HI,
 
so I think that I have the solution,
 
I have replaced "require"  by unique in setkey.conf
 
Laurent

 
2007/4/28, laurent schweizer <laurent.schweizer@gmail.com>:
Hello
 
 
when I start the first ping I have debug info, but when I start the second ping, I don't have anything, like if racoon don't receive the ping.
 

 

2007-04-28 00:05:51: DEBUG: get pfkey ACQUIRE message
2007-04-28 00:05:51: DEBUG2:
02060002 2f000000 ea000000 00000000 03000500 00200000 02000000 d4f90eec
00000000 00000000 03000600 00200000 02000000 d4be598c 00000000 00000000
02001200 02000200 f90b0000 00000000 25000d00 20000000 fb000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
40190100 00000000 80510100 00000000 70620000 00000000 80700000 00000000
02000000 80008000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 40190100 00000000 80510100 00000000 70620000 00000000
80700000 00000000 03000000 a000a000 00000000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 40190100 00000000 80510100 00000000
70620000 00000000 80700000 00000000 05000000 00010001 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 40190100 00000000
80510100 00000000 70620000 00000000 80700000 00000000
2007-04-28 00:05:51: DEBUG: suitable outbound SP found: 195.129.125.57/32[0] 212.190.89.137/32[0] proto=any dir=out.
2007-04-28 00:05:51: DEBUG: sub:0x7fbfffe4a0: 212.190.89.137/32[0] 195.129.125.57/32[0] proto=any dir=in
2007-04-28 00:05:51: DEBUG: db :0x57bf80: 62.189.34.7/32[0] 195.129.125.57/32[0] proto=any dir=in
2007-04-28 00:05:51: DEBUG: sub:0x7fbfffe4a0: 212.190.89.137/32[0] 195.129.125.57/32[0] proto=any dir=in
2007-04-28 00:05:51: DEBUG: db :0x57cc70: 212.190.89.137/32[0] 195.129.125.57/32[0] proto=any dir=in
2007-04-28 00:05:51: DEBUG: suitable inbound SP found: 212.190.89.137/32[0] 195.129.125.57/32[0] proto=any dir=in.
2007-04-28 00:05:51: DEBUG: new acquire 195.129.125.57/32[0] 212.190.89.137/32[0] proto=any dir=out
2007-04-28 00:05:51: DEBUG:  (proto_id=AH spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-04-28 00:05:51: DEBUG:   (trns_id=MD5 authtype=hmac-md5)
2007-04-28 00:05:51: DEBUG: configuration found for 212.190.89.140.
2007-04-28 00:05:51: INFO: IPsec-SA request for 212.190.89.140 queued due to no phase1 found.
2007-04-28 00:05:51: DEBUG: ===
2007-04-28 00:05:51: INFO: initiate new phase 1 negotiation: 212.249.14.236[500]<=> 212.190.89.140 [500]
2007-04-28 00:05:51: INFO: begin Aggressive mode.
2007-04-28 00:05:51: DEBUG: new cookie:
331f5b501c566178
2007-04-28 00:05:51: DEBUG: use ID type of IPv4_address
2007-04-28 00:05:51: DEBUG: compute DH's private.
2007-04-28 00:05:51: DEBUG:
5f484688 959318c7 53381963 bc71772f 1ad8b97b 053979e8 d16c234e 8cce2d20
4d11bb9e 4728b9c1 d50ef182 c9bd65d5 6527bf17 98be3ef0 2c2cf715 d56e3696
5b178dff d00d1bf1 333be52e bc464ab2 45d16545 4fb921d8 d9c0dc38 3c60bb6d
2007-04-28 00:05:51: DEBUG: compute DH's public.
2007-04-28 00:05:51: DEBUG:
4e9ded24 0dd1e5d3 b79a068c 6fbb8a2b c5ff78f8 d699b1da bb9a2169 dcfffd26
97b20051 f25c5d4b 883883ef d0a7a0ce f0d7f7da 230dffbb a89eb417 49787b3e
0c497886 729fd106 9cb6a20b 604ba895 a803c130 ea5abe9a 42f8b6b6 57543176
2007-04-28 00:05:51: DEBUG: authmethod is pre-shared key
2007-04-28 00:05:51: DEBUG: add payload of len 52, next type 4
2007-04-28 00:05:51: DEBUG: add payload of len 96, next type 10
2007-04-28 00:05:51: DEBUG: add payload of len 16, next type 5
2007-04-28 00:05:51: DEBUG: add payload of len 8, next type 0
2007-04-28 00:05:51: DEBUG: 216 bytes from 212.249.14.236[500] to 212.190.89.140[500]
2007-04-28 00:05:51: DEBUG: sockname 212.249.14.236[500]
2007-04-28 00:05:51: DEBUG: send packet from 212.249.14.236[500]
2007-04-28 00:05:51: DEBUG: send packet to 212.190.89.140[500]
2007-04-28 00:05:51: DEBUG: src4 212.249.14.236[500]
2007-04-28 00:05:51: DEBUG: dst4 212.190.89.140[500]
2007-04-28 00:05:51: DEBUG: 1 times of 216 bytes message will be sent to 212.190.89.140[500]
2007-04-28 00:05:51: DEBUG:
331f5b50 1c566178 00000000 00000000 01100400 00000000 000000d8 04000038
00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 000c0004
00015180 80010001 80030001 80020001 80040001 0a000064 4e9ded24 0dd1e5d3
b79a068c 6fbb8a2b c5ff78f8 d699b1da bb9a2169 dcfffd26 97b20051 f25c5d4b
883883ef d0a7a0ce f0d7f7da 230dffbb a89eb417 49787b3e 0c497886 729fd106
9cb6a20b 604ba895 a803c130 ea5abe9a 42f8b6b6 57543176 05000014 e5a9ff63
fc751279 d8d7c3aa 70ebe6df 0000000c 011101f4 d4f90eec
2007-04-28 00:05:51: DEBUG: resend phase1 packet 331f5b501c566178:0000000000000000
2007-04-28 00:05:51: DEBUG: ===
2007-04-28 00:05:51: DEBUG: 312 bytes message received from 212.190.89.140[500] to 212.249.14.236[500]
2007-04-28 00:05:51: DEBUG:
331f5b50 1c566178 dbd0bb03 31f1a373 01100400 00000000 00000138 0d000038
00000001 00000001 0000002c 01010001 00000024 01010000 80010001 80020001
80040001 80030001 800b0001 000c0004 00015180 0d000014 12f5f28c 457168a9
702d9fe2 74cc0100 0d000014 afcad713 68a1f1c9 6b8696fc 77570100 0d000014
2e171c1e 31f0a373 a5261aa1 b70c067a 0400000c 09002689 dfd6b712 05000064
cb2960b2 efc1957c fecb4b8c 73fcf33a baf958fa e6e9fb0b 6ddbd01f bd911d27
cf587672 e4b175ec bd8dc377 38db2c88 cfa98caa 1be15dc8 4560fd0a 94fe36e2
6875eda0 57239823 68ecdc97 1fbaada4 702e957a a75f2341 2b8f22e3 9054badf
0a00000c 01110000 d4be598c 08000018 4b40f669 0950173c bf357e60 be5de684
b438d874 00000014 5e1a7e0c 85013ae9 e45654bc 6745dbc0
2007-04-28 00:05:51: DEBUG: begin.
2007-04-28 00:05:51: DEBUG: seen nptype=1(sa)
2007-04-28 00:05:51: DEBUG: seen nptype=13(vid)
2007-04-28 00:05:51: DEBUG: seen nptype=13(vid)
2007-04-28 00:05:51: DEBUG: seen nptype=13(vid)
2007-04-28 00:05:51: DEBUG: seen nptype=13(vid)
2007-04-28 00:05:51: DEBUG: seen nptype=4(ke)
2007-04-28 00:05:51: DEBUG: seen nptype=5(id)
2007-04-28 00:05:51: DEBUG: seen nptype=10(nonce)
2007-04-28 00:05:51: DEBUG: seen nptype=8(hash)
2007-04-28 00:05:51: DEBUG: succeed.
2007-04-28 00:05:51: INFO: received Vendor ID: CISCO-UNITY
2007-04-28 00:05:51: INFO: received Vendor ID: DPD
2007-04-28 00:05:51: DEBUG: received unknown Vendor ID
2007-04-28 00:05:51: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
2007-04-28 00:05:51: DEBUG: total SA len=52
2007-04-28 00:05:51: DEBUG:
00000001 00000001 0000002c 01010001 00000024 01010000 80010001 80020001
80040001 80030001 800b0001 000c0004 00015180
2007-04-28 00:05:51: DEBUG: begin.
2007-04-28 00:05:51: DEBUG: seen nptype=2(prop)
2007-04-28 00:05:51: DEBUG: succeed.
2007-04-28 00:05:51: DEBUG: proposal #1 len=44
2007-04-28 00:05:51: DEBUG: begin.
2007-04-28 00:05:51: DEBUG: seen nptype=3(trns)
2007-04-28 00:05:51: DEBUG: succeed.
2007-04-28 00:05:51: DEBUG: transform #1 len=36
2007-04-28 00:05:51: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
2007-04-28 00:05:51: DEBUG: encryption(des)
2007-04-28 00:05:51: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-04-28 00:05:51: DEBUG: hash(md5)
2007-04-28 00:05:51: DEBUG: type=Group Description, flag=0x8000, lorv=768-bit MODP group
2007-04-28 00:05:51: DEBUG: hmac(modp768)
2007-04-28 00:05:51: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-04-28 00:05:51: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-04-28 00:05:51: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-04-28 00:05:51: DEBUG: pair 1:
2007-04-28 00:05:51: DEBUG:  0x57f1a0: next=(nil) tnext=(nil)
2007-04-28 00:05:51: DEBUG: proposal #1: 1 transform
2007-04-28 00:05:51: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1
2007-04-28 00:05:51: DEBUG: trns#=1, trns-id=IKE
2007-04-28 00:05:51: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC
2007-04-28 00:05:51: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-04-28 00:05:51: DEBUG: type=Group Description, flag=0x8000, lorv=768-bit MODP group
2007-04-28 00:05:51: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2007-04-28 00:05:51: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-04-28 00:05:51: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-04-28 00:05:51: DEBUG: Compared: DB:Peer
2007-04-28 00:05:51: DEBUG: (lifetime = 86400:86400)
2007-04-28 00:05:51: DEBUG: (lifebyte = 0:0)
2007-04-28 00:05:51: DEBUG: enctype = DES-CBC:DES-CBC
2007-04-28 00:05:51: DEBUG: (encklen = 0:0)
2007-04-28 00:05:51: DEBUG: hashtype = MD5:MD5
2007-04-28 00:05:51: DEBUG: authmethod = pre-shared key:pre-shared key
2007-04-28 00:05:51: DEBUG: dh_group = 768-bit MODP group:768-bit MODP group
2007-04-28 00:05:51: DEBUG: an acceptable proposal found.
2007-04-28 00:05:51: DEBUG: hmac(modp768)
2007-04-28 00:05:51: DEBUG: compute DH's shared.
2007-04-28 00:05:51: DEBUG:
fb398517 912d91ff 22f7a187 a61e32cc fe894e05 f6086e6d ef4946e3 1146f5e5
d981a96c 2f874af7 a64ac1c5 b6078c2b dd6f5d8a 7a5e47ea 9c0d6416 0585a63f
a2ec5f44 0b2e87db 551924f3 11851496 39103dbf ac45d20a 0ca9cbfc 948c1080
2007-04-28 00:05:51: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
2007-04-28 00:05:51: DEBUG: the psk found.
2007-04-28 00:05:51: DEBUG2: psk: 2007-04-28 00:05:51: DEBUG2:
515a554c 50383742
2007-04-28 00:05:51: DEBUG: nonce 1: 2007-04-28 00:05:51: DEBUG:
e5a9ff63 fc751279 d8d7c3aa 70ebe6df
2007-04-28 00:05:51: DEBUG: nonce 2: 2007-04-28 00:05:51: DEBUG:
4b40f669 0950173c bf357e60 be5de684 b438d874
2007-04-28 00:05:51: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:51: DEBUG: SKEYID computed:
2007-04-28 00:05:51: DEBUG:
883549a9 a98a0a33 98ec236f 86274ec1
2007-04-28 00:05:51: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:51: DEBUG: SKEYID_d computed:
2007-04-28 00:05:51: DEBUG:
42c48924 1a3dbe61 7bd09917 181b7589
2007-04-28 00:05:51: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:51: DEBUG: SKEYID_a computed:
2007-04-28 00:05:51: DEBUG:
c0fd66cd 7b5f9de5 460c1b31 60803c04
2007-04-28 00:05:51: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:51: DEBUG: SKEYID_e computed:
2007-04-28 00:05:51: DEBUG:
019d7f17 49853f6e fafaddf4 16756eef
2007-04-28 00:05:51: DEBUG: encryption(des)
2007-04-28 00:05:51: DEBUG: hash(md5)
2007-04-28 00:05:51: DEBUG: final encryption key computed:
2007-04-28 00:05:51: DEBUG:
019d7f17 49853f6e
2007-04-28 00:05:51: DEBUG: hash(md5)
2007-04-28 00:05:51: DEBUG: encryption(des)
2007-04-28 00:05:51: DEBUG: IV computed:
2007-04-28 00:05:51: DEBUG:
436b0997 7ae7902e
2007-04-28 00:05:51: DEBUG: HASH received:2007-04-28 00:05:51: DEBUG:
5e1a7e0c 85013ae9 e45654bc 6745dbc0
2007-04-28 00:05:51: DEBUG: HASH with:
2007-04-28 00:05:51: DEBUG:
cb2960b2 efc1957c fecb4b8c 73fcf33a baf958fa e6e9fb0b 6ddbd01f bd911d27
cf587672 e4b175ec bd8dc377 38db2c88 cfa98caa 1be15dc8 4560fd0a 94fe36e2
6875eda0 57239823 68ecdc97 1fbaada4 702e957a a75f2341 2b8f22e3 9054badf
4e9ded24 0dd1e5d3 b79a068c 6fbb8a2b c5ff78f8 d699b1da bb9a2169 dcfffd26
97b20051 f25c5d4b 883883ef d0a7a0ce f0d7f7da 230dffbb a89eb417 49787b3e
0c497886 729fd106 9cb6a20b 604ba895 a803c130 ea5abe9a 42f8b6b6 57543176
dbd0bb03 31f1a373 331f5b50 1c566178 00000001 00000001 0000002c 01010001
00000024 01010000 800b0001 000c0004 00015180 80010001 80030001 80020001
80040001 01110000 d4be598c
2007-04-28 00:05:51: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:51: DEBUG: HASH computed:
2007-04-28 00:05:51: DEBUG:
5e1a7e0c 85013ae9 e45654bc 6745dbc0
2007-04-28 00:05:51: DEBUG: HASH for PSK validated.
2007-04-28 00:05:51: DEBUG: ===
2007-04-28 00:05:51: DEBUG: generate HASH_I
2007-04-28 00:05:51: DEBUG: HASH with:
2007-04-28 00:05:51: DEBUG:
4e9ded24 0dd1e5d3 b79a068c 6fbb8a2b c5ff78f8 d699b1da bb9a2169 dcfffd26
97b20051 f25c5d4b 883883ef d0a7a0ce f0d7f7da 230dffbb a89eb417 49787b3e
0c497886 729fd106 9cb6a20b 604ba895 a803c130 ea5abe9a 42f8b6b6 57543176
cb2960b2 efc1957c fecb4b8c 73fcf33a baf958fa e6e9fb0b 6ddbd01f bd911d27
cf587672 e4b175ec bd8dc377 38db2c88 cfa98caa 1be15dc8 4560fd0a 94fe36e2
6875eda0 57239823 68ecdc97 1fbaada4 702e957a a75f2341 2b8f22e3 9054badf
331f5b50 1c566178 dbd0bb03 31f1a373 00000001 00000001 0000002c 01010001
00000024 01010000 800b0001 000c0004 00015180 80010001 80030001 80020001
80040001 011101f4 d4f90eec
2007-04-28 00:05:51: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:51: DEBUG: HASH computed:
2007-04-28 00:05:51: DEBUG:
4d88b021 ffd9c452 d25f6976 05b444de
2007-04-28 00:05:51: DEBUG: add payload of len 16, next type 0
2007-04-28 00:05:51: DEBUG: 48 bytes from 212.249.14.236[500] to 212.190.89.140[500]
2007-04-28 00:05:51: DEBUG: sockname 212.249.14.236[500]
2007-04-28 00:05:51: DEBUG: send packet from 212.249.14.236[500]
2007-04-28 00:05:51: DEBUG: send packet to 212.190.89.140[500]
2007-04-28 00:05:51: DEBUG: src4 212.249.14.236[500]
2007-04-28 00:05:51: DEBUG: dst4 212.190.89.140[500]
2007-04-28 00:05:51: DEBUG: 1 times of 48 bytes message will be sent to 212.190.89.140 [500]
2007-04-28 00:05:51: DEBUG:
331f5b50 1c566178 dbd0bb03 31f1a373 08100400 00000000 00000030 00000014
4d88b021 ffd9c452 d25f6976 05b444de
2007-04-28 00:05:51: INFO: ISAKMP-SA established 212.249.14.236[500]- 212.190.89.140[500] spi:331f5b501c566178:dbd0bb0331f1a373
2007-04-28 00:05:51: DEBUG: ===
2007-04-28 00:05:52: DEBUG: ===
2007-04-28 00:05:52: DEBUG: begin QUICK mode.
2007-04-28 00:05:52: INFO: initiate new phase 2 negotiation: 212.249.14.236[0]<=>212.190.89.140[0]
2007-04-28 00:05:52: DEBUG: compute IV for phase2
2007-04-28 00:05:52: DEBUG: phase1 last IV:
2007-04-28 00:05:52: DEBUG:
436b0997 7ae7902e e58b48cb
2007-04-28 00:05:52: DEBUG: hash(md5)
2007-04-28 00:05:52: DEBUG: encryption(des)
2007-04-28 00:05:52: DEBUG: phase2 IV computed:
2007-04-28 00:05:52: DEBUG:
ce79fa19 7652e841
2007-04-28 00:05:52: DEBUG: call pfkey_send_getspi
2007-04-28 00:05:52: DEBUG: pfkey GETSPI sent: AH/Tunnel 212.190.89.140[0]->212.249.14.236[0]
2007-04-28 00:05:52: DEBUG: pfkey getspi sent.
2007-04-28 00:05:52: DEBUG: get pfkey GETSPI message
2007-04-28 00:05:52: DEBUG2:
02010002 18000000 ea000000 806f0000 02000100 00f636eb 00000000 00000000
04000300 00000000 00000000 00000000 1e000000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000200 00000000 00000000 00000000 c0733246 00000000 00000000 00000000
03000500 00200000 02000000 d4be598c 00000000 00000000 03000600 00200000
02000000 d4f90eec 00000000 00000000 02001300 02000000 00000000 00000000
2007-04-28 00:05:52: DEBUG: pfkey GETSPI succeeded: AH/Tunnel 212.190.89.140 [0]->212.249.14.236[0] spi=16135915(0xf636eb)
2007-04-28 00:05:52: DEBUG: use local ID type IPv4_address
2007-04-28 00:05:52: DEBUG: use remote ID type IPv4_address
2007-04-28 00:05:52: DEBUG: IDci:2007-04-28 00:05:52: DEBUG:
01000000 c3817d39
2007-04-28 00:05:52: DEBUG: IDcr:2007-04-28 00:05:52: DEBUG:
01000000 d4be5989
2007-04-28 00:05:52: DEBUG: add payload of len 48, next type 10
2007-04-28 00:05:52: DEBUG: add payload of len 16, next type 5
2007-04-28 00:05:52: DEBUG: add payload of len 8, next type 5
2007-04-28 00:05:52: DEBUG: add payload of len 8, next type 0
2007-04-28 00:05:52: DEBUG: HASH with:
2007-04-28 00:05:52: DEBUG:
e58b48cb 0a000034 00000001 00000001 00000028 01020401 00f636eb 0000001c
01020000 80010001 00020004 00015180 80040001 80050001 05000014 f31663ad
a0a233e2 cc8142a8 540b5935 0500000c 01000000 c3817d39 0000000c 01000000
d4be5989
2007-04-28 00:05:52: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:52: DEBUG: HASH computed:
2007-04-28 00:05:52: DEBUG:
adf5ee67 d4139b68 8ff0c37e 1274c840
2007-04-28 00:05:52: DEBUG: add payload of len 16, next type 1
2007-04-28 00:05:52: DEBUG: begin encryption.
2007-04-28 00:05:52: DEBUG: encryption(des)
2007-04-28 00:05:52: DEBUG: pad length = 4
2007-04-28 00:05:52: DEBUG:
01000014 adf5ee67 d4139b68 8ff0c37e 1274c840 0a000034 00000001 00000001
00000028 01020401 00f636eb 0000001c 01020000 80010001 00020004 00015180
80040001 80050001 05000014 f31663ad a0a233e2 cc8142a8 540b5935 0500000c
01000000 c3817d39 0000000c 01000000 d4be5989 ade8ea03
2007-04-28 00:05:52: DEBUG: encryption(des)
2007-04-28 00:05:52: DEBUG: with key:
2007-04-28 00:05:52: DEBUG:
019d7f17 49853f6e
2007-04-28 00:05:52: DEBUG: encrypted payload by IV:
2007-04-28 00:05:52: DEBUG:
ce79fa19 7652e841
2007-04-28 00:05:52: DEBUG: save IV for next:
2007-04-28 00:05:52: DEBUG:
f3309b48 98fa444c
2007-04-28 00:05:52: DEBUG: encrypted.
2007-04-28 00:05:52: DEBUG: 148 bytes from 212.249.14.236[500] to 212.190.89.140[500]
2007-04-28 00:05:52: DEBUG: sockname 212.249.14.236[500]
2007-04-28 00:05:52: DEBUG: send packet from 212.249.14.236[500]
2007-04-28 00:05:52: DEBUG: send packet to 212.190.89.140[500]
2007-04-28 00:05:52: DEBUG: src4 212.249.14.236[500]
2007-04-28 00:05:52: DEBUG: dst4 212.190.89.140[500]
2007-04-28 00:05:52: DEBUG: 1 times of 148 bytes message will be sent to 212.190.89.140[500]
2007-04-28 00:05:52: DEBUG:
331f5b50 1c566178 dbd0bb03 31f1a373 08102001 e58b48cb 00000094 c9a4fee2
0a8a7ed1 7e58693d 98cb7eab 58bdb4ea 51209c33 4a91c60a 56f7046b a9a8ea4d
65727318 bbebd625 cfb11f0b 4757f8b6 4616230d 7b1ed39c 57930b52 2551ceb9
adb0a903 da2482f7 fb9f7736 82daec14 27b1a52b 9765698a 4da50ba1 5d7d4448
6584b689 bf174c2d dfd4e073 f3309b48 98fa444c
2007-04-28 00:05:52: DEBUG: resend phase2 packet 331f5b501c566178:dbd0bb0331f1a373:0000e58b
2007-04-28 00:05:52: DEBUG: ===
2007-04-28 00:05:52: DEBUG: 180 bytes message received from 212.190.89.140[500] to 212.249.14.236[500]
2007-04-28 00:05:52: DEBUG:
331f5b50 1c566178 dbd0bb03 31f1a373 08102001 e58b48cb 000000b4 05b44016
b6664527 b9e50cee 7474fb0d fdf0f9c2 363841c6 3f690a32 2febc3ef 960ac9e8
d19991f2 bca9804c 09f9ca34 a7859cfd 3f60bffe 360e807b ef3dec71 5bb1aa6d
0ef2f6a0 ce56f8b4 d032d98f 9e47d190 20cd420f 0f3f41c6 2eff7c16 24485d1a
7db084fa 69ddf060 10355c42 b8ddd0a7 1759de96 b5d6d142 01c2f7ea 04ca820a
02e76df6 97347dbc dcbabe18 b9c99561 adefb8fd
2007-04-28 00:05:52: DEBUG: begin decryption.
2007-04-28 00:05:52: DEBUG: encryption(des)
2007-04-28 00:05:52: DEBUG: IV was saved for next processing:
2007-04-28 00:05:52: DEBUG:
b9c99561 adefb8fd
2007-04-28 00:05:52: DEBUG: encryption(des)
2007-04-28 00:05:52: DEBUG: with key:
2007-04-28 00:05:52: DEBUG:
019d7f17 49853f6e
2007-04-28 00:05:52: DEBUG: decrypted payload by IV:
2007-04-28 00:05:52: DEBUG:
f3309b48 98fa444c
2007-04-28 00:05:52: DEBUG: decrypted payload, but not trimed.
2007-04-28 00:05:52: DEBUG:
01000014 cc4b10fa 1d8d72f2 c5ef949f 49085be3 0a000034 00000001 00000001
00000028 01020401 29ac4878 0000001c 01020000 80040001 80010001 00020004
00015180 80050001 05000018 9885e45a 2f47d7fb 604c7595 9360d812 a4b9d97d
0500000c 01000000 c3817d39 0b00000c 01000000 d4be5989 0000001c 00000001
02046000 29ac4878 80010002 00020004 00465000 00000000
2007-04-28 00:05:52: DEBUG: padding len=1
2007-04-28 00:05:52: DEBUG: skip to trim padding.
2007-04-28 00:05:52: DEBUG: decrypted.
2007-04-28 00:05:52: DEBUG:
331f5b50 1c566178 dbd0bb03 31f1a373 08102001 e58b48cb 000000b4 01000014
cc4b10fa 1d8d72f2 c5ef949f 49085be3 0a000034 00000001 00000001 00000028
01020401 29ac4878 0000001c 01020000 80040001 80010001 00020004 00015180
80050001 05000018 9885e45a 2f47d7fb 604c7595 9360d812 a4b9d97d 0500000c
01000000 c3817d39 0b00000c 01000000 d4be5989 0000001c 00000001 02046000
29ac4878 80010002 00020004 00465000 00000000
2007-04-28 00:05:52: DEBUG: begin.
2007-04-28 00:05:52: DEBUG: seen nptype=8(hash)
2007-04-28 00:05:52: DEBUG: seen nptype=1(sa)
2007-04-28 00:05:52: DEBUG: seen nptype=10(nonce)
2007-04-28 00:05:52: DEBUG: seen nptype=5(id)
2007-04-28 00:05:52: DEBUG: seen nptype=5(id)
2007-04-28 00:05:52: DEBUG: seen nptype=11(notify)
2007-04-28 00:05:52: DEBUG: succeed.
2007-04-28 00:05:52: DEBUG: Notify Message received
2007-04-28 00:05:52: WARNING: ignore RESPONDER-LIFETIME notification.
2007-04-28 00:05:52: DEBUG: HASH allocated:hbuf->l=168 actual:tlen=144
2007-04-28 00:05:52: DEBUG: HASH(2) received:2007-04-28 00:05:52: DEBUG:
cc4b10fa 1d8d72f2 c5ef949f 49085be3
2007-04-28 00:05:52: DEBUG: HASH with:
2007-04-28 00:05:52: DEBUG:
e58b48cb f31663ad a0a233e2 cc8142a8 540b5935 0a000034 00000001 00000001
00000028 01020401 29ac4878 0000001c 01020000 80040001 80010001 00020004
00015180 80050001 05000018 9885e45a 2f47d7fb 604c7595 9360d812 a4b9d97d
0500000c 01000000 c3817d39 0b00000c 01000000 d4be5989 0000001c 00000001
02046000 29ac4878 80010002 00020004 00465000
2007-04-28 00:05:52: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:52: DEBUG: HASH computed:
2007-04-28 00:05:52: DEBUG:
cc4b10fa 1d8d72f2 c5ef949f 49085be3
2007-04-28 00:05:52: DEBUG: total SA len=48
2007-04-28 00:05:52: DEBUG:
00000001 00000001 00000028 01020401 00f636eb 0000001c 01020000 80010001
00020004 00015180 80040001 80050001
2007-04-28 00:05:52: DEBUG: begin.
2007-04-28 00:05:52: DEBUG: seen nptype=2(prop)
2007-04-28 00:05:52: DEBUG: succeed.
2007-04-28 00:05:52: DEBUG: proposal #1 len=40
2007-04-28 00:05:52: DEBUG: begin.
2007-04-28 00:05:52: DEBUG: seen nptype=3(trns)
2007-04-28 00:05:52: DEBUG: succeed.
2007-04-28 00:05:52: DEBUG: transform #1 len=28
2007-04-28 00:05:52: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-04-28 00:05:52: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-04-28 00:05:52: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-04-28 00:05:52: DEBUG: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2007-04-28 00:05:52: DEBUG: pair 1:
2007-04-28 00:05:52: DEBUG:  0x5804d0: next=(nil) tnext=(nil)
2007-04-28 00:05:52: DEBUG: proposal #1: 1 transform
2007-04-28 00:05:52: DEBUG: total SA len=48
2007-04-28 00:05:52: DEBUG:
00000001 00000001 00000028 01020401 29ac4878 0000001c 01020000 80040001
80010001 00020004 00015180 80050001
2007-04-28 00:05:52: DEBUG: begin.
2007-04-28 00:05:52: DEBUG: seen nptype=2(prop)
2007-04-28 00:05:52: DEBUG: succeed.
2007-04-28 00:05:52: DEBUG: proposal #1 len=40
2007-04-28 00:05:52: DEBUG: begin.
2007-04-28 00:05:52: DEBUG: seen nptype=3(trns)
2007-04-28 00:05:52: DEBUG: succeed.
2007-04-28 00:05:52: DEBUG: transform #1 len=28
2007-04-28 00:05:52: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-04-28 00:05:52: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-04-28 00:05:52: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-04-28 00:05:52: DEBUG: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2007-04-28 00:05:52: DEBUG: pair 1:
2007-04-28 00:05:52: DEBUG:  0x57fa40: next=(nil) tnext=(nil)
2007-04-28 00:05:52: DEBUG: proposal #1: 1 transform
2007-04-28 00:05:52: WARNING: attribute has been modified.
2007-04-28 00:05:52: DEBUG: begin compare proposals.
2007-04-28 00:05:52: DEBUG: pair[1]: 0x57fa40
2007-04-28 00:05:52: DEBUG:  0x57fa40: next=(nil) tnext=(nil)
2007-04-28 00:05:52: DEBUG: prop#=1 prot-id=AH spi-size=4 #trns=1 trns#=1 trns-id=MD5
2007-04-28 00:05:52: DEBUG: type=Encryption Mode, flag=0x8000, lorv=Tunnel
2007-04-28 00:05:52: DEBUG: type=SA Life Type, flag=0x8000, lorv=seconds
2007-04-28 00:05:52: DEBUG: type=SA Life Duration, flag=0x0000, lorv=4
2007-04-28 00:05:52: DEBUG: type=Authentication Algorithm, flag=0x8000, lorv=hmac-md5
2007-04-28 00:05:52: DEBUG: peer's single bundle:
2007-04-28 00:05:52: DEBUG:  (proto_id=AH spisize=4 spi=29ac4878 spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-04-28 00:05:52: DEBUG:   (trns_id=MD5 authtype=hmac-md5)
2007-04-28 00:05:52: DEBUG: my single bundle:
2007-04-28 00:05:52: DEBUG:  (proto_id=AH spisize=4 spi=00f636eb spi_p=00000000 encmode=Tunnel reqid=0:0)
2007-04-28 00:05:52: DEBUG:   (trns_id=MD5 authtype=hmac-md5)
2007-04-28 00:05:52: DEBUG: matched
2007-04-28 00:05:52: DEBUG: ===
2007-04-28 00:05:52: DEBUG: HASH(3) generate
2007-04-28 00:05:52: DEBUG: HASH with:
2007-04-28 00:05:52: DEBUG:
00e58b48 cbf31663 ada0a233 e2cc8142 a8540b59 359885e4 5a2f47d7 fb604c75
959360d8 12a4b9d9 7d
2007-04-28 00:05:52: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:52: DEBUG: HASH computed:
2007-04-28 00:05:52: DEBUG:
3268ecad 3df1e0df 3dab3d89 0d3caef3
2007-04-28 00:05:52: DEBUG: add payload of len 16, next type 0
2007-04-28 00:05:52: DEBUG: begin encryption.
2007-04-28 00:05:52: DEBUG: encryption(des)
2007-04-28 00:05:52: DEBUG: pad length = 4
2007-04-28 00:05:52: DEBUG:
00000014 3268ecad 3df1e0df 3dab3d89 0d3caef3 9aa5d603
2007-04-28 00:05:52: DEBUG: encryption(des)
2007-04-28 00:05:52: DEBUG: with key:
2007-04-28 00:05:52: DEBUG:
019d7f17 49853f6e
2007-04-28 00:05:52: DEBUG: encrypted payload by IV:
2007-04-28 00:05:52: DEBUG:
b9c99561 adefb8fd
2007-04-28 00:05:52: DEBUG: save IV for next:
2007-04-28 00:05:52: DEBUG:
70802a2b 52ff3f25
2007-04-28 00:05:52: DEBUG: encrypted.
2007-04-28 00:05:52: DEBUG: 52 bytes from 212.249.14.236 [500] to 212.190.89.140[500]
2007-04-28 00:05:52: DEBUG: sockname 212.249.14.236[500]
2007-04-28 00:05:52: DEBUG: send packet from 212.249.14.236[500]
2007-04-28 00:05:52: DEBUG: send packet to 212.190.89.140[500]
2007-04-28 00:05:52: DEBUG: src4 212.249.14.236[500]
2007-04-28 00:05:52: DEBUG: dst4 212.190.89.140[500]
2007-04-28 00:05:52: DEBUG: 1 times of 52 bytes message will be sent to 212.190.89.140 [500]
2007-04-28 00:05:52: DEBUG:
331f5b50 1c566178 dbd0bb03 31f1a373 08102001 e58b48cb 00000034 2d8605fc
db526a9c 0219c6ec 26a51fde 70802a2b 52ff3f25
2007-04-28 00:05:52: DEBUG: KEYMAT compute with
2007-04-28 00:05:52: DEBUG:
0200f636 ebf31663 ada0a233 e2cc8142 a8540b59 359885e4 5a2f47d7 fb604c75
959360d8 12a4b9d9 7d
2007-04-28 00:05:52: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:52: DEBUG: hmac(hmac_sha1)
2007-04-28 00:05:52: DEBUG: encklen=0 authklen=160
2007-04-28 00:05:52: DEBUG: generating 384 bits of key (dupkeymat=3)
2007-04-28 00:05:52: DEBUG: generating K1...K3 for KEYMAT.
2007-04-28 00:05:52: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:52: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:52: DEBUG:
1d53ef8c 92705f73 51cac802 b0204a79 e0c1555b 290c19b7 42576078 256c7482
01e3efab 467514f0 23633243 c4641c92
2007-04-28 00:05:52: DEBUG: KEYMAT compute with
2007-04-28 00:05:52: DEBUG:
0229ac48 78f31663 ada0a233 e2cc8142 a8540b59 359885e4 5a2f47d7 fb604c75
959360d8 12a4b9d9 7d
2007-04-28 00:05:52: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:52: DEBUG: hmac(hmac_sha1)
2007-04-28 00:05:52: DEBUG: encklen=0 authklen=160
2007-04-28 00:05:52: DEBUG: generating 384 bits of key (dupkeymat=3)
2007-04-28 00:05:52: DEBUG: generating K1...K3 for KEYMAT.
2007-04-28 00:05:52: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:52: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:52: DEBUG:
6cd80de8 5faf9db1 02333258 fa7379e9 492bd582 7648e1d8 cbbdd26b f52f0912
05d9b972 91ffe94b 231080e4 658be139
2007-04-28 00:05:52: DEBUG: KEYMAT computed.
2007-04-28 00:05:52: DEBUG: call pk_sendupdate
2007-04-28 00:05:52: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:52: DEBUG: call pfkey_send_update
2007-04-28 00:05:52: DEBUG: pfkey update sent.
2007-04-28 00:05:52: DEBUG: hmac(hmac_md5)
2007-04-28 00:05:52: DEBUG: call pfkey_send_add
2007-04-28 00:05:52: DEBUG: pfkey add sent.
2007-04-28 00:05:52: DEBUG: get pfkey UPDATE message
2007-04-28 00:05:52: DEBUG2:
02020002 1b000000 ea000000 806f0000 02000100 00f636eb 04010200 00000000
04000300 00000000 00000000 00000000 80510100 00000000 00000000 00000000
04000400 00000000 00000000 00000000 000e0100 00000000 00000000 00000000
04000200 00000000 00000000 00000000 c0733246 00000000 00000000 00000000
03000500 00200000 02000000 d4be598c 00000000 00000000 03000600 00200000
02000000 d4f90eec 00000000 00000000 03000700 ff000000 02000000 00000000
00000000 00000000 02001300 02000000 00000000 00000000
2007-04-28 00:05:52: DEBUG: pfkey UPDATE succeeded: AH/Tunnel 212.190.89.140[0]-> 212.249.14.236[0] spi=16135915(0xf636eb)
2007-04-28 00:05:52: INFO: IPsec-SA established: AH/Tunnel 212.190.89.140[0]->212.249.14.236[0] spi=16135915(0xf636eb)
2007-04-28 00:05:52: DEBUG: ===
2007-04-28 00:05:52: DEBUG: get pfkey ADD message
2007-04-28 00:05:52: DEBUG2:
02030002 1b000000 ea000000 806f0000 02000100 29ac4878 04010200 00000000
04000300 00000000 00000000 00000000 80510100 00000000 00000000 00000000
04000400 00000000 00000000 00000000 000e0100 00000000 00000000 00000000
04000200 00000000 00000000 00000000 c0733246 00000000 00000000 00000000
03000500 00200000 02000000 d4f90eec 00000000 00000000 03000600 00200000
02000000 d4be598c 00000000 00000000 03000700 ff000000 02000000 00000000
00000000 00000000 02001300 02000000 00000000 00000000
2007-04-28 00:05:52: INFO: IPsec-SA established: AH/Tunnel 212.249.14.236[0]->212.190.89.140[0] spi=699156600(0x29ac4878)
2007-04-28 00:05:52: DEBUG: ===



 
2007/4/27, Brian A. Seklecki <lavalamp@spiritual-machines.org>:


Turn up the debugging output to 'debug2' and show us the failed connection
v.s. the working one?

~BAS


On Fri, 27 Apr 2007, laurent schweizer wrote:

> Hello,
>
>
> Can someone say me what is wrong in my config file ...
>
> Thanks
>
> Laurent
>
>
> 2007/4/24, laurent schweizer < laurent.schweizer@gmail.com>:
>>
>> Hello,
>>
>> I can start a VPN from the IP   195.129.125.57 to 212.190.89.137
>> then I can start a VPN from 195.129.125.57 to 62.189.34.7
>>
>> but If I want to start a new VPN with the IP 195.129.125.58 to
>> 212.190.89.137 or   62.189.34.7   then I must stop and restart racoon.
>>
>> Thanks
>>
>> [root@byll4 racoon]# cat racoon.conf
>>
>> # Racoon IKE daemon configuration file.
>> # See 'man racoon.conf' for a description of the format and entries.
>>
>> path include "/etc/racoon";
>> path pre_shared_key "/etc/racoon/psk.txt";
>> path certificate "/etc/racoon/certs";
>>
>>
>>
>> listen {
>>
>> isakmp 212.249.14.236;
>> #       strict_address;
>>  }
>>
>>
>>
>> remote 62.189.34.16 {
>> exchange_mode main;
>> proposal_check obey; # Angebot des Partners wird immer angenommen
>> proposal {
>>         lifetime time 86400 sec;
>>         encryption_algorithm des;
>>         hash_algorithm md5;
>>         authentication_method pre_shared_key;
>>         #dh_group modp1024;  # Diffie-Hellmann-Gruppe 2
>>         dh_group modp768; #diff grp 1;
>> }
>>
>> #        my_identifier address 212.249.14.236;
>>
>> }
>>
>>
>> remote 212.190.89.140 {
>> exchange_mode aggressive,main;
>> initial_contact off;
>> # exchange_mode main;
>> proposal_check obey; # Angebot des Partners wird immer angenommen
>>
>> my_identifier  address 212.249.14.236;
>>
>>
>>         proposal {
>>                 lifetime time 86400 sec;
>>                 encryption_algorithm des;
>>                 hash_algorithm md5;
>>                 authentication_method pre_shared_key;
>>                 #dh_group modp1024;  # Diffie-Hellmann-Gruppe 2
>>                 dh_group modp768; # 1
>>         }
>>
>> }
>>
>> # Definition der Phase II
>> # sainfo address 195.129.125.57/32 any  address 212.190.89.137/24 any {
>> sainfo address 195.129.125.57 any  address 212.190.89.137 any {
>>
>>         encryption_algorithm  null_enc; # , 3des, blowfish 448, rijndael,
>> des;
>>        authentication_algorithm  hmac_md5; # , hmac_sha256,  non_auth  ;
>>        lifetime time 86400 sec;
>>         compression_algorithm deflate; # Noch offen, ob Kompression
>> moeglich
>> }
>>
>> sainfo address 195.129.125.58 any  address 212.190.89.137 any {
>>
>>        encryption_algorithm  null_enc; # , 3des, blowfish 448, rijndael,
>> des;
>>        authentication_algorithm  hmac_md5; # , hmac_sha256,  non_auth  ;
>>        lifetime time 86400 sec;
>>         compression_algorithm deflate; # Noch offen, ob Kompression
>> moeglich
>> }
>>
>> sainfo address 195.129.125.57 any  address 62.189.34.7 any {
>>
>>         encryption_algorithm  null_enc; # , 3des, blowfish 448, rijndael,
>> des;
>>        authentication_algorithm  hmac_md5; # , hmac_sha256,  non_auth  ;
>>        lifetime time 86400 sec;
>>         compression_algorithm deflate; # Noch offen, ob Kompression
>> moeglich
>> }
>>
>> sainfo address 195.129.125.58 any  address 62.189.34.7 any {
>>
>>        encryption_algorithm  null_enc; # , 3des, blowfish 448, rijndael,
>> des;
>>        authentication_algorithm  hmac_md5; # , hmac_sha256,  non_auth  ;
>>        lifetime time 86400 sec;
>>         compression_algorithm deflate; # Noch offen, ob Kompression
>> moeglich
>> }
>> }
>>
>>
>>
>> #!/usr/sbin/setkey -f
>>
>> # Löe die SAD und SPD
>> flush;
>> spdflush;
>>
>> # Richtlinien zur Verwendung der SAs
>> spdadd 195.129.125.57 62.189.34.7 any -P out ipsec
>> ah/tunnel/212.249.14.236- 62.189.34.16/require;
>> spdadd 62.189.34.7 195.129.125.57 any -P in  ipsec
>> ah/tunnel/62.189.34.16- 212.249.14.236/require
>> ;
>>
>> spdadd 195.129.125.57 212.190.89.137 any -P out ipsec
>> ah/tunnel/212.249.14.236- 212.190.89.140/require ;
>> spdadd 212.190.89.137 195.129.125.57 any -P in  ipsec
>> ah/tunnel/212.190.89.140- 212.249.14.236/require ;
>>
>> spdadd 195.129.125.58 62.189.34.7 any -P out ipsec
>> ah/tunnel/212.249.14.236- 62.189.34.16/require;
>> spdadd 62.189.34.7 195.129.125.58 any -P in  ipsec ah/tunnel/62.189.34.16-
>> 212.249.14.236/require;
>>
>> spdadd 195.129.125.58 212.190.89.137 any -P out ipsec
>> ah/tunnel/212.249.14.236-212.190.89.140/require ;
>> spdadd 212.190.89.137 195.129.125.58 any -P in  ipsec
>> ah/tunnel/212.190.89.140-212.249.14.236/require ;
>>
>>
>>
>>
>>
>>
>>
>>
>

l8*
       -lava (Brian A. Seklecki - Pittsburgh, PA, USA)
               http://www.spiritual-machines.org/

"...from back in the heady days when "helpdesk" meant nothing, "diskquota"
meant everything, and lives could be bought and sold for a couple of pages
of laser printout - and frequently were."
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Ipsec-tools-users mailing list
Ipsec-tools-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipsec-tools-users