Tanks, but now I get the error: Can not confirm signature.
Oakly log:
5-21: 12:38:08:290 flush guid(ipsec): 31ca0656-1073-4162-b9627b5d5f8b58d0
5-21: 12:38:08:290 Actually flushing guid(ipsec): 31ca0656-1073-4162-b9627b5d5f8b58d0
5-21: 12:38:08:290 isadb_schedule_kill_oldPolicy_sas: 31ca0656-1073-4162-b9627b5d5f8b58d0 0
5-21: 12:38:08:290 Added Timeout 107360
5-21: 12:38:08:290 flush guid(ipsec): 4064e523-7123-43e4-b181849fda05d592
5-21: 12:38:08:290 Actually flushing guid(ipsec): 4064e523-7123-43e4-b181849fda05d592
5-21: 12:38:08:290 isadb_schedule_kill_oldPolicy_sas: 4064e523-7123-43e4-b181849fda05d592 0
5-21: 12:38:08:290 Added Timeout f3b80
5-21: 12:38:08:290 flush guid(ipsec): 928d1287-fb4e-412d-add1209e8bcfc01c
5-21: 12:38:08:290 Actually flushing guid(ipsec): 928d1287-fb4e-412d-add1209e8bcfc01c
5-21: 12:38:08:290 isadb_schedule_kill_oldPolicy_sas: 928d1287-fb4e-412d-add1209e8bcfc01c 0
5-21: 12:38:08:290 Added Timeout 119530
5-21: 12:38:08:290 flush guid(ipsec): 16457ed7-2da1-4480-90c9a8cc47efb02a
5-21: 12:38:08:290 Actually flushing guid(ipsec): 16457ed7-2da1-4480-90c9a8cc47efb02a
5-21: 12:38:08:290 isadb_schedule_kill_oldPolicy_sas: 16457ed7-2da1-4480-90c9a8cc47efb02a 0
5-21: 12:38:08:290 Added Timeout 1193f8
5-21: 12:38:08:290 flush guid(ipsec): f21f4060-0e46-470c-ace693e868f2380d
5-21: 12:38:08:290 Actually flushing guid(ipsec): f21f4060-0e46-470c-ace693e868f2380d
5-21: 12:38:08:290 isadb_schedule_kill_oldPolicy_sas: f21f4060-0e46-470c-ace693e868f2380d 0
5-21: 12:38:08:290 Added Timeout 106bd0
5-21: 12:38:08:124 entered kill_old_policy_sas
5-21: 12:38:08:3fc entered kill_old_policy_sas
5-21: 12:38:08:3fc entered kill_old_policy_sas
5-21: 12:38:08:3fc entered kill_old_policy_sas
5-21: 12:38:08:3fc SA Dead. sa:0028A670 status:cbad0351
5-21: 12:38:08:3fc constructing ISAKMP Header
5-21: 12:38:08:3fc constructing HASH (null)
5-21: 12:38:08:3fc constructing DELETE
5-21: 12:38:08:3fc constructing HASH (ND)
5-21: 12:38:08:3fc Construct ND hash message len = 28 pcklen=80 hashlen=20
5-21: 12:38:08:3fc Construct ND Hash mess ID ddbe0614
5-21: 12:38:08:3fc ND Hash skeyid_a 06eb974a6a2ac223a0473440955b407a
5-21: 12:38:08:3fc 5a9faa45
5-21: 12:38:08:3fc ND Hash message 0000001c0000000101100001211be71e
5-21: 12:38:08:3fc bbbf424af228dd69be4f696c
5-21: 12:38:08:3fc Throw: State mask=111f
5-21: 12:38:08:3fc Doing tripleDES
5-21: 12:38:08:3fc
5-21: 12:38:08:3fc Sending: SA = 0x0028A670 to 212.4.33.157
5-21: 12:38:08:3fc ISAKMP Header: (V1.0), len = 84
5-21: 12:38:08:3fc I-COOKIE 211be71ebbbf424a
5-21: 12:38:08:3fc R-COOKIE f228dd69be4f696c
5-21: 12:38:08:3fc exchange: ISAKMP Informational Exchange
5-21: 12:38:08:3fc flags: 1 ( encrypted )
5-21: 12:38:08:3fc next payload: HASH
5-21: 12:38:08:3fc message ID: ddbe0614
5-21: 12:38:08:3fc entered kill_old_policy_sas
5-21: 12:38:12:3fc Reaper deleting SA 28a670
5-21: 12:38:12:3fc Deleting SA 0028A670
5-21: 12:38:12:3fc Cancelling Timeout ee020
5-21: 12:38:15:290 flush(isakmp): 16ae169e-2c8f-4de4-b3e28de4b6129269
5-21: 12:38:15:290 Oakley group 2 from UI
5-21: 12:38:15:290 Isakmp policy (4 total): 48966917-e43a-4742-a6eb46faeba78e83 PFS=1
5-21: 12:38:15:290 #0: C.Id = 3, H.ID= 2, A.ID = 0, Group = 2 LT=28800 QMs=0
5-21: 12:38:15:290 #1: C.Id = 3, H.ID= 1, A.ID = 0, Group = 2 LT=28800 QMs=0
5-21: 12:38:15:290 #2: C.Id = 1, H.ID= 2, A.ID = 0, Group = 1 LT=28800 QMs=0
5-21: 12:38:15:290 #3: C.Id = 1, H.ID= 1, A.ID = 0, Group = 1 LT=28800 QMs=0
5-21: 12:38:15:290 flush guid(isakmp): 48966917-e43a-4742-a6eb46faeba78e83
5-21: 12:38:15:290 isadb_schedule_kill_oldPolicy_sas: 48966917-e43a-4742-a6eb46faeba78e83 1
5-21: 12:38:15:290 Added Timeout 107360
5-21: 12:38:15:290 Adding policy guid(ipsec): 60c0df58-04b5-403c-b0c918e46ab9c837
5-21: 12:38:15:290 Authentication Method[0] from UI 5
5-21: 12:38:15:290 Auth[0]: 5 Authinfosize: 0
5-21: 12:38:15:290 Flags from UI 0
5-21: 12:38:15:290 Ipsec policy (6 total): 60c0df58-04b5-403c-b0c918e46ab9c837 PFS=11075548
5-21: 12:38:15:290 #0: Encrypt C.Id = 3, C.KeyLen = 64, I.ID = 2,
5-21: 12:38:15:290 #1: Encrypt C.Id = 3, C.KeyLen = 64, I.ID = 1,
5-21: 12:38:15:290 #2: Encrypt C.Id = 1, C.KeyLen = 64, I.ID = 2,
5-21: 12:38:15:290 #3: Encrypt C.Id = 1, C.KeyLen = 64, I.ID = 1,
5-21: 12:38:15:290 #4: Auth C.Id = 2, C.KeyLen = 64, I.ID = 0,
5-21: 12:38:15:290 #5: Auth C.Id = 1, C.KeyLen = 64, I.ID = 0,
5-21: 12:38:15:290 flush guid(ipsec): 60c0df58-04b5-403c-b0c918e46ab9c837
5-21: 12:38:15:290 Adding policy guid(ipsec): 35ff1e0d-4faa-425b-89283331d9036c70
5-21: 12:38:15:290 Authentication Method[0] from UI 3
5-21: 12:38:15:290 Auth[0]: 3 Authinfosize: 85
5-21: 12:38:15:290 Flags from UI 2
5-21: 12:38:15:290 Ipsec policy (1 total): 35ff1e0d-4faa-425b-89283331d9036c70 PFS=11075548
5-21: 12:38:15:290 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
5-21: 12:38:15:290 flush guid(ipsec): 35ff1e0d-4faa-425b-89283331d9036c70
5-21: 12:38:15:290 Adding policy guid(ipsec): d2c21249-15ed-45cf-be17ad62e5d287e1
5-21: 12:38:15:290 Authentication Method[0] from UI 3
5-21: 12:38:15:290 Auth[0]: 3 Authinfosize: 85
5-21: 12:38:15:290 Flags from UI 2
5-21: 12:38:15:290 Ipsec policy (1 total): d2c21249-15ed-45cf-be17ad62e5d287e1 PFS=11075548
5-21: 12:38:15:290 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
5-21: 12:38:15:290 flush guid(ipsec): d2c21249-15ed-45cf-be17ad62e5d287e1
5-21: 12:38:15:3fc entered kill_old_policy_sas
5-21: 12:38:15:290 flush guid(ipsec): 60c0df58-04b5-403c-b0c918e46ab9c837
5-21: 12:38:15:290 Actually flushing guid(ipsec): 60c0df58-04b5-403c-b0c918e46ab9c837
5-21: 12:38:15:290 isadb_schedule_kill_oldPolicy_sas: 60c0df58-04b5-403c-b0c918e46ab9c837 0
5-21: 12:38:15:290 Added Timeout 107360
5-21: 12:38:15:290 flush guid(ipsec): 35ff1e0d-4faa-425b-89283331d9036c70
5-21: 12:38:15:290 Actually flushing guid(ipsec): 35ff1e0d-4faa-425b-89283331d9036c70
5-21: 12:38:15:290 isadb_schedule_kill_oldPolicy_sas: 35ff1e0d-4faa-425b-89283331d9036c70 0
5-21: 12:38:15:290 Added Timeout df078
5-21: 12:38:15:290 flush guid(ipsec): d2c21249-15ed-45cf-be17ad62e5d287e1
5-21: 12:38:15:290 Actually flushing guid(ipsec): d2c21249-15ed-45cf-be17ad62e5d287e1
5-21: 12:38:15:290 isadb_schedule_kill_oldPolicy_sas: d2c21249-15ed-45cf-be17ad62e5d287e1 0
5-21: 12:38:15:290 Added Timeout f6c50
5-21: 12:38:15:290 flush(isakmp): 48966917-e43a-4742-a6eb46faeba78e83
5-21: 12:38:15:290 Oakley group 2 from UI
5-21: 12:38:15:290 Isakmp policy (4 total): 5cd6c6e0-9d30-4d1d-aa1633f8b637d156 PFS=1
5-21: 12:38:15:290 #0: C.Id = 3, H.ID= 2, A.ID = 0, Group = 2 LT=28800 QMs=0
5-21: 12:38:15:290 #1: C.Id = 3, H.ID= 1, A.ID = 0, Group = 2 LT=28800 QMs=0
5-21: 12:38:15:290 #2: C.Id = 1, H.ID= 2, A.ID = 0, Group = 1 LT=28800 QMs=0
5-21: 12:38:15:290 #3: C.Id = 1, H.ID= 1, A.ID = 0, Group = 1 LT=28800 QMs=0
5-21: 12:38:15:290 flush guid(isakmp): 5cd6c6e0-9d30-4d1d-aa1633f8b637d156
5-21: 12:38:15:290 isadb_schedule_kill_oldPolicy_sas: 5cd6c6e0-9d30-4d1d-aa1633f8b637d156 1
5-21: 12:38:15:290 Added Timeout 106bd0
5-21: 12:38:15:290 Adding policy guid(ipsec): 60c0df58-04b5-403c-b0c918e46ab9c837
5-21: 12:38:15:290 Authentication Method[0] from UI 5
5-21: 12:38:15:290 Auth[0]: 5 Authinfosize: 0
5-21: 12:38:15:290 Flags from UI 0
5-21: 12:38:15:290 Ipsec policy (6 total): 60c0df58-04b5-403c-b0c918e46ab9c837 PFS=11075548
5-21: 12:38:15:290 #0: Encrypt C.Id = 3, C.KeyLen = 64, I.ID = 2,
5-21: 12:38:15:290 #1: Encrypt C.Id = 3, C.KeyLen = 64, I.ID = 1,
5-21: 12:38:15:290 #2: Encrypt C.Id = 1, C.KeyLen = 64, I.ID = 2,
5-21: 12:38:15:290 #3: Encrypt C.Id = 1, C.KeyLen = 64, I.ID = 1,
5-21: 12:38:15:290 #4: Auth C.Id = 2, C.KeyLen = 64, I.ID = 0,
5-21: 12:38:15:290 #5: Auth C.Id = 1, C.KeyLen = 64, I.ID = 0,
5-21: 12:38:15:290 flush guid(ipsec): 60c0df58-04b5-403c-b0c918e46ab9c837
5-21: 12:38:15:290 Adding policy guid(ipsec): 35ff1e0d-4faa-425b-89283331d9036c70
5-21: 12:38:15:290 Authentication Method[0] from UI 3
5-21: 12:38:15:290 Auth[0]: 3 Authinfosize: 85
5-21: 12:38:15:290 Flags from UI 2
5-21: 12:38:15:290 Ipsec policy (1 total): 35ff1e0d-4faa-425b-89283331d9036c70 PFS=11075548
5-21: 12:38:15:290 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
5-21: 12:38:15:290 flush guid(ipsec): 35ff1e0d-4faa-425b-89283331d9036c70
5-21: 12:38:15:290 Adding policy guid(ipsec): d2c21249-15ed-45cf-be17ad62e5d287e1
5-21: 12:38:15:290 Authentication Method[0] from UI 3
5-21: 12:38:15:290 Auth[0]: 3 Authinfosize: 85
5-21: 12:38:15:290 Flags from UI 2
5-21: 12:38:15:290 Ipsec policy (1 total): d2c21249-15ed-45cf-be17ad62e5d287e1 PFS=11075548
5-21: 12:38:15:290 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
5-21: 12:38:15:290 flush guid(ipsec): d2c21249-15ed-45cf-be17ad62e5d287e1
5-21: 12:38:15:290 Adding policy guid(ipsec): 3dc7ac63-baeb-4dfd-bd9446c3dcb66676
5-21: 12:38:15:290 Authentication Method[0] from UI 3
5-21: 12:38:15:290 Auth[0]: 3 Authinfosize: 85
5-21: 12:38:15:290 Flags from UI 2
5-21: 12:38:15:290 Ipsec policy (1 total): 3dc7ac63-baeb-4dfd-bd9446c3dcb66676 PFS=11075548
5-21: 12:38:15:290 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
5-21: 12:38:15:290 flush guid(ipsec): 3dc7ac63-baeb-4dfd-bd9446c3dcb66676
5-21: 12:38:15:290 Adding policy guid(ipsec): 3db04e52-2932-48ee-a3f357ad2019a2ae
5-21: 12:38:15:290 Authentication Method[0] from UI 3
5-21: 12:38:15:290 Auth[0]: 3 Authinfosize: 85
5-21: 12:38:15:290 Flags from UI 2
5-21: 12:38:15:290 Ipsec policy (1 total): 3db04e52-2932-48ee-a3f357ad2019a2ae PFS=11075548
5-21: 12:38:15:290 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
5-21: 12:38:15:290 flush guid(ipsec): 3db04e52-2932-48ee-a3f357ad2019a2ae
5-21: 12:38:15:3fc entered kill_old_policy_sas
5-21: 12:38:15:124 entered kill_old_policy_sas
5-21: 12:38:15:124 entered kill_old_policy_sas
5-21: 12:38:15:124 entered kill_old_policy_sas
5-21: 12:40:10:dc Posting acquire: op=814F3128 src=80.212.100.112.0 dst=212.4.33.157.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.255, Tunnel 1, TunnelEndpt=212.4.33.157 Inbound TunnelEndpt=80.212.100.112
5-21: 12:40:10:dc Acquire thread waiting
5-21: 12:40:10:3fc find(ipsec): 35ff1e0d-4faa-425b-89283331d9036c70
5-21: 12:40:10:3fc outstanding_kernel_req returned 0
5-21: 12:40:10:3fc Created new SA 28a670
5-21: 12:40:10:3fc Acquire: src = 80.212.100.112.0000, dst = 212.4.33.157.62465, proto = 00, context = 814F3128, ProxySrc = 80.212.100.112.0000, ProxyDst = 212.4.33.157.0000 SrcMask = 0.0.0.0 DstMask = 0.0.0.0
5-21: 12:40:10:3fc constructing ISAKMP Header
5-21: 12:40:10:3fc constructing SA (ISAKMP)
5-21: 12:40:10:3fc find(isakmp): 35ff1e0d-4faa-425b-89283331d9036c70
5-21: 12:40:10:3fc Setting group desc
5-21: 12:40:10:3fc Setting group desc
5-21: 12:40:10:3fc Setting group desc
5-21: 12:40:10:3fc Setting group desc
5-21: 12:40:10:3fc Constructing Vendor
5-21: 12:40:10:3fc Throw: State mask=1
5-21: 12:40:10:3fc Added Timeout f6c50
5-21: 12:40:10:3fc Setting Retransmit: sa 28a670 handle f6c50 context 28ade0
5-21: 12:40:10:3fc
5-21: 12:40:10:3fc Sending: SA = 0x0028A670 to 212.4.33.157
5-21: 12:40:10:3fc ISAKMP Header: (V1.0), len = 216
5-21: 12:40:10:3fc I-COOKIE 686b9dbf97c688fe
5-21: 12:40:10:3fc R-COOKIE 0000000000000000
5-21: 12:40:10:3fc exchange: Oakley Main Mode
5-21: 12:40:10:3fc flags: 0
5-21: 12:40:10:3fc next payload: SA
5-21: 12:40:10:3fc message ID: 00000000
5-21: 12:40:10:3fc
5-21: 12:40:10:3fc Resume: (get) SA = 0x0028a670 from 212.4.33.157
5-21: 12:40:10:3fc ISAKMP Header: (V1.0), len = 84
5-21: 12:40:10:3fc I-COOKIE 686b9dbf97c688fe
5-21: 12:40:10:3fc R-COOKIE 64ef282b26fe8243
5-21: 12:40:10:3fc exchange: Oakley Main Mode
5-21: 12:40:10:3fc flags: 0
5-21: 12:40:10:3fc next payload: SA
5-21: 12:40:10:3fc message ID: 00000000
5-21: 12:40:10:3fc Stopping RetransTimer sa:0028A670 centry:00000000 handle:000F6C50
5-21: 12:40:10:3fc processing payload SA
5-21: 12:40:10:3fc Received Phase 1 Transform 1
5-21: 12:40:10:3fc Encryption Alg Triple DES CBC(5)
5-21: 12:40:10:3fc Hash Alg SHA(2)
5-21: 12:40:10:3fc Oakley Group 2
5-21: 12:40:10:3fc Auth Method RSA-signatur med sertifikater(3)
5-21: 12:40:10:3fc Life type in Seconds
5-21: 12:40:10:3fc Life duration of 28800
5-21: 12:40:10:3fc Phase 1 SA accepted: transform=1
5-21: 12:40:10:3fc SA - Oakley proposal accepted
5-21: 12:40:10:3fc In state OAK_MM_SA_SETUP
5-21: 12:40:10:3fc constructing ISAKMP Header
5-21: 12:40:10:3fc constructing KE
5-21: 12:40:10:3fc constructing NONCE (ISAKMP)
5-21: 12:40:10:3fc Throw: State mask=7
5-21: 12:40:10:3fc
5-21: 12:40:10:3fc Sending: SA = 0x0028A670 to 212.4.33.157
5-21: 12:40:10:3fc ISAKMP Header: (V1.0), len = 184
5-21: 12:40:10:3fc I-COOKIE 686b9dbf97c688fe
5-21: 12:40:10:3fc R-COOKIE 64ef282b26fe8243
5-21: 12:40:10:3fc exchange: Oakley Main Mode
5-21: 12:40:10:3fc flags: 0
5-21: 12:40:10:3fc next payload: KE
5-21: 12:40:10:3fc message ID: 00000000
5-21: 12:40:11:3fc
5-21: 12:40:11:3fc Resume: (get) SA = 0x0028a670 from 212.4.33.157
5-21: 12:40:11:3fc ISAKMP Header: (V1.0), len = 188
5-21: 12:40:11:3fc I-COOKIE 686b9dbf97c688fe
5-21: 12:40:11:3fc R-COOKIE 64ef282b26fe8243
5-21: 12:40:11:3fc exchange: Oakley Main Mode
5-21: 12:40:11:3fc flags: 0
5-21: 12:40:11:3fc next payload: KE
5-21: 12:40:11:3fc message ID: 00000000
5-21: 12:40:11:3fc Stopping RetransTimer sa:0028A670 centry:00000000 handle:000F6C50
5-21: 12:40:11:3fc processing payload KE
5-21: 12:40:11:3fc Generated 128 byte Shared Secret
5-21: 12:40:11:3fc KE processed; DH shared secret computed
5-21: 12:40:11:3fc processing payload NONCE
5-21: 12:40:11:3fc processing payload CR
5-21: 12:40:11:3fc Processing Cert request
5-21: 12:40:11:3fc In state OAK_MM_Key_EXCH
5-21: 12:40:11:3fc skeyid generated; crypto enabled (initiator)
5-21: 12:40:11:3fc constructing ISAKMP Header
5-21: 12:40:11:3fc constructing ID
5-21: 12:40:11:3fc Received no valid CRPs. Using all configured
5-21: 12:40:11:3fc Cert Trustes. 0 0
5-21: 12:40:11:3fc Key Contained Name
5-21: 12:40:11:3fc {02305650-945D-4133-B50D-C3E3C9C10A95}
5-21: 12:40:11:3fc Found try 1
5-21: 12:40:11:3fc constructing CERT
5-21: 12:40:11:3fc constructing SIG
5-21: 12:40:11:3fc Construct SIG
5-21: 12:40:11:3fc Hash algo 2
5-21: 12:40:11:3fc Initiator ID 09000000307f310b3009060355040613
5-21: 12:40:11:3fc 024e4f31123010060355040813096175
5-21: 12:40:11:3fc 737461676465723110300e0603550407
5-21: 12:40:11:3fc 13076172656e64616c3110300e060355
5-21: 12:40:11:3fc 040a13076e657474656368311a301806
5-21: 12:40:11:3fc 03550403131177696e686f73742e6861
5-21: 12:40:11:3fc 6d6d65722e6e6f311c301a06092a8648
5-21: 12:40:11:3fc 86f70d010901160d7277406e65747465
5-21: 12:40:11:3fc 63682e6e6f
5-21: 12:40:11:3fc Error 80090016 during CryptSignHash1!
5-21: 12:40:11:3fc Trying KE key
5-21: 12:40:11:3fc Signature Created Successfully
5-21: 12:40:11:3fc Sig LE: 81c285cce984f542b778472ef36c247c
5-21: 12:40:11:3fc 0c028b2872961f9a5448305f79bfcf1a
5-21: 12:40:11:3fc df21e800eececc98657e98d0ead60700
5-21: 12:40:11:3fc dde89f350e973207725092897093e19f
5-21: 12:40:11:3fc 38cb3031308ce5b19b0206cf0a2f99e4
5-21: 12:40:11:3fc 080ca9f2467edb3a284598de7961eeb6
5-21: 12:40:11:3fc 3b6c27b5d0e0531a857d380fb1a7f95a
5-21: 12:40:11:3fc f8289f26f8b9b79eb0e1c55379882c4f
5-21: 12:40:11:3fc 677550caa97506979b0a1f994be681ef
5-21: 12:40:11:3fc 0ea674a364716ac1638269388f84902e
5-21: 12:40:11:3fc 93fdf9e7b21c19a1f07a78dbbe0331e4
5-21: 12:40:11:3fc 6c1c350718b5b14f47eba5d34eef64c5
5-21: 12:40:11:3fc ef7ca691e14927bfb4461d44d3ff099b
5-21: 12:40:11:3fc 75e39761238bc8c67fa12bf54862e457
5-21: 12:40:11:3fc c34601c2d1c15c1763ac3051ed64880c
5-21: 12:40:11:3fc ae31669b040baeec4c5815cbc1f1ce7c
5-21: 12:40:11:3fc
5-21: 12:40:11:3fc SIG BE: 7ccef1c1cb15584cecae0b049b6631ae
5-21: 12:40:11:3fc 0c8864ed5130ac63175cc1d1c20146c3
5-21: 12:40:11:3fc 57e6548f52ba17fc6c88b236197e375
5-21: 12:40:11:3fc 9b09ffd3441d46b4bf2749e191a67cef
5-21: 12:40:11:3fc c564ef4ed3a5eb474fb1b51807351c6c
5-21: 12:40:11:3fc e43103bedb787af0a1191cb2e7f9fd93
5-21: 12:40:11:3fc 2e90848f38698263c16a7164a374a60e
5-21: 12:40:11:3fc ef81e64b991f0a9b970675a9cae07267
5-21: 12:40:11:3fc 4f2c887953c5e1b09eb7b9f8269f28f8
5-21: 12:40:11:3fc 5af9a7b10f387d851a53e0d0b5276c3b
5-21: 12:40:11:3fc b6ee6179de9845283adb7e46f2a90c08
5-21: 12:40:11:3fc e4992f0acf06029bb1e58c303130cb38
5-21: 12:40:11:3fc 9fe19370899250720732970e359fe8dd
5-21: 12:40:11:3fc 0007d6ead0987e6598ccceee00e821df
5-21: 12:40:11:3fc 1acfbf795f3048549a1f9672288b020c
5-21: 12:40:11:3fc 7c246cf32e4778b742f584e9cc85c281
5-21: 12:40:11:3fc
5-21: 12:40:11:3fc AuthCount 1
5-21: 12:40:11:3fc Constructing Cert Request
5-21: 12:40:11:3fc Setting CertReq type
5-21: 12:40:11:3fc Throw: State mask=111f
5-21: 12:40:11:3fc Doing tripleDES
5-21: 12:40:11:3fc
5-21: 12:40:11:3fc Sending: SA = 0x0028A670 to 212.4.33.157
5-21: 12:40:11:3fc ISAKMP Header: (V1.0), len = 1588
5-21: 12:40:11:3fc I-COOKIE 686b9dbf97c688fe
5-21: 12:40:11:3fc R-COOKIE 64ef282b26fe8243
5-21: 12:40:11:3fc exchange: Oakley Main Mode
5-21: 12:40:11:3fc flags: 1 ( encrypted )
5-21: 12:40:11:3fc next payload: ID
5-21: 12:40:11:3fc message ID: 00000000
5-21: 12:40:11:3fc
5-21: 12:40:11:3fc Resume: (get) SA = 0x0028a670 from 212.4.33.157
5-21: 12:40:11:3fc ISAKMP Header: (V1.0), len = 1452
5-21: 12:40:11:3fc I-COOKIE 686b9dbf97c688fe
5-21: 12:40:11:3fc R-COOKIE 64ef282b26fe8243
5-21: 12:40:11:3fc exchange: Oakley Main Mode
5-21: 12:40:11:3fc flags: 1 ( encrypted )
5-21: 12:40:11:3fc next payload: ID
5-21: 12:40:11:3fc message ID: 00000000
5-21: 12:40:11:3fc Doing tripleDES
5-21: 12:40:11:3fc Stopping RetransTimer sa:0028A670 centry:00000000 handle:000F6C50
5-21: 12:40:11:3fc processing payload ID
5-21: 12:40:11:3fc Process Id
5-21: 12:40:11:3fc Got Cert ID
5-21: 12:40:11:3fc processing payload CERT
5-21: 12:40:11:3fc Processing Cert
5-21: 12:40:11:3fc ProcessingCert
5-21: 12:40:11:3fc processing payload SIG
5-21: 12:40:11:3fc Process SIG
5-21: 12:40:11:3fc Verifying CertStore
5-21: 12:40:11:3fc Trust failed. 2 0
5-21: 12:40:11:3fc Cert Trustes. 2 0
5-21: 12:40:11:3fc Subject names match
5-21: 12:40:11:3fc Cert lifetime in seconds low 314272885, high 0
5-21: 12:40:11:3fc Sertifikatbasert identitet.
Emne NO, austagder, nettech, gw.hammer.no, rw_at_nettech.no
Utstedende sertifiseringsinstans NO, austagder, nettech, lars_at_nettech.no
Rotsertifiseringsinstans NO, austagder, nettech, lars_at_nettech.no
Ekstern maskins IP-adresse: 212.4.33.157
5-21: 12:40:11:3fc Kilde-IP-adresse 80.212.100.112
Kilde-IP-adressemaske 255.255.255.255
Mål-IP-adresse 212.4.33.157
Mål-IP-adressemaske 255.255.255.255
Protokoll 0
Kildeport 0
Målport 0
5-21: 12:40:11:3fc Responder ID 090000003068310b3009060355040613
5-21: 12:40:11:3fc 024e4f31123010060355040813096175
5-21: 12:40:11:3fc 737461676465723110300e060355040a
5-21: 12:40:11:3fc 13076e65747465636831153013060355
5-21: 12:40:11:3fc 0403130c67772e68616d6d65722e6e6f
5-21: 12:40:11:3fc 311c301a06092a864886f70d01090116
5-21: 12:40:11:3fc 0d7277406e6574746563682e6e6f
5-21: 12:40:11:3fc Sig to Verify a13082bc4e37c473c5ff0898103e20dc
5-21: 12:40:11:3fc ad0e154580614a6b7be0f8be1b27097b
5-21: 12:40:11:3fc 934e043e3294542421262517908aa6e
5-21: 12:40:11:3fc bee048e065e9b8b7d1045f758e0e299d
5-21: 12:40:11:3fc be5bebfdfd7b9155e170bb029887928f
5-21: 12:40:11:3fc b3602373ce4ef3d4917a4f15e9b1be23
5-21: 12:40:11:3fc 385daec93a131a30b66bf45220f8c8a9
5-21: 12:40:11:3fc 1495db96ab5cb62ba9ffb03ee1aba91f
5-21: 12:40:11:3fc 01f02f9561dd04b84dc30b794d654837
5-21: 12:40:11:3fc 534fafedb85d863256850d77815ce5f3
5-21: 12:40:11:3fc 689db134fdfcb81de25e3e8a6fb8b5fe
5-21: 12:40:11:3fc 82dcc9b74e2f6d203f73bf3609aa7890
5-21: 12:40:11:3fc 81743ad41ecfeae3cb5cad0d16952911
5-21: 12:40:11:3fc 1e8c08f69639769e2d5881802698ea4e
5-21: 12:40:11:3fc d7b08bba2d60b07cd1177769e7de75ec
5-21: 12:40:11:3fc 8f385d8b607adbd0ec13d52a32deb746
5-21: 12:40:11:3fc
5-21: 12:40:11:3fc Error 0 during CryptVerifySignature!
5-21: 12:40:11:3fc constructing ISAKMP Header
5-21: 12:40:11:3fc constructing HASH (null)
5-21: 12:40:11:3fc constructing NOTIFY 24
5-21: 12:40:11:3fc constructing HASH (ND)
5-21: 12:40:11:3fc Construct ND hash message len = 28 pcklen=80 hashlen=20
5-21: 12:40:11:3fc Construct ND Hash mess ID fe3c4f41
5-21: 12:40:11:3fc ND Hash skeyid_a 03799ff8018408eaccd939f4d120f689
5-21: 12:40:11:3fc 530a1c68
5-21: 12:40:11:3fc ND Hash message 0000001c0000000101100018686b9dbf
5-21: 12:40:11:3fc 97c688fe64ef282b26fe8243
5-21: 12:40:11:3fc isadb_set_status sa:0028A670 centry:00000000 status cbad033a
5-21: 12:40:11:3fc Nøkkelutvekslingsmodus (hovedmodus)
5-21: 12:40:11:3fc Kilde-IP-adresse 80.212.100.112
Kilde-IP-adressemaske 255.255.255.255
Mål-IP-adresse 212.4.33.157
Mål-IP-adressemaske 255.255.255.255
Protokoll 0
Kildeport 0
Målport 0
5-21: 12:40:11:3fc Jeg # Norwegian for: I
5-21: 12:40:11:3fc Kan ikke bekrefte signatur # Norwegian for: can not confirm signature
5-21: 12:40:11:3fc ProcessFailure: sa:0028A670 centry:00000000 status:cbad033a
5-21: 12:40:11:3fc Notify already constructed. Ignoring. Sa 0028A670
5-21: 12:40:11:3fc Throw: State mask=200111f
5-21: 12:40:11:3fc Doing tripleDES
5-21: 12:40:11:3fc
5-21: 12:40:11:3fc Sending: SA = 0x0028A670 to 212.4.33.157
5-21: 12:40:11:3fc ISAKMP Header: (V1.0), len = 84
5-21: 12:40:11:3fc I-COOKIE 686b9dbf97c688fe
5-21: 12:40:11:3fc R-COOKIE 64ef282b26fe8243
5-21: 12:40:11:3fc exchange: ISAKMP Informational Exchange
5-21: 12:40:11:3fc flags: 1 ( encrypted )
5-21: 12:40:11:3fc next payload: HASH
5-21: 12:40:11:3fc message ID: fe3c4f41
5-21: 12:41:57:3fc SA Dead. sa:0028A670 status:cbad0328
5-21: 12:41:57:3fc constructing ISAKMP Header
5-21: 12:41:57:3fc constructing HASH (null)
5-21: 12:41:57:3fc constructing DELETE
5-21: 12:41:57:3fc constructing HASH (ND)
5-21: 12:41:57:3fc Construct ND hash message len = 28 pcklen=80 hashlen=20
5-21: 12:41:57:3fc Construct ND Hash mess ID 6d303654
5-21: 12:41:57:3fc ND Hash skeyid_a 03799ff8018408eaccd939f4d120f689
5-21: 12:41:57:3fc 530a1c68
5-21: 12:41:57:3fc ND Hash message 0000001c0000000101100001686b9dbf
5-21: 12:41:57:3fc 97c688fe64ef282b26fe8243
5-21: 12:41:57:3fc Throw: State mask=111f
5-21: 12:41:57:3fc Doing tripleDES
5-21: 12:41:57:3fc
5-21: 12:41:57:3fc Sending: SA = 0x0028A670 to 212.4.33.157
5-21: 12:41:57:3fc ISAKMP Header: (V1.0), len = 84
5-21: 12:41:57:3fc I-COOKIE 686b9dbf97c688fe
5-21: 12:41:57:3fc R-COOKIE 64ef282b26fe8243
5-21: 12:41:57:3fc exchange: ISAKMP Informational Exchange
5-21: 12:41:57:3fc flags: 1 ( encrypted )
5-21: 12:41:57:3fc next payload: HASH
5-21: 12:41:57:3fc message ID: 6d303654
5-21: 12:41:57:3fc Deleting SA 0028A670
5-21: 12:41:57:3fc Cancelling Timeout f6c50
/var/log/secure:
May 21 12:38:02 gw Pluto[18371]: packet from 80.212.100.112:500: ignoring Vendor ID payload
May 21 12:38:02 gw Pluto[18371]: "roadwarrior-net" 80.212.100.112 #9: responding to Main Mode from unknown peer 80.212.100.112
May 21 12:38:03 gw Pluto[18371]: "roadwarrior-net" 80.212.100.112 #9: Peer ID is ID_DER_ASN1_DN: 'C=NO, ST=austagder, L=arendal,
O=nettech, CN=winhost.hammer.no, E=rw_at_nettech.no'
May 21 12:38:03 gw Pluto[18371]: "roadwarrior-net" 80.212.100.112 #9: sent MR3, ISAKMP SA established
May 21 12:38:03 gw Pluto[18371]: "roadwarrior-net" 80.212.100.112 #9: ignoring informational payload, type AUTHENTICATION_FAILED
May 21 12:38:03 gw Pluto[18371]: "roadwarrior-net" 80.212.100.112 #9: received and ignored informational message
May 21 12:39:49 gw Pluto[18371]: "roadwarrior-net" 80.212.100.112 #9: ignoring Delete SA payload
May 21 12:39:49 gw Pluto[18371]: "roadwarrior-net" 80.212.100.112 #9: received and ignored informational message
----- Original Message -----
From: "Andreas Steffen" <andreas.steffen_at_zhwin.ch>
To: "Lars Stea" <lars_at_stea.no>
Cc: <users_at_lists.freeswan.org>
Sent: Tuesday, May 21, 2002 7:21 AM
Subject: Re: [Users] incomplete ISAKMP SA
Have you checked whether the lifetime of the CA certificate is an outer
bracket of the lifetime of the w2k host certificate. If this is not
the case then w2k does not accept the host certificate because the
CA cert will expire earlier. The best thing is first to generate a CA
cert with a lifetime of 2-4 years and then issue host certs with a
validity of one year.
Regards
Andreas
> Lars Stea wrote:
>
> I am running Freeswan on a test firewall at work. I have applied the x509
> patch and tested that roadwarrior connections work from my laptop at home.
> When I reboot my laptop however and test my setup in windows 2000, it dowsn't
> work at all. I am running the ipsec.exe utility.
> The Oakly logs say something about "IKE can not find valid machine
> certificate". I guess this is the error but I don't understand how to fix it.
> When I open the mmc snapin I se the importet certificate in three places:
>
> IP-Securitypolicy of local computer --> Freeswan
> Certificate(local computer)
> l
> ---->Personal
> l l
> l ---->Certificates
> l l
> l ---->clienthost.hammer.no
> l
> ---->rootca's
> l
> ---->Certificates
> l
> ----->nettech
>
> Please help me and I'll write an howto on this.
>
> Lars Stea
>
> lars_at_stea.no
>
>
>
>
> Here are my configs:
>
>
> LINUX GATEWAY: /etc/ipsec.conf:
>
> config setup
> interfaces=%defaultroute
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> plutostart=%search
> uniqueids=yes
>
>
> conn %default
> keyingtries=1
> compress=yes
> disablearrivalcheck=no
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> left=%defaultroute
> leftcert=gw.hammer.no.pem
> auto=add
> pfs=yes
>
> conn roadwarrior
> right=%any
>
>
> conn roadwarrior-net
> leftsubnet=192.168.22.0/255.255.255.0
> right=%any
>
>
>
> WIN2000: c:\ipsec\ipsec.conf:
>
> conn roadwarrior
> left=%any
> right=212.4.33.157
> rightca="C=NO, ST=austagder, O=nettech, Email=lars_at_nettech.no"
> network=auto
> auto=start
> pfs=yes
>
> conn roadwarrior-net
> left=%any
> right=212.4.33.157
> rightsubnet=192.168.22.0/24
> rightca="C=NO, ST=austagder, O=nettech, Email=lars_at_nettech.no"
> network=auto
> auto=start
> pfs=yes
>
>
>
>
> oakly output:
>
>
> 5-21: 03:36:52:dc Posting acquire: op=8141B848 src=80.212.101.154.0
> dst=212.4.33.157.0 proto = 0, SrcMask=255.255.255.255,
> DstMask=255.255.255.255, Tunnel 1, TunnelEndpt=212.4.33.157 Inbound
> TunnelEndpt=80.212.101.154
> 5-21: 03:36:52:dc Acquire thread waiting
> 5-21: 03:36:52:4e8 find(ipsec): e4c3ba91-47e1-4032-9822ee472a0a3fd5
> 5-21: 03:36:52:4e8 outstanding_kernel_req returned 0
> 5-21: 03:36:52:4e8 Created new SA 28a660
> 5-21: 03:36:52:4e8 Acquire: src = 80.212.101.154.0000, dst =
> 212.4.33.157.62465, proto = 00, context = 8141B848, ProxySrc =
> 80.212.101.154.0000, ProxyDst = 212.4.33.157.0000 SrcMask = 0.0.0.0 DstMask =
> 0.0.0.0
> 5-21: 03:36:52:4e8 constructing ISAKMP Header
> 5-21: 03:36:52:4e8 constructing SA (ISAKMP)
> 5-21: 03:36:52:4e8 find(isakmp): e4c3ba91-47e1-4032-9822ee472a0a3fd5
> 5-21: 03:36:52:4e8 Setting group desc
> 5-21: 03:36:52:4e8 Setting group desc
> 5-21: 03:36:52:4e8 Setting group desc
> 5-21: 03:36:52:4e8 Setting group desc
> 5-21: 03:36:52:4e8 Constructing Vendor
> 5-21: 03:36:52:4e8 Throw: State mask=1
> 5-21: 03:36:52:4e8 Added Timeout 10e458
> 5-21: 03:36:52:4e8 Setting Retransmit: sa 28a660 handle 10e458 context 28ae68
> 5-21: 03:36:52:4e8
> 5-21: 03:36:52:4e8 Sending: SA = 0x0028A660 to 212.4.33.157
> 5-21: 03:36:52:4e8 ISAKMP Header: (V1.0), len = 216
> 5-21: 03:36:52:4e8 I-COOKIE 86588f5142e28783
> 5-21: 03:36:52:4e8 R-COOKIE 0000000000000000
> 5-21: 03:36:52:4e8 exchange: Oakley Main Mode
> 5-21: 03:36:52:4e8 flags: 0
> 5-21: 03:36:52:4e8 next payload: SA
> 5-21: 03:36:52:4e8 message ID: 00000000
> 5-21: 03:36:53:4e8
> 5-21: 03:36:53:4e8 Resume: (get) SA = 0x0028a660 from 212.4.33.157
> 5-21: 03:36:53:4e8 ISAKMP Header: (V1.0), len = 84
> 5-21: 03:36:53:4e8 I-COOKIE 86588f5142e28783
> 5-21: 03:36:53:4e8 R-COOKIE b5530056aed53684
> 5-21: 03:36:53:4e8 exchange: Oakley Main Mode
> 5-21: 03:36:53:4e8 flags: 0
> 5-21: 03:36:53:4e8 next payload: SA
> 5-21: 03:36:53:4e8 message ID: 00000000
> 5-21: 03:36:53:4e8 Stopping RetransTimer sa:0028A660 centry:00000000
> handle:0010E458
> 5-21: 03:36:53:4e8 processing payload SA
> 5-21: 03:36:53:4e8 Received Phase 1 Transform 1
> 5-21: 03:36:53:4e8 Encryption Alg Triple DES CBC(5)
> 5-21: 03:36:53:4e8 Hash Alg SHA(2)
> 5-21: 03:36:53:4e8 Oakley Group 2
> 5-21: 03:36:53:4e8 Auth Method RSA-signatur med sertifikater(3)
> 5-21: 03:36:53:4e8 Life type in Seconds
> 5-21: 03:36:53:4e8 Life duration of 28800
> 5-21: 03:36:53:4e8 Phase 1 SA accepted: transform=1
> 5-21: 03:36:53:4e8 SA - Oakley proposal accepted
> 5-21: 03:36:53:4e8 In state OAK_MM_SA_SETUP
> 5-21: 03:36:53:4e8 constructing ISAKMP Header
> 5-21: 03:36:53:4e8 constructing KE
> 5-21: 03:36:53:4e8 constructing NONCE (ISAKMP)
> 5-21: 03:36:53:4e8 Throw: State mask=7
> 5-21: 03:36:53:4e8
> 5-21: 03:36:53:4e8 Sending: SA = 0x0028A660 to 212.4.33.157
> 5-21: 03:36:53:4e8 ISAKMP Header: (V1.0), len = 184
> 5-21: 03:36:53:4e8 I-COOKIE 86588f5142e28783
> 5-21: 03:36:53:4e8 R-COOKIE b5530056aed53684
> 5-21: 03:36:53:4e8 exchange: Oakley Main Mode
> 5-21: 03:36:53:4e8 flags: 0
> 5-21: 03:36:53:4e8 next payload: KE
> 5-21: 03:36:53:4e8 message ID: 00000000
> 5-21: 03:36:53:4e8
> 5-21: 03:36:53:4e8 Resume: (get) SA = 0x0028a660 from 212.4.33.157
> 5-21: 03:36:53:4e8 ISAKMP Header: (V1.0), len = 188
> 5-21: 03:36:53:4e8 I-COOKIE 86588f5142e28783
> 5-21: 03:36:53:4e8 R-COOKIE b5530056aed53684
> 5-21: 03:36:53:4e8 exchange: Oakley Main Mode
> 5-21: 03:36:53:4e8 flags: 0
> 5-21: 03:36:53:4e8 next payload: KE
> 5-21: 03:36:53:4e8 message ID: 00000000
> 5-21: 03:36:53:4e8 Stopping RetransTimer sa:0028A660 centry:00000000
> handle:0010E458
> 5-21: 03:36:53:4e8 processing payload KE
> 5-21: 03:36:53:4e8 Generated 128 byte Shared Secret
> 5-21: 03:36:53:4e8 KE processed; DH shared secret computed
> 5-21: 03:36:53:4e8 processing payload NONCE
> 5-21: 03:36:53:4e8 processing payload CR
> 5-21: 03:36:53:4e8 Processing Cert request
> 5-21: 03:36:53:4e8 In state OAK_MM_Key_EXCH
> 5-21: 03:36:53:4e8 skeyid generated; crypto enabled (initiator)
> 5-21: 03:36:53:4e8 constructing ISAKMP Header
> 5-21: 03:36:53:4e8 constructing ID
> 5-21: 03:36:53:4e8 Received no valid CRPs. Using all configured
> 5-21: 03:36:53:4e8 Trust failed. 2 0
> 5-21: 03:36:53:4e8 Received no valid CRPs. Using all configured
> 5-21: 03:36:53:4e8 failed to get chain -2146885628
> 5-21: 03:36:53:4e8 ProcessFailure: sa:0028A660 centry:00000000
> status:cbad0326
> 5-21: 03:36:53:4e8 isadb_set_status sa:0028A660 centry:00000000 status
> cbad0326
> 5-21: 03:36:53:4e8 Nøkkelutvekslingsmodus (hovedmodus)
>
>
> 5-21: 03:36:53:4e8 Kilde-IP-adresse 80.212.101.154
>
> Kilde-IP-adressemaske 255.255.255.255
>
> Mål-IP-adresse 212.4.33.157
>
> Mål-IP-adressemaske 255.255.255.255
>
> Protokoll 0
>
> Kildeport 0
>
> Målport 0
>
>
> 5-21: 03:36:53:4e8 Jeg
>
>
> 5-21: 03:36:53:4e8 IKE mislyktes med å finne et gyldig maskinsertifikat #
> This is norwegian and meanss: IKE could not find any valid machine
> certificate
>
>
> 5-21: 03:36:53:4e8 ProcessFailure: sa:0028A660 centry:00000000
> status:cbad0326
> 5-21: 03:36:53:4e8 constructing ISAKMP Header
> 5-21: 03:36:53:4e8 constructing HASH (null)
> 5-21: 03:36:53:4e8 constructing NOTIFY 28
> 5-21: 03:36:53:4e8 constructing HASH (ND)
> 5-21: 03:36:53:4e8 Construct ND hash message len = 28 pcklen=80 hashlen=20
> 5-21: 03:36:53:4e8 Construct ND Hash mess ID 00dc92ef
> 5-21: 03:36:53:4e8 ND Hash skeyid_a 8c359039c684507b8cd146294a2e7f43
> 5-21: 03:36:53:4e8 3168bf3b
> 5-21: 03:36:53:4e8 ND Hash message 0000001c000000010110001c86588f51
> 5-21: 03:36:53:4e8 42e28783b5530056aed53684
> 5-21: 03:36:53:4e8 Throw: State mask=200110f
> 5-21: 03:36:53:4e8 Doing tripleDES
> 5-21: 03:36:53:4e8
> 5-21: 03:36:53:4e8 Sending: SA = 0x0028A660 to 212.4.33.157
> 5-21: 03:36:53:4e8 ISAKMP Header: (V1.0), len = 84
> 5-21: 03:36:53:4e8 I-COOKIE 86588f5142e28783
> 5-21: 03:36:53:4e8 R-COOKIE b5530056aed53684
> 5-21: 03:36:53:4e8 exchange: ISAKMP Informational Exchange
> 5-21: 03:36:53:4e8 flags: 1 ( encrypted )
> 5-21: 03:36:53:4e8 next payload: HASH
> 5-21: 03:36:53:4e8 message ID: 00dc92ef
> 5-21: 03:37:03:4e8
> 5-21: 03:37:03:4e8 Resume: (get) SA = 0x0028a660 from 212.4.33.157
> 5-21: 03:37:03:4e8 ISAKMP Header: (V1.0), len = 188
> 5-21: 03:37:03:4e8 I-COOKIE 86588f5142e28783
> 5-21: 03:37:03:4e8 R-COOKIE b5530056aed53684
> 5-21: 03:37:03:4e8 exchange: Oakley Main Mode
> 5-21: 03:37:03:4e8 flags: 0
> 5-21: 03:37:03:4e8 next payload: KE
> 5-21: 03:37:03:4e8 message ID: 00000000
> 5-21: 03:37:03:4e8 received an unencrypted packet when crypto active
> 5-21: 03:37:03:4e8 GetPacket failed cbad0324
> 5-21: 03:37:23:4e8
> 5-21: 03:37:23:4e8 Resume: (get) SA = 0x0028a660 from 212.4.33.157
> 5-21: 03:37:23:4e8 ISAKMP Header: (V1.0), len = 188
> 5-21: 03:37:23:4e8 I-COOKIE 86588f5142e28783
> 5-21: 03:37:23:4e8 R-COOKIE b5530056aed53684
> 5-21: 03:37:23:4e8 exchange: Oakley Main Mode
> 5-21: 03:37:23:4e8 flags: 0
> 5-21: 03:37:23:4e8 next payload: KE
> 5-21: 03:37:23:4e8 message ID: 00000000
> 5-21: 03:37:23:4e8 received an unencrypted packet when crypto active
> 5-21: 03:37:23:4e8 GetPacket failed cbad0324
> 5-21: 03:38:31:4e8 SA Dead. sa:0028A660 status:cbad0328
> 5-21: 03:38:31:4e8 constructing ISAKMP Header
> 5-21: 03:38:31:4e8 constructing HASH (null)
> 5-21: 03:38:31:4e8 constructing DELETE
> 5-21: 03:38:31:4e8 constructing HASH (ND)
> 5-21: 03:38:31:4e8 Construct ND hash message len = 28 pcklen=80 hashlen=20
> 5-21: 03:38:31:4e8 Construct ND Hash mess ID 7284e283
> 5-21: 03:38:31:4e8 ND Hash skeyid_a 8c359039c684507b8cd146294a2e7f43
> 5-21: 03:38:31:4e8 3168bf3b
> 5-21: 03:38:31:4e8 ND Hash message 0000001c000000010110000186588f51
> 5-21: 03:38:31:4e8 42e28783b5530056aed53684
> 5-21: 03:38:31:4e8 Throw: State mask=110f
> 5-21: 03:38:31:4e8 Doing tripleDES
> 5-21: 03:38:31:4e8
> 5-21: 03:38:31:4e8 Sending: SA = 0x0028A660 to 212.4.33.157
> 5-21: 03:38:31:4e8 ISAKMP Header: (V1.0), len = 84
> 5-21: 03:38:31:4e8 I-COOKIE 86588f5142e28783
> 5-21: 03:38:31:4e8 R-COOKIE b5530056aed53684
> 5-21: 03:38:31:4e8 exchange: ISAKMP Informational Exchange
> 5-21: 03:38:31:4e8 flags: 1 ( encrypted )
> 5-21: 03:38:31:4e8 next payload: HASH
> 5-21: 03:38:31:4e8 message ID: 7284e283
> 5-21: 03:38:31:4e8 Deleting SA 0028A660
> 5-21: 03:38:31:4e8 Cancelling Timeout 10e458
>
>
> /var/log/secure:
>
>
> May 21 03:34:47 gw Pluto[18371]: packet from 80.212.101.154:500: ignoring
> Vendor ID payload
> May 21 03:34:47 gw Pluto[18371]: "roadwarrior" 80.212.101.154 #5: responding
> to Main Mode from unknown peer 80.212.101.154
> May 21 03:34:47 gw Pluto[18371]: "roadwarrior" 80.212.101.154 #5: encrypted
> Informational Exchange message is invalid because it is for incomplete ISAKMP
> SA
> May 21 03:35:57 gw Pluto[18371]: "roadwarrior" 80.212.101.154 #5: max number
> of retransmissions (2) reached STATE_MAIN_R2
> May 21 03:35:57 gw Pluto[18371]: "roadwarrior" 80.212.101.154: deleting
> connection "roadwarrior" instance with peer 80.212.101.154
> May 21 03:36:25 gw Pluto[18371]: packet from 80.212.101.154:500: Informational
> Exchange is for an unknown (expired?) SA
>
>
>
>
>
>
-- ====================================================================== Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/ CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56 ===============================================================[ZHW]==_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:05 CEST