[Vpn-help] vpn-release-1.1 communicate with racoon problem
Zhao Tongyi
zhaotongyi at gmail.com
Wed Nov 22 19:23:28 CST 2006
when I config verify_cert on;
log:
1 Nov 22 18:19:05 debug racoon DEBUG: === 2 Nov 22
18:19:05 debug racoon DEBUG: 432 bytes message received from
192.168.20.240[500] to 192.168.20.133[500] 3 Nov 22 18:19:05 debug
racoon DEBUG: 8232f628 54a87223 00000000 00000000 01100400 00000000
000001b0 04000038 00000001 00000001 0000002c 01010001 00000024 01010000
80010005 80020002 80040002 80030003 800b0001 000c0004 00015180 0a000084
1e5a4bcf 4a78c45d 3ea4a883 f0adf3e4 9d2364d7 ef9d00a6 ba02822d b1972026
5e54b096 2f156d8d 13f5a78f 5d67674a 59de37c0 ad3fcb20 6312d252 c19c4315
b15136f1 526d28aa b8330434 72bf2daa b70b9980 70af0987 5f5e38b9 178da233
317ea3f2 42bcb661 ff139629 b791d4f9 28e42f34 3f7de95d 9a4495b5 7bc54a37
05000018 79a46c40 725d609a bdf766e3 d0f6572b 66b5afab 0d000058 09000000
304e310b 30090603 55040613 02434e31 0d300b06 0355040a 13043131 3231310d
300b0603 55040313 04313132 31312130 1f060355 040b1318 31313634 30373337
30355534 35363235 41453938 46363441 0d000014 12f5f28c 457168a9 702d9fe2
74cc0100 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 4a131c81
07035845 5c5728f2 0e95452f 0d000018 4048b7d5 6ebce885 25e7de7f 00d6c2d3
80000000 00000014 afcad713 68a1f1c9 6b8696fc 77570100 4 Nov 22
18:19:05 debug racoon DEBUG: anonymous configuration selected for
192.168.20.240. 5 Nov 22 18:19:05 debug racoon DEBUG: === 6
Nov 22 18:19:05 info racoon INFO: respond new phase 1 negotiation:
192.168.20.133[500]<=>192.168.20.240[500] 7 Nov 22 18:19:05 info
racoon INFO: begin Aggressive mode. 8 Nov 22 18:19:05 debug
racoon DEBUG: begin. 9 Nov 22 18:19:05 debug racoon DEBUG: seen
nptype=1(sa) 10 Nov 22 18:19:05 debug racoon DEBUG: seen
nptype=4(ke) 11 Nov 22 18:19:05 debug racoon DEBUG: seen
nptype=10(nonce) 12 Nov 22 18:19:05 debug racoon DEBUG: seen
nptype=5(id) 13 Nov 22 18:19:05 debug racoon DEBUG: seen
nptype=13(vid) 14 Nov 22 18:19:05 debug racoon DEBUG: seen
nptype=13(vid) 15 Nov 22 18:19:05 debug racoon DEBUG: seen
nptype=13(vid) 16 Nov 22 18:19:05 debug racoon DEBUG: seen
nptype=13(vid) 17 Nov 22 18:19:05 debug racoon DEBUG: seen
nptype=13(vid) 18 Nov 22 18:19:05 debug racoon DEBUG: succeed.
19 Nov 22 18:19:05 debug racoon DEBUG: received payload of type ke
20 Nov 22 18:19:05 debug racoon DEBUG: received payload of type nonce
21 Nov 22 18:19:05 debug racoon DEBUG: received payload of type id
22 Nov 22 18:19:05 debug racoon DEBUG: received payload of type
vid 23 Nov 22 18:19:05 info racoon INFO: received Vendor ID:
CISCO-UNITY 24 Nov 22 18:19:05 debug racoon DEBUG: received
payload of type vid 25 Nov 22 18:19:05 info racoon INFO: received
Vendor ID: draft-ietf-ipsec-nat-t-ike-02 26 Nov 22 18:19:05 debug
racoon DEBUG: received payload of type vid 27 Nov 22 18:19:05 info
racoon INFO: received Vendor ID: RFC 3947 28 Nov 22 18:19:05 debug
racoon DEBUG: received payload of type vid 29 Nov 22 18:19:05 info
racoon INFO: received broken Microsoft ID: FRAGMENTATION 30 Nov 22
18:19:05 debug racoon DEBUG: received payload of type vid 31 Nov
22 18:19:05 info racoon INFO: received Vendor ID: DPD 32 Nov 22
18:19:05 debug racoon DEBUG: remote supports DPD 33 Nov 22
18:19:05 info racoon INFO: Selected NAT-T version: RFC 3947 34 Nov
22 18:19:05 debug racoon DEBUG: total SA len=52 35 Nov 22
18:19:05 debug racoon DEBUG: 00000001 00000001 0000002c 01010001 00000024
01010000 80010005 80020002 80040002 80030003 800b0001 000c0004 00015180
36 Nov 22 18:19:05 debug racoon DEBUG: begin. 37 Nov 22 18:19:05
debug racoon DEBUG: seen nptype=2(prop) 38 Nov 22 18:19:05 debug
racoon DEBUG: succeed. 39 Nov 22 18:19:05 debug racoon DEBUG:
proposal #1 len=44 40 Nov 22 18:19:05 debug racoon DEBUG: begin.
41 Nov 22 18:19:05 debug racoon DEBUG: seen nptype=3(trns) 42 Nov
22 18:19:05 debug racoon DEBUG: succeed. 43 Nov 22 18:19:05
debug racoon DEBUG: transform #1 len=36 44 Nov 22 18:19:05 debug
racoon DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 45
Nov 22 18:19:05 debug racoon DEBUG: encryption(3des) 46 Nov 22
18:19:05 debug racoon DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
47 Nov 22 18:19:05 debug racoon DEBUG: hash(sha1) 48 Nov 22
18:19:05 debug racoon DEBUG: type=Group Description, flag=0x8000,
lorv=1024-bit MODP group 49 Nov 22 18:19:05 debug racoon DEBUG:
hmac(modp1024) 50 Nov 22 18:19:05 debug racoon DEBUG:
type=Authentication Method, flag=0x8000, lorv=RSA signatures 51 Nov
22 18:19:05 debug racoon DEBUG: type=Life Type, flag=0x8000, lorv=seconds
52 Nov 22 18:19:05 debug racoon DEBUG: type=Life Duration,
flag=0x0000, lorv=4 53 Nov 22 18:19:05 debug racoon DEBUG: pair 1:
54 Nov 22 18:19:05 debug racoon DEBUG: 0x80c83c8: next=(nil)
tnext=(nil) 55 Nov 22 18:19:05 debug racoon DEBUG: proposal #1: 1
transform 56 Nov 22 18:19:05 debug racoon DEBUG: prop#=1,
prot-id=ISAKMP, spi-size=0, #trns=1 57 Nov 22 18:19:05 debug
racoon DEBUG: trns#=1, trns-id=IKE 58 Nov 22 18:19:05 debug
racoon DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 59
Nov 22 18:19:05 debug racoon DEBUG: type=Hash Algorithm, flag=0x8000,
lorv=SHA 60 Nov 22 18:19:05 debug racoon DEBUG: type=Group
Description, flag=0x8000, lorv=1024-bit MODP group 61 Nov 22
18:19:05 debug racoon DEBUG: type=Authentication Method, flag=0x8000,
lorv=RSA signatures 62 Nov 22 18:19:05 debug racoon DEBUG:
type=Life Type, flag=0x8000, lorv=seconds 63 Nov 22 18:19:05 debug
racoon DEBUG: type=Life Duration, flag=0x0000, lorv=4 64 Nov 22
18:19:05 debug racoon DEBUG: Compared: DB:Peer 65 Nov 22 18:19:05
debug racoon DEBUG: (lifetime = 28800:86400) 66 Nov 22 18:19:05
debug racoon DEBUG: (lifebyte = 0:0) 67 Nov 22 18:19:05 debug
racoon DEBUG: enctype = 3DES-CBC:3DES-CBC 68 Nov 22 18:19:05 debug
racoon DEBUG: (encklen = 0:0) 69 Nov 22 18:19:05 debug racoon DEBUG:
hashtype = SHA:SHA 70 Nov 22 18:19:05 debug racoon DEBUG:
authmethod = RSA signatures:RSA signatures 71 Nov 22 18:19:05 debug
racoon DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group 72 Nov
22 18:19:05 debug racoon DEBUG: an acceptable proposal found. 73 Nov
22 18:19:05 debug racoon DEBUG: hmac(modp1024) 74 Nov 22 18:19:05
debug racoon DEBUG: new cookie: 42ba8ce84010c83c 75 Nov 22
18:19:05 debug racoon DEBUG: filename:
/var/run/cert/trusted/mpki.6a005e3c.ed63c06b75836b8b3ae584b65c4fd634 76
Nov 22 18:19:05 debug racoon [truncated] DEBUG: Certificate: Data:
Version: 3 (0x2) Serial Number: da:49:54:cc:06:5a:9a:3b Signature Algorithm:
md5WithRSAEncryption Issuer: C=CN,
O=\xE5\x85\x88\xE5\xAE\x89\xE7\xA7\x91\xE6\x8A\x80, CN=workstation,
OU=1160979851U4533258BC890E Validity Not Before: Oct 16 06:24:12 2006 GMT
Not After : Oct 13 06:24:12 2016 GMT Subject: C=CN,
O=\xE5\x85\x88\xE5\xAE\x89\xE7\xA7\x91\xE6\x8A\x80, CN=workstation,
OU=1160979851U4533258BC890E Subject Public Key Info: Public Key Algorithm:
rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit):
00:a2:ff:d3:a7:f6:15:87:40:26:22:3f:eb:4d:78:
e7:cd:dd:62:42:3b:45:91:df:1f:4f:dd:e9:07:06:
49:f1:4c:a6:ac:18:ed:d5:95:61:16:68:95:6a:55:
08:89:df:49:f0:5a:88:6e:1b:bc:3e:16:79:e2:07: 76:e9:b3:d7:f3:40:9b:dd:26
77 Nov 22 18:19:05 debug racoon DEBUG: created CERT payload: 78
Nov 22 18:19:05 debug racoon [truncated] DEBUG: 04308203 21308202
8aa00302 01020209 00da4954 cc065a9a 3b300d06 092a8648 86f70d01 01040500
305d310b 30090603 55040613 02434e31 15301306 0355040a 140ce585 88e5ae89
e7a791e6 8a803114 30120603 55040313 0b776f72 6b737461 74696f6e 3121301f
06035504 0b131831 31363039 37393835 31553435 33333235 38424338 39304530
1e170d30 36313031 36303632 3431325a 170d3136 31303133 30363234 31325a30
5d310b30 09060355 04061302 434e3115 30130603 55040a14 0ce58588 e5ae89e7
a791e68a 80311430 12060355 0403130b 776f726b 73746174 696f6e31 21301f06
0355040b 13183131 36303937 39383531 55343533 33323538 42433839 30453081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100a2 ffd3a7f6
15874026 223feb4d 78e7cddd 62423b45 91df1f4f dde90706 49f14ca6 ac18edd5
95611668 956a5508 89df49f0 5a886e1b bc3e1679 e20776e9 b3d7f340 9bdd269d
af3d89e4 b6b62f37 36dce63e 27cb9598 37e994d9 c4d506fe c1ff0f70 0e3981c0
3ed9c342 ca34f0dd 29dccd6e 8d10b51e 401b6163 dbadb38b 1d459b02 03010001
a381e830 81e53024 06 79 Nov 22 18:19:05 debug racoon DEBUG: use ID
type of DER_ASN1_DN 80 Nov 22 18:19:05 debug racoon DEBUG: compute
DH's private. 81 Nov 22 18:19:05 debug racoon DEBUG: 7debaa56
4a810160 db85b0d4 5926f660 17432af3 5970d06d 49a883d0 3f5d5dea 631c089c
d5b682f4 190f7d00 055354cc 7dbac9e6 00db64b0 0ead7850 40285dad 0de1fdf6
2c0407f9 e488d93f d7161de6 fe74345b 7edf22a0 b94d0878 c4abc42e fba30ac4
b71f5f58 ed9e037e b5f916eb 16e1b157 b0496517 aa28de1e a35a3c90 82 Nov
22 18:19:05 debug racoon DEBUG: compute DH's public. 83 Nov 22
18:19:05 debug racoon DEBUG: 53b5931f d23df053 914b7d9e a5d64c03 eb564489
314428f4 afb9d07d 7ba627a0 e14df3cd 74e82df1 68deb6a6 a11fb6c6 96f09ace
7ef86b3a 7a39a6bf 1c28ee6c a1e5514b 9a9a88d6 9b3d3ed3 07082e49 28a139ac
47223e9f f1df8087 6cd8ae2e 2c73440e f7a97b1a 230d653e 06f77360 7194cd7e
d33dcbb8 d6916cdd 8ef69159 84 Nov 22 18:19:05 debug racoon DEBUG:
compute DH's shared. 85 Nov 22 18:19:05 debug racoon DEBUG:
2085f6c5 f0391a62 7e8bb397 45aaa9be 60a8eb02 139ab3a1 2ebb209a 35b16e56
82a9bde0 2b7561ab 38afbcc5 64132a73 3f7871d7 974372bd aa05b616 32b26847
edb1a681 4b91ce94 61a67b46 e2bfd73a ddfe16d3 36c60599 617b084b 54b47e57
dad5f71e c487f120 e75f11d6 c8d7f419 11794b5d fd4f7375 136150f9 f37915c4
86 Nov 22 18:19:05 debug racoon DEBUG: nonce1: 87 Nov 22 18:19:05
debug racoon DEBUG: 79a46c40 725d609a bdf766e3 d0f6572b 66b5afab 88
Nov 22 18:19:05 debug racoon DEBUG: nonce2: 89 Nov 22 18:19:05
debug racoon DEBUG: eece830b ab70d9a8 c97764d7 389e92aa 90 Nov 22
18:19:05 debug racoon DEBUG: hmac(hmac_sha1) 91 Nov 22 18:19:05
debug racoon DEBUG: SKEYID computed: 92 Nov 22 18:19:05 debug
racoon DEBUG: 9e03ac3d 696bf5a5 e2f901f9 fc0cc74e e8240b10 93 Nov 22
18:19:05 debug racoon DEBUG: hmac(hmac_sha1) 94 Nov 22 18:19:05
debug racoon DEBUG: SKEYID_d computed: 95 Nov 22 18:19:05 debug
racoon DEBUG: a6a6e6cf 2d89d2d2 d1bf7e83 c952c9f5 79600435 96 Nov 22
18:19:05 debug racoon DEBUG: hmac(hmac_sha1) 97 Nov 22 18:19:05
debug racoon DEBUG: SKEYID_a computed: 98 Nov 22 18:19:05 debug
racoon DEBUG: dfa5c266 ca9c926d b54a62f4 6ad0876d b6dc9650 99 Nov 22
18:19:05 debug racoon DEBUG: hmac(hmac_sha1) 100 Nov 22 18:19:05
debug racoon DEBUG: SKEYID_e computed: 101 Nov 22 18:19:05 debug
racoon DEBUG: b17c0dc7 0523e70f 28ee3837 5cd09755 4f0433fe 102 Nov
22 18:19:05 debug racoon DEBUG: encryption(3des) 103 Nov 22
18:19:05 debug racoon DEBUG: hash(sha1) 104 Nov 22 18:19:05
debug racoon DEBUG: len(SKEYID_e) < len(Ka) (20 < 24), generating long key
(Ka = K1 | K2 | ...) 105 Nov 22 18:19:05 debug racoon DEBUG:
hmac(hmac_sha1) 106 Nov 22 18:19:05 debug racoon DEBUG: compute
intermediate encryption key K1 107 Nov 22 18:19:05 debug
racoon DEBUG:
00 108 Nov 22 18:19:05 debug racoon DEBUG: 83427eec 4f160b72
a57d048c 0355cf07 13003dfb 109 Nov 22 18:19:05 debug racoon DEBUG:
hmac(hmac_sha1) 110 Nov 22 18:19:05 debug racoon DEBUG: compute
intermediate encryption key K2 111 Nov 22 18:19:05 debug
racoon DEBUG:
83427eec 4f160b72 a57d048c 0355cf07 13003dfb 112 Nov 22 18:19:05
debug racoon DEBUG: 2d5e07f2 12131966 067c652c 354c0df1 4f9934a6 113
Nov 22 18:19:05 debug racoon DEBUG: final encryption key computed:
114 Nov 22 18:19:05 debug racoon DEBUG: 83427eec 4f160b72 a57d048c
0355cf07 13003dfb 2d5e07f2 115 Nov 22 18:19:05 debug racoon DEBUG:
hash(sha1) 116 Nov 22 18:19:05 debug racoon DEBUG:
encryption(3des) 117 Nov 22 18:19:05 debug racoon DEBUG: IV
computed: 118 Nov 22 18:19:05 debug racoon DEBUG: 570441e7
04e186c3 119 Nov 22 18:19:05 debug racoon DEBUG: generate HASH_R
120 Nov 22 18:19:05 debug racoon DEBUG: HASH with: 121 Nov 22
18:19:05 debug racoon DEBUG: 53b5931f d23df053 914b7d9e a5d64c03 eb564489
314428f4 afb9d07d 7ba627a0 e14df3cd 74e82df1 68deb6a6 a11fb6c6 96f09ace
7ef86b3a 7a39a6bf 1c28ee6c a1e5514b 9a9a88d6 9b3d3ed3 07082e49 28a139ac
47223e9f f1df8087 6cd8ae2e 2c73440e f7a97b1a 230d653e 06f77360 7194cd7e
d33dcbb8 d6916cdd 8ef69159 1e5a4bcf 4a78c45d 3ea4a883 f0adf3e4 9d2364d7
ef9d00a6 ba02822d b1972026 5e54b096 2f156d8d 13f5a78f 5d67674a 59de37c0
ad3fcb20 6312d252 c19c4315 b15136f1 526d28aa b8330434 72bf2daa b70b9980
70af0987 5f5e38b9 178da233 317ea3f2 42bcb661 ff139629 b791d4f9 28e42f34
3f7de95d 9a4495b5 7bc54a37 42ba8ce8 4010c83c 8232f628 54a87223 00000001
00000001 0000002c 01010001 00000024 01010000 80010005 80020002 80040002
80030003 800b0001 000c0004 00015180 09000000 305d310b 30090603 55040613
02434e31 15301306 0355040a 140ce585 88e5ae89 e7a791e6 8a803114 30120603
55040313 0b776f72 6b737461 74696f6e 3121301f 06035504 0b131831 31363039
37393835 31553435 33333235 38424338 393045 122 Nov 22 18:19:05
debug racoon DEBUG: hmac(hmac_sha1) 123 Nov 22 18:19:05 debug
racoon DEBUG: HASH computed: 124 Nov 22 18:19:05 debug racoon DEBUG:
3155f862 648e68cf 6b7fe2eb 6943d344 6057fe16 125 Nov 22 18:19:05
debug racoon DEBUG: create my CR: X.509 Certificate Signature 126 Nov
22 18:19:05 info racoon INFO: Adding remote and local NAT-D payloads.
127 Nov 22 18:19:05 info racoon INFO: Hashing 192.168.20.240[500] with
algo #2 128 Nov 22 18:19:05 debug racoon DEBUG: hash(sha1) 129
Nov 22 18:19:05 info racoon INFO: Hashing 192.168.20.133[500] with algo
#2 130 Nov 22 18:19:05 debug racoon DEBUG: hash(sha1) 131 Nov
22 18:19:05 debug racoon DEBUG: filename:
/var/run/cert/trusted/mpki.6a005e3c.ed63c06b75836b8b3ae584b65c4fd634.k
132 Nov 22 18:19:05 debug racoon DEBUG: SIGN computed: 133 Nov 22
18:19:05 debug racoon DEBUG: 4299a2c7 3f0a61ca 90cab6e0 0bde883d 674ce0c4
843585c5 5ec9ac3a 9dddbb04 b54e5111 abc7d1e1 d55bca25 47297801 a0bbc918
b60e61c5 14ba6e9f d3d52268 c0b8846c f7a1f2d2 102c45a5 5617ccc5 4d0c154a
eb385140 37fa0aeb eddbeeb0 4de4caeb cd63ed0f 3778d57c 4f4832c3 69e99154
3422ad61 5c29678e 502bb064 134 Nov 22 18:19:05 debug racoon DEBUG:
add payload of len 52, next type 4 135 Nov 22 18:19:05 debug
racoon DEBUG: add payload of len 128, next type 10 136 Nov 22
18:19:05 debug racoon DEBUG: add payload of len 16, next type 5 137
Nov 22 18:19:05 debug racoon DEBUG: add payload of len 99, next type 6
138 Nov 22 18:19:05 debug racoon DEBUG: add payload of len 806, next
type 9 139 Nov 22 18:19:05 debug racoon DEBUG: add payload of len
128, next type 13 140 Nov 22 18:19:05 debug racoon DEBUG: add
payload of len 16, next type 7 141 Nov 22 18:19:05 debug
racoon DEBUG:
add payload of len 1, next type 13 142 Nov 22 18:19:05 debug
racoon DEBUG: add payload of len 16, next type 20 143 Nov 22
18:19:05 debug racoon DEBUG: add payload of len 20, next type 20 144
Nov 22 18:19:05 debug racoon DEBUG: add payload of len 20, next type 13
145 Nov 22 18:19:05 debug racoon DEBUG: add payload of len 16, next
type 0 146 Nov 22 18:19:05 debug racoon DEBUG: 1394 bytes from
192.168.20.133[500] to 192.168.20.240[500] 147 Nov 22 18:19:05
debug racoon DEBUG: 548 bytes from 192.168.20.133[500] to 192.168.20.240[500]
148 Nov 22 18:19:05 debug racoon DEBUG: sockname 192.168.20.133[500]
149 Nov 22 18:19:05 debug racoon DEBUG: send packet from
192.168.20.133[500] 150 Nov 22 18:19:05 debug racoon DEBUG: send
packet to 192.168.20.240[500] 151 Nov 22 18:19:05 debug racoon DEBUG:
src4 192.168.20.133[500] 152 Nov 22 18:19:05 debug racoon DEBUG:
dst4 192.168.20.240[500] 153 Nov 22 18:19:05 debug racoon DEBUG: 1
times of 548 bytes message will be sent to 192.168.20.240[500] 154 Nov
22 18:19:05 debug racoon [truncated] DEBUG: 8232f628 54a87223 42ba8ce8
4010c83c 84100400 00000000 00000224 00000208 00010100 8232f628 54a87223
42ba8ce8 4010c83c 01100400 00000000 00000572 04000038 00000001 00000001
0000002c 01010001 00000024 01010000 80010005 80020002 80040002 80030003
800b0001 000c0004 00015180 0a000084 53b5931f d23df053 914b7d9e a5d64c03
eb564489 314428f4 afb9d07d 7ba627a0 e14df3cd 74e82df1 68deb6a6 a11fb6c6
96f09ace 7ef86b3a 7a39a6bf 1c28ee6c a1e5514b 9a9a88d6 9b3d3ed3 07082e49
28a139ac 47223e9f f1df8087 6cd8ae2e 2c73440e f7a97b1a 230d653e 06f77360
7194cd7e d33dcbb8 d6916cdd 8ef69159 05000014 eece830b ab70d9a8 c97764d7
389e92aa 06000067 09000000 305d310b 30090603 55040613 02434e31 15301306
0355040a 140ce585 88e5ae89 e7a791e6 8a803114 30120603 55040313 0b776f72
6b737461 74696f6e 3121301f 06035504 0b131831 31363039 37393835 31553435
33333235 38424338 39304509 00032a04 30820321 3082028a a0030201 02020900
da4954cc 065a9a3b 300d0609 2a864886 f70d0101 04050030 5d310b30 09060355
04061302 43 155 Nov 22 18:19:05 debug racoon DEBUG: 548 bytes from
192.168.20.133[500] to 192.168.20.240[500] 156 Nov 22 18:19:05
debug racoon DEBUG: sockname 192.168.20.133[500] 157 Nov 22
18:19:05 debug racoon DEBUG: send packet from 192.168.20.133[500] 158
Nov 22 18:19:05 debug racoon DEBUG: send packet to 192.168.20.240[500]
159 Nov 22 18:19:05 debug racoon DEBUG: src4 192.168.20.133[500]
160 Nov 22 18:19:05 debug racoon DEBUG: dst4 192.168.20.240[500] 161
Nov 22 18:19:05 debug racoon DEBUG: 1 times of 548 bytes message will be
sent to 192.168.20.240[500] 162 Nov 22 18:19:05 debug racoon
[truncated]
DEBUG: 8232f628 54a87223 42ba8ce8 4010c83c 84100400 00000000 00000224
00000208 00010200 310b3009 06035504 06130243 4e311530 13060355 040a140c
e58588e5 ae89e7a7 91e68a80 31143012 06035504 03130b77 6f726b73 74617469
6f6e3121 301f0603 55040b13 18313136 30393739 38353155 34353333 32353842
43383930 4530819f 300d0609 2a864886 f70d0101 01050003 818d0030 81890281
8100a2ff d3a7f615 87402622 3feb4d78 e7cddd62 423b4591 df1f4fdd e9070649
f14ca6ac 18edd595 61166895 6a550889 df49f05a 886e1bbc 3e1679e2 0776e9b3
d7f3409b dd269daf 3d89e4b6 b62f3736 dce63e27 cb959837 e994d9c4 d506fec1
ff0f700e 3981c03e d9c342ca 34f0dd29 dccd6e8d 10b51e40 1b6163db adb38b1d
459b0203 010001a3 81e83081 e5302406 09608648 0186f842 010d0417 16154e45
544f4e45 20434120 63657274 69666963 61746530 1d060355 1d0e0416 0414e240
05cb105b 4a28a3f3 5a39d17d 4a7289c5 762a3081 8f060355 1d230481 87308184
8014e240 05cb105b 4a28a3f3 5a39d17d 4a7289c5 762aa161 a45f305d 310b3009
06035504 06130243 4e311530 13060355 040a140c e5 163 Nov 22 18:19:05
debug racoon DEBUG: 406 bytes from 192.168.20.133[500] to 192.168.20.240[500]
164 Nov 22 18:19:05 debug racoon DEBUG: sockname 192.168.20.133[500]
165 Nov 22 18:19:05 debug racoon DEBUG: send packet from
192.168.20.133[500] 166 Nov 22 18:19:05 debug racoon DEBUG: send
packet to 192.168.20.240[500] 167 Nov 22 18:19:05 debug racoon DEBUG:
src4 192.168.20.133[500] 168 Nov 22 18:19:05 debug racoon DEBUG:
dst4 192.168.20.240[500] 169 Nov 22 18:19:05 debug racoon DEBUG: 1
times of 406 bytes message will be sent to 192.168.20.240[500] 170 Nov
22 18:19:05 debug racoon DEBUG: 8232f628 54a87223 42ba8ce8 4010c83c
84100400 00000000 00000196 0000017a 00010301 69d46e8c 30a43cd6 1f975bf8
b0cd80a5 d021cc0f d5325878 a5573736 1cd05944 104efa13 60225421 9f5ae066
db5403b0 3903935f c3f7aeb0 8b4899a5 779a0649 cdb22c5c 7a26fcf2 e74a12ab
d340ba81 289c3a68 d647e675 60f5875a dc155331 3caf89f2 1854d908 ad154ee9
862775f3 6eff8960 dc4cd590 a5aa35ec 3a0d0000 844299a2 c73f0a61 ca90cab6
e00bde88 3d674ce0 c4843585 c55ec9ac 3a9dddbb 04b54e51 11abc7d1 e1d55bca
25472978 01a0bbc9 18b60e61 c514ba6e 9fd3d522 68c0b884 6cf7a1f2 d2102c45
a55617cc c54d0c15 4aeb3851 4037fa0a ebeddbee b04de4ca ebcd63ed 0f3778d5
7c4f4832 c369e991 543422ad 615c2967 8e502bb0 64070000 1412f5f2 8c457168
a9702d9f e274cc01 000d0000 05041400 00144a13 1c810703 58455c57 28f20e95
452f1400 0018ab54 c46b1241 212ec5d4 ac42205d fa3193f2 eab70d00 0018b0a6
7cc5d367 7dcd2748 a6f56814 2462fc33 d5460000 0014afca d71368a1 f1c96b86
96fc7757 0100 171 Nov 22 18:19:05 debug racoon DEBUG: resend
phase1 packet 8232f62854a87223:42ba8ce84010c83c 172 Nov 22 18:19:05
debug racoon DEBUG: === 173 Nov 22 18:19:05 debug racoon DEBUG:
560 bytes message received from 192.168.20.240[500] to 192.168.20.133[500]
174 Nov 22 18:19:05 debug racoon [truncated] DEBUG: 8232f628 54a87223
42ba8ce8 4010c83c 84100400 00000000 00000230 00000214 00010100 8232f628
54a87223 42ba8ce8 4010c83c 06100401 00000000 000003f4 c6ad1336 93caf8d3
6ece594f e2296803 cf2ff923 a5f180e5 33a2c065 5b59f207 cf8593f5 52014cc1
99cf427d 15e1bf4a 95402bd7 811b6ec1 79a07a0b 7877e48c a2a6836f 1eacad6d
02c18ac2 6fc1fc91 6565b37f 177b66e3 fba499e8 ff15dd77 2a57b114 0e93f488
7e194d7f c9d8985c e80807b6 469e16f3 5e9365c4 fe362078 9a270455 e42aa166
060061a6 5995755e 22dd5729 e960cfff c62ebede fbc11e1a 9db07cd9 f9faa8ae
da74aded 325e0945 2c5a4fc0 bf597313 176d941d dfe278ef 61fd6065 4982c9ad
7336ca5f 9eeb0171 080c8295 7aa27c1e f24c33ff bd7f131b aa7f05c0 5592e70b
3b78c8d9 f23a1ad5 48332548 8eb8401a 6226be72 fa1e489d 0890679f ea2717e8
91880710 ddb00ebb 24841cad 7e7957b3 c6903b45 c5d3c720 6e7dfd31 0bf8c72e
29bc6d87 b53dc6bf 65932ca1 a121df25 b8487756 ae256732 e67d21c2 78816393
68d85547 161f0d85 1b852721 1c9f688c dc79d06e 471f6804 021111e2 bab36e7e
944991f0 742f80a8 99 175 Nov 22 18:19:05 debug racoon DEBUG: ===
176 Nov 22 18:19:05 debug racoon DEBUG: 524 bytes message received
from 192.168.20.240[500] to 192.168.20.133[500] 177 Nov 22 18:19:05
debug racoon [truncated] DEBUG: 8232f628 54a87223 42ba8ce8 4010c83c
84100400 00000000 0000020c 000001f0 00010201 6a28d8bc efc8b488 381f1738
5c29eb1e 2f783e8d f4940b78 265b8394 5d4e1735 f611542f 8998c4e5 b797688b
c6304206 0168fab5 7b66f8d3 59b583f2 29d19b9d 1306eb14 922497e2 c877dfe5
a8e32e52 2f46fafc a4ab713d 50df9cf6 6202cc81 bdf698b0 73d2158e 266e58b9
41681ced e16d4aa9 48f3f8d1 c2ebb11f 87e3f8f3 448b8aee 77c25c70 27ebd27f
edc49d0e 41668023 0a84a939 fe8a9de1 96e0b59b 50db4f70 3a7ed49a 811e3556
fa329f2a bff81a9c 40e546c1 e3b6c519 4d1f577e 0048f10c dc5546a9 8b7da257
8ad02151 8d7b2cd4 4a062c00 470a801a ead436d5 4b50a32e e7078287 c73f02ac
328605f5 58c7f096 5e1fd611 51cb5082 0594585b 114ad582 360b9770 90f39e7b
81fd8934 aeef753b af84a913 7b14b343 ac3d2164 4c2189a7 c6f0fb0b 77853a53
2a27d293 b691fffe f137e4c5 3ea65deb a09a8920 3eca37c1 976d6e5c ae9abe58
083b0a38 3b6b3c6d 058d0f15 f814ecb9 62200351 dac59794 1a5c9f35 d8fed885
1a009337 6b002034 96c23ff3 855e7304 65144f33 28b09868 48d81245 65f89a13 f1
178 Nov 22 18:19:05 debug racoon DEBUG: begin decryption. 179 Nov
22 18:19:05 debug racoon DEBUG: encryption(3des) 180 Nov 22
18:19:05 debug racoon DEBUG: IV was saved for next processing: 181
Nov 22 18:19:05 debug racoon DEBUG: 5577a08d 5fd8e9da 182 Nov 22
18:19:05 debug racoon DEBUG: encryption(3des) 183 Nov 22 18:19:05
debug racoon DEBUG: with key: 184 Nov 22 18:19:05 debug
racoon DEBUG:
83427eec 4f160b72 a57d048c 0355cf07 13003dfb 2d5e07f2 185 Nov 22
18:19:05 debug racoon DEBUG: decrypted payload by IV: 186 Nov 22
18:19:05 debug racoon DEBUG: 570441e7 04e186c3 187 Nov 22
18:19:05 debug racoon DEBUG: decrypted payload, but not trimed. 188
Nov 22 18:19:05 debug racoon [truncated] DEBUG: 09000322 04308203
19308202 82a00302 01020209 00b9c145 f480443f 62300d06 092a8648 86f70d01
01040500 305d310b 30090603 55040613 02434e31 15301306 0355040a 140ce585
88e5ae89 e7a791e6 8a803114 30120603 55040313 0b776f72 6b737461 74696f6e
3121301f 06035504 0b131831 31363039 37393835 31553435 33333235 38424338
39304530 1e170d30 36313132 31303134 3834355a 170d3037 31313231 30313438
34355a30 4e310b30 09060355 04061302 434e310d 300b0603 55040a13 04313132
31310d30 0b060355 04031304 31313231 3121301f 06035504 0b131831 31363430
37333730 35553435 36323541 45393846 36344130 819f300d 06092a86 4886f70d
01010105 0003818d 00308189 02818100 b44b14f2 23297f56 a081dbde fd305c6b
85aeb61e 0e2e4eff af563604 0c2b25b7 6370f736 f93c6707 320b9149 ced64488
4a488498 258749aa a529ccf8 d37acbad eee4d6b0 f3392025 b68983cb 3f70c241
3f0749f1 a411e6a0 1e8689df f3fc2973 614a9fe9 d1b70caf c696e182 b7d4c8cf
1d9e54ae 4e6f90aa 5ae43f28 d60595f3 02030100 01a381ef 3081ec30 09060355
1d130402 30003021 06 189 Nov 22 18:19:05 debug racoon DEBUG:
padding len=1 190 Nov 22 18:19:05 debug racoon DEBUG: skip to trim
padding. 191 Nov 22 18:19:05 debug racoon DEBUG: decrypted.
192 Nov 22 18:19:05 debug racoon [truncated] DEBUG: 8232f628 54a87223
42ba8ce8 4010c83c 06100401 00000000 000003f4 09000322 04308203 19308202
82a00302 01020209 00b9c145 f480443f 62300d06 092a8648 86f70d01 01040500
305d310b 30090603 55040613 02434e31 15301306 0355040a 140ce585 88e5ae89
e7a791e6 8a803114 30120603 55040313 0b776f72 6b737461 74696f6e 3121301f
06035504 0b131831 31363039 37393835 31553435 33333235 38424338 39304530
1e170d30 36313132 31303134 3834355a 170d3037 31313231 30313438 34355a30
4e310b30 09060355 04061302 434e310d 300b0603 55040a13 04313132 31310d30
0b060355 04031304 31313231 3121301f 06035504 0b131831 31363430 37333730
35553435 36323541 45393846 36344130 819f300d 06092a86 4886f70d 01010105
0003818d 00308189 02818100 b44b14f2 23297f56 a081dbde fd305c6b 85aeb61e
0e2e4eff af563604 0c2b25b7 6370f736 f93c6707 320b9149 ced64488 4a488498
258749aa a529ccf8 d37acbad eee4d6b0 f3392025 b68983cb 3f70c241 3f0749f1
a411e6a0 1e8689df f3fc2973 614a9fe9 d1b70caf c696e182 b7d4c8cf 1d9e54ae
4e6f90aa 5ae43f28 d6 193 Nov 22 18:19:05 debug racoon DEBUG:
begin. 194 Nov 22 18:19:05 debug racoon DEBUG: seen nptype=6(cert)
195 Nov 22 18:19:05 debug racoon DEBUG: seen nptype=9(sig) 196
Nov 22 18:19:05 debug racoon DEBUG: succeed. 197 Nov 22 18:19:05
debug racoon DEBUG: CERT saved: 198 Nov 22 18:19:05 debug
racoon [truncated]
DEBUG: 30820319 30820282 a0030201 02020900 b9c145f4 80443f62 300d0609
2a864886 f70d0101 04050030 5d310b30 09060355 04061302 434e3115 30130603
55040a14 0ce58588 e5ae89e7 a791e68a 80311430 12060355 0403130b 776f726b
73746174 696f6e31 21301f06 0355040b 13183131 36303937 39383531 55343533
33323538 42433839 3045301e 170d3036 31313231 30313438 34355a17 0d303731
31323130 31343834 355a304e 310b3009 06035504 06130243 4e310d30 0b060355
040a1304 31313231 310d300b 06035504 03130431 31323131 21301f06 0355040b
13183131 36343037 33373035 55343536 32354145 39384636 34413081 9f300d06
092a8648 86f70d01 01010500 03818d00 30818902 818100b4 4b14f223 297f56a0
81dbdefd 305c6b85 aeb61e0e 2e4effaf 5636040c 2b25b763 70f736f9 3c670732
0b9149ce d644884a 48849825 8749aaa5 29ccf8d3 7acbadee e4d6b0f3 392025b6
8983cb3f 70c2413f 0749f1a4 11e6a01e 8689dff3 fc297361 4a9fe9d1 b70cafc6
96e182b7 d4c8cf1d 9e54ae4e 6f90aa5a e43f28d6 0595f302 03010001 a381ef30
81ec3009 0603551d 13040230 00302106 09608648 01 199 Nov 22 18:19:05
debug racoon [truncated] DEBUG: Certificate: Data: Version: 3 (0x2) Serial
Number: b9:c1:45:f4:80:44:3f:62 Signature Algorithm: md5WithRSAEncryption
Issuer: C=CN, O=\xE5\x85\x88\xE5\xAE\x89\xE7\xA7\x91\xE6\x8A\x80,
CN=workstation, OU=1160979851U4533258BC890E Validity Not Before: Nov 21
01:48:45 2006 GMT Not After : Nov 21 01:48:45 2007 GMT Subject: C=CN,
O=1121, CN=1121, OU=1164073705U45625AE98F64A Subject Public Key Info: Public
Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit):
00:b4:4b:14:f2:23:29:7f:56:a0:81:db:de:fd:30:
5c:6b:85:ae:b6:1e:0e:2e:4e:ff:af:56:36:04:0c:
2b:25:b7:63:70:f7:36:f9:3c:67:07:32:0b:91:49:
ce:d6:44:88:4a:48:84:98:25:87:49:aa:a5:29:cc:
f8:d3:7a:cb:ad:ee:e4:d6:b0:f3:39:20:25:b6:89: 83:cb:3f:70 200 Nov 22
18:19:05 info racoon INFO: NAT not detected 201 Nov 22 18:19:05
debug racoon DEBUG: SIGN passed: 202 Nov 22 18:19:05 debug
racoon DEBUG: 1cf01a4b b2be9d20 6b0e12bb b537d0c8 74fa83d0 89c4796c
ee8f9bcb 4813bda4 b59945e3 f6521d26 b915f282 2d3a39ca 94cdcc72 e652b87c
0dae946c 587a3cc2 1f79e7dd fc6a321e b4df8fc9 4fecaec4 6e566bab d89ea7f8
0341f3f1 b52197a0 173537cc 0cd5fda6 b13c5000 ae2f4f8c cbd8e7c3 557d38e4
0a9c412d a21fa128 203 Nov 22 18:19:05 err racoon ERROR: CRL has
expired(12) at depth:0
SubjectName:/C=CN/O=1121/CN=1121/OU=1164073705U45625AE98F64A 204 Nov
22 18:19:05 err racoon ERROR: the peer's certificate is not verified.
205 Nov 22 18:19:05 debug racoon DEBUG: compute IV for phase2 206
Nov 22 18:19:05 debug racoon DEBUG: phase1 last IV: 207 Nov 22
18:19:05 debug racoon DEBUG: 570441e7 04e186c3 f0715351 208 Nov 22
18:19:05 debug racoon DEBUG: hash(sha1) 209 Nov 22 18:19:05
debug racoon DEBUG: encryption(3des) 210 Nov 22 18:19:05 debug
racoon DEBUG: phase2 IV computed: 211 Nov 22 18:19:05 debug
racoon DEBUG: dd5fddd7 eacf9e44 212 Nov 22 18:19:05 debug
racoon DEBUG:
HASH with: 213 Nov 22 18:19:05 debug racoon DEBUG: f0715351
0000000c 00000001 01000016 214 Nov 22 18:19:05 debug racoon DEBUG:
hmac(hmac_sha1) 215 Nov 22 18:19:05 debug racoon DEBUG: HASH
computed: 216 Nov 22 18:19:05 debug racoon DEBUG: 56951cfc
713b4d45 2601f685 072ac64e 56c9b449 217 Nov 22 18:19:05 debug
racoon DEBUG: begin encryption. 218 Nov 22 18:19:05 debug
racoon DEBUG:
encryption(3des) 219 Nov 22 18:19:05 debug racoon DEBUG: pad
length = 4 220 Nov 22 18:19:05 debug racoon DEBUG: 0b000018
56951cfc 713b4d45 2601f685 072ac64e 56c9b449 0000000c 00000001 01000016
f2d2ea03 221 Nov 22 18:19:05 debug racoon DEBUG: encryption(3des)
222 Nov 22 18:19:05 debug racoon DEBUG: with key: 223 Nov
22 18:19:05 debug racoon DEBUG: 83427eec 4f160b72 a57d048c 0355cf07
13003dfb 2d5e07f2 224 Nov 22 18:19:05 debug racoon DEBUG:
encrypted payload by IV: 225 Nov 22 18:19:05 debug racoon DEBUG:
dd5fddd7 eacf9e44 226 Nov 22 18:19:05 debug racoon DEBUG: save IV
for next: 227 Nov 22 18:19:05 debug racoon DEBUG: 3299799c
c75faa01 228 Nov 22 18:19:05 debug racoon DEBUG: encrypted.
229 Nov 22 18:19:05 debug racoon DEBUG: 68 bytes from 192.168.20.133[500]
to 192.168.20.240[500] 230 Nov 22 18:19:05 debug racoon DEBUG:
sockname 192.168.20.133[500] 231 Nov 22 18:19:05 debug racoon DEBUG:
send packet from 192.168.20.133[500] 232 Nov 22 18:19:05 debug
racoon DEBUG: send packet to 192.168.20.240[500] 233 Nov 22
18:19:05 debug racoon DEBUG: src4 192.168.20.133[500] 234 Nov 22
18:19:05 debug racoon DEBUG: dst4 192.168.20.240[500] 235 Nov 22
18:19:05 debug racoon DEBUG: 1 times of 68 bytes message will be sent to
192.168.20.240[500] 236 Nov 22 18:19:05 debug racoon DEBUG:
8232f628 54a87223 42ba8ce8 4010c83c 08100501 f0715351 00000044 612157a5
9948ef78 71761a81 0f18afa1 0d5c01cb 5256e862 adc7e220 5f9cc954 3299799c
c75faa01 237 Nov 22 18:19:05 debug racoon DEBUG: sendto
Information notify. 238 Nov 22 18:19:05 debug racoon DEBUG: ===
239 Nov 22 18:19:05 debug racoon DEBUG: 84 bytes message received from
192.168.20.240[500] to 192.168.20.133[500] 240 Nov 22 18:19:05
debug racoon DEBUG: 8232f628 54a87223 42ba8ce8 4010c83c 08100501 8df0d6c5
00000054 52abf6f2 8b998613 fc7120bd e3dfd2db f772c309 83041245 bb59227a
9c2fc499 f51694f1 eba01d6c 8d156d38 d1ec06ce 1089684b 7b906ae7 241 Nov
22 18:19:05 debug racoon DEBUG: receive Information. 242 Nov 22
18:19:05 debug racoon DEBUG: compute IV for phase2 243 Nov 22
18:19:05 debug racoon DEBUG: phase1 last IV: 244 Nov 22 18:19:05
debug racoon DEBUG: 570441e7 04e186c3 8df0d6c5 245 Nov 22 18:19:05
debug racoon DEBUG: hash(sha1) 246 Nov 22 18:19:05 debug
racoon DEBUG:
encryption(3des) 247 Nov 22 18:19:05 debug racoon DEBUG: phase2 IV
computed: 248 Nov 22 18:19:05 debug racoon DEBUG: 294b7747
d2cd5791 249 Nov 22 18:19:05 debug racoon DEBUG: begin decryption.
250 Nov 22 18:19:05 debug racoon DEBUG: encryption(3des) 251
Nov 22 18:19:05 debug racoon DEBUG: IV was saved for next processing:
252 Nov 22 18:19:05 debug racoon DEBUG: 1089684b 7b906ae7 253 Nov
22 18:19:05 debug racoon DEBUG: encryption(3des) 254 Nov 22
18:19:05 debug racoon DEBUG: with key: 255 Nov 22 18:19:05 debug
racoon DEBUG: 83427eec 4f160b72 a57d048c 0355cf07 13003dfb 2d5e07f2 256
Nov 22 18:19:05 debug racoon DEBUG: decrypted payload by IV: 257 Nov
22 18:19:05 debug racoon DEBUG: 294b7747 d2cd5791 258 Nov 22
18:19:05 debug racoon DEBUG: decrypted payload, but not trimed. 259
Nov 22 18:19:05 debug racoon DEBUG: b042346e 0fee328f 9a8f734a b58a445a
c051e56b f8aaeab8 0000001c 00000001 01106002 8232f628 54a87223 42ba8ce8
4010c83c 00000000 260 Nov 22 18:19:05 debug racoon DEBUG: padding
len=1 261 Nov 22 18:19:05 debug racoon DEBUG: skip to trim
padding. 262 Nov 22 18:19:05 debug racoon DEBUG: decrypted.
263 Nov 22 18:19:05 debug racoon DEBUG: 8232f628 54a87223 42ba8ce8
4010c83c 08100501 8df0d6c5 00000054 b042346e 0fee328f 9a8f734a b58a445a
c051e56b f8aaeab8 0000001c 00000001 01106002 8232f628 54a87223 42ba8ce8
4010c83c 00000000 264 Nov 22 18:19:05 err racoon ERROR: ignore
information because ISAKMP-SA has not been established yet. 265 Nov
22 18:19:05 debug racoon DEBUG: === 266 Nov 22 18:19:05 debug
racoon DEBUG: 76 bytes message received from 192.168.20.240[500] to
192.168.20.133[500] 267 Nov 22 18:19:05 debug racoon DEBUG:
8232f628 54a87223 42ba8ce8 4010c83c 08100601 89077d41 0000004c 242fd4eb
8cd73b5f 73d75fd6 07b9cfde 475c1e76 b1e510bd 77e66824 cd7149eb 18177415
2651dfe1 7f415835 ad37dcfe 268 Nov 22 18:19:05 debug racoon DEBUG:
compute IV for phase2 269 Nov 22 18:19:05 debug racoon DEBUG:
phase1 last IV: 270 Nov 22 18:19:05 debug racoon DEBUG: 570441e7
04e186c3 89077d41 271 Nov 22 18:19:05 debug racoon DEBUG:
hash(sha1) 272 Nov 22 18:19:05 debug racoon DEBUG:
encryption(3des) 273 Nov 22 18:19:05 debug racoon DEBUG: phase2 IV
computed: 274 Nov 22 18:19:05 debug racoon DEBUG: b4e63c18
020b7819 275 Nov 22 18:19:05 debug racoon DEBUG: begin decryption.
276 Nov 22 18:19:05 debug racoon DEBUG: encryption(3des) 277
Nov 22 18:19:05 debug racoon DEBUG: IV was saved for next processing:
278 Nov 22 18:19:05 debug racoon DEBUG: 7f415835 ad37dcfe 279 Nov
22 18:19:05 debug racoon DEBUG: encryption(3des) 280 Nov 22
18:19:05 debug racoon DEBUG: with key: 281 Nov 22 18:19:05 debug
racoon DEBUG: 83427eec 4f160b72 a57d048c 0355cf07 13003dfb 2d5e07f2 282
Nov 22 18:19:05 debug racoon DEBUG: decrypted payload by IV: 283 Nov
22 18:19:05 debug racoon DEBUG: b4e63c18 020b7819 284 Nov 22
18:19:05 debug racoon DEBUG: decrypted payload, but not trimed. 285
Nov 22 18:19:05 debug racoon DEBUG: 5135081c 383e7c0e 81f6533c e33a4558
82cfdf2d 288e90a9 00000018 01006640 00010004 00000000 00020004 00000000
286 Nov 22 18:19:05 debug racoon DEBUG: padding len=1 287 Nov 22
18:19:05 debug racoon DEBUG: skip to trim padding. 288 Nov 22
18:19:05 debug racoon DEBUG: decrypted. 289 Nov 22 18:19:05
debug racoon DEBUG: 8232f628 54a87223 42ba8ce8 4010c83c 08100601 89077d41
0000004c 5135081c 383e7c0e 81f6533c e33a4558 82cfdf2d 288e90a9 00000018
01006640 00010004 00000000 00020004 00000000 290 Nov 22 18:19:05
debug racoon DEBUG: MODE_CFG packet 291 Nov 22 18:19:05 debug
racoon DEBUG: 8232f628 54a87223 42ba8ce8 4010c83c 08100601 89077d41
0000004c 5135081c 383e7c0e 81f6533c e33a4558 82cfdf2d 288e90a9 00000018
01006640 00010004 00000000 00020004 00000000 292 Nov 22 18:19:05
info racoon WARNING: Short payload 293 Nov 22 18:19:15 debug
racoon DEBUG: 1394 bytes from 192.168.20.133[500] to 192.168.20.240[500]
294 Nov 22 18:19:15 debug racoon DEBUG: 548 bytes from
192.168.20.133[500]
to 192.168.20.240[500] 295 Nov 22 18:19:15 debug racoon DEBUG:
sockname 192.168.20.133[500] 296 Nov 22 18:19:15 debug racoon DEBUG:
send packet from 192.168.20.133[500] 297 Nov 22 18:19:15 debug
racoon DEBUG: send packet to 192.168.20.240[500] 298 Nov 22
18:19:15 debug racoon DEBUG: src4 192.168.20.133[500] 299 Nov 22
18:19:15 debug racoon DEBUG: dst4 192.168.20.240[500] 300 Nov 22
18:19:15 debug racoon DEBUG: 1 times of 548 bytes message will be sent to
192.168.20.240[500] 301 Nov 22 18:19:15 debug racoon [truncated]
DEBUG: 8232f628 54a87223 42ba8ce8 4010c83c 84100400 00000000 00000224
00000208 00010100 8232f628 54a87223 42ba8ce8 4010c83c 01100400 00000000
00000572 04000038 00000001 00000001 0000002c 01010001 00000024 01010000
80010005 80020002 80040002 80030003 800b0001 000c0004 00015180 0a000084
53b5931f d23df053 914b7d9e a5d64c03 eb564489 314428f4 afb9d07d 7ba627a0
e14df3cd 74e82df1 68deb6a6 a11fb6c6 96f09ace 7ef86b3a 7a39a6bf 1c28ee6c
a1e5514b 9a9a88d6 9b3d3ed3 07082e49 28a139ac 47223e9f f1df8087 6cd8ae2e
2c73440e f7a97b1a 230d653e 06f77360 7194cd7e d33dcbb8 d6916cdd 8ef69159
05000014 eece830b ab70d9a8 c97764d7 389e92aa 06000067 09000000 305d310b
30090603 55040613 02434e31 15301306 0355040a 140ce585 88e5ae89 e7a791e6
8a803114 30120603 55040313 0b776f72 6b737461 74696f6e 3121301f 06035504
0b131831 31363039 37393835 31553435 33333235 38424338 39304509 00032a04
30820321 3082028a a0030201 02020900 da4954cc 065a9a3b 300d0609 2a864886
f70d0101 04050030 5d310b30 09060355 04061302 43 302 Nov 22 18:19:15
debug racoon DEBUG: 548 bytes from 192.168.20.133[500] to 192.168.20.240[500]
303 Nov 22 18:19:15 debug racoon DEBUG: sockname 192.168.20.133[500]
304 Nov 22 18:19:15 debug racoon DEBUG: send packet from
192.168.20.133[500] 305 Nov 22 18:19:15 debug racoon DEBUG: send
packet to 192.168.20.240[500] 306 Nov 22 18:19:15 debug racoon DEBUG:
src4 192.168.20.133[500] 307 Nov 22 18:19:15 debug racoon DEBUG:
dst4 192.168.20.240[500] 308 Nov 22 18:19:15 debug racoon DEBUG: 1
times of 548 bytes message will be sent to 192.168.20.240[500] 309 Nov
22 18:19:15 debug racoon [truncated] DEBUG: 8232f628 54a87223 42ba8ce8
4010c83c 84100400 00000000 00000224 00000208 00010200 310b3009 06035504
06130243 4e311530 13060355 040a140c e58588e5 ae89e7a7 91e68a80 31143012
06035504 03130b77 6f726b73 74617469 6f6e3121 301f0603 55040b13 18313136
30393739 38353155 34353333 32353842 43383930 4530819f 300d0609 2a864886
f70d0101 01050003 818d0030 81890281 8100a2ff d3a7f615 87402622 3feb4d78
e7cddd62 423b4591 df1f4fdd e9070649 f14ca6ac 18edd595 61166895 6a550889
df49f05a 886e1bbc 3e1679e2 0776e9b3 d7f3409b dd269daf 3d89e4b6 b62f3736
dce63e27 cb959837 e994d9c4 d506fec1 ff0f700e 3981c03e d9c342ca 34f0dd29
dccd6e8d 10b51e40 1b6163db adb38b1d 459b0203 010001a3 81e83081 e5302406
09608648 0186f842 010d0417 16154e45 544f4e45 20434120 63657274 69666963
61746530 1d060355 1d0e0416 0414e240 05cb105b 4a28a3f3 5a39d17d 4a7289c5
762a3081 8f060355 1d230481 87308184 8014e240 05cb105b 4a28a3f3 5a39d17d
4a7289c5 762aa161 a45f305d 310b3009 06035504 06130243 4e311530 13060355
040a140c e5 310 Nov 22 18:19:15 debug racoon DEBUG: 406 bytes from
192.168.20.133[500] to 192.168.20.240[500] 311 Nov 22 18:19:15
debug racoon DEBUG: sockname 192.168.20.133[500] 312 Nov 22
18:19:15 debug racoon DEBUG: send packet from 192.168.20.133[500] 313
Nov 22 18:19:15 debug racoon DEBUG: send packet to 192.168.20.240[500]
314 Nov 22 18:19:15 debug racoon DEBUG: src4 192.168.20.133[500]
315 Nov 22 18:19:15 debug racoon DEBUG: dst4 192.168.20.240[500] 316
Nov 22 18:19:15 debug racoon DEBUG: 1 times of 406 bytes message will be
sent to 192.168.20.240[500] 317 Nov 22 18:19:15 debug racoon DEBUG:
8232f628 54a87223 42ba8ce8 4010c83c 84100400 00000000 00000196 0000017a
00010301 69d46e8c 30a43cd6 1f975bf8 b0cd80a5 d021cc0f d5325878 a5573736
1cd05944 104efa13 60225421 9f5ae066 db5403b0 3903935f c3f7aeb0 8b4899a5
779a0649 cdb22c5c 7a26fcf2 e74a12ab d340ba81 289c3a68 d647e675 60f5875a
dc155331 3caf89f2 1854d908 ad154ee9 862775f3 6eff8960 dc4cd590 a5aa35ec
3a0d0000 844299a2 c73f0a61 ca90cab6 e00bde88 3d674ce0 c4843585 c55ec9ac
3a9dddbb 04b54e51 11abc7d1 e1d55bca 25472978 01a0bbc9 18b60e61 c514ba6e
9fd3d522 68c0b884 6cf7a1f2 d2102c45 a55617cc c54d0c15 4aeb3851 4037fa0a
ebeddbee b04de4ca ebcd63ed 0f3778d5 7c4f4832 c369e991 543422ad 615c2967
8e502bb0 64070000 1412f5f2 8c457168 a9702d9f e274cc01 000d0000 05041400
00144a13 1c810703 58455c57 28f20e95 452f1400 0018ab54 c46b1241 212ec5d4
ac42205d fa3193f2 eab70d00 0018b0a6 7cc5d367 7dcd2748 a6f56814 2462fc33
d5460000 0014afca d71368a1 f1c96b86 96fc7757 0100 318 Nov 22
18:19:15 debug racoon DEBUG: resend phase1 packet
8232f62854a87223:42ba8ce84010c83c 319 Nov 22 18:19:15 debug
racoon DEBUG:
=== 320 Nov 22 18:19:15 debug racoon DEBUG: 76 bytes message
received from 192.168.20.240[500] to 192.168.20.133[500] 321 Nov 22
18:19:15 debug racoon DEBUG: 8232f628 54a87223 42ba8ce8 4010c83c 08100601
89077d41 0000004c 242fd4eb 8cd73b5f 73d75fd6 07b9cfde 475c1e76 b1e510bd
77e66824 cd7149eb 18177415 2651dfe1 7f415835 ad37dcfe 322 Nov 22
18:19:15 debug racoon DEBUG: begin decryption. 323 Nov 22
18:19:15 debug racoon DEBUG: encryption(3des) 324 Nov 22 18:19:15
debug racoon DEBUG: IV was saved for next processing: 325 Nov 22
18:19:15 debug racoon DEBUG: 7f415835 ad37dcfe 326 Nov 22
18:19:15 debug racoon DEBUG: encryption(3des) 327 Nov 22 18:19:15
debug racoon DEBUG: with key: 328 Nov 22 18:19:15 debug
racoon DEBUG:
83427eec 4f160b72 a57d048c 0355cf07 13003dfb 2d5e07f2 329 Nov 22
18:19:15 debug racoon DEBUG: decrypted payload by IV: 330 Nov 22
18:19:15 debug racoon DEBUG: b4e63c18 020b7819 331 Nov 22
18:19:15 debug racoon DEBUG: decrypted payload, but not trimed. 332
Nov 22 18:19:15 debug racoon DEBUG: 5135081c 383e7c0e 81f6533c e33a4558
82cfdf2d 288e90a9 00000018 01006640 00010004 00000000 00020004 00000000
333 Nov 22 18:19:15 debug racoon DEBUG: padding len=1 334 Nov 22
18:19:15 debug racoon DEBUG: skip to trim padding. 335 Nov 22
18:19:15 debug racoon DEBUG: decrypted. 336 Nov 22 18:19:15
debug racoon DEBUG: 8232f628 54a87223 42ba8ce8 4010c83c 08100601 89077d41
0000004c 5135081c 383e7c0e 81f6533c e33a4558 82cfdf2d 288e90a9 00000018
01006640 00010004 00000000 00020004 00000000 337 Nov 22 18:19:15
debug racoon DEBUG: MODE_CFG packet 338 Nov 22 18:19:15 debug
racoon DEBUG: 8232f628 54a87223 42ba8ce8 4010c83c 08100601 89077d41
0000004c 5135081c 383e7c0e 81f6533c e33a4558 82cfdf2d 288e90a9 00000018
01006640 00010004 00000000 00020004 00000000 339 Nov 22 18:19:15
info racoon WARNING: Short payload NetONE is (c) 2004-2007 by SYAN
TECH. CO.,LTD. <http://www.syan.com.cn/> All rights reserved. [view
license<https://192.168.20.133:9108/license.php>]
Page Load Time: 3.5480921268463 s
verify_cert off;
log :
Nov 22 18:24:22 info racoon INFO: respond new phase 1 negotiation:
192.168.20.133[500]<=>192.168.20.240[500] 2 Nov 22 18:24:22 info
racoon INFO: begin Aggressive mode. 3 Nov 22 18:24:22 info
racoon INFO:
received Vendor ID: CISCO-UNITY 4 Nov 22 18:24:22 info racoon INFO:
received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 5 Nov 22 18:24:22
info racoon INFO: received Vendor ID: RFC 3947 6 Nov 22 18:24:22
info racoon INFO: received broken Microsoft ID: FRAGMENTATION 7 Nov
22 18:24:22 info racoon INFO: received Vendor ID: DPD 8 Nov 22
18:24:22 info racoon INFO: Selected NAT-T version: RFC 3947 9 Nov
22 18:24:22 info racoon INFO: Adding remote and local NAT-D payloads.
10 Nov 22 18:24:22 info racoon INFO: Hashing 192.168.20.240[500] with
algo #2 11 Nov 22 18:24:22 info racoon INFO: Hashing
192.168.20.133[500] with algo #2 12 Nov 22 18:24:23 info racoon INFO:
NAT not detected 13 Nov 22 18:24:23 info racoon INFO: ISAKMP-SA
established 192.168.20.133[500]-192.168.20.240[500]
spi:14660c5f08d82402:aa7052ec72ccc334 14 Nov 22 18:24:23 info
racoon INFO: Using port 0
and
iptalbes
# Generated by iptables-save v1.3.5 on Wed Nov 22 18:26:27 2006
*tproxy
:PREROUTING ACCEPT [7656:612953]
:OUTPUT ACCEPT [1:73]
COMMIT
# Completed on Wed Nov 22 18:26:27 2006
# Generated by iptables-save v1.3.5 on Wed Nov 22 18:26:27 2006
*raw
:PREROUTING ACCEPT [40176:6334687]
:OUTPUT ACCEPT [38555:7046209]
COMMIT
# Completed on Wed Nov 22 18:26:27 2006
# Generated by iptables-save v1.3.5 on Wed Nov 22 18:26:27 2006
*nat
:PREROUTING ACCEPT [6177:417641]
:POSTROUTING ACCEPT [1:73]
:OUTPUT ACCEPT [1:73]
-A PREROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
-A PREROUTING -i eth0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination
192.168.1.122:80
-A PREROUTING -i eth0 -p tcp -m tcp --dport 22222 -j DNAT --to-destination
192.168.1.2:22
-A PREROUTING -d 192.168.26.0/255.255.255.0 -i eth0 -j NETMAP --to
192.168.2.0/24
-A PREROUTING -d 20.0.0.0/255.255.255.254 -i eth0 -j NETMAP --to 10.0.0.0/31
-A POSTROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
-A POSTROUTING -s 192.168.2.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.2.0/255.255.255.0 -o eth0 -j NETMAP --to
192.168.26.0/24
-A POSTROUTING -s 10.0.0.0/255.255.255.254 -o eth0 -j NETMAP --to
20.0.0.0/31
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Nov 22 18:26:27 2006
# Generated by iptables-save v1.3.5 on Wed Nov 22 18:26:27 2006
*mangle
:PREROUTING ACCEPT [40176:6334687]
:INPUT ACCEPT [40172:6334290]
:FORWARD ACCEPT [4:397]
:OUTPUT ACCEPT [38555:7046209]
:POSTROUTING ACCEPT [38559:7046606]
COMMIT
# Completed on Wed Nov 22 18:26:27 2006
# Generated by iptables-save v1.3.5 on Wed Nov 22 18:26:27 2006
*filter
:INPUT ACCEPT [7654:612811]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1:73]
:ACCEPTLOG - [0:0]
:DROPLOG - [0:0]
:FORWARD_ADV - [0:0]
:FORWARD_DMZ - [0:0]
:FORWARD_USR - [0:0]
:INPUT_ADV - [0:0]
:INPUT_USR - [0:0]
:REJECTLOG - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_ADV
-A INPUT -j INPUT_USR
-A FORWARD -j FORWARD_ADV
-A FORWARD -j FORWARD_USR
-A FORWARD -j FORWARD_DMZ
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ACCEPTLOG -j LOG
-A ACCEPTLOG -j ACCEPT
-A DROPLOG -j LOG
-A DROPLOG -j DROP
-A FORWARD_ADV -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD_DMZ -i eth1 -o eth0 -j ACCEPT
-A FORWARD_DMZ -i eth0 -o eth1 -j ACCEPT
-A FORWARD_DMZ -i eth2 -j ACCEPT
-A FORWARD_DMZ -i eth1 -o eth2 -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A FORWARD_DMZ -i eth0 -o eth2 -m state --state RELATED,ESTABLISHED -j
ACCEPT
-A INPUT_ADV -m state --state RELATED,ESTABLISHED -j ACCEPT
-A REJECTLOG -j LOG
-A REJECTLOG -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Nov 22 18:26:27 2006
eth0 192.168.20.133 eth1 192.168.1.1
ip route
192.168.20.0/24 dev eth0 proto kernel scope link src 192.168.20.133
192.168.2.0/24 dev eth2 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1
and thank you very much
2006/11/23, Matthew Grooms <mgrooms at shrew.net>:
>
> Zhao,
>
> Thanks for trying out the VPN Client. If you see esp packets being
> emitted from the client ( passing both phase1 and phase2 ), it is very
> likely close to working.
>
> To start, it would be a good idea to reconfigure your client address
> range to start with .1 instead of .0 as this can cause problems. I will
> see if I can sneak in an ipsec-tools fix to prevent this from happening
> before we branch for 0.7.
>
> For example ...
>
> mode_cfg {
> pool_size 253;
> network4 192.168.1.1;
> netmask4 255.255.255.0;
> dns4 192.168.20.1;
> auth_source system;
> }
>
> Also, does your debian gateway have selinux or a firewall like iptables
> installed? As for the certificate verification not working, could you
> run racoon with the -d option and forward me the relevant debug output
> regarding this issue.
>
> Thanks,
>
> -Matthew
>
--
Best regards,
Tongyi ,Zhao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20061123/3e592748/attachment-0002.html>
More information about the vpn-help
mailing list