Jul

stoke – take 0.1

Posted by: cristina_crow in technical

Add Comment

Remote-Access cu auth de EAP-TLS in freeradius.

Deocamdata nu merge (see below)

Dar sunt abia la inceput.

context ipsec1

domain save

aaa profile

user authentication local

session authentication radius

service authorization local

exit

session name session1

ip address pool

exit

radius session authentication profile

retry 2

server 10.205.17.70 port 1812 key test

exit

ip pool 95.95.0.2 1024

ip pool 95.95.8.1 1024

ip pool 95.95.12.1 1024

ip pool 95.95.16.1 1024

interface untrust1

arp arpa

ip address 170.2.0.5/24

exit

interface trust1

arp arpa

ip address 171.253.253.5/24

exit

interface session1 session loopback

ip session-default

ip address 95.95.0.1/32

exit

interface Mngmt management

arp arpa

ip source-address context-default

ip address 10.205.17.238/24

exit

ip route 61.211.0.0/16 171.253.253.2

ip route 46.0.0.0/8 170.2.0.2

ip route 1.0.0.0/8 170.2.0.2

ip route 10.205.0.0/16 10.205.17.3

ip access-list intresting1

2 permit ip any any

exit

ipsec policy ikev2 phase1 name ph1_1

custom

gw-authentication certificate name SSX password encrypted 241C0E1F00563313

peer-authentication eap

hard-lifetime 36000 secs

soft-lifetime 360 secs

encryption triple-des

hash md5

d-h group2

prf md5

exit

ipsec policy ikev2 phase2 name ph2_1

custom

hard-lifetime 36000 secs

soft-lifetime 300 secs

encryption triple-des

hash md5

pfs group5

exit

Iar debug-ul ma injura:

Stoke[ipsec1]#Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_RCVD: 46.11.0.1[500] -> 170.2.0.5[500] :LEN: 272

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: 00000000:170.2.0.5[500] – 46.11.0.1[500]:0:Received payloads : SA:KE:NONCE:

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Sending payloads : SA:KE:NONCE:

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_SEND-0xfc1012cd: 170.2.0.5[500] -> 46.11.0.1[500] :LEN: 272

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_RCVD: 46.11.0.1[500] -> 170.2.0.5[500] :LEN: 256

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received payloads : ENCRYPTED

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received payloads : ENCRYPTED:ID_I:SA:TS_I:TS_R:CERTREQ:CONFIG:NOTIFY[ESP_TFC_PADDING_NOT_SUPPORTED]:

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received TSi[0] : 0.0.0.0-255.255.255.255[0-65535][0]

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received TSr[0] : 61.0.0.0-61.255.255.255[0-65535][0]

Jul 27 13:47:02 [4] DEBUG Iked-RX_CFG_INTERNAL_ADDR-2-0xfc1012cd: 46.11.0.1[500] -> 170.2.0.5[500]. SPI :: 9ae66e9d64206214:2aa1f2746bee449c. Addr :: 0.0.0.0

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Sending payloads : ID_R:AUTH:EAP:

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_SEND-0xfc1012cd: 170.2.0.5[500] -> 46.11.0.1[500] :LEN: 128

Jul 27 13:47:02 [0] DEBUG Aaad-RCV_IPC_MSG: Received aaa_general_cmd IPC-msg

Jul 27 13:47:02 [0] DEBUG Aaad-PROC_MSG-0xfc1012cd: Processing aaa_general_cmd msg from module Iked

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_RCVD: 46.11.0.1[500] -> 170.2.0.5[500] :LEN: 96

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received payloads : ENCRYPTED

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received payloads : ENCRYPTED:NOTIFY[AUTHENTICATION_FAILED]:

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:47e32ee8:unexpected critical payload (type 41)

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Sending payloads : NOTIFY[INVALID_SYNTAX]:

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_SEND-0xfc1012cd: 170.2.0.5[500] -> 46.11.0.1[500] :LEN: 96

Jul 27 13:47:02 [4] DEBUG Iked-IKE_SA_DELETE_MSG_SEND-0xfc1012cd: 170.2.0.5[500] -> 46.11.0.1[500] :IKE-SA-SPI: 9ae66e9d64206214:2aa1f2746bee449c

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Sending payloads : DELETE[IKE]:

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_SEND-0xfc1012cd: 170.2.0.5[500] -> 46.11.0.1[500] :LEN: 96

Jul 27 13:47:02 [4] DEBUG Iked-AAAD_SESSION_DOWN_SEND-0xfc1012cd: fc1012cd

Jul 27 13:47:02 [4] DEBUG Iked-AAAD_GENERAL_CMD_SEND-0xfc1012cd: cmd_type: AAA_GENERAL_CMD_TYPE_SESSION_DOWN :term_ec: AAAD_TERM_EC_TUNL_SETUP_FAILED

Jul 27 13:47:02 [4] DEBUG Iked-AAAD_GENERAL_CMD_RCVD-0xfc1012cd: cmd_type: AAA_GENERAL_CMD_TYPE_SESSION_DOWN_COMPLETE :term_ec: AAAD_TERM_EC_INVALID

Jul 27 13:47:02 [4] DEBUG Iked-SESSION_DELETED-0xfc1012cd: Remote-TEP: :Port: 0 :Local-TEP: :Port: 0 :Username: session1@ipsec1 :Subscriber-IP: :AAAD_EC: AAAD_TERM_EC_INVALID :IKED_EC: INVALID_SYNTAX

Jul 27 13:47:07 [4] DEBUG Iked-SESS_MGMT-0xfc1012cd: IKED_FREE_SESSION

Stoke[ipsec1]#Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_RCVD: 46.11.0.1[500] -> 170.2.0.5[500] :LEN: 272

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: 00000000:170.2.0.5[500] – 46.11.0.1[500]:0:Received payloads : SA:KE:NONCE:

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Sending payloads : SA:KE:NONCE:

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_SEND-0xfc1012cd: 170.2.0.5[500] -> 46.11.0.1[500] :LEN: 272

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_RCVD: 46.11.0.1[500] -> 170.2.0.5[500] :LEN: 256

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received payloads : ENCRYPTED

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received payloads : ENCRYPTED:ID_I:SA:TS_I:TS_R:CERTREQ:CONFIG:NOTIFY[ESP_TFC_PADDING_NOT_SUPPORTED]:

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received TSi[0] : 0.0.0.0-255.255.255.255[0-65535][0]

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received TSr[0] : 61.0.0.0-61.255.255.255[0-65535][0]

Jul 27 13:47:02 [4] DEBUG Iked-RX_CFG_INTERNAL_ADDR-2-0xfc1012cd: 46.11.0.1[500] -> 170.2.0.5[500]. SPI :: 9ae66e9d64206214:2aa1f2746bee449c. Addr :: 0.0.0.0

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Sending payloads : ID_R:AUTH:EAP:

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_SEND-0xfc1012cd: 170.2.0.5[500] -> 46.11.0.1[500] :LEN: 128

Jul 27 13:47:02 [0] DEBUG Aaad-RCV_IPC_MSG: Received aaa_general_cmd IPC-msg

Jul 27 13:47:02 [0] DEBUG Aaad-PROC_MSG-0xfc1012cd: Processing aaa_general_cmd msg from module Iked

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_RCVD: 46.11.0.1[500] -> 170.2.0.5[500] :LEN: 96

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received payloads : ENCRYPTED

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Received payloads : ENCRYPTED:NOTIFY[AUTHENTICATION_FAILED]:

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:47e32ee8:unexpected critical payload (type 41)

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Sending payloads : NOTIFY[INVALID_SYNTAX]:

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_SEND-0xfc1012cd: 170.2.0.5[500] -> 46.11.0.1[500] :LEN: 96

Jul 27 13:47:02 [4] DEBUG Iked-IKE_SA_DELETE_MSG_SEND-0xfc1012cd: 170.2.0.5[500] -> 46.11.0.1[500] :IKE-SA-SPI: 9ae66e9d64206214:2aa1f2746bee449c

Jul 27 13:47:02 [4] DEBUG Iked-DETAIL: fc1012cd:170.2.0.5[500] – 46.11.0.1[500]:0:Sending payloads : DELETE[IKE]:

Jul 27 13:47:02 [4] DEBUG Iked-IKE_PKT_SEND-0xfc1012cd: 170.2.0.5[500] -> 46.11.0.1[500] :LEN: 96

Jul 27 13:47:02 [4] DEBUG Iked-AAAD_SESSION_DOWN_SEND-0xfc1012cd: fc1012cd

Jul 27 13:47:02 [4] DEBUG Iked-AAAD_GENERAL_CMD_SEND-0xfc1012cd: cmd_type: AAA_GENERAL_CMD_TYPE_SESSION_DOWN :term_ec: AAAD_TERM_EC_TUNL_SETUP_FAILED

Jul 27 13:47:02 [4] DEBUG Iked-AAAD_GENERAL_CMD_RCVD-0xfc1012cd: cmd_type: AAA_GENERAL_CMD_TYPE_SESSION_DOWN_COMPLETE :term_ec: AAAD_TERM_EC_INVALID

Jul 27 13:47:02 [4] DEBUG Iked-SESSION_DELETED-0xfc1012cd: Remote-TEP: :Port: 0 :Local-TEP: :Port: 0 :Username: session1@ipsec1 :Subscriber-IP: :AAAD_EC: AAAD_TERM_EC_INVALID :IKED_EC: INVALID_SYNTAX

Jul 27 13:47:07 [4] DEBUG Iked-SESS_MGMT-0xfc1012cd: IKED_FREE_SESSION

Tags: draci, passion

This entry was posted on Monday, July 27th, 2009 at 2:04 pm and is filed under technical. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

New ideas could be profitable.

Windancer – Stairway to …Heaven?

stoke – take 0.1

Leave a reply

Tags

Recent Comments

July 2009
M	T	W	T	F	S	S
« Jun				Aug »
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31