From owner-freebsd-security@FreeBSD.ORG Tue Nov 20 16:46:36 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7C32016A419 for ; Tue, 20 Nov 2007 16:46:36 +0000 (UTC) (envelope-from johndecot@yahoo.com) Received: from web55414.mail.re4.yahoo.com (web55414.mail.re4.yahoo.com [206.190.58.208]) by mx1.freebsd.org (Postfix) with SMTP id 3469013C474 for ; Tue, 20 Nov 2007 16:46:35 +0000 (UTC) (envelope-from johndecot@yahoo.com) Received: (qmail 77807 invoked by uid 60001); 20 Nov 2007 16:46:28 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=ZFeimzZt2IfaUhXEI2oHdNJXc+f7f8I2RLdN1iJPsiyeLwdzzAVrv78n/18McISLJM5o4+KkEvpXMByLgMgpQ24O+44/E9HQNluVsZpyv3VxR+FdDhwr5lMoKgUYkDniSkR8wL7TBfyUYSoJgiryjzefEhcJ+bV9FOXJydo1D6M=; X-YMail-OSG: 0kiM77YVM1kWUJtmapPTI4fC_vZEON43TkSv08Jw Received: from [63.219.0.15] by web55414.mail.re4.yahoo.com via HTTP; Tue, 20 Nov 2007 08:46:28 PST Date: Tue, 20 Nov 2007 08:46:28 -0800 (PST) From: john decot To: VANHULLEBUS Yvan , freebsd-security@freebsd.org In-Reply-To: <20071120123418.GA32444@zen.inc> MIME-Version: 1.0 Message-ID: <465714.76277.qm@web55414.mail.re4.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: IPSEC help X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2007 16:46:36 -0000 Hi, I have change life time in both side i.e 28800 sec but unlucky again. the following is the logs after change lifetime. comparision of lifetime is now 28800:28800 2007-11-20 20:27:12: DEBUG2: lifetime = 28800 2007-11-20 20:27:12: DEBUG2: lifebyte = 0 2007-11-20 20:27:12: DEBUG2: encklen=0 2007-11-20 20:27:12: DEBUG2: p:1 t:1 2007-11-20 20:27:12: DEBUG2: 3DES-CBC(5) 2007-11-20 20:27:12: DEBUG2: SHA(2) 2007-11-20 20:27:12: DEBUG2: 1024-bit MODP group(2) 2007-11-20 20:27:12: DEBUG2: RSA signatures(3) 2007-11-20 20:27:12: DEBUG2: 2007-11-20 20:27:12: DEBUG: hmac(modp1024) 2007-11-20 20:27:12: DEBUG: compression algorithm can not be checked because sadb message doesn't support it. 2007-11-20 20:27:12: DEBUG2: parse successed. 2007-11-20 20:27:12: DEBUG: my interface: 202.70.87.123 (lnc0) 2007-11-20 20:27:12: DEBUG: my interface: fe80::1%lo0 (lo0) 2007-11-20 20:27:12: DEBUG: my interface: ::1 (lo0) 2007-11-20 20:27:12: DEBUG: my interface: 127.0.0.1 (lo0) 2007-11-20 20:27:12: DEBUG: configuring default isakmp port. 2007-11-20 20:27:12: DEBUG: 4 addrs are configured successfully 2007-11-20 20:27:12: INFO: 127.0.0.1[500] used as isakmp port (fd=4) 2007-11-20 20:27:12: INFO: ::1[500] used as isakmp port (fd=5) 2007-11-20 20:27:12: INFO: fe80::1%lo0[500] used as isakmp port (fd=6) 2007-11-20 20:27:12: INFO: 202.70.87.123[500] used as isakmp port (fd=7) 2007-11-20 20:27:12: DEBUG: get pfkey X_SPDDUMP message 2007-11-20 20:27:12: DEBUG2: 02120000 17000100 01000000 ce020000 03000500 ff200000 10020000 cb5b82ad 00000000 00000000 03000600 ff200000 10020000 ca46577b 00000000 00000000 07001200 02000100 04400000 00000000 28003200 02020000 10020000 cb5b82ad 00000000 00000000 10020000 ca46577b 00000000 00000000 04000200 00000000 00000000 00000000 34f14247 00000000 34f14247 00000000 04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000 2007-11-20 20:27:12: DEBUG: get pfkey X_SPDDUMP message 2007-11-20 20:27:12: DEBUG2: 02120000 17000100 00000000 ce020000 03000500 ff200000 10020000 ca46577b 00000000 00000000 03000600 ff200000 10020000 cb5b82ad 00000000 00000000 07001200 02000200 05400000 00000000 28003200 02020000 10020000 ca46577b 00000000 00000000 10020000 cb5b82ad 00000000 00000000 04000200 00000000 00000000 00000000 34f14247 00000000 c1f14247 00000000 04000300 00000000 00000000 00000000 00000000 00000000 00000000 00000000 2007-11-20 20:27:12: DEBUG: sub:0xbfbfe600: 202.70.87.123/32[0] 203.91.130.173/32[0] proto=any dir=out 2007-11-20 20:27:12: DEBUG: db :0x809fa08: 203.91.130.173/32[0] 202.70.87.123/32[0] proto=any dir=in 2007-11-20 20:27:31: DEBUG: === 2007-11-20 20:27:31: DEBUG: 84 bytes message received from 203.91.130.173[500] to 202.70.87.123[500] 2007-11-20 20:27:31: DEBUG: 97986acd b6c3711c 0c54bbe7 18fce101 08100501 d953545f 00000054 7fae97bf 94a077f0 2f4cc211 731009a0 5d77f1ee 202451d0 cecc9200 bba29735 6442fa30 5b69f5b6 899625ff e2fa2eda 76f27e8e 09cb1b8e 2007-11-20 20:27:31: ERROR: unknown Informational exchange received. 2007-11-20 20:27:31: DEBUG: === 2007-11-20 20:27:31: DEBUG: 276 bytes message received from 203.91.130.173[500] to 202.70.87.123[500] 2007-11-20 20:27:31: DEBUG: 0f99cf2a db2bf6a3 00000000 00000000 01100200 00000000 00000114 0d0000a4 00000001 00000001 00000098 01010004 03000024 01010000 80010005 80020002 80040002 80030003 800b0001 000c0004 00007080 03000024 02010000 80010005 80020001 80040002 80030003 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030003 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030003 800b0001 000c0004 00007080 0d000018 1e2b5169 05991c7d 7c96fcbf b587e461 00000004 0d000014 4048b7d5 6ebce885 25e7de7f 00d6c2d3 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 00000014 26244d38 eddb61b3 172a36e3 d0cfb819 2007-11-20 20:27:31: DEBUG: anonymous configuration selected for 203.91.130.173[500]. 2007-11-20 20:27:31: DEBUG: === 2007-11-20 20:27:31: INFO: respond new phase 1 negotiation: 202.70.87.123[500]<=>203.91.130.173[500] 2007-11-20 20:27:31: INFO: begin Identity Protection mode. 2007-11-20 20:27:31: DEBUG: begin. 2007-11-20 20:27:31: DEBUG: seen nptype=1(sa) 2007-11-20 20:27:31: DEBUG: seen nptype=13(vid) 2007-11-20 20:27:31: DEBUG: seen nptype=13(vid) 2007-11-20 20:27:31: DEBUG: seen nptype=13(vid) 2007-11-20 20:27:31: DEBUG: seen nptype=13(vid) 2007-11-20 20:27:31: DEBUG: succeed. 2007-11-20 20:27:31: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY 2007-11-20 20:27:31: INFO: received Vendor ID: FRAGMENTATION 2007-11-20 20:27:31: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 2007-11-20 20:27:31: DEBUG: received unknown Vendor ID 2007-11-20 20:27:31: DEBUG: total SA len=160 2007-11-20 20:27:31: DEBUG: 00000001 00000001 00000098 01010004 03000024 01010000 80010005 80020002 80040002 80030003 800b0001 000c0004 00007080 03000024 02010000 80010005 80020001 80040002 80030003 800b0001 000c0004 00007080 03000024 03010000 80010001 80020002 80040001 80030003 800b0001 000c0004 00007080 00000024 04010000 80010001 80020001 80040001 80030003 800b0001 000c0004 00007080 2007-11-20 20:27:31: DEBUG: begin. 2007-11-20 20:27:31: DEBUG: seen nptype=2(prop) 2007-11-20 20:27:31: DEBUG: succeed. 2007-11-20 20:27:31: DEBUG: proposal #1 len=152 2007-11-20 20:27:31: DEBUG: begin. 2007-11-20 20:27:31: DEBUG: seen nptype=3(trns) 2007-11-20 20:27:31: DEBUG: seen nptype=3(trns) 2007-11-20 20:27:31: DEBUG: seen nptype=3(trns) 2007-11-20 20:27:31: DEBUG: seen nptype=3(trns) 2007-11-20 20:27:31: DEBUG: succeed. 2007-11-20 20:27:31: DEBUG: transform #1 len=36 2007-11-20 20:27:31: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 2007-11-20 20:27:31: DEBUG: encryption(3des) 2007-11-20 20:27:31: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2007-11-20 20:27:31: DEBUG: hash(sha1) 2007-11-20 20:27:31: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2007-11-20 20:27:31: DEBUG: hmac(modp1024) 2007-11-20 20:27:31: DEBUG: type=Authentication Method, flag=0x8000, lorv=RSA signatures 2007-11-20 20:27:31: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2007-11-20 20:27:31: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2007-11-20 20:27:31: DEBUG: transform #2 len=36 2007-11-20 20:27:31: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 2007-11-20 20:27:31: DEBUG: encryption(3des) 2007-11-20 20:27:31: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5 2007-11-20 20:27:31: DEBUG: hash(md5) 2007-11-20 20:27:31: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2007-11-20 20:27:31: DEBUG: hmac(modp1024) 2007-11-20 20:27:31: DEBUG: type=Authentication Method, flag=0x8000, lorv=RSA signatures 2007-11-20 20:27:31: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2007-11-20 20:27:31: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2007-11-20 20:27:31: DEBUG: transform #3 len=36 2007-11-20 20:27:31: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2007-11-20 20:27:31: DEBUG: encryption(des) 2007-11-20 20:27:31: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2007-11-20 20:27:31: DEBUG: hash(sha1) 2007-11-20 20:27:31: DEBUG: type=Group Description, flag=0x8000, lorv=768-bit MODP group 2007-11-20 20:27:31: DEBUG: hmac(modp768) 2007-11-20 20:27:31: DEBUG: type=Authentication Method, flag=0x8000, lorv=RSA signatures 2007-11-20 20:27:31: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2007-11-20 20:27:31: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2007-11-20 20:27:31: DEBUG: transform #4 len=36 2007-11-20 20:27:31: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=DES-CBC 2007-11-20 20:27:31: DEBUG: encryption(des) 2007-11-20 20:27:31: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5 2007-11-20 20:27:31: DEBUG: hash(md5) 2007-11-20 20:27:31: DEBUG: type=Group Description, flag=0x8000, lorv=768-bit MODP group 2007-11-20 20:27:31: DEBUG: hmac(modp768) 2007-11-20 20:27:31: DEBUG: type=Authentication Method, flag=0x8000, lorv=RSA signatures 2007-11-20 20:27:31: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2007-11-20 20:27:31: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2007-11-20 20:27:31: DEBUG: pair 1: 2007-11-20 20:27:31: DEBUG: 0x80a94e0: next=0x0 tnext=0x80a94f0 2007-11-20 20:27:31: DEBUG: 0x80a94f0: next=0x0 tnext=0x80a9500 2007-11-20 20:27:31: DEBUG: 0x80a9500: next=0x0 tnext=0x80a9510 2007-11-20 20:27:31: DEBUG: 0x80a9510: next=0x0 tnext=0x0 2007-11-20 20:27:31: DEBUG: proposal #1: 4 transform 2007-11-20 20:27:31: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4 2007-11-20 20:27:31: DEBUG: trns#=1, trns-id=IKE 2007-11-20 20:27:31: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC 2007-11-20 20:27:31: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA 2007-11-20 20:27:31: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group 2007-11-20 20:27:31: DEBUG: type=Authentication Method, flag=0x8000, lorv=RSA signatures 2007-11-20 20:27:31: DEBUG: type=Life Type, flag=0x8000, lorv=seconds 2007-11-20 20:27:31: DEBUG: type=Life Duration, flag=0x0000, lorv=4 2007-11-20 20:27:31: DEBUG: Compared: DB:Peer 2007-11-20 20:27:31: DEBUG: (lifetime = 28800:28800) 2007-11-20 20:27:31: DEBUG: (lifebyte = 0:0) 2007-11-20 20:27:31: DEBUG: enctype = 3DES-CBC:3DES-CBC 2007-11-20 20:27:31: DEBUG: (encklen = 0:0) 2007-11-20 20:27:31: DEBUG: hashtype = SHA:SHA 2007-11-20 20:27:31: DEBUG: authmethod = RSA signatures:RSA signatures 2007-11-20 20:27:31: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group 2007-11-20 20:27:31: DEBUG: an acceptable proposal found. 2007-11-20 20:27:31: DEBUG: hmac(modp1024) 2007-11-20 20:27:31: DEBUG: new cookie: ee30ac4a17d6ee8b 2007-11-20 20:27:31: DEBUG: add payload of len 52, next type 13 2007-11-20 20:27:31: DEBUG: add payload of len 16, next type 0 2007-11-20 20:27:31: DEBUG: 104 bytes from 202.70.87.123[500] to 203.91.130.173[500] 2007-11-20 20:27:31: DEBUG: sockname 202.70.87.123[500] 2007-11-20 20:27:31: DEBUG: send packet from 202.70.87.123[500] 2007-11-20 20:27:31: DEBUG: send packet to 203.91.130.173[500] 2007-11-20 20:27:31: DEBUG: 1 times of 104 bytes message will be sent to 203.91.130.173[500] 2007-11-20 20:27:31: DEBUG: 0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 00000024 01010000 80010005 80020002 80040002 80030003 800b0001 000c0004 00007080 00000014 afcad713 68a1f1c9 6b8696fc 77570100 2007-11-20 20:27:31: DEBUG: resend phase1 packet 0f99cf2adb2bf6a3:ee30ac4a17d6ee8b 2007-11-20 20:27:31: DEBUG: === 2007-11-20 20:27:31: DEBUG: 184 bytes message received from 203.91.130.173[500] to 202.70.87.123[500] 2007-11-20 20:27:31: DEBUG: 0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 04100200 00000000 000000b8 0a000084 4e85c725 45a986f5 a0f20d2b dd982002 c53296c0 35612c43 0d53065a b0a5c7e9 661aaa56 46a50046 3f30d5a3 98119684 bd76515a ad95b9f9 6c5d7183 0321e23e 0815ea83 f6973157 9b12a091 fc133d89 365803d5 2146db50 ea6c1574 6986d7d7 78bec3cf e93229ce 37759460 9a5ec52e 020cc8fa fbf3b316 43c93524 fc3edbc4 00000018 64980a47 4b0b1245 8244d686 0bd0343f 134764c8 2007-11-20 20:27:31: DEBUG: begin. 2007-11-20 20:27:31: DEBUG: seen nptype=4(ke) 2007-11-20 20:27:31: DEBUG: seen nptype=10(nonce) 2007-11-20 20:27:31: DEBUG: succeed. 2007-11-20 20:27:31: DEBUG: === 2007-11-20 20:27:31: DEBUG: compute DH's private. 2007-11-20 20:27:31: DEBUG: 49cc619e 813db34a f9d4b01d 04132736 e26b8e16 fdc860d5 6ce64ef4 69633814 7d59e4cf 2c6c4656 c3fc86a3 58293c80 0e0a37f8 148cb30f 8f858f5b f44d6d4c a6ed2f66 f28a7a23 3a028212 97d32189 4353af74 fc70a28e db10e277 67a3236f e853a894 5c902a76 4a7ae6d3 e6cc8d30 f93f6e61 6da15e51 a6e023ad 6410ceb5 2007-11-20 20:27:31: DEBUG: compute DH's public. 2007-11-20 20:27:31: DEBUG: 099592c3 f66bf7df 45605144 84704464 eb40bac8 2d77d376 15268e5b 4a678fce 09a45e08 4ef19648 714379f5 ded1adf8 c6ca5f5a 7fe71529 712efef0 b4548e38 73eb352a 5ca316ee 8551a1f3 88f347b7 9a65c237 b513bd91 2a25fb00 85df8702 99180797 d0f8e91e 82407174 d8c0bee5 0366337f 6b57b426 ef442107 45276e29 2007-11-20 20:27:31: DEBUG: create my CR: X.509 Certificate Signature 2007-11-20 20:27:31: DEBUG: add payload of len 128, next type 10 2007-11-20 20:27:31: DEBUG: add payload of len 16, next type 7 2007-11-20 20:27:31: DEBUG: add payload of len 1, next type 0 2007-11-20 20:27:31: DEBUG: 185 bytes from 202.70.87.123[500] to 203.91.130.173[500] 2007-11-20 20:27:31: DEBUG: sockname 202.70.87.123[500] 2007-11-20 20:27:31: DEBUG: send packet from 202.70.87.123[500] 2007-11-20 20:27:31: DEBUG: send packet to 203.91.130.173[500] 2007-11-20 20:27:31: DEBUG: 1 times of 185 bytes message will be sent to 203.91.130.173[500] 2007-11-20 20:27:31: DEBUG: 0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 04100200 00000000 000000b9 0a000084 099592c3 f66bf7df 45605144 84704464 eb40bac8 2d77d376 15268e5b 4a678fce 09a45e08 4ef19648 714379f5 ded1adf8 c6ca5f5a 7fe71529 712efef0 b4548e38 73eb352a 5ca316ee 8551a1f3 88f347b7 9a65c237 b513bd91 2a25fb00 85df8702 99180797 d0f8e91e 82407174 d8c0bee5 0366337f 6b57b426 ef442107 45276e29 07000014 f8a01726 a1c3f216 2d725236 6277011b 00000005 04 2007-11-20 20:27:31: DEBUG: resend phase1 packet 0f99cf2adb2bf6a3:ee30ac4a17d6ee8b 2007-11-20 20:27:31: DEBUG: compute DH's shared. 2007-11-20 20:27:31: DEBUG: 9bbaa055 88c76d7c b1fd290b d399c5cd e3fd7d3e 1579daa7 239e28b4 1b519c18 cc311190 198c89cd 26c69c38 2ad04a88 08fef2c3 75ed6f2e fa0ec13a a4bf2ab6 35661f0a 38588d4a e815a4bd 0a853c96 cc5502b8 ec727e0e 90582cf9 f1c3e1ad 783f12e2 bfdc8915 981efd03 8b9f50d4 e44d3d2e 525b1172 aae8e384 1ab53ef6 2007-11-20 20:27:31: DEBUG: nonce1: 2007-11-20 20:27:31: DEBUG: 64980a47 4b0b1245 8244d686 0bd0343f 134764c8 2007-11-20 20:27:31: DEBUG: nonce2: 2007-11-20 20:27:31: DEBUG: f8a01726 a1c3f216 2d725236 6277011b 2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1) 2007-11-20 20:27:31: DEBUG: SKEYID computed: 2007-11-20 20:27:31: DEBUG: 09882c9f e271f4a4 a181d9b0 6d35ba07 181e6109 2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1) 2007-11-20 20:27:31: DEBUG: SKEYID_d computed: 2007-11-20 20:27:31: DEBUG: f7b31593 83e8a23a 6fbb0dd8 2a1f81f8 4c5a1f53 2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1) 2007-11-20 20:27:31: DEBUG: SKEYID_a computed: 2007-11-20 20:27:31: DEBUG: 0d56f7b5 3a1c100b b83f978c 85a476eb 089a1cf9 2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1) 2007-11-20 20:27:31: DEBUG: SKEYID_e computed: 2007-11-20 20:27:31: DEBUG: 66d03d25 7858c8d2 6d7ce36a f67b3b09 1f0bf875 2007-11-20 20:27:31: DEBUG: encryption(3des) 2007-11-20 20:27:31: DEBUG: hash(sha1) 2007-11-20 20:27:31: DEBUG: len(SKEYID_e) < len(Ka) (20 < 24), generating long key (Ka = K1 | K2 | ...) 2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1) 2007-11-20 20:27:31: DEBUG: compute intermediate encryption key K1 2007-11-20 20:27:31: DEBUG: 00 2007-11-20 20:27:31: DEBUG: c90e0b4c 37788ed5 e8900200 ec6b0739 4b9a961a 2007-11-20 20:27:31: DEBUG: hmac(hmac_sha1) 2007-11-20 20:27:31: DEBUG: compute intermediate encryption key K2 2007-11-20 20:27:31: DEBUG: c90e0b4c 37788ed5 e8900200 ec6b0739 4b9a961a 2007-11-20 20:27:31: DEBUG: 0d44b4e7 8eb7fc58 a7beb122 dbb66c11 09c68be7 2007-11-20 20:27:31: DEBUG: final encryption key computed: 2007-11-20 20:27:31: DEBUG: c90e0b4c 37788ed5 e8900200 ec6b0739 4b9a961a 0d44b4e7 2007-11-20 20:27:31: DEBUG: hash(sha1) 2007-11-20 20:27:31: DEBUG: encryption(3des) 2007-11-20 20:27:31: DEBUG: IV computed: 2007-11-20 20:27:31: DEBUG: 0a536fb1 8fd806a7 2007-11-20 20:27:31: DEBUG: === 2007-11-20 20:27:31: DEBUG: 84 bytes message received from 203.91.130.173[500] to 202.70.87.123[500] 2007-11-20 20:27:31: DEBUG: 0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 08100501 9d6a3089 00000054 5d8e333a 0bf26cc3 8eedb74b 16124d12 7ffb7bc1 9c9af7c4 b03a75f1 7274a817 367405c0 3b6a9e7d 23e168da 4a0d30ff a94585d4 14272c4c 2007-11-20 20:27:31: DEBUG: receive Information. 2007-11-20 20:27:31: DEBUG: compute IV for phase2 2007-11-20 20:27:31: DEBUG: phase1 last IV: 2007-11-20 20:27:31: DEBUG: 0a536fb1 8fd806a7 9d6a3089 2007-11-20 20:27:31: DEBUG: hash(sha1) 2007-11-20 20:27:31: DEBUG: encryption(3des) 2007-11-20 20:27:31: DEBUG: phase2 IV computed: 2007-11-20 20:27:31: DEBUG: 851268e7 9ef949af 2007-11-20 20:27:31: DEBUG: begin decryption. 2007-11-20 20:27:31: DEBUG: encryption(3des) 2007-11-20 20:27:31: DEBUG: IV was saved for next processing: 2007-11-20 20:27:31: DEBUG: a94585d4 14272c4c 2007-11-20 20:27:31: DEBUG: encryption(3des) 2007-11-20 20:27:31: DEBUG: with key: 2007-11-20 20:27:31: DEBUG: c90e0b4c 37788ed5 e8900200 ec6b0739 4b9a961a 0d44b4e7 2007-11-20 20:27:31: DEBUG: decrypted payload by IV: 2007-11-20 20:27:31: DEBUG: 851268e7 9ef949af 2007-11-20 20:27:31: DEBUG: decrypted payload, but not trimed. 2007-11-20 20:27:31: DEBUG: 0b000018 303a48d0 adbdd426 c1af17aa 1a4d59c1 1cebd133 0000001c 00000001 0110001c 0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 00000000 2007-11-20 20:27:31: DEBUG: padding len=1 2007-11-20 20:27:31: DEBUG: skip to trim padding. 2007-11-20 20:27:31: DEBUG: decrypted. 2007-11-20 20:27:31: DEBUG: 0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 08100501 9d6a3089 00000054 0b000018 303a48d0 adbdd426 c1af17aa 1a4d59c1 1cebd133 0000001c 00000001 0110001c 0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 00000000 2007-11-20 20:27:31: ERROR: ignore information because ISAKMP-SA has not been established yet. 2007-11-20 20:27:41: DEBUG: 185 bytes from 202.70.87.123[500] to 203.91.130.173[500] 2007-11-20 20:27:41: DEBUG: sockname 202.70.87.123[500] 2007-11-20 20:27:41: DEBUG: send packet from 202.70.87.123[500] 2007-11-20 20:27:41: DEBUG: send packet to 203.91.130.173[500] 2007-11-20 20:27:41: DEBUG: 1 times of 185 bytes message will be sent to 203.91.130.173[500] 2007-11-20 20:27:41: DEBUG: 0f99cf2a db2bf6a3 ee30ac4a 17d6ee8b 04100200 00000000 000000b9 0a000084 099592c3 f66bf7df 45605144 84704464 eb40bac8 2d77d376 15268e5b 4a678fce 09a45e08 4ef19648 714379f5 ded1adf8 c6ca5f5a 7fe71529 712efef0 b4548e38 73eb352a 5ca316ee 8551a1f3 88f347b7 9a65c237 b513bd91 2a25fb00 85df8702 99180797 d0f8e91e 82407174 d8c0bee5 0366337f 6b57b426 ef442107 45276e29 07000014 f8a01726 a1c3f216 2d725236 6277011b 00000005 04 2007-11-20 20:27:41: DEBUG: resend phase1 packet 0f99cf2adb2bf6a3:ee30ac4a17d6ee8b Regards, John VANHULLEBUS Yvan wrote: On Tue, Nov 20, 2007 at 02:57:17AM -0800, john decot wrote: > Hi, > > I have checked with different mode that obey and found error > no valid proposal and again i change lifetime too in bsd > server. But I can't found where should i have to change those > parameter in remote windows ipsec box. You shouldn't have to change setup on both ends: you can just changes values on one end (the BSD server) to match values of the other end. Acoording to the quick look I had at your previous dump and to my memory (ok, so that's probably not exact :-), you should just have to change lifetime to 28800 sec in remote section. Yvan. -- NETASQ http://www.netasq.com _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" --------------------------------- Be a better pen pal. Text or chat with friends inside Yahoo! Mail. See how.