<div dir="ltr"><div><div><div></div>I checked my iptables on the two end points and I only had:<br><br>-A INPUT -s <a href="http://216.58.86.104/32">216.58.86.104/32</a> -i eth0 -p esp -j ACCEPT<br>-A INPUT -s <a href="http://216.58.86.104/32">216.58.86.104/32</a> -i eth0 -p udp -m udp --sport 500 --dport 500 -j ACCEPT<br>
-A INPUT -s <a href="http://216.58.86.104/32">216.58.86.104/32</a> -i eth0 -p udp -m udp --sport 4500 --dport 4500 -j ACCEPT<br><br></div><div>...which was for the original tunnel that's been working fine not the one between my two OpenSwan instances.<br>
</div><div><br></div>Adding the other end of the tunnel seems to have restored connectivity across the tunnel, although I don't see any logs from Pluto after I made the change.<br><br></div>How could the tunnel possibly have been established in the first place without allowing esp/500/4500? <br>
<div><div><br><br></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jun 27, 2013 at 3:46 PM, Neal Murphy <span dir="ltr"><<a href="mailto:neal.p.murphy@alum.wpi.edu" target="_blank">neal.p.murphy@alum.wpi.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It may be nothing, but why don't I see states QUICK_I1/R1/I2/R2? Possibly<br>
mismatched params between the two ends? (Unless you method doesn't use them.)<br>
<div><div class="h5"><br>
<br>
On Thursday, June 27, 2013 02:42:26 PM Dave Ariens wrote:<br>
> I spoke to soon... Nothing can traverse the tunnel.<br>
><br>
> Here's some logs for vps1 during the time that traffic stopped...<br>
><br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: initiating Main<br>
> Mode to replace #5<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: received Vendor<br>
> ID payload [Openswan (this version) 2.6.38 ]<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: received Vendor<br>
> ID payload [Dead Peer Detection]<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: received Vendor<br>
> ID payload [RFC 3947] method set to=115<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: enabling<br>
> possible NAT-traversal with method RFC 3947 (NAT-Traversal)<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: transition from<br>
> state STATE_MAIN_I1 to state STATE_MAIN_I2<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: STATE_MAIN_I2:<br>
> sent MI2, expecting MR2<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: NAT-Traversal:<br>
> Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: transition from<br>
> state STATE_MAIN_I2 to state STATE_MAIN_I3<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: STATE_MAIN_I3:<br>
> sent MI3, expecting MR3<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: received Vendor<br>
> ID payload [CAN-IKEv2]<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: Main mode peer<br>
> ID is ID_IPV4_ADDR: '173.254.195.244'<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: transition from<br>
> state STATE_MAIN_I3 to state STATE_MAIN_I4<br>
> Jun 27 13:46:39 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #8: STATE_MAIN_I4:<br>
> ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128<br>
> prf=oakley_sha group=modp2048}<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Openswan (this version)<br>
> 2.6.38 ]<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Dead Peer Detection]<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [RFC 3947] method set<br>
> to=115 Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> [draft-ietf-ipsec-nat-t-ike-00]<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #9: responding to<br>
> Main Mode<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #9: transition from<br>
> state STATE_MAIN_R0 to state STATE_MAIN_R1<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #9: STATE_MAIN_R1:<br>
> sent MR1, expecting MI2<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #9: NAT-Traversal:<br>
> Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT detected<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #9: transition from<br>
> state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #9: STATE_MAIN_R2:<br>
> sent MR2, expecting MI3<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #9: Main mode peer<br>
> ID is ID_IPV4_ADDR: '173.254.195.244'<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #9: transition from<br>
> state STATE_MAIN_R2 to state STATE_MAIN_R3<br>
> Jun 27 13:47:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #9: STATE_MAIN_R3:<br>
> sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128<br>
> prf=oakley_sha group=modp2048}<br>
> Jun 27 13:51:04 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: Informational Exchange is for an unknown (expired?) SA<br>
> with MSGID:0x58fb6264<br>
> Jun 27 13:51:09 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: "vps2" #5: received Delete<br>
> SA payload: deleting ISAKMP State #5<br>
> Jun 27 13:51:09 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[32576]: packet from<br>
> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received and ignored informational message<br>
><br>
> On Thu, Jun 27, 2013 at 2:04 PM, Dave Ariens <<a href="mailto:dave@ariens.ca">dave@ariens.ca</a>> wrote:<br>
> > So far so good. After applying the rekeys=yes to the connections, I<br>
> > restarted (systemctl restart openswan) yet the problem seemed to recur<br>
> > twice. I then performed an ipsec auto --delete vps1/2 respectively, then<br>
> > an add, then a restart--and it's been fine since. Looking into the<br>
> > systemd scripts, it looks like a restart is a stop then a start (ipsec<br>
> > _realsetup then stop ipsec _realsetup start).<br>
> ><br>
> > Could there be any artifacts of the previously established tunnel around<br>
> > _somehow_? There's lots I don't understand about IPsec but can you<br>
> > enlighten me about what's going on?<br>
> ><br>
> > On Thu, Jun 27, 2013 at 11:35 AM, <<a href="mailto:dave@ariens.ca">dave@ariens.ca</a>> wrote:<br>
> >> I will give that a shot. When I read up on it I understood that it was<br>
> >> defaulted to 'yes'.<br>
> >><br>
> >> Thanks<br>
> >><br>
> >> <a href="http://www.ariens.ca" target="_blank">www.ariens.ca</a><br>
> >><br>
</div></div>> >> *From: *Giovanni Carbone<br>
> >><br>
> >> *Sent: *Thursday, June 27, 2013 11:20 AM<br>
> >> *To: *Dave Ariens; <a href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br>
> >> *Subject: *RE: [Openswan Users] Established Tunnel Not Passing Traffic<br>
<div class="im">> >><br>
> >> Try adding “rekey=yes” in the conn(s).<br>
> >><br>
> >> Example:<br>
> >><br>
> >><br>
> >><br>
> >> conn vps1<br>
> >><br>
> >> authby=secret<br>
> >><br>
> >> left=173.254.195.244<br>
> >><br>
> >> leftsourceip=192.168.200.10<br>
> >><br>
> >> leftsubnet=<a href="http://192.168.200.10/32" target="_blank">192.168.200.10/32</a><br>
> >><br>
> >> right=64.237.39.24<br>
> >><br>
> >> rightsubnet=<a href="http://192.168.100.10/32" target="_blank">192.168.100.10/32</a><br>
> >><br>
> >> auto=start<br>
> >><br>
> >> rekey=yes<br>
> >><br>
</div>> >> *From:* <a href="mailto:users-bounces@lists.openswan.org">users-bounces@lists.openswan.org</a> [mailto:<br>
> >> <a href="mailto:users-bounces@lists.openswan.org">users-bounces@lists.openswan.org</a>] *On Behalf Of *Dave Ariens<br>
> >> *Sent:* Thursday, June 27, 2013 4:26 PM<br>
> >> *To:* <a href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br>
> >> *Subject:* [Openswan Users] Established Tunnel Not Passing Traffic<br>
<div class="im">> >><br>
> >><br>
> >><br>
> >> Hey there guys (first time posting),<br>
> >><br>
> >> I have two servers (VPS) one on the US east coast, another on US west<br>
> >> coast. They both have an IPsec tunnel to my Juniper SRX firewall (on my<br>
> >> home network in Ontario, Canada). This tunnel is rock solid and I never<br>
> >> have any issues with it.<br>
> >><br>
> >> I'm trying to configure an OpenSwan IPsec tunnel between the two VMs,<br>
> >> and it's up and running, I can ping through the tunnel, but some time<br>
> >> afterwards, traffic is unable to pass (tunnel remains established).<br>
> >><br>
> >> This is really just a plain vanilla OpenSwan to OpenSwan implementation,<br>
> >> below are some config details, and some logs.<br>
> >><br>
> >> Can anyone help me identify why the tunnel stops passing traffic after<br>
> >> some time < 15 minutes. I know the traffic stopped shortly after<br>
> >> midnight this morning (see logs below)<br>
> >><br>
> >><br>
> >><br>
> >> [ariens@vps1 ~]$ pacman -Qs openswan<br>
> >><br>
> >> local/openswan 2.6.38-1<br>
> >><br>
> >> Open Source implementation of IPsec for the Linux operating system<br>
> >><br>
> >> VPS2:/etc/ipsec.conf<br>
> >><br>
> >><br>
> >><br>
> >> version 2.0<br>
> >><br>
> >> config setup<br>
> >><br>
> >> dumpdir=/var/run/pluto/<br>
> >><br>
> >> nat_traversal=yes<br>
> >><br>
> >> virtual_private=%v4:<br>
> >> <a href="http://10.0.0.0/8,%v4:!192.168.200.0/24,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v" target="_blank">10.0.0.0/8,%v4:!192.168.200.0/24,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v</a><br>
</div>> >> 4:<a href="http://25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10" target="_blank">25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a><<a href="http://10.0.0.0/8,%25v4:%21192.1" target="_blank">http://10.0.0.0/8,%25v4:%21192.1</a><br>
> >> 68.200.0/24,%25v4:<a href="http://192.168.0.0/16,%25v4:172.16.0.0/12,%25v4:25.0.0.0/8,%2" target="_blank">192.168.0.0/16,%25v4:172.16.0.0/12,%25v4:25.0.0.0/8,%2</a><br>
> >> 5v6:fd00::/8,%25v6:fe80::/10><br>
<div><div class="h5">> >><br>
> >> oe=off<br>
> >><br>
> >> protostack=netkey<br>
> >><br>
> >> conn <a href="http://home.ariens.ca" target="_blank">home.ariens.ca</a><br>
> >><br>
> >> authby=secret<br>
> >><br>
> >> left=173.254.195.244<br>
> >><br>
> >> leftsourceip=192.168.200.10<br>
> >><br>
> >> leftsubnet=0/0<br>
> >><br>
> >> right=<a href="tel:216.58.86.104" value="+12165886104">216.58.86.104</a><br>
> >><br>
> >> rightsubnet=<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a><br>
> >><br>
> >> auto=start<br>
> >><br>
> >> conn vps1<br>
> >><br>
> >> authby=secret<br>
> >><br>
> >> left=173.254.195.244<br>
> >><br>
> >> leftsourceip=192.168.200.10<br>
> >><br>
> >> leftsubnet=<a href="http://192.168.200.10/32" target="_blank">192.168.200.10/32</a><br>
> >><br>
> >> right=64.237.39.24<br>
> >><br>
> >> rightsubnet=<a href="http://192.168.100.10/32" target="_blank">192.168.100.10/32</a><br>
> >><br>
> >> auto=start<br>
> >><br>
> >> VPS1:/etc/ipsec.conf<br>
> >><br>
> >><br>
> >><br>
> >> version 2.0<br>
> >><br>
> >><br>
> >><br>
> >> config setup<br>
> >><br>
> >> dumpdir=/var/run/pluto/<br>
> >><br>
> >> nat_traversal=yes<br>
> >><br>
> >> virtual_private=%v4:<br>
> >> <a href="http://10.0.0.0/8,%v4:!192.168.100.0/24,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v" target="_blank">10.0.0.0/8,%v4:!192.168.100.0/24,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v</a><br>
</div></div>> >> 4:<a href="http://25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10" target="_blank">25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a><<a href="http://10.0.0.0/8,%25v4:%21192.1" target="_blank">http://10.0.0.0/8,%25v4:%21192.1</a><br>
> >> 68.100.0/24,%25v4:<a href="http://192.168.0.0/16,%25v4:172.16.0.0/12,%25v4:25.0.0.0/8,%2" target="_blank">192.168.0.0/16,%25v4:172.16.0.0/12,%25v4:25.0.0.0/8,%2</a><br>
> >> 5v6:fd00::/8,%25v6:fe80::/10><br>
<div><div class="h5">> >><br>
> >> oe=off<br>
> >><br>
> >> protostack=netkey<br>
> >><br>
> >> conn <a href="http://home.ariens.ca" target="_blank">home.ariens.ca</a><br>
> >><br>
> >> authby=secret<br>
> >><br>
> >> left=64.237.39.24<br>
> >><br>
> >> leftsourceip=192.168.100.10<br>
> >><br>
> >> leftsubnet=0/0<br>
> >><br>
> >> right=<a href="tel:216.58.86.104" value="+12165886104">216.58.86.104</a><br>
> >><br>
> >> rightsubnet=<a href="http://10.0.0.0/8" target="_blank">10.0.0.0/8</a><br>
> >><br>
> >> auto=start<br>
> >><br>
> >> conn vps2<br>
> >><br>
> >> authby=secret<br>
> >><br>
> >> left=64.237.39.24<br>
> >><br>
> >> leftsourceip=192.168.100.10<br>
> >><br>
> >> leftsubnet=<a href="http://192.168.100.10/32" target="_blank">192.168.100.10/32</a><br>
> >><br>
> >> right=173.254.195.244<br>
> >><br>
> >> rightsubnet=<a href="http://192.168.200.10/32" target="_blank">192.168.200.10/32</a><br>
> >><br>
> >> auto=start<br>
> >><br>
> >> Logs from VPS1:<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Openswan (this version)<br>
> >> 2.6.38 ]<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Dead Peer Detection]<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [RFC 3947] method set<br>
> >> to=115<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-00]<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #17: responding<br>
> >> to Main Mode<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #17: transition<br>
> >> from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #17:<br>
> >> STATE_MAIN_R1: sent MR1, expecting MI2<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #17:<br>
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
> >> detected<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #17: transition<br>
> >> from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #17:<br>
> >> STATE_MAIN_R2: sent MR2, expecting MI3<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #17: Main mode<br>
> >> peer ID is ID_IPV4_ADDR: '173.254.195.244'<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #17: transition<br>
> >> from state STATE_MAIN_R2 to state STATE_MAIN_R3<br>
> >><br>
> >> Jun 27 00:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #17:<br>
> >> STATE_MAIN_R3: sent MR3, ISAKMP SA established<br>
> >> {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha<br>
> >> group=modp2048}<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16: received<br>
> >> Vendor ID payload [Openswan (this version) 2.6.38 ]<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16: received<br>
> >> Vendor ID payload [Dead Peer Detection]<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16: received<br>
> >> Vendor ID payload [RFC 3947] method set to=115<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16: enabling<br>
> >> possible NAT-traversal with method RFC 3947 (NAT-Traversal)<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16: transition<br>
> >> from state STATE_MAIN_I1 to state STATE_MAIN_I2<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16:<br>
> >> STATE_MAIN_I2: sent MI2, expecting MR2<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16:<br>
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
> >> detected<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16: transition<br>
> >> from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16:<br>
> >> STATE_MAIN_I3: sent MI3, expecting MR3<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16: received<br>
> >> Vendor ID payload [CAN-IKEv2]<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16: Main mode<br>
> >> peer ID is ID_IPV4_ADDR: '173.254.195.244'<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16: transition<br>
> >> from state STATE_MAIN_I3 to state STATE_MAIN_I4<br>
> >><br>
> >> Jun 27 00:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #16:<br>
> >> STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY<br>
> >> cipher=aes_128 prf=oakley_sha group=modp2048}<br>
> >><br>
> >> Jun 27 00:09:01 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: Informational Exchange is for an unknown (expired?)<br>
> >> SA with MSGID:0xf86c4eb8<br>
> >><br>
> >> Jun 27 00:09:19 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #13: received<br>
> >> Delete SA payload: deleting ISAKMP State #13<br>
> >><br>
> >> Jun 27 00:09:19 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received and ignored informational message<br>
> >><br>
> >> Jun 27 00:48:54 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19: initiating<br>
> >> Main Mode to replace #16<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Openswan (this version)<br>
> >> 2.6.38 ]<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [Dead Peer Detection]<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload [RFC 3947] method set<br>
> >> to=115<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-00]<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #20: responding<br>
> >> to Main Mode<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #20: transition<br>
> >> from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #20:<br>
> >> STATE_MAIN_R1: sent MR1, expecting MI2<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #20:<br>
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
> >> detected<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #20: transition<br>
> >> from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #20:<br>
> >> STATE_MAIN_R2: sent MR2, expecting MI3<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #20: Main mode<br>
> >> peer ID is ID_IPV4_ADDR: '173.254.195.244'<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #20: transition<br>
> >> from state STATE_MAIN_R2 to state STATE_MAIN_R3<br>
> >><br>
> >> Jun 27 01:00:57 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #20:<br>
> >> STATE_MAIN_R3: sent MR3, ISAKMP SA established<br>
> >> {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha<br>
> >> group=modp2048}<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19: received<br>
> >> Vendor ID payload [Openswan (this version) 2.6.38 ]<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19: received<br>
> >> Vendor ID payload [Dead Peer Detection]<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19: received<br>
> >> Vendor ID payload [RFC 3947] method set to=115<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19: enabling<br>
> >> possible NAT-traversal with method RFC 3947 (NAT-Traversal)<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19: transition<br>
> >> from state STATE_MAIN_I1 to state STATE_MAIN_I2<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19:<br>
> >> STATE_MAIN_I2: sent MI2, expecting MR2<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19:<br>
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
> >> detected<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19: transition<br>
> >> from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19:<br>
> >> STATE_MAIN_I3: sent MI3, expecting MR3<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19: received<br>
> >> Vendor ID payload [CAN-IKEv2]<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19: Main mode<br>
> >> peer ID is ID_IPV4_ADDR: '173.254.195.244'<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19: transition<br>
> >> from state STATE_MAIN_I3 to state STATE_MAIN_I4<br>
> >><br>
> >> Jun 27 01:01:24 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: "vps2" #19:<br>
> >> STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY<br>
> >> cipher=aes_128 prf=oakley_sha group=modp2048}<br>
> >><br>
> >> Jun 27 01:04:49 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: Informational Exchange is for an unknown (expired?)<br>
> >> SA with MSGID:0x4a2e1ab1<br>
> >><br>
> >> Jun 27 01:05:27 <a href="http://vps1.layerzero.ca" target="_blank">vps1.layerzero.ca</a> pluto[28819]: packet from<br>
> >> <a href="http://173.254.195.244:500" target="_blank">173.254.195.244:500</a>: Informational Exchange is for an unknown (expired?)<br>
> >> SA with MSGID:0x999b390f<br>
> >><br>
> >> Logs for VPS2:<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13: initiating<br>
> >> Main Mode to replace #11<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13: received<br>
> >> Vendor ID payload [Openswan (this version) 2.6.38 ]<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13: received<br>
> >> Vendor ID payload [Dead Peer Detection]<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13: received<br>
> >> Vendor ID payload [RFC 3947] method set to=115<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13: enabling<br>
> >> possible NAT-traversal with method RFC 3947 (NAT-Traversal)<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13: transition<br>
> >> from state STATE_MAIN_I1 to state STATE_MAIN_I2<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13:<br>
> >> STATE_MAIN_I2: sent MI2, expecting MR2<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13:<br>
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
> >> detected<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13: transition<br>
> >> from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13:<br>
> >> STATE_MAIN_I3: sent MI3, expecting MR3<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13: received<br>
> >> Vendor ID payload [CAN-IKEv2]<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13: Main mode<br>
> >> peer ID is ID_IPV4_ADDR: '64.237.39.24'<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13: transition<br>
> >> from state STATE_MAIN_I3 to state STATE_MAIN_I4<br>
> >><br>
> >> Jun 27 00:05:04 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #13:<br>
> >> STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY<br>
> >> cipher=aes_128 prf=oakley_sha group=modp2048}<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
> >> <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload [Openswan (this version)<br>
> >> 2.6.38 ]<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
> >> <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload [Dead Peer Detection]<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
> >> <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload [RFC 3947] method set<br>
> >> to=115<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
> >> <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 115<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
> >> <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 115<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
> >> <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 115<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
> >> <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: received Vendor ID payload<br>
> >> [draft-ietf-ipsec-nat-t-ike-00]<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #14: responding<br>
> >> to Main Mode<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #14: transition<br>
> >> from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #14:<br>
> >> STATE_MAIN_R1: sent MR1, expecting MI2<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #14:<br>
> >> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): no NAT<br>
> >> detected<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #14: transition<br>
> >> from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #14:<br>
> >> STATE_MAIN_R2: sent MR2, expecting MI3<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #14: Main mode<br>
> >> peer ID is ID_IPV4_ADDR: '64.237.39.24'<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #14: transition<br>
> >> from state STATE_MAIN_R2 to state STATE_MAIN_R3<br>
> >><br>
> >> Jun 27 00:05:42 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: "vps1" #14:<br>
> >> STATE_MAIN_R3: sent MR3, ISAKMP SA established<br>
> >> {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha<br>
> >> group=modp2048}<br>
> >><br>
> >> Jun 27 00:09:34 <a href="http://vps2.layerzero.ca" target="_blank">vps2.layerzero.ca</a> pluto[29906]: packet from<br>
> >> <a href="http://64.237.39.24:500" target="_blank">64.237.39.24:500</a>: Informational Exchange is for an unknown (expired?) SA<br>
> >> with MSGID:0xb8f1bbda<br>
> >><br>
> >><br>
> >><br>
> >><br>
> >><br>
> >><br>
> >><br>
> >> --<br>
> >><br>
> >> <a href="http://www.ariens.ca" target="_blank">www.ariens.ca</a><br>
> >><br>
> >><br>
> >><br>
> >><br>
> >> Informativa Privacy - Ai sensi del D. Lgs n. 196/2003 (Codice Privacy)<br>
> >> precisiamo che le informazioni contenute in questo messaggio sono<br>
> >> riservate e a uso esclusivo del destinatario. Ogni uso, copia o<br>
> >> distribuzione non autorizzata è proibita e passibile di sanzioni ai<br>
> >> termini di legge. Reitek non è responsabile di eventuali copie o<br>
> >> distribuzioni non autorizzate. Se questo messaggio è stato ricevuto per<br>
> >> errore, preghiamo gentilmente di eliminarlo e di informare il mittente.<br>
> >> Grazie.<br>
> ><br>
> > --<br>
> > <a href="http://www.ariens.ca" target="_blank">www.ariens.ca</a><br>
</div></div>_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div><a href="http://www.ariens.ca" target="_blank">www.ariens.ca</a></div>
</div>