[vpn-help] shrew soft client tunnel established to juniper ssg but cannot ping remote network

Kevin Petty kevin.petty724 at gmail.com
Wed May 30 16:44:01 CDT 2012


Hello,

I currently have configured my SSG and Shrew Client to the specs in
this doc. http://www.shrew.net/static/help-2.1.x/vpnhelp.htm.  I am
using shrew client version 2.1.7 on a windows 7 64 bit machine.  The
tunnel enables on the client upon authentication and I can ping my
firewall once connected but cannot reach anything else inside the
remote network.  I have checked the logs on the firewall and it states
that Phase 2 completes negotiations.  Also the Policy log shows no
issues.


Here is my config on the SSG


set clock timezone -6
set clock dst recurring start-weekday 2 0 3 02:00 end-weekday 1 0 11 02:00
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set alg appleichat enable
unset alg appleichat re-assembly enable
set alg sctp enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "admin"
set admin password "nDqnMcriM8UJcAjPDs2Or9Ct4iIiDn"
set admin auth web timeout 10
set admin auth dial-in timeout 3
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet0/0" zone "Untrust"
set interface "ethernet0/1" zone "DMZ"
set interface "wireless0/0" zone "Trust"
set interface "bgroup0" zone "Trust"
set interface bgroup0 port ethernet0/2
set interface bgroup0 port ethernet0/3
set interface bgroup0 port ethernet0/4
set interface bgroup0 port ethernet0/5
set interface bgroup0 port ethernet0/6
set interface bgroup0 port wireless0/1
unset interface vlan1 ip
set interface ethernet0/0 ip *.*.*.*/28
set interface ethernet0/0 route
set interface wireless0/0 ip 172.16.3.9/24
set interface wireless0/0 nat
set interface bgroup0 ip 77.77.77.1/30
set interface bgroup0 nat
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/0 ip manageable
set interface wireless0/0 ip manageable
set interface bgroup0 ip manageable
set interface ethernet0/0 manage web
set interface wireless0/0 dhcp relay server-name "production.*.com"
set interface wireless0/0 dhcp relay server-name "172.16.3.3"
set interface wireless0/0 dhcp relay service
set interface "serial0/0" modem settings "USR" init "AT&F"
set interface "serial0/0" modem settings "USR" active
set interface "serial0/0" modem speed 115200
set interface "serial0/0" modem retry 3
set interface "serial0/0" modem interval 10
set interface "serial0/0" modem idle-time 10
set flow tcp-mss
unset flow no-tcp-seq-check
set flow tcp-syn-check
unset flow tcp-syn-bit-check
set flow reverse-route clear-text prefer
set flow reverse-route tunnel always
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set dns host dns1 68.94.156.1
set dns host dns2 68.94.157.1
set dns host dns3 0.0.0.0
set address "Trust" "10.1.2.0/24" 10.1.2.0 255.255.255.0
set ippool "vpnclient" 10.2.21.1 10.2.21.254
set user "Kevin" uid 2
set user "Kevin" type ike xauth
set user "Kevin" password "pFrwmg8BNCArHOsD5SC1hOiaXgnSfg+kuw=="
unset user "Kevin" type auth
set user "Kevin" "enable"
set user "vpnclient_ph1id" uid 1
set user "vpnclient_ph1id" ike-id fqdn "client.production.*.com" share-limit 2
set user "vpnclient_ph1id" type ike
set user "vpnclient_ph1id" "enable"
set user-group "vpnclient_group" id 1
set user-group "vpnclient_group" user "vpnclient_ph1id"
set ike gateway "vpnclient_gateway" dialup "vpnclient_group" Aggr
local-id "vpngw.production.*.com" outgoing-interface

"ethernet0/0" preshare "ywVtpLtqNNqShlsEx3CBeXjIGGnCLRiUgg==" proposal
"pre-g2-3des-sha" "pre-g2-3des-md5" "pre-g2-aes128-sha"

"pre-g2-aes128-sha"
set ike gateway "vpnclient_gateway" dpd-liveness interval 30
unset ike gateway "vpnclient_gateway" nat-traversal udp-checksum
set ike gateway "vpnclient_gateway" nat-traversal keepalive-frequency 20
set ike gateway "vpnclient_gateway" xauth server "Local"
unset ike gateway "vpnclient_gateway" xauth do-edipi-auth
set ike respond-bad-spi 1
set ike ikev2 ike-sa-soft-lifetime 60
unset ike ikeid-enumeration
unset ike dos-protection
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set xauth default ippool "vpnclient"
set xauth default dns1 10.1.2.1
set xauth default dns2 10.1.2.100
set xauth default wins1 10.1.2.1
set xauth default wins2 10.1.2.100
set vpn "vpnclient_tunnel" gateway "vpnclient_gateway" no-replay
tunnel idletime 0 proposal "nopfs-esp-3des-sha"  "nopfs-esp-

3des-md5"  "nopfs-esp-aes128-sha"  "nopfs-esp-aes128-md5"
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set url protocol websense
exit
set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit log
set policy id 1
exit
set policy id 2 from "Untrust" to "Trust"  "Any" "Any" "ANY" permit
set policy id 2
exit
set policy id 3 name "vpnclient_in" from "Untrust" to "Trust"
"Dial-Up VPN" "10.1.2.0/24" "ANY" tunnel vpn "vpnclient_tunnel"

id 0x1 log
set policy id 3
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
unset license-key auto-update
set wlan 0 channel auto
set wlan 1 channel auto
set ssid name LAB
set ssid LAB authentication wpa2-psk passphrase
GA2Hc/DBNI7juJsH9RCCjmWPGjniRtvyjw== encryption auto
set ssid LAB interface wireless1
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 interface ethernet0/0 gateway *.*.*.*
set route 172.16.3.0/24 interface bgroup0 gateway 77.77.77.2
set route 172.16.4.0/24 interface bgroup0 gateway 77.77.77.2
set route 10.5.1.0/24 interface bgroup0 gateway 77.77.77.2
set route 10.5.128.0/24 interface bgroup0 gateway 77.77.77.2
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit



Here is my Shrew Client Config;
n:version:2
n:network-ike-port:500
n:network-mtu-size:1380
n:client-addr-auto:1
n:network-natt-port:4500
n:network-natt-rate:15
n:network-frag-size:540
n:network-dpd-enable:1
n:client-banner-enable:1
n:network-notify-enable:1
n:client-wins-used:1
n:client-wins-auto:1
n:client-dns-used:1
n:client-dns-auto:1
n:client-splitdns-used:1
n:client-splitdns-auto:1
n:phase1-dhgroup:2
n:phase1-life-secs:86400
n:phase1-life-kbytes:0
n:vendor-chkpt-enable:0
n:phase2-life-secs:3600
n:phase2-life-kbytes:0
n:policy-nailed:0
n:policy-list-auto:0
s:client-saved-username:Kevin
s:network-host:*.*.*.*
s:client-auto-mode:push
s:client-iface:virtual
s:network-natt-mode:enable
s:network-frag-mode:enable
s:auth-method:mutual-psk-xauth
s:ident-client-type:fqdn
s:ident-server-type:fqdn
s:ident-client-data:client.production.*.com
s:ident-server-data:vpngw.production.*.com
b:auth-mutual-psk:bXlwcmVzaGFyZWRrZXk=
s:phase1-exchange:aggressive
s:phase1-cipher:auto
s:phase1-hash:auto
s:phase2-transform:auto
s:phase2-hmac:auto
s:ipcomp-transform:disabled
n:phase2-pfsgroup:-1
s:policy-level:auto
s:policy-list-include:10.1.2.0 / 255.255.255.0

Here is what my logs on the SSG say:

2012-05-30 11:27:36	info	IKE 76.16.133.168 Phase 2 msg ID 9e4d2250:
Completed negotiations with SPI 4a03bafe, tunnel ID 32778, and
lifetime 3600 seconds/0 KB.
2012-05-30 11:27:36	info	IKE 76.16.133.168 Phase 2 msg-id 9e4d2250:
Completed for user client.production.*.com.
2012-05-30 11:27:36	info	IKE 76.16.133.168 Phase 2 msg ID 9e4d2250:
Responded to the peer's first message from user
client.production.*.com.
2012-05-30 11:27:32	info	IKE 76.16.133.168: XAuth login was passed for
gateway vpnclient_gateway, username Kevin, retry: 0, Client IP Addr
10.2.21.1, IPPool name: vpnclient, Session-Timeout: 0s, Idle-Timeout:
0s.
2012-05-30 11:27:32	info	IKE 76.16.133.168: XAuth login was refreshed
for username Kevin at 10.2.21.1/255.255.255.255.
2012-05-30 11:27:32	info	Rejected an IKE packet on ethernet0/0 from
76.16.133.168:4500 to *.*.*.*:4500 with cookies 5f29476b4ec5629a and
603bfc28fcf13a2d because A Phase 2 packet arrived while XAuth was
still pending.
2012-05-30 11:27:32	info	IKE 76.16.133.168 Phase 1: Completed
Aggressive mode negotiations with a 28800-second lifetime.
2012-05-30 11:27:32	info	IKE 76.16.133.168 Phase 1: Completed for user
client.production.*.com.
2012-05-30 11:27:32	info	IKE<76.16.133.168> Phase 1: IKE responder has
detected NAT in front of the remote device.
2012-05-30 11:27:32	info	IKE<76.16.133.168> Phase 1: IKE responder has
detected NAT in front of the local device.
2012-05-30 11:27:31	info	IKE 76.16.133.168 Phase 1: Responder starts
AGGRESSIVE mode negotiations.

Here is what the Policy Log States:

Date and Time:               Source Address/Port:       Dest
Address/Port: Trans Srce/Port    Service        Duration      Bytes
sent     Byte received        Close Reason
2012-05-30 11:28:47	10.2.21.1:64052	10.1.2.1:53	*.*.*.*:2179	10.1.2.1:53	
  DNS	         70 sec.	246	               0	               Close - AGE
OUT
2012-05-30 11:28:46	10.2.21.1:53872	10.1.2.100:53	*.*.*.*:1593	10.1.2.100:53	
  DNS          	 62 sec.	164	               0	               Close -
AGE OUT
2012-05-30 11:28:45	10.2.21.1:65484	10.1.2.1:53	*.*.*.*:1268	10.1.2.1:53	
  DNS               68 sec.	246	               0	               Close
- AGE OUT
2012-05-30 11:28:45	10.2.21.1:50921	10.1.2.1:53	*.*.*.*:2788	10.1.2.1:53	
  DNS	         68 sec.	246	               0	               Close - AGE
OUT
2012-05-30 11:28:45	10.2.21.1:63518	10.1.2.100:53	*.*.*.*:2324	10.1.2.100:53	
  DNS	         68 sec.	452	               0	               Close - AGE
OUT
2012-05-30 11:28:45	10.2.21.1:58237	10.1.2.100:53	*.*.*.*:2447	10.1.2.100:53	
  DNS               68 sec.	452	               0	               Close
- AGE OUT


I also have a debug that I did when authenticating with the client:

12/05/24 23:56:43 ## : IKE Daemon, ver 2.1.7
12/05/24 23:56:43 ## : Copyright 2010 Shrew Soft Inc.
12/05/24 23:56:43 ## : This product linked OpenSSL 0.9.8h 28 May 2008
12/05/24 23:56:43 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client\debug\iked.log'
12/05/24 23:56:43 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-decrypt.cap'
12/05/24 23:56:43 ii : opened 'C:\Program Files\ShrewSoft\VPN
Client/debug/dump-ike-encrypt.cap'
12/05/24 23:56:43 ii : rebuilding vnet device list ...
12/05/24 23:56:43 ii : device ROOT\VNET\0000 disabled
12/05/24 23:56:43 ii : network process thread begin ...
12/05/24 23:56:43 ii : pfkey process thread begin ...
12/05/24 23:56:43 ii : ipc server process thread begin ...
12/05/24 23:56:57 ii : ipc client process thread begin ...
12/05/24 23:56:57 <A : peer config add message
12/05/24 23:56:57 DB : peer added ( obj count = 1 )
12/05/24 23:56:57 ii : local address 192.168.1.146 selected for peer
12/05/24 23:56:57 DB : tunnel added ( obj count = 1 )
12/05/24 23:56:57 <A : proposal config message
12/05/24 23:56:57 <A : proposal config message
12/05/24 23:56:57 <A : client config message
12/05/24 23:56:57 <A : xauth username message
12/05/24 23:56:57 <A : xauth password message
12/05/24 23:56:57 <A : local id 'client.production.*.com' message
12/05/24 23:56:57 <A : remote id 'vpngw.production.*.com' message
12/05/24 23:56:57 <A : preshared key message
12/05/24 23:56:57 <A : remote resource message
12/05/24 23:56:57 <A : peer tunnel enable message
12/05/24 23:56:58 DB : new phase1 ( ISAKMP initiator )
12/05/24 23:56:58 DB : exchange type is aggressive
12/05/24 23:56:58 DB : 192.168.1.146:500 <-> *.*.*.*:500
12/05/24 23:56:58 DB : 5791401bca29a9a8:0000000000000000
12/05/24 23:56:58 DB : phase1 added ( obj count = 1 )
12/05/24 23:56:58 >> : security association payload
12/05/24 23:56:58 >> : - proposal #1 payload
12/05/24 23:56:58 >> : -- transform #1 payload
12/05/24 23:56:58 >> : -- transform #2 payload
12/05/24 23:56:58 >> : -- transform #3 payload
12/05/24 23:56:58 >> : -- transform #4 payload
12/05/24 23:56:58 >> : -- transform #5 payload
12/05/24 23:56:58 >> : -- transform #6 payload
12/05/24 23:56:58 >> : -- transform #7 payload
12/05/24 23:56:58 >> : -- transform #8 payload
12/05/24 23:56:58 >> : -- transform #9 payload
12/05/24 23:56:58 >> : -- transform #10 payload
12/05/24 23:56:58 >> : -- transform #11 payload
12/05/24 23:56:58 >> : -- transform #12 payload
12/05/24 23:56:58 >> : -- transform #13 payload
12/05/24 23:56:58 >> : -- transform #14 payload
12/05/24 23:56:58 >> : -- transform #15 payload
12/05/24 23:56:58 >> : -- transform #16 payload
12/05/24 23:56:58 >> : -- transform #17 payload
12/05/24 23:56:58 >> : -- transform #18 payload
12/05/24 23:56:58 >> : key exchange payload
12/05/24 23:56:58 >> : nonce payload
12/05/24 23:56:58 >> : identification payload
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local supports XAUTH
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local supports nat-t ( draft v00 )
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local supports nat-t ( draft v01 )
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local supports nat-t ( draft v02 )
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local supports nat-t ( draft v03 )
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local supports nat-t ( rfc )
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local supports FRAGMENTATION
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local supports DPDv1
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local is SHREW SOFT compatible
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local is NETSCREEN compatible
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local is SIDEWINDER compatible
12/05/24 23:56:58 >> : vendor id payload
12/05/24 23:56:58 ii : local is CISCO UNITY compatible
12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:0000000000000000
12/05/24 23:56:58 >= : message 00000000
12/05/24 23:56:58 -> : send IKE packet 192.168.1.146:500 ->
*.*.*.*:500 ( 1202 bytes )
12/05/24 23:56:58 DB : phase1 resend event scheduled ( ref count = 2 )
12/05/24 23:56:58 <- : recv IKE packet *.*.*.*:500 ->
192.168.1.146:500 ( 457 bytes )
12/05/24 23:56:58 DB : phase1 found
12/05/24 23:56:58 ii : processing phase1 packet ( 457 bytes )
12/05/24 23:56:58 =< : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:56:58 =< : message 00000000
12/05/24 23:56:58 << : security association payload
12/05/24 23:56:58 << : - propsal #1 payload
12/05/24 23:56:58 << : -- transform #1 payload
12/05/24 23:56:58 ii : unmatched isakmp proposal/transform
12/05/24 23:56:58 ii : key length ( 128 != 256 )
12/05/24 23:56:58 ii : unmatched isakmp proposal/transform
12/05/24 23:56:58 ii : key length ( 128 != 256 )
12/05/24 23:56:58 ii : unmatched isakmp proposal/transform
12/05/24 23:56:58 ii : key length ( 128 != 192 )
12/05/24 23:56:58 ii : unmatched isakmp proposal/transform
12/05/24 23:56:58 ii : key length ( 128 != 192 )
12/05/24 23:56:58 ii : unmatched isakmp proposal/transform
12/05/24 23:56:58 ii : hash type ( hmac-sha != hmac-md5 )
12/05/24 23:56:58 !! : peer violates RFC, transform number mismatch ( 1 != 6 )
12/05/24 23:56:58 ii : matched isakmp proposal #1 transform #1
12/05/24 23:56:58 ii : - transform    = ike
12/05/24 23:56:58 ii : - cipher type  = aes
12/05/24 23:56:58 ii : - key length   = 128 bits
12/05/24 23:56:58 ii : - hash type    = sha1
12/05/24 23:56:58 ii : - dh group     = modp-1024
12/05/24 23:56:58 ii : - auth type    = xauth-initiator-psk
12/05/24 23:56:58 ii : - life seconds = 86400
12/05/24 23:56:58 ii : - life kbytes  = 0
12/05/24 23:56:58 << : vendor id payload
12/05/24 23:56:58 ii : unknown vendor id ( 28 bytes )
12/05/24 23:56:58 0x : 1ebd0c4b 9fc0adf0 36608456 da16a987 34c6fccd
00000013 0000060a
12/05/24 23:56:58 << : vendor id payload
12/05/24 23:56:58 ii : peer supports XAUTH
12/05/24 23:56:58 << : vendor id payload
12/05/24 23:56:58 ii : peer supports DPDv1
12/05/24 23:56:58 << : vendor id payload
12/05/24 23:56:58 ii : peer supports HEARTBEAT-NOTIFY
12/05/24 23:56:58 << : key exchange payload
12/05/24 23:56:58 << : nonce payload
12/05/24 23:56:58 << : identification payload
12/05/24 23:56:58 ii : phase1 id match
12/05/24 23:56:58 ii : received = fqdn vpngw.production.*.com
12/05/24 23:56:58 << : hash payload
12/05/24 23:56:58 << : vendor id payload
12/05/24 23:56:58 ii : peer supports nat-t ( draft v02 )
12/05/24 23:56:58 << : nat discovery payload
12/05/24 23:56:58 << : nat discovery payload
12/05/24 23:56:58 ii : nat discovery - local address is translated
12/05/24 23:56:58 ii : switching to src nat-t udp port 4500
12/05/24 23:56:58 ii : switching to dst nat-t udp port 4500
12/05/24 23:56:58 == : DH shared secret ( 128 bytes )
12/05/24 23:56:58 == : SETKEYID ( 20 bytes )
12/05/24 23:56:58 == : SETKEYID_d ( 20 bytes )
12/05/24 23:56:58 == : SETKEYID_a ( 20 bytes )
12/05/24 23:56:58 == : SETKEYID_e ( 20 bytes )
12/05/24 23:56:58 == : cipher key ( 16 bytes )
12/05/24 23:56:58 == : cipher iv ( 16 bytes )
12/05/24 23:56:58 == : phase1 hash_i ( computed ) ( 20 bytes )
12/05/24 23:56:58 >> : hash payload
12/05/24 23:56:58 >> : nat discovery payload
12/05/24 23:56:58 >> : nat discovery payload
12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:56:58 >= : message 00000000
12/05/24 23:56:58 >= : encrypt iv ( 16 bytes )
12/05/24 23:56:58 == : encrypt packet ( 100 bytes )
12/05/24 23:56:58 == : stored iv ( 16 bytes )
12/05/24 23:56:58 DB : phase1 resend event canceled ( ref count = 1 )
12/05/24 23:56:58 -> : send NAT-T:IKE packet 192.168.1.146:4500 ->
*.*.*.*:4500 ( 140 bytes )
12/05/24 23:56:58 == : phase1 hash_r ( computed ) ( 20 bytes )
12/05/24 23:56:58 == : phase1 hash_r ( received ) ( 20 bytes )
12/05/24 23:56:58 ii : phase1 sa established
12/05/24 23:56:58 ii : *.*.*.*:4500 <-> 192.168.1.146:4500
12/05/24 23:56:58 ii : 5791401bca29a9a8:879667a27f584432
12/05/24 23:56:58 ii : sending peer INITIAL-CONTACT notification
12/05/24 23:56:58 ii : - 192.168.1.146:4500 -> *.*.*.*:4500
12/05/24 23:56:58 ii : - isakmp spi = 5791401bca29a9a8:879667a27f584432
12/05/24 23:56:58 ii : - data size 0
12/05/24 23:56:58 >> : hash payload
12/05/24 23:56:58 >> : notification payload
12/05/24 23:56:58 == : new informational hash ( 20 bytes )
12/05/24 23:56:58 == : new informational iv ( 16 bytes )
12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:56:58 >= : message 4eb2a41a
12/05/24 23:56:58 >= : encrypt iv ( 16 bytes )
12/05/24 23:56:58 == : encrypt packet ( 80 bytes )
12/05/24 23:56:58 == : stored iv ( 16 bytes )
12/05/24 23:56:58 -> : send NAT-T:IKE packet 192.168.1.146:4500 ->
*.*.*.*:4500 ( 124 bytes )
12/05/24 23:56:58 DB : phase2 not found
12/05/24 23:56:58 <- : recv NAT-T:IKE packet *.*.*.*:4500 ->
192.168.1.146:4500 ( 76 bytes )
12/05/24 23:56:58 DB : phase1 found
12/05/24 23:56:58 ii : processing config packet ( 76 bytes )
12/05/24 23:56:58 DB : config not found
12/05/24 23:56:58 DB : config added ( obj count = 1 )
12/05/24 23:56:58 == : new config iv ( 16 bytes )
12/05/24 23:56:58 =< : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:56:58 =< : message 32afb52c
12/05/24 23:56:58 =< : decrypt iv ( 16 bytes )
12/05/24 23:56:58 == : decrypt packet ( 76 bytes )
12/05/24 23:56:58 <= : trimmed packet padding ( 4 bytes )
12/05/24 23:56:58 <= : stored iv ( 16 bytes )
12/05/24 23:56:58 << : hash payload
12/05/24 23:56:58 << : attribute payload
12/05/24 23:56:58 == : configure hash_i ( computed ) ( 20 bytes )
12/05/24 23:56:58 == : configure hash_c ( computed ) ( 20 bytes )
12/05/24 23:56:58 ii : configure hash verified
12/05/24 23:56:58 ii : - xauth authentication type
12/05/24 23:56:58 ii : - xauth username
12/05/24 23:56:58 ii : - xauth password
12/05/24 23:56:58 ii : received basic xauth request -
12/05/24 23:56:58 ii : - standard xauth username
12/05/24 23:56:58 ii : - standard xauth password
12/05/24 23:56:58 ii : sending xauth response for Kevin
12/05/24 23:56:58 >> : hash payload
12/05/24 23:56:58 >> : attribute payload
12/05/24 23:56:58 == : new configure hash ( 20 bytes )
12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:56:58 >= : message 32afb52c
12/05/24 23:56:58 >= : encrypt iv ( 16 bytes )
12/05/24 23:56:58 == : encrypt packet ( 89 bytes )
12/05/24 23:56:58 == : stored iv ( 16 bytes )
12/05/24 23:56:58 -> : send NAT-T:IKE packet 192.168.1.146:4500 ->
*.*.*.*:4500 ( 124 bytes )
12/05/24 23:56:58 DB : config resend event scheduled ( ref count = 2 )
12/05/24 23:56:58 <- : recv NAT-T:IKE packet *.*.*.*:4500 ->
192.168.1.146:4500 ( 124 bytes )
12/05/24 23:56:58 DB : phase1 found
12/05/24 23:56:58 ii : processing config packet ( 124 bytes )
12/05/24 23:56:58 DB : config found
12/05/24 23:56:58 == : new config iv ( 16 bytes )
12/05/24 23:56:58 =< : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:56:58 =< : message 62380327
12/05/24 23:56:58 =< : decrypt iv ( 16 bytes )
12/05/24 23:56:58 == : decrypt packet ( 124 bytes )
12/05/24 23:56:58 <= : trimmed packet padding ( 16 bytes )
12/05/24 23:56:58 <= : stored iv ( 16 bytes )
12/05/24 23:56:58 << : hash payload
12/05/24 23:56:58 << : attribute payload
12/05/24 23:56:58 == : configure hash_i ( computed ) ( 20 bytes )
12/05/24 23:56:58 == : configure hash_c ( computed ) ( 20 bytes )
12/05/24 23:56:58 ii : configure hash verified
12/05/24 23:56:58 ii : received config push request
12/05/24 23:56:58 ii : - IP4 Address = 10.2.21.1
12/05/24 23:56:58 ii : - IP4 Netmask = 255.255.255.255
12/05/24 23:56:58 ii : - IP4 DNS Server = 10.1.2.1
12/05/24 23:56:58 ii : - IP4 DNS Server = 10.1.2.100
12/05/24 23:56:58 ii : - IP4 WINS Server = 10.1.2.1
12/05/24 23:56:58 ii : - IP4 WINS Server = 10.1.2.100
12/05/24 23:56:58 ii : building config attribute list
12/05/24 23:56:58 ii : - IP4 Address
12/05/24 23:56:58 ii : - Address Expiry
12/05/24 23:56:58 ii : - IP4 Netamask
12/05/24 23:56:58 ii : - IP4 DNS Server
12/05/24 23:56:58 ii : - IP4 WINS Server
12/05/24 23:56:58 ii : sending config push acknowledge
12/05/24 23:56:58 >> : hash payload
12/05/24 23:56:58 >> : attribute payload
12/05/24 23:56:58 == : new configure hash ( 20 bytes )
12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:56:58 >= : message 62380327
12/05/24 23:56:58 >= : encrypt iv ( 16 bytes )
12/05/24 23:56:58 == : encrypt packet ( 80 bytes )
12/05/24 23:56:58 == : stored iv ( 16 bytes )
12/05/24 23:56:58 DB : config resend event canceled ( ref count = 1 )
12/05/24 23:56:58 -> : send NAT-T:IKE packet 192.168.1.146:4500 ->
*.*.*.*:4500 ( 124 bytes )
12/05/24 23:56:58 DB : config resend event scheduled ( ref count = 2 )
12/05/24 23:56:58 <- : recv NAT-T:IKE packet *.*.*.*:4500 ->
192.168.1.146:4500 ( 76 bytes )
12/05/24 23:56:58 DB : phase1 found
12/05/24 23:56:58 ii : processing config packet ( 76 bytes )
12/05/24 23:56:58 DB : config found
12/05/24 23:56:58 == : new config iv ( 16 bytes )
12/05/24 23:56:58 =< : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:56:58 =< : message 7bb641a3
12/05/24 23:56:58 =< : decrypt iv ( 16 bytes )
12/05/24 23:56:58 == : decrypt packet ( 76 bytes )
12/05/24 23:56:58 <= : trimmed packet padding ( 12 bytes )
12/05/24 23:56:58 <= : stored iv ( 16 bytes )
12/05/24 23:56:58 << : hash payload
12/05/24 23:56:58 << : attribute payload
12/05/24 23:56:58 == : configure hash_i ( computed ) ( 20 bytes )
12/05/24 23:56:58 == : configure hash_c ( computed ) ( 20 bytes )
12/05/24 23:56:58 ii : configure hash verified
12/05/24 23:56:58 ii : received xauth result -
12/05/24 23:56:58 ii : user Kevin authentication succeeded
12/05/24 23:56:58 ii : sending xauth acknowledge
12/05/24 23:56:58 >> : hash payload
12/05/24 23:56:58 >> : attribute payload
12/05/24 23:56:58 == : new configure hash ( 20 bytes )
12/05/24 23:56:58 >= : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:56:58 >= : message 7bb641a3
12/05/24 23:56:58 >= : encrypt iv ( 16 bytes )
12/05/24 23:56:58 == : encrypt packet ( 60 bytes )
12/05/24 23:56:58 == : stored iv ( 16 bytes )
12/05/24 23:56:58 DB : config resend event canceled ( ref count = 1 )
12/05/24 23:56:58 -> : send NAT-T:IKE packet 192.168.1.146:4500 ->
*.*.*.*:4500 ( 92 bytes )
12/05/24 23:56:58 DB : config resend event scheduled ( ref count = 2 )
12/05/24 23:56:58 DB : config resend event canceled ( ref count = 1 )
12/05/24 23:56:58 ii : enabled adapter ROOT\VNET\0000
12/05/24 23:56:58 ii : apapter ROOT\VNET\0000 MTU is 1500
12/05/24 23:56:58 ii : generating IPSEC security policies at UNIQUE level
12/05/24 23:56:58 ii : creating NONE INBOUND policy ANY:*.*.*.*:* ->
ANY:192.168.1.146:*
12/05/24 23:56:58 DB : policy added ( obj count = 1 )
12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 ii : creating NONE OUTBOUND policy
ANY:192.168.1.146:* -> ANY:*.*.*.*:*
12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 DB : policy found
12/05/24 23:56:58 ii : created NONE policy route for *.*.*.*/32
12/05/24 23:56:58 DB : policy added ( obj count = 2 )
12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 DB : policy found
12/05/24 23:56:58 ii : creating NONE INBOUND policy ANY:192.168.1.1:*
-> ANY:10.2.21.1:*
12/05/24 23:56:58 DB : policy added ( obj count = 3 )
12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 ii : creating NONE OUTBOUND policy ANY:10.2.21.1:*
-> ANY:192.168.1.1:*
12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 DB : policy found
12/05/24 23:56:58 ii : created NONE policy route for 192.168.1.1/32
12/05/24 23:56:58 DB : policy added ( obj count = 4 )
12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 ii : creating IPSEC INBOUND policy ANY:10.1.2.0/24:*
-> ANY:10.2.21.1:*
12/05/24 23:56:58 DB : policy added ( obj count = 5 )
12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 ii : creating IPSEC OUTBOUND policy ANY:10.2.21.1:*
-> ANY:10.1.2.0/24:*
12/05/24 23:56:58 DB : policy found
12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 DB : policy found
12/05/24 23:56:58 ii : created IPSEC policy route for 10.1.2.0/24
12/05/24 23:56:58 DB : policy added ( obj count = 6 )
12/05/24 23:56:58 K> : send pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 ii : split DNS bypassed ( no split domains defined )
12/05/24 23:56:58 K< : recv pfkey X_SPDADD UNSPEC message
12/05/24 23:56:58 DB : policy found
12/05/24 23:57:01 K< : recv pfkey ACQUIRE UNSPEC message
12/05/24 23:57:01 DB : policy found
12/05/24 23:57:01 DB : policy found
12/05/24 23:57:01 DB : tunnel found
12/05/24 23:57:01 DB : new phase2 ( IPSEC initiator )
12/05/24 23:57:01 DB : phase2 added ( obj count = 1 )
12/05/24 23:57:01 K> : send pfkey GETSPI ESP message
12/05/24 23:57:01 K< : recv pfkey GETSPI ESP message
12/05/24 23:57:01 DB : phase2 found
12/05/24 23:57:01 ii : updated spi for 1 ipsec-esp proposal
12/05/24 23:57:01 DB : phase1 found
12/05/24 23:57:01 >> : hash payload
12/05/24 23:57:01 >> : security association payload
12/05/24 23:57:01 >> : - proposal #1 payload
12/05/24 23:57:01 >> : -- transform #1 payload
12/05/24 23:57:01 >> : -- transform #2 payload
12/05/24 23:57:01 >> : -- transform #3 payload
12/05/24 23:57:01 >> : -- transform #4 payload
12/05/24 23:57:01 >> : -- transform #5 payload
12/05/24 23:57:01 >> : -- transform #6 payload
12/05/24 23:57:01 >> : -- transform #7 payload
12/05/24 23:57:01 >> : -- transform #8 payload
12/05/24 23:57:01 >> : -- transform #9 payload
12/05/24 23:57:01 >> : -- transform #10 payload
12/05/24 23:57:01 >> : -- transform #11 payload
12/05/24 23:57:01 >> : -- transform #12 payload
12/05/24 23:57:01 >> : -- transform #13 payload
12/05/24 23:57:01 >> : -- transform #14 payload
12/05/24 23:57:01 >> : -- transform #15 payload
12/05/24 23:57:01 >> : -- transform #16 payload
12/05/24 23:57:01 >> : -- transform #17 payload
12/05/24 23:57:01 >> : -- transform #18 payload
12/05/24 23:57:01 >> : nonce payload
12/05/24 23:57:01 >> : identification payload
12/05/24 23:57:01 >> : identification payload
12/05/24 23:57:01 == : phase2 hash_i ( input ) ( 632 bytes )
12/05/24 23:57:01 == : phase2 hash_i ( computed ) ( 20 bytes )
12/05/24 23:57:01 == : new phase2 iv ( 16 bytes )
12/05/24 23:57:01 >= : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:57:01 >= : message 018a997c
12/05/24 23:57:01 >= : encrypt iv ( 16 bytes )
12/05/24 23:57:01 == : encrypt packet ( 680 bytes )
12/05/24 23:57:01 == : stored iv ( 16 bytes )
12/05/24 23:57:01 -> : send NAT-T:IKE packet 192.168.1.146:4500 ->
*.*.*.*:4500 ( 716 bytes )
12/05/24 23:57:01 DB : phase2 resend event scheduled ( ref count = 2 )
12/05/24 23:57:01 <- : recv NAT-T:IKE packet *.*.*.*:4500 ->
192.168.1.146:4500 ( 172 bytes )
12/05/24 23:57:01 DB : phase1 found
12/05/24 23:57:01 ii : processing phase2 packet ( 172 bytes )
12/05/24 23:57:01 DB : phase2 found
12/05/24 23:57:01 =< : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:57:01 =< : message 018a997c
12/05/24 23:57:01 =< : decrypt iv ( 16 bytes )
12/05/24 23:57:01 == : decrypt packet ( 172 bytes )
12/05/24 23:57:01 <= : trimmed packet padding ( 12 bytes )
12/05/24 23:57:01 <= : stored iv ( 16 bytes )
12/05/24 23:57:01 << : hash payload
12/05/24 23:57:01 << : security association payload
12/05/24 23:57:01 << : - propsal #1 payload
12/05/24 23:57:01 << : -- transform #1 payload
12/05/24 23:57:01 << : nonce payload
12/05/24 23:57:01 << : identification payload
12/05/24 23:57:01 << : identification payload
12/05/24 23:57:01 == : phase2 hash_r ( input ) ( 132 bytes )
12/05/24 23:57:01 == : phase2 hash_r ( computed ) ( 20 bytes )
12/05/24 23:57:01 == : phase2 hash_r ( received ) ( 20 bytes )
12/05/24 23:57:01 ii : unmatched ipsec-esp proposal/transform
12/05/24 23:57:01 ii : key length ( 128 != 256 )
12/05/24 23:57:01 ii : unmatched ipsec-esp proposal/transform
12/05/24 23:57:01 ii : key length ( 128 != 256 )
12/05/24 23:57:01 ii : unmatched ipsec-esp proposal/transform
12/05/24 23:57:01 ii : key length ( 128 != 192 )
12/05/24 23:57:01 ii : unmatched ipsec-esp proposal/transform
12/05/24 23:57:01 ii : key length ( 128 != 192 )
12/05/24 23:57:01 !! : peer violates RFC, transform number mismatch ( 1 != 5 )
12/05/24 23:57:01 ii : matched ipsec-esp proposal #1 transform #5
12/05/24 23:57:01 ii : - transform    = esp-aes
12/05/24 23:57:01 ii : - key length   = 128 bits
12/05/24 23:57:01 ii : - encap mode   = udp-tunnel ( draft )
12/05/24 23:57:01 ii : - msg auth     = hmac-md5
12/05/24 23:57:01 ii : - pfs dh group = none
12/05/24 23:57:01 ii : - life seconds = 3600
12/05/24 23:57:01 ii : - life kbytes  = 0
12/05/24 23:57:01 DB : policy found
12/05/24 23:57:01 K> : send pfkey GETSPI ESP message
12/05/24 23:57:01 ii : phase2 ids accepted
12/05/24 23:57:01 ii : - loc ANY:10.2.21.1:* -> ANY:10.1.2.0/24:*
12/05/24 23:57:01 ii : - rmt ANY:10.1.2.0/24:* -> ANY:10.2.21.1:*
12/05/24 23:57:01 K< : recv pfkey GETSPI ESP message
12/05/24 23:57:01 DB : phase2 found
12/05/24 23:57:01 ii : phase2 sa established
12/05/24 23:57:01 ii : 192.168.1.146:4500 <-> *.*.*.*:4500
12/05/24 23:57:01 == : phase2 hash_p ( input ) ( 45 bytes )
12/05/24 23:57:01 == : phase2 hash_p ( computed ) ( 20 bytes )
12/05/24 23:57:01 >> : hash payload
12/05/24 23:57:01 >= : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:57:01 >= : message 018a997c
12/05/24 23:57:01 >= : encrypt iv ( 16 bytes )
12/05/24 23:57:01 == : encrypt packet ( 52 bytes )
12/05/24 23:57:01 == : stored iv ( 16 bytes )
12/05/24 23:57:01 DB : phase2 resend event canceled ( ref count = 1 )
12/05/24 23:57:01 -> : send NAT-T:IKE packet 192.168.1.146:4500 ->
*.*.*.*:4500 ( 92 bytes )
12/05/24 23:57:01 == : spi cipher key data ( 16 bytes )
12/05/24 23:57:01 == : spi hmac key data ( 16 bytes )
12/05/24 23:57:01 K> : send pfkey UPDATE ESP message
12/05/24 23:57:01 K< : recv pfkey UPDATE ESP message
12/05/24 23:57:01 == : spi cipher key data ( 16 bytes )
12/05/24 23:57:01 == : spi hmac key data ( 16 bytes )
12/05/24 23:57:01 K> : send pfkey UPDATE ESP message
12/05/24 23:57:01 K< : recv pfkey UPDATE ESP message
12/05/24 23:57:12 <A : peer tunnel disable message
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 ii : removing IPSEC INBOUND policy ANY:10.1.2.0/24:*
-> ANY:10.2.21.1:*
12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 ii : removing IPSEC OUTBOUND policy ANY:10.2.21.1:*
-> ANY:10.1.2.0/24:*
12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 ii : removed IPSEC policy route for ANY:10.1.2.0/24:*
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 ii : removing NONE INBOUND policy ANY:*.*.*.*:* ->
ANY:192.168.1.146:*
12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 ii : removing NONE OUTBOUND policy
ANY:192.168.1.146:* -> ANY:*.*.*.*:*
12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 ii : removed NONE policy route for ANY:*.*.*.*:*
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 ii : removing NONE INBOUND policy ANY:192.168.1.1:*
-> ANY:10.2.21.1:*
12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 ii : removing NONE OUTBOUND policy ANY:10.2.21.1:*
-> ANY:192.168.1.1:*
12/05/24 23:57:12 K> : send pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 ii : removed NONE policy route for ANY:192.168.1.1:*
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 DB : policy deleted ( obj count = 5 )
12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 DB : policy deleted ( obj count = 4 )
12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 DB : policy deleted ( obj count = 3 )
12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 DB : policy deleted ( obj count = 2 )
12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 DB : policy deleted ( obj count = 1 )
12/05/24 23:57:12 K< : recv pfkey X_SPDDELETE2 UNSPEC message
12/05/24 23:57:12 DB : policy found
12/05/24 23:57:12 DB : policy deleted ( obj count = 0 )
12/05/24 23:57:12 ii : disable adapter ROOT\VNET\0000
12/05/24 23:57:12 DB : tunnel dpd event canceled ( ref count = 6 )
12/05/24 23:57:12 DB : tunnel natt event canceled ( ref count = 5 )
12/05/24 23:57:12 DB : tunnel stats event canceled ( ref count = 4 )
12/05/24 23:57:12 DB : removing tunnel config references
12/05/24 23:57:12 DB : config deleted ( obj count = 0 )
12/05/24 23:57:12 DB : removing tunnel phase2 references
12/05/24 23:57:12 DB : phase2 soft event canceled ( ref count = 2 )
12/05/24 23:57:12 DB : phase2 hard event canceled ( ref count = 1 )
12/05/24 23:57:12 DB : phase1 found
12/05/24 23:57:12 ii : sending peer DELETE message
12/05/24 23:57:12 ii : - 192.168.1.146:4500 -> *.*.*.*:4500
12/05/24 23:57:12 ii : - ipsec-esp spi = 0xcb66c637
12/05/24 23:57:12 ii : - data size 0
12/05/24 23:57:12 >> : hash payload
12/05/24 23:57:12 >> : delete payload
12/05/24 23:57:12 == : new informational hash ( 20 bytes )
12/05/24 23:57:12 == : new informational iv ( 16 bytes )
12/05/24 23:57:12 >= : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:57:12 >= : message dd8b56d7
12/05/24 23:57:12 >= : encrypt iv ( 16 bytes )
12/05/24 23:57:12 == : encrypt packet ( 68 bytes )
12/05/24 23:57:12 == : stored iv ( 16 bytes )
12/05/24 23:57:12 -> : send NAT-T:IKE packet 192.168.1.146:4500 ->
*.*.*.*:4500 ( 108 bytes )
12/05/24 23:57:12 K> : send pfkey DELETE ESP message
12/05/24 23:57:12 K> : send pfkey DELETE ESP message
12/05/24 23:57:12 ii : phase2 removal before expire time
12/05/24 23:57:12 DB : phase2 deleted ( obj count = 0 )
12/05/24 23:57:12 DB : removing tunnel phase1 references
12/05/24 23:57:12 DB : phase1 soft event canceled ( ref count = 3 )
12/05/24 23:57:12 DB : phase1 hard event canceled ( ref count = 2 )
12/05/24 23:57:12 DB : phase1 dead event canceled ( ref count = 1 )
12/05/24 23:57:12 ii : sending peer DELETE message
12/05/24 23:57:12 ii : - 192.168.1.146:4500 -> *.*.*.*:4500
12/05/24 23:57:12 ii : - isakmp spi = 5791401bca29a9a8:879667a27f584432
12/05/24 23:57:12 ii : - data size 0
12/05/24 23:57:12 >> : hash payload
12/05/24 23:57:12 >> : delete payload
12/05/24 23:57:12 == : new informational hash ( 20 bytes )
12/05/24 23:57:12 == : new informational iv ( 16 bytes )
12/05/24 23:57:12 >= : cookies 5791401bca29a9a8:879667a27f584432
12/05/24 23:57:12 >= : message 6dbea7fa
12/05/24 23:57:12 >= : encrypt iv ( 16 bytes )
12/05/24 23:57:12 == : encrypt packet ( 80 bytes )
12/05/24 23:57:12 == : stored iv ( 16 bytes )
12/05/24 23:57:12 -> : send NAT-T:IKE packet 192.168.1.146:4500 ->
*.*.*.*:4500 ( 124 bytes )
12/05/24 23:57:12 ii : phase1 removal before expire time
12/05/24 23:57:12 DB : phase1 deleted ( obj count = 0 )
12/05/24 23:57:12 DB : tunnel deleted ( obj count = 0 )
12/05/24 23:57:12 DB : removing all peer tunnel refrences
12/05/24 23:57:12 DB : peer deleted ( obj count = 0 )
12/05/24 23:57:12 ii : ipc client process thread exit ...
12/05/24 23:57:12 K< : recv pfkey DELETE ESP message
12/05/24 23:57:12 K< : recv pfkey DELETE ESP message
12/05/24 23:57:16 ii : halt signal received, shutting down
12/05/24 23:57:16 ii : pfkey process thread exit ...
12/05/24 23:57:16 ii : ipc server process thread exit ...


Any help would be greatly appreciated!

Kevin



More information about the vpn-help mailing list