Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > 1998-spring > 98 > 050094.html (Request Expert lists.freeswan.org Support)

linux-ipsec: Trying to get pluto from freeswan-0.8 working for me

From: Hugh Daniel <hugh(at)road.toad.com>
Date: Thu May 14 1998 - 19:02:29 EDT


  I don't know where you are with work on Pluto, but here is the debugging output of two plutos that tryed but could not set up a SA (Security Association) between each other.   I can't send you the script that started up the whack, but I am sure you can guess what little it does.
  Both plutos are from the fresswant-0.8 release just up on the web site.

  The 'slave' or passive pluto is on north.toad.com (far away accross the internet at Toad Hall) and the 'master' or active one is on east.toad.com, this is the one I whacked.

  The meat of it all is the slave was reporting malformed packets of some sort.
  I have appended below the output of the whack command, both pluti and the output of the ipsec_systat script run on both machines. If there is some piece of system status information that I have missed please tell the list what it is.
  Have fun... 

		||ugh Daniel
		hugh@toad.com
			Systems Testing & Project mis-Management
			The Linux FreeS/WAN Project
			
http://www.xs4all.nl/~freeswan

-------  How I started each attempt to make a SA  -----------------------
root@east > sh pluto-ne.rc
: I am east.toad.com
Initiating with 140.174.2.9, port 500 
209.157.90.152
255.255.255.248
206.14.61.224
255.255.255.240

Goal = 7
Done.
root@east >   
  • North or slave passive end ----------------------------------- Script started on Thu May 14 15:44:56 1998 .bashrc@north.toad.com root@north > pluto opening /dev/urandom inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds init_socket(): listening to port 500 listening at 127.0.0.1 listening at 140.174.2.9 listening at 206.14.61.238 listening at 3 interfaces init_kernelfd(): listening to port 501 socket numbers: 4 5 6 7 kernel socket: 8 next event EVENT_REINIT_SECRET in 3600 seconds ((nil)/0)

received packet
read 176 bytes from 209.157.90.145, port 500   96 68 f3 af 7c 24 74 05 00 00 00 00 00 00 00 00   01 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94   00 00 00 01 00 00 00 01 00 00 00 88 00 01 00 04   03 00 00 20 00 01 00 00 80 01 00 01 80 02 00 03   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10   03 00 00 20 01 01 00 00 80 01 00 01 80 02 00 02   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10   03 00 00 20 02 01 00 00 80 01 00 01 80 02 00 01   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10   00 00 00 20 03 01 00 00 80 01 00 01 80 02 00 01   80 03 00 01 80 04 00 01 80 0b 00 01 80 0c 0e 10 parse ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: 00 00 00 00 00 00 00 00   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 176
full state not found
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 148
half state not found
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  length: 148
  DOI: ISAKMP_DOI_IPSEC
emit ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: bb 9c 31 2d 41 92 be d2   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 136
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 4
parse ISAKMP Transform Payload (ISAKMP):   next payload type: ISAKMP_NEXT_T
  length: 32
  transform number: 0
  transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 3
[3 is OAKLEY_TIGER]

I don't like something about OAKLEY_HASH_ALGORITHM in Oakley Proposal parse ISAKMP Transform Payload (ISAKMP):   next payload type: ISAKMP_NEXT_T
  length: 32
  transform number: 1
  transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
[2 is OAKLEY_SHA]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

opening ./isakmp-secrets
secret used is [this is a test
], length = 15
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
Oakley Transform 1 accepted
emit IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 1
emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_NONE
  transform number: 1
  transform ID: KEY_IKE
emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) attributes 80 01 00 01 80 02 00 02 80 03 00 01 80 04 00 02   80 0b 00 01 80 0c 0e 10
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emitting length of ISAKMP Proposal Payload: 40 emitting length of ISAKMP Security Association Payload: 52 emitting length of ISAKMP Message: 80
my identity is 140.174.2.9
sending:
  96 68 f3 af 7c 24 74 05 bb 9c 31 2d 41 92 be d2   01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34   00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01   00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 02   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10 transmitted 80 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8068048/0)

received packet
read 180 bytes from 209.157.90.145, port 500   96 68 f3 af 7c 24 74 05 bb 9c 31 2d 41 92 be d2   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   6f 90 4a 60 34 e1 76 2e a0 de f2 01 d3 f2 82 41   42 15 ec 04 d9 52 a7 7f 88 5b 3a 61 28 4b a8 93   74 54 a7 ab 1c 02 2d 60 dd 96 11 a5 3f ef 91 a3   6b 92 7d 17 2a ae de 4b d7 ea 41 2f f0 96 27 a7   16 92 4c 5b 93 20 b7 53 9a 50 c2 b9 7d 62 09 ab   17 5d 19 76 39 bf f4 9e 49 0c d1 14 82 42 de b8   65 ce a8 d6 a5 c3 bc d0 09 83 6c fc 04 35 67 2c   6d 53 67 33 27 48 24 73 de f2 33 1a c1 6c 18 e1   00 00 00 14 6e 87 1c f3 49 1d 35 1b 76 77 60 0b   44 db 27 51
parse ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: bb 9c 31 2d 41 92 be d2   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 180
full state found, state OAKLEY_MAIN_R_1
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
parse ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
public value received: 6f904a6034e1762ea0def201d3f282414215ec04d952a77f885b3a61284ba8937454a7ab1c022d60dd9611a53fef91a36b927d172aaede4bd7ea412ff09627a716924c5b9320b7539a50c2b97d6209ab175d197639bff49e490cd1148242deb865cea8d6a5c3bcd009836cfc0435672c6d53673327482473def2331ac16c18e1 our secret value: 2640d0c43db1bd47992466e39593819b3537a38c9445475261b65e4dabb121fe our public value: 174d665dfc5ad766b170b1ae825b547d2b37a74fd2ac58a4ef16feb21d5d2e60ab4f3022ba6673555b2ccd42fac0324031b914cf4da50e29e2f68fe53c20722850131edd004def6b5537cbd76e0bc56e9403f85caf740b8da8cd0880e6e22b1d792fa749ce4415e8de4ad57342aa55dca4c5bd630c4147369bb7a84f7100eb0f shared secret: 2ed970558869fbe4d974f23d34d3c50082eae11a9d5e62e6e3b499d29762a1638a9e4792a86419f2804f59f92b52d11def9c296a11b9a9fe97de9b794c4cb5e24871291081949477a01cae983c1f79d98e96ac47c4a417821678bed7938ecd920660afbb3a63a185fd818433ea5ed687f7623681457ec423068067647a85735e emit ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: bb 9c 31 2d 41 92 be d2   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload keyex value 17 4d 66 5d fc 5a d7 66 b1 70 b1 ae 82 5b 54 7d   2b 37 a7 4f d2 ac 58 a4 ef 16 fe b2 1d 5d 2e 60   ab 4f 30 22 ba 66 73 55 5b 2c cd 42 fa c0 32 40   31 b9 14 cf 4d a5 0e 29 e2 f6 8f e5 3c 20 72 28   50 13 1e dd 00 4d ef 6b 55 37 cb d7 6e 0b c5 6e   94 03 f8 5c af 74 0b 8d a8 cd 08 80 e6 e2 2b 1d   79 2f a7 49 ce 44 15 e8 de 4a d5 73 42 aa 55 dc   a4 c5 bd 63 0c 41 47 36 9b b7 a8 4f 71 00 eb 0f emitting length of ISAKMP Key Exchange Payload: 132 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value 75 09 67 04 99 d4 15 fb 11 c5 fb 10 a9 ec 8b 2b emitting length of ISAKMP Nonce Payload: 20 emitting length of ISAKMP Message: 180
opening ./isakmp-secrets
secret used is [this is a test
], length = 15
size of g^xy is 128
Skeyid: e9 e0 87 98 38 54 4d af 78 2a 13 a1 35 47 3e 84   13 ae 46 5c
Skeyid_d: d5 22 bb a6 d5 d9 68 5f 2a 66 4b 8a a2 12 ab ec   db 02 65 54
Skeyid_a: fe a9 11 04 2a 5c c4 3c 99 98 dd d1 1f 1c 53 8a   86 21 83 13
Skeyid_e: e1 75 cf e1 17 10 8e fc d6 5a 79 b8 0d 3f 27 3e   0f 26 63 e1
IV: 45 5e de ec 5e 97 28 bd ae a8 5f ee 54 83 e4 25   1c 86 d5 e2
sending:
  96 68 f3 af 7c 24 74 05 bb 9c 31 2d 41 92 be d2   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   17 4d 66 5d fc 5a d7 66 b1 70 b1 ae 82 5b 54 7d   2b 37 a7 4f d2 ac 58 a4 ef 16 fe b2 1d 5d 2e 60   ab 4f 30 22 ba 66 73 55 5b 2c cd 42 fa c0 32 40   31 b9 14 cf 4d a5 0e 29 e2 f6 8f e5 3c 20 72 28   50 13 1e dd 00 4d ef 6b 55 37 cb d7 6e 0b c5 6e   94 03 f8 5c af 74 0b 8d a8 cd 08 80 e6 e2 2b 1d   79 2f a7 49 ce 44 15 e8 de 4a d5 73 42 aa 55 dc   a4 c5 bd 63 0c 41 47 36 9b b7 a8 4f 71 00 eb 0f   00 00 00 14 75 09 67 04 99 d4 15 fb 11 c5 fb 10   a9 ec 8b 2b
transmitted 180 bytes
inserting event EVENT_CLEANUP, timeout in 120 seconds next event EVENT_CLEANUP in 120 seconds (0x8068048/0)

received packet
read 68 bytes from 209.157.90.145, port 500   96 68 f3 af 7c 24 74 05 bb 9c 31 2d 41 92 be d2   05 10 02 01 00 00 00 00 00 00 00 44 f1 e4 dd 3b   a3 03 df 13 5a 25 fd 85 ca 1b 6f 8e d1 84 ca 88   9f 1a 32 db 8d dd a8 5e 4e d9 ed 0a 1a fa 4c 51   b9 d9 9c d9
parse ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: bb 9c 31 2d 41 92 be d2   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
  length: 68
full state found, state OAKLEY_MAIN_R_2
received encrypted packet from 209.157.90.145, port 500 decrypting 40 bytes using algorithm OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: 1a fa 4c 51 b9 d9 9c d9
decrypted:
  8b 22 d6 2c 6f 7c 03 24 93 1b 2d f5 70 76 3a 5d   cf 13 de 00 2d 9b 9a 42 d2 3d 31 a4 ca 43 af b2   b0 c4 46 fd d7 bc b8 e3
next payload type of ISAKMP Generic Payload has an unknown value: 139 malformed payload in packet from 209.157.90.145, port 500 next event EVENT_CLEANUP in 118 seconds (0x8068048/0)

received packet
read 68 bytes from 209.157.90.145, port 500   96 68 f3 af 7c 24 74 05 bb 9c 31 2d 41 92 be d2   05 10 02 01 00 00 00 00 00 00 00 44 f1 e4 dd 3b   a3 03 df 13 5a 25 fd 85 ca 1b 6f 8e d1 84 ca 88   9f 1a 32 db 8d dd a8 5e 4e d9 ed 0a 1a fa 4c 51   b9 d9 9c d9
parse ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: bb 9c 31 2d 41 92 be d2   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
  length: 68
full state found, state OAKLEY_MAIN_R_2
received encrypted packet from 209.157.90.145, port 500 decrypting 40 bytes using algorithm OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: 1a fa 4c 51 b9 d9 9c d9
decrypted:
  d4 86 44 91 88 32 b7 40 93 1b 2d f5 70 76 3a 5d   cf 13 de 00 2d 9b 9a 42 d2 3d 31 a4 ca 43 af b2   b0 c4 46 fd d7 bc b8 e3
next payload type of ISAKMP Generic Payload has an unknown value: 212 malformed payload in packet from 209.157.90.145, port 500 next event EVENT_CLEANUP in 88 seconds (0x8068048/0)

received packet
read 68 bytes from 209.157.90.145, port 500   96 68 f3 af 7c 24 74 05 bb 9c 31 2d 41 92 be d2   05 10 02 01 00 00 00 00 00 00 00 44 f1 e4 dd 3b   a3 03 df 13 5a 25 fd 85 ca 1b 6f 8e d1 84 ca 88   9f 1a 32 db 8d dd a8 5e 4e d9 ed 0a 1a fa 4c 51   b9 d9 9c d9
parse ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: bb 9c 31 2d 41 92 be d2   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
  length: 68
full state found, state OAKLEY_MAIN_R_2
received encrypted packet from 209.157.90.145, port 500 decrypting 40 bytes using algorithm OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: 1a fa 4c 51 b9 d9 9c d9
decrypted:
  d4 86 44 91 88 32 b7 40 93 1b 2d f5 70 76 3a 5d   cf 13 de 00 2d 9b 9a 42 d2 3d 31 a4 ca 43 af b2   b0 c4 46 fd d7 bc b8 e3
next payload type of ISAKMP Generic Payload has an unknown value: 212 malformed payload in packet from 209.157.90.145, port 500 next event EVENT_CLEANUP in 58 seconds (0x8068048/0)

Do you need help?X

time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0) responder state expired for 209.157.90.145, port 500 next event EVENT_REINIT_SECRET in 3455 seconds ((nil)/0)

root@north > exit

Script done on Thu May 14 15:49:31 1998

  • East or master active end ----------------------------------- Script started on Thu May 14 15:34:13 1998 .bashrc@east.toad.com root@east > pluto opening /dev/urandom inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds init_socket(): listening to port 500 listening at 127.0.0.1 listening at 209.157.90.145 listening at 209.157.90.158 listening at 209.157.90.145 listening at 4 interfaces init_kernelfd(): listening to port 501 socket numbers: 4 5 6 7 8 kernel socket: 9 next event EVENT_REINIT_SECRET in 3600 seconds ((nil)/0)

received kernel message
read 84 bytes from "kernel" socket
initiating exchange with [140.174.2.9], port 500, goal GOAL_ENCRYPT+GOAL_AUTHENTICATE+GOAL_TUNNEL Proxying: 209.157.90.152/255.255.255.248<--->206.14.61.224/255.255.255.240 emit ISAKMP Message:
  initiator cookie: 3c 3f b4 c8 af 79 49 de   responder cookie: 00 00 00 00 00 00 00 00   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  DOI: ISAKMP_DOI_IPSEC
emit IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 4
emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 0
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 3
[3 is OAKLEY_TIGER]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 1
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
[2 is OAKLEY_SHA]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 2
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 1
[1 is OAKLEY_MD5]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_NONE
  transform number: 3
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 1
[1 is OAKLEY_MD5]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 1
[1 is OAKLEY_GROUP_MODP768]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emitting length of ISAKMP Proposal Payload: 136 emitting length of ISAKMP Security Association Payload: 148 emitting length of ISAKMP Message: 176
transmitted 176 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066640/0)

received packet
read 80 bytes from 140.174.2.9, port 500   3c 3f b4 c8 af 79 49 de 50 72 a4 a3 51 58 07 75   01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34   00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01   00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 02   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10 parse ISAKMP Message:
  initiator cookie: 3c 3f b4 c8 af 79 49 de   responder cookie: 50 72 a4 a3 51 58 07 75   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 80
full state not found
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 52
half state found, state OAKLEY_MAIN_I_1
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  length: 52
  DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 40
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 1
parse ISAKMP Transform Payload (ISAKMP):   next payload type: ISAKMP_NEXT_NONE
  length: 32
  transform number: 1
  transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
[2 is OAKLEY_SHA]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

opening ./isakmp-secrets
secret used is [this is a test
], length = 15
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
Oakley Transform 1 accepted
copying 40 bytes of proposal into state object Local secret: 3d6a7d4822124721453f8d6c349d2fa99854186af8d83320bb751feb708b7f35 Public value sent: 73304f4195884fc570dee150d1ad22270412c3fadfcea4901db21c7cfa9ba9c9768f6588e281559d6e6d8a641b2a7078b61081671438b332640fc86166271b16e153af68f6d7de751fc59dddca0be18edd7d8e0a1fcce06b8694b9fbaa48d30b978f8d16e9503f49b7bc366691fceb25d416b7f48d83ce4c8a714efe113940f2 emit ISAKMP Message:
  initiator cookie: 3c 3f b4 c8 af 79 49 de   responder cookie: 50 72 a4 a3 51 58 07 75   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload keyex value 73 30 4f 41 95 88 4f c5 70 de e1 50 d1 ad 22 27   04 12 c3 fa df ce a4 90 1d b2 1c 7c fa 9b a9 c9   76 8f 65 88 e2 81 55 9d 6e 6d 8a 64 1b 2a 70 78   b6 10 81 67 14 38 b3 32 64 0f c8 61 66 27 1b 16   e1 53 af 68 f6 d7 de 75 1f c5 9d dd ca 0b e1 8e   dd 7d 8e 0a 1f cc e0 6b 86 94 b9 fb aa 48 d3 0b   97 8f 8d 16 e9 50 3f 49 b7 bc 36 66 91 fc eb 25   d4 16 b7 f4 8d 83 ce 4c 8a 71 4e fe 11 39 40 f2 emitting length of ISAKMP Key Exchange Payload: 132 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value 55 e8 a1 47 34 fc 32 cc 3b ff a5 b7 16 aa 14 b3 emitting length of ISAKMP Nonce Payload: 20 emitting length of ISAKMP Message: 180
my identity is 209.157.90.145
sending:
  3c 3f b4 c8 af 79 49 de 50 72 a4 a3 51 58 07 75   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   73 30 4f 41 95 88 4f c5 70 de e1 50 d1 ad 22 27   04 12 c3 fa df ce a4 90 1d b2 1c 7c fa 9b a9 c9   76 8f 65 88 e2 81 55 9d 6e 6d 8a 64 1b 2a 70 78   b6 10 81 67 14 38 b3 32 64 0f c8 61 66 27 1b 16   e1 53 af 68 f6 d7 de 75 1f c5 9d dd ca 0b e1 8e   dd 7d 8e 0a 1f cc e0 6b 86 94 b9 fb aa 48 d3 0b   97 8f 8d 16 e9 50 3f 49 b7 bc 36 66 91 fc eb 25   d4 16 b7 f4 8d 83 ce 4c 8a 71 4e fe 11 39 40 f2   00 00 00 14 55 e8 a1 47 34 fc 32 cc 3b ff a5 b7   16 aa 14 b3
transmitted 180 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066640/0)

received packet
read 180 bytes from 140.174.2.9, port 500   3c 3f b4 c8 af 79 49 de 50 72 a4 a3 51 58 07 75   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   7a 1a 1e f3 30 a3 dd 4c 2e 8d 46 73 9a 6b 0c 05   6c 08 7c 68 3b bd 49 68 c2 83 1c 66 a5 17 eb 36   8b 7d 07 69 05 8b 49 f3 0f 8a 72 a6 27 b4 0e a3   bf e6 e6 d6 18 28 af 72 2e 3b 37 d8 47 3d e5 14   1c 64 69 0e fd f1 09 f2 54 91 e4 c8 7c db 92 97   7d 19 2b 39 6f db 70 64 9b 03 45 0c 6a ab 60 50   c3 45 6d ee ae 39 74 6c a1 69 14 16 b4 14 01 1f   3f 2f 2d b1 d3 8e 2c f6 a3 3a 47 76 e6 48 fb 1f   00 00 00 14 8c 69 92 e3 0b 33 2f b0 a0 56 6b b5   8a 45 d8 1b
parse ISAKMP Message:
  initiator cookie: 3c 3f b4 c8 af 79 49 de   responder cookie: 50 72 a4 a3 51 58 07 75   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 180
full state found, state OAKLEY_MAIN_I_2
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
parse ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
public value received: 7a1a1ef330a3dd4c2e8d46739a6b0c056c087c683bbd4968c2831c66a517eb368b7d0769058b49f30f8a72a627b40ea3bfe6e6d61828af722e3b37d8473de5141c64690efdf109f25491e4c87cdb92977d192b396fdb70649b03450c6aab6050c3456deeae39746ca1691416b414011f3f2f2db1d38e2cf6a33a4776e648fb1f shared secret: 9b65763d5468fd52102959a72aff92dce4807046c51f9fb9a4d9c9ab157ffe0531c9677d88e923ae95a69a39dbc9e2a36991c5367e9bb85fb245eb276335689d9eeb7db37e4532fb5b63f3c6b365f33e12bbf7ff4e1a731f53834ac45dcb0a1d635a202b5a8aba6cb437c9fef14c35a030a41435e9b79288b58365e43cafbeb7 opening ./isakmp-secrets
secret used is [this is a test
], length = 15
size of g^xy is 128
Skeyid: 98 e8 4e e8 c3 64 49 39 49 a1 fe 52 75 36 26 7f   78 9b 59 a7
Skeyid_d: b4 1a f3 4b 66 17 3e 91 cf cc a3 ad 5e 79 2a 49   23 13 70 02
Skeyid_a: 45 80 3e 30 f8 b6 c6 84 24 04 2a ac 4d eb d6 a5   51 2e 7e ae
Skeyid_e: 93 05 81 7e bb 47 03 89 39 b7 4a 48 7c d5 8c 1a   3c a9 13 97
IV: 97 cc b9 fa ae 2e a3 12 54 d3 cf dd 98 e8 2a 74   af 15 d0 f5
emit ISAKMP Message:
  initiator cookie: 3c 3f b4 c8 af 79 49 de   responder cookie: 50 72 a4 a3 51 58 07 75   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_HASH
  ID type: ID_IPV4_ADDR
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) my identity d1 9d 5a 91
emitting length of ISAKMP Identification Payload (IPsec DOI): 12 hashing 48 bytes of SA
Hashing my ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 HASH_I sent: ac cd 2e 42 0e 0b a6 f6 2b 5a 1a c1 a0 82 7a b0   d4 bf da 38
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 20 raw bytes of HASH_I into ISAKMP Hash Payload HASH_I ac cd 2e 42 0e 0b a6 f6 2b 5a 1a c1 a0 82 7a b0   d4 bf da 38
emitting length of ISAKMP Hash Payload: 24 encrypting:
  08 00 00 0c 01 00 00 00 d1 9d 5a 91 00 00 00 18   ac cd 2e 42 0e 0b a6 f6 2b 5a 1a c1 a0 82 7a b0   d4 bf da 38
emitting 4 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: d9 f7 47 f6 a3 f5 e8 77
emitting length of ISAKMP Message: 68
sending:
  3c 3f b4 c8 af 79 49 de 50 72 a4 a3 51 58 07 75   05 10 02 01 00 00 00 00 00 00 00 44 cb 94 9c 89   e9 c6 74 4a dc 87 1e 77 e5 85 47 33 b1 64 92 d9   75 49 c2 f6 ba 42 b4 bd 9c 44 e1 9c d9 f7 47 f6   a3 f5 e8 77
transmitted 68 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066640/0) wait wait wait wait wait wait -- hugh

time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0) event EVENT_RETRANSMIT for 140.174.2.9, port 500, handled (0x8066640) inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066640/0)

time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0) event EVENT_RETRANSMIT for 140.174.2.9, port 500, handled (0x8066640) inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066640/0)

Do you need more help?X

time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0) event EVENT_RETRANSMIT for 140.174.2.9, port 500, handled (0x8066640) max number of retransmissions(2) reached for 140.174.2.9, port 500 next event EVENT_REINIT_SECRET in 3501 seconds ((nil)/0)

# I whacked the local pluto again after restarted the one on north)

received kernel message
read 84 bytes from "kernel" socket
initiating exchange with [140.174.2.9], port 500, goal GOAL_ENCRYPT+GOAL_AUTHENTICATE+GOAL_TUNNEL Proxying: 209.157.90.152/255.255.255.248<--->206.14.61.224/255.255.255.240 emit ISAKMP Message:
  initiator cookie: 2e 90 d3 36 0f 49 72 b7   responder cookie: 00 00 00 00 00 00 00 00   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  DOI: ISAKMP_DOI_IPSEC
emit IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 4
emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 0
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 3
[3 is OAKLEY_TIGER]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 1
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
[2 is OAKLEY_SHA]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 2
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 1
[1 is OAKLEY_MD5]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_NONE
  transform number: 3
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 1
[1 is OAKLEY_MD5]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 1
[1 is OAKLEY_GROUP_MODP768]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emitting length of ISAKMP Proposal Payload: 136 emitting length of ISAKMP Security Association Payload: 148 emitting length of ISAKMP Message: 176
transmitted 176 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066b30/0)

received packet
read 80 bytes from 140.174.2.9, port 500   2e 90 d3 36 0f 49 72 b7 b9 49 66 2e 1c 2c e5 9c   01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34   00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01   00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 02   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10 parse ISAKMP Message:
  initiator cookie: 2e 90 d3 36 0f 49 72 b7   responder cookie: b9 49 66 2e 1c 2c e5 9c   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 80
full state not found
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 52
half state found, state OAKLEY_MAIN_I_1
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  length: 52
  DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 40
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 1
parse ISAKMP Transform Payload (ISAKMP):   next payload type: ISAKMP_NEXT_NONE
  length: 32
  transform number: 1
  transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
[2 is OAKLEY_SHA]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

opening ./isakmp-secrets
secret used is [this is a test
], length = 15
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
Oakley Transform 1 accepted
copying 40 bytes of proposal into state object Local secret: 1565f63f8b5ea05dd2f021a3ce905f644cf08bba9c465607b6514fae087f7e0c Public value sent: 1ec7b15ac9019a73a22a857a83d8f11dd86ac203d55d78a43b582f7c9308cef738c9b20a991e073089d443e4fd77267cadae1bef877d11d1350fefa6518d6315261c09952b71ea5947a38aaf7e0d9959e6429a0280440d1a9ba092c28dd327c3543b4c029a8c70e3884884957708a2848eea9a5df5079b64c1aae30dc6b8f21e emit ISAKMP Message:
  initiator cookie: 2e 90 d3 36 0f 49 72 b7   responder cookie: b9 49 66 2e 1c 2c e5 9c   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload keyex value 1e c7 b1 5a c9 01 9a 73 a2 2a 85 7a 83 d8 f1 1d   d8 6a c2 03 d5 5d 78 a4 3b 58 2f 7c 93 08 ce f7   38 c9 b2 0a 99 1e 07 30 89 d4 43 e4 fd 77 26 7c   ad ae 1b ef 87 7d 11 d1 35 0f ef a6 51 8d 63 15   26 1c 09 95 2b 71 ea 59 47 a3 8a af 7e 0d 99 59   e6 42 9a 02 80 44 0d 1a 9b a0 92 c2 8d d3 27 c3   54 3b 4c 02 9a 8c 70 e3 88 48 84 95 77 08 a2 84   8e ea 9a 5d f5 07 9b 64 c1 aa e3 0d c6 b8 f2 1e emitting length of ISAKMP Key Exchange Payload: 132 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value 24 af 95 18 9f 49 9d db b0 55 ef 36 dc d6 d4 7a emitting length of ISAKMP Nonce Payload: 20 emitting length of ISAKMP Message: 180
my identity is 209.157.90.145
sending:
  2e 90 d3 36 0f 49 72 b7 b9 49 66 2e 1c 2c e5 9c   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   1e c7 b1 5a c9 01 9a 73 a2 2a 85 7a 83 d8 f1 1d   d8 6a c2 03 d5 5d 78 a4 3b 58 2f 7c 93 08 ce f7   38 c9 b2 0a 99 1e 07 30 89 d4 43 e4 fd 77 26 7c   ad ae 1b ef 87 7d 11 d1 35 0f ef a6 51 8d 63 15   26 1c 09 95 2b 71 ea 59 47 a3 8a af 7e 0d 99 59   e6 42 9a 02 80 44 0d 1a 9b a0 92 c2 8d d3 27 c3   54 3b 4c 02 9a 8c 70 e3 88 48 84 95 77 08 a2 84   8e ea 9a 5d f5 07 9b 64 c1 aa e3 0d c6 b8 f2 1e   00 00 00 14 24 af 95 18 9f 49 9d db b0 55 ef 36   dc d6 d4 7a
transmitted 180 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066b30/0)

received packet
read 180 bytes from 140.174.2.9, port 500   2e 90 d3 36 0f 49 72 b7 b9 49 66 2e 1c 2c e5 9c   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   8d 30 fd ce a7 45 3d 2b dc 68 24 37 dd 0a b3 85   17 f5 68 39 20 8b 19 d6 09 9f 1b fe bb 20 fa 46   43 d9 4a 91 d9 70 de 23 5a 19 98 ac 51 ff a2 b7   96 d8 ec 99 91 e7 94 ef bb b0 0d 9a c2 32 5c 04   de ff a5 f1 4b 72 c6 92 0d 7a c3 a8 65 5e d7 f1   f5 16 5c 31 61 08 70 d4 f6 4c ce 91 5b 4e d3 6d   d2 45 4d 78 55 9c 11 5e f3 37 7c cc a3 ff dd d7   8d e8 5f c1 95 3f 27 51 6f 35 a6 4a c9 63 38 54   00 00 00 14 44 20 75 c1 fb 1f cb dd 14 b1 f6 cb   9f ef 13 d1
parse ISAKMP Message:
  initiator cookie: 2e 90 d3 36 0f 49 72 b7   responder cookie: b9 49 66 2e 1c 2c e5 9c   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 180
full state found, state OAKLEY_MAIN_I_2
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
parse ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
public value received: 8d30fdcea7453d2bdc682437dd0ab38517f56839208b19d6099f1bfebb20fa4643d94a91d970de235a1998ac51ffa2b796d8ec9991e794efbbb00d9ac2325c04deffa5f14b72c6920d7ac3a8655ed7f1f5165c31610870d4f64cce915b4ed36dd2454d78559c115ef3377ccca3ffddd78de85fc1953f27516f35a64ac9633854 shared secret: a59613044b1037ab17dafcc922d858025e0e3f0f940b4a5e0ee59de93fedbaa586a1bc9e60de2bd447f5f3580508a17ef45c87ca45d274910e420f40a8152cc42b2feb7a282305f1c728b8ccc4af0d28c61f181355af7ec38097259737117cc2e6a9363db2044a78d1356fd5c9c29f13d6398725bef238b1768fd45b896f2ac opening ./isakmp-secrets
secret used is [this is a test
], length = 15
size of g^xy is 128
Skeyid: d0 6b 43 aa dd 9b 1f 19 65 8a 48 4a 28 5c 33 fc   d4 93 cc 68
Skeyid_d: 7a ba a1 fe 5a c7 46 93 c4 63 cd e1 28 2c ae 9b   dd bf 94 2b
Skeyid_a: ce 36 97 6a bc 82 2f bd b0 8e a5 b9 08 30 1e 8b   6e 7e 0d 61
Skeyid_e: 71 dd dc bc a9 56 4e e9 69 d1 15 a9 08 76 1b 83   52 4e f2 6e
IV: 81 21 7a 90 33 d2 0f b7 26 f8 cd 84 8c a6 17 49   e5 79 4f 75
emit ISAKMP Message:
  initiator cookie: 2e 90 d3 36 0f 49 72 b7   responder cookie: b9 49 66 2e 1c 2c e5 9c   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_HASH
  ID type: ID_IPV4_ADDR
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) my identity d1 9d 5a 91
emitting length of ISAKMP Identification Payload (IPsec DOI): 12 hashing 48 bytes of SA
Hashing my ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 HASH_I sent: 20 ca 3b 61 42 1a 38 61 90 cb 41 47 38 61 fc 34   da e7 80 be
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 20 raw bytes of HASH_I into ISAKMP Hash Payload HASH_I 20 ca 3b 61 42 1a 38 61 90 cb 41 47 38 61 fc 34   da e7 80 be
emitting length of ISAKMP Hash Payload: 24 encrypting:
  08 00 00 0c 01 00 00 00 d1 9d 5a 91 00 00 00 18   20 ca 3b 61 42 1a 38 61 90 cb 41 47 38 61 fc 34   da e7 80 be
emitting 4 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: cd 42 05 13 01 0e 6a 5f
emitting length of ISAKMP Message: 68
sending:
  2e 90 d3 36 0f 49 72 b7 b9 49 66 2e 1c 2c e5 9c   05 10 02 01 00 00 00 00 00 00 00 44 41 70 9c cc   25 30 48 67 54 31 d9 0d 97 6e 96 4f 40 72 2d c5   15 80 e1 06 09 ca 93 61 23 80 61 4c cd 42 05 13   01 0e 6a 5f
transmitted 68 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066b30/0)

# wait wait wait...

time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0) event EVENT_RETRANSMIT for 140.174.2.9, port 500, handled (0x8066b30) inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066b30/0)

time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0) event EVENT_RETRANSMIT for 140.174.2.9, port 500, handled (0x8066b30) inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066b30/0)

Can we help you?X

time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0) event EVENT_RETRANSMIT for 140.174.2.9, port 500, handled (0x8066b30) max number of retransmissions(2) reached for 140.174.2.9, port 500 next event EVENT_REINIT_SECRET in 3289 seconds ((nil)/0)

# now I have a debuging pluto on north, lets try it again.

received kernel message
read 84 bytes from "kernel" socket
initiating exchange with [140.174.2.9], port 500, goal GOAL_ENCRYPT+GOAL_AUTHENTICATE+GOAL_TUNNEL Proxying: 209.157.90.152/255.255.255.248<--->206.14.61.224/255.255.255.240 emit ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: 00 00 00 00 00 00 00 00   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  DOI: ISAKMP_DOI_IPSEC
emit IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 4
emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 0
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 3
[3 is OAKLEY_TIGER]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 1
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
[2 is OAKLEY_SHA]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 2
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 1
[1 is OAKLEY_MD5]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_NONE
  transform number: 3
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 1
[1 is OAKLEY_MD5]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 1
[1 is OAKLEY_GROUP_MODP768]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emitting length of ISAKMP Proposal Payload: 136 emitting length of ISAKMP Security Association Payload: 148 emitting length of ISAKMP Message: 176
transmitted 176 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066b30/0)

received packet
read 80 bytes from 140.174.2.9, port 500   96 68 f3 af 7c 24 74 05 bb 9c 31 2d 41 92 be d2   01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34   00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01   00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 02   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10 parse ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: bb 9c 31 2d 41 92 be d2   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 80
full state not found
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 52
half state found, state OAKLEY_MAIN_I_1
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  length: 52
  DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 40
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 1
parse ISAKMP Transform Payload (ISAKMP):   next payload type: ISAKMP_NEXT_NONE
  length: 32
  transform number: 1
  transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
[2 is OAKLEY_SHA]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

opening ./isakmp-secrets
secret used is [this is a test
], length = 15
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
Oakley Transform 1 accepted
copying 40 bytes of proposal into state object Local secret: 6230db2093dc05444a86ff736263d94d794fccea0e1db34056a9af7558a511ae Public value sent: 6f904a6034e1762ea0def201d3f282414215ec04d952a77f885b3a61284ba8937454a7ab1c022d60dd9611a53fef91a36b927d172aaede4bd7ea412ff09627a716924c5b9320b7539a50c2b97d6209ab175d197639bff49e490cd1148242deb865cea8d6a5c3bcd009836cfc0435672c6d53673327482473def2331ac16c18e1 emit ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: bb 9c 31 2d 41 92 be d2   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload keyex value 6f 90 4a 60 34 e1 76 2e a0 de f2 01 d3 f2 82 41   42 15 ec 04 d9 52 a7 7f 88 5b 3a 61 28 4b a8 93   74 54 a7 ab 1c 02 2d 60 dd 96 11 a5 3f ef 91 a3   6b 92 7d 17 2a ae de 4b d7 ea 41 2f f0 96 27 a7   16 92 4c 5b 93 20 b7 53 9a 50 c2 b9 7d 62 09 ab   17 5d 19 76 39 bf f4 9e 49 0c d1 14 82 42 de b8   65 ce a8 d6 a5 c3 bc d0 09 83 6c fc 04 35 67 2c   6d 53 67 33 27 48 24 73 de f2 33 1a c1 6c 18 e1 emitting length of ISAKMP Key Exchange Payload: 132 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value 6e 87 1c f3 49 1d 35 1b 76 77 60 0b 44 db 27 51 emitting length of ISAKMP Nonce Payload: 20 emitting length of ISAKMP Message: 180
my identity is 209.157.90.145
sending:
  96 68 f3 af 7c 24 74 05 bb 9c 31 2d 41 92 be d2   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   6f 90 4a 60 34 e1 76 2e a0 de f2 01 d3 f2 82 41   42 15 ec 04 d9 52 a7 7f 88 5b 3a 61 28 4b a8 93   74 54 a7 ab 1c 02 2d 60 dd 96 11 a5 3f ef 91 a3   6b 92 7d 17 2a ae de 4b d7 ea 41 2f f0 96 27 a7   16 92 4c 5b 93 20 b7 53 9a 50 c2 b9 7d 62 09 ab   17 5d 19 76 39 bf f4 9e 49 0c d1 14 82 42 de b8   65 ce a8 d6 a5 c3 bc d0 09 83 6c fc 04 35 67 2c   6d 53 67 33 27 48 24 73 de f2 33 1a c1 6c 18 e1   00 00 00 14 6e 87 1c f3 49 1d 35 1b 76 77 60 0b   44 db 27 51
transmitted 180 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066b30/0)

received packet
read 180 bytes from 140.174.2.9, port 500   96 68 f3 af 7c 24 74 05 bb 9c 31 2d 41 92 be d2   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   17 4d 66 5d fc 5a d7 66 b1 70 b1 ae 82 5b 54 7d   2b 37 a7 4f d2 ac 58 a4 ef 16 fe b2 1d 5d 2e 60   ab 4f 30 22 ba 66 73 55 5b 2c cd 42 fa c0 32 40   31 b9 14 cf 4d a5 0e 29 e2 f6 8f e5 3c 20 72 28   50 13 1e dd 00 4d ef 6b 55 37 cb d7 6e 0b c5 6e   94 03 f8 5c af 74 0b 8d a8 cd 08 80 e6 e2 2b 1d   79 2f a7 49 ce 44 15 e8 de 4a d5 73 42 aa 55 dc   a4 c5 bd 63 0c 41 47 36 9b b7 a8 4f 71 00 eb 0f   00 00 00 14 75 09 67 04 99 d4 15 fb 11 c5 fb 10   a9 ec 8b 2b
parse ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: bb 9c 31 2d 41 92 be d2   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 180
full state found, state OAKLEY_MAIN_I_2
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
parse ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
public value received: 174d665dfc5ad766b170b1ae825b547d2b37a74fd2ac58a4ef16feb21d5d2e60ab4f3022ba6673555b2ccd42fac0324031b914cf4da50e29e2f68fe53c20722850131edd004def6b5537cbd76e0bc56e9403f85caf740b8da8cd0880e6e22b1d792fa749ce4415e8de4ad57342aa55dca4c5bd630c4147369bb7a84f7100eb0f shared secret: 2ed970558869fbe4d974f23d34d3c50082eae11a9d5e62e6e3b499d29762a1638a9e4792a86419f2804f59f92b52d11def9c296a11b9a9fe97de9b794c4cb5e24871291081949477a01cae983c1f79d98e96ac47c4a417821678bed7938ecd920660afbb3a63a185fd818433ea5ed687f7623681457ec423068067647a85735e opening ./isakmp-secrets
secret used is [this is a test
], length = 15
size of g^xy is 128
Skeyid: 18 23 3b 72 4d 08 b5 b0 02 67 84 4f 37 61 3e 30   f2 73 85 c1
Skeyid_d: 37 a4 41 7b 7c e5 ed 8a 2d 29 ff f8 2a 9e 5a 4f   d9 84 e9 07
Skeyid_a: 98 56 da 5e d1 20 15 12 82 ab 58 c2 60 1f ff 17   1f 65 4a 75
Skeyid_e: 0b 38 97 f5 42 e5 7c 9b f7 4c a0 8b 12 ad 9a 54   17 ab 54 91
IV: 45 5e de ec 5e 97 28 bd ae a8 5f ee 54 83 e4 25   1c 86 d5 e2
emit ISAKMP Message:
  initiator cookie: 96 68 f3 af 7c 24 74 05   responder cookie: bb 9c 31 2d 41 92 be d2   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_HASH
  ID type: ID_IPV4_ADDR
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) my identity d1 9d 5a 91
emitting length of ISAKMP Identification Payload (IPsec DOI): 12 hashing 48 bytes of SA
Hashing my ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 HASH_I sent: 1b 8b 63 92 c1 86 b1 03 41 43 17 05 85 70 22 47   7b c4 58 9b
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 20 raw bytes of HASH_I into ISAKMP Hash Payload HASH_I 1b 8b 63 92 c1 86 b1 03 41 43 17 05 85 70 22 47   7b c4 58 9b
emitting length of ISAKMP Hash Payload: 24 encrypting:
  08 00 00 0c 01 00 00 00 d1 9d 5a 91 00 00 00 18   1b 8b 63 92 c1 86 b1 03 41 43 17 05 85 70 22 47   7b c4 58 9b
emitting 4 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: 1a fa 4c 51 b9 d9 9c d9
emitting length of ISAKMP Message: 68
sending:
  96 68 f3 af 7c 24 74 05 bb 9c 31 2d 41 92 be d2   05 10 02 01 00 00 00 00 00 00 00 44 f1 e4 dd 3b   a3 03 df 13 5a 25 fd 85 ca 1b 6f 8e d1 84 ca 88   9f 1a 32 db 8d dd a8 5e 4e d9 ed 0a 1a fa 4c 51   b9 d9 9c d9
transmitted 68 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066b30/0)

time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0) event EVENT_RETRANSMIT for 140.174.2.9, port 500, handled (0x8066b30) inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066b30/0)

time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0) event EVENT_RETRANSMIT for 140.174.2.9, port 500, handled (0x8066b30) inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066b30/0)

time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0) event EVENT_RETRANSMIT for 140.174.2.9, port 500, handled (0x8066b30) max number of retransmissions(2) reached for 140.174.2.9, port 500 next event EVENT_REINIT_SECRET in 2920 seconds ((nil)/0)

Can't find what you're looking for?X

root@east >
Script done on Thu May 14 15:48:17 1998

  • ipsec_systat output on east ------------------------- # ipsec_systat on east.toad.com at Thu May 14 15:56:06 PDT 1998 Linux east.toad.com 2.0.33 #25 Thu May 7 01:35:15 PDT 1998 i586

# cat /proc/version
Linux version 2.0.33 (root@east.toad.com) (gcc version 2.7.2.1) #25 Thu May 7 01:35:15 PDT 1998

# cat /proc/net/ipsec-eroute
(209.157.90.152/255.255.255.248 -> 209.157.90.160/255.255.255.248) => (209.157.90.146, 0x00000115)

# cat /proc/net/ipsec-spi 

(209.157.90.146, 00000115, 1: [209.157.90.145 -> 209.157.90.146])
(209.157.90.146, 00000113, 10: iv = df 84 53 e2 84 59 57 42 seq = 0x00a53a9d, bit = 00000000, win = 0 flags = 0 <RESPONDER>)
(209.157.90.145, 00000111, 10: iv = 00 00 00 00 00 00 00 00 seq = 0x0048deea, bit = 00000001, win = 0 flags = 0 <RESPONDER>)


#  cat /proc/net/dev
Inter-|   Receive                  |  Transmit
 face |packets errs drop fifo frame|packets errs drop fifo colls carrier
    lo:     20    0    0    0    0       20    0    0    0     0    0
 tunl0:      0    0    0    0    0        0    0    0    0     0    0
 tunl1:      0    0    0    0    0        0    0    0    0     0    0
 dummy: No statistics available.
 plip1:      0    0    0    0    0        0    0    0    0     0    0
  eth0:4808967    0    0    0    0 11041112    0    0    0   708    0
  eth1:13366681    0    0    0    0  4848250    0    0    0  7077    0
ipsec0:      0    0    0    0    0 10828445    0    0    0     0    0
ipsec1:      0    0    0    0    0        0    0    0    0     0    0

# netstat -nr
Kernel IP routing table 

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
209.157.90.144  0.0.0.0         255.255.255.248 U      1500 0          0 eth0
209.157.90.160  209.157.90.146  255.255.255.248 UG     1404 0          0 ipsec0
209.157.90.152  0.0.0.0         255.255.255.248 U      1500 0          0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U      3584 0          0 lo
0.0.0.0         209.157.90.150  0.0.0.0         UG     1500 0          0 eth0


#  ifconfig -a
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:20 errors:0 dropped:0 overruns:0
          TX packets:20 errors:0 dropped:0 overruns:0

eth0      Link encap:10Mbps Ethernet  HWaddr 00:A0:24:D8:51:2F

Don't know where to look next?X

          inet addr:209.157.90.145  Bcast:209.157.90.151  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4808967 errors:0 dropped:0 overruns:0
          TX packets:11041112 errors:0 dropped:0 overruns:0
          Interrupt:10 Base address:0xfe80 

eth1      Link encap:10Mbps Ethernet  HWaddr 00:A0:24:97:8C:97
          inet addr:209.157.90.158  Bcast:209.157.90.159  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13366681 errors:0 dropped:0 overruns:0
          TX packets:4848250 errors:0 dropped:0 overruns:0
          Interrupt:3 Base address:0xff40 

ipsec0    Link encap:IPIP Tunnel  HWaddr 
          inet addr:209.157.90.145  Bcast:209.157.90.255  Mask:255.255.255.248
          UP RUNNING NOARP  MTU:1404  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0
          TX packets:10828445 errors:0 dropped:0 overruns:0



#  cat /proc/modules
ipsec             19		1


#  cat /proc/meminfo
        total:    used:    free:  shared: buffers:  cached:
Mem:  31739904 30494720  1245184  7151616 12488704 12079104
Swap: 133885952        0 133885952
MemTotal:     30996 kB
MemFree:       1216 kB
MemShared:     6984 kB
Buffers:      12196 kB
Cached:       11796 kB

SwapTotal: 130748 kB
SwapFree: 130748 kB

# cat /proc/net/ip_forward
IP firewall forward rules, default 4

# cat /proc/net/ip_input
IP firewall input rules, default 4

# cat /proc/net/ip_output
IP firewall output rules, default 4

Confused? Frustrated?X

# cat /proc/net/route 

Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask		MTU	Window	IRTT                                                       
eth0	905A9DD1	00000000	01	0	6	0	F8FFFFFF	1500	0	0                                                                              
ipsec0	A05A9DD1	925A9DD1	03	0	2	0	F8FFFFFF	1404	0	0                                                                            
eth1	985A9DD1	00000000	01	0	1	0	F8FFFFFF	1500	0	0                                                                              
lo	0000007F	00000000	01	0	4	0	000000FF	3584	0	0                                                                                
eth0	00000000	965A9DD1	03	0	8	0	00000000	1500	0	0                                                                              

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365X

# grep IP /usr/src/linux/.config 

CONFIG_SYSVIPC=y
CONFIG_IP_FORWARD=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_VERBOSE=y

# CONFIG_IP_MASQUERADE is not set 
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ACCT=y
CONFIG_IP_ROUTER=y
CONFIG_NET_IPIP=m

# CONFIG_IP_ALIAS is not set
CONFIG_IP_NOSR=y
# CONFIG_IPX is not set 
CONFIG_IPSEC=m
CONFIG_IPSEC_IPIP=y
CONFIG_IPSEC_AH=y
CONFIG_IPSEC_AH_HMAC_MD5=y
CONFIG_IPSEC_AH_HMAC_SHA1=y
CONFIG_IPSEC_AH_MD5=y
CONFIG_IPSEC_ESP=y
CONFIG_IPSEC_ESP_DES_CBC=y
CONFIG_IPSEC_ESP_DES_MD5=y
CONFIG_IPSEC_ESP_3DES_MD5=y
CONFIG_IPSEC_ESP_DES_MD5_96=y
CONFIG_IPSEC_ESP_3DES_MD5_96=y

DEBUG_IPSEC=y
CONFIG_PLIP=y
# CONFIG_SLIP is not set

# tail -256 /var/log/messages | grep "ipsec\|XXX" > /tmp/ipsec_systat.5526 

May  8 18:57:28 east kernel: ipsec_tunnel_init: tunneling code 0.8
May  8 18:57:28 east kernel: ipsec_tunnel_attach: physical device eth0 being attached has HW address:  0:a0:24:d8:51:2f
May 12 08:19:47 east kernel: ipsec_tunnel_init: tunneling code 0.8
May 12 08:19:47 east kernel: ipsec_tunnel_attach: physical device eth0 being attached has HW address:  0:a0:24:d8:51:2f
May 13 17:33:06 east syslog: error: cannot execute /home/hugh/bin/scripts/ipsec_systat: Exec format error
May 13 17:33:28 east syslog: error: cannot execute /home/hugh/bin/scripts/ipsec_systat: Exec format error
May 14 00:11:17 east kernel: ipsec_tunnel_init: tunneling code 0.8
May 14 00:11:17 east kernel: ipsec_tunnel_attach: physical device eth0 being attached has HW address:  0:a0:24:d8:51:2f

# ipsec_systat finished at Thu May 14 15:56:06 PDT 1998

# cat /proc/version
Linux version 2.0.33 (root@north.toad.com) (gcc version 2.7.2) #18 Thu May 14 13:44:00 PDT 1998

# cat /proc/net/ipsec-eroute

# cat /proc/net/ipsec-spi

# cat /proc/net/dev 

Inter-|   Receive                  |  Transmit
 face |packets errs drop fifo frame|packets errs drop fifo colls carrier
    lo:      0    0    0    0    0        0    0    0    0     0    0
 tunl0:      0    0    0    0    0        0    0    0    0     0    0
 tunl1:      0    0    0    0    0        0    0    0    0     0    0
 dummy: No statistics available.
 plip1:      0    0    0    0    0        0    0    0    0     0    0

Do you need more help?X

  eth0:   2934    0    0    0    0     1636    0    0    0     6    0
  eth1:      0    0    0    0    0        0    0    0    0     0    0
ipsec0:      0    0    0    0    0        0    0    0    0     0    0
ipsec1:      0    0    0    0    0        0    0    0    0     0    0
Do you need help?X

# netstat -nr
Kernel IP routing table 

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
206.14.61.224   0.0.0.0         255.255.255.240 U      1500 0          0 eth1
140.174.2.0     0.0.0.0         255.255.255.0   U      1500 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U      3584 0          0 lo
0.0.0.0         140.174.2.23    0.0.0.0         UG     1500 0          0 eth0


#  ifconfig -a
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0
          TX packets:0 errors:0 dropped:0 overruns:0

eth0      Link encap:10Mbps Ethernet  HWaddr 00:A0:24:C9:E6:E5
          inet addr:140.174.2.9  Bcast:140.174.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2934 errors:0 dropped:0 overruns:0
          TX packets:1636 errors:0 dropped:0 overruns:0
          Interrupt:10 Base address:0xff40 

eth1      Link encap:10Mbps Ethernet  HWaddr 00:A0:24:C9:E6:DA
          inet addr:206.14.61.238  Bcast:206.14.61.239  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0
          TX packets:0 errors:0 dropped:0 overruns:0
          Interrupt:3 Base address:0xff00 



#  cat /proc/modules
ipsec             19		0


#  cat /proc/meminfo
        total:    used:    free:  shared: buffers:  cached:

Can we help you?X

Mem:  15241216 14725120   516096  6074368  4390912  6455296
Swap: 133885952        0 133885952
MemTotal:     14884 kB
MemFree:        504 kB
MemShared:     5932 kB
Buffers:       4288 kB
Cached:        6304 kB

SwapTotal: 130748 kB
SwapFree: 130748 kB

# cat /proc/net/ip_forward
IP firewall forward rules, default 4

# cat /proc/net/ip_input
IP firewall input rules, default 4

# cat /proc/net/ip_output
IP firewall output rules, default 4

# cat /proc/net/route 

Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask		MTU	Window	IRTT                                                       
eth1	E03D0ECE	00000000	01	0	0	0	F0FFFFFF	1500	0	0                                                                              
eth0	0002AE8C	00000000	01	0	8	0	00FFFFFF	1500	0	0                                                                              
lo	0000007F	00000000	01	0	0	0	000000FF	3584	0	0                                                                                
eth0	00000000	1702AE8C	03	0	5	0	00000000	1500	0	0

# grep IP /usr/src/linux/.config 

CONFIG_SYSVIPC=y
CONFIG_IP_FORWARD=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_VERBOSE=y

# CONFIG_IP_MASQUERADE is not set 
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ACCT=y
CONFIG_IP_ROUTER=y
CONFIG_NET_IPIP=y

# CONFIG_IP_ALIAS is not set
CONFIG_IP_NOSR=y
# CONFIG_IPX is not set 
CONFIG_IPSEC=m
CONFIG_IPSEC_IPIP=y
CONFIG_IPSEC_AH=y
CONFIG_IPSEC_AH_HMAC_MD5=y
CONFIG_IPSEC_AH_HMAC_SHA1=y
CONFIG_IPSEC_AH_MD5=y
CONFIG_IPSEC_ESP=y
CONFIG_IPSEC_ESP_DES_CBC=y
CONFIG_IPSEC_ESP_DES_MD5=y
CONFIG_IPSEC_ESP_3DES_MD5=y
CONFIG_IPSEC_ESP_DES_MD5_96=y
CONFIG_IPSEC_ESP_3DES_MD5_96=y

DEBUG_IPSEC=y
CONFIG_PLIP=y
# CONFIG_SLIP is not set

# tail -256 /var/log/messages | grep "ipsec\|XXX" > /tmp/ipsec_systat.1594 

May 10 03:55:51 north kernel: ipsec_tunnel_init: tunneling code 0.8
May 10 03:55:52 north kernel: ipsec_callback: groupspis: no TDB for 0xce0e3de0, 0xc1a0800
May 10 03:55:52 north kernel: ipsec_callback: meaning -- tried to group a non-existant SPIipsec_callback: groupspis: no TDB for 0x8cae0200, 0xc1a0800
May 10 03:55:53 north kernel: ipsec_callback: meaning -- tried to group a non-existant SPIipsec_callback: groupspis: no TDB for 0xce0e3de0, 0xc1a0800

Can't find what you're looking for?X

May 14 14:18:59 north kernel: ipsec_tunnel_init: tunneling code 0.8
May 14 14:19:00 north kernel: ipsec_tunnel_attach: physical device eth0 being attached has HW address:  0:a0:24:c9:e6:e5
May 14 14:19:00 north kernel: ipsec_callback: groupspis: no TDB for 0xce0e3de0, 0xc1a0800
May 14 14:19:01 north kernel: ipsec_callback: meaning -- tried to group a non-existant SPIipsec_callback: groupspis: no TDB for 0x8cae0200, 0xc1a0800
May 14 14:19:01 north kernel: ipsec_callback: meaning -- tried to group a non-existant SPIipsec_callback: groupspis: no TDB for 0xce0e3de0, 0xc1a0800
May 14 14:25:18 north kernel: ipsec_tunnel_init: tunneling code 0.8

# ipsec_systat finished at Thu May 14 15:58:21 PDT 1998 Received on Thu May 14 20:25:56 1998

Don't know where to look next?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:10 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library