## : IPSEC Daemon, Mar 13 2006 ## : Copyright 2005 ShrewSoft Inc. ## : This product linked OpenSSL 0.9.8a 11 Oct 2005 ii : rebuilding interface list ... ii : interface IP=205.134.160.254, MTU=1500 active ii : 1 adapter(s) active ii : client ctrl thread begin ... DB : tunnel added ii : peer config message received ii : local address selected for peer ii : 205.134.160.254 ( Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport ) ii : user credentials message received ii : client keyfile message received ii : '\Documents and Settings\Compaq_Owner\Desktop\CA.crt' loaded ii : client keyfile message received ii : '\Documents and Settings\Compaq_Owner\Desktop\vpngw.crt' loaded ii : client keyfile message received ii : '\Documents and Settings\Compaq_Owner\Desktop\vpngw.key' loaded ii : policy config message received ii : tunnel enable message received DB : new phase1 sa ( ISAKMP initiator ) DB : exchange type is aggressive DB : 205.134.160.254:500 <-> 205.134.160.6:500 DB : 03ffb2d42e92fe1a:0000000000000000 DB : phase1 sa added >> : security association payload >> : key exchange payload >> : nonce payload >> : identification payload >> : vendor id payload >> : vendor id payload >> : vendor id payload -> : send IKE packet to 205.134.160.6:500 ( 471 bytes ) ii : vnet inf 'C:\Program Files\ShrewSoft\VPN Client\drivers\virtualnet.inf' <- : recv IKE packet from 205.134.160.6:500 ( 548 bytes ) DB : ipsec peer found DB : phase1 sa found << : fragment payload ii : ike fragment received, waiting on complete packet <- : recv IKE packet from 205.134.160.6:500 ( 548 bytes ) DB : ipsec peer found DB : phase1 sa found << : fragment payload ii : ike fragment received, waiting on complete packet <- : recv IKE packet from 205.134.160.6:500 ( 121 bytes ) DB : ipsec peer found DB : phase1 sa found << : fragment payload ii : ike fragment received, processing complete packet << : security association payload ii : matched phase1 proposal ii : - protocol = isakmp ii : - transform = ike ii : - key length = default ii : - cipher type = 3des ii : - hash type = md5 ii : - dh group = modp-1024 ii : - auth type = sig-rsa ii : - life seconds = 28800 ii : - life kbytes = 0 << : key exchange payload << : nonce payload << : identification payload << : certificate payload << : signature payload << : vendor id payload ii : peer supports UNITY << : cert request payload << : vendor id payload ii : peer supports NAT-T << : nat discovery payload << : nat discovery payload == : DH shared secret ( 128 bytes ) == : SETKEYID ( 16 bytes ) == : SETKEYID_d ( 16 bytes ) == : SETKEYID_a ( 16 bytes ) == : SETKEYID_e ( 16 bytes ) == : cipher key ( 32 bytes ) == : cipher iv ( 8 bytes ) == : phase1 hash_i ( computed ) ( 16 bytes ) >> : certificate payload >> : signature payload >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 649 bytes ) == : stored iv ( 8 bytes ) ii : fragmenting ike packet ii : packet size ( 652 ) + encap size ( 8 ) > frag size ( 540 ) >> : fragment payload -> : send fragmented IKE packet to 205.134.160.6:500 ( 560 bytes ) >> : fragment payload -> : send fragmented IKE packet to 205.134.160.6:500 ( 164 bytes ) ii : unable to get certificate CRL(3) at depth:0 ii : subject :/C=US/ST=Maryland/L=Beltsville/O=AiNET/OU=vpn clients/CN=AiNET VPN Server/emailAddress=michael.ragusa@ai.net ii : unable to get certificate CRL(3) at depth:1 ii : subject :/C=US/ST=Maryland/L=Beltsville/O=AiNET/OU=vpn clients/CN=AiNET VPN CA/emailAddress=michael.ragusa@ai.net == : phase1 hash_r ( computed ) ( 16 bytes ) == : phase1 hash_r ( received ) ( 16 bytes ) II | phase1 sa established II | 205.134.160.254:500 <-> 205.134.160.6:500 II | 3ffb2d42e92fe1a:f59afc47249ab51 >> : hash payload >> : notification payload == : new informational hash ( 16 bytes ) == : new phase2 iv ( 8 bytes ) >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 76 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 205.134.160.6:500 ( 76 bytes ) II | sent peer notification, INITIAL-CONTACT II | 205.134.160.254 -> 205.134.160.6 II | isakmp spi = 03ffb2d42e92fe1a:0f59afc47249ab51 DB : config added == : new phase2 iv ( 8 bytes ) ii : determining required modecfg attributes ii : - IP4 Address ii : - IP4 Netamask ii : - IP4 DNS Server ii : - IP4 DNS Suffix ii : - IP4 WINS Server ii : sending isakmp config request >> : hash payload >> : attribute payload == : new configure hash ( 16 bytes ) >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 76 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 205.134.160.6:500 ( 76 bytes ) <- : recv IKE packet from 205.134.160.6:500 ( 84 bytes ) DB : ipsec peer found DB : phase1 sa found == : new phase2 iv ( 8 bytes ) =< : decrypt iv ( 8 bytes ) <= : decrypt packet ( 84 bytes ) == : stored iv ( 8 bytes ) << : hash payload << : notification payload II | received peer notification, INITIAL-CONTACT II | 205.134.160.6 -> 205.134.160.254 II | isakmp spi = 03ffb2d42e92fe1a:0f59afc47249ab51 <- : recv IKE packet from 205.134.160.6:500 ( 92 bytes ) DB : ipsec peer found DB : phase1 sa found DB : config found =< : decrypt iv ( 8 bytes ) <= : decrypt packet ( 92 bytes ) == : stored iv ( 8 bytes ) << : hash payload << : attribute payload ii : received isakmp config reply ii : - IP4 Address = 10.246.37.1 ii : - IP4 Netmask = 255.255.255.0 ii : - IP4 DNS Server = 205.134.190.4 ii : - IP4 WINS Server = 0.0.0.0 ii : created vnet device 'ROOT\VNET\0000' ii : client recv thread begin ... ii : inspecting VNet DHCP request ... ii : option unknown ( 74 ) ii : option unknown ( 3d ) ii : option clientid = 'your-27e1513d96' ii : option unknown ( 3c ) ii : option unknown ( 37 ) ii : responding to DHCP discover ii : inspecting VNet DHCP request ... ii : option unknown ( 3d ) ii : option unknown ( 32 ) ii : option unknown ( 36 ) ii : option clientid = 'your-27e1513d96' ii : option unknown ( 51 ) ii : option unknown ( 3c ) ii : option unknown ( 37 ) ii : responding to DHCP request ii : inspecting VNet ARP request ... ii : configuring tunnel securtiy policies DB : phase1 sa found DB : new phase2 sa ( IPSEC initiator ) DB : phase2 sa added == : new phase2 iv ( 8 bytes ) >> : hash payload >> : security association payload >> : nonce payload >> : key exchange payload >> : identification payload >> : identification payload == : phase2 hash_i ( computed ) ( 16 bytes ) >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 288 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 205.134.160.6:500 ( 292 bytes ) ii : rebuilding interface list ... ii : interface IP=10.246.37.1, MTU=1500 active ii : interface IP=205.134.160.254, MTU=1500 active ii : 2 adapter(s) active ii : routing remote net 10.246.38.0/255.255.255.0 <- : recv IKE packet from 205.134.160.6:500 ( 292 bytes ) DB : ipsec peer found DB : phase1 sa found DB : phase2 sa found =< : decrypt iv ( 8 bytes ) <= : decrypt packet ( 292 bytes ) == : stored iv ( 8 bytes ) << : hash payload << : security association payload ii : matched phase2 proposal ii : - protocol = ipsec-esp ii : - encap mode = tunnel ii : - transform = esp-3des ii : - key length = default ii : - auth type = hmac-md5 ii : - pfs dh group = modp-1024 ii : - life seconds = 3600 ii : - life kbytes = 0 << : nonce payload << : key exchange payload << : identification payload << : identification payload == : phase2 hash_r ( computed ) ( 16 bytes ) == : phase2 hash_r ( received ) ( 16 bytes ) II | phase2 sa established II | 205.134.160.254:500 <-> 205.134.160.6:500 II | outbound spi = 0x029aea13 II | inbound spi = 0x23914cbe == : pfs dh shared secret ( 128 bytes ) == : inbound spi key data ( 48 bytes ) == : outbound spi key data ( 48 bytes ) == : phase2 hash_p ( computed ) ( 16 bytes ) >> : hash payload >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 48 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 205.134.160.6:500 ( 52 bytes ) ii : inspecting VNet ARP request ... ii : inspecting VNet ARP request ... DB : phase2 sa found ii : rebuilding interface list ... ii : interface IP=10.246.37.1, MTU=1500 active ii : interface IP=205.134.160.254, MTU=1500 active ii : 2 adapter(s) active -> : send ESP packet to 205.134.160.6 ( 76 bytes ) DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 76 bytes ) ii : inspecting VNet ARP request ... ii : responding to VNet ARP request for 10.246.38.1 DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes ) DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes ) DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes ) DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes ) ii : inspecting VNet ARP request ... ii : responding to VNet ARP request for 10.246.38.107 DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes ) DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes ) DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes ) DB : phase2 sa found -> : send ESP packet to 205.134.160.6 ( 92 bytes )