Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

isakmpd VPN with a static IP host and dynamic IP remote kills my NIC!

3 views
Skip to first unread message

Andrew

unread,
Jul 26, 2001, 8:41:31 PM7/26/01
to
Greetings!

I am having a VPN problem. If anyone could shed some insight into this
it would be *rather* fantastic...

<-Situation->

I am attempting to configure a VPN between a Cisco 1720 Router and an
OpenBSD 2.9 Server.

The Cisco is on a DSL line with a dynamic address negotiated via
PPPoE.

The OpenBSD Server has a static public IP address and is to act as a
gateway onto a private network segment.

I have had success with this setup but i was using the Cisco's IP
address like a static one [they don't change very often, but that's
not good enough.]

However, with the configuration changed for the dynamic ip's i am
having a problem - everything looks pretty sweet until the final
stages at which point the OpenBSD Server severs any existing network
connections to anything [like my ssh client], and become unpingable,
with no network access.

An ifconfig -a says the interface still appears to be up, but at this
point i'm at the console in the vault :(


I am running OpenBSD 2.9 on the 2.9 patch branch.

I have tried this with a machine with a kernel built from
openbsd-current, with the latest isakmpd [had to twiddle it a bit to
compile] and have had the same results. [networking goes away :( ].

Oddly enough, the secondary network interface remains "alive" and
after a *while* [~40min - 1.5 hours] the Primary interface becomes
accessable again.

<-Conventions->

OBSD_GW_IP_ADDR was substituted for the OpenBSD VPN Gateway Public IP
Address
CISCO_REMOTE_IP_ADDR was substituted for the Cisco 1720 IP Address (a
dynamic IP address)


I have included

1. the isakmpd.conf file

2. the debug output from isakmpd

3. the cheeky little message that appears in /var/log/messages around
the point at which everything goes wrong.


If anyone has some insight to the nature [and potentially the fix..] i
would appreciate any info.. also, if there is more debug info etc
required please let me know!

Thanks,

Andrew


<-- begin - isakmpd.conf -->
# A configuration for the isakmpd ISAKMP/Oakley (aka IKE) daemon.

[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= OBSD_GW_IP_ADDR

[Phase 1]
default= cisco_remote

[Phase 2]
Passive-Connections= openbsd_gateway-cisco_remote

[cisco_remote]
Phase= 1
Transport= udp
Local-address= OBSD_GW_IP_ADDR
Port= 500
Configuration= Default-main-mode
Authentication=rootsysadmmysqlsnort
#Flags=

[openbsd_gateway-cisco_remote]
Phase= 2
ISAKMP-peer= cisco_remote
Configuration= Default-quick-mode
Local-ID= Net-openbsd_gateway
Remote-ID= Net-cisco_remote
#Flags=

[Net-openbsd_gateway]
ID-type= IPV4_ADDR_SUBNET
Network= 172.18.100.0
Netmask= 255.255.255.0

[Net-cisco_remote]
ID-type= IPV4_ADDR_SUBNET
Network= 192.168.1.0
Netmask= 255.255.255.0

# Main mode descriptions

[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA

# Main mode transforms
######################

# DES

[DES-MD5]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS,LIFE_1000_KB

[DES-MD5-NO-VOL-LIFE]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS

[DES-SHA]
ENCRYPTION_ALGORITHM= DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS,LIFE_1000_KB

# 3DES

[3DES-SHA]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_3600_SECS,LIFE_4.5_GB

# Blowfish

[BLF-SHA-M1024]
ENCRYPTION_ALGORITHM= BLOWFISH_CBC
KEY_LENGTH= 128,96:192
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_600_SECS,LIFE_1000_KB

[BLF-SHA-EC155]
ENCRYPTION_ALGORITHM= BLOWFISH_CBC
KEY_LENGTH= 128,96:192
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= EC2N_155
Life= LIFE_600_SECS,LIFE_1000_KB

[BLF-MD5-EC155]
ENCRYPTION_ALGORITHM= BLOWFISH_CBC
KEY_LENGTH= 128,96:192
HASH_ALGORITHM= MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= EC2N_155
Life= LIFE_600_SECS,LIFE_1000_KB

[BLF-SHA-EC185]
ENCRYPTION_ALGORITHM= BLOWFISH_CBC
KEY_LENGTH= 128,96:192
HASH_ALGORITHM= SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= EC2N_185
Life= LIFE_600_SECS,LIFE_1000_KB

# Quick mode description
########################

[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites=
QM-ESP-3DES-SHA-PFS-XF,QM-ESP-DES-MD5-PFS-SUITE

# Quick mode protection suites
##############################

# DES

[QM-ESP-DES-SUITE]
Protocols= QM-ESP-DES

[QM-ESP-DES-PFS-SUITE]
Protocols= QM-ESP-DES-PFS

[QM-ESP-DES-MD5-SUITE]
Protocols= QM-ESP-DES-MD5

[QM-ESP-DES-MD5-PFS-SUITE]
Protocols= QM-ESP-DES-MD5-PFS

[QM-ESP-DES-SHA-SUITE]
Protocols= QM-ESP-DES-SHA

[QM-ESP-DES-SHA-PFS-SUITE]
Protocols= QM-ESP-DES-SHA-PFS

# 3DES

[QM-ESP-3DES-SHA-SUITE]
Protocols= QM-ESP-3DES-SHA

[QM-ESP-3DES-SHA-PFS-SUITE]
Protocols= QM-ESP-3DES-SHA-PFS

# AH

[QM-AH-MD5-SUITE]
Protocols= QM-AH-MD5

[QM-AH-MD5-PFS-SUITE]
Protocols= QM-AH-MD5-PFS

# AH + ESP

[QM-AH-MD5-ESP-DES-SUITE]
Protocols= QM-AH-MD5,QM-ESP-DES

[QM-AH-MD5-ESP-DES-MD5-SUITE]
Protocols= QM-AH-MD5,QM-ESP-DES-MD5

[QM-ESP-DES-MD5-AH-MD5-SUITE]
Protocols= QM-ESP-DES-MD5,QM-AH-MD5

# Quick mode protocols

# DES

[QM-ESP-DES]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-XF

[QM-ESP-DES-MD5]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-MD5-XF

[QM-ESP-DES-MD5-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-MD5-PFS-XF

[QM-ESP-DES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-DES-SHA-XF

# 3DES

[QM-ESP-3DES-SHA]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-XF

[QM-ESP-3DES-SHA-PFS]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-PFS-XF

[QM-ESP-3DES-SHA-TRP]
PROTOCOL_ID= IPSEC_ESP
Transforms= QM-ESP-3DES-SHA-TRP-XF

# AH MD5

[QM-AH-MD5]
PROTOCOL_ID= IPSEC_AH
Transforms= QM-AH-MD5-XF

[QM-AH-MD5-PFS]
PROTOCOL_ID= IPSEC_AH
Transforms= QM-AH-MD5-PFS-XF

# Quick mode transforms

# ESP DES+MD5

[QM-ESP-DES-XF]
TRANSFORM_ID= DES
ENCAPSULATION_MODE= TUNNEL
Life= LIFE_600_SECS

[QM-ESP-DES-MD5-XF]
TRANSFORM_ID= DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_MD5
Life= LIFE_600_SECS

[QM-ESP-DES-MD5-PFS-XF]
TRANSFORM_ID= DES
ENCAPSULATION_MODE= TUNNEL
GROUP_DESCRIPTION= MODP_1024
AUTHENTICATION_ALGORITHM= HMAC_MD5
Life= LIFE_600_SECS

[QM-ESP-DES-SHA-XF]
TRANSFORM_ID= DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
Life= LIFE_600_SECS

# 3DES

[QM-ESP-3DES-SHA-XF]
TRANSFORM_ID= 3DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
Life= LIFE_600_SECS

[QM-ESP-3DES-SHA-PFS-XF]
TRANSFORM_ID= 3DES
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_SHA
GROUP_DESCRIPTION= MODP_1024
Life= LIFE_600_SECS

[QM-ESP-3DES-SHA-TRP-XF]
TRANSFORM_ID= 3DES
ENCAPSULATION_MODE= TRANSPORT
AUTHENTICATION_ALGORITHM= HMAC_SHA
Life= LIFE_600_SECS

# AH

[QM-AH-MD5-XF]
TRANSFORM_ID= MD5
ENCAPSULATION_MODE= TUNNEL
AUTHENTICATION_ALGORITHM= HMAC_MD5
Life= LIFE_600_SECS

[QM-AH-MD5-PFS-XF]
TRANSFORM_ID= MD5
ENCAPSULATION_MODE= TUNNEL
GROUP_DESCRIPTION= MODP_768
Life= LIFE_600_SECS

[LIFE_600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 600,450:720

[LIFE_3600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 3600,1800:7200

[LIFE_1000_KB]
LIFE_TYPE= KILOBYTES
LIFE_DURATION= 1000,768:1536

[LIFE_32_MB]
LIFE_TYPE= KILOBYTES
LIFE_DURATION= 32768,16384:65536

[LIFE_4.5_GB]
LIFE_TYPE= KILOBYTES
LIFE_DURATION= 4608000,4096000:8192000

# Certificates stored in PEM format
[X509-certificates]
CA-directory= /etc/isakmpd/ca/
Cert-directory= /etc/isakmpd/certs/
#Accept-self-signed= defined
Private-key= /etc/isakmpd/private/local.key
<-- end - isakmpd.conf -->

<--begin -- output from isakmpd -d -DA=99-->
114439.383201 Trpt 70 transport_add: adding 0x10f300
114439.383327 Mesg 90 message_alloc: allocated 0x10d900
114439.383368 Mesg 70 message_recv: message 0x10d900
114439.383430 Mesg 70 ICOOKIE: 0x67167d8ba4e3b3d2
114439.383477 Mesg 70 RCOOKIE: 0x0000000000000000
114439.383517 Mesg 70 NEXT_PAYLOAD: SA
114439.383558 Mesg 70 VERSION: 16
114439.383596 Mesg 70 EXCH_TYPE: ID_PROT
114439.383636 Mesg 70 FLAGS: [ ]
114439.383677 Mesg 70 MESSAGE_ID: 0x00000000
114439.383717 Mesg 70 LENGTH: 80
114439.383781 Mesg 70 message_recv: 67167d8b a4e3b3d2 00000000
00000000 01100200 00000000 00000050 00000034
114439.383850 Mesg 70 message_recv: 00000001 00000001 00000028
01010001 00000020 01010000 80010005 80020002
114439.383905 Mesg 70 message_recv: 80040002 80030001 800b0001
800c0e10
114439.383948 SA 90 sa_find: no SA matched query
114439.384031 Mesg 50 message_parse_payloads: offset 0x1c payload SA
114439.384078 Mesg 60 message_validate_payloads: payload SA at
0x10f39c of message 0x10d900
114439.384120 Mesg 70 DOI: 1
114439.384168 Misc 60 conf_get_str: configuration value not found
[Phase 1]:CISCO_REMOTE_IP_ADDR
114439.384210 Misc 60 conf_get_str: [Phase 1]:Default->cisco_remote
114439.384251 Misc 60 conf_get_str:
[cisco_remote]:Configuration->Default-main-mode
114439.384295 Misc 60 conf_get_str: [Default-main-mode]:DOI->IPSEC
114439.384336 Misc 60 conf_get_str:
[Default-main-mode]:EXCHANGE_TYPE->ID_PROT
114439.384384 Misc 60 conf_get_str: [General]:Exchange-max-time->120
114439.384433 Timr 10 timer_add_event: event
exchange_free_aux(0x10da00) added before cookie_reset_event(0x0),
expiration in 120s
114439.384519 Exch 10 exchange_setup_p1: 0x10da00 cisco_remote
Default-main-mode policy responder phase 1 doi 1 exchange 2 step 0
114439.384565 Exch 10 exchange_setup_p1: icookie 67167d8ba4e3b3d2
rcookie c2b6d8b41d2a0b78
114439.384606 Exch 10 exchange_setup_p1: msgid 00000000
114439.384649 SA 80 sa_reference: SA 0x10db00 now has 1 references
114439.384689 SA 70 sa_enter: SA 0x10db00 added to SA list
114439.384729 SA 80 sa_reference: SA 0x10db00 now has 2 references
114439.384772 SA 60 sa_create: sa 0x10db00 phase 1 added to exchange
0x10da00 (cisco_remote)
114439.384813 SA 80 sa_reference: SA 0x10db00 now has 3 references
114439.384855 Mesg 50 message_parse_payloads: offset 0x28 payload
PROPOSAL
114439.384897 Mesg 50 message_parse_payloads: offset 0x30 payload
TRANSFORM
114439.384938 Mesg 50 Transform 1's attributes
114439.384980 Mesg 50 Attribute ENCRYPTION_ALGORITHM value 5
114439.385020 Mesg 50 Attribute HASH_ALGORITHM value 2
114439.385060 Mesg 50 Attribute GROUP_DESCRIPTION value 2
114439.385100 Mesg 50 Attribute AUTHENTICATION_METHOD value 1
114439.385140 Mesg 50 Attribute LIFE_TYPE value 1
114439.385180 Mesg 50 Attribute LIFE_DURATION value 3600
114439.385222 Mesg 60 message_validate_payloads: payload PROPOSAL at
0x10f3a8 of message 0x10d900
114439.385264 Mesg 70 NO: 1
114439.385303 Mesg 70 PROTO: ISAKMP
114439.385342 Mesg 70 SPI_SZ: 0
114439.385381 Mesg 70 NTRANSFORMS: 1
114439.385424 Mesg 60 message_validate_payloads: payload TRANSFORM at
0x10f3b0 of message 0x10d900
114439.385466 Mesg 70 NO: 1
114439.385505 Mesg 70 ID: 1
114439.385549 Exch 90 exchange_validate: checking for required SA
114439.385592 Misc 30 ipsec_responder: phase 1 exchange 2 step 0
114439.385652 Negt 30 message_negotiate_sa: transform 1 proto 1
proposal 1 ok
114439.385701 SA 80 sa_add_transform: proto 0x114180 no 1 proto 1
chosen 0x13d0a0 sa 0x10db00 id 1
114439.385748 Misc 60 conf_get_str:
[Default-main-mode]:Transforms->3DES-SHA
114439.385798 Misc 60 conf_get_str:
[3DES-SHA]:ENCRYPTION_ALGORITHM->3DES_CBC
114439.385843 Misc 60 conf_get_str: [3DES-SHA]:HASH_ALGORITHM->SHA
114439.385886 Misc 60 conf_get_str:
[3DES-SHA]:GROUP_DESCRIPTION->MODP_1024
114439.385931 Misc 60 conf_get_str:
[3DES-SHA]:AUTHENTICATION_METHOD->PRE_SHARED
114439.385975 Misc 60 conf_get_str:
[3DES-SHA]:Life->LIFE_3600_SECS,LIFE_4.5_GB
114439.386021 Misc 60 conf_get_str:
[3DES-SHA]:Life->LIFE_3600_SECS,LIFE_4.5_GB
114439.386064 Misc 60 conf_get_str:
[LIFE_3600_SECS]:LIFE_TYPE->SECONDS
114439.386108 Misc 60 conf_get_str:
[3DES-SHA]:Life->LIFE_3600_SECS,LIFE_4.5_GB
114439.386154 Misc 60 conf_get_str:
[3DES-SHA]:Life->LIFE_3600_SECS,LIFE_4.5_GB
114439.386197 Misc 60 conf_get_str:
[LIFE_3600_SECS]:LIFE_DURATION->3600,1800:7200
114439.386238 Misc 60 conf_get_str:
[LIFE_3600_SECS]:LIFE_DURATION->3600,1800:7200
114439.386295 Misc 90 conf_match_num: LIFE_3600_SECS:LIFE_DURATION
1800<=3600<=7200?
114439.386351 Negt 20 ike_phase_1_validate_prop: success
114439.386393 Negt 30 message_negotiate_sa: proposal 1 succeeded
114439.386434 Misc 20 ipsec_decode_transform: transform 1 chosen
114439.386486 Misc 70 group_get: returning 0x1141c0 of group 2
114439.386530 Exch 40 exchange_run: exchange 0x10da00 finished step 0,
advancing...
114439.386573 Mesg 90 message_alloc: allocated 0x10dd00
114439.386614 SA 80 sa_reference: SA 0x10db00 now has 4 references
114439.386657 Misc 30 ipsec_responder: phase 1 exchange 2 step 1
114439.386708 Exch 90 exchange_validate: checking for required SA
114439.386761 Mesg 70 message_send: message 0x10dd00
114439.386806 Mesg 70 ICOOKIE: 0x67167d8ba4e3b3d2
114439.386851 Mesg 70 RCOOKIE: 0xc2b6d8b41d2a0b78
114439.386891 Mesg 70 NEXT_PAYLOAD: SA
114439.386932 Mesg 70 VERSION: 16
114439.386971 Mesg 70 EXCH_TYPE: ID_PROT
114439.387011 Mesg 70 FLAGS: [ ]
114439.387053 Mesg 70 MESSAGE_ID: 0x00000000
114439.387094 Mesg 70 LENGTH: 80
114439.387158 Mesg 70 message_send: 67167d8b a4e3b3d2 c2b6d8b4
1d2a0b78 01100200 00000000 00000050 00000034
114439.387228 Mesg 70 message_send: 00000001 00000001 00000028
01010001 00000020 01010000 80010005 80020002
114439.387284 Mesg 70 message_send: 80040002 80030001 800b0001
800c0e10
114439.387327 Exch 40 exchange_run: exchange 0x10da00 finished step 1,
advancing...
114439.387433 Misc 60 conf_get_str: [General]:retransmits->5
114439.387484 Trpt 30 transport_send_messages: message 0x10dd00
scheduled for retransmission 1 in 7 secs
114439.387534 Timr 10 timer_add_event: event
message_send_expire(0x10dd00) added before
exchange_free_aux(0x10da00), expiration in 7s
114439.680966 Trpt 70 transport_add: adding 0x10f480
114439.681033 Mesg 90 message_alloc: allocated 0x10de00
114439.681073 Mesg 70 message_recv: message 0x10de00
114439.681118 Mesg 70 ICOOKIE: 0x67167d8ba4e3b3d2
114439.681179 Mesg 70 RCOOKIE: 0xc2b6d8b41d2a0b78
114439.681218 Mesg 70 NEXT_PAYLOAD: KEY_EXCH
114439.681257 Mesg 70 VERSION: 16
114439.681296 Mesg 70 EXCH_TYPE: ID_PROT
114439.681334 Mesg 70 FLAGS: [ ]
114439.681377 Mesg 70 MESSAGE_ID: 0x00000000
114439.681416 Mesg 70 LENGTH: 204
114439.681480 Mesg 70 message_recv: 67167d8b a4e3b3d2 c2b6d8b4
1d2a0b78 04100200 00000000 000000cc 0a000084
114439.681545 Mesg 70 message_recv: 5d357957 11109249 ef020eab
6a0157ca 9ce9380c d680cc01 a89c00f2 eb25e9a2
114439.681609 Mesg 70 message_recv: f87cc424 332ca7d1 01b6c43a
3dd7d917 84160b86 8c56aad8 a220bc70 7bd523d0
114439.681672 Mesg 70 message_recv: 63b0ec39 3b34040d 16b2aa8c
9968bf50 c7d68cef 675f728b 235cb90e f85d4cca
114439.681735 Mesg 70 message_recv: fe3aa57c 57b5fee5 3f9a8c2b
79e5f178 c638a65f a92e40a7 f30c4bdd d42bb639
114439.681801 Mesg 70 message_recv: 0d000018 0e4221a7 7a4a0315
2615db7b be07aae8 9db5e1d3 00000014 92d1da96
114439.681851 Mesg 70 message_recv: a4e2b3d2 e1943918 044c6001
114439.681893 SA 80 sa_reference: SA 0x10db00 now has 5 references
114439.681935 Mesg 90 message_check_duplicate: last_received 0x10d900
114439.681973 Mesg 95 message_check_duplicate: last_received:
114439.682036 Mesg 95 67167d8b a4e3b3d2 00000000 00000000 01100200
00000000 00000050 00000034
114439.682129 Mesg 95 00000001 00000001 00000028 01010001 00000020
01010000 80010005 80020002
114439.682182 Mesg 95 80040002 80030001 800b0001 800c0e10
114439.682221 Mesg 20 message_free: freeing 0x10dd00
114439.682262 Timr 10 timer_remove_event: removing event
message_send_expire(0x10dd00)
114439.682305 SA 80 sa_release: SA 0x10db00 had 5 references
114439.682366 Mesg 50 message_parse_payloads: offset 0x1c payload
KEY_EXCH
114439.682410 Mesg 50 message_parse_payloads: offset 0xa0 payload
NONCE
114439.682452 Mesg 50 message_parse_payloads: offset 0xb8 payload
VENDOR
114439.682496 Mesg 60 message_validate_payloads: payload KEY_EXCH at
0x10df1c of message 0x10de00
114439.682542 Mesg 60 message_validate_payloads: payload NONCE at
0x10dfa0 of message 0x10de00
114439.682586 Mesg 60 message_validate_payloads: payload VENDOR at
0x10dfb8 of message 0x10de00
114439.682627 Mesg 40 message_validate_vendor: vendor ID seen
114439.682668 Exch 90 exchange_validate: checking for required
KEY_EXCH
114439.682708 Exch 90 exchange_validate: checking for required NONCE
114439.682750 Misc 30 ipsec_responder: phase 1 exchange 2 step 2
114439.682793 Misc 80 ipsec_g_x: g^xi:
114439.682854 Misc 80 5d357957 11109249 ef020eab 6a0157ca 9ce9380c
d680cc01 a89c00f2 eb25e9a2
114439.682914 Misc 80 f87cc424 332ca7d1 01b6c43a 3dd7d917 84160b86
8c56aad8 a220bc70 7bd523d0
114439.682975 Misc 80 63b0ec39 3b34040d 16b2aa8c 9968bf50 c7d68cef
675f728b 235cb90e f85d4cca
114439.683063 Misc 80 fe3aa57c 57b5fee5 3f9a8c2b 79e5f178 c638a65f
a92e40a7 f30c4bdd d42bb639
114439.683107 Exch 80 exchange_nonce: NONCE_i:
114439.683159 Exch 80 0e4221a7 7a4a0315 2615db7b be07aae8 9db5e1d3
114439.683199 Exch 10 exchange_run: unexpected payload VENDOR
114439.683239 Mesg 20 message_free: freeing 0x10d900
114439.683280 SA 80 sa_release: SA 0x10db00 had 4 references
114439.683348 Exch 40 exchange_run: exchange 0x10da00 finished step 2,
advancing...
114439.683391 Mesg 90 message_alloc: allocated 0x10d900
114439.683432 SA 80 sa_reference: SA 0x10db00 now has 4 references
114439.683474 Misc 30 ipsec_responder: phase 1 exchange 2 step 3
114439.726940 Misc 80 ipsec_g_x: g^xr:
114439.727006 Misc 80 d68a59b7 6f32a3ae b1986f8c aaeac3ca 4699e00f
8987b2cb bd2405f0 c5c6766c
114439.727067 Misc 80 78949309 adeab146 50af5f0a 0bdaca71 5c7ceae6
c5b99aac faa767b7 f29f2eea
114439.727127 Misc 80 872616c5 d5407382 3c639134 54159423 a9c7e114
8a3929be 2362633d 8aa7a954
114439.727187 Misc 80 b0edf66c e8e4893e 81eb95d2 358fef90 c84584c8
ce461cce f5981376 f94d6bb1
114439.727233 Exch 80 exchange_nonce: NONCE_r:
114439.727284 Exch 80 5be39212 e8fb89f8 4f441773 a4557e35 752347b6
114439.727327 Exch 90 exchange_validate: checking for required
KEY_EXCH
114439.727368 Exch 90 exchange_validate: checking for required NONCE
114439.727424 Mesg 70 message_send: message 0x10d900
114439.727469 Mesg 70 ICOOKIE: 0x67167d8ba4e3b3d2
114439.727546 Mesg 70 RCOOKIE: 0xc2b6d8b41d2a0b78
114439.727587 Mesg 70 NEXT_PAYLOAD: KEY_EXCH
114439.727627 Mesg 70 VERSION: 16
114439.727667 Mesg 70 EXCH_TYPE: ID_PROT
114439.727706 Mesg 70 FLAGS: [ ]
114439.727749 Mesg 70 MESSAGE_ID: 0x00000000
114439.727788 Mesg 70 LENGTH: 184
114439.727853 Mesg 70 message_send: 67167d8b a4e3b3d2 c2b6d8b4
1d2a0b78 04100200 00000000 000000b8 0a000084
114439.727918 Mesg 70 message_send: d68a59b7 6f32a3ae b1986f8c
aaeac3ca 4699e00f 8987b2cb bd2405f0 c5c6766c
114439.727983 Mesg 70 message_send: 78949309 adeab146 50af5f0a
0bdaca71 5c7ceae6 c5b99aac faa767b7 f29f2eea
114439.728046 Mesg 70 message_send: 872616c5 d5407382 3c639134
54159423 a9c7e114 8a3929be 2362633d 8aa7a954
114439.728110 Mesg 70 message_send: b0edf66c e8e4893e 81eb95d2
358fef90 c84584c8 ce461cce f5981376 f94d6bb1
114439.728169 Mesg 70 message_send: 00000018 5be39212 e8fb89f8
4f441773 a4557e35 752347b6
114439.728212 Exch 40 exchange_run: exchange 0x10da00 finished step 3,
advancing...
114439.728297 Misc 60 conf_get_str: [General]:retransmits->5
114439.728345 Trpt 30 transport_send_messages: message 0x10d900
scheduled for retransmission 1 in 7 secs
114439.728395 Timr 10 timer_add_event: event
message_send_expire(0x10d900) added before
exchange_free_aux(0x10da00), expiration in 7s
114439.780376 Negt 80 ike_phase_1_post_exchange_KE_NONCE: g^xy:
114439.780447 Negt 80 755ce959 51b36238 40c1a0b8 3f2fa4b6 522443df
877b9b63 857960fa 70f7a780
114439.780507 Negt 80 6666565e 1cfff9b0 6a90b054 7c52f9d8 17259162
7dab457d a9679dc3 7682d3ab
114439.780601 Negt 80 b6c30a11 181249b0 ee1e2afa 7ac0be6e 8635c279
f684f52b 98b027a0 5b001b46
114439.780661 Negt 80 8bcd7d78 e7a24c84 e15488bd 9302cc16 6c474591
65cbbb34 a536b484 ddb4f6f3
114439.780705 Misc 60 conf_get_str:
[cisco_remote]:Authentication->rootsysadmmysqlsnort
114439.780787 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID:
114439.780840 Negt 80 c709ef25 1de3a92b 3a1166ab 897910cc 9dc17f09
114439.780912 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID_d:
114439.780963 Negt 80 89634480 daf8f090 873aaf30 1b4b9969 56e9d69a
114439.781024 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID_a:
114439.781076 Negt 80 4f587c47 096ae3a9 de2d3bbe f91abadb 32494f53
114439.781137 Negt 80 ike_phase_1_post_exchange_KE_NONCE: SKEYID_e:
114439.781189 Negt 80 885f8115 6e06c0b9 4fed4285 7dd8491f bc7d5b89
114439.781281 Cryp 40 crypto_init: key:
114439.781335 Cryp 40 77393388 c5af77c1 21cc2a2e 1b68a8f7 15a34328
bc47693f
114439.781425 Cryp 50 crypto_update_iv: initialized IV:
114439.781469 Cryp 50 b4124098 142b0538
114440.062880 Trpt 70 transport_add: adding 0x10f600
114440.062928 Mesg 90 message_alloc: allocated 0x12b000
114440.062968 Mesg 70 message_recv: message 0x12b000
114440.063013 Mesg 70 ICOOKIE: 0x67167d8ba4e3b3d2
114440.063057 Mesg 70 RCOOKIE: 0xc2b6d8b41d2a0b78
114440.063098 Mesg 70 NEXT_PAYLOAD: ID
114440.063138 Mesg 70 VERSION: 16
114440.063177 Mesg 70 EXCH_TYPE: ID_PROT
114440.063218 Mesg 70 FLAGS: [ ENC ]
114440.063260 Mesg 70 MESSAGE_ID: 0x00000000
114440.063300 Mesg 70 LENGTH: 68
114440.063362 Mesg 70 message_recv: 67167d8b a4e3b3d2 c2b6d8b4
1d2a0b78 05100201 00000000 00000044 f081e27b
114440.063427 Mesg 70 message_recv: 85619102 b6a3e8f4 c394ddcb
d7a43fb5 7e8511c7 1be1c908 b480c2c2 fe64910a
114440.063472 Mesg 70 message_recv: cff17629
114440.063514 SA 80 sa_reference: SA 0x10db00 now has 5 references
114440.063555 Mesg 90 message_check_duplicate: last_received 0x10de00
114440.063594 Mesg 95 message_check_duplicate: last_received:
114440.063656 Mesg 95 67167d8b a4e3b3d2 c2b6d8b4 1d2a0b78 04100200
00000000 000000cc 0a000084
114440.063718 Mesg 95 5d357957 11109249 ef020eab 6a0157ca 9ce9380c
d680cc01 a89c00f2 eb25e9a2
114440.063778 Mesg 95 f87cc424 332ca7d1 01b6c43a 3dd7d917 84160b86
8c56aad8 a220bc70 7bd523d0
114440.063839 Mesg 95 63b0ec39 3b34040d 16b2aa8c 9968bf50 c7d68cef
675f728b 235cb90e f85d4cca
114440.063899 Mesg 95 fe3aa57c 57b5fee5 3f9a8c2b 79e5f178 c638a65f
a92e40a7 f30c4bdd d42bb639
114440.063961 Mesg 95 0d000018 0e4221a7 7a4a0315 2615db7b be07aae8
9db5e1d3 00000014 92d1da96
114440.064036 Mesg 95 a4e2b3d2 e1943918 044c6001
114440.064076 Mesg 20 message_free: freeing 0x10d900
114440.064118 Timr 10 timer_remove_event: removing event
message_send_expire(0x10d900)
114440.064161 SA 80 sa_release: SA 0x10db00 had 5 references
114440.064252 Cryp 10 crypto_decrypt: before decryption:
114440.064313 Cryp 10 f081e27b 85619102 b6a3e8f4 c394ddcb d7a43fb5
7e8511c7 1be1c908 b480c2c2
114440.064358 Cryp 10 fe64910a cff17629
114440.064428 Cryp 30 crypto_decrypt: after decryption:
114440.064491 Cryp 30 0800000c 011101f4 cdc84acf 00000018 080d7c00
92aa6031 fad0943e f6aa19fc
114440.064537 Cryp 30 fc85d74d 00000000
114440.064603 Mesg 50 message_parse_payloads: offset 0x1c payload ID
114440.064647 Mesg 50 message_parse_payloads: offset 0x28 payload HASH
114440.064693 Mesg 60 message_validate_payloads: payload ID at
0x10f69c of message 0x12b000
114440.064736 Mesg 70 TYPE: 1
114440.064777 Mesg 70 DOI_DATA: 0x1101f4
114440.064822 Mesg 00 ipsec_validate_id_information: proto 17 port 500
type 1
114440.064861 Mesg 40 ipsec_validate_id_information: IPv4:
114440.064901 Mesg 40 cdc84acf
114440.064943 Mesg 60 message_validate_payloads: payload HASH at
0x10f6a8 of message 0x12b000
114440.064989 Exch 90 exchange_validate: checking for required ID
114440.065030 Exch 90 exchange_validate: checking for required AUTH
114440.065071 Misc 30 ipsec_responder: phase 1 exchange 2 step 4
114440.065146 Negt 40 ike_phase_1_recv_ID: IPV4_ADDR:
114440.065189 Negt 40 cdc84acf
114440.065231 Misc 80 pre_shared_decode_hash: HASH_I:
114440.065315 Misc 80 080d7c00 92aa6031 fad0943e f6aa19fc fc85d74d
114440.065411 Negt 80 ike_phase_1_recv_AUTH: computed HASH_I:
114440.065464 Negt 80 080d7c00 92aa6031 fad0943e f6aa19fc fc85d74d
114440.065504 Mesg 20 message_free: freeing 0x10de00
114440.065545 Trpt 70 transport_release: freeing 0x10f480
114440.065587 SA 80 sa_release: SA 0x10db00 had 4 references
114440.065626 Cryp 50 crypto_update_iv: updated IV:
114440.065670 Cryp 50 fe64910a cff17629
114440.065711 Exch 40 exchange_run: exchange 0x10da00 finished step 4,
advancing...
114440.065753 Mesg 90 message_alloc: allocated 0x10d900
114440.065795 SA 80 sa_reference: SA 0x10db00 now has 4 references
114440.065838 Misc 30 ipsec_responder: phase 1 exchange 2 step 5
114440.065884 Misc 60 conf_get_str: configuration value not found
[cisco_remote]:ID
114440.065928 Misc 60 conf_get_str: configuration value not found
[General]:Default-phase-1-ID
114440.065975 Negt 40 ike_phase_1_send_ID: IPV4_ADDR:
114440.066016 Negt 40 cc70073c
114440.066102 Misc 80 pre_shared_encode_hash: HASH_R:
114440.066155 Misc 80 54329298 e4b70c1c ef77c79f 1517f756 600d5067
114440.066202 Exch 90 exchange_validate: checking for required ID
114440.066244 Exch 90 exchange_validate: checking for required AUTH
114440.066326 Cryp 10 crypto_encrypt: before encryption:
114440.066391 Cryp 10 0800000c 01000000 cc70073c 0b000018 54329298
e4b70c1c ef77c79f 1517f756
114440.066455 Cryp 10 600d5067 0000001c 00000001 01106002 67167d8b
a4e3b3d2 c2b6d8b4 1d2a0b78
114440.066540 Cryp 30 crypto_encrypt: after encryption:
114440.066601 Cryp 30 478fbb0e 8496735d 8259b750 0eb497c6 aa407f46
a39f5f23 fb5e3317 c07d0529
114440.066662 Cryp 30 c4d2a874 dc6febed 051680d3 dab12911 20cd35b9
416b8f97 81b21980 d88c13b6
114440.066702 Cryp 50 crypto_update_iv: updated IV:
114440.066745 Cryp 50 81b21980 d88c13b6
114440.066784 Mesg 70 message_send: message 0x10d900
114440.066830 Mesg 70 ICOOKIE: 0x67167d8ba4e3b3d2
114440.066875 Mesg 70 RCOOKIE: 0xc2b6d8b41d2a0b78
114440.066915 Mesg 70 NEXT_PAYLOAD: ID
114440.066956 Mesg 70 VERSION: 16
114440.066995 Mesg 70 EXCH_TYPE: ID_PROT
114440.067036 Mesg 70 FLAGS: [ ENC ]
114440.067079 Mesg 70 MESSAGE_ID: 0x00000000
114440.067120 Mesg 70 LENGTH: 92
114440.067184 Mesg 70 message_send: 67167d8b a4e3b3d2 c2b6d8b4
1d2a0b78 05100201 00000000 0000005c 478fbb0e
114440.067250 Mesg 70 message_send: 8496735d 8259b750 0eb497c6
aa407f46 a39f5f23 fb5e3317 c07d0529 c4d2a874
114440.067312 Mesg 70 message_send: dc6febed 051680d3 dab12911
20cd35b9 416b8f97 81b21980 d88c13b6
114440.067356 Exch 40 exchange_run: exchange 0x10da00 finished step 5,
advancing...
114440.067450 Exch 10 exchange_finalize: 0x10da00 cisco_remote
Default-main-mode policy responder phase 1 doi 1 exchange 2 step 6
114440.067528 Exch 10 exchange_finalize: icookie 67167d8ba4e3b3d2
rcookie c2b6d8b41d2a0b78
114440.067571 Exch 10 exchange_finalize: msgid 00000000
114440.067615 SA 90 sa_find: no SA matched query
114440.067659 Misc 60 conf_get_str: configuration value not found
[cisco_remote]:Flags
114440.067739 Exch 10 exchange_finalize: phase 1 done: initiator id
cdc84acf: CISCO_REMOTE_IP_ADDR, responder id cc70073c:
OBSD_GW_IP_ADDR, src: OBSD_GW_IP_ADDR dst: CISCO_REMOTE_IP_ADDR
114440.067794 Timr 95 sa_setup_expirations: SA 0x10db00 soft timeout
in 3240 seconds
114440.067842 Timr 10 timer_add_event: event sa_soft_expire(0x10db00)
added last, expiration in 3240s
114440.067886 SA 80 sa_reference: SA 0x10db00 now has 5 references
114440.067930 Timr 95 sa_setup_expirations: SA 0x10db00 hard timeout
in 3600 seconds
114440.067976 Timr 10 timer_add_event: event sa_hard_expire(0x10db00)
added last, expiration in 3600s
114440.068021 SA 80 sa_reference: SA 0x10db00 now has 6 references
114440.068065 SA 80 sa_release: SA 0x10db00 had 6 references
114440.133784 Trpt 70 transport_add: adding 0x10f480
114440.133828 Mesg 90 message_alloc: allocated 0x10dd00
114440.133868 Mesg 70 message_recv: message 0x10dd00
114440.133913 Mesg 70 ICOOKIE: 0x67167d8ba4e3b3d2
114440.133957 Mesg 70 RCOOKIE: 0xc2b6d8b41d2a0b78
114440.133996 Mesg 70 NEXT_PAYLOAD: HASH
114440.134037 Mesg 70 VERSION: 16
114440.134075 Mesg 70 EXCH_TYPE: QUICK_MODE
114440.134142 Mesg 70 FLAGS: [ ENC ]
114440.134184 Mesg 70 MESSAGE_ID: 0xe0620319
114440.134225 Mesg 70 LENGTH: 172
114440.134288 Mesg 70 message_recv: 67167d8b a4e3b3d2 c2b6d8b4
1d2a0b78 08102001 e0620319 000000ac 052bf5f9
114440.134352 Mesg 70 message_recv: 40158180 48bd0534 ad7666b2
74f82f3b 5b21ce6e 373c51b2 c7e4d09d 7fd2c38d
114440.134416 Mesg 70 message_recv: 30fdd5e6 d39f6399 d33ff9d2
4db0ec6b 0369a3a9 85c18bf3 911569ad 567edfe0
114440.134480 Mesg 70 message_recv: be02f676 b47dadad 82389e13
37d11d48 778779ec 5e0b8230 eae4d624 3c06a002
114440.134543 Mesg 70 message_recv: 0951de73 40d67151 df526c85
88afb481 a9f6c62b 57e166fa 90429ca8 2db8fcff
114440.134594 Mesg 70 message_recv: fb018602 d9891eb2 5b4e0f3e
114440.134637 SA 80 sa_reference: SA 0x10db00 now has 6 references
114440.134687 Cryp 80 ipsec_get_keystate: final phase 1 IV:
114440.134732 Cryp 80 81b21980 d88c13b6
114440.134769 Cryp 80 ipsec_get_keystate: message ID:
114440.134809 Cryp 80 e0620319
114440.134868 Cryp 50 crypto_update_iv: initialized IV:
114440.134911 Cryp 50 cbdc3b93 1eab56d6
1144

0 new messages