[ Home | Liste | F.A.Q. | Risorse | Cerca... ]


[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]


Archivio: openbsd@sikurezza.org
Soggetto: [openbsd] LUNGO - VPN isakmpd (openbsd 3.8) <--> frees/wan (linux)
Mittente: pallotron
Data: Mon, 12 Dec 2005 20:42:14 +0100 (CET)
ciao a tutti (forse questo e' il mio primo post),
btw ho un problema che mi sta facendo impazzire!!!! :(
se qualcuno ha esperienza di vpn isakmpd<->freeswan lo prego in
ginocchio :))))
il messaggio e' un po' lungo... e mi dispiace :)

devo realizzare un tunnel VPN tra il mio gw aziendale (openbsd 3.8 con
isakmpd) ed un gw linux (frees/wan).
stando a quanto mi e' stato comunicato dal personale dall'altro capo del
filo (purtoppo non sono io ad amministrare quel gw ne' personale della
mia azienda), il gw utilizza 3DES-SHA1. 
l'amministratore del gw linux mi ha dato alcune info, questo e' l'unico
supporto che ho avuto dopo dei:

- uhm
- si forse si
- potrebbe essere cosi'
- si effettivamente potresti avere ragione, prova! 

:)

mi ha fatto vedere uno stralcio di ipsec.conf sulla sua macchina:

----------------8< STRALCIO DI IPSEC.CONF >8----------------------------

config setup
       interfaces=%defaultroute
       klipsdebug=none
       plutodebug=none
       plutoload=%search
       plutostart=%search
       uniqueids=yes
       overridemtu=1444

conn vpnditest 
       keyingtries=0
       disablearrivalcheck=no
       authby=secret
       rekey=no
       keylife=8h
       ikelifetime=8h
       pfs=yes
       left=X.Y.Z.130 <--- il public ip del mio gw vpn
       leftsubnet=192.168.3.0/24 # <----- e' la mia subnet
       right=X.Y.Z.250 # <---------- il public ip freeswan
       rightnexthop=213.230.155.225
       rightsubnet=10.10.11.0/24 <----- la subnet dall'altro lato
       auto=add

----------------8< EOF IPSEC.CONF >8------------------------------------

nel file ipsec.secrets ci sta la password (si utilizza un pre-shared
secret).
cosi' ho configurato il mio gw in questo modo:

----------------8< BEGIN ISAKMPD.CONF >8--------------------------------

[General]
Listen-on=              X.Y.Z.130

[Phase 1]
X.Y.Z.250=        AltraAzienda

[Phase 2]
Connections=    MiaAzienda-AltraAzienda

[AltraAzienda]
Phase=                  1
Transport=              udp
Address=                X.Y.Z.250
Configuration=          Default-main-mode
Authentication=         password_segreta

[MiaAzienda-AltraAzienda]
Phase=                  2
ISAKMP-peer=            AltraAzienda
Configuration=          Default-quick-mode
Local-ID=               Net-MiaAzienda
Remote-ID=              Net-AltraAzienda

[Net-AltraAzienda]
ID-type=                IPV4_ADDR_SUBNET
Network=                10.10.11.0
Netmask=                255.255.255.0

[Net-MiaAzienda]
ID-type=                IPV4_ADDR_SUBNET
Network=                192.168.3.0
Netmask=                255.255.255.0

[Default-main-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          ID_PROT
Transforms=             3DES-SHA
Life=                   LIFE_8_HOURS

[Default-quick-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          QUICK_MODE
Suites=                 QM-ESP-3DES-SHA-PFS-SUITE
# messo PFS perche' su ipsec.conf c'e':
# pfs=yes
Life=                   LIFE_8_HOURS

# messo a 8 ore perche' su ipsec.conf c'e' questo: 
# keylife=8h
# ikelifetime=8h
[LIFE_8_HOURS]
LIFE_TYPE=              SECONDS
LIFE_DURATION=          28800

----------------8< EOF ISAKMPD.CONF >8--------------------------------

quando avvio isakmpd -d mi da', dopo un po':

root@attila:/etc/isakmpd:8># isakmpd -d                                       
202117.030850 Default transport_send_messages: giving up on exchange
AltraAzienda, no response from peer X.Y.Z.250:500

un tcpdump non troppo elegande mi dice:

<root@attila:/root:3># tcpdump -n host X.Y.Z.250
tcpdump: listening on fxp0, link-type EN10MB
20:23:01.363639 X.Y.Z.250.500 > 85.47.207.130.500:  isakmp v1.0
exchange ID_PROT
        cookie: 6f20fd564cec0fa6->0000000000000000 msgid: 00000000 len:
176 (DF)
20:23:01.365309 85.47.207.130.500 > X.Y.Z.250.500:  isakmp v1.0
exchange ID_PROT
        cookie: 6f20fd564cec0fa6->6d2a1064c1cb8341 msgid: 00000000 len:
160
20:23:08.370879 85.47.207.130.500 > X.Y.Z.250.500:  isakmp v1.0
exchange ID_PROT
        cookie: 6f20fd564cec0fa6->6d2a1064c1cb8341 msgid: 00000000 len:
160

e via discorrendo fino a quando non killo isakmpd.
un "tcpdump -n esp" non dice assolutamente niente (forse perche' ancora
il tunnel non si e' instaurato).

le regole di pf.conf dovrebbero essere corrette, ne estrapolo alcuni
pezzi:

----------------8< UN PEZZO DI PF.CONF >8-------------------------------

block log all

########### INTERFACCIA EXT #############

pass in quick proto esp from $vpn_kelyan_gw to $ext_if_vpn_address
pass out quick proto esp from $ext_if_vpn_address to $vpn_kelyan_gw

pass in on $vpn_if proto ipencap from $vpn_kelyan_gw to
$ext_if_vpn_address
pass out on $vpn_if proto ipencap from $ext_if_vpn_address to
$vpn_kelyan_gw

pass in on $vpn_if from $lan_kelyan to $prod_net
pass out on $vpn_if from $prod_net to $lan_kelyan

pass in on $ext_if proto udp from $vpn_kelyan_gw port
{isakmp,ipsec-nat-t} to $ext_if_vpn_address port {isakmp,ipsec-nat-t}
pass out on $ext_if proto udp from $ext_if_vpn_address port
{isakmp,ipsec-nat-t} to $vpn_kelyan_gw port {isakmp,ipsec-nat-t}

-----------------------------------------------------------------------

allego un dump di isakmpd -d -DA=80
se puo' essere d'aiuto io ho gia' un cisco pix 515e gia' in vpn con quel
gw freeswan con questa configurazione:

----------------8< BEGIN OF CISCO PIX SHOW CONFIG DUMP >8-------------

sysopt connection permit-ipsec
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-aes-256 esp-sha-hmac
crypto dynamic-map inside_dyn_map 40 set transform-set ESP-3DES-MD5
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map20 match address outside_cryptomap_20
crypto map outside_map 20 set pfs group2
crypto map outside_map 20 set peer X.Y.Z.250
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic inside_dyn_map
crypto map outside_map client authentication LOCAL
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic inside_dyn_map
isakmp enable outside
isakmp enable inside
isakmp key ******** address X.Y.Z.250 netmask 255.255.255.255 no-xauth no-config-mode 
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 lifetime 28800

----------------8< EOF CISCO PIX SHOW CONFIG DUMP >8--------------------
--  
[ Failla Angelo Michele a.k.a. Pallotron -- Freaknet Medialab Catania ]
[ email: pallotron(at)freaknet.org ---- angelo.failla(at)freaknet.org ]
[ W3: http://www.pallotron.freaknet.org - http://pallotron.spatof.org ]
[ ICQ: 31112052 -------- GPG Key ID: 89450920 available @ pgp.mit.edu ]
[ GPG FingerPrint: 0DE8 DB22 538E D6B9 8784  83E5 1BEA 7D5C 8945 0920 ]

frase casuale automatica generata da polygen -> http://polygen.org/web/:

Potremmo debuggare lo sviluppo di software e percio' bisognera'
realizzare lo sviluppo di Database di modo che possano globalizzare
delle piattaformae freeware e e' bene verticalizzare lo sviluppo
di Data-entry in modo che si debba deployare il design di hardware
in modo che possano testare dei servizi embedded per rilasciare
delle piattaformae performanti.
<root@attila:/etc/isakmpd:12># isakmpd -d -DA=80 
203009.946227 Default log_debug_cmd: log level changed from 0 to 80 for class 0 [priv]
203009.946936 Default log_debug_cmd: log level changed from 0 to 80 for class 1 [priv]
203009.947140 Default log_debug_cmd: log level changed from 0 to 80 for class 2 [priv]
203009.947309 Default log_debug_cmd: log level changed from 0 to 80 for class 3 [priv]
203009.947475 Default log_debug_cmd: log level changed from 0 to 80 for class 4 [priv]
203009.947640 Default log_debug_cmd: log level changed from 0 to 80 for class 5 [priv]
203009.947804 Default log_debug_cmd: log level changed from 0 to 80 for class 6 [priv]
203009.947972 Default log_debug_cmd: log level changed from 0 to 80 for class 7 [priv]
203009.948136 Default log_debug_cmd: log level changed from 0 to 80 for class 8 [priv]
203009.948300 Default log_debug_cmd: log level changed from 0 to 80 for class 9 [priv]
203009.948465 Default log_debug_cmd: log level changed from 0 to 80 for class 10 [priv]
203009.950556 Misc 10 monitor_init: privileges dropped for child process
203009.951264 Misc 80 monitor_loop: MONITOR_PFKEY_OPEN [priv]
203009.951760 Sdep 80 pf_key_v2_write: iov[0]: [priv]
203009.952091 Sdep 80 02070002 02000000 01000000 8c020000  [priv]
203009.952417 Sdep 80 pf_key_v2_read: msg: [priv]
203009.952681 Sdep 80 02070002 15000000 01000000 8c020000 07000e00 00000000 0300a000 a0000000 [priv]
203009.952907 Sdep 80 02008000 80000000 0800a000 a0000000 05000001 00010000 06008001 80010000 [priv]
203009.953130 Sdep 80 07000002 00020000 09000f00 00000000 0b000000 00000000 02404000 40000000 [priv]
203009.953350 Sdep 80 0340c000 c0000000 07402800 c0010000 06402800 80000000 f9405000 50000000 [priv]
203009.953571 Sdep 80 0c808000 00010000 0d80a000 20010000 03001e00 00000000 02000000 00000000 [priv]
203009.953753 Sdep 80 03000000 00000000  [priv]
203009.953942 Sdep 80 pf_key_v2_write: iov[0]: [priv]
203009.954135 Sdep 80 02070001 02000000 02000000 8c020000  [priv]
203009.954348 Sdep 80 pf_key_v2_read: msg: [priv]
203009.954575 Sdep 80 02070001 15000000 02000000 8c020000 07000e00 00000000 0300a000 a0000000 [priv]
203009.954799 Sdep 80 02008000 80000000 0800a000 a0000000 05000001 00010000 06008001 80010000 [priv]
203009.955021 Sdep 80 07000002 00020000 09000f00 00000000 0b000000 00000000 02404000 40000000 [priv]
203009.955239 Sdep 80 0340c000 c0000000 07402800 c0010000 06402800 80000000 f9405000 50000000 [priv]
203009.955459 Sdep 80 0c808000 00010000 0d80a000 20010000 03001e00 00000000 02000000 00000000 [priv]
203009.955641 Sdep 80 03000000 00000000  [priv]
203009.955824 Sdep 80 pf_key_v2_write: iov[0]: [priv]
203009.956018 Sdep 80 02070009 02000000 03000000 8c020000  [priv]
203009.956225 Sdep 80 pf_key_v2_read: msg: [priv]
203009.956454 Sdep 80 02070009 15000000 03000000 8c020000 07000e00 00000000 0300a000 a0000000 [priv]
203009.956679 Sdep 80 02008000 80000000 0800a000 a0000000 05000001 00010000 06008001 80010000 [priv]
203009.956900 Sdep 80 07000002 00020000 09000f00 00000000 0b000000 00000000 02404000 40000000 [priv]
203009.957121 Sdep 80 0340c000 c0000000 07402800 c0010000 06402800 80000000 f9405000 50000000 [priv]
203009.957345 Sdep 80 0c808000 00010000 0d80a000 20010000 03001e00 00000000 02000000 00000000 [priv]
203009.957530 Sdep 80 03000000 00000000  [priv]
203010.383038 Timr 10 timer_add_event: event connection_checker(0x81846e70) added last, expiration in 0s
203010.383658 Misc 60 connection_record_passive: passive connection "MiaAzienda-AltraAzienda" added
203010.383910 Plcy 30 policy_init: initializing
203010.384479 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/ca/
203010.384737 Misc 80 monitor_loop: MONITOR_REQ_READDIR [priv]
203010.385134 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/certs/
203010.385378 Misc 80 monitor_loop: MONITOR_REQ_READDIR [priv]
203010.385684 Cryp 40 x509_read_crls_from_dir: reading CRLs from /etc/isakmpd/crls/
203010.385897 Misc 80 monitor_loop: MONITOR_REQ_READDIR [priv]
203010.386389 Trpt 40 virtual_listen_lookup: no match
203010.386719 Trpt 40 virtual_listen_lookup: no match
203010.386958 Trpt 40 virtual_listen_lookup: no match
203010.387189 Trpt 40 virtual_listen_lookup: no match
203010.387450 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv]
203010.387755 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv]
203010.388031 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv]
203010.388310 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv]
203010.388630 Misc 80 monitor_loop: MONITOR_BIND [priv]
203010.388913 Misc 20 udp_make: transport 0x861f8500 socket 7 ip X.Y.Z.130 port 500
203010.389110 Trpt 70 transport_setup: added 0x861f8500 to transport list
203010.389318 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv]
203010.389601 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv]
203010.389879 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv]
203010.390155 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv]
203010.390460 Misc 80 monitor_loop: MONITOR_BIND [priv]
203010.390732 Misc 20 udp_encap_make: transport 0x861f8540 socket 8 ip X.Y.Z.130 port 4500
203010.390926 Trpt 70 transport_setup: added 0x861f8540 to transport list
203010.391093 Trpt 70 transport_setup: virtual transport 0x861f84c0
203010.391287 Trpt 40 virtual_listen_lookup: no match
203010.391534 Trpt 40 virtual_listen_lookup: no match
203010.391764 Trpt 40 virtual_listen_lookup: no match
203010.391990 Trpt 40 virtual_listen_lookup: no match
203010.392219 Trpt 40 virtual_listen_lookup: no match
203010.392457 Trpt 40 virtual_listen_lookup: no match
203010.392692 Trpt 40 virtual_listen_lookup: no match
203010.392878 Trpt 40 virtual_listen_lookup: no match
203010.393052 Trpt 40 virtual_listen_lookup: no match
203010.393230 Trpt 40 virtual_listen_lookup: no match
203010.393401 Trpt 40 virtual_listen_lookup: no match
203010.393577 Trpt 40 virtual_listen_lookup: no match
203010.393761 Trpt 50 virtual_init: not binding ISAKMP port(s) to ADDR_ANY
203010.393892 Cryp 60 hash_get: requested algorithm 0
203010.394018 Exch 50 nat_t_setup_hashes: MD5("draft-ietf-ipsec-nat-t-ike-02
") (16 bytes)
203010.394133 Exch 50 nat_t_setup_hashes:
203010.394267 Exch 50 90cb8091 3ebb696e 086381b5 ec427b1f 
203010.394385 Exch 50 nat_t_setup_hashes: MD5("draft-ietf-ipsec-nat-t-ike-03") (16 bytes)
203010.394499 Exch 50 nat_t_setup_hashes:
203010.394632 Exch 50 7d9419a6 5310ca6f 2c179d92 15529d56 
203010.394750 Exch 50 nat_t_setup_hashes: MD5("RFC 3947") (16 bytes)
203010.394864 Exch 50 nat_t_setup_hashes:
203010.394997 Exch 50 4a131c81 07035845 5c5728f2 0e95452f 
203010.395127 Misc 80 monitor_loop: MONITOR_UI_INIT [priv]
203010.397628 Timr 10 timer_handle_expirations: event connection_checker(0x81846e70)
203010.397856 Misc 80 monitor_loop: MONITOR_INIT_DONE [priv]
203010.398017 Timr 10 timer_add_event: event connection_checker(0x81846e70) added last, expiration in 60s
203010.398160 Sdep 70 pf_key_v2_connection_check: SA for MiaAzienda-AltraAzienda missing
203010.398456 Trpt 70 transport_setup: added 0x861f8580 to transport list
203010.398661 Trpt 70 transport_setup: added 0x861f85c0 to transport list
203010.398788 Trpt 70 transport_setup: virtual transport 0x861f8600
203010.398976 Timr 10 timer_add_event: event exchange_free_aux(0x7df3a800) added last, expiration in 120s
203010.399117 Cryp 60 hash_get: requested algorithm 1
203010.399368 Exch 10 exchange_establish_p1: 0x7df3a800 AltraAzienda Default-main-mode policy initiator phase 1 doi 1 exchange 2 step 0
203010.399505 Exch 10 exchange_establish_p1: icookie 38ea83d50aaf91ea rcookie 0000000000000000
203010.399626 Exch 10 exchange_establish_p1: msgid 00000000 
203010.399779 SA   80 sa_reference: SA 0x7df3a900 now has 1 references
203010.399904 SA   70 sa_enter: SA 0x7df3a900 added to SA list
203010.400022 SA   80 sa_reference: SA 0x7df3a900 now has 2 references
203010.400140 SA   60 sa_create: sa 0x7df3a900 phase 1 added to exchange 0x7df3a800 (AltraAzienda)
203010.400255 SA   80 sa_reference: SA 0x7df3a900 now has 3 references
203010.400512 Misc 70 attribute_set_constant: no PRF in the 3DES-SHA section
203010.400652 Cryp 60 hash_get: requested algorithm 1
203010.400818 Mesg 70 message_send: message 0x89e14380
203010.400951 Mesg 70 ICOOKIE: 0x38ea83d50aaf91ea
203010.401083 Mesg 70 RCOOKIE: 0x0000000000000000
203010.401200 Mesg 70 NEXT_PAYLOAD: SA
203010.401319 Mesg 70 VERSION: 16
203010.401434 Mesg 70 EXCH_TYPE: ID_PROT
203010.401548 Mesg 70 FLAGS: [ ]
203010.401669 Mesg 70 MESSAGE_ID: 0x00000000
203010.401784 Mesg 70 LENGTH: 160
203010.401949 Mesg 70 message_send: 38ea83d5 0aaf91ea 00000000 00000000 01100200 00000000 000000a0 0d000034
203010.402120 Mesg 70 message_send: 00000001 00000001 00000028 01010001 00000020 00010000 80010005 80020002
203010.402287 Mesg 70 message_send: 80030001 80040002 800b0001 800c0e10 0d000014 90cb8091 3ebb696e 086381b5
203010.402452 Mesg 70 message_send: ec427b1f 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014 4a131c81
203010.402618 Mesg 70 message_send: 07035845 5c5728f2 0e95452f 00000014 afcad713 68a1f1c9 6b8696fc 77570100
203010.402738 Exch 40 exchange_run: exchange 0x7df3a800 finished step 0, advancing...
203010.403011 Trpt 30 transport_send_messages: message 0x89e14380 scheduled for retransmission 1 in 7 secs
203010.403159 Timr 10 timer_add_event: event message_send_expire(0x89e14380) added before connection_checker(0x81846e70), expiration in 7s
203011.279161 Trpt 70 transport_setup: added 0x861f8780 to transport list
203011.279446 Trpt 70 transport_setup: added 0x861f87c0 to transport list
203011.279624 Trpt 50 virtual_clone: old 0x861f84c0 new 0x861f8740 (main is 0x861f8780)
203011.279794 Trpt 70 transport_setup: virtual transport 0x861f8740
203011.279978 Mesg 70 message_recv: message 0x89e14480
203011.280164 Mesg 70 ICOOKIE: 0x6d2c850f44a1e85a
203011.280351 Mesg 70 RCOOKIE: 0x0000000000000000
203011.280544 Mesg 70 NEXT_PAYLOAD: SA
203011.280719 Mesg 70 VERSION: 16
203011.280890 Mesg 70 EXCH_TYPE: ID_PROT
203011.281055 Mesg 70 FLAGS: [ ]
203011.281229 Mesg 70 MESSAGE_ID: 0x00000000
203011.281397 Mesg 70 LENGTH: 176
203011.281619 Mesg 70 message_recv: 6d2c850f 44a1e85a 00000000 00000000 01100200 00000000 000000b0 00000094
203011.281846 Mesg 70 message_recv: 00000001 00000001 00000088 00010004 03000020 00010000 800b0001 800c7080
203011.282071 Mesg 70 message_recv: 80010005 80020001 80030001 80040005 03000020 01010000 800b0001 800c7080
203011.282293 Mesg 70 message_recv: 80010005 80020002 80030001 80040005 03000020 02010000 800b0001 800c7080
203011.282517 Mesg 70 message_recv: 80010005 80020002 80030001 80040002 00000020 03010000 800b0001 800c7080
203011.282713 Mesg 70 message_recv: 80010005 80020001 80030001 80040002 
203011.282991 Mesg 50 message_parse_payloads: offset 28 payload SA
203011.283188 Mesg 60 message_validate_payloads: payload SA at 0x7df3aa1c of message 0x89e14480
203011.283368 Mesg 70 DOI: 1
203011.283569 Exch 80 exchange_lookup_active: avoided early (pre-step 1) exchange 0x7df3a800
203011.283831 Timr 10 timer_add_event: event exchange_free_aux(0x7df3ab00) added last, expiration in 120s
203011.284033 Cryp 60 hash_get: requested algorithm 1
203011.284262 Exch 10 exchange_setup_p1: 0x7df3ab00 AltraAzienda Default-main-mode policy responder phase 1 doi 1 exchange 2 step 0
203011.284454 Exch 10 exchange_setup_p1: icookie 6d2c850f44a1e85a rcookie f8f9106ab8b33396
203011.284623 Exch 10 exchange_setup_p1: msgid 00000000 
203011.284796 SA   80 sa_reference: SA 0x7df3ac00 now has 1 references
203011.284966 SA   70 sa_enter: SA 0x7df3ac00 added to SA list
203011.285136 SA   80 sa_reference: SA 0x7df3ac00 now has 2 references
203011.285306 SA   60 sa_create: sa 0x7df3ac00 phase 1 added to exchange 0x7df3ab00 (AltraAzienda)
203011.285474 SA   80 sa_reference: SA 0x7df3ac00 now has 3 references
203011.285645 Mesg 50 message_parse_payloads: offset 40 payload PROPOSAL
203011.285818 Mesg 50 message_parse_payloads: offset 48 payload TRANSFORM
203011.285986 Mesg 50 Transform 0's attributes
203011.286161 Mesg 50 Attribute LIFE_TYPE value 1
203011.286333 Mesg 50 Attribute LIFE_DURATION value 28800
203011.286498 Mesg 50 Attribute ENCRYPTION_ALGORITHM value 5
203011.286663 Mesg 50 Attribute HASH_ALGORITHM value 1
203011.286832 Mesg 50 Attribute AUTHENTICATION_METHOD value 1
203011.287052 Mesg 50 Attribute GROUP_DESCRIPTION value 5
203011.287221 Mesg 50 message_parse_payloads: offset 80 payload TRANSFORM
203011.287388 Mesg 50 Transform 1's attributes
203011.287557 Mesg 50 Attribute LIFE_TYPE value 1
203011.287683 Mesg 50 Attribute LIFE_DURATION value 28800
203011.287799 Mesg 50 Attribute ENCRYPTION_ALGORITHM value 5
203011.287913 Mesg 50 Attribute HASH_ALGORITHM value 2
203011.288029 Mesg 50 Attribute AUTHENTICATION_METHOD value 1
203011.288148 Mesg 50 Attribute GROUP_DESCRIPTION value 5
203011.288264 Mesg 50 message_parse_payloads: offset 112 payload TRANSFORM
203011.288379 Mesg 50 Transform 2's attributes
203011.288498 Mesg 50 Attribute LIFE_TYPE value 1
203011.288615 Mesg 50 Attribute LIFE_DURATION value 28800
203011.288730 Mesg 50 Attribute ENCRYPTION_ALGORITHM value 5
203011.288844 Mesg 50 Attribute HASH_ALGORITHM value 2
203011.288960 Mesg 50 Attribute AUTHENTICATION_METHOD value 1
203011.289079 Mesg 50 Attribute GROUP_DESCRIPTION value 2
203011.289196 Mesg 50 message_parse_payloads: offset 144 payload TRANSFORM
203011.289312 Mesg 50 Transform 3's attributes
203011.289432 Mesg 50 Attribute LIFE_TYPE value 1
203011.289552 Mesg 50 Attribute LIFE_DURATION value 28800
203011.289669 Mesg 50 Attribute ENCRYPTION_ALGORITHM value 5
203011.289784 Mesg 50 Attribute HASH_ALGORITHM value 1
203011.289901 Mesg 50 Attribute AUTHENTICATION_METHOD value 1
203011.290020 Mesg 50 Attribute GROUP_DESCRIPTION value 2
203011.290139 Mesg 60 message_validate_payloads: payload PROPOSAL at 0x7df3aa28 of message 0x89e14480
203011.290264 Mesg 70 NO: 0
203011.290378 Mesg 70 PROTO: ISAKMP
203011.290525 Mesg 70 SPI_SZ: 0
203011.290642 Mesg 70 NTRANSFORMS: 4
203011.290759 Mesg 60 message_validate_payloads: payload TRANSFORM at 0x7df3aa30 of message 0x89e14480
203011.290880 Mesg 70 NO: 0
203011.290993 Mesg 70 ID: 1
203011.291110 Mesg 60 message_validate_payloads: payload TRANSFORM at 0x7df3aa50 of message 0x89e14480
203011.291232 Mesg 70 NO: 1
203011.291344 Mesg 70 ID: 1
203011.291460 Mesg 60 message_validate_payloads: payload TRANSFORM at 0x7df3aa70 of message 0x89e14480
203011.291582 Mesg 70 NO: 2
203011.291694 Mesg 70 ID: 1
203011.291808 Mesg 60 message_validate_payloads: payload TRANSFORM at 0x7df3aa90 of message 0x89e14480
203011.291931 Mesg 70 NO: 3
203011.292042 Mesg 70 ID: 1
203011.292167 Misc 30 ipsec_responder: phase 1 exchange 2 step 0
203011.292289 Cryp 60 hash_get: requested algorithm 0
203011.292408 Negt 30 message_negotiate_sa: transform 0 proto 1 proposal 0 ok
203011.292538 SA   80 sa_add_transform: proto 0x861f8840 no 0 proto 1 chosen 0x7dfbce60 sa 0x7df3ac00 id 1
203011.292823 Negt 70 attribute_unacceptable: HASH_ALGORITHM: got MD5, expected SHA
203011.292956 Negt 20 ike_phase_1_validate_prop: failure
203011.293073 Negt 30 message_negotiate_sa: proposal 0 failed
203011.293194 Cryp 60 hash_get: requested algorithm 1
203011.293311 Negt 30 message_negotiate_sa: transform 1 proto 1 proposal 0 ok
203011.293438 SA   80 sa_add_transform: proto 0x861f8880 no 0 proto 1 chosen 0x7dfbce80 sa 0x7df3ac00 id 1
203011.293636 Negt 70 attribute_unacceptable: GROUP_DESCRIPTION: got MODP_1536, expected MODP_1024
203011.293765 Negt 20 ike_phase_1_validate_prop: failure
203011.293883 Negt 30 message_negotiate_sa: proposal 0 failed
203011.294003 Cryp 60 hash_get: requested algorithm 1
203011.294119 Negt 30 message_negotiate_sa: transform 2 proto 1 proposal 0 ok
203011.294245 SA   80 sa_add_transform: proto 0x861f88c0 no 0 proto 1 chosen 0x7dfbcea0 sa 0x7df3ac00 id 1
203011.294466 Negt 20 ike_phase_1_validate_prop: success
203011.294592 Negt 30 message_negotiate_sa: proposal 0 succeeded
203011.294758 Misc 20 ipsec_decode_transform: transform 2 chosen
203011.294876 Cryp 60 hash_get: requested algorithm 1
203011.295008 Misc 70 group_get: returning 0x861f8900 of group 2
203011.295134 Exch 40 exchange_run: exchange 0x7df3ab00 finished step 0, advancing...
203011.295290 SA   80 sa_reference: SA 0x7df3ac00 now has 4 references
203011.295412 Misc 30 ipsec_responder: phase 1 exchange 2 step 1
203011.295569 Mesg 70 message_send: message 0x89e14580
203011.295708 Mesg 70 ICOOKIE: 0x6d2c850f44a1e85a
203011.295846 Mesg 70 RCOOKIE: 0xf8f9106ab8b33396
203011.295966 Mesg 70 NEXT_PAYLOAD: SA
203011.296083 Mesg 70 VERSION: 16
203011.296200 Mesg 70 EXCH_TYPE: ID_PROT
203011.296312 Mesg 70 FLAGS: [ ]
203011.296434 Mesg 70 MESSAGE_ID: 0x00000000
203011.296547 Mesg 70 LENGTH: 160
203011.296714 Mesg 70 message_send: 6d2c850f 44a1e85a f8f9106a b8b33396 01100200 00000000 000000a0 0d000034
203011.296885 Mesg 70 message_send: 00000001 00000001 00000028 00010001 00000020 02010000 800b0001 800c7080
203011.297053 Mesg 70 message_send: 80010005 80020002 80030001 80040002 0d000014 90cb8091 3ebb696e 086381b5
203011.297218 Mesg 70 message_send: ec427b1f 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014 4a131c81
203011.297384 Mesg 70 message_send: 07035845 5c5728f2 0e95452f 00000014 afcad713 68a1f1c9 6b8696fc 77570100
203011.297505 Exch 40 exchange_run: exchange 0x7df3ab00 finished step 1, advancing...
203011.297753 Trpt 30 transport_send_messages: message 0x89e14580 scheduled for retransmission 1 in 7 secs
203011.297901 Timr 10 timer_add_event: event message_send_expire(0x89e14580) added before connection_checker(0x81846e70), expiration in 7s
203017.410467 Timr 10 timer_handle_expirations: event message_send_expire(0x89e14380)
203017.410783 Mesg 70 message_send: message 0x89e14380
203017.410994 Mesg 70 ICOOKIE: 0x38ea83d50aaf91ea
203017.411237 Mesg 70 RCOOKIE: 0x0000000000000000
203017.411414 Mesg 70 NEXT_PAYLOAD: SA
203017.411584 Mesg 70 VERSION: 16
203017.411749 Mesg 70 EXCH_TYPE: ID_PROT
203017.411912 Mesg 70 FLAGS: [ ]
203017.412082 Mesg 70 MESSAGE_ID: 0x00000000
203017.412246 Mesg 70 LENGTH: 160
203017.412463 Mesg 70 message_send: 38ea83d5 0aaf91ea 00000000 00000000 01100200 00000000 000000a0 0d000034
203017.412688 Mesg 70 message_send: 00000001 00000001 00000028 01010001 00000020 00010000 80010005 80020002
203017.412909 Mesg 70 message_send: 80030001 80040002 800b0001 800c0e10 0d000014 90cb8091 3ebb696e 086381b5
203017.413126 Mesg 70 message_send: ec427b1f 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014 4a131c81
203017.413343 Mesg 70 message_send: 07035845 5c5728f2 0e95452f 00000014 afcad713 68a1f1c9 6b8696fc 77570100
203017.413630 Trpt 30 transport_send_messages: message 0x89e14380 scheduled for retransmission 2 in 9 secs
203017.413829 Timr 10 timer_add_event: event message_send_expire(0x89e14380) added before connection_checker(0x81846e70), expiration in 9s
203018.310453 Timr 10 timer_handle_expirations: event message_send_expire(0x89e14580)
203018.310660 Mesg 70 message_send: message 0x89e14580
203018.310861 Mesg 70 ICOOKIE: 0x6d2c850f44a1e85a
203018.311050 Mesg 70 RCOOKIE: 0xf8f9106ab8b33396
203018.311223 Mesg 70 NEXT_PAYLOAD: SA
203018.311393 Mesg 70 VERSION: 16
203018.311556 Mesg 70 EXCH_TYPE: ID_PROT
203018.311720 Mesg 70 FLAGS: [ ]
203018.311890 Mesg 70 MESSAGE_ID: 0x00000000
203018.312056 Mesg 70 LENGTH: 160
203018.312269 Mesg 70 message_send: 6d2c850f 44a1e85a f8f9106a b8b33396 01100200 00000000 000000a0 0d000034
203018.312491 Mesg 70 message_send: 00000001 00000001 00000028 00010001 00000020 02010000 800b0001 800c7080
203018.312712 Mesg 70 message_send: 80010005 80020002 80030001 80040002 0d000014 90cb8091 3ebb696e 086381b5
203018.312930 Mesg 70 message_send: ec427b1f 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014 4a131c81
203018.313149 Mesg 70 message_send: 07035845 5c5728f2 0e95452f 00000014 afcad713 68a1f1c9 6b8696fc 77570100
203018.313414 Trpt 30 transport_send_messages: message 0x89e14580 scheduled for retransmission 2 in 9 secs
203018.313608 Timr 10 timer_add_event: event message_send_expire(0x89e14580) added before connection_checker(0x81846e70), expiration in 9s
^C203021.621041 Default isakmpd: shutting down...

Attachment: pgpKNuO7fQInz.pgp
Description: PGP signature




[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005