# uname -ar FreeBSD server 11.1-BETA2 FreeBSD 11.1-BETA2 #0 r320065: Sun Jun 18 15:03:00 MSK 2017 root@server:/usr/obj/usr/src/sys/SERVER amd64
# tail -f /var/log/racoon.log Jun 18 16:20:42 server racoon: alg_oakley_encdef_decrypt(3des klen=192 size=56): 0.000010 Jun 18 16:20:42 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=32): 0.000005 2017-06-18 16:21:59: INFO: caught signal 15 2017-06-18 16:21:59: INFO: racoon process 25941 shutdown 2017-06-18 16:21:59: INFO: @(#)ipsec-tools 0.8.2 (http://ipsec-tools.sourceforge.net) 2017-06-18 16:21:59: INFO: @(#)This product linked OpenSSL 1.0.2j-freebsd 26 Sep 2016 (http://www.openssl.org/) 2017-06-18 16:21:59: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf" 2017-06-18 16:21:59: INFO: 85.113.221.175[4500] used for NAT-T 2017-06-18 16:21:59: INFO: 85.113.221.175[4500] used as isakmp port (fd=5) 2017-06-18 16:21:59: INFO: 85.113.221.175[500] used as isakmp port (fd=6) 2017-06-18 16:22:15: INFO: respond new phase 1 negotiation: 85.113.221.175[500]<=>2.94.202.179[500] 2017-06-18 16:22:15: INFO: begin Identity Protection mode. 2017-06-18 16:22:15: INFO: received broken Microsoft ID: MS NT5 ISAKMPOAKLEY 2017-06-18 16:22:15: INFO: received Vendor ID: RFC 3947 2017-06-18 16:22:15: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
2017-06-18 16:22:15: INFO: received Vendor ID: FRAGMENTATION 2017-06-18 16:22:15: [2.94.202.179] INFO: Selected NAT-T version: RFC 3947 2017-06-18 16:22:15: ERROR: invalid DH group 20. 2017-06-18 16:22:15: ERROR: invalid DH group 19. Jun 18 16:22:15 server racoon: phase1(ident R msg1): 0.000883 2017-06-18 16:22:15: [85.113.221.175] INFO: Hashing 85.113.221.175[500] with algo #2 2017-06-18 16:22:15: INFO: NAT-D payload #0 verified 2017-06-18 16:22:15: [2.94.202.179] INFO: Hashing 2.94.202.179[500] with algo #2 2017-06-18 16:22:15: INFO: NAT-D payload #1 doesn't match 2017-06-18 16:22:15: INFO: NAT detected: PEER Jun 18 16:22:15 server racoon: oakley_dh_generate(MODP1024): 0.002146 2017-06-18 16:22:15: [2.94.202.179] INFO: Hashing 2.94.202.179[500] with algo #2 2017-06-18 16:22:15: [85.113.221.175] INFO: Hashing 85.113.221.175[500] with algo #2 2017-06-18 16:22:15: INFO: Adding remote and local NAT-D payloads. Jun 18 16:22:15 server racoon: oakley_dh_compute(MODP1024): 0.002038 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=64): 0.000017 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=145): 0.000006 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=165): 0.000006 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=165): 0.000006 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=1): 0.000005 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=20): 0.000006 Jun 18 16:22:15 server racoon: phase1(ident R msg2): 0.006046 2017-06-18 16:22:15: INFO: NAT-T: ports changed to: 2.94.202.179[4500]<->85.113.221.175[4500] Jun 18 16:22:15 server racoon: alg_oakley_encdef_decrypt(3des klen=192 size=40): 0.000042 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=488): 0.000014 Jun 18 16:22:15 server racoon: oakley_validate_auth(pre-shared key): 0.000292 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=488): 0.000009 Jun 18 16:22:15 server racoon: alg_oakley_encdef_encrypt(3des klen=192 size=40): 0.000014 Jun 18 16:22:15 server racoon: phase1(ident R msg3): 0.000846 Jun 18 16:22:15 server racoon: phase1(Identity Protection): 0.064230 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=32): 0.000004 Jun 18 16:22:15 server racoon: alg_oakley_encdef_encrypt(3des klen=192 size=56): 0.000011 2017-06-18 16:22:15: INFO: ISAKMP-SA established 85.113.221.175[4500]-2.94.202.179[4500] spi:98d9e9584bd86d0c:6b58e2d9b8d1df63 2017-06-18 16:22:15: INFO: respond new phase 2 negotiation: 85.113.221.175[4500]<=>2.94.202.179[4500] Jun 18 16:22:15 server racoon: alg_oakley_encdef_decrypt(3des klen=192 size=304): 0.000035 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=276): 0.000008 2017-06-18 16:22:15: INFO: Update the generated policy : 2.94.202.179/32[1701] 85.113.221.175/32[1701] proto=udp dir=in 2017-06-18 16:22:15: INFO: Adjusting my encmode UDP-Transport->Transport 2017-06-18 16:22:15: INFO: Adjusting peer's encmode UDP-Transport(4)->Transport(2) Jun 18 16:22:15 server racoon: phase2(???): 0.000828 2017-06-18 16:22:15: ERROR: pfkey UPDATE failed: No such process 2017-06-18 16:22:15: INFO: IPsec-SA established: ESP 85.113.221.175[4500]->2.94.202.179[4500] spi=2525305594(0x96851afa) Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=188): 0.000006 Jun 18 16:22:15 server racoon: alg_oakley_encdef_encrypt(3des klen=192 size=168): 0.000022 Jun 18 16:22:15 server racoon: phase2(quick R msg1): 0.000137 Jun 18 16:22:15 server racoon: alg_oakley_encdef_decrypt(3des klen=192 size=32): 0.000010 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=69): 0.000008 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=69): 0.000004 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=89): 0.000004 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=89): 0.000005 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=69): 0.000005 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=89): 0.000004 Jun 18 16:22:15 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=89): 0.000006 Jun 18 16:22:15 server racoon: phase2(???): 0.000450 2017-06-18 16:22:30: ERROR: 2.94.202.179 give up to get IPsec-SA due to time up to wait. 2017-06-18 16:22:50: INFO: purged IPsec-SA proto_id=ESP spi=2525305594. Jun 18 16:22:50 server racoon: alg_oakley_encdef_decrypt(3des klen=192 size=48): 0.000015 Jun 18 16:22:50 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=20): 0.000007 Jun 18 16:22:50 server racoon: alg_oakley_encdef_decrypt(3des klen=192 size=56): 0.000011 2017-06-18 16:22:50: INFO: ISAKMP-SA expired 85.113.221.175[4500]-2.94.202.179[4500] spi:98d9e9584bd86d0c:6b58e2d9b8d1df63 Jun 18 16:22:50 server racoon: alg_oakley_hmacdef_one(hmac_sha1 size=32): 0.000005 2017-06-18 16:22:50: INFO: ISAKMP-SA deleted 85.113.221.175[4500]-2.94.202.179[4500] spi:98d9e9584bd86d0c:6b58e2d9b8d1df63
ipsec-tools собpан так:
qqqqqqqqqqqqqqqqqqqqqqqqqqq ipsec-tools-0.8.2_2 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk � lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x � x x [x] ADMINPORT Enable Admin port � x x [x] DEBUG Build with debugging support � x x [ ] DOCS Build and/or install documentation � x x [x] DPD Dead Peer Detection � x x [x] EXAMPLES Build and/or install examples � x x [x] FRAG IKE fragmentation payload support � x x [ ] GSSAPI GSSAPI Security API support � x x [x] HYBRID Hybrid, Xauth and Mode-cfg support � x x [x] IDEA IDEA encryption (patented) � x x [x] IPV6 IPv6 protocol support � x x [ ] LDAP LDAP authentication (Xauth server) � x x [x] NATT NAT-Traversal (kernel-patch required before 11.0-STABLE) � x x [x] NATTF require NAT-Traversal (fail without kernel-patch) � x x [x] PAM PAM authentication (Xauth server) � x x [x] RADIUS Radius authentication (Xauth server) � x x [x] RC5 RC5 encryption (patented) � x x [x] SAUNSPEC Unspecified SA mode � x x [x] STATS Statistics logging function � x x [x] WCPSKEY Allow wildcard matching for pre-shared keys
Bye, , 18 июня 17 --- FIPS/IP <build 01.14> * Origin: A bove majore discit arare minor (2:5034/10.1)
