<br><br><div class="gmail_quote">On Sun, Jan 18, 2009 at 7:19 PM, Noach Sumner <span dir="ltr"><<a href="mailto:nss@compu-skill.com" target="_blank">nss@compu-skill.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div dir="ltr">I'm sorry for the delay. I have had bad luck getting 2.1.4 to chock on me the past 2 days. In any event I went to good old 2.2 alpha 2 which always gives me multiple IP addresses and it indeed continued to give me multiple IP addresses. I brought it down to 1 policy and that made no difference. As an interesting side not un-installing 2.2 and installing 2.1 did not solve the issue if there was no reboot in between. With a reboot in-between it went back to working until it gives out on again.<div>
<div></div><div><br>
<br><div class="gmail_quote">On Fri, Jan 16, 2009 at 7:12 AM, Matthew Grooms <span dir="ltr"><<a href="mailto:mgrooms@shrew.net" target="_blank">mgrooms@shrew.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>Noach Sumner wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Matthew,<br>
<br>
This is great. Robert just helped you isolate my bug which he is now experiencing. And told us why you can't reproduce.<br>
<br>
</blockquote>
<br></div>
I test with multiple networks behind my gateway and have yet to reproduce this issue.<div><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Note his IPs<br>
<br>
IPv4 Address. . . . . . . . . . . : 192.168.113.46(Preferred)<br>
Subnet Mask . . . . . . . . . . . : 255.255.255.0<br>
IPv4 Address. . . . . . . . . . . : 192.168.113.55(Preferred)<br>
Subnet Mask . . . . . . . . . . . : 255.255.255.0<br>
<br>
remind you of anything (it sure does for me). Only he found what I never even though to test. I also have multiple address blocks set in my policy! I am not by my laptop right now but I will try and test tonight. I bet you if I bring it down to 1 address block it will suddenly work!<br>
<br>
</blockquote>
<br></div>
Did you test this after bringing it down to a single remote network?<div><br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Do you have time to work on this yet or not really?<br>
<br>
</blockquote>
<br></div>
Not really. Its entered into the ticket system and flagged as critical for the 2.1.5 release. I hope to get to it this weekend now that the recent kernel changes have been completed and the holidays are behind us. Sorry for the delay.<br>
<font color="#888888">
<br>
-Matthew<br>
</font></blockquote></div><br></div></div></div>
</blockquote></div><br>Hi!<br><br>I decided to see if I could help debugging this, and reinstalled the program. (Uninstall, then install. Same version).<br>And whoops, problem with two ip's are gone.<br><br>BUT, it still don't work as expected.<br>
I can only access one of the three networks announced by the Cisco IOS.<br><br>I see this in the phase 2 all the time.<br>NO-PROPOSAL-CHOSEN notification<br><br>Other than that, I am a bit blank as route and wireshark output looks normal.<br>
<br>See log output below<br><br>ROUTE:<br> C:\Users\robert>route print<br>===========================================================================<br>Interface List<br> 23 ...aa aa aa aa aa 00 ...... Shrew Soft Virtual Adapter<br>
15 ...02 00 4e 43 50 49 ...... NCP Secure Client Virtual NDIS6 Adapter<br> 14 ...00 1e 37 fe 12 34 ...... Bluetooth Device (Personal Area Network)<br> 12 ...00 1f 3b bf 30 7b ...... Intel(R) Wireless WiFi Link 4965AGN<br>
10 ...00 1c 23 50 65 38 ...... Broadcom NetXtreme 57xx Gigabit Controller<br> 1 ........................... Software Loopback Interface 1<br> 19 ...00 00 00 00 00 00 00 e0 isatap.{B06A9A31-24A5-48F1-A151-1D518CEAD8CB}<br>
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface<br> 24 ...00 00 00 00 00 00 00 e0 isatap.{41D6E85F-16C6-40EE-9118-D9D1A97FD69B}<br> 21 ...00 00 00 00 00 00 00 e0 <a href="http://isatap.bb.online.no">isatap.bb.online.no</a><br>
20 ...00 00 00 00 00 00 00 e0 isatap.{42332BC7-F5B0-4FC1-92B8-7B03051E88D9}<br> 22 ...00 00 00 00 00 00 00 e0 <a href="http://isatap.bb.online.no">isatap.bb.online.no</a><br> 18 ...00 00 00 00 00 00 00 e0 6TO4 Adapter<br>
52 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6<br>===========================================================================<br><br>IPv4 Route Table<br>===========================================================================<br>
Active Routes:<br>Network Destination Netmask Gateway Interface Metric<br> 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.198 25<br> 10.220.0.0 255.255.0.0 On-link 192.168.113.159 51<br>
10.220.255.255 255.255.255.255 On-link 192.168.113.159 306<br> 91.203.116.34 255.255.255.255 On-link 192.168.113.159 51<br> 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306<br>
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306<br> 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306<br> 169.254.0.0 255.255.0.0 On-link 192.168.113.159 326<br>
169.254.255.255 255.255.255.255 On-link 192.168.113.159 306<br> 192.168.0.0 255.255.255.0 On-link 192.168.0.198 281<br> 192.168.0.198 255.255.255.255 On-link 192.168.0.198 281<br>
192.168.0.255 255.255.255.255 On-link 192.168.0.198 281<br> 192.168.3.0 255.255.255.0 On-link 192.168.113.159 51<br> 192.168.3.255 255.255.255.255 On-link 192.168.113.159 306<br>
192.168.113.0 255.255.255.0 On-link 192.168.113.159 306<br> 192.168.113.159 255.255.255.255 On-link 192.168.113.159 306<br> 192.168.113.255 255.255.255.255 On-link 192.168.113.159 306<br>
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306<br> 224.0.0.0 240.0.0.0 On-link 192.168.0.198 281<br> 224.0.0.0 240.0.0.0 On-link 192.168.113.159 306<br>
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306<br> 255.255.255.255 255.255.255.255 On-link 192.168.0.198 281<br> 255.255.255.255 255.255.255.255 On-link 192.168.113.159 306<br>
===========================================================================<br>Persistent Routes:<br> None<br><br>IPv6 Route Table<br>===========================================================================<br>Active Routes:<br>
If Metric Network Destination Gateway<br> 1 306 ::1/128 On-link<br> 12 281 fe80::/64 On-link<br> 23 306 fe80::/64 On-link<br> 23 306 fe80::5ccf:4bc9:dc82:cc2/128<br>
On-link<br> 12 281 fe80::f879:5b20:9bcd:8973/128<br> On-link<br> 1 306 ff00::/8 On-link<br> 12 281 ff00::/8 On-link<br>
23 306 ff00::/8 On-link<br>===========================================================================<br>Persistent Routes:<br> None<br><br>IPCONFIG:<br>Ethernet adapter Local Area Connection* 17:<br>
<br> Connection-specific DNS Suffix . : <a href="http://domain.com">domain.com</a><br> Link-local IPv6 Address . . . . . : fe80::5ccf:4bc9:dc82:cc2%23<br> IPv4 Address. . . . . . . . . . . : 192.168.113.159<br> Subnet Mask . . . . . . . . . . . : 255.255.255.0<br>
Default Gateway . . . . . . . . . :<br><br>Ethernet adapter Local Area Connection 2:<br><br> Media State . . . . . . . . . . . : Media disconnected<br> Connection-specific DNS Suffix . :<br><br>Ethernet adapter Bluetooth Network Connection:<br>
<br> Media State . . . . . . . . . . . : Media disconnected<br> Connection-specific DNS Suffix . :<br><br>Wireless LAN adapter Wireless Network Connection:<br><br> Connection-specific DNS Suffix . : <a href="http://bb.online.no">bb.online.no</a><br>
Link-local IPv6 Address . . . . . : fe80::f879:5b20:9bcd:8973%12<br> IPv4 Address. . . . . . . . . . . : 192.168.0.198<br> Subnet Mask . . . . . . . . . . . : 255.255.255.0<br> Default Gateway . . . . . . . . . : 192.168.0.1<br>
<br>VPNTRACE:<br>09/01/19 23:54:48 ## : IKE Daemon, ver 2.1.4<br>09/01/19 23:54:48 ## : Copyright 2008 Shrew Soft Inc.<br>09/01/19 23:54:48 ## : This product linked OpenSSL 0.9.8h 28 May 2008<br>09/01/19 23:54:48 ii : opened 'C:\Program Files\ShrewSoft\VPN Client\debug\iked.log'<br>
09/01/19 23:54:48 ii : opened 'C:\Program Files\ShrewSoft\VPN Client/debug/dump-ike-decrypt.cap'<br>09/01/19 23:54:48 ii : opened 'C:\Program Files\ShrewSoft\VPN Client/debug/dump-ike-encrypt.cap'<br>09/01/19 23:54:48 ii : rebuilding vnet device list ...<br>
09/01/19 23:54:48 ii : device ROOT\VNET\0000 disabled<br>09/01/19 23:54:48 ii : network process thread begin ...<br>09/01/19 23:54:48 ii : pfkey process thread begin ...<br>09/01/19 23:54:48 ii : ipc server process thread begin ...<br>
09/01/19 23:54:48 K< : recv pfkey X_SPDDUMP UNSPEC message<br>09/01/19 23:54:48 DB : policy added ( obj count = 1 )<br>09/01/19 23:54:48 K< : recv pfkey X_SPDDUMP UNSPEC message<br>09/01/19 23:54:48 DB : policy added ( obj count = 2 )<br>
09/01/19 23:54:48 K< : recv pfkey X_SPDDUMP UNSPEC message<br>09/01/19 23:54:48 DB : policy added ( obj count = 3 )<br>09/01/19 23:54:58 !! : unable to connect to pfkey interface<br>09/01/19 23:55:18 ii : ipc client process thread begin ...<br>
09/01/19 23:55:18 <A : peer config add message<br>09/01/19 23:55:18 DB : peer added ( obj count = 1 )<br>09/01/19 23:55:18 ii : local address <a href="http://192.168.0.198:500">192.168.0.198:500</a> selected for peer<br>
09/01/19 23:55:19 DB : tunnel added ( obj count = 1 )<br>09/01/19 23:55:19 <A : proposal config message<br>09/01/19 23:55:19 <A : proposal config message<br>09/01/19 23:55:19 <A : client config message<br>09/01/19 23:55:19 <A : xauth username message<br>
09/01/19 23:55:19 <A : xauth password message<br>09/01/19 23:55:19 <A : local id 'BC' message<br>09/01/19 23:55:19 <A : remote id '<a href="http://BC-R01.basis-consulting.no">BC-R01.basis-consulting.no</a>' message<br>
09/01/19 23:55:19 <A : preshared key message<br>09/01/19 23:55:19 <A : peer tunnel enable message<br>09/01/19 23:55:19 DB : new phase1 ( ISAKMP initiator )<br>09/01/19 23:55:19 DB : exchange type is aggressive<br>09/01/19 23:55:19 DB : <a href="http://192.168.0.198:500">192.168.0.198:500</a> <-> <a href="http://195.159.111.66:500">195.159.111.66:500</a><br>
09/01/19 23:55:19 DB : c67c2ad0f02c1d8e:0000000000000000<br>09/01/19 23:55:19 DB : phase1 added ( obj count = 1 )<br>09/01/19 23:55:19 >> : security association payload<br>09/01/19 23:55:19 >> : - proposal #1 payload <br>
09/01/19 23:55:19 >> : -- transform #1 payload <br>09/01/19 23:55:19 >> : -- transform #2 payload <br>09/01/19 23:55:19 >> : -- transform #3 payload <br>09/01/19 23:55:19 >> : -- transform #4 payload <br>
09/01/19 23:55:19 >> : -- transform #5 payload <br>09/01/19 23:55:19 >> : -- transform #6 payload <br>09/01/19 23:55:19 >> : -- transform #7 payload <br>09/01/19 23:55:19 >> : -- transform #8 payload <br>
09/01/19 23:55:19 >> : -- transform #9 payload <br>09/01/19 23:55:19 >> : -- transform #10 payload <br>09/01/19 23:55:19 >> : -- transform #11 payload <br>09/01/19 23:55:19 >> : -- transform #12 payload <br>
09/01/19 23:55:19 >> : -- transform #13 payload <br>09/01/19 23:55:19 >> : -- transform #14 payload <br>09/01/19 23:55:19 >> : -- transform #15 payload <br>09/01/19 23:55:19 >> : -- transform #16 payload <br>
09/01/19 23:55:19 >> : -- transform #17 payload <br>09/01/19 23:55:19 >> : -- transform #18 payload <br>09/01/19 23:55:19 >> : key exchange payload<br>09/01/19 23:55:19 >> : nonce payload<br>09/01/19 23:55:19 >> : identification payload<br>
09/01/19 23:55:19 >> : vendor id payload<br>09/01/19 23:55:19 ii : local supports XAUTH<br>09/01/19 23:55:19 >> : vendor id payload<br>09/01/19 23:55:19 ii : local supports nat-t ( draft v00 )<br>09/01/19 23:55:19 >> : vendor id payload<br>
09/01/19 23:55:19 ii : local supports nat-t ( draft v01 )<br>09/01/19 23:55:19 >> : vendor id payload<br>09/01/19 23:55:19 ii : local supports nat-t ( draft v02 )<br>09/01/19 23:55:19 >> : vendor id payload<br>
09/01/19 23:55:19 ii : local supports nat-t ( draft v03 )<br>09/01/19 23:55:19 >> : vendor id payload<br>09/01/19 23:55:19 ii : local supports nat-t ( rfc )<br>09/01/19 23:55:19 >> : vendor id payload<br>09/01/19 23:55:19 ii : local supports FRAGMENTATION<br>
09/01/19 23:55:19 >> : vendor id payload<br>09/01/19 23:55:19 ii : local is SHREW SOFT compatible<br>09/01/19 23:55:19 >> : vendor id payload<br>09/01/19 23:55:19 ii : local is NETSCREEN compatible<br>09/01/19 23:55:19 >> : vendor id payload<br>
09/01/19 23:55:19 ii : local is SIDEWINDER compatible<br>09/01/19 23:55:19 >> : vendor id payload<br>09/01/19 23:55:19 ii : local is CISCO UNITY compatible<br>09/01/19 23:55:19 >= : cookies c67c2ad0f02c1d8e:0000000000000000<br>
09/01/19 23:55:19 >= : message 00000000<br>09/01/19 23:55:19 -> : send IKE packet <a href="http://192.168.0.198:500">192.168.0.198:500</a> -> <a href="http://195.159.111.66:500">195.159.111.66:500</a> ( 1158 bytes )<br>
09/01/19 23:55:19 DB : phase1 resend event scheduled ( ref count = 2 )<br>09/01/19 23:55:19 <- : recv IKE packet <a href="http://195.159.111.66:500">195.159.111.66:500</a> -> <a href="http://192.168.0.198:500">192.168.0.198:500</a> ( 438 bytes )<br>
09/01/19 23:55:19 DB : phase1 found<br>09/01/19 23:55:19 ii : processing phase1 packet ( 438 bytes )<br>09/01/19 23:55:19 =< : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:19 =< : message 00000000<br>
09/01/19 23:55:19 << : security association payload<br>09/01/19 23:55:19 << : - propsal #1 payload <br>09/01/19 23:55:19 << : -- transform #1 payload <br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>
09/01/19 23:55:19 ii : cipher type ( 3des != aes )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>09/01/19 23:55:19 ii : cipher type ( 3des != aes )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>
09/01/19 23:55:19 ii : cipher type ( 3des != aes )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>09/01/19 23:55:19 ii : cipher type ( 3des != aes )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>
09/01/19 23:55:19 ii : cipher type ( 3des != aes )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>09/01/19 23:55:19 ii : cipher type ( 3des != aes )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>
09/01/19 23:55:19 ii : cipher type ( 3des != blowfish )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>09/01/19 23:55:19 ii : cipher type ( 3des != blowfish )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>
09/01/19 23:55:19 ii : cipher type ( 3des != blowfish )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>09/01/19 23:55:19 ii : cipher type ( 3des != blowfish )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>
09/01/19 23:55:19 ii : cipher type ( 3des != blowfish )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>09/01/19 23:55:19 ii : cipher type ( 3des != blowfish )<br>09/01/19 23:55:19 ii : unmatched isakmp proposal/transform<br>
09/01/19 23:55:19 ii : hash type ( hmac-sha != hmac-md5 )<br>09/01/19 23:55:19 !! : peer violates RFC, transform number mismatch ( 1 != 14 )<br>09/01/19 23:55:19 ii : matched isakmp proposal #1 transform #1<br>09/01/19 23:55:19 ii : - transform = ike<br>
09/01/19 23:55:19 ii : - cipher type = 3des<br>09/01/19 23:55:19 ii : - key length = default<br>09/01/19 23:55:19 ii : - hash type = sha1<br>09/01/19 23:55:19 ii : - dh group = modp-1024<br>09/01/19 23:55:19 ii : - auth type = xauth-initiator-psk<br>
09/01/19 23:55:19 ii : - life seconds = 86400<br>09/01/19 23:55:19 ii : - life kbytes = 0<br>09/01/19 23:55:19 << : vendor id payload<br>09/01/19 23:55:19 ii : peer is CISCO UNITY compatible<br>09/01/19 23:55:19 << : vendor id payload<br>
09/01/19 23:55:19 ii : peer supports DPDv1<br>09/01/19 23:55:19 << : vendor id payload<br>09/01/19 23:55:19 ii : unknown vendor id ( 16 bytes )<br>09/01/19 23:55:19 0x : 901d27bc 49987177 f134324b 3fe5693e<br>09/01/19 23:55:19 << : vendor id payload<br>
09/01/19 23:55:19 ii : peer supports XAUTH<br>09/01/19 23:55:19 << : vendor id payload<br>09/01/19 23:55:19 ii : peer supports nat-t ( rfc )<br>09/01/19 23:55:19 << : key exchange payload<br>09/01/19 23:55:19 << : identification payload<br>
09/01/19 23:55:19 ii : phase1 id match <br>09/01/19 23:55:19 ii : received = fqdn <a href="http://BC-R01.basis-consulting.no">BC-R01.basis-consulting.no</a><br>09/01/19 23:55:19 << : nonce payload<br>09/01/19 23:55:19 << : hash payload<br>
09/01/19 23:55:19 << : nat discovery payload<br>09/01/19 23:55:19 << : nat discovery payload<br>09/01/19 23:55:19 ii : nat discovery - local address is translated<br>09/01/19 23:55:19 ii : switching to nat-t udp port 4500<br>
09/01/19 23:55:19 == : DH shared secret ( 128 bytes )<br>09/01/19 23:55:19 == : SETKEYID ( 20 bytes )<br>09/01/19 23:55:19 == : SETKEYID_d ( 20 bytes )<br>09/01/19 23:55:19 == : SETKEYID_a ( 20 bytes )<br>09/01/19 23:55:19 == : SETKEYID_e ( 20 bytes )<br>
09/01/19 23:55:19 == : cipher key ( 40 bytes )<br>09/01/19 23:55:19 == : cipher iv ( 8 bytes )<br>09/01/19 23:55:19 == : phase1 hash_i ( computed ) ( 20 bytes )<br>09/01/19 23:55:19 >> : hash payload<br>09/01/19 23:55:19 >> : nat discovery payload<br>
09/01/19 23:55:19 >> : nat discovery payload<br>09/01/19 23:55:19 >= : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:19 >= : message 00000000<br>09/01/19 23:55:19 >= : encrypt iv ( 8 bytes )<br>
09/01/19 23:55:19 == : encrypt packet ( 100 bytes )<br>09/01/19 23:55:19 == : stored iv ( 8 bytes )<br>09/01/19 23:55:19 DB : phase1 resend event canceled ( ref count = 1 )<br>09/01/19 23:55:19 -> : send NAT-T:IKE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> ( 132 bytes )<br>
09/01/19 23:55:19 == : phase1 hash_r ( computed ) ( 20 bytes )<br>09/01/19 23:55:19 == : phase1 hash_r ( received ) ( 20 bytes )<br>09/01/19 23:55:19 ii : phase1 sa established<br>09/01/19 23:55:19 ii : <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> <-> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a><br>
09/01/19 23:55:19 ii : c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:19 ii : sending peer INITIAL-CONTACT notification<br>09/01/19 23:55:19 ii : - <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>
09/01/19 23:55:19 ii : - isakmp spi = c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:19 ii : - data size 0<br>09/01/19 23:55:19 >> : hash payload<br>09/01/19 23:55:19 >> : notification payload<br>09/01/19 23:55:19 == : new informational hash ( 20 bytes )<br>
09/01/19 23:55:19 == : new informational iv ( 8 bytes )<br>09/01/19 23:55:19 >= : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:19 >= : message a04839a3<br>09/01/19 23:55:19 >= : encrypt iv ( 8 bytes )<br>
09/01/19 23:55:19 == : encrypt packet ( 80 bytes )<br>09/01/19 23:55:19 == : stored iv ( 8 bytes )<br>09/01/19 23:55:19 -> : send NAT-T:IKE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> ( 116 bytes )<br>
09/01/19 23:55:19 DB : phase2 not found<br>09/01/19 23:55:19 <- : recv NAT-T:IKE packet <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> -> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> ( 76 bytes )<br>
09/01/19 23:55:19 DB : phase1 found<br>09/01/19 23:55:19 ii : processing config packet ( 76 bytes )<br>09/01/19 23:55:19 DB : config not found<br>09/01/19 23:55:19 DB : config added ( obj count = 1 )<br>09/01/19 23:55:19 == : new config iv ( 8 bytes )<br>
09/01/19 23:55:19 =< : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:19 =< : message 4db9b66f<br>09/01/19 23:55:19 =< : decrypt iv ( 8 bytes )<br>09/01/19 23:55:19 == : decrypt packet ( 76 bytes )<br>
09/01/19 23:55:19 <= : trimmed packet padding ( 8 bytes )<br>09/01/19 23:55:19 <= : stored iv ( 8 bytes )<br>09/01/19 23:55:19 << : hash payload<br>09/01/19 23:55:19 << : attribute payload<br>09/01/19 23:55:19 == : configure hash_i ( computed ) ( 20 bytes )<br>
09/01/19 23:55:19 == : configure hash_c ( computed ) ( 20 bytes )<br>09/01/19 23:55:19 ii : configure hash verified<br>09/01/19 23:55:19 !! : warning, missing required xauth type attribute<br>09/01/19 23:55:19 ii : received xauth request - <br>
09/01/19 23:55:19 ii : added standard xauth username attribute<br>09/01/19 23:55:19 ii : added standard xauth password attribute<br>09/01/19 23:55:19 ii : sending xauth response for robert<br>09/01/19 23:55:19 >> : hash payload<br>
09/01/19 23:55:19 >> : attribute payload<br>09/01/19 23:55:19 == : new configure hash ( 20 bytes )<br>09/01/19 23:55:19 >= : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:19 >= : message 4db9b66f<br>
09/01/19 23:55:19 >= : encrypt iv ( 8 bytes )<br>09/01/19 23:55:19 == : encrypt packet ( 86 bytes )<br>09/01/19 23:55:19 == : stored iv ( 8 bytes )<br>09/01/19 23:55:19 -> : send NAT-T:IKE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> ( 124 bytes )<br>
09/01/19 23:55:19 DB : config resend event scheduled ( ref count = 2 )<br>09/01/19 23:55:19 <- : recv NAT-T:IKE packet <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> -> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> ( 68 bytes )<br>
09/01/19 23:55:19 DB : phase1 found<br>09/01/19 23:55:19 ii : processing config packet ( 68 bytes )<br>09/01/19 23:55:19 DB : config found<br>09/01/19 23:55:19 == : new config iv ( 8 bytes )<br>09/01/19 23:55:19 =< : cookies c67c2ad0f02c1d8e:65da80a149997177<br>
09/01/19 23:55:19 =< : message 4786f601<br>09/01/19 23:55:19 =< : decrypt iv ( 8 bytes )<br>09/01/19 23:55:19 == : decrypt packet ( 68 bytes )<br>09/01/19 23:55:19 <= : trimmed packet padding ( 4 bytes )<br>09/01/19 23:55:19 <= : stored iv ( 8 bytes )<br>
09/01/19 23:55:19 << : hash payload<br>09/01/19 23:55:19 << : attribute payload<br>09/01/19 23:55:19 == : configure hash_i ( computed ) ( 20 bytes )<br>09/01/19 23:55:19 == : configure hash_c ( computed ) ( 20 bytes )<br>
09/01/19 23:55:19 ii : configure hash verified<br>09/01/19 23:55:19 ii : received xauth result - <br>09/01/19 23:55:19 ii : user robert authentication succeeded<br>09/01/19 23:55:19 ii : sending xauth acknowledge<br>09/01/19 23:55:19 >> : hash payload<br>
09/01/19 23:55:19 >> : attribute payload<br>09/01/19 23:55:19 == : new configure hash ( 20 bytes )<br>09/01/19 23:55:19 >= : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:19 >= : message 4786f601<br>
09/01/19 23:55:19 >= : encrypt iv ( 8 bytes )<br>09/01/19 23:55:19 == : encrypt packet ( 60 bytes )<br>09/01/19 23:55:19 == : stored iv ( 8 bytes )<br>09/01/19 23:55:19 DB : config resend event canceled ( ref count = 1 )<br>
09/01/19 23:55:19 -> : send NAT-T:IKE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> ( 92 bytes )<br>09/01/19 23:55:19 DB : config resend event scheduled ( ref count = 2 )<br>
09/01/19 23:55:19 ii : building config attribute list<br>09/01/19 23:55:19 ii : - IP4 Address<br>09/01/19 23:55:19 ii : - Address Expiry<br>09/01/19 23:55:19 ii : - IP4 Netamask<br>09/01/19 23:55:19 ii : - IP4 DNS Server<br>
09/01/19 23:55:19 ii : - IP4 WINS Server<br>09/01/19 23:55:19 ii : - DNS Suffix<br>09/01/19 23:55:19 ii : - Split DNS Domain<br>09/01/19 23:55:19 ii : - IP4 Split Network Include<br>09/01/19 23:55:19 ii : - IP4 Split Network Exclude<br>
09/01/19 23:55:19 ii : - PFS Group<br>09/01/19 23:55:19 ii : - Save Password<br>09/01/19 23:55:19 == : new config iv ( 8 bytes )<br>09/01/19 23:55:19 ii : sending config pull request<br>09/01/19 23:55:19 >> : hash payload<br>
09/01/19 23:55:19 >> : attribute payload<br>09/01/19 23:55:19 == : new configure hash ( 20 bytes )<br>09/01/19 23:55:19 >= : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:19 >= : message 849971e8<br>
09/01/19 23:55:19 >= : encrypt iv ( 8 bytes )<br>09/01/19 23:55:19 == : encrypt packet ( 104 bytes )<br>09/01/19 23:55:19 == : stored iv ( 8 bytes )<br>09/01/19 23:55:19 DB : config resend event canceled ( ref count = 1 )<br>
09/01/19 23:55:19 -> : send NAT-T:IKE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> ( 140 bytes )<br>09/01/19 23:55:19 DB : config resend event scheduled ( ref count = 2 )<br>
09/01/19 23:55:19 <- : recv NAT-T:IKE packet <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> -> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> ( 180 bytes )<br>09/01/19 23:55:19 DB : phase1 found<br>
09/01/19 23:55:19 ii : processing config packet ( 180 bytes )<br>09/01/19 23:55:19 DB : config found<br>09/01/19 23:55:19 =< : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:19 =< : message 849971e8<br>
09/01/19 23:55:19 =< : decrypt iv ( 8 bytes )<br>09/01/19 23:55:19 == : decrypt packet ( 180 bytes )<br>09/01/19 23:55:19 <= : trimmed packet padding ( 3 bytes )<br>09/01/19 23:55:19 <= : stored iv ( 8 bytes )<br>
09/01/19 23:55:19 << : hash payload<br>09/01/19 23:55:19 << : attribute payload<br>09/01/19 23:55:19 == : configure hash_i ( computed ) ( 20 bytes )<br>09/01/19 23:55:19 == : configure hash_c ( computed ) ( 20 bytes )<br>
09/01/19 23:55:19 ii : configure hash verified<br>09/01/19 23:55:19 ii : received config pull response<br>09/01/19 23:55:19 ii : - IP4 Address = 192.168.113.220<br>09/01/19 23:55:19 ii : - Address Expiry = 2136015104<br>09/01/19 23:55:19 ii : - IP4 Netmask = 255.255.255.0<br>
09/01/19 23:55:19 ii : - IP4 DNS Server = 10.220.205.100<br>09/01/19 23:55:19 ii : - DNS Suffix = <a href="http://pillar.as">pillar.as</a><br>09/01/19 23:55:19 ii : - Split Domain<br>09/01/19 23:55:19 ii : - IP4 Split Network Include = ANY:<a href="http://192.168.3.0/24:*">192.168.3.0/24:*</a><br>
09/01/19 23:55:19 ii : - IP4 Split Network Include = ANY:<a href="http://10.220.0.0/16:*">10.220.0.0/16:*</a><br>09/01/19 23:55:19 ii : - IP4 Split Network Include = ANY:<a href="http://91.203.116.34/32:*">91.203.116.34/32:*</a><br>
09/01/19 23:55:19 ii : - IP4 Split Network Exclude = ANY:<a href="http://0.0.0.0/32:*">0.0.0.0/32:*</a> ( invalid subnet ignored )<br>09/01/19 23:55:19 ii : - Save Password = 0<br>09/01/19 23:55:19 DB : config resend event canceled ( ref count = 1 )<br>
09/01/19 23:55:21 ii : VNET adapter MTU is 1500<br>09/01/19 23:55:21 ii : enabled adapter ROOT\VNET\0000<br>09/01/19 23:55:21 ii : creating IPSEC INBOUND policy ANY:<a href="http://192.168.3.0/24:*">192.168.3.0/24:*</a> -> ANY:192.168.113.220:*<br>
09/01/19 23:55:21 DB : policy added ( obj count = 4 )<br>09/01/19 23:55:21 K> : send pfkey X_SPDADD UNSPEC message<br>09/01/19 23:55:21 ii : creating IPSEC OUTBOUND policy ANY:192.168.113.220:* -> ANY:<a href="http://192.168.3.0/24:*">192.168.3.0/24:*</a><br>
09/01/19 23:55:21 K< : recv pfkey X_SPDADD UNSPEC message<br>09/01/19 23:55:21 DB : policy found<br>09/01/19 23:55:21 ii : created IPSEC policy route for <a href="http://192.168.3.0/24">192.168.3.0/24</a><br>09/01/19 23:55:21 DB : policy added ( obj count = 5 )<br>
09/01/19 23:55:21 K> : send pfkey X_SPDADD UNSPEC message<br>09/01/19 23:55:21 ii : creating IPSEC INBOUND policy ANY:<a href="http://10.220.0.0/16:*">10.220.0.0/16:*</a> -> ANY:192.168.113.220:*<br>09/01/19 23:55:21 DB : policy added ( obj count = 6 )<br>
09/01/19 23:55:21 K> : send pfkey X_SPDADD UNSPEC message<br>09/01/19 23:55:21 ii : creating IPSEC OUTBOUND policy ANY:192.168.113.220:* -> ANY:<a href="http://10.220.0.0/16:*">10.220.0.0/16:*</a><br>09/01/19 23:55:21 ii : created IPSEC policy route for <a href="http://10.220.0.0/16">10.220.0.0/16</a><br>
09/01/19 23:55:21 DB : policy added ( obj count = 7 )<br>09/01/19 23:55:21 K> : send pfkey X_SPDADD UNSPEC message<br>09/01/19 23:55:21 ii : creating IPSEC INBOUND policy ANY:<a href="http://91.203.116.34/32:*">91.203.116.34/32:*</a> -> ANY:192.168.113.220:*<br>
09/01/19 23:55:21 DB : policy added ( obj count = 8 )<br>09/01/19 23:55:21 K> : send pfkey X_SPDADD UNSPEC message<br>09/01/19 23:55:21 ii : creating IPSEC OUTBOUND policy ANY:192.168.113.220:* -> ANY:<a href="http://91.203.116.34/32:*">91.203.116.34/32:*</a><br>
09/01/19 23:55:21 ii : created IPSEC policy route for <a href="http://91.203.116.34/32">91.203.116.34/32</a><br>09/01/19 23:55:21 DB : policy added ( obj count = 9 )<br>09/01/19 23:55:21 K> : send pfkey X_SPDADD UNSPEC message<br>
09/01/19 23:55:21 ii : split DNS bypassed ( no split domains defined )<br>09/01/19 23:55:21 K< : recv pfkey X_SPDADD UNSPEC message<br>09/01/19 23:55:21 DB : policy found<br>09/01/19 23:55:21 ii : calling init phase2 for initial policy<br>
09/01/19 23:55:21 DB : policy found<br>09/01/19 23:55:21 DB : policy found<br>09/01/19 23:55:21 DB : tunnel found<br>09/01/19 23:55:21 DB : new phase2 ( IPSEC initiator )<br>09/01/19 23:55:21 DB : phase2 added ( obj count = 1 )<br>
09/01/19 23:55:21 K> : send pfkey GETSPI ESP message<br>09/01/19 23:55:21 K< : recv pfkey X_SPDADD UNSPEC message<br>09/01/19 23:55:21 DB : policy found<br>09/01/19 23:55:21 K< : recv pfkey X_SPDADD UNSPEC message<br>
09/01/19 23:55:21 DB : policy found<br>09/01/19 23:55:21 K< : recv pfkey X_SPDADD UNSPEC message<br>09/01/19 23:55:21 DB : policy found<br>09/01/19 23:55:21 K< : recv pfkey X_SPDADD UNSPEC message<br>09/01/19 23:55:21 DB : policy found<br>
09/01/19 23:55:21 K< : recv pfkey GETSPI ESP message<br>09/01/19 23:55:21 DB : phase2 found<br>09/01/19 23:55:21 ii : updated spi for 1 ipsec-esp proposal<br>09/01/19 23:55:21 DB : phase1 found<br>09/01/19 23:55:21 >> : hash payload<br>
09/01/19 23:55:21 >> : security association payload<br>09/01/19 23:55:21 >> : - proposal #1 payload <br>09/01/19 23:55:21 >> : -- transform #1 payload <br>09/01/19 23:55:21 >> : -- transform #2 payload <br>
09/01/19 23:55:21 >> : -- transform #3 payload <br>09/01/19 23:55:21 >> : -- transform #4 payload <br>09/01/19 23:55:21 >> : -- transform #5 payload <br>09/01/19 23:55:21 >> : -- transform #6 payload <br>
09/01/19 23:55:21 >> : -- transform #7 payload <br>09/01/19 23:55:21 >> : -- transform #8 payload <br>09/01/19 23:55:21 >> : -- transform #9 payload <br>09/01/19 23:55:21 >> : -- transform #10 payload <br>
09/01/19 23:55:21 >> : -- transform #11 payload <br>09/01/19 23:55:21 >> : -- transform #12 payload <br>09/01/19 23:55:21 >> : -- transform #13 payload <br>09/01/19 23:55:21 >> : -- transform #14 payload <br>
09/01/19 23:55:21 >> : -- transform #15 payload <br>09/01/19 23:55:21 >> : -- transform #16 payload <br>09/01/19 23:55:21 >> : -- transform #17 payload <br>09/01/19 23:55:21 >> : -- transform #18 payload <br>
09/01/19 23:55:21 >> : nonce payload<br>09/01/19 23:55:21 >> : identification payload<br>09/01/19 23:55:21 >> : identification payload<br>09/01/19 23:55:21 == : phase2 hash_i ( input ) ( 632 bytes )<br>09/01/19 23:55:21 == : phase2 hash_i ( computed ) ( 20 bytes )<br>
09/01/19 23:55:21 == : new phase2 iv ( 8 bytes )<br>09/01/19 23:55:21 >= : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:21 >= : message 208b32e8<br>09/01/19 23:55:21 >= : encrypt iv ( 8 bytes )<br>
09/01/19 23:55:21 == : encrypt packet ( 680 bytes )<br>09/01/19 23:55:21 == : stored iv ( 8 bytes )<br>09/01/19 23:55:21 -> : send NAT-T:IKE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> ( 716 bytes )<br>
09/01/19 23:55:21 DB : phase2 resend event scheduled ( ref count = 2 )<br>09/01/19 23:55:21 <- : recv NAT-T:IKE packet <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> -> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> ( 188 bytes )<br>
09/01/19 23:55:21 DB : phase1 found<br>09/01/19 23:55:21 ii : processing phase2 packet ( 188 bytes )<br>09/01/19 23:55:21 DB : phase2 found<br>09/01/19 23:55:21 =< : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:21 =< : message 208b32e8<br>
09/01/19 23:55:21 =< : decrypt iv ( 8 bytes )<br>09/01/19 23:55:21 == : decrypt packet ( 188 bytes )<br>09/01/19 23:55:21 <= : trimmed packet padding ( 4 bytes )<br>09/01/19 23:55:21 <= : stored iv ( 8 bytes )<br>
09/01/19 23:55:21 << : hash payload<br>09/01/19 23:55:21 << : security association payload<br>09/01/19 23:55:21 << : - propsal #1 payload <br>09/01/19 23:55:21 << : -- transform #1 payload <br>09/01/19 23:55:21 << : nonce payload<br>
09/01/19 23:55:21 << : identification payload<br>09/01/19 23:55:21 << : identification payload<br>09/01/19 23:55:21 << : notification payload<br>09/01/19 23:55:21 == : phase2 hash_r ( input ) ( 156 bytes )<br>
09/01/19 23:55:21 == : phase2 hash_r ( computed ) ( 20 bytes )<br>09/01/19 23:55:21 == : phase2 hash_r ( received ) ( 20 bytes )<br>09/01/19 23:55:21 ii : unmatched ipsec-esp proposal/transform<br>09/01/19 23:55:21 ii : msg auth ( hmac-sha != hmac-md5 )<br>
09/01/19 23:55:21 !! : peer violates RFC, transform number mismatch ( 1 != 2 )<br>09/01/19 23:55:21 ii : matched ipsec-esp proposal #1 transform #2<br>09/01/19 23:55:21 ii : - transform = esp-aes<br>09/01/19 23:55:21 ii : - key length = 256 bits<br>
09/01/19 23:55:21 ii : - encap mode = udp-tunnel ( rfc )<br>09/01/19 23:55:21 ii : - msg auth = hmac-sha<br>09/01/19 23:55:21 ii : - pfs dh group = none<br>09/01/19 23:55:21 ii : - life seconds = 3600<br>09/01/19 23:55:21 ii : - life kbytes = 0<br>
09/01/19 23:55:21 DB : policy found<br>09/01/19 23:55:21 ii : received peer RESPONDER-LIFETIME notification<br>09/01/19 23:55:21 ii : - <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> -> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a><br>
09/01/19 23:55:21 ii : - ipsec-esp spi = 0x3e8e9ebd<br>09/01/19 23:55:21 ii : - data size 12<br>09/01/19 23:55:21 K> : send pfkey GETSPI ESP message<br>09/01/19 23:55:21 ii : phase2 ids accepted<br>09/01/19 23:55:21 ii : - loc ANY:192.168.113.220:* -> ANY:<a href="http://192.168.3.0/24:*">192.168.3.0/24:*</a><br>
09/01/19 23:55:21 ii : - rmt ANY:<a href="http://192.168.3.0/24:*">192.168.3.0/24:*</a> -> ANY:192.168.113.220:*<br>09/01/19 23:55:21 ii : phase2 sa established<br>09/01/19 23:55:21 ii : <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> <-> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>
09/01/19 23:55:21 == : phase2 hash_p ( input ) ( 45 bytes )<br>09/01/19 23:55:21 == : phase2 hash_p ( computed ) ( 20 bytes )<br>09/01/19 23:55:21 >> : hash payload<br>09/01/19 23:55:21 >= : cookies c67c2ad0f02c1d8e:65da80a149997177<br>
09/01/19 23:55:21 >= : message 208b32e8<br>09/01/19 23:55:21 >= : encrypt iv ( 8 bytes )<br>09/01/19 23:55:21 == : encrypt packet ( 52 bytes )<br>09/01/19 23:55:21 == : stored iv ( 8 bytes )<br>09/01/19 23:55:21 DB : phase2 resend event canceled ( ref count = 1 )<br>
09/01/19 23:55:21 -> : send NAT-T:IKE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> ( 84 bytes )<br>09/01/19 23:55:21 == : spi cipher key data ( 32 bytes )<br>
09/01/19 23:55:21 == : spi hmac key data ( 20 bytes )<br>09/01/19 23:55:21 K> : send pfkey UPDATE ESP message<br>09/01/19 23:55:21 == : spi cipher key data ( 32 bytes )<br>09/01/19 23:55:21 == : spi hmac key data ( 20 bytes )<br>
09/01/19 23:55:21 K> : send pfkey UPDATE ESP message<br>09/01/19 23:55:21 K< : recv pfkey GETSPI ESP message<br>09/01/19 23:55:21 DB : phase2 found<br>09/01/19 23:55:21 K< : recv pfkey UPDATE ESP message<br>09/01/19 23:55:21 K< : recv pfkey UPDATE ESP message<br>
09/01/19 23:55:26 K< : recv pfkey ACQUIRE UNSPEC message<br>09/01/19 23:55:26 DB : policy found<br>09/01/19 23:55:26 DB : policy found<br>09/01/19 23:55:26 DB : tunnel found<br>09/01/19 23:55:26 DB : new phase2 ( IPSEC initiator )<br>
09/01/19 23:55:26 DB : phase2 added ( obj count = 2 )<br>09/01/19 23:55:26 K> : send pfkey GETSPI ESP message<br>09/01/19 23:55:26 K< : recv pfkey GETSPI ESP message<br>09/01/19 23:55:26 DB : phase2 found<br>09/01/19 23:55:26 ii : updated spi for 1 ipsec-esp proposal<br>
09/01/19 23:55:26 DB : phase1 found<br>09/01/19 23:55:26 >> : hash payload<br>09/01/19 23:55:26 >> : security association payload<br>09/01/19 23:55:26 >> : - proposal #1 payload <br>09/01/19 23:55:26 >> : -- transform #1 payload <br>
09/01/19 23:55:26 >> : -- transform #2 payload <br>09/01/19 23:55:26 >> : -- transform #3 payload <br>09/01/19 23:55:26 >> : -- transform #4 payload <br>09/01/19 23:55:26 >> : -- transform #5 payload <br>
09/01/19 23:55:26 >> : -- transform #6 payload <br>09/01/19 23:55:26 >> : -- transform #7 payload <br>09/01/19 23:55:26 >> : -- transform #8 payload <br>09/01/19 23:55:26 >> : -- transform #9 payload <br>
09/01/19 23:55:26 >> : -- transform #10 payload <br>09/01/19 23:55:26 >> : -- transform #11 payload <br>09/01/19 23:55:26 >> : -- transform #12 payload <br>09/01/19 23:55:26 >> : -- transform #13 payload <br>
09/01/19 23:55:26 >> : -- transform #14 payload <br>09/01/19 23:55:26 >> : -- transform #15 payload <br>09/01/19 23:55:26 >> : -- transform #16 payload <br>09/01/19 23:55:26 >> : -- transform #17 payload <br>
09/01/19 23:55:26 >> : -- transform #18 payload <br>09/01/19 23:55:26 >> : nonce payload<br>09/01/19 23:55:26 >> : identification payload<br>09/01/19 23:55:26 >> : identification payload<br>09/01/19 23:55:26 == : phase2 hash_i ( input ) ( 632 bytes )<br>
09/01/19 23:55:26 == : phase2 hash_i ( computed ) ( 20 bytes )<br>09/01/19 23:55:26 == : new phase2 iv ( 8 bytes )<br>09/01/19 23:55:26 >= : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:26 >= : message 59ac7e0f<br>
09/01/19 23:55:26 >= : encrypt iv ( 8 bytes )<br>09/01/19 23:55:26 == : encrypt packet ( 680 bytes )<br>09/01/19 23:55:26 == : stored iv ( 8 bytes )<br>09/01/19 23:55:26 -> : send NAT-T:IKE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> ( 716 bytes )<br>
09/01/19 23:55:26 DB : phase2 resend event scheduled ( ref count = 2 )<br>09/01/19 23:55:26 <- : recv NAT-T:IKE packet <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> -> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> ( 84 bytes )<br>
09/01/19 23:55:26 DB : phase1 found<br>09/01/19 23:55:26 ii : processing informational packet ( 84 bytes )<br>09/01/19 23:55:26 == : new informational iv ( 8 bytes )<br>09/01/19 23:55:26 =< : cookies c67c2ad0f02c1d8e:65da80a149997177<br>
09/01/19 23:55:26 =< : message 94a2c033<br>09/01/19 23:55:26 =< : decrypt iv ( 8 bytes )<br>09/01/19 23:55:26 == : decrypt packet ( 84 bytes )<br>09/01/19 23:55:26 <= : trimmed packet padding ( 4 bytes )<br>09/01/19 23:55:26 <= : stored iv ( 8 bytes )<br>
09/01/19 23:55:26 << : hash payload<br>09/01/19 23:55:26 << : notification payload<br>09/01/19 23:55:26 == : informational hash_i ( computed ) ( 20 bytes )<br>09/01/19 23:55:26 == : informational hash_c ( received ) ( 20 bytes )<br>
09/01/19 23:55:26 ii : informational hash verified<br>09/01/19 23:55:26 ii : received peer NO-PROPOSAL-CHOSEN notification<br>09/01/19 23:55:26 ii : - <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> -> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a><br>
09/01/19 23:55:26 ii : - ipsec-esp spi = 0x45d226fc<br>09/01/19 23:55:26 ii : - data size 12<br>09/01/19 23:55:31 ii : resend limit exceeded for phase2 exchange<br>09/01/19 23:55:31 ii : phase2 removal before expire time<br>
09/01/19 23:55:31 DB : phase2 deleted ( obj count = 1 )<br>09/01/19 23:55:34 DB : phase1 found<br>09/01/19 23:55:34 -> : send NAT-T:KEEP-ALIVE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>
09/01/19 23:55:49 DB : phase1 found<br>09/01/19 23:55:49 -> : send NAT-T:KEEP-ALIVE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>
09/01/19 23:55:59 K< : recv pfkey ACQUIRE UNSPEC message<br>09/01/19 23:55:59 DB : policy found<br>09/01/19 23:55:59 DB : policy found<br>09/01/19 23:55:59 DB : tunnel found<br>09/01/19 23:55:59 DB : new phase2 ( IPSEC initiator )<br>
09/01/19 23:55:59 DB : phase2 added ( obj count = 2 )<br>09/01/19 23:55:59 K> : send pfkey GETSPI ESP message<br>09/01/19 23:55:59 K< : recv pfkey GETSPI ESP message<br>09/01/19 23:55:59 DB : phase2 found<br>09/01/19 23:55:59 ii : updated spi for 1 ipsec-esp proposal<br>
09/01/19 23:55:59 DB : phase1 found<br>09/01/19 23:55:59 >> : hash payload<br>09/01/19 23:55:59 >> : security association payload<br>09/01/19 23:55:59 >> : - proposal #1 payload <br>09/01/19 23:55:59 >> : -- transform #1 payload <br>
09/01/19 23:55:59 >> : -- transform #2 payload <br>09/01/19 23:55:59 >> : -- transform #3 payload <br>09/01/19 23:55:59 >> : -- transform #4 payload <br>09/01/19 23:55:59 >> : -- transform #5 payload <br>
09/01/19 23:55:59 >> : -- transform #6 payload <br>09/01/19 23:55:59 >> : -- transform #7 payload <br>09/01/19 23:55:59 >> : -- transform #8 payload <br>09/01/19 23:55:59 >> : -- transform #9 payload <br>
09/01/19 23:55:59 >> : -- transform #10 payload <br>09/01/19 23:55:59 >> : -- transform #11 payload <br>09/01/19 23:55:59 >> : -- transform #12 payload <br>09/01/19 23:55:59 >> : -- transform #13 payload <br>
09/01/19 23:55:59 >> : -- transform #14 payload <br>09/01/19 23:55:59 >> : -- transform #15 payload <br>09/01/19 23:55:59 >> : -- transform #16 payload <br>09/01/19 23:55:59 >> : -- transform #17 payload <br>
09/01/19 23:55:59 >> : -- transform #18 payload <br>09/01/19 23:55:59 >> : nonce payload<br>09/01/19 23:55:59 >> : identification payload<br>09/01/19 23:55:59 >> : identification payload<br>09/01/19 23:55:59 == : phase2 hash_i ( input ) ( 632 bytes )<br>
09/01/19 23:55:59 == : phase2 hash_i ( computed ) ( 20 bytes )<br>09/01/19 23:55:59 == : new phase2 iv ( 8 bytes )<br>09/01/19 23:55:59 >= : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:55:59 >= : message d66db4ce<br>
09/01/19 23:55:59 >= : encrypt iv ( 8 bytes )<br>09/01/19 23:55:59 == : encrypt packet ( 680 bytes )<br>09/01/19 23:55:59 == : stored iv ( 8 bytes )<br>09/01/19 23:55:59 -> : send NAT-T:IKE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> ( 716 bytes )<br>
09/01/19 23:55:59 DB : phase2 resend event scheduled ( ref count = 2 )<br>09/01/19 23:55:59 <- : recv NAT-T:IKE packet <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> -> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> ( 84 bytes )<br>
09/01/19 23:55:59 DB : phase1 found<br>09/01/19 23:55:59 ii : processing informational packet ( 84 bytes )<br>09/01/19 23:55:59 == : new informational iv ( 8 bytes )<br>09/01/19 23:55:59 =< : cookies c67c2ad0f02c1d8e:65da80a149997177<br>
09/01/19 23:55:59 =< : message f83e5293<br>09/01/19 23:55:59 =< : decrypt iv ( 8 bytes )<br>09/01/19 23:55:59 == : decrypt packet ( 84 bytes )<br>09/01/19 23:55:59 <= : trimmed packet padding ( 4 bytes )<br>09/01/19 23:55:59 <= : stored iv ( 8 bytes )<br>
09/01/19 23:55:59 << : hash payload<br>09/01/19 23:55:59 << : notification payload<br>09/01/19 23:55:59 == : informational hash_i ( computed ) ( 20 bytes )<br>09/01/19 23:55:59 == : informational hash_c ( received ) ( 20 bytes )<br>
09/01/19 23:55:59 ii : informational hash verified<br>09/01/19 23:55:59 ii : received peer NO-PROPOSAL-CHOSEN notification<br>09/01/19 23:55:59 ii : - <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> -> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a><br>
09/01/19 23:55:59 ii : - ipsec-esp spi = 0x06286536<br>09/01/19 23:55:59 ii : - data size 12<br>09/01/19 23:56:04 -> : resend 1 phase2 packet(s) <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>
09/01/19 23:56:04 DB : phase1 found<br>09/01/19 23:56:04 -> : send NAT-T:KEEP-ALIVE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>
09/01/19 23:56:09 -> : resend 1 phase2 packet(s) <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>09/01/19 23:56:14 -> : resend 1 phase2 packet(s) <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>
09/01/19 23:56:19 K< : recv pfkey ACQUIRE UNSPEC message<br>09/01/19 23:56:19 DB : policy found<br>09/01/19 23:56:19 DB : policy found<br>09/01/19 23:56:19 DB : tunnel found<br>09/01/19 23:56:19 DB : new phase2 ( IPSEC initiator )<br>
09/01/19 23:56:19 DB : phase2 added ( obj count = 3 )<br>09/01/19 23:56:19 K> : send pfkey GETSPI ESP message<br>09/01/19 23:56:19 K< : recv pfkey GETSPI ESP message<br>09/01/19 23:56:19 DB : phase2 found<br>09/01/19 23:56:19 ii : updated spi for 1 ipsec-esp proposal<br>
09/01/19 23:56:19 DB : phase1 found<br>09/01/19 23:56:19 >> : hash payload<br>09/01/19 23:56:19 >> : security association payload<br>09/01/19 23:56:19 >> : - proposal #1 payload <br>09/01/19 23:56:19 >> : -- transform #1 payload <br>
09/01/19 23:56:19 >> : -- transform #2 payload <br>09/01/19 23:56:19 >> : -- transform #3 payload <br>09/01/19 23:56:19 >> : -- transform #4 payload <br>09/01/19 23:56:19 >> : -- transform #5 payload <br>
09/01/19 23:56:19 >> : -- transform #6 payload <br>09/01/19 23:56:19 >> : -- transform #7 payload <br>09/01/19 23:56:19 >> : -- transform #8 payload <br>09/01/19 23:56:19 >> : -- transform #9 payload <br>
09/01/19 23:56:19 >> : -- transform #10 payload <br>09/01/19 23:56:19 >> : -- transform #11 payload <br>09/01/19 23:56:19 >> : -- transform #12 payload <br>09/01/19 23:56:19 >> : -- transform #13 payload <br>
09/01/19 23:56:19 >> : -- transform #14 payload <br>09/01/19 23:56:19 >> : -- transform #15 payload <br>09/01/19 23:56:19 >> : -- transform #16 payload <br>09/01/19 23:56:19 >> : -- transform #17 payload <br>
09/01/19 23:56:19 >> : -- transform #18 payload <br>09/01/19 23:56:19 >> : nonce payload<br>09/01/19 23:56:19 >> : identification payload<br>09/01/19 23:56:19 >> : identification payload<br>09/01/19 23:56:19 == : phase2 hash_i ( input ) ( 632 bytes )<br>
09/01/19 23:56:19 == : phase2 hash_i ( computed ) ( 20 bytes )<br>09/01/19 23:56:19 == : new phase2 iv ( 8 bytes )<br>09/01/19 23:56:19 >= : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:56:19 >= : message c54a4e5f<br>
09/01/19 23:56:19 >= : encrypt iv ( 8 bytes )<br>09/01/19 23:56:19 == : encrypt packet ( 680 bytes )<br>09/01/19 23:56:19 == : stored iv ( 8 bytes )<br>09/01/19 23:56:19 -> : send NAT-T:IKE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> ( 716 bytes )<br>
09/01/19 23:56:19 DB : phase2 resend event scheduled ( ref count = 2 )<br>09/01/19 23:56:19 ii : resend limit exceeded for phase2 exchange<br>09/01/19 23:56:19 ii : phase2 removal before expire time<br>09/01/19 23:56:19 DB : phase2 deleted ( obj count = 2 )<br>
09/01/19 23:56:19 <- : recv NAT-T:IKE packet <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> -> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> ( 84 bytes )<br>09/01/19 23:56:19 DB : phase1 found<br>
09/01/19 23:56:19 ii : processing informational packet ( 84 bytes )<br>09/01/19 23:56:19 == : new informational iv ( 8 bytes )<br>09/01/19 23:56:19 =< : cookies c67c2ad0f02c1d8e:65da80a149997177<br>09/01/19 23:56:19 =< : message 23448ff9<br>
09/01/19 23:56:19 =< : decrypt iv ( 8 bytes )<br>09/01/19 23:56:19 == : decrypt packet ( 84 bytes )<br>09/01/19 23:56:19 <= : trimmed packet padding ( 4 bytes )<br>09/01/19 23:56:19 <= : stored iv ( 8 bytes )<br>
09/01/19 23:56:19 << : hash payload<br>09/01/19 23:56:19 << : notification payload<br>09/01/19 23:56:19 == : informational hash_i ( computed ) ( 20 bytes )<br>09/01/19 23:56:19 == : informational hash_c ( received ) ( 20 bytes )<br>
09/01/19 23:56:19 ii : informational hash verified<br>09/01/19 23:56:19 ii : received peer NO-PROPOSAL-CHOSEN notification<br>09/01/19 23:56:19 ii : - <a href="http://195.159.111.66:4500">195.159.111.66:4500</a> -> <a href="http://192.168.0.198:4500">192.168.0.198:4500</a><br>
09/01/19 23:56:19 ii : - ipsec-esp spi = 0x0ccb4fcd<br>09/01/19 23:56:19 ii : - data size 12<br>09/01/19 23:56:19 DB : phase1 found<br>09/01/19 23:56:19 -> : send NAT-T:KEEP-ALIVE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>
09/01/19 23:56:24 -> : resend 1 phase2 packet(s) <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>09/01/19 23:56:29 -> : resend 1 phase2 packet(s) <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>
09/01/19 23:56:34 -> : resend 1 phase2 packet(s) <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>09/01/19 23:56:34 DB : phase1 found<br>09/01/19 23:56:34 -> : send NAT-T:KEEP-ALIVE packet <a href="http://192.168.0.198:4500">192.168.0.198:4500</a> -> <a href="http://195.159.111.66:4500">195.159.111.66:4500</a><br>