Ipsec to Sonicwall, what does this message mean?

Norberto Meijome Mon, 01 Jan 2007 09:17:23 -0800

Hi all,
I'm trying to connect to a Sonicwall TZ170 (I believe), from my FBSD
6.2-Prerelease. I have a username, password and PSK (ie, Xauth PSK) from the
SonicW's admin (who refuses to provide any help for non MS OS :-) ).


I've installed ipsec-tools-0.6.6  because I believe (wrongly?) that ipsec in
the base system doesn't support xauth ... is this correct? 

Anyway, I configured racoon.cfg and psk.txt to the best of my current
abilities. I then get:

# racoonctl vpn-connect SONICW_IP_ADDRESS
Error: Peer not responding

It seems my side is receiving a packet with DOI type 0 (as per wireshark, 
whatever that means...)... and racoon complains with;

Jan  2 03:28:18 ayiin racoon: ERROR: reject the packet, received unexpecting 
payload type 0.

(complete log after my signature at end of this mail) 

I'd love any help that will help me understand what am I doing wrong. I can't 
see *WHY* I wouldn't be able to connect to this Sonic, other than a problem 
between the chair and the keyboard :) Alternative ways of doing this same thing 
with other packages / base tools are greatly appreciated.

thanks in advance!!!
B



Configuration gory details:

192.168.13.3 is my laptop's IP. hostname is ayiin. I have UDP/500 port 
forwarded to this machine, and my local firewall is open for this traffic 
(udp/500 from SOCNIW_IP_ADDRESS)

my racoon.conf is:
---
path include "@sysconfdir_x@/racoon";
path pre_shared_key "@sysconfdir_x@/racoon/psk.txt";
log debug;

# Specify various default timers.
timer
{
        # These value can be changed per remote node.
        counter 5;              # maximum trying count to send.
        interval 20 sec;        # maximum interval to resend.
        persend 1;              # the number of packets per send.

        # maximum time to wait for completing each phase.
        phase1 30 sec;
        phase2 15 sec;
}

remote SONICW_IP_ADDRESS
{
       
        lifetime time 1 hour;
        exchange_mode main, aggressive;
        #ca_type x509 "ca.crt";
        proposal_check obey;
        mode_cfg on;            # accept config through ISAKMP mode config
        dpd_delay 20;
       # nat_traversal force;
        ike_frag on;
       # esp_frag 552;
        #script "/etc/racoon/phase1-up.sh" phase1_up;
        #script "/etc/racoon/phase1-down.sh" phase1_down;
        passive off;
        
        xauth_login "beto";
        
        proposal {
                encryption_algorithm aes;
                hash_algorithm sha1;
                authentication_method hybrid_rsa_client;
                dh_group 2;
       }
}

sainfo anonymous {
        lifetime time 1 hour;
        encryption_algorithm aes;
        authentication_algorithm hmac_sha1;
        compression_algorithm deflate ;
}
-------

my psk.txt has:
-----
## Host to connect , PSK to use

SONICW_IP_ADDRESS  PSK_TO_SONIC
## XAuth bit
beto  My_MagicPassword
----

My kern conf includes: 
## IPSEC VPNs
options                 IPSEC
options                 IPSEC_ESP

ipsec-tools options are : 
_OPTIONS_READ=ipsec-tools-0.6.6
WITH_DEBUG=true
WITH_IPV6=true
WITH_ADMINPORT=true
WITH_STATS=true
WITH_DPD=true
WITH_NATT=true
WITHOUT_NATTF=true
WITH_FRAG=true
WITH_HYBRID=true
WITH_PAM=true
WITH_GSSAPI=true
WITH_RADIUS=true
WITH_SAUNSPEC=true
WITHOUT_RC5=true
WITHOUT_IDEA=true

but I didn't apply the NAT-T kernel patch (yet).

_________________________
{Beto|Norberto|Numard} Meijome

What you are afraid to do is a clear indicator of the next thing you need to do.

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.

In the log file, I get : (apologies for wrapping)..
---
Jan  2 03:28:18 ayiin racoon: DEBUG: configuration found for SONICW_IP_ADDRESS.
Jan  2 03:28:18 ayiin racoon: INFO: accept a request to establish IKE-SA: 
SONICW_IP_ADDRESS
Jan  2 03:28:18 ayiin racoon: DEBUG: ===
Jan  2 03:28:18 ayiin racoon: INFO: initiate new phase 1 negotiation: 
192.168.13.3[500]<=>SONICW_IP_ADDRESS[500]
Jan  2 03:28:18 ayiin racoon: INFO: begin Identity Protection mode.
Jan  2 03:28:18 ayiin racoon: DEBUG: new cookie: 6b685b8598c46c46 
Jan  2 03:28:18 ayiin racoon: DEBUG: add payload of len 52, next type 13
Jan  2 03:28:18 ayiin racoon: DEBUG: add payload of len 16, next type 0
Jan  2 03:28:18 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to 
SONICW_IP_ADDRESS[500]
Jan  2 03:28:18 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan  2 03:28:18 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan  2 03:28:18 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan  2 03:28:18 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent 
to SONICW_IP_ADDRESS[500]
Jan  2 03:28:18 ayiin racoon: DEBUG:  6b685b85 98c46c46 00000000 00000000 
01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 
00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 
80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan  2 03:28:18 ayiin racoon: DEBUG: resend phase1 packet 
6b685b8598c46c46:0000000000000000
Jan  2 03:28:18 ayiin racoon: phase1(ident I msg1): 0.000436
Jan  2 03:28:18 ayiin racoon: DEBUG: ===
Jan  2 03:28:18 ayiin racoon: DEBUG: 92 bytes message received from 
SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan  2 03:28:18 ayiin racoon: DEBUG:  6b685b85 98c46c46 04297297 6865ef0c 
0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 
04297297 6865ef0c 00060004 00000000 00040018 0000004e 6f207072 6f706f73 
616c2069 73206368 6f73656e
Jan  2 03:28:18 ayiin racoon: DEBUG: receive Information.
Jan  2 03:28:18 ayiin racoon: ERROR: reject the packet, received unexpecting 
payload type 0.
Jan  2 03:28:38 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to 
SONICW_IP_ADDRESS[500]
Jan  2 03:28:38 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan  2 03:28:38 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan  2 03:28:38 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan  2 03:28:38 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent 
to SONICW_IP_ADDRESS[500]
Jan  2 03:28:38 ayiin racoon: DEBUG:  6b685b85 98c46c46 00000000 00000000 
01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 
00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 
80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan  2 03:28:38 ayiin racoon: DEBUG: resend phase1 packet 
6b685b8598c46c46:0000000000000000
Jan  2 03:28:38 ayiin racoon: DEBUG: ===
Jan  2 03:28:38 ayiin racoon: DEBUG: 92 bytes message received from 
SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan  2 03:28:38 ayiin racoon: DEBUG:  6b685b85 98c46c46 46bfd899 6661a528 
0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 
46bfd899 6661a528 00060004 00000000 00040018 0000004e 6f207072 6f706f73 
616c2069 73206368 6f73656e
Jan  2 03:28:38 ayiin racoon: DEBUG: receive Information.
Jan  2 03:28:38 ayiin racoon: ERROR: reject the packet, received unexpecting 
payload type 0.
Jan  2 03:28:58 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to 
SONICW_IP_ADDRESS[500]
Jan  2 03:28:58 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan  2 03:28:58 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan  2 03:28:58 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan  2 03:28:58 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent 
to SONICW_IP_ADDRESS[500]
Jan  2 03:28:58 ayiin racoon: DEBUG:  6b685b85 98c46c46 00000000 00000000 
01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 
00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 
80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan  2 03:28:58 ayiin racoon: DEBUG: resend phase1 packet 
6b685b8598c46c46:0000000000000000
Jan  2 03:28:58 ayiin racoon: DEBUG: ===
Jan  2 03:28:58 ayiin racoon: DEBUG: 92 bytes message received from 
SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan  2 03:28:58 ayiin racoon: DEBUG:  6b685b85 98c46c46 188529ff 8727ef75 
0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 
188529ff 8727ef75 00060004 00000000 00040018 0000004e 6f207072 6f706f73 
616c2069 73206368 6f73656e
Jan  2 03:28:58 ayiin racoon: DEBUG: receive Information.
Jan  2 03:28:58 ayiin racoon: ERROR: reject the packet, received unexpecting 
payload type 0.
Jan  2 03:29:09 ayiin racoon: DEBUG: caught rtm:14, need update interface 
address list
Jan  2 03:29:14 ayiin racoon: DEBUG: my interface: 192.168.13.3 (iwi0)
Jan  2 03:29:14 ayiin racoon: DEBUG: my interface: 127.0.0.1 (lo0)
Jan  2 03:29:14 ayiin racoon: DEBUG: configuring default isakmp port.
Jan  2 03:29:14 ayiin racoon: DEBUG: 2 addrs are configured successfully
Jan  2 03:29:14 ayiin racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=9)
Jan  2 03:29:14 ayiin racoon: INFO: 192.168.13.3[500] used as isakmp port 
(fd=10)
Jan  2 03:29:18 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to 
SONICW_IP_ADDRESS[500]
Jan  2 03:29:18 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan  2 03:29:18 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan  2 03:29:18 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan  2 03:29:18 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent 
to SONICW_IP_ADDRESS[500]
Jan  2 03:29:18 ayiin racoon: DEBUG:  6b685b85 98c46c46 00000000 00000000 
01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 
00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 
80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan  2 03:29:18 ayiin racoon: DEBUG: resend phase1 packet 
6b685b8598c46c46:0000000000000000
Jan  2 03:29:18 ayiin racoon: DEBUG: ===
Jan  2 03:29:18 ayiin racoon: DEBUG: 92 bytes message received from 
SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan  2 03:29:18 ayiin racoon: DEBUG:  6b685b85 98c46c46 2d182ee5 3f0644a6 
0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 
2d182ee5 3f0644a6 00060004 00000000 00040018 0000004e 6f207072 6f706f73 
616c2069 73206368 6f73656e
Jan  2 03:29:18 ayiin racoon: DEBUG: receive Information.
Jan  2 03:29:18 ayiin racoon: ERROR: reject the packet, received unexpecting 
payload type 0.
Jan  2 03:29:38 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to 
SONICW_IP_ADDRESS[500]
Jan  2 03:29:38 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan  2 03:29:38 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan  2 03:29:38 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan  2 03:29:38 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent 
to SONICW_IP_ADDRESS[500]
Jan  2 03:29:38 ayiin racoon: DEBUG:  6b685b85 98c46c46 00000000 00000000 
01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 
00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 
80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan  2 03:29:38 ayiin racoon: DEBUG: resend phase1 packet 
6b685b8598c46c46:0000000000000000
Jan  2 03:29:38 ayiin racoon: DEBUG: ===
Jan  2 03:29:38 ayiin racoon: DEBUG: 92 bytes message received from 
SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan  2 03:29:38 ayiin racoon: DEBUG:  6b685b85 98c46c46 dfb5fdc4 ec605c45 
0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 
dfb5fdc4 ec605c45 00060004 00000000 00040018 0000004e 6f207072 6f706f73 
616c2069 73206368 6f73656e
Jan  2 03:29:38 ayiin racoon: DEBUG: receive Information.
Jan  2 03:29:38 ayiin racoon: ERROR: reject the packet, received unexpecting 
payload type 0.
Jan  2 03:29:58 ayiin racoon: DEBUG: 104 bytes from 192.168.13.3[500] to 
SONICW_IP_ADDRESS[500]
Jan  2 03:29:58 ayiin racoon: DEBUG: sockname 192.168.13.3[500]
Jan  2 03:29:58 ayiin racoon: DEBUG: send packet from 192.168.13.3[500]
Jan  2 03:29:58 ayiin racoon: DEBUG: send packet to SONICW_IP_ADDRESS[500]
Jan  2 03:29:58 ayiin racoon: DEBUG: 1 times of 104 bytes message will be sent 
to SONICW_IP_ADDRESS[500]
Jan  2 03:29:58 ayiin racoon: DEBUG:  6b685b85 98c46c46 00000000 00000000 
01100200 00000000 00000068 0d000038 00000001 00000001 0000002c 01010001 
00000024 01010000 800b0001 800c7080 80010007 800e0080 8003fadd 80020002 
80040002 00000014 afcad713 68a1f1c9 6b8696fc 77570100
Jan  2 03:29:58 ayiin racoon: DEBUG: resend phase1 packet 
6b685b8598c46c46:0000000000000000
Jan  2 03:29:58 ayiin racoon: DEBUG: ===
Jan  2 03:29:58 ayiin racoon: DEBUG: 92 bytes message received from 
SONICW_IP_ADDRESS[500] to 192.168.13.3[500]
Jan  2 03:29:58 ayiin racoon: DEBUG:  6b685b85 98c46c46 a44efcf5 7e944979 
0b100500 00000000 0000005c 00000040 00000000 0110000e 6b685b85 98c46c46 
a44efcf5 7e944979 00060004 00000000 00040018 0000004e 6f207072 6f706f73 
616c2069 73206368 6f73656e
Jan  2 03:29:58 ayiin racoon: DEBUG: receive Information.
Jan  2 03:29:58 ayiin racoon: ERROR: reject the packet, received unexpecting 
payload type 0.
Jan  2 03:30:15 ayiin racoon: DEBUG: caught rtm:14, need update interface 
address list
Jan  2 03:30:18 ayiin racoon: ERROR: phase1 negotiation failed due to time up. 
6b685b8598c46c46:0000000000000000
Jan  2 03:30:20 ayiin racoon: DEBUG: my interface: 192.168.13.3 (iwi0)
Jan  2 03:30:20 ayiin racoon: DEBUG: my interface: 127.0.0.1 (lo0)
Jan  2 03:30:20 ayiin racoon: DEBUG: configuring default isakmp port.
Jan  2 03:30:20 ayiin racoon: DEBUG: 2 addrs are configured successfully
Jan  2 03:30:20 ayiin racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=9)
Jan  2 03:30:20 ayiin racoon: INFO: 192.168.13.3[500] used as isakmp port 
(fd=10)
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Ipsec to Sonicwall, what does this message mean?

Reply via email to