<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EstiloCorreo17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Hi all!<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thank you for your quick response, the fact that makes me in
the need to “monitor” additionally the ipsec daemon its this:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>When I got disconnection I got the weird message of
“no connection has been authorized by polici = PSK “ but I have
discovere that if I restart the daemon itself the tunnel goes up again, or
maybe we can see why the tunnel doesn’t goes up? By the way im running
IPsec U2.6.27/K2.6.20.21<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Ill sending my log :<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thanks in advance!<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: received Vendor ID payload [RFC 3947] method set to=109<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: ignoring unknown Vendor ID payload
[8f8d83826d246b6fc7a8a6a428c11de8]<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: ignoring unknown Vendor ID payload
[439b59f8ba676c4c7737ae22eab8f582]<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: ignoring unknown Vendor ID payload
[4d1e0e136deafa34c4f3ea9f02ec7285]<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: ignoring unknown Vendor ID payload
[80d0bb3def54565ee84645d4c85ce3ee]<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: ignoring unknown Vendor ID payload
[9909b64eed937c6573de52ace952fa6b]<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: ignoring unknown Vendor ID payload
[16f6ca16e4a4066d83821a0f0aeaa862]<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: | nat-t
detected, sending nat-t VID<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
find_host_connection2 called from main_inI1_outR1, me=189.233.*.51:500
him=189.136.*.206:500 policy=none<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
find_host_pair: comparing to 189.233.*.51:500 187.145.*.141:500<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
find_host_pair_conn (find_host_connection2): 189.233.*.51:500 189.136.*.206:500
-> hp:none<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
find_host_connection2 returns empty<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
****parse IPsec DOI SIT:<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| IPsec DOI SIT: SIT_IDENTITY_ONLY<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
****parse ISAKMP Proposal Payload:<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| next payload type: ISAKMP_NEXT_NONE<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| length: 40<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| proposal number: 1<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| protocol ID: PROTO_ISAKMP<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| SPI size: 0<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| number of transforms: 1<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
*****parse ISAKMP Transform Payload (ISAKMP):<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| next payload type: ISAKMP_NEXT_NONE<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| length: 32<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| transform number: 1<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| transform ID: KEY_IKE<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
******parse ISAKMP Oakley attribute:<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| af+type: OAKLEY_LIFE_TYPE<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| length/value: 1<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
******parse ISAKMP Oakley attribute:<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| af+type: OAKLEY_LIFE_DURATION<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| length/value: 28800<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
******parse ISAKMP Oakley attribute:<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| af+type: OAKLEY_ENCRYPTION_ALGORITHM<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| length/value: 5<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
******parse ISAKMP Oakley attribute:<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
af+type: OAKLEY_AUTHENTICATION_METHOD<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| length/value: 1<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
******parse ISAKMP Oakley attribute:<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| af+type: OAKLEY_HASH_ALGORITHM<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| length/value: 1<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
******parse ISAKMP Oakley attribute:<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| af+type: OAKLEY_GROUP_DESCRIPTION<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]:
| length/value: 2<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
find_host_connection2 called from main_inI1_outR1, me=189.233.*.51:500
him=%any:500 policy=PSK<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
find_host_pair: comparing to 189.233.*.51:500 187.145.*.141:500<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
find_host_pair_conn (find_host_connection2): 189.233.*.51:500 %any:500 ->
hp:none<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
searching for connection with policy = PSK<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
find_host_connection2 returns empty<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: packet
from 189.136.*.206:500: initial Main Mode message received on 189.233.*.51:500
but no connection has been authorized with policy=PSK<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: |
complete state transition with STF_IGNORE<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: | *
processed 0 messages from cryptographic helpers<o:p></o:p></p>
<p class=MsoNormal>Jul 8 21:32:41 excalibur-netcafe pluto[12362]: | next
event EVENT_PENDING_PHASE2 in 46 seconds<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>