[Vpn-help] Netscreen problem with External Authentication (securid)
Anders Westin
anders_wessa at telia.com
Thu Sep 3 08:56:57 CDT 2009
Problem to Authentication with xauth and netscreen and "External
Authentication"
Netscreen
Hardware Version: 4010(0)
Firmware Version: 5.3.0r1.0 (Firewall+VPN)
Shrew version = 2.1.5-rc-3
Log from Netscreen
2009-09-03 15:48:27 info Rejected an IKE packet on ethernet3 from xxx.
xxx.144.2:500 to xxx.xxx.144.23:500 with cookies 447ad51cfa97cb63 and
3ed0e272b4cc3753 because a Phase 2 packet arrived while XAuth was still
pending.
2009-09-03 15:48:27 info IKE<xxx.xxx.144.2> Phase 1: Completed
Aggressive mode negotiations with a <28800>-second lifetime.
2009-09-03 15:48:27 info IKE<xxx.xxx.144.2> Phase 1: Completed for user
<secureidems at xxxxxxx>.
2009-09-03 15:48:27 info IKE<xxx.xxx.144.2> Phase 1: Responder starts
AGGRESSIVE mode negotiations.
Debug log from Shrew
09/09/03 15:48:05 ## : IKE Daemon, ver 2.1.0
09/09/03 15:48:05 ## : Copyright 2008 Shrew Soft Inc.
09/09/03 15:48:05 ## : This product linked OpenSSL 0.9.8h 28 May 2008
09/09/03 15:48:05 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
09/09/03 15:48:05 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-decrypt.cap'
09/09/03 15:48:05 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-encrypt.cap'
09/09/03 15:48:05 ii : rebuilding vnet device list ...
09/09/03 15:48:05 ii : device ROOT\VNET\0000 disabled
09/09/03 15:48:05 ii : network process thread begin ...
09/09/03 15:48:05 ii : ipc server process thread begin ...
09/09/03 15:48:05 ii : pfkey process thread begin ...
09/09/03 15:48:25 ii : ipc client process thread begin ...
09/09/03 15:48:25 <A : peer config add message
09/09/03 15:48:25 DB : peer added ( obj count = 1 )
09/09/03 15:48:25 ii : local address xxx.xxx.144.2 selected for peer
09/09/03 15:48:25 DB : tunnel added ( obj count = 1 )
09/09/03 15:48:25 <A : proposal config message
09/09/03 15:48:25 <A : proposal config message
09/09/03 15:48:25 <A : client config message
09/09/03 15:48:25 <A : xauth username message
09/09/03 15:48:25 <A : xauth password message
09/09/03 15:48:25 <A : local id 'secureidems at xxxxxxx' message
09/09/03 15:48:25 <A : preshared key message
09/09/03 15:48:25 <A : peer tunnel enable message
09/09/03 15:48:25 DB : new phase1 ( ISAKMP initiator )
09/09/03 15:48:25 DB : exchange type is aggressive
09/09/03 15:48:25 DB : xxx.xxx.144.2:500 <-> xxx.xxx.144.23:500
09/09/03 15:48:25 DB : 447ad51cfa97cb63:0000000000000000
09/09/03 15:48:25 DB : phase1 added ( obj count = 1 )
09/09/03 15:48:25 >> : security association payload
09/09/03 15:48:25 >> : - proposal #1 payload
09/09/03 15:48:25 >> : -- transform #1 payload
09/09/03 15:48:25 >> : -- transform #2 payload
09/09/03 15:48:25 >> : -- transform #3 payload
09/09/03 15:48:25 >> : -- transform #4 payload
09/09/03 15:48:25 >> : -- transform #5 payload
09/09/03 15:48:25 >> : -- transform #6 payload
09/09/03 15:48:25 >> : -- transform #7 payload
09/09/03 15:48:25 >> : -- transform #8 payload
09/09/03 15:48:25 >> : -- transform #9 payload
09/09/03 15:48:25 >> : -- transform #10 payload
09/09/03 15:48:25 >> : -- transform #11 payload
09/09/03 15:48:25 >> : -- transform #12 payload
09/09/03 15:48:25 >> : -- transform #13 payload
09/09/03 15:48:25 >> : -- transform #14 payload
09/09/03 15:48:25 >> : -- transform #15 payload
09/09/03 15:48:25 >> : -- transform #16 payload
09/09/03 15:48:25 >> : -- transform #17 payload
09/09/03 15:48:25 >> : -- transform #18 payload
09/09/03 15:48:25 >> : key exchange payload
09/09/03 15:48:25 >> : nonce payload
09/09/03 15:48:25 >> : identification payload
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local supports XAUTH
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local supports nat-t ( draft v00 )
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local supports nat-t ( draft v01 )
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local supports nat-t ( draft v02 )
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local supports nat-t ( draft v03 )
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local supports nat-t ( rfc )
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local supports FRAGMENTATION
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local supports DPDv1
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local is SHREW SOFT compatible
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local is NETSCREEN compatible
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local is SIDEWINDER compatible
09/09/03 15:48:25 >> : vendor id payload
09/09/03 15:48:25 ii : local is CISCO UNITY compatible
09/09/03 15:48:25 >= : cookies 447ad51cfa97cb63:0000000000000000
09/09/03 15:48:25 >= : message 00000000
09/09/03 15:48:25 -> : send IKE packet xxx.xxx.144.2:500 -> xxx.xxx.
144.23:500 ( 1195 bytes )
09/09/03 15:48:25 DB : phase1 resend event scheduled ( ref count = 2 )
09/09/03 15:48:25 <- : recv IKE packet xxx.xxx.144.23:500 -> xxx.xxx.
144.2:500 ( 432 bytes )
09/09/03 15:48:25 DB : phase1 found
09/09/03 15:48:25 ii : processing phase1 packet ( 432 bytes )
09/09/03 15:48:25 =< : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:25 =< : message 00000000
09/09/03 15:48:25 << : security association payload
09/09/03 15:48:25 << : - propsal #1 payload
09/09/03 15:48:25 << : -- transform #1 payload
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != aes )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != aes )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != aes )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != aes )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != aes )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != aes )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != blowfish )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != blowfish )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != blowfish )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != blowfish )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != blowfish )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : cipher type ( 3des != blowfish )
09/09/03 15:48:25 ii : unmatched isakmp proposal/transform
09/09/03 15:48:25 ii : hash type ( hmac-sha != hmac-md5 )
09/09/03 15:48:25 !! : peer violates RFC, transform number mismatch ( 1
!= 14 )
09/09/03 15:48:25 ii : matched isakmp proposal #1 transform #1
09/09/03 15:48:25 ii : - transform = ike
09/09/03 15:48:25 ii : - cipher type = 3des
09/09/03 15:48:25 ii : - key length = default
09/09/03 15:48:25 ii : - hash type = sha1
09/09/03 15:48:25 ii : - dh group = modp-1024
09/09/03 15:48:25 ii : - auth type = xauth-initiator-psk
09/09/03 15:48:25 ii : - life seconds = 86400
09/09/03 15:48:25 ii : - life kbytes = 0
09/09/03 15:48:25 << : vendor id payload
09/09/03 15:48:25 ii : unknown vendor id ( 28 bytes )
09/09/03 15:48:25 0x : 166f932d 55eb64d8 e4df4fd3 7e2313f0 d0fd8451
00000000 00000000
09/09/03 15:48:25 << : vendor id payload
09/09/03 15:48:25 ii : peer supports XAUTH
09/09/03 15:48:25 << : vendor id payload
09/09/03 15:48:25 ii : peer supports DPDv1
09/09/03 15:48:25 << : vendor id payload
09/09/03 15:48:25 ii : peer supports HEARTBEAT-NOTIFY
09/09/03 15:48:25 << : key exchange payload
09/09/03 15:48:25 << : nonce payload
09/09/03 15:48:25 << : identification payload
09/09/03 15:48:25 ii : phase1 id target is any
09/09/03 15:48:25 ii : phase1 id match
09/09/03 15:48:25 ii : received = ipv4-host xxx.xxx.144.23
09/09/03 15:48:25 << : hash payload
09/09/03 15:48:25 << : vendor id payload
09/09/03 15:48:25 ii : peer supports nat-t ( draft v02 )
09/09/03 15:48:25 << : nat discovery payload
09/09/03 15:48:25 << : nat discovery payload
09/09/03 15:48:25 ii : disabled nat-t ( no nat detected )
09/09/03 15:48:26 == : DH shared secret ( 128 bytes )
09/09/03 15:48:26 == : SETKEYID ( 20 bytes )
09/09/03 15:48:26 == : SETKEYID_d ( 20 bytes )
09/09/03 15:48:26 == : SETKEYID_a ( 20 bytes )
09/09/03 15:48:26 == : SETKEYID_e ( 20 bytes )
09/09/03 15:48:26 == : cipher key ( 40 bytes )
09/09/03 15:48:26 == : cipher iv ( 8 bytes )
09/09/03 15:48:26 == : phase1 hash_i ( computed ) ( 20 bytes )
09/09/03 15:48:26 >> : hash payload
09/09/03 15:48:26 >> : nat discovery payload
09/09/03 15:48:26 >> : nat discovery payload
09/09/03 15:48:26 >= : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 >= : message 00000000
09/09/03 15:48:26 >= : encrypt iv ( 8 bytes )
09/09/03 15:48:26 == : encrypt packet ( 100 bytes )
09/09/03 15:48:26 == : stored iv ( 8 bytes )
09/09/03 15:48:26 DB : phase1 resend event canceled ( ref count = 1 )
09/09/03 15:48:26 -> : send IKE packet xxx.xxx.144.2:500 -> xxx.xxx.
144.23:500 ( 128 bytes )
09/09/03 15:48:26 == : phase1 hash_r ( computed ) ( 20 bytes )
09/09/03 15:48:26 == : phase1 hash_r ( received ) ( 20 bytes )
09/09/03 15:48:26 ii : phase1 sa established
09/09/03 15:48:26 ii : xxx.xxx.144.23:500 <-> xxx.xxx.144.2:500
09/09/03 15:48:26 ii : 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 ii : sending peer INITIAL-CONTACT notification
09/09/03 15:48:26 ii : - xxx.xxx.144.2:500 -> xxx.xxx.144.23:500
09/09/03 15:48:26 ii : - isakmp spi = 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 ii : - data size 0
09/09/03 15:48:26 >> : hash payload
09/09/03 15:48:26 >> : notification payload
09/09/03 15:48:26 == : new informational hash ( 20 bytes )
09/09/03 15:48:26 == : new informational iv ( 8 bytes )
09/09/03 15:48:26 >= : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 >= : message 4d40f507
09/09/03 15:48:26 >= : encrypt iv ( 8 bytes )
09/09/03 15:48:26 == : encrypt packet ( 80 bytes )
09/09/03 15:48:26 == : stored iv ( 8 bytes )
09/09/03 15:48:26 -> : send IKE packet xxx.xxx.144.2:500 -> xxx.xxx.
144.23:500 ( 112 bytes )
09/09/03 15:48:26 DB : phase2 not found
09/09/03 15:48:26 <- : recv IKE packet xxx.xxx.144.23:500 -> xxx.xxx.
144.2:500 ( 76 bytes )
09/09/03 15:48:26 DB : phase1 found
09/09/03 15:48:26 ii : processing config packet ( 76 bytes )
09/09/03 15:48:26 DB : config not found
09/09/03 15:48:26 DB : config added ( obj count = 1 )
09/09/03 15:48:26 == : new config iv ( 8 bytes )
09/09/03 15:48:26 =< : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 =< : message ab0fe761
09/09/03 15:48:26 =< : decrypt iv ( 8 bytes )
09/09/03 15:48:26 == : decrypt packet ( 76 bytes )
09/09/03 15:48:26 <= : trimmed packet padding ( 4 bytes )
09/09/03 15:48:26 <= : stored iv ( 8 bytes )
09/09/03 15:48:26 << : hash payload
09/09/03 15:48:26 << : attribute payload
09/09/03 15:48:26 == : configure hash_i ( computed ) ( 20 bytes )
09/09/03 15:48:26 == : configure hash_c ( computed ) ( 20 bytes )
09/09/03 15:48:26 ii : configure hash verified
09/09/03 15:48:26 !! : warning, unhandled xauth attribute 16523
09/09/03 15:48:26 ii : received xauth request -
09/09/03 15:48:26 ii : added standard xauth username attribute
09/09/03 15:48:26 ii : sending xauth response for a
09/09/03 15:48:26 >> : hash payload
09/09/03 15:48:26 >> : attribute payload
09/09/03 15:48:26 == : new configure hash ( 20 bytes )
09/09/03 15:48:26 >= : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 >= : message ab0fe761
09/09/03 15:48:26 >= : encrypt iv ( 8 bytes )
09/09/03 15:48:26 == : encrypt packet ( 69 bytes )
09/09/03 15:48:26 == : stored iv ( 8 bytes )
09/09/03 15:48:26 -> : send IKE packet xxx.xxx.144.2:500 -> xxx.xxx.
144.23:500 ( 104 bytes )
09/09/03 15:48:26 DB : config resend event scheduled ( ref count = 2 )
09/09/03 15:48:26 <- : recv IKE packet xxx.xxx.144.23:500 -> xxx.xxx.
144.2:500 ( 76 bytes )
09/09/03 15:48:26 DB : phase1 found
09/09/03 15:48:26 ii : processing config packet ( 76 bytes )
09/09/03 15:48:26 DB : config found
09/09/03 15:48:26 == : new config iv ( 8 bytes )
09/09/03 15:48:26 =< : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 =< : message c49e1de2
09/09/03 15:48:26 =< : decrypt iv ( 8 bytes )
09/09/03 15:48:26 == : decrypt packet ( 76 bytes )
09/09/03 15:48:26 <= : trimmed packet padding ( 4 bytes )
09/09/03 15:48:26 <= : stored iv ( 8 bytes )
09/09/03 15:48:26 << : hash payload
09/09/03 15:48:26 << : attribute payload
09/09/03 15:48:26 == : configure hash_i ( computed ) ( 20 bytes )
09/09/03 15:48:26 == : configure hash_c ( computed ) ( 20 bytes )
09/09/03 15:48:26 ii : configure hash verified
09/09/03 15:48:26 !! : warning, unhandled xauth attribute 16523
09/09/03 15:48:26 ii : received xauth request -
09/09/03 15:48:26 ii : sending xauth response for a
09/09/03 15:48:26 >> : hash payload
09/09/03 15:48:26 >> : attribute payload
09/09/03 15:48:26 == : new configure hash ( 20 bytes )
09/09/03 15:48:26 >= : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 >= : message c49e1de2
09/09/03 15:48:26 >= : encrypt iv ( 8 bytes )
09/09/03 15:48:26 == : encrypt packet ( 64 bytes )
09/09/03 15:48:26 == : stored iv ( 8 bytes )
09/09/03 15:48:26 DB : config resend event canceled ( ref count = 1 )
09/09/03 15:48:26 -> : send IKE packet xxx.xxx.144.2:500 -> xxx.xxx.
144.23:500 ( 96 bytes )
09/09/03 15:48:26 DB : config resend event scheduled ( ref count = 2 )
09/09/03 15:48:26 <- : recv IKE packet xxx.xxx.144.23:500 -> xxx.xxx.
144.2:500 ( 76 bytes )
09/09/03 15:48:26 DB : phase1 found
09/09/03 15:48:26 ii : processing config packet ( 76 bytes )
09/09/03 15:48:26 DB : config found
09/09/03 15:48:26 == : new config iv ( 8 bytes )
09/09/03 15:48:26 =< : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 =< : message 65ccf170
09/09/03 15:48:26 =< : decrypt iv ( 8 bytes )
09/09/03 15:48:26 == : decrypt packet ( 76 bytes )
09/09/03 15:48:26 <= : trimmed packet padding ( 4 bytes )
09/09/03 15:48:26 <= : stored iv ( 8 bytes )
09/09/03 15:48:26 << : hash payload
09/09/03 15:48:26 << : attribute payload
09/09/03 15:48:26 == : configure hash_i ( computed ) ( 20 bytes )
09/09/03 15:48:26 == : configure hash_c ( computed ) ( 20 bytes )
09/09/03 15:48:26 ii : configure hash verified
09/09/03 15:48:26 !! : warning, unhandled xauth attribute 16523
09/09/03 15:48:26 ii : received xauth request -
09/09/03 15:48:26 ii : sending xauth response for a
09/09/03 15:48:26 >> : hash payload
09/09/03 15:48:26 >> : attribute payload
09/09/03 15:48:26 == : new configure hash ( 20 bytes )
09/09/03 15:48:26 >= : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 >= : message 65ccf170
09/09/03 15:48:26 >= : encrypt iv ( 8 bytes )
09/09/03 15:48:26 == : encrypt packet ( 64 bytes )
09/09/03 15:48:26 == : stored iv ( 8 bytes )
09/09/03 15:48:26 DB : config resend event canceled ( ref count = 1 )
09/09/03 15:48:26 -> : send IKE packet xxx.xxx.144.2:500 -> xxx.xxx.
144.23:500 ( 96 bytes )
09/09/03 15:48:26 DB : config resend event scheduled ( ref count = 2 )
09/09/03 15:48:26 <- : recv IKE packet xxx.xxx.144.23:500 -> xxx.xxx.
144.2:500 ( 76 bytes )
09/09/03 15:48:26 DB : phase1 found
09/09/03 15:48:26 ii : processing config packet ( 76 bytes )
09/09/03 15:48:26 DB : config found
09/09/03 15:48:26 == : new config iv ( 8 bytes )
09/09/03 15:48:26 =< : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 =< : message 972b86b7
09/09/03 15:48:26 =< : decrypt iv ( 8 bytes )
09/09/03 15:48:26 == : decrypt packet ( 76 bytes )
09/09/03 15:48:26 <= : trimmed packet padding ( 4 bytes )
09/09/03 15:48:26 <= : stored iv ( 8 bytes )
09/09/03 15:48:26 << : hash payload
09/09/03 15:48:26 << : attribute payload
09/09/03 15:48:26 == : configure hash_i ( computed ) ( 20 bytes )
09/09/03 15:48:26 == : configure hash_c ( computed ) ( 20 bytes )
09/09/03 15:48:26 ii : configure hash verified
09/09/03 15:48:26 !! : warning, unhandled xauth attribute 16523
09/09/03 15:48:26 ii : received xauth request -
09/09/03 15:48:26 ii : sending xauth response for a
09/09/03 15:48:26 >> : hash payload
09/09/03 15:48:26 >> : attribute payload
09/09/03 15:48:26 == : new configure hash ( 20 bytes )
09/09/03 15:48:26 >= : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 >= : message 972b86b7
09/09/03 15:48:26 >= : encrypt iv ( 8 bytes )
09/09/03 15:48:26 == : encrypt packet ( 64 bytes )
09/09/03 15:48:26 == : stored iv ( 8 bytes )
09/09/03 15:48:26 DB : config resend event canceled ( ref count = 1 )
09/09/03 15:48:26 -> : send IKE packet xxx.xxx.144.2:500 -> xxx.xxx.
144.23:500 ( 96 bytes )
09/09/03 15:48:26 DB : config resend event scheduled ( ref count = 2 )
09/09/03 15:48:26 <- : recv IKE packet xxx.xxx.144.23:500 -> xxx.xxx.
144.2:500 ( 76 bytes )
09/09/03 15:48:26 DB : phase1 found
09/09/03 15:48:26 ii : processing config packet ( 76 bytes )
09/09/03 15:48:26 DB : config found
09/09/03 15:48:26 == : new config iv ( 8 bytes )
09/09/03 15:48:26 =< : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 =< : message 766d34c4
09/09/03 15:48:26 =< : decrypt iv ( 8 bytes )
09/09/03 15:48:26 == : decrypt packet ( 76 bytes )
09/09/03 15:48:26 <= : trimmed packet padding ( 4 bytes )
09/09/03 15:48:26 <= : stored iv ( 8 bytes )
09/09/03 15:48:26 << : hash payload
09/09/03 15:48:26 << : attribute payload
09/09/03 15:48:26 == : configure hash_i ( computed ) ( 20 bytes )
09/09/03 15:48:26 == : configure hash_c ( computed ) ( 20 bytes )
09/09/03 15:48:26 ii : configure hash verified
09/09/03 15:48:26 !! : warning, unhandled xauth attribute 16523
09/09/03 15:48:26 ii : received xauth request -
09/09/03 15:48:26 ii : sending xauth response for a
09/09/03 15:48:26 >> : hash payload
09/09/03 15:48:26 >> : attribute payload
09/09/03 15:48:26 == : new configure hash ( 20 bytes )
09/09/03 15:48:26 >= : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 >= : message 766d34c4
09/09/03 15:48:26 >= : encrypt iv ( 8 bytes )
09/09/03 15:48:26 == : encrypt packet ( 64 bytes )
09/09/03 15:48:26 == : stored iv ( 8 bytes )
09/09/03 15:48:26 DB : config resend event canceled ( ref count = 1 )
09/09/03 15:48:26 -> : send IKE packet xxx.xxx.144.2:500 -> xxx.xxx.
144.23:500 ( 96 bytes )
09/09/03 15:48:26 DB : config resend event scheduled ( ref count = 2 )
09/09/03 15:48:26 <- : recv IKE packet xxx.xxx.144.23:500 -> xxx.xxx.
144.2:500 ( 68 bytes )
09/09/03 15:48:26 DB : phase1 found
09/09/03 15:48:26 ii : processing config packet ( 68 bytes )
09/09/03 15:48:26 DB : config found
09/09/03 15:48:26 == : new config iv ( 8 bytes )
09/09/03 15:48:26 =< : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 =< : message 7ef095ed
09/09/03 15:48:26 =< : decrypt iv ( 8 bytes )
09/09/03 15:48:26 == : decrypt packet ( 68 bytes )
09/09/03 15:48:26 <= : trimmed packet padding ( 4 bytes )
09/09/03 15:48:26 <= : stored iv ( 8 bytes )
09/09/03 15:48:26 << : hash payload
09/09/03 15:48:26 << : attribute payload
09/09/03 15:48:26 == : configure hash_i ( computed ) ( 20 bytes )
09/09/03 15:48:26 == : configure hash_c ( computed ) ( 20 bytes )
09/09/03 15:48:26 ii : configure hash verified
09/09/03 15:48:26 ii : received xauth result -
09/09/03 15:48:26 !! : user a authentication failed
09/09/03 15:48:26 DB : phase1 soft event canceled ( ref count = 3 )
09/09/03 15:48:26 DB : phase1 hard event canceled ( ref count = 2 )
09/09/03 15:48:26 DB : phase1 dead event canceled ( ref count = 1 )
09/09/03 15:48:26 ii : sending peer DELETE message
09/09/03 15:48:26 ii : - xxx.xxx.144.2:500 -> xxx.xxx.144.23:500
09/09/03 15:48:26 ii : - isakmp spi = 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 ii : - data size 0
09/09/03 15:48:26 >> : hash payload
09/09/03 15:48:26 >> : delete payload
09/09/03 15:48:26 == : new informational hash ( 20 bytes )
09/09/03 15:48:26 == : new informational iv ( 8 bytes )
09/09/03 15:48:26 >= : cookies 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 >= : message 71a3f6ae
09/09/03 15:48:26 >= : encrypt iv ( 8 bytes )
09/09/03 15:48:26 == : encrypt packet ( 80 bytes )
09/09/03 15:48:26 == : stored iv ( 8 bytes )
09/09/03 15:48:26 -> : send IKE packet xxx.xxx.144.2:500 -> xxx.xxx.
144.23:500 ( 112 bytes )
09/09/03 15:48:26 DB : config resend event canceled ( ref count = 1 )
09/09/03 15:48:26 DB : config deleted ( obj count = 0 )
09/09/03 15:48:26 ii : phase1 removal before expire time
09/09/03 15:48:26 DB : phase1 deleted ( obj count = 0 )
09/09/03 15:48:26 <- : recv IKE packet xxx.xxx.144.23:500 -> xxx.xxx.
144.2:500 ( 84 bytes )
09/09/03 15:48:26 DB : phase1 not found
09/09/03 15:48:26 ww : ike packet from xxx.xxx.144.23 ignored, unknown
phase1 sa for peer
09/09/03 15:48:26 ww : 447ad51cfa97cb63:3ed0e272b4cc3753
09/09/03 15:48:26 DB : tunnel dpd event canceled ( ref count = 2 )
09/09/03 15:48:26 DB : tunnel stats event canceled ( ref count = 1 )
09/09/03 15:48:26 DB : removing tunnel config references
09/09/03 15:48:26 DB : removing tunnel phase2 references
09/09/03 15:48:26 DB : removing tunnel phase1 references
09/09/03 15:48:26 DB : tunnel deleted ( obj count = 0 )
09/09/03 15:48:26 DB : removing all peer tunnel refrences
09/09/03 15:48:26 DB : peer deleted ( obj count = 0 )
09/09/03 15:48:26 ii : ipc client process thread exit ...
09/09/03 15:49:28 ii : halt signal received, shutting down
09/09/03 15:49:28 ii : pfkey process thread exit ...
09/09/03 15:49:28 ii : ipc server process thread exit ...
More information about the vpn-help
mailing list