<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>I have two offices, one in the US and one in Argentina. I am
trying to get IP phones to register back to my PBX in the US from the Argentina
office over a VPN that I established between my gateways. Here's a rough
topology:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>10.1.0.0/24 <-> 10.1.0.1(eth1) [argw] 1.2.3.4(eth0)
<-> (internet) <-> 5.6.7.8(eth0) [txgw] 192.168.0.1(eth1) <->
192.168.0.0/16<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Both linux boxes are running iptables Masquerading for the
associated subnets in addition to handling the VPN traffic. The VPN is working
-- I can ping and use TCP protocols (like SSH or HTTP) over the tunnel with no
problems.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>The IP phones, however, are trying to make an initial
connection over UDP port 1719, and this is failing to route to the opposite
side. Here's an example of the TCPdump output I am seeing:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>root@argw:~# tcpdump -i eth1 -p -n ip host 192.168.5.2<o:p></o:p></p>
<p class=MsoNormal>tcpdump: verbose output suppressed, use -v or -vv for full
protocol decode<o:p></o:p></p>
<p class=MsoNormal>listening on eth1, link-type EN10MB (Ethernet), capture size
96 bytes<o:p></o:p></p>
<p class=MsoNormal>19:27:10.993185 IP 10.1.0.96.49302 > 192.168.5.2.1719:
UDP, length 65<o:p></o:p></p>
<p class=MsoNormal>19:27:15.992565 IP 10.1.0.96.49302 > 192.168.5.2.1719:
UDP, length 65<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>If I do a similar dump on txgw (tcpdump -i eth1 -p -n ip
host 192.168.5.2 or ip host 10.1.0.96) I get nothing. I've tested this both
ways.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I've been searching for workarounds for a few days now and
haven't gotten anywhere. I tested using a udping binary that contacts a host
running an echo server, and set up an echo server on the far side. If I try
local network udpings, they work. If I try udpings over the VPN they fail,
regardless of packet size (I tried 1, 16, 128 and 256 byte packets). This leads
me to believe the problem is routing UDP over the VPN, but I'm open to other
possibilities.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I've included the (sanitized) output from ipsec barf below.
I changed IPs and such for security purposes, if anything doesn't make sense
due to the changes, let me know and I can clarify.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thanks in advance for any insight you can offer!<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>-shane<o:p></o:p></p>
<div style='mso-element:para-border-div;border:none;border-bottom:double windowtext 2.25pt;
padding:0in 0in 1.0pt 0in'>
<p class=MsoNormal style='border:none;padding:0in'><o:p> </o:p></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>txgw<o:p></o:p></p>
<p class=MsoNormal>Sat Oct 24 19:09:54 EEST 2009<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ version<o:p></o:p></p>
<p class=MsoNormal>+ ipsec --version<o:p></o:p></p>
<p class=MsoNormal>Linux Openswan U2.4.12/K2.6.18-6-686 (netkey)<o:p></o:p></p>
<p class=MsoNormal>See `ipsec --copyright' for copyright information.<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/version<o:p></o:p></p>
<p class=MsoNormal>+ cat /proc/version<o:p></o:p></p>
<p class=MsoNormal>Linux version 2.6.18-6-686 (Debian 2.6.18.dfsg.1-23)
(dannf@debian.org) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21))
#1 SMP Mon Oct 13 16:13:09 UTC 2008<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/net/ipsec_eroute<o:p></o:p></p>
<p class=MsoNormal>+ test -r /proc/net/ipsec_eroute<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ netstat-rn<o:p></o:p></p>
<p class=MsoNormal>+ netstat -nr<o:p></o:p></p>
<p class=MsoNormal>+ head -n 100<o:p></o:p></p>
<p class=MsoNormal>Kernel IP routing table<o:p></o:p></p>
<p class=MsoNormal>Destination Gateway Genmask Flags MSS
Window irtt Iface<o:p></o:p></p>
<p class=MsoNormal>5.6.7.128 0.0.0.0 255.255.255.128 U 0
0 0 eth0<o:p></o:p></p>
<p class=MsoNormal>10.1.0.0 5.6.7.7 255.255.255.0 UG 0
0 0 eth0<o:p></o:p></p>
<p class=MsoNormal>192.168.0.0 0.0.0.0 255.255.0.0 U 0
0 0 eth1<o:p></o:p></p>
<p class=MsoNormal>0.0.0.0 5.6.7.7 0.0.0.0 UG 0
0 0 eth0<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/net/ipsec_spi<o:p></o:p></p>
<p class=MsoNormal>+ test -r /proc/net/ipsec_spi<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/net/ipsec_spigrp<o:p></o:p></p>
<p class=MsoNormal>+ test -r /proc/net/ipsec_spigrp<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/net/ipsec_tncfg<o:p></o:p></p>
<p class=MsoNormal>+ test -r /proc/net/ipsec_tncfg<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/net/pfkey<o:p></o:p></p>
<p class=MsoNormal>+ test -r /proc/net/pfkey<o:p></o:p></p>
<p class=MsoNormal>+ cat /proc/net/pfkey<o:p></o:p></p>
<p class=MsoNormal>sk RefCnt Rmem Wmem User Inode<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ip-xfrm-state<o:p></o:p></p>
<p class=MsoNormal>+ ip xfrm state<o:p></o:p></p>
<p class=MsoNormal>src 1.2.3.4 dst 5.6.7.8<o:p></o:p></p>
<p class=MsoNormal> proto esp spi 0x1bf9eb16 reqid 16385 mode
tunnel<o:p></o:p></p>
<p class=MsoNormal> replay-window 32 <o:p></o:p></p>
<p class=MsoNormal> auth sha1 0x1f26a4cf9502083830d07fe8137af408850e5047<o:p></o:p></p>
<p class=MsoNormal> enc aes 0xb5f2128c4c38f0e20cb89cfc26e9b899<o:p></o:p></p>
<p class=MsoNormal>src 5.6.7.8 dst 1.2.3.4<o:p></o:p></p>
<p class=MsoNormal> proto esp spi 0xa0b28b32 reqid 16385 mode
tunnel<o:p></o:p></p>
<p class=MsoNormal> replay-window 32 <o:p></o:p></p>
<p class=MsoNormal> auth sha1
0xf75b0b8f16cef0676ca8db475ae872972500dcc4<o:p></o:p></p>
<p class=MsoNormal> enc aes 0xf317e8acda7c8e4d1239f9dd0984cd58<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ip-xfrm-policy<o:p></o:p></p>
<p class=MsoNormal>+ ip xfrm policy<o:p></o:p></p>
<p class=MsoNormal>src 10.1.0.0/24 dst 192.168.0.0/16 <o:p></o:p></p>
<p class=MsoNormal> dir in priority 2600 <o:p></o:p></p>
<p class=MsoNormal> tmpl src 1.2.3.4 dst 5.6.7.8<o:p></o:p></p>
<p class=MsoNormal> proto esp reqid 16385 mode
tunnel<o:p></o:p></p>
<p class=MsoNormal>src 192.168.0.0/16 dst 10.1.0.0/24 <o:p></o:p></p>
<p class=MsoNormal> dir out priority 2600 <o:p></o:p></p>
<p class=MsoNormal> tmpl src 5.6.7.8 dst 1.2.3.4<o:p></o:p></p>
<p class=MsoNormal> proto esp reqid 16385 mode
tunnel<o:p></o:p></p>
<p class=MsoNormal>src 10.1.0.0/24 dst 192.168.0.0/16 <o:p></o:p></p>
<p class=MsoNormal> dir fwd priority 2600 <o:p></o:p></p>
<p class=MsoNormal> tmpl src 1.2.3.4 dst 5.6.7.8<o:p></o:p></p>
<p class=MsoNormal> proto esp reqid 16385 mode
tunnel<o:p></o:p></p>
<p class=MsoNormal>src ::/0 dst ::/0 <o:p></o:p></p>
<p class=MsoNormal> dir in priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir in priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir in priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir in priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir in priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir in priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir in priority 0 <o:p></o:p></p>
<p class=MsoNormal>src ::/0 dst ::/0 <o:p></o:p></p>
<p class=MsoNormal> dir out priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir out priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir out priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir out priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir out priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir out priority 0 <o:p></o:p></p>
<p class=MsoNormal>src 0.0.0.0/0 dst 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> dir out priority 0 <o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/sys/net/ipsec-star<o:p></o:p></p>
<p class=MsoNormal>+ test -d /proc/sys/net/ipsec<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/status<o:p></o:p></p>
<p class=MsoNormal>+ ipsec auto --status<o:p></o:p></p>
<p class=MsoNormal>000 interface lo/lo ::1<o:p></o:p></p>
<p class=MsoNormal>000 interface lo/lo 127.0.0.1<o:p></o:p></p>
<p class=MsoNormal>000 interface lo/lo 127.0.0.1<o:p></o:p></p>
<p class=MsoNormal>000 interface eth0/eth0 5.6.7.8<o:p></o:p></p>
<p class=MsoNormal>000 interface eth0/eth0 5.6.7.8<o:p></o:p></p>
<p class=MsoNormal>000 interface eth1/eth1 192.168.0.1<o:p></o:p></p>
<p class=MsoNormal>000 interface eth1/eth1 192.168.0.1<o:p></o:p></p>
<p class=MsoNormal>000 %myid = (none)<o:p></o:p></p>
<p class=MsoNormal>000 debug none<o:p></o:p></p>
<p class=MsoNormal>000 <o:p></o:p></p>
<p class=MsoNormal>000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8,
keysizemin=64, keysizemax=64<o:p></o:p></p>
<p class=MsoNormal>000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8,
keysizemin=192, keysizemax=192<o:p></o:p></p>
<p class=MsoNormal>000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
keysizemin=40, keysizemax=448<o:p></o:p></p>
<p class=MsoNormal>000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0,
keysizemin=0, keysizemax=0<o:p></o:p></p>
<p class=MsoNormal>000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8,
keysizemin=128, keysizemax=256<o:p></o:p></p>
<p class=MsoNormal>000 algorithm ESP encrypt: id=252, name=ESP_SERPENT,
ivlen=8, keysizemin=128, keysizemax=256<o:p></o:p></p>
<p class=MsoNormal>000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH,
ivlen=8, keysizemin=128, keysizemax=256<o:p></o:p></p>
<p class=MsoNormal>000 algorithm ESP auth attr: id=1,
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128<o:p></o:p></p>
<p class=MsoNormal>000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160<o:p></o:p></p>
<p class=MsoNormal>000 algorithm ESP auth attr: id=5,
name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256<o:p></o:p></p>
<p class=MsoNormal>000 algorithm ESP auth attr: id=251, name=(null),
keysizemin=0, keysizemax=0<o:p></o:p></p>
<p class=MsoNormal>000 <o:p></o:p></p>
<p class=MsoNormal>000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC,
blocksize=8, keydeflen=192<o:p></o:p></p>
<p class=MsoNormal>000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC,
blocksize=16, keydeflen=128<o:p></o:p></p>
<p class=MsoNormal>000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16<o:p></o:p></p>
<p class=MsoNormal>000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20<o:p></o:p></p>
<p class=MsoNormal>000 algorithm IKE dh group: id=2,
name=OAKLEY_GROUP_MODP1024, bits=1024<o:p></o:p></p>
<p class=MsoNormal>000 algorithm IKE dh group: id=5,
name=OAKLEY_GROUP_MODP1536, bits=1536<o:p></o:p></p>
<p class=MsoNormal>000 algorithm IKE dh group: id=14,
name=OAKLEY_GROUP_MODP2048, bits=2048<o:p></o:p></p>
<p class=MsoNormal>000 algorithm IKE dh group: id=15,
name=OAKLEY_GROUP_MODP3072, bits=3072<o:p></o:p></p>
<p class=MsoNormal>000 algorithm IKE dh group: id=16,
name=OAKLEY_GROUP_MODP4096, bits=4096<o:p></o:p></p>
<p class=MsoNormal>000 algorithm IKE dh group: id=17,
name=OAKLEY_GROUP_MODP6144, bits=6144<o:p></o:p></p>
<p class=MsoNormal>000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192,
bits=8192<o:p></o:p></p>
<p class=MsoNormal>000 <o:p></o:p></p>
<p class=MsoNormal>000 stats db_ops.c: {curr_cnt, total_cnt, maxsz}
:context={0,0,0} trans={0,0,0} attrs={0,0,0} <o:p></o:p></p>
<p class=MsoNormal>000 <o:p></o:p></p>
<p class=MsoNormal>000 "ar-to-tx":
192.168.0.0/16===5.6.7.8[@txgw.example.com]---5.6.7.7...1.2.3.3---1.2.3.4[@argw.example.com]===10.1.0.0/24;
erouted; eroute owner: #63<o:p></o:p></p>
<p class=MsoNormal>000 "ar-to-tx": srcip=unset; dstip=unset;
srcup=ipsec _updown; dstup=ipsec _updown;<o:p></o:p></p>
<p class=MsoNormal>000 "ar-to-tx": ike_life: 3600s; ipsec_life:
28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0<o:p></o:p></p>
<p class=MsoNormal>000 "ar-to-tx": policy:
RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 24,16; interface: eth0; encap: esp;<o:p></o:p></p>
<p class=MsoNormal>000 "ar-to-tx": newest ISAKMP SA: #70; newest
IPsec SA: #63; <o:p></o:p></p>
<p class=MsoNormal>000 "ar-to-tx": IKE algorithm newest:
3DES_CBC_192-MD5-MODP1536<o:p></o:p></p>
<p class=MsoNormal>000 <o:p></o:p></p>
<p class=MsoNormal>000 #70: "ar-to-tx":500 STATE_MAIN_I4 (ISAKMP SA
established); EVENT_SA_REPLACE in 2816s; newest ISAKMP; lastdpd=-1s(seq in:0
out:0)<o:p></o:p></p>
<p class=MsoNormal>000 #63: "ar-to-tx":500 STATE_QUICK_I2 (sent QI2,
IPsec SA established); EVENT_SA_REPLACE in 9365s; newest IPSEC; eroute owner<o:p></o:p></p>
<p class=MsoNormal>000 #63: "ar-to-tx" esp.a0b28b32@1.2.3.4
esp.1bf9eb16@5.6.7.8 tun.0@1.2.3.4 tun.0@5.6.7.8<o:p></o:p></p>
<p class=MsoNormal>000 #69: "ar-to-tx":500 STATE_MAIN_I4 (ISAKMP SA
established); EVENT_SA_EXPIRE in 601s; lastdpd=-1s(seq in:0 out:0)<o:p></o:p></p>
<p class=MsoNormal>000 <o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ifconfig-a<o:p></o:p></p>
<p class=MsoNormal>+ ifconfig -a<o:p></o:p></p>
<p class=MsoNormal>eth0 Link encap:Ethernet HWaddr 00:A0:CC:58:6E:08 <o:p></o:p></p>
<p class=MsoNormal> inet addr:5.6.7.8 Bcast:5.6.7.255
Mask:255.255.255.128<o:p></o:p></p>
<p class=MsoNormal> inet6 addr: fe80::2a0:ccff:fe58:6e08/64 Scope:Link<o:p></o:p></p>
<p class=MsoNormal> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<o:p></o:p></p>
<p class=MsoNormal> RX packets:37765693 errors:1 dropped:0 overruns:0
frame:268<o:p></o:p></p>
<p class=MsoNormal> TX packets:31386600 errors:10 dropped:0 overruns:4
carrier:6<o:p></o:p></p>
<p class=MsoNormal> collisions:0 txqueuelen:1000 <o:p></o:p></p>
<p class=MsoNormal> RX bytes:2321884528 (2.1 GiB) TX bytes:3679592456
(3.4 GiB)<o:p></o:p></p>
<p class=MsoNormal> Interrupt:201 Base address:0xb800 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>eth1 Link encap:Ethernet HWaddr 00:A0:CC:40:5E:8D <o:p></o:p></p>
<p class=MsoNormal> inet addr:192.168.0.1 Bcast:192.168.255.255
Mask:255.255.0.0<o:p></o:p></p>
<p class=MsoNormal> inet6 addr: fe80::2a0:ccff:fe40:5e8d/64 Scope:Link<o:p></o:p></p>
<p class=MsoNormal> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1<o:p></o:p></p>
<p class=MsoNormal> RX packets:32767259 errors:1 dropped:0 overruns:0
frame:603<o:p></o:p></p>
<p class=MsoNormal> TX packets:38176222 errors:28 dropped:0 overruns:4
carrier:24<o:p></o:p></p>
<p class=MsoNormal> collisions:0 txqueuelen:1000 <o:p></o:p></p>
<p class=MsoNormal> RX bytes:3851921464 (3.5 GiB) TX bytes:1855011262
(1.7 GiB)<o:p></o:p></p>
<p class=MsoNormal> Interrupt:169 Base address:0xb400 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>eth2 Link encap:Ethernet HWaddr 00:0C:6E:FE:FD:C3 <o:p></o:p></p>
<p class=MsoNormal> BROADCAST MULTICAST MTU:1500 Metric:1<o:p></o:p></p>
<p class=MsoNormal> RX packets:0 errors:0 dropped:0 overruns:0 frame:0<o:p></o:p></p>
<p class=MsoNormal> TX packets:0 errors:0 dropped:0 overruns:0
carrier:0<o:p></o:p></p>
<p class=MsoNormal> collisions:0 txqueuelen:1000 <o:p></o:p></p>
<p class=MsoNormal> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)<o:p></o:p></p>
<p class=MsoNormal> Interrupt:217 Base address:0xa400 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>lo Link encap:Local Loopback <o:p></o:p></p>
<p class=MsoNormal> inet addr:127.0.0.1 Mask:255.0.0.0<o:p></o:p></p>
<p class=MsoNormal> inet6 addr: ::1/128 Scope:Host<o:p></o:p></p>
<p class=MsoNormal> UP LOOPBACK RUNNING MTU:16436 Metric:1<o:p></o:p></p>
<p class=MsoNormal> RX packets:9870 errors:0 dropped:0 overruns:0
frame:0<o:p></o:p></p>
<p class=MsoNormal> TX packets:9870 errors:0 dropped:0 overruns:0
carrier:0<o:p></o:p></p>
<p class=MsoNormal> collisions:0 txqueuelen:0 <o:p></o:p></p>
<p class=MsoNormal> RX bytes:926479 (904.7 KiB) TX bytes:926479
(904.7 KiB)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>sit0 Link encap:IPv6-in-IPv4 <o:p></o:p></p>
<p class=MsoNormal> NOARP MTU:1480 Metric:1<o:p></o:p></p>
<p class=MsoNormal> RX packets:0 errors:0 dropped:0 overruns:0 frame:0<o:p></o:p></p>
<p class=MsoNormal> TX packets:0 errors:0 dropped:0 overruns:0
carrier:0<o:p></o:p></p>
<p class=MsoNormal> collisions:0 txqueuelen:0 <o:p></o:p></p>
<p class=MsoNormal> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>+ _________________________ ip-addr-list<o:p></o:p></p>
<p class=MsoNormal>+ ip addr list<o:p></o:p></p>
<p class=MsoNormal>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
state UNKNOWN <o:p></o:p></p>
<p class=MsoNormal> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<o:p></o:p></p>
<p class=MsoNormal> inet 127.0.0.1/8 scope host lo<o:p></o:p></p>
<p class=MsoNormal> inet6 ::1/128 scope host <o:p></o:p></p>
<p class=MsoNormal> valid_lft forever preferred_lft forever<o:p></o:p></p>
<p class=MsoNormal>2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
qdisc pfifo_fast state UNKNOWN qlen 1000<o:p></o:p></p>
<p class=MsoNormal> link/ether 00:a0:cc:58:6e:08 brd ff:ff:ff:ff:ff:ff<o:p></o:p></p>
<p class=MsoNormal> inet 5.6.7.8/25 brd 5.6.7.255 scope global eth0<o:p></o:p></p>
<p class=MsoNormal> inet6 fe80::2a0:ccff:fe58:6e08/64 scope link <o:p></o:p></p>
<p class=MsoNormal> valid_lft forever preferred_lft forever<o:p></o:p></p>
<p class=MsoNormal>3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
qdisc htb state UNKNOWN qlen 1000<o:p></o:p></p>
<p class=MsoNormal> link/ether 00:a0:cc:40:5e:8d brd ff:ff:ff:ff:ff:ff<o:p></o:p></p>
<p class=MsoNormal> inet 192.168.0.1/16 brd 192.168.255.255 scope global
eth1<o:p></o:p></p>
<p class=MsoNormal> inet6 fe80::2a0:ccff:fe40:5e8d/64 scope link <o:p></o:p></p>
<p class=MsoNormal> valid_lft forever preferred_lft forever<o:p></o:p></p>
<p class=MsoNormal>4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
state DOWN qlen 1000<o:p></o:p></p>
<p class=MsoNormal> link/ether 00:0c:6e:fe:fd:c3 brd ff:ff:ff:ff:ff:ff<o:p></o:p></p>
<p class=MsoNormal>5: sit0: <NOARP> mtu 1480 qdisc noop state DOWN <o:p></o:p></p>
<p class=MsoNormal> link/sit 0.0.0.0 brd 0.0.0.0<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ip-route-list<o:p></o:p></p>
<p class=MsoNormal>+ ip route list<o:p></o:p></p>
<p class=MsoNormal>5.6.7.128/25 dev eth0 proto kernel scope link src 5.6.7.8
<o:p></o:p></p>
<p class=MsoNormal>10.1.0.0/24 via 5.6.7.7 dev eth0 <o:p></o:p></p>
<p class=MsoNormal>192.168.0.0/16 dev eth1 proto kernel scope link src
192.168.0.1 <o:p></o:p></p>
<p class=MsoNormal>default via 5.6.7.7 dev eth0 <o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ip-rule-list<o:p></o:p></p>
<p class=MsoNormal>+ ip rule list<o:p></o:p></p>
<p class=MsoNormal>0: from all lookup local <o:p></o:p></p>
<p class=MsoNormal>32766: from all lookup main <o:p></o:p></p>
<p class=MsoNormal>32767: from all lookup default <o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec_verify<o:p></o:p></p>
<p class=MsoNormal>+ ipsec verify --nocolour<o:p></o:p></p>
<p class=MsoNormal>Checking your system to see if IPsec got installed and
started correctly:<o:p></o:p></p>
<p class=MsoNormal>Version check and ipsec on-path [OK]<o:p></o:p></p>
<p class=MsoNormal>Linux Openswan U2.4.12/K2.6.18-6-686 (netkey)<o:p></o:p></p>
<p class=MsoNormal>Checking for IPsec support in kernel [OK]<o:p></o:p></p>
<p class=MsoNormal>NETKEY detected, testing for disabled ICMP send_redirects [OK]<o:p></o:p></p>
<p class=MsoNormal>NETKEY detected, testing for disabled ICMP accept_redirects [OK]<o:p></o:p></p>
<p class=MsoNormal>Checking for RSA private key (/etc/ipsec.secrets) [OK]<o:p></o:p></p>
<p class=MsoNormal>Checking that pluto is running [OK]<o:p></o:p></p>
<p class=MsoNormal>Two or more interfaces found, checking IP forwarding [OK]<o:p></o:p></p>
<p class=MsoNormal>Checking NAT and MASQUERADEing <o:p></o:p></p>
<p class=MsoNormal>Checking for 'ip' command [OK]<o:p></o:p></p>
<p class=MsoNormal>Checking for 'iptables' command [OK]<o:p></o:p></p>
<p class=MsoNormal>Opportunistic Encryption Support [DISABLED]<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ mii-tool<o:p></o:p></p>
<p class=MsoNormal>+ '[' -x /sbin/mii-tool ']'<o:p></o:p></p>
<p class=MsoNormal>+ /sbin/mii-tool -v<o:p></o:p></p>
<p class=MsoNormal>eth0: negotiated 100baseTx-FD, link ok<o:p></o:p></p>
<p class=MsoNormal> product info: vendor 00:10:18, model 33 rev 2<o:p></o:p></p>
<p class=MsoNormal> basic mode: autonegotiation enabled<o:p></o:p></p>
<p class=MsoNormal> basic status: autonegotiation complete, link ok<o:p></o:p></p>
<p class=MsoNormal> capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD
10baseT-HD<o:p></o:p></p>
<p class=MsoNormal> advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD
10baseT-HD<o:p></o:p></p>
<p class=MsoNormal> link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD
10baseT-HD<o:p></o:p></p>
<p class=MsoNormal>eth1: negotiated 100baseTx-FD, link ok<o:p></o:p></p>
<p class=MsoNormal> product info: vendor 00:10:18, model 33 rev 2<o:p></o:p></p>
<p class=MsoNormal> basic mode: autonegotiation enabled<o:p></o:p></p>
<p class=MsoNormal> basic status: autonegotiation complete, link ok<o:p></o:p></p>
<p class=MsoNormal> capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD
10baseT-HD<o:p></o:p></p>
<p class=MsoNormal> advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD
10baseT-HD<o:p></o:p></p>
<p class=MsoNormal> link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD
10baseT-HD flow-control<o:p></o:p></p>
<p class=MsoNormal>SIOCGMIIPHY on 'eth2' failed: Invalid argument<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/directory<o:p></o:p></p>
<p class=MsoNormal>+ ipsec --directory<o:p></o:p></p>
<p class=MsoNormal>/usr/lib/ipsec<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ hostname/fqdn<o:p></o:p></p>
<p class=MsoNormal>+ hostname --fqdn<o:p></o:p></p>
<p class=MsoNormal>txgw.example.com<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ hostname/ipaddress<o:p></o:p></p>
<p class=MsoNormal>+ hostname --ip-address<o:p></o:p></p>
<p class=MsoNormal>192.168.0.1<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ uptime<o:p></o:p></p>
<p class=MsoNormal>+ uptime<o:p></o:p></p>
<p class=MsoNormal> 19:09:54 up 2 days, 10:18, 2 users, load average: 0.00,
0.00, 0.00<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ps<o:p></o:p></p>
<p class=MsoNormal>+ ps alxwf<o:p></o:p></p>
<p class=MsoNormal>+ egrep -i 'ppid|pluto|ipsec|klips'<o:p></o:p></p>
<p class=MsoNormal>F UID PID PPID PRI NI VSZ RSS WCHAN STAT
TTY TIME COMMAND<o:p></o:p></p>
<p class=MsoNormal>4 0 24105 23883 25 0 3868 1264 - R+
pts/0 0:00 \_ /bin/sh /usr/lib/ipsec/barf<o:p></o:p></p>
<p class=MsoNormal>1 0 24200 24105 25 0 3868 192 - R+
pts/0 0:00 \_ /bin/sh /usr/lib/ipsec/barf<o:p></o:p></p>
<p class=MsoNormal>1 0 13032 1 25 0 2580 436 wait S
? 0:00 /bin/bash /usr/lib/ipsec/_plutorun --debug --uniqueids yes
--nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --protostack
auto --force_keepalive --disable_port_floating --virtual_private
--crlcheckinterval 0 --ocspuri --nhelpers 0 --dump --opts --stderrlog
--wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid<o:p></o:p></p>
<p class=MsoNormal>1 0 13033 13032 25 0 2584 640 wait S
? 0:00 \_ /bin/bash /usr/lib/ipsec/_plutorun --debug --uniqueids yes
--nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --protostack
auto --force_keepalive --disable_port_floating --virtual_private
--crlcheckinterval 0 --ocspuri --nhelpers 0 --dump --opts --stderrlog
--wait no --pre --post --log daemon.error --pid /var/run/pluto/pluto.pid<o:p></o:p></p>
<p class=MsoNormal>4 0 13034 13033 15 0 7988 2540 - S
? 0:01 | \_ /usr/lib/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids
--nat_traversal --nhelpers 0<o:p></o:p></p>
<p class=MsoNormal>0 0 13074 13034 22 0 1696 304 429496 S
? 0:00 | \_ _pluto_adns<o:p></o:p></p>
<p class=MsoNormal>0 0 13035 13032 24 0 2552 1116 pipe_w S
? 0:00 \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post <o:p></o:p></p>
<p class=MsoNormal>0 0 13037 1 18 0 1752 536 pipe_w S
? 0:00 logger -s -p daemon.error -t ipsec__plutorun<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/showdefaults<o:p></o:p></p>
<p class=MsoNormal>+ ipsec showdefaults<o:p></o:p></p>
<p class=MsoNormal>routephys=eth0<o:p></o:p></p>
<p class=MsoNormal>routevirt=ipsec0<o:p></o:p></p>
<p class=MsoNormal>routeaddr=5.6.7.8<o:p></o:p></p>
<p class=MsoNormal>routenexthop=5.6.7.7<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/conf<o:p></o:p></p>
<p class=MsoNormal>+ ipsec _include /etc/ipsec.conf<o:p></o:p></p>
<p class=MsoNormal>+ ipsec _keycensor<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#< /etc/ipsec.conf 1<o:p></o:p></p>
<p class=MsoNormal># /etc/ipsec.conf - Openswan IPsec configuration file<o:p></o:p></p>
<p class=MsoNormal># RCSID $Id: ipsec.conf.in,v 1.15.2.6 2006-10-19 03:49:46
paul Exp $<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># This file: /usr/share/doc/openswan/ipsec.conf-sample<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># Manual: ipsec.conf.5<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>version 2.0 # conforms to second version of
ipsec.conf specification<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># basic configuration<o:p></o:p></p>
<p class=MsoNormal>config setup<o:p></o:p></p>
<p class=MsoNormal> # plutodebug / klipsdebug = "all",
"none" or a combation from below:<o:p></o:p></p>
<p class=MsoNormal> # "raw crypt parsing emitting control
klips pfkey natt x509 private"<o:p></o:p></p>
<p class=MsoNormal> # eg: plutodebug="control parsing"<o:p></o:p></p>
<p class=MsoNormal> #<o:p></o:p></p>
<p class=MsoNormal> # ONLY enable plutodebug=all or klipsdebug=all
if you are a developer !!<o:p></o:p></p>
<p class=MsoNormal> #<o:p></o:p></p>
<p class=MsoNormal> # NAT-TRAVERSAL support, see
README.NAT-Traversal<o:p></o:p></p>
<p class=MsoNormal> nat_traversal=yes<o:p></o:p></p>
<p class=MsoNormal> #
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12<o:p></o:p></p>
<p class=MsoNormal> #<o:p></o:p></p>
<p class=MsoNormal> # enable this if you see "failed to
find any available worker"<o:p></o:p></p>
<p class=MsoNormal> nhelpers=0<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># Add connections here<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>conn ar-to-tx<o:p></o:p></p>
<p class=MsoNormal> left=1.2.3.4 # Public Internet IP address of
the LEFT VPN device<o:p></o:p></p>
<p class=MsoNormal> leftid=@argw.example.com<o:p></o:p></p>
<p class=MsoNormal> leftsubnet=10.1.0.0/24 # Subnet protected by
the LEFT VPN device<o:p></o:p></p>
<p class=MsoNormal> leftnexthop=1.2.3.3 # correct in many situations<o:p></o:p></p>
<p class=MsoNormal> leftrsasigkey=[keyid AQN/3nAqq]<o:p></o:p></p>
<p class=MsoNormal> right=5.6.7.8 # Public Internet IP address
of the RIGHT VPN device<o:p></o:p></p>
<p class=MsoNormal> rightid=@txgw.example.com<o:p></o:p></p>
<p class=MsoNormal> rightsubnet=192.168.0.0/16 # Subnet protected by
the RIGHT VPN device<o:p></o:p></p>
<p class=MsoNormal> rightnexthop=5.6.7.7 # correct in many situations<o:p></o:p></p>
<p class=MsoNormal> rightrsasigkey=[keyid AQN6U8qSi]<o:p></o:p></p>
<p class=MsoNormal> auto=start # authorizes and starts
this connection on booting<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># sample VPN connections, see /etc/ipsec.d/examples/<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#Disable Opportunistic Encryption<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#< /etc/ipsec.d/examples/no_oe.conf 1<o:p></o:p></p>
<p class=MsoNormal># 'include' this file to disable Opportunistic Encryption.<o:p></o:p></p>
<p class=MsoNormal># See /usr/share/doc/openswan/policygroups.html for details.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># RCSID $Id: no_oe.conf.in,v 1.2 2004-10-03 19:33:10 paul
Exp $<o:p></o:p></p>
<p class=MsoNormal>conn block <o:p></o:p></p>
<p class=MsoNormal> auto=ignore<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>conn private <o:p></o:p></p>
<p class=MsoNormal> auto=ignore<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>conn private-or-clear <o:p></o:p></p>
<p class=MsoNormal> auto=ignore<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>conn clear-or-private <o:p></o:p></p>
<p class=MsoNormal> auto=ignore<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>conn clear <o:p></o:p></p>
<p class=MsoNormal> auto=ignore<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>conn packetdefault <o:p></o:p></p>
<p class=MsoNormal> auto=ignore<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#> /etc/ipsec.conf 47<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/secrets<o:p></o:p></p>
<p class=MsoNormal>+ ipsec _include /etc/ipsec.secrets<o:p></o:p></p>
<p class=MsoNormal>+ ipsec _secretcensor<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#< /etc/ipsec.secrets 1<o:p></o:p></p>
<p class=MsoNormal>: RSA {<o:p></o:p></p>
<p class=MsoNormal> # RSA 2048 bits txgw.example.com Thu Oct
22 20:50:26 2009<o:p></o:p></p>
<p class=MsoNormal> # for signatures only, UNSAFE FOR ENCRYPTION<o:p></o:p></p>
<p class=MsoNormal> #pubkey=[keyid AQN6U8qSi]<o:p></o:p></p>
<p class=MsoNormal> Modulus: [...]<o:p></o:p></p>
<p class=MsoNormal> PublicExponent: [...]<o:p></o:p></p>
<p class=MsoNormal> # everything after this point is secret<o:p></o:p></p>
<p class=MsoNormal> PrivateExponent: [...]<o:p></o:p></p>
<p class=MsoNormal> Prime1: [...]<o:p></o:p></p>
<p class=MsoNormal> Prime2: [...]<o:p></o:p></p>
<p class=MsoNormal> Exponent1: [...]<o:p></o:p></p>
<p class=MsoNormal> Exponent2: [...]<o:p></o:p></p>
<p class=MsoNormal> Coefficient: [...]<o:p></o:p></p>
<p class=MsoNormal> }<o:p></o:p></p>
<p class=MsoNormal># do not change the indenting of that "[sums to 7d9d...]"<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/listall<o:p></o:p></p>
<p class=MsoNormal>+ ipsec auto --listall<o:p></o:p></p>
<p class=MsoNormal>000 <o:p></o:p></p>
<p class=MsoNormal>000 List of Public Keys:<o:p></o:p></p>
<p class=MsoNormal>000 <o:p></o:p></p>
<p class=MsoNormal>000 Oct 22 22:21:09 2009, 2048 RSA Key AQN6U8qSi, until ---
-- --:--:-- ---- ok (expires never)<o:p></o:p></p>
<p class=MsoNormal>000 ID_FQDN '@txgw.example.com'<o:p></o:p></p>
<p class=MsoNormal>000 Oct 22 22:21:09 2009, 2048 RSA Key AQN/3nAqq, until ---
-- --:--:-- ---- ok (expires never)<o:p></o:p></p>
<p class=MsoNormal>000 ID_FQDN '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal>+ '[' /etc/ipsec.d/policies ']'<o:p></o:p></p>
<p class=MsoNormal>+ for policy in '$POLICIES/*'<o:p></o:p></p>
<p class=MsoNormal>++ basename /etc/ipsec.d/policies/block<o:p></o:p></p>
<p class=MsoNormal>+ base=block<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/policies/block<o:p></o:p></p>
<p class=MsoNormal>+ cat /etc/ipsec.d/policies/block<o:p></o:p></p>
<p class=MsoNormal># This file defines the set of CIDRs (network/mask-length)
to which<o:p></o:p></p>
<p class=MsoNormal># communication should never be allowed.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># See /usr/share/doc/openswan/policygroups.html for details.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># $Id: block.in,v 1.4 2003-02-17 02:22:15 mcr Exp $<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>+ for policy in '$POLICIES/*'<o:p></o:p></p>
<p class=MsoNormal>++ basename /etc/ipsec.d/policies/clear<o:p></o:p></p>
<p class=MsoNormal>+ base=clear<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/policies/clear<o:p></o:p></p>
<p class=MsoNormal>+ cat /etc/ipsec.d/policies/clear<o:p></o:p></p>
<p class=MsoNormal># This file defines the set of CIDRs (network/mask-length)
to which<o:p></o:p></p>
<p class=MsoNormal># communication should always be in the clear.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># See /usr/share/doc/openswan/policygroups.html for details.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># $Id: clear.in,v 1.4.30.3 2006-11-21 19:49:51 paul Exp $<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># Michael's idea: Always have ROOT NAMESERVERS
in the clear.<o:p></o:p></p>
<p class=MsoNormal># It will make OE work much better on machines
running caching<o:p></o:p></p>
<p class=MsoNormal># resolvers.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># Based on:
http://www.internic.net/zones/named.root<o:p></o:p></p>
<p class=MsoNormal># This file holds the information on root name servers
needed to<o:p></o:p></p>
<p class=MsoNormal># last update: Jan 29, 2004<o:p></o:p></p>
<p class=MsoNormal># related version of root zone: 2004012900<o:p></o:p></p>
<p class=MsoNormal>198.41.0.4/32<o:p></o:p></p>
<p class=MsoNormal>192.228.79.201/32<o:p></o:p></p>
<p class=MsoNormal>192.33.4.12/32<o:p></o:p></p>
<p class=MsoNormal>128.8.10.90/32<o:p></o:p></p>
<p class=MsoNormal>192.203.230.10/32<o:p></o:p></p>
<p class=MsoNormal>192.5.5.241/32<o:p></o:p></p>
<p class=MsoNormal>192.112.36.4/32<o:p></o:p></p>
<p class=MsoNormal>128.63.2.53/32<o:p></o:p></p>
<p class=MsoNormal>192.36.148.17/32<o:p></o:p></p>
<p class=MsoNormal>192.58.128.30/32<o:p></o:p></p>
<p class=MsoNormal>193.0.14.129/32<o:p></o:p></p>
<p class=MsoNormal>198.32.64.12/32<o:p></o:p></p>
<p class=MsoNormal>202.12.27.33/32<o:p></o:p></p>
<p class=MsoNormal>+ for policy in '$POLICIES/*'<o:p></o:p></p>
<p class=MsoNormal>++ basename /etc/ipsec.d/policies/clear-or-private<o:p></o:p></p>
<p class=MsoNormal>+ base=clear-or-private<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/policies/clear-or-private<o:p></o:p></p>
<p class=MsoNormal>+ cat /etc/ipsec.d/policies/clear-or-private<o:p></o:p></p>
<p class=MsoNormal># This file defines the set of CIDRs (network/mask-length)
to which<o:p></o:p></p>
<p class=MsoNormal># we will communicate in the clear, or, if the other side
initiates IPSEC,<o:p></o:p></p>
<p class=MsoNormal># using encryption. This behaviour is also called
"Opportunistic Responder".<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># See /usr/share/doc/openswan/policygroups.html for details.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># $Id: clear-or-private.in,v 1.4 2003-02-17 02:22:15 mcr Exp
$<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>+ for policy in '$POLICIES/*'<o:p></o:p></p>
<p class=MsoNormal>++ basename /etc/ipsec.d/policies/private<o:p></o:p></p>
<p class=MsoNormal>+ base=private<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/policies/private<o:p></o:p></p>
<p class=MsoNormal>+ cat /etc/ipsec.d/policies/private<o:p></o:p></p>
<p class=MsoNormal># This file defines the set of CIDRs (network/mask-length)
to which<o:p></o:p></p>
<p class=MsoNormal># communication should always be private (i.e. encrypted).<o:p></o:p></p>
<p class=MsoNormal># See /usr/share/doc/openswan/policygroups.html for details.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># $Id: private.in,v 1.4 2003-02-17 02:22:15 mcr Exp $<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>+ for policy in '$POLICIES/*'<o:p></o:p></p>
<p class=MsoNormal>++ basename /etc/ipsec.d/policies/private-or-clear<o:p></o:p></p>
<p class=MsoNormal>+ base=private-or-clear<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/policies/private-or-clear<o:p></o:p></p>
<p class=MsoNormal>+ cat /etc/ipsec.d/policies/private-or-clear<o:p></o:p></p>
<p class=MsoNormal># This file defines the set of CIDRs (network/mask-length)
to which<o:p></o:p></p>
<p class=MsoNormal># communication should be private, if possible, but in the
clear otherwise.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># If the target has a TXT (later IPSECKEY) record that
specifies<o:p></o:p></p>
<p class=MsoNormal># authentication material, we will require private (i.e.
encrypted)<o:p></o:p></p>
<p class=MsoNormal># communications. If no such record is found,
communications will be<o:p></o:p></p>
<p class=MsoNormal># in the clear.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># See /usr/share/doc/openswan/policygroups.html for details.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># $Id: private-or-clear.in,v 1.5 2003-02-17 02:22:15 mcr Exp
$<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>0.0.0.0/0<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/ls-libdir<o:p></o:p></p>
<p class=MsoNormal>+ ls -l /usr/lib/ipsec<o:p></o:p></p>
<p class=MsoNormal>total 1404<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 15848 Oct 1 22:00 _confread<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 4472 Oct 1 22:00 _copyright<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 2379 Oct 1 22:00 _include<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 1475 Oct 1 22:00 _keycensor<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 8536 Oct 1 22:00 _pluto_adns<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 3586 Oct 1 22:00 _plutoload<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 8055 Oct 1 22:00 _plutorun<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 12324 Oct 1 22:00 _realsetup<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 1975 Oct 1 22:00 _secretcensor<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 11065 Oct 1 22:00 _startklips<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 13912 Oct 1 22:00 _updown<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 15740 Oct 1 22:00 _updown_x509<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 18891 Oct 1 22:00 auto<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 11343 Oct 1 22:00 barf<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 816 Oct 1 22:00 calcgoo<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 80788 Oct 1 22:00 eroute<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 19112 Oct 1 22:00 ikeping<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 60776 Oct 1 22:00 klipsdebug<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 1940 Oct 1 22:00 livetest<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 2604 Oct 1 22:00 look<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 7082 Oct 1 22:00 mailkey<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 16015 Oct 1 22:00 manual<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 1951 Oct 1 22:00 newhostkey<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 52076 Oct 1 22:00 pf_key<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 681396 Oct 1 22:00 pluto<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 6500 Oct 1 22:00 ranbits<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 18536 Oct 1 22:00 rsasigkey<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 766 Oct 1 22:00 secrets<o:p></o:p></p>
<p class=MsoNormal>lrwxrwxrwx 1 root root 17 Oct 22 16:58 setup ->
/etc/init.d/ipsec<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 1054 Oct 1 22:00 showdefaults<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 4845 Oct 1 22:00 showhostkey<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 122208 Oct 1 22:00 spi<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 69008 Oct 1 22:00 spigrp<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 9872 Oct 1 22:00 tncfg<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 13518 Oct 1 22:00 verify<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 47136 Oct 1 22:00 whack<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/ls-execdir<o:p></o:p></p>
<p class=MsoNormal>+ ls -l /usr/lib/ipsec<o:p></o:p></p>
<p class=MsoNormal>total 1404<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 15848 Oct 1 22:00 _confread<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 4472 Oct 1 22:00 _copyright<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 2379 Oct 1 22:00 _include<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 1475 Oct 1 22:00 _keycensor<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 8536 Oct 1 22:00 _pluto_adns<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 3586 Oct 1 22:00 _plutoload<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 8055 Oct 1 22:00 _plutorun<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 12324 Oct 1 22:00 _realsetup<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 1975 Oct 1 22:00 _secretcensor<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 11065 Oct 1 22:00 _startklips<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 13912 Oct 1 22:00 _updown<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 15740 Oct 1 22:00 _updown_x509<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 18891 Oct 1 22:00 auto<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 11343 Oct 1 22:00 barf<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 816 Oct 1 22:00 calcgoo<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 80788 Oct 1 22:00 eroute<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 19112 Oct 1 22:00 ikeping<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 60776 Oct 1 22:00 klipsdebug<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 1940 Oct 1 22:00 livetest<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 2604 Oct 1 22:00 look<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 7082 Oct 1 22:00 mailkey<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 16015 Oct 1 22:00 manual<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 1951 Oct 1 22:00 newhostkey<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 52076 Oct 1 22:00 pf_key<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 681396 Oct 1 22:00 pluto<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 6500 Oct 1 22:00 ranbits<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 18536 Oct 1 22:00 rsasigkey<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 766 Oct 1 22:00 secrets<o:p></o:p></p>
<p class=MsoNormal>lrwxrwxrwx 1 root root 17 Oct 22 16:58 setup ->
/etc/init.d/ipsec<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 1054 Oct 1 22:00 showdefaults<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 4845 Oct 1 22:00 showhostkey<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 122208 Oct 1 22:00 spi<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 69008 Oct 1 22:00 spigrp<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 9872 Oct 1 22:00 tncfg<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 13518 Oct 1 22:00 verify<o:p></o:p></p>
<p class=MsoNormal>-rwxr-xr-x 1 root root 47136 Oct 1 22:00 whack<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipsec/updowns<o:p></o:p></p>
<p class=MsoNormal>++ ls /usr/lib/ipsec<o:p></o:p></p>
<p class=MsoNormal>++ egrep updown<o:p></o:p></p>
<p class=MsoNormal>+ for f in '`ls ${IPSEC_EXECDIR-/usr/libexec/ipsec} | egrep
updown`'<o:p></o:p></p>
<p class=MsoNormal>+ cat /usr/lib/ipsec/_updown<o:p></o:p></p>
<p class=MsoNormal>#! /bin/sh<o:p></o:p></p>
<p class=MsoNormal># iproute2 version, default updown script<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># Copyright (C) 2003-2004 Nigel Metheringham<o:p></o:p></p>
<p class=MsoNormal># Copyright (C) 2002-2004 Michael Richardson
<mcr@xelerance.com><o:p></o:p></p>
<p class=MsoNormal># Copyright (C) 2003-2005 Tuomo Soini <tis@foobar.fi><o:p></o:p></p>
<p class=MsoNormal># <o:p></o:p></p>
<p class=MsoNormal># This program is free software; you can redistribute it
and/or modify it<o:p></o:p></p>
<p class=MsoNormal># under the terms of the GNU General Public License as
published by the<o:p></o:p></p>
<p class=MsoNormal># Free Software Foundation; either version 2 of the License,
or (at your<o:p></o:p></p>
<p class=MsoNormal># option) any later version. See
<http://www.fsf.org/copyleft/gpl.txt>.<o:p></o:p></p>
<p class=MsoNormal># <o:p></o:p></p>
<p class=MsoNormal># This program is distributed in the hope that it will be
useful, but<o:p></o:p></p>
<p class=MsoNormal># WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY<o:p></o:p></p>
<p class=MsoNormal># or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
Public License<o:p></o:p></p>
<p class=MsoNormal># for more details.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># RCSID $Id: _updown.in,v 1.21.2.11 2006-02-20 22:57:28 paul
Exp $<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># CAUTION: Installing a new version of Openswan will
install a new<o:p></o:p></p>
<p class=MsoNormal># copy of this script, wiping out any custom changes you
make. If<o:p></o:p></p>
<p class=MsoNormal># you need changes, make a copy of this under another name,
and customize<o:p></o:p></p>
<p class=MsoNormal># that, and use the (left/right)updown parameters in
ipsec.conf to make<o:p></o:p></p>
<p class=MsoNormal># Openswan use yours instead of this default one.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>LC_ALL=C export LC_ALL<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># things that this script gets (from ipsec_pluto(8) man
page)<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_VERSION<o:p></o:p></p>
<p class=MsoNormal># indicates what version of this interface is
being<o:p></o:p></p>
<p class=MsoNormal># used. This document describes version
1.1. This<o:p></o:p></p>
<p class=MsoNormal># is upwardly compatible with version 1.0.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_VERB<o:p></o:p></p>
<p class=MsoNormal># specifies the name of the operation to be
performed<o:p></o:p></p>
<p class=MsoNormal># (prepare-host, prepare-client, up-host,
up-client,<o:p></o:p></p>
<p class=MsoNormal># down-host, or down-client). If the address
family<o:p></o:p></p>
<p class=MsoNormal># for security gateway to security gateway<o:p></o:p></p>
<p class=MsoNormal># communications is IPv6, then a suffix of -v6
is added<o:p></o:p></p>
<p class=MsoNormal># to the verb.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_CONNECTION<o:p></o:p></p>
<p class=MsoNormal># is the name of the connection for which we
are<o:p></o:p></p>
<p class=MsoNormal># routing.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_CONN_POLICY<o:p></o:p></p>
<p class=MsoNormal># the policy of the connection, as in:<o:p></o:p></p>
<p class=MsoNormal>#
RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failureDROP+lKOD+rKOD <o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_NEXT_HOP<o:p></o:p></p>
<p class=MsoNormal># is the next hop to which packets bound for
the peer<o:p></o:p></p>
<p class=MsoNormal># must be sent.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_INTERFACE<o:p></o:p></p>
<p class=MsoNormal># is the name of the ipsec interface to be
used.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_ME<o:p></o:p></p>
<p class=MsoNormal># is the IP address of our host.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_CLIENT<o:p></o:p></p>
<p class=MsoNormal># is the IP address / count of our client
subnet. If<o:p></o:p></p>
<p class=MsoNormal># the client is just the host, this will
be the<o:p></o:p></p>
<p class=MsoNormal># host's own IP address / max (where max is
32 for<o:p></o:p></p>
<p class=MsoNormal># IPv4 and 128 for IPv6).<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_CLIENT_NET<o:p></o:p></p>
<p class=MsoNormal># is the IP address of our client net. If the
client<o:p></o:p></p>
<p class=MsoNormal># is just the host, this will be the host's
own IP<o:p></o:p></p>
<p class=MsoNormal># address.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_CLIENT_MASK<o:p></o:p></p>
<p class=MsoNormal># is the mask for our client net. If the
client is<o:p></o:p></p>
<p class=MsoNormal># just the host, this will be 255.255.255.255.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_SOURCEIP<o:p></o:p></p>
<p class=MsoNormal># if non-empty, then the source address for the
route will be<o:p></o:p></p>
<p class=MsoNormal># set to this IP address.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_PROTOCOL<o:p></o:p></p>
<p class=MsoNormal># is the protocol for this connection.
Useful for<o:p></o:p></p>
<p class=MsoNormal># firewalling.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_PORT<o:p></o:p></p>
<p class=MsoNormal># is the port. Useful for firewalling.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER<o:p></o:p></p>
<p class=MsoNormal># is the IP address of our peer.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER_CLIENT<o:p></o:p></p>
<p class=MsoNormal># is the IP address / count of the peer's
client sub­<o:p></o:p></p>
<p class=MsoNormal># net. If the client is just the peer, this
will be<o:p></o:p></p>
<p class=MsoNormal># the peer's own IP address / max (where max
is 32<o:p></o:p></p>
<p class=MsoNormal># for IPv4 and 128 for IPv6).<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER_CLIENT_NET<o:p></o:p></p>
<p class=MsoNormal># is the IP address of the peer's client net.
If the<o:p></o:p></p>
<p class=MsoNormal># client is just the peer, this will be the
peer's<o:p></o:p></p>
<p class=MsoNormal># own IP address.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER_CLIENT_MASK<o:p></o:p></p>
<p class=MsoNormal># is the mask for the peer's client net.
If the<o:p></o:p></p>
<p class=MsoNormal># client is just the peer, this
will be<o:p></o:p></p>
<p class=MsoNormal># 255.255.255.255.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER_PROTOCOL<o:p></o:p></p>
<p class=MsoNormal># is the protocol set for remote end
with port<o:p></o:p></p>
<p class=MsoNormal># selector.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER_PORT<o:p></o:p></p>
<p class=MsoNormal># is the peer's port. Useful for firewalling.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_CONNECTION_TYPE<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># Import default _updown configs from the /etc/default/pluto_updown
file<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># Two variables can be set in this file:<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># DEFAULTSOURCE<o:p></o:p></p>
<p class=MsoNormal># is the default value for PLUTO_MY_SOURCEIP<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># IPROUTETABLE<o:p></o:p></p>
<p class=MsoNormal># is the default value for IPROUTETABLE<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># IPROUTEARGS<o:p></o:p></p>
<p class=MsoNormal># is the extra argument list for ip route
command<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># IPRULEARGS<o:p></o:p></p>
<p class=MsoNormal># is the extra argument list for ip rule
command<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>if [ -f /etc/default/pluto_updown ]<o:p></o:p></p>
<p class=MsoNormal>then<o:p></o:p></p>
<p class=MsoNormal> . /etc/default/pluto_updown<o:p></o:p></p>
<p class=MsoNormal>fi<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># check interface version<o:p></o:p></p>
<p class=MsoNormal>case "$PLUTO_VERSION" in<o:p></o:p></p>
<p class=MsoNormal>1.[0]) # Older Pluto?!? Play it safe, script may be
using new features.<o:p></o:p></p>
<p class=MsoNormal> echo "$0: obsolete interface version
\`$PLUTO_VERSION'," >&2<o:p></o:p></p>
<p class=MsoNormal> echo "$0: called by
obsolete Pluto?" >&2<o:p></o:p></p>
<p class=MsoNormal> exit 2<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>1.*) ;;<o:p></o:p></p>
<p class=MsoNormal>*) echo "$0: unknown interface version
\`$PLUTO_VERSION'" >&2<o:p></o:p></p>
<p class=MsoNormal> exit 2<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>esac<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># check parameter(s)<o:p></o:p></p>
<p class=MsoNormal>case "$1:$*" in<o:p></o:p></p>
<p class=MsoNormal>':') # no
parameters<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>ipfwadm:ipfwadm) # due to (left/right)firewall; for
default script only<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>custom:*) # custom parameters (see
above CAUTION comment)<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>*) echo "$0: unknown parameters \`$*'"
>&2<o:p></o:p></p>
<p class=MsoNormal> exit 2<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>esac<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># utility functions for route manipulation<o:p></o:p></p>
<p class=MsoNormal># Meddling with this stuff should not be necessary and
requires great care.<o:p></o:p></p>
<p class=MsoNormal>uproute() {<o:p></o:p></p>
<p class=MsoNormal> doroute add<o:p></o:p></p>
<p class=MsoNormal> ip route flush cache<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>downroute() {<o:p></o:p></p>
<p class=MsoNormal> doroute delete<o:p></o:p></p>
<p class=MsoNormal> ip route flush cache<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>uprule() {<o:p></o:p></p>
<p class=MsoNormal> # policy based advanced routing<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$IPROUTETABLE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> dorule delete<o:p></o:p></p>
<p class=MsoNormal> dorule add<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> # virtual sourceip support<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$PLUTO_MY_SOURCEIP" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> addsource<o:p></o:p></p>
<p class=MsoNormal> rc=$?<o:p></o:p></p>
<p class=MsoNormal> if [ $rc -ne 0 ];<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> changesource<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> ip route flush cache<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>downrule() {<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$IPROUTETABLE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> dorule delete<o:p></o:p></p>
<p class=MsoNormal> ip route flush cache<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>addsource() {<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> # check if given sourceip is local and add
as alias if not<o:p></o:p></p>
<p class=MsoNormal> if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*}
| grep -q ^local<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> it="ip addr add
${PLUTO_MY_SOURCEIP%/*}/32 dev ${PLUTO_INTERFACE%:*}"<o:p></o:p></p>
<p class=MsoNormal> oops="`eval $it 2>&1`"<o:p></o:p></p>
<p class=MsoNormal> st=$?<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" = "
" -a " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent error,
exit status $st"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> case "$oops" in<o:p></o:p></p>
<p class=MsoNormal> 'RTNETLINK answers: File
exists'*)<o:p></o:p></p>
<p class=MsoNormal> # should not happen, but
... ignore if the<o:p></o:p></p>
<p class=MsoNormal> # address was already
assigned on interface<o:p></o:p></p>
<p class=MsoNormal> oops=""<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" != "
" -o " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo "$0: addsource
\`$it' failed ($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> return $st<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>changesource() {<o:p></o:p></p>
<p class=MsoNormal> # Change used route source to destination if
there is previous<o:p></o:p></p>
<p class=MsoNormal> # Route to same PLUTO_PEER_CLIENT. This is
basically to fix<o:p></o:p></p>
<p class=MsoNormal> # configuration errors where all conns to
same destination don't<o:p></o:p></p>
<p class=MsoNormal> # have (left/right)sourceip set.<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> parms="$PLUTO_PEER_CLIENT dev
${PLUTO_INTERFACE%:*}"<o:p></o:p></p>
<p class=MsoNormal> parms="$parms src
${PLUTO_MY_SOURCEIP%/*} $IPROUTEARGS"<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$IPROUTETABLE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> parms="$parms table
$IPROUTETABLE"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> it="ip route change $parms"<o:p></o:p></p>
<p class=MsoNormal> case "$PLUTO_PEER_CLIENT" in<o:p></o:p></p>
<p class=MsoNormal> "0.0.0.0/0")<o:p></o:p></p>
<p class=MsoNormal> # opportunistic encryption
work around<o:p></o:p></p>
<p class=MsoNormal> it=<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> oops="`eval $it 2>&1`"<o:p></o:p></p>
<p class=MsoNormal> st=$?<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" = " "
-a " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent error, exit status
$st"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> case "$oops" in<o:p></o:p></p>
<p class=MsoNormal> 'RTNETLINK answers: No such
file or directory'*)<o:p></o:p></p>
<p class=MsoNormal> # Will happen every time
first tunnel is activated because<o:p></o:p></p>
<p class=MsoNormal> # there is no previous route
to PLUTO_PEER_CLIENT. So we<o:p></o:p></p>
<p class=MsoNormal> # need to ignore this error.<o:p></o:p></p>
<p class=MsoNormal> oops=""<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" != " "
-o " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo "$0: changesource \`$it'
failed ($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> return $st<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>dorule() {<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> it2=<o:p></o:p></p>
<p class=MsoNormal> iprule="from $PLUTO_MY_CLIENT"<o:p></o:p></p>
<p class=MsoNormal> iprule2="to $PLUTO_PEER_CLIENT table
$IPROUTETABLE $IPRULEARGS"<o:p></o:p></p>
<p class=MsoNormal> case "$PLUTO_PEER_CLIENT" in<o:p></o:p></p>
<p class=MsoNormal> "0.0.0.0/0")<o:p></o:p></p>
<p class=MsoNormal> # opportunistic encryption
work around<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> *)<o:p></o:p></p>
<p class=MsoNormal> if [ -z
"$PLUTO_MY_SOURCEIP" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> if [
"$PLUTO_ME" = "${PLUTO_MY_CLIENT%/*}" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> it="ip
rule $1 iif lo $iprule2"<o:p></o:p></p>
<p class=MsoNormal> else<o:p></o:p></p>
<p class=MsoNormal> it="ip
rule $1 $iprule $iprule2"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> else<o:p></o:p></p>
<p class=MsoNormal> if [
"${PLUTO_MY_SOURCEIP%/*}" = "${PLUTO_MY_CLIENT%/*}" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> it="ip
rule $1 iif lo $iprule2"<o:p></o:p></p>
<p class=MsoNormal> else<o:p></o:p></p>
<p class=MsoNormal> it="ip
rule $1 $iprule $iprule2"<o:p></o:p></p>
<p class=MsoNormal> it2="ip
rule $1 iif lo $iprule2"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> oops="`eval $it
2>&1`"<o:p></o:p></p>
<p class=MsoNormal> st=$?<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" =
" " -a " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent error,
exit status $st"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> case "$oops" in<o:p></o:p></p>
<p class=MsoNormal> 'RTNETLINK answers: No such
process'*)<o:p></o:p></p>
<p class=MsoNormal> # This is
what ip rule gives<o:p></o:p></p>
<p class=MsoNormal> # for
"could not find such a rule"<o:p></o:p></p>
<p class=MsoNormal> oops=<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> if test " $oops"
!= " " -o " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo "$0: dorule
\`$it' failed ($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> if test "$st" =
"0" -a -n "$it2"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="`eval $it2
2>&1`"<o:p></o:p></p>
<p class=MsoNormal> st=$?<o:p></o:p></p>
<p class=MsoNormal> if test "
$oops" = " " -a " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent
error, exit status $st"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> case "$oops"
in<o:p></o:p></p>
<p class=MsoNormal> 'RTNETLINK answers: No
such process'*)<o:p></o:p></p>
<p class=MsoNormal> # This
is what ip rule gives<o:p></o:p></p>
<p class=MsoNormal> # for
"could not find such a rule"<o:p></o:p></p>
<p class=MsoNormal> oops=<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> if test "
$oops" != " " -o " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo
"$0: dorule \`$it2' failed ($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> return $st<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>doroute() {<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> parms="$PLUTO_PEER_CLIENT"<o:p></o:p></p>
<p class=MsoNormal> parms2=<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$PLUTO_NEXT_HOP" ]
&& [ "$PLUTO_NEXT_HOP" != "$PLUTO_PEER" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> parms2="via $PLUTO_NEXT_HOP"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> parms2="$parms2 dev
${PLUTO_INTERFACE%:*}"<o:p></o:p></p>
<p class=MsoNormal> parms3="$IPROUTEARGS"<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$IPROUTETABLE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> parms3="$parms3 table
$IPROUTETABLE"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal> if [ -z "$PLUTO_MY_SOURCEIP" ]
&& [ -n "$DEFAULTSOURCE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal>
PLUTO_MY_SOURCEIP="${DEFAULTSOURCE%/*}"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal> if test "$1" = "add" -a
-n "$PLUTO_MY_SOURCEIP" <o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> addsource<o:p></o:p></p>
<p class=MsoNormal> parms3="$parms3 src
${PLUTO_MY_SOURCEIP%/*}"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal> case "$PLUTO_PEER_CLIENT" in<o:p></o:p></p>
<p class=MsoNormal> "0.0.0.0/0")<o:p></o:p></p>
<p class=MsoNormal> # opportunistic encryption
work around<o:p></o:p></p>
<p class=MsoNormal> # need to provide route that
eclipses default, without <o:p></o:p></p>
<p class=MsoNormal> # replacing it.<o:p></o:p></p>
<p class=MsoNormal> it="ip route $1
0.0.0.0/1 $parms2 $parms3 &&<o:p></o:p></p>
<p class=MsoNormal> ip route $1
128.0.0.0/1 $parms2 $parms3"<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> *) it="ip route $1 $parms
$parms2 $parms3"<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> oops="`eval $it 2>&1`"<o:p></o:p></p>
<p class=MsoNormal> st=$?<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" = " "
-a " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent error, exit status
$st"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" != " "
-o " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo "$0: doroute \`$it' failed
($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> return $st<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal> <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># the big choice<o:p></o:p></p>
<p class=MsoNormal>case "$PLUTO_VERB:$1" in<o:p></o:p></p>
<p class=MsoNormal>prepare-host:*|prepare-client:*)<o:p></o:p></p>
<p class=MsoNormal> # delete possibly-existing route
(preliminary to adding a route)<o:p></o:p></p>
<p class=MsoNormal> case "$PLUTO_PEER_CLIENT" in<o:p></o:p></p>
<p class=MsoNormal> "0.0.0.0/0")<o:p></o:p></p>
<p class=MsoNormal> # need to provide route that
eclipses default, without <o:p></o:p></p>
<p class=MsoNormal> # replacing it.<o:p></o:p></p>
<p class=MsoNormal> parms1="0.0.0.0/1"<o:p></o:p></p>
<p class=MsoNormal> parms2="128.0.0.0/1"<o:p></o:p></p>
<p class=MsoNormal> it="ip route delete
$parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS
2>&1"<o:p></o:p></p>
<p class=MsoNormal> oops="`ip route delete
$parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS
2>&1`"<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> *)<o:p></o:p></p>
<p class=MsoNormal> parms="$PLUTO_PEER_CLIENT
$IPROUTEARGS"<o:p></o:p></p>
<p class=MsoNormal> if [ -n
"$IPROUTETABLE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> parms="$parms table
$IPROUTETABLE"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> it="ip route delete
$parms 2>&1"<o:p></o:p></p>
<p class=MsoNormal> oops="`ip route delete
$parms 2>&1`"<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> status="$?"<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" = " "
-a " $status" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent error,
exit status $status"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> case "$oops" in<o:p></o:p></p>
<p class=MsoNormal> *'RTNETLINK answers: No such process'*) <o:p></o:p></p>
<p class=MsoNormal> # This is what route
(currently -- not documented!) gives<o:p></o:p></p>
<p class=MsoNormal> # for "could not find
such a route".<o:p></o:p></p>
<p class=MsoNormal> oops=<o:p></o:p></p>
<p class=MsoNormal> status=0<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" != " "
-o " $status" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo "$0: \`$it' failed
($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> exit $status<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>route-host:*|route-client:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me or my client subnet being
routed<o:p></o:p></p>
<p class=MsoNormal> uproute<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>unroute-host:*|unroute-client:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me or my client subnet being
unrouted<o:p></o:p></p>
<p class=MsoNormal> downroute<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>up-host:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me coming up<o:p></o:p></p>
<p class=MsoNormal> uprule<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>down-host:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me going down<o:p></o:p></p>
<p class=MsoNormal> downrule<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>up-client:)<o:p></o:p></p>
<p class=MsoNormal> # connection to my client subnet coming up<o:p></o:p></p>
<p class=MsoNormal> uprule<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>down-client:)<o:p></o:p></p>
<p class=MsoNormal> # connection to my client subnet going down<o:p></o:p></p>
<p class=MsoNormal> downrule<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>up-client:ipfwadm)<o:p></o:p></p>
<p class=MsoNormal> # connection to client subnet, with
(left/right)firewall=yes, coming up<o:p></o:p></p>
<p class=MsoNormal> uprule<o:p></o:p></p>
<p class=MsoNormal> # This is used only by the default updown
script, not by your custom<o:p></o:p></p>
<p class=MsoNormal> # ones, so do not mess with it; see CAUTION
comment up at top.<o:p></o:p></p>
<p class=MsoNormal> ipfwadm -F -i accept -b -S
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \<o:p></o:p></p>
<p class=MsoNormal> -D
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>down-client:ipfwadm)<o:p></o:p></p>
<p class=MsoNormal> # connection to client subnet, with
(left/right)firewall=yes, going down<o:p></o:p></p>
<p class=MsoNormal> downrule<o:p></o:p></p>
<p class=MsoNormal> # This is used only by the default updown
script, not by your custom<o:p></o:p></p>
<p class=MsoNormal> # ones, so do not mess with it; see CAUTION
comment up at top.<o:p></o:p></p>
<p class=MsoNormal> ipfwadm -F -d accept -b -S
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \<o:p></o:p></p>
<p class=MsoNormal> -D
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># IPv6<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>prepare-host-v6:*|prepare-client-v6:*)<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>route-host-v6:*|route-client-v6:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me or my client subnet being
routed<o:p></o:p></p>
<p class=MsoNormal> #uproute_v6<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>unroute-host-v6:*|unroute-client-v6:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me or my client subnet being
unrouted<o:p></o:p></p>
<p class=MsoNormal> #downroute_v6<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>up-host-v6:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me coming up<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>down-host-v6:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me going down<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>up-client-v6:)<o:p></o:p></p>
<p class=MsoNormal> # connection to my client subnet coming up<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>down-client-v6:)<o:p></o:p></p>
<p class=MsoNormal> # connection to my client subnet going down<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>*) echo "$0: unknown verb \`$PLUTO_VERB' or
parameter \`$1'" >&2<o:p></o:p></p>
<p class=MsoNormal> exit 1<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>esac<o:p></o:p></p>
<p class=MsoNormal>+ for f in '`ls ${IPSEC_EXECDIR-/usr/libexec/ipsec} | egrep
updown`'<o:p></o:p></p>
<p class=MsoNormal>+ cat /usr/lib/ipsec/_updown_x509<o:p></o:p></p>
<p class=MsoNormal>#! /bin/sh<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># customized updown script<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># logging of VPN connections<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># tag put in front of each log entry:<o:p></o:p></p>
<p class=MsoNormal>TAG=vpn<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># syslog facility and priority used:<o:p></o:p></p>
<p class=MsoNormal>FAC_PRIO=local0.notice<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># to create a special vpn logging file, put the following
line into<o:p></o:p></p>
<p class=MsoNormal># the syslog configuration file /etc/syslog.conf:<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># local0.notice -/var/log/vpn<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># are there port numbers?<o:p></o:p></p>
<p class=MsoNormal>if [ "$PLUTO_MY_PORT" != 0 ]<o:p></o:p></p>
<p class=MsoNormal>then<o:p></o:p></p>
<p class=MsoNormal> S_MY_PORT="--sport $PLUTO_MY_PORT"<o:p></o:p></p>
<p class=MsoNormal> D_MY_PORT="--dport $PLUTO_MY_PORT"<o:p></o:p></p>
<p class=MsoNormal>fi<o:p></o:p></p>
<p class=MsoNormal>if [ "$PLUTO_PEER_PORT" != 0 ]<o:p></o:p></p>
<p class=MsoNormal>then<o:p></o:p></p>
<p class=MsoNormal> S_PEER_PORT="--sport
$PLUTO_PEER_PORT"<o:p></o:p></p>
<p class=MsoNormal> D_PEER_PORT="--dport
$PLUTO_PEER_PORT"<o:p></o:p></p>
<p class=MsoNormal>fi<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># CAUTION: Installing a new version of Openswan will
install a new<o:p></o:p></p>
<p class=MsoNormal># copy of this script, wiping out any custom changes you
make. If<o:p></o:p></p>
<p class=MsoNormal># you need changes, make a copy of this under another name,
and customize<o:p></o:p></p>
<p class=MsoNormal># that, and use the (left/right)updown parameters in
ipsec.conf to make<o:p></o:p></p>
<p class=MsoNormal># Openswan use yours instead of this default one.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>LC_ALL=C export LC_ALL<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># things that this script gets (from ipsec_pluto(8) man
page)<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_VERSION<o:p></o:p></p>
<p class=MsoNormal># indicates what version of this interface is
being<o:p></o:p></p>
<p class=MsoNormal># used. This document describes version
1.1. This<o:p></o:p></p>
<p class=MsoNormal># is upwardly compatible with version 1.0.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_VERB<o:p></o:p></p>
<p class=MsoNormal># specifies the name of the operation to be
performed<o:p></o:p></p>
<p class=MsoNormal># (prepare-host, prepare-client, up-host,
up-client,<o:p></o:p></p>
<p class=MsoNormal># down-host, or down-client). If the address
family<o:p></o:p></p>
<p class=MsoNormal># for security gateway to security gateway
communica­<o:p></o:p></p>
<p class=MsoNormal># tions is IPv6, then a suffix of -v6 is added to
the<o:p></o:p></p>
<p class=MsoNormal># verb.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_CONNECTION<o:p></o:p></p>
<p class=MsoNormal># is the name of the connection for which
we are<o:p></o:p></p>
<p class=MsoNormal># routing.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_CONN_POLICY<o:p></o:p></p>
<p class=MsoNormal># the policy of the connection, as in:<o:p></o:p></p>
<p class=MsoNormal>#
RSASIG+ENCRYPT+TUNNEL+PFS+DONTREKEY+OPPORTUNISTIC+failureDROP+lKOD+rKOD <o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_NEXT_HOP<o:p></o:p></p>
<p class=MsoNormal># is the next hop to which packets bound for
the peer<o:p></o:p></p>
<p class=MsoNormal># must be sent.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_INTERFACE<o:p></o:p></p>
<p class=MsoNormal># is the name of the ipsec interface to be
used.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_ME<o:p></o:p></p>
<p class=MsoNormal># is the IP address of our host.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_CLIENT<o:p></o:p></p>
<p class=MsoNormal># is the IP address / count of our client
subnet. If<o:p></o:p></p>
<p class=MsoNormal># the client is just the host, this will
be the<o:p></o:p></p>
<p class=MsoNormal># host's own IP address / max (where max is
32 for<o:p></o:p></p>
<p class=MsoNormal># IPv4 and 128 for IPv6).<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_CLIENT_NET<o:p></o:p></p>
<p class=MsoNormal># is the IP address of our client net. If the
client<o:p></o:p></p>
<p class=MsoNormal># is just the host, this will be the host's
own IP<o:p></o:p></p>
<p class=MsoNormal># address.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_CLIENT_MASK<o:p></o:p></p>
<p class=MsoNormal># is the mask for our client net. If the
client is<o:p></o:p></p>
<p class=MsoNormal># just the host, this will be 255.255.255.255.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_SOURCEIP<o:p></o:p></p>
<p class=MsoNormal># if non-empty, then the source address for the
route will be<o:p></o:p></p>
<p class=MsoNormal># set to this IP address.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_PROTOCOL<o:p></o:p></p>
<p class=MsoNormal># is the protocol for this connection.
Useful for<o:p></o:p></p>
<p class=MsoNormal># firewalling.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_MY_PORT<o:p></o:p></p>
<p class=MsoNormal># is the port. Useful for firewalling.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER<o:p></o:p></p>
<p class=MsoNormal># is the IP address of our peer.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER_CLIENT<o:p></o:p></p>
<p class=MsoNormal># is the IP address / count of the peer's
client sub­<o:p></o:p></p>
<p class=MsoNormal># net. If the client is just the peer, this
will be<o:p></o:p></p>
<p class=MsoNormal># the peer's own IP address / max (where max
is 32<o:p></o:p></p>
<p class=MsoNormal># for IPv4 and 128 for IPv6).<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER_CLIENT_NET<o:p></o:p></p>
<p class=MsoNormal># is the IP address of the peer's client net.
If the<o:p></o:p></p>
<p class=MsoNormal># client is just the peer, this will be the
peer's<o:p></o:p></p>
<p class=MsoNormal># own IP address.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER_CLIENT_MASK<o:p></o:p></p>
<p class=MsoNormal># is the mask for the peer's client net.
If the<o:p></o:p></p>
<p class=MsoNormal># client is just the peer, this
will be<o:p></o:p></p>
<p class=MsoNormal># 255.255.255.255.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER_PROTOCOL<o:p></o:p></p>
<p class=MsoNormal># is the protocol set for remote end
with port<o:p></o:p></p>
<p class=MsoNormal># selector.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_PEER_PORT<o:p></o:p></p>
<p class=MsoNormal># is the peer's port. Useful for firewalling.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># PLUTO_CONNECTION_TYPE<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># Import default _updown configs from the
/etc/default/pluto_updown file<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># Two variables can be set in this file:<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># DEFAULTSOURCE<o:p></o:p></p>
<p class=MsoNormal># is the default value for PLUTO_MY_SOURCEIP<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># IPROUTETABLE<o:p></o:p></p>
<p class=MsoNormal># is the default value for IPROUTETABLE<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># IPROUTEARGS<o:p></o:p></p>
<p class=MsoNormal># is the extra argument list for ip route
command<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># IPRULEARGS<o:p></o:p></p>
<p class=MsoNormal># is the extra argument list for ip rule
command<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>if [ -f /etc/default/pluto_updown ]<o:p></o:p></p>
<p class=MsoNormal>then<o:p></o:p></p>
<p class=MsoNormal> . /etc/default/pluto_updown<o:p></o:p></p>
<p class=MsoNormal>fi<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># check interface version<o:p></o:p></p>
<p class=MsoNormal>case "$PLUTO_VERSION" in<o:p></o:p></p>
<p class=MsoNormal>1.[0]) # Older Pluto?!? Play it safe, script may be
using new features.<o:p></o:p></p>
<p class=MsoNormal> echo "$0: obsolete interface version
\`$PLUTO_VERSION'," >&2<o:p></o:p></p>
<p class=MsoNormal> echo "$0: called by
obsolete Pluto?" >&2<o:p></o:p></p>
<p class=MsoNormal> exit 2<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>1.*) ;;<o:p></o:p></p>
<p class=MsoNormal>*) echo "$0: unknown interface version
\`$PLUTO_VERSION'" >&2<o:p></o:p></p>
<p class=MsoNormal> exit 2<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>esac<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># check parameter(s)<o:p></o:p></p>
<p class=MsoNormal>case "$1:$*" in<o:p></o:p></p>
<p class=MsoNormal>':') # no
parameters<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>ipfwadm:ipfwadm) # due to (left/right)firewall; for
default script only<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>custom:*) # custom parameters (see
above CAUTION comment)<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>*) echo "$0: unknown parameters \`$*'"
>&2<o:p></o:p></p>
<p class=MsoNormal> exit 2<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>esac<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># utility functions for route manipulation<o:p></o:p></p>
<p class=MsoNormal># Meddling with this stuff should not be necessary and
requires great care.<o:p></o:p></p>
<p class=MsoNormal>uproute() {<o:p></o:p></p>
<p class=MsoNormal> doroute add<o:p></o:p></p>
<p class=MsoNormal> ip route flush cache<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>downroute() {<o:p></o:p></p>
<p class=MsoNormal> doroute delete<o:p></o:p></p>
<p class=MsoNormal> ip route flush cache<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>uprule() {<o:p></o:p></p>
<p class=MsoNormal> # policy based advanced routing<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$IPROUTETABLE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> dorule delete<o:p></o:p></p>
<p class=MsoNormal> dorule add<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> # virtual sourceip support<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$PLUTO_MY_SOURCEIP" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> addsource<o:p></o:p></p>
<p class=MsoNormal> changesource<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> ip route flush cache<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>downrule() {<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$IPROUTETABLE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> dorule delete<o:p></o:p></p>
<p class=MsoNormal> ip route flush cache<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>addsource() {<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*}
| grep -q ^local<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> it="ip addr add
${PLUTO_MY_SOURCEIP%/*}/32 dev ${PLUTO_INTERFACE%:*}"<o:p></o:p></p>
<p class=MsoNormal> oops="`eval $it 2>&1`"<o:p></o:p></p>
<p class=MsoNormal> st=$?<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" = "
" -a " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent error,
exit status $st"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" != "
" -o " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo "$0: addsource
\`$it' failed ($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> return $st<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>changesource() {<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> parms="$PLUTO_PEER_CLIENT"<o:p></o:p></p>
<p class=MsoNormal> parms2="dev ${PLUTO_INTERFACE%:*}"<o:p></o:p></p>
<p class=MsoNormal> parms3="src ${PLUTO_MY_SOURCEIP%/*}
$IPROUTEARGS"<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$IPROUTETABLE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> parms3="$parms3 table
'$IPROUTETABLE'"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> case
"$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in<o:p></o:p></p>
<p class=MsoNormal> "0.0.0.0/0.0.0.0")<o:p></o:p></p>
<p class=MsoNormal> # opportunistic encryption
work around<o:p></o:p></p>
<p class=MsoNormal> it=<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> oops="`eval $it 2>&1`"<o:p></o:p></p>
<p class=MsoNormal> st=$?<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" = " "
-a " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent error, exit status
$st"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" != " "
-o " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo "$0: changesource \`$it'
failed ($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> return $st<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>dorule() {<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> it2=<o:p></o:p></p>
<p class=MsoNormal> iprule="from $PLUTO_MY_CLIENT"<o:p></o:p></p>
<p class=MsoNormal> iprule2="to $PLUTO_PEER_CLIENT table
$IPROUTETABLE $IPRULEARGS"<o:p></o:p></p>
<p class=MsoNormal> case
"$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in<o:p></o:p></p>
<p class=MsoNormal> "0.0.0.0/0.0.0.0")<o:p></o:p></p>
<p class=MsoNormal> # opportunistic encryption
work around<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> *)<o:p></o:p></p>
<p class=MsoNormal> if [ -z
"$PLUTO_MY_SOURCEIP" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> if [
"$PLUTO_ME" = "${PLUTO_MY_CLIENT%/*}" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> it="ip
rule $1 iif lo $iprule2"<o:p></o:p></p>
<p class=MsoNormal> else<o:p></o:p></p>
<p class=MsoNormal> it="ip
rule $1 $iprule $iprule2"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> else<o:p></o:p></p>
<p class=MsoNormal> if [
"${PLUTO_MY_SOURCEIP%/*}" = "${PLUTO_MY_CLIENT%/*}" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> it="ip
rule $1 iif lo $iprule2"<o:p></o:p></p>
<p class=MsoNormal> else<o:p></o:p></p>
<p class=MsoNormal> it="ip
rule $1 $iprule $iprule2"<o:p></o:p></p>
<p class=MsoNormal> it2="ip
rule $1 iif lo $iprule2"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> oops="`eval $it
2>&1`"<o:p></o:p></p>
<p class=MsoNormal> st=$?<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" =
" " -a " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent error,
exit status $st"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> case "$oops" in<o:p></o:p></p>
<p class=MsoNormal> 'RTNETLINK answers: No such
process'*)<o:p></o:p></p>
<p class=MsoNormal> # This is
what ip rule gives<o:p></o:p></p>
<p class=MsoNormal> # for
"could not find such a rule"<o:p></o:p></p>
<p class=MsoNormal> oops=<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> if test " $oops"
!= " " -o " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo "$0: dorule
\`$it' failed ($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> if test "$st" =
"0" -a -n "$it2"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="`eval $it2
2>&1`"<o:p></o:p></p>
<p class=MsoNormal> st=$?<o:p></o:p></p>
<p class=MsoNormal> if test "
$oops" = " " -a " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent
error, exit status $st"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> case "$oops"
in<o:p></o:p></p>
<p class=MsoNormal> 'RTNETLINK answers: No
such process'*)<o:p></o:p></p>
<p class=MsoNormal> # This
is what ip rule gives<o:p></o:p></p>
<p class=MsoNormal> # for
"could not find such a rule"<o:p></o:p></p>
<p class=MsoNormal> oops=<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> if test "
$oops" != " " -o " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo
"$0: dorule \`$it2' failed ($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> return $st<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>doroute() {<o:p></o:p></p>
<p class=MsoNormal> st=0<o:p></o:p></p>
<p class=MsoNormal> parms="$PLUTO_PEER_CLIENT"<o:p></o:p></p>
<p class=MsoNormal> parms2=<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$PLUTO_NEXT_HOP" ]
&& [ "$PLUTO_NEXT_HOP" != "$PLUTO_PEER" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> parms2="via $PLUTO_NEXT_HOP"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> parms2="$parms2 dev
${PLUTO_INTERFACE%:*}"<o:p></o:p></p>
<p class=MsoNormal> parms3="$IPROUTEARGS"<o:p></o:p></p>
<p class=MsoNormal> if [ -n "$IPROUTETABLE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> parms3="$parms3 table
$IPROUTETABLE"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal> if [ -z "$PLUTO_MY_SOURCEIP" ]
&& [ -n "$DEFAULTSOURCE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal>
PLUTO_MY_SOURCEIP="${DEFAULTSOURCE%/*}"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal> if test "$1" = "add" -a
-n "$PLUTO_MY_SOURCEIP" <o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> addsource<o:p></o:p></p>
<p class=MsoNormal> parms3="$parms3 src
${PLUTO_MY_SOURCEIP%/*}"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal> case
"$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in<o:p></o:p></p>
<p class=MsoNormal> "0.0.0.0/0.0.0.0")<o:p></o:p></p>
<p class=MsoNormal> # opportunistic encryption
work around<o:p></o:p></p>
<p class=MsoNormal> # need to provide route that
eclipses default, without <o:p></o:p></p>
<p class=MsoNormal> # replacing it.<o:p></o:p></p>
<p class=MsoNormal> it="ip route $1
0.0.0.0/1 $parms2 $parms3 &&<o:p></o:p></p>
<p class=MsoNormal> ip route $1
128.0.0.0/1 $parms2 $parms3"<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> *) it="ip route $1 $parms
$parms2 $parms3"<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> oops="`eval $it 2>&1`"<o:p></o:p></p>
<p class=MsoNormal> st=$?<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" = " "
-a " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent error, exit status
$st"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" != " "
-o " $st" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo "$0: doroute \`$it' failed
($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> return $st<o:p></o:p></p>
<p class=MsoNormal>}<o:p></o:p></p>
<p class=MsoNormal> <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># the big choice<o:p></o:p></p>
<p class=MsoNormal>case "$PLUTO_VERB:$1" in<o:p></o:p></p>
<p class=MsoNormal>prepare-host:*|prepare-client:*)<o:p></o:p></p>
<p class=MsoNormal> # delete possibly-existing route
(preliminary to adding a route)<o:p></o:p></p>
<p class=MsoNormal> case
"$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in<o:p></o:p></p>
<p class=MsoNormal> "0.0.0.0/0.0.0.0")<o:p></o:p></p>
<p class=MsoNormal> # need to provide route that
eclipses default, without <o:p></o:p></p>
<p class=MsoNormal> # replacing it.<o:p></o:p></p>
<p class=MsoNormal> parms1="0.0.0.0/1"<o:p></o:p></p>
<p class=MsoNormal> parms2="128.0.0.0/1"<o:p></o:p></p>
<p class=MsoNormal> it="ip route delete
$parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS
2>&1"<o:p></o:p></p>
<p class=MsoNormal> oops="`ip route delete
$parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS
2>&1`"<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> *)<o:p></o:p></p>
<p class=MsoNormal> parms="$PLUTO_PEER_CLIENT
$IPROUTEARGS"<o:p></o:p></p>
<p class=MsoNormal> if [ -n
"$IPROUTETABLE" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> parms="$parms table
$IPROUTETABLE"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> it="ip route delete
$parms 2>&1"<o:p></o:p></p>
<p class=MsoNormal> oops="`ip route delete
$parms 2>&1`"<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> status="$?"<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" = " "
-a " $status" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> oops="silent error,
exit status $status"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> case "$oops" in<o:p></o:p></p>
<p class=MsoNormal> *'RTNETLINK answers: No such process'*) <o:p></o:p></p>
<p class=MsoNormal> # This is what route
(currently -- not documented!) gives<o:p></o:p></p>
<p class=MsoNormal> # for "could not find such
a route".<o:p></o:p></p>
<p class=MsoNormal> oops=<o:p></o:p></p>
<p class=MsoNormal> status=0<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal> esac<o:p></o:p></p>
<p class=MsoNormal> if test " $oops" != " "
-o " $status" != " 0"<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> echo "$0: \`$it' failed
($oops)" >&2<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> exit $status<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>route-host:*|route-client:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me or my client subnet being
routed<o:p></o:p></p>
<p class=MsoNormal> uproute<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>unroute-host:*|unroute-client:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me or my client subnet being
unrouted<o:p></o:p></p>
<p class=MsoNormal> downroute<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>up-host:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me coming up<o:p></o:p></p>
<p class=MsoNormal> uprule<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> iptables -I INPUT 1 -i $PLUTO_INTERFACE -p
$PLUTO_MY_PROTOCOL \<o:p></o:p></p>
<p class=MsoNormal> -s
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \<o:p></o:p></p>
<p class=MsoNormal> -d $PLUTO_ME $D_MY_PORT -j ACCEPT<o:p></o:p></p>
<p class=MsoNormal> iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p
$PLUTO_PEER_PROTOCOL \<o:p></o:p></p>
<p class=MsoNormal> -s $PLUTO_ME $S_MY_PORT \<o:p></o:p></p>
<p class=MsoNormal> -d
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT<o:p></o:p></p>
<p class=MsoNormal> #<o:p></o:p></p>
<p class=MsoNormal> if [ "$PLUTO_PEER_CLIENT" ==
"$PLUTO_PEER/32" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> logger -t $TAG -p $FAC_PRIO \<o:p></o:p></p>
<p class=MsoNormal> "+ `echo -e $PLUTO_PEER_ID`
$PLUTO_PEER -- $PLUTO_ME"<o:p></o:p></p>
<p class=MsoNormal> else<o:p></o:p></p>
<p class=MsoNormal> logger -t $TAG -p $FAC_PRIO \<o:p></o:p></p>
<p class=MsoNormal> "+ `echo -e $PLUTO_PEER_ID`
$PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>down-host:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me going down<o:p></o:p></p>
<p class=MsoNormal> downrule<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> iptables -D INPUT -i $PLUTO_INTERFACE -p
$PLUTO_MY_PROTOCOL \<o:p></o:p></p>
<p class=MsoNormal> -s
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \<o:p></o:p></p>
<p class=MsoNormal> -d $PLUTO_ME $D_MY_PORT -j ACCEPT<o:p></o:p></p>
<p class=MsoNormal> iptables -D OUTPUT -o $PLUTO_INTERFACE -p
$PLUTO_PEER_PROTOCOL \<o:p></o:p></p>
<p class=MsoNormal> -s $PLUTO_ME $S_MY_PORT \<o:p></o:p></p>
<p class=MsoNormal> -d
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT<o:p></o:p></p>
<p class=MsoNormal> #<o:p></o:p></p>
<p class=MsoNormal> if [ "$PLUTO_PEER_CLIENT" ==
"$PLUTO_PEER/32" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> logger -t $TAG -p $FAC_PRIO -- \<o:p></o:p></p>
<p class=MsoNormal> "- `echo -e $PLUTO_PEER_ID`
$PLUTO_PEER -- $PLUTO_ME"<o:p></o:p></p>
<p class=MsoNormal> else<o:p></o:p></p>
<p class=MsoNormal> logger -t $TAG -p $FAC_PRIO -- \<o:p></o:p></p>
<p class=MsoNormal> "- `echo -e $PLUTO_PEER_ID`
$PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>up-client:)<o:p></o:p></p>
<p class=MsoNormal> # connection to my client subnet coming up<o:p></o:p></p>
<p class=MsoNormal> uprule<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p
$PLUTO_PEER_PROTOCOL \<o:p></o:p></p>
<p class=MsoNormal> -s
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \<o:p></o:p></p>
<p class=MsoNormal> -d
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT<o:p></o:p></p>
<p class=MsoNormal> iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p
$PLUTO_MY_PROTOCOL \<o:p></o:p></p>
<p class=MsoNormal> -s
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \<o:p></o:p></p>
<p class=MsoNormal> -d
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j ACCEPT<o:p></o:p></p>
<p class=MsoNormal> #<o:p></o:p></p>
<p class=MsoNormal> if [ "$PLUTO_PEER_CLIENT" ==
"$PLUTO_PEER/32" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> logger -t $TAG -p $FAC_PRIO \<o:p></o:p></p>
<p class=MsoNormal> "+ `echo -e $PLUTO_PEER_ID`
$PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"<o:p></o:p></p>
<p class=MsoNormal> else<o:p></o:p></p>
<p class=MsoNormal> logger -t $TAG -p $FAC_PRIO \<o:p></o:p></p>
<p class=MsoNormal> "+ `echo -e $PLUTO_PEER_ID`
$PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>down-client:)<o:p></o:p></p>
<p class=MsoNormal> # connection to my client subnet going down<o:p></o:p></p>
<p class=MsoNormal> downrule<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> iptables -D FORWARD -o $PLUTO_INTERFACE -p
$PLUTO_PEER_PROTOCOL \<o:p></o:p></p>
<p class=MsoNormal> -s
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \<o:p></o:p></p>
<p class=MsoNormal> -d
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT<o:p></o:p></p>
<p class=MsoNormal> iptables -D FORWARD -i $PLUTO_INTERFACE -p
$PLUTO_MY_PROTOCOL \<o:p></o:p></p>
<p class=MsoNormal> -s
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \<o:p></o:p></p>
<p class=MsoNormal> -d
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT -j ACCEPT<o:p></o:p></p>
<p class=MsoNormal> #<o:p></o:p></p>
<p class=MsoNormal> if [ "$PLUTO_PEER_CLIENT" ==
"$PLUTO_PEER/32" ]<o:p></o:p></p>
<p class=MsoNormal> then<o:p></o:p></p>
<p class=MsoNormal> logger -t $TAG -p $FAC_PRIO -- \<o:p></o:p></p>
<p class=MsoNormal> "- `echo -e $PLUTO_PEER_ID`
$PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"<o:p></o:p></p>
<p class=MsoNormal> else<o:p></o:p></p>
<p class=MsoNormal> logger -t $TAG -p $FAC_PRIO -- \<o:p></o:p></p>
<p class=MsoNormal> "- `echo -e $PLUTO_PEER_ID`
$PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"<o:p></o:p></p>
<p class=MsoNormal> fi<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>up-client:ipfwadm)<o:p></o:p></p>
<p class=MsoNormal> # connection to client subnet, with
(left/right)firewall=yes, coming up<o:p></o:p></p>
<p class=MsoNormal> uprule<o:p></o:p></p>
<p class=MsoNormal> # This is used only by the default updown
script, not by your custom<o:p></o:p></p>
<p class=MsoNormal> # ones, so do not mess with it; see CAUTION
comment up at top.<o:p></o:p></p>
<p class=MsoNormal> ipfwadm -F -i accept -b -S
$PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \<o:p></o:p></p>
<p class=MsoNormal> -D
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>down-client:ipfwadm)<o:p></o:p></p>
<p class=MsoNormal> # connection to client subnet, with
(left/right)firewall=yes, going down<o:p></o:p></p>
<p class=MsoNormal> downrule<o:p></o:p></p>
<p class=MsoNormal> # This is used only by the default updown
script, not by your custom<o:p></o:p></p>
<p class=MsoNormal> # ones, so do not mess with it; see CAUTION
comment up at top.<o:p></o:p></p>
<p class=MsoNormal> ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK
\<o:p></o:p></p>
<p class=MsoNormal> -D
$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># IPv6<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>prepare-host-v6:*|prepare-client-v6:*)<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>route-host-v6:*|route-client-v6:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me or my client subnet being
routed<o:p></o:p></p>
<p class=MsoNormal> #uproute_v6<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>unroute-host-v6:*|unroute-client-v6:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me or my client subnet being
unrouted<o:p></o:p></p>
<p class=MsoNormal> #downroute_v6<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>up-host-v6:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me coming up<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>down-host-v6:*)<o:p></o:p></p>
<p class=MsoNormal> # connection to me going down<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>up-client-v6:)<o:p></o:p></p>
<p class=MsoNormal> # connection to my client subnet coming up<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>down-client-v6:)<o:p></o:p></p>
<p class=MsoNormal> # connection to my client subnet going down<o:p></o:p></p>
<p class=MsoNormal> # If you are doing a custom version,
firewall commands go here.<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>*) echo "$0: unknown verb \`$PLUTO_VERB' or
parameter \`$1'" >&2<o:p></o:p></p>
<p class=MsoNormal> exit 1<o:p></o:p></p>
<p class=MsoNormal> ;;<o:p></o:p></p>
<p class=MsoNormal>esac<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/net/dev<o:p></o:p></p>
<p class=MsoNormal>+ cat /proc/net/dev<o:p></o:p></p>
<p class=MsoNormal>Inter-|
Receive | Transmit<o:p></o:p></p>
<p class=MsoNormal> face |bytes packets errs drop fifo frame compressed
multicast|bytes packets errs drop fifo colls carrier compressed<o:p></o:p></p>
<p class=MsoNormal> lo: 926479 9870 0 0 0 0 0
0 926479 9870 0 0 0 0 0 0<o:p></o:p></p>
<p class=MsoNormal> eth0:2321885841 37765700 1 0 0 268
0 0 3679595053 31386605 10 0 4 0 6 0<o:p></o:p></p>
<p class=MsoNormal> eth1:3851924850 32767269 1 0 0 603 0
0 1855012576 38176231 28 0 4 0 24 0<o:p></o:p></p>
<p class=MsoNormal> eth2: 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0<o:p></o:p></p>
<p class=MsoNormal> sit0: 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/net/route<o:p></o:p></p>
<p class=MsoNormal>+ cat /proc/net/route<o:p></o:p></p>
<p class=MsoNormal>Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
<o:p></o:p></p>
<p class=MsoNormal>eth0 80744141 00000000 0001 0 0 0 80FFFFFF 0 0 0
<o:p></o:p></p>
<p class=MsoNormal>eth0 0000010A 81744141 0003 0 0 0 00FFFFFF 0 0 0
<o:p></o:p></p>
<p class=MsoNormal>eth1 0000A8C0 00000000 0001 0 0 0 0000FFFF 0 0 0
<o:p></o:p></p>
<p class=MsoNormal>eth0 00000000 81744141 0003 0 0 0 00000000 0 0 0
<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/sys/net/ipv4/ip_forward<o:p></o:p></p>
<p class=MsoNormal>+ cat /proc/sys/net/ipv4/ip_forward<o:p></o:p></p>
<p class=MsoNormal>1<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/sys/net/ipv4/tcp_ecn<o:p></o:p></p>
<p class=MsoNormal>+ cat /proc/sys/net/ipv4/tcp_ecn<o:p></o:p></p>
<p class=MsoNormal>0<o:p></o:p></p>
<p class=MsoNormal>+ _________________________
/proc/sys/net/ipv4/conf/star-rp_filter<o:p></o:p></p>
<p class=MsoNormal>+ cd /proc/sys/net/ipv4/conf<o:p></o:p></p>
<p class=MsoNormal>+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter
eth1/rp_filter lo/rp_filter<o:p></o:p></p>
<p class=MsoNormal>all/rp_filter:0<o:p></o:p></p>
<p class=MsoNormal>default/rp_filter:0<o:p></o:p></p>
<p class=MsoNormal>eth0/rp_filter:1<o:p></o:p></p>
<p class=MsoNormal>eth1/rp_filter:1<o:p></o:p></p>
<p class=MsoNormal>lo/rp_filter:0<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter<o:p></o:p></p>
<p class=MsoNormal>+ cd /proc/sys/net/ipv4/conf<o:p></o:p></p>
<p class=MsoNormal>+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter
eth1/rp_filter lo/rp_filter<o:p></o:p></p>
<p class=MsoNormal>all/rp_filter:0<o:p></o:p></p>
<p class=MsoNormal>default/rp_filter:0<o:p></o:p></p>
<p class=MsoNormal>eth0/rp_filter:1<o:p></o:p></p>
<p class=MsoNormal>eth1/rp_filter:1<o:p></o:p></p>
<p class=MsoNormal>lo/rp_filter:0<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects<o:p></o:p></p>
<p class=MsoNormal>+ cd /proc/sys/net/ipv4/conf<o:p></o:p></p>
<p class=MsoNormal>+ egrep '^' all/accept_redirects all/secure_redirects
all/send_redirects default/accept_redirects default/secure_redirects
default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects
eth1/accept_redirects eth1/secure_redirects eth1/send_redirects
lo/accept_redirects lo/secure_redirects lo/send_redirects<o:p></o:p></p>
<p class=MsoNormal>all/accept_redirects:0<o:p></o:p></p>
<p class=MsoNormal>all/secure_redirects:1<o:p></o:p></p>
<p class=MsoNormal>all/send_redirects:0<o:p></o:p></p>
<p class=MsoNormal>default/accept_redirects:0<o:p></o:p></p>
<p class=MsoNormal>default/secure_redirects:1<o:p></o:p></p>
<p class=MsoNormal>default/send_redirects:0<o:p></o:p></p>
<p class=MsoNormal>eth0/accept_redirects:0<o:p></o:p></p>
<p class=MsoNormal>eth0/secure_redirects:1<o:p></o:p></p>
<p class=MsoNormal>eth0/send_redirects:0<o:p></o:p></p>
<p class=MsoNormal>eth1/accept_redirects:0<o:p></o:p></p>
<p class=MsoNormal>eth1/secure_redirects:1<o:p></o:p></p>
<p class=MsoNormal>eth1/send_redirects:0<o:p></o:p></p>
<p class=MsoNormal>lo/accept_redirects:0<o:p></o:p></p>
<p class=MsoNormal>lo/secure_redirects:1<o:p></o:p></p>
<p class=MsoNormal>lo/send_redirects:0<o:p></o:p></p>
<p class=MsoNormal>+ _________________________
/proc/sys/net/ipv4/tcp_window_scaling<o:p></o:p></p>
<p class=MsoNormal>+ cat /proc/sys/net/ipv4/tcp_window_scaling<o:p></o:p></p>
<p class=MsoNormal>1<o:p></o:p></p>
<p class=MsoNormal>+ _________________________
/proc/sys/net/ipv4/tcp_adv_win_scale<o:p></o:p></p>
<p class=MsoNormal>+ cat /proc/sys/net/ipv4/tcp_adv_win_scale<o:p></o:p></p>
<p class=MsoNormal>2<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ uname-a<o:p></o:p></p>
<p class=MsoNormal>+ uname -a<o:p></o:p></p>
<p class=MsoNormal>Linux txgw 2.6.18-6-686 #1 SMP Mon Oct 13 16:13:09 UTC 2008
i686 GNU/Linux<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ config-built-with<o:p></o:p></p>
<p class=MsoNormal>+ test -r /proc/config_built_with<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ distro-release<o:p></o:p></p>
<p class=MsoNormal>+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<o:p></o:p></p>
<p class=MsoNormal>+ test -f /etc/redhat-release<o:p></o:p></p>
<p class=MsoNormal>+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<o:p></o:p></p>
<p class=MsoNormal>+ test -f /etc/debian-release<o:p></o:p></p>
<p class=MsoNormal>+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<o:p></o:p></p>
<p class=MsoNormal>+ test -f /etc/SuSE-release<o:p></o:p></p>
<p class=MsoNormal>+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<o:p></o:p></p>
<p class=MsoNormal>+ test -f /etc/mandrake-release<o:p></o:p></p>
<p class=MsoNormal>+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<o:p></o:p></p>
<p class=MsoNormal>+ test -f /etc/mandriva-release<o:p></o:p></p>
<p class=MsoNormal>+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release<o:p></o:p></p>
<p class=MsoNormal>+ test -f /etc/gentoo-release<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/net/ipsec_version<o:p></o:p></p>
<p class=MsoNormal>+ test -r /proc/net/ipsec_version<o:p></o:p></p>
<p class=MsoNormal>+ test -r /proc/net/pfkey<o:p></o:p></p>
<p class=MsoNormal>++ uname -r<o:p></o:p></p>
<p class=MsoNormal>+ echo 'NETKEY (2.6.18-6-686) support detected '<o:p></o:p></p>
<p class=MsoNormal>NETKEY (2.6.18-6-686) support detected <o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipfwadm<o:p></o:p></p>
<p class=MsoNormal>+ test -r /sbin/ipfwadm<o:p></o:p></p>
<p class=MsoNormal>+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'<o:p></o:p></p>
<p class=MsoNormal>/usr/lib/ipsec/barf: line 305: no old-style linux 1.x/2.0
ipfwadm firewall support: No such file or directory<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ ipchains<o:p></o:p></p>
<p class=MsoNormal>+ test -r /sbin/ipchains<o:p></o:p></p>
<p class=MsoNormal>+ echo 'no old-style linux 2.0 ipchains firewall support'<o:p></o:p></p>
<p class=MsoNormal>no old-style linux 2.0 ipchains firewall support<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ iptables<o:p></o:p></p>
<p class=MsoNormal>+ test -r /sbin/iptables<o:p></o:p></p>
<p class=MsoNormal>+ iptables -L -v -n<o:p></o:p></p>
<p class=MsoNormal>Chain INPUT (policy DROP 11 packets, 1219 bytes)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 226K 36M INETIN 0 -- eth0 *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> 554K 119M ACCEPT 0 -- * *
192.168.0.0/16 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ACCEPT 0 -- lo *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> 738 252K ACCEPT udp -- eth1 *
0.0.0.0/0 0.0.0.0/0 udp dpt:67 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain FORWARD (policy DROP 135 packets, 44405 bytes)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 15M 12G INETIN 0 -- eth0 eth1
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> 13M 2334M INETOUT 0 -- eth1 eth0
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal>79355 11M ACCEPT 0 -- !eth0 !eth0
192.168.0.0/16 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain OUTPUT (policy ACCEPT 728K packets, 90M bytes)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 217K 95M INETOUT 0 -- * eth0
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain DMZIN (0 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain DMZOUT (0 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain INETIN (2 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 4091 458K TREJECT 0 -- * *
0.0.0.0/0 0.0.0.0/0 state INVALID <o:p></o:p></p>
<p class=MsoNormal> 0 0 TREJECT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 5 <o:p></o:p></p>
<p class=MsoNormal> 0 0 TREJECT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 9 <o:p></o:p></p>
<p class=MsoNormal> 0 0 TREJECT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 10 <o:p></o:p></p>
<p class=MsoNormal> 0 0 TREJECT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 15 <o:p></o:p></p>
<p class=MsoNormal> 0 0 TREJECT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 16 <o:p></o:p></p>
<p class=MsoNormal> 0 0 TREJECT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 17 <o:p></o:p></p>
<p class=MsoNormal> 0 0 TREJECT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 18 <o:p></o:p></p>
<p class=MsoNormal> 237 18964 ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 15/sec burst 5 <o:p></o:p></p>
<p class=MsoNormal> 0 0 TREJECT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp type 8 <o:p></o:p></p>
<p class=MsoNormal>19123 2382K ACCEPT icmp -- * *
0.0.0.0/0 0.0.0.0/0 icmp !type 8 <o:p></o:p></p>
<p class=MsoNormal> 280 71748 UDPACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:500 <o:p></o:p></p>
<p class=MsoNormal> 9604 6689K UDPACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:4500 <o:p></o:p></p>
<p class=MsoNormal> 15M 12G ACCEPT 0 -- * *
0.0.0.0/0 0.0.0.0/0 state ESTABLISHED <o:p></o:p></p>
<p class=MsoNormal> 0 0 TCPACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED <o:p></o:p></p>
<p class=MsoNormal> 0 0 UDPACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED <o:p></o:p></p>
<p class=MsoNormal> 109K 19M TREJECT 0 -- * *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain INETOUT (2 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 0 0 ACCEPT tcp -- * *
0.0.0.0/0 5.6.7.131 tcp dpt:25 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ACCEPT tcp -- * *
0.0.0.0/0 5.6.7.140 tcp dpt:25 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ACCEPT tcp -- * *
0.0.0.0/0 72.167.218.85 tcp dpt:25 <o:p></o:p></p>
<p class=MsoNormal> 0 0 REJECT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:25 reject-with icmp-port-unreachable
<o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp dpt:554 LOG flags 0 level 4 prefix
`RTSP DETECTED: ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG udp -- * *
0.0.0.0/0 0.0.0.0/0 udp dpt:554 LOG flags 0 level 4 prefix
`RTSP DETECTED: ' <o:p></o:p></p>
<p class=MsoNormal> 13M 2429M ACCEPT 0 -- * *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain LDROP (0 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG tcp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 6 prefix `TCP Dropped ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG udp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 6 prefix `UDP Dropped ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG icmp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 6 prefix `ICMP Dropped ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG 0 -f * * 0.0.0.0/0
0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix
`FRAGMENT Dropped ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 DROP 0 -- * *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain LREJECT (0 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG tcp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 6 prefix `TCP Rejected ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG udp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 6 prefix `UDP Rejected ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG icmp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 6 prefix `ICMP Rejected ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG 0 -f * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 4 prefix `FRAGMENT Rejected ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 REJECT 0 -- * *
0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain LTREJECT (0 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 6 prefix `TCP
Rejected ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG udp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 6 prefix `UDP Rejected ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG icmp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 6 prefix `ICMP Rejected ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG 0 -f * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 4 prefix `FRAGMENT Rejected ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 REJECT tcp -- * *
0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset <o:p></o:p></p>
<p class=MsoNormal> 0 0 REJECT udp -- * *
0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable <o:p></o:p></p>
<p class=MsoNormal> 0 0 DROP icmp -- * *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> 0 0 REJECT 0 -- * *
0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain TCPACCEPT (29 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 488 26768 ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 625/sec
burst 5 <o:p></o:p></p>
<p class=MsoNormal> 5 300 LOG tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 2/sec
burst 5 LOG flags 0 level 4 prefix `Possible SynFlood ' <o:p></o:p></p>
<p class=MsoNormal> 5 300 TREJECT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 <o:p></o:p></p>
<p class=MsoNormal> 247K 193M ACCEPT tcp -- * *
0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG 0 -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 4 prefix `Mismatch in TCPACCEPT ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 TREJECT 0 -- * *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain TREJECT (13 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal>11524 938K REJECT tcp -- * *
0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset <o:p></o:p></p>
<p class=MsoNormal>98555 18M REJECT udp -- * *
0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable <o:p></o:p></p>
<p class=MsoNormal> 1548 232K DROP icmp -- * *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> 1933 290K REJECT 0 -- * *
0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain UDPACCEPT (9 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal>10980 6845K ACCEPT udp -- * *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> 0 0 LOG 0 -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0
level 4 prefix `Mismatch on UDPACCEPT ' <o:p></o:p></p>
<p class=MsoNormal> 0 0 TREJECT 0 -- * *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain ULDROP (0 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG tcp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 ULOG
copy_range 0 nlgroup 1 prefix `LDROP_TCP' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG udp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 2/sec burst 5 ULOG copy_range 0 nlgroup 1 prefix
`LDROP_UDP' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG icmp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 ULOG
copy_range 0 nlgroup 1 prefix `LDROP_ICMP' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG 0 -f * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 ULOG
copy_range 0 nlgroup 1 prefix `LDROP_FRAG' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 DROP 0 -- * *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain ULREJECT (0 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG tcp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 ULOG
copy_range 0 nlgroup 1 prefix `LREJECT_TCP' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG udp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 ULOG
copy_range 0 nlgroup 1 prefix `LREJECT_UDP' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG icmp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 ULOG
copy_range 0 nlgroup 1 prefix `LREJECT_UDP' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG 0 -f * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 ULOG
copy_range 0 nlgroup 1 prefix `LREJECT_FRAG' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 REJECT 0 -- * *
0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain ULTREJECT (0 references)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG tcp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 ULOG copy_range
0 nlgroup 1 prefix `LTREJECT_TCP' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG udp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 ULOG
copy_range 0 nlgroup 1 prefix `LTREJECT_UDP' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG icmp -- * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 ULOG
copy_range 0 nlgroup 1 prefix `LTREJECT_ICMP' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 ULOG 0 -f * *
0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 ULOG
copy_range 0 nlgroup 1 prefix `LTREJECT_FRAG' queue_threshold 1 <o:p></o:p></p>
<p class=MsoNormal> 0 0 REJECT tcp -- * *
0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset <o:p></o:p></p>
<p class=MsoNormal> 0 0 REJECT udp -- * *
0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable <o:p></o:p></p>
<p class=MsoNormal> 0 0 DROP icmp -- * *
0.0.0.0/0 0.0.0.0/0 <o:p></o:p></p>
<p class=MsoNormal> 0 0 REJECT 0 -- * *
0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable <o:p></o:p></p>
<p class=MsoNormal>+ _________________________ iptables-nat<o:p></o:p></p>
<p class=MsoNormal>+ iptables -t nat -L -v -n<o:p></o:p></p>
<p class=MsoNormal>Chain PREROUTING (policy ACCEPT 1205K packets, 93M bytes)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 2102 126K DNAT tcp -- eth0 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:5666 to:192.168.0.25:5666 <o:p></o:p></p>
<p class=MsoNormal> 2119 127K DNAT tcp -- eth0 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:4444 to:192.168.0.56:4444 <o:p></o:p></p>
<p class=MsoNormal> 0 0 DNAT tcp -- eth0 *
0.0.0.0/0 0.0.0.0/0 tcp dpt:5060 to:192.168.0.38:5060 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain POSTROUTING (policy ACCEPT 449K packets, 22M bytes)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal> 793K 53M MASQUERADE 0 -- * eth0
192.168.0.0/16 !10.1.0.0/24 <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain OUTPUT (policy ACCEPT 434K packets, 21M bytes)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal>+ _________________________ iptables-mangle<o:p></o:p></p>
<p class=MsoNormal>+ iptables -t mangle -L -v -n<o:p></o:p></p>
<p class=MsoNormal>Chain PREROUTING (policy ACCEPT 69M packets, 39G bytes)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain INPUT (policy ACCEPT 1815K packets, 737M bytes)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain FORWARD (policy ACCEPT 68M packets, 39G bytes)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain OUTPUT (policy ACCEPT 1787K packets, 315M bytes)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out
source destination <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Chain POSTROUTING (policy ACCEPT 69M packets, 39G bytes)<o:p></o:p></p>
<p class=MsoNormal> pkts bytes target prot opt in out source destination
<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/modules<o:p></o:p></p>
<p class=MsoNormal>+ test -f /proc/modules<o:p></o:p></p>
<p class=MsoNormal>+ cat /proc/modules<o:p></o:p></p>
<p class=MsoNormal>ip_nat_h323 7104 0 - Live 0xd02dd000<o:p></o:p></p>
<p class=MsoNormal>ip_conntrack_h323 47676 1 ip_nat_h323, Live 0xd0347000<o:p></o:p></p>
<p class=MsoNormal>xfrm_user 20352 2 - Live 0xd0329000<o:p></o:p></p>
<p class=MsoNormal>xfrm4_tunnel 2624 0 - Live 0xd02db000<o:p></o:p></p>
<p class=MsoNormal>af_key 32016 0 - Live 0xd02c6000<o:p></o:p></p>
<p class=MsoNormal>xfrm4_mode_tunnel 2816 2 - Live 0xd02f9000<o:p></o:p></p>
<p class=MsoNormal>cls_u32 7716 2 - Live 0xd0316000<o:p></o:p></p>
<p class=MsoNormal>sch_sfq 5728 3 - Live 0xd0313000<o:p></o:p></p>
<p class=MsoNormal>sch_htb 15520 1 - Live 0xd0302000<o:p></o:p></p>
<p class=MsoNormal>deflate 3840 0 - Live 0xd0300000<o:p></o:p></p>
<p class=MsoNormal>zlib_deflate 18200 1 deflate, Live 0xd030d000<o:p></o:p></p>
<p class=MsoNormal>twofish 43136 0 - Live 0xd031d000<o:p></o:p></p>
<p class=MsoNormal>serpent 19008 0 - Live 0xd0307000<o:p></o:p></p>
<p class=MsoNormal>blowfish 9440 0 - Live 0xd02f5000<o:p></o:p></p>
<p class=MsoNormal>crypto_null 2656 0 - Live 0xd02f3000<o:p></o:p></p>
<p class=MsoNormal>tunnel4 3396 1 xfrm4_tunnel, Live 0xd02ef000<o:p></o:p></p>
<p class=MsoNormal>ipcomp 7336 0 - Live 0xd02ec000<o:p></o:p></p>
<p class=MsoNormal>esp4 7648 2 - Live 0xd02d8000<o:p></o:p></p>
<p class=MsoNormal>ah4 6336 0 - Live 0xd026b000<o:p></o:p></p>
<p class=MsoNormal>aes 28160 2 - Live 0xd02e4000<o:p></o:p></p>
<p class=MsoNormal>des 17536 0 - Live 0xd0285000<o:p></o:p></p>
<p class=MsoNormal>sha1 2656 2 - Live 0xd0283000<o:p></o:p></p>
<p class=MsoNormal>sha256 11104 0 - Live 0xd02d0000<o:p></o:p></p>
<p class=MsoNormal>ipt_MASQUERADE 3712 1 - Live 0xd026e000<o:p></o:p></p>
<p class=MsoNormal>xt_tcpudp 3136 52 - Live 0xd02c4000<o:p></o:p></p>
<p class=MsoNormal>iptable_mangle 2880 0 - Live 0xd024b000<o:p></o:p></p>
<p class=MsoNormal>iptable_nat 7044 1 - Live 0xd0260000<o:p></o:p></p>
<p class=MsoNormal>ip_nat 16876 3 ip_nat_h323,ipt_MASQUERADE,iptable_nat, Live
0xd027d000<o:p></o:p></p>
<p class=MsoNormal>ipt_REJECT 5248 12 - Live 0xd0263000<o:p></o:p></p>
<p class=MsoNormal>xt_limit 2752 29 - Live 0xd0247000<o:p></o:p></p>
<p class=MsoNormal>xt_state 2272 4 - Live 0xd0249000<o:p></o:p></p>
<p class=MsoNormal>ip_conntrack 49088 6
ip_nat_h323,ip_conntrack_h323,ipt_MASQUERADE,iptable_nat,ip_nat,xt_state, Live
0xd0270000<o:p></o:p></p>
<p class=MsoNormal>nfnetlink 6680 2 ip_nat,ip_conntrack, Live 0xd025d000<o:p></o:p></p>
<p class=MsoNormal>ipt_LOG 6112 17 - Live 0xd025a000<o:p></o:p></p>
<p class=MsoNormal>ipt_ULOG 7780 12 - Live 0xd0257000<o:p></o:p></p>
<p class=MsoNormal>iptable_filter 3104 1 - Live 0xd00fb000<o:p></o:p></p>
<p class=MsoNormal>ip_tables 13028 3 iptable_mangle,iptable_nat,iptable_filter,
Live 0xd0252000<o:p></o:p></p>
<p class=MsoNormal>x_tables 13316 9
ipt_MASQUERADE,xt_tcpudp,iptable_nat,ipt_REJECT,xt_limit,xt_state,ipt_LOG,ipt_ULOG,ip_tables,
Live 0xd024d000<o:p></o:p></p>
<p class=MsoNormal>button 6672 0 - Live 0xd0229000<o:p></o:p></p>
<p class=MsoNormal>ac 5188 0 - Live 0xd022c000<o:p></o:p></p>
<p class=MsoNormal>battery 9636 0 - Live 0xd0234000<o:p></o:p></p>
<p class=MsoNormal>ipv6 226272 28 - Live 0xd028b000<o:p></o:p></p>
<p class=MsoNormal>dm_snapshot 15552 0 - Live 0xd022f000<o:p></o:p></p>
<p class=MsoNormal>dm_mirror 19152 0 - Live 0xd014a000<o:p></o:p></p>
<p class=MsoNormal>dm_mod 50200 2 dm_snapshot,dm_mirror, Live 0xd0239000<o:p></o:p></p>
<p class=MsoNormal>loop 15048 0 - Live 0xd0150000<o:p></o:p></p>
<p class=MsoNormal>snd_intel8x0 30332 0 - Live 0xd0220000<o:p></o:p></p>
<p class=MsoNormal>snd_ac97_codec 83104 1 snd_intel8x0, Live 0xd0169000<o:p></o:p></p>
<p class=MsoNormal>snd_ac97_bus 2400 1 snd_ac97_codec, Live 0xd00fd000<o:p></o:p></p>
<p class=MsoNormal>snd_pcm 68676 2 snd_intel8x0,snd_ac97_codec, Live 0xd020e000<o:p></o:p></p>
<p class=MsoNormal>snd_timer 20996 1 snd_pcm, Live 0xd0128000<o:p></o:p></p>
<p class=MsoNormal>snd 47012 4 snd_intel8x0,snd_ac97_codec,snd_pcm,snd_timer,
Live 0xd0201000<o:p></o:p></p>
<p class=MsoNormal>snd_page_alloc 10184 2 snd_intel8x0,snd_pcm, Live 0xd00b3000<o:p></o:p></p>
<p class=MsoNormal>parport_pc 32132 0 - Live 0xd0160000<o:p></o:p></p>
<p class=MsoNormal>parport 33256 1 parport_pc, Live 0xd0156000<o:p></o:p></p>
<p class=MsoNormal>psmouse 35016 0 - Live 0xd0135000<o:p></o:p></p>
<p class=MsoNormal>i810_audio 32916 0 - Live 0xd0140000<o:p></o:p></p>
<p class=MsoNormal>ac97_codec 17196 1 i810_audio, Live 0xd012f000<o:p></o:p></p>
<p class=MsoNormal>pcspkr 3072 0 - Live 0xd00f9000<o:p></o:p></p>
<p class=MsoNormal>serio_raw 6660 0 - Live 0xd0017000<o:p></o:p></p>
<p class=MsoNormal>soundcore 9248 2 snd,i810_audio, Live 0xd00f0000<o:p></o:p></p>
<p class=MsoNormal>shpchp 33024 0 - Live 0xd011e000<o:p></o:p></p>
<p class=MsoNormal>pci_hotplug 28704 1 shpchp, Live 0xd00c4000<o:p></o:p></p>
<p class=MsoNormal>rtc 12372 0 - Live 0xd00eb000<o:p></o:p></p>
<p class=MsoNormal>intel_agp 22204 1 - Live 0xd00e4000<o:p></o:p></p>
<p class=MsoNormal>agpgart 29896 1 intel_agp, Live 0xd00db000<o:p></o:p></p>
<p class=MsoNormal>evdev 9088 0 - Live 0xd00bb000<o:p></o:p></p>
<p class=MsoNormal>ext3 119240 2 - Live 0xd00ff000<o:p></o:p></p>
<p class=MsoNormal>jbd 52456 1 ext3, Live 0xd00cd000<o:p></o:p></p>
<p class=MsoNormal>mbcache 8356 1 ext3, Live 0xd00b7000<o:p></o:p></p>
<p class=MsoNormal>ide_cd 36064 0 - Live 0xd00a1000<o:p></o:p></p>
<p class=MsoNormal>cdrom 32544 1 ide_cd, Live 0xd007b000<o:p></o:p></p>
<p class=MsoNormal>ide_disk 14848 3 - Live 0xd001d000<o:p></o:p></p>
<p class=MsoNormal>8139too 25120 0 - Live 0xd00ab000<o:p></o:p></p>
<p class=MsoNormal>generic 4868 0 [permanent], Live 0xd0078000<o:p></o:p></p>
<p class=MsoNormal>ehci_hcd 28136 0 - Live 0xd0099000<o:p></o:p></p>
<p class=MsoNormal>8139cp 21920 0 - Live 0xd0092000<o:p></o:p></p>
<p class=MsoNormal>mii 5344 2 8139too,8139cp, Live 0xd0075000<o:p></o:p></p>
<p class=MsoNormal>tulip 46560 0 - Live 0xd0085000<o:p></o:p></p>
<p class=MsoNormal>piix 9444 0 [permanent], Live 0xd0022000<o:p></o:p></p>
<p class=MsoNormal>ide_core 110504 4 ide_cd,ide_disk,generic,piix, Live
0xd003c000<o:p></o:p></p>
<p class=MsoNormal>uhci_hcd 21164 0 - Live 0xd0035000<o:p></o:p></p>
<p class=MsoNormal>usbcore 112644 3 ehci_hcd,uhci_hcd, Live 0xd0058000<o:p></o:p></p>
<p class=MsoNormal>thermal 13608 0 - Live 0xd0030000<o:p></o:p></p>
<p class=MsoNormal>processor 28840 1 thermal, Live 0xd0027000<o:p></o:p></p>
<p class=MsoNormal>fan 4804 0 - Live 0xd001a000<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/meminfo<o:p></o:p></p>
<p class=MsoNormal>+ cat /proc/meminfo<o:p></o:p></p>
<p class=MsoNormal>MemTotal: 248888 kB<o:p></o:p></p>
<p class=MsoNormal>MemFree: 15272 kB<o:p></o:p></p>
<p class=MsoNormal>Buffers: 51988 kB<o:p></o:p></p>
<p class=MsoNormal>Cached: 134096 kB<o:p></o:p></p>
<p class=MsoNormal>SwapCached: 0 kB<o:p></o:p></p>
<p class=MsoNormal>Active: 93000 kB<o:p></o:p></p>
<p class=MsoNormal>Inactive: 108548 kB<o:p></o:p></p>
<p class=MsoNormal>HighTotal: 0 kB<o:p></o:p></p>
<p class=MsoNormal>HighFree: 0 kB<o:p></o:p></p>
<p class=MsoNormal>LowTotal: 248888 kB<o:p></o:p></p>
<p class=MsoNormal>LowFree: 15272 kB<o:p></o:p></p>
<p class=MsoNormal>SwapTotal: 0 kB<o:p></o:p></p>
<p class=MsoNormal>SwapFree: 0 kB<o:p></o:p></p>
<p class=MsoNormal>Dirty: 108 kB<o:p></o:p></p>
<p class=MsoNormal>Writeback: 0 kB<o:p></o:p></p>
<p class=MsoNormal>AnonPages: 15480 kB<o:p></o:p></p>
<p class=MsoNormal>Mapped: 6928 kB<o:p></o:p></p>
<p class=MsoNormal>Slab: 28300 kB<o:p></o:p></p>
<p class=MsoNormal>PageTables: 712 kB<o:p></o:p></p>
<p class=MsoNormal>NFS_Unstable: 0 kB<o:p></o:p></p>
<p class=MsoNormal>Bounce: 0 kB<o:p></o:p></p>
<p class=MsoNormal>CommitLimit: 124444 kB<o:p></o:p></p>
<p class=MsoNormal>Committed_AS: 483732 kB<o:p></o:p></p>
<p class=MsoNormal>VmallocTotal: 778232 kB<o:p></o:p></p>
<p class=MsoNormal>VmallocUsed: 3244 kB<o:p></o:p></p>
<p class=MsoNormal>VmallocChunk: 774824 kB<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ /proc/net/ipsec-ls<o:p></o:p></p>
<p class=MsoNormal>+ test -f /proc/net/ipsec_version<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ usr/src/linux/.config<o:p></o:p></p>
<p class=MsoNormal>+ test -f /proc/config.gz<o:p></o:p></p>
<p class=MsoNormal>++ uname -r<o:p></o:p></p>
<p class=MsoNormal>+ test -f /lib/modules/2.6.18-6-686/build/.config<o:p></o:p></p>
<p class=MsoNormal>+ echo 'no .config file found, cannot list kernel
properties'<o:p></o:p></p>
<p class=MsoNormal>no .config file found, cannot list kernel properties<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ etc/syslog.conf<o:p></o:p></p>
<p class=MsoNormal>+ cat /etc/syslog.conf<o:p></o:p></p>
<p class=MsoNormal># /etc/syslog.conf Configuration file for syslogd.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># For more
information see syslog.conf(5)<o:p></o:p></p>
<p class=MsoNormal># manpage.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># First some standard logfiles. Log by facility.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>auth,authpriv.* /var/log/auth.log<o:p></o:p></p>
<p class=MsoNormal>*.*;auth,authpriv.none -/var/log/syslog<o:p></o:p></p>
<p class=MsoNormal>#cron.* /var/log/cron.log<o:p></o:p></p>
<p class=MsoNormal>daemon.* -/var/log/daemon.log<o:p></o:p></p>
<p class=MsoNormal>kern.* -/var/log/kern.log<o:p></o:p></p>
<p class=MsoNormal>lpr.* -/var/log/lpr.log<o:p></o:p></p>
<p class=MsoNormal>mail.* -/var/log/mail.log<o:p></o:p></p>
<p class=MsoNormal>user.* -/var/log/user.log<o:p></o:p></p>
<p class=MsoNormal>uucp.* /var/log/uucp.log<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># Logging for the mail system. Split it up so that<o:p></o:p></p>
<p class=MsoNormal># it is easy to write scripts to parse these files.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>mail.info -/var/log/mail.info<o:p></o:p></p>
<p class=MsoNormal>mail.warn -/var/log/mail.warn<o:p></o:p></p>
<p class=MsoNormal>mail.err /var/log/mail.err<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># Logging for INN news system<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>news.crit /var/log/news/news.crit<o:p></o:p></p>
<p class=MsoNormal>news.err /var/log/news/news.err<o:p></o:p></p>
<p class=MsoNormal>news.notice -/var/log/news/news.notice<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># Some `catch-all' logfiles.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>*.=debug;\<o:p></o:p></p>
<p class=MsoNormal> auth,authpriv.none;\<o:p></o:p></p>
<p class=MsoNormal> news.none;mail.none -/var/log/debug<o:p></o:p></p>
<p class=MsoNormal>*.=info;*.=notice;*.=warn;\<o:p></o:p></p>
<p class=MsoNormal> auth,authpriv.none;\<o:p></o:p></p>
<p class=MsoNormal> cron,daemon.none;\<o:p></o:p></p>
<p class=MsoNormal> mail,news.none -/var/log/messages<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># Emergencies are sent to everybody logged in.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>*.emerg *<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># I like to have messages displayed on the console, but only
on a virtual<o:p></o:p></p>
<p class=MsoNormal># console I usually leave idle.<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>#daemon,mail.*;\<o:p></o:p></p>
<p class=MsoNormal># news.=crit;news.=err;news.=notice;\<o:p></o:p></p>
<p class=MsoNormal># *.=debug;*.=info;\<o:p></o:p></p>
<p class=MsoNormal># *.=notice;*.=warn /dev/tty8<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal># The named pipe /dev/xconsole is for the `xconsole'
utility. To use it,<o:p></o:p></p>
<p class=MsoNormal># you must invoke `xconsole' with the `-file' option:<o:p></o:p></p>
<p class=MsoNormal># <o:p></o:p></p>
<p class=MsoNormal># $ xconsole -file /dev/xconsole [...]<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal># NOTE: adjust the list below, or you'll go crazy if you have
a reasonably<o:p></o:p></p>
<p class=MsoNormal># busy site..<o:p></o:p></p>
<p class=MsoNormal>#<o:p></o:p></p>
<p class=MsoNormal>daemon.*;mail.*;\<o:p></o:p></p>
<p class=MsoNormal> news.crit;news.err;news.notice;\<o:p></o:p></p>
<p class=MsoNormal> *.=debug;*.=info;\<o:p></o:p></p>
<p class=MsoNormal> *.=notice;*.=warn |/dev/xconsole<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>+ _________________________ etc/syslog-ng/syslog-ng.conf<o:p></o:p></p>
<p class=MsoNormal>+ cat /etc/syslog-ng/syslog-ng.conf<o:p></o:p></p>
<p class=MsoNormal>cat: /etc/syslog-ng/syslog-ng.conf: No such file or
directory<o:p></o:p></p>
<p class=MsoNormal>+ _________________________ etc/resolv.conf<o:p></o:p></p>
<p class=MsoNormal>+ cat /etc/resolv.conf<o:p></o:p></p>
<p class=MsoNormal> search example.com hrdpt.com<o:p></o:p></p>
<p class=MsoNormal> nameserver 192.168.0.1<o:p></o:p></p>
<p class=MsoNormal> nameserver 206.16.27.185<o:p></o:p></p>
<p class=MsoNormal> nameserver 208.67.220.220<o:p></o:p></p>
<p class=MsoNormal> + _________________________ lib/modules-ls<o:p></o:p></p>
<p class=MsoNormal> + ls -ltr /lib/modules<o:p></o:p></p>
<p class=MsoNormal> total 4<o:p></o:p></p>
<p class=MsoNormal> drwxr-xr-x 3 root root 4096 Feb 27 2009
2.6.18-6-686<o:p></o:p></p>
<p class=MsoNormal> + _________________________
/proc/ksyms-netif_rx<o:p></o:p></p>
<p class=MsoNormal> + test -r /proc/ksyms<o:p></o:p></p>
<p class=MsoNormal> + test -r /proc/kallsyms<o:p></o:p></p>
<p class=MsoNormal> + egrep netif_rx /proc/kallsyms<o:p></o:p></p>
<p class=MsoNormal> c022823a T __netif_rx_schedule<o:p></o:p></p>
<p class=MsoNormal> c0229278 T netif_rx<o:p></o:p></p>
<p class=MsoNormal> c022a624 T netif_rx_ni<o:p></o:p></p>
<p class=MsoNormal> c0229278 U netif_rx [ipv6]<o:p></o:p></p>
<p class=MsoNormal> c022823a U __netif_rx_schedule [8139too]<o:p></o:p></p>
<p class=MsoNormal> c022823a U __netif_rx_schedule [8139cp]<o:p></o:p></p>
<p class=MsoNormal> c022823a U __netif_rx_schedule [tulip]<o:p></o:p></p>
<p class=MsoNormal> + _________________________ lib/modules-netif_rx<o:p></o:p></p>
<p class=MsoNormal> + modulegoo kernel/net/ipv4/ipip.o netif_rx<o:p></o:p></p>
<p class=MsoNormal> + set +x<o:p></o:p></p>
<p class=MsoNormal> 2.6.18-6-686: <o:p></o:p></p>
<p class=MsoNormal> + _________________________ kern.debug<o:p></o:p></p>
<p class=MsoNormal> + test -f /var/log/kern.debug<o:p></o:p></p>
<p class=MsoNormal> + _________________________ klog<o:p></o:p></p>
<p class=MsoNormal> + sed -n '23919,$p' /var/log/daemon.log.0<o:p></o:p></p>
<p class=MsoNormal> + egrep -i 'ipsec|klips|pluto'<o:p></o:p></p>
<p class=MsoNormal> + case "$1" in<o:p></o:p></p>
<p class=MsoNormal> + cat<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw ipsec_setup: Starting
Openswan IPsec 2.4.12...<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw ipsec__plutorun: 104
"ar-to-tx" #1: STATE_MAIN_I1: initiate<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw ipsec__plutorun:
...could not start conn "ar-to-tx"<o:p></o:p></p>
<p class=MsoNormal> + _________________________ plog<o:p></o:p></p>
<p class=MsoNormal> + sed -n '5153,$p' /var/log/auth.log<o:p></o:p></p>
<p class=MsoNormal> + egrep -i pluto<o:p></o:p></p>
<p class=MsoNormal> + case "$1" in<o:p></o:p></p>
<p class=MsoNormal> + cat<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw ipsec__plutorun:
Starting Pluto subsystem...<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: Starting
Pluto (Openswan Version 2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR;
Vendor ID OE`lPH|Vbpuu)<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: Setting
NAT-Traversal port-4500 floating to on<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: port
floating activation criteria nat_t=1/port_fload=1<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]:
including NAT-Traversal patch (Version 0.6c)<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]:
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: no
helpers will be started, all cryptographic operations will be done inline<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: Using
NETKEY IPsec interface code on 2.6.18-6-686<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: Changing
to directory '/etc/ipsec.d/cacerts'<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: Changing
to directory '/etc/ipsec.d/aacerts'<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: Changing
to directory '/etc/ipsec.d/ocspcerts'<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: Changing
to directory '/etc/ipsec.d/crls'<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]:
Warning: empty directory<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: added
connection description "ar-to-tx"<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: listening
for IKE messages<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: adding
interface eth1/eth1 192.168.0.1:500<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: adding
interface eth1/eth1 192.168.0.1:4500<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: adding
interface eth0/eth0 5.6.7.8:500<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: adding
interface eth0/eth0 5.6.7.8:4500<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: adding
interface lo/lo 127.0.0.1:500<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: adding
interface lo/lo 127.0.0.1:4500<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: adding
interface lo/lo ::1:500<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]: loading
secrets from "/etc/ipsec.secrets"<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:09 txgw pluto[13034]:
"ar-to-tx" #1: initiating Main Mode<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:10 txgw pluto[13034]: packet
from 1.2.3.4:500: ignoring informational payload, type NO_PROPOSAL_CHOSEN<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:10 txgw pluto[13034]: packet
from 1.2.3.4:500: received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]: packet
from 1.2.3.4:500: received Vendor ID payload [Openswan (this version) 2.4.12
LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]: packet
from 1.2.3.4:500: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]: packet
from 1.2.3.4:500: received Vendor ID payload [RFC 3947] method set to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]: packet
from 1.2.3.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
meth=108, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]: packet
from 1.2.3.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
meth=107, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]: packet
from 1.2.3.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]: packet
from 1.2.3.4:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #2: responding to Main Mode<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #2: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #2: STATE_MAIN_R1: sent MR1, expecting MI2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #2: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #2: STATE_MAIN_R2: sent MR2, expecting MI3<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #2: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #2: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #2: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #3: responding to Quick Mode {msgid:fe394aa3}<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #3: transition from state STATE_QUICK_R0 to state
STATE_QUICK_R1<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:17 txgw pluto[13034]:
"ar-to-tx" #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
expecting QI2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:18 txgw pluto[13034]:
"ar-to-tx" #3: transition from state STATE_QUICK_R1 to state
STATE_QUICK_R2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:18 txgw pluto[13034]:
"ar-to-tx" #3: STATE_QUICK_R2: IPsec SA established
{ESP=>0x87dcdd6b <0x3c1e4804 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:19 txgw pluto[13034]:
"ar-to-tx" #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP
{using isakmp#1}<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:20 txgw pluto[13034]:
"ar-to-tx" #4: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:20 txgw pluto[13034]:
"ar-to-tx" #4: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x5af2e6ba <0x3bace3ca xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:34 txgw pluto[13034]:
"ar-to-tx" #5: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP
{using isakmp#2}<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:34 txgw pluto[13034]:
"ar-to-tx" #5: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 22:21:34 txgw pluto[13034]:
"ar-to-tx" #5: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0xcd5bc96c <0xc670e365 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:11 txgw pluto[13034]:
"ar-to-tx" #6: initiating Main Mode to replace #1<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:11 txgw pluto[13034]:
"ar-to-tx" #6: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:11 txgw pluto[13034]:
"ar-to-tx" #6: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:11 txgw pluto[13034]:
"ar-to-tx" #6: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:11 txgw pluto[13034]:
"ar-to-tx" #6: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:11 txgw pluto[13034]:
"ar-to-tx" #6: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:11 txgw pluto[13034]:
"ar-to-tx" #6: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:12 txgw pluto[13034]:
"ar-to-tx" #6: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:12 txgw pluto[13034]:
"ar-to-tx" #6: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:12 txgw pluto[13034]:
"ar-to-tx" #6: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:12 txgw pluto[13034]:
"ar-to-tx" #6: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:12 txgw pluto[13034]:
"ar-to-tx" #6: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:12 txgw pluto[13034]:
"ar-to-tx" #6: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:12 txgw pluto[13034]:
"ar-to-tx" #6: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:50 txgw pluto[13034]:
"ar-to-tx" #7: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP
{using isakmp#6}<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:50 txgw pluto[13034]:
"ar-to-tx" #7: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:12:50 txgw pluto[13034]:
"ar-to-tx" #7: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x9b658684 <0xa58a0ac4 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:21:18 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:21:19 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:42 txgw pluto[13034]:
"ar-to-tx" #8: initiating Main Mode to replace #6<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:42 txgw pluto[13034]:
"ar-to-tx" #8: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:42 txgw pluto[13034]:
"ar-to-tx" #8: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:42 txgw pluto[13034]:
"ar-to-tx" #8: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:42 txgw pluto[13034]:
"ar-to-tx" #8: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:42 txgw pluto[13034]:
"ar-to-tx" #8: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:42 txgw pluto[13034]:
"ar-to-tx" #8: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:43 txgw pluto[13034]:
"ar-to-tx" #8: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:43 txgw pluto[13034]:
"ar-to-tx" #8: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:43 txgw pluto[13034]:
"ar-to-tx" #8: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:43 txgw pluto[13034]:
"ar-to-tx" #8: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:44 txgw pluto[13034]:
"ar-to-tx" #8: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:44 txgw pluto[13034]:
"ar-to-tx" #8: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 22 23:58:44 txgw pluto[13034]:
"ar-to-tx" #8: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:12:12 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: initiating Main Mode to replace #8<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:44:06 txgw pluto[13034]:
"ar-to-tx" #9: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 00:58:45 txgw pluto[13034]: packet from
1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: initiating Main Mode to replace #9<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:34:27 txgw pluto[13034]:
"ar-to-tx" #10: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 01:44:06 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:16 txgw pluto[13034]:
"ar-to-tx" #11: initiating Main Mode to replace #10<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]: "ar-to-tx"
#11: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:23:17 txgw pluto[13034]:
"ar-to-tx" #11: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 02:34:27 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:09 txgw pluto[13034]:
"ar-to-tx" #12: initiating Main Mode to replace #11<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:09 txgw pluto[13034]:
"ar-to-tx" #12: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:09 txgw pluto[13034]:
"ar-to-tx" #12: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:09 txgw pluto[13034]:
"ar-to-tx" #12: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:09 txgw pluto[13034]:
"ar-to-tx" #12: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:09 txgw pluto[13034]:
"ar-to-tx" #12: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:09 txgw pluto[13034]:
"ar-to-tx" #12: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:10 txgw pluto[13034]:
"ar-to-tx" #12: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:10 txgw pluto[13034]:
"ar-to-tx" #12: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:10 txgw pluto[13034]:
"ar-to-tx" #12: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:10 txgw pluto[13034]:
"ar-to-tx" #12: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:10 txgw pluto[13034]:
"ar-to-tx" #12: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:10 txgw pluto[13034]:
"ar-to-tx" #12: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:06:10 txgw pluto[13034]:
"ar-to-tx" #12: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:23:17 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:54 txgw pluto[13034]:
"ar-to-tx" #13: initiating Main Mode to replace #12<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:54 txgw pluto[13034]:
"ar-to-tx" #13: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:54 txgw pluto[13034]:
"ar-to-tx" #13: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:54 txgw pluto[13034]:
"ar-to-tx" #13: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:54 txgw pluto[13034]:
"ar-to-tx" #13: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:54 txgw pluto[13034]:
"ar-to-tx" #13: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:54 txgw pluto[13034]:
"ar-to-tx" #13: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:54 txgw pluto[13034]:
"ar-to-tx" #13: I did not send a certificate because I do not have one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:54 txgw pluto[13034]:
"ar-to-tx" #13: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:54 txgw pluto[13034]:
"ar-to-tx" #13: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:54 txgw pluto[13034]:
"ar-to-tx" #13: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:55 txgw pluto[13034]:
"ar-to-tx" #13: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:55 txgw pluto[13034]:
"ar-to-tx" #13: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 03:49:55 txgw pluto[13034]:
"ar-to-tx" #13: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:06:10 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: initiating Main Mode to replace #13<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:33:07 txgw pluto[13034]:
"ar-to-tx" #14: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 04:49:55 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: initiating Main Mode to replace #14<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:21:18 txgw pluto[13034]:
"ar-to-tx" #15: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 05:33:07 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:32 txgw pluto[13034]:
"ar-to-tx" #16: initiating Main Mode to replace #15<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:09:33 txgw pluto[13034]:
"ar-to-tx" #16: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:21:18 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:21:18 txgw pluto[13034]:
"ar-to-tx" #16: ignoring Delete SA payload: PROTO_IPSEC_ESP
SA(0x87dcdd6b) not found (maybe expired)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:21:18 txgw pluto[13034]:
"ar-to-tx" #16: received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:21:21 txgw pluto[13034]:
"ar-to-tx" #16: ignoring Delete SA payload: PROTO_IPSEC_ESP
SA(0x5af2e6ba) not found (maybe expired)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:21:21 txgw pluto[13034]:
"ar-to-tx" #16: received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:21:34 txgw pluto[13034]:
"ar-to-tx" #16: ignoring Delete SA payload: PROTO_IPSEC_ESP
SA(0xcd5bc96c) not found (maybe expired)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:21:34 txgw pluto[13034]:
"ar-to-tx" #16: received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: initiating Main Mode to replace #16<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:56:28 txgw pluto[13034]:
"ar-to-tx" #17: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:59:24 txgw pluto[13034]:
"ar-to-tx" #18: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP to
replace #7 {using isakmp#17}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:59:25 txgw pluto[13034]:
"ar-to-tx" #18: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 06:59:25 txgw pluto[13034]:
"ar-to-tx" #18: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x34e17b86 <0xf3c5495d xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:09:33 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:12:50 txgw pluto[13034]:
"ar-to-tx" #17: ignoring Delete SA payload: PROTO_IPSEC_ESP
SA(0x9b658684) not found (maybe expired)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:12:50 txgw pluto[13034]:
"ar-to-tx" #17: received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:35 txgw pluto[13034]:
"ar-to-tx" #19: initiating Main Mode to replace #17<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:35 txgw pluto[13034]:
"ar-to-tx" #19: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:35 txgw pluto[13034]:
"ar-to-tx" #19: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:35 txgw pluto[13034]:
"ar-to-tx" #19: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:35 txgw pluto[13034]:
"ar-to-tx" #19: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:35 txgw pluto[13034]:
"ar-to-tx" #19: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:35 txgw pluto[13034]:
"ar-to-tx" #19: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:35 txgw pluto[13034]:
"ar-to-tx" #19: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:35 txgw pluto[13034]:
"ar-to-tx" #19: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:35 txgw pluto[13034]:
"ar-to-tx" #19: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:35 txgw pluto[13034]:
"ar-to-tx" #19: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:36 txgw pluto[13034]:
"ar-to-tx" #19: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:36 txgw pluto[13034]:
"ar-to-tx" #19: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:43:36 txgw pluto[13034]:
"ar-to-tx" #19: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 07:56:28 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:16 txgw pluto[13034]:
"ar-to-tx" #20: initiating Main Mode to replace #19<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:16 txgw pluto[13034]:
"ar-to-tx" #20: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:16 txgw pluto[13034]:
"ar-to-tx" #20: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:16 txgw pluto[13034]:
"ar-to-tx" #20: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:16 txgw pluto[13034]:
"ar-to-tx" #20: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:16 txgw pluto[13034]:
"ar-to-tx" #20: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:16 txgw pluto[13034]:
"ar-to-tx" #20: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:16 txgw pluto[13034]:
"ar-to-tx" #20: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:16 txgw pluto[13034]:
"ar-to-tx" #20: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:16 txgw pluto[13034]:
"ar-to-tx" #20: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:16 txgw pluto[13034]:
"ar-to-tx" #20: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:17 txgw pluto[13034]:
"ar-to-tx" #20: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:17 txgw pluto[13034]:
"ar-to-tx" #20: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:29:17 txgw pluto[13034]:
"ar-to-tx" #20: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 08:43:36 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:02 txgw pluto[13034]:
"ar-to-tx" #21: initiating Main Mode to replace #20<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:02 txgw pluto[13034]:
"ar-to-tx" #21: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:02 txgw pluto[13034]:
"ar-to-tx" #21: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:02 txgw pluto[13034]:
"ar-to-tx" #21: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:02 txgw pluto[13034]:
"ar-to-tx" #21: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:02 txgw pluto[13034]:
"ar-to-tx" #21: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:02 txgw pluto[13034]:
"ar-to-tx" #21: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:02 txgw pluto[13034]:
"ar-to-tx" #21: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:02 txgw pluto[13034]:
"ar-to-tx" #21: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:02 txgw pluto[13034]:
"ar-to-tx" #21: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:02 txgw pluto[13034]:
"ar-to-tx" #21: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:03 txgw pluto[13034]: "ar-to-tx"
#21: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:03 txgw pluto[13034]:
"ar-to-tx" #21: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:13:03 txgw pluto[13034]:
"ar-to-tx" #21: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:29:17 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: initiating Main Mode to replace #21<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 09:59:48 txgw pluto[13034]:
"ar-to-tx" #22: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:13:03 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:07 txgw pluto[13034]:
"ar-to-tx" #23: initiating Main Mode to replace #22<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: I did not send a certificate because I do not have one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:44:08 txgw pluto[13034]:
"ar-to-tx" #23: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 10:59:48 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:24 txgw pluto[13034]:
"ar-to-tx" #24: initiating Main Mode to replace #23<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:24 txgw pluto[13034]:
"ar-to-tx" #24: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:24 txgw pluto[13034]:
"ar-to-tx" #24: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:24 txgw pluto[13034]:
"ar-to-tx" #24: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:24 txgw pluto[13034]:
"ar-to-tx" #24: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:24 txgw pluto[13034]:
"ar-to-tx" #24: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:24 txgw pluto[13034]:
"ar-to-tx" #24: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:25 txgw pluto[13034]:
"ar-to-tx" #24: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:25 txgw pluto[13034]:
"ar-to-tx" #24: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:25 txgw pluto[13034]:
"ar-to-tx" #24: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:25 txgw pluto[13034]:
"ar-to-tx" #24: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:25 txgw pluto[13034]:
"ar-to-tx" #24: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:25 txgw pluto[13034]:
"ar-to-tx" #24: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:33:25 txgw pluto[13034]:
"ar-to-tx" #24: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: packet
from 24.16.32.113:500: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: packet
from 24.16.32.113:500: sending notification PAYLOAD_MALFORMED to
24.16.32.113:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: packet
from 24.16.32.113:500: received Vendor ID payload [RFC 3947] method set to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: packet
from 24.16.32.113:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:46 txgw pluto[13034]: packet
from 24.16.32.113:500: initial Main Mode message received on 5.6.7.8:500 but no
connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: packet
from 24.16.32.113:500: received Vendor ID payload [RFC 3947] method set to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: packet
from 24.16.32.113:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: packet
from 24.16.32.113:500: initial Main Mode message received on 5.6.7.8:500 but no
connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: packet
from 24.16.32.113:500: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:48 txgw pluto[13034]: packet
from 24.16.32.113:500: sending notification PAYLOAD_MALFORMED to
24.16.32.113:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: packet
from 24.16.32.113:500: received Vendor ID payload [RFC 3947] method set to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: packet
from 24.16.32.113:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: packet
from 24.16.32.113:500: initial Main Mode message received on 5.6.7.8:500 but no
connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: packet
from 24.16.32.113:500: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:50 txgw pluto[13034]: packet
from 24.16.32.113:500: sending notification PAYLOAD_MALFORMED to
24.16.32.113:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: packet
from 24.16.32.113:500: received Vendor ID payload [RFC 3947] method set to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: packet
from 24.16.32.113:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: packet
from 24.16.32.113:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: packet
from 24.16.32.113:500: initial Main Mode message received on 5.6.7.8:500 but no
connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: packet
from 24.16.32.113:500: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:39:54 txgw pluto[13034]: packet
from 24.16.32.113:500: sending notification PAYLOAD_MALFORMED to
24.16.32.113:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 11:44:08 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:26 txgw pluto[13034]:
"ar-to-tx" #25: initiating Main Mode to replace #24<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:26 txgw pluto[13034]:
"ar-to-tx" #25: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:26 txgw pluto[13034]:
"ar-to-tx" #25: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:26 txgw pluto[13034]:
"ar-to-tx" #25: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:26 txgw pluto[13034]:
"ar-to-tx" #25: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:26 txgw pluto[13034]:
"ar-to-tx" #25: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:26 txgw pluto[13034]:
"ar-to-tx" #25: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:27 txgw pluto[13034]:
"ar-to-tx" #25: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:27 txgw pluto[13034]:
"ar-to-tx" #25: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:27 txgw pluto[13034]:
"ar-to-tx" #25: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:27 txgw pluto[13034]:
"ar-to-tx" #25: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:27 txgw pluto[13034]:
"ar-to-tx" #25: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:27 txgw pluto[13034]:
"ar-to-tx" #25: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:22:27 txgw pluto[13034]:
"ar-to-tx" #25: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 12:33:25 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:19 txgw pluto[13034]:
"ar-to-tx" #26: initiating Main Mode to replace #25<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:19 txgw pluto[13034]:
"ar-to-tx" #26: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:19 txgw pluto[13034]:
"ar-to-tx" #26: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:19 txgw pluto[13034]:
"ar-to-tx" #26: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:19 txgw pluto[13034]:
"ar-to-tx" #26: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:19 txgw pluto[13034]:
"ar-to-tx" #26: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:19 txgw pluto[13034]:
"ar-to-tx" #26: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:19 txgw pluto[13034]:
"ar-to-tx" #26: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:19 txgw pluto[13034]:
"ar-to-tx" #26: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:19 txgw pluto[13034]:
"ar-to-tx" #26: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:19 txgw pluto[13034]:
"ar-to-tx" #26: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:20 txgw pluto[13034]:
"ar-to-tx" #26: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:20 txgw pluto[13034]:
"ar-to-tx" #26: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:09:20 txgw pluto[13034]:
"ar-to-tx" #26: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:22:27 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: packet
from 121.135.236.40:500: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: packet
from 121.135.236.40:500: sending notification PAYLOAD_MALFORMED to
121.135.236.40:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: packet
from 121.135.236.40:500: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: packet
from 121.135.236.40:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:09 txgw pluto[13034]: packet
from 121.135.236.40:500: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: packet
from 121.135.236.40:500: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: packet
from 121.135.236.40:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: packet
from 121.135.236.40:500: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: packet
from 121.135.236.40:500: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:11 txgw pluto[13034]: packet
from 121.135.236.40:500: sending notification PAYLOAD_MALFORMED to
121.135.236.40:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: packet
from 121.135.236.40:500: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: packet
from 121.135.236.40:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: packet
from 121.135.236.40:500: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: packet
from 121.135.236.40:500: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:13 txgw pluto[13034]: packet
from 121.135.236.40:500: sending notification PAYLOAD_MALFORMED to
121.135.236.40:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: packet
from 121.135.236.40:500: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: packet
from 121.135.236.40:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: packet
from 121.135.236.40:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: packet
from 121.135.236.40:500: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: packet
from 121.135.236.40:500: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 13:54:17 txgw pluto[13034]: packet
from 121.135.236.40:500: sending notification PAYLOAD_MALFORMED to
121.135.236.40:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: initiating Main Mode to replace #26<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:00:01 txgw pluto[13034]:
"ar-to-tx" #27: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:09:19 txgw pluto[13034]:
"ar-to-tx" #26: received Delete SA payload: deleting ISAKMP State #26<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:09:19 txgw pluto[13034]: packet
from 1.2.3.4:500: received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:41:42 txgw pluto[13034]:
"ar-to-tx" #28: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP to
replace #18 {using isakmp#27}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:41:43 txgw pluto[13034]:
"ar-to-tx" #28: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:41:43 txgw pluto[13034]:
"ar-to-tx" #28: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x746548e4 <0x52a9ec94 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: initiating Main Mode to replace #27<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:46:38 txgw pluto[13034]:
"ar-to-tx" #29: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:59:25 txgw pluto[13034]:
"ar-to-tx" #29: ignoring Delete SA payload: PROTO_IPSEC_ESP
SA(0x34e17b86) not found (maybe expired)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 14:59:25 txgw pluto[13034]:
"ar-to-tx" #29: received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:00:01 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: packet
from 93.97.77.164:59551: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: packet
from 93.97.77.164:59551: sending notification PAYLOAD_MALFORMED to
93.97.77.164:59551<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: packet
from 93.97.77.164:59551: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: packet
from 93.97.77.164:59551: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:40 txgw pluto[13034]: packet
from 93.97.77.164:59551: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: packet
from 93.97.77.164:59551: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: packet
from 93.97.77.164:59551: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: packet
from 93.97.77.164:59551: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: packet
from 93.97.77.164:59551: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:41 txgw pluto[13034]: packet
from 93.97.77.164:59551: sending notification PAYLOAD_MALFORMED to
93.97.77.164:59551<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: packet
from 93.97.77.164:59551: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: packet
from 93.97.77.164:59551: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: packet
from 93.97.77.164:59551: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: packet
from 93.97.77.164:59551: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:43 txgw pluto[13034]: packet
from 93.97.77.164:59551: sending notification PAYLOAD_MALFORMED to
93.97.77.164:59551<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: packet
from 93.97.77.164:59551: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: packet
from 93.97.77.164:59551: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: packet
from 93.97.77.164:59551: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: packet
from 93.97.77.164:59551: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: packet
from 93.97.77.164:59551: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:13:47 txgw pluto[13034]: packet
from 93.97.77.164:59551: sending notification PAYLOAD_MALFORMED to
93.97.77.164:59551<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:51 txgw pluto[13034]:
"ar-to-tx" #30: initiating Main Mode to replace #29<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:28:52 txgw pluto[13034]:
"ar-to-tx" #30: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: packet
from 207.219.39.179:500: next payload type of ISAKMP Message has an unknown value:
133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: packet
from 207.219.39.179:500: sending notification PAYLOAD_MALFORMED to
207.219.39.179:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: packet
from 207.219.39.179:500: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: packet
from 207.219.39.179:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:09 txgw pluto[13034]: packet
from 207.219.39.179:500: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: packet
from 207.219.39.179:500: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: packet
from 207.219.39.179:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: packet
from 207.219.39.179:500: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: packet
from 207.219.39.179:500: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:11 txgw pluto[13034]: packet
from 207.219.39.179:500: sending notification PAYLOAD_MALFORMED to
207.219.39.179:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: packet
from 207.219.39.179:500: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: packet
from 207.219.39.179:500: sending notification PAYLOAD_MALFORMED to
207.219.39.179:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: packet from
207.219.39.179:500: received Vendor ID payload [RFC 3947] method set to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: packet
from 207.219.39.179:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:14 txgw pluto[13034]: packet
from 207.219.39.179:500: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: packet
from 207.219.39.179:500: next payload type of ISAKMP Message has an unknown
value: 133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: packet
from 207.219.39.179:500: sending notification PAYLOAD_MALFORMED to
207.219.39.179:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS-MamieExists]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000008]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: packet
from 207.219.39.179:500: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: packet
from 207.219.39.179:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [MS-Negotiation Discovery
Capable]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: packet
from 207.219.39.179:500: ignoring Vendor ID payload [IKE CGA version 1]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:34:18 txgw pluto[13034]: packet
from 207.219.39.179:500: initial Main Mode message received on 5.6.7.8:500 but
no connection has been authorized<o:p></o:p></p>
<p class=MsoNormal> Oct 23 15:46:38 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:43 txgw pluto[13034]:
"ar-to-tx" #31: initiating Main Mode to replace #30<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:43 txgw pluto[13034]:
"ar-to-tx" #31: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:43 txgw pluto[13034]:
"ar-to-tx" #31: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:43 txgw pluto[13034]:
"ar-to-tx" #31: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:43 txgw pluto[13034]:
"ar-to-tx" #31: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:43 txgw pluto[13034]:
"ar-to-tx" #31: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:43 txgw pluto[13034]:
"ar-to-tx" #31: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:44 txgw pluto[13034]:
"ar-to-tx" #31: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:44 txgw pluto[13034]:
"ar-to-tx" #31: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:44 txgw pluto[13034]:
"ar-to-tx" #31: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:44 txgw pluto[13034]:
"ar-to-tx" #31: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:44 txgw pluto[13034]:
"ar-to-tx" #31: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:44 txgw pluto[13034]:
"ar-to-tx" #31: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:16:44 txgw pluto[13034]:
"ar-to-tx" #31: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 16:28:52 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:43 txgw pluto[13034]:
"ar-to-tx" #32: initiating Main Mode to replace #31<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:43 txgw pluto[13034]:
"ar-to-tx" #32: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:43 txgw pluto[13034]:
"ar-to-tx" #32: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:43 txgw pluto[13034]:
"ar-to-tx" #32: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:43 txgw pluto[13034]:
"ar-to-tx" #32: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:43 txgw pluto[13034]:
"ar-to-tx" #32: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:43 txgw pluto[13034]:
"ar-to-tx" #32: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:44 txgw pluto[13034]:
"ar-to-tx" #32: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:44 txgw pluto[13034]:
"ar-to-tx" #32: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:44 txgw pluto[13034]:
"ar-to-tx" #32: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:44 txgw pluto[13034]:
"ar-to-tx" #32: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:44 txgw pluto[13034]:
"ar-to-tx" #32: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:44 txgw pluto[13034]:
"ar-to-tx" #32: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:02:44 txgw pluto[13034]:
"ar-to-tx" #32: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:16:44 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:13 txgw pluto[13034]: packet
from 91.67.5.190:500: next payload type of ISAKMP Message has an unknown value:
133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:13 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:13 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:13 txgw pluto[13034]: packet
from 91.67.5.190:500: sending notification PAYLOAD_MALFORMED to 91.67.5.190:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:14 txgw pluto[13034]: packet
from 91.67.5.190:500: next payload type of ISAKMP Message has an unknown value:
133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:14 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:14 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:14 txgw pluto[13034]: packet from
91.67.5.190:500: sending notification PAYLOAD_MALFORMED to 91.67.5.190:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:16 txgw pluto[13034]: packet
from 91.67.5.190:500: next payload type of ISAKMP Message has an unknown value:
133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:16 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:16 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:16 txgw pluto[13034]: packet
from 91.67.5.190:500: sending notification PAYLOAD_MALFORMED to 91.67.5.190:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:20 txgw pluto[13034]: packet
from 91.67.5.190:500: next payload type of ISAKMP Message has an unknown value:
133<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:20 txgw pluto[13034]: | payload
malformed after IV<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:20 txgw pluto[13034]: | <o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:27:20 txgw pluto[13034]: packet
from 91.67.5.190:500: sending notification PAYLOAD_MALFORMED to 91.67.5.190:500<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:19 txgw pluto[13034]:
"ar-to-tx" #33: initiating Main Mode to replace #32<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]: "ar-to-tx"
#33: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 17:45:20 txgw pluto[13034]:
"ar-to-tx" #33: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:02:44 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:16 txgw pluto[13034]:
"ar-to-tx" #34: initiating Main Mode to replace #33<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:30:17 txgw pluto[13034]:
"ar-to-tx" #34: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 18:45:20 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:07 txgw pluto[13034]:
"ar-to-tx" #35: initiating Main Mode to replace #34<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:07 txgw pluto[13034]:
"ar-to-tx" #35: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:07 txgw pluto[13034]: "ar-to-tx"
#35: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:07 txgw pluto[13034]:
"ar-to-tx" #35: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:07 txgw pluto[13034]:
"ar-to-tx" #35: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:07 txgw pluto[13034]:
"ar-to-tx" #35: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:07 txgw pluto[13034]:
"ar-to-tx" #35: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:08 txgw pluto[13034]:
"ar-to-tx" #35: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:08 txgw pluto[13034]:
"ar-to-tx" #35: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:08 txgw pluto[13034]:
"ar-to-tx" #35: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:08 txgw pluto[13034]:
"ar-to-tx" #35: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:08 txgw pluto[13034]:
"ar-to-tx" #35: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:08 txgw pluto[13034]:
"ar-to-tx" #35: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:16:08 txgw pluto[13034]:
"ar-to-tx" #35: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 19:30:17 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:45 txgw pluto[13034]:
"ar-to-tx" #36: initiating Main Mode to replace #35<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:45 txgw pluto[13034]:
"ar-to-tx" #36: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:45 txgw pluto[13034]:
"ar-to-tx" #36: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:45 txgw pluto[13034]:
"ar-to-tx" #36: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:45 txgw pluto[13034]:
"ar-to-tx" #36: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:45 txgw pluto[13034]:
"ar-to-tx" #36: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:45 txgw pluto[13034]:
"ar-to-tx" #36: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:45 txgw pluto[13034]:
"ar-to-tx" #36: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:45 txgw pluto[13034]:
"ar-to-tx" #36: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:45 txgw pluto[13034]:
"ar-to-tx" #36: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:45 txgw pluto[13034]:
"ar-to-tx" #36: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:46 txgw pluto[13034]:
"ar-to-tx" #36: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:46 txgw pluto[13034]:
"ar-to-tx" #36: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:06:46 txgw pluto[13034]:
"ar-to-tx" #36: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:16:08 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: initiating Main Mode to replace #36<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 20:52:42 txgw pluto[13034]:
"ar-to-tx" #37: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:06:46 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:02 txgw pluto[13034]:
"ar-to-tx" #38: initiating Main Mode to replace #37<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:43:03 txgw pluto[13034]:
"ar-to-tx" #38: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 21:52:42 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:26:50 txgw pluto[13034]:
"ar-to-tx" #39: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP to
replace #28 {using isakmp#38}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:26:50 txgw pluto[13034]:
"ar-to-tx" #39: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:26:50 txgw pluto[13034]:
"ar-to-tx" #39: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0xb5e4a82a <0x621048b7 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:27:46 txgw pluto[13034]:
"ar-to-tx" #40: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP
{using isakmp#38}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:27:46 txgw pluto[13034]:
"ar-to-tx" #40: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:27:46 txgw pluto[13034]:
"ar-to-tx" #40: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x892c4b2d <0xafde8a5b xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:14 txgw pluto[13034]:
"ar-to-tx" #41: initiating Main Mode to replace #38<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:14 txgw pluto[13034]:
"ar-to-tx" #41: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:14 txgw pluto[13034]:
"ar-to-tx" #41: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:14 txgw pluto[13034]:
"ar-to-tx" #41: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:14 txgw pluto[13034]:
"ar-to-tx" #41: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:14 txgw pluto[13034]:
"ar-to-tx" #41: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:14 txgw pluto[13034]:
"ar-to-tx" #41: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:14 txgw pluto[13034]:
"ar-to-tx" #41: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:14 txgw pluto[13034]:
"ar-to-tx" #41: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:14 txgw pluto[13034]:
"ar-to-tx" #41: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:14 txgw pluto[13034]:
"ar-to-tx" #41: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:15 txgw pluto[13034]:
"ar-to-tx" #41: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:15 txgw pluto[13034]:
"ar-to-tx" #41: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:29:15 txgw pluto[13034]:
"ar-to-tx" #41: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:41:43 txgw pluto[13034]:
"ar-to-tx" #41: ignoring Delete SA payload: PROTO_IPSEC_ESP
SA(0x746548e4) not found (maybe expired)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:41:43 txgw pluto[13034]:
"ar-to-tx" #41: received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal> Oct 23 22:43:03 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:14 txgw pluto[13034]:
"ar-to-tx" #42: initiating Main Mode to replace #41<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:14 txgw pluto[13034]:
"ar-to-tx" #42: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:14 txgw pluto[13034]:
"ar-to-tx" #42: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:14 txgw pluto[13034]:
"ar-to-tx" #42: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:14 txgw pluto[13034]:
"ar-to-tx" #42: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:14 txgw pluto[13034]:
"ar-to-tx" #42: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:14 txgw pluto[13034]:
"ar-to-tx" #42: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:15 txgw pluto[13034]:
"ar-to-tx" #42: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:15 txgw pluto[13034]:
"ar-to-tx" #42: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:15 txgw pluto[13034]:
"ar-to-tx" #42: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:15 txgw pluto[13034]:
"ar-to-tx" #42: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:15 txgw pluto[13034]:
"ar-to-tx" #42: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:15 txgw pluto[13034]:
"ar-to-tx" #42: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:13:15 txgw pluto[13034]:
"ar-to-tx" #42: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 23 23:29:15 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:23 txgw pluto[13034]:
"ar-to-tx" #43: initiating Main Mode to replace #42<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:23 txgw pluto[13034]:
"ar-to-tx" #43: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:23 txgw pluto[13034]:
"ar-to-tx" #43: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:23 txgw pluto[13034]:
"ar-to-tx" #43: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:23 txgw pluto[13034]:
"ar-to-tx" #43: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:23 txgw pluto[13034]:
"ar-to-tx" #43: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:23 txgw pluto[13034]:
"ar-to-tx" #43: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:33 txgw pluto[13034]:
"ar-to-tx" #43: I did not send a certificate because I do not have one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:33 txgw pluto[13034]:
"ar-to-tx" #43: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:33 txgw pluto[13034]:
"ar-to-tx" #43: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:33 txgw pluto[13034]:
"ar-to-tx" #43: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:34 txgw pluto[13034]:
"ar-to-tx" #43: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:34 txgw pluto[13034]:
"ar-to-tx" #43: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:03:34 txgw pluto[13034]:
"ar-to-tx" #43: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:13:15 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:58 txgw pluto[13034]:
"ar-to-tx" #44: initiating Main Mode to replace #43<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:58 txgw pluto[13034]:
"ar-to-tx" #44: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:58 txgw pluto[13034]:
"ar-to-tx" #44: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:58 txgw pluto[13034]:
"ar-to-tx" #44: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:58 txgw pluto[13034]:
"ar-to-tx" #44: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:58 txgw pluto[13034]:
"ar-to-tx" #44: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:58 txgw pluto[13034]:
"ar-to-tx" #44: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:58 txgw pluto[13034]:
"ar-to-tx" #44: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:58 txgw pluto[13034]:
"ar-to-tx" #44: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:58 txgw pluto[13034]:
"ar-to-tx" #44: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:58 txgw pluto[13034]:
"ar-to-tx" #44: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:59 txgw pluto[13034]:
"ar-to-tx" #44: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:59 txgw pluto[13034]:
"ar-to-tx" #44: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 00:45:59 txgw pluto[13034]:
"ar-to-tx" #44: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:03:34 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: initiating Main Mode to replace #44<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:31:10 txgw pluto[13034]:
"ar-to-tx" #45: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 01:45:59 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:28 txgw pluto[13034]:
"ar-to-tx" #46: initiating Main Mode to replace #45<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:18:29 txgw pluto[13034]:
"ar-to-tx" #46: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 02:31:10 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:07 txgw pluto[13034]:
"ar-to-tx" #47: initiating Main Mode to replace #46<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:07 txgw pluto[13034]:
"ar-to-tx" #47: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:07 txgw pluto[13034]:
"ar-to-tx" #47: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:07 txgw pluto[13034]:
"ar-to-tx" #47: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:07 txgw pluto[13034]:
"ar-to-tx" #47: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:07 txgw pluto[13034]:
"ar-to-tx" #47: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:07 txgw pluto[13034]:
"ar-to-tx" #47: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:08 txgw pluto[13034]:
"ar-to-tx" #47: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:08 txgw pluto[13034]:
"ar-to-tx" #47: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:08 txgw pluto[13034]:
"ar-to-tx" #47: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:08 txgw pluto[13034]:
"ar-to-tx" #47: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:08 txgw pluto[13034]:
"ar-to-tx" #47: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:08 txgw pluto[13034]:
"ar-to-tx" #47: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:07:08 txgw pluto[13034]:
"ar-to-tx" #47: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:18:29 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:13 txgw pluto[13034]:
"ar-to-tx" #48: initiating Main Mode to replace #47<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:13 txgw pluto[13034]:
"ar-to-tx" #48: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:13 txgw pluto[13034]:
"ar-to-tx" #48: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:13 txgw pluto[13034]:
"ar-to-tx" #48: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:13 txgw pluto[13034]:
"ar-to-tx" #48: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:13 txgw pluto[13034]:
"ar-to-tx" #48: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:13 txgw pluto[13034]:
"ar-to-tx" #48: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:13 txgw pluto[13034]:
"ar-to-tx" #48: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:13 txgw pluto[13034]:
"ar-to-tx" #48: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:13 txgw pluto[13034]:
"ar-to-tx" #48: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:13 txgw pluto[13034]:
"ar-to-tx" #48: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:14 txgw pluto[13034]:
"ar-to-tx" #48: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:14 txgw pluto[13034]:
"ar-to-tx" #48: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 03:57:14 txgw pluto[13034]:
"ar-to-tx" #48: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:07:08 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: initiating Main Mode to replace #48<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:40:39 txgw pluto[13034]:
"ar-to-tx" #49: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 04:57:14 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:34 txgw pluto[13034]:
"ar-to-tx" #50: initiating Main Mode to replace #49<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:29:35 txgw pluto[13034]:
"ar-to-tx" #50: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 05:40:39 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:20 txgw pluto[13034]:
"ar-to-tx" #51: initiating Main Mode to replace #50<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:20 txgw pluto[13034]:
"ar-to-tx" #51: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:20 txgw pluto[13034]:
"ar-to-tx" #51: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:20 txgw pluto[13034]:
"ar-to-tx" #51: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:20 txgw pluto[13034]:
"ar-to-tx" #51: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:20 txgw pluto[13034]:
"ar-to-tx" #51: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:20 txgw pluto[13034]:
"ar-to-tx" #51: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:21 txgw pluto[13034]:
"ar-to-tx" #51: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:21 txgw pluto[13034]:
"ar-to-tx" #51: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:21 txgw pluto[13034]:
"ar-to-tx" #51: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:21 txgw pluto[13034]:
"ar-to-tx" #51: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:21 txgw pluto[13034]:
"ar-to-tx" #51: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:21 txgw pluto[13034]:
"ar-to-tx" #51: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:14:21 txgw pluto[13034]:
"ar-to-tx" #51: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:17:27 txgw pluto[13034]:
"ar-to-tx" #52: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP to
replace #40 {using isakmp#51}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:17:27 txgw pluto[13034]:
"ar-to-tx" #52: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:17:27 txgw pluto[13034]:
"ar-to-tx" #52: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0x77c617f4 <0x98c50295 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:26:50 txgw pluto[13034]:
"ar-to-tx" #51: ignoring Delete SA payload: PROTO_IPSEC_ESP
SA(0xb5e4a82a) not found (maybe expired)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:26:50 txgw pluto[13034]:
"ar-to-tx" #51: received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:27:47 txgw pluto[13034]:
"ar-to-tx" #51: ignoring Delete SA payload: PROTO_IPSEC_ESP
SA(0x892c4b2d) not found (maybe expired)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:27:47 txgw pluto[13034]:
"ar-to-tx" #51: received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:29:35 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: initiating Main Mode to replace #51<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 06:59:30 txgw pluto[13034]:
"ar-to-tx" #53: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:14:21 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:33 txgw pluto[13034]:
"ar-to-tx" #54: initiating Main Mode to replace #53<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:46:34 txgw pluto[13034]:
"ar-to-tx" #54: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 07:59:30 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:29:59 txgw pluto[13034]:
"ar-to-tx" #55: initiating Main Mode to replace #54<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:29:59 txgw pluto[13034]:
"ar-to-tx" #55: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:29:59 txgw pluto[13034]:
"ar-to-tx" #55: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:29:59 txgw pluto[13034]:
"ar-to-tx" #55: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:29:59 txgw pluto[13034]:
"ar-to-tx" #55: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:29:59 txgw pluto[13034]:
"ar-to-tx" #55: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:29:59 txgw pluto[13034]:
"ar-to-tx" #55: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:30:00 txgw pluto[13034]:
"ar-to-tx" #55: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:30:00 txgw pluto[13034]:
"ar-to-tx" #55: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:30:00 txgw pluto[13034]:
"ar-to-tx" #55: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:30:00 txgw pluto[13034]:
"ar-to-tx" #55: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:30:00 txgw pluto[13034]: "ar-to-tx"
#55: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:30:00 txgw pluto[13034]:
"ar-to-tx" #55: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:30:00 txgw pluto[13034]:
"ar-to-tx" #55: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 08:46:34 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:39 txgw pluto[13034]:
"ar-to-tx" #56: initiating Main Mode to replace #55<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:39 txgw pluto[13034]:
"ar-to-tx" #56: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:39 txgw pluto[13034]:
"ar-to-tx" #56: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:39 txgw pluto[13034]:
"ar-to-tx" #56: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:39 txgw pluto[13034]:
"ar-to-tx" #56: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:39 txgw pluto[13034]:
"ar-to-tx" #56: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:39 txgw pluto[13034]:
"ar-to-tx" #56: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:39 txgw pluto[13034]:
"ar-to-tx" #56: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:39 txgw pluto[13034]:
"ar-to-tx" #56: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:39 txgw pluto[13034]:
"ar-to-tx" #56: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:39 txgw pluto[13034]:
"ar-to-tx" #56: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:40 txgw pluto[13034]:
"ar-to-tx" #56: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:40 txgw pluto[13034]:
"ar-to-tx" #56: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:12:40 txgw pluto[13034]:
"ar-to-tx" #56: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:30:00 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: initiating Main Mode to replace #56<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: I did not send a certificate because I do not have one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 09:55:34 txgw pluto[13034]:
"ar-to-tx" #57: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:12:41 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: initiating Main Mode to replace #57<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:38:40 txgw pluto[13034]:
"ar-to-tx" #58: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 10:55:34 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:56 txgw pluto[13034]:
"ar-to-tx" #59: initiating Main Mode to replace #58<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:25:57 txgw pluto[13034]:
"ar-to-tx" #59: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 11:38:40 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:58 txgw pluto[13034]:
"ar-to-tx" #60: initiating Main Mode to replace #59<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:58 txgw pluto[13034]:
"ar-to-tx" #60: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:58 txgw pluto[13034]:
"ar-to-tx" #60: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:58 txgw pluto[13034]:
"ar-to-tx" #60: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:58 txgw pluto[13034]:
"ar-to-tx" #60: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:58 txgw pluto[13034]:
"ar-to-tx" #60: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:58 txgw pluto[13034]:
"ar-to-tx" #60: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:59 txgw pluto[13034]:
"ar-to-tx" #60: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:59 txgw pluto[13034]:
"ar-to-tx" #60: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:59 txgw pluto[13034]:
"ar-to-tx" #60: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:59 txgw pluto[13034]:
"ar-to-tx" #60: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:59 txgw pluto[13034]:
"ar-to-tx" #60: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:59 txgw pluto[13034]:
"ar-to-tx" #60: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:11:59 txgw pluto[13034]:
"ar-to-tx" #60: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:25:57 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:18 txgw pluto[13034]:
"ar-to-tx" #61: initiating Main Mode to replace #60<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:18 txgw pluto[13034]:
"ar-to-tx" #61: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:18 txgw pluto[13034]:
"ar-to-tx" #61: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:18 txgw pluto[13034]:
"ar-to-tx" #61: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:18 txgw pluto[13034]:
"ar-to-tx" #61: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:18 txgw pluto[13034]:
"ar-to-tx" #61: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:18 txgw pluto[13034]:
"ar-to-tx" #61: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:18 txgw pluto[13034]:
"ar-to-tx" #61: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:18 txgw pluto[13034]:
"ar-to-tx" #61: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:18 txgw pluto[13034]:
"ar-to-tx" #61: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:18 txgw pluto[13034]:
"ar-to-tx" #61: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:19 txgw pluto[13034]:
"ar-to-tx" #61: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:19 txgw pluto[13034]:
"ar-to-tx" #61: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 12:55:19 txgw pluto[13034]:
"ar-to-tx" #61: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:11:59 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:25 txgw pluto[13034]:
"ar-to-tx" #62: initiating Main Mode to replace #61<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:25 txgw pluto[13034]:
"ar-to-tx" #62: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:25 txgw pluto[13034]:
"ar-to-tx" #62: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:25 txgw pluto[13034]:
"ar-to-tx" #62: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:25 txgw pluto[13034]:
"ar-to-tx" #62: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:25 txgw pluto[13034]:
"ar-to-tx" #62: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:25 txgw pluto[13034]:
"ar-to-tx" #62: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:25 txgw pluto[13034]:
"ar-to-tx" #62: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:25 txgw pluto[13034]:
"ar-to-tx" #62: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:25 txgw pluto[13034]:
"ar-to-tx" #62: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:25 txgw pluto[13034]:
"ar-to-tx" #62: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:26 txgw pluto[13034]:
"ar-to-tx" #62: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:26 txgw pluto[13034]:
"ar-to-tx" #62: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:39:26 txgw pluto[13034]:
"ar-to-tx" #62: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 13:55:19 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:02:06 txgw pluto[13034]:
"ar-to-tx" #63: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP to
replace #52 {using isakmp#62}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:02:06 txgw pluto[13034]:
"ar-to-tx" #63: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:02:06 txgw pluto[13034]:
"ar-to-tx" #63: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0xa0b28b32 <0x1bf9eb16 xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:17:27 txgw pluto[13034]:
"ar-to-tx" #62: ignoring Delete SA payload: PROTO_IPSEC_ESP
SA(0x77c617f4) not found (maybe expired)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:17:27 txgw pluto[13034]:
"ar-to-tx" #62: received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:25 txgw pluto[13034]:
"ar-to-tx" #64: initiating Main Mode to replace #62<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:25 txgw pluto[13034]:
"ar-to-tx" #64: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:25 txgw pluto[13034]:
"ar-to-tx" #64: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:25 txgw pluto[13034]:
"ar-to-tx" #64: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:25 txgw pluto[13034]:
"ar-to-tx" #64: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:25 txgw pluto[13034]:
"ar-to-tx" #64: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:25 txgw pluto[13034]:
"ar-to-tx" #64: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:25 txgw pluto[13034]:
"ar-to-tx" #64: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:25 txgw pluto[13034]:
"ar-to-tx" #64: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:25 txgw pluto[13034]:
"ar-to-tx" #64: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:25 txgw pluto[13034]:
"ar-to-tx" #64: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:26 txgw pluto[13034]:
"ar-to-tx" #64: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:26 txgw pluto[13034]:
"ar-to-tx" #64: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:29:26 txgw pluto[13034]:
"ar-to-tx" #64: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 14:39:26 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: initiating Main Mode to replace #64<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:16:28 txgw pluto[13034]:
"ar-to-tx" #65: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 15:29:26 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: initiating Main Mode to replace #65<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]: "ar-to-tx"
#66: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:01:17 txgw pluto[13034]:
"ar-to-tx" #66: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:16:28 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:47 txgw pluto[13034]:
"ar-to-tx" #67: initiating Main Mode to replace #66<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 16:44:48 txgw pluto[13034]:
"ar-to-tx" #67: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:01:17 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:45 txgw pluto[13034]:
"ar-to-tx" #68: initiating Main Mode to replace #67<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:45 txgw pluto[13034]:
"ar-to-tx" #68: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:45 txgw pluto[13034]:
"ar-to-tx" #68: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:45 txgw pluto[13034]:
"ar-to-tx" #68: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:45 txgw pluto[13034]:
"ar-to-tx" #68: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:45 txgw pluto[13034]:
"ar-to-tx" #68: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:45 txgw pluto[13034]:
"ar-to-tx" #68: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:46 txgw pluto[13034]:
"ar-to-tx" #68: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:46 txgw pluto[13034]:
"ar-to-tx" #68: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:46 txgw pluto[13034]:
"ar-to-tx" #68: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:46 txgw pluto[13034]:
"ar-to-tx" #68: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:46 txgw pluto[13034]:
"ar-to-tx" #68: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:46 txgw pluto[13034]:
"ar-to-tx" #68: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:35:46 txgw pluto[13034]:
"ar-to-tx" #68: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 17:44:48 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:54 txgw pluto[13034]:
"ar-to-tx" #69: initiating Main Mode to replace #68<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:54 txgw pluto[13034]:
"ar-to-tx" #69: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:54 txgw pluto[13034]:
"ar-to-tx" #69: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:54 txgw pluto[13034]:
"ar-to-tx" #69: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:54 txgw pluto[13034]:
"ar-to-tx" #69: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:54 txgw pluto[13034]:
"ar-to-tx" #69: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:54 txgw pluto[13034]:
"ar-to-tx" #69: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:54 txgw pluto[13034]:
"ar-to-tx" #69: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:54 txgw pluto[13034]:
"ar-to-tx" #69: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:54 txgw pluto[13034]:
"ar-to-tx" #69: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:54 txgw pluto[13034]:
"ar-to-tx" #69: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:55 txgw pluto[13034]:
"ar-to-tx" #69: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:55 txgw pluto[13034]:
"ar-to-tx" #69: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:19:55 txgw pluto[13034]:
"ar-to-tx" #69: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> Oct 24 18:35:46 txgw pluto[13034]: packet
from 1.2.3.4:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:35 txgw pluto[13034]:
"ar-to-tx" #70: initiating Main Mode to replace #69<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:35 txgw pluto[13034]:
"ar-to-tx" #70: received Vendor ID payload [Openswan (this version)
2.4.12 LDAP_V3 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:35 txgw pluto[13034]:
"ar-to-tx" #70: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:35 txgw pluto[13034]:
"ar-to-tx" #70: received Vendor ID payload [RFC 3947] method set
to=109 <o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:35 txgw pluto[13034]:
"ar-to-tx" #70: enabling possible NAT-traversal with method RFC 3947
(NAT-Traversal)<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:35 txgw pluto[13034]:
"ar-to-tx" #70: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:35 txgw pluto[13034]:
"ar-to-tx" #70: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:35 txgw pluto[13034]:
"ar-to-tx" #70: I did not send a certificate because I do not have
one.<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:35 txgw pluto[13034]:
"ar-to-tx" #70: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:35 txgw pluto[13034]:
"ar-to-tx" #70: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:35 txgw pluto[13034]:
"ar-to-tx" #70: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:36 txgw pluto[13034]:
"ar-to-tx" #70: Main mode peer ID is ID_FQDN: '@argw.example.com'<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:36 txgw pluto[13034]: "ar-to-tx"
#70: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4<o:p></o:p></p>
<p class=MsoNormal> Oct 24 19:07:36 txgw pluto[13034]:
"ar-to-tx" #70: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<o:p></o:p></p>
<p class=MsoNormal> + _________________________ date<o:p></o:p></p>
<p class=MsoNormal> + date<o:p></o:p></p>
<p class=MsoNormal>Sat Oct 24 19:09:55 EEST 2009<o:p></o:p></p>
</div>
</body>
</html>