Hosting Provided By

linux-ipsec: INTEROP: Pluto w/SSH Main mode works, Quick mode fails

From: Hugh Daniel <hugh(at)road.toad.com>
Date: Fri Mar 06 1998 - 13:45:36 EST

The subject line says it all. Go for it folks.

		||ugh Daniel
		hugh@toad.com
		Systems Testing & Project mis-Management
		The Linux FreeS/WAN Project
		
http://www.xs4all.nl/~freeswan

Script started on Fri Mar 6 10:16:16 1998 .bashrc@road.toad.com
[H[2Jroot@road > pluto 1500
opening /dev/urandom
inserting event 0, timeout in 3600 seconds init_socket(): listening to port 1500

listening at 127.0.0.1
listening at 172.26.217.10
listening at 172.16.217.9

listening at 3 interfaces
init_kernelfd(): listening to port 1501
socket numbers:
4 5 6 7
kernel socket: 8
next event in 3600 seconds ((nil)/0)

[1]+ Stopped pluto 1500
root@road > bg
[1]+ pluto 1500 &

root@road > 
root@road > # working with SSH
root@road >

received packet
read 80 bytes from 172.26.216.2, port 1500 b6 66 61 64 60 00 00 00 00 00 00 00 00 00 00 00 01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34 00 00 00 01 00 00 00 01 00 00 00 28 01 01 08 01 b6 66 61 64 60 00 00 00 00 00 00 18 01 01 00 00 80 01 00 01 80 02 00 01 80 03 00 01 80 04 00 01 state hash entry 4
find_full_state() hash 4 pointer (nil)
state hash entry 4
state object not found
encryption algorithm 1 OAKLEY_DES_CBC
hash algorithm 1 OAKLEY_MD5
authentication method 1 OAKLEY_PRESHARED_KEY opening ./isakmp-secrets
secret used is [whatcertificatereally], length = 21 group description 1 OAKLEY_GROUP_MODP768 SPI accepted: b6 66 61 64 60 00 00 00
my identity is 172.26.217.10
sending 80 bytes to 172.26.216.2, port 1500 state hash entry 30
inserting event 2, timeout in 120 seconds next event in 120 seconds (0x8079e58/0)

received packet
read 148 bytes from 172.26.216.2, port 1500   b6 66 61 64 60 00 00 00 64 1e d5 bb 7c 1a 1e 74   04 10 02 00 00 00 00 00 00 00 00 94 0a 00 00 64   c6 23 84 6b 77 9b 57 52 2c bf 82 f4 93 97 20 04   ca 6d bc 37 ce 0d 2b e7 98 6d 98 8c dd 60 30 c5   f4 4d f3 a1 33 1f 5c 7c b2 75 f8 77 1a b1 2a c3   c6 6c 11 b2 12 3a 81 bc d9 d3 a4 97 10 54 29 d9   92 58 d1 ae b0 71 55 cd bb 79 12 4d 1c 18 5c 76   ce f4 4e eb 0a 29 ca bf 2f 32 ff aa 49 19 ee 61   00 00 00 14 25 6f 46 ee de f5 34 31 1b d8 10 cf   e6 66 da ce
state hash entry 30
find_full_state() hash 30 pointer 0x8079e58 full state object found, state 3 OAKLEY_MAIN_R_1 exchange state 3 OAKLEY_MAIN_R_1
public value received:
c623846b779b57522cbf82f493972004ca6dbc37ce0d2be7986d988cdd6030c5f44df3a1331f5c7cb275f8771ab12ac3c66c11b2123a81bcd9d3a497105429d99258d1aeb07155cdbb79124d1c185c76cef44eeb0a29cabf2f32ffaa4919ee61 our secret value:
2d2aa3ca228958acd4a57bf7d8582f8a812576aada794d3bf11b7f1ff2975c9 our public value:
58f7f8420a7404fafda04c9cae653871f5a18c770d68dbd410a306dcdc07258f09be5f7a135fb2abb430e2c1017f7468e0e093baaf11dc995b541958694d83e73872ce49575935e2dd1cdfc70966d14a26f8419931fd86e07e1ccf8428d908af shared secret:
ec3e22a366acc4cbfda46376101b668db68b3005ca3a7c205204767b478d08357a901afb9a7a80d7f588f519db4ed08880cb517d64f248897d58d6b6d79a87d4c45f64edc32e6535e440904a5dbbfb5529fe12bd906212f34c3d58a47a382448 transmitted 148 bytes
opening ./isakmp-secrets
secret used is [whatcertificatereally], length = 21 size of g^xy is 96
Skeyid(16):
  1e c5 40 ef 72 bb f6 4c 61 8c 9e 90 e9 5b 79 8d Skeyid_d(16):
  83 e5 99 b5 1d e2 d2 c8 0b 46 12 4a 90 26 24 20 Skeyid_a(16):
  d0 cc 67 93 e0 1f ac 8a 05 4e b7 c8 56 c6 04 df Skeyid_e(16):
  42 67 1c c4 22 a5 8b c4 2e 11 5b d3 a5 cb 76 39 IV(16):
  bb 0c 50 25 3f 9b 4a 79 56 9f ec b1 a8 80 b5 d8 inserting event 2, timeout in 120 seconds next event in 120 seconds (0x8079e58/0)

received packet
read 60 bytes from 172.26.216.2, port 1500 b6 66 61 64 60 00 00 00 64 1e d5 bb 7c 1a 1e 74 05 10 02 01 00 00 00 00 00 00 00 3c 8d 0b f5 16 6e 0f fb ba a1 e5 a7 19 12 4a 69 3f 55 86 fb f1 eb 65 72 46 fa 0a d6 91 38 e9 69 7f
state hash entry 30
find_full_state() hash 30 pointer 0x8079e58 full state object found, state 4 OAKLEY_MAIN_R_2 received encrypted packet from 172.26.216.2, port 1500 decrypting 32 bytes using algorithm 1 OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: fa 0a d6 91 38 e9 69 7f
08 00 00 0c 01 11 00 00 ac 1a d8 02 00 00 00 14 8a 49 33 bb 54 ce db 5e 05 49 78 46 4a 0f 46 a9 Payload type 5 ISAKMP_NEXT_ID, length 12 Payload type 8 ISAKMP_NEXT_HASH, length 20 removed 0 bytes of padding
exchange state 4 OAKLEY_MAIN_R_2
port or protocol id in ID not zero (0/17) IDii type is 1 ID_IPV4_ADDR, length 4
IDii is 172.26.216.2
hashing 48 bytes of SA
Hashing his ID: Type 1 ID_IPV4_ADDR, Protocol 17, Port 0 computed HASH_I: 8a 49 33 bb 54 ce db 5e 05 49 78 46 4a 0f 46 a9 received HASH_I: 8a 49 33 bb 54 ce db 5e 05 49 78 46 4a 0f 46 a9 HASH_I verified
padding is 0 bytes
hashing 48 bytes of SA
Hashing my ID: Type 1 ID_IPV4_ADDR, Protocol 0, Port 0 sending HASH_R: b5 cb 1c c7 6c d1 81 ec f3 d2 a6 fd a8 8c 6a 41 encrypting using 1 OAKLEY_DES_CBC
last encrypted block of Phase 1: 85 c3 bd 85 ec 27 34 3f new IV: 85 c3 bd 85 ec 27 34 3f
transmitted 60 bytes
inserting event 3, timeout in 28800 seconds event added after event 0 ((nil)/0)
next event in 3562 seconds ((nil)/0)

received packet
read 212 bytes from 172.26.216.2, port 1500   b6 66 61 64 60 00 00 00 64 1e d5 bb 7c 1a 1e 74   08 10 20 01 cd 4c 17 d6 00 00 00 d4 9e 8c df 88   6c e5 6d 89 18 02 9f ca 09 f6 d2 a2 6a 22 aa b6   b0 61 bd d0 b7 ca 86 1e f2 ab f4 59 fc a6 53 6e   c4 f6 25 3b b2 e7 bd 79 61 60 48 99 79 68 71 0e   d0 9b 9f bb e4 dc f4 b7 94 ea d4 50 9a 31 d0 3a   eb 97 be 1d f8 68 9a e6 c0 ac f6 a5 b6 69 60 e9   97 75 b1 4f 37 38 a9 26 9d 31 0f 93 a9 c6 7e 7f   1a be 69 38 7b f7 d7 b3 b3 eb 8d 9b c7 6a 49 bd   1b d9 a7 db cd 8c 70 f3 09 b7 fd d5 6b b0 b9 f6   bd f9 f9 c0 b8 b2 f0 a2 29 a1 ee 9c c2 5b f5 90   a0 15 f9 a0 be d0 e0 f1 a9 f8 fc ea eb 96 ed 49   28 41 88 32 ce 02 f1 e8 42 ab 04 84 32 12 34 19   25 ee 4e 17
state hash entry 30
find_full_state() hash 30 pointer (nil)
received encrypted packet from 172.26.216.2, port 1500, for which no state can be found state hash entry 30
find_full_state() hash 30 pointer 0x8079e58 state hash entry 30
inserting messageid structure for 172.26.216.2, port 1500 computed phase 2 IV: e5 fc 97 26 9a 2f 2b 4d 54 c9 6e 52 82 4b c9 cd received encrypted packet from 172.26.216.2, port 1500 decrypting 184 bytes using algorithm 1 OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: 32 12 34 19 25 ee 4e 17
  01 00 00 14 df 58 ad 0e 48 1e 95 df 79 c5 1d ed   f8 05 d1 e7 0a 00 00 28 00 00 00 01 00 00 00 01   00 00 00 1c 01 03 04 01 e9 29 d3 c2 00 00 00 10   01 02 00 00 80 03 00 01 80 04 00 02 04 00 00 14   80 89 2d 85 ad 46 83 1d 26 ea bb 81 7e a4 2a 4a   00 00 00 64 88 a2 82 f6 74 36 98 5e 14 2c 2c ba   69 04 a0 b7 8b 53 20 ba ae 23 c9 1b b1 e4 d2 2e   2b b5 64 cf 55 3b d3 49 c5 56 f4 cf d4 b9 d9 da   90 fa 36 90 99 15 f0 b3 3d f6 5a 08 04 45 f2 df   a4 45 46 6d 18 52 50 5d f5 44 c7 c8 bb 33 64 80   b2 79 30 42 cc 57 65 d4 63 88 a3 63 78 1a 9d 8f   3b 22 bc 68 00 00 00 00
Payload type 8 ISAKMP_NEXT_HASH, length 20 Payload type 1 ISAKMP_NEXT_SA, length 40 Payload type 10 ISAKMP_NEXT_NONCE, length 20 Payload type 4 ISAKMP_NEXT_KE, length 100 removed 4 bytes of padding
exchange state 8 OAKLEY_QUICK_R_1
Packet dump:
  b6 66 61 64 60 00 00 00 64 1e d5 bb 7c 1a 1e 74   08 10 20 01 cd 4c 17 d6 00 00 00 d0 01 00 00 14   df 58 ad 0e 48 1e 95 df 79 c5 1d ed f8 05 d1 e7   0a 00 00 28 00 00 00 01 00 00 00 01 00 00 00 1c   01 03 04 01 e9 29 d3 c2 00 00 00 10 01 02 00 00   80 03 00 01 80 04 00 02 04 00 00 14 80 89 2d 85   ad 46 83 1d 26 ea bb 81 7e a4 2a 4a 00 00 00 64   88 a2 82 f6 74 36 98 5e 14 2c 2c ba 69 04 a0 b7   8b 53 20 ba ae 23 c9 1b b1 e4 d2 2e 2b b5 64 cf   55 3b d3 49 c5 56 f4 cf d4 b9 d9 da 90 fa 36 90   99 15 f0 b3 3d f6 5a 08 04 45 f2 df a4 45 46 6d   18 52 50 5d f5 44 c7 c8 bb 33 64 80 b2 79 30 42   cc 57 65 d4 63 88 a3 63 78 1a 9d 8f 3b 22 bc 68 received HASH(1): df 58 ad 0e 48 1e 95 df 79 c5 1d ed f8 05 d1 e7 compute_hash(): skipping 48 bytes at begining of packet HASH(1) computed:
  df 58 ad 0e 48 1e 95 df 79 c5 1d ed f8 05 d1 e7 HASH(1) verified
proposal: protocol 3 PROTO_IPSEC_ESP, transform 2 ESP_DES group description 1 OAKLEY_GROUP_MODP768 encapsulation mode 2 ENCAPSULATION_MODE_TRANSPORT SPI accepted (4): e9 29 d3 c2
accepted protocol 3 PROTO_IPSEC_ESP, transform 2 ESP_DES SA expiration 28800 seconds, 0 kilobytes encapsulation mode 2 ENCAPSULATION_MODE_TRANSPORT AUTH algorithm 0 AUTH_ALGORITHM_NONE
group description 1 OAKLEY_GROUP_MODP768 unsupported payload type 4 ISAKMP_NEXT_KE received in Quick Mode from 172.26.216.2, port 1500 next event in 3562 seconds ((nil)/0)

Do you need help?

Retransmitting packet, retries = 9

Sending packet[212] =

     0xb6666164 60000000 641ed5bb 7c1a1e74 08102001 cd4c17d6 000000d4    
     9e8cdf88 6ce56d89 18029fca 09f6d2a2 6a22aab6 b061bdd0 b7ca861e
     f2abf459 fca6536e c4f6253b b2e7bd79 61604899 7968710e d09b9fbb
     e4dcf4b7 94ead450 9a31d03a eb97be1d f8689ae6 c0acf6a5 b66960e9
     9775b14f 3738a926 9d310f93 a9c67e7f 1abe6938 7bf7d7b3 b3eb8d9b  
     c76a49bd 1bd9a7db cd8c70f3 09b7fdd5 6bb0b9f6 bdf9f9c0 b8b2f0a2
     29a1ee9c c25bf590 a015f9a0 bed0e0f1 a9f8fcea eb96ed49 28418832
     ce02f1e8 42ab0484 32123419 25ee4e17                           

   Removing negotiation

Connection timed out or error, calling callback

unknown (unknown) <-> unknown { unknown [unknown] / unknown } unknown

Negotiation failed with error code = 8197

Abnormal program termination, something wrong here

SSH Communications Security, Ltd.

root@road >
Script done on Fri Mar 6 10:28:28 1998 Received on Fri Mar 6 14:42:14 1998

This message: [ Message body ]
Next message: Hugh Redelmeier: "linux-ipsec: Re: INTEROP: Pluto w/SSH Main mode works, Quick mode fails"
Previous message: Michael Tahot: "Re: linux-ipsec: INTEROP: Trying Pluto at last"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:28 EDT

Do you need more help?