[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW1] Windows GUI session key problem

To: "'fw-1-mailinglist@lists.us.checkpoint.com'" <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: [FW1] Windows GUI session key problem
From: Kenneth Ord <Kenneth.Ord@morse.com>
Date: Fri, 2 Apr 1999 00:18:01 +0100
    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


I have a problem connecting either the Windows or Motif GUI to a v3.0b
gateway with encryption patched with SP8.  I've just upgraded it from v3.0.
When trying to connect with the GUI, it times out saying there is no
response from the server.  I do see traffic on the network between the PC
and the gateway.  On the gateway itself, running 'fwm' in debug mode
produces the following output:

fwm: FireWall-1 Management Server is running 
  [fwm@firewall] fwa_db_init: called 
  3603968DAEMON_init:slapd starting on port 18185 
  ------------ 
  [fwm@firewall] fwcomm_setcrypto: deleting cpair 0 for fd 7 
  [fwm@firewall] _readbuf: fd = 7, buf = effff5b8, len = 8, do_longjmp = 1 
  [fwm@firewall] _readbuf: waiting for 8 bytes 
  [fwm@firewall] WaitOnFd: waiting on 7 (   25.000 secs). dir= 1 
  [fwm@firewall] BytesToRead: fd = 7, n = 8 
  [fwm@firewall] _readbuf: there are 8 bytes on 7 
  [fwm@firewall] comm_decrypt_buf: fd = 7, buf = effff5b8, len = 8, key = 0 
  [fwm@firewall] _readbuf: fd = 7, buf = 594640, len = 202, do_longjmp = 1 
  [fwm@firewall] _readbuf: waiting for 202 bytes 
  [fwm@firewall] WaitOnFd: waiting on 7 (   25.000 secs). dir= 1 
  [fwm@firewall] BytesToRead: fd = 7, n = 202 
  [fwm@firewall] _readbuf: there are 202 bytes on 7 
  [fwm@firewall] comm_decrypt_buf: fd = 7, buf = 594640, len = 202, key = 0 
  [fwm@firewall] Got set from fd 7: 
  ( 
          :major (1) 
          :minor (0) 
          :authver (xxxxxxxxx) 
          :major_release_version (3) 
          :minor_release_version (0) 
          :type (rule-editor) 
          :timeout (60) 
          :motif_client (true) 
          :encryption_on (true) 
          :host (firewall) 
  ) 


  [fwm@firewall] Write set to fd 7: 
  ( 
          :major (1) 
          :minor (0) 
          :authver (xxxxxxxx) 
          :major_release_version (3) 
          :minor_release_version (0) 
          :ipaddr (10.10.10.99) 
          :type (full) 
          :server (firewall) 
  ) 


  [fwm@firewall] _writebuf: fd = 7, ibuf = effff5b8, len = 8, do_longjmp = 1

  [fwm@firewall] fwcomm_encrypt_buf: fd = 7, buf = effff5b8, len = 8, key =
0 
  [fwm@firewall] _writebuf: writing 8 bytes to 7 
  [fwm@firewall] _writebuf: wrote 8 bytes 
  [fwm@firewall] _writebuf: fd = 7, ibuf = 594640, len = 160, do_longjmp = 1

  [fwm@firewall] fwcomm_encrypt_buf: fd = 7, buf = 594640, len = 160, key =
0 
  [fwm@firewall] _writebuf: writing 160 bytes to 7 
  [fwm@firewall] _writebuf: wrote 160 bytes 
  [fwm@firewall] peers addresses are 
  [fwm@firewall] 10.10.10.99 
  [fwm@firewall] fwcomm_setpeer: fd = 7, peer = 594a30 
  [fwm@firewall] fwm_do_connect: got peer address xxxxxxxx from fd 7 
  [fwm@firewall] _readbuf: fd = 7, buf = effff448, len = 8, do_longjmp = 1 
  [fwm@firewall] _readbuf: waiting for 8 bytes 
  [fwm@firewall] WaitOnFd: waiting on 7 (   25.000 secs). dir= 1 
  [fwm@firewall] BytesToRead: fd = 7, n = 8 
  [fwm@firewall] _readbuf: there are 8 bytes on 7 
  [fwm@firewall] comm_decrypt_buf: fd = 7, buf = effff448, len = 8, key = 0 
  [fwm@firewall] _readbuf: fd = 7, buf = 594a88, len = 566, do_longjmp = 1 
  [fwm@firewall] _readbuf: waiting for 566 bytes 
  [fwm@firewall] WaitOnFd: waiting on 7 (   25.000 secs). dir= 1 
  [fwm@firewall] BytesToRead: fd = 7, n = 566 
  [fwm@firewall] _readbuf: there are 566 bytes on 7 
  [fwm@firewall] comm_decrypt_buf: fd = 7, buf = 594a88, len = 566, key = 0 
  [fwm@firewall] Got set from fd 7: 
  (userc1 
          :name (admin) 
          :cypher-method ( 
                : (FWZ1) 
                : (CLEAR) 
                : (DES) 
          ) 
          :key-method ( 
                : (FWZ1) 
                : (CLEAR) 
                : (DES) 
          ) 
          :md-method () 
          :pswd-method (FWZ1) 
          :src ( 
                :public ( 
                    :value 
 
(xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)

                ) 
                :dhparams_id () 
                :date (37035d8e) 
          ) 
          :dst ( 
                : (key-sync 
                    :obj ( 
                      :type (node) 
                      : (10.10.10.99) 
                    ) 
                ) 
          ) 
          :challenge (bab7559cb4ec) 
          :password () 
          :support_encapsulation () 
          :support_authentication () 
          :signature () 
  ) 


  [fwm@firewall] fwkey_reply: user name :admin 
  [fwm@firewall] fwkey_reply: generating new session key 
  get_shared_key: nout=-1 < keylen=0 
  [fwm@firewall] fwkey_reply: Can't create bsk for session key. 
  [fwm@firewall] fwm_do_auth: bad client initial request 


I've edited this output a little!  
Can anyone say what the problem might be?  The important part seems to be
the last five lines... Is there a chance this error is a result of a
previous non-VPN version of the GUI client running on the gateway (I don't
know if there ever was a Motif GUI on the gateway, but it has a VPN version
now)?  

Cheers,

Ken



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Prev by Date: [FW1] [fw1] Backup strategy for Firewall servers
Next by Date: [FW1] [Big5] І^Та : [FW1] Re:
Prev by thread: [FW1] [fw1] Backup strategy for Firewall servers
Next by thread: [FW1] [Big5] І^Та : [FW1] Re:
Index(es):
- Date
- Thread