[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec-vpn: XPSP2 stopped working, was ok before



Hi,

On Mon, Feb 07, 2005 at 06:41:48PM +0100, Peter Grie_l wrote:
...
> CERTREQUEST
> -----------
> 11:40:51.242736 wlans1.ihs.ac.at.isakmp > 143.130.40.1.isakmp:  [udp sum 
> ok] isakmp v1.0 exchange ID_PROT
>         cookie: d99fce66d6c65405->70044b9480b525d7 msgid: 00000000 len: 1252
>         payload: ID len: 127 type: DER_ASN1_DN = "(not shown)"
>         payload: CERT len: 809
>         payload: SIG len: 132
>         payload: CERTREQUEST len: 152 [ttl 0] (id 1)
> 
...
> B. THIS IS THE BROKEN CLIENT
> 
> CERTREQUEST
> -----------
> 11:42:20.776007 wlans27.ihs.ac.at.isakmp > 143.130.40.1.isakmp:  [udp sum 
> ok] isakmp v1.0 exchange ID_PROT
>         cookie: 3be7a576abe8e83d->61874ea4fcffccf5 msgid: 00000000 len: 1100
>         payload: ID len: 126 type: DER_ASN1_DN = "(not shown)"
>         payload: CERT len: 807
>         payload: SIG len: 132
>         payload: CERTREQUEST len: 5 [ttl 0] (id 1)

the length of both ID and CERT changed from 127 and 809 to 126 and 807, the
whole message shrunk from 1252 to 1100 bytes.  Note that the certificate
request only contains 5 bytes: I assume 4 bytes for the header, 1 byte
certificate type, 0 bytes for the CA, ie. XP sends an empty certrequest.

Thus it does not initiate phase 2 and sends after a dealy of 9 seconds a
delete for the phase 1 SA.  XP does something strange/stupid with its
certificates.

> 11:42:20.786111 143.130.40.1.isakmp > wlans27.ihs.ac.at.isakmp:  [udp sum 
> ok] isakmp v1.0 exchange ID_PROT
>         cookie: 3be7a576abe8e83d->61874ea4fcffccf5 msgid: 00000000 len: 994
>         payload: ID len: 25 type: FQDN = "ipsecgw.ihs.ac.at"
>         payload: CERT len: 809
>         payload: SIG len: 132 [ttl 0] (id 1)
> 
> INFO instead of QUICK_MODE
> --------------------------
> 11:42:29.527750 wlans27.ihs.ac.at.isakmp > 143.130.40.1.isakmp:  [udp sum 
> ok] isakmp v1.0 exchange INFO
>         cookie: 3be7a576abe8e83d->61874ea4fcffccf5 msgid: b62111f2 len: 84
>         payload: HASH len: 24
>         payload: DELETE len: 28 DOI: 1(IPSEC) proto: ISAKMP nspis: 1
>             cookie: 3be7a576abe8e83d->61874ea4fcffccf5 [ttl 0] (id 1)



Visit your host, monkey.org