The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

форумы  помощь  поиск  регистрация  майллист  ВХОД  слежка  RSS
"ipsec freeBSD и windows"
Вариант для распечатки  
Пред. тема | След. тема 
Форумы Информационная безопасность (Public)
Изначальное сообщение [Проследить за развитием треда]

"ipsec freeBSD и windows"  
Сообщение от Alligator email(ok) on 04-Фев-07, 22:42 
Всем привет!
Есть такая конфигурация: есть комп с freebsd 6.1 на ней два интерфейса один wifi в режиме точки доступа смотрит внутрь 192.168.1.1, другая сетевуха смотрит в сеть провайдера адрес по дцхп получает(192.168.201.x) к инету коннект через pptp vpn, также поднят нат чтоб с буком (192.168.1.11)по квартире ходить, теперь необходимо защитить wifi с помощью ipsec делал как в мануале тимоти хана ничего не получилось
Вот конфиги:
rc.conf

gateway_enable="YES"
inetd_enable="YES"
keymap="ru.koi8-r"
linux_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
#ipsec_enable="YES"
#ipsec_file="/etc/ipsec.conf"
ifconfig_fxp0="DHCP"
hostname=",бла бла бла"
firewall_enable="YES"
firewall_type="OPEN"
natd_enable="YES"
natd_interface="tun0"
natd_flags="-dynamic"

правила при загрузке отключены я загружаю командой setkey -f /etc/ipsec.conf


ipsec.conf
flush;
        spdflush;
        spdadd 192.168.1.11 0.0.0.0/0 any -P in ipsec
         esp/tunnel/192.168.1.11-192.168.1.1/require;
        spdadd 0.0.0.0/0 192.168.1.11 any -P out ipsec
         esp/tunnel/192.168.1.1-192.168.1.11/require;

racoon.conf

# $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $

# "path" affects "include" directives.  "path" must be specified before any
# "include" directive with relative file path.
# you can overwrite "path" directive afterwards, however, doing so may add
# more confusion.
path include "/usr/local/etc/racoon";
#include "remote.conf";

# the file should contain key ID/key pairs, for pre-shared key authentication.
path pre_shared_key "/usr/local/etc/racoon/psk.txt";

# racoon will look for certificate file in the directory,
# if the certificate/certificate request payload is received.
#path certificate "@sysconfdir_x@/cert";

# "log" specifies logging level.  It is followed by either "notify", "debug"
# or "debug2".
#log debug;

# "padding" defines some padding parameters.  You should not touch these.
padding
{
        maximum_length 20;      # maximum padding length.
        randomize off;          # enable randomize length.
        strict_check off;       # enable strict check.
        exclusive_tail off;     # extract last one octet.
}

# if no listen directive is specified, racoon will listen on all
# available interface addresses.
listen
{
        #isakmp ::1 [7000];
        isakmp 192.168.1.1 [500];
        #admin [7002];          # administrative port for racoonctl.
        #strict_address;        # requires that all addresses must be bound.
}

# Specify various default timers.
timer
{
        # These value can be changed per remote node.
        counter 5;              # maximum trying count to send.
        interval 20 sec;        # maximum interval to resend.
        persend 1;              # the number of packets per send.

        # maximum time to wait for completing each phase.
        phase1 30 sec;
        phase2 15 sec;
}

remote 192.168.1.11 [500]
{
        exchange_mode main,aggressive;
        doi ipsec_doi;
        situation identity_only;

        lifetime time 3600 sec;
        nonce_size 16;
        initial_contact on;
        proposal_check obey;    # obey, strict, or claim

        proposal {
                lifetime time 3600 sec;
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}

sainfo anonymous
{
        lifetime time 3600 sec;
        pfs_group 2;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;
}


psk.txt

# IPv4/v6 addresses
192.168.1.11    sekretkeyfrase

доступ у файла 600

Политики ipsec для винды в точности как в выше указаной статье!
ракун выводит слудующее

ERROR: unknown informational exchange received.
INFO: respond new phase 1 negotiation :192.168.1.1[500]<=>192.168.1.11[500]
INFO: begin identity protection mode
INFO: received broken microsoft ID: MS NT5 ISAKMPOAKLEY
INFO: received vendor ID: FRAGMENTATION
INFO: received vendor ID: draft-ietf-ipsec-nat-t-ike-02

ERROR: phrase1 negotiation failed due to time up

Если есть знающие люди подскажите что не так, может я какой то пакет не установил?????????

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

 Оглавление

Сообщения по теме [Сортировка по времени, UBB]


1. "ipsec freeBSD и windows"  
Сообщение от Alligator email(??) on 06-Фев-07, 20:25 
>Всем привет!
>Есть такая конфигурация: есть комп с freebsd 6.1 на ней два интерфейса
>один wifi в режиме точки доступа смотрит внутрь 192.168.1.1, другая сетевуха
>смотрит в сеть провайдера адрес по дцхп получает(192.168.201.x) к инету коннект
>через pptp vpn, также поднят нат чтоб с буком (192.168.1.11)по квартире
>ходить, теперь необходимо защитить wifi с помощью ipsec делал как в
>мануале тимоти хана ничего не получилось
>Вот конфиги:
>rc.conf
>
>gateway_enable="YES"
>inetd_enable="YES"
>keymap="ru.koi8-r"
>linux_enable="YES"
>sshd_enable="YES"
>usbd_enable="YES"
>#ipsec_enable="YES"
>#ipsec_file="/etc/ipsec.conf"
>ifconfig_fxp0="DHCP"
>hostname=",бла бла бла"
>firewall_enable="YES"
>firewall_type="OPEN"
>natd_enable="YES"
>natd_interface="tun0"
>natd_flags="-dynamic"
>
>правила при загрузке отключены я загружаю командой setkey -f /etc/ipsec.conf
>
>
>ipsec.conf
>flush;
>        spdflush;
>        spdadd 192.168.1.11 0.0.0.0/0 any
>-P in ipsec
>         esp/tunnel/192.168.1.11-192.168.1.1/require;
>        spdadd 0.0.0.0/0 192.168.1.11 any
>-P out ipsec
>         esp/tunnel/192.168.1.1-192.168.1.11/require;
>
>
>
>racoon.conf
>
># $KAME: racoon.conf.in,v 1.18 2001/08/16 06:33:40 itojun Exp $
>
># "path" affects "include" directives.  "path" must be specified before any
>
># "include" directive with relative file path.
># you can overwrite "path" directive afterwards, however, doing so may add
>
># more confusion.
>path include "/usr/local/etc/racoon";
>#include "remote.conf";
>
># the file should contain key ID/key pairs, for pre-shared key authentication.
>
>path pre_shared_key "/usr/local/etc/racoon/psk.txt";
>
># racoon will look for certificate file in the directory,
># if the certificate/certificate request payload is received.
>#path certificate "@sysconfdir_x@/cert";
>
># "log" specifies logging level.  It is followed by either "notify",
>"debug"
># or "debug2".
>#log debug;
>
># "padding" defines some padding parameters.  You should not touch these.
>
>padding
>{
>        maximum_length 20;  
>   # maximum padding length.
>        randomize off;  
>       # enable randomize length.
>
>        strict_check off;  
>    # enable strict check.
>        exclusive_tail off;  
>  # extract last one octet.
>}
>
># if no listen directive is specified, racoon will listen on all
>
># available interface addresses.
>listen
>{
>        #isakmp ::1 [7000];
>        isakmp 192.168.1.1 [500];
>        #admin [7002];  
>       # administrative port for
>racoonctl.
>        #strict_address;    
>    # requires that all addresses must be
>bound.
>}
>
># Specify various default timers.
>timer
>{
>        # These value can
>be changed per remote node.
>        counter 5;  
>          
># maximum trying count to send.
>        interval 20 sec;  
>      # maximum interval to resend.
>
>        persend 1;  
>          
># the number of packets per send.
>
>        # maximum time to
>wait for completing each phase.
>        phase1 30 sec;
>        phase2 15 sec;
>}
>
>remote 192.168.1.11 [500]
>{
>        exchange_mode main,aggressive;
>        doi ipsec_doi;
>        situation identity_only;
>
>        lifetime time 3600 sec;
>
>        nonce_size 16;
>        initial_contact on;
>        proposal_check obey;  
> # obey, strict, or claim
>
>        proposal {
>            
>    lifetime time 3600 sec;
>            
>    encryption_algorithm 3des;
>            
>    hash_algorithm md5;
>            
>    authentication_method pre_shared_key;
>            
>    dh_group 2;
>        }
>}
>
>sainfo anonymous
>{
>        lifetime time 3600 sec;
>
>        pfs_group 2;
>        encryption_algorithm 3des;
>        authentication_algorithm hmac_md5;
>        compression_algorithm deflate;
>}
>
>
>psk.txt
>
># IPv4/v6 addresses
>192.168.1.11    sekretkeyfrase
>
>доступ у файла 600
>
>Политики ipsec для винды в точности как в выше указаной статье!
>ракун выводит слудующее
>
>ERROR: unknown informational exchange received.
>INFO: respond new phase 1 negotiation :192.168.1.1[500]<=>192.168.1.11[500]
>INFO: begin identity protection mode
>INFO: received broken microsoft ID: MS NT5 ISAKMPOAKLEY
>INFO: received vendor ID: FRAGMENTATION
>INFO: received vendor ID: draft-ietf-ipsec-nat-t-ike-02
>
>ERROR: phrase1 negotiation failed due to time up
>
>Если есть знающие люди подскажите что не так, может я какой то
>пакет не установил?????????


up

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "ipsec freeBSD и windows"  
Сообщение от Elight email(ok) on 07-Фев-07, 17:08 
>делал как в мануале тимоти хана ничего не получилось

>Политики ipsec для винды в точности как в выше указаной статье!

Если не трудно - поконретнее ссылку на мануал

>ipsec.conf
>flush;
>        spdflush;
>        spdadd 192.168.1.11 0.0.0.0/0 any
>-P in ipsec
>         esp/tunnel/192.168.1.11-192.168.1.1/require;
>        spdadd 0.0.0.0/0 192.168.1.11 any
>-P out ipsec
>         esp/tunnel/192.168.1.1-192.168.1.11/require;

если я правильно понял структуру сети, то ноут цепляется сразу к шлюзу без промежуточных этапов - у них одно адресное пространство? В таком случае мне непонятна необходимость tunnel - у себя я организую аналогичную схему транспортным режимом:

ipsec.conf
flush;
        spdflush;
        spdadd 192.168.1.11 0.0.0.0/0 any -P in ipsec esp/transport//require;
        spdadd 0.0.0.0/0 192.168.1.11 any -P out ipsec esp/transport//require;

>ракун выводит слудующее
>
>ERROR: unknown informational exchange received.
>INFO: respond new phase 1 negotiation :192.168.1.1[500]<=>192.168.1.11[500]
>INFO: begin identity protection mode
>INFO: received broken microsoft ID: MS NT5 ISAKMPOAKLEY
>INFO: received vendor ID: FRAGMENTATION
>INFO: received vendor ID: draft-ietf-ipsec-nat-t-ike-02
>
>ERROR: phrase1 negotiation failed due to time up

Не проходит даже первая фаза согласования... Попробуй указать в конфиге racoon:

log debug;

и посмотреть логи подробнее
Проверь также - не закрыт ли файрволлом 500'й порт UDP на шлюзе и клиенте.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

3. "ipsec freeBSD и windows"  
Сообщение от Alligator (ok) on 09-Фев-07, 22:04 
Вот ссылка на статью по которой делал пробовал изменять настройки ничего не получалось
http://www.securitylab.ru/analytics/216340.php

Да ноут цепляется напрямую к шлюзу.

Сейчас ipsec.conf как ты сказал (Elight) но все равно соединение не проходит ессно в винде тоже убрал что правила указывают тунель но что то не так такое ощущение что разные типы шифрования используются!
что делать и как поправить ума не приложу,  если не трудно посмотри эту статью и проверь настройки винды может там что то не так указано хотя по логике вещей все так .... имхо конечно! Так что жду предложений! С удовольствием выложу результаты и конфиги если получится, я думаю такая конфигурация многих заинтересовала бы :)))

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

4. "ipsec freeBSD и windows"  
Сообщение от Elight email(??) on 09-Фев-07, 23:22 
>Вот ссылка на статью по которой делал пробовал изменять настройки ничего не получалось
>http://www.securitylab.ru/analytics/216340.php
Да, статья однако очень ... "обзорная". Даже версия racoon не указана... хз какой у него конфиг был...

Я бы посоветовал покурить ещё вот эту инструкцию: https://www.opennet.ru/base/net/ipsec_win2bsd.txt.html
Там подробностей поболе и вдобавок используются сертификаты - понадёжнее защита. Но если с ними возиться не хочется - то просто пропускаешь и указываешь pre-shared key.

>Да ноут цепляется напрямую к шлюзу.
>
>Сейчас ipsec.conf как ты сказал (Elight) но все равно соединение не проходит ессно в винде тоже убрал что правила указывают тунель
Пожалуй, если тебе надо и в сеть, и в Инет лазить через это соединение, то лучше оставить туннельный режим - он замаскирует все адреса назначения от окружающих. Транспорт я тебе сгоряча предложил - только-только похожую схему прикрутил и в мозгах она засела...

>то не так такое ощущение что разные типы шифрования используются! что делать и как поправить ума не приложу,  если не трудно посмотри эту статью и проверь настройки винды может там что то не так указано хотя по логике вещей все так .... имхо конечно!
помнится, я просил лог поподробнее выложить - было б легче откопать несоответствие.


Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

5. "ipsec freeBSD и windows"  
Сообщение от Alligator email(ok) on 10-Фев-07, 15:05 
Вот подробный лог!


=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2007.02.10 14:51:21 =~=~=~=~=~=~=~=~=~=~=~=
su

Password:
alligator# racoon -F -f /usr/local/etc/racoon/racoon.confshare/examples/ipsec-tools/racoon.conf.sample
etc/racoonman racoon -F -f /usr/local/etc/racoon/man vi /var/log/racoon.log

2007-02-10 14:04:35: INFO: @(#)ipsec-tools 0.6.5 (http://ipsec-tools.sourceforge.net)
2007-02-10 14:04:35: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004(http://www.openssl.org/)
2007-02-10 14:04:35: DEBUG: hmac(modp1024)
2007-02-10 14:04:35: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2007-02-10 14:04:35: INFO: 192.168.1.1[500] used as isakmp port (fd=4)
2007-02-10 14:04:35: DEBUG: get pfkey X_SPDDUMP message
2007-02-10 14:04:35: DEBUG: pfkey X_SPDDUMP failed: No such file or directory
2007-02-10 14:05:04: INFO: caught signal 2
2007-02-10 14:05:04: DEBUG: get pfkey FLUSH message
2007-02-10 14:05:05: DEBUG: call pfkey_send_dump
2007-02-10 14:05:05: INFO: racoon shutdown
2007-02-10 14:18:45: INFO: @(#)ipsec-tools 0.6.5 (http://ipsec-tools.sourceforge.net)
2007-02-10 14:18:45: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004(http://www.openssl.org/)
2007-02-10 14:18:45: DEBUG: hmac(modp1024)
2007-02-10 14:18:45: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2007-02-10 14:18:45: INFO: 192.168.1.1[500] used as isakmp port (fd=4)
2007-02-10 14:18:45: DEBUG: get pfkey X_SPDDUMP message/var/log/racoon.log already locked, session is read-only+=+=+=+=+=+=+=+
/var/log/racoon.log already locked, session is read-only.: unmodified, readonly: line 1Press any key to continue: b message doesn't support it.
2007-02-10 14:18:45: INFO: 192.168.1.1[500] used as isakmp port (fd=4)
2007-02-10 14:18:45: DEBUG: get pfkey X_SPDDUMP message
2007-02-10 14:18:45: DEBUG: get pfkey X_SPDDUMP message
2007-02-10 14:18:45: DEBUG: sub:0xbfbfe600: 0.0.0.0/0[0] 192.168.1.0/32[0] proto=any dir=out
2007-02-10 14:18:45: DEBUG: db :0x809fa08: 192.168.1.0/32[0] 0.0.0.0/0[0] proto=any dir=in
2007-02-10 14:19:36: DEBUG: ===
2007-02-10 14:19:36: DEBUG: 168 bytes message received from 192.168.1.11[500] to 192.168.1.1[500]
2007-02-10 14:19:36: DEBUG:
7ed401e9 9c2b26e9 00000000 00000000 01100200 00000000 000000a8 0d000038
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10 0d000018 1e2b5169 05991c7d
7c96fcbf b587e461 00000004 0d000014 4048b7d5 6ebce885 25e7de7f 00d6c2d3
0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 00000014 26244d38 eddb61b3
172a36e3 d0cfb819
2007-02-10 14:19:36: DEBUG: configuration found for 192.168.1.11[500].
2007-02-10 14:19:36: DEBUG: ===
2007-02-10 14:19:36: INFO: respond new phase 1 negotiation: 192.168.1.1[500]<=>192.168.1.11[500]
2007-02-10 14:19:36: INFO: begin Identity Protection mode.
2007-02-10 14:19:36: DEBUG: begin.
2007-02-10 14:19:36: DEBUG: seen nptype=1(sa)
2007-02-10 14:19:36: DEBUG: seen nptype=13(vid)
2007-02-10 14:19:36: DEBUG: seen nptype=13(vid)
2007-02-10 14:19:36: DEBUG: seen nptype=13(vid)
2007-02-10 14:19:36: DEBUG: seen nptype=13(vid)
2007-02-10 14:19:36: DEBUG: succeed.
2007-02-10 14:19:36: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
2007-02-10 14:19:36: INFO: received Vendor ID: FRAGMENTATION
2007-02-10 14:19:36: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2007-02-10 14:19:36: DEBUG: received unknown Vendor ID
2007-02-10 14:19:36: DEBUG: total SA len=52
2007-02-10 14:19:36: DEBUG:
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10
2007-02-10 14:19:36: DEBUG: begin.
2007-02-10 14:19:36: DEBUG: seen nptype=2(prop)
2007-02-10 14:19:36: DEBUG: succeed.
2007-02-10 14:19:36: DEBUG: proposal #1 len=44
2007-02-10 14:19:36: DEBUG: begin.
2007-02-10 14:19:36: DEBUG: seen nptype=3(trns)
2007-02-10 14:19:36: DEBUG: succeed.
2007-02-10 14:19:36: DEBUG: transform #1 len=36
2007-02-10 14:19:36: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC2007-02-10 14:19:36: DEBUG: encryption(3des)
2007-02-10 14:19:36: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-02-10 14:19:36: DEBUG: hash(md5)
2007-02-10 14:19:36: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-02-10 14:19:36: DEBUG: hmac(modp1024)
2007-02-10 14:19:36: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-02-10 14:19:36: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-02-10 14:19:36: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-02-10 14:19:36: DEBUG: pair 1:
2007-02-10 14:19:36: DEBUG:  0x80a91b0: next=0x0 tnext=0x0
2007-02-10 14:19:36: DEBUG: proposal #1: 1 transform
2007-02-10 14:19:36: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
2007-02-10 14:19:36: DEBUG: trns#=1, trns-id=IKE
2007-02-10 14:19:36: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC2007-02-10 14:19:36: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-02-10 14:19:36: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-02-10 14:19:36: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-02-10 14:19:36: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-02-10 14:19:36: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-02-10 14:19:36: DEBUG: Compared: DB:Peer
2007-02-10 14:19:36: DEBUG: (lifetime = 3600:3600)
2007-02-10 14:19:36: DEBUG: (lifebyte = 0:0)
2007-02-10 14:19:36: DEBUG: enctype = 3DES-CBC:3DES-CBC
2007-02-10 14:19:36: DEBUG: (encklen = 0:0)
2007-02-10 14:19:36: DEBUG: hashtype = MD5:MD5
2007-02-10 14:19:36: DEBUG: authmethod = pre-shared key:pre-shared key
2007-02-10 14:19:36: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group
2007-02-10 14:19:36: DEBUG: an acceptable proposal found.
2007-02-10 14:19:36: DEBUG: hmac(modp1024)
2007-02-10 14:19:36: DEBUG: new cookie:
5ddb84c4c56c0f0d
2007-02-10 14:19:36: DEBUG: add payload of len 52, next type 13
2007-02-10 14:19:36: DEBUG: add payload of len 16, next type 0
2007-02-10 14:19:36: DEBUG: 104 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:19:36: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:19:36: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:19:36: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:19:36: DEBUG: 1 times of 104 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:19:36: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 01100200 00000000 00000068 0d000038
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10 00000014 afcad713 68a1f1c9
6b8696fc 77570100
2007-02-10 14:19:36: DEBUG: resend phase1 packet 7ed401e99c2b26e9:5ddb84c4c56c0f0d
2007-02-10 14:19:36: DEBUG: ===
2007-02-10 14:19:36: DEBUG: 184 bytes message received from 192.168.1.11[500] to 192.168.1.1[500]
2007-02-10 14:19:36: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 04100200 00000000 000000b8 0a000084
b57b88b8 0aa5cc23 1f7cba2b 74ebb3f3 c5872790 18d7805b f55a2ae3 ccdf2286
b04f0e5c b564fabc 5c4b2c22 47d03c78 17657cd9 eed0ccba a8e3bbcd 8a0136b2
79b62a33 9d364100 65cbe4fe 22c86623 a14c77d4 1cac5b3f daee3317 f4d42916
5b6e52e0 3ca3f8df a87e9aaa 3235f2ae 1e45b464 63b73983 fa27d8fe a04f0b56
00000018 b2f9608c b1cd9838 105670aa 478733a6 e466342a
2007-02-10 14:19:36: DEBUG: begin.
2007-02-10 14:19:36: DEBUG: seen nptype=4(ke)
2007-02-10 14:19:36: DEBUG: seen nptype=10(nonce)
2007-02-10 14:19:36: DEBUG: succeed.
2007-02-10 14:19:36: DEBUG: ===
2007-02-10 14:19:36: DEBUG: compute DH's private.
2007-02-10 14:19:36: DEBUG:
77c3fecc bf3e6e52 bb67d0b6 e087a494 eabd7f0b a5078d28 93302259 a798e824
2fb905e0 f461c3ee e66ce203 44c5dae6 612dc5ab d43887c0 fbc60a87 f83d85a5
67169be0 ddd25a86 93ac1707 c93e10a2 863af150 df279c42 5aede4ae 83fc734a
a8ec6d12 91826ddb 83e9f8a4 bfad85a6 fd8fcb63 0dc2eab3 14971f7d e07a18b6
2007-02-10 14:19:36: DEBUG: compute DH's public.
2007-02-10 14:19:36: DEBUG:
4bcfcb4f 0c4b8a3e b8caf93c de805ac5 462fd2d4 1685c025 ce2a1093 5b58b3af
e7b44744 447228f9 a5853500 a427ac49 8b886c7f 1eeb4c29 f12c7ee8 d71bd7a2
82a1ee70 51f46cef 092d463d 93f4258d 180f547a 92e56a2b d8e41195 d63be57d
083085c6 f3a51077 cc1350d8 20e815fa a578467b 7a781c3c 75436c4d 695a4966
2007-02-10 14:19:36: DEBUG: add payload of len 128, next type 10
2007-02-10 14:19:36: DEBUG: add payload of len 16, next type 0
2007-02-10 14:19:36: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:19:36: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:19:36: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:19:36: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:19:36: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:19:36: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 04100200 00000000 000000b4 0a000084
4bcfcb4f 0c4b8a3e b8caf93c de805ac5 462fd2d4 1685c025 ce2a1093 5b58b3af
e7b44744 447228f9 a5853500 a427ac49 8b886c7f 1eeb4c29 f12c7ee8 d71bd7a2
82a1ee70 51f46cef 092d463d 93f4258d 180f547a 92e56a2b d8e41195 d63be57d
083085c6 f3a51077 cc1350d8 20e815fa a578467b 7a781c3c 75436c4d 695a4966
00000014 d5b87223 ca4b8de4 b873a367 6727cb17
2007-02-10 14:19:36: DEBUG: resend phase1 packet 7ed401e99c2b26e9:5ddb84c4c56c0f0d
2007-02-10 14:19:36: DEBUG: compute DH's shared.
2007-02-10 14:19:36: DEBUG:
be8649c2 d3fb5c50 d65e1f77 a34928e0 5c3393ec 4f2314c4 af521f0d 8442359a
3444e90b 555f60c0 cfa2d4a5 8f6be3fe 7e872bbe d571aef7 1168411e 9e318a0b
d3ccb11e dc09b3b9 29fd60db 48c4aba1 a8cf7190 f69fe261 b2d05a02 af872877
1f05799f 9dacdd71 186ded09 4e4a9cbb ac435ad7 4c7a5187 5e44c354 fa490d38
2007-02-10 14:19:36: DEBUG: the psk found.
2007-02-10 14:19:36: DEBUG: nonce 1: 2007-02-10 14:19:36: DEBUG:
b2f9608c b1cd9838 105670aa 478733a6 e466342a
2007-02-10 14:19:36: DEBUG: nonce 2: 2007-02-10 14:19:36: DEBUG:
d5b87223 ca4b8de4 b873a367 6727cb17
2007-02-10 14:19:36: DEBUG: hmac(hmac_md5)
2007-02-10 14:19:36: DEBUG: SKEYID computed:
2007-02-10 14:19:36: DEBUG:
a0925671 60b77e54 f5404625 e5dff404
2007-02-10 14:19:36: DEBUG: hmac(hmac_md5)
2007-02-10 14:19:36: DEBUG: SKEYID_d computed:
2007-02-10 14:19:36: DEBUG:
fb9f7332 0f4941af 711f2201 971a60d7
2007-02-10 14:19:36: DEBUG: hmac(hmac_md5)
2007-02-10 14:19:36: DEBUG: SKEYID_a computed:
2007-02-10 14:19:36: DEBUG:
3f724411 81e8161d 0ff11a4b c9be4ddb
2007-02-10 14:19:36: DEBUG: hmac(hmac_md5)
2007-02-10 14:19:36: DEBUG: SKEYID_e computed:
2007-02-10 14:19:36: DEBUG:
4ee7b5b1 e23bdc7f f076a124 84d3ea14
2007-02-10 14:19:36: DEBUG: encryption(3des)
2007-02-10 14:19:36: DEBUG: hash(md5)
2007-02-10 14:19:36: DEBUG: len(SKEYID_e) < len(Ka) (16 < 24), generating long key (Ka = K1 | K2 | ...)
2007-02-10 14:19:36: DEBUG: hmac(hmac_md5)
2007-02-10 14:19:36: DEBUG: compute intermediate encryption key K1
2007-02-10 14:19:36: DEBUG:
00
2007-02-10 14:19:36: DEBUG:
e6f2f32e e271bce6 2726643c 82522406
2007-02-10 14:19:36: DEBUG: hmac(hmac_md5)
2007-02-10 14:19:36: DEBUG: compute intermediate encryption key K2
2007-02-10 14:19:36: DEBUG:
e6f2f32e e271bce6 2726643c 82522406
2007-02-10 14:19:36: DEBUG:
6edd0a7f 8de9503f a94c8b13 8ede6e57
2007-02-10 14:19:36: DEBUG: final encryption key computed:
2007-02-10 14:19:36: DEBUG:
e6f2f32e e271bce6 2726643c 82522406 6edd0a7f 8de9503f
2007-02-10 14:19:36: DEBUG: hash(md5)
2007-02-10 14:19:36: DEBUG: encryption(3des)
2007-02-10 14:19:36: DEBUG: IV computed:
2007-02-10 14:19:36: DEBUG:
3fdce83f 340672fe
2007-02-10 14:19:36: DEBUG: ===
2007-02-10 14:19:36: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:19:36: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dcac61d0
ea3bc2af b23118ae 4f5789cf 0a2ce9f7 564f3096 be9b1fbc 493d2af7
2007-02-10 14:19:36: DEBUG: begin decryption.
2007-02-10 14:19:36: DEBUG: encryption(3des)
2007-02-10 14:19:36: DEBUG: IV was saved for next processing:
2007-02-10 14:19:36: DEBUG:
be9b1fbc 493d2af7
2007-02-10 14:19:36: DEBUG: encryption(3des)
2007-02-10 14:19:36: DEBUG: with key:
2007-02-10 14:19:36: DEBUG:
e6f2f32e e271bce6 2726643c 82522406 6edd0a7f 8de9503f
2007-02-10 14:19:36: DEBUG: decrypted payload by IV:
2007-02-10 14:19:36: DEBUG:
3fdce83f 340672fe
2007-02-10 14:19:36: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:19:36: DEBUG:
dd6d044e af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:19:36: DEBUG: padding len=0
2007-02-10 14:19:36: DEBUG: skip to trim padding.
2007-02-10 14:19:36: DEBUG: decrypted.
2007-02-10 14:19:36: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dd6d044e
af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:19:36: DEBUG: begin.
2007-02-10 14:19:36: DEBUG: seen nptype=5(id)
2007-02-10 14:19:36: DEBUG: invalid length of payload
2007-02-10 14:19:38: DEBUG: ===
2007-02-10 14:19:38: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:19:38: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dcac61d0
ea3bc2af b23118ae 4f5789cf 0a2ce9f7 564f3096 be9b1fbc 493d2af7
2007-02-10 14:19:38: DEBUG: begin decryption.
2007-02-10 14:19:38: DEBUG: encryption(3des)
2007-02-10 14:19:38: DEBUG: IV was saved for next processing:
2007-02-10 14:19:38: DEBUG:
be9b1fbc 493d2af7
2007-02-10 14:19:38: DEBUG: encryption(3des)
2007-02-10 14:19:38: DEBUG: with key:
2007-02-10 14:19:38: DEBUG:
e6f2f32e e271bce6 2726643c 82522406 6edd0a7f 8de9503f
2007-02-10 14:19:38: DEBUG: decrypted payload by IV:
2007-02-10 14:19:38: DEBUG:
3fdce83f 340672fe
2007-02-10 14:19:38: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:19:38: DEBUG:
dd6d044e af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:19:38: DEBUG: padding len=0
2007-02-10 14:19:38: DEBUG: skip to trim padding.
2007-02-10 14:19:38: DEBUG: decrypted.
2007-02-10 14:19:38: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dd6d044e
af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:19:38: DEBUG: begin.
2007-02-10 14:19:38: DEBUG: seen nptype=5(id)
2007-02-10 14:19:38: DEBUG: invalid length of payload
2007-02-10 14:19:40: DEBUG: ===
2007-02-10 14:19:40: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:19:40: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dcac61d0
ea3bc2af b23118ae 4f5789cf 0a2ce9f7 564f3096 be9b1fbc 493d2af7
2007-02-10 14:19:40: DEBUG: begin decryption.
2007-02-10 14:19:40: DEBUG: encryption(3des)
2007-02-10 14:19:40: DEBUG: IV was saved for next processing:
2007-02-10 14:19:40: DEBUG:
be9b1fbc 493d2af7
2007-02-10 14:19:40: DEBUG: encryption(3des)
2007-02-10 14:19:40: DEBUG: with key:
2007-02-10 14:19:40: DEBUG:
e6f2f32e e271bce6 2726643c 82522406 6edd0a7f 8de9503f
2007-02-10 14:19:40: DEBUG: decrypted payload by IV:
2007-02-10 14:19:40: DEBUG:
3fdce83f 340672fe
2007-02-10 14:19:40: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:19:40: DEBUG:
dd6d044e af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:19:40: DEBUG: padding len=0
2007-02-10 14:19:40: DEBUG: skip to trim padding.
2007-02-10 14:19:40: DEBUG: decrypted.
2007-02-10 14:19:40: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dd6d044e
af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:19:40: DEBUG: begin.
2007-02-10 14:19:40: DEBUG: seen nptype=5(id)
2007-02-10 14:19:40: DEBUG: invalid length of payload
2007-02-10 14:19:44: DEBUG: ===
2007-02-10 14:19:44: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:19:44: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dcac61d0
ea3bc2af b23118ae 4f5789cf 0a2ce9f7 564f3096 be9b1fbc 493d2af7
2007-02-10 14:19:44: DEBUG: begin decryption.
2007-02-10 14:19:44: DEBUG: encryption(3des)
2007-02-10 14:19:44: DEBUG: IV was saved for next processing:
2007-02-10 14:19:44: DEBUG:
be9b1fbc 493d2af7
2007-02-10 14:19:44: DEBUG: encryption(3des)
2007-02-10 14:19:44: DEBUG: with key:
2007-02-10 14:19:44: DEBUG:
e6f2f32e e271bce6 2726643c 82522406 6edd0a7f 8de9503f
2007-02-10 14:19:44: DEBUG: decrypted payload by IV:
2007-02-10 14:19:44: DEBUG:
3fdce83f 340672fe
2007-02-10 14:19:44: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:19:44: DEBUG:
dd6d044e af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:19:44: DEBUG: padding len=0
2007-02-10 14:19:44: DEBUG: skip to trim padding.
2007-02-10 14:19:44: DEBUG: decrypted.
2007-02-10 14:19:44: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dd6d044e
af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:19:44: DEBUG: begin.
2007-02-10 14:19:44: DEBUG: seen nptype=5(id)
2007-02-10 14:19:44: DEBUG: invalid length of payload
2007-02-10 14:19:52: DEBUG: ===
2007-02-10 14:19:52: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:19:52: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dcac61d0
ea3bc2af b23118ae 4f5789cf 0a2ce9f7 564f3096 be9b1fbc 493d2af7
2007-02-10 14:19:52: DEBUG: begin decryption.
2007-02-10 14:19:52: DEBUG: encryption(3des)
2007-02-10 14:19:52: DEBUG: IV was saved for next processing:
2007-02-10 14:19:52: DEBUG:
be9b1fbc 493d2af7
2007-02-10 14:19:52: DEBUG: encryption(3des)
2007-02-10 14:19:52: DEBUG: with key:
2007-02-10 14:19:52: DEBUG:
e6f2f32e e271bce6 2726643c 82522406 6edd0a7f 8de9503f
2007-02-10 14:19:52: DEBUG: decrypted payload by IV:
2007-02-10 14:19:52: DEBUG:
3fdce83f 340672fe
2007-02-10 14:19:52: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:19:52: DEBUG:
dd6d044e af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:19:52: DEBUG: padding len=0
2007-02-10 14:19:52: DEBUG: skip to trim padding.
2007-02-10 14:19:52: DEBUG: decrypted.
2007-02-10 14:19:52: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dd6d044e
af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:19:52: DEBUG: begin.
2007-02-10 14:19:52: DEBUG: seen nptype=5(id)
2007-02-10 14:19:52: DEBUG: invalid length of payload
2007-02-10 14:19:56: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:19:56: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:19:56: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:19:56: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:19:56: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:19:56: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 04100200 00000000 000000b4 0a000084
4bcfcb4f 0c4b8a3e b8caf93c de805ac5 462fd2d4 1685c025 ce2a1093 5b58b3af
e7b44744 447228f9 a5853500 a427ac49 8b886c7f 1eeb4c29 f12c7ee8 d71bd7a2
82a1ee70 51f46cef 092d463d 93f4258d 180f547a 92e56a2b d8e41195 d63be57d
083085c6 f3a51077 cc1350d8 20e815fa a578467b 7a781c3c 75436c4d 695a4966
00000014 d5b87223 ca4b8de4 b873a367 6727cb17
2007-02-10 14:19:56: DEBUG: resend phase1 packet 7ed401e99c2b26e9:5ddb84c4c56c0f0d
2007-02-10 14:20:08: DEBUG: ===
2007-02-10 14:20:08: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:20:08: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dcac61d0
ea3bc2af b23118ae 4f5789cf 0a2ce9f7 564f3096 be9b1fbc 493d2af7
2007-02-10 14:20:08: DEBUG: begin decryption.
2007-02-10 14:20:08: DEBUG: encryption(3des)
2007-02-10 14:20:08: DEBUG: IV was saved for next processing:
2007-02-10 14:20:08: DEBUG:
be9b1fbc 493d2af7
2007-02-10 14:20:08: DEBUG: encryption(3des)
2007-02-10 14:20:08: DEBUG: with key:
2007-02-10 14:20:08: DEBUG:
e6f2f32e e271bce6 2726643c 82522406 6edd0a7f 8de9503f
2007-02-10 14:20:08: DEBUG: decrypted payload by IV:
2007-02-10 14:20:08: DEBUG:
3fdce83f 340672fe
2007-02-10 14:20:08: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:20:08: DEBUG:
dd6d044e af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:20:08: DEBUG: padding len=0
2007-02-10 14:20:08: DEBUG: skip to trim padding.
2007-02-10 14:20:08: DEBUG: decrypted.
2007-02-10 14:20:08: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 05100201 00000000 0000003c dd6d044e
af5e8a27 41e04af1 d66928f0 58e0c679 10d1061a 546c9b6c 2e507e00
2007-02-10 14:20:08: DEBUG: begin.
2007-02-10 14:20:08: DEBUG: seen nptype=5(id)
2007-02-10 14:20:08: DEBUG: invalid length of payload
2007-02-10 14:20:16: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:20:16: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:20:16: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:20:16: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:20:16: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:20:16: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 04100200 00000000 000000b4 0a000084
4bcfcb4f 0c4b8a3e b8caf93c de805ac5 462fd2d4 1685c025 ce2a1093 5b58b3af
e7b44744 447228f9 a5853500 a427ac49 8b886c7f 1eeb4c29 f12c7ee8 d71bd7a2
82a1ee70 51f46cef 092d463d 93f4258d 180f547a 92e56a2b d8e41195 d63be57d
083085c6 f3a51077 cc1350d8 20e815fa a578467b 7a781c3c 75436c4d 695a4966
00000014 d5b87223 ca4b8de4 b873a367 6727cb17
2007-02-10 14:20:16: DEBUG: resend phase1 packet 7ed401e99c2b26e9:5ddb84c4c56c0f0d
2007-02-10 14:20:36: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:20:36: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:20:36: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:20:36: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:20:36: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:20:36: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 04100200 00000000 000000b4 0a000084
4bcfcb4f 0c4b8a3e b8caf93c de805ac5 462fd2d4 1685c025 ce2a1093 5b58b3af
e7b44744 447228f9 a5853500 a427ac49 8b886c7f 1eeb4c29 f12c7ee8 d71bd7a2
82a1ee70 51f46cef 092d463d 93f4258d 180f547a 92e56a2b d8e41195 d63be57d
083085c6 f3a51077 cc1350d8 20e815fa a578467b 7a781c3c 75436c4d 695a4966
00000014 d5b87223 ca4b8de4 b873a367 6727cb17
2007-02-10 14:20:36: DEBUG: resend phase1 packet 7ed401e99c2b26e9:5ddb84c4c56c0f0d
2007-02-10 14:20:40: DEBUG: ===
2007-02-10 14:20:40: DEBUG: 76 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:20:40: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 08100501 75623b09 0000004c 630ac32a
ab6f4387 816c56da 792e5aa9 5c9e1df4 c9b73b3c 7cb4eafd 6ff36184 fa8ebfdc
68b69c84 27dea416 e1e3e2e6
2007-02-10 14:20:40: DEBUG: receive Information.
2007-02-10 14:20:40: DEBUG: compute IV for phase2
2007-02-10 14:20:40: DEBUG: phase1 last IV:
2007-02-10 14:20:40: DEBUG:
3fdce83f 340672fe 75623b09
2007-02-10 14:20:40: DEBUG: hash(md5)
2007-02-10 14:20:40: DEBUG: encryption(3des)
2007-02-10 14:20:40: DEBUG: phase2 IV computed:
2007-02-10 14:20:40: DEBUG:
319b2272 89890c19
2007-02-10 14:20:40: DEBUG: begin decryption.
2007-02-10 14:20:40: DEBUG: encryption(3des)
2007-02-10 14:20:40: DEBUG: IV was saved for next processing:
2007-02-10 14:20:40: DEBUG:
27dea416 e1e3e2e6
2007-02-10 14:20:40: DEBUG: encryption(3des)
2007-02-10 14:20:40: DEBUG: with key:
2007-02-10 14:20:40: DEBUG:
e6f2f32e e271bce6 2726643c 82522406 6edd0a7f 8de9503f
2007-02-10 14:20:40: DEBUG: decrypted payload by IV:
2007-02-10 14:20:40: DEBUG:
319b2272 89890c19
2007-02-10 14:20:40: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:20:40: DEBUG:
8f9d9e97 c7b04792 7d7e5e50 26d5d902 b631b414 4ca16aa4 e60add74 804d5da7
579dc94b db300d70 b97ab253 b79d52fa
2007-02-10 14:20:40: DEBUG: padding len=250
2007-02-10 14:20:40: DEBUG: skip to trim padding.
2007-02-10 14:20:40: DEBUG: decrypted.
2007-02-10 14:20:40: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 08100501 75623b09 0000004c 8f9d9e97
c7b04792 7d7e5e50 26d5d902 b631b414 4ca16aa4 e60add74 804d5da7 579dc94b
db300d70 b97ab253 b79d52fa
2007-02-10 14:20:40: ERROR: ignore information because ISAKMP-SA has not been established yet.
2007-02-10 14:20:40: DEBUG: caught rtm:14, need update interface address list
2007-02-10 14:20:56: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:20:56: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:20:56: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:20:56: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:20:56: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:20:56: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 04100200 00000000 000000b4 0a000084
4bcfcb4f 0c4b8a3e b8caf93c de805ac5 462fd2d4 1685c025 ce2a1093 5b58b3af
e7b44744 447228f9 a5853500 a427ac49 8b886c7f 1eeb4c29 f12c7ee8 d71bd7a2
82a1ee70 51f46cef 092d463d 93f4258d 180f547a 92e56a2b d8e41195 d63be57d
083085c6 f3a51077 cc1350d8 20e815fa a578467b 7a781c3c 75436c4d 695a4966
00000014 d5b87223 ca4b8de4 b873a367 6727cb17
2007-02-10 14:20:56: DEBUG: resend phase1 packet 7ed401e99c2b26e9:5ddb84c4c56c0f0d
2007-02-10 14:21:16: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:21:16: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:21:16: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:21:16: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:21:16: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:21:16: DEBUG:
7ed401e9 9c2b26e9 5ddb84c4 c56c0f0d 04100200 00000000 000000b4 0a000084
4bcfcb4f 0c4b8a3e b8caf93c de805ac5 462fd2d4 1685c025 ce2a1093 5b58b3af
e7b44744 447228f9 a5853500 a427ac49 8b886c7f 1eeb4c29 f12c7ee8 d71bd7a2
82a1ee70 51f46cef 092d463d 93f4258d 180f547a 92e56a2b d8e41195 d63be57d
083085c6 f3a51077 cc1350d8 20e815fa a578467b 7a781c3c 75436c4d 695a4966
00000014 d5b87223 ca4b8de4 b873a367 6727cb17
2007-02-10 14:21:16: DEBUG: resend phase1 packet 7ed401e99c2b26e9:5ddb84c4c56c0f0d
2007-02-10 14:21:17: INFO: caught signal 2
2007-02-10 14:21:17: DEBUG: get pfkey FLUSH message
2007-02-10 14:21:18: DEBUG: call pfkey_send_dump
2007-02-10 14:21:18: DEBUG: an undead schedule has been deleted.
2007-02-10 14:21:18: INFO: racoon shutdown
2007-02-10 14:24:04: INFO: @(#)ipsec-tools 0.6.5 (http://ipsec-tools.sourceforge.net)
2007-02-10 14:24:04: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
2007-02-10 14:24:04: DEBUG: hmac(modp1024)
2007-02-10 14:24:04: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2007-02-10 14:24:04: INFO: 192.168.1.1[500] used as isakmp port (fd=4)
2007-02-10 14:24:04: DEBUG: get pfkey X_SPDDUMP message
2007-02-10 14:24:04: DEBUG: get pfkey X_SPDDUMP message
2007-02-10 14:24:04: DEBUG: sub:0xbfbfe600: 0.0.0.0/0[0] 192.168.1.0/24[0] proto=any dir=out
2007-02-10 14:24:04: DEBUG: db :0x809fa08: 192.168.1.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2007-02-10 14:24:10: DEBUG: get pfkey ACQUIRE message
2007-02-10 14:24:10: DEBUG: ignore because do not listen on source address : 192.168.1.11.
2007-02-10 14:24:12: DEBUG: ===
2007-02-10 14:24:12: DEBUG: 168 bytes message received from 192.168.1.11[500] to 192.168.1.1[500]
2007-02-10 14:24:12: DEBUG:
362101e8 c55e5f9a 00000000 00000000 01100200 00000000 000000a8 0d000038
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10 0d000018 1e2b5169 05991c7d
7c96fcbf b587e461 00000004 0d000014 4048b7d5 6ebce885 25e7de7f 00d6c2d3
0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 00000014 26244d38 eddb61b3
172a36e3 d0cfb819
2007-02-10 14:24:12: DEBUG: configuration found for 192.168.1.11[500].
2007-02-10 14:24:12: DEBUG: ===
2007-02-10 14:24:12: INFO: respond new phase 1 negotiation: 192.168.1.1[500]<=>192.168.1.11[500]
2007-02-10 14:24:12: INFO: begin Identity Protection mode.
2007-02-10 14:24:12: DEBUG: begin.
2007-02-10 14:24:12: DEBUG: seen nptype=1(sa)
2007-02-10 14:24:12: DEBUG: seen nptype=13(vid)
2007-02-10 14:24:12: DEBUG: seen nptype=13(vid)
2007-02-10 14:24:12: DEBUG: seen nptype=13(vid)
2007-02-10 14:24:12: DEBUG: seen nptype=13(vid)
2007-02-10 14:24:12: DEBUG: succeed.
2007-02-10 14:24:12: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
2007-02-10 14:24:12: INFO: received Vendor ID: FRAGMENTATION
2007-02-10 14:24:12: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2007-02-10 14:24:12: DEBUG: received unknown Vendor ID
2007-02-10 14:24:12: DEBUG: total SA len=52
2007-02-10 14:24:12: DEBUG:
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10
2007-02-10 14:24:12: DEBUG: begin.
2007-02-10 14:24:12: DEBUG: seen nptype=2(prop)
2007-02-10 14:24:12: DEBUG: succeed.
2007-02-10 14:24:12: DEBUG: proposal #1 len=44
2007-02-10 14:24:12: DEBUG: begin.
2007-02-10 14:24:12: DEBUG: seen nptype=3(trns)
2007-02-10 14:24:12: DEBUG: succeed.
2007-02-10 14:24:12: DEBUG: transform #1 len=36
2007-02-10 14:24:12: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC2007-02-10 14:24:12: DEBUG: encryption(3des)
2007-02-10 14:24:12: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-02-10 14:24:12: DEBUG: hash(md5)
2007-02-10 14:24:12: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-02-10 14:24:12: DEBUG: hmac(modp1024)
2007-02-10 14:24:12: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-02-10 14:24:12: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-02-10 14:24:12: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-02-10 14:24:12: DEBUG: pair 1:
2007-02-10 14:24:12: DEBUG:  0x80a91b0: next=0x0 tnext=0x0
2007-02-10 14:24:12: DEBUG: proposal #1: 1 transform
2007-02-10 14:24:12: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
2007-02-10 14:24:12: DEBUG: trns#=1, trns-id=IKE
2007-02-10 14:24:12: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC2007-02-10 14:24:12: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-02-10 14:24:12: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-02-10 14:24:12: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-02-10 14:24:12: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-02-10 14:24:12: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-02-10 14:24:12: DEBUG: Compared: DB:Peer
2007-02-10 14:24:12: DEBUG: (lifetime = 3600:3600)
2007-02-10 14:24:12: DEBUG: (lifebyte = 0:0)
2007-02-10 14:24:12: DEBUG: enctype = 3DES-CBC:3DES-CBC
2007-02-10 14:24:12: DEBUG: (encklen = 0:0)
2007-02-10 14:24:12: DEBUG: hashtype = MD5:MD5
2007-02-10 14:24:12: DEBUG: authmethod = pre-shared key:pre-shared key
2007-02-10 14:24:12: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group
2007-02-10 14:24:12: DEBUG: an acceptable proposal found.
2007-02-10 14:24:12: DEBUG: hmac(modp1024)
2007-02-10 14:24:12: DEBUG: new cookie:
5d13c481ebfbfe66
2007-02-10 14:24:12: DEBUG: add payload of len 52, next type 13
2007-02-10 14:24:12: DEBUG: add payload of len 16, next type 0
2007-02-10 14:24:12: DEBUG: 104 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:24:12: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:24:12: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:24:12: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:24:12: DEBUG: 1 times of 104 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:24:12: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 01100200 00000000 00000068 0d000038
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10 00000014 afcad713 68a1f1c9
6b8696fc 77570100
2007-02-10 14:24:12: DEBUG: resend phase1 packet 362101e8c55e5f9a:5d13c481ebfbfe66
2007-02-10 14:24:12: DEBUG: ===
2007-02-10 14:24:12: DEBUG: 184 bytes message received from 192.168.1.11[500] to 192.168.1.1[500]
2007-02-10 14:24:12: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 04100200 00000000 000000b8 0a000084
184fa0bb d616405e 621e686f 6f0c2ee4 056337f3 c20063cb a00c68f0 4182bde7
683d4449 1c254f42 4d2d4c33 8653efde 6398c57b fe2634d2 9e261217 2e02453a
06a352b1 94895662 1a643ce2 657b4dfc c77faa7d 1bd1e83c 7f683353 0fb29bdd
a13d5d4a 5afeb660 2ccc82c3 48d77a35 653ca288 0fc9be0f b04bf3ef bd19aa86
00000018 39fd89e1 8ea5fe95 c494c9e3 3dcd0ce4 f4ec83d3
2007-02-10 14:24:12: DEBUG: begin.
2007-02-10 14:24:12: DEBUG: seen nptype=4(ke)
2007-02-10 14:24:12: DEBUG: seen nptype=10(nonce)
2007-02-10 14:24:12: DEBUG: succeed.
2007-02-10 14:24:12: DEBUG: ===
2007-02-10 14:24:12: DEBUG: compute DH's private.
2007-02-10 14:24:12: DEBUG:
7b3311d7 c8a21d79 48be97d0 aba5589a b207c2d2 8c84ca71 9474fd72 b4e82ef6
2a9c861d 5a27a127 b455de73 256f0f38 2b660393 fb333c18 e241fd45 a592a026
d48bcbdd 273c306f ce02b52d d24ee49b c6fe2e33 ea711ad2 047991ec 9bf802a0
498404af 685eff4f 0e0fca0b 77fda2de 5aea7a59 9f0fd2fc 2e049372 6191011c
2007-02-10 14:24:12: DEBUG: compute DH's public.
2007-02-10 14:24:12: DEBUG:
8f939036 489db6c8 9f3cdfc7 23006dd7 cf2721a3 bdd1d36e 3cbf0a85 cdc0534e
81725e5f 317a3e21 da1af472 9469c5ed 157b3c17 a0a3ac35 0afdd377 f264a743
fdb51009 9807301c f2abee31 0b2ec30f c4948229 b5709196 a2179d3d 5772f3e7
e5b68054 f15af193 8085e632 ee2373d1 c5a04e68 4d3d08aa 62d48481 b7f0ebf3
2007-02-10 14:24:12: DEBUG: add payload of len 128, next type 10
2007-02-10 14:24:12: DEBUG: add payload of len 16, next type 0
2007-02-10 14:24:12: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:24:12: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:24:12: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:24:12: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:24:12: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:24:12: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 04100200 00000000 000000b4 0a000084
8f939036 489db6c8 9f3cdfc7 23006dd7 cf2721a3 bdd1d36e 3cbf0a85 cdc0534e
81725e5f 317a3e21 da1af472 9469c5ed 157b3c17 a0a3ac35 0afdd377 f264a743
fdb51009 9807301c f2abee31 0b2ec30f c4948229 b5709196 a2179d3d 5772f3e7
e5b68054 f15af193 8085e632 ee2373d1 c5a04e68 4d3d08aa 62d48481 b7f0ebf3
00000014 bb3c93cb 1ea402e3 3152d9f6 ca95250b
2007-02-10 14:24:12: DEBUG: resend phase1 packet 362101e8c55e5f9a:5d13c481ebfbfe66
2007-02-10 14:24:12: DEBUG: compute DH's shared.
2007-02-10 14:24:12: DEBUG:
9282dbcd 3832cc91 92125df2 8d8f5e7a a334ac58 4699e8ab eb6d056f 48327e3b
1b2532a2 8b574a2e d53eb7cd aed2c8ff cb7b7ca0 73a42dc3 39e04221 24008faa
c7444cfb c7425468 5e5bfdbd 12c84767 b2b42956 ca3a1957 60af68e6 90123a3b
b91bd244 d490cdc5 e077de54 57bd4d4e 6224c286 1ab33468 1476ab86 00976dee
2007-02-10 14:24:12: DEBUG: the psk found.
2007-02-10 14:24:12: DEBUG: nonce 1: 2007-02-10 14:24:12: DEBUG:
39fd89e1 8ea5fe95 c494c9e3 3dcd0ce4 f4ec83d3
2007-02-10 14:24:12: DEBUG: nonce 2: 2007-02-10 14:24:12: DEBUG:
bb3c93cb 1ea402e3 3152d9f6 ca95250b
2007-02-10 14:24:12: DEBUG: hmac(hmac_md5)
2007-02-10 14:24:12: DEBUG: SKEYID computed:
2007-02-10 14:24:12: DEBUG:
cd8d0fde 9c7777b4 fb879727 0e46a76d
2007-02-10 14:24:12: DEBUG: hmac(hmac_md5)
2007-02-10 14:24:12: DEBUG: SKEYID_d computed:
2007-02-10 14:24:12: DEBUG:
7d42ad18 f0a39ad6 6967ac3a 45233fec
2007-02-10 14:24:12: DEBUG: hmac(hmac_md5)
2007-02-10 14:24:12: DEBUG: SKEYID_a computed:
2007-02-10 14:24:12: DEBUG:
1b6e21cc ad93ecca 32285ec8 fe77a549
2007-02-10 14:24:12: DEBUG: hmac(hmac_md5)
2007-02-10 14:24:12: DEBUG: SKEYID_e computed:
2007-02-10 14:24:12: DEBUG:
7c6afd3e c7310dce b207473f 0b718a0a
2007-02-10 14:24:12: DEBUG: encryption(3des)
2007-02-10 14:24:12: DEBUG: hash(md5)
2007-02-10 14:24:12: DEBUG: len(SKEYID_e) < len(Ka) (16 < 24), generating long key (Ka = K1 | K2 | ...)
2007-02-10 14:24:12: DEBUG: hmac(hmac_md5)
2007-02-10 14:24:12: DEBUG: compute intermediate encryption key K1
2007-02-10 14:24:12: DEBUG:
00
2007-02-10 14:24:12: DEBUG:
ed672ba1 317625ae f37ba2cd 804881ec
2007-02-10 14:24:12: DEBUG: hmac(hmac_md5)
2007-02-10 14:24:12: DEBUG: compute intermediate encryption key K2
2007-02-10 14:24:12: DEBUG:
ed672ba1 317625ae f37ba2cd 804881ec
2007-02-10 14:24:12: DEBUG:
c6062976 259f67be 700f123d 30c584de
2007-02-10 14:24:12: DEBUG: final encryption key computed:
2007-02-10 14:24:12: DEBUG:
ed672ba1 317625ae f37ba2cd 804881ec c6062976 259f67be
2007-02-10 14:24:12: DEBUG: hash(md5)
2007-02-10 14:24:12: DEBUG: encryption(3des)
2007-02-10 14:24:12: DEBUG: IV computed:
2007-02-10 14:24:12: DEBUG:
6917ccd1 b791b4a3
2007-02-10 14:24:12: DEBUG: ===
2007-02-10 14:24:12: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:24:12: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c b7247543
300216fa c127a194 04eb8ed9 59f54e96 f588ea17 1bf7ecf4 731dfccf
2007-02-10 14:24:12: DEBUG: begin decryption.
2007-02-10 14:24:12: DEBUG: encryption(3des)
2007-02-10 14:24:12: DEBUG: IV was saved for next processing:
2007-02-10 14:24:12: DEBUG:
1bf7ecf4 731dfccf
2007-02-10 14:24:12: DEBUG: encryption(3des)
2007-02-10 14:24:12: DEBUG: with key:
2007-02-10 14:24:12: DEBUG:
ed672ba1 317625ae f37ba2cd 804881ec c6062976 259f67be
2007-02-10 14:24:12: DEBUG: decrypted payload by IV:
2007-02-10 14:24:12: DEBUG:
6917ccd1 b791b4a3
2007-02-10 14:24:12: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:24:12: DEBUG:
a7425f9d 93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:12: DEBUG: padding len=200
2007-02-10 14:24:12: DEBUG: skip to trim padding.
2007-02-10 14:24:12: DEBUG: decrypted.
2007-02-10 14:24:12: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c a7425f9d
93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:12: DEBUG: begin.
2007-02-10 14:24:12: DEBUG: seen nptype=5(id)
2007-02-10 14:24:12: DEBUG: invalid length of payload
2007-02-10 14:24:14: DEBUG: ===
2007-02-10 14:24:14: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:24:14: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c b7247543
300216fa c127a194 04eb8ed9 59f54e96 f588ea17 1bf7ecf4 731dfccf
2007-02-10 14:24:14: DEBUG: begin decryption.
2007-02-10 14:24:14: DEBUG: encryption(3des)
2007-02-10 14:24:14: DEBUG: IV was saved for next processing:
2007-02-10 14:24:14: DEBUG:
1bf7ecf4 731dfccf
2007-02-10 14:24:14: DEBUG: encryption(3des)
2007-02-10 14:24:14: DEBUG: with key:
2007-02-10 14:24:14: DEBUG:
ed672ba1 317625ae f37ba2cd 804881ec c6062976 259f67be
2007-02-10 14:24:14: DEBUG: decrypted payload by IV:
2007-02-10 14:24:14: DEBUG:
6917ccd1 b791b4a3
2007-02-10 14:24:14: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:24:14: DEBUG:
a7425f9d 93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:14: DEBUG: padding len=200
2007-02-10 14:24:14: DEBUG: skip to trim padding.
2007-02-10 14:24:14: DEBUG: decrypted.
2007-02-10 14:24:14: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c a7425f9d
93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:14: DEBUG: begin.
2007-02-10 14:24:14: DEBUG: seen nptype=5(id)
2007-02-10 14:24:14: DEBUG: invalid length of payload
2007-02-10 14:24:16: DEBUG: ===
2007-02-10 14:24:16: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:24:16: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c b7247543
300216fa c127a194 04eb8ed9 59f54e96 f588ea17 1bf7ecf4 731dfccf
2007-02-10 14:24:16: DEBUG: begin decryption.
2007-02-10 14:24:16: DEBUG: encryption(3des)
2007-02-10 14:24:16: DEBUG: IV was saved for next processing:
2007-02-10 14:24:16: DEBUG:
1bf7ecf4 731dfccf
2007-02-10 14:24:16: DEBUG: encryption(3des)
2007-02-10 14:24:16: DEBUG: with key:
2007-02-10 14:24:16: DEBUG:
ed672ba1 317625ae f37ba2cd 804881ec c6062976 259f67be
2007-02-10 14:24:16: DEBUG: decrypted payload by IV:
2007-02-10 14:24:16: DEBUG:
6917ccd1 b791b4a3
2007-02-10 14:24:16: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:24:16: DEBUG:
a7425f9d 93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:16: DEBUG: padding len=200
2007-02-10 14:24:16: DEBUG: skip to trim padding.
2007-02-10 14:24:16: DEBUG: decrypted.
2007-02-10 14:24:16: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c a7425f9d
93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:16: DEBUG: begin.
2007-02-10 14:24:16: DEBUG: seen nptype=5(id)
2007-02-10 14:24:16: DEBUG: invalid length of payload
2007-02-10 14:24:20: DEBUG: ===
2007-02-10 14:24:20: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:24:20: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c b7247543
300216fa c127a194 04eb8ed9 59f54e96 f588ea17 1bf7ecf4 731dfccf
2007-02-10 14:24:20: DEBUG: begin decryption.
2007-02-10 14:24:20: DEBUG: encryption(3des)
2007-02-10 14:24:20: DEBUG: IV was saved for next processing:
2007-02-10 14:24:20: DEBUG:
1bf7ecf4 731dfccf
2007-02-10 14:24:20: DEBUG: encryption(3des)
2007-02-10 14:24:20: DEBUG: with key:
2007-02-10 14:24:20: DEBUG:
ed672ba1 317625ae f37ba2cd 804881ec c6062976 259f67be
2007-02-10 14:24:20: DEBUG: decrypted payload by IV:
2007-02-10 14:24:20: DEBUG:
6917ccd1 b791b4a3
2007-02-10 14:24:20: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:24:20: DEBUG:
a7425f9d 93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:20: DEBUG: padding len=200
2007-02-10 14:24:20: DEBUG: skip to trim padding.
2007-02-10 14:24:20: DEBUG: decrypted.
2007-02-10 14:24:20: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c a7425f9d
93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:20: DEBUG: begin.
2007-02-10 14:24:20: DEBUG: seen nptype=5(id)
2007-02-10 14:24:20: DEBUG: invalid length of payload
2007-02-10 14:24:22: DEBUG: get pfkey ACQUIRE message
2007-02-10 14:24:22: DEBUG: ignore because do not listen on source address : 192.168.1.11.
2007-02-10 14:24:28: DEBUG: ===
2007-02-10 14:24:28: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:24:28: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c b7247543
300216fa c127a194 04eb8ed9 59f54e96 f588ea17 1bf7ecf4 731dfccf
2007-02-10 14:24:28: DEBUG: begin decryption.
2007-02-10 14:24:28: DEBUG: encryption(3des)
2007-02-10 14:24:28: DEBUG: IV was saved for next processing:
2007-02-10 14:24:28: DEBUG:
1bf7ecf4 731dfccf
2007-02-10 14:24:28: DEBUG: encryption(3des)
2007-02-10 14:24:28: DEBUG: with key:
2007-02-10 14:24:28: DEBUG:
ed672ba1 317625ae f37ba2cd 804881ec c6062976 259f67be
2007-02-10 14:24:28: DEBUG: decrypted payload by IV:
2007-02-10 14:24:28: DEBUG:
6917ccd1 b791b4a3
2007-02-10 14:24:28: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:24:28: DEBUG:
a7425f9d 93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:28: DEBUG: padding len=200
2007-02-10 14:24:28: DEBUG: skip to trim padding.
2007-02-10 14:24:28: DEBUG: decrypted.
2007-02-10 14:24:28: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c a7425f9d
93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:28: DEBUG: begin.
2007-02-10 14:24:28: DEBUG: seen nptype=5(id)
2007-02-10 14:24:28: DEBUG: invalid length of payload
2007-02-10 14:24:32: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:24:32: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:24:32: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:24:32: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:24:32: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:24:32: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 04100200 00000000 000000b4 0a000084
8f939036 489db6c8 9f3cdfc7 23006dd7 cf2721a3 bdd1d36e 3cbf0a85 cdc0534e
81725e5f 317a3e21 da1af472 9469c5ed 157b3c17 a0a3ac35 0afdd377 f264a743
fdb51009 9807301c f2abee31 0b2ec30f c4948229 b5709196 a2179d3d 5772f3e7
e5b68054 f15af193 8085e632 ee2373d1 c5a04e68 4d3d08aa 62d48481 b7f0ebf3
00000014 bb3c93cb 1ea402e3 3152d9f6 ca95250b
2007-02-10 14:24:32: DEBUG: resend phase1 packet 362101e8c55e5f9a:5d13c481ebfbfe66
2007-02-10 14:24:32: DEBUG: get pfkey ACQUIRE message
2007-02-10 14:24:32: DEBUG: ignore because do not listen on source address : 192.168.1.11.
2007-02-10 14:24:44: DEBUG: ===
2007-02-10 14:24:44: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:24:44: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c b7247543
300216fa c127a194 04eb8ed9 59f54e96 f588ea17 1bf7ecf4 731dfccf
2007-02-10 14:24:44: DEBUG: begin decryption.
2007-02-10 14:24:44: DEBUG: encryption(3des)
2007-02-10 14:24:44: DEBUG: IV was saved for next processing:
2007-02-10 14:24:44: DEBUG:
1bf7ecf4 731dfccf
2007-02-10 14:24:44: DEBUG: encryption(3des)
2007-02-10 14:24:44: DEBUG: with key:
2007-02-10 14:24:44: DEBUG:
ed672ba1 317625ae f37ba2cd 804881ec c6062976 259f67be
2007-02-10 14:24:44: DEBUG: decrypted payload by IV:
2007-02-10 14:24:44: DEBUG:
6917ccd1 b791b4a3
2007-02-10 14:24:44: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:24:44: DEBUG:
a7425f9d 93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:44: DEBUG: padding len=200
2007-02-10 14:24:44: DEBUG: skip to trim padding.
2007-02-10 14:24:44: DEBUG: decrypted.
2007-02-10 14:24:44: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 05100201 00000000 0000003c a7425f9d
93324b9f ee3390b3 f90e93cb 9c998d7d ea5c1157 5369d424 bfee88c8
2007-02-10 14:24:44: DEBUG: begin.
2007-02-10 14:24:44: DEBUG: seen nptype=5(id)
2007-02-10 14:24:44: DEBUG: invalid length of payload
2007-02-10 14:24:44: DEBUG: get pfkey ACQUIRE message
2007-02-10 14:24:44: DEBUG: ignore because do not listen on source address : 192.168.1.11.
2007-02-10 14:24:52: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:24:52: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:24:52: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:24:52: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:24:52: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:24:52: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 04100200 00000000 000000b4 0a000084
8f939036 489db6c8 9f3cdfc7 23006dd7 cf2721a3 bdd1d36e 3cbf0a85 cdc0534e
81725e5f 317a3e21 da1af472 9469c5ed 157b3c17 a0a3ac35 0afdd377 f264a743
fdb51009 9807301c f2abee31 0b2ec30f c4948229 b5709196 a2179d3d 5772f3e7
e5b68054 f15af193 8085e632 ee2373d1 c5a04e68 4d3d08aa 62d48481 b7f0ebf3
00000014 bb3c93cb 1ea402e3 3152d9f6 ca95250b
2007-02-10 14:24:52: DEBUG: resend phase1 packet 362101e8c55e5f9a:5d13c481ebfbfe66
2007-02-10 14:24:54: DEBUG: get pfkey ACQUIRE message
2007-02-10 14:24:54: DEBUG: ignore because do not listen on source address : 192.168.1.11.
2007-02-10 14:25:06: DEBUG: get pfkey ACQUIRE message
2007-02-10 14:25:06: DEBUG: ignore because do not listen on source address : 192.168.1.11.
2007-02-10 14:25:12: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:25:12: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:25:12: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:25:12: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:25:12: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:25:12: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 04100200 00000000 000000b4 0a000084
8f939036 489db6c8 9f3cdfc7 23006dd7 cf2721a3 bdd1d36e 3cbf0a85 cdc0534e
81725e5f 317a3e21 da1af472 9469c5ed 157b3c17 a0a3ac35 0afdd377 f264a743
fdb51009 9807301c f2abee31 0b2ec30f c4948229 b5709196 a2179d3d 5772f3e7
e5b68054 f15af193 8085e632 ee2373d1 c5a04e68 4d3d08aa 62d48481 b7f0ebf3
00000014 bb3c93cb 1ea402e3 3152d9f6 ca95250b
2007-02-10 14:25:12: DEBUG: resend phase1 packet 362101e8c55e5f9a:5d13c481ebfbfe66
2007-02-10 14:25:16: DEBUG: ===
2007-02-10 14:25:16: DEBUG: 76 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:25:16: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 08100501 0ddfe428 0000004c ac6b3543
ec85ac90 5a6a0ac7 607d33cc a6cd5ab4 b257f3d5 55f79487 2468614b 103e17c1
27fd7baf 812f4998 c36b337b
2007-02-10 14:25:16: DEBUG: receive Information.
2007-02-10 14:25:16: DEBUG: compute IV for phase2
2007-02-10 14:25:16: DEBUG: phase1 last IV:
2007-02-10 14:25:16: DEBUG:
6917ccd1 b791b4a3 0ddfe428
2007-02-10 14:25:16: DEBUG: hash(md5)
2007-02-10 14:25:16: DEBUG: encryption(3des)
2007-02-10 14:25:16: DEBUG: phase2 IV computed:
2007-02-10 14:25:16: DEBUG:
7943c016 755bbbd5
2007-02-10 14:25:16: DEBUG: begin decryption.
2007-02-10 14:25:16: DEBUG: encryption(3des)
2007-02-10 14:25:16: DEBUG: IV was saved for next processing:
2007-02-10 14:25:16: DEBUG:
812f4998 c36b337b
2007-02-10 14:25:16: DEBUG: encryption(3des)
2007-02-10 14:25:16: DEBUG: with key:
2007-02-10 14:25:16: DEBUG:
ed672ba1 317625ae f37ba2cd 804881ec c6062976 259f67be
2007-02-10 14:25:16: DEBUG: decrypted payload by IV:
2007-02-10 14:25:16: DEBUG:
7943c016 755bbbd5
2007-02-10 14:25:16: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:25:16: DEBUG:
6e42aa27 1b885be5 273e5b19 e4053052 c8f5dcef 05188cb1 01f0f654 546f2576
52d4b956 3b6aebba 3a53b6a0 99abdda1
2007-02-10 14:25:16: DEBUG: padding len=161
2007-02-10 14:25:16: DEBUG: skip to trim padding.
2007-02-10 14:25:16: DEBUG: decrypted.
2007-02-10 14:25:16: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 08100501 0ddfe428 0000004c 6e42aa27
1b885be5 273e5b19 e4053052 c8f5dcef 05188cb1 01f0f654 546f2576 52d4b956
3b6aebba 3a53b6a0 99abdda1
2007-02-10 14:25:16: ERROR: ignore information because ISAKMP-SA has not been established yet.
2007-02-10 14:25:25: DEBUG: get pfkey X_SPDFLUSH message
2007-02-10 14:25:32: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:25:32: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:25:32: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:25:32: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:25:32: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:25:32: DEBUG:
362101e8 c55e5f9a 5d13c481 ebfbfe66 04100200 00000000 000000b4 0a000084
8f939036 489db6c8 9f3cdfc7 23006dd7 cf2721a3 bdd1d36e 3cbf0a85 cdc0534e
81725e5f 317a3e21 da1af472 9469c5ed 157b3c17 a0a3ac35 0afdd377 f264a743
fdb51009 9807301c f2abee31 0b2ec30f c4948229 b5709196 a2179d3d 5772f3e7
e5b68054 f15af193 8085e632 ee2373d1 c5a04e68 4d3d08aa 62d48481 b7f0ebf3
00000014 bb3c93cb 1ea402e3 3152d9f6 ca95250b
2007-02-10 14:25:32: DEBUG: resend phase1 packet 362101e8c55e5f9a:5d13c481ebfbfe66
2007-02-10 14:25:34: DEBUG: ===
2007-02-10 14:25:34: DEBUG: 168 bytes message received from 192.168.1.11[500] to 192.168.1.1[500]
2007-02-10 14:25:34: DEBUG:
29b8fbef 412faa30 00000000 00000000 01100200 00000000 000000a8 0d000038
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10 0d000018 1e2b5169 05991c7d
7c96fcbf b587e461 00000004 0d000014 4048b7d5 6ebce885 25e7de7f 00d6c2d3
0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 00000014 26244d38 eddb61b3
172a36e3 d0cfb819
2007-02-10 14:25:34: DEBUG: configuration found for 192.168.1.11[500].
2007-02-10 14:25:34: DEBUG: ===
2007-02-10 14:25:34: INFO: respond new phase 1 negotiation: 192.168.1.1[500]<=>192.168.1.11[500]
2007-02-10 14:25:34: INFO: begin Identity Protection mode.
2007-02-10 14:25:34: DEBUG: begin.
2007-02-10 14:25:34: DEBUG: seen nptype=1(sa)
2007-02-10 14:25:34: DEBUG: seen nptype=13(vid)
2007-02-10 14:25:34: DEBUG: seen nptype=13(vid)
2007-02-10 14:25:34: DEBUG: seen nptype=13(vid)
2007-02-10 14:25:34: DEBUG: seen nptype=13(vid)
2007-02-10 14:25:34: DEBUG: succeed.
2007-02-10 14:25:34: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
2007-02-10 14:25:34: INFO: received Vendor ID: FRAGMENTATION
2007-02-10 14:25:34: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2007-02-10 14:25:34: DEBUG: received unknown Vendor ID
2007-02-10 14:25:34: DEBUG: total SA len=52
2007-02-10 14:25:34: DEBUG:
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10
2007-02-10 14:25:34: DEBUG: begin.
2007-02-10 14:25:34: DEBUG: seen nptype=2(prop)
2007-02-10 14:25:34: DEBUG: succeed.
2007-02-10 14:25:34: DEBUG: proposal #1 len=44
2007-02-10 14:25:34: DEBUG: begin.
2007-02-10 14:25:34: DEBUG: seen nptype=3(trns)
2007-02-10 14:25:34: DEBUG: succeed.
2007-02-10 14:25:34: DEBUG: transform #1 len=36
2007-02-10 14:25:34: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC2007-02-10 14:25:34: DEBUG: encryption(3des)
2007-02-10 14:25:34: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-02-10 14:25:34: DEBUG: hash(md5)
2007-02-10 14:25:34: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-02-10 14:25:34: DEBUG: hmac(modp1024)
2007-02-10 14:25:34: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-02-10 14:25:34: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-02-10 14:25:34: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-02-10 14:25:34: DEBUG: pair 1:
2007-02-10 14:25:34: DEBUG:  0x80a9450: next=0x0 tnext=0x0
2007-02-10 14:25:34: DEBUG: proposal #1: 1 transform
2007-02-10 14:25:34: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
2007-02-10 14:25:34: DEBUG: trns#=1, trns-id=IKE
2007-02-10 14:25:34: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC2007-02-10 14:25:34: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-02-10 14:25:34: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-02-10 14:25:34: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-02-10 14:25:34: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-02-10 14:25:34: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-02-10 14:25:34: DEBUG: Compared: DB:Peer
2007-02-10 14:25:34: DEBUG: (lifetime = 3600:3600)
2007-02-10 14:25:34: DEBUG: (lifebyte = 0:0)
2007-02-10 14:25:34: DEBUG: enctype = 3DES-CBC:3DES-CBC
2007-02-10 14:25:34: DEBUG: (encklen = 0:0)
2007-02-10 14:25:34: DEBUG: hashtype = MD5:MD5
2007-02-10 14:25:34: DEBUG: authmethod = pre-shared key:pre-shared key
2007-02-10 14:25:34: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group
2007-02-10 14:25:34: DEBUG: an acceptable proposal found.
2007-02-10 14:25:34: DEBUG: hmac(modp1024)
2007-02-10 14:25:34: DEBUG: new cookie:
e472f333753bfce9
2007-02-10 14:25:34: DEBUG: add payload of len 52, next type 13
2007-02-10 14:25:34: DEBUG: add payload of len 16, next type 0
2007-02-10 14:25:34: DEBUG: 104 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:25:34: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:25:34: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:25:34: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:25:34: DEBUG: 1 times of 104 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:25:34: DEBUG:
29b8fbef 412faa30 e472f333 753bfce9 01100200 00000000 00000068 0d000038
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10 00000014 afcad713 68a1f1c9
6b8696fc 77570100
2007-02-10 14:25:34: DEBUG: resend phase1 packet 29b8fbef412faa30:e472f333753bfce9
2007-02-10 14:25:35: DEBUG: ===
2007-02-10 14:25:35: DEBUG: 184 bytes message received from 192.168.1.11[500] to 192.168.1.1[500]
2007-02-10 14:25:35: DEBUG:
29b8fbef 412faa30 e472f333 753bfce9 04100200 00000000 000000b8 0a000084
a59d7891 8be21cbe b89ca96d 9c959312 eebf90dc 66aa2b96 cdf6721b 1ddec8fe
c8f4fe1d d9243f72 316852cd cb2b2b8a 9ad0b910 8797f8fb 1fc1ed78 69b62c4c
55a39c5c f837c2db cd358443 900dafbb 0539d9b2 d2e1de4e fad9448e a6466b99
1720ced3 1ce960f2 2fd67ea6 d6aa3111 3eee6b6a 6e876703 c58d2766 3fc7414e
00000018 65472804 93879858 2e3fd5cc e9798890 f25b274a
2007-02-10 14:25:35: DEBUG: begin.
2007-02-10 14:25:35: DEBUG: seen nptype=4(ke)
2007-02-10 14:25:35: DEBUG: seen nptype=10(nonce)
2007-02-10 14:25:35: DEBUG: succeed.
2007-02-10 14:25:35: DEBUG: ===
2007-02-10 14:25:35: DEBUG: compute DH's private.
2007-02-10 14:25:35: DEBUG:
51f08bcc ce7a9424 49b0f17b 3b0d1898 1f346504 7addfce9 b9e87005 2fa68214
bbcfbdd1 5518a7f0 d3b3764b bdecc586 4c02eba2 8d3ee4f3 fff10489 e3a86521
65b744d4 ec51f2e9 5656baaf 2008d4cd 282a1a39 dba7ca88 881c9dd6 ed3a9fa3
9efe9d6e 79548572 43472202 0c6ed5a6 4bf503bf 6b403cb4 4386b1bd c3e91564
2007-02-10 14:25:35: DEBUG: compute DH's public.
2007-02-10 14:25:35: DEBUG:
18d007b8 e736adcf 222aba4e 88953779 07ab2580 32343df7 9a97bdef f39781c5
6cd123af db9645c4 5ad56dfb e9c30a0d ae539178 4f065941 969e0572 0ffb3054
cffa6178 ee2bd0ab 6e68c06d d097333c 10cc86f7 3e5e7ca8 be52844d 99e3d354
cc14f353 67d3f7df a817f3e2 15baee8c 72677cd6 47e1c20f 14cc7546 51a6928f
2007-02-10 14:25:35: DEBUG: add payload of len 128, next type 10
2007-02-10 14:25:35: DEBUG: add payload of len 16, next type 0
2007-02-10 14:25:35: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:25:35: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:25:35: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:25:35: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:25:35: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:25:35: DEBUG:
29b8fbef 412faa30 e472f333 753bfce9 04100200 00000000 000000b4 0a000084
18d007b8 e736adcf 222aba4e 88953779 07ab2580 32343df7 9a97bdef f39781c5
6cd123af db9645c4 5ad56dfb e9c30a0d ae539178 4f065941 969e0572 0ffb3054
cffa6178 ee2bd0ab 6e68c06d d097333c 10cc86f7 3e5e7ca8 be52844d 99e3d354
cc14f353 67d3f7df a817f3e2 15baee8c 72677cd6 47e1c20f 14cc7546 51a6928f
00000014 9e90444f 3a6492e8 e6a26eb4 86125ae1
2007-02-10 14:25:35: DEBUG: resend phase1 packet 29b8fbef412faa30:e472f333753bfce9
2007-02-10 14:25:35: DEBUG: compute DH's shared.
2007-02-10 14:25:35: DEBUG:
d0dc4210 43e9755e ce4c62e5 c6fcc0e0 d1d2f929 13fb4ef8 5124b240 4be10cda
9859cbe4 4a27025e 88b130fe 7521fe55 29dc0e15 3ea6613d caccf995 40790269
d2130a92 c1503523 a6299647 13ecbda8 bae58a1b f214c1c2 5522cab9 3efee3a5
917b0c89 432c7eed 25525ca8 4084ca84 7e4ef6b3 1c3e063a 446f419b ea5b6c27
2007-02-10 14:25:35: DEBUG: the psk found.
2007-02-10 14:25:35: DEBUG: nonce 1: 2007-02-10 14:25:35: DEBUG:
65472804 93879858 2e3fd5cc e9798890 f25b274a
2007-02-10 14:25:35: DEBUG: nonce 2: 2007-02-10 14:25:35: DEBUG:
9e90444f 3a6492e8 e6a26eb4 86125ae1
2007-02-10 14:25:35: DEBUG: hmac(hmac_md5)
2007-02-10 14:25:35: DEBUG: SKEYID computed:
2007-02-10 14:25:35: DEBUG:
47af9887 338eeb20 a10e502d db47f8ab
2007-02-10 14:25:35: DEBUG: hmac(hmac_md5)
2007-02-10 14:25:35: DEBUG: SKEYID_d computed:
2007-02-10 14:25:35: DEBUG:
f6924c05 156c714a 197f68de 52ed857b
2007-02-10 14:25:35: DEBUG: hmac(hmac_md5)
2007-02-10 14:25:35: DEBUG: SKEYID_a computed:
2007-02-10 14:25:35: DEBUG:
eeb40d03 7bb6f94a a0f8b420 413f670f
2007-02-10 14:25:35: DEBUG: hmac(hmac_md5)
2007-02-10 14:25:35: DEBUG: SKEYID_e computed:
2007-02-10 14:25:35: DEBUG:
1045c8f0 d366343d 78035331 7dc15660
2007-02-10 14:25:35: DEBUG: encryption(3des)
2007-02-10 14:25:35: DEBUG: hash(md5)
2007-02-10 14:25:35: DEBUG: len(SKEYID_e) < len(Ka) (16 < 24), generating long key (Ka = K1 | K2 | ...)
2007-02-10 14:25:35: DEBUG: hmac(hmac_md5)
2007-02-10 14:25:35: DEBUG: compute intermediate encryption key K1
2007-02-10 14:25:35: DEBUG:
00
2007-02-10 14:25:35: DEBUG:
440f4e1c 91d9d305 a8516e1a cb3b7231
2007-02-10 14:25:35: DEBUG: hmac(hmac_md5)
2007-02-10 14:25:35: DEBUG: compute intermediate encryption key K2
2007-02-10 14:25:35: DEBUG:
440f4e1c 91d9d305 a8516e1a cb3b7231
2007-02-10 14:25:35: DEBUG:
4dfb0c4f 5765e157 28f4bb54 63fd9609
2007-02-10 14:25:35: DEBUG: final encryption key computed:
2007-02-10 14:25:35: DEBUG:
440f4e1c 91d9d305 a8516e1a cb3b7231 4dfb0c4f 5765e157
2007-02-10 14:25:35: DEBUG: hash(md5)
2007-02-10 14:25:35: DEBUG: encryption(3des)
2007-02-10 14:25:35: DEBUG: IV computed:
2007-02-10 14:25:35: DEBUG:
e7e048fc dcc84236
2007-02-10 14:25:35: DEBUG: ===
2007-02-10 14:25:35: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:25:35: DEBUG:
29b8fbef 412faa30 e472f333 753bfce9 05100201 00000000 0000003c 157276e9
2f7b768a 6296c778 ca8bb07d ba5baebc 3d1a29d1 9993ffc6 e5e2d0c4
2007-02-10 14:25:35: DEBUG: begin decryption.
2007-02-10 14:25:35: DEBUG: encryption(3des)
2007-02-10 14:25:35: DEBUG: IV was saved for next processing:
2007-02-10 14:25:35: DEBUG:
9993ffc6 e5e2d0c4
2007-02-10 14:25:35: DEBUG: encryption(3des)
2007-02-10 14:25:35: DEBUG: with key:
2007-02-10 14:25:35: DEBUG:
440f4e1c 91d9d305 a8516e1a cb3b7231 4dfb0c4f 5765e157
2007-02-10 14:25:35: DEBUG: decrypted payload by IV:
2007-02-10 14:25:35: DEBUG:
e7e048fc dcc84236
2007-02-10 14:25:35: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:25:35: DEBUG:
0e7a567c 5fd12feb 5ae6b0d4 f78987df 09f75c5d bb697b0b 98dc975a 4ee69717
2007-02-10 14:25:35: DEBUG: padding len=23
2007-02-10 14:25:35: DEBUG: skip to trim padding.
2007-02-10 14:25:35: DEBUG: decrypted.
2007-02-10 14:25:35: DEBUG:
29b8fbef 412faa30 e472f333 753bfce9 05100201 00000000 0000003c 0e7a567c
5fd12feb 5ae6b0d4 f78987df 09f75c5d bb697b0b 98dc975a 4ee69717
2007-02-10 14:25:35: DEBUG: begin.
2007-02-10 14:25:35: DEBUG: seen nptype=5(id)
2007-02-10 14:25:35: DEBUG: invalid length of payload
2007-02-10 14:25:36: DEBUG: ===
2007-02-10 14:25:36: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:25:36: DEBUG:
29b8fbef 412faa30 e472f333 753bfce9 05100201 00000000 0000003c 157276e9
2f7b768a 6296c778 ca8bb07d ba5baebc 3d1a29d1 9993ffc6 e5e2d0c4
2007-02-10 14:25:36: DEBUG: begin decryption.
2007-02-10 14:25:36: DEBUG: encryption(3des)
2007-02-10 14:25:36: DEBUG: IV was saved for next processing:
2007-02-10 14:25:36: DEBUG:
9993ffc6 e5e2d0c4
2007-02-10 14:25:36: DEBUG: encryption(3des)
2007-02-10 14:25:36: DEBUG: with key:
2007-02-10 14:25:36: DEBUG:
440f4e1c 91d9d305 a8516e1a cb3b7231 4dfb0c4f 5765e157
2007-02-10 14:25:36: DEBUG: decrypted payload by IV:
2007-02-10 14:25:36: DEBUG:
e7e048fc dcc84236
2007-02-10 14:25:36: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:25:36: DEBUG:
0e7a567c 5fd12feb 5ae6b0d4 f78987df 09f75c5d bb697b0b 98dc975a 4ee69717
2007-02-10 14:25:36: DEBUG: padding len=23
2007-02-10 14:25:36: DEBUG: skip to trim padding.
2007-02-10 14:25:36: DEBUG: decrypted.
2007-02-10 14:25:36: DEBUG:
29b8fbef 412faa30 e472f333 753bfce9 05100201 00000000 0000003c 0e7a567c
5fd12feb 5ae6b0d4 f78987df 09f75c5d bb697b0b 98dc975a 4ee69717
2007-02-10 14:25:36: DEBUG: begin.
2007-02-10 14:25:36: DEBUG: seen nptype=5(id)
2007-02-10 14:25:36: DEBUG: invalid length of payload
2007-02-10 14:25:38: DEBUG: ===
2007-02-10 14:25:38: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:25:38: DEBUG:
29b8fbef 412faa30 e472f333 753bfce9 05100201 00000000 0000003c 157276e9
2f7b768a 6296c778 ca8bb07d ba5baebc 3d1a29d1 9993ffc6 e5e2d0c4
2007-02-10 14:25:38: DEBUG: begin decryption.
2007-02-10 14:25:38: DEBUG: encryption(3des)
2007-02-10 14:25:38: DEBUG: IV was saved for next processing:
2007-02-10 14:25:38: DEBUG:
9993ffc6 e5e2d0c4
2007-02-10 14:25:38: DEBUG: encryption(3des)
2007-02-10 14:25:38: DEBUG: with key:
2007-02-10 14:25:38: DEBUG:
440f4e1c 91d9d305 a8516e1a cb3b7231 4dfb0c4f 5765e157
2007-02-10 14:25:38: DEBUG: decrypted payload by IV:
2007-02-10 14:25:38: DEBUG:
e7e048fc dcc84236
2007-02-10 14:25:38: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:25:38: DEBUG:
0e7a567c 5fd12feb 5ae6b0d4 f78987df 09f75c5d bb697b0b 98dc975a 4ee69717
2007-02-10 14:25:38: DEBUG: padding len=23
2007-02-10 14:25:38: DEBUG: skip to trim padding.
2007-02-10 14:25:38: DEBUG: decrypted.
2007-02-10 14:25:38: DEBUG:
29b8fbef 412faa30 e472f333 753bfce9 05100201 00000000 0000003c 0e7a567c
5fd12feb 5ae6b0d4 f78987df 09f75c5d bb697b0b 98dc975a 4ee69717
2007-02-10 14:25:38: DEBUG: begin.
2007-02-10 14:25:38: DEBUG: seen nptype=5(id)
2007-02-10 14:25:38: DEBUG: invalid length of payload
2007-02-10 14:25:42: DEBUG: ===
2007-02-10 14:25:42: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:25:42: DEBUG:
29b8fbef 412faa30 e472f333 753bfce9 05100201 00000000 0000003c 157276e9
2f7b768a 6296c778 ca8bb07d ba5baebc 3d1a29d1 9993ffc6 e5e2d0c4
2007-02-10 14:25:42: DEBUG: begin decryption.
2007-02-10 14:25:42: DEBUG: encryption(3des)
2007-02-10 14:25:42: DEBUG: IV was saved for next processing:
2007-02-10 14:25:42: DEBUG:
9993ffc6 e5e2d0c4
2007-02-10 14:25:42: DEBUG: encryption(3des)
2007-02-10 14:25:42: DEBUG: with key:
2007-02-10 14:25:42: DEBUG:
440f4e1c 91d9d305 a8516e1a cb3b7231 4dfb0c4f 5765e157
2007-02-10 14:25:42: DEBUG: decrypted payload by IV:
2007-02-10 14:25:42: DEBUG:
e7e048fc dcc84236
2007-02-10 14:25:42: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:25:42: DEBUG:
0e7a567c 5fd12feb 5ae6b0d4 f78987df 09f75c5d bb697b0b 98dc975a 4ee69717
2007-02-10 14:25:42: DEBUG: padding len=23
2007-02-10 14:25:42: DEBUG: skip to trim padding.
2007-02-10 14:25:42: DEBUG: decrypted.
2007-02-10 14:25:42: DEBUG:
29b8fbef 412faa30 e472f333 753bfce9 05100201 00000000 0000003c 0e7a567c
5fd12feb 5ae6b0d4 f78987df 09f75c5d bb697b0b 98dc975a 4ee69717
2007-02-10 14:25:42: DEBUG: begin.
2007-02-10 14:25:42: DEBUG: seen nptype=5(id)
2007-02-10 14:25:42: DEBUG: invalid length of payload
2007-02-10 14:25:47: INFO: caught signal 2
2007-02-10 14:25:47: DEBUG: get pfkey FLUSH message
2007-02-10 14:25:48: DEBUG: call pfkey_send_dump
2007-02-10 14:25:48: DEBUG: an undead schedule has been deleted.
2007-02-10 14:25:48: DEBUG: an undead schedule has been deleted.
2007-02-10 14:25:48: INFO: racoon shutdown
2007-02-10 14:29:02: INFO: @(#)ipsec-tools 0.6.5 (http://ipsec-tools.sourceforge.net)
2007-02-10 14:29:02: INFO: @(#)This product linked OpenSSL 0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
2007-02-10 14:29:02: DEBUG: hmac(modp1024)
2007-02-10 14:29:02: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2007-02-10 14:29:02: INFO: 192.168.1.1[500] used as isakmp port (fd=4)
2007-02-10 14:29:02: DEBUG: get pfkey X_SPDDUMP message
2007-02-10 14:29:02: DEBUG: get pfkey X_SPDDUMP message
2007-02-10 14:29:02: DEBUG: sub:0xbfbfe600: 0.0.0.0/0[0] 192.168.1.0/24[0] proto=any dir=out
2007-02-10 14:29:02: DEBUG: db :0x809fa08: 192.168.1.0/24[0] 0.0.0.0/0[0] proto=any dir=in
2007-02-10 14:29:05: DEBUG: ===
2007-02-10 14:29:05: DEBUG: 168 bytes message received from 192.168.1.11[500] to 192.168.1.1[500]
2007-02-10 14:29:05: DEBUG:
3d6252b5 626db32b 00000000 00000000 01100200 00000000 000000a8 0d000038
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10 0d000018 1e2b5169 05991c7d
7c96fcbf b587e461 00000004 0d000014 4048b7d5 6ebce885 25e7de7f 00d6c2d3
0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 00000014 26244d38 eddb61b3
172a36e3 d0cfb819
2007-02-10 14:29:05: DEBUG: configuration found for 192.168.1.11[500].
2007-02-10 14:29:05: DEBUG: ===
2007-02-10 14:29:05: INFO: respond new phase 1 negotiation: 192.168.1.1[500]<=>192.168.1.11[500]
2007-02-10 14:29:05: INFO: begin Identity Protection mode.
2007-02-10 14:29:05: DEBUG: begin.
2007-02-10 14:29:05: DEBUG: seen nptype=1(sa)
2007-02-10 14:29:05: DEBUG: seen nptype=13(vid)
2007-02-10 14:29:05: DEBUG: seen nptype=13(vid)
2007-02-10 14:29:05: DEBUG: seen nptype=13(vid)
2007-02-10 14:29:05: DEBUG: seen nptype=13(vid)
2007-02-10 14:29:05: DEBUG: succeed.
2007-02-10 14:29:05: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY
2007-02-10 14:29:05: INFO: received Vendor ID: FRAGMENTATION
2007-02-10 14:29:05: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

2007-02-10 14:29:05: DEBUG: received unknown Vendor ID
2007-02-10 14:29:05: DEBUG: total SA len=52
2007-02-10 14:29:05: DEBUG:
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10
2007-02-10 14:29:05: DEBUG: begin.
2007-02-10 14:29:05: DEBUG: seen nptype=2(prop)
2007-02-10 14:29:05: DEBUG: succeed.
2007-02-10 14:29:05: DEBUG: proposal #1 len=44
2007-02-10 14:29:05: DEBUG: begin.
2007-02-10 14:29:05: DEBUG: seen nptype=3(trns)
2007-02-10 14:29:05: DEBUG: succeed.
2007-02-10 14:29:05: DEBUG: transform #1 len=36
2007-02-10 14:29:05: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC2007-02-10 14:29:05: DEBUG: encryption(3des)
2007-02-10 14:29:05: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-02-10 14:29:05: DEBUG: hash(md5)
2007-02-10 14:29:05: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-02-10 14:29:05: DEBUG: hmac(modp1024)
2007-02-10 14:29:05: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-02-10 14:29:05: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-02-10 14:29:05: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-02-10 14:29:05: DEBUG: pair 1:
2007-02-10 14:29:05: DEBUG:  0x80a91b0: next=0x0 tnext=0x0
2007-02-10 14:29:05: DEBUG: proposal #1: 1 transform
2007-02-10 14:29:05: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
2007-02-10 14:29:05: DEBUG: trns#=1, trns-id=IKE
2007-02-10 14:29:05: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC2007-02-10 14:29:05: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-02-10 14:29:05: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2007-02-10 14:29:05: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-02-10 14:29:05: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-02-10 14:29:05: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-02-10 14:29:05: DEBUG: Compared: DB:Peer
2007-02-10 14:29:05: DEBUG: (lifetime = 3600:3600)
2007-02-10 14:29:05: DEBUG: (lifebyte = 0:0)
2007-02-10 14:29:05: DEBUG: enctype = 3DES-CBC:3DES-CBC
2007-02-10 14:29:05: DEBUG: (encklen = 0:0)
2007-02-10 14:29:05: DEBUG: hashtype = MD5:MD5
2007-02-10 14:29:05: DEBUG: authmethod = pre-shared key:pre-shared key
2007-02-10 14:29:05: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group
2007-02-10 14:29:05: DEBUG: an acceptable proposal found.
2007-02-10 14:29:05: DEBUG: hmac(modp1024)
2007-02-10 14:29:05: DEBUG: new cookie:
4900491b648e6b13
2007-02-10 14:29:05: DEBUG: add payload of len 52, next type 13
2007-02-10 14:29:05: DEBUG: add payload of len 16, next type 0
2007-02-10 14:29:05: DEBUG: 104 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:29:05: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:29:05: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:29:05: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:29:05: DEBUG: 1 times of 104 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:29:05: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 01100200 00000000 00000068 0d000038
00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020001
80040002 80030001 800b0001 000c0004 00000e10 00000014 afcad713 68a1f1c9
6b8696fc 77570100
2007-02-10 14:29:05: DEBUG: resend phase1 packet 3d6252b5626db32b:4900491b648e6b13
2007-02-10 14:29:05: DEBUG: ===
2007-02-10 14:29:05: DEBUG: 184 bytes message received from 192.168.1.11[500] to 192.168.1.1[500]
2007-02-10 14:29:05: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 04100200 00000000 000000b8 0a000084
86684a29 b7e4a767 ed8949e6 9f4d247d 48e230fd 27360fcf 2e6a6e7a b73de564
d8c72e4c 298f5f68 f3c7bc12 28395f01 2728d7f2 6d63f970 ab30922e 00f865f9
133dcbd5 0c9eb083 d5fd0bde 0b117ad2 ab40a368 d868ba56 601d15c5 0d1dd98d
dc520d07 46cea68a 91f386c4 45502e41 3d8e48c6 40cf3982 f604ebcf 532756ba
00000018 2c8bf6bc 4b15e0e6 54e38ceb e59143b5 e9c6e28e
2007-02-10 14:29:05: DEBUG: begin.
2007-02-10 14:29:05: DEBUG: seen nptype=4(ke)
2007-02-10 14:29:05: DEBUG: seen nptype=10(nonce)
2007-02-10 14:29:05: DEBUG: succeed.
2007-02-10 14:29:05: DEBUG: ===
2007-02-10 14:29:05: DEBUG: compute DH's private.
2007-02-10 14:29:05: DEBUG:
7494f97c f0bfab1f 83503982 ebc1455d 9bfd912d fdd52783 337a2183 97e0164e
54abb89b 26edd1e5 7f62c3c6 2a848dc7 d69af8fd b2a4e6b2 09d0c844 616d4d9d
15b2e669 c8505a11 be0b1e7b 7643ca82 107edf16 f11168ef 6664bd5f 8dd86f8b
79448b48 e2be97c9 8c54b608 d75dc2e9 f127c50a 0b683b4a 62e0c858 584dfee7
2007-02-10 14:29:05: DEBUG: compute DH's public.
2007-02-10 14:29:05: DEBUG:
87120b04 dca66c5a 1cfa94d1 c183ee07 09491453 730124a0 4072cade cd1486c6
36a00de9 cd284171 453c3809 bbe58af7 c2caeecc c77152f6 1e9d3f4c 5d945211
5f4456b5 11bb6657 83db4adf d8d52335 3657a6aa ecc8d1bc dd99f57d 7c7e15f3
4e76920a 683224e6 d420fee2 da90249c 69510612 f8eacb53 d2d84294 84ab784f
2007-02-10 14:29:05: DEBUG: add payload of len 128, next type 10
2007-02-10 14:29:05: DEBUG: add payload of len 16, next type 0
2007-02-10 14:29:05: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:29:05: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:29:05: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:29:05: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:29:05: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:29:05: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 04100200 00000000 000000b4 0a000084
87120b04 dca66c5a 1cfa94d1 c183ee07 09491453 730124a0 4072cade cd1486c6
36a00de9 cd284171 453c3809 bbe58af7 c2caeecc c77152f6 1e9d3f4c 5d945211
5f4456b5 11bb6657 83db4adf d8d52335 3657a6aa ecc8d1bc dd99f57d 7c7e15f3
4e76920a 683224e6 d420fee2 da90249c 69510612 f8eacb53 d2d84294 84ab784f
00000014 db110452 23ce5150 96b03f3a 8891d5c6
2007-02-10 14:29:05: DEBUG: resend phase1 packet 3d6252b5626db32b:4900491b648e6b13
2007-02-10 14:29:05: DEBUG: compute DH's shared.
2007-02-10 14:29:05: DEBUG:
48657578 f4622ee0 67f4d1e0 aabd2c31 9d19ac83 17e4c88f 811614a2 92ec6eef
c1a8916e 726db56a 0f9a86f3 e61ab311 cf26b607 58044daf 25335a94 fecc29d9
5c0ceb94 5c44373a eb9255f2 7d2b827f 347567a0 d4a806a1 2459d7df 2c12627b
5d9e97f0 0dd556cf 11b86355 d299360f 45487a50 4d69b3c8 35f024cf 0f3132a2
2007-02-10 14:29:05: DEBUG: the psk found.
2007-02-10 14:29:05: DEBUG: nonce 1: 2007-02-10 14:29:05: DEBUG:
2c8bf6bc 4b15e0e6 54e38ceb e59143b5 e9c6e28e
2007-02-10 14:29:05: DEBUG: nonce 2: 2007-02-10 14:29:05: DEBUG:
db110452 23ce5150 96b03f3a 8891d5c6
2007-02-10 14:29:05: DEBUG: hmac(hmac_md5)
2007-02-10 14:29:05: DEBUG: SKEYID computed:
2007-02-10 14:29:05: DEBUG:
1e647988 673215e5 d5f53981 97cdab56
2007-02-10 14:29:05: DEBUG: hmac(hmac_md5)
2007-02-10 14:29:05: DEBUG: SKEYID_d computed:
2007-02-10 14:29:05: DEBUG:
8252d345 bd3edb30 dd12644a 72fb2bcb
2007-02-10 14:29:05: DEBUG: hmac(hmac_md5)
2007-02-10 14:29:05: DEBUG: SKEYID_a computed:
2007-02-10 14:29:05: DEBUG:
9268bb6a 10715aca 4e5d4b63 57825195
2007-02-10 14:29:05: DEBUG: hmac(hmac_md5)
2007-02-10 14:29:05: DEBUG: SKEYID_e computed:
2007-02-10 14:29:05: DEBUG:
7876ff1c 8a4891da 0ff558cd 1af2c4be
2007-02-10 14:29:05: DEBUG: encryption(3des)
2007-02-10 14:29:05: DEBUG: hash(md5)
2007-02-10 14:29:05: DEBUG: len(SKEYID_e) < len(Ka) (16 < 24), generating long key (Ka = K1 | K2 | ...)
2007-02-10 14:29:05: DEBUG: hmac(hmac_md5)
2007-02-10 14:29:05: DEBUG: compute intermediate encryption key K1
2007-02-10 14:29:05: DEBUG:
00
2007-02-10 14:29:05: DEBUG:
ac218c88 5f5ca91c b94f9bc3 125a6c99
2007-02-10 14:29:05: DEBUG: hmac(hmac_md5)
2007-02-10 14:29:05: DEBUG: compute intermediate encryption key K2
2007-02-10 14:29:05: DEBUG:
ac218c88 5f5ca91c b94f9bc3 125a6c99
2007-02-10 14:29:05: DEBUG:
99170ce6 b7da4832 7247e268 73e1b4a8
2007-02-10 14:29:05: DEBUG: final encryption key computed:
2007-02-10 14:29:05: DEBUG:
ac218c88 5f5ca91c b94f9bc3 125a6c99 99170ce6 b7da4832
2007-02-10 14:29:05: DEBUG: hash(md5)
2007-02-10 14:29:05: DEBUG: encryption(3des)
2007-02-10 14:29:05: DEBUG: IV computed:
2007-02-10 14:29:05: DEBUG:
a4ad1d37 a4485cd0
2007-02-10 14:29:05: DEBUG: ===
2007-02-10 14:29:05: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:29:05: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c f751516f
f9465b82 30dccb3e 152ea35a bbd6f059 71aeaa8b 57eaf598 12c8c10b
2007-02-10 14:29:05: DEBUG: begin decryption.
2007-02-10 14:29:05: DEBUG: encryption(3des)
2007-02-10 14:29:05: DEBUG: IV was saved for next processing:
2007-02-10 14:29:05: DEBUG:
57eaf598 12c8c10b
2007-02-10 14:29:05: DEBUG: encryption(3des)
2007-02-10 14:29:05: DEBUG: with key:
2007-02-10 14:29:05: DEBUG:
ac218c88 5f5ca91c b94f9bc3 125a6c99 99170ce6 b7da4832
2007-02-10 14:29:05: DEBUG: decrypted payload by IV:
2007-02-10 14:29:05: DEBUG:
a4ad1d37 a4485cd0
2007-02-10 14:29:05: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:29:05: DEBUG:
acffd83a 2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:05: DEBUG: padding len=64
2007-02-10 14:29:05: DEBUG: skip to trim padding.
2007-02-10 14:29:05: DEBUG: decrypted.
2007-02-10 14:29:05: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c acffd83a
2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:05: DEBUG: begin.
2007-02-10 14:29:05: DEBUG: seen nptype=5(id)
2007-02-10 14:29:05: DEBUG: invalid length of payload
2007-02-10 14:29:06: DEBUG: ===
2007-02-10 14:29:06: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:29:06: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c f751516f
f9465b82 30dccb3e 152ea35a bbd6f059 71aeaa8b 57eaf598 12c8c10b
2007-02-10 14:29:06: DEBUG: begin decryption.
2007-02-10 14:29:06: DEBUG: encryption(3des)
2007-02-10 14:29:06: DEBUG: IV was saved for next processing:
2007-02-10 14:29:06: DEBUG:
57eaf598 12c8c10b
2007-02-10 14:29:06: DEBUG: encryption(3des)
2007-02-10 14:29:06: DEBUG: with key:
2007-02-10 14:29:06: DEBUG:
ac218c88 5f5ca91c b94f9bc3 125a6c99 99170ce6 b7da4832
2007-02-10 14:29:06: DEBUG: decrypted payload by IV:
2007-02-10 14:29:06: DEBUG:
a4ad1d37 a4485cd0
2007-02-10 14:29:06: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:29:06: DEBUG:
acffd83a 2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:06: DEBUG: padding len=64
2007-02-10 14:29:06: DEBUG: skip to trim padding.
2007-02-10 14:29:06: DEBUG: decrypted.
2007-02-10 14:29:06: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c acffd83a
2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:06: DEBUG: begin.
2007-02-10 14:29:06: DEBUG: seen nptype=5(id)
2007-02-10 14:29:06: DEBUG: invalid length of payload
2007-02-10 14:29:08: DEBUG: ===
2007-02-10 14:29:08: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:29:08: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c f751516f
f9465b82 30dccb3e 152ea35a bbd6f059 71aeaa8b 57eaf598 12c8c10b
2007-02-10 14:29:08: DEBUG: begin decryption.
2007-02-10 14:29:08: DEBUG: encryption(3des)
2007-02-10 14:29:08: DEBUG: IV was saved for next processing:
2007-02-10 14:29:08: DEBUG:
57eaf598 12c8c10b
2007-02-10 14:29:08: DEBUG: encryption(3des)
2007-02-10 14:29:08: DEBUG: with key:
2007-02-10 14:29:08: DEBUG:
ac218c88 5f5ca91c b94f9bc3 125a6c99 99170ce6 b7da4832
2007-02-10 14:29:08: DEBUG: decrypted payload by IV:
2007-02-10 14:29:08: DEBUG:
a4ad1d37 a4485cd0
2007-02-10 14:29:08: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:29:08: DEBUG:
acffd83a 2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:08: DEBUG: padding len=64
2007-02-10 14:29:08: DEBUG: skip to trim padding.
2007-02-10 14:29:08: DEBUG: decrypted.
2007-02-10 14:29:08: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c acffd83a
2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:08: DEBUG: begin.
2007-02-10 14:29:08: DEBUG: seen nptype=5(id)
2007-02-10 14:29:08: DEBUG: invalid length of payload
2007-02-10 14:29:12: DEBUG: ===
2007-02-10 14:29:12: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:29:12: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c f751516f
f9465b82 30dccb3e 152ea35a bbd6f059 71aeaa8b 57eaf598 12c8c10b
2007-02-10 14:29:12: DEBUG: begin decryption.
2007-02-10 14:29:12: DEBUG: encryption(3des)
2007-02-10 14:29:12: DEBUG: IV was saved for next processing:
2007-02-10 14:29:12: DEBUG:
57eaf598 12c8c10b
2007-02-10 14:29:12: DEBUG: encryption(3des)
2007-02-10 14:29:12: DEBUG: with key:
2007-02-10 14:29:12: DEBUG:
ac218c88 5f5ca91c b94f9bc3 125a6c99 99170ce6 b7da4832
2007-02-10 14:29:12: DEBUG: decrypted payload by IV:
2007-02-10 14:29:12: DEBUG:
a4ad1d37 a4485cd0
2007-02-10 14:29:12: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:29:12: DEBUG:
acffd83a 2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:12: DEBUG: padding len=64
2007-02-10 14:29:12: DEBUG: skip to trim padding.
2007-02-10 14:29:12: DEBUG: decrypted.
2007-02-10 14:29:12: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c acffd83a
2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:12: DEBUG: begin.
2007-02-10 14:29:12: DEBUG: seen nptype=5(id)
2007-02-10 14:29:12: DEBUG: invalid length of payload
2007-02-10 14:29:20: DEBUG: ===
2007-02-10 14:29:20: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:29:20: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c f751516f
f9465b82 30dccb3e 152ea35a bbd6f059 71aeaa8b 57eaf598 12c8c10b
2007-02-10 14:29:20: DEBUG: begin decryption.
2007-02-10 14:29:20: DEBUG: encryption(3des)
2007-02-10 14:29:20: DEBUG: IV was saved for next processing:
2007-02-10 14:29:20: DEBUG:
57eaf598 12c8c10b
2007-02-10 14:29:20: DEBUG: encryption(3des)
2007-02-10 14:29:20: DEBUG: with key:
2007-02-10 14:29:20: DEBUG:
ac218c88 5f5ca91c b94f9bc3 125a6c99 99170ce6 b7da4832
2007-02-10 14:29:20: DEBUG: decrypted payload by IV:
2007-02-10 14:29:20: DEBUG:
a4ad1d37 a4485cd0
2007-02-10 14:29:20: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:29:20: DEBUG:
acffd83a 2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:20: DEBUG: padding len=64
2007-02-10 14:29:20: DEBUG: skip to trim padding.
2007-02-10 14:29:20: DEBUG: decrypted.
2007-02-10 14:29:20: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c acffd83a
2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:20: DEBUG: begin.
2007-02-10 14:29:20: DEBUG: seen nptype=5(id)
2007-02-10 14:29:20: DEBUG: invalid length of payload
2007-02-10 14:29:25: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:29:25: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:29:25: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:29:25: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:29:25: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:29:25: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 04100200 00000000 000000b4 0a000084
87120b04 dca66c5a 1cfa94d1 c183ee07 09491453 730124a0 4072cade cd1486c6
36a00de9 cd284171 453c3809 bbe58af7 c2caeecc c77152f6 1e9d3f4c 5d945211
5f4456b5 11bb6657 83db4adf d8d52335 3657a6aa ecc8d1bc dd99f57d 7c7e15f3
4e76920a 683224e6 d420fee2 da90249c 69510612 f8eacb53 d2d84294 84ab784f
00000014 db110452 23ce5150 96b03f3a 8891d5c6
2007-02-10 14:29:25: DEBUG: resend phase1 packet 3d6252b5626db32b:4900491b648e6b13
2007-02-10 14:29:31: DEBUG: get pfkey ACQUIRE message
2007-02-10 14:29:31: DEBUG: ignore because do not listen on source address : 192.168.1.11.
2007-02-10 14:29:36: DEBUG: ===
2007-02-10 14:29:36: DEBUG: 60 bytes message received from 192.168.1.11[500] to
192.168.1.1[500]
2007-02-10 14:29:36: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c f751516f
f9465b82 30dccb3e 152ea35a bbd6f059 71aeaa8b 57eaf598 12c8c10b
2007-02-10 14:29:36: DEBUG: begin decryption.
2007-02-10 14:29:36: DEBUG: encryption(3des)
2007-02-10 14:29:36: DEBUG: IV was saved for next processing:
2007-02-10 14:29:36: DEBUG:
57eaf598 12c8c10b
2007-02-10 14:29:36: DEBUG: encryption(3des)
2007-02-10 14:29:36: DEBUG: with key:
2007-02-10 14:29:36: DEBUG:
ac218c88 5f5ca91c b94f9bc3 125a6c99 99170ce6 b7da4832
2007-02-10 14:29:36: DEBUG: decrypted payload by IV:
2007-02-10 14:29:36: DEBUG:
a4ad1d37 a4485cd0
2007-02-10 14:29:36: DEBUG: decrypted payload, but not trimed.
2007-02-10 14:29:36: DEBUG:
acffd83a 2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:36: DEBUG: padding len=64
2007-02-10 14:29:36: DEBUG: skip to trim padding.
2007-02-10 14:29:36: DEBUG: decrypted.
2007-02-10 14:29:36: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 05100201 00000000 0000003c acffd83a
2a1c1e81 4279be81 2fe1c219 15dda289 8a21c7d5 6104e04d 57d62f40
2007-02-10 14:29:36: DEBUG: begin.
2007-02-10 14:29:36: DEBUG: seen nptype=5(id)
2007-02-10 14:29:36: DEBUG: invalid length of payload
2007-02-10 14:29:45: DEBUG: 180 bytes from 192.168.1.1[500] to 192.168.1.11[500]
2007-02-10 14:29:45: DEBUG: sockname 192.168.1.1[500]
2007-02-10 14:29:45: DEBUG: send packet from 192.168.1.1[500]
2007-02-10 14:29:45: DEBUG: send packet to 192.168.1.11[500]
2007-02-10 14:29:45: DEBUG: 1 times of 180 bytes message will be sent to 192.168.1.11[500]
2007-02-10 14:29:45: DEBUG:
3d6252b5 626db32b 4900491b 648e6b13 04100200 00000000 000000b4 0a000084
87120b04 dca66c5a 1cfa94d1 c183ee07 09491453 730124a0 4072cade cd1486c6
36a00de9 cd284171 453c3809 bbe58af7 c2caeecc c77152f6 1e9d3f4c 5d945211
5f4456b5 11bb6657 83db4adf d8d52335 3657a6aa ecc8d1bc dd99f57d 7c7e15f3
4e76920a 683224e6 d420fee2 da90249c 69510612 f8eacb53 d2d84294 84ab784f
00000014 db110452 23ce5150 96b03f3a 8891d5c6
2007-02-10 14:29:45: DEBUG: resend phase1 packet 3d6252b5626db32b:4900491b648e6b13
2007-02-10 14:29:54: INFO: caught signal 2
2007-02-10 14:29:54: DEBUG: get pfkey FLUSH message
2007-02-10 14:29:55: DEBUG: call pfkey_send_dump
2007-02-10 14:29:55: DEBUG: an undead schedule has been deleted.
2007-02-10 14:29:55: INFO: racoon shutdown
:q

alligator#

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

6. "ipsec freeBSD и windows"  
Сообщение от Elight email(??) on 10-Фев-07, 18:00 
>Вот подробный лог!

Вай-вай! В форуме такое читать замахаисся...

Особое подозрение у мя вызывают вот эти строки:
>2007-02-10 14:29:36: DEBUG: seen nptype=5(id)
>2007-02-10 14:29:36: DEBUG: invalid length of payload

Обычно такое бывает при неправильном ключе/сертификате. Понимаю, что это самое очевидное в подобных случаях, но чем чёрт не шутит - вдруг ты и правда ошибся.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

7. "ipsec freeBSD и windows"  
Сообщение от Alligator email(??) on 10-Фев-07, 19:39 
>>Вот подробный лог!
>
>Вай-вай! В форуме такое читать замахаисся...
>
>Особое подозрение у мя вызывают вот эти строки:
>>2007-02-10 14:29:36: DEBUG: seen nptype=5(id)
>>2007-02-10 14:29:36: DEBUG: invalid length of payload
>
>Обычно такое бывает при неправильном ключе/сертификате. Понимаю, что это самое очевидное в
>подобных случаях, но чем чёрт не шутит - вдруг ты и
>правда ошибся.


Сам просил :)))

нет фраза самая простая я её проверял, может цифры попробовать?

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

8. "ipsec freeBSD и windows"  
Сообщение от Gin (??) on 12-Апр-07, 13:43 
>        exchange_mode main,aggressive;
>        doi ipsec_doi;
>        situation identity_only;

Poprobyj vyrubit aggressive mode - ostav tolko main.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]




Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру