## : IPSEC Daemon, ver 1.1.0 ## : Copyright 2006 Shrew Soft Inc. ## : This product linked OpenSSL 0.9.8a 11 Oct 2005 ii : opened 'dump-frg.cap' ii : opened 'dump-prv.cap' ii : rebuilding vnet device list ... ii : device ROOT\VNET\0000 disabled ii : rebuilding vprot interface list ... ii : interface IP=10.1.200.170, MTU=1500, MAC=00:bf:1c:5f:0c:6d active ii : 1 adapter(s) active ii : client ctrl thread begin ... DB : tunnel added DB : tunnel dereferenced ( ref count = 0, tunnel count = 1 ) ii : peer config message received DB : ipsec peer not found ii : local address selected for peer ii : 10.1.200.170 ( Realtek RTL8029(AS) PCI Ethernet Adapter - Packet Scheduler Miniport ) ii : user credentials message received ii : '\Documents and Settings\peisch\Desktop\VPN\merom\ca.crt' loaded ii : 'pcvpn.visionshareinc.com.crt' loaded ii : 'pcvpn.visionshareinc.com.key' loaded ii : tunnel enable message received ii : obtained x509 cert subject ( 195 bytes ) DB : new phase1 sa ( ISAKMP initiator ) DB : exchange type is aggressive DB : 10.1.200.170:500 <-> 10.1.101.26:500 DB : a8d7a5dcdeee21a5:0000000000000000 DB : phase1 sa added >> : security association payload >> : key exchange payload >> : nonce payload >> : identification payload >> : vendor id payload >> : vendor id payload >> : vendor id payload >> : vendor id payload ii : fragmenting ike packet ii : packet size ( 527 ) + encap size ( 8 ) > frag size ( 384 ) >> : fragment payload -> : send fragmented IKE packet to 10.1.101.26:500 ( 404 bytes ) >> : fragment payload -> : send fragmented IKE packet to 10.1.101.26:500 ( 195 bytes ) DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 ) <- : recv IKE packet from 10.1.101.26:500 ( 548 bytes ) DB : ipsec peer found DB : phase1 sa found << : fragment payload ii : ike fragment received, waiting on complete packet DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 ) DB : tunnel dereferenced ( ref count = 1, tunnel count = 1 ) <- : recv IKE packet from 10.1.101.26:500 ( 548 bytes ) DB : ipsec peer found DB : phase1 sa found << : fragment payload ii : ike fragment received, waiting on complete packet DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 ) DB : tunnel dereferenced ( ref count = 1, tunnel count = 1 ) <- : recv IKE packet from 10.1.101.26:500 ( 548 bytes ) DB : ipsec peer found DB : phase1 sa found << : fragment payload ii : ike fragment received, waiting on complete packet DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 ) DB : tunnel dereferenced ( ref count = 1, tunnel count = 1 ) <- : recv IKE packet from 10.1.101.26:500 ( 416 bytes ) DB : ipsec peer found DB : phase1 sa found << : fragment payload ii : ike fragment received, processing complete packet << : security association payload ii : matched phase1 proposal ii : - protocol = isakmp ii : - transform = ike ii : - key length = default ii : - cipher type = 3des ii : - hash type = sha1 ii : - dh group = modp-1024 ii : - auth type = sig-rsa ii : - life seconds = 86400 ii : - life kbytes = 0 << : key exchange payload << : nonce payload << : identification payload << : certificate payload << : signature payload << : cert request payload << : vendor id payload ii : peer supports UNITY << : vendor id payload ii : peer supports NAT-T RFC << : nat discovery payload << : nat discovery payload << : vendor id payload ii : peer supports FRAGMENTATION == : DH shared secret ( 128 bytes ) == : SETKEYID ( 20 bytes ) == : SETKEYID_d ( 20 bytes ) == : SETKEYID_a ( 20 bytes ) == : SETKEYID_e ( 20 bytes ) == : cipher key ( 40 bytes ) == : cipher iv ( 8 bytes ) == : phase1 hash_i ( computed ) ( 20 bytes ) >> : certificate payload >> : signature payload >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 1392 bytes ) == : stored iv ( 8 bytes ) ii : fragmenting ike packet ii : packet size ( 1396 ) + encap size ( 8 ) > frag size ( 384 ) >> : fragment payload -> : send fragmented IKE packet to 10.1.101.26:500 ( 404 bytes ) >> : fragment payload -> : send fragmented IKE packet to 10.1.101.26:500 ( 404 bytes ) >> : fragment payload -> : send fragmented IKE packet to 10.1.101.26:500 ( 404 bytes ) >> : fragment payload -> : send fragmented IKE packet to 10.1.101.26:500 ( 328 bytes ) ii : unable to get certificate CRL(3) at depth:0 ii : subject :/C=US/ST=Minnesota/L=Minneapolis/O=VisionShare, Inc./OU=Managed Services/CN=cow.visionshareinc.com/emailAddress=peter.eisch@visionshareinc.com ii : unable to get certificate CRL(3) at depth:1 ii : subject :/C=US/ST=Minnesota/L=Minneapolis/O=VisionShare, Inc./OU=Managed Services/CN=vpnca.visionshareinc.com/emailAddress=peter.eisch@visionshareinc.com == : phase1 hash_r ( computed ) ( 20 bytes ) == : phase1 hash_r ( received ) ( 20 bytes ) ii : phase1 sa established ii : 10.1.200.170:500 <-> 10.1.101.26:500 ii : a8d7a5dcdeee21a5:fc8624dc2828f7f7 >> : hash payload >> : notification payload == : new informational hash ( 20 bytes ) == : new phase2 iv ( 8 bytes ) >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 80 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 10.1.101.26:500 ( 84 bytes ) ii : sent peer notification, INITIAL-CONTACT ii : 10.1.200.170 -> 10.1.101.26 ii : isakmp spi = a8d7a5dcdeee21a5:fc8624dc2828f7f7 ii : data size 0 DB : config added == : new phase2 iv ( 8 bytes ) ii : determining required modecfg attributes ii : - IP4 Address ii : - IP4 Netamask ii : - IP4 DNS Server ii : - IP4 DNS Suffix ii : - Split DNS Domains ii : - IP4 WINS Server ii : - IP4 Split Network Include List ii : - IP4 Split Network Exclude List ii : sending isakmp config request >> : hash payload >> : attribute payload == : new configure hash ( 20 bytes ) >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 92 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 10.1.101.26:500 ( 92 bytes ) DB : config dereferenced ( ref count = 0, config count = 1 ) DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 ) DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 ) <- : recv IKE packet from 10.1.101.26:500 ( 84 bytes ) DB : ipsec peer found DB : phase1 sa found == : new phase2 iv ( 8 bytes ) =< : decrypt iv ( 8 bytes ) <= : decrypt packet ( 84 bytes ) == : stored iv ( 8 bytes ) << : hash payload << : notification payload == : informational hash_i ( computed ) ( 20 bytes ) == : informational hash_c ( computed ) ( 20 bytes ) ii : informational hash verified ii : received peer notification, INITIAL-CONTACT ii : 10.1.101.26 -> 10.1.200.170 ii : isakmp spi = a8d7a5dcdeee21a5:fc8624dc2828f7f7 ii : data size 0 DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 ) DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 ) ii : recv DNS packet from 10.1.100.126 <- : recv IKE packet from 10.1.101.26:500 ( 108 bytes ) DB : ipsec peer found DB : phase1 sa found DB : config found =< : decrypt iv ( 8 bytes ) <= : decrypt packet ( 108 bytes ) == : stored iv ( 8 bytes ) << : hash payload << : attribute payload == : informational hash_i ( computed ) ( 20 bytes ) == : informational hash_c ( computed ) ( 20 bytes ) ii : configure hash verified ii : received isakmp config reply ii : - IP4 Address = 10.1.202.1 ii : - IP4 Netmask = 255.255.255.0 ii : - IP4 DNS Server = 10.1.100.126 ii : - IP4 DNS Suffix = ii : - IP4 WINS Server = 10.1.100.126 DB : config dereferenced ( ref count = 0, config count = 1 ) DB : config deleted DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 ) DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 ) DB : tunnel dereferenced ( ref count = 1, tunnel count = 1 ) ii : client recv thread begin ... ii : enabled adapter ROOT\VNET\0000 ii : added host route for remote peer ii : added tunnel default route DB : phase1 sa found DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 ) DB : phase2 sa not found DB : phase2 sa not found DB : phase2 sa not found DB : phase1 sa found DB : new phase2 sa ( IPSEC initiator ) DB : phase2 sa added == : new phase2 iv ( 8 bytes ) >> : hash payload >> : security association payload >> : nonce payload >> : key exchange payload >> : identification payload >> : identification payload == : phase2 hash_i ( computed ) ( 20 bytes ) >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 296 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 10.1.101.26:500 ( 300 bytes ) ii : rebuilding vprot interface list ... ii : interface IP=10.1.202.1, MTU=1500, MAC=aa:aa:aa:aa:aa:00 active ii : interface IP=10.1.200.170, MTU=1500, MAC=00:bf:1c:5f:0c:6d active ii : 2 adapter(s) active DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 ) DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 ) ii : outbound packet has been queued ii : no mature sa found for 10.1.202.1 -> 224.0.0.22 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.125 <- : recv IKE packet from 10.1.101.26:500 ( 300 bytes ) DB : ipsec peer found DB : phase1 sa found DB : phase2 sa found =< : decrypt iv ( 8 bytes ) <= : decrypt packet ( 300 bytes ) == : stored iv ( 8 bytes ) << : hash payload << : security association payload ii : matched phase2 proposal ii : - protocol = ipsec-esp ii : - encap mode = tunnel ii : - transform = esp-aes ii : - key length = 128 bits ii : - auth type = hmac-sha ii : - pfs dh group = modp-1024 ii : - life seconds = 3600 ii : - life kbytes = 0 << : nonce payload << : key exchange payload << : identification payload << : identification payload ii : phase2 ids match 10.1.202.1 -> 0.0.0.0/0.0.0.0 == : phase2 hash_r ( computed ) ( 20 bytes ) == : phase2 hash_r ( received ) ( 20 bytes ) ii : phase2 sa established ii : 10.1.200.170:500 <-> 10.1.101.26:500 ii : outbound spi = 0x091d19c4 ii : inbound spi = 0x2edb3be1 == : pfs dh shared secret ( 128 bytes ) == : inbound spi key data ( 40 bytes ) == : outbound spi key data ( 40 bytes ) == : phase2 hash_p ( computed ) ( 20 bytes ) >> : hash payload >= : encrypt iv ( 8 bytes ) => : encrypt packet ( 52 bytes ) == : stored iv ( 8 bytes ) -> : send IKE packet to 10.1.101.26:500 ( 52 bytes ) ii : inspecting VNet ARP request ... DB : phase2 sa found -> : send ESP packet to 10.1.101.26 ( 84 bytes ) DB : phase2 sa dereferenced ( ref count = 1, phase2 count = 1 ) ii : outbound packet has been de-queued -> : send ESP packet to 10.1.101.26 ( 84 bytes ) DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 ) DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 ) DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 ) ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 204.130.132.3 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 204.130.132.3 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 204.130.132.3 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 204.130.132.3 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 10.1.100.126 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 204.130.132.3 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 204.130.132.3 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 204.130.132.3 ii : inspecting VNet ARP request ... ii : match policy for 10.1.202.1 -> 204.130.132.3