[Users] Help: Trying to get Win2K <==> Freeswan X.509

From: Alistair Nelson (alistair.nelson_at_eb2b.com.au)
Date: Fri Aug 23 2002 - 08:38:31 CEST

• Next message: Whit Blauvelt: "Re: [Users] ip route command"
• Previous message: Pavel Rastopshin: "[Users] Simple question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

Again I am still stuck trying to get Nate Carlson's instructions
working.
I still can't get it working when the client is on the same subnet as
the gateway!

The client always responds with "Negotiating IP Security".

Would REALLY appreciate any help... I am learning a lot but still am a
bit of a newbie!

Attached is the output when

1) /var/log/secure ipsec is started on the gateway
2) /var/log/secure gateway is pinged by client
3) ipsec is started on Win2K client
4) oakley.log ipsec is started on Win2K client
5) oakley.log gateway is pinged by client

Thanks SO much for any help!

Kind regards,

Alistair.

====Freeswan started on gateway
Aug 23 16:19:25 vpn ipsec__plutorun: Starting Pluto subsystem...
Aug 23 16:19:25 vpn pluto[5104]: Starting Pluto (FreeS/WAN Version
1.98b)
Aug 23 16:19:25 vpn pluto[5104]: including X.509 patch (Version
0.9.14)
Aug 23 16:19:25 vpn pluto[5104]: Changing to directory
'/etc/ipsec.d/cacerts'
Aug 23 16:19:25 vpn pluto[5104]: loaded cacert file 'RootCA.der' (1084
bytes)
Aug 23 16:19:25 vpn pluto[5104]: Changing to directory
'/etc/ipsec.d/crls'
Aug 23 16:19:25 vpn pluto[5104]: loaded crl file 'crl.pem' (654 bytes)
Aug 23 16:19:25 vpn pluto[5104]: loaded my default X.509 cert file
'/etc/x509cert.der' (1128 bytes)
Aug 23 16:19:26 vpn pluto[5104]: loaded host cert file
'/etc/ipsec.d/vpn.key' (1751 bytes)
Aug 23 16:19:26 vpn pluto[5104]: no passphrase available
Aug 23 16:19:26 vpn pluto[5104]: added connection description
"roadwarrior"
Aug 23 16:19:26 vpn pluto[5104]: loaded host cert file
'/etc/ipsec.d/vpn.key' (1751 bytes)
Aug 23 16:19:26 vpn pluto[5104]: no passphrase available
Aug 23 16:19:26 vpn pluto[5104]: added connection description
"roadwarrior-net"
Aug 23 16:19:26 vpn pluto[5104]: listening for IKE messages
Aug 23 16:19:26 vpn pluto[5104]: adding interface ipsec0/eth0
192.168.1.16
Aug 23 16:19:26 vpn pluto[5104]: loading secrets from
"/etc/ipsec.secrets"
Aug 23 16:19:26 vpn pluto[5104]: loaded private key file
'/etc/ipsec.d/private/vpn.key' (1751 bytes)

===Gateway is pinged by client
Aug 23 16:21:01 vpn pluto[5104]: packet from 192.168.1.150:500: ignoring
Vendor ID payload
Aug 23 16:21:01 vpn pluto[5104]: "roadwarrior"[1] 192.168.1.150 #1:
responding to Main Mode from unknown peer 192.168.1.150
Aug 23 16:21:02 vpn pluto[5104]: "roadwarrior"[1] 192.168.1.150 #1: Peer
ID is ID_DER_ASN1_DN: 'C=AU, ST=Victoria, L=Burwood, O=eB2Bcom,
CN=Alistair Nelson, E=alistair.nelson_at_eb2b.com.au'
Aug 23 16:21:02 vpn pluto[5104]: "roadwarrior"[1] 192.168.1.150 #1:
multiple ipsec.secrets entries with distinct secrets match endpoints:
first secret used
Aug 23 16:21:02 vpn pluto[5104]: "roadwarrior"[1] 192.168.1.150 #1:
multiple ipsec.secrets entries with distinct secrets match endpoints:
first secret used
Aug 23 16:21:02 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #1:
deleting connection "roadwarrior" instance with peer 192.168.1.150
Aug 23 16:21:02 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #1:
multiple ipsec.secrets entries with distinct secrets match endpoints:
first secret used
Aug 23 16:21:02 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #1:
sent MR3, ISAKMP SA established
Aug 23 16:21:02 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #1:
ignoring informational payload, type AUTHENTICATION_FAILED
Aug 23 16:21:02 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #1:
received and ignored informational message
Aug 23 16:23:11 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #1:
ignoring Delete SA payload
Aug 23 16:23:11 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #1:
received and ignored informational message
Aug 23 16:25:13 vpn pluto[5104]: packet from 192.168.1.150:500: ignoring
Vendor ID payload
Aug 23 16:25:13 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #2:
responding to Main Mode from unknown peer 192.168.1.150
Aug 23 16:25:13 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #2:
Peer ID is ID_DER_ASN1_DN: 'C=AU, ST=Victoria, L=Burwood, O=eB2Bcom,
CN=Alistair Nelson, E=alistair.nelson_at_eb2b.com.au'
Aug 23 16:25:13 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #2:
multiple ipsec.secrets entries with distinct secrets match endpoints:
first secret used
Aug 23 16:25:13 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #2:
sent MR3, ISAKMP SA established
Aug 23 16:25:13 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #2:
ignoring informational payload, type AUTHENTICATION_FAILED
Aug 23 16:25:13 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #2:
received and ignored informational message
Aug 23 16:26:56 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #2:
ignoring Delete SA payload
Aug 23 16:26:56 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #2:
received and ignored informational message
Aug 23 16:28:53 vpn pluto[5104]: packet from 192.168.1.150:500: ignoring
Vendor ID payload
Aug 23 16:28:53 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #3:
responding to Main Mode from unknown peer 192.168.1.150
Aug 23 16:28:53 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #3:
Peer ID is ID_DER_ASN1_DN: 'C=AU, ST=Victoria, L=Burwood, O=eB2Bcom,
CN=Alistair Nelson, E=alistair.nelson_at_eb2b.com.au'
Aug 23 16:28:54 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #3:
multiple ipsec.secrets entries with distinct secrets match endpoints:
first secret used
Aug 23 16:28:54 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #3:
sent MR3, ISAKMP SA established
Aug 23 16:28:54 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #3:
ignoring informational payload, type AUTHENTICATION_FAILED
Aug 23 16:28:54 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #3:
received and ignored informational message
Aug 23 16:30:41 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #3:
ignoring Delete SA payload
Aug 23 16:30:41 vpn pluto[5104]: "roadwarrior-net"[1] 192.168.1.150 #3:
received and ignored informational message

===CLIENT kick off connection with vpn.bootis.de tool====
C:\ipsec>ipsec
IPSec Version 2.1.4 (c) 2001,2002 Marcus Mueller
Getting running Config ...
Microsoft's Windows 2000 identified
Host name is: nelson
No RAS connections found.
LAN IP address: 192.168.1.150
Setting up IPSec ...

        Deactivating old policy...
        Removing old policy...

Connection roadwarrior:
        MyTunnel : 192.168.1.150
        MyNet : 192.168.1.150/255.255.255.255
        PartnerTunnel: 192.168.1.16
        PartnerNet : 192.168.1.16/255.255.255.255
        CA (ID) :
C=AU,S=Victoria,L=Burwood,O=eB2Bcom,CN=CA,Email=su...
        PFS : y
        Auto : start
        Auth.Mode : MD5
        Rekeying : 3600S/50000K
        Activating policy...

Connection roadwarrior-net:
        MyTunnel : 192.168.1.150
        MyNet : 192.168.1.150/255.255.255.255
        PartnerTunnel: 192.168.1.16
        PartnerNet : 192.168.0.0/255.255.254.0
        CA (ID) :
C=AU,S=Victoria,L=Burwood,O=eB2Bcom,CN=CA,Email=su...
        PFS : y
        Auto : start
        Auth.Mode : MD5
        Rekeying : 3600S/50000K
        Activating policy...

==START IPSEC W2K CLIENT OAKLEY.LOG====================
 8-23: 16:22:02:304 flush(isakmp): a796491d-cadb-495b-b505aee1612537e4
 8-23: 16:22:02:304 Oakley group 2 from UI
 8-23: 16:22:02:304 Isakmp policy (4 total):
c731e056-0d52-4a6d-ab0ac4e31632837d PFS=1
 8-23: 16:22:02:304 #0: C.Id = 3, H.ID= 2, A.ID = 0, Group = 2 LT=28800
QMs=0
 8-23: 16:22:02:304 #1: C.Id = 3, H.ID= 1, A.ID = 0, Group = 2 LT=28800
QMs=0
 8-23: 16:22:02:304 #2: C.Id = 1, H.ID= 2, A.ID = 0, Group = 1 LT=28800
QMs=0
 8-23: 16:22:02:304 #3: C.Id = 1, H.ID= 1, A.ID = 0, Group = 1 LT=28800
QMs=0
 8-23: 16:22:02:304 flush guid(isakmp):
c731e056-0d52-4a6d-ab0ac4e31632837d
 8-23: 16:22:02:304 isadb_schedule_kill_oldPolicy_sas:
c731e056-0d52-4a6d-ab0ac4e31632837d 1
 8-23: 16:22:02:13c entered kill_old_policy_sas
 8-23: 16:22:02:13c Waiting for TimerHandle
 8-23: 16:22:02:304 Added Timeout d6c60
 8-23: 16:22:02:304 Adding policy guid(ipsec):
aed474e2-d4a4-42b6-b799afa04de32823
 8-23: 16:22:02:304 Authentication Method[0] from UI 5
 8-23: 16:22:02:304 Auth[0]: 5 Authinfosize: 0
 8-23: 16:22:02:304 Flags from UI 0
 8-23: 16:22:02:304 Ipsec policy (6 total):
aed474e2-d4a4-42b6-b799afa04de32823 PFS=16252892
 8-23: 16:22:02:304 #0: Encrypt C.Id = 3, C.KeyLen = 64, I.ID = 2,
 8-23: 16:22:02:304 #1: Encrypt C.Id = 3, C.KeyLen = 64, I.ID = 1,
 8-23: 16:22:02:304 #2: Encrypt C.Id = 1, C.KeyLen = 64, I.ID = 2,
 8-23: 16:22:02:304 #3: Encrypt C.Id = 1, C.KeyLen = 64, I.ID = 1,
 8-23: 16:22:02:304 #4: Auth C.Id = 2, C.KeyLen = 64, I.ID = 0,
 8-23: 16:22:02:304 #5: Auth C.Id = 1, C.KeyLen = 64, I.ID = 0,
 8-23: 16:22:02:304 flush guid(ipsec):
aed474e2-d4a4-42b6-b799afa04de32823
 8-23: 16:22:02:304 Adding policy guid(ipsec):
270957c2-9fcd-4e9a-84805e870c699271
 8-23: 16:22:02:304 Authentication Method[0] from UI 3
 8-23: 16:22:02:304 Auth[0]: 3 Authinfosize: 119
 8-23: 16:22:02:304 Flags from UI 2
 8-23: 16:22:02:304 Ipsec policy (1 total):
270957c2-9fcd-4e9a-84805e870c699271 PFS=16252892
 8-23: 16:22:02:304 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
 8-23: 16:22:02:304 flush guid(ipsec):
270957c2-9fcd-4e9a-84805e870c699271
 8-23: 16:22:02:304 Adding policy guid(ipsec):
3886a614-73b0-491a-a3bebec666393e15
 8-23: 16:22:02:304 Authentication Method[0] from UI 3
 8-23: 16:22:02:304 Auth[0]: 3 Authinfosize: 119
 8-23: 16:22:02:304 Flags from UI 2
 8-23: 16:22:02:304 Ipsec policy (1 total):
3886a614-73b0-491a-a3bebec666393e15 PFS=16252892
 8-23: 16:22:02:304 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
 8-23: 16:22:02:304 flush guid(ipsec):
3886a614-73b0-491a-a3bebec666393e15
 8-23: 16:22:03:304 flush guid(ipsec):
aed474e2-d4a4-42b6-b799afa04de32823
 8-23: 16:22:03:304 Actually flushing guid(ipsec):
aed474e2-d4a4-42b6-b799afa04de32823
 8-23: 16:22:03:304 isadb_schedule_kill_oldPolicy_sas:
aed474e2-d4a4-42b6-b799afa04de32823 0
 8-23: 16:22:03:304 Added Timeout d6c60
 8-23: 16:22:03:13c entered kill_old_policy_sas
 8-23: 16:22:03:304 flush guid(ipsec):
270957c2-9fcd-4e9a-84805e870c699271
 8-23: 16:22:03:304 Actually flushing guid(ipsec):
270957c2-9fcd-4e9a-84805e870c699271
 8-23: 16:22:03:304 isadb_schedule_kill_oldPolicy_sas:
270957c2-9fcd-4e9a-84805e870c699271 0
 8-23: 16:22:03:304 Added Timeout d6c60
 8-23: 16:22:03:304 flush guid(ipsec):
3886a614-73b0-491a-a3bebec666393e15
 8-23: 16:22:03:304 Actually flushing guid(ipsec):
3886a614-73b0-491a-a3bebec666393e15
 8-23: 16:22:03:304 isadb_schedule_kill_oldPolicy_sas:
3886a614-73b0-491a-a3bebec666393e15 0
 8-23: 16:22:03:304 Added Timeout d18b0
 8-23: 16:22:03:304 flush(isakmp): c731e056-0d52-4a6d-ab0ac4e31632837d
 8-23: 16:22:03:304 Oakley group 2 from UI
 8-23: 16:22:03:304 Isakmp policy (4 total):
ce737f5e-b46e-49ff-af49276434e627dd PFS=1
 8-23: 16:22:03:304 #0: C.Id = 3, H.ID= 2, A.ID = 0, Group = 2 LT=28800
QMs=0
 8-23: 16:22:03:304 #1: C.Id = 3, H.ID= 1, A.ID = 0, Group = 2 LT=28800
QMs=0
 8-23: 16:22:03:304 #2: C.Id = 1, H.ID= 2, A.ID = 0, Group = 1 LT=28800
QMs=0
 8-23: 16:22:03:304 #3: C.Id = 1, H.ID= 1, A.ID = 0, Group = 1 LT=28800
QMs=0
 8-23: 16:22:03:304 flush guid(isakmp):
ce737f5e-b46e-49ff-af49276434e627dd
 8-23: 16:22:03:304 isadb_schedule_kill_oldPolicy_sas:
ce737f5e-b46e-49ff-af49276434e627dd 1
 8-23: 16:22:03:304 Added Timeout 1271e0
 8-23: 16:22:03:304 Adding policy guid(ipsec):
aed474e2-d4a4-42b6-b799afa04de32823
 8-23: 16:22:03:304 Authentication Method[0] from UI 5
 8-23: 16:22:03:304 Auth[0]: 5 Authinfosize: 0
 8-23: 16:22:03:304 Flags from UI 0
 8-23: 16:22:03:304 Ipsec policy (6 total):
aed474e2-d4a4-42b6-b799afa04de32823 PFS=16252892
 8-23: 16:22:03:304 #0: Encrypt C.Id = 3, C.KeyLen = 64, I.ID = 2,
 8-23: 16:22:03:304 #1: Encrypt C.Id = 3, C.KeyLen = 64, I.ID = 1,
 8-23: 16:22:03:304 #2: Encrypt C.Id = 1, C.KeyLen = 64, I.ID = 2,
 8-23: 16:22:03:304 #3: Encrypt C.Id = 1, C.KeyLen = 64, I.ID = 1,
 8-23: 16:22:03:304 #4: Auth C.Id = 2, C.KeyLen = 64, I.ID = 0,
 8-23: 16:22:03:304 #5: Auth C.Id = 1, C.KeyLen = 64, I.ID = 0,
 8-23: 16:22:03:304 flush guid(ipsec):
aed474e2-d4a4-42b6-b799afa04de32823
 8-23: 16:22:03:304 Adding policy guid(ipsec):
270957c2-9fcd-4e9a-84805e870c699271
 8-23: 16:22:03:304 Authentication Method[0] from UI 3
 8-23: 16:22:03:304 Auth[0]: 3 Authinfosize: 119
 8-23: 16:22:03:304 Flags from UI 2
 8-23: 16:22:03:304 Ipsec policy (1 total):
270957c2-9fcd-4e9a-84805e870c699271 PFS=16252892
 8-23: 16:22:03:304 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
 8-23: 16:22:03:304 flush guid(ipsec):
270957c2-9fcd-4e9a-84805e870c699271
 8-23: 16:22:03:304 Adding policy guid(ipsec):
3886a614-73b0-491a-a3bebec666393e15
 8-23: 16:22:03:304 Authentication Method[0] from UI 3
 8-23: 16:22:03:304 Auth[0]: 3 Authinfosize: 119
 8-23: 16:22:03:304 Flags from UI 2
 8-23: 16:22:03:304 Ipsec policy (1 total):
3886a614-73b0-491a-a3bebec666393e15 PFS=16252892
 8-23: 16:22:03:304 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
 8-23: 16:22:03:304 flush guid(ipsec):
3886a614-73b0-491a-a3bebec666393e15
 8-23: 16:22:03:13c entered kill_old_policy_sas
 8-23: 16:22:03:158 entered kill_old_policy_sas
 8-23: 16:22:03:13c entered kill_old_policy_sas
 8-23: 16:22:03:304 Adding policy guid(ipsec):
ae881bec-0b8f-4a43-b75cffdeb1cf2a50
 8-23: 16:22:03:304 Authentication Method[0] from UI 3
 8-23: 16:22:03:304 Auth[0]: 3 Authinfosize: 119
 8-23: 16:22:03:304 Flags from UI 2
 8-23: 16:22:03:304 Ipsec policy (1 total):
ae881bec-0b8f-4a43-b75cffdeb1cf2a50 PFS=16252892
 8-23: 16:22:03:304 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
 8-23: 16:22:03:304 flush guid(ipsec):
ae881bec-0b8f-4a43-b75cffdeb1cf2a50
 8-23: 16:22:03:304 Adding policy guid(ipsec):
415206e8-512a-43a7-b1a6edc3f08f1d0b
 8-23: 16:22:03:304 Authentication Method[0] from UI 3
 8-23: 16:22:03:304 Auth[0]: 3 Authinfosize: 119
 8-23: 16:22:03:304 Flags from UI 2
 8-23: 16:22:03:304 Ipsec policy (1 total):
415206e8-512a-43a7-b1a6edc3f08f1d0b PFS=16252892
 8-23: 16:22:03:304 #0: Encrypt C.Id = 3, C.KeyLen = 0, I.ID = 1,
 8-23: 16:22:03:304 flush guid(ipsec):
415206e8-512a-43a7-b1a6edc3f08f1d0b
 8-23: 16:22:54:194 Posting acquire: op=81140C08 src=192.168.1.150.0
dst=192.168.1.10.0 proto = 0, SrcMask=255.255.255.255,
DstMask=255.255.254.0, Tunnel 1, TunnelEndpt=192.168.1.16 Inbound
TunnelEndpt=192.168.1.150
 8-23: 16:22:54:194 Acquire thread waiting
 8-23: 16:22:54:13c find(ipsec): ae881bec-0b8f-4a43-b75cffdeb1cf2a50
 8-23: 16:22:54:13c outstanding_kernel_req returned 0
 8-23: 16:22:54:13c Created new SA 23a760
 8-23: 16:22:54:13c Acquire: src = 192.168.1.150.0000, dst =
192.168.1.16.62465, proto = 00, context = 81140C08, ProxySrc =
192.168.1.150.0000, ProxyDst = 192.168.0.0.0000 SrcMask = 0.0.0.0
DstMask = 255.255.254.0
 8-23: 16:22:54:13c constructing ISAKMP Header
 8-23: 16:22:54:13c constructing SA (ISAKMP)
 8-23: 16:22:54:13c find(isakmp): ae881bec-0b8f-4a43-b75cffdeb1cf2a50
 8-23: 16:22:54:13c Setting group desc
 8-23: 16:22:54:13c Setting group desc
 8-23: 16:22:54:13c Setting group desc
 8-23: 16:22:54:13c Setting group desc
 8-23: 16:22:54:13c Constructing Vendor
 8-23: 16:22:54:13c Throw: State mask=1
 8-23: 16:22:54:13c Added Timeout 1271e0
 8-23: 16:22:54:13c Setting Retransmit: sa 23a760 handle 1271e0 context
23aed0
 8-23: 16:22:54:13c
 8-23: 16:22:54:13c Sending: SA = 0x0023A760 to 192.168.1.16
 8-23: 16:22:54:13c ISAKMP Header: (V1.0), len = 216
 8-23: 16:22:54:13c I-COOKIE feec6f51d8e77fc1
 8-23: 16:22:54:13c R-COOKIE 0000000000000000
 8-23: 16:22:54:13c exchange: Oakley Main Mode
 8-23: 16:22:54:13c flags: 0
 8-23: 16:22:54:13c next payload: SA
 8-23: 16:22:54:13c message ID: 00000000
 8-23: 16:22:54:13c
 8-23: 16:22:54:13c Resume: (get) SA = 0x0023a760 from 192.168.1.16
 8-23: 16:22:54:13c ISAKMP Header: (V1.0), len = 84
 8-23: 16:22:54:13c I-COOKIE feec6f51d8e77fc1
 8-23: 16:22:54:13c R-COOKIE 695041055a7fbce8
 8-23: 16:22:54:13c exchange: Oakley Main Mode
 8-23: 16:22:54:13c flags: 0
 8-23: 16:22:54:13c next payload: SA
 8-23: 16:22:54:13c message ID: 00000000
 8-23: 16:22:54:13c Stopping RetransTimer sa:0023A760 centry:00000000
handle:001271E0
 8-23: 16:22:54:13c processing payload SA
 8-23: 16:22:54:13c Received Phase 1 Transform 1
 8-23: 16:22:54:13c Encryption Alg Triple DES CBC(5)
 8-23: 16:22:54:13c Hash Alg SHA(2)
 8-23: 16:22:54:13c Oakley Group 2
 8-23: 16:22:54:13c Auth Method RSA Signature with Certificates(3)
 8-23: 16:22:54:13c Life type in Seconds
 8-23: 16:22:54:13c Life duration of 28800
 8-23: 16:22:54:13c Phase 1 SA accepted: transform=1
 8-23: 16:22:54:13c SA - Oakley proposal accepted
 8-23: 16:22:54:13c In state OAK_MM_SA_SETUP
 8-23: 16:22:54:13c constructing ISAKMP Header
 8-23: 16:22:54:13c constructing KE
 8-23: 16:22:54:13c constructing NONCE (ISAKMP)
 8-23: 16:22:54:13c Throw: State mask=7
 8-23: 16:22:54:13c
 8-23: 16:22:54:13c Sending: SA = 0x0023A760 to 192.168.1.16
 8-23: 16:22:54:13c ISAKMP Header: (V1.0), len = 184
 8-23: 16:22:54:13c I-COOKIE feec6f51d8e77fc1
 8-23: 16:22:54:13c R-COOKIE 695041055a7fbce8
 8-23: 16:22:54:13c exchange: Oakley Main Mode
 8-23: 16:22:54:13c flags: 0
 8-23: 16:22:54:13c next payload: KE
 8-23: 16:22:54:13c message ID: 00000000
 8-23: 16:22:54:13c
 8-23: 16:22:54:13c Resume: (get) SA = 0x0023a760 from 192.168.1.16
 8-23: 16:22:54:13c ISAKMP Header: (V1.0), len = 188
 8-23: 16:22:54:13c I-COOKIE feec6f51d8e77fc1
 8-23: 16:22:54:13c R-COOKIE 695041055a7fbce8
 8-23: 16:22:54:13c exchange: Oakley Main Mode
 8-23: 16:22:54:13c flags: 0
 8-23: 16:22:54:13c next payload: KE
 8-23: 16:22:54:13c message ID: 00000000
 8-23: 16:22:54:13c Stopping RetransTimer sa:0023A760 centry:00000000
handle:001271E0
 8-23: 16:22:54:13c processing payload KE
 8-23: 16:22:54:13c Generated 128 byte Shared Secret
 8-23: 16:22:54:13c KE processed; DH shared secret computed
 8-23: 16:22:54:13c processing payload NONCE
 8-23: 16:22:54:13c processing payload CR
 8-23: 16:22:54:13c Processing Cert request
 8-23: 16:22:54:13c In state OAK_MM_Key_EXCH
 8-23: 16:22:54:13c skeyid generated; crypto enabled (initiator)
 8-23: 16:22:54:13c constructing ISAKMP Header
 8-23: 16:22:54:13c constructing ID
 8-23: 16:22:54:13c Received no valid CRPs. Using all configured
 8-23: 16:22:54:13c Cert Trustes. 0 0
 8-23: 16:22:54:13c Key Contained Name
 8-23: 16:22:54:13c {42CA0D52-40CA-450B-AF27-D990D90749F4}
 8-23: 16:22:54:13c Found try 1
 8-23: 16:22:54:13c constructing CERT
 8-23: 16:22:54:13c constructing SIG
 8-23: 16:22:54:13c Construct SIG
 8-23: 16:22:54:13c Hash algo 2
 8-23: 16:22:54:13c Initiator ID 0900000030818a310b30090603550406
 8-23: 16:22:54:13c 130241553111300f0603550408130856
 8-23: 16:22:54:13c 6963746f7269613110300e0603550407
 8-23: 16:22:54:13c 1307427572776f6f643110300e060355
 8-23: 16:22:54:13c 040a130765423242636f6d3118301606
 8-23: 16:22:54:13c 03550403130f416c697374616972204e
 8-23: 16:22:54:13c 656c736f6e312a302806092a864886f7
 8-23: 16:22:54:13c 0d010901161b616c6973746169722e6e
 8-23: 16:22:54:13c 656c736f6e40656232622e636f6d2e61
 8-23: 16:22:54:13c 75
 8-23: 16:22:54:13c Error 80090016 during CryptSignHash1!

 8-23: 16:22:54:13c Trying KE key
 8-23: 16:22:54:13c Signature Created Successfully
 8-23: 16:22:54:13c Sig LE: a654c17dd35924f98d5495fc2c991c8b
 8-23: 16:22:54:13c 57e3639541a69826444820eaeecfd05e
 8-23: 16:22:54:13c 680efe6036c334d9756fdff68968ebaf
 8-23: 16:22:54:13c 734548fa851acdb6cb07e32c8eaa1207
 8-23: 16:22:54:13c 5ba646d82b335d7fd6e5bf1fccf05700
 8-23: 16:22:54:13c 54291818bde425a2571f439ad0b6fb40
 8-23: 16:22:54:13c fd621e722d5d406cc1953f52829cead2
 8-23: 16:22:54:13c 3f4b65d5bcf30b17c4ce3a50385db65f
 8-23: 16:22:54:13c 515722a3d898ce620269b9d2704e9c29
 8-23: 16:22:54:13c b82369c994ba618040b473cf6ba3cbbb
 8-23: 16:22:54:13c 9883940d0346cee1fb05c399d666553f
 8-23: 16:22:54:13c 008e966bf3646192a19174e085ad6d98
 8-23: 16:22:54:13c 7b125b24708608e765f630a0ba46160e
 8-23: 16:22:54:13c cca4c53ef8472773d6ebb16cf2001f8a
 8-23: 16:22:54:13c 0714199ff0793da8cedc0f57ccb14172
 8-23: 16:22:54:13c c2e242d9d5c7bfc2d5561f7d77825fcb
 8-23: 16:22:54:13c
 8-23: 16:22:54:13c SIG BE: cb5f82777d1f56d5c2bfc7d5d942e2c2
 8-23: 16:22:54:13c 7241b1cc570fdccea83d79f09f191407
 8-23: 16:22:54:13c 8a1f00f26cb1ebd6732747f83ec5a4cc
 8-23: 16:22:54:13c 0e1646baa030f665e7088670245b127b
 8-23: 16:22:54:13c 986dad85e07491a1926164f36b968e00
 8-23: 16:22:54:13c 3f5566d699c305fbe1ce46030d948398
 8-23: 16:22:54:13c bbcba36bcf73b4408061ba94c96923b8
 8-23: 16:22:54:13c 299c4e70d2b9690262ce98d8a3225751
 8-23: 16:22:54:13c 5fb65d38503acec4170bf3bcd5654b3f
 8-23: 16:22:54:13c d2ea9c82523f95c16c405d2d721e62fd
 8-23: 16:22:54:13c 40fbb6d09a431f57a225e4bd18182954
 8-23: 16:22:54:13c 0057f0cc1fbfe5d67f5d332bd846a65b
 8-23: 16:22:54:13c 0712aa8e2ce307cbb6cd1a85fa484573
 8-23: 16:22:54:13c afeb6889f6df6f75d934c33660fe0e68
 8-23: 16:22:54:13c 5ed0cfeeea2048442698a6419563e357
 8-23: 16:22:54:13c 8b1c992cfc95548df92459d37dc154a6
 8-23: 16:22:54:13c
 8-23: 16:22:54:13c AuthCount 1
 8-23: 16:22:54:13c Constructing Cert Request
 8-23: 16:22:54:13c Setting CertReq type
 8-23: 16:22:54:13c Throw: State mask=111f
 8-23: 16:22:54:13c Doing tripleDES
 8-23: 16:22:54:13c
 8-23: 16:22:54:13c Sending: SA = 0x0023A760 to 192.168.1.16
 8-23: 16:22:54:13c ISAKMP Header: (V1.0), len = 1716
 8-23: 16:22:54:13c I-COOKIE feec6f51d8e77fc1
 8-23: 16:22:54:13c R-COOKIE 695041055a7fbce8
 8-23: 16:22:54:13c exchange: Oakley Main Mode
 8-23: 16:22:54:13c flags: 1 ( encrypted )
 8-23: 16:22:54:13c next payload: ID
 8-23: 16:22:54:13c message ID: 00000000
 8-23: 16:22:55:13c
 8-23: 16:22:55:13c Resume: (get) SA = 0x0023a760 from 192.168.1.16
 8-23: 16:22:55:13c ISAKMP Header: (V1.0), len = 1452
 8-23: 16:22:55:13c I-COOKIE feec6f51d8e77fc1
 8-23: 16:22:55:13c R-COOKIE 695041055a7fbce8
 8-23: 16:22:55:13c exchange: Oakley Main Mode
 8-23: 16:22:55:13c flags: 1 ( encrypted )
 8-23: 16:22:55:13c next payload: ID
 8-23: 16:22:55:13c message ID: 00000000
 8-23: 16:22:55:13c Doing tripleDES
 8-23: 16:22:55:13c Stopping RetransTimer sa:0023A760 centry:00000000
handle:001271E0
 8-23: 16:22:55:13c processing payload ID
 8-23: 16:22:55:13c Process Id
 8-23: 16:22:55:13c processing payload CERT
 8-23: 16:22:55:13c Processing Cert
 8-23: 16:22:55:13c ProcessingCert
 8-23: 16:22:55:13c processing payload SIG
 8-23: 16:22:55:13c Process SIG
 8-23: 16:22:55:13c Verifying CertStore
 8-23: 16:22:55:13c Cert Trustes. 0 0
 8-23: 16:22:55:13c CertFindExtenstion failed with 0

 8-23: 16:22:55:13c Cert Trustes. 0 0
 8-23: 16:22:55:13c CertFindExtenstion failed with 0

 8-23: 16:22:55:13c Cert lifetime in seconds low 314993058, high 0
 8-23: 16:22:55:13c Responder ID 01000000c0a80110
 8-23: 16:22:55:13c Sig to Verify 9040a0925020e21c5ab2082b1546315d
 8-23: 16:22:55:13c fc35c5a0983193f203505752185d4f54
 8-23: 16:22:55:13c 771e44bcd325e909a20fd41c094f52f6
 8-23: 16:22:55:13c 6fbfffa73a271d12c2246fe4bc61b4dd
 8-23: 16:22:55:13c 408cbcfe868ed22363dd8776b828c32b
 8-23: 16:22:55:13c c4d9e49d038c15650c82029fd716d5fb
 8-23: 16:22:55:13c 831fd8e2e350101d26bb97921f6daea2
 8-23: 16:22:55:13c 378beff3bc5864888e42f64ddce627f0
 8-23: 16:22:55:13c 2e7ad1181af858dd44e70f3b45bc915e
 8-23: 16:22:55:13c e407513c9b7a0a531ae6b17585fda3fc
 8-23: 16:22:55:13c 42c6abd73f3f0fd29b7ca65b1079c205
 8-23: 16:22:55:13c 525f2c26a3468002c96a1d007437f240
 8-23: 16:22:55:13c 04fbac95f7d4024e9e5983ee690a6b32
 8-23: 16:22:55:13c 71b68e6b1e7b386f8e38f730f33361d4
 8-23: 16:22:55:13c 8ca3e93905c17b88dc9c95830d71e034
 8-23: 16:22:55:13c a72e45e41ab872790cdb84aa5afd4c65
 8-23: 16:22:55:13c a32fc836c5e9cc092fd7bf4de062f31c
 8-23: 16:22:55:13c a949
 8-23: 16:22:55:13c Error 80090006 during CryptVerifySignature!

 8-23: 16:22:55:13c Certificate based Identity. Subject AU, Victoria,
Burwood, eB2Bcom, vpn, support_at_eb2b.com.au Issuing Certificate Authority
AU, Victoria, Burwood, eB2Bcom, CA, support_at_eb2b.com.au Root Certificate
Authority AU, Victoria, Burwood, eB2Bcom, CA, support_at_eb2b.com.au Peer
IP Address: 192.168.1.16
 8-23: 16:22:55:13c Source IP Address 192.168.1.150 Source IP Address
Mask 255.255.255.255 Destination IP Address 192.168.1.16 Destination IP
Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0

 8-23: 16:22:55:13c constructing ISAKMP Header
 8-23: 16:22:55:13c constructing HASH (null)
 8-23: 16:22:55:13c constructing NOTIFY 24
 8-23: 16:22:55:13c constructing HASH (ND)
 8-23: 16:22:55:13c Construct ND hash message len = 28 pcklen=80
hashlen=20
 8-23: 16:22:55:13c Construct ND Hash mess ID a8a02aad
 8-23: 16:22:55:13c ND Hash skeyid_a 0edb57bcad1b0b069d24fa8c75b51888
 8-23: 16:22:55:13c 3076dd3f
 8-23: 16:22:55:13c ND Hash message 0000001c0000000101100018feec6f51
 8-23: 16:22:55:13c d8e77fc1695041055a7fbce8
 8-23: 16:22:55:13c isadb_set_status sa:0023A760 centry:00000000 status
cbad033a
 8-23: 16:22:55:13c Key Exchange Mode (Main Mode)
 8-23: 16:22:55:13c Source IP Address 192.168.1.150 Source IP Address
Mask 255.255.255.255 Destination IP Address 192.168.1.16 Destination IP
Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0

 8-23: 16:22:55:13c Me
 8-23: 16:22:55:13c Failed to verify signature
 8-23: 16:22:55:13c ProcessFailure: sa:0023A760 centry:00000000
status:cbad033a
 8-23: 16:22:55:13c Notify already constructed. Ignoring. Sa 0023A760
 8-23: 16:22:55:13c Throw: State mask=200111f
 8-23: 16:22:55:13c Doing tripleDES
 8-23: 16:22:55:13c
 8-23: 16:22:55:13c Sending: SA = 0x0023A760 to 192.168.1.16
 8-23: 16:22:55:13c ISAKMP Header: (V1.0), len = 84
 8-23: 16:22:55:13c I-COOKIE feec6f51d8e77fc1
 8-23: 16:22:55:13c R-COOKIE 695041055a7fbce8
 8-23: 16:22:55:13c exchange: ISAKMP Informational Exchange
 8-23: 16:22:55:13c flags: 1 ( encrypted )
 8-23: 16:22:55:13c next payload: HASH
 8-23: 16:22:55:13c message ID: a8a02aad
 8-23: 16:25:04:13c SA Dead. sa:0023A760 status:cbad0328
 8-23: 16:25:04:13c constructing ISAKMP Header
 8-23: 16:25:04:13c constructing HASH (null)
 8-23: 16:25:04:13c constructing DELETE
 8-23: 16:25:04:13c constructing HASH (ND)
 8-23: 16:25:04:13c Construct ND hash message len = 28 pcklen=80
hashlen=20
 8-23: 16:25:04:13c Construct ND Hash mess ID 81c23df4
 8-23: 16:25:04:13c ND Hash skeyid_a 0edb57bcad1b0b069d24fa8c75b51888
 8-23: 16:25:04:13c 3076dd3f
 8-23: 16:25:04:13c ND Hash message 0000001c0000000101100001feec6f51
 8-23: 16:25:04:13c d8e77fc1695041055a7fbce8
 8-23: 16:25:04:13c Throw: State mask=111f
 8-23: 16:25:04:13c Doing tripleDES
 8-23: 16:25:04:13c
 8-23: 16:25:04:13c Sending: SA = 0x0023A760 to 192.168.1.16
 8-23: 16:25:04:13c ISAKMP Header: (V1.0), len = 84
 8-23: 16:25:04:13c I-COOKIE feec6f51d8e77fc1
 8-23: 16:25:04:13c R-COOKIE 695041055a7fbce8
 8-23: 16:25:04:13c exchange: ISAKMP Informational Exchange
 8-23: 16:25:04:13c flags: 1 ( encrypted )
 8-23: 16:25:04:13c next payload: HASH
 8-23: 16:25:04:13c message ID: 81c23df4
 8-23: 16:25:04:13c Deleting SA 0023A760
 8-23: 16:25:04:13c Cancelling Timeout 1271e0

===PING FREESWAN GATEWAY FROM CLIENT OAKLEY.LOG============
 8-23: 16:27:05:194 Posting acquire: op=812586C8 src=192.168.1.150.0
dst=192.168.1.16.0 proto = 0, SrcMask=255.255.255.255,
DstMask=255.255.255.255, Tunnel 1, TunnelEndpt=192.168.1.16 Inbound
TunnelEndpt=192.168.1.150
 8-23: 16:27:05:194 Acquire thread waiting
 8-23: 16:27:05:13c find(ipsec): 270957c2-9fcd-4e9a-84805e870c699271
 8-23: 16:27:05:13c outstanding_kernel_req returned 0
 8-23: 16:27:05:13c Created new SA 23a760
 8-23: 16:27:05:13c Acquire: src = 192.168.1.150.0000, dst =
192.168.1.16.62465, proto = 00, context = 812586C8, ProxySrc =
192.168.1.150.0000, ProxyDst = 192.168.1.16.0000 SrcMask = 0.0.0.0
DstMask = 0.0.0.0
 8-23: 16:27:05:13c constructing ISAKMP Header
 8-23: 16:27:05:13c constructing SA (ISAKMP)
 8-23: 16:27:05:13c find(isakmp): 270957c2-9fcd-4e9a-84805e870c699271
 8-23: 16:27:05:13c Setting group desc
 8-23: 16:27:05:13c Setting group desc
 8-23: 16:27:05:13c Setting group desc
 8-23: 16:27:05:13c Setting group desc
 8-23: 16:27:05:13c Constructing Vendor
 8-23: 16:27:05:13c Throw: State mask=1
 8-23: 16:27:05:13c Added Timeout 1271e0
 8-23: 16:27:05:13c Setting Retransmit: sa 23a760 handle 1271e0 context
23aed0
 8-23: 16:27:05:13c
 8-23: 16:27:05:13c Sending: SA = 0x0023A760 to 192.168.1.16
 8-23: 16:27:05:13c ISAKMP Header: (V1.0), len = 216
 8-23: 16:27:05:13c I-COOKIE b1857150f7fdc407
 8-23: 16:27:05:13c R-COOKIE 0000000000000000
 8-23: 16:27:05:13c exchange: Oakley Main Mode
 8-23: 16:27:05:13c flags: 0
 8-23: 16:27:05:13c next payload: SA
 8-23: 16:27:05:13c message ID: 00000000
 8-23: 16:27:06:13c
 8-23: 16:27:06:13c Resume: (get) SA = 0x0023a760 from 192.168.1.16
 8-23: 16:27:06:13c ISAKMP Header: (V1.0), len = 84
 8-23: 16:27:06:13c I-COOKIE b1857150f7fdc407
 8-23: 16:27:06:13c R-COOKIE d9e2b432c143636d
 8-23: 16:27:06:13c exchange: Oakley Main Mode
 8-23: 16:27:06:13c flags: 0
 8-23: 16:27:06:13c next payload: SA
 8-23: 16:27:06:13c message ID: 00000000
 8-23: 16:27:06:13c Stopping RetransTimer sa:0023A760 centry:00000000
handle:001271E0
 8-23: 16:27:06:13c processing payload SA
 8-23: 16:27:06:13c Received Phase 1 Transform 1
 8-23: 16:27:06:13c Encryption Alg Triple DES CBC(5)
 8-23: 16:27:06:13c Hash Alg SHA(2)
 8-23: 16:27:06:13c Oakley Group 2
 8-23: 16:27:06:13c Auth Method RSA Signature with Certificates(3)
 8-23: 16:27:06:13c Life type in Seconds
 8-23: 16:27:06:13c Life duration of 28800
 8-23: 16:27:06:13c Phase 1 SA accepted: transform=1
 8-23: 16:27:06:13c SA - Oakley proposal accepted
 8-23: 16:27:06:13c In state OAK_MM_SA_SETUP
 8-23: 16:27:06:13c constructing ISAKMP Header
 8-23: 16:27:06:13c constructing KE
 8-23: 16:27:06:13c constructing NONCE (ISAKMP)
 8-23: 16:27:06:13c Throw: State mask=7
 8-23: 16:27:06:13c
 8-23: 16:27:06:13c Sending: SA = 0x0023A760 to 192.168.1.16
 8-23: 16:27:06:13c ISAKMP Header: (V1.0), len = 184
 8-23: 16:27:06:13c I-COOKIE b1857150f7fdc407
 8-23: 16:27:06:13c R-COOKIE d9e2b432c143636d
 8-23: 16:27:06:13c exchange: Oakley Main Mode
 8-23: 16:27:06:13c flags: 0
 8-23: 16:27:06:13c next payload: KE
 8-23: 16:27:06:13c message ID: 00000000
 8-23: 16:27:06:13c
 8-23: 16:27:06:13c Resume: (get) SA = 0x0023a760 from 192.168.1.16
 8-23: 16:27:06:13c ISAKMP Header: (V1.0), len = 188
 8-23: 16:27:06:13c I-COOKIE b1857150f7fdc407
 8-23: 16:27:06:13c R-COOKIE d9e2b432c143636d
 8-23: 16:27:06:13c exchange: Oakley Main Mode
 8-23: 16:27:06:13c flags: 0
 8-23: 16:27:06:13c next payload: KE
 8-23: 16:27:06:13c message ID: 00000000
 8-23: 16:27:06:13c Stopping RetransTimer sa:0023A760 centry:00000000
handle:001271E0
 8-23: 16:27:06:13c processing payload KE
 8-23: 16:27:06:13c Generated 128 byte Shared Secret
 8-23: 16:27:06:13c KE processed; DH shared secret computed
 8-23: 16:27:06:13c processing payload NONCE
 8-23: 16:27:06:13c processing payload CR
 8-23: 16:27:06:13c Processing Cert request
 8-23: 16:27:06:13c In state OAK_MM_Key_EXCH
 8-23: 16:27:06:13c skeyid generated; crypto enabled (initiator)
 8-23: 16:27:06:13c constructing ISAKMP Header
 8-23: 16:27:06:13c constructing ID
 8-23: 16:27:06:13c Received no valid CRPs. Using all configured
 8-23: 16:27:06:13c Cert Trustes. 0 0
 8-23: 16:27:06:13c Key Contained Name
 8-23: 16:27:06:13c {42CA0D52-40CA-450B-AF27-D990D90749F4}
 8-23: 16:27:06:13c Found try 1
 8-23: 16:27:06:13c constructing CERT
 8-23: 16:27:06:13c constructing SIG
 8-23: 16:27:06:13c Construct SIG
 8-23: 16:27:06:13c Hash algo 2
 8-23: 16:27:06:13c Initiator ID 0900000030818a310b30090603550406
 8-23: 16:27:06:13c 130241553111300f0603550408130856
 8-23: 16:27:06:13c 6963746f7269613110300e0603550407
 8-23: 16:27:06:13c 1307427572776f6f643110300e060355
 8-23: 16:27:06:13c 040a130765423242636f6d3118301606
 8-23: 16:27:06:13c 03550403130f416c697374616972204e
 8-23: 16:27:06:13c 656c736f6e312a302806092a864886f7
 8-23: 16:27:06:13c 0d010901161b616c6973746169722e6e
 8-23: 16:27:06:13c 656c736f6e40656232622e636f6d2e61
 8-23: 16:27:06:13c 75
 8-23: 16:27:06:13c Error 80090016 during CryptSignHash1!

 8-23: 16:27:06:13c Trying KE key
 8-23: 16:27:06:13c Signature Created Successfully
 8-23: 16:27:06:13c Sig LE: 5209d1cb5d8cf0449cfc8d805b0a31fb
 8-23: 16:27:06:13c b8c5d7a7e1aa41a4c12cfbfa32f33076
 8-23: 16:27:06:13c 403e0cca556d12f9615c45b328e0c934
 8-23: 16:27:06:13c 9d27afc6f1738985ca29aa1875619739
 8-23: 16:27:06:13c 0751e72fdb1e6b18fb889c77e48dcdb3
 8-23: 16:27:06:13c beb469fd2e3f2d33ef9f585e72a4817a
 8-23: 16:27:06:13c c24ce4e737add73c544a19efe8ddf0d2
 8-23: 16:27:06:13c c22291bd3dd0a56381b418d5e84397d5
 8-23: 16:27:06:13c f65c50513018a6d63b3bf06a8724216a
 8-23: 16:27:06:13c 79ca7c86b35048e0c57ecb7c6080554f
 8-23: 16:27:06:13c 99dae740b53be51f772ebe32994e37a7
 8-23: 16:27:06:13c f8829a7858657ccc86ad4f3541131521
 8-23: 16:27:06:13c a79d6254594d9e0ecf589a497c1f474a
 8-23: 16:27:06:13c cfb73f79179e9e27a73dc36a44391acc
 8-23: 16:27:06:13c d83b8b9c692de00d043553168fb67ac8
 8-23: 16:27:06:13c fcd142ac5cdebf1e8574eeecce8bd0b3
 8-23: 16:27:06:13c
 8-23: 16:27:06:13c SIG BE: b3d08bceecee74851ebfde5cac42d1fc
 8-23: 16:27:06:13c c87ab68f165335040de02d699c8b3bd8
 8-23: 16:27:06:13c cc1a39446ac33da7279e9e17793fb7cf
 8-23: 16:27:06:13c 4a471f7c499a58cf0e9e4d5954629da7
 8-23: 16:27:06:13c 21151341354fad86cc7c6558789a82f8
 8-23: 16:27:06:13c a7374e9932be2e771fe53bb540e7da99
 8-23: 16:27:06:13c 4f5580607ccb7ec5e04850b3867cca79
 8-23: 16:27:06:13c 6a2124876af03b3bd6a6183051505cf6
 8-23: 16:27:06:13c d59743e8d518b48163a5d03dbd9122c2
 8-23: 16:27:06:13c d2f0dde8ef194a543cd7ad37e7e44cc2
 8-23: 16:27:06:13c 7a81a4725e589fef332d3f2efd69b4be
 8-23: 16:27:06:13c b3cd8de4779c88fb186b1edb2fe75107
 8-23: 16:27:06:13c 3997617518aa29ca858973f1c6af279d
 8-23: 16:27:06:13c 34c9e028b3455c61f9126d55ca0c3e40
 8-23: 16:27:06:13c 7630f332fafb2cc1a441aae1a7d7c5b8
 8-23: 16:27:06:13c fb310a5b808dfc9c44f08c5dcbd10952
 8-23: 16:27:06:13c
 8-23: 16:27:06:13c AuthCount 1
 8-23: 16:27:06:13c Constructing Cert Request
 8-23: 16:27:06:13c Setting CertReq type
 8-23: 16:27:06:13c Throw: State mask=111f
 8-23: 16:27:06:13c Doing tripleDES
 8-23: 16:27:06:13c
 8-23: 16:27:06:13c Sending: SA = 0x0023A760 to 192.168.1.16
 8-23: 16:27:06:13c ISAKMP Header: (V1.0), len = 1716
 8-23: 16:27:06:13c I-COOKIE b1857150f7fdc407
 8-23: 16:27:06:13c R-COOKIE d9e2b432c143636d
 8-23: 16:27:06:13c exchange: Oakley Main Mode
 8-23: 16:27:06:13c flags: 1 ( encrypted )
 8-23: 16:27:06:13c next payload: ID
 8-23: 16:27:06:13c message ID: 00000000
 8-23: 16:27:06:13c
 8-23: 16:27:06:13c Resume: (get) SA = 0x0023a760 from 192.168.1.16
 8-23: 16:27:06:13c ISAKMP Header: (V1.0), len = 1452
 8-23: 16:27:06:13c I-COOKIE b1857150f7fdc407
 8-23: 16:27:06:13c R-COOKIE d9e2b432c143636d
 8-23: 16:27:06:13c exchange: Oakley Main Mode
 8-23: 16:27:06:13c flags: 1 ( encrypted )
 8-23: 16:27:06:13c next payload: ID
 8-23: 16:27:06:13c message ID: 00000000
 8-23: 16:27:06:13c Doing tripleDES
 8-23: 16:27:06:13c Stopping RetransTimer sa:0023A760 centry:00000000
handle:001271E0
 8-23: 16:27:06:13c processing payload ID
 8-23: 16:27:06:13c Process Id
 8-23: 16:27:06:13c processing payload CERT
 8-23: 16:27:06:13c Processing Cert
 8-23: 16:27:06:13c ProcessingCert
 8-23: 16:27:06:13c processing payload SIG
 8-23: 16:27:06:13c Process SIG
 8-23: 16:27:06:13c Verifying CertStore
 8-23: 16:27:06:13c Cert Trustes. 0 0
 8-23: 16:27:06:13c CertFindExtenstion failed with 0

 8-23: 16:27:06:13c Cert Trustes. 0 0
 8-23: 16:27:06:13c CertFindExtenstion failed with 0

 8-23: 16:27:06:13c Cert lifetime in seconds low 314992807, high 0
 8-23: 16:27:06:13c Responder ID 01000000c0a80110
 8-23: 16:27:06:13c Sig to Verify 26bdedaf5fdf45879bc910a948ef0ecf
 8-23: 16:27:06:13c defe632e26d0d67bb9f0598747243507
 8-23: 16:27:06:13c 717b6ad9ae1fc538bb5bef5ac95249a2
 8-23: 16:27:06:13c 03fab50616c345829eeb1196f4606c9c
 8-23: 16:27:06:13c cea7be42d2ce44efb3c3ce9d2a7b19de
 8-23: 16:27:06:13c a1ac572a0d2e71aadffaed32abe5b3f4
 8-23: 16:27:06:13c 3c53be39c3dd723fbb2b5ee239cfaf0d
 8-23: 16:27:06:13c e0a5351ee5fc5a41e1ec19b69f06c001
 8-23: 16:27:06:13c edd39ce24da7128a1e0f3dbe5ed55ca9
 8-23: 16:27:06:13c f9b30231f9783ac9c73e1066108880bd
 8-23: 16:27:06:13c 21157d7cd0c404391a265f33ba1e3a19
 8-23: 16:27:06:13c bc35f0e97b8159b1a484f988e92c793b
 8-23: 16:27:06:13c 638e29419ccb5a2c7657827fee25493c
 8-23: 16:27:06:13c 02e07320a4b6137a726b9c12a7d10324
 8-23: 16:27:06:13c bf80e1f84c2ab6cf64c876f9ba109013
 8-23: 16:27:06:13c 6452faaf8ba314739f55aedda3f6c3bc
 8-23: 16:27:06:13c 25dcb3cad45711ff773526469ab1d471
 8-23: 16:27:06:13c a560
 8-23: 16:27:06:13c Error 80090006 during CryptVerifySignature!

 8-23: 16:27:06:13c Certificate based Identity. Subject AU, Victoria,
Burwood, eB2Bcom, vpn, support_at_eb2b.com.au Issuing Certificate Authority
AU, Victoria, Burwood, eB2Bcom, CA, support_at_eb2b.com.au Root Certificate
Authority AU, Victoria, Burwood, eB2Bcom, CA, support_at_eb2b.com.au Peer
IP Address: 192.168.1.16
 8-23: 16:27:06:13c Source IP Address 192.168.1.150 Source IP Address
Mask 255.255.255.255 Destination IP Address 192.168.1.16 Destination IP
Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0

 8-23: 16:27:06:13c constructing ISAKMP Header
 8-23: 16:27:06:13c constructing HASH (null)
 8-23: 16:27:06:13c constructing NOTIFY 24
 8-23: 16:27:06:13c constructing HASH (ND)
 8-23: 16:27:06:13c Construct ND hash message len = 28 pcklen=80
hashlen=20
 8-23: 16:27:06:13c Construct ND Hash mess ID 7e4cc58c
 8-23: 16:27:06:13c ND Hash skeyid_a 6dec2fe42c218eafd20619d3a858a680
 8-23: 16:27:06:13c d482bc37
 8-23: 16:27:06:13c ND Hash message 0000001c0000000101100018b1857150
 8-23: 16:27:06:13c f7fdc407d9e2b432c143636d
 8-23: 16:27:06:13c isadb_set_status sa:0023A760 centry:00000000 status
cbad033a
 8-23: 16:27:06:13c Key Exchange Mode (Main Mode)
 8-23: 16:27:06:13c Source IP Address 192.168.1.150 Source IP Address
Mask 255.255.255.255 Destination IP Address 192.168.1.16 Destination IP
Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0

 8-23: 16:27:06:13c Me
 8-23: 16:27:06:13c Failed to verify signature
 8-23: 16:27:06:13c ProcessFailure: sa:0023A760 centry:00000000
status:cbad033a
 8-23: 16:27:06:13c Notify already constructed. Ignoring. Sa 0023A760
 8-23: 16:27:06:13c Throw: State mask=200111f
 8-23: 16:27:06:13c Doing tripleDES
 8-23: 16:27:06:13c
 8-23: 16:27:06:13c Sending: SA = 0x0023A760 to 192.168.1.16
 8-23: 16:27:06:13c ISAKMP Header: (V1.0), len = 84
 8-23: 16:27:06:13c I-COOKIE b1857150f7fdc407
 8-23: 16:27:06:13c R-COOKIE d9e2b432c143636d
 8-23: 16:27:06:13c exchange: ISAKMP Informational Exchange
 8-23: 16:27:06:13c flags: 1 ( encrypted )
 8-23: 16:27:06:13c next payload: HASH
 8-23: 16:27:06:13c message ID: 7e4cc58c

Alistair Nelson
Systems Engineer
eB2Bcom Australia

Unit 9, 160 Highbury Road
Burwood, VIC 3125
Australia

phone: +61 3 9831 6666
fax: +61 3 9831 6624
mailto:alistair.nelson_at_eb2b.com.au
http://www.eb2b.com.au

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Whit Blauvelt: "Re: [Users] ip route command"
• Previous message: Pavel Rastopshin: "[Users] Simple question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 26 2002 - 07:19:55 CEST