Re: [Ipsec-tools-devel] Clueless trying to setup VPN from Linux to Checkpoint NG
Brought to you by:
mit_warlord,
netbsd
From: Aidas K. <a.k...@gm...> - 2004-12-02 07:34:54
|
George Garvey wrote: > Using Gentoo, Linux kernel 2.6.9, ipsec-tools 0.3.3. Everything > tried with firewall down, ipv4/ip_forward on. 3 NICs, 1 for LAN, 2 for > 2 different ISPs. Default gateway is not the route for the VPN, so > static routes added. > The only ports the other side has open are 20 and 21. When I ftp, > ping, traceroute, etc., I see the negotiation, but it always times out > in phase 1. > > What am I doing wrong? My suspicion is that I haven't matched their > configuration requirements, but my theories are worthless. > http://ipsec-tools.sourceforge.net/checklist.html#firewalled > > This is from the kernel config: > CONFIG_PACKET=y > # CONFIG_PACKET_MMAP is not set > # CONFIG_NETLINK_DEV is not set > CONFIG_UNIX=y > CONFIG_NET_KEY=y > CONFIG_INET=y > CONFIG_IP_MULTICAST=y > # CONFIG_IP_ADVANCED_ROUTER is not set > # CONFIG_IP_PNP is not set > # CONFIG_NET_IPIP is not set > # CONFIG_NET_IPGRE is not set > # CONFIG_IP_MROUTE is not set > # CONFIG_ARPD is not set > # CONFIG_SYN_COOKIES is not set > CONFIG_INET_AH=y > CONFIG_INET_ESP=y > CONFIG_INET_IPCOMP=y > CONFIG_INET_TUNNEL=y > # CONFIG_IPV6 is not set > # CONFIG_NETFILTER is not set > CONFIG_XFRM=y > CONFIG_XFRM_USER=y > > route -n: > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref Use Iface > HHH.HH.HHH.HH 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 > HHH.HHH.HHH.90 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 > HHH.HHH.HHH.91 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 > 66.134.162.136 0.0.0.0 255.255.255.248 U 0 0 0 eth2 > 63.193.79.16 0.0.0.0 255.255.255.248 U 0 0 0 eth1 > 192.168.2.0 192.168.1.12 255.255.255.0 UG 0 0 0 eth0 > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 127.0.0.1 255.0.0.0 UG 0 0 0 lo > 0.0.0.0 66.134.162.137 0.0.0.0 UG 0 0 0 eth2 > > CONFIG_CRYPTO=y > CONFIG_CRYPTO_HMAC=y > CONFIG_CRYPTO_NULL=y > # CONFIG_CRYPTO_MD4 is not set > CONFIG_CRYPTO_MD5=y > CONFIG_CRYPTO_SHA1=y > # CONFIG_CRYPTO_SHA256 is not set > # CONFIG_CRYPTO_SHA512 is not set > # CONFIG_CRYPTO_WP512 is not set > CONFIG_CRYPTO_DES=y > # CONFIG_CRYPTO_BLOWFISH is not set > # CONFIG_CRYPTO_TWOFISH is not set > # CONFIG_CRYPTO_SERPENT is not set > CONFIG_CRYPTO_AES_586=y > # CONFIG_CRYPTO_CAST5 is not set > # CONFIG_CRYPTO_CAST6 is not set > # CONFIG_CRYPTO_TEA is not set > # CONFIG_CRYPTO_ARC4 is not set > # CONFIG_CRYPTO_KHAZAD is not set > CONFIG_CRYPTO_DEFLATE=y > > This is from the admin where the Checkpoint lives, for setup: > The following are the IPSec IKE configuration parameters for peer connection > to our VPN Gateway-Gateway service. > ClientName > Gateway: 63.193.79.18 > Encryption Domain: 63.193.79.18 > GXS > Gateway: HHH.HH.HHH.HH (Checkpoint NG) > Encryption Domain: HHH.HHH.HHH.90/. 91 > Permitted ports: ftp only ports 20 and 21 > Common Configuration parameters > Encryption Scheme defined: > ISAKMP/OAKLEY (IKE) > Encryption Method for IKE and IPSec: > 3DES > Hash Method for IKE and IPSec:: > SHA1 > Diffie Hellman Group: > 2 (1024bit) > Authentication Method: > Pre-shared Secret Key (PSK) > PSK Value: > PRESHAREDSECRET > Aggressive Mode: > No > Support Perfect forward Secrecy: > No > Subnet key negotiation: > Disabled. Can be Enabled if necessary > Security Association (SA) timers > Renegotiate IKE SA every 64800 seconds (1080 minutes) > Renegotiate IPSEC SA every 3600 seconds > > /etc/racoon.conf: > path include "/etc/racoon"; > include "remote.conf"; > path pre_shared_key "/etc/racoon/psk.txt"; > path certificate "/etc/cert"; > log debug2; > padding > { > maximum_length 20; # maximum padding length. > randomize off; # enable randomize length. > strict_check off; # enable strict check. > exclusive_tail off; # extract last one octet. > } > listen > { > isakmp 63.193.79.18 [500]; > isakmp_natt 63.193.79.18 [4500]; > strict_address; # required all addresses must be bound. > } > timer > { > counter 5; # maximum trying count to send. > interval 20 sec; # maximum interval to resend. > persend 1; # the number of packets per a send. > phase1 30 sec; > phase2 15 sec; > } > > /etc/racoon/remote.conf: > remote HHH.HH.HHH.HH { > exchange_mode main; > my_identifier address 63.193.79.18; > lifetime time 64800 sec; > nat_traversal on; > proposal { > encryption_algorithm 3des; > hash_algorithm sha1; > authentication_method pre_shared_key; > dh_group 2; > } > } > sainfo address 63.193.79.18 any address HHH.HH.HHH.HH any { > pfs_group 2; > lifetime time 3600 sec; > encryption_algorithm 3des; > authentication_algorithm hmac_sha1; > compression_algorithm deflate; > } > sainfo address HHH.HH.HHH.HH any address 63.193.79.18 any { > pfs_group 2; > lifetime time 3600 sec; > encryption_algorithm 3des; > authentication_algorithm hmac_sha1; > compression_algorithm deflate; > } > > /etc/racoon/psk.txt: > HHH.HH.HHH.HH PRESHAREDSECRET > > /etc/ipsec.conf: > #!/usr/sbin/setkey -f > flush; > spdflush; > spdadd 63.193.79.18 HHH.HHH.HHH.90/31 any -P out ipsec esp/tunnel/63.193.79.18-HHH.HH.HHH.HH/require; > spdadd 63.193.79.18 HHH.HH.HHH.HH any -P out ipsec esp/tunnel/63.193.79.18-HHH.HH.HHH.HH/require; > spdadd HHH.HHH.HHH.90/31 63.193.79.18 any -P out ipsec esp/tunnel/HHH.HH.HHH.HH-63.193.79.18/require; > spdadd HHH.HH.HHH.HH 63.193.79.18 any -P in ipsec esp/tunnel/HHH.HH.HHH.HH-63.193.79.18/require; > > /var/log/racoon.log: > 2004-12-01 22:53:37: INFO: @(#)ipsec-tools 0.3.3 (http://ipsec-tools.sourceforge.net) > 2004-12-01 22:53:37: INFO: @(#)This product linked OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/) > 2004-12-01 22:53:37: DEBUG2: <3> > 2004-12-01 22:53:37: DEBUG2: begin <11>padding > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <11> > 2004-12-01 22:53:37: DEBUG2: <3> > 2004-12-01 22:53:37: DEBUG2: <3> > 2004-12-01 22:53:37: DEBUG2: begin <13>listen > 2004-12-01 22:53:37: DEBUG2: <13> > 2004-12-01 22:53:37: DEBUG2: <13> > 2004-12-01 22:53:37: DEBUG2: <13> > 2004-12-01 22:53:37: DEBUG2: <13> > 2004-12-01 22:53:37: DEBUG2: <13> > 2004-12-01 22:53:37: DEBUG2: <13> > 2004-12-01 22:53:37: DEBUG2: <13> > 2004-12-01 22:53:37: DEBUG2: <13> > 2004-12-01 22:53:37: DEBUG2: <13> > 2004-12-01 22:53:37: DEBUG2: <13> > 2004-12-01 22:53:37: DEBUG2: <13> > 2004-12-01 22:53:37: DEBUG2: <3> > 2004-12-01 22:53:37: DEBUG2: begin <15>timer > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: <15> > 2004-12-01 22:53:37: DEBUG2: parse successed. > 2004-12-01 22:53:37: INFO: 63.193.79.18[4500] used as isakmp port (fd=6) > 2004-12-01 22:53:37: INFO: 63.193.79.18[4500] used for NAT-T > 2004-12-01 22:53:37: INFO: 63.193.79.18[500] used as isakmp port (fd=7) > 2004-12-01 22:53:37: DEBUG: get pfkey X_SPDDUMP message > 2004-12-01 22:53:37: DEBUG2: > 02120000 1c000200 03000000 9d2d0000 03000500 ff200000 02000000 cc5abb95 > 00000000 00000000 03000600 ff200000 02000000 3fc14f12 00000000 00000000 > 04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > 04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > 04000200 00000000 00000000 00000000 f1bbae41 00000000 00000000 00000000 > 08001200 02000100 98000000 00000000 30003200 02020000 00000000 00000000 > 02000000 cc5abb95 00000000 00000000 02000000 3fc14f12 00000000 00000000 > 2004-12-01 22:53:37: DEBUG: get pfkey X_SPDDUMP message > 2004-12-01 22:53:37: DEBUG2: > 02120000 1c000200 02000000 9d2d0000 03000500 ff200000 02000000 3fc14f12 > 00000000 00000000 03000600 ff1f0000 02000000 c697b95a 00000000 00000000 > 04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > 04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > 04000200 00000000 00000000 00000000 f1bbae41 00000000 00000000 00000000 > 08001200 02000200 81000000 00000000 30003200 02020000 00000000 00000000 > 02000000 3fc14f12 00000000 00000000 02000000 cc5abb95 00000000 00000000 > 2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: 63.193.79.18/32[0] HHH.HHH.HHH.90/31[0] proto=any dir=out > 2004-12-01 22:53:37: DEBUG: db :0x80bcc88: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in > 2004-12-01 22:53:37: DEBUG: get pfkey X_SPDDUMP message > 2004-12-01 22:53:37: DEBUG2: > 02120000 1c000300 01000000 9d2d0000 03000500 ff200000 02000000 3fc14f12 > 00000000 00000000 03000600 ff200000 02000000 cc5abb95 00000000 00000000 > 04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > 04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > 04000200 00000000 00000000 00000000 f1bbae41 00000000 f1bbae41 00000000 > 08001200 02000200 89000000 00000000 30003200 02020000 00000000 00000000 > 02000000 3fc14f12 00000000 00000000 02000000 cc5abb95 00000000 00000000 > 2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: 63.193.79.18/32[0] HHH.HH.HHH.HH/32[0] proto=any dir=out > 2004-12-01 22:53:37: DEBUG: db :0x80bcc88: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in > 2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: 63.193.79.18/32[0] HHH.HH.HHH.HH/32[0] proto=any dir=out > 2004-12-01 22:53:37: DEBUG: db :0x80bcec0: 63.193.79.18/32[0] HHH.HHH.HHH.90/31[0] proto=any dir=out > 2004-12-01 22:53:37: DEBUG: get pfkey X_SPDDUMP message > 2004-12-01 22:53:37: DEBUG2: > 02120000 1c000200 00000000 9d2d0000 03000500 ff1f0000 02000000 c697b95a > 00000000 00000000 03000600 ff200000 02000000 3fc14f12 00000000 00000000 > 04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > 04000400 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > 04000200 00000000 00000000 00000000 f1bbae41 00000000 00000000 00000000 > 08001200 02000200 91000000 00000000 30003200 02020000 00000000 00000000 > 02000000 cc5abb95 00000000 00000000 02000000 3fc14f12 00000000 00000000 > 2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: HHH.HHH.HHH.90/31[0] 63.193.79.18/32[0] proto=any dir=out > 2004-12-01 22:53:37: DEBUG: db :0x80bcc88: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in > 2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: HHH.HHH.HHH.90/31[0] 63.193.79.18/32[0] proto=any dir=out > 2004-12-01 22:53:37: DEBUG: db :0x80bcec0: 63.193.79.18/32[0] HHH.HHH.HHH.90/31[0] proto=any dir=out > 2004-12-01 22:53:37: DEBUG: sub:0xbfffe020: HHH.HHH.HHH.90/31[0] 63.193.79.18/32[0] proto=any dir=out > 2004-12-01 22:53:37: DEBUG: db :0x80bd0f8: 63.193.79.18/32[0] HHH.HH.HHH.HH/32[0] proto=any dir=out > 2004-12-01 22:54:08: DEBUG: get pfkey ACQUIRE message > 2004-12-01 22:54:08: DEBUG2: > 02060003 53000000 08000000 00000000 03000500 00200000 02000000 3fc14f12 > 00000000 00000000 03000600 00200000 02000000 cc5abb95 00000000 00000000 > 02001200 02000200 89000000 00000000 49000d00 20000000 020b0000 80008000 > 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > 40190100 00000000 80510100 00000000 70620000 00000000 80700000 00000000 > 030b0000 a000a000 00000000 00000000 00000000 00000000 00000000 00000000 > 00000000 00000000 40190100 00000000 80510100 00000000 70620000 00000000 > 80700000 00000000 02020000 80008000 40004000 00000000 00000000 00000000 > 00000000 00000000 00000000 00000000 40190100 00000000 80510100 00000000 > 70620000 00000000 80700000 00000000 03020000 a000a000 40004000 00000000 > 00000000 00000000 00000000 00000000 00000000 00000000 40190100 00000000 > 80510100 00000000 70620000 00000000 80700000 00000000 02030000 80008000 > c000c000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 > 40190100 00000000 80510100 00000000 70620000 00000000 80700000 00000000 > 03030000 a000a000 c000c000 00000000 00000000 00000000 00000000 00000000 > 00000000 00000000 40190100 00000000 80510100 00000000 70620000 00000000 > 80700000 00000000 020c0000 80008000 80000001 00000000 00000000 00000000 > 00000000 00000000 00000000 00000000 40190100 00000000 80510100 00000000 > 70620000 00000000 80700000 00000000 030c0000 a000a000 80000001 00000000 > 00000000 00000000 00000000 00000000 00000000 00000000 40190100 00000000 > 80510100 00000000 70620000 00000000 80700000 00000000 > 2004-12-01 22:54:08: DEBUG: suitable outbound SP found: 63.193.79.18/32[0] HHH.HH.HHH.HH/32[0] proto=any dir=out. > 2004-12-01 22:54:08: DEBUG: sub:0xbfffe020: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in > 2004-12-01 22:54:08: DEBUG: db :0x80bcc88: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in > 2004-12-01 22:54:08: DEBUG: suitable inbound SP found: HHH.HH.HHH.HH/32[0] 63.193.79.18/32[0] proto=any dir=in. > 2004-12-01 22:54:08: DEBUG: new acquire 63.193.79.18/32[0] HHH.HH.HHH.HH/32[0] proto=any dir=out > 2004-12-01 22:54:08: DEBUG: (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=0:0) > 2004-12-01 22:54:08: DEBUG: (trns_id=3DES encklen=0 authtype=hmac-sha) > 2004-12-01 22:54:08: DEBUG: configuration found for HHH.HH.HHH.HH. > 2004-12-01 22:54:08: INFO: IPsec-SA request for HHH.HH.HHH.HH queued due to no phase1 found. > 2004-12-01 22:54:08: DEBUG: === > 2004-12-01 22:54:08: INFO: initiate new phase 1 negotiation: 63.193.79.18[500]<=>HHH.HH.HHH.HH[500] > 2004-12-01 22:54:08: INFO: begin Identity Protection mode. > 2004-12-01 22:54:08: DEBUG: new cookie: > 93c7d2749913ca0c > 2004-12-01 22:54:08: DEBUG: add payload of len 48, next type 13 > 2004-12-01 22:54:08: DEBUG: add payload of len 16, next type 13 > 2004-12-01 22:54:08: DEBUG: add payload of len 16, next type 0 > 2004-12-01 22:54:08: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:08: DEBUG: sockname 63.193.79.18[500] > 2004-12-01 22:54:08: DEBUG: send packet from 63.193.79.18[500] > 2004-12-01 22:54:08: DEBUG: send packet to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:08: DEBUG: src4 63.193.79.18[500] > 2004-12-01 22:54:08: DEBUG: dst4 HHH.HH.HHH.HH[500] > 2004-12-01 22:54:08: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500] > 2004-12-01 22:54:08: DEBUG: > 93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034 > 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20 > 80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc > 68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279 > 2004-12-01 22:54:08: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000 > 2004-12-01 22:54:18: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:18: DEBUG: sockname 63.193.79.18[500] > 2004-12-01 22:54:18: DEBUG: send packet from 63.193.79.18[500] > 2004-12-01 22:54:18: DEBUG: send packet to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:18: DEBUG: src4 63.193.79.18[500] > 2004-12-01 22:54:18: DEBUG: dst4 HHH.HH.HHH.HH[500] > 2004-12-01 22:54:18: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500] > 2004-12-01 22:54:18: DEBUG: > 93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034 > 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20 > 80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc > 68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279 > 2004-12-01 22:54:18: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000 > 2004-12-01 22:54:28: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:28: DEBUG: sockname 63.193.79.18[500] > 2004-12-01 22:54:28: DEBUG: send packet from 63.193.79.18[500] > 2004-12-01 22:54:28: DEBUG: send packet to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:28: DEBUG: src4 63.193.79.18[500] > 2004-12-01 22:54:28: DEBUG: dst4 HHH.HH.HHH.HH[500] > 2004-12-01 22:54:28: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500] > 2004-12-01 22:54:28: DEBUG: > 93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034 > 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20 > 80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc > 68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279 > 2004-12-01 22:54:28: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000 > 2004-12-01 22:54:38: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:38: DEBUG: sockname 63.193.79.18[500] > 2004-12-01 22:54:38: DEBUG: send packet from 63.193.79.18[500] > 2004-12-01 22:54:38: DEBUG: send packet to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:38: DEBUG: src4 63.193.79.18[500] > 2004-12-01 22:54:38: DEBUG: dst4 HHH.HH.HHH.HH[500] > 2004-12-01 22:54:38: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500] > 2004-12-01 22:54:38: DEBUG: > 93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034 > 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20 > 80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc > 68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279 > 2004-12-01 22:54:38: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000 > 2004-12-01 22:54:39: ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP HHH.HH.HHH.HH->63.193.79.18 > 2004-12-01 22:54:39: INFO: delete phase 2 handler. > 2004-12-01 22:54:48: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:48: DEBUG: sockname 63.193.79.18[500] > 2004-12-01 22:54:48: DEBUG: send packet from 63.193.79.18[500] > 2004-12-01 22:54:48: DEBUG: send packet to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:48: DEBUG: src4 63.193.79.18[500] > 2004-12-01 22:54:48: DEBUG: dst4 HHH.HH.HHH.HH[500] > 2004-12-01 22:54:48: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500] > 2004-12-01 22:54:48: DEBUG: > 93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034 > 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20 > 80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc > 68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279 > 2004-12-01 22:54:48: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000 > 2004-12-01 22:54:57: INFO: caught signal 15 > 2004-12-01 22:54:57: DEBUG: get pfkey FLUSH message > 2004-12-01 22:54:57: DEBUG2: > 02090000 02000000 00000000 ce2d0000 > 2004-12-01 22:54:57: DEBUG: get pfkey FLUSH message > 2004-12-01 22:54:57: DEBUG2: > 02090000 02000000 00000000 6b2e0000 > 2004-12-01 22:54:57: DEBUG: get pfkey X_SPDFLUSH message > 2004-12-01 22:54:57: DEBUG2: > 02130000 02000000 00000000 6c2e0000 > 2004-12-01 22:54:58: DEBUG: 120 bytes from 63.193.79.18[500] to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:58: DEBUG: sockname 63.193.79.18[500] > 2004-12-01 22:54:58: DEBUG: send packet from 63.193.79.18[500] > 2004-12-01 22:54:58: DEBUG: send packet to HHH.HH.HHH.HH[500] > 2004-12-01 22:54:58: DEBUG: src4 63.193.79.18[500] > 2004-12-01 22:54:58: DEBUG: dst4 HHH.HH.HHH.HH[500] > 2004-12-01 22:54:58: DEBUG: 1 times of 120 bytes message will be sent to 63.193.79.18[500] > 2004-12-01 22:54:58: DEBUG: > 93c7d274 9913ca0c 00000000 00000000 01100200 00000000 00000078 0d000034 > 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800cfd20 > 80010005 80030001 80020002 80040002 0d000014 cd604643 35df21f8 7cfdb2fc > 68b6a448 00000014 810fa565 f8ab1436 9105d706 fbd57279 > 2004-12-01 22:54:58: DEBUG: resend phase1 packet 93c7d2749913ca0c:0000000000000000 > 2004-12-01 22:54:58: DEBUG: call pfkey_send_dump > 2004-12-01 22:54:58: DEBUG: an undead schedule has been deleted. > 2004-12-01 22:54:58: INFO: racoon shutdown > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ > _______________________________________________ > Ipsec-tools-devel mailing list > Ips...@li... > https://lists.sourceforge.net/lists/listinfo/ipsec-tools-devel -- Aidas Kasparas IT administrator GM Consult Group, UAB |