From: Wim V. D. <wi...@si...> - 2007-02-02 09:26:35
|
Hi, I'm trying to hook up to a Netscreen VPN device, using xauth-psk and mode config. I get as far as the point where I'm waiting for a mode config packet. The funny thing is, enabling debugging on the netscreen, I can see the mode config settings being sent, but racoon apparently doesn't recognize them as such. Is there any reason for this behaviour? Can/need I define those somewhere? Is there a mapping that needs to be done? Some debug info: racoon: Foreground mode. 2007-02-02 09:49:23: INFO: @(#)ipsec-tools CVS (http://ipsec-tools.sourceforge.net) 2007-02-02 09:49:23: INFO: @(#)This product linked OpenSSL 0.9.7e 25 Oct 2004 (http://www.openssl.org/) 2007-02-02 09:49:23: INFO: Reading configuration from "racoon.conf" 2007-02-02 09:49:24: INFO: Resize address pool from 0 to 255 2007-02-02 09:49:24: WARNING: racoon.conf:30: ";" admin port support not compiled in 2007-02-02 09:49:24: DEBUG2: parse successed. 2007-02-02 09:49:24: DEBUG: open /opt/ipsec/var/racoon/racoon.sock as racoon management. [...] 2007-02-02 09:52:29: INFO: initiate new phase 1 negotiation: 10.12.5.133[500]<=>10.21.193.136[500] ... 2007-02-02 09:52:29: DEBUG: use ID type of User_FQDN ... 2007-02-02 09:52:29: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt 2007-02-02 09:52:29: DEBUG: seen nptype=3(trns) 2007-02-02 09:52:29: DEBUG: succeed. 2007-02-02 09:52:29: DEBUG: transform #1 len=36 2007-02-02 09:52:29: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC 2007-02-02 09:52:29: DEBUG: encryption(aes) 2007-02-02 09:52:29: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2007-02-02 09:52:29: DEBUG: hash(sha1) 2007-02-02 09:52:29: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2007-02-02 09:52:29: DEBUG: hmac(modp1024) 2007-02-02 09:52:29: DEBUG: type=Authentication Method, flag=0x8000, lorv=XAuth pskey client 2007-02-02 09:52:29: DEBUG: type=Key Length, flag=0x8000, lorv=128 2007-02-02 09:52:29: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2007-02-02 09:52:29: DEBUG: type=Life Duration, flag=0x8000, lorv=28800 2007-02-02 09:52:29: DEBUG: pair 1: 2007-02-02 09:52:29: DEBUG: 0x80bc850: next=(nil) tnext=(nil) 2007-02-02 09:52:29: DEBUG: proposal #1: 1 transform 2007-02-02 09:52:29: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1 2007-02-02 09:52:29: DEBUG: trns#=1, trns-id=IKE 2007-02-02 09:52:29: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=AES-CBC 2007-02-02 09:52:29: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2007-02-02 09:52:29: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2007-02-02 09:52:29: DEBUG: type=Authentication Method, flag=0x8000, lorv=XAuth pskey client 2007-02-02 09:52:29: DEBUG: type=Key Length, flag=0x8000, lorv=128 2007-02-02 09:52:29: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2007-02-02 09:52:29: DEBUG: type=Life Duration, flag=0x8000, lorv=28800 2007-02-02 09:52:29: DEBUG: Compared: DB:Peer 2007-02-02 09:52:29: DEBUG: (lifetime = 28800:28800) 2007-02-02 09:52:29: DEBUG: (lifebyte = 0:0) 2007-02-02 09:52:29: DEBUG: enctype = AES-CBC:AES-CBC 2007-02-02 09:52:29: DEBUG: (encklen = 128:128) 2007-02-02 09:52:29: DEBUG: hashtype = SHA:SHA 2007-02-02 09:52:29: DEBUG: authmethod = XAuth pskey client:XAuth pskey client 2007-02-02 09:52:29: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group 2007-02-02 09:52:29: DEBUG: an acceptable proposal found. 2007-02-02 09:52:29: DEBUG: hmac(modp1024) 2007-02-02 09:52:29: DEBUG: agreed on XAuth pskey client auth. ... 2007-02-02 09:52:30: INFO: ISAKMP-SA established 10.12.5.133[500]-10.21.193.136[500] spi:c367c69964f9ccc2:3cb9c04eb2183d3e ... 2007-02-02 09:52:30: DEBUG: MODE_CFG packet ... 2007-02-02 09:52:30: DEBUG: Configuration exchange type mode config REQUEST 2007-02-02 09:52:30: DEBUG: Short attribute XAUTH_TYPE = 0 2007-02-02 09:52:30: DEBUG: Attribute XAUTH_USER_NAME, len 0 2007-02-02 09:52:30: DEBUG: Attribute XAUTH_USER_PASSWORD, len 0 2007-02-02 09:52:30: DEBUG: Sending MODE_CFG REPLY ... 2007-02-02 09:52:30: DEBUG: MODE_CFG packet to send ... 2007-02-02 09:52:32: DEBUG: Configuration exchange type mode config SET 2007-02-02 09:52:32: DEBUG: Attribute INTERNAL_IP4_ADDRESS 2007-02-02 09:52:32: DEBUG: Unexpected SET attribute INTERNAL_IP4_ADDRESS 2007-02-02 09:52:32: DEBUG: Attribute INTERNAL_IP4_NETMASK 2007-02-02 09:52:32: DEBUG: Unexpected SET attribute INTERNAL_IP4_NETMASK 2007-02-02 09:52:32: DEBUG: Attribute INTERNAL_IP4_DNS 2007-02-02 09:52:32: DEBUG: Unexpected SET attribute INTERNAL_IP4_DNS 2007-02-02 09:52:32: DEBUG: Attribute INTERNAL_IP4_DNS 2007-02-02 09:52:32: DEBUG: Unexpected SET attribute INTERNAL_IP4_DNS 2007-02-02 09:52:32: DEBUG: Sending MODE_CFG ACK ... 2007-02-02 09:54:35: DEBUG: Configuration exchange type mode config SET 2007-02-02 09:54:35: DEBUG: Attribute XAUTH_STATUS 2007-02-02 09:54:35: ERROR: Xauth authentication failed 2007-02-02 09:54:35: DEBUG: Sending MODE_CFG ACK ---------------------------------------------------------------- - Disclaimer: http://www.minfin.fgov.be/disclaimer.htm |