Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Nov 2007 08:46:28 -0800 (PST)
From:      john decot <johndecot@yahoo.com>
To:        VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>, freebsd-security@freebsd.org
Subject:   Re:   IPSEC help
Message-ID:  <465714.76277.qm@web55414.mail.re4.yahoo.com>
In-Reply-To: <20071120123418.GA32444@zen.inc>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

    I have change life time in both side i.e 28800 sec but  unlucky again.

the following is the logs after change lifetime. comparision of lifetime is now
28800:28800


2007-11-20 20:27:12: DEBUG2: lifetime = 28800
2007-11-20 20:27:12: DEBUG2: lifebyte = 0
2007-11-20 20:27:12: DEBUG2: encklen=0
2007-11-20 20:27:12: DEBUG2: p:1 t:1
2007-11-20 20:27:12: DEBUG2: 3DES-CBC(5)
2007-11-20 20:27:12: DEBUG2: SHA(2)
2007-11-20 20:27:12: DEBUG2: 1024-bit MODP group(2)
2007-11-20 20:27:12: DEBUG2: RSA signatures(3)
2007-11-20 20:27:12: DEBUG2: 
2007-11-20 20:27:12: DEBUG: hmac(modp1024)
2007-11-20 20:27:12: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2007-11-20 20:27:12: DEBUG2: parse successed.
2007-11-20 20:27:12: DEBUG: my interface: 202.70.87.123 (lnc0)
2007-11-20 20:27:12: DEBUG: my interface: fe80::1%lo0 (lo0)
2007-11-20 20:27:12: DEBUG: my interface: ::1 (lo0)
2007-11-20 20:27:12: DEBUG: my interface: 127.0.0.1 (lo0)
2007-11-20 20:27:12: DEBUG: configuring default isakmp port.
2007-11-20 20:27:12: DEBUG: 4 addrs are configured successfully
2007-11-20 20:27:12: INFO: 127.0.0.1[500] used as isakmp port (fd=4)
2007-11-20 20:27:12: INFO: ::1[500] used as isakmp port (fd=5)
2007-11-20 20:27:12: INFO: fe80::1%lo0[500] used as isakmp port (fd=6)
2007-11-20 20:27:12: INFO: 202.70.87.123[500] used as isakmp port (fd=7)
2007-11-20 20:27:12: DEBUG: get pfkey X_SPDDUMP message
2007-11-20 20:27:12: DEBUG2: 
02120000 17000100 01000000 ce020000 03000500 ff200000 10020000 cb5b82ad
00000000 00000000 03000600 ff200000 10020000 ca46577b 00000000 00000000
07001200 02000100 04400000 00000000 28003200 02020000 10020000 cb5b82ad
00000000 00000000 10020000 ca46577b 00000000 00000000 04000200 00000000
00000000 00000000 34f14247 00000000 34f14247 00000000 04000300 00000000
00000000 00000000 00000000 00000000 00000000 00000000
2007-11-20 20:27:12: DEBUG: get pfkey X_SPDDUMP message
2007-11-20 20:27:12: DEBUG2: 
02120000 17000100 00000000 ce020000 03000500 ff200000 10020000 ca46577b
00000000 00000000 03000600 ff200000 10020000 cb5b82ad 00000000 00000000
07001200 02000200 05400000 00000000 28003200 02020000 10020000 ca46577b
00000000 00000000 10020000 cb5b82ad 00000000 00000000 04000200 00000000
00000000 00000000 34f14247 00000000 c1f14247 00000000 04000300 00000000
00000000 00000000 00000000 00000000 00000000 00000000
2007-11-20 20:27:12: DEBUG: sub:0xbfbfe600: 202.70.87.123/32[0] 203.91.130.173/32[0] proto=any dir=out
2007-11-20 20:27:12: DEBUG: db :0x809fa08: 203.91.130.173/32[0] 202.70.87.123/32[0] proto=any dir=in
2007-11-20 20:27:31: DEBUG: ===
2007-11-20 20:27:31: DEBUG: 84 bytes message received from 203.91.130.173[500] to 202.70.87.123[500]
2007-11-20 20:27:31: DEBUG: 
97986acd b6c3711c 0c54bbe7 18fce101 08100501 d953545f 00000054 7fae97bf
94a077f0 2f4cc211 731009a0 5d77f1ee 202451d0 cecc9200 bba29735 6442fa30
5b69f5b6 899625ff e2fa2eda 76f27e8e 09cb1b8e
2007-11-20 20:27:31: ERROR: unknown Informational exchange received.
2007-11-20 20:27:31: DEBUG: ===
2007-11-20 20:27:31: DEBUG: 276 bytes message received from 203.91.130.173[500] to 202.70.87.123[500]
2007-11-20 20:27:31: DEBUG: 
0f99cf2a db2bf6a3 00000000 00000000 01100200 00000000 00000114 0d0000a4
00000001 00000001 00000098 01010004 03000024 01010000 80010005 80020002
80040002 80030003 800b0001 000c0004 00007080 03000024 02010000 80010005
80020001 80040002 80030003 800b0001 000c0004 00007080 03000024 03010000
80010001 80020002 80040001 80030003 800b0001 000c0004 00007080 00000024
04010000 80010001 80020001 80040001 80030003 800b0001 000c0004 00007080
0d000018 1e2b5169 05991c7d 7c96fcbf b587e461 00000004 0d000014 4048b7d5
6ebce885 25e7de7f 00d6c2d3 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f
00000014 26244d38 eddb61b3 172a36e3 d0cfb819
2007-11-20 20:27:31: DEBUG: anonymous configuration selected for 203.91.130.173[500].
2007-11-20 20:27:31: DEBUG: ===
2007-11-20 20:27:31: INFO: respond new phase 1 negotiation: 202.70.87.123[500]<=>203.91.130.173[500]
2007-11-20 20:27:31: INFO: begin Identity Protection mode.
2007-11-20 20:27:31: DEBUG: begin.
2007-11-20 20:27:31: DEBUG: seen nptype=1(sa)
2007-11-20 20:27:31: DEBUG: seen nptype=13(vid)
2007-11-20 20:27:31: DEBUG: seen nptype=13(vid)
2007-11-20 20:27:31: DEBUG: seen nptype=13(vid)
2007-11-20 20:27:31: DEBUG: seen nptype=13(vid)
2007-11-20 20:27:31: DEBUG: succeed.
2007-11-20 20:27:31: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
2007-11-20 20:27:31: INFO: received Vendor ID: FRAGMENTATION
2007-11-20 20:27:31: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2007-11-20 20:27:31: DEBUG: received unknown Vendor ID
2007-11-20 20:27:31: DEBUG: total SA len=160
2007-11-20 20:27:31: DEBUG: 
00000001 00000001 00000098 01010004 03000024 01010000 80010005 80020002
80040002 80030003 800b0001 000c0004 00007080 03000024 02010000 80010005
80020001 80040002 80030003 800b0001 000c0004 00007080 03000024 03010000
80010001 80020002 80040001 80030003 800b0001 000c0004 00007080 00000024
04010000 80010001 80020001 80040001 80030003 800b0001 000c0004 00007080
2007-11-20 20:27:31: DEBUG: begin.
2007-11-20 20:27:31: DEBUG: seen nptype=2(prop)
2007-11-20 20:27:31: DEBUG: succeed.
2007-11-20 20:27:31: DEBUG: proposal #1 len=152
2007-11-20 20:27:31: DEBUG: begin.
2007-11-20 20:27:31: DEBUG: seen nptype=3(trns)
2007-11-20 20:27:31: DEBUG: seen nptype=3(trns)
2007-11-20 20:27:31: DEBUG: seen nptype=3(trns)
2007-11-20 20:27:31: DEBUG: seen nptype=3(trns)
2007-11-20 20:27:31: DEBUG: succeed.
2007-11-20 20:27:31: DEBUG: transform #1 len=36
2007-11-20 20:27:31: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2007-11-20 20:27:31: DEBUG: encryption(3des)
2007-11-20 20:27:31: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2007-11-20 20:27:31: DEBUG: hash(sha1)
2007-11-20 20:27:31: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-11-20 20:27:31: DEBUG: hmac(modp1024)
2007-11-20 20:27:31: DEBUG: type=Authentication Method, flag=0x8000, lorv=RSA signatures
2007-11-20 20:27:31: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-11-20 20:27:31: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-11-20 20:27:31: DEBUG: transform #2 len=36
2007-11-20 20:27:31: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2007-11-20 20:27:31: DEBUG: encryption(3des)
2007-11-20 20:27:31: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-11-20 20:27:31: DEBUG: hash(md5)
2007-11-20 20:27:31: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-11-20 20:27:31: DEBUG: hmac(modp1024)
2007-11-20 20:27:31: DEBUG: type=Authentication Method, flag=0x8000, lorv=RSA signatures
2007-11-20 20:27:31: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-11-20 20:27:31: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-11-20 20:27:31: DEBUG: transform #3 len=36
2007-11-20 20:27:31: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
2007-11-20 20:27:31: DEBUG: encryption(des)
2007-11-20 20:27:31: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2007-11-20 20:27:31: DEBUG: hash(sha1)
2007-11-20 20:27:31: DEBUG: type=Group Description, flag=0x8000, lorv=768-bit MODP group
2007-11-20 20:27:31: DEBUG: hmac(modp768)
2007-11-20 20:27:31: DEBUG: type=Authentication Method, flag=0x8000, lorv=RSA signatures
2007-11-20 20:27:31: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-11-20 20:27:31: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-11-20 20:27:31: DEBUG: transform #4 len=36
2007-11-20 20:27:31: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
2007-11-20 20:27:31: DEBUG: encryption(des)
2007-11-20 20:27:31: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-11-20 20:27:31: DEBUG: hash(md5)
2007-11-20 20:27:31: DEBUG: type=Group Description, flag=0x8000, lorv=768-bit MODP group
2007-11-20 20:27:31: DEBUG: hmac(modp768)
2007-11-20 20:27:31: DEBUG: type=Authentication Method, flag=0x8000, lorv=RSA signatures
2007-11-20 20:27:31: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-11-20 20:27:31: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-11-20 20:27:31: DEBUG: pair 1:
2007-11-20 20:27:31: DEBUG:  0x80a94e0: next=0x0 tnext=0x80a94f0
2007-11-20 20:27:31: DEBUG:   0x80a94f0: next=0x0 tnext=0x80a9500
2007-11-20 20:27:31: DEBUG:    0x80a9500: next=0x0 tnext=0x80a9510
2007-11-20 20:27:31: DEBUG:     0x80a9510: next=0x0 tnext=0x0
2007-11-20 20:27:31: DEBUG: proposal #1: 4 transform
2007-11-20 20:27:31: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4
2007-11-20 20:27:31: DEBUG: trns#=1, trns-id=IKE
2007-11-20 20:27:31: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2007-11-20 20:27:31: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2007-11-20 20:27:31: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-11-20 20:27:31: DEBUG: type=Authentication Method, flag=0x8000, lorv=RSA signatures
2007-11-20 20:27:31: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-11-20 20:27:31: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-11-20 20:27:31: DEBUG: Compared: DB:Peer
2007-11-20 20:27:31: DEBUG: (lifetime = 28800:28800)
2007-11-20 20:27:31: DEBUG: (lifebyte = 0:0)
2007-11-20 20:27:31: DEBUG: enctype = 3DES-CBC:3DES-CBC
2007-11-20 20:27:31: DEBUG: (encklen = 0:0)
2007-11-20 20:27:31: DEBUG: hashtype = SHA:SHA
2007-11-20 20:27:31: DEBUG: authmethod = RSA signatures:RSA signatures
2007-11-20 20:27:31: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group
2007-11-20 20:27:31: DEBUG: an acceptable proposal found.
2007-11-20 20:27:31: DEBUG: hmac(modp1024)
2007-11-20 20:27:31: DEBUG: new cookie:
ee30ac4a17d6ee8b 
2007-11-20 20:27:31: DEBUG: add payload of len 52, next type 13
2007-11-20 20:27:31: DEBUG: add payload of len 16, next type 0
2007-11-20 20:27:31: DEBUG: 104 bytes from 202.70.87.123[500] to 203.91.130.173[500]
2007-11-20 20:27:31: DEBUG: sockname 202.70.87.123[500]
2007-11-20 20:27:31: DEBUG: send packet from 202.70.87.123[500]
2007-11-20 20:27:31: DEBUG: send packet to 203.91.130.173[500]
2007-11-20 20:27:31: DEBUG: 1 times of 104 bytes message will be sent to 203.91.130.173[500]
2007-11-20 20:27:31: DEBUG: 
0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 01100200 00000000 00000068 0d000038
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020002
80040002 80030003 800b0001 000c0004 00007080 00000014 afcad713 68a1f1c9
6b8696fc 77570100
2007-11-20 20:27:31: DEBUG: resend phase1 packet 0f99cf2adb2bf6a3:ee30ac4a17d6ee8b
2007-11-20 20:27:31: DEBUG: ===
2007-11-20 20:27:31: DEBUG: 184 bytes message received from 203.91.130.173[500] to 202.70.87.123[500]
2007-11-20 20:27:31: DEBUG: 
0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 04100200 00000000 000000b8 0a000084
4e85c725 45a986f5 a0f20d2b dd982002 c53296c0 35612c43 0d53065a b0a5c7e9
661aaa56 46a50046 3f30d5a3 98119684 bd76515a ad95b9f9 6c5d7183 0321e23e
0815ea83 f6973157 9b12a091 fc133d89 365803d5 2146db50 ea6c1574 6986d7d7
78bec3cf e93229ce 37759460 9a5ec52e 020cc8fa fbf3b316 43c93524 fc3edbc4
00000018 64980a47 4b0b1245 8244d686 0bd0343f 134764c8
2007-11-20 20:27:31: DEBUG: begin.
2007-11-20 20:27:31: DEBUG: seen nptype=4(ke)
2007-11-20 20:27:31: DEBUG: seen nptype=10(nonce)
2007-11-20 20:27:31: DEBUG: succeed.
2007-11-20 20:27:31: DEBUG: ===
2007-11-20 20:27:31: DEBUG: compute DH's private.
2007-11-20 20:27:31: DEBUG: 
49cc619e 813db34a f9d4b01d 04132736 e26b8e16 fdc860d5 6ce64ef4 69633814
7d59e4cf 2c6c4656 c3fc86a3 58293c80 0e0a37f8 148cb30f 8f858f5b f44d6d4c
a6ed2f66 f28a7a23 3a028212 97d32189 4353af74 fc70a28e db10e277 67a3236f
e853a894 5c902a76 4a7ae6d3 e6cc8d30 f93f6e61 6da15e51 a6e023ad 6410ceb5
2007-11-20 20:27:31: DEBUG: compute DH's public.
2007-11-20 20:27:31: DEBUG: 
099592c3 f66bf7df 45605144 84704464 eb40bac8 2d77d376 15268e5b 4a678fce
09a45e08 4ef19648 714379f5 ded1adf8 c6ca5f5a 7fe71529 712efef0 b4548e38
73eb352a 5ca316ee 8551a1f3 88f347b7 9a65c237 b513bd91 2a25fb00 85df8702
99180797 d0f8e91e 82407174 d8c0bee5 0366337f 6b57b426 ef442107 45276e29
2007-11-20 20:27:31: DEBUG: create my CR: X.509 Certificate Signature
2007-11-20 20:27:31: DEBUG: add payload of len 128, next type 10
2007-11-20 20:27:31: DEBUG: add payload of len 16, next type 7
2007-11-20 20:27:31: DEBUG: add payload of len 1, next type 0
2007-11-20 20:27:31: DEBUG: 185 bytes from 202.70.87.123[500] to 203.91.130.173[500]
2007-11-20 20:27:31: DEBUG: sockname 202.70.87.123[500]
2007-11-20 20:27:31: DEBUG: send packet from 202.70.87.123[500]
2007-11-20 20:27:31: DEBUG: send packet to 203.91.130.173[500]
2007-11-20 20:27:31: DEBUG: 1 times of 185 bytes message will be sent to 203.91.130.173[500]
2007-11-20 20:27:31: DEBUG: 
0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 04100200 00000000 000000b9 0a000084
099592c3 f66bf7df 45605144 84704464 eb40bac8 2d77d376 15268e5b 4a678fce
09a45e08 4ef19648 714379f5 ded1adf8 c6ca5f5a 7fe71529 712efef0 b4548e38
73eb352a 5ca316ee 8551a1f3 88f347b7 9a65c237 b513bd91 2a25fb00 85df8702
99180797 d0f8e91e 82407174 d8c0bee5 0366337f 6b57b426 ef442107 45276e29
07000014 f8a01726 a1c3f216 2d725236 6277011b 00000005 04
2007-11-20 20:27:31: DEBUG: resend phase1 packet 0f99cf2adb2bf6a3:ee30ac4a17d6ee8b
2007-11-20 20:27:31: DEBUG: compute DH's shared.
2007-11-20 20:27:31: DEBUG: 
9bbaa055 88c76d7c b1fd290b d399c5cd e3fd7d3e 1579daa7 239e28b4 1b519c18
cc311190 198c89cd 26c69c38 2ad04a88 08fef2c3 75ed6f2e fa0ec13a a4bf2ab6
35661f0a 38588d4a e815a4bd 0a853c96 cc5502b8 ec727e0e 90582cf9 f1c3e1ad
783f12e2 bfdc8915 981efd03 8b9f50d4 e44d3d2e 525b1172 aae8e384 1ab53ef6
2007-11-20 20:27:31: DEBUG: nonce1: 2007-11-20 20:27:31: DEBUG: 
64980a47 4b0b1245 8244d686 0bd0343f 134764c8
2007-11-20 20:27:31: DEBUG: nonce2: 2007-11-20 20:27:31: DEBUG: 
f8a01726 a1c3f216 2d725236 6277011b
2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1)
2007-11-20 20:27:31: DEBUG: SKEYID computed:
2007-11-20 20:27:31: DEBUG: 
09882c9f e271f4a4 a181d9b0 6d35ba07 181e6109
2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1)
2007-11-20 20:27:31: DEBUG: SKEYID_d computed:
2007-11-20 20:27:31: DEBUG: 
f7b31593 83e8a23a 6fbb0dd8 2a1f81f8 4c5a1f53
2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1)
2007-11-20 20:27:31: DEBUG: SKEYID_a computed:
2007-11-20 20:27:31: DEBUG: 
0d56f7b5 3a1c100b b83f978c 85a476eb 089a1cf9
2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1)
2007-11-20 20:27:31: DEBUG: SKEYID_e computed:
2007-11-20 20:27:31: DEBUG: 
66d03d25 7858c8d2 6d7ce36a f67b3b09 1f0bf875
2007-11-20 20:27:31: DEBUG: encryption(3des)
2007-11-20 20:27:31: DEBUG: hash(sha1)
2007-11-20 20:27:31: DEBUG: len(SKEYID_e) < len(Ka) (20 < 24), generating long key (Ka = K1 | K2 | ...)
2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1)
2007-11-20 20:27:31: DEBUG: compute intermediate encryption key K1
2007-11-20 20:27:31: DEBUG: 
00
2007-11-20 20:27:31: DEBUG: 
c90e0b4c 37788ed5 e8900200 ec6b0739 4b9a961a
2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1)
2007-11-20 20:27:31: DEBUG: compute intermediate encryption key K2
2007-11-20 20:27:31: DEBUG: 
c90e0b4c 37788ed5 e8900200 ec6b0739 4b9a961a
2007-11-20 20:27:31: DEBUG: 
0d44b4e7 8eb7fc58 a7beb122 dbb66c11 09c68be7
2007-11-20 20:27:31: DEBUG: final encryption key computed:
2007-11-20 20:27:31: DEBUG: 
c90e0b4c 37788ed5 e8900200 ec6b0739 4b9a961a 0d44b4e7
2007-11-20 20:27:31: DEBUG: hash(sha1)
2007-11-20 20:27:31: DEBUG: encryption(3des)
2007-11-20 20:27:31: DEBUG: IV computed:
2007-11-20 20:27:31: DEBUG: 
0a536fb1 8fd806a7
2007-11-20 20:27:31: DEBUG: ===
2007-11-20 20:27:31: DEBUG: 84 bytes message received from 203.91.130.173[500] to 202.70.87.123[500]
2007-11-20 20:27:31: DEBUG: 
0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 08100501 9d6a3089 00000054 5d8e333a
0bf26cc3 8eedb74b 16124d12 7ffb7bc1 9c9af7c4 b03a75f1 7274a817 367405c0
3b6a9e7d 23e168da 4a0d30ff a94585d4 14272c4c
2007-11-20 20:27:31: DEBUG: receive Information.
2007-11-20 20:27:31: DEBUG: compute IV for phase2
2007-11-20 20:27:31: DEBUG: phase1 last IV:
2007-11-20 20:27:31: DEBUG: 
0a536fb1 8fd806a7 9d6a3089
2007-11-20 20:27:31: DEBUG: hash(sha1)
2007-11-20 20:27:31: DEBUG: encryption(3des)
2007-11-20 20:27:31: DEBUG: phase2 IV computed:
2007-11-20 20:27:31: DEBUG: 
851268e7 9ef949af
2007-11-20 20:27:31: DEBUG: begin decryption.
2007-11-20 20:27:31: DEBUG: encryption(3des)
2007-11-20 20:27:31: DEBUG: IV was saved for next processing:
2007-11-20 20:27:31: DEBUG: 
a94585d4 14272c4c
2007-11-20 20:27:31: DEBUG: encryption(3des)
2007-11-20 20:27:31: DEBUG: with key:
2007-11-20 20:27:31: DEBUG: 
c90e0b4c 37788ed5 e8900200 ec6b0739 4b9a961a 0d44b4e7
2007-11-20 20:27:31: DEBUG: decrypted payload by IV:
2007-11-20 20:27:31: DEBUG: 
851268e7 9ef949af
2007-11-20 20:27:31: DEBUG: decrypted payload, but not trimed.
2007-11-20 20:27:31: DEBUG: 
0b000018 303a48d0 adbdd426 c1af17aa 1a4d59c1 1cebd133 0000001c 00000001
0110001c 0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 00000000
2007-11-20 20:27:31: DEBUG: padding len=1
2007-11-20 20:27:31: DEBUG: skip to trim padding.
2007-11-20 20:27:31: DEBUG: decrypted.
2007-11-20 20:27:31: DEBUG: 
0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 08100501 9d6a3089 00000054 0b000018
303a48d0 adbdd426 c1af17aa 1a4d59c1 1cebd133 0000001c 00000001 0110001c
0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 00000000
2007-11-20 20:27:31: ERROR: ignore information because ISAKMP-SA has not been established yet.
2007-11-20 20:27:41: DEBUG: 185 bytes from 202.70.87.123[500] to 203.91.130.173[500]
2007-11-20 20:27:41: DEBUG: sockname 202.70.87.123[500]
2007-11-20 20:27:41: DEBUG: send packet from 202.70.87.123[500]
2007-11-20 20:27:41: DEBUG: send packet to 203.91.130.173[500]
2007-11-20 20:27:41: DEBUG: 1 times of 185 bytes message will be sent to 203.91.130.173[500]
2007-11-20 20:27:41: DEBUG: 
0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 04100200 00000000 000000b9 0a000084
099592c3 f66bf7df 45605144 84704464 eb40bac8 2d77d376 15268e5b 4a678fce
09a45e08 4ef19648 714379f5 ded1adf8 c6ca5f5a 7fe71529 712efef0 b4548e38
73eb352a 5ca316ee 8551a1f3 88f347b7 9a65c237 b513bd91 2a25fb00 85df8702
99180797 d0f8e91e 82407174 d8c0bee5 0366337f 6b57b426 ef442107 45276e29
07000014 f8a01726 a1c3f216 2d725236 6277011b 00000005 04
2007-11-20 20:27:41: DEBUG: resend phase1 packet 0f99cf2adb2bf6a3:ee30ac4a17d6ee8b



Regards,
John



VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> wrote: On Tue, Nov 20, 2007 at 02:57:17AM -0800, john decot wrote:
> Hi,
> 
>       I have checked with different mode that obey and found error
>       no valid proposal  and again i change lifetime too in bsd
>       server. But I can't found where should i have to change those
>       parameter in remote windows ipsec box.

You shouldn't have to change setup on both ends: you can just changes
values on one end (the BSD server) to match values of the other end.

Acoording to the quick look I had at your previous dump and to my
memory (ok, so that's probably not exact :-), you should  just have to
change lifetime to 28800 sec in remote section.


Yvan.

-- 
NETASQ
http://www.netasq.com
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


       
---------------------------------
Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?465714.76277.qm>