Date: Wed, 20 Jun 2001 16:42:59 +0200 From: "Tim Ehrhart (ELN)" <Tim.Ehrhart@eln.ericsson.se> To: FreeBSD-Stable <freebsd-stable@FreeBSD.ORG> Subject: IPsec + IKE (racoon) problems Message-ID: <7BA41B5547CCD411833B0002A52CD457F37451@enlrynt306.etm.ericsson.se>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hello all, I've successful in getting IPsec with v4 & v6 with ah, esp, ah+esp using MANUAL key running. I'm now trying to switch over to racoon. I've followed instructions from various place on the net. I load only SPD into kernel with setkey (see rc.ipsec attachment). Have a very simple psk.txt with v4 & v6 addresses of both hosts (see psk.txt attachment) along with an almost unmodifed racoon.conf file, which I've included. What seems to happen is this: phase 1 (remote) negotiation is not completing before it wants to start phase2 (sainfo) part. Keys are not generated and things don't get worked out. I've included some output from /var/log/racoon.log. <<rc.ipsec.txt>> <<psk.txt>> <<racoon.conf.txt>> <<racoon.log.txt>> Would someone (who's done this already?) be willing to look at my files and output to give me a clue how to get things in sync? Thanx, Tim Tim Ehrhart Systems Engineer Ericsson EuroLabs Netherlands b.v. P.O. Box 8, 5120 AA Rijen The Netherlands Tel. +31 161 247327, Fax. +31 161 249912, GSM. +31 6 53720881 E-mail: Tim.Ehrhart@eln.ericsson.se, Internet: http://www.ericsson.nl/ [-- Attachment #2 --] #!/bin/sh # $Id: rc.ipsec,v 1.3 2001/06/19 11:06:39 root Exp $ # # $Log: rc.ipsec,v $ # Revision 1.3 2001/06/19 11:06:39 root # working version for v4 & v6 AH+ESP from lab3v[46] to lab5v[46] # experimental for v6 AH+ESP from lab3v6 to tina55v6 # # Revision 1.2 2001/06/15 13:23:27 root # removed hardcoded address lines on spdadd type/mode//require lines # # Revision 1.1 2001/06/15 13:16:44 root # Initial revision # # # These commands need to be run on node A # The next 2 lines delete all existing entries from the SPD and SAD setkey -FP setkey -F # Add the policy setkey -c << EOF ##################################################### # # lab3v4 -> lab5v4 outgoing ah+esp spdadd 195.169.102.69/32 195.169.102.71/32 any -P out ipsec esp/transport//require ah/transport//require ; # # lab5v4 -> lab3v4 incoming ah+esp spdadd 195.169.102.71/32 195.169.102.69/32 any -P in ipsec esp/transport//require ah/transport//require ; # # lab3v6 -> lab5v6 outgoing ah+esp spdadd 2001:610:1408:210:210:4bff:fe06:26bf/128 2001:610:1408:210:210:60ff:fe7e:83f9/128 any -P out ipsec esp/transport//require ah/transport//require ; # # lab5v6 -> lab3v6 incoming ah+esp spdadd 2001:610:1408:210:210:60ff:fe7e:83f9/128 2001:610:1408:210:210:4bff:fe06:26bf/128 any -P in ipsec esp/transport//require ah/transport//require ; EOF [-- Attachment #3 --] 195.69.102.69 thisisatest 195.69.102.71 thisisatest 2001:610:1408:210:210:4bff:fe06:26bf thisisatest 2001:610:1408:210:210:60ff:fe7e:83f9 thisisatest [-- Attachment #4 --] # $KAME: racoon.conf.in,v 1.16 2000/12/17 21:17:53 sakane Exp $ # "path" must be placed before it should be used. # You can overwrite which you defined, but it should not use due to confusing. path include "/usr/local/etc/racoon" ; #include "remote.conf" ; # search this file for pre_shared_key with various ID key. path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; # racoon will look for certificate file in the directory, # if the certificate/certificate request payload is received. path certificate "/usr/local/etc/cert" ; # "log" specifies logging level. It is followed by either "notify", "debug" # or "debug2". log notify; # "padding" defines some parameter of padding. You should not touch these. padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } # if no listen directive is specified, racoon will listen to all # available interface addresses. listen { #isakmp ::1 [7000]; #isakmp 202.249.11.124 [500]; #admin [7002]; # administrative's port by kmpstat. #strict_address; # required all addresses must be bound. } # Specification of default various timer. timer { # These value can be changed per remote node. counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per a send. # timer for waiting to complete each phase. phase1 30 sec; phase2 15 sec; } remote anonymous { #exchange_mode main,aggressive; exchange_mode aggressive,main,base; #doi ipsec_doi; #situation identity_only; #my_identifier address; #my_identifier user_fqdn "sakane@kame.net"; #peers_identifier user_fqdn "sakane@kame.net"; #certificate_type x509 "mycert" "mypriv"; #nonce_size 16; lifetime time 24 hour; # sec,min,hour #lifetime byte 5 MB; # B,KB,GB #initial_contact on; #support_mip6 on; #proposal_check obey; # obey, strict or claim proposal { encryption_algorithm des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } remote ::1 [8000] { #exchange_mode main,aggressive; exchange_mode aggressive,main; doi ipsec_doi; situation identity_only; my_identifier user_fqdn "sakane@kame.net"; peers_identifier user_fqdn "sakane@kame.net"; #certificate_type x509 "mycert" "mypriv"; nonce_size 16; lifetime time 1 min; # sec,min,hour lifetime byte 5 MB; # B,KB,GB proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 3600 sec; lifetime byte 50000 KB; encryption_algorithm des ; authentication_algorithm hmac_md5; compression_algorithm deflate ; } sainfo address 203.178.141.209 any address 203.178.141.218 any { pfs_group 1; lifetime time 30 sec; lifetime byte 5000 KB; encryption_algorithm des ; authentication_algorithm hmac_md5; compression_algorithm deflate ; } sainfo address ::1 icmp6 address ::1 icmp6 { pfs_group 1; lifetime time 60 sec; lifetime byte 5000 KB; encryption_algorithm 3des, cast128, blowfish, des ; authentication_algorithm hmac_sha1, hmac_md5 ; compression_algorithm deflate ; } [-- Attachment #5 --] 2001-06-20 13:36:04: INFO: main.c:146:main(): @(#)racoon 20001216 sakane@ydc.co.jp 2001-06-20 13:36:04: INFO: main.c:147:main(): @(#)This product linked software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/) 2001-06-20 13:36:04: DEBUG: pfkey.c:377:pfkey_init(): call pfkey_send_register for AH 2001-06-20 13:36:04: DEBUG: pfkey.c:377:pfkey_init(): call pfkey_send_register for ESP 2001-06-20 13:36:04: DEBUG: pfkey.c:377:pfkey_init(): call pfkey_send_register for IPCOMP 2001-06-20 13:36:04: WARNING: cftoken.l:498:yywarn(): /usr/local/etc/racoon/racoon.conf:65: "MB" the lifetime of bytes in phase 1 will be ignored at the moment. 2001-06-20 13:36:04: WARNING: cftoken.l:498:yywarn(): /usr/local/etc/racoon/racoon.conf:91: "MB" the lifetime of bytes in phase 1 will be ignored at the moment. 2001-06-20 13:36:04: WARNING: pfkey.c:1949:pk_checkalg(): compression algorithm can not be checked. 2001-06-20 13:36:04: WARNING: pfkey.c:1949:pk_checkalg(): compression algorithm can not be checked. 2001-06-20 13:36:04: DEBUG: sainfo.c:98:getsainfo(): anonymous sainfo selected. 2001-06-20 13:36:04: WARNING: pfkey.c:1949:pk_checkalg(): compression algorithm can not be checked. 2001-06-20 13:36:04: DEBUG: sainfo.c:98:getsainfo(): anonymous sainfo selected. 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my interface: 195.169.102.69 (xl0) 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my interface: fe80::210:4bff:fe06:26bf%xl0 (xl0) 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my interface: 2001:610:1408:210:210:4bff:fe06:26bf (xl0) 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my interface: fe80::1%lo0 (lo0) 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my interface: ::1 (lo0) 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my interface: 127.0.0.1 (lo0) 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:476:autoconf_myaddrsport(): configuring default isakmp port. 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:498:autoconf_myaddrsport(): 6 addrs are configured successfully 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=5) 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): ::1[500] used as isakmp port (fd=6) 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): fe80::1%lo0[500] used as isakmp port (fd=7) 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): 2001:610:1408:210:210:4bff:fe06:26bf[500] used as isakmp port (fd=8) 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): fe80::210:4bff:fe06:26bf%xl0[500] used as isakmp port (fd=9) 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): 195.169.102.69[500] used as isakmp port (fd=10) 2001-06-20 13:36:04: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey X_SPDDUMP message 2001-06-20 13:36:04: DEBUG: plog.c:205:plogdump(): 02120000 0f000100 01000000 d9020000 05000500 ff800000 1c1c0000 00000000 20010610 14080210 021060ff fe7e83f9 00000000 00000000 05000600 ff800000 1c1c0000 00000000 20010610 14080210 02104bff fe0626bf 00000000 00000000 03001200 02000100 05000000 00000000 08003300 01020000 2001-06-20 13:36:04: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey X_SPDDUMP message 2001-06-20 13:36:04: DEBUG: plog.c:205:plogdump(): 02120000 0f000100 00000000 d9020000 05000500 ff800000 1c1c0000 00000000 20010610 14080210 02104bff fe0626bf 00000000 00000000 05000600 ff800000 1c1c0000 00000000 20010610 14080210 021060ff fe7e83f9 00000000 00000000 03001200 02000200 04000000 00000000 08003300 01020000 2001-06-20 13:36:04: DEBUG: policy.c:182:cmpspidx(): sub:0xbfbff844: 2001:610:1408:210:210:4bff:fe06:26bf/128[0] 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] proto=any dir=out 2001-06-20 13:36:04: DEBUG: policy.c:183:cmpspidx(): db :0x809f208: 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] 2001:610:1408:210:210:4bff:fe06:26bf/128[0] proto=any dir=in 2001-06-20 13:39:28: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey ACQUIRE message 2001-06-20 13:39:28: DEBUG: plog.c:205:plogdump(): 02060002 21000000 1a000000 00000000 05000500 ffe00000 1c1c0000 00000000 20010610 14080210 02104bff fe0626bf 00000000 00000000 05000600 ffe00000 1c1c0000 00000000 20010610 14080210 021060ff fe7e83f9 00000000 00000000 02001200 02000200 04000000 00000000 13000d00 20000000 02000000 a000a000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 01000000 80008000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 2001-06-20 13:39:28: DEBUG: policy.c:212:cmpspidx_wild(): sub:0xbfbff830: 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] 2001:610:1408:210:210:4bff:fe06:26bf/128[0] proto=any dir=in 2001-06-20 13:39:28: DEBUG: policy.c:213:cmpspidx_wild(): db: 0x809f208: 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] 2001:610:1408:210:210:4bff:fe06:26bf/128[0] proto=any dir=in 2001-06-20 13:39:28: DEBUG: policy.c:241:cmpspidx_wild(): 0xbfbff830 masked with /128: 2001:610:1408:210:210:60ff:fe7e:83f9[0] 2001-06-20 13:39:28: DEBUG: policy.c:243:cmpspidx_wild(): 0x809f208 masked with /128: 2001:610:1408:210:210:60ff:fe7e:83f9[0] 2001-06-20 13:39:28: DEBUG: policy.c:257:cmpspidx_wild(): 0xbfbff830 masked with /128: 2001:610:1408:210:210:4bff:fe06:26bf[0] 2001-06-20 13:39:28: DEBUG: policy.c:259:cmpspidx_wild(): 0x809f208 masked with /128: 2001:610:1408:210:210:4bff:fe06:26bf[0] 2001-06-20 13:39:28: DEBUG: pfkey.c:1533:pk_recvacquire(): suitable SP found: 2001:610:1408:210:210:4bff:fe06:26bf/128[0] 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] proto=any dir=out. 2001-06-20 13:39:28: DEBUG: pfkey.c:1565:pk_recvacquire(): new acquire 2001:610:1408:210:210:4bff:fe06:26bf/128[0] 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] proto=any dir=out 2001-06-20 13:39:28: DEBUG: sainfo.c:98:getsainfo(): anonymous sainfo selected. 2001-06-20 13:39:28: DEBUG: remoteconf.c:127:getrmconf(): anonymous configuration selected for 2001:610:1408:210:210:60ff:fe7e:83f9. 2001-06-20 13:39:28: INFO: isakmp.c:1599:isakmp_post_acquire(): IPsec-SA request for 2001:610:1408:210:210:60ff:fe7e:83f9 queued due to no phase1 found. 2001-06-20 13:39:28: DEBUG: isakmp.c:766:isakmp_ph1begin_i(): === 2001-06-20 13:39:28: INFO: isakmp.c:771:isakmp_ph1begin_i(): initiate new phase 1 negotiation: 2001:610:1408:210:210:4bff:fe06:26bf[500]<=>2001:610:1408:210:210:60ff:fe7e:83f9[500] 2001-06-20 13:39:28: INFO: isakmp.c:776:isakmp_ph1begin_i(): begin Aggressive mode. 2001-06-20 13:39:28: DEBUG: isakmp.c:1902:isakmp_newcookie(): new cookie: cbc6f7f55ad2389f 2001-06-20 13:39:28: DEBUG: ipsec_doi.c:3161:ipsecdoi_setid1(): use ID type of User_FQDN 2001-06-20 13:39:28: DEBUG: oakley.c:228:oakley_dh_generate(): compute DH's private. 2001-06-20 13:39:28: DEBUG: plog.c:205:plogdump(): 448859a4 ffe5e485 018120ff f6c987c5 34bd6741 b60a9f58 12ed4724 69375f05 0b1ff1fb 03795313 32fb8fd3 7852f963 c1bd90e8 43a72a38 a8af8286 c3c5c6f2 cfe24553 d1edde55 d149e7bf 50eac4b7 4be7b9e0 6a06f3b7 db4b2e71 e2b44509 738891c7 a50f328e b61f1ea4 8c955734 3a451686 ebf65a05 f5bedcdd 528bbcea 2001-06-20 13:39:28: DEBUG: oakley.c:230:oakley_dh_generate(): compute DH's public. 2001-06-20 13:39:28: DEBUG: plog.c:205:plogdump(): 86fb1b63 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 64c35b6e 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 20377a9b bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 ec768ce4 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 2001-06-20 13:39:28: DEBUG: isakmp_agg.c:157:agg_i1send(): authmethod is pre-shared key 2001-06-20 13:39:28: DEBUG: isakmp.c:2015:set_isakmp_payload(): add payload of len 56, next type 4 2001-06-20 13:39:28: DEBUG: isakmp.c:2015:set_isakmp_payload(): add payload of len 128, next type 10 2001-06-20 13:39:28: DEBUG: isakmp.c:2015:set_isakmp_payload(): add payload of len 16, next type 5 2001-06-20 13:39:28: DEBUG: isakmp.c:2015:set_isakmp_payload(): add payload of len 19, next type 0 2001-06-20 13:39:28: DEBUG: isakmp.c:2150:isakmp_printpacket(): begin. 2001-06-20 13:39:28: DEBUG: sockmisc.c:357:sendfromto(): sockname 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:39:28: DEBUG: sockmisc.c:359:sendfromto(): send packet from 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:39:28: DEBUG: sockmisc.c:361:sendfromto(): send packet to 2001:610:1408:210:210:60ff:fe7e:83f9[500] 2001-06-20 13:39:28: DEBUG: sockmisc.c:417:sendfromto(): src6 2001:610:1408:210:210:4bff:fe06:26bf[500] 0 2001-06-20 13:39:28: DEBUG: sockmisc.c:421:sendfromto(): dst6 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0 2001-06-20 13:39:28: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 bytes message will be sent. 2001-06-20 13:39:28: DEBUG: plog.c:205:plogdump(): cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 0400003c 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 800c003c 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 86fb1b63 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 64c35b6e 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 20377a9b bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 ec768ce4 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 05000014 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 6e65406b 616d652e 6e6574 2001-06-20 13:39:48: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend phase1 packet cbc6f7f55ad2389f:0000000000000000 2001-06-20 13:39:48: DEBUG: sockmisc.c:357:sendfromto(): sockname 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:39:48: DEBUG: sockmisc.c:359:sendfromto(): send packet from 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:39:48: DEBUG: sockmisc.c:361:sendfromto(): send packet to 2001:610:1408:210:210:60ff:fe7e:83f9[500] 2001-06-20 13:39:48: DEBUG: sockmisc.c:417:sendfromto(): src6 2001:610:1408:210:210:4bff:fe06:26bf[500] 0 2001-06-20 13:39:48: DEBUG: sockmisc.c:421:sendfromto(): dst6 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0 2001-06-20 13:39:48: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 bytes message will be sent. 2001-06-20 13:39:48: DEBUG: plog.c:205:plogdump(): cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 0400003c 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 800c003c 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 86fb1b63 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 64c35b6e 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 20377a9b bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 ec768ce4 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 05000014 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 6e65406b 616d652e 6e6574 2001-06-20 13:39:49: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey ACQUIRE message 2001-06-20 13:39:49: DEBUG: plog.c:205:plogdump(): 02060002 21000000 1b000000 00000000 05000500 ffe00000 1c1c0000 00000000 20010610 14080210 02104bff fe0626bf 00000000 00000000 05000600 ffe00000 1c1c0000 00000000 20010610 14080210 021060ff fe7e83f9 00000000 00000000 02001200 02000200 04000000 00000000 13000d00 20000000 02000000 a000a000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 01000000 80008000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 2001-06-20 13:39:49: DEBUG: pfkey.c:1497:pk_recvacquire(): ignore the acquire becuase ph2 found 2001-06-20 13:39:59: ERROR: isakmp.c:1676:isakmp_chkph1there(): phase1 negotiation failed due to time up. 2001-06-20 13:39:59: INFO: isakmp.c:1678:isakmp_chkph1there(): delete phase 2 handler. 2001-06-20 13:40:08: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend phase1 packet cbc6f7f55ad2389f:0000000000000000 2001-06-20 13:40:08: DEBUG: sockmisc.c:357:sendfromto(): sockname 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:40:08: DEBUG: sockmisc.c:359:sendfromto(): send packet from 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:40:08: DEBUG: sockmisc.c:361:sendfromto(): send packet to 2001:610:1408:210:210:60ff:fe7e:83f9[500] 2001-06-20 13:40:08: DEBUG: sockmisc.c:417:sendfromto(): src6 2001:610:1408:210:210:4bff:fe06:26bf[500] 0 2001-06-20 13:40:08: DEBUG: sockmisc.c:421:sendfromto(): dst6 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0 2001-06-20 13:40:08: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 bytes message will be sent. 2001-06-20 13:40:08: DEBUG: plog.c:205:plogdump(): cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 0400003c 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 800c003c 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 86fb1b63 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 64c35b6e 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 20377a9b bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 ec768ce4 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 05000014 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 6e65406b 616d652e 6e6574 2001-06-20 13:40:13: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey ACQUIRE message 2001-06-20 13:40:13: DEBUG: plog.c:205:plogdump(): 02060002 21000000 1c000000 00000000 05000500 ffe00000 1c1c0000 00000000 20010610 14080210 02104bff fe0626bf 00000000 00000000 05000600 ffe00000 1c1c0000 00000000 20010610 14080210 021060ff fe7e83f9 00000000 00000000 02001200 02000200 04000000 00000000 13000d00 20000000 02000000 a000a000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 01000000 80008000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 2001-06-20 13:40:13: DEBUG: policy.c:212:cmpspidx_wild(): sub:0xbfbff830: 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] 2001:610:1408:210:210:4bff:fe06:26bf/128[0] proto=any dir=in 2001-06-20 13:40:13: DEBUG: policy.c:213:cmpspidx_wild(): db: 0x809f208: 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] 2001:610:1408:210:210:4bff:fe06:26bf/128[0] proto=any dir=in 2001-06-20 13:40:13: DEBUG: policy.c:241:cmpspidx_wild(): 0xbfbff830 masked with /128: 2001:610:1408:210:210:60ff:fe7e:83f9[0] 2001-06-20 13:40:13: DEBUG: policy.c:243:cmpspidx_wild(): 0x809f208 masked with /128: 2001:610:1408:210:210:60ff:fe7e:83f9[0] 2001-06-20 13:40:13: DEBUG: policy.c:257:cmpspidx_wild(): 0xbfbff830 masked with /128: 2001:610:1408:210:210:4bff:fe06:26bf[0] 2001-06-20 13:40:13: DEBUG: policy.c:259:cmpspidx_wild(): 0x809f208 masked with /128: 2001:610:1408:210:210:4bff:fe06:26bf[0] 2001-06-20 13:40:13: DEBUG: pfkey.c:1533:pk_recvacquire(): suitable SP found: 2001:610:1408:210:210:4bff:fe06:26bf/128[0] 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] proto=any dir=out. 2001-06-20 13:40:13: DEBUG: pfkey.c:1565:pk_recvacquire(): new acquire 2001:610:1408:210:210:4bff:fe06:26bf/128[0] 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] proto=any dir=out 2001-06-20 13:40:13: DEBUG: sainfo.c:98:getsainfo(): anonymous sainfo selected. 2001-06-20 13:40:13: DEBUG: remoteconf.c:127:getrmconf(): anonymous configuration selected for 2001:610:1408:210:210:60ff:fe7e:83f9. 2001-06-20 13:40:13: INFO: isakmp.c:1618:isakmp_post_acquire(): request for establishing IPsec-SA was queued due to no phase1 found. 2001-06-20 13:40:28: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend phase1 packet cbc6f7f55ad2389f:0000000000000000 2001-06-20 13:40:28: DEBUG: sockmisc.c:357:sendfromto(): sockname 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:40:28: DEBUG: sockmisc.c:359:sendfromto(): send packet from 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:40:28: DEBUG: sockmisc.c:361:sendfromto(): send packet to 2001:610:1408:210:210:60ff:fe7e:83f9[500] 2001-06-20 13:40:28: DEBUG: sockmisc.c:417:sendfromto(): src6 2001:610:1408:210:210:4bff:fe06:26bf[500] 0 2001-06-20 13:40:28: DEBUG: sockmisc.c:421:sendfromto(): dst6 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0 2001-06-20 13:40:28: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 bytes message will be sent. 2001-06-20 13:40:28: DEBUG: plog.c:205:plogdump(): cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 0400003c 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 800c003c 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 86fb1b63 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 64c35b6e 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 20377a9b bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 ec768ce4 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 05000014 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 6e65406b 616d652e 6e6574 2001-06-20 13:40:45: ERROR: isakmp.c:1676:isakmp_chkph1there(): phase1 negotiation failed due to time up. 2001-06-20 13:40:45: INFO: isakmp.c:1678:isakmp_chkph1there(): delete phase 2 handler. 2001-06-20 13:40:48: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend phase1 packet cbc6f7f55ad2389f:0000000000000000 2001-06-20 13:40:48: DEBUG: sockmisc.c:357:sendfromto(): sockname 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:40:48: DEBUG: sockmisc.c:359:sendfromto(): send packet from 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:40:48: DEBUG: sockmisc.c:361:sendfromto(): send packet to 2001:610:1408:210:210:60ff:fe7e:83f9[500] 2001-06-20 13:40:48: DEBUG: sockmisc.c:417:sendfromto(): src6 2001:610:1408:210:210:4bff:fe06:26bf[500] 0 2001-06-20 13:40:48: DEBUG: sockmisc.c:421:sendfromto(): dst6 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0 2001-06-20 13:40:48: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 bytes message will be sent. 2001-06-20 13:40:48: DEBUG: plog.c:205:plogdump(): cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 0400003c 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 800c003c 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 86fb1b63 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 64c35b6e 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 20377a9b bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 ec768ce4 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 05000014 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 6e65406b 616d652e 6e6574 2001-06-20 13:41:08: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend phase1 packet cbc6f7f55ad2389f:0000000000000000 2001-06-20 13:41:08: DEBUG: sockmisc.c:357:sendfromto(): sockname 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:41:08: DEBUG: sockmisc.c:359:sendfromto(): send packet from 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:41:08: DEBUG: sockmisc.c:361:sendfromto(): send packet to 2001:610:1408:210:210:60ff:fe7e:83f9[500] 2001-06-20 13:41:08: DEBUG: sockmisc.c:417:sendfromto(): src6 2001:610:1408:210:210:4bff:fe06:26bf[500] 0 2001-06-20 13:41:08: DEBUG: sockmisc.c:421:sendfromto(): dst6 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0 2001-06-20 13:41:08: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 bytes message will be sent. 2001-06-20 13:41:08: DEBUG: plog.c:205:plogdump(): cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 0400003c 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 800c003c 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 86fb1b63 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 64c35b6e 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 20377a9b bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 ec768ce4 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 05000014 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 6e65406b 616d652e 6e6574 2001-06-20 13:41:28: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend phase1 packet cbc6f7f55ad2389f:0000000000000000 2001-06-20 13:41:28: DEBUG: sockmisc.c:357:sendfromto(): sockname 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:41:28: DEBUG: sockmisc.c:359:sendfromto(): send packet from 2001:610:1408:210:210:4bff:fe06:26bf[500] 2001-06-20 13:41:28: DEBUG: sockmisc.c:361:sendfromto(): send packet to 2001:610:1408:210:210:60ff:fe7e:83f9[500] 2001-06-20 13:41:28: DEBUG: sockmisc.c:417:sendfromto(): src6 2001:610:1408:210:210:4bff:fe06:26bf[500] 0 2001-06-20 13:41:28: DEBUG: sockmisc.c:421:sendfromto(): dst6 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0 2001-06-20 13:41:28: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 bytes message will be sent. 2001-06-20 13:41:28: DEBUG: plog.c:205:plogdump(): cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 0400003c 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 800c003c 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 86fb1b63 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 64c35b6e 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 20377a9b bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 ec768ce4 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 05000014 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 6e65406b 616d652e 6e6574 2001-06-20 13:41:28: ERROR: isakmp.c:1380:isakmp_ph1resend(): phase1 negotiation failed due to time up. cbc6f7f55ad2389f:0000000000000000 2001-06-20 13:44:10: INFO: session.c:276:check_sigreq(): caught signal 2 2001-06-20 13:44:10: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey FLUSH message 2001-06-20 13:44:10: DEBUG: plog.c:205:plogdump(): 02090000 02000000 00000000 d9020000 2001-06-20 13:44:11: DEBUG: pfkey.c:277:pfkey_dump_sadb(): call pfkey_send_dump 2001-06-20 13:44:11: ERROR: backupsa.c:355:backupsa_clean(): failed to clean the backup file (null).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7BA41B5547CCD411833B0002A52CD457F37451>