[Ipsec-tools-devel] Clueless trying to setup VPN from Linux to Checkpoint NG

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

   Using Gentoo, Linux kernel 2.6.9, ipsec-tools 0.3.3. Everything
tried with firewall down, ipv4/ip_forward on. 3 NICs, 1 for LAN, 2 for
2 different ISPs. Default gateway is not the route for the VPN, so
static routes added.
   The only ports the other side has open are 20 and 21. When I ftp,
ping, traceroute, etc., I see the negotiation, but it always times out
in phase 1.

   What am I doing wrong? My suspicion is that I haven't matched their
configuration requirements, but my theories are worthless.

   This is from the kernel config:
CONFIG_PACKET=y
# CONFIG_PACKET_MMAP is not set
# CONFIG_NETLINK_DEV is not set
CONFIG_UNIX=y
CONFIG_NET_KEY=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
# CONFIG_SYN_COOKIES is not set
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
CONFIG_INET_TUNNEL=y
# CONFIG_IPV6 is not set
# CONFIG_NETFILTER is not set
CONFIG_XFRM=y
CONFIG_XFRM_USER=y

route -n:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
HHH.HH.HHH.HH  0.0.0.0         255.255.255.255 UH    0      0        0 eth1
HHH.HHH.HHH.90  0.0.0.0         255.255.255.255 UH    0      0        0 eth1
HHH.HHH.HHH.91  0.0.0.0         255.255.255.255 UH    0      0        0 eth1
66.134.162.136  0.0.0.0         255.255.255.248 U     0      0        0 eth2
63.193.79.16    0.0.0.0         255.255.255.248 U     0      0        0 eth1
192.168.2.0     192.168.1.12    255.255.255.0   UG    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo
0.0.0.0         66.134.162.137  0.0.0.0         UG    0      0        0 eth2

CONFIG_CRYPTO=y
CONFIG_CRYPTO_HMAC=y
CONFIG_CRYPTO_NULL=y
# CONFIG_CRYPTO_MD4 is not set
CONFIG_CRYPTO_MD5=y
CONFIG_CRYPTO_SHA1=y
# CONFIG_CRYPTO_SHA256 is not set
# CONFIG_CRYPTO_SHA512 is not set
# CONFIG_CRYPTO_WP512 is not set
CONFIG_CRYPTO_DES=y
# CONFIG_CRYPTO_BLOWFISH is not set
# CONFIG_CRYPTO_TWOFISH is not set
# CONFIG_CRYPTO_SERPENT is not set
CONFIG_CRYPTO_AES_586=y
# CONFIG_CRYPTO_CAST5 is not set
# CONFIG_CRYPTO_CAST6 is not set
# CONFIG_CRYPTO_TEA is not set
# CONFIG_CRYPTO_ARC4 is not set
# CONFIG_CRYPTO_KHAZAD is not set
CONFIG_CRYPTO_DEFLATE=y

   This is from the admin where the Checkpoint lives, for setup:
The following are the IPSec IKE configuration parameters for peer connection
to our VPN Gateway-Gateway service.
ClientName
Gateway: 63.193.79.18
Encryption Domain: 63.193.79.18
GXS
Gateway: HHH.HH.HHH.HH (Checkpoint NG)
Encryption Domain: HHH.HHH.HHH.90/. 91 
Permitted ports: ftp only ports 20 and 21
Common Configuration parameters
Encryption Scheme defined:
	ISAKMP/OAKLEY (IKE)
Encryption Method for IKE and IPSec:
	3DES
Hash Method for IKE and IPSec::
	SHA1
Diffie Hellman Group:
	2 (1024bit)
Authentication Method:
	Pre-shared Secret Key (PSK)
PSK Value:
	PRESHAREDSECRET
Aggressive Mode:
	No
Support Perfect forward Secrecy:
	No
Subnet key negotiation:
 	Disabled.  Can be Enabled if necessary
Security Association (SA) timers
	Renegotiate IKE SA every 64800 seconds (1080 minutes)
	Renegotiate IPSEC SA every 3600 seconds

/etc/racoon.conf:
path include "/etc/racoon";
include "remote.conf";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/cert";
log debug2;
padding
{
	maximum_length 20;	# maximum padding length.
	randomize off;		# enable randomize length.
	strict_check off;	# enable strict check.
	exclusive_tail off;	# extract last one octet.
}
listen
{
	isakmp 63.193.79.18 [500];
	isakmp_natt 63.193.79.18 [4500];
	strict_address; 	# required all addresses must be bound.
}
timer
{
	counter 5;		# maximum trying count to send.
	interval 20 sec;	# maximum interval to resend.
	persend 1;		# the number of packets per a send.
	phase1 30 sec;
	phase2 15 sec;
}

/etc/racoon/remote.conf:
remote HHH.HH.HHH.HH {
	exchange_mode main;
	my_identifier address 63.193.79.18;
	lifetime time 64800 sec;
	nat_traversal on;
	proposal {
		encryption_algorithm 3des;
		hash_algorithm sha1;
		authentication_method pre_shared_key;
		dh_group 2;
	}
}
sainfo address 63.193.79.18 any address HHH.HH.HHH.HH any {
	pfs_group 2;
	lifetime time 3600 sec;
	encryption_algorithm 3des;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate;
}
sainfo address HHH.HH.HHH.HH any address 63.193.79.18 any {
	pfs_group 2;
	lifetime time 3600 sec;
	encryption_algorithm 3des;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate;
}

/etc/racoon/psk.txt:
HHH.HH.HHH.HH	PRESHAREDSECRET

/etc/ipsec.conf:
#!/usr/sbin/setkey -f
flush;
spdflush;
spdadd 63.193.79.18 HHH.HHH.HHH.90/31 any -P out ipsec esp/tunnel/63.193.79.18-HHH.HH.HHH.HH/require;
spdadd 63.193.79.18 HHH.HH.HHH.HH    any -P out ipsec esp/tunnel/63.193.79.18-HHH.HH.HHH.HH/require;
spdadd HHH.HHH.HHH.90/31 63.193.79.18 any -P out ipsec esp/tunnel/HHH.HH.HHH.HH-63.193.79.18/require;
spdadd HHH.HH.HHH.HH    63.193.79.18 any -P in ipsec esp/tunnel/HHH.HH.HHH.HH-63.193.79.18/require;

/var/log/racoon.log:
2004-12-01 22:53:37: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net)
2004-12-01 22:53:37: INFO: @(#)This product linked OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)
2004-12-01 22:53:37: DEBUG2: <3>
2004-12-01 22:53:37: DEBUG2: begin <11>padding
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <11>
2004-12-01 22:53:37: DEBUG2: <3>
2004-12-01 22:53:37: DEBUG2: <3>
2004-12-01 22:53:37: DEBUG2: begin <13>listen
2004-12-01 22:53:37: DEBUG2: <13>
2004-12-01 22:53:37: DEBUG2: <13>
2004-12-01 22:53:37: DEBUG2: <13>
2004-12-01 22:53:37: DEBUG2: <13>
2004-12-01 22:53:37: DEBUG2: <13>
2004-12-01 22:53:37: DEBUG2: <13>
2004-12-01 22:53:37: DEBUG2: <13>
2004-12-01 22:53:37: DEBUG2: <13>
2004-12-01 22:53:37: DEBUG2: <13>
2004-12-01 22:53:37: DEBUG2: <13>
2004-12-01 22:53:37: DEBUG2: <13>
2004-12-01 22:53:37: DEBUG2: <3>
2004-12-01 22:53:37: DEBUG2: begin <15>timer
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: <15>
2004-12-01 22:53:37: DEBUG2: parse successed.
2004-12-01 22:53:37: INFO: 63.193.79.18[4500] used as isakmp port (fd=6)
2004-12-01 22:53:37: INFO: 63.193.79.18[4500] used for NAT-T
2004-12-01 22:53:37: INFO: 63.193.79.18[500] used as isakmp port (fd=7)
2004-12-01 22:53:37: DEBUG: get pfkey X_SPDDUMP message
2004-12-01 22:53:37: DEBUG2: 
02120000 1c000200 03000000 9d2d0000 03000500 ff200000 02000000 cc5abb95
00000000 00000000 03000600 ff200000 02000000 3fc14f12 00000000 00000000
04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000200 00000000 00000000 00000000 f1bbae41 00000000 00000000 00000000
08001200 02000100 98000000 00000000 30003200 02020000 00000000 00000000
02000000 cc5abb95 00000000 00000000 02000000 3fc14f12 00000000 00000000
2004-12-01 22:53:37: DEBUG: get pfkey X_SPDDUMP message
2004-12-01 22:53:37: DEBUG2: 
02120000 1c000200 02000000 9d2d0000 03000500 ff200000 02000000 3fc14f12
00000000 00000000 03000600 ff1f0000 02000000 c697b95a 00000000 00000000
04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000200 00000000 00000000 00000000 f1bbae41 00000000 00000000 00000000
08001200 02000200 81000000 00000000 30003200 02020000 00000000 00000000
02000000 3fc14f12 00000000 00000000 02000000 cc5abb95 00000000 00000000
2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: 63.193.79.18/32[0] HHH.HHH.HHH.90/31[0] proto=any dir=out
2004-12-01 22:53:37: DEBUG: db :0x80bcc88: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in
2004-12-01 22:53:37: DEBUG: get pfkey X_SPDDUMP message
2004-12-01 22:53:37: DEBUG2: 
02120000 1c000300 01000000 9d2d0000 03000500 ff200000 02000000 3fc14f12
00000000 00000000 03000600 ff200000 02000000 cc5abb95 00000000 00000000
04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000200 00000000 00000000 00000000 f1bbae41 00000000 f1bbae41 00000000
08001200 02000200 89000000 00000000 30003200 02020000 00000000 00000000
02000000 3fc14f12 00000000 00000000 02000000 cc5abb95 00000000 00000000
2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: 63.193.79.18/32[0] HHH.HH.HHH.HH/32[0] proto=any dir=out
2004-12-01 22:53:37: DEBUG: db :0x80bcc88: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in
2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: 63.193.79.18/32[0] HHH.HH.HHH.HH/32[0] proto=any dir=out
2004-12-01 22:53:37: DEBUG: db :0x80bcec0: 63.193.79.18/32[0] HHH.HHH.HHH.90/31[0] proto=any dir=out
2004-12-01 22:53:37: DEBUG: get pfkey X_SPDDUMP message
2004-12-01 22:53:37: DEBUG2: 
02120000 1c000200 00000000 9d2d0000 03000500 ff1f0000 02000000 c697b95a
00000000 00000000 03000600 ff200000 02000000 3fc14f12 00000000 00000000
04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000
04000200 00000000 00000000 00000000 f1bbae41 00000000 00000000 00000000
08001200 02000200 91000000 00000000 30003200 02020000 00000000 00000000
02000000 cc5abb95 00000000 00000000 02000000 3fc14f12 00000000 00000000
2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: HHH.HHH.HHH.90/31[0] 63.193.79.18/32[0] proto=any dir=out
2004-12-01 22:53:37: DEBUG: db :0x80bcc88: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in
2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: HHH.HHH.HHH.90/31[0] 63.193.79.18/32[0] proto=any dir=out
2004-12-01 22:53:37: DEBUG: db :0x80bcec0: 63.193.79.18/32[0] HHH.HHH.HHH.90/31[0] proto=any dir=out
2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: HHH.HHH.HHH.90/31[0] 63.193.79.18/32[0] proto=any dir=out
2004-12-01 22:53:37: DEBUG: db :0x80bd0f8: 63.193.79.18/32[0] HHH.HH.HHH.HH/32[0] proto=any dir=out
2004-12-01 22:54:08: DEBUG: get pfkey ACQUIRE message
2004-12-01 22:54:08: DEBUG2: 
02060003 53000000 08000000 00000000 03000500 00200000 02000000 3fc14f12
00000000 00000000 03000600 00200000 02000000 cc5abb95 00000000 00000000
02001200 02000200 89000000 00000000 49000d00 20000000 020b0000 80008000
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
40190100 00000000 80510100 00000000 70620000 00000000 80700000 00000000
030b0000 a000a000 00000000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 40190100 00000000 80510100 00000000 70620000 00000000
80700000 00000000 02020000 80008000 40004000 00000000 00000000 00000000
00000000 00000000 00000000 00000000 40190100 00000000 80510100 00000000
70620000 00000000 80700000 00000000 03020000 a000a000 40004000 00000000
00000000 00000000 00000000 00000000 00000000 00000000 40190100 00000000
80510100 00000000 70620000 00000000 80700000 00000000 02030000 80008000
c000c000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
40190100 00000000 80510100 00000000 70620000 00000000 80700000 00000000
03030000 a000a000 c000c000 00000000 00000000 00000000 00000000 00000000
00000000 00000000 40190100 00000000 80510100 00000000 70620000 00000000
80700000 00000000 020c0000 80008000 80000001 00000000 00000000 00000000
00000000 00000000 00000000 00000000 40190100 00000000 80510100 00000000
70620000 00000000 80700000 00000000 030c0000 a000a000 80000001 00000000
00000000 00000000 00000000 00000000 00000000 00000000 40190100 00000000
80510100 00000000 70620000 00000000 80700000 00000000
2004-12-01 22:54:08: DEBUG: suitable outbound SP found: 63.193.79.18/32[0] HHH.HH.HHH.HH/32[0] proto=any dir=out.
2004-12-01 22:54:08: DEBUG: sub:0xbfffe020: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in
2004-12-01 22:54:08: DEBUG: db :0x80bcc88: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in
2004-12-01 22:54:08: DEBUG: suitable inbound SP found: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in.
2004-12-01 22:54:08: DEBUG: new acquire 63.193.79.18/32[0] HHH.HH.HHH.HH/32[0] proto=any dir=out
2004-12-01 22:54:08: DEBUG:  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0)
2004-12-01 22:54:08: DEBUG:   (trns_id=3DES encklen=0 authtype=hmac-sha)
2004-12-01 22:54:08: DEBUG: configuration found for HHH.HH.HHH.HH.
2004-12-01 22:54:08: INFO: IPsec-SA request for HHH.HH.HHH.HH queued due to no phase1 found.
2004-12-01 22:54:08: DEBUG: ===
2004-12-01 22:54:08: INFO: initiate new phase 1 negotiation: 63.193.79.18[500]<=>HHH.HH.HHH.HH[500]
2004-12-01 22:54:08: INFO: begin Identity Protection mode.
2004-12-01 22:54:08: DEBUG: new cookie:
93c7d2749913ca0c 
2004-12-01 22:54:08: DEBUG: add payload of len 48, next type 13
2004-12-01 22:54:08: DEBUG: add payload of len 16, next type 13
2004-12-01 22:54:08: DEBUG: add payload of len 16, next type 0
2004-12-01 22:54:08: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500]
2004-12-01 22:54:08: DEBUG: sockname 63.193.79.18[500]
2004-12-01 22:54:08: DEBUG: send packet from 63.193.79.18[500]
2004-12-01 22:54:08: DEBUG: send packet to HHH.HH.HHH.HH[500]
2004-12-01 22:54:08: DEBUG: src4 63.193.79.18[500]
2004-12-01 22:54:08: DEBUG: dst4 HHH.HH.HHH.HH[500]
2004-12-01 22:54:08: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500]
2004-12-01 22:54:08: DEBUG: 
93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20
80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc
68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279
2004-12-01 22:54:08: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000
2004-12-01 22:54:18: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500]
2004-12-01 22:54:18: DEBUG: sockname 63.193.79.18[500]
2004-12-01 22:54:18: DEBUG: send packet from 63.193.79.18[500]
2004-12-01 22:54:18: DEBUG: send packet to HHH.HH.HHH.HH[500]
2004-12-01 22:54:18: DEBUG: src4 63.193.79.18[500]
2004-12-01 22:54:18: DEBUG: dst4 HHH.HH.HHH.HH[500]
2004-12-01 22:54:18: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500]
2004-12-01 22:54:18: DEBUG: 
93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20
80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc
68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279
2004-12-01 22:54:18: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000
2004-12-01 22:54:28: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500]
2004-12-01 22:54:28: DEBUG: sockname 63.193.79.18[500]
2004-12-01 22:54:28: DEBUG: send packet from 63.193.79.18[500]
2004-12-01 22:54:28: DEBUG: send packet to HHH.HH.HHH.HH[500]
2004-12-01 22:54:28: DEBUG: src4 63.193.79.18[500]
2004-12-01 22:54:28: DEBUG: dst4 HHH.HH.HHH.HH[500]
2004-12-01 22:54:28: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500]
2004-12-01 22:54:28: DEBUG: 
93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20
80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc
68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279
2004-12-01 22:54:28: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000
2004-12-01 22:54:38: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500]
2004-12-01 22:54:38: DEBUG: sockname 63.193.79.18[500]
2004-12-01 22:54:38: DEBUG: send packet from 63.193.79.18[500]
2004-12-01 22:54:38: DEBUG: send packet to HHH.HH.HHH.HH[500]
2004-12-01 22:54:38: DEBUG: src4 63.193.79.18[500]
2004-12-01 22:54:38: DEBUG: dst4 HHH.HH.HHH.HH[500]
2004-12-01 22:54:38: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500]
2004-12-01 22:54:38: DEBUG: 
93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20
80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc
68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279
2004-12-01 22:54:38: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000
2004-12-01 22:54:39: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP HHH.HH.HHH.HH->63.193.79.18 
2004-12-01 22:54:39: INFO: delete phase 2 handler.
2004-12-01 22:54:48: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500]
2004-12-01 22:54:48: DEBUG: sockname 63.193.79.18[500]
2004-12-01 22:54:48: DEBUG: send packet from 63.193.79.18[500]
2004-12-01 22:54:48: DEBUG: send packet to HHH.HH.HHH.HH[500]
2004-12-01 22:54:48: DEBUG: src4 63.193.79.18[500]
2004-12-01 22:54:48: DEBUG: dst4 HHH.HH.HHH.HH[500]
2004-12-01 22:54:48: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500]
2004-12-01 22:54:48: DEBUG: 
93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20
80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc
68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279
2004-12-01 22:54:48: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000
2004-12-01 22:54:57: INFO: caught signal 15
2004-12-01 22:54:57: DEBUG: get pfkey FLUSH message
2004-12-01 22:54:57: DEBUG2: 
02090000 02000000 00000000 ce2d0000
2004-12-01 22:54:57: DEBUG: get pfkey FLUSH message
2004-12-01 22:54:57: DEBUG2: 
02090000 02000000 00000000 6b2e0000
2004-12-01 22:54:57: DEBUG: get pfkey X_SPDFLUSH message
2004-12-01 22:54:57: DEBUG2: 
02130000 02000000 00000000 6c2e0000
2004-12-01 22:54:58: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500]
2004-12-01 22:54:58: DEBUG: sockname 63.193.79.18[500]
2004-12-01 22:54:58: DEBUG: send packet from 63.193.79.18[500]
2004-12-01 22:54:58: DEBUG: send packet to HHH.HH.HHH.HH[500]
2004-12-01 22:54:58: DEBUG: src4 63.193.79.18[500]
2004-12-01 22:54:58: DEBUG: dst4 HHH.HH.HHH.HH[500]
2004-12-01 22:54:58: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500]
2004-12-01 22:54:58: DEBUG: 
93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034
00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20
80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc
68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279
2004-12-01 22:54:58: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000
2004-12-01 22:54:58: DEBUG: call pfkey_send_dump
2004-12-01 22:54:58: DEBUG: an undead schedule has been deleted.
2004-12-01 22:54:58: INFO: racoon shutdown