[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FreeS/WAN - isakmpd

To: goony <goony@inwind.it>, misc@openbsd.org
Subject: Re: FreeS/WAN - isakmpd
From: Andrew Rucker Jones <arjones@simultan.dyndns.org>
Date: Fri, 06 Dec 2002 16:05:56 +0100
Organization: Private Individual
References: <20021206152526.509e72cb.goony@inwind.it> <Pine.BSO.4.40.0212061538010.13837-100000@bloodwine.crt.se> <20021206155157.006bc62f.goony@inwind.it>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003
Okay, it looks like it may be breaking down in phase 1, but i'm not all 
that familiar with OpenBSD isakmpd log messages. A tcpdump trace would 
help, as would debug messages from FreeS/WAN. Set plutodebug=all and/or 
klipsdebug=all on the Linux side and look in Your log file. Perhaps we 
should continue this off-list, as log files can be really big 
(especially from FreeS/WAN).

			-&


goony wrote:
> Thanks for your helps... sorry for disturb ;)
> 
> 
>>>[Phase 2]
>>>#Connections=           hate-test
>>
>>...
>>
>>>152245.206378 Trpt 70 transport_add: adding 0x1172c0
>>>152245.206403 Trpt 95 transport_reference: transport 0x1172c0 now has 1 references
>>
>>There are no negotiations being done here. Up to this point is just
>>initialization of the daemon. Either this side need to initiate
>>negotiations (in which case you should un-comment the Connections= line
>>above, and make sure to have the phase 2 data in the config file), or have
>>the other side peer initiate.
> 
> 
> Ok, set "Connections":
> 
> use:
> 
> [General]
> Policy-File=            /etc/isakmpd/isakmpd.policy
> Retransmits=    5
> Exchange-max-time= 120
> Listen-on= 192.168.11.127
> Check-interval= 30
> 
> [Phase 1]
> 192.168.11.192=         test
> 
> [Phase 2]
> Connections=            hate-test
> #Passive-connections=    hate-test
> 
> [test]
> Phase=                  1
> Transport=              udp
> Local-address=          192.168.11.127
> Address=                192.168.11.192
> Configuration=          main-mode
> Authentication=         123456789012345
> 
> [hate-test]
> Phase=                  2
> ISAKMP-peer=            test
> Configuration=          Default-quick-mode
> Local-ID=               Net-hate
> Remote-ID=              Net-test
> 
> [Net-test]
> ID-type=                IPV4_ADDR
> Address=                192.168.11.192
> Netmask=                255.255.255.255
> 
> [Net-hate]
> ID-type=                IPV4_ADDR
> Address=                192.168.11.127
> Netmask=                255.255.255.255
> 
> # Certificates stored in PEM format
> [X509-certificates]
> CA-directory=           /etc/isakmpd/ca/
> Cert-directory=         /etc/isakmpd/certs/
> Private-key=            /etc/isakmpd/private/local.key
> 
> # 3DES
> [3DES-SHA]
> Life=                   LIFE_180_SECS
> 
> [main-mode]
> EXCHANGE_TYPE=          ID_PROT
> Transforms=             3DES-SHA
> 
> ===============================
> 
> 
> 154823.697753 Misc 95 conf_set: [QM-AH-TRP-AES-RIPEMD-PFS-XF]:Life->LIFE_QUICK_MODE
> 154823.697795 Misc 95 conf_get_str: [Phase 2]:Connections->hate-test
> 154823.697829 Timr 10 timer_add_event: event connection_checker(0x1b6b60) added last, expiration in 0s
> 154823.697866 Misc 95 conf_get_str: configuration value not found [hate-test]:Flags
> 154823.697891 Misc 95 conf_get_str: [hate-test]:Local-ID->Net-hate
> 154823.697914 Misc 95 conf_get_str: [hate-test]:Remote-ID->Net-test
> 154823.697977 Misc 95 conf_get_str: [Net-hate]:ID-type->IPV4_ADDR
> 154823.698003 Misc 95 conf_get_str: [Net-hate]:Address->192.168.11.127
> 154823.698051 Misc 95 conf_get_str: configuration value not found [Net-hate]:Protocol
> 154823.698092 Misc 95 conf_get_str: [Net-test]:ID-type->IPV4_ADDR
> 154823.698116 Misc 95 conf_get_str: [Net-test]:Address->192.168.11.192
> 154823.698147 Misc 95 conf_get_str: configuration value not found [Net-test]:Protocol
> 154823.698174 Misc 60 connection_record_passive: passive connection "hate-test" added
> 154823.713303 Misc 95 conf_get_str: configuration value not found [Phase 2]:Passive-Connections
> 154823.713365 Plcy 30 policy_init: initializing
> 154823.713396 Misc 95 conf_get_str: [General]:Policy-file->/etc/isakmpd/isakmpd.policy
> 154823.733306 Misc 95 conf_get_str: [X509-certificates]:CA-directory->/etc/isakmpd/ca/
> 154823.733628 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/ca/
> 154823.749362 Cryp 60 x509_read_from_dir: reading certificate ca.crt
> 154823.757580 Cryp 60 x509_read_from_dir: reading certificate 192.168.11.127.crt
> 154823.758624 Misc 95 conf_get_str: [X509-certificates]:Cert-directory->/etc/isakmpd/certs/
> 154823.758671 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/certs/
> 154823.758984 Cryp 60 x509_read_from_dir: reading certificate 192.168.11.127.crt
> 154823.764411 Cryp 70 x509_hash_enter: cert 0x116780 added to bucket 8
> 154823.764672 Cryp 70 x509_hash_enter: cert 0x116780 added to bucket 41
> 154823.764730 Misc 95 conf_get_str: [X509-certificates]:CRL-directory->/etc/isakmpd/crls/
> 154823.764755 Cryp 40 x509_read_crls_from_dir: reading CRLs from /etc/isakmpd/crls/
> 154823.777155 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
> 154823.777461 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
> 154823.777521 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
> 154823.777579 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
> 154823.777636 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
> 154823.777711 Trpt 70 transport_add: adding 0x19dfc0
> 154823.777737 Trpt 95 transport_reference: transport 0x19dfc0 now has 1 references
> 154823.777783 Trpt 70 transport_add: adding 0x117280
> 154823.777808 Trpt 95 transport_reference: transport 0x117280 now has 1 references
> 154823.777855 Trpt 70 transport_add: adding 0x1172c0
> 154823.777880 Trpt 95 transport_reference: transport 0x1172c0 now has 1 references
> 154823.809472 Timr 10 timer_handle_expirations: event connection_checker(0x1b6b60)
> 154823.810038 Misc 95 conf_get_str: [General]:check-interval->30
> 154823.810075 Timr 10 timer_add_event: event connection_checker(0x1b6b60) added last, expiration in 30s
> 154823.810122 SA   90 sa_find: no SA matched query
> 154823.810145 Sdep 70 pf_key_v2_connection_check: SA for hate-test missing
> 154823.810183 Misc 95 conf_get_str: [hate-test]:Phase->2
> 154823.810212 Misc 95 conf_get_str: [hate-test]:ISAKMP-peer->test
> 154823.810232 SA   90 sa_find: no SA matched query
> 154823.810261 Misc 95 conf_get_str: [test]:Phase->1
> 154823.810284 Misc 95 conf_get_str: [test]:Phase->1
> 154823.810308 Misc 95 conf_get_str: [test]:Transport->udp
> 154823.810333 Misc 95 conf_get_str: configuration value not found [test]:Port
> 154823.810436 Misc 95 conf_get_str: [test]:Address->192.168.11.192
> 154823.810483 Misc 95 conf_get_str: [test]:Local-address->192.168.11.127
> 154823.810522 Trpt 70 transport_add: adding 0x117300
> 154823.810548 Misc 95 conf_get_str: [test]:Configuration->main-mode
> 154823.810583 Misc 95 conf_get_str: configuration value not found [main-mode]:DOI
> 154823.810641 Misc 95 conf_get_str: [main-mode]:EXCHANGE_TYPE->ID_PROT
> 154823.810675 Misc 95 conf_get_str: [General]:Exchange-max-time->120
> 154823.810703 Timr 10 timer_add_event: event exchange_free_aux(0x16b000) added last, expiration in 120s
> 154823.810729 Misc 95 conf_get_str: [test]:Configuration->main-mode
> 154823.810753 Misc 95 conf_get_str: configuration value not found [test]:Flags
> 154823.810777 Cryp 60 hash_get: requested algorithm 1
> 154823.810919 Exch 10 exchange_establish_p1: 0x16b000 test main-mode policy initiator phase 1 doi 1 exchange 2 step 0
> 154823.810950 Exch 10 exchange_establish_p1: icookie 8f6a3a78c83f173e rcookie 0000000000000000
> 154823.810972 Exch 10 exchange_establish_p1: msgid 00000000 
> 154823.810998 Trpt 95 transport_reference: transport 0x117300 now has 1 references
> 154823.811019 Mesg 90 message_alloc: allocated 0x16b100
> 154823.811044 SA   80 sa_reference: SA 0x16b200 now has 1 references
> 154823.811066 SA   70 sa_enter: SA 0x16b200 added to SA list
> 154823.812188 SA   80 sa_reference: SA 0x16b200 now has 2 references
> 154823.812216 SA   60 sa_create: sa 0x16b200 phase 1 added to exchange 0x16b000 (test)
> 154823.812238 SA   80 sa_reference: SA 0x16b200 now has 3 references
> 154823.812289 Misc 95 conf_get_str: [main-mode]:Transforms->3DES-SHA
> 154823.812326 Misc 95 conf_get_str: [3DES-SHA]:ENCRYPTION_ALGORITHM->3DES_CBC
> 154823.812353 Misc 95 conf_get_str: [3DES-SHA]:HASH_ALGORITHM->SHA
> 154823.812377 Misc 95 conf_get_str: [3DES-SHA]:AUTHENTICATION_METHOD->PRE_SHARED
> 154823.812401 Misc 95 conf_get_str: [3DES-SHA]:GROUP_DESCRIPTION->MODP_1024
> 154823.812427 Misc 95 conf_get_str: [3DES-SHA]:Life->LIFE_180_SECS
> 154823.812456 Misc 95 conf_get_str: configuration value not found [LIFE_180_SECS]:LIFE_TYPE
> 154823.812479 Misc 70 attribute_set_constant: no LIFE_TYPE in the LIFE_180_SECS section
> 154823.812501 Misc 95 conf_get_str: configuration value not found [LIFE_180_SECS]:LIFE_DURATION
> 154823.812528 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:PRF
> 154823.814237 Misc 70 attribute_set_constant: no PRF in the 3DES-SHA section
> 154823.814271 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:KEY_LENGTH
> 154823.814296 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:FIELD_SIZE
> 154823.814321 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:GROUP_ORDER
> 154823.814347 Cryp 60 hash_get: requested algorithm 1
> 154823.814387 Exch 90 exchange_validate: checking for required SA
> 154823.814425 Mesg 70 message_send: message 0x16b100
> 154823.814454 Mesg 70 ICOOKIE: 0x8f6a3a78c83f17
> 154823.814482 Mesg 70 RCOOKIE: 0x00000000000000
> 154823.814504 Mesg 70 NEXT_PAYLOAD: SA
> 154823.814525 Mesg 70 VERSION: 16
> 154823.814583 Mesg 70 EXCH_TYPE: ID_PROT
> 154823.814606 Mesg 70 FLAGS: [ ]
> 154823.814630 Mesg 70 MESSAGE_ID: 0x000000
> 154823.814652 Mesg 70 LENGTH: 72
> 154823.814702 Mesg 70 message_send: 8f6a3a78 c83f173e 00000000 00000000 01100200 00000000 00000048 0000002c
> 154823.814757 Mesg 70 message_send: 00000001 00000001 00000020 01010001 00000018 00010000 80010005 80020002
> 154823.815755 Mesg 70 message_send: 80030001 80040002 
> 154823.815781 Exch 40 exchange_run: exchange 0x16b000 finished step 0, advancing...
> 154823.815807 Exch 90 exchange_lookup_by_name: test == test && 1 == 1?
> 154823.815849 Trpt 95 transport_reference: transport 0x117300 now has 2 references
> 154823.815873 Trpt 95 transport_reference: transport 0x1172c0 now has 2 references
> 154823.815897 Trpt 95 transport_reference: transport 0x117280 now has 2 references
> 154823.815919 Trpt 95 transport_reference: transport 0x19dfc0 now has 2 references
> 154823.816009 Misc 95 conf_get_str: [General]:retransmits->5
> 154823.816056 Trpt 30 transport_send_messages: message 0x16b100 scheduled for retransmission 1 in 7 secs
> 154823.816087 Timr 10 timer_add_event: event message_send_expire(0x16b100) added before connection_checker(0x1b6b60), expiration in 7s
> 154823.816152 Trpt 95 transport_release: transport 0x117300 had 2 references
> 154823.816177 Trpt 95 transport_release: transport 0x1172c0 had 2 references
> 154823.819831 Trpt 95 transport_release: transport 0x117280 had 2 references
> 154823.819871 Trpt 95 transport_release: transport 0x19dfc0 had 2 references
> 154830.823781 Timr 10 timer_handle_expirations: event message_send_expire(0x16b100)
> 154830.824318 Mesg 70 message_send: message 0x16b100
> 154830.824355 Mesg 70 ICOOKIE: 0x8f6a3a78c83f17
> 154830.824385 Mesg 70 RCOOKIE: 0x00000000000000
> 154830.824408 Mesg 70 NEXT_PAYLOAD: SA
> 154830.824429 Mesg 70 VERSION: 16
> 154830.824450 Mesg 70 EXCH_TYPE: ID_PROT
> 154830.824470 Mesg 70 FLAGS: [ ]
> 154830.824494 Mesg 70 MESSAGE_ID: 0x000000
> 154830.824515 Mesg 70 LENGTH: 72
> 154830.824566 Mesg 70 message_send: 8f6a3a78 c83f173e 00000000 00000000 01100200 00000000 00000048 0000002c
> 154830.824620 Mesg 70 message_send: 00000001 00000001 00000020 01010001 00000018 00010000 80010005 80020002
> 154830.824650 Mesg 70 message_send: 80030001 80040002 
> 154830.824691 Trpt 95 transport_reference: transport 0x117300 now has 2 references
> 154830.824715 Trpt 95 transport_reference: transport 0x1172c0 now has 2 references
> 154830.824738 Trpt 95 transport_reference: transport 0x117280 now has 2 references
> 154830.824761 Trpt 95 transport_reference: transport 0x19dfc0 now has 2 references
> 154830.824877 Misc 95 conf_get_str: [General]:retransmits->5
> 154830.824942 Trpt 30 transport_send_messages: message 0x16b100 scheduled for retransmission 2 in 9 secs
> 154830.824974 Timr 10 timer_add_event: event message_send_expire(0x16b100) added before connection_checker(0x1b6b60), expiration in 9s
> 154830.825001 Trpt 95 transport_release: transport 0x117300 had 2 references
> 154830.825023 Trpt 95 transport_release: transport 0x1172c0 had 2 references
> 154830.825046 Trpt 95 transport_release: transport 0x117280 had 2 references
> 154830.825068 Trpt 95 transport_release: transport 0x19dfc0 had 2 references
> 


-- 
GPG key / Schl�ssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt
Encrypt everything. / Alles verschl�sseln.
Follow-Ups:
- Re: FreeS/WAN - isakmpd
  - From: goony <goony@inwind.it>
References:
- Re: FreeS/WAN - isakmpd
  - From: goony <goony@inwind.it>
- Re: FreeS/WAN - isakmpd
  - From: Hakan Olsson <ho@crt.se>
- Re: FreeS/WAN - isakmpd
  - From: goony <goony@inwind.it>
Prev by Date: Re: Strange Request.
Next by Date: Re: FreeS/WAN - isakmpd
Prev by thread: Re: FreeS/WAN - isakmpd
Next by thread: Re: FreeS/WAN - isakmpd
Index(es):
- Date
- Thread