Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. vpnc>
  3. devel
Problems connecting to corporate network
olibuijr at gmail
Jul 6, 2013, 1:21 PM
Post #1 of 3 (1462 views)
Permalink
Hey all!

I've been trying to get the connection up to my company's network but i'm
stranded.

I've gotten the connection up, i have an ip address but whenever i try to
access resources on the network, ping a server or whatever, nothing passes
on through the tunnelled interface.

In Windows, when i connect i have to accept a security banner, before i do
that, no traffic is routed.

I'm wondering if somehow this is preventing me to get traffic to route over
to my company's network.

I just decided to post here in case anyone had any ideas.

With kind regards,
--
Ólafur Búi Ólafsson
olibuijr@gmail.com
Re: Problems connecting to corporate network [ In reply to ]
esperanto at cumego
Jul 13, 2013, 12:36 AM
Post #2 of 3 (1413 views)
Permalink
Ólafur Bui Ólafsson <olibuijr@gmail.com> writes:
> Hey all!
>
> I've been trying to get the connection up to my company's network but i'm
> stranded.
>
> I've gotten the connection up, i have an ip address but whenever i try to access
> resources on the network, ping a server or whatever, nothing passes on through
> the tunnelled interface.
>
> In Windows, when i connect i have to accept a security banner, before i do that,
> no traffic is routed. 
>
> I'm wondering if somehow this is preventing me to get traffic to route over to
> my company's network.
>
> I just decided to post here in case anyone had any ideas.
>
> With kind regards,
> -- 
> Ólafur Búi Ólafsson
> olibuijr@gmail.com

Hi!

I've got similar problem: I receive an IP address, IPs of DNS servers
and part of the route, but cannot access any of resources in my
company.

I started vpnc in debug mode and it seems that part of route addresses
(those with t.attributes.type: 400x ?) are not interpreted for some
reason:
S6.2 phase2_config receive modecfg
[2013-06-29 12:17:02]
BEGIN_PARSE
Received Packet Len: 188
i_cookie: 662ca3af c1e45705
r_cookie: b66ac0fd ecb80728
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
flags: 01
message_id: ce519155
len: 000000bc

PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
length: 0018
ke.data:
f75965b3 377fb464 fb4101d5 4a8642d4 5947fdef
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)

PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0085
modecfg.type: 03 (ISAKMP_MODECFG_CFG_SET)
modecfg.id: dff4
t.attributes.type: 0001 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_ADDRESS)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 0a88d807
t.attributes.type: 0006 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DHCP)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 0a885529
t.attributes.type: 4008 (unknown)
t.attributes.u.attr_16: 0000
t.attributes.type: 4009 (unknown)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 3c000000
t.attributes.type: 400a (unknown)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 03000000
t.attributes.type: 0002 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NETMASK)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: fffff800
t.attributes.type: 0003 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 0a88551b
t.attributes.type: 0003 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 0a885520
t.attributes.type: 0004 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NBNS)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 0a0c4051
t.attributes.type: 0004 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NBNS)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: ac1ee322
t.attributes.type: 400c (unknown)
t.attributes.u.attr_16: 0000
t.attributes.type: 4019 (unknown)
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 400e (unknown)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 0a885529
t.attributes.type: 400d (unknown)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 97c17884
t.attributes.type: 4005 (ISAKMP_MODECFG_ATTRIB_NORTEL_DEF_DOMAIN_A)
t.attributes.u.lots.length: 0009
t.attributes.u.lots.data: 73616272 652e636f 6d
t.attributes.type: 4013 (unknown)
t.attributes.u.attr_16: 0000
t.attributes.type: 4010 (unknown)
t.attributes.u.lots.length: 0004
t.attributes.u.lots.data: 1db4ce51
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)

PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 000000
PARSE_OK
hashlen: 20
u.hash.length: 20
expected_hash:
f75965b3 377fb464 fb4101d5 4a8642d4 5947fdef
h->u.hash.data:
f75965b3 377fb464 fb4101d5 4a8642d4 5947fdef
unknown attribute 6 / 0x6
unknown attribute 16392 / 0x4008
unknown attribute 16393 / 0x4009
unknown attribute 16394 / 0x400A
unknown attribute 16396 / 0x400C
unknown attribute 16409 / 0x4019
unknown attribute 16398 / 0x400E
unknown attribute 16397 / 0x400D
unknown attribute 16403 / 0x4013
unknown attribute 16400 / 0x4010
got address 10.136.216.7
size = 100, blksz = 8, padding = 4

Of course, I'm using the nortel branch.

If anyone knows how to fix this I can be a tester and provide debug logs.

Thanks,
Przemek
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/
Re: Problems connecting to corporate network [ In reply to ]
jpietkun at gmail
Jul 14, 2013, 1:15 PM
Post #3 of 3 (1404 views)
Permalink
Hi Przemys³aw,

The same thread is here:
http://www.gossamer-threads.com/lists/vpnc/devel/3768 "Connection
disconnected after 30 seconds"

What my current knowledge is that, when "Accept"-ing the banner, client
sends an ISAKMP packet (Exchange Type 20) and receives another one from
server (Exchange Type 5, Informational). Exchange Type 20 is unknown to me.
So far all web resources say exchange types from 6 to ... are reserved. I
only found one resource that revealed exchange type 6 and it might be
Certificate type.
I know of those two ISAKMP packates from Wireshark (www.wireshark.org)
logs. It seems what You say, that traffic begins after "Accept"-ing the
banner. I scanned two interfaces at a time and observed "new" traffic after
"Accept"-ing.
Take a look at the logs from Wireshark. Two intereting packets are in
win_lan_eth.pcap file.

What I am looking for now is how to decrypt the packets. Today I ran
another connection, this time for a longer time and observed this time 3
pairs of packets.

For decryption, this is the best resource I have:
http://ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-andor-esp-packets

Would be really an ease to have some experienced cryptographer here. By the
time let the journey with cryptography continue :-)

Good Luck!
Jakub


2013/7/13 Przemys³aw Wojnowski <esperanto@cumego.com>

> Ólafur Bui Ólafsson <olibuijr@gmail.com> writes:
> > Hey all!
> >
> > I've been trying to get the connection up to my company's network but i'm
> > stranded.
> >
> > I've gotten the connection up, i have an ip address but whenever i try
> to access
> > resources on the network, ping a server or whatever, nothing passes on
> through
> > the tunnelled interface.
> >
> > In Windows, when i connect i have to accept a security banner, before i
> do that,
> > no traffic is routed.
> >
> > I'm wondering if somehow this is preventing me to get traffic to route
> over to
> > my company's network.
> >
> > I just decided to post here in case anyone had any ideas.
> >
> > With kind regards,
> > --
> > Ólafur Búi Ólafsson
> > olibuijr@gmail.com
>
> Hi!
>
> I've got similar problem: I receive an IP address, IPs of DNS servers
> and part of the route, but cannot access any of resources in my
> company.
>
> I started vpnc in debug mode and it seems that part of route addresses
> (those with t.attributes.type: 400x ?) are not interpreted for some
> reason:
> S6.2 phase2_config receive modecfg
> [2013-06-29 12:17:02]
> BEGIN_PARSE
> Received Packet Len: 188
> i_cookie: 662ca3af c1e45705
> r_cookie: b66ac0fd ecb80728
> payload: 08 (ISAKMP_PAYLOAD_HASH)
> isakmp_version: 10
> exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
> flags: 01
> message_id: ce519155
> len: 000000bc
>
> PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
> next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
> length: 0018
> ke.data:
> f75965b3 377fb464 fb4101d5 4a8642d4 5947fdef
> DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
>
> PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
> next_type: 00 (ISAKMP_PAYLOAD_NONE)
> length: 0085
> modecfg.type: 03 (ISAKMP_MODECFG_CFG_SET)
> modecfg.id: dff4
> t.attributes.type: 0001 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_ADDRESS)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: 0a88d807
> t.attributes.type: 0006 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DHCP)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: 0a885529
> t.attributes.type: 4008 (unknown)
> t.attributes.u.attr_16: 0000
> t.attributes.type: 4009 (unknown)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: 3c000000
> t.attributes.type: 400a (unknown)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: 03000000
> t.attributes.type: 0002 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NETMASK)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: fffff800
> t.attributes.type: 0003 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: 0a88551b
> t.attributes.type: 0003 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_DNS)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: 0a885520
> t.attributes.type: 0004 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NBNS)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: 0a0c4051
> t.attributes.type: 0004 (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_NBNS)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: ac1ee322
> t.attributes.type: 400c (unknown)
> t.attributes.u.attr_16: 0000
> t.attributes.type: 4019 (unknown)
> t.attributes.u.lots.length: 0000
> t.attributes.u.lots.data:
> t.attributes.type: 400e (unknown)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: 0a885529
> t.attributes.type: 400d (unknown)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: 97c17884
> t.attributes.type: 4005 (ISAKMP_MODECFG_ATTRIB_NORTEL_DEF_DOMAIN_A)
> t.attributes.u.lots.length: 0009
> t.attributes.u.lots.data: 73616272 652e636f 6d
> t.attributes.type: 4013 (unknown)
> t.attributes.u.attr_16: 0000
> t.attributes.type: 4010 (unknown)
> t.attributes.u.lots.length: 0004
> t.attributes.u.lots.data: 1db4ce51
> DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
>
> PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
> extra data: 000000
> PARSE_OK
> hashlen: 20
> u.hash.length: 20
> expected_hash:
> f75965b3 377fb464 fb4101d5 4a8642d4 5947fdef
> h->u.hash.data:
> f75965b3 377fb464 fb4101d5 4a8642d4 5947fdef
> unknown attribute 6 / 0x6
> unknown attribute 16392 / 0x4008
> unknown attribute 16393 / 0x4009
> unknown attribute 16394 / 0x400A
> unknown attribute 16396 / 0x400C
> unknown attribute 16409 / 0x4019
> unknown attribute 16398 / 0x400E
> unknown attribute 16397 / 0x400D
> unknown attribute 16403 / 0x4013
> unknown attribute 16400 / 0x4010
> got address 10.136.216.7
> size = 100, blksz = 8, padding = 4
>
> Of course, I'm using the nortel branch.
>
> If anyone knows how to fix this I can be a tester and provide debug logs.
>
> Thanks,
> Przemek
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel@unix-ag.uni-kl.de
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal