91ae0f13 d8fab440 359b661a e2cf4a33 80228851 00000000 04000300 00000000 00000000 00000000 100e0000 00000000 00000000 00000000 04000400 00000000 00000000 00000000 400b0000 00000000 00000000 00000000 2001-03-22 23:25:33: DEBUG: pfkey.c:1108:pk_recvupdate(): pfkey UPDATE = succeeded: ESP/Tunnel <Firewall-1_side>-><FreeBSD_side> = spi=3D31140791(0x1db2bb7) 2001-03-22 23:25:33: INFO: pfkey.c:1115:pk_recvupdate(): IPsec-SA = established: ESP/Tunnel <Firewall-1_side>-><FreeBSD_side> = spi=3D31140791(0x1db2bb7) 2001-03-22 23:25:33: DEBUG: pfkey.c:1147:pk_recvupdate(): =3D=3D=3D 2001-03-22 23:25:33: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey ADD = message 2001-03-22 23:25:33: DEBUG: plog.c:204:plogdump():=20 02031603 1c000000 79000000 0e430000 02000100 59135eab 04000303 00000000 02001300 02000000 00000000 00000000 03000500 ff200000 10020000 18835818 00000000 00000000 03000600 ff200000 10020000 cfe7963e 00000000 00000000 04000900 c0000000 b5d31f90 38a5c659 02fc7ada c18e3a2e dc37dc29 5c7d32e7 04000800 a0000000 0cef6657 47dee168 cec75ffc c69b4d24 35011e73 00000000 04000300 00000000 00000000 00000000 100e0000 00000000 00000000 00000000 04000400 00000000 00000000 00000000 400b0000 00000000 00000000 00000000 2001-03-22 23:25:33: ERROR: pfkey.c:207:pfkey_handler(): pfkey ADD = failed Invalid argument ------=_NextPart_000_05AB_01C0B3F4.339FD9C0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?05ae01c0b41e$1f82ac90$0200a8c0>