Nov  5 00:03:25 aparo pluto[16992]: packet from 194.125.79.166:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Nov  5 00:03:25 aparo pluto[16992]: packet from 194.125.79.166:500: ignoring Vendor ID payload [FRAGMENTATION]
Nov  5 00:03:25 aparo pluto[16992]: packet from 194.125.79.166:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov  5 00:03:25 aparo pluto[16992]: packet from 194.125.79.166:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Nov  5 00:03:25 aparo pluto[16992]: "l2tp-syseng"[3] 194.125.79.166 #92: responding to Main Mode from unknown peer 194.125.79.166
Nov  5 00:03:25 aparo pluto[16992]: "l2tp-syseng"[3] 194.125.79.166 #92: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov  5 00:03:25 aparo pluto[16992]: "l2tp-syseng"[3] 194.125.79.166 #92: STATE_MAIN_R1: sent MR1, expecting MI2
Nov  5 00:03:25 aparo pluto[16992]: "l2tp-syseng"[3] 194.125.79.166 #92: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[3] 194.125.79.166 #92: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[3] 194.125.79.166 #92: STATE_MAIN_R2: sent MR2, expecting MI3
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[3] 194.125.79.166 #92: Main mode peer ID is ID_DER_ASN1_DN: 'C=IE, ST=Dublin, O=Networks, OU=Systems Eng, CN=Gbenga Sogbetun, E=olugbenga.Sogbetun@bt.com'
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[3] 194.125.79.166 #92: no crl from issuer "C=IE, O=Networks, OU=Systems Eng, ST=Dublin, L=Dundrum, CN=Systems Eng CA, E=olugbenga.Sogbetun@bt.com" found (strict=no)
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[3] 194.125.79.166 #92: switched from "l2tp-syseng" to "l2tp-syseng"
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[4] 194.125.79.166 #92: deleting connection "l2tp-syseng" instance with peer 194.125.79.166 {isakmp=#0/ipsec=#0}
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[4] 194.125.79.166 #92: I am sending my cert
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[4] 194.125.79.166 #92: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov  5 00:03:26 aparo pluto[16992]: | NAT-T: new mapping 194.125.79.166:500/17805)
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[4] 194.125.79.166 #92: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[4] 194.125.79.166 #93: responding to Quick Mode {msgid:c2801582}
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[4] 194.125.79.166 #93: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[4] 194.125.79.166 #93: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[4] 194.125.79.166 #93: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov  5 00:03:26 aparo pluto[16992]: "l2tp-syseng"[4] 194.125.79.166 #93: STATE_QUICK_R2: IPsec SA established {ESP=>0x43f2cdc5 <0x02450523 xfrm=3DES_0-HMAC_MD5 NATD=194.125.79.166:17805 DPD=none}





aparo:~# tcpdump -i ipsec0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ipsec0, link-type EN10MB (Ethernet), capture size 96 bytes

18:24:20.972047 IP aparo.eng.esat.ie.isakmp > 213-202-188-240.bas504.dsl.esat.net.isakmp: isakmp: phase 1 ? ident
18:24:21.472519 IP aparo.eng.esat.ie.isakmp > 213-202-188-240.bas504.dsl.esat.net.isakmp: isakmp: phase 1 ? ident
18:24:21.658857 IP aparo.eng.esat.ie.4500 > 213-202-188-240.bas504.dsl.esat.net.14108: UDP, length: 1280
18:24:21.703830 IP aparo.eng.esat.ie.4500 > 213-202-188-240.bas504.dsl.esat.net.14108: UDP, length: 176
18:24:21.736174 IP 213-202-188-240.bas504.dsl.esat.net.l2f > aparo.eng.esat.ie.l2f:  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |...
18:24:22.735344 IP 213-202-188-240.bas504.dsl.esat.net.l2f > aparo.eng.esat.ie.l2f:  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |...
18:24:24.734924 IP 213-202-188-240.bas504.dsl.esat.net.l2f > aparo.eng.esat.ie.l2f:  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |...
18:24:25.729613 IP aparo.eng.esat.ie.4500 > 213-202-188-240.bas504.dsl.esat.net.14108: UDP, length: 1
18:24:28.735870 IP 213-202-188-240.bas504.dsl.esat.net.l2f > aparo.eng.esat.ie.l2f:  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |...
18:24:36.735065 IP 213-202-188-240.bas504.dsl.esat.net.l2f > aparo.eng.esat.ie.l2f:  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |...
18:24:45.730872 IP aparo.eng.esat.ie.4500 > 213-202-188-240.bas504.dsl.esat.net.14108: UDP, length: 1
18:24:46.735466 IP 213-202-188-240.bas504.dsl.esat.net.l2f > aparo.eng.esat.ie.l2f:  l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(S) *BEARER_CAP() |...
18:24:56.752283 IP aparo.eng.esat.ie.4500 > 213-202-188-240.bas504.dsl.esat.net.14108: UDP, length: 72
18:24:56.812777 IP aparo.eng.esat.ie.4500 > 213-202-188-240.bas504.dsl.esat.net.14108: UDP, length: 88


aparo:/usr/src/linux# ipsec eroute
0          10.10.1.57/32:1701 -> 213.202.188.240/32:1701 => esp0x93818052@213.202.188.240:17

aparo:/usr/src/linux# netstat -lun
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 10.10.1.57:4500         0.0.0.0:*
udp        0      0 10.10.1.57:1701         0.0.0.0:*
udp        0      0 10.10.1.57:500          0.0.0.0:*