Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

About the null encryption algorithm #407

Open
missionceo opened this issue Oct 29, 2019 · 0 comments
Open

About the null encryption algorithm #407

missionceo opened this issue Oct 29, 2019 · 0 comments

Comments

@missionceo
Copy link

i find a file called ipsec_alg_null.c in openswan2.4.x,and the i compile it in openswan2.6.x,when i establish IPSEC tunnel,Something strange happened,Channels can be created,but i can`t ping with lan to lan mode,here is the logs.kernel version is 3.4.69
Plutorun started on Sat Jan 1 11:04:41 CST 2000
adjusting ipsec.d to /etc/ipsec.d
Labelled IPsec not enabled; value 32001 ignored.
Starting Pluto (Openswan Version ; Vendor ID OSWMMBusST@r) pid:11000
WARNING: 1DES is enabled
LEAK_DETECTIVE support [disabled]
OCF support for IKE via /dev/crypto [enabled]
SAref support [disabled]: Protocol not available
SAbind support [disabled]: Protocol not available
NSS support [disabled]
HAVE_STATSD notification support not compiled in
Setting NAT-Traversal port-4500 floating to on
port floating activation criteria nat_t=1/port_float=1
NAT-Traversal support [enabled]
using /dev/urandom as source of random entropy
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
starting up 1 cryptographic helpers
started helper pid=11007 (fd:7)
OCF assist for IKE for AES crypto enabled
OCF assist for IKE for DES crypto enabled
OCF assist for IKE for 3DES crypto enabled
Using KLIPS IPsec interface code on 3.4.69
Changing to directory '/etc/ipsec.d/acerts'
using /dev/urandom as source of random entropy
OCF assist for IKE for AES crypto enabled
OCF assist for IKE for DES crypto enabled
OCF assist for IKE for 3DES crypto enabled
adding connection: "aaa"
listening for IKE messages
adding interface ipsec0/eth1.4093 192.168.20.223:500
adding interface ipsec0/eth1.4093 192.168.20.223:4500
loading secrets from "/etc/ipsec.secrets"
"aaa" #1: initiating Main Mode
"aaa" #1: received Vendor ID payload [Openswan (this version) ]
"aaa" #1: received Vendor ID payload [Dead Peer Detection]
"aaa" #1: received Vendor ID payload [RFC 3947] method set to=115
"aaa" #1: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
"aaa" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"aaa" #1: STATE_MAIN_I2: sent MI2, expecting MR2
"aaa" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
"aaa" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"aaa" #1: STATE_MAIN_I3: sent MI3, expecting MR3
"aaa" #1: received Vendor ID payload [CAN-IKEv2]
"aaa" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.20.167'
"aaa" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"aaa" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
"aaa" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:6d5f13fe proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
"aaa" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
"aaa" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x076a5c72 <0x42bb551a xfrm=NULL_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
"aaa" #3: initiating Main Mode to replace #1
"aaa" #3: received Vendor ID payload [Openswan (this version) ]
"aaa" #3: received Vendor ID payload [Dead Peer Detection]
"aaa" #3: received Vendor ID payload [RFC 3947] method set to=115
"aaa" #3: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
"aaa" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"aaa" #3: STATE_MAIN_I2: sent MI2, expecting MR2
"aaa" #3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
"aaa" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"aaa" #3: STATE_MAIN_I3: sent MI3, expecting MR3
"aaa" #3: received Vendor ID payload [CAN-IKEv2]
"aaa" #3: Main mode peer ID is ID_IPV4_ADDR: '192.168.20.167'
"aaa" #3: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"aaa" #3: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
"aaa" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK to replace #2 {using isakmp#3 msgid:12f50503 proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
"aaa" #4: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
"aaa" #4: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x076a5c73 <0x42bb551b xfrm=NULL_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
"aaa" #1: received Delete SA payload: deleting ISAKMP State #1
"aaa" #1: deleting state #1 (STATE_MAIN_I4)
packet from 192.168.20.167:500: received and ignored informational message
"aaa" #2: deleting state #2 (STATE_QUICK_I2)
| 02 04 00 03 0b 00 00 00 16 00 00 00 f8 2a 00 00
| 03 00 01 00 07 6a 5c 72 00 01 00 00 00 00 00 00
| 00 00 00 00 00 00 00 00 03 00 05 00 00 00 00 00
| 02 00 00 00 c0 a8 14 df 00 00 00 00 00 00 00 00
| 03 00 06 00 00 00 00 00 02 00 00 00 c0 a8 14 a7
| 00 00 00 00 00 00 00 00
"aaa" #3: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x076a5c72) not found (maybe expired)
"aaa" #3: received and ignored informational message
"aaa" #5: initiating Main Mode to replace #3
"aaa" #5: received Vendor ID payload [Openswan (this version) ]
"aaa" #5: received Vendor ID payload [Dead Peer Detection]
"aaa" #5: received Vendor ID payload [RFC 3947] method set to=115
"aaa" #5: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
"aaa" #5: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"aaa" #5: STATE_MAIN_I2: sent MI2, expecting MR2
"aaa" #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
"aaa" #5: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"aaa" #5: STATE_MAIN_I3: sent MI3, expecting MR3
"aaa" #5: received Vendor ID payload [CAN-IKEv2]
"aaa" #5: Main mode peer ID is ID_IPV4_ADDR: '192.168.20.167'
"aaa" #5: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"aaa" #5: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
"aaa" #6: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK to replace #4 {using isakmp#5 msgid:e49148c8 proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
"aaa" #6: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
"aaa" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x076a5c74 <0x42bb551c xfrm=NULL_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
"aaa" #3: received Delete SA payload: deleting ISAKMP State #3
"aaa" #3: deleting state #3 (STATE_MAIN_I4)
packet from 192.168.20.167:500: received and ignored informational message
"aaa" #5: received Delete SA(0x076a5c73) payload: deleting IPSEC State #4
"aaa" #5: deleting state #4 (STATE_QUICK_I2)
| 02 04 00 03 0b 00 00 00 20 00 00 00 f8 2a 00 00
| 03 00 01 00 07 6a 5c 73 00 01 00 00 00 00 00 00
| 00 00 00 00 00 00 00 00 03 00 05 00 00 00 00 00
| 02 00 00 00 c0 a8 14 df 00 00 00 00 00 00 00 00
| 03 00 06 00 00 00 00 00 02 00 00 00 c0 a8 14 a7
| 00 00 00 00 00 00 00 00
"aaa" #5: received and ignored informational message
"aaa" #7: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK to replace #6 {using isakmp#5 msgid:a8930889 proposal=NULL(11)_000-MD5(1)_128 pfsgroup=no-pfs}
"aaa" #7: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
"aaa" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x076a5c75 <0x42bb551d xfrm=NULL_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
"aaa" #8: initiating Main Mode to replace #5
"aaa" #8: received Vendor ID payload [Openswan (this version) ]
"aaa" #8: received Vendor ID payload [Dead Peer Detection]
"aaa" #8: received Vendor ID payload [RFC 3947] method set to=115
"aaa" #8: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
"aaa" #8: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
"aaa" #8: STATE_MAIN_I2: sent MI2, expecting MR2
"aaa" #8: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected
"aaa" #8: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
"aaa" #8: STATE_MAIN_I3: sent MI3, expecting MR3
"aaa" #8: received Vendor ID payload [CAN-IKEv2]
"aaa" #8: Main mode peer ID is ID_IPV4_ADDR: '192.168.20.167'
"aaa" #8: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
"aaa" #8: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp1024}
"aaa" #5: received Delete SA payload: deleting ISAKMP State #5
"aaa" #5: deleting state #5 (STATE_MAIN_I4)
packet from 192.168.20.167:500: received and ignored informational message
"aaa" #8: received Delete SA(0x076a5c74) payload: deleting IPSEC State #6
"aaa" #8: deleting state #6 (STATE_QUICK_I2)
| 02 04 00 03 0b 00 00 00 2a 00 00 00 f8 2a 00 00
| 03 00 01 00 07 6a 5c 74 00 01 00 00 00 00 00 00
| 00 00 00 00 00 00 00 00 03 00 05 00 00 00 00 00
| 02 00 00 00 c0 a8 14 df 00 00 00 00 00 00 00 00
| 03 00 06 00 00 00 00 00 02 00 00 00 c0 a8 14 a7
| 00 00 00 00 00 00 00 00
"aaa" #8: received and ignored informational message
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@missionceo