These pages are out of date and presented here for historical purposes only.

Please follow this link for the current pages.

Isakmpd -L example

Here is an example of a session with a connection from a PGPnet client to an OpenBSD gateway. As you can see, there is lots and lots of valuable information to see what actually goes on between the peers. This is a really useful output to include if you're asking if people can help you troubleshoot a problem.

root@tuvok:allard# tcpdump -avs 1440 -r /var/run/isakmpd.pcap

16:48:38.065170 10.10.10.4.isakmp > 10.10.10.1.isakmp: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 5e61ae2951f393df->0000000000000000 msgid: 00000000 len: 156
payload: SA len: 92 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 80 proposal: 1 proto: ISAKMP spisz: 0 xforms: 2
payload: TRANSFORM len: 36
transform: 1 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = CAST_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_1536
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 000151ffffff80
payload: TRANSFORM len: 36
transform: 2 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 000151ffffff80
payload: VENDOR len: 16
payload: VENDOR len: 20 [ttl 0] (id 1)

16:48:38.065790 10.10.10.1.isakmp > 10.10.10.4.isakmp: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 5e61ae2951f393df->00fdd9aab67d60c2 msgid: 00000000 len: 84
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 44 proposal: 1 proto: ISAKMP spisz: 0 xforms: 1
payload: TRANSFORM len: 36
transform: 2 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = 3DES_CBC
attribute HASH_ALGORITHM = MD5
attribute AUTHENTICATION_METHOD = PRE_SHARED
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 000151ffffff80 [ttl 0] (id 1)

16:48:40.710345 10.10.10.4.isakmp > 10.10.10.1.isakmp: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 5e61ae2951f393df->00fdd9aab67d60c2 msgid: 00000000 len: 196
payload: KEY_EXCH len: 132
payload: NONCE len: 36 [ttl 0] (id 1)

16:48:40.780043 10.10.10.1.isakmp > 10.10.10.4.isakmp: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 5e61ae2951f393df->00fdd9aab67d60c2 msgid: 00000000 len: 196
payload: KEY_EXCH len: 132
payload: NONCE len: 36 [ttl 0] (id 1)

16:48:43.265972 10.10.10.4.isakmp > 10.10.10.1.isakmp: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 5e61ae2951f393df->00fdd9aab67d60c2 msgid: 00000000 len: 76
payload: ID len: 12 type: IPV4_ADDR = 10.10.10.4
payload: HASH len: 20
payload: NOTIFICATION len: 12
notification: INITIAL CONTACT (0000000096b3350e->01e8415841f554ba) [ttl 0] (id 1)

16:48:43.266182 10.10.10.1.isakmp > 10.10.10.4.isakmp: [udp sum ok] isakmp v1.0 exchange ID_PROT
cookie: 5e61ae2951f393df->00fdd9aab67d60c2 msgid: 00000000 len: 88
payload: ID len: 12 type: IPV4_ADDR = 10.10.10.1
payload: HASH len: 20
payload: NOTIFICATION len: 28
notification: INITIAL CONTACT (5e61ae2951f393df->00fdd9aab67d60c2) [ttl 0] (id 1)

16:48:47.266035 10.10.10.4.isakmp > 10.10.10.1.isakmp: [udp sum ok] isakmp v1.0 exchange QUICK_MODE
cookie: 5e61ae2951f393df->00fdd9aab67d60c2 msgid: f933fe85 len: 204
payload: HASH len: 20
payload: SA len: 120 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 36 proposal: 1 proto: IPSEC_ESP spisz: 4 xforms: 1 SPI: 0x2ada4444
payload: TRANSFORM len: 24
transform: 1 ID: CAST
attribute ENCAPSULATION_MODE = TRANSPORT
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: PROPOSAL len: 36 proposal: 2 proto: IPSEC_ESP spisz: 4 xforms: 1 SPI: 0x454894b0
payload: TRANSFORM len: 24
transform: 1 ID: CAST
attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
attribute ENCAPSULATION_MODE = TRANSPORT
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: PROPOSAL len: 36 proposal: 3 proto: IPSEC_ESP spisz: 4 xforms: 1 SPI: 0x635d2cd9
payload: TRANSFORM len: 24
transform: 1 ID: 3DES
attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
attribute ENCAPSULATION_MODE = TRANSPORT
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: NONCE len: 36 [ttl 0] (id 1)

16:48:47.267001 10.10.10.1.isakmp > 10.10.10.4.isakmp: [udp sum ok] isakmp v1.0 exchange QUICK_MODE
cookie: 5e61ae2951f393df->00fdd9aab67d60c2 msgid: f933fe85 len: 132
payload: HASH len: 20
payload: SA len: 48 DOI: 1(IPSEC) situation: IDENTITY_ONLY
payload: PROPOSAL len: 36 proposal: 1 proto: IPSEC_ESP spisz: 4 xforms: 1 SPI: 0x9ef1dcb5
payload: TRANSFORM len: 24
transform: 1 ID: CAST
attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
attribute ENCAPSULATION_MODE = TRANSPORT
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 28800
payload: NONCE len: 36 [ttl 0] (id 1)

16:48:47.970944 10.10.10.4.isakmp > 10.10.10.1.isakmp: [udp sum ok] isakmp v1.0 exchange QUICK_MODE
cookie: 5e61ae2951f393df->00fdd9aab67d60c2 msgid: f933fe85 len: 52
payload: HASH len: 20 [ttl 0] (id 1)