<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=WordSection1>
<p class=MsoNormal>The phone rang today with a customer talking about tunnel
problems and the only cure was a reboot. This one has two sites,
Iowa, named HQ and Minnesota, named MN. Both sites are already running
2.6.28. <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Looking at /var/log/secure – it looks like a problem
started on Sep 8 around 27 minutes after midnight. The systems at both
sites are running ntp, so both clocks are synchronized. At 00:26:44, both
HQ and MN report an SA established. At 00:27:14, HQ starts reporting
“Informational Exchange message must be encrypted” and MN reports a
malformed payload. This repeats a few times until 00:37:54, when MN
reports “too many (17) malformed payloads. Deleting state”.
After that, several messages on both sides with initiate on demand
errors. Around 09:26:00, the folks at the MN site rebooted the MN
firewall. After that, the tunnel came back as normal. This
customer has reported this happening at least twice in the past few days.
Again, this is with 2.6.28 at both sites. <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Could this be a hardware problem?<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I’ll paste in extracts from /var/log/secure below.
Public IP Addresses disguised.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>MN site:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Sep 8 00:23:34 MN-fw1 pluto[2192]: "mn-hq"
#440: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_<o:p></o:p></p>
<p class=MsoNormal>SIG cipher=aes_128 prf=oakley_sha group=modp2048}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:25:34 MN-fw1 pluto[2192]: "mn-hq"
#441: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE<o:p></o:p></p>
<p class=MsoNormal>v2ALLOW to replace #429 {using isakmp#440 msgid:c03bde2c
proposal=defaults pfsgroup=OAKLEY_GROUP_MODP204<o:p></o:p></p>
<p class=MsoNormal>8}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:04 MN-fw1 pluto[2192]: "mn-hq"
#441: ERROR: netlink response for Add SA esp.c7d28cc6@3.4.<o:p></o:p></p>
<p class=MsoNormal>177.201 included errno 3: No such process<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:14 MN-fw1 pluto[2192]: "mn-hq"
#441: discarding duplicate packet; already STATE_QUICK_I1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:34 MN-fw1 pluto[2192]: "mn-hq"
#441: discarding duplicate packet; already STATE_QUICK_I1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 MN-fw1 pluto[2192]: "mn-hq"
#441: max number of retransmissions (2) reached STATE_QUICK_<o:p></o:p></p>
<p class=MsoNormal>I1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 MN-fw1 pluto[2192]: "mn-hq"
#441: starting keying attempt 2 of an unlimited number<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 MN-fw1 pluto[2192]: "mn-hq"
#442: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKE<o:p></o:p></p>
<p class=MsoNormal>v2ALLOW to replace #441 {using isakmp#440 msgid:54f2144a
proposal=defaults pfsgroup=OAKLEY_GROUP_MODP204<o:p></o:p></p>
<p class=MsoNormal>8}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 MN-fw1 pluto[2192]: "mn-hq"
#442: transition from state STATE_QUICK_I1 to state STATE_QU<o:p></o:p></p>
<p class=MsoNormal>ICK_I2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 MN-fw1 pluto[2192]: "mn-hq"
#442: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel<o:p></o:p></p>
<p class=MsoNormal>mode {ESP=>0xdf3128a4 <0x00f94364
xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:14 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:14 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:14 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:14 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:14 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:54 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:54 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:54 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:54 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:54 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:28:34 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:28:34 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:28:34 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:28:34 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:28:34 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:14 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:14 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:14 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:14 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:14 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:54 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:54 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:54 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:54 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:54 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:30:34 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:30:34 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:30:34 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:30:34 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:30:34 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:14 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:14 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:14 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:14 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:14 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:54 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:54 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:54 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:54 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:54 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:32:34 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:32:34 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:32:34 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:32:34 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:32:34 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:14 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:14 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:14 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:14 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:14 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:54 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:54 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:54 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:54 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:54 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:34:34 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:34:34 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:34:34 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:34:34 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:34:34 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:14 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:14 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:14 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:14 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:14 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:54 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:54 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:54 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:54 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:54 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:36:34 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:36:34 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:36:34 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:36:34 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:36:34 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:14 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:14 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:14 MN-fw1 pluto[2192]: | payload malformed
after IV<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:14 MN-fw1 pluto[2192]: | c5 15
27 ac 8e a4 30 b7 af 3f 05 d3 57 e3 9b 0a<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:14 MN-fw1 pluto[2192]: "mn-hq"
#440: sending notification PAYLOAD_MALFORMED to 1.2.252.17<o:p></o:p></p>
<p class=MsoNormal>8:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:54 MN-fw1 pluto[2192]: "mn-hq"
#440: byte 2 of ISAKMP Hash Payload must be zero, but is not<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:54 MN-fw1 pluto[2192]: "mn-hq"
#440: malformed payload in packet<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:54 MN-fw1 pluto[2192]: "mn-hq"
#440: too many (17) malformed payloads. Deleting state<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:54 MN-fw1 pluto[2192]: packet from 1.2.252.178:500:
Informational Exchange is for an unkn<o:p></o:p></p>
<p class=MsoNormal>own (expired?) SA with MSGID:0xb184d99e<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:38:34 MN-fw1 pluto[2192]: packet from 1.2.252.178:500:
Quick Mode message is for a non-exist<o:p></o:p></p>
<p class=MsoNormal>ent (expired?) ISAKMP SA<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:39:41 MN-fw1 pluto[2192]: packet from 1.2.252.178:500:
Informational Exchange is for an unkn<o:p></o:p></p>
<p class=MsoNormal>own (expired?) SA with MSGID:0xa56d2416<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:44 MN-fw1 pluto[2192]: "mn-hq"
#442: IPsec SA expired (LATEST!)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:44 MN-fw1 pluto[2192]: "mn-hq"
#442: down-client output: Running mn-updown<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:44 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.219:49178 to 10.0.0.1:3389 proto=6<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:44 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.63:2860 to 10.0.0.2:80 proto=6 sta<o:p></o:p></p>
<p class=MsoNormal>te: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:46 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.54:1025 to 10.0.0.13:161 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:47 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.217:1029 to 10.0.0.13:161 proto=17<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:49 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.1:3333 to 10.0.0.2:1026 proto=6 st<o:p></o:p></p>
<p class=MsoNormal>ate: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:50 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.220:1040 to 10.0.0.11:161 proto=17<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:55 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.55:1038 to 10.0.0.11:161 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:08 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.120:3000 to 10.0.0.120:3000 proto=<o:p></o:p></p>
<p class=MsoNormal>17 state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:11 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.217:1029 to 10.0.0.16:161 proto=17<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:13 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.219:52757 to 10.0.0.2:53 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:14 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.1:445 to 10.0.0.56:1061 proto=6 st<o:p></o:p></p>
<p class=MsoNormal>ate: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:15 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.220:1040 to 10.0.0.13:161 proto=17<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:20 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.55:1038 to 10.0.0.13:161 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:21 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.1:3332 to 10.0.0.2:1026 proto=6 st<o:p></o:p></p>
<p class=MsoNormal>ate: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:22 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.54:58655 to 10.0.0.2:53 proto=17 s<o:p></o:p></p>
<p class=MsoNormal>tate: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:24 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.63:2894 to 10.0.0.2:80 proto=6 sta<o:p></o:p></p>
<p class=MsoNormal>te: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:29 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.219:50048 to 10.0.0.1:3389 proto=6<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:35 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.217:1029 to 10.0.0.19:161 proto=17<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:39 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.220:1040 to 10.0.0.16:161 proto=17<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:41 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.54:1025 to 10.0.0.13:161 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:44 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.55:1038 to 10.0.0.18:161 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:52 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.217:53072 to 10.0.0.2:53 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:55 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.63:2895 to 10.0.0.2:80 proto=6 sta<o:p></o:p></p>
<p class=MsoNormal>te: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:57 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.1:8 to 10.0.0.2:0 proto=1 state: f<o:p></o:p></p>
<p class=MsoNormal>os_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:27:57 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.52:1054 to 10.0.0.1:3389 proto=6 s<o:p></o:p></p>
<p class=MsoNormal>tate: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:02 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.219:50050 to 10.0.0.1:3389 proto=6<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:03 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.220:1040 to 10.0.0.18:161 proto=17<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:09 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.120:3000 to 10.0.0.120:3000 proto=<o:p></o:p></p>
<p class=MsoNormal>17 state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:12 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.55:1040 to 10.0.0.1:3389 proto=6 s<o:p></o:p></p>
<p class=MsoNormal>tate: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:27 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.220:1040 to 10.0.0.19:161 proto=17<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:28 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.63:2897 to 10.0.0.2:80 proto=6 sta<o:p></o:p></p>
<p class=MsoNormal>te: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:29 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.217:1029 to 10.0.0.13:161 proto=17<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:36 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.54:1025 to 10.0.0.13:161 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:38 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.55:1038 to 10.0.0.11:161 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:41 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.219:50056 to 10.0.0.1:3389 proto=6<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:44 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.55:1480 to 10.0.0.1:3389 proto=6 s<o:p></o:p></p>
<p class=MsoNormal>tate: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:54 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.217:1029 to 10.0.0.16:161 proto=17<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:58 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.63:2898 to 10.0.0.2:80 proto=6 sta<o:p></o:p></p>
<p class=MsoNormal>te: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:28:59 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.121:7107 to 10.0.0.121:4029 proto=<o:p></o:p></p>
<p class=MsoNormal>6 state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:29:03 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.55:1038 to 10.0.0.13:161 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:29:10 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.120:3000 to 10.0.0.120:3000 proto=<o:p></o:p></p>
<p class=MsoNormal>17 state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:29:14 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.219:50057 to 10.0.0.1:3389 proto=6<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:29:17 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.55:1482 to 10.0.0.1:3389 proto=6 s<o:p></o:p></p>
<p class=MsoNormal>tate: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:29:18 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.217:1029 to 10.0.0.19:161 proto=17<o:p></o:p></p>
<p class=MsoNormal> state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:29:20 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.1:56102 to 10.0.0.2:53 proto=17 st<o:p></o:p></p>
<p class=MsoNormal>--More--(53%)<o:p></o:p></p>
<p class=MsoNormal>.<o:p></o:p></p>
<p class=MsoNormal>.<o:p></o:p></p>
<p class=MsoNormal>.<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:24 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.55:1038 to 10.0.0.11:161 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:25 MN-fw1 sshd[1540]: Received signal 15;
terminating.<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:26 MN-fw1 pluto[2192]: initiate on demand
from 192.168.0.54:1025 to 10.0.0.13:161 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: forgetting secrets<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: "mn-hq":
deleting connection<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: "mn-hq"
#180: deleting state (STATE_MAIN_I2)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: "mn-hq":
unroute-client output: Running mn-updown<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: "mn-hq":
unroute-client output: /usr/local/lib/ipsec/_updown.netkey:<o:p></o:p></p>
<p class=MsoNormal> doroute `ip route del 10.0.0.0/24 via 3.4.177.202 dev
br0 ' failed (RTNETLINK answers: No such proces<o:p></o:p></p>
<p class=MsoNormal>s)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
interface lo/lo ::1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
interface lo/lo 127.0.0.1:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
interface lo/lo 127.0.0.1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
interface eth2/eth2 192.168.253.1:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
interface eth2/eth2 192.168.253.1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
interface eth3/eth3 10.10.10.70:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
interface eth3/eth3 10.10.10.70:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
interface br0/br0 192.168.0.10:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
interface br0/br0 192.168.0.10:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
interface br0/br0 3.4.177.201:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:25:30 MN-fw1 pluto[2192]: shutting down
interface br0/br0 3.4.177.201:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:53 MN-fw1 runuser:
pam_unix(runuser:session): session opened for user root by (uid=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:53 MN-fw1 runuser:
pam_unix(runuser:session): session closed for user root<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 ipsec__plutorun: Starting Pluto
subsystem...<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]: nss directory
plutomain: /etc/ipsec.d<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]: NSS Initialized<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]: Starting Pluto
(Openswan Version 2.6.28; Vendor ID OEQ{O\177nez{CQ)<o:p></o:p></p>
<p class=MsoNormal>pid:1486<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]: Non-fips mode set
in /proc/sys/crypto/fips_enabled<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]: SAref support
[disabled]: Protocol not available<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]: SAbind support
[disabled]: Protocol not available<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]: Setting
NAT-Traversal port-4500 floating to on<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]:
port floating activation criteria nat_t=1/port_float=1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]:
NAT-Traversal support [enabled]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]: 1 bad entries in
virtual_private - none loaded<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]:
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0<o:p></o:p></p>
<p class=MsoNormal>)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]:
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]:
ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]:
ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]: no helpers will be
started, all cryptographic operations will be don<o:p></o:p></p>
<p class=MsoNormal>e inline<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 pluto[1486]: Using Linux 2.6
IPsec interface code on 2.6.33.5-112.fc13.i686.PAE (<o:p></o:p></p>
<p class=MsoNormal>experimental code)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 sshd[1515]: Server listening on
0.0.0.0 port 22.<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:56 MN-fw1 sshd[1515]: Server listening on
:: port 22.<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]:
ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_add():
ERROR: Algorithm already exists<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]:
ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_add():
ERROR: Algorithm already exists<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]:
ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_add():
ERROR: Algorithm already exists<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]:
ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_add():
ERROR: Algorithm already exists<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]:
ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: ike_alg_add():
ERROR: Algorithm already exists<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]:
ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: myid malformed:
empty string ""<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: Changed path to
directory '/etc/ipsec.d/cacerts'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: Changed path to
directory '/etc/ipsec.d/aacerts'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: Changed path to
directory '/etc/ipsec.d/ocspcerts'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: Changing to
directory '/etc/ipsec.d/crls'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]:
Warning: empty directory<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: added connection
description "mn-hq"<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: listening for IKE
messages<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: NAT-Traversal:
Trying new style NAT-T<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: NAT-Traversal:
ESPINUDP(1) setup failed for new style NAT-T family I<o:p></o:p></p>
<p class=MsoNormal>Pv4 (errno=19)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: NAT-Traversal:
Trying old style NAT-T<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface
eth3/eth3 10.10.10.70:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface
eth3/eth3 10.10.10.70:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface
eth2/eth2 192.168.253.1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface
eth2/eth2 192.168.253.1:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface
eth1/eth1 192.168.0.10:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface
eth1/eth1 192.168.0.10:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface
eth0/eth0 3.4.177.201:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface
eth0/eth0 3.4.177.201:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface
lo/lo 127.0.0.1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface
lo/lo 127.0.0.1:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: adding interface
lo/lo ::1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: loading secrets
from "/etc/ipsec.secrets"<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: loading secrets
from "/etc/ipsec.d/hostkey.secrets"<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: loaded private key
for keyid: PPK_RSA:AQOwd0G2W<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq":
prepare-client output: Running mn-updown<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq":
prepare-client output: Cannot find device "br0"<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq":
prepare-client command exited with status 255<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq":
route-client output: Running mn-updown<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq":
route-client output: RTNETLINK answers: Network is unreacha<o:p></o:p></p>
<p class=MsoNormal>ble<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq":
route-client output: Cannot find device "br0"<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq":
route-client command exited with status 255<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq":
down-client output: Running mn-updown<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq":
down-client output: Cannot find device "br0"<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq":
down-client command exited with status 255<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: "mn-hq"
#1: initiating Main Mode<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:57 MN-fw1 pluto[1486]: ERROR:
"mn-hq" #1: sendto on eth0 to 1.2.252.178:500 failed in mai<o:p></o:p></p>
<p class=MsoNormal>n_outI1. Errno 101: Network is unreachable<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: forgetting secrets<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: "mn-hq":
deleting connection<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: "mn-hq"
#1: deleting state (STATE_MAIN_I1)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
interface lo/lo ::1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
interface lo/lo 127.0.0.1:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
interface lo/lo 127.0.0.1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
interface eth0/eth0 3.4.177.201:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
interface eth0/eth0 3.4.177.201:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
interface eth1/eth1 192.168.0.10:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
interface eth1/eth1 192.168.0.10:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
interface eth2/eth2 192.168.253.1:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
interface eth2/eth2 192.168.253.1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
interface eth3/eth3 10.10.10.70:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:00 MN-fw1 pluto[1486]: shutting down
interface eth3/eth3 10.10.10.70:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 ipsec__plutorun: Starting Pluto
subsystem...<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: nss directory
plutomain: /etc/ipsec.d<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: NSS Initialized<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: Starting Pluto
(Openswan Version 2.6.28; Vendor ID OEQ{O\177nez{CQ)<o:p></o:p></p>
<p class=MsoNormal>pid:2173<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: Non-fips mode set
in /proc/sys/crypto/fips_enabled<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: SAref support
[disabled]: Protocol not available<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: SAbind support
[disabled]: Protocol not available<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: Setting
NAT-Traversal port-4500 floating to on<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
port floating activation criteria nat_t=1/port_float=1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
NAT-Traversal support [enabled]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: 1 bad entries in
virtual_private - none loaded<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0<o:p></o:p></p>
<p class=MsoNormal>)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: no helpers will be
started, all cryptographic operations will be don<o:p></o:p></p>
<p class=MsoNormal>e inline<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: Using Linux 2.6
IPsec interface code on 2.6.33.5-112.fc13.i686.PAE (<o:p></o:p></p>
<p class=MsoNormal>experimental code)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_add():
ERROR: Algorithm already exists<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_add():
ERROR: Algorithm already exists<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_register_enc():
Activating aes_ccm_16: FAILED (ret=-17)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_add():
ERROR: Algorithm already exists<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_add():
ERROR: Algorithm already exists<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: ike_alg_add():
ERROR: Algorithm already exists<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: Changed path to
directory '/etc/ipsec.d/cacerts'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: Changed path to
directory '/etc/ipsec.d/aacerts'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: Changed path to
directory '/etc/ipsec.d/ocspcerts'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: Changing to
directory '/etc/ipsec.d/crls'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]:
Warning: empty directory<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: added connection
description "mn-hq"<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: listening for IKE
messages<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: NAT-Traversal:
Trying new style NAT-T<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: NAT-Traversal:
ESPINUDP(1) setup failed for new style NAT-T family I<o:p></o:p></p>
<p class=MsoNormal>Pv4 (errno=19)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: NAT-Traversal:
Trying old style NAT-T<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface
br0/br0 3.4.177.201:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface
br0/br0 3.4.177.201:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface
br0/br0 192.168.0.10:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface
br0/br0 192.168.0.10:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface
eth3/eth3 10.10.10.70:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface
eth3/eth3 10.10.10.70:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface
eth2/eth2 192.168.253.1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface
eth2/eth2 192.168.253.1:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface
lo/lo 127.0.0.1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface
lo/lo 127.0.0.1:4500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: adding interface
lo/lo ::1:500<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: loading secrets
from "/etc/ipsec.secrets"<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: loading secrets
from "/etc/ipsec.d/hostkey.secrets"<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: loaded private key
for keyid: PPK_RSA:AQOwd0G2W<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: "mn-hq":
prepare-client output: Running mn-updown<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: "mn-hq":
prepare-client output: RTNETLINK answers: No such file or d<o:p></o:p></p>
<p class=MsoNormal>irectory<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: "mn-hq":
prepare-client command exited with status 2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:02 MN-fw1 pluto[2173]: "mn-hq":
route-client output: Running mn-updown<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:03 MN-fw1 pluto[2173]: "mn-hq"
#1: initiating Main Mode<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:06 MN-fw1 pluto[2173]: ERROR: asynchronous
network error report on br0 (sport=500) for mess<o:p></o:p></p>
<p class=MsoNormal>age to 1.2.252.178 port 500, complainant 3.4.177.201: No
route to host [errno 113, origin ICMP type<o:p></o:p></p>
<p class=MsoNormal>3 code 1 (not authenticated)]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: received Vendor ID payload [Openswan (this version) 2.6.<o:p></o:p></p>
<p class=MsoNormal>28 ]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: received Vendor ID payload [RFC 3947] method set to=109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: enabling possible NAT-traversal with method 4<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: transition from state STATE_MAIN_I1 to state STATE_MAIN_<o:p></o:p></p>
<p class=MsoNormal>I2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: STATE_MAIN_I2: sent MI2, expecting MR2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: initiate on demand
from 192.168.0.219:56222 to 10.0.0.2:53 proto=17<o:p></o:p></p>
<p class=MsoNormal>state: fos_start because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no<o:p></o:p></p>
<p class=MsoNormal> NAT detected<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: transition from state STATE_MAIN_I2 to state STATE_MAIN_<o:p></o:p></p>
<p class=MsoNormal>I3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: STATE_MAIN_I3: sent MI3, expecting MR3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: received Vendor ID payload [CAN-IKEv2]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: Main mode peer ID is ID_FQDN: '@hq.local'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: transition from state STATE_MAIN_I3 to state STATE_MAIN_<o:p></o:p></p>
<p class=MsoNormal>I4<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SI<o:p></o:p></p>
<p class=MsoNormal>G cipher=aes_128 prf=oakley_sha group=modp2048}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2<o:p></o:p></p>
<p class=MsoNormal>ALLOW {using isakmp#1 msgid:d173e7ed proposal=defaults
pfsgroup=OAKLEY_GROUP_MODP2048}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#3: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2<o:p></o:p></p>
<p class=MsoNormal>ALLOW {using isakmp#1 msgid:ebfc7062 proposal=defaults
pfsgroup=OAKLEY_GROUP_MODP2048}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#2: up-client output: Running mn-updown<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#2: transition from state STATE_QUICK_I1 to state STATE_QUIC<o:p></o:p></p>
<p class=MsoNormal>K_I2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mo<o:p></o:p></p>
<p class=MsoNormal>de {ESP=>0x3de17b74 <0x5587e847 xfrm=AES_128-HMAC_SHA1
NATOA=none NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#3: transition from state STATE_QUICK_I1 to state STATE_QUIC<o:p></o:p></p>
<p class=MsoNormal>K_I2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 MN-fw1 pluto[2173]: "mn-hq"
#3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mo<o:p></o:p></p>
<p class=MsoNormal>de {ESP=>0x0ac3b910 <0x885ca579 xfrm=AES_128-HMAC_SHA1
NATOA=none NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 MN-fw1 pluto[2173]: "mn-hq"
#4: initiating Main Mode to replace #1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 MN-fw1 pluto[2173]: "mn-hq"
#4: received Vendor ID payload [Openswan (this version) 2.6.<o:p></o:p></p>
<p class=MsoNormal>--More--(91%)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>HQ site:<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Sep 8 00:23:34 audubon-fw1 pluto[2248]:
"mn-hq" #1351: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakle<o:p></o:p></p>
<p class=MsoNormal>y_sha group=modp2048}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:04 audubon-fw1 pluto[2248]:
"mn-hq" #1351: the peer proposed: 10.0.0.0/24:0/0 ->
192.168.0.0/24:0/0<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:04 audubon-fw1 pluto[2248]:
"mn-hq" #1352: responding to Quick Mode proposal {msgid:c03bde2c}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:04 audubon-fw1 pluto[2248]:
"mn-hq" #1352: us: 10.0.0.0/24===1.2.252.178<1.2.252.178>[@hq.local,+S=C]---1.2.252.190<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:04 audubon-fw1 pluto[2248]:
"mn-hq" #1352: them: 3.4.177.202---3.4.177.201<3.4.177.201>[@mn.local,+S=C]===192.168.0.0/24<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:04 audubon-fw1 pluto[2248]:
"mn-hq" #1352: keeping refhim=4294901761 during rekey<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:04 audubon-fw1 pluto[2248]:
"mn-hq" #1352: transition from state STATE_QUICK_R0 to state
STATE_QUICK_R1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:04 audubon-fw1 pluto[2248]:
"mn-hq" #1352: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
expecting QI2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 audubon-fw1 pluto[2248]:
"mn-hq" #1351: the peer proposed: 10.0.0.0/24:0/0 ->
192.168.0.0/24:0/0<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 audubon-fw1 pluto[2248]:
"mn-hq" #1353: responding to Quick Mode proposal {msgid:54f2144a}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 audubon-fw1 pluto[2248]:
"mn-hq" #1353: us: 10.0.0.0/24===1.2.252.178<1.2.252.178>[@hq.local,+S=C]---1.2.252.190<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 audubon-fw1 pluto[2248]:
"mn-hq" #1353: them: 3.4.177.202---3.4.177.201<3.4.177.201>[@mn.local,+S=C]===192.168.0.0/24<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 audubon-fw1 pluto[2248]:
"mn-hq" #1353: keeping refhim=4294901761 during rekey<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 audubon-fw1 pluto[2248]:
"mn-hq" #1353: transition from state STATE_QUICK_R0 to state
STATE_QUICK_R1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 audubon-fw1 pluto[2248]:
"mn-hq" #1353: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
expecting QI2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 audubon-fw1 pluto[2248]: "mn-hq"
#1353: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:26:44 audubon-fw1 pluto[2248]:
"mn-hq" #1353: STATE_QUICK_R2: IPsec SA established tunnel mode
{ESP=>0x00f94364 <0xdf3128a4 xfrm=AES_128-H<o:p></o:p></p>
<p class=MsoNormal>MAC_SHA1 NATOA=none NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:27:54 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:28:34 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:15 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:29:54 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:30:34 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:14 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:31:54 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:32:34 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:14 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:33:54 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:34:34 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:15 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:35:54 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:36:34 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:14 audubon-fw1 pluto[2248]:
"mn-hq" #1351: Informational Exchange message must be encrypted<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:54 audubon-fw1 pluto[2248]:
"mn-hq" #1351: received Delete SA payload: deleting ISAKMP State #1351<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:37:54 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:39:14 audubon-fw1 pluto[2248]:
"mn-hq" #1352: max number of retransmissions (20) reached
STATE_QUICK_R1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 00:39:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
Informational Exchange is for an unknown (expired?) SA with MSGID:0xd4010750<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:44 audubon-fw1 pluto[2248]:
"mn-hq" #1353: IPsec SA expired (LATEST!)<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:44 audubon-fw1 pluto[2248]:
"mn-hq" #1353: down-client output: Running hq-updown<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:44 audubon-fw1 pluto[2248]: initiate on
demand from 10.0.0.1:3389 to 192.168.0.219:49178 proto=6 state: fos_start
because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:44 audubon-fw1 pluto[2248]: initiate on
demand from 10.0.0.1:3389 to 192.168.0.54:1033 proto=6 state: fos_start
because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:44 audubon-fw1 pluto[2248]: initiate on
demand from 10.0.0.1:3389 to 192.168.0.55:1040 proto=6 state: fos_start because:
acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 08:26:45 audubon-fw1 pluto[2248]: initiate on
demand from 10.0.0.2:1072 to 192.168.0.12:161 proto=17 state: fos_start
because: acquire<o:p></o:p></p>
<p class=MsoNormal>--More--(59%)<o:p></o:p></p>
<p class=MsoNormal>.<o:p></o:p></p>
<p class=MsoNormal>.<o:p></o:p></p>
<p class=MsoNormal>.<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:45 audubon-fw1 pluto[2248]: initiate on
demand from 10.0.0.2:1072 to 192.168.0.12:161 proto=17 state: fos_start
because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:50 audubon-fw1 pluto[2248]: initiate on
demand from 10.0.0.1:1031 to 192.168.0.20:161 proto=17 state: fos_start
because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:26:52 audubon-fw1 pluto[2248]: initiate on
demand from 10.0.0.1:1031 to 192.168.0.12:161 proto=17 state: fos_start
because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:05 audubon-fw1 pluto[2248]: initiate on
demand from 10.0.0.50:8 to 192.168.0.1:0 proto=1 state: fos_start because:
acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:06 audubon-fw1 pluto[2248]: initiate on
demand from 10.0.0.50:8 to 192.168.0.10:0 proto=1 state: fos_start because:
acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:07 audubon-fw1 pluto[2248]: initiate on
demand from 10.0.0.50:8 to 192.168.0.52:0 proto=1 state: fos_start because:
acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:13 audubon-fw1 pluto[2248]: initiate on
demand from 10.0.0.120:1148 to 192.168.0.122:5000 proto=6 state: fos_start
because: acquire<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but alr<o:p></o:p></p>
<p class=MsoNormal>eady using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but a<o:p></o:p></p>
<p class=MsoNormal>lready using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but alr<o:p></o:p></p>
<p class=MsoNormal>eady using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1354: responding to Main Mode<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]: "mn-hq"
#1354: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1354: STATE_MAIN_R1: sent MR1, expecting MI2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1354: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1354: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1354: STATE_MAIN_R2: sent MR2, expecting MI3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1354: Main mode peer ID is ID_FQDN: '@mn.local'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1354: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1354: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakle<o:p></o:p></p>
<p class=MsoNormal>y_sha group=modp2048}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1354: the peer proposed: 10.0.0.0/24:0/0 ->
192.168.0.0/24:0/0<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1355: responding to Quick Mode proposal {msgid:d173e7ed}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1355: us: 10.0.0.0/24===1.2.252.178<1.2.252.178>[@hq.local,+S=C]---1.2.252.190<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1355: them: 3.4.177.202---3.4.177.201<3.4.177.201>[@mn.local,+S=C]===192.168.0.0/24<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1355: transition from state STATE_QUICK_R0 to state
STATE_QUICK_R1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1355: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
expecting QI2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1354: the peer proposed: 10.0.0.0/24:0/0 ->
192.168.0.0/24:0/0<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1356: responding to Quick Mode proposal {msgid:ebfc7062}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1356: us: 10.0.0.0/24===1.2.252.178<1.2.252.178>[@hq.local,+S=C]---1.2.252.190<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1356: them: 3.4.177.202---3.4.177.201<3.4.177.201>[@mn.local,+S=C]===192.168.0.0/24<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1356: transition from state STATE_QUICK_R0 to state
STATE_QUICK_R1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1356: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
expecting QI2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1355: up-client output: Running hq-updown<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1355: transition from state STATE_QUICK_R1 to state
STATE_QUICK_R2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1355: STATE_QUICK_R2: IPsec SA established tunnel mode
{ESP=>0x5587e847 <0x3de17b74 xfrm=AES_128-H<o:p></o:p></p>
<p class=MsoNormal>MAC_SHA1 NATOA=none NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1356: transition from state STATE_QUICK_R1 to state
STATE_QUICK_R2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 09:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1356: STATE_QUICK_R2: IPsec SA established tunnel mode
{ESP=>0x885ca579 <0x0ac3b910 xfrm=AES_128-H<o:p></o:p></p>
<p class=MsoNormal>MAC_SHA1 NATOA=none NATD=none DPD=none}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but alr<o:p></o:p></p>
<p class=MsoNormal>eady using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but a<o:p></o:p></p>
<p class=MsoNormal>lready using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but alr<o:p></o:p></p>
<p class=MsoNormal>eady using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]:
"mn-hq" #1357: responding to Main Mode<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]: "mn-hq"
#1357: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]:
"mn-hq" #1357: STATE_MAIN_R1: sent MR1, expecting MI2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]:
"mn-hq" #1357: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]:
"mn-hq" #1357: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]:
"mn-hq" #1357: STATE_MAIN_R2: sent MR2, expecting MI3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]:
"mn-hq" #1357: Main mode peer ID is ID_FQDN: '@mn.local'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]:
"mn-hq" #1357: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:10:41 audubon-fw1 pluto[2248]:
"mn-hq" #1357: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakle<o:p></o:p></p>
<p class=MsoNormal>y_sha group=modp2048}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:27:14 audubon-fw1 pluto[2248]:
"mn-hq" #1354: received Delete SA payload: deleting ISAKMP State
#1354<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:27:14 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received and ignored informational message<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but alr<o:p></o:p></p>
<p class=MsoNormal>eady using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but a<o:p></o:p></p>
<p class=MsoNormal>lready using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but alr<o:p></o:p></p>
<p class=MsoNormal>eady using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]:
"mn-hq" #1358: responding to Main Mode<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]: "mn-hq"
#1358: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]:
"mn-hq" #1358: STATE_MAIN_R1: sent MR1, expecting MI2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]:
"mn-hq" #1358: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]:
"mn-hq" #1358: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:30 audubon-fw1 pluto[2248]:
"mn-hq" #1358: STATE_MAIN_R2: sent MR2, expecting MI3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:31 audubon-fw1 pluto[2248]:
"mn-hq" #1358: Main mode peer ID is ID_FQDN: '@mn.local'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:31 audubon-fw1 pluto[2248]:
"mn-hq" #1358: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 10:54:31 audubon-fw1 pluto[2248]:
"mn-hq" #1358: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakle<o:p></o:p></p>
<p class=MsoNormal>y_sha group=modp2048}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:10:41 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
Informational Exchange is for an unknown (expired?) SA with MSGID:0x19585286<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but alr<o:p></o:p></p>
<p class=MsoNormal>eady using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but a<o:p></o:p></p>
<p class=MsoNormal>lready using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but alr<o:p></o:p></p>
<p class=MsoNormal>eady using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]:
"mn-hq" #1359: responding to Main Mode<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]:
"mn-hq" #1359: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]: "mn-hq"
#1359: STATE_MAIN_R1: sent MR1, expecting MI2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]:
"mn-hq" #1359: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]:
"mn-hq" #1359: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]:
"mn-hq" #1359: STATE_MAIN_R2: sent MR2, expecting MI3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]:
"mn-hq" #1359: Main mode peer ID is ID_FQDN: '@mn.local'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]:
"mn-hq" #1359: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:37:19 audubon-fw1 pluto[2248]:
"mn-hq" #1359: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakle<o:p></o:p></p>
<p class=MsoNormal>y_sha group=modp2048}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 11:54:31 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
Informational Exchange is for an unknown (expired?) SA with MSGID:0x014a63ab<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but alr<o:p></o:p></p>
<p class=MsoNormal>eady using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but a<o:p></o:p></p>
<p class=MsoNormal>lready using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but alr<o:p></o:p></p>
<p class=MsoNormal>eady using method 109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:33 audubon-fw1 pluto[2248]:
"mn-hq" #1360: responding to Main Mode<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:33 audubon-fw1 pluto[2248]:
"mn-hq" #1360: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:33 audubon-fw1 pluto[2248]:
"mn-hq" #1360: STATE_MAIN_R1: sent MR1, expecting MI2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:33 audubon-fw1 pluto[2248]:
"mn-hq" #1360: NAT-Traversal: Result using RFC 3947 (NAT-Traversal):
no NAT detected<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:34 audubon-fw1 pluto[2248]:
"mn-hq" #1360: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:34 audubon-fw1 pluto[2248]:
"mn-hq" #1360: STATE_MAIN_R2: sent MR2, expecting MI3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:34 audubon-fw1 pluto[2248]:
"mn-hq" #1360: Main mode peer ID is ID_FQDN: '@mn.local'<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:34 audubon-fw1 pluto[2248]:
"mn-hq" #1360: transition from state STATE_MAIN_R2 to state
STATE_MAIN_R3<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:26:34 audubon-fw1 pluto[2248]:
"mn-hq" #1360: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakle<o:p></o:p></p>
<p class=MsoNormal>y_sha group=modp2048}<o:p></o:p></p>
<p class=MsoNormal>Sep 8 12:37:19 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
Informational Exchange is for an unknown (expired?) SA with MSGID:0xe07e38bf<o:p></o:p></p>
<p class=MsoNormal>Sep 8 13:14:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Openswan (this version) 2.6.28 ]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 13:14:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [Dead Peer Detection]<o:p></o:p></p>
<p class=MsoNormal>Sep 8 13:14:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [RFC 3947] method set to=109<o:p></o:p></p>
<p class=MsoNormal>Sep 8 13:14:33 audubon-fw1 pluto[2248]: packet from 3.4.177.201:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but alr<o:p></o:p></p>
<p class=MsoNormal>eady using method 109<o:p></o:p></p>
<p class=MsoNormal>--More--(90%)<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>