Because my wife needed to connect to a Cisco box using XAUTH (arghhh!) I used the opportunity to test the X.509 certificate support of the Cisco VPN Client 4.0.1 (running on a Windows XP box) by trying to set up a VPN tunnel to my FreeS/WAN gateway. Unfortunately already the first payload failed as the FreeS/WAN log shows. The Cisco Client appends 16 zero bytes to the MI1 proposal that are not accounted for in the length field. Has anyone else experienced this phenomenon? Is Pluto too strict? Shouldn't it just ignore the superflous bytes as is the case when payloads get padded up to a multiple of four bytes (e.g. with certificate requests)?
Regards
Andreas
======================================================================= Andreas Steffen e-mail: [EMAIL PROTECTED] strongSec GmbH home: http://www.strongsec.com Alter Z�richweg 20 phone: +41 1 730 80 64 CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65 ==========================================[strong internet security]===
Aug 4 19:22:07 firewall pluto[3506]: | *received 1116 bytes from 160.85.106.2:500 on eth1 Aug 4 19:22:07 firewall pluto[3506]: | d6 46 78 57 ac 07 dc e8 00 00 00 00 00 00 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 01 10 02 00 00 00 00 00 00 00 04 4c 0d 00 03 fc Aug 4 19:22:07 firewall pluto[3506]: | 00 00 00 01 00 00 00 01 00 00 03 f0 01 01 00 1a Aug 4 19:22:07 firewall pluto[3506]: | 03 00 00 28 01 01 00 00 80 01 00 07 80 02 00 02 Aug 4 19:22:07 firewall pluto[3506]: | 80 04 00 05 80 03 fd ed 80 0b 00 01 00 0c 00 04 Aug 4 19:22:07 firewall pluto[3506]: | 00 20 c4 9b 80 0e 01 00 03 00 00 28 02 01 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 80 01 00 07 80 02 00 01 80 04 00 05 80 03 fd ed Aug 4 19:22:07 firewall pluto[3506]: | 80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 01 00 Aug 4 19:22:07 firewall pluto[3506]: | 03 00 00 28 03 01 00 00 80 01 00 07 80 02 00 02 Aug 4 19:22:07 firewall pluto[3506]: | 80 04 00 05 80 03 00 03 80 0b 00 01 00 0c 00 04 Aug 4 19:22:07 firewall pluto[3506]: | 00 20 c4 9b 80 0e 01 00 03 00 00 28 04 01 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 80 01 00 07 80 02 00 01 80 04 00 05 80 03 00 03 Aug 4 19:22:07 firewall pluto[3506]: | 80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 01 00 Aug 4 19:22:07 firewall pluto[3506]: | 03 00 00 28 05 01 00 00 80 01 00 07 80 02 00 02 Aug 4 19:22:07 firewall pluto[3506]: | 80 04 00 02 80 03 fd ed 80 0b 00 01 00 0c 00 04 Aug 4 19:22:07 firewall pluto[3506]: | 00 20 c4 9b 80 0e 01 00 03 00 00 28 06 01 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 80 01 00 07 80 02 00 01 80 04 00 02 80 03 fd ed Aug 4 19:22:07 firewall pluto[3506]: | 80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 01 00 Aug 4 19:22:07 firewall pluto[3506]: | 03 00 00 28 07 01 00 00 80 01 00 07 80 02 00 02 Aug 4 19:22:07 firewall pluto[3506]: | 80 04 00 02 80 03 00 03 80 0b 00 01 00 0c 00 04 Aug 4 19:22:07 firewall pluto[3506]: | 00 20 c4 9b 80 0e 01 00 03 00 00 28 08 01 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 80 01 00 07 80 02 00 01 80 04 00 02 80 03 00 03 Aug 4 19:22:07 firewall pluto[3506]: | 80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 01 00 Aug 4 19:22:07 firewall pluto[3506]: | 03 00 00 28 09 01 00 00 80 01 00 07 80 02 00 02 Aug 4 19:22:07 firewall pluto[3506]: | 80 04 00 05 80 03 fd ed 80 0b 00 01 00 0c 00 04 Aug 4 19:22:07 firewall pluto[3506]: | 00 20 c4 9b 80 0e 00 80 03 00 00 28 0a 01 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 80 01 00 07 80 02 00 01 80 04 00 05 80 03 fd ed Aug 4 19:22:07 firewall pluto[3506]: | 80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 00 80 Aug 4 19:22:07 firewall pluto[3506]: | 03 00 00 28 0b 01 00 00 80 01 00 07 80 02 00 02 Aug 4 19:22:07 firewall pluto[3506]: | 80 04 00 05 80 03 00 03 80 0b 00 01 00 0c 00 04 Aug 4 19:22:07 firewall pluto[3506]: | 00 20 c4 9b 80 0e 00 80 03 00 00 28 0c 01 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 80 01 00 07 80 02 00 01 80 04 00 05 80 03 00 03 Aug 4 19:22:07 firewall pluto[3506]: | 80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 00 80 Aug 4 19:22:07 firewall pluto[3506]: | 03 00 00 28 0d 01 00 00 80 01 00 07 80 02 00 02 Aug 4 19:22:07 firewall pluto[3506]: | 80 04 00 02 80 03 fd ed 80 0b 00 01 00 0c 00 04 Aug 4 19:22:07 firewall pluto[3506]: | 00 20 c4 9b 80 0e 00 80 03 00 00 28 0e 01 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 80 01 00 07 80 02 00 01 80 04 00 02 80 03 fd ed Aug 4 19:22:07 firewall pluto[3506]: | 80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 00 80 Aug 4 19:22:07 firewall pluto[3506]: | 03 00 00 28 0f 01 00 00 80 01 00 07 80 02 00 02 Aug 4 19:22:07 firewall pluto[3506]: | 80 04 00 02 80 03 00 03 80 0b 00 01 00 0c 00 04 Aug 4 19:22:07 firewall pluto[3506]: | 00 20 c4 9b 80 0e 00 80 03 00 00 28 10 01 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 80 01 00 07 80 02 00 01 80 04 00 02 80 03 00 03 Aug 4 19:22:07 firewall pluto[3506]: | 80 0b 00 01 00 0c 00 04 00 20 c4 9b 80 0e 00 80 Aug 4 19:22:07 firewall pluto[3506]: | 03 00 00 24 11 01 00 00 80 01 00 05 80 02 00 02 Aug 4 19:22:07 firewall pluto[3506]: | 80 04 00 05 80 03 fd ed 80 0b 00 01 00 0c 00 04 Aug 4 19:22:07 firewall pluto[3506]: | 00 20 c4 9b 03 00 00 24 12 01 00 00 80 01 00 05 Aug 4 19:22:07 firewall pluto[3506]: | 80 02 00 01 80 04 00 05 80 03 fd ed 80 0b 00 01 Aug 4 19:22:07 firewall pluto[3506]: | 00 0c 00 04 00 20 c4 9b 03 00 00 24 13 01 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 80 01 00 05 80 02 00 02 80 04 00 05 80 03 00 03 Aug 4 19:22:07 firewall pluto[3506]: | 80 0b 00 01 00 0c 00 04 00 20 c4 9b 03 00 00 24 Aug 4 19:22:07 firewall pluto[3506]: | 14 01 00 00 80 01 00 05 80 02 00 01 80 04 00 05 Aug 4 19:22:07 firewall pluto[3506]: | 80 03 00 03 80 0b 00 01 00 0c 00 04 00 20 c4 9b Aug 4 19:22:07 firewall pluto[3506]: | 03 00 00 24 15 01 00 00 80 01 00 05 80 02 00 02 Aug 4 19:22:07 firewall pluto[3506]: | 80 04 00 02 80 03 fd ed 80 0b 00 01 00 0c 00 04 Aug 4 19:22:07 firewall pluto[3506]: | 00 20 c4 9b 03 00 00 24 16 01 00 00 80 01 00 05 Aug 4 19:22:07 firewall pluto[3506]: | 80 02 00 01 80 04 00 02 80 03 fd ed 80 0b 00 01 Aug 4 19:22:07 firewall pluto[3506]: | 00 0c 00 04 00 20 c4 9b 03 00 00 24 17 01 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 80 01 00 05 80 02 00 02 80 04 00 02 80 03 00 03 Aug 4 19:22:07 firewall pluto[3506]: | 80 0b 00 01 00 0c 00 04 00 20 c4 9b 03 00 00 24 Aug 4 19:22:07 firewall pluto[3506]: | 18 01 00 00 80 01 00 05 80 02 00 01 80 04 00 02 Aug 4 19:22:07 firewall pluto[3506]: | 80 03 00 03 80 0b 00 01 00 0c 00 04 00 20 c4 9b Aug 4 19:22:07 firewall pluto[3506]: | 03 00 00 24 19 01 00 00 80 01 00 01 80 02 00 01 Aug 4 19:22:07 firewall pluto[3506]: | 80 04 00 01 80 03 fd ed 80 0b 00 01 00 0c 00 04 Aug 4 19:22:07 firewall pluto[3506]: | 00 20 c4 9b 00 00 00 24 1a 01 00 00 80 01 00 01 Aug 4 19:22:07 firewall pluto[3506]: | 80 02 00 01 80 04 00 01 80 03 00 03 80 0b 00 01 Aug 4 19:22:07 firewall pluto[3506]: | 00 0c 00 04 00 20 c4 9b 0d 00 00 0c 09 00 26 89 Aug 4 19:22:07 firewall pluto[3506]: | df d6 b7 12 0d 00 00 14 af ca d7 13 68 a1 f1 c9 Aug 4 19:22:07 firewall pluto[3506]: | 6b 86 96 fc 77 57 01 00 00 00 00 14 12 f5 f2 8c Aug 4 19:22:07 firewall pluto[3506]: | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 00 00 00 00 Aug 4 19:22:07 firewall pluto[3506]: | 00 00 00 00 00 00 00 00 00 00 00 00 Aug 4 19:22:07 firewall pluto[3506]: | **parse ISAKMP Message: Aug 4 19:22:07 firewall pluto[3506]: | initiator cookie: Aug 4 19:22:07 firewall pluto[3506]: | d6 46 78 57 ac 07 dc e8 Aug 4 19:22:07 firewall pluto[3506]: | responder cookie: Aug 4 19:22:07 firewall pluto[3506]: | 00 00 00 00 00 00 00 00 Aug 4 19:22:07 firewall pluto[3506]: | next payload type: ISAKMP_NEXT_SA Aug 4 19:22:07 firewall pluto[3506]: | ISAKMP version: ISAKMP Version 1.0 Aug 4 19:22:07 firewall pluto[3506]: | exchange type: ISAKMP_XCHG_IDPROT Aug 4 19:22:07 firewall pluto[3506]: | flags: none Aug 4 19:22:07 firewall pluto[3506]: | message ID: 00 00 00 00 Aug 4 19:22:07 firewall pluto[3506]: | length: 1100 Aug 4 19:22:07 firewall pluto[3506]: packet from 160.85.106.2:500: size (1116) differs from size specified in ISAKMP HDR (1100)
