Hello,
I'm using vpnc-0.5.3_12, compiled from source on FreeBSD CURRENT and
encounter the following problem. We use an app on an iPhone to generate
a 8 digit secret based on a 5 digit PIN I have to key in into the app.
This gives the 8 digits which are valid to connect to the VPN server for
60 secs.
Since some days I have to provide the *same* 8 digits three times into
the vpnc to get it connected. It is reproduceable.
I collected the with tcpdump the line below which have comments about
what I did in the vpnc terminal.
Any ideas how to debug this further? The server is located in USA and I
do not know what to say or ask to the IT staff there either.
Thanks
matthias
# tcpdump -n -i wlan0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
(now I start the VPN client)
16:37:40.887264 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 1 I agg
16:37:41.394480 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 1 R agg
16:37:41.403067 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 1 I agg[E]
16:37:41.526628 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
16:37:41.526997 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:37:43.532980 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:37:43.926149 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
(now I enter the 8 digits from the FOB as PIN into vpnc)
16:38:11.332438 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:11.682887 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
(now I enter the same 8 digits from the FOB as PIN again into vpnc)
16:38:16.679748 ARP, Request who-has 192.168.2.100 tell 192.168.2.1, length 28
16:38:16.679775 ARP, Reply 192.168.2.100 is-at 90:48:9a:92:9e:43, length 28
16:38:25.452600 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:27.475979 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:27.883623 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
(now I enter the same 8 digits from the FOB as PIN again into vpnc)
16:38:41.678864 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:44.245690 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
16:38:44.246037 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:44.246354 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:45.343385 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
16:38:46.046818 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I oakley-quick[E]
16:38:46.211118 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R inf[E]
16:38:46.211320 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I oakley-quick[E]
16:38:46.220652 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R oakley-quick[E]
16:38:46.220842 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I oakley-quick[E]
16:38:46.221361 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I inf[E]
16:38:46.221504 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I inf[E]
16:38:46.312851 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R oakley-quick[E]
16:38:46.384124 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R inf[E]
16:38:55.389852 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I inf[E]
16:38:55.389915 IP 192.168.2.100.10000 > 193.31.11.196.10000: UDP, length 5
OK, I'm connected now
--
Matthias Apitz, ? guru@unixarea.de, ? http://www.unixarea.de/ ? +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.
I'm using vpnc-0.5.3_12, compiled from source on FreeBSD CURRENT and
encounter the following problem. We use an app on an iPhone to generate
a 8 digit secret based on a 5 digit PIN I have to key in into the app.
This gives the 8 digits which are valid to connect to the VPN server for
60 secs.
Since some days I have to provide the *same* 8 digits three times into
the vpnc to get it connected. It is reproduceable.
I collected the with tcpdump the line below which have comments about
what I did in the vpnc terminal.
Any ideas how to debug this further? The server is located in USA and I
do not know what to say or ask to the IT staff there either.
Thanks
matthias
# tcpdump -n -i wlan0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
(now I start the VPN client)
16:37:40.887264 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 1 I agg
16:37:41.394480 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 1 R agg
16:37:41.403067 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 1 I agg[E]
16:37:41.526628 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
16:37:41.526997 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:37:43.532980 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:37:43.926149 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
(now I enter the 8 digits from the FOB as PIN into vpnc)
16:38:11.332438 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:11.682887 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
(now I enter the same 8 digits from the FOB as PIN again into vpnc)
16:38:16.679748 ARP, Request who-has 192.168.2.100 tell 192.168.2.1, length 28
16:38:16.679775 ARP, Reply 192.168.2.100 is-at 90:48:9a:92:9e:43, length 28
16:38:25.452600 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:27.475979 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:27.883623 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
(now I enter the same 8 digits from the FOB as PIN again into vpnc)
16:38:41.678864 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:44.245690 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
16:38:44.246037 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:44.246354 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I #6[E]
16:38:45.343385 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R #6[E]
16:38:46.046818 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I oakley-quick[E]
16:38:46.211118 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R inf[E]
16:38:46.211320 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I oakley-quick[E]
16:38:46.220652 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R oakley-quick[E]
16:38:46.220842 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I oakley-quick[E]
16:38:46.221361 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I inf[E]
16:38:46.221504 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I inf[E]
16:38:46.312851 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R oakley-quick[E]
16:38:46.384124 IP 193.31.11.196.500 > 192.168.2.100.500: isakmp: phase 2/others R inf[E]
16:38:55.389852 IP 192.168.2.100.500 > 193.31.11.196.500: isakmp: phase 2/others I inf[E]
16:38:55.389915 IP 192.168.2.100.10000 > 193.31.11.196.10000: UDP, length 5
OK, I'm connected now
--
Matthias Apitz, ? guru@unixarea.de, ? http://www.unixarea.de/ ? +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.