[Swan-dev] iphone ios8 gets xauth request before isakmp is established
Wolfgang Nothdurft
wolfgang at linogate.de
Fri Dec 12 16:11:03 EET 2014
Am 09.12.2014 um 17:33 schrieb Paul Wouters:
> On Fri, 5 Dec 2014, Wolfgang Nothdurft wrote:
>
> [Wolfgang confirmed this still happens with 3.12]
>
>> The same connection works from one net without problems, but if trying
>> from another net, the connection can't be established.
>>
>> After examine the log, the problem seems to be that the iphone get the
>> xauth login request before finishing phase one.
>
> Must be related to packet size? I thought telco's did in-order delivery :P
With udp its difficult to keep an order, also the delayed packet is 58
bytes. (see attached log)
>
>> Dec 5 13:10:58 iPad-von-roe racoon[455] <Error>: mode config 6 from
>> xxx.x.xx.xxx[4500], but ISAKMP-SA 23dc52d8e2241e77:1ce13e6f0962d19e
>> isn't established.
>> Dec 5 13:10:58 iPad-von-roe racoon[455] <Notice>: IPSec Phase 1
>> established (Initiated by me).
>>
>> See attached logs from both sides.
>>
>> A quick and dirty workaround was putting a delay before
>> xauth_send_request.
>>
>> See attached patch.
>
> I guess ideally, this should be scheduled as a new EVENT .5 seconds in
> the future. That way pluto does not mindlessly block. Currently we only
> allow 1s precicion, so it would be 1s. And we would need a new state
> for this and a state machine entry.
>
I now have reproduced this behaviour with libreswan as xauth client and
server. (see attached logs)
In my test I have used a netbook with libreswan 3.8 using a mobile phone
for a hotspot internet connection.
As server I used our company firewall with a sdsl connection.
To force the packet reordering I stressed the sdsl connection with a
permanent data transfer.
Libreswan logs the wrong packet
Dec 12 13:45:17 travelmate pluto[21810]: "android" #1: Mode Config
message is unacceptable because it is for an incomplete ISAKMP SA
(state=STATE_MAIN_I3)
but gets the retransmitted packet ~30 seconds later
Dec 12 13:45:46 travelmate pluto[21810]: | Received Cisco XAUTH username
Dec 12 13:45:46 travelmate pluto[21810]: | Received Cisco XAUTH password
Regarding the iphone log from my first mail, the iphone nesessionmanager
closes the connection after 29 seconds.
> Dec 5 13:10:58 iPad-von-roe racoon[455] <Error>: mode config 6 from xxx.x.xx.xxx[4500], but ISAKMP-SA 23dc52d8e2241e77:1ce13e6f0962d19e isn't established.
> Dec 5 13:10:58 iPad-von-roe racoon[455] <Notice>: IPSec Phase 1 established (Initiated by me).
> Dec 5 13:11:27 iPad-von-roe nesessionmanager[191] <Notice>: NESMLegacySession[SX-GATE IPSec VPN xxx.x.xx.xxx:XXXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX]: status changed to disconnecting
So I think the problem can also be solved, if the retransmit for the
xauth password request were reduced to 10 or 20 seconds.
snippet from ikev1_xauth.c (xauth_send_request):
795 event_schedule(EVENT_v1_RETRANSMIT,
EVENT_RETRANSMIT_DELAY_0 * 3,
796 st);
Because its friday afternoon here, I will test this next week ;)
Wolfgang
-------------- next part --------------
No. Time Source Destination Protocol Length Info
1 14:01:39.695339 192.168.43.227 213.179.141.14 ISAKMP 442 Identity Protection (Main Mode)
Frame 1: 442 bytes on wire (3536 bits), 442 bytes captured (3536 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
2 14:01:40.362479 213.179.141.14 192.168.43.227 ISAKMP 198 Identity Protection (Main Mode)
Frame 2: 198 bytes on wire (1584 bits), 198 bytes captured (1584 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
3 14:01:40.364102 192.168.43.227 213.179.141.14 ISAKMP 334 Identity Protection (Main Mode)
Frame 3: 334 bytes on wire (2672 bits), 334 bytes captured (2672 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
4 14:01:40.468881 213.179.141.14 192.168.43.227 ISAKMP 758 Identity Protection (Main Mode)
Frame 4: 758 bytes on wire (6064 bits), 758 bytes captured (6064 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
5 14:01:40.503723 192.168.43.227 213.179.141.14 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=c49d)
Frame 5: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
Data (1480 bytes)
0000 11 94 11 94 09 d8 0d 67 00 00 00 00 7c 32 e5 67 .......g....|2.g
0010 7e 95 30 0d fc 1f 96 8b a1 0f 69 9a 05 10 02 01 ~.0.......i.....
....
05b0 10 62 9e 27 23 17 47 ab 5e 20 ed 0f be c0 ad 99 .b.'#.G.^ ......
05c0 2f 88 ab 75 72 b0 ac 22 /..ur.."
No. Time Source Destination Protocol Length Info
6 14:01:40.719307 213.179.141.14 192.168.43.227 IPv4 58 Fragmented IP protocol (proto=UDP 17, off=0, ID=a72d)
Frame 6: 58 bytes on wire (464 bits), 58 bytes captured (464 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
Data (24 bytes)
0000 11 94 11 94 08 48 ab 6d 00 00 00 00 7c 32 e5 67 .....H.m....|2.g
0010 7e 95 30 0d fc 1f 96 8b ~.0.....
No. Time Source Destination Protocol Length Info
7 14:01:40.719943 213.179.141.14 192.168.43.227 ISAKMP 122 Transaction (Config Mode)
Frame 7: 122 bytes on wire (976 bits), 122 bytes captured (976 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
8 14:01:44.939134 192.168.43.227 213.179.141.14 ISAKMP 138 Transaction (Config Mode)
Frame 8: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
9 14:01:45.017812 213.179.141.14 192.168.43.227 ISAKMP 122 Transaction (Config Mode)
Frame 9: 122 bytes on wire (976 bits), 122 bytes captured (976 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
10 14:01:45.018188 192.168.43.227 213.179.141.14 ISAKMP 122 Transaction (Config Mode)
Frame 10: 122 bytes on wire (976 bits), 122 bytes captured (976 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
11 14:01:45.018386 192.168.43.227 213.179.141.14 ISAKMP 138 Transaction (Config Mode)
Frame 11: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
12 14:01:45.117692 213.179.141.14 192.168.43.227 ISAKMP 138 Transaction (Config Mode)
Frame 12: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
13 14:01:45.118723 192.168.43.227 213.179.141.14 ISAKMP 282 Quick Mode
Frame 13: 282 bytes on wire (2256 bits), 282 bytes captured (2256 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
14 14:01:45.196960 213.179.141.14 192.168.43.227 ISAKMP 202 Quick Mode
Frame 14: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
15 14:01:45.270120 192.168.43.227 213.179.141.14 ISAKMP 106 Quick Mode
Frame 15: 106 bytes on wire (848 bits), 106 bytes captured (848 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
16 14:01:46.868938 192.168.43.227 213.179.141.14 ISAKMP 122 Informational
Frame 16: 122 bytes on wire (976 bits), 122 bytes captured (976 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
17 14:01:46.886800 192.168.43.227 213.179.141.14 ISAKMP 138 Informational
Frame 17: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
18 14:01:46.928992 213.179.141.14 192.168.43.227 ISAKMP 122 Informational
Frame 18: 122 bytes on wire (976 bits), 122 bytes captured (976 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
19 14:01:46.975014 213.179.141.14 192.168.43.227 ISAKMP 138 Informational
Frame 19: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
-------------- next part --------------
No. Time Source Destination Protocol Length Info
1 13:45:11.580336 192.168.43.227 213.179.141.14 ISAKMP 442 Identity Protection (Main Mode)
Frame 1: 442 bytes on wire (3536 bits), 442 bytes captured (3536 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
2 13:45:13.617943 213.179.141.14 192.168.43.227 ISAKMP 198 Identity Protection (Main Mode)
Frame 2: 198 bytes on wire (1584 bits), 198 bytes captured (1584 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
3 13:45:13.619531 192.168.43.227 213.179.141.14 ISAKMP 334 Identity Protection (Main Mode)
Frame 3: 334 bytes on wire (2672 bits), 334 bytes captured (2672 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
4 13:45:15.836928 213.179.141.14 192.168.43.227 ISAKMP 758 Identity Protection (Main Mode)
Frame 4: 758 bytes on wire (6064 bits), 758 bytes captured (6064 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500)
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
5 13:45:15.871573 192.168.43.227 213.179.141.14 IPv4 1514 Fragmented IP protocol (proto=UDP 17, off=0, ID=785a)
Frame 5: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
Data (1480 bytes)
0000 11 94 11 94 09 d8 20 cf 00 00 00 00 ee 47 d7 66 ...... ......G.f
0010 f5 f9 74 96 3d bf d6 cd 59 29 b3 59 05 10 02 01 ..t.=...Y).Y....
....
05b0 fe 09 1e 06 d2 2c 2d 58 df 08 6e 21 83 f7 7b 65 .....,-X..n!..{e
05c0 d2 cb b2 01 52 a0 33 78 ....R.3x
No. Time Source Destination Protocol Length Info
6 13:45:17.186782 213.179.141.14 192.168.43.227 ISAKMP 122 Transaction (Config Mode)
Frame 6: 122 bytes on wire (976 bits), 122 bytes captured (976 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
7 13:45:17.234090 213.179.141.14 192.168.43.227 IPv4 58 Fragmented IP protocol (proto=UDP 17, off=0, ID=a702)
Frame 7: 58 bytes on wire (464 bits), 58 bytes captured (464 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
Data (24 bytes)
0000 11 94 11 94 08 48 c8 39 00 00 00 00 ee 47 d7 66 .....H.9.....G.f
0010 f5 f9 74 96 3d bf d6 cd ..t.=...
No. Time Source Destination Protocol Length Info
8 13:45:35.255073 192.168.43.227 213.179.141.14 UDPENCAP 43 NAT-keepalive
Frame 8: 43 bytes on wire (344 bits), 43 bytes captured (344 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
No. Time Source Destination Protocol Length Info
9 13:45:46.847385 213.179.141.14 192.168.43.227 ISAKMP 122 Transaction (Config Mode)
Frame 9: 122 bytes on wire (976 bits), 122 bytes captured (976 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
10 13:45:46.854262 213.179.141.14 192.168.43.227 ISAKMP 138 Informational
Frame 10: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
11 13:45:52.797312 192.168.43.227 213.179.141.14 ISAKMP 138 Transaction (Config Mode)
Frame 11: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
12 13:45:52.797528 192.168.43.227 213.179.141.14 ISAKMP 138 Informational
Frame 12: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
13 13:45:52.797666 192.168.43.227 213.179.141.14 ISAKMP 138 Informational
Frame 13: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
14 13:45:53.407404 213.179.141.14 192.168.43.227 ISAKMP 122 Transaction (Config Mode)
Frame 14: 122 bytes on wire (976 bits), 122 bytes captured (976 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
15 13:45:53.407620 213.179.141.14 192.168.43.227 ISAKMP 138 Informational
Frame 15: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
16 13:45:53.407824 192.168.43.227 213.179.141.14 ISAKMP 122 Transaction (Config Mode)
Frame 16: 122 bytes on wire (976 bits), 122 bytes captured (976 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
17 13:45:53.408026 192.168.43.227 213.179.141.14 ISAKMP 138 Transaction (Config Mode)
Frame 17: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
18 13:45:54.004135 213.179.141.14 192.168.43.227 ISAKMP 138 Transaction (Config Mode)
Frame 18: 138 bytes on wire (1104 bits), 138 bytes captured (1104 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
19 13:45:54.004967 192.168.43.227 213.179.141.14 ISAKMP 282 Quick Mode
Frame 19: 282 bytes on wire (2256 bits), 282 bytes captured (2256 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
20 13:45:54.644102 213.179.141.14 192.168.43.227 ISAKMP 202 Quick Mode
Frame 20: 202 bytes on wire (1616 bits), 202 bytes captured (1616 bits)
Ethernet II, Src: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f), Dst: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0)
Internet Protocol Version 4, Src: 213.179.141.14 (213.179.141.14), Dst: 192.168.43.227 (192.168.43.227)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
21 13:45:54.710110 192.168.43.227 213.179.141.14 ISAKMP 106 Quick Mode
Frame 21: 106 bytes on wire (848 bits), 106 bytes captured (848 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
Internet Security Association and Key Management Protocol
No. Time Source Destination Protocol Length Info
22 13:45:55.711364 192.168.43.227 213.179.141.14 UDPENCAP 43 NAT-keepalive
Frame 22: 43 bytes on wire (344 bits), 43 bytes captured (344 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
No. Time Source Destination Protocol Length Info
23 13:45:55.711406 192.168.43.227 213.179.141.14 UDPENCAP 43 NAT-keepalive
Frame 23: 43 bytes on wire (344 bits), 43 bytes captured (344 bits)
Ethernet II, Src: IntelCor_e8:ab:c0 (c4:85:08:e8:ab:c0), Dst: MS-NLB-PhysServer-24_60:65:74:2f (02:18:60:65:74:2f)
Internet Protocol Version 4, Src: 192.168.43.227 (192.168.43.227), Dst: 213.179.141.14 (213.179.141.14)
User Datagram Protocol, Src Port: 4500 (4500), Dst Port: 4500 (4500)
UDP Encapsulation of IPsec Packets
More information about the Swan-dev
mailing list