Ipsec to Sonicwall, what does this message mean?
Norberto Meijome
freebsd at meijome.net
Mon Jan 1 09:15:31 PST 2007
Hi all,
I'm trying to connect to a Sonicwall TZ170 (I believe), from my FBSD
6.2-Prerelease. I have a username, password and PSK (ie, Xauth PSK) from the
SonicW's admin (who refuses to provide any help for non MS OS :-) ).
I've installed ipsec-tools-0.6.6 because I believe (wrongly?) that ipsec in
the base system doesn't support xauth ... is this correct?
Anyway, I configured racoon.cfg and psk.txt to the best of my current
abilities. I then get:
# racoonctl vpn-connect SONICW_IP_ADDRESS
Error: Peer not responding
It seems my side is receiving a packet with DOI type 0 (as per wireshark, whatever that means...)... and racoon complains with;
Jan 2 03:28:18 ayiin racoon: ERROR: reject the packet, received unexpecting payload type 0.
(complete log after my signature at end of this mail)
I'd love any help that will help me understand what am I doing wrong. I can't see *WHY* I wouldn't be able to connect to this Sonic, other than a problem between the chair and the keyboard :) Alternative ways of doing this same thing with other packages / base tools are greatly appreciated.
thanks in advance!!!
B
Configuration gory details:
192.168.13.3 is my laptop's IP. hostname is ayiin. I have UDP/500 port forwarded to this machine, and my local firewall is open for this traffic (udp/500 from SOCNIW_IP_ADDRESS)
my racoon.conf is:
---
path include "@sysconfdir_x@/racoon";
path pre_shared_key "@sysconfdir_x@/racoon/psk.txt";
log debug;
# Specify various default timers.
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per send.
# maximum time to wait for completing each phase.
phase1 30 sec;
phase2 15 sec;
}
remote SONICW_IP_ADDRESS
{
lifetime time 1 hour;
exchange_mode main, aggressive;
#ca_type x509 "ca.crt";
proposal_check obey;
mode_cfg on; # accept config through ISAKMP mode config
dpd_delay 20;
# nat_traversal force;
ike_frag on;
# esp_frag 552;
#script "/etc/racoon/phase1-up.sh" phase1_up;
#script "/etc/racoon/phase1-down.sh" phase1_down;
passive off;
xauth_login "beto";
proposal {
encryption_algorithm aes;
hash_algorithm sha1;
authentication_method hybrid_rsa_client;
dh_group 2;
}
}
sainfo anonymous {
lifetime time 1 hour;
encryption_algorithm aes;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
-------
my psk.txt has:
-----
## Host to connect , PSK to use
SONICW_IP_ADDRESS PSK_TO_SONIC
## XAuth bit
beto My_MagicPassword
----
My kern conf includes:
## IPSEC VPNs
options IPSEC
options IPSEC_ESP
ipsec-tools options are :
_OPTIONS_READ=ipsec-tools-0.6.6
WITH_DEBUG=true
WITH_IPV6=true
WITH_ADMINPORT=true
WITH_STATS=true
WITH_DPD=true
WITH_NATT=true
WITHOUT_NATTF=true
WITH_FRAG=true
WITH_HYBRID=true
WITH_PAM=true
WITH_GSSAPI=true
WITH_RADIUS=true
WITH_SAUNSPEC=true
WITHOUT_RC5=true
WITHOUT_IDEA=true
but I didn't apply the NAT-T kernel patch (yet).
_________________________
{Beto|Norberto|Numard} Meijome
What you are afraid to do is a clear indicator of the next thing you need to do.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
In the log file, I get : (apologies for wrapping)..
---
Jan 2 03:28:18 ayiin racoon: DEBUG: configuration found for SONICW_IP_ADDRESS.
Jan 2 03:28:18 ayiin racoon: INFO: accept a request to establish IKE-SA: SONICW_IP_ADDRESS
Jan 2 03:28:18 ayiin racoon: DEBUG: ===
Jan 2 03:28:18 ayiin racoon: INFO: initiate new phase 1 negotiation: 192.168.13.3[500]<=>SONICW_IP_ADDRESS[500]
Jan 2 03:28:18 ayiin racoon: INFO: begin Identity Protection mode.
Jan 2 03:28:18 ayiin racoon: DEBUG: new cookie: 6b685b8598c46c46
Jan 2 03:28:18 ayiin racoon: DEBUG: add payload of len 52, next type 13
Jan 2 03:28:18 ayiin racoon: DEBUG: add payload of len 16, next type 0
Jan 2 03:28:18 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to SONICW_IP_ADDRESS[500]
Jan 2 03:28:18 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan 2 03:28:18 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan 2 03:28:18 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan 2 03:28:18 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent to SONICW_IP_ADDRESS[500]
Jan 2 03:28:18 ayiin racoon: DEBUG: 6b685b85 98c46c46 00000000 00000000 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan 2 03:28:18 ayiin racoon: DEBUG: resend phase1 packet 6b685b8598c46c46:0000000000000000
Jan 2 03:28:18 ayiin racoon: phase1(ident I msg1): 0.000436
Jan 2 03:28:18 ayiin racoon: DEBUG: ===
Jan 2 03:28:18 ayiin racoon: DEBUG: 92 bytes message received from SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan 2 03:28:18 ayiin racoon: DEBUG: 6b685b85 98c46c46 04297297 6865ef0c 0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 04297297 6865ef0c 00060004 00000000 00040018 0000004e 6f207072 6f706f73 616c2069 73206368 6f73656e
Jan 2 03:28:18 ayiin racoon: DEBUG: receive Information.
Jan 2 03:28:18 ayiin racoon: ERROR: reject the packet, received unexpecting payload type 0.
Jan 2 03:28:38 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to SONICW_IP_ADDRESS[500]
Jan 2 03:28:38 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan 2 03:28:38 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan 2 03:28:38 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan 2 03:28:38 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent to SONICW_IP_ADDRESS[500]
Jan 2 03:28:38 ayiin racoon: DEBUG: 6b685b85 98c46c46 00000000 00000000 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan 2 03:28:38 ayiin racoon: DEBUG: resend phase1 packet 6b685b8598c46c46:0000000000000000
Jan 2 03:28:38 ayiin racoon: DEBUG: ===
Jan 2 03:28:38 ayiin racoon: DEBUG: 92 bytes message received from SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan 2 03:28:38 ayiin racoon: DEBUG: 6b685b85 98c46c46 46bfd899 6661a528 0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 46bfd899 6661a528 00060004 00000000 00040018 0000004e 6f207072 6f706f73 616c2069 73206368 6f73656e
Jan 2 03:28:38 ayiin racoon: DEBUG: receive Information.
Jan 2 03:28:38 ayiin racoon: ERROR: reject the packet, received unexpecting payload type 0.
Jan 2 03:28:58 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to SONICW_IP_ADDRESS[500]
Jan 2 03:28:58 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan 2 03:28:58 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan 2 03:28:58 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan 2 03:28:58 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent to SONICW_IP_ADDRESS[500]
Jan 2 03:28:58 ayiin racoon: DEBUG: 6b685b85 98c46c46 00000000 00000000 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan 2 03:28:58 ayiin racoon: DEBUG: resend phase1 packet 6b685b8598c46c46:0000000000000000
Jan 2 03:28:58 ayiin racoon: DEBUG: ===
Jan 2 03:28:58 ayiin racoon: DEBUG: 92 bytes message received from SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan 2 03:28:58 ayiin racoon: DEBUG: 6b685b85 98c46c46 188529ff 8727ef75 0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 188529ff 8727ef75 00060004 00000000 00040018 0000004e 6f207072 6f706f73 616c2069 73206368 6f73656e
Jan 2 03:28:58 ayiin racoon: DEBUG: receive Information.
Jan 2 03:28:58 ayiin racoon: ERROR: reject the packet, received unexpecting payload type 0.
Jan 2 03:29:09 ayiin racoon: DEBUG: caught rtm:14, need update interface address list
Jan 2 03:29:14 ayiin racoon: DEBUG: my interface: 192.168.13.3 (iwi0)
Jan 2 03:29:14 ayiin racoon: DEBUG: my interface: 127.0.0.1 (lo0)
Jan 2 03:29:14 ayiin racoon: DEBUG: configuring default isakmp port.
Jan 2 03:29:14 ayiin racoon: DEBUG: 2 addrs are configured successfully
Jan 2 03:29:14 ayiin racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=9)
Jan 2 03:29:14 ayiin racoon: INFO: 192.168.13.3[500] used as isakmp port (fd=10)
Jan 2 03:29:18 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to SONICW_IP_ADDRESS[500]
Jan 2 03:29:18 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan 2 03:29:18 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan 2 03:29:18 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan 2 03:29:18 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent to SONICW_IP_ADDRESS[500]
Jan 2 03:29:18 ayiin racoon: DEBUG: 6b685b85 98c46c46 00000000 00000000 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan 2 03:29:18 ayiin racoon: DEBUG: resend phase1 packet 6b685b8598c46c46:0000000000000000
Jan 2 03:29:18 ayiin racoon: DEBUG: ===
Jan 2 03:29:18 ayiin racoon: DEBUG: 92 bytes message received from SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan 2 03:29:18 ayiin racoon: DEBUG: 6b685b85 98c46c46 2d182ee5 3f0644a6 0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 2d182ee5 3f0644a6 00060004 00000000 00040018 0000004e 6f207072 6f706f73 616c2069 73206368 6f73656e
Jan 2 03:29:18 ayiin racoon: DEBUG: receive Information.
Jan 2 03:29:18 ayiin racoon: ERROR: reject the packet, received unexpecting payload type 0.
Jan 2 03:29:38 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to SONICW_IP_ADDRESS[500]
Jan 2 03:29:38 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan 2 03:29:38 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan 2 03:29:38 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan 2 03:29:38 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent to SONICW_IP_ADDRESS[500]
Jan 2 03:29:38 ayiin racoon: DEBUG: 6b685b85 98c46c46 00000000 00000000 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan 2 03:29:38 ayiin racoon: DEBUG: resend phase1 packet 6b685b8598c46c46:0000000000000000
Jan 2 03:29:38 ayiin racoon: DEBUG: ===
Jan 2 03:29:38 ayiin racoon: DEBUG: 92 bytes message received from SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan 2 03:29:38 ayiin racoon: DEBUG: 6b685b85 98c46c46 dfb5fdc4 ec605c45 0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 dfb5fdc4 ec605c45 00060004 00000000 00040018 0000004e 6f207072 6f706f73 616c2069 73206368 6f73656e
Jan 2 03:29:38 ayiin racoon: DEBUG: receive Information.
Jan 2 03:29:38 ayiin racoon: ERROR: reject the packet, received unexpecting payload type 0.
Jan 2 03:29:58 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to SONICW_IP_ADDRESS[500]
Jan 2 03:29:58 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan 2 03:29:58 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan 2 03:29:58 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan 2 03:29:58 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent to SONICW_IP_ADDRESS[500]
Jan 2 03:29:58 ayiin racoon: DEBUG: 6b685b85 98c46c46 00000000 00000000 01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan 2 03:29:58 ayiin racoon: DEBUG: resend phase1 packet 6b685b8598c46c46:0000000000000000
Jan 2 03:29:58 ayiin racoon: DEBUG: ===
Jan 2 03:29:58 ayiin racoon: DEBUG: 92 bytes message received from SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan 2 03:29:58 ayiin racoon: DEBUG: 6b685b85 98c46c46 a44efcf5 7e944979 0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 a44efcf5 7e944979 00060004 00000000 00040018 0000004e 6f207072 6f706f73 616c2069 73206368 6f73656e
Jan 2 03:29:58 ayiin racoon: DEBUG: receive Information.
Jan 2 03:29:58 ayiin racoon: ERROR: reject the packet, received unexpecting payload type 0.
Jan 2 03:30:15 ayiin racoon: DEBUG: caught rtm:14, need update interface address list
Jan 2 03:30:18 ayiin racoon: ERROR: phase1 negotiation failed due to time up. 6b685b8598c46c46:0000000000000000
Jan 2 03:30:20 ayiin racoon: DEBUG: my interface: 192.168.13.3 (iwi0)
Jan 2 03:30:20 ayiin racoon: DEBUG: my interface: 127.0.0.1 (lo0)
Jan 2 03:30:20 ayiin racoon: DEBUG: configuring default isakmp port.
Jan 2 03:30:20 ayiin racoon: DEBUG: 2 addrs are configured successfully
Jan 2 03:30:20 ayiin racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=9)
Jan 2 03:30:20 ayiin racoon: INFO: 192.168.13.3[500] used as isakmp port (fd=10)
More information about the freebsd-questions
mailing list