<div dir="ltr"><div><div><div></div>I checked my iptables on the two end points and I only had:<br><br>-A INPUT -s <a href="http://216.58.86.104/32">216.58.86.104/32</a> -i eth0 -p esp -j ACCEPT<br>-A INPUT -s <a href="http://216.58.86.104/32">216.58.86.104/32</a> -i eth0 -p udp -m udp --sport 500 --dport 500 -j ACCEPT<br>
-A INPUT -s <a href="http://216.58.86.104/32">216.58.86.104/32</a> -i eth0 -p udp -m udp --sport 4500 --dport 4500 -j ACCEPT<br><br></div><div>...which was for the original tunnel that&#39;s been working fine not the one between my two OpenSwan instances.<br>
</div><div><br></div>Adding the other end of the tunnel seems to have restored connectivity across the tunnel, although I don&#39;t see any logs from Pluto after I made the change.<br><br></div>How could the tunnel possibly have been established in the first place without allowing esp/500/4500?  <br>
<div><div><br><br></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jun 27, 2013 at 3:46 PM, Neal Murphy <span dir="ltr">&lt;<a href="mailto:neal.p.murphy@alum.wpi.edu" target="_blank">neal.p.murphy@alum.wpi.edu</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It may be nothing, but why don&#39;t I see states QUICK_I1/R1/I2/R2? Possibly<br>
mismatched params between the two ends? (Unless you method doesn&#39;t use them.)<br>
<div><div class="h5"><br>
<br>
On Thursday, June 27, 2013 02:42:26 PM Dave Ariens wrote:<br>
&gt; I spoke to soon... Nothing can traverse the tunnel.<br>
&gt;<br>
&gt; Here&#39;s some logs for vps1 during the time that traffic stopped...<br>
&gt;<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: initiating Main<br>
&gt; Mode to replace #5<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: received Vendor<br>
&gt; ID payload [Openswan (this version) 2.6.38 ]<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: received Vendor<br>
&gt; ID payload [Dead Peer Detection]<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: received Vendor<br>
&gt; ID payload [RFC 3947] method set to=115<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: enabling<br>
&gt; possible NAT-traversal with method RFC 3947 (NAT-Traversal)<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: transition from<br>
&gt; state STATE_MAIN_I1 to state STATE_MAIN_I2<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: STATE_MAIN_I2:<br>
&gt; sent MI2, expecting MR2<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: NAT-Traversal:<br>
&gt; Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: transition from<br>
&gt; state STATE_MAIN_I2 to state STATE_MAIN_I3<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: STATE_MAIN_I3:<br>
&gt; sent MI3, expecting MR3<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: received Vendor<br>
&gt; ID payload [CAN-IKEv2]<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: Main mode peer<br>
&gt; ID is ID_IPV4_ADDR: &#39;173.254.195.244&#39;<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: transition from<br>
&gt; state STATE_MAIN_I3 to state STATE_MAIN_I4<br>
&gt; Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #8: STATE_MAIN_I4:<br>
&gt; ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128<br>
&gt; prf=oakley_sha group=modp2048}<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Openswan (this version)<br>
&gt; 2.6.38 ]<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Dead Peer Detection]<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [RFC 3947] method set<br>
&gt; to=115 Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; [draft-ietf-ipsec-nat-t-ike-00]<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #9: responding to<br>
&gt; Main Mode<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #9: transition from<br>
&gt; state STATE_MAIN_R0 to state STATE_MAIN_R1<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #9: STATE_MAIN_R1:<br>
&gt; sent MR1, expecting MI2<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #9: NAT-Traversal:<br>
&gt; Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #9: transition from<br>
&gt; state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #9: STATE_MAIN_R2:<br>
&gt; sent MR2, expecting MI3<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #9: Main mode peer<br>
&gt; ID is ID_IPV4_ADDR: &#39;173.254.195.244&#39;<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #9: transition from<br>
&gt; state STATE_MAIN_R2 to state STATE_MAIN_R3<br>
&gt; Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #9: STATE_MAIN_R3:<br>
&gt; sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128<br>
&gt; prf=oakley_sha group=modp2048}<br>
&gt; Jun 27 13:51:04 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: Informational Exchange is for an unknown (expired?) SA<br>
&gt; with MSGID:0x58fb6264<br>
&gt; Jun 27 13:51:09 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: &quot;vps2&quot; #5: received Delete<br>
&gt; SA payload: deleting ISAKMP State #5<br>
&gt; Jun 27 13:51:09 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received and ignored informational message<br>
&gt;<br>
&gt; On Thu, Jun 27, 2013 at 2:04 PM, Dave Ariens &lt;<a href="mailto:dave@ariens.ca">dave@ariens.ca</a>&gt; wrote:<br>
&gt; &gt; So far so good.  After applying the rekeys=yes to the connections, I<br>
&gt; &gt; restarted (systemctl restart openswan) yet the problem seemed to recur<br>
&gt; &gt; twice.  I then performed an ipsec auto --delete vps1/2 respectively, then<br>
&gt; &gt; an add, then a restart--and it&#39;s been fine since.  Looking into the<br>
&gt; &gt; systemd scripts, it looks like a restart is a stop then a start (ipsec<br>
&gt; &gt; _realsetup then stop ipsec _realsetup start).<br>
&gt; &gt;<br>
&gt; &gt; Could there be any artifacts of the previously established tunnel around<br>
&gt; &gt; _somehow_?   There&#39;s lots I don&#39;t understand about IPsec but can you<br>
&gt; &gt; enlighten me about what&#39;s going on?<br>
&gt; &gt;<br>
&gt; &gt; On Thu, Jun 27, 2013 at 11:35 AM, &lt;<a href="mailto:dave@ariens.ca">dave@ariens.ca</a>&gt; wrote:<br>
&gt; &gt;&gt; I will give that a shot. When I read up on it I understood that it was<br>
&gt; &gt;&gt; defaulted to &#39;yes&#39;.<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Thanks<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;  <a href="http://www.ariens.ca" target="_blank">www.ariens.ca</a><br>
&gt; &gt;&gt;<br>
</div></div>&gt; &gt;&gt;   *From: *Giovanni Carbone<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; *Sent: *Thursday, June 27, 2013 11:20 AM<br>
&gt; &gt;&gt; *To: *Dave Ariens; <a href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br>
&gt; &gt;&gt; *Subject: *RE: [Openswan Users] Established Tunnel Not Passing Traffic<br>
<div class="im">&gt; &gt;&gt;<br>
&gt; &gt;&gt;  Try adding “rekey=yes” in the conn(s).<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Example:<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; conn vps1<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     authby=secret<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     left=173.254.195.244<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     leftsourceip=192.168.200.10<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     leftsubnet=<a href="http://192.168.200.10/32" target="_blank">192.168.200.10/32</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     right=64.237.39.24<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     rightsubnet=<a href="http://192.168.100.10/32" target="_blank">192.168.100.10/32</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     auto=start<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     rekey=yes<br>
&gt; &gt;&gt;<br>
</div>&gt; &gt;&gt; *From:* <a href="mailto:users-bounces@lists.openswan.org">users-bounces@lists.openswan.org</a> [mailto:<br>
&gt; &gt;&gt; <a href="mailto:users-bounces@lists.openswan.org">users-bounces@lists.openswan.org</a>] *On Behalf Of *Dave Ariens<br>
&gt; &gt;&gt; *Sent:* Thursday, June 27, 2013 4:26 PM<br>
&gt; &gt;&gt; *To:* <a href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br>
&gt; &gt;&gt; *Subject:* [Openswan Users] Established Tunnel Not Passing Traffic<br>
<div class="im">&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Hey there guys (first time posting),<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; I have two servers (VPS) one on the US east coast, another on US west<br>
&gt; &gt;&gt; coast.  They both have an IPsec tunnel to my Juniper SRX firewall (on my<br>
&gt; &gt;&gt; home network in Ontario, Canada).  This tunnel is rock solid and I never<br>
&gt; &gt;&gt; have any issues with it.<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; I&#39;m trying to configure an OpenSwan IPsec tunnel between the two VMs,<br>
&gt; &gt;&gt; and it&#39;s up and running, I can ping through the tunnel, but some time<br>
&gt; &gt;&gt; afterwards, traffic is unable to pass (tunnel remains established).<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; This is really just a plain vanilla OpenSwan to OpenSwan implementation,<br>
&gt; &gt;&gt; below are some config details, and some logs.<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Can anyone help me identify why the tunnel stops passing traffic after<br>
&gt; &gt;&gt; some time &lt; 15 minutes.  I know the traffic stopped shortly after<br>
&gt; &gt;&gt; midnight this morning (see logs below)<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; [ariens@vps1 ~]$ pacman -Qs openswan<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; local/openswan 2.6.38-1<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     Open Source implementation of IPsec for the Linux operating system<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; VPS2:/etc/ipsec.conf<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; version 2.0<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; config setup<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     dumpdir=/var/run/pluto/<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     nat_traversal=yes<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     virtual_private=%v4:<br>
&gt; &gt;&gt; <a href="http://10.0.0.0/8,%v4:!192.168.200.0/24,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v" target="_blank">10.0.0.0/8,%v4:!192.168.200.0/24,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v</a><br>
</div>&gt; &gt;&gt; 4:<a href="http://25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10" target="_blank">25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a>&lt;<a href="http://10.0.0.0/8,%25v4:%21192.1" target="_blank">http://10.0.0.0/8,%25v4:%21192.1</a><br>

&gt; &gt;&gt; 68.200.0/24,%25v4:<a href="http://192.168.0.0/16,%25v4:172.16.0.0/12,%25v4:25.0.0.0/8,%2" target="_blank">192.168.0.0/16,%25v4:172.16.0.0/12,%25v4:25.0.0.0/8,%2</a><br>
&gt; &gt;&gt; 5v6:fd00::/8,%25v6:fe80::/10&gt;<br>
<div><div class="h5">&gt; &gt;&gt;<br>
&gt; &gt;&gt;     oe=off<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     protostack=netkey<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; conn <a href="http://home.ariens.ca" target="_blank">home.ariens.ca</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     authby=secret<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     left=173.254.195.244<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     leftsourceip=192.168.200.10<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     leftsubnet=0/0<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     right=<a href="tel:216.58.86.104" value="+12165886104">216.58.86.104</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     rightsubnet=<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     auto=start<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; conn vps1<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     authby=secret<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     left=173.254.195.244<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     leftsourceip=192.168.200.10<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     leftsubnet=<a href="http://192.168.200.10/32" target="_blank">192.168.200.10/32</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     right=64.237.39.24<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     rightsubnet=<a href="http://192.168.100.10/32" target="_blank">192.168.100.10/32</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     auto=start<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; VPS1:/etc/ipsec.conf<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; version 2.0<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; config setup<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     dumpdir=/var/run/pluto/<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     nat_traversal=yes<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     virtual_private=%v4:<br>
&gt; &gt;&gt; <a href="http://10.0.0.0/8,%v4:!192.168.100.0/24,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v" target="_blank">10.0.0.0/8,%v4:!192.168.100.0/24,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v</a><br>
</div></div>&gt; &gt;&gt; 4:<a href="http://25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10" target="_blank">25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a>&lt;<a href="http://10.0.0.0/8,%25v4:%21192.1" target="_blank">http://10.0.0.0/8,%25v4:%21192.1</a><br>

&gt; &gt;&gt; 68.100.0/24,%25v4:<a href="http://192.168.0.0/16,%25v4:172.16.0.0/12,%25v4:25.0.0.0/8,%2" target="_blank">192.168.0.0/16,%25v4:172.16.0.0/12,%25v4:25.0.0.0/8,%2</a><br>
&gt; &gt;&gt; 5v6:fd00::/8,%25v6:fe80::/10&gt;<br>
<div><div class="h5">&gt; &gt;&gt;<br>
&gt; &gt;&gt;     oe=off<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     protostack=netkey<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; conn <a href="http://home.ariens.ca" target="_blank">home.ariens.ca</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     authby=secret<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     left=64.237.39.24<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     leftsourceip=192.168.100.10<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     leftsubnet=0/0<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     right=<a href="tel:216.58.86.104" value="+12165886104">216.58.86.104</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     rightsubnet=<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     auto=start<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; conn vps2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     authby=secret<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     left=64.237.39.24<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     leftsourceip=192.168.100.10<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     leftsubnet=<a href="http://192.168.100.10/32" target="_blank">192.168.100.10/32</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     right=173.254.195.244<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     rightsubnet=<a href="http://192.168.200.10/32" target="_blank">192.168.200.10/32</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;     auto=start<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Logs from VPS1:<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Openswan (this version)<br>
&gt; &gt;&gt; 2.6.38 ]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Dead Peer Detection]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [RFC 3947] method set<br>
&gt; &gt;&gt; to=115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-00]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #17: responding<br>
&gt; &gt;&gt; to Main Mode<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #17: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #17:<br>
&gt; &gt;&gt; STATE_MAIN_R1: sent MR1, expecting MI2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #17:<br>
&gt; &gt;&gt; NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
&gt; &gt;&gt; detected<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #17: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #17:<br>
&gt; &gt;&gt; STATE_MAIN_R2: sent MR2, expecting MI3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #17: Main mode<br>
&gt; &gt;&gt; peer ID is ID_IPV4_ADDR: &#39;173.254.195.244&#39;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #17: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_R2 to state STATE_MAIN_R3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #17:<br>
&gt; &gt;&gt; STATE_MAIN_R3: sent MR3, ISAKMP SA established<br>
&gt; &gt;&gt; {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha<br>
&gt; &gt;&gt; group=modp2048}<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16: received<br>
&gt; &gt;&gt; Vendor ID payload [Openswan (this version) 2.6.38 ]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16: received<br>
&gt; &gt;&gt; Vendor ID payload [Dead Peer Detection]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16: received<br>
&gt; &gt;&gt; Vendor ID payload [RFC 3947] method set to=115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16: enabling<br>
&gt; &gt;&gt; possible NAT-traversal with method RFC 3947 (NAT-Traversal)<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_I1 to state STATE_MAIN_I2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16:<br>
&gt; &gt;&gt; STATE_MAIN_I2: sent MI2, expecting MR2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16:<br>
&gt; &gt;&gt; NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
&gt; &gt;&gt; detected<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16:<br>
&gt; &gt;&gt; STATE_MAIN_I3: sent MI3, expecting MR3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16: received<br>
&gt; &gt;&gt; Vendor ID payload [CAN-IKEv2]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16: Main mode<br>
&gt; &gt;&gt; peer ID is ID_IPV4_ADDR: &#39;173.254.195.244&#39;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_I3 to state STATE_MAIN_I4<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #16:<br>
&gt; &gt;&gt; STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY<br>
&gt; &gt;&gt; cipher=aes_128 prf=oakley_sha group=modp2048}<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:09:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: Informational Exchange is for an unknown (expired?)<br>
&gt; &gt;&gt; SA with MSGID:0xf86c4eb8<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:09:19 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #13: received<br>
&gt; &gt;&gt; Delete SA payload: deleting ISAKMP State #13<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:09:19 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received and ignored informational message<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:48:54 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19: initiating<br>
&gt; &gt;&gt; Main Mode to replace #16<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Openswan (this version)<br>
&gt; &gt;&gt; 2.6.38 ]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Dead Peer Detection]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [RFC 3947] method set<br>
&gt; &gt;&gt; to=115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-00]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #20: responding<br>
&gt; &gt;&gt; to Main Mode<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #20: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #20:<br>
&gt; &gt;&gt; STATE_MAIN_R1: sent MR1, expecting MI2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #20:<br>
&gt; &gt;&gt; NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
&gt; &gt;&gt; detected<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #20: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #20:<br>
&gt; &gt;&gt; STATE_MAIN_R2: sent MR2, expecting MI3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #20: Main mode<br>
&gt; &gt;&gt; peer ID is ID_IPV4_ADDR: &#39;173.254.195.244&#39;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #20: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_R2 to state STATE_MAIN_R3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #20:<br>
&gt; &gt;&gt; STATE_MAIN_R3: sent MR3, ISAKMP SA established<br>
&gt; &gt;&gt; {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha<br>
&gt; &gt;&gt; group=modp2048}<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19: received<br>
&gt; &gt;&gt; Vendor ID payload [Openswan (this version) 2.6.38 ]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19: received<br>
&gt; &gt;&gt; Vendor ID payload [Dead Peer Detection]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19: received<br>
&gt; &gt;&gt; Vendor ID payload [RFC 3947] method set to=115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19: enabling<br>
&gt; &gt;&gt; possible NAT-traversal with method RFC 3947 (NAT-Traversal)<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_I1 to state STATE_MAIN_I2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19:<br>
&gt; &gt;&gt; STATE_MAIN_I2: sent MI2, expecting MR2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19:<br>
&gt; &gt;&gt; NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
&gt; &gt;&gt; detected<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19:<br>
&gt; &gt;&gt; STATE_MAIN_I3: sent MI3, expecting MR3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19: received<br>
&gt; &gt;&gt; Vendor ID payload [CAN-IKEv2]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19: Main mode<br>
&gt; &gt;&gt; peer ID is ID_IPV4_ADDR: &#39;173.254.195.244&#39;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_I3 to state STATE_MAIN_I4<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: &quot;vps2&quot; #19:<br>
&gt; &gt;&gt; STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY<br>
&gt; &gt;&gt; cipher=aes_128 prf=oakley_sha group=modp2048}<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: Informational Exchange is for an unknown (expired?)<br>
&gt; &gt;&gt; SA with MSGID:0x4a2e1ab1<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 01:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
&gt; &gt;&gt; <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: Informational Exchange is for an unknown (expired?)<br>
&gt; &gt;&gt; SA with MSGID:0x999b390f<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Logs for VPS2:<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13: initiating<br>
&gt; &gt;&gt; Main Mode to replace #11<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13: received<br>
&gt; &gt;&gt; Vendor ID payload [Openswan (this version) 2.6.38 ]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13: received<br>
&gt; &gt;&gt; Vendor ID payload [Dead Peer Detection]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13: received<br>
&gt; &gt;&gt; Vendor ID payload [RFC 3947] method set to=115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13: enabling<br>
&gt; &gt;&gt; possible NAT-traversal with method RFC 3947 (NAT-Traversal)<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_I1 to state STATE_MAIN_I2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13:<br>
&gt; &gt;&gt; STATE_MAIN_I2: sent MI2, expecting MR2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13:<br>
&gt; &gt;&gt; NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
&gt; &gt;&gt; detected<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13:<br>
&gt; &gt;&gt; STATE_MAIN_I3: sent MI3, expecting MR3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13: received<br>
&gt; &gt;&gt; Vendor ID payload [CAN-IKEv2]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13: Main mode<br>
&gt; &gt;&gt; peer ID is ID_IPV4_ADDR: &#39;64.237.39.24&#39;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_I3 to state STATE_MAIN_I4<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #13:<br>
&gt; &gt;&gt; STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY<br>
&gt; &gt;&gt; cipher=aes_128 prf=oakley_sha group=modp2048}<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
&gt; &gt;&gt; <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload [Openswan (this version)<br>
&gt; &gt;&gt; 2.6.38 ]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
&gt; &gt;&gt; <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload [Dead Peer Detection]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
&gt; &gt;&gt; <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload [RFC 3947] method set<br>
&gt; &gt;&gt; to=115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
&gt; &gt;&gt; <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
&gt; &gt;&gt; <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
&gt; &gt;&gt; <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
&gt; &gt;&gt; <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload<br>
&gt; &gt;&gt; [draft-ietf-ipsec-nat-t-ike-00]<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #14: responding<br>
&gt; &gt;&gt; to Main Mode<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #14: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #14:<br>
&gt; &gt;&gt; STATE_MAIN_R1: sent MR1, expecting MI2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #14:<br>
&gt; &gt;&gt; NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
&gt; &gt;&gt; detected<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #14: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #14:<br>
&gt; &gt;&gt; STATE_MAIN_R2: sent MR2, expecting MI3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #14: Main mode<br>
&gt; &gt;&gt; peer ID is ID_IPV4_ADDR: &#39;64.237.39.24&#39;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #14: transition<br>
&gt; &gt;&gt; from state STATE_MAIN_R2 to state STATE_MAIN_R3<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: &quot;vps1&quot; #14:<br>
&gt; &gt;&gt; STATE_MAIN_R3: sent MR3, ISAKMP SA established<br>
&gt; &gt;&gt; {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha<br>
&gt; &gt;&gt; group=modp2048}<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Jun 27 00:09:34 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
&gt; &gt;&gt; <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: Informational Exchange is for an unknown (expired?) SA<br>
&gt; &gt;&gt; with MSGID:0xb8f1bbda<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; --<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; <a href="http://www.ariens.ca" target="_blank">www.ariens.ca</a><br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt;<br>
&gt; &gt;&gt; Informativa Privacy - Ai sensi del D. Lgs n. 196/2003 (Codice Privacy)<br>
&gt; &gt;&gt; precisiamo che le informazioni contenute in questo messaggio sono<br>
&gt; &gt;&gt; riservate e a uso esclusivo del destinatario. Ogni uso, copia o<br>
&gt; &gt;&gt; distribuzione non autorizzata è proibita e passibile di sanzioni ai<br>
&gt; &gt;&gt; termini di legge. Reitek non è responsabile di eventuali copie o<br>
&gt; &gt;&gt; distribuzioni non autorizzate. Se questo messaggio è stato ricevuto per<br>
&gt; &gt;&gt; errore, preghiamo gentilmente di eliminarlo e di informare il mittente.<br>
&gt; &gt;&gt; Grazie.<br>
&gt; &gt;<br>
&gt; &gt; --<br>
&gt; &gt; <a href="http://www.ariens.ca" target="_blank">www.ariens.ca</a><br>
</div></div>_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div><a href="http://www.ariens.ca" target="_blank">www.ariens.ca</a></div>
</div>