ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : Andrew Lutov 2:5000/26 23 Dec 2005 14:39:47
To : Alexey Popov
Subject : Re: IpSec (racoon) и WinXP
--------------------------------------------------------------------------------
Hello, Alexey!
??>>>> на новые ключи, один из старых ключей (на стороне FreeBSD от WinXP)
??>>>> "залипает" и канал перестает функционировать до следующего обмена
??>>>> ключами (в данном случае стоит минимум - 300 секунд).
??>>
AP>>> echo net.key.preferred_oldsa=0 >> /etc/sysctl.conf
??>>
??>> Hа самом деле net.key.prefered_oldsa :)
AP> gateway# sysctl -a | grep prefer
AP> net.key.preferred_oldsa: 0
AP> gateway#
%sysctl -a | grep key
...
net.key.prefered_oldsa: 0
Это на 4.11R/
??>> Hе помогло :(
AP> А что говорит racoon?
Hепосредственно до и в момент перехода на новый ключ (после чего все
заканччивается):
2005-12-23 13:36:39: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey
X_SPDEXPIRE message
2005-12-23 13:36:39: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbfbff928:
8.1.5.181/32[0] 8.1.5.201/32[0] proto=icmp dir=in
2005-12-23 13:36:39: DEBUG: policy.c:185:cmpspidxstrict(): db :0x809ce08:
8.1.5.181/32[0] 8.1.5.201/32[0] proto=icmp dir=in
2005-12-23 13:36:39: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey
X_SPDEXPIRE message
2005-12-23 13:36:39: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbfbff928:
8.1.5.201/32[0] 8.1.5.181/32[0] proto=icmp dir=out
2005-12-23 13:36:39: DEBUG: policy.c:185:cmpspidxstrict(): db :0x80a5208:
8.1.5.201/32[0] 8.1.5.181/32[0] proto=icmp dir=out
2005-12-23 13:36:40: DEBUG: isakmp.c:233:isakmp_handler(): ===
2005-12-23 13:36:40: DEBUG: isakmp.c:234:isakmp_handler(): 84 bytes message
received from 8.1.5.181[500]
2005-12-23 13:36:40: DEBUG: plog.c:193:plogdump():
111fa4ca 23e681ec 4abb6a60 9e2c1ae9 08100501 fb2c86c4 00000054 baf14905
2488d376 3c037401 dac17132 708fba6f b495906b a4a8760f 82cc9372 8235c98b
a5997eae f4d0cf28 51305a24 f2d5b89d 9b7f282d
2005-12-23 13:36:40: DEBUG: isakmp_inf.c:115:isakmp_info_recv(): receive
Information.
2005-12-23 13:36:40: DEBUG: oakley.c:2608:oakley_newiv2(): compute IV for
phase2
2005-12-23 13:36:40: DEBUG: oakley.c:2609:oakley_newiv2(): phase1 last IV:
2005-12-23 13:36:40: DEBUG: plog.c:193:plogdump():
19f3ae6f 644b8577 fb2c86c4
2005-12-23 13:36:40: DEBUG: algorithm.c:256:alg_oakley_hashdef(): hash(sha1)
2005-12-23 13:36:40: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2005-12-23 13:36:40: DEBUG: oakley.c:2641:oakley_newiv2(): phase2 IV
computed:
2005-12-23 13:36:40: DEBUG: plog.c:193:plogdump():
1950f6e9 e2845642
2005-12-23 13:36:40: DEBUG: oakley.c:2684:oakley_do_decrypt(): begin
decryption.
2005-12-23 13:36:40: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2005-12-23 13:36:40: DEBUG: oakley.c:2698:oakley_do_decrypt(): IV was saved
for next processing:
2005-12-23 13:36:40: DEBUG: plog.c:193:plogdump():
2005-12-23 13:36:39: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey
X_SPDEXPIRE message
2005-12-23 13:36:40: DEBUG: algorithm.c:386:alg_oakley_encdef():
encription(3des)
2005-12-23 13:36:40: DEBUG: oakley.c:2723:oakley_do_decrypt(): with key:
2005-12-23 13:36:40: DEBUG: plog.c:193:plogdump():
8db98dc3 866e4e0c e69934a6 56102a8a 0d639fc6 b37aa36b
2005-12-23 13:36:40: DEBUG: oakley.c:2731:oakley_do_decrypt(): decrypted
payload by IV:
2005-12-23 13:36:40: DEBUG: plog.c:193:plogdump():
f2d5b89d 9b7f282d
2005-12-23 13:36:40: DEBUG: oakley.c:2734:oakley_do_decrypt(): decrypted
payload, but not trimed.
2005-12-23 13:36:40: DEBUG: plog.c:193:plogdump():
0c000018 43b4fda2 73d5ab0f 99faff56 5c55780f 86cc60ea 0000001c 00000001
01100001 111fa4ca 23e681ec 4abb6a60 9e2c1ae9 00000000
2005-12-23 13:36:40: DEBUG: oakley.c:2743:oakley_do_decrypt(): padding len=0
2005-12-23 13:36:40: DEBUG: oakley.c:2757:oakley_do_decrypt(): skip to trim
padding.
2005-12-23 13:36:40: DEBUG: oakley.c:2772:oakley_do_decrypt(): decrypted.
2005-12-23 13:36:40: DEBUG: plog.c:193:plogdump():
111fa4ca 23e681ec 4abb6a60 9e2c1ae9 08100501 fb2c86c4 00000054 0c000018
43b4fda2 73d5ab0f 99faff56 5c55780f 86cc60ea 0000001c 00000001 01100001
111fa4ca 23e681ec 4abb6a60 9e2c1ae9 00000000
2005-12-23 13:36:40: DEBUG: oakley.c:806:oakley_compute_hash1(): HASH with:
2005-12-23 13:36:40: DEBUG: plog.c:193:plogdump():
fb2c86c4 0000001c 00000001 01100001 111fa4ca 23e681ec 4abb6a60 9e2c1ae9
2005-12-23 13:36:40: DEBUG: algorithm.c:326:alg_oakley_hmacdef():
hmac(hmac_sha1)
2005-12-23 13:36:40: DEBUG: oakley.c:816:oakley_compute_hash1(): HASH
computed:
2005-12-23 13:36:40: DEBUG: plog.c:193:plogdump():
43b4fda2 73d5ab0f 99faff56 5c55780f 86cc60ea
2005-12-23 13:36:40: DEBUG: isakmp_inf.c:207:isakmp_info_recv(): hash
validated.
2005-12-23 13:36:40: DEBUG: isakmp.c:1122:isakmp_parsewoh(): begin.
2005-12-23 13:36:40: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=8(hash)
2005-12-23 13:36:40: DEBUG: isakmp.c:1149:isakmp_parsewoh(): seen
nptype=12(delete)
2005-12-23 13:36:40: DEBUG: isakmp.c:1188:isakmp_parsewoh(): succeed.
2005-12-23 13:36:40: INFO: isakmp_inf.c:890:purge_isakmp_spi(): purged
ISAKMP-SA proto_id=ISAKMP spi
=111fa4ca23e681ec:4abb6a609e2c1ae9.
2005-12-23 13:36:40: DEBUG: isakmp_inf.c:1316:isakmp_info_recv_d(): purged
SAs.
2005-12-23 13:36:41: INFO: isakmp.c:1574:isakmp_ph1delete(): ISAKMP-SA
deleted 8.1.5.201[500]-8.1.5.181[500] spi:111fa4ca23e681ec:4abb6a609e2c1ae9
--
А5 увидимся е2 ли
--- ifmail v.2.14.os-p7
* Origin: Garant-Siberia fidonet station (2:5000/26@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
Re: IpSec (racoon) и WinXP |
Andrew Lutov |
23 Dec 2005 14:39:47 |
|
|
