|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: [Users] WinXP -> FreeSWAN 2nd try
From: Andreas Ninaus <andreas.ninaus(at)cdx.at>
Date: Tue Sep 23 2003 - 06:14:41 EDT
Date: Tue Sep 23 2003 - 06:14:41 EDT
did you create a export of the root certificate into a .p12 file and installed it on the Client?
you can check it by viewing the ceritificate on you XP with the ipsec snap in of the mmc
Andreas
- Original Message ----- From: "Helge Lenz" <h.lenz@gmx.de> To: <users@mj2.freeswan.org> Sent: Tuesday, September 23, 2003 9:49 AM Subject: Re: [Users] WinXP -> FreeSWAN 2nd try
> Is there nobody out there who can help me with this?
---Received on Tue Sep 23 06:26:01 2003
> >
> > config setup
> > interfaces="ipsec1=vmnet1"
> > klipsdebug=none
> > plutodebug=none
> > plutoload=%search
> > plutostart=%search
> > uniqueids=yes
> >
> > conn %default
> > keyingtries=1
> > disablearrivalcheck=no
> > authby=rsasig
> > leftrsasigkey=%cert
> > rightrsasigkey=%cert
> > auto=add
> > left=192.168.10.1
> > leftcert=GatewayCert.pem
> >
> > conn roadwarrior-net
> > right=%any
> > leftsubnet=192.168.0.0/24
> > rightcert=jinniCert.pem
> >
> > conn roadwarrior
> > right=%any
> > auto=add
> > pfs=yes rightcert=jinniCert.pem
>
> --------------------------------------------------------------------------
---
> >
> >
> > My ipsec.conf under WinXP:
>
> --------------------------------------------------------------------------
---
> >
> > conn roadwarrior
> > left=%any
> > right=192.168.10.1
> > rightca="C=DE, L=Braunschweig, O=HL CCC, OU=CA-Unit,
CN=h.lenz@gmx.de"
> > network=auto
> > auto=start
> > pfs=yes
> >
> > conn roadwarrior-net
> > left=%any
> > right=192.168.10.1
> > rightsubnet=192.168.0.0/24
> > rightca="C=DE, L=Braunschweig, O=HL CCC, OU=CA-Unit,
CN=h.lenz@gmx.de"
> > network=auto
> > auto=start
> > pfs=yes
>
> --------------------------------------------------------------------------
---
> >
> >
> > When I trie to connect to the gateway the oaklay log shows this:
>
> --------------------------------------------------------------------------
---
> >
> > 9-18: 10:55:50:160:6d8 Acquire from driver: op=80E12360
> > src=192.168.10.96.0 dst=192.168.0.1.0 proto = 0,
> > SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1,
> > TunnelEndpt=192.168.10.1 Inbound TunnelEndpt=192.168.10.96
> > 9-18: 10:55:50:160:438 Filter to match: Src 192.168.10.1 Dst
> > 192.168.10.96
> > 9-18: 10:55:50:170:438 MM PolicyName: 86
> > 9-18: 10:55:50:170:438 MMPolicy dwFlags 2 SoftSAExpireTime 28800
> > 9-18: 10:55:50:170:438 MMOffer[0] LifetimeSec 28800 QMLimit 1 DHGroup 2
> > 9-18: 10:55:50:170:438 MMOffer[0] Encrypt: Dreifach-DES CBC Hash: SHA
> > 9-18: 10:55:50:170:438 MMOffer[1] LifetimeSec 28800 QMLimit 1 DHGroup 2
> > 9-18: 10:55:50:170:438 MMOffer[1] Encrypt: Dreifach-DES CBC Hash: MD5
> > 9-18: 10:55:50:170:438 MMOffer[2] LifetimeSec 28800 QMLimit 1 DHGroup 1
> > 9-18: 10:55:50:170:438 MMOffer[2] Encrypt: DES CBC Hash: SHA
> > 9-18: 10:55:50:170:438 MMOffer[3] LifetimeSec 28800 QMLimit 1 DHGroup 1
> > 9-18: 10:55:50:170:438 MMOffer[3] Encrypt: DES CBC Hash: MD5
> > 9-18: 10:55:50:170:438 Auth[0]:RSA Sig C=DE, L=Braunschweig, O=HL CCC,
> > OU=CA-Unit, CN=h.lenz@gmx.de
> > 9-18: 10:55:50:170:438 QM PolicyName: Host-roadwarrior-net filter
> > action dwFlags 1
> > 9-18: 10:55:50:170:438 QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
> > 9-18: 10:55:50:170:438 QMOffer[0] dwFlags 0 dwPFSGroup 268435456
> > 9-18: 10:55:50:170:438 Algo[0] Operation: ESP Algo: Dreifach-DES CBC
> > HMAC: MD5
> > 9-18: 10:55:50:170:438 Starting Negotiation: src = 192.168.10.96.0000,
> > dst = 192.168.10.1.0500, proto = 00, context = 80E12360, ProxySrc =
> > 192.168.10.96.0000, ProxyDst = 192.168.0.0.0000 SrcMask =
> > 255.255.255.255 DstMask = 255.255.255.0
> > 9-18: 10:55:50:170:438 constructing ISAKMP Header
> > 9-18: 10:55:50:170:438 constructing SA (ISAKMP)
> > 9-18: 10:55:50:170:438 Constructing Vendor
> > 9-18: 10:55:50:170:438
> > 9-18: 10:55:50:170:438 Sending: SA = 0x000CDB78 to 192.168.10.1:Type 2
> > 9-18: 10:55:50:170:438 ISAKMP Header: (V1.0), len = 216
> > 9-18: 10:55:50:170:438 I-COOKIE e97a526ca21d8e48
> > 9-18: 10:55:50:170:438 R-COOKIE 0000000000000000
> > 9-18: 10:55:50:170:438 exchange: Oakley Main Mode
> > 9-18: 10:55:50:170:438 flags: 0
> > 9-18: 10:55:50:170:438 next payload: SA
> > 9-18: 10:55:50:170:438 message ID: 00000000
> > 9-18: 10:55:50:180:438
> > 9-18: 10:55:50:180:438 Receive: (get) SA = 0x000cdb78 from 192.168.10.1
> > 9-18: 10:55:50:180:438 ISAKMP Header: (V1.0), len = 84
> > 9-18: 10:55:50:180:438 I-COOKIE e97a526ca21d8e48
> > 9-18: 10:55:50:180:438 R-COOKIE 0f9a37c1620ab05f
> > 9-18: 10:55:50:180:438 exchange: Oakley Main Mode
> > 9-18: 10:55:50:180:438 flags: 0
> > 9-18: 10:55:50:180:438 next payload: SA
> > 9-18: 10:55:50:180:438 message ID: 00000000
> > 9-18: 10:55:50:180:438 processing payload SA 9-18: 10:55:50:180:438
> > Received Phase 1 Transform 1
> > 9-18: 10:55:50:180:438 Encryption Alg Dreifach-DES CBC(5)
> > 9-18: 10:55:50:180:438 Hash Alg SHA(2)
> > 9-18: 10:55:50:180:438 Oakley Group 2
> > 9-18: 10:55:50:180:438 Auth Method RSA-Signatur mit Zertifikaten(3)
> > 9-18: 10:55:50:180:438 Life type in Seconds
> > 9-18: 10:55:50:180:438 Life duration of 28800
> > 9-18: 10:55:50:180:438 Phase 1 SA accepted: transform=1
> > 9-18: 10:55:50:180:438 SA - Oakley proposal accepted
> > 9-18: 10:55:50:180:438 constructing ISAKMP Header
> > 9-18: 10:55:50:240:438 constructing KE
> > 9-18: 10:55:50:240:438 constructing NONCE (ISAKMP)
> > 9-18: 10:55:50:240:438
> > 9-18: 10:55:50:240:438 Sending: SA = 0x000CDB78 to 192.168.10.1:Type 2
> > 9-18: 10:55:50:240:438 ISAKMP Header: (V1.0), len = 184
> > 9-18: 10:55:50:240:438 I-COOKIE e97a526ca21d8e48
> > 9-18: 10:55:50:240:438 R-COOKIE 0f9a37c1620ab05f
> > 9-18: 10:55:50:240:438 exchange: Oakley Main Mode
> > 9-18: 10:55:50:240:438 flags: 0
> > 9-18: 10:55:50:240:438 next payload: KE
> > 9-18: 10:55:50:240:438 message ID: 00000000
> > 9-18: 10:55:50:250:438
> > 9-18: 10:55:50:250:438 Receive: (get) SA = 0x000cdb78 from 192.168.10.1
> > 9-18: 10:55:50:250:438 ISAKMP Header: (V1.0), len = 188
> > 9-18: 10:55:50:250:438 I-COOKIE e97a526ca21d8e48
> > 9-18: 10:55:50:250:438 R-COOKIE 0f9a37c1620ab05f
> > 9-18: 10:55:50:250:438 exchange: Oakley Main Mode
> > 9-18: 10:55:50:250:438 flags: 0
> > 9-18: 10:55:50:250:438 next payload: KE
> > 9-18: 10:55:50:250:438 message ID: 00000000
> > 9-18: 10:55:50:250:438 processing payload KE 9-18: 10:55:50:270:438
> > processing payload NONCE
> > 9-18: 10:55:50:270:438 processing payload CRP
> > 9-18: 10:55:50:270:438 constructing ISAKMP Header
> > 9-18: 10:55:50:270:438 constructing ID
> > 9-18: 10:55:50:270:438 Received no valid CRPs. Using all configured
> > 9-18: 10:55:50:270:438 Looking for IPSec only cert
> > 9-18: 10:55:50:280:438 failed to get chain 80092004
> > 9-18: 10:55:50:280:438 Received no valid CRPs. Using all configured
> > 9-18: 10:55:50:280:438 Looking for any cert
> > 9-18: 10:55:50:280:438 failed to get chain 80092004
> > 9-18: 10:55:50:280:438 ProcessFailure: sa:000CDB78 centry:00000000
> > status:35ee
> > 9-18: 10:55:50:280:438 isadb_set_status sa:000CDB78 centry:00000000
> > status 35ee
> > 9-18: 10:55:50:290:438 Schlüsselaustauschmodus (Hauptmodus)
> >
> >
> > 9-18: 10:55:50:290:438 Quell-IP-Adresse 192.168.10.96
> >
> > Quell-IP-Adressmaske 255.255.255.255
> >
> > Ziel-IP-Adresse 192.168.10.1
> >
> > Ziel-IP-Adressmaske 255.255.255.255
> >
> > Protokoll 0
> >
> > Quellport 0
> >
> > Zielport 0
> >
> > Lokale IKE-Adresse
> >
> > Peer-IKE-Adresse
> >
> >
> > 9-18: 10:55:50:290:438 Zertifikat-basierte Identität.
> > Peer-IP-Adresse: 192.168.10.1
> >
> >
> > 9-18: 10:55:50:290:438 Benutzer
> >
> >
> > 9-18: 10:55:50:290:438 IKE konnte kein gültiges Computerzertifikat
> > finden.
> >
> >
> > 9-18: 10:55:50:290:438 0x80092004 0x0
> > 9-18: 10:55:50:290:438 ProcessFailure: sa:000CDB78 centry:00000000
> > status:35ee
> > 9-18: 10:55:50:290:438 constructing ISAKMP Header
> > 9-18: 10:55:50:290:438 constructing HASH (null)
> > 9-18: 10:55:50:290:438 constructing NOTIFY 28
> > 9-18: 10:55:50:290:438 constructing HASH (Notify/Delete)
> > 9-18: 10:55:50:290:438
> > 9-18: 10:55:50:290:438 Sending: SA = 0x000CDB78 to 192.168.10.1:Type 1
> > 9-18: 10:55:50:290:438 ISAKMP Header: (V1.0), len = 84
> > 9-18: 10:55:50:290:438 I-COOKIE e97a526ca21d8e48
> > 9-18: 10:55:50:290:438 R-COOKIE 0f9a37c1620ab05f
> > 9-18: 10:55:50:290:438 exchange: ISAKMP Informational Exchange
> > 9-18: 10:55:50:290:438 flags: 1 ( encrypted )
> > 9-18: 10:55:50:290:438 next payload: HASH
> > 9-18: 10:55:50:290:438 message ID: 42c62c59
> > 9-18: 10:55:59:353:20c
> > 9-18: 10:55:59:353:20c Receive: (get) SA = 0x000cdb78 from 192.168.10.1
> > 9-18: 10:55:59:353:20c ISAKMP Header: (V1.0), len = 188
> > 9-18: 10:55:59:353:20c I-COOKIE e97a526ca21d8e48
> > 9-18: 10:55:59:353:20c R-COOKIE 0f9a37c1620ab05f
> > 9-18: 10:55:59:353:20c exchange: Oakley Main Mode
> > 9-18: 10:55:59:353:20c flags: 0
> > 9-18: 10:55:59:353:20c next payload: KE
> > 9-18: 10:55:59:353:20c message ID: 00000000
> > 9-18: 10:55:59:353:20c received an unencrypted packet when crypto active
> > 9-18: 10:55:59:353:20c GetPacket failed 35ec
> > 9-18: 10:56:19:372:20c
> > 9-18: 10:56:19:372:20c Receive: (get) SA = 0x000cdb78 from 192.168.10.1
> > 9-18: 10:56:19:372:20c ISAKMP Header: (V1.0), len = 188
> > 9-18: 10:56:19:372:20c I-COOKIE e97a526ca21d8e48
> > 9-18: 10:56:19:372:20c R-COOKIE 0f9a37c1620ab05f
> > 9-18: 10:56:19:372:20c exchange: Oakley Main Mode
> > 9-18: 10:56:19:372:20c flags: 0
> > 9-18: 10:56:19:372:20c next payload: KE
> > 9-18: 10:56:19:372:20c message ID: 00000000
> > 9-18: 10:56:19:372:20c received an unencrypted packet when crypto active
> > 9-18: 10:56:19:372:20c GetPacket failed 35ec
>
> --------------------------------------------------------------------------
---
> >
> >
> > As you can see, it doesn't work. BTW the same configuration works with
> > Win2k with no problems.
> >
> > Now I changed the followin line in the ipsec.conf under WinXP:
> > rightca="C=DE, L=Braunschweig, O=HL CCC, OU=CA-Unit, CN=gateway"
> > which is the wrong DN. Then I opened the management console and
> > changed every certificate for all FreeSWAN rules by picking the right
> > certificate from the list (yes, it is installed correctly!). And now
> > it works:
> >
> > oakley.log
>
> --------------------------------------------------------------------------
---
> >
> > 9-18: 11:00:16:643:6d8 Acquire from driver: op=80E12E70
> > src=192.168.10.96.0 dst=192.168.10.1.0 proto = 0,
> > SrcMask=255.255.255.255, DstMask=255.255.255.255, Tunnel 1,
> > TunnelEndpt=192.168.10.1 Inbound TunnelEndpt=192.168.10.96
> > 9-18: 11:00:16:643:20c Filter to match: Src 192.168.10.1 Dst
> > 192.168.10.96
> > 9-18: 11:00:16:643:20c MM PolicyName: 88
> > 9-18: 11:00:16:643:20c MMPolicy dwFlags 2 SoftSAExpireTime 28800
> > 9-18: 11:00:16:643:20c MMOffer[0] LifetimeSec 28800 QMLimit 1 DHGroup 2
> > 9-18: 11:00:16:643:20c MMOffer[0] Encrypt: Dreifach-DES CBC Hash: SHA
> > 9-18: 11:00:16:643:20c MMOffer[1] LifetimeSec 28800 QMLimit 1 DHGroup 2
> > 9-18: 11:00:16:643:20c MMOffer[1] Encrypt: Dreifach-DES CBC Hash: MD5
> > 9-18: 11:00:16:643:20c MMOffer[2] LifetimeSec 28800 QMLimit 1 DHGroup 1
> > 9-18: 11:00:16:643:20c MMOffer[2] Encrypt: DES CBC Hash: SHA
> > 9-18: 11:00:16:643:20c MMOffer[3] LifetimeSec 28800 QMLimit 1 DHGroup 1
> > 9-18: 11:00:16:653:20c MMOffer[3] Encrypt: DES CBC Hash: MD5
> > 9-18: 11:00:16:653:20c Auth[0]:RSA Sig C=DE, L=Braunschweig, O=HL CCC,
> > OU=CA-Unit, CN=h.lenz@gmx.de
> > 9-18: 11:00:16:653:20c QM PolicyName: Host-roadwarrior filter action
> > dwFlags 1
> > 9-18: 11:00:16:653:20c QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
> > 9-18: 11:00:16:653:20c QMOffer[0] dwFlags 0 dwPFSGroup 268435456
> > 9-18: 11:00:16:653:20c Algo[0] Operation: ESP Algo: Dreifach-DES CBC
> > HMAC: MD5
> > 9-18: 11:00:16:653:20c Starting Negotiation: src = 192.168.10.96.0000,
> > dst = 192.168.10.1.0500, proto = 00, context = 80E12E70, ProxySrc =
> > 192.168.10.96.0000, ProxyDst = 192.168.10.1.0000 SrcMask =
> > 255.255.255.255 DstMask = 255.255.255.255
> > 9-18: 11:00:16:653:20c constructing ISAKMP Header
> > 9-18: 11:00:16:653:20c constructing SA (ISAKMP)
> > 9-18: 11:00:16:653:20c Constructing Vendor
> > 9-18: 11:00:16:653:20c
> > 9-18: 11:00:16:653:20c Sending: SA = 0x000CDB78 to 192.168.10.1:Type 2
> > 9-18: 11:00:16:653:20c ISAKMP Header: (V1.0), len = 216
> > 9-18: 11:00:16:653:20c I-COOKIE 113dfced10d7ac5d
> > 9-18: 11:00:16:653:20c R-COOKIE 0000000000000000
> > 9-18: 11:00:16:653:20c exchange: Oakley Main Mode
> > 9-18: 11:00:16:653:20c flags: 0
> > 9-18: 11:00:16:653:20c next payload: SA
> > 9-18: 11:00:16:653:20c message ID: 00000000
> > 9-18: 11:00:16:653:20c
> > 9-18: 11:00:16:653:20c Receive: (get) SA = 0x000cdb78 from 192.168.10.1
> > 9-18: 11:00:16:653:20c ISAKMP Header: (V1.0), len = 84
> > 9-18: 11:00:16:653:20c I-COOKIE 113dfced10d7ac5d
> > 9-18: 11:00:16:653:20c R-COOKIE ba6ca5eaadd18abc
> > 9-18: 11:00:16:653:20c exchange: Oakley Main Mode
> > 9-18: 11:00:16:653:20c flags: 0
> > 9-18: 11:00:16:653:20c next payload: SA
> > 9-18: 11:00:16:653:20c message ID: 00000000
> > 9-18: 11:00:16:653:20c processing payload SA 9-18: 11:00:16:653:20c
> > Received Phase 1 Transform 1
> > 9-18: 11:00:16:653:20c Encryption Alg Dreifach-DES CBC(5)
> > 9-18: 11:00:16:653:20c Hash Alg SHA(2)
> > 9-18: 11:00:16:653:20c Oakley Group 2
> > 9-18: 11:00:16:653:20c Auth Method RSA-Signatur mit Zertifikaten(3)
> > 9-18: 11:00:16:653:20c Life type in Seconds
> > 9-18: 11:00:16:653:20c Life duration of 28800
> > 9-18: 11:00:16:653:20c Phase 1 SA accepted: transform=1
> > 9-18: 11:00:16:653:20c SA - Oakley proposal accepted
> > 9-18: 11:00:16:653:20c constructing ISAKMP Header
> > 9-18: 11:00:16:713:20c constructing KE
> > 9-18: 11:00:16:713:20c constructing NONCE (ISAKMP)
> > 9-18: 11:00:16:713:20c
> > 9-18: 11:00:16:713:20c Sending: SA = 0x000CDB78 to 192.168.10.1:Type 2
> > 9-18: 11:00:16:713:20c ISAKMP Header: (V1.0), len = 184
> > 9-18: 11:00:16:713:20c I-COOKIE 113dfced10d7ac5d
> > 9-18: 11:00:16:713:20c R-COOKIE ba6ca5eaadd18abc
> > 9-18: 11:00:16:713:20c exchange: Oakley Main Mode
> > 9-18: 11:00:16:713:20c flags: 0
> > 9-18: 11:00:16:713:20c next payload: KE
> > 9-18: 11:00:16:713:20c message ID: 00000000
> > 9-18: 11:00:16:733:20c
> > 9-18: 11:00:16:733:20c Receive: (get) SA = 0x000cdb78 from 192.168.10.1
> > 9-18: 11:00:16:733:20c ISAKMP Header: (V1.0), len = 188
> > 9-18: 11:00:16:733:20c I-COOKIE 113dfced10d7ac5d
> > 9-18: 11:00:16:733:20c R-COOKIE ba6ca5eaadd18abc
> > 9-18: 11:00:16:733:20c exchange: Oakley Main Mode
> > 9-18: 11:00:16:733:20c flags: 0
> > 9-18: 11:00:16:733:20c next payload: KE
> > 9-18: 11:00:16:733:20c message ID: 00000000
> > 9-18: 11:00:16:733:20c processing payload KE 9-18: 11:00:16:753:20c
> > processing payload NONCE
> > 9-18: 11:00:16:753:20c processing payload CRP
> > 9-18: 11:00:16:753:20c constructing ISAKMP Header
> > 9-18: 11:00:16:753:20c constructing ID
> > 9-18: 11:00:16:753:20c Received no valid CRPs. Using all configured
> > 9-18: 11:00:16:753:20c Looking for IPSec only cert
> > 9-18: 11:00:16:753:20c Cert Trustes. 0 100
> > 9-18: 11:00:16:773:20c Entered CRL check
> > 9-18: 11:00:16:773:20c Left CRL check
> > 9-18: 11:00:16:773:20c Cert SHA Thumbprint
> > 8a2076249489a4a0109f6415d78702ca
> > 9-18: 11:00:16:773:20c aacd17b4
> > 9-18: 11:00:16:773:20c SubjectName: C=DE, L=Braunschweig, O=HL CCC,
> > OU=Aussendienst, CN=root@jinni.lokalnetz.de
> > 9-18: 11:00:16:773:20c Cert Serialnumber 02
> > 9-18: 11:00:16:773:20c Cert SHA Thumbprint
> > 8a2076249489a4a0109f6415d78702ca
> > 9-18: 11:00:16:773:20c aacd17b4
> > 9-18: 11:00:16:773:20c SubjectName: C=DE, L=Braunschweig, O=HL CCC,
> > OU=CA-Unit, CN=h.lenz@gmx.de
> > 9-18: 11:00:16:773:20c Cert Serialnumber 00
> > 9-18: 11:00:16:773:20c Cert SHA Thumbprint
> > 7c44a1a1c6f14f7f519c7afa1371a230
> > 9-18: 11:00:16:773:20c 46197b33
> > 9-18: 11:00:16:773:20c constructing CERT
> > 9-18: 11:00:16:773:20c Construct SIG
> > 9-18: 11:00:16:783:20c Constructing Cert Request
> > 9-18: 11:00:16:783:20c C=DE, L=Braunschweig, O=HL CCC, OU=CA-Unit,
> > CN=h.lenz@gmx.de
> > 9-18: 11:00:16:783:20c
> > 9-18: 11:00:16:783:20c Sending: SA = 0x000CDB78 to 192.168.10.1:Type 2
> > 9-18: 11:00:16:783:20c ISAKMP Header: (V1.0), len = 1132
> > 9-18: 11:00:16:783:20c I-COOKIE 113dfced10d7ac5d
> > 9-18: 11:00:16:783:20c R-COOKIE ba6ca5eaadd18abc
> > 9-18: 11:00:16:783:20c exchange: Oakley Main Mode
> > 9-18: 11:00:16:783:20c flags: 1 ( encrypted )
> > 9-18: 11:00:16:783:20c next payload: ID
> > 9-18: 11:00:16:783:20c message ID: 00000000
> > 9-18: 11:00:16:793:20c
> > 9-18: 11:00:16:793:20c Receive: (get) SA = 0x000cdb78 from 192.168.10.1
> > 9-18: 11:00:16:793:20c ISAKMP Header: (V1.0), len = 988
> > 9-18: 11:00:16:793:20c I-COOKIE 113dfced10d7ac5d
> > 9-18: 11:00:16:793:20c R-COOKIE ba6ca5eaadd18abc
> > 9-18: 11:00:16:793:20c exchange: Oakley Main Mode
> > 9-18: 11:00:16:793:20c flags: 1 ( encrypted )
> > 9-18: 11:00:16:793:20c next payload: ID
> > 9-18: 11:00:16:793:20c message ID: 00000000
> > 9-18: 11:00:16:793:20c processing payload ID 9-18: 11:00:16:793:20c
> > processing payload CERT
> > 9-18: 11:00:16:793:20c processing payload SIG
> > 9-18: 11:00:16:793:20c Verifying CertStore
> > 9-18: 11:00:16:793:20c SubjectName: C=DE, L=Braunschweig, O=HL CCC,
> > OU=CA-Unit, CN=Gateway
> > 9-18: 11:00:16:793:20c Cert Serialnumber 01
> > 9-18: 11:00:16:793:20c Cert SHA Thumbprint
> > ed13936f44a66f88cf036efea0885047
> > 9-18: 11:00:16:793:20c dd1cb57a
> > 9-18: 11:00:16:793:20c Cert Trustes. 0 100
> > 9-18: 11:00:16:793:20c SubjectName: C=DE, L=Braunschweig, O=HL CCC,
> > OU=CA-Unit, CN=Gateway
> > 9-18: 11:00:16:793:20c Cert Serialnumber 01
> > 9-18: 11:00:16:793:20c Cert SHA Thumbprint
> > ed13936f44a66f88cf036efea0885047
> > 9-18: 11:00:16:793:20c dd1cb57a
> > 9-18: 11:00:16:793:20c SubjectName: C=DE, L=Braunschweig, O=HL CCC,
> > OU=CA-Unit, CN=h.lenz@gmx.de
> > 9-18: 11:00:16:793:20c Cert Serialnumber 00
> > 9-18: 11:00:16:793:20c Cert SHA Thumbprint
> > 7c44a1a1c6f14f7f519c7afa1371a230
> > 9-18: 11:00:16:793:20c 46197b33
> > 9-18: 11:00:16:793:20c Cert SHA Thumbprint
> > ed13936f44a66f88cf036efea0885047
> > 9-18: 11:00:16:793:20c dd1cb57a
> > 9-18: 11:00:16:793:20c Entered CRL check
> > 9-18: 11:00:16:803:20c Left CRL check
> > 9-18: 11:00:16:803:20c Signature validated
> >
> > 9-18: 11:00:16:803:20c MM established. SA: 000CDB78
> > 9-18: 11:00:16:803:20c GetSpi: src = 192.168.10.1.0000, dst =
> > 192.168.10.96.0000, proto = 00, context = 80E12E70, srcMask =
> > 255.255.255.255, destMask = 255.255.255.255, TunnelFilter 1
> > 9-18: 11:00:16:813:20c Setting SPI 3289714726
> > 9-18: 11:00:16:813:20c constructing ISAKMP Header
> > 9-18: 11:00:16:813:20c constructing HASH (null)
> > 9-18: 11:00:16:813:20c constructing SA (IPSEC)
> > 9-18: 11:00:16:813:20c Sending Tunnelling Attribute
> > 9-18: 11:00:16:813:20c constructing QM KE
> > 9-18: 11:00:16:863:20c constructing NONCE (IPSEC)
> > 9-18: 11:00:16:863:20c constructing ID (proxy)
> > 9-18: 11:00:16:863:20c constructing ID (proxy)
> > 9-18: 11:00:16:863:20c constructing HASH (QM)
> > 9-18: 11:00:16:863:20c
> > 9-18: 11:00:16:863:20c Sending: SA = 0x000CDB78 to 192.168.10.1:Type 2
> > 9-18: 11:00:16:863:20c ISAKMP Header: (V1.0), len = 300
> > 9-18: 11:00:16:863:20c I-COOKIE 113dfced10d7ac5d
> > 9-18: 11:00:16:863:20c R-COOKIE ba6ca5eaadd18abc
> > 9-18: 11:00:16:863:20c exchange: Oakley Quick Mode
> > 9-18: 11:00:16:863:20c flags: 1 ( encrypted )
> > 9-18: 11:00:16:863:20c next payload: HASH
> > 9-18: 11:00:16:873:20c message ID: e4ab1512
> > 9-18: 11:00:16:873:20c
> > 9-18: 11:00:16:873:20c Receive: (get) SA = 0x000cdb78 from 192.168.10.1
> > 9-18: 11:00:16:873:20c ISAKMP Header: (V1.0), len = 300
> > 9-18: 11:00:16:873:20c I-COOKIE 113dfced10d7ac5d
> > 9-18: 11:00:16:873:20c R-COOKIE ba6ca5eaadd18abc
> > 9-18: 11:00:16:873:20c exchange: Oakley Quick Mode
> > 9-18: 11:00:16:873:20c flags: 1 ( encrypted )
> > 9-18: 11:00:16:873:20c next payload: HASH
> > 9-18: 11:00:16:873:20c message ID: e4ab1512
> > 9-18: 11:00:16:873:20c Received commit re-send
> > 9-18: 11:00:16:873:20c processing HASH (QM)
> > 9-18: 11:00:16:873:20c processing payload NONCE
> > 9-18: 11:00:16:873:20c processing payload KE 9-18: 11:00:16:873:20c
> > Quick Mode KE processed; Saved KE data
> > 9-18: 11:00:16:873:20c processing payload ID 9-18: 11:00:16:873:20c
> > processing payload ID 9-18: 11:00:16:873:20c processing payload SA
> > 9-18: 11:00:16:873:20c Negotiated Proxy ID: Src 192.168.10.96.0 Dst
> > 192.168.10.1.0
> > 9-18: 11:00:16:873:20c Checking Proposal 1: Proto= ESP(3), num trans=1
> > Next=0
> > 9-18: 11:00:16:873:20c Checking Transform # 1: ID=Dreifach-DES CBC(3)
> > 9-18: 11:00:16:873:20c SA life type in seconds
> > 9-18: 11:00:16:873:20c SA life duration 00000e10
> > 9-18: 11:00:16:873:20c SA life type in kilobytes
> > 9-18: 11:00:16:873:20c SA life duration 0000c350
> > 9-18: 11:00:16:883:20c tunnel mode is Tunnelmodus(1)
> > 9-18: 11:00:16:883:20c HMAC algorithm is MD5(1)
> > 9-18: 11:00:16:883:20c group description for PFS is 2
> > 9-18: 11:00:16:883:20c Phase 2 SA accepted: proposal=1 transform=1
> > 9-18: 11:00:16:913:20c constructing ISAKMP Header
> > 9-18: 11:00:16:913:20c constructing HASH (QM)
> > 9-18: 11:00:16:913:20c Adding QMs: src = 192.168.10.96.0000, dst =
> > 192.168.10.1.0000, proto = 00, context = 80E12E70, my tunnel =
> > 192.168.10.96, peer tunnel = 192.168.10.1, SrcMask = 0.0.0.0, DestMask
> > = 0.0.0.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 1
> > 9-18: 11:00:16:913:20c Algo[0] Operation: ESP Algo: Dreifach-DES CBC
> > HMAC: MD5
> > 9-18: 11:00:16:913:20c Algo[0] MySpi: 3289714726 PeerSpi: 661398693
> > 9-18: 11:00:16:923:20c QM Established SA: 000CDB78 Centry: 0011AE10
> > 9-18: 11:00:16:933:20c isadb_set_status sa:000CDB78 centry:0011AE10
> > status 0
> > 9-18: 11:00:16:933:20c
> > 9-18: 11:00:16:933:20c Sending: SA = 0x000CDB78 to 192.168.10.1:Type 4
> > 9-18: 11:00:16:933:20c ISAKMP Header: (V1.0), len = 52
> > 9-18: 11:00:16:933:20c I-COOKIE 113dfced10d7ac5d
> > 9-18: 11:00:16:933:20c R-COOKIE ba6ca5eaadd18abc
> > 9-18: 11:00:16:933:20c exchange: Oakley Quick Mode
> > 9-18: 11:00:16:933:20c flags: 1 ( encrypted )
> > 9-18: 11:00:16:933:20c next payload: HASH
> > 9-18: 11:00:16:933:20c message ID: e4ab1512
> > 9-18: 11:00:30:653:6d8 Acquire from driver: op=80E12360
> > src=192.168.10.96.0 dst=192.168.0.1.0 proto = 0,
> > SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1,
> > TunnelEndpt=192.168.10.1 Inbound TunnelEndpt=192.168.10.96
> > 9-18: 11:00:30:653:20c Filter to match: Src 192.168.10.1 Dst
> > 192.168.10.96
> > 9-18: 11:00:30:653:20c MM PolicyName: 88
> > 9-18: 11:00:30:653:20c MMPolicy dwFlags 2 SoftSAExpireTime 28800
> > 9-18: 11:00:30:653:20c MMOffer[0] LifetimeSec 28800 QMLimit 1 DHGroup 2
> > 9-18: 11:00:30:653:20c MMOffer[0] Encrypt: Dreifach-DES CBC Hash: SHA
> > 9-18: 11:00:30:653:20c MMOffer[1] LifetimeSec 28800 QMLimit 1 DHGroup 2
> > 9-18: 11:00:30:653:20c MMOffer[1] Encrypt: Dreifach-DES CBC Hash: MD5
> > 9-18: 11:00:30:653:20c MMOffer[2] LifetimeSec 28800 QMLimit 1 DHGroup 1
> > 9-18: 11:00:30:653:20c MMOffer[2] Encrypt: DES CBC Hash: SHA
> > 9-18: 11:00:30:653:20c MMOffer[3] LifetimeSec 28800 QMLimit 1 DHGroup 1
> > 9-18: 11:00:30:653:20c MMOffer[3] Encrypt: DES CBC Hash: MD5
> > 9-18: 11:00:30:653:20c Auth[0]:RSA Sig C=DE, L=Braunschweig, O=HL CCC,
> > OU=CA-Unit, CN=h.lenz@gmx.de
> > 9-18: 11:00:30:653:20c QM PolicyName: Host-roadwarrior-net filter
> > action dwFlags 1
> > 9-18: 11:00:30:653:20c QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
> > 9-18: 11:00:30:653:20c QMOffer[0] dwFlags 0 dwPFSGroup 268435456
> > 9-18: 11:00:30:653:20c Algo[0] Operation: ESP Algo: Dreifach-DES CBC
> > HMAC: MD5
> > 9-18: 11:00:30:653:20c Starting Negotiation: src = 192.168.10.96.0000,
> > dst = 192.168.10.1.0500, proto = 00, context = 80E12360, ProxySrc =
> > 192.168.10.96.0000, ProxyDst = 192.168.0.0.0000 SrcMask =
> > 255.255.255.255 DstMask = 255.255.255.0
> > 9-18: 11:00:30:653:20c constructing ISAKMP Header
> > 9-18: 11:00:30:653:20c constructing SA (ISAKMP)
> > 9-18: 11:00:30:653:20c Constructing Vendor
> > 9-18: 11:00:30:653:20c
> > 9-18: 11:00:30:653:20c Sending: SA = 0x00118490 to 192.168.10.1:Type 2
> > 9-18: 11:00:30:653:20c ISAKMP Header: (V1.0), len = 216
> > 9-18: 11:00:30:653:20c I-COOKIE 82cbed8576c7bb6d
> > 9-18: 11:00:30:653:20c R-COOKIE 0000000000000000
> > 9-18: 11:00:30:653:20c exchange: Oakley Main Mode
> > 9-18: 11:00:30:653:20c flags: 0
> > 9-18: 11:00:30:653:20c next payload: SA
> > 9-18: 11:00:30:653:20c message ID: 00000000
> > 9-18: 11:00:30:653:20c
> > 9-18: 11:00:30:653:20c Receive: (get) SA = 0x00118490 from 192.168.10.1
> > 9-18: 11:00:30:653:20c ISAKMP Header: (V1.0), len = 84
> > 9-18: 11:00:30:653:20c I-COOKIE 82cbed8576c7bb6d
> > 9-18: 11:00:30:653:20c R-COOKIE 07d090648f8bcaf0
> > 9-18: 11:00:30:653:20c exchange: Oakley Main Mode
> > 9-18: 11:00:30:653:20c flags: 0
> > 9-18: 11:00:30:653:20c next payload: SA
> > 9-18: 11:00:30:653:20c message ID: 00000000
> > 9-18: 11:00:30:653:20c processing payload SA 9-18: 11:00:30:653:20c
> > Received Phase 1 Transform 1
> > 9-18: 11:00:30:653:20c Encryption Alg Dreifach-DES CBC(5)
> > 9-18: 11:00:30:663:20c Hash Alg SHA(2)
> > 9-18: 11:00:30:663:20c Oakley Group 2
> > 9-18: 11:00:30:663:20c Auth Method RSA-Signatur mit Zertifikaten(3)
> > 9-18: 11:00:30:663:20c Life type in Seconds
> > 9-18: 11:00:30:663:20c Life duration of 28800
> > 9-18: 11:00:30:663:20c Phase 1 SA accepted: transform=1
> > 9-18: 11:00:30:663:20c SA - Oakley proposal accepted
> > 9-18: 11:00:30:663:20c constructing ISAKMP Header
> > 9-18: 11:00:30:713:20c constructing KE
> > 9-18: 11:00:30:713:20c constructing NONCE (ISAKMP)
> > 9-18: 11:00:30:713:20c
> > 9-18: 11:00:30:713:20c Sending: SA = 0x00118490 to 192.168.10.1:Type 2
> > 9-18: 11:00:30:713:20c ISAKMP Header: (V1.0), len = 184
> > 9-18: 11:00:30:713:20c I-COOKIE 82cbed8576c7bb6d
> > 9-18: 11:00:30:713:20c R-COOKIE 07d090648f8bcaf0
> > 9-18: 11:00:30:713:20c exchange: Oakley Main Mode
> > 9-18: 11:00:30:713:20c flags: 0
> > 9-18: 11:00:30:713:20c next payload: KE
> > 9-18: 11:00:30:713:20c message ID: 00000000
> > 9-18: 11:00:30:723:20c
> > 9-18: 11:00:30:723:20c Receive: (get) SA = 0x00118490 from 192.168.10.1
> > 9-18: 11:00:30:723:20c ISAKMP Header: (V1.0), len = 188
> > 9-18: 11:00:30:723:20c I-COOKIE 82cbed8576c7bb6d
> > 9-18: 11:00:30:723:20c R-COOKIE 07d090648f8bcaf0
> > 9-18: 11:00:30:723:20c exchange: Oakley Main Mode
> > 9-18: 11:00:30:723:20c flags: 0
> > 9-18: 11:00:30:723:20c next payload: KE
> > 9-18: 11:00:30:723:20c message ID: 00000000
> > 9-18: 11:00:30:723:20c processing payload KE 9-18: 11:00:30:743:20c
> > processing payload NONCE
> > 9-18: 11:00:30:753:20c processing payload CRP
> > 9-18: 11:00:30:753:20c constructing ISAKMP Header
> > 9-18: 11:00:30:753:20c constructing ID
> > 9-18: 11:00:30:753:20c Received no valid CRPs. Using all configured
> > 9-18: 11:00:30:753:20c Looking for IPSec only cert
> > 9-18: 11:00:30:753:20c Cert Trustes. 0 100
> > 9-18: 11:00:30:753:20c Entered CRL check
> > 9-18: 11:00:30:753:20c Left CRL check
> > 9-18: 11:00:30:763:20c Cert SHA Thumbprint
> > 8a2076249489a4a0109f6415d78702ca
> > 9-18: 11:00:30:763:20c aacd17b4
> > 9-18: 11:00:30:763:20c SubjectName: C=DE, L=Braunschweig, O=HL CCC,
> > OU=Aussendienst, CN=root@jinni.lokalnetz.de
> > 9-18: 11:00:30:763:20c Cert Serialnumber 02
> > 9-18: 11:00:30:763:20c Cert SHA Thumbprint
> > 8a2076249489a4a0109f6415d78702ca
> > 9-18: 11:00:30:763:20c aacd17b4
> > 9-18: 11:00:30:763:20c SubjectName: C=DE, L=Braunschweig, O=HL CCC,
> > OU=CA-Unit, CN=h.lenz@gmx.de
> > 9-18: 11:00:30:763:20c Cert Serialnumber 00
> > 9-18: 11:00:30:763:20c Cert SHA Thumbprint
> > 7c44a1a1c6f14f7f519c7afa1371a230
> > 9-18: 11:00:30:763:20c 46197b33
> > 9-18: 11:00:30:763:20c constructing CERT
> > 9-18: 11:00:30:763:20c Construct SIG
> > 9-18: 11:00:30:763:20c Constructing Cert Request
> > 9-18: 11:00:30:763:20c C=DE, L=Braunschweig, O=HL CCC, OU=CA-Unit,
> > CN=h.lenz@gmx.de
> > 9-18: 11:00:30:763:20c
> > 9-18: 11:00:30:763:20c Sending: SA = 0x00118490 to 192.168.10.1:Type 2
> > 9-18: 11:00:30:763:20c ISAKMP Header: (V1.0), len = 1132
> > 9-18: 11:00:30:763:20c I-COOKIE 82cbed8576c7bb6d
> > 9-18: 11:00:30:763:20c R-COOKIE 07d090648f8bcaf0
> > 9-18: 11:00:30:763:20c exchange: Oakley Main Mode
> > 9-18: 11:00:30:773:20c flags: 1 ( encrypted )
> > 9-18: 11:00:30:773:20c next payload: ID
> > 9-18: 11:00:30:773:20c message ID: 00000000
> > 9-18: 11:00:30:773:20c
> > 9-18: 11:00:30:773:20c Receive: (get) SA = 0x00118490 from 192.168.10.1
> > 9-18: 11:00:30:773:20c ISAKMP Header: (V1.0), len = 988
> > 9-18: 11:00:30:773:20c I-COOKIE 82cbed8576c7bb6d
> > 9-18: 11:00:30:773:20c R-COOKIE 07d090648f8bcaf0
> > 9-18: 11:00:30:773:20c exchange: Oakley Main Mode
> > 9-18: 11:00:30:773:20c flags: 1 ( encrypted )
> > 9-18: 11:00:30:773:20c next payload: ID
> > 9-18: 11:00:30:773:20c message ID: 00000000
> > 9-18: 11:00:30:773:20c processing payload ID 9-18: 11:00:30:773:20c
> > processing payload CERT
> > 9-18: 11:00:30:773:20c processing payload SIG
> > 9-18: 11:00:30:773:20c Verifying CertStore
> > 9-18: 11:00:30:773:20c SubjectName: C=DE, L=Braunschweig, O=HL CCC,
> > OU=CA-Unit, CN=Gateway
> > 9-18: 11:00:30:773:20c Cert Serialnumber 01
> > 9-18: 11:00:30:773:20c Cert SHA Thumbprint
> > ed13936f44a66f88cf036efea0885047
> > 9-18: 11:00:30:773:20c dd1cb57a
> > 9-18: 11:00:30:783:20c Cert Trustes. 0 100
> > 9-18: 11:00:30:783:20c SubjectName: C=DE, L=Braunschweig, O=HL CCC,
> > OU=CA-Unit, CN=Gateway
> > 9-18: 11:00:30:783:20c Cert Serialnumber 01
> > 9-18: 11:00:30:783:20c Cert SHA Thumbprint
> > ed13936f44a66f88cf036efea0885047
> > 9-18: 11:00:30:783:20c dd1cb57a
> > 9-18: 11:00:30:783:20c SubjectName: C=DE, L=Braunschweig, O=HL CCC,
> > OU=CA-Unit, CN=h.lenz@gmx.de
> > 9-18: 11:00:30:783:20c Cert Serialnumber 00
> > 9-18: 11:00:30:783:20c Cert SHA Thumbprint
> > 7c44a1a1c6f14f7f519c7afa1371a230
> > 9-18: 11:00:30:783:20c 46197b33
> > 9-18: 11:00:30:783:20c Cert SHA Thumbprint
> > ed13936f44a66f88cf036efea0885047
> > 9-18: 11:00:30:783:20c dd1cb57a
> > 9-18: 11:00:30:783:20c Entered CRL check
> > 9-18: 11:00:30:783:20c Left CRL check
> > 9-18: 11:00:30:783:20c Signature validated
> >
> > 9-18: 11:00:30:783:20c MM established. SA: 00118490
> > 9-18: 11:00:30:783:20c GetSpi: src = 192.168.0.0.0000, dst =
> > 192.168.10.96.0000, proto = 00, context = 80E12360, srcMask =
> > 255.255.255.0, destMask = 255.255.255.255, TunnelFilter 1
> > 9-18: 11:00:30:783:20c Setting SPI 2350217156
> > 9-18: 11:00:30:783:20c constructing ISAKMP Header
> > 9-18: 11:00:30:783:20c constructing HASH (null)
> > 9-18: 11:00:30:783:20c constructing SA (IPSEC)
> > 9-18: 11:00:30:783:20c Sending Tunnelling Attribute
> > 9-18: 11:00:30:783:20c constructing QM KE
> > 9-18: 11:00:30:853:20c constructing NONCE (IPSEC)
> > 9-18: 11:00:30:853:20c constructing ID (proxy)
> > 9-18: 11:00:30:853:20c constructing ID (proxy)
> > 9-18: 11:00:30:853:20c constructing HASH (QM)
> > 9-18: 11:00:30:853:20c
> > 9-18: 11:00:30:853:20c Sending: SA = 0x00118490 to 192.168.10.1:Type 2
> > 9-18: 11:00:30:853:20c ISAKMP Header: (V1.0), len = 308
> > 9-18: 11:00:30:853:20c I-COOKIE 82cbed8576c7bb6d
> > 9-18: 11:00:30:853:20c R-COOKIE 07d090648f8bcaf0
> > 9-18: 11:00:30:853:20c exchange: Oakley Quick Mode
> > 9-18: 11:00:30:853:20c flags: 1 ( encrypted )
> > 9-18: 11:00:30:853:20c next payload: HASH
> > 9-18: 11:00:30:853:20c message ID: 300e7ed8
> > 9-18: 11:00:30:864:20c
> > 9-18: 11:00:30:864:20c Receive: (get) SA = 0x00118490 from 192.168.10.1
> > 9-18: 11:00:30:864:20c ISAKMP Header: (V1.0), len = 300
> > 9-18: 11:00:30:864:20c I-COOKIE 82cbed8576c7bb6d
> > 9-18: 11:00:30:864:20c R-COOKIE 07d090648f8bcaf0
> > 9-18: 11:00:30:864:20c exchange: Oakley Quick Mode
> > 9-18: 11:00:30:864:20c flags: 1 ( encrypted )
> > 9-18: 11:00:30:864:20c next payload: HASH
> > 9-18: 11:00:30:864:20c message ID: 300e7ed8
> > 9-18: 11:00:30:864:20c Received commit re-send
> > 9-18: 11:00:30:864:20c processing HASH (QM)
> > 9-18: 11:00:30:864:20c processing payload NONCE
> > 9-18: 11:00:30:864:20c processing payload KE 9-18: 11:00:30:864:20c
> > Quick Mode KE processed; Saved KE data
> > 9-18: 11:00:30:864:20c processing payload ID 9-18: 11:00:30:864:20c
> > processing payload ID 9-18: 11:00:30:864:20c processing payload SA
> > 9-18: 11:00:30:864:20c Negotiated Proxy ID: Src 192.168.10.96.0 Dst
> > 192.168.0.0.0
> > 9-18: 11:00:30:864:20c Dst id for subnet. Mask 255.255.255.0
> > 9-18: 11:00:30:864:20c Checking Proposal 1: Proto= ESP(3), num trans=1
> > Next=0
> > 9-18: 11:00:30:864:20c Checking Transform # 1: ID=Dreifach-DES CBC(3)
> > 9-18: 11:00:30:864:20c SA life type in seconds
> > 9-18: 11:00:30:864:20c SA life duration 00000e10
> > 9-18: 11:00:30:864:20c SA life type in kilobytes
> > 9-18: 11:00:30:864:20c SA life duration 0000c350
> > 9-18: 11:00:30:864:20c tunnel mode is Tunnelmodus(1)
> > 9-18: 11:00:30:864:20c HMAC algorithm is MD5(1)
> > 9-18: 11:00:30:864:20c group description for PFS is 2
> > 9-18: 11:00:30:864:20c Phase 2 SA accepted: proposal=1 transform=1
> > 9-18: 11:00:30:884:20c constructing ISAKMP Header
> > 9-18: 11:00:30:894:20c constructing HASH (QM)
> > 9-18: 11:00:30:894:20c Adding QMs: src = 192.168.10.96.0000, dst =
> > 192.168.0.0.0000, proto = 00, context = 80E12360, my tunnel =
> > 192.168.10.96, peer tunnel = 192.168.10.1, SrcMask = 0.0.0.0, DestMask
> > = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 1
> > 9-18: 11:00:30:894:20c Algo[0] Operation: ESP Algo: Dreifach-DES CBC
> > HMAC: MD5
> > 9-18: 11:00:30:894:20c Algo[0] MySpi: 2350217156 PeerSpi: 661398694
> > 9-18: 11:00:30:894:20c QM Established SA: 00118490 Centry: 001133F0
> > 9-18: 11:00:30:894:20c isadb_set_status sa:00118490 centry:001133F0
> > status 0
> > 9-18: 11:00:30:894:20c
> > 9-18: 11:00:30:894:20c Sending: SA = 0x00118490 to 192.168.10.1:Type 4
> > 9-18: 11:00:30:894:20c ISAKMP Header: (V1.0), len = 52
> > 9-18: 11:00:30:894:20c I-COOKIE 82cbed8576c7bb6d
> > 9-18: 11:00:30:894:20c R-COOKIE 07d090648f8bcaf0
> > 9-18: 11:00:30:894:20c exchange: Oakley Quick Mode
> > 9-18: 11:00:30:894:20c flags: 1 ( encrypted )
> > 9-18: 11:00:30:894:20c next payload: HASH
> > 9-18: 11:00:30:894:20c message ID: 300e7ed8
>
> --------------------------------------------------------------------------
---
> >
> >
> > As you can the, the CA is exactly the same so I suspect that the
> > ipseccmd.exe can not set up the rules correctly. If somebody sees any
> > other reason for this strange behaviour, please HELP!!!!!
> >
> > Regards Helge.
> >
> > _______________________________________________
_______________________________________________ FreeS/WAN Users mailing list users@lists.freeswan.org https://mj2.freeswan.org/cgi-bin/mj_wwwusr
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:01:49 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |