[Users] FreeSwan <----> SSH Sentinel WinXP Client on CallByCall ISDN/Modem Connection = Mission Impossible ?

• Next message: Martin Edward John Waller: "[Users] desperate for help! freeswan attempt: can exhange keys but no access to other net after! (long)"
• Previous message: Adrian Blockus: "Re: [Users] FreeSwan and WinXP - No ping possible"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hello !
maybe some kind person could help me out of this. there must be
something about it.
i hope i´m not on "mission impossible". i spent quite some time on tis
but i cannot find the trick.
i appreciate any comment.
thank you
andy

scenario:

______________________________
|Linux/FreeSwan1.96/x.509patch|
|192.168.0.5/24 |
|ip-forwarding enabled |
|"cobraHost" |
______________________________----LAN------
 
_|______________________________________________________
                                         |Netgear RT314(ADSL-Router)
|
                                         |Local-IP:192.168.0.1/24
|
                                         |DHCP Server / DNS
Server/Forwarder for 192.168.0.0/24 |
                                         |NAT/Firewall
|
                                         |PORT 500 forwarded to
192.168.0.5 |
                                         |Protocol 50/51 forwarding
enabled |
                                         |dns registered as
"somehost.dyndns.org" |
 
_|______________________________________________________
________________ | |
|LAN |------------------LAN----- A
|192.168.0.0/24| D
________________ S
                                                L
                                                |
________________ |
|Notebook |---ISDN/MODEM-----INTERNET------
|WinXP |
|SSH Sentinel |
|(1.3 b47) |
|some public ip|
|callbycall |
|provider |
________________

i configured freeswan and the ssh sentinel as described in
http://www.ssh.com/products/sentinel/SSH-Sentinel-1.3-FreeSWAN.pdf

the freeswan ipsec.conf:

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        left=%defaultroute
        leftcert=cobraHost.pem
        auto=add
        pfs=yes

conn roadwarrior
        right=%any

conn roadwarrior-net
        leftsubnet=192.168.0.0/24
        right=%any

i added a VPN Connection to SSH Sentinel with security
gateway="somehost.dyndns.org" and remote network 192.168.0.0/24 and no
dhcp

i managed all the certificate stuff and tested the connection with the
notebook locally plugged into LAN, works fine !
(but i think thats not important anyway because the notebook has
internal ip 192.168.0.11 then...)

i went away and connected the notebook via isdn call by call provider to
the internet

i connect via sentinel, yippie ! connection works !

BUT: ping 192.168.0.5 gets into timeout, so do any others to the
192.168.0.0/24 subnet

:-(

i looked into freeswans log:

Apr 23 11:24:08 cobra ipsec_setup: Starting FreeS/WAN IPsec 1.96...
Apr 23 11:24:08 cobra ipsec_setup: KLIPS debug `none'
Apr 23 11:24:08 cobra ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.5/255.255.255.0 broadcast 192.168.0.255
Apr 23 11:24:08 cobra ipsec__plutorun: Starting Pluto subsystem...
Apr 23 11:24:08 cobra Pluto[23487]: Starting Pluto (FreeS/WAN Version
1.96)
Apr 23 11:24:08 cobra Pluto[23487]: including X.509 patch (Version
0.9.8)
Apr 23 11:24:08 cobra ipsec_setup: ...FreeS/WAN IPsec started
Apr 23 11:24:08 cobra Pluto[23487]: Changing to directory
'/etc/ipsec.d/cacerts'
Apr 23 11:24:08 cobra Pluto[23487]: loaded cacert file 'cobraCA.pem'
(1708 bytes)
Apr 23 11:24:08 cobra Pluto[23487]: Changing to directory
'/etc/ipsec.d/crls'
Apr 23 11:24:08 cobra Pluto[23487]: loaded crl file 'crl.pem' (715
bytes)
Apr 23 11:24:08 cobra Pluto[23487]: loaded my X.509 cert file
'/etc/x509cert.der' (1265 bytes)
Apr 23 11:24:09 cobra Pluto[23487]: loaded host cert file
'/etc/ipsec.d/cobraHost.pem' (5135 bytes)
Apr 23 11:24:09 cobra Pluto[23487]: added connection description
"roadwarrior"
Apr 23 11:24:09 cobra Pluto[23487]: loaded host cert file
'/etc/ipsec.d/cobraHost.pem' (5135 bytes)
Apr 23 11:24:09 cobra Pluto[23487]: added connection description
"roadwarrior-net"
Apr 23 11:24:09 cobra Pluto[23487]: listening for IKE messages
Apr 23 11:24:09 cobra Pluto[23487]: adding interface ipsec0/eth0
192.168.0.5
Apr 23 11:24:09 cobra Pluto[23487]: loading secrets from
"/etc/ipsec.secrets"
Apr 23 11:24:09 cobra Pluto[23487]: loaded private key file
'/etc/ipsec.d/private/cobraHost.key.pem' (3467 bytes)
Apr 23 11:24:17 cobra kernel: ipsec0: no IPv6 routers present
Apr 23 11:25:54 cobra Pluto[23487]: packet from 213.7.23.58:500:
ignoring Vendor ID payload
Apr 23 11:25:54 cobra Pluto[23487]: "roadwarrior" 213.7.23.58 #1:
responding to Main Mode from unknown peer 213.7.23.58
Apr 23 11:25:55 cobra Pluto[23487]: "roadwarrior-net" 213.7.23.58 #1:
sent MR3, ISAKMP SA established
Apr 23 11:25:56 cobra Pluto[23487]: "roadwarrior-net" 213.7.23.58 #2:
responding to Quick Mode
Apr 23 11:25:56 cobra Pluto[23487]: "roadwarrior-net" 213.7.23.58 #2:
IPsec SA established

i think the connections is established and ok?

i made a ipconfig /all on the WinXP Machine

Windows-IP-Konfiguration

        Hostname. . . . . . . . . . . . . : andy
        Primäres DNS-Suffix . . . . . . . :
        Knotentyp . . . . . . . . . . . . : Broadcast
        IP-Routing aktiviert. . . . . . . : Nein
        WINS-Proxy aktiviert. . . . . . . : Nein

Ethernetadapter {7897FF62-3E75-4ACE-9A53-77E5CE2FD952}:

        Medienstatus. . . . . . . . . . . : Es besteht keine Verbindung
        Beschreibung. . . . . . . . . . . : SSH Virtual Network Adapter
(sshvnic
)
        Physikalische Adresse . . . . . . : 02-00-00-00-01-00

PPP-Adapter FreeNet:

        Verbindungsspezifisches DNS-Suffix:
        Beschreibung. . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Physikalische Adresse . . . . . . : 00-53-45-00-00-00
        DHCP aktiviert. . . . . . . . . . : Nein
        IP-Adresse. . . . . . . . . . . . : 213.7.209.38
        Subnetzmaske. . . . . . . . . . . : 255.255.255.255
        Standardgateway . . . . . . . . . : 213.7.209.38
        DNS-Server. . . . . . . . . . . . : 62.104.191.241
                                            62.104.196.134
        NetBIOS über TCP/IP . . . . . . . : Deaktiviert

i looked into the sentinels audit logfile after all what happened:

DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 00000000 00000000 [-1] / 0x00000000 } IP; Start isakmp sa
negotiation
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 00000000 00000000 [-1] / 0x00000000 } IP; Version = 1.0,
Input packet fields = 0000
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 00000000 00000000 [-1] / 0x00000000 } IP; Encode packet,
version = 1.0, flags = 0x00000000
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Packet to old
negotiation
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Version = 1.0,
Input packet fields = 0001 SA
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Encode packet,
version = 1.0, flags = 0x00000000
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Packet to old
negotiation
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Warning, junk after
packet len = 160, decoded = 157
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Version = 1.0,
Input packet fields = 0052 KE CR NONCE
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Restart packet
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Version = 1.0,
Input packet fields = 0052 KE CR NONCE
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Diffie-hellman
secret g^xy[128] = 0x1ae697b1 f1af1778 7d6fabe9 1f5e8fa9 dc3673f8
fb8c4fd4 f09dc0be f9146bf0 accf4579 5b86a37e ae22373a d3c63dd0 daf4db48
69468eea 8d8f4aa4...
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Hash algorithm =
hmac-md5
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Prf key[32] =
0xdcbb2415 431af601 76fe323b ffaa3a0c 7306264c 21924672 525d4890
ff77d32e
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Calculating SKEYID
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Output of SKEYID
hash[16] = 0xb286786e a71c865b e642db3c 97072d0f
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Output of SKEYID_d
hash[16] = 0xb0468f87 00e04e77 ef698195 bb8da121
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Output of SKEYID_a
hash[16] = 0x49cf32b6 435586fc 98dc3eec 4489ff45
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Output SKEYID_e
hash[16] = 0x022e5ee4 b064586b 2a7ae925 d420989d
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Final encryption
key[24] = 0xe51c958f 9e09e318 69c2e9d6 d54ede6e b3511a97 3ea23ccb
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Output of HASH_I
hash[16] = 0xb8951080 9e257f6f b7cd87bc 22555a52
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Encode packet,
version = 1.0, flags = 0x00000001
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Packet to old
negotiation
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Version = 1.0,
Input packet fields = 008c ID CERT SIG
: SPD: Can not determine per-rule trusted CA root set for remote
identity der_asn1_dn(any:0,[0..164]=C=DE, ST=Area, L=City, O=AIZ,
OU=somehost.dyndns.org, CN=cobraHOST,
MAILTO=kreiselkicker_at_compuserve.de). Using only globally trusted roots.
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Output of HASH_R
hash[16] = 0x0e79bc79 caeae4b0 860d8341 ea6399ae
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; dec->enc iv[8] =
0x07bac9a6 bb3d9d48
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; MESSAGE: Phase 1
version = 1.0, auth_method = RSA signatures, cipher = 3des-cbc, hash =
md5, prf = hmac-md5, life = 0 kB / 14400 sec, key len = 0, group = 2
: Phase-1 [initiator] between der_asn1_dn(udp:500,[0..95]=C=DE, O=AIZ,
OU=somehost.dyndns.org, CN=another_at_email.com) and
der_asn1_dn(any:0,[0..164]=C=DE, ST=Area, L=City, O=AIZ,
OU=somehost.dyndns.org, CN=cobraHOST,
MAILTO=kreiselkicker_at_compuserve.de) done.
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Start ipsec sa
negotiation
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Version = 1.0, Input
packet fields = 0000
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Output of phase 2 IV
hash[8] = 0xbedebb4b 5eaed08b
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Encode packet,
version = 1.0, flags = 0x00000001
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; HASH hash .= M-ID[4]
= 0x122e900a
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; HASH hash .= rest of
packet[400] = 0x0a0000dc 00000001 00000001 02000034 01030401...
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Output of HASH
hash[16] = 0x21f65820 cfc43470 d19bf2a1 c106d102
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Connected
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Version = 1.0,
Input packet fields = 008c ID CERT SIG
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [-1] / 0x00000000 } IP; Connected
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Packet to old
negotiation
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Version = 1.0, Input
packet fields = 0037 SA KE ID HASH NONCE
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; HASH hash .= M-ID[4]
= 0x122e900a
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; HASH hash .= Ni[16]
= 0xe83aa9b3 f19bdb04 0216bb51 3863958c
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; HASH hash .= rest of
packet[244] = 0x0a000040 00000001 00000001 00000034 01030401...
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Output of HASH
hash[16] = 0x27527904 87d8c197 dfc539c5 4362933e
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; HASH hash .= 0[1] =
0x00
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; HASH hash .= M-ID[4]
= 0x122e900a
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; HASH hash .= Ni[16]
= 0xe83aa9b3 f19bdb04 0216bb51 3863958c
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; HASH hash .= Nr[16]
= 0x1e5c2c2d c4a98a9f 685e2397 7e9489fc
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Output of HASH
hash[16] = 0xd8dbf354 b226cb17 71ce9e2a 1d9c7596
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Diffie-hellman
secret g^(qm)xy[128] = 0x938ffb13 b6ebfb35 32b00033 a6b0c241 9ffd4aa4
3b59188e 99aa2ac6 abda0749 69ff8c2f a98c8305 119ef6a2 a5e07a77 41884f2f
a464372f e32aad7b...
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; MESSAGE: Phase 2
connection succeeded, Using PFS, group = 2
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; MESSAGE: SA[0][0] =
ESP 3des, life = 409600 kB/3600 sec, group = 2, tunnel, hmac-md5-96, key
len = 0, key rounds = 0
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Ipsec keys, mac =
hmac-md5, proto = 3
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; spi[4] = 0xcdff65fc
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; keymat.skeyid_d[16]
= 0xb0468f87 00e04e77 ef698195 bb8da121
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; keymat.gqmxy[128] =
0x938ffb13 b6ebfb35 32b00033 a6b0c241 9ffd4aa4 3b59188e 99aa2ac6
abda0749 69ff8c2f a98c8305...
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; keymat.ni[16] =
0xe83aa9b3 f19bdb04 0216bb51 3863958c
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; keymat.nr[16] =
0x1e5c2c2d c4a98a9f 685e2397 7e9489fc
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; key.out[40] =
0x74bae488 2ce8ad92 725d62eb 9e86ba0c a5c4be78 eec2140a d7e0df0a
91892bea 290efa26 fa142452
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Ipsec keys, mac =
hmac-md5, proto = 3
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; spi[4] = 0xe1997fd0
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; keymat.skeyid_d[16]
= 0xb0468f87 00e04e77 ef698195 bb8da121
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; keymat.gqmxy[128] =
0x938ffb13 b6ebfb35 32b00033 a6b0c241 9ffd4aa4 3b59188e 99aa2ac6
abda0749 69ff8c2f a98c8305...
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; keymat.ni[16] =
0xe83aa9b3 f19bdb04 0216bb51 3863958c
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; keymat.nr[16] =
0x1e5c2c2d c4a98a9f 685e2397 7e9489fc
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; key.out[40] =
0x7318dca2 89e32c6c e1d69072 4008b84e 20644fe9 27efe8df 70df834e
5c47c97e 84fb7ecd 308c88d7
: Phase-2 [initiator] done bundle 5 with 2 SA's by rule 181:`ipsec
ipv4(any:0,[0..3]=213.7.23.58)<->ipv4_subnet(any:0,[0..7]=192.168.0.0/24
)(gw:ipv4(any:0,[0..3]=217.224.31.251))'
: SA ESP[e1997fd0] alg [3des-cbc/24]+hmac[hmac-md5-96] bundle [5,0] pri
0 opts src=ipv4(any:0,[0..3]=213.7.23.58)
dst=ipv4_subnet(any:0,[0..7]=192.168.0.0/24)
: SA ESP[cdff65fc] alg [3des-cbc/24]+hmac[hmac-md5-96] bundle [5,0] pri
0 opts src=ipv4_subnet(any:0,[0..7]=192.168.0.0/24)
dst=ipv4(any:0,[0..3]=213.7.23.58)
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Encode packet,
version = 1.0, flags = 0x00000001
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Connected
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Restart packet
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Version = 1.0, Input
packet fields = 0037 SA KE ID HASH NONCE
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Connected
DEBUG: 0.0.0.0:500 (Initiator) <-> 217.224.31.251:500 { 3885aa38
9d000004 - 5446f95b 5e4538f9 [0] / 0x122e900a } QM; Deleting negotiation

ok, thats a lot
i hope i didn´t forget anything ;-)

i think this must be wheter a "mission impossible" due to some
router/nat stuff or i´m blind on both eyes maybe...
please comment!
thank you again
andy

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.351 / Virus Database: 197 - Release Date: 19.04.2002
 
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Martin Edward John Waller: "[Users] desperate for help! freeswan attempt: can exhange keys but no access to other net after! (long)"
• Previous message: Adrian Blockus: "Re: [Users] FreeSwan and WinXP - No ping possible"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:53 CEST