Test Information

TitleEncryption of ISAKMP payload ***
CommandLine./SGW/SG_I_RFC2409_5_5_1.seq -pkt ./SGW/SG_I_RFC2409_5_5_1.def test_phase=2 test_type=BASIC -log 67.html -ti Encryption of ISAKMP payload ***
TestVersionundefined
ToolVersionREL_3_0_8
Start2006/03/13 14:28:47
Tn/usr/local/v6eval//etc//tn.def
Nu/usr/local/v6eval//etc//nut.def
Pkt./SGW/SG_I_RFC2409_5_5_1.def
Systemfreebsd-i386
TargetNameFreeBSD 5.4-RELEASE
HostNametarget1.tahi.org
Typerouter

Test Sequence Execution Log

14:28:47Start

 *** Target IKE initialization phase ***
Target: Reset IKE SA entries: saddump
14:28:48 vRemote(ikeResetSA.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ikeResetSA.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1 saddump '' 
Connected

target1# 
target1# /usr/sbin/setkey -c <<EOD
dump;
flush;
EOD
? dump;
? flush;

? EOD
The result of line 1: No SAD entries.
target1# 
target1# sendMessagesSync: never got /usr/sbin/setkey -c <<EODdump;flush;EOD
echo $status
0
target1# kill -TERM `head -1 /var/run/racoon.pid`
head: /var/run/racoon.pid: No such file or directory

target1# 
target1# echo $status
1
target1# /bin/rm -f /var/run/racoon.pid

target1# 
target1# echo $status
0
~
[EOT]

Target: Clear SPD entries: spddump
14:28:54 vRemote(ipsecResetSPD.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ipsecResetSPD.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1 spddump '' 
Connected

target1# 
target1# /usr/sbin/setkey -c <<EOD
spddump;
spdflu? spddump;
sh;
EOD

? spdflush;
EOD

? EOD
The result of line 1: No SPD entries.
target1# 
target1# sendMessagesSync: never got /usr/sbin/setkey -c <<EODspddump;spdflush;EOD
echo $status
0
~
[EOT]

Target: Set SPD entries: src=3ffe:501:ffff:100::/64 dst=3ffe:501:ffff:104::/64 tsrc=3ffe:501:ffff:102::1 tdst=3ffe:501:ffff:103::11 upperspec=any direction=out protocol=PROTO_IPSEC_ESP mode=Tunnel
14:29:01 vRemote(ipsecSetSPD.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ipsecSetSPD.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1 src=3ffe:501:ffff:100::/64 dst=3ffe:501:ffff:104::/64 tsrc=3ffe:501:ffff:102::1 tdst=3ffe:501:ffff:103::11 upperspec=any direction=out protocol=PROTO_IPSEC_ESP mode=Tunnel '' 
Connected

target1# 
target1# /usr/sbin/setkey -c <<EOD
spdadd 3ffe:501:ffff:100::/64 3ffe:501:ffff:104::/64
       any
       -P out ipsec
       esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require
;
spddump;
EOD

? spdadd 3ffe:501:ffff:100::/64 3ffe:501:ffff:104::/64
       any
       -P out ipsec
       esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require
;
spddump;
EOD

?        any
?        -P out ipsec
?        esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require
? ;
? spddump;
? EOD
3ffe:501:ffff:100::/64[any] 3ffe:501:ffff:104::/64[any] any
        out ipsec
        esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require
        created: Mar 13 14:35:39 2006  lastused: Mar 13 14:35:39 2006
        lifetime: 0(s) validtime: 0(s)
        spid=17205 seq=0 pid=1298
        refcnt=1
target1# 
target1# sendMessagesSync: never got /usr/sbin/setkey -c <<EODspdadd 3ffe:501:ffff:100::/64 3ffe:501:ffff:104::/64       any       -P out ipsec       esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require;spddump;EOD
echo $status
0
~
[EOT]

Target: Set IKE SA entries: dst=3ffe:501:ffff:103::11 dst_port=500 exchange_mode=main doi=ipsec_doi situation=identity_only isakmp_src_id_type=address isakmp_src_id=3ffe:501:ffff:102::1 dh_group=2 lifetime=28800 lifetime_unit=seconds encryption_algorithm=3des hash_algorithm=sha1 authentication_method=pre_shared_key key_id=3ffe:501:ffff:103::11 key_value=0x494b452d54455354 ph2_id_type=address ph2_src_id=3ffe:501:ffff:100::/64 ph2_dst_id=3ffe:501:ffff:104::/64 ph2_src_upper=any ph2_dst_upper=any ipsec_p_num=1 ipsec_p1_t_num=1 ph2_p1_t1_lt=8 ph2_p1_t1_lt_unit=hour ph2_p1_t1_enc_alg=ESP_3DES ph2_p1_t1_auth_mtd=HMAC_SHA
14:29:07 vRemote(ikeSetSA.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ikeSetSA.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1 dst=3ffe:501:ffff:103::11 dst_port=500 exchange_mode=main doi=ipsec_doi situation=identity_only isakmp_src_id_type=address isakmp_src_id=3ffe:501:ffff:102::1 dh_group=2 lifetime=28800 lifetime_unit=seconds encryption_algorithm=3des hash_algorithm=sha1 authentication_method=pre_shared_key key_id=3ffe:501:ffff:103::11 key_value=0x494b452d54455354 ph2_id_type=address ph2_src_id=3ffe:501:ffff:100::/64 ph2_dst_id=3ffe:501:ffff:104::/64 ph2_src_upper=any ph2_dst_upper=any ipsec_p_num=1 ipsec_p1_t_num=1 ph2_p1_t1_lt=8 ph2_p1_t1_lt_unit=hour ph2_p1_t1_enc_alg=ESP_3DES ph2_p1_t1_auth_mtd=HMAC_SHA '' 
Connected

target1# 
target1# ~[set] echocheck

target1# 
target1# ~[put] freebsd-i386.psk.txt /tmp/psk.txt
Dtarget1# 
target1# 
target1# /bin/chmod 600 /tmp/psk.txt
target1# echo $status
0
target1# ~[set] echocheck

target1# 
target1# ~[put] freebsd-i386.ike.conf /tmp/ike.conf
Dtarget1# 
target1# 
target1# test -f /var/run/racoon.pid &&kill -TERM `head -1 /var/run/racoon.pid`

target1# 
target1# echo $status
1
target1# /usr/local/sbin/racoon -f /tmp/ike.conf

target1# 
target1# echo $status
0
~
[EOT]
14:29:21 vRemote(ikeEnable.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ikeEnable.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1 '' 






*** Target initialization phase ***




14:29:22Start Capturing Packets (Link0)





14:29:22Start Capturing Packets (Link1)





14:29:22Clear Captured Packets (Link0)





14:29:22Clear Captured Packets (Link1)







14:29:22
vSend(Link1,echo_request_send_net0host1_net4host2)


Send Echo Request from Host-1(TN) to Host-2(TN) via SGW1(NUT)








*** Target pre-test seaquence ***




14:29:22Clear Captured Packets (Link0)







*** Phase-1 1st message recv ***





14:29:22
vRecv(Link0,isakmp_phase1_recv router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:10 cntLimit:0 seektime:0


Receive Neighbor Solicitation from SGW1(NUT)











14:29:27
vSend(Link0,router_na)


Send Neighbor Advertisement(TN)






14:29:28
vRecv(Link0,isakmp_phase1_recv router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:10 cntLimit:0 seektime:0


Recv 1st message from HOST1(NUT)











OK payload_check
*** Phase-1 2nd message send ***




14:29:32Clear Captured Packets (Link0)







14:29:32
vSend(Link0,isakmp_phase1_send_2nd)


Send 2nd message from HOST2(TN)








*** Phase-1 3rd message recv ***





14:29:33
vRecv(Link0,isakmp_phase1_recv_3rd router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:5 cntLimit:0 seektime:0


Recv 3rd message from HOST1(NUT)











OK payload_check
*** Phase-1 4th message send ***




14:29:33Clear Captured Packets (Link0)







14:29:34
vSend(Link0,isakmp_phase1_send_4th)


Send 4th message from HOST2(TN)








*** Phase-1 5th message recv ***





14:29:34
vRecv(Link0,isakmp_phase1_recv_5th router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:5 cntLimit:0 seektime:0


Recv 5th message from HOST1(NUT)











OK payload_check
*** Phase-1 6th message send ***




14:29:34Clear Captured Packets (Link0)







14:29:34
vSend(Link0,isakmp_phase1_send_6th)


Send 6th message from HOST2(TN)








*** Target testing phase start ***
*** Phase-2 1st message recv ***





14:29:35
vRecv(Link0,isakmp_phase2_recv router_ns_multi router_ns_uni_link1 router_ns_uni_tll_sll_link1 router_ns_multi_llt_link1 router_ns_uni_sll router_ns_uni router_ns_multi_llt router_ns_uni_sll_link1 router_ns_multi_link1 router_ns_uni_tll_sll) timeout:5 cntLimit:0 seektime:0


recv unexpect packet at 14:29:35



Recv Phase-2 1st message (HDR*, HASH(1), SA, Ni, *, *) from HOST1(NUT)











OK payload_check
Encryption of ISAKMP Payload  is correct
*** Target test finish ***




14:29:36Stop Capturing Packets (Link1)





14:29:36Stop Capturing Packets (Link0)







Target: Reset IKE SA entries: saddump



14:29:36

vRemote(ikeResetSA.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ikeResetSA.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1  saddump ''

Connected

target1# 
target1# /usr/sbin/setkey -c <<EOD
dump;
flush;
E? dump;
? flush;
OD

? EOD
3ffe:501:ffff:103::11 3ffe:501:ffff:102::1 
        esp mode=tunnel spi=61717462(0x03adbbd6) reqid=0(0x00000000)
        seq=0x00000000 replay=0 flags=0x00000000 state=larval 
        sadb_seq=0 pid=1305 refcnt=1

target1# 
target1# sendMessagesSync: never got /usr/sbin/setkey -c <<EODdump;flush;EOD
echo $status
0
target1# kill -TERM `head -1 /var/run/racoon.pid`

target1# 
target1# echo $status
0
target1# /bin/rm -f /var/run/racoon.pid

target1# 
target1# echo $status
0
~
[EOT]







Target: Clear SPD entries: spddump



14:29:43

vRemote(ipsecResetSPD.rmt) ``/usr/local/v6eval//bin/freebsd-i386//ipsecResetSPD.rmt -t freebsd-i386 -u root -p v6eval -d cuad0 -o 1  spddump ''

Connected

target1# 
target1# /usr/sbin/setkey -c <<EOD
spddump;
spdfl? spddump;
ush;
EOD

? spdflush;
EOD

? EOD
3ffe:501:ffff:100::/64[any] 3ffe:501:ffff:104::/64[any] any
        out ipsec
        esp/tunnel/3ffe:501:ffff:102::1-3ffe:501:ffff:103::11/require
        created: Mar 13 14:35:39 2006  lastused: Mar 13 14:35:59 2006
        lifetime: 0(s) validtime: 0(s)
        spid=17205 seq=0 pid=1308
        refcnt=1
target1# 
target1# sendMessagesSync: never got /usr/sbin/setkey -c <<EODspddump;spdflush;EOD
echo $status
0
~target1#
[EOT]







OK




14:29:49End




Packet Reverse Log