|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
linux-ipsec: 9th planet (now 8th?) review
Date: Tue Jun 16 1998 - 22:33:22 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Alright...I hadn't realised I should have reviewed pluto for 0.85...here goes.
Documentation! I am going to start sounding like the pointy-haired one here... The readme is not very well organised. I tried pluto --help which came back blank. I didn't check to see if it installed itself as a daemon. If it did, that is bad. I tried man pluto. No dice. I had to cope with that REAMDE in the pluto directory. It is not very clear, and hence not very useful. Some of the comments in the REAMDE make it appear as though klips only supports one transform. It supports four: 2 esp and 2 ah.
It would be far more useful if the debugging output had a command line switch, not a compile time switch only. I think the debugging switch that switches port number and the config file location is really dumb. It should be a command line option to change from the default, regardless of whether the debugging is turned on or off by the command line or the compile switch.
With the command:
whack 501 <remoteIP> <remotePlutoPort> 0.0.0.0 x x x encrypt
Pluto could not set a route for another host on the same subnet to do transport mode. This may already be known... Klips is capable of this.
With the command:
whack 501\ \ \ encrypt tunnel
Pluto tried to set up a connection for subnet to subnet. The remote system did not set up a route, eroute or SA. The local did set up the route ok, and may have tried to set up the grouped SA, but the IPIP did not succeed, nor did the outgoing esp get set up. The incoming SA was the only one that succeeded...actually, I am noticing that it didn't because the authentication key was 0 when it should have been 16 bytes. This is now a bug in pluto, because the keying material has been separated and pluto was probably not updated to reflect those changes. Look for a member called <mumble>akey<mumble>. Additionally, pluto did not check for a non-zero return code which would have flagged the error. I have found two bomb-proofing bugs in klips because of this! Thanks...I think.
It did nothing on the remote end with klips or route(8).
Slainte Mhath, rgb
Appended, please find some debugging output that may be of help... I will post more info later if running tncfg and ifconfig actually makes a difference...I suspect it won't.
===> pluto.out.100 (magellan) <==
Starting Pluto (FreeS/WAN Version 0.85)
opening /dev/urandom
inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
init_socket(): listening to port 500
listening at 127.0.0.1 listening at 192.168.2.100 listening at 192.168.3.100 listening at 207.236.55.216
listening at 4 interfaces
init_kernelfd(): listening to port 501
socket numbers:
4 5 6 7 8
kernel socket: 9
next event EVENT_REINIT_SECRET in 3600 seconds ((nil)/0)
received packet
read 144 bytes from 192.168.2.110, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: 00 00 00 00 00 00 00 00
next payload type: ISAKMP_NEXT_SA
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: none
message ID: 00 00 00 00
length: 144
full state not found
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONE
length: 116
half state not found
parse ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONE
length: 116
DOI: ISAKMP_DOI_IPSEC
my identity is 192.168.2.100
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_SA
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: none
message ID: 00 00 00 00
emit ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONE
DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
length: 104
proposal number: 0
protocol ID: PROTO_ISAKMP
SPI size: 0
number of transforms: 3
parse ISAKMP Transform Payload (ISAKMP):
next payload type: ISAKMP_NEXT_T
length: 32
transform number: 0
transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
af+type: OAKLEY_ENCRYPTION_ALGORITHM
length/value: 1
[1 is OAKLEY_DES_CBC]
parse ISAKMP Oakley attribute:
af+type: OAKLEY_HASH_ALGORITHM
length/value: 2
[2 is OAKLEY_SHA]
parse ISAKMP Oakley attribute:
af+type: OAKLEY_AUTHENTICATION_METHOD
length/value: 1
[1 is OAKLEY_PRESHARED_KEY]
opening ./isakmp-secrets
secret used is [halelujia], length = 9
parse ISAKMP Oakley attribute:
af+type: OAKLEY_GROUP_DESCRIPTION
length/value: 2
[2 is OAKLEY_GROUP_MODP1024]
parse ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_TYPE
length/value: 1
[1 is OAKLEY_LIFE_SECONDS]
parse ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_DURATION
length/value: 3600
Oakley Transform 0 accepted
emit IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
proposal number: 0
protocol ID: PROTO_ISAKMP
SPI size: 0
number of transforms: 1
emit ISAKMP Transform Payload (ISAKMP):
next payload type: ISAKMP_NEXT_NONE
transform number: 0
transform ID: KEY_IKE
emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP)
emitting length of ISAKMP Transform Payload (ISAKMP): 32
emitting length of ISAKMP Proposal Payload: 40
emitting length of ISAKMP Security Association Payload: 52
emitting length of ISAKMP Message: 80
transmitted 80 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds
next event EVENT_RETRANSMIT in 30 seconds (0x8064500/0)
received packet
read 180 bytes from 192.168.2.110, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_KE
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: none
message ID: 00 00 00 00
length: 180
full state found, state OAKLEY_MAIN_R_1
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 132
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONE
length: 20
parse ISAKMP Key Exchange Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 132
parse ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_NONE
length: 20
public value received: b99e75f666a2dc705491512143c9b751073efb3b98a6c8c4ef3866abad9c00754ee54651f560820ca915cea4da631cc5178b35f4d289961b6c7b30f9fefde3e214393b3c57b513611c647885c8c3bc354b69a72899bf4e8ddd9aa5cc654e708fbbe6eeb2ff315e88fcf91650b51ce90e1c0ee9c277be8fd35589880ddcc2a717
our secret value: fd3775de0f69835d4789d44278e5bf47cb9c0089be3b9adb73d8ded55f7327e7
our public value: f499fa1393878e2293acc9840c2441eba0870633200b7f1b768da82bd742641a240e65879269434c0b8ccf53fc2f89165b8e8f30cc1e72990c00dcbcc0d32947abcf9aeb4ec7726679f07f30ca7a82297c76cb5e8b2bbe773b744804fca4f4216151b7776f2baeab63fc4303404c1502bc3b89b9cc7fb212e69997ef0782fd0d
shared secret: 27c8e9b37a54c3320f638620e5751d3c1e4d5c1f3a53bb6090150797165cf0e4d5cb0b04e8f7f201ac65036e61577ac925aa160679d30113cb89b09a191fd6866c46eb627925d0133a9cf8e68319292a085a58beced2b54b1e3fc76386f1e6eb438a54615b16ba2ad57f0eb672d8405031460ca0c6029c26789d846612b67512
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_KE
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: none
message ID: 00 00 00 00
emit ISAKMP Key Exchange Payload:
next payload type: ISAKMP_NEXT_NONCE
emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload
emitting length of ISAKMP Key Exchange Payload: 132
emit ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload
emitting length of ISAKMP Nonce Payload: 20
emitting length of ISAKMP Message: 180
opening ./isakmp-secrets
secret used is [halelujia], length = 9
size of g^xy is 128
transmitted 180 bytes
inserting event EVENT_CLEANUP, timeout in 120 seconds
next event EVENT_CLEANUP in 120 seconds (0x8064500/0)
received packet
read 68 bytes from 192.168.2.110, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_ID
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 00 00 00 00
length: 68
full state found, state OAKLEY_MAIN_R_2
received encrypted packet from 192.168.2.110, port 500
decrypting 40 bytes using algorithm OAKLEY_DES_CBC
keeping last 8 bytes, just in case
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_HASH
length: 12
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONE
length: 24
removing 4 bytes of padding
parse ISAKMP Identification Payload (IPsec DOI):
next payload type: ISAKMP_NEXT_HASH
length: 12
ID type: ID_IPV4_ADDR
Protocol ID: 0
port: 0
Peer's ID type is ID_IPV4_ADDR: 192.168.2.110
parse ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_NONE
length: 24
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_ID
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 00 00 00 00
emit ISAKMP Identification Payload (IPsec DOI):
next payload type: ISAKMP_NEXT_HASH
ID type: ID_IPV4_ADDR
Protocol ID: 0
port: 0
emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
emitting length of ISAKMP Identification Payload (IPsec DOI): 12
emit ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_NONE
emitting 20 raw bytes of HASH_R into ISAKMP Hash Payload
emitting length of ISAKMP Hash Payload: 24
emitting 4 zero bytes of encryption padding into ISAKMP Message
encrypting using OAKLEY_DES_CBC
emitting length of ISAKMP Message: 68
transmitted 68 bytes
inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds
event added after event EVENT_REINIT_SECRET ((nil)/0)
next event EVENT_REINIT_SECRET in 3435 seconds ((nil)/0)
received packet
read 124 bytes from 192.168.2.110, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 01 00 00 00
length: 124
full state not found
full state found, state OAKLEY_MAIN_R_3
inserting messageid structure for 192.168.2.110, port 500
received encrypted packet from 192.168.2.110, port 500
decrypting 96 bytes using algorithm OAKLEY_DES_CBC
keeping last 8 bytes, just in case
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_SA
length: 24
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 48
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONE
length: 20
removing 4 bytes of padding
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 01 00 00 00
parse ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_SA
length: 24
HASH(1) computed:HASH(1) verified
emit ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_SA
emitting 20 zero bytes of HASH(2) into ISAKMP Hash Payload
emitting length of ISAKMP Hash Payload: 24
parse ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 48
DOI: ISAKMP_DOI_IPSEC
emit ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONCE
DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
length: 36
proposal number: 0
protocol ID: PROTO_IPSEC_ESP
SPI size: 4
number of transforms: 1
parsing 4 raw bytes of SPI into ISAKMP Proposal Payload
parse ISAKMP Transform Payload (ESP):
next payload type: ISAKMP_NEXT_NONE
length: 24
transform number: 0
transform ID: ESP_3DES
parse ISAKMP IPsec DOI attribute:
af+type: AUTH_ALGORITHM
length/value: 1
[1 is AUTH_ALGORITHM_HMAC_MD5]
parse ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_TYPE
length/value: 1
[1 is SA_LIFE_TYPE_SECONDS]
parse ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_DURATION
length/value: 28800
parse ISAKMP IPsec DOI attribute:
af+type: ENCAPSULATION_MODE
length/value: 2
[2 is ENCAPSULATION_MODE_TRANSPORT]
emit IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
proposal number: 0
protocol ID: PROTO_IPSEC_ESP
SPI size: 4
number of transforms: 1
emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
emit ISAKMP Transform Payload (ESP):
next payload type: ISAKMP_NEXT_NONE
transform number: 0
transform ID: ESP_3DES
emitting 16 raw bytes of attributes into ISAKMP Transform Payload (ESP)
emitting length of ISAKMP Transform Payload (ESP): 24
emitting length of ISAKMP Proposal Payload: 36
emitting length of ISAKMP Security Association Payload: 48
parse ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_NONE
length: 20
emit ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload
emitting length of ISAKMP Nonce Payload: 20
HASH(2) computed:emitting 4 zero bytes of encryption padding into ISAKMP Message
encrypting using OAKLEY_DES_CBC
emitting length of ISAKMP Message: 124
transmitted 124 bytes
inserting event EVENT_CLEANUP, timeout in 120 seconds
next event EVENT_CLEANUP in 120 seconds (0x8064cc8/0)
received packet
read 124 bytes from 192.168.2.110, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 01 00 00 00
length: 124
full state found, state OAKLEY_QUICK_R_1
received encrypted packet from 192.168.2.110, port 500
decrypting 96 bytes using algorithm OAKLEY_DES_CBC
keeping last 8 bytes, just in case
next payload type of ISAKMP Generic Payload has an unknown value: 222
malformed payload in packet from 192.168.2.110, port 500
next event EVENT_CLEANUP in 90 seconds (0x8064cc8/0)
received packet
read 124 bytes from 192.168.2.110, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 01 00 00 00
length: 124
full state found, state OAKLEY_QUICK_R_1
received encrypted packet from 192.168.2.110, port 500
decrypting 96 bytes using algorithm OAKLEY_DES_CBC
keeping last 8 bytes, just in case
next payload type of ISAKMP Generic Payload has an unknown value: 87
malformed payload in packet from 192.168.2.110, port 500
next event EVENT_CLEANUP in 60 seconds (0x8064cc8/0)
received packet
read 156 bytes from 192.168.2.110, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 02 00 00 00
length: 156
full state not found
full state found, state OAKLEY_MAIN_R_3
updating MSG-ID for 192.168.2.110 from 1 to 2
received encrypted packet from 192.168.2.110, port 500
decrypting 128 bytes using algorithm OAKLEY_DES_CBC
keeping last 8 bytes, just in case
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_SA
length: 24
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 48
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_ID
length: 20
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_ID
length: 16
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONE
length: 16
removing 4 bytes of padding
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 02 00 00 00
parse ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_SA
length: 24
HASH(1) computed:HASH(1) verified
emit ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_SA
emitting 20 zero bytes of HASH(2) into ISAKMP Hash Payload
emitting length of ISAKMP Hash Payload: 24
parse ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 48
DOI: ISAKMP_DOI_IPSEC
emit ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONCE
DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
length: 36
proposal number: 0
protocol ID: PROTO_IPSEC_ESP
SPI size: 4
number of transforms: 1
parsing 4 raw bytes of SPI into ISAKMP Proposal Payload
parse ISAKMP Transform Payload (ESP):
next payload type: ISAKMP_NEXT_NONE
length: 24
transform number: 0
transform ID: ESP_3DES
parse ISAKMP IPsec DOI attribute:
af+type: AUTH_ALGORITHM
length/value: 1
[1 is AUTH_ALGORITHM_HMAC_MD5]
parse ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_TYPE
length/value: 1
[1 is SA_LIFE_TYPE_SECONDS]
parse ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_DURATION
length/value: 28800
parse ISAKMP IPsec DOI attribute:
af+type: ENCAPSULATION_MODE
length/value: 1
[1 is ENCAPSULATION_MODE_TUNNEL]
emit IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
proposal number: 0
protocol ID: PROTO_IPSEC_ESP
SPI size: 4
number of transforms: 1
emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
emit ISAKMP Transform Payload (ESP):
next payload type: ISAKMP_NEXT_NONE
transform number: 0
transform ID: ESP_3DES
emitting 16 raw bytes of attributes into ISAKMP Transform Payload (ESP)
emitting length of ISAKMP Transform Payload (ESP): 24
emitting length of ISAKMP Proposal Payload: 36
emitting length of ISAKMP Security Association Payload: 48
parse ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_ID
length: 20
parse ISAKMP Identification Payload (IPsec DOI):
next payload type: ISAKMP_NEXT_ID
length: 16
ID type: ID_IPV4_ADDR_SUBNET
Protocol ID: 0
port: 0
peer client user is IP subnet with address 192.168.4.0...
...and netmask 255.255.255.0
parse ISAKMP Identification Payload (IPsec DOI):
next payload type: ISAKMP_NEXT_NONE
length: 16
ID type: ID_IPV4_ADDR_SUBNET
Protocol ID: 0
port: 0
our client user is IP subnet with address 192.168.3.0...
...and netmask 255.255.255.0
emit ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_ID
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload
emitting length of ISAKMP Nonce Payload: 20
emitting 16 raw bytes of IDci into ISAKMP Message
emitting 16 raw bytes of IDcr into ISAKMP Message
HASH(2) computed:emitting 4 zero bytes of encryption padding into ISAKMP Message
encrypting using OAKLEY_DES_CBC
emitting length of ISAKMP Message: 156
transmitted 156 bytes
inserting event EVENT_CLEANUP, timeout in 120 seconds
event added after event EVENT_CLEANUP (0x8064cc8/0)
next event EVENT_CLEANUP in 15 seconds (0x8064cc8/0)
time to handle event
next event is EVENT_CLEANUP (0x80650a0/0)
responder state expired for 192.168.2.110, port 500
next event EVENT_CLEANUP in 105 seconds (0x80650a0/0)
received packet
read 156 bytes from 192.168.2.110, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 02 00 00 00
length: 156
full state found, state OAKLEY_QUICK_R_1
received encrypted packet from 192.168.2.110, port 500
decrypting 128 bytes using algorithm OAKLEY_DES_CBC
keeping last 8 bytes, just in case
next payload type of ISAKMP Generic Payload has an unknown value: 138
malformed payload in packet from 192.168.2.110, port 500
next event EVENT_CLEANUP in 91 seconds (0x80650a0/0)
received packet
read 156 bytes from 192.168.2.110, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 02 00 00 00
length: 156
full state found, state OAKLEY_QUICK_R_1
received encrypted packet from 192.168.2.110, port 500
decrypting 128 bytes using algorithm OAKLEY_DES_CBC
keeping last 8 bytes, just in case
next payload type of ISAKMP Generic Payload has an unknown value: 43
malformed payload in packet from 192.168.2.110, port 500
next event EVENT_CLEANUP in 61 seconds (0x80650a0/0)
time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0)
responder state expired for 192.168.2.110, port 500
next event EVENT_REINIT_SECRET in 3210 seconds ((nil)/0)
time to handle event
next event is EVENT_SA_EXPIRE (0x8064500/0)
event EVENT_REINIT_SECRET handled
inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
event added after event EVENT_SA_EXPIRE (0x8064500/0)
next event EVENT_SA_EXPIRE in 165 seconds (0x8064500/0)
time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0)
SA expired for 192.168.2.110, port 500
next event EVENT_REINIT_SECRET in 3435 seconds ((nil)/0)
===> barf.100 (magellan) <==
+ date
Tue Jun 16 21:21:37 EDT 1998
+ hostname
magellan.conscoop.ottawa.on.ca
+ hostname --fqdn
magellan.conscoop.ottawa.on.ca
+ hostname --ip-address
192.168.2.100
+ cat /proc/version
Linux version 2.0.34 (root@gonzales.conscoop.ottawa.on.ca) (gcc version 2.7.2.1) #26 Fri Jun 12 12:10:36 EDT 1998
+ cat /proc/net/ipsec_eroute
EROUTE:
+ cat /proc/net/ipsec_spi
SPI:
+ cat /proc/net/ipsec_spigrp
SPIGRP:
+ cat /proc/net/ipsec_tncfg
TNCFG:
ipsec0 -> NULL
ipsec1 -> NULL
+ cat /proc/net/ipsec_version
VERSION_INFO:
FreeS/WAN version: 0.85
Transform:, CVS version: $Id: ipsec_ipe4.c,v 1.6 1998/06/11 05:49:58 rgb Exp $ Transform: , CVS version: $Id: ipsec_ahhmacmd5.c,v 1.7 1998/06/11 05:49:53 rgb Exp $ Transform: , CVS version: $Id: ipsec_ahhmacsha1.c,v 1.7 1998/06/11 05:49:54 rgb Exp $ Transform: <3DES-MD5-96 Encryption>, CVS version: $Id: ipsec_esp3desmd596.c,v 1.8 1998/06/11 05:51:34 rgb Exp $ Transform: , CVS version: $Id: ipsec_espdesmd596.c,v 1.7 1998/06/11 05:51:35 rgb Exp $
+ cat /proc/net/dev
Inter-| Receive | Transmit face |packets errs drop fifo frame|packets errs drop fifo colls carrier lo: 127757 0 0 0 0 127757 0 0 0 0 0 tunl0: 0 0 0 0 0 0 0 0 0 0 0 tunl1: 0 0 0 0 0 0 0 0 0 0 0 dummy: No statistics available. eth0: 141874 0 0 0 0 144929 0 0 0 79 0 eth1: 268 0 0 0 0 804 0 0 0 0 0 eth2: 12936 0 0 0 0 13732 0 0 0 2 0 ipsec0: 0 0 0 0 0 0 0 0 0 0 0 ipsec1: 0 0 0 0 0 0 0 0 0 0 0
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.2.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth0 192.168.4.0 192.168.2.110 255.255.255.0 UG 1500 0 0 eth0 192.168.3.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth1 207.236.55.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth2 192.168.1.0 192.168.2.103 255.255.255.0 UG 1500 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo 0.0.0.0 207.236.55.1 0.0.0.0 UG 1500 0 0 eth2
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 0002A8C0 00000000 01 0 13 0 00FFFFFF 1500 0 0 eth0 0004A8C0 6E02A8C0 03 0 0 0 00FFFFFF 1500 0 0 eth1 0003A8C0 00000000 01 0 2 0 00FFFFFF 1500 0 0 eth2 0037ECCF 00000000 01 0 29 0 00FFFFFF 1500 0 0 eth0 0001A8C0 6702A8C0 03 0 40 0 00FFFFFF 1500 0 0 lo 0000007F 00000000 01 0 5 0 000000FF 3584 0 0 eth2 00000000 0137ECCF 03 0 152 1 00000000 1500 0 0
+ ifconfig -a
lo Link encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 RX packets:127757 errors:0 dropped:0 overruns:0 TX packets:127757 errors:0 dropped:0 overruns:0 eth0 Link encap:10Mbps Ethernet HWaddr 00:00:C0:83:A8:27 inet addr:192.168.2.100 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:141877 errors:0 dropped:0 overruns:0 TX packets:144931 errors:0 dropped:0 overruns:0 Interrupt:15 Base address:0x310 Memory:e0000-e4000 eth1 Link encap:10Mbps Ethernet HWaddr 00:00:C0:AD:B5:23 inet addr:192.168.3.100 Bcast:192.168.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:268 errors:0 dropped:0 overruns:0 TX packets:804 errors:0 dropped:0 overruns:0 Interrupt:10 Base address:0x290 Memory:d4000-d8000 eth2 Link encap:10Mbps Ethernet HWaddr 00:00:C0:45:26:47 inet addr:207.236.55.216 Bcast:207.236.55.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12936 errors:0 dropped:0 overruns:0 TX packets:13732 errors:0 dropped:0 overruns:0 Interrupt:5 Base address:0x250 Memory:d0000-d4000
+ cat /proc/net/ip_forward
IP firewall forward rules, default 4
C0A80000/FFFF0000->C0A80000/FFFF0000 - 00000000 4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 AFF X00 C0A80000/FFFF0000->00000000/00000000 - 00000000 204 0 0 6667 975088 0 0 0 0 0 0 0 0 0 0 AFF X00
+ cat /proc/net/ip_input
IP firewall input rules, default 4
CFEC37D8/FFFFFFFF->00000000/00000000 eth2 00000000 20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 AFF X00 C0A80000/FFFF0000->00000000/00000000 eth2 00000000 20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->C0A80000/FFFF0000 eth2 00000000 20 0 0 0 0 0 0 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 32 0 2 0 0 1 52 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 32 0 2 1 72 54 1023 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 6 0 1 0 0 6112 0 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 131 0 2 0 0 1 19 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 131 0 2 0 0 20 21 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 131 0 2 3 132 23 24 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 131 0 2 0 0 26 49 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 121 0 1 0 0 52 0 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 131 0 2 0 0 54 79 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 131 0 2 0 0 81 112 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 131 0 2 0 0 114 115 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 121 0 1 0 0 117 0 0 0 0 0 0 0 0 0 AFF X00 00000000/00000000->CFEC37D8/FFFFFFFF eth2 00000000 131 0 2 0 0 119 255 0 0 0 0 0 0 0 0 AFF X00
+ cat /proc/net/ip_output
IP firewall output rules, default 4
C0A80000/FFFF0000->00000000/00000000 eth2 00000000 120 0 0 0 0 0 0 0 0 0 0 0 0 0 0 AFF X00
+ cat /proc/modules
ipsec 18 0 ip_masq_ftp 5 0Mem: 13893632 13398016 495616 10092544 561152 4440064 Swap: 41938944 2752512 39186432
+ cat /proc/meminfo
total: used: free: shared: buffers: cached:
MemTotal: 13568 kB MemFree: 484 kB MemShared: 9856 kB Buffers: 548 kB Cached: 4336 kB SwapTotal: 40956 kB SwapFree: 38268 kB
+ ls -l /dev/ipsec
crw-r--r-- 1 root root 36, 10 Oct 3 1997 /dev/ipsec
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_spinew /proc/net/ipsec_tncfg /proc/net/ipsec_version
- -r--r--r-- 1 root root 0 Jun 16 17:20 /proc/net/ipsec_eroute - -r--r--r-- 1 root root 0 Jun 16 17:20 /proc/net/ipsec_spi - -r--r--r-- 1 root root 0 Jun 16 17:20 /proc/net/ipsec_spigrp - -r--r--r-- 1 root root 0 Jun 16 17:20 /proc/net/ipsec_spinew - -r--r--r-- 1 root root 0 Jun 16 17:20 /proc/net/ipsec_tncfg - -r--r--r-- 1 root root 0 Jun 16 17:20 /proc/net/ipsec_version
+ test -f /usr/src/linux/.config
+ egrep IP /usr/src/linux/.config
CONFIG_SYSVIPC=y CONFIG_IP_FORWARD=y CONFIG_IP_MULTICAST=y CONFIG_IP_FIREWALL=y CONFIG_IP_FIREWALL_VERBOSE=y CONFIG_IP_MASQUERADE=y CONFIG_IP_MASQUERADE_IPAUTOFW=y CONFIG_IP_MASQUERADE_ICMP=y
# CONFIG_IP_TRANSPARENT_PROXY is not set CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ACCT=y
# CONFIG_IP_ROUTER is not set
CONFIG_NET_IPIP=y
# CONFIG_IP_MROUTE is not set
CONFIG_IP_ALIAS=y
CONFIG_IP_NOSR=y
# CONFIG_IPX is not set
CONFIG_IPSEC=y CONFIG_IPSEC_IPIP=y CONFIG_IPSEC_AH=y CONFIG_IPSEC_AH_HMAC_MD5=y CONFIG_IPSEC_AH_HMAC_SHA1=y CONFIG_IPSEC_AH_MD5=y CONFIG_IPSEC_ESP=y CONFIG_IPSEC_ESP_DES_CBC=y CONFIG_IPSEC_ESP_DES_MD5=y CONFIG_IPSEC_ESP_3DES_MD5=y CONFIG_IPSEC_ESP_DES_MD5_96=y CONFIG_IPSEC_ESP_3DES_MD5_96=y # DEBUG_IPSEC_RADIJ is not set # DEBUG_IPSEC_EROUTE is not set # DEBUG_IPSEC_SPI is not set # DEBUG_IPSEC_XFORM is not set # DEBUG_IPSEC_NETLINK is not set # DEBUG_IPSEC_TUNNEL is not set # DEBUG_IPSEC_AH is not set
# DEBUG_IPSEC_ESP is not set
# CONFIG_PLIP is not set
CONFIG_SLIP=y
CONFIG_SLIP_COMPRESSED=y
# CONFIG_SLIP_SMART is not set
# CONFIG_SLIP_MODE_SLIP6 is not set
+ test -f /var/log/kern.debug
+ tail -100 /var/log/kern.debug
Jun 16 08:54:54 magellan kernel: klogd 1.3-3, ---------- state change ---------- Jun 16 08:54:54 magellan kernel: No module symbols loaded. Jun 16 17:11:34 magellan kernel: ipsec_init: ipsec module loaded. freeswan version: 0.85 Jun 16 17:11:34 magellan kernel: ipsec_init: ipsec_init source -- $Id: ipsec_init.c,v 1.9 1998/06/14 23:49:40 rgb Exp $ Jun 16 17:11:34 magellan kernel: ipsec_init: attachingJun 16 17:11:34 magellan kernel: ipe4_attach: called.$Id: ipsec_ipe4.c,v 1.6 1998/06/11 05:49:58 rgb Exp $ Jun 16 17:11:34 magellan kernel: ipsec_init: attaching Jun 16 17:11:34 magellan kernel: ahhmacmd5_attach: called.$Id: ipsec_ahhmacmd5.c,v 1.7 1998/06/11 05:49:53 rgb Exp $ Jun 16 17:11:34 magellan kernel: ipsec_init: attaching Jun 16 17:11:34 magellan kernel: ahhmacsha1_attach: called.$Id: ipsec_ahhmacsha1.c,v 1.7 1998/06/11 05:49:54 rgb Exp $ Jun 16 17:11:34 magellan kernel: ipsec_init: attaching <3DES-MD5-96 Encryption> Jun 16 17:11:34 magellan kernel: esp3desmd596_attach: called.$Id: ipsec_esp3desmd596.c,v 1.8 1998/06/11 05:51:34 rgb Exp $ Jun 16 17:11:34 magellan kernel: ipsec_init: attaching Jun 16 17:11:34 magellan kernel: espdesmd596_attach: called.$Id: ipsec_espdesmd596.c,v 1.7 1998/06/11 05:51:35 rgb Exp $ Jun 16 17:11:34 magellan kernel: ipsec_tunnel_init: KLIPS: tunnelling code $Id: ipsec_tunnel.c,v 1.8 1998/06/14 23:49:40 rgb Exp $
+ tail -250 /var/log/messages
+ egrep -i ipsec|klips|pluto|xxx
Jun 16 10:18:02 magellan syslog: FreeS/WAN version 0.85. Usage: pluto [port-number]
+ date
Tue Jun 16 21:21:40 EDT 1998
===> pluto.out.110 (gonzales) <==
Starting Pluto (FreeS/WAN Version 0.85)
opening /dev/urandom
inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
init_socket(): listening to port 500
listening at 127.0.0.1 listening at 192.168.2.110 listening at 192.168.4.110
listening at 3 interfaces
init_kernelfd(): listening to port 501
socket numbers:
4 5 6 7
kernel socket: 8
next event EVENT_REINIT_SECRET in 3600 seconds ((nil)/0)
received kernel message
read 84 bytes from "kernel" socket
initiating exchange with [192.168.2.100], port 500, goal GOAL_ENCRYPT
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: 00 00 00 00 00 00 00 00
next payload type: ISAKMP_NEXT_SA
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: none
message ID: 00 00 00 00
emit ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONE
DOI: ISAKMP_DOI_IPSEC
emit IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
proposal number: 0
protocol ID: PROTO_ISAKMP
SPI size: 0
number of transforms: 3
emit ISAKMP Transform Payload (ISAKMP):
next payload type: ISAKMP_NEXT_T
transform number: 0
transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
af+type: OAKLEY_ENCRYPTION_ALGORITHM
length/value: 1
[1 is OAKLEY_DES_CBC]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_HASH_ALGORITHM
length/value: 2
[2 is OAKLEY_SHA]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_AUTHENTICATION_METHOD
length/value: 1
[1 is OAKLEY_PRESHARED_KEY]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_GROUP_DESCRIPTION
length/value: 2
[2 is OAKLEY_GROUP_MODP1024]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_TYPE
length/value: 1
[1 is OAKLEY_LIFE_SECONDS]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_DURATION
length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32
emit ISAKMP Transform Payload (ISAKMP):
next payload type: ISAKMP_NEXT_T
transform number: 1
transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
af+type: OAKLEY_ENCRYPTION_ALGORITHM
length/value: 1
[1 is OAKLEY_DES_CBC]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_HASH_ALGORITHM
length/value: 1
[1 is OAKLEY_MD5]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_AUTHENTICATION_METHOD
length/value: 1
[1 is OAKLEY_PRESHARED_KEY]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_GROUP_DESCRIPTION
length/value: 2
[2 is OAKLEY_GROUP_MODP1024]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_TYPE
length/value: 1
[1 is OAKLEY_LIFE_SECONDS]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_DURATION
length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32
emit ISAKMP Transform Payload (ISAKMP):
next payload type: ISAKMP_NEXT_NONE
transform number: 2
transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
af+type: OAKLEY_ENCRYPTION_ALGORITHM
length/value: 1
[1 is OAKLEY_DES_CBC]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_HASH_ALGORITHM
length/value: 1
[1 is OAKLEY_MD5]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_AUTHENTICATION_METHOD
length/value: 1
[1 is OAKLEY_PRESHARED_KEY]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_GROUP_DESCRIPTION
length/value: 1
[1 is OAKLEY_GROUP_MODP768]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_TYPE
length/value: 1
[1 is OAKLEY_LIFE_SECONDS]
emit ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_DURATION
length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32
emitting length of ISAKMP Proposal Payload: 104
emitting length of ISAKMP Security Association Payload: 116
emitting length of ISAKMP Message: 144
transmitted 144 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds
next event EVENT_RETRANSMIT in 30 seconds (0x8064468/0)
received packet
read 80 bytes from 192.168.2.100, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_SA
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: none
message ID: 00 00 00 00
length: 80
full state not found
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONE
length: 52
half state found, state OAKLEY_MAIN_I_1
my identity is 192.168.2.110
parse ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONE
length: 52
DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
length: 40
proposal number: 0
protocol ID: PROTO_ISAKMP
SPI size: 0
number of transforms: 1
parse ISAKMP Transform Payload (ISAKMP):
next payload type: ISAKMP_NEXT_NONE
length: 32
transform number: 0
transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
af+type: OAKLEY_ENCRYPTION_ALGORITHM
length/value: 1
[1 is OAKLEY_DES_CBC]
parse ISAKMP Oakley attribute:
af+type: OAKLEY_HASH_ALGORITHM
length/value: 2
[2 is OAKLEY_SHA]
parse ISAKMP Oakley attribute:
af+type: OAKLEY_AUTHENTICATION_METHOD
length/value: 1
[1 is OAKLEY_PRESHARED_KEY]
opening ./isakmp-secrets
secret used is [halelujia], length = 9
parse ISAKMP Oakley attribute:
af+type: OAKLEY_GROUP_DESCRIPTION
length/value: 2
[2 is OAKLEY_GROUP_MODP1024]
parse ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_TYPE
length/value: 1
[1 is OAKLEY_LIFE_SECONDS]
parse ISAKMP Oakley attribute:
af+type: OAKLEY_LIFE_DURATION
length/value: 3600
Oakley Transform 0 accepted
copying 40 bytes of proposal into state object
Local secret: d17c72a39122983f89d98808ba4b120c9958af9df993f8304750e3d7ea3fb257
Public value sent: b99e75f666a2dc705491512143c9b751073efb3b98a6c8c4ef3866abad9c00754ee54651f560820ca915cea4da631cc5178b35f4d289961b6c7b30f9fefde3e214393b3c57b513611c647885c8c3bc354b69a72899bf4e8ddd9aa5cc654e708fbbe6eeb2ff315e88fcf91650b51ce90e1c0ee9c277be8fd35589880ddcc2a717
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_KE
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: none
message ID: 00 00 00 00
emit ISAKMP Key Exchange Payload:
next payload type: ISAKMP_NEXT_NONCE
emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload
emitting length of ISAKMP Key Exchange Payload: 132
emit ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload
emitting length of ISAKMP Nonce Payload: 20
emitting length of ISAKMP Message: 180
transmitted 180 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds
next event EVENT_RETRANSMIT in 30 seconds (0x8064468/0)
received packet
read 180 bytes from 192.168.2.100, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_KE
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: none
message ID: 00 00 00 00
length: 180
full state found, state OAKLEY_MAIN_I_2
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 132
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONE
length: 20
parse ISAKMP Key Exchange Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 132
parse ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_NONE
length: 20
public value received: f499fa1393878e2293acc9840c2441eba0870633200b7f1b768da82bd742641a240e65879269434c0b8ccf53fc2f89165b8e8f30cc1e72990c00dcbcc0d32947abcf9aeb4ec7726679f07f30ca7a82297c76cb5e8b2bbe773b744804fca4f4216151b7776f2baeab63fc4303404c1502bc3b89b9cc7fb212e69997ef0782fd0d
shared secret: 27c8e9b37a54c3320f638620e5751d3c1e4d5c1f3a53bb6090150797165cf0e4d5cb0b04e8f7f201ac65036e61577ac925aa160679d30113cb89b09a191fd6866c46eb627925d0133a9cf8e68319292a085a58beced2b54b1e3fc76386f1e6eb438a54615b16ba2ad57f0eb672d8405031460ca0c6029c26789d846612b67512
opening ./isakmp-secrets
secret used is [halelujia], length = 9
size of g^xy is 128
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_ID
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 00 00 00 00
emit ISAKMP Identification Payload (IPsec DOI):
next payload type: ISAKMP_NEXT_HASH
ID type: ID_IPV4_ADDR
Protocol ID: 0
port: 0
emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI)
emitting length of ISAKMP Identification Payload (IPsec DOI): 12
emit ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_NONE
emitting 20 raw bytes of HASH_I into ISAKMP Hash Payload
emitting length of ISAKMP Hash Payload: 24
emitting 4 zero bytes of encryption padding into ISAKMP Message
encrypting using OAKLEY_DES_CBC
emitting length of ISAKMP Message: 68
transmitted 68 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds
next event EVENT_RETRANSMIT in 30 seconds (0x8064468/0)
received packet
read 68 bytes from 192.168.2.100, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_ID
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_IDPROT
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 00 00 00 00
length: 68
full state found, state OAKLEY_MAIN_I_3
received encrypted packet from 192.168.2.100, port 500
decrypting 40 bytes using algorithm OAKLEY_DES_CBC
keeping last 8 bytes, just in case
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_HASH
length: 12
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONE
length: 24
removing 4 bytes of padding
parse ISAKMP Identification Payload (IPsec DOI):
next payload type: ISAKMP_NEXT_HASH
length: 12
ID type: ID_IPV4_ADDR
Protocol ID: 0
port: 0
Peer's ID type is ID_IPV4_ADDR: 192.168.2.100
parse ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_NONE
length: 24
Doing Quick Mode with 192.168.2.100, port 500, goal GOAL_ENCRYPT
find_messageid(): search failed, no structure for 192.168.2.100, port 500
inserting messageid structure for 192.168.2.100, port 500
MSG-ID is 0x00000001
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 01 00 00 00
emit ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_SA
emitting 20 zero bytes of HASH(1) into ISAKMP Hash Payload
emitting length of ISAKMP Hash Payload: 24
emit ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONCE
DOI: ISAKMP_DOI_IPSEC
emit IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
proposal number: 0
protocol ID: PROTO_IPSEC_ESP
SPI size: 4
number of transforms: 1
emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
emit ISAKMP Transform Payload (ESP):
next payload type: ISAKMP_NEXT_NONE
transform number: 0
transform ID: ESP_3DES
emit ISAKMP IPsec DOI attribute:
af+type: AUTH_ALGORITHM
length/value: 1
[1 is AUTH_ALGORITHM_HMAC_MD5]
emit ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_TYPE
length/value: 1
[1 is SA_LIFE_TYPE_SECONDS]
emit ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_DURATION
length/value: 28800
emit ISAKMP IPsec DOI attribute:
af+type: ENCAPSULATION_MODE
length/value: 2
[2 is ENCAPSULATION_MODE_TRANSPORT]
emitting length of ISAKMP Transform Payload (ESP): 24
emitting length of ISAKMP Proposal Payload: 36
emitting length of ISAKMP Security Association Payload: 48
emit ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload
emitting length of ISAKMP Nonce Payload: 20
HASH(1) computed:emitting 4 zero bytes of encryption padding into ISAKMP Message
encrypting using OAKLEY_DES_CBC
emitting length of ISAKMP Message: 124
transmitted 124 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds
inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds
event added after event EVENT_REINIT_SECRET ((nil)/0)
next event EVENT_RETRANSMIT in 30 seconds (0x8064ca8/0)
received packet
read 124 bytes from 192.168.2.100, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 01 00 00 00
length: 124
full state found, state OAKLEY_QUICK_I_1
received encrypted packet from 192.168.2.100, port 500
decrypting 96 bytes using algorithm OAKLEY_DES_CBC
keeping last 8 bytes, just in case
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_SA
length: 24
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 48
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONE
length: 20
removing 4 bytes of padding
parse ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_SA
length: 24
HASH(2) computed:HASH(2) verified
parse ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 48
DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
length: 36
proposal number: 0
protocol ID: PROTO_IPSEC_ESP
SPI size: 4
number of transforms: 1
parsing 4 raw bytes of SPI into ISAKMP Proposal Payload
parse ISAKMP Transform Payload (ESP):
next payload type: ISAKMP_NEXT_NONE
length: 24
transform number: 0
transform ID: ESP_3DES
parse ISAKMP IPsec DOI attribute:
af+type: AUTH_ALGORITHM
length/value: 1
[1 is AUTH_ALGORITHM_HMAC_MD5]
parse ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_TYPE
length/value: 1
[1 is SA_LIFE_TYPE_SECONDS]
parse ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_DURATION
length/value: 28800
parse ISAKMP IPsec DOI attribute:
af+type: ENCAPSULATION_MODE
length/value: 2
[2 is ENCAPSULATION_MODE_TRANSPORT]
parse ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_NONE
length: 20
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 01 00 00 00
emit ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_NONE
emitting 20 zero bytes of HASH(3) into ISAKMP Hash Payload
emitting length of ISAKMP Hash Payload: 24
emitting 0 zero bytes of encryption padding into ISAKMP Message
encrypting using OAKLEY_DES_CBC
emitting length of ISAKMP Message: 52
cannot perform routing: peer 192.168.2.100 is within peer's user network 192.168.2.100/255.255.255.255
state transition function for OAKLEY_QUICK_I_1 failed
next event EVENT_RETRANSMIT in 29 seconds (0x8064ca8/0)
time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0)
event EVENT_RETRANSMIT for 192.168.2.100, port 500, handled (0x8064ca8)
inserting event EVENT_RETRANSMIT, timeout in 30 seconds
next event EVENT_RETRANSMIT in 30 seconds (0x8064ca8/0)
time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0)
event EVENT_RETRANSMIT for 192.168.2.100, port 500, handled (0x8064ca8)
inserting event EVENT_RETRANSMIT, timeout in 30 seconds
next event EVENT_RETRANSMIT in 30 seconds (0x8064ca8/0)
time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0)
event EVENT_RETRANSMIT for 192.168.2.100, port 500, handled (0x8064ca8)
max number of retransmissions(2) reached for 192.168.2.100, port 500
next event EVENT_REINIT_SECRET in 3439 seconds ((nil)/0)
received kernel message
read 84 bytes from "kernel" socket
initiating exchange with [192.168.2.100], port 500, goal GOAL_ENCRYPT
Doing Quick Mode with 192.168.2.100, port 500, goal GOAL_ENCRYPT+GOAL_TUNNEL
MSG-ID is 0x00000002
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 02 00 00 00
emit ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_SA
emitting 20 zero bytes of HASH(1) into ISAKMP Hash Payload
emitting length of ISAKMP Hash Payload: 24
emit ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONCE
DOI: ISAKMP_DOI_IPSEC
emit IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
proposal number: 0
protocol ID: PROTO_IPSEC_ESP
SPI size: 4
number of transforms: 1
emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
emit ISAKMP Transform Payload (ESP):
next payload type: ISAKMP_NEXT_NONE
transform number: 0
transform ID: ESP_3DES
emit ISAKMP IPsec DOI attribute:
af+type: AUTH_ALGORITHM
length/value: 1
[1 is AUTH_ALGORITHM_HMAC_MD5]
emit ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_TYPE
length/value: 1
[1 is SA_LIFE_TYPE_SECONDS]
emit ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_DURATION
length/value: 28800
emit ISAKMP IPsec DOI attribute:
af+type: ENCAPSULATION_MODE
length/value: 1
[1 is ENCAPSULATION_MODE_TUNNEL]
emitting length of ISAKMP Transform Payload (ESP): 24
emitting length of ISAKMP Proposal Payload: 36
emitting length of ISAKMP Security Association Payload: 48
emit ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_ID
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload
emitting length of ISAKMP Nonce Payload: 20
emit ISAKMP Identification Payload (IPsec DOI):
next payload type: ISAKMP_NEXT_ID
ID type: ID_IPV4_ADDR_SUBNET
Protocol ID: 0
port: 0
emitting 4 raw bytes of initiator's client network into ISAKMP Identification Payload (IPsec DOI)
emitting 4 raw bytes of initiator's client mask into ISAKMP Identification Payload (IPsec DOI)
emitting length of ISAKMP Identification Payload (IPsec DOI): 16
emit ISAKMP Identification Payload (IPsec DOI):
next payload type: ISAKMP_NEXT_NONE
ID type: ID_IPV4_ADDR_SUBNET
Protocol ID: 0
port: 0
emitting 4 raw bytes of peer's client network into ISAKMP Identification Payload (IPsec DOI)
emitting 4 raw bytes of peer's client mask into ISAKMP Identification Payload (IPsec DOI)
emitting length of ISAKMP Identification Payload (IPsec DOI): 16
HASH(1) computed:emitting 4 zero bytes of encryption padding into ISAKMP Message
encrypting using OAKLEY_DES_CBC
emitting length of ISAKMP Message: 156
transmitted 156 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds
next event EVENT_RETRANSMIT in 30 seconds (0x8064ca8/0)
received packet
read 156 bytes from 192.168.2.100, port 500
parse ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 02 00 00 00
length: 156
full state found, state OAKLEY_QUICK_I_1
received encrypted packet from 192.168.2.100, port 500
decrypting 128 bytes using algorithm OAKLEY_DES_CBC
keeping last 8 bytes, just in case
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_SA
length: 24
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 48
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_ID
length: 20
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_ID
length: 16
parse ISAKMP Generic Payload:
next payload type: ISAKMP_NEXT_NONE
length: 16
removing 4 bytes of padding
parse ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_SA
length: 24
HASH(2) computed:HASH(2) verified
parse ISAKMP Security Association Payload:
next payload type: ISAKMP_NEXT_NONCE
length: 48
DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
next payload type: ISAKMP_NEXT_NONE
length: 36
proposal number: 0
protocol ID: PROTO_IPSEC_ESP
SPI size: 4
number of transforms: 1
parsing 4 raw bytes of SPI into ISAKMP Proposal Payload
parse ISAKMP Transform Payload (ESP):
next payload type: ISAKMP_NEXT_NONE
length: 24
transform number: 0
transform ID: ESP_3DES
parse ISAKMP IPsec DOI attribute:
af+type: AUTH_ALGORITHM
length/value: 1
[1 is AUTH_ALGORITHM_HMAC_MD5]
parse ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_TYPE
length/value: 1
[1 is SA_LIFE_TYPE_SECONDS]
parse ISAKMP IPsec DOI attribute:
af+type: SA_LIFE_DURATION
length/value: 28800
parse ISAKMP IPsec DOI attribute:
af+type: ENCAPSULATION_MODE
length/value: 1
[1 is ENCAPSULATION_MODE_TUNNEL]
parse ISAKMP Nonce Payload:
next payload type: ISAKMP_NEXT_ID
length: 20
parse ISAKMP Identification Payload (IPsec DOI):
next payload type: ISAKMP_NEXT_ID
length: 16
ID type: ID_IPV4_ADDR_SUBNET
Protocol ID: 0
port: 0
our client user is IP subnet with address 192.168.4.0...
...and netmask 255.255.255.0
parse ISAKMP Identification Payload (IPsec DOI):
next payload type: ISAKMP_NEXT_NONE
length: 16
ID type: ID_IPV4_ADDR_SUBNET
Protocol ID: 0
port: 0
peer client user is IP subnet with address 192.168.3.0...
...and netmask 255.255.255.0
emit ISAKMP Message:
initiator cookie: 86 c1 30 b9 ba e0 66 db
responder cookie: bc 74 9f 85 fc 3d b8 55
next payload type: ISAKMP_NEXT_HASH
ISAKMP version: ISAKMP Version 1.0
exchange type: ISAKMP_XCHG_QUICK
flags: ISAKMP_FLAG_ENCRYPTION
message ID: 02 00 00 00
emit ISAKMP Hash Payload:
next payload type: ISAKMP_NEXT_NONE
emitting 20 zero bytes of HASH(3) into ISAKMP Hash Payload
emitting length of ISAKMP Hash Payload: 24
emitting 0 zero bytes of encryption padding into ISAKMP Message
encrypting using OAKLEY_DES_CBC
emitting length of ISAKMP Message: 52
executing command: /sbin/route del 192.168.3.0 netmask 255.255.255.0
executing command: /sbin/route add 192.168.3.0 netmask 255.255.255.0 dev ipsec0 gw 192.168.2.100
route to 192.168.2.100 setup
Error: write() failed in setup_sa()
Errno 22: Invalid argument
state transition function for OAKLEY_QUICK_I_1 failed
next event EVENT_RETRANSMIT in 29 seconds (0x8064ca8/0)
time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0)
event EVENT_RETRANSMIT for 192.168.2.100, port 500, handled (0x8064ca8)
inserting event EVENT_RETRANSMIT, timeout in 30 seconds
next event EVENT_RETRANSMIT in 30 seconds (0x8064ca8/0)
time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0)
event EVENT_RETRANSMIT for 192.168.2.100, port 500, handled (0x8064ca8)
inserting event EVENT_RETRANSMIT, timeout in 30 seconds
next event EVENT_RETRANSMIT in 30 seconds (0x8064ca8/0)
time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0)
event EVENT_RETRANSMIT for 192.168.2.100, port 500, handled (0x8064ca8)
max number of retransmissions(2) reached for 192.168.2.100, port 500
next event EVENT_REINIT_SECRET in 3335 seconds ((nil)/0)
time to handle event
next event is EVENT_SA_EXPIRE (0x8064468/0)
event EVENT_REINIT_SECRET handled
inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
event added after event EVENT_SA_EXPIRE (0x8064468/0)
next event EVENT_SA_EXPIRE in 71 seconds (0x8064468/0)
time to handle event
next event is EVENT_REINIT_SECRET ((nil)/0)
SA expired for 192.168.2.100, port 500
next event EVENT_REINIT_SECRET in 3529 seconds ((nil)/0)
===> barf.110 (gonzales) <==
+ date
Tue Jun 16 21:23:46 EDT 1998
+ hostname
gonzales.conscoop.ottawa.on.ca
+ hostname --fqdn
gonzales.conscoop.ottawa.on.ca
+ hostname --ip-address
192.168.2.110
+ cat /proc/version
Linux version 2.0.34 (root@gonzales.conscoop.ottawa.on.ca) (gcc version 2.7.2.1) #3 Tue Jun 16 13:59:29 EDT 1998
+ cat /proc/net/ipsec_eroute
EROUTE:
(192.168.4.0/255.255.255.0 -> 192.168.3.0/255.255.255.0) =>
(192.168.2.100, 0x586b52ea)
+ cat /proc/net/ipsec_spi
SPI:
(192.168.2.110, 0x37947e8e, 3DES-MD5-96 Encryption: iv = 0x0000000000000000 seq = 0, bit = 0x00000000, win = 0 flags = 0x0)
+ cat /proc/net/ipsec_spigrp
SPIGRP:
(192.168.2.110, 0x37947e8e, 3DES-MD5-96 Encryption)
+ cat /proc/net/ipsec_tncfg
TNCFG:
ipsec0 -> NULL
ipsec1 -> NULL
+ cat /proc/net/ipsec_version
VERSION_INFO:
FreeS/WAN version: 0.85
Transform:, CVS version: $Id: ipsec_ipe4.c,v 1.6 1998/06/11 05:49:58 rgb Exp $ Transform: , CVS version: $Id: ipsec_ahhmacmd5.c,v 1.7 1998/06/11 05:49:53 rgb Exp $ Transform: , CVS version: $Id: ipsec_ahhmacsha1.c,v 1.7 1998/06/11 05:49:54 rgb Exp $ Transform: <3DES-MD5-96 Encryption>, CVS version: $Id: ipsec_esp3desmd596.c,v 1.8 1998/06/11 05:51:34 rgb Exp $ Transform: , CVS version: $Id: ipsec_espdesmd596.c,v 1.7 1998/06/11 05:51:35 rgb Exp $
+ cat /proc/net/dev
Inter-| Receive | Transmit face |packets errs drop fifo frame|packets errs drop fifo colls carrier lo: 44352 0 0 0 0 44352 0 0 0 0 0 tunl0: 0 0 0 0 0 0 0 0 0 0 0 tunl1: 0 0 0 0 0 0 0 0 0 0 0 eth0: 1886 0 0 0 0 1796 0 0 0 33 0 eth1: 204 0 0 0 0 70 0 0 0 0 0 ipsec0: 0 0 0 0 0 0 0 0 0 0 0 ipsec1: 0 0 0 0 0 0 0 0 0 0 0
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.2.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth0 192.168.1.0 192.168.2.103 255.255.255.0 UG 1500 0 0 eth0 192.168.4.0 0.0.0.0 255.255.255.0 U 1500 0 0 eth1 192.168.3.0 192.168.2.100 255.255.255.0 UG 0 0 0 ipsec0 127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo 0.0.0.0 192.168.2.100 0.0.0.0 UG 1500 0 0 eth0
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 0002A8C0 00000000 01 0 18 0 00FFFFFF 1500 0 0 eth0 0001A8C0 6702A8C0 03 0 4 0 00FFFFFF 1500 0 0 eth1 0004A8C0 00000000 01 0 0 0 00FFFFFF 1500 0 0 ipsec0 0003A8C0 6402A8C0 03 0 0 0 00FFFFFF 0 0 0 lo 0000007F 00000000 01 0 12 0 000000FF 3584 0 0 eth0 00000000 6402A8C0 03 0 3 0 00000000 1500 0 0
+ ifconfig -a
lo Link encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 RX packets:44352 errors:0 dropped:0 overruns:0 TX packets:44352 errors:0 dropped:0 overruns:0 eth0 Link encap:10Mbps Ethernet HWaddr 00:60:08:3E:C5:1A inet addr:192.168.2.110 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1886 errors:0 dropped:0 overruns:0 TX packets:1796 errors:0 dropped:0 overruns:0 Interrupt:10 Base address:0xfc40 eth1 Link encap:10Mbps Ethernet HWaddr 00:60:08:3E:83:B8 inet addr:192.168.4.110 Bcast:192.168.4.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:204 errors:0 dropped:0 overruns:0 TX packets:70 errors:0 dropped:0 overruns:0 Interrupt:15 Base address:0xfc00
+ cat /proc/net/ip_forward
IP firewall forward rules, default 4
+ cat /proc/net/ip_input
IP firewall input rules, default 4
+ cat /proc/net/ip_output
IP firewall output rules, default 4
+ cat /proc/modules
ipsec 18 0
+ cat /proc/meminfo
total: used: free: shared: buffers: cached: Mem: 30748672 30244864 503808 34308096 131072 11743232 Swap: 67608576 159744 67448832
MemTotal: 30028 kB MemFree: 492 kB MemShared: 33504 kB Buffers: 128 kB Cached: 11468 kB SwapTotal: 66024 kB SwapFree: 65868 kB
+ ls -l /dev/ipsec
crw-r--r-- 1 root root 36, 10 Dec 18 1997 /dev/ipsec
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_spinew /proc/net/ipsec_tncfg /proc/net/ipsec_version
- -r--r--r-- 1 root root 0 Jun 16 17:17 /proc/net/ipsec_eroute - -r--r--r-- 1 root root 0 Jun 16 17:17 /proc/net/ipsec_spi - -r--r--r-- 1 root root 0 Jun 16 17:17 /proc/net/ipsec_spigrp - -r--r--r-- 1 root root 0 Jun 16 17:17 /proc/net/ipsec_spinew - -r--r--r-- 1 root root 0 Jun 16 17:17 /proc/net/ipsec_tncfg - -r--r--r-- 1 root root 0 Jun 16 17:17 /proc/net/ipsec_version
+ test -f /usr/src/linux/.config
+ egrep IP /usr/src/linux/.config
CONFIG_SYSVIPC=y
CONFIG_IP_FORWARD=y
# CONFIG_IP_MULTICAST is not set
CONFIG_IP_FIREWALL=y CONFIG_IP_FIREWALL_VERBOSE=y CONFIG_IP_MASQUERADE=y CONFIG_IP_MASQUERADE_ICMP=y CONFIG_IP_ALWAYS_DEFRAG=y CONFIG_IP_ACCT=y
# CONFIG_IP_ROUTER is not set
CONFIG_NET_IPIP=y CONFIG_IP_ALIAS=y CONFIG_IP_NOSR=y
# CONFIG_IPX is not set
CONFIG_IPSEC=m
CONFIG_IPSEC_IPIP=y
# CONFIG_IPSEC_EXPERIMENTAL is not set
CONFIG_IPSEC_AH=y CONFIG_IPSEC_AH_HMAC_MD5=y CONFIG_IPSEC_AH_HMAC_SHA1=y CONFIG_IPSEC_ESP=y CONFIG_IPSEC_ESP_DES_MD5_96=y CONFIG_IPSEC_ESP_3DES_MD5_96=y
DEBUG_IPSEC=y
# CONFIG_PLIP is not set
CONFIG_SLIP=y
CONFIG_SLIP_COMPRESSED=y
# CONFIG_SLIP_SMART is not set
# CONFIG_SLIP_MODE_SLIP6 is not set
+ test -f /var/log/kern.debug
+ tail -100 /var/log/kern.debug
Jun 16 17:10:07 gonzales kernel: ipsec_init: ipsec module loaded. freeswan version: 0.85 Jun 16 17:10:07 gonzales kernel: ipsec_init: ipsec_init source -- $Id: ipsec_init.c,v 1.9 1998/06/14 23:49:40 rgb Exp $ Jun 16 17:10:07 gonzales kernel: ipsec_init: attachingJun 16 17:10:07 gonzales kernel: ipe4_attach: called.$Id: ipsec_ipe4.c,v 1.6 1998/06/11 05:49:58 rgb Exp $ Jun 16 17:10:07 gonzales kernel: ipsec_init: attaching Jun 16 17:10:07 gonzales kernel: ahhmacmd5_attach: called.$Id: ipsec_ahhmacmd5.c,v 1.7 1998/06/11 05:49:53 rgb Exp $ Jun 16 17:10:07 gonzales kernel: ipsec_init: attaching Jun 16 17:10:07 gonzales kernel: ahhmacsha1_attach: called.$Id: ipsec_ahhmacsha1.c,v 1.7 1998/06/11 05:49:54 rgb Exp $ Jun 16 17:10:07 gonzales kernel: ipsec_init: attaching <3DES-MD5-96 Encryption> Jun 16 17:10:07 gonzales kernel: esp3desmd596_attach: called.$Id: ipsec_esp3desmd596.c,v 1.8 1998/06/11 05:51:34 rgb Exp $ Jun 16 17:10:07 gonzales kernel: ipsec_init: attaching Jun 16 17:10:07 gonzales kernel: espdesmd596_attach: called.$Id: ipsec_espdesmd596.c,v 1.7 1998/06/11 05:51:35 rgb Exp $ Jun 16 17:10:07 gonzales kernel: ipsec_tunnel_init: KLIPS: tunnelling code $Id: ipsec_tunnel.c,v 1.8 1998/06/14 23:49:40 rgb Exp $ Jun 16 20:02:37 gonzales kernel: ipsec_callback: skb=1dce934 skblen=56 em_magic=1400332654 em_type=5 em_spi=c1a0800 Jun 16 20:02:37 gonzales kernel: ipsec_callback: skb=1d31c80 skblen=128 em_magic=1400332654 em_type=2 em_spi=37947e8e Jun 16 20:02:37 gonzales kernel: ipsec_callback: could not find a TDB for spi=0x37947e8e, daddr=192.168.2.110, allocating (this is normal) Jun 16 20:02:37 gonzales kernel: tdb_init: calling init routine of 3DES-MD5-96 Encryption Jun 16 20:02:37 gonzales kernel: esp3desmd596_init: called with tdbp=1ab8098, xsp=28219cc, em=1d31c00 Jun 16 20:02:37 gonzales kernel: esp3desmd596_init: called for dst=192.168.2.110, spi=0x37947e8e Jun 16 20:02:37 gonzales kernel: esp3desmd596_init: insufficient authorisation key size: 0 -- must be at least 16 octets
+ tail -250 /var/log/messages
+ egrep -i ipsec|klips|pluto|xxx
+ date
Tue Jun 16 21:23:48 EDT 1998
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBNYcq79+sBuIhFagtAQFYNgQAs9Zqha+wFEzc3+XRpC3KxBnz1E6MIu6i
MjlozdGu8bgL3XU0b6gQgTwuU7SSaXznqYjTRdJByV27qFoSGPjWHjRszLVse/RX
mNQH+ybNpr0MnGRyOIJ8L5Y6Ip5y+Jw/uSShKSl88KtkJ27MlJTt1Q9/nlCOMJID
jGJsXUvqvuI=
=S7Ft
-----END PGP SIGNATURE-----
Received on Tue Jun 16 23:30:05 1998
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:21 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |