xref: /netgear-R7000-V1.0.7.12_1.2.5/src/router/iputils/racoon/doc/helsinki-result.jp

Mon Aug 13 2001 - Fri Aug 17 2001
$KAME: helsinki-result.jp,v 1.49 2001/08/17 14:33:48 sakane Exp $


generic
	sec* interface($B<u$1B&$@$1$@$1$I$M(B)$B$O$&$^$/F0$/!#$I$N(BSPD entry$B$H(B
	$B$I$N%$%s%?%U%'!<%9$,4XO"$E$$$F$$$k$N$+CN$k<jCJ$,I,MW(B(PF_KEY
	API$B$^$?JQ99(B?)$B!#$H$3$m$G!"(Btunnel/transport$B$O(BSPD entry$B$N(Bproperty$B$G$"$k$H(B
	$B==J,9g0U$5$l$F$$$k$+(B?

	tunnel mode$B$N(Bproposal$BHf3S!#(Bsee F-Secure

	phase 1$B$G$N(BAES/SHA2 support$BMW!#(B(AES$B$OF0:n3NG':Q(B)
	Q. $B0E9f2=$7$?7k2L$,(BIV$BD9$h$jC;$$>l9g$O!)$=$s$J$N$"$j$($J$$!)(B

	phase 1$B$G80D9$N%M%4$,$G$-$J$$!#(B($B$G$-$k!#4*0c$$$@$C$?(B)

	IPsec$B$G$N(BSHA2 support$B3NG'(B($BE:IU$9$k(Bbit$B?t(B)$B!#(B

	SSH$B<R$+$i(Btoolkit$B$rGc$C$F;H$C$F$$$k$H$3$m$,BgJQB?$$!#$J$s$+(BSSH$B<R$N(B
	$B$?$a$K(Bbakeoff$B$7$F$$$k$h$&$J5$$,$7$F$-$?!#$H$$$&$+!"(Bipsec$B<+BN(BSSH$B<R$N(B
	$BMx1W$N$?$a$N%W%m%H%3%k$8$c$J$$$+$H$$$&5$$9$i$7$F$/$k!#J#;($K$9$l$P(B
	$B$9$k$[$I(BSSH$B<R$OLY$+$k(B... (conspiracy theory)

	id payload$B$KBP$9$k(Bpolicy database$B8!:w$N8+D>$7!#(Bany$B$N>l9g(Bwildcard$B$@$H(B
	$B;W$C$F8!:w$9$Y$-!#(Bexactly right!!

	phase 2$B$G!"(Bipsec enc mode$B$,$D$$$F$$$J$+$C$?$H$-$N<h$j07$$(B
	(transport mode$B$H;W$C$F$h$$$N$G$O$J$$$+(B)$B!#(B($B=$@5:Q(B)

	$BD9$$(BKEYMAT$B$N7W;;$N$H$-!"I,MW80D9$N7W;;$K(Bbug$B$"$j(B ($B=$@5:Q(B)

	DH$B8x3+>pJs$O;vA0$K7W;;$7$H$/J}$,$$$$$+$b(B

	subjectAltName$B$H(BID payload$BHf3S$K$D$$$F$h$/9M$($J$$$H>ZL@=q$O;H$($J$$!#(B
	$B>ZL@=q$rAw$kA0$K!"$I$N(BID$B$r(BsubjectAltName$B$K;H$&$+7h$a$J$$$H$$$1$J$$$+$i!#(B

	ndp$B$r(Bbypass$B$5$;$k%U%i%0$+%]%j%7$,$"$C$?J}$,$$$$$+$b!#(B
	$B0l1~(Bipsec_setsocket(NULL)$B$O$7$F$$$k!#(Bip6_output()$B$K%U%i%0EO$9(B?
	$BH~$7$/$J$$(B... (itojun)


latest isakmpd on KAME
	Tue Aug 14 01:42:55 JST 2001
	isakmpd$B$N(Binterface selection$BIt$rD>$7$?$i(Bphase 1$B$O@.8y$7$?!#(B
	phase 2$B$,$&$^$/$$$+$J$$LOMM!#B?J,@_DjLdBj!#(B

35:36.982316 130.233.9.166:500 -> 130.233.9.165:500: isakmp 1.0 msgid 00000000: 
phase 1 ? ident[E]: [encrypted id]
2001-08-13 23:35:36: DEBUG: isakmp.c:402:isakmp_main(): malformed cookie receive
d or the spi expired.


USAGI linux
	Tue Aug 14 01:42:55 JST 2001
	$B$J$s$+:#$O$^$C$F$$$k$i$7$$!#(B

	Wed Aug 15 JST
	ESP 3des, des$B$N(Bmanual key$B$O@.8y(B

	Thu Aug 16 JST
	$B$H$j$"$($:(Bpluto$B$@$1F0$+$7$?!#(Bphase 2$B$O40N;$9$k$,7k2L$N80$,0c$&!#(B


Compaq Tru54 UNIX X5.1B-BL4
	Tue Aug 14 17:09:18 JST 2001
	IPv4, ESP, tunnel mode
	phase 1/2$B$H$b(B3DES + SHA1, group 2
	phase 1 lifetime = 10min, phase 2 lifetime = 5min

	IPv6, ESP + AH, transport tunnel mode
	phase 1/2$B$H$b(B3DES + SHA1, group 2
	phase 1 lifetime = 10min, phase 2 lifetime = 5min

	IPv6, IPComp + ESP + AH, transport mode
	phase 1/2$B$H$b(B3DES + SHA1 + defalte, group 2
	phase 1 lifetime = 10min, phase 2 lifetime = 5min

	initiator/responder$B$I$A$i$b$d$C$?!#(B

	Compaq$B$,(Binitiator$B$N>l9g$KLdBj$"$j!#(B
	Compaq$BB&$O(Bphase 2 lifetime$B$N(Bproposal$B:n$jItJ,$K(Bbug$B$,5o$k$h$&$G!"(B
	GUI$B$G(B5min$B$H8@$C$F$b(B10min$B$H8@$C$F$/$k(B(phase 1 lifetime$B$NCM$r(B
	$B%3%T!<$7$F$$$k(B?)$B!#(B

	chargen$BCf$N(Brekey$BEy$b;n$7$?!#LdBj$J$7!#(B

	IPv4 over IPv6/IPv6 over IPv4$B$d$m$&$H8@$o$l$?$,$G$-$:!#(Bsec* transition
	$B=*$o$C$?$i$d$l$k$+$J!#(B

	$BL@F|(B12:00 RSA signature mode$B$G:F@o(B
	$B$`$`!"(Bauthentication-failed$B$G<:GT!#$3$C$A$NLdBj$+!)(B

	Fitec$B$H8=>]$O0l=o!#(Bopenssl 0.9.6 $B$r;H$&$HLdBj$J$7!#(B
	openssl$B$N%P!<%8%g%s2<$2$A$c$C$?$N$G(B
	ipv6 address as subjectAltName $B$O=PMh$:!#(B


Sun
	Thu Aug 16 16:30 EEST 2001
	phase1: RSA signature, 3des, sha1, dh5
	phase2: ESP transport, aes 128, sha1, dh5

	$BLdBj$J$7(B

	Sun$B$O(B phase2$B$N(BAES$B$N80D9$r$D$1$F$J$+$C$?!#(Bdraft$B$K$h$k$H(Bmust$B!#(B
	racoon$BB&$,(Bdefault$B80D9$r%;%C%H$9$k$h$&$K$7$FBP1~!#(B


IBM AIX 5.1
	Tue Aug 14 17:33:43 JST 2001
	IPv6 test$B$7$h$&$H8@$o$l$k$b!"@hJ}$N%^%7%s(B($B1s3VCO(B)$B$K(Bglobal address$B$J$7!#(B

	Thu Aug 16 21:00 ESST 2001
	IPv6$B$@$1(B
	phase1 pre-shared-key, 3des, sha1, dh2
	phase2 esp transport, 3des, sha1, pfs2
	$B:G=i$N(B1$B2s$OLdBj$J$7!#(B
	phase2 SA$B$r>C$7$F:F%M%4$9$k$H(Bisakmpd$B$,$@$s$^$j$K$J$k!#(B
	ibm isakmpd $B$KLdBj$"$k$C$]$$!#(B

	san diego$B$G$d$C$?;~$O(B manual $B$@$C$?$+$J!)(B
		$B$=$&$G$9(B(itojun)

	prasad$B7/$O%$%s%I$K5"$C$F$k$N$GMh$J$$!#(B

F-Secure VPN+ 5.40
	Tue Aug 14 19:44:15 JST 2001
	IPv4, ESP, tunnel mode
	phase 1 3DES + SHA1, group 5, lifetime = 10min
	phase 2 AES + SHA1, group 5, lifetime = 2min

	IPv4, IPComp + ESP, transport mode
	phase 1 3DES + SHA1, group 5, lifetime = 10min
	phase 2 AES + SHA1 + deflate, group 5, lifetime = 2min

	$B$I$A$i$bLdBj$J$7!"(Brekey$B$b(BOK$B!#(B

	IPComp + ESP tunnel mode (IP ESP IPComp IP payload)$B$r$d$m$&$H$7$F(B
	ipcomp/tunnel//use esp/transport//use$B$H%]%j%7$r=q$$$?$i!"(B
	IKE phase 2$BE*$K(B
		$B8~$3$&(B: IPComp tunnel, ESP tunnel
		$B$3$C$A(B: IPComp tunnel, ESP transport
	$B$N(Bproposal$B$rHf3S$7$F!"(Bno proposal chosen$B$K$J$k!#$3$C$A$NLdBj(B
	(bundle$B$N<h$j07$$(B)

	$B$G$C$+$$(BDH group$B!"(Bphase 1 SHA2-256/AES$B$b$G$-$k$i$7$$!#8e$G$d$j$?$$!#(B
		(modp4096, phase 1 aes $B$O(Bok)

	Fri Aug 17 11:00 EEST 2001
	phase1: aggressive mode modp4096, aes, sha1, rsa signature
	phase2: pfs 5, esp tunnel, aes, hmac sha1

	aes for phase1 $B$b(BOK.
	f-secure$B$O(BsubjectAltName$B$K%"%I%l%9=q$+$J$$$H%Q%1%C%H$@$;$J$$!#(B
	invalid signature$B$G(Bf-secure$B$KE\$i$l$F<:GT!#860xITL@!#(B
		-> f-secure$B$O(BsubjectAltName$B$r(B1$B$D$7$+<u$1$D$1$J$$!#(B
		$B>ZL@=q$r:n$jD>$7$F@.8y!#(B

	DH$B8x3+>pJs$O;vA0$K7W;;$7$H$/J}$,$$$$$+$b(B

SecGo CryptoIP v3
	Tue Aug 14 21:41:36 JST 2001
	IPv4, ESP, transport mode
	phase 1 3DES + SHA1, group 5, lifetime = 10min
	phase 2 blowfish, group 5, lifetime = 2min

	phase 2 AES$B$b;n$=$&$H$7$?$,<:GT(B(SecGo$BB&$,(B12$B0J30$N(Balgorithm #$B$r(B
	$B;H$C$F$$$?(B or $B%3%s%Q%$%k$7$F$J$+$C$?(B)$B!#(Brekey$B$b$d$C$F$_$?!#(B

	phase 1 AES$B$b$G$-$k$i$7$$(B(SSH toolkit$B;HMQ(B)$B!#(B

	Wed Aug 15 00:16:35 JST 2001
	IPv4, ESP, transport mode
	phase 1 3DES + SHA1, lifetime = 10min
	phase 2 AES, lifetime = 2min

	tested rekey as well.

Oullim information technologies SECUREWORKS VPN gateway 3.0
	Tue Aug 14 21:48:36 JST 2001
	phase 2 AES/blowfish$B$O$I$&$@$M$H%J%s%Q$7$F$_$k$b!"(Bnot ready$B!#(B
	$BL@F|$+L@8eF|$M$H$N$3$H!#(B

	Wed Aug 15 17:15:09 JST 2001
	IPv4, ESP, tunnel mode
	phase 1 3DES + SHA1, group 2, lifetime = 10min
	phase 2 AES + SHA1, group 2, lifetime = 2min

	$B<:GT!#@hJ}$,(BAES$B$N$H$-$K(BESP ICV check$B$K<:GT$9$k!#(B

	IPv4, ESP, tunnel mode
	phase 1 3DES + SHA1, group 2, lifetime = 10min
	phase 2 AES + MD5, group 2, lifetime = 2min

	$B$*$J$8$/<:GT(B

	IPv4, ESP, tunnel mode
	phase 1 3DES + SHA1, group 2, lifetime = 10min
	phase 2 3DES + MD5, group 2, lifetime = 2min

	$B@.8y!#(B

	$B@hJ}$,$3$&$$$&$NEj$2$F$/$k$N$G!"$3$C$A$OE\$k(B(id payload$B$N=g=x$,(B
	$BIaDL$G$O$J$$(B)$B!#(B

>11:59.824877 130.233.10.30:500 -> 130.233.9.166:500: isakmp 1.0 msgid 75973360: phase 2/others ? oakley-quick:
>    (hash: len=20)
>    (sa: doi=ipsec situation=identity
>        (p: #1 protoid=ipsec-esp transform=1 spi=6fd60ca5
>            (t: #1 id=3des (type=lifetype value=sec)(type=life value=0078)(type=enc mode value=tunnel)(type=auth value=hmac-md5)(type=group desc value=modp1024))))
>    (nonce: n len=16)
>    (ke: key len=128)
>    (id: idtype=IPv4 protoid=0 port=0 len=4 130.233.9.166)
>    (id: idtype=IPv4net protoid=0 port=0 len=8 192.168.10.0/255.255.255.0)

	Wed Aug 15 18:39:11 JST 2001
	IPv4, ESP, tunnel mode
	phase 1 3DES + SHA1, group 2, lifetime = 10min
	phase 2 AES, group 2, lifetime = 2min

	IKE$BE*$K$OBg>fIW!#(BIPsec$BE*$K$^$@BLL\!#(B

	Wed Aug 15 19:09:05 JST 2001
	IPv4, ESP, tunnel mode
	phase 1 3DES + SHA1, group 2, lifetime = 10min
	phase 2 AES, group 2, lifetime = 2min

	IPv4, ESP, tunnel mode
	phase 1 3DES + SHA1, group 2, lifetime = 10min
	phase 2 AES + SHA1, group 2, lifetime = 2min

	$B8~$3$&$,(BAES code$B$r=$@5$7$?!#(BIKE$BE*$K$b(BIPsec$BE*$K$bBg>fIW!#(B
	rekey$B$b0l1~@.8y(B($B8~$3$&$O(Breal lifetime == soft, real * 1.2 == hard$B$H$+$K(B
	$B@_Dj$7$F$$$k$N$G$A$g$C$H%X%s$@$C$?$1$I(B)$B!#(B

	Thu Aug 16 22:01:57 JST 2001
	$B$b$&$$$A$I!#$"$H$O(BID payload$B$N=g=x$@$1!#(B

	Fri Aug 17 02:00 JST$B:"(B
	$B:FD)@o!#@.8y!#(B


Trilogy AdmitOne 2.6
	Tue Aug 14 21:58:01 JST 2001
	30$BJ,8e$H8@$o$l$?!#(B

	Wed Aug 15 01:53:42 JST 2001
	$BL@F|!#(B

	Wed Aug 15 16:09:50 JST 2001
	IPv4, ESP, transport mode
	phase 1 3DES + SHA1, group 1, lifetime = 10min
	phase 2 AES + SHA1, group 1, lifetime = 2min

	Trilogy$BB&$O(BIKE phase 2$B$N(Bkey length$B$,(Bbyte$BC10L$@$H;W$C$F$$$k$i$7$/(B
	negotiation$B<:GT!#=$@58e:FD)@o!#(B

	Wed Aug 15 17:40:05 JST 2001
	IPv4, ESP, transport mode
	phase 1 3DES + SHA1, group 1, lifetime = 10min
	phase 2 AES + SHA1, group 1, lifetime = 2min

	$B:FD)@o!#$3$A$i$,(Binitiator$B$N$H$-$O$&$^$/$$$/!#$"$A$i$,(Binitiator$B$N(B
	$B>l9g!"(Bid payload$B$K(Bproto=icmp$B$,Kd$^$C$F$*$j!"$3$A$i$N(Bkernel policy
	proto=any$B$K(Bmatch$B$;$:(Bno policy found$B$K$J$k!#MW=$@5!#(B

>spdadd 130.233.9.166 130.233.10.167 any -P out ipsec esp/transport//use;
>spdadd 130.233.10.167 130.233.9.166 any -P in ipsec esp/transport//use;

>35:45.215745 130.233.10.167:500 -> 130.233.9.166:500: isakmp 1.0 msgid dba05304: phase 2/others ? oakley-quick:
>    (hash: len=20)
>    (sa: doi=ipsec situation=identity
>        (p: #1 protoid=ipsec-esp transform=1 spi=dba05304
>            (t: #1 id=aes (type=lifetype value=sec)(type=life value=7080)(type=lifetype value=kb)(type=life value=2000)(type=
>group desc value=modp768)(type=enc mode value=transport)(type=auth value=hmac-sha1)(type=keylen value=0080))))
>    (nonce: n len=64)
>    (ke: key len=96)
>    (id: idtype=IPv4 protoid=icmp port=0 len=4 130.233.10.167)
>    (id: idtype=IPv4 protoid=icmp port=0 len=4 130.233.9.166)

>2001-08-15 17:35:45: DEBUG: isakmp_quick.c:1951:get_proposal_r(): get a src address from ID payload 130.233.10.167[0] prefixlen=32 ul_proto=1
>2001-08-15 17:35:45: DEBUG: isakmp_quick.c:1956:get_proposal_r(): get dst address from ID payload 130.233.9.166[0] prefixlen=32 ul_proto=1
>2001-08-15 17:35:45: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd350: 130.233.10.167/32[0] 130.233.9.166/32[0] proto=icmp dir=in
>2001-08-15 17:35:45: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80ca408: 130.233.10.167/32[0] 130.233.9.166/32[0] proto=any dir=in
>2001-08-15 17:35:45: DEBUG: policy.c:245:cmpspidxwild(): sub:0xbfbfd350: 130.233.10.167/32[0] 130.233.9.166/32[0] proto=icmp dir=in
>2001-08-15 17:35:45: DEBUG: policy.c:246:cmpspidxwild(): db: 0x80ca808: 130.233.9.166/32[0] 130.233.10.167/32[0] proto=any dir=out
>2001-08-15 17:35:45: ERROR: isakmp_quick.c:1979:get_proposal_r(): no policy found: 130.233.10.167/32[0] 130.233.9.166/32[0] proto=icmp dir=in


ZyXEL
	Tue Aug 14 12:00 ESST 2001
	phase1 main mode, pre-shared key, des, sha1, dh1
	phase2 esp, des, sha1, tunnel

	$BLdBj$J$7!#(Bproposal$B$O(B1$B$D$@$1<u$1$D$1$k!#(Brekey$B$O$G$-$J$$!#(B


III
	Tue Aug 14 14:00 ESST 2001
	phase1 main mode, pre-shared key, 3des, md5, dh2
	phase2 esp, des, md5, tunnel

	$BLdBj$J$7!#(Bproposal$B$O(B1$BHVL\$r;H$&!#(Brekey$B$O$G$-$J$$!#(B
	$BBfOQ$N>e;J$K(BKAME$B$H%F%9%H$7$F$3$$$H8@$o$l$?$i$7$$!#(B


WindowsXP
	Tue Aug 14 20:00
	phase1 main mode, pre-shared key, 3des, sha1, modp3072
	phase2 esp, 3des, sha1, transport

	modp3072$B$d$m$&$h$H%J%s%Q$5$l$k!#(B
	dh$B$N7W;;(B: fbsd43 P100MHz$B$GLs(B7(s)
	          XP P2 200MHz$B$GLs(B9(s)

	$BL@F|M<J}(B RSA signature mode$B$G:F@o!#(B

	$B5"$C$A$c$C$?$N$G$G$-$J$$!#(B

Ashley
	Tue Aug 14 18:00
	invalid-signature$B$HJ86g$r8@$o$l$k!#(B
	$B8_$$$K(B ssh-ca1$B$+$i=pL>$7$F$b$i$C$?$H8@$C$F$k$,!"(B
	$B<B$O(Btest-ca1.ssh.com$B$H(Bbakeoff-ca1.ssh.com$B$N(B2$B$D$"$k;v$,H=L@!D(B

	test-ca1.ssh.com$B$KE}0l$7$F:F@oM=Ls(B

	Fri Aug 17 10:30
	Ashley$B<BAu$K(Bpkcs#1 padding$B$NLdBj$"$j!#%M%4$G$-$:!#(B

Netoctave
	Wed Aug 15 11:00
	$B$3$C$A$,(B initiate$B$9$k$H(B no-proposal-chosen$B$,5"$C$F$/$k!#(B
	$BE($+$i(Bping$B$7$F$b$i$&$H(BIKE$B$N%Q%1%C%H$,=P$J$$!#(B

	$B>u673NG'$7$F$b$i$C$F8e$+$i:F@o$9$kM=Dj!#(B

isakmpd (jakob@openbsd)
	Tue Aug 14
	IPv4, ESP, transport mode
	phase 1 3DES + SHA1, group 2, lifetime = 10min
	phase 2 AES + SHA1, group 2, lifetime = 2min

	$BLdBj$J$7!#(B

	Wed Aug 15 21:25:49 JST 2001
	IPv6, ESP, tunnel mode
	phase 1 3DES + SHA1, group 2, lifetime = 10min
	phase 2 AES + SHA1, group 2, lifetime = 2min

	$B8~$3$&$O(Bmain mode$B$G(BFQDN$B$r(BID$B$K;H$$$?$,$C$?$,!"$3$&$$$&%(%i!<$GE\$i$l$k!#(B
	sakane$B$O$3$l$O(Bwg$B$G$N9g0U$H;W$C$F$$$k$,!"MW3NG'!#(B
2001-08-15 21:14:41: ERROR: ipsec_doi.c:3063:ipsecdoi_checkid1(): Expecting IP address type in main mode, but FQDN.

	Fri Aug 17 10:00
	rsa signature.
	$BLdBj$J$7!#(B

	isakmpd$B$O(B subjectAltName$B$r(B1$B$D$7$+<u$1$D$1$J$$!#(B


Fitec
	Wed Aug 15 13:00
	RSA signature
	invalid-authentication $B$GD7$M$i$l$k!#$$$h$$$h$3$C$A$NLdBj$+(B...

	KeyUsage $B$r(BIKE$B$K$7$H$+$J$$$HE\$i$l$k!#(B
	$BB>$N<BAu$H$&$^$/$$$+$J$$$N$O!"$3$l$,860x$+!)(B
	$B$=$&$G$b$J$5$=$&!"(Bopenssl$B$NLdBj$+$b!#(B

	openssl 0.9.6 $B$K$7$?$i@.8y!#0c$$$,J,$+$i$:!#(B

SSH
	IPv6$B$@$1$d$C$?(B

	ssh solaris version:
	ssh$BB&(B: IKE$B$N%Q%1%C%H$,=P$J$$!#(B
	nd cache$B$NLdBj$+!)(B
		tcp$B$@$1$N%]%j%7$G$b(BIKE$B$N%Q%1%C%H$,=P$;$J$$!#(B
		solaris$B$O(Bstatic cache entry$BF~$l$k%3%^%s%I$,$J$$$i$7$$!#(B
		$B0lC6(Bping6$B$7$F(Bcache$B$r:n$C$?5$$K$J$C$F$b(BNS$B$r=P$=$&$H$9$k!#(B
	$B860xD4::$9$k$+$i:F@o$7$F$M$H8@$o$l$k!#(B
	$B:F@o(B. $BLdBj$J$7(B

	$BBt;3$N(Bphase2 proposal(43440B$B$N(BUDP$B%Q%1%C%H(B)$B$r<u$1$k$H(B
	racoon $B$^$G%Q%1%C%H$,>e$,$C$FMh$J$$!#(B

	500 proposal$B$rEj$2$F$/$k!#(Bproposal#$B$O(B1byte$B$J$N$GCF$/$Y$-!#(B
	racoon$B$O:G=i$KA4It%Q!<%9$7$F$k$_$?$$!#(B

	RSA signature mode
	ssh$BB&$K(Bpublic key$B7W;;$KLdBj$"$C$?!#D>$7$F(BOK
	ssh$B$O(Bssh-test-ca1$B$,%5%$%s$7$?>ZL@=q$r;H$$!"(B
	racoon$B$O(Bfujixerox$B$,%5%$%s$7$?>ZL@=q$G$b(BOK

	AES phase1 $B$,$&$^$/$$$+$J$$!#4V0c$$$J$/(Bracoon$B$NLdBj!#(B($BD>$7$FF0:n3NG':Q(B)

	phase1 proposal$B$N%Q!<%9$KCn$,$$$k$+$b!#MW3NG'(B

freeswan
	IPv4, IPComp + ESP, transport mode
	phase 1 3DES + SHA1, group 5, lifetime = 10min
	phase 2 3DES + SHA1 + deflate, group 5, lifetime = 2min

	IPComp$B$K$OLdBj$J$7!#(B

	$B@hJ}$,(Binitiate$B$7$F$-$?$H$-$KLdBj$"$j!#(Bphase 2$B$G!"(Bipcomp enc mode$B$,(B
	$BL5;XDj$N>l9g!"(Bipcomp$B$N>l9g$@$1$O(Btransport$B$H;W$o$J$1$l$P$J$i$J$$!#(B
	$B$,!"(Bracoon$B$O8=>u$3$l$r(BRFC2407$BE*$K(B(Any$B$H$7$F(B)$B<h$j07$&!#$N$G!"(Bno
	proposal chosen$B$K$J$k!#(B
	RFC2407$B$+$i$9$k$H!"(Benc mode unspecified == transport$B$G$b$h$$$h$&$J(B
	$B5$$,$9$k$,(B...  ("host-dependent"$B$C$F=q$$$F$"$k$+$i(B)

RFC2407
>         Encapsulation Mode
>           RESERVED                0
>           Tunnel                  1
>           Transport               2
>
>           Values 3-61439 are reserved to IANA.  Values 61440-65535 are
>           for private use.
>
>           If unspecified, the default value shall be assumed to be
>           unspecified (host-dependent).

draft-shacham-ippcp-rfc2393bis-08.txt
>      Encapsulation Mode
>
>         To propose a non-default Encapsulation Mode (such as Tunnel
>         Mode), an IPComp proposal MUST include an Encapsulation Mode
>         attribute.  If the Encapsulation Mode is unspecified, the
>         default value of Transport Mode is assumed.

>42:28.211568 130.233.9.175:500 -> 130.233.9.166:500: isakmp 1.0 msgid 6935cbd8: phase 2/others ? oakley-quick:
>    (hash: len=20)
>    (sa: doi=ipsec situation=identity
>        (p: #0 protoid=ipsec-esp transform=2 spi=3a47a3e7
>            (t: #0 id=3des (type=group desc value=0005)(type=enc mode value=transport)(type=lifetype value=sec)(type=life value=7080)(type=auth value=hmac-md5))
>            (t: #1 id=3des (type=group desc value=0005)(type=enc mode value=transport)(type=lifetype value=sec)(type=life value=7080)(type=auth value=hmac-sha1)))
>        (p: #0 protoid=ipcomp transform=1 spi=ac23
>            (t: #0 id=deflate (type=lifetype value=sec)(type=life value=7080))))
>    (nonce: n len=16)
>    (ke: key len=192)

>2001-08-15 16:42:28: DEBUG: ipsec_doi.c:1024:get_ph2approvalx(): peer's single bundle:
>2001-08-15 16:42:28: DEBUG: proposal.c:814:printsaproto():  (proto_id=ESP spisize=4 spi=3a47a3e7 spi_p=00000000 encmode=Transport reqid=0:0)
>2001-08-15 16:42:28: DEBUG: proposal.c:848:printsatrns():   (trns_id=3DES encklen=0 authtype=1)
>2001-08-15 16:42:28: DEBUG: proposal.c:848:printsatrns():   (trns_id=3DES encklen=0 authtype=2)
>2001-08-15 16:42:28: DEBUG: proposal.c:814:printsaproto():  (proto_id=IPCOMP spisize=2 spi=0000ac23 spi_p=00000000 encmode=Any reqid=0:0)
>2001-08-15 16:42:28: DEBUG: proposal.c:855:printsatrns():   (trns_id=DEFLATE)
>2001-08-15 16:42:28: DEBUG: ipsec_doi.c:1027:get_ph2approvalx(): my single bundle:
>2001-08-15 16:42:28: DEBUG: proposal.c:814:printsaproto():  (proto_id=ESP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0:0)
>2001-08-15 16:42:28: DEBUG: proposal.c:848:printsatrns():   (trns_id=3DES encklen=0 authtype=2)
>2001-08-15 16:42:28: DEBUG: proposal.c:814:printsaproto():  (proto_id=IPCOMP spisize=4 spi=00000000 spi_p=00000000 encmode=Transport reqid=0:0)
>2001-08-15 16:42:28: DEBUG: proposal.c:855:printsatrns():   (trns_id=DEFLATE)
>2001-08-15 16:42:28: ERROR: proposal.c:497:cmpsatrns(): authtype mismatched: my:1 peer:2
>2001-08-15 16:42:28: ERROR: proposal.c:365:cmpsaprop_alloc(): IPComp SPI size promoted from 16bit to 32bit
>2001-08-15 16:42:28: ERROR: proposal.c:378:cmpsaprop_alloc(): encmode mismatched: my:2 peer:0			<-----

	Thu Aug 16 16:49:08 JST 2001
	IPv4, IPComp + ESP, transport mode
	phase 1 3DES + SHA1, group 5, lifetime = 10min
	phase 2 3DES + SHA1 + deflate, group 5, lifetime = 2min
	$B:FD)@o!#=$@5$G$-$?$3$H$r3NG'!#(B


netopia
	Wed Aug 15 19:00 JST$B:"(B
	IPv6, ESP, transport mode
	phase 1 3DES + SHA1, group 2, lifetime = 24h
	phase 2 3DES + SHA1, group 2, lifetime = 1h

	KAME$B%Y!<%9<BAu!#(BCPU$B$,$7$g$\$$$i$7$/(BD-H$B$K(B5$BIC$/$i$$$+$+$C$F$I$-$I$-$9$k!#(B
	bug report$B$J$I$"$C$?$iAw$C$F$b$i$&$h$&$*4j$$$9$k!#(B


Ericsson
	Wed Aug 15 20:30 JST$B:"(B
	IPv6, ESP, transport mode
	phase 1 3DES + SHA1, group 2, lifetime = 24h
	phase 2 AES + SHA1, group 2, lifetime = 1h

	$B@.8y(B

	IPv6, ESP, transport mode
	phase 1 3DES + SHA1, group 2, lifetime = 24h
	phase 2 blowfish + SHA1, group 2, lifetime = 1h

	$B<:GT!#(Bblowfish$B!"$3$C$A$,$o$N80$N@8@.$,$*$+$7$$(B(= $BD9$$80$N>l9g(B)$B!#(B

	IPv6, ESP, transport mode
	phase 1 3DES + SHA1, group 2, lifetime = 24h
	phase 2 3DES + SHA1, group 2, lifetime = 1h

	$B<:GT!#(Bericsson$BB&!"(BND$B$,$*$+$7$$!#(B


Nokia EPOC
	Wed Aug 15 20:51:25 JST 2001
	IPv6, ESP, tunnel mode
	phase 1 3DES + SHA1, group 2, lifetime = 3600min
	phase 2 3DES + SHA1 + deflate, group 2, lifetime = 2min

	IPsec key$B$bF~$k$,!"@hJ}$N%]%j%7LdBj$G(Bping$B$OJV$i$J$$!#(B

Trustworks TrustedClient v3.2
	Thu Aug 16 20:17:51 JST 2001
	IPv6, AH + ESP, transport mode
	phase 1 3DES + SHA1, group 5, lifetime = 3min
	phase 2 3DES + SHA1, group 5, lifetime = 2min

	$B@hJ}$,(Bresponder$B$N$H$-!"808r49$,=*N;$7$?=V4V@hJ}$N(BIKE daemon$B$,(Bpanic$B!#(B
	$B$^$"808r49<+BN$O$G$-$F$$$k$h$&$@!#(B


Nortel GatewayController/CallServer 2000 (not released yet)
	Fri Aug 17 00:16:23 JST 2001
	IPv4, ESP, transport mode
	phase 1 3DES + SHA1, group 5, lifetime = 3min
	phase 2 AES + SHA1, group 5, lifetime = 2min

	Nortel$BB&(Binitiator: round=10$B$H$$$&(Battribute$B$r$D$1$F$/$k$N$G(Bno proposal
	chosen
	KAME$BB&(Binitiator: id payload$BH4$-(B(ip address$B;H$((B)$B$@$H(BNortel$BB&$O(B
	$B$X$/$k$N$GBLL\(B

	IPv4, ESP, transport mode
	phase 1 3DES + SHA1, group 5, lifetime = 3min
	phase 2 3DES + SHA1, group 5, lifetime = 2min

	Nortel$BB&(Binitiator: ok
	KAME$BB&(Binitiator: id payload$BH4$-$@$H(BNortel$BB&$O$X$/$k$N$GBLL\(B