Hi,
I've noticed that after commit 511, vpnc complains about the NAT Traversal
mode and makes you choose either none or nortel-udp. the first one doesn't
work as I can connect but can't ping or do anything, the second one
connects and works but after exactly 30 seconds it terminates. Here's the
debug log...
S7.8 setup ipsec tunnel
[2012-03-09 12:46:25]
lifetime status: 31 of 28800 seconds used, 2|11 of 0 kbytes used
received something on ike fd..
got late ike packet: 84 bytes
BEGIN_PARSE
Received Packet Len: 84
i_cookie: f713574e a932c657
r_cookie: 458138f2 d1e27696
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: 3d72d8e9
len: 00000054
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0c (ISAKMP_PAYLOAD_D)
length: 0018
ke.data:
002a8425 b48f4e6f 979159b9 6e506283 3eee5aa5
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 001c
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
d.spi_length: 10
d.num_spi: 0001
d.spi: f713574e a932c657 458138f2 d1e27696
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK
hashlen: 20
u.hash.length: 20
expected_hash:
002a8425 b48f4e6f 979159b9 6e506283 3eee5aa5
h->u.hash.data:
002a8425 b48f4e6f 979159b9 6e506283 3eee5aa5
got isakmp-delete, terminating...
connection terminated by peer
S7.10 send ipsec termination message
[2012-03-09 12:46:26]
size = 44, blksz = 8, padding = 4
sending: ========================>
BEGIN_PARSE
Received Packet Len: 76
i_cookie: f713574e a932c657
r_cookie: 458138f2 d1e27696
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: 39000000
len: 0000004c
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0c (ISAKMP_PAYLOAD_D)
length: 0018
ke.data:
0dfbc473 6b2937b4 d081ab1a d8606865 7a01d1d3
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0014
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 03 (ISAKMP_IPSEC_PROTO_IPSEC_ESP)
d.spi_length: 04
d.num_spi: 0002
d.spi: 2297969c
d.spi: c83b950f
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK
S7.11 send isakmp termination message
[2012-03-09 12:46:26]
size = 52, blksz = 8, padding = 4
sending: ========================>
BEGIN_PARSE
Received Packet Len: 84
i_cookie: f713574e a932c657
r_cookie: 458138f2 d1e27696
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: ed000000
len: 00000054
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0c (ISAKMP_PAYLOAD_D)
length: 0018
ke.data:
3a81879e 95931ea5 96b8fe90 a21330dd 15757bb9
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 001c
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
d.spi_length: 10
d.num_spi: 0001
d.spi: f713574e a932c657 458138f2 d1e27696
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK
S8 close_tunnel
[2012-03-09 12:46:26]
Version r510 works just fine....
Thanks,
Mariano
I've noticed that after commit 511, vpnc complains about the NAT Traversal
mode and makes you choose either none or nortel-udp. the first one doesn't
work as I can connect but can't ping or do anything, the second one
connects and works but after exactly 30 seconds it terminates. Here's the
debug log...
S7.8 setup ipsec tunnel
[2012-03-09 12:46:25]
lifetime status: 31 of 28800 seconds used, 2|11 of 0 kbytes used
received something on ike fd..
got late ike packet: 84 bytes
BEGIN_PARSE
Received Packet Len: 84
i_cookie: f713574e a932c657
r_cookie: 458138f2 d1e27696
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: 3d72d8e9
len: 00000054
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0c (ISAKMP_PAYLOAD_D)
length: 0018
ke.data:
002a8425 b48f4e6f 979159b9 6e506283 3eee5aa5
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 001c
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
d.spi_length: 10
d.num_spi: 0001
d.spi: f713574e a932c657 458138f2 d1e27696
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK
hashlen: 20
u.hash.length: 20
expected_hash:
002a8425 b48f4e6f 979159b9 6e506283 3eee5aa5
h->u.hash.data:
002a8425 b48f4e6f 979159b9 6e506283 3eee5aa5
got isakmp-delete, terminating...
connection terminated by peer
S7.10 send ipsec termination message
[2012-03-09 12:46:26]
size = 44, blksz = 8, padding = 4
sending: ========================>
BEGIN_PARSE
Received Packet Len: 76
i_cookie: f713574e a932c657
r_cookie: 458138f2 d1e27696
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: 39000000
len: 0000004c
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0c (ISAKMP_PAYLOAD_D)
length: 0018
ke.data:
0dfbc473 6b2937b4 d081ab1a d8606865 7a01d1d3
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0014
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 03 (ISAKMP_IPSEC_PROTO_IPSEC_ESP)
d.spi_length: 04
d.num_spi: 0002
d.spi: 2297969c
d.spi: c83b950f
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK
S7.11 send isakmp termination message
[2012-03-09 12:46:26]
size = 52, blksz = 8, padding = 4
sending: ========================>
BEGIN_PARSE
Received Packet Len: 84
i_cookie: f713574e a932c657
r_cookie: 458138f2 d1e27696
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: ed000000
len: 00000054
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0c (ISAKMP_PAYLOAD_D)
length: 0018
ke.data:
3a81879e 95931ea5 96b8fe90 a21330dd 15757bb9
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 001c
d.doi: 00000001 (ISAKMP_DOI_IPSEC)
d.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
d.spi_length: 10
d.num_spi: 0001
d.spi: f713574e a932c657 458138f2 d1e27696
DONE PARSING PAYLOAD type: 0c (ISAKMP_PAYLOAD_D)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK
S8 close_tunnel
[2012-03-09 12:46:26]
Version r510 works just fine....
Thanks,
Mariano