[Users] Freeswan 1.99 to Cisco 3620

From: Sean McAvoy (sean.mcavoy_at_megawheels.com)
Date: Tue Jan 14 2003 - 19:11:39 CET

Hello,
I'm having issues connecting Freeswan 1.99 to a Cisco 3620 (ios 12.2).
The Linux system attempts to initiate the connection, and the Cisco
returns an error of "NO_PROPOSAL_CHOSEN". I've attached the Cisco crypto
config, Freeswan config section, and the logs of both Freeswan and Cisco
for the connection. I think it has something to do with the Cisco not
accepting what Freeswan is offering, but not being a Cisco person (let
alone expert), I'm not sure.
Any help is much appreciated.

-Sean

Cisco crypto config (the london connection is to a watchguard box):

crypto isakmp policy 1
 authentication pre-share
 lifetime 28800
crypto isakmp key toronto address 123.456.789.11
crypto isakmp key london address 11.987.654.321
!
!
crypto ipsec transform-set london esp-3des esp-sha-hmac
crypto ipsec transform-set toronto esp-3des esp-sha-hmac
!
crypto map rtp 1 ipsec-isakmp
 set peer 11.987.654.321
 set transform-set london
 match address 118
crypto map rtp 2 ipsec-isakmp
 set peer 123.456.789.11
 set security-association lifetime kilobytes 8192
 set transform-set toronto
 set pfs group5
 match address 119

END OF CISCO CRYPTO CONFIG
------------------------------

Freeswan config:

config setup
        interfaces = "ipsec0=eth1"
        klipsdebug = none
        plutodebug = none
        plutoload = %search
        plutostart = %search
        uniqueids = yes
        overridemtu = 1400

conn %default
        keyingtries = 3
        disablearrivalcheck = no
        pfs = yes
        auth = esp
        rekeyfuzz = 75%
        rekeymargin = 10s

conn toronto-calgary
        left = 123.456.789.11
        leftsubnet = 192.168.10.0/255.255.255.0
        leftnexthop = 123.456.789.1
        right = 211.221.221.2
        rightsubnet = 222.222.222.0/255.255.255.0
        auto = start
        authby = secret
        lifetime = 28800s
        pfs = yes
        auth = esp
        esp = 3des-sha1-96

END OF FREESWAN CONFIG
--------------------------------

Cisco log:

18:48:35: ISAKMP (0:26): purging SA., sa=62916958, delme=62916958
18:48:35: CryptoEngine0: delete connection 26
18:48:48: ISAKMP: quick mode timer expired.
18:48:48: ISAKMP (0:27): peer does not do paranoid keepalives.

18:48:48: ISAKMP (0:27): deleting SA reason "QM_TIMER expired" state (R)
MM_NO_STATE (peer 123.456.789.11) input queue 0
18:48:57: ISAKMP (0:0): received packet from 123.456.789.11 (N) NEW SA
18:48:57: ISAKMP: local port 500, remote port 500
18:48:57: ISAKMP (0:30): processing SA payload. message ID = 0
18:48:57: ISAKMP (0:30): found peer pre-shared key matching
123.456.789.11
18:48:57: ISAKMP (0:30): Checking ISAKMP transform 0 against priority 1
policy
18:48:57: ISAKMP: life type in seconds
18:48:57: ISAKMP: life duration (basic) of 3600
18:48:57: ISAKMP: encryption 3DES-CBC
18:48:57: ISAKMP: hash MD5
18:48:57: ISAKMP: auth pre-share
18:48:57: ISAKMP: default group 5
18:48:57: ISAKMP (0:30): Encryption algorithm offered does not match
policy!
18:48:57: ISAKMP (0:30): atts are not acceptable. Next payload is 3
18:48:57: ISAKMP (0:30): Checking ISAKMP transform 1 against priority 1
policy
18:48:57: ISAKMP: life type in seconds
18:48:57: ISAKMP: life duration (basic) of 3600
18:48:57: ISAKMP: encryption 3DES-CBC
18:48:57: ISAKMP: hash SHA
18:48:57: ISAKMP: auth pre-share
18:48:57: ISAKMP: default group 5
18:48:57: ISAKMP (0:30): Encryption algorithm offered does not match
policy!
18:48:57: ISAKMP (0:30): atts are not acceptable. Next payload is 3
18:48:57: ISAKMP (0:30): Checking ISAKMP transform 2 against priority 1
policy
18:48:57: ISAKMP: life type in seconds
18:48:58: ISAKMP: life duration (basic) of 3600
18:48:58: ISAKMP: encryption 3DES-CBC
18:48:58: ISAKMP: hash MD5
18:48:58: ISAKMP: auth pre-share
18:48:58: ISAKMP: default group 2
18:48:58: ISAKMP (0:30): Encryption algorithm offered does not match
policy!
18:48:58: ISAKMP (0:30): atts are not acceptable. Next payload is 3
18:48:58: ISAKMP (0:30): Checking ISAKMP transform 3 against priority 1
policy
18:48:58: ISAKMP: life type in seconds
18:48:58: ISAKMP: life duration (basic) of 3600
18:48:58: ISAKMP: encryption 3DES-CBC
18:48:58: ISAKMP: hash SHA
18:48:58: ISAKMP: auth pre-share
18:48:58: ISAKMP: default group 2
18:48:58: ISAKMP (0:30): Encryption algorithm offered does not match
policy!
18:48:58: ISAKMP (0:30): atts are not acceptable. Next payload is 0
18:48:58: ISAKMP (0:30): Checking ISAKMP transform 0 against priority
65535 policy
18:48:58: ISAKMP: life type in seconds
18:48:58: ISAKMP: life duration (basic) of 3600
18:48:58: ISAKMP: encryption 3DES-CBC
18:48:58: ISAKMP: hash MD5
18:48:58: ISAKMP: auth pre-share
18:48:58: ISAKMP: default group 5
18:48:58: ISAKMP (0:30): Encryption algorithm offered does not match
policy!
18:48:58: ISAKMP (0:30): atts are not acceptable. Next payload is 3
18:48:58: ISAKMP (0:30): Checking ISAKMP transform 1 against priority
65535 policy
18:48:58: ISAKMP: life type in seconds
18:48:58: ISAKMP: life duration (basic) of 3600
18:48:58: ISAKMP: encryption 3DES-CBC
18:48:58: ISAKMP: hash SHA
18:48:58: ISAKMP: auth pre-share
18:48:58: ISAKMP: default group 5
18:48:58: ISAKMP (0:30): Encryption algorithm offered does not match
policy!
18:48:58: ISAKMP (0:30): atts are not acceptable. Next payload is 3
18:48:58: ISAKMP (0:30): Checking ISAKMP transform 2 against priority
65535 policy
18:48:58: ISAKMP: life type in seconds
18:48:58: ISAKMP: life duration (basic) of 3600
18:48:58: ISAKMP: encryption 3DES-CBC
18:48:58: ISAKMP: hash MD5
18:48:58: ISAKMP: auth pre-share
18:48:58: ISAKMP: default group 2
18:48:58: ISAKMP (0:30): Encryption algorithm offered does not match
policy!
18:48:58: ISAKMP (0:30): atts are not acceptable. Next payload is 3
18:48:58: ISAKMP (0:30): Checking ISAKMP transform 3 against priority
65535 policy
18:48:58: ISAKMP: life type in seconds
18:48:58: ISAKMP: life duration (basic) of 3600
18:48:58: ISAKMP: encryption 3DES-CBC
18:48:58: ISAKMP: hash SHA
18:48:58: ISAKMP: auth pre-share
18:48:58: ISAKMP: default group 2
18:48:58: ISAKMP (0:30): Encryption algorithm offered does not match
policy!
18:48:58: ISAKMP (0:30): atts are not acceptable. Next payload is 0
18:48:58: ISAKMP (0:30): no offers accepted!
18:48:58: ISAKMP (0:30): phase 1 SA not acceptable!
18:48:58: ISAKMP (0:30): incrementing error counter on sa:
construct_fail_ag_init
18:48:58: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Main mode failed
with peer at 123.456.789.11
18:48:58: ISAKMP (0:30): sending packet to 123.456.789.11 (R)
MM_NO_STATE
18:48:59: ISAKMP: quick mode timer expired.
18:48:59: ISAKMP (0:28): peer does not do paranoid keepalives.

18:48:59: ISAKMP (0:28): deleting SA reason "QM_TIMER expired" state (R)
MM_NO_STATE (peer 123.456.789.11) input queue 0
18:49:08: ISAKMP (0:0): received packet from 123.456.789.11 (N) NEW SA
18:49:08: ISAKMP: local port 500, remote port 500
18:49:08: ISAKMP (0:31): processing SA payload. message ID = 0
18:49:08: ISAKMP (0:31): found peer pre-shared key matching
123.456.789.11
18:49:08: ISAKMP (0:31): Checking ISAKMP transform 0 against priority 1
policy
18:49:08: ISAKMP: life type in seconds
18:49:08: ISAKMP: life duration (basic) of 3600
18:49:08: ISAKMP: encryption 3DES-CBC
18:49:08: ISAKMP: hash MD5
18:49:08: ISAKMP: auth pre-share
18:49:08: ISAKMP: default group 5
18:49:08: ISAKMP (0:31): Encryption algorithm offered does not match
policy!
18:49:08: ISAKMP (0:31): atts are not acceptable. Next payload is 3
18:49:08: ISAKMP (0:31): Checking ISAKMP transform 1 against priority 1
policy
18:49:08: ISAKMP: life type in seconds
18:49:08: ISAKMP: life duration (basic) of 3600
18:49:08: ISAKMP: encryption 3DES-CBC
18:49:08: ISAKMP: hash SHA
18:49:08: ISAKMP: auth pre-share
18:49:08: ISAKMP: default group 5
18:49:08: ISAKMP (0:31): Encryption algorithm offered does not match
policy!
18:49:08: ISAKMP (0:31): atts are not acceptable. Next payload is 3
18:49:08: ISAKMP (0:31): Checking ISAKMP transform 2 against priority 1
policy
18:49:08: ISAKMP: life type in seconds
18:49:08: ISAKMP: life duration (basic) of 3600
18:49:08: ISAKMP: encryption 3DES-CBC
18:49:08: ISAKMP: hash MD5
18:49:08: ISAKMP: auth pre-share
18:49:08: ISAKMP: default group 2
18:49:08: ISAKMP (0:31): Encryption algorithm offered does not match
policy!
18:49:08: ISAKMP (0:31): atts are not acceptable. Next payload is 3
18:49:08: ISAKMP (0:31): Checking ISAKMP transform 3 against priority 1
policy
18:49:08: ISAKMP: life type in seconds
18:49:08: ISAKMP: life duration (basic) of 3600
18:49:08: ISAKMP: encryption 3DES-CBC
18:49:08: ISAKMP: hash SHA
18:49:08: ISAKMP: auth pre-share
18:49:08: ISAKMP: default group 2
18:49:08: ISAKMP (0:31): Encryption algorithm offered does not match
policy!
18:49:08: ISAKMP (0:31): atts are not acceptable. Next payload is 0
18:49:08: ISAKMP (0:31): Checking ISAKMP transform 0 against priority
65535 policy
18:49:08: ISAKMP: life type in seconds
18:49:08: ISAKMP: life duration (basic) of 3600
18:49:08: ISAKMP: encryption 3DES-CBC
18:49:08: ISAKMP: hash MD5
18:49:08: ISAKMP: auth pre-share
18:49:08: ISAKMP: default group 5
18:49:08: ISAKMP (0:31): Encryption algorithm offered does not match
policy!
18:49:08: ISAKMP (0:31): atts are not acceptable. Next payload is 3
18:49:08: ISAKMP (0:31): Checking ISAKMP transform 1 against priority
65535 policy
18:49:08: ISAKMP: life type in seconds
18:49:08: ISAKMP: life duration (basic) of 3600
18:49:08: ISAKMP: encryption 3DES-CBC
18:49:08: ISAKMP: hash SHA
18:49:08: ISAKMP: auth pre-share
18:49:08: ISAKMP: default group 5
18:49:08: ISAKMP (0:31): Encryption algorithm offered does not match
policy!
18:49:08: ISAKMP (0:31): atts are not acceptable. Next payload is 3
18:49:08: ISAKMP (0:31): Checking ISAKMP transform 2 against priority
65535 policy
18:49:08: ISAKMP: life type in seconds
18:49:08: ISAKMP: life duration (basic) of 3600
18:49:08: ISAKMP: encryption 3DES-CBC
18:49:08: ISAKMP: hash MD5
18:49:08: ISAKMP: auth pre-share
18:49:08: ISAKMP: default group 2
18:49:08: ISAKMP (0:31): Encryption algorithm offered does not match
policy!
18:49:08: ISAKMP (0:31): atts are not acceptable. Next payload is 3
18:49:08: ISAKMP (0:31): Checking ISAKMP transform 3 against priority
65535 policy
18:49:08: ISAKMP: life type in seconds
18:49:08: ISAKMP: life duration (basic) of 3600
18:49:08: ISAKMP: encryption 3DES-CBC
18:49:08: ISAKMP: hash SHA
18:49:08: ISAKMP: auth pre-share
18:49:08: ISAKMP: default group 2
18:49:08: ISAKMP (0:31): Encryption algorithm offered does not match
policy!
18:49:08: ISAKMP (0:31): atts are not acceptable. Next payload is 0
18:49:08: ISAKMP (0:31): no offers accepted!
18:49:08: ISAKMP (0:31): phase 1 SA not acceptable!
18:49:08: ISAKMP (0:31): incrementing error counter on sa:
construct_fail_ag_init
18:49:08: ISAKMP (0:31): sending packet to 123.456.789.11 (R)
MM_NO_STATE
18:49:19: ISAKMP: quick mode timer expired.
18:49:19: ISAKMP (0:29): peer does not do paranoid keepalives.

18:49:19: ISAKMP (0:29): deleting SA reason "QM_TIMER expired" state (R)
MM_NO_STATE (peer 123.456.789.11) input queue 0

END OF CISCO LOG
-----------------------------------------------

Freeswan Log (used `ipsec whack --name toronto-calgary --debug-parsing
--debug-control --debug-emitting`):

Jan 14 12:48:28 grimlock pluto[23265]: "toronto-calgary": enabling for
connection: debug-parsing+debug-emitting+debug-control
Jan 14 12:48:28 grimlock pluto[23265]: | creating state object #1224 at
0x80ee110
Jan 14 12:48:28 grimlock pluto[23265]: "toronto-calgary" #1224: enabling
for connection: none
Jan 14 12:48:28 grimlock pluto[23265]: | ICOOKIE: 4e 47 a7 c1 b3 be a3
a9
Jan 14 12:48:28 grimlock pluto[23265]: | RCOOKIE: 00 00 00 00 00 00 00
00
Jan 14 12:48:28 grimlock pluto[23265]: | peer: cf e5 28 02
Jan 14 12:48:28 grimlock pluto[23265]: | state hash entry 6
Jan 14 12:48:28 grimlock pluto[23265]: | inserting event
EVENT_SO_DISCARD, timeout in 0 seconds for #1224
Jan 14 12:48:28 grimlock pluto[23265]: | Queuing pending Quick Mode with
211.221.221.2 "toronto-calgary"
Jan 14 12:48:28 grimlock pluto[23265]: "toronto-calgary" #1224:
initiating Main Mode
Jan 14 12:48:28 grimlock pluto[23265]: | **emit ISAKMP Message:
Jan 14 12:48:28 grimlock pluto[23265]: | initiator cookie:
Jan 14 12:48:28 grimlock pluto[23265]: | 4e 47 a7 c1 b3 be a3 a9
Jan 14 12:48:28 grimlock pluto[23265]: | responder cookie:
Jan 14 12:48:28 grimlock pluto[23265]: | 00 00 00 00 00 00 00 00
Jan 14 12:48:28 grimlock pluto[23265]: | next payload type:
ISAKMP_NEXT_SA
Jan 14 12:48:28 grimlock pluto[23265]: | ISAKMP version: ISAKMP
Version 1.0
Jan 14 12:48:28 grimlock pluto[23265]: | exchange type:
ISAKMP_XCHG_IDPROT
Jan 14 12:48:28 grimlock pluto[23265]: | flags: none
Jan 14 12:48:28 grimlock pluto[23265]: | message ID: 00 00 00 00
Jan 14 12:48:28 grimlock pluto[23265]: | ***emit ISAKMP Security
Association Payload:
Jan 14 12:48:28 grimlock pluto[23265]: | next payload type:
ISAKMP_NEXT_NONE
Jan 14 12:48:28 grimlock pluto[23265]: | DOI: ISAKMP_DOI_IPSEC
Jan 14 12:48:28 grimlock pluto[23265]: | ****emit IPsec DOI SIT:
Jan 14 12:48:28 grimlock pluto[23265]: | IPsec DOI SIT:
SIT_IDENTITY_ONLY
Jan 14 12:48:28 grimlock pluto[23265]: | 5_000-1-5, 5_000-2-5,
5_000-1-2, 5_000-2-2, flags=-strict
Jan 14 12:48:28 grimlock pluto[23265]: | ****emit ISAKMP Proposal
Payload:
Jan 14 12:48:28 grimlock pluto[23265]: | next payload type:
ISAKMP_NEXT_NONE
Jan 14 12:48:28 grimlock pluto[23265]: | proposal number: 0
Jan 14 12:48:28 grimlock pluto[23265]: | protocol ID: PROTO_ISAKMP
Jan 14 12:48:28 grimlock pluto[23265]: | SPI size: 0
Jan 14 12:48:28 grimlock pluto[23265]: | number of transforms: 4
Jan 14 12:48:29 grimlock pluto[23265]: | *****emit ISAKMP Transform
Payload (ISAKMP):
Jan 14 12:48:29 grimlock pluto[23265]: | next payload type:
ISAKMP_NEXT_T
Jan 14 12:48:29 grimlock pluto[23265]: | transform number: 0
Jan 14 12:48:29 grimlock pluto[23265]: | transform ID: KEY_IKE
Jan 14 12:48:29 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:29 grimlock pluto[23265]: | af+type: OAKLEY_LIFE_TYPE
Jan 14 12:48:29 grimlock pluto[23265]: | length/value: 1
Jan 14 12:48:29 grimlock pluto[23265]: | [1 is OAKLEY_LIFE_SECONDS]
Jan 14 12:48:29 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:29 grimlock pluto[23265]: | af+type:
OAKLEY_LIFE_DURATION
Jan 14 12:48:29 grimlock pluto[23265]: | length/value: 3600
Jan 14 12:48:29 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:29 grimlock pluto[23265]: | af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Jan 14 12:48:29 grimlock pluto[23265]: | length/value: 5
Jan 14 12:48:29 grimlock pluto[23265]: | [5 is OAKLEY_3DES_CBC]
Jan 14 12:48:29 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:29 grimlock pluto[23265]: | af+type:
OAKLEY_HASH_ALGORITHM
Jan 14 12:48:29 grimlock pluto[23265]: | length/value: 1
Jan 14 12:48:29 grimlock pluto[23265]: | [1 is OAKLEY_MD5]
Jan 14 12:48:29 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:29 grimlock pluto[23265]: | af+type:
OAKLEY_AUTHENTICATION_METHOD
Jan 14 12:48:29 grimlock pluto[23265]: | length/value: 1
Jan 14 12:48:29 grimlock pluto[23265]: | [1 is OAKLEY_PRESHARED_KEY]
Jan 14 12:48:29 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:29 grimlock pluto[23265]: | af+type:
OAKLEY_GROUP_DESCRIPTION
Jan 14 12:48:29 grimlock pluto[23265]: | length/value: 5
Jan 14 12:48:29 grimlock pluto[23265]: | [5 is OAKLEY_GROUP_MODP1536
(extension)]
Jan 14 12:48:29 grimlock pluto[23265]: | emitting length of ISAKMP
Transform Payload (ISAKMP): 32
Jan 14 12:48:29 grimlock pluto[23265]: | *****emit ISAKMP Transform
Payload (ISAKMP):
Jan 14 12:48:29 grimlock pluto[23265]: | next payload type:
ISAKMP_NEXT_T
Jan 14 12:48:29 grimlock pluto[23265]: | transform number: 1
Jan 14 12:48:29 grimlock pluto[23265]: | transform ID: KEY_IKE
Jan 14 12:48:30 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:30 grimlock pluto[23265]: | af+type: OAKLEY_LIFE_TYPE
Jan 14 12:48:30 grimlock pluto[23265]: | length/value: 1
Jan 14 12:48:30 grimlock pluto[23265]: | [1 is OAKLEY_LIFE_SECONDS]
Jan 14 12:48:30 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:30 grimlock pluto[23265]: | af+type:
OAKLEY_LIFE_DURATION
Jan 14 12:48:30 grimlock pluto[23265]: | length/value: 3600
Jan 14 12:48:30 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:30 grimlock pluto[23265]: | af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Jan 14 12:48:30 grimlock pluto[23265]: | length/value: 5
Jan 14 12:48:30 grimlock pluto[23265]: | [5 is OAKLEY_3DES_CBC]
Jan 14 12:48:30 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:30 grimlock pluto[23265]: | af+type:
OAKLEY_HASH_ALGORITHM
Jan 14 12:48:30 grimlock pluto[23265]: | length/value: 2
Jan 14 12:48:30 grimlock pluto[23265]: | [2 is OAKLEY_SHA]
Jan 14 12:48:30 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:30 grimlock pluto[23265]: | af+type:
OAKLEY_AUTHENTICATION_METHOD
Jan 14 12:48:30 grimlock pluto[23265]: | length/value: 1
Jan 14 12:48:30 grimlock pluto[23265]: | [1 is OAKLEY_PRESHARED_KEY]
Jan 14 12:48:30 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:30 grimlock pluto[23265]: | af+type:
OAKLEY_GROUP_DESCRIPTION
Jan 14 12:48:30 grimlock pluto[23265]: | length/value: 5
Jan 14 12:48:30 grimlock pluto[23265]: | [5 is OAKLEY_GROUP_MODP1536
(extension)]
Jan 14 12:48:30 grimlock pluto[23265]: | emitting length of ISAKMP
Transform Payload (ISAKMP): 32
Jan 14 12:48:30 grimlock pluto[23265]: | *****emit ISAKMP Transform
Payload (ISAKMP):
Jan 14 12:48:30 grimlock pluto[23265]: | next payload type:
ISAKMP_NEXT_T
Jan 14 12:48:30 grimlock pluto[23265]: | transform number: 2
Jan 14 12:48:30 grimlock pluto[23265]: | transform ID: KEY_IKE
Jan 14 12:48:30 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:30 grimlock pluto[23265]: | af+type: OAKLEY_LIFE_TYPE
Jan 14 12:48:30 grimlock pluto[23265]: | length/value: 1
Jan 14 12:48:30 grimlock pluto[23265]: | [1 is OAKLEY_LIFE_SECONDS]
Jan 14 12:48:31 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:31 grimlock pluto[23265]: | af+type:
OAKLEY_LIFE_DURATION
Jan 14 12:48:31 grimlock pluto[23265]: | length/value: 3600
Jan 14 12:48:31 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:31 grimlock pluto[23265]: | af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Jan 14 12:48:31 grimlock pluto[23265]: | length/value: 5
Jan 14 12:48:31 grimlock pluto[23265]: | [5 is OAKLEY_3DES_CBC]
Jan 14 12:48:31 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:31 grimlock pluto[23265]: | af+type:
OAKLEY_HASH_ALGORITHM
Jan 14 12:48:31 grimlock pluto[23265]: | length/value: 1
Jan 14 12:48:31 grimlock pluto[23265]: | [1 is OAKLEY_MD5]
Jan 14 12:48:31 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:31 grimlock pluto[23265]: | af+type:
OAKLEY_AUTHENTICATION_METHOD
Jan 14 12:48:31 grimlock pluto[23265]: | length/value: 1
Jan 14 12:48:31 grimlock pluto[23265]: | [1 is OAKLEY_PRESHARED_KEY]
Jan 14 12:48:31 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:31 grimlock pluto[23265]: | af+type:
OAKLEY_GROUP_DESCRIPTION
Jan 14 12:48:31 grimlock pluto[23265]: | length/value: 2
Jan 14 12:48:31 grimlock pluto[23265]: | [2 is
OAKLEY_GROUP_MODP1024]
Jan 14 12:48:31 grimlock pluto[23265]: | emitting length of ISAKMP
Transform Payload (ISAKMP): 32
Jan 14 12:48:31 grimlock pluto[23265]: | *****emit ISAKMP Transform
Payload (ISAKMP):
Jan 14 12:48:31 grimlock pluto[23265]: | next payload type:
ISAKMP_NEXT_NONE
Jan 14 12:48:31 grimlock pluto[23265]: | transform number: 3
Jan 14 12:48:31 grimlock pluto[23265]: | transform ID: KEY_IKE
Jan 14 12:48:31 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:31 grimlock pluto[23265]: | af+type: OAKLEY_LIFE_TYPE
Jan 14 12:48:31 grimlock pluto[23265]: | length/value: 1
Jan 14 12:48:31 grimlock pluto[23265]: | [1 is OAKLEY_LIFE_SECONDS]
Jan 14 12:48:31 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:31 grimlock pluto[23265]: | af+type:
OAKLEY_LIFE_DURATION
Jan 14 12:48:31 grimlock pluto[23265]: | length/value: 3600
Jan 14 12:48:31 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:31 grimlock pluto[23265]: | af+type:
OAKLEY_ENCRYPTION_ALGORITHM
Jan 14 12:48:31 grimlock pluto[23265]: | length/value: 5
Jan 14 12:48:32 grimlock pluto[23265]: | [5 is OAKLEY_3DES_CBC]
Jan 14 12:48:32 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:32 grimlock pluto[23265]: | af+type:
OAKLEY_HASH_ALGORITHM
Jan 14 12:48:32 grimlock pluto[23265]: | length/value: 2
Jan 14 12:48:32 grimlock pluto[23265]: | [2 is OAKLEY_SHA]
Jan 14 12:48:32 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:32 grimlock pluto[23265]: | af+type:
OAKLEY_AUTHENTICATION_METHOD
Jan 14 12:48:32 grimlock pluto[23265]: | length/value: 1
Jan 14 12:48:32 grimlock pluto[23265]: | [1 is OAKLEY_PRESHARED_KEY]
Jan 14 12:48:32 grimlock pluto[23265]: | ******emit ISAKMP Oakley
attribute:
Jan 14 12:48:32 grimlock pluto[23265]: | af+type:
OAKLEY_GROUP_DESCRIPTION
Jan 14 12:48:32 grimlock pluto[23265]: | length/value: 2
Jan 14 12:48:32 grimlock pluto[23265]: | [2 is
OAKLEY_GROUP_MODP1024]
Jan 14 12:48:32 grimlock pluto[23265]: | emitting length of ISAKMP
Transform Payload (ISAKMP): 32
Jan 14 12:48:32 grimlock pluto[23265]: | emitting length of ISAKMP
Proposal Payload: 136
Jan 14 12:48:32 grimlock pluto[23265]: | emitting length of ISAKMP
Security Association Payload: 148
Jan 14 12:48:32 grimlock pluto[23265]: | emitting length of ISAKMP
Message: 176
Jan 14 12:48:32 grimlock pluto[23265]: | inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1224
Jan 14 12:48:32 grimlock pluto[23265]: packet from 211.221.221.2:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN
Jan 14 12:48:42 grimlock pluto[23265]: "toronto-calgary" #1224: enabling
for connection: debug-parsing+debug-emitting+debug-control
Jan 14 12:48:42 grimlock pluto[23265]: | handling event EVENT_RETRANSMIT
for 211.221.221.2 "toronto-calgary" #1224
Jan 14 12:48:42 grimlock pluto[23265]: | inserting event
EVENT_RETRANSMIT, timeout in 20 seconds for #1224
Jan 14 12:48:42 grimlock pluto[23265]: packet from 211.221.221.2:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

END OF FREESWAN LOG
----------------------------------------------------------

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.5 : Wed Jan 15 2003 - 20:11:40 CET