Hi,
I'm trying to establish an IPSec tunnel between an OpenBSD 5.5 (amd64)
box and a Cisco 2901, the whole day, but doesn't seem to
get it to work. I think I have something wrong with the
crypto transforms for phase two, since this NO_PROPOSAL_CHOSEN
I get in the logs, which I think is in phase two.
Network looks similar to this one:
Host behind OBSD (192.168.13.12/24)
|
|
OBSD (XXX.191.219.14)
|
|
Internet
|
|
NAT FW (XXX.217.33.11)
|
|
Internal Network
|
|
Cisco 2901 (192.168.14.126)
|
|
Host behind Cisco (192.168.13.19/24)
Yes, they have both the same network behind each VPN Endpoints.
Something, more or less the same we have up and running between
two Cisco 2901.
OpenBSD configuration:
rem_gw="XXX.217.33.11"
bb_gw="XXX.191.219.14"
ike active esp from { 192.168.13.12 } to { 192.168.13.19 } \
local $bb_gw peer $rem_gw \
main auth hmac-sha1 enc aes-128 group modp1024 \
quick auth hmac-md5 enc 3des group none \
psk "SuperTopSecret"
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
crypto isakmp key SuperTopSecret address XXX.191.219.14 no-xauth
crypto isakmp keepalive 30 5
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map TO_BB 1 ipsec-isakmp
set peer XXX.191.219.14
set transform-set ESP-3DES-MD5
match address 101
interface GigabitEthernet0/1
description outside-interface
ip address 192.168.14.126 255.255.255.0
duplex auto
speed auto
crypto map TO_BB
access-list 101 permit ip host 192.168.13.12 host 192.168.13.19
I think from the logs, see below, Phase one gets established, but then
it runs into trouble with Phase 2, at least how I would interpret the logs:
On the Cisco, status looks like:
# show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
192.168.14.126 XXX.191.219.14 QM_IDLE 1442 ACTIVE
IPv6 Crypto ISAKMP SA
#show crypto ipsec sa
interface: GigabitEthernet0/1
Crypto map tag: TO_BBN, local addr 192.168.14.126
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.13.12/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (192.168.13.19/255.255.255.255/0/0)
current_peer XXX.191.219.14 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.14.126, remote crypto endpt.: XXX.191.219.14
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/1
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:
On the OpenBSD box it looks like:
ipsecctl -s all
FLOWS:
No flows
SAD:
No entries
isakmpd with isakmpd -d -D A=75 -K,
after loading the configuration, trying to connect to the remote
endpoint:
171646.650413 Timr 10 timer_handle_expirations: event ui_conn_reinit(0x0)
171646.650515 Misc 30 connection_reinit: reinitializing connection list
171646.650592 Timr 10 timer_add_event: event connection_checker(0x20f87dac0)
added last, expiration in 0s
171646.650722 Misc 60 connection_record_passive: passive connection
"from-192.168.13.12-to-192.168.13.19" added
171646.650811 Timr 10 timer_handle_expirations: event
connection_checker(0x20f87dac0)
171646.650884 Timr 10 timer_add_event: event connection_checker(0x20f87dac0)
added last, expiration in 60s
171646.650943 Sdep 70 pf_key_v2_connection_check: SA for
from-192.168.13.12-to-192.168.13.19 missing
171646.651021 Trpt 70 transport_setup: added 0x2018f7680 to transport list
171646.651092 Trpt 70 transport_setup: added 0x2018f7280 to transport list
171646.651150 Trpt 70 transport_setup: virtual transport 0x2018f7b00
171646.651227 Timr 10 timer_add_event: event exchange_free_aux(0x2018f6e00)
added last, expiration in 120s
171646.651288 Cryp 60 hash_get: requested algorithm 1
171646.651356 Exch 10 exchange_establish_p1: 0x2018f6e00
peer-XXX.217.33.11-local-XXX.191.219.14
phase1-peer-XXX.217.33.11-local-XXX.191.219.14 policy initiator phase 1 doi 1
exchange 2 step 0
171646.651429 Exch 10 exchange_establish_p1: icookie 7128cf36d74c89f1 rcookie
0000000000000000
171646.651492 Exch 10 exchange_establish_p1: msgid 00000000
171646.651554 SA 70 sa_enter: SA 0x2018f6800 added to SA list
171646.651606 SA 60 sa_create: sa 0x2018f6800 phase 1 added to exchange
0x2018f6e00 (peer-XXX.217.33.11-local-XXX.191.219.14)
171646.651704 Misc 70 attribute_set_constant: no PRF in the
phase1-transform-peer-XXX.217.33.11-local-XXX.191.219.14-PRE_SHARED-SHA-AES128-MODP_1024
section
171646.651773 Cryp 60 hash_get: requested algorithm 1
171646.651839 Mesg 70 message_send: message 0x2018f4400
171646.651901 Mesg 70 ICOOKIE: 7128cf36d74c89f1
171646.651960 Mesg 70 RCOOKIE: 0000000000000000
171646.652011 Mesg 70 NEXT_PAYLOAD: SA
171646.652068 Mesg 70 VERSION: 16
171646.652120 Mesg 70 EXCH_TYPE: ID_PROT
171646.652183 Mesg 70 FLAGS: [ ]
171646.652240 Mesg 70 MESSAGE_ID: 00000000
171646.652294 Mesg 70 LENGTH: 184
171646.652370 Mesg 70 message_send: 7128cf36 d74c89f1 00000000 00000000
01100200 00000000 000000b8 0d000038
171646.652449 Mesg 70 message_send: 00000001 00000001 0000002c 01010001
00000024 00010000 80010007 80020002
171646.652519 Mesg 70 message_send: 80030001 80040002 800b0001 800c7080
800e0080 0d000014 b8f26eaa 4cbf1b9a
171646.652595 Mesg 70 message_send: 150a3f12 dd64d183 0d000014 90cb8091
3ebb696e 086381b5 ec427b1f 0d000014
171646.652681 Mesg 70 message_send: 7d9419a6 5310ca6f 2c179d92 15529d56
0d000014 4a131c81 07035845 5c5728f2
171646.652754 Mesg 70 message_send: 0e95452f 00000014 afcad713 68a1f1c9
6b8696fc 77570100
171646.652827 Exch 40 exchange_run: exchange 0x2018f6e00 finished step 0,
advancing...
171646.652926 Trpt 30 transport_send_messages: message 0x2018f4400 scheduled
for retransmission 1 in 7 secs
171646.652991 Timr 10 timer_add_event: event message_send_expire(0x2018f4400)
added before connection_checker(0x20f87dac0), expiration in 7s
171646.812229 Trpt 70 transport_setup: added 0x2018f7700 to transport list
171646.812354 Trpt 70 transport_setup: added 0x2018f7b80 to transport list
171646.812423 Trpt 50 virtual_clone: old 0x2018f7e80 new 0x2018f7600 (main is
0x2018f7700)
171646.812483 Trpt 70 transport_setup: virtual transport 0x2018f7600
171646.812559 Mesg 70 message_recv: message 0x2018f4d00
171646.812623 Mesg 70 ICOOKIE: 7128cf36d74c89f1
171646.812688 Mesg 70 RCOOKIE: 07fbb815905b1538
171646.812746 Mesg 70 NEXT_PAYLOAD: SA
171646.812800 Mesg 70 VERSION: 16
171646.812853 Mesg 70 EXCH_TYPE: ID_PROT
171646.812904 Mesg 70 FLAGS: [ ]
171646.812957 Mesg 70 MESSAGE_ID: 00000000
171646.813007 Mesg 70 LENGTH: 104
171646.813070 Mesg 70 message_recv: 7128cf36 d74c89f1 07fbb815 905b1538
01100200 00000000 00000068 0d000038
171646.813134 Mesg 70 message_recv: 00000001 00000001 0000002c 01010001
00000024 01010000 80010007 800e0080
171646.813194 Mesg 70 message_recv: 80020002 80040002 80030001 800b0001
800c7080 00000014 4a131c81 07035845
171646.813251 Mesg 70 message_recv: 5c5728f2 0e95452f
171646.813309 SA 70 sa_remove: SA 0x2018f6800 removed from SA list
171646.813382 SA 70 sa_enter: SA 0x2018f6800 added to SA list
171646.813437 Mesg 20 message_free: freeing 0x2018f4400
171646.813489 Timr 10 timer_remove_event: removing event
message_send_expire(0x2018f4400)
171646.813548 Trpt 70 transport_release: freeing 0x2018f7b00
171646.813604 Mesg 50 message_parse_payloads: offset 28 payload SA
171646.813660 Mesg 50 message_parse_payloads: offset 84 payload VENDOR
171646.813716 Mesg 60 message_validate_payloads: payload SA at 0x2018f791c of
message 0x2018f4d00
171646.813910 Mesg 70 DOI: 1
171646.813972 Mesg 70 SIT:
171646.814030 Mesg 50 message_parse_payloads: offset 40 payload PROPOSAL
171646.814091 Mesg 50 message_parse_payloads: offset 48 payload TRANSFORM
171646.814146 Mesg 50 Transform 1's attributes
171646.814203 Mesg 50 Attribute ENCRYPTION_ALGORITHM value 7
171646.814258 Mesg 50 Attribute KEY_LENGTH value 128
171646.814308 Mesg 50 Attribute HASH_ALGORITHM value 2
171646.814411 Mesg 50 Attribute GROUP_DESCRIPTION value 2
171646.814476 Mesg 50 Attribute AUTHENTICATION_METHOD value 1
171646.814532 Mesg 50 Attribute LIFE_TYPE value 1
171646.814586 Mesg 50 Attribute LIFE_DURATION value 28800
171646.814641 Mesg 60 message_validate_payloads: payload PROPOSAL at
0x2018f7928 of message 0x2018f4d00
171646.814700 Mesg 70 NO: 1
171646.814752 Mesg 70 PROTO: ISAKMP
171646.814808 Mesg 70 SPI_SZ: 0
171646.814862 Mesg 70 NTRANSFORMS: 1
171646.814916 Mesg 70 SPI:
171646.814969 Mesg 60 message_validate_payloads: payload TRANSFORM at
0x2018f7930 of message 0x2018f4d00
171646.815028 Mesg 70 NO: 1
171646.815079 Mesg 70 ID: 1
171646.815132 Mesg 70 SA_ATTRS:
171646.815186 Mesg 60 message_validate_payloads: payload VENDOR at 0x2018f7954
of message 0x2018f4d00
171646.815241 Mesg 70 ID:
171646.815295 Exch 10 nat_t_check_vendor_payload: NAT-T capable peer detected
171646.815396 Cryp 60 hash_get: requested algorithm 1
171646.815459 Negt 30 message_negotiate_sa: transform 1 proto 1 proposal 1 ok
171646.815590 Negt 20 ike_phase_1_validate_prop: success
171646.815657 Negt 30 message_negotiate_sa: proposal 1 succeeded
171646.815717 Misc 20 ipsec_decode_transform: transform 1 chosen
171646.815936 Cryp 60 hash_get: requested algorithm 1
171646.816032 Exch 40 exchange_run: exchange 0x2018f6e00 finished step 1,
advancing...
171646.817406 Cryp 60 hash_get: requested algorithm 1
171646.817473 Cryp 60 hash_get: requested algorithm 1
171646.817529 Mesg 70 message_send: message 0x2018f4400
171646.817584 Mesg 70 ICOOKIE: 7128cf36d74c89f1
171646.817638 Mesg 70 RCOOKIE: 07fbb815905b1538
171646.817688 Mesg 70 NEXT_PAYLOAD: KEY_EXCH
171646.817742 Mesg 70 VERSION: 16
171646.817793 Mesg 70 EXCH_TYPE: ID_PROT
171646.817849 Mesg 70 FLAGS: [ ]
171646.817901 Mesg 70 MESSAGE_ID: 00000000
171646.817952 Mesg 70 LENGTH: 228
171646.818009 Mesg 70 message_send: 7128cf36 d74c89f1 07fbb815 905b1538
04100200 00000000 000000e4 0a000084
171646.818068 Mesg 70 message_send: d5f5af00 77d9eda0 2f21a2ef bbeed95b
c561557d 1eaa171a 99cc256d df1e757b
171646.818149 Mesg 70 message_send: 4a82dbff 211ede92 5735151c cefc9249
29a5b280 1e428533 09b5335e f49c9825
171646.818220 Mesg 70 message_send: 00587e14 0c0dce89 e8f3c0f8 0767aaef
62c5b9cd cb21674b 8f950264 7a36af34
171646.818294 Mesg 70 message_send: f2b257f1 2397d473 49d18198 bed45a0e
c132b529 599d01f1 494a3138 43ecce46
171646.818407 Mesg 70 message_send: 14000014 f9cde51a 99ca1f15 b5fab297
8b9df6f9 14000018 e6157a6a 6d5ebb67
171646.818482 Mesg 70 message_send: 874c3d8b 436d8813 9b654686 00000018
e5d98cd1 adba5d7a cbd8632b ef30233a
171646.818560 Mesg 70 message_send: 54c3c385
171646.818617 Exch 40 exchange_run: exchange 0x2018f6e00 finished step 2,
advancing...
171646.818709 Trpt 30 transport_send_messages: message 0x2018f4400 scheduled
for retransmission 1 in 7 secs
171646.818762 Timr 10 timer_add_event: event message_send_expire(0x2018f4400)
added before connection_checker(0x20f87dac0), expiration in 7s
171647.004706 Trpt 70 transport_setup: added 0x20e51fa80 to transport list
171647.004817 Trpt 70 transport_setup: added 0x20e51fe80 to transport list
171647.004875 Trpt 50 virtual_clone: old 0x2018f7e80 new 0x2018f7b00 (main is
0x20e51fa80)
171647.004933 Trpt 70 transport_setup: virtual transport 0x2018f7b00
171647.004992 Mesg 70 message_recv: message 0x2018f4f00
171647.005049 Mesg 70 ICOOKIE: 7128cf36d74c89f1
171647.005104 Mesg 70 RCOOKIE: 07fbb815905b1538
171647.005151 Mesg 70 NEXT_PAYLOAD: KEY_EXCH
171647.005198 Mesg 70 VERSION: 16
171647.005254 Mesg 70 EXCH_TYPE: ID_PROT
171647.005304 Mesg 70 FLAGS: [ ]
171647.005364 Mesg 70 MESSAGE_ID: 00000000
171647.005457 Mesg 70 LENGTH: 304
171647.005522 Mesg 70 message_recv: 7128cf36 d74c89f1 07fbb815 905b1538
04100200 00000000 00000130 0a000084
171647.005590 Mesg 70 message_recv: f9a3db0b 57711a99 f7b2802f 49161a63
8623674c 01bd85b9 b2de5920 8b6ad201
171647.005667 Mesg 70 message_recv: 30dd0a40 9647c944 5d30259a c777c968
1e1ea968 7c8c30c9 72089f99 a541d205
171647.005752 Mesg 70 message_recv: 5e141152 0c818af1 723005dd 8ad0dad1
b0248866 5e001270 5c5882d2 702e266a
171647.005830 Mesg 70 message_recv: 89031b8c e51186a6 fbf97e4e 05f6ed58
b71f240c 342c407d 72fd54b6 bd172b74
171647.005904 Mesg 70 message_recv: 0d000018 8f4c5561 8488b976 2090a1de
2a5fdaf5 6ca1dcf0 0d000014 12f5f28c
171647.005976 Mesg 70 message_recv: 457168a9 702d9fe2 74cc0100 0d000014
afcad713 68a1f1c9 6b8696fc 77570100
171647.006116 Mesg 70 message_recv: 0d000014 f23c1f08 905a1538 84816589
320a0a99 1400000c 09002689 dfd6b712
171647.006205 Mesg 70 message_recv: 14000018 e5d98cd1 adba5d7a cbd8632b
ef30233a 54c3c385 00000018 0b3ebfe7
171647.006272 Mesg 70 message_recv: 99960384 0d99b682 811409dc 377fe1bb
171647.006332 Mesg 20 message_free: freeing 0x2018f4400
171647.006443 Timr 10 timer_remove_event: removing event
message_send_expire(0x2018f4400)
171647.006499 Mesg 50 message_parse_payloads: offset 28 payload KEY_EXCH
171647.006547 Mesg 50 message_parse_payloads: offset 160 payload NONCE
171647.006598 Mesg 50 message_parse_payloads: offset 184 payload VENDOR
171647.006658 Mesg 50 message_parse_payloads: offset 204 payload VENDOR
171647.006711 Mesg 50 message_parse_payloads: offset 224 payload VENDOR
171647.006764 Mesg 50 message_parse_payloads: offset 244 payload VENDOR
171647.006815 Mesg 50 message_parse_payloads: offset 256 payload NAT_D
171647.006869 Mesg 50 message_parse_payloads: offset 280 payload NAT_D
171647.006935 Mesg 60 message_validate_payloads: payload KEY_EXCH at
0x2018f6a1c of message 0x2018f4f00
171647.006993 Mesg 70 DATA:
171647.007046 Mesg 60 message_validate_payloads: payload NONCE at 0x2018f6aa0
of message 0x2018f4f00
171647.007102 Mesg 70 DATA:
171647.007152 Mesg 60 message_validate_payloads: payload VENDOR at 0x2018f6ab8
of message 0x2018f4f00
171647.007206 Mesg 70 ID:
171647.007261 Mesg 60 message_validate_payloads: payload VENDOR at 0x2018f6acc
of message 0x2018f4f00
171647.007319 Mesg 70 ID:
171647.007394 Exch 10 dpd_check_vendor_payload: DPD capable peer detected
171647.007453 Mesg 60 message_validate_payloads: payload VENDOR at 0x2018f6ae0
of message 0x2018f4f00
171647.007501 Mesg 70 ID:
171647.007545 Mesg 60 message_validate_payloads: payload VENDOR at 0x2018f6af4
of message 0x2018f4f00
171647.007591 Mesg 70 ID:
171647.007642 Mesg 60 message_validate_payloads: payload NAT_D at 0x2018f6b00
of message 0x2018f4f00
171647.007696 Mesg 70 DATA:
171647.007745 Mesg 60 message_validate_payloads: payload NAT_D at 0x2018f6b18
of message 0x2018f4f00
171647.007797 Mesg 70 DATA:
171647.007851 Cryp 60 hash_get: requested algorithm 1
171647.007906 Cryp 60 hash_get: requested algorithm 1
171647.007958 Exch 10 nat_t_exchange_check_nat_d: NAT detected
171647.008995 Cryp 60 hash_get: requested algorithm 1
171647.009060 Cryp 60 hash_get: requested algorithm 1
171647.009125 Cryp 40 crypto_init: key:
171647.009188 Cryp 40 e769334f 46e6706e e7fb92e0 908b769a
171647.009255 Cryp 50 crypto_init_iv: initialized IV:
171647.009312 Cryp 50 d3965831 044d33f1 138f90d5 08f272a9
171647.009388 Mesg 20 message_free: freeing 0x2018f4d00
171647.009447 Trpt 70 transport_release: freeing 0x2018f7600
171647.009497 Exch 40 exchange_run: exchange 0x2018f6e00 finished step 3,
advancing...
171647.009578 Negt 40 ike_phase_1_send_ID: IPV4_ADDR:
171647.009637 Negt 40 ccbfdb0e
171647.009702 Cryp 60 hash_get: requested algorithm 1
171647.009763 Cryp 70 crypto_encrypt: before encryption:
171647.009829 Cryp 70 0800000c 01000000 ccbfdb0e 0b000018 29bfb911 51a68658
cd6d8daa 153abda1
171647.009904 Cryp 70 9c1c4ecc 0000001c 00000001 01106002 7128cf36 d74c89f1
07fbb815 905b1538
171647.009972 Cryp 70 crypto_encrypt: after encryption:
171647.010035 Cryp 70 915ce7cb d297afed 8b3205f2 5ecd158b 9ec08ffc 8fb815e5
ddacb820 e67dd33a
171647.010109 Cryp 70 97fb99ed 8aa2a401 058ccc7b 5b663667 4a06d978 f183e058
8c69aca4 6a7d17dc
171647.010169 Cryp 50 crypto_update_iv: updated IV:
171647.010227 Cryp 50 4a06d978 f183e058 8c69aca4 6a7d17dc
171647.010286 Mesg 70 message_send: message 0x2018f4300
171647.010344 Mesg 70 ICOOKIE: 7128cf36d74c89f1
171647.010418 Mesg 70 RCOOKIE: 07fbb815905b1538
171647.010472 Mesg 70 NEXT_PAYLOAD: ID
171647.010526 Mesg 70 VERSION: 16
171647.010577 Mesg 70 EXCH_TYPE: ID_PROT
171647.010624 Mesg 70 FLAGS: [ ENC ]
171647.010671 Mesg 70 MESSAGE_ID: 00000000
171647.010724 Mesg 70 LENGTH: 92
171647.010788 Mesg 70 message_send: 7128cf36 d74c89f1 07fbb815 905b1538
05100201 00000000 0000005c 915ce7cb
171647.010856 Mesg 70 message_send: d297afed 8b3205f2 5ecd158b 9ec08ffc
8fb815e5 ddacb820 e67dd33a 97fb99ed
171647.010919 Mesg 70 message_send: 8aa2a401 058ccc7b 5b663667 4a06d978
f183e058 8c69aca4 6a7d17dc
171647.010973 Exch 40 exchange_run: exchange 0x2018f6e00 finished step 4,
advancing...
171647.011029 Mesg 10 virtual_send_message: enabling NAT-T encapsulation for
this exchange
171647.011118 Trpt 30 transport_send_messages: message 0x2018f4300 scheduled
for retransmission 1 in 7 secs
171647.011178 Timr 10 timer_add_event: event message_send_expire(0x2018f4300)
added before connection_checker(0x20f87dac0), expiration in 7s
171647.169869 Trpt 70 transport_setup: added 0x2018f7b80 to transport list
171647.169982 Trpt 70 transport_setup: added 0x2018f7100 to transport list
171647.170042 Trpt 50 virtual_clone: old 0x2018f7e80 new 0x2018f7a80 (main is
0x2018f7b80)
171647.170111 Trpt 70 transport_setup: virtual transport 0x2018f7a80
171647.170219 Mesg 70 message_recv: message 0x2018f4900
171647.170285 Mesg 70 ICOOKIE: 7128cf36d74c89f1
171647.170342 Mesg 70 RCOOKIE: 07fbb815905b1538
171647.170411 Mesg 70 NEXT_PAYLOAD: ID
171647.170463 Mesg 70 VERSION: 16
171647.170520 Mesg 70 EXCH_TYPE: ID_PROT
171647.170574 Mesg 70 FLAGS: [ ENC ]
171647.170627 Mesg 70 MESSAGE_ID: 00000000
171647.170679 Mesg 70 LENGTH: 76
171647.170743 Mesg 70 message_recv: 7128cf36 d74c89f1 07fbb815 905b1538
05100201 00000000 0000004c 2aafdc49
171647.170811 Mesg 70 message_recv: 7dc6a262 d5891e2a a326d422 07750f1f
aeee7aa6 70f7947f 07f4bcf2 a81a4903
171647.170885 Mesg 70 message_recv: df0f5534 55df752e 6ae3c3f0
171647.170945 Mesg 20 message_free: freeing 0x2018f4300
171647.170998 Timr 10 timer_remove_event: removing event
message_send_expire(0x2018f4300)
171647.171071 Cryp 70 crypto_decrypt: before decryption:
171647.171142 Cryp 70 2aafdc49 7dc6a262 d5891e2a a326d422 07750f1f aeee7aa6
70f7947f 07f4bcf2
171647.171202 Cryp 70 a81a4903 df0f5534 55df752e 6ae3c3f0
171647.171255 Cryp 70 crypto_decrypt: after decryption:
171647.171318 Cryp 70 0800000c 01110000 c0a80e7e 00000018 d56f0de1 65779c63
04d4ff29 8b863817
171647.171400 Cryp 70 b2639dc9 00000000 00000000 00000000
171647.171463 Mesg 50 message_parse_payloads: offset 28 payload ID
171647.171519 Mesg 50 message_parse_payloads: offset 40 payload HASH
171647.171568 Mesg 60 message_validate_payloads: payload ID at 0x2018f729c of
message 0x2018f4900
171647.171621 Mesg 70 TYPE: 1
171647.171683 Mesg 70 DOI_DATA: 110000
171647.171739 Mesg 70 DATA:
171647.171804 Mesg 40 ipsec_validate_id_information: proto 17 port 0 type 1
171647.171871 Mesg 40 ipsec_validate_id_information: IPv4:
171647.171940 Mesg 40 c0a80e7e
171647.172000 Default ipsec_validate_id_information: dubious ID information
accepted
171647.172058 Mesg 60 message_validate_payloads: payload HASH at 0x2018f72a8 of
message 0x2018f4900
171647.172113 Mesg 70 DATA:
171647.172188 Negt 40 ike_phase_1_recv_ID: IPV4_ADDR:
171647.172245 Negt 40 c0a80e7e
171647.172298 Cryp 60 hash_get: requested algorithm 1
171647.172375 Mesg 20 message_free: freeing 0x2018f4f00
171647.172442 Trpt 70 transport_release: freeing 0x2018f7b00
171647.172499 Cryp 50 crypto_update_iv: updated IV:
171647.172566 Cryp 50 a81a4903 df0f5534 55df752e 6ae3c3f0
171647.172620 Exch 10 exchange_finalize: 0x2018f6e00
peer-XXX.217.33.11-local-XXX.191.219.14
phase1-peer-XXX.217.33.11-local-XXX.191.219.14 policy initiator phase 1 doi 1
exchange 2 step 5
171647.172692 Exch 10 exchange_finalize: icookie 7128cf36d74c89f1 rcookie
07fbb815905b1538
171647.172738 Exch 10 exchange_finalize: msgid 00000000
171647.172814 Exch 10 exchange_finalize: phase 1 done: initiator id
XXX.191.219.14, responder id 192.168.14.126, src: XXX.191.219.14 dst:
XXX.217.33.11
171647.172890 Timr 10 timer_add_event: event sa_soft_expire(0x2018f6800) added
last, expiration in 26467s
171647.172964 Timr 10 timer_add_event: event sa_hard_expire(0x2018f6800) added
last, expiration in 28800s
171647.173033 Exch 20 exchange_establish_finalize: finalizing exchange
0x2018f6e00 with arg 0x2065e92c0 (from-192.168.13.12-to-192.168.13.19) & fail = 0
171647.173177 Timr 10 timer_add_event: event exchange_free_aux(0x2018f6a00)
added before sa_soft_expire(0x2018f6800), expiration in 120s
171647.173255 Exch 10 exchange_establish_p2: 0x2018f6a00
from-192.168.13.12-to-192.168.13.19 phase2-from-192.168.13.12-to-192.168.13.19
policy initiator phase 2 doi 1 exchange 32 step 0
171647.173317 Exch 10 exchange_establish_p2: icookie 7128cf36d74c89f1 rcookie
07fbb815905b1538
171647.173385 Exch 10 exchange_establish_p2: msgid fb44b61c sa_list
171647.173448 SA 70 sa_enter: SA 0x2018f6c00 added to SA list
171647.173502 SA 60 sa_create: sa 0x2018f6c00 phase 2 added to exchange
0x2018f6a00 (from-192.168.13.12-to-192.168.13.19)
171647.173566 Cryp 60 hash_get: requested algorithm 1
171647.173654 Misc 70 attribute_set_constant: no GROUP_DESCRIPTION in the
phase2-transform-from-192.168.13.12-to-192.168.13.19-3DES-MD5-NONE-TUNNEL
section
171647.173748 Sdep 50 pf_key_v2_get_spi: spi:
171647.173811 Sdep 50 ec3a5382
171647.173951 Cryp 60 hash_get: requested algorithm 1
171647.174009 Cryp 60 hash_get: requested algorithm 1
171647.174079 Cryp 60 hash_get: requested algorithm 1
171647.174126 Cryp 50 crypto_init_iv: initialized IV:
171647.174182 Cryp 50 917d9792 3a37d1b7 a6c62950 1bc6a3b6
171647.174242 Cryp 70 crypto_encrypt: before encryption:
171647.174305 Cryp 70 01000018 7b73dd19 936a127e 74b9851b 8543a098 70a24790
0a000030 00000001
171647.174389 Cryp 70 00000001 00000024 01030401 ec3a5382 00000018 01030000
80010001 800204b0
171647.174467 Cryp 70 80040001 80050001 05000014 8039669f 38226adc 6baa7dc0
9ccc0c85 0500000c
171647.174545 Cryp 70 01000000 c0a80d0c 0000000c 01000000 c0a80d13 00000000
00000000 00000000
171647.174606 Cryp 70 crypto_encrypt: after encryption:
171647.174670 Cryp 70 20fd001b 43503cc7 4b7a6fef 8f204177 1f56dfbf fb1d185f
a3135510 c1e26257
171647.174746 Cryp 70 df3d514e e3f4060e 4136110d 8892085a 98fc7ae8 477c115d
0138ea60 03ebdbb8
171647.174835 Cryp 70 9d01ea5c 220a5ed4 a5ae56d2 6756f1a0 c682619f 6ce7797d
13cbba30 35ab544e
171647.174908 Cryp 70 ce6ec27e af886757 a89f407b ddcb2430 0b499a5e 97394622
7e8bc53f 5e3d38af
171647.174971 Cryp 50 crypto_update_iv: updated IV:
171647.175028 Cryp 50 0b499a5e 97394622 7e8bc53f 5e3d38af
171647.175080 Mesg 70 message_send: message 0x2018f4f00
171647.175138 Mesg 70 ICOOKIE: 7128cf36d74c89f1
171647.175193 Mesg 70 RCOOKIE: 07fbb815905b1538
171647.175239 Mesg 70 NEXT_PAYLOAD: HASH
171647.175285 Mesg 70 VERSION: 16
171647.175338 Mesg 70 EXCH_TYPE: QUICK_MODE
171647.175408 Mesg 70 FLAGS: [ ENC ]
171647.175479 Mesg 70 MESSAGE_ID: fb44b61c
171647.175538 Mesg 70 LENGTH: 156
171647.175604 Mesg 70 message_send: 7128cf36 d74c89f1 07fbb815 905b1538
08102001 fb44b61c 0000009c 20fd001b
171647.175679 Mesg 70 message_send: 43503cc7 4b7a6fef 8f204177 1f56dfbf
fb1d185f a3135510 c1e26257 df3d514e
171647.175748 Mesg 70 message_send: e3f4060e 4136110d 8892085a 98fc7ae8
477c115d 0138ea60 03ebdbb8 9d01ea5c
171647.175813 Mesg 70 message_send: 220a5ed4 a5ae56d2 6756f1a0 c682619f
6ce7797d 13cbba30 35ab544e ce6ec27e
171647.175878 Mesg 70 message_send: af886757 a89f407b ddcb2430 0b499a5e
97394622 7e8bc53f 5e3d38af
171647.175932 Exch 40 exchange_run: exchange 0x2018f6a00 finished step 0,
advancing...
171647.175992 Timr 10 timer_remove_event: removing event
exchange_free_aux(0x2018f6e00)
171647.176048 Mesg 20 message_free: freeing 0x2018f4900
171647.176113 Mesg 10 virtual_send_message: enabling NAT-T encapsulation for
this exchange
171647.176190 Trpt 30 transport_send_messages: message 0x2018f4f00 scheduled
for retransmission 1 in 7 secs
171647.176250 Timr 10 timer_add_event: event message_send_expire(0x2018f4f00)
added before connection_checker(0x20f87dac0), expiration in 7s
171647.334727 Trpt 70 transport_setup: added 0x2018f7280 to transport list
171647.334876 Trpt 70 transport_setup: added 0x2018f7f80 to transport list
171647.334951 Trpt 50 virtual_clone: old 0x2018f7e80 new 0x2018f7980 (main is
0x2018f7280)
171647.335020 Trpt 70 transport_setup: virtual transport 0x2018f7980
171647.335088 Mesg 70 message_recv: message 0x2018f4600
171647.335146 Mesg 70 ICOOKIE: 7128cf36d74c89f1
171647.335203 Mesg 70 RCOOKIE: 07fbb815905b1538
171647.335255 Mesg 70 NEXT_PAYLOAD: HASH
171647.335309 Mesg 70 VERSION: 16
171647.335418 Mesg 70 EXCH_TYPE: INFO
171647.335516 Mesg 70 FLAGS: [ ENC ]
171647.335573 Mesg 70 MESSAGE_ID: bdcc247d
171647.335629 Mesg 70 LENGTH: 92
171647.335698 Mesg 70 message_recv: 7128cf36 d74c89f1 07fbb815 905b1538
08100501 bdcc247d 0000005c 327b881c
171647.335783 Mesg 70 message_recv: 651d9303 59393f93 73d3321b 608544a5
d5e0d83c 474f659c 5f5e0a45 ebb62d0e
171647.335874 Mesg 70 message_recv: 272899c1 2707e5c5 76d57308 572f27ac
2c42c224 76c43ee8 8c01c271
171647.335980 Cryp 60 hash_get: requested algorithm 1
171647.336053 Cryp 50 crypto_init_iv: initialized IV:
171647.336111 Cryp 50 ff27c21d d25837cb fa771ead 8efd3b40
171647.336165 Cryp 70 crypto_decrypt: before decryption:
171647.336221 Cryp 70 327b881c 651d9303 59393f93 73d3321b 608544a5 d5e0d83c
474f659c 5f5e0a45
171647.336300 Cryp 70 ebb62d0e 272899c1 2707e5c5 76d57308 572f27ac 2c42c224
76c43ee8 8c01c271
171647.336370 Cryp 70 crypto_decrypt: after decryption:
171647.336495 Cryp 70 0b000018 17300e35 0885490c 548b1a9f 480fd5a7 d62ad011
0000001c 00000001
171647.336573 Cryp 70 0304000e ec3a5382 0a000030 00000001 00000001 00000000
00000000 00000000
171647.336629 Mesg 50 message_parse_payloads: offset 28 payload HASH
171647.336699 Mesg 50 message_parse_payloads: offset 52 payload NOTIFY
171647.336757 Mesg 60 message_validate_payloads: payload HASH at 0x2018f7b1c of
message 0x2018f4600
171647.336811 Mesg 70 DATA:
171647.336878 Cryp 60 hash_get: requested algorithm 1
171647.336929 Cryp 60 hash_get: requested algorithm 1
171647.336984 Mesg 60 message_validate_payloads: payload NOTIFY at 0x2018f7b34
of message 0x2018f4600
171647.337041 Mesg 70 DOI: IPSEC
171647.337096 Mesg 70 PROTO: <Unknown 3>
171647.337151 Mesg 70 SPI_SZ: 4
171647.337204 Mesg 70 MSG_TYPE: NO_PROPOSAL_CHOSEN
171647.337263 Mesg 70 SPI:
171647.337330 Timr 10 timer_add_event: event exchange_free_aux(0x2018f6e00)
added before sa_soft_expire(0x2018f6800), expiration in 120s
171647.337439 Exch 10 exchange_setup_p2: 0x2018f6e00 <unnamed> <no policy>
policy responder phase 2 doi 1 exchange 5 step 0
171647.337511 Exch 10 exchange_setup_p2: icookie 7128cf36d74c89f1 rcookie
07fbb815905b1538
171647.337565 Exch 10 exchange_setup_p2: msgid bdcc247d sa_list
171647.337633 Misc 30 ipsec_responder: phase 2 exchange 5 step 0
171647.337691 Exch 10 ipsec_responder: got NOTIFY of type NO_PROPOSAL_CHOSEN
171647.337749 Cryp 50 crypto_update_iv: updated IV:
171647.337806 Cryp 50 572f27ac 2c42c224 76c43ee8 8c01c271
171647.337858 Exch 10 exchange_finalize: 0x2018f6e00 <unnamed> <no policy>
policy responder phase 2 doi 1 exchange 5 step 0
171647.337909 Exch 10 exchange_finalize: icookie 7128cf36d74c89f1 rcookie
07fbb815905b1538
171647.337975 Exch 10 exchange_finalize: msgid bdcc247d sa_list
171647.338028 Timr 10 timer_remove_event: removing event
exchange_free_aux(0x2018f6e00)
171647.338080 Mesg 20 message_free: freeing 0x2018f4600
171647.338133 Trpt 70 transport_release: freeing 0x2018f7980
^C171651.582796 Default isakmpd: shutting down...
171651.582841 Timr 10 timer_add_event: event exchange_free_aux(0x2018f6000)
added before sa_soft_expire(0x2018f6800), expiration in 120s
171651.582849 Exch 10 exchange_establish_p2: 0x2018f6000 <unnamed> <no policy>
policy initiator phase 2 doi 1 exchange 5 step 0
171651.582854 Exch 10 exchange_establish_p2: icookie 7128cf36d74c89f1 rcookie
07fbb815905b1538
171651.582858 Exch 10 exchange_establish_p2: msgid b8380e7e sa_list
171651.582869 Cryp 60 hash_get: requested algorithm 1
171651.582876 Cryp 60 hash_get: requested algorithm 1
171651.582880 Cryp 60 hash_get: requested algorithm 1
171651.582893 Cryp 60 hash_get: requested algorithm 1
171651.582897 Cryp 50 crypto_init_iv: initialized IV:
171651.582907 Cryp 50 e9fbb460 920582d5 3f1693ee 50bbbbe3
171651.582911 Cryp 70 crypto_encrypt: before encryption:
171651.582967 Cryp 70 0c000018 4ce73102 c612da96 46b9306e 4f57b7df 1c635b3f
00000010 00000001
171651.582980 Cryp 70 03040001 ec3a5382 00000000 00000000
171651.582989 Cryp 70 crypto_encrypt: after encryption:
171651.583009 Cryp 70 8ef50474 a4b1c3b2 668c24a9 353d8711 07b71c18 6c449106
73b0894c 6e3ef257
171651.583019 Cryp 70 a7a92d29 8c825cda c08c5197 a83a0e8c
171651.583023 Cryp 50 crypto_update_iv: updated IV:
171651.583032 Cryp 50 a7a92d29 8c825cda c08c5197 a83a0e8c
171651.583036 Mesg 70 message_send: message 0x2018f4a00
171651.583043 Mesg 70 ICOOKIE: 7128cf36d74c89f1
171651.583050 Mesg 70 RCOOKIE: 07fbb815905b1538
171651.583054 Mesg 70 NEXT_PAYLOAD: HASH
171651.583059 Mesg 70 VERSION: 16
171651.583063 Mesg 70 EXCH_TYPE: INFO
171651.583068 Mesg 70 FLAGS: [ ENC ]
171651.583073 Mesg 70 MESSAGE_ID: b8380e7e
171651.583188 Mesg 70 LENGTH: 76
171651.583206 Mesg 70 message_send: 7128cf36 d74c89f1 07fbb815 905b1538
08100501 b8380e7e 0000004c 8ef50474
171651.583222 Mesg 70 message_send: a4b1c3b2 668c24a9 353d8711 07b71c18
6c449106 73b0894c 6e3ef257 a7a92d29
171651.583230 Mesg 70 message_send: 8c825cda c08c5197 a83a0e8c
171651.583235 Exch 40 exchange_run: exchange 0x2018f6000 finished step 0,
advancing...
171651.583239 SA 70 sa_remove: SA 0x2018f6c00 removed from SA list
171651.583252 Timr 10 timer_add_event: event exchange_free_aux(0x2018f6e00)
added before sa_soft_expire(0x2018f6800), expiration in 120s
171651.583257 Exch 10 exchange_establish_p2: 0x2018f6e00 <unnamed> <no policy>
policy initiator phase 2 doi 1 exchange 5 step 0
171651.583261 Exch 10 exchange_establish_p2: icookie 7128cf36d74c89f1 rcookie
07fbb815905b1538
171651.583392 Exch 10 exchange_establish_p2: msgid 4f9a4b11 sa_list
171651.583403 Cryp 60 hash_get: requested algorithm 1
171651.583409 Cryp 60 hash_get: requested algorithm 1
171651.583412 Cryp 60 hash_get: requested algorithm 1
171651.583439 Cryp 60 hash_get: requested algorithm 1
171651.583445 Cryp 50 crypto_init_iv: initialized IV:
171651.583454 Cryp 50 ce6e5ac7 bbc15e75 d410b0be d9f2ff7c
171651.583458 Cryp 70 crypto_encrypt: before encryption:
171651.583473 Cryp 70 0c000018 3f346523 9135caa5 f8bed113 035a459f 33a32a82
0000001c 00000001
171651.583489 Cryp 70 01100001 7128cf36 d74c89f1 07fbb815 905b1538 00000000
00000000 00000000
171651.583494 Cryp 70 crypto_encrypt: after encryption:
171651.583509 Cryp 70 1b0b093a d0667ccb 0682a33b fc64119d 8d4b1eb9 26f119e4
a7b52a08 92260275
171651.583524 Cryp 70 df3babdf 93b9edad bce4fa5b 3ed0d763 77a42158 8731f121
6f47894d f2f51dc1
171651.583618 Cryp 50 crypto_update_iv: updated IV:
171651.583630 Cryp 50 77a42158 8731f121 6f47894d f2f51dc1
171651.583634 Mesg 70 message_send: message 0x2018f4b00
171651.583641 Mesg 70 ICOOKIE: 7128cf36d74c89f1
171651.583648 Mesg 70 RCOOKIE: 07fbb815905b1538
171651.583653 Mesg 70 NEXT_PAYLOAD: HASH
171651.583660 Mesg 70 VERSION: 16
171651.583664 Mesg 70 EXCH_TYPE: INFO
171651.583668 Mesg 70 FLAGS: [ ENC ]
171651.583673 Mesg 70 MESSAGE_ID: 4f9a4b11
171651.583678 Mesg 70 LENGTH: 92
171651.583693 Mesg 70 message_send: 7128cf36 d74c89f1 07fbb815 905b1538
08100501 4f9a4b11 0000005c 1b0b093a
171651.583711 Mesg 70 message_send: d0667ccb 0682a33b fc64119d 8d4b1eb9
26f119e4 a7b52a08 92260275 df3babdf
171651.583731 Mesg 70 message_send: 93b9edad bce4fa5b 3ed0d763 77a42158
8731f121 6f47894d f2f51dc1
171651.583736 Exch 40 exchange_run: exchange 0x2018f6e00 finished step 0,
advancing...
171651.583845 Timr 10 timer_remove_event: removing event
sa_hard_expire(0x2018f6800)
171651.583851 Timr 10 timer_remove_event: removing event
sa_soft_expire(0x2018f6800)
171651.583855 SA 70 sa_remove: SA 0x2018f6800 removed from SA list
171651.583889 Exch 10 exchange_finalize: 0x2018f6000 <unnamed> <no policy>
policy initiator phase 2 doi 1 exchange 5 step 1
171651.583896 Exch 10 exchange_finalize: icookie 7128cf36d74c89f1 rcookie
07fbb815905b1538
171651.583900 Exch 10 exchange_finalize: msgid b8380e7e sa_list
171651.583905 Timr 10 timer_remove_event: removing event
exchange_free_aux(0x2018f6000)
171651.583910 Mesg 20 message_free: freeing 0x2018f4a00
171651.583929 Exch 10 exchange_finalize: 0x2018f6e00 <unnamed> <no policy>
policy initiator phase 2 doi 1 exchange 5 step 1
171651.583935 Exch 10 exchange_finalize: icookie 7128cf36d74c89f1 rcookie
07fbb815905b1538
171651.584032 Exch 10 exchange_finalize: msgid 4f9a4b11 sa_list
171651.584039 Timr 10 timer_remove_event: removing event
exchange_free_aux(0x2018f6e00)
171651.584045 Mesg 20 message_free: freeing 0x2018f4b00
171651.584051 Default isakmpd: exit
I'm open for any ideas, or any kinds of hints appreciated.
cheers,
Sebastian
