Появилась проблема при настройке VPN/IPSec с использованием IKE
Конфигурация:
10.0.2.108(Sun Host)-10.0.1.108(Sun Gateway)<->10.0.1.109(FreeBSD Gateway)-10.0.2.109(FreeBSD Host)Фаза 1 проходит нормально и шлюзы договариваются независимо от того, кто инициатор.
Проблемы начинаются во второй фазе.
1. Если FreeBSD является инициатором, то он шлет в качестве идентификаторов ID: 10.0.2.109 и 10.0.2.108, а Sun-GW возвращает ответ с другими идентификаторами(ид-ми шлюзов): 10.0.1.109 10.0.1.108. В результате, демон racoon (на FreeBSD-GW) не может договориться с in.iked (на Solaris-GW) и создать IPSec-SA между двумя шлюзами.2. Если же Sun-GW является инициатором, то он шлет proposals, включающие идентификаторы 0.0.0.0(src) и 0.0.0.0(dst). Но FreeBSD-GW сконфигурирован таким образом, что в его базе SPDB содержатся правила (proposals) только для туннеля с внутренними идентификаторами (inner id's): 10.0.2.109 и 10.0.2.108. В результате не может быть найдено подходящего proposal'а и фаза 2 обламывается.
Если сделать финт ушами и добавить proposals с 0.0.0.0(src) и 0.0.0.0(dst) через ESP-tunnel в SPD base на FreeBSD-GW, тогда вторая фаза пройдет нормально и создадутся IPSec-SA, причем если Solaris-GW - инициатор. Если же при этом инициатором будет FreeBSD-GW - опять ничего не получиться см п.1.<-------------Более детальная информация------------->
Конфиги для Solaris:
File -> ipsecinit.conf(IPSec политики):
{laddr 10.0.1.108 raddr 10.0.1.109} ipsec {encr_algs any encr_auth_algs any sa shared}
{laddr 10.0.1.109 raddr 10.0.1.108} ipsec {encr_algs any encr_auth_algs any sa shared}File -> ike.config(настройка демона in.iked):
## Phase 1 transform defaults...p1_lifetime_secs 30 # 14400
p1_nonce_len 16 #40
p2_nonce_len 16
#p2_lifetime_secs 30## Parameters that may also show uere is configs for Solaris:
File -> ipsecinit.conf:
{laddr 10.0.1.108 raddr 10.0.1.109} ipsec {encr_algs any encr_auth_algs any sa shared}
{laddr 10.0.1.109 raddr 10.0.1.108} ipsec {encr_algs any encr_auth_algs any sa shared}File -> ike.config:
## Phase 1 transform defaults...p1_lifetime_secs 30 # 14400
p1_nonce_len 16 #40
p2_nonce_len 16
#p2_lifetime_secs 30## Parameters that may also show up in rules.
p1_xform { auth_method preshared oakley_group 5 auth_alg md5 encr_alg 3des }
p2_pfs 1 # 2### Now some rules...
{
label "sun-ca_server"
local_id_type ipv4
local_addr 10.0.1.108
remote_addr 10.0.1.109p2_pfs 1
p1_xform
{auth_method preshared oakley_group 5 auth_alg md5 encr_alg 3des}
}File -> ike.preshared(общий preshared secret):
{ # sun-ca_server preshared
localidtype IP
localid 10.0.1.108
remoteidtype IP
remoteid 10.0.1.109
#preshared key
key 282828282828282828282129292929292929292929
}настройки ifconfig trace(Solaris):
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
le0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.0.1.108 netmask ffffff00 broadcast 10.0.1.255
ether 8:0:20:91:ce:e7
le0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.0.0.108 netmask ffffff00 broadcast 10.255.255.255
le0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.0.2.108 netmask ffffff00 broadcast 10.255.255.255
ip.tun0: flags=10028d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,UNNUMBERED,IPv4 > mtu 1480 index 4
inet tunnel src 10.0.1.108 tunnel dst 10.0.1.109
tunnel security settings esp (3des-cbc/hmac-md5)
tunnel hop limit 60
inet 10.0.2.108 --> 10.0.2.109 netmask ffffff00
Конфиги для FreeBSD Gateway:Ipsec policy File:
spdadd 0.0.0.0 0.0.0.0 any -P out ipsec esp/tunnel/10.0.1.109-10.0.1.108/require;
spdadd 0.0.0.0 0.0.0.0 any -P in ipsec esp/tunnel/10.0.1.108-10.0.1.109/require;spdadd 10.0.2.109 10.0.2.108 any -P out ipsec esp/tunnel/10.0.1.109-10.0.1.108/require;
spdadd 10.0.2.108 10.0.2.109 any -P in ipsec esp/tunnel/10.0.1.108-10.0.1.109/require;IKE daemon File -> racoon.conf(настройки для демона racoon):
# "padding" defines some parameter of padding. You should not touch these.
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}# if no listen directive is specified, racoon will listen to all
# available interface addresses.
listen
{
#isakmp ::1 [7000];
#isakmp 202.249.11.124 [500];
#admin [7002]; # administrative's port by kmpstat.
#strict_address; # required all addresses must be bound.
}# Specification of default various timer.
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.# timer for waiting to complete each phase.
phase1 30 sec;
phase2 30 sec;
}remote anonymous
{
# exchange_mode main,aggressive;
exchange_mode aggressive, main;
doi ipsec_doi;
#situation identity_only;#my_identifier address;
my_identifier address 10.0.1.109; #user_fqdn "sakane@kame.net";
peers_identifier address 10.0.1.108; # user_fqdn "sakane@kame.net";
#certificate_type x509 "mycert" "mypriv";nonce_size 16; #40; #was: 20;
lifetime time 30 sec; #14400 sec; # 1 min; # sec,min,hour
initial_contact off;
#support_mip6 on;
proposal_check obey; # obey, strict or claimproposal {
encryption_algorithm 3des;
hash_algorithm md5; # sha1;
authentication_method pre_shared_key ;
dh_group 5;
}
}sainfo anonymous
{
pfs_group 1; # 2;
lifetime time 30 sec; #1 min;
encryption_algorithm 3des; #des; #tested: rijndael,
authentication_algorithm hmac_md5; #hmac_sha1; # non_auth;
compression_algorithm deflate ;
}File -> preshared.secret(общий preshared secret):
10.0.1.108 ((((((((((!))))))))))
Настройки ifconfig trace(FreeBSD):
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.0.109 netmask 0xffffff00 broadcast 10.0.0.255
ether 00:05:5d:34:fc:21
media: Ethernet autoselect (10baseT/UTP)
status: active
rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.0.1.109 netmask 0xffffff00 broadcast 10.0.1.255
inet 10.0.2.109 netmask 0xffffff00 broadcast 10.0.2.255
ether 00:05:5d:4c:5f:ef
media: Ethernet autoselect (10baseT/UTP)
status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 10.0.1.109 --> 10.0.1.108
inet 10.0.2.109 --> 10.0.2.108 netmask 0xffffff00Результаты:
1.FreeBSD# ping 10.0.2.108
100 % packets lost
2.tcpdump trace: (slompster is 10.0.1.109 (FreeBSD Gateway))
18:32:42.488416 slompster.isakmp > 10.0.1.108.isakmp: isakmp: phase 1 I agg: [|sa]
18:32:43.215390 10.0.1.108.isakmp > slompster.isakmp: isakmp: phase 1 R agg: [|sa] (DF)
18:32:43.295001 slompster.isakmp > 10.0.1.108.isakmp: isakmp: phase 1 I agg: (hash: len=16)
18:32:43.296546 10.0.1.108.isakmp > slompster.isakmp: isakmp: phase 2/others R inf[E]: [encrypted hash] (DF)
18:32:43.313588 slompster.isakmp > 10.0.1.108.isakmp: isakmp: phase 2/others I oakley-quick[E]: [encrypted hash]
18:32:43.387263 10.0.1.108.isakmp > slompster.isakmp: isakmp: phase 2/others R oakley-quick[E]: [encrypted hash] (DF)
18:32:43.392910 slompster.isakmp > 10.0.1.108.isakmp: isakmp: phase 2/others I inf[E]: [encrypted hash]
18:32:54.555184 slompster.isakmp > 10.0.1.108.isakmp: isakmp: phase 2/others I oakley-quick[E]: [encrypted hash]
18:33:14.684040 slompster.isakmp > 10.0.1.108.isakmp: isakmp: phase 2/others I oakley-quick[E]: [encrypted hash]
18:33:27.930264 slompster.isakmp > 10.0.1.108.isakmp: isakmp: phase 1 I agg: [|sa]
18:33:28.657742 10.0.1.108.isakmp > slompster.isakmp: isakmp: phase 1 R agg: [|sa] (DF)
18:33:28.730229 slompster.isakmp > 10.0.1.108.isakmp: isakmp: phase 1 I agg:
(hash: len=16)
18:33:28.731661 10.0.1.108.isakmp > slompster.isakmp: isakmp: phase 2/others R inf[E]: [encrypted hash] (DF)
18:33:28.743277 slompster.isakmp > 10.0.1.108.isakmp: isakmp: phase 2/others I oakley-quick[E]: [encrypted hash]
18:33:28.818771 10.0.1.108.isakmp > slompster.isakmp: isakmp: phase 2/others R oakley-quick[E]: [encrypted hash] (DF)
18:33:28.824801 slompster.isakmp > 10.0.1.108.isakmp: isakmp: phase 2/others I inf[E]: [encrypted hash]
3. racoon.log
...
2004-02-02 16:37:36: DEBUG: oakley.c:2710:oakley_do_decrypt(): decrypted.
2004-02-02 16:37:36: DEBUG: plog.c:193:plogdump():
8bae6d6d a941c531 5f9c6529 1d000000 08102001 0618e42b 0000009c 01000014
059b5e83 ea341be0 6b6fa9f0 14de7b70 0a000030 00000001 00000001 00000024
01030401 3eadd611 00000018 01030000 80010001 8002001e 80040001 80050001
05000024 a5eb15b2 e621bf05 4d2d04fa 53c8e7eb 174e2057 951f97ed bec12312
cd95f5f5 0500000c 01000000 0a00016d 0000000c 01000000 0a00016c
2004-02-02 16:37:36: DEBUG: isakmp.c:2248:isakmp_printpacket(): begin.
2004-02-02 16:37:36: DEBUG: isakmp.c:1112:isakmp_parsewoh(): begin.
2004-02-02 16:37:36: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=8(hash)
2004-02-02 16:37:36: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=1(sa)
2004-02-02 16:37:36: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=10(nonce)
2004-02-02 16:37:36: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=5(id)
2004-02-02 16:37:36: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=5(id)
2004-02-02 16:37:36: DEBUG: isakmp.c:1178:isakmp_parsewoh(): succeed.
2004-02-02 16:37:36: ERROR: isakmp_quick.c:439:quick_i2recv(): mismatched ID was returned.
2004-02-02 16:37:36: ERROR: isakmp.c:710:quick_main(): failed to pre-process packet.
...
2004-02-02 16:37:36: DEBUG: isakmp_inf.c:634:isakmp_info_send_common(): sendto Information notify.
2004-02-02 16:37:36: ERROR: isakmp.c:529:isakmp_main(): phase2 negotiation failed.
2004-02-02 16:37:36: DEBUG: schedule.c:210:sched_scrub_param(): an undead schedule has been deleted.
2004-02-02 16:37:36: DEBUG: schedule.c:210:sched_scrub_param(): an undead schedule has been deleted.HELP PLEASE.
#my_identifier address;
my_identifier address 10.0.1.109; #user_fqdn "sakane@kame.net";
peers_identifier address 10.0.1.108; # user_fqdn "sakane@kame.net";
#certificate_type x509 "mycert" "mypriv";раскоментруй #my_identifier address; , а my_identifier address 10.0.1.109; peers_identifier address 10.0.1.108; закоментируй.
Покажи потом что получилось.
Встречный вопрос-ipsec между фрей и линуксом не строил?
1. Still Do not work. Here is logfile of racoon(when FreeBSD is initiator):2004-02-06 16:40:06: INFO: isakmp.c:2412:log_ph1established(): ISAKMP-SA established 10.0.1.109[500]-10.0.1.108[500] spi:40c79e63
f4a35d2b:603a3d0724000000
2004-02-06 16:40:06: DEBUG: isakmp.c:669:ph1_main(): ===
2004-02-06 16:40:06: DEBUG: isakmp.c:937:isakmp_ph2begin_i(): ===
2004-02-06 16:40:06: DEBUG: isakmp.c:938:isakmp_ph2begin_i(): begin QUICK mode.
2004-02-06 16:40:06: INFO: isakmp.c:942:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 10.0.1.109[0]<=>10.0.1.108[0]
2004-02-06 16:40:06: DEBUG: oakley.c:2546:oakley_newiv2(): compute IV for phase2
2004-02-06 16:40:06: DEBUG: oakley.c:2547:oakley_newiv2(): phase1 last IV:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
0df6073f b1c45c23 92cdc7b4
2004-02-06 16:40:06: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2004-02-06 16:40:06: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(3des)
2004-02-06 16:40:06: DEBUG: oakley.c:2579:oakley_newiv2(): phase2 IV computed:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
b35aec49 ec65b83c
2004-02-06 16:40:06: DEBUG: pfkey.c:792:pk_sendgetspi(): call pfkey_send_getspi
2004-02-06 16:40:06: DEBUG: pfkey.c:805:pk_sendgetspi(): pfkey GETSPI sent: ESP/Tunnel 10.0.1.108->10.0.1.109
2004-02-06 16:40:06: DEBUG: isakmp_quick.c:131:quick_i1prep(): pfkey getspi sent.
2004-02-06 16:40:06: DEBUG: pfkey.c:195:pfkey_handler(): get pfkey GETSPI message
2004-02-06 16:40:06: DEBUG2: plog.c:193:plogdump():
02010003 0a000000 08000000 79040000 02000100 038a2f54 4006ff9f 0a00006d
03000500 ff200000 10020000 0a00016c 00000000 00000000 03000600 ff200000
10020000 0a00016d 00000000 00000000
2004-02-06 16:40:06: DEBUG: pfkey.c:876:pk_recvgetspi(): pfkey GETSPI succeeded: ESP/Tunnel 10.0.1.108->10.0.1.109 spi=59387732(0
x38a2f54)
2004-02-06 16:40:06: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp768)
2004-02-06 16:40:06: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp768)
2004-02-06 16:40:06: DEBUG: algorithm.c:610:alg_oakley_dhdef(): hmac(modp768)
2004-02-06 16:40:06: DEBUG: oakley.c:256:oakley_dh_generate(): compute DH's private.
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
442ce181 7e333317 aab7cc26 b56a6908 51d82626 49d2960d 08f1e560 9ef464ea
0c2fd451 96c3efab a0b57f1d 049fd15d 536cf279 44a7e8d9 329de528 f3423400
72ff4605 0e8970ed 441c28b4 c60e95dc 0637b45b 814c0aef 4bfbaa47 7b6d70df
2004-02-06 16:40:06: DEBUG: oakley.c:258:oakley_dh_generate(): compute DH's public.
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
bc766fde c9ebc887 13758a44 a8d61b30 685f8f16 37615ccd d9c30298 a6052e65
78a7ffa0 747926dc 671fa7ff e8af4f21 34b43810 26f6c9de a88d505b 7ca66a0d
b16fa431 afdd1b2e c86d4473 1c974a60 334f8921 9967f18c 04c19da8 f6d2ffe2
2004-02-06 16:40:06: DEBUG: ipsec_doi.c:3321:ipsecdoi_setid2(): use local ID type IPv4_address
2004-02-06 16:40:06: DEBUG: ipsec_doi.c:3366:ipsecdoi_setid2(): use remote ID type IPv4_address
2004-02-06 16:40:06: DEBUG: isakmp_quick.c:208:quick_i1send(): IDci:2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
01000000 0a00026d
2004-02-06 16:40:06: DEBUG: isakmp_quick.c:210:quick_i1send(): IDcr:2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
01000000 0a00026c
2004-02-06 16:40:06: DEBUG: isakmp.c:2113:set_isakmp_payload(): add payload of len 48, next type 10
2004-02-06 16:40:06: DEBUG: isakmp.c:2113:set_isakmp_payload(): add payload of len 16, next type 4
:2004-02-06 16:40:06: DEBUG: isakmp.c:2113:set_isakmp_payload(): add payload of len 96, next type 5
2004-02-06 16:40:06: DEBUG: isakmp.c:2113:set_isakmp_payload(): add payload of len 8, next type 5
2004-02-06 16:40:06: DEBUG: isakmp.c:2113:set_isakmp_payload(): add payload of len 8, next type 0
2004-02-06 16:40:06: DEBUG: oakley.c:748:oakley_compute_hash1(): HASH with:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
92cdc7b4 0a000034 00000001 00000001 00000028 01030401 038a2f54 0000001c
01030000 80010001 8002001e 80040001 80050001 80030001 04000014 9169dbac
8a98e1a4 e456c160 9e731825 05000064 bc766fde c9ebc887 13758a44 a8d61b30
685f8f16 37615ccd d9c30298 a6052e65 78a7ffa0 747926dc 671fa7ff e8af4f21
34b43810 26f6c9de a88d505b 7ca66a0d b16fa431 afdd1b2e c86d4473 1c974a60
334f8921 9967f18c 04c19da8 f6d2ffe2 0500000c 01000000 0a00026d 0000000c
01000000 0a00026c
2004-02-06 16:40:06: DEBUG: algorithm.c:322:alg_oakley_hmacdef(): hmac(hmac_md5)
2004-02-06 16:40:06: DEBUG: oakley.c:758:oakley_compute_hash1(): HASH computed:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
11fa7094 8d7a2c38 f7e9054d a818620d
2004-02-06 16:40:06: DEBUG: isakmp.c:2113:set_isakmp_payload(): add payload of len 16, next type 1
2004-02-06 16:40:06: DEBUG: isakmp.c:2248:isakmp_printpacket(): begin.
2004-02-06 16:40:06: DEBUG: oakley.c:2745:oakley_do_encrypt(): begin encryption.
2004-02-06 16:40:06: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(3des)
2004-02-06 16:40:06: DEBUG: oakley.c:2761:oakley_do_encrypt(): pad length = 8
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
01000014 11fa7094 8d7a2c38 f7e9054d a818620d 0a000034 00000001 00000001
00000028 01030401 038a2f54 0000001c 01030000 80010001 8002001e 80040001
80050001 80030001 04000014 9169dbac 8a98e1a4 e456c160 9e731825 05000064
bc766fde c9ebc887 13758a44 a8d61b30 685f8f16 37615ccd d9c30298 a6052e6578a7ffa0 747926dc 671fa7ff e8af4f21 34b43810 26f6c9de a88d505b 7ca66a0d
b16fa431 afdd1b2e c86d4473 1c974a60 334f8921 9967f18c 04c19da8 f6d2ffe2
0500000c 01000000 0a00026d 0000000c 01000000 0a00026c 00000000 00000008
2004-02-06 16:40:06: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(3des)
2004-02-06 16:40:06: DEBUG: oakley.c:2796:oakley_do_encrypt(): with key:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
2a1f0b3f 84d136ab 7cdb8904 4b69e240 63c243d8 0338e2cf
2004-02-06 16:40:06: DEBUG: oakley.c:2804:oakley_do_encrypt(): encrypted payload by IV:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
f5460ce9 d3f8fdc3
2004-02-06 16:40:06: DEBUG: oakley.c:2811:oakley_do_encrypt(): save IV for next:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
f5460ce9 d3f8fdc3
2004-02-06 16:40:06: DEBUG: oakley.c:2828:oakley_do_encrypt(): encrypted.
2004-02-06 16:40:06: DEBUG: sockmisc.c:421:sendfromto(): sockname 10.0.1.109[500]
2004-02-06 16:40:06: DEBUG: sockmisc.c:423:sendfromto(): send packet from 10.0.1.109[500]
2004-02-06 16:40:06: DEBUG: sockmisc.c:425:sendfromto(): send packet to 10.0.1.108[500]
2004-02-06 16:40:06: DEBUG: sockmisc.c:570:sendfromto(): 1 times of 252 bytes message will be sent to 10.0.1.109[500]
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
40c79e63 f4a35d2b 603a3d07 24000000 08102001 92cdc7b4 000000fc 7895eadb
d0c80e4f 1b595024 f2fb6855 05db2091 48a470c9 42343a70 dec879f2 f77f8d55
a0c83570 92d0be40 7bc25c8a b648931b 737173b1 6e05cce5 eb4b343c 2dd329db
b2781a1d 7b36ad51 d26aaf22 dae2d5ed 9f933485 aadfb9d3 41c5dc15 7d3fe0a9
59a6b64c 47a2f586 f937b7e5 5dffab72 97f30537 15cc05c1 e371ffd3 0d042887
ccce99fe faed6082 57c20899 0caeb2b9 2fa9b041 b32419fe 67038a42 e5f89578
0f97e698 1bbe6286 2917e586 c50709f3 b3fdd888 0804b480 f45b75ef e9671bdf
47ca55ed 211901e3 ddc517f2 a19ebce9 ce9400a2 f5460ce9 d3f8fdc3
2004-02-06 16:40:06: DEBUG: isakmp.c:1487:isakmp_ph2resend(): resend phase2 packet 40c79e63f4a35d2b:603a3d0724000000:000092cd
2004-02-06 16:40:06: DEBUG: isakmp.c:221:isakmp_handler(): ===
2004-02-06 16:40:06: DEBUG: isakmp.c:222:isakmp_handler(): 68 bytes message received from 10.0.1.108[500]
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
40c79e63 f4a35d2b 603a3d07 24000000 08100501 9a6b3496 00000044 b2e3fdb7
f21485e0 9559c16f d1d866ef 58ca7aa3 e17ef884 57bba2d0 58f0ed67 bdec1bff
24f02443
2004-02-06 16:40:06: DEBUG: isakmp.c:2248:isakmp_printpacket(): begin.
2004-02-06 16:40:06: DEBUG: isakmp_inf.c:115:isakmp_info_recv(): receive Information.
2004-02-06 16:40:06: DEBUG: oakley.c:2546:oakley_newiv2(): compute IV for phase2
2004-02-06 16:40:06: DEBUG: oakley.c:2547:oakley_newiv2(): phase1 last IV:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
0df6073f b1c45c23 9a6b3496
2004-02-06 16:40:06: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2004-02-06 16:40:06: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(3des)
2004-02-06 16:40:06: DEBUG: oakley.c:2579:oakley_newiv2(): phase2 IV computed:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
319bbeb8 fae1fbec
2004-02-06 16:40:06: DEBUG: oakley.c:2622:oakley_do_decrypt(): begin decryption.
2004-02-06 16:40:06: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(3des)
2004-02-06 16:40:06: DEBUG: oakley.c:2636:oakley_do_decrypt(): IV was saved for next processing:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
bdec1bff 24f02443
2004-02-06 16:40:06: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(3des)
2004-02-06 16:40:06: DEBUG: oakley.c:2661:oakley_do_decrypt(): with key:
004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
2a1f0b3f 84d136ab 7cdb8904 4b69e240 63c243d8 0338e2cf
2004-02-06 16:40:06: DEBUG: oakley.c:2669:oakley_do_decrypt(): decrypted payload by IV:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
bdec1bff 24f02443
2004-02-06 16:40:06: DEBUG: oakley.c:2672:oakley_do_decrypt(): decrypted payload, but not trimed.
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
0b000014 1cfd4b35 cd038074 93652e45 6695c49d 00000010 00000001 01046002
40c79e63 00000000
2004-02-06 16:40:06: DEBUG: oakley.c:2681:oakley_do_decrypt(): padding len=0
2004-02-06 16:40:06: DEBUG: oakley.c:2695:oakley_do_decrypt(): skip to trim padding.
2004-02-06 16:40:06: DEBUG: oakley.c:2710:oakley_do_decrypt(): decrypted.
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
40c79e63 f4a35d2b 603a3d07 24000000 08100501 9a6b3496 00000044 0b000014
1cfd4b35 cd038074 93652e45 6695c49d 00000010 00000001 01046002 40c79e63
00000000
2004-02-06 16:40:06: DEBUG: isakmp.c:2248:isakmp_printpacket(): begin.
2004-02-06 16:40:06: DEBUG: isakmp.c:1112:isakmp_parsewoh(): begin.
2004-02-06 16:40:06: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=8(hash)
2004-02-06 16:40:06: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=11(notify)
2004-02-06 16:40:06: DEBUG: isakmp.c:1178:isakmp_parsewoh(): succeed.
2004-02-06 16:40:06: DEBUG: pfkey.c:271:pfkey_dump_sadb(): call pfkey_send_dump
2004-02-06 16:40:06: DEBUG: isakmp_inf.c:798:isakmp_info_recv_n(): notification message 24578:INITIAL-CONTACT, doi=1 proto_id=1 s
pi=40c79e63(size=4).
2004-02-06 16:40:06: DEBUG: isakmp.c:221:isakmp_handler(): ===
2004-02-06 16:40:06: DEBUG: isakmp.c:222:isakmp_handler(): 116 bytes message received from 10.0.1.108[500]
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
40c79e63 f4a35d2b 603a3d07 24000000 08100501 50ef36c7 00000074 d051bbb7
d65e5811 b4b21665 b7b9dda5 1d777680 920165d2 fa2794f8 3b1efba4 6f77f51f
b923d321 2b70368b a5795abe de7c8347 d619be4d 6a1c2bf1 63ca8dee 3639678b
cd188cdb cd897c65 16201375 e5203fcf 650a4a4f
2004-02-06 16:40:06: DEBUG: isakmp.c:2248:isakmp_printpacket(): begin.
2004-02-06 16:40:06: DEBUG: isakmp_inf.c:115:isakmp_info_recv(): receive Information.
2004-02-06 16:40:06: DEBUG: oakley.c:2546:oakley_newiv2(): compute IV for phase2
2004-02-06 16:40:06: DEBUG: oakley.c:2547:oakley_newiv2(): phase1 last IV:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
0df6073f b1c45c23 50ef36c7
2004-02-06 16:40:06: DEBUG: algorithm.c:252:alg_oakley_hashdef(): hash(md5)
2004-02-06 16:40:06: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(3des)
2004-02-06 16:40:06: DEBUG: oakley.c:2579:oakley_newiv2(): phase2 IV computed:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
3c9864c5 a70b5453
2004-02-06 16:40:06: DEBUG: oakley.c:2622:oakley_do_decrypt(): begin decryption.
2004-02-06 16:40:06: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(3des)
2004-02-06 16:40:06: DEBUG: oakley.c:2636:oakley_do_decrypt(): IV was saved for next processing:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
e5203fcf 650a4a4f
2004-02-06 16:40:06: DEBUG: algorithm.c:382:alg_oakley_encdef(): encription(3des)
2004-02-06 16:40:06: DEBUG: oakley.c:2661:oakley_do_decrypt(): with key:
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
2a1f0b3f 84d136ab 7cdb8904 4b69e240 63c243d8 0338e2cf
2004-02-06 16:40:06: DEBUG: oakley.c:2669:oakley_do_decrypt(): decrypted payload by IV:2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
e5203fcf 650a4a4f
2004-02-06 16:40:06: DEBUG: oakley.c:2672:oakley_do_decrypt(): decrypted payload, but not trimed.
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
0b000014 517b86a6 cc40a9fe 0d018e71 a8104d60 00000042 00000001 0304000e
038a2f54 800c0001 00060022 436f756c 64206e6f 74206669 6e642061 63636570
7461626c 65207072 6f706f73 616c0008 000492cd c7b40000
2004-02-06 16:40:06: DEBUG: oakley.c:2681:oakley_do_decrypt(): padding len=0
2004-02-06 16:40:06: DEBUG: oakley.c:2695:oakley_do_decrypt(): skip to trim padding.
2004-02-06 16:40:06: DEBUG: oakley.c:2710:oakley_do_decrypt(): decrypted.
2004-02-06 16:40:06: DEBUG: plog.c:193:plogdump():
40c79e63 f4a35d2b 603a3d07 24000000 08100501 50ef36c7 00000074 0b000014
517b86a6 cc40a9fe 0d018e71 a8104d60 00000042 00000001 0304000e 038a2f54
800c0001 00060022 436f756c 64206e6f 74206669 6e642061 63636570 7461626c
65207072 6f706f73 616c0008 000492cd c7b40000
2004-02-06 16:40:06: DEBUG: isakmp.c:2248:isakmp_printpacket(): begin.
2004-02-06 16:40:06: DEBUG: isakmp.c:1112:isakmp_parsewoh(): begin.
2004-02-06 16:40:06: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=8(hash)
2004-02-06 16:40:06: DEBUG: isakmp.c:1139:isakmp_parsewoh(): seen nptype=11(notify)
2004-02-06 16:40:06: DEBUG: isakmp.c:1178:isakmp_parsewoh(): succeed.
2004-02-06 16:40:06: ERROR: isakmp_inf.c:776:isakmp_info_recv_n(): unknown notify message, no phase2 handle found.
2004-02-06 16:40:06: DEBUG: isakmp_inf.c:798:isakmp_info_recv_n(): notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=3 s
pi=038a2f54(size=4)....
So no proposal chosen.
2. About FreeBSD-/IPSec/-Linux - no, i have no experience about it.
Хотел узнать решилаь-ли проблема, а то у меня тоже самое!
I want know about this problem. I have same.