Greetings,
I am attempting to have two OpenBSD boxes communicate via IPSec. I have
configured them to use ISAKMPD to negotiate the connection, using PSK.
Unfortunately, isakmpd on one of the boxes dies in phase 1's
negotiation. For both machines, I am using OpenBSD 3.8 on an i386
architecture.
I have recompiled the kernel and userland from source on the machine
experiencing isakmp death. I am wanting to modify the isakmp source to
log some additional information. However, because of the abnormal
termination, I moved my modified code out of the way, updated via CVS,
and did the "make obj && make depend && make && make install" steps.
Even then, it still dies.
I recorded a packet capture of the event. The working OpenBSD machine
("A") will initiate a security association, which the dying machine
("B") will agree to. "A" then replies with its portion of the D-H key
exchange, at which point "B" dies before replying.
Below, I have included output from the ISAKMPD on "B". I invoked it via
"isakmpd -d -D A=99", so there is a lot of output. I truncated the
initial isakmpd start-up messages.
Thanks for your help,
-- Craig
Debug output:
171715.299284 Mesg 90 message_alloc: allocated 0x89d8f700
171715.299300 Mesg 70 message_recv: message 0x89d8f700
171715.299321 Mesg 70 ICOOKIE: 0x370ff8ea053c36ff
171715.299341 Mesg 70 RCOOKIE: 0x1d5e4ebddf371b3e
171715.299356 Mesg 70 NEXT_PAYLOAD: KEY_EXCH
171715.299371 Mesg 70 VERSION: 16
171715.299384 Mesg 70 EXCH_TYPE: ID_PROT
171715.299398 Mesg 70 FLAGS: [ ]
171715.299414 Mesg 70 MESSAGE_ID: 0x00000000
171715.299428 Mesg 70 LENGTH: 228
171715.299466 Mesg 70 message_recv: 370ff8ea 053c36ff 1d5e4ebd df371b3e
04100200 00000000 000000e4 0a000084
171715.299503 Mesg 70 message_recv: 8dfbec73 1a0f8caa f597da56 84793e8d
97a5f69e 1f2d725f 54cb9c4c 564a3da4
171715.299539 Mesg 70 message_recv: def4a3b6 59c3a029 9448de44 eb096298
0e13861e cf2d95a6 b6833d70 0919cf39
171715.299576 Mesg 70 message_recv: 04a48f72 7ab959d0 1fd9a60d 6b8fddd8
013caf43 5f2a0c10 b77f4d5f f34b76d1
171715.299740 Mesg 70 message_recv: 2d4a05b0 c45b8a33 c95ca008 0fd50d5e
5f4316a6 fcaf2c8a bf9428d3 f7a5731c
171715.299778 Mesg 70 message_recv: 14000014 6d0ae0b7 bef1cb14 075890fe
8974d68a 14000018 f1b97f7f 91b5fa47
171715.299814 Mesg 70 message_recv: 6b644d75 4f6c4cb5 a704913c 00000018
c3002ea2 79d81acd e9dd91e3 070cbaa4
171715.299830 Mesg 70 message_recv: 6973d112
171715.299846 SA 80 sa_reference: SA 0x7c890d00 now has 5 references
171715.299860 Mesg 90 message_check_duplicate: last_received 0x89d8f580
171715.299872 Mesg 95 message_check_duplicate: last_received:
171715.300420 Mesg 95 370ff8ea 053c36ff 00000000 00000000 01100200
00000000 000000a4 0d000038
171715.300480 Mesg 95 00000001 00000001 0000002c 01010001 00000024
00010000 80010007 80020002
171715.300517 Mesg 95 80030001 80040002 800b0001 800c8ca0 800e0080
0d000014 90cb8091 3ebb696e
171715.300553 Mesg 95 086381b5 ec427b1f 0d000014 7d9419a6 5310ca6f
2c179d92 15529d56 0d000014
171715.300589 Mesg 95 4a131c81 07035845 5c5728f2 0e95452f 00000014
afcad713 68a1f1c9 6b8696fc
171715.300666 Mesg 95 77570100
171715.300681 Mesg 20 message_free: freeing 0x89d8f680
171715.301183 Timr 10 timer_remove_event: removing event
message_send_expire(0x89d8f680)
171715.301206 Trpt 95 transport_release: transport 0x89f226c0 had 3
references
171715.301221 SA 80 sa_release: SA 0x7c890d00 had 5 references
171715.301245 Mesg 50 message_parse_payloads: offset 28 payload KEY_EXCH
171715.301262 Mesg 50 message_parse_payloads: offset 160 payload NONCE
171715.301276 Mesg 50 message_parse_payloads: offset 180 payload NAT_D
171715.301290 Mesg 50 message_parse_payloads: offset 204 payload NAT_D
171715.301306 Mesg 60 message_validate_payloads: payload KEY_EXCH at
0x7c890f1c of message 0x89d8f700
171715.301324 Mesg 60 message_validate_payloads: payload NONCE at
0x7c890fa0 of message 0x89d8f700
171715.301339 Mesg 60 message_validate_payloads: payload NAT_D at
0x7c890fb4 of message 0x89d8f700
171715.301354 Mesg 60 message_validate_payloads: payload NAT_D at
0x7c890fcc of message 0x89d8f700
171715.301543 Trpt 95 transport_reference: transport 0x89f22900 now has
2 references
171715.301560 Trpt 95 transport_release: transport 0x89f226c0 had 2
references
171715.301574 Exch 90 exchange_validate: checking for required KEY_EXCH
171715.301588 Exch 90 exchange_validate: checking for required NONCE
171715.301603 Misc 30 ipsec_responder: phase 1 exchange 2 step 2
171715.301622 Misc 80 ipsec_g_x: g^xi:
171715.301657 Misc 80 8dfbec73 1a0f8caa f597da56 84793e8d 97a5f69e
1f2d725f 54cb9c4c 564a3da4
171715.301691 Misc 80 def4a3b6 59c3a029 9448de44 eb096298 0e13861e
cf2d95a6 b6833d70 0919cf39
171715.301726 Misc 80 04a48f72 7ab959d0 1fd9a60d 6b8fddd8 013caf43
5f2a0c10 b77f4d5f f34b76d1
171715.301760 Misc 80 2d4a05b0 c45b8a33 c95ca008 0fd50d5e 5f4316a6
fcaf2c8a bf9428d3 f7a5731c
171715.301776 Exch 80 exchange_nonce: NONCE_i:
171715.302278 Exch 80 6d0ae0b7 bef1cb14 075890fe 8974d68a
171715.302298 Cryp 60 hash_get: requested algorithm 1
171715.302330 Cryp 60 hash_get: requested algorithm 1
171715.302946 Exch 40 nat_t_exchange_check_nat_d: no NAT
171715.302990 Mesg 20 message_free: freeing 0x89d8f580
171715.303035 Trpt 95 transport_release: transport 0x89f226c0 had 1
references
171715.303050 Trpt 70 transport_release: freeing 0x89f226c0
171715.303066 Trpt 90 udp_remove: removed transport 0x89f22740
171715.303080 Trpt 90 udp_remove: removed transport 0x89f22700
171715.303093 Trpt 90 virtual_remove: removed 0x89f226c0
171715.303108 SA 80 sa_release: SA 0x7c890d00 had 4 references
171715.303123 Exch 40 exchange_run: exchange 0x7c890c00 finished step 2,
advancing...
171715.303141 Trpt 95 transport_reference: transport 0x89f22900 now has
3 references
171715.303157 Mesg 90 message_alloc: allocated 0x89d8f580
171715.303170 SA 80 sa_reference: SA 0x7c890d00 now has 4 references
171715.303186 Misc 30 ipsec_responder: phase 1 exchange 2 step 3
