RRT102 Thu Sep 6 17:44:45 IST 2007 + _________________________ version + ipsec --version Linux Openswan U2.4.9/K(no kernel code presently loaded) See `ipsec --copyright' for copyright information. + _________________________ /proc/version + cat /proc/version Linux version 2.6.15-27-server (buildd@terranova) (gcc version 4.0.3 (Ubuntu 4.0.3-1ubuntu5)) #1 SMP Sat Sep 16 02:57:21 UTC 2006 + _________________________ /proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + _________________________ netstat-rn + netstat -nr + head -n 100 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.20.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 1.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 tun0 0.0.0.0 10.20.50.50 0.0.0.0 UG 0 0 0 eth0 + _________________________ /proc/net/ipsec_spi + test -r /proc/net/ipsec_spi + _________________________ /proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + _________________________ /proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + _________________________ ipsec/status + ipsec auto --status whack: Pluto is not running (no "/var/run/pluto/pluto.ctl") + _________________________ ifconfig-a + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:16:76:4B:59:54 inet addr:10.20.50.88 Bcast:10.20.255.255 Mask:255.255.0.0 inet6 addr: fe80::216:76ff:fe4b:5954/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:290506 errors:0 dropped:0 overruns:0 frame:0 TX packets:288383 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:58556000 (55.8 MiB) TX bytes:30942364 (29.5 MiB) gre0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-65-74-00-00-00-00-00-00-00-00 NOARP MTU:1476 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:316 errors:0 dropped:0 overruns:0 frame:0 TX packets:316 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:80860 (78.9 KiB) TX bytes:80860 (78.9 KiB) sit0 Link encap:IPv6-in-IPv4 NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) tun0 Link encap:UNSPEC HWaddr 0A-14-32-58-00-00-65-74-00-00-00-00-00-00-00-00 inet addr:1.1.1.1 P-t-P:1.1.1.1 Mask:255.0.0.0 UP POINTOPOINT RUNNING NOARP MTU:1476 Metric:1 RX packets:41 errors:0 dropped:0 overruns:0 frame:0 TX packets:96 errors:2 dropped:0 overruns:0 carrier:2 collisions:0 txqueuelen:0 RX bytes:5796 (5.6 KiB) TX bytes:16976 (16.5 KiB) + _________________________ ip-addr-list + ip addr list 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:16:76:4b:59:54 brd ff:ff:ff:ff:ff:ff inet 10.20.50.88/16 brd 10.20.255.255 scope global eth0 inet6 fe80::216:76ff:fe4b:5954/64 scope link valid_lft forever preferred_lft forever 3: sit0: mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 4: gre0: mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 9: tun0@NONE: mtu 1476 qdisc noqueue link/gre 10.20.50.88 peer 10.20.50.233 inet 1.1.1.1/8 scope global tun0 + _________________________ ip-route-list + ip route list 10.20.0.0/16 dev eth0 proto kernel scope link src 10.20.50.88 1.0.0.0/8 dev tun0 proto kernel scope link src 1.1.1.1 default via 10.20.50.50 dev eth0 + _________________________ ip-rule-list + ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + ipsec verify --nocolour Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.4.9/K(no kernel code presently loaded) Checking for IPsec support in kernel [FAILED] Checking for RSA private key (/etc/ipsec.secrets) [DISABLED] ipsec showhostkey: no default key in "/etc/ipsec.secrets" Checking that pluto is running [FAILED] whack: Pluto is not running (no "/var/run/pluto/pluto.ctl") Two or more interfaces found, checking IP forwarding [FAILED] whack: Pluto is not running (no "/var/run/pluto/pluto.ctl") Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption DNS checks: Looking for TXT in forward dns zone: RRT102 [MISSING] Does the machine have at least one non-private address? [OK] Looking for TXT in reverse dns zone: 1.1.1.1.in-addr.arpa. [MISSING] + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + /sbin/mii-tool -v eth0: negotiated 100baseTx-FD flow-control, link ok product info: vendor 00:aa:00, model 51 rev 0 basic mode: autonegotiation enabled basic status: autonegotiation complete, link ok capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control + _________________________ ipsec/directory + ipsec --directory /usr/local/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn localhost + _________________________ hostname/ipaddress + hostname --ip-address 127.0.0.1 + _________________________ uptime + uptime 17:44:46 up 1 day, 7:42, 9 users, load average: 0.36, 0.16, 0.20 + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 0 0 13009 8149 17 0 3668 1420 - R+ pts/8 0:00 | \_ /bin/sh /usr/local/libexec/ipsec/barf + _________________________ ipsec/showdefaults + ipsec showdefaults ipsec showdefaults: cannot find defaults file `/var/run/pluto/ipsec.info' + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 ## Common for all ipsec.conf version 2.0 config setup interfaces=%defaultroute klipsdebug=none uniqueids=yes nat_traversal=yes plutodebug=all ## User defined connections conn xxx type=transport esp=3des-md5-96 keyexchange=ike auto=start pfs=no authby=secret left=1.1.1.1 leftsourceip= leftsubnet= right=1.1.1.2 rightsourceip= rightsubnet= dpddelay=25 dpdtimeout=10 dpdaction=hold + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 1.1.1.1 1.1.1.2: PSK "[sums to 23cd...]" + _________________________ ipsec/listall + ipsec auto --listall whack: Pluto is not running (no "/var/run/pluto/pluto.ctl") + '[' /etc/ipsec.d/policies ']' + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: clear.in,v 1.4.30.2 2006/10/19 17:43:56 paul Exp $ # # # Michael's idea: Always have ROOT NAMESERVERS in the clear. # It will make OE work much better on machines running caching # resolvers. # # Based on: http://www.internic.net/zones/named.root # This file holds the information on root name servers needed to # last update: Jan 29, 2004 # related version of root zone: 2004012900 198.41.0.4/32 192.228.79.201/32 192.33.4.12/32 128.8.10.90/32 192.203.230.10/32 192.5.5.241/32 192.112.36.4/32 128.63.2.53/32 192.36.148.17/32 192.58.128.30/32 193.0.14.129 /32 198.32.64.12/32 202.12.27.33/32 + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/local/share/doc/openswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + _________________________ ipsec/ls-libdir + ls -l /usr/local/lib/ipsec total 232 -rwxr-xr-x 1 root root 15848 Jul 27 16:26 _confread -rwxr-xr-x 1 root root 15848 May 15 09:38 _confread.old -rwxr-xr-x 1 root root 14384 Jul 27 16:26 _copyright -rwxr-xr-x 1 root root 14384 May 15 09:38 _copyright.old -rwxr-xr-x 1 root root 2379 Jul 27 16:26 _include -rwxr-xr-x 1 root root 2379 May 15 09:38 _include.old -rwxr-xr-x 1 root root 1475 Jul 27 16:26 _keycensor -rwxr-xr-x 1 root root 1475 May 15 09:38 _keycensor.old -rwxr-xr-x 1 root root 3586 Jul 27 16:26 _plutoload -rwxr-xr-x 1 root root 3586 May 15 09:38 _plutoload.old -rwxr-xr-x 1 root root 8069 Jul 27 16:26 _plutorun -rwxr-xr-x 1 root root 8069 May 15 09:38 _plutorun.old -rwxr-xr-x 1 root root 12480 Jul 27 16:26 _realsetup -rwxr-xr-x 1 root root 12346 May 15 09:38 _realsetup.old -rwxr-xr-x 1 root root 1975 Jul 27 16:26 _secretcensor -rwxr-xr-x 1 root root 1975 May 15 09:38 _secretcensor.old -rwxr-xr-x 1 root root 11027 Jul 27 16:26 _startklips -rwxr-xr-x 1 root root 10705 May 15 09:38 _startklips.old -rwxr-xr-x 1 root root 13918 Jul 27 16:26 _updown -rwxr-xr-x 1 root root 13918 May 15 09:38 _updown.old -rwxr-xr-x 1 root root 15746 Jul 27 16:26 _updown_x509 -rwxr-xr-x 1 root root 15746 May 15 09:38 _updown_x509.old + _________________________ ipsec/ls-execdir + ls -l /usr/local/libexec/ipsec total 6148 -rwxr-xr-x 1 root root 26582 Jul 27 16:26 _pluto_adns -rwxr-xr-x 1 root root 26582 May 15 09:38 _pluto_adns.old -rwxr-xr-x 1 root root 18891 Jul 27 16:26 auto -rwxr-xr-x 1 root root 18891 May 15 09:38 auto.old -rwxr-xr-x 1 root root 11367 Jul 27 16:26 barf -rwxr-xr-x 1 root root 11367 May 15 09:38 barf.old -rwxr-xr-x 1 root root 816 Jul 27 16:26 calcgoo -rwxr-xr-x 1 root root 816 May 15 09:38 calcgoo.old -rwxr-xr-x 1 root root 187269 Jul 27 16:26 eroute -rwxr-xr-x 1 root root 187289 May 15 09:38 eroute.old -rwxr-xr-x 1 root root 61089 Jul 27 16:26 ikeping -rwxr-xr-x 1 root root 60937 May 15 09:38 ikeping.old -rwxr-xr-x 1 root root 120800 Jul 27 16:26 klipsdebug -rwxr-xr-x 1 root root 120800 May 15 09:38 klipsdebug.old -rwxr-xr-x 1 root root 1836 Jul 27 16:26 livetest -rwxr-xr-x 1 root root 1836 May 15 09:38 livetest.old -rwxr-xr-x 1 root root 2604 Jul 27 16:26 look -rwxr-xr-x 1 root root 2605 May 15 09:38 look.old -rwxr-xr-x 1 root root 7094 Jul 27 16:26 mailkey -rwxr-xr-x 1 root root 7094 May 15 09:38 mailkey.old -rwxr-xr-x 1 root root 16015 Jul 27 16:26 manual -rwxr-xr-x 1 root root 16015 May 15 09:38 manual.old -rwxr-xr-x 1 root root 1951 Jul 27 16:26 newhostkey -rwxr-xr-x 1 root root 1951 May 15 09:38 newhostkey.old -rwxr-xr-x 1 root root 106699 Jul 27 16:26 pf_key -rwxr-xr-x 1 root root 106699 May 15 09:38 pf_key.old -rwxr-xr-x 1 root root 1797531 Jul 27 16:26 pluto -rwxr-xr-x 1 root root 1790013 May 15 09:38 pluto.old -rwxr-xr-x 1 root root 21314 Jul 27 16:26 ranbits -rwxr-xr-x 1 root root 21314 May 15 09:38 ranbits.old -rwxr-xr-x 1 root root 48930 Jul 27 16:26 rsasigkey -rwxr-xr-x 1 root root 48930 May 15 09:38 rsasigkey.old -rwxr-xr-x 1 root root 766 Jul 27 16:26 secrets -rwxr-xr-x 1 root root 766 May 15 09:38 secrets.old lrwxrwxrwx 1 root root 17 Jul 27 16:26 setup -> /etc/init.d/ipsec -rwxr-xr-x 1 root root 1054 Jul 27 16:26 showdefaults -rwxr-xr-x 1 root root 1054 May 15 09:38 showdefaults.old -rwxr-xr-x 1 root root 4845 Jul 27 16:26 showhostkey -rwxr-xr-x 1 root root 4748 May 15 09:38 showhostkey.old -rwxr-xr-x 1 root root 297223 Jul 27 16:26 spi -rwxr-xr-x 1 root root 296407 May 15 09:38 spi.old -rwxr-xr-x 1 root root 154316 Jul 27 16:26 spigrp -rwxr-xr-x 1 root root 154332 May 15 09:38 spigrp.old -rwxr-xr-x 1 root root 24637 Jul 27 16:26 tncfg -rwxr-xr-x 1 root root 24637 May 15 09:38 tncfg.old -rwxr-xr-x 1 root root 13530 Jul 27 16:26 verify -rwxr-xr-x 1 root root 12783 May 15 09:38 verify.old -rwxr-xr-x 1 root root 139791 Jul 27 16:26 whack -rwxr-xr-x 1 root root 139807 May 15 09:38 whack.old + _________________________ ipsec/updowns ++ ls /usr/local/libexec/ipsec ++ egrep updown + _________________________ /proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 80860 316 0 0 0 0 0 0 80860 316 0 0 0 0 0 0 eth0:58556673 290512 0 0 0 0 0 0 30942576 288386 0 0 0 0 0 0 sit0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 gre0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 tun0: 5796 41 0 0 0 0 0 0 16976 96 2 0 0 0 2 0 + _________________________ /proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 0000140A 00000000 0001 0 0 0 0000FFFF 0 0 0 tun0 00000001 00000000 0001 0 0 0 000000FF 0 0 0 eth0 00000000 3232140A 0003 0 0 0 00000000 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/tcp_ecn + cat /proc/sys/net/ipv4/tcp_ecn 0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter tun0/rp_filter all/rp_filter:0 default/rp_filter:0 eth0/rp_filter:0 lo/rp_filter:0 tun0/rp_filter:0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter tun0/rp_filter all/rp_filter:0 default/rp_filter:0 eth0/rp_filter:0 lo/rp_filter:0 tun0/rp_filter:0 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + cd /proc/sys/net/ipv4/conf + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects tun0/accept_redirects tun0/secure_redirects tun0/send_redirects all/accept_redirects:0 all/secure_redirects:1 all/send_redirects:0 default/accept_redirects:0 default/secure_redirects:1 default/send_redirects:0 eth0/accept_redirects:0 eth0/secure_redirects:1 eth0/send_redirects:0 lo/accept_redirects:0 lo/secure_redirects:1 lo/send_redirects:0 tun0/accept_redirects:0 tun0/secure_redirects:1 tun0/send_redirects:0 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + cat /proc/sys/net/ipv4/tcp_adv_win_scale 2 + _________________________ uname-a + uname -a Linux RRT102 2.6.15-27-server #1 SMP Sat Sep 16 02:57:21 UTC 2006 i686 GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ distro-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/redhat-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/debian-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/SuSE-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandrake-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandriva-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/gentoo-release + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + test -r /proc/net/pfkey + echo 'no KLIPS or NETKEY support detected' no KLIPS or NETKEY support detected + _________________________ ipfwadm + test -r /sbin/ipfwadm + 'no old-style linux 1.x/2.0 ipfwadm firewall support' /usr/local/libexec/ipsec/barf: line 305: no old-style linux 1.x/2.0 ipfwadm firewall support: No such file or directory + _________________________ ipchains + test -r /sbin/ipchains + echo 'no old-style linux 2.0 ipchains firewall support' no old-style linux 2.0 ipchains firewall support + _________________________ iptables + test -r /sbin/iptables + iptables -L -v -n Chain INPUT (policy ACCEPT 27 packets, 3291 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4 packets, 222 bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 4 packets, 870 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 2 packets, 104 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 2 packets, 104 bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 26 packets, 3213 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 26 packets, 3213 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4 packets, 222 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 4 packets, 222 bytes) pkts bytes target prot opt in out source destination + _________________________ /proc/modules + test -f /proc/modules + cat /proc/modules iptable_mangle 3840 0 - Live 0xdf6ed000 iptable_nat 9092 0 - Live 0xdf6e6000 ip_nat 21420 1 iptable_nat, Live 0xdf781000 ip_conntrack 54744 2 iptable_nat,ip_nat, Live 0xdf792000 nfnetlink 7704 2 ip_nat,ip_conntrack, Live 0xdf6ea000 iptable_filter 3968 0 - Live 0xdf6bb000 ip_tables 23552 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xdf6ef000 ip_gre 15392 0 - Live 0xdf6e1000 af_packet 25864 0 - Live 0xdf630000 i915 22656 1 - Live 0xdf6ad000 drm 78996 2 i915, Live 0xdf6be000 deflate 5248 0 - Live 0xdf62b000 zlib_deflate 25112 1 deflate, Live 0xdf68f000 twofish 48640 0 - Live 0xdf698000 serpent 21760 0 - Live 0xdf680000 blowfish 9472 0 - Live 0xdf638000 crypto_null 3328 0 - Live 0xdf629000 ipcomp 9864 0 - Live 0xdf5c7000 esp4 9600 0 - Live 0xdf622000 ah4 7680 0 - Live 0xdf5cb000 aes 30912 0 - Live 0xdf619000 des 18816 0 - Live 0xdf5ce000 sha1 3712 0 - Live 0xdf4d2000 sha256 12032 0 - Live 0xdf4bf000 rfcomm 44564 0 - Live 0xdf4c6000 l2cap 29056 5 rfcomm, Live 0xdf5be000 bluetooth 54756 4 rfcomm,l2cap, Live 0xdf5ff000 nfsd 241668 13 - Live 0xdf63c000 exportfs 7296 1 nfsd, Live 0xdf4c3000 lockd 68360 2 nfsd, Live 0xdf5ac000 sunrpc 159420 8 nfsd,lockd, Live 0xdf5d7000 ppdev 10628 0 - Live 0xdf4b5000 speedstep_lib 5508 0 - Live 0xdf4bc000 cpufreq_userspace 7328 0 - Live 0xdf4b9000 cpufreq_stats 7488 0 - Live 0xdf4a5000 freq_table 5792 1 cpufreq_stats, Live 0xdf4b2000 cpufreq_powersave 2816 0 - Live 0xdf4a8000 cpufreq_ondemand 8616 0 - Live 0xdf4ae000 cpufreq_conservative 9960 0 - Live 0xdf4aa000 video 17284 0 - Live 0xdf494000 tc1100_wmi 7812 0 - Live 0xdf4a2000 sony_acpi 6540 0 - Live 0xdf49f000 pcc_acpi 13312 0 - Live 0xdf49a000 hotkey 12452 0 - Live 0xdf3eb000 dev_acpi 12164 0 - Live 0xdf488000 container 5504 0 - Live 0xdf485000 button 7568 0 - Live 0xdf3fb000 acpi_sbs 21132 0 - Live 0xdf48d000 battery 10884 1 acpi_sbs, Live 0xdf3f7000 ac 6148 1 acpi_sbs, Live 0xdf3bf000 i2c_acpi_ec 6016 1 acpi_sbs, Live 0xdf3e8000 i2c_core 23296 1 i2c_acpi_ec, Live 0xdf3f0000 reiserfs 284272 1 - Live 0xdf4d4000 nls_utf8 3200 1 - Live 0xdf1c6000 ntfs 112368 1 - Live 0xdf447000 dm_mod 63512 1 - Live 0xdf26e000 md_mod 76756 0 - Live 0xdf3c2000 ipv6 287584 34 - Live 0xdf3ff000 lp 13220 0 - Live 0xdf1c9000 parport_serial 9216 0 - Live 0xdf1bb000 tsdev 8896 0 - Live 0xdf1bf000 e100 43012 0 - Live 0xdf262000 mii 7040 1 e100, Live 0xdf094000 pcspkr 3204 0 - Live 0xdf144000 parport_pc 38724 2 parport_serial, Live 0xdf257000 parport 39624 3 ppdev,lp,parport_pc, Live 0xdf24c000 psmouse 40708 0 - Live 0xdf241000 snd_hda_intel 21140 1 - Live 0xdf1b4000 snd_hda_codec 166960 1 snd_hda_intel, Live 0xdf301000 snd_pcm_oss 56992 0 - Live 0xdf1ea000 snd_mixer_oss 21248 1 snd_pcm_oss, Live 0xdf195000 snd_pcm 96516 3 snd_hda_intel,snd_hda_codec,snd_pcm_oss, Live 0xdf1d1000 snd_timer 27140 1 snd_pcm, Live 0xdf1ac000 serio_raw 8580 0 - Live 0xdf189000 snd 59748 8 snd_hda_intel,snd_hda_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer, Live 0xdf19c000 soundcore 11232 1 snd, Live 0xdf14e000 snd_page_alloc 12296 2 snd_hda_intel,snd_pcm, Live 0xdf149000 intel_agp 25628 1 - Live 0xdf0ac000 agpgart 37580 4 drm,intel_agp, Live 0xdf112000 shpchp 50144 0 - Live 0xdf155000 pci_hotplug 30652 1 shpchp, Live 0xdf11d000 sg 40992 0 - Live 0xdf138000 evdev 11136 1 - Live 0xdf090000 ext3 148104 2 - Live 0xdf163000 jbd 62996 1 ext3, Live 0xdf127000 ide_generic 2432 0 - Live 0xdf05d000 ehci_hcd 37128 0 - Live 0xdf0a1000 uhci_hcd 36112 0 - Live 0xdf097000 usbcore 139140 3 ehci_hcd,uhci_hcd, Live 0xdf0ef000 sd_mod 21248 6 - Live 0xdf06d000 ata_piix 12292 10 - Live 0xdf086000 libata 84240 1 ata_piix, Live 0xdf0d9000 scsi_mod 146184 3 sg,sd_mod,libata, Live 0xdf0b4000 piix 12420 1 - Live 0xdf081000 generic 5892 0 - Live 0xdf06a000 thermal 14728 0 - Live 0xdf07c000 processor 27592 1 thermal, Live 0xdf074000 fan 5764 0 - Live 0xdf067000 capability 5896 0 - Live 0xdf064000 commoncap 8192 1 capability, Live 0xdf061000 vga16fb 14856 1 - Live 0xdf02a000 vgastate 11136 1 vga16fb, Live 0xdf01a000 fbcon 44448 72 - Live 0xdf030000 tileblit 3712 1 fbcon, Live 0xdf022000 font 9216 1 fbcon, Live 0xdf01e000 bitblit 7424 1 fbcon, Live 0xdf002000 softcursor 3200 1 bitblit, Live 0xdf005000 + _________________________ /proc/meminfo + cat /proc/meminfo MemTotal: 487508 kB MemFree: 5504 kB Buffers: 41408 kB Cached: 152796 kB SwapCached: 4 kB Active: 324344 kB Inactive: 51300 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 487508 kB LowFree: 5504 kB SwapTotal: 1028120 kB SwapFree: 1027900 kB Dirty: 528 kB Writeback: 0 kB Mapped: 238540 kB Slab: 31528 kB CommitLimit: 1271872 kB Committed_AS: 306032 kB PageTables: 3784 kB VmallocTotal: 536568 kB VmallocUsed: 7856 kB VmallocChunk: 528500 kB + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /proc/config.gz ++ uname -r + test -f /lib/modules/2.6.15-27-server/build/.config + echo 'no .config file found, cannot list kernel properties' no .config file found, cannot list kernel properties + _________________________ etc/syslog.conf + cat /etc/syslog.conf # /etc/syslog.conf Configuration file for syslogd. # # For more information see syslog.conf(5) # manpage. # # First some standard logfiles. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log uucp.* /var/log/uucp.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # mail.info -/var/log/mail.info mail.warn -/var/log/mail.warn mail.err /var/log/mail.err # Logging for INN news system # news.crit /var/log/news/news.crit news.err /var/log/news/news.err news.notice -/var/log/news/news.notice # # Some `catch-all' logfiles. # *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg * # # I like to have messages displayed on the console, but only on a virtual # console I usually leave idle. # #daemon,mail.*;\ # news.=crit;news.=err;news.=notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn /dev/tty8 # The named pipe /dev/xconsole is for the `xconsole' utility. To use it, # you must invoke `xconsole' with the `-file' option: # # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # daemon.*;mail.*;\ news.crit;news.err;news.notice;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole + _________________________ etc/syslog-ng/syslog-ng.conf + cat /etc/syslog-ng/syslog-ng.conf cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory + _________________________ etc/resolv.conf + cat /etc/resolv.conf nameserver 10.20.50.50 + _________________________ lib/modules-ls + ls -ltr /lib/modules total 12 drwxr-xr-x 4 root root 4096 Nov 15 2006 2.6.15-26-server drwxr-xr-x 3 root root 4096 Dec 3 2006 2.6.16.34rrt102 drwxr-xr-x 4 root root 4096 Dec 29 2006 2.6.15-27-server + _________________________ /proc/ksyms-netif_rx + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms c0292aa0 T netif_rx c0292d10 T netif_rx_ni c0292aa0 U netif_rx [ip_gre] c0292aa0 U netif_rx [ipv6] + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.15-26-server: 2.6.15-27-server: 2.6.16.34rrt102: + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '137,$p' /var/log/syslog + egrep -i 'ipsec|klips|pluto' + case "$1" in + cat Sep 6 17:32:18 localhost ipsec_setup: Starting Openswan IPsec 2.4.9... Sep 6 17:32:23 localhost ipsec__plutorun: 003 "/etc/ipsec.d/policies/clear" line 27: illegal (non-DNS-name) character in name "/32" Sep 6 17:32:31 localhost ipsec__plutorun: 104 "xxx" #1: STATE_MAIN_I1: initiate Sep 6 17:32:31 localhost ipsec__plutorun: ...could not start conn "xxx" Sep 6 17:35:27 localhost ipsec_setup: ...Openswan IPsec stopped Sep 6 17:35:27 localhost ipsec_setup: Stopping Openswan IPsec... + _________________________ plog + sed -n '20441,$p' /var/log/auth.log + egrep -i pluto + case "$1" in + cat Sep 6 17:32:18 localhost ipsec__plutorun: Starting Pluto subsystem... Sep 6 17:32:18 localhost pluto[12215]: Starting Pluto (Openswan Version 2.4.9 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE_]{vKgCoOI) Sep 6 17:32:18 localhost pluto[12215]: Setting NAT-Traversal port-4500 floating to on Sep 6 17:32:18 localhost pluto[12215]: port floating activation criteria nat_t=1/port_fload=1 Sep 6 17:32:18 localhost pluto[12215]: including NAT-Traversal patch (Version 0.6c) Sep 6 17:32:18 localhost pluto[12215]: | opening /dev/urandom Sep 6 17:32:18 localhost pluto[12215]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds Sep 6 17:32:18 localhost pluto[12215]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds Sep 6 17:32:18 localhost pluto[12215]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Sep 6 17:32:18 localhost pluto[12215]: starting up 1 cryptographic helpers Sep 6 17:32:18 localhost pluto[12216]: | opening /dev/urandom Sep 6 17:32:18 localhost pluto[12215]: started helper pid=12216 (fd:6) Sep 6 17:32:18 localhost pluto[12216]: ! helper 0 waiting on fd: 7 Sep 6 17:32:18 localhost pluto[12215]: | process 12215 listening for PF_KEY_V2 on file descriptor 7 Sep 6 17:32:18 localhost pluto[12215]: Using NETKEY IPsec interface code on 2.6.15-27-server Sep 6 17:32:18 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_hdr_build: Sep 6 17:32:18 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfc91ac0 pfkey_ext=0p0xbfc92ae0 *pfkey_ext=0p(nil). Sep 6 17:32:18 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfc91ac0 pfkey_ext=0p0xbfc92ae0 *pfkey_ext=0p0x80fa3f8. Sep 6 17:32:18 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x80f8dc0 allocated 16 bytes, &(extensions[0])=0p0xbfc92ae0 Sep 6 17:32:18 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001. Sep 6 17:32:18 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=2(AH), len=2, res=0, seq=1, pid=12215. Sep 6 17:32:18 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: remain=0 Sep 6 17:32:18 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001. Sep 6 17:32:18 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001. Sep 6 17:32:18 localhost pluto[12215]: | finish_pfkey_msg: SADB_REGISTER message 1 for AH Sep 6 17:32:18 localhost pluto[12215]: | 02 07 00 02 02 00 00 00 01 00 00 00 b7 2f 00 00 Sep 6 17:32:18 localhost pluto[12215]: | pfkey_get: SADB_REGISTER message 1 Sep 6 17:32:18 localhost pluto[12215]: | AH registered with kernel. Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_hdr_build: Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfc91ac0 pfkey_ext=0p0xbfc92ae0 *pfkey_ext=0p(nil). Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfc91ac0 pfkey_ext=0p0xbfc92ae0 *pfkey_ext=0p0x80fa3f8. Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x80f8dc0 allocated 16 bytes, &(extensions[0])=0p0xbfc92ae0 Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001. Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=3(ESP), len=2, res=0, seq=2, pid=12215. Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: remain=0 Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001. Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001. Sep 6 17:32:19 localhost pluto[12215]: | finish_pfkey_msg: SADB_REGISTER message 2 for ESP Sep 6 17:32:19 localhost pluto[12215]: | 02 07 00 03 02 00 00 00 02 00 00 00 b7 2f 00 00 Sep 6 17:32:19 localhost pluto[12215]: | pfkey_get: SADB_REGISTER message 2 Sep 6 17:32:19 localhost pluto[12215]: | alg_init():memset(0x80f6ea0, 0, 2016) memset(0x80f7680, 0, 2048) Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=40 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_add():satype=3, exttype=14, alg_id=251 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_add():satype=3, exttype=14, alg_id=2 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_add():satype=3, exttype=14, alg_id=3 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_add():satype=3, exttype=14, alg_id=5 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=15 sadb_supported_len=64 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_add():satype=3, exttype=15, alg_id=11 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_add():satype=3, exttype=15, alg_id=2 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_add():satype=3, exttype=15, alg_id=3 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_add():satype=3, exttype=15, alg_id=7 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_add():satype=3, exttype=15, alg_id=12 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_add():satype=3, exttype=15, alg_id=252 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_add():satype=3, exttype=15, alg_id=253 Sep 6 17:32:19 localhost pluto[12215]: | kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1 Sep 6 17:32:19 localhost pluto[12215]: | ESP registered with kernel. Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_hdr_build: Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_entry &pfkey_ext=0p0xbfc91ac0 pfkey_ext=0p0xbfc92ae0 *pfkey_ext=0p(nil). Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_hdr_build: on_exit &pfkey_ext=0p0xbfc91ac0 pfkey_ext=0p0xbfc92ae0 *pfkey_ext=0p0x80fa3f8. Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_build: pfkey_msg=0p0x80f8dc0 allocated 16 bytes, &(extensions[0])=0p0xbfc92ae0 Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_build: extensions permitted=00000001, seen=00000001, required=00000001. Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: parsing message ver=2, type=7(register), errno=0, satype=9(IPIP), len=2, res=0, seq=3, pid=12215. Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: remain=0 Sep 6 17:32:19 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, required=00000001. Sep 6 17:32:20 localhost pluto[12215]: | pfkey_lib_debug:pfkey_msg_parse: extensions permitted=00000001, seen=00000001, required=00000001. Sep 6 17:32:20 localhost pluto[12215]: | finish_pfkey_msg: SADB_REGISTER message 3 for IPCOMP Sep 6 17:32:20 localhost pluto[12215]: | 02 07 00 09 02 00 00 00 03 00 00 00 b7 2f 00 00 Sep 6 17:32:20 localhost pluto[12215]: | pfkey_get: SADB_REGISTER message 3 Sep 6 17:32:20 localhost pluto[12215]: | IPCOMP registered with kernel. Sep 6 17:32:20 localhost pluto[12215]: Changing to directory '/etc/ipsec.d/cacerts' Sep 6 17:32:20 localhost pluto[12215]: Changing to directory '/etc/ipsec.d/aacerts' Sep 6 17:32:20 localhost pluto[12215]: Changing to directory '/etc/ipsec.d/ocspcerts' Sep 6 17:32:20 localhost pluto[12215]: Changing to directory '/etc/ipsec.d/crls' Sep 6 17:32:20 localhost pluto[12215]: Warning: empty directory Sep 6 17:32:20 localhost pluto[12215]: | inserting event EVENT_LOG_DAILY, timeout in 23261 seconds Sep 6 17:32:20 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 119 seconds Sep 6 17:32:20 localhost pluto[12215]: | Sep 6 17:32:20 localhost pluto[12215]: | *received whack message Sep 6 17:32:20 localhost pluto[12215]: loading secrets from "/etc/ipsec.secrets" Sep 6 17:32:20 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 118 seconds Sep 6 17:32:20 localhost pluto[12215]: | Sep 6 17:32:20 localhost pluto[12215]: | *received whack message Sep 6 17:32:20 localhost pluto[12215]: | find_host_pair_conn (check_connection_end): 10.20.50.88:500 %any:500 -> hp:none Sep 6 17:32:20 localhost pluto[12215]: | Added new connection packetdefault with policy RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failurePASS Sep 6 17:32:20 localhost pluto[12215]: | counting wild cards for (none) is 0 Sep 6 17:32:20 localhost pluto[12215]: | counting wild cards for (none) is 15 Sep 6 17:32:20 localhost pluto[12215]: | based upon policy, the connection is a template. Sep 6 17:32:20 localhost pluto[12215]: added connection description "packetdefault" Sep 6 17:32:20 localhost pluto[12215]: | 0.0.0.0/0===10.20.50.88[%myid]---10.20.50.50...%opportunistic Sep 6 17:32:20 localhost pluto[12215]: | ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failurePASS Sep 6 17:32:20 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 118 seconds Sep 6 17:32:20 localhost pluto[12215]: | Sep 6 17:32:20 localhost pluto[12215]: | *received whack message Sep 6 17:32:20 localhost pluto[12215]: | Added new connection block with policy TUNNEL+PFS+GROUP+REJECT+NEVER_NEGOTIATE Sep 6 17:32:20 localhost pluto[12215]: | counting wild cards for (none) is 0 Sep 6 17:32:20 localhost pluto[12215]: | counting wild cards for (none) is 15 Sep 6 17:32:20 localhost pluto[12215]: added connection description "block" Sep 6 17:32:20 localhost pluto[12215]: | 10.20.50.88[%myid]---10.20.50.50...%group Sep 6 17:32:20 localhost pluto[12215]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: TUNNEL+PFS+GROUP+REJECT+NEVER_NEGOTIATE Sep 6 17:32:20 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 118 seconds Sep 6 17:32:20 localhost pluto[12215]: | Sep 6 17:32:20 localhost pluto[12215]: | *received whack message Sep 6 17:32:20 localhost pluto[12215]: | Added new connection clear-or-private with policy RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+GROUP+PASS+failurePASS+NEVER_NEGOTIATE Sep 6 17:32:20 localhost pluto[12215]: | counting wild cards for (none) is 0 Sep 6 17:32:20 localhost pluto[12215]: | counting wild cards for (none) is 15 Sep 6 17:32:20 localhost pluto[12215]: added connection description "clear-or-private" Sep 6 17:32:21 localhost pluto[12215]: | 10.20.50.88[%myid]---10.20.50.50...%opportunisticgroup Sep 6 17:32:21 localhost pluto[12215]: | ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+GROUP+PASS+failurePASS+NEVER_NEGOTIATE Sep 6 17:32:21 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 118 seconds Sep 6 17:32:21 localhost pluto[12215]: | Sep 6 17:32:21 localhost pluto[12215]: | *received whack message Sep 6 17:32:21 localhost pluto[12215]: | Added new connection clear with policy TUNNEL+PFS+GROUP+PASS+NEVER_NEGOTIATE Sep 6 17:32:21 localhost pluto[12215]: | counting wild cards for (none) is 0 Sep 6 17:32:21 localhost pluto[12215]: | counting wild cards for (none) is 15 Sep 6 17:32:21 localhost pluto[12215]: added connection description "clear" Sep 6 17:32:21 localhost pluto[12215]: | 10.20.50.88[%myid]---10.20.50.50...%group Sep 6 17:32:21 localhost pluto[12215]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: TUNNEL+PFS+GROUP+PASS+NEVER_NEGOTIATE Sep 6 17:32:21 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 118 seconds Sep 6 17:32:21 localhost pluto[12215]: | Sep 6 17:32:21 localhost pluto[12215]: | *received whack message Sep 6 17:32:21 localhost pluto[12215]: | Added new connection xxx with policy PSK+ENCRYPT Sep 6 17:32:21 localhost pluto[12215]: | from whack: got --esp=3des-md5-96 Sep 6 17:32:21 localhost pluto[12215]: | alg_info_parse_str() ealg_buf=3des aalg_buf=md5eklen=0 aklen=96 Sep 6 17:32:21 localhost pluto[12215]: | enum_search_prefix () calling enum_search(0x80d7bec, "ESP_3DES") Sep 6 17:32:21 localhost pluto[12215]: | parser_alg_info_add() ealg_getbyname("3des")=3 Sep 6 17:32:21 localhost pluto[12215]: | enum_search_prefix () calling enum_search(0x80d79a0, "AUTH_ALGORITHM_HMAC_MD5") Sep 6 17:32:21 localhost pluto[12215]: | parser_alg_info_add() aalg_getbyname("md5")=1 Sep 6 17:32:21 localhost pluto[12215]: | __alg_info_esp_add() ealg=3 aalg=1 cnt=1 Sep 6 17:32:21 localhost pluto[12215]: | esp string values: 3DES(3)_000-MD5(1); flags=strict Sep 6 17:32:21 localhost pluto[12215]: | counting wild cards for (none) is 15 Sep 6 17:32:21 localhost pluto[12215]: | counting wild cards for (none) is 15 Sep 6 17:32:21 localhost pluto[12215]: | alg_info_addref() alg_info->ref_cnt=1 Sep 6 17:32:21 localhost pluto[12215]: | alg_info_addref() alg_info->ref_cnt=2 Sep 6 17:32:21 localhost pluto[12215]: added connection description "xxx" Sep 6 17:32:21 localhost pluto[12215]: | 1.1.1.1...1.1.1.2 Sep 6 17:32:21 localhost pluto[12215]: | ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT Sep 6 17:32:21 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 117 seconds Sep 6 17:32:21 localhost pluto[12215]: | Sep 6 17:32:21 localhost pluto[12215]: | *received whack message Sep 6 17:32:21 localhost pluto[12215]: | find_host_pair_conn (check_connection_end): 10.20.50.88:500 %any:500 -> hp:none Sep 6 17:32:21 localhost pluto[12215]: | Added new connection private-or-clear with policy RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+GROUP+failurePASS Sep 6 17:32:21 localhost pluto[12215]: | counting wild cards for (none) is 0 Sep 6 17:32:21 localhost pluto[12215]: | counting wild cards for (none) is 15 Sep 6 17:32:21 localhost pluto[12215]: added connection description "private-or-clear" Sep 6 17:32:21 localhost pluto[12215]: | 10.20.50.88[%myid]---10.20.50.50...%opportunisticgroup Sep 6 17:32:21 localhost pluto[12215]: | ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+GROUP+failurePASS Sep 6 17:32:21 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 117 seconds Sep 6 17:32:21 localhost pluto[12215]: | Sep 6 17:32:21 localhost pluto[12215]: | *received whack message Sep 6 17:32:21 localhost pluto[12215]: | find_host_pair_conn (check_connection_end): 10.20.50.88:500 %any:500 -> hp:none Sep 6 17:32:21 localhost pluto[12215]: | Added new connection private with policy RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+GROUP+failureDROP Sep 6 17:32:21 localhost pluto[12215]: | counting wild cards for (none) is 0 Sep 6 17:32:21 localhost pluto[12215]: | counting wild cards for (none) is 15 Sep 6 17:32:22 localhost pluto[12215]: added connection description "private" Sep 6 17:32:22 localhost pluto[12215]: | 10.20.50.88[%myid]---10.20.50.50...%opportunisticgroup Sep 6 17:32:22 localhost pluto[12215]: | ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; policy: RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+GROUP+failureDROP Sep 6 17:32:22 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 117 seconds Sep 6 17:32:22 localhost pluto[12215]: | Sep 6 17:32:22 localhost pluto[12215]: | *received whack message Sep 6 17:32:22 localhost pluto[12215]: listening for IKE messages Sep 6 17:32:22 localhost pluto[12215]: | found lo with address 127.0.0.1 Sep 6 17:32:22 localhost pluto[12215]: | found eth0 with address 10.20.50.88 Sep 6 17:32:22 localhost pluto[12215]: | found tun0 with address 1.1.1.1 Sep 6 17:32:22 localhost pluto[12215]: adding interface tun0/tun0 1.1.1.1:500 Sep 6 17:32:22 localhost pluto[12215]: adding interface tun0/tun0 1.1.1.1:4500 Sep 6 17:32:22 localhost pluto[12215]: adding interface eth0/eth0 10.20.50.88:500 Sep 6 17:32:22 localhost pluto[12215]: adding interface eth0/eth0 10.20.50.88:4500 Sep 6 17:32:22 localhost pluto[12215]: adding interface lo/lo 127.0.0.1:500 Sep 6 17:32:22 localhost pluto[12215]: adding interface lo/lo 127.0.0.1:4500 Sep 6 17:32:22 localhost pluto[12215]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001 Sep 6 17:32:22 localhost pluto[12215]: adding interface lo/lo ::1:500 Sep 6 17:32:22 localhost pluto[12215]: | connect_to_host_pair: 10.20.50.88:500 0.0.0.0:500 -> hp:none Sep 6 17:32:22 localhost pluto[12215]: | find_host_pair: comparing to 10.20.50.88:500 0.0.0.0:500 Sep 6 17:32:22 localhost pluto[12215]: | connect_to_host_pair: 10.20.50.88:500 0.0.0.0:500 -> hp:private Sep 6 17:32:22 localhost pluto[12215]: | find_host_pair: comparing to 10.20.50.88:500 0.0.0.0:500 Sep 6 17:32:22 localhost pluto[12215]: | connect_to_host_pair: 1.1.1.1:500 1.1.1.2:500 -> hp:none Sep 6 17:32:22 localhost pluto[12215]: | find_host_pair: comparing to 1.1.1.1:500 1.1.1.2:500 Sep 6 17:32:22 localhost pluto[12215]: | find_host_pair: comparing to 10.20.50.88:500 0.0.0.0:500 Sep 6 17:32:22 localhost pluto[12215]: | connect_to_host_pair: 10.20.50.88:500 0.0.0.0:500 -> hp:private-or-clear Sep 6 17:32:22 localhost pluto[12215]: | find_host_pair: comparing to 10.20.50.88:500 0.0.0.0:500 Sep 6 17:32:22 localhost pluto[12215]: | connect_to_host_pair: 10.20.50.88:500 0.0.0.0:500 -> hp:clear Sep 6 17:32:22 localhost pluto[12215]: | find_host_pair: comparing to 10.20.50.88:500 0.0.0.0:500 Sep 6 17:32:22 localhost pluto[12215]: | connect_to_host_pair: 10.20.50.88:500 0.0.0.0:500 -> hp:clear-or-private Sep 6 17:32:22 localhost pluto[12215]: | find_host_pair: comparing to 10.20.50.88:500 0.0.0.0:500 Sep 6 17:32:22 localhost pluto[12215]: | connect_to_host_pair: 10.20.50.88:500 0.0.0.0:500 -> hp:block Sep 6 17:32:22 localhost pluto[12215]: forgetting secrets Sep 6 17:32:22 localhost pluto[12215]: loading secrets from "/etc/ipsec.secrets" Sep 6 17:32:22 localhost pluto[12215]: loading group "/etc/ipsec.d/policies/private" Sep 6 17:32:22 localhost pluto[12215]: loading group "/etc/ipsec.d/policies/private-or-clear" Sep 6 17:32:22 localhost pluto[12215]: loading group "/etc/ipsec.d/policies/clear" Sep 6 17:32:22 localhost pluto[12215]: "/etc/ipsec.d/policies/clear" line 27: illegal (non-DNS-name) character in name "/32" Sep 6 17:32:23 localhost pluto[12215]: loading group "/etc/ipsec.d/policies/clear-or-private" Sep 6 17:32:23 localhost pluto[12215]: loading group "/etc/ipsec.d/policies/block" Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->0.0.0.0/0 private-or-clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->128.8.10.90/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->128.63.2.53/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->192.5.5.241/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->192.33.4.12/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->192.36.148.17/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->192.58.128.30/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->192.112.36.4/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->192.203.230.10/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->192.228.79.201/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->193.0.14.129/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->198.32.64.12/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->198.41.0.4/32 clear Sep 6 17:32:23 localhost pluto[12215]: | 10.20.50.88/32->202.12.27.33/32 clear Sep 6 17:32:23 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 115 seconds Sep 6 17:32:23 localhost pluto[12215]: | Sep 6 17:32:23 localhost pluto[12215]: | *received whack message Sep 6 17:32:23 localhost pluto[12215]: | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Sep 6 17:32:23 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 115 seconds Sep 6 17:32:23 localhost pluto[12215]: | Sep 6 17:32:23 localhost pluto[12215]: | *received whack message Sep 6 17:32:23 localhost pluto[12215]: | processing connection packetdefault Sep 6 17:32:23 localhost pluto[12215]: | route owner of "packetdefault" unrouted: NULL; eroute owner: NULL Sep 6 17:32:23 localhost pluto[12215]: | could_route called for packetdefault (kind=CK_TEMPLATE) Sep 6 17:32:23 localhost pluto[12215]: | route owner of "packetdefault" unrouted: NULL; eroute owner: NULL Sep 6 17:32:23 localhost pluto[12215]: | route_and_eroute with c: packetdefault (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:23 localhost pluto[12215]: | add eroute 0.0.0.0/0:0 --0-> 0.0.0.0/0:0 => %trap (raw_eroute) Sep 6 17:32:23 localhost pluto[12215]: | eroute_connection add eroute 0.0.0.0/0:0 --0-> 0.0.0.0/0:0 => %trap (raw_eroute) Sep 6 17:32:23 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:23 localhost pluto[12215]: | command executing prepare-client Sep 6 17:32:23 localhost pluto[12215]: | executing prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='packetdefault' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failurePASS' ipsec _updown Sep 6 17:32:23 localhost pluto[12215]: | command executing route-client Sep 6 17:32:23 localhost pluto[12215]: | executing route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='packetdefault' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failurePASS' ipsec _updown Sep 6 17:32:24 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 115 seconds Sep 6 17:32:24 localhost pluto[12215]: | Sep 6 17:32:24 localhost pluto[12215]: | *received whack message Sep 6 17:32:24 localhost pluto[12215]: | processing connection block Sep 6 17:32:24 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 115 seconds Sep 6 17:32:24 localhost pluto[12215]: | Sep 6 17:32:24 localhost pluto[12215]: | *received whack message Sep 6 17:32:24 localhost pluto[12215]: | processing connection clear-or-private Sep 6 17:32:24 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 115 seconds Sep 6 17:32:24 localhost pluto[12215]: | Sep 6 17:32:24 localhost pluto[12215]: | *received whack message Sep 6 17:32:24 localhost pluto[12215]: | processing connection clear Sep 6 17:32:24 localhost pluto[12215]: | processing connection clear#128.8.10.90/32 0.0.0.0 Sep 6 17:32:24 localhost pluto[12215]: | route owner of "clear#128.8.10.90/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:24 localhost pluto[12215]: | could_route called for clear#128.8.10.90/32 (kind=CK_INSTANCE) Sep 6 17:32:24 localhost pluto[12215]: | route owner of "clear#128.8.10.90/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:24 localhost pluto[12215]: | route_and_eroute with c: clear#128.8.10.90/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:24 localhost pluto[12215]: | add eroute 128.8.10.90/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:24 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 128.8.10.90/32:0 => %pass (raw_eroute) Sep 6 17:32:24 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:24 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:24 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#128.8.10.90/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='128.8.10.90/32' PLUTO_PEER_CLIENT_NET='128.8.10.90' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:24 localhost pluto[12215]: | command executing route-host Sep 6 17:32:24 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#128.8.10.90/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='128.8.10.90/32' PLUTO_PEER_CLIENT_NET='128.8.10.90' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:24 localhost pluto[12215]: | processing connection clear Sep 6 17:32:24 localhost pluto[12215]: | processing connection clear#128.63.2.53/32 0.0.0.0 Sep 6 17:32:24 localhost pluto[12215]: | route owner of "clear#128.63.2.53/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:24 localhost pluto[12215]: | could_route called for clear#128.63.2.53/32 (kind=CK_INSTANCE) Sep 6 17:32:24 localhost pluto[12215]: | route owner of "clear#128.63.2.53/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:24 localhost pluto[12215]: | route_and_eroute with c: clear#128.63.2.53/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:24 localhost pluto[12215]: | add eroute 128.63.2.53/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:24 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 128.63.2.53/32:0 => %pass (raw_eroute) Sep 6 17:32:24 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:24 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:24 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#128.63.2.53/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='128.63.2.53/32' PLUTO_PEER_CLIENT_NET='128.63.2.53' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:24 localhost pluto[12215]: | command executing route-host Sep 6 17:32:24 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#128.63.2.53/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='128.63.2.53/32' PLUTO_PEER_CLIENT_NET='128.63.2.53' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:24 localhost pluto[12215]: | processing connection clear Sep 6 17:32:24 localhost pluto[12215]: | processing connection clear#192.5.5.241/32 0.0.0.0 Sep 6 17:32:24 localhost pluto[12215]: | route owner of "clear#192.5.5.241/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:24 localhost pluto[12215]: | could_route called for clear#192.5.5.241/32 (kind=CK_INSTANCE) Sep 6 17:32:24 localhost pluto[12215]: | route owner of "clear#192.5.5.241/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:24 localhost pluto[12215]: | route_and_eroute with c: clear#192.5.5.241/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:24 localhost pluto[12215]: | add eroute 192.5.5.241/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:25 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 192.5.5.241/32:0 => %pass (raw_eroute) Sep 6 17:32:25 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:25 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:25 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#192.5.5.241/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.5.5.241/32' PLUTO_PEER_CLIENT_NET='192.5.5.241' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:25 localhost pluto[12215]: | command executing route-host Sep 6 17:32:25 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#192.5.5.241/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.5.5.241/32' PLUTO_PEER_CLIENT_NET='192.5.5.241' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:25 localhost pluto[12215]: | processing connection clear Sep 6 17:32:25 localhost pluto[12215]: | processing connection clear#192.33.4.12/32 0.0.0.0 Sep 6 17:32:25 localhost pluto[12215]: | route owner of "clear#192.33.4.12/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:25 localhost pluto[12215]: | could_route called for clear#192.33.4.12/32 (kind=CK_INSTANCE) Sep 6 17:32:25 localhost pluto[12215]: | route owner of "clear#192.33.4.12/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:25 localhost pluto[12215]: | route_and_eroute with c: clear#192.33.4.12/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:25 localhost pluto[12215]: | add eroute 192.33.4.12/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:25 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 192.33.4.12/32:0 => %pass (raw_eroute) Sep 6 17:32:25 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:25 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:25 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#192.33.4.12/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.33.4.12/32' PLUTO_PEER_CLIENT_NET='192.33.4.12' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:25 localhost pluto[12215]: | command executing route-host Sep 6 17:32:25 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#192.33.4.12/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.33.4.12/32' PLUTO_PEER_CLIENT_NET='192.33.4.12' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:25 localhost pluto[12215]: | processing connection clear Sep 6 17:32:25 localhost pluto[12215]: | processing connection clear#192.36.148.17/32 0.0.0.0 Sep 6 17:32:25 localhost pluto[12215]: | route owner of "clear#192.36.148.17/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:25 localhost pluto[12215]: | could_route called for clear#192.36.148.17/32 (kind=CK_INSTANCE) Sep 6 17:32:25 localhost pluto[12215]: | route owner of "clear#192.36.148.17/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:25 localhost pluto[12215]: | route_and_eroute with c: clear#192.36.148.17/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:25 localhost pluto[12215]: | add eroute 192.36.148.17/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:25 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 192.36.148.17/32:0 => %pass (raw_eroute) Sep 6 17:32:25 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:25 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:25 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#192.36.148.17/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.36.148.17/32' PLUTO_PEER_CLIENT_NET='192.36.148.17' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:25 localhost pluto[12215]: | command executing route-host Sep 6 17:32:25 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#192.36.148.17/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.36.148.17/32' PLUTO_PEER_CLIENT_NET='192.36.148.17' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:25 localhost pluto[12215]: | processing connection clear Sep 6 17:32:25 localhost pluto[12215]: | processing connection clear#192.58.128.30/32 0.0.0.0 Sep 6 17:32:25 localhost pluto[12215]: | route owner of "clear#192.58.128.30/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:25 localhost pluto[12215]: | could_route called for clear#192.58.128.30/32 (kind=CK_INSTANCE) Sep 6 17:32:25 localhost pluto[12215]: | route owner of "clear#192.58.128.30/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:25 localhost pluto[12215]: | route_and_eroute with c: clear#192.58.128.30/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:25 localhost pluto[12215]: | add eroute 192.58.128.30/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:25 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 192.58.128.30/32:0 => %pass (raw_eroute) Sep 6 17:32:25 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:25 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:25 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#192.58.128.30/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.58.128.30/32' PLUTO_PEER_CLIENT_NET='192.58.128.30' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:25 localhost pluto[12215]: | command executing route-host Sep 6 17:32:25 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#192.58.128.30/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.58.128.30/32' PLUTO_PEER_CLIENT_NET='192.58.128.30' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:25 localhost pluto[12215]: | processing connection clear Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear#192.112.36.4/32 0.0.0.0 Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#192.112.36.4/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | could_route called for clear#192.112.36.4/32 (kind=CK_INSTANCE) Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#192.112.36.4/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute with c: clear#192.112.36.4/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:26 localhost pluto[12215]: | add eroute 192.112.36.4/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 192.112.36.4/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:26 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:26 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#192.112.36.4/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.112.36.4/32' PLUTO_PEER_CLIENT_NET='192.112.36.4' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | command executing route-host Sep 6 17:32:26 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#192.112.36.4/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.112.36.4/32' PLUTO_PEER_CLIENT_NET='192.112.36.4' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear#192.203.230.10/32 0.0.0.0 Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#192.203.230.10/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | could_route called for clear#192.203.230.10/32 (kind=CK_INSTANCE) Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#192.203.230.10/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute with c: clear#192.203.230.10/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:26 localhost pluto[12215]: | add eroute 192.203.230.10/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 192.203.230.10/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:26 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:26 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#192.203.230.10/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.203.230.10/32' PLUTO_PEER_CLIENT_NET='192.203.230.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | command executing route-host Sep 6 17:32:26 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#192.203.230.10/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.203.230.10/32' PLUTO_PEER_CLIENT_NET='192.203.230.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear#192.228.79.201/32 0.0.0.0 Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#192.228.79.201/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | could_route called for clear#192.228.79.201/32 (kind=CK_INSTANCE) Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#192.228.79.201/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute with c: clear#192.228.79.201/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:26 localhost pluto[12215]: | add eroute 192.228.79.201/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 192.228.79.201/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:26 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:26 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#192.228.79.201/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.228.79.201/32' PLUTO_PEER_CLIENT_NET='192.228.79.201' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | command executing route-host Sep 6 17:32:26 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#192.228.79.201/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.228.79.201/32' PLUTO_PEER_CLIENT_NET='192.228.79.201' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear#193.0.14.129/32 0.0.0.0 Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#193.0.14.129/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | could_route called for clear#193.0.14.129/32 (kind=CK_INSTANCE) Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#193.0.14.129/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute with c: clear#193.0.14.129/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:26 localhost pluto[12215]: | add eroute 193.0.14.129/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 193.0.14.129/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:26 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:26 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#193.0.14.129/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='193.0.14.129/32' PLUTO_PEER_CLIENT_NET='193.0.14.129' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | command executing route-host Sep 6 17:32:26 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#193.0.14.129/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='193.0.14.129/32' PLUTO_PEER_CLIENT_NET='193.0.14.129' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear#198.32.64.12/32 0.0.0.0 Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#198.32.64.12/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | could_route called for clear#198.32.64.12/32 (kind=CK_INSTANCE) Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#198.32.64.12/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute with c: clear#198.32.64.12/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:26 localhost pluto[12215]: | add eroute 198.32.64.12/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 198.32.64.12/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:26 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:26 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#198.32.64.12/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='198.32.64.12/32' PLUTO_PEER_CLIENT_NET='198.32.64.12' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | command executing route-host Sep 6 17:32:26 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#198.32.64.12/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='198.32.64.12/32' PLUTO_PEER_CLIENT_NET='198.32.64.12' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear#198.41.0.4/32 0.0.0.0 Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#198.41.0.4/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | could_route called for clear#198.41.0.4/32 (kind=CK_INSTANCE) Sep 6 17:32:26 localhost pluto[12215]: | route owner of "clear#198.41.0.4/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute with c: clear#198.41.0.4/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:26 localhost pluto[12215]: | add eroute 198.41.0.4/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 198.41.0.4/32:0 => %pass (raw_eroute) Sep 6 17:32:26 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:26 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:26 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#198.41.0.4/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='198.41.0.4/32' PLUTO_PEER_CLIENT_NET='198.41.0.4' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | command executing route-host Sep 6 17:32:26 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#198.41.0.4/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='198.41.0.4/32' PLUTO_PEER_CLIENT_NET='198.41.0.4' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:26 localhost pluto[12215]: | processing connection clear Sep 6 17:32:27 localhost pluto[12215]: | processing connection clear#202.12.27.33/32 0.0.0.0 Sep 6 17:32:27 localhost pluto[12215]: | route owner of "clear#202.12.27.33/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:27 localhost pluto[12215]: | could_route called for clear#202.12.27.33/32 (kind=CK_INSTANCE) Sep 6 17:32:27 localhost pluto[12215]: | route owner of "clear#202.12.27.33/32" 0.0.0.0 unrouted: NULL; eroute owner: NULL Sep 6 17:32:27 localhost pluto[12215]: | route_and_eroute with c: clear#202.12.27.33/32 (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:27 localhost pluto[12215]: | add eroute 202.12.27.33/32:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:32:27 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 202.12.27.33/32:0 => %pass (raw_eroute) Sep 6 17:32:27 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:27 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:27 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='clear#202.12.27.33/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='202.12.27.33/32' PLUTO_PEER_CLIENT_NET='202.12.27.33' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:27 localhost pluto[12215]: | command executing route-host Sep 6 17:32:27 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='clear#202.12.27.33/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='202.12.27.33/32' PLUTO_PEER_CLIENT_NET='202.12.27.33' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:32:27 localhost pluto[12215]: | processing connection clear Sep 6 17:32:27 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 111 seconds Sep 6 17:32:27 localhost pluto[12215]: | Sep 6 17:32:27 localhost pluto[12215]: | *received kernel message Sep 6 17:32:27 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:32:27 localhost pluto[12215]: | add bare shunt 0x80fdb40 10.20.50.88/32:0 -0-> 209.97.208.98/32:0 => %hold 0 %acquire-netlink Sep 6 17:32:27 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.97.208.98:0 proto=0 state: fos_start because: acquire Sep 6 17:32:27 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.97.208.98:0/0 Sep 6 17:32:27 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:27 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:27 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:32:27 localhost pluto[12215]: | creating new instance from "packetdefault" Sep 6 17:32:27 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.97.208.98 new state: fos_start with ugh: ok Sep 6 17:32:27 localhost pluto[12215]: | DNS query 1 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:32:27 localhost pluto[12215]: | Sep 6 17:32:27 localhost pluto[12215]: | *received whack message Sep 6 17:32:27 localhost pluto[12215]: | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Sep 6 17:32:27 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 111 seconds Sep 6 17:32:27 localhost pluto[12215]: | Sep 6 17:32:27 localhost pluto[12215]: | *received whack message Sep 6 17:32:27 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:27 localhost pluto[12215]: | route owner of "xxx" unrouted: NULL; eroute owner: NULL Sep 6 17:32:27 localhost pluto[12215]: | could_route called for xxx (kind=CK_PERMANENT) Sep 6 17:32:27 localhost pluto[12215]: | route owner of "xxx" unrouted: NULL; eroute owner: NULL Sep 6 17:32:27 localhost pluto[12215]: | route_and_eroute with c: xxx (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0 Sep 6 17:32:27 localhost pluto[12215]: | add eroute 1.1.1.2/32:0 --0-> 1.1.1.1/32:0 => %trap (raw_eroute) Sep 6 17:32:27 localhost pluto[12215]: | eroute_connection add eroute 1.1.1.1/32:0 --0-> 1.1.1.2/32:0 => %trap (raw_eroute) Sep 6 17:32:27 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:27 localhost pluto[12215]: | command executing prepare-host Sep 6 17:32:27 localhost pluto[12215]: | executing prepare-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='xxx' PLUTO_NEXT_HOP='1.1.1.2' PLUTO_INTERFACE='tun0' PLUTO_ME='1.1.1.1' PLUTO_MY_ID='1.1.1.1' PLUTO_MY_CLIENT='1.1.1.1/32' PLUTO_MY_CLIENT_NET='1.1.1.1' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='1.1.1.2' PLUTO_PEER_ID='1.1.1.2' PLUTO_PEER_CLIENT='1.1.1.2/32' PLUTO_PEER_CLIENT_NET='1.1.1.2' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT' ipsec _updown Sep 6 17:32:27 localhost pluto[12215]: | command executing route-host Sep 6 17:32:27 localhost pluto[12215]: | executing route-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-host' PLUTO_CONNECTION='xxx' PLUTO_NEXT_HOP='1.1.1.2' PLUTO_INTERFACE='tun0' PLUTO_ME='1.1.1.1' PLUTO_MY_ID='1.1.1.1' PLUTO_MY_CLIENT='1.1.1.1/32' PLUTO_MY_CLIENT_NET='1.1.1.1' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='1.1.1.2' PLUTO_PEER_ID='1.1.1.2' PLUTO_PEER_CLIENT='1.1.1.2/32' PLUTO_PEER_CLIENT_NET='1.1.1.2' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT' ipsec _updown Sep 6 17:32:27 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 111 seconds Sep 6 17:32:27 localhost pluto[12215]: | Sep 6 17:32:27 localhost pluto[12215]: | *received adns message Sep 6 17:32:27 localhost pluto[12215]: | Sep 6 17:32:27 localhost pluto[12215]: | asynch DNS answer 1 failure querying DNS for TXT of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:27 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 209.97.208.98: failure querying DNS for TXT of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:27 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.97.208.98:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:32:27 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.97.208.98:0/0 Sep 6 17:32:27 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:27 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:27 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:32:27 localhost pluto[12215]: | creating new instance from "packetdefault" Sep 6 17:32:27 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:27 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:27 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:27 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:32:27 localhost pluto[12215]: can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:32:27 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.97.208.98 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:32:27 localhost pluto[12215]: | DNS query 2 for TXT for RRT102. (gw: @RRT102) Sep 6 17:32:27 localhost pluto[12215]: | Sep 6 17:32:27 localhost pluto[12215]: | *received kernel message Sep 6 17:32:27 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:32:27 localhost pluto[12215]: | add bare shunt 0x80fdbd8 10.20.50.88/32:0 -0-> 10.20.50.50/32:0 => %hold 0 %acquire-netlink Sep 6 17:32:27 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.50.50:0 proto=0 state: fos_start because: acquire Sep 6 17:32:27 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.50.50:0/0 Sep 6 17:32:27 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:27 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:27 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:32:27 localhost pluto[12215]: | creating new instance from "packetdefault" Sep 6 17:32:27 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.50.50 new state: fos_start with ugh: ok Sep 6 17:32:27 localhost pluto[12215]: | DNS query 3 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:32:27 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 111 seconds Sep 6 17:32:27 localhost pluto[12215]: | Sep 6 17:32:27 localhost pluto[12215]: | *received whack message Sep 6 17:32:27 localhost pluto[12215]: | processing connection private-or-clear Sep 6 17:32:27 localhost pluto[12215]: | processing connection private-or-clear#0.0.0.0/0 Sep 6 17:32:27 localhost pluto[12215]: | route owner of "private-or-clear#0.0.0.0/0" unrouted: "packetdefault" prospective erouted; eroute owner: NULL Sep 6 17:32:27 localhost pluto[12215]: | could_route called for private-or-clear#0.0.0.0/0 (kind=CK_TEMPLATE) Sep 6 17:32:27 localhost pluto[12215]: | route owner of "private-or-clear#0.0.0.0/0" unrouted: "packetdefault" prospective erouted; eroute owner: NULL Sep 6 17:32:27 localhost pluto[12215]: | route_and_eroute with c: private-or-clear#0.0.0.0/0 (next: none) ero:null esr:{(nil)} ro:packetdefault rosr:{0x80f90cc} and state: 0 Sep 6 17:32:27 localhost pluto[12215]: | add eroute 0.0.0.0/0:0 --0-> 10.20.50.88/32:0 => %trap (raw_eroute) Sep 6 17:32:28 localhost pluto[12215]: | eroute_connection add eroute 10.20.50.88/32:0 --0-> 0.0.0.0/0:0 => %trap (raw_eroute) Sep 6 17:32:28 localhost pluto[12215]: | route_and_eroute: firewall_notified: true Sep 6 17:32:28 localhost pluto[12215]: | processing connection private-or-clear Sep 6 17:32:28 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 111 seconds Sep 6 17:32:28 localhost pluto[12215]: | Sep 6 17:32:28 localhost pluto[12215]: | *received adns message Sep 6 17:32:28 localhost pluto[12215]: | Sep 6 17:32:28 localhost pluto[12215]: | asynch DNS answer 3 failure querying DNS for TXT of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:28 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 10.20.50.50: failure querying DNS for TXT of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:28 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.50.50:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:32:28 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.50.50:0/0 Sep 6 17:32:28 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:28 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:28 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:28 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:28 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:28 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:28 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:28 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:28 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:28 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:32:28 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.50.50 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:32:28 localhost pluto[12215]: | DNS query 4 for TXT for RRT102. (gw: @RRT102) Sep 6 17:32:28 localhost pluto[12215]: | Sep 6 17:32:28 localhost pluto[12215]: | asynch DNS answer 2 failure querying DNS for TXT of RRT102.: Host name lookup failure Sep 6 17:32:28 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 209.97.208.98: failure querying DNS for TXT of RRT102.: Host name lookup failure Sep 6 17:32:28 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.97.208.98:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:32:28 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.97.208.98:0/0 Sep 6 17:32:28 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:28 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:28 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:28 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:28 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:28 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:28 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:28 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:28 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:28 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:32:28 localhost pluto[12215]: can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:32:28 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.97.208.98 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:32:28 localhost pluto[12215]: | DNS query 5 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:32:28 localhost pluto[12215]: | Sep 6 17:32:28 localhost pluto[12215]: | *received whack message Sep 6 17:32:28 localhost pluto[12215]: | processing connection private Sep 6 17:32:28 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 110 seconds Sep 6 17:32:28 localhost pluto[12215]: | Sep 6 17:32:28 localhost pluto[12215]: | *received kernel message Sep 6 17:32:28 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:32:28 localhost pluto[12215]: | add bare shunt 0x80fdcb0 10.20.50.88/32:0 -0-> 209.85.147.83/32:0 => %hold 0 %acquire-netlink Sep 6 17:32:28 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.85.147.83:0 proto=0 state: fos_start because: acquire Sep 6 17:32:28 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.85.147.83:0/0 Sep 6 17:32:28 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:28 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:28 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:28 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:28 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:28 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:28 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.85.147.83 new state: fos_start with ugh: ok Sep 6 17:32:28 localhost pluto[12215]: | DNS query 6 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:32:28 localhost pluto[12215]: | Sep 6 17:32:28 localhost pluto[12215]: | *received whack message Sep 6 17:32:28 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:28 localhost pluto[12215]: | kernel_alg_db_new() initial trans_cnt=28 Sep 6 17:32:28 localhost pluto[12215]: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 Sep 6 17:32:28 localhost pluto[12215]: | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1 Sep 6 17:32:28 localhost pluto[12215]: | returning new proposal from esp_info Sep 6 17:32:28 localhost pluto[12215]: | creating state object #1 at 0x80fefc8 Sep 6 17:32:28 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:28 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:28 localhost pluto[12215]: | RCOOKIE: 00 00 00 00 00 00 00 00 Sep 6 17:32:28 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:32:28 localhost pluto[12215]: | state hash entry 29 Sep 6 17:32:28 localhost pluto[12215]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 Sep 6 17:32:28 localhost pluto[12215]: | Queuing pending Quick Mode with 1.1.1.2 "xxx" Sep 6 17:32:28 localhost pluto[12215]: "xxx" #1: initiating Main Mode Sep 6 17:32:28 localhost pluto[12215]: | **emit ISAKMP Message: Sep 6 17:32:28 localhost pluto[12215]: | initiator cookie: Sep 6 17:32:28 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:28 localhost pluto[12215]: | responder cookie: Sep 6 17:32:28 localhost pluto[12215]: | 00 00 00 00 00 00 00 00 Sep 6 17:32:28 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_SA Sep 6 17:32:28 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:32:28 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_IDPROT Sep 6 17:32:28 localhost pluto[12215]: | flags: none Sep 6 17:32:28 localhost pluto[12215]: | message ID: 00 00 00 00 Sep 6 17:32:28 localhost pluto[12215]: | no IKE algorithms for this connection Sep 6 17:32:28 localhost pluto[12215]: | ***emit ISAKMP Security Association Payload: Sep 6 17:32:28 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_VID Sep 6 17:32:28 localhost pluto[12215]: | DOI: ISAKMP_DOI_IPSEC Sep 6 17:32:28 localhost pluto[12215]: | ****emit IPsec DOI SIT: Sep 6 17:32:28 localhost pluto[12215]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Sep 6 17:32:28 localhost pluto[12215]: | out_sa pcn: 0 has 1 valid proposals Sep 6 17:32:28 localhost pluto[12215]: | out_sa pcn: 0 pn: 0<1 valid_count: 1 Sep 6 17:32:28 localhost pluto[12215]: | ****emit ISAKMP Proposal Payload: Sep 6 17:32:28 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:28 localhost pluto[12215]: | proposal number: 0 Sep 6 17:32:28 localhost pluto[12215]: | protocol ID: PROTO_ISAKMP Sep 6 17:32:28 localhost pluto[12215]: | SPI size: 0 Sep 6 17:32:29 localhost pluto[12215]: | number of transforms: 4 Sep 6 17:32:29 localhost pluto[12215]: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 6 17:32:29 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_T Sep 6 17:32:29 localhost pluto[12215]: | transform number: 0 Sep 6 17:32:29 localhost pluto[12215]: | transform ID: KEY_IKE Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_LIFE_TYPE Sep 6 17:32:29 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:29 localhost pluto[12215]: | [1 is OAKLEY_LIFE_SECONDS] Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_LIFE_DURATION Sep 6 17:32:29 localhost pluto[12215]: | length/value: 3600 Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Sep 6 17:32:29 localhost pluto[12215]: | length/value: 5 Sep 6 17:32:29 localhost pluto[12215]: | [5 is OAKLEY_3DES_CBC] Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_HASH_ALGORITHM Sep 6 17:32:29 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:29 localhost pluto[12215]: | [1 is OAKLEY_MD5] Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_AUTHENTICATION_METHOD Sep 6 17:32:29 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:29 localhost pluto[12215]: | [1 is OAKLEY_PRESHARED_KEY] Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_GROUP_DESCRIPTION Sep 6 17:32:29 localhost pluto[12215]: | length/value: 5 Sep 6 17:32:29 localhost pluto[12215]: | [5 is OAKLEY_GROUP_MODP1536] Sep 6 17:32:29 localhost pluto[12215]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 6 17:32:29 localhost pluto[12215]: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 6 17:32:29 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_T Sep 6 17:32:29 localhost pluto[12215]: | transform number: 1 Sep 6 17:32:29 localhost pluto[12215]: | transform ID: KEY_IKE Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_LIFE_TYPE Sep 6 17:32:29 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:29 localhost pluto[12215]: | [1 is OAKLEY_LIFE_SECONDS] Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_LIFE_DURATION Sep 6 17:32:29 localhost pluto[12215]: | length/value: 3600 Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Sep 6 17:32:29 localhost pluto[12215]: | length/value: 5 Sep 6 17:32:29 localhost pluto[12215]: | [5 is OAKLEY_3DES_CBC] Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_HASH_ALGORITHM Sep 6 17:32:29 localhost pluto[12215]: | length/value: 2 Sep 6 17:32:29 localhost pluto[12215]: | [2 is OAKLEY_SHA1] Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_AUTHENTICATION_METHOD Sep 6 17:32:29 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:29 localhost pluto[12215]: | [1 is OAKLEY_PRESHARED_KEY] Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_GROUP_DESCRIPTION Sep 6 17:32:29 localhost pluto[12215]: | length/value: 5 Sep 6 17:32:29 localhost pluto[12215]: | [5 is OAKLEY_GROUP_MODP1536] Sep 6 17:32:29 localhost pluto[12215]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 6 17:32:29 localhost pluto[12215]: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 6 17:32:29 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_T Sep 6 17:32:29 localhost pluto[12215]: | transform number: 2 Sep 6 17:32:29 localhost pluto[12215]: | transform ID: KEY_IKE Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_LIFE_TYPE Sep 6 17:32:29 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:29 localhost pluto[12215]: | [1 is OAKLEY_LIFE_SECONDS] Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_LIFE_DURATION Sep 6 17:32:29 localhost pluto[12215]: | length/value: 3600 Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Sep 6 17:32:29 localhost pluto[12215]: | length/value: 5 Sep 6 17:32:29 localhost pluto[12215]: | [5 is OAKLEY_3DES_CBC] Sep 6 17:32:29 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:29 localhost pluto[12215]: | af+type: OAKLEY_HASH_ALGORITHM Sep 6 17:32:30 localhost pluto[12215]: | length/value: 2 Sep 6 17:32:30 localhost pluto[12215]: | [2 is OAKLEY_SHA1] Sep 6 17:32:30 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:30 localhost pluto[12215]: | af+type: OAKLEY_AUTHENTICATION_METHOD Sep 6 17:32:30 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:30 localhost pluto[12215]: | [1 is OAKLEY_PRESHARED_KEY] Sep 6 17:32:30 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:30 localhost pluto[12215]: | af+type: OAKLEY_GROUP_DESCRIPTION Sep 6 17:32:30 localhost pluto[12215]: | length/value: 2 Sep 6 17:32:30 localhost pluto[12215]: | [2 is OAKLEY_GROUP_MODP1024] Sep 6 17:32:30 localhost pluto[12215]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 6 17:32:30 localhost pluto[12215]: | *****emit ISAKMP Transform Payload (ISAKMP): Sep 6 17:32:30 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:30 localhost pluto[12215]: | transform number: 3 Sep 6 17:32:30 localhost pluto[12215]: | transform ID: KEY_IKE Sep 6 17:32:30 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:30 localhost pluto[12215]: | af+type: OAKLEY_LIFE_TYPE Sep 6 17:32:30 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:30 localhost pluto[12215]: | [1 is OAKLEY_LIFE_SECONDS] Sep 6 17:32:30 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:30 localhost pluto[12215]: | af+type: OAKLEY_LIFE_DURATION Sep 6 17:32:30 localhost pluto[12215]: | length/value: 3600 Sep 6 17:32:30 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:30 localhost pluto[12215]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Sep 6 17:32:30 localhost pluto[12215]: | length/value: 5 Sep 6 17:32:30 localhost pluto[12215]: | [5 is OAKLEY_3DES_CBC] Sep 6 17:32:30 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:30 localhost pluto[12215]: | af+type: OAKLEY_HASH_ALGORITHM Sep 6 17:32:30 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:30 localhost pluto[12215]: | [1 is OAKLEY_MD5] Sep 6 17:32:30 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:30 localhost pluto[12215]: | af+type: OAKLEY_AUTHENTICATION_METHOD Sep 6 17:32:30 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:30 localhost pluto[12215]: | [1 is OAKLEY_PRESHARED_KEY] Sep 6 17:32:30 localhost pluto[12215]: | ******emit ISAKMP Oakley attribute: Sep 6 17:32:30 localhost pluto[12215]: | af+type: OAKLEY_GROUP_DESCRIPTION Sep 6 17:32:30 localhost pluto[12215]: | length/value: 2 Sep 6 17:32:30 localhost pluto[12215]: | [2 is OAKLEY_GROUP_MODP1024] Sep 6 17:32:30 localhost pluto[12215]: | emitting length of ISAKMP Transform Payload (ISAKMP): 32 Sep 6 17:32:30 localhost pluto[12215]: | emitting length of ISAKMP Proposal Payload: 136 Sep 6 17:32:30 localhost pluto[12215]: | emitting length of ISAKMP Security Association Payload: 148 Sep 6 17:32:30 localhost pluto[12215]: | ***emit ISAKMP Vendor ID Payload: Sep 6 17:32:30 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:30 localhost pluto[12215]: | emitting 12 raw bytes of Vendor ID into ISAKMP Vendor ID Payload Sep 6 17:32:30 localhost pluto[12215]: | Vendor ID 4f 45 5f 5d 7b 76 4b 67 43 6f 4f 49 Sep 6 17:32:30 localhost pluto[12215]: | emitting length of ISAKMP Vendor ID Payload: 16 Sep 6 17:32:30 localhost pluto[12215]: | ***emit ISAKMP Vendor ID Payload: Sep 6 17:32:30 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:30 localhost pluto[12215]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 6 17:32:30 localhost pluto[12215]: | V_ID af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Sep 6 17:32:30 localhost pluto[12215]: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 6 17:32:30 localhost pluto[12215]: | nat traversal enabled: 1 Sep 6 17:32:30 localhost pluto[12215]: | nat add vid. port: 1 nonike: 1 Sep 6 17:32:30 localhost pluto[12215]: | out_vendorid(): sending [RFC 3947] Sep 6 17:32:30 localhost pluto[12215]: | ***emit ISAKMP Vendor ID Payload: Sep 6 17:32:30 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:30 localhost pluto[12215]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 6 17:32:30 localhost pluto[12215]: | V_ID 4a 13 1c 81 07 03 58 45 5c 57 28 f2 0e 95 45 2f Sep 6 17:32:30 localhost pluto[12215]: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 6 17:32:30 localhost pluto[12215]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-03] Sep 6 17:32:30 localhost pluto[12215]: | ***emit ISAKMP Vendor ID Payload: Sep 6 17:32:30 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:30 localhost pluto[12215]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 6 17:32:30 localhost pluto[12215]: | V_ID 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 Sep 6 17:32:30 localhost pluto[12215]: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 6 17:32:30 localhost pluto[12215]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02] Sep 6 17:32:30 localhost pluto[12215]: | ***emit ISAKMP Vendor ID Payload: Sep 6 17:32:30 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:30 localhost pluto[12215]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 6 17:32:30 localhost pluto[12215]: | V_ID cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Sep 6 17:32:30 localhost pluto[12215]: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 6 17:32:30 localhost pluto[12215]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-02_n] Sep 6 17:32:30 localhost pluto[12215]: | ***emit ISAKMP Vendor ID Payload: Sep 6 17:32:30 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:30 localhost pluto[12215]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 6 17:32:30 localhost pluto[12215]: | V_ID 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f Sep 6 17:32:30 localhost pluto[12215]: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 6 17:32:30 localhost pluto[12215]: | out_vendorid(): sending [draft-ietf-ipsec-nat-t-ike-00] Sep 6 17:32:30 localhost pluto[12215]: | ***emit ISAKMP Vendor ID Payload: Sep 6 17:32:30 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:30 localhost pluto[12215]: | emitting 16 raw bytes of V_ID into ISAKMP Vendor ID Payload Sep 6 17:32:30 localhost pluto[12215]: | V_ID 44 85 15 2d 18 b6 bb cd 0b e8 a8 46 95 79 dd cc Sep 6 17:32:30 localhost pluto[12215]: | emitting length of ISAKMP Vendor ID Payload: 20 Sep 6 17:32:31 localhost pluto[12215]: | emitting length of ISAKMP Message: 312 Sep 6 17:32:31 localhost pluto[12215]: | sending 312 bytes for main_outI1 through tun0:500 to 1.1.1.2:500: Sep 6 17:32:31 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 00 00 00 00 00 00 00 00 Sep 6 17:32:31 localhost pluto[12215]: | 01 10 02 00 00 00 00 00 00 00 01 38 0d 00 00 94 Sep 6 17:32:31 localhost pluto[12215]: | 00 00 00 01 00 00 00 01 00 00 00 88 00 01 00 04 Sep 6 17:32:31 localhost pluto[12215]: | 03 00 00 20 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 6 17:32:31 localhost pluto[12215]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 05 Sep 6 17:32:31 localhost pluto[12215]: | 03 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 6 17:32:31 localhost pluto[12215]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 05 Sep 6 17:32:31 localhost pluto[12215]: | 03 00 00 20 02 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 6 17:32:31 localhost pluto[12215]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 02 Sep 6 17:32:31 localhost pluto[12215]: | 00 00 00 20 03 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 6 17:32:31 localhost pluto[12215]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 02 Sep 6 17:32:31 localhost pluto[12215]: | 0d 00 00 10 4f 45 5f 5d 7b 76 4b 67 43 6f 4f 49 Sep 6 17:32:31 localhost pluto[12215]: | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc Sep 6 17:32:31 localhost pluto[12215]: | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45 Sep 6 17:32:31 localhost pluto[12215]: | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6 Sep 6 17:32:31 localhost pluto[12215]: | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 Sep 6 17:32:31 localhost pluto[12215]: | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Sep 6 17:32:31 localhost pluto[12215]: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 6 17:32:31 localhost pluto[12215]: | ec 42 7b 1f 00 00 00 14 44 85 15 2d 18 b6 bb cd Sep 6 17:32:31 localhost pluto[12215]: | 0b e8 a8 46 95 79 dd cc Sep 6 17:32:31 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1 Sep 6 17:32:31 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 10 seconds for #1 Sep 6 17:32:31 localhost pluto[12215]: | Sep 6 17:32:31 localhost pluto[12215]: | *received adns message Sep 6 17:32:31 localhost pluto[12215]: | Sep 6 17:32:31 localhost pluto[12215]: | asynch DNS answer 5 failure querying DNS for KEY of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:31 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 209.97.208.98: failure querying DNS for KEY of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:31 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.97.208.98:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:32:31 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.97.208.98:0/0 Sep 6 17:32:31 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:31 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:31 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:31 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:31 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:31 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:31 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:31 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:31 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:31 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:32:31 localhost pluto[12215]: can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:32:31 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.97.208.98 new state: fos_myid_ip_key with ugh: ok Sep 6 17:32:31 localhost pluto[12215]: | DNS query 7 for KEY for RRT102. (gw: (none)) Sep 6 17:32:31 localhost pluto[12215]: | Sep 6 17:32:31 localhost pluto[12215]: | asynch DNS answer 4 failure querying DNS for TXT of RRT102.: Host name lookup failure Sep 6 17:32:31 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 10.20.50.50: failure querying DNS for TXT of RRT102.: Host name lookup failure Sep 6 17:32:31 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.50.50:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:32:31 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.50.50:0/0 Sep 6 17:32:31 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:31 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:31 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:31 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:31 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:31 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:31 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:31 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:31 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:31 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:32:31 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.50.50 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:32:31 localhost pluto[12215]: | DNS query 8 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:32:31 localhost pluto[12215]: | Sep 6 17:32:31 localhost pluto[12215]: | asynch DNS answer 6 failure querying DNS for TXT of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:31 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 209.85.147.83: failure querying DNS for TXT of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:31 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.85.147.83:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:32:31 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.85.147.83:0/0 Sep 6 17:32:31 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:31 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:31 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:31 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:31 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:31 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:31 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:31 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:31 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:31 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:32:31 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.85.147.83 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:32:31 localhost pluto[12215]: | DNS query 9 for TXT for RRT102. (gw: @RRT102) Sep 6 17:32:31 localhost pluto[12215]: | Sep 6 17:32:31 localhost pluto[12215]: | *received kernel message Sep 6 17:32:31 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:32:31 localhost pluto[12215]: | add bare shunt 0x80fdd48 10.20.50.88/32:0 -0-> 10.20.50.233/32:0 => %hold 0 %acquire-netlink Sep 6 17:32:32 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.50.233:0 proto=0 state: fos_start because: acquire Sep 6 17:32:32 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.50.233:0/0 Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:32 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:32 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.50.233 new state: fos_start with ugh: ok Sep 6 17:32:32 localhost pluto[12215]: | DNS query 10 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:32:32 localhost pluto[12215]: | Sep 6 17:32:32 localhost pluto[12215]: | *received whack message Sep 6 17:32:32 localhost pluto[12215]: | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Sep 6 17:32:32 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #1 Sep 6 17:32:32 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #1 Sep 6 17:32:32 localhost pluto[12215]: | Sep 6 17:32:32 localhost pluto[12215]: | *received adns message Sep 6 17:32:32 localhost pluto[12215]: | Sep 6 17:32:32 localhost pluto[12215]: | asynch DNS answer 8 failure querying DNS for KEY of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:32 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 10.20.50.50: failure querying DNS for KEY of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:32 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.50.50:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.50.50:0/0 Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:32 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:32 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:32 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:32 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:32 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:32:32 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.50.50 new state: fos_myid_ip_key with ugh: ok Sep 6 17:32:32 localhost pluto[12215]: | DNS query 11 for KEY for RRT102. (gw: (none)) Sep 6 17:32:32 localhost pluto[12215]: | Sep 6 17:32:32 localhost pluto[12215]: | asynch DNS answer 7 failure querying DNS for KEY of RRT102.: Host name lookup failure Sep 6 17:32:32 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.97.208.98:0/0 Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:32 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 209.97.208.98: KEY record for hostname as %myid (no good TXT): failure querying DNS for KEY of RRT102.: Host name lookup failure Sep 6 17:32:32 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): failure querying DNS for KEY of RRT102.: Host name lookup failure eroute 10.20.50.88/32:0 --0-> 209.97.208.98/32:0 => %pass (raw_eroute) Sep 6 17:32:32 localhost pluto[12215]: | change bare shunt 0x80fdb40 10.20.50.88/32:0 -0-> 209.97.208.98/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): failure querying DNS for KEY of RRT102.: Host name lookup failure Sep 6 17:32:32 localhost pluto[12215]: | Sep 6 17:32:32 localhost pluto[12215]: | asynch DNS answer 10 failure querying DNS for TXT of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:32 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 10.20.50.233: failure querying DNS for TXT of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:32 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.50.233:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:32:32 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.50.233:0/0 Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:32 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:32 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:32 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:32 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:32 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:32:32 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.50.233 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:32:32 localhost pluto[12215]: | DNS query 12 for TXT for RRT102. (gw: @RRT102) Sep 6 17:32:32 localhost pluto[12215]: | Sep 6 17:32:32 localhost pluto[12215]: | asynch DNS answer 9 failure querying DNS for TXT of RRT102.: Host name lookup failure Sep 6 17:32:32 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 209.85.147.83: failure querying DNS for TXT of RRT102.: Host name lookup failure Sep 6 17:32:32 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.85.147.83:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:32:32 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.85.147.83:0/0 Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:32 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:32 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:32 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:32 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:32 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:32:32 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.85.147.83 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:32:32 localhost pluto[12215]: | DNS query 13 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:32:32 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #1 Sep 6 17:32:32 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #1 Sep 6 17:32:32 localhost pluto[12215]: | Sep 6 17:32:32 localhost pluto[12215]: | *received adns message Sep 6 17:32:32 localhost pluto[12215]: | Sep 6 17:32:32 localhost pluto[12215]: | asynch DNS answer 12 failure querying DNS for TXT of RRT102.: Host name lookup failure Sep 6 17:32:32 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 10.20.50.233: failure querying DNS for TXT of RRT102.: Host name lookup failure Sep 6 17:32:32 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.50.233:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:32:32 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.50.233:0/0 Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:32 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:32 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:32 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:32 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:33 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:33 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:33 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:32:33 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.50.233 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:32:33 localhost pluto[12215]: | DNS query 14 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:32:33 localhost pluto[12215]: | Sep 6 17:32:33 localhost pluto[12215]: | asynch DNS answer 11 failure querying DNS for KEY of RRT102.: Host name lookup failure Sep 6 17:32:33 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.50.50:0/0 Sep 6 17:32:33 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:33 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:33 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:33 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:33 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:33 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 10.20.50.50: KEY record for hostname as %myid (no good TXT): failure querying DNS for KEY of RRT102.: Host name lookup failure Sep 6 17:32:33 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): failure querying DNS for KEY of RRT102.: Host name lookup failure eroute 10.20.50.88/32:0 --0-> 10.20.50.50/32:0 => %pass (raw_eroute) Sep 6 17:32:33 localhost pluto[12215]: | change bare shunt 0x80fdbd8 10.20.50.88/32:0 -0-> 10.20.50.50/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): failure querying DNS for KEY of RRT102.: Host name lookup failure Sep 6 17:32:33 localhost pluto[12215]: | Sep 6 17:32:33 localhost pluto[12215]: | asynch DNS answer 13 failure querying DNS for KEY of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:33 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 209.85.147.83: failure querying DNS for KEY of 88.50.20.10.in-addr.arpa.: Host name lookup failure Sep 6 17:32:33 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.85.147.83:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:32:33 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.85.147.83:0/0 Sep 6 17:32:33 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:33 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:33 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:33 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:33 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:33 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:33 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:33 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:33 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:33 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:32:33 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.85.147.83 new state: fos_myid_ip_key with ugh: ok Sep 6 17:32:33 localhost pluto[12215]: | DNS query 15 for KEY for RRT102. (gw: (none)) Sep 6 17:32:33 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 8 seconds for #1 Sep 6 17:32:33 localhost pluto[12215]: | Sep 6 17:32:33 localhost pluto[12215]: | *received whack message Sep 6 17:32:33 localhost pluto[12215]: | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Sep 6 17:32:33 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 8 seconds for #1 Sep 6 17:32:33 localhost pluto[12215]: | Sep 6 17:32:33 localhost pluto[12215]: | *received adns message Sep 6 17:32:33 localhost pluto[12215]: | Sep 6 17:32:33 localhost pluto[12215]: | asynch DNS answer 15 no host RRT102. for KEY record Sep 6 17:32:33 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.85.147.83:0/0 Sep 6 17:32:33 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:33 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:33 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:33 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:33 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:33 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 209.85.147.83: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:32:33 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 10.20.50.88/32:0 --0-> 209.85.147.83/32:0 => %pass (raw_eroute) Sep 6 17:32:33 localhost pluto[12215]: | change bare shunt 0x80fdcb0 10.20.50.88/32:0 -0-> 209.85.147.83/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:32:33 localhost pluto[12215]: | Sep 6 17:32:33 localhost pluto[12215]: | asynch DNS answer 14 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:32:33 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 10.20.50.233: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:32:33 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.50.233:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:32:33 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.50.233:0/0 Sep 6 17:32:33 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:33 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:33 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:33 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:33 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:33 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:33 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:33 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:33 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:33 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:32:33 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.50.233 new state: fos_myid_ip_key with ugh: ok Sep 6 17:32:33 localhost pluto[12215]: | DNS query 16 for KEY for RRT102. (gw: (none)) Sep 6 17:32:33 localhost pluto[12215]: | Sep 6 17:32:33 localhost pluto[12215]: | *received kernel message Sep 6 17:32:33 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:32:33 localhost pluto[12215]: | add bare shunt 0x80fdfb8 10.20.50.88/32:0 -0-> 68.142.197.15/32:0 => %hold 0 %acquire-netlink Sep 6 17:32:33 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 68.142.197.15:0 proto=0 state: fos_start because: acquire Sep 6 17:32:33 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 68.142.197.15:0/0 Sep 6 17:32:33 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:34 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:34 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:34 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:34 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:34 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:34 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 68.142.197.15 new state: fos_start with ugh: ok Sep 6 17:32:34 localhost pluto[12215]: | DNS query 17 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:32:34 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 8 seconds for #1 Sep 6 17:32:34 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 8 seconds for #1 Sep 6 17:32:34 localhost pluto[12215]: | Sep 6 17:32:34 localhost pluto[12215]: | *received adns message Sep 6 17:32:34 localhost pluto[12215]: | Sep 6 17:32:34 localhost pluto[12215]: | asynch DNS answer 17 no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:32:34 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 68.142.197.15: no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:32:34 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 68.142.197.15:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:32:34 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 68.142.197.15:0/0 Sep 6 17:32:34 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:34 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:34 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:34 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:34 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:34 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:34 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:34 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:34 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:34 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:32:34 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 68.142.197.15 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:32:34 localhost pluto[12215]: | DNS query 18 for TXT for RRT102. (gw: @RRT102) Sep 6 17:32:34 localhost pluto[12215]: | Sep 6 17:32:34 localhost pluto[12215]: | asynch DNS answer 16 no host RRT102. for KEY record Sep 6 17:32:34 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.50.233:0/0 Sep 6 17:32:34 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:34 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:34 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:34 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:34 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:34 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 10.20.50.233: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:32:34 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 10.20.50.88/32:0 --0-> 10.20.50.233/32:0 => %pass (raw_eroute) Sep 6 17:32:34 localhost pluto[12215]: | change bare shunt 0x80fdd48 10.20.50.88/32:0 -0-> 10.20.50.233/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:32:34 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #1 Sep 6 17:32:34 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #1 Sep 6 17:32:34 localhost pluto[12215]: | Sep 6 17:32:34 localhost pluto[12215]: | *received adns message Sep 6 17:32:34 localhost pluto[12215]: | Sep 6 17:32:34 localhost pluto[12215]: | asynch DNS answer 18 no host RRT102. for TXT record Sep 6 17:32:34 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 68.142.197.15: no host RRT102. for TXT record Sep 6 17:32:34 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 68.142.197.15:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:32:34 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 68.142.197.15:0/0 Sep 6 17:32:34 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:34 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:34 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:34 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:34 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:34 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:34 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:34 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:34 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:34 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:32:34 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 68.142.197.15 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:32:34 localhost pluto[12215]: | DNS query 19 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:32:34 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #1 Sep 6 17:32:34 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #1 Sep 6 17:32:34 localhost pluto[12215]: | Sep 6 17:32:34 localhost pluto[12215]: | *received adns message Sep 6 17:32:34 localhost pluto[12215]: | Sep 6 17:32:34 localhost pluto[12215]: | asynch DNS answer 19 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:32:34 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 68.142.197.15: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:32:34 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 68.142.197.15:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:32:34 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 68.142.197.15:0/0 Sep 6 17:32:34 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:34 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:34 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:35 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:35 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:35 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:35 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:35 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:35 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:35 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:32:35 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 68.142.197.15 new state: fos_myid_ip_key with ugh: ok Sep 6 17:32:35 localhost pluto[12215]: | DNS query 20 for KEY for RRT102. (gw: (none)) Sep 6 17:32:35 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #1 Sep 6 17:32:35 localhost pluto[12215]: | Sep 6 17:32:35 localhost pluto[12215]: | *received whack message Sep 6 17:32:35 localhost pluto[12215]: | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Sep 6 17:32:35 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 6 seconds for #1 Sep 6 17:32:35 localhost pluto[12215]: | Sep 6 17:32:35 localhost pluto[12215]: | *received adns message Sep 6 17:32:35 localhost pluto[12215]: | Sep 6 17:32:35 localhost pluto[12215]: | asynch DNS answer 20 no host RRT102. for KEY record Sep 6 17:32:35 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 68.142.197.15:0/0 Sep 6 17:32:35 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:35 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:35 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:35 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:35 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:35 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 68.142.197.15: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:32:35 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 10.20.50.88/32:0 --0-> 68.142.197.15/32:0 => %pass (raw_eroute) Sep 6 17:32:35 localhost pluto[12215]: | change bare shunt 0x80fdfb8 10.20.50.88/32:0 -0-> 68.142.197.15/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:32:35 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 6 seconds for #1 Sep 6 17:32:36 localhost pluto[12215]: | Sep 6 17:32:36 localhost pluto[12215]: | *received kernel message Sep 6 17:32:36 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:32:36 localhost pluto[12215]: | add bare shunt 0x80fe150 10.20.50.88/32:0 -0-> 68.180.207.182/32:0 => %hold 0 %acquire-netlink Sep 6 17:32:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 68.180.207.182:0 proto=0 state: fos_start because: acquire Sep 6 17:32:36 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 68.180.207.182:0/0 Sep 6 17:32:36 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:36 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:36 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:36 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 68.180.207.182 new state: fos_start with ugh: ok Sep 6 17:32:36 localhost pluto[12215]: | DNS query 21 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:32:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 5 seconds for #1 Sep 6 17:32:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 5 seconds for #1 Sep 6 17:32:36 localhost pluto[12215]: | Sep 6 17:32:36 localhost pluto[12215]: | *received adns message Sep 6 17:32:36 localhost pluto[12215]: | Sep 6 17:32:36 localhost pluto[12215]: | asynch DNS answer 21 no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:32:36 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 68.180.207.182: no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:32:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 68.180.207.182:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:32:36 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 68.180.207.182:0/0 Sep 6 17:32:36 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:36 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:36 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:36 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:36 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:36 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:36 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:36 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:32:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 68.180.207.182 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:32:36 localhost pluto[12215]: | DNS query 22 for TXT for RRT102. (gw: @RRT102) Sep 6 17:32:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 5 seconds for #1 Sep 6 17:32:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 5 seconds for #1 Sep 6 17:32:36 localhost pluto[12215]: | Sep 6 17:32:36 localhost pluto[12215]: | *received adns message Sep 6 17:32:36 localhost pluto[12215]: | Sep 6 17:32:36 localhost pluto[12215]: | asynch DNS answer 22 no host RRT102. for TXT record Sep 6 17:32:36 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 68.180.207.182: no host RRT102. for TXT record Sep 6 17:32:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 68.180.207.182:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:32:36 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 68.180.207.182:0/0 Sep 6 17:32:37 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:37 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:37 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:37 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:37 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:37 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:37 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:37 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:32:37 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:37 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:32:37 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 68.180.207.182 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:32:37 localhost pluto[12215]: | DNS query 23 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:32:37 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 4 seconds for #1 Sep 6 17:32:37 localhost pluto[12215]: | Sep 6 17:32:37 localhost pluto[12215]: | *received whack message Sep 6 17:32:37 localhost pluto[12215]: | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Sep 6 17:32:37 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 4 seconds for #1 Sep 6 17:32:37 localhost pluto[12215]: | Sep 6 17:32:37 localhost pluto[12215]: | *received adns message Sep 6 17:32:37 localhost pluto[12215]: | Sep 6 17:32:37 localhost pluto[12215]: | asynch DNS answer 23 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:32:37 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 68.180.207.182: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:32:37 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 68.180.207.182:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:32:37 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 68.180.207.182:0/0 Sep 6 17:32:37 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:37 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:37 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:37 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:37 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:37 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:32:37 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:37 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:32:37 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:32:37 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:32:37 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 68.180.207.182 new state: fos_myid_ip_key with ugh: ok Sep 6 17:32:37 localhost pluto[12215]: | DNS query 24 for KEY for RRT102. (gw: (none)) Sep 6 17:32:37 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 4 seconds for #1 Sep 6 17:32:37 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 4 seconds for #1 Sep 6 17:32:37 localhost pluto[12215]: | Sep 6 17:32:37 localhost pluto[12215]: | *received adns message Sep 6 17:32:37 localhost pluto[12215]: | Sep 6 17:32:37 localhost pluto[12215]: | asynch DNS answer 24 no host RRT102. for KEY record Sep 6 17:32:37 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 68.180.207.182:0/0 Sep 6 17:32:37 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:32:37 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:32:37 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:32:37 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:32:37 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:32:37 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 68.180.207.182: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:32:37 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 10.20.50.88/32:0 --0-> 68.180.207.182/32:0 => %pass (raw_eroute) Sep 6 17:32:37 localhost pluto[12215]: | change bare shunt 0x80fe150 10.20.50.88/32:0 -0-> 68.180.207.182/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:32:37 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 4 seconds for #1 Sep 6 17:32:39 localhost pluto[12215]: | Sep 6 17:32:39 localhost pluto[12215]: | *received whack message Sep 6 17:32:39 localhost pluto[12215]: | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Sep 6 17:32:39 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 2 seconds for #1 Sep 6 17:32:41 localhost pluto[12215]: | Sep 6 17:32:41 localhost pluto[12215]: | *time to handle event Sep 6 17:32:41 localhost pluto[12215]: | handling event EVENT_RETRANSMIT Sep 6 17:32:41 localhost pluto[12215]: | event after this is EVENT_PENDING_PHASE2 in 97 seconds Sep 6 17:32:41 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:41 localhost pluto[12215]: | handling event EVENT_RETRANSMIT for 1.1.1.2 "xxx" #1 Sep 6 17:32:41 localhost pluto[12215]: | sending 312 bytes for EVENT_RETRANSMIT through tun0:500 to 1.1.1.2:500: Sep 6 17:32:41 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 00 00 00 00 00 00 00 00 Sep 6 17:32:41 localhost pluto[12215]: | 01 10 02 00 00 00 00 00 00 00 01 38 0d 00 00 94 Sep 6 17:32:41 localhost pluto[12215]: | 00 00 00 01 00 00 00 01 00 00 00 88 00 01 00 04 Sep 6 17:32:41 localhost pluto[12215]: | 03 00 00 20 00 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 6 17:32:41 localhost pluto[12215]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 05 Sep 6 17:32:41 localhost pluto[12215]: | 03 00 00 20 01 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 6 17:32:41 localhost pluto[12215]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 05 Sep 6 17:32:41 localhost pluto[12215]: | 03 00 00 20 02 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 6 17:32:41 localhost pluto[12215]: | 80 01 00 05 80 02 00 02 80 03 00 01 80 04 00 02 Sep 6 17:32:41 localhost pluto[12215]: | 00 00 00 20 03 01 00 00 80 0b 00 01 80 0c 0e 10 Sep 6 17:32:41 localhost pluto[12215]: | 80 01 00 05 80 02 00 01 80 03 00 01 80 04 00 02 Sep 6 17:32:41 localhost pluto[12215]: | 0d 00 00 10 4f 45 5f 5d 7b 76 4b 67 43 6f 4f 49 Sep 6 17:32:41 localhost pluto[12215]: | 0d 00 00 14 af ca d7 13 68 a1 f1 c9 6b 86 96 fc Sep 6 17:32:41 localhost pluto[12215]: | 77 57 01 00 0d 00 00 14 4a 13 1c 81 07 03 58 45 Sep 6 17:32:41 localhost pluto[12215]: | 5c 57 28 f2 0e 95 45 2f 0d 00 00 14 7d 94 19 a6 Sep 6 17:32:41 localhost pluto[12215]: | 53 10 ca 6f 2c 17 9d 92 15 52 9d 56 0d 00 00 14 Sep 6 17:32:41 localhost pluto[12215]: | cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48 Sep 6 17:32:41 localhost pluto[12215]: | 0d 00 00 14 90 cb 80 91 3e bb 69 6e 08 63 81 b5 Sep 6 17:32:41 localhost pluto[12215]: | ec 42 7b 1f 00 00 00 14 44 85 15 2d 18 b6 bb cd Sep 6 17:32:41 localhost pluto[12215]: | 0b e8 a8 46 95 79 dd cc Sep 6 17:32:41 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #1 Sep 6 17:32:41 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 20 seconds for #1 Sep 6 17:32:42 localhost pluto[12215]: | Sep 6 17:32:42 localhost pluto[12215]: | *received 100 bytes from 1.1.1.2:500 on tun0 (port=500) Sep 6 17:32:42 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:32:42 localhost pluto[12215]: | 01 10 02 00 00 00 00 00 00 00 00 64 0d 00 00 34 Sep 6 17:32:42 localhost pluto[12215]: | 00 00 00 01 00 00 00 01 00 00 00 28 01 01 00 01 Sep 6 17:32:42 localhost pluto[12215]: | 00 00 00 20 01 01 00 00 80 01 00 05 80 02 00 01 Sep 6 17:32:42 localhost pluto[12215]: | 80 04 00 02 80 03 00 01 80 0b 00 01 80 0c 0e 10 Sep 6 17:32:42 localhost pluto[12215]: | 00 00 00 14 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 Sep 6 17:32:42 localhost pluto[12215]: | 15 52 9d 56 Sep 6 17:32:42 localhost pluto[12215]: | **parse ISAKMP Message: Sep 6 17:32:42 localhost pluto[12215]: | initiator cookie: Sep 6 17:32:42 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:42 localhost pluto[12215]: | responder cookie: Sep 6 17:32:42 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:32:42 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_SA Sep 6 17:32:42 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:32:42 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_IDPROT Sep 6 17:32:42 localhost pluto[12215]: | flags: none Sep 6 17:32:42 localhost pluto[12215]: | message ID: 00 00 00 00 Sep 6 17:32:42 localhost pluto[12215]: | length: 100 Sep 6 17:32:42 localhost pluto[12215]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 6 17:32:42 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:42 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:32:42 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:32:42 localhost pluto[12215]: | state hash entry 23 Sep 6 17:32:42 localhost pluto[12215]: | state object not found Sep 6 17:32:42 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:42 localhost pluto[12215]: | RCOOKIE: 00 00 00 00 00 00 00 00 Sep 6 17:32:42 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:32:42 localhost pluto[12215]: | state hash entry 29 Sep 6 17:32:42 localhost pluto[12215]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000 Sep 6 17:32:42 localhost pluto[12215]: | state object #1 found, in STATE_MAIN_I1 Sep 6 17:32:42 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:42 localhost pluto[12215]: | np=1 and sd=0x80df3a0 Sep 6 17:32:42 localhost pluto[12215]: | ***parse ISAKMP Security Association Payload: Sep 6 17:32:42 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_VID Sep 6 17:32:42 localhost pluto[12215]: | length: 52 Sep 6 17:32:42 localhost pluto[12215]: | DOI: ISAKMP_DOI_IPSEC Sep 6 17:32:42 localhost pluto[12215]: | np=13 and sd=0x80ded70 Sep 6 17:32:42 localhost pluto[12215]: | ***parse ISAKMP Vendor ID Payload: Sep 6 17:32:42 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:42 localhost pluto[12215]: | length: 20 Sep 6 17:32:42 localhost pluto[12215]: "xxx" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108 Sep 6 17:32:42 localhost pluto[12215]: | ****parse IPsec DOI SIT: Sep 6 17:32:42 localhost pluto[12215]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Sep 6 17:32:42 localhost pluto[12215]: | ****parse ISAKMP Proposal Payload: Sep 6 17:32:42 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:42 localhost pluto[12215]: | length: 40 Sep 6 17:32:42 localhost pluto[12215]: | proposal number: 1 Sep 6 17:32:42 localhost pluto[12215]: | protocol ID: PROTO_ISAKMP Sep 6 17:32:42 localhost pluto[12215]: | SPI size: 0 Sep 6 17:32:42 localhost pluto[12215]: | number of transforms: 1 Sep 6 17:32:42 localhost pluto[12215]: | *****parse ISAKMP Transform Payload (ISAKMP): Sep 6 17:32:42 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:42 localhost pluto[12215]: | length: 32 Sep 6 17:32:42 localhost pluto[12215]: | transform number: 1 Sep 6 17:32:42 localhost pluto[12215]: | transform ID: KEY_IKE Sep 6 17:32:42 localhost pluto[12215]: | ******parse ISAKMP Oakley attribute: Sep 6 17:32:42 localhost pluto[12215]: | af+type: OAKLEY_ENCRYPTION_ALGORITHM Sep 6 17:32:42 localhost pluto[12215]: | length/value: 5 Sep 6 17:32:42 localhost pluto[12215]: | [5 is OAKLEY_3DES_CBC] Sep 6 17:32:42 localhost pluto[12215]: | ike_alg_enc_ok(ealg=5,key_len=0): blocksize=8, keyminlen=192, keydeflen=192, keymaxlen=192, ret=1 Sep 6 17:32:42 localhost pluto[12215]: | ******parse ISAKMP Oakley attribute: Sep 6 17:32:42 localhost pluto[12215]: | af+type: OAKLEY_HASH_ALGORITHM Sep 6 17:32:42 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:42 localhost pluto[12215]: | [1 is OAKLEY_MD5] Sep 6 17:32:42 localhost pluto[12215]: | ******parse ISAKMP Oakley attribute: Sep 6 17:32:42 localhost pluto[12215]: | af+type: OAKLEY_GROUP_DESCRIPTION Sep 6 17:32:42 localhost pluto[12215]: | length/value: 2 Sep 6 17:32:42 localhost pluto[12215]: | [2 is OAKLEY_GROUP_MODP1024] Sep 6 17:32:42 localhost pluto[12215]: | ******parse ISAKMP Oakley attribute: Sep 6 17:32:42 localhost pluto[12215]: | af+type: OAKLEY_AUTHENTICATION_METHOD Sep 6 17:32:42 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:42 localhost pluto[12215]: | [1 is OAKLEY_PRESHARED_KEY] Sep 6 17:32:42 localhost pluto[12215]: | started looking for secret for 1.1.1.1->1.1.1.2 of kind PPK_PSK Sep 6 17:32:42 localhost pluto[12215]: | actually looking for secret for 1.1.1.1->1.1.1.2 of kind PPK_PSK Sep 6 17:32:42 localhost pluto[12215]: | 1: compared PSK 1.1.1.2 to 1.1.1.1 / 1.1.1.2 -> 2 Sep 6 17:32:42 localhost pluto[12215]: | 2: compared PSK 1.1.1.1 to 1.1.1.1 / 1.1.1.2 -> 6 Sep 6 17:32:42 localhost pluto[12215]: | best_match 0>6 best=0x80f8f90 (line=1) Sep 6 17:32:42 localhost pluto[12215]: | concluding with best_match=6 best=0x80f8f90 (lineno=1) Sep 6 17:32:42 localhost pluto[12215]: | ******parse ISAKMP Oakley attribute: Sep 6 17:32:42 localhost pluto[12215]: | af+type: OAKLEY_LIFE_TYPE Sep 6 17:32:42 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:42 localhost pluto[12215]: | [1 is OAKLEY_LIFE_SECONDS] Sep 6 17:32:42 localhost pluto[12215]: | ******parse ISAKMP Oakley attribute: Sep 6 17:32:42 localhost pluto[12215]: | af+type: OAKLEY_LIFE_DURATION Sep 6 17:32:42 localhost pluto[12215]: | length/value: 3600 Sep 6 17:32:42 localhost pluto[12215]: | Oakley Transform 1 accepted Sep 6 17:32:42 localhost pluto[12215]: | sender checking NAT-t: 1 and 108 Sep 6 17:32:42 localhost pluto[12215]: "xxx" #1: enabling possible NAT-traversal with method draft-ietf-ipsec-nat-t-ike-02/03 Sep 6 17:32:42 localhost pluto[12215]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1 Sep 6 17:32:42 localhost pluto[12215]: | asking helper 0 to do build_kenonce op on seq: 1 Sep 6 17:32:42 localhost pluto[12215]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #1 Sep 6 17:32:42 localhost pluto[12216]: ! helper 0 doing build_kenonce op id: 1 Sep 6 17:32:42 localhost pluto[12215]: | complete state transition with STF_SUSPEND Sep 6 17:32:43 localhost pluto[12216]: ! Local DH secret: Sep 6 17:32:43 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 96 seconds Sep 6 17:32:43 localhost pluto[12216]: ! 95 dd d4 da b1 22 ff 25 12 b8 b4 92 28 be 22 66 Sep 6 17:32:43 localhost pluto[12216]: ! 5b 78 13 c9 83 37 57 ab c8 a1 11 bf 24 22 35 2c Sep 6 17:32:43 localhost pluto[12216]: ! Public DH value sent: Sep 6 17:32:43 localhost pluto[12216]: ! 8e 3f a8 45 4a cf f3 58 2b 93 8b 5f e0 b8 41 97 Sep 6 17:32:43 localhost pluto[12216]: ! e5 08 a1 33 41 31 d5 a6 a3 e6 0e 58 ec d7 e2 3b Sep 6 17:32:43 localhost pluto[12216]: ! 50 8d e9 31 1d 2a ab 89 e7 ea b3 1b 0b 90 9f 46 Sep 6 17:32:43 localhost pluto[12216]: ! 03 6e 3a 91 36 aa e5 b0 c4 c2 8b e7 72 88 d2 9e Sep 6 17:32:43 localhost pluto[12216]: ! 62 4c 4b a0 cb 1b 03 ff 76 da 0e 2f d7 26 1c 3c Sep 6 17:32:43 localhost pluto[12216]: ! 52 3a 40 bb 77 cc 08 6f 9a 4b a0 4d 29 1a e0 58 Sep 6 17:32:43 localhost pluto[12216]: ! 67 f1 4f c7 3e 8d 68 d2 8a be e7 ac f7 40 fe 7d Sep 6 17:32:43 localhost pluto[12216]: ! 2b 39 1a c1 ab 1d f3 79 73 c0 62 ce 05 51 0d 6a Sep 6 17:32:43 localhost pluto[12216]: ! Generated nonce: Sep 6 17:32:43 localhost pluto[12216]: ! 1f ab 9b 3b 0f 37 0c b8 45 25 f4 4d 95 2d eb de Sep 6 17:32:43 localhost pluto[12215]: | helper 0 has work (cnt now 0) Sep 6 17:32:43 localhost pluto[12215]: | helper 0 replies to sequence 1 Sep 6 17:32:43 localhost pluto[12215]: | calling callback function 0x806549b Sep 6 17:32:43 localhost pluto[12215]: | main inR1_outI2: calculated ke+nonce, sending I2 Sep 6 17:32:43 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:43 localhost pluto[12215]: | **emit ISAKMP Message: Sep 6 17:32:43 localhost pluto[12215]: | initiator cookie: Sep 6 17:32:43 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:43 localhost pluto[12215]: | responder cookie: Sep 6 17:32:43 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:32:43 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_KE Sep 6 17:32:43 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:32:43 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_IDPROT Sep 6 17:32:43 localhost pluto[12215]: | flags: none Sep 6 17:32:43 localhost pluto[12215]: | message ID: 00 00 00 00 Sep 6 17:32:43 localhost pluto[12215]: | ***emit ISAKMP Key Exchange Payload: Sep 6 17:32:43 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONCE Sep 6 17:32:43 localhost pluto[12215]: | emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload Sep 6 17:32:43 localhost pluto[12215]: | keyex value 8e 3f a8 45 4a cf f3 58 2b 93 8b 5f e0 b8 41 97 Sep 6 17:32:43 localhost pluto[12215]: | e5 08 a1 33 41 31 d5 a6 a3 e6 0e 58 ec d7 e2 3b Sep 6 17:32:43 localhost pluto[12215]: | 50 8d e9 31 1d 2a ab 89 e7 ea b3 1b 0b 90 9f 46 Sep 6 17:32:43 localhost pluto[12215]: | 03 6e 3a 91 36 aa e5 b0 c4 c2 8b e7 72 88 d2 9e Sep 6 17:32:43 localhost pluto[12215]: | 62 4c 4b a0 cb 1b 03 ff 76 da 0e 2f d7 26 1c 3c Sep 6 17:32:43 localhost pluto[12215]: | 52 3a 40 bb 77 cc 08 6f 9a 4b a0 4d 29 1a e0 58 Sep 6 17:32:43 localhost pluto[12215]: | 67 f1 4f c7 3e 8d 68 d2 8a be e7 ac f7 40 fe 7d Sep 6 17:32:43 localhost pluto[12215]: | 2b 39 1a c1 ab 1d f3 79 73 c0 62 ce 05 51 0d 6a Sep 6 17:32:43 localhost pluto[12215]: | emitting length of ISAKMP Key Exchange Payload: 132 Sep 6 17:32:43 localhost pluto[12215]: | ***emit ISAKMP Nonce Payload: Sep 6 17:32:43 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:43 localhost pluto[12215]: | emitting 16 raw bytes of Ni into ISAKMP Nonce Payload Sep 6 17:32:43 localhost pluto[12215]: | Ni 1f ab 9b 3b 0f 37 0c b8 45 25 f4 4d 95 2d eb de Sep 6 17:32:43 localhost pluto[12215]: | emitting length of ISAKMP Nonce Payload: 20 Sep 6 17:32:43 localhost pluto[12215]: | sending NATD payloads Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: hasher=0x80e14a0(16) Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: icookie= Sep 6 17:32:43 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: rcookie= Sep 6 17:32:43 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: ip= 01 01 01 02 Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: port=500 Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: hash= bf e2 d7 4e 56 93 17 14 3a ed 98 ea 11 60 d7 46 Sep 6 17:32:43 localhost pluto[12215]: | ***emit ISAKMP NAT-D Payload: Sep 6 17:32:43 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NAT-D Sep 6 17:32:43 localhost pluto[12215]: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 6 17:32:43 localhost pluto[12215]: | NAT-D bf e2 d7 4e 56 93 17 14 3a ed 98 ea 11 60 d7 46 Sep 6 17:32:43 localhost pluto[12215]: | emitting length of ISAKMP NAT-D Payload: 20 Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: hasher=0x80e14a0(16) Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: icookie= Sep 6 17:32:43 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: rcookie= Sep 6 17:32:43 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: ip= 01 01 01 01 Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: port=500 Sep 6 17:32:43 localhost pluto[12215]: | _natd_hash: hash= b8 fc 97 b9 0f 1b d2 77 ad bf be fd 34 fb 04 79 Sep 6 17:32:43 localhost pluto[12215]: | ***emit ISAKMP NAT-D Payload: Sep 6 17:32:43 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:43 localhost pluto[12215]: | emitting 16 raw bytes of NAT-D into ISAKMP NAT-D Payload Sep 6 17:32:43 localhost pluto[12215]: | NAT-D b8 fc 97 b9 0f 1b d2 77 ad bf be fd 34 fb 04 79 Sep 6 17:32:43 localhost pluto[12215]: | emitting length of ISAKMP NAT-D Payload: 20 Sep 6 17:32:43 localhost pluto[12215]: | emitting length of ISAKMP Message: 220 Sep 6 17:32:43 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:43 localhost pluto[12215]: | RCOOKIE: 00 00 00 00 00 00 00 00 Sep 6 17:32:43 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:32:43 localhost pluto[12215]: | state hash entry 29 Sep 6 17:32:43 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:43 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:32:43 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:32:43 localhost pluto[12215]: | state hash entry 23 Sep 6 17:32:43 localhost pluto[12215]: | complete state transition with STF_OK Sep 6 17:32:43 localhost pluto[12215]: "xxx" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Sep 6 17:32:43 localhost pluto[12215]: | sending reply packet to 1.1.1.2:500 (from port=500) Sep 6 17:32:43 localhost pluto[12215]: | sending 220 bytes for STATE_MAIN_I1 through tun0:500 to 1.1.1.2:500: Sep 6 17:32:43 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:32:43 localhost pluto[12215]: | 04 10 02 00 00 00 00 00 00 00 00 dc 0a 00 00 84 Sep 6 17:32:43 localhost pluto[12215]: | 8e 3f a8 45 4a cf f3 58 2b 93 8b 5f e0 b8 41 97 Sep 6 17:32:43 localhost pluto[12215]: | e5 08 a1 33 41 31 d5 a6 a3 e6 0e 58 ec d7 e2 3b Sep 6 17:32:43 localhost pluto[12215]: | 50 8d e9 31 1d 2a ab 89 e7 ea b3 1b 0b 90 9f 46 Sep 6 17:32:43 localhost pluto[12215]: | 03 6e 3a 91 36 aa e5 b0 c4 c2 8b e7 72 88 d2 9e Sep 6 17:32:43 localhost pluto[12215]: | 62 4c 4b a0 cb 1b 03 ff 76 da 0e 2f d7 26 1c 3c Sep 6 17:32:44 localhost pluto[12215]: | 52 3a 40 bb 77 cc 08 6f 9a 4b a0 4d 29 1a e0 58 Sep 6 17:32:44 localhost pluto[12215]: | 67 f1 4f c7 3e 8d 68 d2 8a be e7 ac f7 40 fe 7d Sep 6 17:32:44 localhost pluto[12215]: | 2b 39 1a c1 ab 1d f3 79 73 c0 62 ce 05 51 0d 6a Sep 6 17:32:44 localhost pluto[12215]: | 82 00 00 14 1f ab 9b 3b 0f 37 0c b8 45 25 f4 4d Sep 6 17:32:44 localhost pluto[12215]: | 95 2d eb de 82 00 00 14 bf e2 d7 4e 56 93 17 14 Sep 6 17:32:44 localhost pluto[12215]: | 3a ed 98 ea 11 60 d7 46 00 00 00 14 b8 fc 97 b9 Sep 6 17:32:44 localhost pluto[12215]: | 0f 1b d2 77 ad bf be fd 34 fb 04 79 Sep 6 17:32:44 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1 Sep 6 17:32:44 localhost pluto[12215]: "xxx" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Sep 6 17:32:44 localhost pluto[12215]: | modecfg pull: noquirk policy:push not-client Sep 6 17:32:44 localhost pluto[12215]: | phase 1 is done, looking for phase 1 to unpend Sep 6 17:32:44 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 10 seconds for #1 Sep 6 17:32:44 localhost pluto[12215]: | Sep 6 17:32:44 localhost pluto[12215]: | *received 296 bytes from 1.1.1.2:500 on tun0 (port=500) Sep 6 17:32:44 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:32:44 localhost pluto[12215]: | 04 10 02 00 00 00 00 00 00 00 01 28 0a 00 00 84 Sep 6 17:32:44 localhost pluto[12215]: | ef a3 dc 23 b2 09 a1 7a 6d 64 a8 80 e0 93 5c 8e Sep 6 17:32:44 localhost pluto[12215]: | 1c 9d 53 57 81 a0 9e 03 78 1e 87 0d f9 2e 27 6f Sep 6 17:32:44 localhost pluto[12215]: | 06 ad 1c c2 cd 83 55 a5 51 f7 76 fe 06 64 a6 71 Sep 6 17:32:44 localhost pluto[12215]: | 21 fa 1f a9 7d 68 cd 47 a5 0a fb a7 c9 b8 0a af Sep 6 17:32:44 localhost pluto[12215]: | 9c 96 b8 10 4b 22 41 80 1c a9 1d 03 9b 9f f5 f5 Sep 6 17:32:44 localhost pluto[12215]: | 7c 6b 9e 85 13 8d 4c dd c4 58 6e 9e 07 4b a5 f8 Sep 6 17:32:44 localhost pluto[12215]: | 34 06 24 ec 25 7f 7f ac 8c 1f 81 62 0d 1c 51 22 Sep 6 17:32:44 localhost pluto[12215]: | be d4 0e 85 09 12 70 79 d8 0c f2 34 9b ef b6 18 Sep 6 17:32:44 localhost pluto[12215]: | 0d 00 00 18 0b a3 80 dd c3 26 43 b0 7e de fe 14 Sep 6 17:32:44 localhost pluto[12215]: | 19 23 42 40 50 56 97 49 0d 00 00 14 12 f5 f2 8c Sep 6 17:32:44 localhost pluto[12215]: | 45 71 68 a9 70 2d 9f e2 74 cc 01 00 0d 00 00 14 Sep 6 17:32:44 localhost pluto[12215]: | af ca d7 13 68 a1 f1 c9 6b 86 96 fc 77 57 01 00 Sep 6 17:32:44 localhost pluto[12215]: | 0d 00 00 14 60 43 1e c7 2d bc d1 fb 50 fc 44 ee Sep 6 17:32:44 localhost pluto[12215]: | fb 5b 55 13 82 00 00 0c 09 00 26 89 df d6 b7 12 Sep 6 17:32:44 localhost pluto[12215]: | 82 00 00 14 b8 fc 97 b9 0f 1b d2 77 ad bf be fd Sep 6 17:32:44 localhost pluto[12215]: | 34 fb 04 79 00 00 00 14 bf e2 d7 4e 56 93 17 14 Sep 6 17:32:44 localhost pluto[12215]: | 3a ed 98 ea 11 60 d7 46 Sep 6 17:32:44 localhost pluto[12215]: | **parse ISAKMP Message: Sep 6 17:32:44 localhost pluto[12215]: | initiator cookie: Sep 6 17:32:44 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:44 localhost pluto[12215]: | responder cookie: Sep 6 17:32:44 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:32:44 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_KE Sep 6 17:32:44 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:32:44 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_IDPROT Sep 6 17:32:44 localhost pluto[12215]: | flags: none Sep 6 17:32:44 localhost pluto[12215]: | message ID: 00 00 00 00 Sep 6 17:32:44 localhost pluto[12215]: | length: 296 Sep 6 17:32:44 localhost pluto[12215]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 6 17:32:44 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:44 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:32:44 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:32:44 localhost pluto[12215]: | state hash entry 23 Sep 6 17:32:44 localhost pluto[12215]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000 Sep 6 17:32:44 localhost pluto[12215]: | state object #1 found, in STATE_MAIN_I2 Sep 6 17:32:44 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:44 localhost pluto[12215]: | np=4 and sd=0x80df0b0 Sep 6 17:32:44 localhost pluto[12215]: | ***parse ISAKMP Key Exchange Payload: Sep 6 17:32:44 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONCE Sep 6 17:32:44 localhost pluto[12215]: | length: 132 Sep 6 17:32:44 localhost pluto[12215]: | np=10 and sd=0x80deec0 Sep 6 17:32:44 localhost pluto[12215]: | ***parse ISAKMP Nonce Payload: Sep 6 17:32:44 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_VID Sep 6 17:32:44 localhost pluto[12215]: | length: 24 Sep 6 17:32:44 localhost pluto[12215]: | np=13 and sd=0x80ded70 Sep 6 17:32:44 localhost pluto[12215]: | ***parse ISAKMP Vendor ID Payload: Sep 6 17:32:44 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_VID Sep 6 17:32:44 localhost pluto[12215]: | length: 20 Sep 6 17:32:44 localhost pluto[12215]: | np=13 and sd=0x80ded70 Sep 6 17:32:44 localhost pluto[12215]: | ***parse ISAKMP Vendor ID Payload: Sep 6 17:32:44 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_VID Sep 6 17:32:44 localhost pluto[12215]: | length: 20 Sep 6 17:32:44 localhost pluto[12215]: | np=13 and sd=0x80ded70 Sep 6 17:32:44 localhost pluto[12215]: | ***parse ISAKMP Vendor ID Payload: Sep 6 17:32:44 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_VID Sep 6 17:32:44 localhost pluto[12215]: | length: 20 Sep 6 17:32:44 localhost pluto[12215]: | np=13 and sd=0x80ded70 Sep 6 17:32:44 localhost pluto[12215]: | ***parse ISAKMP Vendor ID Payload: Sep 6 17:32:44 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NAT-D Sep 6 17:32:44 localhost pluto[12215]: | length: 12 Sep 6 17:32:44 localhost pluto[12215]: | np=130 and sd=(nil) Sep 6 17:32:44 localhost pluto[12215]: | ***parse ISAKMP NAT-D Payload: Sep 6 17:32:44 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NAT-D Sep 6 17:32:44 localhost pluto[12215]: | length: 20 Sep 6 17:32:44 localhost pluto[12215]: | np=130 and sd=(nil) Sep 6 17:32:44 localhost pluto[12215]: | ***parse ISAKMP NAT-D Payload: Sep 6 17:32:44 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:44 localhost pluto[12215]: | length: 20 Sep 6 17:32:44 localhost pluto[12215]: "xxx" #1: received Vendor ID payload [Cisco-Unity] Sep 6 17:32:44 localhost pluto[12215]: "xxx" #1: received Vendor ID payload [Dead Peer Detection] Sep 6 17:32:44 localhost pluto[12215]: "xxx" #1: ignoring unknown Vendor ID payload [60431ec72dbcd1fb50fc44eefb5b5513] Sep 6 17:32:44 localhost pluto[12215]: "xxx" #1: received Vendor ID payload [XAUTH] Sep 6 17:32:44 localhost pluto[12215]: | **emit ISAKMP Message: Sep 6 17:32:44 localhost pluto[12215]: | initiator cookie: Sep 6 17:32:44 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:44 localhost pluto[12215]: | responder cookie: Sep 6 17:32:44 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:32:44 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_ID Sep 6 17:32:45 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:32:45 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_IDPROT Sep 6 17:32:45 localhost pluto[12215]: | flags: ISAKMP_FLAG_ENCRYPTION Sep 6 17:32:45 localhost pluto[12215]: | message ID: 00 00 00 00 Sep 6 17:32:45 localhost pluto[12215]: | DH public value received: Sep 6 17:32:45 localhost pluto[12215]: | ef a3 dc 23 b2 09 a1 7a 6d 64 a8 80 e0 93 5c 8e Sep 6 17:32:45 localhost pluto[12215]: | 1c 9d 53 57 81 a0 9e 03 78 1e 87 0d f9 2e 27 6f Sep 6 17:32:45 localhost pluto[12215]: | 06 ad 1c c2 cd 83 55 a5 51 f7 76 fe 06 64 a6 71 Sep 6 17:32:45 localhost pluto[12215]: | 21 fa 1f a9 7d 68 cd 47 a5 0a fb a7 c9 b8 0a af Sep 6 17:32:45 localhost pluto[12215]: | 9c 96 b8 10 4b 22 41 80 1c a9 1d 03 9b 9f f5 f5 Sep 6 17:32:45 localhost pluto[12215]: | 7c 6b 9e 85 13 8d 4c dd c4 58 6e 9e 07 4b a5 f8 Sep 6 17:32:45 localhost pluto[12215]: | 34 06 24 ec 25 7f 7f ac 8c 1f 81 62 0d 1c 51 22 Sep 6 17:32:45 localhost pluto[12215]: | be d4 0e 85 09 12 70 79 d8 0c f2 34 9b ef b6 18 Sep 6 17:32:45 localhost pluto[12215]: | thinking about whether to send my certificate: Sep 6 17:32:45 localhost pluto[12215]: | I have RSA key: OAKLEY_PRESHARED_KEY cert.type: CERT_NONE Sep 6 17:32:45 localhost pluto[12215]: | sendcert: CERT_ALWAYSSEND and I did not get a certificate request Sep 6 17:32:45 localhost pluto[12215]: | so do not send cert. Sep 6 17:32:45 localhost pluto[12215]: "xxx" #1: I did not send a certificate because I do not have one. Sep 6 17:32:45 localhost pluto[12215]: | I am not sending a certificate request Sep 6 17:32:45 localhost pluto[12215]: | started looking for secret for 1.1.1.1->1.1.1.2 of kind PPK_PSK Sep 6 17:32:45 localhost pluto[12215]: | actually looking for secret for 1.1.1.1->1.1.1.2 of kind PPK_PSK Sep 6 17:32:45 localhost pluto[12215]: | 1: compared PSK 1.1.1.2 to 1.1.1.1 / 1.1.1.2 -> 2 Sep 6 17:32:45 localhost pluto[12215]: | 2: compared PSK 1.1.1.1 to 1.1.1.1 / 1.1.1.2 -> 6 Sep 6 17:32:45 localhost pluto[12215]: | best_match 0>6 best=0x80f8f90 (line=1) Sep 6 17:32:45 localhost pluto[12215]: | concluding with best_match=6 best=0x80f8f90 (lineno=1) Sep 6 17:32:45 localhost pluto[12215]: | calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1024): 3114 usec Sep 6 17:32:45 localhost pluto[12215]: | DH shared secret: Sep 6 17:32:45 localhost pluto[12215]: | 1f 5b bb 65 cd 9f 61 8c 7e 58 a9 28 6c b0 ac 65 Sep 6 17:32:45 localhost pluto[12215]: | e5 cd d9 e5 ba 2b 4d 78 dd 31 c2 3f 8e 97 3b 97 Sep 6 17:32:45 localhost pluto[12215]: | e9 f0 a9 73 4f 8f 0d 4b ed cf cd 7f 3d 39 76 d1 Sep 6 17:32:45 localhost pluto[12215]: | 5b 32 04 31 80 39 8e 5e a1 5a 69 04 a3 7c c9 16 Sep 6 17:32:45 localhost pluto[12215]: | 91 3e ef 6a 96 da 4c dd 38 64 a7 e3 33 36 35 37 Sep 6 17:32:45 localhost pluto[12215]: | 06 d6 95 08 85 ca c6 05 5c 39 f2 93 a6 11 6d 42 Sep 6 17:32:45 localhost pluto[12215]: | 86 f0 25 d0 11 f3 8c 5a 0a 74 df f8 89 fe fa d5 Sep 6 17:32:45 localhost pluto[12215]: | 96 ff a9 02 d7 5a f6 ae 58 ad 6a 16 f1 a1 a7 6e Sep 6 17:32:45 localhost pluto[12215]: | Skey inputs (PSK+NI+NR) Sep 6 17:32:45 localhost pluto[12215]: | ni: 1f ab 9b 3b 0f 37 0c b8 45 25 f4 4d 95 2d eb de Sep 6 17:32:45 localhost pluto[12215]: | nr: 0b a3 80 dd c3 26 43 b0 7e de fe 14 19 23 42 40 Sep 6 17:32:45 localhost pluto[12215]: | 50 56 97 49 Sep 6 17:32:45 localhost pluto[12215]: | keyid: 93 36 76 e8 b9 b7 2c 22 0f 9f c0 76 93 9d d8 d5 Sep 6 17:32:45 localhost pluto[12215]: | DH_i: 8e 3f a8 45 4a cf f3 58 2b 93 8b 5f e0 b8 41 97 Sep 6 17:32:45 localhost pluto[12215]: | e5 08 a1 33 41 31 d5 a6 a3 e6 0e 58 ec d7 e2 3b Sep 6 17:32:45 localhost pluto[12215]: | 50 8d e9 31 1d 2a ab 89 e7 ea b3 1b 0b 90 9f 46 Sep 6 17:32:45 localhost pluto[12215]: | 03 6e 3a 91 36 aa e5 b0 c4 c2 8b e7 72 88 d2 9e Sep 6 17:32:45 localhost pluto[12215]: | 62 4c 4b a0 cb 1b 03 ff 76 da 0e 2f d7 26 1c 3c Sep 6 17:32:45 localhost pluto[12215]: | 52 3a 40 bb 77 cc 08 6f 9a 4b a0 4d 29 1a e0 58 Sep 6 17:32:45 localhost pluto[12215]: | 67 f1 4f c7 3e 8d 68 d2 8a be e7 ac f7 40 fe 7d Sep 6 17:32:45 localhost pluto[12215]: | 2b 39 1a c1 ab 1d f3 79 73 c0 62 ce 05 51 0d 6a Sep 6 17:32:45 localhost pluto[12215]: | DH_r: ef a3 dc 23 b2 09 a1 7a 6d 64 a8 80 e0 93 5c 8e Sep 6 17:32:45 localhost pluto[12215]: | 1c 9d 53 57 81 a0 9e 03 78 1e 87 0d f9 2e 27 6f Sep 6 17:32:45 localhost pluto[12215]: | 06 ad 1c c2 cd 83 55 a5 51 f7 76 fe 06 64 a6 71 Sep 6 17:32:45 localhost pluto[12215]: | 21 fa 1f a9 7d 68 cd 47 a5 0a fb a7 c9 b8 0a af Sep 6 17:32:45 localhost pluto[12215]: | 9c 96 b8 10 4b 22 41 80 1c a9 1d 03 9b 9f f5 f5 Sep 6 17:32:45 localhost pluto[12215]: | 7c 6b 9e 85 13 8d 4c dd c4 58 6e 9e 07 4b a5 f8 Sep 6 17:32:45 localhost pluto[12215]: | 34 06 24 ec 25 7f 7f ac 8c 1f 81 62 0d 1c 51 22 Sep 6 17:32:45 localhost pluto[12215]: | be d4 0e 85 09 12 70 79 d8 0c f2 34 9b ef b6 18 Sep 6 17:32:45 localhost pluto[12215]: | Skeyid: 93 36 76 e8 b9 b7 2c 22 0f 9f c0 76 93 9d d8 d5 Sep 6 17:32:45 localhost pluto[12215]: | Skeyid_d: ba a3 f7 72 6b 21 93 b0 a6 c6 76 df cf c8 69 78 Sep 6 17:32:45 localhost pluto[12215]: | Skeyid_a: 5f 4f 9e 18 17 de 38 2e 82 da d0 1f c0 d2 99 96 Sep 6 17:32:45 localhost pluto[12215]: | Skeyid_e: 58 3f 33 33 66 ca 08 46 4e 7d d4 b7 31 b2 96 6a Sep 6 17:32:45 localhost pluto[12215]: | enc key: f1 36 29 ce 0d 32 69 fa 01 2a 11 77 b2 a9 ac 16 Sep 6 17:32:45 localhost pluto[12215]: | 58 0f c3 bb 03 32 7f 79 Sep 6 17:32:45 localhost pluto[12215]: | IV: 32 59 6c 43 21 b3 88 42 8d 95 f0 87 4a f0 e1 98 Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: hasher=0x80e14a0(16) Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: icookie= Sep 6 17:32:45 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: rcookie= Sep 6 17:32:45 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: ip= 01 01 01 01 Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: port=500 Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: hash= b8 fc 97 b9 0f 1b d2 77 ad bf be fd 34 fb 04 79 Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: hasher=0x80e14a0(16) Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: icookie= Sep 6 17:32:45 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: rcookie= Sep 6 17:32:45 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: ip= 01 01 01 02 Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: port=500 Sep 6 17:32:45 localhost pluto[12215]: | _natd_hash: hash= bf e2 d7 4e 56 93 17 14 3a ed 98 ea 11 60 d7 46 Sep 6 17:32:45 localhost pluto[12215]: | NAT_TRAVERSAL hash=0 (me:0) (him:0) Sep 6 17:32:45 localhost pluto[12215]: | expected NAT-D(me): b8 fc 97 b9 0f 1b d2 77 ad bf be fd 34 fb 04 79 Sep 6 17:32:45 localhost pluto[12215]: | expected NAT-D(him): Sep 6 17:32:45 localhost pluto[12215]: | bf e2 d7 4e 56 93 17 14 3a ed 98 ea 11 60 d7 46 Sep 6 17:32:45 localhost pluto[12215]: | received NAT-D: b8 fc 97 b9 0f 1b d2 77 ad bf be fd 34 fb 04 79 Sep 6 17:32:45 localhost pluto[12215]: | NAT_TRAVERSAL hash=1 (me:1) (him:0) Sep 6 17:32:45 localhost pluto[12215]: | expected NAT-D(me): b8 fc 97 b9 0f 1b d2 77 ad bf be fd 34 fb 04 79 Sep 6 17:32:45 localhost pluto[12215]: | expected NAT-D(him): Sep 6 17:32:45 localhost pluto[12215]: | bf e2 d7 4e 56 93 17 14 3a ed 98 ea 11 60 d7 46 Sep 6 17:32:45 localhost pluto[12215]: | received NAT-D: bf e2 d7 4e 56 93 17 14 3a ed 98 ea 11 60 d7 46 Sep 6 17:32:45 localhost pluto[12215]: | NAT_TRAVERSAL hash=2 (me:1) (him:1) Sep 6 17:32:45 localhost pluto[12215]: "xxx" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected Sep 6 17:32:45 localhost pluto[12215]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds Sep 6 17:32:45 localhost pluto[12215]: | ***emit ISAKMP Identification Payload (IPsec DOI): Sep 6 17:32:45 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_HASH Sep 6 17:32:46 localhost pluto[12215]: | ID type: ID_IPV4_ADDR Sep 6 17:32:46 localhost pluto[12215]: | Protocol ID: 0 Sep 6 17:32:46 localhost pluto[12215]: | port: 0 Sep 6 17:32:46 localhost pluto[12215]: | emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) Sep 6 17:32:46 localhost pluto[12215]: | my identity 01 01 01 01 Sep 6 17:32:46 localhost pluto[12215]: | emitting length of ISAKMP Identification Payload (IPsec DOI): 12 Sep 6 17:32:46 localhost pluto[12215]: | hashing 144 bytes of SA Sep 6 17:32:46 localhost pluto[12215]: | ***emit ISAKMP Hash Payload: Sep 6 17:32:46 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:46 localhost pluto[12215]: | emitting 16 raw bytes of HASH_I into ISAKMP Hash Payload Sep 6 17:32:46 localhost pluto[12215]: | HASH_I 1e 0c 1f b2 4f 9e 0a 1e 9b 61 3e 23 65 af 31 b2 Sep 6 17:32:46 localhost pluto[12215]: | emitting length of ISAKMP Hash Payload: 20 Sep 6 17:32:46 localhost pluto[12215]: | encrypting: Sep 6 17:32:46 localhost pluto[12215]: | 08 00 00 0c 01 00 00 00 01 01 01 01 00 00 00 14 Sep 6 17:32:46 localhost pluto[12215]: | 1e 0c 1f b2 4f 9e 0a 1e 9b 61 3e 23 65 af 31 b2 Sep 6 17:32:46 localhost pluto[12215]: | IV: Sep 6 17:32:46 localhost pluto[12215]: | 32 59 6c 43 21 b3 88 42 8d 95 f0 87 4a f0 e1 98 Sep 6 17:32:46 localhost pluto[12215]: | encrypting using OAKLEY_3DES_CBC Sep 6 17:32:46 localhost pluto[12215]: | next IV: 6b 96 09 27 3d 90 9a 6d Sep 6 17:32:46 localhost pluto[12215]: | emitting length of ISAKMP Message: 60 Sep 6 17:32:46 localhost pluto[12215]: | complete state transition with STF_OK Sep 6 17:32:46 localhost pluto[12215]: "xxx" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Sep 6 17:32:46 localhost pluto[12215]: | sending reply packet to 1.1.1.2:500 (from port=500) Sep 6 17:32:46 localhost pluto[12215]: | sending 60 bytes for STATE_MAIN_I2 through tun0:500 to 1.1.1.2:500: Sep 6 17:32:46 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:32:46 localhost pluto[12215]: | 05 10 02 01 00 00 00 00 00 00 00 3c ee 50 96 ac Sep 6 17:32:46 localhost pluto[12215]: | be 0b 34 2e 89 ae 5b ce 66 33 95 9d 59 8c a6 6a Sep 6 17:32:46 localhost pluto[12215]: | bd 9f c7 59 6b 96 09 27 3d 90 9a 6d Sep 6 17:32:46 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1 Sep 6 17:32:46 localhost pluto[12215]: "xxx" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Sep 6 17:32:46 localhost pluto[12215]: | modecfg pull: noquirk policy:push not-client Sep 6 17:32:46 localhost pluto[12215]: | phase 1 is done, looking for phase 1 to unpend Sep 6 17:32:46 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 10 seconds for #1 Sep 6 17:32:46 localhost pluto[12215]: | Sep 6 17:32:46 localhost pluto[12215]: | *received 68 bytes from 1.1.1.2:500 on tun0 (port=500) Sep 6 17:32:46 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:32:46 localhost pluto[12215]: | 05 10 02 01 00 00 00 00 00 00 00 44 8e b8 39 1e Sep 6 17:32:46 localhost pluto[12215]: | d3 1d 94 78 ce 75 74 ba 73 cd 52 e8 1f 1d 89 e6 Sep 6 17:32:46 localhost pluto[12215]: | b2 a8 51 b0 18 48 e3 35 70 1a bb 82 96 9f c9 2d Sep 6 17:32:46 localhost pluto[12215]: | 15 37 21 ec Sep 6 17:32:46 localhost pluto[12215]: | **parse ISAKMP Message: Sep 6 17:32:46 localhost pluto[12215]: | initiator cookie: Sep 6 17:32:46 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:46 localhost pluto[12215]: | responder cookie: Sep 6 17:32:46 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:32:46 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_ID Sep 6 17:32:46 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:32:46 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_IDPROT Sep 6 17:32:46 localhost pluto[12215]: | flags: ISAKMP_FLAG_ENCRYPTION Sep 6 17:32:46 localhost pluto[12215]: | message ID: 00 00 00 00 Sep 6 17:32:46 localhost pluto[12215]: | length: 68 Sep 6 17:32:46 localhost pluto[12215]: | processing packet with exchange type=ISAKMP_XCHG_IDPROT (2) Sep 6 17:32:46 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:46 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:32:46 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:32:46 localhost pluto[12215]: | state hash entry 23 Sep 6 17:32:46 localhost pluto[12215]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000 Sep 6 17:32:46 localhost pluto[12215]: | state object #1 found, in STATE_MAIN_I3 Sep 6 17:32:46 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:46 localhost pluto[12215]: | received encrypted packet from 1.1.1.2:500 Sep 6 17:32:46 localhost pluto[12215]: | decrypting 40 bytes using algorithm OAKLEY_3DES_CBC Sep 6 17:32:46 localhost pluto[12215]: | decrypted: Sep 6 17:32:46 localhost pluto[12215]: | 08 00 00 0c 01 11 01 f4 01 01 01 02 00 00 00 14 Sep 6 17:32:46 localhost pluto[12215]: | 4f d3 14 4e f7 d4 6e 42 36 53 17 13 0a 84 97 fb Sep 6 17:32:46 localhost pluto[12215]: | 00 00 00 00 00 00 00 00 Sep 6 17:32:46 localhost pluto[12215]: | next IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:32:46 localhost pluto[12215]: | np=5 and sd=(nil) Sep 6 17:32:46 localhost pluto[12215]: | ***parse ISAKMP Identification Payload: Sep 6 17:32:46 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_HASH Sep 6 17:32:46 localhost pluto[12215]: | length: 12 Sep 6 17:32:46 localhost pluto[12215]: | ID type: ID_IPV4_ADDR Sep 6 17:32:46 localhost pluto[12215]: | DOI specific A: 17 Sep 6 17:32:46 localhost pluto[12215]: | DOI specific B: 500 Sep 6 17:32:46 localhost pluto[12215]: | np=8 and sd=0x80deed8 Sep 6 17:32:46 localhost pluto[12215]: | ***parse ISAKMP Hash Payload: Sep 6 17:32:46 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:46 localhost pluto[12215]: | length: 20 Sep 6 17:32:46 localhost pluto[12215]: | removing 8 bytes of padding Sep 6 17:32:46 localhost pluto[12215]: "xxx" #1: Main mode peer ID is ID_IPV4_ADDR: '1.1.1.2' Sep 6 17:32:46 localhost pluto[12215]: | hashing 144 bytes of SA Sep 6 17:32:46 localhost pluto[12215]: | authentication succeeded Sep 6 17:32:46 localhost pluto[12215]: | complete state transition with STF_OK Sep 6 17:32:46 localhost pluto[12215]: "xxx" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Sep 6 17:32:46 localhost pluto[12215]: | inserting event EVENT_SA_REPLACE, timeout in 2996 seconds for #1 Sep 6 17:32:46 localhost pluto[12215]: "xxx" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024} Sep 6 17:32:46 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:46 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:32:46 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:32:46 localhost pluto[12215]: | state hash entry 23 Sep 6 17:32:46 localhost pluto[12215]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000 Sep 6 17:32:46 localhost pluto[12215]: | state object #1 found, in STATE_MAIN_I4 Sep 6 17:32:46 localhost pluto[12215]: "xxx" #1: Dead Peer Detection (RFC 3706): enabled Sep 6 17:32:46 localhost pluto[12215]: | state: 1 requesting event none to be deleted by dpd.c:160 Sep 6 17:32:46 localhost pluto[12215]: | inserting event EVENT_DPD, timeout in 25 seconds for #1 Sep 6 17:32:46 localhost pluto[12215]: | modecfg pull: noquirk policy:push not-client Sep 6 17:32:46 localhost pluto[12215]: | phase 1 is done, looking for phase 1 to unpend Sep 6 17:32:46 localhost pluto[12215]: | unqueuing pending Quick Mode with 1.1.1.2 "xxx" Sep 6 17:32:46 localhost pluto[12215]: | duplicating state object #1 Sep 6 17:32:46 localhost pluto[12215]: | creating state object #2 at 0x80feae8 Sep 6 17:32:47 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:47 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:47 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:32:47 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:32:47 localhost pluto[12215]: | state hash entry 23 Sep 6 17:32:47 localhost pluto[12215]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2 Sep 6 17:32:47 localhost pluto[12215]: "xxx" #2: initiating Quick Mode PSK+ENCRYPT+UP {using isakmp#1} Sep 6 17:32:47 localhost pluto[12215]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1 Sep 6 17:32:47 localhost pluto[12215]: | asking helper 0 to do build_nonce op on seq: 2 Sep 6 17:32:47 localhost pluto[12215]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #2 Sep 6 17:32:47 localhost pluto[12216]: ! helper 0 doing build_nonce op id: 2 Sep 6 17:32:47 localhost pluto[12215]: | Sep 6 17:32:47 localhost pluto[12216]: ! Generated nonce: Sep 6 17:32:47 localhost pluto[12215]: | *received whack message Sep 6 17:32:47 localhost pluto[12216]: ! 53 a5 0a 57 61 a5 1d c0 76 3e 1e 78 d4 25 5c a8 Sep 6 17:32:47 localhost pluto[12215]: | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Sep 6 17:32:47 localhost pluto[12215]: | next event EVENT_NAT_T_KEEPALIVE in 18 seconds Sep 6 17:32:47 localhost pluto[12215]: | helper 0 has work (cnt now 0) Sep 6 17:32:47 localhost pluto[12215]: | helper 0 replies to sequence 2 Sep 6 17:32:47 localhost pluto[12215]: | calling callback function 0x806907e Sep 6 17:32:47 localhost pluto[12215]: | quick outI1: calculated ke+nonce, sending I1 Sep 6 17:32:47 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:47 localhost pluto[12215]: | **emit ISAKMP Message: Sep 6 17:32:47 localhost pluto[12215]: | initiator cookie: Sep 6 17:32:47 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:47 localhost pluto[12215]: | responder cookie: Sep 6 17:32:47 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:32:47 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_HASH Sep 6 17:32:47 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:32:47 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_QUICK Sep 6 17:32:47 localhost pluto[12215]: | flags: ISAKMP_FLAG_ENCRYPTION Sep 6 17:32:47 localhost pluto[12215]: | message ID: a0 c6 02 b0 Sep 6 17:32:47 localhost pluto[12215]: | ***emit ISAKMP Hash Payload: Sep 6 17:32:47 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_SA Sep 6 17:32:47 localhost pluto[12215]: | emitting 16 zero bytes of HASH into ISAKMP Hash Payload Sep 6 17:32:47 localhost pluto[12215]: | emitting length of ISAKMP Hash Payload: 20 Sep 6 17:32:47 localhost pluto[12215]: | kernel_alg_db_new() initial trans_cnt=28 Sep 6 17:32:47 localhost pluto[12215]: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 Sep 6 17:32:47 localhost pluto[12215]: | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1 Sep 6 17:32:47 localhost pluto[12215]: | returning new proposal from esp_info Sep 6 17:32:47 localhost pluto[12215]: | ***emit ISAKMP Security Association Payload: Sep 6 17:32:47 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONCE Sep 6 17:32:47 localhost pluto[12215]: | DOI: ISAKMP_DOI_IPSEC Sep 6 17:32:47 localhost pluto[12215]: | ****emit IPsec DOI SIT: Sep 6 17:32:47 localhost pluto[12215]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Sep 6 17:32:47 localhost pluto[12215]: | out_sa pcn: 0 has 1 valid proposals Sep 6 17:32:47 localhost pluto[12215]: | out_sa pcn: 0 pn: 0<1 valid_count: 1 Sep 6 17:32:47 localhost pluto[12215]: | ****emit ISAKMP Proposal Payload: Sep 6 17:32:47 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:47 localhost pluto[12215]: | proposal number: 0 Sep 6 17:32:47 localhost pluto[12215]: | protocol ID: PROTO_IPSEC_ESP Sep 6 17:32:47 localhost pluto[12215]: | SPI size: 4 Sep 6 17:32:47 localhost pluto[12215]: | number of transforms: 1 Sep 6 17:32:47 localhost pluto[12215]: | netlink_get_spi: allocated 0x34d56367 for esp.0@1.1.1.1 Sep 6 17:32:47 localhost pluto[12215]: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 6 17:32:47 localhost pluto[12215]: | SPI 34 d5 63 67 Sep 6 17:32:47 localhost pluto[12215]: | *****emit ISAKMP Transform Payload (ESP): Sep 6 17:32:47 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:47 localhost pluto[12215]: | transform number: 0 Sep 6 17:32:47 localhost pluto[12215]: | transform ID: ESP_3DES Sep 6 17:32:47 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:32:47 localhost pluto[12215]: | af+type: ENCAPSULATION_MODE Sep 6 17:32:47 localhost pluto[12215]: | length/value: 2 Sep 6 17:32:47 localhost pluto[12215]: | [2 is ENCAPSULATION_MODE_TRANSPORT] Sep 6 17:32:47 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:32:47 localhost pluto[12215]: | af+type: SA_LIFE_TYPE Sep 6 17:32:47 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:47 localhost pluto[12215]: | [1 is SA_LIFE_TYPE_SECONDS] Sep 6 17:32:47 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:32:47 localhost pluto[12215]: | af+type: SA_LIFE_DURATION Sep 6 17:32:47 localhost pluto[12215]: | length/value: 28800 Sep 6 17:32:47 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:32:47 localhost pluto[12215]: | af+type: AUTH_ALGORITHM Sep 6 17:32:47 localhost pluto[12215]: | length/value: 1 Sep 6 17:32:47 localhost pluto[12215]: | [1 is AUTH_ALGORITHM_HMAC_MD5] Sep 6 17:32:47 localhost pluto[12215]: | emitting length of ISAKMP Transform Payload (ESP): 24 Sep 6 17:32:47 localhost pluto[12215]: | emitting length of ISAKMP Proposal Payload: 36 Sep 6 17:32:47 localhost pluto[12215]: | emitting length of ISAKMP Security Association Payload: 48 Sep 6 17:32:47 localhost pluto[12215]: | ***emit ISAKMP Nonce Payload: Sep 6 17:32:48 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:48 localhost pluto[12215]: | emitting 16 raw bytes of Ni into ISAKMP Nonce Payload Sep 6 17:32:48 localhost pluto[12215]: | Ni 53 a5 0a 57 61 a5 1d c0 76 3e 1e 78 d4 25 5c a8 Sep 6 17:32:48 localhost pluto[12215]: | emitting length of ISAKMP Nonce Payload: 20 Sep 6 17:32:48 localhost pluto[12215]: | HASH(1) computed: Sep 6 17:32:48 localhost pluto[12215]: | 46 a1 0b 3e 5d 4c 91 c5 f0 bb 23 b2 4d 33 36 8f Sep 6 17:32:48 localhost pluto[12215]: | last Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:32:48 localhost pluto[12215]: | current Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:32:48 localhost pluto[12215]: | computed Phase 2 IV: Sep 6 17:32:48 localhost pluto[12215]: | e7 df fb 1e 06 98 b0 32 2e 50 db 3f e9 30 41 0c Sep 6 17:32:48 localhost pluto[12215]: | encrypting: Sep 6 17:32:48 localhost pluto[12215]: | 01 00 00 14 46 a1 0b 3e 5d 4c 91 c5 f0 bb 23 b2 Sep 6 17:32:48 localhost pluto[12215]: | 4d 33 36 8f 0a 00 00 30 00 00 00 01 00 00 00 01 Sep 6 17:32:48 localhost pluto[12215]: | 00 00 00 24 00 03 04 01 34 d5 63 67 00 00 00 18 Sep 6 17:32:48 localhost pluto[12215]: | 00 03 00 00 80 04 00 02 80 01 00 01 80 02 70 80 Sep 6 17:32:48 localhost pluto[12215]: | 80 05 00 01 00 00 00 14 53 a5 0a 57 61 a5 1d c0 Sep 6 17:32:48 localhost pluto[12215]: | 76 3e 1e 78 d4 25 5c a8 Sep 6 17:32:48 localhost pluto[12215]: | IV: Sep 6 17:32:48 localhost pluto[12215]: | e7 df fb 1e 06 98 b0 32 2e 50 db 3f e9 30 41 0c Sep 6 17:32:48 localhost pluto[12215]: | encrypting using OAKLEY_3DES_CBC Sep 6 17:32:48 localhost pluto[12215]: | next IV: d3 12 43 4e 43 c8 4e 28 Sep 6 17:32:48 localhost pluto[12215]: | emitting length of ISAKMP Message: 116 Sep 6 17:32:48 localhost pluto[12215]: | sending 116 bytes for quick_outI1 through tun0:500 to 1.1.1.2:500: Sep 6 17:32:48 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:32:48 localhost pluto[12215]: | 08 10 20 01 a0 c6 02 b0 00 00 00 74 1e d3 9b 00 Sep 6 17:32:48 localhost pluto[12215]: | f0 21 78 89 63 f9 4c 05 24 78 67 8c 4b cf c8 83 Sep 6 17:32:48 localhost pluto[12215]: | c2 4b 72 03 eb b0 e2 a8 73 c7 a4 49 17 68 42 b6 Sep 6 17:32:48 localhost pluto[12215]: | 48 e9 e1 8d 68 7c c9 47 c5 b1 fc d3 b2 3e a7 7d Sep 6 17:32:48 localhost pluto[12215]: | bc ca db 0b 24 a6 d1 dd d7 94 27 a5 45 41 ef 23 Sep 6 17:32:48 localhost pluto[12215]: | 7a 1b 09 bf 09 8a bd 22 1a f0 09 a0 d3 12 43 4e Sep 6 17:32:48 localhost pluto[12215]: | 43 c8 4e 28 Sep 6 17:32:48 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2 Sep 6 17:32:48 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 10 seconds for #2 Sep 6 17:32:48 localhost pluto[12215]: | Sep 6 17:32:48 localhost pluto[12215]: | *received 116 bytes from 1.1.1.2:500 on tun0 (port=500) Sep 6 17:32:48 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:32:48 localhost pluto[12215]: | 08 10 05 01 55 6c 74 d0 00 00 00 74 30 e6 f7 e4 Sep 6 17:32:48 localhost pluto[12215]: | 84 b2 0c de 05 94 88 27 25 74 a7 8d 0a 08 d9 24 Sep 6 17:32:48 localhost pluto[12215]: | d8 76 2f f0 d6 5c 55 87 ed d8 81 7f 10 cd b4 d9 Sep 6 17:32:48 localhost pluto[12215]: | ce b6 98 2f a1 2d ff 7e 7f 29 60 87 0c 20 ba fe Sep 6 17:32:48 localhost pluto[12215]: | 3a 2c eb 99 8b 50 d5 31 06 fe 2d 5c 3a c0 4a 60 Sep 6 17:32:48 localhost pluto[12215]: | a2 10 71 1a 20 cf a5 79 22 eb 5f 81 4d 5b b8 ee Sep 6 17:32:48 localhost pluto[12215]: | 7a e1 7f 3e Sep 6 17:32:48 localhost pluto[12215]: | **parse ISAKMP Message: Sep 6 17:32:48 localhost pluto[12215]: | initiator cookie: Sep 6 17:32:48 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:48 localhost pluto[12215]: | responder cookie: Sep 6 17:32:48 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:32:48 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_HASH Sep 6 17:32:48 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:32:48 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_INFO Sep 6 17:32:48 localhost pluto[12215]: | flags: ISAKMP_FLAG_ENCRYPTION Sep 6 17:32:48 localhost pluto[12215]: | message ID: 55 6c 74 d0 Sep 6 17:32:48 localhost pluto[12215]: | length: 116 Sep 6 17:32:48 localhost pluto[12215]: | processing packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 6 17:32:48 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:32:48 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:32:48 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:32:48 localhost pluto[12215]: | state hash entry 23 Sep 6 17:32:48 localhost pluto[12215]: | peer and cookies match on #2, provided msgid 00000000 vs a0c602b0/00000000 Sep 6 17:32:48 localhost pluto[12215]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000 Sep 6 17:32:48 localhost pluto[12215]: | p15 state object #1 found, in STATE_MAIN_I4 Sep 6 17:32:48 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:48 localhost pluto[12215]: | last Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:32:48 localhost pluto[12215]: | current Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:32:48 localhost pluto[12215]: | computed Phase 2 IV: Sep 6 17:32:48 localhost pluto[12215]: | b4 c9 b4 e5 55 48 30 ec 69 b9 79 84 90 1e 8b 7e Sep 6 17:32:48 localhost pluto[12215]: | received encrypted packet from 1.1.1.2:500 Sep 6 17:32:48 localhost pluto[12215]: | decrypting 88 bytes using algorithm OAKLEY_3DES_CBC Sep 6 17:32:48 localhost pluto[12215]: | decrypted: Sep 6 17:32:48 localhost pluto[12215]: | 0b 00 00 14 41 2d d7 09 29 ed 81 64 61 fd d8 be Sep 6 17:32:48 localhost pluto[12215]: | ce f3 2a a4 00 00 00 40 00 00 00 01 03 04 00 0e Sep 6 17:32:48 localhost pluto[12215]: | 34 d5 63 67 0a 00 00 30 00 00 00 01 00 00 00 01 Sep 6 17:32:48 localhost pluto[12215]: | 81 40 e7 64 01 00 00 14 00 00 00 00 81 cd be e0 Sep 6 17:32:48 localhost pluto[12215]: | 83 18 91 c4 83 0e e3 80 81 40 ea cc 01 0e e3 f4 Sep 6 17:32:48 localhost pluto[12215]: | a0 c6 02 b0 00 00 00 00 Sep 6 17:32:48 localhost pluto[12215]: | next IV: 4d 5b b8 ee 7a e1 7f 3e Sep 6 17:32:48 localhost pluto[12215]: | np=8 and sd=0x80deed8 Sep 6 17:32:48 localhost pluto[12215]: | ***parse ISAKMP Hash Payload: Sep 6 17:32:48 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_N Sep 6 17:32:48 localhost pluto[12215]: | length: 20 Sep 6 17:32:48 localhost pluto[12215]: | np=11 and sd=0x80dee20 Sep 6 17:32:48 localhost pluto[12215]: | ***parse ISAKMP Notification Payload: Sep 6 17:32:48 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:32:48 localhost pluto[12215]: | length: 64 Sep 6 17:32:48 localhost pluto[12215]: | DOI: ISAKMP_DOI_IPSEC Sep 6 17:32:48 localhost pluto[12215]: | protocol ID: 3 Sep 6 17:32:48 localhost pluto[12215]: | SPI size: 4 Sep 6 17:32:48 localhost pluto[12215]: | Notify Message Type: NO_PROPOSAL_CHOSEN Sep 6 17:32:48 localhost pluto[12215]: | removing 4 bytes of padding Sep 6 17:32:48 localhost pluto[12215]: "xxx" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN Sep 6 17:32:48 localhost pluto[12215]: | info: 34 d5 63 67 0a 00 00 30 00 00 00 01 00 00 00 01 Sep 6 17:32:48 localhost pluto[12215]: | 81 40 e7 64 01 00 00 14 00 00 00 00 81 cd be e0 Sep 6 17:32:48 localhost pluto[12215]: | 83 18 91 c4 83 0e e3 80 81 40 ea cc 01 0e e3 f4 Sep 6 17:32:48 localhost pluto[12215]: | a0 c6 02 b0 Sep 6 17:32:48 localhost pluto[12215]: | processing informational NO_PROPOSAL_CHOSEN (14) Sep 6 17:32:48 localhost pluto[12215]: "xxx" #1: received and ignored informational message Sep 6 17:32:48 localhost pluto[12215]: | complete state transition with STF_IGNORE Sep 6 17:32:48 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 10 seconds for #2 Sep 6 17:32:58 localhost pluto[12215]: | Sep 6 17:32:58 localhost pluto[12215]: | *time to handle event Sep 6 17:32:58 localhost pluto[12215]: | handling event EVENT_RETRANSMIT Sep 6 17:32:58 localhost pluto[12215]: | event after this is EVENT_NAT_T_KEEPALIVE in 7 seconds Sep 6 17:32:58 localhost pluto[12215]: | processing connection xxx Sep 6 17:32:58 localhost pluto[12215]: | handling event EVENT_RETRANSMIT for 1.1.1.2 "xxx" #2 Sep 6 17:32:58 localhost pluto[12215]: | sending 116 bytes for EVENT_RETRANSMIT through tun0:500 to 1.1.1.2:500: Sep 6 17:32:58 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:32:58 localhost pluto[12215]: | 08 10 20 01 a0 c6 02 b0 00 00 00 74 1e d3 9b 00 Sep 6 17:32:58 localhost pluto[12215]: | f0 21 78 89 63 f9 4c 05 24 78 67 8c 4b cf c8 83 Sep 6 17:32:58 localhost pluto[12215]: | c2 4b 72 03 eb b0 e2 a8 73 c7 a4 49 17 68 42 b6 Sep 6 17:32:58 localhost pluto[12215]: | 48 e9 e1 8d 68 7c c9 47 c5 b1 fc d3 b2 3e a7 7d Sep 6 17:32:59 localhost pluto[12215]: | bc ca db 0b 24 a6 d1 dd d7 94 27 a5 45 41 ef 23 Sep 6 17:32:59 localhost pluto[12215]: | 7a 1b 09 bf 09 8a bd 22 1a f0 09 a0 d3 12 43 4e Sep 6 17:32:59 localhost pluto[12215]: | 43 c8 4e 28 Sep 6 17:32:59 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #2 Sep 6 17:32:59 localhost pluto[12215]: | next event EVENT_NAT_T_KEEPALIVE in 7 seconds Sep 6 17:33:02 localhost pluto[12215]: | Sep 6 17:33:02 localhost pluto[12215]: | *received whack message Sep 6 17:33:02 localhost pluto[12215]: | kernel_alg_esp_enc_ok(3,0): alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1 Sep 6 17:33:02 localhost pluto[12215]: | next event EVENT_NAT_T_KEEPALIVE in 3 seconds Sep 6 17:33:05 localhost pluto[12215]: | Sep 6 17:33:05 localhost pluto[12215]: | *time to handle event Sep 6 17:33:05 localhost pluto[12215]: | handling event EVENT_NAT_T_KEEPALIVE Sep 6 17:33:05 localhost pluto[12215]: | event after this is EVENT_DPD in 6 seconds Sep 6 17:33:05 localhost pluto[12215]: | processing connection xxx Sep 6 17:33:05 localhost pluto[12215]: | processing connection xxx Sep 6 17:33:05 localhost pluto[12215]: | next event EVENT_DPD in 6 seconds for #1 Sep 6 17:33:11 localhost pluto[12215]: | Sep 6 17:33:11 localhost pluto[12215]: | *time to handle event Sep 6 17:33:11 localhost pluto[12215]: | handling event EVENT_DPD Sep 6 17:33:11 localhost pluto[12215]: | event after this is EVENT_RETRANSMIT in 7 seconds Sep 6 17:33:11 localhost pluto[12215]: | processing connection xxx Sep 6 17:33:11 localhost pluto[12215]: | state: 1 requesting event none to be deleted by dpd.c:193 Sep 6 17:33:11 localhost pluto[12215]: | inserting event EVENT_DPD_TIMEOUT, timeout in 10 seconds for #1 Sep 6 17:33:11 localhost pluto[12215]: | **emit ISAKMP Message: Sep 6 17:33:11 localhost pluto[12215]: | initiator cookie: Sep 6 17:33:11 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:33:11 localhost pluto[12215]: | responder cookie: Sep 6 17:33:11 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:33:11 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_HASH Sep 6 17:33:11 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:33:11 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_INFO Sep 6 17:33:11 localhost pluto[12215]: | flags: ISAKMP_FLAG_ENCRYPTION Sep 6 17:33:11 localhost pluto[12215]: | message ID: 24 40 1d 63 Sep 6 17:33:11 localhost pluto[12215]: | ***emit ISAKMP Hash Payload: Sep 6 17:33:11 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_N Sep 6 17:33:11 localhost pluto[12215]: | emitting 16 zero bytes of HASH into ISAKMP Hash Payload Sep 6 17:33:11 localhost pluto[12215]: | emitting length of ISAKMP Hash Payload: 20 Sep 6 17:33:11 localhost pluto[12215]: | ***emit ISAKMP Notification Payload: Sep 6 17:33:11 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:33:11 localhost pluto[12215]: | DOI: ISAKMP_DOI_IPSEC Sep 6 17:33:11 localhost pluto[12215]: | protocol ID: 1 Sep 6 17:33:11 localhost pluto[12215]: | SPI size: 16 Sep 6 17:33:12 localhost pluto[12215]: | Notify Message Type: R_U_THERE Sep 6 17:33:12 localhost pluto[12215]: | emitting 8 raw bytes of notify icookie into ISAKMP Notification Payload Sep 6 17:33:12 localhost pluto[12215]: | notify icookie c6 75 1a 47 aa ad d9 f2 Sep 6 17:33:12 localhost pluto[12215]: | emitting 8 raw bytes of notify rcookie into ISAKMP Notification Payload Sep 6 17:33:12 localhost pluto[12215]: | notify rcookie 95 84 b9 da 2d bd d1 fb Sep 6 17:33:12 localhost pluto[12215]: | emitting 4 raw bytes of notify data into ISAKMP Notification Payload Sep 6 17:33:12 localhost pluto[12215]: | notify data 00 00 6c 28 Sep 6 17:33:12 localhost pluto[12215]: | emitting length of ISAKMP Notification Payload: 32 Sep 6 17:33:12 localhost pluto[12215]: | HASH computed: Sep 6 17:33:12 localhost pluto[12215]: | 27 e2 9e 80 e2 11 7f 12 2e 9b 9e 1e ea 25 8f 46 Sep 6 17:33:12 localhost pluto[12215]: | last Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:33:12 localhost pluto[12215]: | current Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:33:12 localhost pluto[12215]: | computed Phase 2 IV: Sep 6 17:33:12 localhost pluto[12215]: | 7e d0 08 fc b9 7e c7 db 25 37 5d 99 23 50 0f 4b Sep 6 17:33:12 localhost pluto[12215]: | encrypting: Sep 6 17:33:12 localhost pluto[12215]: | 0b 00 00 14 27 e2 9e 80 e2 11 7f 12 2e 9b 9e 1e Sep 6 17:33:12 localhost pluto[12215]: | ea 25 8f 46 00 00 00 20 00 00 00 01 01 10 8d 28 Sep 6 17:33:12 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:33:12 localhost pluto[12215]: | 00 00 6c 28 Sep 6 17:33:12 localhost pluto[12215]: | IV: Sep 6 17:33:12 localhost pluto[12215]: | 7e d0 08 fc b9 7e c7 db 25 37 5d 99 23 50 0f 4b Sep 6 17:33:12 localhost pluto[12215]: | emitting 4 zero bytes of encryption padding into ISAKMP Message Sep 6 17:33:12 localhost pluto[12215]: | encrypting using OAKLEY_3DES_CBC Sep 6 17:33:12 localhost pluto[12215]: | next IV: 29 60 aa f2 ae 5a b1 b4 Sep 6 17:33:12 localhost pluto[12215]: | emitting length of ISAKMP Message: 84 Sep 6 17:33:12 localhost pluto[12215]: | sending 84 bytes for ISAKMP notify through tun0:500 to 1.1.1.2:500: Sep 6 17:33:12 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:33:12 localhost pluto[12215]: | 08 10 05 01 24 40 1d 63 00 00 00 54 3a 80 d9 d2 Sep 6 17:33:12 localhost pluto[12215]: | 30 b7 76 de 4a e0 6f 84 bd 78 f3 91 2f 1b 85 67 Sep 6 17:33:12 localhost pluto[12215]: | de 82 02 f7 f6 1a 26 99 52 05 f3 34 0e cc b0 ca Sep 6 17:33:12 localhost pluto[12215]: | 96 73 c8 50 c3 ea 7f 65 bc f8 fc 88 29 60 aa f2 Sep 6 17:33:12 localhost pluto[12215]: | ae 5a b1 b4 Sep 6 17:33:12 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 6 seconds for #2 Sep 6 17:33:12 localhost pluto[12215]: | Sep 6 17:33:12 localhost pluto[12215]: | *received 84 bytes from 1.1.1.2:500 on tun0 (port=500) Sep 6 17:33:12 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:33:12 localhost pluto[12215]: | 08 10 05 01 ca ef e7 7d 00 00 00 54 20 15 1c 90 Sep 6 17:33:12 localhost pluto[12215]: | 55 b2 69 55 a4 6a da a6 53 2e e1 92 9e ed 27 56 Sep 6 17:33:12 localhost pluto[12215]: | 95 57 9e d1 73 75 ec ad a2 02 75 04 d5 c1 68 d0 Sep 6 17:33:12 localhost pluto[12215]: | 10 58 b9 fc ff d5 10 6d eb 9a 7c bc ea 3b 1a e2 Sep 6 17:33:12 localhost pluto[12215]: | 94 bd fa f8 Sep 6 17:33:12 localhost pluto[12215]: | **parse ISAKMP Message: Sep 6 17:33:12 localhost pluto[12215]: | initiator cookie: Sep 6 17:33:12 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:33:12 localhost pluto[12215]: | responder cookie: Sep 6 17:33:12 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:33:12 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_HASH Sep 6 17:33:12 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:33:12 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_INFO Sep 6 17:33:12 localhost pluto[12215]: | flags: ISAKMP_FLAG_ENCRYPTION Sep 6 17:33:12 localhost pluto[12215]: | message ID: ca ef e7 7d Sep 6 17:33:12 localhost pluto[12215]: | length: 84 Sep 6 17:33:12 localhost pluto[12215]: | processing packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 6 17:33:12 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:33:12 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:33:12 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:33:12 localhost pluto[12215]: | state hash entry 23 Sep 6 17:33:12 localhost pluto[12215]: | peer and cookies match on #2, provided msgid 00000000 vs a0c602b0/00000000 Sep 6 17:33:12 localhost pluto[12215]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000 Sep 6 17:33:12 localhost pluto[12215]: | p15 state object #1 found, in STATE_MAIN_I4 Sep 6 17:33:12 localhost pluto[12215]: | processing connection xxx Sep 6 17:33:12 localhost pluto[12215]: | last Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:33:12 localhost pluto[12215]: | current Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:33:12 localhost pluto[12215]: | computed Phase 2 IV: Sep 6 17:33:12 localhost pluto[12215]: | f6 56 2f d0 5b 98 3d 97 96 e1 e2 34 6c b9 c4 5e Sep 6 17:33:12 localhost pluto[12215]: | received encrypted packet from 1.1.1.2:500 Sep 6 17:33:12 localhost pluto[12215]: | decrypting 56 bytes using algorithm OAKLEY_3DES_CBC Sep 6 17:33:12 localhost pluto[12215]: | decrypted: Sep 6 17:33:12 localhost pluto[12215]: | 0b 00 00 14 8e 5f bd dc 29 87 63 53 8b ea cc 74 Sep 6 17:33:12 localhost pluto[12215]: | 6c 8e d4 60 00 00 00 20 00 00 00 01 01 10 8d 29 Sep 6 17:33:12 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:33:12 localhost pluto[12215]: | 00 00 6c 28 00 00 00 00 Sep 6 17:33:12 localhost pluto[12215]: | next IV: ea 3b 1a e2 94 bd fa f8 Sep 6 17:33:12 localhost pluto[12215]: | np=8 and sd=0x80deed8 Sep 6 17:33:12 localhost pluto[12215]: | ***parse ISAKMP Hash Payload: Sep 6 17:33:12 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_N Sep 6 17:33:12 localhost pluto[12215]: | length: 20 Sep 6 17:33:12 localhost pluto[12215]: | np=11 and sd=0x80dee20 Sep 6 17:33:12 localhost pluto[12215]: | ***parse ISAKMP Notification Payload: Sep 6 17:33:12 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:33:12 localhost pluto[12215]: | length: 32 Sep 6 17:33:12 localhost pluto[12215]: | DOI: ISAKMP_DOI_IPSEC Sep 6 17:33:12 localhost pluto[12215]: | protocol ID: 1 Sep 6 17:33:12 localhost pluto[12215]: | SPI size: 16 Sep 6 17:33:12 localhost pluto[12215]: | Notify Message Type: R_U_THERE_ACK Sep 6 17:33:12 localhost pluto[12215]: | removing 4 bytes of padding Sep 6 17:33:12 localhost pluto[12215]: | info: c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:33:12 localhost pluto[12215]: | 00 00 6c 28 Sep 6 17:33:12 localhost pluto[12215]: | processing informational R_U_THERE_ACK (36137) Sep 6 17:33:12 localhost pluto[12215]: | state: 1 requesting event EVENT_DPD_TIMEOUT to be deleted by dpd.c:511 Sep 6 17:33:12 localhost pluto[12215]: | complete state transition with STF_IGNORE Sep 6 17:33:12 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 6 seconds for #2 Sep 6 17:33:17 localhost pluto[12215]: | Sep 6 17:33:17 localhost pluto[12215]: | *received kernel message Sep 6 17:33:17 localhost pluto[12215]: | netlink_get: XFRM_MSG_EXPIRE message Sep 6 17:33:17 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 1 seconds for #2 Sep 6 17:33:18 localhost pluto[12215]: | Sep 6 17:33:18 localhost pluto[12215]: | *time to handle event Sep 6 17:33:18 localhost pluto[12215]: | handling event EVENT_RETRANSMIT Sep 6 17:33:18 localhost pluto[12215]: | event after this is EVENT_PENDING_PHASE2 in 60 seconds Sep 6 17:33:18 localhost pluto[12215]: | processing connection xxx Sep 6 17:33:18 localhost pluto[12215]: | handling event EVENT_RETRANSMIT for 1.1.1.2 "xxx" #2 Sep 6 17:33:18 localhost pluto[12215]: | sending 116 bytes for EVENT_RETRANSMIT through tun0:500 to 1.1.1.2:500: Sep 6 17:33:18 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:33:18 localhost pluto[12215]: | 08 10 20 01 a0 c6 02 b0 00 00 00 74 1e d3 9b 00 Sep 6 17:33:18 localhost pluto[12215]: | f0 21 78 89 63 f9 4c 05 24 78 67 8c 4b cf c8 83 Sep 6 17:33:18 localhost pluto[12215]: | c2 4b 72 03 eb b0 e2 a8 73 c7 a4 49 17 68 42 b6 Sep 6 17:33:18 localhost pluto[12215]: | 48 e9 e1 8d 68 7c c9 47 c5 b1 fc d3 b2 3e a7 7d Sep 6 17:33:18 localhost pluto[12215]: | bc ca db 0b 24 a6 d1 dd d7 94 27 a5 45 41 ef 23 Sep 6 17:33:18 localhost pluto[12215]: | 7a 1b 09 bf 09 8a bd 22 1a f0 09 a0 d3 12 43 4e Sep 6 17:33:18 localhost pluto[12215]: | 43 c8 4e 28 Sep 6 17:33:18 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #2 Sep 6 17:33:18 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 40 seconds for #2 Sep 6 17:33:19 localhost pluto[12215]: | Sep 6 17:33:19 localhost pluto[12215]: | *received kernel message Sep 6 17:33:19 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:33:19 localhost pluto[12215]: | add bare shunt 0x80fee88 1.1.1.1/32:0 -0-> 10.20.50.163/32:0 => %hold 0 %acquire-netlink Sep 6 17:33:19 localhost pluto[12215]: | initiate on demand from 1.1.1.1:0 to 10.20.50.163:0 proto=0 state: fos_start because: acquire Sep 6 17:33:19 localhost pluto[12215]: | find_connection: looking for policy for connection: 1.1.1.1:0/0 -> 10.20.50.163:0/0 Sep 6 17:33:19 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:19 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:19 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:33:19 localhost pluto[12215]: | creating new instance from "packetdefault" Sep 6 17:33:19 localhost pluto[12215]: | initiate on demand from 1.1.1.1 to 10.20.50.163 new state: fos_start with ugh: ok Sep 6 17:33:19 localhost pluto[12215]: | DNS query 25 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:33:19 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 39 seconds for #2 Sep 6 17:33:19 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 39 seconds for #2 Sep 6 17:33:19 localhost pluto[12215]: | Sep 6 17:33:19 localhost pluto[12215]: | *received adns message Sep 6 17:33:19 localhost pluto[12215]: | Sep 6 17:33:19 localhost pluto[12215]: | asynch DNS answer 25 no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:33:19 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 1.1.1.1 to 10.20.50.163: no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:33:19 localhost pluto[12215]: | initiate on demand from 1.1.1.1:0 to 10.20.50.163:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:33:19 localhost pluto[12215]: | find_connection: looking for policy for connection: 1.1.1.1:0/0 -> 10.20.50.163:0/0 Sep 6 17:33:19 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:19 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:19 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:33:19 localhost pluto[12215]: | creating new instance from "packetdefault" Sep 6 17:33:19 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:19 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:19 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:19 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:33:19 localhost pluto[12215]: | initiate on demand from 1.1.1.1 to 10.20.50.163 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:33:19 localhost pluto[12215]: | DNS query 26 for TXT for RRT102. (gw: @RRT102) Sep 6 17:33:19 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 39 seconds for #2 Sep 6 17:33:19 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 39 seconds for #2 Sep 6 17:33:19 localhost pluto[12215]: | Sep 6 17:33:19 localhost pluto[12215]: | *received adns message Sep 6 17:33:19 localhost pluto[12215]: | Sep 6 17:33:19 localhost pluto[12215]: | asynch DNS answer 26 no host RRT102. for TXT record Sep 6 17:33:19 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 1.1.1.1 to 10.20.50.163: no host RRT102. for TXT record Sep 6 17:33:19 localhost pluto[12215]: | initiate on demand from 1.1.1.1:0 to 10.20.50.163:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:33:19 localhost pluto[12215]: | find_connection: looking for policy for connection: 1.1.1.1:0/0 -> 10.20.50.163:0/0 Sep 6 17:33:19 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:19 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:19 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:33:19 localhost pluto[12215]: | creating new instance from "packetdefault" Sep 6 17:33:19 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:33:19 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:33:20 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:20 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:33:20 localhost pluto[12215]: | initiate on demand from 1.1.1.1 to 10.20.50.163 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:33:20 localhost pluto[12215]: | DNS query 27 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:33:20 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 39 seconds for #2 Sep 6 17:33:20 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 39 seconds for #2 Sep 6 17:33:20 localhost pluto[12215]: | Sep 6 17:33:20 localhost pluto[12215]: | *received adns message Sep 6 17:33:20 localhost pluto[12215]: | Sep 6 17:33:20 localhost pluto[12215]: | asynch DNS answer 27 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:33:20 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 1.1.1.1 to 10.20.50.163: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:33:20 localhost pluto[12215]: | initiate on demand from 1.1.1.1:0 to 10.20.50.163:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:33:20 localhost pluto[12215]: | find_connection: looking for policy for connection: 1.1.1.1:0/0 -> 10.20.50.163:0/0 Sep 6 17:33:20 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:20 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:20 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:33:20 localhost pluto[12215]: | creating new instance from "packetdefault" Sep 6 17:33:20 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:20 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:20 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:20 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:33:20 localhost pluto[12215]: | initiate on demand from 1.1.1.1 to 10.20.50.163 new state: fos_myid_ip_key with ugh: ok Sep 6 17:33:20 localhost pluto[12215]: | DNS query 28 for KEY for RRT102. (gw: (none)) Sep 6 17:33:20 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 38 seconds for #2 Sep 6 17:33:20 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 38 seconds for #2 Sep 6 17:33:20 localhost pluto[12215]: | Sep 6 17:33:20 localhost pluto[12215]: | *received adns message Sep 6 17:33:20 localhost pluto[12215]: | Sep 6 17:33:20 localhost pluto[12215]: | asynch DNS answer 28 no host RRT102. for KEY record Sep 6 17:33:20 localhost pluto[12215]: | find_connection: looking for policy for connection: 1.1.1.1:0/0 -> 10.20.50.163:0/0 Sep 6 17:33:20 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:20 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:20 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:33:20 localhost pluto[12215]: Can not opportunistically initiate for 1.1.1.1 to 10.20.50.163: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:33:20 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 1.1.1.1/32:0 --0-> 10.20.50.163/32:0 => %pass (raw_eroute) Sep 6 17:33:20 localhost pluto[12215]: | change bare shunt 0x80fee88 1.1.1.1/32:0 -0-> 10.20.50.163/32:0 => %pass 0,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:33:20 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 38 seconds for #2 Sep 6 17:33:36 localhost pluto[12215]: | Sep 6 17:33:36 localhost pluto[12215]: | *received kernel message Sep 6 17:33:36 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:33:36 localhost pluto[12215]: | add bare shunt 0x80ff910 10.20.50.88/32:0 -0-> 193.110.157.129/32:0 => %hold 0 %acquire-netlink Sep 6 17:33:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 193.110.157.129:0 proto=0 state: fos_start because: acquire Sep 6 17:33:36 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 193.110.157.129:0/0 Sep 6 17:33:36 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:33:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:33:36 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:36 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:33:36 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:33:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 193.110.157.129 new state: fos_start with ugh: ok Sep 6 17:33:36 localhost pluto[12215]: | DNS query 29 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:33:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 22 seconds for #2 Sep 6 17:33:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 22 seconds for #2 Sep 6 17:33:36 localhost pluto[12215]: | Sep 6 17:33:36 localhost pluto[12215]: | *received adns message Sep 6 17:33:36 localhost pluto[12215]: | Sep 6 17:33:36 localhost pluto[12215]: | asynch DNS answer 29 no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:33:36 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 193.110.157.129: no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:33:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 193.110.157.129:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:33:36 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 193.110.157.129:0/0 Sep 6 17:33:36 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:33:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:33:36 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:36 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:33:36 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:33:36 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:36 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:36 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:36 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:33:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 193.110.157.129 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:33:36 localhost pluto[12215]: | DNS query 30 for TXT for RRT102. (gw: @RRT102) Sep 6 17:33:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 22 seconds for #2 Sep 6 17:33:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 22 seconds for #2 Sep 6 17:33:36 localhost pluto[12215]: | Sep 6 17:33:36 localhost pluto[12215]: | *received adns message Sep 6 17:33:36 localhost pluto[12215]: | Sep 6 17:33:36 localhost pluto[12215]: | asynch DNS answer 30 no host RRT102. for TXT record Sep 6 17:33:36 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 193.110.157.129: no host RRT102. for TXT record Sep 6 17:33:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 193.110.157.129:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:33:36 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 193.110.157.129:0/0 Sep 6 17:33:36 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:33:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:33:36 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:36 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:33:36 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:33:36 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:33:36 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:33:36 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:36 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:33:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 193.110.157.129 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:33:36 localhost pluto[12215]: | DNS query 31 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:33:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 22 seconds for #2 Sep 6 17:33:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 22 seconds for #2 Sep 6 17:33:36 localhost pluto[12215]: | Sep 6 17:33:36 localhost pluto[12215]: | *received adns message Sep 6 17:33:36 localhost pluto[12215]: | Sep 6 17:33:36 localhost pluto[12215]: | asynch DNS answer 31 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:33:36 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 193.110.157.129: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:33:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 193.110.157.129:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:33:36 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 193.110.157.129:0/0 Sep 6 17:33:36 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:33:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:33:36 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:36 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:33:36 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:33:36 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:36 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:36 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:36 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:33:36 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 193.110.157.129 new state: fos_myid_ip_key with ugh: ok Sep 6 17:33:36 localhost pluto[12215]: | DNS query 32 for KEY for RRT102. (gw: (none)) Sep 6 17:33:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 22 seconds for #2 Sep 6 17:33:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 22 seconds for #2 Sep 6 17:33:36 localhost pluto[12215]: | Sep 6 17:33:36 localhost pluto[12215]: | *received adns message Sep 6 17:33:36 localhost pluto[12215]: | Sep 6 17:33:36 localhost pluto[12215]: | asynch DNS answer 32 no host RRT102. for KEY record Sep 6 17:33:36 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 193.110.157.129:0/0 Sep 6 17:33:36 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:33:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:33:36 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:36 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:36 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:33:36 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 193.110.157.129: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:33:36 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 10.20.50.88/32:0 --0-> 193.110.157.129/32:0 => %pass (raw_eroute) Sep 6 17:33:36 localhost pluto[12215]: | change bare shunt 0x80ff910 10.20.50.88/32:0 -0-> 193.110.157.129/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:33:36 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 22 seconds for #2 Sep 6 17:33:49 localhost pluto[12215]: | Sep 6 17:33:49 localhost pluto[12215]: | *received kernel message Sep 6 17:33:49 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:33:49 localhost pluto[12215]: | add bare shunt 0x81010c0 10.20.50.88/32:0 -0-> 10.20.255.255/32:0 => %hold 0 %acquire-netlink Sep 6 17:33:49 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.255.255:0 proto=0 state: fos_start because: acquire Sep 6 17:33:49 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.255.255:0/0 Sep 6 17:33:49 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:33:49 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:33:49 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:49 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:49 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:33:49 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:33:49 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.255.255 new state: fos_start with ugh: ok Sep 6 17:33:49 localhost pluto[12215]: | DNS query 33 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:33:49 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #2 Sep 6 17:33:49 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #2 Sep 6 17:33:49 localhost pluto[12215]: | Sep 6 17:33:49 localhost pluto[12215]: | *received adns message Sep 6 17:33:49 localhost pluto[12215]: | Sep 6 17:33:49 localhost pluto[12215]: | asynch DNS answer 33 no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:33:49 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 10.20.255.255: no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:33:49 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.255.255:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:33:49 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.255.255:0/0 Sep 6 17:33:49 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:33:49 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:33:49 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:49 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:49 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:33:49 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:33:49 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:49 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:49 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:49 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:33:49 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.255.255 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:33:49 localhost pluto[12215]: | DNS query 34 for TXT for RRT102. (gw: @RRT102) Sep 6 17:33:49 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #2 Sep 6 17:33:49 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #2 Sep 6 17:33:49 localhost pluto[12215]: | Sep 6 17:33:49 localhost pluto[12215]: | *received adns message Sep 6 17:33:49 localhost pluto[12215]: | Sep 6 17:33:49 localhost pluto[12215]: | asynch DNS answer 34 no host RRT102. for TXT record Sep 6 17:33:49 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 10.20.255.255: no host RRT102. for TXT record Sep 6 17:33:49 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.255.255:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:33:49 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.255.255:0/0 Sep 6 17:33:49 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:33:50 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:33:50 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:50 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:50 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:33:50 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:33:50 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:33:50 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:33:50 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:50 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:33:50 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.255.255 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:33:50 localhost pluto[12215]: | DNS query 35 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:33:50 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #2 Sep 6 17:33:50 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 8 seconds for #2 Sep 6 17:33:50 localhost pluto[12215]: | Sep 6 17:33:50 localhost pluto[12215]: | *received adns message Sep 6 17:33:50 localhost pluto[12215]: | Sep 6 17:33:50 localhost pluto[12215]: | asynch DNS answer 35 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:33:50 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 10.20.255.255: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:33:50 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 10.20.255.255:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:33:50 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.255.255:0/0 Sep 6 17:33:50 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:33:50 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:33:50 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:50 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:50 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:33:50 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:33:50 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:50 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:50 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:50 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:33:50 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 10.20.255.255 new state: fos_myid_ip_key with ugh: ok Sep 6 17:33:50 localhost pluto[12215]: | DNS query 36 for KEY for RRT102. (gw: (none)) Sep 6 17:33:50 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 8 seconds for #2 Sep 6 17:33:50 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 8 seconds for #2 Sep 6 17:33:50 localhost pluto[12215]: | Sep 6 17:33:50 localhost pluto[12215]: | *received adns message Sep 6 17:33:50 localhost pluto[12215]: | Sep 6 17:33:50 localhost pluto[12215]: | asynch DNS answer 36 no host RRT102. for KEY record Sep 6 17:33:50 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 10.20.255.255:0/0 Sep 6 17:33:50 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:33:50 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:33:50 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:50 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:50 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:33:50 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 10.20.255.255: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:33:50 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 10.20.50.88/32:0 --0-> 10.20.255.255/32:0 => %pass (raw_eroute) Sep 6 17:33:50 localhost pluto[12215]: | change bare shunt 0x81010c0 10.20.50.88/32:0 -0-> 10.20.255.255/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:33:50 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 8 seconds for #2 Sep 6 17:33:51 localhost pluto[12215]: | Sep 6 17:33:51 localhost pluto[12215]: | *received kernel message Sep 6 17:33:51 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:33:51 localhost pluto[12215]: | add bare shunt 0x8101198 1.1.1.1/32:0 -0-> 1.255.255.255/32:0 => %hold 0 %acquire-netlink Sep 6 17:33:51 localhost pluto[12215]: | initiate on demand from 1.1.1.1:0 to 1.255.255.255:0 proto=0 state: fos_start because: acquire Sep 6 17:33:51 localhost pluto[12215]: | find_connection: looking for policy for connection: 1.1.1.1:0/0 -> 1.255.255.255:0/0 Sep 6 17:33:51 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:51 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:51 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:33:51 localhost pluto[12215]: | creating new instance from "packetdefault" Sep 6 17:33:51 localhost pluto[12215]: | initiate on demand from 1.1.1.1 to 1.255.255.255 new state: fos_start with ugh: ok Sep 6 17:33:51 localhost pluto[12215]: | DNS query 37 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:33:51 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #2 Sep 6 17:33:51 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #2 Sep 6 17:33:51 localhost pluto[12215]: | Sep 6 17:33:51 localhost pluto[12215]: | *received adns message Sep 6 17:33:51 localhost pluto[12215]: | Sep 6 17:33:51 localhost pluto[12215]: | asynch DNS answer 37 no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:33:51 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 1.1.1.1 to 1.255.255.255: no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:33:51 localhost pluto[12215]: | initiate on demand from 1.1.1.1:0 to 1.255.255.255:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:33:51 localhost pluto[12215]: | find_connection: looking for policy for connection: 1.1.1.1:0/0 -> 1.255.255.255:0/0 Sep 6 17:33:51 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:51 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:51 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:33:52 localhost pluto[12215]: | creating new instance from "packetdefault" Sep 6 17:33:52 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:52 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:52 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:52 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:33:52 localhost pluto[12215]: | initiate on demand from 1.1.1.1 to 1.255.255.255 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:33:52 localhost pluto[12215]: | DNS query 38 for TXT for RRT102. (gw: @RRT102) Sep 6 17:33:52 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #2 Sep 6 17:33:52 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #2 Sep 6 17:33:52 localhost pluto[12215]: | Sep 6 17:33:52 localhost pluto[12215]: | *received adns message Sep 6 17:33:52 localhost pluto[12215]: | Sep 6 17:33:52 localhost pluto[12215]: | asynch DNS answer 38 no host RRT102. for TXT record Sep 6 17:33:52 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 1.1.1.1 to 1.255.255.255: no host RRT102. for TXT record Sep 6 17:33:52 localhost pluto[12215]: | initiate on demand from 1.1.1.1:0 to 1.255.255.255:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:33:52 localhost pluto[12215]: | find_connection: looking for policy for connection: 1.1.1.1:0/0 -> 1.255.255.255:0/0 Sep 6 17:33:52 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:52 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:52 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:33:52 localhost pluto[12215]: | creating new instance from "packetdefault" Sep 6 17:33:52 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:33:52 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:33:52 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:52 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:33:52 localhost pluto[12215]: | initiate on demand from 1.1.1.1 to 1.255.255.255 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:33:52 localhost pluto[12215]: | DNS query 39 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:33:52 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 6 seconds for #2 Sep 6 17:33:52 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 6 seconds for #2 Sep 6 17:33:52 localhost pluto[12215]: | Sep 6 17:33:52 localhost pluto[12215]: | *received adns message Sep 6 17:33:52 localhost pluto[12215]: | Sep 6 17:33:52 localhost pluto[12215]: | asynch DNS answer 39 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:33:52 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 1.1.1.1 to 1.255.255.255: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:33:52 localhost pluto[12215]: | initiate on demand from 1.1.1.1:0 to 1.255.255.255:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:33:52 localhost pluto[12215]: | find_connection: looking for policy for connection: 1.1.1.1:0/0 -> 1.255.255.255:0/0 Sep 6 17:33:52 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:52 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:52 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:33:52 localhost pluto[12215]: | creating new instance from "packetdefault" Sep 6 17:33:52 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:52 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:33:52 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:33:52 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:33:52 localhost pluto[12215]: | initiate on demand from 1.1.1.1 to 1.255.255.255 new state: fos_myid_ip_key with ugh: ok Sep 6 17:33:52 localhost pluto[12215]: | DNS query 40 for KEY for RRT102. (gw: (none)) Sep 6 17:33:52 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 6 seconds for #2 Sep 6 17:33:52 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 6 seconds for #2 Sep 6 17:33:52 localhost pluto[12215]: | Sep 6 17:33:52 localhost pluto[12215]: | *received adns message Sep 6 17:33:52 localhost pluto[12215]: | Sep 6 17:33:52 localhost pluto[12215]: | asynch DNS answer 40 no host RRT102. for KEY record Sep 6 17:33:52 localhost pluto[12215]: | find_connection: looking for policy for connection: 1.1.1.1:0/0 -> 1.255.255.255:0/0 Sep 6 17:33:52 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:33:52 localhost pluto[12215]: | find_connection: comparing best "packetdefault" [pri:13]{0x80f9088} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:33:52 localhost pluto[12215]: | find_connection: concluding with "packetdefault" [pri:13]{0x80f9088} kind=CK_TEMPLATE Sep 6 17:33:52 localhost pluto[12215]: Can not opportunistically initiate for 1.1.1.1 to 1.255.255.255: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:33:52 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 1.1.1.1/32:0 --0-> 1.255.255.255/32:0 => %pass (raw_eroute) Sep 6 17:33:52 localhost pluto[12215]: | change bare shunt 0x8101198 1.1.1.1/32:0 -0-> 1.255.255.255/32:0 => %pass 0,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:33:52 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 6 seconds for #2 Sep 6 17:33:58 localhost pluto[12215]: | Sep 6 17:33:58 localhost pluto[12215]: | *time to handle event Sep 6 17:33:58 localhost pluto[12215]: | handling event EVENT_RETRANSMIT Sep 6 17:33:58 localhost pluto[12215]: | event after this is EVENT_PENDING_PHASE2 in 20 seconds Sep 6 17:33:58 localhost pluto[12215]: | processing connection xxx Sep 6 17:33:58 localhost pluto[12215]: | handling event EVENT_RETRANSMIT for 1.1.1.2 "xxx" #2 Sep 6 17:33:58 localhost pluto[12215]: "xxx" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal Sep 6 17:33:58 localhost pluto[12215]: "xxx" #2: starting keying attempt 2 of an unlimited number Sep 6 17:33:58 localhost pluto[12215]: | duplicating state object #1 Sep 6 17:33:58 localhost pluto[12215]: | creating state object #3 at 0x8101270 Sep 6 17:33:58 localhost pluto[12215]: | processing connection xxx Sep 6 17:33:58 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:33:58 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:33:58 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:33:58 localhost pluto[12215]: | state hash entry 23 Sep 6 17:33:58 localhost pluto[12215]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #3 Sep 6 17:33:58 localhost pluto[12215]: "xxx" #3: initiating Quick Mode PSK+ENCRYPT+UP to replace #2 {using isakmp#1} Sep 6 17:33:58 localhost pluto[12215]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1 Sep 6 17:33:58 localhost pluto[12215]: | asking helper 0 to do build_nonce op on seq: 3 Sep 6 17:33:58 localhost pluto[12215]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #3 Sep 6 17:33:58 localhost pluto[12216]: ! helper 0 doing build_nonce op id: 3 Sep 6 17:33:58 localhost pluto[12215]: | deleting state #2 Sep 6 17:33:58 localhost pluto[12216]: ! Generated nonce: Sep 6 17:33:58 localhost pluto[12215]: | processing connection xxx Sep 6 17:33:58 localhost pluto[12216]: ! 1b 77 a8 3d a8 e6 92 25 34 3e dc c5 41 df f2 10 Sep 6 17:33:58 localhost pluto[12215]: | no suspended cryptographic state for 2 Sep 6 17:33:58 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 20 seconds Sep 6 17:33:58 localhost pluto[12215]: | helper 0 has work (cnt now 0) Sep 6 17:33:58 localhost pluto[12215]: | helper 0 replies to sequence 3 Sep 6 17:33:58 localhost pluto[12215]: | calling callback function 0x806907e Sep 6 17:33:58 localhost pluto[12215]: | quick outI1: calculated ke+nonce, sending I1 Sep 6 17:33:58 localhost pluto[12215]: | processing connection xxx Sep 6 17:33:58 localhost pluto[12215]: | **emit ISAKMP Message: Sep 6 17:33:58 localhost pluto[12215]: | initiator cookie: Sep 6 17:33:58 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:33:58 localhost pluto[12215]: | responder cookie: Sep 6 17:33:58 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:33:58 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_HASH Sep 6 17:33:58 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:33:58 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_QUICK Sep 6 17:33:58 localhost pluto[12215]: | flags: ISAKMP_FLAG_ENCRYPTION Sep 6 17:33:58 localhost pluto[12215]: | message ID: 8d d3 3e 5d Sep 6 17:33:58 localhost pluto[12215]: | ***emit ISAKMP Hash Payload: Sep 6 17:33:58 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_SA Sep 6 17:33:58 localhost pluto[12215]: | emitting 16 zero bytes of HASH into ISAKMP Hash Payload Sep 6 17:33:58 localhost pluto[12215]: | emitting length of ISAKMP Hash Payload: 20 Sep 6 17:33:58 localhost pluto[12215]: | kernel_alg_db_new() initial trans_cnt=28 Sep 6 17:33:58 localhost pluto[12215]: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 Sep 6 17:33:58 localhost pluto[12215]: | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1 Sep 6 17:33:58 localhost pluto[12215]: | returning new proposal from esp_info Sep 6 17:33:58 localhost pluto[12215]: | ***emit ISAKMP Security Association Payload: Sep 6 17:33:58 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONCE Sep 6 17:33:58 localhost pluto[12215]: | DOI: ISAKMP_DOI_IPSEC Sep 6 17:33:58 localhost pluto[12215]: | ****emit IPsec DOI SIT: Sep 6 17:33:59 localhost pluto[12215]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Sep 6 17:33:59 localhost pluto[12215]: | out_sa pcn: 0 has 1 valid proposals Sep 6 17:33:59 localhost pluto[12215]: | out_sa pcn: 0 pn: 0<1 valid_count: 1 Sep 6 17:33:59 localhost pluto[12215]: | ****emit ISAKMP Proposal Payload: Sep 6 17:33:59 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:33:59 localhost pluto[12215]: | proposal number: 0 Sep 6 17:33:59 localhost pluto[12215]: | protocol ID: PROTO_IPSEC_ESP Sep 6 17:33:59 localhost pluto[12215]: | SPI size: 4 Sep 6 17:33:59 localhost pluto[12215]: | number of transforms: 1 Sep 6 17:33:59 localhost pluto[12215]: | netlink_get_spi: allocated 0x9e6cea6d for esp.0@1.1.1.1 Sep 6 17:33:59 localhost pluto[12215]: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 6 17:33:59 localhost pluto[12215]: | SPI 9e 6c ea 6d Sep 6 17:33:59 localhost pluto[12215]: | *****emit ISAKMP Transform Payload (ESP): Sep 6 17:33:59 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:33:59 localhost pluto[12215]: | transform number: 0 Sep 6 17:33:59 localhost pluto[12215]: | transform ID: ESP_3DES Sep 6 17:33:59 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:33:59 localhost pluto[12215]: | af+type: ENCAPSULATION_MODE Sep 6 17:33:59 localhost pluto[12215]: | length/value: 2 Sep 6 17:33:59 localhost pluto[12215]: | [2 is ENCAPSULATION_MODE_TRANSPORT] Sep 6 17:33:59 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:33:59 localhost pluto[12215]: | af+type: SA_LIFE_TYPE Sep 6 17:33:59 localhost pluto[12215]: | length/value: 1 Sep 6 17:33:59 localhost pluto[12215]: | [1 is SA_LIFE_TYPE_SECONDS] Sep 6 17:33:59 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:33:59 localhost pluto[12215]: | af+type: SA_LIFE_DURATION Sep 6 17:33:59 localhost pluto[12215]: | length/value: 28800 Sep 6 17:33:59 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:33:59 localhost pluto[12215]: | af+type: AUTH_ALGORITHM Sep 6 17:33:59 localhost pluto[12215]: | length/value: 1 Sep 6 17:33:59 localhost pluto[12215]: | [1 is AUTH_ALGORITHM_HMAC_MD5] Sep 6 17:33:59 localhost pluto[12215]: | emitting length of ISAKMP Transform Payload (ESP): 24 Sep 6 17:33:59 localhost pluto[12215]: | emitting length of ISAKMP Proposal Payload: 36 Sep 6 17:33:59 localhost pluto[12215]: | emitting length of ISAKMP Security Association Payload: 48 Sep 6 17:33:59 localhost pluto[12215]: | ***emit ISAKMP Nonce Payload: Sep 6 17:33:59 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:33:59 localhost pluto[12215]: | emitting 16 raw bytes of Ni into ISAKMP Nonce Payload Sep 6 17:33:59 localhost pluto[12215]: | Ni 1b 77 a8 3d a8 e6 92 25 34 3e dc c5 41 df f2 10 Sep 6 17:33:59 localhost pluto[12215]: | emitting length of ISAKMP Nonce Payload: 20 Sep 6 17:33:59 localhost pluto[12215]: | HASH(1) computed: Sep 6 17:33:59 localhost pluto[12215]: | 01 a6 73 4b 12 f8 32 a0 ae dd 62 70 bb 0b e6 a3 Sep 6 17:33:59 localhost pluto[12215]: | last Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:33:59 localhost pluto[12215]: | current Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:33:59 localhost pluto[12215]: | computed Phase 2 IV: Sep 6 17:33:59 localhost pluto[12215]: | 70 1b 69 ae d6 72 8f 87 e9 4e b9 1d dc 58 57 ad Sep 6 17:33:59 localhost pluto[12215]: | encrypting: Sep 6 17:33:59 localhost pluto[12215]: | 01 00 00 14 01 a6 73 4b 12 f8 32 a0 ae dd 62 70 Sep 6 17:33:59 localhost pluto[12215]: | bb 0b e6 a3 0a 00 00 30 00 00 00 01 00 00 00 01 Sep 6 17:33:59 localhost pluto[12215]: | 00 00 00 24 00 03 04 01 9e 6c ea 6d 00 00 00 18 Sep 6 17:33:59 localhost pluto[12215]: | 00 03 00 00 80 04 00 02 80 01 00 01 80 02 70 80 Sep 6 17:33:59 localhost pluto[12215]: | 80 05 00 01 00 00 00 14 1b 77 a8 3d a8 e6 92 25 Sep 6 17:33:59 localhost pluto[12215]: | 34 3e dc c5 41 df f2 10 Sep 6 17:33:59 localhost pluto[12215]: | IV: Sep 6 17:33:59 localhost pluto[12215]: | 70 1b 69 ae d6 72 8f 87 e9 4e b9 1d dc 58 57 ad Sep 6 17:33:59 localhost pluto[12215]: | encrypting using OAKLEY_3DES_CBC Sep 6 17:33:59 localhost pluto[12215]: | next IV: f9 46 d9 c0 1c 1a 06 a9 Sep 6 17:33:59 localhost pluto[12215]: | emitting length of ISAKMP Message: 116 Sep 6 17:33:59 localhost pluto[12215]: | sending 116 bytes for quick_outI1 through tun0:500 to 1.1.1.2:500: Sep 6 17:33:59 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:33:59 localhost pluto[12215]: | 08 10 20 01 8d d3 3e 5d 00 00 00 74 73 79 23 5a Sep 6 17:33:59 localhost pluto[12215]: | 98 c8 a0 27 48 df e0 d3 a0 8f a5 9d e6 aa 01 1f Sep 6 17:33:59 localhost pluto[12215]: | 94 8c 41 8a e5 89 89 15 56 4e 29 55 85 4b 27 a8 Sep 6 17:33:59 localhost pluto[12215]: | 1a 61 7c b0 81 ab b8 da e0 98 b5 a3 50 84 19 3f Sep 6 17:33:59 localhost pluto[12215]: | d5 6a 76 66 41 c5 2a c8 bd 18 29 36 b8 9e 26 71 Sep 6 17:33:59 localhost pluto[12215]: | ed 22 22 77 e8 e1 ba bb 34 44 db a4 f9 46 d9 c0 Sep 6 17:33:59 localhost pluto[12215]: | 1c 1a 06 a9 Sep 6 17:33:59 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #3 Sep 6 17:33:59 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 10 seconds for #3 Sep 6 17:33:59 localhost pluto[12215]: | Sep 6 17:33:59 localhost pluto[12215]: | *received 116 bytes from 1.1.1.2:500 on tun0 (port=500) Sep 6 17:33:59 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:33:59 localhost pluto[12215]: | 08 10 05 01 b5 03 b4 42 00 00 00 74 ee 04 6c e4 Sep 6 17:33:59 localhost pluto[12215]: | a6 e0 b7 e5 28 4b 21 eb 7b eb c1 25 8e ea f3 5d Sep 6 17:33:59 localhost pluto[12215]: | 23 d6 b1 29 80 80 4a bd ad 16 a9 d5 2b c5 d1 c3 Sep 6 17:33:59 localhost pluto[12215]: | 95 3e bb 3f 71 68 a9 49 09 b3 a5 ed bb 0a 59 c4 Sep 6 17:33:59 localhost pluto[12215]: | 2b e5 b8 62 7b 22 ff b1 bc e1 e4 31 fc 0f 6c f3 Sep 6 17:33:59 localhost pluto[12215]: | 03 fe 03 ef e5 9f d7 04 83 ab 7e ae 82 78 91 2a Sep 6 17:33:59 localhost pluto[12215]: | db 90 d6 97 Sep 6 17:33:59 localhost pluto[12215]: | **parse ISAKMP Message: Sep 6 17:33:59 localhost pluto[12215]: | initiator cookie: Sep 6 17:33:59 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:33:59 localhost pluto[12215]: | responder cookie: Sep 6 17:33:59 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:33:59 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_HASH Sep 6 17:33:59 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:33:59 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_INFO Sep 6 17:33:59 localhost pluto[12215]: | flags: ISAKMP_FLAG_ENCRYPTION Sep 6 17:33:59 localhost pluto[12215]: | message ID: b5 03 b4 42 Sep 6 17:33:59 localhost pluto[12215]: | length: 116 Sep 6 17:33:59 localhost pluto[12215]: | processing packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 6 17:33:59 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:33:59 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:33:59 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:33:59 localhost pluto[12215]: | state hash entry 23 Sep 6 17:33:59 localhost pluto[12215]: | peer and cookies match on #3, provided msgid 00000000 vs 8dd33e5d/00000000 Sep 6 17:33:59 localhost pluto[12215]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000 Sep 6 17:33:59 localhost pluto[12215]: | p15 state object #1 found, in STATE_MAIN_I4 Sep 6 17:33:59 localhost pluto[12215]: | processing connection xxx Sep 6 17:33:59 localhost pluto[12215]: | last Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:33:59 localhost pluto[12215]: | current Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:34:00 localhost pluto[12215]: | computed Phase 2 IV: Sep 6 17:34:00 localhost pluto[12215]: | 4c 9c bb 0b 15 96 89 fe a7 eb 3c 7d 41 28 a4 51 Sep 6 17:34:00 localhost pluto[12215]: | received encrypted packet from 1.1.1.2:500 Sep 6 17:34:00 localhost pluto[12215]: | decrypting 88 bytes using algorithm OAKLEY_3DES_CBC Sep 6 17:34:00 localhost pluto[12215]: | decrypted: Sep 6 17:34:00 localhost pluto[12215]: | 0b 00 00 14 cd 97 0a d8 b8 6f ff 47 e0 c6 10 26 Sep 6 17:34:00 localhost pluto[12215]: | 30 3b 09 41 00 00 00 40 00 00 00 01 03 04 00 0e Sep 6 17:34:00 localhost pluto[12215]: | 9e 6c ea 6d 0a 00 00 30 00 00 00 01 00 00 00 01 Sep 6 17:34:00 localhost pluto[12215]: | 81 40 e7 64 01 00 00 14 00 00 00 00 81 cd be e0 Sep 6 17:34:00 localhost pluto[12215]: | 83 18 91 c4 83 0e e3 80 81 40 ea cc 01 0e e3 f4 Sep 6 17:34:00 localhost pluto[12215]: | 8d d3 3e 5d 00 00 00 00 Sep 6 17:34:00 localhost pluto[12215]: | next IV: 82 78 91 2a db 90 d6 97 Sep 6 17:34:00 localhost pluto[12215]: | np=8 and sd=0x80deed8 Sep 6 17:34:00 localhost pluto[12215]: | ***parse ISAKMP Hash Payload: Sep 6 17:34:00 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_N Sep 6 17:34:00 localhost pluto[12215]: | length: 20 Sep 6 17:34:00 localhost pluto[12215]: | np=11 and sd=0x80dee20 Sep 6 17:34:00 localhost pluto[12215]: | ***parse ISAKMP Notification Payload: Sep 6 17:34:00 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:34:00 localhost pluto[12215]: | length: 64 Sep 6 17:34:00 localhost pluto[12215]: | DOI: ISAKMP_DOI_IPSEC Sep 6 17:34:00 localhost pluto[12215]: | protocol ID: 3 Sep 6 17:34:00 localhost pluto[12215]: | SPI size: 4 Sep 6 17:34:00 localhost pluto[12215]: | Notify Message Type: NO_PROPOSAL_CHOSEN Sep 6 17:34:00 localhost pluto[12215]: | removing 4 bytes of padding Sep 6 17:34:00 localhost pluto[12215]: "xxx" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN Sep 6 17:34:00 localhost pluto[12215]: | info: 9e 6c ea 6d 0a 00 00 30 00 00 00 01 00 00 00 01 Sep 6 17:34:00 localhost pluto[12215]: | 81 40 e7 64 01 00 00 14 00 00 00 00 81 cd be e0 Sep 6 17:34:00 localhost pluto[12215]: | 83 18 91 c4 83 0e e3 80 81 40 ea cc 01 0e e3 f4 Sep 6 17:34:00 localhost pluto[12215]: | 8d d3 3e 5d Sep 6 17:34:00 localhost pluto[12215]: | processing informational NO_PROPOSAL_CHOSEN (14) Sep 6 17:34:00 localhost pluto[12215]: "xxx" #1: received and ignored informational message Sep 6 17:34:00 localhost pluto[12215]: | complete state transition with STF_IGNORE Sep 6 17:34:00 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #3 Sep 6 17:34:09 localhost pluto[12215]: | Sep 6 17:34:09 localhost pluto[12215]: | *time to handle event Sep 6 17:34:09 localhost pluto[12215]: | handling event EVENT_RETRANSMIT Sep 6 17:34:09 localhost pluto[12215]: | event after this is EVENT_PENDING_PHASE2 in 9 seconds Sep 6 17:34:09 localhost pluto[12215]: | processing connection xxx Sep 6 17:34:09 localhost pluto[12215]: | handling event EVENT_RETRANSMIT for 1.1.1.2 "xxx" #3 Sep 6 17:34:09 localhost pluto[12215]: | sending 116 bytes for EVENT_RETRANSMIT through tun0:500 to 1.1.1.2:500: Sep 6 17:34:09 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:34:09 localhost pluto[12215]: | 08 10 20 01 8d d3 3e 5d 00 00 00 74 73 79 23 5a Sep 6 17:34:09 localhost pluto[12215]: | 98 c8 a0 27 48 df e0 d3 a0 8f a5 9d e6 aa 01 1f Sep 6 17:34:09 localhost pluto[12215]: | 94 8c 41 8a e5 89 89 15 56 4e 29 55 85 4b 27 a8 Sep 6 17:34:09 localhost pluto[12215]: | 1a 61 7c b0 81 ab b8 da e0 98 b5 a3 50 84 19 3f Sep 6 17:34:09 localhost pluto[12215]: | d5 6a 76 66 41 c5 2a c8 bd 18 29 36 b8 9e 26 71 Sep 6 17:34:09 localhost pluto[12215]: | ed 22 22 77 e8 e1 ba bb 34 44 db a4 f9 46 d9 c0 Sep 6 17:34:09 localhost pluto[12215]: | 1c 1a 06 a9 Sep 6 17:34:09 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #3 Sep 6 17:34:09 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 9 seconds Sep 6 17:34:18 localhost pluto[12215]: | Sep 6 17:34:18 localhost pluto[12215]: | *time to handle event Sep 6 17:34:18 localhost pluto[12215]: | handling event EVENT_PENDING_PHASE2 Sep 6 17:34:18 localhost pluto[12215]: | event after this is EVENT_RETRANSMIT in 11 seconds Sep 6 17:34:18 localhost pluto[12215]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "xxx" checked Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "private" was not up, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "private-or-clear#0.0.0.0/0" was not up, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "private-or-clear" was not up, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#202.12.27.33/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#198.41.0.4/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#198.32.64.12/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#193.0.14.129/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#192.228.79.201/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#192.203.230.10/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#192.112.36.4/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#192.58.128.30/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#192.36.148.17/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#192.33.4.12/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#192.5.5.241/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#128.63.2.53/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear#128.8.10.90/32" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "clear-or-private" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "block" has no negotiated policy, skipped Sep 6 17:34:18 localhost pluto[12215]: | pending review: connection "packetdefault" was not up, skipped Sep 6 17:34:18 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 11 seconds for #3 Sep 6 17:34:28 localhost pluto[12215]: | Sep 6 17:34:28 localhost pluto[12215]: | *received kernel message Sep 6 17:34:28 localhost pluto[12215]: | netlink_get: XFRM_MSG_EXPIRE message Sep 6 17:34:29 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 1 seconds for #3 Sep 6 17:34:29 localhost pluto[12215]: | Sep 6 17:34:29 localhost pluto[12215]: | *received kernel message Sep 6 17:34:29 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:34:29 localhost pluto[12215]: | add bare shunt 0x80feae8 10.20.50.88/32:0 -0-> 209.85.201.189/32:0 => %hold 0 %acquire-netlink Sep 6 17:34:29 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.85.201.189:0 proto=0 state: fos_start because: acquire Sep 6 17:34:29 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.85.201.189:0/0 Sep 6 17:34:29 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:34:29 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:34:29 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:34:29 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:34:29 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:34:29 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:34:29 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.85.201.189 new state: fos_start with ugh: ok Sep 6 17:34:29 localhost pluto[12215]: | DNS query 41 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:34:29 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 0 seconds for #3 Sep 6 17:34:29 localhost pluto[12215]: | Sep 6 17:34:29 localhost pluto[12215]: | *time to handle event Sep 6 17:34:29 localhost pluto[12215]: | handling event EVENT_RETRANSMIT Sep 6 17:34:29 localhost pluto[12215]: | event after this is EVENT_PENDING_PHASE2 in 109 seconds Sep 6 17:34:29 localhost pluto[12215]: | processing connection xxx Sep 6 17:34:29 localhost pluto[12215]: | handling event EVENT_RETRANSMIT for 1.1.1.2 "xxx" #3 Sep 6 17:34:29 localhost pluto[12215]: | sending 116 bytes for EVENT_RETRANSMIT through tun0:500 to 1.1.1.2:500: Sep 6 17:34:29 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:34:29 localhost pluto[12215]: | 08 10 20 01 8d d3 3e 5d 00 00 00 74 73 79 23 5a Sep 6 17:34:29 localhost pluto[12215]: | 98 c8 a0 27 48 df e0 d3 a0 8f a5 9d e6 aa 01 1f Sep 6 17:34:29 localhost pluto[12215]: | 94 8c 41 8a e5 89 89 15 56 4e 29 55 85 4b 27 a8 Sep 6 17:34:29 localhost pluto[12215]: | 1a 61 7c b0 81 ab b8 da e0 98 b5 a3 50 84 19 3f Sep 6 17:34:29 localhost pluto[12215]: | d5 6a 76 66 41 c5 2a c8 bd 18 29 36 b8 9e 26 71 Sep 6 17:34:29 localhost pluto[12215]: | ed 22 22 77 e8 e1 ba bb 34 44 db a4 f9 46 d9 c0 Sep 6 17:34:29 localhost pluto[12215]: | 1c 1a 06 a9 Sep 6 17:34:29 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 40 seconds for #3 Sep 6 17:34:29 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 40 seconds for #3 Sep 6 17:34:29 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 40 seconds for #3 Sep 6 17:34:29 localhost pluto[12215]: | Sep 6 17:34:29 localhost pluto[12215]: | *received adns message Sep 6 17:34:29 localhost pluto[12215]: | Sep 6 17:34:29 localhost pluto[12215]: | asynch DNS answer 41 no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:34:29 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 209.85.201.189: no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:34:29 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.85.201.189:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:34:29 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.85.201.189:0/0 Sep 6 17:34:29 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:34:29 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:34:29 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:34:29 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:34:29 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:34:29 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:34:29 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:34:29 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:34:29 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:34:29 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:34:29 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.85.201.189 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:34:29 localhost pluto[12215]: | DNS query 42 for TXT for RRT102. (gw: @RRT102) Sep 6 17:34:29 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 40 seconds for #3 Sep 6 17:34:29 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 40 seconds for #3 Sep 6 17:34:29 localhost pluto[12215]: | Sep 6 17:34:29 localhost pluto[12215]: | *received adns message Sep 6 17:34:29 localhost pluto[12215]: | Sep 6 17:34:29 localhost pluto[12215]: | asynch DNS answer 42 no host RRT102. for TXT record Sep 6 17:34:29 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 209.85.201.189: no host RRT102. for TXT record Sep 6 17:34:29 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.85.201.189:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:34:29 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.85.201.189:0/0 Sep 6 17:34:29 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:34:29 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:34:29 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:34:30 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:34:30 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:34:30 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:34:30 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:34:30 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:34:30 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:34:30 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:34:30 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.85.201.189 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:34:30 localhost pluto[12215]: | DNS query 43 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:34:30 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 40 seconds for #3 Sep 6 17:34:30 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 40 seconds for #3 Sep 6 17:34:30 localhost pluto[12215]: | Sep 6 17:34:30 localhost pluto[12215]: | *received adns message Sep 6 17:34:30 localhost pluto[12215]: | Sep 6 17:34:30 localhost pluto[12215]: | asynch DNS answer 43 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:34:30 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 209.85.201.189: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:34:30 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 209.85.201.189:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:34:30 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.85.201.189:0/0 Sep 6 17:34:30 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:34:30 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:34:30 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:34:30 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:34:30 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:34:30 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:34:30 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:34:30 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:34:30 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:34:30 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:34:30 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 209.85.201.189 new state: fos_myid_ip_key with ugh: ok Sep 6 17:34:30 localhost pluto[12215]: | DNS query 44 for KEY for RRT102. (gw: (none)) Sep 6 17:34:30 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 39 seconds for #3 Sep 6 17:34:30 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 39 seconds for #3 Sep 6 17:34:30 localhost pluto[12215]: | Sep 6 17:34:30 localhost pluto[12215]: | *received adns message Sep 6 17:34:30 localhost pluto[12215]: | Sep 6 17:34:30 localhost pluto[12215]: | asynch DNS answer 44 no host RRT102. for KEY record Sep 6 17:34:30 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 209.85.201.189:0/0 Sep 6 17:34:30 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:34:30 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:34:30 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:34:30 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:34:30 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:34:30 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 209.85.201.189: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:34:30 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 10.20.50.88/32:0 --0-> 209.85.201.189/32:0 => %pass (raw_eroute) Sep 6 17:34:30 localhost pluto[12215]: | change bare shunt 0x80feae8 10.20.50.88/32:0 -0-> 209.85.201.189/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:34:30 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 39 seconds for #3 Sep 6 17:34:53 localhost pluto[12215]: | Sep 6 17:34:53 localhost pluto[12215]: | *received kernel message Sep 6 17:34:53 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:34:53 localhost pluto[12215]: | add bare shunt 0x80feb68 10.20.50.88/32:0 -0-> 208.113.205.114/32:0 => %hold 0 %acquire-netlink Sep 6 17:34:53 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 208.113.205.114:0 proto=0 state: fos_start because: acquire Sep 6 17:34:53 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 208.113.205.114:0/0 Sep 6 17:34:53 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:34:53 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:34:53 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:34:53 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:34:53 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:34:53 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:34:53 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 208.113.205.114 new state: fos_start with ugh: ok Sep 6 17:34:53 localhost pluto[12215]: | DNS query 45 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:34:53 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 16 seconds for #3 Sep 6 17:34:53 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 16 seconds for #3 Sep 6 17:34:53 localhost pluto[12215]: | Sep 6 17:34:54 localhost pluto[12215]: | *received adns message Sep 6 17:34:54 localhost pluto[12215]: | Sep 6 17:34:54 localhost pluto[12215]: | asynch DNS answer 45 no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:34:54 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 208.113.205.114: no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:34:54 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 208.113.205.114:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:34:54 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 208.113.205.114:0/0 Sep 6 17:34:54 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:34:54 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:34:54 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:34:54 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:34:54 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:34:54 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:34:54 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:34:54 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:34:54 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:34:54 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:34:54 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 208.113.205.114 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:34:54 localhost pluto[12215]: | DNS query 46 for TXT for RRT102. (gw: @RRT102) Sep 6 17:34:54 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 15 seconds for #3 Sep 6 17:34:54 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 15 seconds for #3 Sep 6 17:34:54 localhost pluto[12215]: | Sep 6 17:34:54 localhost pluto[12215]: | *received adns message Sep 6 17:34:54 localhost pluto[12215]: | Sep 6 17:34:54 localhost pluto[12215]: | asynch DNS answer 46 no host RRT102. for TXT record Sep 6 17:34:54 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 208.113.205.114: no host RRT102. for TXT record Sep 6 17:34:54 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 208.113.205.114:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:34:54 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 208.113.205.114:0/0 Sep 6 17:34:54 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:34:54 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:34:54 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:34:54 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:34:54 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:34:54 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:34:54 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:34:54 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:34:54 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:34:54 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:34:54 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 208.113.205.114 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:34:54 localhost pluto[12215]: | DNS query 47 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:34:54 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 15 seconds for #3 Sep 6 17:34:54 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 15 seconds for #3 Sep 6 17:34:54 localhost pluto[12215]: | Sep 6 17:34:54 localhost pluto[12215]: | *received adns message Sep 6 17:34:54 localhost pluto[12215]: | Sep 6 17:34:54 localhost pluto[12215]: | asynch DNS answer 47 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:34:54 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 208.113.205.114: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:34:54 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 208.113.205.114:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:34:54 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 208.113.205.114:0/0 Sep 6 17:34:54 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:34:54 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:34:54 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:34:54 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:34:54 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:34:54 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:34:54 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:34:54 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:34:54 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:34:54 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:34:54 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 208.113.205.114 new state: fos_myid_ip_key with ugh: ok Sep 6 17:34:54 localhost pluto[12215]: | DNS query 48 for KEY for RRT102. (gw: (none)) Sep 6 17:34:54 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 15 seconds for #3 Sep 6 17:34:54 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 15 seconds for #3 Sep 6 17:34:54 localhost pluto[12215]: | Sep 6 17:34:54 localhost pluto[12215]: | *received adns message Sep 6 17:34:54 localhost pluto[12215]: | Sep 6 17:34:54 localhost pluto[12215]: | asynch DNS answer 48 no host RRT102. for KEY record Sep 6 17:34:54 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 208.113.205.114:0/0 Sep 6 17:34:54 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:34:54 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:34:54 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:34:54 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:34:54 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:34:54 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 208.113.205.114: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:34:54 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 10.20.50.88/32:0 --0-> 208.113.205.114/32:0 => %pass (raw_eroute) Sep 6 17:34:54 localhost pluto[12215]: | change bare shunt 0x80feb68 10.20.50.88/32:0 -0-> 208.113.205.114/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:34:54 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 15 seconds for #3 Sep 6 17:35:09 localhost pluto[12215]: | Sep 6 17:35:09 localhost pluto[12215]: | *time to handle event Sep 6 17:35:09 localhost pluto[12215]: | handling event EVENT_RETRANSMIT Sep 6 17:35:09 localhost pluto[12215]: | event after this is EVENT_PENDING_PHASE2 in 69 seconds Sep 6 17:35:09 localhost pluto[12215]: | processing connection xxx Sep 6 17:35:09 localhost pluto[12215]: | handling event EVENT_RETRANSMIT for 1.1.1.2 "xxx" #3 Sep 6 17:35:09 localhost pluto[12215]: "xxx" #3: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal Sep 6 17:35:09 localhost pluto[12215]: "xxx" #3: starting keying attempt 3 of an unlimited number Sep 6 17:35:09 localhost pluto[12215]: | duplicating state object #1 Sep 6 17:35:09 localhost pluto[12215]: | creating state object #4 at 0x81016b8 Sep 6 17:35:09 localhost pluto[12215]: | processing connection xxx Sep 6 17:35:09 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:35:09 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:35:09 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:35:09 localhost pluto[12215]: | state hash entry 23 Sep 6 17:35:09 localhost pluto[12215]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #4 Sep 6 17:35:09 localhost pluto[12215]: "xxx" #4: initiating Quick Mode PSK+ENCRYPT+UP to replace #3 {using isakmp#1} Sep 6 17:35:09 localhost pluto[12215]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1 Sep 6 17:35:09 localhost pluto[12215]: | asking helper 0 to do build_nonce op on seq: 4 Sep 6 17:35:09 localhost pluto[12215]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #4 Sep 6 17:35:09 localhost pluto[12216]: ! helper 0 doing build_nonce op id: 4 Sep 6 17:35:09 localhost pluto[12215]: | deleting state #3 Sep 6 17:35:09 localhost pluto[12216]: ! Generated nonce: Sep 6 17:35:09 localhost pluto[12215]: | processing connection xxx Sep 6 17:35:09 localhost pluto[12216]: ! ed b4 c2 77 3d f3 31 c8 89 b5 94 51 ed a1 71 ae Sep 6 17:35:09 localhost pluto[12215]: | no suspended cryptographic state for 3 Sep 6 17:35:09 localhost pluto[12215]: | next event EVENT_PENDING_PHASE2 in 69 seconds Sep 6 17:35:09 localhost pluto[12215]: | helper 0 has work (cnt now 0) Sep 6 17:35:09 localhost pluto[12215]: | helper 0 replies to sequence 4 Sep 6 17:35:09 localhost pluto[12215]: | calling callback function 0x806907e Sep 6 17:35:09 localhost pluto[12215]: | quick outI1: calculated ke+nonce, sending I1 Sep 6 17:35:09 localhost pluto[12215]: | processing connection xxx Sep 6 17:35:09 localhost pluto[12215]: | **emit ISAKMP Message: Sep 6 17:35:09 localhost pluto[12215]: | initiator cookie: Sep 6 17:35:09 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:35:10 localhost pluto[12215]: | responder cookie: Sep 6 17:35:10 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:35:10 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_HASH Sep 6 17:35:10 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:35:10 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_QUICK Sep 6 17:35:10 localhost pluto[12215]: | flags: ISAKMP_FLAG_ENCRYPTION Sep 6 17:35:10 localhost pluto[12215]: | message ID: cc e5 2f 65 Sep 6 17:35:10 localhost pluto[12215]: | ***emit ISAKMP Hash Payload: Sep 6 17:35:10 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_SA Sep 6 17:35:10 localhost pluto[12215]: | emitting 16 zero bytes of HASH into ISAKMP Hash Payload Sep 6 17:35:10 localhost pluto[12215]: | emitting length of ISAKMP Hash Payload: 20 Sep 6 17:35:10 localhost pluto[12215]: | kernel_alg_db_new() initial trans_cnt=28 Sep 6 17:35:10 localhost pluto[12215]: | kernel_alg_db_new() will return p_new->protoid=3, p_new->trans_cnt=1 Sep 6 17:35:10 localhost pluto[12215]: | kernel_alg_db_new() trans[0]: transid=3, attr_cnt=1, attrs[0].type=5, attrs[0].val=1 Sep 6 17:35:10 localhost pluto[12215]: | returning new proposal from esp_info Sep 6 17:35:10 localhost pluto[12215]: | ***emit ISAKMP Security Association Payload: Sep 6 17:35:10 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONCE Sep 6 17:35:10 localhost pluto[12215]: | DOI: ISAKMP_DOI_IPSEC Sep 6 17:35:10 localhost pluto[12215]: | ****emit IPsec DOI SIT: Sep 6 17:35:10 localhost pluto[12215]: | IPsec DOI SIT: SIT_IDENTITY_ONLY Sep 6 17:35:10 localhost pluto[12215]: | out_sa pcn: 0 has 1 valid proposals Sep 6 17:35:10 localhost pluto[12215]: | out_sa pcn: 0 pn: 0<1 valid_count: 1 Sep 6 17:35:10 localhost pluto[12215]: | ****emit ISAKMP Proposal Payload: Sep 6 17:35:10 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:35:10 localhost pluto[12215]: | proposal number: 0 Sep 6 17:35:10 localhost pluto[12215]: | protocol ID: PROTO_IPSEC_ESP Sep 6 17:35:10 localhost pluto[12215]: | SPI size: 4 Sep 6 17:35:10 localhost pluto[12215]: | number of transforms: 1 Sep 6 17:35:10 localhost pluto[12215]: | netlink_get_spi: allocated 0x6f5b62f1 for esp.0@1.1.1.1 Sep 6 17:35:10 localhost pluto[12215]: | emitting 4 raw bytes of SPI into ISAKMP Proposal Payload Sep 6 17:35:10 localhost pluto[12215]: | SPI 6f 5b 62 f1 Sep 6 17:35:10 localhost pluto[12215]: | *****emit ISAKMP Transform Payload (ESP): Sep 6 17:35:10 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:35:10 localhost pluto[12215]: | transform number: 0 Sep 6 17:35:10 localhost pluto[12215]: | transform ID: ESP_3DES Sep 6 17:35:10 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:35:10 localhost pluto[12215]: | af+type: ENCAPSULATION_MODE Sep 6 17:35:10 localhost pluto[12215]: | length/value: 2 Sep 6 17:35:10 localhost pluto[12215]: | [2 is ENCAPSULATION_MODE_TRANSPORT] Sep 6 17:35:10 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:35:10 localhost pluto[12215]: | af+type: SA_LIFE_TYPE Sep 6 17:35:10 localhost pluto[12215]: | length/value: 1 Sep 6 17:35:10 localhost pluto[12215]: | [1 is SA_LIFE_TYPE_SECONDS] Sep 6 17:35:10 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:35:10 localhost pluto[12215]: | af+type: SA_LIFE_DURATION Sep 6 17:35:10 localhost pluto[12215]: | length/value: 28800 Sep 6 17:35:10 localhost pluto[12215]: | ******emit ISAKMP IPsec DOI attribute: Sep 6 17:35:10 localhost pluto[12215]: | af+type: AUTH_ALGORITHM Sep 6 17:35:10 localhost pluto[12215]: | length/value: 1 Sep 6 17:35:10 localhost pluto[12215]: | [1 is AUTH_ALGORITHM_HMAC_MD5] Sep 6 17:35:10 localhost pluto[12215]: | emitting length of ISAKMP Transform Payload (ESP): 24 Sep 6 17:35:10 localhost pluto[12215]: | emitting length of ISAKMP Proposal Payload: 36 Sep 6 17:35:10 localhost pluto[12215]: | emitting length of ISAKMP Security Association Payload: 48 Sep 6 17:35:10 localhost pluto[12215]: | ***emit ISAKMP Nonce Payload: Sep 6 17:35:10 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:35:10 localhost pluto[12215]: | emitting 16 raw bytes of Ni into ISAKMP Nonce Payload Sep 6 17:35:10 localhost pluto[12215]: | Ni ed b4 c2 77 3d f3 31 c8 89 b5 94 51 ed a1 71 ae Sep 6 17:35:10 localhost pluto[12215]: | emitting length of ISAKMP Nonce Payload: 20 Sep 6 17:35:10 localhost pluto[12215]: | HASH(1) computed: Sep 6 17:35:10 localhost pluto[12215]: | 2c 9e fe e0 17 00 bf 21 7f d8 37 ed 1f a9 9a e8 Sep 6 17:35:10 localhost pluto[12215]: | last Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:35:10 localhost pluto[12215]: | current Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:35:10 localhost pluto[12215]: | computed Phase 2 IV: Sep 6 17:35:10 localhost pluto[12215]: | c1 02 27 c4 44 0c c0 8d 82 fc 25 58 a3 ce e0 03 Sep 6 17:35:10 localhost pluto[12215]: | encrypting: Sep 6 17:35:11 localhost pluto[12215]: | 01 00 00 14 2c 9e fe e0 17 00 bf 21 7f d8 37 ed Sep 6 17:35:11 localhost pluto[12215]: | 1f a9 9a e8 0a 00 00 30 00 00 00 01 00 00 00 01 Sep 6 17:35:11 localhost pluto[12215]: | 00 00 00 24 00 03 04 01 6f 5b 62 f1 00 00 00 18 Sep 6 17:35:11 localhost pluto[12215]: | 00 03 00 00 80 04 00 02 80 01 00 01 80 02 70 80 Sep 6 17:35:11 localhost pluto[12215]: | 80 05 00 01 00 00 00 14 ed b4 c2 77 3d f3 31 c8 Sep 6 17:35:11 localhost pluto[12215]: | 89 b5 94 51 ed a1 71 ae Sep 6 17:35:11 localhost pluto[12215]: | IV: Sep 6 17:35:11 localhost pluto[12215]: | c1 02 27 c4 44 0c c0 8d 82 fc 25 58 a3 ce e0 03 Sep 6 17:35:11 localhost pluto[12215]: | encrypting using OAKLEY_3DES_CBC Sep 6 17:35:11 localhost pluto[12215]: | next IV: d5 71 07 ce 1d 74 50 d7 Sep 6 17:35:11 localhost pluto[12215]: | emitting length of ISAKMP Message: 116 Sep 6 17:35:11 localhost pluto[12215]: | sending 116 bytes for quick_outI1 through tun0:500 to 1.1.1.2:500: Sep 6 17:35:11 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:35:11 localhost pluto[12215]: | 08 10 20 01 cc e5 2f 65 00 00 00 74 3f 96 f6 3d Sep 6 17:35:11 localhost pluto[12215]: | b6 d2 bd 15 66 04 bf ef 59 fb 33 17 0e 07 3b fc Sep 6 17:35:11 localhost pluto[12215]: | 43 40 df 82 32 1c 77 b7 10 c3 34 f5 0f 4b e4 eb Sep 6 17:35:11 localhost pluto[12215]: | 3d e2 e4 e4 91 5b c6 24 78 b4 35 aa d7 42 3a 18 Sep 6 17:35:11 localhost pluto[12215]: | f3 1c 44 80 68 79 bb 73 9b 88 89 5d 02 ff 92 4e Sep 6 17:35:11 localhost pluto[12215]: | 9d 93 60 ff 32 d2 53 82 b5 45 b0 3e d5 71 07 ce Sep 6 17:35:11 localhost pluto[12215]: | 1d 74 50 d7 Sep 6 17:35:11 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #4 Sep 6 17:35:11 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 10 seconds for #4 Sep 6 17:35:11 localhost pluto[12215]: | Sep 6 17:35:11 localhost pluto[12215]: | *received kernel message Sep 6 17:35:11 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:35:11 localhost pluto[12215]: | add bare shunt 0x8101b18 10.20.50.88/32:0 -0-> 72.14.235.147/32:0 => %hold 0 %acquire-netlink Sep 6 17:35:11 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.147:0 proto=0 state: fos_start because: acquire Sep 6 17:35:11 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.147:0/0 Sep 6 17:35:11 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:11 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:11 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:11 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:11 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:11 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:11 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.147 new state: fos_start with ugh: ok Sep 6 17:35:11 localhost pluto[12215]: | DNS query 49 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:35:11 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:35:11 localhost pluto[12215]: | add bare shunt 0x80fec90 10.20.50.88/32:0 -0-> 72.14.235.99/32:0 => %hold 0 %acquire-netlink Sep 6 17:35:11 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.99:0 proto=0 state: fos_start because: acquire Sep 6 17:35:11 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.99:0/0 Sep 6 17:35:11 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:11 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:11 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:11 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:11 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:11 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:11 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.99 new state: fos_start with ugh: ok Sep 6 17:35:11 localhost pluto[12215]: | DNS query 50 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:35:11 localhost pluto[12215]: | netlink_get: XFRM_MSG_ACQUIRE message Sep 6 17:35:11 localhost pluto[12215]: | add bare shunt 0x80fed10 10.20.50.88/32:0 -0-> 72.14.235.104/32:0 => %hold 0 %acquire-netlink Sep 6 17:35:11 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.104:0 proto=0 state: fos_start because: acquire Sep 6 17:35:11 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.104:0/0 Sep 6 17:35:11 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:11 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:11 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:11 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:11 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:11 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:11 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.104 new state: fos_start with ugh: ok Sep 6 17:35:11 localhost pluto[12215]: | DNS query 51 for TXT for 88.50.20.10.in-addr.arpa. (gw: 10.20.50.88) Sep 6 17:35:11 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 10 seconds for #4 Sep 6 17:35:11 localhost pluto[12215]: | Sep 6 17:35:11 localhost pluto[12215]: | *received 116 bytes from 1.1.1.2:500 on tun0 (port=500) Sep 6 17:35:11 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:35:11 localhost pluto[12215]: | 08 10 05 01 35 a8 75 3b 00 00 00 74 28 de 6c 16 Sep 6 17:35:11 localhost pluto[12215]: | 9f b5 80 e5 2c 33 ea 6b e4 01 06 a9 6a 6c 13 c3 Sep 6 17:35:11 localhost pluto[12215]: | dc 06 92 9c 63 fd 1d 01 48 4d 18 74 b6 93 99 84 Sep 6 17:35:11 localhost pluto[12215]: | 4f 66 62 fb 5b 74 07 6e 16 6d cc a7 80 e5 1c 4e Sep 6 17:35:11 localhost pluto[12215]: | e2 13 a1 96 f7 d0 34 68 81 c3 ad ef 3a 8b 3d f5 Sep 6 17:35:11 localhost pluto[12215]: | 3c 27 ac 57 6c 5d ec f8 b4 36 57 fa 03 7f b5 5d Sep 6 17:35:11 localhost pluto[12215]: | 80 05 96 1f Sep 6 17:35:11 localhost pluto[12215]: | **parse ISAKMP Message: Sep 6 17:35:11 localhost pluto[12215]: | initiator cookie: Sep 6 17:35:11 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:35:11 localhost pluto[12215]: | responder cookie: Sep 6 17:35:11 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:35:11 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_HASH Sep 6 17:35:11 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:35:11 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_INFO Sep 6 17:35:11 localhost pluto[12215]: | flags: ISAKMP_FLAG_ENCRYPTION Sep 6 17:35:11 localhost pluto[12215]: | message ID: 35 a8 75 3b Sep 6 17:35:11 localhost pluto[12215]: | length: 116 Sep 6 17:35:11 localhost pluto[12215]: | processing packet with exchange type=ISAKMP_XCHG_INFO (5) Sep 6 17:35:11 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:35:11 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:35:11 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:35:11 localhost pluto[12215]: | state hash entry 23 Sep 6 17:35:11 localhost pluto[12215]: | peer and cookies match on #4, provided msgid 00000000 vs cce52f65/00000000 Sep 6 17:35:11 localhost pluto[12215]: | peer and cookies match on #1, provided msgid 00000000 vs 00000000/00000000 Sep 6 17:35:11 localhost pluto[12215]: | p15 state object #1 found, in STATE_MAIN_I4 Sep 6 17:35:11 localhost pluto[12215]: | processing connection xxx Sep 6 17:35:11 localhost pluto[12215]: | last Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:35:11 localhost pluto[12215]: | current Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:35:11 localhost pluto[12215]: | computed Phase 2 IV: Sep 6 17:35:11 localhost pluto[12215]: | 34 b9 54 35 48 08 27 da 22 18 4b c0 c4 2f 85 56 Sep 6 17:35:11 localhost pluto[12215]: | received encrypted packet from 1.1.1.2:500 Sep 6 17:35:11 localhost pluto[12215]: | decrypting 88 bytes using algorithm OAKLEY_3DES_CBC Sep 6 17:35:11 localhost pluto[12215]: | decrypted: Sep 6 17:35:11 localhost pluto[12215]: | 0b 00 00 14 9f 31 e8 e0 3c bc b0 4c 5e e1 db e4 Sep 6 17:35:11 localhost pluto[12215]: | 5b 74 f2 84 00 00 00 40 00 00 00 01 03 04 00 0e Sep 6 17:35:12 localhost pluto[12215]: | 6f 5b 62 f1 0a 00 00 30 00 00 00 01 00 00 00 01 Sep 6 17:35:12 localhost pluto[12215]: | 81 40 e7 64 01 00 00 14 00 00 00 00 81 cd be e0 Sep 6 17:35:12 localhost pluto[12215]: | 83 18 91 c4 83 0e e3 80 81 40 ea cc 01 0e e3 f4 Sep 6 17:35:12 localhost pluto[12215]: | cc e5 2f 65 00 00 00 00 Sep 6 17:35:12 localhost pluto[12215]: | next IV: 03 7f b5 5d 80 05 96 1f Sep 6 17:35:12 localhost pluto[12215]: | np=8 and sd=0x80deed8 Sep 6 17:35:12 localhost pluto[12215]: | ***parse ISAKMP Hash Payload: Sep 6 17:35:12 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_N Sep 6 17:35:12 localhost pluto[12215]: | length: 20 Sep 6 17:35:12 localhost pluto[12215]: | np=11 and sd=0x80dee20 Sep 6 17:35:12 localhost pluto[12215]: | ***parse ISAKMP Notification Payload: Sep 6 17:35:12 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:35:12 localhost pluto[12215]: | length: 64 Sep 6 17:35:12 localhost pluto[12215]: | DOI: ISAKMP_DOI_IPSEC Sep 6 17:35:12 localhost pluto[12215]: | protocol ID: 3 Sep 6 17:35:12 localhost pluto[12215]: | SPI size: 4 Sep 6 17:35:12 localhost pluto[12215]: | Notify Message Type: NO_PROPOSAL_CHOSEN Sep 6 17:35:12 localhost pluto[12215]: | removing 4 bytes of padding Sep 6 17:35:12 localhost pluto[12215]: "xxx" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN Sep 6 17:35:12 localhost pluto[12215]: | info: 6f 5b 62 f1 0a 00 00 30 00 00 00 01 00 00 00 01 Sep 6 17:35:12 localhost pluto[12215]: | 81 40 e7 64 01 00 00 14 00 00 00 00 81 cd be e0 Sep 6 17:35:12 localhost pluto[12215]: | 83 18 91 c4 83 0e e3 80 81 40 ea cc 01 0e e3 f4 Sep 6 17:35:12 localhost pluto[12215]: | cc e5 2f 65 Sep 6 17:35:12 localhost pluto[12215]: | processing informational NO_PROPOSAL_CHOSEN (14) Sep 6 17:35:12 localhost pluto[12215]: "xxx" #1: received and ignored informational message Sep 6 17:35:12 localhost pluto[12215]: | complete state transition with STF_IGNORE Sep 6 17:35:12 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #4 Sep 6 17:35:12 localhost pluto[12215]: | Sep 6 17:35:12 localhost pluto[12215]: | *received adns message Sep 6 17:35:12 localhost pluto[12215]: | Sep 6 17:35:12 localhost pluto[12215]: | asynch DNS answer 50 no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:35:12 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 72.14.235.99: no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:35:12 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.99:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:35:12 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.99:0/0 Sep 6 17:35:12 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:12 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:12 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:12 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:12 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:12 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:12 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:12 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:12 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:35:12 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:35:12 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.99 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:35:12 localhost pluto[12215]: | DNS query 52 for TXT for RRT102. (gw: @RRT102) Sep 6 17:35:12 localhost pluto[12215]: | Sep 6 17:35:12 localhost pluto[12215]: | asynch DNS answer 51 no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:35:12 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 72.14.235.104: no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:35:12 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.104:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:35:12 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.104:0/0 Sep 6 17:35:12 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:12 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:12 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:12 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:12 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:12 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:12 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:12 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:12 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:35:12 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:35:12 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.104 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:35:12 localhost pluto[12215]: | DNS query 53 for TXT for RRT102. (gw: @RRT102) Sep 6 17:35:12 localhost pluto[12215]: | Sep 6 17:35:12 localhost pluto[12215]: | asynch DNS answer 49 no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:35:12 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for IP address as %myid, 10.20.50.88 to 72.14.235.147: no host 88.50.20.10.in-addr.arpa. for TXT record Sep 6 17:35:12 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.147:0 proto=0 state: fos_myid_ip_txt because: TXT record for IP address as %myid Sep 6 17:35:12 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.147:0/0 Sep 6 17:35:12 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:12 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:12 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:12 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:12 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:12 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:12 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:13 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:13 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:35:13 localhost pluto[12215]: | can not use our IP (10.20.50.88:TXT) as identity: we don't know our own RSA key Sep 6 17:35:13 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.147 new state: fos_myid_ip_txt with ugh: ok Sep 6 17:35:13 localhost pluto[12215]: | DNS query 54 for TXT for RRT102. (gw: @RRT102) Sep 6 17:35:13 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #4 Sep 6 17:35:13 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 9 seconds for #4 Sep 6 17:35:13 localhost pluto[12215]: | Sep 6 17:35:13 localhost pluto[12215]: | *received adns message Sep 6 17:35:13 localhost pluto[12215]: | Sep 6 17:35:13 localhost pluto[12215]: | asynch DNS answer 53 no host RRT102. for TXT record Sep 6 17:35:13 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 72.14.235.104: no host RRT102. for TXT record Sep 6 17:35:13 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.104:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:35:13 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.104:0/0 Sep 6 17:35:13 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:13 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:13 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:13 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:13 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:13 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:13 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:35:13 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:35:13 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:35:13 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:35:13 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.104 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:35:13 localhost pluto[12215]: | DNS query 55 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:35:13 localhost pluto[12215]: | Sep 6 17:35:13 localhost pluto[12215]: | asynch DNS answer 52 no host RRT102. for TXT record Sep 6 17:35:13 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 72.14.235.99: no host RRT102. for TXT record Sep 6 17:35:13 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.99:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:35:13 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.99:0/0 Sep 6 17:35:13 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:13 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:13 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:13 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:13 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:13 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:13 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:35:13 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:35:13 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:35:13 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:35:13 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.99 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:35:13 localhost pluto[12215]: | DNS query 56 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:35:13 localhost pluto[12215]: | Sep 6 17:35:13 localhost pluto[12215]: | asynch DNS answer 54 no host RRT102. for TXT record Sep 6 17:35:13 localhost pluto[12215]: | continuing from failed DNS lookup for TXT record for hostname as %myid, 10.20.50.88 to 72.14.235.147: no host RRT102. for TXT record Sep 6 17:35:13 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.147:0 proto=0 state: fos_myid_hostname_txt because: TXT record for hostname as %myid Sep 6 17:35:13 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.147:0/0 Sep 6 17:35:13 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:13 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:13 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:13 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:13 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:13 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:13 localhost pluto[12215]: | started looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:35:13 localhost pluto[12215]: | actually looking for secret for @RRT102->(none) of kind PPK_RSA Sep 6 17:35:13 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:35:13 localhost pluto[12215]: | can not use our hostname (@RRT102:TXT) as identity: we don't know our own RSA key Sep 6 17:35:13 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.147 new state: fos_myid_hostname_txt with ugh: ok Sep 6 17:35:13 localhost pluto[12215]: | DNS query 57 for KEY for 88.50.20.10.in-addr.arpa. (gw: (none)) Sep 6 17:35:13 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 8 seconds for #4 Sep 6 17:35:13 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 8 seconds for #4 Sep 6 17:35:13 localhost pluto[12215]: | Sep 6 17:35:13 localhost pluto[12215]: | *received adns message Sep 6 17:35:13 localhost pluto[12215]: | Sep 6 17:35:13 localhost pluto[12215]: | asynch DNS answer 56 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 72.14.235.99: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.99:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.99:0/0 Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:14 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:14 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:14 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:14 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:35:14 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:35:14 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.99 new state: fos_myid_ip_key with ugh: ok Sep 6 17:35:14 localhost pluto[12215]: | DNS query 58 for KEY for RRT102. (gw: (none)) Sep 6 17:35:14 localhost pluto[12215]: | Sep 6 17:35:14 localhost pluto[12215]: | asynch DNS answer 55 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 72.14.235.104: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.104:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.104:0/0 Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:14 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:14 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:14 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:14 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:35:14 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:35:14 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.104 new state: fos_myid_ip_key with ugh: ok Sep 6 17:35:14 localhost pluto[12215]: | DNS query 59 for KEY for RRT102. (gw: (none)) Sep 6 17:35:14 localhost pluto[12215]: | Sep 6 17:35:14 localhost pluto[12215]: | asynch DNS answer 57 no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | continuing from failed DNS lookup for KEY record for IP address as %myid (no good TXT), 10.20.50.88 to 72.14.235.147: no host 88.50.20.10.in-addr.arpa. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | initiate on demand from 10.20.50.88:0 to 72.14.235.147:0 proto=0 state: fos_myid_ip_key because: KEY record for IP address as %myid (no good TXT) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.147:0/0 Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:14 localhost pluto[12215]: | creating new instance from "private-or-clear#0.0.0.0/0" Sep 6 17:35:14 localhost pluto[12215]: | started looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:14 localhost pluto[12215]: | actually looking for secret for 10.20.50.88->(none) of kind PPK_RSA Sep 6 17:35:14 localhost pluto[12215]: | concluding with best_match=0 best=(nil) (lineno=-1) Sep 6 17:35:14 localhost pluto[12215]: | can not use our IP (10.20.50.88:KEY) as identity: we don't know our own RSA key Sep 6 17:35:14 localhost pluto[12215]: | initiate on demand from 10.20.50.88 to 72.14.235.147 new state: fos_myid_ip_key with ugh: ok Sep 6 17:35:14 localhost pluto[12215]: | DNS query 60 for KEY for RRT102. (gw: (none)) Sep 6 17:35:14 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #4 Sep 6 17:35:14 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #4 Sep 6 17:35:14 localhost pluto[12215]: | Sep 6 17:35:14 localhost pluto[12215]: | *received adns message Sep 6 17:35:14 localhost pluto[12215]: | Sep 6 17:35:14 localhost pluto[12215]: | asynch DNS answer 59 no host RRT102. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.104:0/0 Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:14 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 72.14.235.104: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 10.20.50.88/32:0 --0-> 72.14.235.104/32:0 => %pass (raw_eroute) Sep 6 17:35:14 localhost pluto[12215]: | change bare shunt 0x80fed10 10.20.50.88/32:0 -0-> 72.14.235.104/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | Sep 6 17:35:14 localhost pluto[12215]: | asynch DNS answer 58 no host RRT102. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.99:0/0 Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:14 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 72.14.235.99: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 10.20.50.88/32:0 --0-> 72.14.235.99/32:0 => %pass (raw_eroute) Sep 6 17:35:14 localhost pluto[12215]: | change bare shunt 0x80fec90 10.20.50.88/32:0 -0-> 72.14.235.99/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | Sep 6 17:35:14 localhost pluto[12215]: | asynch DNS answer 60 no host RRT102. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | find_connection: looking for policy for connection: 10.20.50.88:0/0 -> 72.14.235.147:0/0 Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "private-or-clear#0.0.0.0/0" has compatible peers: 10.20.50.88/32 -> 0.0.0.0/0 [pri: 16777229] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: conn "packetdefault" has compatible peers: 0.0.0.0/0 -> 0.0.0.0/0 [pri: 13] Sep 6 17:35:14 localhost pluto[12215]: | find_connection: comparing best "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} (child none) to "packetdefault" [pri:13]{0x80f9088} (child none) Sep 6 17:35:14 localhost pluto[12215]: | find_connection: concluding with "private-or-clear#0.0.0.0/0" [pri:16777229]{0x80fb1d8} kind=CK_TEMPLATE Sep 6 17:35:14 localhost pluto[12215]: Can not opportunistically initiate for 10.20.50.88 to 72.14.235.147: KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record eroute 10.20.50.88/32:0 --0-> 72.14.235.147/32:0 => %pass (raw_eroute) Sep 6 17:35:14 localhost pluto[12215]: | change bare shunt 0x8101b18 10.20.50.88/32:0 -0-> 72.14.235.147/32:0 => %pass 32,0 KEY record for hostname as %myid (no good TXT): no host RRT102. for KEY record Sep 6 17:35:14 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 7 seconds for #4 Sep 6 17:35:21 localhost pluto[12215]: | Sep 6 17:35:21 localhost pluto[12215]: | *time to handle event Sep 6 17:35:21 localhost pluto[12215]: | handling event EVENT_RETRANSMIT Sep 6 17:35:21 localhost pluto[12215]: | event after this is EVENT_PENDING_PHASE2 in 57 seconds Sep 6 17:35:21 localhost pluto[12215]: | processing connection xxx Sep 6 17:35:21 localhost pluto[12215]: | handling event EVENT_RETRANSMIT for 1.1.1.2 "xxx" #4 Sep 6 17:35:21 localhost pluto[12215]: | sending 116 bytes for EVENT_RETRANSMIT through tun0:500 to 1.1.1.2:500: Sep 6 17:35:21 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:35:21 localhost pluto[12215]: | 08 10 20 01 cc e5 2f 65 00 00 00 74 3f 96 f6 3d Sep 6 17:35:21 localhost pluto[12215]: | b6 d2 bd 15 66 04 bf ef 59 fb 33 17 0e 07 3b fc Sep 6 17:35:21 localhost pluto[12215]: | 43 40 df 82 32 1c 77 b7 10 c3 34 f5 0f 4b e4 eb Sep 6 17:35:21 localhost pluto[12215]: | 3d e2 e4 e4 91 5b c6 24 78 b4 35 aa d7 42 3a 18 Sep 6 17:35:21 localhost pluto[12215]: | f3 1c 44 80 68 79 bb 73 9b 88 89 5d 02 ff 92 4e Sep 6 17:35:21 localhost pluto[12215]: | 9d 93 60 ff 32 d2 53 82 b5 45 b0 3e d5 71 07 ce Sep 6 17:35:21 localhost pluto[12215]: | 1d 74 50 d7 Sep 6 17:35:21 localhost pluto[12215]: | inserting event EVENT_RETRANSMIT, timeout in 20 seconds for #4 Sep 6 17:35:21 localhost pluto[12215]: | next event EVENT_RETRANSMIT in 20 seconds for #4 Sep 6 17:35:24 localhost pluto[12215]: | Sep 6 17:35:24 localhost pluto[12215]: | *received whack message Sep 6 17:35:24 localhost pluto[12215]: shutting down Sep 6 17:35:24 localhost pluto[12215]: forgetting secrets Sep 6 17:35:24 localhost pluto[12215]: | processing connection xxx Sep 6 17:35:24 localhost pluto[12215]: "xxx": deleting connection Sep 6 17:35:24 localhost pluto[12215]: | processing connection xxx Sep 6 17:35:24 localhost pluto[12215]: "xxx" #4: deleting state (STATE_QUICK_I1) Sep 6 17:35:24 localhost pluto[12215]: | deleting state #4 Sep 6 17:35:24 localhost pluto[12215]: | processing connection xxx Sep 6 17:35:24 localhost pluto[12215]: | no suspended cryptographic state for 4 Sep 6 17:35:24 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:35:24 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:35:24 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:35:24 localhost pluto[12215]: | state hash entry 23 Sep 6 17:35:24 localhost pluto[12215]: | processing connection xxx Sep 6 17:35:24 localhost pluto[12215]: "xxx" #1: deleting state (STATE_MAIN_I4) Sep 6 17:35:24 localhost pluto[12215]: | deleting state #1 Sep 6 17:35:24 localhost pluto[12215]: | processing connection xxx Sep 6 17:35:24 localhost pluto[12215]: | **emit ISAKMP Message: Sep 6 17:35:24 localhost pluto[12215]: | initiator cookie: Sep 6 17:35:24 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 Sep 6 17:35:24 localhost pluto[12215]: | responder cookie: Sep 6 17:35:24 localhost pluto[12215]: | 95 84 b9 da 2d bd d1 fb Sep 6 17:35:24 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_HASH Sep 6 17:35:24 localhost pluto[12215]: | ISAKMP version: ISAKMP Version 1.0 Sep 6 17:35:24 localhost pluto[12215]: | exchange type: ISAKMP_XCHG_INFO Sep 6 17:35:24 localhost pluto[12215]: | flags: ISAKMP_FLAG_ENCRYPTION Sep 6 17:35:24 localhost pluto[12215]: | message ID: 96 c8 a0 06 Sep 6 17:35:24 localhost pluto[12215]: | ***emit ISAKMP Hash Payload: Sep 6 17:35:24 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_D Sep 6 17:35:24 localhost pluto[12215]: | emitting 16 zero bytes of HASH(1) into ISAKMP Hash Payload Sep 6 17:35:24 localhost pluto[12215]: | emitting length of ISAKMP Hash Payload: 20 Sep 6 17:35:24 localhost pluto[12215]: | ***emit ISAKMP Delete Payload: Sep 6 17:35:24 localhost pluto[12215]: | next payload type: ISAKMP_NEXT_NONE Sep 6 17:35:24 localhost pluto[12215]: | DOI: ISAKMP_DOI_IPSEC Sep 6 17:35:24 localhost pluto[12215]: | protocol ID: 1 Sep 6 17:35:24 localhost pluto[12215]: | SPI size: 16 Sep 6 17:35:24 localhost pluto[12215]: | number of SPIs: 1 Sep 6 17:35:24 localhost pluto[12215]: | emitting 16 raw bytes of delete payload into ISAKMP Delete Payload Sep 6 17:35:24 localhost pluto[12215]: | delete payload c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:35:24 localhost pluto[12215]: | emitting length of ISAKMP Delete Payload: 28 Sep 6 17:35:24 localhost pluto[12215]: | HASH(1) computed: Sep 6 17:35:24 localhost pluto[12215]: | df a6 55 30 58 15 a9 ac 97 5a d2 f5 a0 ee 91 81 Sep 6 17:35:24 localhost pluto[12215]: | last Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:35:24 localhost pluto[12215]: | current Phase 1 IV: 96 9f c9 2d 15 37 21 ec Sep 6 17:35:24 localhost pluto[12215]: | computed Phase 2 IV: Sep 6 17:35:24 localhost pluto[12215]: | 49 6f e8 64 8b 7d 60 1b 12 9b cc 7a 51 e7 07 06 Sep 6 17:35:24 localhost pluto[12215]: | encrypting: Sep 6 17:35:24 localhost pluto[12215]: | 0c 00 00 14 df a6 55 30 58 15 a9 ac 97 5a d2 f5 Sep 6 17:35:24 localhost pluto[12215]: | a0 ee 91 81 00 00 00 1c 00 00 00 01 01 10 00 01 Sep 6 17:35:24 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:35:24 localhost pluto[12215]: | IV: Sep 6 17:35:24 localhost pluto[12215]: | 49 6f e8 64 8b 7d 60 1b 12 9b cc 7a 51 e7 07 06 Sep 6 17:35:24 localhost pluto[12215]: | encrypting using OAKLEY_3DES_CBC Sep 6 17:35:24 localhost pluto[12215]: | next IV: 8e 0f 3d 3c ed 26 2f d0 Sep 6 17:35:24 localhost pluto[12215]: | emitting length of ISAKMP Message: 76 Sep 6 17:35:24 localhost pluto[12215]: | sending 76 bytes for delete notify through tun0:500 to 1.1.1.2:500: Sep 6 17:35:24 localhost pluto[12215]: | c6 75 1a 47 aa ad d9 f2 95 84 b9 da 2d bd d1 fb Sep 6 17:35:24 localhost pluto[12215]: | 08 10 05 01 96 c8 a0 06 00 00 00 4c f2 68 c8 a8 Sep 6 17:35:24 localhost pluto[12215]: | c7 88 1d 3f b5 f2 1d ea 86 ac 40 33 ff 0e a7 2c Sep 6 17:35:24 localhost pluto[12215]: | 61 81 3e 35 b6 11 9e 5c 13 d3 ad 2b 89 9c 96 cf Sep 6 17:35:24 localhost pluto[12215]: | 57 cb a7 5f 8e 0f 3d 3c ed 26 2f d0 Sep 6 17:35:24 localhost pluto[12215]: | no suspended cryptographic state for 1 Sep 6 17:35:24 localhost pluto[12215]: | ICOOKIE: c6 75 1a 47 aa ad d9 f2 Sep 6 17:35:24 localhost pluto[12215]: | RCOOKIE: 95 84 b9 da 2d bd d1 fb Sep 6 17:35:24 localhost pluto[12215]: | peer: 01 01 01 02 Sep 6 17:35:24 localhost pluto[12215]: | state hash entry 23 Sep 6 17:35:24 localhost pluto[12215]: | delete eroute 1.1.1.2/32:0 --0-> 1.1.1.1/32:0 => int.0@1.1.1.1 (raw_eroute) Sep 6 17:35:24 localhost pluto[12215]: | eroute_connection delete eroute 1.1.1.1/32:0 --0-> 1.1.1.2/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:24 localhost pluto[12215]: | route owner of "xxx" unrouted: NULL Sep 6 17:35:24 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:24 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='xxx' PLUTO_NEXT_HOP='1.1.1.2' PLUTO_INTERFACE='tun0' PLUTO_ME='1.1.1.1' PLUTO_MY_ID='1.1.1.1' PLUTO_MY_CLIENT='1.1.1.1/32' PLUTO_MY_CLIENT_NET='1.1.1.1' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='1.1.1.2' PLUTO_PEER_ID='1.1.1.2' PLUTO_PEER_CLIENT='1.1.1.2/32' PLUTO_PEER_CLIENT_NET='1.1.1.2' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='PSK+ENCRYPT+UP' ipsec _updown Sep 6 17:35:25 localhost pluto[12215]: | alg_info_delref(0x80fa468) alg_info->ref_cnt=2 Sep 6 17:35:25 localhost pluto[12215]: | processing connection private Sep 6 17:35:25 localhost pluto[12215]: "private": deleting connection Sep 6 17:35:25 localhost pluto[12215]: | processing connection private-or-clear#0.0.0.0/0 Sep 6 17:35:25 localhost pluto[12215]: "private-or-clear#0.0.0.0/0": deleting connection Sep 6 17:35:25 localhost pluto[12215]: | delete eroute 0.0.0.0/0:0 --0-> 10.20.50.88/32:0 => %pass (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 0.0.0.0/0:0 => %pass (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | route owner of "private-or-clear#0.0.0.0/0" unrouted: "packetdefault" prospective erouted Sep 6 17:35:25 localhost pluto[12215]: | processing connection private-or-clear Sep 6 17:35:25 localhost pluto[12215]: "private-or-clear": deleting connection Sep 6 17:35:25 localhost pluto[12215]: | processing connection clear#202.12.27.33/32 0.0.0.0 Sep 6 17:35:25 localhost pluto[12215]: "clear#202.12.27.33/32" 0.0.0.0: deleting connection "clear#202.12.27.33/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:25 localhost pluto[12215]: | delete eroute 202.12.27.33/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 202.12.27.33/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | route owner of "clear#202.12.27.33/32" unrouted: NULL Sep 6 17:35:25 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:25 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#202.12.27.33/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='202.12.27.33/32' PLUTO_PEER_CLIENT_NET='202.12.27.33' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:25 localhost pluto[12215]: | processing connection clear#198.41.0.4/32 0.0.0.0 Sep 6 17:35:25 localhost pluto[12215]: "clear#198.41.0.4/32" 0.0.0.0: deleting connection "clear#198.41.0.4/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:25 localhost pluto[12215]: | delete eroute 198.41.0.4/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 198.41.0.4/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | route owner of "clear#198.41.0.4/32" unrouted: NULL Sep 6 17:35:25 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:25 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#198.41.0.4/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='198.41.0.4/32' PLUTO_PEER_CLIENT_NET='198.41.0.4' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:25 localhost pluto[12215]: | processing connection clear#198.32.64.12/32 0.0.0.0 Sep 6 17:35:25 localhost pluto[12215]: "clear#198.32.64.12/32" 0.0.0.0: deleting connection "clear#198.32.64.12/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:25 localhost pluto[12215]: | delete eroute 198.32.64.12/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 198.32.64.12/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | route owner of "clear#198.32.64.12/32" unrouted: NULL Sep 6 17:35:25 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:25 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#198.32.64.12/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='198.32.64.12/32' PLUTO_PEER_CLIENT_NET='198.32.64.12' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:25 localhost pluto[12215]: | processing connection clear#193.0.14.129/32 0.0.0.0 Sep 6 17:35:25 localhost pluto[12215]: "clear#193.0.14.129/32" 0.0.0.0: deleting connection "clear#193.0.14.129/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:25 localhost pluto[12215]: | delete eroute 193.0.14.129/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 193.0.14.129/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | route owner of "clear#193.0.14.129/32" unrouted: NULL Sep 6 17:35:25 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:25 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#193.0.14.129/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='193.0.14.129/32' PLUTO_PEER_CLIENT_NET='193.0.14.129' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:25 localhost pluto[12215]: | processing connection clear#192.228.79.201/32 0.0.0.0 Sep 6 17:35:25 localhost pluto[12215]: "clear#192.228.79.201/32" 0.0.0.0: deleting connection "clear#192.228.79.201/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:25 localhost pluto[12215]: | delete eroute 192.228.79.201/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 192.228.79.201/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | route owner of "clear#192.228.79.201/32" unrouted: NULL Sep 6 17:35:25 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:25 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#192.228.79.201/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.228.79.201/32' PLUTO_PEER_CLIENT_NET='192.228.79.201' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:25 localhost pluto[12215]: | processing connection clear#192.203.230.10/32 0.0.0.0 Sep 6 17:35:25 localhost pluto[12215]: "clear#192.203.230.10/32" 0.0.0.0: deleting connection "clear#192.203.230.10/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:25 localhost pluto[12215]: | delete eroute 192.203.230.10/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 192.203.230.10/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | route owner of "clear#192.203.230.10/32" unrouted: NULL Sep 6 17:35:25 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:25 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#192.203.230.10/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.203.230.10/32' PLUTO_PEER_CLIENT_NET='192.203.230.10' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:25 localhost pluto[12215]: | processing connection clear#192.112.36.4/32 0.0.0.0 Sep 6 17:35:25 localhost pluto[12215]: "clear#192.112.36.4/32" 0.0.0.0: deleting connection "clear#192.112.36.4/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:25 localhost pluto[12215]: | delete eroute 192.112.36.4/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 192.112.36.4/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | route owner of "clear#192.112.36.4/32" unrouted: NULL Sep 6 17:35:25 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:25 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#192.112.36.4/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.112.36.4/32' PLUTO_PEER_CLIENT_NET='192.112.36.4' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:25 localhost pluto[12215]: | processing connection clear#192.58.128.30/32 0.0.0.0 Sep 6 17:35:25 localhost pluto[12215]: "clear#192.58.128.30/32" 0.0.0.0: deleting connection "clear#192.58.128.30/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:25 localhost pluto[12215]: | delete eroute 192.58.128.30/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 192.58.128.30/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | route owner of "clear#192.58.128.30/32" unrouted: NULL Sep 6 17:35:25 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:25 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#192.58.128.30/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.58.128.30/32' PLUTO_PEER_CLIENT_NET='192.58.128.30' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:25 localhost pluto[12215]: | processing connection clear#192.36.148.17/32 0.0.0.0 Sep 6 17:35:25 localhost pluto[12215]: "clear#192.36.148.17/32" 0.0.0.0: deleting connection "clear#192.36.148.17/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:25 localhost pluto[12215]: | delete eroute 192.36.148.17/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 192.36.148.17/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | route owner of "clear#192.36.148.17/32" unrouted: NULL Sep 6 17:35:25 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:25 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#192.36.148.17/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.36.148.17/32' PLUTO_PEER_CLIENT_NET='192.36.148.17' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:25 localhost pluto[12215]: | processing connection clear#192.33.4.12/32 0.0.0.0 Sep 6 17:35:25 localhost pluto[12215]: "clear#192.33.4.12/32" 0.0.0.0: deleting connection "clear#192.33.4.12/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:25 localhost pluto[12215]: | delete eroute 192.33.4.12/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 192.33.4.12/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:25 localhost pluto[12215]: | route owner of "clear#192.33.4.12/32" unrouted: NULL Sep 6 17:35:25 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:25 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#192.33.4.12/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.33.4.12/32' PLUTO_PEER_CLIENT_NET='192.33.4.12' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:25 localhost pluto[12215]: | processing connection clear#192.5.5.241/32 0.0.0.0 Sep 6 17:35:25 localhost pluto[12215]: "clear#192.5.5.241/32" 0.0.0.0: deleting connection "clear#192.5.5.241/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:26 localhost pluto[12215]: | delete eroute 192.5.5.241/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:26 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 192.5.5.241/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:26 localhost pluto[12215]: | route owner of "clear#192.5.5.241/32" unrouted: NULL Sep 6 17:35:26 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:26 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#192.5.5.241/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='192.5.5.241/32' PLUTO_PEER_CLIENT_NET='192.5.5.241' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:26 localhost pluto[12215]: | processing connection clear#128.63.2.53/32 0.0.0.0 Sep 6 17:35:26 localhost pluto[12215]: "clear#128.63.2.53/32" 0.0.0.0: deleting connection "clear#128.63.2.53/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:26 localhost pluto[12215]: | delete eroute 128.63.2.53/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:26 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 128.63.2.53/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:26 localhost pluto[12215]: | route owner of "clear#128.63.2.53/32" unrouted: NULL Sep 6 17:35:26 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:26 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#128.63.2.53/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='128.63.2.53/32' PLUTO_PEER_CLIENT_NET='128.63.2.53' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:26 localhost pluto[12215]: | processing connection clear#128.8.10.90/32 0.0.0.0 Sep 6 17:35:26 localhost pluto[12215]: "clear#128.8.10.90/32" 0.0.0.0: deleting connection "clear#128.8.10.90/32" instance with peer 0.0.0.0 {isakmp=#0/ipsec=#0} Sep 6 17:35:26 localhost pluto[12215]: | delete eroute 128.8.10.90/32:0 --0-> 10.20.50.88/32:0 => int.0@10.20.50.88 (raw_eroute) Sep 6 17:35:26 localhost pluto[12215]: | eroute_connection delete eroute 10.20.50.88/32:0 --0-> 128.8.10.90/32:0 => int.0@0.0.0.0 (raw_eroute) Sep 6 17:35:26 localhost pluto[12215]: | route owner of "clear#128.8.10.90/32" unrouted: NULL Sep 6 17:35:26 localhost pluto[12215]: | command executing unroute-host Sep 6 17:35:26 localhost pluto[12215]: | executing unroute-host: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='clear#128.8.10.90/32' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='10.20.50.88/32' PLUTO_MY_CLIENT_NET='10.20.50.88' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='128.8.10.90/32' PLUTO_PEER_CLIENT_NET='128.8.10.90' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='TUNNEL+PFS+PASS+NEVER_NEGOTIATE' ipsec _updown Sep 6 17:35:26 localhost pluto[12215]: | processing connection clear Sep 6 17:35:26 localhost pluto[12215]: "clear": deleting connection Sep 6 17:35:26 localhost pluto[12215]: | processing connection clear-or-private Sep 6 17:35:26 localhost pluto[12215]: "clear-or-private": deleting connection Sep 6 17:35:26 localhost pluto[12215]: | processing connection block Sep 6 17:35:26 localhost pluto[12215]: "block": deleting connection Sep 6 17:35:26 localhost pluto[12215]: | processing connection packetdefault Sep 6 17:35:26 localhost pluto[12215]: "packetdefault": deleting connection Sep 6 17:35:26 localhost pluto[12215]: | delete eroute 0.0.0.0/0:0 --0-> 0.0.0.0/0:0 => %pass (raw_eroute) Sep 6 17:35:26 localhost pluto[12215]: | eroute_connection delete eroute 0.0.0.0/0:0 --0-> 0.0.0.0/0:0 => %pass (raw_eroute) Sep 6 17:35:26 localhost pluto[12215]: | route owner of "packetdefault" unrouted: NULL Sep 6 17:35:26 localhost pluto[12215]: | command executing unroute-client Sep 6 17:35:26 localhost pluto[12215]: | executing unroute-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='unroute-client' PLUTO_CONNECTION='packetdefault' PLUTO_NEXT_HOP='10.20.50.50' PLUTO_INTERFACE='eth0' PLUTO_ME='10.20.50.88' PLUTO_MY_ID='(none)' PLUTO_MY_CLIENT='0.0.0.0/0' PLUTO_MY_CLIENT_NET='0.0.0.0' PLUTO_MY_CLIENT_MASK='0.0.0.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='0.0.0.0' PLUTO_PEER_ID='(none)' PLUTO_PEER_CLIENT='0.0.0.0/0' PLUTO_PEER_CLIENT_NET='0.0.0.0' PLUTO_PEER_CLIENT_MASK='0.0.0.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_CONN_POLICY='RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failurePASS' ipsec _updown Sep 6 17:35:26 localhost pluto[12215]: shutting down interface lo/lo ::1:500 Sep 6 17:35:26 localhost pluto[12215]: shutting down interface lo/lo 127.0.0.1:4500 Sep 6 17:35:26 localhost pluto[12215]: shutting down interface lo/lo 127.0.0.1:500 Sep 6 17:35:26 localhost pluto[12215]: shutting down interface eth0/eth0 10.20.50.88:4500 Sep 6 17:35:26 localhost pluto[12215]: shutting down interface eth0/eth0 10.20.50.88:500 Sep 6 17:35:26 localhost pluto[12215]: shutting down interface tun0/tun0 1.1.1.1:4500 Sep 6 17:35:26 localhost pluto[12215]: shutting down interface tun0/tun0 1.1.1.1:500 + _________________________ date + date Thu Sep 6 17:44:46 IST 2007