[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FreeS/WAN - isakmpd

To: misc_(_at_)_OpenBSD_(_dot_)_org
Subject: Re: FreeS/WAN - isakmpd
From: goony <goony_(_at_)_inwind_(_dot_)_it>
Date: Fri, 6 Dec 2002 15:51:57 +0100
Cc: Hakan Olsson <ho_(_at_)_crt_(_dot_)_se>
Organization: OpenBEER
Thanks for your helps... sorry for disturb ;)

> > [Phase 2]
> > #Connections=           hate-test
> ...
> > 152245.206378 Trpt 70 transport_add: adding 0x1172c0
> > 152245.206403 Trpt 95 transport_reference: transport 0x1172c0 now has 1 references
> 
> There are no negotiations being done here. Up to this point is just
> initialization of the daemon. Either this side need to initiate
> negotiations (in which case you should un-comment the Connections= line
> above, and make sure to have the phase 2 data in the config file), or have
> the other side peer initiate.

Ok, set "Connections":

use:

[General]
Policy-File=            /etc/isakmpd/isakmpd.policy
Retransmits=    5
Exchange-max-time= 120
Listen-on= 192.168.11.127
Check-interval= 30

[Phase 1]
192.168.11.192=         test

[Phase 2]
Connections=            hate-test
#Passive-connections=    hate-test

[test]
Phase=                  1
Transport=              udp
Local-address=          192.168.11.127
Address=                192.168.11.192
Configuration=          main-mode
Authentication=         123456789012345

[hate-test]
Phase=                  2
ISAKMP-peer=            test
Configuration=          Default-quick-mode
Local-ID=               Net-hate
Remote-ID=              Net-test

[Net-test]
ID-type=                IPV4_ADDR
Address=                192.168.11.192
Netmask=                255.255.255.255

[Net-hate]
ID-type=                IPV4_ADDR
Address=                192.168.11.127
Netmask=                255.255.255.255

# Certificates stored in PEM format
[X509-certificates]
CA-directory=           /etc/isakmpd/ca/
Cert-directory=         /etc/isakmpd/certs/
Private-key=            /etc/isakmpd/private/local.key

# 3DES
[3DES-SHA]
Life=                   LIFE_180_SECS

[main-mode]
EXCHANGE_TYPE=          ID_PROT
Transforms=             3DES-SHA

===============================


154823.697753 Misc 95 conf_set: [QM-AH-TRP-AES-RIPEMD-PFS-XF]:Life->LIFE_QUICK_MODE
154823.697795 Misc 95 conf_get_str: [Phase 2]:Connections->hate-test
154823.697829 Timr 10 timer_add_event: event connection_checker(0x1b6b60) added last, expiration in 0s
154823.697866 Misc 95 conf_get_str: configuration value not found [hate-test]:Flags
154823.697891 Misc 95 conf_get_str: [hate-test]:Local-ID->Net-hate
154823.697914 Misc 95 conf_get_str: [hate-test]:Remote-ID->Net-test
154823.697977 Misc 95 conf_get_str: [Net-hate]:ID-type->IPV4_ADDR
154823.698003 Misc 95 conf_get_str: [Net-hate]:Address->192.168.11.127
154823.698051 Misc 95 conf_get_str: configuration value not found [Net-hate]:Protocol
154823.698092 Misc 95 conf_get_str: [Net-test]:ID-type->IPV4_ADDR
154823.698116 Misc 95 conf_get_str: [Net-test]:Address->192.168.11.192
154823.698147 Misc 95 conf_get_str: configuration value not found [Net-test]:Protocol
154823.698174 Misc 60 connection_record_passive: passive connection "hate-test" added
154823.713303 Misc 95 conf_get_str: configuration value not found [Phase 2]:Passive-Connections
154823.713365 Plcy 30 policy_init: initializing
154823.713396 Misc 95 conf_get_str: [General]:Policy-file->/etc/isakmpd/isakmpd.policy
154823.733306 Misc 95 conf_get_str: [X509-certificates]:CA-directory->/etc/isakmpd/ca/
154823.733628 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/ca/
154823.749362 Cryp 60 x509_read_from_dir: reading certificate ca.crt
154823.757580 Cryp 60 x509_read_from_dir: reading certificate 192.168.11.127.crt
154823.758624 Misc 95 conf_get_str: [X509-certificates]:Cert-directory->/etc/isakmpd/certs/
154823.758671 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/certs/
154823.758984 Cryp 60 x509_read_from_dir: reading certificate 192.168.11.127.crt
154823.764411 Cryp 70 x509_hash_enter: cert 0x116780 added to bucket 8
154823.764672 Cryp 70 x509_hash_enter: cert 0x116780 added to bucket 41
154823.764730 Misc 95 conf_get_str: [X509-certificates]:CRL-directory->/etc/isakmpd/crls/
154823.764755 Cryp 40 x509_read_crls_from_dir: reading CRLs from /etc/isakmpd/crls/
154823.777155 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
154823.777461 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
154823.777521 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
154823.777579 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
154823.777636 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
154823.777711 Trpt 70 transport_add: adding 0x19dfc0
154823.777737 Trpt 95 transport_reference: transport 0x19dfc0 now has 1 references
154823.777783 Trpt 70 transport_add: adding 0x117280
154823.777808 Trpt 95 transport_reference: transport 0x117280 now has 1 references
154823.777855 Trpt 70 transport_add: adding 0x1172c0
154823.777880 Trpt 95 transport_reference: transport 0x1172c0 now has 1 references
154823.809472 Timr 10 timer_handle_expirations: event connection_checker(0x1b6b60)
154823.810038 Misc 95 conf_get_str: [General]:check-interval->30
154823.810075 Timr 10 timer_add_event: event connection_checker(0x1b6b60) added last, expiration in 30s
154823.810122 SA   90 sa_find: no SA matched query
154823.810145 Sdep 70 pf_key_v2_connection_check: SA for hate-test missing
154823.810183 Misc 95 conf_get_str: [hate-test]:Phase->2
154823.810212 Misc 95 conf_get_str: [hate-test]:ISAKMP-peer->test
154823.810232 SA   90 sa_find: no SA matched query
154823.810261 Misc 95 conf_get_str: [test]:Phase->1
154823.810284 Misc 95 conf_get_str: [test]:Phase->1
154823.810308 Misc 95 conf_get_str: [test]:Transport->udp
154823.810333 Misc 95 conf_get_str: configuration value not found [test]:Port
154823.810436 Misc 95 conf_get_str: [test]:Address->192.168.11.192
154823.810483 Misc 95 conf_get_str: [test]:Local-address->192.168.11.127
154823.810522 Trpt 70 transport_add: adding 0x117300
154823.810548 Misc 95 conf_get_str: [test]:Configuration->main-mode
154823.810583 Misc 95 conf_get_str: configuration value not found [main-mode]:DOI
154823.810641 Misc 95 conf_get_str: [main-mode]:EXCHANGE_TYPE->ID_PROT
154823.810675 Misc 95 conf_get_str: [General]:Exchange-max-time->120
154823.810703 Timr 10 timer_add_event: event exchange_free_aux(0x16b000) added last, expiration in 120s
154823.810729 Misc 95 conf_get_str: [test]:Configuration->main-mode
154823.810753 Misc 95 conf_get_str: configuration value not found [test]:Flags
154823.810777 Cryp 60 hash_get: requested algorithm 1
154823.810919 Exch 10 exchange_establish_p1: 0x16b000 test main-mode policy initiator phase 1 doi 1 exchange 2 step 0
154823.810950 Exch 10 exchange_establish_p1: icookie 8f6a3a78c83f173e rcookie 0000000000000000
154823.810972 Exch 10 exchange_establish_p1: msgid 00000000 
154823.810998 Trpt 95 transport_reference: transport 0x117300 now has 1 references
154823.811019 Mesg 90 message_alloc: allocated 0x16b100
154823.811044 SA   80 sa_reference: SA 0x16b200 now has 1 references
154823.811066 SA   70 sa_enter: SA 0x16b200 added to SA list
154823.812188 SA   80 sa_reference: SA 0x16b200 now has 2 references
154823.812216 SA   60 sa_create: sa 0x16b200 phase 1 added to exchange 0x16b000 (test)
154823.812238 SA   80 sa_reference: SA 0x16b200 now has 3 references
154823.812289 Misc 95 conf_get_str: [main-mode]:Transforms->3DES-SHA
154823.812326 Misc 95 conf_get_str: [3DES-SHA]:ENCRYPTION_ALGORITHM->3DES_CBC
154823.812353 Misc 95 conf_get_str: [3DES-SHA]:HASH_ALGORITHM->SHA
154823.812377 Misc 95 conf_get_str: [3DES-SHA]:AUTHENTICATION_METHOD->PRE_SHARED
154823.812401 Misc 95 conf_get_str: [3DES-SHA]:GROUP_DESCRIPTION->MODP_1024
154823.812427 Misc 95 conf_get_str: [3DES-SHA]:Life->LIFE_180_SECS
154823.812456 Misc 95 conf_get_str: configuration value not found [LIFE_180_SECS]:LIFE_TYPE
154823.812479 Misc 70 attribute_set_constant: no LIFE_TYPE in the LIFE_180_SECS section
154823.812501 Misc 95 conf_get_str: configuration value not found [LIFE_180_SECS]:LIFE_DURATION
154823.812528 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:PRF
154823.814237 Misc 70 attribute_set_constant: no PRF in the 3DES-SHA section
154823.814271 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:KEY_LENGTH
154823.814296 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:FIELD_SIZE
154823.814321 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:GROUP_ORDER
154823.814347 Cryp 60 hash_get: requested algorithm 1
154823.814387 Exch 90 exchange_validate: checking for required SA
154823.814425 Mesg 70 message_send: message 0x16b100
154823.814454 Mesg 70 ICOOKIE: 0x8f6a3a78c83f17
154823.814482 Mesg 70 RCOOKIE: 0x00000000000000
154823.814504 Mesg 70 NEXT_PAYLOAD: SA
154823.814525 Mesg 70 VERSION: 16
154823.814583 Mesg 70 EXCH_TYPE: ID_PROT
154823.814606 Mesg 70 FLAGS: [ ]
154823.814630 Mesg 70 MESSAGE_ID: 0x000000
154823.814652 Mesg 70 LENGTH: 72
154823.814702 Mesg 70 message_send: 8f6a3a78 c83f173e 00000000 00000000 01100200 00000000 00000048 0000002c
154823.814757 Mesg 70 message_send: 00000001 00000001 00000020 01010001 00000018 00010000 80010005 80020002
154823.815755 Mesg 70 message_send: 80030001 80040002 
154823.815781 Exch 40 exchange_run: exchange 0x16b000 finished step 0, advancing...
154823.815807 Exch 90 exchange_lookup_by_name: test == test && 1 == 1?
154823.815849 Trpt 95 transport_reference: transport 0x117300 now has 2 references
154823.815873 Trpt 95 transport_reference: transport 0x1172c0 now has 2 references
154823.815897 Trpt 95 transport_reference: transport 0x117280 now has 2 references
154823.815919 Trpt 95 transport_reference: transport 0x19dfc0 now has 2 references
154823.816009 Misc 95 conf_get_str: [General]:retransmits->5
154823.816056 Trpt 30 transport_send_messages: message 0x16b100 scheduled for retransmission 1 in 7 secs
154823.816087 Timr 10 timer_add_event: event message_send_expire(0x16b100) added before connection_checker(0x1b6b60), expiration in 7s
154823.816152 Trpt 95 transport_release: transport 0x117300 had 2 references
154823.816177 Trpt 95 transport_release: transport 0x1172c0 had 2 references
154823.819831 Trpt 95 transport_release: transport 0x117280 had 2 references
154823.819871 Trpt 95 transport_release: transport 0x19dfc0 had 2 references
154830.823781 Timr 10 timer_handle_expirations: event message_send_expire(0x16b100)
154830.824318 Mesg 70 message_send: message 0x16b100
154830.824355 Mesg 70 ICOOKIE: 0x8f6a3a78c83f17
154830.824385 Mesg 70 RCOOKIE: 0x00000000000000
154830.824408 Mesg 70 NEXT_PAYLOAD: SA
154830.824429 Mesg 70 VERSION: 16
154830.824450 Mesg 70 EXCH_TYPE: ID_PROT
154830.824470 Mesg 70 FLAGS: [ ]
154830.824494 Mesg 70 MESSAGE_ID: 0x000000
154830.824515 Mesg 70 LENGTH: 72
154830.824566 Mesg 70 message_send: 8f6a3a78 c83f173e 00000000 00000000 01100200 00000000 00000048 0000002c
154830.824620 Mesg 70 message_send: 00000001 00000001 00000020 01010001 00000018 00010000 80010005 80020002
154830.824650 Mesg 70 message_send: 80030001 80040002 
154830.824691 Trpt 95 transport_reference: transport 0x117300 now has 2 references
154830.824715 Trpt 95 transport_reference: transport 0x1172c0 now has 2 references
154830.824738 Trpt 95 transport_reference: transport 0x117280 now has 2 references
154830.824761 Trpt 95 transport_reference: transport 0x19dfc0 now has 2 references
154830.824877 Misc 95 conf_get_str: [General]:retransmits->5
154830.824942 Trpt 30 transport_send_messages: message 0x16b100 scheduled for retransmission 2 in 9 secs
154830.824974 Timr 10 timer_add_event: event message_send_expire(0x16b100) added before connection_checker(0x1b6b60), expiration in 9s
154830.825001 Trpt 95 transport_release: transport 0x117300 had 2 references
154830.825023 Trpt 95 transport_release: transport 0x1172c0 had 2 references
154830.825046 Trpt 95 transport_release: transport 0x117280 had 2 references
154830.825068 Trpt 95 transport_release: transport 0x19dfc0 had 2 references

-- 
goony <goony_(_at_)_OpenBEER_(_dot_)_it>
"Beer OpenBSD User Group" founder - http://www.OpenBEER.it
KeyID: 1024D/1CDA1B3D
Fingerprint: CDF5 5246 D424 CF61 0330  A516 93F9 4D38 1CDA 1B3D
GnuPG PubKey: http://www.OpenBEER.it/keys/goony.gpg
References:
- Re: FreeS/WAN - isakmpd
  - From: goony
Prev by Date: Re: FreeS/WAN - isakmpd
Next by Date: Re: Secure Syslog
Previous by thread: Re: FreeS/WAN - isakmpd
Next by thread: Re: FreeS/WAN - isakmpd
Index(es):
- Date
- Thread
Visit your host, monkey.org