Hi! Sorry this took long, I had to find time to reconfigure the OpenBSD
gateway.
On Monday, September 12, 2011, Kevin VPN wrote:
>
> From the iked.log you provided, it seems that the gateway is not responding
> the the Shrew client's request. Is there any chance you can view the log on
> the OpenBSD gateway to see what it says about the incoming request?
>
> You could also run a packet capture on your Ubuntu box's outgoing interface
> to see if the request is even being sent out.
>
At the OpenBSD gateway, I get these logs from isakmpd:
Sep 10 15:07:09 XXXX isakmpd[15168]: transport_send_messages: giving up
on exchange peer-default, no response from peer xxx.xxx.xxx.xxx:60771
On a running attempt, these logs appear after every second resend attempt of
the phase1 negotiation per connection attempt.
Attached is the verbose isakmpd log from the gateway; I notice that the SA
payload gets dropped right after the phase1 negotiation.
004821.946106 Default log_debug_cmd: log level changed from 0 to 99 for class 2 [priv]
004821.954042 Default log_debug_cmd: log level changed from 0 to 99 for class 3 [priv]
004821.954393 Default log_debug_cmd: log level changed from 0 to 99 for class 7 [priv]
004821.954667 Default log_debug_cmd: log level changed from 0 to 99 for class 8 [priv]
004821.954951 Default log_debug_cmd: log level changed from 0 to 99 for class 9 [priv]
004821.957313 Default isakmpd: starting [priv]
004823.760018 Plcy 30 policy_init: initializing
004823.761621 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/ca/
004823.765598 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/certs/
004823.769651 Cryp 40 x509_read_crls_from_dir: reading CRLs from /etc/isakmpd/crls/
004823.882595 Cryp 60 hash_get: requested algorithm 0
004823.883044 Exch 50 nat_t_setup_hashes: MD5("draft-ietf-ipsec-nat-t-ike-02
") (16 bytes)
004823.883282 Exch 50 nat_t_setup_hashes:
004823.883810 Exch 50 90cb8091 3ebb696e 086381b5 ec427b1f
004823.884071 Exch 50 nat_t_setup_hashes: MD5("draft-ietf-ipsec-nat-t-ike-03") (16 bytes)
004823.884273 Exch 50 nat_t_setup_hashes:
004823.884767 Exch 50 7d9419a6 5310ca6f 2c179d92 15529d56
004823.885166 Exch 50 nat_t_setup_hashes: MD5("RFC 3947") (16 bytes)
004823.885435 Exch 50 nat_t_setup_hashes:
004823.885929 Exch 50 4a131c81 07035845 5c5728f2 0e95452f
004823.886143 Cryp 60 hash_get: requested algorithm 0
004823.886404 Exch 50 setup_vendor_hashes: MD5("OpenBSD-4.0") (16 bytes)
004823.886602 Exch 50 setup_vendor_hashes:
004823.887083 Exch 50 6c0dcd48 1deae8ae 0b0a6838 4b3072f9
004848.390859 Mesg 90 message_alloc: allocated 0x8898d980
004848.391363 Mesg 70 message_recv: message 0x8898d980
004848.391755 Mesg 70 ICOOKIE: 31e4d9be6273c79b
004848.392150 Mesg 70 RCOOKIE: 0000000000000000
004848.392390 Mesg 70 NEXT_PAYLOAD: SA
004848.392688 Mesg 70 VERSION: 16
004848.392924 Mesg 70 EXCH_TYPE: ID_PROT
004848.393157 Mesg 70 FLAGS: [ ]
004848.393454 Mesg 70 MESSAGE_ID: 00000000
004848.393714 Mesg 70 LENGTH: 316
004848.394531 Mesg 70 message_recv: 31e4d9be 6273c79b 00000000 00000000 01100200 00000000 0000013c 0d00003c
004848.396971 Mesg 70 message_recv: 00000001 00000001 00000030 01010001 00000028 01010000 80010007 800e0100
004848.397824 Mesg 70 message_recv: 80020002 80040002 80030001 800b0001 000c0004 00015180 0d000014 4485152d
004848.398618 Mesg 70 message_recv: 18b6bbcd 0be8a846 9579ddcc 0d000014 16f6ca16 e4a4066d 83821a0f 0aeaa862
004848.399408 Mesg 70 message_recv: 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 7d9419a6 5310ca6f
004848.400205 Mesg 70 message_recv: 2c179d92 15529d56 0d000014 4a131c81 07035845 5c5728f2 0e95452f 0d000018
004848.400998 Mesg 70 message_recv: 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000 0d000014 afcad713 68a1f1c9
004848.401792 Mesg 70 message_recv: 6b8696fc 77570100 0d000014 f14b94b7 bff1fef0 2773b8c4 9feded26 0d000018
004848.402581 Mesg 70 message_recv: 166f932d 55eb64d8 e4df4fd3 7e2313f0 d0fd8451 0d000014 8404adf9 cda05760
004848.403345 Mesg 70 message_recv: b2ca292e 4bff537b 00000014 12f5f28c 457168a9 702d9fe2 74cc0100
004848.403648 Mesg 50 message_parse_payloads: offset 28 payload SA
004848.403905 Mesg 50 message_parse_payloads: offset 88 payload VENDOR
004848.404149 Mesg 50 message_parse_payloads: offset 108 payload VENDOR
004848.404393 Mesg 50 message_parse_payloads: offset 128 payload VENDOR
004848.404640 Mesg 50 message_parse_payloads: offset 148 payload VENDOR
004848.404888 Mesg 50 message_parse_payloads: offset 168 payload VENDOR
004848.405148 Mesg 50 message_parse_payloads: offset 188 payload VENDOR
004848.405392 Mesg 50 message_parse_payloads: offset 212 payload VENDOR
004848.405640 Mesg 50 message_parse_payloads: offset 232 payload VENDOR
004848.405887 Mesg 50 message_parse_payloads: offset 252 payload VENDOR
004848.406130 Mesg 50 message_parse_payloads: offset 276 payload VENDOR
004848.406378 Mesg 50 message_parse_payloads: offset 296 payload VENDOR
004848.406638 Mesg 60 message_validate_payloads: payload SA at 0x8899181c of message 0x8898d980
004848.406899 Mesg 70 DOI: 1
004848.407117 Mesg 70 SIT:
004848.408072 Cryp 60 hash_get: requested algorithm 1
004848.408577 Exch 10 exchange_setup_p1: 0x8898a300 peer-default phase1-peer-default policy responder phase 1 doi 1 exchange 2 step 0
004848.408841 Exch 10 exchange_setup_p1: icookie 31e4d9be6273c79b rcookie 67055f191147b6a8
004848.409063 Exch 10 exchange_setup_p1: msgid 00000000
004848.409337 Mesg 50 message_parse_payloads: offset 40 payload PROPOSAL
004848.409585 Mesg 50 message_parse_payloads: offset 48 payload TRANSFORM
004848.409816 Mesg 50 Transform 1's attributes
004848.410056 Mesg 50 Attribute ENCRYPTION_ALGORITHM value 7
004848.410295 Mesg 50 Attribute KEY_LENGTH value 256
004848.410531 Mesg 50 Attribute HASH_ALGORITHM value 2
004848.410766 Mesg 50 Attribute GROUP_DESCRIPTION value 2
004848.411001 Mesg 50 Attribute AUTHENTICATION_METHOD value 1
004848.411237 Mesg 50 Attribute LIFE_TYPE value 1
004848.411488 Mesg 50 Attribute LIFE_DURATION value 86400
004848.411741 Mesg 60 message_validate_payloads: payload PROPOSAL at 0x88991828 of message 0x8898d980
004848.412085 Mesg 70 NO: 1
004848.414707 Mesg 70 PROTO: ISAKMP
004848.414982 Mesg 70 SPI_SZ: 0
004848.415264 Mesg 70 NTRANSFORMS: 1
004848.415492 Mesg 70 SPI:
004848.415752 Mesg 60 message_validate_payloads: payload TRANSFORM at 0x88991830 of message 0x8898d980
004848.416013 Mesg 70 NO: 1
004848.416260 Mesg 70 ID: 1
004848.416479 Mesg 70 SA_ATTRS:
004848.416755 Mesg 60 message_validate_payloads: payload VENDOR at 0x88991858 of message 0x8898d980
004848.416977 Mesg 70 ID:
004848.417242 Mesg 60 message_validate_payloads: payload VENDOR at 0x8899186c of message 0x8898d980
004848.417457 Mesg 70 ID:
004848.417716 Mesg 60 message_validate_payloads: payload VENDOR at 0x88991880 of message 0x8898d980
004848.417939 Mesg 70 ID:
004848.418165 Exch 10 nat_t_check_vendor_payload: NAT-T capable peer detected
004848.418413 Mesg 60 message_validate_payloads: payload VENDOR at 0x88991894 of message 0x8898d980
004848.418636 Mesg 70 ID:
004848.418862 Exch 10 nat_t_check_vendor_payload: NAT-T capable peer detected
004848.419110 Mesg 60 message_validate_payloads: payload VENDOR at 0x889918a8 of message 0x8898d980
004848.419333 Mesg 70 ID:
004848.419556 Exch 10 nat_t_check_vendor_payload: NAT-T capable peer detected
004848.419799 Mesg 60 message_validate_payloads: payload VENDOR at 0x889918bc of message 0x8898d980
004848.420014 Mesg 70 ID:
004848.420245 Exch 90 check_vendor_openbsd: bad size 20 != 16
004848.420475 Exch 90 dpd_check_vendor_payload: bad size 20 != 16
004848.420685 Mesg 40 message_validate_vendor: vendor ID seen
004848.420925 Mesg 60 message_validate_payloads: payload VENDOR at 0x889918d4 of message 0x8898d980
004848.421151 Mesg 70 ID:
004848.421374 Exch 10 dpd_check_vendor_payload: DPD capable peer detected
004848.421622 Mesg 60 message_validate_payloads: payload VENDOR at 0x889918e8 of message 0x8898d980
004848.421844 Mesg 70 ID:
004848.422101 Mesg 60 message_validate_payloads: payload VENDOR at 0x889918fc of message 0x8898d980
004848.422327 Mesg 70 ID:
004848.422558 Exch 90 check_vendor_openbsd: bad size 20 != 16
004848.422805 Mesg 60 message_validate_payloads: payload VENDOR at 0x88991914 of message 0x8898d980
004848.423045 Mesg 70 ID:
004848.423297 Mesg 60 message_validate_payloads: payload VENDOR at 0x88991928 of message 0x8898d980
004848.423515 Mesg 70 ID:
004848.423783 Exch 90 exchange_validate: checking for required SA
004848.424176 Cryp 60 hash_get: requested algorithm 1
004848.424428 Negt 30 message_negotiate_sa: transform 1 proto 1 proposal 1 ok
004848.426336 Negt 20 ike_phase_1_validate_prop: success
004848.426580 Negt 30 message_negotiate_sa: proposal 1 succeeded
004848.426804 Cryp 60 hash_get: requested algorithm 1
004848.427394 Exch 10 exchange_handle_leftover_payloads: unexpected payload VENDOR
004848.427654 Exch 40 exchange_run: exchange 0x8898a300 finished step 0, advancing...
004848.427936 Mesg 90 message_alloc: allocated 0x8898d300
004848.428536 Exch 90 exchange_validate: checking for required SA
004848.428767 Mesg 70 message_send: message 0x8898d300
004848.429128 Mesg 70 ICOOKIE: 31e4d9be6273c79b
004848.429488 Mesg 70 RCOOKIE: 67055f191147b6a8
004848.429718 Mesg 70 NEXT_PAYLOAD: SA
004848.429966 Mesg 70 VERSION: 16
004848.430193 Mesg 70 EXCH_TYPE: ID_PROT
004848.430416 Mesg 70 FLAGS: [ ]
004848.430709 Mesg 70 MESSAGE_ID: 00000000
004848.430965 Mesg 70 LENGTH: 188
004848.431771 Mesg 70 message_send: 31e4d9be 6273c79b 67055f19 1147b6a8 01100200 00000000 000000bc 0d00003c
004848.432594 Mesg 70 message_send: 00000001 00000001 00000030 01010001 00000028 01010000 80010007 800e0100
004848.433412 Mesg 70 message_send: 80020002 80040002 80030001 800b0001 000c0004 00015180 0d000014 6c0dcd48
004848.434207 Mesg 70 message_send: 1deae8ae 0b0a6838 4b3072f9 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f
004848.435004 Mesg 70 message_send: 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014 4a131c81 07035845
004848.435740 Mesg 70 message_send: 5c5728f2 0e95452f 00000014 afcad713 68a1f1c9 6b8696fc 77570100
004848.435979 Exch 40 exchange_run: exchange 0x8898a300 finished step 1, advancing...
004855.513283 Mesg 70 message_send: message 0x8898d300
004855.513773 Mesg 70 ICOOKIE: 31e4d9be6273c79b
004855.514165 Mesg 70 RCOOKIE: 67055f191147b6a8
004855.514413 Mesg 70 NEXT_PAYLOAD: SA
004855.514689 Mesg 70 VERSION: 16
004855.514908 Mesg 70 EXCH_TYPE: ID_PROT
004855.515139 Mesg 70 FLAGS: [ ]
004855.515450 Mesg 70 MESSAGE_ID: 00000000
004855.515707 Mesg 70 LENGTH: 188
004855.516515 Mesg 70 message_send: 31e4d9be 6273c79b 67055f19 1147b6a8 01100200 00000000 000000bc 0d00003c
004855.517398 Mesg 70 message_send: 00000001 00000001 00000030 01010001 00000028 01010000 80010007 800e0100
004855.519798 Mesg 70 message_send: 80020002 80040002 80030001 800b0001 000c0004 00015180 0d000014 6c0dcd48
004855.520596 Mesg 70 message_send: 1deae8ae 0b0a6838 4b3072f9 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f
004855.521394 Mesg 70 message_send: 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014 4a131c81 07035845
004855.522116 Mesg 70 message_send: 5c5728f2 0e95452f 00000014 afcad713 68a1f1c9 6b8696fc 77570100
004858.406207 Mesg 90 message_alloc: allocated 0x8898d780
004858.406553 Mesg 70 message_recv: message 0x8898d780
004858.407039 Mesg 70 ICOOKIE: 31e4d9be6273c79b
004858.407418 Mesg 70 RCOOKIE: 0000000000000000
004858.407672 Mesg 70 NEXT_PAYLOAD: SA
004858.407944 Mesg 70 VERSION: 16
004858.408176 Mesg 70 EXCH_TYPE: ID_PROT
004858.408866 Mesg 70 FLAGS: [ ]
004858.409179 Mesg 70 MESSAGE_ID: 00000000
004858.409439 Mesg 70 LENGTH: 316
004858.410609 Mesg 70 message_recv: 31e4d9be 6273c79b 00000000 00000000 01100200 00000000 0000013c 0d00003c
004858.411450 Mesg 70 message_recv: 00000001 00000001 00000030 01010001 00000028 01010000 80010007 800e0100
004858.412305 Mesg 70 message_recv: 80020002 80040002 80030001 800b0001 000c0004 00015180 0d000014 4485152d
004858.414648 Mesg 70 message_recv: 18b6bbcd 0be8a846 9579ddcc 0d000014 16f6ca16 e4a4066d 83821a0f 0aeaa862
004858.415768 Mesg 70 message_recv: 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 7d9419a6 5310ca6f
004858.416583 Mesg 70 message_recv: 2c179d92 15529d56 0d000014 4a131c81 07035845 5c5728f2 0e95452f 0d000018
004858.417459 Mesg 70 message_recv: 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000 0d000014 afcad713 68a1f1c9
004858.418258 Mesg 70 message_recv: 6b8696fc 77570100 0d000014 f14b94b7 bff1fef0 2773b8c4 9feded26 0d000018
004858.419047 Mesg 70 message_recv: 166f932d 55eb64d8 e4df4fd3 7e2313f0 d0fd8451 0d000014 8404adf9 cda05760
004858.419894 Mesg 70 message_recv: b2ca292e 4bff537b 00000014 12f5f28c 457168a9 702d9fe2 74cc0100
004858.420157 Mesg 90 message_recv: dropping setup for existing SA
004858.420371 Mesg 20 message_free: freeing 0x8898d780
004904.593145 Mesg 70 message_send: message 0x8898d300
004904.593855 Mesg 70 ICOOKIE: 31e4d9be6273c79b
004904.594268 Mesg 70 RCOOKIE: 67055f191147b6a8
004904.594514 Mesg 70 NEXT_PAYLOAD: SA
004904.594794 Mesg 70 VERSION: 16
004904.595399 Mesg 70 EXCH_TYPE: ID_PROT
004904.595633 Mesg 70 FLAGS: [ ]
004904.595937 Mesg 70 MESSAGE_ID: 00000000
004904.596198 Mesg 70 LENGTH: 188
004904.597006 Mesg 70 message_send: 31e4d9be 6273c79b 67055f19 1147b6a8 01100200 00000000 000000bc 0d00003c
004904.598360 Mesg 70 message_send: 00000001 00000001 00000030 01010001 00000028 01010000 80010007 800e0100
004904.601280 Mesg 70 message_send: 80020002 80040002 80030001 800b0001 000c0004 00015180 0d000014 6c0dcd48
004904.602101 Mesg 70 message_send: 1deae8ae 0b0a6838 4b3072f9 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f
004904.602899 Mesg 70 message_send: 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014 4a131c81 07035845
004904.603848 Mesg 70 message_send: 5c5728f2 0e95452f 00000014 afcad713 68a1f1c9 6b8696fc 77570100
004915.723214 Mesg 70 message_send: message 0x8898d300
004915.724104 Mesg 70 ICOOKIE: 31e4d9be6273c79b
004915.724991 Mesg 70 RCOOKIE: 67055f191147b6a8
004915.726147 Mesg 70 NEXT_PAYLOAD: SA
004915.727163 Mesg 70 VERSION: 16
004915.727685 Mesg 70 EXCH_TYPE: ID_PROT
004915.728211 Mesg 70 FLAGS: [ ]
004915.729875 Mesg 70 MESSAGE_ID: 00000000
004915.730430 Mesg 70 LENGTH: 188
004915.732461 Mesg 70 message_send: 31e4d9be 6273c79b 67055f19 1147b6a8 01100200 00000000 000000bc 0d00003c
004915.733736 Mesg 70 message_send: 00000001 00000001 00000030 01010001 00000028 01010000 80010007 800e0100
004915.734820 Mesg 70 message_send: 80020002 80040002 80030001 800b0001 000c0004 00015180 0d000014 6c0dcd48
004915.736478 Mesg 70 message_send: 1deae8ae 0b0a6838 4b3072f9 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f
004915.739902 Mesg 70 message_send: 0d000014 7d9419a6 5310ca6f 2c179d92 15529d56 0d000014 4a131c81 07035845
004915.741427 Mesg 70 message_send: 5c5728f2 0e95452f 00000014 afcad713 68a1f1c9 6b8696fc 77570100
004915.744178 Default transport_send_messages: giving up on exchange peer-default, no response from peer 121.54.32.150:26798
004915.744735 Mesg 20 message_free: freeing 0x8898d300
004919.256782 Mesg 90 message_alloc: allocated 0x8898d700
004919.257132 Mesg 70 message_recv: message 0x8898d700
004919.257650 Mesg 70 ICOOKIE: 31e4d9be6273c79b
004919.258145 Mesg 70 RCOOKIE: 0000000000000000
004919.258381 Mesg 70 NEXT_PAYLOAD: SA
004919.259157 Mesg 70 VERSION: 16
004919.259453 Mesg 70 EXCH_TYPE: ID_PROT
004919.259675 Mesg 70 FLAGS: [ ]
004919.259965 Mesg 70 MESSAGE_ID: 00000000
004919.260229 Mesg 70 LENGTH: 316
004919.261097 Mesg 70 message_recv: 31e4d9be 6273c79b 00000000 00000000 01100200 00000000 0000013c 0d00003c
004919.265525 Mesg 70 message_recv: 00000001 00000001 00000030 01010001 00000028 01010000 80010007 800e0100
004919.266844 Mesg 70 message_recv: 80020002 80040002 80030001 800b0001 000c0004 00015180 0d000014 4485152d
004919.268248 Mesg 70 message_recv: 18b6bbcd 0be8a846 9579ddcc 0d000014 16f6ca16 e4a4066d 83821a0f 0aeaa862
004919.269547 Mesg 70 message_recv: 0d000014 90cb8091 3ebb696e 086381b5 ec427b1f 0d000014 7d9419a6 5310ca6f
004919.271082 Mesg 70 message_recv: 2c179d92 15529d56 0d000014 4a131c81 07035845 5c5728f2 0e95452f 0d000018
004919.271867 Mesg 70 message_recv: 4048b7d5 6ebce885 25e7de7f 00d6c2d3 80000000 0d000014 afcad713 68a1f1c9
004919.272643 Mesg 70 message_recv: 6b8696fc 77570100 0d000014 f14b94b7 bff1fef0 2773b8c4 9feded26 0d000018
004919.273889 Mesg 70 message_recv: 166f932d 55eb64d8 e4df4fd3 7e2313f0 d0fd8451 0d000014 8404adf9 cda05760
004919.274595 Mesg 70 message_recv: b2ca292e 4bff537b 00000014 12f5f28c 457168a9 702d9fe2 74cc0100
004919.274818 Mesg 90 message_recv: dropping setup for existing SA
004919.275593 Mesg 20 message_free: freeing 0x8898d700
_______________________________________________
vpn-help mailing list
[email protected]
http://lists.shrew.net/mailman/listinfo/vpn-help
