Good day again,
I got the Group passphrase by analyzing the client's memory - but now
I'm stuck at phase2: ./vpnc: response was invalid [1]:
(ISAKMP_N_INVALID_EXCHANGE_TYPE)(7)
Some captured packages:
S4.5 AM_packet3
[2014-07-17 16:15:55]
size = 36, blksz = 8, padding = 4
sending: ========================>
BEGIN_PARSE
Received Packet Len: 68
i_cookie: d807d703 d4a5f8ce
r_cookie: 97ef4b9a 9cb95f46
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 04 (ISAKMP_EXCHANGE_AGGRESSIVE)
flags: 01
message_id: 00000000
len: 00000044
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0b (ISAKMP_PAYLOAD_N)
length: 0018
ke.data:
61193407 01282b18 cdb044bc 9855c3a5 586b020b
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 000c
n.doi: 00000001 (ISAKMP_DOI_IPSEC)
n.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
n.spi_length: 00
n.type: 6002 (ISAKMP_N_IPSEC_INITIAL_CONTACT)
n.spi:
n.data:
DONE PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK
initial_iv: 8c3929c2 a9caa8fb
receiving: <========================
[2014-07-17 16:15:55]
S4.6 cleanup
[2014-07-17 16:15:55]
S5 do_phase2_xauth [1]
[2014-07-17 16:15:55]
S5.1 xauth_request
[2014-07-17 16:15:55]
S5.2 notice_check
[2014-07-17 16:15:55]
BEGIN_PARSE
Received Packet Len: 76
i_cookie: d807d703 d4a5f8ce
r_cookie: 97ef4b9a 9cb95f46
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
flags: 01
message_id: c35fdb76
len: 0000004c
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
length: 0018
ke.data:
a892ab13 9851d4e3 1a567540 3d97a688 d7b44ed3
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0014
modecfg.type: 01 (ISAKMP_MODECFG_CFG_REQUEST)
modecfg.id: 8261
t.attributes.type: 000d (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET)
t.attributes.u.attr_16: 0000
t.attributes.type: 000e (ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES)
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 000f (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP6_SUBNET)
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK
hashlen: 20
u.hash.length: 20
expected_hash:
a892ab13 9851d4e3 1a567540 3d97a688 d7b44ed3
h->u.hash.data:
a892ab13 9851d4e3 1a567540 3d97a688 d7b44ed3
S5.3 type-is-xauth check
[2014-07-17 16:15:55]
S5.4 xauth type check
[2014-07-17 16:15:55]
S5.5 do xauth reply
[2014-07-17 16:15:55]
size = 62, blksz = 8, padding = 2
sending: ========================>
BEGIN_PARSE
Received Packet Len: 92
i_cookie: d807d703 d4a5f8ce
r_cookie: 97ef4b9a 9cb95f46
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 06 (ISAKMP_EXCHANGE_MODECFG_TRANSACTION)
flags: 01
message_id: c35fdb76
len: 0000005c
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
length: 0018
ke.data:
0f284186 d4c19eb0 c8035995 1e7836f3 25b40d68
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0026
modecfg.type: 02 (ISAKMP_MODECFG_CFG_REPLY)
modecfg.id: 8261
t.attributes.type: 000d (ISAKMP_MODECFG_ATTRIB_INTERNAL_IP4_SUBNET)
t.attributes.u.attr_16: 0005
t.attributes.type: 000e (ISAKMP_MODECFG_ATTRIB_SUPPORTED_ATTRIBUTES)
(not dumping xauth data length)
(not dumping xauth data)
t.attributes.type: 0010 (ISAKMP_XAUTH_02_ATTRIB_PASSCODE)
(not dumping xauth data length)
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e (ISAKMP_PAYLOAD_MODECFG_ATTR)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 0000
PARSE_OK
receiving: <========================
[2014-07-17 16:15:57]
S5.2 notice_check
[2014-07-17 16:15:57]
BEGIN_PARSE
Received Packet Len: 68
i_cookie: d807d703 d4a5f8ce
r_cookie: 97ef4b9a 9cb95f46
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: 0126db32
len: 00000044
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0b (ISAKMP_PAYLOAD_N)
length: 0018
ke.data:
a962cf80 86bc142f 7c567439 076b9787 3986ee97
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 0010
n.doi: 00000001 (ISAKMP_DOI_IPSEC)
n.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
n.spi_length: 00
n.type: 0018 (ISAKMP_N_AUTHENTICATION_FAILED)
n.spi:
n.data: 00000008
DONE PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
PARSE_OK
hashlen: 20
u.hash.length: 20
expected_hash:
a962cf80 86bc142f 7c567439 076b9787 3986ee97
h->u.hash.data:
a962cf80 86bc142f 7c567439 076b9787 3986ee97
received notice of type (ISAKMP_N_AUTHENTICATION_FAILED)(24), giving up
S5.3 type-is-xauth check
[2014-07-17 16:15:57]
---!!!!!!!!! entering phase2_fatal !!!!!!!!!---
size = 36, blksz = 8, padding = 4
sending: ========================>
BEGIN_PARSE
Received Packet Len: 68
i_cookie: d807d703 d4a5f8ce
r_cookie: 97ef4b9a 9cb95f46
payload: 08 (ISAKMP_PAYLOAD_HASH)
isakmp_version: 10
exchange_type: 05 (ISAKMP_EXCHANGE_INFORMATIONAL)
flags: 01
message_id: 2a096aa7
len: 00000044
PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
next_type: 0b (ISAKMP_PAYLOAD_N)
length: 0018
ke.data:
ac36bc12 3029339b 102dbb0b 6a660913 325eaaa9
DONE PARSING PAYLOAD type: 08 (ISAKMP_PAYLOAD_HASH)
PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
next_type: 00 (ISAKMP_PAYLOAD_NONE)
length: 000c
n.doi: 00000001 (ISAKMP_DOI_IPSEC)
n.protocol: 01 (ISAKMP_IPSEC_PROTO_ISAKMP)
n.spi_length: 00
n.type: 0007 (ISAKMP_N_INVALID_EXCHANGE_TYPE)
n.spi:
n.data:
DONE PARSING PAYLOAD type: 0b (ISAKMP_PAYLOAD_N)
PARSING PAYLOAD type: 00 (ISAKMP_PAYLOAD_NONE)
extra data: 00000000
PARSE_OK
S7.11 send isakmp termination message
[2014-07-17 16:15:57]
size = 52, blksz = 8, padding = 4
What can I do?
Best regards,
Michael Fritscher
Am 17.07.2014 15:16, schrieb Michael Fritscher:
> Good day,
>
> I'm trying to connect to a cooperate Nortel VPN. For that, I'm using
> http://svn.unix-ag.uni-kl.de/vpnc/branches/vpnc-nortel .
>
> For this I examined the NvcProfiles_A.dat, which is as following:
>
> [VPN]
> AllowSavePassword=True
> AuthType=ResponseOnlyHW
> CertificateAltNameType=None
> CertificateName=
> Description=VPN-Name
> DestServer=1.2.3.4
> DestPort=
> DialupEntry=
> EntityName=
> EntityPass=
> EntityPass2=
> FailoverList=
> FailoverProfile=
> GroupID=vpnGroupID
> GroupPass=<hexrepresentation:
> 11:80:22:80:33:80:44:80:55:80:66:80:77:80:88:80>
> KeepAliveType=ActiveKeepalives
> LoginServiceName=
> PostLaunchArguments=
> PostLaunchFileName=
> PreLaunchArguments=
> PreLaunchFileName=
> PreLaunchTimeOut=10
> ProfileName=VPN-Connection
> ProxyExceptions=
> ProxyPort=
> ProxyServer=
> TunnelType=IPSec
> UsePasscode=False
> UseProxyServer=None
> UseSecondPassword=False
> UseSoftwareToken=False
>
> It is using a RSASecurID aka 2 Factor Authorisation aka Password+Pin.
>
> I translated this into
> IPSec gateway 1.2.3.4
> IPSec ID vpnGroupID
> IPSec obfuscated secret 11802280...8880
> IPSec secret <asc(11)><asc(22)>...<asc(88)>
> Xauth username myUsername
> Vendor nortel
> IKE Authmode PIN-token
> NAT Traversal Mode nortel-udp
> Debug 99
>
> it seems to be obfuscating other than obfuscated secret espects (I
> assume that is for cisco?)
>
> If I try the cleartext-variant, I get
> ./vpnc: hash comparison failed: (ISAKMP_N_AUTHENTICATION_FAILED)(24)
> check group password! I tried also simply copying the binary string into
> the config, and <asc(11)<asc(80)>...<asc(88)><asc(80)>
>
> The Nvc.exe has the version 10.1.52.0, it was last changed on 11.12.2008
> 9:30.
>
> So, the question is: What is the right way to extract the group password
> out of the config?
>
> Best regards,
> Michael Fritscher
>
>
>
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel@unix-ag.uni-kl.de
> https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/
>
--
ZfT - Zentrum für Telematik e.V.
Michael Fritscher
Allesgrundweg 12
97218 Gerbrunn
Tel: +49 (931) 3 29 29 54 - 21
Fax: +49 (931) 3 29 29 54 - 11
Email: michael.fritscher@telematik-zentrum.de
Web:
http://www.telematik-zentrum.de Vorstand:
Prof. Dr. Klaus Schilling, Hans-Joachim Leistner
Sitz: Gerbrunn
USt.-ID Nr.: DE 257 244 580, Steuer-Nr.: 257/111/70203
Amtsgericht Würzburg, Vereinsregister-Nr.: VR 200 167