În data de Ma, 07-08-2007 la 13:41 +0300, Mihai Badici a scris:
>
> > bundle: espauth/encryption: 3desouter/authentication: sha
> > key management mode: isakmp
> > key encryption: 3desrouter/key authentication: sha
> >
>
>
> Pai criptarea 3des in loc de des si sha in loc de md5 ... cel putin la prima
> vedere ar trebui sa fie de ajuns
tot nu vrea. logul full:
2007-08-07 13:39:33: DEBUG: begin.
2007-08-07 13:39:33: DEBUG: seen nptype=2(prop)
2007-08-07 13:39:33: DEBUG: succeed.
2007-08-07 13:39:33: DEBUG: proposal #1 len=424
2007-08-07 13:39:33: DEBUG: begin.
2007-08-07 13:39:33: DEBUG: seen nptype=3(trns)
2007-08-07 13:39:33: DEBUG: seen nptype=3(trns)
2007-08-07 13:39:33: DEBUG: seen nptype=3(trns)
2007-08-07 13:39:33: DEBUG: seen nptype=3(trns)
2007-08-07 13:39:33: DEBUG: succeed.
2007-08-07 13:39:33: DEBUG: transform #1 len=104
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=3DES-CBC
2007-08-07 13:39:33: DEBUG: encryption(3des)
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2007-08-07 13:39:33: DEBUG: hash(sha1)
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=1024-bit MODP group
2007-08-07 13:39:33: DEBUG: hmac(modp1024)
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: DEBUG: transform #2 len=104
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=3DES-CBC
2007-08-07 13:39:33: DEBUG: encryption(3des)
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-08-07 13:39:33: DEBUG: hash(md5)
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=1024-bit MODP group
2007-08-07 13:39:33: DEBUG: hmac(modp1024)
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: DEBUG: transform #3 len=104
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=DES-CBC
2007-08-07 13:39:33: DEBUG: encryption(des)
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2007-08-07 13:39:33: DEBUG: hash(sha1)
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=768-bit MODP group
2007-08-07 13:39:33: DEBUG: hmac(modp768)
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: DEBUG: transform #4 len=104
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=DES-CBC
2007-08-07 13:39:33: DEBUG: encryption(des)
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-08-07 13:39:33: DEBUG: hash(md5)
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=768-bit MODP group
2007-08-07 13:39:33: DEBUG: hmac(modp768)
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: DEBUG: pair 1:
2007-08-07 13:39:33: DEBUG: 0x80c09f8: next=(nil) tnext=0x80c0a10
2007-08-07 13:39:33: DEBUG: 0x80c0a10: next=(nil) tnext=0x80c0a28
2007-08-07 13:39:33: DEBUG: 0x80c0a28: next=(nil) tnext=0x80bfc48
2007-08-07 13:39:33: DEBUG: 0x80bfc48: next=(nil) tnext=(nil)
2007-08-07 13:39:33: DEBUG: proposal #1: 4 transform
2007-08-07 13:39:33: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4
2007-08-07 13:39:33: DEBUG: trns#=1, trns-id=IKE
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=3DES-CBC
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=1024-bit MODP group
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: DEBUG: Compared: DB:Peer
2007-08-07 13:39:33: DEBUG: (lifetime = 1800:28800)
2007-08-07 13:39:33: DEBUG: (lifebyte = 0:0)
2007-08-07 13:39:33: DEBUG: enctype = 3DES-CBC:3DES-CBC
2007-08-07 13:39:33: DEBUG: (encklen = 0:0)
2007-08-07 13:39:33: DEBUG: hashtype = SHA:SHA
2007-08-07 13:39:33: DEBUG: authmethod = GSS-API on Kerberos 5:GSS-API
on Kerberos 5
2007-08-07 13:39:33: DEBUG: dh_group = 768-bit MODP group:1024-bit MODP
group
2007-08-07 13:39:33: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4
2007-08-07 13:39:33: DEBUG: trns#=2, trns-id=IKE
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=3DES-CBC
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=1024-bit MODP group
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: DEBUG: Compared: DB:Peer
2007-08-07 13:39:33: DEBUG: (lifetime = 1800:28800)
2007-08-07 13:39:33: DEBUG: (lifebyte = 0:0)
2007-08-07 13:39:33: DEBUG: enctype = 3DES-CBC:3DES-CBC
2007-08-07 13:39:33: DEBUG: (encklen = 0:0)
2007-08-07 13:39:33: DEBUG: hashtype = SHA:MD5
2007-08-07 13:39:33: DEBUG: authmethod = GSS-API on Kerberos 5:GSS-API
on Kerberos 5
2007-08-07 13:39:33: DEBUG: dh_group = 768-bit MODP group:1024-bit MODP
group
2007-08-07 13:39:33: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4
2007-08-07 13:39:33: DEBUG: trns#=3, trns-id=IKE
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=DES-CBC
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=768-bit MODP group
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: DEBUG: Compared: DB:Peer
2007-08-07 13:39:33: DEBUG: (lifetime = 1800:28800)
2007-08-07 13:39:33: DEBUG: (lifebyte = 0:0)
2007-08-07 13:39:33: DEBUG: enctype = 3DES-CBC:DES-CBC
2007-08-07 13:39:33: DEBUG: (encklen = 0:0)
2007-08-07 13:39:33: DEBUG: hashtype = SHA:SHA
2007-08-07 13:39:33: DEBUG: authmethod = GSS-API on Kerberos 5:GSS-API
on Kerberos 5
2007-08-07 13:39:33: DEBUG: dh_group = 768-bit MODP group:768-bit MODP
group
2007-08-07 13:39:33: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=0, #trns=4
2007-08-07 13:39:33: DEBUG: trns#=4, trns-id=IKE
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=DES-CBC
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=768-bit MODP group
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: DEBUG: Compared: DB:Peer
2007-08-07 13:39:33: DEBUG: (lifetime = 1800:28800)
2007-08-07 13:39:33: DEBUG: (lifebyte = 0:0)
2007-08-07 13:39:33: DEBUG: enctype = 3DES-CBC:DES-CBC
2007-08-07 13:39:33: DEBUG: (encklen = 0:0)
2007-08-07 13:39:33: DEBUG: hashtype = SHA:MD5
2007-08-07 13:39:33: DEBUG: authmethod = GSS-API on Kerberos 5:GSS-API
on Kerberos 5
2007-08-07 13:39:33: DEBUG: dh_group = 768-bit MODP group:768-bit MODP
group
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=3DES-CBC
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=1024-bit MODP group
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: ERROR: rejected dh_group:
DB(prop#1:trns#1):Peer(prop#1:trns#1) = 768-bit MODP group:1024-bit MODP
group
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=3DES-CBC
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=1024-bit MODP group
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: ERROR: rejected hashtype:
DB(prop#1:trns#1):Peer(prop#1:trns#2) = SHA:MD5
2007-08-07 13:39:33: ERROR: rejected dh_group:
DB(prop#1:trns#1):Peer(prop#1:trns#2) = 768-bit MODP group:1024-bit MODP
group
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=DES-CBC
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=768-bit MODP group
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: ERROR: rejected enctype:
DB(prop#1:trns#1):Peer(prop#1:trns#3) = 3DES-CBC:DES-CBC
2007-08-07 13:39:33: DEBUG: type=Encryption Algorithm, flag=0x8000,
lorv=DES-CBC
2007-08-07 13:39:33: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=MD5
2007-08-07 13:39:33: DEBUG: type=Group Description, flag=0x8000,
lorv=768-bit MODP group
2007-08-07 13:39:33: DEBUG: type=Authentication Method, flag=0x8000,
lorv=GSS-API on Kerberos 5
2007-08-07 13:39:33: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2007-08-07 13:39:33: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2007-08-07 13:39:33: DEBUG: type=GSS-API endpoint name, flag=0x0000,
lorv=64
2007-08-07 13:39:33: ERROR: rejected enctype:
DB(prop#1:trns#1):Peer(prop#1:trns#4) = 3DES-CBC:DES-CBC
2007-08-07 13:39:33: ERROR: rejected hashtype:
DB(prop#1:trns#1):Peer(prop#1:trns#4) = SHA:MD5
2007-08-07 13:39:33: ERROR: no suitable proposal found.
2007-08-07 13:39:33: ERROR: failed to get valid proposal.
2007-08-07 13:39:33: ERROR: failed to process packet.
configul:
bb01 racoon # cat racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
log debug2;
remote 1.2.3.4 {
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
# authentication_method pre_shared_key;
authentication_method gssapi_krb;
dh_group modp768;
}
peers_identifier address 1.2.3.4;
passive off;
verify_identifier on;
lifetime time 30 min;
exchange_mode main;
}
comanda rulata:
racoon -vv -F -f /etc/racoon/racoon.conf
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
