Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. vpnc>
  3. devel
Trouble getting it working
matthias.jung at uni-dortmund
May 16, 2004, 9:47 PM
Post #1 of 8 (4022 views)
Permalink
Hi,
I am trying to use vpnc on the cisco vpn at the University of Dortmund.
Unfortunately it doesn't work for me.
On the website of my university you can find this information ( available to
anyone, so i can safely post them here ;-).

<-------------what the university says:-------------->
Policy type: Cisco Unified client
Gateway address: 129.217.129.34
Same authentication configuration
Use Perfect Forward Secrecy Disabled

IKE Suite:
GRP2_DH-1024
Cipher: 3DES_CBC
Hash: SHA
IPSec Suite: ESPIP_3DES_SHA-96

Soft Client Initial Configuration:
IP address of remote server: 129.217.129.34
Group Access Information:
Name: vpnoutside
Password: hrzvpnclient
<------------------------------------------------------->

I am using this configuration currently:

<--------------------/etc/vpnc.conf------------------->
Interface name tun0
IKE DH Group dh2
Perfect Forward Secrecy nopfs
IPSec gateway 129.217.129.34
IPSec ID vpnoutside
IPSec secret hrzvpnclient
<------------------------------------------------------->
And all i get is:

./vpnc: quick mode response rejected: INVALID_MESSAGE_ID
check pfs setting

Am I doing something wrong, or does vpnc simply not support the vpn servers
requirements (I do not think so)

with regards

Matthias Jung
Trouble getting it working [ In reply to ]
massar at unix-ag
May 16, 2004, 10:04 PM
Post #2 of 8 (3914 views)
Permalink
hi,

> <--------------------/etc/vpnc.conf------------------->
> Interface name tun0
> IKE DH Group dh2
> Perfect Forward Secrecy nopfs
> IPSec gateway 129.217.129.34
> IPSec ID vpnoutside
> IPSec secret hrzvpnclient
> <------------------------------------------------------->

you should not need to set "Interface name", "IKE DH Group"
or "Perfect Forward Secrecy"

> And all i get is:
>
> ./vpnc: quick mode response rejected: INVALID_MESSAGE_ID
> check pfs setting

which vpnc version are you using?

cu
maurice
Trouble getting it working [ In reply to ]
matthias.jung at uni-dortmund
May 16, 2004, 10:46 PM
Post #3 of 8 (3916 views)
Permalink
Hi,
I am using vpnc-0.2-rm+zomb.1.tar.gz
seems to be the latest.
I have also tried another account (department of computer science) which I
also have access to (unfortunately this is the more restrictive one ;-)).
This connection running over the same vpnserver (should work according to
departments vpn datasheet), gives the error:

./vpnc: response was invalid [1]: UNEQUAL_PAYLOAD_LENGTHS

Using another given vpn server works fine. I havent setup the routing, but
thats only a small problem.
But I yet do not understand why my first accound does not work yet. Maybe
their machine isnt setup properly. But at least the second one works, so I
can access most things I need.

Matthias

Am Sonntag, 16. Mai 2004 22:03 schrieb Maurice Massar:
> hi,
>
> > <--------------------/etc/vpnc.conf------------------->
> > Interface name tun0
> > IKE DH Group dh2
> > Perfect Forward Secrecy nopfs
> > IPSec gateway 129.217.129.34
> > IPSec ID vpnoutside
> > IPSec secret hrzvpnclient
> > <------------------------------------------------------->
>
> you should not need to set "Interface name", "IKE DH Group"
> or "Perfect Forward Secrecy"
>
> > And all i get is:
> >
> > ./vpnc: quick mode response rejected: INVALID_MESSAGE_ID
> > check pfs setting
>
> which vpnc version are you using?
>
> cu
> maurice
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel@unix-ag.uni-kl.de
> http://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/
Trouble getting it working [ In reply to ]
nils.kemper at udo
May 17, 2004, 11:18 AM
Post #4 of 8 (3919 views)
Permalink
Hi,
Am Sonntag, 16. Mai 2004 22:03 schrieb Maurice Massar:
> hi,
>
> > <--------------------/etc/vpnc.conf------------------->
> > Interface name tun0
> > IKE DH Group dh2
> > Perfect Forward Secrecy nopfs
> > IPSec gateway 129.217.129.34
> > IPSec ID vpnoutside
> > IPSec secret hrzvpnclient
> > <------------------------------------------------------->
>
> you should not need to set "Interface name", "IKE DH Group"
> or "Perfect Forward Secrecy"
>
> > And all i get is:
> >
> > ./vpnc: quick mode response rejected: INVALID_MESSAGE_ID
> > check pfs setting
>
> which vpnc version are you using?

I tried it with the previous version of vpnc (and without the first 3 lines in
the config) and with the same result. :(
Btw. the VPN-Infrastructure is based on a Cisco 7200 (or 7000) Router with
IOS.

cu,
nils
Trouble getting it working [ In reply to ]
matthias.jung at uni-dortmund
May 17, 2004, 11:48 AM
Post #5 of 8 (3923 views)
Permalink
Hi,
the students of computerscience at University of Dortmund should look at the
following Sheet:

http://ls7-www.informatik.uni-dortmund.de/VKInf/unterlagen0304/vpn-info-02.pdf

You can probably enter the Intranet of the FBI (FachBereich Informatik ;-) )
with vpnc. I got it working with the following vpc.conf.

IPSec gateway vpn.cs.uni-dortmund.de
IPSec ID IRB-VPN
IPSec secret enter-net

Take username and password from your marvin account.
I have not confirmed wireless access yet, but I think it should be working as
well.

Matthias

Am Montag, 17. Mai 2004 11:17 schrieb Nils Kemper:
> Hi,
>
> Am Sonntag, 16. Mai 2004 22:03 schrieb Maurice Massar:
> > hi,
> >
> > > <--------------------/etc/vpnc.conf------------------->
> > > Interface name tun0
> > > IKE DH Group dh2
> > > Perfect Forward Secrecy nopfs
> > > IPSec gateway 129.217.129.34
> > > IPSec ID vpnoutside
> > > IPSec secret hrzvpnclient
> > > <------------------------------------------------------->
> >
> > you should not need to set "Interface name", "IKE DH Group"
> > or "Perfect Forward Secrecy"
> >
> > > And all i get is:
> > >
> > > ./vpnc: quick mode response rejected: INVALID_MESSAGE_ID
> > > check pfs setting
> >
> > which vpnc version are you using?
>
> I tried it with the previous version of vpnc (and without the first 3 lines
> in the config) and with the same result. :(
> Btw. the VPN-Infrastructure is based on a Cisco 7200 (or 7000) Router with
> IOS.
>
> cu,
> nils
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel@unix-ag.uni-kl.de
> http://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/
Trouble getting it working [ In reply to ]
massar at unix-ag
May 17, 2004, 11:06 PM
Post #6 of 8 (3924 views)
Permalink
hi,

> > > > ./vpnc: quick mode response rejected: INVALID_MESSAGE_ID
> > > > check pfs setting
> > >
> > > which vpnc version are you using?
> >
> > I tried it with the previous version of vpnc (and without the first 3 lines
> > in the config) and with the same result. :(
> > Btw. the VPN-Infrastructure is based on a Cisco 7200 (or 7000) Router with
> > IOS.

Matthias, Nils or anyone else with problemes at uni-dortmun.de..

can you post a --debug 3 log?
is there a nat-gateway between you and the concentrator?
(ie. is the cisco vpnclient using nat-t or not?)

cu
maurice
Trouble getting it working [ In reply to ]
matthias.jung at uni-dortmund
May 17, 2004, 11:38 PM
Post #7 of 8 (3923 views)
Permalink
Hi,
I assume there is a nat gateway, because I was given a pcf file for the cisco
client from the IRB (Informatik RechnerBetriebsgruppe) which contained this
and many other options:

[main]
EnableNat=1

But anyway: here the Level 3 debug output:
<-----------------log begin------------------->
root@matthias:/home/matthias/downloads/vpnc-0.2-rm+zomb.1# ./vpnc /etc/vpnc2.conf
--debug 3
S1
S2
S3
using interface tun0
S4
S4.1
i_cookie: f2501652 557833be
i_nonce: 9961335c dba053ed b6c132f5 101eaa59 941b2150
S4.2
dh_public:
2c91463f f7739ca0 3536c89e 51ce16cc 57c2c271 47b20a0f 634a3fff 29818f7b
eb0cab9a 60b25cb9 46fcc681 bd404b77 9d8e3a1f 1286c393 bd9eccdd 6b717b7d
f8333c62 ea7aea79 62edaf0e 9732d371 f67384c8 1dcdc084 a599dba2 c13e5f1f
750ab294 7d02ffa4 449ebb80 ce2f2f26 a51962af 2c44bada 0111ab81 ff68967e
S4.3

sending: ========================>

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: 00000000 00000000
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 38020000
PARSING PAYLOAD type: 01
next_type: 04
length: 4c010000
sa.doi: 01000000
sa.situation: 01000000
PARSING PAYLOAD type: 02
next_type: 00
length: 40010000
p.number: 00
p.prot_id: 01
p.spi_size: 00
length: 08
p.spi:
PARSING PAYLOAD type: 03
next_type: 03
length: 28000000
t.number: 00
t.id: 01
t.attributes.type: 0e00
t.attributes.u.attr_16: 0001
t.attributes.type: 0100
t.attributes.u.attr_16: 0700
t.attributes.type: 0200
t.attributes.u.attr_16: 0200
t.attributes.type: 0300
t.attributes.u.attr_16: e9fd
t.attributes.type: 0400
t.attributes.u.attr_16: 0200
t.attributes.type: 0b00
t.attributes.u.attr_16: 0100
t.attributes.type: 0c00
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 28000000
t.number: 01
t.id: 01
t.attributes.type: 0e00
t.attributes.u.attr_16: 0001
t.attributes.type: 0100
t.attributes.u.attr_16: 0700
t.attributes.type: 0200
t.attributes.u.attr_16: 0100
t.attributes.type: 0300
t.attributes.u.attr_16: e9fd
t.attributes.type: 0400
t.attributes.u.attr_16: 0200
t.attributes.type: 0b00
t.attributes.u.attr_16: 0100
t.attributes.type: 0c00
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 28000000
t.number: 02
t.id: 01
t.attributes.type: 0e00
t.attributes.u.attr_16: c000
t.attributes.type: 0100
t.attributes.u.attr_16: 0700
t.attributes.type: 0200
t.attributes.u.attr_16: 0200
t.attributes.type: 0300
t.attributes.u.attr_16: e9fd
t.attributes.type: 0400
t.attributes.u.attr_16: 0200
t.attributes.type: 0b00
t.attributes.u.attr_16: 0100
t.attributes.type: 0c00
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 28000000
t.number: 03
t.id: 01
t.attributes.type: 0e00
t.attributes.u.attr_16: c000
t.attributes.type: 0100
t.attributes.u.attr_16: 0700
t.attributes.type: 0200
t.attributes.u.attr_16: 0100
t.attributes.type: 0300
t.attributes.u.attr_16: e9fd
t.attributes.type: 0400
t.attributes.u.attr_16: 0200
t.attributes.type: 0b00
t.attributes.u.attr_16: 0100
t.attributes.type: 0c00
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 28000000
t.number: 04
t.id: 01
t.attributes.type: 0e00
t.attributes.u.attr_16: 8000
t.attributes.type: 0100
t.attributes.u.attr_16: 0700
t.attributes.type: 0200
t.attributes.u.attr_16: 0200
t.attributes.type: 0300
t.attributes.u.attr_16: e9fd
t.attributes.type: 0400
t.attributes.u.attr_16: 0200
t.attributes.type: 0b00
t.attributes.u.attr_16: 0100
t.attributes.type: 0c00
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 28000000
t.number: 05
t.id: 01
t.attributes.type: 0e00
t.attributes.u.attr_16: 8000
t.attributes.type: 0100
t.attributes.u.attr_16: 0700
t.attributes.type: 0200
t.attributes.u.attr_16: 0100
t.attributes.type: 0300
t.attributes.u.attr_16: e9fd
t.attributes.type: 0400
t.attributes.u.attr_16: 0200
t.attributes.type: 0b00
t.attributes.u.attr_16: 0100
t.attributes.type: 0c00
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 24000000
t.number: 06
t.id: 01
t.attributes.type: 0100
t.attributes.u.attr_16: 0500
t.attributes.type: 0200
t.attributes.u.attr_16: 0200
t.attributes.type: 0300
t.attributes.u.attr_16: e9fd
t.attributes.type: 0400
t.attributes.u.attr_16: 0200
t.attributes.type: 0b00
t.attributes.u.attr_16: 0100
t.attributes.type: 0c00
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 00
length: 24000000
t.number: 07
t.id: 01
t.attributes.type: 0100
t.attributes.u.attr_16: 0500
t.attributes.type: 0200
t.attributes.u.attr_16: 0100
t.attributes.type: 0300
t.attributes.u.attr_16: e9fd
t.attributes.type: 0400
t.attributes.u.attr_16: 0200
t.attributes.type: 0b00
t.attributes.u.attr_16: 0100
t.attributes.type: 0c00
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 04
next_type: 0a
length: 84000000
ke.data:
2c91463f f7739ca0 3536c89e 51ce16cc 57c2c271 47b20a0f 634a3fff 29818f7b
eb0cab9a 60b25cb9 46fcc681 bd404b77 9d8e3a1f 1286c393 bd9eccdd 6b717b7d
f8333c62 ea7aea79 62edaf0e 9732d371 f67384c8 1dcdc084 a599dba2 c13e5f1f
750ab294 7d02ffa4 449ebb80 ce2f2f26 a51962af 2c44bada 0111ab81 ff68967e
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 0a
next_type: 05
length: 18000000
ke.data: 9961335c dba053ed b6c132f5 101eaa59 941b2150
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 0d
length: 14000000
id.type: 0b
id.protocol: 11
id.port: f401
id.data: 68727a76 706e7365 72766572
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0d
next_type: 0d
length: 0c000000
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 00
length: 14000000
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 00
PARSE_OK

exchange_type: 04
S4.4

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 01
isakmp_version: 10
exchange_type: 04
flags: 00
message_id: 00000000
len: 5c010000
PARSING PAYLOAD type: 01
next_type: 0d
length: 38000000
sa.doi: 01000000
sa.situation: 01000000
PARSING PAYLOAD type: 02
next_type: 00
length: 2c000000
p.number: 01
p.prot_id: 01
p.spi_size: 00
length: 01
p.spi:
PARSING PAYLOAD type: 03
next_type: 00
length: 24000000
t.number: 01
t.id: 01
t.attributes.type: 0100
t.attributes.u.attr_16: 0500
t.attributes.type: 0200
t.attributes.u.attr_16: 0200
t.attributes.type: 0400
t.attributes.u.attr_16: 0200
t.attributes.type: 0300
t.attributes.u.attr_16: e9fd
t.attributes.type: 0b00
t.attributes.u.attr_16: 0100
t.attributes.type: 0c00
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0d
next_type: 0d
length: 14000000
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 14000000
ke.data: afcad713 68a1f1c9 6b8696fc 77570100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 0d
length: 14000000
ke.data: 3b0abc3f 337eb5c0 ad5a01d3 28941b0e
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 0d
next_type: 04
length: 0c000000
ke.data: 09002689 dfd6b712
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 04
next_type: 05
length: 84000000
ke.data:
fd60f7ab 7e56adad d2d11bd0 63147f0d 3061fb20 27b96f7c b8063657 6259b208
1abc76c6 33d4b3e3 29ca2d97 e34701b0 539df7cd f2fd242d e3057e4c 7b86c71e
1435238f cf6a177d 2447d60f aa8c1125 0b1d5392 c4b739ed b91f03c6 9355909e
aeff5672 b7fd1a39 4bb17d79 dccaeea1 c85a2587 da609659 220866c1 87dcbd2e
DONE PARSING PAYLOAD type: 04
PARSING PAYLOAD type: 05
next_type: 0a
length: 0c000000
id.type: 01
id.protocol: 11
id.port: 0000
id.data: 81d98122
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 0a
next_type: 08
length: 18000000
ke.data: a64ff264 e17cc7ba 094c26fc 7c7e6755 4b80ace5
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 08
next_type: 00
length: 18000000
ke.data: 8bdd1492 1d9646c2 ba7a8d5a ced8543e f292300c
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 00
PARSE_OK

IKE SA selected 3des-sha1
skeyid: da27e6b9 316d417f 51706fdf b73c1420 70407296
returned_hash: 8f79bbb6 bf525da4 d8b9d886 d998720b bf619cee
dh_shared_secret:
ec5ff9ac 3ce96eb0 6a381522 c1875aa6 b30bfd57 3483ea8c e1d57732 41cc4b14
d74514e6 b033af64 ac9de163 032f63a1 9aa01030 5decbba1 4b2b21c8 0cb37a3c
4fc85f04 563192fa 8b65e457 0ecf6d13 d54c0eed 2454b5ea ad4564be 50967536
4b168b88 a0c3ee07 99035e64 8ad973ef 0fda7981 bbdd36bb 11b9c90f 8fe6e6f2
skeyid_d: 5be9bf79 0d5a66b2 4db36f5e a05590f9 f8cf0fe7
skeyid_a: b9efe0dc 2565071c f28395a4 a02bdc8f 7e578fd8
skeyid_e: 6cc8d5e6 bd041856 c8d6ad5a 279a8a95 9ff73569
enc-key: a49a9de1 d8be4013 f62e4b32 70d2b74c c1f18053 ef27b817
current_iv: e6aa6b34 76edd545
S4.5
size = 72, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 04
flags: 01
message_id: 00000000
len: 64000000
PARSING PAYLOAD type: 08
next_type: 0b
length: 18000000
ke.data: 8f79bbb6 bf525da4 d8b9d886 d998720b bf619cee
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 0d
length: 1c000000
n.doi: 01000000
n.protocol: 01
n.spi_length: 10
n.type: 0260
n.spi: f2501652 557833be cecd1b22 337fb5c0
n.data:
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 0d
next_type: 00
length: 14000000
ke.data: 12f5f28c 457168a9 702d9fe2 74cc0100
DONE PARSING PAYLOAD type: 0d
PARSING PAYLOAD type: 00
PARSE_OK

initial_iv: fb879098 7568b6b3
exchange_type: 05
S4.6
S5
S5.1
S5.2

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: 79bd6cd3
len: 64000000
PARSING PAYLOAD type: 08
next_type: 0b
length: 18000000
ke.data: 655928e7 c9a0a21f 627a9dbb ac14ed1e 3c43c1ed
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 00
length: 28000000
n.doi: 01000000
n.protocol: 01
n.spi_length: 10
n.type: 0060
n.spi: f2501652 557833be cecd1b22 337fb5c0
n.data: 800b0001 000c0004 00015180
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 20
u.hash.length: 20
expected_hash: 655928e7 c9a0a21f 627a9dbb ac14ed1e 3c43c1ed
h->u.hash.data: 655928e7 c9a0a21f 627a9dbb ac14ed1e 3c43c1ed
got responder liftime notice, ignoring..
exchange_type: 06
S5.2

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: cd007b30
len: 4c000000
PARSING PAYLOAD type: 08
next_type: 0e
length: 18000000
ke.data: 52d3d00b 49cb61d4 e4e19cfd 8abd6373 1c4ae7bd
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 10000000
modecfg.type: 01
t.id: 0000
t.attributes.type: 8940
(not dumping xauth data length)
(not dumping xauth data)
t.attributes.type: 8a40
(not dumping xauth data length)
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 20
u.hash.length: 20
expected_hash: 52d3d00b 49cb61d4 e4e19cfd 8abd6373 1c4ae7bd
h->u.hash.data: 52d3d00b 49cb61d4 e4e19cfd 8abd6373 1c4ae7bd
S5.3
S5.4
S5.5
size = 56, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: cd007b30
len: 54000000
PARSING PAYLOAD type: 08
next_type: 0e
length: 18000000
ke.data: 6c074096 1ad79d9f c9eb80d6 9b44b167 6224937a
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 20000000
modecfg.type: 02
t.id: 0000
t.attributes.type: 8a40
(not dumping xauth data length)
(not dumping xauth data)
t.attributes.type: 8940
(not dumping xauth data length)
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

exchange_type: 06
S5.2

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: ad6bbd69
len: 44000000
PARSING PAYLOAD type: 08
next_type: 0e
length: 18000000
ke.data: c4831082 9fdc4d71 747f6334 48ee6482 1f280de6
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 0c000000
modecfg.type: 03
t.id: 0000
t.attributes.type: 8f40
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 20
u.hash.length: 20
expected_hash: c4831082 9fdc4d71 747f6334 48ee6482 1f280de6
h->u.hash.data: c4831082 9fdc4d71 747f6334 48ee6482 1f280de6
S5.3
S5.6
size = 36, blksz = 8, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: ad6bbd69
len: 44000000
PARSING PAYLOAD type: 08
next_type: 0e
length: 18000000
ke.data: 1d0839d1 f552495b 6dc0476c 80507391 520241e3
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 0c000000
modecfg.type: 04
t.id: 0000
t.attributes.type: 8f40
(not dumping xauth data)
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

S5.7
S6
size = 120, blksz = 8, padding = 0

sending: ========================>

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 88d608a7
len: 94000000
PARSING PAYLOAD type: 08
next_type: 0e
length: 18000000
ke.data: b473f9cb 5ce76174 dcb685c5 e784c63e 6bf64bea
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 60000000
modecfg.type: 01
t.id: 1400
t.attributes.type: 0100
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0200
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0300
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0400
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0270
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0770
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0070
t.attributes.u.lots.length: 0000
t.attributes.u.lots.data:
t.attributes.type: 0a70
t.attributes.u.lots.length: 0800
t.attributes.u.lots.data: 6d617474 68696173
t.attributes.type: 0700
t.attributes.u.lots.length: 2c00
t.attributes.u.lots.data:
43697363 6f205379 7374656d 73205650 4e20436c 69656e74 20302e32 2d726d2b
7a6f6d62 2e313a4c 696e7578
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

exchange_type: 06

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 06
flags: 01
message_id: 88d608a7
len: 3c010000
PARSING PAYLOAD type: 08
next_type: 0e
length: 18000000
ke.data: e5ab4851 cc1ad791 3f093340 f9e3db3e 01960dfd
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0e
next_type: 00
length: 04010000
modecfg.type: 02
t.id: 1400
t.attributes.type: 0100
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 81d9997d
t.attributes.type: 0300
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 81d9812a
t.attributes.type: 0270
t.attributes.u.lots.length: 0f00
t.attributes.u.lots.data: 756e692d 646f7274 6d756e64 2e6465
t.attributes.type: 0700
t.attributes.u.lots.length: d500
t.attributes.u.lots.data:
43697363 6f20496e 7465726e 6574776f 726b204f 70657261 74696e67 20537973
74656d20 536f6674 77617265 200a494f 53202874 6d292037 32303020 536f6674
77617265 20284337 3230302d 494b3953 2d4d292c 20566572 73696f6e 2031322e
33283661 292c2052 454c4541 53452053 4f465457 41524520 28666334 290a436f
70797269 67687420 28632920 31393836 2d323030 34206279 20636973 636f2053
79737465 6d732c20 496e632e 0a436f6d 70696c65 64204672 69203032 2d417072
2d303420 31353a35 32206279 206b656c 6c797468 77
DONE PARSING PAYLOAD type: 0e
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 20
u.hash.length: 20
expected_hash: e5ab4851 cc1ad791 3f093340 f9e3db3e 01960dfd
h->u.hash.data: e5ab4851 cc1ad791 3f093340 f9e3db3e 01960dfd
Remote Application Version: Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-IK9S-M), Version 12.3(6a), RELEASE SOFTWARE
(fc4)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 02-Apr-04 15:52 by kellythw
got address 129.217.153.125
S7
S7.1
S7.2
size = 348, blksz = 8, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 20
flags: 01
message_id: 30bb2de3
len: 7c010000
PARSING PAYLOAD type: 08
next_type: 01
length: 18000000
ke.data: 07930b69 1dc2f988 5cdba029 7dc4096d 453d1472
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 01
next_type: 0a
length: 10010000
sa.doi: 01000000
sa.situation: 01000000
PARSING PAYLOAD type: 02
next_type: 00
length: 04010000
p.number: 00
p.prot_id: 03
p.spi_size: 04
length: 08
p.spi: 15df618c
PARSING PAYLOAD type: 03
next_type: 03
length: 20000000
t.number: 00
t.id: 0c
t.attributes.type: 0600
t.attributes.u.attr_16: 0001
t.attributes.type: 0400
t.attributes.u.attr_16: 0100
t.attributes.type: 0500
t.attributes.u.attr_16: 0200
t.attributes.type: 0100
t.attributes.u.attr_16: 0100
t.attributes.type: 0200
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 20000000
t.number: 01
t.id: 0c
t.attributes.type: 0600
t.attributes.u.attr_16: 0001
t.attributes.type: 0400
t.attributes.u.attr_16: 0100
t.attributes.type: 0500
t.attributes.u.attr_16: 0100
t.attributes.type: 0100
t.attributes.u.attr_16: 0100
t.attributes.type: 0200
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 20000000
t.number: 02
t.id: 0c
t.attributes.type: 0600
t.attributes.u.attr_16: c000
t.attributes.type: 0400
t.attributes.u.attr_16: 0100
t.attributes.type: 0500
t.attributes.u.attr_16: 0200
t.attributes.type: 0100
t.attributes.u.attr_16: 0100
t.attributes.type: 0200
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 20000000
t.number: 03
t.id: 0c
t.attributes.type: 0600
t.attributes.u.attr_16: c000
t.attributes.type: 0400
t.attributes.u.attr_16: 0100
t.attributes.type: 0500
t.attributes.u.attr_16: 0100
t.attributes.type: 0100
t.attributes.u.attr_16: 0100
t.attributes.type: 0200
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 20000000
t.number: 04
t.id: 0c
t.attributes.type: 0600
t.attributes.u.attr_16: 8000
t.attributes.type: 0400
t.attributes.u.attr_16: 0100
t.attributes.type: 0500
t.attributes.u.attr_16: 0200
t.attributes.type: 0100
t.attributes.u.attr_16: 0100
t.attributes.type: 0200
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 20000000
t.number: 05
t.id: 0c
t.attributes.type: 0600
t.attributes.u.attr_16: 8000
t.attributes.type: 0400
t.attributes.u.attr_16: 0100
t.attributes.type: 0500
t.attributes.u.attr_16: 0100
t.attributes.type: 0100
t.attributes.u.attr_16: 0100
t.attributes.type: 0200
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 03
length: 1c000000
t.number: 06
t.id: 03
t.attributes.type: 0400
t.attributes.u.attr_16: 0100
t.attributes.type: 0500
t.attributes.u.attr_16: 0200
t.attributes.type: 0100
t.attributes.u.attr_16: 0100
t.attributes.type: 0200
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 03
next_type: 00
length: 1c000000
t.number: 07
t.id: 03
t.attributes.type: 0400
t.attributes.u.attr_16: 0100
t.attributes.type: 0500
t.attributes.u.attr_16: 0100
t.attributes.type: 0100
t.attributes.u.attr_16: 0100
t.attributes.type: 0200
t.attributes.u.lots.length: 0400
t.attributes.u.lots.data: 0020c49b
DONE PARSING PAYLOAD type: 03
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 02
PARSING PAYLOAD type: 00
DONE PARSING PAYLOAD type: 01
PARSING PAYLOAD type: 0a
next_type: 05
length: 18000000
ke.data: 7d43b92a cd7a07e0 2f0e9ef0 b4cc4221 55d3f4f3
DONE PARSING PAYLOAD type: 0a
PARSING PAYLOAD type: 05
next_type: 05
length: 0c000000
id.type: 01
id.protocol: 00
id.port: 0000
id.data: 81d9997d
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 05
next_type: 00
length: 10000000
id.type: 04
id.protocol: 00
id.port: 0000
id.data: 00000000 00000000
DONE PARSING PAYLOAD type: 05
PARSING PAYLOAD type: 00
PARSE_OK

exchange_type: 05
S7.3

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: 8c672a0f
len: 5c010000
PARSING PAYLOAD type: 08
next_type: 0b
length: 18000000
ke.data: c6e54ce9 ac80952d d034cad4 0b711911 0ccc800d
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 00
length: 20010000
n.doi: 01000000
n.protocol: 03
n.spi_length: 04
n.type: 0e00
n.spi: 15df618c
n.data:
0a000110 00000001 00000001 00000000 658d191c 00000000 6587452c 61ca2f98
453d1472 00000160 01000018 000001f4 01000014 63d92998 6587452c 658d18e8
6578c7cc 00000001 00000000 657e6cd4 658c8028 000001f4 61cc2184 61cc2064
658c8028 0098967e e32dbb30 63d92970 e32dbb30 00000000 01000000 ffffffff
658c8004 62c40000 00000000 00000000 00000000 6316e694 63d929e0 63d929dc
6316e608 00000000 00000000 61cc1ab8 658d191c 658c8028 6578ca00 62994c70
658c8028 6578c7cc 00000001 0000000c 61e1d644 63d929e0 6299499c 60765914
61cc1ab8 0000008c 00000001 6587452c 6587452c 61cc2cf8 6587452c 0f002cac
658c8028 6587452c 658c8028 00000001
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

hashlen: 20
u.hash.length: 20
expected_hash: 0fca58df 450eff1c 6ef7ff22 6b501198 c87ba742
h->u.hash.data: c6e54ce9 ac80952d d034cad4 0b711911 0ccc800d
S7.4
S7.5


---!!!!!!!!! entering phase2_fatal !!!!!!!!!---


size = 36, blksz = 8, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: 6a9afd37
len: 44000000
PARSING PAYLOAD type: 08
next_type: 0b
length: 18000000
ke.data: fb41d270 79a42c4f 9f0492ce 6b4012fd c091a854
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0b
next_type: 00
length: 0c000000
n.doi: 01000000
n.protocol: 01
n.spi_length: 00
n.type: 0900
n.spi:
n.data:
DONE PARSING PAYLOAD type: 0b
PARSING PAYLOAD type: 00
PARSE_OK

size = 52, blksz = 8, padding = 4

sending: ========================>

BEGIN_PARSE
i_cookie: f2501652 557833be
r_cookie: cecd1b22 337fb5c0
payload: 08
isakmp_version: 10
exchange_type: 05
flags: 01
message_id: 06fdd657
len: 54000000
PARSING PAYLOAD type: 08
next_type: 0c
length: 18000000
ke.data: c77d92e6 7e5da181 88fb6840 8e2b85b4 51dbc4ce
DONE PARSING PAYLOAD type: 08
PARSING PAYLOAD type: 0c
next_type: 00
length: 1c000000
n.doi: 01
n.protocol: 01
n.spi_length: 10
d.num_spi: 0100
d.spi: f2501652 557833be cecd1b22 337fb5c0
DONE PARSING PAYLOAD type: 0c
PARSING PAYLOAD type: 00
PARSE_OK

./vpnc: quick mode response rejected: INVALID_MESSAGE_ID
check pfs setting
<-----------------log end--------------------->


Matthias

Am Montag, 17. Mai 2004 23:06 schrieb Maurice Massar:
> hi,
>
> > > > > ./vpnc: quick mode response rejected: INVALID_MESSAGE_ID
> > > > > check pfs setting
> > > >
> > > > which vpnc version are you using?
> > >
> > > I tried it with the previous version of vpnc (and without the first 3
> > > lines in the config) and with the same result. :(
> > > Btw. the VPN-Infrastructure is based on a Cisco 7200 (or 7000) Router
> > > with IOS.
>
> Matthias, Nils or anyone else with problemes at uni-dortmun.de..
>
> can you post a --debug 3 log?
> is there a nat-gateway between you and the concentrator?
> (ie. is the cisco vpnclient using nat-t or not?)
>
> cu
> maurice
> _______________________________________________
> vpnc-devel mailing list
> vpnc-devel@unix-ag.uni-kl.de
> http://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
> http://www.unix-ag.uni-kl.de/~massar/vpnc/
Trouble getting it working [ In reply to ]
massar at unix-ag
May 17, 2004, 11:53 PM
Post #8 of 8 (3917 views)
Permalink
hi,

> I assume there is a nat gateway, because I was given a pcf file for the cisco
> client from the IRB (Informatik RechnerBetriebsgruppe) which contained this
> and many other options:
>
> [main]
> EnableNat=1

this only means that vpnclient enables support for NAT,
but it tells you nothing about if there actually is a NAT-gw..

> S7.3
>
> BEGIN_PARSE
> i_cookie: f2501652 557833be
> r_cookie: cecd1b22 337fb5c0
> payload: 08
> isakmp_version: 10
> exchange_type: 05
> flags: 01
> message_id: 8c672a0f
> len: 5c010000
> PARSING PAYLOAD type: 08
> next_type: 0b
> length: 18000000
> ke.data: c6e54ce9 ac80952d d034cad4 0b711911 0ccc800d
> DONE PARSING PAYLOAD type: 08
> PARSING PAYLOAD type: 0b
> next_type: 00
> length: 20010000
> n.doi: 01000000
> n.protocol: 03
> n.spi_length: 04
> n.type: 0e00
> n.spi: 15df618c
> n.data:
> 0a000110 00000001 00000001 00000000 658d191c 00000000 6587452c 61ca2f98
> 453d1472 00000160 01000018 000001f4 01000014 63d92998 6587452c 658d18e8
> 6578c7cc 00000001 00000000 657e6cd4 658c8028 000001f4 61cc2184 61cc2064
> 658c8028 0098967e e32dbb30 63d92970 e32dbb30 00000000 01000000 ffffffff
> 658c8004 62c40000 00000000 00000000 00000000 6316e694 63d929e0 63d929dc
> 6316e608 00000000 00000000 61cc1ab8 658d191c 658c8028 6578ca00 62994c70
> 658c8028 6578c7cc 00000001 0000000c 61e1d644 63d929e0 6299499c 60765914
> 61cc1ab8 0000008c 00000001 6587452c 6587452c 61cc2cf8 6587452c 0f002cac
> 658c8028 6587452c 658c8028 00000001
> DONE PARSING PAYLOAD type: 0b
> PARSING PAYLOAD type: 00
> PARSE_OK

this is a ISAKMP notice NO_PROPOSAL_CHOOSEN,
which means that the concentrator did not like any
of the IPsec SA proposal vpnc send.

http://www.unix-ag.uni-kl.de/~massar/vpnc/docs/cisco-log-procedure.txt

if you make a debug log with the cisco client (with EnableNat=1), it
outputs something like this somewhere:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
if you have a smart nat-device and/or are the only person behind this
nat-device doing ipsec you might succeed to connect with plain IP-ESP,
otherwhise the connection will probably fail...

if you known that there is no nat-device between you and the concentrator
(and this is something you should known) then try and see if you can
connect with ciscos vpnclient using EnableNat=0. If this succeeds
please send me a log from the cisco client...

hmm... but I wonder why the concentrator rejects the connection
attemp if it doesn't know at all if there is any nat-device between
the peers...

cu
maurice

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal