[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FreeS/WAN - isakmpd



> Uh, strange. If FreeS/WAN is running, it shouldn't be sending back UDP 
> port unreachable messages. What happens if You try making FreeS/WAN 
> active and OpenBSD passive?

on OpenBSD log:
163028.793711 Misc 95 conf_set: [QM-AH-TRP-AES-RIPEMD-PFS-XF]:Life->LIFE_QUICK_MODE
163028.798180 Misc 95 conf_get_str: configuration value not found [Phase 2]:Connections
163028.798209 Misc 95 conf_get_str: [Phase 2]:Passive-Connections->hate-test
163028.798244 Misc 95 conf_get_str: [hate-test]:Local-ID->Net-hate
163028.798268 Misc 95 conf_get_str: [hate-test]:Remote-ID->Net-test
163028.798330 Misc 95 conf_get_str: [Net-hate]:ID-type->IPV4_ADDR
163028.798355 Misc 95 conf_get_str: [Net-hate]:Address->192.168.11.127
163028.798403 Misc 95 conf_get_str: configuration value not found [Net-hate]:Protocol
163028.798444 Misc 95 conf_get_str: [Net-test]:ID-type->IPV4_ADDR
163028.798468 Misc 95 conf_get_str: [Net-test]:Address->192.168.11.192
163028.799423 Misc 95 conf_get_str: configuration value not found [Net-test]:Protocol
163028.799452 Misc 60 connection_record_passive: passive connection "hate-test" added
163028.799483 Plcy 30 policy_init: initializing
163028.799513 Misc 95 conf_get_str: [General]:Policy-file->/etc/isakmpd/isakmpd.policy
163028.799718 Misc 95 conf_get_str: [X509-certificates]:CA-directory->/etc/isakmpd/ca/
163028.799764 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/ca/
163028.799842 Cryp 60 x509_read_from_dir: reading certificate ca.crt
163028.800345 Cryp 60 x509_read_from_dir: reading certificate 192.168.11.127.crt
163028.800734 Misc 95 conf_get_str: [X509-certificates]:Cert-directory->/etc/isakmpd/certs/
163028.800764 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/certs/
163028.800817 Cryp 60 x509_read_from_dir: reading certificate 192.168.11.127.crt
163028.801191 Cryp 70 x509_hash_enter: cert 0x116780 added to bucket 8
163028.801218 Cryp 70 x509_hash_enter: cert 0x116780 added to bucket 41
163028.802229 Misc 95 conf_get_str: [X509-certificates]:CRL-directory->/etc/isakmpd/crls/
163028.802255 Cryp 40 x509_read_crls_from_dir: reading CRLs from /etc/isakmpd/crls/
163028.802487 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
163028.802558 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
163028.802615 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
163028.802672 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
163028.802729 Misc 95 conf_get_str: [General]:Listen-on->192.168.11.127
163028.802805 Trpt 70 transport_add: adding 0x19dfc0
163028.802831 Trpt 95 transport_reference: transport 0x19dfc0 now has 1 references
163028.802876 Trpt 70 transport_add: adding 0x117280
163028.802901 Trpt 95 transport_reference: transport 0x117280 now has 1 references
163028.802948 Trpt 70 transport_add: adding 0x1172c0
163028.802972 Trpt 95 transport_reference: transport 0x1172c0 now has 1 references

on Trustix log:
root_(_at_)_test /usr/src/linux# tail -f /var/log/messages 
Dec  6 16:29:34 test kernel: klips_debug:pfkey_safe_build: error=0
Dec  6 16:29:34 test ipsec__plutorun: 021 no connection named "hate-test"
Dec  6 16:29:34 test kernel: klips_debug:pfkey_safe_build:success.
Dec  6 16:29:34 test ipsec__plutorun: ...could not start conn "hate-test"
Dec  6 16:29:34 test kernel: klips_debug:pfkey_msg_build: pfkey_msg=c6782f80 allocated 32 bytes, &(extensions[0])=c5871e04
Dec  6 16:29:34 test kernel: klips_debug:pfkey_msg_build: copying 16 bytes from extensions[15]=c67828a0 to=c6782f90
Dec  6 16:29:34 test kernel: klips_debug:pfkey_msg_build: extensions permitted=0000c001, seen=00008001, required=00000001.
Dec  6 16:29:34 test kernel: klips_debug:pfkey_upmsg: allocating 32 bytes...
Dec  6 16:29:34 test kernel: klips_debug:pfkey_upmsg: ...allocated at c69da660.
Dec  6 16:29:34 test kernel: klips_debug:pfkey_register_parse: sending up register reply message for satype=9(IPIP) to socket=c5e34f20 succeeded.
Dec  6 16:31:33 test kernel: klips_debug:@ flags = 6 @key = c12f5f60 key = 00000000->00000000 @mask = 00000000
Dec  6 16:31:33 test kernel: klips_debug:@ flags = 6 @key = c12f5f6c key = ffffffff->ffffffff @mask = 00000000
Dec  6 16:31:33 test kernel: klips_debug: off = 0
Dec  6 16:31:33 test kernel: klips_debug:ipsec_eroute_get_info: buffer=0xc6755000, *start=0x0, offset=0, length=3072
Dec  6 16:31:33 test kernel: klips_debug:rj_walktree: for: rn=c7b08f08 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000
Dec  6 16:31:33 test kernel: klips_debug:rj_walktree: processing leaves, rn=c7b08f38 rj_b=-3 rj_flags=6 leaf key = ffffffff->ffffffff
Dec  6 16:31:33 test kernel: klips_debug:rj_walktree: while: base=00000000 rn=c7b08f08 rj_b=-3 rj_flags=6 leaf key = 00000000->00000000


-- 
goony <goony_(_at_)_OpenBEER_(_dot_)_it>
"Beer OpenBSD User Group" founder - http://www.OpenBEER.it
KeyID: 1024D/1CDA1B3D
Fingerprint: CDF5 5246 D424 CF61 0330  A516 93F9 4D38 1CDA 1B3D
GnuPG PubKey: http://www.OpenBEER.it/keys/goony.gpg



Visit your host, monkey.org