[vpn-help] Bug with 2.2 Beta 1

Noach Sumner nsumner at compu-skill.com
Fri May 6 03:35:20 CDT 2011 

When connecting and receiving an IP via DHCP it fails everytime. Here are
the logs. It seems if I downgrade it doesn't fix the problem but upgrading
breaks it.

11/03/02 08:33:29 ## : IKE Daemon, ver 2.2.0
11/03/02 08:33:29 ## : Copyright 2009 Shrew Soft Inc.
11/03/02 08:33:29 ## : This product linked OpenSSL 0.9.8h 28 May 2008
11/03/02 10:33:16 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
11/03/02 10:33:16 ii : rebuilding vnet device list ...
11/03/02 10:33:16 ii : device ROOT\VNET\0000 disabled
11/03/02 10:33:16 ii : network process thread begin ...
11/03/02 10:33:16 ii : pfkey process thread begin ...
11/03/02 10:33:16 ii : ipc server process thread begin ...
11/03/02 10:33:34 ii : ipc client process thread begin ...
11/03/02 10:33:34 <A : peer config add message
11/03/02 10:33:34 <A : proposal config message
11/03/02 10:33:34 <A : proposal config message
11/03/02 10:33:34 <A : proposal config message
11/03/02 10:33:34 <A : client config message
11/03/02 10:33:34 <A : xauth username message
11/03/02 10:33:34 <A : xauth password message
11/03/02 10:33:34 <A : local id 'noach.nbn.org.il' message
11/03/02 10:33:34 <A : remote id 'sslvpn.nbn.org.il' message
11/03/02 10:33:34 <A : preshared key message
11/03/02 10:33:34 <A : remote resource message
11/03/02 10:33:34 <A : remote resource message
11/03/02 10:33:34 <A : peer tunnel enable message
11/03/02 10:33:34 DB : peer added ( obj count = 1 )
11/03/02 10:33:34 ii : local address 192.168.17.11 selected for peer
11/03/02 10:33:34 DB : tunnel added ( obj count = 1 )
11/03/02 10:33:34 DB : new phase1 ( ISAKMP initiator )
11/03/02 10:33:34 DB : exchange type is aggressive
11/03/02 10:33:34 DB : 192.168.17.11:500 <-> 91.220.22.1:500
11/03/02 10:33:34 DB : 17e8a2d0eb223d05:0000000000000000
11/03/02 10:33:34 DB : phase1 added ( obj count = 1 )
11/03/02 10:33:34 >> : security association payload
11/03/02 10:33:34 >> : - proposal #1 payload
11/03/02 10:33:34 >> : -- transform #1 payload
11/03/02 10:33:34 >> : -- transform #2 payload
11/03/02 10:33:34 >> : -- transform #3 payload
11/03/02 10:33:34 >> : -- transform #4 payload
11/03/02 10:33:34 >> : -- transform #5 payload
11/03/02 10:33:34 >> : -- transform #6 payload
11/03/02 10:33:34 >> : -- transform #7 payload
11/03/02 10:33:34 >> : -- transform #8 payload
11/03/02 10:33:34 >> : -- transform #9 payload
11/03/02 10:33:34 >> : -- transform #10 payload
11/03/02 10:33:34 >> : -- transform #11 payload
11/03/02 10:33:34 >> : -- transform #12 payload
11/03/02 10:33:34 >> : -- transform #13 payload
11/03/02 10:33:34 >> : -- transform #14 payload
11/03/02 10:33:34 >> : -- transform #15 payload
11/03/02 10:33:34 >> : -- transform #16 payload
11/03/02 10:33:34 >> : -- transform #17 payload
11/03/02 10:33:34 >> : -- transform #18 payload
11/03/02 10:33:34 >> : key exchange payload
11/03/02 10:33:34 >> : nonce payload
11/03/02 10:33:34 >> : identification payload
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local supports XAUTH
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local supports nat-t ( draft v00 )
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local supports nat-t ( draft v01 )
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local supports nat-t ( draft v02 )
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local supports nat-t ( draft v03 )
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local supports nat-t ( rfc )
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local supports FRAGMENTATION
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local supports DPDv1
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local is SHREW SOFT compatible
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local is NETSCREEN compatible
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local is SIDEWINDER compatible
11/03/02 10:33:34 >> : vendor id payload
11/03/02 10:33:34 ii : local is CISCO UNITY compatible
11/03/02 10:33:34 >= : cookies 17e8a2d0eb223d05:0000000000000000
11/03/02 10:33:34 >= : message 00000000
11/03/02 10:33:34 -> : send IKE packet 192.168.17.11:500 ->
91.220.22.1:500( 1276 bytes )
11/03/02 10:33:34 DB : phase1 resend event scheduled ( ref count = 2 )
11/03/02 10:33:34 <- : recv IKE packet 91.220.22.1:500 ->
192.168.17.11:500( 441 bytes )
11/03/02 10:33:34 DB : phase1 found
11/03/02 10:33:34 ii : processing phase1 packet ( 441 bytes )
11/03/02 10:33:34 =< : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:34 =< : message 00000000
11/03/02 10:33:34 << : security association payload
11/03/02 10:33:34 << : - propsal #1 payload
11/03/02 10:33:34 << : -- transform #5 payload
11/03/02 10:33:34 ii : unmatched isakmp proposal/transform
11/03/02 10:33:34 ii : key length ( 128 != 256 )
11/03/02 10:33:34 ii : unmatched isakmp proposal/transform
11/03/02 10:33:34 ii : key length ( 128 != 256 )
11/03/02 10:33:34 ii : unmatched isakmp proposal/transform
11/03/02 10:33:34 ii : key length ( 128 != 192 )
11/03/02 10:33:34 ii : unmatched isakmp proposal/transform
11/03/02 10:33:34 ii : key length ( 128 != 192 )
11/03/02 10:33:34 ii : matched isakmp proposal #1 transform #5
11/03/02 10:33:34 ii : - transform    = ike
11/03/02 10:33:34 ii : - cipher type  = aes
11/03/02 10:33:34 ii : - key length   = 128 bits
11/03/02 10:33:34 ii : - hash type    = md5
11/03/02 10:33:34 ii : - dh group     = group5 ( modp-1536 )
11/03/02 10:33:34 ii : - auth type    = xauth-initiator-psk
11/03/02 10:33:34 ii : - life seconds = 28800
11/03/02 10:33:34 ii : - life kbytes  = 0
11/03/02 10:33:34 << : key exchange payload
11/03/02 10:33:34 << : nonce payload
11/03/02 10:33:34 << : identification payload
11/03/02 10:33:34 ii : phase1 id match
11/03/02 10:33:34 ii : received = fqdn sslvpn.nbn.org.il
11/03/02 10:33:34 << : hash payload
11/03/02 10:33:34 << : vendor id payload
11/03/02 10:33:34 ii : peer supports nat-t ( rfc )
11/03/02 10:33:34 << : nat discovery payload
11/03/02 10:33:34 << : nat discovery payload
11/03/02 10:33:34 << : vendor id payload
11/03/02 10:33:34 ii : peer supports DPDv1
11/03/02 10:33:34 << : vendor id payload
11/03/02 10:33:34 ii : peer supports XAUTH
11/03/02 10:33:34 ii : nat discovery - local address is translated
11/03/02 10:33:34 ii : switching to src nat-t udp port 4500
11/03/02 10:33:34 ii : switching to dst nat-t udp port 4500
11/03/02 10:33:34 == : DH shared secret ( 192 bytes )
11/03/02 10:33:34 == : SETKEYID ( 16 bytes )
11/03/02 10:33:34 == : SETKEYID_d ( 16 bytes )
11/03/02 10:33:34 == : SETKEYID_a ( 16 bytes )
11/03/02 10:33:34 == : SETKEYID_e ( 16 bytes )
11/03/02 10:33:34 == : cipher key ( 16 bytes )
11/03/02 10:33:34 == : cipher iv ( 16 bytes )
11/03/02 10:33:34 == : phase1 hash_i ( computed ) ( 16 bytes )
11/03/02 10:33:34 >> : hash payload
11/03/02 10:33:34 >> : nat discovery payload
11/03/02 10:33:34 >> : nat discovery payload
11/03/02 10:33:34 >= : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:34 >= : message 00000000
11/03/02 10:33:34 >= : encrypt iv ( 16 bytes )
11/03/02 10:33:34 == : encrypt packet ( 88 bytes )
11/03/02 10:33:34 == : stored iv ( 16 bytes )
11/03/02 10:33:34 DB : phase1 resend event canceled ( ref count = 1 )
11/03/02 10:33:34 -> : send NAT-T:IKE packet 192.168.17.11:4500 ->
91.220.22.1:4500 ( 124 bytes )
11/03/02 10:33:34 == : phase1 hash_r ( computed ) ( 16 bytes )
11/03/02 10:33:34 == : phase1 hash_r ( received ) ( 16 bytes )
11/03/02 10:33:34 ii : phase1 sa established
11/03/02 10:33:34 ii : 91.220.22.1:4500 <-> 192.168.17.11:4500
11/03/02 10:33:34 ii : 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:34 ii : sending peer INITIAL-CONTACT notification
11/03/02 10:33:34 ii : - 192.168.17.11:4500 -> 91.220.22.1:4500
11/03/02 10:33:34 ii : - isakmp spi = 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:34 ii : - data size 0
11/03/02 10:33:34 >> : hash payload
11/03/02 10:33:34 >> : notification payload
11/03/02 10:33:34 == : new informational hash ( 16 bytes )
11/03/02 10:33:34 == : new informational iv ( 16 bytes )
11/03/02 10:33:34 >= : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:34 >= : message cb257f56
11/03/02 10:33:34 >= : encrypt iv ( 16 bytes )
11/03/02 10:33:34 == : encrypt packet ( 76 bytes )
11/03/02 10:33:34 == : stored iv ( 16 bytes )
11/03/02 10:33:34 -> : send NAT-T:IKE packet 192.168.17.11:4500 ->
91.220.22.1:4500 ( 108 bytes )
11/03/02 10:33:34 DB : phase2 not found
11/03/02 10:33:34 <- : recv NAT-T:IKE packet 91.220.22.1:4500 ->
192.168.17.11:4500 ( 76 bytes )
11/03/02 10:33:34 DB : phase1 found
11/03/02 10:33:34 ii : processing config packet ( 76 bytes )
11/03/02 10:33:34 DB : config not found
11/03/02 10:33:34 DB : config added ( obj count = 1 )
11/03/02 10:33:34 == : new config iv ( 16 bytes )
11/03/02 10:33:34 =< : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:34 =< : message 8d61cd4d
11/03/02 10:33:34 =< : decrypt iv ( 16 bytes )
11/03/02 10:33:34 == : decrypt packet ( 76 bytes )
11/03/02 10:33:34 <= : trimmed packet padding ( 8 bytes )
11/03/02 10:33:34 <= : stored iv ( 16 bytes )
11/03/02 10:33:34 << : hash payload
11/03/02 10:33:34 << : attribute payload
11/03/02 10:33:34 == : configure hash_i ( computed ) ( 16 bytes )
11/03/02 10:33:34 == : configure hash_c ( computed ) ( 16 bytes )
11/03/02 10:33:34 ii : configure hash verified
11/03/02 10:33:34 ii : - xauth authentication type
11/03/02 10:33:34 ii : - xauth username
11/03/02 10:33:34 ii : - xauth password
11/03/02 10:33:34 ii : received basic xauth request -
11/03/02 10:33:34 ii : - standard xauth username
11/03/02 10:33:34 ii : - standard xauth password
11/03/02 10:33:34 ii : sending xauth response for nsumner99
11/03/02 10:33:34 >> : hash payload
11/03/02 10:33:34 >> : attribute payload
11/03/02 10:33:34 == : new configure hash ( 16 bytes )
11/03/02 10:33:34 >= : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:34 >= : message 8d61cd4d
11/03/02 10:33:34 >= : encrypt iv ( 16 bytes )
11/03/02 10:33:34 == : encrypt packet ( 90 bytes )
11/03/02 10:33:34 == : stored iv ( 16 bytes )
11/03/02 10:33:34 -> : send NAT-T:IKE packet 192.168.17.11:4500 ->
91.220.22.1:4500 ( 124 bytes )
11/03/02 10:33:34 DB : config resend event scheduled ( ref count = 2 )
11/03/02 10:33:36 <- : recv NAT-T:IKE packet 91.220.22.1:4500 ->
192.168.17.11:4500 ( 76 bytes )
11/03/02 10:33:36 DB : phase1 found
11/03/02 10:33:36 ii : processing config packet ( 76 bytes )
11/03/02 10:33:36 DB : config found
11/03/02 10:33:36 =< : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:36 =< : message 8d61cd4d
11/03/02 10:33:36 =< : decrypt iv ( 16 bytes )
11/03/02 10:33:36 == : decrypt packet ( 76 bytes )
11/03/02 10:33:36 !! : validate packet failed ( reserved value is non-null )
11/03/02 10:33:36 !! : config packet ignored ( packet decryption error )
11/03/02 10:33:39 <- : recv NAT-T:IKE packet 91.220.22.1:4500 ->
192.168.17.11:4500 ( 92 bytes )
11/03/02 10:33:39 DB : phase1 found
11/03/02 10:33:39 ii : processing informational packet ( 92 bytes )
11/03/02 10:33:39 == : new informational iv ( 16 bytes )
11/03/02 10:33:39 =< : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:39 =< : message 1d588d5e
11/03/02 10:33:39 =< : decrypt iv ( 16 bytes )
11/03/02 10:33:39 == : decrypt packet ( 92 bytes )
11/03/02 10:33:39 <= : trimmed packet padding ( 12 bytes )
11/03/02 10:33:39 <= : stored iv ( 16 bytes )
11/03/02 10:33:39 << : hash payload
11/03/02 10:33:39 << : notification payload
11/03/02 10:33:39 == : informational hash_i ( computed ) ( 16 bytes )
11/03/02 10:33:39 == : informational hash_c ( received ) ( 16 bytes )
11/03/02 10:33:39 ii : informational hash verified
11/03/02 10:33:39 ii : received peer DPDV1-R-U-THERE notification
11/03/02 10:33:39 ii : - 91.220.22.1:4500 -> 192.168.17.11:4500
11/03/02 10:33:39 ii : - isakmp spi = 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:39 ii : - data size 4
11/03/02 10:33:39 ii : sending peer DPDV1-R-U-THERE-ACK notification
11/03/02 10:33:39 ii : - 192.168.17.11:4500 -> 91.220.22.1:4500
11/03/02 10:33:39 ii : - isakmp spi = 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:39 ii : - data size 4
11/03/02 10:33:39 >> : hash payload
11/03/02 10:33:39 >> : notification payload
11/03/02 10:33:39 == : new informational hash ( 16 bytes )
11/03/02 10:33:39 == : new informational iv ( 16 bytes )
11/03/02 10:33:39 >= : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:39 >= : message 816f7bdf
11/03/02 10:33:39 >= : encrypt iv ( 16 bytes )
11/03/02 10:33:39 == : encrypt packet ( 80 bytes )
11/03/02 10:33:39 == : stored iv ( 16 bytes )
11/03/02 10:33:39 -> : send NAT-T:IKE packet 192.168.17.11:4500 ->
91.220.22.1:4500 ( 124 bytes )
11/03/02 10:33:39 ii : DPD ARE-YOU-THERE sequence 00000001 returned
11/03/02 10:33:39 -> : resend 1 config packet(s) [0/2] 192.168.17.11:4500 ->
91.220.22.1:4500
11/03/02 10:33:40 <- : recv NAT-T:IKE packet 91.220.22.1:4500 ->
192.168.17.11:4500 ( 76 bytes )
11/03/02 10:33:40 DB : phase1 found
11/03/02 10:33:40 ii : processing config packet ( 76 bytes )
11/03/02 10:33:40 DB : config found
11/03/02 10:33:40 == : new config iv ( 16 bytes )
11/03/02 10:33:40 =< : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:40 =< : message 6d1ec2af
11/03/02 10:33:40 =< : decrypt iv ( 16 bytes )
11/03/02 10:33:40 == : decrypt packet ( 76 bytes )
11/03/02 10:33:40 <= : trimmed packet padding ( 16 bytes )
11/03/02 10:33:40 <= : stored iv ( 16 bytes )
11/03/02 10:33:40 << : hash payload
11/03/02 10:33:40 << : attribute payload
11/03/02 10:33:40 == : configure hash_i ( computed ) ( 16 bytes )
11/03/02 10:33:40 == : configure hash_c ( computed ) ( 16 bytes )
11/03/02 10:33:40 ii : configure hash verified
11/03/02 10:33:40 ii : received xauth result -
11/03/02 10:33:40 ii : user nsumner99 authentication succeeded
11/03/02 10:33:40 ii : sending xauth acknowledge
11/03/02 10:33:40 >> : hash payload
11/03/02 10:33:40 >> : attribute payload
11/03/02 10:33:40 == : new configure hash ( 16 bytes )
11/03/02 10:33:40 >= : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:40 >= : message 6d1ec2af
11/03/02 10:33:40 >= : encrypt iv ( 16 bytes )
11/03/02 10:33:40 == : encrypt packet ( 56 bytes )
11/03/02 10:33:40 == : stored iv ( 16 bytes )
11/03/02 10:33:40 DB : config resend event canceled ( ref count = 1 )
11/03/02 10:33:40 -> : send NAT-T:IKE packet 192.168.17.11:4500 ->
91.220.22.1:4500 ( 92 bytes )
11/03/02 10:33:40 DB : config resend event scheduled ( ref count = 2 )
11/03/02 10:33:40 ii : configuration method is DHCP over IPsec
11/03/02 10:33:40 ii : setup DHCP socket for address 192.168.17.11
11/03/02 10:33:40 ii : creating IPsec over DHCP policies
11/03/02 10:33:40 ii : creating IPSEC INBOUND policy UDP:91.220.22.1:67 ->
UDP:192.168.17.11:67
11/03/02 10:33:40 DB : policy added ( obj count = 1 )
11/03/02 10:33:40 K> : send pfkey X_SPDADD UNSPEC message
11/03/02 10:33:40 K< : recv pfkey X_SPDADD UNSPEC message
11/03/02 10:33:40 DB : policy found
11/03/02 10:33:40 ii : creating IPSEC OUTBOUND policy
UDP:192.168.17.11:67-> UDP:
91.220.22.1:67
11/03/02 10:33:40 DB : policy added ( obj count = 2 )
11/03/02 10:33:40 K> : send pfkey X_SPDADD UNSPEC message
11/03/02 10:33:40 DB : config resend event canceled ( ref count = 1 )
11/03/02 10:33:40 K< : recv pfkey X_SPDADD UNSPEC message
11/03/02 10:33:40 DB : policy found
11/03/02 10:33:41 ii : sending DHCP over IPsec discover
11/03/02 10:33:41 K< : recv pfkey ACQUIRE UNSPEC message
11/03/02 10:33:41 DB : policy found
11/03/02 10:33:41 DB : policy found
11/03/02 10:33:41 DB : tunnel found
11/03/02 10:33:41 DB : new phase2 ( IPSEC initiator )
11/03/02 10:33:41 DB : phase2 added ( obj count = 1 )
11/03/02 10:33:41 K> : send pfkey GETSPI ESP message
11/03/02 10:33:41 K< : recv pfkey GETSPI ESP message
11/03/02 10:33:41 DB : phase2 found
11/03/02 10:33:41 ii : updated spi for 1 ipsec-esp proposal
11/03/02 10:33:41 DB : phase1 found
11/03/02 10:33:41 >> : hash payload
11/03/02 10:33:41 >> : security association payload
11/03/02 10:33:41 >> : - proposal #1 payload
11/03/02 10:33:41 >> : -- transform #1 payload
11/03/02 10:33:41 >> : -- transform #2 payload
11/03/02 10:33:41 >> : -- transform #3 payload
11/03/02 10:33:41 >> : -- transform #4 payload
11/03/02 10:33:41 >> : -- transform #5 payload
11/03/02 10:33:41 >> : -- transform #6 payload
11/03/02 10:33:41 >> : -- transform #7 payload
11/03/02 10:33:41 >> : -- transform #8 payload
11/03/02 10:33:41 >> : -- transform #9 payload
11/03/02 10:33:41 >> : -- transform #10 payload
11/03/02 10:33:41 >> : -- transform #11 payload
11/03/02 10:33:41 >> : -- transform #12 payload
11/03/02 10:33:41 >> : -- transform #13 payload
11/03/02 10:33:41 >> : -- transform #14 payload
11/03/02 10:33:41 >> : -- transform #15 payload
11/03/02 10:33:41 >> : -- transform #16 payload
11/03/02 10:33:41 >> : -- transform #17 payload
11/03/02 10:33:41 >> : -- transform #18 payload
11/03/02 10:33:41 >> : -- transform #19 payload
11/03/02 10:33:41 >> : -- transform #20 payload
11/03/02 10:33:41 >> : -- transform #21 payload
11/03/02 10:33:41 >> : -- transform #22 payload
11/03/02 10:33:41 >> : -- transform #23 payload
11/03/02 10:33:41 >> : -- transform #24 payload
11/03/02 10:33:41 >> : -- transform #25 payload
11/03/02 10:33:41 >> : -- transform #26 payload
11/03/02 10:33:41 >> : -- transform #27 payload
11/03/02 10:33:41 >> : -- transform #28 payload
11/03/02 10:33:41 >> : -- transform #29 payload
11/03/02 10:33:41 >> : -- transform #30 payload
11/03/02 10:33:41 >> : -- transform #31 payload
11/03/02 10:33:41 >> : -- transform #32 payload
11/03/02 10:33:41 >> : -- transform #33 payload
11/03/02 10:33:41 >> : -- transform #34 payload
11/03/02 10:33:41 >> : -- transform #35 payload
11/03/02 10:33:41 >> : -- transform #36 payload
11/03/02 10:33:41 >> : -- transform #37 payload
11/03/02 10:33:41 >> : -- transform #38 payload
11/03/02 10:33:41 >> : -- transform #39 payload
11/03/02 10:33:41 >> : -- transform #40 payload
11/03/02 10:33:41 >> : -- transform #41 payload
11/03/02 10:33:41 >> : -- transform #42 payload
11/03/02 10:33:41 >> : -- transform #43 payload
11/03/02 10:33:41 >> : -- transform #44 payload
11/03/02 10:33:41 >> : -- transform #45 payload
11/03/02 10:33:41 >> : nonce payload
11/03/02 10:33:41 >> : key exchange payload
11/03/02 10:33:41 >> : identification payload
11/03/02 10:33:41 >> : identification payload
11/03/02 10:33:41 == : phase2 hash_i ( input ) ( 1832 bytes )
11/03/02 10:33:41 == : phase2 hash_i ( computed ) ( 16 bytes )
11/03/02 10:33:41 == : new phase2 iv ( 16 bytes )
11/03/02 10:33:41 >= : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:41 >= : message 8a060501
11/03/02 10:33:41 >= : encrypt iv ( 16 bytes )
11/03/02 10:33:41 == : encrypt packet ( 1876 bytes )
11/03/02 10:33:41 == : stored iv ( 16 bytes )
11/03/02 10:33:41 -> : send NAT-T:IKE packet 192.168.17.11:4500 ->
91.220.22.1:4500 ( 1916 bytes )
11/03/02 10:33:41 ii : fragmented packet to 1514 bytes ( MTU 1500 bytes )
11/03/02 10:33:41 ii : fragmented packet to 450 bytes ( MTU 1500 bytes )
11/03/02 10:33:41 DB : phase2 resend event scheduled ( ref count = 2 )
11/03/02 10:33:42 ii : sending DHCP over IPsec discover
11/03/02 10:33:43 ii : sending DHCP over IPsec discover
11/03/02 10:33:44 ii : sending DHCP over IPsec discover
11/03/02 10:33:44 <- : recv NAT-T:IKE packet 91.220.22.1:4500 ->
192.168.17.11:4500 ( 92 bytes )
11/03/02 10:33:44 DB : phase1 found
11/03/02 10:33:44 ii : processing informational packet ( 92 bytes )
11/03/02 10:33:44 == : new informational iv ( 16 bytes )
11/03/02 10:33:44 =< : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:44 =< : message 938a35a3
11/03/02 10:33:44 =< : decrypt iv ( 16 bytes )
11/03/02 10:33:44 == : decrypt packet ( 92 bytes )
11/03/02 10:33:44 <= : trimmed packet padding ( 12 bytes )
11/03/02 10:33:44 <= : stored iv ( 16 bytes )
11/03/02 10:33:44 << : hash payload
11/03/02 10:33:44 << : notification payload
11/03/02 10:33:44 == : informational hash_i ( computed ) ( 16 bytes )
11/03/02 10:33:44 == : informational hash_c ( received ) ( 16 bytes )
11/03/02 10:33:44 ii : informational hash verified
11/03/02 10:33:44 ii : received peer DPDV1-R-U-THERE notification
11/03/02 10:33:44 ii : - 91.220.22.1:4500 -> 192.168.17.11:4500
11/03/02 10:33:44 ii : - isakmp spi = 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:44 ii : - data size 4
11/03/02 10:33:44 ii : sending peer DPDV1-R-U-THERE-ACK notification
11/03/02 10:33:44 ii : - 192.168.17.11:4500 -> 91.220.22.1:4500
11/03/02 10:33:44 ii : - isakmp spi = 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:44 ii : - data size 4
11/03/02 10:33:44 >> : hash payload
11/03/02 10:33:44 >> : notification payload
11/03/02 10:33:44 == : new informational hash ( 16 bytes )
11/03/02 10:33:44 == : new informational iv ( 16 bytes )
11/03/02 10:33:44 >= : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:44 >= : message d9fdad07
11/03/02 10:33:44 >= : encrypt iv ( 16 bytes )
11/03/02 10:33:44 == : encrypt packet ( 80 bytes )
11/03/02 10:33:44 == : stored iv ( 16 bytes )
11/03/02 10:33:44 -> : send NAT-T:IKE packet 192.168.17.11:4500 ->
91.220.22.1:4500 ( 124 bytes )
11/03/02 10:33:44 ii : DPD ARE-YOU-THERE sequence 00000002 returned
11/03/02 10:33:45 ii : sending DHCP over IPsec discover
11/03/02 10:33:46 ii : sending DHCP over IPsec discover
11/03/02 10:33:46 ii : fragmented packet to 1514 bytes ( MTU 1500 bytes )
11/03/02 10:33:46 ii : fragmented packet to 450 bytes ( MTU 1500 bytes )
11/03/02 10:33:46 -> : resend 1 phase2 packet(s) [0/2] 192.168.17.11:4500 ->
91.220.22.1:4500
11/03/02 10:33:47 ii : sending DHCP over IPsec discover
11/03/02 10:33:48 DB : policy not found
11/03/02 10:33:48 DB : policy not found
11/03/02 10:33:48 DB : policy not found
11/03/02 10:33:48 DB : policy not found
11/03/02 10:33:48 DB : policy not found
11/03/02 10:33:48 DB : policy not found
11/03/02 10:33:48 DB : policy not found
11/03/02 10:33:48 DB : policy not found
11/03/02 10:33:48 ii : removing IPsec over DHCP policies
11/03/02 10:33:48 DB : policy found
11/03/02 10:33:48 ii : removing IPSEC INBOUND policy UDP:91.220.22.1:67 ->
UDP:192.168.17.11:67
11/03/02 10:33:48 K> : send pfkey X_SPDDELETE2 UNSPEC message
11/03/02 10:33:48 DB : policy found
11/03/02 10:33:48 ii : removing IPSEC OUTBOUND policy
UDP:192.168.17.11:67-> UDP:
91.220.22.1:67
11/03/02 10:33:48 K> : send pfkey X_SPDDELETE2 UNSPEC message
11/03/02 10:33:48 K< : recv pfkey X_SPDDELETE2 UNSPEC message
11/03/02 10:33:48 DB : policy found
11/03/02 10:33:48 DB : policy deleted ( obj count = 1 )
11/03/02 10:33:48 K< : recv pfkey X_SPDDELETE2 UNSPEC message
11/03/02 10:33:48 DB : policy found
11/03/02 10:33:48 DB : policy deleted ( obj count = 0 )
11/03/02 10:33:48 DB : tunnel dpd event canceled ( ref count = 5 )
11/03/02 10:33:48 DB : tunnel natt event canceled ( ref count = 4 )
11/03/02 10:33:48 DB : removing tunnel config references
11/03/02 10:33:48 DB : config deleted ( obj count = 0 )
11/03/02 10:33:48 DB : removing tunnel phase2 references
11/03/02 10:33:48 DB : phase2 resend event canceled ( ref count = 1 )
11/03/02 10:33:48 ii : phase2 removal before expire time
11/03/02 10:33:48 DB : phase2 deleted ( obj count = 0 )
11/03/02 10:33:48 DB : removing tunnel phase1 references
11/03/02 10:33:48 DB : phase1 soft event canceled ( ref count = 3 )
11/03/02 10:33:48 DB : phase1 hard event canceled ( ref count = 2 )
11/03/02 10:33:48 DB : phase1 dead event canceled ( ref count = 1 )
11/03/02 10:33:48 ii : sending peer DELETE message
11/03/02 10:33:48 ii : - 192.168.17.11:4500 -> 91.220.22.1:4500
11/03/02 10:33:48 ii : - isakmp spi = 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:48 ii : - data size 0
11/03/02 10:33:48 >> : hash payload
11/03/02 10:33:48 >> : delete payload
11/03/02 10:33:48 == : new informational hash ( 16 bytes )
11/03/02 10:33:48 == : new informational iv ( 16 bytes )
11/03/02 10:33:48 >= : cookies 17e8a2d0eb223d05:cf98755f2dc69bbc
11/03/02 10:33:48 >= : message e2a5af73
11/03/02 10:33:48 >= : encrypt iv ( 16 bytes )
11/03/02 10:33:48 == : encrypt packet ( 76 bytes )
11/03/02 10:33:48 == : stored iv ( 16 bytes )
11/03/02 10:33:48 -> : send NAT-T:IKE packet 192.168.17.11:4500 ->
91.220.22.1:4500 ( 108 bytes )
11/03/02 10:33:48 ii : phase1 removal before expire time
11/03/02 10:33:48 DB : phase1 deleted ( obj count = 0 )
11/03/02 10:33:48 DB : tunnel deleted ( obj count = 0 )
11/03/02 10:33:48 DB : removing all peer tunnel refrences
11/03/02 10:33:48 DB : peer deleted ( obj count = 0 )
11/03/02 10:33:48 ii : ipc client process thread exit ...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110506/4466913e/attachment-0001.html>

More information about the vpn-help mailing list