Hello, I have disabled AH in sysctl but... nothing... Thanks in advance, Helio.
This are my sysctl.conf and isakmpd debug net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of packets #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be 0) #net.inet.tcp.rfc1323=0 # 0=disable TCP RFC1323 extensions (for if tcp is slow) #net.inet.tcp.rfc3390=1 # 1=Enable RFC3390 for TCP window increasing net.inet.esp.enable=1 # 0=Disable the ESP IPsec protocol net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol #net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation #net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol #net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension #ddb.panic=0 # 0=Do not drop into ddb on a kernel panic ...... This is my Isakmpd debug (with -DA=40) 223813.154258 Default log_debug_cmd: log level changed from 0 to 40 for class 0 [priv] 223813.171634 Default log_debug_cmd: log level changed from 0 to 40 for class 1 [priv] 223813.172015 Default log_debug_cmd: log level changed from 0 to 40 for class 2 [priv] 223813.172390 Default log_debug_cmd: log level changed from 0 to 40 for class 3 [priv] 223813.172766 Default log_debug_cmd: log level changed from 0 to 40 for class 4 [priv] 223813.173147 Default log_debug_cmd: log level changed from 0 to 40 for class 5 [priv] 223813.173521 Default log_debug_cmd: log level changed from 0 to 40 for class 6 [priv] 223813.173896 Default log_debug_cmd: log level changed from 0 to 40 for class 7 [priv] 223813.174271 Default log_debug_cmd: log level changed from 0 to 40 for class 8 [priv] 223813.174647 Default log_debug_cmd: log level changed from 0 to 40 for class 9 [priv] 223813.175023 Default log_debug_cmd: log level changed from 0 to 40 for class 10 [priv] 223813.200708 Sdep 30 monitor_init: pid 0 my fd 5 [priv] 223813.200213 Sdep 30 monitor_init: pid 8969 my fd 6 [priv] 223813.204593 Misc 10 monitor_init: privileges dropped for child process 223814.018397 Timr 10 timer_add_event: event connection_checker(0x3c1e8b90) added last, expiration in 0s 223814.059768 Plcy 30 policy_init: initializing 223814.093068 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/ca/ 223814.101690 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/certs/ 223814.103574 Cryp 40 x509_read_crls_from_dir: reading CRLs from /etc/isakmpd/crls/ 223814.123039 Trpt 40 virtual_listen_lookup: no match 223814.124808 Misc 20 udp_make: transport 0x3c1eac80 socket 8 ip 127.0.0.1 port 500 223814.129443 Misc 20 udp_encap_make: transport 0x3c1eacc0 socket 9 ip 127.0.0.1 port 4500 223814.129855 Trpt 40 virtual_listen_lookup: no match 223814.131461 Misc 20 udp_make: transport 0x3c1ead40 socket 10 ip ::1 port 500 223814.133007 Misc 20 udp_encap_make: transport 0x3c1ead80 socket 11 ip ::1 port 4500 223814.133400 Trpt 40 virtual_listen_lookup: no match 223814.134976 Misc 20 udp_make: transport 0x3c1eae00 socket 12 ip fe80:6::1 port 500 223814.136478 Misc 20 udp_encap_make: transport 0x3c1eae40 socket 13 ip fe80:6::1 port 4500 223814.136872 Trpt 40 virtual_listen_lookup: no match 223814.138423 Misc 20 udp_make: transport 0x3c1eaec0 socket 14 ip 192.168.41.101 port 500 223814.139947 Misc 20 udp_encap_make: transport 0x3c1eaf00 socket 15 ip 192.168.41.101 port 4500 223814.140375 Trpt 40 virtual_listen_lookup: no match 223814.141916 Misc 20 udp_make: transport 0x3c1eaf80 socket 16 ip fe80:1::2c0:dfff:fee0:d8de port 500 223814.143434 Misc 20 udp_encap_make: transport 0x3c1eafc0 socket 17 ip fe80:1::2c0:dfff:fee0:d8de port 4500 223814.143839 Trpt 40 virtual_listen_lookup: no match 223814.145372 Misc 20 udp_make: transport 0x3c06a100 socket 18 ip 192.168.4.102 port 500 223814.146864 Misc 20 udp_encap_make: transport 0x3c06a140 socket 19 ip 192.168.4.102 port 4500 223814.147299 Trpt 40 virtual_listen_lookup: no match 223814.148851 Misc 20 udp_make: transport 0x3c06a1c0 socket 20 ip fe80:2::250:4ff:fe46:6006 port 500 223814.150399 Misc 20 udp_encap_make: transport 0x3c06a200 socket 21 ip fe80:2::250:4ff:fe46:6006 port 4500 223814.151968 Misc 20 udp_make: transport 0x3c06a280 socket 22 ip 0.0.0.0 port 500 223814.153527 Misc 20 udp_encap_make: transport 0x3c06a2c0 socket 23 ip 0.0.0.0 port 4500 223814.155096 Misc 20 udp_make: transport 0x3c06a340 socket 24 ip :: port 500 223814.156599 Misc 20 udp_encap_make: transport 0x3c06a380 socket 25 ip :: port 4500 223814.160438 Timr 10 timer_handle_expirations: event connection_checker(0x3c1e8b90) 223814.160930 Timr 10 timer_add_event: event connection_checker(0x3c1e8b90) added last, expiration in 60s 223814.162090 Timr 10 timer_add_event: event exchange_free_aux(0x3c065800) added last, expiration in 120s 223814.163043 Exch 10 exchange_establish_p1: 0x3c065800 peer-machineB Default-main-mode policy initiator phase 1 doi 1 exchange 2 step 0 223814.163460 Exch 10 exchange_establish_p1: icookie 61d96e6b11dba8a4 rcookie 0000000000000000 223814.163851 Exch 10 exchange_establish_p1: msgid 00000000 223814.208641 Exch 40 exchange_run: exchange 0x3c065800 finished step 0, advancing... 223814.209270 Trpt 30 transport_send_messages: message 0x3c069380 scheduled for retransmission 1 in 7 secs 223814.209683 Timr 10 timer_add_event: event message_send_expire(0x3c069380) added before connection_checker(0x3c1e8b90), expiration in 7s 223814.368542 Mesg 20 message_free: freeing 0x3c069380 223814.368929 Timr 10 timer_remove_event: removing event message_send_expire(0x3c069380) 223814.369392 Exch 10 nat_t_check_vendor_payload: NAT-T capable peer detected 223814.369780 Mesg 40 message_validate_vendor: vendor ID seen 223814.370184 Mesg 40 message_validate_vendor: vendor ID seen 223814.370561 Exch 10 dpd_check_vendor_payload: DPD capable peer detected 223814.370977 Negt 30 message_negotiate_sa: transform 0 proto 1 proposal 1 ok 223814.371896 Negt 20 ike_phase_1_validate_prop: success 223814.372266 Negt 30 message_negotiate_sa: proposal 1 succeeded 223814.372643 Misc 20 ipsec_decode_transform: transform 0 chosen 223814.373046 Exch 10 exchange_run: unexpected payload VENDOR 223814.373424 Exch 10 exchange_run: unexpected payload VENDOR 223814.373918 Exch 40 exchange_run: exchange 0x3c065800 finished step 1, advancing... 223814.446991 Exch 40 exchange_run: exchange 0x3c065800 finished step 2, advancing... 223814.447642 Trpt 30 transport_send_messages: message 0x3c069380 scheduled for retransmission 1 in 7 secs 223814.448058 Timr 10 timer_add_event: event message_send_expire(0x3c069380) added before connection_checker(0x3c1e8b90), expiration in 7s 223814.603474 Mesg 20 message_free: freeing 0x3c069380 223814.603849 Timr 10 timer_remove_event: removing event message_send_expire(0x3c069380) 223814.604329 Exch 10 nat_t_exchange_check_nat_d: NAT detected, we're behind it 223814.662360 Cryp 40 crypto_init: key: 223814.662771 Cryp 40 517616b4 57330c74 b8b9e360 5680b0eb b652ebf2 a13d2e4e 223814.674408 Mesg 20 message_free: freeing 0x3c069600 223814.674808 Exch 40 exchange_run: exchange 0x3c065800 finished step 3, advancing... 223814.675249 Negt 40 ike_phase_1_send_ID: IPV4_ADDR: 223814.675622 Negt 40 c0a82965 223814.676199 Cryp 10 crypto_encrypt: before encryption: 223814.676618 Cryp 10 0800000c 01000000 c0a82965 0b000018 9b8cb1fd 5eb510b0 905fa23c 2ac7cdf0 223814.677065 Cryp 10 31018db2 0000001c 00000001 01106002 61d96e6b 11dba8a4 e648e2cb f001fb0e 223814.677613 Cryp 30 crypto_encrypt: after encryption: 223814.678024 Cryp 30 c3f5f3c7 b4c17c29 d2fc54e5 8d9bd4ef 17fb8363 d71ba499 ded84b8f eb7162ce 223814.678469 Cryp 30 60dbbdc2 84632ec7 08f9c723 f9a6905a 8eb9dbb1 962112cb 9d07810c fffc8cf9 223814.679235 Exch 40 exchange_run: exchange 0x3c065800 finished step 4, advancing... 223814.679669 Mesg 10 virtual_send_message: enabling NAT-T encapsulation for this exchange 223814.680227 Trpt 30 transport_send_messages: message 0x3c069600 scheduled for retransmission 1 in 7 secs 223814.680643 Timr 10 timer_add_event: event message_send_expire(0x3c069600) added before connection_checker(0x3c1e8b90), expiration in 7s 223821.622425 Mesg 20 message_free: freeing 0x3c069680 223821.690030 Timr 10 timer_handle_expirations: event message_send_expire(0x3c069600) 223821.690809 Trpt 30 transport_send_messages: message 0x3c069600 scheduled for retransmission 2 in 9 secs 223821.691219 Timr 10 timer_add_event: event message_send_expire(0x3c069600) added before connection_checker(0x3c1e8b90), expiration in 9s 223830.632032 Mesg 20 message_free: freeing 0x3c069680 223830.700029 Timr 10 timer_handle_expirations: event message_send_expire(0x3c069600) 223830.700798 Trpt 30 transport_send_messages: message 0x3c069600 scheduled for retransmission 3 in 11 secs 223830.701212 Timr 10 timer_add_event: event message_send_expire(0x3c069600) added before connection_checker(0x3c1e8b90), expiration in 11s 223841.641455 Mesg 20 message_free: freeing 0x3c069680 223841.710032 Timr 10 timer_handle_expirations: event message_send_expire(0x3c069600) 223841.710795 Default transport_send_messages: giving up on message 0x3c069600, exchange peer-machineB 223841.711188 Default transport_send_messages: either this message did not reach the other peer 223841.711572 Default transport_send_messages: or the responsemessage did not reach us back 223841.711949 Mesg 20 message_free: freeing 0x3c069600 223914.170041 Timr 10 timer_handle_expirations: event connection_checker(0x3c1e8b90) 223914.170492 Timr 10 timer_add_event: event connection_checker(0x3c1e8b90) added last, expiration in 60s 223914.170968 Exch 40 exchange_establish: peer-machineB exchange already exists as 0x3c065800 224014.180038 Timr 10 timer_handle_expirations: event exchange_free_aux(0x3c065800) 224014.180449 Mesg 20 message_free: freeing 0x3c069480 224014.180948 Exch 20 exchange_establish_finalize: finalizing exchange 0x3c065800 with arg 0x3c1e8d10 (VPN-A-B) & fail = 1 224014.181394 Exch 20 exchange_establish_finalize: finalizing exchange 0x3c065800 with arg 0x3c1e8da0 (VPN-A-B) & fail = 1 224014.181851 Timr 10 timer_handle_expirations: event connection_checker(0x3c1e8b90) 224014.182266 Timr 10 timer_add_event: event connection_checker(0x3c1e8b90) added last, expiration in 60s 224014.182959 Timr 10 timer_add_event: event exchange_free_aux(0x3c065800) added last, expiration in 120s 224014.183427 Exch 10 exchange_establish_p1: 0x3c065800 peer-machineB Default-main-mode policy initiator phase 1 doi 1 exchange 2 step 0 224014.183845 Exch 10 exchange_establish_p1: icookie df4ae6f2876f7dec rcookie 0000000000000000 224014.184239 Exch 10 exchange_establish_p1: msgid 00000000 224014.185368 Exch 40 exchange_run: exchange 0x3c065800 finished step 0, advancing... 224014.185966 Trpt 30 transport_send_messages: message 0x3c069380 scheduled for retransmission 1 in 7 secs 224014.186378 Timr 10 timer_add_event: event message_send_expire(0x3c069380) added before connection_checker(0x3c1e8b90), expiration in 7s 224021.190035 Timr 10 timer_handle_expirations: event message_send_expire(0x3c069380) 224021.191051 Trpt 30 transport_send_messages: message 0x3c069380 scheduled for retransmission 2 in 9 secs 224021.191460 Timr 10 timer_add_event: event message_send_expire(0x3c069380) added before connection_checker(0x3c1e8b90), expiration in 9s 224021.311820 Mesg 20 message_free: freeing 0x3c069380 224021.312190 Timr 10 timer_remove_event: removing event message_send_expire(0x3c069380) 224021.312652 Exch 10 nat_t_check_vendor_payload: NAT-T capable peer detected 224021.313035 Mesg 40 message_validate_vendor: vendor ID seen 224021.313408 Mesg 40 message_validate_vendor: vendor ID seen 224021.313787 Exch 10 dpd_check_vendor_payload: DPD capable peer detected 224021.314192 Negt 30 message_negotiate_sa: transform 0 proto 1 proposal 1 ok 224021.314824 Negt 20 ike_phase_1_validate_prop: success 224021.315184 Negt 30 message_negotiate_sa: proposal 1 succeeded 224021.315559 Misc 20 ipsec_decode_transform: transform 0 chosen 224021.315958 Exch 10 exchange_run: unexpected payload VENDOR 224021.316337 Exch 10 exchange_run: unexpected payload VENDOR 224021.316714 Exch 40 exchange_run: exchange 0x3c065800 finished step 1, advancing... 224021.366876 Exch 40 exchange_run: exchange 0x3c065800 finished step 2, advancing... 224021.367478 Trpt 30 transport_send_messages: message 0x3c069380 scheduled for retransmission 1 in 7 secs 224021.367887 Timr 10 timer_add_event: event message_send_expire(0x3c069380) added before connection_checker(0x3c1e8b90), expiration in 7s 224021.524084 Mesg 20 message_free: freeing 0x3c069380 224021.524457 Timr 10 timer_remove_event: removing event message_send_expire(0x3c069380) 224021.524935 Exch 10 nat_t_exchange_check_nat_d: NAT detected, we're behind it 224021.582680 Cryp 40 crypto_init: key: 224021.583088 Cryp 40 f6e8ad6d ded01cb5 2da06c6f 4f1d0d03 0a9cc235 d383cee5 224021.583528 Mesg 20 message_free: freeing 0x3c069600 224021.583914 Exch 40 exchange_run: exchange 0x3c065800 finished step 3, advancing... 224021.584349 Negt 40 ike_phase_1_send_ID: IPV4_ADDR: 224021.584724 Negt 40 c0a82965 224021.585191 Cryp 10 crypto_encrypt: before encryption: 224021.585598 Cryp 10 0800000c 01000000 c0a82965 00000018 19c596ac a71aa11d 564286ad 7e5eb6db 224021.585998 Cryp 10 ea13fabd 00000000 224021.586389 Cryp 30 crypto_encrypt: after encryption: 224021.586811 Cryp 30 a6cf553a 5dbb8ac0 0a8f0791 cb91464c 0b7f969a e88ccdc3 a822f3fd 3a33b968 224021.587209 Cryp 30 895010ea 3fadd1d6 224021.587760 Exch 40 exchange_run: exchange 0x3c065800 finished step 4, advancing... 224021.588202 Mesg 10 virtual_send_message: enabling NAT-T encapsulation for this exchange 224021.588707 Trpt 30 transport_send_messages: message 0x3c069600 scheduled for retransmission 1 in 7 secs 224021.589132 Timr 10 timer_add_event: event message_send_expire(0x3c069600) added before connection_checker(0x3c1e8b90), expiration in 7s 224028.536642 Mesg 20 message_free: freeing 0x3c069680 224028.600030 Timr 10 timer_handle_expirations: event message_send_expire(0x3c069600) 224028.600756 Trpt 30 transport_send_messages: message 0x3c069600 scheduled for retransmission 2 in 9 secs 224028.601166 Timr 10 timer_add_event: event message_send_expire(0x3c069600) added before connection_checker(0x3c1e8b90), expiration in 9s 224037.555598 Mesg 20 message_free: freeing 0x3c069680 224037.610029 Timr 10 timer_handle_expirations: event message_send_expire(0x3c069600) 224037.610752 Trpt 30 transport_send_messages: message 0x3c069600 scheduled for retransmission 3 in 11 secs 224037.611163 Timr 10 timer_add_event: event message_send_expire(0x3c069600) added before connection_checker(0x3c1e8b90), expiration in 11s 224048.568769 Mesg 20 message_free: freeing 0x3c069680 224048.620029 Timr 10 timer_handle_expirations: event message_send_expire(0x3c069600) 224048.620745 Default transport_send_messages: giving up on message 0x3c069600, exchange peer-machineB 224048.621140 Default transport_send_messages: either this message did not reach the other peer 224048.621524 Default transport_send_messages: or the responsemessage did not reach us back 224048.621895 Mesg 20 message_free: freeing 0x3c069600 224114.190039 Timr 10 timer_handle_expirations: event connection_checker(0x3c1e8b90) 224114.190479 Timr 10 timer_add_event: event connection_checker(0x3c1e8b90) added last, expiration in 60s 224114.190942 Exch 40 exchange_establish: peer-machineB exchange already exists as 0x3c065800 ^C224136.139435 Default isakmpd: shutting down... 224136.139541 Default isakmpd: exit
