From owner-freebsd-stable Wed Jun 20 7:43:58 2001 Delivered-To: freebsd-stable@freebsd.org Received: from albatross-ext.wise.edt.ericsson.se (albatross-ext.wise.edt.ericsson.se [194.237.142.116]) by hub.freebsd.org (Postfix) with ESMTP id D91F437B403 for ; Wed, 20 Jun 2001 07:43:09 -0700 (PDT) (envelope-from Tim.Ehrhart@eln.ericsson.se) Received: from esealnt461 (esealnt461.al.sw.ericsson.se [153.88.251.61]) by albatross.wise.edt.ericsson.se (8.11.0/8.11.0/WIREfire-1.3) with SMTP id f5KEh8N12505 for ; Wed, 20 Jun 2001 16:43:08 +0200 (MEST) Received: FROM esealnt747.al.sw.ericsson.se BY esealnt461 ; Wed Jun 20 16:43:06 2001 +0200 Received: by ESEALNT747.al.sw.ericsson.se with Internet Mail Service (5.5.2653.19) id ; Wed, 20 Jun 2001 16:43:06 +0200 Message-ID: <7BA41B5547CCD411833B0002A52CD457F37451@enlrynt306.etm.ericsson.se> From: "Tim Ehrhart (ELN)" To: FreeBSD-Stable Subject: IPsec + IKE (racoon) problems Date: Wed, 20 Jun 2001 16:42:59 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C0F997.4CD17FF0" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C0F997.4CD17FF0 Content-Type: text/plain; charset="iso-8859-1" Hello all, I've successful in getting IPsec with v4 & v6 with ah, esp, ah+esp using MANUAL key running. I'm now trying to switch over to racoon. I've followed instructions from various place on the net. I load only SPD into kernel with setkey (see rc.ipsec attachment). Have a very simple psk.txt with v4 & v6 addresses of both hosts (see psk.txt attachment) along with an almost unmodifed racoon.conf file, which I've included. What seems to happen is this: phase 1 (remote) negotiation is not completing before it wants to start phase2 (sainfo) part. Keys are not generated and things don't get worked out. I've included some output from /var/log/racoon.log. <> <> <> <> Would someone (who's done this already?) be willing to look at my files and output to give me a clue how to get things in sync? Thanx, Tim Tim Ehrhart Systems Engineer Ericsson EuroLabs Netherlands b.v. P.O. Box 8, 5120 AA Rijen The Netherlands Tel. +31 161 247327, Fax. +31 161 249912, GSM. +31 6 53720881 E-mail: Tim.Ehrhart@eln.ericsson.se, Internet: http://www.ericsson.nl/ ------_=_NextPart_000_01C0F997.4CD17FF0 Content-Type: text/plain; name="rc.ipsec.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="rc.ipsec.txt" #!/bin/sh=0A= # $Id: rc.ipsec,v 1.3 2001/06/19 11:06:39 root Exp $=0A= #=0A= # $Log: rc.ipsec,v $=0A= # Revision 1.3 2001/06/19 11:06:39 root=0A= # working version for v4 & v6 AH+ESP from lab3v[46] to lab5v[46]=0A= # experimental for v6 AH+ESP from lab3v6 to tina55v6=0A= #=0A= # Revision 1.2 2001/06/15 13:23:27 root=0A= # removed hardcoded address lines on spdadd type/mode//require lines=0A= #=0A= # Revision 1.1 2001/06/15 13:16:44 root=0A= # Initial revision=0A= #=0A= #=0A= # These commands need to be run on node A=0A= # The next 2 lines delete all existing entries from the SPD and SAD=0A= setkey -FP=0A= setkey -F=0A= # Add the policy=0A= setkey -c << EOF=0A= #####################################################=0A= #=0A= # lab3v4 -> lab5v4 outgoing ah+esp=0A= spdadd 195.169.102.69/32 195.169.102.71/32=0A= any -P out ipsec=0A= esp/transport//require=0A= ah/transport//require ;=0A= #=0A= # lab5v4 -> lab3v4 incoming ah+esp=0A= spdadd 195.169.102.71/32 195.169.102.69/32=0A= any -P in ipsec=0A= esp/transport//require=0A= ah/transport//require ;=0A= #=0A= # lab3v6 -> lab5v6 outgoing ah+esp=0A= spdadd 2001:610:1408:210:210:4bff:fe06:26bf/128=0A= 2001:610:1408:210:210:60ff:fe7e:83f9/128=0A= any -P out ipsec=0A= esp/transport//require=0A= ah/transport//require ;=0A= #=0A= # lab5v6 -> lab3v6 incoming ah+esp=0A= spdadd 2001:610:1408:210:210:60ff:fe7e:83f9/128=0A= 2001:610:1408:210:210:4bff:fe06:26bf/128=0A= any -P in ipsec=0A= esp/transport//require=0A= ah/transport//require ;=0A= EOF=0A= ------_=_NextPart_000_01C0F997.4CD17FF0 Content-Type: text/plain; name="psk.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="psk.txt" 195.69.102.69 thisisatest=0A= 195.69.102.71 thisisatest=0A= 2001:610:1408:210:210:4bff:fe06:26bf thisisatest=0A= 2001:610:1408:210:210:60ff:fe7e:83f9 thisisatest=0A= ------_=_NextPart_000_01C0F997.4CD17FF0 Content-Type: text/plain; name="racoon.conf.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="racoon.conf.txt" # $KAME: racoon.conf.in,v 1.16 2000/12/17 21:17:53 sakane Exp $=0A= =0A= # "path" must be placed before it should be used.=0A= # You can overwrite which you defined, but it should not use due to = confusing.=0A= path include "/usr/local/etc/racoon" ;=0A= #include "remote.conf" ;=0A= =0A= # search this file for pre_shared_key with various ID key.=0A= path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;=0A= =0A= # racoon will look for certificate file in the directory,=0A= # if the certificate/certificate request payload is received.=0A= path certificate "/usr/local/etc/cert" ;=0A= =0A= # "log" specifies logging level. It is followed by either "notify", = "debug"=0A= # or "debug2".=0A= log notify;=0A= =0A= # "padding" defines some parameter of padding. You should not touch = these.=0A= padding=0A= {=0A= maximum_length 20; # maximum padding length.=0A= randomize off; # enable randomize length.=0A= strict_check off; # enable strict check.=0A= exclusive_tail off; # extract last one octet.=0A= }=0A= =0A= # if no listen directive is specified, racoon will listen to all=0A= # available interface addresses.=0A= listen=0A= {=0A= #isakmp ::1 [7000];=0A= #isakmp 202.249.11.124 [500];=0A= #admin [7002]; # administrative's port by kmpstat.=0A= #strict_address; # required all addresses must be bound.=0A= }=0A= =0A= # Specification of default various timer.=0A= timer=0A= {=0A= # These value can be changed per remote node.=0A= counter 5; # maximum trying count to send.=0A= interval 20 sec; # maximum interval to resend.=0A= persend 1; # the number of packets per a send.=0A= =0A= # timer for waiting to complete each phase.=0A= phase1 30 sec;=0A= phase2 15 sec;=0A= }=0A= =0A= remote anonymous=0A= {=0A= #exchange_mode main,aggressive;=0A= exchange_mode aggressive,main,base;=0A= #doi ipsec_doi;=0A= #situation identity_only;=0A= =0A= #my_identifier address;=0A= #my_identifier user_fqdn "sakane@kame.net";=0A= #peers_identifier user_fqdn "sakane@kame.net";=0A= #certificate_type x509 "mycert" "mypriv";=0A= =0A= #nonce_size 16;=0A= lifetime time 24 hour; # sec,min,hour=0A= #lifetime byte 5 MB; # B,KB,GB=0A= #initial_contact on;=0A= #support_mip6 on;=0A= #proposal_check obey; # obey, strict or claim=0A= =0A= proposal {=0A= encryption_algorithm des;=0A= hash_algorithm md5;=0A= authentication_method pre_shared_key ;=0A= dh_group 2 ;=0A= }=0A= }=0A= =0A= remote ::1 [8000]=0A= {=0A= #exchange_mode main,aggressive;=0A= exchange_mode aggressive,main;=0A= doi ipsec_doi;=0A= situation identity_only;=0A= =0A= my_identifier user_fqdn "sakane@kame.net";=0A= peers_identifier user_fqdn "sakane@kame.net";=0A= #certificate_type x509 "mycert" "mypriv";=0A= =0A= nonce_size 16;=0A= lifetime time 1 min; # sec,min,hour=0A= lifetime byte 5 MB; # B,KB,GB=0A= =0A= proposal {=0A= encryption_algorithm 3des;=0A= hash_algorithm sha1;=0A= authentication_method pre_shared_key ;=0A= dh_group 2 ;=0A= }=0A= }=0A= =0A= sainfo anonymous=0A= {=0A= pfs_group 1;=0A= lifetime time 3600 sec;=0A= lifetime byte 50000 KB;=0A= encryption_algorithm des ;=0A= authentication_algorithm hmac_md5;=0A= compression_algorithm deflate ;=0A= }=0A= =0A= sainfo address 203.178.141.209 any address 203.178.141.218 any=0A= {=0A= pfs_group 1;=0A= lifetime time 30 sec;=0A= lifetime byte 5000 KB;=0A= encryption_algorithm des ;=0A= authentication_algorithm hmac_md5;=0A= compression_algorithm deflate ;=0A= }=0A= =0A= sainfo address ::1 icmp6 address ::1 icmp6=0A= {=0A= pfs_group 1;=0A= lifetime time 60 sec;=0A= lifetime byte 5000 KB;=0A= encryption_algorithm 3des, cast128, blowfish, des ;=0A= authentication_algorithm hmac_sha1, hmac_md5 ;=0A= compression_algorithm deflate ;=0A= }=0A= =0A= ------_=_NextPart_000_01C0F997.4CD17FF0 Content-Type: text/plain; name="racoon.log.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="racoon.log.txt" 2001-06-20 13:36:04: INFO: main.c:146:main(): @(#)racoon 20001216 = sakane@ydc.co.jp=0A= 2001-06-20 13:36:04: INFO: main.c:147:main(): @(#)This product linked = software developed by the OpenSSL Project for use in the OpenSSL = Toolkit. (http://www.openssl.org/)=0A= 2001-06-20 13:36:04: DEBUG: pfkey.c:377:pfkey_init(): call = pfkey_send_register for AH=0A= 2001-06-20 13:36:04: DEBUG: pfkey.c:377:pfkey_init(): call = pfkey_send_register for ESP=0A= 2001-06-20 13:36:04: DEBUG: pfkey.c:377:pfkey_init(): call = pfkey_send_register for IPCOMP=0A= 2001-06-20 13:36:04: WARNING: cftoken.l:498:yywarn(): = /usr/local/etc/racoon/racoon.conf:65: "MB" the lifetime of bytes in = phase 1 will be ignored at the moment.=0A= 2001-06-20 13:36:04: WARNING: cftoken.l:498:yywarn(): = /usr/local/etc/racoon/racoon.conf:91: "MB" the lifetime of bytes in = phase 1 will be ignored at the moment.=0A= 2001-06-20 13:36:04: WARNING: pfkey.c:1949:pk_checkalg(): compression = algorithm can not be checked.=0A= 2001-06-20 13:36:04: WARNING: pfkey.c:1949:pk_checkalg(): compression = algorithm can not be checked.=0A= 2001-06-20 13:36:04: DEBUG: sainfo.c:98:getsainfo(): anonymous sainfo = selected.=0A= 2001-06-20 13:36:04: WARNING: pfkey.c:1949:pk_checkalg(): compression = algorithm can not be checked.=0A= 2001-06-20 13:36:04: DEBUG: sainfo.c:98:getsainfo(): anonymous sainfo = selected.=0A= 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my = interface: 195.169.102.69 (xl0)=0A= 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my = interface: fe80::210:4bff:fe06:26bf%xl0 (xl0)=0A= 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my = interface: 2001:610:1408:210:210:4bff:fe06:26bf (xl0)=0A= 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my = interface: fe80::1%lo0 (lo0)=0A= 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my = interface: ::1 (lo0)=0A= 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:209:grab_myaddrs(): my = interface: 127.0.0.1 (lo0)=0A= 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:476:autoconf_myaddrsport(): = configuring default isakmp port.=0A= 2001-06-20 13:36:04: DEBUG: grabmyaddr.c:498:autoconf_myaddrsport(): 6 = addrs are configured successfully=0A= 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): 127.0.0.1[500] = used as isakmp port (fd=3D5)=0A= 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): ::1[500] used = as isakmp port (fd=3D6)=0A= 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): = fe80::1%lo0[500] used as isakmp port (fd=3D7)=0A= 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): = 2001:610:1408:210:210:4bff:fe06:26bf[500] used as isakmp port = (fd=3D8)=0A= 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): = fe80::210:4bff:fe06:26bf%xl0[500] used as isakmp port (fd=3D9)=0A= 2001-06-20 13:36:04: INFO: isakmp.c:1267:isakmp_open(): = 195.169.102.69[500] used as isakmp port (fd=3D10)=0A= 2001-06-20 13:36:04: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey = X_SPDDUMP message=0A= 2001-06-20 13:36:04: DEBUG: plog.c:205:plogdump(): =0A= 02120000 0f000100 01000000 d9020000 05000500 ff800000 1c1c0000 = 00000000=0A= 20010610 14080210 021060ff fe7e83f9 00000000 00000000 05000600 = ff800000=0A= 1c1c0000 00000000 20010610 14080210 02104bff fe0626bf 00000000 = 00000000=0A= 03001200 02000100 05000000 00000000 08003300 01020000=0A= 2001-06-20 13:36:04: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey = X_SPDDUMP message=0A= 2001-06-20 13:36:04: DEBUG: plog.c:205:plogdump(): =0A= 02120000 0f000100 00000000 d9020000 05000500 ff800000 1c1c0000 = 00000000=0A= 20010610 14080210 02104bff fe0626bf 00000000 00000000 05000600 = ff800000=0A= 1c1c0000 00000000 20010610 14080210 021060ff fe7e83f9 00000000 = 00000000=0A= 03001200 02000200 04000000 00000000 08003300 01020000=0A= 2001-06-20 13:36:04: DEBUG: policy.c:182:cmpspidx(): sub:0xbfbff844: = 2001:610:1408:210:210:4bff:fe06:26bf/128[0] = 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] proto=3Dany dir=3Dout=0A= 2001-06-20 13:36:04: DEBUG: policy.c:183:cmpspidx(): db :0x809f208: = 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] = 2001:610:1408:210:210:4bff:fe06:26bf/128[0] proto=3Dany dir=3Din=0A= 2001-06-20 13:39:28: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey = ACQUIRE message=0A= 2001-06-20 13:39:28: DEBUG: plog.c:205:plogdump(): =0A= 02060002 21000000 1a000000 00000000 05000500 ffe00000 1c1c0000 00000000=0A= 20010610 14080210 02104bff fe0626bf 00000000 00000000 05000600 = ffe00000=0A= 1c1c0000 00000000 20010610 14080210 021060ff fe7e83f9 00000000 = 00000000=0A= 02001200 02000200 04000000 00000000 13000d00 20000000 02000000 = a000a000=0A= 00000000 00000000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 00000000 00000000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 01000000 80008000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 00000000 00000000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 00000000 00000000=0A= 2001-06-20 13:39:28: DEBUG: policy.c:212:cmpspidx_wild(): = sub:0xbfbff830: 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] = 2001:610:1408:210:210:4bff:fe06:26bf/128[0] proto=3Dany dir=3Din=0A= 2001-06-20 13:39:28: DEBUG: policy.c:213:cmpspidx_wild(): db: = 0x809f208: 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] = 2001:610:1408:210:210:4bff:fe06:26bf/128[0] proto=3Dany dir=3Din=0A= 2001-06-20 13:39:28: DEBUG: policy.c:241:cmpspidx_wild(): 0xbfbff830 = masked with /128: 2001:610:1408:210:210:60ff:fe7e:83f9[0]=0A= 2001-06-20 13:39:28: DEBUG: policy.c:243:cmpspidx_wild(): 0x809f208 = masked with /128: 2001:610:1408:210:210:60ff:fe7e:83f9[0]=0A= 2001-06-20 13:39:28: DEBUG: policy.c:257:cmpspidx_wild(): 0xbfbff830 = masked with /128: 2001:610:1408:210:210:4bff:fe06:26bf[0]=0A= 2001-06-20 13:39:28: DEBUG: policy.c:259:cmpspidx_wild(): 0x809f208 = masked with /128: 2001:610:1408:210:210:4bff:fe06:26bf[0]=0A= 2001-06-20 13:39:28: DEBUG: pfkey.c:1533:pk_recvacquire(): suitable SP = found: 2001:610:1408:210:210:4bff:fe06:26bf/128[0] = 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] proto=3Dany dir=3Dout.=0A= 2001-06-20 13:39:28: DEBUG: pfkey.c:1565:pk_recvacquire(): new acquire = 2001:610:1408:210:210:4bff:fe06:26bf/128[0] = 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] proto=3Dany dir=3Dout=0A= 2001-06-20 13:39:28: DEBUG: sainfo.c:98:getsainfo(): anonymous sainfo = selected.=0A= 2001-06-20 13:39:28: DEBUG: remoteconf.c:127:getrmconf(): anonymous = configuration selected for 2001:610:1408:210:210:60ff:fe7e:83f9.=0A= 2001-06-20 13:39:28: INFO: isakmp.c:1599:isakmp_post_acquire(): = IPsec-SA request for 2001:610:1408:210:210:60ff:fe7e:83f9 queued due to = no phase1 found.=0A= 2001-06-20 13:39:28: DEBUG: isakmp.c:766:isakmp_ph1begin_i(): = =3D=3D=3D=0A= 2001-06-20 13:39:28: INFO: isakmp.c:771:isakmp_ph1begin_i(): initiate = new phase 1 negotiation: = 2001:610:1408:210:210:4bff:fe06:26bf[500]<=3D>2001:610:1408:210:210:60ff= :fe7e:83f9[500]=0A= 2001-06-20 13:39:28: INFO: isakmp.c:776:isakmp_ph1begin_i(): begin = Aggressive mode.=0A= 2001-06-20 13:39:28: DEBUG: isakmp.c:1902:isakmp_newcookie(): new = cookie:=0A= cbc6f7f55ad2389f =0A= 2001-06-20 13:39:28: DEBUG: ipsec_doi.c:3161:ipsecdoi_setid1(): use ID = type of User_FQDN=0A= 2001-06-20 13:39:28: DEBUG: oakley.c:228:oakley_dh_generate(): compute = DH's private.=0A= 2001-06-20 13:39:28: DEBUG: plog.c:205:plogdump(): =0A= 448859a4 ffe5e485 018120ff f6c987c5 34bd6741 b60a9f58 12ed4724 = 69375f05=0A= 0b1ff1fb 03795313 32fb8fd3 7852f963 c1bd90e8 43a72a38 a8af8286 = c3c5c6f2=0A= cfe24553 d1edde55 d149e7bf 50eac4b7 4be7b9e0 6a06f3b7 db4b2e71 = e2b44509=0A= 738891c7 a50f328e b61f1ea4 8c955734 3a451686 ebf65a05 f5bedcdd = 528bbcea=0A= 2001-06-20 13:39:28: DEBUG: oakley.c:230:oakley_dh_generate(): compute = DH's public.=0A= 2001-06-20 13:39:28: DEBUG: plog.c:205:plogdump(): =0A= 86fb1b63 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e = 36a19181=0A= 64c35b6e 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac = 15eec5a0=0A= 20377a9b bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 = cc1d3474=0A= ec768ce4 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba = 98701889=0A= 2001-06-20 13:39:28: DEBUG: isakmp_agg.c:157:agg_i1send(): authmethod = is pre-shared key=0A= 2001-06-20 13:39:28: DEBUG: isakmp.c:2015:set_isakmp_payload(): add = payload of len 56, next type 4=0A= 2001-06-20 13:39:28: DEBUG: isakmp.c:2015:set_isakmp_payload(): add = payload of len 128, next type 10=0A= 2001-06-20 13:39:28: DEBUG: isakmp.c:2015:set_isakmp_payload(): add = payload of len 16, next type 5=0A= 2001-06-20 13:39:28: DEBUG: isakmp.c:2015:set_isakmp_payload(): add = payload of len 19, next type 0=0A= 2001-06-20 13:39:28: DEBUG: isakmp.c:2150:isakmp_printpacket(): = begin.=0A= 2001-06-20 13:39:28: DEBUG: sockmisc.c:357:sendfromto(): sockname = 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:39:28: DEBUG: sockmisc.c:359:sendfromto(): send packet = from 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:39:28: DEBUG: sockmisc.c:361:sendfromto(): send packet to = 2001:610:1408:210:210:60ff:fe7e:83f9[500]=0A= 2001-06-20 13:39:28: DEBUG: sockmisc.c:417:sendfromto(): src6 = 2001:610:1408:210:210:4bff:fe06:26bf[500] 0=0A= 2001-06-20 13:39:28: DEBUG: sockmisc.c:421:sendfromto(): dst6 = 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0=0A= 2001-06-20 13:39:28: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 = bytes message will be sent.=0A= 2001-06-20 13:39:28: DEBUG: plog.c:205:plogdump(): =0A= cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 = 0400003c=0A= 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 = 800c003c=0A= 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 = 86fb1b63=0A= 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 = 64c35b6e=0A= 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 = 20377a9b=0A= bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 = ec768ce4=0A= 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 = 05000014=0A= 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 = 6e65406b=0A= 616d652e 6e6574=0A= 2001-06-20 13:39:48: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend = phase1 packet cbc6f7f55ad2389f:0000000000000000=0A= 2001-06-20 13:39:48: DEBUG: sockmisc.c:357:sendfromto(): sockname = 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:39:48: DEBUG: sockmisc.c:359:sendfromto(): send packet = from 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:39:48: DEBUG: sockmisc.c:361:sendfromto(): send packet to = 2001:610:1408:210:210:60ff:fe7e:83f9[500]=0A= 2001-06-20 13:39:48: DEBUG: sockmisc.c:417:sendfromto(): src6 = 2001:610:1408:210:210:4bff:fe06:26bf[500] 0=0A= 2001-06-20 13:39:48: DEBUG: sockmisc.c:421:sendfromto(): dst6 = 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0=0A= 2001-06-20 13:39:48: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 = bytes message will be sent.=0A= 2001-06-20 13:39:48: DEBUG: plog.c:205:plogdump(): =0A= cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 = 0400003c=0A= 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 = 800c003c=0A= 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 = 86fb1b63=0A= 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 = 64c35b6e=0A= 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 = 20377a9b=0A= bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 = ec768ce4=0A= 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 = 05000014=0A= 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 = 6e65406b=0A= 616d652e 6e6574=0A= 2001-06-20 13:39:49: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey = ACQUIRE message=0A= 2001-06-20 13:39:49: DEBUG: plog.c:205:plogdump(): =0A= 02060002 21000000 1b000000 00000000 05000500 ffe00000 1c1c0000 = 00000000=0A= 20010610 14080210 02104bff fe0626bf 00000000 00000000 05000600 = ffe00000=0A= 1c1c0000 00000000 20010610 14080210 021060ff fe7e83f9 00000000 = 00000000=0A= 02001200 02000200 04000000 00000000 13000d00 20000000 02000000 = a000a000=0A= 00000000 00000000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 00000000 00000000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 01000000 80008000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 00000000 00000000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 00000000 00000000=0A= 2001-06-20 13:39:49: DEBUG: pfkey.c:1497:pk_recvacquire(): ignore the = acquire becuase ph2 found=0A= 2001-06-20 13:39:59: ERROR: isakmp.c:1676:isakmp_chkph1there(): phase1 = negotiation failed due to time up.=0A= 2001-06-20 13:39:59: INFO: isakmp.c:1678:isakmp_chkph1there(): delete = phase 2 handler.=0A= 2001-06-20 13:40:08: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend = phase1 packet cbc6f7f55ad2389f:0000000000000000=0A= 2001-06-20 13:40:08: DEBUG: sockmisc.c:357:sendfromto(): sockname = 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:40:08: DEBUG: sockmisc.c:359:sendfromto(): send packet = from 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:40:08: DEBUG: sockmisc.c:361:sendfromto(): send packet to = 2001:610:1408:210:210:60ff:fe7e:83f9[500]=0A= 2001-06-20 13:40:08: DEBUG: sockmisc.c:417:sendfromto(): src6 = 2001:610:1408:210:210:4bff:fe06:26bf[500] 0=0A= 2001-06-20 13:40:08: DEBUG: sockmisc.c:421:sendfromto(): dst6 = 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0=0A= 2001-06-20 13:40:08: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 = bytes message will be sent.=0A= 2001-06-20 13:40:08: DEBUG: plog.c:205:plogdump(): =0A= cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 = 0400003c=0A= 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 = 800c003c=0A= 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 = 86fb1b63=0A= 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 = 64c35b6e=0A= 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 = 20377a9b=0A= bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 = ec768ce4=0A= 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 = 05000014=0A= 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 = 6e65406b=0A= 616d652e 6e6574=0A= 2001-06-20 13:40:13: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey = ACQUIRE message=0A= 2001-06-20 13:40:13: DEBUG: plog.c:205:plogdump(): =0A= 02060002 21000000 1c000000 00000000 05000500 ffe00000 1c1c0000 = 00000000=0A= 20010610 14080210 02104bff fe0626bf 00000000 00000000 05000600 = ffe00000=0A= 1c1c0000 00000000 20010610 14080210 021060ff fe7e83f9 00000000 = 00000000=0A= 02001200 02000200 04000000 00000000 13000d00 20000000 02000000 = a000a000=0A= 00000000 00000000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 00000000 00000000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 01000000 80008000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 00000000 00000000 00000000 00000000 00000000 00000000 00000000 = 00000000=0A= 00000000 00000000=0A= 2001-06-20 13:40:13: DEBUG: policy.c:212:cmpspidx_wild(): = sub:0xbfbff830: 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] = 2001:610:1408:210:210:4bff:fe06:26bf/128[0] proto=3Dany dir=3Din=0A= 2001-06-20 13:40:13: DEBUG: policy.c:213:cmpspidx_wild(): db: = 0x809f208: 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] = 2001:610:1408:210:210:4bff:fe06:26bf/128[0] proto=3Dany dir=3Din=0A= 2001-06-20 13:40:13: DEBUG: policy.c:241:cmpspidx_wild(): 0xbfbff830 = masked with /128: 2001:610:1408:210:210:60ff:fe7e:83f9[0]=0A= 2001-06-20 13:40:13: DEBUG: policy.c:243:cmpspidx_wild(): 0x809f208 = masked with /128: 2001:610:1408:210:210:60ff:fe7e:83f9[0]=0A= 2001-06-20 13:40:13: DEBUG: policy.c:257:cmpspidx_wild(): 0xbfbff830 = masked with /128: 2001:610:1408:210:210:4bff:fe06:26bf[0]=0A= 2001-06-20 13:40:13: DEBUG: policy.c:259:cmpspidx_wild(): 0x809f208 = masked with /128: 2001:610:1408:210:210:4bff:fe06:26bf[0]=0A= 2001-06-20 13:40:13: DEBUG: pfkey.c:1533:pk_recvacquire(): suitable SP = found: 2001:610:1408:210:210:4bff:fe06:26bf/128[0] = 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] proto=3Dany dir=3Dout.=0A= 2001-06-20 13:40:13: DEBUG: pfkey.c:1565:pk_recvacquire(): new acquire = 2001:610:1408:210:210:4bff:fe06:26bf/128[0] = 2001:610:1408:210:210:60ff:fe7e:83f9/128[0] proto=3Dany dir=3Dout=0A= 2001-06-20 13:40:13: DEBUG: sainfo.c:98:getsainfo(): anonymous sainfo = selected.=0A= 2001-06-20 13:40:13: DEBUG: remoteconf.c:127:getrmconf(): anonymous = configuration selected for 2001:610:1408:210:210:60ff:fe7e:83f9.=0A= 2001-06-20 13:40:13: INFO: isakmp.c:1618:isakmp_post_acquire(): request = for establishing IPsec-SA was queued due to no phase1 found.=0A= 2001-06-20 13:40:28: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend = phase1 packet cbc6f7f55ad2389f:0000000000000000=0A= 2001-06-20 13:40:28: DEBUG: sockmisc.c:357:sendfromto(): sockname = 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:40:28: DEBUG: sockmisc.c:359:sendfromto(): send packet = from 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:40:28: DEBUG: sockmisc.c:361:sendfromto(): send packet to = 2001:610:1408:210:210:60ff:fe7e:83f9[500]=0A= 2001-06-20 13:40:28: DEBUG: sockmisc.c:417:sendfromto(): src6 = 2001:610:1408:210:210:4bff:fe06:26bf[500] 0=0A= 2001-06-20 13:40:28: DEBUG: sockmisc.c:421:sendfromto(): dst6 = 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0=0A= 2001-06-20 13:40:28: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 = bytes message will be sent.=0A= 2001-06-20 13:40:28: DEBUG: plog.c:205:plogdump(): =0A= cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 = 0400003c=0A= 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 = 800c003c=0A= 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 = 86fb1b63=0A= 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 = 64c35b6e=0A= 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 = 20377a9b=0A= bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 = ec768ce4=0A= 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 = 05000014=0A= 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 = 6e65406b=0A= 616d652e 6e6574=0A= 2001-06-20 13:40:45: ERROR: isakmp.c:1676:isakmp_chkph1there(): phase1 = negotiation failed due to time up.=0A= 2001-06-20 13:40:45: INFO: isakmp.c:1678:isakmp_chkph1there(): delete = phase 2 handler.=0A= 2001-06-20 13:40:48: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend = phase1 packet cbc6f7f55ad2389f:0000000000000000=0A= 2001-06-20 13:40:48: DEBUG: sockmisc.c:357:sendfromto(): sockname = 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:40:48: DEBUG: sockmisc.c:359:sendfromto(): send packet = from 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:40:48: DEBUG: sockmisc.c:361:sendfromto(): send packet to = 2001:610:1408:210:210:60ff:fe7e:83f9[500]=0A= 2001-06-20 13:40:48: DEBUG: sockmisc.c:417:sendfromto(): src6 = 2001:610:1408:210:210:4bff:fe06:26bf[500] 0=0A= 2001-06-20 13:40:48: DEBUG: sockmisc.c:421:sendfromto(): dst6 = 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0=0A= 2001-06-20 13:40:48: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 = bytes message will be sent.=0A= 2001-06-20 13:40:48: DEBUG: plog.c:205:plogdump(): =0A= cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 = 0400003c=0A= 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 = 800c003c=0A= 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 = 86fb1b63=0A= 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 = 64c35b6e=0A= 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 = 20377a9b=0A= bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 = ec768ce4=0A= 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 = 05000014=0A= 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 = 6e65406b=0A= 616d652e 6e6574=0A= 2001-06-20 13:41:08: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend = phase1 packet cbc6f7f55ad2389f:0000000000000000=0A= 2001-06-20 13:41:08: DEBUG: sockmisc.c:357:sendfromto(): sockname = 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:41:08: DEBUG: sockmisc.c:359:sendfromto(): send packet = from 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:41:08: DEBUG: sockmisc.c:361:sendfromto(): send packet to = 2001:610:1408:210:210:60ff:fe7e:83f9[500]=0A= 2001-06-20 13:41:08: DEBUG: sockmisc.c:417:sendfromto(): src6 = 2001:610:1408:210:210:4bff:fe06:26bf[500] 0=0A= 2001-06-20 13:41:08: DEBUG: sockmisc.c:421:sendfromto(): dst6 = 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0=0A= 2001-06-20 13:41:08: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 = bytes message will be sent.=0A= 2001-06-20 13:41:08: DEBUG: plog.c:205:plogdump(): =0A= cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 = 0400003c=0A= 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 = 800c003c=0A= 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 = 86fb1b63=0A= 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 = 64c35b6e=0A= 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 = 20377a9b=0A= bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 = ec768ce4=0A= 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 = 05000014=0A= 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 = 6e65406b=0A= 616d652e 6e6574=0A= 2001-06-20 13:41:28: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend = phase1 packet cbc6f7f55ad2389f:0000000000000000=0A= 2001-06-20 13:41:28: DEBUG: sockmisc.c:357:sendfromto(): sockname = 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:41:28: DEBUG: sockmisc.c:359:sendfromto(): send packet = from 2001:610:1408:210:210:4bff:fe06:26bf[500]=0A= 2001-06-20 13:41:28: DEBUG: sockmisc.c:361:sendfromto(): send packet to = 2001:610:1408:210:210:60ff:fe7e:83f9[500]=0A= 2001-06-20 13:41:28: DEBUG: sockmisc.c:417:sendfromto(): src6 = 2001:610:1408:210:210:4bff:fe06:26bf[500] 0=0A= 2001-06-20 13:41:28: DEBUG: sockmisc.c:421:sendfromto(): dst6 = 2001:610:1408:210:210:60ff:fe7e:83f9[500] 0=0A= 2001-06-20 13:41:28: DEBUG: isakmp.c:1350:isakmp_send(): 1 times of 263 = bytes message will be sent.=0A= 2001-06-20 13:41:28: DEBUG: plog.c:205:plogdump(): =0A= cbc6f7f5 5ad2389f 00000000 00000000 01100400 00000000 00000107 = 0400003c=0A= 00000001 00000001 00000030 01010001 00000028 01010000 800b0001 = 800c003c=0A= 800b0002 800c1400 80010001 80030001 80020001 80040002 0a000084 = 86fb1b63=0A= 89e3666f c5e47c84 8255cbec 28310d3d 05dab56c 722f7c4e 36a19181 = 64c35b6e=0A= 19873f48 298cebb3 bb8eb81e cd57bc75 93cc4507 bc8e20ac 15eec5a0 = 20377a9b=0A= bcf2ad8b 04b0023a dcd0f684 20a25f04 52c5d6dc 160e6ca0 cc1d3474 = ec768ce4=0A= 2518ef70 fde6eba7 3525d53a 9ec541e2 e5d37e5c c0b512ba 98701889 = 05000014=0A= 9512d78c 683c9ce8 ae432d6d 74083668 00000017 03000000 73616b61 = 6e65406b=0A= 616d652e 6e6574=0A= 2001-06-20 13:41:28: ERROR: isakmp.c:1380:isakmp_ph1resend(): phase1 = negotiation failed due to time up. cbc6f7f55ad2389f:0000000000000000=0A= 2001-06-20 13:44:10: INFO: session.c:276:check_sigreq(): caught signal = 2=0A= 2001-06-20 13:44:10: DEBUG: pfkey.c:191:pfkey_handler(): get pfkey = FLUSH message=0A= 2001-06-20 13:44:10: DEBUG: plog.c:205:plogdump(): =0A= 02090000 02000000 00000000 d9020000=0A= 2001-06-20 13:44:11: DEBUG: pfkey.c:277:pfkey_dump_sadb(): call = pfkey_send_dump=0A= 2001-06-20 13:44:11: ERROR: backupsa.c:355:backupsa_clean(): failed to = clean the backup file (null).=0A= ------_=_NextPart_000_01C0F997.4CD17FF0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message