[Swan] "responder" response "INVALID_ID_INFORMATION" in "msg 2 of quick mode" in libreswan v3.20
Hao Chen
earthlovepython at outlook.com
Thu Dec 28 03:54:18 UTC 2017
Hi All:
Same configuration file. Works in v3.12, but peer(responder) response us "INVALID_ID_INFORMATION" while we are "initiator" in v3.20.
Can you please tell me some clue?
Thanks
Message 5 in main mode:
=====================================
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 08 00 00 0c 01 00 00 00 ac 10 a2 39 00 00 00 14
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 80 6a 09 e9 15 72 b4 e6 88 fd ec e0 7e 2b 36 5e
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | IV: 96 65 25 37 52 3a 51 7a 5e 94 a0 69 b4 5e ee 96
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | unpadded size is: 32
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting 32 using OAKLEY_3DES_CBC
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | NSS: do_3des init start
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | NSS: do_3des init end
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | next IV: 3a 9e cd 4f cb 55 fa 51
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | no IKEv1 message padding required
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting length of ISAKMP Message: 60
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | complete v1 state transition with STF_OK
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: "PGW_ARES_ipsec" #508: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | parent state #508: STATE_MAIN_I2(open-ike) => STATE_MAIN_I3(open-ike)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | sending 60 bytes for STATE_MAIN_I2 through bond.2250:500 to 172.24.252.40:500 (using #508)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 9b 29 c9 1e 65 eb 51 36 7f 42 0c f0 b5 7c fa fb
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 05 10 02 01 00 00 00 00 00 00 00 3c 3d 53 eb 5d
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 91 be 4d cb a6 5c 9b 4c 97 a1 59 40 88 84 1a 35
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 49 28 d7 cf 3a 9e cd 4f cb 55 fa 51
====> I can see the "ID" is "ac 10 a2 39", it is IP of "172.16.162.57"
Message 1 in quick mode:
=====================================
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | quick_outI1_continue for #509: calculated ke+nonce, sending I1
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting 16 zero bytes of HASH into ISAKMP Hash Payload
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting length of ISAKMP Hash Payload: 20
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting length of ISAKMP Transform Payload (ESP): 28
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting length of ISAKMP Transform Payload (ESP): 28
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting length of ISAKMP Proposal Payload: 68
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting length of ISAKMP Security Association Payload: 80
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | ***emit ISAKMP Nonce Payload:
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | next payload type: ISAKMP_NEXT_KE (0x4)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting 32 raw bytes of Ni into ISAKMP Nonce Payload
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | Ni 4b 7e d9 6b 66 5f 1e 9e df fb 2d 28 6f 76 f1 db
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | Ni 4f 4a 4d f7 69 37 9c 65 19 e5 84 20 b7 da 71 a2
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting length of ISAKMP Nonce Payload: 36
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | wire (crypto helper) group MODP1024 and state group MODP1024 match
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | saving DH priv (local secret) and pub key into state struct
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | ***emit ISAKMP Key Exchange Payload:
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | next payload type: ISAKMP_NEXT_NONE (0x0)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | keyex value d5 92 d7 29 6f 86 58 0b 88 f3 33 56 63 dd 3e b3
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | keyex value eb 70 00 d0 05 39 cf f7 4b ae 4c 79 ef 35 8c b6
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | keyex value 6a 51 7b dd 13 5e 3c 2a 83 1e dc 74 ed 9c 47 ab
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | keyex value 55 9c 66 f1 ee d7 35 08 a4 e6 35 9d 43 5e 11 f5
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | keyex value a8 ef ab 0c fd 22 63 81 02 d0 28 48 7d bd 59 5b
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | keyex value ca 28 f7 7a 70 5b ce 4e 54 e7 8e 51 b7 d8 47 cb
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | keyex value 5d b5 21 af 34 a2 0f c5 d6 10 3c 75 66 ed f1 e7
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | keyex value b1 11 4e 62 87 37 e5 fa 99 67 42 8d 53 f6 a4 60
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting length of ISAKMP Key Exchange Payload: 132
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 01 00 00 14 a8 f8 0f 87 3c 35 40 61 e1 21 2e db
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 4f 7c 02 db 0a 00 00 50 00 00 00 01 00 00 00 01
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 00 00 00 44 00 03 04 02 46 4c 48 e5 03 00 00 1c
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 00 03 00 00 80 03 00 02 80 04 00 02 80 01 00 01
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 80 02 70 80 80 05 00 01 00 00 00 1c 01 03 00 00
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 80 03 00 02 80 04 00 02 80 01 00 01 80 02 70 80
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 80 05 00 02 04 00 00 24 4b 7e d9 6b 66 5f 1e 9e
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: df fb 2d 28 6f 76 f1 db 4f 4a 4d f7 69 37 9c 65
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 19 e5 84 20 b7 da 71 a2 00 00 00 84 d5 92 d7 29
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 6f 86 58 0b 88 f3 33 56 63 dd 3e b3 eb 70 00 d0
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 05 39 cf f7 4b ae 4c 79 ef 35 8c b6 6a 51 7b dd
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 13 5e 3c 2a 83 1e dc 74 ed 9c 47 ab 55 9c 66 f1
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: ee d7 35 08 a4 e6 35 9d 43 5e 11 f5 a8 ef ab 0c
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: fd 22 63 81 02 d0 28 48 7d bd 59 5b ca 28 f7 7a
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 70 5b ce 4e 54 e7 8e 51 b7 d8 47 cb 5d b5 21 af
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 34 a2 0f c5 d6 10 3c 75 66 ed f1 e7 b1 11 4e 62
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting: 87 37 e5 fa 99 67 42 8d 53 f6 a4 60
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | IV: 05 0a 7b 98 de 48 59 c1 47 c5 f9 3e 9b 4c 87 ef
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | unpadded size is: 268
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | emitting 4 zero bytes of encryption padding into ISAKMP Message
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | encrypting 272 using OAKLEY_3DES_CBC
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | sending 300 bytes for reply packet from quick_outI1 through bond.2250:500 to 172.24.252.40:500 (using #509)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 9b 29 c9 1e 65 eb 51 36 7f 42 0c f0 b5 7c fa fb
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 08 10 20 01 db 65 69 13 00 00 01 2c 53 b2 b7 32
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 6a ff 45 6f 25 24 31 63 bd 99 a4 40 1b 45 3b ef
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | df cc 19 a1 11 6f cf b7 ed a1 3f bf 3a c2 5c ad
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 47 bc 06 2f 30 01 34 48 c9 19 01 55 61 66 00 fc
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 9c 55 68 20 b8 c1 fd 15 a3 9b 91 77 28 21 d7 c6
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 41 6e 8b 49 4c df e7 e9 47 b9 b7 08 bf 32 5b 1c
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | be 6d c9 11 85 89 64 57 11 e1 54 b4 36 b1 64 df
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 46 75 ff e1 3c 85 8e fe b9 d1 a4 e7 ce f7 61 45
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | d7 9a 19 cb 25 6f f6 d7 d8 23 81 3d 13 30 40 b1
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 1e 63 28 e3 e5 b0 09 0d 89 82 f5 f0 0a 41 83 df
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | e0 7c f3 83 d5 06 33 83 e9 4c a6 70 f9 46 44 d9
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | d3 0f 61 e4 23 fa ef 6c a1 4b 1e 31 0c 04 b4 13
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | d6 52 07 4c 35 4f b5 88 0a b7 63 6b f2 a4 e6 3b
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 94 5d d9 d1 ab be 1a e2 ec af 2f 60 97 fb 6a b8
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 0d 01 f6 bd 17 60 83 77 02 38 e8 82 96 0a e5 79
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | a5 f4 f2 c1 19 56 1a 3a 7d 6f 7e 2d ec de 08 49
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 42 ac b0 a7 03 dc d7 e5 38 b7 db fc 48 4a 81 d0
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 04 80 13 ce 24 34 5a ea 6b ac 8d 9d
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | state #509 requesting EVENT_CRYPTO_FAILED to be deleted
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | delete_pluto_event: release EVENT_CRYPTO_FAILED-pe at 0x55ac546aedb8
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | event_schedule_ms called for about 500 ms
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | event_schedule_tv: new EVENT_v1_RETRANSMIT-pe at 0x55ac54635898
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | event_schedule_tv called for about 0 seconds and change
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | inserting event EVENT_v1_RETRANSMIT, timeout in 0.500000 seconds for #509
response 1 in quick mode:
=====================================
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | *received 76 bytes from 172.24.252.40:500 on bond.2250 (port=500)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 9b 29 c9 1e 65 eb 51 36 7f 42 0c f0 b5 7c fa fb
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 08 10 05 01 08 31 97 4d 00 00 00 4c 25 c3 81 fc
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 04 5d 25 61 34 f7 12 5a 2b 4d 29 99 95 6e b1 0f
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 0c 05 de f8 a6 c6 ec 41 f8 0d 76 3a 7c 7c c7 e5
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 08 91 21 d9 36 c9 81 5f 02 45 6d 41
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | decrypted:
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 0b 00 00 14 91 4e d8 1e 1f df f3 d9 bc 8d 77 ff
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | b5 ed d9 dd 00 00 00 1c 00 00 00 01 03 04 00 12
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | 46 4c 48 e5 80 0c 00 01 00 08 00 04 db 65 69 13
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | next IV: 36 c9 81 5f 02 45 6d 41
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | got payload 0x100 (ISAKMP_NEXT_HASH) needed: 0x100opt: 0x0
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | ***parse ISAKMP Hash Payload:
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | next payload type: ISAKMP_NEXT_N (0xb)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | length: 20 (0x14)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | got payload 0x800 (ISAKMP_NEXT_N) needed: 0x0opt: 0x0
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | ***parse ISAKMP Notification Payload:
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | next payload type: ISAKMP_NEXT_NONE (0x0)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | length: 28 (0x1c)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | DOI: ISAKMP_DOI_IPSEC (0x1)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | protocol ID: 3 (0x3)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | SPI size: 4 (0x4)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: | Notify Message Type: INVALID_ID_INFORMATION (0x12)
Dec 14 14:02:08 txwlxtpmf2a pluto[27271]: "PGW_ARES_ipsec" #508: ignoring informational payload INVALID_ID_INFORMATION, msgid=00000000, length=28
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20171228/8738bf73/attachment-0001.html>
More information about the Swan
mailing list