Hosting Provided By

linux-ipsec: INTEROP: Pluto with ANS

From: Hugh Daniel <hugh(at)road.toad.com>
Date: Thu Mar 05 1998 - 16:18:08 EST

We did some testing with ANS today, below is the slightly commented pluto log of that test.
The debugging output is allmost impenetrable, but the first one (they initiated) worked right out of the box. Does anyone have a proposal on how to format the debugging output of Pluto such that it is usefull to normal sysadmins and sutible for sysloging? The rest all had some problems, pluto dieing when it could not set something up with KLIPS, missing information packets, lact of express address of the partys communicating etc. Maybe Pluto should ask the kernel what it can do (transforms wise) insted of just presuming it can do anything. It should do this BEFORE negotiations begin...

Later.

		||ugh Daniel
		hugh@toad.com
		Systems Testing & Project mis-Management
		The Linux FreeS/WAN Project
		
http://www.xs4all.nl/~freeswan

Script started on Thu Mar 5 10:57:06 1998 .bashrc@road.toad.com
root@road > pluto 500
opening /dev/urandom
inserting event 0, timeout in 3600 seconds init_socket(): listening to port 500

listening at 127.0.0.1
listening at 172.26.217.10
listening at 172.16.217.9

listening at 3 interfaces
init_kernelfd(): listening to port 501
socket numbers:
4 5 6 7
kernel socket: 8
next event in 3600 seconds ((nil)/0)

[1]+  Stopped                 pluto 500

root@road > bg
[1]+ pluto 500 &
root@road > sh ike_ans.sh
Initiating with 172.26.217.2, port 500

172.16.216.8
255.255.255.248
172.16.217.0
255.255.255.255

Goal = 6

received kernel message
read 84 bytes from "kernel" socket
initiating exchange with [172.26.217.2], port 500, goal 6 GOAL_AUTHENTICATE+GOAL_TUNNEL Proxying: 172.16.216.8/255.255.255.248<--->172.16.217.0/255.255.255.255 Transform: 1 ESP_DES_IV64
opening ./isakmp-secrets
secret used is [whatcertificatereally], length = 21 Oakley proposal:
00 00 00 30 01 01 08 01 00 00 00 00 00 00 00 00 00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 01 80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10 state hash entry 22
transmitted 88 bytes
inserting event 1, timeout in 30 seconds next event in 30 seconds (0x8079940/0)
Done.
root@road >
received packet
read 88 bytes from 172.26.217.2, port 500 10 91 38 a0 e6 10 90 bf 0c 8f 50 b4 f1 ea f5 3d 01 10 02 00 00 00 00 00 00 00 00 58 00 00 00 3c 00 00 00 01 00 00 00 01 00 00 00 30 01 01 08 01 00 00 00 00 00 00 00 00 00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 01 80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10
state hash entry 2
find_full_state() hash 2 pointer (nil)
state hash entry 22
half state object found, state 0 OAKLEY_MAIN_I_1 exchange state 0 OAKLEY_MAIN_I_1
Local secret:
318f71f8e30ad358de4fa38bdb0ef135c60196f5dea7a801e67052ead027feeb Public value sent:
a51f282d246d3ce0dc2c444b1dcb3dc56891ea104e69424bbd914f971a2d099f2b10964359cd81e5c232fba55a1f2bbb716d64151c822f83f39d0b7bf0771b78c53fb1aea57aa65693932b52fe137bf066981639010490fceaed1a616bb493ed475554b147125362ec3683baa922067badc192478cbe9aefc8bb864356886b96 Public value is 128 bytes long.
k = 31, i = 160, isag->isag_length = 132 copying 48 bytes of proposal into state object state hash entry 22
state hash entry 2
my identity is 172.26.217.10
transmitted 180 bytes
inserting event 1, timeout in 30 seconds next event in 30 seconds (0x8079940/0)

received packet
read 184 bytes from 172.26.217.2, port 500 10 91 38 a0 e6 10 90 bf 0c 8f 50 b4 f1 ea f5 3d 04 10 02 00 00 00 00 00 00 00 00 b8 0a 00 00 84 5d 2e 14 58 1a 2f 7c ff db 07 43 12 b5 5b 26 6c 02 d5 7b 06 9d 6f 19 6b 56 82 1b 9b 17 33 b2 82 9e ed 03 77 05 ad ab 4e d8 c0 41 74 d7 af 8f d5 75 68 ad b7 ef 36 97 2f 69 92 74 03 79 90 37 36 cf de 04 2b df 39 36 81 d7 67 e6 29 09 46 53 95 34 c6 7e 32 5b 58 9d de 66 3b 6c bf 80 8c e7 29 1b e4 dd c1 4e 31 c6 84 25 55 c5 c7 a2 62 a5 91 23 16 f4 46 14 56 33 19 2b 68 9a 98 3f c1 d3 52 00 00 00 18 dd 4b 30 97 6a a5 ce 10 e3 80 67 43 80 ad 36 59 66 69 51 b0
state hash entry 2
find_full_state() hash 2 pointer 0x8079940 full state object found, state 1 OAKLEY_MAIN_I_2 exchange state 1 OAKLEY_MAIN_I_2
public value received:
5d2e14581a2f7cffdb074312b55b266c02d57b069d6f196b56821b9b1733b2829eed037705adab4ed8c04174d7af8fd57568adb7ef36972f6992740379903736cfde042bdf393681d767e6290946539534c67e325b589dde663b6cbf808ce7291be4ddc14e31c6842555c5c7a262a5912316f446145633192b689a983fc1d352 shared secret:
f21af1c807922675927fc5d1bc97db775d3009f96f0577f0653cb689ec12b545a5177a35b15f20e38968fe510a88a1741db06ecce5efa34b08a2987752d530afdcb04234b7ec4153178b6625ee8d4019556128829d23615ec6aae5d6aaa9774a93efe84a6252d9bb030a4a95bbf7fae733e147396d8f385c6e7d893f4037ca4a opening ./isakmp-secrets
secret used is [whatcertificatereally], length = 21 size of g^xy is 128
Skeyid(16):

54 2f a4 e3 4c 62 d0 e8 8d 68 e3 dd 06 fb 8e 4a Skeyid_d(16):

6a de 5e fa c5 4e cc e4 50 ea 0c 05 dc 80 ec 89 Skeyid_a(16):

12 a8 37 23 39 ac 10 fe f8 44 f9 5a e1 35 8e fd Skeyid_e(16):

Do you need help?

0f 43 85 af 71 b5 66 c8 a8 a1 b9 f3 46 54 4f fc IV(16):

74 e5 bd f7 aa a2 ae 03 f0 bc af e1 bb 38 d8 1b hashing 56 bytes of SA
Hashing my ID: Type 1 ID_IPV4_ADDR, Protocol 0, Port 0 padding is 0 bytes
HASH_I sent: 33 1e 75 94 77 5b b0 1c 41 7b 42 3f 80 74 df ff encrypting using 1 OAKLEY_DES_CBC
new IV: 76 7d 7c a4 d6 94 45 3a
transmitted 60 bytes
inserting event 1, timeout in 30 seconds next event in 30 seconds (0x8079940/0)

received packet
read 60 bytes from 172.26.217.2, port 500   10 91 38 a0 e6 10 90 bf 0c 8f 50 b4 f1 ea f5 3d   05 10 02 01 00 00 00 00 00 00 00 3c 70 45 55 a2   6b d2 83 4a fb 13 ae d8 08 12 2d 37 08 df ef 89   78 21 64 f8 94 ac 28 30 35 98 da 98
state hash entry 2
find_full_state() hash 2 pointer 0x8079940 full state object found, state 2 OAKLEY_MAIN_I_3 received encrypted packet from 172.26.217.2, port 500 decrypting 32 bytes using algorithm 1 OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: 94 ac 28 30 35 98 da 98
  08 00 00 0c 01 11 01 f4 ac 1a d9 02 00 00 00 14   a1 d7 80 81 db ff 03 38 40 f5 7b f0 ea 89 b9 27 Payload type 5 ISAKMP_NEXT_ID, length 12 Payload type 8 ISAKMP_NEXT_HASH, length 20 removed 0 bytes of padding
exchange state 2 OAKLEY_MAIN_I_3
last encrypted Phase 1 block: 94 ac 28 30 35 98 da 98 port or protocol id in ID not zero (62465/17) IDir type is 1 ID_IPV4_ADDR, length 4
IDir is 172.26.217.2
hashing 56 bytes of SA
Hashing his ID: Type 1 ID_IPV4_ADDR, Protocol 17, Port 62465 computed HASH_R: a1 d7 80 81 db ff 03 38 40 f5 7b f0 ea 89 b9 27 received HASH_R: a1 d7 80 81 db ff 03 38 40 f5 7b f0 ea 89 b9 27 HASH_R verified
Doing Quick Mode with 172.26.217.2, port 500, goal 6 GOAL_AUTHENTICATE+GOAL_TUNNEL find_messageid(): search failed, no structure for 172.26.217.2, port 500 inserting messageid structure for 172.26.217.2, port 500 MSG-ID is 1
state hash entry 2
Protocol: 2 PROTO_IPSEC_AH
SPI sent: 00 00 01 00
Transform: 2 AH_MD5
SA lifetime (seconds): 28800
Encapsulation mode: 1 ENCAPSULATION_MODE_TUNNEL Sending IDui/IDur
computed Phase 2 IV: b1 19 b9 7e 69 15 43 69 8f 7c 18 f3 51 2c 18 91 compute_hash(): skipping 48 bytes at begining of packet HASH(1) computed:
  73 45 b3 f9 93 dd eb a6 5a 85 72 43 f0 b8 91 d7 Packet length 144
padding is 4 bytes
encrypting using 1 OAKLEY_DES_CBC
new IV: d9 9c a8 17 f9 fd 90 6e
transmitted 148 bytes
inserting event 1, timeout in 30 seconds inserting event 3, timeout in 3600 seconds event added after event 0 ((nil)/0)
next event in 30 seconds (0x807a0d0/0)

received packet
read 148 bytes from 172.26.217.2, port 500   10 91 38 a0 e6 10 90 bf 0c 8f 50 b4 f1 ea f5 3d   08 10 20 01 01 00 00 00 00 00 00 94 06 2d df b7   74 42 d0 a2 53 73 1e 87 a9 18 94 6e 54 6c 84 d3   93 07 19 10 90 57 e1 72 47 82 0a a1 cf fb d6 8f   eb ab d1 25 87 d8 ac 6b 41 fa ea c4 f0 71 45 ce   16 55 6f 4b 64 69 fb e7 d1 c1 69 71 52 50 62 a5   93 72 7f 97 ef d5 b1 16 6d ec 5a 84 d6 35 ed 3f   24 5d 83 a5 c4 4a 5e 6c 75 41 d7 25 4c 8e 9f 69   06 87 bf 91 cc 10 84 f1 a3 f1 d9 65 5f d2 ee c5   1f 04 2c 4b
state hash entry 2
find_full_state() hash 2 pointer 0x807a0d0 full state object found, state 7 OAKLEY_QUICK_I_1 received encrypted packet from 172.26.217.2, port 500 decrypting 120 bytes using algorithm 1 OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: 5f d2 ee c5 1f 04 2c 4b
  01 00 00 14 9f 33 b4 81 55 c2 45 6b 04 d3 49 e8   32 81 5a 9f 0a 00 00 2c 00 00 00 01 00 00 00 01   00 00 00 20 01 02 04 01 12 34 56 78 00 00 00 14   01 02 00 00 80 01 00 01 80 02 70 80 80 04 00 01   05 00 00 18 c6 ae 69 99 31 8e 73 18 ff 5c 24 a1   48 98 91 44 7f 12 04 d2 05 00 00 10 04 00 00 00   ac 10 d8 08 ff ff ff f8 00 00 00 10 04 00 00 00   ac 10 d9 00 ff ff ff ff
Payload type 8 ISAKMP_NEXT_HASH, length 20 Payload type 1 ISAKMP_NEXT_SA, length 44 Payload type 10 ISAKMP_NEXT_NONCE, length 24 Payload type 5 ISAKMP_NEXT_ID, length 16 Payload type 5 ISAKMP_NEXT_ID, length 16 removed 0 bytes of padding
exchange state 7 OAKLEY_QUICK_I_1
compute_hash(): skipping 48 bytes at begining of packet HASH(2) computed:
  9f 33 b4 81 55 c2 45 6b 04 d3 49 e8 32 81 5a 9f HASH(2) received: 9f 33 b4 81 55 c2 45 6b 04 d3 49 e8 32 81 5a 9f HASH(2) verified
proposal: protocol 2 PROTO_IPSEC_AH, transform 2 AH_MD5 SA life type 1 SA_LIFE_TYPE_SECONDS
SA life duration 28800
encapsulation mode 1 ENCAPSULATION_MODE_TUNNEL SPI accepted (4): 12 34 56 78
accepted protocol 2 PROTO_IPSEC_AH, transform 2 AH_MD5 SA expiration 28800 seconds, 0 kilobytes encapsulation mode 1 ENCAPSULATION_MODE_TUNNEL AUTH algorithm 0 0??
group description 1 OAKLEY_GROUP_MODP768 IDui/IDur present
our user IPv4 subnet verified
peer user IPv4 subnet address verified
Nr received: c6 ae 69 99 31 8e 73 18 ff 5c 24 a1 48 98 91 44   7f 12 04 d2
HASH(3) computed: e3 66 d9 22 d9 6a a7 4b dc 5a f9 74 50 f1 79 98 added 4 bytes of padding
encrypting using 1 OAKLEY_DES_CBC
new IV: 53 2e cc c6 c8 c8 e8 7d
transmitted 52 bytes
in compute_keymat()
KEYMAT computed: 77 27 e7 70 bf d5 1d 13 46 62 64 dc 55 2a 45 7a Peer KEYMAT computed: b1 88 cd bd c9 83 17 a8 93 84 a8 85 0b 88 d1 ad inserting event 3, timeout in 28800 seconds event added after event 3 (0x8079940/0)
we're here...
...and here
route to 172.26.217.2 setup
Error: protocol 2 PROTO_IPSEC_AH not implemented yet

[1]+  Exit 255                pluto 500

root@road > # lets try te hem init.ing
root@road > # lets try them init.ingroot@road > [11Psh ike_ans.shbg[Kpluto 500 opening /dev/urandom
inserting event 0, timeout in 3600 seconds init_socket(): listening to port 500

listening at 127.0.0.1
listening at 172.26.217.10
listening at 172.16.217.9

listening at 3 interfaces
init_kernelfd(): listening to port 501
socket numbers:
4 5 6 7
kernel socket: 8
next event in 3600 seconds ((nil)/0)

[1]+  Stopped                 pluto 500

root@road > bg
[1]+ pluto 500 &

root@road > # sun bnets, main mode, 3des-sha, groupe 2
root@road > # quickmode, esp tunnel des shaw
root@road >

received packet
read 80 bytes from 172.26.217.2, port 500 b5 fc 88 81 b9 72 0a 30 00 00 00 00 00 00 00 00 01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34 00 00 00 01 00 00 00 01 00 00 00 28 01 01 00 01 00 00 00 20 01 01 00 00 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 00 78 state hash entry 23
find_full_state() hash 23 pointer (nil)
state hash entry 23
state object not found
encryption algorithm 5 OAKLEY_3DES_CBC
no acceptable proposal from 172.26.217.2, port 500 next event in 3333 seconds ((nil)/0)

received packet
read 80 bytes from 172.26.217.2, port 500 2f 42 c5 34 d8 9c af a7 00 00 00 00 00 00 00 00 01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34 00 00 00 01 00 00 00 01 00 00 00 28 01 01 00 01 00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 01 80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 00 78 state hash entry 12
find_full_state() hash 12 pointer (nil)
state hash entry 12
state object not found
encryption algorithm 1 OAKLEY_DES_CBC
hash algorithm 1 OAKLEY_MD5
authentication method 1 OAKLEY_PRESHARED_KEY opening ./isakmp-secrets
secret used is [whatcertificatereally], length = 21 group description 2 OAKLEY_GROUP_MODP1024 life type 1 OAKLEY_LIFE_SECONDS
life duration 120
no acceptable proposal from 172.26.217.2, port 500 next event in 3236 seconds ((nil)/0)

Do you need more help?

root@road > 
root@road > 
root@road >

received packet
read 80 bytes from 172.26.217.2, port 500 f4 8a 5d 2d 4b d5 93 df 00 00 00 00 00 00 00 00 01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34 00 00 00 01 00 00 00 01 00 00 00 28 01 01 00 01 00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 01 80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10 state hash entry 18
find_full_state() hash 18 pointer (nil)
state hash entry 18
state object not found
encryption algorithm 1 OAKLEY_DES_CBC
hash algorithm 1 OAKLEY_MD5
authentication method 1 OAKLEY_PRESHARED_KEY opening ./isakmp-secrets
secret used is [whatcertificatereally], length = 21 group description 2 OAKLEY_GROUP_MODP1024 life type 1 OAKLEY_LIFE_SECONDS
life duration 3600
my identity is 172.26.217.10
sending 80 bytes to 172.26.217.2, port 500 state hash entry 7
inserting event 2, timeout in 120 seconds next event in 120 seconds (0x8079940/0)

received packet
read 184 bytes from 172.26.217.2, port 500   f4 8a 5d 2d 4b d5 93 df bd ea af 79 4e fd 2a f1   04 10 02 00 00 00 00 00 00 00 00 b8 0a 00 00 84   76 16 9f 48 04 c0 ad 6e d2 5f 43 37 d3 ac 6e f7   d7 26 e7 f5 02 92 eb 0a 22 a1 be b7 12 1c 2c 38   5d fa 1a 02 ef f8 59 be ed 26 da ba eb 27 21 13   a9 75 97 b1 d7 a4 42 c9 a8 fd ef dc 81 05 ee 61   05 9f 3e 55 f8 9e c2 e9 b8 04 71 90 cb 09 fb 70   51 83 d2 13 d4 12 a1 c7 dd 9b 77 da a0 2b d2 87   29 24 0a c7 89 76 3f da ee e2 23 83 ef 69 0b 0e   f9 6f 7a d3 c0 18 96 f4 9e 2b db c3 7c a2 d1 b0   00 00 00 18 44 a8 b5 12 d6 c2 ef 8e 6e c6 4a 4e   0c cf 0d 1f 9f 12 2d 8e
state hash entry 7
find_full_state() hash 7 pointer 0x8079940 full state object found, state 3 OAKLEY_MAIN_R_1 exchange state 3 OAKLEY_MAIN_R_1
public value received:
76169f4804c0ad6ed25f4337d3ac6ef7d726e7f50292eb0a22a1beb7121c2c385dfa1a02eff859beed26dabaeb272113a97597b1d7a442c9a8fdefdc8105ee61059f3e55f89ec2e9b8047190cb09fb705183d213d412a1c7dd9b77daa02bd28729240ac789763fdaeee22383ef690b0ef96f7ad3c01896f49e2bdbc37ca2d1b0 our secret value:
767aa61dea14ffc5bb80c0d7dec149e682657e6fe76f138ee9a48210b95a448d our public value:
e97d59586da83cacdddae27c0a0663138bb7b74855a9898a842c00914e21b6dceb08ecfba41ec891d9129ddff0b17c852b11f3c54cac12914c699ae2ae893f53028408b723c6012e0a12b019636750abe61cc2629d691370b54e4d2905cae8ca717a5644bad102babe0bebb6c0b373c6f9072976891ed2fed73ebaaf3e3f5d1 shared secret:
a5bf458d4360139da44b0bfe7ec965f72784398dd00f9aebd9ade6b09f03b798674bdea8b97bef1f6d7a1ea066d384701544b75053830f698de5351cc8081a6c914bf68a6cb00901d7da137edca0d5724abeb6d5b25f698f8d4dfb0b66d7ab6c860198391f1a800677edeff15563845a77e03425adcb75139bcb4901cb03b309 transmitted 180 bytes
opening ./isakmp-secrets
secret used is [whatcertificatereally], length = 21 size of g^xy is 128
Skeyid(16):
  85 1f 45 57 2e 3d 6d cc 5e 6c 57 26 32 47 c4 ec Skeyid_d(16):
  e8 a6 9d 47 6b 14 be c0 14 e7 de 1b 2d f3 28 76 Skeyid_a(16):
  40 33 4e 19 55 d1 65 31 3f 41 dc c7 f1 f5 13 43 Skeyid_e(16):
  5f 9a 98 44 7f 8d 13 b0 39 88 bc 43 14 40 4b 66 IV(16):
  26 95 cc ad e0 ed 51 5c f1 79 1f f2 a9 bd 7c 95 inserting event 2, timeout in 120 seconds next event in 120 seconds (0x8079940/0)

received packet
read 60 bytes from 172.26.217.2, port 500 f4 8a 5d 2d 4b d5 93 df bd ea af 79 4e fd 2a f1 05 10 02 01 00 00 00 00 00 00 00 3c 5b 98 a0 8a ff df 4d 47 11 37 d6 e5 c2 d7 a6 f9 84 9b 90 c8 ca 4e 45 a8 f6 8b 0a f9 d2 15 63 4a
state hash entry 7
find_full_state() hash 7 pointer 0x8079940 full state object found, state 4 OAKLEY_MAIN_R_2 received encrypted packet from 172.26.217.2, port 500 decrypting 32 bytes using algorithm 1 OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: f6 8b 0a f9 d2 15 63 4a
08 00 00 0c 01 11 01 f4 ac 1a d9 02 00 00 00 14 e4 20 c9 ab 22 0c 1a dc db c0 5d fe 66 7a 9b d2 Payload type 5 ISAKMP_NEXT_ID, length 12 Payload type 8 ISAKMP_NEXT_HASH, length 20 removed 0 bytes of padding
exchange state 4 OAKLEY_MAIN_R_2
port or protocol id in ID not zero (62465/17) IDii type is 1 ID_IPV4_ADDR, length 4
IDii is 172.26.217.2
hashing 48 bytes of SA
Hashing his ID: Type 1 ID_IPV4_ADDR, Protocol 17, Port 62465 computed HASH_I: e4 20 c9 ab 22 0c 1a dc db c0 5d fe 66 7a 9b d2 received HASH_I: e4 20 c9 ab 22 0c 1a dc db c0 5d fe 66 7a 9b d2 HASH_I verified
padding is 0 bytes
hashing 48 bytes of SA
Hashing my ID: Type 1 ID_IPV4_ADDR, Protocol 0, Port 0 sending HASH_R: b5 4a 48 e3 6e d0 ae 7f cd 6a bf c5 90 13 6b 0d encrypting using 1 OAKLEY_DES_CBC
last encrypted block of Phase 1: 01 79 e3 2b 57 24 b4 49 new IV: 01 79 e3 2b 57 24 b4 49
transmitted 60 bytes
inserting event 3, timeout in 3600 seconds event added after event 0 ((nil)/0)
next event in 3094 seconds ((nil)/0)

received packet
read 156 bytes from 172.26.217.2, port 500   f4 8a 5d 2d 4b d5 93 df bd ea af 79 4e fd 2a f1   08 10 20 01 3d d7 7c c0 00 00 00 9c cb 03 4e fb   6d 6a 09 1e 3e 73 27 d6 30 4b eb de c6 ec d0 a6   b8 dd 77 82 c2 94 70 0a 05 61 6e df ec 3c b2 2f   cb 6d 46 80 bd fe e2 8c 91 e6 9e b9 51 7a e6 83   4c 81 0d ed cf a4 15 a7 20 4e 5b ed e9 a9 0f e4   b2 0a 39 9d 4e 29 a1 d4 af 8c 81 35 81 15 e5 33   02 14 75 cb a6 d0 40 d6 b6 09 ef de ee 0c dc cc   72 1d 70 e5 a9 2b 6f 37 f4 a0 cd a9 d1 25 94 d2   49 10 51 86 f3 ca 7f cc 59 49 af 2d
state hash entry 7
find_full_state() hash 7 pointer (nil)
received encrypted packet from 172.26.217.2, port 500, for which no state can be found state hash entry 7
find_full_state() hash 7 pointer 0x8079940 state hash entry 7
inserting messageid structure for 172.26.217.2, port 500 computed phase 2 IV: 19 d5 16 4d 70 38 b8 93 69 9d 9d 27 00 48 c0 37 received encrypted packet from 172.26.217.2, port 500 decrypting 128 bytes using algorithm 1 OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: f3 ca 7f cc 59 49 af 2d
  01 00 00 14 1a 87 16 09 2a 05 75 81 a5 db cb df   96 6f 92 99 0a 00 00 30 00 00 00 01 00 00 00 01   00 00 00 24 01 03 04 01 12 34 56 78 00 00 00 18   01 02 00 00 80 01 00 01 80 02 0e 10 80 04 00 01   80 05 00 02 05 00 00 18 fd 2a 37 97 f9 63 74 dc   f0 43 b3 9c 01 fe 0b 6b 37 7e 27 0d 05 00 00 10   04 00 00 00 ac 1a d9 00 ff ff ff 00 00 00 00 10   04 00 00 00 ac 1a d8 08 ff ff ff f8 00 00 00 00 Payload type 8 ISAKMP_NEXT_HASH, length 20 Payload type 1 ISAKMP_NEXT_SA, length 48 Payload type 10 ISAKMP_NEXT_NONCE, length 24 Payload type 5 ISAKMP_NEXT_ID, length 16 Payload type 5 ISAKMP_NEXT_ID, length 16 removed 4 bytes of padding
exchange state 8 OAKLEY_QUICK_R_1
Packet dump:
  f4 8a 5d 2d 4b d5 93 df bd ea af 79 4e fd 2a f1   08 10 20 01 3d d7 7c c0 00 00 00 98 01 00 00 14   1a 87 16 09 2a 05 75 81 a5 db cb df 96 6f 92 99   0a 00 00 30 00 00 00 01 00 00 00 01 00 00 00 24   01 03 04 01 12 34 56 78 00 00 00 18 01 02 00 00   80 01 00 01 80 02 0e 10 80 04 00 01 80 05 00 02   05 00 00 18 fd 2a 37 97 f9 63 74 dc f0 43 b3 9c   01 fe 0b 6b 37 7e 27 0d 05 00 00 10 04 00 00 00   ac 1a d9 00 ff ff ff 00 00 00 00 10 04 00 00 00   ac 1a d8 08 ff ff ff f8
received HASH(1): 1a 87 16 09 2a 05 75 81 a5 db cb df 96 6f 92 99 compute_hash(): skipping 48 bytes at begining of packet HASH(1) computed:
  1a 87 16 09 2a 05 75 81 a5 db cb df 96 6f 92 99 HASH(1) verified
proposal: protocol 3 PROTO_IPSEC_ESP, transform 2 ESP_DES SA life type 1 SA_LIFE_TYPE_SECONDS
SA life duration 3600
encapsulation mode 1 ENCAPSULATION_MODE_TUNNEL AUTH algorithm 2 AUTH_ALGORITHM_HMAC_SHA1 SPI accepted (4): 12 34 56 78
accepted protocol 3 PROTO_IPSEC_ESP, transform 2 ESP_DES SA expiration 3600 seconds, 0 kilobytes
encapsulation mode 1 ENCAPSULATION_MODE_TUNNEL AUTH algorithm 2 AUTH_ALGORITHM_HMAC_SHA1 group description 1 OAKLEY_GROUP_MODP768 keeping 32 bytes of user identities
peer user is IP subnet with address 172.26.217.0... ...and netmask 255.255.255.0
our user is IP subnet with address 172.26.216.8... ...and netmask 255.255.255.248
Protocol: 3 PROTO_IPSEC_ESP
SPI sent: 00 00 01 00
Transform: 3 ESP_3DES
SA lifetime (seconds): 0
Encapsulation mode: 1 ENCAPSULATION_MODE_TUNNEL AUTH algorithm: 1 AUTH_ALGORITHM_HMAC_MD5 Nr sent: 6c 26 6f bf 34 5b 62 8e 01 77 e3 51 53 c0 93 53 appended 32 bytes of IDui/IDur
packet length (before padding) is 144 bytes compute_hash(): skipping 48 bytes at begining of packet HASH(2) computed:
  e9 d0 c5 e9 85 1d 1c a2 99 70 8e e6 82 53 8c 65 added 4 bytes of padding
encrypting using 1 OAKLEY_DES_CBC
new IV: c2 50 6d 0e bd c8 dc f4
transmitted 148 bytes
inserting event 2, timeout in 120 seconds next event in 120 seconds (0x807a058/0)

root@road > # our reply in this is was NOT parces or accecped root@road > #
time to handle event
next event is 0 ((nil)/0)
state hash entry 7
responder state expired for 172.26.217.2, port 500 next event in 2974 seconds ((nil)/0)

root@road > # we sent auth alg                  he sent auth alog  g 2, got back 1
root@road > # he send transform id 2, got back 3
root@road > # he sent life 3600, got back no mention of life
root@road > # all probably due to the known problem with Pluto making up
root@road > # its own reply rather than reflecting back what the other side sent [Aroot@road > # its own reply rather than reflecting back what the other side sen[Kt

root@road >
root@road > jobs

[1]+  Running                 pluto 500 &
root@road > le  # lets run whack ina    a host to host mode

root@road >
root@road > sh -x ike_ans.sh
+ ot_pubip=172.26.217.2
+ my_subnet=172.16.216.8
+ my_subnetmask=255.255.255.248
+ ot_subnet=172.16.217.
+ ot_setnetmask=255.255.255.248
+ DO=encrypt authenticate tunnel
+ my_subnet=0.0.0.0
+ whack 501 172.26.217.2 500 0.0.0.0 255.255.255.248 172.16.217. encrypt authenticate tunnel
Initiating with 172.26.217.2, port 500

0.0.0.0
255.255.255.248
172.16.217.0
255.255.255.255

Goal = 6

received kernel message
read 84 bytes from "kernel" socket
initiating exchange with [172.26.217.2], port 500, goal 6 GOAL_AUTHENTICATE+GOAL_TUNNEL Proxying: 0.0.0.0/255.255.255.248<--->172.16.217.0/255.255.255.255 Doing Quick Mode with 172.26.217.2, port 500, goal 6 GOAL_AUTHENTICATE+GOAL_TUNNEL MSG-ID is -1065560258
state hash entry 7
Protocol: 2 PROTO_IPSEC_AH
SPI sent: 00 00 01 01
Transform: 2 AH_MD5
SA lifetime (seconds): 28800
Encapsulation mode: 1 ENCAPSULATION_MODE_TUNNEL computed Phase 2 IV: 74 62 ab 2d e7 a2 85 0d 67 bd ef 3e 9b e0 93 7c compute_hash(): skipping 48 bytes at begining of packet HASH(1) computed:
  c3 cb 67 00 ce a1 7f f7 a6 38 fc 4c ff 14 5a 27 Packet length 112
padding is 4 bytes
encrypting using 1 OAKLEY_DES_CBC
new IV: e1 d1 1b 2c 75 2e e9 ae
transmitted 116 bytes
inserting event 1, timeout in 30 seconds next event in 30 seconds (0x8079fb8/0)
Done.
root@road >
received packet
read 116 bytes from 172.26.217.2, port 500   f4 8a 5d 2d 4b d5 93 df bd ea af 79 4e fd 2a f1   08 10 20 01 3e d7 7c c0 00 00 00 74 5f 7f ef 55   2a 82 77 86 95 eb 5f bc 43 fe 01 0f c1 bf e9 0b   0b 4f 16 da 04 0f 54 42 c8 90 ec ce 5e a0 c7 7d   b1 02 5f 3c 80 bb 43 d2 ac 72 53 2b 50 15 6c b5   85 00 81 e7 bb 85 21 db c0 5b fa a4 1b 34 61 47   8e 23 1f bf 8b 53 57 aa 91 71 42 aa 23 31 ff 23   98 18 d6 08
state hash entry 7
find_full_state() hash 7 pointer 0x8079fb8 full state object found, state 7 OAKLEY_QUICK_I_1 received encrypted packet from 172.26.217.2, port 500 decrypting 88 bytes using algorithm 1 OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: 23 31 ff 23 98 18 d6 08
  01 00 00 14 ac 92 3e 44 dc cc c3 0f 6d 66 79 fd   b9 c3 08 9d 0a 00 00 2c 00 00 00 01 00 00 00 01   00 00 00 20 01 02 04 01 12 34 56 79 00 00 00 14   01 02 00 00 80 01 00 01 80 02 70 80 80 04 00 01   00 00 00 18 c0 7f 3e 5b cc d9 3b 29 c8 4c 0a 24   34 97 dc cf fb 29 83 e1
Payload type 8 ISAKMP_NEXT_HASH, length 20 Payload type 1 ISAKMP_NEXT_SA, length 44 Payload type 10 ISAKMP_NEXT_NONCE, length 24 removed 0 bytes of padding
exchange state 7 OAKLEY_QUICK_I_1
compute_hash(): skipping 48 bytes at begining of packet HASH(2) computed:
  ac 92 3e 44 dc cc c3 0f 6d 66 79 fd b9 c3 08 9d HASH(2) received: ac 92 3e 44 dc cc c3 0f 6d 66 79 fd b9 c3 08 9d HASH(2) verified
proposal: protocol 2 PROTO_IPSEC_AH, transform 2 AH_MD5 SA life type 1 SA_LIFE_TYPE_SECONDS
SA life duration 28800
encapsulation mode 1 ENCAPSULATION_MODE_TUNNEL SPI accepted (4): 12 34 56 79
accepted protocol 2 PROTO_IPSEC_AH, transform 2 AH_MD5 SA expiration 28800 seconds, 0 kilobytes encapsulation mode 1 ENCAPSULATION_MODE_TUNNEL AUTH algorithm 0 0??
group description 1 OAKLEY_GROUP_MODP768 Nr received: c0 7f 3e 5b cc d9 3b 29 c8 4c 0a 24 34 97 dc cf   fb 29 83 e1
HASH(3) computed: 31 42 d0 71 14 64 d1 17 47 72 15 37 0d 98 c4 7a added 4 bytes of padding
encrypting using 1 OAKLEY_DES_CBC
new IV: 85 eb f5 33 f4 d4 fe ac
transmitted 52 bytes
in compute_keymat()
KEYMAT computed: 07 e7 6b 24 82 50 80 6a 34 a4 33 fd 21 e1 23 dd Peer KEYMAT computed: 25 39 d2 3f 41 56 a9 c5 70 55 13 be 15 a0 50 51 inserting event 3, timeout in 28800 seconds event added after event 3 (0x8079940/0)
we're here...
...and here
route to 172.26.217.2 setup
Error: protocol 2 PROTO_IPSEC_AH not implemented yet

[1]+  Exit 255                pluto 500

root@road > # ans did not get any idenitents just now, he wants them bu but it's root@road > not required.
bash: not: command not found

root@road > #  This was still in but   tunnel mode subnet to subnet
root@road > # nope, that last was wrong.
root@road > jobs
root@road > cal
     March 1998

Su Mo Tu We Th Fr Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31

root@road >
Script done on Thu Mar 5 13:10:04 1998 Received on Thu Mar 5 17:42:14 1998

This message: [ Message body ]
Next message: John Gilmore: "linux-ipsec: "Richard Schroeppel": bigger prime"
Previous message: Hugh Redelmeier: "Re: linux-ipsec: Re: Elliptic-curves..."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:28 EDT

Can we help you?