« Return to Thread: DLINK DFL-800 OBSD4 vpn
Re[2]: DLINK DFL-800 OBSD4 vpn
by Чернявский Андрей
::
Rate this Message:
>gluk конфиги в студию:
# cat /etc/ipsec.conf
ike esp from 10.0.4.0/24 to 172.16.61.0/24 peer 92.50.146.38
ike esp from 217.65.0.211 to 172.16.61.0/24 peer 92.50.146.38
ike esp from 217.65.0.211 to 92.50.146.38
# cat /etc/isakmpd/isakmpd.conf
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 217.65.0.211
[Phase 1]
92.50.146.38= local-remote
[local-remote]
Phase= 1
Transport= udp
Local-address= 217.65.0.211
Address= 92.50.146.38
Configuration= Default-main-mode
Authentication= pwd
[Phase 2]
Connections= VPN-local-remote-172.16.61.0/255.255.255.0
[VPN-local-remote-172.16.61.0/255.255.255.0]
Phase= 2
ISAKMP-peer= local-remote
Configuration= Default-quick-mode
Local-ID= network-10.0.4.0/255.0.0.0
Remote-ID= network-172.16.61.0/255.255.255.0
[network-10.0.4.0/255.0.0.0]
ID-type= IPV4_ADDR_SUBNET
Network= 10.0.4.0
Netmask= 255.0.0.0
[network-172.16.61.0/255.255.255.0]
ID-type= IPV4_ADDR_SUBNET
Network= 172.16.61.0
Netmask= 255.255.255.0
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITE
ключи запуска isakmpd - запускаю isakmpd -L как советовали, еще -K
тоже пробовал
# tcpdump -n -v -r /var/run/isakmpd.pcap
tcpdump: WARNING: snaplen raised from 96 to 65536
16:37:22.910284 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 3a458481c652c78b->0000000000000000 msgid: 00000000 len: 180
payload: SA len: 52 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 40 proposal: 1 proto: ISAKMP spisz: 0 xforms: 1
payload: TRANSFORM len: 32
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 3600
payload: VENDOR len: 20 (supports OpenBSD-4.0)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T, draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1, len 208)
16:37:22.955226 92.50.146.38.500 > 217.65.0.211.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 3a458481c652c78b->27c53ddf01435e02 msgid: f2585c1d len: 102
payload: NOTIFICATION len: 74
notification: NO PROPOSAL CHOSEN [ttl 0] (id 1, len 130)
16:37:22.955350 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 25977c253e161084->0000000000000000 msgid: 00000000 len: 40
payload: NOTIFICATION len: 12
notification: INVALID FLAGS [ttl 0] (id 1, len 68)
16:37:29.970621 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 0973cac2948626e0->0000000000000000 msgid: 00000000 len: 56
payload: NOTIFICATION len: 28
notification: INVALID COOKIE [ttl 0] (id 1, len 84)
16:37:30.310895 92.50.146.38.500 > 217.65.0.211.500: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 5811d8d5bbee94a8->0000000000000000 msgid: 00000000 len: 416
payload: SA len: 228 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 216 proposal: 0 proto: ISAKMP spisz: 0 xforms: 6
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 2 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 3 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 4 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 5 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20 (supports v1 NAT-T, draft-ietf-ipsec-nat-t-ike-00)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02\n)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T, draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947) [ttl 0] (id 1, len 444)
16:37:30.311197 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: de1588bc077ae113->0000000000000000 msgid: 00000000 len: 40
payload: NOTIFICATION len: 12
notification: NO PROPOSAL CHOSEN [ttl 0] (id 1, len 68)
16:37:38.974187 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: d6e3095452da786e->0000000000000000 msgid: 00000000 len: 56
payload: NOTIFICATION len: 28
notification: INVALID COOKIE [ttl 0] (id 1, len 84)
16:37:49.986446 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 87765c3c38b74e23->0000000000000000 msgid: 00000000 len: 56
payload: NOTIFICATION len: 28
notification: INVALID COOKIE [ttl 0] (id 1, len 84)
16:38:02.997185 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 0905a8c5cf66a4f5->0000000000000000 msgid: 00000000 len: 56
payload: NOTIFICATION len: 28
notification: INVALID COOKIE [ttl 0] (id 1, len 84)
16:38:18.006441 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 2fd8c33717acc0ca->0000000000000000 msgid: 00000000 len: 56
payload: NOTIFICATION len: 28
notification: INVALID COOKIE [ttl 0] (id 1, len 84)
16:38:40.261206 92.50.146.38.500 > 217.65.0.211.500: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: aa04d0614636b1a5->0000000000000000 msgid: 00000000 len: 416
payload: SA len: 228 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 216 proposal: 0 proto: ISAKMP spisz: 0 xforms: 6
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 2 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 3 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 4 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 5 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20 (supports v1 NAT-T, draft-ietf-ipsec-nat-t-ike-00)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02\n)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T, draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947) [ttl 0] (id 1, len 444)
16:38:40.261517 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: b94845016deb3776->0000000000000000 msgid: 00000000 len: 40
payload: NOTIFICATION len: 12
notification: NO PROPOSAL CHOSEN [ttl 0] (id 1, len 68)
16:39:50.211566 92.50.146.38.500 > 217.65.0.211.500: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: f3ab6234f8f2d118->0000000000000000 msgid: 00000000 len: 416
payload: SA len: 228 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 216 proposal: 0 proto: ISAKMP spisz: 0 xforms: 6
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 2 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 3 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 4 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 5 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20 (supports v1 NAT-T, draft-ietf-ipsec-nat-t-ike-00)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02\n)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T, draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947) [ttl 0] (id 1, len 444)
16:39:50.211862 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 3602a641e16b2a79->0000000000000000 msgid: 00000000 len: 40
payload: NOTIFICATION len: 12
notification: NO PROPOSAL CHOSEN [ttl 0] (id 1, len 68)
16:41:00.162097 92.50.146.38.500 > 217.65.0.211.500: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 7adf7839f905ddad->0000000000000000 msgid: 00000000 len: 416
payload: SA len: 228 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 216 proposal: 0 proto: ISAKMP spisz: 0 xforms: 6
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 2 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 3 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
# cat /etc/ipsec.conf
ike esp from 10.0.4.0/24 to 172.16.61.0/24 peer 92.50.146.38
ike esp from 217.65.0.211 to 172.16.61.0/24 peer 92.50.146.38
ike esp from 217.65.0.211 to 92.50.146.38
# cat /etc/isakmpd/isakmpd.conf
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 217.65.0.211
[Phase 1]
92.50.146.38= local-remote
[local-remote]
Phase= 1
Transport= udp
Local-address= 217.65.0.211
Address= 92.50.146.38
Configuration= Default-main-mode
Authentication= pwd
[Phase 2]
Connections= VPN-local-remote-172.16.61.0/255.255.255.0
[VPN-local-remote-172.16.61.0/255.255.255.0]
Phase= 2
ISAKMP-peer= local-remote
Configuration= Default-quick-mode
Local-ID= network-10.0.4.0/255.0.0.0
Remote-ID= network-172.16.61.0/255.255.255.0
[network-10.0.4.0/255.0.0.0]
ID-type= IPV4_ADDR_SUBNET
Network= 10.0.4.0
Netmask= 255.0.0.0
[network-172.16.61.0/255.255.255.0]
ID-type= IPV4_ADDR_SUBNET
Network= 172.16.61.0
Netmask= 255.255.255.0
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITE
ключи запуска isakmpd - запускаю isakmpd -L как советовали, еще -K
тоже пробовал
# tcpdump -n -v -r /var/run/isakmpd.pcap
tcpdump: WARNING: snaplen raised from 96 to 65536
16:37:22.910284 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 3a458481c652c78b->0000000000000000 msgid: 00000000 len: 180
payload: SA len: 52 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 40 proposal: 1 proto: ISAKMP spisz: 0 xforms: 1
payload: TRANSFORM len: 32
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 3600
payload: VENDOR len: 20 (supports OpenBSD-4.0)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T, draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1, len 208)
16:37:22.955226 92.50.146.38.500 > 217.65.0.211.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 3a458481c652c78b->27c53ddf01435e02 msgid: f2585c1d len: 102
payload: NOTIFICATION len: 74
notification: NO PROPOSAL CHOSEN [ttl 0] (id 1, len 130)
16:37:22.955350 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 25977c253e161084->0000000000000000 msgid: 00000000 len: 40
payload: NOTIFICATION len: 12
notification: INVALID FLAGS [ttl 0] (id 1, len 68)
16:37:29.970621 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 0973cac2948626e0->0000000000000000 msgid: 00000000 len: 56
payload: NOTIFICATION len: 28
notification: INVALID COOKIE [ttl 0] (id 1, len 84)
16:37:30.310895 92.50.146.38.500 > 217.65.0.211.500: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 5811d8d5bbee94a8->0000000000000000 msgid: 00000000 len: 416
payload: SA len: 228 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 216 proposal: 0 proto: ISAKMP spisz: 0 xforms: 6
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 2 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 3 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 4 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 5 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20 (supports v1 NAT-T, draft-ietf-ipsec-nat-t-ike-00)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02\n)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T, draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947) [ttl 0] (id 1, len 444)
16:37:30.311197 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: de1588bc077ae113->0000000000000000 msgid: 00000000 len: 40
payload: NOTIFICATION len: 12
notification: NO PROPOSAL CHOSEN [ttl 0] (id 1, len 68)
16:37:38.974187 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: d6e3095452da786e->0000000000000000 msgid: 00000000 len: 56
payload: NOTIFICATION len: 28
notification: INVALID COOKIE [ttl 0] (id 1, len 84)
16:37:49.986446 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 87765c3c38b74e23->0000000000000000 msgid: 00000000 len: 56
payload: NOTIFICATION len: 28
notification: INVALID COOKIE [ttl 0] (id 1, len 84)
16:38:02.997185 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 0905a8c5cf66a4f5->0000000000000000 msgid: 00000000 len: 56
payload: NOTIFICATION len: 28
notification: INVALID COOKIE [ttl 0] (id 1, len 84)
16:38:18.006441 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 2fd8c33717acc0ca->0000000000000000 msgid: 00000000 len: 56
payload: NOTIFICATION len: 28
notification: INVALID COOKIE [ttl 0] (id 1, len 84)
16:38:40.261206 92.50.146.38.500 > 217.65.0.211.500: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: aa04d0614636b1a5->0000000000000000 msgid: 00000000 len: 416
payload: SA len: 228 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 216 proposal: 0 proto: ISAKMP spisz: 0 xforms: 6
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 2 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 3 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 4 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 5 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20 (supports v1 NAT-T, draft-ietf-ipsec-nat-t-ike-00)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02\n)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T, draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947) [ttl 0] (id 1, len 444)
16:38:40.261517 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: b94845016deb3776->0000000000000000 msgid: 00000000 len: 40
payload: NOTIFICATION len: 12
notification: NO PROPOSAL CHOSEN [ttl 0] (id 1, len 68)
16:39:50.211566 92.50.146.38.500 > 217.65.0.211.500: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: f3ab6234f8f2d118->0000000000000000 msgid: 00000000 len: 416
payload: SA len: 228 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 216 proposal: 0 proto: ISAKMP spisz: 0 xforms: 6
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 2 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 3 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 4 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 5 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = BLOWFISH_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20
payload: VENDOR len: 20 (supports v1 NAT-T, draft-ietf-ipsec-nat-t-ike-00)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02\n)
payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T, draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947) [ttl 0] (id 1, len 444)
16:39:50.211862 217.65.0.211.500 > 92.50.146.38.500: [udp sum ok] isakmp v1.0 exchange INFO
cookie: 3602a641e16b2a79->0000000000000000 msgid: 00000000 len: 40
payload: NOTIFICATION len: 12
notification: NO PROPOSAL CHOSEN [ttl 0] (id 1, len 68)
16:41:00.162097 92.50.146.38.500 > 217.65.0.211.500: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 7adf7839f905ddad->0000000000000000 msgid: 00000000 len: 416
payload: SA len: 228 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 216 proposal: 0 proto: ISAKMP spisz: 0 xforms: 6
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 36
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute KEY_LENGTH = 128
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 2 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: TRANSFORM len: 32
transform: 3 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_768
« Return to Thread: DLINK DFL-800 OBSD4 vpn
| Free embeddable forum powered by Nabble | Forum Help |
