netgear dgfv338 howto - lobotomo · netgear dgfv338 remote lan 10.1.1.0/24 dial-up or broadband...

IPSecuritas 3.x

Configuration Instructions

for

Netgear DGFV338

© Lobotomo SoftwareJune 17, 2009

Legal DisclaimerContentsLobotomo Software (subsequently called "Author") reserves the right not to be responsible for the topicality, correctness, completeness or quality of the information provided. Liability claims regarding damage caused by the use of any information provided, including any kind of information which is incomplete or incorrect, will therefore be rejected. All offers are not-binding and without obligation. Parts of the document or the complete publication including all offers and information might be extended, changed or partly or completely deleted by the author without separate announcement.

ReferralsThe author is not responsible for any contents referred to or any links to pages of the World Wide Web in this document. If any damage occurs by the use of information presented there, only the author of the respective documents or pages might be liable, not the one who has referred or linked to these documents or pages.

CopyrightThe author intended not to use any copyrighted material for the publication or, if not possible, to indicate the copyright of the respective object. The copyright for any material created by the author is reserved. Any duplication or use of such diagrams, sounds or texts in other electronic or printed publications is not permitted without the author's agreement.

Legal force of this disclaimerThis disclaimer is to be regarded as part of this document. If sections or individual formulations of this text are not legal or correct, the content or validity of the other parts remain uninfluenced by this fact.

AcknowledgmentsMany thanks to Dene Stringfellow for providing setup information, screenshots and support for writing this document.

Table of contents

..........................................................................................................Introduction 1........................................................................Netgear DGFV338 Wizard Setup 1

.............................................................................................Netgear DGFV338 Login 1.................................................................................VPN Wizard Form Completion 2

...........................................................................................Disabling the VPN Policy 3.........................................................................................Editing the IKE Policy 3

....................................................................................................IKE Policy Changes 4...................................................................................................VPN Policy Changes 5

.......................................................................................Re-enabling the VPN Policy 6.................................................................................................IPSecuritas Setup 7

..................................................................................................................Start Wizard 7................................................................................Enter Name of New Connection 7

....................................................................................................Select Router Model 7...............................................................................Enter Router‘s Public IP Address 7

..........................................................................................Enter a Virtual IP Address 8...............................................................................................Enter Remote Network 8

...........................................................................................Enter Local Identification 8.......................................................................................Enter Remote Identification 9

....................................................................................................Enter Preshared Key 9...............................................................................................................Diagnosis 9

..........................................................................................................Reachability Test 9.........................................................................Sample DGFV338 VPN Log Output 9

..............................................................................Sample IPSecuritas Log Output 10

IntroductionThis document describes the steps necessary to establish a protected VPN connection between a Mac client and a Netgear DGFV338 router/firewall. All information in this document is based on the following assumed network.

Roadwarrior

Internet

Netgear DGFV338

Remote LAN10.1.1.0/24

Dial-Up orBroadband

Internet

Netgear DGFV338 Wizard SetupThis section describes the necessary steps to setup the Netgear DGFV338 to accept incoming connections.

Netgear DGFV338 Login

Login to the Netgear DGFV338 firewall/router.

Note: A secure (https://<routeripaddress>:8080) login is required if you are logging in remotely, otherwise use the usual https://<routeripaddress>:8080.

Click on the VPN button then click on the VPN Wizard link to continue with the next step.

IPSecuritas Configuration Instructions Netgear DGFV338

1

VPN Wizard Form Completion

Launch the VPN Wizard and make sure that the VPN tunnel peer is set to Gateway.

Under the Connection Name and Remote IP Type section give the VPN policy a suitable name and fill in the pre-shared key with your chosen shared key. Depending on how the router is connected to the Internet either ADSL or WAN Ethernet.

Under the End Point Information section fill in the Remote WAN’s IP Address or Internet Name with an arbitary Internet name - in this case, my_remote.com. Then type the router’s WAN IP address into the local WAN’s IP address or Internet Name field.

Finally, under the Secure Connection Remote Accessibility section fill in the Remote LAN IP Address field with an IP address in a public range which is not used in either of the end point networks*. Then fill in the remote LAN Subnet Mask in this case 255.255.255.0.

*Note: Use one of the ranges not used locally at either end of the VPN connection - i.e. in this case, if the address range is 10.1.1.0 at the office end and you are using 192.168.1.0 on your own network use the 176.16.1.0 range.


2

Disabling the VPN Policy

Under the VPN Policies tab click in the checkbox beside the newly created VPN policy and then click on the Disable button to disable the policy. This will allow both the VPN policy and the IKE policy to be edited. The policy will be re-enabled after the required changes have been applied.

Editing the IKE Policy

Next click on the IKE Policies tab, then click in the checkbox beside the newly created IKE policy and click on the edit button to edit the newly created IKE policy to continue with the next step.


3

IKE Policy Changes

In the IKE Policy form make the following changes:

Under the General section change the Direction/Type: pulldown field from Both to Responder and the Exchange Mode: field to Aggressive from Main. Under the Local section change the Identifier Type: from Local WAN IP to FQDN and into the Identifier: field type my_office.com.

Under the IKE SA Parameters section make sure that the SA-Lifetime (sec): field is set to 28800.

Finally, make sure the XAUTH Configuration: under the Extended Authentication is set to None and then click on the Apply button to save the changes.


4

VPN Policy Changes

Next click Policies link in the gray bar above the Edit IKE Policy tab and then click on the VPN Policies tab in the subsequent screen. Then click on the checkbox beside the newly created, but disabled, VPN policy to proceed to the Edit VPN Policy screen.

In the Edit VPN Policy form make the following changes:

Under the General section uncheck the Enable NetBIOS? checkbox.

Under the Traffic Selection section change the Remote IP: from Subnet to Single.

Under the Auto Policy Parameters section make sure that the SA-Lifetime: field is set to 28800 Seconds and make sure the newly IKE Policy selected from the pulldown field.

Then click on the Apply button to save the changes.


5

Re-enabling the VPN Policy

Finally, return to the VPN Policies tab via the Policies link in the gray bar, click on the checkbox beside the newly edited VPN policy and then click on the Enable button to reactivate the policy.

That completes the configuration of the DGFV338 firewall/router. So log out of the router and proceed to the next stage of setting up the IPSecuritas client configuration.


6

IPSecuritas SetupThis section describes the necessary steps to setup IPSecuritas to connect to the Netgear DGFV338 router.

Start WizardUnless it is already running, you should start IPSecuritas now. Change to Connections menu and select Edit Connections (or press ⌘-E). Start the Wizard by clicking on the following symbol:

Enter Name of New Connection

Enter a name for the connection (any arbitrary name).

Click on the right arrow to continue with the next step.

Select Router Model

Select Netgear from the manufacturer list and DGFV338 from the model list.


Enter Router‘s Public IP Address

Enter the public IP address or hostname of your Netgear DGFV338 router. In case your ISP assigned you a dynamic IP address, you should register with a dynamic IP DNS service (like http://www.dyndns.org).



7

http://www.dyndns.org

http://www.dyndns.org

Enter a Virtual IP Address

Enter a virtual local IP address. This address appears as the source address of any packet going through the tunnel.

Note: Use one of the ranges not used locally at either end of the VPN connection - i.e. in this case, if the address range is 10.1.1.0 at the office end and you are using 192.168.1.0 on your own network use the 176.16.1.0 range.

In order to prevent address collisions between the local network and the remote network, it is

recommended to use an address from one the ranges reserved for private network (see RFC 1918). Click on the right arrow to continue with the next step.

Enter Remote Network

Enter the remote network address and netmask (please note that the netmask needs to be entered in CIDR format). This has to match with the settings of the Netgear DGFV338.


Enter Local Identification

Enter the Local Identification in the Name field. It can be whatever you want as long as it matches with the settings of the Netgear DGFV338.



8

Enter Remote Identification

Enter the Remote Identification in the Name field. Again, it can be whatever you want as long as it matches with the settings of the Netgear DGFV338.


Enter Preshared Key

Enter the same Preshared Key that you used for the Netgear DGFV338 (see main IPSec configuration page on page 4).

Click on the right arrow to finish the connection setup.

DiagnosisReachability Test

To test reachability of the remote host, open an Terminal Window (Utilities -> Terminal) and enter the command ping, followed by the DGFV338 local IP address. If the tunnel works correctly, a similar output is displayed:

[MacBook:~] root# ping 10.1.1.1PING 10.1.1.1 (10.1.1.1): 56 data bytes64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=13.186 ms64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=19.290 ms64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=12.823 ms

Sample DGFV338 VPN Log OutputThe following is a sample log file (n.B. the actual IP addresses have been replaced) from the Netgear DGFV338 firewall/router after a successful connection establishment:

2007-09-23 08:53:00: INFO: Adding IPSec configuration with identifier "my_RemoteAccess" 2007-09-23 08:53:00: INFO: Adding IKE configuration with identifer "my_RemoteAccess" 2007-09-23 08:53:01: ERROR: Failed to resolve remote FQDN "my_remote.com". Backing off resolution for 2 seconds. 2007-09-23 08:53:03: ERROR: Failed to resolve remote FQDN "my_remote.com". Backing off resolution for 4 seconds. 2007-09-23 08:53:07: ERROR: Failed to resolve remote FQDN "my_remote.com". Backing off resolution for 8 seconds. 2007-09-23 08:53:15: ERROR: Failed to resolve remote FQDN "my_remote.com". Backing off resolution for 16 seconds. 2007-09-23 08:53:32: ERROR: Failed to resolve remote FQDN "my_remote.com". Backing off resolution for 32 seconds. 2007-09-23 08:54:04: ERROR: Failed to resolve remote FQDN "my_remote.com". Backing off resolution for 64 seconds. 2007-09-23 08:55:08: ERROR: Failed to resolve remote FQDN "my_remote.com". Backing off resolution for 128 seconds.


9

2007-09-23 08:56:01: INFO: Remote configuration for identifier "my_remote.com" found 2007-09-23 08:56:01: ERROR: Policy Update to the kernel succeeded for my_remote.com 2007-09-23 08:56:01: INFO: Received request for new phase 1 negotiation: 123.321.1.1[500]<=>222.333.444.555[500] 2007-09-23 08:56:01: INFO: Beginning Aggressive mode. 2007-09-23 08:56:01: INFO: Received unknown Vendor ID 2007-09-23 08:56:01: INFO: Received unknown Vendor ID 2007-09-23 08:56:02: ERROR: Failed to resolve remote FQDN "my_remote.com". Backing off resolution for 2 seconds. 2007-09-23 08:56:02: INFO: ISAKMP-SA established for 123.321.1.1[500]-222.333.444.555[500] with spi:342eca2c2d5e346d: 10627c3fc9e62201 2007-09-23 08:56:02: INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT] 2007-09-23 08:56:02: INFO: Responding to new phase 2 negotiation: 123.321.1.1[0]<=>222.333.444.555[0] 2007-09-23 08:56:02: INFO: Using IPsec SA configuration: 192.168.1.0/24<->176.16.1.48/32 2007-09-23 08:56:03: INFO: IPsec-SA established: ESP/Tunnel 222.333.444.555->123.321.1.1 with spi=52173431(0x31c1a77) 2007-09-23 08:56:03: INFO: IPsec-SA established: ESP/Tunnel 123.321.1.1->222.333.444.555 with spi=215990560(0xcdfc120) 2007-09-23 08:56:04: ERROR: Failed to resolve remote FQDN "my_remote.com". Backing off resolution for 4 seconds. 2007-09-23 08:56:08: ERROR: Failed to resolve remote FQDN "my_remote.com". Backing off resolution for 8 seconds.

Sample IPSecuritas Log OutputThe following is a sample log file (n.B. the actual IP addresses have been replaced) from IPSecuritas after a successful connection establishment (with log level set to Debug)::

IPSecuritas 3.0 build 1693, Sun May 27 21:43:28 MVT 2007, nadig Darwin 8.9.1 Darwin Kernel Version 8.9.1: Thu Feb 22 20:55:00 PST 2007; root:xnu-792.18.15~1/RELEASE_I386 i386 Sep 23, 09:26:56 Info APP IKE daemon started Sep 23, 09:26:56 Info APP IPSec started Sep 23, 09:26:56 Debug APP State change from AUTHENTICATING to RUNNING after event AUTHENTICATED Sep 23, 09:26:56 Debug APP Received SADB message type X_SPDUPDATE - not interesting Sep 23, 09:26:56 Debug APP Received SADB message type X_SPDUPDATE - not interesting Sep 23, 09:26:56 Warning IKE Foreground mode. Sep 23, 09:26:56 Info IKE @(#)ipsec-tools CVS (http://ipsec-tools.sourceforge.net) Sep 23, 09:26:56 Info IKE @(#)This product linked OpenSSL 0.9.7l 28 Sep 2006 (http://www.openssl.org/) Sep 23, 09:26:56 Info IKE Reading configuration from "/Library/Application Support/Lobotomo Software/IPSecuritas/racoon.conf" Sep 23, 09:26:56 Info IKE Resize address pool from 0 to 255 Sep 23, 09:26:56 Debug IKE lifetime = 28800 Sep 23, 09:26:56 Debug IKE lifebyte = 0 Sep 23, 09:26:56 Debug IKE encklen=0 Sep 23, 09:26:56 Debug IKE p:1 t:1 Sep 23, 09:26:56 Debug IKE 3DES-CBC(5) Sep 23, 09:26:56 Debug IKE SHA(2) Sep 23, 09:26:56 Debug IKE 1024-bit MODP group(2) Sep 23, 09:26:56 Debug IKE pre-shared key(1) Sep 23, 09:26:56 Debug IKE hmac(modp1024) Sep 23, 09:26:56 Debug IKE compression algorithm can not be checked because sadb message doesn't support it. Sep 23, 09:26:56 Debug IKE parse successed. Sep 23, 09:26:56 Debug IKE open /Library/Application Support/Lobotomo Software/IPSecuritas/admin.sock as racoon management. Sep 23, 09:26:56 Info IKE 192.168.1.2[4500] used as isakmp port (fd=7) Sep 23, 09:26:56 Info IKE 192.168.1.2[500] used as isakmp port (fd=8) Sep 23, 09:26:56 Debug IKE get pfkey X_SPDDUMP message Sep 23, 09:26:56 Debug IKE 02120000 0f000100 01000000 4e040000 03000500 ff180000 10020000 c0a80100 Sep 23, 09:26:56 Debug IKE 00000000 00000000 03000600 ff200000 10020000 b0100130 00000000 00000000 Sep 23, 09:26:56 Debug IKE 07001200 02000100 04000000 00000000 28003200 02030800 10020000 5861f516 Sep 23, 09:26:56 Debug IKE 00000000 00000000 10020000 c0a80402 00000000 00000000 Sep 23, 09:26:56 Debug IKE get pfkey X_SPDDUMP message Sep 23, 09:26:56 Debug IKE 02120000 0f000100 00000000 4e040000 03000500 ff200000 10020000 b0100130 Sep 23, 09:26:56 Debug IKE 00000000 00000000 03000600 ff180000 10020000 c0a80100 00000000 00000000 Sep 23, 09:26:56 Debug IKE 07001200 02000200 03000000 00000000 28003200 02030700 10020000 c0a80402 Sep 23, 09:26:56 Debug IKE 00000000 00000000 10020000 5861f516 00000000 00000000 Sep 23, 09:26:56 Debug IKE sub:0xbffff5f0: 176.16.1.48/32[0] 10.1.1.0/24[0] proto=any dir=out Sep 23, 09:26:56 Debug IKE db :0x308cb8: 10.1.1.0/24[0] 176.16.1.48/32[0] proto=any dir=in Sep 23, 09:26:57 Info APP Initiated connection Office Sep 23, 09:26:57 Debug IKE get pfkey ACQUIRE message Sep 23, 09:26:57 Debug IKE 02060003 24000000 02000000 00000000 03000500 ff200000 10020000 c0a80402 Sep 23, 09:26:57 Debug IKE 00000000 00000000 03000600 ff200000 10020000 5861f516 00000000 00000000 Sep 23, 09:26:57 Debug IKE 1c000d00 20000000 00030000 00000000 00010008 00000000 01000000 01000000 Sep 23, 09:26:57 Debug IKE 00000000 00000000 00000000 00000000 00000000 00000000 80510100 00000000 Sep 23, 09:26:57 Debug IKE 80700000 00000000 00000000 00000000 00040000 00000000 0001c001 00000000 Sep 23, 09:26:57 Debug IKE 01000000 01000000 00000000 00000000 00000000 00000000 00000000 00000000 Sep 23, 09:26:57 Debug IKE 80510100 00000000 80700000 00000000 00000000 00000000 000c0000 00000000 Sep 23, 09:26:57 Debug IKE 00010001 00000000 01000000 01000000 00000000 00000000 00000000 00000000


10

http://ipsec-tools.sourceforge.net

http://ipsec-tools.sourceforge.net

http://www.openssl.org

http://www.openssl.org

Sep 23, 09:26:57 Debug IKE 00000000 00000000 80510100 00000000 80700000 00000000 00000000 00000000 Sep 23, 09:26:57 Error IKE inappropriate sadb acquire message passed. Sep 23, 09:26:57 Debug IKE get pfkey ACQUIRE message Sep 23, 09:26:57 Debug IKE 02060003 14000000 02000000 92000000 03000500 ff200000 10020000 c0a80402 Sep 23, 09:26:57 Debug IKE 00000000 00000000 03000600 ff200000 10020000 5861f516 00000000 00000000 Sep 23, 09:26:57 Debug IKE 0a000d00 20000000 000c0000 00000000 00010001 00000000 01000000 01000000 Sep 23, 09:26:57 Debug IKE 00000000 00000000 00000000 00000000 00000000 00000000 80510100 00000000 Sep 23, 09:26:57 Debug IKE 80700000 00000000 00000000 00000000 02001200 02000200 03000000 00000000 Sep 23, 09:26:57 Debug IKE suitable outbound SP found: 176.16.1.48/32[0] 10.1.1.0/24[0] proto=any dir=out. Sep 23, 09:26:57 Debug IKE sub:0xbffff5cc: 10.1.1.0/24[0] 176.16.1.48/32[0] proto=any dir=in Sep 23, 09:26:57 Debug IKE db :0x308cb8: 10.1.1.0/24[0] 176.16.1.48/32[0] proto=any dir=in Sep 23, 09:26:57 Debug IKE suitable inbound SP found: 10.1.1.0/24[0] 176.16.1.48/32[0] proto=any dir=in. Sep 23, 09:26:57 Debug IKE new acquire 176.16.1.48/32[0] 10.1.1.0/24[0] proto=any dir=out Sep 23, 09:26:57 Debug IKE (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Tunnel reqid=8:7) Sep 23, 09:26:57 Debug IKE (trns_id=DES encklen=0 authtype=hmac-sha) Sep 23, 09:26:57 Debug IKE (trns_id=3DES encklen=0 authtype=hmac-sha) Sep 23, 09:26:57 Debug IKE in post_acquire Sep 23, 09:26:57 Debug IKE configuration found for 123.321.1.1. Sep 23, 09:26:57 Info IKE IPsec-SA request for 123.321.1.1 queued due to no phase1 found. Sep 23, 09:26:57 Debug IKE === Sep 23, 09:26:57 Info IKE initiate new phase 1 negotiation: 192.168.1.2[500]<=>123.321.1.1[500] Sep 23, 09:26:57 Info IKE begin Aggressive mode. Sep 23, 09:26:57 Debug IKE new cookie: Sep 23, 09:26:57 Debug IKE 1d4c706bfd2fcc10 Sep 23, 09:26:57 Debug IKE use ID type of FQDN Sep 23, 09:26:57 Debug IKE compute DH's private. Sep 23, 09:26:57 Debug IKE 6d8c0d86 d63e8a91 21f587e9 704001ef be43994d 001a47ca 08a250d4 5c48b6a2 Sep 23, 09:26:57 Debug IKE 28560777 5c140835 38d3e4db 8f3d64fd 5ef01277 94ede2c1 7cb0e945 c1a363c1 Sep 23, 09:26:57 Debug IKE 674bd4c0 da12c941 6e399ee6 e30f2765 99c71278 c3f334dd 1ab6e391 1d78b6c3 Sep 23, 09:26:57 Debug IKE db36e423 b931ebd1 b6092333 48113c8f 6a9afe17 9e11575b 6b12bff3 d80a04ee Sep 23, 09:26:57 Debug IKE compute DH's public. Sep 23, 09:26:57 Debug IKE b5b3be8e a0e84f1d 4259fe42 0a8a86e3 74876b12 1e81d1eb 45d1e6aa 998845ba Sep 23, 09:26:57 Debug IKE 9b3a3e5c 0b36455c 8414d87a 64a24312 93364a7e 8fc89da9 c96d9288 17ac2fd6 Sep 23, 09:26:57 Debug IKE 59032ea4 e8862e27 989cef8e 62755e45 dd244698 6c09c420 a53fe757 e123b467 Sep 23, 09:26:57 Debug IKE d186b022 0cb63a2f b87beb31 d1855e56 c43af433 767a737d f60b7cf7 10367e7e Sep 23, 09:26:57 Debug IKE authmethod is pre-shared key Sep 23, 09:26:57 Debug IKE add payload of len 48, next type 4 Sep 23, 09:26:57 Debug IKE add payload of len 128, next type 10 Sep 23, 09:26:57 Debug IKE add payload of len 16, next type 5 Sep 23, 09:26:57 Debug IKE add payload of len 17, next type 13 Sep 23, 09:26:57 Debug IKE add payload of len 20, next type 13 Sep 23, 09:26:57 Debug IKE add payload of len 16, next type 0 Sep 23, 09:26:57 Debug IKE 297 bytes from 192.168.1.2[500] to 123.321.1.1[500] Sep 23, 09:26:57 Debug IKE sockname 192.168.1.2[500] Sep 23, 09:26:57 Debug IKE send packet from 192.168.1.2[500] Sep 23, 09:26:57 Debug IKE send packet to 123.321.1.1[500] Sep 23, 09:26:57 Debug IKE 1 times of 297 bytes message will be sent to 123.321.1.1[500] Sep 23, 09:26:57 Debug IKE 1d4c706b fd2fcc10 00000000 00000000 01100400 00000000 00000129 04000034 Sep 23, 09:26:57 Debug IKE 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080 Sep 23, 09:26:57 Debug IKE 80010005 80030001 80020002 80040002 0a000084 b5b3be8e a0e84f1d 4259fe42 Sep 23, 09:26:57 Debug IKE 0a8a86e3 74876b12 1e81d1eb 45d1e6aa 998845ba 9b3a3e5c 0b36455c 8414d87a Sep 23, 09:26:57 Debug IKE 64a24312 93364a7e 8fc89da9 c96d9288 17ac2fd6 59032ea4 e8862e27 989cef8e Sep 23, 09:26:57 Debug IKE 62755e45 dd244698 6c09c420 a53fe757 e123b467 d186b022 0cb63a2f b87beb31 Sep 23, 09:26:57 Debug IKE d1855e56 c43af433 767a737d f60b7cf7 10367e7e 05000014 bfd7dedd 30684a77 Sep 23, 09:26:57 Debug IKE e903b795 2e7c6eeb 0d000015 02000000 6d795f72 656d6f74 652e636f 6d0d0000 Sep 23, 09:26:57 Debug IKE 184048b7 d56ebce8 8525e7de 7f00d6c2 d3800000 00000000 14afcad7 1368a1f1 Sep 23, 09:26:57 Debug IKE c96b8696 fc775701 00 Sep 23, 09:26:57 Debug IKE resend phase1 packet 1d4c706bfd2fcc10:0000000000000000 Sep 23, 09:26:58 Debug IKE === Sep 23, 09:26:58 Debug IKE 297 bytes message received from 123.321.1.1[500] to 192.168.1.2[500] Sep 23, 09:26:58 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 01100400 00000000 00000129 04000034 Sep 23, 09:26:58 Debug IKE 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080 Sep 23, 09:26:58 Debug IKE 80010005 80030001 80020002 80040002 0a000084 0aef4bd4 f54235dc 2226d81d Sep 23, 09:26:58 Debug IKE 3ed81399 74f3627e cd8993c3 b3b1eab4 0049230d c3378538 72a2c4af 0040fe65 Sep 23, 09:26:58 Debug IKE 1d28cd19 6747482f cc34fe10 7d3972f6 47b43b3a e2d60c8c f7fc73da bb3666ef Sep 23, 09:26:58 Debug IKE f7ae331b 7c429413 dabda20d ae336cea d241b8fe 031bd487 ee94eb07 3e43bd62 Sep 23, 09:26:58 Debug IKE b58d5292 621e477e 56482223 c9b2dac6 43bcba86 05000014 dd949007 4e445caa Sep 23, 09:26:58 Debug IKE 2010114e 81521c07 08000015 02000000 6d795f6f 66666963 652e636f 6d0d0000 Sep 23, 09:26:58 Debug IKE 1872d318 07906e64 73e5f0e4 5944483b fb2dde01 1f000000 147003cb c1097dbe Sep 23, 09:26:58 Debug IKE 9c2600ba 6983bc8b 35 Sep 23, 09:26:58 Debug IKE begin. Sep 23, 09:26:58 Debug IKE seen nptype=1(sa) Sep 23, 09:26:58 Debug IKE seen nptype=4(ke) Sep 23, 09:26:58 Debug IKE seen nptype=10(nonce)


11

Sep 23, 09:26:58 Debug IKE seen nptype=5(id) Sep 23, 09:26:58 Debug IKE seen nptype=8(hash) Sep 23, 09:26:58 Debug IKE seen nptype=13(vid) Sep 23, 09:26:58 Debug IKE succeed. Sep 23, 09:26:58 Info IKE received Vendor ID: KAME/racoon Sep 23, 09:26:58 Debug IKE total SA len=48 Sep 23, 09:26:58 Debug IKE 00000001 00000001 00000028 01010001 00000020 01010000 800b0001 800c7080 Sep 23, 09:26:58 Debug IKE 80010005 80030001 80020002 80040002 Sep 23, 09:26:58 Debug IKE begin. Sep 23, 09:26:58 Debug IKE seen nptype=2(prop) Sep 23, 09:26:58 Debug IKE succeed. Sep 23, 09:26:58 Debug IKE proposal #1 len=40 Sep 23, 09:26:58 Debug IKE begin. Sep 23, 09:26:58 Debug IKE seen nptype=3(trns) Sep 23, 09:26:58 Debug IKE succeed. Sep 23, 09:26:58 Debug IKE transform #1 len=32 Sep 23, 09:26:58 Debug IKE type=Life Type, flag=0x8000, lorv=seconds Sep 23, 09:26:58 Debug IKE type=Life Duration, flag=0x8000, lorv=28800 Sep 23, 09:26:58 Debug IKE type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE type=Authentication Method, flag=0x8000, lorv=pre-shared key Sep 23, 09:26:58 Debug IKE type=Hash Algorithm, flag=0x8000, lorv=SHA Sep 23, 09:26:58 Debug IKE hash(sha1) Sep 23, 09:26:58 Debug IKE type=Group Description, flag=0x8000, lorv=1024-bit MODP group Sep 23, 09:26:58 Debug IKE hmac(modp1024) Sep 23, 09:26:58 Debug IKE pair 1: Sep 23, 09:26:58 Debug IKE 0x309b50: next=0x0 tnext=0x0 Sep 23, 09:26:58 Debug IKE proposal #1: 1 transform Sep 23, 09:26:58 Debug IKE prop#=1, prot-id=ISAKMP, spi-size=0, #trns=1 Sep 23, 09:26:58 Debug IKE trns#=1, trns-id=IKE Sep 23, 09:26:58 Debug IKE type=Life Type, flag=0x8000, lorv=seconds Sep 23, 09:26:58 Debug IKE type=Life Duration, flag=0x8000, lorv=28800 Sep 23, 09:26:58 Debug IKE type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC Sep 23, 09:26:58 Debug IKE type=Authentication Method, flag=0x8000, lorv=pre-shared key Sep 23, 09:26:58 Debug IKE type=Hash Algorithm, flag=0x8000, lorv=SHA Sep 23, 09:26:58 Debug IKE type=Group Description, flag=0x8000, lorv=1024-bit MODP group Sep 23, 09:26:58 Debug IKE Compared: DB:Peer Sep 23, 09:26:58 Debug IKE (lifetime = 28800:28800) Sep 23, 09:26:58 Debug IKE (lifebyte = 0:0) Sep 23, 09:26:58 Debug IKE enctype = 3DES-CBC:3DES-CBC Sep 23, 09:26:58 Debug IKE (encklen = 0:0) Sep 23, 09:26:58 Debug IKE hashtype = SHA:SHA Sep 23, 09:26:58 Debug IKE authmethod = pre-shared key:pre-shared key Sep 23, 09:26:58 Debug IKE dh_group = 1024-bit MODP group:1024-bit MODP group Sep 23, 09:26:58 Debug IKE an acceptable proposal found. Sep 23, 09:26:58 Debug IKE hmac(modp1024) Sep 23, 09:26:58 Debug IKE agreed on pre-shared key auth. Sep 23, 09:26:58 Debug IKE compute DH's shared. Sep 23, 09:26:58 Debug IKE 7f1089df f6bca28e 7c6dc4c0 1f40c110 b373c270 944814d1 de185909 3a493d0f Sep 23, 09:26:58 Debug IKE e875bc13 f26a6d8a e865857c 1a0884e0 7d484d58 b0c96875 50f1fdf3 88f32e5f Sep 23, 09:26:58 Debug IKE b1764300 09f6e6e2 3bdb0f90 22d213db 5792c92b 41cbf94a fa4ee182 828944e7 Sep 23, 09:26:58 Debug IKE c0183d0c fbcb8b65 30ba5b4c 7646934b 28a1b714 4e973517 cf0dce73 a29bcb29 Sep 23, 09:26:58 Debug IKE the psk found. Sep 23, 09:26:58 Debug IKE psk: 2007-09-23 09:26:58: DEBUG2: Sep 23, 09:26:58 Debug IKE 6d795365 63726574 Sep 23, 09:26:58 Debug IKE nonce 1: 2007-09-23 09:26:58: DEBUG: Sep 23, 09:26:58 Debug IKE bfd7dedd 30684a77 e903b795 2e7c6eeb Sep 23, 09:26:58 Debug IKE nonce 2: 2007-09-23 09:26:58: DEBUG: Sep 23, 09:26:58 Debug IKE dd949007 4e445caa 2010114e 81521c07 Sep 23, 09:26:58 Debug IKE hmac(hmac_sha1) Sep 23, 09:26:58 Debug IKE SKEYID computed: Sep 23, 09:26:58 Debug IKE d78d56a1 33520b08 2c7f0d72 3a17c03e 9d165683 Sep 23, 09:26:58 Debug IKE hmac(hmac_sha1) Sep 23, 09:26:58 Debug IKE SKEYID_d computed: Sep 23, 09:26:58 Debug IKE a9b10579 1d1a9ea0 636827fc 8019781f 9093887e Sep 23, 09:26:58 Debug IKE hmac(hmac_sha1) Sep 23, 09:26:58 Debug IKE SKEYID_a computed: Sep 23, 09:26:58 Debug IKE 1d7f3c98 98dac66e 81e9fb88 c3636d0d 5138d794 Sep 23, 09:26:58 Debug IKE hmac(hmac_sha1) Sep 23, 09:26:58 Debug IKE SKEYID_e computed: Sep 23, 09:26:58 Debug IKE 19c7240c 719caadf 0107630d db96535a b4684f85 Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE hash(sha1) Sep 23, 09:26:58 Debug IKE len(SKEYID_e) < len(Ka) (20 < 24), generating long key (Ka = K1 | K2 | ...)


12

Sep 23, 09:26:58 Debug IKE hmac(hmac_sha1) Sep 23, 09:26:58 Debug IKE compute intermediate encryption key K1 Sep 23, 09:26:58 Debug IKE 00 Sep 23, 09:26:58 Debug IKE 9054a625 09f29397 780b5555 1cf120c4 f6a03878 Sep 23, 09:26:58 Debug IKE hmac(hmac_sha1) Sep 23, 09:26:58 Debug IKE compute intermediate encryption key K2 Sep 23, 09:26:58 Debug IKE 9054a625 09f29397 780b5555 1cf120c4 f6a03878 Sep 23, 09:26:58 Debug IKE e2b9a868 80d86f28 1c05d0e0 c4c4575b a458320b Sep 23, 09:26:58 Debug IKE final encryption key computed: Sep 23, 09:26:58 Debug IKE 9054a625 09f29397 780b5555 1cf120c4 f6a03878 e2b9a868 Sep 23, 09:26:58 Debug IKE hash(sha1) Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE IV computed: Sep 23, 09:26:58 Debug IKE 57d8aa01 dd734f04 Sep 23, 09:26:58 Debug IKE HASH received: Sep 23, 09:26:58 Debug IKE 72d31807 906e6473 e5f0e459 44483bfb 2dde011f Sep 23, 09:26:58 Debug IKE HASH with: Sep 23, 09:26:58 Debug IKE 0aef4bd4 f54235dc 2226d81d 3ed81399 74f3627e cd8993c3 b3b1eab4 0049230d Sep 23, 09:26:58 Debug IKE c3378538 72a2c4af 0040fe65 1d28cd19 6747482f cc34fe10 7d3972f6 47b43b3a Sep 23, 09:26:58 Debug IKE e2d60c8c f7fc73da bb3666ef f7ae331b 7c429413 dabda20d ae336cea d241b8fe Sep 23, 09:26:58 Debug IKE 031bd487 ee94eb07 3e43bd62 b58d5292 621e477e 56482223 c9b2dac6 43bcba86 Sep 23, 09:26:58 Debug IKE b5b3be8e a0e84f1d 4259fe42 0a8a86e3 74876b12 1e81d1eb 45d1e6aa 998845ba Sep 23, 09:26:58 Debug IKE 9b3a3e5c 0b36455c 8414d87a 64a24312 93364a7e 8fc89da9 c96d9288 17ac2fd6 Sep 23, 09:26:58 Debug IKE 59032ea4 e8862e27 989cef8e 62755e45 dd244698 6c09c420 a53fe757 e123b467 Sep 23, 09:26:58 Debug IKE d186b022 0cb63a2f b87beb31 d1855e56 c43af433 767a737d f60b7cf7 10367e7e Sep 23, 09:26:58 Debug IKE 221fe87e 010e49b7 1d4c706b fd2fcc10 00000001 00000001 00000028 01010001 Sep 23, 09:26:58 Debug IKE 00000020 01010000 800b0001 800c7080 80010005 80030001 80020002 80040002 Sep 23, 09:26:58 Debug IKE 02000000 6d795f6f 66666963 652e636f 6d Sep 23, 09:26:58 Debug IKE hmac(hmac_sha1) Sep 23, 09:26:58 Debug IKE HASH (init) computed: Sep 23, 09:26:58 Debug IKE 72d31807 906e6473 e5f0e459 44483bfb 2dde011f Sep 23, 09:26:58 Debug IKE HASH for PSK validated. Sep 23, 09:26:58 Debug IKE === Sep 23, 09:26:58 Debug IKE generate HASH_I Sep 23, 09:26:58 Debug IKE HASH with: Sep 23, 09:26:58 Debug IKE b5b3be8e a0e84f1d 4259fe42 0a8a86e3 74876b12 1e81d1eb 45d1e6aa 998845ba Sep 23, 09:26:58 Debug IKE 9b3a3e5c 0b36455c 8414d87a 64a24312 93364a7e 8fc89da9 c96d9288 17ac2fd6 Sep 23, 09:26:58 Debug IKE 59032ea4 e8862e27 989cef8e 62755e45 dd244698 6c09c420 a53fe757 e123b467 Sep 23, 09:26:58 Debug IKE d186b022 0cb63a2f b87beb31 d1855e56 c43af433 767a737d f60b7cf7 10367e7e Sep 23, 09:26:58 Debug IKE 0aef4bd4 f54235dc 2226d81d 3ed81399 74f3627e cd8993c3 b3b1eab4 0049230d Sep 23, 09:26:58 Debug IKE c3378538 72a2c4af 0040fe65 1d28cd19 6747482f cc34fe10 7d3972f6 47b43b3a Sep 23, 09:26:58 Debug IKE e2d60c8c f7fc73da bb3666ef f7ae331b 7c429413 dabda20d ae336cea d241b8fe Sep 23, 09:26:58 Debug IKE 031bd487 ee94eb07 3e43bd62 b58d5292 621e477e 56482223 c9b2dac6 43bcba86 Sep 23, 09:26:58 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 00000001 00000001 00000028 01010001 Sep 23, 09:26:58 Debug IKE 00000020 01010000 800b0001 800c7080 80010005 80030001 80020002 80040002 Sep 23, 09:26:58 Debug IKE 02000000 6d795f72 656d6f74 652e636f 6d Sep 23, 09:26:58 Debug IKE hmac(hmac_sha1) Sep 23, 09:26:58 Debug IKE HASH (init) computed: Sep 23, 09:26:58 Debug IKE 73debed1 65c6d6a3 439c43b6 81d80e8d 3cd4736e Sep 23, 09:26:58 Debug IKE add payload of len 20, next type 0 Sep 23, 09:26:58 Debug IKE 52 bytes from 192.168.1.2[500] to 123.321.1.1[500] Sep 23, 09:26:58 Debug IKE sockname 192.168.1.2[500] Sep 23, 09:26:58 Debug IKE send packet from 192.168.1.2[500] Sep 23, 09:26:58 Debug IKE send packet to 123.321.1.1[500] Sep 23, 09:26:58 Debug IKE 1 times of 52 bytes message will be sent to 123.321.1.1[500] Sep 23, 09:26:58 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 08100400 00000000 00000034 00000018 Sep 23, 09:26:58 Debug IKE 73debed1 65c6d6a3 439c43b6 81d80e8d 3cd4736e Sep 23, 09:26:58 Debug IKE compute IV for phase2 Sep 23, 09:26:58 Debug IKE phase1 last IV: Sep 23, 09:26:58 Debug IKE 57d8aa01 dd734f04 ed27e10f Sep 23, 09:26:58 Debug IKE hash(sha1) Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE phase2 IV computed: Sep 23, 09:26:58 Debug IKE 95b9ded4 24767a41 Sep 23, 09:26:58 Debug IKE HASH with: Sep 23, 09:26:58 Debug IKE ed27e10f 0000001c 00000001 01106002 1d4c706b fd2fcc10 221fe87e 010e49b7 Sep 23, 09:26:58 Debug IKE hmac(hmac_sha1) Sep 23, 09:26:58 Debug IKE HASH computed: Sep 23, 09:26:58 Debug IKE 7f9a62e3 5ae5a664 48570fff c370d76a 2cc2b346 Sep 23, 09:26:58 Debug IKE begin encryption. Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE pad length = 4 Sep 23, 09:26:58 Debug IKE 0b000018 7f9a62e3 5ae5a664 48570fff c370d76a 2cc2b346 0000001c 00000001 Sep 23, 09:26:58 Debug IKE 01106002 1d4c706b fd2fcc10 221fe87e 010e49b7 bde5bd03


13

Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE with key: Sep 23, 09:26:58 Debug IKE 9054a625 09f29397 780b5555 1cf120c4 f6a03878 e2b9a868 Sep 23, 09:26:58 Debug IKE encrypted payload by IV: Sep 23, 09:26:58 Debug IKE 95b9ded4 24767a41 Sep 23, 09:26:58 Debug IKE save IV for next: Sep 23, 09:26:58 Debug IKE 9741932a b34980e2 Sep 23, 09:26:58 Debug IKE encrypted. Sep 23, 09:26:58 Debug IKE 84 bytes from 192.168.1.2[500] to 123.321.1.1[500] Sep 23, 09:26:58 Debug IKE sockname 192.168.1.2[500] Sep 23, 09:26:58 Debug IKE send packet from 192.168.1.2[500] Sep 23, 09:26:58 Debug IKE send packet to 123.321.1.1[500] Sep 23, 09:26:58 Debug IKE 1 times of 84 bytes message will be sent to 123.321.1.1[500] Sep 23, 09:26:58 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 08100501 ed27e10f 00000054 3921cbdc Sep 23, 09:26:58 Debug IKE 9d2eeaaf 590b0e46 0f6e11f0 ec0f0cfa 8426b266 c3cb116e e8fcb0bc 8a62fd57 Sep 23, 09:26:58 Debug IKE 125d57ae 7b9eb956 a09a4496 9741932a b34980e2 Sep 23, 09:26:58 Debug IKE sendto Information notify. Sep 23, 09:26:58 Debug IKE IV freed Sep 23, 09:26:58 Info IKE ISAKMP-SA established 192.168.1.2[500]-123.321.1.1[500] spi: 1d4c706bfd2fcc10:221fe87e010e49b7 Sep 23, 09:26:58 Debug IKE === Sep 23, 09:26:58 Debug IKE === Sep 23, 09:26:58 Debug IKE begin QUICK mode. Sep 23, 09:26:58 Info IKE initiate new phase 2 negotiation: 192.168.1.2[500]<=>123.321.1.1[500] Sep 23, 09:26:58 Debug IKE compute IV for phase2 Sep 23, 09:26:58 Debug IKE phase1 last IV: Sep 23, 09:26:58 Debug IKE 57d8aa01 dd734f04 e1136ae6 Sep 23, 09:26:58 Debug IKE hash(sha1) Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE phase2 IV computed: Sep 23, 09:26:58 Debug IKE ef24df6d 118b6036 Sep 23, 09:26:58 Debug IKE call pfkey_send_getspi Sep 23, 09:26:58 Debug IKE pfkey GETSPI sent: ESP/Tunnel 123.321.1.1[0]->192.168.1.2[0] Sep 23, 09:26:58 Debug IKE pfkey getspi sent. Sep 23, 09:26:58 Debug IKE get pfkey GETSPI message Sep 23, 09:26:58 Debug IKE 02010003 0a000000 02000000 4e040000 02000100 00291050 10020000 3c33313e Sep 23, 09:26:58 Debug IKE 03000500 ff200000 10020000 5861f516 00000000 00000000 03000600 ff200000 Sep 23, 09:26:58 Debug IKE 10020000 c0a80402 00000000 00000000 Sep 23, 09:26:58 Debug IKE pfkey GETSPI succeeded: ESP/Tunnel 123.321.1.1[0]->192.168.1.2[0] spi=2691152(0x291050) Sep 23, 09:26:58 Debug IKE hmac(modp1024) Sep 23, 09:26:58 Debug IKE hmac(modp1024) Sep 23, 09:26:58 Debug IKE hmac(modp1024) Sep 23, 09:26:58 Debug IKE hmac(modp1024) Sep 23, 09:26:58 Debug IKE hmac(modp1024) Sep 23, 09:26:58 Debug IKE compute DH's private. Sep 23, 09:26:58 Debug IKE 7e1cfff3 bfa305f8 2dfd5502 a4e0f199 6bc6e4ef 23b5bb30 d1e47912 c444badb Sep 23, 09:26:58 Debug IKE 4ed6cfbe ab969fc0 2728525b 91080265 14df0b76 bec8a904 dffc2939 ba3fcaf9 Sep 23, 09:26:58 Debug IKE 79cb4e10 849ab74c aa1d1dd8 9ee77190 38d7d3d7 04b01347 eb8c15bc fa9e3fdb Sep 23, 09:26:58 Debug IKE 440ad5e5 c4f35d96 87aeb150 e626fb82 8b989fd0 a068c541 fb72ef56 2a527023 Sep 23, 09:26:58 Debug IKE compute DH's public. Sep 23, 09:26:58 Debug IKE 4bcff069 9115570f 6aa8208f 4deed1ed 96c700df 89f72918 69be851d 37c9b26d Sep 23, 09:26:58 Debug IKE 6e91e7dd c7283ab2 de595691 759e59d2 9891cb3a 105d940f 3d04e311 7f681c20 Sep 23, 09:26:58 Debug IKE 237c668e 994a4029 e85f3a28 c40b8fef 462cd42d 9bb26569 738c1ad1 59b142aa Sep 23, 09:26:58 Debug IKE 691364e7 e76e4e7c 152e092d eea5a565 9bbc7b43 0fe17d97 590b594b 84ec3aa7 Sep 23, 09:26:58 Debug IKE use local ID type IPv4_address Sep 23, 09:26:58 Debug IKE use remote ID type IPv4_subnet Sep 23, 09:26:58 Debug IKE IDci: Sep 23, 09:26:58 Debug IKE 01000000 b0100130 Sep 23, 09:26:58 Debug IKE IDcr: Sep 23, 09:26:58 Debug IKE 04000000 c0a80100 ffffff00 Sep 23, 09:26:58 Debug IKE add payload of len 76, next type 10 Sep 23, 09:26:58 Debug IKE add payload of len 16, next type 4 Sep 23, 09:26:58 Debug IKE add payload of len 128, next type 5 Sep 23, 09:26:58 Debug IKE add payload of len 8, next type 5 Sep 23, 09:26:58 Debug IKE add payload of len 12, next type 0 Sep 23, 09:26:58 Debug IKE HASH with: Sep 23, 09:26:58 Debug IKE e1136ae6 0a000050 00000001 00000001 00000044 01030402 00291050 0300001c Sep 23, 09:26:58 Debug IKE 01020000 80010001 80027080 80040001 80050002 80030002 0000001c 02030000 Sep 23, 09:26:58 Debug IKE 80010001 80027080 80040001 80050002 80030002 04000014 8a231521 701134f4 Sep 23, 09:26:58 Debug IKE eb42a346 0502fbf4 05000084 4bcff069 9115570f 6aa8208f 4deed1ed 96c700df Sep 23, 09:26:58 Debug IKE 89f72918 69be851d 37c9b26d 6e91e7dd c7283ab2 de595691 759e59d2 9891cb3a Sep 23, 09:26:58 Debug IKE 105d940f 3d04e311 7f681c20 237c668e 994a4029 e85f3a28 c40b8fef 462cd42d Sep 23, 09:26:58 Debug IKE 9bb26569 738c1ad1 59b142aa 691364e7 e76e4e7c 152e092d eea5a565 9bbc7b43 Sep 23, 09:26:58 Debug IKE 0fe17d97 590b594b 84ec3aa7 0500000c 01000000 b0100130 00000010 04000000


14

Sep 23, 09:26:58 Debug IKE c0a80100 ffffff00 Sep 23, 09:26:58 Debug IKE hmac(hmac_sha1) Sep 23, 09:26:58 Debug IKE HASH computed: Sep 23, 09:26:58 Debug IKE b2e51d63 4607c54b 495e5917 ed206325 51cc4136 Sep 23, 09:26:58 Debug IKE add payload of len 20, next type 1 Sep 23, 09:26:58 Debug IKE begin encryption. Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE pad length = 4 Sep 23, 09:26:58 Debug IKE 01000018 b2e51d63 4607c54b 495e5917 ed206325 51cc4136 0a000050 00000001 Sep 23, 09:26:58 Debug IKE 00000001 00000044 01030402 00291050 0300001c 01020000 80010001 80027080 Sep 23, 09:26:58 Debug IKE 80040001 80050002 80030002 0000001c 02030000 80010001 80027080 80040001 Sep 23, 09:26:58 Debug IKE 80050002 80030002 04000014 8a231521 701134f4 eb42a346 0502fbf4 05000084 Sep 23, 09:26:58 Debug IKE 4bcff069 9115570f 6aa8208f 4deed1ed 96c700df 89f72918 69be851d 37c9b26d Sep 23, 09:26:58 Debug IKE 6e91e7dd c7283ab2 de595691 759e59d2 9891cb3a 105d940f 3d04e311 7f681c20 Sep 23, 09:26:58 Debug IKE 237c668e 994a4029 e85f3a28 c40b8fef 462cd42d 9bb26569 738c1ad1 59b142aa Sep 23, 09:26:58 Debug IKE 691364e7 e76e4e7c 152e092d eea5a565 9bbc7b43 0fe17d97 590b594b 84ec3aa7 Sep 23, 09:26:58 Debug IKE 0500000c 01000000 b0100130 00000010 04000000 c0a80100 ffffff00 f2b99d03 Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE with key: Sep 23, 09:26:58 Debug IKE 9054a625 09f29397 780b5555 1cf120c4 f6a03878 e2b9a868 Sep 23, 09:26:58 Debug IKE encrypted payload by IV: Sep 23, 09:26:58 Debug IKE ef24df6d 118b6036 Sep 23, 09:26:58 Debug IKE save IV for next: Sep 23, 09:26:58 Debug IKE f3d3ad4e 2e7455b6 Sep 23, 09:26:58 Debug IKE encrypted. Sep 23, 09:26:58 Debug IKE 316 bytes from 192.168.1.2[500] to 123.321.1.1[500] Sep 23, 09:26:58 Debug IKE sockname 192.168.1.2[500] Sep 23, 09:26:58 Debug IKE send packet from 192.168.1.2[500] Sep 23, 09:26:58 Debug IKE send packet to 123.321.1.1[500] Sep 23, 09:26:58 Debug IKE 1 times of 316 bytes message will be sent to 123.321.1.1[500] Sep 23, 09:26:58 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 08102001 e1136ae6 0000013c 4e2d777b Sep 23, 09:26:58 Debug IKE bc874cd3 5fd5391a 394b3515 ff2e5a60 0e0ef352 4f6dc352 cff2c6af 21c0d410 Sep 23, 09:26:58 Debug IKE dee9004a 7ffc805c a1afad04 5a352a34 6bbb7855 1e1d8536 81bd5928 3390c56b Sep 23, 09:26:58 Debug IKE d7bba338 f588266e 4728a9a9 d66b1540 6329ee97 a2e5052d 2d0e2cb1 82f9c1ab Sep 23, 09:26:58 Debug IKE 792e2fa1 7dcd8ff5 47ba0ad0 a80066ba 6e51221a b28812bd 67e7421b a8df7b0e Sep 23, 09:26:58 Debug IKE befb3dfc 2689163a 03ecd12d 4912a31e 9b5066f8 948877a9 054a26b0 a0c01106 Sep 23, 09:26:58 Debug IKE 5e1d9478 a15589dc f9c692a7 7799db2d d070a1f4 1e326f0a 1d154c99 1fae8adc Sep 23, 09:26:58 Debug IKE 4d26613e 10387dfb 2c5da066 ff060b21 42586d79 e40057c5 90cf25d7 06791d8e Sep 23, 09:26:58 Debug IKE cac2ed96 0ac62630 4bf2ee59 f93c548f 63d1f61b 18844321 2b4760c8 8b3c8388 Sep 23, 09:26:58 Debug IKE 74bcf473 0e46890c 66df13a0 c32cfa87 de812242 f3d3ad4e 2e7455b6 Sep 23, 09:26:58 Debug IKE resend phase2 packet 1d4c706bfd2fcc10:221fe87e010e49b7:0000e113 Sep 23, 09:26:58 Debug IKE === Sep 23, 09:26:58 Debug IKE 84 bytes message received from 123.321.1.1[500] to 192.168.1.2[500] Sep 23, 09:26:58 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 08100501 a0721e67 00000054 81fca91c Sep 23, 09:26:58 Debug IKE b7a5b63c 4043e5b9 a1e9afba 9531a35f 8663862e 24ad93b5 b1db9d33 4f0016c1 Sep 23, 09:26:58 Debug IKE 71994975 a6d0d526 2d4d255d 6e6bad7f a8f43083 Sep 23, 09:26:58 Debug IKE receive Information. Sep 23, 09:26:58 Debug IKE compute IV for phase2 Sep 23, 09:26:58 Debug IKE phase1 last IV: Sep 23, 09:26:58 Debug IKE 57d8aa01 dd734f04 a0721e67 Sep 23, 09:26:58 Debug IKE hash(sha1) Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE phase2 IV computed: Sep 23, 09:26:58 Debug IKE e7945fca 1f4214ab Sep 23, 09:26:58 Debug IKE begin decryption. Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE IV was saved for next processing: Sep 23, 09:26:58 Debug IKE 6e6bad7f a8f43083 Sep 23, 09:26:58 Debug IKE encryption(3des) Sep 23, 09:26:58 Debug IKE with key: Sep 23, 09:26:58 Debug IKE 9054a625 09f29397 780b5555 1cf120c4 f6a03878 e2b9a868 Sep 23, 09:26:58 Debug IKE decrypted payload by IV: Sep 23, 09:26:58 Debug IKE e7945fca 1f4214ab Sep 23, 09:26:58 Debug IKE decrypted payload, but not trimed. Sep 23, 09:26:58 Debug IKE 0b000018 45416e11 7d297cf8 ceea0a14 27840302 5e135bb1 0000001c 00000001 Sep 23, 09:26:58 Debug IKE 01106002 1d4c706b fd2fcc10 221fe87e 010e49b7 a740ab03 Sep 23, 09:26:58 Debug IKE padding len=4 Sep 23, 09:26:58 Debug IKE skip to trim padding. Sep 23, 09:26:58 Debug IKE decrypted. Sep 23, 09:26:58 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 08100501 a0721e67 00000054 0b000018 Sep 23, 09:26:58 Debug IKE 45416e11 7d297cf8 ceea0a14 27840302 5e135bb1 0000001c 00000001 01106002 Sep 23, 09:26:58 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 a740ab03 Sep 23, 09:26:58 Debug IKE IV freed Sep 23, 09:26:58 Debug IKE HASH with:


15

Sep 23, 09:26:58 Debug IKE a0721e67 0000001c 00000001 01106002 1d4c706b fd2fcc10 221fe87e 010e49b7 Sep 23, 09:26:58 Debug IKE hmac(hmac_sha1) Sep 23, 09:26:58 Debug IKE HASH computed: Sep 23, 09:26:58 Debug IKE 45416e11 7d297cf8 ceea0a14 27840302 5e135bb1 Sep 23, 09:26:58 Debug IKE hash validated. Sep 23, 09:26:58 Debug IKE begin. Sep 23, 09:26:58 Debug IKE seen nptype=8(hash) Sep 23, 09:26:58 Debug IKE seen nptype=11(notify) Sep 23, 09:26:58 Debug IKE succeed. Sep 23, 09:26:58 Debug IKE call pfkey_send_dump Sep 23, 09:26:58 Debug IKE msg 16 not interesting Sep 23, 09:26:58 Debug IKE msg 15 not interesting Sep 23, 09:27:03 Debug IKE 316 bytes from 192.168.1.2[500] to 123.321.1.1[500] Sep 23, 09:27:03 Debug IKE sockname 192.168.1.2[500] Sep 23, 09:27:03 Debug IKE send packet from 192.168.1.2[500] Sep 23, 09:27:03 Debug IKE send packet to 123.321.1.1[500] Sep 23, 09:27:03 Debug IKE 1 times of 316 bytes message will be sent to 123.321.1.1[500] Sep 23, 09:27:03 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 08102001 e1136ae6 0000013c 4e2d777b Sep 23, 09:27:03 Debug IKE bc874cd3 5fd5391a 394b3515 ff2e5a60 0e0ef352 4f6dc352 cff2c6af 21c0d410 Sep 23, 09:27:03 Debug IKE dee9004a 7ffc805c a1afad04 5a352a34 6bbb7855 1e1d8536 81bd5928 3390c56b Sep 23, 09:27:03 Debug IKE d7bba338 f588266e 4728a9a9 d66b1540 6329ee97 a2e5052d 2d0e2cb1 82f9c1ab Sep 23, 09:27:03 Debug IKE 792e2fa1 7dcd8ff5 47ba0ad0 a80066ba 6e51221a b28812bd 67e7421b a8df7b0e Sep 23, 09:27:03 Debug IKE befb3dfc 2689163a 03ecd12d 4912a31e 9b5066f8 948877a9 054a26b0 a0c01106 Sep 23, 09:27:03 Debug IKE 5e1d9478 a15589dc f9c692a7 7799db2d d070a1f4 1e326f0a 1d154c99 1fae8adc Sep 23, 09:27:03 Debug IKE 4d26613e 10387dfb 2c5da066 ff060b21 42586d79 e40057c5 90cf25d7 06791d8e Sep 23, 09:27:03 Debug IKE cac2ed96 0ac62630 4bf2ee59 f93c548f 63d1f61b 18844321 2b4760c8 8b3c8388 Sep 23, 09:27:03 Debug IKE 74bcf473 0e46890c 66df13a0 c32cfa87 de812242 f3d3ad4e 2e7455b6 Sep 23, 09:27:03 Debug IKE resend phase2 packet 1d4c706bfd2fcc10:221fe87e010e49b7:0000e113 Sep 23, 09:27:04 Debug IKE === Sep 23, 09:27:04 Debug IKE 292 bytes message received from 123.321.1.1[500] to 192.168.1.2[500] Sep 23, 09:27:04 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 08102001 e1136ae6 00000124 678427df Sep 23, 09:27:04 Debug IKE 5b009c53 e4d9be8b 2e7e7495 eda35015 677b215a 2f6264fb 6c6baf87 ca4e44e7 Sep 23, 09:27:04 Debug IKE 571ec481 d5d0589a 7831168a 758eb7a3 65f24f74 5dadbb6d ad5eed75 57346d54 Sep 23, 09:27:04 Debug IKE de6fc62b 8d63cdc0 2425d267 beb89c6b 1a58dff0 dbe4b4da ce4a01d9 13869faf Sep 23, 09:27:04 Debug IKE 3d920899 7a747f6e 4eed991b 621ceb0b e5b911c5 edf806e1 5b95683d ba1187e8 Sep 23, 09:27:04 Debug IKE e7b028d2 8ac38224 0365d85d 14067f55 8ea0eec1 34b2899c 7425616f aa7f585a Sep 23, 09:27:04 Debug IKE 73c6b862 b012cf3e 5395b70c c3202d49 0a5c0bb8 ecb9b807 04e70662 1bf229d1 Sep 23, 09:27:04 Debug IKE 39ea3c60 62b86fe8 6c62a926 b1bef007 da8b5c26 6a1b00f9 44b3918c 94d71165 Sep 23, 09:27:04 Debug IKE 9cf74778 b0d7da28 ea5431b7 ecc4c195 099bb2f8 8090c66d 7c2bda99 5586fdcd Sep 23, 09:27:04 Debug IKE c4d01e52 Sep 23, 09:27:04 Debug IKE begin decryption. Sep 23, 09:27:04 Debug IKE encryption(3des) Sep 23, 09:27:04 Debug IKE IV was saved for next processing: Sep 23, 09:27:04 Debug IKE 5586fdcd c4d01e52 Sep 23, 09:27:04 Debug IKE encryption(3des) Sep 23, 09:27:04 Debug IKE with key: Sep 23, 09:27:04 Debug IKE 9054a625 09f29397 780b5555 1cf120c4 f6a03878 e2b9a868 Sep 23, 09:27:04 Debug IKE decrypted payload by IV: Sep 23, 09:27:04 Debug IKE f3d3ad4e 2e7455b6 Sep 23, 09:27:04 Debug IKE decrypted payload, but not trimed. Sep 23, 09:27:04 Debug IKE 01000018 d675cb31 affd94d5 56782113 1c4d6011 75d7e954 0a000034 00000001 Sep 23, 09:27:04 Debug IKE 00000001 00000028 01030401 0c95bedf 0000001c 02030000 80010001 80027080 Sep 23, 09:27:04 Debug IKE 80040001 80050002 80030002 04000014 b546b1a3 d8a989cf d9c6a9c5 c4a36937 Sep 23, 09:27:04 Debug IKE 05000084 3147461b 4f990624 1a1705db 4bdb0be5 ecbbfa30 bf3441a3 d85a5d2d Sep 23, 09:27:04 Debug IKE adc7ceb2 a9350fa1 ddf459b3 ffc38c5b 5155c3ea bb902a65 c1727a0b 21b14e90 Sep 23, 09:27:04 Debug IKE 6bb7b9dc a0bf2ff5 a25f782a a0e6fab4 2a68d774 1916b148 6c412ce6 50e10ca3 Sep 23, 09:27:04 Debug IKE 68b302c6 13a5de27 ece8437a c8fc8879 65964ca7 003a70e6 175a0d4d 2afb579d Sep 23, 09:27:04 Debug IKE 797b6fd2 0500000c 01000000 b0100130 00000010 04000000 c0a80100 ffffff00 Sep 23, 09:27:04 Debug IKE 522d2249 c49de107 Sep 23, 09:27:04 Debug IKE padding len=8 Sep 23, 09:27:04 Debug IKE skip to trim padding. Sep 23, 09:27:04 Debug IKE decrypted. Sep 23, 09:27:04 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 08102001 e1136ae6 00000124 01000018 Sep 23, 09:27:04 Debug IKE d675cb31 affd94d5 56782113 1c4d6011 75d7e954 0a000034 00000001 00000001 Sep 23, 09:27:04 Debug IKE 00000028 01030401 0c95bedf 0000001c 02030000 80010001 80027080 80040001 Sep 23, 09:27:04 Debug IKE 80050002 80030002 04000014 b546b1a3 d8a989cf d9c6a9c5 c4a36937 05000084 Sep 23, 09:27:04 Debug IKE 3147461b 4f990624 1a1705db 4bdb0be5 ecbbfa30 bf3441a3 d85a5d2d adc7ceb2 Sep 23, 09:27:04 Debug IKE a9350fa1 ddf459b3 ffc38c5b 5155c3ea bb902a65 c1727a0b 21b14e90 6bb7b9dc Sep 23, 09:27:04 Debug IKE a0bf2ff5 a25f782a a0e6fab4 2a68d774 1916b148 6c412ce6 50e10ca3 68b302c6 Sep 23, 09:27:04 Debug IKE 13a5de27 ece8437a c8fc8879 65964ca7 003a70e6 175a0d4d 2afb579d 797b6fd2 Sep 23, 09:27:04 Debug IKE 0500000c 01000000 b0100130 00000010 04000000 c0a80100 ffffff00 522d2249 Sep 23, 09:27:04 Debug IKE c49de107 Sep 23, 09:27:04 Debug IKE begin. Sep 23, 09:27:04 Debug IKE seen nptype=8(hash)


16

Sep 23, 09:27:04 Debug IKE seen nptype=1(sa) Sep 23, 09:27:04 Debug IKE seen nptype=10(nonce) Sep 23, 09:27:04 Debug IKE seen nptype=4(ke) Sep 23, 09:27:04 Debug IKE seen nptype=5(id) Sep 23, 09:27:04 Debug IKE seen nptype=5(id) Sep 23, 09:27:04 Debug IKE succeed. Sep 23, 09:27:04 Debug IKE HASH allocated:hbuf->l=280 actual:tlen=248 Sep 23, 09:27:04 Debug IKE HASH(2) received:2007-09-23 09:27:04: DEBUG: Sep 23, 09:27:04 Debug IKE d675cb31 affd94d5 56782113 1c4d6011 75d7e954 Sep 23, 09:27:04 Debug IKE HASH with: Sep 23, 09:27:04 Debug IKE e1136ae6 8a231521 701134f4 eb42a346 0502fbf4 0a000034 00000001 00000001 Sep 23, 09:27:04 Debug IKE 00000028 01030401 0c95bedf 0000001c 02030000 80010001 80027080 80040001 Sep 23, 09:27:04 Debug IKE 80050002 80030002 04000014 b546b1a3 d8a989cf d9c6a9c5 c4a36937 05000084 Sep 23, 09:27:04 Debug IKE 3147461b 4f990624 1a1705db 4bdb0be5 ecbbfa30 bf3441a3 d85a5d2d adc7ceb2 Sep 23, 09:27:04 Debug IKE a9350fa1 ddf459b3 ffc38c5b 5155c3ea bb902a65 c1727a0b 21b14e90 6bb7b9dc Sep 23, 09:27:04 Debug IKE a0bf2ff5 a25f782a a0e6fab4 2a68d774 1916b148 6c412ce6 50e10ca3 68b302c6 Sep 23, 09:27:04 Debug IKE 13a5de27 ece8437a c8fc8879 65964ca7 003a70e6 175a0d4d 2afb579d 797b6fd2 Sep 23, 09:27:04 Debug IKE 0500000c 01000000 b0100130 00000010 04000000 c0a80100 ffffff00 Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE HASH computed: Sep 23, 09:27:04 Debug IKE d675cb31 affd94d5 56782113 1c4d6011 75d7e954 Sep 23, 09:27:04 Debug IKE total SA len=76 Sep 23, 09:27:04 Debug IKE 00000001 00000001 00000044 01030402 00291050 0300001c 01020000 80010001 Sep 23, 09:27:04 Debug IKE 80027080 80040001 80050002 80030002 0000001c 02030000 80010001 80027080 Sep 23, 09:27:04 Debug IKE 80040001 80050002 80030002 Sep 23, 09:27:04 Debug IKE begin. Sep 23, 09:27:04 Debug IKE seen nptype=2(prop) Sep 23, 09:27:04 Debug IKE succeed. Sep 23, 09:27:04 Debug IKE proposal #1 len=68 Sep 23, 09:27:04 Debug IKE begin. Sep 23, 09:27:04 Debug IKE seen nptype=3(trns) Sep 23, 09:27:04 Debug IKE seen nptype=3(trns) Sep 23, 09:27:04 Debug IKE succeed. Sep 23, 09:27:04 Debug IKE transform #1 len=28 Sep 23, 09:27:04 Debug IKE type=SA Life Type, flag=0x8000, lorv=seconds Sep 23, 09:27:04 Debug IKE type=SA Life Duration, flag=0x8000, lorv=28800 Sep 23, 09:27:04 Debug IKE life duration was in TLV. Sep 23, 09:27:04 Debug IKE type=Encryption Mode, flag=0x8000, lorv=Tunnel Sep 23, 09:27:04 Debug IKE type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha Sep 23, 09:27:04 Debug IKE type=Group Description, flag=0x8000, lorv=2 Sep 23, 09:27:04 Debug IKE hmac(modp1024) Sep 23, 09:27:04 Debug IKE transform #2 len=28 Sep 23, 09:27:04 Debug IKE type=SA Life Type, flag=0x8000, lorv=seconds Sep 23, 09:27:04 Debug IKE type=SA Life Duration, flag=0x8000, lorv=28800 Sep 23, 09:27:04 Debug IKE life duration was in TLV. Sep 23, 09:27:04 Debug IKE type=Encryption Mode, flag=0x8000, lorv=Tunnel Sep 23, 09:27:04 Debug IKE type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha Sep 23, 09:27:04 Debug IKE type=Group Description, flag=0x8000, lorv=2 Sep 23, 09:27:04 Debug IKE hmac(modp1024) Sep 23, 09:27:04 Debug IKE pair 1: Sep 23, 09:27:04 Debug IKE 0x309790: next=0x0 tnext=0x30a580 Sep 23, 09:27:04 Debug IKE 0x30a580: next=0x0 tnext=0x0 Sep 23, 09:27:04 Debug IKE proposal #1: 2 transform Sep 23, 09:27:04 Debug IKE total SA len=48 Sep 23, 09:27:04 Debug IKE 00000001 00000001 00000028 01030401 0c95bedf 0000001c 02030000 80010001 Sep 23, 09:27:04 Debug IKE 80027080 80040001 80050002 80030002 Sep 23, 09:27:04 Debug IKE begin. Sep 23, 09:27:04 Debug IKE seen nptype=2(prop) Sep 23, 09:27:04 Debug IKE succeed. Sep 23, 09:27:04 Debug IKE proposal #1 len=40 Sep 23, 09:27:04 Debug IKE begin. Sep 23, 09:27:04 Debug IKE seen nptype=3(trns) Sep 23, 09:27:04 Debug IKE succeed. Sep 23, 09:27:04 Debug IKE transform #2 len=28 Sep 23, 09:27:04 Debug IKE type=SA Life Type, flag=0x8000, lorv=seconds Sep 23, 09:27:04 Debug IKE type=SA Life Duration, flag=0x8000, lorv=28800 Sep 23, 09:27:04 Debug IKE life duration was in TLV. Sep 23, 09:27:04 Debug IKE type=Encryption Mode, flag=0x8000, lorv=Tunnel Sep 23, 09:27:04 Debug IKE type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha Sep 23, 09:27:04 Debug IKE type=Group Description, flag=0x8000, lorv=2 Sep 23, 09:27:04 Debug IKE hmac(modp1024) Sep 23, 09:27:04 Debug IKE pair 1: Sep 23, 09:27:04 Debug IKE 0x309780: next=0x0 tnext=0x0 Sep 23, 09:27:04 Debug IKE proposal #1: 1 transform


17

Sep 23, 09:27:04 Debug IKE begin compare proposals. Sep 23, 09:27:04 Debug IKE pair[1]: 0x309780 Sep 23, 09:27:04 Debug IKE 0x309780: next=0x0 tnext=0x0 Sep 23, 09:27:04 Debug IKE prop#=1 prot-id=ESP spi-size=4 #trns=1 trns#=2 trns-id=3DES Sep 23, 09:27:04 Debug IKE type=SA Life Type, flag=0x8000, lorv=seconds Sep 23, 09:27:04 Debug IKE type=SA Life Duration, flag=0x8000, lorv=28800 Sep 23, 09:27:04 Debug IKE type=Encryption Mode, flag=0x8000, lorv=Tunnel Sep 23, 09:27:04 Debug IKE type=Authentication Algorithm, flag=0x8000, lorv=hmac-sha Sep 23, 09:27:04 Debug IKE type=Group Description, flag=0x8000, lorv=2 Sep 23, 09:27:04 Debug IKE peer's single bundle: Sep 23, 09:27:04 Debug IKE (proto_id=ESP spisize=4 spi=0c95bedf spi_p=00000000 encmode=Tunnel reqid=0:0) Sep 23, 09:27:04 Debug IKE (trns_id=3DES encklen=0 authtype=hmac-sha) Sep 23, 09:27:04 Debug IKE my single bundle: Sep 23, 09:27:04 Debug IKE (proto_id=ESP spisize=4 spi=00291050 spi_p=00000000 encmode=Tunnel reqid=8:7) Sep 23, 09:27:04 Debug IKE (trns_id=DES encklen=0 authtype=hmac-sha) Sep 23, 09:27:04 Debug IKE (trns_id=3DES encklen=0 authtype=hmac-sha) Sep 23, 09:27:04 Warning IKE trns_id mismatched: my:DES peer:3DES Sep 23, 09:27:04 Debug IKE matched Sep 23, 09:27:04 Debug IKE === Sep 23, 09:27:04 Debug IKE HASH(3) generate Sep 23, 09:27:04 Debug IKE HASH with: Sep 23, 09:27:04 Debug IKE 00e1136a e68a2315 21701134 f4eb42a3 460502fb f4b546b1 a3d8a989 cfd9c6a9 Sep 23, 09:27:04 Debug IKE c5c4a369 37 Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE HASH computed: Sep 23, 09:27:04 Debug IKE e5d44ce3 d407307e 906ce4ab 42a2012f b0b44829 Sep 23, 09:27:04 Debug IKE add payload of len 20, next type 0 Sep 23, 09:27:04 Debug IKE begin encryption. Sep 23, 09:27:04 Debug IKE encryption(3des) Sep 23, 09:27:04 Debug IKE pad length = 8 Sep 23, 09:27:04 Debug IKE 00000018 e5d44ce3 d407307e 906ce4ab 42a2012f b0b44829 f99bc094 beedd607 Sep 23, 09:27:04 Debug IKE encryption(3des) Sep 23, 09:27:04 Debug IKE with key: Sep 23, 09:27:04 Debug IKE 9054a625 09f29397 780b5555 1cf120c4 f6a03878 e2b9a868 Sep 23, 09:27:04 Debug IKE encrypted payload by IV: Sep 23, 09:27:04 Debug IKE 5586fdcd c4d01e52 Sep 23, 09:27:04 Debug IKE save IV for next: Sep 23, 09:27:04 Debug IKE 5473bac4 62259886 Sep 23, 09:27:04 Debug IKE encrypted. Sep 23, 09:27:04 Debug IKE 60 bytes from 192.168.1.2[500] to 123.321.1.1[500] Sep 23, 09:27:04 Debug IKE sockname 192.168.1.2[500] Sep 23, 09:27:04 Debug IKE send packet from 192.168.1.2[500] Sep 23, 09:27:04 Debug IKE send packet to 123.321.1.1[500] Sep 23, 09:27:04 Debug IKE 1 times of 60 bytes message will be sent to 123.321.1.1[500] Sep 23, 09:27:04 Debug IKE 1d4c706b fd2fcc10 221fe87e 010e49b7 08102001 e1136ae6 0000003c 365a9daa Sep 23, 09:27:04 Debug IKE 8f8a161f 080d277a 61b7a199 d8920c8c cf761bd8 5473bac4 62259886 Sep 23, 09:27:04 Debug IKE compute DH's shared. Sep 23, 09:27:04 Debug IKE 22e3b118 1283c2f9 05b4966b 8bfd3830 41ac940a 329c5f9d 17924bc6 58ac7a1f Sep 23, 09:27:04 Debug IKE 85057a33 8469d965 e4ab7f5e 000b9ec7 af7086e9 e11a55bb 7b5a53a0 72876a73 Sep 23, 09:27:04 Debug IKE 3edb8da2 1062d99e 80825c2b 71129d8d 8600fd89 c82c4920 cf2103d0 710b16a0 Sep 23, 09:27:04 Debug IKE 366f9b1d f0f8f5df dc60c578 7f6bf880 717ce097 2bc280dd f9002177 661beca6 Sep 23, 09:27:04 Debug IKE KEYMAT compute with Sep 23, 09:27:04 Debug IKE 22e3b118 1283c2f9 05b4966b 8bfd3830 41ac940a 329c5f9d 17924bc6 58ac7a1f Sep 23, 09:27:04 Debug IKE 85057a33 8469d965 e4ab7f5e 000b9ec7 af7086e9 e11a55bb 7b5a53a0 72876a73 Sep 23, 09:27:04 Debug IKE 3edb8da2 1062d99e 80825c2b 71129d8d 8600fd89 c82c4920 cf2103d0 710b16a0 Sep 23, 09:27:04 Debug IKE 366f9b1d f0f8f5df dc60c578 7f6bf880 717ce097 2bc280dd f9002177 661beca6 Sep 23, 09:27:04 Debug IKE 03002910 508a2315 21701134 f4eb42a3 460502fb f4b546b1 a3d8a989 cfd9c6a9 Sep 23, 09:27:04 Debug IKE c5c4a369 37 Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE encryption(3des) Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE encklen=192 authklen=160 Sep 23, 09:27:04 Debug IKE generating 640 bits of key (dupkeymat=4) Sep 23, 09:27:04 Debug IKE generating K1...K4 for KEYMAT. Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE 7b45c463 2aa3254d cc41dbca a413b265 c664c670 3f6d5632 3a83a3ba 3c282742 Sep 23, 09:27:04 Debug IKE 9793a395 688f4aa0 ee86f61a a750e7ec 6b688179 54363da7 ee8da3c6 593cb9db Sep 23, 09:27:04 Debug IKE d6a3ac94 e8a9f2e3 e45c8eca ebd86704 Sep 23, 09:27:04 Debug IKE KEYMAT compute with Sep 23, 09:27:04 Debug IKE 22e3b118 1283c2f9 05b4966b 8bfd3830 41ac940a 329c5f9d 17924bc6 58ac7a1f Sep 23, 09:27:04 Debug IKE 85057a33 8469d965 e4ab7f5e 000b9ec7 af7086e9 e11a55bb 7b5a53a0 72876a73 Sep 23, 09:27:04 Debug IKE 3edb8da2 1062d99e 80825c2b 71129d8d 8600fd89 c82c4920 cf2103d0 710b16a0


18

Sep 23, 09:27:04 Debug IKE 366f9b1d f0f8f5df dc60c578 7f6bf880 717ce097 2bc280dd f9002177 661beca6 Sep 23, 09:27:04 Debug IKE 030c95be df8a2315 21701134 f4eb42a3 460502fb f4b546b1 a3d8a989 cfd9c6a9 Sep 23, 09:27:04 Debug IKE c5c4a369 37 Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE encryption(3des) Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE encklen=192 authklen=160 Sep 23, 09:27:04 Debug IKE generating 640 bits of key (dupkeymat=4) Sep 23, 09:27:04 Debug IKE generating K1...K4 for KEYMAT. Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE 18e96c00 7f0f1e7e b2668048 047f9512 49dd612a f534a6b1 c1dbb091 3b150eed Sep 23, 09:27:04 Debug IKE 59aac947 738d5426 fb623049 ed7cf638 6260f258 2bf6f7bb 493d9e87 24b0e05e Sep 23, 09:27:04 Debug IKE 0980a5be 8602b36e 8b191d37 2563a909 Sep 23, 09:27:04 Debug IKE KEYMAT computed. Sep 23, 09:27:04 Debug IKE call pk_sendupdate Sep 23, 09:27:04 Debug IKE encryption(3des) Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE call pfkey_send_update_nat Sep 23, 09:27:04 Debug APP Received SADB message type UPDATE, 123.321.1.1 [0] -> 192.168.1.2 [0] Sep 23, 09:27:04 Debug APP SA change detected Sep 23, 09:27:04 Debug IKE pfkey update sent. Sep 23, 09:27:04 Debug IKE encryption(3des) Sep 23, 09:27:04 Debug IKE hmac(hmac_sha1) Sep 23, 09:27:04 Debug IKE call pfkey_send_add_nat Sep 23, 09:27:04 Debug APP Received SADB message type ADD, 192.168.1.2 [0] -> 123.321.1.1 [0] Sep 23, 09:27:04 Debug APP SA change detected Sep 23, 09:27:04 Debug APP Connection Office is up Sep 23, 09:27:04 Debug IKE pfkey add sent. Sep 23, 09:27:04 Debug IKE get pfkey UPDATE message Sep 23, 09:27:04 Debug IKE 02020003 14000000 02000000 4e040000 02000100 00291050 04000202 00000000 Sep 23, 09:27:04 Debug IKE 02001300 02000000 00000000 08000000 03000500 ff200000 10020000 5861f516 Sep 23, 09:27:04 Debug IKE 00000000 00000000 03000600 ff200000 10020000 c0a80402 00000000 00000000 Sep 23, 09:27:04 Debug IKE 04000300 00000000 00000000 00000000 80700000 00000000 00000000 00000000 Sep 23, 09:27:04 Debug IKE 04000400 00000000 00000000 00000000 005a0000 00000000 00000000 00000000 Sep 23, 09:27:04 Debug IKE pfkey UPDATE succeeded: ESP/Tunnel 123.321.1.1[0]->192.168.1.2[0] spi=2691152(0x291050) Sep 23, 09:27:04 Info IKE IPsec-SA established: ESP/Tunnel 123.321.1.1[0]->192.168.1.2[0] spi=2691152(0x291050) Sep 23, 09:27:04 Debug IKE === Sep 23, 09:27:04 Debug IKE get pfkey ADD message Sep 23, 09:27:04 Debug IKE 02030003 14000000 02000000 4e040000 02000100 0c95bedf 04000202 00000000 Sep 23, 09:27:04 Debug IKE 02001300 02000000 00000000 07000000 03000500 ff200000 10020000 c0a80402 Sep 23, 09:27:04 Debug IKE 00000000 00000000 03000600 ff200000 10020000 5861f516 00000000 00000000 Sep 23, 09:27:04 Debug IKE 04000300 00000000 00000000 00000000 80700000 00000000 00000000 00000000 Sep 23, 09:27:04 Debug IKE 04000400 00000000 00000000 00000000 005a0000 00000000 00000000 00000000 Sep 23, 09:27:04 Info IKE IPsec-SA established: ESP/Tunnel 192.168.1.2[0]->123.321.1.1[0] spi=211140319(0xc95bedf) Sep 23, 09:27:04 Debug IKE ===


19

netgear dgfv338 howto - lobotomo · netgear dgfv338 remote lan 10.1.1.0/24 dial-up or broadband...

Documents