MC's journal

Setting Orange, the 20 day of Chaos in the YOLD 3178

OE IPsec part 3

At least some progress to report in my IPsec project. See below for output of racoon in a rather verbose debug mode.

Seen here, racoon gets an FQDN from the peer, queries DNS for its IPSECKEY, parses the IPSECKEY reply, loads the RSA public key into the key list and then fails miserable in trying to find it. It fails because I haven't added the IP addresses to the key item. The addresses are not readily available in the function where I add the key. Still, it's progress. 

ipsec1# ./racoon -F -f /usr/local/etc/racoon/racoon.conf
Foreground mode.
2012-01-20 13:22:24: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net)
2012-01-20 13:22:24: INFO: @(#)This product linked OpenSSL 0.9.8q 2 Dec 2010 (http://www.openssl.org/)
2012-01-20 13:22:24: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf"
2012-01-20 13:22:24: INFO: 2001:16d8:ffff:1::3[500] used as isakmp port (fd=6)
2012-01-20 13:22:24: INFO: fe80:1::5054:ff:fe12:3456[500] used as isakmp port (fd=7)
2012-01-20 13:22:24: INFO: 10.0.0.23[500] used as isakmp port (fd=8)
2012-01-20 13:22:24: INFO: 127.0.0.1[500] used as isakmp port (fd=9)
2012-01-20 13:22:24: INFO: ::1[500] used as isakmp port (fd=10)
2012-01-20 13:22:24: INFO: fe80:3::1[500] used as isakmp port (fd=11)
2012-01-20 13:22:33: INFO: respond new phase 1 negotiation: 2001:16d8:ffff:1::3[500]<=>2001:16d8:ffff:1::4[500]
2012-01-20 13:22:33: INFO: begin Identity Protection mode.
Querying for IPSECKEY for ipsec2.hack.org.
0000000 0a 00 01 01 03 ba f7 3b 96 c3 d7 97 e7 dc 67 66 
0000010 3c d2 37 e3 7d 0d 47 05 22 6d 21 b5 bd 97 44 b4 
0000020 e1 2d a5 59 0b 5b 91 54 9c 16 d9 29 1e 2e b9 49 
0000030 ba 2a 3a 89 9a a1 dd 64 b6 39 f1 d8 72 7f 33 13 
0000040 41 f4 a1 59 da 1b 9f f7 f2 e9 bf e8 b5 4d ff 2b 
0000050 0e 59 7b 7c 14 f5 30 57 83 d5 ca 39 49 25 80 b5 
0000060 e4 d4 76 fa 1e a4 35 b4 79 67 c5 cf cf 42 31 be 
0000070 d6 0e d8 17 ac e3 8c 6a db 62 f4 f7 3f dc 5e 8a 
0000080 20 fe 05 bc 0f 34 66 41 26 7e 3a b5 03 3f 1d c6 
0000090 ed e8 f6 a5 ff cf f3 c4 cf 73 10 e1 ca 97 d7 24 
00000a0 28 1c f0 83 11 68 3a 46 2a c2 de 93 30 d6 54 e5 
00000b0 cf 43 93 48 88 92 b0 7c 0e 16 32 ea 61 b3 80 71 
00000c0 b8 b8 ac 60 93 d2 e9 30 a5 d3 97 46 2a 54 ae 43 
00000d0 8c da 43 8b b1 30 cd 6a 5f 54 6f 2d 13 fc b6 90 
00000e0 9f 68 db 09 cc 08 60 72 2a 91 6c fd af 9e f7 9c 
00000f0 c9 71 c2 eb 26 82 b9 20 f4 2c 3c f5 cf 6b 8b 5d 
0000100 24 01 bb 1a c5 e4 5f b2 53 27 32 a9 9b 7b 42 f0 
0000110 4d d7 73 e4 e6 3c 39 7b 66 02 b0 cc cf c9 d1 70 
0000120 e9 e6 55 01 ca c9 a2 5f 63 4e be 96 c4 1f d9 dd 
0000130 3d 1c 03 3f 43 da 70 40 84 27 fc 1f fe e4 7c 6a 
0000140 9c 8a f6 3c 77 ed 9f b8 d9 77 8f ef 09 eb c1 36 
0000150 bf b9 ed 25 06 6e fc 38 db ec ab 3a a6 31 02 1c 
0000160 44 b5 2a 44 30 c0 bf 88 08 a4 21 a6 a0 91 4b 67 
0000170 b2 b5 d8 01 5c 90 a3 bc f1 90 62 a6 d1 29 cb 82 
0000180 8f bc 0c b7 11 82 78 38 50 c2 ad 3b 58 c5 44 ff 
0000190 4f 6e db 1a 38 de 46 21 d1 de 90 45 f8 b4 12 65 
00001a0 05 58 99 3c 73 b5 18 51 33 9d f8 10 48 8a 29 ed 
00001b0 92 e5 02 65 75 80 88 fc 65 91 41 13 95 6b a2 e6 
00001c0 88 e6 ba f3 98 aa 92 03 4e 35 03 f2 12 cc 60 c1 
00001d0 ef 96 39 cf 73 b3 9e b9 5b 89 c8 27 8a 4e 74 be 
00001e0 e5 f1 e1 b1 97 42 60 bb 25 c2 8d 4d 2d cd b0 cb 
00001f0 3a 8f 6b d2 42 13 9f 9f 71 84 bc 84 52 12 2e bb 
0000200 80 51 11 6f 2b 
About to parse binary RSA key.
rdlength = 514
0000000 01 03 ba f7 3b 96 c3 d7 97 e7 dc 67 66 3c d2 37 
0000010 e3 7d 0d 47 05 22 6d 21 b5 bd 97 44 b4 e1 2d a5 
0000020 59 0b 5b 91 54 9c 16 d9 29 1e 2e b9 49 ba 2a 3a 
0000030 89 9a a1 dd 64 b6 39 f1 d8 72 7f 33 13 41 f4 a1 
0000040 59 da 1b 9f f7 f2 e9 bf e8 b5 4d ff 2b 0e 59 7b 
0000050 7c 14 f5 30 57 83 d5 ca 39 49 25 80 b5 e4 d4 76 
0000060 fa 1e a4 35 b4 79 67 c5 cf cf 42 31 be d6 0e d8 
0000070 17 ac e3 8c 6a db 62 f4 f7 3f dc 5e 8a 20 fe 05 
0000080 bc 0f 34 66 41 26 7e 3a b5 03 3f 1d c6 ed e8 f6 
0000090 a5 ff cf f3 c4 cf 73 10 e1 ca 97 d7 24 28 1c f0 
00000a0 83 11 68 3a 46 2a c2 de 93 30 d6 54 e5 cf 43 93 
00000b0 48 88 92 b0 7c 0e 16 32 ea 61 b3 80 71 b8 b8 ac 
00000c0 60 93 d2 e9 30 a5 d3 97 46 2a 54 ae 43 8c da 43 
00000d0 8b b1 30 cd 6a 5f 54 6f 2d 13 fc b6 90 9f 68 db 
00000e0 09 cc 08 60 72 2a 91 6c fd af 9e f7 9c c9 71 c2 
00000f0 eb 26 82 b9 20 f4 2c 3c f5 cf 6b 8b 5d 24 01 bb 
0000100 1a c5 e4 5f b2 53 27 32 a9 9b 7b 42 f0 4d d7 73 
0000110 e4 e6 3c 39 7b 66 02 b0 cc cf c9 d1 70 e9 e6 55 
0000120 01 ca c9 a2 5f 63 4e be 96 c4 1f d9 dd 3d 1c 03 
0000130 3f 43 da 70 40 84 27 fc 1f fe e4 7c 6a 9c 8a f6 
0000140 3c 77 ed 9f b8 d9 77 8f ef 09 eb c1 36 bf b9 ed 
0000150 25 06 6e fc 38 db ec ab 3a a6 31 02 1c 44 b5 2a 
0000160 44 30 c0 bf 88 08 a4 21 a6 a0 91 4b 67 b2 b5 d8 
0000170 01 5c 90 a3 bc f1 90 62 a6 d1 29 cb 82 8f bc 0c 
0000180 b7 11 82 78 38 50 c2 ad 3b 58 c5 44 ff 4f 6e db 
0000190 1a 38 de 46 21 d1 de 90 45 f8 b4 12 65 05 58 99 
00001a0 3c 73 b5 18 51 33 9d f8 10 48 8a 29 ed 92 e5 02 
00001b0 65 75 80 88 fc 65 91 41 13 95 6b a2 e6 88 e6 ba 
00001c0 f3 98 aa 92 03 4e 35 03 f2 12 cc 60 c1 ef 96 39 
00001d0 cf 73 b3 9e b9 5b 89 c8 27 8a 4e 74 be e5 f1 e1 
00001e0 b1 97 42 60 bb 25 c2 8d 4d 2d cd b0 cb 3a 8f 6b 
00001f0 d2 42 13 9f 9f 71 84 bc 84 52 12 2e bb 80 51 11 
0000200 6f 2b 
2012-01-20 13:22:33: ERROR: Public RSA key not found for 2001:16d8:ffff:1::3[500] <-> 2001:16d8:ffff:1::4[500]
Written by MC using Emacs and friends.