## : IPSEC Daemon, ver 1.1.0
## : Copyright 2006 Shrew Soft Inc.
## : This product linked OpenSSL 0.9.8a 11 Oct 2005
ii : opened 'dump-frg.cap'
ii : opened 'dump-prv.cap'
ii : rebuilding vnet device list ...
ii : device ROOT\VNET\0000 enabled
ii : disabled adapter ROOT\VNET\0000
ii : rebuilding vprot interface list ...
ii : interface IP=10.1.200.170, MTU=1500, MAC=00:bf:1c:5f:0c:6d active
ii : 1 adapter(s) active
ii : recv DNS packet from 10.1.100.126
ii : recv DNS packet from 10.1.100.126
ii : recv DNS packet from 10.1.100.126
ii : client ctrl thread begin ...
DB : tunnel added
DB : tunnel dereferenced ( ref count = 0, tunnel count = 1 )
<C : client peer config message
DB : ipsec peer not found
ii : local address selected for peer
ii : 10.1.200.170 ( Realtek RTL8029(AS) PCI Ethernet Adapter - Packet Scheduler Miniport )
<C : client user credentials message
<C : client local id 'merom.visionshareinc.com' message
<C : client remote id 'cow.visionshareinc.com' message
<C : client preshared key message
<C : client tunnel enable message
DB : new phase1 sa ( ISAKMP initiator )
DB : exchange type is aggressive
DB : 10.1.200.170:500 <-> 10.1.101.26:500
DB : 35f254866f26e641:0000000000000000
DB : phase1 sa added
>> : security association payload
>> : key exchange payload
>> : nonce payload
>> : identification payload
>> : vendor id payload
>> : vendor id payload
>> : vendor id payload
>> : vendor id payload
>> : vendor id payload
>> : vendor id payload
-> : send IKE packet to 10.1.101.26:500 ( 388 bytes )
DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 )
<- : recv IKE packet from 10.1.101.26:500 ( 548 bytes )
DB : ipsec peer found
DB : phase1 sa found
<< : fragment payload
ii : ike fragment received, waiting on complete packet
DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 )
DB : tunnel dereferenced ( ref count = 1, tunnel count = 1 )
<- : recv IKE packet from 10.1.101.26:500 ( 117 bytes )
DB : ipsec peer found
DB : phase1 sa found
<< : fragment payload
ii : ike fragment received, processing complete packet
<< : security association payload
ii : matched phase1 proposal
ii : - protocol     = isakmp
ii : - transform    = ike
ii : - key length   = default
ii : - cipher type  = 3des
ii : - hash type    = md5
ii : - dh group     = modp-1024
ii : - auth type    = xauth-initiator-psk
ii : - life seconds = 86400
ii : - life kbytes  = 0
<< : key exchange payload
<< : nonce payload
<< : identification payload
<< : hash payload
<< : vendor id payload
ii : peer supports XAUTH
<< : vendor id payload
ii : peer supports UNITY
<< : vendor id payload
ii : peer supports NAT-T RFC
<< : nat discovery payload
<< : nat discovery payload
<< : vendor id payload
ii : peer supports FRAGMENTATION
<< : vendor id payload
ii : peer supports DPDv1
== : DH shared secret ( 128 bytes )
== : SETKEYID ( 16 bytes )
== : SETKEYID_d ( 16 bytes )
== : SETKEYID_a ( 16 bytes )
== : SETKEYID_e ( 16 bytes )
== : cipher key ( 32 bytes )
== : cipher iv ( 8 bytes )
== : phase1 hash_i ( computed ) ( 16 bytes )
>> : hash payload
>> : nat discovery payload
>> : nat discovery payload
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 88 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet to 10.1.101.26:500 ( 92 bytes )
== : phase1 hash_r ( computed ) ( 16 bytes )
== : phase1 hash_r ( received ) ( 16 bytes )
ii : phase1 sa established
ii : 10.1.200.170:500 <-> 10.1.101.26:500
ii : 35f254866f26e641:e8cec85d5c23173e
>> : hash payload
>> : notification payload
== : new informational hash ( 16 bytes )
== : new phase2 iv ( 8 bytes )
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 76 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet to 10.1.101.26:500 ( 76 bytes )
ii : sent peer notification, INITIAL-CONTACT
ii : 10.1.200.170 -> 10.1.101.26
ii : isakmp spi = 35f254866f26e641:e8cec85d5c23173e
ii : data size 0
DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 )
DB : tunnel dereferenced ( ref count = 1, tunnel count = 1 )
<- : recv IKE packet from 10.1.101.26:500 ( 76 bytes )
DB : ipsec peer found
DB : phase1 sa found
DB : config not found
DB : config added
== : new phase2 iv ( 8 bytes )
=< : decrypt iv ( 8 bytes )
<= : decrypt packet ( 76 bytes )
== : stored iv ( 8 bytes )
<< : hash payload
<< : attribute payload
== : informational hash_i ( computed ) ( 16 bytes )
== : informational hash_c ( computed ) ( 16 bytes )
ii : configure hash verified
ii : received xauth request
>> : hash payload
>> : attribute payload
== : new configure hash ( 16 bytes )
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 82 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet to 10.1.101.26:500 ( 84 bytes )
DB : config dereferenced ( ref count = 0, config count = 1 )
ii : sent xauth reply with 'peisch' credentials
DB : config deleted
DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 )
DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 )
DB : tunnel dereferenced ( ref count = 1, tunnel count = 1 )
<- : recv IKE packet from 10.1.101.26:500 ( 68 bytes )
DB : ipsec peer found
DB : phase1 sa found
DB : config not found
DB : config added
== : new phase2 iv ( 8 bytes )
=< : decrypt iv ( 8 bytes )
<= : decrypt packet ( 68 bytes )
== : stored iv ( 8 bytes )
<< : hash payload
<< : attribute payload
== : informational hash_i ( computed ) ( 16 bytes )
== : informational hash_c ( computed ) ( 16 bytes )
ii : configure hash verified
ii : received xauth result
ii : user authentication succeeded
>> : hash payload
>> : attribute payload
== : new configure hash ( 16 bytes )
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 56 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet to 10.1.101.26:500 ( 60 bytes )
DB : config dereferenced ( ref count = 0, config count = 1 )
DB : config added
== : new phase2 iv ( 8 bytes )
ii : determining required modecfg attributes
ii : - IP4 Address
ii : - IP4 Netamask
ii : - IP4 DNS Server
ii : - IP4 DNS Suffix
ii : - Split DNS Domains
ii : - IP4 WINS Server
ii : - IP4 Split Network Include List
ii : - IP4 Split Network Exclude List
ii : - Login Banner
ii : sending isakmp config request
>> : hash payload
>> : attribute payload
== : new configure hash ( 16 bytes )
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 108 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet to 10.1.101.26:500 ( 108 bytes )
DB : config dereferenced ( ref count = 0, config count = 2 )
DB : config deleted
DB : tunnel dereferenced ( ref count = 3, tunnel count = 1 )
DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 )
DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 )
<- : recv IKE packet from 10.1.101.26:500 ( 188 bytes )
DB : ipsec peer found
DB : phase1 sa found
DB : config found
=< : decrypt iv ( 8 bytes )
<= : decrypt packet ( 188 bytes )
== : stored iv ( 8 bytes )
<< : hash payload
<< : attribute payload
== : informational hash_i ( computed ) ( 16 bytes )
== : informational hash_c ( computed ) ( 16 bytes )
ii : configure hash verified
ii : received isakmp config reply
ii : - IP4 Address = 10.1.202.1
ii : - IP4 Netmask = 255.255.255.0
ii : - IP4 DNS Server = 10.1.100.126
ii : - IP4 DNS Suffix = 
ii : - IP4 WINS Server = 10.1.100.126
ii : - Login Banner = NetBSD 3.0_STAB ...
DB : config dereferenced ( ref count = 0, config count = 1 )
DB : config deleted
DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 )
DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 )
DB : tunnel dereferenced ( ref count = 1, tunnel count = 1 )
ii : client recv thread begin ...
ii : enabled adapter ROOT\VNET\0000
ii : added host route for remote peer
ii : added tunnel default route
DB : phase1 sa found
DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 )
DB : phase2 sa not found
DB : phase2 sa not found
DB : phase2 sa not found
DB : phase1 sa found
DB : new phase2 sa ( IPSEC initiator )
DB : phase2 sa added
== : new phase2 iv ( 8 bytes )
>> : hash payload
>> : security association payload
>> : nonce payload
>> : key exchange payload
>> : identification payload
>> : identification payload
== : phase2 hash_i ( computed ) ( 16 bytes )
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 288 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet to 10.1.101.26:500 ( 292 bytes )
ii : rebuilding vprot interface list ...
ii : interface IP=10.1.202.1, MTU=1500, MAC=aa:aa:aa:aa:aa:00 active
ii : interface IP=10.1.200.170, MTU=1500, MAC=00:bf:1c:5f:0c:6d active
ii : 2 adapter(s) active
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 )
ii : outbound packet has been queued
ii : no mature sa found for 10.1.202.1 -> 224.0.0.22
ii : inspecting VNet ARP request ...
ii : responding to VNet ARP request for 10.1.100.126
DB : phase2 sa not found
DB : phase2 sa not found
DB : phase2 sa found
ii : unable to process outbound packet
ii : no mature sa found for 10.1.202.1 -> 10.1.100.126
<- : recv IKE packet from 10.1.101.26:500 ( 292 bytes )
DB : ipsec peer found
DB : phase1 sa found
DB : phase2 sa found
=< : decrypt iv ( 8 bytes )
<= : decrypt packet ( 292 bytes )
== : stored iv ( 8 bytes )
<< : hash payload
<< : security association payload
ii : matched phase2 proposal
ii : - protocol     = ipsec-esp
ii : - encap mode   = tunnel
ii : - transform    = esp-3des
ii : - key length   = default
ii : - auth type    = hmac-md5
ii : - pfs dh group = modp-1024
ii : - life seconds = 3600
ii : - life kbytes  = 0
<< : nonce payload
<< : key exchange payload
<< : identification payload
<< : identification payload
ii : phase2 ids match 10.1.202.1 -> 0.0.0.0/0.0.0.0
== : phase2 hash_r ( computed ) ( 16 bytes )
== : phase2 hash_r ( received ) ( 16 bytes )
ii : phase2 sa established
ii : 10.1.200.170:500 <-> 10.1.101.26:500
ii : outbound spi = 0x041b37b7
ii : inbound  spi = 0xadf585d2
== : pfs dh shared secret ( 128 bytes )
== : inbound spi key data ( 48 bytes )
== : outbound spi key data ( 48 bytes )
== : phase2 hash_p ( computed ) ( 16 bytes )
>> : hash payload
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 48 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet to 10.1.101.26:500 ( 52 bytes )
ii : inspecting VNet ARP request ...
ii : outbound packet has been de-queued
-> : send ESP packet to 10.1.101.26 ( 76 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 )
DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 )
DB : phase2 sa found
-> : send ESP packet to 10.1.101.26 ( 76 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
DB : phase2 sa found
-> : send ESP packet to 10.1.101.26 ( 92 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
<- : recv ESP packet from 10.1.101.26 ( 156 bytes )
DB : ipsec peer found
DB : phase2 sa found
<= : decrypt esp packet ( 128 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 )
ii : recv DNS packet from 10.1.100.126
DB : phase2 sa found
-> : send ESP packet to 10.1.101.26 ( 132 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
DB : phase2 sa found
-> : send ESP packet to 10.1.101.26 ( 132 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
<- : recv ESP packet from 10.1.101.26 ( 124 bytes )
DB : ipsec peer found
DB : phase2 sa found
<= : decrypt esp packet ( 96 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 )
DB : phase2 sa found
-> : send ESP packet to 10.1.101.26 ( 132 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
<- : recv ESP packet from 10.1.101.26 ( 124 bytes )
DB : ipsec peer found
DB : phase2 sa found
<= : decrypt esp packet ( 96 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 )
DB : phase2 sa found
-> : send ESP packet to 10.1.101.26 ( 132 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
DB : phase2 sa found
-> : send ESP packet to 10.1.101.26 ( 132 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
<- : recv ESP packet from 10.1.101.26 ( 124 bytes )
DB : ipsec peer found
DB : phase2 sa found
<= : decrypt esp packet ( 96 bytes )
DB : phase2 sa dereferenced ( ref count = 0, phase2 count = 1 )
DB : tunnel dereferenced ( ref count = 2, tunnel count = 1 )
ii : inspecting VNet ARP request ...
<C : client tunnel disable message
DB : removing all tunnel refrences
ii : removed host route for remote peer
ii : removed tunnel default route
DB : phase1 sa found
>> : hash payload
>> : notification payload
== : new informational hash ( 16 bytes )
== : new phase2 iv ( 8 bytes )
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 64 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet to 10.1.101.26:500 ( 68 bytes )
ii : rebuilding vprot interface list ...
ii : disabled adapter ROOT\VNET\0000
ii : client recv thread exit ...
ii : interface IP=10.1.200.170, MTU=1500, MAC=00:bf:1c:5f:0c:6d active
ii : 1 adapter(s) active
ii : sent peer SA DELETE message
ii : 10.1.200.170 -> 10.1.101.26
ii : isakmp spi = 0x041b37b7
DB : phase1 sa dereferenced ( ref count = 0, phase1 count = 1 )
DB : phase2 sa deleted before expire time
DB : tunnel dereferenced ( ref count = 1, tunnel count = 1 )
>> : hash payload
>> : notification payload
== : new informational hash ( 16 bytes )
== : new phase2 iv ( 8 bytes )
>= : encrypt iv ( 8 bytes )
=> : encrypt packet ( 76 bytes )
== : stored iv ( 8 bytes )
-> : send IKE packet to 10.1.101.26:500 ( 76 bytes )
ii : sent peer SA DELETE message
ii : 10.1.200.170 -> 10.1.101.26
ii : isakmp spi = 35f254866f26e641:e8cec85d5c23173e
DB : phase1 sa deleted before expire time
DB : tunnel dereferenced ( ref count = 0, tunnel count = 1 )
DB : tunnel deleted ( tunnel count = 0 )
ii : client ctrl thread exit ...
ii : recv DNS packet from 10.1.100.126
ii : recv DNS packet from 10.1.100.126
ii : recv DNS packet from 10.1.100.126
ii : recv DNS packet from 10.1.100.126
ii : recv DNS packet from 10.1.100.126
ii : recv DNS packet from 10.1.100.126