IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Help: Win2k <-> Freeswan w/ X509

From: Philip Reetz (p.reetz_at_linet-services.de)
Date: Mon Apr 29 2002 - 14:36:35 CEST

Hello everyone,
first thanks to all who tried to help me with my previous posting (same
topic). I really appreciate the help. I made new certs being careful
that the DNs are very unique and that there are no special characters in
the DN.
Today I wanted to test it and, of course, it didn't work :(
But the goog news is, I got a different error message both on the linux
side and on the windows side :). I include the part from the ipsec.conf,
the /var/log/messages and attach the windows oakley log.
If somebody could log over it, I would really appreciate it. I don't
know what to do.
Thanks.
Ciao,
Philip

linux side:

/etc/ipsec.conf
-snip-
# basic configuration
config setup
         interfaces="ipsec0=eth2"
         # Debug-logging controls: "none" for (almost) none, "all" for
lots.
         klipsdebug=none
         plutodebug=none
         # Use auto= parameters in conn descriptions to control startup
actions.
         plutoload=%search
         plutostart=%search
         # Close down old connection when new one using same ID shows up.
         uniqueids=yes
         plutowait=no

# defaults for subsequent connection descriptions
conn %default
         # How persistent to be in (re)keying negotiations (0 means very).
         keyingtries=0
         authby=rsasig
         leftid=@testag
        leftrsasigkey=0x01blablabla

some other connections freeswan<->freeswan

conn bssub-rw1
         authby=rsasig
         left=xxx.yyy.zzz.110
         leftsubnet=192.168.0.0/24
         leftnexthop=xxx.yyy.zzz.109
         leftrsasigkey=%cert
         leftid="C=DE, ST=NDS, O=testag, OU=gwunit, CN=gwname/Email=gwemail"
         right=%any
         rightsubnet=
         rightnexthop=
         rightrsasigkey=%cert
         rightid="C=DE, ST=NDS, O=testag, OU=rweinsunit, CN=rweinsname,
E=rweinsemail"
         auto=add
-snip-

/var/log/messages
-snip-
Apr 29 11:56:42 test-lx-01 Pluto[8618]: packet from 193.159.67.56:500:
ignoring Vendor ID payload
Apr 29 11:56:42 test-lx-01 Pluto[8618]: "bssub-rw1" 193.159.67.56 #9:
responding to Main Mode from unknown peer 193.159.67.56
Apr 29 11:56:43 test-lx-01 Pluto[8618]: "bssub-rw1" 193.159.67.56 #9:
Peer ID is ID_DER_ASN1_DN: 'C=DE, ST=NDS, O=testag, OU=rweinsunit,
Apr 29 11:56:43 test-lx-01 Pluto[8618]: "bssub-rw1" 193.159.67.56 #9:
sent MR3, ISAKMP SA established
Apr 29 11:58:40 test-lx-01 Pluto[8618]: "bssub-rw1" 193.159.67.56 #9:
ignoring Delete SA payload
Apr 29 11:58:40 test-lx-01 Pluto[8618]: "bssub-rw1" 193.159.67.56 #9:
received and ignored informational message
-snip-

The windows log is attached to this message. No tunnel is established.
Tried several times. 

-- 
LINET Services
Bunkus, Geisler und Reetz GbR

Rebenring 33                     Tel.: 0531-280 191 71
38106 Braunschweig               Fax.: 0531-280 191 72

http://www.linet-services.de
mailto:info_at_linet-services.de

 4-29: 11:36:30:30c SecMaxToken 12000
 4-29: 11:36:30:30c Get DH Prov type failed 234
 4-29: 11:36:30:30c MaxDHLength 512
 4-29: 11:36:30:30c Get DH Prov type failed 234
 4-29: 11:36:30:30c MaxDHLength 512
 4-29: 11:36:30:30c DH Provider 3
 4-29: 11:36:30:30c RegisterSocket: Socket 740, Event 588

 4-29: 11:36:30:30c Register wait c03d0
 4-29: 11:36:30:30c Adding socket: 740 addr: 193.159.67.56
 4-29: 11:36:30:30c Reapertimer 10b120
 4-29: 11:36:30:30c Before processing
 4-29: 11:36:30:284 Acquire thread waiting
 4-29: 11:36:30:30c After processing
 4-29: 11:36:30:30c Oakley Init done
 4-29: 11:36:30:30c Oakley group 2 from UI
 4-29: 11:36:30:30c Isakmp policy (4 total): db0fd3a3-aae8-48e5-804ab213473dc3e2 PFS=0
 4-29: 11:36:30:30c #0: C.Id = 3, H.ID= 2, A.ID = 0, Group = 2 LT=28800 QMs=0
 4-29: 11:36:30:30c #1: C.Id = 3, H.ID= 1, A.ID = 0, Group = 2 LT=28800 QMs=0
 4-29: 11:36:30:30c #2: C.Id = 1, H.ID= 2, A.ID = 0, Group = 1 LT=28800 QMs=0
 4-29: 11:36:30:30c #3: C.Id = 1, H.ID= 1, A.ID = 0, Group = 1 LT=28800 QMs=0
 4-29: 11:36:30:30c flush guid(isakmp): db0fd3a3-aae8-48e5-804ab213473dc3e2
 4-29: 11:36:30:30c isadb_schedule_kill_oldPolicy_sas: db0fd3a3-aae8-48e5-804ab213473dc3e2 1
 4-29: 11:36:30:30c Added Timeout 103ef8
 4-29: 11:36:30:30c flush(isakmp): db0fd3a3-aae8-48e5-804ab213473dc3e2
 4-29: 11:36:30:30c Oakley group 2 from UI
 4-29: 11:36:30:30c Isakmp policy (4 total): 68c113d6-6b07-438f-ad52e85dcb8ded96 PFS=0
 4-29: 11:36:30:30c #0: C.Id = 3, H.ID= 2, A.ID = 0, Group = 2 LT=28800 QMs=0
 4-29: 11:36:30:30c #1: C.Id = 3, H.ID= 1, A.ID = 0, Group = 2 LT=28800 QMs=0
 4-29: 11:36:30:30c #2: C.Id = 1, H.ID= 2, A.ID = 0, Group = 1 LT=28800 QMs=0
 4-29: 11:36:30:30c #3: C.Id = 1, H.ID= 1, A.ID = 0, Group = 1 LT=28800 QMs=0
 4-29: 11:36:30:30c flush guid(isakmp): 68c113d6-6b07-438f-ad52e85dcb8ded96
 4-29: 11:36:30:30c isadb_schedule_kill_oldPolicy_sas: 68c113d6-6b07-438f-ad52e85dcb8ded96 1
 4-29: 11:36:30:30c Added Timeout 10c980
 4-29: 11:36:30:30c Adding policy guid(ipsec): ed5af0db-bf1b-4e89-b0c446b5f422db34
 4-29: 11:36:30:30c Authentication Method[0] from UI 5
 4-29: 11:36:30:30c Auth[0]: 5 Authinfosize: 0
 4-29: 11:36:30:30c Flags from UI 0
 4-29: 11:36:30:30c Ipsec policy (6 total): ed5af0db-bf1b-4e89-b0c446b5f422db34 PFS=7405532
 4-29: 11:36:30:30c #0: Encrypt C.Id = 3, C.KeyLen = 64, I.ID = 2,
 4-29: 11:36:30:30c #1: Encrypt C.Id = 3, C.KeyLen = 64, I.ID = 1,
 4-29: 11:36:30:30c #2: Encrypt C.Id = 1, C.KeyLen = 64, I.ID = 2,
 4-29: 11:36:30:30c #3: Encrypt C.Id = 1, C.KeyLen = 64, I.ID = 1,
 4-29: 11:36:30:30c #4: Auth C.Id = 2, C.KeyLen = 64, I.ID = 0,
 4-29: 11:36:30:30c #5: Auth C.Id = 1, C.KeyLen = 64, I.ID = 0,
 4-29: 11:36:30:30c flush guid(ipsec): ed5af0db-bf1b-4e89-b0c446b5f422db34
 4-29: 11:36:30:30c Adding policy guid(ipsec): 595ab7c9-0bc8-415a-a8cc1fcc8b7467aa
 4-29: 11:36:30:30c Authentication Method[0] from UI 3
 4-29: 11:36:30:30c Auth[0]: 3 Authinfosize: 126
 4-29: 11:36:30:30c Flags from UI 2
 4-29: 11:36:30:30c Ipsec policy (1 total): 595ab7c9-0bc8-415a-a8cc1fcc8b7467aa PFS=7405532
 4-29: 11:36:30:30c #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
 4-29: 11:36:30:30c flush guid(ipsec): 595ab7c9-0bc8-415a-a8cc1fcc8b7467aa
 4-29: 11:36:30:30c Adding policy guid(ipsec): 523d5fe2-c371-4dd4-890b5d1567344eb5
 4-29: 11:36:30:30c Authentication Method[0] from UI 3
 4-29: 11:36:30:30c Auth[0]: 3 Authinfosize: 126
 4-29: 11:36:30:30c Flags from UI 2
 4-29: 11:36:30:30c Ipsec policy (1 total): 523d5fe2-c371-4dd4-890b5d1567344eb5 PFS=7405532
 4-29: 11:36:30:30c #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
 4-29: 11:36:30:30c flush guid(ipsec): 523d5fe2-c371-4dd4-890b5d1567344eb5
 4-29: 11:36:30:118 entered kill_old_policy_sas
 4-29: 11:36:30:118 entered kill_old_policy_sas
 4-29: 11:36:34:284 Posting acquire: op=FE930B28 src=193.159.67.56.0 dst=192.168.0.6.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=xxx.yyy.zzz.110 Inbound TunnelEndpt=193.159.67.56
 4-29: 11:36:34:284 Acquire thread waiting
 4-29: 11:36:34:118 find(ipsec): 595ab7c9-0bc8-415a-a8cc1fcc8b7467aa
 4-29: 11:36:34:118 outstanding_kernel_req returned 0
 4-29: 11:36:34:118 Created new SA 23a2d8
 4-29: 11:36:34:118 Acquire: src = 193.159.67.56.0000, dst = xxx.yyy.zzz.110.62465, proto = 00, context = FE930B28, ProxySrc = 193.159.67.56.0000, ProxyDst = 192.168.0.0.0000 SrcMask = 0.0.0.0 DstMask = 255.255.255.0
 4-29: 11:36:34:118 constructing ISAKMP Header
 4-29: 11:36:34:118 constructing SA (ISAKMP)
 4-29: 11:36:34:118 find(isakmp): 595ab7c9-0bc8-415a-a8cc1fcc8b7467aa
 4-29: 11:36:34:118 Setting group desc
 4-29: 11:36:34:118 Setting group desc
 4-29: 11:36:34:118 Setting group desc
 4-29: 11:36:34:118 Setting group desc
 4-29: 11:36:34:118 Constructing Vendor
 4-29: 11:36:34:118 Throw: State mask=1
 4-29: 11:36:34:118 Added Timeout 10c980
 4-29: 11:36:34:118 Setting Retransmit: sa 23a2d8 handle 10c980 context 239b10
 4-29: 11:36:34:118
 4-29: 11:36:34:118 Sending: SA = 0x0023A2D8 to xxx.yyy.zzz.110
 4-29: 11:36:34:118 ISAKMP Header: (V1.0), len = 216
 4-29: 11:36:34:118 I-COOKIE 92256e21dcc6c611
 4-29: 11:36:34:118 R-COOKIE 0000000000000000
 4-29: 11:36:34:118 exchange: Oakley Main Mode
 4-29: 11:36:34:118 flags: 0
 4-29: 11:36:34:118 next payload: SA
 4-29: 11:36:34:118 message ID: 00000000
 4-29: 11:36:34:118
 4-29: 11:36:34:118 Resume: (get) SA = 0x0023a2d8 from xxx.yyy.zzz.110
 4-29: 11:36:34:118 ISAKMP Header: (V1.0), len = 84
 4-29: 11:36:34:118 I-COOKIE 92256e21dcc6c611
 4-29: 11:36:34:118 R-COOKIE 7cbd8ea30bf09a44
 4-29: 11:36:34:118 exchange: Oakley Main Mode
 4-29: 11:36:34:118 flags: 0
 4-29: 11:36:34:118 next payload: SA
 4-29: 11:36:34:118 message ID: 00000000
 4-29: 11:36:34:118 Stopping RetransTimer sa:0023A2D8 centry:00000000 handle:0010C980
 4-29: 11:36:34:118 processing payload SA
 4-29: 11:36:34:118 Received Phase 1 Transform 1
 4-29: 11:36:34:118 Encryption Alg Dreifach-DES CBC(5)
 4-29: 11:36:34:118 Hash Alg SHA(2)
 4-29: 11:36:34:118 Oakley Group 2
 4-29: 11:36:34:118 Auth Method RSA-Signatur mit Zertifikaten(3)
 4-29: 11:36:34:118 Life type in Seconds
 4-29: 11:36:34:118 Life duration of 28800
 4-29: 11:36:34:118 Phase 1 SA accepted: transform=1
 4-29: 11:36:34:118 SA - Oakley proposal accepted
 4-29: 11:36:34:118 In state OAK_MM_SA_SETUP
 4-29: 11:36:34:118 constructing ISAKMP Header
 4-29: 11:36:34:118 constructing KE
 4-29: 11:36:34:118 constructing NONCE (ISAKMP)
 4-29: 11:36:34:118 Throw: State mask=7
 4-29: 11:36:34:118
 4-29: 11:36:34:118 Sending: SA = 0x0023A2D8 to xxx.yyy.zzz.110
 4-29: 11:36:34:118 ISAKMP Header: (V1.0), len = 184
 4-29: 11:36:34:118 I-COOKIE 92256e21dcc6c611
 4-29: 11:36:34:118 R-COOKIE 7cbd8ea30bf09a44
 4-29: 11:36:34:118 exchange: Oakley Main Mode
 4-29: 11:36:34:118 flags: 0
 4-29: 11:36:34:118 next payload: KE
 4-29: 11:36:34:118 message ID: 00000000
 4-29: 11:36:35:118 Handling Retransmit: sa 23a2d8 handle 10c980 context 239b10 arg 239b10
 4-29: 11:36:35:118 retransmit: sa = 0023A2D8 centry 00000000 , count = 0
 4-29: 11:36:35:118
 4-29: 11:36:35:118 Sending: SA = 0x0023A2D8 to xxx.yyy.zzz.110
 4-29: 11:36:35:118 ISAKMP Header: (V1.0), len = 184
 4-29: 11:36:35:118 I-COOKIE 92256e21dcc6c611
 4-29: 11:36:35:118 R-COOKIE 7cbd8ea30bf09a44
 4-29: 11:36:35:118 exchange: Oakley Main Mode
 4-29: 11:36:35:118 flags: 0
 4-29: 11:36:35:118 next payload: KE
 4-29: 11:36:35:118 message ID: 00000000
 4-29: 11:36:35:118
 4-29: 11:36:35:118 Resume: (get) SA = 0x0023a2d8 from xxx.yyy.zzz.110
 4-29: 11:36:35:118 ISAKMP Header: (V1.0), len = 188
 4-29: 11:36:35:118 I-COOKIE 92256e21dcc6c611
 4-29: 11:36:35:118 R-COOKIE 7cbd8ea30bf09a44
 4-29: 11:36:35:118 exchange: Oakley Main Mode
 4-29: 11:36:35:118 flags: 0
 4-29: 11:36:35:118 next payload: KE
 4-29: 11:36:35:118 message ID: 00000000
 4-29: 11:36:35:118 Stopping RetransTimer sa:0023A2D8 centry:00000000 handle:0010C980
 4-29: 11:36:35:118 processing payload KE
 4-29: 11:36:35:118 Generated 128 byte Shared Secret
 4-29: 11:36:35:118 KE processed; DH shared secret computed
 4-29: 11:36:35:118 processing payload NONCE
 4-29: 11:36:35:118 processing payload CR
 4-29: 11:36:35:118 Processing Cert request
 4-29: 11:36:35:118 In state OAK_MM_Key_EXCH
 4-29: 11:36:35:118 skeyid generated; crypto enabled (initiator)
 4-29: 11:36:35:118 constructing ISAKMP Header
 4-29: 11:36:35:118 constructing ID
 4-29: 11:36:35:118 Received no valid CRPs. Using all configured
 4-29: 11:36:35:118 Cert Trustes. 0 0
 4-29: 11:36:35:118 Key Contained Name
 4-29: 11:36:35:118 {09F50BF5-B959-461D-94E2-953B8F8456AE}
 4-29: 11:36:35:118 Found try 1
 4-29: 11:36:35:118 constructing CERT
 4-29: 11:36:35:118 constructing SIG
 4-29: 11:36:35:118 Construct SIG
 4-29: 11:36:35:118 Hash algo 2
 4-29: 11:36:35:118 Initiator ID 090000003071310b3009060355040613
 4-29: 11:36:35:118 024445310c300a060355040813034e44
 4-29: 11:36:35:118 53310e300c060355040a1305666d6561
 4-29: 11:36:35:118 6731133011060355040b130a72776569
 4-29: 11:36:35:118 6e73756e697431133011060355040313
 4-29: 11:36:35:118 0a727765696e736e616d65311a301806
 4-29: 11:36:35:118 092a864886f70d010901160b72776569
 4-29: 11:36:35:118 6e73656d61696c
 4-29: 11:36:35:118 Error 80090016 during CryptSignHash1!

 4-29: 11:36:35:118 Trying KE key
 4-29: 11:36:35:118 Signature Created Successfully
 4-29: 11:36:35:118 Sig LE: ecd11ad0a0e591e4b329feb200ae30bc
 4-29: 11:36:35:118 2ce73c7d6b9cbfbb9de830c841563db3
 4-29: 11:36:35:118 376573550875d7be27f0b4e7c8e9b163
 4-29: 11:36:35:118 6031d1ff6c78e20f9605386c14862f3d
 4-29: 11:36:35:118 6c2c3d6e7758926be59df2599c61145d
 4-29: 11:36:35:118 b19e2f46593b59069e0579b24dc5a5a6
 4-29: 11:36:35:118 093fa7bd56921f429d3b0521ca3d57a2
 4-29: 11:36:35:118 ad48e22f35bf8e8a351736fbae4b0403
 4-29: 11:36:35:118
 4-29: 11:36:35:118 SIG BE: 03044baefb3617358a8ebf352fe248ad
 4-29: 11:36:35:118 a2573dca21053b9d421f9256bda73f09
 4-29: 11:36:35:118 a6a5c54db279059e06593b59462f9eb1
 4-29: 11:36:35:118 5d14619c59f29de56b9258776e3d2c6c
 4-29: 11:36:35:118 3d2f86146c3805960fe2786cffd13160
 4-29: 11:36:35:118 63b1e9c8e7b4f027bed7750855736537
 4-29: 11:36:35:118 b33d5641c830e89dbbbf9c6b7d3ce72c
 4-29: 11:36:35:118 bc30ae00b2fe29b3e491e5a0d01ad1ec
 4-29: 11:36:35:118
 4-29: 11:36:35:118 AuthCount 1
 4-29: 11:36:35:118 Constructing Cert Request
 4-29: 11:36:35:118 Setting CertReq type
 4-29: 11:36:35:118 Throw: State mask=111f
 4-29: 11:36:35:118 Doing tripleDES
 4-29: 11:36:35:118
 4-29: 11:36:35:118 Sending: SA = 0x0023A2D8 to xxx.yyy.zzz.110
 4-29: 11:36:35:118 ISAKMP Header: (V1.0), len = 1428
 4-29: 11:36:35:118 I-COOKIE 92256e21dcc6c611
 4-29: 11:36:35:118 R-COOKIE 7cbd8ea30bf09a44
 4-29: 11:36:35:118 exchange: Oakley Main Mode
 4-29: 11:36:35:118 flags: 1 ( encrypted )
 4-29: 11:36:35:118 next payload: ID
 4-29: 11:36:35:118 message ID: 00000000
 4-29: 11:36:36:118
 4-29: 11:36:36:118 Resume: (get) SA = 0x0023a2d8 from xxx.yyy.zzz.110
 4-29: 11:36:36:118 ISAKMP Header: (V1.0), len = 1284
 4-29: 11:36:36:118 I-COOKIE 92256e21dcc6c611
 4-29: 11:36:36:118 R-COOKIE 7cbd8ea30bf09a44
 4-29: 11:36:36:118 exchange: Oakley Main Mode
 4-29: 11:36:36:118 flags: 1 ( encrypted )
 4-29: 11:36:36:118 next payload: ID
 4-29: 11:36:36:118 message ID: 00000000
 4-29: 11:36:36:118 Doing tripleDES
 4-29: 11:36:36:118 Stopping RetransTimer sa:0023A2D8 centry:00000000 handle:0010C980
 4-29: 11:36:36:118 processing payload ID
 4-29: 11:36:36:118 Process Id
 4-29: 11:36:36:118 Got Cert ID
 4-29: 11:36:36:118 processing payload CERT
 4-29: 11:36:36:118 Processing Cert
 4-29: 11:36:36:118 ProcessingCert
 4-29: 11:36:36:118 processing payload SIG
 4-29: 11:36:36:118 Process SIG
 4-29: 11:36:36:118 Verifying CertStore
 4-29: 11:36:36:118 failed to get chain -2146885628
 4-29: 11:36:36:118 isadb_set_status sa:0023A2D8 centry:00000000 status cbad0321
 4-29: 11:36:36:118 Schlüsselaustauschmodus (Hauptmodus)

 4-29: 11:36:36:118 Quell-IP-Adresse 193.159.67.56

Quell-IP-Adressmaske 255.255.255.255

Ziel-IP-Adresse xxx.yyy.zzz.110

Ziel-IP-Adressmaske 255.255.255.255

Protokoll 0

Quellport 0

Zielport 0

 4-29: 11:36:36:118 Benutzer

 4-29: 11:36:36:118 Die Anmeldeinformationen für die IKE-Authentifizierung werden nicht akzeptiert.

 4-29: 11:36:36:118 ProcessFailure: sa:0023A2D8 centry:00000000 status:cbad0321
 4-29: 11:36:36:118 Not creating notify.
 4-29: 11:38:45:118 SA Dead. sa:0023A2D8 status:cbad0328
 4-29: 11:38:45:118 constructing ISAKMP Header
 4-29: 11:38:45:118 constructing HASH (null)
 4-29: 11:38:45:118 constructing DELETE
 4-29: 11:38:45:118 constructing HASH (ND)
 4-29: 11:38:45:118 Construct ND hash message len = 28 pcklen=80 hashlen=20
 4-29: 11:38:45:118 Construct ND Hash mess ID 33cf837e
 4-29: 11:38:45:118 ND Hash skeyid_a 889085db0df79fe2c4c289aa151d2f35
 4-29: 11:38:45:118 946a2814
 4-29: 11:38:45:118 ND Hash message 0000001c000000010110000192256e21
 4-29: 11:38:45:118 dcc6c6117cbd8ea30bf09a44
 4-29: 11:38:45:118 Throw: State mask=111f
 4-29: 11:38:45:118 Doing tripleDES
 4-29: 11:38:45:118
 4-29: 11:38:45:118 Sending: SA = 0x0023A2D8 to xxx.yyy.zzz.110
 4-29: 11:38:45:118 ISAKMP Header: (V1.0), len = 84
 4-29: 11:38:45:118 I-COOKIE 92256e21dcc6c611
 4-29: 11:38:45:118 R-COOKIE 7cbd8ea30bf09a44
 4-29: 11:38:45:118 exchange: ISAKMP Informational Exchange
 4-29: 11:38:45:118 flags: 1 ( encrypted )
 4-29: 11:38:45:118 next payload: HASH
 4-29: 11:38:45:118 message ID: 33cf837e
 4-29: 11:38:45:118 Deleting SA 0023A2D8
 4-29: 11:38:45:118 Cancelling Timeout 10c980
 4-29: 11:59:18:284 Posting acquire: op=FECAF3A8 src=193.159.67.56.0 dst=192.168.0.6.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=xxx.yyy.zzz.110 Inbound TunnelEndpt=193.159.67.56
 4-29: 11:59:18:284 Acquire thread waiting
 4-29: 11:59:18:118 find(ipsec): 595ab7c9-0bc8-415a-a8cc1fcc8b7467aa
 4-29: 11:59:18:118 outstanding_kernel_req returned 0
 4-29: 11:59:18:118 Created new SA 23a2d8
 4-29: 11:59:18:118 Acquire: src = 193.159.67.56.0000, dst = xxx.yyy.zzz.110.62465, proto = 00, context = FECAF3A8, ProxySrc = 193.159.67.56.0000, ProxyDst = 192.168.0.0.0000 SrcMask = 0.0.0.0 DstMask = 255.255.255.0
 4-29: 11:59:18:118 constructing ISAKMP Header
 4-29: 11:59:18:118 constructing SA (ISAKMP)
 4-29: 11:59:18:118 find(isakmp): 595ab7c9-0bc8-415a-a8cc1fcc8b7467aa
 4-29: 11:59:18:118 Setting group desc
 4-29: 11:59:18:118 Setting group desc
 4-29: 11:59:18:118 Setting group desc
 4-29: 11:59:18:118 Setting group desc
 4-29: 11:59:18:118 Constructing Vendor
 4-29: 11:59:18:118 Throw: State mask=1
 4-29: 11:59:18:118 Added Timeout 10c980
 4-29: 11:59:18:118 Setting Retransmit: sa 23a2d8 handle 10c980 context 23cfe0
 4-29: 11:59:18:118
 4-29: 11:59:18:118 Sending: SA = 0x0023A2D8 to xxx.yyy.zzz.110
 4-29: 11:59:18:118 ISAKMP Header: (V1.0), len = 216
 4-29: 11:59:18:118 I-COOKIE 3845615b2eb4e288
 4-29: 11:59:18:118 R-COOKIE 0000000000000000
 4-29: 11:59:18:118 exchange: Oakley Main Mode
 4-29: 11:59:18:118 flags: 0
 4-29: 11:59:18:118 next payload: SA
 4-29: 11:59:18:118 message ID: 00000000
 4-29: 11:59:18:118
 4-29: 11:59:18:118 Resume: (get) SA = 0x0023a2d8 from xxx.yyy.zzz.110
 4-29: 11:59:18:118 ISAKMP Header: (V1.0), len = 84
 4-29: 11:59:18:118 I-COOKIE 3845615b2eb4e288
 4-29: 11:59:18:118 R-COOKIE d0211e05bd26df8e
 4-29: 11:59:18:118 exchange: Oakley Main Mode
 4-29: 11:59:18:118 flags: 0
 4-29: 11:59:18:118 next payload: SA
 4-29: 11:59:18:118 message ID: 00000000
 4-29: 11:59:18:118 Stopping RetransTimer sa:0023A2D8 centry:00000000 handle:0010C980
 4-29: 11:59:18:118 processing payload SA
 4-29: 11:59:18:118 Received Phase 1 Transform 1
 4-29: 11:59:18:118 Encryption Alg Dreifach-DES CBC(5)
 4-29: 11:59:18:118 Hash Alg SHA(2)
 4-29: 11:59:18:118 Oakley Group 2
 4-29: 11:59:18:118 Auth Method RSA-Signatur mit Zertifikaten(3)
 4-29: 11:59:18:118 Life type in Seconds
 4-29: 11:59:18:118 Life duration of 28800
 4-29: 11:59:18:118 Phase 1 SA accepted: transform=1
 4-29: 11:59:18:118 SA - Oakley proposal accepted
 4-29: 11:59:18:118 In state OAK_MM_SA_SETUP
 4-29: 11:59:18:118 constructing ISAKMP Header
 4-29: 11:59:18:118 constructing KE
 4-29: 11:59:18:118 constructing NONCE (ISAKMP)
 4-29: 11:59:18:118 Throw: State mask=7
 4-29: 11:59:18:118
 4-29: 11:59:18:118 Sending: SA = 0x0023A2D8 to xxx.yyy.zzz.110
 4-29: 11:59:18:118 ISAKMP Header: (V1.0), len = 184
 4-29: 11:59:18:118 I-COOKIE 3845615b2eb4e288
 4-29: 11:59:18:118 R-COOKIE d0211e05bd26df8e
 4-29: 11:59:18:118 exchange: Oakley Main Mode
 4-29: 11:59:18:118 flags: 0
 4-29: 11:59:18:118 next payload: KE
 4-29: 11:59:18:118 message ID: 00000000
 4-29: 11:59:18:118
 4-29: 11:59:18:118 Resume: (get) SA = 0x0023a2d8 from xxx.yyy.zzz.110
 4-29: 11:59:18:118 ISAKMP Header: (V1.0), len = 188
 4-29: 11:59:18:118 I-COOKIE 3845615b2eb4e288
 4-29: 11:59:18:118 R-COOKIE d0211e05bd26df8e
 4-29: 11:59:18:118 exchange: Oakley Main Mode
 4-29: 11:59:18:118 flags: 0
 4-29: 11:59:18:118 next payload: KE
 4-29: 11:59:18:118 message ID: 00000000
 4-29: 11:59:18:118 Stopping RetransTimer sa:0023A2D8 centry:00000000 handle:0010C980
 4-29: 11:59:18:118 processing payload KE
 4-29: 11:59:18:118 Generated 128 byte Shared Secret
 4-29: 11:59:18:118 KE processed; DH shared secret computed
 4-29: 11:59:18:118 processing payload NONCE
 4-29: 11:59:18:118 processing payload CR
 4-29: 11:59:18:118 Processing Cert request
 4-29: 11:59:18:118 In state OAK_MM_Key_EXCH
 4-29: 11:59:18:118 skeyid generated; crypto enabled (initiator)
 4-29: 11:59:18:118 constructing ISAKMP Header
 4-29: 11:59:18:118 constructing ID
 4-29: 11:59:18:118 Received no valid CRPs. Using all configured
 4-29: 11:59:18:118 Cert Trustes. 0 0
 4-29: 11:59:18:118 Key Contained Name
 4-29: 11:59:18:118 {09F50BF5-B959-461D-94E2-953B8F8456AE}
 4-29: 11:59:18:118 Found try 1
 4-29: 11:59:18:118 constructing CERT
 4-29: 11:59:18:118 constructing SIG
 4-29: 11:59:18:118 Construct SIG
 4-29: 11:59:18:118 Hash algo 2
 4-29: 11:59:18:118 Initiator ID 090000003071310b3009060355040613
 4-29: 11:59:18:118 024445310c300a060355040813034e44
 4-29: 11:59:18:118 53310e300c060355040a1305666d6561
 4-29: 11:59:18:118 6731133011060355040b130a72776569
 4-29: 11:59:18:118 6e73756e697431133011060355040313
 4-29: 11:59:18:118 0a727765696e736e616d65311a301806
 4-29: 11:59:18:118 092a864886f70d010901160b72776569
 4-29: 11:59:18:118 6e73656d61696c
 4-29: 11:59:18:118 Error 80090016 during CryptSignHash1!

 4-29: 11:59:18:118 Trying KE key
 4-29: 11:59:18:118 Signature Created Successfully
 4-29: 11:59:18:118 Sig LE: feb73e29e3f1c3fa0e042cecd406f5df
 4-29: 11:59:18:118 ba325825fb807257c3190014e271f0f8
 4-29: 11:59:18:118 ff244cfd384e02cbc60cbc16fde770a9
 4-29: 11:59:18:118 a8fd17011166c86438025c1579ee34f5
 4-29: 11:59:18:118 23e60dc985d846166848d09b86760720
 4-29: 11:59:18:118 f96a3ffb6ab5728037e6023df2df0141
 4-29: 11:59:18:118 47685c77be1acdc8d5912173554069cf
 4-29: 11:59:18:118 f5ffb3d9af3068b3bc15d35c281b33de
 4-29: 11:59:18:118
 4-29: 11:59:18:118 SIG BE: de331b285cd315bcb36830afd9b3fff5
 4-29: 11:59:18:118 cf694055732191d5c8cd1abe775c6847
 4-29: 11:59:18:118 4101dff23d02e6378072b56afb3f6af9
 4-29: 11:59:18:118 200776869bd048681646d885c90de623
 4-29: 11:59:18:118 f534ee79155c023864c866110117fda8
 4-29: 11:59:18:118 a970e7fd16bc0cc6cb024e38fd4c24ff
 4-29: 11:59:18:118 f8f071e2140019c3577280fb255832ba
 4-29: 11:59:18:118 dff506d4ec2c040efac3f1e3293eb7fe
 4-29: 11:59:18:118
 4-29: 11:59:18:118 AuthCount 1
 4-29: 11:59:18:118 Constructing Cert Request
 4-29: 11:59:18:118 Setting CertReq type
 4-29: 11:59:18:118 Throw: State mask=111f
 4-29: 11:59:18:118 Doing tripleDES
 4-29: 11:59:18:118
 4-29: 11:59:18:118 Sending: SA = 0x0023A2D8 to xxx.yyy.zzz.110
 4-29: 11:59:18:118 ISAKMP Header: (V1.0), len = 1428
 4-29: 11:59:18:118 I-COOKIE 3845615b2eb4e288
 4-29: 11:59:18:118 R-COOKIE d0211e05bd26df8e
 4-29: 11:59:18:118 exchange: Oakley Main Mode
 4-29: 11:59:18:118 flags: 1 ( encrypted )
 4-29: 11:59:18:118 next payload: ID
 4-29: 11:59:18:118 message ID: 00000000
 4-29: 11:59:18:118
 4-29: 11:59:18:118 Resume: (get) SA = 0x0023a2d8 from xxx.yyy.zzz.110
 4-29: 11:59:18:118 ISAKMP Header: (V1.0), len = 1284
 4-29: 11:59:18:118 I-COOKIE 3845615b2eb4e288
 4-29: 11:59:18:118 R-COOKIE d0211e05bd26df8e
 4-29: 11:59:18:118 exchange: Oakley Main Mode
 4-29: 11:59:18:118 flags: 1 ( encrypted )
 4-29: 11:59:18:118 next payload: ID
 4-29: 11:59:18:118 message ID: 00000000
 4-29: 11:59:18:118 Doing tripleDES
 4-29: 11:59:18:118 Stopping RetransTimer sa:0023A2D8 centry:00000000 handle:0010C980
 4-29: 11:59:18:118 processing payload ID
 4-29: 11:59:18:118 Process Id
 4-29: 11:59:18:118 Got Cert ID
 4-29: 11:59:18:118 processing payload CERT
 4-29: 11:59:18:118 Processing Cert
 4-29: 11:59:18:118 ProcessingCert
 4-29: 11:59:18:118 processing payload SIG
 4-29: 11:59:18:118 Process SIG
 4-29: 11:59:18:118 Verifying CertStore
 4-29: 11:59:18:118 failed to get chain -2146885628
 4-29: 11:59:18:118 isadb_set_status sa:0023A2D8 centry:00000000 status cbad0321
 4-29: 11:59:18:118 Schlüsselaustauschmodus (Hauptmodus)

 4-29: 11:59:18:118 Quell-IP-Adresse 193.159.67.56

Quell-IP-Adressmaske 255.255.255.255

Ziel-IP-Adresse xxx.yyy.zzz.110

Ziel-IP-Adressmaske 255.255.255.255

Protokoll 0

Quellport 0

Zielport 0

 4-29: 11:59:18:118 Benutzer

 4-29: 11:59:18:118 Die Anmeldeinformationen für die IKE-Authentifizierung werden nicht akzeptiert.

/***** translation ***/
 4-29: 11:59:18:118 The authentification information for IKE authentication are not accepted
 ***** ***/
 
 
 4-29: 11:59:18:118 ProcessFailure: sa:0023A2D8 centry:00000000 status:cbad0321
 4-29: 11:59:18:118 Not creating notify.
 4-29: 12:01:15:118 SA Dead. sa:0023A2D8 status:cbad0328
 4-29: 12:01:15:118 constructing ISAKMP Header
 4-29: 12:01:15:118 constructing HASH (null)
 4-29: 12:01:15:118 constructing DELETE
 4-29: 12:01:15:118 constructing HASH (ND)
 4-29: 12:01:15:118 Construct ND hash message len = 28 pcklen=80 hashlen=20
 4-29: 12:01:15:118 Construct ND Hash mess ID a8ff27bd
 4-29: 12:01:15:118 ND Hash skeyid_a fb90ea92b469b4ca246888a93b08708f
 4-29: 12:01:15:118 4d0aa099
 4-29: 12:01:15:118 ND Hash message 0000001c00000001011000013845615b
 4-29: 12:01:15:118 2eb4e288d0211e05bd26df8e
 4-29: 12:01:15:118 Throw: State mask=111f
 4-29: 12:01:15:118 Doing tripleDES
 4-29: 12:01:15:118
 4-29: 12:01:15:118 Sending: SA = 0x0023A2D8 to xxx.yyy.zzz.110
 4-29: 12:01:15:118 ISAKMP Header: (V1.0), len = 84
 4-29: 12:01:15:118 I-COOKIE 3845615b2eb4e288
 4-29: 12:01:15:118 R-COOKIE d0211e05bd26df8e
 4-29: 12:01:15:118 exchange: ISAKMP Informational Exchange
 4-29: 12:01:15:118 flags: 1 ( encrypted )
 4-29: 12:01:15:118 next payload: HASH
 4-29: 12:01:15:118 message ID: a8ff27bd
 4-29: 12:01:15:118 Deleting SA 0023A2D8
 4-29: 12:01:15:118 Cancelling Timeout 10c980

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:56 CEST