## : IPSEC Daemon, Feb 26 2006 ## : Copyright 2005 ShrewSoft Inc. ## : This product linked OpenSSL 0.9.8a 11 Oct 2005 ii : rebuilding interface list ... ii : interface IP=205.134.160.254, MTU=1500 active ii : 1 adapter(s) active ii : client ctrl thread begin ... DB : tunnel added ii : peer config message received ii : local address selected for peer ii : 205.134.160.254 ( Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport ) ii : user credentials message received ii : client keyfile message received ii : '\Documents and Settings\Compaq_Owner\Desktop\CA.crt' loaded ii : client keyfile message received ii : '\Documents and Settings\Compaq_Owner\Desktop\vpngw.crt' loaded ii : client keyfile message received ii : '\Documents and Settings\Compaq_Owner\Desktop\vpngw.key' loaded ii : policy config message received ii : tunnel enable message received DB : new phase1 sa ( ISAKMP initiator ) DB : exchange type is aggressive DB : 205.134.160.254:500 <-> 205.134.160.6:500 DB : f03dab91be486703:0000000000000000 DB : phase1 sa added >> : security association payload >> : key exchange payload >> : nonce payload >> : identification payload >> : vendor id payload >> : vendor id payload -> : send IKE packet to 205.134.160.6:500 ( 447 bytes ) ii : vnet inf 'C:\Program Files\ShrewSoft\VPN Client\drivers\virtualnet.inf' <- : recv IKE packet from 205.134.160.6:500 ( 1109 bytes ) DB : ipsec peer found DB : phase1 sa found << : security association payload ii : matched phase1 proposal ii : - protocol = isakmp ii : - transform = ike ii : - key length = default ii : - cipher type = 3des ii : - hash type = md5 ii : - dh group = modp-1024 ii : - auth type = sig-rsa ii : - life seconds = 28800 ii : - life kbytes = 0 << : key exchange payload << : nonce payload << : identification payload << : certificate payload << : signature payload << : vendor id payload ii : unknown vendor id ( 16 bytes ) << : cert request payload << : vendor id payload ii : peer supports NAT-T << : nat discovery payload << : nat discovery payload == : DH shared secret ( 128 bytes ) == : SETKEYID ( 16 bytes ) == : SETKEYID_d ( 16 bytes ) == : SETKEYID_a ( 16 bytes ) == : SETKEYID_e ( 16 bytes ) == : cipher key ( 32 bytes ) == : cipher iv ( 8 bytes ) == : phase1 hash_i ( computed ) ( 16 bytes ) >> : certificate payload >> : signature payload >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 649 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 205.134.160.6:500 ( 652 bytes ) ii : unable to get certificate CRL(3) at depth:0 ii : subject :/C=US/ST=Maryland/L=Beltsville/O=AiNET/OU=vpn clients/CN=AiNET VPN Server/emailAddress=michael.ragusa@ai.net ii : unable to get certificate CRL(3) at depth:1 ii : subject :/C=US/ST=Maryland/L=Beltsville/O=AiNET/OU=vpn clients/CN=AiNET VPN CA/emailAddress=michael.ragusa@ai.net == : phase1 hash_r ( computed ) ( 16 bytes ) == : phase1 hash_r ( received ) ( 16 bytes ) II | phase1 sa established II | 205.134.160.254:500 <-> 205.134.160.6:500 II | f03dab91be486703:161fa58e8abeaba6 >> : hash payload >> : notification payload II | sent peer notification, INITIAL-CONTACT II | 205.134.160.254 -> 205.134.160.6 II | message id = 690208388 II | isakmp spi = f03dab91be486703:161fa58e8abeaba6 == : new informational hash ( 16 bytes ) == : new phase2 iv ( 8 bytes ) >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 76 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 205.134.160.6:500 ( 76 bytes ) DB : config added == : new phase2 iv ( 8 bytes ) >> : hash payload >> : attribute payload == : new configure hash ( 16 bytes ) >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 76 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 205.134.160.6:500 ( 76 bytes ) ii : sent isakmp config request <- : recv IKE packet from 205.134.160.6:500 ( 92 bytes ) DB : ipsec peer found DB : phase1 sa found DB : config found =< : decrypt iv ( 8 bytes ) <= : decrypt packet ( 92 bytes ) == : stored iv ( 8 bytes ) << : hash payload << : attribute payload ii : received isakmp config reply ii : addr = 10.246.37.3 ii : mask = 255.255.255.0 ii : dnss = 205.134.190.4 ii : nbns = 0.0.0.0 ii : created vnet device 'ROOT\VNET\0000' ii : client recv thread begin ... ii : inspecting VNet DHCP request ... ii : option unknown ( 74 ) ii : option unknown ( 3d ) ii : option clientid = 'your-27e1513d96' ii : option unknown ( 3c ) ii : option unknown ( 37 ) ii : responding to DHCP discover ii : inspecting VNet DHCP request ... ii : option unknown ( 3d ) ii : option unknown ( 32 ) ii : option unknown ( 36 ) ii : option clientid = 'your-27e1513d96' ii : option unknown ( 51 ) ii : option unknown ( 3c ) ii : option unknown ( 37 ) ii : responding to DHCP request ii : inspecting VNet ARP request ... ii : inspecting VNet ARP request ... ii : configuring tunnel securtiy policies DB : new phase2 sa ( IPSEC initiator ) DB : phase2 sa added == : new phase2 iv ( 8 bytes ) >> : hash payload >> : security association payload >> : nonce payload >> : key exchange payload >> : identification payload >> : identification payload == : phase2 hash_i ( computed ) ( 16 bytes ) >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 288 bytes ) == : stored iv ( 8 bytes ) ii : rebuilding interface list ... ii : interface IP=10.246.37.3, MTU=1500 active ii : interface IP=205.134.160.254, MTU=1500 active ii : 2 adapter(s) active -> : send IKE packet to 205.134.160.6:500 ( 292 bytes ) ii : routing remote net 10.246.38.0/255.255.255.0 <- : recv IKE packet from 205.134.160.6:500 ( 292 bytes ) DB : ipsec peer found DB : phase1 sa found DB : phase2 sa found =< : decrypt iv ( 8 bytes ) <= : decrypt packet ( 292 bytes ) == : stored iv ( 8 bytes ) << : hash payload << : security association payload ii : matched phase2 proposal ii : - protocol = ipsec-esp ii : - encap mode = tunnel ii : - transform = esp-3des ii : - key length = default ii : - auth type = hmac-md5 ii : - pfs dh group = modp-1024 ii : - life seconds = 3600 ii : - life kbytes = 0 << : nonce payload << : key exchange payload << : identification payload << : identification payload == : phase2 hash_r ( computed ) ( 16 bytes ) == : phase2 hash_r ( received ) ( 16 bytes ) II | phase2 sa established II | 205.134.160.254:500 <-> 205.134.160.6:500 II | outbound spi = 0x0445076c II | inbound spi = 0x0b91ffe1 == : pfs dh shared secret ( 128 bytes ) == : inbound spi key data ( 48 bytes ) == : outbound spi key data ( 48 bytes ) == : phase2 hash_p ( computed ) ( 16 bytes ) >> : hash payload >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 48 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 205.134.160.6:500 ( 52 bytes ) ii : inspecting VNet ARP request ... DB : phase2 sa found ii : rebuilding interface list ... ii : interface IP=10.246.37.3, MTU=1500 active ii : interface IP=205.134.160.254, MTU=1500 active ii : 2 adapter(s) active -> : send ESP packet to 205.134.160.6 ( 76 bytes ) DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 76 bytes ) ii : inspecting VNet ARP request ... ii : responding to VNet ARP request for 10.246.38.1 DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes ) DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes ) DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes ) DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes ) ii : tunnel enable message received ii : bringing down tunnel ... ii : client recv thread exit ... ii : deleted vnet device 'ROOT\VNET\0000' DB : config deleted DB : phase2 sa deleted DB : phase1 sa deleted DB : tunnel deleted ii : client ctrl thread exit ...