Hosting Provided By

linux-ipsec: Annoying problem with Pluto

From: Hugh Daniel <hugh(at)road.toad.com>
Date: Tue May 19 1998 - 04:40:34 EDT

The short form of this is that I was trying out the freeswan-0.8 pluto to see how it worked and the second time I ran it (ie the first time I ran it and it set up a SA, then I ran it again) it crash out on me due to problems writing to something in add_route(). Makes things kind of hard to test of you can't run pluto more then once per reboot.
I will append the two pluto outputs and the whack output.

		||ugh Daniel
		hugh@toad.com

			Systems Testing & Project mis-Management
			The Linux FreeS/WAN Project
			
http://www.xs4all.nl/~freeswan

-------  pluto on east.toad.com (where I ran whack)  ----------------

Script started on Tue May 19 01:10:40 1998 .bashrc@east.toad.com
[H[2Jroot@east > pluto
opening /dev/urandom
inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds init_socket(): listening to port 500

listening at 127.0.0.1
listening at 209.157.90.145
listening at 209.157.90.158
listening at 209.157.90.145

listening at 4 interfaces
init_kernelfd(): listening to port 501
socket numbers:
4 5 6 7 8
kernel socket: 9
next event EVENT_REINIT_SECRET in 3600 seconds ((nil)/0)

received kernel message
read 84 bytes from "kernel" socket
initiating exchange with [140.174.2.9], port 500, goal GOAL_ENCRYPT+GOAL_AUTHENTICATE+GOAL_TUNNEL Proxying: 209.157.90.152/255.255.255.248<--->206.14.61.224/255.255.255.240 emit ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 00 00 00 00 00 00 00 00   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  DOI: ISAKMP_DOI_IPSEC
emit IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 4
emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 0
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 3
[3 is OAKLEY_TIGER]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 1
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
[2 is OAKLEY_SHA]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 2
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 1
[1 is OAKLEY_MD5]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_NONE
  transform number: 3
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 1
[1 is OAKLEY_MD5]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 1
[1 is OAKLEY_GROUP_MODP768]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emitting length of ISAKMP Proposal Payload: 136 emitting length of ISAKMP Security Association Payload: 148 emitting length of ISAKMP Message: 176
transmitted 176 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066640/0)

received packet
read 80 bytes from 140.174.2.9, port 500   3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34   00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01   00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 02   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10 parse ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 80
full state not found
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 52
half state found, state OAKLEY_MAIN_I_1
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  length: 52
  DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 40
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 1
parse ISAKMP Transform Payload (ISAKMP):   next payload type: ISAKMP_NEXT_NONE
  length: 32
  transform number: 1
  transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
[2 is OAKLEY_SHA]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

opening ./isakmp-secrets
secret used is [this is a test], length = 14 parse ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
Oakley Transform 1 accepted
copying 40 bytes of proposal into state object Local secret: 31a6e70ddf2b751169e4acc793d35cc0fb4b4b012909cb8eff81066b0b215a93 Public value sent: 81e94421442063cd88c591ab4906c4d04045d488d9e9de4cecc433ff2c5f59be946a2d598ea447400f515af9c36ac44e8291e13139a9acf4a7e02f8328cf2978e4090605668357ec1b1c2ded008a5804416485c2572c43648d9b1fa1193b82c853cc454dc26bd7b60d376d0833cfad42efd54363fa1ce574894ce21a6e0640be emit ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload keyex value 81 e9 44 21 44 20 63 cd 88 c5 91 ab 49 06 c4 d0   40 45 d4 88 d9 e9 de 4c ec c4 33 ff 2c 5f 59 be   94 6a 2d 59 8e a4 47 40 0f 51 5a f9 c3 6a c4 4e   82 91 e1 31 39 a9 ac f4 a7 e0 2f 83 28 cf 29 78   e4 09 06 05 66 83 57 ec 1b 1c 2d ed 00 8a 58 04   41 64 85 c2 57 2c 43 64 8d 9b 1f a1 19 3b 82 c8   53 cc 45 4d c2 6b d7 b6 0d 37 6d 08 33 cf ad 42   ef d5 43 63 fa 1c e5 74 89 4c e2 1a 6e 06 40 be emitting length of ISAKMP Key Exchange Payload: 132 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value fc fe 4c 10 14 23 c5 2d 82 7e 4d c1 65 b9 99 a2 emitting length of ISAKMP Nonce Payload: 20 emitting length of ISAKMP Message: 180
my identity is 209.157.90.145
sending:
  3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   81 e9 44 21 44 20 63 cd 88 c5 91 ab 49 06 c4 d0   40 45 d4 88 d9 e9 de 4c ec c4 33 ff 2c 5f 59 be   94 6a 2d 59 8e a4 47 40 0f 51 5a f9 c3 6a c4 4e   82 91 e1 31 39 a9 ac f4 a7 e0 2f 83 28 cf 29 78   e4 09 06 05 66 83 57 ec 1b 1c 2d ed 00 8a 58 04   41 64 85 c2 57 2c 43 64 8d 9b 1f a1 19 3b 82 c8   53 cc 45 4d c2 6b d7 b6 0d 37 6d 08 33 cf ad 42   ef d5 43 63 fa 1c e5 74 89 4c e2 1a 6e 06 40 be   00 00 00 14 fc fe 4c 10 14 23 c5 2d 82 7e 4d c1   65 b9 99 a2
transmitted 180 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066640/0)

received packet
read 180 bytes from 140.174.2.9, port 500   3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   43 04 22 1c 81 8e ad 00 bd 4b 15 92 6b 7b 58 b2   32 6d 01 2e f0 7d 4d 9e 10 2e c2 ca fc 29 14 d0   a6 59 78 ea e5 3f 34 fd be 44 ad 94 6f d1 5f 14   31 4e 16 e2 c6 59 72 1f b4 ea e7 90 85 71 56 8f   6d 86 98 6f b8 d9 ed ab cb d2 e9 ab f3 39 ec 3c   25 fd 9e 0b f7 6d 7d 82 5e 03 36 67 b6 cf f1 67   7f 33 1c 2e a4 16 9c af 75 8a 36 3b aa ed 76 08   ab fb 47 d0 5d 6d db 4b d6 7d 3d 34 fa b2 a3 29   00 00 00 14 70 ce 8b 7c fd 16 b8 2b b7 39 c8 1d   32 3b 05 c3
parse ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 180
full state found, state OAKLEY_MAIN_I_2
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
parse ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
public value received: 4304221c818ead00bd4b15926b7b58b2326d012ef07d4d9e102ec2cafc2914d0a65978eae53f34fdbe44ad946fd15f14314e16e2c659721fb4eae7908571568f6d86986fb8d9edabcbd2e9abf339ec3c25fd9e0bf76d7d825e033667b6cff1677f331c2ea4169caf758a363baaed7608abfb47d05d6ddb4bd67d3d34fab2a329 shared secret: 686ed6ce98cc410ea2285aa34868c323b75209d3320bedc007ef53ab5fe76f31dace2bbab9a1b1fc161f7460e354cbbbc9dab9f11cc0a259afbc7fff4c290b9bd47083c985de6f839e34ebf7c08585381210032dbed7768b08e6e9bcdf883ae2275841c3e02ad5c14f7ad66e509b99a26c1081990daec4cc2999410842a48a33 opening ./isakmp-secrets
secret used is [this is a test], length = 14 size of g^xy is 128
Skeyid: 0a 1d ad fb ce 94 b9 7f 97 e2 4f 0b 5d b7 3b 5c   3d 8a 32 0c
Skeyid_d: 46 08 2d 22 73 4f 66 12 50 71 85 13 cc f7 95 91   59 0d ed e1
Skeyid_a: b7 1c 3c 5e 71 d2 e0 35 4b f2 10 07 7c ed d2 fa   74 87 8c 32
Skeyid_e: 10 a8 37 52 21 60 89 1a 24 24 21 59 89 f4 a8 6c   cf 73 19 12
IV: a6 35 e9 61 b0 e3 23 78 c0 cd fa 05 5b 06 0c 05   6f 1a 59 67
emit ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_HASH
  ID type: ID_IPV4_ADDR
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) my identity d1 9d 5a 91
emitting length of ISAKMP Identification Payload (IPsec DOI): 12 hashing 48 bytes of SA
Hashing my ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 HASH_I sent: 0a 16 a8 6b b0 9e 55 f2 17 d8 98 12 a5 bb 5b 27   ca 76 c3 76
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 20 raw bytes of HASH_I into ISAKMP Hash Payload HASH_I 0a 16 a8 6b b0 9e 55 f2 17 d8 98 12 a5 bb 5b 27   ca 76 c3 76
emitting length of ISAKMP Hash Payload: 24 encrypting:
  08 00 00 0c 01 00 00 00 d1 9d 5a 91 00 00 00 18   0a 16 a8 6b b0 9e 55 f2 17 d8 98 12 a5 bb 5b 27   ca 76 c3 76
emitting 4 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: 90 45 ac 07 79 71 af f2
emitting length of ISAKMP Message: 68
sending:
  3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   05 10 02 01 00 00 00 00 00 00 00 44 4d e6 6c bc   2d 16 1c 8e 28 c2 ee d5 6e d5 73 9a ac 66 b1 e6   a8 93 cc ac fe 44 21 9b 00 b9 28 84 90 45 ac 07   79 71 af f2
transmitted 68 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066640/0)

received packet
read 68 bytes from 140.174.2.9, port 500   3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   05 10 02 01 00 00 00 00 00 00 00 44 12 55 d8 52   92 4a a0 d2 2a be 8e 56 7c e5 2c bc fc ea 9e 51   f7 e7 1c 7f 18 e1 52 ef fa 6e b9 27 aa 43 6d 1f   4d 3f cb a9
parse ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
  length: 68
full state found, state OAKLEY_MAIN_I_3
received encrypted packet from 140.174.2.9, port 500 decrypting 40 bytes using algorithm OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: aa 43 6d 1f 4d 3f cb a9
decrypted:
  08 00 00 0c 01 00 00 00 8c ae 02 09 00 00 00 18   25 e7 2b 6b 8c f2 ab 63 d4 7b 9d 5d fe 4a 08 fb   6a a4 8c b9 00 00 00 00
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_HASH
  length: 12
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 24
removing 4 bytes of padding
last encrypted Phase 1 block: aa 43 6d 1f 4d 3f cb a9 parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_HASH
  length: 12
  ID type: ID_IPV4_ADDR
  Protocol ID: 0
  port: 0
IDir type is ID_IPV4_ADDR: 140.174.2.9
parse ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 24
hashing 48 bytes of SA
Hashing his ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 computed HASH_R: 25 e7 2b 6b 8c f2 ab 63 d4 7b 9d 5d fe 4a 08 fb   6a a4 8c b9
received HASH_R: 25 e7 2b 6b 8c f2 ab 63 d4 7b 9d 5d fe 4a 08 fb   6a a4 8c b9
Doing Quick Mode with 140.174.2.9, port 500, goal GOAL_ENCRYPT+GOAL_AUTHENTICATE+GOAL_TUNNEL find_messageid(): search failed, no structure for 140.174.2.9, port 500 inserting messageid structure for 140.174.2.9, port 500 MSG-ID is 0x00000001
emit ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_HASH
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_QUICK
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 01 00 00 00
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_SA
emitting 20 zero bytes of HASH(1) into ISAKMP Hash Payload emitting length of ISAKMP Hash Payload: 24 Protocol: PROTO_IPSEC_ESP
IPsec SPI sent: 00 00 01 00
Transform: ESP_3DES
SA lifetime (seconds): 28800
Encapsulation mode: ENCAPSULATION_MODE_TUNNEL AUTH algorithm: AUTH_ALGORITHM_HMAC_MD5
raw proposal:
  00 00 00 24 01 03 04 01 00 00 01 00 00 00 00 18   01 03 00 00 80 01 00 01 80 02 70 80 80 04 00 01   80 05 00 01
emitting 48 raw bytes of SA payload into ISAKMP Message SA payload 0a 00 00 30 00 00 00 01 00 00 00 01 00 00 00 24   01 03 04 01 00 00 01 00 00 00 00 18 01 03 00 00   80 01 00 01 80 02 70 80 80 04 00 01 80 05 00 01 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_ID
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value 0c 3e bd 1e ae 20 d3 84 09 ec 34 4b ee 10 ab 75 emitting length of ISAKMP Nonce Payload: 20 Ni sent: 0c 3e bd 1e ae 20 d3 84 09 ec 34 4b ee 10 ab 75 emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_ID
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of initiator's client network into ISAKMP Identification Payload (IPsec DOI) initiator's client network d1 9d 5a 98
emitting 4 raw bytes of initiator's client mask into ISAKMP Identification Payload (IPsec DOI) initiator's client mask ff ff ff f8
emitting length of ISAKMP Identification Payload (IPsec DOI): 16 emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_NONE
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of peer's client network into ISAKMP Identification Payload (IPsec DOI) peer's client network ce 0e 3d e0
emitting 4 raw bytes of peer's client mask into ISAKMP Identification Payload (IPsec DOI) peer's client mask ff ff ff f0
emitting length of ISAKMP Identification Payload (IPsec DOI): 16 HASH(1) computed: 26 f8 11 15 11 05 51 b7 42 3a b3 16 45 4c 63 6f   d2 25 44 de
computed Phase 2 IV: 77 fd 33 48 cc cd 72 b4 73 bb 84 ea 7e c3 de 00   4e 56 cd ce
encrypting:
  01 00 00 18 26 f8 11 15 11 05 51 b7 42 3a b3 16   45 4c 63 6f d2 25 44 de 0a 00 00 30 00 00 00 01   00 00 00 01 00 00 00 24 01 03 04 01 00 00 01 00   00 00 00 18 01 03 00 00 80 01 00 01 80 02 70 80   80 04 00 01 80 05 00 01 05 00 00 14 0c 3e bd 1e   ae 20 d3 84 09 ec 34 4b ee 10 ab 75 05 00 00 10   04 00 00 00 d1 9d 5a 98 ff ff ff f8 00 00 00 10   04 00 00 00 ce 0e 3d e0 ff ff ff f0
emitting 4 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: ce bb d6 5a e3 45 30 64
emitting length of ISAKMP Message: 156
sending:
  3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   08 10 20 01 01 00 00 00 00 00 00 9c ef 59 da c1   23 f4 03 c3 01 dd 66 26 8e 52 dc be 95 ec 9f db   49 ab 39 7e e4 71 c8 6c ab 2c 5d 7b 6c d0 62 e7   e1 bc 0f ce f4 b5 f1 bb 3e 19 26 35 a5 2a 83 1c   bf aa b2 f3 64 fb c8 8a d8 fc 22 81 32 0d 5d f3   30 e4 e0 14 f1 3e 5c e7 58 1f 61 3a 4f 7a 35 9e   58 b3 88 5c 4b e7 19 fd 3a 2c c5 75 cb a9 61 75   c2 12 da e3 88 f4 5f 83 b3 4f 22 f2 9b e4 1d 70   7d 69 f1 86 ce bb d6 5a e3 45 30 64
transmitted 156 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds event added after event EVENT_RETRANSMIT (0x8066640/0) inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds event added after event EVENT_REINIT_SECRET ((nil)/0) next event EVENT_RETRANSMIT in 30 seconds (0x8066da8/0)

received packet
read 156 bytes from 140.174.2.9, port 500   3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   08 10 20 01 01 00 00 00 00 00 00 9c e6 3a 1f 8d   5c 8f f6 bc d5 2e 6b 2e d0 1a ce c7 77 c5 29 39   ee e1 b9 57 87 d6 b9 4b f9 ca 4b fa 6f cf 43 2b   7c 2f 89 1d 85 42 bc f8 c7 8c 08 51 7b b7 7c 42   52 40 3b a6 fb 49 36 43 73 7c 7d f4 d9 84 50 14   44 d5 78 6e f7 a4 bb 98 e3 7a f7 09 35 eb 78 97   67 d3 3e e0 4c d8 3b 60 09 c2 95 c3 d7 c7 1a 7b   50 3a 88 a2 56 ed 6e 18 80 10 4f 0f be a9 80 f3   00 e1 54 d2 3d ff 8b b7 08 9d b6 b7
parse ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_HASH
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_QUICK
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 01 00 00 00
  length: 156
full state found, state OAKLEY_QUICK_I_1 received encrypted packet from 140.174.2.9, port 500 decrypting 128 bytes using algorithm OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: 3d ff 8b b7 08 9d b6 b7
decrypted:
  01 00 00 18 75 62 e2 86 a9 dc 1b 86 45 26 70 f2   2b ca c0 48 d5 4c be 14 0a 00 00 30 00 00 00 01   00 00 00 01 00 00 00 24 01 03 04 01 00 00 01 00   00 00 00 18 01 03 00 00 80 01 00 01 80 02 70 80   80 04 00 01 80 05 00 01 05 00 00 14 30 78 36 53   84 92 87 88 ac e4 56 1b d4 d1 13 9c 05 00 00 10   04 00 00 00 d1 9d 5a 98 ff ff ff f8 00 00 00 10   04 00 00 00 ce 0e 3d e0 ff ff ff f0 00 00 00 00 parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_SA
  length: 24
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 48
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 20
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 16
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 16
removing 4 bytes of padding
parse ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_SA
  length: 24
received HASH(2): 75 62 e2 86 a9 dc 1b 86 45 26 70 f2 2b ca c0 48   d5 4c be 14
HASH(2) computed: 75 62 e2 86 a9 dc 1b 86 45 26 70 f2 2b ca c0 48   d5 4c be 14
HASH(2) verified
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONCE
  length: 48
  DOI: ISAKMP_DOI_IPSEC
proposal: protocol PROTO_IPSEC_ESP
proposal: transform ESP_3DES
SA life type SA_LIFE_TYPE_SECONDS
SA life duration 28800
encapsulation mode ENCAPSULATION_MODE_TUNNEL AUTH algorithm AUTH_ALGORITHM_HMAC_MD5
IPsec SPI accepted 00 00 01 00
accepted protocol PROTO_IPSEC_ESP, transform ESP_3DES SA expiration 28800 seconds, 0 kilobytes encapsulation mode ENCAPSULATION_MODE_TUNNEL AUTH algorithm AUTH_ALGORITHM_HMAC_MD5
group description OAKLEY_GROUP_MODP768
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 20
parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_ID
  length: 16
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
our client user is IP subnet with address 209.157.90.152... ...and netmask 255.255.255.248
parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_NONE
  length: 16
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
peer client user is IP subnet with address 206.14.61.224... ...and netmask 255.255.255.240
Nr received: 30 78 36 53 84 92 87 88 ac e4 56 1b d4 d1 13 9c emit ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_HASH
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_QUICK
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 01 00 00 00
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 20 zero bytes of HASH(3) into ISAKMP Hash Payload HASH(3) computed: 4a be bd f9 27 71 d3 46 b8 63 5b d8 06 ce 5a 50   a9 da ac 66
emitting length of ISAKMP Hash Payload: 24 encrypting:
  00 00 00 18 4a be bd f9 27 71 d3 46 b8 63 5b d8   06 ce 5a 50 a9 da ac 66
emitting 0 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: 16 12 d4 4b 82 cd f1 d2
emitting length of ISAKMP Message: 52
KEYMAT computed:
  5a a8 95 c1 90 a6 95 c9 a2 e3 de 79 14 d6 33 44   1b f8 f0 cf 66 b2 c2 8e d5 4e 44 b8 00 70 23 c3   72 3a 4e d5 a8 51 6c 2e
Peer KEYMAT computed:
  5a a8 95 c1 90 a6 95 c9 a2 e3 de 79 14 d6 33 44   1b f8 f0 cf 66 b2 c2 8e d5 4e 44 b8 00 70 23 c3   72 3a 4e d5 a8 51 6c 2e
we're here...
...and here
Error: write() failed in add_route()
errno 22: Invalid argument
root@east > exit

Script done on Tue May 19 01:11:45 1998

pluto on north (the target) ------------------------------- Script started on Tue May 19 01:12:02 1998 .bashrc@north.toad.com [H[2Jroot@north > pluto opening /dev/urandom inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds init_socket(): listening to port 500 listening at 127.0.0.1 listening at 140.174.2.9 listening at 206.14.61.238 listening at 3 interfaces init_kernelfd(): listening to port 501 socket numbers: 4 5 6 7 kernel socket: 8 next event EVENT_REINIT_SECRET in 3600 seconds ((nil)/0)

received packet
read 176 bytes from 209.157.90.145, port 500   3e 7b 42 38 df 60 88 58 00 00 00 00 00 00 00 00   01 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94   00 00 00 01 00 00 00 01 00 00 00 88 00 01 00 04   03 00 00 20 00 01 00 00 80 01 00 01 80 02 00 03   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10   03 00 00 20 01 01 00 00 80 01 00 01 80 02 00 02   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10   03 00 00 20 02 01 00 00 80 01 00 01 80 02 00 01   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10   00 00 00 20 03 01 00 00 80 01 00 01 80 02 00 01   80 03 00 01 80 04 00 01 80 0b 00 01 80 0c 0e 10 parse ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 00 00 00 00 00 00 00 00   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 176
full state not found
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 148
half state not found
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  length: 148
  DOI: ISAKMP_DOI_IPSEC
emit ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 136
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 4
parse ISAKMP Transform Payload (ISAKMP):   next payload type: ISAKMP_NEXT_T
  length: 32
  transform number: 0
  transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 3
[3 is OAKLEY_TIGER]

I don't like something about OAKLEY_HASH_ALGORITHM in Oakley Proposal parse ISAKMP Transform Payload (ISAKMP):   next payload type: ISAKMP_NEXT_T
  length: 32
  transform number: 1
  transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
[1 is OAKLEY_DES_CBC]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
[2 is OAKLEY_SHA]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
[1 is OAKLEY_PRESHARED_KEY]

opening ./isakmp-secrets
secret used is [this is a test], length = 14 parse ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
[2 is OAKLEY_GROUP_MODP1024]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
[1 is OAKLEY_LIFE_SECONDS]

parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
Oakley Transform 1 accepted
emit IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 1
emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_NONE
  transform number: 1
  transform ID: KEY_IKE
emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) attributes 80 01 00 01 80 02 00 02 80 03 00 01 80 04 00 02   80 0b 00 01 80 0c 0e 10
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emitting length of ISAKMP Proposal Payload: 40 emitting length of ISAKMP Security Association Payload: 52 emitting length of ISAKMP Message: 80
my identity is 140.174.2.9
sending:
  3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34   00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01   00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 02   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10 transmitted 80 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8068048/0)

Do you need help?

received packet
read 180 bytes from 209.157.90.145, port 500   3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   81 e9 44 21 44 20 63 cd 88 c5 91 ab 49 06 c4 d0   40 45 d4 88 d9 e9 de 4c ec c4 33 ff 2c 5f 59 be   94 6a 2d 59 8e a4 47 40 0f 51 5a f9 c3 6a c4 4e   82 91 e1 31 39 a9 ac f4 a7 e0 2f 83 28 cf 29 78   e4 09 06 05 66 83 57 ec 1b 1c 2d ed 00 8a 58 04   41 64 85 c2 57 2c 43 64 8d 9b 1f a1 19 3b 82 c8   53 cc 45 4d c2 6b d7 b6 0d 37 6d 08 33 cf ad 42   ef d5 43 63 fa 1c e5 74 89 4c e2 1a 6e 06 40 be   00 00 00 14 fc fe 4c 10 14 23 c5 2d 82 7e 4d c1   65 b9 99 a2
parse ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 180
full state found, state OAKLEY_MAIN_R_1
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
parse ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
public value received: 81e94421442063cd88c591ab4906c4d04045d488d9e9de4cecc433ff2c5f59be946a2d598ea447400f515af9c36ac44e8291e13139a9acf4a7e02f8328cf2978e4090605668357ec1b1c2ded008a5804416485c2572c43648d9b1fa1193b82c853cc454dc26bd7b60d376d0833cfad42efd54363fa1ce574894ce21a6e0640be our secret value: dee94707023efddc3b0c7ca13861ad732d7dbbbb5d1a84eaa33a2cd15b7b2998 our public value: 4304221c818ead00bd4b15926b7b58b2326d012ef07d4d9e102ec2cafc2914d0a65978eae53f34fdbe44ad946fd15f14314e16e2c659721fb4eae7908571568f6d86986fb8d9edabcbd2e9abf339ec3c25fd9e0bf76d7d825e033667b6cff1677f331c2ea4169caf758a363baaed7608abfb47d05d6ddb4bd67d3d34fab2a329 shared secret: 686ed6ce98cc410ea2285aa34868c323b75209d3320bedc007ef53ab5fe76f31dace2bbab9a1b1fc161f7460e354cbbbc9dab9f11cc0a259afbc7fff4c290b9bd47083c985de6f839e34ebf7c08585381210032dbed7768b08e6e9bcdf883ae2275841c3e02ad5c14f7ad66e509b99a26c1081990daec4cc2999410842a48a33 emit ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload keyex value 43 04 22 1c 81 8e ad 00 bd 4b 15 92 6b 7b 58 b2   32 6d 01 2e f0 7d 4d 9e 10 2e c2 ca fc 29 14 d0   a6 59 78 ea e5 3f 34 fd be 44 ad 94 6f d1 5f 14   31 4e 16 e2 c6 59 72 1f b4 ea e7 90 85 71 56 8f   6d 86 98 6f b8 d9 ed ab cb d2 e9 ab f3 39 ec 3c   25 fd 9e 0b f7 6d 7d 82 5e 03 36 67 b6 cf f1 67   7f 33 1c 2e a4 16 9c af 75 8a 36 3b aa ed 76 08   ab fb 47 d0 5d 6d db 4b d6 7d 3d 34 fa b2 a3 29 emitting length of ISAKMP Key Exchange Payload: 132 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value 70 ce 8b 7c fd 16 b8 2b b7 39 c8 1d 32 3b 05 c3 emitting length of ISAKMP Nonce Payload: 20 emitting length of ISAKMP Message: 180
opening ./isakmp-secrets
secret used is [this is a test], length = 14 size of g^xy is 128
Skeyid: 0a 1d ad fb ce 94 b9 7f 97 e2 4f 0b 5d b7 3b 5c   3d 8a 32 0c
Skeyid_d: 46 08 2d 22 73 4f 66 12 50 71 85 13 cc f7 95 91   59 0d ed e1
Skeyid_a: b7 1c 3c 5e 71 d2 e0 35 4b f2 10 07 7c ed d2 fa   74 87 8c 32
Skeyid_e: 10 a8 37 52 21 60 89 1a 24 24 21 59 89 f4 a8 6c   cf 73 19 12
IV: a6 35 e9 61 b0 e3 23 78 c0 cd fa 05 5b 06 0c 05   6f 1a 59 67
sending:
  3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   43 04 22 1c 81 8e ad 00 bd 4b 15 92 6b 7b 58 b2   32 6d 01 2e f0 7d 4d 9e 10 2e c2 ca fc 29 14 d0   a6 59 78 ea e5 3f 34 fd be 44 ad 94 6f d1 5f 14   31 4e 16 e2 c6 59 72 1f b4 ea e7 90 85 71 56 8f   6d 86 98 6f b8 d9 ed ab cb d2 e9 ab f3 39 ec 3c   25 fd 9e 0b f7 6d 7d 82 5e 03 36 67 b6 cf f1 67   7f 33 1c 2e a4 16 9c af 75 8a 36 3b aa ed 76 08   ab fb 47 d0 5d 6d db 4b d6 7d 3d 34 fa b2 a3 29   00 00 00 14 70 ce 8b 7c fd 16 b8 2b b7 39 c8 1d   32 3b 05 c3
transmitted 180 bytes
inserting event EVENT_CLEANUP, timeout in 120 seconds next event EVENT_CLEANUP in 120 seconds (0x8068048/0)

received packet
read 68 bytes from 209.157.90.145, port 500   3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   05 10 02 01 00 00 00 00 00 00 00 44 4d e6 6c bc   2d 16 1c 8e 28 c2 ee d5 6e d5 73 9a ac 66 b1 e6   a8 93 cc ac fe 44 21 9b 00 b9 28 84 90 45 ac 07   79 71 af f2
parse ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
  length: 68
full state found, state OAKLEY_MAIN_R_2
received encrypted packet from 209.157.90.145, port 500 decrypting 40 bytes using algorithm OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: 90 45 ac 07 79 71 af f2
decrypted:
  08 00 00 0c 01 00 00 00 d1 9d 5a 91 00 00 00 18   0a 16 a8 6b b0 9e 55 f2 17 d8 98 12 a5 bb 5b 27   ca 76 c3 76 00 00 00 00
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_HASH
  length: 12
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 24
removing 4 bytes of padding
parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_HASH
  length: 12
  ID type: ID_IPV4_ADDR
  Protocol ID: 0
  port: 0
IDii type is ID_IPV4_ADDR: 209.157.90.145 parse ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 24
hashing 48 bytes of SA
Hashing his ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 computed HASH_I: 0a 16 a8 6b b0 9e 55 f2 17 d8 98 12 a5 bb 5b 27   ca 76 c3 76
received HASH_I: 0a 16 a8 6b b0 9e 55 f2 17 d8 98 12 a5 bb 5b 27   ca 76 c3 76
emit ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_HASH
  ID type: ID_IPV4_ADDR
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) my identity 8c ae 02 09
emitting length of ISAKMP Identification Payload (IPsec DOI): 12 hashing 48 bytes of SA
Hashing my ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 HASH_R sent: 25 e7 2b 6b 8c f2 ab 63 d4 7b 9d 5d fe 4a 08 fb   6a a4 8c b9
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 20 raw bytes of HASH_R into ISAKMP Hash Payload HASH_R 25 e7 2b 6b 8c f2 ab 63 d4 7b 9d 5d fe 4a 08 fb   6a a4 8c b9
emitting length of ISAKMP Hash Payload: 24 encrypting:
  08 00 00 0c 01 00 00 00 8c ae 02 09 00 00 00 18   25 e7 2b 6b 8c f2 ab 63 d4 7b 9d 5d fe 4a 08 fb   6a a4 8c b9
emitting 4 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: aa 43 6d 1f 4d 3f cb a9
last encrypted block of Phase 1: aa 43 6d 1f 4d 3f cb a9 emitting length of ISAKMP Message: 68
sending:
  3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   05 10 02 01 00 00 00 00 00 00 00 44 12 55 d8 52   92 4a a0 d2 2a be 8e 56 7c e5 2c bc fc ea 9e 51   f7 e7 1c 7f 18 e1 52 ef fa 6e b9 27 aa 43 6d 1f   4d 3f cb a9
transmitted 68 bytes
inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds event added after event EVENT_REINIT_SECRET ((nil)/0) next event EVENT_REINIT_SECRET in 3593 seconds ((nil)/0)

received packet
read 156 bytes from 209.157.90.145, port 500   3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   08 10 20 01 01 00 00 00 00 00 00 9c ef 59 da c1   23 f4 03 c3 01 dd 66 26 8e 52 dc be 95 ec 9f db   49 ab 39 7e e4 71 c8 6c ab 2c 5d 7b 6c d0 62 e7   e1 bc 0f ce f4 b5 f1 bb 3e 19 26 35 a5 2a 83 1c   bf aa b2 f3 64 fb c8 8a d8 fc 22 81 32 0d 5d f3   30 e4 e0 14 f1 3e 5c e7 58 1f 61 3a 4f 7a 35 9e   58 b3 88 5c 4b e7 19 fd 3a 2c c5 75 cb a9 61 75   c2 12 da e3 88 f4 5f 83 b3 4f 22 f2 9b e4 1d 70   7d 69 f1 86 ce bb d6 5a e3 45 30 64
parse ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_HASH
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_QUICK
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 01 00 00 00
  length: 156
full state not found
full state found, state OAKLEY_MAIN_R_3
inserting messageid structure for 209.157.90.145, port 500 computed phase 2 IV: 77 fd 33 48 cc cd 72 b4 73 bb 84 ea 7e c3 de 00   4e 56 cd ce
received encrypted packet from 209.157.90.145, port 500 decrypting 128 bytes using algorithm OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: ce bb d6 5a e3 45 30 64
decrypted:
  01 00 00 18 26 f8 11 15 11 05 51 b7 42 3a b3 16   45 4c 63 6f d2 25 44 de 0a 00 00 30 00 00 00 01   00 00 00 01 00 00 00 24 01 03 04 01 00 00 01 00   00 00 00 18 01 03 00 00 80 01 00 01 80 02 70 80   80 04 00 01 80 05 00 01 05 00 00 14 0c 3e bd 1e   ae 20 d3 84 09 ec 34 4b ee 10 ab 75 05 00 00 10   04 00 00 00 d1 9d 5a 98 ff ff ff f8 00 00 00 10   04 00 00 00 ce 0e 3d e0 ff ff ff f0 00 00 00 00 parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_SA
  length: 24
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 48
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 20
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 16
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 16
removing 4 bytes of padding
parse ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_SA
  length: 24
received HASH(1): 26 f8 11 15 11 05 51 b7 42 3a b3 16 45 4c 63 6f   d2 25 44 de
HASH(1) computed: 26 f8 11 15 11 05 51 b7 42 3a b3 16 45 4c 63 6f   d2 25 44 de
HASH(1) verified
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONCE
  length: 48
  DOI: ISAKMP_DOI_IPSEC
proposal: protocol PROTO_IPSEC_ESP
proposal: transform ESP_3DES
SA life type SA_LIFE_TYPE_SECONDS
SA life duration 28800
encapsulation mode ENCAPSULATION_MODE_TUNNEL AUTH algorithm AUTH_ALGORITHM_HMAC_MD5
IPsec SPI accepted 00 00 01 00
accepted protocol PROTO_IPSEC_ESP, transform ESP_3DES SA expiration 28800 seconds, 0 kilobytes encapsulation mode ENCAPSULATION_MODE_TUNNEL AUTH algorithm AUTH_ALGORITHM_HMAC_MD5
group description OAKLEY_GROUP_MODP768
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 20
parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_ID
  length: 16
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
peer client user is IP subnet with address 209.157.90.152... ...and netmask 255.255.255.248
parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_NONE
  length: 16
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
our client user is IP subnet with address 206.14.61.224... ...and netmask 255.255.255.240
emit ISAKMP Message:
  initiator cookie: 3e 7b 42 38 df 60 88 58   responder cookie: 69 e2 01 48 55 3a 91 d5   next payload type: ISAKMP_NEXT_HASH
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_QUICK
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 01 00 00 00
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_SA
emitting 20 zero bytes of HASH(2) into ISAKMP Hash Payload emitting length of ISAKMP Hash Payload: 24 emitting 48 raw bytes of SA payload into ISAKMP Message SA payload 0a 00 00 30 00 00 00 01 00 00 00 01 00 00 00 24   01 03 04 01 00 00 01 00 00 00 00 18 01 03 00 00   80 01 00 01 80 02 70 80 80 04 00 01 80 05 00 01 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_ID
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value 30 78 36 53 84 92 87 88 ac e4 56 1b d4 d1 13 9c emitting length of ISAKMP Nonce Payload: 20 Nr sent: 30 78 36 53 84 92 87 88 ac e4 56 1b d4 d1 13 9c emitting 16 raw bytes of IDci into ISAKMP Message IDci 05 00 00 10 04 00 00 00 d1 9d 5a 98 ff ff ff f8 emitting 16 raw bytes of IDcr into ISAKMP Message IDcr 00 00 00 10 04 00 00 00 ce 0e 3d e0 ff ff ff f0 HASH(2) computed: 75 62 e2 86 a9 dc 1b 86 45 26 70 f2 2b ca c0 48   d5 4c be 14
encrypting:
  01 00 00 18 75 62 e2 86 a9 dc 1b 86 45 26 70 f2   2b ca c0 48 d5 4c be 14 0a 00 00 30 00 00 00 01   00 00 00 01 00 00 00 24 01 03 04 01 00 00 01 00   00 00 00 18 01 03 00 00 80 01 00 01 80 02 70 80   80 04 00 01 80 05 00 01 05 00 00 14 30 78 36 53   84 92 87 88 ac e4 56 1b d4 d1 13 9c 05 00 00 10   04 00 00 00 d1 9d 5a 98 ff ff ff f8 00 00 00 10   04 00 00 00 ce 0e 3d e0 ff ff ff f0
emitting 4 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: 3d ff 8b b7 08 9d b6 b7
emitting length of ISAKMP Message: 156
sending:
  3e 7b 42 38 df 60 88 58 69 e2 01 48 55 3a 91 d5   08 10 20 01 01 00 00 00 00 00 00 9c e6 3a 1f 8d   5c 8f f6 bc d5 2e 6b 2e d0 1a ce c7 77 c5 29 39   ee e1 b9 57 87 d6 b9 4b f9 ca 4b fa 6f cf 43 2b   7c 2f 89 1d 85 42 bc f8 c7 8c 08 51 7b b7 7c 42   52 40 3b a6 fb 49 36 43 73 7c 7d f4 d9 84 50 14   44 d5 78 6e f7 a4 bb 98 e3 7a f7 09 35 eb 78 97   67 d3 3e e0 4c d8 3b 60 09 c2 95 c3 d7 c7 1a 7b   50 3a 88 a2 56 ed 6e 18 80 10 4f 0f be a9 80 f3   00 e1 54 d2 3d ff 8b b7 08 9d b6 b7
transmitted 156 bytes
inserting event EVENT_CLEANUP, timeout in 120 seconds next event EVENT_CLEANUP in 120 seconds (0x8068770/0)

root@north >
Script done on Tue May 19 01:13:04 1998

whack output on east ------------------------------ root@east > sh pluto-ne.rc : I am east.toad.com Initiating with 140.174.2.9, port 500 209.157.90.152 255.255.255.248 206.14.61.224 255.255.255.240 Goal = 7 Done. root@east >

Received on Tue May 19 06:39:22 1998

This message: [ Message body ]
Next message: Hugh Daniel: "linux-ipsec: Pluto claims to have worked, but does not encrypt"
Previous message: Richard Guy Briggs: "Re: linux-ipsec: Some FreeS/WAN docu"
Reply: Hugh Redelmeier: "Re: linux-ipsec: Annoying problem with Pluto"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:11 EDT